From de5353440df765493f8f7837e2761c8be23159b3 Mon Sep 17 00:00:00 2001 From: Adam Dyess Date: Fri, 13 Sep 2024 18:35:25 -0500 Subject: [PATCH 001/122] Auto-update components in release-1.31 branch (#668) --- .github/workflows/update-components.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/update-components.yaml b/.github/workflows/update-components.yaml index e46bd55df..7f9e43745 100644 --- a/.github/workflows/update-components.yaml +++ b/.github/workflows/update-components.yaml @@ -21,6 +21,7 @@ jobs: # Keep main branch up to date - main # Supported stable release branches + - release-1.31 - release-1.30 steps: From 72808cdbfa1d8879fd79b449dfc80fa13c9721cc Mon Sep 17 00:00:00 2001 From: Kevin W Monroe Date: Sat, 14 Sep 2024 10:27:40 -0500 Subject: [PATCH 002/122] use lxd 5.21/stable snap (#670) --- .github/workflows/nightly-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nightly-test.yaml b/.github/workflows/nightly-test.yaml index 915d6c3f3..cd661474f 100644 --- a/.github/workflows/nightly-test.yaml +++ b/.github/workflows/nightly-test.yaml @@ -31,7 +31,7 @@ jobs: pip3 install tox==4.13 - name: Install lxd run: | - sudo snap refresh lxd --channel 5.19/stable + sudo snap refresh lxd --channel 5.21/stable sudo lxd init --auto sudo usermod --append --groups lxd $USER sg lxd -c 'lxc version' From 522a16194d262b07d2de55fe4726bfe121f941bd Mon Sep 17 00:00:00 2001 From: Homayoon Alimohammadi Date: Mon, 16 Sep 2024 13:31:22 +0400 Subject: [PATCH 003/122] Add unit tests for local storage (#665) --- src/k8s/pkg/k8sd/features/localpv/chart.go | 8 +- src/k8s/pkg/k8sd/features/localpv/localpv.go | 14 +- .../pkg/k8sd/features/localpv/localpv_test.go | 155 ++++++++++++++++++ src/k8s/pkg/k8sd/features/localpv/register.go | 2 +- 4 files changed, 167 insertions(+), 12 deletions(-) create mode 100644 src/k8s/pkg/k8sd/features/localpv/localpv_test.go diff --git a/src/k8s/pkg/k8sd/features/localpv/chart.go b/src/k8s/pkg/k8sd/features/localpv/chart.go index 5a655fc57..8dd2248af 100644 --- a/src/k8s/pkg/k8sd/features/localpv/chart.go +++ b/src/k8s/pkg/k8sd/features/localpv/chart.go @@ -7,8 +7,8 @@ import ( ) var ( - // chart represents manifests to deploy Rawfile LocalPV CSI. - chart = helm.InstallableChart{ + // Chart represents manifests to deploy Rawfile LocalPV CSI. + Chart = helm.InstallableChart{ Name: "ck-storage", Namespace: "kube-system", ManifestPath: filepath.Join("charts", "rawfile-csi-0.9.0.tgz"), @@ -16,8 +16,8 @@ var ( // imageRepo is the repository to use for Rawfile LocalPV CSI. imageRepo = "ghcr.io/canonical/rawfile-localpv" - // imageTag is the image tag to use for Rawfile LocalPV CSI. - imageTag = "0.8.0-ck4" + // ImageTag is the image tag to use for Rawfile LocalPV CSI. + ImageTag = "0.8.0-ck4" // csiNodeDriverImage is the image to use for the CSI node driver. csiNodeDriverImage = "ghcr.io/canonical/k8s-snap/sig-storage/csi-node-driver-registrar:v2.10.1" diff --git a/src/k8s/pkg/k8sd/features/localpv/localpv.go b/src/k8s/pkg/k8sd/features/localpv/localpv.go index bd812b443..8555ff088 100644 --- a/src/k8s/pkg/k8sd/features/localpv/localpv.go +++ b/src/k8s/pkg/k8sd/features/localpv/localpv.go @@ -38,13 +38,13 @@ func ApplyLocalStorage(ctx context.Context, snap snap.Snap, cfg types.LocalStora "csiDriverArgs": []string{"--args", "rawfile", "csi-driver", "--disable-metrics"}, "image": map[string]any{ "repository": imageRepo, - "tag": imageTag, + "tag": ImageTag, }, }, "node": map[string]any{ "image": map[string]any{ "repository": imageRepo, - "tag": imageTag, + "tag": ImageTag, }, "storage": map[string]any{ "path": cfg.GetLocalPath(), @@ -58,19 +58,19 @@ func ApplyLocalStorage(ctx context.Context, snap snap.Snap, cfg types.LocalStora }, } - if _, err := m.Apply(ctx, chart, helm.StatePresentOrDeleted(cfg.GetEnabled()), values); err != nil { + if _, err := m.Apply(ctx, Chart, helm.StatePresentOrDeleted(cfg.GetEnabled()), values); err != nil { if cfg.GetEnabled() { err = fmt.Errorf("failed to install rawfile-csi helm package: %w", err) return types.FeatureStatus{ Enabled: false, - Version: imageTag, + Version: ImageTag, Message: fmt.Sprintf(deployFailedMsgTmpl, err), }, err } else { err = fmt.Errorf("failed to delete rawfile-csi helm package: %w", err) return types.FeatureStatus{ Enabled: false, - Version: imageTag, + Version: ImageTag, Message: fmt.Sprintf(deleteFailedMsgTmpl, err), }, err } @@ -79,13 +79,13 @@ func ApplyLocalStorage(ctx context.Context, snap snap.Snap, cfg types.LocalStora if cfg.GetEnabled() { return types.FeatureStatus{ Enabled: true, - Version: imageTag, + Version: ImageTag, Message: fmt.Sprintf(enabledMsg, cfg.GetLocalPath()), }, nil } else { return types.FeatureStatus{ Enabled: false, - Version: imageTag, + Version: ImageTag, Message: disabledMsg, }, nil } diff --git a/src/k8s/pkg/k8sd/features/localpv/localpv_test.go b/src/k8s/pkg/k8sd/features/localpv/localpv_test.go new file mode 100644 index 000000000..783422cbd --- /dev/null +++ b/src/k8s/pkg/k8sd/features/localpv/localpv_test.go @@ -0,0 +1,155 @@ +package localpv_test + +import ( + "context" + "errors" + "testing" + + . "github.com/onsi/gomega" + "k8s.io/utils/ptr" + + "github.com/canonical/k8s/pkg/client/helm" + helmmock "github.com/canonical/k8s/pkg/client/helm/mock" + "github.com/canonical/k8s/pkg/k8sd/features/localpv" + "github.com/canonical/k8s/pkg/k8sd/types" + snapmock "github.com/canonical/k8s/pkg/snap/mock" +) + +func TestDisabled(t *testing.T) { + t.Run("HelmApplyFails", func(t *testing.T) { + g := NewWithT(t) + + applyErr := errors.New("failed to apply") + helmM := &helmmock.Mock{ + ApplyErr: applyErr, + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + cfg := types.LocalStorage{ + Enabled: ptr.To(false), + Default: ptr.To(true), + ReclaimPolicy: ptr.To("reclaim-policy"), + LocalPath: ptr.To("local-path"), + } + + status, err := localpv.ApplyLocalStorage(context.Background(), snapM, cfg, nil) + + g.Expect(err).To(MatchError(applyErr)) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Message).To(ContainSubstring(applyErr.Error())) + g.Expect(status.Version).To(Equal(localpv.ImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + + callArgs := helmM.ApplyCalledWith[0] + g.Expect(callArgs.Chart).To(Equal(localpv.Chart)) + g.Expect(callArgs.State).To(Equal(helm.StateDeleted)) + + validateValues(g, callArgs.Values, cfg) + }) + t.Run("Success", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + cfg := types.LocalStorage{ + Enabled: ptr.To(false), + Default: ptr.To(true), + ReclaimPolicy: ptr.To("reclaim-policy"), + LocalPath: ptr.To("local-path"), + } + + status, err := localpv.ApplyLocalStorage(context.Background(), snapM, cfg, nil) + + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(localpv.ImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + + callArgs := helmM.ApplyCalledWith[0] + g.Expect(callArgs.Chart).To(Equal(localpv.Chart)) + g.Expect(callArgs.State).To(Equal(helm.StateDeleted)) + + validateValues(g, callArgs.Values, cfg) + }) +} + +func TestEnabled(t *testing.T) { + t.Run("HelmApplyFails", func(t *testing.T) { + g := NewWithT(t) + + applyErr := errors.New("failed to apply") + helmM := &helmmock.Mock{ + ApplyErr: applyErr, + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + cfg := types.LocalStorage{ + Enabled: ptr.To(true), + Default: ptr.To(true), + ReclaimPolicy: ptr.To("reclaim-policy"), + LocalPath: ptr.To("local-path"), + } + + status, err := localpv.ApplyLocalStorage(context.Background(), snapM, cfg, nil) + + g.Expect(err).To(MatchError(applyErr)) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Message).To(ContainSubstring(applyErr.Error())) + g.Expect(status.Version).To(Equal(localpv.ImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + + callArgs := helmM.ApplyCalledWith[0] + g.Expect(callArgs.Chart).To(Equal(localpv.Chart)) + g.Expect(callArgs.State).To(Equal(helm.StatePresent)) + + validateValues(g, callArgs.Values, cfg) + }) + t.Run("Success", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + cfg := types.LocalStorage{ + Enabled: ptr.To(true), + Default: ptr.To(true), + ReclaimPolicy: ptr.To("reclaim-policy"), + LocalPath: ptr.To("local-path"), + } + + status, err := localpv.ApplyLocalStorage(context.Background(), snapM, cfg, nil) + + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(status.Enabled).To(BeTrue()) + g.Expect(status.Version).To(Equal(localpv.ImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + + callArgs := helmM.ApplyCalledWith[0] + g.Expect(callArgs.Chart).To(Equal(localpv.Chart)) + g.Expect(callArgs.State).To(Equal(helm.StatePresent)) + + validateValues(g, callArgs.Values, cfg) + }) +} + +func validateValues(g Gomega, values map[string]any, cfg types.LocalStorage) { + sc := values["storageClass"].(map[string]any) + g.Expect(sc["isDefault"]).To(Equal(cfg.GetDefault())) + g.Expect(sc["reclaimPolicy"]).To(Equal(cfg.GetReclaimPolicy())) + + storage := values["node"].(map[string]any)["storage"].(map[string]any) + g.Expect(storage["path"]).To(Equal(cfg.GetLocalPath())) +} diff --git a/src/k8s/pkg/k8sd/features/localpv/register.go b/src/k8s/pkg/k8sd/features/localpv/register.go index b9f5f644b..084f6a40b 100644 --- a/src/k8s/pkg/k8sd/features/localpv/register.go +++ b/src/k8s/pkg/k8sd/features/localpv/register.go @@ -9,7 +9,7 @@ import ( func init() { images.Register( // Rawfile LocalPV CSI driver images - fmt.Sprintf("%s:%s", imageRepo, imageTag), + fmt.Sprintf("%s:%s", imageRepo, ImageTag), // CSI images csiNodeDriverImage, csiProvisionerImage, From a47d3429be01e65cc4be8344bc86586b90467575 Mon Sep 17 00:00:00 2001 From: Lucian Petrut Date: Mon, 16 Sep 2024 13:56:30 +0300 Subject: [PATCH 004/122] k8sd cluster-recover: add non-interactive mode (#662) At the moment, the "k8sd cluster-recover" displays interactive prompts and text editors that assist the user in updating the dqlite configuration. We need to be able to run the command non-interactively in order to automate the cluster recovery procedure. This change adds a "--non-interactive" flag. If set, we'll no longer show confirmation prompts and we'll assume that the configuration files have already been updated, proceeding with the dqlite recovery. --- docs/src/snap/howto/restore-quorum.md | 74 +++++--- src/k8s/cmd/k8sd/k8sd_cluster_recover.go | 232 +++++++++++++---------- 2 files changed, 183 insertions(+), 123 deletions(-) diff --git a/docs/src/snap/howto/restore-quorum.md b/docs/src/snap/howto/restore-quorum.md index aeb15b721..99a8c4e8b 100755 --- a/docs/src/snap/howto/restore-quorum.md +++ b/docs/src/snap/howto/restore-quorum.md @@ -1,9 +1,9 @@ # Recovering a Cluster After Quorum Loss Highly available {{product}} clusters can survive losing one or more -nodes. [Dqlite], the default datastore, implements a [Raft] based protocol where -an elected leader holds the definitive copy of the database, which is then -replicated on two or more secondary nodes. +nodes. [Dqlite], the default datastore, implements a [Raft] based protocol +where an elected leader holds the definitive copy of the database, which is +then replicated on two or more secondary nodes. When the a majority of the nodes are lost, the cluster becomes unavailable. If at least one database node survived, the cluster can be recovered using the @@ -64,8 +64,8 @@ sudo snap stop k8s ## Recover the Database -Choose one of the remaining alive cluster nodes that has the most recent version -of the Raft log. +Choose one of the remaining alive cluster nodes that has the most recent +version of the Raft log. Update the ``cluster.yaml`` files, changing the role of the lost nodes to "spare" (2). Additionally, double check the addresses and IDs specified in @@ -73,7 +73,8 @@ Update the ``cluster.yaml`` files, changing the role of the lost nodes to files were moved across nodes. The following command guides us through the recovery process, prompting a text -editor with informative inline comments for each of the dqlite configuration files. +editor with informative inline comments for each of the dqlite configuration +files. ``` sudo /snap/k8s/current/bin/k8sd cluster-recover \ @@ -82,29 +83,40 @@ sudo /snap/k8s/current/bin/k8sd cluster-recover \ --log-level 0 ``` -Please adjust the log level for additional debug messages by increasing its value. -The command creates database backups before making any changes. +Please adjust the log level for additional debug messages by increasing its +value. The command creates database backups before making any changes. -The above command will reconfigure the Raft members and create recovery tarballs -that are used to restore the lost nodes, once the Dqlite configuration is updated. +The above command will reconfigure the Raft members and create recovery +tarballs that are used to restore the lost nodes, once the Dqlite +configuration is updated. ```{note} -By default, the command will recover both Dqlite databases. If one of the databases -needs to be skipped, use the ``--skip-k8sd`` or ``--skip-k8s-dqlite`` flags. -This can be useful when using an external Etcd database. +By default, the command will recover both Dqlite databases. If one of the +databases needs to be skipped, use the ``--skip-k8sd`` or ``--skip-k8s-dqlite`` +flags. This can be useful when using an external Etcd database. ``` -Once the "cluster-recover" command completes, restart the k8s services on the node: +```{note} +Non-interactive mode can be requested using the ``--non-interactive`` flag. +In this case, no interactive prompts or text editors will be displayed and +the command will assume that the configuration files have already been updated. + +This allows automating the recovery procedure. +``` + +Once the "cluster-recover" command completes, restart the k8s services on the +node: ``` sudo snap start k8s ``` -Ensure that the services started successfully by using ``sudo snap services k8s``. -Use ``k8s status --wait-ready`` to wait for the cluster to become ready. +Ensure that the services started successfully by using +``sudo snap services k8s``. Use ``k8s status --wait-ready`` to wait for the +cluster to become ready. -You may notice that we have not returned to an HA cluster yet: ``high availability: no``. -This is expected as we need to recover +You may notice that we have not returned to an HA cluster yet: +``high availability: no``. This is expected as we need to recover ## Recover the remaining nodes @@ -113,28 +125,34 @@ nodes. For k8sd, copy ``recovery_db.tar.gz`` to ``/var/snap/k8s/common/var/lib/k8sd/state/recovery_db.tar.gz``. When the k8sd -service starts, it will load the archive and perform the necessary recovery steps. +service starts, it will load the archive and perform the necessary recovery +steps. The k8s-dqlite archive needs to be extracted manually. First, create a backup of the current k8s-dqlite state directory: ``` -sudo mv /var/snap/k8s/common/var/lib/k8s-dqlite /var/snap/k8s/common/var/lib/k8s-dqlite.bkp +sudo mv /var/snap/k8s/common/var/lib/k8s-dqlite \ + /var/snap/k8s/common/var/lib/k8s-dqlite.bkp ``` Then, extract the backup archive: ``` sudo mkdir /var/snap/k8s/common/var/lib/k8s-dqlite -sudo tar xf recovery-k8s-dqlite-$timestamp-post-recovery.tar.gz -C /var/snap/k8s/common/var/lib/k8s-dqlite +sudo tar xf recovery-k8s-dqlite-$timestamp-post-recovery.tar.gz \ + -C /var/snap/k8s/common/var/lib/k8s-dqlite ``` Node specific files need to be copied back to the k8s-dqlite state dir: ``` -sudo cp /var/snap/k8s/common/var/lib/k8s-dqlite.bkp/cluster.crt /var/snap/k8s/common/var/lib/k8s-dqlite -sudo cp /var/snap/k8s/common/var/lib/k8s-dqlite.bkp/cluster.key /var/snap/k8s/common/var/lib/k8s-dqlite -sudo cp /var/snap/k8s/common/var/lib/k8s-dqlite.bkp/info.yaml /var/snap/k8s/common/var/lib/k8s-dqlite +sudo cp /var/snap/k8s/common/var/lib/k8s-dqlite.bkp/cluster.crt \ + /var/snap/k8s/common/var/lib/k8s-dqlite +sudo cp /var/snap/k8s/common/var/lib/k8s-dqlite.bkp/cluster.key \ + /var/snap/k8s/common/var/lib/k8s-dqlite +sudo cp /var/snap/k8s/common/var/lib/k8s-dqlite.bkp/info.yaml \ + /var/snap/k8s/common/var/lib/k8s-dqlite ``` Once these steps are completed, restart the k8s services: @@ -143,13 +161,15 @@ Once these steps are completed, restart the k8s services: sudo snap start k8s ``` -Repeat these steps for all remaining nodes. Once a quorum is achieved, the cluster -will be reported as "highly available": +Repeat these steps for all remaining nodes. Once a quorum is achieved, +the cluster will be reported as "highly available": ``` $ sudo k8s status cluster status: ready -control plane nodes: 10.80.130.168:6400 (voter), 10.80.130.167:6400 (voter), 10.80.130.164:6400 (voter) +control plane nodes: 10.80.130.168:6400 (voter), + 10.80.130.167:6400 (voter), + 10.80.130.164:6400 (voter) high availability: yes datastore: k8s-dqlite network: enabled diff --git a/src/k8s/cmd/k8sd/k8sd_cluster_recover.go b/src/k8s/cmd/k8sd/k8sd_cluster_recover.go index 766acc49f..204dbbabd 100755 --- a/src/k8s/cmd/k8sd/k8sd_cluster_recover.go +++ b/src/k8s/cmd/k8sd/k8sd_cluster_recover.go @@ -28,7 +28,7 @@ import ( "github.com/canonical/k8s/pkg/utils" ) -const recoveryConfirmation = `You should only run this command if: +const preRecoveryMessage = `You should only run this command if: - A quorum of cluster members is permanently lost - You are *absolutely* sure all k8s daemons are stopped (sudo snap stop k8s) - This instance has the most up to date database @@ -36,8 +36,17 @@ const recoveryConfirmation = `You should only run this command if: Note that before applying any changes, a database backup is created at: * k8sd (microcluster): /var/snap/k8s/common/var/lib/k8sd/state/db_backup..tar.gz * k8s-dqlite: /var/snap/k8s/common/recovery-k8s-dqlite--pre-recovery.tar.gz +` + +const recoveryConfirmation = "Do you want to proceed? (yes/no): " + +const nonInteractiveMessage = `Non-interactive mode requested. -Do you want to proceed? (yes/no): ` +The command will assume that the dqlite configuration files have already been +modified with the updated cluster member roles and addresses. + +Initiating the dqlite database recovery. +` const clusterK8sdYamlRecoveryComment = `# Member roles can be modified. Unrecoverable nodes should be given the role "spare". # @@ -75,6 +84,7 @@ const yamlHelperCommentFooter = "# ------- everything below will be written ---- var clusterRecoverOpts struct { K8sDqliteStateDir string + NonInteractive bool SkipK8sd bool SkipK8sDqlite bool } @@ -145,6 +155,8 @@ func newClusterRecoverCmd() *cobra.Command { cmd.Flags().StringVar(&clusterRecoverOpts.K8sDqliteStateDir, "k8s-dqlite-state-dir", "", "k8s-dqlite datastore location") + cmd.Flags().BoolVar(&clusterRecoverOpts.NonInteractive, "non-interactive", + false, "disable interactive prompts, assume that the configs have been updated") cmd.Flags().BoolVar(&clusterRecoverOpts.SkipK8sd, "skip-k8sd", false, "skip k8sd recovery") cmd.Flags().BoolVar(&clusterRecoverOpts.SkipK8sDqlite, "skip-k8s-dqlite", @@ -171,8 +183,8 @@ func recoveryCmdPrechecks(ctx context.Context) error { log.V(1).Info("Running prechecks.") - if !termios.IsTerminal(unix.Stdin) { - return fmt.Errorf("this command is meant to be run in an interactive terminal") + if !termios.IsTerminal(unix.Stdin) && !clusterRecoverOpts.NonInteractive { + return fmt.Errorf("interactive mode requested in a non-interactive terminal") } if clusterRecoverOpts.K8sDqliteStateDir == "" { @@ -182,21 +194,31 @@ func recoveryCmdPrechecks(ctx context.Context) error { return fmt.Errorf("k8sd state dir not specified") } - reader := bufio.NewReader(os.Stdin) - fmt.Print(recoveryConfirmation) + fmt.Print(preRecoveryMessage) + fmt.Print("\n") - input, err := reader.ReadString('\n') - if err != nil { - return fmt.Errorf("couldn't read user input, error: %w", err) - } - input = strings.TrimSuffix(input, "\n") + if clusterRecoverOpts.NonInteractive { + fmt.Print(nonInteractiveMessage) + fmt.Print("\n") + } else { + reader := bufio.NewReader(os.Stdin) + fmt.Print(recoveryConfirmation) + + input, err := reader.ReadString('\n') + if err != nil { + return fmt.Errorf("couldn't read user input, error: %w", err) + } + input = strings.TrimSuffix(input, "\n") - if strings.ToLower(input) != "yes" { - return fmt.Errorf("cluster edit aborted; no changes made") + if strings.ToLower(input) != "yes" { + return fmt.Errorf("cluster edit aborted; no changes made") + } + + fmt.Print("\n") } if !clusterRecoverOpts.SkipK8sDqlite { - if err = ensureK8sDqliteMembersStopped(ctx); err != nil { + if err := ensureK8sDqliteMembersStopped(ctx); err != nil { return err } } @@ -376,59 +398,64 @@ func recoverK8sd() (string, error) { clusterYamlPath := path.Join(m.FileSystem.DatabaseDir, "cluster.yaml") clusterYamlCommentHeader := fmt.Sprintf("# K8sd cluster configuration\n# (based on the trust store and %s)\n", clusterYamlPath) - clusterYamlContent, err := yamlEditorGuide( - "", - false, - slices.Concat( - []byte(clusterYamlCommentHeader), - []byte("#\n"), - []byte(clusterK8sdYamlRecoveryComment), - []byte(yamlHelperCommentFooter), - []byte("\n"), - oldMembersYaml, - ), - false, - ) - if err != nil { - return "", fmt.Errorf("interactive text editor failed, error: %w", err) - } + clusterYamlContent := oldMembersYaml + if !clusterRecoverOpts.NonInteractive { + // Interactive mode requested (default). + // Assist the user in configuring dqlite. + clusterYamlContent, err = yamlEditorGuide( + "", + false, + slices.Concat( + []byte(clusterYamlCommentHeader), + []byte("#\n"), + []byte(clusterK8sdYamlRecoveryComment), + []byte(yamlHelperCommentFooter), + []byte("\n"), + oldMembersYaml, + ), + false, + ) + if err != nil { + return "", fmt.Errorf("interactive text editor failed, error: %w", err) + } - infoYamlPath := path.Join(m.FileSystem.DatabaseDir, "info.yaml") - infoYamlCommentHeader := fmt.Sprintf("# K8sd info.yaml\n# (%s)\n", infoYamlPath) - _, err = yamlEditorGuide( - infoYamlPath, - true, - slices.Concat( - []byte(infoYamlCommentHeader), - []byte("#\n"), - []byte(infoYamlRecoveryComment), - utils.YamlCommentLines(clusterYamlContent), - []byte("\n"), - []byte(yamlHelperCommentFooter), - ), - true, - ) - if err != nil { - return "", fmt.Errorf("interactive text editor failed, error: %w", err) - } + infoYamlPath := path.Join(m.FileSystem.DatabaseDir, "info.yaml") + infoYamlCommentHeader := fmt.Sprintf("# K8sd info.yaml\n# (%s)\n", infoYamlPath) + _, err = yamlEditorGuide( + infoYamlPath, + true, + slices.Concat( + []byte(infoYamlCommentHeader), + []byte("#\n"), + []byte(infoYamlRecoveryComment), + utils.YamlCommentLines(clusterYamlContent), + []byte("\n"), + []byte(yamlHelperCommentFooter), + ), + true, + ) + if err != nil { + return "", fmt.Errorf("interactive text editor failed, error: %w", err) + } - daemonYamlPath := path.Join(m.FileSystem.StateDir, "daemon.yaml") - daemonYamlCommentHeader := fmt.Sprintf("# K8sd daemon.yaml\n# (%s)\n", daemonYamlPath) - _, err = yamlEditorGuide( - daemonYamlPath, - true, - slices.Concat( - []byte(daemonYamlCommentHeader), - []byte("#\n"), - []byte(daemonYamlRecoveryComment), - utils.YamlCommentLines(clusterYamlContent), - []byte("\n"), - []byte(yamlHelperCommentFooter), - ), - true, - ) - if err != nil { - return "", fmt.Errorf("interactive text editor failed, error: %w", err) + daemonYamlPath := path.Join(m.FileSystem.StateDir, "daemon.yaml") + daemonYamlCommentHeader := fmt.Sprintf("# K8sd daemon.yaml\n# (%s)\n", daemonYamlPath) + _, err = yamlEditorGuide( + daemonYamlPath, + true, + slices.Concat( + []byte(daemonYamlCommentHeader), + []byte("#\n"), + []byte(daemonYamlRecoveryComment), + utils.YamlCommentLines(clusterYamlContent), + []byte("\n"), + []byte(yamlHelperCommentFooter), + ), + true, + ) + if err != nil { + return "", fmt.Errorf("interactive text editor failed, error: %w", err) + } } newMembers := []cluster.DqliteMember{} @@ -465,40 +492,53 @@ func recoverK8sd() (string, error) { func recoverK8sDqlite() (string, string, error) { k8sDqliteStateDir := clusterRecoverOpts.K8sDqliteStateDir + var err error + clusterYamlContent := []byte{} clusterYamlPath := path.Join(k8sDqliteStateDir, "cluster.yaml") clusterYamlCommentHeader := fmt.Sprintf("# k8s-dqlite cluster configuration\n# (%s)\n", clusterYamlPath) - clusterYamlContent, err := yamlEditorGuide( - clusterYamlPath, - true, - slices.Concat( - []byte(clusterYamlCommentHeader), - []byte("#\n"), - []byte(clusterK8sDqliteRecoveryComment), - []byte(yamlHelperCommentFooter), - ), - true, - ) - if err != nil { - return "", "", fmt.Errorf("interactive text editor failed, error: %w", err) - } - infoYamlPath := path.Join(k8sDqliteStateDir, "info.yaml") - infoYamlCommentHeader := fmt.Sprintf("# k8s-dqlite info.yaml\n# (%s)\n", infoYamlPath) - _, err = yamlEditorGuide( - infoYamlPath, - true, - slices.Concat( - []byte(infoYamlCommentHeader), - []byte("#\n"), - []byte(infoYamlRecoveryComment), - utils.YamlCommentLines(clusterYamlContent), - []byte("\n"), - []byte(yamlHelperCommentFooter), - ), - true, - ) - if err != nil { - return "", "", fmt.Errorf("interactive text editor failed, error: %w", err) + if clusterRecoverOpts.NonInteractive { + clusterYamlContent, err = os.ReadFile(clusterYamlPath) + if err != nil { + return "", "", fmt.Errorf( + "could not read k8s-dqlite cluster.yaml, error: %w", err) + } + } else { + // Interactive mode requested (default). + // Assist the user in configuring dqlite. + clusterYamlContent, err = yamlEditorGuide( + clusterYamlPath, + true, + slices.Concat( + []byte(clusterYamlCommentHeader), + []byte("#\n"), + []byte(clusterK8sDqliteRecoveryComment), + []byte(yamlHelperCommentFooter), + ), + true, + ) + if err != nil { + return "", "", fmt.Errorf("interactive text editor failed, error: %w", err) + } + + infoYamlPath := path.Join(k8sDqliteStateDir, "info.yaml") + infoYamlCommentHeader := fmt.Sprintf("# k8s-dqlite info.yaml\n# (%s)\n", infoYamlPath) + _, err = yamlEditorGuide( + infoYamlPath, + true, + slices.Concat( + []byte(infoYamlCommentHeader), + []byte("#\n"), + []byte(infoYamlRecoveryComment), + utils.YamlCommentLines(clusterYamlContent), + []byte("\n"), + []byte(yamlHelperCommentFooter), + ), + true, + ) + if err != nil { + return "", "", fmt.Errorf("interactive text editor failed, error: %w", err) + } } newMembers := []dqlite.NodeInfo{} From 407f739a824018842831621cf2e5b73a3c97cd4c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 12:52:44 -0500 Subject: [PATCH 005/122] [main] Update component versions (#674) Co-authored-by: addyess <10090033+addyess@users.noreply.github.com> --- build-scripts/components/cni/version | 2 +- build-scripts/components/kubernetes/version | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build-scripts/components/cni/version b/build-scripts/components/cni/version index 2e7bd9108..53b5bbb12 100644 --- a/build-scripts/components/cni/version +++ b/build-scripts/components/cni/version @@ -1 +1 @@ -v1.5.0 +v1.5.1 diff --git a/build-scripts/components/kubernetes/version b/build-scripts/components/kubernetes/version index d3aa76971..085dad940 100644 --- a/build-scripts/components/kubernetes/version +++ b/build-scripts/components/kubernetes/version @@ -1 +1 @@ -v1.31.0 +v1.31.1 From 4d5f4067554a8672e066cdea04e144786257b022 Mon Sep 17 00:00:00 2001 From: Nick Veitch Date: Tue, 17 Sep 2024 15:38:12 +0100 Subject: [PATCH 006/122] Add epa explanation docs (#595) --------- Co-authored-by: Yanisa Haley Scherber --- docs/src/snap/explanation/epa.md | 544 +++++++++++++++++++++++++++++ docs/src/snap/explanation/index.md | 1 + 2 files changed, 545 insertions(+) create mode 100644 docs/src/snap/explanation/epa.md diff --git a/docs/src/snap/explanation/epa.md b/docs/src/snap/explanation/epa.md new file mode 100644 index 000000000..a0884df55 --- /dev/null +++ b/docs/src/snap/explanation/epa.md @@ -0,0 +1,544 @@ +# Enhanced Platform Awareness + +Enhanced Platform Awareness (EPA) is a methodology and a set of enhancements +across various layers of the orchestration stack. + +EPA focuses on discovering, scheduling and isolating server hardware +capabilities. This document provides a detailed guide of how EPA applies to +{{product}}, which centre around the following technologies: + +- **HugePage support**: In GA from Kubernetes v1.14, this feature enables the + discovery, scheduling and allocation of HugePages as a first-class + resource. +- **Real-time kernel**: Ensures that high-priority tasks are run within a + predictable time frame, providing the low latency and high determinism + essential for time-sensitive applications. +- **CPU pinning** (CPU Manager for Kubernetes (CMK)): In GA from Kubernetes + v1.26, provides mechanisms for CPU pinning and isolation of containerised + workloads. +- **NUMA topology awareness**: Ensures that CPU and memory allocation are + aligned according to the NUMA architecture, reducing memory latency and + increasing performance for memory-intensive applications. +- **Single Root I/O Virtualization (SR-IOV)**: Enhances networking by enabling + virtualisation of a single physical network device into multiple virtual + devices. +- **DPDK (Data Plane Development Kit)**: A set of libraries and drivers for + fast packet processing, designed to run in user space, optimising network + performance and reducing latency. + +This document provides relevant links to detailed instructions for setting up +and installing these technologies. It is designed for developers +and architects who wish to integrate these new technologies into their +{{product}}-based networking solutions. + +## HugePages + +HugePages are a feature in the Linux kernel which enables the allocation of +larger memory pages. This reduces the overhead of managing large amounts of +memory and can improve performance for applications that require significant +memory access. + +### Key features + +- **Larger memory pages**: HugePages provide larger memory pages (e.g., 2MB or + 1GB) compared to the standard 4KB pages, reducing the number of pages the + system must manage. +- **Reduced overhead**: By using fewer, larger pages, the system reduces the + overhead associated with page table entries, leading to improved memory + management efficiency. +- **Improved TLB performance**: The Translation Lookaside Buffer (TLB) stores + recent translations of virtual memory to physical memory addresses. Using + HugePages increases TLB hit rates, reducing the frequency of memory + translation lookups. +- **Enhanced application performance**: Applications that access large amounts + of memory can benefit from HugePages by experiencing lower latency and + higher throughput due to reduced page faults and better memory access + patterns. +- **Support for high-performance workloads**: Ideal for high-performance + computing (HPC) applications, databases and other memory-intensive + workloads that demand efficient and fast memory access. +- **Native Kubernetes integration**: Starting from Kubernetes v1.14, HugePages + are supported as a native, first-class resource, enabling their + discovery, scheduling and allocation within Kubernetes environments. + +### Application to Kubernetes + +The architecture for HugePages on Kubernetes integrates the management and +allocation of large memory pages into the Kubernetes orchestration system. Here +are the key architectural components and their roles: + +- **Node configuration**: Each Kubernetes node must be configured to reserve + HugePages. This involves setting the number of HugePages in the node's + kernel boot parameters. +- **Kubelet configuration**: The `kubelet` on each node must be configured to + recognise and manage HugePages. This is typically done through the `kubelet` + configuration file, specifying the size and number of HugePages. +- **Pod specification**: HugePages are requested and allocated at the pod + level through resource requests and limits in the pod specification. Pods + can request specific sizes of HugePages (e.g., 2MB or 1GB). +- **Scheduler awareness**: The Kubernetes scheduler is aware of HugePages as a + resource and schedules pods onto nodes that have sufficient HugePages + available. This ensures that pods with HugePages requirements are placed + appropriately. Scheduler configurations and policies can be adjusted to + optimise HugePages allocation and utilisation. +- **Node Feature Discovery (NFD)**: Node Feature Discovery can be used to + label nodes with their HugePages capabilities. This enables scheduling + decisions to be based on the available HugePages resources. +- **Resource quotas and limits**: Kubernetes enables the definition of resource + quotas and limits to control the allocation of HugePages across namespaces. + This helps in managing and isolating resource usage effectively. +- **Monitoring and metrics**: Kubernetes provides tools and integrations + (e.g., Prometheus, Grafana) to monitor and visualise HugePages usage across + the cluster. This helps in tracking resource utilisation and performance. + Metrics can include HugePages allocation, usage and availability on each + node, aiding in capacity planning and optimization. + +## Real-time kernel + +A real-time kernel ensures that high-priority tasks are run within a +predictable timeframe, crucial for applications requiring low latency and high +determinism. Note that this can also impede applications which were not +designed with these considerations. + +### Key features + +- **Predictable task execution**: A real-time kernel ensures that + high-priority tasks are run within a predictable and bounded timeframe, + reducing the variability in task execution time. +- **Low latency**: The kernel is optimised to minimise the time it takes to + respond to high-priority tasks, which is crucial for applications that + require immediate processing. +- **Priority-based scheduling**: Tasks are scheduled based on their priority + levels, with real-time tasks being given precedence over other types of + tasks to ensure they are processed promptly. +- **Deterministic behaviour**: The kernel guarantees deterministic behaviour, + meaning the same task will have the same response time every time it is + run, essential for time-sensitive applications. +- **Pre-emption:** The real-time kernel supports preemptive multitasking, + allowing high-priority tasks to interrupt lower-priority tasks to ensure + critical tasks are run without delay. +- **Resource reservation**: System resources (such as CPU and memory) can be + reserved by the kernel for real-time tasks, ensuring that these resources + are available when needed. +- **Enhanced interrupt handling**: Interrupt handling is optimised to ensure + minimal latency and jitter, which is critical for maintaining the + performance of real-time applications. +- **Real-time scheduling policies**: The kernel includes specific scheduling + policies (e.g., SCHED\_FIFO, SCHED\_RR) designed to manage real-time tasks + effectively and ensure they meet their deadlines. + +These features make a real-time kernel ideal for applications requiring precise +timing and high reliability. + +### Application to Kubernetes + +The architecture for integrating a real-time kernel into Kubernetes involves +several components and configurations to ensure that high-priority, low-latency +tasks can be managed effectively within a Kubernetes environment. Here are the +key architectural components and their roles: + +- **Real-time kernel installation**: Each Kubernetes node must run a real-time + kernel. This involves installing a real-time kernel package and configuring + the system to use it. +- **Kernel boot parameters**: The kernel boot parameters must be configured to + optimise for real-time performance. This includes isolating CPU cores and + configuring other kernel parameters for real-time behaviour. +- **Kubelet configuration**: The `kubelet` on each node must be configured to + recognise and manage real-time workloads. This can involve setting specific + `kubelet` flags and configurations. +- **Pod specification**: Real-time workloads are specified at the pod level + through resource requests and limits. Pods can request dedicated CPU cores + and other resources to ensure they meet real-time requirements. +- **CPU Manager**: Kubernetes’ CPU Manager is a critical component for + real-time workloads. It enables the static allocation of CPUs to + containers, ensuring that specific CPU cores are dedicated to particular + workloads. +- **Scheduler awareness**: The Kubernetes scheduler must be aware of real-time + requirements and prioritise scheduling pods onto nodes with available + real-time resources. +- **Priority and preemption**: Kubernetes supports priority and preemption to + ensure that critical real-time pods are scheduled and run as needed. This + involves defining pod priorities and enabling preemption to ensure + high-priority pods can displace lower-priority ones if necessary. +- **Resource quotas and limits**: Kubernetes can define resource quotas + and limits to control the allocation of resources for real-time workloads + across namespaces. This helps manage and isolate resource usage effectively. +- **Monitoring and metrics**: Monitoring tools such as Prometheus and Grafana + can be used to track the performance and resource utilisation of real-time + workloads. Metrics include CPU usage, latency and task scheduling times, + which help in optimising and troubleshooting real-time applications. +- **Security and isolation**: Security contexts and isolation mechanisms + ensure that real-time workloads are protected and run in a controlled + environment. This includes setting privileged containers and configuring + namespaces. + +## CPU pinning + +CPU pinning enables specific CPU cores to be dedicated to a particular process +or container, ensuring that the process runs on the same CPU core(s) every +time, which reduces context switching and cache invalidation. + +### Key features + +- **Dedicated CPU Cores**: CPU pinning allocates specific CPU cores to a + process or container, ensuring consistent and predictable CPU usage. +- **Reduced context switching**: By running a process or container on the same + CPU core(s), CPU pinning minimises the overhead associated with context + switching, leading to better performance. +- **Improved cache utilisation**: When a process runs on a dedicated CPU core, + it can take full advantage of the CPU cache, reducing the need to fetch data + from main memory and improving overall performance. +- **Enhanced application performance**: Applications that require low latency + and high performance benefit from CPU pinning as it ensures they have + dedicated processing power without interference from other processes. +- **Consistent performance**: CPU pinning ensures that a process or container + receives consistent CPU performance, which is crucial for real-time and + performance-sensitive applications. +- **Isolation of workloads**: CPU pinning isolates workloads on specific CPU + cores, preventing them from being affected by other workloads running on + different cores. This is especially useful in multi-tenant environments. +- **Improved predictability**: By eliminating the variability introduced by + sharing CPU cores, CPU pinning provides more predictable performance + characteristics for critical applications. +- **Integration with Kubernetes**: Kubernetes supports CPU pinning through the + CPU Manager (in GA since v1.26), which allows for the static allocation of + CPUs to containers. This ensures that containers with high CPU demands have + the necessary resources. + +### Application to Kubernetes + +The architecture for CPU pinning in Kubernetes involves several components and +configurations to ensure that specific CPU cores can be dedicated to particular +processes or containers, thereby enhancing performance and predictability. Here +are the key architectural components and their roles: + +- **Kubelet configuration**: The `kubelet` on each node must be configured to + enable CPU pinning. This involves setting specific `kubelet` flags to + activate the CPU Manager. +- **CPU manager**: Kubernetes’ CPU Manager is a critical component for CPU + pinning. It allows for the static allocation of CPUs to containers, ensuring + that specific CPU cores are dedicated to particular workloads. The CPU + Manager can be configured to either static or none. Static policy enables + exclusive CPU core allocation to Guaranteed QoS (Quality of Service) pods. +- **Pod specification**: Pods must be specified to request dedicated CPU + resources. This is done through resource requests and limits in the pod + specification. +- **Scheduler awareness**: The Kubernetes scheduler must be aware of the CPU + pinning requirements. It schedules pods onto nodes with available CPU + resources as requested by the pod specification. The scheduler ensures that + pods with specific CPU pinning requests are placed on nodes with sufficient + free dedicated CPUs. +- **NUMA Topology Awareness**: For optimal performance, CPU pinning should be + aligned with NUMA (Non-Uniform Memory Access) topology. This ensures that + memory accesses are local to the CPU, reducing latency. Kubernetes can be + configured to be NUMA-aware, using the Topology Manager to align CPU + and memory allocation with NUMA nodes. +- **Node Feature Discovery (NFD)**: Node Feature Discovery can be used to + label nodes with their CPU capabilities, including the availability of + isolated and reserved CPU cores. +- **Resource quotas and limits**: Kubernetes can define resource quotas + and limits to control the allocation of CPU resources across namespaces. + This helps in managing and isolating resource usage effectively. +- **Monitoring and metrics**: Monitoring tools such as Prometheus and Grafana + can be used to track the performance and resource utilisation of CPU-pinned + workloads. Metrics include CPU usage, core allocation and task scheduling + times, which help in optimising and troubleshooting performance-sensitive + applications. +- **Isolation and security**: Security contexts and isolation mechanisms + ensure that CPU-pinned workloads are protected and run in a controlled + environment. This includes setting privileged containers and configuring + namespaces to avoid resource contention. +- **Performance Tuning**: Additional performance tuning can be achieved by + isolating CPU cores at the OS level and configuring kernel parameters to + minimise interference from other processes. This includes setting CPU + isolation and `nohz_full` parameters (reduces the number of scheduling-clock + interrupts, improving energy efficiency and [reducing OS jitter][no_hz]). + +## NUMA topology awareness + +NUMA (Non-Uniform Memory Access) topology awareness ensures that the CPU and +memory allocation are aligned according to the NUMA architecture, which can +reduce memory latency and increase performance for memory-intensive +applications. + +The Kubernetes Memory Manager enables the feature of guaranteed memory (and +HugePages) allocation for pods in the Guaranteed QoS (Quality of Service) +class. + +The Memory Manager employs hint generation protocol to yield the most suitable +NUMA affinity for a pod. The Memory Manager feeds the central manager (Topology +Manager) with these affinity hints. Based on both the hints and Topology +Manager policy, the pod is rejected or admitted to the node. + +Moreover, the Memory Manager ensures that the memory which a pod requests is +allocated from a minimum number of NUMA nodes. + +### Key features + +- **Aligned CPU and memory allocation**: NUMA topology awareness ensures that + CPUs and memory are allocated in alignment with the NUMA architecture, + minimising cross-node memory access latency. +- **Reduced memory latency**: By ensuring that memory is accessed from the + same NUMA node as the CPU, NUMA topology awareness reduces memory latency, + leading to improved performance for memory-intensive applications. +- **Increased performance**: Applications benefit from increased performance + due to optimised memory access patterns, which is especially critical for + high-performance computing and data-intensive tasks. +- **Kubernetes Memory Manager**: The Kubernetes Memory Manager supports + guaranteed memory allocation for pods in the Guaranteed QoS (Quality of + Service) class, ensuring predictable performance. +- **Hint generation protocol**: The Memory Manager uses a hint generation + protocol to determine the most suitable NUMA affinity for a pod, helping to + optimise resource allocation based on NUMA topology. +- **Integration with Topology Manager**: The Memory Manager provides NUMA + affinity hints to the Topology Manager. The Topology Manager then decides + whether to admit or reject the pod based on these hints and the configured + policy. +- **Optimised resource allocation**: The Memory Manager ensures that the + memory requested by a pod is allocated from the minimum number of NUMA + nodes, thereby optimising resource usage and performance. +- **Enhanced scheduling decisions**: The Kubernetes scheduler, in conjunction + with the Topology Manager, makes informed decisions about pod placement to + ensure optimal NUMA alignment, improving overall cluster efficiency. +- **Support for HugePages**: The Memory Manager also supports the allocation + of HugePages, ensuring that large memory pages are allocated in a NUMA-aware + manner, further enhancing performance for applications that require large + memory pages. +- **Improved application predictability**: By aligning CPU and memory + allocation with NUMA topology, applications experience more predictable + performance characteristics, crucial for real-time and latency-sensitive + workloads. +- **Policy-Based Management**: NUMA topology awareness can be managed through + policies so that administrators can configure how resources should be + allocated based on the NUMA architecture, providing flexibility and control. + +### Application to Kubernetes + +The architecture for NUMA topology awareness in Kubernetes involves several +components and configurations to ensure that CPU and memory allocations are +optimised according to the NUMA architecture. This setup reduces memory latency +and enhances performance for memory intensive applications. Here are the key +architectural components and their roles: + +- **Node configuration**: Each Kubernetes node must have NUMA-aware hardware. + The system's NUMA topology can be inspected using tools such as `lscpu` or + `numactl`. +- **Kubelet configuration**: The `kubelet` on each node must be configured to + enable NUMA topology awareness. This involves setting specific `kubelet` + flags to activate the Topology Manager. +- **Topology Manager**: The Topology Manager is a critical component that + coordinates resource allocation based on NUMA topology. It receives NUMA + affinity hints from other managers (e.g., CPU Manager, Device Manager) and + makes informed scheduling decisions. +- **Memory Manager**: The Kubernetes Memory Manager is responsible for + managing memory allocation, including HugePages, in a NUMA-aware manner. It + ensures that memory is allocated from the minimum number of NUMA nodes + required. The Memory Manager uses a hint generation protocol to provide NUMA + affinity hints to the Topology Manager. +- **Pod specification**: Pods can be specified to request NUMA-aware resource + allocation through resource requests and limits, ensuring that they get + allocated in alignment with the NUMA topology. +- **Scheduler awareness**: The Kubernetes scheduler works in conjunction with + the Topology Manager to place pods on nodes that meet their NUMA affinity + requirements. The scheduler considers NUMA topology during the scheduling + process to optimise performance. +- **Node Feature Discovery (NFD)**: Node Feature Discovery can be used to + label nodes with their NUMA capabilities, providing the scheduler with + information to make more informed placement decisions. +- **Resource quotas and limits**: Kubernetes allows defining resource quotas + and limits to control the allocation of NUMA-aware resources across + namespaces. This helps in managing and isolating resource usage effectively. +- **Monitoring and metrics**: Monitoring tools such as Prometheus and Grafana + can be used to track the performance and resource utilisation of NUMA-aware + workloads. Metrics include CPU and memory usage per NUMA node, helping in + optimising and troubleshooting performance-sensitive applications. +- **Isolation and security**: Security contexts and isolation mechanisms + ensure that NUMA-aware workloads are protected and run in a controlled + environment. This includes setting privileged containers and configuring + namespaces to avoid resource contention. +- **Performance tuning**: Additional performance tuning can be achieved by + configuring kernel parameters and using tools like `numactl` to bind + processes to specific NUMA nodes. + +## SR-IOV (Single Root I/O Virtualization) + +SR-IOV enables a single physical network device to appear as multiple separate +virtual devices. This can be beneficial for network-intensive applications that +require direct access to the network hardware. + +### Key features + +- **Multiple Virtual Functions (VFs)**: SR-IOV enables a single physical + network device to be partitioned into multiple virtual functions (VFs), each + of which can be assigned to a virtual machine or container as a separate + network interface. +- **Direct hardware access**: By providing direct access to the physical + network device, SR-IOV bypasses the software-based network stack, reducing + overhead and improving network performance and latency. +- **Improved network throughput**: Applications can achieve higher network + throughput as SR-IOV enables high-speed data transfer directly + between the network device and the application. +- **Reduced CPU utilisation**: Offloading network processing to the hardware + reduces the CPU load on the host system, freeing up CPU resources for other + tasks and improving overall system performance. +- **Isolation and security**: Each virtual function (VF) is isolated from + others, providing security and stability. This isolation ensures that issues + in one VF do not affect other VFs or the physical function (PF). +- **Dynamic resource allocation**: SR-IOV supports dynamic allocation of + virtual functions, enabling resources to be adjusted based on application + demands without requiring changes to the physical hardware setup. +- **Enhanced virtualisation support**: SR-IOV is particularly beneficial in + virtualised environments, enabling better network performance for virtual + machines and containers by providing them with dedicated network interfaces. +- **Kubernetes integration**: Kubernetes supports SR-IOV through the use of + network device plugins, enabling the automatic discovery, allocation, + and management of virtual functions. +- **Compatibility with Network Functions Virtualization (NFV)**: SR-IOV is + widely used in NFV deployments to meet the high-performance networking + requirements of virtual network functions (VNFs), such as firewalls, + routers and load balancers. +- **Reduced network latency**: As network packets can bypass the + hypervisor's virtual switch, SR-IOV significantly reduces network latency, + making it ideal for latency-sensitive applications. + +### Application to Kubernetes + +The architecture for SR-IOV (Single Root I/O Virtualization) in Kubernetes +involves several components and configurations to ensure that virtual functions +(VFs) from a single physical network device can be managed and allocated +efficiently. This setup enhances network performance and provides direct access +to network hardware for applications requiring high throughput and low latency. +Here are the key architectural components and their roles: + +- **Node configuration**: Each Kubernetes node with SR-IOV capable hardware + must have the SR-IOV drivers and tools installed. This includes the SR-IOV + network device plugin and associated drivers. +- **SR-IOV enabled network interface**: The physical network interface card + (NIC) must be configured to support SR-IOV. This involves enabling SR-IOV in + the system BIOS and configuring the NIC to create virtual functions (VFs). +- **SR-IOV network device plugin**: The SR-IOV network device plugin is + deployed as a DaemonSet in Kubernetes. It discovers SR-IOV capable network + interfaces and manages the allocation of virtual functions (VFs) to pods. +- **Device Plugin Configuration**: The SR-IOV device plugin requires a + configuration file that specifies the network devices and the number of + virtual functions (VFs) to be managed. +- **Pod specification**: Pods can request SR-IOV virtual functions by + specifying resource requests and limits in the pod specification. The SR-IOV + device plugin allocates the requested VFs to the pod. +- **Scheduler awareness**: The Kubernetes scheduler must be aware of the + SR-IOV resources available on each node. The device plugin advertises the + available VFs as extended resources, which the scheduler uses to place pods + accordingly. Scheduler configuration ensures pods with SR-IOV requests are + scheduled on nodes with available VFs. +- **Resource quotas and limits**: Kubernetes enables the definition of + resource quotas and limits to control the allocation of SR-IOV resources + across namespaces. This helps manage and isolate resource usage effectively. +- **Monitoring and metrics**: Monitoring tools such as Prometheus and Grafana + can be used to track the performance and resource utilisation of + SR-IOV-enabled workloads. Metrics include VF allocation, network throughput, + and latency, helping optimise and troubleshoot performance-sensitive + applications. +- **Isolation and security**: SR-IOV provides isolation between VFs, ensuring + that each VF operates independently and securely. This isolation is critical + for multi-tenant environments where different workloads share the same + physical network device. +- **Dynamic resource allocation**: SR-IOV supports dynamic allocation and + deallocation of VFs, enabling Kubernetes to adjust resources based on + application demands without requiring changes to the physical hardware + setup. + +## DPDK (Data Plane Development Kit) + +The Data Plane Development Kit (DPDK) is a set of libraries and drivers for +fast packet processing. It is designed to run in user space, so that +applications can achieve high-speed packet processing by bypassing the kernel. +DPDK is used to optimise network performance and reduce latency, making it +ideal for applications that require high-throughput and low-latency networking, +such as telecommunications, cloud data centres and network functions +virtualisation (NFV). + +### Key features + +- **High performance**: DPDK can process millions of packets per second per + core, using multi-core CPUs to scale performance. +- **User-space processing**: By running in user space, DPDK avoids the + overhead of kernel context switches and uses HugePages for better + memory performance. +- **Poll Mode Drivers (PMD)**: DPDK uses PMDs that poll for packets instead of + relying on interrupts, which reduces latency. + +### DPDK architecture + +The main goal of the DPDK is to provide a simple, complete framework for fast +packet processing in data plane applications. Anyone can use the code to +understand some of the techniques employed, to build upon for prototyping or to +add their own protocol stacks. + +The framework creates a set of libraries for specific environments through the +creation of an Environment Abstraction Layer (EAL), which may be specific to a +mode of the Intel® architecture (32-bit or 64-bit), user space +compilers or a specific platform. These environments are created through the +use of Meson files (needed by Meson, the software tool for automating the +building of software that DPDK uses) and configuration files. Once the EAL +library is created, the user may link with the library to create their own +applications. Other libraries, outside of EAL, including the Hash, Longest +Prefix Match (LPM) and rings libraries are also provided. Sample applications +are provided to help show the user how to use various features of the DPDK. + +The DPDK implements a run-to-completion model for packet processing, where all +resources must be allocated prior to calling data plane applications, running +as execution units on logical processing cores. The model does not support a +scheduler and all devices are accessed by polling. The primary reason for not +using interrupts is the performance overhead imposed by interrupt processing. + +In addition to the run-to-completion model, a pipeline model may also be used +by passing packets or messages between cores via the rings. This enables work +to be performed in stages and is a potentially more efficient use of code on +cores. This is suitable for scenarios where each pipeline must be mapped to a +specific application thread or when multiple pipelines must be mapped to the +same thread. + +### Application to Kubernetes + +The architecture for integrating the Data Plane Development Kit (DPDK) into +Kubernetes involves several components and configurations to ensure high-speed +packet processing and low-latency networking. DPDK enables applications to +bypass the kernel network stack, providing direct access to network hardware +and significantly enhancing network performance. Here are the key architectural +components and their roles: + +- **Node configuration**: Each Kubernetes node must have the DPDK libraries + and drivers installed. This includes setting up HugePages and binding + network interfaces to DPDK-compatible drivers. +- **HugePages configuration**: DPDK requires HugePages for efficient memory + management. Configure the system to reserve HugePages. +- **Network interface binding**: Network interfaces must be bound to + DPDK-compatible drivers (e.g., vfio-pci) to be used by DPDK applications. +- **DPDK application container**: Create a Docker container image with the + DPDK application and necessary libraries. Ensure that the container runs + with appropriate privileges and mounts HugePages. +- **Pod specification**: Deploy the DPDK application in Kubernetes by + specifying the necessary resources, including CPU pinning and HugePages, in + the pod specification. +- **CPU pinning**: For optimal performance, DPDK applications should use + dedicated CPU cores. Configure CPU pinning in the pod specification. +- **SR-IOV for network interfaces**: Combine DPDK with SR-IOV to provide + high-performance network interfaces. Allocate SR-IOV virtual functions (VFs) + to DPDK pods. +- **Scheduler awareness**: The Kubernetes scheduler must be aware of the + resources required by DPDK applications, including HugePages and CPU + pinning, to place pods appropriately on nodes with sufficient resources. +- **Monitoring and metrics**: Use monitoring tools like Prometheus and Grafana + to track the performance of DPDK applications, including network throughput, + latency and CPU usage. +- **Resource quotas and limits**: Define resource quotas and limits to control + the allocation of resources for DPDK applications across namespaces, + ensuring fair resource distribution and preventing resource contention. +- **Isolation and security**: Ensure that DPDK applications run in isolated + and secure environments. Use security contexts to provide the necessary + privileges while maintaining security best practices. + + + + +[no_hz]: https://www.kernel.org/doc/Documentation/timers/NO_HZ.txt diff --git a/docs/src/snap/explanation/index.md b/docs/src/snap/explanation/index.md index 3feb4fb83..2f8380ea1 100644 --- a/docs/src/snap/explanation/index.md +++ b/docs/src/snap/explanation/index.md @@ -16,6 +16,7 @@ certificates channels clustering ingress +epa /snap/explanation/security ``` From 22f04c6cfad9af7495c42410c63ad5e28cda843b Mon Sep 17 00:00:00 2001 From: Adam Dyess Date: Tue, 17 Sep 2024 12:12:39 -0500 Subject: [PATCH 007/122] Update the issue template for creating release branches (#677) --- .../ISSUE_TEMPLATE/create_release_branch.md | 57 ++++++------------- 1 file changed, 18 insertions(+), 39 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/create_release_branch.md b/.github/ISSUE_TEMPLATE/create_release_branch.md index 9c5a8268a..c460a90ed 100644 --- a/.github/ISSUE_TEMPLATE/create_release_branch.md +++ b/.github/ISSUE_TEMPLATE/create_release_branch.md @@ -13,16 +13,16 @@ Make sure to follow the steps below and ensure all actions are completed and sig - **K8s version**: 1.xx -- **Owner**: +- **Owner**: `who plans to do the work` -- **Reviewer**: +- **Reviewer**: `who plans to review the work` -- **PR**: -- +- **PR**: https://github.com/canonical/k8s-snap/pull/`` + -- **PR**: +- **PR**: https://github.com/canonical/k8s-snap/pull/`` #### Actions @@ -53,7 +53,7 @@ The steps are to be followed in-order, each task must be completed by the person - [ ] **Owner**: Create `release-1.xx` branch from latest `master` in k8s-dqlite - `git clone git@github.com:canonical/k8s-dqlite.git ~/tmp/release-1.xx` - `pushd ~/tmp/release-1.xx` - - `git switch main` + - `git switch master` - `git pull` - `git checkout -b release-1.xx` - `git push origin release-1.xx` @@ -89,7 +89,7 @@ The steps are to be followed in-order, each task must be completed by the person - [ ] **Owner**: Create `release-1.xx` branch from latest `main` in rawfile-localpv - `git clone git@github.com:canonical/rawfile-localpv.git ~/tmp/release-1.xx` - `pushd ~/tmp/release-1.xx` - - `git switch main` + - `git switch rockcraft` - `git pull` - `git checkout -b release-1.xx` - `git push origin release-1.xx` @@ -98,7 +98,6 @@ The steps are to be followed in-order, each task must be completed by the person - [ ] **Reviewer**: Ensure `release-1.xx` branch is based on latest changes on `main` at the time of the release cut. - [ ] **Owner**: Create PR to initialize `release-1.xx` branch: - [ ] Update `KUBERNETES_RELEASE_MARKER` to `stable-1.xx` in [/build-scripts/hack/update-component-versions.py][] - - [ ] Update `master` to `release-1.xx` in [/build-scripts/components/k8s-dqlite/version][] - [ ] Update `"main"` to `"release-1.xx"` in [/build-scripts/hack/generate-sbom.py][] - [ ] `git commit -m 'Release 1.xx'` - [ ] Create PR against `release-1.xx` with the changes and request review from **Reviewer**. Make sure to update the issue `Information` section with a link to the PR. @@ -107,43 +106,22 @@ The steps are to be followed in-order, each task must be completed by the person - [ ] Add `release-1.xx` in [.github/workflows/update-components.yaml][] - [ ] Remove unsupported releases from the list (if applicable, consult with **Reviewer**) - [ ] Create PR against `main` with the changes and request review from **Reviewer**. Make sure to update the issue information with a link to the PR. -- [ ] **Reviewer**: On merge, confirm [Auto-update strict branch] action runs to completion and that the `autoupdate/release-1.xx-strict` branch is created. -- [ ] **Owner**: Create launchpad builders for `release-1.xx` - - [ ] Go to [lp:k8s][] and do **Import now** to pick up all latest changes. - - [ ] Under **Branches**, select `release-1.xx`, then **Create snap package** - - [ ] Set **Snap recipe name** to `k8s-snap-1.xx` - - [ ] Set **Owner** to `Canonical Kubernetes (containers)` - - [ ] Set **The project that this Snap is associated with** to `k8s` - - [ ] Set **Series** to Infer from snapcraft.yaml - - [ ] Set **Processors** to `AMD x86-64 (amd64)` and `ARM ARMv8 (arm64)` - - [ ] Enable **Automatically build when branch changes** - - [ ] Enable **Automatically upload to store** - - [ ] Set **Registered store name** to `k8s` - - [ ] In **Store Channels**, set **Track** to `1.xx-classic` and **Risk** to `edge`. Leave **Branch** empty - - [ ] Click **Create snap package** at the bottom of the page. -- [ ] **Owner**: Create launchpad builders for `release-1.xx-strict` - - [ ] Return to [lp:k8s][]. - - [ ] Under **Branches**, select `autoupdate/release-1.xx-strict`, then **Create snap package** - - [ ] Set **Snap recipe name** to `k8s-snap-1.xx-strict` - - [ ] Set **Owner** to `Canonical Kubernetes (containers)` - - [ ] Set **The project that this Snap is associated with** to `k8s` - - [ ] Set **Series** to Infer from snapcraft.yaml - - [ ] Set **Processors** to `AMD x86-64 (amd64)` and `ARM ARMv8 (arm64)` - - [ ] Enable **Automatically build when branch changes** - - [ ] Enable **Automatically upload to store** - - [ ] Set **Registered store name** to `k8s` - - [ ] In **Store Channels**, set **Track** to `1.xx` and **Risk** to `edge`. Leave **Branch** empty - - [ ] Click **Create snap package** at the bottom of the page. +- [ ] **Reviewer**: On merge, confirm [Auto-update strict branch] action runs to completion and that the `autoupdate/release-1.xx-*` flavor branches are created. + - [ ] autoupdate/release-1.xx-strict + - [ ] autoupdate/release-1.xx-moonray +- [ ] **Owner**: Create launchpad builders for `release-1.xx` and flavors + - [ ] Run the [Confirm Snap Builds][] Action - [ ] **Reviewer**: Ensure snap recipes are created in [lp:k8s/+snaps][] - - look for `k8s-snap-1.xx` - - look for `k8s-snap-1.xx-strict` + - [ ] look for `k8s-snap-1.xx-classic` + - [ ] look for `k8s-snap-1.xx-strict` + - [ ] look for `k8s-snap-1.xx-moonray` + - [ ] make sure each is "Authorized for Store Upload" #### After release - [ ] **Owner** follows up with the **Reviewer** and team about things to improve around the process. - [ ] **Owner**: After a few weeks of stable CI, update default track to `1.xx/stable` via - On the snap [releases page][], select `Track` > `1.xx` -- [ ] **Reviewer**: Ensure snap recipes are created in [lp:k8s/+snaps][] @@ -161,6 +139,7 @@ The steps are to be followed in-order, each task must be completed by the person [.github/workflows/update-components.yaml]: ../workflows/update-components.yaml [/build-scripts/components/hack/update-component-versions.py]: ../../build-scripts/components/hack/update-component-versions.py [/build-scripts/components/k8s-dqlite/version]: ../../build-scripts/components/k8s-dqlite/version -[/build-scripts/hack/generate-sbom.py]: ../..//build-scripts/hack/generate-sbom.py +[/build-scripts/hack/generate-sbom.py]: ../../build-scripts/hack/generate-sbom.py [lp:k8s]: https://code.launchpad.net/~cdk8s/k8s/+git/k8s-snap [lp:k8s/+snaps]: https://launchpad.net/k8s/+snaps +[Confirm Snap Builds]: https://github.com/canonical/canonical-kubernetes-release-ci/actions/workflows/create-release-branch.yaml From 67483085b1bb16dd30aa0087a5bc58157c790f4f Mon Sep 17 00:00:00 2001 From: Adam Dyess Date: Tue, 17 Sep 2024 12:50:21 -0500 Subject: [PATCH 008/122] Automerge every 4 hours any labeled PR with passing tests (#675) * Automerge every 4-hours any PR with passing tests labeled with 'automerge' * Make sure the bot can approve the PRs too * Update Bot information only if git email currently unset * consistently use private key secret to setup ssh git-remote * Rename secret to BOT_SSH_KEY * Reimagine auto-merge scripts as python --- .../workflows/auto-merge-successful-prs.yaml | 29 ++++++++++ .github/workflows/update-branches.yaml | 2 +- .github/workflows/update-components.yaml | 5 +- .../hack/auto-merge-successful-pr.py | 55 +++++++++++++++++++ build-scripts/patches/moonray/apply | 9 ++- build-scripts/patches/strict/apply | 7 ++- 6 files changed, 99 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/auto-merge-successful-prs.yaml create mode 100755 build-scripts/hack/auto-merge-successful-pr.py diff --git a/.github/workflows/auto-merge-successful-prs.yaml b/.github/workflows/auto-merge-successful-prs.yaml new file mode 100644 index 000000000..e7f4fc096 --- /dev/null +++ b/.github/workflows/auto-merge-successful-prs.yaml @@ -0,0 +1,29 @@ +name: Auto-merge Successful PRs + +on: + workflow_dispatch: + schedule: + - cron: "0 */4 * * *" # Every 4 hours + +permissions: + contents: read + +jobs: + merge-successful-prs: + runs-on: ubuntu-latest + + steps: + - name: Harden Runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + - name: Checking out repo + uses: actions/checkout@v4 + - uses: actions/setup-python@v5 + with: + python-version: '3.12' + - name: Auto-merge pull requests if all status checks pass + env: + GH_TOKEN: ${{ secrets.BOT_TOKEN }} + run: | + build-scripts/hack/auto-merge-successful-pr.py diff --git a/.github/workflows/update-branches.yaml b/.github/workflows/update-branches.yaml index 356bbce5b..b6ed8f38e 100644 --- a/.github/workflows/update-branches.yaml +++ b/.github/workflows/update-branches.yaml @@ -41,7 +41,7 @@ jobs: - name: Sync ${{ github.ref }} to ${{ steps.determine.outputs.branch }} uses: actions/checkout@v4 with: - ssh-key: ${{ secrets.DEPLOY_KEY_TO_UPDATE_STRICT_BRANCH }} + ssh-key: ${{ secrets.BOT_SSH_KEY }} - name: Apply ${{ matrix.patch }} patch run: | git checkout -b ${{ steps.determine.outputs.branch }} diff --git a/.github/workflows/update-components.yaml b/.github/workflows/update-components.yaml index 7f9e43745..23aa952a4 100644 --- a/.github/workflows/update-components.yaml +++ b/.github/workflows/update-components.yaml @@ -33,7 +33,7 @@ jobs: uses: actions/checkout@v4 with: ref: ${{ matrix.branch }} - ssh-key: ${{ secrets.DEPLOY_KEY_TO_UPDATE_STRICT_BRANCH }} + ssh-key: ${{ secrets.BOT_SSH_KEY }} - name: Setup Python uses: actions/setup-python@v5 @@ -51,10 +51,11 @@ jobs: - name: Create pull request uses: peter-evans/create-pull-request@v6 with: - git-token: ${{ secrets.DEPLOY_KEY_TO_UPDATE_STRICT_BRANCH }} commit-message: "[${{ matrix.branch }}] Update component versions" title: "[${{ matrix.branch }}] Update component versions" body: "[${{ matrix.branch }}] Update component versions" branch: "autoupdate/sync/${{ matrix.branch }}" + labels: | + automerge delete-branch: true base: ${{ matrix.branch }} diff --git a/build-scripts/hack/auto-merge-successful-pr.py b/build-scripts/hack/auto-merge-successful-pr.py new file mode 100755 index 000000000..ea6c98e6b --- /dev/null +++ b/build-scripts/hack/auto-merge-successful-pr.py @@ -0,0 +1,55 @@ +#!/bin/env python3 + +import shlex +import subprocess +import json + +LABEL = "automerge" +APPROVE_MSG = "All status checks passed for PR #{}." + + +def sh(cmd: str) -> str: + """Run a shell command and return its output.""" + _pipe = subprocess.PIPE + result = subprocess.run(shlex.split(cmd), stdout=_pipe, stderr=_pipe, text=True) + if result.returncode != 0: + raise Exception(f"Error running command: {cmd}\nError: {result.stderr}") + return result.stdout.strip() + + +def get_pull_requests() -> list: + """Fetch open pull requests matching some label.""" + prs_json = sh("gh pr list --state open --json number,labels") + prs = json.loads(prs_json) + return [pr for pr in prs if any(label["name"] == LABEL for label in pr["labels"])] + + +def check_pr_passed(pr_number) -> bool: + """Check if all status checks passed for the given PR.""" + checks_json = sh(f"gh pr checks {pr_number} --json bucket") + checks = json.loads(checks_json) + return all(check["bucket"] == "pass" for check in checks) + + +def approve_and_merge_pr(pr_number) -> None: + """Approve and merge the PR.""" + print(APPROVE_MSG.format(pr_number) + "Proceeding with merge...") + sh(f'gh pr review {pr_number} --comment -b "{APPROVE_MSG.format(pr_number)}"') + sh(f"gh pr merge {pr_number} --admin --squash") + + +def process_pull_requests(): + """Process the PRs and merge if checks have passed.""" + prs = get_pull_requests() + + for pr in prs: + pr_number: int = pr["number"] + + if check_pr_passed(pr_number): + approve_and_merge_pr(pr_number) + else: + print(f"Status checks have not passed for PR #{pr_number}. Skipping merge.") + + +if __name__ == "__main__": + process_pull_requests() diff --git a/build-scripts/patches/moonray/apply b/build-scripts/patches/moonray/apply index 1233dae42..32a2f8510 100755 --- a/build-scripts/patches/moonray/apply +++ b/build-scripts/patches/moonray/apply @@ -2,9 +2,12 @@ DIR="$(realpath "$(dirname "${0}")")" -# Configure git author -git config user.email k8s-bot@canonical.com -git config user.name k8s-bot +# Configure git author if unset +git_email=$(git config --default "" user.email) +if [ -z "${git_email}" ]; then + git config user.email k8s-team-ci@canonical.com + git config user.name 'k8s-team-ci (CDK Bot)' +fi # Remove unrelated tests rm "${DIR}/../../../tests/integration/tests/test_cilium_e2e.py" diff --git a/build-scripts/patches/strict/apply b/build-scripts/patches/strict/apply index 1729742e2..3f6f7de14 100755 --- a/build-scripts/patches/strict/apply +++ b/build-scripts/patches/strict/apply @@ -3,8 +3,11 @@ DIR="$(realpath "$(dirname "${0}")")" # Configure git author -git config user.email k8s-bot@canonical.com -git config user.name k8s-bot +git_email=$(git config --default "" user.email) +if [ -z "${git_email}" ]; then + git config user.email k8s-team-ci@canonical.com + git config user.name 'k8s-team-ci (CDK Bot)' +fi # Apply strict patch git am "${DIR}/0001-Strict-patch.patch" From 969662ff7ca4bf835f275705363258d9a0c089e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciek=20Go=C5=82aszewski?= Date: Tue, 17 Sep 2024 21:20:58 +0200 Subject: [PATCH 009/122] Warnings that k8s service may not work (#657) Warnings that k8s service may not work (#657) KU-1475 --- src/k8s/cmd/k8s/hooks.go | 35 ++++++++++++++++++ src/k8s/cmd/k8s/k8s_bootstrap.go | 2 +- src/k8s/cmd/k8s/k8s_join_cluster.go | 2 +- src/k8s/cmd/util/hooks.go | 56 +++++++++++++++++++++++++++++ 4 files changed, 93 insertions(+), 2 deletions(-) create mode 100644 src/k8s/cmd/util/hooks.go diff --git a/src/k8s/cmd/k8s/hooks.go b/src/k8s/cmd/k8s/hooks.go index 481d63df6..6b97bd16d 100644 --- a/src/k8s/cmd/k8s/hooks.go +++ b/src/k8s/cmd/k8s/hooks.go @@ -2,6 +2,7 @@ package k8s import ( cmdutil "github.com/canonical/k8s/cmd/util" + "github.com/spf13/cobra" ) @@ -34,3 +35,37 @@ func hookInitializeFormatter(env cmdutil.ExecutionEnvironment, format *string) f } } } + +// hookCheckLXD verifies the ownership of directories needed for Kubernetes to function. +// If a potential issue is detected, it displays a warning to the user. +func hookCheckLXD() func(*cobra.Command, []string) { + return func(cmd *cobra.Command, args []string) { + // pathsOwnershipCheck paths to validate root is the owner + var pathsOwnershipCheck = []string{"/sys", "/proc", "/dev/kmsg"} + inLXD, err := cmdutil.InLXDContainer() + if err != nil { + cmd.PrintErrf("Failed to check if running inside LXD container: %s", err.Error()) + return + } + if inLXD { + var errMsgs []string + for _, pathToCheck := range pathsOwnershipCheck { + if err = cmdutil.ValidateRootOwnership(pathToCheck); err != nil { + errMsgs = append(errMsgs, err.Error()) + } + } + if len(errMsgs) > 0 { + if debug, _ := cmd.Flags().GetBool("debug"); debug { + cmd.PrintErrln("Warning: When validating required resources potential issues found:") + for _, errMsg := range errMsgs { + cmd.PrintErrln("\t", errMsg) + } + } + cmd.PrintErrln("The lxc profile for Canonical Kubernetes might be missing.") + cmd.PrintErrln("For running k8s inside LXD container refer to " + + "https://documentation.ubuntu.com/canonical-kubernetes/latest/snap/howto/install/lxd/") + } + } + return + } +} diff --git a/src/k8s/cmd/k8s/k8s_bootstrap.go b/src/k8s/cmd/k8s/k8s_bootstrap.go index b4243d824..5510ed34e 100644 --- a/src/k8s/cmd/k8s/k8s_bootstrap.go +++ b/src/k8s/cmd/k8s/k8s_bootstrap.go @@ -45,7 +45,7 @@ func newBootstrapCmd(env cmdutil.ExecutionEnvironment) *cobra.Command { Use: "bootstrap", Short: "Bootstrap a new Kubernetes cluster", Long: "Generate certificates, configure service arguments and start the Kubernetes services.", - PreRun: chainPreRunHooks(hookRequireRoot(env), hookInitializeFormatter(env, &opts.outputFormat)), + PreRun: chainPreRunHooks(hookRequireRoot(env), hookInitializeFormatter(env, &opts.outputFormat), hookCheckLXD()), Run: func(cmd *cobra.Command, args []string) { if opts.interactive && opts.configFile != "" { cmd.PrintErrln("Error: --interactive and --file flags cannot be set at the same time.") diff --git a/src/k8s/cmd/k8s/k8s_join_cluster.go b/src/k8s/cmd/k8s/k8s_join_cluster.go index 7507fedcb..4cd5bfe6d 100644 --- a/src/k8s/cmd/k8s/k8s_join_cluster.go +++ b/src/k8s/cmd/k8s/k8s_join_cluster.go @@ -32,7 +32,7 @@ func newJoinClusterCmd(env cmdutil.ExecutionEnvironment) *cobra.Command { cmd := &cobra.Command{ Use: "join-cluster ", Short: "Join a cluster using the provided token", - PreRun: chainPreRunHooks(hookRequireRoot(env), hookInitializeFormatter(env, &opts.outputFormat)), + PreRun: chainPreRunHooks(hookRequireRoot(env), hookInitializeFormatter(env, &opts.outputFormat), hookCheckLXD()), Args: cmdutil.ExactArgs(env, 1), Run: func(cmd *cobra.Command, args []string) { token := args[0] diff --git a/src/k8s/cmd/util/hooks.go b/src/k8s/cmd/util/hooks.go new file mode 100644 index 000000000..a02dc64c3 --- /dev/null +++ b/src/k8s/cmd/util/hooks.go @@ -0,0 +1,56 @@ +package cmdutil + +import ( + "fmt" + "os" + "strings" + "syscall" +) + +// getFileOwnerAndGroup retrieves the UID and GID of a file. +func getFileOwnerAndGroup(filePath string) (uid, gid uint32, err error) { + // Get file info using os.Stat + fileInfo, err := os.Stat(filePath) + if err != nil { + return 0, 0, fmt.Errorf("error getting file info: %w", err) + } + // Convert the fileInfo.Sys() to syscall.Stat_t to access UID and GID + stat, ok := fileInfo.Sys().(*syscall.Stat_t) + if !ok { + return 0, 0, fmt.Errorf("failed to cast to syscall.Stat_t") + } + // Return the UID and GID + return stat.Uid, stat.Gid, nil +} + +// ValidateRootOwnership checks if the specified path is owned by the root user and root group. +func ValidateRootOwnership(path string) (err error) { + UID, GID, err := getFileOwnerAndGroup(path) + if err != nil { + return err + } + if UID != 0 { + return fmt.Errorf("owner of %s is user with UID %d expected 0", path, UID) + } + if GID != 0 { + return fmt.Errorf("owner of %s is group with GID %d expected 0", path, GID) + } + return nil +} + +// InLXDContainer checks if k8s runs in a lxd container. +func InLXDContainer() (isLXD bool, err error) { + initialProcessEnvironmentVariables := "/proc/1/environ" + content, err := os.ReadFile(initialProcessEnvironmentVariables) + if err != nil { + // if the permission to file is missing we still want to display info about lxd + if os.IsPermission(err) { + return true, fmt.Errorf("cannnot access %s to check if runing in LXD container: %w", initialProcessEnvironmentVariables, err) + } + return false, fmt.Errorf("cannnot read %s to check if runing in LXD container: %w", initialProcessEnvironmentVariables, err) + } + if strings.Contains(string(content), "container=lxc") { + return true, nil + } + return false, nil +} From 1a993cc81d915ef6d1708465fe0d3eb99b0e5e39 Mon Sep 17 00:00:00 2001 From: Nick Veitch Date: Wed, 18 Sep 2024 11:44:34 +0100 Subject: [PATCH 010/122] Epa howto (#658) * Add epa-howto Co-authored-by: Louise K. Schmidtgen Co-authored-by: Yanisa Haley Scherber --- docs/src/_parts/install.md | 3 + docs/src/snap/explanation/epa.md | 9 +- docs/src/snap/howto/epa.md | 1148 +++++++++++++++++++++++++++ docs/src/snap/howto/index.md | 1 + docs/tools/reuse/substitutions.yaml | 2 + 5 files changed, 1160 insertions(+), 3 deletions(-) create mode 100644 docs/src/_parts/install.md create mode 100644 docs/src/snap/howto/epa.md diff --git a/docs/src/_parts/install.md b/docs/src/_parts/install.md new file mode 100644 index 000000000..be6b47317 --- /dev/null +++ b/docs/src/_parts/install.md @@ -0,0 +1,3 @@ +``` +sudo snap install k8s --classic --channel=1.31/edge +``` \ No newline at end of file diff --git a/docs/src/snap/explanation/epa.md b/docs/src/snap/explanation/epa.md index a0884df55..c80df8e09 100644 --- a/docs/src/snap/explanation/epa.md +++ b/docs/src/snap/explanation/epa.md @@ -27,9 +27,10 @@ capabilities. This document provides a detailed guide of how EPA applies to performance and reducing latency. This document provides relevant links to detailed instructions for setting up -and installing these technologies. It is designed for developers -and architects who wish to integrate these new technologies into their -{{product}}-based networking solutions. +and installing these technologies. It is designed for developers and architects +who wish to integrate these new technologies into their {{product}}-based +networking solutions. The separate [how to guide][howto-epa] for EPA includes the +necessary steps to implement these features on {{product}}. ## HugePages @@ -542,3 +543,5 @@ components and their roles: [no_hz]: https://www.kernel.org/doc/Documentation/timers/NO_HZ.txt +[howto-epa]: /snap/howto/epa + diff --git a/docs/src/snap/howto/epa.md b/docs/src/snap/howto/epa.md new file mode 100644 index 000000000..50e6b4783 --- /dev/null +++ b/docs/src/snap/howto/epa.md @@ -0,0 +1,1148 @@ +# How to set up Enhanced Platform Awareness + +This section explains how to set up the Enhanced Platform Awareness (EPA) +features in a {{product}} cluster. Please see the [EPA explanation +page][explain-epa] for details about how EPA applies to {{product}}. + +The content starts with the setup of the environment (including steps for using +[MAAS][MAAS]). Then the setup of {{product}}, including the Multus & SR-IOV/DPDK +networking components. Finally, the steps needed to test every EPA feature: +HugePages, Real-time Kernel, CPU Pinning / Numa Topology Awareness and +SR-IOV/DPDK. + +## What you'll need + +- An Ubuntu Pro subscription (required for real-time kernel) +- Ubuntu instances **or** a MAAS environment to run {{product}} on + + +## Prepare the Environment + + +`````{tabs} +````{group-tab} Ubuntu + +First, run the `numactl` command to get the number of CPUs available for NUMA: + +``` +numactl -s +``` + +This example output shows that there are 32 CPUs available for NUMA: + +``` +policy: default +preferred node: current +physcpubind: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 +cpubind: 0 1 +nodebind: 0 1 +membind: 0 1 +``` + +```{dropdown} Detailed explanation of output + +- `policy: default`: indicates that the system is using the default NUMA policy. The default policy typically tries to allocate memory on the same node as the processor executing a task, but it can fall back to other nodes if necessary. +- `preferred node: current`: processes will prefer to allocate memory from the current node (the node where the process is running). However, if memory is not available on the current node, it can be allocated from other nodes. +- `physcpubind: 0 1 2 3 ... 31 `: shows the physical CPUs that processes are allowed to run on. In this case, the system has 32 physical CPUs enabled for NUMA, and processes can use any of them. +- `cpubind: 0 1 `: indicates the specific CPUs that the current process (meaning the process “numactl \-s”) is bound to. It's currently using CPUs 0 and 1. +- `nodebind: 0 1 `: shows the NUMA nodes that the current process (meaning the process “numactl \-s”) is allowed to use for memory allocation. It has access to both node 0 and node 1. +- `membind`: 0 1 `: confirms that the current process (meaning the process “numactl \-s”) can allocate memory from both node 0 and node 1. +``` + +### Enable the real-time kernel + +The real-time kernel enablement requires an ubuntu pro subscription and some additional tools to be available. + +``` +sudo pro attach +sudo apt update && sudo apt install ubuntu-advantage-tools +sudo pro enable realtime-kernel +``` + +This should produce output similar to: + +``` +One moment, checking your subscription first +Real-time kernel cannot be enabled with Livepatch. +Disable Livepatch and proceed to enable Real-time kernel? (y/N) y +Disabling incompatible service: Livepatch +The Real-time kernel is an Ubuntu kernel with PREEMPT_RT patches integrated. + +This will change your kernel. To revert to your original kernel, you will need +to make the change manually. + +Do you want to continue? [ default = Yes ]: (Y/n) Y +Updating Real-time kernel package lists +Updating standard Ubuntu package lists +Installing Real-time kernel packages +Real-time kernel enabled +A reboot is required to complete install. +``` + +First the Ubuntu system is attached to an Ubuntu Pro subscription +(needed to use the real-time kernel), requiring you to enter a token +associated with the subscription. After successful attachment, your +system gains access to the Ubuntu Pro repositories, including the one +containing the real-time kernel packages. Once the tools and +real-time kernel are installed, a reboot is required to start using +the new kernel. + +### Create a configuration file to enable HugePages and CPU isolation + +The bootloader will need a configuration file to enable the recommended +boot options (explained below) to enable HugePages and CPU isolation. + +In this example, the host has 128 CPUs, and 2M / 1G HugePages are enabled. +This is the command to update the boot options and reboot the system: + +``` +cat < /etc/default/grub.d/epa_kernel_options.cfg +GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_DEFAULT} intel_iommu=on iommu=pt usbcore.autosuspend=-1 selinux=0 enforcing=0 nmi_watchdog=0 crashkernel=auto softlockup_panic=0 audit=0 tsc=nowatchdog intel_pstate=disable mce=off hugepagesz=1G hugepages=1000 hugepagesz=2M hugepages=0 default_hugepagesz=1G kthread_cpus=0-31 irqaffinity=0-31 nohz=on nosoftlockup nohz_full=32-127 rcu_nocbs=32-127 rcu_nocb_poll skew_tick=1 isolcpus=managed_irq,32-127 console=tty0 console=ttyS0,115200n8" +EOF +sudo chmod 0644 /etc/netplan/99-sriov_vfs.yaml +update-grub +reboot +``` + +```{dropdown} Explanation of boot options + +- `intel_iommu=on`: Enables Intel's Input-Output Memory Management Unit (IOMMU), which is used for device virtualization and Direct Memory Access (DMA) remapping. +- `iommu=pt`: Sets the IOMMU to passthrough mode, allowing devices to directly access physical memory without translation. +- `usbcore.autosuspend=-1`: Disables USB autosuspend, preventing USB devices from being automatically suspended to save power. +- `selinux=0`: Disables Security-Enhanced Linux (SELinux), a security module that provides mandatory access control. +- `enforcing=0`: If SELinux is enabled, this option sets it to permissive mode, where policies are not enforced but violations are logged. +- `nmi_watchdog=0`: Disables the Non-Maskable Interrupt (NMI) watchdog, which is used to detect and respond to system hangs. +- `crashkernel=auto`: Reserves a portion of memory for capturing a crash dump in the event of a kernel crash. +- `softlockup_panic=0`: Prevents the kernel from panicking (crashing) on detecting a soft lockup, where a CPU appears to be stuck. +- `audit=0`: Disables the kernel auditing system, which logs security-relevant events. +- `tsc=nowatchdog`: Disables the Time Stamp Counter (TSC) watchdog, which checks for issues with the TSC. +- `intel_pstate=disable`: Disables the Intel P-state driver, which controls CPU frequency scaling. +- `mce=off`: Disables Machine Check Exception (MCE) handling, which detects and reports hardware errors. +- `hugepagesz=1G hugepages=1000`: Allocates 1000 huge pages of 1GB each. +- `hugepagesz=2M hugepages=0`: Configures huge pages of 2MB size but sets their count to 0\. +- `default_hugepagesz=1G`: Sets the default size for huge pages to 1GB. +- `kthread_cpus=0-31`: Restricts kernel threads to run on CPUs 0-31. +- `irqaffinity=0-31`: Restricts interrupt handling to CPUs 0-31. +- `nohz=on`: Enables the nohz (no timer tick) mode, reducing timer interrupts on idle CPUs. +- `nosoftlockup`: Disables the detection of soft lockups. +- `nohz_full=32-127`: Enables nohz\_full (full tickless) mode on CPUs 32-127, reducing timer interrupts during application processing. +- `rcu_nocbs=32-127`: Offloads RCU (Read-Copy-Update) callbacks to CPUs 32-127, preventing them from running on these CPUs. +- `rcu_nocb_poll`: Enables polling for RCU callbacks instead of using interrupts. +- `skew_tick=1`: Skews the timer tick across CPUs to reduce contention. +- `isolcpus=managed_irq,32-127`: Isolates CPUs 32-127 and assigns managed IRQs to them, reducing their involvement in system processes and dedicating them to specific workloads. +- `console=tty0`: Sets the console output to the first virtual terminal. +- `console=ttyS0,115200n8`: Sets the console output to the serial port ttyS0 with a baud rate of 115200, 8 data bits, no parity, and 1 stop bit. +``` + +Once the reboot has taken place, ensure the HugePages configuration has been applied: + +``` +grep HugePages /proc/meminfo +``` + +This should generate output indicating the number of pages allocated + +``` +HugePages_Total: 1000 +HugePages_Free: 1000 +HugePages_Rsvd: 0 +HugePages_Surp: 0 +``` + + +Next, create a configuration file to configure the network interface +to use SR-IOV (so it can create virtual functions afterwards) using +Netplan. In the example below the file is created first, then the configuration is +applied, making 128 virtual functions available for use in the environment: + +``` +cat < /etc/netplan/99-sriov_vfs.yaml + network: + ethernets: + enp152s0f1: + virtual-function-count: 128 +EOF +sudo chmod 0600 /etc/netplan/99-sriov_vfs.yaml +sudo netplan apply +ip link show enp152s0f1 +``` + +The output of the last command should indicate the device is working and has generated the expected +virtual functions. + +``` +5: enp152s0f1: mtu 9000 qdisc mq state UP mode DEFAULT group default qlen 1000 + link/ether 40:a6:b7:96:d8:89 brd ff:ff:ff:ff:ff:ff + vf 0 link/ether ae:31:7f:91:09:97 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off + vf 1 link/ether 32:09:8b:f7:07:4b brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off + vf 2 link/ether 12:b9:c6:08:fc:36 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off + .......... + vf 125 link/ether 92:10:ff:8a:e5:0c brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off + vf 126 link/ether 66:fe:ad:f2:d3:05 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off + vf 127 link/ether ca:20:00:c6:83:dd brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off +``` + +```{dropdown} Explanation of steps + * Breakdown of the content of the file /etc/netplan/99-sriov\_vfs.yaml : + * path: /etc/netplan/99-sriov\_vfs.yaml: This specifies the location of the configuration file. The "99" prefix in the filename usually indicates that it will be processed last, potentially overriding other configurations. + * enp152s0f1: This is the name of the physical network interface you want to create VFs on. This name may vary depending on your system. + * virtual-function-count: 128: This is the key line that instructs Netplan to create 128 virtual functions on the specified physical interface. Each of these VFs can be assigned to a different virtual machine or container, effectively allowing them to share the physical adapter's bandwidth. + * permissions: "0600": This is an optional line that sets the file permissions to 600 (read and write access only for the owner). + * Breakdown of the output of ip link show enp152s0f1 command: + * Main interface: + * 5: The index number of the network interface in the system. + * enp152s0f1: The name of the physical network interface. + * \: The interface's flags indicating its capabilities (e.g., broadcast, multicast) and current status (UP). + * mtu 9000: The maximum transmission unit (MTU) is set to 9000 bytes, larger than the typical 1500 bytes, likely for jumbo frames. + * qdisc mq: The queuing discipline (qdisc) is set to "mq" (multi-queue), designed for multi-core systems. + * state UP: The interface is currently active and operational. + * mode DEFAULT: The interface is in the default mode of operation. + * qlen 1000: The maximum number of packets allowed in the transmit queue. + * link/ether 40:a6:b7:96:d8:89: The interface's MAC address (a unique hardware identifier). + * Virtual functions: + * vf \: The index number of the virtual function. + * link/ether \: The MAC address assigned to the virtual function. + * spoof checking on: A security feature to prevent MAC address spoofing (pretending to be another device). + * link-state auto: The link state (up/down) is determined automatically based on the physical connection. + * trust off: The interface doesn't trust the incoming VLAN (Virtual LAN) tags. + * Results: + * Successful VF Creation: The output confirms a success creation of 128 VFs (numbered 0 through 127\) on the enp152s0f1 interface. + * VF Availability: Each VF is ready for use, and they can be assigned i.e. to {{product}} containers to give them direct access to the network through this physical network interface. + * MAC Addresses: Each VF has its own unique MAC address, which is essential for network communication. +``` + + +Now enable DPDK, first by cloning the DPDK repo, and then placing the script which +will bind the VFs to the VFIO-PCI driver in the location that will run +automatically each time the system boots up, so the VFIO +(Virtual Function I/O) bindings are applied consistently: + +``` +git clone https://github.com/DPDK/dpdk.git /home/ubuntu/dpdk +cat < /var/lib/cloud/scripts/per-boot/dpdk_bind.sh + #!/bin/bash + if [ -d /home/ubuntu/dpdk ]; then + modprobe vfio-pci + vfs=$(python3 /home/ubuntu/dpdk/usertools/dpdk-devbind.py -s | grep drv=iavf | awk '{print $1}' | tail -n +11) + python3 /home/ubuntu/dpdk/usertools/dpdk-devbind.py --bind=vfio-pci $vfs + fi +sudo chmod 0755 /var/lib/cloud/scripts/per-boot/dpdk_bind.sh +``` + +```{dropdown} Explanation + * Load VFIO Module (modprobe vfio-pci): If the DPDK directory exists, the script loads the VFIO-PCI kernel module. This module is necessary for the VFIO driver to function. + * The script uses the dpdk-devbind.py tool (included with DPDK) to list the available network devices and their drivers. + * It filters this output using grep drv=iavf to find devices that are currently using the iavf driver (a common driver for Intel network adapters), excluding the physical network interface itself and just focusing on the virtual functions (VFs). + * Bind VFs to VFIO: The script uses dpdk-devbind.py again, this time with the \--bind=vfio-pci option, to bind the identified VFs to the VFIO-PCI driver. This step essentially tells the kernel to relinquish control of these devices to DPDK. +``` + +To test that the VFIO Kernel Module and DPDK are enabled: + +``` +lsmod | grep -E 'vfio' +``` + +...should indicate the kernel module is loaded + +``` +vfio_pci 16384 0 +vfio_pci_core 94208 1 vfio_pci +vfio_iommu_type1 53248 0 +vfio 73728 3 vfio_pci_core,vfio_iommu_type1,vfio_pci +iommufd 98304 1 vfio +irqbypass 12288 2 vfio_pci_core,kvm + +``` + +Running the helper script: + +``` +python3 /home/ubuntu/dpdk/usertools/dpdk-devbind.py -s +``` + +...should return a list of network devices using DPDK: + +``` +Network devices using DPDK-compatible driver +============================================ +0000:98:12.2 'Ethernet Adaptive Virtual Function 1889' drv=vfio-pci unused=iavf +0000:98:12.3 'Ethernet Adaptive Virtual Function 1889' drv=vfio-pci unused=iavf +0000:98:12.4 'Ethernet Adaptive Virtual Function 1889' drv=vfio-pci unused=iavf +.... +``` + +With these preparation steps we have enabled the features of EPA: + +- NUMA and CPU Pinning are available to the first 32 CPUs +- Real-Time Kernel is enabled +- HugePages are enabled and 1000 1G huge pages are available +- SRIOV is enabled in the enp152s0f1 interface, with 128 virtual + function interfaces bound to the vfio-pci driver (that could also use the iavf driver) +- DPDK is enabled in all the 128 virtual function interfaces + +```` + +````{group-tab} MAAS + +To prepare a machine for CPU isolation, Hugepages, real-time kernel, +SRIOV and DPDK we leverage cloud-init through MAAS. + +``` +#cloud-config + +apt: + sources: + rtk.list: + source: "deb https://:@private-ppa.launchpadcontent.net/canonical-kernel-rt/ppa/ubuntu jammy main" + +write_files: + # set kernel option with hugepages and cpu isolation + - path: /etc/default/grub.d/100-telco_kernel_options.cfg + content: | + GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_DEFAULT} intel_iommu=on iommu=pt usbcore.autosuspend=-1 selinux=0 enforcing=0 nmi_watchdog=0 crashkernel=auto softlockup_panic=0 audit=0 tsc=nowatchdog intel_pstate=disable mce=off hugepagesz=1G hugepages=1000 hugepagesz=2M hugepages=0 default_hugepagesz=1G kthread_cpus=0-31 irqaffinity=0-31 nohz=on nosoftlockup nohz_full=32-127 rcu_nocbs=32-127 rcu_nocb_poll skew_tick=1 isolcpus=managed_irq,32-127 console=tty0 console=ttyS0,115200n8" + permissions: "0644" + + # create sriov VFs + - path: /etc/netplan/99-sriov_vfs.yaml + content: | + network: + ethernets: + enp152s0f1: + virtual-function-count: 128 + permissions: "0600" + + # ensure VFs are bound to vfio-pci driver (so they can be consumed by pods) + - path: /var/lib/cloud/scripts/per-boot/dpdk_bind.sh + content: | + #!/bin/bash + if [ -d /home/ubuntu/dpdk ]; then + modprobe vfio-pci + vfs=$(python3 /home/ubuntu/dpdk/usertools/dpdk-devbind.py -s | grep drv=iavf | awk '{print $1}' | tail -n +11) + python3 /home/ubuntu/dpdk/usertools/dpdk-devbind.py --bind=vfio-pci $vfs + fi + permissions: "0755" + + # set proxy variables + - path: /etc/environment + content: | + HTTPS_PROXY=http://10.18.2.1:3128 + HTTP_PROXY=http://10.18.2.1:3128 + NO_PROXY=10.0.0.0/8,192.168.0.0/16,127.0.0.1,172.16.0.0/16,.svc,localhost + https_proxy=http://10.18.2.1:3128 + http_proxy=http://10.18.2.1:3128 + no_proxy=10.0.0.0/8,192.168.0.0/16,127.0.0.1,172.16.0.0/16,.svc,localhost + append: true + + # add rtk ppa key + - path: /etc/apt/trusted.gpg.d/rtk.asc + content: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + Comment: Hostname: + Version: Hockeypuck 2.2 + + xsFNBGAervwBEADHCeEuR7WKRiEII+uFOu8J+W47MZOcVhfNpu4rdcveL4qe4gj4 + nsROMHaINeUPCmv7/4EXdXtTm1VksXeh4xTeqH6ZaQre8YZ9Hf4OYNRcnFOn0KR+ + aCk0OWe9xkoDbrSYd3wmx8NG/Eau2C7URzYzYWwdHgZv6elUKk6RDbDh6XzIaChm + kLsErCP1SiYhKQvD3Q0qfXdRG908lycCxgejcJIdYxgxOYFFPcyC+kJy2OynnvQr + 4Yw6LJ2LhwsA7bJ5hhQDCYZ4foKCXX9I59G71dO1fFit5O/0/oq0xe7yUYCejf7Z + OqD+TzEK4lxLr1u8j8lXoQyUXzkKIL0SWEFT4tzOFpWQ2IBs/sT4X2oVA18dPDoZ + H2SGxCUcABfne5zrEDgkUkbnQRihBtTyR7QRiE3GpU19RNVs6yAu+wA/hti8Pg9O + U/5hqifQrhJXiuEoSmmgNb9QfbR3tc0ZhKevz4y+J3vcnka6qlrP1lAirOVm2HA7 + STGRnaEJcTama85MSIzJ6aCx4omCgUIfDmsi9nAZRkmeomERVlIAvcUYxtqprLfu + 6plDs+aeff/MAmHbak7yF+Txj8+8F4k6FcfNBT51oVSZuqFwyLswjGVzWol6aEY7 + akVIrn3OdN2u6VWlU4ZO5+sjP4QYsf5K2oVnzFVIpYvqtO2fGbxq/8dRJQARAQAB + zSVMYXVuY2hwYWQgUFBBIGZvciBDYW5vbmljYWwgS2VybmVsIFJUwsGOBBMBCgA4 + FiEEc4Tsv+pcopCX6lNfLz1Vl/FsjCEFAmAervwCGwMFCwkIBwIGFQoJCAsCBBYC + AwECHgECF4AACgkQLz1Vl/FsjCF9WhAAnwfx9njs1M3rfsMMuhvPxx0WS65HDlq8 + SRgl9K2EHtZIcS7lHmcjiTR5RD1w+4rlKZuE5J3EuMnNX1PdCYLSyMQed+7UAtX6 + TNyuiuVZVxuzJ5iS7L2ZoX05ASgyoh/Loipc+an6HzHqQnNC16ZdrBL4AkkGhDgP + ZbYjM3FbBQkL2T/08NcwTrKuVz8DIxgH7yPAOpBzm91n/pV248eK0a46sKauR2DB + zPKjcc180qmaVWyv9C60roSslvnkZsqe/jYyDFuSsRWqGgE5jNyIb8EY7K7KraPv + 3AkusgCh4fqlBxOvF6FJkiYeZZs5YXvGQ296HTfVhPLOqctSFX2kuUKGIq2Z+H/9 + qfJFGS1iaUsoDEUOaU27lQg5wsYa8EsCm9otroH2P3g7435JYRbeiwlwfHMS9EfK + dwD38d8UzZj7TnxGG4T1aLb3Lj5tNG6DSko69+zqHhuknjkRuAxRAZfHeuRbACgE + nIa7Chit8EGhC2GB12pr5XFWzTvNFdxFhbG+ed7EiGn/v0pVQc0ZfE73FXltg7et + bkoC26o5Ksk1wK2SEs/f8aDZFtG01Ys0ASFICDGW2tusFvDs6LpPUUggMjf41s7j + 4tKotEE1Hzr38EdY+8faRaAS9teQdH5yob5a5Bp5F5wgmpqZom/gjle4JBVaV5dI + N5rcnHzcvXw= + =asqr + -----END PGP PUBLIC KEY BLOCK----- + permissions: "0644" + +# install the snap +snap: + commands: + 00: 'snap install k8s --classic --channel=1.31/beta' + +runcmd: +# fetch dpdk driver binding script +- su ubuntu -c "git config --global http.proxy http://10.18.2.1:3128" +- su ubuntu -c "git clone https://github.com/DPDK/dpdk.git /home/ubuntu/dpdk" +- apt update +- DEBIAN_FRONTEND=noninteractive apt install -y linux-headers-6.8.1-1004-realtime linux-image-6.8.1-1004-realtime linux-modules-6.8.1-1004-realtime linux-modules-extra-6.8.1-1004-realtime + +# enable kernel options +- update-grub + +# reboot to activate realtime-kernel and kernel options +power_state: + mode: reboot +``` + +```{note} + +In the above file, the realtime kernel 6.8 is installed from a private PPA. +It was recently backported from 24.04 to 22.04 and is still going through +some validation stages. Once it is officially released, it will be +installable via the Ubuntu Pro cli. +``` + + + +```` +````` + +## {{product}} setup + +{{product}} is delivered as a [snap][]. + +This section explains how to set up a dual node {{product}} cluster for testing +EPA capabilities. + +### Control plane and worker node + +1. [Install the snap][install-link] from the relevant [channel][channel]. + + ```{note} + A pre-release channel is required currently until there is a stable release of {{product}}. + ``` + + For example: + + + ```{include} ../../_parts/install.md + ``` + +2. Create a file called *configuration.yaml*. In this configuration file we let + the snap start with its default CNI (calico), with CoreDNS deployed and we + also point k8s to the external etcd. + + ```yaml + cluster-config: + network: + enabled: true + dns: + enabled: true + local-storage: + enabled: true + extra-node-kubelet-args: + --reserved-cpus: "0-31" + --cpu-manager-policy: "static" + --topology-manager-policy: "best-effort" + ``` + +3. Bootstrap {{product}} using the above configuration file. + + ``` + sudo k8s bootstrap --file configuration.yaml + ``` + +#### Verify the control plane node is running + +After a few seconds you can query the API server with: + +``` +sudo k8s kubectl get all -A +``` + +### Add a second k8s node as a worker + +1. Install the k8s snap on the second node + + ```{include} ../../_parts/install.md + ``` + +2. On the control plane node generate a join token to be used for joining the + second node + + ``` + sudo k8s get-join-token --worker + ``` + +3. On the worker node create the configuration.yaml file + + ``` + extra-node-kubelet-args: + --reserved-cpus: "0-31" + --cpu-manager-policy: "static" + --topology-manager-policy: "best-effort" + ``` + +4. On the worker node use the token to join the cluster + + ``` + sudo k8s join-cluster --file configuration.yaml + ``` + + +#### Verify the two node cluster is ready + +After a few seconds the second worker node will register with the control +plane. You can query the available workers from the first node: + +``` +sudo k8s kubectl get nodes +``` + +The output should list the connected nodes: + +``` +NAME STATUS ROLES AGE VERSION +pc6b-rb4-n1 Ready control-plane,worker 22h v1.31.0 +pc6b-rb4-n3 Ready worker 22h v1.31.0 +``` + +### Multus and SRIOV setup + +Apply the 'thick' Multus plugin (in case of resource scarcity we can consider +deploying the thin flavour) + +``` +sudo k8s kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset-thick.yml +``` + +```{note} +The memory limits for the multus pod spec in the DaemonSet should be +increased (i.e. to 500Mi instead 50Mi) to avoid OOM issues when deploying +multiple workload pods in parallel. +``` + +#### SRIOV Network Device Plugin + +Create sriov-dp.yaml configMap: + +``` +cat <TAbort- SERR- + Kernel driver in use: vfio-pci + Kernel modules: iavf +``` + +Now, create a test pod that will claim a network interface from the DPDK +network: + +``` +cat < + +[MAAS]: https://maas.io +[channel]: https://documentation.ubuntu.com/canonical-kubernetes/latest/snap/explanation/channels/ +[install-link]: /snap/howto/install/snap +[snap]: https://snapcraft.io/docs +[cyclictest]: https://github.com/jlelli/rt-tests +[explain-epa]: /snap/explanation/epa \ No newline at end of file diff --git a/docs/src/snap/howto/index.md b/docs/src/snap/howto/index.md index 1445e2a32..3ae545030 100644 --- a/docs/src/snap/howto/index.md +++ b/docs/src/snap/howto/index.md @@ -22,6 +22,7 @@ proxy backup-restore refresh-certs restore-quorum +epa contribute support ``` diff --git a/docs/tools/reuse/substitutions.yaml b/docs/tools/reuse/substitutions.yaml index 41fd9e08e..51923e7f0 100644 --- a/docs/tools/reuse/substitutions.yaml +++ b/docs/tools/reuse/substitutions.yaml @@ -1,4 +1,6 @@ product: 'Canonical Kubernetes' +version: '1.31' +channel: '1.31/edge' multi_line_example: |- *Multi-line* text that uses basic **markup**. From e8475bfbcf77357355a62d0ec6ae2f4e1dd17085 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Wed, 18 Sep 2024 15:03:58 +0200 Subject: [PATCH 011/122] Add IPv6-only support for moonray (#664) --- .github/workflows/integration-informing.yaml | 4 + src/k8s/pkg/client/kubernetes/endpoints.go | 9 +- src/k8s/pkg/k8sd/api/certificates_refresh.go | 25 +++- src/k8s/pkg/k8sd/app/hooks_bootstrap.go | 31 +++-- src/k8s/pkg/k8sd/app/hooks_join.go | 23 ++- src/k8s/pkg/k8sd/pki/k8sdqlite.go | 2 +- src/k8s/pkg/k8sd/pki/worker.go | 2 +- src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy.go | 4 +- .../k8sd/setup/k8s_apiserver_proxy_test.go | 10 +- src/k8s/pkg/k8sd/setup/kube_proxy.go | 4 +- src/k8s/pkg/k8sd/setup/kube_proxy_test.go | 8 +- src/k8s/pkg/k8sd/setup/kubelet.go | 2 +- src/k8s/pkg/k8sd/setup/util_kubeconfig.go | 4 +- src/k8s/pkg/proxy/userspace.go | 5 +- src/k8s/pkg/utils/cidr.go | 17 +++ src/k8s/pkg/utils/cidr_test.go | 41 ++++++ .../templates/bootstrap-ipv6-only.yaml | 16 +++ .../integration/templates/etcd/etcd-tls.conf | 2 +- .../templates/nginx-ipv6-only.yaml | 36 +++++ tests/integration/tests/test_dualstack.py | 58 -------- tests/integration/tests/test_networking.py | 131 ++++++++++++++++++ tests/integration/tests/test_util/util.py | 22 +++ 22 files changed, 361 insertions(+), 95 deletions(-) create mode 100644 tests/integration/templates/bootstrap-ipv6-only.yaml create mode 100644 tests/integration/templates/nginx-ipv6-only.yaml delete mode 100644 tests/integration/tests/test_dualstack.py create mode 100644 tests/integration/tests/test_networking.py diff --git a/.github/workflows/integration-informing.yaml b/.github/workflows/integration-informing.yaml index 708094078..94cc7c01d 100644 --- a/.github/workflows/integration-informing.yaml +++ b/.github/workflows/integration-informing.yaml @@ -86,6 +86,10 @@ jobs: export TEST_SUBSTRATE=lxd export TEST_LXD_IMAGE=${{ matrix.os }} export TEST_INSPECTION_REPORTS_DIR="$HOME/inspection-reports" + # IPv6-only is only supported on moonray + if [[ "${{ matrix.patch }}" == "moonray" ]]; then + export TEST_IPV6_ONLY="true" + fi cd tests/integration && sg lxd -c 'tox -e integration' - name: Prepare inspection reports if: failure() diff --git a/src/k8s/pkg/client/kubernetes/endpoints.go b/src/k8s/pkg/client/kubernetes/endpoints.go index 3d6709800..0840effb9 100644 --- a/src/k8s/pkg/client/kubernetes/endpoints.go +++ b/src/k8s/pkg/client/kubernetes/endpoints.go @@ -5,6 +5,7 @@ import ( "fmt" "sort" + "github.com/canonical/k8s/pkg/utils" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" @@ -40,7 +41,13 @@ func (c *Client) GetKubeAPIServerEndpoints(ctx context.Context) ([]string, error } for _, addr := range subset.Addresses { if addr.IP != "" { - addresses = append(addresses, fmt.Sprintf("%s:%d", addr.IP, portNumber)) + var address string + if utils.IsIPv4(addr.IP) { + address = addr.IP + } else { + address = fmt.Sprintf("[%s]", addr.IP) + } + addresses = append(addresses, fmt.Sprintf("%s:%d", address, portNumber)) } } } diff --git a/src/k8s/pkg/k8sd/api/certificates_refresh.go b/src/k8s/pkg/k8sd/api/certificates_refresh.go index 2d8153dc1..b08dada6b 100644 --- a/src/k8s/pkg/k8sd/api/certificates_refresh.go +++ b/src/k8s/pkg/k8sd/api/certificates_refresh.go @@ -81,6 +81,13 @@ func refreshCertsRunControlPlane(s state.State, r *http.Request, snap snap.Snap) return response.InternalError(fmt.Errorf("failed to parse node IP address %q", s.Address().Hostname())) } + var localhostAddress string + if nodeIP.To4() == nil { + localhostAddress = "[::1]" + } else { + localhostAddress = "127.0.0.1" + } + serviceIPs, err := utils.GetKubernetesServiceIPsFromServiceCIDRs(clusterConfig.Network.GetServiceCIDR()) if err != nil { return response.InternalError(fmt.Errorf("failed to get IP address(es) from ServiceCIDR %q: %w", clusterConfig.Network.GetServiceCIDR(), err)) @@ -119,7 +126,7 @@ func refreshCertsRunControlPlane(s state.State, r *http.Request, snap snap.Snap) return response.InternalError(fmt.Errorf("failed to write control plane certificates: %w", err)) } - if err := setup.SetupControlPlaneKubeconfigs(snap.KubernetesConfigDir(), clusterConfig.APIServer.GetSecurePort(), *certificates); err != nil { + if err := setup.SetupControlPlaneKubeconfigs(snap.KubernetesConfigDir(), localhostAddress, clusterConfig.APIServer.GetSecurePort(), *certificates); err != nil { return response.InternalError(fmt.Errorf("failed to generate control plane kubeconfigs: %w", err)) } @@ -262,11 +269,23 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo return response.InternalError(fmt.Errorf("failed to write worker PKI: %w", err)) } + nodeIP := net.ParseIP(s.Address().Hostname()) + if nodeIP == nil { + return response.InternalError(fmt.Errorf("failed to parse node IP address %q", s.Address().Hostname())) + } + + var localhostAddress string + if nodeIP.To4() == nil { + localhostAddress = "[::1]" + } else { + localhostAddress = "127.0.0.1" + } + // Kubeconfigs - if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "kubelet.conf"), "127.0.0.1:6443", certificates.CACert, certificates.KubeletClientCert, certificates.KubeletClientKey); err != nil { + if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "kubelet.conf"), fmt.Sprintf("%s:6443", localhostAddress), certificates.CACert, certificates.KubeletClientCert, certificates.KubeletClientKey); err != nil { return response.InternalError(fmt.Errorf("failed to generate kubelet kubeconfig: %w", err)) } - if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "proxy.conf"), "127.0.0.1:6443", certificates.CACert, certificates.KubeProxyClientCert, certificates.KubeProxyClientKey); err != nil { + if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "proxy.conf"), fmt.Sprintf("%s:6443", localhostAddress), certificates.CACert, certificates.KubeProxyClientCert, certificates.KubeProxyClientKey); err != nil { return response.InternalError(fmt.Errorf("failed to generate kube-proxy kubeconfig: %w", err)) } diff --git a/src/k8s/pkg/k8sd/app/hooks_bootstrap.go b/src/k8s/pkg/k8sd/app/hooks_bootstrap.go index 4144a0f84..c02854b43 100644 --- a/src/k8s/pkg/k8sd/app/hooks_bootstrap.go +++ b/src/k8s/pkg/k8sd/app/hooks_bootstrap.go @@ -178,11 +178,18 @@ func (a *App) onBootstrapWorkerNode(ctx context.Context, s state.State, encodedT return fmt.Errorf("failed to write worker node certificates: %w", err) } + var localhostAddress string + if nodeIP.To4() == nil { + localhostAddress = "[::1]" + } else { + localhostAddress = "127.0.0.1" + } + // Kubeconfigs - if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "kubelet.conf"), "127.0.0.1:6443", certificates.CACert, certificates.KubeletClientCert, certificates.KubeletClientKey); err != nil { + if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "kubelet.conf"), fmt.Sprintf("%s:6443", localhostAddress), certificates.CACert, certificates.KubeletClientCert, certificates.KubeletClientKey); err != nil { return fmt.Errorf("failed to generate kubelet kubeconfig: %w", err) } - if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "proxy.conf"), "127.0.0.1:6443", certificates.CACert, certificates.KubeProxyClientCert, certificates.KubeProxyClientKey); err != nil { + if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "proxy.conf"), fmt.Sprintf("%s:6443", localhostAddress), certificates.CACert, certificates.KubeProxyClientCert, certificates.KubeProxyClientKey); err != nil { return fmt.Errorf("failed to generate kube-proxy kubeconfig: %w", err) } @@ -229,10 +236,10 @@ func (a *App) onBootstrapWorkerNode(ctx context.Context, s state.State, encodedT if err := setup.KubeletWorker(snap, s.Name(), nodeIP, response.ClusterDNS, response.ClusterDomain, response.CloudProvider, joinConfig.ExtraNodeKubeletArgs); err != nil { return fmt.Errorf("failed to configure kubelet: %w", err) } - if err := setup.KubeProxy(ctx, snap, s.Name(), response.PodCIDR, joinConfig.ExtraNodeKubeProxyArgs); err != nil { + if err := setup.KubeProxy(ctx, snap, s.Name(), response.PodCIDR, localhostAddress, joinConfig.ExtraNodeKubeProxyArgs); err != nil { return fmt.Errorf("failed to configure kube-proxy: %w", err) } - if err := setup.K8sAPIServerProxy(snap, response.APIServers, joinConfig.ExtraNodeK8sAPIServerProxyArgs); err != nil { + if err := setup.K8sAPIServerProxy(snap, response.APIServers, localhostAddress, joinConfig.ExtraNodeK8sAPIServerProxyArgs); err != nil { return fmt.Errorf("failed to configure k8s-apiserver-proxy: %w", err) } if err := setup.ExtraNodeConfigFiles(snap, joinConfig.ExtraNodeConfigFiles); err != nil { @@ -277,6 +284,13 @@ func (a *App) onBootstrapControlPlane(ctx context.Context, s state.State, bootst return fmt.Errorf("failed to parse node IP address %q", s.Address().Hostname()) } + var localhostAddress string + if nodeIP.To4() == nil { + localhostAddress = "[::1]" + } else { + localhostAddress = "127.0.0.1" + } + // Create directories if err := setup.EnsureAllDirectories(snap); err != nil { return fmt.Errorf("failed to create directories: %w", err) @@ -296,7 +310,7 @@ func (a *App) onBootstrapControlPlane(ctx context.Context, s state.State, bootst // NOTE: Default certificate expiration is set to 20 years. certificates := pki.NewK8sDqlitePKI(pki.K8sDqlitePKIOpts{ Hostname: s.Name(), - IPSANs: []net.IP{{127, 0, 0, 1}}, + IPSANs: []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("::1")}, NotBefore: notBefore, NotAfter: notBefore.AddDate(20, 0, 0), AllowSelfSignedCA: true, @@ -395,14 +409,15 @@ func (a *App) onBootstrapControlPlane(ctx context.Context, s state.State, bootst } // Generate kubeconfigs - if err := setup.SetupControlPlaneKubeconfigs(snap.KubernetesConfigDir(), cfg.APIServer.GetSecurePort(), *certificates); err != nil { + if err := setup.SetupControlPlaneKubeconfigs(snap.KubernetesConfigDir(), localhostAddress, cfg.APIServer.GetSecurePort(), *certificates); err != nil { return fmt.Errorf("failed to generate kubeconfigs: %w", err) } // Configure datastore switch cfg.Datastore.GetType() { case "k8s-dqlite": - if err := setup.K8sDqlite(snap, fmt.Sprintf("%s:%d", nodeIP.String(), cfg.Datastore.GetK8sDqlitePort()), nil, bootstrapConfig.ExtraNodeK8sDqliteArgs); err != nil { + address := fmt.Sprintf("%s:%d", utils.ToIPString(nodeIP), cfg.Datastore.GetK8sDqlitePort()) + if err := setup.K8sDqlite(snap, address, nil, bootstrapConfig.ExtraNodeK8sDqliteArgs); err != nil { return fmt.Errorf("failed to configure k8s-dqlite: %w", err) } case "external": @@ -417,7 +432,7 @@ func (a *App) onBootstrapControlPlane(ctx context.Context, s state.State, bootst if err := setup.KubeletControlPlane(snap, s.Name(), nodeIP, cfg.Kubelet.GetClusterDNS(), cfg.Kubelet.GetClusterDomain(), cfg.Kubelet.GetCloudProvider(), cfg.Kubelet.GetControlPlaneTaints(), bootstrapConfig.ExtraNodeKubeletArgs); err != nil { return fmt.Errorf("failed to configure kubelet: %w", err) } - if err := setup.KubeProxy(ctx, snap, s.Name(), cfg.Network.GetPodCIDR(), bootstrapConfig.ExtraNodeKubeProxyArgs); err != nil { + if err := setup.KubeProxy(ctx, snap, s.Name(), cfg.Network.GetPodCIDR(), localhostAddress, bootstrapConfig.ExtraNodeKubeProxyArgs); err != nil { return fmt.Errorf("failed to configure kube-proxy: %w", err) } if err := setup.KubeControllerManager(snap, bootstrapConfig.ExtraNodeKubeControllerManagerArgs); err != nil { diff --git a/src/k8s/pkg/k8sd/app/hooks_join.go b/src/k8s/pkg/k8sd/app/hooks_join.go index 0e164858f..075d2f6bb 100644 --- a/src/k8s/pkg/k8sd/app/hooks_join.go +++ b/src/k8s/pkg/k8sd/app/hooks_join.go @@ -48,6 +48,13 @@ func (a *App) onPostJoin(ctx context.Context, s state.State, initConfig map[stri return fmt.Errorf("failed to parse node IP address %q", s.Address().Hostname()) } + var localhostAddress string + if nodeIP.To4() == nil { + localhostAddress = "[::1]" + } else { + localhostAddress = "127.0.0.1" + } + // Create directories if err := setup.EnsureAllDirectories(snap); err != nil { return fmt.Errorf("failed to create directories: %w", err) @@ -64,7 +71,7 @@ func (a *App) onPostJoin(ctx context.Context, s state.State, initConfig map[stri // NOTE: Default certificate expiration is set to 20 years. certificates := pki.NewK8sDqlitePKI(pki.K8sDqlitePKIOpts{ Hostname: s.Name(), - IPSANs: []net.IP{{127, 0, 0, 1}}, + IPSANs: []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("::1")}, NotBefore: notBefore, NotAfter: notBefore.AddDate(20, 0, 0), }) @@ -140,7 +147,7 @@ func (a *App) onPostJoin(ctx context.Context, s state.State, initConfig map[stri return fmt.Errorf("failed to write control plane certificates: %w", err) } - if err := setup.SetupControlPlaneKubeconfigs(snap.KubernetesConfigDir(), cfg.APIServer.GetSecurePort(), *certificates); err != nil { + if err := setup.SetupControlPlaneKubeconfigs(snap.KubernetesConfigDir(), localhostAddress, cfg.APIServer.GetSecurePort(), *certificates); err != nil { return fmt.Errorf("failed to generate kubeconfigs: %w", err) } @@ -158,10 +165,16 @@ func (a *App) onPostJoin(ctx context.Context, s state.State, initConfig map[stri } cluster := make([]string, len(members)) for _, member := range members { - cluster = append(cluster, fmt.Sprintf("%s:%d", member.Address.Addr(), cfg.Datastore.GetK8sDqlitePort())) + var address string + if member.Address.Addr().Is6() { + address = fmt.Sprintf("[%s]", member.Address.Addr()) + } else { + address = member.Address.Addr().String() + } + cluster = append(cluster, fmt.Sprintf("%s:%d", address, cfg.Datastore.GetK8sDqlitePort())) } - address := fmt.Sprintf("%s:%d", nodeIP.String(), cfg.Datastore.GetK8sDqlitePort()) + address := fmt.Sprintf("%s:%d", utils.ToIPString(nodeIP), cfg.Datastore.GetK8sDqlitePort()) if err := setup.K8sDqlite(snap, address, cluster, joinConfig.ExtraNodeK8sDqliteArgs); err != nil { return fmt.Errorf("failed to configure k8s-dqlite with address=%s cluster=%v: %w", address, cluster, err) } @@ -177,7 +190,7 @@ func (a *App) onPostJoin(ctx context.Context, s state.State, initConfig map[stri if err := setup.KubeletControlPlane(snap, s.Name(), nodeIP, cfg.Kubelet.GetClusterDNS(), cfg.Kubelet.GetClusterDomain(), cfg.Kubelet.GetCloudProvider(), cfg.Kubelet.GetControlPlaneTaints(), joinConfig.ExtraNodeKubeletArgs); err != nil { return fmt.Errorf("failed to configure kubelet: %w", err) } - if err := setup.KubeProxy(ctx, snap, s.Name(), cfg.Network.GetPodCIDR(), joinConfig.ExtraNodeKubeProxyArgs); err != nil { + if err := setup.KubeProxy(ctx, snap, s.Name(), cfg.Network.GetPodCIDR(), localhostAddress, joinConfig.ExtraNodeKubeProxyArgs); err != nil { return fmt.Errorf("failed to configure kube-proxy: %w", err) } if err := setup.KubeControllerManager(snap, joinConfig.ExtraNodeKubeControllerManagerArgs); err != nil { diff --git a/src/k8s/pkg/k8sd/pki/k8sdqlite.go b/src/k8s/pkg/k8sd/pki/k8sdqlite.go index b1d74bc37..0e81d823d 100644 --- a/src/k8s/pkg/k8sd/pki/k8sdqlite.go +++ b/src/k8s/pkg/k8sd/pki/k8sdqlite.go @@ -64,7 +64,7 @@ func (c *K8sDqlitePKI) CompleteCertificates() error { return fmt.Errorf("k8s-dqlite certificate not specified and generating self-signed certificates is not allowed") } - template, err := pkiutil.GenerateCertificate(pkix.Name{CommonName: "k8s"}, c.notBefore, c.notAfter, false, append(c.dnsSANs, c.hostname), append(c.ipSANs, net.IP{127, 0, 0, 1})) + template, err := pkiutil.GenerateCertificate(pkix.Name{CommonName: "k8s"}, c.notBefore, c.notAfter, false, append(c.dnsSANs, c.hostname), append(c.ipSANs, net.ParseIP("127.0.0.1"), net.ParseIP("::1"))) if err != nil { return fmt.Errorf("failed to generate k8s-dqlite certificate: %w", err) } diff --git a/src/k8s/pkg/k8sd/pki/worker.go b/src/k8s/pkg/k8sd/pki/worker.go index d945f053f..590b53a99 100644 --- a/src/k8s/pkg/k8sd/pki/worker.go +++ b/src/k8s/pkg/k8sd/pki/worker.go @@ -48,7 +48,7 @@ func (c *ControlPlanePKI) CompleteWorkerNodePKI(hostname string, nodeIP net.IP, c.notAfter, false, []string{hostname}, - []net.IP{{127, 0, 0, 1}, nodeIP}, + []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("::1"), nodeIP}, ) if err != nil { return nil, fmt.Errorf("failed to generate kubelet certificate for hostname=%s address=%s: %w", hostname, nodeIP.String(), err) diff --git a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy.go b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy.go index 8a54bb60a..9b3a3b886 100644 --- a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy.go +++ b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy.go @@ -11,7 +11,7 @@ import ( ) // K8sAPIServerProxy prepares configuration for k8s-apiserver-proxy. -func K8sAPIServerProxy(snap snap.Snap, servers []string, extraArgs map[string]*string) error { +func K8sAPIServerProxy(snap snap.Snap, servers []string, localhostAddress string, extraArgs map[string]*string) error { configFile := filepath.Join(snap.ServiceExtraConfigDir(), "k8s-apiserver-proxy.json") if err := proxy.WriteEndpointsConfig(servers, configFile); err != nil { return fmt.Errorf("failed to write proxy configuration file: %w", err) @@ -20,7 +20,7 @@ func K8sAPIServerProxy(snap snap.Snap, servers []string, extraArgs map[string]*s if _, err := snaputil.UpdateServiceArguments(snap, "k8s-apiserver-proxy", map[string]string{ "--endpoints": configFile, "--kubeconfig": filepath.Join(snap.KubernetesConfigDir(), "kubelet.conf"), - "--listen": "127.0.0.1:6443", + "--listen": fmt.Sprintf("%s:6443", localhostAddress), }, nil); err != nil { return fmt.Errorf("failed to write arguments file: %w", err) } diff --git a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go index 3236e464b..ded12d037 100644 --- a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go +++ b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go @@ -27,7 +27,7 @@ func TestK8sApiServerProxy(t *testing.T) { s := mustSetupSnapAndDirectories(t, setK8sApiServerMock) - g.Expect(setup.K8sAPIServerProxy(s, nil, nil)).To(Succeed()) + g.Expect(setup.K8sAPIServerProxy(s, nil, "127.0.0.1", nil)).To(Succeed()) tests := []struct { key string @@ -61,7 +61,7 @@ func TestK8sApiServerProxy(t *testing.T) { "--listen": nil, // This should trigger a delete "--my-extra-arg": utils.Pointer("my-extra-val"), } - g.Expect(setup.K8sAPIServerProxy(s, nil, extraArgs)).To(Succeed()) + g.Expect(setup.K8sAPIServerProxy(s, nil, "127.0.0.1", extraArgs)).To(Succeed()) tests := []struct { key string @@ -98,7 +98,7 @@ func TestK8sApiServerProxy(t *testing.T) { s := mustSetupSnapAndDirectories(t, setK8sApiServerMock) s.Mock.ServiceExtraConfigDir = "nonexistent" - g.Expect(setup.K8sAPIServerProxy(s, nil, nil)).ToNot(Succeed()) + g.Expect(setup.K8sAPIServerProxy(s, nil, "127.0.0.1", nil)).ToNot(Succeed()) }) t.Run("MissingServiceArgumentsDir", func(t *testing.T) { @@ -107,7 +107,7 @@ func TestK8sApiServerProxy(t *testing.T) { s := mustSetupSnapAndDirectories(t, setK8sApiServerMock) s.Mock.ServiceArgumentsDir = "nonexistent" - g.Expect(setup.K8sAPIServerProxy(s, nil, nil)).ToNot(Succeed()) + g.Expect(setup.K8sAPIServerProxy(s, nil, "127.0.0.1", nil)).ToNot(Succeed()) }) t.Run("JSONFileContent", func(t *testing.T) { @@ -118,7 +118,7 @@ func TestK8sApiServerProxy(t *testing.T) { endpoints := []string{"192.168.0.1", "192.168.0.2", "192.168.0.3"} fileName := filepath.Join(s.Mock.ServiceExtraConfigDir, "k8s-apiserver-proxy.json") - g.Expect(setup.K8sAPIServerProxy(s, endpoints, nil)).To(Succeed()) + g.Expect(setup.K8sAPIServerProxy(s, endpoints, "127.0.0.1", nil)).To(Succeed()) b, err := os.ReadFile(fileName) g.Expect(err).NotTo(HaveOccurred()) diff --git a/src/k8s/pkg/k8sd/setup/kube_proxy.go b/src/k8s/pkg/k8sd/setup/kube_proxy.go index 0e64a60aa..ff29b0443 100644 --- a/src/k8s/pkg/k8sd/setup/kube_proxy.go +++ b/src/k8s/pkg/k8sd/setup/kube_proxy.go @@ -12,10 +12,10 @@ import ( ) // KubeProxy configures kube-proxy on the local node. -func KubeProxy(ctx context.Context, snap snap.Snap, hostname string, podCIDR string, extraArgs map[string]*string) error { +func KubeProxy(ctx context.Context, snap snap.Snap, hostname string, podCIDR string, localhostAddress string, extraArgs map[string]*string) error { serviceArgs := map[string]string{ "--cluster-cidr": podCIDR, - "--healthz-bind-address": "127.0.0.1", + "--healthz-bind-address": fmt.Sprintf("%s:10256", localhostAddress), "--kubeconfig": filepath.Join(snap.KubernetesConfigDir(), "proxy.conf"), "--profiling": "false", } diff --git a/src/k8s/pkg/k8sd/setup/kube_proxy_test.go b/src/k8s/pkg/k8sd/setup/kube_proxy_test.go index 1852c8478..b6f77bb8e 100644 --- a/src/k8s/pkg/k8sd/setup/kube_proxy_test.go +++ b/src/k8s/pkg/k8sd/setup/kube_proxy_test.go @@ -31,7 +31,7 @@ func TestKubeProxy(t *testing.T) { g.Expect(setup.EnsureAllDirectories(s)).To(BeNil()) t.Run("Args", func(t *testing.T) { - g.Expect(setup.KubeProxy(context.Background(), s, "myhostname", "10.1.0.0/16", nil)).To(BeNil()) + g.Expect(setup.KubeProxy(context.Background(), s, "myhostname", "10.1.0.0/16", "127.0.0.1", nil)).To(BeNil()) for key, expectedVal := range map[string]string{ "--cluster-cidr": "10.1.0.0/16", @@ -55,7 +55,7 @@ func TestKubeProxy(t *testing.T) { "--healthz-bind-address": nil, "--my-extra-arg": utils.Pointer("my-extra-val"), } - g.Expect(setup.KubeProxy(context.Background(), s, "myhostname", "10.1.0.0/16", extraArgs)).To(BeNil()) + g.Expect(setup.KubeProxy(context.Background(), s, "myhostname", "10.1.0.0/16", "127.0.0.1", extraArgs)).To(BeNil()) for key, expectedVal := range map[string]string{ "--cluster-cidr": "10.1.0.0/16", @@ -80,7 +80,7 @@ func TestKubeProxy(t *testing.T) { s.Mock.OnLXD = true t.Run("ArgsOnLXD", func(t *testing.T) { - g.Expect(setup.KubeProxy(context.Background(), s, "myhostname", "10.1.0.0/16", nil)).To(BeNil()) + g.Expect(setup.KubeProxy(context.Background(), s, "myhostname", "10.1.0.0/16", "127.0.0.1", nil)).To(BeNil()) for key, expectedVal := range map[string]string{ "--conntrack-max-per-core": "0", @@ -103,7 +103,7 @@ func TestKubeProxy(t *testing.T) { s.Mock.ServiceArgumentsDir = filepath.Join(dir, "k8s") g.Expect(setup.EnsureAllDirectories(s)).To(BeNil()) - g.Expect(setup.KubeProxy(context.Background(), s, "dev", "10.1.0.0/16", nil)).To(BeNil()) + g.Expect(setup.KubeProxy(context.Background(), s, "dev", "10.1.0.0/16", "127.0.0.1", nil)).To(BeNil()) val, err := snaputil.GetServiceArgument(s, "kube-proxy", "--hostname-override") g.Expect(err).To(BeNil()) diff --git a/src/k8s/pkg/k8sd/setup/kubelet.go b/src/k8s/pkg/k8sd/setup/kubelet.go index ff4cd9e0f..b6a5115dc 100644 --- a/src/k8s/pkg/k8sd/setup/kubelet.go +++ b/src/k8s/pkg/k8sd/setup/kubelet.go @@ -81,7 +81,7 @@ func kubelet(snap snap.Snap, hostname string, nodeIP net.IP, clusterDNS string, args["--cluster-domain"] = clusterDomain } if nodeIP != nil && !nodeIP.IsLoopback() { - args["--node-ip"] = nodeIP.String() + args["--node-ip"] = utils.ToIPString(nodeIP) } if _, err := snaputil.UpdateServiceArguments(snap, "kubelet", args, nil); err != nil { return fmt.Errorf("failed to render arguments file: %w", err) diff --git a/src/k8s/pkg/k8sd/setup/util_kubeconfig.go b/src/k8s/pkg/k8sd/setup/util_kubeconfig.go index 3793a97f0..413fa04a5 100644 --- a/src/k8s/pkg/k8sd/setup/util_kubeconfig.go +++ b/src/k8s/pkg/k8sd/setup/util_kubeconfig.go @@ -57,7 +57,7 @@ func KubeconfigString(url string, caPEM string, crtPEM string, keyPEM string) (s } // SetupControlPlaneKubeconfigs writes kubeconfig files for the control plane components. -func SetupControlPlaneKubeconfigs(kubeConfigDir string, securePort int, pki pki.ControlPlanePKI) error { +func SetupControlPlaneKubeconfigs(kubeConfigDir string, localhostAddress string, securePort int, pki pki.ControlPlanePKI) error { for _, kubeconfig := range []struct { file string crt string @@ -69,7 +69,7 @@ func SetupControlPlaneKubeconfigs(kubeConfigDir string, securePort int, pki pki. {file: "scheduler.conf", crt: pki.KubeSchedulerClientCert, key: pki.KubeSchedulerClientKey}, {file: "kubelet.conf", crt: pki.KubeletClientCert, key: pki.KubeletClientKey}, } { - if err := Kubeconfig(filepath.Join(kubeConfigDir, kubeconfig.file), fmt.Sprintf("127.0.0.1:%d", securePort), pki.CACert, kubeconfig.crt, kubeconfig.key); err != nil { + if err := Kubeconfig(filepath.Join(kubeConfigDir, kubeconfig.file), fmt.Sprintf("%s:%d", localhostAddress, securePort), pki.CACert, kubeconfig.crt, kubeconfig.key); err != nil { return fmt.Errorf("failed to write kubeconfig %s: %w", kubeconfig.file, err) } } diff --git a/src/k8s/pkg/proxy/userspace.go b/src/k8s/pkg/proxy/userspace.go index 4fa143592..4082d7947 100644 --- a/src/k8s/pkg/proxy/userspace.go +++ b/src/k8s/pkg/proxy/userspace.go @@ -27,6 +27,8 @@ import ( "net" "sync" "time" + + "github.com/canonical/k8s/pkg/utils" ) type remote struct { @@ -78,7 +80,8 @@ func (tp *tcpproxy) Run() error { tp.MonitorInterval = 5 * time.Minute } for _, srv := range tp.Endpoints { - addr := fmt.Sprintf("%s:%d", srv.Target, srv.Port) + ip := net.ParseIP(srv.Target) + addr := fmt.Sprintf("%s:%d", utils.ToIPString(ip), srv.Port) tp.remotes = append(tp.remotes, &remote{srv: srv, addr: addr}) } diff --git a/src/k8s/pkg/utils/cidr.go b/src/k8s/pkg/utils/cidr.go index 124f75aea..e5fe01bba 100644 --- a/src/k8s/pkg/utils/cidr.go +++ b/src/k8s/pkg/utils/cidr.go @@ -125,3 +125,20 @@ func ParseCIDRs(CIDRstring string) (string, string, error) { } return ipv4CIDR, ipv6CIDR, nil } + +// IsIPv4 returns true if the address is a valid IPv4 address, false otherwise. +// The address may contain a port number. +func IsIPv4(address string) bool { + ip := strings.Split(address, ":")[0] + parsedIP := net.ParseIP(ip) + return parsedIP != nil && parsedIP.To4() != nil +} + +// ToIPString returns the string representation of an IP address. +// If the IP address is an IPv6 address, it is enclosed in square brackets. +func ToIPString(ip net.IP) string { + if ip.To4() != nil { + return ip.String() + } + return "[" + ip.String() + "]" +} diff --git a/src/k8s/pkg/utils/cidr_test.go b/src/k8s/pkg/utils/cidr_test.go index 3dfbe3941..1d0e9da96 100644 --- a/src/k8s/pkg/utils/cidr_test.go +++ b/src/k8s/pkg/utils/cidr_test.go @@ -164,3 +164,44 @@ func TestParseCIDRs(t *testing.T) { }) } } + +func TestIsIPv4(t *testing.T) { + tests := []struct { + address string + expected bool + }{ + {"192.168.1.1:80", true}, + {"127.0.0.1", true}, + {"::1", false}, + {"[fe80::1]:80", false}, + {"256.256.256.256", false}, // Invalid IPv4 address + } + + for _, tc := range tests { + t.Run(tc.address, func(t *testing.T) { + g := NewWithT(t) + result := utils.IsIPv4(tc.address) + g.Expect(result).To(Equal(tc.expected)) + }) + } +} + +func TestToIPString(t *testing.T) { + tests := []struct { + ip net.IP + expected string + }{ + {net.ParseIP("192.168.1.1"), "192.168.1.1"}, + {net.ParseIP("::1"), "[::1]"}, + {net.ParseIP("fe80::1"), "[fe80::1]"}, + {net.ParseIP("127.0.0.1"), "127.0.0.1"}, + } + + for _, tc := range tests { + t.Run(tc.expected, func(t *testing.T) { + g := NewWithT(t) + result := utils.ToIPString(tc.ip) + g.Expect(result).To(Equal(tc.expected)) + }) + } +} diff --git a/tests/integration/templates/bootstrap-ipv6-only.yaml b/tests/integration/templates/bootstrap-ipv6-only.yaml new file mode 100644 index 000000000..442857805 --- /dev/null +++ b/tests/integration/templates/bootstrap-ipv6-only.yaml @@ -0,0 +1,16 @@ +cluster-config: + network: + enabled: true + dns: + enabled: true + cluster-domain: cluster.local + local-storage: + enabled: true + local-path: /storage/path + default: false + gateway: + enabled: true + metrics-server: + enabled: true +pod-cidr: fd01::/108 +service-cidr: fd98::/108 diff --git a/tests/integration/templates/etcd/etcd-tls.conf b/tests/integration/templates/etcd/etcd-tls.conf index 59243ba98..83cd61a86 100644 --- a/tests/integration/templates/etcd/etcd-tls.conf +++ b/tests/integration/templates/etcd/etcd-tls.conf @@ -18,6 +18,6 @@ [alt_names] IP.1 = 127.0.0.1 - IP.2 = $IP + IP.2 = $IP DNS.1 = localhost DNS.2 = $NAME diff --git a/tests/integration/templates/nginx-ipv6-only.yaml b/tests/integration/templates/nginx-ipv6-only.yaml new file mode 100644 index 000000000..93a5647a2 --- /dev/null +++ b/tests/integration/templates/nginx-ipv6-only.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginxipv6 +spec: + selector: + matchLabels: + run: nginxipv6 + replicas: 1 + template: + metadata: + labels: + run: nginxipv6 + spec: + containers: + - name: nginxipv6 + image: rocks.canonical.com/cdk/diverdane/nginxdualstack:1.0.0 + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx-ipv6 + labels: + run: nginxipv6 +spec: + type: NodePort + ipFamilies: + - IPv6 + ipFamilyPolicy: SingleStack + ports: + - port: 80 + protocol: TCP + selector: + run: nginxipv6 diff --git a/tests/integration/tests/test_dualstack.py b/tests/integration/tests/test_dualstack.py deleted file mode 100644 index 53d586504..000000000 --- a/tests/integration/tests/test_dualstack.py +++ /dev/null @@ -1,58 +0,0 @@ -# -# Copyright 2024 Canonical, Ltd. -# -import logging -from ipaddress import IPv4Address, IPv6Address, ip_address -from typing import List - -import pytest -from test_util import config, harness, util - -LOG = logging.getLogger(__name__) - - -@pytest.mark.node_count(1) -@pytest.mark.bootstrap_config( - (config.MANIFESTS_DIR / "bootstrap-dualstack.yaml").read_text() -) -@pytest.mark.dualstack() -def test_dualstack(instances: List[harness.Instance]): - main = instances[0] - dualstack_config = (config.MANIFESTS_DIR / "nginx-dualstack.yaml").read_text() - - # Deploy nginx with dualstack service - main.exec( - ["k8s", "kubectl", "apply", "-f", "-"], input=str.encode(dualstack_config) - ) - addresses = ( - util.stubbornly(retries=5, delay_s=3) - .on(main) - .exec( - [ - "k8s", - "kubectl", - "get", - "svc", - "nginx-dualstack", - "-o", - "jsonpath='{.spec.clusterIPs[*]}'", - ], - text=True, - capture_output=True, - ) - .stdout - ) - - for ip in addresses.split(): - addr = ip_address(ip.strip("'")) - if isinstance(addr, IPv6Address): - address = f"http://[{str(addr)}]" - elif isinstance(addr, IPv4Address): - address = f"http://{str(addr)}" - else: - pytest.fail(f"Unknown IP address type: {addr}") - - # need to shell out otherwise this runs into permission errors - util.stubbornly(retries=3, delay_s=1).on(main).exec( - ["curl", address], shell=True - ) diff --git a/tests/integration/tests/test_networking.py b/tests/integration/tests/test_networking.py new file mode 100644 index 000000000..c1e30ea95 --- /dev/null +++ b/tests/integration/tests/test_networking.py @@ -0,0 +1,131 @@ +# +# Copyright 2024 Canonical, Ltd. +# +import logging +import os +from ipaddress import IPv4Address, IPv6Address, ip_address +from typing import List + +import pytest +from test_util import config, harness, util + +LOG = logging.getLogger(__name__) + + +@pytest.mark.node_count(1) +@pytest.mark.bootstrap_config( + (config.MANIFESTS_DIR / "bootstrap-dualstack.yaml").read_text() +) +@pytest.mark.dualstack() +def test_dualstack(instances: List[harness.Instance]): + main = instances[0] + dualstack_config = (config.MANIFESTS_DIR / "nginx-dualstack.yaml").read_text() + + # Deploy nginx with dualstack service + main.exec( + ["k8s", "kubectl", "apply", "-f", "-"], input=str.encode(dualstack_config) + ) + addresses = ( + util.stubbornly(retries=5, delay_s=3) + .on(main) + .exec( + [ + "k8s", + "kubectl", + "get", + "svc", + "nginx-dualstack", + "-o", + "jsonpath='{.spec.clusterIPs[*]}'", + ], + text=True, + capture_output=True, + ) + .stdout + ) + + for ip in addresses.split(): + addr = ip_address(ip.strip("'")) + if isinstance(addr, IPv6Address): + address = f"http://[{str(addr)}]" + elif isinstance(addr, IPv4Address): + address = f"http://{str(addr)}" + else: + pytest.fail(f"Unknown IP address type: {addr}") + + # need to shell out otherwise this runs into permission errors + util.stubbornly(retries=3, delay_s=1).on(main).exec( + ["curl", address], shell=True + ) + + +@pytest.mark.node_count(3) +@pytest.mark.disable_k8s_bootstrapping() +@pytest.mark.dualstack() +@pytest.mark.skipif( + os.getenv("TEST_IPV6_ONLY") in ["false", None], + reason="IPv6 is currently only supported for moonray/calico", +) +def test_ipv6_only(instances: List[harness.Instance]): + main = instances[0] + joining_cp = instances[1] + joining_worker = instances[2] + + ipv6_bootstrap_config = ( + config.MANIFESTS_DIR / "bootstrap-ipv6-only.yaml" + ).read_text() + + ipv6_address = util.get_global_unicast_ipv6(main) + main.exec( + ["k8s", "bootstrap", "--file", "-", "--address", ipv6_address], + input=str.encode(ipv6_bootstrap_config), + ) + + join_token = util.get_join_token(main, joining_cp) + ipv6_address = util.get_global_unicast_ipv6(joining_cp) + joining_cp.exec(["k8s", "join-cluster", join_token, "--address", ipv6_address]) + + join_token_worker = util.get_join_token(main, joining_worker, "--worker") + ipv6_address = util.get_global_unicast_ipv6(joining_worker) + joining_worker.exec( + ["k8s", "join-cluster", join_token_worker, "--address", ipv6_address] + ) + + # Deploy nginx with ipv6 service + ipv6_config = (config.MANIFESTS_DIR / "nginx-ipv6-only.yaml").read_text() + main.exec(["k8s", "kubectl", "apply", "-f", "-"], input=str.encode(ipv6_config)) + addresses = ( + util.stubbornly(retries=5, delay_s=3) + .on(main) + .exec( + [ + "k8s", + "kubectl", + "get", + "svc", + "nginx-ipv6", + "-o", + "jsonpath='{.spec.clusterIPs[*]}'", + ], + text=True, + capture_output=True, + ) + .stdout + ) + + for ip in addresses.split(): + addr = ip_address(ip.strip("'")) + if isinstance(addr, IPv6Address): + address = f"http://[{str(addr)}]" + elif isinstance(addr, IPv4Address): + assert False, "IPv4 address found in IPv6-only cluster" + else: + pytest.fail(f"Unknown IP address type: {addr}") + + # need to shell out otherwise this runs into permission errors + util.stubbornly(retries=3, delay_s=1).on(main).exec( + ["curl", address], shell=True + ) + + # This might take a while + util.stubbornly(retries=30, delay_s=20).until(util.ready_nodes(main) == 3) diff --git a/tests/integration/tests/test_util/util.py b/tests/integration/tests/test_util/util.py index 8d9875d18..754dc744b 100644 --- a/tests/integration/tests/test_util/util.py +++ b/tests/integration/tests/test_util/util.py @@ -3,6 +3,7 @@ # import json import logging +import re import shlex import subprocess from functools import partial @@ -261,3 +262,24 @@ def get_default_ip(instance: harness.Instance): ["ip", "-o", "-4", "route", "show", "to", "default"], capture_output=True ) return p.stdout.decode().split(" ")[8] + + +def get_global_unicast_ipv6(instance: harness.Instance, interface="eth0") -> str: + # --- + # 2: eth0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + # link/ether 00:16:3e:0f:4d:1e brd ff:ff:ff:ff:ff:ff + # inet + # inet6 fe80::216:3eff:fe0f:4d1e/64 scope link + # --- + # Fetching the global unicast address for the specified interface, e.g. fe80::216:3eff:fe0f:4d1e + result = instance.exec( + ["ip", "-6", "addr", "show", "dev", interface, "scope", "global"], + capture_output=True, + text=True, + ) + output = result.stdout + ipv6_regex = re.compile(r"inet6\s+([a-f0-9:]+)\/[0-9]*\s+scope global") + match = ipv6_regex.search(output) + if match: + return match.group(1) + return None From 87eb341015d82b8d5022212ed692ced8e88d2a69 Mon Sep 17 00:00:00 2001 From: "Louise K. Schmidtgen" Date: Wed, 18 Sep 2024 16:05:14 +0200 Subject: [PATCH 012/122] Correct microcluster schema migration order (#676) --- src/k8s/pkg/k8sd/database/schema.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/k8s/pkg/k8sd/database/schema.go b/src/k8s/pkg/k8sd/database/schema.go index 7bb349a8a..b2cae9125 100644 --- a/src/k8s/pkg/k8sd/database/schema.go +++ b/src/k8s/pkg/k8sd/database/schema.go @@ -18,11 +18,9 @@ var ( SchemaExtensions = []schema.Update{ schemaApplyMigration("kubernetes-auth-tokens", "000-create.sql"), schemaApplyMigration("cluster-configs", "000-create.sql"), - schemaApplyMigration("worker-tokens", "000-create.sql"), - schemaApplyMigration("worker-tokens", "001-add-expiry.sql"), - schemaApplyMigration("feature-status", "000-feature-status.sql"), + schemaApplyMigration("worker-tokens", "001-add-expiry.sql"), } //go:embed sql/migrations From 6ee88637a6c539058a2e55893235d1d01519135a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berkay=20Tekin=20=C3=96z?= Date: Wed, 18 Sep 2024 17:13:15 +0300 Subject: [PATCH 013/122] Add how-to for capi in place upgrades (#671) * Add how-to for capi in place upgrades * Addressing comments * Linting fixes * Update docs/src/capi/howto/in-place-upgrades.md --------- Co-authored-by: Nick Veitch --- docs/src/capi/howto/in-place-upgrades.md | 98 ++++++++++++++++++++++++ docs/src/capi/howto/index.md | 1 + 2 files changed, 99 insertions(+) create mode 100644 docs/src/capi/howto/in-place-upgrades.md diff --git a/docs/src/capi/howto/in-place-upgrades.md b/docs/src/capi/howto/in-place-upgrades.md new file mode 100644 index 000000000..7b20c9dab --- /dev/null +++ b/docs/src/capi/howto/in-place-upgrades.md @@ -0,0 +1,98 @@ +# Perform an in-place upgrade for a machine + +This guide walks you through the steps to perform an in-place upgrade for a +Cluster API managed machine. + +## Prerequisites + +To follow this guide, you will need: + +- A Kubernetes management cluster with Cluster API and providers installed + and configured. +- A target workload cluster managed by CAPI. +- `kubectl` installed and configured to access your management cluster. +- The workload cluster kubeconfig. + +Please refer to the [getting-started guide][getting-started] for further +details on the required setup. +This guide refers to the workload cluster as `c1` and its +kubeconfig as `c1-kubeconfig.yaml`. + +## Check the current cluster status + +Prior to the upgrade, ensure that the management cluster is in a healthy +state. + +``` +kubectl get nodes -o wide +``` + +Confirm the Kubernetes version of the workload cluster: + +``` +kubectl --kubeconfig c1-kubeconfig.yaml get nodes -o wide +``` + +## Annotate the machine + +In this first step, annotate the Machine resource with +the in-place upgrade annotation. In this example, the machine +is called `c1-control-plane-xyzbw`. + +``` +kubectl annotate machine c1-control-plane-xyzbw "v1beta2.k8sd.io/in-place-upgrade-to=" +``` + +`` can be one of: + +* `channel=` which refreshes k8s to the given snap channel. + e.g. `channel=1.30-classic/stable` +* `revision=` which refreshes k8s to the given revision. + e.g. `revision=123` +* `localPath=` which refreshes k8s with the snap file from + the given absolute path. e.g. `localPath=full/path/to/k8s.snap` + +Please refer to the [ClusterAPI Annotations Reference][annotations-reference] +for further details on these options. + +## Monitor the in-place upgrade + +Watch the status of the in-place upgrade for the machine, +by running the following command and checking the +`v1beta2.k8sd.io/in-place-upgrade-status` annotation: + +``` +kubectl get machine c1-control-plane-xyzbw -o yaml +``` + +On a successful upgrade: + +* Value of the `v1beta2.k8sd.io/in-place-upgrade-status` annotation + will be changed to `done` +* Value of the `v1beta2.k8sd.io/in-place-upgrade-release` annotation + will be changed to the `` used to perform the upgrade. + +## Cancelling a failing upgrade + +The upgrade is retried periodically if the operation was unsuccessful. + +The upgrade can be cancelled by running the following commands +that remove the annotations: + +``` +kubectl annotate machine c1-control-plane-xyzbw "v1beta2.k8sd.io/in-place-upgrade-to-" +kubectl annotate machine c1-control-plane-xyzbw "v1beta2.k8sd.io/in-place-upgrade-change-id-" +``` + +## Verify the Kubernetes upgrade + +Confirm that the node is healthy and runs on the new Kubernetes version: + +``` +kubectl --kubeconfig c1-kubeconfig.yaml get nodes -o wide +``` + + + +[getting-started]: ../tutorial/getting-started.md +[annotations-reference]: ../reference/annotations.md diff --git a/docs/src/capi/howto/index.md b/docs/src/capi/howto/index.md index 375a5025a..b05a55fa4 100644 --- a/docs/src/capi/howto/index.md +++ b/docs/src/capi/howto/index.md @@ -16,6 +16,7 @@ Overview external-etcd rollout-upgrades +in-place-upgrades upgrade-providers migrate-management custom-ck8s From de6fb4f83c000f2df809499b17025073b9c159a8 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Wed, 18 Sep 2024 21:31:28 +0200 Subject: [PATCH 014/122] let all integration test run (#682) --- .github/workflows/integration.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 6a58c1194..07abef004 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -96,7 +96,7 @@ jobs: export TEST_SUBSTRATE=lxd export TEST_LXD_IMAGE=${{ matrix.os }} export TEST_INSPECTION_REPORTS_DIR="$HOME/inspection-reports" - cd tests/integration && sg lxd -c 'tox -e integration -- -k test_control_plane_nodes' + cd tests/integration && sg lxd -c 'tox -e integration' - name: Prepare inspection reports if: failure() run: | From e4dadd1fee5bfc2bca82d464ff10d480ab7f6bc7 Mon Sep 17 00:00:00 2001 From: Adam Dyess Date: Thu, 19 Sep 2024 21:03:52 -0500 Subject: [PATCH 015/122] Create more tests on branches and recipes (#679) * Create more tests on branches and recipes * Apply review comments --- .github/workflows/integration.yaml | 4 +- tests/branch_management/tests/conftest.py | 54 +++++- .../branch_management/tests/test_branches.py | 156 +++++++++++------- tests/branch_management/tox.ini | 3 +- 4 files changed, 147 insertions(+), 70 deletions(-) diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 07abef004..0bfaae8e3 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -51,6 +51,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 + with: + fetch-depth: 0 - name: Setup Python uses: actions/setup-python@v5 with: @@ -59,7 +61,7 @@ jobs: run: pip install tox - name: Run branch_management tests run: | - tox -c tests/branch_management -e integration + tox -c tests/branch_management -e test test-integration: name: Test ${{ matrix.os }} diff --git a/tests/branch_management/tests/conftest.py b/tests/branch_management/tests/conftest.py index f745828fb..85045f683 100644 --- a/tests/branch_management/tests/conftest.py +++ b/tests/branch_management/tests/conftest.py @@ -2,26 +2,68 @@ # Copyright 2024 Canonical, Ltd. # from pathlib import Path +from typing import Optional import pytest import requests import semver +STABLE_URL = "https://dl.k8s.io/release/stable.txt" +RELEASE_URL = "https://dl.k8s.io/release/stable-{}.{}.txt" -@pytest.fixture -def upstream_release() -> semver.VersionInfo: + +def _upstream_release(ver: semver.Version) -> Optional[semver.Version]: + """Semver of the major.minor release if it exists""" + r = requests.get(RELEASE_URL.format(ver.major, ver.minor)) + if r.status_code == 200: + return semver.Version.parse(r.content.decode().lstrip("v")) + + +def _get_max_minor(ver: semver.Version) -> semver.Version: + """ + Get the latest patch release based on the provided major. + + e.g. 1.. could yield 1.31.4 if 1.31 is the latest stable release on that maj channel + e.g. 2.. could yield 2.12.1 if 2.12 is the latest stable release on that maj channel + """ + out = semver.Version(ver.major, 0, 0) + while ver := _upstream_release(ver): + out, ver = ver, semver.Version(ver.major, ver.minor + 1, 0) + return out + + +def _previous_release(ver: semver.Version) -> semver.Version: + """Return the prior release version based on the provided version ignoring patch""" + if ver.minor != 0: + return _upstream_release(semver.Version(ver.major, ver.minor - 1, 0)) + return _get_max_minor(semver.Version(ver.major, 0, 0)) + + +@pytest.fixture(scope="session") +def stable_release() -> semver.Version: """Return the latest stable k8s in the release series""" - release_url = "https://dl.k8s.io/release/stable.txt" - r = requests.get(release_url) + r = requests.get(STABLE_URL) r.raise_for_status() return semver.Version.parse(r.content.decode().lstrip("v")) -@pytest.fixture -def current_release() -> semver.VersionInfo: +@pytest.fixture(scope="session") +def current_release() -> semver.Version: """Return the current branch k8s version""" ver_file = ( Path(__file__).parent / "../../../build-scripts/components/kubernetes/version" ) version = ver_file.read_text().strip() return semver.Version.parse(version.lstrip("v")) + + +@pytest.fixture +def prior_stable_release(stable_release) -> semver.Version: + """Return the prior release to the upstream stable""" + return _previous_release(stable_release) + + +@pytest.fixture +def prior_release(current_release) -> semver.Version: + """Return the prior release to the current release""" + return _previous_release(current_release) diff --git a/tests/branch_management/tests/test_branches.py b/tests/branch_management/tests/test_branches.py index 426fde599..556892c03 100644 --- a/tests/branch_management/tests/test_branches.py +++ b/tests/branch_management/tests/test_branches.py @@ -1,93 +1,127 @@ # # Copyright 2024 Canonical, Ltd. # +import functools +import logging +import subprocess from pathlib import Path -from subprocess import check_output import requests +log = logging.getLogger(__name__) +K8S_GH_REPO = "https://github.com/canonical/k8s-snap.git/" +K8S_LP_REPO = " https://git.launchpad.net/k8s" -def _get_max_minor(major): - """Get the latest minor release of the provided major. - For example if you use 1 as major you will get back X where X gives you latest 1.X release. - """ - minor = 0 - while _upstream_release_exists(major, minor): - minor += 1 - return minor - 1 - - -def _upstream_release_exists(major, minor): - """Return true if the major.minor release exists""" - release_url = "https://dl.k8s.io/release/stable-{}.{}.txt".format(major, minor) - r = requests.get(release_url) - return r.status_code == 200 - -def _confirm_branch_exists(branch): - cmd = f"git ls-remote --heads https://github.com/canonical/k8s-snap.git/ {branch}" - output = check_output(cmd.split()).decode("utf-8") - assert branch in output, f"Branch {branch} does not exist" +def _sh(*args, **kwargs): + default = {"text": True, "stderr": subprocess.PIPE} + try: + return subprocess.check_output(*args, **{**default, **kwargs}) + except subprocess.CalledProcessError as e: + log.error("stdout: %s", e.stdout) + log.error("stderr: %s", e.stderr) + raise e def _branch_flavours(branch: str = None): patch_dir = Path("build-scripts/patches") branch = "HEAD" if branch is None else branch - cmd = f"git ls-tree --full-tree -r --name-only {branch} {patch_dir}" - output = check_output(cmd.split()).decode("utf-8") + cmd = f"git ls-tree --full-tree -r --name-only origin/{branch} {patch_dir}" + output = _sh(cmd.split()) patches = set( Path(f).relative_to(patch_dir).parents[0] for f in output.splitlines() ) return [p.name for p in patches] -def _confirm_recipe(track, flavour): +@functools.lru_cache +def _confirm_branch_exists(repo, branch): + log.info(f"Checking {branch} branch exists in {repo}") + cmd = f"git ls-remote --heads {repo} {branch}" + output = _sh(cmd.split()) + return branch in output + + +def _confirm_all_branches_exist(leader): + assert _confirm_branch_exists( + K8S_GH_REPO, leader + ), f"GH Branch {leader} does not exist" + branches = [leader] + branches += [f"autoupdate/{leader}-{fl}" for fl in _branch_flavours(leader)] + if missing := [b for b in branches if not _confirm_branch_exists(K8S_GH_REPO, b)]: + assert missing, f"GH Branches do not exist {missing}" + if missing := [b for b in branches if not _confirm_branch_exists(K8S_LP_REPO, b)]: + assert missing, f"LP Branches do not exist {missing}" + + +@functools.lru_cache +def _confirm_recipe_exist(track, flavour): recipe = f"https://launchpad.net/~containers/k8s/+snap/k8s-snap-{track}-{flavour}" r = requests.get(recipe) return r.status_code == 200 -def test_branches(upstream_release): - """Ensures git branches exist for prior releases. +def _confirm_all_recipes_exist(track, branch): + log.info(f"Checking {track} recipe exists") + assert _confirm_branch_exists( + K8S_GH_REPO, branch + ), f"GH Branch {branch} does not exist" + flavours = ["classic"] + _branch_flavours(branch) + recipes = {flavour: _confirm_recipe_exist(track, flavour) for flavour in flavours} + if missing := [fl for fl, exists in recipes.items() if not exists]: + assert missing, f"LP Recipes do not exist for {track} {missing}" + - We need to make sure the LP builders pointing to the main github branch are only pushing - to the latest and current k8s edge snap tracks. An indication that this is not enforced is - that we do not have a branch for the k8s release for the previous stable release. Let me - clarify with an example. +def test_prior_branches(prior_stable_release): + """Ensures git branches exist for prior stable releases. - Assuming upstream stable k8s release is v1.12.x, there has to be a 1.11 github branch used - by the respective LP builders for building the v1.11.y. + This is to ensure that the prior release branches exist in the k8s-snap repository + before we can proceed to build the next release. For example, if the current stable + k8s release is v1.31.0, there must be a release-1.30 branch before updating main. """ - if upstream_release.minor != 0: - major = upstream_release.major - minor = upstream_release.minor - 1 - else: - major = int(upstream_release.major) - 1 - minor = _get_max_minor(major) - - prior_branch = f"release-{major}.{minor}" - print(f"Current stable is {upstream_release}") - print(f"Checking {prior_branch} branch exists") - _confirm_branch_exists(prior_branch) - flavours = _branch_flavours(prior_branch) - for flavour in flavours: - prior_branch = f"autoupdate/{prior_branch}-{flavour}" - print(f"Checking {prior_branch} branch exists") - _confirm_branch_exists(prior_branch) - - -def test_launchpad_recipe(current_release): + branch = f"release-{prior_stable_release.major}.{prior_stable_release.minor}" + _confirm_all_branches_exist(branch) + + +def test_prior_recipes(prior_stable_release): + """Ensures the recipes exist for prior stable releases. + + This is to ensure that the prior release recipes exist in launchpad before we can proceed + to build the next release. For example, if the current stable k8s release is v1.31.0, there + must be a k8s-snap-1.30-classic recipe before updating main. + """ + track = f"{prior_stable_release.major}.{prior_stable_release.minor}" + branch = f"release-{track}" + _confirm_all_recipes_exist(track, branch) + + +def test_branches(current_release): + """Ensures the current release has a release branch. + + This is to ensure that the current release branches exist in the k8s-snap repository + before we can proceed to build it. For example, if the current stable + k8s release is v1.31.0, there must be a release-1.31 branch. + """ + branch = f"release-{current_release.major}.{current_release.minor}" + _confirm_all_branches_exist(branch) + + +def test_recipes(current_release): """Ensures the current recipes are available. - We should ensure that a launchpad recipe exists for this release to be build with + We should ensure that a launchpad recipes exist for this release to be build with + + This can fail when a new minor release (e.g. 1.32) is detected and its release branch + is yet to be created from main. """ track = f"{current_release.major}.{current_release.minor}" - print(f"Checking {track} recipe exists") - flavours = ["classic"] + _branch_flavours() - recipe_exists = {flavour: _confirm_recipe(track, flavour) for flavour in flavours} - if missing_recipes := [ - flavour for flavour, exists in recipe_exists.items() if not exists - ]: - assert ( - not missing_recipes - ), f"LP Recipes do not exist for {track} {missing_recipes}" + branch = f"release-{track}" + _confirm_all_recipes_exist(track, branch) + + +def test_tip_recipes(): + """Ensures the tip recipes are available. + + We should ensure that a launchpad recipes always exist for tip to be build with + """ + _confirm_all_recipes_exist("latest", "main") diff --git a/tests/branch_management/tox.ini b/tests/branch_management/tox.ini index 371ad51e4..4ee5619c2 100644 --- a/tests/branch_management/tox.ini +++ b/tests/branch_management/tox.ini @@ -30,12 +30,11 @@ commands = black {tox_root}/tests --check --diff [testenv:test] -description = Run integration tests +description = Run branch management tests deps = -r {tox_root}/requirements-test.txt commands = pytest -v \ - --maxfail 1 \ --tb native \ --log-cli-level DEBUG \ --disable-warnings \ From 27c91c882bb87f0bcab936bd43e7e08eef379418 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Fri, 20 Sep 2024 12:01:32 +0200 Subject: [PATCH 016/122] Do not stop Kubernetes services on node removal if annotation is set. (#681) --- docs/src/snap/reference/annotations.md | 1 + src/k8s/cmd/k8s/k8s_bootstrap_test.go | 5 +- .../k8s/testdata/bootstrap-config-full.yaml | 1 + src/k8s/go.mod | 2 +- src/k8s/go.sum | 4 +- src/k8s/pkg/k8sd/api/worker.go | 1 + src/k8s/pkg/k8sd/app/hooks_bootstrap.go | 2 +- src/k8s/pkg/k8sd/app/hooks_remove.go | 23 ++++---- .../bootstrap-skip-service-stop.yaml | 9 ++++ tests/integration/tests/test_clustering.py | 54 +++++++++++++++++++ 10 files changed, 87 insertions(+), 15 deletions(-) create mode 100644 tests/integration/templates/bootstrap-skip-service-stop.yaml diff --git a/docs/src/snap/reference/annotations.md b/docs/src/snap/reference/annotations.md index b5e4404d8..854fe278c 100644 --- a/docs/src/snap/reference/annotations.md +++ b/docs/src/snap/reference/annotations.md @@ -7,6 +7,7 @@ the bootstrap configuration. | Name | Description | Values | |---------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------| | `k8sd/v1alpha/lifecycle/skip-cleanup-kubernetes-node-on-remove` | If set, only microcluster and file cleanup are performed. This is helpful when an external controller (e.g., CAPI) manages the Kubernetes node lifecycle. By default, k8sd will remove the Kubernetes node when it is removed from the cluster. | "true"\|"false" | +| `k8sd/v1alpha/lifecycle/skip-stop-services-on-remove` | If set, the k8s services will not be stopped on the leaving node when removing the node. This is helpful when an external controller (e.g., CAPI) manages the Kubernetes node lifecycle. By default, all services are stopped on leaving nodes. | "true"\|"false" | diff --git a/src/k8s/cmd/k8s/k8s_bootstrap_test.go b/src/k8s/cmd/k8s/k8s_bootstrap_test.go index 39fa074d8..b486beb18 100644 --- a/src/k8s/cmd/k8s/k8s_bootstrap_test.go +++ b/src/k8s/cmd/k8s/k8s_bootstrap_test.go @@ -62,7 +62,10 @@ var testCases = []testCase{ Enabled: utils.Pointer(true), }, CloudProvider: utils.Pointer("external"), - Annotations: map[string]string{apiv1.AnnotationSkipCleanupKubernetesNodeOnRemove: "true"}, + Annotations: map[string]string{ + apiv1.AnnotationSkipCleanupKubernetesNodeOnRemove: "true", + apiv1.AnnotationSkipStopServicesOnRemove: "true", + }, }, ControlPlaneTaints: []string{"node-role.kubernetes.io/control-plane:NoSchedule"}, PodCIDR: utils.Pointer("10.100.0.0/16"), diff --git a/src/k8s/cmd/k8s/testdata/bootstrap-config-full.yaml b/src/k8s/cmd/k8s/testdata/bootstrap-config-full.yaml index 79def822f..2fa172ca6 100644 --- a/src/k8s/cmd/k8s/testdata/bootstrap-config-full.yaml +++ b/src/k8s/cmd/k8s/testdata/bootstrap-config-full.yaml @@ -23,6 +23,7 @@ cluster-config: cloud-provider: external annotations: k8sd/v1alpha/lifecycle/skip-cleanup-kubernetes-node-on-remove: true + k8sd/v1alpha/lifecycle/skip-stop-services-on-remove: true control-plane-taints: - node-role.kubernetes.io/control-plane:NoSchedule pod-cidr: 10.100.0.0/16 diff --git a/src/k8s/go.mod b/src/k8s/go.mod index 57164d98b..c62529e5d 100644 --- a/src/k8s/go.mod +++ b/src/k8s/go.mod @@ -5,7 +5,7 @@ go 1.22.6 require ( dario.cat/mergo v1.0.0 github.com/canonical/go-dqlite v1.22.0 - github.com/canonical/k8s-snap-api v1.0.5 + github.com/canonical/k8s-snap-api v1.0.6 github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 github.com/go-logr/logr v1.4.2 diff --git a/src/k8s/go.sum b/src/k8s/go.sum index 0a695e62d..9b2bb853e 100644 --- a/src/k8s/go.sum +++ b/src/k8s/go.sum @@ -99,8 +99,8 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXe github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/canonical/go-dqlite v1.22.0 h1:DuJmfcREl4gkQJyvZzjl2GHFZROhbPyfdjDRQXpkOyw= github.com/canonical/go-dqlite v1.22.0/go.mod h1:Uvy943N8R4CFUAs59A1NVaziWY9nJ686lScY7ywurfg= -github.com/canonical/k8s-snap-api v1.0.5 h1:49bgi6CGtFjCPweeTz55Sv/waKgCl6ftx4BqXt3RI9k= -github.com/canonical/k8s-snap-api v1.0.5/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= +github.com/canonical/k8s-snap-api v1.0.6 h1:hUJ59ol9romwUz82bYIumitobcuBQwKjWMnge1AhGzM= +github.com/canonical/k8s-snap-api v1.0.6/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 h1:YOqZ+/14OPZ+/TOXpRHIX3KLT0C+wZVpewKIwlGUmW0= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230/go.mod h1:YVGI7HStOKsV+cMyXWnJ7RaMPaeWtrkxyIPvGWbgACc= github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 h1:UrnpglbXELlxtufdk6DGDytu2JzyzuS3WTsOwPrkQLI= diff --git a/src/k8s/pkg/k8sd/api/worker.go b/src/k8s/pkg/k8sd/api/worker.go index efd750598..d6d4bb8db 100644 --- a/src/k8s/pkg/k8sd/api/worker.go +++ b/src/k8s/pkg/k8sd/api/worker.go @@ -86,5 +86,6 @@ func (e *Endpoints) postWorkerInfo(s state.State, r *http.Request) response.Resp KubeProxyClientCert: workerCertificates.KubeProxyClientCert, KubeProxyClientKey: workerCertificates.KubeProxyClientKey, K8sdPublicKey: cfg.Certificates.GetK8sdPublicKey(), + Annotations: cfg.Annotations, }) } diff --git a/src/k8s/pkg/k8sd/app/hooks_bootstrap.go b/src/k8s/pkg/k8sd/app/hooks_bootstrap.go index c02854b43..ccd828d1d 100644 --- a/src/k8s/pkg/k8sd/app/hooks_bootstrap.go +++ b/src/k8s/pkg/k8sd/app/hooks_bootstrap.go @@ -28,7 +28,6 @@ import ( // onBootstrap is called after we bootstrap the first cluster node. // onBootstrap configures local services then writes the cluster config on the database. func (a *App) onBootstrap(ctx context.Context, s state.State, initConfig map[string]string) error { - // NOTE(neoaggelos): context timeout is passed over configuration, so that hook failures are propagated to the client ctx, cancel := context.WithCancel(ctx) defer cancel() @@ -213,6 +212,7 @@ func (a *App) onBootstrapWorkerNode(ctx context.Context, s state.State, encodedT CACert: utils.Pointer(response.CACert), ClientCACert: utils.Pointer(response.ClientCACert), }, + Annotations: response.Annotations, } // Pre-init checks diff --git a/src/k8s/pkg/k8sd/app/hooks_remove.go b/src/k8s/pkg/k8sd/app/hooks_remove.go index 696cc1b46..2aaa66e75 100644 --- a/src/k8s/pkg/k8sd/app/hooks_remove.go +++ b/src/k8s/pkg/k8sd/app/hooks_remove.go @@ -59,8 +59,9 @@ func (a *App) onPreRemove(ctx context.Context, s state.State, force bool) (rerr log.Error(err, "Failed to wait for node to finish microcluster join before removing. Continuing with the cleanup...") } - if cfg, err := databaseutil.GetClusterConfig(ctx, s); err == nil { - if _, ok := cfg.Annotations[apiv1.AnnotationSkipCleanupKubernetesNodeOnRemove]; !ok { + cfg, err := databaseutil.GetClusterConfig(ctx, s) + if err == nil { + if _, ok := cfg.Annotations.Get(apiv1.AnnotationSkipCleanupKubernetesNodeOnRemove); !ok { c, err := snap.KubernetesClient("") if err != nil { log.Error(err, "Failed to create Kubernetes client", err) @@ -124,19 +125,21 @@ func (a *App) onPreRemove(ctx context.Context, s state.State, force bool) (rerr log.Error(err, "Failed to unmark node as worker") } - log.Info("Stopping worker services") - if err := snaputil.StopWorkerServices(ctx, snap); err != nil { - log.Error(err, "Failed to stop worker services") - } - log.Info("Cleaning up control plane certificates") if _, err := setup.EnsureControlPlanePKI(snap, &pki.ControlPlanePKI{}); err != nil { log.Error(err, "failed to cleanup control plane certificates") } - log.Info("Stopping control plane services") - if err := snaputil.StopControlPlaneServices(ctx, snap); err != nil { - log.Error(err, "Failed to stop control-plane services") + if _, ok := cfg.Annotations.Get(apiv1.AnnotationSkipStopServicesOnRemove); !ok { + log.Info("Stopping worker services") + if err := snaputil.StopWorkerServices(ctx, snap); err != nil { + log.Error(err, "Failed to stop worker services") + } + + log.Info("Stopping control plane services") + if err := snaputil.StopControlPlaneServices(ctx, snap); err != nil { + log.Error(err, "Failed to stop control-plane services") + } } return nil diff --git a/tests/integration/templates/bootstrap-skip-service-stop.yaml b/tests/integration/templates/bootstrap-skip-service-stop.yaml new file mode 100644 index 000000000..13a536cf2 --- /dev/null +++ b/tests/integration/templates/bootstrap-skip-service-stop.yaml @@ -0,0 +1,9 @@ +cluster-config: + network: + enabled: true + dns: + enabled: true + metrics-server: + enabled: true + annotations: + k8sd/v1alpha/lifecycle/skip-stop-services-on-remove: true diff --git a/tests/integration/tests/test_clustering.py b/tests/integration/tests/test_clustering.py index 57b35ef5b..4650b15b9 100644 --- a/tests/integration/tests/test_clustering.py +++ b/tests/integration/tests/test_clustering.py @@ -96,6 +96,60 @@ def test_no_remove(instances: List[harness.Instance]): assert len(nodes) == 3, "worker node should not have been removed from cluster" +@pytest.mark.node_count(3) +@pytest.mark.bootstrap_config( + (config.MANIFESTS_DIR / "bootstrap-skip-service-stop.yaml").read_text() +) +def test_skip_services_stop_on_remove(instances: List[harness.Instance]): + cluster_node = instances[0] + joining_cp = instances[1] + worker = instances[2] + + join_token = util.get_join_token(cluster_node, joining_cp) + util.join_cluster(joining_cp, join_token) + + join_token_worker = util.get_join_token(cluster_node, worker, "--worker") + util.join_cluster(worker, join_token_worker) + + # We don't care if the node is ready or the CNI is up. + util.stubbornly(retries=5, delay_s=3).until(util.get_nodes(cluster_node) == 3) + + cluster_node.exec(["k8s", "remove-node", joining_cp.id]) + nodes = util.ready_nodes(cluster_node) + assert len(nodes) == 2, "cp node should have been removed from the cluster" + services = joining_cp.exec( + ["snap", "services", "k8s"], capture_output=True, text=True + ).stdout.split("\n")[1:-1] + print(services) + for service in services: + if "k8s-apiserver-proxy" in service: + assert ( + " inactive " in service + ), "apiserver proxy should be inactive on control-plane" + else: + assert " active " in service, "service should be active" + + cluster_node.exec(["k8s", "remove-node", worker.id]) + nodes = util.ready_nodes(cluster_node) + assert len(nodes) == 1, "worker node should have been removed from the cluster" + services = worker.exec( + ["snap", "services", "k8s"], capture_output=True, text=True + ).stdout.split("\n")[1:-1] + print(services) + for service in services: + for expected_active_service in [ + "containerd", + "k8sd", + "kubelet", + "kube-proxy", + "k8s-apiserver-proxy", + ]: + if expected_active_service in service: + assert ( + " active " in service + ), f"{expected_active_service} should be active on worker" + + @pytest.mark.node_count(3) def test_join_with_custom_token_name(instances: List[harness.Instance]): cluster_node = instances[0] From cfa7f993a343b191c08691f3666d6f5cd4e239d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciek=20Go=C5=82aszewski?= Date: Fri, 20 Sep 2024 13:27:29 +0200 Subject: [PATCH 017/122] Add unit tests for coredns (#684) * Add unit tests for coredns KU-1515 --- src/k8s/pkg/k8sd/features/coredns/chart.go | 6 +- src/k8s/pkg/k8sd/features/coredns/coredns.go | 18 +- .../pkg/k8sd/features/coredns/coredns_test.go | 198 ++++++++++++++++++ src/k8s/pkg/k8sd/features/coredns/register.go | 2 +- 4 files changed, 211 insertions(+), 13 deletions(-) create mode 100644 src/k8s/pkg/k8sd/features/coredns/coredns_test.go diff --git a/src/k8s/pkg/k8sd/features/coredns/chart.go b/src/k8s/pkg/k8sd/features/coredns/chart.go index 72cf75bfb..08d37d60e 100644 --- a/src/k8s/pkg/k8sd/features/coredns/chart.go +++ b/src/k8s/pkg/k8sd/features/coredns/chart.go @@ -8,7 +8,7 @@ import ( var ( // chartCoreDNS represents manifests to deploy CoreDNS. - chart = helm.InstallableChart{ + Chart = helm.InstallableChart{ Name: "ck-dns", Namespace: "kube-system", ManifestPath: filepath.Join("charts", "coredns-1.29.0.tgz"), @@ -17,6 +17,6 @@ var ( // imageRepo is the image to use for CoreDNS. imageRepo = "ghcr.io/canonical/coredns" - // imageTag is the tag to use for the CoreDNS image. - imageTag = "1.11.1-ck4" + // ImageTag is the tag to use for the CoreDNS image. + ImageTag = "1.11.1-ck4" ) diff --git a/src/k8s/pkg/k8sd/features/coredns/coredns.go b/src/k8s/pkg/k8sd/features/coredns/coredns.go index 28402e707..79e66d6e6 100644 --- a/src/k8s/pkg/k8sd/features/coredns/coredns.go +++ b/src/k8s/pkg/k8sd/features/coredns/coredns.go @@ -29,17 +29,17 @@ func ApplyDNS(ctx context.Context, snap snap.Snap, dns types.DNS, kubelet types. m := snap.HelmClient() if !dns.GetEnabled() { - if _, err := m.Apply(ctx, chart, helm.StateDeleted, nil); err != nil { + if _, err := m.Apply(ctx, Chart, helm.StateDeleted, nil); err != nil { err = fmt.Errorf("failed to uninstall coredns: %w", err) return types.FeatureStatus{ Enabled: false, - Version: imageTag, + Version: ImageTag, Message: fmt.Sprintf(deleteFailedMsgTmpl, err), }, "", err } return types.FeatureStatus{ Enabled: false, - Version: imageTag, + Version: ImageTag, Message: disabledMsg, }, "", nil } @@ -47,7 +47,7 @@ func ApplyDNS(ctx context.Context, snap snap.Snap, dns types.DNS, kubelet types. values := map[string]any{ "image": map[string]any{ "repository": imageRepo, - "tag": imageTag, + "tag": ImageTag, }, "service": map[string]any{ "name": "coredns", @@ -82,11 +82,11 @@ func ApplyDNS(ctx context.Context, snap snap.Snap, dns types.DNS, kubelet types. }, } - if _, err := m.Apply(ctx, chart, helm.StatePresent, values); err != nil { + if _, err := m.Apply(ctx, Chart, helm.StatePresent, values); err != nil { err = fmt.Errorf("failed to apply coredns: %w", err) return types.FeatureStatus{ Enabled: false, - Version: imageTag, + Version: ImageTag, Message: fmt.Sprintf(deployFailedMsgTmpl, err), }, "", err } @@ -96,7 +96,7 @@ func ApplyDNS(ctx context.Context, snap snap.Snap, dns types.DNS, kubelet types. err = fmt.Errorf("failed to create kubernetes client: %w", err) return types.FeatureStatus{ Enabled: false, - Version: imageTag, + Version: ImageTag, Message: fmt.Sprintf(deployFailedMsgTmpl, err), }, "", err } @@ -105,14 +105,14 @@ func ApplyDNS(ctx context.Context, snap snap.Snap, dns types.DNS, kubelet types. err = fmt.Errorf("failed to retrieve the coredns service: %w", err) return types.FeatureStatus{ Enabled: false, - Version: imageTag, + Version: ImageTag, Message: fmt.Sprintf(deployFailedMsgTmpl, err), }, "", err } return types.FeatureStatus{ Enabled: true, - Version: imageTag, + Version: ImageTag, Message: fmt.Sprintf(enabledMsgTmpl, dnsIP), }, dnsIP, err } diff --git a/src/k8s/pkg/k8sd/features/coredns/coredns_test.go b/src/k8s/pkg/k8sd/features/coredns/coredns_test.go new file mode 100644 index 000000000..b420aa15e --- /dev/null +++ b/src/k8s/pkg/k8sd/features/coredns/coredns_test.go @@ -0,0 +1,198 @@ +package coredns_test + +import ( + "context" + "errors" + "strings" + "testing" + + . "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/fake" + "k8s.io/utils/ptr" + + "github.com/canonical/k8s/pkg/client/helm" + helmmock "github.com/canonical/k8s/pkg/client/helm/mock" + "github.com/canonical/k8s/pkg/client/kubernetes" + "github.com/canonical/k8s/pkg/k8sd/features/coredns" + "github.com/canonical/k8s/pkg/k8sd/types" + snapmock "github.com/canonical/k8s/pkg/snap/mock" +) + +func TestDisabled(t *testing.T) { + t.Run("HelmApplyFails", func(t *testing.T) { + g := NewWithT(t) + + applyErr := errors.New("failed to apply") + helmM := &helmmock.Mock{ + ApplyErr: applyErr, + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + dns := types.DNS{ + Enabled: ptr.To(false), + } + kubelet := types.Kubelet{} + + status, str, err := coredns.ApplyDNS(context.Background(), snapM, dns, kubelet, nil) + + g.Expect(err).To(MatchError(ContainSubstring(applyErr.Error()))) + g.Expect(str).To(BeEmpty()) + g.Expect(status.Message).To(ContainSubstring(applyErr.Error())) + g.Expect(status.Message).To(ContainSubstring("failed to uninstall coredns")) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(coredns.ImageTag)) + + callArgs := helmM.ApplyCalledWith[0] + g.Expect(callArgs.Chart).To(Equal(coredns.Chart)) + g.Expect(callArgs.State).To(Equal(helm.StateDeleted)) + g.Expect(callArgs.Values).To(BeNil()) + + }) + t.Run("Success", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + dns := types.DNS{ + Enabled: ptr.To(false), + } + kubelet := types.Kubelet{} + + status, str, err := coredns.ApplyDNS(context.Background(), snapM, dns, kubelet, nil) + + g.Expect(err).To(BeNil()) + g.Expect(str).To(BeEmpty()) + g.Expect(status.Message).To(Equal("disabled")) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(coredns.ImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + + callArgs := helmM.ApplyCalledWith[0] + g.Expect(callArgs.Chart).To(Equal(coredns.Chart)) + g.Expect(callArgs.State).To(Equal(helm.StateDeleted)) + g.Expect(callArgs.Values).To(BeNil()) + }) +} + +func TestEnabled(t *testing.T) { + t.Run("HelmApplyFails", func(t *testing.T) { + g := NewWithT(t) + + applyErr := errors.New("failed to apply") + helmM := &helmmock.Mock{ + ApplyErr: applyErr, + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + dns := types.DNS{ + Enabled: ptr.To(true), + } + kubelet := types.Kubelet{} + + status, str, err := coredns.ApplyDNS(context.Background(), snapM, dns, kubelet, nil) + + g.Expect(err).To(MatchError(ContainSubstring(applyErr.Error()))) + g.Expect(str).To(BeEmpty()) + g.Expect(status.Message).To(ContainSubstring(applyErr.Error())) + g.Expect(status.Message).To(ContainSubstring("failed to apply coredns")) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(coredns.ImageTag)) + + callArgs := helmM.ApplyCalledWith[0] + g.Expect(callArgs.Chart).To(Equal(coredns.Chart)) + g.Expect(callArgs.State).To(Equal(helm.StatePresent)) + validateValues(g, callArgs.Values, dns, kubelet) + }) + t.Run("HelmApplySuccessServiceFails", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{} + clientset := fake.NewSimpleClientset() + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{Interface: clientset}, + }, + } + dns := types.DNS{ + Enabled: ptr.To(true), + } + kubelet := types.Kubelet{} + + status, str, err := coredns.ApplyDNS(context.Background(), snapM, dns, kubelet, nil) + + g.Expect(err).To(MatchError(ContainSubstring("services \"coredns\" not found"))) + g.Expect(str).To(BeEmpty()) + g.Expect(status.Message).To(ContainSubstring("failed to retrieve the coredns service")) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(coredns.ImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + + callArgs := helmM.ApplyCalledWith[0] + g.Expect(callArgs.Chart).To(Equal(coredns.Chart)) + g.Expect(callArgs.State).To(Equal(helm.StatePresent)) + validateValues(g, callArgs.Values, dns, kubelet) + }) + t.Run("Success", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{} + clusterIp := "10.96.0.10" + corednsService := &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: "coredns", + Namespace: "kube-system", + }, + Spec: corev1.ServiceSpec{ + ClusterIP: clusterIp, + }, + } + clientset := fake.NewSimpleClientset(corednsService) + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{Interface: clientset}, + }, + } + dns := types.DNS{ + Enabled: ptr.To(true), + } + kubelet := types.Kubelet{} + + status, str, err := coredns.ApplyDNS(context.Background(), snapM, dns, kubelet, nil) + + g.Expect(err).To(BeNil()) + g.Expect(str).To(Equal(clusterIp)) + g.Expect(status.Message).To(ContainSubstring("enabled at " + clusterIp)) + g.Expect(status.Enabled).To(BeTrue()) + g.Expect(status.Version).To(Equal(coredns.ImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + + callArgs := helmM.ApplyCalledWith[0] + g.Expect(callArgs.Chart).To(Equal(coredns.Chart)) + g.Expect(callArgs.State).To(Equal(helm.StatePresent)) + validateValues(g, callArgs.Values, dns, kubelet) + }) +} + +func validateValues(g Gomega, values map[string]any, dns types.DNS, kubelet types.Kubelet) { + service := values["service"].(map[string]any) + g.Expect(service["clusterIP"]).To(Equal(kubelet.GetClusterDNS())) + + servers := values["servers"].([]map[string]any) + plugins := servers[0]["plugins"].([]map[string]any) + g.Expect(plugins[3]["parameters"]).To(ContainSubstring(kubelet.GetClusterDomain())) + g.Expect(plugins[5]["parameters"]).To(ContainSubstring(strings.Join(dns.GetUpstreamNameservers(), " "))) +} diff --git a/src/k8s/pkg/k8sd/features/coredns/register.go b/src/k8s/pkg/k8sd/features/coredns/register.go index 1dc54d943..566d31f09 100644 --- a/src/k8s/pkg/k8sd/features/coredns/register.go +++ b/src/k8s/pkg/k8sd/features/coredns/register.go @@ -8,6 +8,6 @@ import ( func init() { images.Register( - fmt.Sprintf("%s:%s", imageRepo, imageTag), + fmt.Sprintf("%s:%s", imageRepo, ImageTag), ) } From d1898163b7a7d7b13080f63067dc045574974f6b Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Fri, 20 Sep 2024 14:54:53 +0200 Subject: [PATCH 018/122] Add certificate expiry endpoint (#683) --- src/k8s/go.mod | 2 +- src/k8s/go.sum | 4 +- .../pkg/k8sd/api/capi_certificates_expiry.go | 50 +++++++++++++++++++ src/k8s/pkg/k8sd/api/endpoints.go | 5 ++ tests/integration/tests/test_smoke.py | 27 +++++++++- tests/integration/tests/test_util/util.py | 11 ++++ 6 files changed, 95 insertions(+), 4 deletions(-) create mode 100644 src/k8s/pkg/k8sd/api/capi_certificates_expiry.go diff --git a/src/k8s/go.mod b/src/k8s/go.mod index c62529e5d..6ec6e3204 100644 --- a/src/k8s/go.mod +++ b/src/k8s/go.mod @@ -5,7 +5,7 @@ go 1.22.6 require ( dario.cat/mergo v1.0.0 github.com/canonical/go-dqlite v1.22.0 - github.com/canonical/k8s-snap-api v1.0.6 + github.com/canonical/k8s-snap-api v1.0.7 github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 github.com/go-logr/logr v1.4.2 diff --git a/src/k8s/go.sum b/src/k8s/go.sum index 9b2bb853e..ee150fa8a 100644 --- a/src/k8s/go.sum +++ b/src/k8s/go.sum @@ -99,8 +99,8 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXe github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/canonical/go-dqlite v1.22.0 h1:DuJmfcREl4gkQJyvZzjl2GHFZROhbPyfdjDRQXpkOyw= github.com/canonical/go-dqlite v1.22.0/go.mod h1:Uvy943N8R4CFUAs59A1NVaziWY9nJ686lScY7ywurfg= -github.com/canonical/k8s-snap-api v1.0.6 h1:hUJ59ol9romwUz82bYIumitobcuBQwKjWMnge1AhGzM= -github.com/canonical/k8s-snap-api v1.0.6/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= +github.com/canonical/k8s-snap-api v1.0.7 h1:40qz+9IcV90ZN/wTMuOraZcuqoyRHaJck1J3c7FcWrQ= +github.com/canonical/k8s-snap-api v1.0.7/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 h1:YOqZ+/14OPZ+/TOXpRHIX3KLT0C+wZVpewKIwlGUmW0= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230/go.mod h1:YVGI7HStOKsV+cMyXWnJ7RaMPaeWtrkxyIPvGWbgACc= github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 h1:UrnpglbXELlxtufdk6DGDytu2JzyzuS3WTsOwPrkQLI= diff --git a/src/k8s/pkg/k8sd/api/capi_certificates_expiry.go b/src/k8s/pkg/k8sd/api/capi_certificates_expiry.go new file mode 100644 index 000000000..c6bc96ac8 --- /dev/null +++ b/src/k8s/pkg/k8sd/api/capi_certificates_expiry.go @@ -0,0 +1,50 @@ +package api + +import ( + "fmt" + "net/http" + "time" + + apiv1 "github.com/canonical/k8s-snap-api/api/v1" + databaseutil "github.com/canonical/k8s/pkg/k8sd/database/util" + pkiutil "github.com/canonical/k8s/pkg/utils/pki" + "github.com/canonical/lxd/lxd/response" + "github.com/canonical/microcluster/v3/state" +) + +func (e *Endpoints) postCertificatesExpiry(s state.State, r *http.Request) response.Response { + config, err := databaseutil.GetClusterConfig(r.Context(), s) + if err != nil { + return response.InternalError(fmt.Errorf("failed to get cluster config: %w", err)) + } + + certificates := []string{ + config.Certificates.GetCACert(), + config.Certificates.GetClientCACert(), + config.Certificates.GetAdminClientCert(), + config.Certificates.GetAPIServerKubeletClientCert(), + config.Certificates.GetFrontProxyCACert(), + } + + var earliestExpiry time.Time + // Find the earliest expiry certificate + // They should all be about the same but better double-check this. + for _, cert := range certificates { + if cert == "" { + continue + } + + cert, _, err := pkiutil.LoadCertificate(cert, "") + if err != nil { + return response.InternalError(fmt.Errorf("failed to load certificate: %w", err)) + } + + if earliestExpiry.IsZero() || cert.NotAfter.Before(earliestExpiry) { + earliestExpiry = cert.NotAfter + } + } + + return response.SyncResponse(true, &apiv1.CertificatesExpiryResponse{ + ExpiryDate: earliestExpiry.Format(time.RFC3339), + }) +} diff --git a/src/k8s/pkg/k8sd/api/endpoints.go b/src/k8s/pkg/k8sd/api/endpoints.go index e7e7af5d0..3bc56701e 100644 --- a/src/k8s/pkg/k8sd/api/endpoints.go +++ b/src/k8s/pkg/k8sd/api/endpoints.go @@ -140,6 +140,11 @@ func (e *Endpoints) Endpoints() []rest.Endpoint { Path: apiv1.ClusterAPIRemoveNodeRPC, Post: rest.EndpointAction{Handler: e.postClusterRemove, AccessHandler: ValidateCAPIAuthTokenAccessHandler("capi-auth-token"), AllowUntrusted: true}, }, + { + Name: "ClusterAPI/CertificatesExpiry", + Path: apiv1.ClusterAPICertificatesExpiryRPC, + Post: rest.EndpointAction{Handler: e.postCertificatesExpiry, AccessHandler: ValidateCAPIAuthTokenAccessHandler("capi-auth-token"), AllowUntrusted: true}, + }, // Snap refreshes { Name: "Snap/Refresh", diff --git a/tests/integration/tests/test_smoke.py b/tests/integration/tests/test_smoke.py index c5dd95c38..9d8dd6da1 100644 --- a/tests/integration/tests/test_smoke.py +++ b/tests/integration/tests/test_smoke.py @@ -89,7 +89,6 @@ def test_smoke(instances: List[harness.Instance]): capture_output=True, ) response = json.loads(resp.stdout.decode()) - assert ( response["error_code"] == 0 ), "Failed to generate join token using CAPI endpoints." @@ -101,6 +100,32 @@ def test_smoke(instances: List[harness.Instance]): metadata.get("token") is not None ), "Token not found in the generate-join-token response." + resp = instance.exec( + [ + "curl", + "-XPOST", + "-H", + "Content-Type: application/json", + "-H", + "capi-auth-token: my-secret-token", + "--unix-socket", + "/var/snap/k8s/common/var/lib/k8sd/state/control.socket", + "http://localhost/1.0/x/capi/certificates-expiry", + ], + capture_output=True, + ) + response = json.loads(resp.stdout.decode()) + assert ( + response["error_code"] == 0 + ), "Failed to get certificate expiry using CAPI endpoints." + metadata = response.get("metadata") + assert ( + metadata is not None + ), "Metadata not found in the certificate expiry response." + assert util.is_valid_rfc3339( + metadata.get("expiry-date") + ), "Token not found in the certificate expiry response." + def status_output_matches(p: subprocess.CompletedProcess) -> bool: result_lines = p.stdout.decode().strip().split("\n") if len(result_lines) != len(STATUS_PATTERNS): diff --git a/tests/integration/tests/test_util/util.py b/tests/integration/tests/test_util/util.py index 754dc744b..0124b5f84 100644 --- a/tests/integration/tests/test_util/util.py +++ b/tests/integration/tests/test_util/util.py @@ -6,6 +6,7 @@ import re import shlex import subprocess +from datetime import datetime from functools import partial from pathlib import Path from typing import Any, Callable, List, Mapping, Optional, Union @@ -283,3 +284,13 @@ def get_global_unicast_ipv6(instance: harness.Instance, interface="eth0") -> str if match: return match.group(1) return None + + +# Checks if a datastring is a valid RFC3339 date. +def is_valid_rfc3339(date_str): + try: + # Attempt to parse the string according to the RFC3339 format + datetime.strptime(date_str, "%Y-%m-%dT%H:%M:%S%z") + return True + except ValueError: + return False From 5fe3c27356a1a54082558b5efebf8b701224dfa0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciek=20Go=C5=82aszewski?= Date: Fri, 20 Sep 2024 18:35:32 +0200 Subject: [PATCH 019/122] Skip Go/K8s test suite when docs are changed (#685) --- .github/workflows/go.yaml | 4 ++++ .github/workflows/integration-informing.yaml | 4 ++++ .github/workflows/integration.yaml | 4 ++++ .github/workflows/python.yaml | 4 ++++ .github/workflows/sbom.yaml | 4 ++++ 5 files changed, 20 insertions(+) diff --git a/.github/workflows/go.yaml b/.github/workflows/go.yaml index c29585c09..63e940817 100644 --- a/.github/workflows/go.yaml +++ b/.github/workflows/go.yaml @@ -2,6 +2,8 @@ name: Go on: push: + paths-ignore: + - 'docs/**' branches: - main - autoupdate/strict @@ -10,6 +12,8 @@ on: - 'autoupdate/release-[0-9]+.[0-9]+-strict' - 'autoupdate/sync/**' pull_request: + paths-ignore: + - 'docs/**' permissions: contents: read diff --git a/.github/workflows/integration-informing.yaml b/.github/workflows/integration-informing.yaml index 94cc7c01d..0046b959b 100644 --- a/.github/workflows/integration-informing.yaml +++ b/.github/workflows/integration-informing.yaml @@ -2,11 +2,15 @@ name: Informing Integration Tests on: push: + paths-ignore: + - 'docs/**' branches: - main - 'release-[0-9]+.[0-9]+' - 'autoupdate/sync/**' pull_request: + paths-ignore: + - 'docs/**' permissions: contents: read diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 0bfaae8e3..e1f4543e9 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -2,6 +2,8 @@ name: Integration Tests on: push: + paths-ignore: + - 'docs/**' branches: - main - autoupdate/strict @@ -10,6 +12,8 @@ on: - 'autoupdate/release-[0-9]+.[0-9]+-strict' - 'autoupdate/sync/**' pull_request: + paths-ignore: + - 'docs/**' permissions: contents: read diff --git a/.github/workflows/python.yaml b/.github/workflows/python.yaml index 2ccb0979f..0c51d8ecf 100644 --- a/.github/workflows/python.yaml +++ b/.github/workflows/python.yaml @@ -2,6 +2,8 @@ name: Python on: push: + paths-ignore: + - 'docs/**' branches: - main - autoupdate/strict @@ -10,6 +12,8 @@ on: - 'autoupdate/release-[0-9]+.[0-9]+-strict' - 'autoupdate/sync/**' pull_request: + paths-ignore: + - 'docs/**' permissions: contents: read diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml index 846a19e76..2faa27a28 100644 --- a/.github/workflows/sbom.yaml +++ b/.github/workflows/sbom.yaml @@ -2,6 +2,8 @@ name: SBOM on: push: + paths-ignore: + - 'docs/**' branches: - main - autoupdate/strict @@ -10,6 +12,8 @@ on: - 'autoupdate/release-[0-9]+.[0-9]+-strict' - 'autoupdate/sync/**' pull_request: + paths-ignore: + - 'docs/**' permissions: contents: read From 6b15893e1a4d656f11c339d69a7669f9cd640df7 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Mon, 23 Sep 2024 13:11:28 +0200 Subject: [PATCH 020/122] Ignore part of cluster check (#688) --- src/k8s/cmd/k8s/k8s_x_snapd_config.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/k8s/cmd/k8s/k8s_x_snapd_config.go b/src/k8s/cmd/k8s/k8s_x_snapd_config.go index f950cec57..b0f07f9a1 100644 --- a/src/k8s/cmd/k8s/k8s_x_snapd_config.go +++ b/src/k8s/cmd/k8s/k8s_x_snapd_config.go @@ -64,11 +64,7 @@ func newXSnapdConfigCmd(env cmdutil.ExecutionEnvironment) *cobra.Command { ctx, cancel := context.WithTimeout(cmd.Context(), opts.timeout) defer cancel() if err := control.WaitUntilReady(ctx, func() (bool, error) { - _, partOfCluster, err := client.NodeStatus(cmd.Context()) - if !partOfCluster { - cmd.PrintErrf("Node is not part of a cluster: %v\n", err) - env.Exit(1) - } + _, _, err := client.NodeStatus(cmd.Context()) return err == nil, nil }); err != nil { cmd.PrintErrf("Error: k8sd did not come up in time: %v\n", err) From 02f369b42641cd8972f540b667f83398b9776c17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciek=20Go=C5=82aszewski?= Date: Mon, 23 Sep 2024 21:30:41 +0200 Subject: [PATCH 021/122] Unit tests for Metrics Server k8sd feature (#691) Metrics Server feature lacks unit test this PR implements tests for Metrics Server functionality. KU-1515 --- .../metrics-server/metrics_server_test.go | 40 ++++++++++++++++--- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go b/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go index ced59104f..38c93fc34 100644 --- a/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go +++ b/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go @@ -2,6 +2,7 @@ package metrics_server_test import ( "context" + "errors" "testing" "github.com/canonical/k8s/pkg/client/helm" @@ -14,29 +15,52 @@ import ( ) func TestApplyMetricsServer(t *testing.T) { + + helmErr := errors.New("failed to apply") for _, tc := range []struct { name string config types.MetricsServer expectState helm.State + helmError error }{ { - name: "Enable", + name: "EnableWithoutHelmError", + config: types.MetricsServer{ + Enabled: utils.Pointer(true), + }, + expectState: helm.StatePresent, + helmError: nil, + }, + { + name: "DisableWithoutHelmError", + config: types.MetricsServer{ + Enabled: utils.Pointer(false), + }, + expectState: helm.StateDeleted, + helmError: nil, + }, + { + name: "EnableWithHelmError", config: types.MetricsServer{ Enabled: utils.Pointer(true), }, expectState: helm.StatePresent, + helmError: helmErr, }, { - name: "Disable", + name: "DisableWithHelmError", config: types.MetricsServer{ Enabled: utils.Pointer(false), }, expectState: helm.StateDeleted, + helmError: helmErr, }, } { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) - h := &helmmock.Mock{} + h := &helmmock.Mock{ + ApplyErr: tc.helmError, + } s := &snapmock.Snap{ Mock: snapmock.Mock{ HelmClient: h, @@ -44,14 +68,20 @@ func TestApplyMetricsServer(t *testing.T) { } status, err := metrics_server.ApplyMetricsServer(context.Background(), s, tc.config, nil) - g.Expect(err).ToNot(HaveOccurred()) + if tc.helmError == nil { + g.Expect(err).ToNot(HaveOccurred()) + } else { + g.Expect(err).To(HaveOccurred()) + } g.Expect(h.ApplyCalledWith).To(ConsistOf(SatisfyAll( HaveField("Chart.Name", Equal("metrics-server")), HaveField("Chart.Namespace", Equal("kube-system")), HaveField("State", Equal(tc.expectState)), ))) - if tc.config.GetEnabled() { + if errors.Is(tc.helmError, helmErr) { + g.Expect(status.Message).To(ContainSubstring(helmErr.Error())) + } else if tc.config.GetEnabled() { g.Expect(status.Message).To(Equal("enabled")) } else { g.Expect(status.Message).To(Equal("disabled")) From 6ce90fa76c02c1fa8adbcc4b011ab63aa6bbe461 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Tue, 24 Sep 2024 08:55:50 +0200 Subject: [PATCH 022/122] Add version upgrade tests (#678) --------- Co-authored-by: Adam Dyess --- .github/workflows/integration-informing.yaml | 15 +-- .github/workflows/integration.yaml | 15 +-- .github/workflows/nightly-test.yaml | 11 ++- tests/integration/tests/conftest.py | 12 ++- tests/integration/tests/test_util/config.py | 7 ++ tests/integration/tests/test_util/snap.py | 93 +++++++++++++++++++ .../tests/test_version_upgrades.py | 54 +++++++++++ 7 files changed, 188 insertions(+), 19 deletions(-) create mode 100644 tests/integration/tests/test_util/snap.py create mode 100644 tests/integration/tests/test_version_upgrades.py diff --git a/.github/workflows/integration-informing.yaml b/.github/workflows/integration-informing.yaml index 0046b959b..344ffb6e4 100644 --- a/.github/workflows/integration-informing.yaml +++ b/.github/workflows/integration-informing.yaml @@ -80,16 +80,17 @@ jobs: uses: actions/download-artifact@v4 with: name: k8s-${{ matrix.patch }}.snap - path: build + path: ${{ github.workspace }}/build - name: Apply ${{ matrix.patch }} patch run: | ./build-scripts/patches/${{ matrix.patch }}/apply - name: Run end to end tests + env: + TEST_SNAP: ${{ github.workspace }}/build/k8s-${{ matrix.patch }}.snap + TEST_SUBSTRATE: lxd + TEST_LXD_IMAGE: ${{ matrix.os }} + TEST_INSPECTION_REPORTS_DIR: ${{ github.workspace }}/inspection-reports run: | - export TEST_SNAP="$PWD/build/k8s-${{ matrix.patch }}.snap" - export TEST_SUBSTRATE=lxd - export TEST_LXD_IMAGE=${{ matrix.os }} - export TEST_INSPECTION_REPORTS_DIR="$HOME/inspection-reports" # IPv6-only is only supported on moonray if [[ "${{ matrix.patch }}" == "moonray" ]]; then export TEST_IPV6_ONLY="true" @@ -98,11 +99,11 @@ jobs: - name: Prepare inspection reports if: failure() run: | - tar -czvf inspection-reports.tar.gz -C $HOME inspection-reports + tar -czvf inspection-reports.tar.gz -C ${{ github.workspace }} inspection-reports echo "artifact_name=inspection-reports-${{ matrix.os }}-${{ matrix.patch }}" | sed 's/:/-/g' >> $GITHUB_ENV - name: Upload inspection report artifact if: failure() uses: actions/upload-artifact@v4 with: name: ${{ env.artifact_name }} - path: inspection-reports.tar.gz + path: ${{ github.workspace }}/inspection-reports.tar.gz diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index e1f4543e9..d2589b8ca 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -95,25 +95,26 @@ jobs: uses: actions/download-artifact@v4 with: name: k8s.snap - path: build + path: ${{ github.workspace }}/build - name: Run end to end tests + env: + TEST_SNAP: ${{ github.workspace }}/build/k8s.snap + TEST_SUBSTRATE: lxd + TEST_LXD_IMAGE: ${{ matrix.os }} + TEST_INSPECTION_REPORTS_DIR: ${{ github.workspace }}/inspection-reports run: | - export TEST_SNAP="$PWD/build/k8s.snap" - export TEST_SUBSTRATE=lxd - export TEST_LXD_IMAGE=${{ matrix.os }} - export TEST_INSPECTION_REPORTS_DIR="$HOME/inspection-reports" cd tests/integration && sg lxd -c 'tox -e integration' - name: Prepare inspection reports if: failure() run: | - tar -czvf inspection-reports.tar.gz -C $HOME inspection-reports + tar -czvf inspection-reports.tar.gz -C ${{ github.workspace }} inspection-reports echo "artifact_name=inspection-reports-${{ matrix.os }}" | sed 's/:/-/g' >> $GITHUB_ENV - name: Upload inspection report artifact if: failure() uses: actions/upload-artifact@v4 with: name: ${{ env.artifact_name }} - path: inspection-reports.tar.gz + path: ${{ github.workspace }}/inspection-reports.tar.gz security-scan: permissions: diff --git a/.github/workflows/nightly-test.yaml b/.github/workflows/nightly-test.yaml index cd661474f..ea00bcd4f 100644 --- a/.github/workflows/nightly-test.yaml +++ b/.github/workflows/nightly-test.yaml @@ -42,9 +42,14 @@ jobs: cd build snap download k8s --channel=${{ matrix.releases }} --basename k8s - name: Run end to end tests # tox path needs to be specified for arm64 + env: + TEST_SNAP: ${{ github.workspace }}/build/k8s-${{ matrix.patch }}.snap + TEST_SUBSTRATE: lxd + TEST_LXD_IMAGE: ${{ matrix.os }} + TEST_INSPECTION_REPORTS_DIR: ${{ github.workspace }}/inspection-reports + # Test the latest (up to) 6 releases for the flavour + # TODO(ben): upgrade nightly to run all flavours + TEST_VERSION_UPGRADE_CHANNELS: "recent 6 classic" run: | - export TEST_SNAP="$PWD/build/k8s.snap" - export TEST_SUBSTRATE=lxd - export TEST_LXD_IMAGE="${{ matrix.os }}" export PATH="/home/runner/.local/bin:$PATH" cd tests/integration && sg lxd -c 'tox -e integration' diff --git a/tests/integration/tests/conftest.py b/tests/integration/tests/conftest.py index eb6fbb07f..98e170fae 100644 --- a/tests/integration/tests/conftest.py +++ b/tests/integration/tests/conftest.py @@ -83,6 +83,7 @@ def pytest_configure(config): "markers", "bootstrap_config: Provide a custom bootstrap config to the bootstrapping node.\n" "disable_k8s_bootstrapping: By default, the first k8s node is bootstrapped. This marker disables that.\n" + "no_setup: No setup steps (pushing snap, bootstrapping etc.) are performed on any node for this test.\n" "dualstack: Support dualstack on the instances.\n" "etcd_count: Mark a test to specify how many etcd instance nodes need to be created (None by default)\n" "node_count: Mark a test to specify how many instance nodes need to be created\n", @@ -103,6 +104,11 @@ def disable_k8s_bootstrapping(request) -> bool: return bool(request.node.get_closest_marker("disable_k8s_bootstrapping")) +@pytest.fixture(scope="function") +def no_setup(request) -> bool: + return bool(request.node.get_closest_marker("no_setup")) + + @pytest.fixture(scope="function") def bootstrap_config(request) -> Union[str, None]: bootstrap_config_marker = request.node.get_closest_marker("bootstrap_config") @@ -123,6 +129,7 @@ def instances( node_count: int, tmp_path: Path, disable_k8s_bootstrapping: bool, + no_setup: bool, bootstrap_config: Union[str, None], dualstack: bool, ) -> Generator[List[harness.Instance], None, None]: @@ -145,9 +152,10 @@ def instances( # Create instances and setup the k8s snap in each. instance = h.new_instance(dualstack=dualstack) instances.append(instance) - util.setup_k8s_snap(instance, snap_path) + if not no_setup: + util.setup_k8s_snap(instance, snap_path) - if not disable_k8s_bootstrapping: + if not disable_k8s_bootstrapping and not no_setup: first_node, *_ = instances if bootstrap_config is not None: diff --git a/tests/integration/tests/test_util/config.py b/tests/integration/tests/test_util/config.py index 2778d893f..b9e535683 100644 --- a/tests/integration/tests/test_util/config.py +++ b/tests/integration/tests/test_util/config.py @@ -88,3 +88,10 @@ # JUJU_MACHINES is a list of existing Juju machines to use. JUJU_MACHINES = os.getenv("TEST_JUJU_MACHINES") or "" + +# A list of space-separated channels for which the upgrade tests should be run in sequential order. +# First entry is the bootstrap channel. Afterwards, upgrades are done in order. +# Alternatively, use 'recent ' to get the latest channels for . +VERSION_UPGRADE_CHANNELS = ( + os.environ.get("TEST_VERSION_UPGRADE_CHANNELS", "").strip().split() +) diff --git a/tests/integration/tests/test_util/snap.py b/tests/integration/tests/test_util/snap.py new file mode 100644 index 000000000..9ad77ab49 --- /dev/null +++ b/tests/integration/tests/test_util/snap.py @@ -0,0 +1,93 @@ +# +# Copyright 2024 Canonical, Ltd. +# +import json +import logging +import re +import urllib.error +import urllib.request +from typing import List + +LOG = logging.getLogger(__name__) + +SNAP_NAME = "k8s" + +# For Snap Store API request +SNAPSTORE_INFO_API = "https://api.snapcraft.io/v2/snaps/info/" +SNAPSTORE_HEADERS = { + "Snap-Device-Series": "16", + "User-Agent": "Mozilla/5.0", +} +RISK_LEVELS = ["stable", "candidate", "beta", "edge"] + + +def get_snap_info(snap_name=SNAP_NAME): + """Get the snap info from the Snap Store API.""" + req = urllib.request.Request( + SNAPSTORE_INFO_API + snap_name, headers=SNAPSTORE_HEADERS + ) + try: + with urllib.request.urlopen(req) as response: # nosec + return json.loads(response.read().decode()) + except urllib.error.HTTPError as e: + LOG.exception("HTTPError ({%s}): {%s} {%s}", req.full_url, e.code, e.reason) + raise + except urllib.error.URLError as e: + LOG.exception("URLError ({%s}): {%s}", req.full_url, e.reason) + raise + + +def get_latest_channels( + num_of_channels: int, flavor: str, arch: str, include_latest=True +) -> List[str]: + """Get an ascending list of latest channels based on the number of channels and flavour. + + e.g. get_latest_release_channels(3, "classic") -> ['1.31-classic/candidate', '1.30-classic/candidate'] + if there are less than num_of_channels available, return all available channels. + Only the most stable risk level is returned for each major.minor version. + By default, the `latest/edge/` channel is included in the list. + """ + snap_info = get_snap_info() + + # Extract channel information + channels = snap_info.get("channel-map", []) + available_channels = [ + ch["channel"]["name"] + for ch in channels + if ch["channel"]["architecture"] == arch + ] + + # Define regex pattern to match channels in the format 'major.minor-flavour' + if flavor == "strict": + pattern = re.compile(r"(\d+)\.(\d+)\/(" + "|".join(RISK_LEVELS) + ")") + else: + pattern = re.compile( + r"(\d+)\.(\d+)-" + re.escape(flavor) + r"\/(" + "|".join(RISK_LEVELS) + ")" + ) + + # Dictionary to store the highest risk level for each major.minor + channel_map = {} + + for channel in available_channels: + match = pattern.match(channel) + if match: + major, minor, risk = match.groups() + major_minor = (int(major), int(minor)) + + # Store only the highest risk level channel for each major.minor + if major_minor not in channel_map or RISK_LEVELS.index( + risk + ) < RISK_LEVELS.index(channel_map[major_minor][1]): + channel_map[major_minor] = (channel, risk) + + # Sort channels by major and minor version in descending order + sorted_channels = sorted(channel_map.keys(), reverse=False) + + # Prepare final channel list + final_channels = [channel_map[mm][0] for mm in sorted_channels[:num_of_channels]] + + if include_latest: + latest_channel = f"latest/edge/{flavor}" + final_channels.append(latest_channel) + + return final_channels diff --git a/tests/integration/tests/test_version_upgrades.py b/tests/integration/tests/test_version_upgrades.py new file mode 100644 index 000000000..92ef2437e --- /dev/null +++ b/tests/integration/tests/test_version_upgrades.py @@ -0,0 +1,54 @@ +# +# Copyright 2024 Canonical, Ltd. +# +import logging +from typing import List + +import pytest +from test_util import config, harness, snap, util + +LOG = logging.getLogger(__name__) + + +@pytest.mark.node_count(1) +@pytest.mark.no_setup() +@pytest.mark.xfail("cilium failures are blocking this from working") +@pytest.mark.skipif( + not config.VERSION_UPGRADE_CHANNELS, reason="No upgrade channels configured" +) +def test_version_upgrades(instances: List[harness.Instance]): + channels = config.VERSION_UPGRADE_CHANNELS + cp = instances[0] + + if channels[0].lower() == "recent": + if len(channels) != 3: + pytest.fail( + "'recent' requires the number of releases as second argument and the flavour as third argument" + ) + _, num_channels, flavour = channels + arch = cp.exec( + ["dpkg", "--print-architecture"], text=True, capture_output=True + ).stdout.strip() + channels = snap.get_latest_channels(int(num_channels), flavour, arch) + + LOG.info( + f"Bootstrap node on {channels[0]} and upgrade through channels: {channels[1:]}" + ) + + # Setup the k8s snap from the bootstrap channel and setup basic configuration. + cp.exec(["snap", "install", "k8s", "--channel", channels[0], "--classic"]) + cp.exec(["k8s", "bootstrap"]) + + util.stubbornly(retries=30, delay_s=20).until(util.ready_nodes(cp) == 1) + + current_channel = channels[0] + for channel in channels[1:]: + LOG.info(f"Upgrading {cp.id} from {current_channel} to channel {channel}") + # Log the current snap version on the node. + cp.exec(["snap", "info", "k8s"]) + + # note: the `--classic` flag will be ignored by snapd for strict snaps. + cp.exec(["snap", "refresh", "k8s", "--channel", channel, "--classic"]) + + util.stubbornly(retries=30, delay_s=20).until(util.ready_nodes(cp) == 1) + LOG.info(f"Upgraded {cp.id} to channel {channel}") From a5d0ae408bf39e0d27b9f5eb7927a208648f9143 Mon Sep 17 00:00:00 2001 From: Lucian Petrut Date: Tue, 24 Sep 2024 11:43:40 +0300 Subject: [PATCH 023/122] Return non-zero exit code in case of errors (#690) * Return non-zero exit code in case of errors At the moment, k8s and k8sd return 0 even if the command fails, which is a problem especially when used inside scripts. We'll ensure that a non-zero exit code is returned if the commands fail. * Update the cluster recovery command to use cobra "Run" The cluster recovery command currently uses "RunE" and returns an error in case of failures. To stay consistent with other commands, we'll use "Run" and call env.Exit as part of the command callback instead of returning the errors. --- src/k8s/cmd/k8sd/k8sd.go | 2 +- src/k8s/cmd/k8sd/k8sd_cluster_recover.go | 27 ++++++++++++------------ src/k8s/cmd/main.go | 18 +++++++++++++--- 3 files changed, 30 insertions(+), 17 deletions(-) diff --git a/src/k8s/cmd/k8sd/k8sd.go b/src/k8s/cmd/k8sd/k8sd.go index dedfafdf7..3fd28264a 100644 --- a/src/k8s/cmd/k8sd/k8sd.go +++ b/src/k8s/cmd/k8sd/k8sd.go @@ -91,7 +91,7 @@ func NewRootCmd(env cmdutil.ExecutionEnvironment) *cobra.Command { addCommands( cmd, &cobra.Group{ID: "cluster", Title: "K8sd clustering commands:"}, - newClusterRecoverCmd(), + newClusterRecoverCmd(env), ) return cmd diff --git a/src/k8s/cmd/k8sd/k8sd_cluster_recover.go b/src/k8s/cmd/k8sd/k8sd_cluster_recover.go index 204dbbabd..661e0a646 100755 --- a/src/k8s/cmd/k8sd/k8sd_cluster_recover.go +++ b/src/k8s/cmd/k8sd/k8sd_cluster_recover.go @@ -24,6 +24,7 @@ import ( "golang.org/x/sys/unix" "gopkg.in/yaml.v2" + cmdutil "github.com/canonical/k8s/cmd/util" "github.com/canonical/k8s/pkg/log" "github.com/canonical/k8s/pkg/utils" ) @@ -100,26 +101,28 @@ func logDebugf(format string, args ...interface{}) { } -func newClusterRecoverCmd() *cobra.Command { +func newClusterRecoverCmd(env cmdutil.ExecutionEnvironment) *cobra.Command { cmd := &cobra.Command{ Use: "cluster-recover", Short: "Recover the cluster from this member if quorum is lost", - RunE: func(cmd *cobra.Command, args []string) error { + Run: func(cmd *cobra.Command, args []string) { log.Configure(log.Options{ LogLevel: rootCmdOpts.logLevel, AddDirHeader: true, }) if err := recoveryCmdPrechecks(cmd.Context()); err != nil { - return err + cmd.PrintErrf("Recovery precheck failed: %v\n", err) + env.Exit(1) } if clusterRecoverOpts.SkipK8sd { - cmd.Printf("Skipping k8sd recovery.") + cmd.Printf("Skipping k8sd recovery.\n") } else { k8sdTarballPath, err := recoverK8sd() if err != nil { - return fmt.Errorf("failed to recover k8sd, error: %w", err) + cmd.PrintErrf("Failed to recover k8sd, error: %v\n", err) + env.Exit(1) } cmd.Printf("K8sd cluster changes applied.\n") cmd.Printf("New database state saved to %s\n", k8sdTarballPath) @@ -130,15 +133,15 @@ func newClusterRecoverCmd() *cobra.Command { } if clusterRecoverOpts.SkipK8sDqlite { - cmd.Printf("Skipping k8s-dqlite recovery.") + cmd.Printf("Skipping k8s-dqlite recovery.\n") } else { k8sDqlitePreRecoveryTarball, k8sDqlitePostRecoveryTarball, err := recoverK8sDqlite() if err != nil { - return fmt.Errorf( - "failed to recover k8s-dqlite, error: %w, "+ - "pre-recovery backup: %s", - err, k8sDqlitePreRecoveryTarball, - ) + cmd.PrintErrf( + "Failed to recover k8s-dqlite, error: %v, "+ + "pre-recovery backup: %s\n", + err, k8sDqlitePreRecoveryTarball) + env.Exit(1) } cmd.Printf("K8s-dqlite cluster changes applied.\n") cmd.Printf("New database state saved to %s\n", @@ -148,8 +151,6 @@ func newClusterRecoverCmd() *cobra.Command { k8sDqlitePostRecoveryTarball, clusterRecoverOpts.K8sDqliteStateDir) cmd.Printf("Pre-recovery database backup: %s\n\n", k8sDqlitePreRecoveryTarball) } - - return nil }, } diff --git a/src/k8s/cmd/main.go b/src/k8s/cmd/main.go index 578449308..5e4b38bf1 100644 --- a/src/k8s/cmd/main.go +++ b/src/k8s/cmd/main.go @@ -30,14 +30,26 @@ func main() { // choose command based on the binary name base := filepath.Base(os.Args[0]) + var err error switch base { case "k8s-apiserver-proxy": - k8s_apiserver_proxy.NewRootCmd(env).ExecuteContext(ctx) + err = k8s_apiserver_proxy.NewRootCmd(env).ExecuteContext(ctx) case "k8sd": - k8sd.NewRootCmd(env).ExecuteContext(ctx) + err = k8sd.NewRootCmd(env).ExecuteContext(ctx) case "k8s": - k8s.NewRootCmd(env).ExecuteContext(ctx) + err = k8s.NewRootCmd(env).ExecuteContext(ctx) default: panic(fmt.Errorf("invalid entrypoint name %q", base)) } + + // Although k8s commands typically use Run instead of RunE and handle + // errors directly within the command execution, this acts as a safeguard in + // case any are overlooked. + // + // Furthermore, the Cobra framework may not invoke the "Run*" entry points + // at all in case of argument parsing errors, in which case we *need* to + // handle the errors here. + if err != nil { + env.Exit(1) + } } From a2c00fb6be9951f582e139d83d97ad1dceb4ec13 Mon Sep 17 00:00:00 2001 From: Homayoon Alimohammadi Date: Tue, 24 Sep 2024 12:48:18 +0400 Subject: [PATCH 024/122] Use map of struct instead of bool (#693) --- src/k8s/pkg/k8sd/features/metallb/loadbalancer.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/k8s/pkg/k8sd/features/metallb/loadbalancer.go b/src/k8s/pkg/k8sd/features/metallb/loadbalancer.go index ef199d600..63df51e3b 100644 --- a/src/k8s/pkg/k8sd/features/metallb/loadbalancer.go +++ b/src/k8s/pkg/k8sd/features/metallb/loadbalancer.go @@ -170,13 +170,13 @@ func waitForRequiredLoadBalancerCRDs(ctx context.Context, snap snap.Snap, bgpMod return false, nil } - requiredCRDs := map[string]bool{ - "metallb.io/v1beta1:ipaddresspools": true, - "metallb.io/v1beta1:l2advertisements": true, + requiredCRDs := map[string]struct{}{ + "metallb.io/v1beta1:ipaddresspools": {}, + "metallb.io/v1beta1:l2advertisements": {}, } if bgpMode { - requiredCRDs["metallb.io/v1beta2:bgppeers"] = true - requiredCRDs["metallb.io/v1beta1:bgpadvertisements"] = true + requiredCRDs["metallb.io/v1beta2:bgppeers"] = struct{}{} + requiredCRDs["metallb.io/v1beta1:bgpadvertisements"] = struct{}{} } requiredCount := len(requiredCRDs) From c74b9f580f92b2fc6b77bf4ad692eb348b62a17f Mon Sep 17 00:00:00 2001 From: "Louise K. Schmidtgen" Date: Thu, 26 Sep 2024 08:14:17 +0200 Subject: [PATCH 025/122] Restoring the Microcluster Schema Migration History (#689) --- src/k8s/pkg/k8sd/database/schema.go | 2 ++ .../k8sd/database/sql/migrations/worker-nodes/000-create.sql | 2 +- .../k8sd/database/sql/migrations/worker-nodes/001-delete.sql | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 src/k8s/pkg/k8sd/database/sql/migrations/worker-nodes/001-delete.sql diff --git a/src/k8s/pkg/k8sd/database/schema.go b/src/k8s/pkg/k8sd/database/schema.go index b2cae9125..44d665629 100644 --- a/src/k8s/pkg/k8sd/database/schema.go +++ b/src/k8s/pkg/k8sd/database/schema.go @@ -18,9 +18,11 @@ var ( SchemaExtensions = []schema.Update{ schemaApplyMigration("kubernetes-auth-tokens", "000-create.sql"), schemaApplyMigration("cluster-configs", "000-create.sql"), + schemaApplyMigration("worker-nodes", "000-create.sql"), schemaApplyMigration("worker-tokens", "000-create.sql"), schemaApplyMigration("feature-status", "000-feature-status.sql"), schemaApplyMigration("worker-tokens", "001-add-expiry.sql"), + schemaApplyMigration("worker-nodes", "001-delete.sql"), } //go:embed sql/migrations diff --git a/src/k8s/pkg/k8sd/database/sql/migrations/worker-nodes/000-create.sql b/src/k8s/pkg/k8sd/database/sql/migrations/worker-nodes/000-create.sql index be3330716..893edba7b 100644 --- a/src/k8s/pkg/k8sd/database/sql/migrations/worker-nodes/000-create.sql +++ b/src/k8s/pkg/k8sd/database/sql/migrations/worker-nodes/000-create.sql @@ -2,4 +2,4 @@ CREATE TABLE worker_nodes ( id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, name TEXT NOT NULL, UNIQUE(name) -); +) diff --git a/src/k8s/pkg/k8sd/database/sql/migrations/worker-nodes/001-delete.sql b/src/k8s/pkg/k8sd/database/sql/migrations/worker-nodes/001-delete.sql new file mode 100644 index 000000000..2c47ee2fc --- /dev/null +++ b/src/k8s/pkg/k8sd/database/sql/migrations/worker-nodes/001-delete.sql @@ -0,0 +1 @@ +DROP TABLE IF EXISTS worker_nodes From d3c4a36febb0fdae692809a3071eee45d599a55b Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Fri, 27 Sep 2024 20:01:53 +0200 Subject: [PATCH 026/122] Add IPv6 unittests for cluster setup (#698) --- .../k8sd/setup/k8s_apiserver_proxy_test.go | 25 +++++++++++++++++ src/k8s/pkg/k8sd/setup/kube_apiserver_test.go | 26 ++++++++++++++++++ src/k8s/pkg/k8sd/setup/kube_proxy_test.go | 26 ++++++++++++++++++ src/k8s/pkg/k8sd/setup/kubelet.go | 2 +- src/k8s/pkg/k8sd/setup/kubelet_test.go | 27 +++++++++++++++++++ 5 files changed, 105 insertions(+), 1 deletion(-) diff --git a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go index ded12d037..385c23e39 100644 --- a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go +++ b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go @@ -130,4 +130,29 @@ func TestK8sApiServerProxy(t *testing.T) { // Compare the expected endpoints with those in the file g.Expect(config.Endpoints).To(Equal(endpoints)) }) + + t.Run("IPv6", func(t *testing.T) { + g := NewWithT(t) + + // Create a mock snap + s := mustSetupSnapAndDirectories(t, setKubeletMock) + s.Mock.Hostname = "dev" + + g.Expect(setup.K8sAPIServerProxy(s, nil, "[2001:db8::]", nil)).To(Succeed()) + + tests := []struct { + key string + expectedVal string + }{ + {key: "--listen", expectedVal: "[2001:db8::]:6443"}, + } + for _, tc := range tests { + t.Run(tc.key, func(t *testing.T) { + g := NewWithT(t) + val, err := snaputil.GetServiceArgument(s, "k8s-apiserver-proxy", tc.key) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(tc.expectedVal).To(Equal(val)) + }) + } + }) } diff --git a/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go b/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go index 7327a83f0..7e150c5de 100644 --- a/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go +++ b/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go @@ -245,4 +245,30 @@ func TestKubeAPIServer(t *testing.T) { g.Expect(err).To(HaveOccurred()) g.Expect(err).To(MatchError(ContainSubstring("unsupported datastore"))) }) + + t.Run("IPv6", func(t *testing.T) { + g := NewWithT(t) + + // Create a mock snap + s := mustSetupSnapAndDirectories(t, setKubeletMock) + s.Mock.Hostname = "dev" + + g.Expect(setup.KubeAPIServer(s, net.ParseIP("2001:db8::"), "fd98::/108", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", nil)).To(Succeed()) + + tests := []struct { + key string + expectedVal string + }{ + {key: "--advertise-address", expectedVal: "2001:db8::"}, + {key: "--service-cluster-ip-range", expectedVal: "fd98::/108"}, + } + for _, tc := range tests { + t.Run(tc.key, func(t *testing.T) { + g := NewWithT(t) + val, err := snaputil.GetServiceArgument(s, "kube-apiserver", tc.key) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(tc.expectedVal).To(Equal(val)) + }) + } + }) } diff --git a/src/k8s/pkg/k8sd/setup/kube_proxy_test.go b/src/k8s/pkg/k8sd/setup/kube_proxy_test.go index b6f77bb8e..756f4f2a4 100644 --- a/src/k8s/pkg/k8sd/setup/kube_proxy_test.go +++ b/src/k8s/pkg/k8sd/setup/kube_proxy_test.go @@ -109,4 +109,30 @@ func TestKubeProxy(t *testing.T) { g.Expect(err).To(BeNil()) g.Expect(val).To(BeEmpty()) }) + + t.Run("IPv6", func(t *testing.T) { + g := NewWithT(t) + + // Create a mock snap + s := mustSetupSnapAndDirectories(t, setKubeletMock) + s.Mock.Hostname = "dev" + + g.Expect(setup.KubeProxy(context.Background(), s, "dev", "fd98::/108", "[::1]", nil)).To(BeNil()) + + tests := []struct { + key string + expectedVal string + }{ + {key: "--cluster-cidr", expectedVal: "fd98::/108"}, + {key: "--healthz-bind-address", expectedVal: "[::1]:10256"}, + } + for _, tc := range tests { + t.Run(tc.key, func(t *testing.T) { + g := NewWithT(t) + val, err := snaputil.GetServiceArgument(s, "kube-proxy", tc.key) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(tc.expectedVal).To(Equal(val)) + }) + } + }) } diff --git a/src/k8s/pkg/k8sd/setup/kubelet.go b/src/k8s/pkg/k8sd/setup/kubelet.go index b6a5115dc..ff4cd9e0f 100644 --- a/src/k8s/pkg/k8sd/setup/kubelet.go +++ b/src/k8s/pkg/k8sd/setup/kubelet.go @@ -81,7 +81,7 @@ func kubelet(snap snap.Snap, hostname string, nodeIP net.IP, clusterDNS string, args["--cluster-domain"] = clusterDomain } if nodeIP != nil && !nodeIP.IsLoopback() { - args["--node-ip"] = utils.ToIPString(nodeIP) + args["--node-ip"] = nodeIP.String() } if _, err := snaputil.UpdateServiceArguments(snap, "kubelet", args, nil); err != nil { return fmt.Errorf("failed to render arguments file: %w", err) diff --git a/src/k8s/pkg/k8sd/setup/kubelet_test.go b/src/k8s/pkg/k8sd/setup/kubelet_test.go index 99129e3d5..32e8c0ca0 100644 --- a/src/k8s/pkg/k8sd/setup/kubelet_test.go +++ b/src/k8s/pkg/k8sd/setup/kubelet_test.go @@ -400,4 +400,31 @@ func TestKubelet(t *testing.T) { g.Expect(err).To(BeNil()) g.Expect(val).To(BeEmpty()) }) + + t.Run("IPv6", func(t *testing.T) { + g := NewWithT(t) + + // Create a mock snap + s := mustSetupSnapAndDirectories(t, setKubeletMock) + s.Mock.Hostname = "dev" + + // Call the kubelet control plane setup function + g.Expect(setup.KubeletControlPlane(s, "dev", net.ParseIP("2001:db8::"), "2001:db8::1", "test-cluster.local", "provider", nil, nil)).To(Succeed()) + + tests := []struct { + key string + expectedVal string + }{ + {key: "--cluster-dns", expectedVal: "2001:db8::1"}, + {key: "--node-ip", expectedVal: "2001:db8::"}, + } + for _, tc := range tests { + t.Run(tc.key, func(t *testing.T) { + g := NewWithT(t) + val, err := snaputil.GetServiceArgument(s, "kubelet", tc.key) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(tc.expectedVal).To(Equal(val)) + }) + } + }) } From 9e0a43c44482c0ab0c7e1d43852715e64ee2ef12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berkay=20Tekin=20=C3=96z?= Date: Fri, 27 Sep 2024 21:20:25 +0300 Subject: [PATCH 027/122] Point cilium to talk to the local apiserver or apiserver-proxy (#697) --- src/k8s/pkg/k8sd/api/certificates_refresh.go | 4 +- src/k8s/pkg/k8sd/app/hooks_bootstrap.go | 26 +++++++-- src/k8s/pkg/k8sd/app/hooks_join.go | 2 +- src/k8s/pkg/k8sd/controllers/feature.go | 2 +- src/k8s/pkg/k8sd/features/calico/network.go | 12 ++-- .../pkg/k8sd/features/calico/network_test.go | 52 ++++++++++++------ src/k8s/pkg/k8sd/features/cilium/network.go | 17 ++++-- .../pkg/k8sd/features/cilium/network_test.go | 55 +++++++++++++------ src/k8s/pkg/k8sd/features/interface.go | 8 +-- src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy.go | 4 +- .../k8sd/setup/k8s_apiserver_proxy_test.go | 12 ++-- src/k8s/pkg/k8sd/setup/kube_apiserver.go | 5 +- src/k8s/pkg/k8sd/setup/kube_apiserver_test.go | 12 ++-- .../pkg/k8sd/types/cluster_config_merge.go | 1 + .../pkg/k8sd/types/cluster_config_network.go | 16 +++--- 15 files changed, 147 insertions(+), 81 deletions(-) diff --git a/src/k8s/pkg/k8sd/api/certificates_refresh.go b/src/k8s/pkg/k8sd/api/certificates_refresh.go index b08dada6b..4e3694114 100644 --- a/src/k8s/pkg/k8sd/api/certificates_refresh.go +++ b/src/k8s/pkg/k8sd/api/certificates_refresh.go @@ -282,10 +282,10 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo } // Kubeconfigs - if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "kubelet.conf"), fmt.Sprintf("%s:6443", localhostAddress), certificates.CACert, certificates.KubeletClientCert, certificates.KubeletClientKey); err != nil { + if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "kubelet.conf"), fmt.Sprintf("%s:%d", localhostAddress, clusterConfig.APIServer.GetSecurePort()), certificates.CACert, certificates.KubeletClientCert, certificates.KubeletClientKey); err != nil { return response.InternalError(fmt.Errorf("failed to generate kubelet kubeconfig: %w", err)) } - if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "proxy.conf"), fmt.Sprintf("%s:6443", localhostAddress), certificates.CACert, certificates.KubeProxyClientCert, certificates.KubeProxyClientKey); err != nil { + if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "proxy.conf"), fmt.Sprintf("%s:%d", localhostAddress, clusterConfig.APIServer.GetSecurePort()), certificates.CACert, certificates.KubeProxyClientCert, certificates.KubeProxyClientKey); err != nil { return response.InternalError(fmt.Errorf("failed to generate kube-proxy kubeconfig: %w", err)) } diff --git a/src/k8s/pkg/k8sd/app/hooks_bootstrap.go b/src/k8s/pkg/k8sd/app/hooks_bootstrap.go index ccd828d1d..2e35b9be6 100644 --- a/src/k8s/pkg/k8sd/app/hooks_bootstrap.go +++ b/src/k8s/pkg/k8sd/app/hooks_bootstrap.go @@ -10,6 +10,8 @@ import ( "net" "net/http" "path/filepath" + "strconv" + "strings" "time" apiv1 "github.com/canonical/k8s-snap-api/api/v1" @@ -184,11 +186,22 @@ func (a *App) onBootstrapWorkerNode(ctx context.Context, s state.State, encodedT localhostAddress = "127.0.0.1" } + port := "6443" + if len(response.APIServers) == 0 { + return fmt.Errorf("no APIServers found in worker node info") + } + // Get the secure port from the first APIServer since they should all be the same. + port = response.APIServers[0][strings.LastIndex(response.APIServers[0], ":")+1:] + securePort, err := strconv.Atoi(port) + if err != nil { + return fmt.Errorf("failed to parse apiserver secure port: %w", err) + } + // Kubeconfigs - if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "kubelet.conf"), fmt.Sprintf("%s:6443", localhostAddress), certificates.CACert, certificates.KubeletClientCert, certificates.KubeletClientKey); err != nil { + if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "kubelet.conf"), fmt.Sprintf("%s:%d", localhostAddress, securePort), certificates.CACert, certificates.KubeletClientCert, certificates.KubeletClientKey); err != nil { return fmt.Errorf("failed to generate kubelet kubeconfig: %w", err) } - if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "proxy.conf"), fmt.Sprintf("%s:6443", localhostAddress), certificates.CACert, certificates.KubeProxyClientCert, certificates.KubeProxyClientKey); err != nil { + if err := setup.Kubeconfig(filepath.Join(snap.KubernetesConfigDir(), "proxy.conf"), fmt.Sprintf("%s:%d", localhostAddress, securePort), certificates.CACert, certificates.KubeProxyClientCert, certificates.KubeProxyClientKey); err != nil { return fmt.Errorf("failed to generate kube-proxy kubeconfig: %w", err) } @@ -203,6 +216,9 @@ func (a *App) onBootstrapWorkerNode(ctx context.Context, s state.State, encodedT // TODO(neoaggelos): We should be explicit here and try to avoid having worker nodes use // or set other cluster configuration keys by accident. cfg := types.ClusterConfig{ + APIServer: types.APIServer{ + SecurePort: utils.Pointer(securePort), + }, Network: types.Network{ PodCIDR: utils.Pointer(response.PodCIDR), ServiceCIDR: utils.Pointer(response.ServiceCIDR), @@ -239,7 +255,7 @@ func (a *App) onBootstrapWorkerNode(ctx context.Context, s state.State, encodedT if err := setup.KubeProxy(ctx, snap, s.Name(), response.PodCIDR, localhostAddress, joinConfig.ExtraNodeKubeProxyArgs); err != nil { return fmt.Errorf("failed to configure kube-proxy: %w", err) } - if err := setup.K8sAPIServerProxy(snap, response.APIServers, localhostAddress, joinConfig.ExtraNodeK8sAPIServerProxyArgs); err != nil { + if err := setup.K8sAPIServerProxy(snap, response.APIServers, securePort, joinConfig.ExtraNodeK8sAPIServerProxyArgs); err != nil { return fmt.Errorf("failed to configure k8s-apiserver-proxy: %w", err) } if err := setup.ExtraNodeConfigFiles(snap, joinConfig.ExtraNodeConfigFiles); err != nil { @@ -291,6 +307,8 @@ func (a *App) onBootstrapControlPlane(ctx context.Context, s state.State, bootst localhostAddress = "127.0.0.1" } + cfg.Network.LocalhostAddress = utils.Pointer(localhostAddress) + // Create directories if err := setup.EnsureAllDirectories(snap); err != nil { return fmt.Errorf("failed to create directories: %w", err) @@ -441,7 +459,7 @@ func (a *App) onBootstrapControlPlane(ctx context.Context, s state.State, bootst if err := setup.KubeScheduler(snap, bootstrapConfig.ExtraNodeKubeSchedulerArgs); err != nil { return fmt.Errorf("failed to configure kube-scheduler: %w", err) } - if err := setup.KubeAPIServer(snap, nodeIP, cfg.Network.GetServiceCIDR(), s.Address().Path("1.0", "kubernetes", "auth", "webhook").String(), true, cfg.Datastore, cfg.APIServer.GetAuthorizationMode(), bootstrapConfig.ExtraNodeKubeAPIServerArgs); err != nil { + if err := setup.KubeAPIServer(snap, cfg.APIServer.GetSecurePort(), nodeIP, cfg.Network.GetServiceCIDR(), s.Address().Path("1.0", "kubernetes", "auth", "webhook").String(), true, cfg.Datastore, cfg.APIServer.GetAuthorizationMode(), bootstrapConfig.ExtraNodeKubeAPIServerArgs); err != nil { return fmt.Errorf("failed to configure kube-apiserver: %w", err) } diff --git a/src/k8s/pkg/k8sd/app/hooks_join.go b/src/k8s/pkg/k8sd/app/hooks_join.go index 075d2f6bb..ac67b526f 100644 --- a/src/k8s/pkg/k8sd/app/hooks_join.go +++ b/src/k8s/pkg/k8sd/app/hooks_join.go @@ -199,7 +199,7 @@ func (a *App) onPostJoin(ctx context.Context, s state.State, initConfig map[stri if err := setup.KubeScheduler(snap, joinConfig.ExtraNodeKubeSchedulerArgs); err != nil { return fmt.Errorf("failed to configure kube-scheduler: %w", err) } - if err := setup.KubeAPIServer(snap, nodeIP, cfg.Network.GetServiceCIDR(), s.Address().Path("1.0", "kubernetes", "auth", "webhook").String(), true, cfg.Datastore, cfg.APIServer.GetAuthorizationMode(), joinConfig.ExtraNodeKubeAPIServerArgs); err != nil { + if err := setup.KubeAPIServer(snap, cfg.APIServer.GetSecurePort(), nodeIP, cfg.Network.GetServiceCIDR(), s.Address().Path("1.0", "kubernetes", "auth", "webhook").String(), true, cfg.Datastore, cfg.APIServer.GetAuthorizationMode(), joinConfig.ExtraNodeKubeAPIServerArgs); err != nil { return fmt.Errorf("failed to configure kube-apiserver: %w", err) } diff --git a/src/k8s/pkg/k8sd/controllers/feature.go b/src/k8s/pkg/k8sd/controllers/feature.go index 909a43bc3..4013e0cbc 100644 --- a/src/k8s/pkg/k8sd/controllers/feature.go +++ b/src/k8s/pkg/k8sd/controllers/feature.go @@ -79,7 +79,7 @@ func (c *FeatureController) Run( ctx = log.NewContext(ctx, log.FromContext(ctx).WithValues("controller", "feature")) go c.reconcileLoop(ctx, getClusterConfig, setFeatureStatus, features.Network, c.triggerNetworkCh, c.reconciledNetworkCh, func(cfg types.ClusterConfig) (types.FeatureStatus, error) { - return features.Implementation.ApplyNetwork(ctx, c.snap, cfg.Network, cfg.Annotations) + return features.Implementation.ApplyNetwork(ctx, c.snap, cfg.APIServer, cfg.Network, cfg.Annotations) }) go c.reconcileLoop(ctx, getClusterConfig, setFeatureStatus, features.Gateway, c.triggerGatewayCh, c.reconciledGatewayCh, func(cfg types.ClusterConfig) (types.FeatureStatus, error) { diff --git a/src/k8s/pkg/k8sd/features/calico/network.go b/src/k8s/pkg/k8sd/features/calico/network.go index 82e98c788..f89651df2 100644 --- a/src/k8s/pkg/k8sd/features/calico/network.go +++ b/src/k8s/pkg/k8sd/features/calico/network.go @@ -17,16 +17,16 @@ const ( deleteFailedMsgTmpl = "Failed to delete Calico, the error was: %v" ) -// ApplyNetwork will deploy Calico when cfg.Enabled is true. -// ApplyNetwork will remove Calico when cfg.Enabled is false. +// ApplyNetwork will deploy Calico when network.Enabled is true. +// ApplyNetwork will remove Calico when network.Enabled is false. // ApplyNetwork will always return a FeatureStatus indicating the current status of the // deployment. // ApplyNetwork returns an error if anything fails. The error is also wrapped in the .Message field of the // returned FeatureStatus. -func ApplyNetwork(ctx context.Context, snap snap.Snap, cfg types.Network, annotations types.Annotations) (types.FeatureStatus, error) { +func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer, network types.Network, annotations types.Annotations) (types.FeatureStatus, error) { m := snap.HelmClient() - if !cfg.GetEnabled() { + if !network.GetEnabled() { if _, err := m.Apply(ctx, ChartCalico, helm.StateDeleted, nil); err != nil { err = fmt.Errorf("failed to uninstall network: %w", err) return types.FeatureStatus{ @@ -54,7 +54,7 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, cfg types.Network, annota } podIpPools := []map[string]any{} - ipv4PodCIDR, ipv6PodCIDR, err := utils.ParseCIDRs(cfg.GetPodCIDR()) + ipv4PodCIDR, ipv6PodCIDR, err := utils.ParseCIDRs(network.GetPodCIDR()) if err != nil { err = fmt.Errorf("invalid pod cidr: %w", err) return types.FeatureStatus{ @@ -79,7 +79,7 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, cfg types.Network, annota } serviceCIDRs := []string{} - ipv4ServiceCIDR, ipv6ServiceCIDR, err := utils.ParseCIDRs(cfg.GetServiceCIDR()) + ipv4ServiceCIDR, ipv6ServiceCIDR, err := utils.ParseCIDRs(network.GetServiceCIDR()) if err != nil { err = fmt.Errorf("invalid service cidr: %v", err) return types.FeatureStatus{ diff --git a/src/k8s/pkg/k8sd/features/calico/network_test.go b/src/k8s/pkg/k8sd/features/calico/network_test.go index c0a324028..75d31e0af 100644 --- a/src/k8s/pkg/k8sd/features/calico/network_test.go +++ b/src/k8s/pkg/k8sd/features/calico/network_test.go @@ -39,11 +39,14 @@ func TestDisabled(t *testing.T) { HelmClient: helmM, }, } - cfg := types.Network{ + network := types.Network{ Enabled: ptr.To(false), } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } - status, err := calico.ApplyNetwork(context.Background(), snapM, cfg, nil) + status, err := calico.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) g.Expect(err).To(MatchError(applyErr)) g.Expect(status.Enabled).To(BeFalse()) @@ -65,11 +68,14 @@ func TestDisabled(t *testing.T) { HelmClient: helmM, }, } - cfg := types.Network{ + network := types.Network{ Enabled: ptr.To(false), } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } - status, err := calico.ApplyNetwork(context.Background(), snapM, cfg, nil) + status, err := calico.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) g.Expect(err).ToNot(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) @@ -94,12 +100,15 @@ func TestEnabled(t *testing.T) { HelmClient: helmM, }, } - cfg := types.Network{ + network := types.Network{ Enabled: ptr.To(true), PodCIDR: ptr.To("invalid-cidr"), } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } - status, err := calico.ApplyNetwork(context.Background(), snapM, cfg, defaultAnnotations) + status, err := calico.ApplyNetwork(context.Background(), snapM, apiserver, network, defaultAnnotations) g.Expect(err).To(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) @@ -115,13 +124,16 @@ func TestEnabled(t *testing.T) { HelmClient: helmM, }, } - cfg := types.Network{ + network := types.Network{ Enabled: ptr.To(true), PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), ServiceCIDR: ptr.To("invalid-cidr"), } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } - status, err := calico.ApplyNetwork(context.Background(), snapM, cfg, defaultAnnotations) + status, err := calico.ApplyNetwork(context.Background(), snapM, apiserver, network, defaultAnnotations) g.Expect(err).To(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) @@ -140,13 +152,16 @@ func TestEnabled(t *testing.T) { HelmClient: helmM, }, } - cfg := types.Network{ + network := types.Network{ Enabled: ptr.To(true), PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), ServiceCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } - status, err := calico.ApplyNetwork(context.Background(), snapM, cfg, defaultAnnotations) + status, err := calico.ApplyNetwork(context.Background(), snapM, apiserver, network, defaultAnnotations) g.Expect(err).To(MatchError(applyErr)) g.Expect(status.Enabled).To(BeFalse()) @@ -157,7 +172,7 @@ func TestEnabled(t *testing.T) { callArgs := helmM.ApplyCalledWith[0] g.Expect(callArgs.Chart).To(Equal(calico.ChartCalico)) g.Expect(callArgs.State).To(Equal(helm.StatePresent)) - validateValues(t, callArgs.Values, cfg) + validateValues(t, callArgs.Values, network) }) t.Run("Success", func(t *testing.T) { g := NewWithT(t) @@ -168,13 +183,16 @@ func TestEnabled(t *testing.T) { HelmClient: helmM, }, } - cfg := types.Network{ + network := types.Network{ Enabled: ptr.To(true), PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), ServiceCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } - status, err := calico.ApplyNetwork(context.Background(), snapM, cfg, defaultAnnotations) + status, err := calico.ApplyNetwork(context.Background(), snapM, apiserver, network, defaultAnnotations) g.Expect(err).ToNot(HaveOccurred()) g.Expect(status.Enabled).To(BeTrue()) @@ -185,17 +203,17 @@ func TestEnabled(t *testing.T) { callArgs := helmM.ApplyCalledWith[0] g.Expect(callArgs.Chart).To(Equal(calico.ChartCalico)) g.Expect(callArgs.State).To(Equal(helm.StatePresent)) - validateValues(t, callArgs.Values, cfg) + validateValues(t, callArgs.Values, network) }) } -func validateValues(t *testing.T, values map[string]any, cfg types.Network) { +func validateValues(t *testing.T, values map[string]any, network types.Network) { g := NewWithT(t) - podIPv4CIDR, podIPv6CIDR, err := utils.ParseCIDRs(cfg.GetPodCIDR()) + podIPv4CIDR, podIPv6CIDR, err := utils.ParseCIDRs(network.GetPodCIDR()) g.Expect(err).ToNot(HaveOccurred()) - svcIPv4CIDR, svcIPv6CIDR, err := utils.ParseCIDRs(cfg.GetServiceCIDR()) + svcIPv4CIDR, svcIPv6CIDR, err := utils.ParseCIDRs(network.GetServiceCIDR()) g.Expect(err).ToNot(HaveOccurred()) // calico network diff --git a/src/k8s/pkg/k8sd/features/cilium/network.go b/src/k8s/pkg/k8sd/features/cilium/network.go index 4418e8b1d..e0573d72b 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network.go +++ b/src/k8s/pkg/k8sd/features/cilium/network.go @@ -17,18 +17,18 @@ const ( networkDeployFailedMsgTmpl = "Failed to deploy Cilium Network, the error was: %v" ) -// ApplyNetwork will deploy Cilium when cfg.Enabled is true. -// ApplyNetwork will remove Cilium when cfg.Enabled is false. +// ApplyNetwork will deploy Cilium when network.Enabled is true. +// ApplyNetwork will remove Cilium when network.Enabled is false. // ApplyNetwork requires that bpf and cgroups2 are already mounted and available when running under strict snap confinement. If they are not, it will fail (since Cilium will not have the required permissions to mount them). // ApplyNetwork requires that `/sys` is mounted as a shared mount when running under classic snap confinement. This is to ensure that Cilium will be able to automatically mount bpf and cgroups2 on the pods. // ApplyNetwork will always return a FeatureStatus indicating the current status of the // deployment. // ApplyNetwork returns an error if anything fails. The error is also wrapped in the .Message field of the // returned FeatureStatus. -func ApplyNetwork(ctx context.Context, snap snap.Snap, cfg types.Network, _ types.Annotations) (types.FeatureStatus, error) { +func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer, network types.Network, _ types.Annotations) (types.FeatureStatus, error) { m := snap.HelmClient() - if !cfg.GetEnabled() { + if !network.GetEnabled() { if _, err := m.Apply(ctx, ChartCilium, helm.StateDeleted, nil); err != nil { err = fmt.Errorf("failed to uninstall network: %w", err) return types.FeatureStatus{ @@ -44,7 +44,7 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, cfg types.Network, _ type }, nil } - ipv4CIDR, ipv6CIDR, err := utils.ParseCIDRs(cfg.GetPodCIDR()) + ipv4CIDR, ipv6CIDR, err := utils.ParseCIDRs(network.GetPodCIDR()) if err != nil { err = fmt.Errorf("invalid kube-proxy --cluster-cidr value: %v", err) return types.FeatureStatus{ @@ -87,10 +87,17 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, cfg types.Network, _ type "clusterPoolIPv6PodCIDRList": ipv6CIDR, }, }, + // https://docs.cilium.io/en/v1.15/network/kubernetes/kubeproxy-free/#kube-proxy-hybrid-modes "nodePort": map[string]any{ "enabled": true, + // kube-proxy also binds to the same port for health checks so we need to disable it + "enableHealthCheck": false, }, "disableEnvoyVersionCheck": true, + // socketLB requires an endpoint to the apiserver that's not managed by the kube-proxy + // so we point to the localhost:secureport to talk to either the kube-apiserver or the kube-apiserver-proxy + "k8sServiceHost": network.GetLocalhostAddress(), + "k8sServicePort": apiserver.GetSecurePort(), } if snap.Strict() { diff --git a/src/k8s/pkg/k8sd/features/cilium/network_test.go b/src/k8s/pkg/k8sd/features/cilium/network_test.go index 175cd95a0..978bebc0e 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/network_test.go @@ -32,11 +32,14 @@ func TestNetworkDisabled(t *testing.T) { HelmClient: helmM, }, } - cfg := types.Network{ + network := types.Network{ Enabled: ptr.To(false), } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } - status, err := cilium.ApplyNetwork(context.Background(), snapM, cfg, nil) + status, err := cilium.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) g.Expect(err).To(MatchError(applyErr)) g.Expect(status.Enabled).To(BeFalse()) @@ -58,11 +61,14 @@ func TestNetworkDisabled(t *testing.T) { HelmClient: helmM, }, } - cfg := types.Network{ + network := types.Network{ Enabled: ptr.To(false), } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } - status, err := cilium.ApplyNetwork(context.Background(), snapM, cfg, nil) + status, err := cilium.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) g.Expect(err).ToNot(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) @@ -87,12 +93,15 @@ func TestNetworkEnabled(t *testing.T) { HelmClient: helmM, }, } - cfg := types.Network{ + network := types.Network{ Enabled: ptr.To(true), PodCIDR: ptr.To("invalid-cidr"), } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } - status, err := cilium.ApplyNetwork(context.Background(), snapM, cfg, nil) + status, err := cilium.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) g.Expect(err).To(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) @@ -109,12 +118,16 @@ func TestNetworkEnabled(t *testing.T) { Strict: true, }, } - cfg := types.Network{ - Enabled: ptr.To(true), - PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + network := types.Network{ + Enabled: ptr.To(true), + LocalhostAddress: ptr.To("127.0.0.1"), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), } - status, err := cilium.ApplyNetwork(context.Background(), snapM, cfg, nil) + status, err := cilium.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) g.Expect(err).ToNot(HaveOccurred()) g.Expect(status.Enabled).To(BeTrue()) @@ -125,7 +138,7 @@ func TestNetworkEnabled(t *testing.T) { callArgs := helmM.ApplyCalledWith[0] g.Expect(callArgs.Chart).To(Equal(cilium.ChartCilium)) g.Expect(callArgs.State).To(Equal(helm.StatePresent)) - validateNetworkValues(t, callArgs.Values, cfg, snapM) + validateNetworkValues(t, callArgs.Values, network, snapM) }) t.Run("HelmApplyFails", func(t *testing.T) { g := NewWithT(t) @@ -139,12 +152,16 @@ func TestNetworkEnabled(t *testing.T) { HelmClient: helmM, }, } - cfg := types.Network{ - Enabled: ptr.To(true), - PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + network := types.Network{ + Enabled: ptr.To(true), + LocalhostAddress: ptr.To("127.0.0.1"), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), } - status, err := cilium.ApplyNetwork(context.Background(), snapM, cfg, nil) + status, err := cilium.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) g.Expect(err).To(MatchError(applyErr)) g.Expect(status.Enabled).To(BeFalse()) @@ -155,15 +172,15 @@ func TestNetworkEnabled(t *testing.T) { callArgs := helmM.ApplyCalledWith[0] g.Expect(callArgs.Chart).To(Equal(cilium.ChartCilium)) g.Expect(callArgs.State).To(Equal(helm.StatePresent)) - validateNetworkValues(t, callArgs.Values, cfg, snapM) + validateNetworkValues(t, callArgs.Values, network, snapM) }) } -func validateNetworkValues(t *testing.T, values map[string]any, cfg types.Network, snap snap.Snap) { +func validateNetworkValues(t *testing.T, values map[string]any, network types.Network, snap snap.Snap) { t.Helper() g := NewWithT(t) - ipv4CIDR, ipv6CIDR, err := utils.ParseCIDRs(cfg.GetPodCIDR()) + ipv4CIDR, ipv6CIDR, err := utils.ParseCIDRs(network.GetPodCIDR()) g.Expect(err).ToNot(HaveOccurred()) bpfMount, err := utils.GetMountPath("bpf") @@ -177,6 +194,8 @@ func validateNetworkValues(t *testing.T, values map[string]any, cfg types.Networ g.Expect(values["cgroup"].(map[string]any)["hostRoot"]).To(Equal(cgrMount)) } + g.Expect(values["k8sServiceHost"]).To(Equal("127.0.0.1")) + g.Expect(values["k8sServicePort"]).To(Equal(6443)) g.Expect(values["ipam"].(map[string]any)["operator"].(map[string]any)["clusterPoolIPv4PodCIDRList"]).To(Equal(ipv4CIDR)) g.Expect(values["ipam"].(map[string]any)["operator"].(map[string]any)["clusterPoolIPv6PodCIDRList"]).To(Equal(ipv6CIDR)) g.Expect(values["ipv4"].(map[string]any)["enabled"]).To(Equal((ipv4CIDR != ""))) diff --git a/src/k8s/pkg/k8sd/features/interface.go b/src/k8s/pkg/k8sd/features/interface.go index 18eb4a978..ea3651a75 100644 --- a/src/k8s/pkg/k8sd/features/interface.go +++ b/src/k8s/pkg/k8sd/features/interface.go @@ -12,7 +12,7 @@ type Interface interface { // ApplyDNS is used to configure the DNS feature on Canonical Kubernetes. ApplyDNS(context.Context, snap.Snap, types.DNS, types.Kubelet, types.Annotations) (types.FeatureStatus, string, error) // ApplyNetwork is used to configure the network feature on Canonical Kubernetes. - ApplyNetwork(context.Context, snap.Snap, types.Network, types.Annotations) (types.FeatureStatus, error) + ApplyNetwork(context.Context, snap.Snap, types.APIServer, types.Network, types.Annotations) (types.FeatureStatus, error) // ApplyLoadBalancer is used to configure the load-balancer feature on Canonical Kubernetes. ApplyLoadBalancer(context.Context, snap.Snap, types.LoadBalancer, types.Network, types.Annotations) (types.FeatureStatus, error) // ApplyIngress is used to configure the ingress controller feature on Canonical Kubernetes. @@ -28,7 +28,7 @@ type Interface interface { // implementation implements Interface. type implementation struct { applyDNS func(context.Context, snap.Snap, types.DNS, types.Kubelet, types.Annotations) (types.FeatureStatus, string, error) - applyNetwork func(context.Context, snap.Snap, types.Network, types.Annotations) (types.FeatureStatus, error) + applyNetwork func(context.Context, snap.Snap, types.APIServer, types.Network, types.Annotations) (types.FeatureStatus, error) applyLoadBalancer func(context.Context, snap.Snap, types.LoadBalancer, types.Network, types.Annotations) (types.FeatureStatus, error) applyIngress func(context.Context, snap.Snap, types.Ingress, types.Network, types.Annotations) (types.FeatureStatus, error) applyGateway func(context.Context, snap.Snap, types.Gateway, types.Network, types.Annotations) (types.FeatureStatus, error) @@ -40,8 +40,8 @@ func (i *implementation) ApplyDNS(ctx context.Context, snap snap.Snap, dns types return i.applyDNS(ctx, snap, dns, kubelet, annotations) } -func (i *implementation) ApplyNetwork(ctx context.Context, snap snap.Snap, cfg types.Network, annotations types.Annotations) (types.FeatureStatus, error) { - return i.applyNetwork(ctx, snap, cfg, annotations) +func (i *implementation) ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer, network types.Network, annotations types.Annotations) (types.FeatureStatus, error) { + return i.applyNetwork(ctx, snap, apiserver, network, annotations) } func (i *implementation) ApplyLoadBalancer(ctx context.Context, snap snap.Snap, loadbalancer types.LoadBalancer, network types.Network, annotations types.Annotations) (types.FeatureStatus, error) { diff --git a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy.go b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy.go index 9b3a3b886..e288afbfd 100644 --- a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy.go +++ b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy.go @@ -11,7 +11,7 @@ import ( ) // K8sAPIServerProxy prepares configuration for k8s-apiserver-proxy. -func K8sAPIServerProxy(snap snap.Snap, servers []string, localhostAddress string, extraArgs map[string]*string) error { +func K8sAPIServerProxy(snap snap.Snap, servers []string, securePort int, extraArgs map[string]*string) error { configFile := filepath.Join(snap.ServiceExtraConfigDir(), "k8s-apiserver-proxy.json") if err := proxy.WriteEndpointsConfig(servers, configFile); err != nil { return fmt.Errorf("failed to write proxy configuration file: %w", err) @@ -20,7 +20,7 @@ func K8sAPIServerProxy(snap snap.Snap, servers []string, localhostAddress string if _, err := snaputil.UpdateServiceArguments(snap, "k8s-apiserver-proxy", map[string]string{ "--endpoints": configFile, "--kubeconfig": filepath.Join(snap.KubernetesConfigDir(), "kubelet.conf"), - "--listen": fmt.Sprintf("%s:6443", localhostAddress), + "--listen": fmt.Sprintf(":%d", securePort), }, nil); err != nil { return fmt.Errorf("failed to write arguments file: %w", err) } diff --git a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go index 385c23e39..ad03d1dee 100644 --- a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go +++ b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go @@ -27,7 +27,7 @@ func TestK8sApiServerProxy(t *testing.T) { s := mustSetupSnapAndDirectories(t, setK8sApiServerMock) - g.Expect(setup.K8sAPIServerProxy(s, nil, "127.0.0.1", nil)).To(Succeed()) + g.Expect(setup.K8sAPIServerProxy(s, nil, 6443, nil)).To(Succeed()) tests := []struct { key string @@ -35,7 +35,7 @@ func TestK8sApiServerProxy(t *testing.T) { }{ {key: "--endpoints", expectedVal: filepath.Join(s.Mock.ServiceExtraConfigDir, "k8s-apiserver-proxy.json")}, {key: "--kubeconfig", expectedVal: filepath.Join(s.Mock.KubernetesConfigDir, "kubelet.conf")}, - {key: "--listen", expectedVal: "127.0.0.1:6443"}, + {key: "--listen", expectedVal: ":6443"}, } for _, tc := range tests { t.Run(tc.key, func(t *testing.T) { @@ -61,7 +61,7 @@ func TestK8sApiServerProxy(t *testing.T) { "--listen": nil, // This should trigger a delete "--my-extra-arg": utils.Pointer("my-extra-val"), } - g.Expect(setup.K8sAPIServerProxy(s, nil, "127.0.0.1", extraArgs)).To(Succeed()) + g.Expect(setup.K8sAPIServerProxy(s, nil, 6443, extraArgs)).To(Succeed()) tests := []struct { key string @@ -98,7 +98,7 @@ func TestK8sApiServerProxy(t *testing.T) { s := mustSetupSnapAndDirectories(t, setK8sApiServerMock) s.Mock.ServiceExtraConfigDir = "nonexistent" - g.Expect(setup.K8sAPIServerProxy(s, nil, "127.0.0.1", nil)).ToNot(Succeed()) + g.Expect(setup.K8sAPIServerProxy(s, nil, 6443, nil)).ToNot(Succeed()) }) t.Run("MissingServiceArgumentsDir", func(t *testing.T) { @@ -107,7 +107,7 @@ func TestK8sApiServerProxy(t *testing.T) { s := mustSetupSnapAndDirectories(t, setK8sApiServerMock) s.Mock.ServiceArgumentsDir = "nonexistent" - g.Expect(setup.K8sAPIServerProxy(s, nil, "127.0.0.1", nil)).ToNot(Succeed()) + g.Expect(setup.K8sAPIServerProxy(s, nil, 6443, nil)).ToNot(Succeed()) }) t.Run("JSONFileContent", func(t *testing.T) { @@ -118,7 +118,7 @@ func TestK8sApiServerProxy(t *testing.T) { endpoints := []string{"192.168.0.1", "192.168.0.2", "192.168.0.3"} fileName := filepath.Join(s.Mock.ServiceExtraConfigDir, "k8s-apiserver-proxy.json") - g.Expect(setup.K8sAPIServerProxy(s, endpoints, "127.0.0.1", nil)).To(Succeed()) + g.Expect(setup.K8sAPIServerProxy(s, endpoints, 6443, nil)).To(Succeed()) b, err := os.ReadFile(fileName) g.Expect(err).NotTo(HaveOccurred()) diff --git a/src/k8s/pkg/k8sd/setup/kube_apiserver.go b/src/k8s/pkg/k8sd/setup/kube_apiserver.go index 37c1c0192..457ba1b96 100644 --- a/src/k8s/pkg/k8sd/setup/kube_apiserver.go +++ b/src/k8s/pkg/k8sd/setup/kube_apiserver.go @@ -5,6 +5,7 @@ import ( "net" "os" "path/filepath" + "strconv" "strings" "github.com/canonical/k8s/pkg/k8sd/types" @@ -49,7 +50,7 @@ var ( ) // KubeAPIServer configures kube-apiserver on the local node. -func KubeAPIServer(snap snap.Snap, nodeIP net.IP, serviceCIDR string, authWebhookURL string, enableFrontProxy bool, datastore types.Datastore, authorizationMode string, extraArgs map[string]*string) error { +func KubeAPIServer(snap snap.Snap, securePort int, nodeIP net.IP, serviceCIDR string, authWebhookURL string, enableFrontProxy bool, datastore types.Datastore, authorizationMode string, extraArgs map[string]*string) error { authTokenWebhookConfigFile := filepath.Join(snap.ServiceExtraConfigDir(), "auth-token-webhook.conf") authTokenWebhookFile, err := os.OpenFile(authTokenWebhookConfigFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { @@ -77,7 +78,7 @@ func KubeAPIServer(snap snap.Snap, nodeIP net.IP, serviceCIDR string, authWebhoo "--kubelet-preferred-address-types": "InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP", "--profiling": "false", "--request-timeout": "300s", - "--secure-port": "6443", + "--secure-port": strconv.Itoa(securePort), "--service-account-issuer": "https://kubernetes.default.svc", "--service-account-key-file": filepath.Join(snap.KubernetesPKIDir(), "serviceaccount.key"), "--service-account-signing-key-file": filepath.Join(snap.KubernetesPKIDir(), "serviceaccount.key"), diff --git a/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go b/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go index 7e150c5de..03b33f8dd 100644 --- a/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go +++ b/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go @@ -37,7 +37,7 @@ func TestKubeAPIServer(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeAPIServerMock) // Call the KubeAPIServer setup function with mock arguments - g.Expect(setup.KubeAPIServer(s, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", true, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", nil)).To(BeNil()) + g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", true, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", nil)).To(BeNil()) // Ensure the kube-apiserver arguments file has the expected arguments and values tests := []struct { @@ -96,7 +96,7 @@ func TestKubeAPIServer(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeAPIServerMock) // Call the KubeAPIServer setup function with mock arguments - g.Expect(setup.KubeAPIServer(s, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", nil)).To(BeNil()) + g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", nil)).To(BeNil()) // Ensure the kube-apiserver arguments file has the expected arguments and values tests := []struct { @@ -153,7 +153,7 @@ func TestKubeAPIServer(t *testing.T) { "--my-extra-arg": utils.Pointer("my-extra-val"), } // Call the KubeAPIServer setup function with mock arguments - g.Expect(setup.KubeAPIServer(s, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", true, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", extraArgs)).To(BeNil()) + g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", true, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", extraArgs)).To(BeNil()) // Ensure the kube-apiserver arguments file has the expected arguments and values tests := []struct { @@ -214,7 +214,7 @@ func TestKubeAPIServer(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeAPIServerMock) // Setup without proxy to simplify argument list - g.Expect(setup.KubeAPIServer(s, net.ParseIP("192.168.0.1"), "10.0.0.0/24,fd01::/64", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("external"), ExternalServers: utils.Pointer([]string{"datastoreurl1", "datastoreurl2"})}, "Node,RBAC", nil)).To(BeNil()) + g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24,fd01::/64", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("external"), ExternalServers: utils.Pointer([]string{"datastoreurl1", "datastoreurl2"})}, "Node,RBAC", nil)).To(BeNil()) g.Expect(snaputil.GetServiceArgument(s, "kube-apiserver", "--service-cluster-ip-range")).To(Equal("10.0.0.0/24,fd01::/64")) _, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-apiserver")) @@ -227,7 +227,7 @@ func TestKubeAPIServer(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeAPIServerMock) // Setup without proxy to simplify argument list - g.Expect(setup.KubeAPIServer(s, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("external"), ExternalServers: utils.Pointer([]string{"datastoreurl1", "datastoreurl2"})}, "Node,RBAC", nil)).To(BeNil()) + g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("external"), ExternalServers: utils.Pointer([]string{"datastoreurl1", "datastoreurl2"})}, "Node,RBAC", nil)).To(BeNil()) g.Expect(snaputil.GetServiceArgument(s, "kube-apiserver", "--etcd-servers")).To(Equal("datastoreurl1,datastoreurl2")) _, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-apiserver")) @@ -241,7 +241,7 @@ func TestKubeAPIServer(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeAPIServerMock) // Attempt to configure kube-apiserver with an unsupported datastore - err := setup.KubeAPIServer(s, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("unsupported")}, "Node,RBAC", nil) + err := setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("unsupported")}, "Node,RBAC", nil) g.Expect(err).To(HaveOccurred()) g.Expect(err).To(MatchError(ContainSubstring("unsupported datastore"))) }) diff --git a/src/k8s/pkg/k8sd/types/cluster_config_merge.go b/src/k8s/pkg/k8sd/types/cluster_config_merge.go index fb1840d1a..9f42458ab 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_merge.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_merge.go @@ -46,6 +46,7 @@ func MergeClusterConfig(existing ClusterConfig, new ClusterConfig) (ClusterConfi // network {name: "pod CIDR", val: &config.Network.PodCIDR, old: existing.Network.PodCIDR, new: new.Network.PodCIDR}, {name: "service CIDR", val: &config.Network.ServiceCIDR, old: existing.Network.ServiceCIDR, new: new.Network.ServiceCIDR}, + {name: "localhost address", val: &config.Network.LocalhostAddress, old: existing.Network.LocalhostAddress, new: new.Network.LocalhostAddress}, // apiserver {name: "kube-apiserver authorization mode", val: &config.APIServer.AuthorizationMode, old: existing.APIServer.AuthorizationMode, new: new.APIServer.AuthorizationMode, allowChange: true}, // kubelet diff --git a/src/k8s/pkg/k8sd/types/cluster_config_network.go b/src/k8s/pkg/k8sd/types/cluster_config_network.go index d429fac7b..9134c51e8 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_network.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_network.go @@ -1,12 +1,14 @@ package types type Network struct { - Enabled *bool `json:"enabled,omitempty"` - PodCIDR *string `json:"pod-cidr,omitempty"` - ServiceCIDR *string `json:"service-cidr,omitempty"` + Enabled *bool `json:"enabled,omitempty"` + PodCIDR *string `json:"pod-cidr,omitempty"` + ServiceCIDR *string `json:"service-cidr,omitempty"` + LocalhostAddress *string `json:"localhost-address,omitempty"` } -func (c Network) GetEnabled() bool { return getField(c.Enabled) } -func (c Network) GetPodCIDR() string { return getField(c.PodCIDR) } -func (c Network) GetServiceCIDR() string { return getField(c.ServiceCIDR) } -func (c Network) Empty() bool { return c == Network{} } +func (c Network) GetEnabled() bool { return getField(c.Enabled) } +func (c Network) GetPodCIDR() string { return getField(c.PodCIDR) } +func (c Network) GetServiceCIDR() string { return getField(c.ServiceCIDR) } +func (c Network) GetLocalhostAddress() string { return getField(c.LocalhostAddress) } +func (c Network) Empty() bool { return c == Network{} } From 1a7bafd1705e379925ce6fa68036597082b2bea7 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Fri, 27 Sep 2024 21:21:35 +0200 Subject: [PATCH 028/122] fix unittests after rebase (#703) --- src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go | 4 ++-- src/k8s/pkg/k8sd/setup/kube_apiserver_test.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go index ad03d1dee..2df5238c8 100644 --- a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go +++ b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go @@ -138,13 +138,13 @@ func TestK8sApiServerProxy(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeletMock) s.Mock.Hostname = "dev" - g.Expect(setup.K8sAPIServerProxy(s, nil, "[2001:db8::]", nil)).To(Succeed()) + g.Expect(setup.K8sAPIServerProxy(s, nil, 1234, nil)).To(Succeed()) tests := []struct { key string expectedVal string }{ - {key: "--listen", expectedVal: "[2001:db8::]:6443"}, + {key: "--listen", expectedVal: ":1234"}, } for _, tc := range tests { t.Run(tc.key, func(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go b/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go index 03b33f8dd..1da6c7986 100644 --- a/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go +++ b/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go @@ -253,7 +253,7 @@ func TestKubeAPIServer(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeletMock) s.Mock.Hostname = "dev" - g.Expect(setup.KubeAPIServer(s, net.ParseIP("2001:db8::"), "fd98::/108", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", nil)).To(Succeed()) + g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("2001:db8::"), "fd98::/108", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", nil)).To(Succeed()) tests := []struct { key string From 2b9d49a8ba2670b9cef5502673ab97e8943def6f Mon Sep 17 00:00:00 2001 From: Mateo Florido <32885896+mateoflorido@users.noreply.github.com> Date: Mon, 30 Sep 2024 14:12:21 -0500 Subject: [PATCH 029/122] Add CAPI endpoints for Certificates Refresh (#699) Refactor Certificates Refresh endpoints to flush the response early and restart the services asynchronously --- src/k8s/go.mod | 2 +- src/k8s/go.sum | 4 +- src/k8s/pkg/k8sd/api/certificates_refresh.go | 51 +++++++++++++++++--- src/k8s/pkg/k8sd/api/endpoints.go | 16 ++++-- tests/integration/tests/test_smoke.py | 3 +- 5 files changed, 62 insertions(+), 14 deletions(-) diff --git a/src/k8s/go.mod b/src/k8s/go.mod index 6ec6e3204..ca4a888d6 100644 --- a/src/k8s/go.mod +++ b/src/k8s/go.mod @@ -5,7 +5,7 @@ go 1.22.6 require ( dario.cat/mergo v1.0.0 github.com/canonical/go-dqlite v1.22.0 - github.com/canonical/k8s-snap-api v1.0.7 + github.com/canonical/k8s-snap-api v1.0.8 github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 github.com/go-logr/logr v1.4.2 diff --git a/src/k8s/go.sum b/src/k8s/go.sum index ee150fa8a..8e5154068 100644 --- a/src/k8s/go.sum +++ b/src/k8s/go.sum @@ -99,8 +99,8 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXe github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/canonical/go-dqlite v1.22.0 h1:DuJmfcREl4gkQJyvZzjl2GHFZROhbPyfdjDRQXpkOyw= github.com/canonical/go-dqlite v1.22.0/go.mod h1:Uvy943N8R4CFUAs59A1NVaziWY9nJ686lScY7ywurfg= -github.com/canonical/k8s-snap-api v1.0.7 h1:40qz+9IcV90ZN/wTMuOraZcuqoyRHaJck1J3c7FcWrQ= -github.com/canonical/k8s-snap-api v1.0.7/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= +github.com/canonical/k8s-snap-api v1.0.8 h1:W360Y4ulkAdCdQqbfQ7zXs3/Ty8SWENO3/Bzz8ZAEPE= +github.com/canonical/k8s-snap-api v1.0.8/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 h1:YOqZ+/14OPZ+/TOXpRHIX3KLT0C+wZVpewKIwlGUmW0= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230/go.mod h1:YVGI7HStOKsV+cMyXWnJ7RaMPaeWtrkxyIPvGWbgACc= github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 h1:UrnpglbXELlxtufdk6DGDytu2JzyzuS3WTsOwPrkQLI= diff --git a/src/k8s/pkg/k8sd/api/certificates_refresh.go b/src/k8s/pkg/k8sd/api/certificates_refresh.go index 4e3694114..1be0f436f 100644 --- a/src/k8s/pkg/k8sd/api/certificates_refresh.go +++ b/src/k8s/pkg/k8sd/api/certificates_refresh.go @@ -1,6 +1,7 @@ package api import ( + "context" "crypto/x509/pkix" "fmt" "math" @@ -66,6 +67,8 @@ func (e *Endpoints) postRefreshCertsRun(s state.State, r *http.Request) response // refreshCertsRunControlPlane refreshes the certificates for a control plane node. func refreshCertsRunControlPlane(s state.State, r *http.Request, snap snap.Snap) response.Response { + log := log.FromContext(r.Context()) + req := apiv1.RefreshCertificatesRunRequest{} if err := utils.NewStrictJSONDecoder(r.Body).Decode(&req); err != nil { return response.BadRequest(fmt.Errorf("failed to parse request: %w", err)) @@ -130,20 +133,54 @@ func refreshCertsRunControlPlane(s state.State, r *http.Request, snap snap.Snap) return response.InternalError(fmt.Errorf("failed to generate control plane kubeconfigs: %w", err)) } - if err := snaputil.RestartControlPlaneServices(r.Context(), snap); err != nil { - return response.InternalError(fmt.Errorf("failed to restart control plane services: %w", err)) - } + // NOTE: Restart the control plane services in a separate goroutine to avoid + // restarting the API server, which would break the k8sd proxy connection + // and cause missed responses in the proxy side. + readyCh := make(chan error) + go func() { + // NOTE: Create a new context independent of the request context to ensure + // the restart process is not cancelled by the client. + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) + defer cancel() - kubeletCert, _, err := pkiutil.LoadCertificate(certificates.KubeletCert, "") + if err := <-readyCh; err != nil { + log.Error(err, "Failed to refresh certificates") + return + } + if err := snaputil.RestartControlPlaneServices(ctx, snap); err != nil { + log.Error(err, "Failed to restart control plane services") + } + }() + + apiServerCert, _, err := pkiutil.LoadCertificate(certificates.APIServerCert, "") if err != nil { return response.InternalError(fmt.Errorf("failed to read kubelet certificate: %w", err)) } - expirationTimeUNIX := kubeletCert.NotAfter.Unix() + expirationTimeUNIX := apiServerCert.NotAfter.Unix() - return response.SyncResponse(true, apiv1.RefreshCertificatesRunResponse{ - ExpirationSeconds: int(expirationTimeUNIX), + return response.ManualResponse(func(w http.ResponseWriter) (rerr error) { + defer func() { + readyCh <- rerr + close(readyCh) + }() + + err := response.SyncResponse(true, apiv1.RefreshCertificatesRunResponse{ + ExpirationSeconds: int(expirationTimeUNIX), + }).Render(w) + if err != nil { + return fmt.Errorf("failed to render response: %w", err) + } + + f, ok := w.(http.Flusher) + if !ok { + return fmt.Errorf("ResponseWriter is not type http.Flusher") + } + + f.Flush() + return nil }) + } // refreshCertsRunWorker refreshes the certificates for a worker node diff --git a/src/k8s/pkg/k8sd/api/endpoints.go b/src/k8s/pkg/k8sd/api/endpoints.go index 3bc56701e..f4a02e02c 100644 --- a/src/k8s/pkg/k8sd/api/endpoints.go +++ b/src/k8s/pkg/k8sd/api/endpoints.go @@ -91,12 +91,12 @@ func (e *Endpoints) Endpoints() []rest.Endpoint { // Certificates { Name: "RefreshCerts/Plan", - Path: "k8sd/refresh-certs/plan", + Path: apiv1.RefreshCertificatesPlanRPC, Post: rest.EndpointAction{Handler: e.postRefreshCertsPlan}, }, { Name: "RefreshCerts/Run", - Path: "k8sd/refresh-certs/run", + Path: apiv1.RefreshCertificatesRunRPC, Post: rest.EndpointAction{Handler: e.postRefreshCertsRun}, }, // Kubeconfig @@ -143,7 +143,17 @@ func (e *Endpoints) Endpoints() []rest.Endpoint { { Name: "ClusterAPI/CertificatesExpiry", Path: apiv1.ClusterAPICertificatesExpiryRPC, - Post: rest.EndpointAction{Handler: e.postCertificatesExpiry, AccessHandler: ValidateCAPIAuthTokenAccessHandler("capi-auth-token"), AllowUntrusted: true}, + Post: rest.EndpointAction{Handler: e.postCertificatesExpiry, AccessHandler: e.ValidateNodeTokenAccessHandler("node-token"), AllowUntrusted: true}, + }, + { + Name: "ClusterAPI/RefreshCerts/Plan", + Path: apiv1.ClusterAPICertificatesPlanRPC, + Post: rest.EndpointAction{Handler: e.postRefreshCertsPlan, AccessHandler: e.ValidateNodeTokenAccessHandler("node-token"), AllowUntrusted: true}, + }, + { + Name: "ClusterAPI/RefreshCerts/Run", + Path: apiv1.ClusterAPICertificatesRunRPC, + Post: rest.EndpointAction{Handler: e.postRefreshCertsRun, AccessHandler: e.ValidateNodeTokenAccessHandler("node-token"), AllowUntrusted: true}, }, // Snap refreshes { diff --git a/tests/integration/tests/test_smoke.py b/tests/integration/tests/test_smoke.py index 9d8dd6da1..ab2ee7552 100644 --- a/tests/integration/tests/test_smoke.py +++ b/tests/integration/tests/test_smoke.py @@ -66,6 +66,7 @@ def test_smoke(instances: List[harness.Instance]): LOG.info("Verify the functionality of the CAPI endpoints.") instance.exec("k8s x-capi set-auth-token my-secret-token".split()) + instance.exec("k8s x-capi set-node-token my-node-token".split()) body = { "name": "my-node", @@ -107,7 +108,7 @@ def test_smoke(instances: List[harness.Instance]): "-H", "Content-Type: application/json", "-H", - "capi-auth-token: my-secret-token", + "node-token: my-node-token", "--unix-socket", "/var/snap/k8s/common/var/lib/k8sd/state/control.socket", "http://localhost/1.0/x/capi/certificates-expiry", From 4215adcb7bfda3a214644239061197a87c1c1cd6 Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Tue, 1 Oct 2024 06:42:24 -0400 Subject: [PATCH 030/122] Update dualstack.md (#706) * Update dualstack.md We have determined that /108 is the maximum supported size. Cluster fails to bootstrap with /64 and /96. --- docs/src/snap/howto/networking/dualstack.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/src/snap/howto/networking/dualstack.md b/docs/src/snap/howto/networking/dualstack.md index a7114ce6f..343a02f37 100644 --- a/docs/src/snap/howto/networking/dualstack.md +++ b/docs/src/snap/howto/networking/dualstack.md @@ -138,6 +138,13 @@ cluster bootstrap process. The key configuration parameters are: When setting up dual-stack networking, it is important to consider the limitations regarding CIDR size: -- **/64 is too large for the Service CIDR**: Using a `/64` CIDR for services +- **/108 is the maximum size for the Service CIDR** +Using a smaller value than `/108` for service CIDRs may cause issues like failure to initialize the IPv6 allocator. This is due to the CIDR size being too large for Kubernetes to handle efficiently. + +See upstream reference: [kube-apiserver validation][kube-apiserver-test] + + + +[kube-apiserver-test]: https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-apiserver/app/options/validation_test.go#L435 From 27247c40181bdf0a9a664219452b70e4df8fd928 Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Tue, 1 Oct 2024 14:35:34 -0400 Subject: [PATCH 031/122] Validate pod CIDR and service CIDR (#695) --- src/k8s/pkg/k8sd/features/calico/network.go | 4 +- .../pkg/k8sd/features/calico/network_test.go | 4 +- src/k8s/pkg/k8sd/features/cilium/network.go | 2 +- .../pkg/k8sd/features/cilium/network_test.go | 2 +- .../pkg/k8sd/types/cluster_config_validate.go | 69 +++++++++++++++++++ .../types/cluster_config_validate_test.go | 23 ++++--- src/k8s/pkg/utils/cidr.go | 26 ++++++- src/k8s/pkg/utils/cidr_test.go | 2 +- 8 files changed, 113 insertions(+), 19 deletions(-) diff --git a/src/k8s/pkg/k8sd/features/calico/network.go b/src/k8s/pkg/k8sd/features/calico/network.go index f89651df2..414ea2938 100644 --- a/src/k8s/pkg/k8sd/features/calico/network.go +++ b/src/k8s/pkg/k8sd/features/calico/network.go @@ -54,7 +54,7 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer } podIpPools := []map[string]any{} - ipv4PodCIDR, ipv6PodCIDR, err := utils.ParseCIDRs(network.GetPodCIDR()) + ipv4PodCIDR, ipv6PodCIDR, err := utils.SplitCIDRStrings(network.GetPodCIDR()) if err != nil { err = fmt.Errorf("invalid pod cidr: %w", err) return types.FeatureStatus{ @@ -79,7 +79,7 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer } serviceCIDRs := []string{} - ipv4ServiceCIDR, ipv6ServiceCIDR, err := utils.ParseCIDRs(network.GetServiceCIDR()) + ipv4ServiceCIDR, ipv6ServiceCIDR, err := utils.SplitCIDRStrings(network.GetServiceCIDR()) if err != nil { err = fmt.Errorf("invalid service cidr: %v", err) return types.FeatureStatus{ diff --git a/src/k8s/pkg/k8sd/features/calico/network_test.go b/src/k8s/pkg/k8sd/features/calico/network_test.go index 75d31e0af..96d602b37 100644 --- a/src/k8s/pkg/k8sd/features/calico/network_test.go +++ b/src/k8s/pkg/k8sd/features/calico/network_test.go @@ -210,10 +210,10 @@ func TestEnabled(t *testing.T) { func validateValues(t *testing.T, values map[string]any, network types.Network) { g := NewWithT(t) - podIPv4CIDR, podIPv6CIDR, err := utils.ParseCIDRs(network.GetPodCIDR()) + podIPv4CIDR, podIPv6CIDR, err := utils.SplitCIDRStrings(network.GetPodCIDR()) g.Expect(err).ToNot(HaveOccurred()) - svcIPv4CIDR, svcIPv6CIDR, err := utils.ParseCIDRs(network.GetServiceCIDR()) + svcIPv4CIDR, svcIPv6CIDR, err := utils.SplitCIDRStrings(network.GetServiceCIDR()) g.Expect(err).ToNot(HaveOccurred()) // calico network diff --git a/src/k8s/pkg/k8sd/features/cilium/network.go b/src/k8s/pkg/k8sd/features/cilium/network.go index e0573d72b..ba9720dad 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network.go +++ b/src/k8s/pkg/k8sd/features/cilium/network.go @@ -44,7 +44,7 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer }, nil } - ipv4CIDR, ipv6CIDR, err := utils.ParseCIDRs(network.GetPodCIDR()) + ipv4CIDR, ipv6CIDR, err := utils.SplitCIDRStrings(network.GetPodCIDR()) if err != nil { err = fmt.Errorf("invalid kube-proxy --cluster-cidr value: %v", err) return types.FeatureStatus{ diff --git a/src/k8s/pkg/k8sd/features/cilium/network_test.go b/src/k8s/pkg/k8sd/features/cilium/network_test.go index 978bebc0e..7b9c2e36b 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/network_test.go @@ -180,7 +180,7 @@ func validateNetworkValues(t *testing.T, values map[string]any, network types.Ne t.Helper() g := NewWithT(t) - ipv4CIDR, ipv6CIDR, err := utils.ParseCIDRs(network.GetPodCIDR()) + ipv4CIDR, ipv6CIDR, err := utils.SplitCIDRStrings(network.GetPodCIDR()) g.Expect(err).ToNot(HaveOccurred()) bpfMount, err := utils.GetMountPath("bpf") diff --git a/src/k8s/pkg/k8sd/types/cluster_config_validate.go b/src/k8s/pkg/k8sd/types/cluster_config_validate.go index c673e3173..8ec1b8d50 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_validate.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_validate.go @@ -6,6 +6,8 @@ import ( "net/netip" "net/url" "strings" + + "github.com/canonical/k8s/pkg/utils" ) func validateCIDRs(cidrString string) error { @@ -21,6 +23,65 @@ func validateCIDRs(cidrString string) error { return nil } +// validateCIDROverlap checks for overlap and size constraints between pod and service CIDRs. +// It parses the provided podCIDR and serviceCIDR strings, checks for IPv4 and IPv6 overlaps. +func validateCIDROverlap(podCIDR string, serviceCIDR string) error { + // Parse the CIDRs + podIPv4CIDR, podIPv6CIDR, err := utils.SplitCIDRStrings(podCIDR) + if err != nil { + return fmt.Errorf("failed to parse pod CIDR: %w", err) + } + + svcIPv4CIDR, svcIPv6CIDR, err := utils.SplitCIDRStrings(serviceCIDR) + if err != nil { + return fmt.Errorf("failed to parse service CIDR: %w", err) + } + + // Check for IPv4 overlap + if podIPv4CIDR != "" && svcIPv4CIDR != "" { + if overlap, err := utils.CIDRsOverlap(podIPv4CIDR, svcIPv4CIDR); err != nil { + return fmt.Errorf("failed to check for IPv4 overlap: %w", err) + } else if overlap { + return fmt.Errorf("pod CIDR %q and service CIDR %q overlap", podCIDR, serviceCIDR) + } + } + + // Check for IPv6 overlap + if podIPv6CIDR != "" && svcIPv6CIDR != "" { + if overlap, err := utils.CIDRsOverlap(podIPv6CIDR, svcIPv6CIDR); err != nil { + return fmt.Errorf("failed to check for IPv6 overlap: %w", err) + } else if overlap { + return fmt.Errorf("pod CIDR %q and service CIDR %q overlap", podCIDR, serviceCIDR) + } + } + + return nil +} + +// validateIPv6CIDRSize ensures that the service IPv6 CIDR is not larger than /108. +// Ref: https://documentation.ubuntu.com/canonical-kubernetes/latest/snap/howto/networking/dualstack/#cidr-size-limitations +func validateIPv6CIDRSize(serviceCIDR string) error { + _, svcIPv6CIDR, err := utils.SplitCIDRStrings(serviceCIDR) + if err != nil { + return fmt.Errorf("invalid CIDR: %w", err) + } + + if svcIPv6CIDR == "" { + return nil + } + + _, ipv6Net, err := net.ParseCIDR(svcIPv6CIDR) + if err != nil { + return fmt.Errorf("invalid CIDR: %w", err) + } + + if prefixLength, _ := ipv6Net.Mask.Size(); prefixLength < 108 { + return fmt.Errorf("service CIDR %q cannot be larger than /108", serviceCIDR) + } + + return nil +} + // Validate that a ClusterConfig does not have conflicting or incompatible options. func (c *ClusterConfig) Validate() error { // check: validate that PodCIDR and ServiceCIDR are configured @@ -31,6 +92,14 @@ func (c *ClusterConfig) Validate() error { return fmt.Errorf("invalid service CIDR: %w", err) } + if err := validateCIDROverlap(c.Network.GetPodCIDR(), c.Network.GetServiceCIDR()); err != nil { + return fmt.Errorf("invalid cidr configuration: %w", err) + } + // Can't be an else-if, because default values could already be set. + if err := validateIPv6CIDRSize(c.Network.GetServiceCIDR()); err != nil { + return fmt.Errorf("invalid service CIDR: %w", err) + } + // check: ensure network is enabled if any of ingress, gateway, load-balancer are enabled if !c.Network.GetEnabled() { if c.Gateway.GetEnabled() { diff --git a/src/k8s/pkg/k8sd/types/cluster_config_validate_test.go b/src/k8s/pkg/k8sd/types/cluster_config_validate_test.go index db58934ed..b2ef53af5 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_validate_test.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_validate_test.go @@ -10,15 +10,18 @@ import ( func TestValidateCIDR(t *testing.T) { for _, tc := range []struct { - cidr string - expectErr bool + cidr string + expectPodErr bool + expectSvcErr bool }{ - {cidr: "10.1.0.0/16"}, - {cidr: "2001:0db8::/32"}, - {cidr: "10.1.0.0/16,2001:0db8::/32"}, - {cidr: "", expectErr: true}, - {cidr: "bananas", expectErr: true}, - {cidr: "fd01::/64,fd02::/64,fd03::/64", expectErr: true}, + {cidr: "192.168.0.0/16"}, + {cidr: "2001:0db8::/108"}, + {cidr: "10.2.0.0/16,2001:0db8::/108"}, + {cidr: "", expectPodErr: true, expectSvcErr: true}, + {cidr: "bananas", expectPodErr: true, expectSvcErr: true}, + {cidr: "fd01::/108,fd02::/108,fd03::/108", expectPodErr: true, expectSvcErr: true}, + {cidr: "10.1.0.0/32", expectPodErr: true, expectSvcErr: true}, + {cidr: "2001:0db8::/32", expectSvcErr: true}, } { t.Run(tc.cidr, func(t *testing.T) { t.Run("Pod", func(t *testing.T) { @@ -30,7 +33,7 @@ func TestValidateCIDR(t *testing.T) { }, } err := config.Validate() - if tc.expectErr { + if tc.expectPodErr { g.Expect(err).To(HaveOccurred()) } else { g.Expect(err).To(BeNil()) @@ -45,7 +48,7 @@ func TestValidateCIDR(t *testing.T) { }, } err := config.Validate() - if tc.expectErr { + if tc.expectSvcErr { g.Expect(err).To(HaveOccurred()) } else { g.Expect(err).To(BeNil()) diff --git a/src/k8s/pkg/utils/cidr.go b/src/k8s/pkg/utils/cidr.go index e5fe01bba..9b129b68f 100644 --- a/src/k8s/pkg/utils/cidr.go +++ b/src/k8s/pkg/utils/cidr.go @@ -101,8 +101,8 @@ func ParseAddressString(address string, port int64) (string, error) { return util.CanonicalNetworkAddress(address, port), nil } -// ParseCIDRs parses the given CIDR string and returns the respective IPv4 and IPv6 CIDRs. -func ParseCIDRs(CIDRstring string) (string, string, error) { +// SplitCIDRStrings parses the given CIDR string and returns the respective IPv4 and IPv6 CIDRs. +func SplitCIDRStrings(CIDRstring string) (string, string, error) { clusterCIDRs := strings.Split(CIDRstring, ",") if v := len(clusterCIDRs); v != 1 && v != 2 { return "", "", fmt.Errorf("invalid CIDR list: %v", clusterCIDRs) @@ -142,3 +142,25 @@ func ToIPString(ip net.IP) string { } return "[" + ip.String() + "]" } + +// CIDRsOverlap checks if two given CIDR blocks overlap. +// It takes two strings representing the CIDR blocks as input and returns a boolean indicating +// whether they overlap and an error if any of the CIDR blocks are invalid. +func CIDRsOverlap(cidr1, cidr2 string) (bool, error) { + _, ipNet1, err1 := net.ParseCIDR(cidr1) + _, ipNet2, err2 := net.ParseCIDR(cidr2) + + if err1 != nil { + return false, fmt.Errorf("couldn't parse CIDR block %q: %w", cidr1, err1) + } + + if err2 != nil { + return false, fmt.Errorf("couldn't parse CIDR block %q: %w", cidr2, err2) + } + + if ipNet1.Contains(ipNet2.IP) || ipNet2.Contains(ipNet1.IP) { + return true, nil + } + + return false, nil +} diff --git a/src/k8s/pkg/utils/cidr_test.go b/src/k8s/pkg/utils/cidr_test.go index 1d0e9da96..5bb1aef23 100644 --- a/src/k8s/pkg/utils/cidr_test.go +++ b/src/k8s/pkg/utils/cidr_test.go @@ -153,7 +153,7 @@ func TestParseCIDRs(t *testing.T) { for _, tc := range testCases { t.Run(tc.input, func(t *testing.T) { - ipv4CIDR, ipv6CIDR, err := utils.ParseCIDRs(tc.input) + ipv4CIDR, ipv6CIDR, err := utils.SplitCIDRStrings(tc.input) if tc.expectedErr { Expect(err).To(HaveOccurred()) } else { From edd536fb4cd36325c12e80fd2154add4144d1362 Mon Sep 17 00:00:00 2001 From: Mateo Florido <32885896+mateoflorido@users.noreply.github.com> Date: Tue, 1 Oct 2024 18:56:02 -0500 Subject: [PATCH 032/122] Mirror `libtirpc` to Launchpad (#708) --- src/k8s/hack/env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/k8s/hack/env.sh b/src/k8s/hack/env.sh index 66af208c7..60d0d9865 100755 --- a/src/k8s/hack/env.sh +++ b/src/k8s/hack/env.sh @@ -2,7 +2,7 @@ ## Component repositories REPO_MUSL="https://git.launchpad.net/musl" -REPO_LIBTIRPC="https://salsa.debian.org/debian/libtirpc.git" +REPO_LIBTIRPC="https://git.launchpad.net/libtirpc" REPO_LIBNSL="https://github.com/thkukuk/libnsl.git" REPO_LIBUV="https://github.com/libuv/libuv.git" REPO_LIBLZ4="https://github.com/lz4/lz4.git" From 5af076a8a43142ddf9c7340d745c023d502b9588 Mon Sep 17 00:00:00 2001 From: Lucian Petrut Date: Wed, 2 Oct 2024 11:47:06 +0300 Subject: [PATCH 033/122] Add "2ha.sh" script, managing 2-node Canonical K8s HA AA clusters (#692) Scenario overview: * Canonical K8s cluster containing 2 nodes * Dqlite data store (unable to obtain quorum) * Primary node dqlite files stored on DRBD * sync block-level replication between the two nodes * cluster monitoring and failover handled through Pacemaker Script functionality: * boostrap the service * wait for a DRBD primary to be elected * detect the node role based on the DRBD status and Dqlite state * have the replica wait for the primary to be ready before continuing * recover Dqlite after failovers * transfer and apply recovery files to secondary nodes * transfer Dqlite files to DRBD and other backup locations, creating necessary symlinks * install required packages * purge all K8s data * clear Pacemaker taints * remove recovery data "2ha.sh start_service" is intended to be used as part of a systemd unit that bootstraps the k8s services, coordinating with the other node and taking any necessary steps to recover Dqlite. --- docs/src/snap/howto/index.md | 1 + docs/src/snap/howto/two-node-ha.md | 430 +++++++++++++++ k8s/hack/two-node-ha.sh | 826 +++++++++++++++++++++++++++++ 3 files changed, 1257 insertions(+) create mode 100644 docs/src/snap/howto/two-node-ha.md create mode 100755 k8s/hack/two-node-ha.sh diff --git a/docs/src/snap/howto/index.md b/docs/src/snap/howto/index.md index 3ae545030..817b5a247 100644 --- a/docs/src/snap/howto/index.md +++ b/docs/src/snap/howto/index.md @@ -22,6 +22,7 @@ proxy backup-restore refresh-certs restore-quorum +two-node-ha epa contribute support diff --git a/docs/src/snap/howto/two-node-ha.md b/docs/src/snap/howto/two-node-ha.md new file mode 100644 index 000000000..cdd894a79 --- /dev/null +++ b/docs/src/snap/howto/two-node-ha.md @@ -0,0 +1,430 @@ +# Two-Node High-Availability with Dqlite + +High availability (HA) is a mandatory requirement for most production-grade +Kubernetes deployments, usually implying three or more nodes. + +Two-node HA clusters are sometimes preferred for cost savings and operational +efficiency considerations. Follow this guide to learn how Canonical Kubernetes +can achieve high availability with just two nodes while using the default +datastore, [Dqlite]. Both nodes will be active members of the cluster, sharing +the Kubernetes load. + +Dqlite cannot achieve a [Raft] quorum with fewer than three nodes. This means +that Dqlite will not be able to replicate data and the secondaries will simply +forward the queries to the primary node. + +In the event of a node failure, database recovery will require following the +steps in the [Dqlite recovery guide]. + +## Proposed solution + +Since Dqlite data replication is not available in this situation, we propose +using synchronous block level replication through +[Distributed Replicated Block Device] (DRBD). + +The cluster monitoring and failover process will be handled by [Pacemaker] and +[Corosync]. After a node failure, the DRBD volume will be mounted on the +standby node, allowing access to the latest Dqlite database version. + +Additional recovery steps are automated and invoked through Pacemaker. + +### Prerequisites: + +* Please ensure that both nodes are part of the Kubernetes cluster. + See the [getting started] and [add/remove nodes] guides. +* The user associated with the HA service has SSH access to the peer node and + passwordless sudo configured. For simplicity, the default "ubuntu" user can + be used. +* We recommend using static IP configuration. + +The [two-node-ha.sh script] automates most operations related to the two-node +HA scenario and is included in the snap. + +The first step is to install the required packages: + +``` +/snap/k8s/current/k8s/hack/two-node-ha.sh install_packages +``` + +### Distributed Replicated Block Device (DRBD) + +This example uses a loopback device as DRBD backing storage: + +``` +sudo dd if=/dev/zero of=/opt/drbd0-backstore bs=1M count=2000 +``` + +Ensure that the loopback device is attached at boot time, before Pacemaker +starts. + +``` +cat < +HATWO_ADDR= + +cat < +HATWO_ADDR= + +sudo mv /etc/corosync/corosync.conf /etc/corosync/corosync.conf.orig + +cat < +HATWO_ADDR= +DRBD_MOUNT_DIR=${DRBD_MOUNT_DIR:-"/mnt/drbd0"} + +sudo crm configure < + +# remove the node constraint. +sudo crm resource clear fs_res +``` + +### Managing Kubernetes Snap Services + +For the two-node HA setup, k8s snap services should no longer start +automatically. Instead, they will be managed by a wrapper service. + +``` +for f in `sudo snap services k8s | awk 'NR>1 {print $1}'`; do + echo "disabling snap.$f" + sudo systemctl disable "snap.$f"; +done +``` + +### Preparing the wrapper service + +The next step is to define the wrapper service. Add the following to +``/etc/systemd/system/two-node-ha-k8s.service``. + +```{note} +the sample uses the ``ubuntu`` user, feel free to use a different one as long as the prerequisites +are met. +``` + +``` +[Unit] +Description=K8s service wrapper handling Dqlite recovery for two-node HA setups. +After=network.target pacemaker.service + +[Service] +User=ubuntu +Group=ubuntu +Type=oneshot +ExecStart=/bin/bash /snap/k8s/current/k8s/hack/two-node-ha.sh start_service +ExecStop=/bin/bash sudo snap stop k8s +RemainAfterExit=true + +[Install] +WantedBy=multi-user.target +``` + +```{note} +The ``two-node-ha.sh start_service`` command used by the service wrapper +automatically detects the expected Dqlite role based on the DRBD state. +It then takes the necessary steps to bootstrap the Dqlite state directories, +synchronize with the peer node (if available) and recover the database. +``` + +When a DRBD failover occurs, the ``two-node-ha-k8s`` service needs to be +restarted. To accomplish this, we are going to define a separate service that +will be invoked by Pacemaker. Create a file called +``/etc/systemd/system/two-node-ha-k8s-failover.service`` containing the +following: + +``` +[Unit] +Description=Managed by Pacemaker, restarts two-node-ha-k8s on failover. +After=network.target home-ubuntu-workspace.mount + +[Service] +Type=oneshot +ExecStart=systemctl restart two-node-ha-k8s +RemainAfterExit=true +``` + +Reload the systemd configuration and set ``two-node-ha-k8s`` to start +automatically. Notice that ``two-node-ha-k8s-failover`` must not be configured +to start automatically, but instead is going to be managed through Pacemaker. + +``` +sudo systemctl enable two-node-ha-k8s +sudo systemctl daemon-reload +``` + +Make sure that both nodes have been configured using the above steps before +moving forward. + +### Automating the failover procedure + +Define a new Pacemaker resource that will invoke the +``two-node-ha-k8s-failover`` service when a DRBD failover occurs. + +``` +sudo crm configure < +[Dqlite]: https://dqlite.io/ +[Raft]: https://raft.github.io/ +[Distributed Replicated Block Device]: https://ubuntu.com/server/docs/distributed-replicated-block-device-drbd +[Dqlite recovery guide]: restore-quorum +[external datastore guide]: external-datastore +[two-node-ha.sh script]: https://github.com/canonical/k8s-snap/blob/main/k8s/hack/two-node-ha.sh +[getting started]: ../tutorial/getting-started +[add/remove nodes]: ../tutorial/add-remove-nodes +[Pacemaker]: https://clusterlabs.org/pacemaker/ +[Corosync]: https://clusterlabs.org/corosync.html +[Pacemaker fencing]: https://clusterlabs.org/pacemaker/doc/2.1/Pacemaker_Explained/html/fencing.html +[split brain]: https://en.wikipedia.org/wiki/Split-brain_(computing) diff --git a/k8s/hack/two-node-ha.sh b/k8s/hack/two-node-ha.sh new file mode 100755 index 000000000..f3c4506e9 --- /dev/null +++ b/k8s/hack/two-node-ha.sh @@ -0,0 +1,826 @@ +#!/bin/bash + +# This script automates various operations on two-node HA Active-Active +# Canonical K8s clusters that use the default datastore, Dqlite. +# +# Prerequisites: +# * required packages installed using the "install_packages" command. +# * initialized K8s cluster, both nodes joined +# * the current user has ssh access to the peer node. +# - used to handle K8s services and transfer Dqlite data +# * the current user has passwordless sudo enabled. +sourced=0 + +DEBUG=${DEBUG:-0} +if [[ "${BASH_SOURCE[0]}" != "${0}" ]]; then + sourced=1 +else + sourced=0 + set -eEu -o pipefail + + if [[ $DEBUG -eq 1 ]]; then + export PS4='+(${BASH_SOURCE}:${LINENO}): ${FUNCNAME[0]:+${FUNCNAME[0]}(): }' + set -x + fi +fi + +SYSTEMD_SERVICE_NAME=${SYSTEMD_SERVICE_NAME:-"two-node-ha-k8s"} +DRBD_MOUNT_DIR=${DRBD_MOUNT_DIR:-"/mnt/drbd0"} +SSH_USERNAME=${SSH_USERNAME:-"ubuntu"} +SSH_OPTS=${SSH_OPTS:-"-o StrictHostKeyChecking=no -o ConnectTimeout=5"} +K8SD_LOG_LEVEL=${K8SD_LOG_LEVEL:-"0"} +K8S_SNAP_CHANNEL=${K8S_SNAP_CHANNEL:-"latest/edge"} +DRBD_RES_NAME=${DRBD_RES_NAME:-"r0"} +DRBD_READY_TIMEOUT=${DRBD_READY_TIMEOUT:-30} +PEER_READY_TIMEOUT=${PEER_READY_TIMEOUT:-60} + +K8SD_PATH=${K8SD_PATH:-/snap/k8s/current/bin/k8sd} + +K8S_DQLITE_STATE_DIR=/var/snap/k8s/common/var/lib/k8s-dqlite +K8SD_STATE_DIR="/var/snap/k8s/common/var/lib/k8sd/state" + +K8S_DQLITE_STATE_BKP_DIR=/var/snap/k8s/common/var/lib/k8s-dqlite.bkp +K8SD_STATE_BKP_DIR="/var/snap/k8s/common/var/lib/k8sd/state.bkp" + +K8S_DQLITE_INFO_YAML="$K8S_DQLITE_STATE_DIR/info.yaml" +K8S_DQLITE_CLUSTER_YAML="$K8S_DQLITE_STATE_DIR/cluster.yaml" + +K8SD_INFO_YAML="$K8SD_STATE_DIR/database/info.yaml" +K8SD_CLUSTER_YAML="$K8SD_STATE_DIR/database/cluster.yaml" + +# Backup yamls are expected to contain the right node ids and +# addresses while the DRBD files may contain settings from the other node +# and have to be updated. +K8S_DQLITE_INFO_BKP_YAML="$K8S_DQLITE_STATE_BKP_DIR/info.yaml" +K8S_DQLITE_CLUSTER_BKP_YAML="$K8S_DQLITE_STATE_BKP_DIR/cluster.yaml" +K8SD_INFO_BKP_YAML="$K8SD_STATE_BKP_DIR/database/info.yaml" +K8SD_CLUSTER_BKP_YAML="$K8SD_STATE_BKP_DIR/database/cluster.yaml" + +K8SD_RECOVERY_TARBALL="$K8SD_STATE_DIR/recovery_db.tar.gz" +# K8SD will remove this file upon starting. We need to create a backup that +# can be transferred to other nodes. +K8SD_RECOVERY_TARBALL_BKP="$K8SD_STATE_DIR/recovery_db.bkp.tar.gz" + +DQLITE_ROLE_VOTER=0 +DQLITE_ROLE_STANDBY=1 +DQLITE_ROLE_SPARE=2 + +function log_message () { + local msg="[$(date -uIseconds)] $@" + >&2 echo -e "$msg" +} + +function get_dqlite_node_id() { + local infoYamlPath=$1 + sudo cat $infoYamlPath | yq -r '.ID' +} + +function get_dqlite_node_addr() { + local infoYamlPath=$1 + sudo cat $infoYamlPath | yq -r '.Address' +} + +function get_dqlite_node_role() { + local infoYamlPath=$1 + sudo cat $infoYamlPath | yq -r '.Role' +} + +function get_dqlite_role_from_cluster_yaml() { + # Note that the cluster.yaml role may not match the info.yaml role. + # In case of a freshly joined node, info.yaml will show it as a "voter" + # while cluster.yaml lists it as a "spare" node. + local clusterYamlPath=$1 + local nodeId=$2 + + # Update the specified node. + sudo cat $clusterYamlPath | \ + yq -r "(.[] | select(.ID == \"$nodeId\") | .Role )" +} + +function set_dqlite_node_role() { + # The yq snap installs in confined mode, so it's unable to access the + # Dqlite config files. + # In order to modify files in-place, we're using sponge. It reads all + # the stdin data before opening the output file. + local infoYamlPath=$1 + local role=$2 + sudo cat $infoYamlPath | \ + yq ".Role = $role" | + sudo sponge $infoYamlPath +} + +# Update cluster.yaml, setting the specified node as voter (role = 0). +# The other nodes will become spares, having the role set to 2. +function set_dqlite_node_as_sole_voter() { + local clusterYamlPath=$1 + local nodeId=$2 + + # Update the specified node. + sudo cat $clusterYamlPath | \ + yq "(.[] | select(.ID == \"$nodeId\") | .Role ) = 0" | \ + sudo sponge $clusterYamlPath + + # Update the other nodes. + sudo cat $clusterYamlPath | \ + yq "(.[] | select(.ID != \"$nodeId\") | .Role ) = 2" | \ + sudo sponge $clusterYamlPath +} + +function get_dql_peer_ip() { + local clusterYamlPath=$1 + local nodeId=$2 + + local addresses=( $(sudo cat $clusterYamlPath | \ + yq "(.[] | select(.ID != \"$nodeId\") | .Address )") ) + + if [[ ${#addresses[@]} -gt 1 ]]; then + log_message "More than one dql peers found: ${addresses[@]}" + exit 1 + fi + + if [[ ${#addresses[@]} -lt 1 ]]; then + log_message "No dql peers found." + exit 1 + fi + + echo ${addresses[0]} | cut -d ":" -f 1 +} + +# This function moves the Dqlite state directories to the DRBD mount, +# replacing them with symlinks. This ensures that the primary will always use +# the latest DRBD data. +# +# The existing contents are moved to a backup folder, which can be used as +# part of the recovery process. +function move_statedirs() { + sudo mkdir -p $DRBD_MOUNT_DIR/k8s-dqlite + sudo mkdir -p $DRBD_MOUNT_DIR/k8sd + + log_message "Validating Dqlite state directories." + check_statedir $K8S_DQLITE_STATE_DIR $DRBD_MOUNT_DIR/k8s-dqlite + check_statedir $K8SD_STATE_DIR $DRBD_MOUNT_DIR/k8sd + + if [[ ! -L $K8S_DQLITE_STATE_DIR ]] || [[ ! -L $K8SD_STATE_DIR ]]; then + local k8sDqliteNodeId=`get_dqlite_node_id $K8S_DQLITE_INFO_YAML` + if [[ -z $k8sDqliteNodeId ]]; then + log_message "Couldn't retrieve k8s-dqlite node id." + exit 1 + fi + + + local expRole=`get_expected_dqlite_role` + # For fresh k8s clusters, the info.yaml role may not match the cluster.yaml role. + local k8sDqliteRole=`get_dqlite_role_from_cluster_yaml \ + $K8S_DQLITE_CLUSTER_YAML $k8sDqliteNodeId` + + if [[ $expRole -ne $k8sDqliteRole ]]; then + # TODO: consider automating this. We may move the pacemaker resource + # ourselves and maybe even copy the remote files through scp or ssh. + # However, there's a risk of race conditions. + log_message "DRBD volume mounted on replica, refusing to transfer Dqlite files." + log_message "Move the DRBD volume to the primary node (through the fs_res Pacemaker resource) and try again." + log_message "Example: sudo crm resource move fs_res && sudo crm resource clear fs_res" + exit 1 + fi + fi + + # Ensure that the k8s services are stopped. + log_message "Stopping k8s services." + sudo snap stop k8s + + if [[ ! -L $K8S_DQLITE_STATE_DIR ]]; then + log_message "Not a symlink: $K8S_DQLITE_STATE_DIR, " \ + "transferring to $DRBD_MOUNT_DIR/k8s-dqlite" + sudo cp -r $K8S_DQLITE_STATE_DIR/. $DRBD_MOUNT_DIR/k8s-dqlite + + log_message "Creating k8s-dqlite state dir backup: $K8S_DQLITE_STATE_BKP_DIR" + sudo rm -rf $K8S_DQLITE_STATE_BKP_DIR + sudo mv $K8S_DQLITE_STATE_DIR/ $K8S_DQLITE_STATE_BKP_DIR + + log_message "Creating symlink $K8S_DQLITE_STATE_DIR -> $DRBD_MOUNT_DIR/k8s-dqlite" + sudo ln -sf $DRBD_MOUNT_DIR/k8s-dqlite $K8S_DQLITE_STATE_DIR + else + log_message "Symlink $K8S_DQLITE_STATE_DIR points to $DRBD_MOUNT_DIR/k8s-dqlite" + fi + + if [[ ! -L $K8SD_STATE_DIR ]]; then + log_message "Not a symlink: $K8SD_STATE_DIR, " \ + "transferring to $DRBD_MOUNT_DIR/k8sd" + sudo cp -r $K8SD_STATE_DIR/. $DRBD_MOUNT_DIR/k8sd + + log_message "Creating k8sd state dir backup: $K8SD_STATE_BKP_DIR" + sudo rm -rf $K8SD_STATE_BKP_DIR + sudo mv $K8SD_STATE_DIR/ $K8SD_STATE_BKP_DIR + + log_message "Creating symlink $K8SD_STATE_DIR -> $DRBD_MOUNT_DIR/k8sd" + sudo ln -sf $DRBD_MOUNT_DIR/k8sd $K8SD_STATE_DIR + else + log_message "Symlink $K8SD_STATE_DIR points to $DRBD_MOUNT_DIR/k8sd" + fi +} + +function ensure_mount_rw() { + if ! mount | grep "on $DRBD_MOUNT_DIR type" &> /dev/null; then + log_message "Missing DRBD mount: $DRBD_MOUNT_DIR" + return 1 + fi + + if ! mount | grep "on $DRBD_MOUNT_DIR type" | grep "rw" &> /dev/null; then + log_message "DRBD mount read-only: $DRBD_MOUNT_DIR" + return 1 + fi +} + +function wait_drbd_promoted() { + log_message "Waiting for one of the DRBD nodes to be promoted." + + local pollInterval=2 + # Special parameter, no need to increase it ourselves. + SECONDS=0 + + while [[ $SECONDS -lt $DRBD_READY_TIMEOUT ]]; do + if sudo crm resource status drbd_master_slave | grep Promoted ; then + log_message "DRBD node promoted." + return 0 + else + log_message "No DRBD node promoted yet, retrying in ${pollInterval}s" + sleep $pollInterval + fi + done + + log_message "Timed out waiting for primary DRBD node." \ + "Waited: ${SECONDS}. Timeout: ${DRBD_READY_TIMEOUT}s." + return 1 +} + +function ensure_drbd_unmounted() { + if mount | grep "on $DRBD_MOUNT_DIR type" &> /dev/null ; then + log_message "DRBD device mounted: $DRBD_MOUNT_DIR" + return 1 + fi +} + +function ensure_drbd_ready() { + ensure_mount_rw + + diskStatus=`sudo drbdadm status r0 | grep disk | head -1 | cut -d ":" -f 2` + if [[ $diskStatus != "UpToDate" ]]; then + log_message "DRBD disk status not ready. Current status: $diskStatus" + return 1 + else + log_message "DRBD disk up to date." + fi +} + +function wait_drbd_primary () { + log_message "Waiting for primary DRBD node to be ready." + + local pollInterval=2 + # Special parameter, no need to increase it ourselves. + SECONDS=0 + + while [[ $SECONDS -lt $DRBD_READY_TIMEOUT ]]; do + if ensure_drbd_ready; then + log_message "Primary DRBD node ready." + return 0 + else + log_message "Primary DRBD node not ready yet, retrying in ${pollInterval}s" + sleep $pollInterval + fi + done + + log_message "Timed out waiting for primary DRBD node." \ + "Waited: ${SECONDS}. Timeout: ${DRBD_READY_TIMEOUT}s." + return 1 +} + +function wait_for_peer_k8s() { + local k8sDqliteNodeId=`get_dqlite_node_id $K8S_DQLITE_INFO_BKP_YAML` + if [[ -z $k8sDqliteNodeId ]]; then + log_message "Couldn't retrieve k8s-dqlite node id." + exit 1 + fi + + local peerIp=`get_dql_peer_ip $K8S_DQLITE_CLUSTER_BKP_YAML $k8sDqliteNodeId` + if [[ -z $peerIp ]]; then + log_message "Couldn't retrieve Dqlite peer ip." + exit 1 + fi + + log_message "Waiting for k8s to start on peer: $peerIp. Timeout: ${PEER_READY_TIMEOUT}s." + + local pollInterval=2 + # Special parameter, no need to increase it ourselves. + SECONDS=0 + + while [[ $SECONDS -lt $PEER_READY_TIMEOUT ]]; do + if ssh $SSH_OPTS $SSH_USERNAME@$peerIp sudo k8s status &> /dev/null; then + log_message "Peer ready." + return 0 + else + log_message "Peer not ready yet, retrying in ${pollInterval}s." + sleep $pollInterval + fi + done + + log_message "Timed out waiting for k8s services to start on peer." \ + "Waited: ${SECONDS}. Timeout: ${PEER_READY_TIMEOUT}s." + return 1 + +} + +# "drbdadm status" throws the following if our service starts before +# Pacemaker initialized DRBD (even on the secondary). +# +# r0: No such resource +# Command 'drbdsetup-84 status r0' terminated with exit code 10 +function wait_drbd_resource () { + log_message "Waiting for DRBD resource." + + local pollInterval=2 + # Special parameter, no need to increase it ourselves. + SECONDS=0 + + while [[ $SECONDS -lt $DRBD_READY_TIMEOUT ]]; do + if sudo drbdadm status &> /dev/null; then + log_message "DRBD ready." + return 0 + else + log_message "DRBD not ready yet, retrying in ${pollInterval}s" + sleep $pollInterval + fi + done + + log_message "Timed out waiting for DRBD resource." \ + "Waited: ${SECONDS}. Timeout: ${DRBD_READY_TIMEOUT}s." + return 1 +} + +# Based on the DRBD volume state, we decide if this node should be a +# Dqlite voter or a spare. +function get_expected_dqlite_role() { + drbdResRole=`sudo drbdadm status $DRBD_RES_NAME | head -1 | grep role | cut -d ":" -f 2` + + case $drbdResRole in + "Primary") + echo $DQLITE_ROLE_VOTER + ;; + "Secondary") + echo $DQLITE_ROLE_SPARE + ;; + *) + log_message "Unexpected DRBD role: $drbdResRole" + exit 1 + ;; + esac +} + +function validate_drbd_state() { + wait_drbd_promoted + + drbdResRole=`sudo drbdadm status $DRBD_RES_NAME | head -1 | grep role | cut -d ":" -f 2` + + case $drbdResRole in + "Primary") + wait_drbd_primary + ;; + "Secondary") + ensure_drbd_unmounted + ;; + *) + log_message "Unexpected DRBD role: $drbdResRole" + exit 1 + ;; + esac +} + +# After a failover, the state dir points to the shared DRBD volume. +# We need to restore the node certificate and config files. +function restore_dqlite_confs_and_certs() { + log_message "Restoring Dqlite configs and certificates." + + sudo cp $K8S_DQLITE_STATE_BKP_DIR/info.yaml $K8S_DQLITE_STATE_DIR + + sudo cp $K8SD_STATE_BKP_DIR/database/info.yaml $K8SD_STATE_DIR/database/ + sudo cp $K8SD_STATE_BKP_DIR/daemon.yaml $K8SD_STATE_DIR/ + + # restore k8s-dqlite certificates + sudo cp $K8S_DQLITE_STATE_BKP_DIR/cluster.crt $K8S_DQLITE_STATE_DIR + sudo cp $K8S_DQLITE_STATE_BKP_DIR/cluster.key $K8S_DQLITE_STATE_DIR + + # restore k8sd certificates + sudo cp $K8SD_STATE_BKP_DIR/cluster.crt $K8SD_STATE_DIR + sudo cp $K8SD_STATE_BKP_DIR/cluster.key $K8SD_STATE_DIR + sudo cp $K8SD_STATE_BKP_DIR/server.crt $K8SD_STATE_DIR + sudo cp $K8SD_STATE_BKP_DIR/server.key $K8SD_STATE_DIR +} + +# Promote the current node as primary and prepare the recovery archives. +function promote_as_primary() { + local k8sDqliteNodeId=`get_dqlite_node_id $K8S_DQLITE_INFO_BKP_YAML` + if [[ -z $k8sDqliteNodeId ]]; then + log_message "Couldn't retrieve k8s-dqlite node id." + exit 1 + fi + + local k8sdNodeId=`get_dqlite_node_id $K8SD_INFO_BKP_YAML` + if [[ -z $k8sDqliteNodeId ]]; then + log_message "Couldn't retrieve k8s-dqlite node id." + exit 1 + fi + + local peerIp=`get_dql_peer_ip $K8S_DQLITE_CLUSTER_YAML $k8sDqliteNodeId` + if [[ -z $peerIp ]]; then + log_message "Couldn't retrieve Dqlite peer ip." + exit 1 + fi + + log_message "Stopping local k8s services." + sudo snap stop k8s + + # After a node crash, there may be a leaked control socket file and + # k8sd will refuse to perform the recovery. We've just stopped the k8s snap, + # it should be safe to remove such stale unix sockets. + log_message "Removing stale control sockets." + sudo rm -f $K8SD_STATE_DIR/control.socket + + local stoppedPeer=0 + log_message "Checking peer k8s services: $peerIp" + if ssh $SSH_OPTS $SSH_USERNAME@$peerIp sudo snap services k8s | grep -v inactive | grep "active"; then + log_message "Attempting to stop peer k8s services." + # Stop the k8s snap directly instead of the wrapper service so that + # we won't cause failures if both nodes start at the same time. + # The secondary will wait for the k8s services to start on the primary. + if ssh $SSH_OPTS $SSH_USERNAME@$peerIp sudo snap stop k8s; then + stoppedPeer=1 + log_message "Successfully stopped peer k8s services." + log_message "The stopped services are going to be restarted after the recovery finishes." + else + log_message "Couldn't stop k8s services on the peer node." \ + "Assuming that the peer node is stopped and proceeding with the recovery." + fi + fi + + log_message "Ensuring rw access to DRBD mount." + # Having RW access to the DRBD mount implies that this is the primary node. + ensure_mount_rw + + restore_dqlite_confs_and_certs + + log_message "Updating Dqlite roles." + # Update info.yaml + set_dqlite_node_role $K8S_DQLITE_INFO_YAML $DQLITE_ROLE_VOTER + set_dqlite_node_role $K8SD_INFO_YAML $DQLITE_ROLE_VOTER + + # Update cluster.yaml + set_dqlite_node_as_sole_voter $K8S_DQLITE_CLUSTER_YAML $k8sDqliteNodeId + set_dqlite_node_as_sole_voter $K8SD_CLUSTER_YAML $k8sdNodeId + + log_message "Restoring Dqlite." + sudo $K8SD_PATH cluster-recover \ + --state-dir=$K8SD_STATE_DIR \ + --k8s-dqlite-state-dir=$K8S_DQLITE_STATE_DIR \ + --log-level $K8SD_LOG_LEVEL \ + --non-interactive + + # TODO: consider removing offending segments if the last snapshot is behind + # and then try again. + + log_message "Copying k8sd recovery tarball to $K8SD_RECOVERY_TARBALL_BKP" + sudo cp $K8SD_RECOVERY_TARBALL $K8SD_RECOVERY_TARBALL_BKP + + log_message "Restarting k8s services." + sudo snap start k8s + + # TODO: validate k8s status + + if [[ $stoppedPeer -ne 0 ]]; then + log_message "Restarting peer k8s services: $peerIp" + # It's importand to issue a restart here since we stopped the k8s snap + # directly and the wrapper service doesn't currently monitor it. + ssh $SSH_OPTS $SSH_USERNAME@$peerIp sudo systemctl restart $SYSTEMD_SERVICE_NAME || + log_message "Couldn't start peer k8s services." + fi +} + +function process_recovery_files_on_secondary() { + local peerIp="$1" + + log_message "Ensuring that the DRBD volume is unmounted." + ensure_drbd_unmounted + + log_message "Restoring local Dqlite backup files." + sudo cp -r $K8S_DQLITE_STATE_BKP_DIR/. $DRBD_MOUNT_DIR/k8s-dqlite/ + sudo cp -r $K8SD_STATE_BKP_DIR/. $DRBD_MOUNT_DIR/k8sd/ + + sudo rm -f $DRBD_MOUNT_DIR/k8s-dqlite/00*-* + sudo rm -f $DRBD_MOUNT_DIR/k8s-dqlite/snapshot-* + sudo rm -f $DRBD_MOUNT_DIR/k8s-dqlite/metadata* + + sudo rm -f $DRBD_MOUNT_DIR/k8sd/database/00*-* + sudo rm -f $DRBD_MOUNT_DIR/k8sd/database/snapshot-* + sudo rm -f $DRBD_MOUNT_DIR/k8sd/database/metadata* + + log_message "Retrieving k8sd recovery tarball." + scp $SSH_OPTS $SSH_USERNAME@$peerIp:$K8SD_RECOVERY_TARBALL_BKP /tmp/ + sudo mv /tmp/`basename $K8SD_RECOVERY_TARBALL_BKP` \ + $K8SD_RECOVERY_TARBALL + + # TODO: do we really need to transfer recovery tarballs in this situation? + # the spare is simply forwarding the requests to the primary, it doesn't really + # hold any data. + lastK8sDqliteRecoveryTarball=`ssh $SSH_USERNAME@$peerIp \ + sudo ls /var/snap/k8s/common/ | \ + grep -P "recovery-k8s-dqlite-.*post-recovery" | \ + tail -1` + if [ -z "$lastK8sDqliteRecoveryTarball" ]; then + log_message "couldn't retrieve latest k8s-dqlite recovery tarball from $peerIp" + exit 1 + fi + + log_message "Retrieving k8s-dqlite recovery tarball." + scp $SSH_USERNAME@$peerIp:/var/snap/k8s/common/$lastK8sDqliteRecoveryTarball /tmp/ + sudo tar -xf /tmp/$lastK8sDqliteRecoveryTarball -C $K8S_DQLITE_STATE_DIR + + log_message "Updating Dqlite roles." + # Update info.yaml + set_dqlite_node_role $K8S_DQLITE_INFO_YAML $DQLITE_ROLE_SPARE + set_dqlite_node_role $K8SD_INFO_YAML $DQLITE_ROLE_SPARE + # We're skipping cluster.yaml, we expect the recovery archives to contain + # updated cluster.yaml files. +} + +# Recover a former primary, now secondary Dqlite node. +# Run "promote_as_primary" on the ther node first. +function rejoin_secondary() { + log_message "Recovering secondary node." + + local k8sDqliteNodeId=`get_dqlite_node_id $K8S_DQLITE_INFO_BKP_YAML` + if [[ -z $k8sDqliteNodeId ]]; then + log_message "Couldn't retrieve k8s-dqlite node id." + exit 1 + fi + + local peerIp=`get_dql_peer_ip $K8S_DQLITE_CLUSTER_BKP_YAML $k8sDqliteNodeId` + if [[ -z $peerIp ]]; then + log_message "Couldn't retrieve Dqlite peer ip." + exit 1 + fi + + log_message "Stopping k8s services." + sudo snap stop k8s + + log_message "Adding temporary Pacemaker constraint." + # We need to prevent failovers from happening while restoring secondary + # Dqlite data, otherwise we may end up overriding or deleting the primary + # node data. + # + # TODO: consider reducing the constraint scope (e.g. resource level constraint + # instead of putting the entire node in standby). + sudo crm node standby + if ! process_recovery_files_on_secondary $peerIp; then + log_message "Dqlite recovery filed, removing temporary Pacemaker constraints." + sudo crm node online + exit 1 + fi + + log_message "Restoring Pacemaker state." + sudo crm node online + + log_message "Restarting k8s services" + sudo snap start k8s +} + +function install_packages() { + sudo apt-get update + + sudo DEBIAN_FRONTEND=noninteractive apt-get install \ + python3 python3-netaddr \ + pacemaker resource-agents-extra \ + drbd-utils ntp linux-image-generic snap moreutils -y + sudo modprobe drbd || sudo apt-get install -y linux-modules-extra-$(uname -r) + + sudo snap install jq + sudo snap install yq + sudo snap install install k8s --classic $K8S_SNAP_CHANNEL +} + +function check_statedir() { + local stateDir="$1" + local expLink="$2" + + if [[ ! -e $stateDir ]]; then + log_message "State directory missing: $stateDir" + exit 1 + fi + + target=`readlink -f $stateDir` + if [[ -L "$stateDir" ]] && [[ "$target" != "$expLink" ]]; then + log_message "Unexpected symlink target. " \ + "State directory: $stateDir. " \ + "Expected symlink target: $expLink. " \ + "Actual symlink target: $target." + exit 1 + fi + + if [[ ! -L $stateDir ]] && [[ ! -z "$( ls -A $expLink )" ]]; then + log_message "State directory is not a symlink, however the " \ + "expected link target exists and is not empty. " \ + "We can't know which files to keep, erroring out. " \ + "State directory: $stateDir. " \ + "Expected symlink target: $expLink." + exit 1 + fi +} + +function check_peer_recovery_tarballs() { + log_message "Retrieving k8s-dqlite node id." + local k8sDqliteNodeId=`get_dqlite_node_id $K8S_DQLITE_INFO_BKP_YAML` + if [[ -z $k8sDqliteNodeId ]]; then + log_message "Couldn't retrieve k8s-dqlite node id." + exit 1 + fi + + log_message "Retrieving Dqlite peer ip." + local peerIp=`get_dql_peer_ip $K8S_DQLITE_CLUSTER_BKP_YAML $k8sDqliteNodeId` + if [[ -z $peerIp ]]; then + log_message "Couldn't retrieve Dqlite peer ip." + exit 1 + fi + + log_message "Checking for recovery taballs on $peerIp." + + k8sdRecoveryTarball=`ssh $SSH_OPTS $SSH_USERNAME@$peerIp \ + sudo ls -A "$K8SD_RECOVERY_TARBALL_BKP"` + if [[ -z $k8sdRecoveryTarball ]]; then + log_message "Peer $peerIp doesn't have k8sd recovery tarball." + return 1 + fi + + lastK8sDqliteRecoveryTarball=`ssh $SSH_OPTS $SSH_USERNAME@$peerIp \ + sudo ls /var/snap/k8s/common/ | \ + grep -P "recovery-k8s-dqlite-.*post-recovery"` + if [[ -z $k8sdRecoveryTarball ]]; then + log_message "Peer $peerIp doesn't have k8s-dqlite recovery tarball." + return 1 + fi +} + +function start_service() { + log_message "Initializing node." + + # DRBD is the primary source of truth for the Dqlite role. + # We need to wait for it to become available. + wait_drbd_resource + + # dump the DRBD and pacemaker status for debugging purposes. + sudo drbdadm status + sudo crm status + + validate_drbd_state + + move_statedirs + + local expRole=`get_expected_dqlite_role` + case $expRole in + $DQLITE_ROLE_VOTER) + log_message "Assuming the Dqlite voter role (primary)." + + # We'll assume that if the primary stopped, it needs to go through + # the recovery process. + promote_as_primary + ;; + $DQLITE_ROLE_SPARE) + log_message "Assuming the Dqlite spare role (secondary)." + + wait_for_peer_k8s + + if check_peer_recovery_tarballs; then + log_message "Recovery tarballs found, initiating recovery." + rejoin_secondary + else + # Maybe the primary didn't change and we don't need to go + # through the recovery process. + # TODO: consider comparing the cluster.yaml files from the + # two nodes. + log_message "Recovery tarballs missing, skipping recovery." + log_message "Starting k8s services." + sudo snap k8s start + fi + ;; + *) + log_message "Unexpected Dqlite role: $expRole" + exit 1 + ;; + esac +} + +function clean_recovery_data() { + log_message "Cleaning up Dqlite recovery data." + rm -f $K8SD_RECOVERY_TARBALL + rm -f $K8SD_RECOVERY_TARBALL_BKP + rm -f $K8S_DQLITE_STATE_DIR/recovery-k8s-dqlite* +} + +function purge() { + log_message "Removing the k8s snap and all the associated files." + + sudo snap remove --purge k8s + + if [[ -d $DRBD_MOUNT_DIR ]]; then + log_message "Cleaning up $DRBD_MOUNT_DIR." + sudo rm -rf $DRBD_MOUNT_DIR/k8sd + sudo rm -rf $DRBD_MOUNT_DIR/k8s-dqlite + + if ! ensure_drbd_unmounted; then + log_message "Cleaning up $DRBD_MOUNT_DIR mount point." + + # The replicas use the mount dir directly, without a block device + # attachment. We need to clean up the mount point as well. + # + # We're using another mount with "--bind" to bypass the DRBD mount. + tempdir=`mktemp -d` + # We need to mount the parent dir. + sudo mount --bind `dirname $DRBD_MOUNT_DIR` $tempdir + sudo rm -rf $tempdir/`basename $DRBD_MOUNT_DIR`/k8sd + sudo rm -rf $tempdir/`basename $DRBD_MOUNT_DIR`/k8s-dqlite + sudo umount $tempdir + sudo rm -rf $tempdir + fi + fi +} + +function clear_taints() { + log_message "Clearing tainted Pacemaker resources." + sudo crm resource clear ha_k8s_failover_service + sudo crm resource clear fs_res + sudo crm resource clear drbd_master_slave + + sudo crm resource cleanup ha_k8s_failover_service + sudo crm resource cleanup fs_res + sudo crm resource cleanup drbd_master_slave +} + +function main() { + local command=$1 + + case $command in + "move_statedirs") + move_statedirs + ;; + "install_packages") + install_packages + ;; + "start_service") + start_service + ;; + "clean_recovery_data") + clean_recovery_data + ;; + "purge") + purge + ;; + "clear_taints") + clear_taints + ;; + *) + cat << EOF +Unknown command: $1 + +usage: $0 + +Commands: + move_statedirs Move the Dqlite state directories to the DRBD mount, + replacing them with symlinks. + The existing contents are moved to a backup folder, + which can be used as part of the recovery process. + install_packages Install the packages required by the two-node HA + cluster. + start_service Initialize the k8s services, taking the following + steps: + 1. Based on the DRBD state, decide if this node + should assume the primary (dqlite voter) or + secondary (spare) role. + 2. If this is the first start, transfer the Dqlite + state directories and create backups. + 3. If this node is a primary, promote it and initiate + the Dqlite recovery, creating recovery tarballs. + Otherwise, copy over the recovery files and + join the existing cluster as a spare. + 4. Start the k8s services. + IMPORTANT: ensure that the DRBD volume is attached + to the primary node when running the command for + the first time. + clean_recovery_data Remove database recovery files. Should be called + after the cluster has been fully recovered. + purge Remove the k8s snap and all its associated files. + clear_taints Clear tainted Pacemaker resources. + +EOF + ;; + esac +} + +if [[ $sourced -ne 1 ]]; then + main $@ +fi From a646a0bdbf0216cab0df6544513cf021bd56ae04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciek=20Go=C5=82aszewski?= Date: Wed, 2 Oct 2024 14:58:38 +0200 Subject: [PATCH 034/122] docs spec check (#707) --- .github/workflows/docs-spelling-checks.yml | 30 ++++++++++ docs/moonray/.sphinx/requirements.txt | 1 + docs/tools/.custom_wordlist.txt | 66 ++++++++++++++++++++++ docs/tools/.sphinx/spellingcheck.yaml | 3 +- 4 files changed, 98 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/docs-spelling-checks.yml diff --git a/.github/workflows/docs-spelling-checks.yml b/.github/workflows/docs-spelling-checks.yml new file mode 100644 index 000000000..96bfa636f --- /dev/null +++ b/.github/workflows/docs-spelling-checks.yml @@ -0,0 +1,30 @@ +name: Documentation Spelling Check + +on: + workflow_dispatch: + pull_request: + paths: + - 'docs/**' + +jobs: + spell-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Install aspell + run: sudo apt-get install aspell aspell-en + - id: spell-check + name: Spell Check + run: make spelling + working-directory: docs/tools + continue-on-error: true + - if: ${{ github.event_name == 'pull_request' && steps.spell-check.outcome == 'failure' }} + uses: actions/github-script@v6 + with: + script: | + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: 'Hi, looks like pyspelling job found some issues, you can check it [here](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})' + }) diff --git a/docs/moonray/.sphinx/requirements.txt b/docs/moonray/.sphinx/requirements.txt index c019f178a..fd19a7b47 100644 --- a/docs/moonray/.sphinx/requirements.txt +++ b/docs/moonray/.sphinx/requirements.txt @@ -1,2 +1,3 @@ git+https://github.com/canonical/canonical-sphinx@main#egg=canonical-sphinx sphinx-autobuild +pyspelling diff --git a/docs/tools/.custom_wordlist.txt b/docs/tools/.custom_wordlist.txt index e69de29bb..7893c42d2 100644 --- a/docs/tools/.custom_wordlist.txt +++ b/docs/tools/.custom_wordlist.txt @@ -0,0 +1,66 @@ +apiserver +apparmor +AppArmor +autostart +aws +CAPI +Ceph +cgroup +CIDRS +CIDRs +CNI +config +containerd +CoreDNS +CPUs +cpuset +daemonset +datastore +dbus +DNS +dqlite +EasyRSA +etcd +GCP +ghcr +grafana +html +http +https +initialise +juju +kubeconfig +kubectl +kubelet +kubepods +kubernetes +libcontainer +lifecycle +linux +localhost +lxc +LXD +MAAS +Multipass +nameservers +NGINX +OCI +OpenStack +proc +RBAC +regsync +roadmap +Rockcraft +rw +snapd +stackexchange +sys +systemd +TLS +ubuntu +unix +VMs +VMWare +VSphere +www +yaml diff --git a/docs/tools/.sphinx/spellingcheck.yaml b/docs/tools/.sphinx/spellingcheck.yaml index fc9d3c503..b907c5d67 100644 --- a/docs/tools/.sphinx/spellingcheck.yaml +++ b/docs/tools/.sphinx/spellingcheck.yaml @@ -9,7 +9,7 @@ matrix: - .custom_wordlist.txt output: .sphinx/.wordlist.dic sources: - - _build/**/*.html + - ../_build/**/*.html pipeline: - pyspelling.filters.html: comments: false @@ -21,7 +21,6 @@ matrix: - pre - spellexception - link - - title - div.relatedlinks - strong.command - div.visually-hidden From ed252142fb1304b2f975c474c131b2b2f3989e82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciek=20Go=C5=82aszewski?= Date: Wed, 2 Oct 2024 15:09:38 +0200 Subject: [PATCH 035/122] Unit tests for contour k8sd feature (#705) --- src/k8s/pkg/k8sd/features/contour/chart.go | 32 +- src/k8s/pkg/k8sd/features/contour/gateway.go | 40 +- .../pkg/k8sd/features/contour/gateway_test.go | 210 +++++++++ src/k8s/pkg/k8sd/features/contour/ingress.go | 53 ++- .../pkg/k8sd/features/contour/ingress_test.go | 401 ++++++++++++++++++ src/k8s/pkg/k8sd/features/contour/register.go | 8 +- 6 files changed, 677 insertions(+), 67 deletions(-) create mode 100644 src/k8s/pkg/k8sd/features/contour/gateway_test.go create mode 100644 src/k8s/pkg/k8sd/features/contour/ingress_test.go diff --git a/src/k8s/pkg/k8sd/features/contour/chart.go b/src/k8s/pkg/k8sd/features/contour/chart.go index ff8fa2016..3eece9317 100644 --- a/src/k8s/pkg/k8sd/features/contour/chart.go +++ b/src/k8s/pkg/k8sd/features/contour/chart.go @@ -34,29 +34,29 @@ var ( ManifestPath: filepath.Join("charts", "ck-contour-common-1.28.2.tgz"), } - // contourGatewayProvisionerEnvoyImageRepo represents the image to use for envoy in the gateway. - contourGatewayProvisionerEnvoyImageRepo = "ghcr.io/canonical/k8s-snap/envoyproxy/envoy" + // ContourGatewayProvisionerEnvoyImageRepo represents the image to use for envoy in the gateway. + ContourGatewayProvisionerEnvoyImageRepo = "ghcr.io/canonical/k8s-snap/envoyproxy/envoy" // NOTE: The image version is v1.29.2 instead of 1.28.2 // to follow the upstream configuration for the contour gateway provisioner. - // contourGatewayProvisionerEnvoyImageTag is the tag to use for for envoy in the gateway. - contourGatewayProvisionerEnvoyImageTag = "v1.29.2" + // ContourGatewayProvisionerEnvoyImageTag is the tag to use for for envoy in the gateway. + ContourGatewayProvisionerEnvoyImageTag = "v1.29.2" - // contourIngressEnvoyImageRepo represents the image to use for the Contour Envoy proxy. - contourIngressEnvoyImageRepo = "ghcr.io/canonical/k8s-snap/bitnami/envoy" + // ContourIngressEnvoyImageRepo represents the image to use for the Contour Envoy proxy. + ContourIngressEnvoyImageRepo = "ghcr.io/canonical/k8s-snap/bitnami/envoy" - // contourIngressEnvoyImageTag is the tag to use for the Contour Envoy proxy image. - contourIngressEnvoyImageTag = "1.28.2-debian-12-r0" + // ContourIngressEnvoyImageTag is the tag to use for the Contour Envoy proxy image. + ContourIngressEnvoyImageTag = "1.28.2-debian-12-r0" - // contourIngressContourImageRepo represents the image to use for Contour. - contourIngressContourImageRepo = "ghcr.io/canonical/k8s-snap/bitnami/contour" + // ContourIngressContourImageRepo represents the image to use for Contour. + ContourIngressContourImageRepo = "ghcr.io/canonical/k8s-snap/bitnami/contour" - // contourIngressContourImageTag is the tag to use for the Contour image. - contourIngressContourImageTag = "1.28.2-debian-12-r4" + // ContourIngressContourImageTag is the tag to use for the Contour image. + ContourIngressContourImageTag = "1.28.2-debian-12-r4" - // contourGatewayProvisionerContourImageRepo represents the image to use for the Contour Gateway Provisioner. - contourGatewayProvisionerContourImageRepo = "ghcr.io/canonical/k8s-snap/projectcontour/contour" + // ContourGatewayProvisionerContourImageRepo represents the image to use for the Contour Gateway Provisioner. + ContourGatewayProvisionerContourImageRepo = "ghcr.io/canonical/k8s-snap/projectcontour/contour" - // contourGatewayProvisionerContourImageTag is the tag to use for the Contour Gateway Provisioner image. - contourGatewayProvisionerContourImageTag = "v1.28.2" + // ContourGatewayProvisionerContourImageTag is the tag to use for the Contour Gateway Provisioner image. + ContourGatewayProvisionerContourImageTag = "v1.28.2" ) diff --git a/src/k8s/pkg/k8sd/features/contour/gateway.go b/src/k8s/pkg/k8sd/features/contour/gateway.go index d7b203c6b..320140d3b 100644 --- a/src/k8s/pkg/k8sd/features/contour/gateway.go +++ b/src/k8s/pkg/k8sd/features/contour/gateway.go @@ -11,10 +11,10 @@ import ( ) const ( - enabledMsg = "enabled" - disabledMsg = "disabled" - gatewayDeployFailedMsgTmpl = "Failed to deploy Contour Gateway, the error was: %v" - gatewayDeleteFailedMsgTmpl = "Failed to delete Contour Gateway, the error was: %v" + EnabledMsg = "enabled" + DisabledMsg = "disabled" + GatewayDeployFailedMsgTmpl = "Failed to deploy Contour Gateway, the error was: %v" + GatewayDeleteFailedMsgTmpl = "Failed to delete Contour Gateway, the error was: %v" ) // ApplyGateway will install a helm chart for contour-gateway-provisioner on the cluster when gateway.Enabled is true. @@ -32,14 +32,14 @@ func ApplyGateway(ctx context.Context, snap snap.Snap, gateway types.Gateway, ne err = fmt.Errorf("failed to uninstall the contour gateway chart: %w", err) return types.FeatureStatus{ Enabled: false, - Version: contourGatewayProvisionerContourImageTag, - Message: fmt.Sprintf(gatewayDeleteFailedMsgTmpl, err), + Version: ContourGatewayProvisionerContourImageTag, + Message: fmt.Sprintf(GatewayDeleteFailedMsgTmpl, err), }, err } return types.FeatureStatus{ Enabled: false, - Version: contourGatewayProvisionerContourImageTag, - Message: disabledMsg, + Version: ContourGatewayProvisionerContourImageTag, + Message: DisabledMsg, }, nil } @@ -48,8 +48,8 @@ func ApplyGateway(ctx context.Context, snap snap.Snap, gateway types.Gateway, ne err = fmt.Errorf("failed to apply common contour CRDS: %w", err) return types.FeatureStatus{ Enabled: false, - Version: contourGatewayProvisionerContourImageTag, - Message: fmt.Sprintf(gatewayDeployFailedMsgTmpl, err), + Version: ContourGatewayProvisionerContourImageTag, + Message: fmt.Sprintf(GatewayDeployFailedMsgTmpl, err), }, err } @@ -57,22 +57,22 @@ func ApplyGateway(ctx context.Context, snap snap.Snap, gateway types.Gateway, ne err = fmt.Errorf("failed to wait for required contour common CRDs to be available: %w", err) return types.FeatureStatus{ Enabled: false, - Version: contourGatewayProvisionerContourImageTag, - Message: fmt.Sprintf(gatewayDeployFailedMsgTmpl, err), + Version: ContourGatewayProvisionerContourImageTag, + Message: fmt.Sprintf(GatewayDeployFailedMsgTmpl, err), }, err } values := map[string]any{ "projectcontour": map[string]any{ "image": map[string]any{ - "repository": contourGatewayProvisionerContourImageRepo, - "tag": contourGatewayProvisionerContourImageTag, + "repository": ContourGatewayProvisionerContourImageRepo, + "tag": ContourGatewayProvisionerContourImageTag, }, }, "envoyproxy": map[string]any{ "image": map[string]any{ - "repository": contourGatewayProvisionerEnvoyImageRepo, - "tag": contourGatewayProvisionerEnvoyImageTag, + "repository": ContourGatewayProvisionerEnvoyImageRepo, + "tag": ContourGatewayProvisionerEnvoyImageTag, }, }, } @@ -81,15 +81,15 @@ func ApplyGateway(ctx context.Context, snap snap.Snap, gateway types.Gateway, ne err = fmt.Errorf("failed to install the contour gateway chart: %w", err) return types.FeatureStatus{ Enabled: false, - Version: contourGatewayProvisionerContourImageTag, - Message: fmt.Sprintf(gatewayDeployFailedMsgTmpl, err), + Version: ContourGatewayProvisionerContourImageTag, + Message: fmt.Sprintf(GatewayDeployFailedMsgTmpl, err), }, err } return types.FeatureStatus{ Enabled: true, - Version: contourGatewayProvisionerContourImageTag, - Message: enabledMsg, + Version: ContourGatewayProvisionerContourImageTag, + Message: EnabledMsg, }, nil } diff --git a/src/k8s/pkg/k8sd/features/contour/gateway_test.go b/src/k8s/pkg/k8sd/features/contour/gateway_test.go new file mode 100644 index 000000000..bcf1b26d3 --- /dev/null +++ b/src/k8s/pkg/k8sd/features/contour/gateway_test.go @@ -0,0 +1,210 @@ +package contour_test + +import ( + "context" + "errors" + "fmt" + "testing" + "time" + + helmmock "github.com/canonical/k8s/pkg/client/helm/mock" + "github.com/canonical/k8s/pkg/client/kubernetes" + "github.com/canonical/k8s/pkg/k8sd/features/contour" + "github.com/canonical/k8s/pkg/k8sd/types" + snapmock "github.com/canonical/k8s/pkg/snap/mock" + + . "github.com/onsi/gomega" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + fakediscovery "k8s.io/client-go/discovery/fake" + "k8s.io/client-go/kubernetes/fake" + "k8s.io/utils/ptr" +) + +func TestGatewayDisabled(t *testing.T) { + t.Run("HelmFailed", func(t *testing.T) { + g := NewWithT(t) + + applyErr := errors.New("failed to apply") + helmM := &helmmock.Mock{ + ApplyErr: applyErr, + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + network := types.Network{} + gateway := types.Gateway{ + Enabled: ptr.To(false), + } + + status, err := contour.ApplyGateway(context.Background(), snapM, gateway, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(err.Error()).To(ContainSubstring(applyErr.Error())) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(contour.ContourGatewayProvisionerContourImageTag)) + g.Expect(status.Message).To(Equal(fmt.Sprintf(contour.GatewayDeleteFailedMsgTmpl, err))) + + }) + + t.Run("Success", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + network := types.Network{} + gateway := types.Gateway{ + Enabled: ptr.To(false), + } + + status, err := contour.ApplyGateway(context.Background(), snapM, gateway, network, nil) + + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(contour.ContourGatewayProvisionerContourImageTag)) + g.Expect(status.Message).To(Equal(contour.DisabledMsg)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + + }) +} + +func TestGatewayEnabled(t *testing.T) { + t.Run("HelmFailed", func(t *testing.T) { + g := NewWithT(t) + + applyErr := errors.New("failed to apply") + helmM := &helmmock.Mock{ + ApplyErr: applyErr, + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + network := types.Network{} + gateway := types.Gateway{ + Enabled: ptr.To(true), + } + + status, err := contour.ApplyGateway(context.Background(), snapM, gateway, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(err).To(MatchError(applyErr)) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(contour.ContourGatewayProvisionerContourImageTag)) + g.Expect(status.Message).To(Equal(fmt.Sprintf(contour.GatewayDeployFailedMsgTmpl, err))) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + }) + + t.Run("Success", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset() + fakeDiscovery, ok := clientset.Discovery().(*fakediscovery.FakeDiscovery) + g.Expect(ok).To(BeTrue()) + fakeDiscovery.Resources = []*v1.APIResourceList{ + { + GroupVersion: "projectcontour.io/v1alpha1", + APIResources: []v1.APIResource{ + {Name: "contourconfigurations"}, + {Name: "contourdeployments"}, + {Name: "extensionservices"}, + }, + }, + { + GroupVersion: "projectcontour.io/v1", + APIResources: []v1.APIResource{ + {Name: "tlscertificatedelegations"}, + {Name: "httpproxies"}, + }, + }} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + network := types.Network{} + gateway := types.Gateway{ + Enabled: ptr.To(true), + } + + status, err := contour.ApplyGateway(context.Background(), snapM, gateway, network, nil) + + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(status.Enabled).To(BeTrue()) + g.Expect(status.Version).To(Equal(contour.ContourGatewayProvisionerContourImageTag)) + g.Expect(status.Message).To(Equal(contour.EnabledMsg)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(2)) + + values := helmM.ApplyCalledWith[1].Values + contourValues, ok := values["projectcontour"].(map[string]any) + g.Expect(ok).To(BeTrue()) + contourImage, ok := contourValues["image"].(map[string]any) + g.Expect(ok).To(BeTrue()) + g.Expect(contourImage["repository"]).To(Equal(contour.ContourGatewayProvisionerContourImageRepo)) + g.Expect(contourImage["tag"]).To(Equal(contour.ContourGatewayProvisionerContourImageTag)) + envoyValues, ok := values["envoyproxy"].(map[string]any) + g.Expect(ok).To(BeTrue()) + envoyImage, ok := envoyValues["image"].(map[string]any) + g.Expect(ok).To(BeTrue()) + g.Expect(envoyImage["repository"]).To(Equal(contour.ContourGatewayProvisionerEnvoyImageRepo)) + g.Expect(envoyImage["tag"]).To(Equal(contour.ContourGatewayProvisionerEnvoyImageTag)) + }) + + t.Run("CrdDeploymentFailed", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset() + fakeDiscovery, ok := clientset.Discovery().(*fakediscovery.FakeDiscovery) + g.Expect(ok).To(BeTrue()) + fakeDiscovery.Resources = []*v1.APIResourceList{ + { + GroupVersion: "projectcontour.io/v1alpha1", + APIResources: []v1.APIResource{ + {Name: "contourconfigurations"}, + {Name: "contourdeployments"}, + {Name: "extensionservices"}, + }, + }, + { + GroupVersion: "projectcontour.io/v1", + APIResources: []v1.APIResource{}, + }} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + network := types.Network{} + gateway := types.Gateway{ + Enabled: ptr.To(true), + } + ctx, cancel := context.WithTimeout(context.Background(), time.Second*2) + defer cancel() + status, err := contour.ApplyGateway(ctx, snapM, gateway, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(err.Error()).To(ContainSubstring("failed to wait for required contour common CRDs")) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(contour.ContourGatewayProvisionerContourImageTag)) + g.Expect(status.Message).To(Equal(fmt.Sprintf(contour.GatewayDeployFailedMsgTmpl, err))) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + }) +} diff --git a/src/k8s/pkg/k8sd/features/contour/ingress.go b/src/k8s/pkg/k8sd/features/contour/ingress.go index a43023d1c..cf2f45ebe 100644 --- a/src/k8s/pkg/k8sd/features/contour/ingress.go +++ b/src/k8s/pkg/k8sd/features/contour/ingress.go @@ -11,8 +11,8 @@ import ( ) const ( - ingressDeleteFailedMsgTmpl = "Failed to delete Contour Ingress, the error was: %v" - ingressDeployFailedMsgTmpl = "Failed to deploy Contour Ingress, the error was: %v" + IngressDeleteFailedMsgTmpl = "Failed to delete Contour Ingress, the error was: %v" + IngressDeployFailedMsgTmpl = "Failed to deploy Contour Ingress, the error was: %v" ) // ApplyIngress will install the contour helm chart when ingress.Enabled is true. @@ -33,14 +33,14 @@ func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, _ err = fmt.Errorf("failed to uninstall ingress: %w", err) return types.FeatureStatus{ Enabled: false, - Version: contourIngressContourImageTag, - Message: fmt.Sprintf(ingressDeleteFailedMsgTmpl, err), + Version: ContourIngressContourImageTag, + Message: fmt.Sprintf(IngressDeleteFailedMsgTmpl, err), }, err } return types.FeatureStatus{ Enabled: false, - Version: contourIngressContourImageTag, - Message: disabledMsg, + Version: ContourIngressContourImageTag, + Message: DisabledMsg, }, nil } @@ -49,8 +49,8 @@ func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, _ err = fmt.Errorf("failed to apply common contour CRDS: %w", err) return types.FeatureStatus{ Enabled: false, - Version: contourIngressContourImageTag, - Message: fmt.Sprintf(ingressDeployFailedMsgTmpl, err), + Version: ContourIngressContourImageTag, + Message: fmt.Sprintf(IngressDeployFailedMsgTmpl, err), }, err } @@ -58,8 +58,8 @@ func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, _ err = fmt.Errorf("failed to wait for required contour common CRDs to be available: %w", err) return types.FeatureStatus{ Enabled: false, - Version: contourIngressContourImageTag, - Message: fmt.Sprintf(ingressDeployFailedMsgTmpl, err), + Version: ContourIngressContourImageTag, + Message: fmt.Sprintf(IngressDeployFailedMsgTmpl, err), }, err } @@ -70,8 +70,8 @@ func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, _ "envoy": map[string]any{ "image": map[string]any{ "registry": "", - "repository": contourIngressEnvoyImageRepo, - "tag": contourIngressEnvoyImageTag, + "repository": ContourIngressEnvoyImageRepo, + "tag": ContourIngressEnvoyImageTag, }, }, "contour": map[string]any{ @@ -83,8 +83,8 @@ func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, _ }, "image": map[string]any{ "registry": "", - "repository": contourIngressContourImageRepo, - "tag": contourIngressContourImageTag, + "repository": ContourIngressContourImageRepo, + "tag": ContourIngressContourImageTag, }, }, } @@ -92,7 +92,6 @@ func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, _ if ingress.GetEnableProxyProtocol() { contour := values["contour"].(map[string]any) contour["extraArgs"] = []string{"--use-proxy-protocol"} - } changed, err := m.Apply(ctx, chartContour, helm.StatePresent, values) @@ -100,8 +99,8 @@ func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, _ err = fmt.Errorf("failed to enable ingress: %w", err) return types.FeatureStatus{ Enabled: false, - Version: contourIngressContourImageTag, - Message: fmt.Sprintf(ingressDeployFailedMsgTmpl, err), + Version: ContourIngressContourImageTag, + Message: fmt.Sprintf(IngressDeployFailedMsgTmpl, err), }, err } @@ -110,8 +109,8 @@ func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, _ err = fmt.Errorf("failed to rollout restart contour to apply ingress: %w", err) return types.FeatureStatus{ Enabled: false, - Version: contourIngressContourImageTag, - Message: fmt.Sprintf(ingressDeployFailedMsgTmpl, err), + Version: ContourIngressContourImageTag, + Message: fmt.Sprintf(IngressDeployFailedMsgTmpl, err), }, err } } @@ -127,14 +126,14 @@ func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, _ err = fmt.Errorf("failed to install the delegation resource for default TLS secret: %w", err) return types.FeatureStatus{ Enabled: false, - Version: contourIngressContourImageTag, - Message: fmt.Sprintf(ingressDeployFailedMsgTmpl, err), + Version: ContourIngressContourImageTag, + Message: fmt.Sprintf(IngressDeployFailedMsgTmpl, err), }, err } return types.FeatureStatus{ Enabled: true, - Version: contourIngressContourImageTag, - Message: enabledMsg, + Version: ContourIngressContourImageTag, + Message: EnabledMsg, }, nil } @@ -142,16 +141,16 @@ func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, _ err = fmt.Errorf("failed to uninstall the delegation resource for default TLS secret: %w", err) return types.FeatureStatus{ Enabled: false, - Version: contourIngressContourImageTag, - Message: fmt.Sprintf(ingressDeployFailedMsgTmpl, err), + Version: ContourIngressContourImageTag, + Message: fmt.Sprintf(IngressDeployFailedMsgTmpl, err), }, err } return types.FeatureStatus{ Enabled: true, - Version: contourIngressContourImageTag, - Message: enabledMsg, + Version: ContourIngressContourImageTag, + Message: EnabledMsg, }, nil } diff --git a/src/k8s/pkg/k8sd/features/contour/ingress_test.go b/src/k8s/pkg/k8sd/features/contour/ingress_test.go new file mode 100644 index 000000000..804759d52 --- /dev/null +++ b/src/k8s/pkg/k8sd/features/contour/ingress_test.go @@ -0,0 +1,401 @@ +package contour_test + +import ( + "context" + "errors" + "fmt" + "testing" + "time" + + helmmock "github.com/canonical/k8s/pkg/client/helm/mock" + "github.com/canonical/k8s/pkg/client/kubernetes" + "github.com/canonical/k8s/pkg/k8sd/features/contour" + "github.com/canonical/k8s/pkg/k8sd/types" + snapmock "github.com/canonical/k8s/pkg/snap/mock" + + . "github.com/onsi/gomega" + v1 "k8s.io/api/apps/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + fakediscovery "k8s.io/client-go/discovery/fake" + "k8s.io/client-go/kubernetes/fake" + "k8s.io/utils/ptr" +) + +func TestIngressDisabled(t *testing.T) { + t.Run("HelmFailed", func(t *testing.T) { + g := NewWithT(t) + + applyErr := errors.New("failed to apply") + helmM := &helmmock.Mock{ + ApplyErr: applyErr, + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + network := types.Network{} + ingress := types.Ingress{ + Enabled: ptr.To(false), + } + + status, err := contour.ApplyIngress(context.Background(), snapM, ingress, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(err).To(MatchError(applyErr)) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(contour.ContourIngressContourImageTag)) + g.Expect(status.Message).To(Equal(fmt.Sprintf(contour.IngressDeleteFailedMsgTmpl, err))) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + }) + + t.Run("Success", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + network := types.Network{} + ingress := types.Ingress{ + Enabled: ptr.To(false), + } + + status, err := contour.ApplyIngress(context.Background(), snapM, ingress, network, nil) + + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(contour.ContourIngressContourImageTag)) + g.Expect(status.Message).To(Equal(contour.DisabledMsg)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + }) +} + +func TestIngressEnabled(t *testing.T) { + t.Run("HelmFailed", func(t *testing.T) { + g := NewWithT(t) + + applyErr := errors.New("failed to apply") + helmM := &helmmock.Mock{ + ApplyErr: applyErr, + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + network := types.Network{} + ingress := types.Ingress{ + Enabled: ptr.To(true), + } + + status, err := contour.ApplyIngress(context.Background(), snapM, ingress, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(err).To(MatchError(applyErr)) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(contour.ContourIngressContourImageTag)) + g.Expect(status.Message).To(Equal(fmt.Sprintf(contour.IngressDeployFailedMsgTmpl, err))) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + }) + + t.Run("Success", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset( + &v1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "ck-ingress-contour-contour", + Namespace: "projectcontour", + }, + }) + fakeDiscovery, ok := clientset.Discovery().(*fakediscovery.FakeDiscovery) + g.Expect(ok).To(BeTrue()) + fakeDiscovery.Resources = []*metav1.APIResourceList{ + { + GroupVersion: "projectcontour.io/v1alpha1", + APIResources: []metav1.APIResource{ + {Name: "contourconfigurations"}, + {Name: "contourdeployments"}, + {Name: "extensionservices"}, + }, + }, + { + GroupVersion: "projectcontour.io/v1", + APIResources: []metav1.APIResource{ + {Name: "tlscertificatedelegations"}, + {Name: "httpproxies"}, + }, + }} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + network := types.Network{} + ingress := types.Ingress{ + Enabled: ptr.To(true), + } + ctx, cancel := context.WithTimeout(context.Background(), time.Second*20) + defer cancel() + + status, err := contour.ApplyIngress(ctx, snapM, ingress, network, nil) + + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(status.Enabled).To(BeTrue()) + g.Expect(status.Version).To(Equal(contour.ContourIngressContourImageTag)) + g.Expect(status.Message).To(Equal(contour.EnabledMsg)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(3)) + validateIngressValues(g, helmM.ApplyCalledWith[1].Values, ingress) + }) + + t.Run("SuccessWithEnabledProxyProtocol", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset( + &v1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "ck-ingress-contour-contour", + Namespace: "projectcontour", + }, + }) + fakeDiscovery, ok := clientset.Discovery().(*fakediscovery.FakeDiscovery) + g.Expect(ok).To(BeTrue()) + fakeDiscovery.Resources = []*metav1.APIResourceList{ + { + GroupVersion: "projectcontour.io/v1alpha1", + APIResources: []metav1.APIResource{ + {Name: "contourconfigurations"}, + {Name: "contourdeployments"}, + {Name: "extensionservices"}, + }, + }, + { + GroupVersion: "projectcontour.io/v1", + APIResources: []metav1.APIResource{ + {Name: "tlscertificatedelegations"}, + {Name: "httpproxies"}, + }, + }} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + network := types.Network{} + ingress := types.Ingress{ + Enabled: ptr.To(true), + EnableProxyProtocol: ptr.To(true), + } + ctx, cancel := context.WithTimeout(context.Background(), time.Second*20) + defer cancel() + + status, err := contour.ApplyIngress(ctx, snapM, ingress, network, nil) + + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(status.Enabled).To(BeTrue()) + g.Expect(status.Version).To(Equal(contour.ContourIngressContourImageTag)) + g.Expect(status.Message).To(Equal(contour.EnabledMsg)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(3)) + validateIngressValues(g, helmM.ApplyCalledWith[1].Values, ingress) + }) + + t.Run("SuccessWithDefaultTLSSecret", func(t *testing.T) { + g := NewWithT(t) + defaultTLSSecret := "secret" + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset( + &v1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "ck-ingress-contour-contour", + Namespace: "projectcontour", + }, + }) + fakeDiscovery, ok := clientset.Discovery().(*fakediscovery.FakeDiscovery) + g.Expect(ok).To(BeTrue()) + fakeDiscovery.Resources = []*metav1.APIResourceList{ + + { + GroupVersion: "projectcontour.io/v1alpha1", + APIResources: []metav1.APIResource{ + {Name: "contourconfigurations"}, + {Name: "contourdeployments"}, + {Name: "extensionservices"}, + }, + }, + { + GroupVersion: "projectcontour.io/v1", + APIResources: []metav1.APIResource{ + {Name: "tlscertificatedelegations"}, + {Name: "httpproxies"}, + }, + }} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + network := types.Network{} + ingress := types.Ingress{ + Enabled: ptr.To(true), + DefaultTLSSecret: ptr.To(defaultTLSSecret), + } + ctx, cancel := context.WithTimeout(context.Background(), time.Second*20) + defer cancel() + + status, err := contour.ApplyIngress(ctx, snapM, ingress, network, nil) + + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(status.Enabled).To(BeTrue()) + g.Expect(status.Version).To(Equal(contour.ContourIngressContourImageTag)) + g.Expect(status.Message).To(Equal(contour.EnabledMsg)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(3)) + validateIngressValues(g, helmM.ApplyCalledWith[1].Values, ingress) + g.Expect(helmM.ApplyCalledWith[2].Values["defaultTLSSecret"]).To(Equal(defaultTLSSecret)) + }) + + t.Run("NoCR", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset() + fakeDiscovery, ok := clientset.Discovery().(*fakediscovery.FakeDiscovery) + g.Expect(ok).To(BeTrue()) + fakeDiscovery.Resources = []*metav1.APIResourceList{ + { + GroupVersion: "projectcontour.io/v1alpha1", + APIResources: []metav1.APIResource{ + {Name: "contourconfigurations"}, + {Name: "contourdeployments"}, + {Name: "extensionservices"}, + }, + }, + { + GroupVersion: "projectcontour.io/metav1", + APIResources: []metav1.APIResource{}, + }} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + network := types.Network{} + ingress := types.Ingress{ + Enabled: ptr.To(true), + } + ctx, cancel := context.WithTimeout(context.Background(), time.Second*2) + defer cancel() + + status, err := contour.ApplyIngress(ctx, snapM, ingress, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(contour.ContourIngressContourImageTag)) + g.Expect(status.Message).To(Equal(fmt.Sprintf(contour.IngressDeployFailedMsgTmpl, err))) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + }) + + t.Run("NoDeployment", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset( + &v1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "dummy", + Namespace: "projectcontour", + }, + }) + fakeDiscovery, ok := clientset.Discovery().(*fakediscovery.FakeDiscovery) + g.Expect(ok).To(BeTrue()) + fakeDiscovery.Resources = []*metav1.APIResourceList{ + { + GroupVersion: "projectcontour.io/v1alpha1", + APIResources: []metav1.APIResource{ + {Name: "contourconfigurations"}, + {Name: "contourdeployments"}, + {Name: "extensionservices"}, + }, + }, + { + GroupVersion: "projectcontour.io/v1", + APIResources: []metav1.APIResource{ + {Name: "tlscertificatedelegations"}, + {Name: "httpproxies"}, + }, + }} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + network := types.Network{} + ingress := types.Ingress{ + Enabled: ptr.To(true), + } + ctx, cancel := context.WithTimeout(context.Background(), time.Second*20) + defer cancel() + + status, err := contour.ApplyIngress(ctx, snapM, ingress, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(err.Error()).To(ContainSubstring("failed to rollout restart contour to apply ingress")) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(contour.ContourIngressContourImageTag)) + g.Expect(status.Message).To(Equal(fmt.Sprintf(contour.IngressDeployFailedMsgTmpl, err))) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(2)) + }) +} + +func validateIngressValues(g Gomega, values map[string]interface{}, ingress types.Ingress) { + contourValues, ok := values["contour"].(map[string]any) + g.Expect(ok).To(BeTrue()) + contourImage, ok := contourValues["image"].(map[string]any) + g.Expect(ok).To(BeTrue()) + g.Expect(contourImage["repository"]).To(Equal(contour.ContourIngressContourImageRepo)) + g.Expect(contourImage["tag"]).To(Equal(contour.ContourIngressContourImageTag)) + envoyValues, ok := values["envoy"].(map[string]any) + g.Expect(ok).To(BeTrue()) + envoyImage, ok := envoyValues["image"].(map[string]any) + g.Expect(ok).To(BeTrue()) + g.Expect(envoyImage["repository"]).To(Equal(contour.ContourIngressEnvoyImageRepo)) + g.Expect(envoyImage["tag"]).To(Equal(contour.ContourIngressEnvoyImageTag)) + + if ingress.GetEnableProxyProtocol() { + conturExtraValues, ok := values["contour"].(map[string]any) + g.Expect(ok).To(BeTrue()) + contourExtraArgs, ok := conturExtraValues["extraArgs"].([]string) + g.Expect(ok).To(BeTrue()) + g.Expect(contourExtraArgs[0]).To(Equal("--use-proxy-protocol")) + } +} diff --git a/src/k8s/pkg/k8sd/features/contour/register.go b/src/k8s/pkg/k8sd/features/contour/register.go index 4c3797032..59cc84792 100644 --- a/src/k8s/pkg/k8sd/features/contour/register.go +++ b/src/k8s/pkg/k8sd/features/contour/register.go @@ -8,9 +8,9 @@ import ( func init() { images.Register( - fmt.Sprintf("%s:%s", contourIngressEnvoyImageRepo, contourIngressEnvoyImageTag), - fmt.Sprintf("%s:%s", contourIngressContourImageRepo, contourIngressContourImageTag), - fmt.Sprintf("%s:%s", contourGatewayProvisionerContourImageRepo, contourGatewayProvisionerContourImageTag), - fmt.Sprintf("%s:%s", contourGatewayProvisionerEnvoyImageRepo, contourGatewayProvisionerEnvoyImageTag), + fmt.Sprintf("%s:%s", ContourIngressEnvoyImageRepo, ContourIngressEnvoyImageTag), + fmt.Sprintf("%s:%s", ContourIngressContourImageRepo, ContourIngressContourImageTag), + fmt.Sprintf("%s:%s", ContourGatewayProvisionerContourImageRepo, ContourGatewayProvisionerContourImageTag), + fmt.Sprintf("%s:%s", ContourGatewayProvisionerEnvoyImageRepo, ContourGatewayProvisionerEnvoyImageTag), ) } From 83ca3ed4eb84e3eb470dd63b9ed47f58e14bc2a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciek=20Go=C5=82aszewski?= Date: Wed, 2 Oct 2024 15:42:07 +0200 Subject: [PATCH 036/122] Unittests for cilium k8sd feature (#704) --- src/k8s/pkg/k8sd/features/cilium/gateway.go | 20 +- .../pkg/k8sd/features/cilium/gateway_test.go | 273 ++++++++++++++++++ src/k8s/pkg/k8sd/features/cilium/ingress.go | 10 +- .../pkg/k8sd/features/cilium/ingress_test.go | 210 ++++++++++++++ .../pkg/k8sd/features/cilium/loadbalancer.go | 8 +- .../k8sd/features/cilium/loadbalancer_test.go | 212 ++++++++------ src/k8s/pkg/k8sd/features/cilium/network.go | 15 +- .../pkg/k8sd/features/cilium/network_test.go | 246 ++++++++++++++-- .../pkg/k8sd/features/cilium/status_test.go | 125 ++++++++ 9 files changed, 983 insertions(+), 136 deletions(-) create mode 100644 src/k8s/pkg/k8sd/features/cilium/gateway_test.go create mode 100644 src/k8s/pkg/k8sd/features/cilium/ingress_test.go create mode 100644 src/k8s/pkg/k8sd/features/cilium/status_test.go diff --git a/src/k8s/pkg/k8sd/features/cilium/gateway.go b/src/k8s/pkg/k8sd/features/cilium/gateway.go index 8632e660e..44b7f9b63 100644 --- a/src/k8s/pkg/k8sd/features/cilium/gateway.go +++ b/src/k8s/pkg/k8sd/features/cilium/gateway.go @@ -10,8 +10,8 @@ import ( ) const ( - gatewayDeleteFailedMsgTmpl = "Failed to delete Cilium Gateway, the error was %v" - gatewayDeployFailedMsgTmpl = "Failed to deploy Cilium Gateway, the error was %v" + GatewayDeleteFailedMsgTmpl = "Failed to delete Cilium Gateway, the error was %v" + GatewayDeployFailedMsgTmpl = "Failed to deploy Cilium Gateway, the error was %v" ) // ApplyGateway assumes that the managed Cilium CNI is already installed on the cluster. It will fail if that is not the case. @@ -38,7 +38,7 @@ func enableGateway(ctx context.Context, snap snap.Snap) (types.FeatureStatus, er return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, - Message: fmt.Sprintf(gatewayDeployFailedMsgTmpl, err), + Message: fmt.Sprintf(GatewayDeployFailedMsgTmpl, err), }, err } @@ -48,7 +48,7 @@ func enableGateway(ctx context.Context, snap snap.Snap) (types.FeatureStatus, er return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, - Message: fmt.Sprintf(gatewayDeployFailedMsgTmpl, err), + Message: fmt.Sprintf(GatewayDeployFailedMsgTmpl, err), }, err } @@ -58,7 +58,7 @@ func enableGateway(ctx context.Context, snap snap.Snap) (types.FeatureStatus, er return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, - Message: fmt.Sprintf(gatewayDeployFailedMsgTmpl, err), + Message: fmt.Sprintf(GatewayDeployFailedMsgTmpl, err), }, err } @@ -75,7 +75,7 @@ func enableGateway(ctx context.Context, snap snap.Snap) (types.FeatureStatus, er return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, - Message: fmt.Sprintf(gatewayDeployFailedMsgTmpl, err), + Message: fmt.Sprintf(GatewayDeployFailedMsgTmpl, err), }, err } @@ -95,7 +95,7 @@ func disableGateway(ctx context.Context, snap snap.Snap, network types.Network) return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, - Message: fmt.Sprintf(gatewayDeleteFailedMsgTmpl, err), + Message: fmt.Sprintf(GatewayDeleteFailedMsgTmpl, err), }, err } @@ -105,7 +105,7 @@ func disableGateway(ctx context.Context, snap snap.Snap, network types.Network) return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, - Message: fmt.Sprintf(gatewayDeleteFailedMsgTmpl, err), + Message: fmt.Sprintf(GatewayDeleteFailedMsgTmpl, err), }, err } @@ -116,7 +116,7 @@ func disableGateway(ctx context.Context, snap snap.Snap, network types.Network) return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, - Message: fmt.Sprintf(gatewayDeleteFailedMsgTmpl, err), + Message: fmt.Sprintf(GatewayDeleteFailedMsgTmpl, err), }, err } @@ -133,7 +133,7 @@ func disableGateway(ctx context.Context, snap snap.Snap, network types.Network) return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, - Message: fmt.Sprintf(gatewayDeployFailedMsgTmpl, err), + Message: fmt.Sprintf(GatewayDeployFailedMsgTmpl, err), }, err } diff --git a/src/k8s/pkg/k8sd/features/cilium/gateway_test.go b/src/k8s/pkg/k8sd/features/cilium/gateway_test.go new file mode 100644 index 000000000..a92e0cbbe --- /dev/null +++ b/src/k8s/pkg/k8sd/features/cilium/gateway_test.go @@ -0,0 +1,273 @@ +package cilium_test + +import ( + "context" + "errors" + "fmt" + "testing" + + "github.com/canonical/k8s/pkg/client/helm" + helmmock "github.com/canonical/k8s/pkg/client/helm/mock" + "github.com/canonical/k8s/pkg/client/kubernetes" + "github.com/canonical/k8s/pkg/k8sd/features/cilium" + "github.com/canonical/k8s/pkg/k8sd/types" + snapmock "github.com/canonical/k8s/pkg/snap/mock" + + . "github.com/onsi/gomega" + v1 "k8s.io/api/apps/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/fake" + "k8s.io/utils/ptr" +) + +func TestGatewayEnabled(t *testing.T) { + t.Run("HelmApplyErr", func(t *testing.T) { + g := NewWithT(t) + + applyErr := errors.New("failed to apply") + helmM := &helmmock.Mock{ + ApplyErr: applyErr, + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + network := types.Network{} + gateway := types.Gateway{ + Enabled: ptr.To(true), + } + + status, err := cilium.ApplyGateway(context.Background(), snapM, gateway, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(err).To(MatchError(applyErr)) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Message).To(Equal(fmt.Sprintf(cilium.GatewayDeployFailedMsgTmpl, err))) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + }) + + t.Run("AlreadyDeployed", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: false, + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + network := types.Network{} + gateway := types.Gateway{ + Enabled: ptr.To(true), + } + + status, err := cilium.ApplyGateway(context.Background(), snapM, gateway, network, nil) + + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(status.Enabled).To(BeTrue()) + g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Message).To(Equal(cilium.EnabledMsg)) + + helmCiliumArgs := helmM.ApplyCalledWith[2] + g.Expect(helmCiliumArgs.Chart).To(Equal(cilium.ChartCilium)) + g.Expect(helmCiliumArgs.State).To(Equal(helm.StateUpgradeOnly)) + g.Expect(helmCiliumArgs.Values["gatewayAPI"].(map[string]any)["enabled"]).To(Equal(true)) + }) + + t.Run("RolloutFail", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset() + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + network := types.Network{} + gateway := types.Gateway{ + Enabled: ptr.To(true), + } + + status, err := cilium.ApplyGateway(context.Background(), snapM, gateway, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Message).To(Equal(fmt.Sprintf(cilium.GatewayDeployFailedMsgTmpl, err))) + }) + + t.Run("Success", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset( + &v1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cilium-operator", + Namespace: "kube-system", + }, + }, + &v1.DaemonSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cilium", + Namespace: "kube-system", + }, + }, + ) + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + network := types.Network{} + gateway := types.Gateway{ + Enabled: ptr.To(true), + } + + status, err := cilium.ApplyGateway(context.Background(), snapM, gateway, network, nil) + + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(status.Enabled).To(BeTrue()) + g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Message).To(Equal(cilium.EnabledMsg)) + }) + +} + +func TestGatewayDisabled(t *testing.T) { + t.Run("HelmApplyErr", func(t *testing.T) { + g := NewWithT(t) + + applyErr := errors.New("failed to apply") + helmM := &helmmock.Mock{ + ApplyErr: applyErr, + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + network := types.Network{} + gateway := types.Gateway{ + Enabled: ptr.To(false), + } + + status, err := cilium.ApplyGateway(context.Background(), snapM, gateway, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(err).To(MatchError(applyErr)) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Message).To(Equal(fmt.Sprintf(cilium.GatewayDeleteFailedMsgTmpl, err))) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + }) + + t.Run("AlreadyDeleted", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: false, + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + network := types.Network{} + gateway := types.Gateway{ + Enabled: ptr.To(false), + } + status, err := cilium.ApplyGateway(context.Background(), snapM, gateway, network, nil) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Message).To(Equal(cilium.DisabledMsg)) + + helmCiliumArgs := helmM.ApplyCalledWith[1] + g.Expect(helmCiliumArgs.Chart).To(Equal(cilium.ChartCilium)) + g.Expect(helmCiliumArgs.State).To(Equal(helm.StateDeleted)) + g.Expect(helmCiliumArgs.Values["gatewayAPI"].(map[string]any)["enabled"]).To(Equal(false)) + + }) + + t.Run("RolloutFail", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset() + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + network := types.Network{} + gateway := types.Gateway{ + Enabled: ptr.To(false), + } + status, err := cilium.ApplyGateway(context.Background(), snapM, gateway, network, nil) + g.Expect(err).To(HaveOccurred()) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Message).To(Equal(fmt.Sprintf(cilium.GatewayDeployFailedMsgTmpl, err))) + }) + + t.Run("Success", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset( + &v1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cilium-operator", + Namespace: "kube-system", + }, + }, + &v1.DaemonSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cilium", + Namespace: "kube-system", + }, + }, + ) + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + network := types.Network{} + gateway := types.Gateway{ + Enabled: ptr.To(false), + } + + status, err := cilium.ApplyGateway(context.Background(), snapM, gateway, network, nil) + + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Message).To(Equal(cilium.DisabledMsg)) + }) +} diff --git a/src/k8s/pkg/k8sd/features/cilium/ingress.go b/src/k8s/pkg/k8sd/features/cilium/ingress.go index d62f6153f..a80cdd876 100644 --- a/src/k8s/pkg/k8sd/features/cilium/ingress.go +++ b/src/k8s/pkg/k8sd/features/cilium/ingress.go @@ -10,8 +10,8 @@ import ( ) const ( - ingressDeleteFailedMsgTmpl = "Failed to delete Cilium Ingress, the error was: %v" - ingressDeployFailedMsgTmpl = "Failed to deploy Cilium Ingress, the error was: %v" + IngressDeleteFailedMsgTmpl = "Failed to delete Cilium Ingress, the error was: %v" + IngressDeployFailedMsgTmpl = "Failed to deploy Cilium Ingress, the error was: %v" ) // ApplyIngress assumes that the managed Cilium CNI is already installed on the cluster. It will fail if that is not the case. @@ -54,14 +54,14 @@ func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, ne return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, - Message: fmt.Sprintf(ingressDeployFailedMsgTmpl, err), + Message: fmt.Sprintf(IngressDeployFailedMsgTmpl, err), }, err } else { err = fmt.Errorf("failed to disable ingress: %w", err) return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, - Message: fmt.Sprintf(ingressDeleteFailedMsgTmpl, err), + Message: fmt.Sprintf(IngressDeleteFailedMsgTmpl, err), }, err } } @@ -95,7 +95,7 @@ func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, ne return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, - Message: fmt.Sprintf(ingressDeployFailedMsgTmpl, err), + Message: fmt.Sprintf(IngressDeployFailedMsgTmpl, err), }, err } diff --git a/src/k8s/pkg/k8sd/features/cilium/ingress_test.go b/src/k8s/pkg/k8sd/features/cilium/ingress_test.go new file mode 100644 index 000000000..a97207072 --- /dev/null +++ b/src/k8s/pkg/k8sd/features/cilium/ingress_test.go @@ -0,0 +1,210 @@ +package cilium_test + +import ( + "context" + "errors" + "fmt" + "testing" + + helmmock "github.com/canonical/k8s/pkg/client/helm/mock" + "github.com/canonical/k8s/pkg/client/kubernetes" + "github.com/canonical/k8s/pkg/k8sd/features/cilium" + "github.com/canonical/k8s/pkg/k8sd/types" + snapmock "github.com/canonical/k8s/pkg/snap/mock" + + . "github.com/onsi/gomega" + v1 "k8s.io/api/apps/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/fake" + "k8s.io/utils/ptr" +) + +func TestIngress(t *testing.T) { + applyErr := errors.New("failed to apply") + for _, tc := range []struct { + name string + // given + networkEnabled bool + applyChanged bool + ingressEnabled bool + helmErr error + //then + statusMsg string + statusEnabled bool + }{ + { + name: "HelmFailNetworkEnabled", + networkEnabled: true, + helmErr: applyErr, + statusMsg: fmt.Sprintf(cilium.IngressDeployFailedMsgTmpl, fmt.Errorf("failed to enable ingress: %w", applyErr)), + statusEnabled: false, + }, + { + name: "HelmFailNetworkDisabled", + networkEnabled: false, + statusMsg: fmt.Sprintf(cilium.IngressDeleteFailedMsgTmpl, fmt.Errorf("failed to disable ingress: %w", applyErr)), + statusEnabled: false, + helmErr: applyErr, + }, + { + name: "HelmUnchangedIngressEnabled", + ingressEnabled: true, + statusMsg: cilium.EnabledMsg, + statusEnabled: true, + }, + { + name: "HelmUnchangedIngressDisabled", + ingressEnabled: false, + statusMsg: cilium.DisabledMsg, + statusEnabled: false, + }, + { + name: "HelmChangedIngressDisabled", + applyChanged: true, + ingressEnabled: false, + statusMsg: cilium.DisabledMsg, + statusEnabled: false, + }, + } { + t.Run(tc.name, func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyErr: tc.helmErr, + ApplyChanged: tc.applyChanged, + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + }, + } + network := types.Network{ + Enabled: ptr.To(tc.networkEnabled), + } + ingress := types.Ingress{ + Enabled: ptr.To(tc.ingressEnabled), + } + + status, err := cilium.ApplyIngress(context.Background(), snapM, ingress, network, nil) + + if tc.helmErr == nil { + g.Expect(err).To(BeNil()) + } else { + g.Expect(err).To(MatchError(applyErr)) + } + g.Expect(status.Enabled).To(Equal(tc.statusEnabled)) + g.Expect(status.Message).To(Equal(tc.statusMsg)) + g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + + callArgs := helmM.ApplyCalledWith[0] + g.Expect(callArgs.Chart).To(Equal(cilium.ChartCilium)) + validateIngressValues(g, callArgs.Values, ingress) + }) + } +} + +func TestIngressRollout(t *testing.T) { + t.Run("Error", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset( + &v1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "dummy", + Namespace: "kube-system", + }, + }, + ) + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + network := types.Network{} + ingress := types.Ingress{ + Enabled: ptr.To(true), + } + + status, err := cilium.ApplyIngress(context.Background(), snapM, ingress, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Message).To(Equal(fmt.Sprintf(cilium.IngressDeployFailedMsgTmpl, err))) + g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + + callArgs := helmM.ApplyCalledWith[0] + g.Expect(callArgs.Chart).To(Equal(cilium.ChartCilium)) + validateIngressValues(g, callArgs.Values, ingress) + }) + + t.Run("Success", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset( + &v1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cilium-operator", + Namespace: "kube-system", + }, + }, + &v1.DaemonSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cilium", + Namespace: "kube-system", + }, + }, + ) + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + network := types.Network{} + ingress := types.Ingress{ + Enabled: ptr.To(true), + } + + status, err := cilium.ApplyIngress(context.Background(), snapM, ingress, network, nil) + + g.Expect(err).To(BeNil()) + g.Expect(status.Enabled).To(BeTrue()) + g.Expect(status.Message).To(Equal(cilium.EnabledMsg)) + g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) + + callArgs := helmM.ApplyCalledWith[0] + g.Expect(callArgs.Chart).To(Equal(cilium.ChartCilium)) + validateIngressValues(g, callArgs.Values, ingress) + }) +} + +func validateIngressValues(g Gomega, values map[string]any, ingress types.Ingress) { + ingressController, ok := values["ingressController"].(map[string]any) + g.Expect(ok).To(BeTrue()) + if ingress.GetEnabled() { + g.Expect(ingressController["enabled"]).To(Equal(true)) + g.Expect(ingressController["loadbalancerMode"]).To(Equal("shared")) + g.Expect(ingressController["defaultSecretNamespace"]).To(Equal("kube-system")) + g.Expect(ingressController["defaultTLSSecret"]).To(Equal(ingress.GetDefaultTLSSecret())) + g.Expect(ingressController["enableProxyProtocol"]).To(Equal(ingress.GetEnableProxyProtocol())) + } else { + g.Expect(ingressController["enabled"]).To(Equal(false)) + g.Expect(ingressController["defaultSecretNamespace"]).To(Equal("")) + g.Expect(ingressController["defaultSecretName"]).To(Equal("")) + g.Expect(ingressController["enableProxyProtocol"]).To(Equal(false)) + } +} diff --git a/src/k8s/pkg/k8sd/features/cilium/loadbalancer.go b/src/k8s/pkg/k8sd/features/cilium/loadbalancer.go index 54feb61ce..276ffaa68 100644 --- a/src/k8s/pkg/k8sd/features/cilium/loadbalancer.go +++ b/src/k8s/pkg/k8sd/features/cilium/loadbalancer.go @@ -12,8 +12,8 @@ import ( const ( lbEnabledMsgTmpl = "enabled, %s mode" - lbDeleteFailedMsgTmpl = "Failed to delete Cilium Load Balancer, the error was: %v" - lbDeployFailedMsgTmpl = "Failed to deploy Cilium Load Balancer, the error was: %v" + LbDeleteFailedMsgTmpl = "Failed to delete Cilium Load Balancer, the error was: %v" + LbDeployFailedMsgTmpl = "Failed to deploy Cilium Load Balancer, the error was: %v" ) // ApplyLoadBalancer assumes that the managed Cilium CNI is already installed on the cluster. It will fail if that is not the case. @@ -31,7 +31,7 @@ func ApplyLoadBalancer(ctx context.Context, snap snap.Snap, loadbalancer types.L return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, - Message: fmt.Sprintf(lbDeleteFailedMsgTmpl, err), + Message: fmt.Sprintf(LbDeleteFailedMsgTmpl, err), }, err } return types.FeatureStatus{ @@ -46,7 +46,7 @@ func ApplyLoadBalancer(ctx context.Context, snap snap.Snap, loadbalancer types.L return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, - Message: fmt.Sprintf(lbDeployFailedMsgTmpl, err), + Message: fmt.Sprintf(LbDeployFailedMsgTmpl, err), }, err } diff --git a/src/k8s/pkg/k8sd/features/cilium/loadbalancer_test.go b/src/k8s/pkg/k8sd/features/cilium/loadbalancer_test.go index 96f283c98..22aa25e5d 100644 --- a/src/k8s/pkg/k8sd/features/cilium/loadbalancer_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/loadbalancer_test.go @@ -3,16 +3,16 @@ package cilium_test import ( "context" "errors" + "fmt" "testing" - . "github.com/onsi/gomega" - "github.com/canonical/k8s/pkg/client/helm" helmmock "github.com/canonical/k8s/pkg/client/helm/mock" "github.com/canonical/k8s/pkg/client/kubernetes" "github.com/canonical/k8s/pkg/k8sd/features/cilium" "github.com/canonical/k8s/pkg/k8sd/types" snapmock "github.com/canonical/k8s/pkg/snap/mock" + . "github.com/onsi/gomega" v1 "k8s.io/api/apps/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" fakediscovery "k8s.io/client-go/discovery/fake" @@ -43,7 +43,7 @@ func TestLoadBalancerDisabled(t *testing.T) { g.Expect(err).To(MatchError(applyErr)) g.Expect(status.Enabled).To(BeFalse()) - g.Expect(status.Message).To(ContainSubstring(applyErr.Error())) + g.Expect(status.Message).To(Equal(fmt.Sprintf(cilium.LbDeleteFailedMsgTmpl, err))) g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) @@ -52,6 +52,7 @@ func TestLoadBalancerDisabled(t *testing.T) { g.Expect(callArgs.State).To(Equal(helm.StateDeleted)) g.Expect(callArgs.Values).To(BeNil()) }) + t.Run("Success", func(t *testing.T) { g := NewWithT(t) @@ -115,111 +116,150 @@ func TestLoadBalancerEnabled(t *testing.T) { g.Expect(err).To(MatchError(applyErr)) g.Expect(status.Enabled).To(BeFalse()) - g.Expect(status.Message).To(ContainSubstring(applyErr.Error())) + g.Expect(status.Message).To(Equal(fmt.Sprintf(cilium.LbDeployFailedMsgTmpl, err))) g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) callArgs := helmM.ApplyCalledWith[0] g.Expect(callArgs.Chart).To(Equal(cilium.ChartCilium)) g.Expect(callArgs.State).To(Equal(helm.StateUpgradeOnlyOrDeleted(networkCfg.GetEnabled()))) - g.Expect(callArgs.Values["l2announcements"].(map[string]any)["enabled"]).To(Equal(lbCfg.GetL2Mode())) - g.Expect(callArgs.Values["bgpControlPlane"].(map[string]any)["enabled"]).To(Equal(lbCfg.GetL2Mode())) + l2announcements, ok := callArgs.Values["l2announcements"].(map[string]any) + g.Expect(ok).To(BeTrue()) + g.Expect(l2announcements["enabled"]).To(Equal(lbCfg.GetL2Mode())) + bgpControlPlane, ok := callArgs.Values["bgpControlPlane"].(map[string]any) + g.Expect(ok).To(BeTrue()) + g.Expect(bgpControlPlane["enabled"]).To(Equal(lbCfg.GetBGPMode())) }) - t.Run("Success", func(t *testing.T) { - g := NewWithT(t) - helmM := &helmmock.Mock{ - // setting changed == true to check for restart annotation - ApplyChanged: true, - } - clientset := fake.NewSimpleClientset( - &v1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ - Name: "cilium-operator", - Namespace: "kube-system", + for _, tc := range []struct { + name string + l2Mode bool + bGPMode bool + statusMessage string + }{ + { + name: "SuccessL2Mode", + l2Mode: true, + bGPMode: false, + statusMessage: "enabled, L2 mode", + }, + { + name: "SuccessBGPMode", + l2Mode: false, + bGPMode: true, + statusMessage: "enabled, BGP mode", + }, + { + name: "SuccessUnknownMode", + l2Mode: false, + bGPMode: false, + statusMessage: "enabled, Unknown mode", + }, + } { + t.Run(tc.name, func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset( + &v1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cilium-operator", + Namespace: "kube-system", + }, }, - }, - &v1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "cilium", - Namespace: "kube-system", + &v1.DaemonSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cilium", + Namespace: "kube-system", + }, }, - }, - ) - fd, ok := clientset.Discovery().(*fakediscovery.FakeDiscovery) - g.Expect(ok).To(BeTrue()) - fd.Resources = []*metav1.APIResourceList{ - { - GroupVersion: "cilium.io/v2alpha1", - APIResources: []metav1.APIResource{ - {Name: "ciliuml2announcementpolicies"}, - {Name: "ciliumloadbalancerippools"}, - {Name: "ciliumbgppeeringpolicies"}, + ) + fd, ok := clientset.Discovery().(*fakediscovery.FakeDiscovery) + g.Expect(ok).To(BeTrue()) + fd.Resources = []*metav1.APIResourceList{ + { + GroupVersion: "cilium.io/v2alpha1", + APIResources: []metav1.APIResource{ + {Name: "ciliuml2announcementpolicies"}, + {Name: "ciliumloadbalancerippools"}, + {Name: "ciliumbgppeeringpolicies"}, + }, }, - }, - } - snapM := &snapmock.Snap{ - Mock: snapmock.Mock{ - HelmClient: helmM, - KubernetesClient: &kubernetes.Client{Interface: clientset}, - }, - } - lbCfg := types.LoadBalancer{ - Enabled: ptr.To(true), - // setting both modes to true for testing purposes - L2Mode: ptr.To(true), - L2Interfaces: ptr.To([]string{"eth0", "eth1"}), - BGPMode: ptr.To(true), - BGPLocalASN: ptr.To(64512), - BGPPeerAddress: ptr.To("10.0.0.1/32"), - BGPPeerASN: ptr.To(64513), - BGPPeerPort: ptr.To(179), - CIDRs: ptr.To([]string{"192.0.2.0/24"}), - IPRanges: ptr.To([]types.LoadBalancer_IPRange{ - {Start: "20.0.20.100", Stop: "20.0.20.200"}, - }), - } - networkCfg := types.Network{ - Enabled: ptr.To(true), - } + } + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{Interface: clientset}, + }, + } + lbCfg := types.LoadBalancer{ + Enabled: ptr.To(true), + // setting both modes to true for testing purposes + L2Mode: ptr.To(tc.l2Mode), + L2Interfaces: ptr.To([]string{"eth0", "eth1"}), + BGPMode: ptr.To(tc.bGPMode), + BGPLocalASN: ptr.To(64512), + BGPPeerAddress: ptr.To("10.0.0.1/32"), + BGPPeerASN: ptr.To(64513), + BGPPeerPort: ptr.To(179), + CIDRs: ptr.To([]string{"192.0.2.0/24"}), + IPRanges: ptr.To([]types.LoadBalancer_IPRange{ + {Start: "20.0.20.100", Stop: "20.0.20.200"}, + }), + } + networkCfg := types.Network{ + Enabled: ptr.To(true), + } - status, err := cilium.ApplyLoadBalancer(context.Background(), snapM, lbCfg, networkCfg, nil) + status, err := cilium.ApplyLoadBalancer(context.Background(), snapM, lbCfg, networkCfg, nil) - g.Expect(err).ToNot(HaveOccurred()) - g.Expect(status.Enabled).To(BeTrue()) - g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(status.Enabled).To(BeTrue()) + g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Message).To(Equal(tc.statusMessage)) - g.Expect(helmM.ApplyCalledWith).To(HaveLen(2)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(2)) - firstCallArgs := helmM.ApplyCalledWith[0] - g.Expect(firstCallArgs.Chart).To(Equal(cilium.ChartCilium)) - g.Expect(firstCallArgs.State).To(Equal(helm.StateUpgradeOnlyOrDeleted(networkCfg.GetEnabled()))) - g.Expect(firstCallArgs.Values["l2announcements"].(map[string]any)["enabled"]).To(Equal(lbCfg.GetL2Mode())) - g.Expect(firstCallArgs.Values["bgpControlPlane"].(map[string]any)["enabled"]).To(Equal(lbCfg.GetL2Mode())) + firstCallArgs := helmM.ApplyCalledWith[0] + g.Expect(firstCallArgs.Chart).To(Equal(cilium.ChartCilium)) + g.Expect(firstCallArgs.State).To(Equal(helm.StateUpgradeOnlyOrDeleted(networkCfg.GetEnabled()))) + l2announcements, ok := firstCallArgs.Values["l2announcements"].(map[string]any) + g.Expect(ok).To(BeTrue()) + g.Expect(l2announcements["enabled"]).To(Equal(lbCfg.GetL2Mode())) + bgpControlPlane, ok := firstCallArgs.Values["bgpControlPlane"].(map[string]any) + g.Expect(ok).To(BeTrue()) + g.Expect(bgpControlPlane["enabled"]).To(Equal(lbCfg.GetBGPMode())) - secondCallArgs := helmM.ApplyCalledWith[1] - g.Expect(secondCallArgs.Chart).To(Equal(cilium.ChartCiliumLoadBalancer)) - g.Expect(secondCallArgs.State).To(Equal(helm.StatePresent)) - validateLoadBalancerValues(t, secondCallArgs.Values, lbCfg) + secondCallArgs := helmM.ApplyCalledWith[1] + g.Expect(secondCallArgs.Chart).To(Equal(cilium.ChartCiliumLoadBalancer)) + g.Expect(secondCallArgs.State).To(Equal(helm.StatePresent)) + validateLoadBalancerValues(t, secondCallArgs.Values, lbCfg) - // check if cilium-operator and cilium daemonset are restarted - deployment, err := clientset.AppsV1().Deployments("kube-system").Get(context.Background(), "cilium-operator", metav1.GetOptions{}) - g.Expect(err).ToNot(HaveOccurred()) - g.Expect(deployment.Spec.Template.Annotations).To(HaveKey("kubectl.kubernetes.io/restartedAt")) - daemonSet, err := clientset.AppsV1().DaemonSets("kube-system").Get(context.Background(), "cilium", metav1.GetOptions{}) - g.Expect(err).ToNot(HaveOccurred()) - g.Expect(daemonSet.Spec.Template.Annotations).To(HaveKey("kubectl.kubernetes.io/restartedAt")) - }) + // check if cilium-operator and cilium daemonset are restarted + deployment, err := clientset.AppsV1().Deployments("kube-system").Get(context.Background(), "cilium-operator", metav1.GetOptions{}) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(deployment.Spec.Template.Annotations).To(HaveKey("kubectl.kubernetes.io/restartedAt")) + daemonSet, err := clientset.AppsV1().DaemonSets("kube-system").Get(context.Background(), "cilium", metav1.GetOptions{}) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(daemonSet.Spec.Template.Annotations).To(HaveKey("kubectl.kubernetes.io/restartedAt")) + }) + } } func validateLoadBalancerValues(t *testing.T, values map[string]interface{}, lbCfg types.LoadBalancer) { g := NewWithT(t) - l2 := values["l2"].(map[string]any) + l2, ok := values["l2"].(map[string]any) + g.Expect(ok).To(BeTrue()) g.Expect(l2["enabled"]).To(Equal(lbCfg.GetL2Mode())) g.Expect(l2["interfaces"]).To(Equal(lbCfg.GetL2Interfaces())) - cidrs := values["ipPool"].(map[string]any)["cidrs"].([]map[string]any) + ipPool, ok := values["ipPool"].(map[string]any) + g.Expect(ok).To(BeTrue()) + cidrs, ok := ipPool["cidrs"].([]map[string]any) + g.Expect(ok).To(BeTrue()) g.Expect(cidrs).To(HaveLen(len(lbCfg.GetIPRanges()) + len(lbCfg.GetCIDRs()))) for _, cidr := range lbCfg.GetCIDRs() { g.Expect(cidrs).To(ContainElement(map[string]any{"cidr": cidr})) @@ -228,10 +268,12 @@ func validateLoadBalancerValues(t *testing.T, values map[string]interface{}, lbC g.Expect(cidrs).To(ContainElement(map[string]any{"start": ipRange.Start, "stop": ipRange.Stop})) } - bgp := values["bgp"].(map[string]any) + bgp, ok := values["bgp"].(map[string]any) + g.Expect(ok).To(BeTrue()) g.Expect(bgp["enabled"]).To(Equal(lbCfg.GetBGPMode())) g.Expect(bgp["localASN"]).To(Equal(lbCfg.GetBGPLocalASN())) - neighbors := bgp["neighbors"].([]map[string]any) + neighbors, ok := bgp["neighbors"].([]map[string]any) + g.Expect(ok).To(BeTrue()) g.Expect(neighbors).To(HaveLen(1)) g.Expect(neighbors[0]["peerAddress"]).To(Equal(lbCfg.GetBGPPeerAddress())) g.Expect(neighbors[0]["peerASN"]).To(Equal(lbCfg.GetBGPPeerASN())) diff --git a/src/k8s/pkg/k8sd/features/cilium/network.go b/src/k8s/pkg/k8sd/features/cilium/network.go index ba9720dad..2d5fa78a0 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network.go +++ b/src/k8s/pkg/k8sd/features/cilium/network.go @@ -17,6 +17,12 @@ const ( networkDeployFailedMsgTmpl = "Failed to deploy Cilium Network, the error was: %v" ) +// required for unittests +var ( + getMountPath = utils.GetMountPath + getMountPropagationType = utils.GetMountPropagationType +) + // ApplyNetwork will deploy Cilium when network.Enabled is true. // ApplyNetwork will remove Cilium when network.Enabled is false. // ApplyNetwork requires that bpf and cgroups2 are already mounted and available when running under strict snap confinement. If they are not, it will fail (since Cilium will not have the required permissions to mount them). @@ -101,7 +107,7 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer } if snap.Strict() { - bpfMnt, err := utils.GetMountPath("bpf") + bpfMnt, err := getMountPath("bpf") if err != nil { err = fmt.Errorf("failed to get bpf mount path: %w", err) return types.FeatureStatus{ @@ -111,7 +117,7 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer }, err } - cgrMnt, err := utils.GetMountPath("cgroup2") + cgrMnt, err := getMountPath("cgroup2") if err != nil { err = fmt.Errorf("failed to get cgroup2 mount path: %w", err) return types.FeatureStatus{ @@ -134,7 +140,7 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer "hostRoot": cgrMnt, } } else { - pt, err := utils.GetMountPropagationType("/sys") + pt, err := getMountPropagationType("/sys") if err != nil { err = fmt.Errorf("failed to get mount propagation type for /sys: %w", err) return types.FeatureStatus{ @@ -146,7 +152,8 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer if pt == utils.MountPropagationPrivate { onLXD, err := snap.OnLXD(ctx) if err != nil { - log.FromContext(ctx).Error(err, "Failed to check if running on LXD") + logger := log.FromContext(ctx) + logger.Error(err, "Failed to check if running on LXD") } if onLXD { err := fmt.Errorf("/sys is not a shared mount on the LXD container, this might be resolved by updating LXD on the host to version 5.0.2 or newer") diff --git a/src/k8s/pkg/k8sd/features/cilium/network_test.go b/src/k8s/pkg/k8sd/features/cilium/network_test.go index 7b9c2e36b..dc0b1a53e 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/network_test.go @@ -1,24 +1,25 @@ -package cilium_test +package cilium import ( "context" "errors" + "fmt" "testing" - . "github.com/onsi/gomega" - "github.com/canonical/k8s/pkg/client/helm" helmmock "github.com/canonical/k8s/pkg/client/helm/mock" - "github.com/canonical/k8s/pkg/k8sd/features/cilium" "github.com/canonical/k8s/pkg/k8sd/types" "github.com/canonical/k8s/pkg/snap" snapmock "github.com/canonical/k8s/pkg/snap/mock" "github.com/canonical/k8s/pkg/utils" + + . "github.com/onsi/gomega" + "k8s.io/klog/v2" + "k8s.io/klog/v2/ktesting" "k8s.io/utils/ptr" ) // NOTE(hue): status.Message is not checked sometimes to avoid unnecessary complexity - func TestNetworkDisabled(t *testing.T) { t.Run("HelmApplyFails", func(t *testing.T) { g := NewWithT(t) @@ -39,19 +40,20 @@ func TestNetworkDisabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := cilium.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) g.Expect(err).To(MatchError(applyErr)) g.Expect(status.Enabled).To(BeFalse()) - g.Expect(status.Message).To(ContainSubstring(applyErr.Error())) - g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Message).To(Equal(fmt.Sprintf(networkDeleteFailedMsgTmpl, err))) + g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) callArgs := helmM.ApplyCalledWith[0] - g.Expect(callArgs.Chart).To(Equal(cilium.ChartCilium)) + g.Expect(callArgs.Chart).To(Equal(ChartCilium)) g.Expect(callArgs.State).To(Equal(helm.StateDeleted)) g.Expect(callArgs.Values).To(BeNil()) }) + t.Run("Success", func(t *testing.T) { g := NewWithT(t) @@ -68,16 +70,16 @@ func TestNetworkDisabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := cilium.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) g.Expect(err).ToNot(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) - g.Expect(status.Message).To(Equal(cilium.DisabledMsg)) - g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Message).To(Equal(DisabledMsg)) + g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) callArgs := helmM.ApplyCalledWith[0] - g.Expect(callArgs.Chart).To(Equal(cilium.ChartCilium)) + g.Expect(callArgs.Chart).To(Equal(ChartCilium)) g.Expect(callArgs.State).To(Equal(helm.StateDeleted)) g.Expect(callArgs.Values).To(BeNil()) }) @@ -101,13 +103,14 @@ func TestNetworkEnabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := cilium.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) g.Expect(err).To(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) - g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) }) + t.Run("Strict", func(t *testing.T) { g := NewWithT(t) @@ -127,19 +130,20 @@ func TestNetworkEnabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := cilium.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) g.Expect(err).ToNot(HaveOccurred()) g.Expect(status.Enabled).To(BeTrue()) - g.Expect(status.Message).To(Equal(cilium.EnabledMsg)) - g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Message).To(Equal(EnabledMsg)) + g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) callArgs := helmM.ApplyCalledWith[0] - g.Expect(callArgs.Chart).To(Equal(cilium.ChartCilium)) + g.Expect(callArgs.Chart).To(Equal(ChartCilium)) g.Expect(callArgs.State).To(Equal(helm.StatePresent)) - validateNetworkValues(t, callArgs.Values, network, snapM) + validateNetworkValues(g, callArgs.Values, network, snapM) }) + t.Run("HelmApplyFails", func(t *testing.T) { g := NewWithT(t) @@ -161,24 +165,210 @@ func TestNetworkEnabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := cilium.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) g.Expect(err).To(MatchError(applyErr)) g.Expect(status.Enabled).To(BeFalse()) - g.Expect(status.Message).To(ContainSubstring(applyErr.Error())) - g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) + g.Expect(status.Message).To(Equal(fmt.Sprintf(networkDeployFailedMsgTmpl, err))) + g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) callArgs := helmM.ApplyCalledWith[0] - g.Expect(callArgs.Chart).To(Equal(cilium.ChartCilium)) + g.Expect(callArgs.Chart).To(Equal(ChartCilium)) g.Expect(callArgs.State).To(Equal(helm.StatePresent)) - validateNetworkValues(t, callArgs.Values, network, snapM) + validateNetworkValues(g, callArgs.Values, network, snapM) + }) +} + +func TestNetworkMountPath(t *testing.T) { + for _, tc := range []struct { + name string + }{ + {name: "bpf"}, + {name: "cgroup2"}, + } { + t.Run(tc.name, func(t *testing.T) { + g := NewWithT(t) + + mountPathErr := fmt.Errorf("%s not found", tc.name) + helmM := &helmmock.Mock{} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + Strict: true, + }, + } + network := types.Network{ + Enabled: ptr.To(true), + LocalhostAddress: ptr.To("127.0.0.1"), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } + getMountPath = func(fsType string) (string, error) { + if fsType == tc.name { + return "", mountPathErr + } + return tc.name, nil + } + + status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(err).To(MatchError(mountPathErr)) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Message).To(Equal(fmt.Sprintf(networkDeployFailedMsgTmpl, err))) + g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) + + }) + } +} + +func TestNetworkMountPropagationType(t *testing.T) { + t.Run("failedGetMountSys", func(t *testing.T) { + g := NewWithT(t) + + mountErr := errors.New("/sys not found") + getMountPropagationType = func(path string) (utils.MountPropagationType, error) { + return "", mountErr + } + helmM := &helmmock.Mock{} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + Strict: false, + }, + } + network := types.Network{ + Enabled: ptr.To(true), + LocalhostAddress: ptr.To("127.0.0.1"), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } + + status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(err).To(MatchError(mountErr)) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Message).To(Equal(fmt.Sprintf(networkDeployFailedMsgTmpl, err))) + + g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) + + }) + + t.Run("MountPropagationPrivateOnLXDError", func(t *testing.T) { + g := NewWithT(t) + + getMountPropagationType = func(path string) (utils.MountPropagationType, error) { + return utils.MountPropagationPrivate, nil + } + helmM := &helmmock.Mock{} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + Strict: false, + OnLXDErr: errors.New("failed to check LXD"), + }, + } + network := types.Network{ + Enabled: ptr.To(true), + LocalhostAddress: ptr.To("127.0.0.1"), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } + logger := ktesting.NewLogger(t, ktesting.NewConfig(ktesting.BufferLogs(true))) + ctx := klog.NewContext(context.Background(), logger) + + status, err := ApplyNetwork(ctx, snapM, apiserver, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Message).To(Equal(fmt.Sprintf(networkDeployFailedMsgTmpl, err))) + + g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) + testingLogger, ok := logger.GetSink().(ktesting.Underlier) + if !ok { + panic("Should have had a ktesting LogSink!?") + } + g.Expect(testingLogger.GetBuffer().String()).To(ContainSubstring("Failed to check if running on LXD")) + }) + + t.Run("MountPropagationPrivateOnLXD", func(t *testing.T) { + g := NewWithT(t) + + getMountPropagationType = func(path string) (utils.MountPropagationType, error) { + return utils.MountPropagationPrivate, nil + } + helmM := &helmmock.Mock{} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + Strict: false, + OnLXD: true, + }, + } + network := types.Network{ + Enabled: ptr.To(true), + LocalhostAddress: ptr.To("127.0.0.1"), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } + + status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Message).To(Equal(fmt.Sprintf(networkDeployFailedMsgTmpl, err))) + + g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) + }) + + t.Run("MountPropagationPrivate", func(t *testing.T) { + g := NewWithT(t) + + getMountPropagationType = func(path string) (utils.MountPropagationType, error) { + return utils.MountPropagationPrivate, nil + } + helmM := &helmmock.Mock{} + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + Strict: false, + }, + } + network := types.Network{ + Enabled: ptr.To(true), + LocalhostAddress: ptr.To("127.0.0.1"), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + } + apiserver := types.APIServer{ + SecurePort: ptr.To(6443), + } + + status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + + g.Expect(err).To(HaveOccurred()) + g.Expect(status.Enabled).To(BeFalse()) + g.Expect(status.Message).To(Equal(fmt.Sprintf(networkDeployFailedMsgTmpl, err))) + + g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) + g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) }) } -func validateNetworkValues(t *testing.T, values map[string]any, network types.Network, snap snap.Snap) { - t.Helper() - g := NewWithT(t) +func validateNetworkValues(g Gomega, values map[string]any, network types.Network, snap snap.Snap) { ipv4CIDR, ipv6CIDR, err := utils.SplitCIDRStrings(network.GetPodCIDR()) g.Expect(err).ToNot(HaveOccurred()) diff --git a/src/k8s/pkg/k8sd/features/cilium/status_test.go b/src/k8s/pkg/k8sd/features/cilium/status_test.go new file mode 100644 index 000000000..d591441b8 --- /dev/null +++ b/src/k8s/pkg/k8sd/features/cilium/status_test.go @@ -0,0 +1,125 @@ +package cilium_test + +import ( + "context" + "testing" + + helmmock "github.com/canonical/k8s/pkg/client/helm/mock" + "github.com/canonical/k8s/pkg/client/kubernetes" + "github.com/canonical/k8s/pkg/k8sd/features/cilium" + snapmock "github.com/canonical/k8s/pkg/snap/mock" + . "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/fake" +) + +func TestCheckNetwork(t *testing.T) { + t.Run("ciliumOperatorNotReady", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset() + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + + err := cilium.CheckNetwork(context.Background(), snapM) + + g.Expect(err).To(HaveOccurred()) + }) + + t.Run("operatorNoCiliumPods", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset(&corev1.PodList{ + Items: []corev1.Pod{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "pod1", + Namespace: "kube-system", + Labels: map[string]string{"io.cilium/app": "operator"}, + }, + Status: corev1.PodStatus{ + Phase: corev1.PodRunning, + Conditions: []corev1.PodCondition{ + {Type: corev1.PodReady, Status: corev1.ConditionTrue}, + }, + }, + }, + }, + }) + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + + err := cilium.CheckNetwork(context.Background(), snapM) + + g.Expect(err).To(HaveOccurred()) + + }) + + t.Run("allPodsPresent", func(t *testing.T) { + g := NewWithT(t) + + helmM := &helmmock.Mock{ + ApplyChanged: true, + } + clientset := fake.NewSimpleClientset(&corev1.PodList{ + Items: []corev1.Pod{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "operator", + Namespace: "kube-system", + Labels: map[string]string{"io.cilium/app": "operator"}, + }, + Status: corev1.PodStatus{ + Phase: corev1.PodRunning, + Conditions: []corev1.PodCondition{ + {Type: corev1.PodReady, Status: corev1.ConditionTrue}, + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "cilium", + Namespace: "kube-system", + Labels: map[string]string{"k8s-app": "cilium"}, + }, + Status: corev1.PodStatus{ + Phase: corev1.PodRunning, + Conditions: []corev1.PodCondition{ + {Type: corev1.PodReady, Status: corev1.ConditionTrue}, + }, + }, + }, + }, + }) + snapM := &snapmock.Snap{ + Mock: snapmock.Mock{ + HelmClient: helmM, + KubernetesClient: &kubernetes.Client{ + Interface: clientset, + }, + }, + } + + err := cilium.CheckNetwork(context.Background(), snapM) + g.Expect(err).NotTo(HaveOccurred()) + }) +} From d44b5c5fd638e592e5a966acd09fc34981b445ee Mon Sep 17 00:00:00 2001 From: Lucian Petrut Date: Sun, 6 Oct 2024 19:18:28 +0300 Subject: [PATCH 037/122] Automatically generate config documentation (#711) --- docs/src/_parts/bootstrap_config.md | 485 +++++++++++++++++ docs/src/_parts/control_plane_join_config.md | 152 ++++++ docs/src/_parts/worker_join_config.md | 78 +++ .../reference/bootstrap-config-reference.md | 514 +----------------- .../control-plane-join-config-reference.md | 11 + docs/src/snap/reference/index.md | 2 + .../reference/worker-join-config-reference.md | 11 + src/k8s/Makefile | 2 +- src/k8s/cmd/k8s/k8s_generate_docs.go | 39 +- src/k8s/go.mod | 3 +- src/k8s/go.sum | 4 +- src/k8s/pkg/docgen/godoc.go | 115 ++++ src/k8s/pkg/docgen/gomod.go | 99 ++++ src/k8s/pkg/docgen/json_struct.go | 138 +++++ 14 files changed, 1137 insertions(+), 516 deletions(-) create mode 100644 docs/src/_parts/bootstrap_config.md create mode 100644 docs/src/_parts/control_plane_join_config.md create mode 100644 docs/src/_parts/worker_join_config.md create mode 100755 docs/src/snap/reference/control-plane-join-config-reference.md create mode 100755 docs/src/snap/reference/worker-join-config-reference.md create mode 100755 src/k8s/pkg/docgen/godoc.go create mode 100755 src/k8s/pkg/docgen/gomod.go create mode 100755 src/k8s/pkg/docgen/json_struct.go diff --git a/docs/src/_parts/bootstrap_config.md b/docs/src/_parts/bootstrap_config.md new file mode 100644 index 000000000..d6777ca03 --- /dev/null +++ b/docs/src/_parts/bootstrap_config.md @@ -0,0 +1,485 @@ +### cluster-config +**Type:** `object`
+ + +### cluster-config.network +**Type:** `object`
+ +Configuration options for the network feature. + +### cluster-config.network.enabled +**Type:** `bool`
+ +Determines if the feature should be enabled. +If omitted defaults to `true` + +### cluster-config.dns +**Type:** `object`
+ +Configuration options for the dns feature. + +### cluster-config.dns.enabled +**Type:** `bool`
+ +Determines if the feature should be enabled. +If omitted defaults to `true` + +### cluster-config.dns.cluster-domain +**Type:** `string`
+ +Sets the local domain of the cluster. +If omitted defaults to `cluster.local`. + +### cluster-config.dns.service-ip +**Type:** `string`
+ +Sets the IP address of the dns service. If omitted defaults to the IP address +of the Kubernetes service created by the feature. + +Can be used to point to an external dns server when feature is disabled. + +### cluster-config.dns.upstream-nameservers +**Type:** `[]string`
+ +Sets the upstream nameservers used to forward queries for out-of-cluster +endpoints. + +If omitted defaults to `/etc/resolv.conf` and uses the nameservers of the node. + +### cluster-config.ingress +**Type:** `object`
+ +Configuration options for the ingress feature. + +### cluster-config.ingress.enabled +**Type:** `bool`
+ +Determines if the feature should be enabled. +If omitted defaults to `false` + +### cluster-config.ingress.default-tls-secret +**Type:** `string`
+ +Sets the name of the secret to be used for providing default encryption to +ingresses. + +Ingresses can specify another TLS secret in their resource definitions, +in which case the default secret won't be used. + +### cluster-config.ingress.enable-proxy-protocol +**Type:** `bool`
+ +Determines if the proxy protocol should be enabled for ingresses. +If omitted defaults to `false`. + +### cluster-config.load-balancer +**Type:** `object`
+ +Configuration options for the load-balancer feature. + +### cluster-config.load-balancer.enabled +**Type:** `bool`
+ +Determines if the feature should be enabled. +If omitted defaults to `false`. + +### cluster-config.load-balancer.cidrs +**Type:** `[]string`
+ +Sets the CIDRs used for assigning IP addresses to Kubernetes services with type +`LoadBalancer`. + +### cluster-config.load-balancer.l2-mode +**Type:** `bool`
+ +Determines if L2 mode should be enabled. +If omitted defaults to `false`. + +### cluster-config.load-balancer.l2-interfaces +**Type:** `[]string`
+ +Sets the interfaces to be used for announcing IP addresses through ARP. +If omitted all interfaces will be used. + +### cluster-config.load-balancer.bgp-mode +**Type:** `bool`
+ +Determines if BGP mode should be enabled. +If omitted defaults to `false`. + +### cluster-config.load-balancer.bgp-local-asn +**Type:** `int`
+ +Sets the ASN to be used for the local virtual BGP router. +Required if bgp-mode is true. + +### cluster-config.load-balancer.bgp-peer-address +**Type:** `string`
+ +Sets the IP address of the BGP peer. +Required if bgp-mode is true. + +### cluster-config.load-balancer.bgp-peer-asn +**Type:** `int`
+ +Sets the ASN of the BGP peer. +Required if bgp-mode is true. + +### cluster-config.load-balancer.bgp-peer-port +**Type:** `int`
+ +Sets the port of the BGP peer. +Required if bgp-mode is true. + +### cluster-config.local-storage +**Type:** `object`
+ +Configuration options for the local-storage feature. + +### cluster-config.local-storage.enabled +**Type:** `bool`
+ +Determines if the feature should be enabled. +If omitted defaults to `false`. + +### cluster-config.local-storage.local-path +**Type:** `string`
+ +Sets the path to be used for storing volume data. +If omitted defaults to `/var/snap/k8s/common/rawfile-storage` + +### cluster-config.local-storage.reclaim-policy +**Type:** `string`
+ +Sets the reclaim policy of the storage class. +If omitted defaults to `Delete`. +Possible values: `Retain | Recycle | Delete` + +### cluster-config.local-storage.default +**Type:** `bool`
+ +Determines if the storage class should be set as default. +If omitted defaults to `true` + +### cluster-config.gateway +**Type:** `object`
+ +Configuration options for the gateway feature. + +### cluster-config.gateway.enabled +**Type:** `bool`
+ +Determines if the feature should be enabled. +If omitted defaults to `true`. + +### cluster-config.metrics-server +**Type:** `object`
+ +Configuration options for the metric server feature. + +### cluster-config.metrics-server.enabled +**Type:** `bool`
+ +Determines if the feature should be enabled. +If omitted defaults to `true`. + +### cluster-config.cloud-provider +**Type:** `string`
+ +Sets the cloud provider to be used by the cluster. + +When this is set as `external`, node will wait for an external cloud provider to +do cloud specific setup and finish node initialization. + +Possible values: `external`. + +### cluster-config.annotations +**Type:** `map[string]string`
+ +Annotations is a map of strings that can be used to store arbitrary metadata configuration. +Please refer to the ClusterAPI annotations reference for further details on these options. + +### control-plane-taints +**Type:** `[]string`
+ +List of taints to be applied to control plane nodes. + +### pod-cidr +**Type:** `string`
+ +The CIDR to be used for assigning pod addresses. +If omitted defaults to `10.1.0.0/16`. + +### service-cidr +**Type:** `string`
+ +The CIDR to be used for assigning service addresses. +If omitted defaults to `10.152.183.0/24`. + +### disable-rbac +**Type:** `bool`
+ +Determines if RBAC should be disabled. +If omitted defaults to `false`. + +### secure-port +**Type:** `int`
+ +The port number for kube-apiserver to use. +If omitted defaults to `6443`. + +### k8s-dqlite-port +**Type:** `int`
+ +The port number for k8s-dqlite to use. +If omitted defaults to `9000`. + +### datastore-type +**Type:** `string`
+ +The type of datastore to be used. +If omitted defaults to `k8s-dqlite`. + +Can be used to point to an external datastore like etcd. + +Possible Values: `k8s-dqlite | external`. + +### datastore-servers +**Type:** `[]string`
+ +The server addresses to be used when `datastore-type` is set to `external`. + +### datastore-ca-crt +**Type:** `string`
+ +The CA certificate to be used when communicating with the external datastore. + +### datastore-client-crt +**Type:** `string`
+ +The client certificate to be used when communicating with the external +datastore. + +### datastore-client-key +**Type:** `string`
+ +The client key to be used when communicating with the external datastore. + +### extra-sans +**Type:** `[]string`
+ +List of extra SANs to be added to certificates. + +### ca-crt +**Type:** `string`
+ +The CA certificate to be used for Kubernetes services. +If omitted defaults to an auto generated certificate. + +### ca-key +**Type:** `string`
+ +The CA key to be used for Kubernetes services. +If omitted defaults to an auto generated key. + +### client-ca-crt +**Type:** `string`
+ +The client CA certificate to be used for Kubernetes services. +If omitted defaults to an auto generated certificate. + +### client-ca-key +**Type:** `string`
+ +The client CA key to be used for Kubernetes services. +If omitted defaults to an auto generated key. + +### front-proxy-ca-crt +**Type:** `string`
+ +The CA certificate to be used for the front proxy. +If omitted defaults to an auto generated certificate. + +### front-proxy-ca-key +**Type:** `string`
+ +The CA key to be used for the front proxy. +If omitted defaults to an auto generated key. + +### front-proxy-client-crt +**Type:** `string`
+ +The client certificate to be used for the front proxy. +If omitted defaults to an auto generated certificate. + +### front-proxy-client-key +**Type:** `string`
+ +The client key to be used for the front proxy. +If omitted defaults to an auto generated key. + +### apiserver-kubelet-client-crt +**Type:** `string`
+ +The client certificate to be used by kubelet for communicating with the kube-apiserver. +If omitted defaults to an auto generated certificate. + +### apiserver-kubelet-client-key +**Type:** `string`
+ +The client key to be used by kubelet for communicating with the kube-apiserver. +If omitted defaults to an auto generated key. + +### admin-client-crt +**Type:** `string`
+ +The admin client certificate to be used for Kubernetes services. +If omitted defaults to an auto generated certificate. + +### admin-client-key +**Type:** `string`
+ +The admin client key to be used for Kubernetes services. +If omitted defaults to an auto generated key. + +### kube-proxy-client-crt +**Type:** `string`
+ +The client certificate to be used for the kube-proxy. +If omitted defaults to an auto generated certificate. + +### kube-proxy-client-key +**Type:** `string`
+ +The client key to be used for the kube-proxy. +If omitted defaults to an auto generated key. + +### kube-scheduler-client-crt +**Type:** `string`
+ +The client certificate to be used for the kube-scheduler. +If omitted defaults to an auto generated certificate. + +### kube-scheduler-client-key +**Type:** `string`
+ +The client key to be used for the kube-scheduler. +If omitted defaults to an auto generated key. + +### kube-controller-manager-client-crt +**Type:** `string`
+ +The client certificate to be used for the Kubernetes controller manager. +If omitted defaults to an auto generated certificate. + +### kube-controller-manager-client-key +**Type:** `string`
+ +The client key to be used for the Kubernetes controller manager. +If omitted defaults to an auto generated key. + +### service-account-key +**Type:** `string`
+ +The key to be used by the default service account. +If omitted defaults to an auto generated key. + +### apiserver-crt +**Type:** `string`
+ +The certificate to be used for the kube-apiserver. +If omitted defaults to an auto generated certificate. + +### apiserver-key +**Type:** `string`
+ +The key to be used for the kube-apiserver. +If omitted defaults to an auto generated key. + +### kubelet-crt +**Type:** `string`
+ +The certificate to be used for the kubelet. +If omitted defaults to an auto generated certificate. + +### kubelet-key +**Type:** `string`
+ +The key to be used for the kubelet. +If omitted defaults to an auto generated key. + +### kubelet-client-crt +**Type:** `string`
+ +The certificate to be used for the kubelet client. +If omitted defaults to an auto generated certificate. + +### kubelet-client-key +**Type:** `string`
+ +The key to be used for the kubelet client. +If omitted defaults to an auto generated key. + +### extra-node-config-files +**Type:** `map[string]string`
+ +Additional files that are uploaded `/var/snap/k8s/common/args/conf.d/` +to a node on bootstrap. These files can then be referenced by Kubernetes +service arguments. + +The format is `map[]`. + +### extra-node-kube-apiserver-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to the `kube-apiserver` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-kube-controller-manager-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to the `kube-controller-manager` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-kube-scheduler-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to the `kube-scheduler` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-kube-proxy-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to the `kube-proxy` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-kubelet-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to the `kubelet` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-containerd-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to `containerd` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-k8s-dqlite-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to `k8s-dqlite` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-containerd-config +**Type:** `apiv1.MapStringAny`
+ +Extra configuration for the containerd config.toml + diff --git a/docs/src/_parts/control_plane_join_config.md b/docs/src/_parts/control_plane_join_config.md new file mode 100644 index 000000000..fa2919e45 --- /dev/null +++ b/docs/src/_parts/control_plane_join_config.md @@ -0,0 +1,152 @@ +### extra-sans +**Type:** `[]string`
+ +List of extra SANs to be added to certificates. + +### front-proxy-client-crt +**Type:** `string`
+ +The client certificate to be used for the front proxy. +If omitted defaults to an auto generated certificate. + +### front-proxy-client-key +**Type:** `string`
+ +The client key to be used for the front proxy. +If omitted defaults to an auto generated key. + +### kube-proxy-client-crt +**Type:** `string`
+ +The client certificate to be used by kubelet for communicating with the kube-apiserver. +If omitted defaults to an auto generated certificate. + +### kube-proxy-client-key +**Type:** `string`
+ +The client key to be used by kubelet for communicating with the kube-apiserver. +If omitted defaults to an auto generated key. + +### kube-scheduler-client-crt +**Type:** `string`
+ +The client certificate to be used for the kube-scheduler. +If omitted defaults to an auto generated certificate. + +### kube-scheduler-client-key +**Type:** `string`
+ +The client key to be used for the kube-scheduler. +If omitted defaults to an auto generated key. + +### kube-controller-manager-client-crt +**Type:** `string`
+ +The client certificate to be used for the Kubernetes controller manager. +If omitted defaults to an auto generated certificate. + +### kube-controller-manager-client-key +**Type:** `string`
+ +The client key to be used for the Kubernetes controller manager. +If omitted defaults to an auto generated key. + +### apiserver-crt +**Type:** `string`
+ +The certificate to be used for the kube-apiserver. +If omitted defaults to an auto generated certificate. + +### apiserver-key +**Type:** `string`
+ +The key to be used for the kube-apiserver. +If omitted defaults to an auto generated key. + +### kubelet-crt +**Type:** `string`
+ +The certificate to be used for the kubelet. +If omitted defaults to an auto generated certificate. + +### kubelet-key +**Type:** `string`
+ +The key to be used for the kubelet. +If omitted defaults to an auto generated key. + +### kubelet-client-crt +**Type:** `string`
+ +The client certificate to be used for the kubelet. +If omitted defaults to an auto generated certificate. + +### kubelet-client-key +**Type:** `string`
+ +The client key to be used for the kubelet. +If omitted defaults to an auto generated key. + +### extra-node-config-files +**Type:** `map[string]string`
+ +Additional files that are uploaded `/var/snap/k8s/common/args/conf.d/` +to a node on bootstrap. These files can then be referenced by Kubernetes +service arguments. + +The format is `map[]`. + +### extra-node-kube-apiserver-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to the `kube-apiserver` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-kube-controller-manager-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to the `kube-controller-manager` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-kube-scheduler-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to the `kube-scheduler` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-kube-proxy-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to the `kube-proxy` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-kubelet-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to the `kubelet` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-containerd-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to `containerd` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-k8s-dqlite-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to `k8s-dqlite` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-containerd-config +**Type:** `apiv1.MapStringAny`
+ +Extra configuration for the containerd config.toml + diff --git a/docs/src/_parts/worker_join_config.md b/docs/src/_parts/worker_join_config.md new file mode 100644 index 000000000..70a515a8f --- /dev/null +++ b/docs/src/_parts/worker_join_config.md @@ -0,0 +1,78 @@ +### kubelet-crt +**Type:** `string`
+ +The certificate to be used for the kubelet. +If omitted defaults to an auto generated certificate. + +### kubelet-key +**Type:** `string`
+ +The key to be used for the kubelet. +If omitted defaults to an auto generated key. + +### kubelet-client-crt +**Type:** `string`
+ +The client certificate to be used for the kubelet. +If omitted defaults to an auto generated certificate. + +### kubelet-client-key +**Type:** `string`
+ +The client key to be used for the kubelet. +If omitted defaults to an auto generated key. + +### kube-proxy-client-crt +**Type:** `string`
+ +The client certificate to be used for the kube-proxy. +If omitted defaults to an auto generated certificate. + +### kube-proxy-client-key +**Type:** `string`
+ +The client key to be used for the kube-proxy. +If omitted defaults to an auto generated key. + +### extra-node-config-files +**Type:** `map[string]string`
+ +Additional files that are uploaded `/var/snap/k8s/common/args/conf.d/` +to a node on bootstrap. These files can then be referenced by Kubernetes +service arguments. + +The format is `map[]`. + +### extra-node-kube-proxy-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to the `kube-proxy` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-kubelet-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to the `kubelet` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-containerd-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to `containerd` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-k8s-apiserver-proxy-args +**Type:** `map[string]string`
+ +Additional arguments that are passed to `k8s-api-server-proxy` only for that specific node. +A parameter that is explicitly set to `null` is deleted. +The format is `map[<--flag-name>]`. + +### extra-node-containerd-config +**Type:** `apiv1.MapStringAny`
+ +Extra configuration for the containerd config.toml + diff --git a/docs/src/snap/reference/bootstrap-config-reference.md b/docs/src/snap/reference/bootstrap-config-reference.md index 047622c5d..758828e04 100644 --- a/docs/src/snap/reference/bootstrap-config-reference.md +++ b/docs/src/snap/reference/bootstrap-config-reference.md @@ -1,520 +1,14 @@ # Bootstrap configuration file reference -A YAML file can be supplied to the `k8s bootstrap` command to configure and +A YAML file can be supplied to the `k8s join-cluster` command to configure and customise the cluster. This reference section provides the format of this file by listing all available options and their details. See below for an example. -## Format Specification +## Configuration options -### cluster-config.network - -**Type:** `object`
-**Required:** `No` - -Configuration options for the network feature - -#### cluster-config.network.enabled - -**Type:** `bool`
-**Required:** `No`
- -Determines if the feature should be enabled. -If omitted defaults to `true` - -### cluster-config.dns - -**Type:** `object`
-**Required:** `No` - -Configuration options for the dns feature - -#### cluster-config.dns.enabled - -**Type:** `bool`
-**Required:** `No`
- -Determines if the feature should be enabled. -If omitted defaults to `true` - -#### cluster-config.dns.cluster-domain - -**Type:** `string`
-**Required:** `No`
- -Sets the local domain of the cluster. -If omitted defaults to `cluster.local` - -#### cluster-config.dns.service-ip - -**Type:** `string`
-**Required:** `No`
- -Sets the IP address of the dns service. If omitted defaults to the IP address -of the Kubernetes service created by the feature. - -Can be used to point to an external dns server when feature is disabled. - - -#### cluster-config.dns.upstream-nameservers - -**Type:** `list[string]`
-**Required:** `No`
- -Sets the upstream nameservers used to forward queries for out-of-cluster -endpoints. -If omitted defaults to `/etc/resolv.conf` and uses the nameservers of the node. - - -### cluster-config.ingress - -**Type:** `object`
-**Required:** `No` - -Configuration options for the ingress feature - -#### cluster-config.ingress.enabled - -**Type:** `bool`
-**Required:** `No`
- -Determines if the feature should be enabled. -If omitted defaults to `false` - -#### cluster-config.ingress.default-tls-secret - -**Type:** `string`
-**Required:** `No`
- -Sets the name of the secret to be used for providing default encryption to -ingresses. - -Ingresses can specify another TLS secret in their resource definitions, -in which case the default secret won't be used. - -#### cluster-config.ingress.enable-proxy-protocol - -**Type:** `bool`
-**Required:** `No`
- -Determines if the proxy protocol should be enabled for ingresses. -If omitted defaults to `false` - - -### cluster-config.load-balancer - -**Type:** `object`
-**Required:** `No` - -Configuration options for the load-balancer feature - -#### cluster-config.load-balancer.enabled - -**Type:** `bool`
-**Required:** `No`
- -Determines if the feature should be enabled. -If omitted defaults to `false` - -#### cluster-config.load-balancer.cidrs - -**Type:** `list[string]`
-**Required:** `No`
- -Sets the CIDRs used for assigning IP addresses to Kubernetes services with type -`LoadBalancer`. - -#### cluster-config.load-balancer.l2-mode - -**Type:** `bool`
-**Required:** `No`
- -Determines if L2 mode should be enabled. -If omitted defaults to `false` - -#### cluster-config.load-balancer.l2-interfaces - -**Type:** `list[string]`
-**Required:** `No`
- -Sets the interfaces to be used for announcing IP addresses through ARP. -If omitted all interfaces will be used. - -#### cluster-config.load-balancer.bgp-mode - -**Type:** `bool`
-**Required:** `No`
- -Determines if BGP mode should be enabled. -If omitted defaults to `false` - -#### cluster-config.load-balancer.bgp-local-asn - -**Type:** `int`
-**Required:** `Yes if bgp-mode is true`
- -Sets the ASN to be used for the local virtual BGP router. - -#### cluster-config.load-balancer.bgp-peer-address - -**Type:** `string`
-**Required:** `Yes if bgp-mode is true`
- -Sets the IP address of the BGP peer. - -#### cluster-config.load-balancer.bgp-peer-asn - -**Type:** `int`
-**Required:** `Yes if bgp-mode is true`
- -Sets the ASN of the BGP peer. - -#### cluster-config.load-balancer.bgp-peer-port - -**Type:** `int`
-**Required:** `Yes if bgp-mode is true`
- -Sets the port of the BGP peer. - - -### cluster-config.local-storage - -**Type:** `object`
-**Required:** `No` - -Configuration options for the local-storage feature - -#### cluster-config.local-storage.enabled - -**Type:** `bool`
-**Required:** `No`
- -Determines if the feature should be enabled. -If omitted defaults to `false` - -#### cluster-config.local-storage.local-path - -**Type:** `string`
-**Required:** `No`
- -Sets the path to be used for storing volume data. -If omitted defaults to `/var/snap/k8s/common/rawfile-storage` - -#### cluster-config.local-storage.reclaim-policy - -**Type:** `string`
-**Required:** `No`
-**Possible Values:** `Retain | Recycle | Delete` - -Sets the reclaim policy of the storage class. -If omitted defaults to `Delete` - -#### cluster-config.local-storage.default - -**Type:** `bool`
-**Required:** `No`
- -Determines if the storage class should be set as default. -If omitted defaults to `true` - - -### cluster-config.gateway - -**Type:** `object`
-**Required:** `No` - -Configuration options for the gateway feature - -#### cluster-config.gateway.enabled - -**Type:** `bool`
-**Required:** `No`
- -Determines if the feature should be enabled. -If omitted defaults to `true` - -### cluster-config.cloud-provider - -**Type:** `string`
-**Required:** `No`
-**Possible Values:** `external` - -Sets the cloud provider to be used by the cluster. - -When this is set as `external`, node will wait for an external cloud provider to -do cloud specific setup and finish node initialization. - -### control-plane-taints - -**Type:** `list[string]`
-**Required:** `No` - -List of taints to be applied to control plane nodes. - -### pod-cidr - -**Type:** `string`
-**Required:** `No` - -The CIDR to be used for assigning pod addresses. -If omitted defaults to `10.1.0.0/16` - -### service-cidr - -**Type:** `string`
-**Required:** `No` - -The CIDR to be used for assigning service addresses. -If omitted defaults to `10.152.183.0/24` - -### disable-rbac - -**Type:** `bool`
-**Required:** `No` - -Determines if RBAC should be disabled. -If omitted defaults to `false` - -### secure-port - -**Type:** `int`
-**Required:** `No` - -The port number for kube-apiserver to use. -If omitted defaults to `6443` - -### k8s-dqlite-port - -**Type:** `int`
-**Required:** `No` - -The port number for k8s-dqlite to use. -If omitted defaults to `9000` - -### datastore-type - -**Type:** `string`
-**Required:** `No`
-**Possible Values:** `k8s-dqlite | external` - -The type of datastore to be used. -If omitted defaults to `k8s-dqlite` - -Can be used to point to an external datastore like etcd. - -### datastore-servers - -**Type:** `list[string]`
-**Required:** `No`
- -The server addresses to be used when `datastore-type` is set to `external`. - -### datastore-ca-crt - -**Type:** `string`
-**Required:** `No`
- -The CA certificate to be used when communicating with the external datastore. - -### datastore-client-crt - -**Type:** `string`
-**Required:** `No`
- -The client certificate to be used when communicating with the external -datastore. - -### datastore-client-key - -**Type:** `string`
-**Required:** `No`
- -The client key to be used when communicating with the external datastore. - -### extra-sans - -**Type:** `list[string]`
-**Required:** `No`
- -List of extra SANs to be added to certificates. - -### ca-crt - -**Type:** `string`
-**Required:** `No`
- -The CA certificate to be used for Kubernetes services. -If omitted defaults to an auto generated certificate. - -### ca-key - -**Type:** `string`
-**Required:** `No`
- -The CA key to be used for Kubernetes services. -If omitted defaults to an auto generated key. - -### front-proxy-ca-crt - -**Type:** `string`
-**Required:** `No`
- -The CA certificate to be used for the front proxy. -If omitted defaults to an auto generated certificate. - -### front-proxy-ca-key - -**Type:** `string`
-**Required:** `No`
- -The CA key to be used for the front proxy. -If omitted defaults to an auto generated key. - -### front-proxy-client-crt - -**Type:** `string`
-**Required:** `No`
- -The client certificate to be used for the front proxy. -If omitted defaults to an auto generated certificate. - -### front-proxy-client-key - -**Type:** `string`
-**Required:** `No`
- -The client key to be used for the front proxy. -If omitted defaults to an auto generated key. - - -### apiserver-kubelet-client-crt - -**Type:** `string`
-**Required:** `No`
- -The client certificate to be used by kubelet for communicating with the -kube-apiserver. -If omitted defaults to an auto generated certificate. - -### apiserver-kubelet-client-key - -**Type:** `string`
-**Required:** `No`
- -The client key to be used by kubelet for communicating with the kube-apiserver. -If omitted defaults to an auto generated key. - -### service-account-key - -**Type:** `string`
-**Required:** `No`
- -The key to be used by the default service account. -If omitted defaults to an auto generated key. - -### apiserver-crt - -**Type:** `string`
-**Required:** `No`
- -The certificate to be used for the kube-apiserver. -If omitted defaults to an auto generated certificate. - -### apiserver-key - -**Type:** `string`
-**Required:** `No`
- -The key to be used for the kube-apiserver. -If omitted defaults to an auto generated key. - -### kubelet-crt - -**Type:** `string`
-**Required:** `No`
- -The certificate to be used for the kubelet. -If omitted defaults to an auto generated certificate. - -### kubelet-key - -**Type:** `string`
-**Required:** `No`
- -The key to be used for the kubelet. -If omitted defaults to an auto generated key. - -### extra-node-config-files - -**Type:** `map[string]string`
-**Required:** `No`
- -Additional files that are uploaded `/var/snap/k8s/common/args/conf.d/` -to a node on bootstrap. These files can them be references by Kubernetes -service arguments. -The format is `map[]`. - -### extra-node-kube-apiserver-args - -**Type:** `map[string]string`
-**Required:** `No`
- -Additional arguments that are passed to the `kube-apiserver` only for that -specific node. Overwrites default configuration. A parameter that is explicitly -set to `null` is deleted. The format is `map[<--flag-name>]`. - -### extra-node-kube-controller-manager-args - -**Type:** `map[string]string`
-**Required:** `No`
- -Additional arguments that are passed to the `kube-controller-manager` only for -that specific node. Overwrites default configuration. A parameter that is -explicitly set to `null` is deleted. The format is `map[<--flag-name>]`. - -### extra-node-kube-scheduler-args - -**Type:** `map[string]string`
-**Required:** `No`
- -Additional arguments that are passed to the `kube-scheduler` only for that -specific node. Overwrites default configuration. A parameter that is explicitly -set to `null` is deleted. The format is `map[<--flag-name>]`. - -### extra-node-kube-proxy-args - -**Type:** `map[string]string`
-**Required:** `No`
- -Additional arguments that are passed to the `kube-proxy` only for that -specific node. Overwrites default configuration. A parameter that is explicitly -set to `null` is deleted. The format is `map[<--flag-name>]`. - -### extra-node-kubelet-args - -**Type:** `map[string]string`
-**Required:** `No`
- -Additional arguments that are passed to the `kubelet` only for that -specific node. Overwrites default configuration. A parameter that is explicitly -set to `null` is deleted. The format is `map[<--flag-name>]`. - -### extra-node-containerd-args - -**Type:** `map[string]string`
-**Required:** `No`
- -Additional arguments that are passed to `containerd` only for that -specific node. Overwrites default configuration. A parameter that is explicitly -set to `null` is deleted. The format is `map[<--flag-name>]`. - -### extra-node-k8s-dqlite-args - -**Type:** `map[string]string`
-**Required:** `No`
+```{include} ../../_parts/bootstrap_config.md +``` -Additional arguments that are passed to `k8s-dqlite` only for that -specific node. Overwrites default configuration. A parameter that is explicitly -set to `null` is deleted. The format is `map[<--flag-name>]`. ## Example diff --git a/docs/src/snap/reference/control-plane-join-config-reference.md b/docs/src/snap/reference/control-plane-join-config-reference.md new file mode 100755 index 000000000..855b816a4 --- /dev/null +++ b/docs/src/snap/reference/control-plane-join-config-reference.md @@ -0,0 +1,11 @@ +# Control plane node join configuration file reference + +A YAML file can be supplied to the `k8s join-cluster ` command to configure and +customize new nodes. + +This reference section provides all available options for control plane nodes. + +## Configuration options + +```{include} ../../_parts/control_plane_join_config.md +``` diff --git a/docs/src/snap/reference/index.md b/docs/src/snap/reference/index.md index f1720e760..840b4ab56 100644 --- a/docs/src/snap/reference/index.md +++ b/docs/src/snap/reference/index.md @@ -16,6 +16,8 @@ commands annotations certificates bootstrap-config-reference +control-plane-join-config-reference +worker-join-config-reference proxy troubleshooting architecture diff --git a/docs/src/snap/reference/worker-join-config-reference.md b/docs/src/snap/reference/worker-join-config-reference.md new file mode 100755 index 000000000..5f170f484 --- /dev/null +++ b/docs/src/snap/reference/worker-join-config-reference.md @@ -0,0 +1,11 @@ +# Worker node join configuration file reference + +A YAML file can be supplied to the `k8s join-cluster ` command to configure and +customize new worker nodes. + +This reference section provides all available options for worker nodes. + +## Configuration options + +```{include} ../../_parts/worker_join_config.md +``` diff --git a/src/k8s/Makefile b/src/k8s/Makefile index 4e7d33154..53db40353 100644 --- a/src/k8s/Makefile +++ b/src/k8s/Makefile @@ -14,7 +14,7 @@ go.unit: $(DQLITE_BUILD_SCRIPTS_DIR)/static-go-test.sh -v ./pkg/... ./cmd/... -coverprofile=coverage.txt --cover go.doc: bin/static/k8s - bin/static/k8s generate-docs --output-dir ../../docs/src/_parts/commands/ + bin/static/k8s generate-docs --output-dir ../../docs/src/_parts/ --project-dir . ## Static Builds static: bin/static/k8s bin/static/k8sd bin/static/k8s-apiserver-proxy diff --git a/src/k8s/cmd/k8s/k8s_generate_docs.go b/src/k8s/cmd/k8s/k8s_generate_docs.go index 10a8ea715..b95bb8b46 100644 --- a/src/k8s/cmd/k8s/k8s_generate_docs.go +++ b/src/k8s/cmd/k8s/k8s_generate_docs.go @@ -1,29 +1,64 @@ package k8s import ( + "path" + + apiv1 "github.com/canonical/k8s-snap-api/api/v1" cmdutil "github.com/canonical/k8s/cmd/util" + "github.com/canonical/k8s/pkg/docgen" "github.com/spf13/cobra" "github.com/spf13/cobra/doc" ) func newGenerateDocsCmd(env cmdutil.ExecutionEnvironment) *cobra.Command { var opts struct { - outputDir string + outputDir string + projectDir string } cmd := &cobra.Command{ Use: "generate-docs", Hidden: true, Short: "Generate markdown documentation", Run: func(cmd *cobra.Command, args []string) { - if err := doc.GenMarkdownTree(cmd.Parent(), opts.outputDir); err != nil { + outPath := path.Join(opts.outputDir, "commands") + if err := doc.GenMarkdownTree(cmd.Parent(), outPath); err != nil { cmd.PrintErrf("Error: Failed to generate markdown documentation for k8s command.\n\nThe error was: %v\n", err) env.Exit(1) return } + + outPath = path.Join(opts.outputDir, "bootstrap_config.md") + err := docgen.MarkdownFromJsonStructToFile(apiv1.BootstrapConfig{}, outPath, opts.projectDir) + if err != nil { + cmd.PrintErrf("Error: Failed to generate markdown documentation for bootstrap configuration\n\n") + cmd.PrintErrf("Error: %v", err) + env.Exit(1) + return + } + + outPath = path.Join(opts.outputDir, "control_plane_join_config.md") + err = docgen.MarkdownFromJsonStructToFile(apiv1.ControlPlaneJoinConfig{}, outPath, opts.projectDir) + if err != nil { + cmd.PrintErrf("Error: Failed to generate markdown documentation for ctrl plane join configuration\n\n") + cmd.PrintErrf("Error: %v", err) + env.Exit(1) + return + } + + outPath = path.Join(opts.outputDir, "worker_join_config.md") + err = docgen.MarkdownFromJsonStructToFile(apiv1.WorkerJoinConfig{}, outPath, opts.projectDir) + if err != nil { + cmd.PrintErrf("Error: Failed to generate markdown documentation for worker join configuration\n\n") + cmd.PrintErrf("Error: %v", err) + env.Exit(1) + return + } + cmd.Printf("Generated documentation in %s\n", opts.outputDir) }, } cmd.Flags().StringVar(&opts.outputDir, "output-dir", ".", "directory where the markdown docs will be written") + cmd.Flags().StringVar(&opts.projectDir, "project-dir", "../../", "the path to k8s-snap/src/k8s") return cmd } diff --git a/src/k8s/go.mod b/src/k8s/go.mod index ca4a888d6..1b3a893fb 100644 --- a/src/k8s/go.mod +++ b/src/k8s/go.mod @@ -5,7 +5,7 @@ go 1.22.6 require ( dario.cat/mergo v1.0.0 github.com/canonical/go-dqlite v1.22.0 - github.com/canonical/k8s-snap-api v1.0.8 + github.com/canonical/k8s-snap-api v1.0.9 github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 github.com/go-logr/logr v1.4.2 @@ -14,6 +14,7 @@ require ( github.com/onsi/gomega v1.32.0 github.com/pelletier/go-toml v1.9.5 github.com/spf13/cobra v1.8.1 + golang.org/x/mod v0.20.0 golang.org/x/net v0.28.0 golang.org/x/sync v0.8.0 golang.org/x/sys v0.24.0 diff --git a/src/k8s/go.sum b/src/k8s/go.sum index 8e5154068..9620b105b 100644 --- a/src/k8s/go.sum +++ b/src/k8s/go.sum @@ -99,8 +99,8 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXe github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/canonical/go-dqlite v1.22.0 h1:DuJmfcREl4gkQJyvZzjl2GHFZROhbPyfdjDRQXpkOyw= github.com/canonical/go-dqlite v1.22.0/go.mod h1:Uvy943N8R4CFUAs59A1NVaziWY9nJ686lScY7ywurfg= -github.com/canonical/k8s-snap-api v1.0.8 h1:W360Y4ulkAdCdQqbfQ7zXs3/Ty8SWENO3/Bzz8ZAEPE= -github.com/canonical/k8s-snap-api v1.0.8/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= +github.com/canonical/k8s-snap-api v1.0.9 h1:WhbyVtnR0GIAdY1UYBIzkspfgodxrHjlpT9FbG4NIu4= +github.com/canonical/k8s-snap-api v1.0.9/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 h1:YOqZ+/14OPZ+/TOXpRHIX3KLT0C+wZVpewKIwlGUmW0= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230/go.mod h1:YVGI7HStOKsV+cMyXWnJ7RaMPaeWtrkxyIPvGWbgACc= github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 h1:UrnpglbXELlxtufdk6DGDytu2JzyzuS3WTsOwPrkQLI= diff --git a/src/k8s/pkg/docgen/godoc.go b/src/k8s/pkg/docgen/godoc.go new file mode 100755 index 000000000..3b414ea8d --- /dev/null +++ b/src/k8s/pkg/docgen/godoc.go @@ -0,0 +1,115 @@ +package docgen + +import ( + "fmt" + "go/ast" + "go/doc" + "go/parser" + "go/token" + "reflect" +) + +var packageDocCache = make(map[string]*doc.Package) + +func findTypeSpec(decl *ast.GenDecl, symbol string) *ast.TypeSpec { + for _, spec := range decl.Specs { + typeSpec := spec.(*ast.TypeSpec) + if symbol == typeSpec.Name.Name { + return typeSpec + } + } + return nil +} + +func getStructTypeFromDoc(packageDoc *doc.Package, structName string) *ast.StructType { + for _, docType := range packageDoc.Types { + if structName != docType.Name { + continue + } + typeSpec := findTypeSpec(docType.Decl, docType.Name) + structType, ok := typeSpec.Type.(*ast.StructType) + if !ok { + // Not a structure. + continue + } + return structType + } + return nil +} + +func parsePackageDir(packageDir string) (*ast.Package, error) { + fset := token.NewFileSet() + packages, err := parser.ParseDir(fset, packageDir, nil, parser.ParseComments) + if err != nil { + return nil, fmt.Errorf("couldn't parse go package: %s", packageDir) + } + + if len(packages) == 0 { + return nil, fmt.Errorf("no go package found: %s", packageDir) + } + if len(packages) > 1 { + return nil, fmt.Errorf("multiple go package found: %s", packageDir) + } + + // We have a map containing a single entry and we need to return it. + for _, pkg := range packages { + return pkg, nil + } + + // shouldn't really get here. + return nil, fmt.Errorf("failed to parse go package") +} + +func getAstStructField(structType *ast.StructType, fieldName string) *ast.Field { + for _, field := range structType.Fields.List { + for _, fieldIdent := range field.Names { + if fieldIdent.Name == fieldName { + return field + } + } + } + return nil +} + +func getPackageDoc(packagePath string, projectDir string) (*doc.Package, error) { + packageDoc, found := packageDocCache[packagePath] + if found { + return packageDoc, nil + } + + packageDir, err := getGoPackageDir(packagePath, projectDir) + if err != nil { + return nil, fmt.Errorf("couldn't retrieve package dir, error: %v", err) + } + + pkg, err := parsePackageDir(packageDir) + if err != nil { + return nil, err + } + + packageDoc = doc.New(pkg, packageDir, doc.AllDecls|doc.PreserveAST) + packageDocCache[packagePath] = packageDoc + + return packageDoc, nil +} + +func getFieldDocstring(i any, field reflect.StructField, projectDir string) (string, error) { + inType := reflect.TypeOf(i) + + packageDoc, err := getPackageDoc(inType.PkgPath(), projectDir) + if err != nil { + return "", err + } + + structType := getStructTypeFromDoc(packageDoc, inType.Name()) + if structType == nil { + return "", fmt.Errorf("could not find %s structure definition", inType.Name()) + } + + astField := getAstStructField(structType, field.Name) + if astField == nil { + return "", fmt.Errorf("could not find %s.%s field definition", inType.Name(), field.Name) + } + + return astField.Doc.Text(), nil +} diff --git a/src/k8s/pkg/docgen/gomod.go b/src/k8s/pkg/docgen/gomod.go new file mode 100755 index 000000000..a7f446f6d --- /dev/null +++ b/src/k8s/pkg/docgen/gomod.go @@ -0,0 +1,99 @@ +package docgen + +import ( + "fmt" + "golang.org/x/mod/modfile" + "golang.org/x/mod/module" + "os" + "path" + "strings" +) + +func getGoDepModulePath(name string, version string) (string, error) { + cachePath := os.Getenv("GOMODCACHE") + if cachePath == "" { + goPath := os.Getenv("GOPATH") + if goPath == "" { + goPath = path.Join(os.Getenv("HOME"), "/go") + } + cachePath = path.Join(goPath, "pkg", "mod") + } + + escapedPath, err := module.EscapePath(name) + if err != nil { + return "", fmt.Errorf( + "couldn't escape module path: %s %v", name, err) + } + + escapedVersion, err := module.EscapeVersion(version) + if err != nil { + return "", fmt.Errorf( + "couldn't escape module version: %s %v", version, err) + } + + path := path.Join(cachePath, escapedPath+"@"+escapedVersion) + + // Validate the path. + if _, err := os.Stat(path); err != nil { + return "", fmt.Errorf( + "Go module path not accessible: %s %s %s, error: %v.", + name, version, path, err) + } + + return path, nil +} + +func getDependencyVersionFromGoMod(goModPath string, packageName string, directOnly bool) (string, string, error) { + goModContents, err := os.ReadFile(goModPath) + if err != nil { + return "", "", fmt.Errorf("could not read go.mod file %s, error: %v", goModPath, err) + } + goModFile, err := modfile.ParseLax(goModPath, goModContents, nil) + if err != nil { + return "", "", fmt.Errorf("could not parse go.mod file %s, error: %v", goModPath, err) + } + + for _, dep := range goModFile.Require { + if directOnly && dep.Indirect { + continue + } + if strings.HasPrefix(packageName, dep.Mod.Path) { + return dep.Mod.Path, dep.Mod.Version, nil + } + } + + return "", "", fmt.Errorf("could not find dependency %s in %s", packageName, goModPath) +} + +func getGoModPath(projectDir string) (string, error) { + return path.Join(projectDir, "go.mod"), nil +} + +func getGoPackageDir(packageName string, projectDir string) (string, error) { + if packageName == "" { + return "", fmt.Errorf("could not retrieve package dir, no package name specified.") + } + + if strings.HasPrefix(packageName, "github.com/canonical/k8s/") { + return strings.Replace(packageName, "github.com/canonical/k8s", projectDir, 1), nil + } + + // Dependency, need to retrieve its version from go.mod. + goModPath, err := getGoModPath(projectDir) + if err != nil { + return "", err + } + + basePackageName, version, err := getDependencyVersionFromGoMod(goModPath, packageName, false) + if err != nil { + return "", err + } + + basePath, err := getGoDepModulePath(basePackageName, version) + if err != nil { + return "", err + } + + subPath := strings.TrimPrefix(packageName, basePackageName) + return path.Join(basePath, subPath), nil +} diff --git a/src/k8s/pkg/docgen/json_struct.go b/src/k8s/pkg/docgen/json_struct.go new file mode 100755 index 000000000..d6463131e --- /dev/null +++ b/src/k8s/pkg/docgen/json_struct.go @@ -0,0 +1,138 @@ +package docgen + +import ( + "fmt" + "os" + "reflect" + "strings" +) + +type JsonTag struct { + Name string + Options []string +} + +type Field struct { + Name string + TypeName string + JsonTag JsonTag + FullJsonPath string + Docstring string +} + +// Generate Markdown documentation for a JSON or YAML based on +// the Go structure definition, parsing field annotations. +func MarkdownFromJsonStruct(i any, projectDir string) (string, error) { + fields, err := ParseStruct(i, projectDir) + if err != nil { + return "", err + } + + entryTemplate := `### %s +**Type:** ` + "`%s`" + `
+ +%s +` + + var out strings.Builder + for _, field := range fields { + outFieldType := strings.Replace(field.TypeName, "*", "", -1) + entry := fmt.Sprintf(entryTemplate, field.FullJsonPath, outFieldType, field.Docstring) + out.WriteString(entry) + } + + return out.String(), nil +} + +// Generate Markdown documentation for a JSON or YAML based on +// the Go structure definition, parsing field annotations. +// Write the output to the specified file path. +// The project dir is used to parse the source code and identify dependencies +// based on the go.mod file. +func MarkdownFromJsonStructToFile(i any, outFilePath string, projectDir string) error { + content, err := MarkdownFromJsonStruct(i, projectDir) + if err != nil { + return err + } + + err = os.WriteFile(outFilePath, []byte(content), 0644) + if err != nil { + return fmt.Errorf("failed to write markdown documentation to %s, error: %v.", + outFilePath, err) + } + return nil +} + +func getJsonTag(field reflect.StructField) JsonTag { + jsonTag := JsonTag{} + + jsonTagStr := field.Tag.Get("json") + if jsonTagStr == "" { + // Use yaml tags as fallback, which have the same format. + jsonTagStr = field.Tag.Get("yaml") + } + if jsonTagStr != "" { + jsonTagSlice := strings.Split(jsonTagStr, ",") + if len(jsonTagSlice) > 0 { + jsonTag.Name = jsonTagSlice[0] + } + if len(jsonTagSlice) > 1 { + jsonTag.Options = jsonTagSlice[1:] + } + } + + return jsonTag +} + +func ParseStruct(i any, projectDir string) ([]Field, error) { + inType := reflect.TypeOf(i) + + if inType.Kind() != reflect.Struct { + return nil, fmt.Errorf("structure parsing failed, not a structure: %s", inType.Name()) + } + + outFields := []Field{} + fields := reflect.VisibleFields(inType) + for _, field := range fields { + jsonTag := getJsonTag(field) + docstring, err := getFieldDocstring(i, field, projectDir) + if err != nil { + fmt.Fprintf(os.Stderr, "WARNING: could not retrieve field docstring: %s.%s, error: %v", + inType.Name(), field.Name, err) + } + + if field.Type.Kind() == reflect.Struct { + fieldIface := reflect.ValueOf(i).FieldByName(field.Name).Interface() + nestedFields, err := ParseStruct(fieldIface, projectDir) + if err != nil { + return nil, fmt.Errorf("couldn't parse %s.%s, error: %v", inType, field.Name, err) + } + + outField := Field{ + Name: field.Name, + TypeName: "object", + JsonTag: jsonTag, + FullJsonPath: jsonTag.Name, + Docstring: docstring, + } + outFields = append(outFields, outField) + + for _, nestedField := range nestedFields { + // Update the json paths of the nested fields based on the field name. + nestedField.FullJsonPath = jsonTag.Name + "." + nestedField.FullJsonPath + outFields = append(outFields, nestedField) + } + } else { + outField := Field{ + Name: field.Name, + TypeName: field.Type.String(), + JsonTag: jsonTag, + FullJsonPath: jsonTag.Name, + Docstring: docstring, + } + outFields = append(outFields, outField) + } + } + + return outFields, nil +} From 49a5da9018f4e9613af4f8ee60834a698d2be54c Mon Sep 17 00:00:00 2001 From: Nick Veitch Date: Mon, 7 Oct 2024 15:46:00 +0100 Subject: [PATCH 038/122] Ku 1824 doc fixes (#716) * fix headers in dualstack * fix CAPI explanation * fix refs for community * fix references * Markdown fixes --- .../explanation => assets}/capi-ck8s.svg | 0 docs/src/capi/explanation/capi-ck8s.md | 86 +++++++++++++++---- docs/src/capi/explanation/index.md | 2 +- docs/src/capi/reference/configs.md | 5 +- docs/src/charm/howto/install-lxd.md | 4 +- .../howto/networking/default-loadbalancer.md | 7 +- docs/src/snap/howto/networking/dualstack.md | 6 +- docs/src/snap/howto/storage/ceph.md | 2 +- docs/src/snap/howto/storage/storage.md | 2 +- docs/src/snap/reference/community.md | 4 +- docs/src/snap/tutorial/add-remove-nodes.md | 2 +- docs/src/snap/tutorial/getting-started.md | 9 +- 12 files changed, 93 insertions(+), 36 deletions(-) rename docs/src/{capi/explanation => assets}/capi-ck8s.svg (100%) diff --git a/docs/src/capi/explanation/capi-ck8s.svg b/docs/src/assets/capi-ck8s.svg similarity index 100% rename from docs/src/capi/explanation/capi-ck8s.svg rename to docs/src/assets/capi-ck8s.svg diff --git a/docs/src/capi/explanation/capi-ck8s.md b/docs/src/capi/explanation/capi-ck8s.md index d75db76ac..10b0e0674 100644 --- a/docs/src/capi/explanation/capi-ck8s.md +++ b/docs/src/capi/explanation/capi-ck8s.md @@ -1,12 +1,26 @@ # Cluster API - {{product}} -ClusterAPI (CAPI) is an open-source Kubernetes project that provides a declarative API for cluster creation, configuration, and management. It is designed to automate the creation and management of Kubernetes clusters in various environments, including on-premises data centers, public clouds, and edge devices. - -CAPI abstracts away the details of infrastructure provisioning, networking, and other low-level tasks, allowing users to define their desired cluster configuration using simple YAML manifests. This makes it easier to create and manage clusters in a repeatable and consistent manner, regardless of the underlying infrastructure. In this way a wide range of infrastructure providers has been made available, including but not limited to Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and OpenStack. - -CAPI also abstracts the provisioning and management of Kubernetes clusters allowing for a variety of Kubernetes distributions to be delivered in all of the supported infrastructure providers. {{product}} is one such Kubernetes distribution that seamlessly integrates with Cluster API. +ClusterAPI (CAPI) is an open-source Kubernetes project that provides a +declarative API for cluster creation, configuration, and management. It is +designed to automate the creation and management of Kubernetes clusters in +various environments, including on-premises data centers, public clouds, and +edge devices. + +CAPI abstracts away the details of infrastructure provisioning, networking, and +other low-level tasks, allowing users to define their desired cluster +configuration using simple YAML manifests. This makes it easier to create and +manage clusters in a repeatable and consistent manner, regardless of the +underlying infrastructure. In this way a wide range of infrastructure providers +has been made available, including but not limited to Amazon Web Services +(AWS), Microsoft Azure, Google Cloud Platform (GCP), and OpenStack. + +CAPI also abstracts the provisioning and management of Kubernetes clusters +allowing for a variety of Kubernetes distributions to be delivered in all of +the supported infrastructure providers. {{product}} is one such Kubernetes +distribution that seamlessly integrates with Cluster API. With {{product}} CAPI you can: + - provision a cluster with: - Kubernetes version 1.31 onwards - risk level of the track you want to follow (stable, candidate, beta, edge) @@ -20,21 +34,59 @@ Please refer to the “Tutorial” section for concrete examples on CAPI deploym ## CAPI architecture -Being a cloud-native framework, CAPI implements all its components as controllers that run within a Kubernetes cluster. There is a separate controller, called a ‘provider’, for each supported infrastructure substrate. The infrastructure providers are responsible for provisioning physical or virtual nodes and setting up networking elements such as load balancers and virtual networks. In a similar way, each Kubernetes distribution that integrates with ClusterAPI is managed by two providers: the control plane provider and the bootstrap provider. The bootstrap provider is responsible for delivering and managing Kubernetes on the nodes, while the control plane provider handles the control plane’s specific lifecycle. - -The CAPI providers operate within a Kubernetes cluster known as the management cluster. The administrator is responsible for selecting the desired combination of infrastructure and Kubernetes distribution by instantiating the respective infrastructure, bootstrap, and control plane providers on the management cluster. - -The management cluster functions as the control plane for the ClusterAPI operator, which is responsible for provisioning and managing the infrastructure resources necessary for creating and managing additional Kubernetes clusters. It is important to note that the management cluster is not intended to support any other workload, as the workloads are expected to run on the provisioned clusters. As a result, the provisioned clusters are referred to as workload clusters. - -Typically, the management cluster runs in a separate environment from the clusters it manages, such as a public cloud or an on-premises data center. It serves as a centralized location for managing the configuration, policies, and security of multiple managed clusters. By leveraging the management cluster, users can easily create and manage a fleet of Kubernetes clusters in a consistent and repeatable manner. +Being a cloud-native framework, CAPI implements all its components as +controllers that run within a Kubernetes cluster. There is a separate +controller, called a ‘provider’, for each supported infrastructure substrate. +The infrastructure providers are responsible for provisioning physical or +virtual nodes and setting up networking elements such as load balancers and +virtual networks. In a similar way, each Kubernetes distribution that +integrates with ClusterAPI is managed by two providers: the control plane +provider and the bootstrap provider. The bootstrap provider is responsible for +delivering and managing Kubernetes on the nodes, while the control plane +provider handles the control plane’s specific lifecycle. + +The CAPI providers operate within a Kubernetes cluster known as the management +cluster. The administrator is responsible for selecting the desired combination +of infrastructure and Kubernetes distribution by instantiating the respective +infrastructure, bootstrap, and control plane providers on the management +cluster. + +The management cluster functions as the control plane for the ClusterAPI +operator, which is responsible for provisioning and managing the infrastructure +resources necessary for creating and managing additional Kubernetes clusters. +It is important to note that the management cluster is not intended to support +any other workload, as the workloads are expected to run on the provisioned +clusters. As a result, the provisioned clusters are referred to as workload +clusters. + +Typically, the management cluster runs in a separate environment from the +clusters it manages, such as a public cloud or an on-premises data center. It +serves as a centralized location for managing the configuration, policies, and +security of multiple managed clusters. By leveraging the management cluster, +users can easily create and manage a fleet of Kubernetes clusters in a +consistent and repeatable manner. The {{product}} team maintains the two providers required for integrating with CAPI: -- The Cluster API Bootstrap Provider {{product}} (**CABPCK**) responsible for provisioning the nodes in the cluster and preparing them to be joined to the Kubernetes control plane. When you use the CABPCK you define a Kubernetes Cluster object that describes the desired state of the new cluster and includes the number and type of nodes in the cluster, as well as any additional configuration settings. The Bootstrap Provider then creates the necessary resources in the Kubernetes API server to bring the cluster up to the desired state. Under the hood, the Bootstrap Provider uses cloud-init to configure the nodes in the cluster. This includes setting up SSH keys, configuring the network, and installing necessary software packages. - -- The Cluster API Control Plane Provider {{product}} (**CACPCK**) enables the creation and management of Kubernetes control planes using {{product}} as the underlying Kubernetes distribution. Its main tasks are to update the machine state and to generate the kubeconfig file used for accessing the cluster. The kubeconfig file is stored as a secret which the user can then retrieve using the `clusterctl` command. - -```{figure} ./capi-ck8s.svg +- The Cluster API Bootstrap Provider {{product}} (**CABPCK**) responsible for + provisioning the nodes in the cluster and preparing them to be joined to the + Kubernetes control plane. When you use the CABPCK you define a Kubernetes + Cluster object that describes the desired state of the new cluster and + includes the number and type of nodes in the cluster, as well as any + additional configuration settings. The Bootstrap Provider then creates the + necessary resources in the Kubernetes API server to bring the cluster up to + the desired state. Under the hood, the Bootstrap Provider uses cloud-init to + configure the nodes in the cluster. This includes setting up SSH keys, + configuring the network, and installing necessary software packages. + +- The Cluster API Control Plane Provider {{product}} (**CACPCK**) enables the + creation and management of Kubernetes control planes using {{product}} as the + underlying Kubernetes distribution. Its main tasks are to update the machine + state and to generate the kubeconfig file used for accessing the cluster. The + kubeconfig file is stored as a secret which the user can then retrieve using + the `clusterctl` command. + +```{figure} ../../assets/capi-ck8s.svg :width: 100% :alt: Deployment of components diff --git a/docs/src/capi/explanation/index.md b/docs/src/capi/explanation/index.md index 775dd26a3..f10ada1ac 100644 --- a/docs/src/capi/explanation/index.md +++ b/docs/src/capi/explanation/index.md @@ -11,7 +11,7 @@ Overview ```{toctree} :titlesonly: -:globs: +:glob: about security diff --git a/docs/src/capi/reference/configs.md b/docs/src/capi/reference/configs.md index 60ce9bebe..7297d4f24 100644 --- a/docs/src/capi/reference/configs.md +++ b/docs/src/capi/reference/configs.md @@ -68,6 +68,7 @@ spec: - echo "second-command" ``` +(preruncommands)= ### `preRunCommands` **Type:** `[]string` @@ -107,7 +108,7 @@ spec: **Required:** no -`airGapped` is used to signal that we are deploying to an airgap environment. In this case, the provider will not attempt to install k8s-snap on the machine. The user is expected to install k8s-snap manually with [`preRunCommands`](#preRunCommands), or provide an image with k8s-snap pre-installed. +`airGapped` is used to signal that we are deploying to an airgap environment. In this case, the provider will not attempt to install k8s-snap on the machine. The user is expected to install k8s-snap manually with [`preRunCommands`](#preruncommands), or provide an image with k8s-snap pre-installed. **Example Usage:** ```yaml @@ -217,7 +218,7 @@ spec: ``` -[Install custom {{product}} on machines]: ../howto/custom-ck8s.md +[Install custom {{product}} on machines]: /capi/howto/custom-ck8s.md [etcd best practices]: https://etcd.io/docs/v3.5/faq/#why-an-odd-number-of-cluster-members diff --git a/docs/src/charm/howto/install-lxd.md b/docs/src/charm/howto/install-lxd.md index 321ce4e2c..9d3b96605 100644 --- a/docs/src/charm/howto/install-lxd.md +++ b/docs/src/charm/howto/install-lxd.md @@ -73,7 +73,7 @@ lxc profile show juju-myk8s ``` ```{note} For an explanation of the settings in this file, - [see below](explain-rules) + [see below](explain-rules-charm) ``` ## Deploying to a container @@ -81,7 +81,7 @@ lxc profile show juju-myk8s We can now deploy {{product}} into the LXD-based model as described in the [charm][] guide. -(explain-rules)= +(explain-rules-charm)= ## Explanation of custom LXD rules diff --git a/docs/src/snap/howto/networking/default-loadbalancer.md b/docs/src/snap/howto/networking/default-loadbalancer.md index 88a2a20fb..0fd14ced9 100644 --- a/docs/src/snap/howto/networking/default-loadbalancer.md +++ b/docs/src/snap/howto/networking/default-loadbalancer.md @@ -28,13 +28,15 @@ To check the current configuration of the load-balancer, run the following: ``` sudo k8s get load-balancer ``` + This should output a list of values like this: - `cidrs` - a list containing [cidr] or IP address range definitions of the pool of IP addresses to use - `l2-mode` - whether L2 mode (failover) is turned on -- `l2-interfaces` - optional list of interfaces to announce services over (defaults to all) +- `l2-interfaces` - optional list of interfaces to announce services over + (defaults to all) - `bgp-mode` - whether BGP mode is active. - `bgp-local-asn` - the local Autonomous System Number (ASN) - `bgp-peer-address` - the peer address @@ -47,7 +49,8 @@ These values are configured using the `k8s set`command, e.g.: sudo k8s set load-balancer.l2-mode=true ``` -Note that for the BGP mode, it is necessary to set ***all*** the values simultaneously. E.g. +Note that for the BGP mode, it is necessary to set ***all*** the values +simultaneously. E.g. ``` sudo k8s set load-balancer.bgp-mode=true load-balancer.bgp-local-asn=64512 load-balancer.bgp-peer-address=10.0.10.55/32 load-balancer.bgp-peer-asn=64512 load-balancer.bgp-peer-port=7012 diff --git a/docs/src/snap/howto/networking/dualstack.md b/docs/src/snap/howto/networking/dualstack.md index 343a02f37..406245ff5 100644 --- a/docs/src/snap/howto/networking/dualstack.md +++ b/docs/src/snap/howto/networking/dualstack.md @@ -6,13 +6,13 @@ both IPv4 and IPv6 addresses, allowing them to communicate over either protocol. This document will guide you through enabling dual-stack, including necessary configurations, known limitations, and common issues. -### Prerequisites +## Prerequisites Before enabling dual-stack, ensure that your environment supports IPv6, and that your network configuration (including any underlying infrastructure) is compatible with dual-stack operation. -### Enabling Dual-Stack +## Enabling Dual-Stack Dual-stack can be enabled by specifying both IPv4 and IPv6 CIDRs during the cluster bootstrap process. The key configuration parameters are: @@ -133,7 +133,7 @@ cluster bootstrap process. The key configuration parameters are: working. -### CIDR Size Limitations +## CIDR Size Limitations When setting up dual-stack networking, it is important to consider the limitations regarding CIDR size: diff --git a/docs/src/snap/howto/storage/ceph.md b/docs/src/snap/howto/storage/ceph.md index b448cab9f..ff55d10dd 100644 --- a/docs/src/snap/howto/storage/ceph.md +++ b/docs/src/snap/howto/storage/ceph.md @@ -331,7 +331,7 @@ Ceph documentation: [Intro to Ceph]. [Ceph]: https://ceph.com/ -[getting-started-guide]: ../tutorial/getting-started.md +[getting-started-guide]: /snap/tutorial/getting-started.md [block-devices-and-kubernetes]: https://docs.ceph.com/en/latest/rbd/rbd-kubernetes/ [placement groups]: https://docs.ceph.com/en/mimic/rados/operations/placement-groups/ [Intro to Ceph]: https://docs.ceph.com/en/latest/start/intro/ diff --git a/docs/src/snap/howto/storage/storage.md b/docs/src/snap/howto/storage/storage.md index dbba33631..71e9c3dd1 100644 --- a/docs/src/snap/howto/storage/storage.md +++ b/docs/src/snap/howto/storage/storage.md @@ -62,4 +62,4 @@ Disabling storage only removes the CSI driver. The persistent volume claims will still be available and your data will remain on disk. -[getting-started-guide]: ../tutorial/getting-started.md +[getting-started-guide]: /snap/tutorial/getting-started.md diff --git a/docs/src/snap/reference/community.md b/docs/src/snap/reference/community.md index 182ee8688..080b89348 100644 --- a/docs/src/snap/reference/community.md +++ b/docs/src/snap/reference/community.md @@ -68,6 +68,6 @@ the guidelines for participation. [matrix]: https://matrix.to/#/#k8s:ubuntu.com [Discourse]: https://discourse.ubuntu.com/c/kubernetes/180 [bugs]: https://github.com/canonical/k8s-snap/issues -[Contributing guide]: ../howto/contribute -[Developer guide]: ../howto/contribute +[Contributing guide]: /snap/howto/contribute +[Developer guide]: /snap/howto/contribute [support]: https://ubuntu.com/support diff --git a/docs/src/snap/tutorial/add-remove-nodes.md b/docs/src/snap/tutorial/add-remove-nodes.md index 736474b46..b36fd9a55 100644 --- a/docs/src/snap/tutorial/add-remove-nodes.md +++ b/docs/src/snap/tutorial/add-remove-nodes.md @@ -156,5 +156,5 @@ multipass purge [Ingress]: /snap/howto/networking/default-ingress [Kubectl]: kubectl [Command Reference]: /snap/reference/commands -[Storage]: /snap/howto/storage +[Storage]: /snap/howto/storage/index [Networking]: /snap/howto/networking/index.md diff --git a/docs/src/snap/tutorial/getting-started.md b/docs/src/snap/tutorial/getting-started.md index d613e202b..a79c8031d 100644 --- a/docs/src/snap/tutorial/getting-started.md +++ b/docs/src/snap/tutorial/getting-started.md @@ -94,9 +94,10 @@ Let's deploy a demo NGINX server: sudo k8s kubectl create deployment nginx --image=nginx ``` -This command launches a [pod](https://kubernetes.io/docs/concepts/workloads/pods/), -the smallest deployable unit in Kubernetes, -running the NGINX application within a container. +This command launches a +[pod](https://kubernetes.io/docs/concepts/workloads/pods/), the smallest +deployable unit in Kubernetes, running the NGINX application within a +container. You can check the status of your pods by running: @@ -214,6 +215,6 @@ This option ensures complete removal of the snap and its associated data. [How to use kubectl]: kubectl [Command Reference Guide]: /snap/reference/commands [Setting up a K8s cluster]: add-remove-nodes -[Storage]: /snap/howto/storage +[Storage]: /snap/howto/storage/index [Networking]: /snap/howto/networking/index.md [Ingress]: /snap/howto/networking/default-ingress.md \ No newline at end of file From 43ab3b8049d8ef535e1b5e98a8af8af6a09ef774 Mon Sep 17 00:00:00 2001 From: Adam Dyess Date: Tue, 8 Oct 2024 12:03:42 -0500 Subject: [PATCH 039/122] Improve Nightly Test runs to pass (#701) * Use the correct snap when upgrading * Make etcd tests arch aware * bump etcd version to 3.4.34 * Only use tmate if we're debugging a pull-reqeust * bump metrics server version that contains ARM fix --- .github/workflows/nightly-test.yaml | 36 ++++++++++++------- build-scripts/hack/sync-images.yaml | 4 +-- docs/src/snap/howto/install/offline.md | 2 +- .../pkg/k8sd/features/metrics-server/chart.go | 2 +- tests/integration/templates/etcd/etcd.service | 1 + tests/integration/tests/test_util/config.py | 2 +- tests/integration/tests/test_util/etcd.py | 8 +++-- .../tests/test_util/harness/base.py | 8 ++++- .../tests/test_version_upgrades.py | 7 ++-- tests/integration/tox.ini | 33 +++++++++-------- 10 files changed, 59 insertions(+), 44 deletions(-) diff --git a/.github/workflows/nightly-test.yaml b/.github/workflows/nightly-test.yaml index ea00bcd4f..b4a57a9de 100644 --- a/.github/workflows/nightly-test.yaml +++ b/.github/workflows/nightly-test.yaml @@ -9,12 +9,12 @@ permissions: jobs: test-integration: - name: Integration Test ${{ matrix.os }} ${{ matrix.arch }} ${{ matrix.releases }} + name: Integration Test ${{ matrix.os }} ${{ matrix.arch }} ${{ matrix.release }} strategy: matrix: os: ["ubuntu:20.04", "ubuntu:22.04", "ubuntu:24.04"] arch: ["amd64", "arm64"] - releases: ["latest/edge"] + release: ["latest/edge"] fail-fast: false # TODO: remove once arm64 works runs-on: ${{ matrix.arch == 'arm64' && 'Ubuntu_ARM64_4C_16G_01' || 'ubuntu-20.04' }} @@ -22,28 +22,23 @@ jobs: steps: - name: Checking out repo uses: actions/checkout@v4 - - name: Setup Python + - name: Install lxd and tox run: | sudo apt update - sudo apt install -y python3 python3-pip - - name: Install tox - run: | - pip3 install tox==4.13 - - name: Install lxd - run: | + sudo apt install -y tox sudo snap refresh lxd --channel 5.21/stable sudo lxd init --auto sudo usermod --append --groups lxd $USER sg lxd -c 'lxc version' - name: Create build directory run: mkdir -p build - - name: Install $${ matrix.releases }} k8s snap + - name: Install ${{ matrix.release }} k8s snap run: | cd build - snap download k8s --channel=${{ matrix.releases }} --basename k8s + snap download k8s --channel=${{ matrix.release }} --basename k8s - name: Run end to end tests # tox path needs to be specified for arm64 env: - TEST_SNAP: ${{ github.workspace }}/build/k8s-${{ matrix.patch }}.snap + TEST_SNAP: ${{ github.workspace }}/build/k8s.snap TEST_SUBSTRATE: lxd TEST_LXD_IMAGE: ${{ matrix.os }} TEST_INSPECTION_REPORTS_DIR: ${{ github.workspace }}/inspection-reports @@ -52,4 +47,19 @@ jobs: TEST_VERSION_UPGRADE_CHANNELS: "recent 6 classic" run: | export PATH="/home/runner/.local/bin:$PATH" - cd tests/integration && sg lxd -c 'tox -e integration' + cd tests/integration && sg lxd -c 'tox -vve integration' + - name: Prepare inspection reports + if: failure() + run: | + tar -czvf inspection-reports.tar.gz -C ${{ github.workspace }} inspection-reports + echo "artifact_name=inspection-reports-${{ matrix.os }}-${{ matrix.arch }}" | sed 's/:/-/g' >> $GITHUB_ENV + - name: Upload inspection report artifact + if: failure() + uses: actions/upload-artifact@v4 + with: + name: ${{ env.artifact_name }} + path: ${{ github.workspace }}/inspection-reports.tar.gz + - name: Tmate debugging session + if: ${{ failure() && github.event_name == 'pull_request' }} + uses: mxschmitt/action-tmate@v3 + timeout-minutes: 10 diff --git a/build-scripts/hack/sync-images.yaml b/build-scripts/hack/sync-images.yaml index 8f8b68ca4..55bbba9d9 100644 --- a/build-scripts/hack/sync-images.yaml +++ b/build-scripts/hack/sync-images.yaml @@ -23,8 +23,8 @@ sync: - source: ghcr.io/canonical/k8s-snap/sig-storage/csi-snapshotter:v8.0.1 target: '{{ env "MIRROR" }}/canonical/k8s-snap/sig-storage/csi-snapshotter:v8.0.1' type: image - - source: ghcr.io/canonical/metrics-server:0.7.0-ck1 - target: '{{ env "MIRROR" }}/canonical/metrics-server:0.7.0-ck1' + - source: ghcr.io/canonical/metrics-server:0.7.0-ck2 + target: '{{ env "MIRROR" }}/canonical/metrics-server:0.7.0-ck2' type: image - source: ghcr.io/canonical/rawfile-localpv:0.8.0-ck4 target: '{{ env "MIRROR" }}/canonical/rawfile-localpv:0.8.0-ck4' diff --git a/docs/src/snap/howto/install/offline.md b/docs/src/snap/howto/install/offline.md index dc251347e..545e37ab4 100644 --- a/docs/src/snap/howto/install/offline.md +++ b/docs/src/snap/howto/install/offline.md @@ -120,7 +120,7 @@ ghcr.io/canonical/k8s-snap/sig-storage/csi-node-driver-registrar:v2.10.1 ghcr.io/canonical/k8s-snap/sig-storage/csi-provisioner:v5.0.1 ghcr.io/canonical/k8s-snap/sig-storage/csi-resizer:v1.11.1 ghcr.io/canonical/k8s-snap/sig-storage/csi-snapshotter:v8.0.1 -ghcr.io/canonical/metrics-server:0.7.0-ck1 +ghcr.io/canonical/metrics-server:0.7.0-ck2 ghcr.io/canonical/rawfile-localpv:0.8.0-ck4 ``` diff --git a/src/k8s/pkg/k8sd/features/metrics-server/chart.go b/src/k8s/pkg/k8sd/features/metrics-server/chart.go index 8c4e46958..4c098dac2 100644 --- a/src/k8s/pkg/k8sd/features/metrics-server/chart.go +++ b/src/k8s/pkg/k8sd/features/metrics-server/chart.go @@ -18,5 +18,5 @@ var ( imageRepo = "ghcr.io/canonical/metrics-server" // imageTag is the image tag to use for metrics-server. - imageTag = "0.7.0-ck1" + imageTag = "0.7.0-ck2" ) diff --git a/tests/integration/templates/etcd/etcd.service b/tests/integration/templates/etcd/etcd.service index 0ac4e9933..e770666a0 100644 --- a/tests/integration/templates/etcd/etcd.service +++ b/tests/integration/templates/etcd/etcd.service @@ -11,6 +11,7 @@ LimitNOFILE=40000 TimeoutStartSec=0 + Environment=ETCD_UNSUPPORTED_ARCH=$ARCH ExecStart=/tmp/test-etcd/etcd --name $NAME \ --data-dir /tmp/etcd/s1 \ --listen-client-urls $CLIENT_URL \ diff --git a/tests/integration/tests/test_util/config.py b/tests/integration/tests/test_util/config.py index b9e535683..fddef4e2a 100644 --- a/tests/integration/tests/test_util/config.py +++ b/tests/integration/tests/test_util/config.py @@ -15,7 +15,7 @@ ETCD_URL = os.getenv("ETCD_URL") or "https://github.com/etcd-io/etcd/releases/download" # ETCD_VERSION is the version of etcd to use. -ETCD_VERSION = os.getenv("ETCD_VERSION") or "v3.3.8" +ETCD_VERSION = os.getenv("ETCD_VERSION") or "v3.4.34" # SNAP is the absolute path to the snap against which we run the integration tests. SNAP = os.getenv("TEST_SNAP") diff --git a/tests/integration/tests/test_util/etcd.py b/tests/integration/tests/test_util/etcd.py index 44f8a0eee..d53e8ee66 100644 --- a/tests/integration/tests/test_util/etcd.py +++ b/tests/integration/tests/test_util/etcd.py @@ -90,6 +90,7 @@ def add_node(self): ] substitutes = { + "ARCH": instance.arch, "NAME": instance.id, "IP": ip, "CLIENT_URL": f"https://{ip}:2379", @@ -224,13 +225,14 @@ def add_node(self): input=str.encode(src.substitute(substitutes)), ) + arch = instance.arch instance.exec( [ "curl", "-L", - f"{self.etcd_url}/{self.etcd_version}/etcd-{self.etcd_version}-linux-amd64.tar.gz", + f"{self.etcd_url}/{self.etcd_version}/etcd-{self.etcd_version}-linux-{arch}.tar.gz", "-o", - f"/tmp/etcd-{self.etcd_version}-linux-amd64.tar.gz", + f"/tmp/etcd-{self.etcd_version}-linux-{arch}.tar.gz", ] ) instance.exec(["mkdir", "-p", "/tmp/test-etcd"]) @@ -238,7 +240,7 @@ def add_node(self): [ "tar", "xzvf", - f"/tmp/etcd-{self.etcd_version}-linux-amd64.tar.gz", + f"/tmp/etcd-{self.etcd_version}-linux-{arch}.tar.gz", "-C", "/tmp/test-etcd", "--strip-components=1", diff --git a/tests/integration/tests/test_util/harness/base.py b/tests/integration/tests/test_util/harness/base.py index 829d64511..8111a339d 100644 --- a/tests/integration/tests/test_util/harness/base.py +++ b/tests/integration/tests/test_util/harness/base.py @@ -2,7 +2,7 @@ # Copyright 2024 Canonical, Ltd. # import subprocess -from functools import partial +from functools import cached_property, partial class HarnessError(Exception): @@ -30,6 +30,12 @@ def __init__(self, h: "Harness", id: str) -> None: def id(self) -> str: return self._id + @cached_property + def arch(self) -> str: + return self.exec( + ["dpkg", "--print-architecture"], text=True, capture_output=True + ).stdout.strip() + def __str__(self) -> str: return f"{self._h.name}:{self.id}" diff --git a/tests/integration/tests/test_version_upgrades.py b/tests/integration/tests/test_version_upgrades.py index 92ef2437e..d6e7a45b0 100644 --- a/tests/integration/tests/test_version_upgrades.py +++ b/tests/integration/tests/test_version_upgrades.py @@ -12,7 +12,7 @@ @pytest.mark.node_count(1) @pytest.mark.no_setup() -@pytest.mark.xfail("cilium failures are blocking this from working") +@pytest.mark.xfail(reason="cilium failures are blocking this from working") @pytest.mark.skipif( not config.VERSION_UPGRADE_CHANNELS, reason="No upgrade channels configured" ) @@ -26,10 +26,7 @@ def test_version_upgrades(instances: List[harness.Instance]): "'recent' requires the number of releases as second argument and the flavour as third argument" ) _, num_channels, flavour = channels - arch = cp.exec( - ["dpkg", "--print-architecture"], text=True, capture_output=True - ).stdout.strip() - channels = snap.get_latest_channels(int(num_channels), flavour, arch) + channels = snap.get_latest_channels(int(num_channels), flavour, cp.arch) LOG.info( f"Bootstrap node on {channels[0]} and upgrade through channels: {channels[1:]}" diff --git a/tests/integration/tox.ini b/tests/integration/tox.ini index e2d7296b2..b59d696d7 100644 --- a/tests/integration/tox.ini +++ b/tests/integration/tox.ini @@ -1,47 +1,46 @@ [tox] -no_package = True +skipsdist = True skip_missing_interpreters = True env_list = format, lint, integration -min_version = 4.0.0 [testenv] set_env = PYTHONBREAKPOINT=pdb.set_trace PY_COLORS=1 -pass_env = +passenv = PYTHONPATH [testenv:format] description = Apply coding style standards to code -deps = -r {tox_root}/requirements-dev.txt +deps = -r {toxinidir}/requirements-dev.txt commands = - licenseheaders -t {tox_root}/.copyright.tmpl -cy -o 'Canonical, Ltd' -d {tox_root}/tests - isort {tox_root}/tests --profile=black - black {tox_root}/tests + licenseheaders -t {toxinidir}/.copyright.tmpl -cy -o 'Canonical, Ltd' -d {toxinidir}/tests + isort {toxinidir}/tests --profile=black + black {toxinidir}/tests [testenv:lint] description = Check code against coding style standards -deps = -r {tox_root}/requirements-dev.txt +deps = -r {toxinidir}/requirements-dev.txt commands = - codespell {tox_root}/tests - flake8 {tox_root}/tests - licenseheaders -t {tox_root}/.copyright.tmpl -cy -o 'Canonical, Ltd' -d {tox_root}/tests --dry - isort {tox_root}/tests --profile=black --check - black {tox_root}/tests --check --diff + codespell {toxinidir}/tests + flake8 {toxinidir}/tests + licenseheaders -t {toxinidir}/.copyright.tmpl -cy -o 'Canonical, Ltd' -d {toxinidir}/tests --dry + isort {toxinidir}/tests --profile=black --check + black {toxinidir}/tests --check --diff [testenv:integration] description = Run integration tests deps = - -r {tox_root}/requirements-test.txt + -r {toxinidir}/requirements-test.txt commands = - pytest -v \ + pytest -vv \ --maxfail 1 \ --tb native \ --log-cli-level DEBUG \ --disable-warnings \ {posargs} \ - {tox_root}/tests -pass_env = + {toxinidir}/tests +passenv = TEST_* [flake8] From e64824c0d4bd41da38f2bf39c502f947ed31e83f Mon Sep 17 00:00:00 2001 From: Homayoon Alimohammadi Date: Wed, 9 Oct 2024 16:38:43 +0400 Subject: [PATCH 040/122] Add refresh-certificates annotation to capi references (#717) --- docs/src/capi/reference/annotations.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/src/capi/reference/annotations.md b/docs/src/capi/reference/annotations.md index 8f9e87fa9..3d540b446 100644 --- a/docs/src/capi/reference/annotations.md +++ b/docs/src/capi/reference/annotations.md @@ -7,9 +7,17 @@ pairs that can be used to reflect additional metadata for CAPI resources. The following annotations can be set on CAPI `Machine` resources. +### In-place Upgrade + | Name | Description | Values | Set by user | |-----------------------------------------------|------------------------------------------------------|------------------------------|-------------| | `v1beta2.k8sd.io/in-place-upgrade-to` | Trigger a Kubernetes version upgrade on that machine | snap version e.g.:
- `localPath=/full/path/to/k8s.snap`
- `revision=123`
- `channel=latest/edge` | yes | | `v1beta2.k8sd.io/in-place-upgrade-status` | The status of the version upgrade | in-progress\|done\|failed | no | | `v1beta2.k8sd.io/in-place-upgrade-release` | The current version on the machine | snap version e.g.:
- `localPath=/full/path/to/k8s.snap`
- `revision=123`
- `channel=latest/edge` | no | | `v1beta2.k8sd.io/in-place-upgrade-change-id` | The ID of the currently running upgrade | ID string | no | + +### Refresh Certificates + +| Name | Description | Values | Set by user | +|-----------------------------------------------|------------------------------------------------------|------------------------------|-------------| +| `v1beta2.k8sd.io/refresh-certificates` | The requested duration (TTL) that the refreshed certificates should expire in. | Duration (TTL) string. A number followed by a unit e.g.: `1mo`, `1y`, `90d`
Allowed units: Any unit supported by `time.ParseDuration` as well as `y` (year), `mo` (month) and `d` (day). | yes | From 426d1500a3190d6e3cf1b15ec7146c203e84721b Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Wed, 9 Oct 2024 21:30:09 +0200 Subject: [PATCH 041/122] Bump Kubernetes version (#723) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 587518aa7..0c86511f3 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Canonical Kubernetes Snap [![End to End Tests](https://github.com/canonical/k8s-snap/actions/workflows/integration.yaml/badge.svg)](https://github.com/canonical/k8s-snap/actions/workflows/integration.yaml) -![](https://img.shields.io/badge/Kubernetes-1.30-326de6.svg) +![](https://img.shields.io/badge/Kubernetes-1.31-326de6.svg) [![Get it from the Snap Store](https://snapcraft.io/static/images/badges/en/snap-store-black.svg)](https://snapcraft.io/k8s) From 45b544f255ddeef88c20039c7dfc607402f61b92 Mon Sep 17 00:00:00 2001 From: Adam Dyess Date: Thu, 10 Oct 2024 12:01:14 -0500 Subject: [PATCH 042/122] Create a test scenario for mixed version clustering (#720) --- .github/workflows/integration-informing.yaml | 1 + tests/integration/tests/conftest.py | 32 ++-- tests/integration/tests/test_cleanup.py | 4 +- tests/integration/tests/test_clustering.py | 25 +++ tests/integration/tests/test_util/config.py | 6 + .../tests/test_util/harness/base.py | 1 + tests/integration/tests/test_util/util.py | 144 +++++++++++++++++- .../tests/test_version_upgrades.py | 29 ++-- 8 files changed, 211 insertions(+), 31 deletions(-) diff --git a/.github/workflows/integration-informing.yaml b/.github/workflows/integration-informing.yaml index 344ffb6e4..f0eec21b8 100644 --- a/.github/workflows/integration-informing.yaml +++ b/.github/workflows/integration-informing.yaml @@ -89,6 +89,7 @@ jobs: TEST_SNAP: ${{ github.workspace }}/build/k8s-${{ matrix.patch }}.snap TEST_SUBSTRATE: lxd TEST_LXD_IMAGE: ${{ matrix.os }} + TEST_FLAVOR: ${{ matrix.patch }} TEST_INSPECTION_REPORTS_DIR: ${{ github.workspace }}/inspection-reports run: | # IPv6-only is only supported on moonray diff --git a/tests/integration/tests/conftest.py b/tests/integration/tests/conftest.py index 98e170fae..bb62acaa4 100644 --- a/tests/integration/tests/conftest.py +++ b/tests/integration/tests/conftest.py @@ -1,9 +1,10 @@ # # Copyright 2024 Canonical, Ltd. # +import itertools import logging from pathlib import Path -from typing import Generator, List, Union +from typing import Generator, Iterator, List, Optional, Union import pytest from test_util import config, harness, util @@ -86,7 +87,8 @@ def pytest_configure(config): "no_setup: No setup steps (pushing snap, bootstrapping etc.) are performed on any node for this test.\n" "dualstack: Support dualstack on the instances.\n" "etcd_count: Mark a test to specify how many etcd instance nodes need to be created (None by default)\n" - "node_count: Mark a test to specify how many instance nodes need to be created\n", + "node_count: Mark a test to specify how many instance nodes need to be created\n" + "snap_versions: Mark a test to specify snap_versions for each node\n", ) @@ -99,6 +101,15 @@ def node_count(request) -> int: return int(node_count_arg) +def snap_versions(request) -> Iterator[Optional[str]]: + """An endless iterable of snap versions for each node in the test.""" + marking = () + if snap_version_marker := request.node.get_closest_marker("snap_versions"): + marking, *_ = snap_version_marker.args + # endlessly repeat of the configured snap version after exhausting the marking + return itertools.chain(marking, itertools.repeat(None)) + + @pytest.fixture(scope="function") def disable_k8s_bootstrapping(request) -> bool: return bool(request.node.get_closest_marker("disable_k8s_bootstrapping")) @@ -132,28 +143,24 @@ def instances( no_setup: bool, bootstrap_config: Union[str, None], dualstack: bool, + request, ) -> Generator[List[harness.Instance], None, None]: """Construct instances for a cluster. Bootstrap and setup networking on the first instance, if `disable_k8s_bootstrapping` marker is not set. """ - if not config.SNAP: - pytest.fail("Set TEST_SNAP to the path where the snap is") - if node_count <= 0: pytest.xfail("Test requested 0 or fewer instances, skip this test.") - snap_path = (tmp_path / "k8s.snap").as_posix() - LOG.info(f"Creating {node_count} instances") instances: List[harness.Instance] = [] - for _ in range(node_count): + for _, snap in zip(range(node_count), snap_versions(request)): # Create instances and setup the k8s snap in each. instance = h.new_instance(dualstack=dualstack) instances.append(instance) if not no_setup: - util.setup_k8s_snap(instance, snap_path) + util.setup_k8s_snap(instance, tmp_path, snap) if not disable_k8s_bootstrapping and not no_setup: first_node, *_ = instances @@ -186,7 +193,7 @@ def instances( @pytest.fixture(scope="session") def session_instance( - h: harness.Harness, tmp_path_factory: pytest.TempPathFactory + h: harness.Harness, tmp_path_factory: pytest.TempPathFactory, request ) -> Generator[harness.Instance, None, None]: """Constructs and bootstraps an instance that persists over a test session. @@ -194,9 +201,10 @@ def session_instance( """ LOG.info("Setup node and enable all features") - snap_path = str(tmp_path_factory.mktemp("data") / "k8s.snap") + tmp_path = tmp_path_factory.mktemp("data") instance = h.new_instance() - util.setup_k8s_snap(instance, snap_path) + snap = next(snap_versions(request)) + util.setup_k8s_snap(instance, tmp_path, snap) bootstrap_config_path = "/home/ubuntu/bootstrap-session.yaml" instance.send_file( diff --git a/tests/integration/tests/test_cleanup.py b/tests/integration/tests/test_cleanup.py index e3fa4e37e..fb19a1ebf 100644 --- a/tests/integration/tests/test_cleanup.py +++ b/tests/integration/tests/test_cleanup.py @@ -5,7 +5,7 @@ from typing import List import pytest -from test_util import harness, util +from test_util import config, harness, util LOG = logging.getLogger(__name__) @@ -17,7 +17,7 @@ def test_node_cleanup(instances: List[harness.Instance]): util.wait_for_network(instance) LOG.info("Uninstall k8s...") - instance.exec(["snap", "remove", "k8s", "--purge"]) + instance.exec(["snap", "remove", config.SNAP_NAME, "--purge"]) LOG.info("Waiting for shims to go away...") util.stubbornly(retries=5, delay_s=5).on(instance).until( diff --git a/tests/integration/tests/test_clustering.py b/tests/integration/tests/test_clustering.py index 4650b15b9..a77e3f9c5 100644 --- a/tests/integration/tests/test_clustering.py +++ b/tests/integration/tests/test_clustering.py @@ -33,6 +33,31 @@ def test_control_plane_nodes(instances: List[harness.Instance]): ), f"only {cluster_node.id} should be left in cluster" +@pytest.mark.node_count(2) +@pytest.mark.snap_versions([util.previous_track(config.SNAP), config.SNAP]) +def test_mixed_version_join(instances: List[harness.Instance]): + """Test n versioned node joining a n-1 versioned cluster.""" + cluster_node = instances[0] # bootstrapped on the previous channel + joining_node = instances[1] # installed with the snap under test + + join_token = util.get_join_token(cluster_node, joining_node) + util.join_cluster(joining_node, join_token) + + util.wait_until_k8s_ready(cluster_node, instances) + nodes = util.ready_nodes(cluster_node) + assert len(nodes) == 2, "node should have joined cluster" + + assert "control-plane" in util.get_local_node_status(cluster_node) + assert "control-plane" in util.get_local_node_status(joining_node) + + cluster_node.exec(["k8s", "remove-node", joining_node.id]) + nodes = util.ready_nodes(cluster_node) + assert len(nodes) == 1, "node should have been removed from cluster" + assert ( + nodes[0]["metadata"]["name"] == cluster_node.id + ), f"only {cluster_node.id} should be left in cluster" + + @pytest.mark.node_count(3) def test_worker_nodes(instances: List[harness.Instance]): cluster_node = instances[0] diff --git a/tests/integration/tests/test_util/config.py b/tests/integration/tests/test_util/config.py index fddef4e2a..45c9ea5e6 100644 --- a/tests/integration/tests/test_util/config.py +++ b/tests/integration/tests/test_util/config.py @@ -17,9 +17,15 @@ # ETCD_VERSION is the version of etcd to use. ETCD_VERSION = os.getenv("ETCD_VERSION") or "v3.4.34" +# FLAVOR is the flavor of the snap to use. +FLAVOR = os.getenv("TEST_FLAVOR") or "" + # SNAP is the absolute path to the snap against which we run the integration tests. SNAP = os.getenv("TEST_SNAP") +# SNAP_NAME is the name of the snap under test. +SNAP_NAME = os.getenv("TEST_SNAP_NAME") or "k8s" + # SUBSTRATE is the substrate to use for running the integration tests. # One of 'local' (default), 'lxd', 'juju', or 'multipass'. SUBSTRATE = os.getenv("TEST_SUBSTRATE") or "local" diff --git a/tests/integration/tests/test_util/harness/base.py b/tests/integration/tests/test_util/harness/base.py index 8111a339d..de12508c6 100644 --- a/tests/integration/tests/test_util/harness/base.py +++ b/tests/integration/tests/test_util/harness/base.py @@ -32,6 +32,7 @@ def id(self) -> str: @cached_property def arch(self) -> str: + """Return the architecture of the instance""" return self.exec( ["dpkg", "--print-architecture"], text=True, capture_output=True ).stdout.strip() diff --git a/tests/integration/tests/test_util/util.py b/tests/integration/tests/test_util/util.py index 0124b5f84..391d73f6a 100644 --- a/tests/integration/tests/test_util/util.py +++ b/tests/integration/tests/test_util/util.py @@ -6,11 +6,13 @@ import re import shlex import subprocess +import urllib.request from datetime import datetime from functools import partial from pathlib import Path from typing import Any, Callable, List, Mapping, Optional, Union +import pytest from tenacity import ( RetryCallState, retry, @@ -22,6 +24,8 @@ from test_util import config, harness LOG = logging.getLogger(__name__) +RISKS = ["stable", "candidate", "beta", "edge"] +TRACK_RE = re.compile(r"^(\d+)\.(\d+)(\S*)$") def run(command: list, **kwargs) -> subprocess.CompletedProcess: @@ -128,12 +132,50 @@ def until( return Retriable() -# Installs and setups the k8s snap on the given instance and connects the interfaces. -def setup_k8s_snap(instance: harness.Instance, snap_path: Path): - LOG.info("Install k8s snap") - instance.send_file(config.SNAP, snap_path) - instance.exec(["snap", "install", snap_path, "--classic", "--dangerous"]) +def _as_int(value: Optional[str]) -> Optional[int]: + """Convert a string to an integer.""" + try: + return int(value) + except (TypeError, ValueError): + return None + + +def setup_k8s_snap( + instance: harness.Instance, tmp_path: Path, snap: Optional[str] = None +): + """Installs and sets up the snap on the given instance and connects the interfaces. + Args: + instance: instance on which to install the snap + tmp_path: path to store the snap on the instance + snap: choice of track, channel, revision, or file path + a snap track to install + a snap channel to install + a snap revision to install + a path to the snap to install + """ + cmd = ["snap", "install", "--classic"] + which_snap = snap or config.SNAP + + if not which_snap: + pytest.fail("Set TEST_SNAP to the channel, revision, or path to the snap") + + if isinstance(which_snap, str) and which_snap.startswith("/"): + LOG.info("Install k8s snap by path") + snap_path = (tmp_path / "k8s.snap").as_posix() + instance.send_file(which_snap, snap_path) + cmd += ["--dangerous", snap_path] + elif snap_revision := _as_int(which_snap): + LOG.info("Install k8s snap by revision") + cmd += [config.SNAP_NAME, "--revision", snap_revision] + elif "/" in which_snap or which_snap in RISKS: + LOG.info("Install k8s snap by specific channel: %s", which_snap) + cmd += [config.SNAP_NAME, "--channel", which_snap] + elif channel := tracks_least_risk(which_snap, instance.arch): + LOG.info("Install k8s snap by least risky channel: %s", channel) + cmd += [config.SNAP_NAME, "--channel", channel] + + instance.exec(cmd) LOG.info("Ensure k8s interfaces and network requirements") instance.exec(["/snap/k8s/current/k8s/hack/init.sh"], stdout=subprocess.DEVNULL) @@ -294,3 +336,95 @@ def is_valid_rfc3339(date_str): return True except ValueError: return False + + +def tracks_least_risk(track: str, arch: str) -> str: + """Determine the snap channel with the least risk in the provided track. + + Args: + track: the track to determine the least risk channel for + arch: the architecture to narrow the revision + + Returns: + the channel associated with the least risk + """ + LOG.debug("Determining least risk channel for track: %s on %s", track, arch) + if track == "latest": + return f"latest/edge/{config.FLAVOR or 'classic'}" + + INFO_URL = f"https://api.snapcraft.io/v2/snaps/info/{config.SNAP_NAME}" + HEADERS = { + "Snap-Device-Series": "16", + "User-Agent": "Mozilla/5.0", + } + + req = urllib.request.Request(INFO_URL, headers=HEADERS) + with urllib.request.urlopen(req) as response: + snap_info = json.loads(response.read().decode()) + + risks = [ + channel["channel"]["risk"] + for channel in snap_info["channel-map"] + if channel["channel"]["track"] == track + and channel["channel"]["architecture"] == arch + ] + if not risks: + raise ValueError(f"No risks found for track: {track}") + risk_level = {"stable": 0, "candidate": 1, "beta": 2, "edge": 3} + channel = f"{track}/{min(risks, key=lambda r: risk_level[r])}" + LOG.info("Least risk channel from track %s is %s", track, channel) + return channel + + +def previous_track(snap_version: str) -> str: + """Determine the snap track preceding the provided version. + + Args: + snap_version: the snap version to determine the previous track for + + Returns: + the previous track + """ + LOG.debug("Determining previous track for %s", snap_version) + + def _maj_min(version: str): + if match := TRACK_RE.match(version): + maj, min, _ = match.groups() + return int(maj), int(min) + return None + + if not snap_version: + assumed = "latest" + LOG.info( + "Cannot determine previous track for undefined snap -- assume %s", + snap_version, + assumed, + ) + return assumed + + if snap_version.startswith("/") or _as_int(snap_version) is not None: + assumed = "latest" + LOG.info( + "Cannot determine previous track for %s -- assume %s", snap_version, assumed + ) + return assumed + + if maj_min := _maj_min(snap_version): + maj, min = maj_min + if min == 0: + with urllib.request.urlopen( + f"https://dl.k8s.io/release/stable-{maj - 1}.txt" + ) as r: + stable = r.read().decode().strip() + maj_min = _maj_min(stable) + else: + maj_min = (maj, min - 1) + elif snap_version.startswith("latest") or "/" not in snap_version: + with urllib.request.urlopen("https://dl.k8s.io/release/stable.txt") as r: + stable = r.read().decode().strip() + maj_min = _maj_min(stable) + + flavor_track = {"": "classic", "strict": ""}.get(config.FLAVOR, config.FLAVOR) + track = f"{maj_min[0]}.{maj_min[1]}" + (flavor_track and f"-{flavor_track}") + LOG.info("Previous track for %s is from track: %s", snap_version, track) + return track diff --git a/tests/integration/tests/test_version_upgrades.py b/tests/integration/tests/test_version_upgrades.py index d6e7a45b0..3d9207759 100644 --- a/tests/integration/tests/test_version_upgrades.py +++ b/tests/integration/tests/test_version_upgrades.py @@ -12,40 +12,45 @@ @pytest.mark.node_count(1) @pytest.mark.no_setup() -@pytest.mark.xfail(reason="cilium failures are blocking this from working") @pytest.mark.skipif( not config.VERSION_UPGRADE_CHANNELS, reason="No upgrade channels configured" ) -def test_version_upgrades(instances: List[harness.Instance]): +def test_version_upgrades(instances: List[harness.Instance], tmp_path): channels = config.VERSION_UPGRADE_CHANNELS cp = instances[0] + current_channel = channels[0] - if channels[0].lower() == "recent": + if current_channel.lower() == "recent": if len(channels) != 3: pytest.fail( "'recent' requires the number of releases as second argument and the flavour as third argument" ) _, num_channels, flavour = channels channels = snap.get_latest_channels(int(num_channels), flavour, cp.arch) + current_channel = channels[0] LOG.info( - f"Bootstrap node on {channels[0]} and upgrade through channels: {channels[1:]}" + f"Bootstrap node on {current_channel} and upgrade through channels: {channels[1:]}" ) # Setup the k8s snap from the bootstrap channel and setup basic configuration. - cp.exec(["snap", "install", "k8s", "--channel", channels[0], "--classic"]) + util.setup_k8s_snap(cp, tmp_path, current_channel) cp.exec(["k8s", "bootstrap"]) - util.stubbornly(retries=30, delay_s=20).until(util.ready_nodes(cp) == 1) + util.wait_until_k8s_ready(cp, instances) + LOG.info(f"Installed {cp.id} on channel {current_channel}") - current_channel = channels[0] for channel in channels[1:]: LOG.info(f"Upgrading {cp.id} from {current_channel} to channel {channel}") + # Log the current snap version on the node. - cp.exec(["snap", "info", "k8s"]) + out = cp.exec(["snap", "list", config.SNAP_NAME], capture_output=True) + LOG.info(f"Current snap version: {out.stdout.decode().strip()}") # note: the `--classic` flag will be ignored by snapd for strict snaps. - cp.exec(["snap", "refresh", "k8s", "--channel", channel, "--classic"]) - - util.stubbornly(retries=30, delay_s=20).until(util.ready_nodes(cp) == 1) - LOG.info(f"Upgraded {cp.id} to channel {channel}") + cp.exec( + ["snap", "refresh", config.SNAP_NAME, "--channel", channel, "--classic"] + ) + util.wait_until_k8s_ready(cp, instances) + current_channel = channel + LOG.info(f"Upgraded {cp.id} on channel {channel}") From d57414cca8d871b24daf0bdd07e4061b2461688d Mon Sep 17 00:00:00 2001 From: Claudiu Belu Date: Fri, 11 Oct 2024 11:33:20 +0300 Subject: [PATCH 043/122] Removes lingering kubelet plugins on snap removal (#727) At the moment, the kubelet plugins in /var/lib/kubelet/plugins/ are not removed, even though the Pods associated with those plugins have been removed. This means that on reinstallation, kubelet will try to access those inexistent plugins through the *.sock files, including for plugins we don't want anymore, and delaying registration for the ones we do want. --- k8s/lib.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/k8s/lib.sh b/k8s/lib.sh index e3b871cfb..e3de17aa2 100755 --- a/k8s/lib.sh +++ b/k8s/lib.sh @@ -71,6 +71,11 @@ k8s::remove::containers() { # umount lingering volumes by force, to prevent potential volume leaks. cat /proc/mounts | grep /run/containerd/io.containerd. | cut -f2 -d' ' | xargs -r -t umount -f || true cat /proc/mounts | grep /var/lib/kubelet/pods | cut -f2 -d' ' | xargs -r -t umount -f || true + + # remove kubelet plugin sockets, as we don't have the containers associated with them anymore, + # so kubelet won't try to access inexistent plugins on reinstallation. + find /var/lib/kubelet/plugins/ -name "*.sock" | xargs rm -f || true + rm /var/lib/kubelet/plugins_registry/*.sock || true } # Run a ctr command against the local containerd socket From ef30a2e788ff9fd56ba265d55848e247b0d18229 Mon Sep 17 00:00:00 2001 From: Claudiu Belu Date: Fri, 11 Oct 2024 15:38:32 +0300 Subject: [PATCH 044/122] Removes lingering CSI plugin volume mounts on snap removal (#726) At the moment, we're unmounting the mounted Pod volumes (/var/lib/kubelet/pods) from the system when we remove the snap. However, there may still be volume mounts from certain CSI drivers like Longhorn still mounted (/var/lib/kubelet/plugins). This commit addresses this issue. --- k8s/lib.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/k8s/lib.sh b/k8s/lib.sh index e3de17aa2..3ef47f516 100755 --- a/k8s/lib.sh +++ b/k8s/lib.sh @@ -60,18 +60,21 @@ k8s::remove::containers() { # delete cni network namespaces ip netns list | cut -f1 -d' ' | grep -- "^cni-" | xargs -n1 -r -t ip netns delete || true - # unmount NFS volumes forcefully, as unmounting them normally may hang otherwise. + # unmount Pod NFS volumes forcefully, as unmounting them normally may hang otherwise. cat /proc/mounts | grep /run/containerd/io.containerd. | grep "nfs[34]" | cut -f2 -d' ' | xargs -r -t umount -f || true cat /proc/mounts | grep /var/lib/kubelet/pods | grep "nfs[34]" | cut -f2 -d' ' | xargs -r -t umount -f || true - # unmount volumes + # unmount Pod volumes gracefully. cat /proc/mounts | grep /run/containerd/io.containerd. | cut -f2 -d' ' | xargs -r -t umount || true cat /proc/mounts | grep /var/lib/kubelet/pods | cut -f2 -d' ' | xargs -r -t umount || true - # umount lingering volumes by force, to prevent potential volume leaks. + # unmount lingering Pod volumes by force, to prevent potential volume leaks. cat /proc/mounts | grep /run/containerd/io.containerd. | cut -f2 -d' ' | xargs -r -t umount -f || true cat /proc/mounts | grep /var/lib/kubelet/pods | cut -f2 -d' ' | xargs -r -t umount -f || true + # unmount various volumes exposed by CSI plugin drivers. + cat /proc/mounts | grep /var/lib/kubelet/plugins | cut -f2 -d' ' | xargs -r -t umount -f || true + # remove kubelet plugin sockets, as we don't have the containers associated with them anymore, # so kubelet won't try to access inexistent plugins on reinstallation. find /var/lib/kubelet/plugins/ -name "*.sock" | xargs rm -f || true From c618f0993ca596e6fe1e66366a584f3b90d9bce0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciek=20Go=C5=82aszewski?= Date: Fri, 11 Oct 2024 19:50:13 +0200 Subject: [PATCH 045/122] Add linter for Go (#710) --------- Co-authored-by: Benjamin Schimke --- .github/workflows/go.yaml | 14 ++ .golangci.yml | 340 ++++++++++++++++++++++++++++++++++++++ src/k8s/Makefile | 7 + src/k8s/cmd/k8s/hooks.go | 1 - 4 files changed, 361 insertions(+), 1 deletion(-) create mode 100644 .golangci.yml diff --git a/.github/workflows/go.yaml b/.github/workflows/go.yaml index 63e940817..56be690a9 100644 --- a/.github/workflows/go.yaml +++ b/.github/workflows/go.yaml @@ -23,6 +23,7 @@ jobs: permissions: contents: read # for actions/checkout to fetch code pull-requests: write # for marocchino/sticky-pull-request-comment to create or update PR comment + checks: write # for golangci/golangci-lint-action to checks to allow the action to annotate code in the PR. name: Unit Tests & Code Quality runs-on: ubuntu-latest @@ -71,6 +72,19 @@ jobs: # root ownership so the tests must be run as root: run: sudo make go.unit + - name: dqlite-for-golangci-lint + working-directory: src/k8s + run: | + sudo add-apt-repository ppa:dqlite/dev + sudo apt update + sudo apt install dqlite-tools libdqlite-dev + + - name: golangci-lint + uses: golangci/golangci-lint-action@v6 + with: + version: v1.61 + working-directory: src/k8s + test-binary: name: Binaries runs-on: ubuntu-latest diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 000000000..3920409b8 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,340 @@ +# This code is licensed under the terms of the MIT license https://opensource.org/license/mit +# Copyright (c) 2021 Marat Reymers + +## Golden config for golangci-lint v1.61.0 +# +# This is the best config for golangci-lint based on my experience and opinion. +# It is very strict, but not extremely strict. +# Feel free to adapt and change it for your needs. +linters: + disable-all: true + enable: + - gosimple + +# TODO(ben): Enable those linters step by step and fix existing issues. +# - errcheck +# - govet +# - ineffassign +# - staticcheck +# - unused +# - asasalint +# - asciicheck +# - bidichk +# - bodyclose +# - canonicalheader +# - containedctx +# - contextcheck +# - copyloopvar +# - cyclop +# - decorder +# - depguard +# - dogsled +# - dupl +# - dupword +# - durationcheck +# - err113 +# - errchkjson +# - errname +# - errorlint +# - exhaustive +# - exhaustruct +# - fatcontext +# - forbidigo +# - forcetypeassert +# - funlen +# - gci +# - ginkgolinter +# - gocheckcompilerdirectives +# - gochecknoglobals +# - gochecknoinits +# - gochecksumtype +# - gocognit +# - goconst +# - gocritic +# - gocyclo +# - godot +# - godox +# - gofmt +# - gofumpt +# - goheader +# - goimports +# - gomoddirectives +# - gomodguard +# - goprintffuncname +# - gosec +# - gosmopolitan +# - grouper +# - importas +# - inamedparam +# - interfacebloat +# - intrange +# - ireturn +# - lll +# - loggercheck +# - maintidx +# - makezero +# - mirror +# - misspell +# - mnd +# - musttag +# - nakedret +# - nestif +# - nilerr +# - nilnil +# - nlreturn +# - noctx +# - nolintlint +# - nonamedreturns +# - nosprintfhostport +# - paralleltest +# - perfsprint +# - prealloc +# - predeclared +# - promlinter +# - protogetter +# - reassign +# - revive +# - rowserrcheck +# - sloglint +# - spancheck +# - sqlclosecheck +# - stylecheck +# - tagalign +# - tagliatelle +# - tenv +# - testableexamples +# - testifylint +# - testpackage +# - thelper +# - tparallel +# - unconvert +# - unparam +# - usestdlibvars +# - varnamelen +# - wastedassign +# - whitespace +# - wrapcheck +# - wsl +# - zerologlint + +run: + # Timeout for analysis, e.g. 30s, 5m. + # Default: 1m + timeout: 5m + +# This file contains only configs which differ from defaults. +# All possible options can be found here https://github.com/golangci/golangci-lint/blob/master/.golangci.reference.yml +linters-settings: + cyclop: + # The maximal code complexity to report. + # Default: 10 + max-complexity: 30 + # The maximal average package complexity. + # If it's higher than 0.0 (float) the check is enabled + # Default: 0.0 + package-average: 10.0 + + errcheck: + # Report about not checking of errors in type assertions: `a := b.(MyStruct)`. + # Such cases aren't reported by default. + # Default: false + check-type-assertions: true + + exhaustive: + # Program elements to check for exhaustiveness. + # Default: [ switch ] + check: + - switch + - map + + exhaustruct: + # List of regular expressions to exclude struct packages and their names from checks. + # Regular expressions must match complete canonical struct package/name/structname. + # Default: [] + exclude: + # std libs + - "^net/http.Client$" + - "^net/http.Cookie$" + - "^net/http.Request$" + - "^net/http.Response$" + - "^net/http.Server$" + - "^net/http.Transport$" + - "^net/url.URL$" + - "^os/exec.Cmd$" + - "^reflect.StructField$" + # public libs + - "^github.com/Shopify/sarama.Config$" + - "^github.com/Shopify/sarama.ProducerMessage$" + - "^github.com/mitchellh/mapstructure.DecoderConfig$" + - "^github.com/prometheus/client_golang/.+Opts$" + - "^github.com/spf13/cobra.Command$" + - "^github.com/spf13/cobra.CompletionOptions$" + - "^github.com/stretchr/testify/mock.Mock$" + - "^github.com/testcontainers/testcontainers-go.+Request$" + - "^github.com/testcontainers/testcontainers-go.FromDockerfile$" + - "^golang.org/x/tools/go/analysis.Analyzer$" + - "^google.golang.org/protobuf/.+Options$" + - "^gopkg.in/yaml.v3.Node$" + + funlen: + # Checks the number of lines in a function. + # If lower than 0, disable the check. + # Default: 60 + lines: 100 + # Checks the number of statements in a function. + # If lower than 0, disable the check. + # Default: 40 + statements: 50 + # Ignore comments when counting lines. + # Default false + ignore-comments: true + + gocognit: + # Minimal code complexity to report. + # Default: 30 (but we recommend 10-20) + min-complexity: 20 + + gocritic: + # Settings passed to gocritic. + # The settings key is the name of a supported gocritic checker. + # The list of supported checkers can be find in https://go-critic.github.io/overview. + settings: + captLocal: + # Whether to restrict checker to params only. + # Default: true + paramsOnly: false + underef: + # Whether to skip (*x).method() calls where x is a pointer receiver. + # Default: true + skipRecvDeref: false + + gomodguard: + blocked: + # List of blocked modules. + # Default: [] + modules: + - github.com/golang/protobuf: + recommendations: + - google.golang.org/protobuf + reason: "see https://developers.google.com/protocol-buffers/docs/reference/go/faq#modules" + - github.com/satori/go.uuid: + recommendations: + - github.com/google/uuid + reason: "satori's package is not maintained" + - github.com/gofrs/uuid: + recommendations: + - github.com/gofrs/uuid/v5 + reason: "gofrs' package was not go module before v5" + + govet: + # Enable all analyzers. + # Default: false + enable-all: true + # Disable analyzers by name. + # Run `go tool vet help` to see all analyzers. + # Default: [] + disable: + - fieldalignment # too strict + # Settings per analyzer. + settings: + shadow: + # Whether to be strict about shadowing; can be noisy. + # Default: false + strict: true + + inamedparam: + # Skips check for interface methods with only a single parameter. + # Default: false + skip-single-param: true + + mnd: + # List of function patterns to exclude from analysis. + # Values always ignored: `time.Date`, + # `strconv.FormatInt`, `strconv.FormatUint`, `strconv.FormatFloat`, + # `strconv.ParseInt`, `strconv.ParseUint`, `strconv.ParseFloat`. + # Default: [] + ignored-functions: + - args.Error + - flag.Arg + - flag.Duration.* + - flag.Float.* + - flag.Int.* + - flag.Uint.* + - os.Chmod + - os.Mkdir.* + - os.OpenFile + - os.WriteFile + - prometheus.ExponentialBuckets.* + - prometheus.LinearBuckets + + nakedret: + # Make an issue if func has more lines of code than this setting, and it has naked returns. + # Default: 30 + max-func-lines: 0 + + nolintlint: + # Exclude following linters from requiring an explanation. + # Default: [] + allow-no-explanation: [ funlen, gocognit, lll ] + # Enable to require an explanation of nonzero length after each nolint directive. + # Default: false + require-explanation: true + # Enable to require nolint directives to mention the specific linter being suppressed. + # Default: false + require-specific: true + + perfsprint: + # Optimizes into strings concatenation. + # Default: true + strconcat: false + + rowserrcheck: + # database/sql is always checked + # Default: [] + packages: + - github.com/jmoiron/sqlx + + sloglint: + # Enforce not using global loggers. + # Values: + # - "": disabled + # - "all": report all global loggers + # - "default": report only the default slog logger + # https://github.com/go-simpler/sloglint?tab=readme-ov-file#no-global + # Default: "" + no-global: "all" + # Enforce using methods that accept a context. + # Values: + # - "": disabled + # - "all": report all contextless calls + # - "scope": report only if a context exists in the scope of the outermost function + # https://github.com/go-simpler/sloglint?tab=readme-ov-file#context-only + # Default: "" + context: "scope" + + tenv: + # The option `all` will run against whole test files (`_test.go`) regardless of method/function signatures. + # Otherwise, only methods that take `*testing.T`, `*testing.B`, and `testing.TB` as arguments are checked. + # Default: false + all: true + +issues: + # Maximum count of issues with the same text. + # Set to 0 to disable. + # Default: 3 + max-same-issues: 50 + + exclude-rules: + - source: "(noinspection|TODO)" + linters: [ godot ] + - source: "//noinspection" + linters: [ gocritic ] + - path: "_test\\.go" + linters: + - bodyclose + - dupl + - funlen + - goconst + - gosec + - noctx + - wrapcheck diff --git a/src/k8s/Makefile b/src/k8s/Makefile index 53db40353..8911da0d8 100644 --- a/src/k8s/Makefile +++ b/src/k8s/Makefile @@ -7,6 +7,13 @@ go.fmt: go mod tidy go fmt ./... +go.lint: +ifeq (, $(shell which golangci-lint)) + echo "golangci-lint not found, installing it" + go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.61.0 +endif + golangci-lint run + go.vet: $(DQLITE_BUILD_SCRIPTS_DIR)/static-go-vet.sh ./... diff --git a/src/k8s/cmd/k8s/hooks.go b/src/k8s/cmd/k8s/hooks.go index 6b97bd16d..7ea0798ff 100644 --- a/src/k8s/cmd/k8s/hooks.go +++ b/src/k8s/cmd/k8s/hooks.go @@ -66,6 +66,5 @@ func hookCheckLXD() func(*cobra.Command, []string) { "https://documentation.ubuntu.com/canonical-kubernetes/latest/snap/howto/install/lxd/") } } - return } } From 8c0f665af1255b80e3a7478d67dec03b1159b5f0 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Tue, 15 Oct 2024 16:14:50 +0200 Subject: [PATCH 046/122] Enable bodyclose linter (#729) --- .golangci.yml | 18 +++++++++--------- src/k8s/pkg/client/snapd/refresh_status.go | 1 + src/k8s/pkg/utils/certificate.go | 1 + 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 3920409b8..84cc5a516 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -10,17 +10,12 @@ linters: disable-all: true enable: - gosimple + - asasalint + - asciicheck + - bidichk + - bodyclose # TODO(ben): Enable those linters step by step and fix existing issues. -# - errcheck -# - govet -# - ineffassign -# - staticcheck -# - unused -# - asasalint -# - asciicheck -# - bidichk -# - bodyclose # - canonicalheader # - containedctx # - contextcheck @@ -33,6 +28,7 @@ linters: # - dupword # - durationcheck # - err113 +# - errcheck # - errchkjson # - errname # - errorlint @@ -63,9 +59,11 @@ linters: # - goprintffuncname # - gosec # - gosmopolitan +# - govet # - grouper # - importas # - inamedparam +# - ineffassign # - interfacebloat # - intrange # - ireturn @@ -98,6 +96,7 @@ linters: # - sloglint # - spancheck # - sqlclosecheck +# - staticcheck # - stylecheck # - tagalign # - tagliatelle @@ -109,6 +108,7 @@ linters: # - tparallel # - unconvert # - unparam +# - unused # - usestdlibvars # - varnamelen # - wastedassign diff --git a/src/k8s/pkg/client/snapd/refresh_status.go b/src/k8s/pkg/client/snapd/refresh_status.go index e2feb37a7..b78b287a3 100644 --- a/src/k8s/pkg/client/snapd/refresh_status.go +++ b/src/k8s/pkg/client/snapd/refresh_status.go @@ -17,6 +17,7 @@ func (c *Client) GetRefreshStatus(changeID string) (*types.RefreshStatus, error) if err != nil { return nil, fmt.Errorf("failed to get snapd change status: %w", err) } + defer resp.Body.Close() resBody, err := io.ReadAll(resp.Body) if err != nil { diff --git a/src/k8s/pkg/utils/certificate.go b/src/k8s/pkg/utils/certificate.go index 68067ea55..2cf5fd93a 100644 --- a/src/k8s/pkg/utils/certificate.go +++ b/src/k8s/pkg/utils/certificate.go @@ -85,6 +85,7 @@ func GetRemoteCertificate(address string) (*x509.Certificate, error) { if err != nil { return nil, err } + defer resp.Body.Close() // Retrieve the certificate if resp.TLS == nil || len(resp.TLS.PeerCertificates) == 0 { From 610393f7996c1ed98211aadd9c3d73857df7787a Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Tue, 15 Oct 2024 18:26:38 +0200 Subject: [PATCH 047/122] Enable "Canonical Headers" linter (#730) Rename the worker headers for this to pass. --- .golangci.yml | 2 +- src/k8s/pkg/k8sd/api/endpoints.go | 2 +- src/k8s/pkg/k8sd/api/worker.go | 4 ++-- src/k8s/pkg/k8sd/app/hooks_bootstrap.go | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 84cc5a516..9a99ac6e3 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -14,9 +14,9 @@ linters: - asciicheck - bidichk - bodyclose + - canonicalheader # TODO(ben): Enable those linters step by step and fix existing issues. -# - canonicalheader # - containedctx # - contextcheck # - copyloopvar diff --git a/src/k8s/pkg/k8sd/api/endpoints.go b/src/k8s/pkg/k8sd/api/endpoints.go index f4a02e02c..69a9753a4 100644 --- a/src/k8s/pkg/k8sd/api/endpoints.go +++ b/src/k8s/pkg/k8sd/api/endpoints.go @@ -85,7 +85,7 @@ func (e *Endpoints) Endpoints() []rest.Endpoint { Post: rest.EndpointAction{ Handler: e.postWorkerInfo, AllowUntrusted: true, - AccessHandler: ValidateWorkerInfoAccessHandler("worker-name", "worker-token"), + AccessHandler: ValidateWorkerInfoAccessHandler("Worker-Name", "Worker-Token"), }, }, // Certificates diff --git a/src/k8s/pkg/k8sd/api/worker.go b/src/k8s/pkg/k8sd/api/worker.go index d6d4bb8db..d030ba31b 100644 --- a/src/k8s/pkg/k8sd/api/worker.go +++ b/src/k8s/pkg/k8sd/api/worker.go @@ -26,7 +26,7 @@ func (e *Endpoints) postWorkerInfo(s state.State, r *http.Request) response.Resp } // Existence of this header is already checked in the access handler. - workerName := r.Header.Get("worker-name") + workerName := r.Header.Get("Worker-Name") nodeIP := net.ParseIP(req.Address) if nodeIP == nil { return response.BadRequest(fmt.Errorf("failed to parse node IP address %s", req.Address)) @@ -63,7 +63,7 @@ func (e *Endpoints) postWorkerInfo(s state.State, r *http.Request) response.Resp return response.InternalError(fmt.Errorf("failed to retrieve list of known kube-apiserver endpoints: %w", err)) } - workerToken := r.Header.Get("worker-token") + workerToken := r.Header.Get("Worker-Token") if err := s.Database().Transaction(r.Context(), func(ctx context.Context, tx *sql.Tx) error { return database.DeleteWorkerNodeToken(ctx, tx, workerToken) }); err != nil { diff --git a/src/k8s/pkg/k8sd/app/hooks_bootstrap.go b/src/k8s/pkg/k8sd/app/hooks_bootstrap.go index 2e35b9be6..9e1b05798 100644 --- a/src/k8s/pkg/k8sd/app/hooks_bootstrap.go +++ b/src/k8s/pkg/k8sd/app/hooks_bootstrap.go @@ -120,8 +120,8 @@ func (a *App) onBootstrapWorkerNode(ctx context.Context, s state.State, encodedT if err != nil { return fmt.Errorf("failed to prepare HTTP request: %w", err) } - httpRequest.Header.Add("worker-name", s.Name()) - httpRequest.Header.Add("worker-token", token.Secret) + httpRequest.Header.Add("Worker-Name", s.Name()) + httpRequest.Header.Add("Worker-Token", token.Secret) httpResponse, err := httpClient.Do(httpRequest) if err != nil { From af047cefff9fb1a69b3ab8eb2381fadf6a382ebb Mon Sep 17 00:00:00 2001 From: Nick Veitch Date: Wed, 16 Oct 2024 12:35:15 +0100 Subject: [PATCH 048/122] Update sphinx (#712) * import starter pack * create ck8s * update local build * update config and build tools * fix worldlist and linter * remove pre-build * correct metric path * fix requirements * rm init file * rm wordlits * fix metrics scripts * fix spelling --- .gitignore | 2 + docs/README.md | 19 +- docs/canonicalk8s/.gitignore | 15 + docs/canonicalk8s/.markdownlint.json | 16 + docs/canonicalk8s/.readthedocs.yaml | 40 + docs/canonicalk8s/.sphinx/_static/404.svg | 13 + docs/canonicalk8s/.sphinx/_static/custom.css | 392 ++++++++++ docs/canonicalk8s/.sphinx/_static/favicon.png | Bin 0 -> 2258 bytes docs/canonicalk8s/.sphinx/_static/footer.css | 47 ++ docs/canonicalk8s/.sphinx/_static/footer.js | 12 + .../.sphinx/_static/furo_colors.css | 89 +++ .../.sphinx/_static/github_issue_links.css | 24 + .../.sphinx/_static/github_issue_links.js | 34 + .../.sphinx/_static/header-nav.js | 10 + docs/canonicalk8s/.sphinx/_static/header.css | 167 +++++ docs/canonicalk8s/.sphinx/_static/tag.png | Bin 0 -> 6781 bytes docs/canonicalk8s/.sphinx/_templates/404.html | 17 + .../canonicalk8s/.sphinx/_templates/base.html | 12 + .../.sphinx/_templates/footer.html | 131 ++++ .../.sphinx/_templates/header.html | 36 + .../canonicalk8s/.sphinx/_templates/page.html | 49 ++ .../.sphinx/_templates/sidebar/search.html | 7 + .../.sphinx/build_requirements.py | 127 ++++ docs/canonicalk8s/.sphinx/fonts/Ubuntu-B.ttf | Bin 0 -> 333612 bytes docs/canonicalk8s/.sphinx/fonts/Ubuntu-R.ttf | Bin 0 -> 353824 bytes docs/canonicalk8s/.sphinx/fonts/Ubuntu-RI.ttf | Bin 0 -> 386440 bytes .../.sphinx/fonts/UbuntuMono-B.ttf | Bin 0 -> 191400 bytes .../.sphinx/fonts/UbuntuMono-R.ttf | Bin 0 -> 205748 bytes .../.sphinx/fonts/UbuntuMono-RI.ttf | Bin 0 -> 210216 bytes .../.sphinx/fonts/ubuntu-font-licence-1.0.txt | 96 +++ docs/canonicalk8s/.sphinx/get_vale_conf.py | 41 ++ .../.sphinx/images/Canonical-logo-4x.png | Bin 0 -> 163254 bytes .../.sphinx/images/front-page-light.pdf | Bin 0 -> 9676 bytes .../.sphinx/images/front-page.png | Bin 0 -> 75868 bytes .../.sphinx/images/normal-page-footer.pdf | Bin 0 -> 5532 bytes .../.sphinx/latex_elements_template.txt | 119 +++ docs/canonicalk8s/.sphinx/pa11y.json | 9 + docs/canonicalk8s/.sphinx/spellingcheck.yaml | 30 + docs/canonicalk8s/.wokeignore | 4 + docs/canonicalk8s/LICENSE | 694 ++++++++++++++++++ docs/canonicalk8s/Makefile | 31 + docs/canonicalk8s/Makefile.sp | 156 ++++ docs/canonicalk8s/conf.py | 252 +++++++ docs/canonicalk8s/custom_conf.py | 227 ++++++ docs/canonicalk8s/make.bat | 35 + .../metrics/scripts/build_metrics.sh | 14 + .../metrics/scripts/source_metrics.sh | 64 ++ docs/canonicalk8s/reuse/links.txt | 4 + docs/canonicalk8s/reuse/substitutions.yaml | 6 + docs/canonicalk8s/src | 1 + docs/src/.custom_wordlist.txt | 66 ++ docs/src/.wordlist.txt | 56 ++ docs/tools/.sphinx/_static/404.svg | 13 + docs/tools/.sphinx/_static/custom.css | 91 ++- docs/tools/.sphinx/_static/footer.css | 47 ++ docs/tools/.sphinx/_static/footer.js | 12 + docs/tools/.sphinx/_static/furo_colors.css | 20 +- .../.sphinx/_static/github_issue_links.js | 3 +- docs/tools/.sphinx/_templates/404.html | 17 + docs/tools/.sphinx/_templates/footer.html | 28 +- docs/tools/.sphinx/build_requirements.py | 127 ++++ docs/tools/.sphinx/fonts/Ubuntu-B.ttf | Bin 0 -> 333612 bytes docs/tools/.sphinx/fonts/Ubuntu-R.ttf | Bin 0 -> 353824 bytes docs/tools/.sphinx/fonts/Ubuntu-RI.ttf | Bin 0 -> 386440 bytes docs/tools/.sphinx/fonts/UbuntuMono-B.ttf | Bin 0 -> 191400 bytes docs/tools/.sphinx/fonts/UbuntuMono-R.ttf | Bin 0 -> 205748 bytes docs/tools/.sphinx/fonts/UbuntuMono-RI.ttf | Bin 0 -> 210216 bytes .../.sphinx/fonts/ubuntu-font-licence-1.0.txt | 96 +++ docs/tools/.sphinx/get_vale_conf.py | 41 ++ .../.sphinx/images/Canonical-logo-4x.png | Bin 0 -> 163254 bytes .../tools/.sphinx/images/front-page-light.pdf | Bin 0 -> 9676 bytes docs/tools/.sphinx/images/front-page.png | Bin 0 -> 75868 bytes .../.sphinx/images/normal-page-footer.pdf | Bin 0 -> 5532 bytes .../tools/.sphinx/latex_elements_template.txt | 119 +++ docs/tools/.sphinx/pa11y.json | 9 + docs/tools/.sphinx/requirements.txt | 13 +- docs/tools/Makefile | 124 +--- docs/tools/Makefile.sp | 156 ++++ docs/tools/conf.py | 145 +++- docs/tools/conf.py-old | 150 ++++ docs/tools/custom_conf.py | 37 +- docs/tools/make.bat | 35 + docs/tools/metrics/scripts/build_metrics.sh | 14 + docs/tools/metrics/scripts/source_metrics.sh | 64 ++ 84 files changed, 4368 insertions(+), 157 deletions(-) create mode 100644 docs/canonicalk8s/.gitignore create mode 100644 docs/canonicalk8s/.markdownlint.json create mode 100644 docs/canonicalk8s/.readthedocs.yaml create mode 100644 docs/canonicalk8s/.sphinx/_static/404.svg create mode 100644 docs/canonicalk8s/.sphinx/_static/custom.css create mode 100644 docs/canonicalk8s/.sphinx/_static/favicon.png create mode 100644 docs/canonicalk8s/.sphinx/_static/footer.css create mode 100644 docs/canonicalk8s/.sphinx/_static/footer.js create mode 100644 docs/canonicalk8s/.sphinx/_static/furo_colors.css create mode 100644 docs/canonicalk8s/.sphinx/_static/github_issue_links.css create mode 100644 docs/canonicalk8s/.sphinx/_static/github_issue_links.js create mode 100644 docs/canonicalk8s/.sphinx/_static/header-nav.js create mode 100644 docs/canonicalk8s/.sphinx/_static/header.css create mode 100644 docs/canonicalk8s/.sphinx/_static/tag.png create mode 100644 docs/canonicalk8s/.sphinx/_templates/404.html create mode 100644 docs/canonicalk8s/.sphinx/_templates/base.html create mode 100644 docs/canonicalk8s/.sphinx/_templates/footer.html create mode 100644 docs/canonicalk8s/.sphinx/_templates/header.html create mode 100644 docs/canonicalk8s/.sphinx/_templates/page.html create mode 100644 docs/canonicalk8s/.sphinx/_templates/sidebar/search.html create mode 100644 docs/canonicalk8s/.sphinx/build_requirements.py create mode 100644 docs/canonicalk8s/.sphinx/fonts/Ubuntu-B.ttf create mode 100644 docs/canonicalk8s/.sphinx/fonts/Ubuntu-R.ttf create mode 100644 docs/canonicalk8s/.sphinx/fonts/Ubuntu-RI.ttf create mode 100644 docs/canonicalk8s/.sphinx/fonts/UbuntuMono-B.ttf create mode 100644 docs/canonicalk8s/.sphinx/fonts/UbuntuMono-R.ttf create mode 100644 docs/canonicalk8s/.sphinx/fonts/UbuntuMono-RI.ttf create mode 100644 docs/canonicalk8s/.sphinx/fonts/ubuntu-font-licence-1.0.txt create mode 100644 docs/canonicalk8s/.sphinx/get_vale_conf.py create mode 100644 docs/canonicalk8s/.sphinx/images/Canonical-logo-4x.png create mode 100644 docs/canonicalk8s/.sphinx/images/front-page-light.pdf create mode 100644 docs/canonicalk8s/.sphinx/images/front-page.png create mode 100644 docs/canonicalk8s/.sphinx/images/normal-page-footer.pdf create mode 100644 docs/canonicalk8s/.sphinx/latex_elements_template.txt create mode 100644 docs/canonicalk8s/.sphinx/pa11y.json create mode 100644 docs/canonicalk8s/.sphinx/spellingcheck.yaml create mode 100644 docs/canonicalk8s/.wokeignore create mode 100644 docs/canonicalk8s/LICENSE create mode 100644 docs/canonicalk8s/Makefile create mode 100644 docs/canonicalk8s/Makefile.sp create mode 100644 docs/canonicalk8s/conf.py create mode 100644 docs/canonicalk8s/custom_conf.py create mode 100644 docs/canonicalk8s/make.bat create mode 100755 docs/canonicalk8s/metrics/scripts/build_metrics.sh create mode 100755 docs/canonicalk8s/metrics/scripts/source_metrics.sh create mode 100644 docs/canonicalk8s/reuse/links.txt create mode 100644 docs/canonicalk8s/reuse/substitutions.yaml create mode 120000 docs/canonicalk8s/src create mode 100644 docs/src/.custom_wordlist.txt create mode 100644 docs/src/.wordlist.txt create mode 100644 docs/tools/.sphinx/_static/404.svg create mode 100644 docs/tools/.sphinx/_static/footer.css create mode 100644 docs/tools/.sphinx/_static/footer.js create mode 100644 docs/tools/.sphinx/_templates/404.html create mode 100644 docs/tools/.sphinx/build_requirements.py create mode 100644 docs/tools/.sphinx/fonts/Ubuntu-B.ttf create mode 100644 docs/tools/.sphinx/fonts/Ubuntu-R.ttf create mode 100644 docs/tools/.sphinx/fonts/Ubuntu-RI.ttf create mode 100644 docs/tools/.sphinx/fonts/UbuntuMono-B.ttf create mode 100644 docs/tools/.sphinx/fonts/UbuntuMono-R.ttf create mode 100644 docs/tools/.sphinx/fonts/UbuntuMono-RI.ttf create mode 100644 docs/tools/.sphinx/fonts/ubuntu-font-licence-1.0.txt create mode 100644 docs/tools/.sphinx/get_vale_conf.py create mode 100644 docs/tools/.sphinx/images/Canonical-logo-4x.png create mode 100644 docs/tools/.sphinx/images/front-page-light.pdf create mode 100644 docs/tools/.sphinx/images/front-page.png create mode 100644 docs/tools/.sphinx/images/normal-page-footer.pdf create mode 100644 docs/tools/.sphinx/latex_elements_template.txt create mode 100644 docs/tools/.sphinx/pa11y.json create mode 100644 docs/tools/Makefile.sp create mode 100644 docs/tools/conf.py-old create mode 100644 docs/tools/make.bat create mode 100755 docs/tools/metrics/scripts/build_metrics.sh create mode 100755 docs/tools/metrics/scripts/source_metrics.sh diff --git a/.gitignore b/.gitignore index 8c7172b67..896206d59 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,5 @@ k8s_*.txt /docs/tools/.sphinx/.wordlist.dic /docs/tools/.sphinx/.doctrees/ /docs/tools/.sphinx/node_modules +/docs/tools/.sphinx/styles/* +/docs/tools/.sphinx/vale.ini diff --git a/docs/README.md b/docs/README.md index 9c51c5e0f..f1af97305 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,6 +1,7 @@ # K8s snap documentation -This part of the repository contains the tools and the source for generating documentation for the Canonical Kubernetes snap. +This part of the repository contains the tools and the source for generating +documentation for the Canonical Kubernetes snap. The directories are organised like this: @@ -11,16 +12,20 @@ The directories are organised like this: ├── README.md ├── src │ ├──{source files for the docs} -└── tools - ├──{sphinx build tools for creating the docs} +├── canonicalk8s +│ ├──{sphinx build tools for creating the docs for Canonical K8s} +├── moonray +│ ├──{sphinx build tools for creating the docs for Canonical K8s} ``` ## Building the docs -This documentation uses the /tools/Makefile to generate HTML docs from the sources. -This can also run specific local tests such as spelling and linkchecking. +This documentation uses the /canonicalk8s/Makefile to generate HTML docs from +the sources. This can also run specific local tests such as spelling and +linkchecking. ## Contributing to the docs -Contributions to this documentation are welcome. Generally these follow the same -rules and process as other contributions - modify the docs source and submit a PR. \ No newline at end of file +Contributions to this documentation are welcome. Generally these follow the +same rules and process as other contributions - modify the docs source and +submit a PR. diff --git a/docs/canonicalk8s/.gitignore b/docs/canonicalk8s/.gitignore new file mode 100644 index 000000000..25a54f038 --- /dev/null +++ b/docs/canonicalk8s/.gitignore @@ -0,0 +1,15 @@ +/*env*/ +.sphinx/venv/ +.sphinx/requirements.txt +.sphinx/warnings.txt +.sphinx/.wordlist.dic +.sphinx/.doctrees/ +.sphinx/node_modules/ +package*.json +_build +.DS_Store +__pycache__ +.idea/ +.vscode/ +.sphinx/styles/* +.sphinx/vale.ini \ No newline at end of file diff --git a/docs/canonicalk8s/.markdownlint.json b/docs/canonicalk8s/.markdownlint.json new file mode 100644 index 000000000..7c2088dbd --- /dev/null +++ b/docs/canonicalk8s/.markdownlint.json @@ -0,0 +1,16 @@ +{ + "default": false, + "MD003": { "style": "atx" }, + "MD013": { "code_blocks": false, "tables": false, "stern": true, "line_length": 80}, + "MD014": true, + "MD018": true, + "MD022": true, + "MD023": true, + "MD026": { "punctuation": ".,;。,;"}, + "MD031": { "list_items": false}, + "MD032": true, + "MD035": true, + "MD042": true, + "MD045": true, + "MD052": true +} diff --git a/docs/canonicalk8s/.readthedocs.yaml b/docs/canonicalk8s/.readthedocs.yaml new file mode 100644 index 000000000..c6319b57f --- /dev/null +++ b/docs/canonicalk8s/.readthedocs.yaml @@ -0,0 +1,40 @@ +# .readthedocs.yaml +# Read the Docs configuration file +# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details + +# Required +version: 2 + +# Set the version of Python and other tools you might need +build: + os: ubuntu-22.04 + tools: + python: "3.12" + jobs: + post_checkout: + # Cancel building pull requests when there aren't changed in the docs directory or YAML file. + # + # https://docs.readthedocs.io/en/latest/build-customization.html#cancel-build-based-on-a-condition + # If there are no changes (git diff exits with 0) we force the command to return with 183. + # This is a special exit code on Read the Docs that will cancel the build immediately. + - | + if [ "$READTHEDOCS_VERSION_TYPE" = "external" ] && git diff --quiet origin/main -- docs/ .readthedocs.yaml; + then + exit 183; + fi + + +# Build documentation in the docs/ directory with Sphinx +sphinx: + builder: dirhtml + configuration: docs/canonicalk8s/conf.py + +# If using Sphinx, optionally build your docs in additional formats such as PDF +formats: + - pdf + +# Optionally declare the Python requirements required to build your docs +python: + install: + - requirements: docs/canonicalk8s/.sphinx/requirements.txt + diff --git a/docs/canonicalk8s/.sphinx/_static/404.svg b/docs/canonicalk8s/.sphinx/_static/404.svg new file mode 100644 index 000000000..b353cd339 --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_static/404.svg @@ -0,0 +1,13 @@ + + + + + + + + + diff --git a/docs/canonicalk8s/.sphinx/_static/custom.css b/docs/canonicalk8s/.sphinx/_static/custom.css new file mode 100644 index 000000000..2b9e81fb1 --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_static/custom.css @@ -0,0 +1,392 @@ +/** + Ubuntu variable font definitions. + Based on https://github.com/canonical/vanilla-framework/blob/main/scss/_base_fontfaces.scss + + When font files are updated in Vanilla, the links to font files will need to be updated here as well. +*/ + +/* default font set */ +@font-face { + font-family: 'Ubuntu variable'; + font-stretch: 100%; /* min and max value for the width axis, expressed as percentage */ + font-style: normal; + font-weight: 100 800; /* min and max value for the weight axis */ + src: url('https://assets.ubuntu.com/v1/f1ea362b-Ubuntu%5Bwdth,wght%5D-latin-v0.896a.woff2') format('woff2-variations'); +} + +@font-face { + font-family: 'Ubuntu variable'; + font-stretch: 100%; /* min and max value for the width axis, expressed as percentage */ + font-style: italic; + font-weight: 100 800; /* min and max value for the weight axis */ + src: url('https://assets.ubuntu.com/v1/90b59210-Ubuntu-Italic%5Bwdth,wght%5D-latin-v0.896a.woff2') format('woff2-variations'); +} + +@font-face { + font-family: 'Ubuntu Mono variable'; + font-style: normal; + font-weight: 100 800; /* min and max value for the weight axis */ + src: url('https://assets.ubuntu.com/v1/d5fc1819-UbuntuMono%5Bwght%5D-latin-v0.869.woff2') format('woff2-variations'); +} + +/* cyrillic-ext */ +@font-face { + font-family: 'Ubuntu variable'; + font-stretch: 100%; /* min and max value for the width axis, expressed as percentage */ + font-style: normal; + font-weight: 100 800; /* min and max value for the weight axis */ + src: url('https://assets.ubuntu.com/v1/77cd6650-Ubuntu%5Bwdth,wght%5D-cyrillic-extended-v0.896a.woff2') format('woff2-variations'); + unicode-range: U+0460-052F, U+20B4, U+2DE0-2DFF, U+A640-A69F; +} + +/* cyrillic */ +@font-face { + font-family: 'Ubuntu variable'; + font-stretch: 100%; /* min and max value for the width axis, expressed as percentage */ + font-style: normal; + font-weight: 100 800; /* min and max value for the weight axis */ + src: url('https://assets.ubuntu.com/v1/2702fce5-Ubuntu%5Bwdth,wght%5D-cyrillic-v0.896a.woff2') format('woff2-variations'); + unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116; +} + +/* greek-ext */ +@font-face { + font-family: 'Ubuntu variable'; + font-stretch: 100%; /* min and max value for the width axis, expressed as percentage */ + font-style: normal; + font-weight: 100 800; /* min and max value for the weight axis */ + src: url('https://assets.ubuntu.com/v1/5c108b7d-Ubuntu%5Bwdth,wght%5D-greek-extended-v0.896a.woff2') format('woff2-variations'); + unicode-range: U+1F00-1FFF; +} + +/* greek */ +@font-face { + font-family: 'Ubuntu variable'; + font-stretch: 100%; /* min and max value for the width axis, expressed as percentage */ + font-style: normal; + font-weight: 100 800; /* min and max value for the weight axis */ + src: url('https://assets.ubuntu.com/v1/0a14c405-Ubuntu%5Bwdth,wght%5D-greek-v0.896a.woff2') format('woff2-variations'); + unicode-range: U+0370-03FF; +} + +/* latin-ext */ +@font-face { + font-family: 'Ubuntu variable'; + font-stretch: 100%; /* min and max value for the width axis, expressed as percentage */ + font-style: normal; + font-weight: 100 800; /* min and max value for the weight axis */ + src: url('https://assets.ubuntu.com/v1/19f68eeb-Ubuntu%5Bwdth,wght%5D-latin-extended-v0.896a.woff2') format('woff2-variations'); + unicode-range: U+0100-024F, U+1E00-1EFF, U+20A0-20AB, U+20AD-20CF, U+2C60-2C7F, U+A720-A7FF; +} + + +/** Define font-weights as per Vanilla + Based on: https://github.com/canonical/vanilla-framework/blob/main/scss/_base_typography-definitions.scss + + regular text: 400, + bold: 550, + thin: 300, + + h1: bold, + h2: 180; + h3: bold, + h4: 275, + h5: bold, + h6: regular +*/ + +/* default regular text */ +html { + font-weight: 400; +} + +/* heading specific definitions */ +h1, h3, h5 { font-weight: 550; } +h2 { font-weight: 180; } +h4 { font-weight: 275; } + +/* bold */ +.toc-tree li.scroll-current>.reference, +dl.glossary dt, +dl.simple dt, +dl:not([class]) dt { + font-weight: 550; +} + + +/** Table styling **/ + +th.head { + text-transform: uppercase; + font-size: var(--font-size--small); + text-align: initial; +} + +table.align-center th.head { + text-align: center +} + +table.docutils { + border: 0; + box-shadow: none; + width:100%; +} + +table.docutils td, table.docutils th, table.docutils td:last-child, table.docutils th:last-child, table.docutils td:first-child, table.docutils th:first-child { + border-right: none; + border-left: none; +} + +/* Allow to centre text horizontally in table data cells */ +table.align-center { + text-align: center !important; +} + +/** No rounded corners **/ + +.admonition, code.literal, .sphinx-tabs-tab, .sphinx-tabs-panel, .highlight { + border-radius: 0; +} + +/** Admonition styling **/ + +.admonition { + border-top: 1px solid #d9d9d9; + border-right: 1px solid #d9d9d9; + border-bottom: 1px solid #d9d9d9; +} + +/** Color for the "copy link" symbol next to headings **/ + +a.headerlink { + color: var(--color-brand-primary); +} + +/** Line to the left of the current navigation entry **/ + +.sidebar-tree li.current-page { + border-left: 2px solid var(--color-brand-primary); +} + +/** Some tweaks for Sphinx tabs **/ + +[role="tablist"] { + border-bottom: 1px solid var(--color-sidebar-item-background--hover); +} + +.sphinx-tabs-tab[aria-selected="true"], .sd-tab-set>input:checked+label{ + border: 0; + border-bottom: 2px solid var(--color-brand-primary); + font-weight: 400; + font-size: 1rem; + color: var(--color-brand-primary); +} + +body[data-theme="dark"] .sphinx-tabs-tab[aria-selected="true"] { + background: var(--color-background-primary); + border-bottom: 2px solid var(--color-brand-primary); +} + +button.sphinx-tabs-tab[aria-selected="false"]:hover, .sd-tab-set>input:not(:checked)+label:hover { + border-bottom: 2px solid var(--color-foreground-border); +} + +button.sphinx-tabs-tab[aria-selected="false"]{ + border-bottom: 2px solid var(--color-background-primary); +} + +body[data-theme="dark"] .sphinx-tabs-tab { + background: var(--color-background-primary); +} + +.sphinx-tabs-tab, .sd-tab-set>label{ + color: var(--color-brand-primary); + font-family: var(--font-stack); + font-weight: 400; + font-size: 1rem; + padding: 1em 1.25em .5em +} + +.sphinx-tabs-panel { + border: 0; + border-bottom: 1px solid var(--color-sidebar-item-background--hover); + background: var(--color-background-primary); + padding: 0.75rem 0 0.75rem 0; +} + +body[data-theme="dark"] .sphinx-tabs-panel { + background: var(--color-background-primary); +} + +/** A tweak for issue #190 **/ + +.highlight .hll { + background-color: var(--color-highlighted-background); +} + + +/** Custom classes to fix scrolling in tables by decreasing the + font size or breaking certain columns. + Specify the classes in the Markdown file with, for example: + ```{rst-class} break-col-4 min-width-4-8 + ``` +**/ + +table.dec-font-size { + font-size: smaller; +} +table.break-col-1 td.text-left:first-child { + word-break: break-word; +} +table.break-col-4 td.text-left:nth-child(4) { + word-break: break-word; +} +table.min-width-1-15 td.text-left:first-child { + min-width: 15em; +} +table.min-width-4-8 td.text-left:nth-child(4) { + min-width: 8em; +} + +/** Underline for abbreviations **/ + +abbr[title] { + text-decoration: underline solid #cdcdcd; +} + +/** Use the same style for right-details as for left-details **/ +.bottom-of-page .right-details { + font-size: var(--font-size--small); + display: block; +} + +/** Version switcher */ +button.version_select { + color: var(--color-foreground-primary); + background-color: var(--color-toc-background); + padding: 5px 10px; + border: none; +} + +.version_select:hover, .version_select:focus { + background-color: var(--color-sidebar-item-background--hover); +} + +.version_dropdown { + position: relative; + display: inline-block; + text-align: right; + font-size: var(--sidebar-item-font-size); +} + +.available_versions { + display: none; + position: absolute; + right: 0px; + background-color: var(--color-toc-background); + box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.2); + z-index: 11; +} + +.available_versions a { + color: var(--color-foreground-primary); + padding: 12px 16px; + text-decoration: none; + display: block; +} + +.available_versions a:hover {background-color: var(--color-sidebar-item-background--current)} + +/** Suppress link underlines outside on-hover **/ +a { + text-decoration: none; +} + +a:hover, a:visited:hover { + text-decoration: underline; +} + +.show {display:block;} + +/** Fix for nested numbered list - the nested list is lettered **/ +ol.arabic ol.arabic { + list-style: lower-alpha; +} + +/** Make expandable sections look like links **/ +details summary { + color: var(--color-link); +} + +/** Fix the styling of the version box for readthedocs **/ + +#furo-readthedocs-versions .rst-versions, #furo-readthedocs-versions .rst-current-version, #furo-readthedocs-versions:focus-within .rst-current-version, #furo-readthedocs-versions:hover .rst-current-version { + background: var(--color-sidebar-item-background--hover); +} + +.rst-versions .rst-other-versions dd a { + color: var(--color-link); +} + +#furo-readthedocs-versions:focus-within .rst-current-version .fa-book, #furo-readthedocs-versions:hover .rst-current-version .fa-book, .rst-versions .rst-other-versions { + color: var(--color-sidebar-link-text); +} + +.rst-versions .rst-current-version { + color: var(--color-version-popup); + font-weight: bolder; +} + +/* Code-block copybutton invisible by default + (overriding Furo config to achieve default copybutton setting). */ +.highlight button.copybtn { + opacity: 0; +} + +/* Mimicking the 'Give feedback' button for UX consistency */ +.sidebar-search-container input[type=submit] { + color: #FFFFFF; + border: 2px solid #D6410D; + padding: var(--sidebar-search-input-spacing-vertical) var(--sidebar-search-input-spacing-horizontal); + background: #D6410D; + font-weight: bold; + font-size: var(--font-size--small); + cursor: pointer; +} + +.sidebar-search-container input[type=submit]:hover { + text-decoration: underline; +} + +/* Make inline code the same size as code blocks */ +p code.literal { + border: 0; + font-size: var(--code-font-size); +} + +/* Use the general admonition font size for inline code */ +.admonition p code.literal { + font-size: var(--admonition-font-size); +} + +.highlight .s, .highlight .s1, .highlight .s2 { + color: #3F8100; +} + +.highlight .o { + color: #BB5400; +} + +.rubric > .hclass2 { + display: block; + font-size: 2em; + border-radius: .5rem; + font-weight: 300; + line-height: 1.25; + margin-top: 1.75rem; + margin-right: -0.5rem; + margin-bottom: 0.5rem; + margin-left: -0.5rem; + padding-left: .5rem; + padding-right: .5rem; +} \ No newline at end of file diff --git a/docs/canonicalk8s/.sphinx/_static/favicon.png b/docs/canonicalk8s/.sphinx/_static/favicon.png new file mode 100644 index 0000000000000000000000000000000000000000..7f175e4617695f752022d2671a0f97fa95bfd895 GIT binary patch literal 2258 zcmZ{lc|6mPAICp7%w3UVp(MxT*yhYVXRb*j4aLln#hep4H@+(7Oqin_QSKbckz;;B z%25eL%jE0IeMC8b`t$e4@9}=T-_OV6^?E%2e#hHbU*_dH!vz2Uueq5q=9m(HmxKNI z28D%f9fS3j0oninYE!uPUD^JYZe|!X0EEc^0QnyP*gcNO^8gTx0Dzx30MMcVfUtjF z%T=A@f*o&p*%&zbI|Xge(~lDf$sBD0nd27ak%L`%S$!-(M$L^4?66%KSzrCcXP`aN zLmELsaM@(>AiV4=0V@z1lT%|vHMT5vehCr;6=j57|8)XZZuje%@IL2(K-h2`rsQ^s z5=OohD2uC$d%*O$!!MhhGWKQew}Q&%7G5Tme63S)8~^^(_xVr!r$TGx`N1}oys`&wj8M&n(&&WLVzdBqI&`yc9DyG9PlV!A+XjRmLg z)kJk%>nP|5;j?C;{0cr4$L0(^JypO+g6hwiFE?yzI8(7U34%Fg6btl zqIgT8yJWU_O@DSh2^zqFh)GNem$Hg=`t+3|qO{4d9CqC0)!>JujE3KIz^)g3cyTtM z_&()A+hUYMni_G%Ss@n=!+OloskcL{ zt;rqW2=Ky5g#8E26M3LP&~=1xk`j3@?ySM*eW<-YTVbc981j?^{UT> zuYlV5!s-el%<$0Au~~S}D&@?(6XSIYR!4t)UIgI7j1X=#kbWyK8NCMW*R07t3Qy`+ z#Fu>hQ6DnJU=C~$b~VJ zxmpga*5D)d>hq?l_Z}GLVm>u1I=B5}dU~tnjdXk?n>4eWS%*8s?o^Z19Oa9$;G$B& zofYbUtl%VEBo#$pcc`Gu*>Sr)PDth`VKp_OG29zBPA zT0E!05#yVAzw)OtE24~I?c<{6^9-*fkd6`y6q>lF*YC=NeE>(A2@&7WS^ck{Z!zMJ zWXg<6PprCceEXImP6%#5dlXyRS>v9zplK$3gq)MU#YJERVNvmku4cV2ka13TTI{7Q zJSYWvP67DlR6HT`LqUdRAaUuY3tw7eowIZ>#&u(+dBO_*_{#~JFUOtg->hBWOZb;$lA^wCX|!_mx&ZR5u@9i)z+a{5I_Mb-Z)QDd$W3d|r4m5e6b4h3JvnV` zxo{{#gJY>S`*gLa5H1{e`l8?0yLJ6Qr^~Ri+E%Fk%^2@;OxpPZVJ^Q4)XM?rDVqky zE$zCbW%yFt)3eE8kMdhmn_5OxeFdlDQIQ3Qzzwi{phuK1kut_T6z=jRuog2n#^i>7 z>Qj-P7H|+jA?JD5Sep^MzMYdSLIx_P!l^kCoU1H(kASAFSp9pYYBseuuMOV5H*Ywa zOc_hi^TXxbC?VoFL*FCP?^#^njAaD2v`1FD&<+zlVpWuHeJL`w?@3G@;+)AtPXhK_ zKsz`*vo(Lm$p=)=q|)>3R;&+ZiEy3hovb7f&V7e-TXI?PUMAltzrR{fd%1#>L5nLE zWrcUI^)1UbXNVKJyoZ)umqwubo6iH>WOgD*F20iQH_mSEirHQ{``~fOsca)T%XH6@ zj_WI=itgsUw)HFCkx#?)k#^==guP)E-7ZAFP`N)|oxD6X<=J1vsg1gQsKP4Rc5 zJk~Agll(QcvhuPQuN;Tu=b+Rpd%>1Ty{X%=AruRl$`>o&)ga{@VKHoT4k2t!WQEMb~V8h@oyGcv`>& zIHqlWT^Cmo)jT@modF|kx8t{X)?oR3Qa~CGRTI}t&K7>cy>WNSLn1!pU`p&db?bK4 z;y|F^Ohg{>T4y-bhz}IJVIIPx%Jn3XBZ#`E0WUvwv+sR*FJ+4OuY=M?wCsNZwK|sK z2kOTA|9CkcMQ@B~+2fjmGZ!1ehY!C8UiQ3-M>kbQ6p1U5t;l?_D?|ANK3g{ZwBafu zq6W6m@o>=6RS`2TU)C#8(H%|MRGw5y3hbTjwbSZzJhMm=DkB1bNtS&t3`z)8X2lR=1 z!kf(_N%g+coYXpXvctxpgIuW#ix%CZ(xLK1YRJPYpV1ozvn@CW!phe*7kIQI>L`CI zZf=Kh2hKfH1j965G9;ttHi|9WxFZuj=^5G^u6U%46&cH^GZ>M^xt!A-T1WBgM=aTI zYBc4=>ygJ#Uz%isCAqtjJha>bJ&pk=Ba~GXkw`^l4LhW=mMT&UsVnulJ7yz}&>zxY`gG^IwYM0!IJ< literal 0 HcmV?d00001 diff --git a/docs/canonicalk8s/.sphinx/_static/footer.css b/docs/canonicalk8s/.sphinx/_static/footer.css new file mode 100644 index 000000000..a0a1db454 --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_static/footer.css @@ -0,0 +1,47 @@ +.display-contributors { + color: var(--color-sidebar-link-text); + cursor: pointer; +} +.all-contributors { + display: none; + z-index: 55; + list-style: none; + position: fixed; + top: 0; + bottom: 0; + left: 0; + right: 0; + width: 200px; + height: 200px; + overflow-y: scroll; + margin: auto; + padding: 0; + background: var(--color-background-primary); + scrollbar-color: var(--color-foreground-border) transparent; + scrollbar-width: thin; +} + +.all-contributors li:hover { + background: var(--color-sidebar-item-background--hover); + width: 100%; +} + +.all-contributors li a{ + color: var(--color-sidebar-link-text); + padding: 1rem; + display: inline-block; +} + +#overlay { + position: fixed; + display: none; + width: 100%; + height: 100%; + top: 0; + left: 0; + right: 0; + bottom: 0; + background-color: rgba(0,0,0,0.5); + z-index: 2; + cursor: pointer; +} diff --git a/docs/canonicalk8s/.sphinx/_static/footer.js b/docs/canonicalk8s/.sphinx/_static/footer.js new file mode 100644 index 000000000..9a08b1e99 --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_static/footer.js @@ -0,0 +1,12 @@ +$(document).ready(function() { + $(document).on("click", function () { + $(".all-contributors").hide(); + $("#overlay").hide(); + }); + + $('.display-contributors').click(function(event) { + $('.all-contributors').toggle(); + $("#overlay").toggle(); + event.stopPropagation(); + }); +}) diff --git a/docs/canonicalk8s/.sphinx/_static/furo_colors.css b/docs/canonicalk8s/.sphinx/_static/furo_colors.css new file mode 100644 index 000000000..4cfdbe7bf --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_static/furo_colors.css @@ -0,0 +1,89 @@ +body { + --color-code-background: #f8f8f8; + --color-code-foreground: black; + --code-font-size: 1rem; + --font-stack: Ubuntu variable, Ubuntu, -apple-system, Segoe UI, Roboto, Oxygen, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif; + --font-stack--monospace: Ubuntu Mono variable, Ubuntu Mono, Consolas, Monaco, Courier, monospace; + --color-foreground-primary: #111; + --color-foreground-secondary: var(--color-foreground-primary); + --color-foreground-muted: #333; + --color-background-secondary: #FFF; + --color-background-hover: #f2f2f2; + --color-brand-primary: #111; + --color-brand-content: #06C; + --color-api-background: #E3E3E3; + --color-inline-code-background: rgba(0,0,0,.03); + --color-sidebar-link-text: #111; + --color-sidebar-item-background--current: #ebebeb; + --color-sidebar-item-background--hover: #f2f2f2; + --toc-font-size: var(--font-size--small); + --color-admonition-title-background--note: var(--color-background-primary); + --color-admonition-title-background--tip: var(--color-background-primary); + --color-admonition-title-background--important: var(--color-background-primary); + --color-admonition-title-background--caution: var(--color-background-primary); + --color-admonition-title--note: #24598F; + --color-admonition-title--tip: #24598F; + --color-admonition-title--important: #C7162B; + --color-admonition-title--caution: #F99B11; + --color-highlighted-background: #EBEBEB; + --color-link-underline: var(--color-link); + --color-link-underline--hover: var(--color-link); + --color-link-underline--visited: var(--color-link--visited); + --color-link-underline--visited--hover: var(--color-link--visited); + --color-version-popup: #772953; +} + +@media not print { + body[data-theme="dark"] { + --color-code-background: #202020; + --color-code-foreground: #d0d0d0; + --color-foreground-secondary: var(--color-foreground-primary); + --color-foreground-muted: #CDCDCD; + --color-background-secondary: var(--color-background-primary); + --color-background-hover: #666; + --color-brand-primary: #fff; + --color-brand-content: #69C; + --color-sidebar-link-text: #f7f7f7; + --color-sidebar-item-background--current: #666; + --color-sidebar-item-background--hover: #333; + --color-admonition-background: transparent; + --color-admonition-title-background--note: var(--color-background-primary); + --color-admonition-title-background--tip: var(--color-background-primary); + --color-admonition-title-background--important: var(--color-background-primary); + --color-admonition-title-background--caution: var(--color-background-primary); + --color-admonition-title--note: #24598F; + --color-admonition-title--tip: #24598F; + --color-admonition-title--important: #C7162B; + --color-admonition-title--caution: #F99B11; + --color-highlighted-background: #666; + --color-version-popup: #F29879; + } + @media (prefers-color-scheme: dark) { + body:not([data-theme="light"]) { + --color-api-background: #A4A4A4; + --color-code-background: #202020; + --color-code-foreground: #d0d0d0; + --color-foreground-secondary: var(--color-foreground-primary); + --color-foreground-muted: #CDCDCD; + --color-background-secondary: var(--color-background-primary); + --color-background-hover: #666; + --color-brand-primary: #fff; + --color-brand-content: #69C; + --color-sidebar-link-text: #f7f7f7; + --color-sidebar-item-background--current: #666; + --color-sidebar-item-background--hover: #333; + --color-admonition-background: transparent; + --color-admonition-title-background--note: var(--color-background-primary); + --color-admonition-title-background--tip: var(--color-background-primary); + --color-admonition-title-background--important: var(--color-background-primary); + --color-admonition-title-background--caution: var(--color-background-primary); + --color-admonition-title--note: #24598F; + --color-admonition-title--tip: #24598F; + --color-admonition-title--important: #C7162B; + --color-admonition-title--caution: #F99B11; + --color-highlighted-background: #666; + --color-link: #F9FCFF; + --color-version-popup: #F29879; + } + } +} diff --git a/docs/canonicalk8s/.sphinx/_static/github_issue_links.css b/docs/canonicalk8s/.sphinx/_static/github_issue_links.css new file mode 100644 index 000000000..db166ed95 --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_static/github_issue_links.css @@ -0,0 +1,24 @@ +.github-issue-link-container { + padding-right: 0.5rem; +} +.github-issue-link { + font-size: var(--font-size--small); + font-weight: bold; + background-color: #D6410D; + padding: 13px 23px; + text-decoration: none; +} +.github-issue-link:link { + color: #FFFFFF; +} +.github-issue-link:visited { + color: #FFFFFF +} +.muted-link.github-issue-link:hover { + color: #FFFFFF; + text-decoration: underline; +} +.github-issue-link:active { + color: #FFFFFF; + text-decoration: underline; +} diff --git a/docs/canonicalk8s/.sphinx/_static/github_issue_links.js b/docs/canonicalk8s/.sphinx/_static/github_issue_links.js new file mode 100644 index 000000000..f0706038b --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_static/github_issue_links.js @@ -0,0 +1,34 @@ +// if we already have an onload function, save that one +var prev_handler = window.onload; + +window.onload = function() { + // call the previous onload function + if (prev_handler) { + prev_handler(); + } + + const link = document.createElement("a"); + link.classList.add("muted-link"); + link.classList.add("github-issue-link"); + link.text = "Give feedback"; + link.href = ( + github_url + + "/issues/new?" + + "title=docs%3A+TYPE+YOUR+QUESTION+HERE" + + "&body=*Please describe the question or issue you're facing with " + + `"${document.title}"` + + ".*" + + "%0A%0A%0A%0A%0A" + + "---" + + "%0A" + + `*Reported+from%3A+${location.href}*` + ); + link.target = "_blank"; + + const div = document.createElement("div"); + div.classList.add("github-issue-link-container"); + div.append(link) + + const container = document.querySelector(".article-container > .content-icon-container"); + container.prepend(div); +}; diff --git a/docs/canonicalk8s/.sphinx/_static/header-nav.js b/docs/canonicalk8s/.sphinx/_static/header-nav.js new file mode 100644 index 000000000..3608576e0 --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_static/header-nav.js @@ -0,0 +1,10 @@ +$(document).ready(function() { + $(document).on("click", function () { + $(".more-links-dropdown").hide(); + }); + + $('.nav-more-links').click(function(event) { + $('.more-links-dropdown').toggle(); + event.stopPropagation(); + }); +}) diff --git a/docs/canonicalk8s/.sphinx/_static/header.css b/docs/canonicalk8s/.sphinx/_static/header.css new file mode 100644 index 000000000..0b9440903 --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_static/header.css @@ -0,0 +1,167 @@ +.p-navigation { + border-bottom: 1px solid var(--color-sidebar-background-border); +} + +.p-navigation__nav { + background: #333333; + display: flex; +} + +.p-logo { + display: flex !important; + padding-top: 0 !important; + text-decoration: none; +} + +.p-logo-image { + height: 44px; + padding-right: 10px; +} + +.p-logo-text { + margin-top: 18px; + color: white; + text-decoration: none; +} + +ul.p-navigation__links { + display: flex; + list-style: none; + margin-left: 0; + margin-top: auto; + margin-bottom: auto; + max-width: 800px; + width: 100%; +} + +ul.p-navigation__links li { + margin: 0 auto; + text-align: center; + width: 100%; +} + +ul.p-navigation__links li a { + background-color: rgba(0, 0, 0, 0); + border: none; + border-radius: 0; + color: var(--color-sidebar-link-text); + display: block; + font-weight: 400; + line-height: 1.5rem; + margin: 0; + overflow: hidden; + padding: 1rem 0; + position: relative; + text-align: left; + text-overflow: ellipsis; + transition-duration: .1s; + transition-property: background-color, color, opacity; + transition-timing-function: cubic-bezier(0.215, 0.61, 0.355, 1); + white-space: nowrap; + width: 100%; +} + +ul.p-navigation__links .p-navigation__link { + color: #ffffff; + font-weight: 300; + text-align: center; + text-decoration: none; +} + +ul.p-navigation__links .p-navigation__link:hover { + background-color: #2b2b2b; +} + +ul.p-navigation__links .p-dropdown__link:hover { + background-color: var(--color-sidebar-item-background--hover); +} + +ul.p-navigation__links .p-navigation__sub-link { + background: var(--color-background-primary); + padding: .5rem 0 .5rem .5rem; + font-weight: 300; +} + +ul.p-navigation__links .more-links-dropdown li a { + border-left: 1px solid var(--color-sidebar-background-border); + border-right: 1px solid var(--color-sidebar-background-border); +} + +ul.p-navigation__links .more-links-dropdown li:first-child a { + border-top: 1px solid var(--color-sidebar-background-border); +} + +ul.p-navigation__links .more-links-dropdown li:last-child a { + border-bottom: 1px solid var(--color-sidebar-background-border); +} + +ul.p-navigation__links .p-navigation__logo { + padding: 0.5rem; +} + +ul.p-navigation__links .p-navigation__logo img { + width: 40px; +} + +ul.more-links-dropdown { + display: none; + overflow-x: visible; + height: 0; + z-index: 55; + padding: 0; + position: relative; + list-style: none; + margin-bottom: 0; + margin-top: 0; +} + +.nav-more-links::after { + background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='16' height='16'%3E%3Cpath fill='%23111' d='M8.187 11.748l6.187-6.187-1.06-1.061-5.127 5.127L3.061 4.5 2 5.561z'/%3E%3C/svg%3E"); + background-position: center; + background-repeat: no-repeat; + background-size: contain; + content: ""; + display: block; + filter: invert(100%); + height: 1rem; + pointer-events: none; + position: absolute; + right: 1rem; + text-indent: calc(100% + 10rem); + top: calc(1rem + 0.25rem); + width: 1rem; +} + +.nav-ubuntu-com { + display: none; +} + +@media only screen and (min-width: 480px) { + ul.p-navigation__links li { + width: 100%; + } + + .nav-ubuntu-com { + display: inherit; + } +} + +@media only screen and (max-width: 800px) { + .nav-more-links { + margin-left: auto !important; + padding-right: 2rem !important; + width: 8rem !important; + } +} + +@media only screen and (min-width: 800px) { + ul.p-navigation__links li { + width: 100% !important; + } +} + +@media only screen and (min-width: 1310px) { + ul.p-navigation__links { + margin-left: calc(50% - 41em); + } +} diff --git a/docs/canonicalk8s/.sphinx/_static/tag.png b/docs/canonicalk8s/.sphinx/_static/tag.png new file mode 100644 index 0000000000000000000000000000000000000000..f6f6e5aa4bc55fb934c973726b10a0efc92445a8 GIT binary patch literal 6781 zcmeHM`8!nY{~uI}N+nyC>7i13l#&!Nin5iZQ9cYt$P{JBGS-zSs5rVXiZ0&Yb()@ArMbU(5T1o0;hE6FMRUfk5^d z8tB~yM;-*i_iFbp@a^7s1sxprxEok`LLkD2wm*E|$FXb(e zcDjDjtItlI?cv`u(#)Mv!p3bxaeJ{5DVt<|H&pX0qL~w_CvDHpD&ck?iIZPcBT?i~ z`dzvcy+=G!xOTVZJU^vvN&KZl~&2lD)w9M=o>#X+- zxpXm*gx`F(*3bZb5wCV2?gE)uUB6RrYJa=wvBNaQLlJb*J#CEe=MHSWYv-`??I*9lmCDD|I_lnyB!|y?3ZHD_Ef63l=8cwA)Vp|IR|c{4jAP8;2jH&85k7hjk{oF zp{wYU%9>}Zb3z+;Ek~=eCul5>lUAMq3I^i1E5U2HBf5FHP_8eg9}hn*R>Io4>_ffM zu{1xk-|hWwvLxYXu#?b?d`SpzJdXHoYx&J)>?df2aNg7xWgO35BV;Yaare3nnpqlC zFikGua4Ltb?7Y~eS`qYs@Uw?>_0NauoZpE&7WM->mYZgz?l4aeN=%Yd(60FnsS?M`!f)%+-c1X=rIQN_4DHQVF8quI1NgYvtK0A9Ma566h z;axGVe%34*ulKn2+t9M>fp+vESNFdMDAd)yx`XAn4@xHppWj@Xjn2I(0w6b$Snf=V_se0uQdQdd-sd zRgX!z4*r-XhT7qqsBd5bW@sG6^o{cCF>5%PS@RrC56yZRP2z`OAo?oUTVN%;?4+-u zsAiPdm5verK+*50!W7FcmBUQb2yU!A zC|GPc$vb7&iK`v82c_{X#niyx8#z@m^vdw1KEwn?W@_!a!^;@bsnH{9*R;q7Z=zaZ zyIUDz!a1r{?rdM|ccr@(luCT`yJSz>WaX*hr?`U6rX-szuuk z*NAUici1fwb81Z9n@xA~+SnH^$C+WVg}{W|{g&REPYQhIINSKT_ms~Zcy~Z5-913m zri~$c*dWK}r@lB0vHu@m{Xo^p-|onflxDtOm=>$vAwI*yY+B``ycxW zfrpYf(ZD!K2byP<`5?-?oTW&p5yi0$6-DcbDhu?ay-R}2&7UwE^L_b?(XuadS*PL z#m;9Z6zd;pbcXd}_;)Out_O!Fy^W&dn-f<~SF0^F_z~|svi=d-`m~OM=(CIB?WlP{ zU`@9*xu{(!s5JSxpdH1NtO-MQ7T!bo9bA4RA$6rZiVl76$k6OIHMjQv(A)PA?VYVW zzw4EC6z@P2$5fS(U?nhlh96*qD^3G8nq`oFZ7YC9&a}$7K3B!t?S)ex+(P zQXSPEvrD1)0Ou}#Jw68Ek}Y2$N9~wSJLuS4>3e@kvo;~wH++~;NPaTzZREw^o&pZIx84pw@YmBA_w&qV${T&k799(ksn)kD>jFu3`qMlEP-eN~b zmv6&a9P=C=0H!(>f59;&54vFdDVr*$H-)gglqxZtd_-kwlzXAJ7@rl7@C;B*amIMd z7ax=$NDBmJql6jjsb|Xxq2ws%q}8D&;wqee_G)+pHTt!a@EUyBT1EBMjfKJ@`^{cq zfTT&*`NIQ7t#%40u`+CIl@`}>8VWyH`x+yCY6f; zgGSfuQkmEE7&@HyPHS;r85ftb31(I{&jX?2(bp0^JQJ)$lfLK42-q`xo z#GDYw7bZZ}7lS5SH<3zt7p`zD|<6hhpYaQawHy zx$R3;Rj3fO<9YX5B-Set>Y)Ut*Zin5vhrL}Zt5Z5DuujDT49P3$ zj)(qYN(3lXFEnw+Jn5}XJ*8X@PtG7mX5{iCt%kGOfyVc+hhEzZy`DK0<8qvBui?4S zVjo8$thQbe{znB>sy9CdfE{cKpEW=om@6S{Er2{8o>mlloK`)DzFD)$)%!hit-sPL zC{FSWNn4YSX%c{~xq>YVZUbQZ4l1MRsc!~0ucJ%GErhe&{LTU&Z4=vnaDU``hO0tC zEl6VXRIqJ3E(uKFrxO%FIgGm1lVG}ZSvi?_R6{%0%UdSb`KpVTcg~Xyv5U)57dSyS z?F{K(Ak|XojB%636)nQ)YxNueRF^gQ9;gvw(tcgn&(Rh>2CuqOJFr4PuPj4om8W0b z{7XY4x_(ehTYi*({(C_wIxiok0Wh3Cklf5#FmAhQd^ajq%9tn`m{|NZ)XO`gE=(@11(tNDS>4E;@KWk}D z7HqEX&!hgY1JJlSmc63;n1G^F5y)qDfAkA~DFRJ{6}HU^-)Cb1GkH9mu7%y4)p3Sb z4;$po)STO7N56z!)P6C{_~g1A`aj3dy5wg| z{iL%h1oo8f(YH?m;9vQa1if!vUMFAV-o;nmZGtY}00E5g`8E{{idv<>}Rt=#|i{*%ZH@8_s5t7TT{IoAU`ibWP^B z7^C1Rv5B23V@uNB^i=n`;yWNpe)EuLLLyN|=(;(y!3yCn6OP{~8m=iZ>~1s=dYsUC zxxj>Tt7?gSf}0?2@GT8C5%f7p`fctf_tjhN)T0RkLLxC9f2d~betd&hmZTYpbo{AT zH_O*cY;(bs9Mk7AVWZszm$xu0UvU>jb9FSjgmJs_Ez-8;u{!c@Dv=O37a z=}D%IVilCo9&n@9i_o5xkZ+A9@%GSQapY%{-h{Uny|ptlaXeoQUfTuZ87-}}n}ZJt zM1sgtdodk(v($G=ya4@464)oEO zsJdPbLyY)-$gRL`|6jM8))^Qi%yQ$5cWu7Sj%QyV7IldDDx?^>MUz=!YopRRs6Kh@ z>-p@;ND1!VW0B%?%O_S@g556JncuVV23mJK7xPoZ$M#saia;n--2BFg3x#EW3`U#| z49FEYClRvvf(!QP{rQ}Hi{4`CdRnGN8fxUu^;8C*z3XJUhXSvSX;`TqER!); zACQLTxrpJ^c;aoL0dD9UEk-2qGVbJUnpe7)u2|tu!KVOS7XF5L2dEM)It%GuR9%Z+ z#r(BJFQx^#NcQ0BoScUg@kx#FGY@7`<-rC{Jg-Zdsi|i`Hq`u;t@Q5{N$L z7c&aOm9lfu2QtXk0NC~*NJ)Pq-&)OR^I=n2G&FA+axrIDnWRA8)X?X1Y5?gB2IG*M zRIx%@CBWg5bw-10C7&@#eET9iDE9XHO&ASh@bLG+izfs}wG@oA&!a9yO-P)~WbJun=+$Ac4`UMz>dQMs+ zv+3M(|02!R>i^oUsJai0_^Jofa*G(>}kkT_TclgzO62VchwZN`(qEOFCToXq@L>T@W6H7yWd!?=}9ZA$LL$}5KYvtBD_T6GpmdED(} z7=Bp!k^F@;(VgN^0nTJ_SKfPlA*Mllst~OV!*^d-o_`?~O_R%UUr5ai!^6M?5gVkt zw5iX7wS{Sl<`#16e4ZvuzII#=Kvp2&zV4B$zp-vk{Q$={wrnyHlYnmK7CV?tB_WE9 z1m8^vxt_3I}3 zDRGNxO(Bp${DhpIHRX)VyNI+%#UH#6+U8j}9zifZKMcB2rJ@myBrtC`B_+7@^*zkS z12GutA-K!5jmLd)y|o?ndc0-dx{ba{+N45D*q$8KE{Vwti;2*c;ipvMYUb()HdBVJ zN(5OKT7!3K6H<`st51LAGx*j&{@S9AcL~OP_0#N*?DB!+?B5YER|d`NfXd0hH@@$J zJQuuCvbj|q7Z6a%lt1Tn48C5HBudNxtH*GE@TvXO&}nK3-Ks;o6pZP!DnV*PQqE+Q z{n-r^!|ko0Oq%Drfzqr0IxK1YgJ0iBML_+HlS#6vkJ^6AKFyyLc)Hy2-l=yn+CAm$ zp_UF2J0-0xf%SuSFB=mm*%xJBx0}zfKIIjv9fsonod}CEN zbSSN>c4eoo5z2YzQ=Ls@)?KAcHjY>Lhn3t4H9e}KVM~}_RmTY;^}qI!_OEYbt&PqQ zYC|bezz4JO>^sK7UP)XIzGM@|8~H=7T|jF2O$m--{s=w=RkE@LUB^r*w1_@tY6{Mw z_(A>OTHXQdMU8X%g>n-ls3oLZ(9poWj7?MX_6 z>3OCIs}tO|etk4L6S;_E>8Bz~o&V_I+xqDOjYG7JPZhLSOqT0(c%G~du#IO(XUf+f z;8rWf9&9aBm#${o65s`X+FX!sN=2*XQNQaw`!h<>U;9|UOdkANCiG=slJNe{fgNjf z0i8*FN^OyA*mGH(pcsMr=E@!MmhQhdbSX&k*Q=Qzp|f#W+DDIZUATpd^EG#U{RDr+ zD!P}1SB>T?c#8omML}YQj!tZBQd9g*dH<3BDL4nKGIA??OeKBPd>UB^b@7PCC4u7F zJ!13R6Yc%0l^O^9FJ(!tJTjTVcOeLoYXvA5NTY0&o4}1Q#grPwr6lJih>V19p~a*5 zY{%M{5rnrCjlxyH*fp%y4RZr^uJ1J_>yXJB@ZJ+;>fs$8#i0@sOH%6Q`U-k&A_Jy8 zirUt;Gq1X|e)a}I=+RsS&|FVp>7UotUgXk7t*~?90b3mhC18*`*0k}j1gwnWD${bd z#&zP-(>W{jozhy`m+6V(si7-sHMqpD+n7wAXrDK*Z3FxCh_{seoH^BDa~6pU@|6u` z8k$BgL64uuW@vw*EY0I0!S!Z^rUrwaJlR1*BCm5|jkmlMC8;KeQ*CV*87Ss~?AL5? zbhXHIddQnuiz<`AkJq&3lD@d*n#I=3CQAr1Vh+i|Acvt;*Le;v3$y?nXr&-_JtkYA zccs}Jnnwtje2pkFIS9o8gzSAAS5e2oq{Ix|u}NX>-(Hifex=`4x-Lm?xPO}*fWlTN zkPK-IBxY`*HaJ#}{YG4qPg6K0IU|J5+fSofcHZCiBayO@6^hA^pNlVwWJ^8`M%O*d z|)w(D+% z^3HBIEI^-P5iL6R5{Dwt$LcsHpXFwvVoY59dZp*8W6Vh2kka9xHU3|NVja`vu%1W( zC)v(K)Ct-HF&YfmGkK-zM;s5EeHe(itG@f>G&ygYY;I?J6;Q(QH^0taPKyAZ`G~-` zAVGV2NA2WtE#HsInQaR_U=$i68!X|Rb{w^m!rMEvzp+;^*!rM>-BtZLrR@#`>-Ct3 z9JVM;5~r(F{r5#w&p4lq^UMg}S#1i@_&pW)d7$usn{;2dg(&(iPH3sc(kT|n_|_pB z3-CW8QOhUs(dMx;HID3C+t#{$AY*=6;6e*gp=c0ax9*%u=3XguVBad3`T|C21lH6I z9ii+~#Qeytys`AdqGg-18{ zOM2XrGO#OIfB8`jpY|JA?SrCT!%Ym?+r5M~V6PR3{0mnqTzgR{jbdUWMW}uGGq`UX z9ShNWMuUpS|F{D$J|WFTnFZ5Nn*nH6frSH5d*FA<9;00g{<}zWHi29FPyM#?O>JX{ zjUsHDz_^E}bIUZmD>U)8k8AB0G`!1i_YFU`jHXv^uL-t#{q0@N;FXN}{7=Tlv1KDZ zn!W=tDH>WK&1c)+A+orjEl{x+QJ)i!pdq4i?b&BO`|uNp+z?ks{s#BMGmncTKC`x} zhXmff7&L0DDDHZ6q>YUCCFU#iH^ z_*Yc`d&lbc%C7{1XOZt5_$?M%H{kOu;d|-MN6N|G;Xj|bMj_$}1p}72}hHU-crKi=yrrlDevrmM=1JS;nSRzYBoyHf*ULzZlD?P{E4sj6b!b zU&`x)>h2uXn1#I)y@7oL2y}zNURzbu#PqZanJTdR?1Yz(+ZpwZfOS?L3I#iHU|ip3 zpQvpWm$NISK~YXB{j-*ShA3D_Ak;2bp`f(Q^SCQ~JjFflC_F_onCm6X6t|)L1oC5U zFKAH#viJH>R8ck_{W*P%7R1guhkarPkY2t;w5y#T%-jLAE13~)u9C2P(SIA00Af+R zZWJh#lG3`b9o}gz3_~sCF&`D3k+_>`URGxRxWa#0z#Eo-$?Jm=U+}(NYBhi7TC7~; uQGMpg^`IwacBQr9q>cZpFE{3ReE)IZw-U<<8UpW=AcogX^op+8Kl>kb6xxdb literal 0 HcmV?d00001 diff --git a/docs/canonicalk8s/.sphinx/_templates/404.html b/docs/canonicalk8s/.sphinx/_templates/404.html new file mode 100644 index 000000000..4cb2d50d3 --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_templates/404.html @@ -0,0 +1,17 @@ +{% extends "page.html" %} + +{% block content -%} +
+

Page not found

+
+
+
+ {{ body }} +
+
+ Penguin with a question mark +
+
+
+
+{%- endblock content %} diff --git a/docs/canonicalk8s/.sphinx/_templates/base.html b/docs/canonicalk8s/.sphinx/_templates/base.html new file mode 100644 index 000000000..33081547c --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_templates/base.html @@ -0,0 +1,12 @@ +{% extends "furo/base.html" %} + +{% block theme_scripts %} + +{% endblock theme_scripts %} + +{# ru-fu: don't include the color variables from the conf.py file, but use a + separate CSS file to save space #} +{% block theme_styles %} +{% endblock theme_styles %} diff --git a/docs/canonicalk8s/.sphinx/_templates/footer.html b/docs/canonicalk8s/.sphinx/_templates/footer.html new file mode 100644 index 000000000..6839f0154 --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_templates/footer.html @@ -0,0 +1,131 @@ +{# ru-fu: copied from Furo, with modifications as stated below. Modifications are marked 'mod:'. #} + +
+ {# mod: Per-page navigation #} + {% if meta %} + {% if 'sequential_nav' in meta %} + {% set sequential_nav = meta.sequential_nav %} + {% endif %} + {% endif %} + {# mod: Conditional wrappers to control page navigation buttons #} + {% if sequential_nav != "none" -%} + {% if next and (sequential_nav == "next" or sequential_nav == "both") -%} + +
+
+ {{ _("Next") }} +
+
{{ next.title }}
+
+ + + {%- endif %} + {% if prev and (sequential_nav == "prev" or sequential_nav == "both") -%} + + +
+
+ {{ _("Previous") }} +
+ {% if prev.link == pathto(root_doc) %} +
{{ _("Home") }}
+ {% else %} +
{{ prev.title }}
+ {% endif %} +
+ + {%- endif %} + {%- endif %} +
+
+
+ {%- if show_copyright %} +
+ {%- if hasdoc('copyright') %} + {% trans path=pathto('copyright'), copyright=copyright|e -%} + Copyright © {{ copyright }} + {%- endtrans %} + {%- else %} + {% trans copyright=copyright|e -%} + Copyright © {{ copyright }} + {%- endtrans %} + {%- endif %} +
+ {%- endif %} + + {# mod: removed "Made with" #} + + {%- if last_updated -%} +
+ {% trans last_updated=last_updated|e -%} + Last updated on {{ last_updated }} + {%- endtrans -%} +
+ {%- endif %} + + {%- if show_source and has_source and sourcename %} +
+ Show source +
+ {%- endif %} +
+
+ {% if github_url and github_folder and pagename and page_source_suffix and display_contributors %} + {% set contributors = get_contribs(github_url, github_folder, pagename, page_source_suffix, display_contributors_since) %} + {% if contributors %} + {% if contributors | length > 1 %} + Thanks to the {{ contributors |length }} contributors! + {% else %} + Thanks to our contributor! + {% endif %} +
+ + {% endif %} + {% endif %} +
+
+ + {# mod: replaced RTD icons with our links #} + + {% if discourse %} +
+ Ask a question on Discourse +
+ {% endif %} + + {% if mattermost %} +
+ Ask a question on Mattermost +
+ {% endif %} + + {% if matrix %} +
+ Ask a question on Matrix +
+ {% endif %} + + {% if github_url and github_version and github_folder %} + + {% if github_issues %} +
+ Open a GitHub issue for this page +
+ {% endif %} + +
+ Edit this page on GitHub +
+ {% endif %} + + +
+
+ diff --git a/docs/canonicalk8s/.sphinx/_templates/header.html b/docs/canonicalk8s/.sphinx/_templates/header.html new file mode 100644 index 000000000..1a128b6f8 --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_templates/header.html @@ -0,0 +1,36 @@ + diff --git a/docs/canonicalk8s/.sphinx/_templates/page.html b/docs/canonicalk8s/.sphinx/_templates/page.html new file mode 100644 index 000000000..bda306109 --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_templates/page.html @@ -0,0 +1,49 @@ +{% extends "furo/page.html" %} + +{% block footer %} + {% include "footer.html" %} +{% endblock footer %} + +{% block body -%} + {% include "header.html" %} + {{ super() }} +{%- endblock body %} + +{% if meta and ((meta.discourse and discourse_prefix) or meta.relatedlinks) %} + {% set furo_hide_toc_orig = furo_hide_toc %} + {% set furo_hide_toc=false %} +{% endif %} + +{% block right_sidebar %} +
+ {% if not furo_hide_toc_orig %} +
+ + {{ _("Contents") }} + +
+
+
+ {{ toc }} +
+
+ {% endif %} + {% if meta and ((meta.discourse and discourse_prefix) or meta.relatedlinks) %} +
+ + Related links + +
+
+
+ {% if meta.discourse and discourse_prefix %} + {{ discourse_links(meta.discourse) }} + {% endif %} + {% if meta.relatedlinks %} + {{ related_links(meta.relatedlinks) }} + {% endif %} +
+
+ {% endif %} +
+{% endblock right_sidebar %} diff --git a/docs/canonicalk8s/.sphinx/_templates/sidebar/search.html b/docs/canonicalk8s/.sphinx/_templates/sidebar/search.html new file mode 100644 index 000000000..644a5ef6a --- /dev/null +++ b/docs/canonicalk8s/.sphinx/_templates/sidebar/search.html @@ -0,0 +1,7 @@ + + diff --git a/docs/canonicalk8s/.sphinx/build_requirements.py b/docs/canonicalk8s/.sphinx/build_requirements.py new file mode 100644 index 000000000..df6f149b4 --- /dev/null +++ b/docs/canonicalk8s/.sphinx/build_requirements.py @@ -0,0 +1,127 @@ +import sys + +sys.path.append('./') +from custom_conf import * + +# The file contains helper functions and the mechanism to build the +# .sphinx/requirements.txt file that is needed to set up the virtual +# environment. + +# You should not do any modifications to this file. Put your custom +# requirements into the custom_required_modules array in the custom_conf.py +# file. If you need to change this file, contribute the changes upstream. + +legacyCanonicalSphinxExtensionNames = [ + "youtube-links", + "related-links", + "custom-rst-roles", + "terminal-output" + ] + +def IsAnyCanonicalSphinxExtensionUsed(): + for extension in custom_extensions: + if (extension.startswith("canonical.") or + extension in legacyCanonicalSphinxExtensionNames): + return True + + return False + +def IsNotFoundExtensionUsed(): + return "notfound.extension" in custom_extensions + +def IsSphinxTabsUsed(): + for extension in custom_extensions: + if extension.startswith("sphinx_tabs."): + return True + + return False + +def AreRedirectsDefined(): + return ("sphinx_reredirects" in custom_extensions) or ( + ("redirects" in globals()) and \ + (redirects is not None) and \ + (len(redirects) > 0)) + +def IsOpenGraphConfigured(): + if "sphinxext.opengraph" in custom_extensions: + return True + + for global_variable_name in list(globals()): + if global_variable_name.startswith("ogp_"): + return True + + return False + +def IsMyStParserUsed(): + return ("myst_parser" in custom_extensions) or \ + ("custom_myst_extensions" in globals()) + +def DeduplicateExtensions(extensionNames: [str]): + extensionNames = dict.fromkeys(extensionNames) + resultList = [] + encounteredCanonicalExtensions = [] + + for extensionName in extensionNames: + if extensionName in legacyCanonicalSphinxExtensionNames: + extensionName = "canonical." + extensionName + + if extensionName.startswith("canonical."): + if extensionName not in encounteredCanonicalExtensions: + encounteredCanonicalExtensions.append(extensionName) + resultList.append(extensionName) + else: + resultList.append(extensionName) + + return resultList + +if __name__ == "__main__": + requirements = [ + "furo", + "pyspelling", + "sphinx", + "sphinx-autobuild", + "sphinx-copybutton", + "sphinx-design", + "sphinxcontrib-jquery", + "watchfiles", + "GitPython" + + ] + + requirements.extend(custom_required_modules) + + if IsAnyCanonicalSphinxExtensionUsed(): + requirements.append("canonical-sphinx-extensions") + + if IsNotFoundExtensionUsed(): + requirements.append("sphinx-notfound-page") + + if IsSphinxTabsUsed(): + requirements.append("sphinx-tabs") + + if AreRedirectsDefined(): + requirements.append("sphinx-reredirects") + + if IsOpenGraphConfigured(): + requirements.append("sphinxext-opengraph") + + if IsMyStParserUsed(): + requirements.append("myst-parser") + requirements.append("linkify-it-py") + + # removes duplicate entries + requirements = list(dict.fromkeys(requirements)) + requirements.sort() + + with open(".sphinx/requirements.txt", 'w') as requirements_file: + requirements_file.write( + "# DO NOT MODIFY THIS FILE DIRECTLY!\n" + "#\n" + "# This file is generated automatically.\n" + "# Add custom requirements to the custom_required_modules\n" + "# array in the custom_conf.py file and run:\n" + "# make clean && make install\n") + + for requirement in requirements: + requirements_file.write(requirement) + requirements_file.write('\n') diff --git a/docs/canonicalk8s/.sphinx/fonts/Ubuntu-B.ttf b/docs/canonicalk8s/.sphinx/fonts/Ubuntu-B.ttf new file mode 100644 index 0000000000000000000000000000000000000000..b173da27417c00101dff72617f9b9a2b80ecc8f3 GIT binary patch literal 333612 zcmeFacf4&^Rrfvj-sha%*4lgZvU@r0o^yLD5YPZgC;>tXp+g`E0fM1LLTCaPmELTB!lR5i{R8LU=iYbnzw*p;Dd77Q@ZEdd`_R$nKj24yZcOEmDD`0%-tlf1 z{nb~${l~`i{@$46Ymd0%;a7g{HdnvYm>ZsE%<3OM;;JW2;vYDq{nC$&sYaJxdD#_L zee#Z-_$Pxu9|u&pv6c=YER0p!Rd-tm=2UC&WK@d4B_O z=ThgT)c-l!^LwUM`v}i(Bj2mcYV~3>uRPH_KyBvUqW%CnsP9pAA8mgS{rs*u!2Lk= zPUb-6os@Aep6|x{sX3!EU3|QH2cFL|=hhxV9Pg_Swdv1Q9;L7RrP-?7V9qA)?CK`< zd(^YTHHUuRwe`;{x2Fw7{V8oYX#T}?EAL!5RnCJ> zf618ri`lm6Z#3IVUwN$AR3F5dl_#5(+J%gX+Hjs3)!t3p=yy53)OCPMb>`JG7eA~V zgkCi>sAlFKwE^S&5|dT$Ysc=W#@D`kis@G#W8WR&?s56hs|Q`qtWir_hwh^o4nI_YphSWpzoaPDA!8mti@kc|DJTqvDSE>c+r>J zSsu`MpLl7!;fv}kc(1WN$yIwa^=P~q>k}`=I^o*Kcz=)UcdPd&z8q_f_lcMISid#i zCti#AS7}mhPGd@1tz>{~_E(BenIvyKByfZ*S@T4a&Kjxg#`f zRqw|fIE(o(U3{JUg8M%~_XhXxaGyYjF88~0w{xI&XY&3u7{Od5&ByJ0WKPuX!25IQ z?z@{b4ukyW~(g!=68!<)MsA1xRANl<%+m^Tw|^gSG>F{ zZj-B+tGAG@IyAl7b>FcdnJoxSqrF z-J#>}n11yr^j|j~>&1xqHL2dl?5p;8e+Y~?5zdkJ%{OC4%Mv94}2uePiAhTq<@_#-=)UJM^JHE>EZ!w+^Jz;(*&86T*jWX7#|1^H@=Wd|O|7O0PPrFzbt4FwQUC?DU zG8e3Tit9YubbHqL3uylX&AF=;-i7>r9Q7Ubab zA9MdsnXkMrF|e|Sg$1Uax<`vM8LvNu<^}$rTm3XN?9jh2($5PSmlDg$b}ZMKviw`R zm)KPKkHrsbD~zM=uYrHKs((#=ucG{__>$*`AwR%J!pzDKO||k_Q%CM=RsVqtdCm6u zzNAHVs_ZU4QQJ>m$z$*2_w~fTo9h%V(ffI3O8yA^9Dt`Iu3J@plXA=Jq44Tmsq0GQ zOkKZ8n&oBdp?|f5@ZmifoA*I1x0OemXhpJSjWim2jo%A-7M6)dnxm3g z$zMC2_bTrXd4Dl7kJ9QQUo8eRC9gtvOGD+CY$Dl5^MW#Kmzsl;Q;ENzdY##>{RkdE zlk}^^iFaPX^=`Ahax3m1WUM4dNG`b$djAIV;GL9%Y*4!=boxhd@G-p8br&wlnm?fa zd-5zkV{oAAl8<$z*5g@n>QjhAPOK4M6UIK1`X$?+%GET(+M~GNiSkRCN%Dj0 zZ$fv;orRqIyP6BN=g}XqQ8I>YhuTA3d+qo;@a1W?&qvj+T1x%*<@asq<5ke+mHa-P z>&5&AqpG)MY<`FPQ|XIK{M&hdE86*E@?1_j=x+O7=nvo<@}yd=GD-ll*bsG$`2@4YyHLv_b>B&SL%E(<^3wpUnSq& zpviUIk8;0(a*-EnR}%Mm(k<`eE%ArOs0ywzAI`05PDnq2H>wx$JK+9A+6)iaarn47 zi?KN>`K!db@?PSHfbH?qxP7^e^kE21zyyy=J$ga z{~=zfUB+GQpl;QxIxD9w{+R2N%lUV<%C%)vUggu~nU$xT%W2b?23Fe|LlmD;zEFFwz8gQ+2>)GS>@n_IYQ z&qSwuoT;ol!ZcRy$aR*ft=yfw-=e-hUwogwow4lSr|92ras4^hA94M_USDTj{u5Kd zme8oamFxA?c|F(JwDqUBghwa2z@C-bTd4Qvsq=EvTsfC|A7{dnZnt!=ox1q9+K(2C zm4ndc_ZHvQc>R~x)2Qd2l>L0_c{KGL;rWix^Y7^&*WNgk^jy-3K092JafwYK>2$~S562NpkA`EBZd^y2%vZfQKq_bVSYD=Qx{mDP8c#_ID- zldHD+ZWFHNi|?;ywEe&7_sWOJ|1I)=n*47g|K;R=6ZvQ4=lU<(uQ|+B+l1FUCRnMn z=3HzZ3_b2@@6Sc{&dh_$ww`z=kEtCnE;Ki__ZfF3X1-r#9s`a)sPYWf^V6_PoVNH8 z*W0;1$@MQ>e`{qP^i%YfRpxep9Ck4n@Yu@FV{=&2p8Kusv(_A4<$K|`=H=t5^Oe+n z0DjDvYs@#~Z|9`6`ZnpmgdX%A?w_HL=OIUokU1_k52!h&!_}^RgE{zV`0TCB!S@}X zgLck59p1eHp1KEPdI3E31QV8XrY4?yKk;uO{#nFdLHyf@FL_S%m8?+cN(Z3vaP6(= zPG2#1c0b0N^f}YA*27Ar^8QMY`rE(JYE|C*g_qyhO!wT4H}dGT&S?)?&cHc*ZL?W9 zJ$0InUpW?^bG~z|(rUI|TB!uNlea$W=ht1=ddCy;-8_GC=gR#4=WJf>)efi6u{N%G-w~}`%9(!yPbtK_?K52gWmer)uf^DC8ef@`mHcK7<6w?ya4YUQZoL%Q9{ZnLd^JO0zQ z(%i=EDupO7I+sLL0cmap_c>b|-+U@;q7&Hu<{^^IEVRLZo{Hq<`d+<&@!q(;Vx$Qh-|L*?W`S7*R*v!%^AJuu?3)>gKO3t+1ft#N3tfcK+`_$bh zzTVmWse4D`W~=G!RJ=~Jb-VjAz^wx>aGRA%w%Lj)${SRUz4O@nUiLo6JLQFm^SswX z?F7#9FP{!Nn}?Gm^wLvrcU?g#abTt8Uk-uWp%Yr_J5cTXYvsLk|MbY~95;Qz%hSp^ z?frLhDu2~D-m5Qlg|5~+4 zR@c@lt2GFQ(>BKX%KMvVx}OcsH=k*I(KJkZ@gMBRC~O&rux(sI$A+%y@Z2$7!mjZa zKVt92C-iL?n2_htM2jDq$i#%PNeB}grY2qdyU9#Wn42CUb|%8U84wQ4kZ?%&12Zxs z!m$|>PRwNSeKR#v!kL*9&TY7E)_LAA8-$x?lW@!ITl^c=rJcq1%sw0Lm|dQC&Hlx| zn*BCBU=Hwn&>SK>WR4IXw&4+Tl;@-7l*M<=DK|?&e>S(Z;qA;%E&j>;l=*4GpSI!I=4_sCZ|*>N2OHke+>z&V z%sGqi7-VX~^UQgKcQSV(ytBE>;vdaj%v}lZYR)G--`tJxZZ^ETx%=YV<{mtM+gxDo zL3mFa-pgFT^S#YI3GYMr59Yq+UW>ms7n=JJ-p^b}c##e7Z|=wQ1I$H)547Qf%ma9S zuzBF(@61EYg9smL9=!Nl^Dx5yZ60nOLU^%x7~vz#LkS;g9!_|PxtQ=$^9aJr%p(_n zV;*HLA-vpNO897V8R26H|Jpp(Tuyj}c?{v>%wrdSWq!tnSDGt$e!O`c;S+55L~|w2 zPcn~R{H1xac>>{8=822HFh6UaMEDdNUTv=8`Kjh-39m6vA$*#-n(*o7sf%x!XV~zW z=4m`X%RHU%=WO_F^9-J!W1hMArg^S;7U41TbA-<`&nEnN^BlroFwb55x%owNjPUt3 ze1Z7|o?mFg7nxsN{F!;Nc|PGw%nJx#O8Ebpmzft5zTCWs@D=7Igs-&WtISJzezke| z;v42Q<`smmCHzzKI`c}x*PB-nzQMej@Qqlf|I}P-UPt&Q^LoNJn>P^t65;=2-eTTJ z_*Qf6;!n)m%$o?`Zr)7z4)aTd?=){&{IPkL4X-nAmS zK64%6`^~!vf0^))%m>VS2tR1vOZXvkJ>iGV`v^Z`ewpy2gnwv$#e9J9W9EZ|A2%N& z{8bx%!hB@$HS=rcR|sz~A0zyv4S${R56q{`#|b}eK0){y8-CW@!1L$KCl_BepEtiw z_!~C7(R_OG`{oPgGlXBXVSz-A#gBi2MCK<*^b;id2@?I^MIsl;;{T5_k))xY$V5Mp ziGCsz{eML!k{;Bw`cBJgH*KrSI96wIt)9}cT1nUH9iG)Se5+XmR*wj+)(}}8A-1|e zVkQ67%K4d<>T@f@_pHR;w=(&_%HcyRb&srcJ+>0{#LCZ8D<{vaR6Msb@Vb?FH>`ZS zX{FgME46N08FinPNO!FKxof4({Z_U-V5P@{R#rS@CBws38a!fdL^3>TzO?uX+S%_c zeixbO_XtljUt9b(+S%6$&oJLu{4cb#Z!W%!cJ^0`-$Fb4+r@91+n8@JzJzx6&x!FiI(;`8S0$|~XQEA7SS%pEH3;0e&b1KQ=Q|v+X z39)uAe%;)uGFyDo+_|#3xPh}e`v~t^Ik5PIIlpq0@NSjU7a!-m&#ejXQMv8nSJ>OR zJ>fko=Po{K?p3+V;v?qXmAfxKZ0=LJ*WyFwzLg6XA2b(M9i(fVuRW4q< z-`u})8Q}vek6ygbJg{=b;(F}6k6*kOEAdr}_n3!Np1OFqd1&Psi|fq8D$icL%RIdD zyu~}s#g*qT-eDe5dGX@y=8=_`FWzP@sl1x-(#q=>Z!wou-bDDQ%3Bw2HkVi4Mfm8- zdlzpqkEy(WaV@ss4=vtkuHXd58_nY?pIE%!{7mIji`SVeE1zAw);zv) zd}8Id7q2!?s{G#KRp!Z+uPt6_uB!aW;uYp+E8keW+&rc7t;I{t)s?>{d}`%y7cVi_ zRQ_@CV)L}hKQCTno?iJk!e>^nkfd46?=@CDU_i)V7e^C;nqs%I>o zVP0Il&Eo0iC7k4Vnt5sU_KR!G%c|!to@!oRz3bv?^NQ*{7C&oVS-m&mtE%@~TxDKe zec)|6Txs4|eIntt)vFdiW8PG~X7M=l z=IS#SSD0Voe92?YTdF_5c#L^#_4$NvtG;+~xp{l_<%>s|cT`_X_|EDZ7MGfLRo_f_ zUG;5?OU%2g?^-<4yr=q}#UspntG~Rs*j!)z@Z#a-ebtXG9%kNO{lwy-=9jCVT0F#j zp!&JRgUtu4H!dDzK2-fJ!Vgz}XYoMuk?QX+?r%O?{Tkt~RR3ggk@;Bl&ldMHAFqCs zvq8UF{j0@&%_rDryN~&`>bD7RsQ&ZfUgne4eW?_|`l;%V2|rz{E$(4HQ>!oT zZa!OUFYabOSL-g$H=nPCi@TcNsAY@0m>X;T#huL;YNN%S%ol5O!k^fQeqty3iJj;t zcB23Lb|TrY2m1b^y|u>1dTq6_)^5~RR@UmZl^TZb($#8uYB%cj#@brFUR!IdwdxH# zKN_t@v%a#rvbshh^6-!3D^2BCUFBD+&YkFbZMEKBTU+U_t+ZEa_4-QPS!u4WG@C`~ z@ z#q)mY8+GNa(R%_~UsDBZE7sGZB3X;tR2&7`;^-}2&nFgDUt=R}nPNrJDs@#P)uyB3 zsw+2lWVr=LC#kP0irIG4<3_`AMCiiZyeR#y;<&B0H8QI!qBRAqiCj23z^JUPL83;Z zxyrDwu0dZY)27diSDkmOs<*+I>p^Z6TGVSDHqV;%PP^4$Ff3u01hiz~wQX+G4vZ4l z*IfIi-D;{{TaxI!M?|tyAx%?NidT$0gV0=SQlRP=%En#j_Gw94LUtf+Tw>L~6iQNHN)@%!3ps|o$cvZ8V| z*J|pFN}-k}{n3Lcx>DSVf}lM;ZLQW?O?pG5CNvpVNwsv1Mq7MnCn?Qnv~em&j=fCn zbGAiTIaom)vvjQ%5MwCSPE<~XjNT~~L;WUU#t zxA?lr*%9WgFjVa(1+O(URmw7%Y%2`vsskl8;XoyLr=Yo-#>kQ!hNHK3hLC&({^8m7 zo7a@7DO;z@t3iFm(a&1lU1@=TfE!60^sYsft1V~@?$m8N>hxf>Ad6!MSiN4734-G6 ztW;esjVmox(bn1YdeZzW=9`^K>cgHZriVBd;6CnP75I!k&=ZSyD@7q~o6r^qC;$s5 zFl&)wnNI9z0YzRm>uyT`LCe?Zp57GGSmS8fY;DEsx^Ao9 zbwNjlVvimar5}!v%_0CVY~n`URY5jJcR96F&my6H2jjs>!@H~WoZgPBf7D&)^Py?8V*;s>W&_uc)=$QDB-wbSj$Y5Vwr~IIEoO@w!kRh zOm8TivOzZM)S}jMsfR#h78Nx9z1$vE|rb zBq+v}g!R=nGgS>+r5qaBY_6y?&_QtOG{`ET7Yi)8!QNW+mJXh*(scDj)K(9i)#Ed| z*#y)80tkoW7iT$&Zh}s24ut@0BCMP+5n?V~yDjW0f3+MTVBu^GKP@S#RB4W*qvLkF zo$el{)jJ&@=XquBPB*Z>mnDN%O|<|~Nsco#Z5If#4N{wUx7Qm%HUn8Ji*j6Ho?u(q zIJ75eVJ$!miJWU& zqfRg7Aqau9Ff6jPsasW3`H7A;iNnNfh36>K3GrGi<;AngyL7a9rP%-%gm`qVv7!Vm z_^i0Yzgo=co%NQ{%NX5VEhyH5Ct#ig5-nP8TOQ2g_f1`0On6eKsonZ`y4!m47% zlBu=gvlzDZyDh}Z0N1qdD0L!Ls3 zu(SXi99~i%<73|lOIB7Kak5%PFIuWZ0x1KoDS)78Nu;=T6WWP%mKgw7(E;+cTkY10 zOH9$NCcI%W4>qurQYnD%Uat#oRV@u<)~+iMWZ5SzePJ$>-u8x>>Zmo40)kSn?z(|< zbfVQ>TOnS2NGFJCpc&|9-Eo;r16v3|WgL|P4=xN-IAJ37t8|>>2)l}BXzohvFC8)D z6Sr6lu&K+GZU=z#x_dc2FARdv_shKe4)uGPUJ{zCp)IOywH>E(0_LfPN~`%Dw(=kxK+to^{#MJ zLgNYp-M>v_Far^{<`bG0i7Tx)budsaIw zE4ir)4tduQ1zCPpSf^-5lO9Oc!*#8EqhU}_aCWJpNlOSrn!qVu_dUlf(#W^>cnTie zi==TUc;#I>aD2t0Iq0pq(OgPs2noy_d6s;9!Ju>ye_~OP3Z|7ujEJ2M zDstM<>_Bh?2tW*)dai&$;se0Kn>I-#SI8lH!^=_Nd2TcGn6m)F3FKp-+YQNo9Bs8E zf`%l9rJ%TCgeJ^VoTyw9QR$^#SS`uM7X+pq$O#Pq7CcmE!D%&yj8@zN2_)g5h1(n0 zO|{H!-*c!Bpiv__QgP5}9DX*MotD$?be#_5vt^RUGC9Sni_|9ZK+6HkyXq9?S@lb7 zZ2LqdLOBMv)$Ae~>n#^k!EO1jW0_I-MSq31#A%UR>7WAIguLiDz_#d7a9>9PHl#jY zKEK7a)Y57DT^fdtu96_pN=r*7y`g^fMym<&NR9;j<6?{fCd8up3Ie%=UOJ)fpd0FD z9n;BbngzmGl*x#)wChlJ(Cq>wO(*Z1R_70%oLOR?*OoAgD0ef=Vl zYUQ=y05{<*42v!u4Y{37@S2<&fD^Y^51+{+#q+N8%Q#XX;2w9vJlIvtg#8ExL$Q~K z&sb>XmzZZ^=cJft#ex<@VKPZUK>y#vyyhO}m5{gA)Z%(l#~Me?RhF)sVV>O;%m@R5+Dqs!K%{s^Nkk%xV$>~=YNGV*$!h^>gEnH#kqjc*!U7#x{)4HC- z{-q;EsAow@rH~0~mMJ|yj>718&M?$j{5UQ%hf$U${9dM)g6(T)i{CDqu@4=}Ht}{j z8}!toE6vubElR>m*^m!!C^R5vqKLEgM5AOOfb(stBIVqib=wAR1uanY(IN$ zRmS&*57WVkj!uhU}xgX-j1y&NYDshYmwmqwYJ7ANKq7WhyeCt5=n z)(}k{jk|<)8q8>R5vN+KO`o1IZ@ZeqU|xgnF~W#Fs$w~x5Vcm5I1D?jB%lC>;)Fhn z$}PWJQd5|v#7--KXo^u-42no>=Qku&dOPPOC23|a2~27@qS@_Anz69QG*Fpo*d%>-d4|wH>~FvXzRtfD(QP4#YxTug&0F z?v<3jy6W>RoP!vxF2uKekX%NOWWy7QglnC4*zE|Ltan;S%m`wz0^fE~2#H82dU+k} zbT+poo=Rboh}gF0f<<{z#p{I3bo2tXlCg4EnQp3*pVAnF&l($;w76@5XC@%exLw2v zk`O^B)IsK&Zq{iBK|2O?8dpemWn8ygXqg%$IWSSO&eC5hd5t7wHzPvcPLik2=4EuBN;Khabq0)j~Fwi8$HLgu|U-5VtObk zS7pO0N=cJ^CP+PmS{}{n(5j#dYuVhEbSg!FsFEyAEFX)S?Pk!8nK4WX2^b7px6WLq zbBtS?VlBlqHjYqK%@ofG41E;MX5IH(Bn8b0($m-DHe-oDlF16t=yoIosUkVw*B8zq zbF^^6MCval6>Elc(jq0i7)Aif(k)R9Qqmaeq*6d;>7pphB-fR{)3o335AwXsoMwZ5 zub=13cnNlqhPI$aw;KeJ_{KW>wwMj71e&mLu&~GhyFrX_VZ~8&bYIN{^@1cx(lBJ| zw7Zkw4ozdCa|_Jtw1bW?&js_)4@$ShJO-RO1LZZOUC(7HYg4!mBw&ANF)NuKNXqng z%^D|Jz(@fRO3aHGzrItCgn5ltRQFr;a1Zm^9xF=2YuLjLs9dzeksNIit{XAv1?C}# z%eAd!WQRlT^r>4_i`drfAs;+IgNs#^wHmNK?!;>)zm+Y*0xg!pyk^*yKN;q=r81n4Ed&0CK-+`>FU`N*W&>nbr%@|C;VV=?xf zUW}kuUj-ocybz%cW?FiRNMIg`J5B=EC`M=ktl&gxr4SKSKpSbOgIbJKM0`PDVr2?M zs6^tEn1O66T*qHAfM^(#G!^_#0>(%>6{2+< zYJrj+C+Gy7dIVAxQUWu~1GYsE(O;{Km`G1WzdK9JqlH*a6J`vPLJ&@JPurbv13$q$ zb_Hk|q~QdJRuYj`lB5sj0TRu60NzqKg0MR1v#(M*E6btsEitbv*{zI2BEv2;yc@ zM7eEm7Mu&_#dm2-&V%$}7tDjT!Mw70I#k1RE3#W4a1og2gdQ|!y|I|b{sAHyvl4#T z!#vQ)VxA-lW*vCcXaVz$fm4qq`8L{dBWTqlFi$lhO8O15`(PfDiG%gM(V{m20In1T4>@rOJW^2B&1v5rdZ6g7*Ese4*5;W;s?e<$$8C)krC##<2p8h786Ce=`qG9=}C+xnAa8NF>QS} z4K#d&P~#zQDXJ^*Wvo zMyL@nI$XyO!2s5GH-uvmQo~Ls1&^@yfqCK++bGr#UzH2<+KfCV5NYqLAPLI#v)YN6%_2%F%RrUIB} z=Y;|w0hlYLFyJLRzMBvRzylJQ1v~=uFDzwRD&?@dWof3FCFjRUY$qdujUivbE!0V+ zaMaQzNxzr(vb~&nKEn0;W$wH;9t}r>!7{m&)Z{qkfn`ww9f~#qP&CIPxGJGhAP zc_`3PD$G-tXq3e|#8#_Hv*01ed+W(vz`XRHj=_iq>0?g{yt|4as%)-{n#pr30c4mn zo?mBSi`WH$zxkD74n+-slNn`BN3rX$>ej7s67{RleVKJGWwugSckDJ&VP4ZoIVsaf zx@*=##|C@QBs=Sqw!1qXIMMFV@K!;VRFt;|gV=zPb6KafPedc+B0DI;L~F|wZ_1$% ziI?C^_)H#!-@a80onh&h7l148(uK?|&qbN9DBU1LJaJjPTGWTJ+UVk{(l zRIAky3Q5!%O1Z7qgC+UYXG`Z4iH08_KtL`f_Bt6{1DaB@MnY5DU_`)dMp=JwyXUyun)(r)8Rb@JH0$$gthU=n^b#=0ldmjQ7-TR z?6~XYAUo7>LwnkcVyRl%Vn@0!gCB{|nB&+Mjv}=fX^|d|D59*!|-RTW23cb({j`lR`u&5R@ps@{=1!qyaj#v{hdJtP33^}M%I#j+y*0ln; z0v};0DdXa($KM)C)8$k^rjqT?mQIp57Iu|sL;m!Z3}$jRhI}+aEh_3{eJNa)jS%d5 zdpQS#DQ+|>@`mAHIGaxRy-Y48H3K!+j*+AEBm*4EHo*~{z22Y&V>a&8ZBYoJNnUSA zzLQQX@iJ$Xj*~vBbDF{qZm^ZylfSH%-A9<$U3|WrQSi1fi=Pw~~ESnxKv#P8(9NU8&_FbGE4o&{pQb+NHxeqRp(<*FzsWAog zK^#>00?Nd>K}UI)4t`vNT{#7Z$7s{Rv?7l&2-uKEM8*r%@YXO>*y?Q95sw!TtITaI zlWc=<+9D0*K`=1zrq0FgaB|m0^awh_ykbPGKsXo(^X%-{+ZsEuKw%!gTPY)h839^D z7gX9%RP>lOu{Q1)&A?CCokDWTn6}K@n6A-eS%n}9b`S}LKn%hSY=w9`MgfUB;~e<} zbD_0Q7CpC!ma(BL)Dwxi&KimRP9KWx*`< zgHW7_M1Nq;ZtTZ?gB79!^3pZd!>}PbWHH3YXOS31%vJPTa-%$RtBr7!X>K%GdO+T1{eG6k>0r5FhYuMaze*q zULcU~vi>YFFWF*_~hx!t8DE`c#wJn=r(9}Fi}bS&`icu_$&7v@=yna>0B*glionuqcy!@Q1` z+LJmkkEy|7ThC%1W^LSP1ar$VcTdE+@_C7Q?TnGZjL>v*(WTAIl%<4mPee{TnknWh za6O}EQMaGaHG0)TodzK=GTK4aDvv7G=y;7Oj2m|+y~GD$B8n)zq`6McJY*&UH*mYV zM&h8`mvTuAC6hw57o|%gDm_-OZXhWM#sa*S-eO*sNn^C49;nEulF>&WLGvsyPv@hM z^OVh}V0X}$`2fuGS)p=p+>cVqhEMziA*nYAQ_t_K9yVGNW@i^*z_EY`HIvi>^HRMj zFfY@yFwct^{8%z1?UnsbdVA27!XsHO_6AAB(M9M+F+n$@KR$g+f+T1_mQHLF`hc8O z8girp^_@FB)(=zvHys@s|%aWzc_88ihoz-w=n)P(L z$2u+FNC0IcAVs=|c^D0|KA&2k%gTO7XK;C*NX#6uWdcJ-JK05GUjLyTVIHK57Kpd%m79;j2aAS9tVP1QKvam7vtD{ZlUmKqaA&LZB1QV`_DwaUA6*o4;5gS>77PuIMr5=36+ zi@D{4w!ATMFE-?UEFW~sZ%GOpvcj&|?xYSw30+u0 zt+Au*S!H500#xan-0?z=KgsaHFQ>=IU`Bw}P3Ynv8Zh?}(W6Y{WM3f)Gue%rXlCr! zdBc>h(I<{`xafo!MI>Tajz`^Mgd6keXqbBQ0T{{Ja6+Gvb;2%FfLDPfk>6P(ap(=< z8pV*96e7E*ToO@4>$;?fQQ9R4EeT9J*kyGyu!E5WbDba}MHj^YYQsm`%SA}hu?220 zJ_Ruw#={thL$V8a)5mTV#PBM}gl#^EgTW}ygJ7t7u&gEM_J~eu6Ht}_ELrZe31Yby z*%mnu`=B;KC|pug5`a?}C!`q+GE6*P?6cDlBz_uH}4B%lNb?FVp`6S3BVNiUy_$CG}a z9gc2%u>VkpKQwT0$6yR*2z${U=BdoWakdq<>vL|0eLX18Q06fM4R=RjpQDJ(ES7z( z<5*aim`Cf;{lGldMdqF7fq4UXb;D~83d|d{vQD#yK&M(zNfGJ17W?4BJU_t_eNU!k+ zo@o`nMIp_CA#)g$^%WnsB z0hkxitAxSlPt>E@u#PbW205w#!WJ<>iXUenqSaTCCA>bEr?oVX@~8n>SgVv6Ff1@{ zkU@Mrci2Q4@RG5Xh==*l?WN-ZEatV5R_S}3G!V()K=y;w8w?4wt-w6^Tx{P7TtD$L zNRYdYJS#Cz^C4kVx^xy2Fmp+Wl#LDntuN-1LkqPM*>TL%uCCxkF7Hhy<4N%h%>l;} zwesF{B1w)$Sj!isSN z4TBY^#JnNP^`_q(TFmPX+j*ziUt%6#r=;MewmH~1Yxpsz^9sx>%v?jQHi4ZjiT!ix z9(zPFrW%GrE{BVY&-Ipj9QLDSX%_`t703t5M{p*(PvQ444~|pWOPBfGwaAAng?UJy zezRc6o?Xzz;QG_{p*20jXI9P=+m;?#W68QrMGN!vnUgz=<&pEy#%}67w1Shn0LZur z<_YR26EM%>HiLf>x5PYmz{p6>>kcjEF;QdV@pfF(KGH-Lb#w4_u z$Eqd)37eQ?2rRk6yiJTQxxX=D?ll^02<-LQ$|*zae4?pH6m-`}EX)&H3@KS15#2@Q zl87n*^Dr8ygdoK$rpRwGPj*15qAp86aMQ>*sfDPuhk0!2f_Y#7)iN8V<0L}Nfmi)3 z7;^3+O8arjPmU`@X$0o6*pDNoup9fC&Z+U=gAlNMSj_98`*!WIu|3SQB#6}}EjTFr z*hA52M>z^BZ@EGws&FFOVer+^$9^A02z}V^#ekf)d@^33WqX6v%D6*T9rb;fDTg%R zqSq4Yta7D3n6~*Dkq9jK5>h_ zG1Cb^EE7vt>aJzZ`Fv;JzMaj@GWUFacW0a5%j9vKrXyiq0kvt??~gbsSz;cnA6U#& zB|(6O?F9{66bD`glSV7GiguRuEY=N&YTR@-9D*2LdSrMhm^ZpynAe2$1~JPgDh%f! z%jOA5ck|r{GKV_X^MHl9U1?Dv^Z@@)OzPCW*Wos4dpT}N_4(C&f+Z}Pl zWYcer3ggnK-RrgnD6y&u%*){Ac4jfJ8N`hiR&-=;?PK6Z7W35UB(=TsGrh*RSG2Ro z)GR)2(H)1(i-VnuX<1?(+c`F(2x2%^UL02rGI!SYW{joMrzb2ZZ2T7t*%xzLkD(YZ zRzr}q8+v6?x(~G+Sk!|XLu{`)?!rFLFqIE|dkXs|Q01|wb#fQPaJj#VT4P5fU~4Q* zH#T5y@dMXQ%31zklUV1--65E#lOA0dNJ0pjBAADrhfPMQN36tsw;h9KLwc44lOEHO zg~G)mhg8Jo7c9&_s==PrVs>p|bjgFwaW96ivnBb|XA6I$o)k#H1R@1pC60p$2DR89 z^+?QEi0-1aQiz1gip8G^t*R7X5I6&S*@Ng?3!_Z1ok)%G$r#CsuYDGooOK$Po3g1z z-fWV_DM?WQaxf2Deb!G9d|;G*lttrNI$+6AJ=m^g@8evV+Qd9XQuO=7uorkey+QJ$ zodceQIBBSM7u zqd4K<#3{qeJH|||^b98&7{Xx+=6MmA2OE`6d!<2l%nU$INYXYk`Y_Xf02KnqWB3b! z4x12yyS7uqW;1M|2y^NgW17!;<}u}w(YjrPVs|%eO)Tbl6Q}RBMsb7L7=$g)M~w~I zxx-0Pj$@{cmeUPcf4WwxODDivXb+3?&5B$x`GLKnl>_Ql)l`0>gZ~P+Dx|#_x!)>> z%QOiSTON)Ji=)K~L2M*DY3(gMNF26hmdV0_nA`doTT{&W19?n~c(HBiwXG?|CE`;6 zqV<`8{=^5{o$|3?o}1RLS>b%nCY{_xF>=Qrh{%fL0g<=QJ#mhK`z5u=&DP+N$p-0GKVZW zA(N)LgVCiQ?wbzMpxw;(dd&0_ohO6T(o;l=JS9%TIb5R{5|cuN7mbxdBoxW)oafX7 z3LxoW}2{3lzSROp3c zPLn11kP{VJABRbvOy@a_KS#+7yIClEA4j*;CZqNsZ+;p~Ydvj}jFXz_Q!2<^l?(CGgH@6QR+|Tc2 za+KM8%5vsFd0ekI8cien#URaMlmljiB6Q3U)tuu2QPUQMh&rA(`G4QoG8v%|54BY? znG8pp8|#~s33DgNPaj_i=1rgETg*$tQOf-EBmNW);8i+K7QiACVO|ubS(_mp<_t6= zaUApfCK3Y1mq?h`9%^&7#5|5Avl9X4Ar!m&!}e5|$A81-47~Oj%u_wc5Ir{vogSO* zU|y7R1iKrt{wy(XszZjHN^jF2D-dyZ3CEWucJ2p5OC4bzTwFL6yVSFeD`8p6T8$~Q z@G0t!ymCFa@XdWm^D;>TgdTgJQq`|rse zTUJ3HuA0T+_$Ojr`7F%ixihht2kT7R>}7SCncBanK!kQodF)_h zL-q%Sd3l8GY(AuG2r(E}vH8V4V1_}};Z9aAXc0Ddx7XJP(asFHu-)u2;Y)83ZHg8L zJuQ*Ym`R*Q8z|CgFr{S8bn!H6 z$AJSh@*ocT!$)*}?rJoDPLmJ*3KB(vJtp#<0g}!op`@ zp3H|#6a@SB1d$ABlf(%iXEBf5b{U-r^L$zTmW;Ku>!F`_$Nh~dXcmHbP?dur$S=r+ z^oBtM^JqA8j>fe@?sSQbkZxo#FK1YX1C%gdn5Pc**(oZWAVK>Sg^HA;%}yqoEpnsb z#`-$Ke2IBj)9hzkMc&aE@YpEJ=>u{lY7L1gc4BqVWLf7P=FQM$Wxp%x2*d5|!-ozX z-rX&8Z|^&D_~4=4-DSyqn%0}49l8b7_WR@UEDr65(ZW0sSSNA{2Prrnu*5tR@5y@8 zkxn}Xj%{Z)r_dZYXV^&LpaI7JQPc(2^*CT909#&Z2$J+ zDDSmd^u|3cVEQt6mhn*~TWmoKYhN6pijur7%{k^!5nROL%)!ct?Otz=#&9rd&$YSg z1ao)fx2Gvz3xGn%5Cf!WXW(`?%H4|j|1H^qV*SCWDmS-FwJ@*OvjS0s=&G}mOc}Yc zhTQ%s8r6&|c6V7H3%Nn_O}>}GnQY`0zWm=xrGcD)dGKR1i-uq<-bJx!D?u+FC%u@( z6Q6S4HMQGq;xqZODBWl9xRkay;M*ePJdVHW&l+`Sefcyj|4ssisHF?p(>l3}(;k4l z+KdxB%JHzkJgoi&ZZ8iUlm!)ceQ*Zmb!Uu>PV@%zHhPg451=CX!`@ir>?Q2qjk<0Y zIpLh14dTra#xFIwn|6uD$cP**Q5uQDkK2&t;O^$;C_b<;&VjCh{@>E2w{prHDK=+i z6p7+MiSu{^uF1psn8cFppu8wu5>e@8^~(FIO7R7OA#v#S{pnQNwzgfptVfEFj2W~> z^TdpYkfP(#+*s_Xw%rc5H~U$SZN4g7F66-gIbX-1(Tpzxde@lni>nanbJ#*-##x*_#Zu z<_I!TC+C0}!!>BLIogZp4Wl^DhB>WaZ20~)qD~r#k;adQ05_jCAWn?Z5eha_Mjae- z9J+Kp^w+}nCV`>flfJ4na%12@JF1#$a>&2-*vB$YPnL66|BsqxxT4>_u-qvk-N7qCEdk0j29ESzq*(U}C!JZrME%&>*gu$#m#+Z_6QCFyZ8 z+Dlk}{KCw&!FQe%jpI8#xft18XCRjcgeKHo#OuE2;GSarER<8!nS8JpnZRjyQGzFvOHa=|1lxxLEHh8m*QylpLs-_vN!t z-?iM-MQ8;lcWK^_M)6uR$?S+EY>f?v`wzg}1#UyF|Ln9&z*}#fkzwBmT087z`3d{7 z?BDmJ!9?Wjr!fW(PMXDTv^hxO(Cvv7z#!>j49j?fIgNg>tbjH_(vFkX;RE}&$H}3s zNe^*cl2hq15%!{uNuL)v*Z?|&O597fp}1m5ObQWSBvuNMP}yS?zaFO^Bp+f>UwUj1 z!*G2aD;a_*5_>-2TtwuI$cBo}K8sGo^GECKElGG!!O_n4Fdt-t9_JTE$a5HVhSUC# zW2sp-%ZK^qzTqs(w^ffnNG9m^NouzqSwKbr%WR%a)6jA+vMpwTb)K<&a8gd~LVCl} zBwWkm&8ZYt;3XMmqime*n~Y@SmUR!wZ$6|?X)l@frafnU!g|>wahk{Tp;J%_`s3Fp zti)CWF8ZBY=?}dlPW;()-v*-`cY8>#v~%dN|A_F`$3R1Gs851pn53@uZ8*-rSOv)_ zo=kd!iSJA&*#rd}J`m9-9I7qd0R443E5Cvm45Y6rjofsyvn`3NWGc1@kS&;@MeIy_ z4aGAw-`qxVEZlTX3_GvlmV`=`M#^O2Hn$4hwaj_oz-gzRdivqRW$yh4Pe1LH(~cZj zCP$eaZXzjR#FZOyVtFeqK0npxX3!+%_&6O#2F)_M5+O{>A%w2)!;X!xI-8>qPqkID zu`!)vF5JJd(d&=m;ZJQo+c#$On8iGXaNcKrhWsDkO~9*k>>I!$8ytBVq)C6^Afr!* zqih7`_4_a-pZK6|v{{)`4l03p37ALgg?aIatq(AdKNI7Hn_%A2#MzX#?}nSgymc^7 z^|YgCgyq2H>l3!n+i9QAPW%*Ws$Yn|o7Q%(*)kaFQ@s&qmv9*O3S^${VIEv8$44kQ zbb{hgTxlg5AfPI)@cp##TBlX^(oK@6)k`KN=0&MnFyt&7CM=%#|BQKJ;L@*;Q1MR0 zJRR`^^VUc5S)}h;Zt7yRiIclDAH*Gw4mabFpuLM{stps zF>ljhFUwEamqols6Pt>hjOM^%UgE}^!*n!C_f6><8#-Rl1M~O}9P1&NCxsYJ7Umr} zxU+AP9@(Du`7hl^;6>>Xm-^tq0E+f3kJO8N&gN!F&Qz_PjV!U47YXxHHYPFU?@UK%P6g(HWkZl2@=W{FzN4i897;!spz9-hWC_Hy%jgEM zlp+Lzo0hS9AZCG@sXw3YZfb%t`s}7!sc?BetUqK89(pN2W5zMB$JK9k_j(PgpOzkLwH!Qn#_6Y@ar9`J`{3a-&p3_W%aT!MM_c+7y1=~g zc)q@!alqO-{l$VLUD~{4-JZ_JCFX5zY;Nqd-O*?h7)K!nqIb|tX6py`?;hCP><=c% z=*P9X5~Vqe%}d1^X$R{T^Rb zcGIYBd4v6FrkA^}g_V^uleEM~T&yuIKioz|J}q^(g?V1I-JON*2FGS8J)<8J5A>XL zJDhxPX9GSv2{NpyL1Eh8mPltmQ67yfp;9KlzTjIPikwGkt!9(b;fmeeI76Y3FQmO* zH0+NQxAaH^)@!9!-ldzRaf^cjY3ky;Z2h?)JbpbNWh|cfK4NH+kxVWAu%aL zc~Q9}qRkqTOQ#+p#TNvgpbCcLaB~wY8R8R`t3Go*OUT&wQPDk41!xdAsZI+MLGABtVr>YV^*v-RFI zjprgX);)`PSb*a^8|P}*6e#Vn+mbT{w&$2XvN4}DF%|M@Z~uIf3$c1^6A#l(6e0BL zY(AI|oUPd)McSm0e!4k!3QB>a_^lZPjz>A0( zdAf&r&?MLQ3f7@&ZcJkg2yz_q+uYCI-FO@Hn@-oky8Q>Yx7Rlh9XxPodwVdPq~kko zzc4Un=M}Lqk0IO|aoRu5_$!sLQR!MOp2B^s`r|wsj$MTLtqBVl+&vm@1BL9A=dmN+ zU^_K;TA90!=A5&ok%JrwA8~cFtQCX^#r_#tXUAe*yyLA$oh^>dQhM$t=@iRBXUd6C zHaPMTAMOVE23Ak2$qsky0X7Z9cwz;jjD2zaWd_7Hxee;3YTR;<1Kz};6BGwT3Tdw& zkB4KuU%DacjyxQlv#cyV3OD9~Y|hZ(+3L+Z6B11F4a?k8R|cGS9dPDKzK_kaABt^D zj}(OEPo7VW`XQLdR}_3bzde=jC;u7q(k;4rQr8=f(^dP$4K!~DQt zLfp>Aw5Jpzyy#pKQ3YTg&PUS`+hU4Wj6A1QrZL7t@QK52aX1)rE+Tbi`G8Xce09Oe zSM0d@#*iC!WvWG^I&@$%ob<;-KA)QB`;di()2;E;?k;W&ro-JsldZw= z6tAMY&C-6hzS*B;$%a~qbq~zj;2Hh92YGsvY~F+C(YCRLWV`DqtogJ*%BO=FCW}KG zGd|1X2nmwwDBtE&Cz*dXMjIn{-)scR1vH7D~Zhy*O0ZaNE)<#m7J7^DcXkO3e zws$?N4Wj23WZc#tA?%AL9L2U0pq8gTD{TQ+rN%UyASiKIyYLg1etCFyP<$Y((B0~1 zoG(Cv?c)7j)?ZrU_6_F!^@02t8DtFW%MaP@7)DZJO24~~;DYKnNIAScjN1Cjmp@e( z?XJrYvwE>%c0!nA-#xh-jA!|JuihSTa!iEUnoMT1Q%>vi7bC3S`x9g*l*S*c)t4{b z=l~<5vuEkSuFHfRY(Pb<9QkZ}1OXULOh%DE>3jL1`2aog$TnT0PaNBghqECh9?%Qq zE99iKk6p<<>&&A^w+6R4ygkXg?)sqY@wDF;oeyqL2Oy3m(jaS-c+x*Qo)dSFl9fVq z7mZ6Is(@ZH>rd8ImEsEmuQSiE$L;O{7d!RN z+Z)4?WH<0>+TWdmhBQfwT=xLx&&@H3hvVLXb+@1tW(E9#EeLF-!J^+|t59Gc?DgZ_ z%~KEZhctV^WZcJ$J6rFLr#tf=z3Bsf<1J{!3YGQ;9X`3r(fzT&#{CU;_4$-5?(W-0 zAj$Lx0W=l1`0%cD^Z5a*hZaK3e0K2v(Do+aQC9c<_&M)8TV^tAW+s!F%)IaH`#zcM z$z&yj2uauyVAw&VE`Wd#0i$&*TD7!TYpGi5wbpuVwCELUEk)o`E7mGTL^hGSRlHuW z_4axt`F+kzg4*`}p5Om@{`b6j^S<+L=bZ2Pp6`CniA18Tx3ClpWKtjf70>c3A8xD%FKg z#iFrD3U+KyEE0xJ8w_UB=}asZ3}>q{)v=feIo>lpvfD&RYNUd|0aos=jJXj7R$<2k z7lqNe#Ug-?03VZHm*{oa-Cmv5RT=dK!~l$XZg1Qr3h)%zD>UG24p*V^|y!x(Z7XOgf0b79?OdOO-6p5(A4Xy@jnv`5>yf zybS**Hn*d=dF?*O#8@siiZx`ns$KSwy;6s*tkUYx`|NCs3O;+l!8WIvZOjZaX^3&# zzue*h5nP>Z2tjp}V;Z9}6B`m553o(FWbuw)PqsL!`VW%;SEIjDp>~KYTCvgr?~}(< zUE=_MLD0Fa@?tRQS3d}UJ{uy0ec-R1K|G=CMA0XJA{9;!EM*u zQa&LNaAd=N2jWd&&3Bq{+wZ~D7Z{7gT;*1a9it}IEnv521CI<5mJbwz?KXHz#xbKe*v*v@KUf1B`l8xYf>m^rP1pGR0VH9=ki8e}KtzM0M@gA*wlud8M6F>J9TQ}#?SIGJO* zD%af5R9joj!)|YA=$bO6tEFY~?S|&=u8ywO)`{o6-he*?NeM1!mIA?eJOk%!u|zr@ zuwF2-3@}U%_#BA^ZGxuosZ=7BsMZ+#{uE+ig28CCwz|4Dm5Rpe>uT#$DX-UG>7Sh( zDJLZRoQ+`aj0&HS@}Ym)1k7G!nJlg#XrLbp6;%O`JKz+20iE6JNCd;~um{oAfwafv zgn}p7v<~oW5q3+RM$jji0t#tc6v9wI5$_-f>hg*#xNDbS$g0&KezvSJW;LW;YW8(e zS7{G}qZkmOgGd3b=+hXC6=EFHa8dlpx|v4HDjf)hSrS0TfzgmR3n^}6(jdDJGRTs^ zf{uXc1x!NcEVxYFwtzR_WI;T|%_kPOfEc_u6cC??3U-ZGhzbrpHc(>G5X1vPG2sk~ zVJF)>ITS3e=4;8GMpge|a{B%D zprFt=U1ruIA{c8R(A13H<-oW|c;mnJorxa^T0=0M!BT~mK?DO}ZP1`YIwOE0Twsns z+zkNuor2$=D95M@gCi4khQrRfc*yBNk;^OG7BS!o`C;_2F<}oetX9$B5H+2x_4P4l zM@>8c1{8LFS!+fU9ND-Zm%IW4k+YIL>=SD}LEOv6!%p@DgF9=bNg%Qh2-bk;3;AF! zVfTvw4ufb}L$*XB2+31q69Rbx0gUL>MV#Jpj{{N|LRcW;BQlL0oX!Zc)#>bwbs=xi z;|m}XHR7yt27}&kA`nLGh3H9m!rp9cDCP0idC^l~pNXMvq6>r!S%aH6TtY12jtZ4= zhB|QmA`&`jayn<*+MH{nd zW5ERPD1yrZVVyUS2s%(3$odISEC?7u_QhB*!2uQG4UsnibNO_t*i_NvYAX3t1?T8IJC}&Y<5y@08R9Gyn;}CIhks1tZytn ziEqLLH_50IxKmf3%`$93v<0G!a6dAcWle2IdrNEM#W!18ruXzr@9dm>yQO``^l8(l zOqqB-5Qv0oASs#bg{&fxRJz6`6b44KX$9;K!CBD%SSBu4A{ntewS`Y*GuceNwk#Ba zIGT<`5{br!hQ@3*kRz-HSiEgPXH`&(uo@QzdjpLo6M~6h z>!}I*ePK7umSsY~nU2J~F+WBIhpYWwH>_q(yB@}3w+p(r9=?gR3qly83tY}9Oe%24 zJDr*eTb&@3U*amO(`cY*+3U=y%Can6i!2|5Lx`2Ton&Vi7o7kxLGWFanmQAf;QkvxSVC!Oh9>K#KpFZC*q2^+2*fcn+xpNRq3{}ZSqs> zSRM5;U|=({+b~OD%EK~4MRk;IUXjKAd_4(SRP`SwPcVeuTcUM)nHSsXN`^v_NLz;s z`~@3O@#`Nd{zA|ioI+(4H7v#f0b};MGQAt6j01`=2aDmf57iHOoS{&r!W3|s#QKOQ z7IQbHqHY-6-4?6Q2A&oTfzLq}ggPubDqRMrTR*Kc*PL{BH>Sg4nLg(JveqsJ=Q=ny zf)J+|h&&E09uB&4{s`{XrDJaP1cN$*@+1)12b`5*S1=lMyY1|L5x_AwqFZ8)>gtHk z;dCQB$LbHGr7X96D~&@nB#^Li%96|34yJ=; zwdtTU;SalG9=|gi(-$G-c7?FjrU76_!~^gb5Gw$Ql5Kvc%bHEJ)Uh@%ho=D03CGF; z;dDeqZP1Eoe>#Gp1#XAkt9NEk&&2cLa6H-o zNvRy3SEP76Tixh&P7FU_BiUS@a&`mF2k}2$6&F1E!l&wL>S}U&6Xd&^Y&C?#OlvOJ zT345;?r3Z6sH+QyBhKj3nis8vwEfvdFe!@=_cg^K%)0!TQ^d~1sAAITaCEdJqv2!_ zD!dVm+>ovcS4I7Sc(OSf3BrQmb(MJoaGO*H{6?MMT<1p+pxx>4d$X`G!U*j1>Fr{h z%Vit%o7?ny2pz7ridv_+IifSLT#Rl{l`Y^auc|1A3#lxS&|%K2Kz)6^qX?F^Fe7nH zj7g=dSn{FG;&Hf`in?#Ti|O<1e!$P340_R2e!nl^OM2NBb``f|EENp;C%2-q84o1= zY50^crW(In7xUNneP(PGK6juT7>2DOnD$o%*%pNzJZkqtRPq+EMxZmUm1d5;x< z6m;wGa6HfzP2*l$eN~V>!647zJPAbh0iT%k$1{mQ(8cZ-0bCV~_`F$9Q&T$P@&%kO zmm``=1_NGWHW0PPe4t3Mltb=?^`0Gq!D?h{G`f4bGO=_7oIe_<4z>o<=~z`mvI;~X z5UGn+#oD_vO_5kv%nNA5{dJId{GoIJxC(oB)*JHGHH6Xl^}rmc2AJJV*HjOD@`ZxQ zFe_JeDB_C*eL~0`^|jXroylNTG#;#qWWzO)?z(I!48j|M$eQpsCzAdM>Q*1Gj~iR- z;=Y<_GEfzY`EpgpBBX-;B(~N%$aro>8H@Ffxse05m@nXHs+rct+T5Cq2B4@VtBkQ^ zL)welKn|*l)?|WVZ_w@X2Tgvc?_LaaaD|+Kthc5nnW`6z4Rw*apxX~Fi24O;9M(d= zVEPmgnmB zuGX4~)X+S=r)z3k8^abqG7TcrnwrThJEqK;)!X0GQ_REf@9SH#Xwj0nb0^>Ko3(67 ze(}J-#Pi8yHq(JnNUNvtLN?pn+!^v=GyzLSqsQwHT3I1jCXq;eW7ZQaD}1W0r9C&b z%))40Q*(87Lqkt@cTZbeL-UMFdV1U1lF5uOv##yW4#E;Yu~!mW`1vxfu(L`c;rHP9 z5*a2kG970nL{02u8%@$`+C}^5OuC3Jq1Vt&^g8+-x`Qj{Y+RPB=4Nm^xM#V4<$lMV zKOuk7|JDBAlJRj?Q=%x;M6s@6C zX+NDs7t^Jv&t^JIchK*07OoQYsVUUw5bARb^|_J174^A;{|^5X{t^Ch{sjqk5SRcBpirOMLVebY!~dW@Go7=Y z^C#+~M|~_=zcIXiUjopa~T zojrHv+^KUX&z(5;=DFkNj-7k`+~~QZ=UzSc$8#^^jY2w;J5xuKd>-l@o zmzL6HbUE2TSI{5P`{^U}QTiDD1s&mE~bKh2-w&+upY zxA{Nue~_G~Kd1jpWE^HcFM#lGp-2fgQL4$~#LvGw6yM~D1o$8$a`clDq9iI{h?;1K zmgtC{7)Tj05)(0#a$+GB#7b{8^=Ty>7rjZ_U3Fy!a(o6c# zN;AnUGMmgHbIAZ1B=g98vVi2tLb3=Lz65o;pFBWzlLyJ8ksHu<-yzSCZ;>0x zMsg?lCVhzfnEaCdgxpSlN*@Mwyo=t8_S(fCqz{st$WD46`7L>s+)K8QTj*}Goc6z9&wQEXeM|)dqORl-8u>n?2SZ}Kk$P+3U;>CS&g!e68x@;9Y zE?KeN-HsXpmSonzNUj|xxg`_8?07s8$MZ`TqY{@fF!T+K#NBH~jPBMVv~d9+@pfD` zbD;1_@oLA2v2BDbUN-U8NW25@0!2EuvxZ>>WZ!c44eTZ9@iUKSMB6VJg&Ab!7%{h@ zQG6ZS2bQlK5f}iGS|a2Hen%$cjH%i?%k11Jp()A44t^Pq4GEeFr~yZ(A2$#u2Z! zb=jOi?n3&%6vq7fZ zo9Uj`H*cWO+7nnZ>ubM?_iHZRn>ZWc+JJza;X4{o;rD3+^%p> zo4K9k?4I}_5w}krAwbz2x@(OgQ_PTdf>OFWm$*fp*tvbl)8oTSw?CfCZC}%|cvT(x z!FKo5<=fpe2O7|rg^s_~HpH?wkZE+AWpLH@#e)pBi5Y;zA046YCNjdgn;xf}taL=_UeP+Da<{VU z&Fp$}@w$v%m%Cd>sF_B=)=DT(xhIwjVvCw`B!NALohOU&e+_nSd>`&-YdiN+O34!s z35ga91O!SI;Cpg1o62x3!BL8%1RS{;S1HlroRUA_|G!a5?%Uk;*BOP4R|bXkYqUac zjn2|}WvflNY)MeKbj5OEMO#o9PgC+sGnLY(>0Q&FmXG&O8&UMmAECF7cxSTzxxRTLvRg;U?0NGC9;ftKjsFX;rs44V!Ug(w$HL{S*I$k2D0^o8 zhOlKJ;WR|UJxO%fH9Xd#hD`o3_D|S8-a!cWTXyY#HSHujA;auK9zVu@Bld4$zZ-io z?Zn|8>|3x8W4|5ySJUMEt++UhedAYeLY^xo=m&+=3(2n&a^PA#`#fae*^ul0*Alf9 z($zy5AEO?TPuvcDSZjEjvo7#}tsHGYCIxi^~5 zm=osP&7YOmls{VjiN#}CXZaM73pZBmw`!~_tfD^J&DH>hm)aXE;*3AGI?Y2 z-sGO-N2%qhEvX%;M^Xn;$J4&_qv`$WW9g4FT*jJ-WX@GBui8?zqw3+ReO04XA5@KH zE!pp7AI|Q}j%GisCe@bef$9U*C#pZGk<~bAGBr2U+*>nJbD-vU%}2F&)Wz!B>*m$1 zsk^c6-nx;xLv_dNKB*h4m({PYzrFr}`lst(tUp)(MZ>Iyvkjj&Y8pL_HI367mo{!{ zyrc1f#-|!zYCPAJX}Y~>chgf%FE*WN`m9;mJiYm$=I5G^H=k|(sQL4pF6YVB&>la+Cpu)wpnef+qSjc z(>Bs}xa~yS$L*5#%JxKiXZyVNHSITcxH?8VBc1nlj&$zt{B%loO3#$VQ#MZ7KIMTa zd!`(oa$?G7U7D_;u2Wr~PA#44nwp*3Gj-|Ip{aLGeQ4@4Q$OnFy3O68?xyaI-S>7s z-Mz2-<7wt;tEN3L?UiXC^l&|vo>)&;&(fZup1XP;=s9zV>yn{MMyHofzhnA4(?6d6 z`3%Vn%?!&7*Nn)F?2O!u?iss#xn4uBt2fo#+S}i|w0B+a4ZS;hclSQgyTA99-m|@* z^l^QLK389=ueGngZ)xAUz8m_^_UHOn^*`5tsQ*O&x&Du4hGuS`d0ws$@G>{so8)zNq9_SyKH?VYI^}xD; zp@AC)whw%7;J$%}2c8&scHq#!%LB&;&JBDtC>cx)_7AQaTr;?7aCq?6!Mg_U8GK;y z;lYu?rw8{99v*yo@Yvv)!4C#Mo5#&7owsq`NAq*@@1FnBf~Ey`EciIzlb@A;H2=lI zISY?2DqXaC(TT;D#WydpEZMT;(Isb=)-64-Otx(MvUip@EgxDwx}tN%Lo2N-Z(RA# zrPD7RS!G={yz16f?_Jh;*|y7GUaefcc=glY@O@+BH$J%h-pfC|qUVY|S6Z&za^*)? zExzi&8qb<7YYwe>Y0dGqzO}KnO>3vGUAT7j+Kp>(SbN9Xd)Gd+_PMpMtbK3o7wZh` zeCrz4^{%^o-S%}4uRE~r?7Fe5E3dA(de_y@Ts?aA$LkgA9qY5}@7ZA8kl4_^VZnxV z8{XSEYvbyT+cti0(7i)@hF%(aXXx{5jn~GmZNGNl z+WlKxTWYpU-*W3#%hrdsIks)uc5d4j*BP!G9u|k2hUX2hAHIEf_wduhuMB^1J-Oa^ z{pHuccSF|=qu*Tc&5v(fe&Y)_k((NBI&pK?&G+1V?v^#TymZUxt(~`i_N}^a-Sw@% zZeP0nrQ0mGZNGia?a$o)-nSj!Ui0le-#&GR?~XNhJa?z=PT!rKcdoqi(K|oAtNX5{ zcWt@rgYS^;^+N8 zzvJhJAN4(Y!$0>tMjm_U7t??7?1**b#*tHxuX_C46Vsn~>X+OvdwzNAFZb_B?Ah^T zu{?OnWg$+d}|9a1JmCvnv?#ypuzZw3`%llmWuH3i(x2?Z@@wexG`^A3U{?Pu`{oVWf z_pjc+ZU4>t@7VwF{{8z;?Ema}-SeU6Q_t5u-~0UX=eIq7_wysqA3oqaaQlIW4(vN{ z{J^INl?NRMYYz4vTz&9{gS!syIe7Mv@lfng*P)|_PWGpJ-hKFy z!%rN3=J5W*FZ?d?yPDtSe)sI}4*c%L7fN3+zR><0Gq%oO@~dOSivt;t#SvX#TL}4>$hd_LnPP_PpHx@&kWV{&B${cm46`D>bj= zUb*9y&t6r&YJS!AYV6gnS7*Jt_|>6TZ+`XOS08(I|Er^~etcAO)OED(==7tjj}9Nb z`{<)bKYLB{n(wuy*9Kl&^V+Si?SAdq*ABmS^tCguefZj6MQv7^V%9Q*LtU*C|tp?jn9jldh3H@e?g{Klp?cD(V(8~fjQ z>5b!Wyz|B zcb{H*dfn+8PVYFq`}7m1_n&^{^x4y&pD~;XooPR_5Z2-yXC6KC?3owOoH+C0nJ?Zd zeXH`V$Xl&%4ZOAPtsCFE@2#iadikw)-umLK;;iwkcs6jh|LoA&hu+q`9eBIp?OAWH ze*1>E?|A#(w;y`@iMOA7`?GVgbKB27aPBGCt3UaZ;!nOmHTBKvA z?@WJZ={v*k?0RRYdNu)xGO`H}!7QyWQ`8@7-PRKK1U)@1A}4^Y?V`1>VcN zmwT`0y@B_ZzqjSR2jAQC-huayzIX1uPv4ikZ+zeLe&+r5_h-Go{QdRs-}wIb-hc4@ zJ?|fQ|LFVY-v9Ii$p^*{JRf8~==xyZ2j~9$;GduSx848#$|pmR@Hoi9gzo1)f~qAa zVoodJatc)!S0bkhIWOZ#{7C!=)tx$`I~6{XOr-Try&rpu-jy0V%6)Xfkm9yqfT)e{ zjQtVChv%hU!1N1B^YzC?ASsRI{M2M&dki87;1 z?vBw$n#LKXu&K&q(<$@mQsp|O`hIn-$5YF8j_bR0dP=^~!;2CH6)g?O+?wzATOC5=p0 zJ(idgY&uzag;g)Ln5}wQIkD-a7MUQ8OPi&<)QNf4oim(QIj?ix@07_fEQOQld^*mi z(_^6(-Jl-J23d6@R%-3lQ@y1e(^XPMnJ7D5PRpfNS*XRz^H#3pWg|5ze^W+D+2S$| zt2&e_NOL-VDxcr?T7DnSbf@zBPUiOkunY71_U#+ZAIy{A-Xaa_*#E7%12mt{TXduO zeJtJ_|L`}OKl*piu)8cJ6Et0&mZweb!tSni%duCb3wxT!k#?+i-r$_N$a2lMAz!b@ z-nG!O@pk78GuB(ybE-!kx%%3xA3jXq$h|Efs}?En7Wot>&Y& zR8MI%s8>hT`pbe*V=$@@2Gw^~)9PxUa!G<=W1?1DE7UHkg+x-w{w zOsf_Qp|<2UrOc_iT3?A(o-o-G=E(^)hMkQmx8m|uQloN{#wc1b11u)s_9a^*j{1~G z!TPKeu>6?6nmY(z2+$3ljWqdru3YO9;HcX&JR`O!#>KYg0$VEo00ep(9dR~*xDT*m zz{G4~*4daT6{C+a^_Z-(>bj~stGFt5i@>D<4RFhFqBK{^m2S-$a4O5mI9bLU-j)>9 zHq6XfA+bn!(>861lr*0lJJQS&j(}?3dciuDx1L{^59f7<^tH9|_$}dEwjQA2wc)iE zUGZifxb>BeF3%v|3lKB|zTPx-d;f=f^rppqeT&(?76WGxkX7lSncK!T-^M-hcQ-hG z;qv7R*^ZGgX~gXQ>B6)p{^kb6fZ}s;#3!9j)t&>*x&K zA|0pG5lb89s}fs9X;lVs)Utg}szN*{Ol4HkYHa14tzzq-%xRQ4TV>^a7IBJpiZCTU zWyTbVO$M`6j^a;|>myhrLsamJ$V}2{k(HOLl5_nkr&3flH`2zrDxNf-&jXg{4Yl#w zG{AZOXda+ko6hHTqod~wJ-GnQ{Mvl}7R>>cbj2gp8)_}_{Mz&RwaEm@S2F~S(E=rP za3&Dg@+MkcuHofCS>{WwS^p^X43;2n_08p;YPfdMT|Y|Yfk&M_O`&lqKa^> zvvHBQ#@L8~57Ahx%riTz_G`qjySgK(6>XR>_{Vai%|+YFJ$}KOG#kK)Kqo-c$wAQc z65`xTR6t%eFjFNVeNu%|QlcWw4AoK>QZF&)!75ka9tX80%T#Lauic4tb#?2KQ(5~` z(m6hbF5Lkg>d^~_Qo4ia>kIR2K~(f=zzzVT zZ*(`Tn!RAb>{SijG`w+icH6SgZoBQXWo@%Zi{F>x`;Nl*qdALGB1a?k$yrZg>;19Z zzRYAHS}{DC58%yc3M;+8iQe{q$%T>t_0X5V%W~wV+?3b@Q5ua}#l_Aw&S58y;8){S zW!IJ6S;k{dV9e`pt*^J%)@J-_VzsumSTU@MWaQDP45O&(oMmMqnu8kaz=aQjDyH;l z5Ww1W8b|go&G4uqUI_NI#PwkeDs-!{E}%v!k+4;*wX1asjKC<>cziB3 z9xKJXq$;UODZfFkRB>!xd%Z-lMIn(;1!j#UjKZ(|F0F@G78GkQkxt|x<%lGXn+Xo)@p%479+{jh^a?}drleqN=wdzix?(F^Quh8IQlM>jBXdIzO z@i?pV_`AUSmw@*?3Fpe-p@pnO1}SGmL14y*`7j=*@pzGBO^P7NM7f)$hkrnOzrUA1 z%*w?P*Z3!#8T3~TPkkb1*DNCiHssb~80aE5udpnWxymk8N$r>NYLLg~^QaGQY2%1H(n3psY>OfEdhf#@G`dD5nlR(mK1}Q(1&mW|$$dJG;q)tIF14f~zr1fsS zhRQqb%?;J&RXZKsZq8dOc!T8^rqTZ}I$0D9WF`Pf3iyObZ!TqBMpO(us)#lsL>5JO zh0H}=dI`!eHjw)R^Q}1jXtgDRqv-M*8WmtSwBio{?$V6=3@{&!8GG_%=7sTBAS18Sf zQhU{uQ1B9?d2VB(uinXUh(lBgK^)qXh+Zip-MMfXDP1B}$}wTCU|MA2(>(R?)WlO6 zPZhkzsNs3p3I!%RCQ@Kdy7^@4JjgR^xrIO+CIXzm6|g7@q)C_Qi}c7@1x%vN{sG62 zc64{|7<ubnhkp3ODznnw z{$g*_sD>4}QeBrq%4EiJoJldvxl*{)EM0+>p>0?UZbb=72c!aGpVu+Wf+!sx4O@?( zm{2dQ=MN+kUIuXp98QxPWi0}m$r}@GLswaIm-nkQ5_-+&oRr^jo2&iO4qJV7q|{c? zU)$02qCM)+<@e3n>S?P`ZdjG*Z*a*~rLt>PCTMkls~0rG#65$^pEzmDVWgODSC@)(kCddj*Dj8Vem8e$O3)pjx6`PTeRI#|{nS4)y9L9nSUqlz5 zzknthU=5T}NKz1*&`+8uHJDQxs}11k#9K5^j)6Zq1=0Suxtp^$gT zeAVslu~+Gz#7jETvZ?pob4&8N%iUXkv}Yb*#}hwbXF&gRf-AOwro`_N==ZHZwQ{K? zm7yg$l%`GFCbTVT;}s1{46Y^0*5G15HQ=cGk(v!Fz2XxT-2ZHCOr8HA>MV`skBqN{XchC64&>`dd_nu@fq zHaYf?%Hp$S5++X)#Cvav2}=-&CS|-D)peYA3Xj8k)m&_ffXHYXZ+`7%#Rn-Wrs zQoJIlUsjnUE6U5Akrlzx(iKi9Jm;I=nZ%(3tmefo2_YH+V^xeVav(D#$4M}NH5K$i zNZn05b(W_}DNrbgS;x$(s+&w{L(78tN?YAv^Y!0Mf8(KbRKnFR=uFb}Sgu;4;62T8 z%wO*_WHU>YB|>d)A~35XdjHO)cdx9XVuMJv?z(~uPp*Z9(I7NQNOSr7!J@^Z1tH~cKvFBE5x`>xPiuK<ogeG zR@hvbrb-Mg_vlJ(4yPXUQdv<_8TGq#}Ys&!5Z##R{wsXL(qg7?1Y4e16z6i-Zsq05fgEzA-6_ObV$54fD&V zict15Q)od7D@w9i?$;P17imk)tamzd`TF|#SnEzFm^I=33vjrTP* zT{<XDr)s%T-h)M@73x12$Bmp(!7x`Llwpy^E(y;|j8p++ zRCAc;UxA2VW_@Z-FU;4*88)Ly!W9Sew^)jXl6-#c+Mdf)&oCbZ(UyyZ~QCIyN# zakF?YnQ($eJ0Y>SnRE^XmV%+CV>~CSZ0fO3)Hc;_e`i~Zd#9_lta7X)qQqhAA~{OSor+W6!@(a zSf+29=${2SOUA<}Suj-k-2RCpIx(%TUE7#gmu$VNH`?2pxc@_az|uLVt8HmdS5vOZ z7&DZ})!YMEuqQUHdS;?xPWFl`Y4tBTE|5(Guki*$E~eI@4}QX}2d!~KPH|||qLWp? z>AlWN&7J&ak4E3ER`8;&+sR4|S+%Hnj1>&6sYB=$DDR|1P&AxQb_B>+;F$FGpFN&k zctcO5E9+52#o1X;N0n%b_hen!kf;tjH))>z=Q+3J6KcIdx(ySOR?TWi%xrKgR2tb< zqgcdC2J2q{)}@F5&*U7kPBkl}dNYPYP||MRSiv7I z!Vhqh7Q~s0K>ko=H*Q#a`39X!OP{Z~^m_|JYqHr5p~3I0s=1ERjjOIenA-7qHxESQ zD()vrd0@`XC=^AMIN|EiS75oyc^R+el&nxnwFrDKX{Vb?rCo98l5$$orBd)+0QSX3 zr@FBV`#X zsa7t?IRzMIi9*uF74iUE1U^9^24d+(A-P}7K;KJW9($1*#y-Nwzw^zpvxWBm4{mFr z{hM-br&!uvgzYA;=%sw8d9w%WX*)@`Xya9iZjJs+@FE-30}%c!e4gO}1nvpi1}i#r z;IEQEh8T4B6-z9Mu7uUA*;Tn^{`BkSC9?~!>q^e3^#U(ua*dlWOV4a@a{RxK{Y+Jn zSa9>4xi=TlVynJ_;Xx7RcNAdWk_!;Noid2iO=<$5uTk?QvUbI$(h^SD6_>zpL}dyv zXn>@ku; z6m2wE?5Rt-iEAgDBom)!-~EW0E%C|TUAx#fitj4NKcT-zdG#cnb7(X}1(po~6d(n=nZVNtXh68HC3r?Y7T2d^l0=(Ot8(?Kr!k$UWx$= zpy)Qj9ViHZTB!gdlvLVNSRD$pB5Tc5u?K!EsZy#e0NI4aZ$PZ|dRYl4o1oWBg|`6K z1-v7*wOe^mV9SflG;!z_i7w3iRRrW2J}YM4E)Z}i8>6>`nSTaXadYwpquRW`&^XXI z(*=FAoW5_WZR_&v+SPb%)!r$0&Y1bbDXtkardE!9aqSXk$ItgZ)4$@Q&7qYm^G;`e<;u|J zk5=?Qv-jr+^_=WK529{bNR=6)Zige6h|6D%n!>U;Gs>!or@yKIwATWH>EA^yuD zJWCZ4#d=uD7++2?Uq*A9{b#*DRUoja4db$`y-+CzRA<|+fqSoW_Rj40{P3FhE*+~w zF&AI4AxnQy>>Et>`-D3Ox>E)zHjGKcxO!mT&PRHhew%g51yDQK)3MRsf z)VyrM7+ACcX}BUmpA^d++^ZGw_DHw`b2-L4!jblP1*flCaNX1?+ZJYP7H#cdM>;>< zUoVRF{ps|~deK=wGc|b2{8()MErWx%EQrMxFas-Bpz%uze5V53Q82ahtc?7%Hmwah zyrNyX$!h45$*|Ovx|_B8dDh|}ydX2c`U2;nOi`4DsmTqVUJmYKDlqUEN5vmL^zg3a zuJpPpES8t->o@spxL;qfW$RV%aX(ioZsO?SNQ2#1UV;y&#@i=gl_KrAfZ#Azcs%4H z$TB3O%ZM4CbOtx4wcRmZa8yXUJq&K?qX(IFbpmv73mhppKmQQ~V|s7X!Ho0Z`?q)l++esOgGE^ySmTps_ z*FiX$AoUR9(FQQ5K(2yO`OqyoCOM+d6+F44(^=>sT&Kw9~VZsx+)UpgYWlt=3k>Kv+7(?YpD=#OC&DI+8u^#wOE4)%Y7ma!k_6(E%}BD z>x*yE+fYYl|Lg}1k;C_9DghIg6g^|05wKiyU92T8>|@knG<@R13D8-F``D_ueuO!3 zPu_IlWiD}30bZSe*H(P1oHXS8`gQ|@kzrFsbH$8`UsU|2LLydBImnU4!0BPvka6f` z1!6Eke2PLdlR(k;L3Ji9QS1!vsYO#)cQ|*IIpdYJQ+ByJFV_U8u4tsc7+V;s_v$)l z(cNQxjVq@HSi3R3=P=4)CO^w9Ghh)GJxogKQk71XHB+P6W9EpNnsq8&kKT+GQ7!lD z|Dfmeas}3Bm#HK?CDK}g@i$?@F*5?gVkt37iAu^UB*ki%RG~5}^sonlm|`4QQN3aM zO;NM?Qn4vGeka|(Usr1;t`-kP2Fa)`V70pMX`<~W8a2@h6IGe$IuD)WS?S@Xd4BKtvxiT6sLMmkJQTiAlSlA$u{CE+ zgIYRGOUJeJoR3Bp zT5HfswT4B8s|-9l{KD`X!?;0;89NsX+=xJh3f3-|ESsy~q=H~p?)`I=uMU4|=1_}QALR!1_%l2g2=;T#)y+DUp)Xv(q z6}qo!t+?`~Od#W!`@0|v_&EPWGjq;TyVIpp+breE-R}8Sce-0e#LV1THQ)U+r3JI~ zVpbNLiu*?J(kriwr#B5>SO3`9y+2<3>gv_6F8(oH`B?pR!<*8{E3aI65$At^_BWB& zbKg>O)Sy?GF#48iO>D^*U5Oe(V~I{K(<}5^$N_qVnjFy4IXYURqrX?sK?THXs)OXy zQ=-E%g*vQMiHLpr4egb7PTjRu|`U{T%u4&IDSG2 zDTsxv%L8>L{ihItFT4ihg@TF43t1S=gv1M)i3+4a%BP2V#7Ap~+IO{ITl=KgP4Ag< zN7tHHR*(HBm9IX!rt6MEe`Y?#c9c~Q?}=MVG$qm!O%IV8iBv<1cHlB?iGgUlbXpgc44{_sKUYB(r7QY(#IJFUUs)_X3nK zOm+pC(d3**wbx%i_V2v*nhU;b@Tsr)qJudDGs?mpJ;+fbM*&R^Ut+H4zbQ43NTZ7H z)7~HO+AnJGf)eGam@E$~#zcu^R3V)$|FS%z1#ykpUYt-}-BnInG4}7*Ur)7rui=gt z%R>y*$@#dwu&pO@WeS+fWiqLh<0bIjz&Q?kaQq;Qgv_@$nyNUMvcyxE1@5(!g)u<6 zU+ynUbH1(L{`S^CY@`bt|MHhcI=@g)*z>2*Psg7JR(bZ|E0Th79%4-w8BTCHj>8bH zX4oIYRJTtDh%rk6{dBCfaSQ5a)qP?L2t|vO~o|%gKs^0CKt9 zf7KoB|HKQs8*f9V9O9$?Lf_*m;hRd51-V);-&YjAhtk@#kiI{SU?wq|h~}bvw6xED zZAv1?BvsVq(((!9I@@GXMS`=VS~@AO+Klo(6_%qCbbRjZ3xWKxv6bYr=%CaeM1Pm04WZ2aAB{ZR!o%qncQ)uiI9p_Q%qz zIBqQ`k!makw~g*`)bu9DUXYg=f~|>I&Zn13G`^Thxk*wYm!htn^qFfhkFo(>VmEw zDC3Y}tR9NyV$gW4c{ z*iZeXfN#K{oon&ORn3rpRMIkwsu?|DE(0~f`k2E!f280sXSy)zkUyVi-e=Tj0_H3- z!CAx+_?uZ(yhVqiJR0ttpICDPN5>wM_T+*yDvYIpWKHFi%Q~ENAyt*TtrZ@N8oamj zvQE#pZc+=Sv8-0LSyoyi3r$^qb(yEqps)0np+~Z~mVZWDm`Hujsemb+muO)DD~F*T zYpL~>4Ve*ZI$J{|a(G4HA!26Sf*s_-z7zRF>AW5;G{~axXuwX#I;$NaUQB4uWN9eW zS!OrJjW(~THEF>_7Cq?@mtVLx;h9w31A}a=;PQ)TKLVlfa^D{lR{NRf6fJWso*4NP~-~3i$ zanS0%B$=zSq#akR_jD|8w$;|8jnuNWRPhnVPapf}`mK7+R*kL(%h{{0UthPV-OG9? z!=D1IxzYlx+j2p93Dxu!qj!d|_7sKMRL&_lQy(2NLmtr2T?9XZ$50RFMvMjV_3=x*hRG9|b{c1ee zn>%-Esyv=5wsV?$FwJogJMtKRdVESD4=wD2t$T?bdB8Z|W#6nT?aP_9yugFQ534p; z!m3$TAu9!v&4q+iM6zO@))yf`TZru#OMH%rrN?*Zg*GiT)BR- zG<#)=%~DAyK>u@0x@tMU=wi_(+M*V1VIfcCFk@wfmOEgiwMH5?(h4J@?-#2OST*%__Crp|MIcEmXFhsnsSwNW$6l}Sm zxgnCKXpBIAtA5iQkN7o@SFLDp}IB!Q^_LJGal$X;WGk!+V=)s|iK5gZ15S8!k)B1no z=M;WLRl^5_G-4%w;qSiEa{sf{hPvi@Ba&XQfqQm@x=q(m0 zQt(D!>;VWa(!1%U-l)c**;$sZZLrr)DHmtDoBI-mo!)3^SR+|lUU#QBy%$=30&_BV$xfFO!88pk9-2Y+i zP2l6Y%JboS?wx(#_kGulMl+hxYRS@-Ez7cOM^a>4b{u()6P(RUHZKGVObH1P2S^A@ zfI!(PB@|O=(?7U0N%_+_gw`d38cqCwJUwew$eoW-P?1mkUKYqW>gzY=4A#ZP>p(jh$N&iMXOu)pRyzl{Py? z9?IoG)rx~2d$_r6zdyEOOJBSv_)v5AX40A&4BD@ZmiMl_ZoFVIKP7&JcJKV!>(y~w z3x87DTVmASqwHQV)xb1AN&1f`s)_l8XivlwIK9tUj>C8XAE<>vDG=?8o#Eku@YkAVz`0X%zir53Ou2Pc#E*h}9GKztEOyFQ@wpzFT)yw*vTo zWo}I8iU&GjNWJ5xu{l>TH+2&NWWr8sB;S*p*y1$ZZnWi%NFQi)rQ2%BtEK{mqjva0 zVZ28cUt%8-KMUDsg`6c4u8Tg`Zb~sYujfr&RQMtSI|QC0YiL-D_Dsso_XOZ za)Bq&$KA_4!4gxNU zo3ttX1+o?`B6kaaF=75aZtTFEzo;jQ<@_Z}6sM{%6~Py-?aLXA%j_oAJIgLy9G4;B zzK{2v^p+94+a;Wq-*}I}jyTv2I+k%U!R2s?54t|#I_Hv7u9{2a7hE=@ZJXWY!T%?q z=rNW^VFsPohu}i~LqRG79}Nmjt_0H|M%2KqOLAZ|?95}{TM@OD?RT=9L_;P(10)*xab zZZ;sHFj9kh-G&b#ja2gS7m@FQ*6I>+e{`iv+dgU;`VDcXRi9d zy|))PEYV5=V-{v>+tlhy%cDTU86wOSCvw*)c0v6mX?x;9KtAllrx;1PU?G~2B zfmvW4h)dY0LVD(cs*kx?7=}b*FWDwKJ$Q#M z8jhBt15wEyWuiXB3?ao>5D5bs&}DL(^d_B&+*!D6M)Db{+2BSF84O`ot(w{vCF~rj z3fYqC5TRFWCtXyOjLM%UP=W~dkgDKi>fb{!Oe>LB6ez>pi%4I`{BQW+>A^kGM-71( zaz(}?Vbl99#m=5k`I`2Rv0ER#wEq4+d%3gIbWZw-qY|#hKuO|cgUad z6iW8`^<{91SlouhazPUgEDJB+T^??8TMc&^bfw&Nzx~h>*TA@@F}UY3u1=gx2R+&h zc{i}Itz;AJHm2%Ix2d|)hO)HkX5^<~=StJf4#B9~OkypaoUwU7QzIW6$1~{YG94tT z_DP2ef`D3+)Tg9P{H|-|*xKmA!bb1Fh#dYg`#AfYXY}f8if`PSnb|a%0Q3>ssOnC0 z!nj;4m;q%ytx4_59Ry^Jq!u24I0p>7qCygI@8+$1ikraY>y8<1nOAi;jIK4vOEBptK7YfKG?J2}L%?ldn zA)%XfoDW@?1D_+Gm}~C8pDSefGo+K9!ZW;|y9x&j^989Oq@-!T-5e%b3+IK|T+Zz_ zg=Za+YGhYLikN3jq&c2j)=%^i{UisfEbp96Wk0eYCgf1)QFsNMJZ;Jy(QM&S%y*2Vb@)+^=13=%f9D&pFoyGjUBnKPJToBQv6t9N`DF6r!F4j#5yZa0{_>U+(0gTZ3nJ6N&UZnJrh-n!Rp zF&JEiz2p;bUwpIh55fmUKUkP>=|eWU^OQCN&6V1GNNF>!4KDsl`ZEY*Il&14?Y!V*M^RWWIK^{({iGKUs6J(FGBT=Z z1lzR9ptWER+-ygrEMi}WU%(VG$Mdx_XDKxCX|N+wLh^W8OaPC1WL+lHjLG!A_Z@$j z9r?-hJJzjx$MjEb`}VhQTlNk=Wa@~|6@(n;pbm&#Lf3$g}h$eJP(#fth{WQYQ)ORx+%oUZ`ep`kRTr2 zD0kt$JSB_r-Lf#|7!$|dIKP7K4&m;Ki2T}+{dqfbrdJ{dBBvr+Lu6%kb?Hs(I(uI~ z^1gndwm_>6yNnur5BL2SN})@06pDWd@tjL>`4kATEG8dA)1p;t)ffD}Q2hUYLiGPX zMeWxwkK)HV;J!4{Uy3=Q2TNHG#Nquw5Om09=BV{_ZLte6+3K|GP18_9KqCxyH2{l{YfR0O8KHjwnYJ~E!(Mx~n7NwU;o0?yVr{Lhneg-`Q^;>C^4)$b|&pquACG>v3 z&L=qdz*4|HbskI+KWGz%l(;WNh4bEHLtOTqeQ>EIEsbi7OtTfQZ4_cZg@0mWm}j>T zkj-8}aX|NI?XX3YB={ViGcVH~vN2DtJDKdxc^ZG&?r1&l_vh=;NEiL3B?bBsgp2GY zwjb*yCA+m^1;FV%FrEIigr+|`cLBOI@?a;cG~3T*Sv)KK$N!sWrT=&}pgyY+XW5W_k#5rrOb%cn9@aYy zH+nH?ZNPH9;kUoNVc@fGeEfY6C5F2)(i=ZJP@XH7ugh_ng6jn(FZd>c-kFZ=9KenS zuIVaO@`)*Ct#Ymj-5_{oo%75-IVSDGJ2XVvCje9bBSC8rWN}`rmozw(iY*)y!fgop z4T_Tj=jbJt86$?dkA06A=Ho;=5^Tf2l->y4B*m`{2?yk1$rTxzDHP19bk|G;;5EnP zgv{(R>zFYgA0F;!{iRt)SB2yKM05@uV;w9Nk9W@MaB`D$q%^Bn$ZZ;$7JTA?e`Iy# zigLy3`UJ_M7i<0fc+IX5qm7jBCkR|Sb@CSdIuuni=*gZ%M%TZ)}Kl-Q@fLxX)9@puwDR^A$ z&s*a380Pc6I6t38eDPIs(U_b!B@&X|7LL$KBa-&cNU3mOHW?A(cGs+}f^&o+f#m`% zGJHbjAX5W-uFJLDmmjq1JnGo>}4rhY{5oA(OK35j2ph4uF0Mw-)UppJ9tSa6g zs`!)M&iF7A&yatDrz>%PHhAA$`}C?#>wE6eSWIwHSTB#Rg^Pm0s<{{Z%a0NLjrdKp zd4t>@3@D)@imPfGCedk&(H^%}tfDn#6J~)7W{AvsCEcun&iH)iM!T_q=PvLA4=IyM z{GbEFI9djNhjmI~?UH9jp1fQZKlLf5$I)ajQ^q?y*Fg*FE~fSy15ObuHR6cx&b1iXsp=MEjl zAAW`O^|%LC1SLI|F$L~nF>})gN!6f_UPwbj%+F1A%0gk0VA(e@2a#ud$Aq^%wCvl> zRitO5A2DGtt=+yRU$5uaTsv+uEdTaosU1nc+uPA!w)i`AdL{U6LU>r-9Ev62{uYYTwl^wy(3VtE@Y)4w6*A zD>Ln<6H43}8TYT8Ce5Mf8uzY{J2fFeyScx|7E5l9hL&8=U4B@82m+vlV3{Va0s#W_ z#$dEvLQU%-Vp%fw(E4qlrje*aIz6`yAIQv05gQ}^wl<(`my98RYnN)LTA367T4U&GAZtISR8$$ZA~7kV1R*%ia+n)^`?uCsIQp3RNFgL}quxv@Qi>faN4wqLU+q}ysR z7YnW=xS4LdK7cU}09Aay_ypoLONj09C#4hf?sA*yM6g}|W@LL8=6%_Ds{?TY=Ws-F zkk;~IKVXV3l1$O`=mEu$!(g=4m#4*FkbTP$HR?m=SbN%29Vs~dvnwXA371zUJxOz_ zEz$?X#r5o7kzFN9ju2>Jz+33c{F~O^H@ii5v9W;ID$SCeDw@!)1XyeKY1w zFWijaX7DHADO3>R_dc8}BaomV4{3C=cAhU!j;!$a1 zK%FYK6P$k>s7teq76#z4b*ns5D#!ypU9#OZ-sKU-2M+)PY**!AMXbb3YX?iEo}TiV z)ogX`M1}2wvulG|3J1%KimDU?tVp65z!9CDBMm&kdV+Eg!H(e13)pT!QpD%~5C!32 zro_Y4YuF25j%tZC{v&AUubcsUVRvf4_pu%`a^jkwawQUxupZoP`k!ec zxqknhY>PpEbSUbKC-cE4oB@x6F^qp$Jiz9}=dh9jvIPQn1G0(uBT3g7drFrZW~&yy zE$glGWQra0qQk&Zqo6 zhdlI@i#`rA0O@q%mtH&s{$m$Ll@oM=PS95EW3om+Z)A@l?nFf}(?15_o_QNM19TJ| zx=aBvgOUv>X7H#Y$*vX0jJ$&zSZ0KT@%Nwm+})r1+}XP^mayotRp3P_L52g@37ahx zu6p35?KuJaZ5aQhGdnW}GGfR-AC5U7235{-9}iW#1j4!qKSBIfXi3j^L5?xi(@Ts! zryRhz4+HB1I)vSsF+Z~KFMw+bCtc2Hr?V?GUC#HW9KdqV#KTrw+P>Xj)pt&o{3(~+ z<+oks%es;r)5ytkOh#MVh5dklfGBw)f&`ShwyFf%w{&6{Ashh1JkTM6?-$$3kHXC@ zV%@1bpgW=as7|BPS&PDaTgG9XcY45OAjlEO5-GD?{X{oUkyjEyccDl91eJG@+_7kK z6$?T)ckIQ9oqHv5t4V_l$a~?TbY!fp%^z#`cX)Hb^_fC%(&qLjqOQV7#hJ~-E&f!6 zz18bzyV~VS*iDo0WQe!m-vlj9-?pg1lWz~Kz;Egh&V z&7^}jeg0$dHKTIqUA8XY{Y`QmuHfe?lon%QPp$&^LW&dqULvr5*w^lJ>9a1ImoeDRC9}mO?bW#oj&^^w zrq|7iMzhW0(MqOJ(5p3P(dHal>PDMQLP$1iPUsN11zVp6v~%HXjci%ZgX&@8XrR00 zij&dV!=7SHywO?mFC1bvv)hcdokXU`&+z>o##GsulszZrpGEy&W3p@soxr&%IBC8*M9$lZ(R{iMk2ua~w#iM!Swm^-y$NQR4X=uZHs~3jZWt^?8L?vBm$Ejdp~4PBCU%;yss_KZR_doVT&X z1=(n`@bcEn%M-6s>ZhEcoL8~Mmt~{lb;=X}QOci$v`73$WM5nSrEIk&@B)zqCKAD}3RqpnI-+QBlSRQZ~w(yv6v}!b&vSaXWvmLGY zeLioX5Y5NT27|UZ;g-;{!~{VOkzY4--Tr>ABS!2R@#&Y<3k{JpM=ffgev+;@#`Ilz z369D`V%Fn#@Dg^rjz6ySw}&G}Z!5*;aZ??+Z;m1jY|g8voOtrlNu3(<#C zUXhs;drhbvrA1w4lIa2}akSWYNJdm_Jg1QVS>Ztew-Y8Fq#scm-@u#sir|9oqF+vi z#|Vk3qNE#P2EWxbYB`bs;;iM&6mVmphX@OcFO&_ z8L!9FnaOk(XFdx0mmwesLS#n45*o4(F+=Bc?byn=S;}id<=H-6&EyTW1ddz;ty6;$ zBn)Vl{z_?%@^z5vimMiMT!6=>*|M!d-`tEUXet{JBIM-8mzW4WfXA11gwmc&&z?iQ zt2{wd1kRzWdy3JtOP32dUByhb@}9`Rwv{V3^#sK|#hO3V9 z?Fqq!G?q-civ2N9DwIqN_Fei9(c8UkBm>PN_&DuB6gw@&F`tl+m`+%I9AXkl{MZ${ z>k&x&_AWl5uPLjC=lOl8gyeB|SB)2~H)&C+*Ve3eKT=!rdO?Xjt%V!)iob4_y<=Lb z)gUVchpEQ~#L61wrH)2+x+py}c7N`QuyHXoWb?A!*CjR7(8%c9ln}fJ!@d~%^)H&xy^B_8|e8W)HI~3fwG3^1cagd29;p{ z@;dF9oSPb0sxMePM&% zkSY5`QHf|j*J2~a(2(AP;=p@_ZE`uA$UwM4=4@d$$*>`jR6bmP>fBi;l%F>#nx^=?-xurGN-decP z4w2T9QuZXgGx=K576(zSq=8tVX@~_V?<00W?PeB*Pav`qt!57hdV+o0f`e;siFlbRUueNP~tR~ zCrKCV-_nJ+ymxeX$1osncMOO6J(l=^=#(?(K`dzaw&5)?@XgIzm7b?;YoRIu6Me&P%~W zK?8T(tcqDu$Y6i4Li5(BT`F=rGe-xKWn3S1EhPVTJb#9ZJEn%KQ2IIlU_7PG(ek6;fSz zy<}^j6m6ty;+`cEBzg<%66?S=$Y(Y!+oK`DqH~2KMkx^XlFAb4_s)YOpFdx_P&?0E z%a$BT5Xs$iD#_yb&JK4alU=Pp3*X?_+`ld={}x8n4?iN9ZtN@N#qT3lwg)n83Rc4n za@8O3c_Fms^ahjBVhsa|p`4z!9&hL3Y(AQcnV`IAn{_cD2PKryS-Zz@Hzf~;bVb#&)`ob?W6t} zLJW9tZEB!q zwdrnj156L6bXtb0{G;e|Z^d|Gv0#ngC;XZ40WPlz@ny# zdO0xn$m+3z*>ASmtxjVQ_>g@I=a*2rFVxz+1-CtDYJuxs`_QM)95(pOR=?S7leE_v z4C1esu)7KWD9wHjnaU=t6AsF&3SsPMo|WY$4AOf0`uKX$Fq&9XT_dlN)>x*yk56dy zE2~H#x58e{#uOZ+vbSm;9of9534}y3GtZyp?upP5lGd;ZhEzL4-pVhWeLYO1Wh0`n z(%zn4GQ>4-O>FyOrxG@hjSS*IfYaYO`66&#LjbGGN$s9KUaClKq4mirkG}l{*`*^ zJg(HcU-&y!2iH@$a=pa+s9x~C>l6-ENVU}3Z0m!KI@um(RomK~Yv*mvEN`p$l3J&p z?Ge7z;CqQ2Z)>bsR%t86C-Al+KH(eS)TA%$&J=jP%j8Uqfw$3Cwo`3uDVE~3rm0r6 zmE)ZAn1?)#73%x|>g2NSzsbf}%4?kx1H3Srh4O^K^c;9^4!&Pxzx$3@=hsb&t`WW` z#J5Sd`<1u}fDtgnYQx7eCad@y01h`XAm-wZ*OaF&sIKkm)<=(Yir$`*&$vpsiwiYmARmLiFfmQ*=_`D@_O5Qc)fHq;B(B|OZ2GJyGQsI z=#jUV^y;1~*Gn`>^%6~f1~23^0nI?Mx>PwXxV+$6U_1|4ZfA z3-4Tltv3Z)71&OfEpjOY_W(^p`%hsraoO`wV4Xy z&X1F7=`+wGglFu>R}NM}!yz#gG7Tf4>@2d^l#;R86!2IfVSqxPZ)g!9ueJhn!4vs; zP$)3Tmpa(OVVC)cFW;mj)k&Pahx%-A8GVG)^%?{(dz)j44Fl$_0pg_$gxP5Ta@UIG zcwVMt3+EMs&C`FA28qWgw6YT#cg_zO*_SO2PAlXc-b#a<&k(J^_kWK{|2rXojHXGs#Dm1r&4FUy%4iZiD}N|&{m~R zS}(j#te3ATat&P00;ud}gMlsajxD0MFJ?rN_6ignUD zp*m@ud=>OXE6`i4F4fA{YHcw?IS-okB1jBnO@GNE)jX=@>$D8aZHp9a*7sf54V3z- z#qwqK5f8ebk7r38&(E~zksTI2nVMQ`Wsn$A_cu}ZdKy#lak%Vr4)Eu)G329J75&Pr zDmhtx&h58;VY6KJ>#U(KAB$wqH z$8zXV3)!mQlwnr@hukHzQX&&EY$8H>XZua!d6Q89ch z7D1XtJ&-q~Ffbc@v*h$dVN=i^Kz#tiD%rKrK-jf7)Ei6^ynPBhi>mP>y>E`Z&8VTS zp@&YLS_YT)(2)40;lS+NtcscTGiKnJX(z-@;M0r$juGF+ZCHx!?vBNOYuK<{ik(kg zP$>I-lwD6}ZB>tQ$8($l7;`E57G4tN7Ex}5??FnP_rXHQ&kazqEHg@?=>MQ>o%SEK z&il@*b!xOrN+Hx}K)DTYw#q@uCwkt!ctNexVsLSLBx!H>xnc1|l<1=Mq}0iFKdIJf z02B;}Nh!&M1ms=;v=l*9o!4f!8@yg2##32D%`Rvy!HyyNp99l;`O?qGl@yjK8h<#1 zT}eJA(SGWYWelH7o{-_QlmufLw{M8)#PjWoY2g>Zts{A)OAZx}MXl2&XqMcPlr|k} zOXT!s=+A(r3(~+2MX7;*h73*A9LGzwpYfpV#@PajrpsE_8sPFyb%%;Qw5*w94RpDs z4a#=um&@8Kom7$LFc(*0<^PvNd`Ov#JyEHnb*1Na^a<2}824tRc$+cqe&4Rq}i=8L}<{##`RyAzeencINz z%TYO8-^k+pI`WNREuKa@$&Hfu`e~J~pYpj3pah4zNi!51-_CW3P@3fL8^W5oVK<@#&q&AJA9I*IM4x`1({b{4zKc3D; zd^WWlc%`(N%dDsmZNC-1uy}yROdP~8goLllHvjJH2DN?&w*4l}VJ>iGOWU_my8mVzp_ovFq); zH0F!u6**E+me-AW{d!}*etp_yMAgc?Ru?mbFW9J)J)2Tz|9huHPE^^DJ!lV%BkOvj zzVEQM#V^vHx`nrs@2O*G-v{~JqkVK<5&l=9bN+0zExbJA^f2rPyyBl8FNY(Q4BeMw$7DjZE))!D2-spmA8@iM^@jM>qtN$&u%? zNBk{#!#*ZrNo5uJPoE|z=diXWyfzF&pm*RiX+`IUCvhZ{F zv|9H4Xn*6J;Zu~`sw$DzFVO>X!(je+-Jl1|jk3-!o{qTT-LbUJf%A%Tyk3<1K%?A` zPAB}3GnH~mTS<0R>e~sumnyry1ZwnfcafI&)B3k?*_G;r?7CfTElyjW0IFr8Vu?pv zVM>vTn1ej(ejDDdV>`ZyJ}h2D9dsRSgLMX1zkr*dk*UQs)Hm!mTjU;}cPaBtOo&k+ z*;MS=n3DM>N?~J5d2hTfUyw52XmD1l16b!QWf-C4H_EYsplEAPLxjpg!v$%Clv~)3 zxGtQG8c=X`i^k!1Pc~BF?6|?!35Zi#~GEzfqYH3zCyGsGC zR8i(O-C!;ITxPGecL`NfMYR0Eu4^@hnXl8EUfBB3(FjOP*$-& zJcqK1{oy{?lKFW!(PAoT*7;DQPMjOQ-l(&^hx`5T(*WlaN}Y6W;B~Uy>iI^JaO5OW*sP>Xn3Ym0ZFUi7Q z(xNLS`o4#+MZiRG-mLnih>QOs8?$MT8Tw`Q$iw$XlzN2MzZsu&!l|2-{np@t-WB^T z-+Xsc)xnS3{@t9DI(ms8AGgOM3{`A=>F}*1HqiG;tW63t&ZPCqI~=oeDk&`L*<@ z{r{rMiy~dMjx6vwmV6tOm~`@)*rN0uHXo`pR4(zDbncbhtdryyrOy43U=$xbYmZWA zx6)9QRqCX3sZ!_u0i{lRrKL`+{Vengl#^#%Kn{myP9B6Tb_@(4cV06!&jeEQjICMM z*|(IOXN-*r6KmR5Eziya^@5U~hx~4kC;K9~u|R4ddHLy@(a1$D4e3V zVRUD7;Sc8Tx&C^i_6i1gi|(r3!9Oag57xZHcDX01Icn3SY?SE-6NNEObBxhZ;p6gl z6=Ss8S?ulAHUUPPkfXm3X>`m!HaRA)8W|y^(KXd_XBW^$R|zATp=EHR(3xW#p9hyE z_6lR(AHp1k5B4+Mx%iKO9>oFX^*wcI#D5Pc>D3#w`YSo>T6BFAjz0ueIlSpF-0B+&?x0pN(sYq(&04u{c#DYMn>Z)@>5Qw9ag6&97n)+Qf%f|dO=0yDn0+w z^G}h<0Yd?C2D5N7L zvyI!K86k<3Lesdt===qUiWkVVuEdvX1?{Se}dQX z`B3n0gF>$y4kHJq2+-S*Lyy#qMlBJJSql#LU*j)R!EY&^ z{j~tNfAJTug}|MjGq-@?Vk{ItO7gMA`4oHM9m1y@I+dK_M7g9-SQzVzX}eTPSsstfAC-U&C(7gupVVPh~FPyFjvrQs;d)Ds_sU7V~N=is!z}M3N(RKPKr{`8|9RKlkB3jai8$8BD;vJEfnECroaT@Ua3vlg~rs) zWecUP``~-P?fWTTfZO+ju_ z^0V~}+q`a9i{*eTlAzgvzIG`j(_yBx}SL9@*G3R(dlk{*>l2O3zx*VBGPDL%6L17+@sHDj$34JxM2bK1e$b&JV+r16 z{>Z3X@dF_lOYxuB4|O$hLowUp1%h($1`|iQEWDDp;gs-~!lS&T6Vk1&Rqw=OI23y@ z>77WYF^~3At*$GTMZKhV3pixP0+Uruh&4*rHWM*e4}126D#%Z>{nW>T~?CousGhNQ^?6)jpU{@=oPDEu-cBe zY$p9Ir*MHiDZY9D!OcCx!kuYQ_Ux>qEZ_N|} zPC{uyLR=~8Zwkc<4_SiPeCYZHsHTz+1h2!om*LCtQ=I#)g7Yhq$%Z%!L{LMBBwL?5 zLb_{?zXo9XpE6A)G@`DY#Ec1p+B)U$8VNZt)ccvW8+bS~O$_3dHN$ z#jV1(#h2i(7n5xVk*Z`~vd9OKhkTyHn9Koy7T^>V*xtYffpznEqEboVN8DP>WQz2I zwjyXo9A^Qk18t3ibC!gIb`Kjm0c-@*!BFCh_HWq5Z`i*Bq>_aHS>WnFs(nl=KBhgR z6}3@}^W32q4&fI@`{E0Sk>mqZ{rf_h1MXxg;4dcKjhM%EjQ~gS@kUT%pqru~Ta9}tde7a)|LRwtv!h(SAZ&O4Uz3O`l_<&x(N7?BOx8>DNacw@eQXs3#Q^%Kz(p!>KKLY1 z-;sIEaRFa3_=ug+;^*aeu0Fz&_$7Y-{q@g};fG`lh0oJjU*Yqs*?Qq43V(x_a3RN8 zeO?hssJz1K=^U-_`qe<{Ryo{@va!9$d3|ZA{N?qZ;`MWRHh<-PWU1~`@RL!voV&Da z6KS^l?ag+dgdXU9sz+hIAFUQmos-N&LSIux;ce%>c+__I;@#QsNk(K<`w*Hg8oME; zG?g-VkCyLMq+?L_s@0GyRsIj(Nso(%&!{F18lUBUi-^qtyXL#a_he%x#T^$_?-{m8 z9C0rc3m?9Z?IW`lE|QIk<=C~*8<0P2x16k6WCW?77}iY!3O2YicpxZF zx|r*P5b(|$?ekJIq@Uy=LYBbXx5S{ghX2}UrzU4-C#PorHIPb$!>Lq&y}bA4oA+LK z^Uc?Fjf`}4kBs2`9#&@C5ie)~2Ev$Ja9XN*Sug5OAi0?)t`UckzrelIeZVa`j4ms> z;MC|50EuRt<%bD~`S9913-EgaynfM9ze(4gk|RPEcaZ+|JyAoai+~Lx!x^mPptl zVcWbmjJH335kUnM&O?sEXI=fuU{LC1&J;-5!J~PAicNMB4yG29*qE~*ccdqf+0^5Y zxMgo)upsG?v;E=+m?(CxD!AAeqP2|2YT1S;I;r4v8^zGbaIbT_DGk9PL8c^(Ssd-1 z62Fdhk`~s>9kG~4msGXX`8f z1*?17GDx`4vFCx6yEgepuijC`7)gQ`V>Ao8CXBgWc!Leeh|f6@3ProytQu1_C+EZ* z=6DiK=-=6YpkExWP1eNP35R1c!4fA-ece%OnJ#5yMU)f$8N?S9bNWhir&$X{e+v34&^!tHCJlKYa z`Tan~^92(gH~Vm?J?`?QpnoqrJ%yORm~eX%Id`~X^L4~+;gCHT(VL?mvxGtxXUt>{ zp<^+utx1f5Nk|H7+U~##zclW?6fq>4ipR1m4gg^lx88~wO4Ux#oU?5~(B9XVgOS^G{)07l}LcT5H z4u;peljTsTGwa_zb?b?3Vmb}-0AI5&zQV3$A3)x&1A?${j-OAFPlLJHyMdANVDp*- z*H%$E;a$yZPCP5)nqIiSc@36Rww<132bT)GOWQYa|e}_?_mJnf%n&#JD@@dhuN+WA)M8_Rnlj?g+cS z*LQnozF)E?;FtjU-)yPRB)Y|p8DCe`42jW@4x9r;vBRuL^ao?vR9Omha-BE)?vDQuSo5`-fU%^^NN$-&*Ytt-1Qz>dbp? z9v;5=Ju@@!y=C}8+!`WUbvsAaKDP<;^6lQ#|88v5RS`!`~{^naA0u%nq|*# zr2Fjl1`Z6r---jXd)a-^l=3_SP4W7d-*+|d-}aJnANzbu{nY+-%ifQ32kswgY5zK` z`iS`SY#q+q>+3vwm6!ynWQprTXdq%(C~xD2e-r)%R2X`2A-8l=nC8d%$ov zEqi_yfBv>c`}zIW_U~DC-`~97z}bOq3h!?`->kpc{+-M2hZ^s1wr~0KuqvZ{Ul($; zzIp#QEqk8ohg8r)Kg#^y(bE2_myJJ-qnqNgekT&jP{br#Tt4W0BTopRyV60=WrKZX4^>ub6Z-|A%LfZ{k zy*KEItHUp#5$XUeLabtC*9TKkxXkjvwGJjJQKUSbM+f^|XfW+BPo}rtwmKADeQ*W| zRnplty9ZM}A?=JM-xas@6*65Zr|9n$?=#r$a9UU0{EmsSQ@4#LR&MQ=Z(Lur+orZG z3ek>%_+U?V)wMki8`=+)t&&Y#@bzuv$S(wgZw`?%$a6tFj z37%T(v3r!1-^gZ#T##`}XYaMZ^Fb%t?OM?@PJpNvhn38guookxNAO9wx0C?Of?$r; zeDo!3-F1@CVA2Mwq6|l-^s157xwmB3tQtvwtF$&~iKX-2Tfg?n4^B;e=#yW&J0?0H|i|-ZhL)-O2Q4UDEmCT1m!I(e>vE6!uW}n_cC+jn0w>}Sa6&TSV zEI{K;{)ggyk1Q-aB7Wu77sQWT+9Rb$<3>FWYEXV-j)Q=VhhtCad}!rapr3^Tc<~wTB1y6edPyE2 z*j~_O2vbRjruT-rY85vdUC?yiRPWkXXTM$e2X}i1Qg0>Jj*ll#?%Mvy_{6){&z%g* zqcEP*ehm}8`0voq=%lakvFHS1v!3IjJHG-~Qx5P7g!ZQ>K@0&HcJk1;{deQp#<@h) z5iO&xD`BBwABE1D(ytB3A(PPx&=Z}YH-KiKX~5x1hooLE1IU_UGLfdVQh$=aUYuA4GA#yDm|9jz08lyWbnIf9_qsx;wTawT10k9q;Pu%ZQV&{@aH8#>gB9 z*)b-(P29nr!W^XGH3ZMSj9>|9VntVHOjpe(rE=H;nOb8vdMQ`OImBu|S#!{<&p+vS z;Yn=gjV+vS-b&t20_G;`4n=-80*v{lsf2E`q2N$)V)N#S;&7n(X`?OYBi(>6bFBI4 z*?4L5`i(Qig!=c+2#~40=}=7lOEih|A$zA}M0_K3CQ+kpw?7>5-{3ReKx4%-(*v}h zClY{gu>zJSKP67`l0!!kB6_}?&H!(^@h~$x9J*35v-C+U+_f1HF8zn$gt~+O;zPY>K>TyKu2 zB5HhZq$X;7&-Jnaf7Gw!CK{|KTR*?l`laXYM=M${WzW~T*i zeRi$ME7(176XZ8_=_%w>0O=xfo#@A%gzgQ;MoO;*y$Z}@z3EQo z7~NFb_My(F7k)Xqsr}jy*S^F4alYf~yLa6EmX1w#!;u5?(1~A!yGhBI-y?_ZV5VeT z1@;)!=bCA)&Z9+w5NajCB=_PLtY(rRiPNy-!E2VWVJ$0ZSrlNR!xCKLSO}*Ey;0E0 zP=whb>jEm4l8c<(F?V(@fD8;3qynR#`tp>Sr9%$(xA(wrkpH>c@q|!90yKBlZ$;P? zv7Z`yEVJ+ot7R5|$V4cfPkiC7Lx=DB!nvcD_v6%;1->VokvG1!D|U2+dU$y^`n9Yb zeZWB&sSm?a35c3-DA!J+7XnTSuhWY^suN6`FSA~)o6vA|3sV_ZTX-hJ9%JakdA9Kj zcO5=-*B2HB(GAQ;W$_ncR{VRebL^CTo~S>h5ll%TVe)tczcy+|u2K-e6Ub~vP!K$? z24V~0u*b;&TNAh!_;rUw&Q~~vW3>*kN_u2yFd7{k8c8=lv6Z1(FjxcL=*ZSUQ^ zb*8OtX6x?WrBCf+>GW7T|4lp>Y+Rb+eq`&=R=u!}kuR&ned^wc>t1Lfv%-nflxjT> za`_5|Ie#ofgk#0WP;fdyBcC9|?Jv8$;~aUrh%0_2F}u*n%br6z!)RI;RD4ojlc60J zHo_}?nJ1$HsM`5bsRoa;($4@o_j>u-FH7u={O!H&kR#vB-_D+FN%bumY=%4Zy4Gaw zul{dK{%>V0MD!W^(dYTR!G}})E+2!mutPS{5M+Jn=yX`^EB%!-=xbQgAUTzqfIbt6 z>e915fQ2FtJrw_~dFUaLV2LZ8bk<)em6UYVuh&5`F{)XtFYlWukrO3PYkj4j{r789 zT~q&*{-A$fK>su}#~O-f_Ch~W0m{ke|B|}6@>sPoyVc5c56x~*S?w|Xm0h?}4ifw- zK$%!3m76Z8x9P9kf!l@F0U50K>ncLKDGz7loMUswW)EpJQT^tiB>BipM4(WJ&Y*-B z6fsSduzZZpAoLa_f#Fg};&mw^*+|1{!?{xl@#yLS7VEP7?;w*gchpm9l8NZ~{dCis z&+JyRO#OaB!rEDUS#!HOuKmIX6v`QB@2^jHsslxTWy&VhiKH5T+$gT7)ph-|?dCsr z6qivNR@0?3h&Ta6;U6NpE05taO8f)Ew~RFZh{3xet&)#o66YAPd`f7mbhci+qOJ%;;;%)ouWiM}Ur|2O=5;1&AbhWdlzU*mpI zL*G%qD2RWF@1Ymzdja>|kZXO&BC9;VfZVK4;eLddx3iD1Yk>~rgP!UL%IDapm|N;b z`3L!T2fnYO`_MPgeJ9Gx{QLd`kDa`Hcjqz)wM^nnhaScIrsvb?b7Q;KHc{$RfDc8Ix zH_O|H^Q?L;hIdTzYtSvwHEinz(Ib2uYe|B=6B*4kkW+ZZrzh#us!w-+9I9o*OE2-V z@Dmljv-q^&5(2W(Drhurj})ViQ(PAUFqI(Cy*Bl^{_prvxnX0 zF0)UQtHrDuag)Xx^r2d`Au7%a7o;Fgl)%Q^OjmSYaf%dzhh=9Q6i; z?qp`dWhsqU6D*O?dR@k-uQq{0$MB`v6T{T6Ip}_%M`ByEc`lR#iXx;r>G_+j2~Er^djpa~1+) zTgF%K*)TpN549IW^T>Eg@9tRNJ5vpA>AB@ry;Uq~5`L}U;jp!T`^%zO=&82dm2E4g zV63D$oLc;?I0wG%K#xb{ti$0O8%A8^@nj;&>`7*b2&1+miO4u(CSe>Yx+km@>Z@>nmL@c)R?CTj2R7GJ^qe*^QM1m;e}Ii@?F4mw7ymLn;P)#?aNz&3$w zP!jN-CQE`q}2$GtIroOuA zEwkk-VkEDb4wjNf#3!rQ-m~QjXvks9-JS%skK$PV8%CxM0Xcbsr4qCd?bYO%bhHwT zOc=bfZQdZ2aue+W;XtE-l+&5>1)j>YR>M%L{(-OnL%bfs>Te`JwnI^*Kn#)-B-g|+ z_Ri0Ki5i^f40=aviEc;65`;5~*`L_llUdW9@K!eTq+n=eq)b^7kC&2X1i z=Sr`01_Iri2CFlJX@l9OQ~N-&;9BukaJ+ux=uM^U23xv4G9#2y@!53F>wp2?a`o!9S0OE%*-@Io5p@P@QfPK916k~V3;g*9;B;H#F z?_Htt-a$F#b&QI18WfKtiSr6Vc+8maj@#|vx;lenoMH}}eD?+HCd4O7+`Q18MBA~E zkg0fpbxSZHcQ+{KR`ztyO~ns=x_##8#`=&aZtf_^?SW9KPwaf_rR`SJq1%SG^aKts zY-H@~245}~&3MU$jkoVthyhmk?wDMR8K*7OKFhIeHOmzCYcdfp&V**IF0*m7h4`-l zx)!1jI*UUgzrY*XY$@OTfIkGi4iMRiAbM3#Sgy4#tN2_<_Hw$3>GJ-em7Ww~bai(# zHn@l2TOK%m$w7cF`L%mTMy>|zyu?vlM4|XCUQyez&SC$am*2No36WlXsQs8jTMbPm(`u=Nv#>rtlF_+ zV8^P=!UxU4BAgNemcjP+0ajjnFk=ly)4q{ur~P(|jp?iwo6jHd6mA;tMYgTf@a&K` zn~Xb5iEP0=)K8`?bdAnzHqettfc2wRSR z+@#PHxqi%HvR-&%?uo`!)oG5D{~&KoF8n9+E_{ofJNfDPx1YQO?_J6t`Ad;FV8ma>Mp}x0l;z-?GKrW}aU=8EET)p_0a`jC^YAV2|&D-+EgipGS&p4*WbDhH=mg?nmkwhnLa@S5~HKa3z-;kZ#HuDh4-{Vv zglJf0oTGZ3?TF6{@E*wtan3Y><6e`ey!;e)D91BIXd^Ys3PsX$w-fDluPB2M%8Cgt&H zY%E}c3(El1Hf=H6JfMz)REb{W*Fg7Juh}9A9tmJjy=3lgbTg^Tqi0Ap8?u5;uaV-j zezU{m&^QPPh+nX`{KGhiVAm{Djk#PV5&=rHE^|5o<*Vf?sfZ8^7y;c(RwNA@48~wh zC+huC$;+>Y98TXsMS2WjZg?Eb)qGq1Q$4#Y<=tJ6O}uqRb_Z-4wzt*V%e2;j=Vp&D zWVeTWe{}~i!Pk8Gnya3<_TF>CTXNBAA?27_SeSC83f1U01J1~Z-#-#@29&*px)Z4a zzc3^0deUKS*(k2vC}V7LN0Y4v_bU=|>kbWTfMiAksu|nSY*Ijhm(#=S4xP;uS;85H z`$Lh;pwf^RF#yZ2ytur4_T>`HCvGy0Gu6&SmbXLp2m}n(RVY|*asG`r>l{(p1Iej} zh}dOY*#(uw=tDQz4&C0DuEsIk?VH8l1pcJ(yYx?wk598;`}?;eW`d2s0F2Q`FxO5Y z(Qvp8Mi2?CxD47kqs54ofYy<***^Os73722M7hUQGpB!HHClBS9Dd($v9VZji%+%V zoc((})U5x`?^X4qYE5cGm*z^I(rfa*~ei0LbkbTx@ag>Qh49fjBCbO|!$ z)t8j#!v5lHJ1Oz%)vNIzB3J(QFAuiA!z#*rEMVdOmG}*u)6E97kaa$9Qb?P0P5nwL zY4FK&UYBGtXk#(G0ckYK>nl7KNRnbByo>5yalLu1?_ zT;c#WLj>&(C-5+ObViVrWmq(l@&NLXG6UA`ZTXL;qlrjR=Y?*8)^4(yboLZCSJW;C zFsb~=Is4r5v%>H&XYU9&z6}89>3cbG2WUG=L`-?F#-Xrv(863Mh%O-mR7(Z*QS`58x{2c#YAYULLKeYGCv_)Vjs%?k^OV7)%#d0E`jDVSHr z#00(wQegE8S_?$(Pi%N+cDi z(Sw!3$ss}YsS39(T1Gx_Qp(BU@{aTT%d)s zICr_c9+%6@^cHAgG7zXRi^ZiYAh{lk#pAAgEDUD?dgnf0%3^WGQ#u#&6?&77C~WWx zmny*toV5Vb{M0l2G0CAY6k!q((+9e5u3Fz1yVer*TZ0bS-Ip3$OdJt!FKqhc$KGAb?Ym-6I=$zL zeYp=Z!J-3zr*NRrX@>Kdv&W%F$~gjKa_wt;VUxsnUOo}t zJ+@{4fO|DR7Opz=y4Bp6r^mVKADNuCl_6QXQUU;;#_oW{@th;7Wv)wc?S5$af-Iv&pS#x>mv=Ll7Z+Vz6+FF42t3>=5+U z>3paz6AT1%2Kowxzv2b#kT&;45=fz5NL$h2vJewft2_60Xe(lYI}!_v+tMF8{EKVa zo7Wi;iT!W5ZGe4%OiVt`3U`GY(TTXJr2uk{dMjRL_cDX4(L*Xc}W#sS4fWhdf*6v01 zEDWAnBFYFAj)7C8Pd2{!vVoy}w@=gm+mCHtwzS`8xoq?1y;gROb&sNW(zEB@U8Hu> zv-jTiH}}rZ?`40t=aNhIs5be}B;>wf*#eI&_#OVZUov19mOAYpa16u;!~~k(?~GRF z8c-3GvU31Xy;2Xp5X72PO)hA-5CQ?)>w-qZsvwv(5A+lB0Qov(>{6VMY~Kqzas4)< zp0T%!Vl11;oc;ggaAZkTr#n?|S+)eMkOeC*rn?Vqs%;}t)NQre;%J;S zT+ly?RqPU1xcvo9R`e^r$lbc`N;gx2&)G%Ov972ywdA+6f)Wm_zo2%DFALtW*XveC z`cJ3#t=CLcsJut^HM7Lyy`yfh0W!skiS+viYqg=FT5V7v@y>6$W`Y>JOSVkJ9CA9M zw(6!-eQA1retNpqqBETPOwv!VuBc9DvQg-r5yH(7?ZME>m@wuTi;qb;%*<%WkWS9I zywU(xR99z3skbpVh>_aH>b`Jll<{H#t32U%$<=Dj&Mf0>#N~4x8 ziOAU2MmdGaD}-Az^;AAu>8r3%h1o02AQmuN<)AGQBkM1_WM^IKlu`Jg%J=deG znvQ1dd8SQn@t@z{7tLHcJ-K&yXzx@e+uS>_RF7R!oNRU5ACgPyu>AhM@<302x!iZ* z>{a}}-1KsPyNi9hIprRi?o1!*crby#MtmuV+wYP_cWMSkiRV~hbAeR~OpF(py}%4n zoT-v2AD^v*Y1AK*4SFFo=Y+XPi2<_U;AWpb^AbgQm-i`=a~x7@@qZ=qL`XKo%u{qO zAf(O}(to6eo$^yldv<3&^hpxl`QdrZo&I&P5qfxU?G$0qas^i-+28bs_l$xo zU~YMB*E+FI-nH{~-g(hhROv2cW!Lh|4Y%1djov`arJKo)2ZO<#mHh{O`QcP|SMmm@ z{fHs3ur&d1)&2tJ)&i(VbY1C$0 zc$^tIo|vu`4S)%tyVSk8Te5fKP|Mi5bjDIXA5FS-QDAG;vJUQBoH|M8nd4Q|qQLMY z;D>7Z@z5xpWMr00e8yB34fcKlBboD&$WV7U*4NAoZYg`oTK_-6XfPa+?NRerI3S6A zS7-ASCyJ#FUEajR?vXa*2E6!iq?q;uQdXeAF*h5~{*Q^DLgh@ekx9hkpfz-q;w7V_03whvzoeDKT?^JezuOjY1>PXnYRN>Gipl3Txb%pY(@FarX;Pmqodo8U zTx6w^3dvO-o=tFP`3HqK)2wI=jVliiG5NczVkNC+N!?Skan0M#en*7&Ok?#s_9)Jm z6!JUKpe$#ghR0G8s2|eej+79LEXh8&noA}ttzGqW#1Rihlov2MCy>^|5%L;76z965 zlE75#fu~c|K)=@;YF5Tu70)fV6q^81b$ddH#)~!@5tHGN*~y1!@xY41aM)66 z-V%tp-F8o)*LKZi-xVjm>&+J>?Gc0as%ypA+up|Kfw)Ef6Lu!-7-TtRXEQ;wkXXqJ z`FLK`H+3tyL?dvg6F^y&>7!28B@g}byZp>aa(fWCBQJ*s^YE2Y7pY=M^iG^pY~QBq zrxPl-$8b5#*gc|X3iV`?GdJ1_o30*T&*+hrEgrHS{XK=4q5b*s1DgP!=W{3?hs~J8 z`C3GTqvfEsI*z6*=|*~gTC%5^A=C;UO+hdw4l~5;Xz1@mFL{GIR~^pn{vYZr?N0jk*&S-Pt z_-sV9fUHvVD6S{wo=^Wv6i;17{vKHk$I0cBj+0c|Un=q0K-gU={Zx(~GU};%A%!~- zlX2JVvE8-4+F?|v_ar@+wOW^XQawRdK74I$_c2>(`_YBjWo(0GyKdohTn|da)UYG^7zf!>CEc%(c!1!b478?+mn+6i34V<%d_F0$@cG={`yll&;Hpgrh)p2 zIQDKJhVsHojX%e^mNFR~KaR6fd^CP6E^%VW&&0nH|55zk;+l`d*^xLKk2CslIWEQ1 zLV8y!?n$NM-*K};ZpMWj9(6zIKIQ(ITl1isy~)k0%8%o2$qnfHE{EIWa7)FtJb(~S z(I!k4Kxz^9rE$LUqtxbbn5;`isGQQigAgquEwNqFc`CY4X%JOJ)TP3 zaA|53TF+@uzGSan)BRy+K}NqY^5%iDVWasCddcPA|MmSlcUTRF4Z2eH%K!Jl+@597 zCh%0{b_dM1sd7y_4m8V&f z!sZ*6a&t=5moAhtvH2+2v<{EKg;x zc`7y@YJW@AMJ_4b&q}2o`MZ|8uNyj8+8V#>#^~Mws&(V}LvY^M(B?gjn$c(V?GlV0 za2f!7Ehv|4s1joK5aKSbK)@Q5+&YKDDEM{+1gmj}8G*b`gSnx@n@gt73#E%&jNs$N z?Z&CYzUv%LEIs1QIhmn-iL)AM-0RCbf5jeQpL1=BF(PkPok#)#H3YW3jrhE&mR8 z;t8~ofH#!wE!WUq2ag>|%6Li~s->Je3XFuiWF_{5y97Gs_RrbREyZe||AyVA`J1MS za}#A-PvYv4$vJYNd)a;N?w*qCt;_bxz)-+_MQeC*AZT@Y4ac3yLM4**14K#v8AN~R z9?!#LF6Q&PM8aaFULYYEi`o4#zi99uDa2BLx!CABck&z|fhhktHz9Adbz}74E>$K*hfNR#&N~+pY8?kJ_j<)=?Iyz)Ci& ziN!3|ygeVwmw{Vf^hP3fFC~g4gZEf2lGqUoW9iUW{>^Kmda+F4^;bl`ZNZM{;p47szy09WYBgY0l1$+f&J?<(KR+TPl}x<;IHMM13y^ehk_pCeML%Z_;nlTO0wGLw1># z?D2TSeEfhdk;yoWfoy-aJW+~RO+lwAWD2+t#-=@lbIJhUvj=*-gOX16X#!fU#S)z< zqsR=w&WgPftB8hx+3C#YsI$3pHZfO}WS!542!Ujtwb4PvbK=WD^?8bdEOC|?fr#t zB_A`-bse3p?->oVbJ>Z+L3c5iFx_rWfOxT14jgpEqA`0{+U^aQt}XP3Yn%8y{+8n+ z($JNt22Al#2*PCAWfi%;LMIa(j=GQ~nm18G2@!;?2{H&`^6v0wfXy521Q z-O9GH1V|mVcUi)=K+GBLir6>4aqP}J<5O{9@RfeB?_oVAh24!lk1h@24~2X<>Iy9Ji@Wl?(iINgT;oF^v+M$?YOavXR1$-EA6(B^Av;#|J-Brt zU;t&R!|#?|mQZf2o0$S1I%>n^ZwqG!X#b0_RX2i%K8T!G2>6z`uvo`99*fu`v508U zQSKqE-{Fktq$Q7^(aA;k3CvZVFQrHlXRuPU4%pwctKobqK^S)La20G(r41$T`)j-2 zH2F~amdUYwQ)yP|9o9yvbj~q&{i=+(FTOF23FV1YebFS zr8nTWWU*1CkLrC1^#l(A15baG0aiV87T=wzo`9hAZ!r~DZDF)lu_ z_U|79kJ|Zv$NTW_%i=%qe}^8KrojK5_$csx@ox3saXRzQ|E=^V?n{;V&$~rbZ}OjS zl>A)xLizb6Vh{g0&3O|3KG!|Kb1q>3S1F&P`3nCWydOXB7Jsw$Isd{xNBQ|B>d)~x zs3sv@4GR3@b42KC;B%-B|C^i_HjOP!ys)e2FPNpob7vdISc=OyuH*Vvw7k9Gt!m=+ z;IaqI7_3{Ow>rRe90!S_3!jToVPpJrDLskLJ@*5AF7b1TV4NpW5u-xph5Ce7@roYe zAXGJ8_I*oX=VCyVgPB(3uf%669PPwwSXDj~8hZRQMV2S(b1}(Ppm@J1FH_~bhG-zQ z^MKM$Ax@O%A}G(-bDYv=Dx9Q>E*<9)3lJqK(?vS%q}U5AVd}fWMM^yW{FNS}B4tKS z;*WNcPkB4nK;oY%J_&x;cL~vk7q~znlE$Y>iR!$l%Yy7Qh)*XbF&Z=F^ZPoVFFuJj zC!WBYz61q!ryR#aq-f8)XiS1kjC57`8!?@)d8SVM+hc3*{bR$aJT%aI@k5pOD$l)n z?YVz5CY*0AJ=B=RLxb}yz=>9=wXgfkuidfsOte>hX8-^6%)M*R{1T`t)e%xU>Oo^K z?&$0E^Q#v;GaaG9Ez;n2VQ{$yu+m%_ql^3b#q<44M|eLW987|-#r1=$RKkt4h3s zuw(q1=DdE$wkmOB09b(6BqlLL%EeGehK+60ZfO*^${tI;cPLB(ZS6;x*_RH=>3~&Y z=9%j@rtZ6Ey(By6Wp4#K&*==OVN{*p>tDy1^SzFB`Dv`n#1k4xob3u4J`>?9B za9b#>buOSPV{H#3mW8Uh@1q}or@U791qKJ_opcV`9XogBtP7H`TX{KNK=*_A0_@Qe za_*T@f)$&fGSKK(x)U>wBVD2BoL67efR>4wgI;8<4QB5CaPt$D-KqgfQsGL~E63~B z6hShMfg{gn0{Lo=e4!<Vs**cJ5@BDDa(7hf)csU!Io4etQ=iz}?r%QYL zdFUXJRGBcYcNn;>6XMekBV@#-`*eV7h!Og7VUvp0M_-fJ|SI| zs=Yl+UY8g5b=6z-+VV@FeKOmYOnTKRswpu$l3OZ6FMlJybQS|oc zoG;S6U}hv&U3vzVrNv&HANqf&iOgK7Iz2A6X}jil*)1F0%j}pN_-|pSA2xu zak#7bXTC?dJK4FPG>l#u0#e|RSJx6=uVBb%FKngH6`w)TD(7(gIJEJikda~mMF$3R zRt1ms&-l8lQyokpDM?)e00M95nz0^fjLx~Fe5N4u&IJv8!JVm|gdI(W9{z(heFmWz zRR@y%>dqRY#339Wp4~-oo0t;WMQ{oBcbrbtx$*ekHPpv+-4Tb!e_sBv{r@foPAF<) zJ{#-Vb592fvg_IhDi*KT?>H~ND-KNm zACbKxex5#)?dw+T74Y`?>6NM$N4X`nCHwjsoy6TrdyzP`e~dGYc4Mo% zM7uG=6;|*wj*pdo37a^A98fH_Vr-gxLX(98O*tB#^&9<082~ciWgSL_a2tXIicf)U z^U~Ssi?38)dgWz0tQ5c-&jTr5^f)L5kYz`a*}tuJ4-RyH$TxiDmd#g=1kSClo&#)j z$L5V2H#1B7Cqw&Z^0bnA+dssQe@|!c0_^w0;#ZI-3<@kyOVJ*(F1YfTB?#F+Eb=XAs9c5=`ul^Lx2!6`4smGKpKlgx7yl`Z{n>w2MbrrePf#9vK|QZ~u2tt4fgTk2)ac z+1uNLyBx$JrBV+NW>U6Lj0^GoL6#1JmDLdxJ;8MFy+H{T^2plJ7em&P^+Q(4ZeY6nij?#tb7v zo}Rv7HZ!YvPy+ig`wdl{XyVKe4?-8q08djv8pCP6Y#AZ$Ti!^{^Y>4mIet3uJWt=A z=Mz(6`VLB(sDklKUe7Q_836vTP>siHSZ%!gb%Mh?zK*|cLG%ELuIC-k6Lgua$;T_C zt83s6RXTo+JCu%VumXwkH3|9jWPLntbA~hCVqLF|Pt>O}?GLN!@ib&W4E=#2QD`kKE~ zKTqG&g%?S#^M0YSPDz78v4Nj}qQ@huJ^D(+nvIh^YK0({V*akPN9pqw+xH0<@jH_R zi+2py$RxE7bu3@iH&UKM{Qk;w9v2=}_M3Q)v_{pY}51Fj5=zY-r1 zpZGwBUz@)J2R~BqC{Iw|LG3@+#(O5u>zay>Lu2-%{EiVJ7fSI56OAZ;?QihfK5D!A z`H%l2Z#$9zO8kMp662`EA872Wcn6LB+t=34ztTu@`8AAWQXNTk?3J~NHGaX^|GHt# zCAj<=ylY!>-PkM7p|ztt=W(v1POCu}P~sft?|2^P;Nz}*{^K_)<1X|laSpDgfp*Y* z-pj|mUv2x?TH7CQSc_?|8T&3bFA78>uB;n|SFY1_6Q6jcGwx>^R@n{BG|?QGXJ*oi zS-)=X<>RhA=W*eV&bkLvc{Pv6h=OWr)4In!1FbiVy`uFdK8`M%Nc2YiQr{c#Zf(d|mrPq@Tm18cHbTf|v%4 zz4DyLg^#G~M#w7hplD~^DDec|cIERQzg%g%kW}J9is?`Mjx(IQrVoq;iDXP`@jGT> zG3`v|$UqsTr%BLQg1dRH=yT8caq&^KpbXcl{0hKy$eHmFGmLsfnL%ixBAZLBUqPoR zQ3Dl6rzo$%YT=xIgHf@1u(GRJh*dWvHw@42s@HN0(OT)+k&!EA3w^c84U;#$r=|0U zBA}E&BDmL@9PY~2V%EEchAUN%{kT^S4la$=cE@4|>)UQ>MnPD9AF6;bWynR%uqU|9 zKGVn;w7x}iBpYAUYR$*GGR|ztPyzebj&N9TE;($O)DkK)Q~(9_Ygz5s%jl<5tzvZ( zD4uYQzyb2)3rrm%YUt+}96*P26Vl_grFyz&V7NYc%lmd1tNXX~cr(>-aPv&DI6W4% zq>5!R?CF{+=jI}wONX0#hJ)XFk2~hXLySVR0kVoH}7Qd1s!c7nP0% zlVeT*Y!Z`P=3rtDKDw|h0O>cNIi0D6%H6GP2d5&d-b{ZiSaYq4pG58W{2Ml${fxNO zHJ){9q_f{bZ2)1Lb%+sXkQtm1u5XMvv)yi&Bi*WI`i9t$p%H2@dxMGDMSCa~Du*OP z=vY0S(REjrQgJphDoFiSm&56_7C>W$rN4V5(w6w2`;YgEH78CcSe=9x=zo1vxAY9!TbsCIDi@_kxQ2JzWrtGWx zMBkCAM4?zL&lDIMXDHI24{U2RwgvM2?D0mgC!Wa2h3Rf2m~%E~ zp}RM5;MQ9Y1bVv*PFt?jPW1s&Y;b$faMj=d>RO<{B*0^oY)yyDc7aZztdpM)h0%=)BA>p_f2O< zCTcmO;hlO-SFU$tq!)kKFDFJLyUY1jX<{iHy{R#@r=CpK_Y5^|iiVdaO09f(cVu*; zeSdv)xY-;Yt-~fHEZa24!9xkxS{8eTd9TD8+0^s^2zb%tbG6rSC6P*YT_Bh>~Jj5r+MdD-4HyL``;q?8K) z(s29caBJtD906g(O^NG{-#zw5Dm=PXD@`reZolJj8Rg5o%^NumCMFziG;LN7_&n2E z2!pdwxD*!cVWt(r0E>oq30jY!MO;AXM53Zl=0qa?xDeS9h3dS`>DTS>abV0^X8?=o zfMPD}5kZ+C_R{GU)O*(DH^&+87e~ps#%DH0+UuaR?QeNUH#9>33Z%@ZJXjjYG(->umBqONZQ zR=8-dsxPKHkirQhe&J`|f<~E|c%|bSlwZ?AdPgjq(wFfJD5dvE|b0fvTuOy>>EHsC1(M zGF&JKF85>otbef#t%qY9>>Jo$)>++x)?Y~BHqcAUfJeO89y4RB`~^Ih?&@j|p!F6oLB;iSK@xXU2EPTeiH3J;Z{F*%CM1qqlX;mfo(#*}JSJ@tMG%eyS znsWVrLY^jvoqbuOpLEds2Q)!XPz<(uQt5P3X!V6$C6{P-p{4`1&3(P4bSf3gB$F|l zkrdMnRJ;triuHYAWvcJMWsDTfi)WWlp!^fpl!^lBpg%4ykAf+e?e|~M!3$;8*I93B zZ{NGt*^7nNKdyCL)cJnZI)e$qIlnMZz~K-}&c+6;cpO^EJXCi1Toru&5D=XL5+1St zX0~_{$Y~TfoUNX$y?AE%znwAy<6Jatuk8pxIqN3wHEkC!Lq$mYhP57${rw-(^{}DL zK&_1k2OHCsF*bHgXjO8J-2U8yIZaL*Z4Fc+jmZAUgAq-nylD5tKu9YYJjX^OQJr>R zKpb9*g~Lgi>H7PP)uk?rol+goo_!WGS*O30uZZRhX6K8`v@(}pd6|-H>j>Dilve9x z6v_Nnu|0~>m0fR)i~qDn%hvv5ayGTz@?OVWn4E3@;Jg`b?l84|*=)PO?pBE0CWzk6 z#!MX}oOq?lH@Ti;mb&0kA80g2j&(0qJPpr&&x0O~#}cl!VijFOw_o?5PNNeRiN>j% zkqnt*!xiI_-BM&=z)ALLwS(f4oP>rq7PvAjv|0HOts9eJ8WcEFTs4O~9lDG5t~b@c zF8Ao`>;t;Eo?jagrb}*0(uj1b05Kvrzlpf`5}R1z{CG$YSd7dnN{fGEcH}l5=oAE= zFkAlo&Er>Z$~)TsHNA)e?*A}aXe>Z2Whr_E4`ZPhXwD>%dFE0h-jvNRKvf1RU#S9uey4mXNN#3oGWC$F zYw4$2Zz$%N9^a+6>qBDCq4xj%41&?WmtV?mN#FdpfBC-I+}i>#+xw;$yTANpPr*gv zT-9?QM47*r`?DJx1&t(S1bsSHGsg*&Vrjx2C8z(x1@-Q=mFXnfKYHg}uDj(6HS z>~-@Nzd3qE=!&a}?#`2OhOcVBDc5~J2Az2B#82pLx;N{r+V)PB$&Rtzk!`8Z-bIvm zlDH$>zIwy85%w|0z<7sakK1vNv7d=o0e@IT?R7RK=#zPa+mrKo&EU$mb)^^OVU_x(V)icYAO@nAOXgDk)ihmU57&5Ar8iJRr!+;+{ z1A!xu*YJBNA#kQlt=0SQXSH^3i+!4z+y8m+i}$cGjGOb^KZ&0gUxh-79ZWS5U^Sgu zgT0AhId+-DYG7s!Dw6EtEL8S*G_79aB5oWh2o>_@u)=#Qbttm*Lvn%srw61o_Koj~ zncBwo3#-RjV1C~62iEnr4I}NN?Z3bI!|V?S&_}|NLvt2q{Ay#T-@>}O=|YNK6=tq5 z6T<8|1B)1#9k*8)X~wYDuuBem<|2fJdr9UuOKSGXMrDGsJMWeoqq96OEo6F6=8W$saoSF(Zo#}YR3UzGFN4L3M_u8`9j&JASeE_Ip?8ErYY>~y8_)x`8>=9cYx-5d4VK(10L z+OEN6*70Krho2H|YHaZ6(gemOC0c6``s`L#|gdF5KfV9s|MVMPVs&c18ORr>qNuIy-k zUpyJN$%7UGZui#t6Q zUdv3R;PK}5Nx@^E^CG6p&t$?m^T;PKxdh%u{x8KNLhCW-Xr+?uMSO_qR$Y;d+nbFz z`@4v-$69sv4o}37zRfNt-QH5tdm=qlN0<+7DG8VNKcpaaUj*Od2wS557S5@vZ1!Ec0t>So^*ZFUVX?J zN;&NjzcpISw4y!cLjPFw`kT!j+3wCnT(`!1GhvI_?=$$1bA6=wt5kS+#og89I{z)gV%0v`!{EuaeogbFGRi4A#{^V}@+-1_oM%dqYp zuaqbP{X395S0T*&EPPw+ty5J@2rx4_h=|tK3@62ll{kuibh{1+*`bjNRSb8 zz-lrf*YQ)Fr2*`e?TvCo*EE~-E15fqHwe)1VF>ddk)w$)U?h~xoeBv zIK1(kJ5grfWIu-$bxt_AfvQ=l;B~_bGu!+6ilZ3^`F(T`{4ZXc{+E1?7tVc1Y{4WU z_ehZbw zx|LavjaEikY?PJz7YTw_7BE1^M*1q*^03p<->;1%6Nw?e%Y*QIAY!h8_(E$m7)*MK z&!CG`492Y-GIpxGpas_{T^UvCIvfNwT%$tf*ScSGbOu7XE0oX;nQ}Zi(H!e4yZaz>$8%m^w{!bm zPs)lkINcev7sA*JGB7<6uh-%UG$m1930W;czc35hLZd8N9dnir2?ZGz{2Z$)i=CSl z3ILJTIf?XAj0)=Z_ z2Ww|vsMUVPZ)vH60lhG$nsW2+6%8@_(nHPWf&I3@fX6PoQ{kmQ_NUYR^oMQy<~Nsr zaP3t(!x62fnExJorcf>y@Q22X?B{9eGTcXT#DOLnDWNbU2jgJS>PyTJSQ%iKBekA6 zt0ep8f{`rJQ5-^u^G|^gV*S8&rk#bz$9j(v3A**9g4uorJIG596{9)1zdm(T#SI?c z)4#54zx{4P4DQ_DAzEsriyf9FkVfrle_1W*-+3*&lpun)-OwRf;@myryHp=?q0#Gd zhjcA_SFEetC3PL`iT5yj4}<5JjG^HCShvo&)RkjeaVZ?5Feex!RZ9Wg<4Xg%8YP;E zfWd{nqUs5RssNZ86pT{Q}eDOdt#AHyou~}3p zX=PN&I1FJ<@DCUp6(m2)T^_p9KpKNYUFnq*JU5|~<-)L@z`DPPIi^3wkZ4p0eX^!j z?G2^XPl7q7r@IK|m|P(b=9m`CsKhbs2&UuPOQITQ+&LLyb@iUz&8<*-|h2K9~|rV0*0t3{BOWDi4%uCrArN`(Uq8>RYf zPD+A64kL$*8i}il^u22+E#{zM_72ZL%$76VaR;_Z{tZ)>WHM=CZ->Jo-M;*#FD;+3 z$&wbj;mTMOZ)OB>z#ALGQA<>7*<$s1tiG((2XLTPBS&TJ7LDxD$g(EmN+iNgqmlVg zY#)|20fSYvAb(H31pQJERoLg;QD%-)C+}TfIDhucbN800YM$;{9GX-aPleD##)wYf zZ>3^BrKLi)C^JnuqV~^QBKEI4qL#<(F~`)Mk$QYJQIFoiwwgWW9cHiCh>S+UqtWPS z7+)OhKTvD`iHWsq1{OU9pRYiBo_Jsju&oP1g|WuRtGP^C`i{g7frL(SNaCZ?lhP^a zXA*(m-XyWBBvw`a1r$C~s+ii9mON=GpDqT1A=i&xtmGPX9dk)`SIi}T#`P7~k6i!e z(tO0lj=0zjE;jB0J9W%eM#$Y2E{1o7T%M3?KdiD)93csxQsLZ7Mf63Y-R<$_VzB^_ zK4bxYmL)%DhwwPu0<((s~M3K+>}l$53kS zdC@)pmw;M@PHf(tq`Q0P-2ObcFis(zjc1*~AGk;8Crn58S|VF1-&jx3 z_wr|Ak8~m3Tn|I;5l{d8YajYKl%jw|wTMGtVI!yxxBB zud^jG2&jBG8w_PKpM)R(?}=GzxOF^8x8zs`q$oqzV*)zAGi{+W`H!aDk_bTfKMi0HnC4`3Ju zT#?VD@j1ehfG^#8nbI*Qs}v)`vIjfeNf)#dVY}l{z!NdKe$H2~DU$a~8tslOl(JMzufHyZ`d)pNoHXQM*<~HfnPTG^aF!=T0$N_wE0iSPV|U+{JH z8EY))G@6Y*dzUrh1L6l?9pGyWaXKl$;?mb?jXenpW?XbsU4EL*222!-|1f$=TArT1 zn$EReymkq%)d~^dkD>7u7vX0z8rd@^am$igX}8uRDhTe|L=k`%as-p|)xRD6*=g6AuHz0&YuZY{1L zWa@&LX1R>Oh6K@JK8B}mIf*u*Bd1T|F9&CSTDSJs?*mM44xXF3;oE=eth#p`t==Vt zE}GrvZW_IU_QHj2>2LS~@es}&S=SJPaXB0S{gAro&Qwn+P2oo{6lAD5{Pg|rmK=@V z+5yBgo%Sr;RXzHe_Do(edeg=2i3pn-=@76kVOa<;Lm(2jxFR|s5)H}0GO&gXqkXos zCD6LkEz0npJ{>rTNerAMTLL^J2#Q>IWW9Dnd#6>*;)s44^hp;ilRYEH!})HMnTNZ z=A&~4gDWp)488y;)+v4h>w;W|R}fCXvMQ|!gYgOlA`xdWx+&~O&`i~R=5+RyJw{9b zhHR=|-1c)*Boa2YZkdf|8asL&MW@yss*TOQ*XPANnqR^+c7ZI>O*Sd zkdz%9sNkq)?eB?|w{^y^K;tKNF#OLb*ac=Y=$M2maQzy#hp-fHfi`1OSZ)kCoi4;i zf{M)v1~piwGfG|KkyOw-7q!olsakh^&7}cNkTw(r_-~B}i`QwAze@uEzYqZ6j4C5V zq1gxFTAM#LQ__zj_I9Kv#QkT3Xm5u76nXV`7iJwu*f0}zl<1%J8KdV#)|4pfE3{f( zdPU)lB<40Cr09%%gZaqrbHI=9Y7I zt4H>V{`DekPrbS(!j_o2_susgR;Bw4!=syi@vgJqTCd2)HRFI9dJ1}M8DW28G|8Ga z07AecBM8oLld7{t!;zejbL8SV$>T&MBDM&2npS-YT@NK?UcNhml@RalPwcJ+K0+kaeLWx5}}e$SXssT6Df)A}CK zz2d>-L6QJ|^v=c*?esc>on&n)ibpFULh{x_l1FR`erE71M8-iNFJy=_>3p*2Ggv6; zuzr7kpGO9XxETFYH#hgCVY90+md=j$SG`-Ws|QzyroBBbWeZE%&2Pb0R! zPusS$Zy(|3UJqZR4=}sBZ_|D+FMw5{(drq=YtY1h=C7R+{td6?HE4gN8Z^O(Gjd%` z32CjpRr&zVgrCyurN011`vV;5bzB_x_p{AsW?codrW4f%t@hh!9=S^fikRnc`c6hjaKAk>Obc zsK{^m#B-2+;GzzsWKUFxmvL2_j-oxIYInnPhUXx>0nhMk_4enU3!GX8d#Um^{+4B7 znL{f&-(ar+JP!~Sy!9T5=>7Z{aeM<1I7070S8xRrd}E4CPH)N-XE#j5pNaO@`l9cT z4)*nhzLKstrt+?I@|C1XGJbB(E`MsHtVCgAOviRfm$-UyxhkpZhULtkY2 z1Hvp=$ou*n+0tAl4%>Rp+R@9x8OTpZ%433gigW4V`b2dK5xcoN2{K%lDt#8=LRI*C z5Ajhcp$R%E-*sK6obn9x4sOd-^S8{Rcs5rk`U^4FU%WFlT_5!J*b3Ew&}1vvJ)XXd zJ!bI41IeW9JqBH=-p$qQ=Ab2B>`&ZuwaM-=AJy4yrffNqb|Y%i*=wXLVMiPi3gt}& z@w?&_oDOH)`Jhu{7XkcrTm@T1licw!4HT6cd!2tZB0uoK1x&cEuBi6q2X}iQNu^3oOHi zSv{io*ymWqCrZ4i1T%uYj6m?8W_haJzcH{+|cVZU!k4+65%0 zG|k&pS?klg`1fcP{+(l5x&49=k=hTO!C?12e=b}ueii3JZSD1k`0KO$d%EMmFNl91 zT281(wEGQ11g_W+H%v9NrQUJP{#<>gjT1U*x99MLf#dMsG2l>cFJN5y5e-0lkZ zH156YNHw=>-@fjhU)poYJu7fKXw0!_OqhXuQZvKTv z;~%|p%PDk|`iXJ)Ebr&Aa{ov8{f~{0PNLIv-|Misjasc{mZ7V3A>!<(&YpTjQN1Z3 zklFbyefCd}u0Ds~N-ud&)$!D%@f^Fb;R{Yn(@N_pN{_M{n+9!DLz-N;+x4bdi_Ks} z+JGCCbsAX$;PHo{PN+n%Vg>D_J`wlt0)ODj!+-kv`G@lRmf!!s7ylX0bzpZ)Hu8}U zTVTqbilsz@$JEp-=RwjrXTwD@YZL=>l-OHS(}UuYBIQf>euhV=V5H;L=W@B)BJ1em zQr(^S&!7EJ>863dVw5OKxT{x__sBIsIdxa%TZ5I!q?KZ@=`WlhY3<A)6UF;VUdNDIZp-sb5YMM06(Cbl?+ZN++4|MJAZr;5VYgw;@aj^fJC~8%c0}f z^NX44loV%Iy}iZ5gZu8BoxXLrY6CbSzOdiYeu>2_%L}7dgnNdMjBbJ^5Zkl=zMX|= zJy|5)>I~omj?Yf_j>2Ec9v_FVE=eCA3J>#?6ozaeNaz0P{Ct|eBa_UbBNKPxan&Ol3(Jqmvj>gxpDA-zP0>*{P(lH^q*AFa0HXP;cT z?z*E#ue)wVSsQf5T`oQY%wYl1m%1j%jB!GV$G7-{9=|_m_J@cL*W_wC=}vL3K)`^3 zoj8Ot-y)Q&3~}Qu*cgzu73QpDk=OV!$g^FiUpYYuX`F-r=_o|XxINH0#8`magMe-} znS*K=b}OOxR0ys@bi?k84i^|CiW(@5aKy?6}{Q=&2WmFCB@XkGM+|4uUZ5<0jt^RDaS1Xi7||2vd!m zP*|*!>U_0QW%g>U3LHUv(SNKr-m_#dnLNUdm@d2Ip#oAKC4i;K{b#yLFkw^`iI(GN z8dw)kQs8fF5dVap@~jn)2#e0lWGXsV%NjO}SGJ9(^3!|z-my~LetcVEDusGE);rSM zX92<_I4s_8(CM_ER6kJBjeYgzRa1#iJ$mE&t{!pf^@jEyTiUjB_m+lSPWzB>7G}=9 z3Lh*8AH@rF1oo6|F`F&u7VAB%=U88*@6J9jn8o^Vq6)3h(OSW4GWo)FCvz?(AQ1%4 z5T!(R8KR)ew5v{1C8z?fqD~@c0H=z=L`wcm!D3SM$m=FPR!-)^V)Hzo$%?!k#hc*Cy2Kr(2H1nlzI6$eF0PQ>M_-0`SS60c}~QKL6% z*dH`{ofItg1ydtdoiA1j$H#h500>@t{Ph*&9koKL;nwQKmR*WT2nin1u^k#gFi5H9U(otoWiE(TAk)gT@=e!Qd_wnaQ%p>Tv9GdZ5Vz4)lmKEl0w@+*>V{NGpnR z1CvQ_Hb-Mg0b`cjB}gz-B@+hPBtc40f|MYV=24xHN}9l+E}5gIh$(22O-|g-7Fb$( z0llRWUi(Gfq3U6t`1VB(CifKA+)LHFglqXqRUo*pD*5>0i3?oJHTM#+0$7u3VjH}2 z+_Y5m2eUZJ~Ek|n%tPb<@SI7_vQ-hdW>NdF~x6V&ytm?YF%t9Z7U`Z4I!q zR);+`T*?i)+!K{<)XQs)Hp3x3Cjc9|LaECBXq;3V2xwxd859rC=_^QcD(c}kv9km*}N>~u{3A^m6c5@DPB z^vGFb(F2M{zT`5uH1Q2T4sq1;1KycJh`Arj96>}}#58+i=3!BkA|w4}*If@GJUMoC zMYNs$ZS~6Sb$elZYc3|*s(a=J?K|H&OlLN4yClHR`~$i|F|xPfspMyhkqo$Rn7|n{ z_&m~U8|Y_Hc(!q!o3KXCkW&o#nBB*mKHo00!(+3W9eRVwtTR*EOpA{+YeQPp8f$my z%vkuS7zG>?|M_)}Fcry{!;()3;=iE36*wBAkPQAYDEJ|!=`iW&Ba~f0Ti`MZnINQk zeqp1)_%zoLRGzI-c^3PEJLm z%?+d8PrG`mHQz%Iu}i&RGIV(-rY3{_=GKK2a9ULt5m(ds0GqEHUn1nufG@?P#w`bQ z)I4T?OJP$#8swssidQ3}dU}UPFz+xa7agYcLcZaL!dcqJ~yOYTv(XmSVLqB~&sSeO=U2HI95ZSFIRTC*3Gy;SNP3z*!( z-MF^n_9(>QqB=83IdDdCnbVpKjc_E41DF|P@0KAqOEEC4%^)pM`P3==9XLUG5tt)x zTBkJbh*;4vgD4i21^xe|y$gI@Rh2(}_Br?ce!t)M=H8p!B=_dtJenqHZre0T-wkO9 zElnR#${Skc(KcYK;7nu&W9`A?>%x?&xQ|=zJ_M1>(7jKnx$3M784s2KFou# zQw717L9ZFp9<-Px!vxP2uf?=72?2{8c#2#ewJn%ilR(vrv}gcX%I28|X7KC97iCNw zREIUg<7)XHaS{KS)&=T^4gIY68NTGA9Ks$lUMr9Id)iY_65osMfc+ldtCuoWH&QQ; zDO!>gS_9KypHukWDh||mz9+u9!q8&B|M<+u*$-)dWgj?*?+|gUs8`yC_wrad`5g2u z9Wp!@pqrH2rY+;h7MD#porSSDVj?gvm2o>9V8x(f2u`=g6FR3fnT#RYVzS^d!PUW` zbo^vbjTJmYblIFFn}@~;MawVzbnQ?`(p^H4?CI+9lAjL8dTgkF)r!G;{q0SDe^a~v z-c?r*r;|h1jNZFs&-%8ub$fc*-)O6=RxH!o;+?r%XWYilfBv)D*5PfPNByRCOxKVbcV z_19J%@w#z0g{&Xb9Ry5JCt(IC7<#11Q~eaAK#->bbQ5GE)_fH(<7G2chFuu>gU}LW z8}&KWjZ-lO_I+r7%d5>6LoI=;pVC?E0Qh69o(sa~l{AxfJMwEG9Y)=0aT*#^-D@FK zR!aIVq6*vP0ru67R%6yaGvg^*2*E1bK9P+n@=wmc_9;c1WS{UJlW3enwIES3qkTp82bp_s)o> zQghG0Ci+^r5%t)mYBlA=&Sf)?RZYkBV^!U8^!Pysb*n6a4@EO!XQFFW$H;80CZZ#P zlGx}TAtg=z#rcbQm0J$YS4v75h8sT2*X3=fm!f^vRg21aAJR{PTED5#bZL{qT>xhL zSVCm!$`~dGA=_M$1Oj}d$w=LX;K?b;Z&5pH#2AxiEl?vkOsqSZ#pyKpGuYndq64IO z_KeYz@3gf=OJjYhME`hY#SOi;GuKt|v@2)_Mq|G$|BpuNYg^UczOvx8+Sr{3xqa}u zO!Gs5_q9n{_cW3Oz+s5hojZu`3XeH(Y*W%7)@$^Rrm@VytYvbLQb;E7TUqq|?PL9E_4{dbx4vluX3_7%=yxaY z_atK8n-Y{A#6RXx5=u!qtY{QVax8H$RqyY5Z*xIP1Q+zZ6j%J#{aj&9i@vfr)?e%8 znK$oaqGgk!$YJ*?;*nB_2Oi`;jYT;lLgBEn=GmaMrIWEukbHFF^=0P^P7U{OFr#JC zprvp~EDS+dF@+>Ekh^ej-~?azWEML)piY8Tn?pfq4AkkvUd@kO-d~<9N1_|j!S<%0 z=IdWGj8w7%$w=Gg9HseWrj=I>H`&}bL#YYmBG)cyv6|ivW~-4syw6`#`p_QoacroT z^3$2|l5dl5ukRk82C9|87aO-|P5Lq8!JK)bh)r21g(scNC>c!2N$h$sj6}!|O?QmI z+48xU$uN3VWTaDbeB$t^W;iQ6gP>4|<-yYC|BWoh#b`zKf(nNSZq2DR(m5xcr0R@w+Zc}i= zWtB7_6Cy1TN9#1rD(B!sCpiiu;5UWy<SHXCDEmJY?T@sS5A6*O^!K=DOfB}FJi^2rqhBcQXj^_=&bO-blI5B!5HHBh%`G{_V91Wixq~e^ zQy@I)_t=;wuh%Q7N$?0b%*g*@mlaBIJ4m<#bQ?}@`BaClQzl_y+Q%@ri%y3|%dfQi=~4K$TKY1_;)`SHQPCZhZbQbN;do3(SE&V_K>`p`URR0`vP$?%D>|Ma^#?}It&IKoWNjW<)>T3 zxAbfFGrrcZsxE&FeiWSY6I_SS9ps0xyBb2E;K#&Lhq7AafSngy8jjd88;Pk4tDVB1 zu*Bz=JE3+kk>Jpz+){+vAw6{=YzI9ee49KX8aqdRboW4Ra~o2aWGf?vuYFw;Y-$gt zH$)?qiAw+FBUtOzJtIvv$JkFRSlZ&)1`A?sesI$nYF+ zK~vS9CDXC7YPG-$$2+}axtfjQ7WPO_XMQqWDS^!gr&mEwHf@$B8_g3g86hH7h}YTk z+o#T+D~Dd5g8o1rxrL^RI(2GbFQt{sh}-&KP>^hQeKZ^ZL$`LGGZ*Vk zZsKLRoe#Nn7-czj=G#?c7>H?@`VCz3+_oUUfCSru>6E|QD&EYp?Pe-U$sIa{en_?t zcA+t$hnAr0SfPg=Hs52G51CoQOnG?}yE#rm3AEda0(Bh5m`*ZIz)1kfeu6Mlq?y9| z$pf)z@8Sv%MeIOSadrHWL;nD6{Jy#_F7j%W;U#GS_uQ6hS6c}jgoW`z;6J8&N=P%e|L$ts2D! zf}HK}H+)I{Z}=N>Kz4OIniI`(^8sn7dSerFAj7utIEbq3Lsq+y8O{0NXu`J>io{`` z#%FSk0)4MbjEZxzGoXMuE0VW^4dz6p5^}r@yItsR>Y)zQ;aZ&G8xQ%i@|V=(vWFi& z`lT=NBeU7ZE^uC^pWd`-dUXD%565K`Z}hsn5$B6yjdo&ZD@;2ereb@62M-?4>2;bh zs1z;PG!oj8Pe>o041m{S5EN?@3?68)xe0Mj`x~}7j!#0n)W(RmxGM{GwYq3ZFI1&X z2WO5SU${&UvMmj3RJQ$h@Q+t+Z(OMC{@JfA6h2A~(||aaG~#(Ls&*jzIicH;dam2i zo#>V$xnZa~rUPA(5(vq28D9yiXOdqbl=1osZ1+LGi<^oj#bBE5&cr<(?O9($)A3lxD;+=YP~si&4sBu5&VnM@ z4W0df-+T)EF%G2it!>c!4Cn&Q*QORUw+FoeyhN=x5snQS;K#fo`$0l12`W9G()7ibzMaAL?mnM!3gV&fNzmSEWM0{ zSpir!#tdLJ(XZ1XlOQ_+4J9FX7o)x)@YOgc&RFiW$Pr7#0>(i=4mjovof9kuisTcf z^D#;xyCBAmASC2-Ys@H1fiGk}s^}5;KI^m|;2(J6zI1iPaPFT1t*x!0cN=`!{`UM( zy5Af_P@ZAU2S4`3z3c8gc=G_e)mJV=eDSMH7M~kKFWN5ekm0+PzEHJ$+-_3cUzENl z{Q_oN(zT%=o7d{C9}!AB_w%}hAv_cy#j8skg34>s6XONetIAe_sAk+O zDheh^6=qiPaq|?M1h9wr*`Z3Ki0I@R`s@aI#i}d9N%Ivzp?x~hSBfiF8k&NkCc_>j zUhJR8rM$oX3{| zqizuA0iDjIRLtet^MzDEiup`>9_@SL8JIQoK7oXQ0uKk?KE!!(f8NwS2lWi4SA;qb zP>v5yNto(AZ#*r@(V^;m$H>mD%#|!gwgsZ5ix(fGT>r)%f?KdS5vqo>$n-#vl(&`vNFuI}>p_oTOARUH&R3=>{@xI<4LSCM%Oe^Z)gg2w5krZ%#Uj}Z z-ZhXHP(QJFdtJQ%2a*yhU|!&fh5repGH5;8OavT^lW$-;iy(Z&X92N@_!=Mr{Mhfj zm8Gl)F=E`g$yy%x*kE_}RVxwRz2a!FZ)s25S+H~(toqWG{b6rziTuUuZyVhixwLnm zto&GhREvbJ@0QuWv+<=@g*(&)&N6&~BXTd!Z39wXx}`dx%cPsMO&M)dlakA7vKnnx zYYmFczNOT{C_Qz;ilfbDjkYPP%~~Uq9)>`q^rS`MiI>ne?xsSE1eA?a%0R2BHIj#4 zS0s2Q9Pi3LHrB!oAXCbNi@)jMO@H>k~WZ?Ua=dp}~UXq zIfy7E04K!Z&PkG4{2d}QP*;VZ6TdkmpcA*zJNoe*ge9{|E1#Au*i184*QmuV*-Q3K z_MLVF8fu1&dhLFjWE_QsqqUBjWJ<9<51skVNuoi3X9JcL5t#7M416xaBbz_|aj^4H zZ~%M%4YS{6O*gRAowR=;UmgCSvnkYD&2N%uOGg-F0@YUS2xirdnT`5`HZttYT9ELt z2@8_j)~XfCYOP+9y%0VSK(OKfe{Qef{x-}b}|Rtp;@@J0(%2;AReD)8q3!BFvEe>+|OUHtS zV!=2-ISUluQxLd~H^U-<|Aa>3E$~P!)#&y^U2lR%YFn3^ef{1#Ac^8w(mal3t#mW| zqOIlL?o=YtR9;(N+aK_*Y7A*vZ?*Q*Uf#csLR!|cwQC&%E7m0P#s1z!VJ(%HPpEo0 z&$_ZGv;|t)2}J&bdV*61y+xFZp3HZ_OHk8GYrN;!>bN6X;F;bu`sHoc7`2JOx@Epr zpG)85vLUyq*Kg67_0^lRe_2S(&fOM=Z7~x%sB@Ks=M8Z(vAHzIc8y4PRM*E7**0XM zaR&#p8?#5UO13}SUosoI$8F1NXs^}w)y35^k?Rc<`v?2K-2XzqroUh5=$v#%(xo=H zd1P>i4K<>^=6m)6$S?8~H1=#wbc$Yt+7ILBt@`uN!NY>BeJPFMLX7ejUHg{Ap976$ zy0d<*!Ku4YXS!@}fRaHj(_ToiZvpAO)nSVr6uxdy_`3D7yv_&66*|{#@cH}>hcsmO z7YQ;P(p${EP(>zp8uXjq)1Ew+Jkst~fYs+|Dt3*vza12n*V5cCAilj{#>C366yh zMx}57d5ywS$mFz5xa(Lj>flplL%-_y>HC4J#trK3kna?krx zgM&l)j)dIDfP1iOfQrH>+B)@9SWbWW?)0dh>Eet$Ay2*{um^E(YTbJQHw`(?dBr~2G5QnYrs{C>V% zl75^iyX?K1>Kr163^{+rX8q=l@drjyt4CHwW`8cX@7}a&_xls0Yeo|tlVh7&R(;~_7)LnPuhq@8iI+6_a zbe6r(Gr;U<{sKp*xUnXEz&EbE$;GTL*E*xc11ozPVN+V|I-L=aQzJN2b(Vn7<9Epn zznFW-;|JZN$KW;t|96v>4z|%?rm>UwV5@V0P5nB)^Bt$Xlv?P{p@cT^_5|CF}KDC@ZPK3eG2k zD;AI$ezD+~6pC7{5RpNX+vGACU~@7lJb_nnP)K82K+n5C>SMMJ@JMB9Nv$2!3NUso zT)0lO!Ug)^y!~o9po{R+)#`v)v!Q|hCEo9`hj@D^evrn< zE^V*&>#=DuwgbYElq$xwLyEKHJnVeY`90?^oLak+0pvPl-tVxD7IA)MG+Sg?>GG&v zP%8+@52T)I@eyzjVE|M61g`?z3UpkkGAe*X;obM$E!Yz%91a18EL+Q~OBli%;fEt! z+s^8M);4yj{ZYFt!Vc`p*lt94-3c5E@XZCMOy7kM0sh8emn;)J%a73{8BK~bL1@DI zcZt1~W6e(Eum+z-U&c{|_%hmkyc|-x?a-pXe2U&f_LKurKfw7O&vyi~Byb+C0hAw`?=4Y?5)t@?A>x?_k zzcAkw>OOD>`hsl!oCPp7$P-A5jrK3w6(jr?2W@2Ln4B>!v zJXfn3_0}7kl<(Nj0kq7@9-7@*Yb@7uG9wUN&1Ojf?zaX>hC2+d4c@CF@(CUdcm*lg4hTR# zsBh^Z;D}}R>|1#V*x%0HAlttECN2WBf&BR+@_BH;R)7?Ed$lv)KU_4VgF$EKaG^Qf zo0iiDRyD6;;Z@AKiZQ2P%rQs@hJ1r-iiOeEV$Yfw9Rb;#o>7o86b%bVb9#$~bB;4A zYYxVW$PF-ZWoo*s7o!R>)Cj_%FgD=0YPlA~XhN^&85!CYt)LUa@wWuMK>cREUN?x1Wj!&bhGa9L?4vG>4AZ&(Kc$w5f|Xu z&GF`9vtnqT?oTAMy;bifuM85ujw;-IvVAg|g?AjRc8CMv_^m1K+$ZiXtUBIv6wO#Z zNBP9?n{pyx?IYHYa}H6z`FOX%A0}Agd8a8k(UmYL&|`wSh4tlD#G{_}Xlq}_-da-R zZCl1Sx^e@B!0H}X-z6(b?%UsySh?rjvXaXC^f7lhAxEsX8x7`gTW_p?%xMeRuDSB! z_3?r37K`1h+pGAq9Z}<5w^uITP?|mDjM%h+c+wV)P^>JlE0o(_#PWZH|BReuDn|aR zd<}Up{}9^`TuBLxjzc=xD#=4efmyPc7`WLr;9dbY9QL{M$LS#SrSmU6=XeQzS#pYt zt$@g-zIEGu@A?)fq-Hl$$T?VN$oF+4`#IL9Sz1y}!1z$cByfPpz=w?)1kZy7*c7uQ zPw1iVE~o)r?sy4UX83JuRV3NZKfdeGtpb_-lPsdu*oKyMiBERlRK4}iqj%gicvJUNi8btlBkvo%=IdA7aO~I( zyZ`N)(f2Lr_YhWP)$8zv99!%bkIinuF`73dDPAQ+1A%Ur6n#X}>c>n5a0l8Q*aVdu zEr$@YWx|2K-Ubm(gMk0A&O{qdojiZ?)N>Bvh+i-e(30!d<_Bb96VzeJjI~|z_L*C! z+9uKqhUT_!ZJ&Dj>8b56-o9XPX#S4KpTpP$rJq!1Ofu{<=63`Vfl@#LORm%4#av-_ zugzh^uz@+wVRYzqPJ`19h?~=3m7a01iyh49VBa*bEr`4{FbDXc*BKp9ogGfM$7}Oq zxmll)*u@evO6;39w#CMDHgIA%u_<(<%qAUE=rnq_*P+J9_aYSjQcuDTI~hc>ECSQ7ZnP zio$&m=`MCQx~k1qC}fRKwB9`W$`{{r=MyiN*2S;AZ|SYeT-DJP?y)B>XB+?XKamY~ zZy6Fmtiv1S9<2X3yQ=z2bC|VySi#NwNQ!17F#45GlMBQ zuJdCQ;yT%@!|C^Wjy-e$6&mrp%V`g~r zP{$TXb=lhq6Q@sit!`R(HxgeZZ$fx+vXJacD)uC}?kHAEM4u(%unT=K>x?=x*fYqW z!}L8#!@~z>`xM`OPfeXxLDXW5NRZS9hK~dfoD(5+&j4s$8!9G7>=`?ox(#C$puv)+ z_Thi}kEws}gUv_#HJ6#NfcZ#*%Lwe&%)jU8r{hZkmmOM4tc(tOED|z(*wS3?3bk!% zeVFb2`}4VV8HiPTYe&iBZY#EVfYCLt~fJMf#Smq-^rDkFC8?9{$8kKSSA598mA!+HvuL${K4 z*2NAvL`P+d4f*lSTHQH!+P&6g5B6$hX|0&9B(nbLv#3&qQBCu@(~gHZ1La z8i6p!t5$q_^q_9cptVZ2FzMV)fL(=sW8O&BCxs7(G;E?uWIfiy7Ngy+_riRuht<+< zTnU{(^yc|;IRpwj{^^DC88{*5zgmq?TlCq3R-bWZ#_Th%uWam&%tX@cmI)j%QluJ) zIVZ+tZ`*L?(NDx<+RgZGI#)l8IqR1Y&E+2wIeNgT#9jz82Qs(Z6I3ilnEnAjv^vZZ zhZzKfaAlheMmp8TfAp<6U5Z^NZ~({%*$=GAoXb+0V*P{Yax^R_^FKRmV_U2vdy+73x~k+%J`7;5h3*maYxeW|P@m9_na6 z(7#j~&Ujlc{OT4?FbSz zYF7xuL(M0_Sy8DY0NkW*p|~AFS!)T&X_NJbTyay!ijB>C-vz$cTBcu1zGF#b#qL#E z&BR)bcAti^_crAA{VQM0*twxIG@ss=62)YeU(#t^x5*NB+HA3l=2QBL_K)y!@011* zGf;B6T!9V@e%DZE$AQ5CX*d^1W)jh5$waPeG$00l$(mLge78#sKTz!0Pu_e2z<*dg z0d01E7KjD)|7jkWn>q$k_YG|6Pbh!+M9?8et@6pw*p^E`ipV7lvg7xHRt?2;>yaff2E8g-qi_+%F8mK+tO2vSiw9QI0iM_$gS zrL38VQ6|0W%z%CR=Ozbr6D$NAJ3%|B&xP6&;R#6U6NW4tw>nGM+ji_SsB_^$6UMcs zaA;xTHQ8v~QR$CWq#3_V2YR0(%wmtC3rm<9<(YZqd_F1HhZWI>9Z<<0+7P zylX&8ZepgApy(remvF)(6i0NY_N>XrB1ez@_~|8wR&-uc%`}Z(`!t8cL`#E7 zk~PZg58)eom4#M(aM;|jdiS!yYd0ZE8f_qKObUBdUb?i}ZA^^2LcySHqDWnlykf9r zW6O>f(!~%++#HGo{Wf@2VTEbzO-)c$Rb($Eub?(zR@9(AuL25KYY@0jA^K~lC<6Gm z05zl2e|Kia*ulOza;Ho zr1fK6tOVBkDPSFuMF>Y?p&^II8QBzJDv<@pHyflOn}|IPBl+rR&=4B6HLxopFA}NU zr%Cg|9#%ec4vGw1MyG8#=J zQe(b|KV!~ZoB3`=c_70!XKu>KgJ1y56f!cHz~J*0+!cpBjOZ(brzIVY_$HEItnfB4 zR;W#YhJ!|MUQz&V8(Ok3B&-2_`zACNyXuhJZ5NLCY5>`C{dd#cD&%t_U1Dvu4T(Ad z(c|X{`;j&%0iH(11x0Otz$5zv9hl^T`*9S`B4}z{haefGvOZu>LI~;eSQxCbAmFiU z-gka<+m*Hs#5jWR#aHv8pWk-XZXVazl4s7^u>zm-BVdUoE|@LV9;d_aN7ycXoRMf? z4hLThDn!2ktyeduIT&zK@Q1@{(@pR#1w4u>w-P@bK8GpK!#`AhD3DWNPleJ`KT25m z#q9Qv%*=dbrXeCz_}kCV?b)fuVDh;EjJiCB{&OROs8eqO6Uh*`E4(jynOyQ7_8#*d z_iF53Soj3onA;i%e zRlxaG^=_<9+xY_tk{eqQS71XtF&M`^=5c(Yq+|X^{cOm;+kdD31Aa}|U+~LzFjvbq z=eXmb&o#k6(CkI5rQKvR>6n=U%br(dp?YK_(BYV?FL7`Tx%%n#%B8M#56 z)6_xU>H!Av>Wy$4B1~r{_91eR)p#qT_UNI7rWec}mAdjIDF`(6>g1K+Mp$5Z@v)t^ zyy_g5hweLY0n2Oc(=7h3c_K^jQ^2=L`~$@M-3uZugxwX*irEaaOPz<@?Aj3~stQ2_ zQn$V&^6*$yzKZ8z6{z2evn*OBK$c_K;A7`au!SG1QdjIhbXna5dq0s^{QLRW?q#}- zg1-VR8YG|kAxj^_94sNDmOUr63>6}#;1GnW$5|#LCXY2!Hb00HlT=b$0)$mA7_`Zx zxy2x)DzPv}aygod6d8e2py$i9Xr3jv#@Q3Wm&+g`2%LDnfcz$eswP#G7CA^~Xs^Iu z_4%oKmdGt3l2bE-s|elHhs-Fh_Ze&!lcqLrrxcUP)mq5guD9h2tuB*E`Jl#Zb(-X- zlDqcZ(%E^-zFo;B@A=#NSE~UNSN!jRmOXo>lF6w(ds+_s?-dt){^>_o@%AHLLV?Q+ zd*cVH$bZGTdD3I?R4Nv9;E1TyqO@F?pl1<3PjfsLsHW>2Jpi2N^Ez`j`&Jx1p%Z)) zBAy;HrBs@pXAm;MyXsB2dghl3I!vE_@dBhhT9eVBTvlH^7rzO8PxEEhTvw?tsRcYf z5^>fmlCNsg9+bzVgBmc+!BYbnL*d3m**QEjgX7$_s!k<;jdUqCfORF*TFbHA&+StLV3ir?!cy3HOuy%!3c`l%T!e8YIrZ@P2lg9?m(>eL&&Y6 z$e)}0ebt(*;Khoyuu;4mf%|wya34~fKYzD$2bd~&oWG`X7%x}s%QlJ%D9&Hi2fxhE z2L6HDq3OBTlmX5W^cDUy*~@*rZD5Wh{Zjg?ntlnM0cVis1EJI&jXVRqZJcL7`8yF$ zFI(EWI3)p54A6HH=kmviLz%soYA4gky$y@ibWCQYq9g0GJ1`K@Trf7N2}@kC`+z=jxne4I?`J^wh= zvh3cEAL)7*04P@-55EI zt$m|nqof)2`BWck<^PDW29IXwagD+yWp)XFsDy_ywTCc2I43b*`{&epS}>kwwWMMpbx5aQ|J2sx>lb>0w@2jvpf&e>Ue8_9ed?Oir_wzC z2YnR;DBjQc4rt9u+xYwM0@WBXDHxI|&Ue5~bCeVBq%|krd55&7w&qNkZoE`>w{H}Q zMe2Pd-c9R4y!#GKO=_jP@NxhLu;z$RL0xmAj<3|}U{^@*kUk<-X*QGPb>vWo+BstE zcpb#=AnIUO^r>~k(@ngNEb6F@9E}0w(ItEgex!~;cdZ>P)ao&9l8ulA#+oGHeFUo> zx+RT)p7+rmTD1-qXmLZ@;QdUZbS=E)!iPcmN{mva8dVVL#|+pUxtS^HK&ft`%q57e zqVvLYCq()Z;(vg)i6eHA!-PEM-@b!Fm2STeK{vDG^H^fePivHxJZUs*#yEX!5VW#7 z9k^-{iH8>-FtG`Pqye~wKw7*4!b|{{RU@tCM+ksNec^kT9okP}Nwai-54DW9mvfOT z@54A?vT@n>P2^yJB-1GR>=J`(lg5atjecra55%7(`pB$4b01#DpV2n=Ww3_i@GO}2NHm0ehj8?LB<&m)uA4;y>>Ee-r-ABtLYQB*!FOS6!CQ$U}B_sLS3}?2-+}=uk_gwKJW_Rdxbc z?s=%pc9d@{%jM9GAdzhg1}&MKnT~g~MmxF$q~M^7P?><}AE3SNtJ;?73$^ z33U4S%lI3+2vIRp;23B7A`c`5wZT@Xc$44(A=YVfS0h4kfU<()mivTb`ywaj5^t@b-5n09fPahqBR;d29PBNCG(I)Wa|pxVPqO`yEIy@%V^W! z1wOCLv4!W$#|J^ffF;QPhZcUi@bdYWpF>3I^AwNnI5}0e+wl)jvg5bij=u7yy~rKN zf2X^UvycA<4yX02W6cN03b!3yUASp&^G(Q5Fuf}~*}EZo>Cz{zPF>o)AwAjsiD_yl z&cyLY5be|hq0?3kSPe`W(wGD}0=N)HB|60g3T1HcJh+JHtB#*OfBHDVayaNQ-PPnx zcFDnGNB^1qVOGa}Jw5v#c3}D|)9U;Ecz*=(yL8$yR&8q<_S!|XvLT7|@LCoGR7OdS z%E#cTjF5*0$7umWB08$2^b_Rf$LSay?csC>wU^HxKYso=1?--F2Ig^37bd|xPd8$8 zYp9R;WZCWV&ef~!xz<+C;FW8e?>S3xeKuz(LHY~aJ ziuE_|*l{zvN@fqYwE5yly~iY@d@;Km4qvAft6HoU9nkC+i`I(6)8ZLEIQTHc!^37; z7~%ezHwLj^yeLSW%Rb`V{2I4UGBsH!zn$k|X%au>I_fgYvif`Lye2kz1})%Ir7u!jVk=RjMcjoI5+UK)-aXsza1K28YA z#~=|~wDvV=MY|>_@>IYjJhhLjfag!bxjI`o5A={Y)UG+ZZL)TePN>D`e4BF17giO6 zwe0e;b1`em?2=brVV6>7`9$AE6*aefc@a@c=(bwh7MvB3p8gTu_IAFGsc*lI`R$WF zRlVE=yp7N4v)il|@V1401z(>}0qdX6!F&$0W1Z9Iarzuiy}>A0m0=%g35C^(P6Ike z$H4b$)~(Y@9<8JcXpbP4M$pCieX`SlZ1LPh0^v{VB>2+QOAXv0F{E{Y;pUGSO^u3bfMuqT^0A_>4JJ;jcq+fytRJs>?z`U6 z-u{le?(Sdl@z4FsB<4Ur6z0YGfRJMebAo)<3ZElp^b6&2HcP9k?K-(?++^HoRE*Y* z)*aRxtq)o?TE$=?ISwGSWEcWaOODHMrw&mw;g9Aga6}Mz_V`IG$f@Hr1+Y)Kf#%TS z?=<`IY@h%D>`M9v;R1jEu6KR(-F)2CIf(Cpt%Eg2<3>5*^vI#xgc@i%O8bq2Mz+_; zHX5-A6Ufkl#2&z6>#^NpD98~-4pDUMK606%)3BG41600Cpol3s5!1}>)EA8K1%h+%I-Q8smJ3ssHEnBnpuBF{hU=My> zdK=pwUoqI{zv7O{4LH&r?DyVrUGMF*FT-4z&%1=5p$0bK9FXbwL8;)Iqwc;=tn3@_raivC2tk^(P z3^*~H%lG9x?p%NVgPU$ypUtknWz+mW^8GotC)bxhh3p7D@pw-mqB;M+7ir2HFYoHy zJ=U$;utC>7w!5?I@{MH;JFbZos8CBtq5h%u{UJWDp@d^xmt%5UFs@;#Phd7Ew@?&k z6p|f4CFK2ycoDW|l&y}@FlQN{*6|e!90}2Mou?Rnuu|7SBiN9afg%S05}c2-U%Y?y zwZp0VS1iAO`HK5f!`H5UMAN$V%4NSeyLGdUpx(O8ThIPt*_CTsVRz8?knaB@=uu5l zcQukT=(WQnc!uN2ST-CRjUbuXs0ktVSchbh5=aWm>2&%0>C>mdwn^J8&zeH|Pge~- z%zG3+SF)6ngS~fjdTZsXTW7x&YEOH%kBx2jq}oHX-@5h6%GPQ5*}~@OjrUyp&YOH) zgX`LM?b)-dZQWp(@1}QNcVy%A<^sNvu+*;uOAQ`)oPds3yTVFz%YzN&fuK z{NemP`D6L-<+b*FJYUQ!hRm38Iu}b$g6<~l4@@eMirA~k^GiE6sk@MNv{^&Rg;J*l zp9I(0=yQqo$4OHHq_sWJ;s}93nw>n-vnJqO-@W%h)9~)Wp0_t6^2R&+VyMNbvxfY= zgFR+sjZfYC&Vegd=UtZBZv^9Rz{_mrRQ@ZnGQMhbHT5^~Xbj62L0<`CHH=hqi4N8= zts74uR#1_~Thg}BnB!n6J&D8zin(pltFzf66cj)aJUA|(<;>$dFcDrpS3V`^b%_{* z0$YiGE(fiLw<0Dp(ng`K7Fbt3$k;0*V0qm@c4)_v!Je6T|JMG#$)(ZRFLd-(s(q{7 z7I!LWZ^`bG*L1HB#jaXe-MTdFdsaTxb;)2VR#`P02`*XES>12)Wy7iR4K#lYIQs~~ zNb*B_DuCx+r^P>YTf`OwVW15<#wcdSDQL|D9)y+SGLegmZ3rnc&msJ%$hVt1b{XiM zj*=e&icAl3((4Gv=zqrE($O9Hdvh4LKu03uy2Qi_uROV`*HP?ru{e zikY(ldK_jVPCY?r4nLAj%$_^NlV1LYj=aD)(F=@V11TWZfGxkP6)V5?G#oI z7SD52I0F*vzoE^2P`d%tX*7k1pRPum$WnnyvB?}rt%+tUR&UUJ#g&ej-_~C4-sVmC z_l;%8SG8xFqw(~zNjai5nzc9DO#YD5V^Xfyn7yuO$Ya=R4qBU*ccz#7oSn)1K(m+2 zvHrQ`3>mE<&$d>JCR-|N%BHs1OdgvlWwT|S8vQurF>+ZmLwr2ob51vhd=oYVWI(UR zT%-g_h>64amY<>4y@bEe>|O`*b{1;+R3Ip@&|vuS-9+6=2pOvGAu)yhJ`s3_!v)^7 zcyUc7)Uo=adcRo7bcZ(VW}rbvX>ybobh>!JGD6oV@LZ=;o^q zEcZ7d#ezN2Tp?LOXP+ao1#-`g*o2g6OdtskdT|^}#PYJig+mdK%Ve}UZM7hIf_ZT9 zwvQNtu*a)G@K8F0-HJn#?EV!iw{-euvYn2MZHE2H>`qrN>7I?T7f1UQdG;FAtw<%T zn;xtiv*d!T0{@HOE_|6`B%-p1K}78s*G;1n z5t+_BO&q2IBrNzA=UtXe?z!v0fxGWMaNw@l^W9zY%W_Y5cMtyRV(<9+GtYeeYybMM zvu)S!+I79`yLQ*EYenA-&ArZ&kUM6nsp@$FI)OxxX-@7Bg>eGc@f~zjbawj`0eQ7B zeY&t!0%ghU{Tqs|nQ)sq*fyAB*Uvtj&hWjO{NerNr)OeL!D}NY&<9!Rs%qa_En6+I zSXOex9MYC-%#)2d%z0!~Fl5a>zrP!p+c5!@$Yo7F_oM^!7AR{RR}&=;{4J0d9AI2P zvM1ngAon2l8iF1;SeinDNu};~soaI!&j6_s)B4#vO(EnKvL)gX(}&uwu2{T*gx?x+ zgxsC!RBtiw^0yaqsfa0e*%jL}neA6xmV1C%cE^heheo$wXSOA}vK{+wzUBIzP0&l| zT-`!#mG0sCF6k)|{__?-_d2kievP&-MV!P+5IyzER^(;1ZjpOEa<3J%@Saj!ThtC} z6>Y!0pB2W<$Z8X;g4D2k+%w$=bE7y>Dg}dv{A5yRM6dwXSbYP-%HpDQ3RnR+_)bqf zvv{ph$OPt06QPjQHJ9b!xMebs;P)w1Cb?|O zlEd#zEW6}mww6%WK&jK64mnIV^Viwgo=dCg_a7$u`g;xLm1FCNZPE55+TDhE@@?!l z&5*losiyIm&1#M1Ssc86ec&anR_Zt<&jh zno*9-Vp=go#!S~z>OXT#1O<7oTfRUQKI|h_RNay zONj-zdF?e-mfD{P-WQ2_`qqLExa*foriQY)kt>!}cMqj+OI;G{*yLZiZq>RCG~Z0% zLVp(D=#`c}4QD74AHt6CLvC4ZV`^xe&tyg58X&q7NoDG65gd2s{0T5co`e|zdVGS} zlB*KmrtaD7$v|hScQ|i*5BtJ{fhKp%t>_JjrQ?+^-FDkIiaCW02iP&_Bf=~=rE)cH z8LK&{54!E{xSOWC<{(&MHIlKGlt4^(1Q>|PC}c6sKoZJ2)_l`VGwD((HS>1cO}Dec z?5nE=23E1q>`S+kzgOh5`3dHkPm02l+*B==_a!+oJ4Y^P-+5SEUXt=b`Uz8y!$*S?}n*ZvtnRCaX3CVTQE*AteUW4z>Hvb zZ+_R-_RR2AL-!6{Ih<+V`Ysk3T)up8cJE-dIw(h)*Id!xH8oN)96M$xjZAg*U$Lfn z_GbfYO|$=HTDNT3Iupy9>No`?a)I2qRPDzR`5gK&EDZ~LFhlm>K@H_pu|lV|g^&9| zPag4NU|DFwZh=0E|7b(Ofbz{g^l}-HeahrQMA;PNT(brnV+)+@mHxr^N2^z^xp&Q; zYV`ffu+z=%(N2v1ZmxUB+782Gj~U8qc687EZgfJ+KFq(ZH1``Ngg$R2+^M(FYSfKa z6O`M~WIf&rb^mxWGoFY}w;7YkR#Sp0xk;}pKvRt`Y$Aoga)2zN1T*-^S1A(|AicCI zRMUj8nKgPwF&9<5x0s7)2m5)rttH*mc5q2|V(G?G|41-6(qG!RG||1}U|UnVr7iq{ z-wmu@w`$<#ftG>$*NyI87Afa)<;b$#qwDU+rJDy9=E-CnI1Uv*F?Sy2zAm4D_c1U14SE74KLA^vt}9`Fy|DN?JHW5EF1Y>! z)H20!8wjLiI4_@@k^Yg+e-N&v3rGy7WT5Yt>h%4*4q!jP`U9P#e7RaPeLJuF5?)8Y z^!52~68;um2Rv$2hqMHBi1Sn6Q`}8f%_gLP+lXjCam=K?Ymn+tp1P!=4q<026`bjP zhWF3+Vc`)b#^0PX_yM1(;YPTP!OMMKlv^dvM+=?hTmpRX71TuMv|NAX<^DyK!#O#f zqsDw5;82+CRm+hsm*VBVB+5M}$}tvKk%#oLq?zp>l?)!r()FPBc zw*vG*P#Avfh_-$a&)lzcpiT6QUisnNE$F@E6N=0}H}|`$(;2{H3UDH_E`&#I^eCR? zcn4uSqCW(7LHYiq=nroyfwOGc#(D42P9Y2FEc6@n{n8!L+L^8=D+3^+iEU&Wm-2BqPEG}q^}Ms#7O?<~-cB{(8j}vm!)%*UfrPa`DFMdCq$17(>9By|#D;CV zcikcRe;!%#6qUW2ox*v@i8m`7+_oueUD=-@Gi2s8n2%e*XL$2sg9$34zm0A7&Y|n`~Mp28z;lcN7U=z<=2n> z9bHEmWv_bupZN8U(skeuB%I=l_k4|Cf1H;G0!qm%S^6HVMxEx7|KQ&o4=6myN2k9U*M7Vjs)tQJ&u4 zP##(#EOzSGyz~#eU+?=z>TkyPQgNN{rJ9rcx&i$y#xu{}&C5T`$A_-}gLn_y!>=Fv z7`+DvT-fFKdlSW zbBoKK+%Lw6`O>@~N!R)PZ2p}O|FpLM0NWTqFeR{n0OQDY*vkdpee4&tXMR$(hQu@2 zv)=NVkH*x#cLr$V6qV5CsgBj+?|&SVpO38)66L9aH&AFuj+(746*H_V4$tJfFL zho7m}7te=T^?Jj6;OqGPSl>8NM#=zng+orz`o34aj=6++g%ytP?;-yZUyom+JzaC( zf2s55Ox0-dbG0N)(}LQ{eNhc%PyVl3_J6_cf;6^JVFWrC^?e!d-BB;A*E~G88MO+1 z?M&6`uyQRXUQ!k_uSc;>SDGgvKHWTKXz zqZZPuWF6H)x)n_$v}5i&cxF%i8NKH5x$ElnoI^e0DXK?(3eWr=&r}qe8={{c`A)4K z$bNs4*Hgh0jXK%lXP&sgGk}jZK11_~{S_bAR*v+=h}7f@yIZ~fARoW_e3JKx>x<_T z&MQfdv@Vt};G-1R7tJT+o)p&?%_sItK5tqV&nNbC^?Kuc61pU02iGM@_jnh+mb7bq zqQJGuBA-q)pB9$YX-?jzYAJ{&Oci-yLd-VksI~WESNtPi%V6iuBvDeaRe-N;!1^tI z_b~)}iQWCzRclr}l4*G4Lf`XI9MMBwC~_=Aim<4o0kgQcj>pAbqsZ2*C{GnMl-I!K z8ABh#=DD6$AV!w!0u0x0 zrJt`YVI$PbVw`IGJM+0wRMs@r)OaCt7k|Ssz|Y0{1@b;19`Q9iLgTdfnfkur@{wU7 z>LBAn-8ZOwpy8VykE#1WJ|N0d1&hi%_*xhJ@(B8c?;F-=j=#Sb<=>{ac3Ac;->*KY!>`7jhYY?y%iv7HJnY%a^oaB->JhUKJN}XtysFK3j5+{S)!RS+%o7q6M)7T0 z^?{Z158xJ_Ast~e#t(jo1?!%4x_8jHDo;uGqbSz>KhgL>H`H7vuCr-=U0wIMzCyiD zUNu-!HQi8SRIjJ_b+PVY185@Z^)7yW-UfJv<_+pS!>_{%z#jKIe9yw`LPrp`m>2y- z{t~_BtJ25t6t^dTSv9th0Vj+%hyZHu;_@fpsZq=S5A4YXCyOXAbZ~mVupPd7ld4zz z2~p*w;HazfUM{b#=H3F+gtvW=b_J|;qD()W^#qA@&-vb^VhR5f}@ z& z--gen%)IYF%4ue(Ke$Z8-YHo=3k6_lD<&Wp1aDDZ_%x`zw*SwUhg|a@b$r#R0j_vi zpLoBjhg|4;gipiy1d4xd?#EA7>rbfb;lj_5Peats7 z#yt1B#-ZNFwqN&o)O{Pc|8sGlX386V9Jqf{z5gkCUIQNoP8u`Pcd35T!8J$K`&jn4 z4_^nr56=h2-iZ63SMSs6B_GNH-v{nr47rEzhVLWGeII(|OA5(GdjIbh-6tPN!+pq; zjBMe01mp>xp8@eOv^ea5_Q%Oe{L+)jGNej$|+fws0@CWt#8udQeR9Kbj4E#Q?zciOoLVW)5)uWkVa4B+G zNcx@Svp~XC%Mi9TS@>qlUP=`Pjiynh{{upbU(;Mb=O{_*T?8X(O4) zrD07Yq&0PJ(S4eWZ@4dXJ^4>!?_oN&>ng5Q$aByP3te0@6ekDxR<0LPyrDRE<1xN9 zEi%`rMe?$=XOd1K_O#l*|5fP`w8GBg(tq*ffV$D*QtcTzq`tql|Cv66+-YLVua&vL zdrwH8YVXA8>tQZM7_K;ud|5f#JB(P$55$R6x>_+Tcj zoy#!G-1Cx4@_rVHCEP}>%Og3?Qji_8R07jVyo%oWv+l|>pcA$0V)k$aNE!K-6~3TV zvsup)DP_p>0K*MVWqj?=Q|nd9XX&jDltkRJy{5wecpQd5B@nlN3h^!=^h=^wI4wQPqZ!VJz{(iERc2(aaM>YvHUVc z?wmz7l(T21PCW}g&S!zqXgmq@H=YEltY2x$*$Q0Hf9J!IY&H_ke7#C+xD`C3DHrXyX5Fa~Vyt|ya0zQ;F|RGpPbLdO-4O4_pGfET4eY;pfh~|$ z{_Ih_$BOGF_4*4agw^mXx=!UU=GO~vC_klMZ!EtFvYzp^Q^2FNcD{$dW$9XZST-wz zm^p4K%h?_jhg)OvD3X=Q8aF1xbLE$x0V?;@bLBIX2?vMLNC2r{G~LP}I0FF#kS4QI^S z#kHMz---jXryHu1=bk7Xe|~Xws4t0xzL#P>c+s<9ggxSY(EFHI@k&xE=ZhRR-(!9V zY&<4YB!2|dHd?PKo|B3%ohqND$&c(gnD@`2(fAwfUNpxS_5lTc*e*E7e`*Pv+}3E+ zpCwST{HMh;{C%c?*$}aL6496~9MAYjrp^5kcKINmKir0AyI|CCix^%CM~K_-_4ABB zq3klgck!~)UH^B!tYx9SKlf3TeaAc&LvwtNc5W4m@k$+wk-Y#GuNH_Mf8cNW*!?2mhx2g|F7X5dP~$Xc69Tvsm#f_+Hg2_NuvW zi~WZIs|~o1fckL#gH{n+uFzh^%Sw06{h(G>1Moe{>bMJr_HXP}>;zv|trEId>{hsr zy^5Vtum6%?r`<}HF2g+kzv?`1t-3XC%x_F`JrDbb9S!kRG~uPSy>Dfs(nj%{#oURf2d)Mv~P(qBEMkI|D)~A zzM&;f+Qd#`jM$yTD>gR9!3G3K0waM02ni4f*#kEBe1Dg4oTTl{KQs1+FNbrV`z+VF z&UKdiob%Y6>kZ1Fwe+u1xKGD^+4-XqSdD&YM1_^kZ-!?@m#L?PzQyfK4_Rn^rLy_c zZ^JAW`zZg&#Du8Mqg5rx*AN7mvrFERN<{cYB#d3WyTea62mH1E-#yuY?~TCTh^ zrhM{#+jCMUvR`gwuiVHyVI-{DsfBg^!uhLD!$$bM=HQ;AgGubPSK10D|@Gg*DUyhf3bJ!iQ|(GBeVN?;%>km za?1S!-tV|c^ku%rkTNe(YVzdc5IJaL8yBgQO5GcCj{B)!UHbddfsuKn#!@45&rj#+ zBkQ6gW0S$%zw@i9_pjdJWWuLws3Y^#*u8E}=}5T$MZ8B{jW;x(PyF2dS+KP~TW7WQ zM?TQq?>LtUXKT1+580xuHnxn^spa|8u$r^nUt1V?M{zq#=KtE-!YIC3{>EnV0-!Ej?a0+`|0m5{i?z@V6S7b*P2r}p)r0qG@9!IUZ+23J85%@ z-!jW*OBO#cY2vhT>H)m!yoO)5{;H=$)?hqznfXzfV{(dDu0Pw?^=~}?Yz;KmKVfYl zm$N)0F`Tm)?(g&B{ks_v*-8seewL6`_I)jRg*ul z=l8$;@cgs=UwT?#Pk*%!?B95<*}uvk#q-$~|HvAgV)(knaDSfy&-3p;|A+hO%VK`^ zO*=O#Yvj4D!STNLAME+3-?nr8;QsT?Bky~w?fIwQxO2HK)YkaiE%%?ZU6uGh{nniu zm3{yDx9&gxBYSS&yjg?G^?!YTjPl=S&+mT&MJA9e^vg!vgf}lf7IIh&p$0ctCOVgS@{>-f8L0H z-pG0nQf#vHlY`u-KfeE5<h?-JF?OF@&M*=F@+zu=&(KRz2e6&JV@MCya@imNzMS>XfQPH!&|E zA$np}3O|V9R;7GCr77h`N>s{&lQ@?&dy@Nylb)XR@}y&v&QBVpzr0C0Uq3y4e9cRf zTxU|4P=7cnYSN_WaWNS&W2#1BS=_2opC8pU>c*(3QMy;)=!VT(IC-EWejE6`y)9eV zsJrEmu3$d21>65F*K58}z|qh-I{(7Fh2zJQqjScl&56$8WZV5~BRG-Fy=z78^3fTS zrzSt=?Cy+`veJwv${N$|UGn0_W`;*^+&FRC#%T{v z9XmR`VnI!IPW9)?)4!B8b))KmJHZCMLF{5OHz&+=DxI~?zjyxBNvVpRzG2OOj2ad4 zM{zHRZm=OwzkVi%1%pv`zI)^_lxwFXM@}D1;nb?G0kz)@*3gtimf|!9g{(2m(M6$l zc!qn)bFwLyPE!?Y1%jW^;?|!;?yJvBzJI{V&W{g1{Kc=;)qd@ZB_&_{T5a9ezWDGb z+mpwSPfp3oa{qc_cx+}?a?1F7Z%oe0n=mUjE)?N83+ zC#d4nlH=WQX6T`~$*Hq5LYZMVJ~=IZRBUwSWPWFk-`N@;$$Bn4aopIX30ZDK?bjYF zDS3?K{___fe)x<3IWsFIB{MT6CF|bDX=AfeQpZiaG-X~&d0OSvnDLR&_%V4E=@m)y zy2=w%a%N@bRr5o9F(Gah^6x!Y8W-#P38|qN*Bw_qef)ztDba2|=V&Kqq$iJ8`wj)S zM*ofbcg|FoMechi7}G@D-=}7#y8pp@%>MmX{yY2~?Y4|6=5HMVU&Q$5zo5q>cYK7X zJM9&p$lV|MQlZ|&>ubY=MVW0RmCRO#Bw@+_S1!BHM9S8+Bdkv ze!u&2>jSfE`1|RqoM|&_woQ9>n)k%CKbrRE)BI`n0_$11df`uVzmeWU-)NiDEV^ZBR&6k2yzcJPQdFnvwC#n9rRJShG%}jNlO+A?E z@l(Yysp+X+Z0eX~w=6jnUm4#L@6THr|Bd*U;;+X?O^A1Y5kh`c|0&j88S7q*b@#-&)v<0Gr+A&Hl3s2J7#+@-I8rkUY9?ksQ1oz- zDx&0}vYN+=+^V9_7kQJ59xC#}MXp=qb`=d4dAo{UEqcGm|C^#`ioE|+gYQ#`z5Ig$#GZ*LO1_8Iv;}$%yL8aKD%FYKHgK40lV0yD`I! z%E--_pW*)?<50%QjGm0Bxf#_Nk7s;6BPu#$Y6ka{O&aY+k9N!3M!QdscK_eeZr5n{ zcSgHEFyHvmPo({we)-&;lQuCtJ6sw5({NNw*e!oPd_C-K54%gl-w1P=iW}bVHdO^P z7S)B{i@y7;?~d^^d@tnlTU@EBv7z+Y=}XhUklvF14bHVhm%Wt!%k=B%{!i20rRL`+ zrcX$pmG1xd^q-_3O&>^)s!QLL{wL{vT>8v(uOt0xy7w39&!)ef?k`GzBHep9-JPE9 z#-zJ(>7i)1;!L#rSJCd)Xm=pmt&Mh{jdo+A-T3Io6Wr(ocTPem#)*U@lOj!#sCiFE z{yOrH{BUlR8+jz+bwvgv-uEKzipa)@7ZsTw@xB!KL1a(lP*rIpDlIZK;*E}QGnC_n zJ@1k8-VM+DXOF{Z?jxSNi+jbGIoKn&$@@c(|DNYEBVBfObW6b(Hhf|87dF%9Z`snQ z!`s|!#DDrnAnyx&MY~`#ZnBlj^u`M(oFLpcQdz87ILUl z|B8YC?*H&z)!Kj;k|eG^L&=!@8$PX zx9Hvx{`@p+1i$ajxYu@Xx9I&*R@Nu~j-iP8O(gJfdAoK0+aUDgDZx;}-*8s|zx3i1 zJC8bFVm;+=SS4w7USbq{!MV+kJpcUxmN?H>MH0hK-B)8GNlx9mNg>=TIfd66aUNZ9 z|L^(xgY&In=TZJXUB&M*I(75HNzSA5VhHolv_$98S!^U~#fQI-weoL%=IU~5$ayrL z7pul8`cZmelwNr5t(SNIkApYcV!pNgo4-J-pK`tq|Eu%IuG9L&|MU3TM-uqwYG(=j zU8fd4>QuqcIkR1N*M#D{N4VFEG9^QP^a74?y{h*VVnd_3mwo_U1!>U@*s z&Huum|K|G6pSh!*7XJPUe?Q5IInQ~VC%@~Can|yu(e-yN`~1d7vIwyR|2qDBjz87> zyNoxuvYmbDzLSHykiRq750S$2SpM+KfsT*A?hfFOE(H42VHcX(Ki|};a(~ZmXG|FoL!8mmx}+j*MH-v{BI4*(>^^gOxjcL56k(~`RSmX zG54IjsX7}tH7_SSI&E%R_S9&O7#FJ$X4^p9%L~SCC|?+wlr?tL zhO?0c`46utpEzZHQ~BpMPTG(-C$F|4oLe$2kEQI#e>?Plob-DODwaQ#vVo7ZQ-~mK z)CTX%hYrQ3=cdn?6PuJ+onN$IMr4Dx`?p_oZ)cY-&Cg#_nw?#`BtL&?Y4*MUFD@x5 zEZ>N>N#2C67PNaUxrr{m1~Rcb-LjP`8^-ck8U+J65?6hibnhE-2>Q{k-6PGXQ}g;^9QUuhH_Sw zP9OJ$qR*w&{=2wQp=hVl^!tA`zxzL|NC*C})~EO2{}q9t_-wn>gsNfh31p_b% zxyAY^!6lfg*!)cMskZQ&kwC1!MKSnaL7uVxcICm}Vf>--Ipx;hsr>l6EQY=I?g5p> zKNwtxFIo(*oBtcZIegwU_hHM=k)RWwcY~{>9EX1#<@r2JAci<6j2z(RG3=OE>cbB-vy`vNkFLrZVN z-RxS3qsA#Cb=?d1v#JnBT@xD`%Uj+d{*TSQQ)TyGP@SS_%3G_-?(emC_gT!c332`bD~l{Zoc}Y) z&HuUO=ND*Wod1&fyi6O6^ItLdtM=Aw(ggo?$;3Zo{%@N5u<>on?Gdy$&OfReL}UAv zU($+4R|jC&ktA}6C!SWXr}^eCwx=b*2l$klPnkU}$J)d@^U#fWXB|0=$0qQWJ1yvg zyNsphj_GQ5FS>XSP9QwV;63*1OhY~iw7V`S879#BhMWZCMoy3$xx%{chi%G( zcS>Qrj)3;+bt)BPsPH|?tv7&d6KHV?IfRW(z}_nS-Qa!ru{~AGN}x^QPiwjcM=5Vu zUE-nb5GQR%OgC0r$j!k%e6}F%1lk38rbgu6t{hSq;t!2KLbeIif?{Y@u4n~HYro2l z{`bQdu`mh#%hY&+|El@FraYU5C-`sJThj0ZUmBj^AF-$JSU%q+-LR8KUm50hN->{u zg}J#=?m}a6@D}b8-VIZa=V5v9b2yJ&h52=%5UeJ)u(QxuV_bw?3iDeO@?UOTX>8yG zRhU-L4|gEduyaKI?lkO4*nI)J6sAR-gRSUNn7*Fd?%aLO6v*rf9-#GwX%VDO&5~Pc z^8!4l+Opc6-O!VHKKXA4`6%4oaho?q?ZY^qfh=nx3qp?xq8WbUbfP`V(!;0&etuTL+0~_ z@lEqNY7Q!(8C)}gzr4$(>tvEbK+(KJmHLo zZO9?QuR9Ua>(E>D?39@+@ z!M2cR`s))gmevvBw`WMj&sNO-0@`&13;!~#!_G(i`rs$90oxeyH#=GI%VVG4Q4@KFfi2oL?IO4x;AvLCo`0rSXM{y_7vz&#w!AmfY zcAbR&i21<*SYYl#V=>=tk{BgE2usaf##kbWQDOm{M;#}jGiTreb5}FIO+s_T8slPP ztv#(nds)gs&PmP^^I2+KM$1Y4!{jaAPHOdU!nS`B(w`3 z^olsqs|>g&coptbt{5v~3+eXIn`aTnny=5tS_^8&fK zr}PGN^%lJz^}^^;{$q@Zik}{^2PV<#ljsNKPL)isfyfgZNZA=f>ghy#Yk_je7*cW8 zqI*gH=HP9(g?=rGaig9-CArZ{A`N;;@fp!%6hB@;_?scbWa^&cF!Fr_@>4w^v~avdY4yg~C<1S{#kwd93z*5E@IgBVS!E$VS4kL;oxQ<%Rp}oAt3gk32EeAV%3$`jGBV@ub zx)b-4=Nv`?#6wFVej6L-FdjIM`xH8pL)l5uMglpE0f>PyKrg(m@QjT~i?Q)dSgVj| zo&2Aq<>sJi{ZM1$9Qs^Rw6SrH|Gc?(TKE@~bH--G%ouDCzC)b+pg?dG#*v3yW(_;7 z?k7OCh+OJ08D^8uT>hWJpFCp7#ioh*Xl5=pP3}VDTnk@JKbT9O*bht4_FQCm8kSiM zTF1yme-wYErC3EtbFp=|A-@9!7aD7fi;c^TD~+qsu3UP_v#`P5U59nbrI(b?23l^e z(`cpJ$Y?Rw*+hABoo4#4T&KnIvlR`=ML+d}AV-jDu6rCw=DH`)gj~0cd0ei0%KXm+ zzr@{cJ{^kF?KJmUmCn6QE#!Kx;`hdyJ57@Go}}-~^}bIGQ=E9TVhXYyf?@Q3ijze9 zoq}xT&L$q@O3YKxx@%A)*eOU%KAMkALF>-JN())V*l!AD*VA>Jwx2?&<(BoH;xrjI zTFje}(iCT_xpyF?Def7?@3t#Ww-ZTDA)hxHw~k@tkcSQo!Fbw89=RQcVZ!9miu79o zNk}Ho^dZm5rX1S4GagDG@=PD{(1(e*r4Ma&++nF4Q5oHn$Rv*%r_}6HB3<_^nlP1G>xW_9Wp@VJJC#~{2WH#TT*^2V zTX6*z8%xYbwKkPnYlr2Gkf+-0W2#eSu{B{OraBwR`BX=>Gu3G^?!W?1bx)v0Q{6W5 zJe8UvW@_pJ>_o4oy8YA?7l$YYZ@jsmq{o@+eH))?W~-+m`D?ffjV09kG~}ED%SmM# za+c40Qs)PSAa|Ff*s&!VQr zHg0eW9_&xY)SdxY8*5Kg(HT;nyPPS=ht(VS{lUIyDQ4$!7z)F^j(77TjoM z*+hRg%Phbw=WXOTi~1r4H;TS|mOGkK&T?ZEKRv=#s2*V!R^pdX{lYBzg$s}oDpbEP z%T>QH%ld^`SdYWFyJ$hP+(FvrEcd28RZlU?`y8CjT`sY3j4?L&2iyt4HW;SHXCw1z zP&2*RV;>U?VWAC@N8_cjgQoRA2DCulu zJDdMEp+&RN&zE5fIxripONBd>A~L)LwT3(!`}PKGH+KhiZ#L4C|5-G7w%diJnoZwC zZs|jBQ$qDe%#)1Sr2C+?mj@}A{L6{qLF*qMB=vsWE%G6iA$}oCZxxt5FED#vVD_Bx zHTJx~?0Erg=Mrw&^8&Ny1;i{L+4BOk=LKfZ3(TGum_09`?6-I-dtPAnyuj>v0j=zH zrvQ6?8_J#+m_09`#Sy33^8)O-o(^FX3e2h(VAb)V)P3ybljWR4oY{tV^^{|t-GN8^M!!!r5=E7j5g;`-t(}NGR~nbkRLBz zPrWSV5PNu)l{@vbg;pIwjQQAsBI|#Ptp6=C{VbyOeT09By{o>sh}?bvHRdToV-=f5bVbzEC0K1- zXsj_VHZC`=G|KK3(JP7TEFR6aifDtA;3hPo$olIdN*#w=que5D=b}?&t*;0P+`_Ha zS7hyOu4x+US&X0OQWxXRg2cikaz2-`55r<=YOb}oxhDU)rf+l2V$8)>+~8>gG0&y1 zybafz&qi`Mms$uxwavNI0z@~&PTEefX?wBFL5h)e20me|M=|>FJWL9r&nn2nr^ zsfA9M%PgaqTDSsd81q?2Dz?!=F?AvTLSwPLrSEaY^hAn5-{XquiL&85q*qK&r2RNm zj2w!oi#@Q~xX@T*Tx?txyvWn#=3Zg$mF8Y$?$xZ@7gIY5Q*Zta#&yQ^#tp2N6k|WH z!Hukt6jN(Tu^Gu1Q)?-3Yw!!WBlz#|O>TQD=3eSd_%=OOF}3-9rw7aR+(?pNEn2+fcpy!^pND=F?gq zwz0&+oq1mA=F9yQFS zq$Skj1*o;M66*01)V#8Ubbkaj>MNlh<)hhU3FTItC5*UAs7JZWjOC1^OQ=Uy|E(TN zs7HmF&&pv5_4pQCXsj_VHZDUqN~lLYU19E(=3Zs))r{dwsK={tgXLNERYHBe0yi-Z zDY5!0K_*IT2ls!La8pnUd>d<6LLI&4lvo{=P)E#!siVnoy5h0gft|uQc~6bFaoGlp@ueu%5h^(&LEQpHNDVBe!PmrO5d*++^X^E=rNJ^00&U zQfjTB6bW}arAU}L05T+3rtPJs?WOcMx6uzttjxx@njwtCtr2(`nt2{ZkX0F4n+92T zhS}6$8PdB6wdPTV^xEMJW4?tiFn6I*W34hYQ!&fJl#x5R^>!H+W-`=Rw+tChfK?Vo z-vY{zp{TF_W%ezg%)SMbAwBu%t6~`=u~@hkX_R44#0H~gyJgr|`E0`+1TZRomN;cvxvz3rC zlWm!ec*|_WTV^BPGW4^Pkm}#dSPvO;%FxxDlspQ}DM$YA!Z<8aIr7hj8q1X<|DVGM z>+{S97>kx;8QNhs^?>GKyUMW)^3P))U5@<4{NTs%L3D{#a`P!P&b2tzKa^7o%)O}v zxmBO#{I8jz`rLBUy+~KjqZOM7R|Rm!r>r2wy_0%c&j42h`3# zIpx$&J{+xlQagM}!ftd!ty7g#McIOidGg~>&S=OOtaIK!wB&OBr;pF$&}2HeH=Rtde# zJY=pI)VI!~9BFVKx-<`&r@$%;Gas#(hs>3V=Hv6wd{Oi9c}QE-9DE)&Asue8@Ee(_ z%|nJ=Q0qDKkfGL~w_47%o->dBF&4f}-sd5`$#ArMkkSBbQ%K|^pLTP18nupBfu>!A znp;&+UNPT%G^?thykar!w*u|Tfu-gyGoqpR%wv{aK^Yt1d}_afGIqj+#v0>dV;y;@ zV2s)bm!Urulv*KIn0uwUSDAY?wN`%B;Rxtl6(7Ltc6T4CYpap z<>LEJ3e@+V3cl}9aap1x%6mo4Y7nEO==|GLTKkoml6?!(5nEZw&)&qqv#?^yVw zjFBqXJ9L3onoDez&J_GBX$z;}RC7-=%KlW+I^;jo+z%M@kz}Pa%iOb#4;mjb>Wg`$ zGsoQeZeHmWnY$P(SIPWHJ|)37VJQ~166>Knl$(!6=9RRjOHebTN?MbsnNcMcLwuCq z8L6ZN$*uWOrL7BbrjhbiTC1s~)yTabn^bADp-OBlKD3nMaF^1hrH~daWf<;L4*6>H zE>ugYWG@^(d}AVS{y&)eAB~z@Rr=pExAuuu`rkLVzD-y9|77leHvZ5;K5K4$r>^vW zV(yY(&K2+Mbze@JfC_g_}4*A}vbXEJ6{%a~1J8BgE zP2*wXTNYB^`zra~r;z$uU4`@}vx|QhcA$#yRyW`tbMHeARY>5rQ)N3?s;~q2UiZ<_xR zqjqZXB>?%eCWTd*&&Z)0X48J>Gj~1>tI+fL)bcH;9gp+rf8}l>w)u>O;$buK&u2xb zkMHQ(jj({&Exgd=8pto!Q$~ecX{^W6E~1R$I$FUZ$|!de7IG2uf;XX7 zq85?2JlI0dyoiy2@}T+GBE|qpU2S|3BY}L#X%WbI5$*Is{)+?7aavB_aE z`5A{>(pYTLSZvZ*Y|>av{a(UftBbYhQa_YzYb~}~lWMI=wbo**wRmbRo?45i)-MWi*i>J=wsk3E?7Tw)`iC1|qT8u=`-an2HIS?)E|^%AVK!fWku2{kUN#+Ojz zqUJSA7)9TJ8`0Y()caZ3Oc|F@@9FReql+c1v0sO`$jMTxk)=rBGH$KoEhV2RFdO+S zHEAq0sV>DTgz(W9mZeBT)HkoC$V6_XzLaz)!cF$BYJVy6>4jT~a~V2t4N3==nar1& z%$Hdz{H`h1X_-lTnMr$@Nqd>;z%pWv=c(dcW-?!Hv9SjcpXJ2X4P~8{n{`@l)@eEM zU&Ke&X*uzCLRqKf#6JXOotBe|d}N)Llhzd|>$IG-dZDb-a7*3QKW?rMSXU zTwy7$uoPEViYqL|6_(-(OL2vzxWZCgVJWV#6jzu%Twy7$uoPEViYv?>vbPdhtu$G! zG%Z?5{8#W%8(e7;TZwMYz%4CZX>wa>a$9Lyy3!=J(j>OZv~(5P8DX!tEYd3Sd>G0i zt->P3LVXKcMa;uc`nd}I6gB%;WwVb}=%?J8eXK%1#d_*}6*?(OCs(19a&NHMHd-pu zidAUic-X>MhgGH(tI)}t%-dyWR#Vbpn1n{Hrlg%vC0%VLU5&&(!mZwFHKj{*RwJeB z&Km1A)>yBx##-4L-W|kWdjQt(?gvn7`)eqRsFNUTD2uq*sFNUTD2rH6p4V8fv4*lF z;a+b(`kuH3-5!9=)chK9KFnsYR#&F{3JtZ z#X8g2b!Jz!Un&6~&BWJ{<76nisxNJcP$PtOCaZPi?K19a<3eMNaj|i^aiy`Ibk~tu z3S7r}-8%9npA8m&Bl%xPeJPbq)TlKi! z>T$i*<9f^6dXw9FtHTw%+o#p48IuQ9Z7=dR%YyxZdh< zJ^7i0zv^+l)#C4Zx{Z#R&-m`$77V0E{FJPhL2cdiZOLDYAy4dg-8cdiZOL99m( z8_0vWjy`1rDaftwm>ZDHc&Js!4JMflM&?bOxHWff zWF{iF=FW|_*SC>*lO&^Ab0f1Sg?X3Qnpi2i1+{mpiJ9zmSY|%@D&6GlklSWhO*X@7 zvKdwrS}}~jW>`(84^6DY5R!Em{Mkc$1Gbruz6&&=A;ixvK~X1Yn%E_%@B>JoiCGwF zar#5C4V(X6k-dV%<7wMcc7U#BpBz4sVHqWAW_@HF)M-v|*u!*qkWx2uLV>)Y|KuF~r$p%gTTmwyn$i5% zVW(2TLQ+Q7At?n`aR~M(=jf~uNd%Tf6Er@(#uSA_kXvSWVH(HZ?bPBZ@ zdnKQp$}RQ^*8?^@BY&*J}u~7>7E~&8hk#FcN=t&2hVayM{gS)`og~qvr*IYURAEwW5 zK|?ZODgAAWX-EqiG8VVK8?>MyufPRJqXj+L4;LD1jEm6x7W!ZL*IJl5;}YXi<1+Hx zLhr0FE6lyp+^fvJI%vgzEf%JQHm+2(I?+Pw7B`sxj^IymOJXf(+CFZR*u$=;7WQ2e z#(LfsG%dwx!Nw8>9i!Cf7}7w;UWFa#WD9zQWaxRXK~8kQi)d+!X;+J_akZdbl$YN2 zDjZ_}QVTlvOZXvHw1qWo`QI_#wU|F^a>Z>y&|-`c{8-)Z=|BtxGo|2O#F*MdIF=P*0s zTIhMvBJ}y2@TjHrE@^E=pKriCw0$dcMKPZgx3UjQ?n0yVc`Md_4=kZa*h+si0JS@J zE0%vJoJU=3wf<-;t7Uq3p|Qre*vPyb|CPpd*o3X<-gUTx^^mR35&6?cMBpy=9B!qT zKMQv&W=;hr!+pqbD}BdX@E~R1YTCFJZ6wcVBV|Dw2Vom^z12IVcdf_Y%4tF3r+=Xo z^!p#c9_62YzYAWsklIDIm42VRVeu5(J-x+O5_}l54MCl^+KPr;flp!sx1trKf>sb7 ztq`9vpC8z}KQx~ooBMgz4YtxZkq7#wop6`=w<;(8>*jvbc-Z(3>HZ0le+BB4@t+|1 zVOWmFKE*isHrz#=Pa&%zxDRt$# zUpM6cfH9w1+s4-o`OG$|Z{6lRWNv-k*v8ilJ=NEZZG7F3doJU{ZAjod@L?pd4LQ6D zbvAGt8Yp);mTDUs_%75ruWi^;h13q%ZP-##J7Bjti_Bm9V7FmQ6-MXgwlPv#0GF71 zsd1T6du6v_Q58lzX16)3%)Ocxy^WPOw+*{`1vVJhS;O4A;vBHOg$MZFP3r7ny9Twx@Bq8Wh?%=b zN!{(oLLOjWA3olAb3dtgSXU9ZqkCu%ayV$E;0#i*7k8MOQx1~zt%LbwTX|KS&=WpC)_SjGklv=n)Qj6R|J{y{FLagQR#F>!7dgNB9#D^_AfWvg(D| zScW64O{Ksp?ClZe3bAmLh13e?5&Ex1<6@)cbbXB8li;JqCFZl#xXfZ$ZXs8gd!@NonR_+1sE?JW7^r5=!3N_x<^p|;C#OM;=b6D+uCxcB5BaDpFWI|qvd_4WJpc>g+s;>YP>?4N}d{mqJh~XxrO!Rirll^G+SjdewFb=)dJV8F;paVt%q(hwF zg;{9tesrb{R*?FBTJbbknPmr&Qu*E_? ziNp?2>Uj4c<&A}kQ}($JasmrRDDOeydbS>D0bUHw z!yftjy7%EYBlB*^oDps||1T?~PNzbPnNc?}=yWRlvAJKc@VgWnSp-cmgSygq)Pnc5Px!b9X_L{tWb5qoqCsCDNL({ z*~86$ZAk2wkQ4Wi6ZbGbco9BGDcY!U`Ec$Ya&`=Ib_{ZM43-($frxttZK{o&^DeSI z3{M1yV4G4Q|F1#LPC`z#!!BdDVqmpayoemy&0m=^-YBA?uIj{JIGpDH$xeJZO#BiE%@&J^!vuD|SIH`oYoV=Z8 z%^?YLlE^*H{=EkGH0y7~Lkq=+7CH{LnY%+Fshv*Pg$ABR--w@j>3}^J=2CDDcc1xR zr}dq-)^VD8IfJ`aDf;!w39Xp;nN1T9typf$12bq+p{7WMwk-eW%;(4E!yOd(>{R?n zL$NWNhOHKIH*MiGcTj}bkH{%nn1`ItAfGFclXOrTd&V@Dz5Hn48RT;fmZ0Znkk18J zX782yhCZ51(2RXTjTUykC zWI}ESIl;&Dqysq+()6Um^rXY|q{Af8VS3VGdeUKSxdREL5Pp}%Al>MoEd5Zr(Mek# zhWW-~%G*ip%csn^L!?EEd^LcqA;30spF%R7v}pNs8!yl*J89Pn*=Ii7zU6jOv$r8P zD!|QpO6$G}`9=UO6)dpA@TCB9hY#GT7--|e%)2-!zpb1@+s26gF7<^tip+v-q9_lUD6Wks& zDh=i#jUF^gWEV6nFn6JmUC{WbUV3Piw;($hA!qR*`=24Z1YJ%u&|kA#pD=u7A52$d_oiknqFIw#3Cqo;@9;JIuWPHsmZAWZne%F5nU?k{ovV z`r{6BF9AMYn(_Pi+##PsP-BTZZR`?*FA#Z{=(HZAW zB%Z6@Byu(Em55gV6o8Eff!pF-Z zhV{I4#e0&nUx#Rd_oU0OC3#PJe+K^y|ErL%W8SwZMIW3&oZm*yy|B<&9K42`UI~^2 zuRvC}V0rK&WG@Y@CqLgtR%g9$qZPN|Sj9$3d5bbqA3PrizfW4% z%&)`J;5;l3S|K~(A!}A}z5J=2ccHZCyC%KuNaMJ-9cjD;=abfUTGLUu(EMu%znxlm zA1>pq?c`QIoL7P?&ArOr;(jE2*rf({P~PomV86HBosJB*Q+KDl?Vfb$A4z2x9>M*6 zQojlFgUfJ7(C&R7UBU-ly5;R;6=D)!ykc=5VorA(a?TfW`VumSg4|vTnL|NNU&0FV zd5D=#2(qf<9b)ZE>_jIIVGnV8mlPW|P~=WU$o-7oA-?bTKwmzr3G-C@5zv z8$fo{!zyZxH7@eNmp62k)h+7o2qSKO)s5A>PS|d4ZeR6|P$GWeiV_WZN67ymWCs-F z_8VAd{`JPqPC7o=7W(hl;0?%aHjvwFV8odKxy=T0n+@bP8_0e|$SMb9-z?;Q7|8uF zko#f0V>)XCIS&On`wy96!7~A6)=4PXp&00s<>oAjcZ~WW6=XIU9^;OcWAu#j;Zy}Y zrI;C45GUh`OR!6+P~M+HMi;Qh-nv9x9MirIIBf6U<>s|xd`r6R9kV(;Mx9>8J<7>| z(dgSTYL+~3-&!IJ8B>wxF{|rij8zn#@f%dVAEVySLRqt8jA8O1Ggc@~cn^6F!gx}A z4|(=L)$Ds{$aTn$N?3se-eYaHAD%IHdvFdntFqpEeCZ$tN=HcgYeF&tk^7QyfEs+y zboD*HUtIIvqg*$juczp$7;8S37I~Hr`@P{)219H0#OhVJ%r>^DZb{)tG zYsfA;$XWs9Rvhnr@;nGxNrvrui#+2d&%=;06=V+vWZwnkzD=n1^*(vVha7$cYf0s} zY29(wXEJbeei?Fp8FGFZa()?dei?Fp8CDSUan@%hz(!?<5ZRa>`^Cyt+>F`9b4|W8*V5ioCO~fHf!xf)FA#I<8f1S3Jcl$+lA_py)}5r*hP;!+oC>4Oz1hjc z%@;%7;jS3HNesk`PI9u2x?pw8nFu*c3)!Iuvne&Vjv==;RfKsz*HaR4MQnEsj+h{0POey=NrD$?9a^8sg*VXQHZ+_PnWb$*x3A$Iwm4;P+mHrj~I@) zn7pC4H{nx^ThJ1ucgk$tDYJE_%+{SUTX)KA-6^wmr_9!!GFzwb-f`Y3Y~2t%gT*_A zt+)(j>rP?oZbR8Rtp$m)bz1-FgV!m=DYJ4~1-j<7TkW@7?W0dfhO?B^e!JCvyVbsK z2aLr>_1A5-D!JZMUAc9Zeu7XaaIGO=w3G zS)3l$SH5wpnRGpw4({vaesxnYey5_@VE_~TI)m~Za{XJLvF=^ z>We$kfm@K2HXS4_8hu5=$#{PU2wBvW)^?hJ5LTjg4~J&xfKUyAyv+pqHpJ|?B~hbFm6r> zLGG)8oEL`NSL2;0p97FPYM^p>-rB->a`?|4W5eKQ@B}(}o_yYb>TS={d%h02nHs8f zoF|{ej~4Yqe(3<-rTw0#2fPjMk^l2p={U%3+i-@F-GI2+F9$ahCw&9)chRQ!Nj9s^ zF51*>+}ykerA1woF&T369^{rh$hR}tgyrm_q?aLIMIpPrAUEB4U9>V{rhWB7?zn?0 zOBd}c7OJ1>qD}R9U5r|}`Ij~|5wda!Ws_NZF{+1R?S-6E8`M-6E$cdD-5at$8EWLv z#f*cPX-#@}SUK0ONT@!g3pu32B!!_xjE0%!RzJ>)jp9f1`=NTAF0+AM===>*;&u_J zv3)nP%77YWv0IB#7Wbht%IdaJR=16^x^0xDGmaDR=k5-ue!Lr5?SUF)X=hvt)F_MZ z36!fFtzb5Vd{Uw8WH(Y8gxs0})sJ`E$g0~$R`kq_J-U$+F{2^GW8?< zwh>V`Bcca!a|bu9Ry;^@EM!M3+>Cwh_P1aSx~(_imp3Q{zZgKv!X`2s5`j%L3$96UeP5 zP+E5ZdG>i1kmQdb_XfigjL*{$e%JY zI+gzzW1`}xE|4B|kpfe&As46%g->&eV5a#`wD6j9U7%jb1ND*#H)FLfP$O61S9p4n z5$P=$&%F2|wwIfcsS8%*sSA;v9+0o+u!?vtV&8hbi`cRAu#HmirA0BA)xC(E34=|$ z=v_p@XW=ng=tU%q)Uauc_ONO4=}?N+BV5D+6C0L|6tQgQ;B|E1A~L)T?^^hev3M7` zhgQrq)+!_=>V!`cTMv3Q0J&=gYBit-?ZRSW%`%|Ihdo#`-73yqD^TNv9<*yB)Ofqc z+9^ArDMb(36$`n;#Otv!Lyu`!53QB7Y|PMuj$OsAHrr!kh8`O;^w^l82TfxnZT5|I z3*`a(mJ2mvWQ>U>_b{p=6&pFw^H7gH=vxm|`|UyB5+Qe?Lya4I(6MV!V}>3ZG4|M) zp~uDyJ?Ikc9R0ZtJ>`utgWOSQY>(N%9(rD6!k9r%ldumxXc1+%aY7IJBOgu*!v$zs zkBu06&>zakH~|S`Ct1z65ke1katJrSi36Xa277Ie(@QOk#jQC`FY+G`HOJ{iqlTd7 zIK3wGUXyt*GQWwB<~Y4J$LU4dSza%4egJBY(`yp$wN~6~67IFO%xXGTr56bkClVGl z$6;)1ZuKC&NLW6a9sjdug!6K zkwCWBPkCR1YC-(g1o`Aff6C7N*3?u#!je(R?-U4m*y ze9OWz_gg#aryX7KSY6Y*v>jq2|1ZM}*s*@vi~P0n)=#V9U0O{q9Hx%?seSyZef+WE zH({*#Xf3OsQtXFX%j&1rx;=i$1Uoihqptxhz-inXeGS;?YrsZd12+2NtOmK_YyoG;KI!e57BTHGMz z8i4Gz{?1S8;1Cv{o=G$o7V9R;98gOx`I?+rOO3fXf=yy`uP9jShZ91@|{&p$*0@?obL)NJTOQjhoUSV`|# zN$*%m?^sFiSV`|#N$*%m?^sFiSV`|#N$*%m?^sFiSV`|#N$*%MaK}n|htx>LN_xji zdWVu;^X{0A-JzuExTDaYJ66&=rfGL<=6J_SdWXK?7EiM+q-G6w%>Lh@ys0V!Wxs1R zewQ-J%|2DAGTx;&Z+ah_Og<*$5N`J4LCp|9CS(tkK735btKKIT+b0&=CxjWqN9(1Z z5auSo=&RV+O-_5^*JZFC_e|gJ5k4L_J6a+4W{R2bMZN^i1l3r5-4Z?k0Sr4C5E}xSnL=zkBz4#nT!h#k z*b-d!9nu~29mXxUA-00w#R&)KAN3xA=r*Lcg`B#DipM1$e$JSBAB5bh0oiftyVPSP2~=9-p*6fb2(w%BN2%sr;nn5IOWog^;8|KSV0Hd7ciUkcLkx zV#Y{O zh5WC=4=Gm^R!;OuJxcZmMhCP9KNNffRYy^bEybruYm{0m#4f=wr9dv^c9dExCxtd{u<8=x{9K)yuHX ze4YwUD^F-(0;!1fQxLlWu^SM(0kIoUEiQqyu0!kw#BM$hVv;ZsO5h1w56zU0Cx@{mHz z*We~1bN4pU&SCpe!nDF2t5;Av3M)tV>cNRuCvrrj;nu(#j+)%|@C@H`7X&>8F!! zCh=V3x51=o6D^gAyfuisiqt3a7PPdmjKRCKlX&9ECYARgCq$qub~fQz4<&prY__K@ zNHQDk`T+XqZ8myN-;a*lH7dv|3*Uo-;_VA-ZHy0`{! zQqn0{a&nIC5R&pith$n87S&J=7KVbHGEV2t^5q91oCI0cyx z!W1Mwg%ynRFw=av4G;GMD;NP%-EhvH>VNIiGlb3R{97`138c`4-!Jboit{-{PE4oL6zjBH{TXF{8KL zxa-iL`N;FC&v|%sUiXp>!!V^=Kq~TADho*EJZwQG3z&~5!!z<>|6Q!Vfcfcl$m|bx z)AKH1PInWs4;&6qq6N(9uEAmIbOCwDhPA=lKIb0MnQGEK4>hu?rk@HyZsvjN$E!*A zgkMdG`XFEAVY)K|GX8|jVbPB`@~`u#=`hS&{4!baGE55g!Ytn9jx2iHT3Q@m&1rF& zu#wnmX?JpOvhdtnj(aQpPOVlHAu9>+WWX9Rt?wXY{R(p5DdfIW$bF}Nt-fc$!_-tQ z?U9hQ$3u{>OORhHhTJ+1&r#l5+M~!iHe~-cyomj&r9H}h39YC_ZlpzfgKa_%2 zDW9R>=kRv$2K*4&*3vfRf5&(?coFx-ru_MBG8o8B+hmoNws{CfDOYF+rJ#lC z=@=vPW!#Bawpv>2FJTg`rk2*qJ{Vf-NtkIq6D|A#m4((yD##DXpjSwbcKRCJqWsfN zKcIy~jOu@N!&o0=b`06)L6nr#dtfSp!z!`d%x8>G| zaSa;v8sr2GWDWuoNQ--os7Kvv6bGgMYtZdMScQF9Lod(;n}gROYcl>CeZPRGsna!R z`#b&`bo&)}3CXNMdtZdy-vu|*Z>}ZX^H8mIt@Ta1#po(-^=oUbHLWGBbGX&7>CU2y zkdt5jTI<)=(t})=jpMC)-in8;AVKwR_2hOKGKYekJ@M;Vb>S&_>xa_Ade&PYtq*_N z-A%}D3csG*_WDia?HXi74pzu*8s3CH-^P8KRGL^@8-iz%d=pxF9d^-1n$S#qXoDS) zUqgnRgo5<*FkA6su?bImRG4~dncF|~E-QpL{l`o)k0Jjg+!}K}M!hHakD1ka%&gX9 z)OD=?7e3jLi`2TJMNCL_vf~0O2*?h$YAr4(f&#M1CbjeL^!~rk zbI$wT_a^ryHvwGc_ukKa-m^dFJm)#jdCqyyLJhtKWabCRsve+>HEO{kF3kS`MgOU# z?gTQA;n#xqgx{dG)<~yj_JG36} zfX>{GsinIEDS8~Uj8*TTHn}w!slv<-H7I88*c5WDd$fo_JzPkg|j3NtdrjZY*H8QM#MZJt z&@iX_>B1e`|secV?g1_-%+y#KvtRoS!o7jr5TW&p+FgJ{SJx=WQG>V8Vvt;aNQ9g z>&<|yHv_T;!~dPEv^MdAm{J^7b2;C=X0MjkbMC__Cf+zDcsC>c?P;xU!X|5 z8T7n;fM-y5GvNQbfxVJH0G@gr~&w$eN&Y)(G16g|pWbGM{wP!%qo&ovV;?JN&V5dX^?;__jD3_So{Q=}0 zC*T4&VFvq{1_9YS3FI6nAbU%JoHYSt|32^`dW0FAG9fOU77Kis8lS=W5&~B!TnX>Z z@E=q2Dtd|;)bCQ@W}w+i)q?pp$GcRu9L z2)LsQ*jFeMoGH`}u15~c2tJ|kZpm%XOIvHyw$`X^tr7aafs3@YMr~`2 z+R7TWmCb}oC;XXE>3kq#ZXjp$0XfAH_)++6CLAkJ=F?`vtG$4%>+ol4k26zyoSE9= z%%s%){h72s;=<7a8`Wi|nrBHm{_oX%7gU<*->v4^3Y#>f)aFbmBfj^kd7i@gP8VD_ z8w$8ceL1liGdsS4E0KybDfMySI)&`k#LVh(;AVJZCgm0LcIP60COmd7@JuHU*u?3~ zGvTEK^~C7`K$-QD6I;#(3N>cYqI&>k)@v4&=>z;IY0gqzdKUB%GpFSPrA5zzN^&de zZ4#HZyc@`>Js|5qfUMyHiqoct0m7+M&LSy>|nyY8EVg>-JJ*APV1Yc?QRzBt^o6y z3j0ByS{$hQ;z@8L0l+nMG2J-)c(JJ7!iiG2XbS|%W0(|~+U1IpO#F4g7k zqQyxV(F*QTS$!9@%J=V*uW3NmG67l31eCt}E+qCI|1RX4Kz6wTXMz1L9dFaK{`>l~ksAkrGM<`E zyVwR~tsRh+mO#Fw17+@dHk@!2D4Z}GP8bN}>kRNFHM8Q*pN-tu50pN7HaxH%C_VLT zq{l8GEAD{OQ_oiEFM{qOpAA2V%Y3x) z*+_VD2v?9YT(K0m7#(u9wvpM$5J`vguYeCS9-IxIh?%p^fsd$}6NE5xb`WrthFPt? zYt(n0!u1L{;hZoV)yzEzm^ULsW~)@6jZ_zx7o1Cg+;Qd4R_>Y&cj2N^eRj}Ks2WJy zpG_@%3V07KaW;~?kP?dS#2IbWT9Zn0xm|b=W|8DgD#@EvlGA$WL7G&OH>vK_r1HE; z<$06J^Cp$&O)AfuRCj99dTG)cX;R&(Np+_tt&t|JktVH?CTe8A-=y-qN#%Ky)Qr1HE;<$06J^Cp$&O)AfuRGv4f?$o66yh-JG zlgjfZmFG<=&zn@9H>o^tQhDBllsf@-(Vd!9s^3FPJnr8E-Hrl9o4tq9;X;m9+G^jb`^Fu)4u{p|PbKo(;!()Ue|2F`I$L63ja2Gh7*2kZ# zQfsbCt+^_-=Bm`1t5R#OO0BsnwdShSnyXT4u1c-BDz)aS)S9bOYpzPIxhl2hs??gR zQfsbCt+^_-=Bm`1t5R#OO0BsnwdShSnyXT4u1c-B+#G$#pUXL2C+G`B_THy8av$Z* z_wUnsxlbk7eUxjUKaaA!31qD%khPjX)@lMjOr6f76vu#HR5RZ$G0T{A9(~q1K zp-+-GxC^|Li~RVj)OWSItU))PM@e@A*Qt5ELe5~sWfRhVp4Rw0WXl2Cm}ubhwWnrR zGt`)`95`P~H=lC7hD$Y4alUfkd|Lepe?D@UxNsxkwJ)9zH;S1xazJ)M0k?x|KAede z&J@T=gFs{wa1MRqd^l5F7Lxz@aHg1rGv{lm=WBWA(`La%Sp=?E$ekdVH%d-aGnubC z$$V2H?ThDAvsd`@soCMczSQY_I9Z@b$obUr2cR`8Gl3!-7tmXs1!QF=kd>K0R%Qa( z{{m$H3y}RUKpBZFpoI%;V+vPkNEvY~V8kKroMi`Gr!MOiZdCV8>b_ZBwx|my z+7a>v=W^h7r_^5nwLc8(izcuDYF`5Er;t7$bCWX}c#m@x@Lp!T7a%t-1umt3ToBw3 zlv9iffZVzTEToK_szxnyq7gHe3#k`0d+Oy*Ah&J-xpfQ3ty@5;7fv@qFI`Bz90uN` zW^S;;%nepRZm%!cUp+9(4DCYdXcU5Xl2ICFYgPmMo;c#4ID|g|rBX`?$JDeJ!NE#AUt0jp{D-wU80w0pJ#O*~(~i zA@x-P+>Q)iNPTg43-!f~KGYYKp}sB!UJv&!3_c-c3GRkt7b5w^y~(Kq-opvP3#mZ~ zKZm+rgpP3pC|c_xmH&%W{>yn#n{g4XbrF*DFi^DCMJoRnsr+9=jpX}_kdr%rtOy0N zk_{-j>mumSDFevNSNuiV3oPOmn>R4eP$+urB5tt}7tv-H`Loq5I_)BQ2XPmjc9B0% z&7#>Z(mrC5_7RJ;k645hC2!h0$Qe@ysV7!}0$BwLWECioRiHr8T^G|A^aRQ`^u?;d zE{698VP-8TQ2GT&A}bcdf#(4isk`X0i&c+Z zth&=;_;4pK55kj+;lsl~krj*4pu}A?*u`+2_{xZQF}x@4>lAVhB<2n1sEd)thk%^K z4wNy`Vz};Ap!70};kwI!A|)2Xbr%BrA^{e|bp^nFQfk#M7QT@OyT(<-+67zFNl_l`c0iT&aH0>qu53%4M zfsN`iQ_Z5$ErEZ;y-D5gfm@b9PjR28?wlHdc?tZv1bHj&LcJxNEcynJQ@eqj=?awD zo+Y$p3IC|V6$&3yxLSRMl1pgC5@xN&5~?nt6$_N!Z3*-g^A^P@lw1NO`vSL9k4vEB zKp^`OfHMAC0^Kg5US)oJDID7iC^LIYX?F*KoE7gc)n0ok?Q0)q>9vZRIK zFV#MpK7l+erKRizO252RwW+0WMZPbmjU5JZvLBFB?tz>#2NXT|e(>%D$~T((!TScV zTA|Fl-fvRSGTslj^uUF4q5TJtAxD7S$g`Y0)&Ke`vQ^;)#n7M5McpI(wL2B>>Q1q(@slg+_Y03@mF8Y7TX7u@3wNbSU!*w*nquA;UVbrI#4u8 z&J&~G;XE<%)xO{%mGBQCw~zP_QLgSjCy5b@lf)>Cob-4E$Vp;A`I;jqiMFoOaIb{FTywZw%e$O> zlA6k#<^IFaYB{+TmlbMWDe3r+sag8I<>Y)1kaGxt+!O}nrZC_JyDy{o^1TEIm)e+9L$6EkNO0+&OL6^eI-^8X5W<`6F2G60k@)Cwps zW^Ne(N-J0a<+lMht663US3vn!q@6Pp&Kx&ilhI?C30$ePU8%BSCFMPV3wNRcMMkZJ zw$A`-p!rH@dju$b&`KyQX3_jtf{R#+YbE@71pX+b6+8yby8-39-ea2DW0d`{{}?4Y zMoC0ItfEHN1Eoe*seD*P$X%F4KCFU1eSsn$R;hegrSf5wQfZaShgGC@)L(_pZ~!PH zuT|QnR;iR&rBY&*N{Lk}B~~eYR*~l;gcK>UN~OeVC!iFosnZvMvWjUnb-EKMvSKy$ zxEuIkXtG*I8LO$mJ(yWN4!lhudD{r&&IlkUS_8T74=6qOYI>g?KxzA{>4UZbSE$Ql z3b}U=m(}Q;tI4^*$JKo;`CLu@#bv!hnekqYWRUbXF+N%i%_X(1>LOo_SJSf2@>j#v z!+`hDv#+7vcL58@^BPLG6DVJ$*HAh!%NP7L)RaI@tOd$Cx;4~-Kw0^=hLY|E%F4Gj zl<_EVmBI~Z+G~)IhmZoYj_Yx)_s2=?2xj?)^*HGq_1BVz-M~U}vX(p?2TC5+YO7qU zd00!VL%4``x>j?tR&%nJ6kfrF6IOvDpVw-QuLbW3e;u`U6j(?;*Qq322UicmEIP?L z@Ki6vWs-17w#-B?a9=>_D(dLV25{q^wPAmA#6 z($>~1=dV}Ewn4FPAntDX>?SC%fw+DA4a&D0h?|djmBKZYbOSXjaJ|9}NbC)yR_Jep zN{4{5&S9g{XCrw#fLZ9X5z3qZN{_P8e&~`hJeJem&@1bV}1Eqd9X5Wdfo%eTZcAdP=L#)|zg3eXe>^tXn{t+})F(ft0_+{Nk9`ATc<8Z+m6vpP3e_X1}?evLIVUc>A=ZqSwd{hYrs zyR^{>*6eXg>kHQGbNBE9YYsTYdaE^eBFt`U&U4PpTVl{P|aiDzNyabPOVevOmZeW^_&x3!rg1d{ED10PB}bU!@trQkGTrB zYX~#J8H`EH;$DG&9dH6J4VWijuEktWdKJ8HbZ%DndSH>m+Bd=oo>Xi}qX>+H!8}&+ z)N80BPIoHjH%UVa-neh*XL9s@!lYvwO&V32t0AO3(izIF1Fh$%3|vzvQxy~`!d$EQ zs>0=FYo2IxUx)w1sI*e@n>9{$iWS)s-AtO3NxO>p;wCUNrKW^d)LlKH>+zR*DdH_myZL@x0bUm#M^=NL*9T21A|Zv5qqUg?EJiCOVfZHnB?{uG4tc zl-i^q6tB>{HfU`~n6R8C%_(Yc09M&LoUEk~DhM@%Zo--4@s--Gq})=|rsTr6b(Bwd zZ)z;QWKKr z23y}!ZYg1kbEG_y7b*KB@Ca=hl(H$_47u!9TlN|a(Y)1|Shbph&`3gsykuIB;WE>* zBxjNf2_vPOrZk<5Dc%+@($uEH_d>-QY(kC6O8aT*Iv!YryWvHXf61?KW)Ugh%D+~_ zhxwDxlQnlHC&IBpmz%*LCaJ}c1|gj)NkigE9n_Q8u!V=EFy(7b%k(-kX-Ix+D2;G* zoZHjeY}lHFzb0vTc?*|^d^=6^T7ga_+#&5e%&Tx~Tp9^wO`V&PN*v*9BX3Pxml6x7 z8EO^5r-DZ~d>SPeZZ|QCNU0^iq*KB0xwwf8xE)MFtvX5@uh~>dGD*IWzS1@(fnVxZ z>d~~udQ9cY(UMP*Tf()bePl{4?0Mq&-{*unlmG zvW_Gxt0$R~)|cN>0gl^?V#PA4*55w0Vq!UECPH0#b=~{wDrzeyUS8BtS5a4V-PDTe z8wgM|v7)@bp%xdxNysVX)eYrUlyGuobv-4TSW{axzN);ovi^1{47t3ezGkY1o>Fsj zWmQGd_?jtG8|o!Pb>nL*sD#1Y^1J0rx$4H(fFZr$S{s&#mDS^`8c4ASgi4&M^6E(q z<&$tBlS)mg$6LW((@+;y4PLcGsjY$J8Viz9S(VjA^$pb(Mbj$lC)=PG)fG*hTv=69 zS2K0;?M2fjSB{@tR0kDFzkYIgeNn}&6}7hus@kHu$u$ima&tvd`OTE6zDArS^-BC| zCe}}r3KtaQC(NZS86n0`u7Ujw*=@}VEo-VL)j*fam0Hs(iYjiKN}X#O6Ac?ptEA*0 zt+=heLKz6e<7>#4)B{%uHRb0PTc73H;cgDsy+1*Tes#m*(prOsu@Sc@)xS3_9pIwAd@1tGI3PW87AL4O;58Xe-xq^YkaVSMdfU zik-1VI`&fU)A&K&1ooK?;?XRY&!^C&w1{mui<5@)IN zeP@xg*m>6ZvGXc7u`G0!yMZ&y`Hu5l=Mm?Z&R*wx&QF~mIlp!8aenW1a(?LMIp22v z!#V04bAICdm-7R+v-6^J#F_5g>%8F{cTPAno%^`OWt}sResR3>GvwhWr0;s}ba}$r z>}+9#@f!WiQ_dfpKRWY~jfb6ocb;*ccK$^Fw%Pw~yP`J=5*y_IJ;62e@au1Ko4nLGHP3k$ax=rt??#eD^)>1@49J zd)L%P_?r?X6JJKz6-|v3F{h<3H_rvZ- z+>g4W+|lkBXQ#8v9qW#B%iJs7tK6&IkGcQgUgLh;z1F?Xz25zV`$_jx?hWpZ?x)?) zxSw_Z(fyqJPwwa4FF607^Eda4?w8z~+;aD3cf32nt#Bv0libN}rTb;~7Prcs;#Rvg z?o{_HZmnDA*1HYvt?o2NYkS<=+}qu+x?gj@?ta6)!+F{Lrt>@_z3t8p=Oy=B?mxT# z;(puxj{9Brd+zt0hut5z|LXqG{gL})_b2X8-G6g`=Kj0;bN4^oU%3D2{?h#~_gC(J zyT5jS+0ou1)NgdP0phB&hUDAy}aIDAFr=> zCMQYv_s;SLcxQ7`^f_|YvsdJu=bi7phtr%d^xo@T%C8SpY%TE-QeBmecJns_gU{Bz0Z07eK6Pu@dzw>5zjowUe7H1^i<=ySg_L{tVynDSl-dyiKZ=N^bTi`A97I}-k zCEil+e(wSALGK}NnYY|~*n7l#)LY@L^d9q8d8@rOoO!&~TgREi8@!F2AH3Py;%)Vw z;MCkda%SsOoS@11ikxe>&Eup!?|DwclXK`^;U;bP{0rH;c#(gx ze~Evof0=)||2}`Pe}zB9FJ?#LP(R@h^N0H*{E>dC|9<}i{s;XJ`5*Q_;(yd1<&XBq z_+$NXewlxzf0ci=|1oxZUE_b;zt+Fbzuy0Z|4IK-{tf<({-@b3^;z~Kea`!Py2uJpYi|fZ}Xq^pYxyhUtkXJMgJv#hySv_)8FO4 z;=k(e_V@UE{nz|`{(k>}f6zbVzwRIQkN8LZWBzgf4gZAy7ynKFum1n||DXRi|9}0z z`^mrw+`tR`AP71Ic|qr(OVBmQ4+?_9pj*&A=nf!@);_j|QWH(ZQHtY%ne;3$6^V3a$=57W_kSP4MyH+Tgn2 z`rs46CxcG~Hv~5ZpAJ3~d^Y&U;B&!01)mST5PUKCQgBmH9^4#^4<-Z^!Ng!vFgd6U zz8u^VR0UIl>Yyf=8hj^}&Wuv6 z89Ws{9sDVHCiru(EqFF~E_gn8A=n(px!Jc4m@LI4h*dH7S z4hDyU*Mq~sk>F@>EI1y#5u6DA61>@IaCJjfRWPohwx)AKb>)yDqlVb`*t{v_<7;cG zyH91fQ8R&2nQEY&M;YhN<>s9?iow&Z6?x_Q>O87uQcZQmEuG8FyI{=t%G&V_Qzlkb z+*U9?WzHWnp{Blkyd;`GJ~HNw9nWx}I&Xq`jRk#qJvMoD9%u2Q{Ytj-#u>a7`pO>{ zC6Zqe89R@&xv4Pkym2Ps3Vjt^naWSWq?9@T$|!;SNs+PeN;GCPXU%irq?o1Ps#M&9 z$tiPi)y?I#!DK+*)%BHC6Dsm5_0{=mTarp!lB-QgWE6U9Mdzz+o-55e|LQ0Ud6k2! zYQ|T2SAWc_{Bps^QkV+9oH7^wLo92Bx5O+xZ+Iz~McD#s5VUtU*H7u0r!v5OeUyRZsFOswZ{6&Qh$#QtUcIu^N4KyKZtr^`!FJhACC$4fWk>;CHxIt>a zUTXhFQ~QjqVS>&#+Ojm*vfOCO(x9(SH`X#9?9?Ez+l}#(bZdy)I^Sryq`|xkK9kB< z!L*q9A7kd*Q|7$SnG$|gU-_Slcr5>`k+D-1G>$*-0O?m%l0^Y8#!mn1; z*3>nqAgV2#Skq9OvQ*w$5n2lBDsKzT-Rfvd)sd}2CY(ZBVRdD76iL&rtez-BuC@T# z6`AX&G3Yn$-RdXPbV8fvAY~y3p+#~KnoSNOo8}<2X%0e5*Yb&#mBWimMwWK1sH;aP zFkRDyjMPuAtew!6T&SV0D^8loE+D=&))_*CHd7TQR9&G)wic}lYnJ4pxXFkb>J)is z1g9|;Xu8&{r7-4BV=Joa%Y~Inic5y;yQFxSeV6(Zzci75CI6~Un7>r1u&RqN&0r=x zI)h)|ltbQKl?r0&A~Y}tGNEB8y@t`Os7W)Tfyj*p>Z&QjO?6VV!D^7S#gK0j7h_jV z-IyeK4JYYqIDzR?NuBw<=pRXpJ%FVm#cI0<;r%zRt*G=|D)fbFL z;NDV!IG9-9bu`90@hG&e8l|gPDl{E6sbjY*8!D^nkbPC+kvAIEq@q4=T=fKE=Z%{p zukKM0jgdd@HfA-aOsJVwt&y2v6)7~aUc;$P!xes_K^j+0wS-iuR6NpXI>jT4t=&rU zkwdLLVc*JXLyAW#>+v38-ACGYseKzsSUhsHwU4pyvGzUAzRS$J)Z#C-_)9I`Qj53L z;w`m!OD*0~i?`I`Ewy+{E#6X#x76Y-wRlU*I$cK%R(GlqX!0=1mU)!LJ<8%9WpR(P zxJOysqb%-G7WXKNdz8gJ%HkenagQ3;=|;ubkit3ImUpzpJ=)?PZE=sbxJO&uqb=^y z7WZh2d$h$p+TtEC#N%}IJGR|TjXR(j7*vDDy<1F@Z z7W+7heVoN!X0ex9>}3{vnZ;gav6tD>m)X*n+0vI;{AH#2qeMG0iVI&9tg-W`aq85$ zyh7gv*Qv}g=9-jQOH(q$dg?Q8L6(qhyGoM#&IEjgldT8YM#vHA;#t{$h*2*y1m?_=_!m)6ESjDYp2FE&gJg zez8rz*rs1>(=V~_7*z`+m`ATg0N^JQ`Z23wo{t}D7 z#Nscp_=j5jLoNQH7XMI-f2hSj)Z!m%%Qw{G9cu9owRneGyhAPCp%(8@i+8BSo3MBj z7H`7hO<24Mi#K8MCM@2BEqB7=Pgwj3i$7uUCoKMi#haqF4tzS}>>=A0ZUoyjhe3WNv>>hb(q?A=7rmTvnPzMz@W>*a{xV&zB z_mrwH*086q8{aEEafVz|Q%)v&nv)`tP})usLx!lfT0CS($dDIOA*r`YyEiD6;eC@zk0l@9H0%Q}3xP9B+NY$q)e!;M%>j4)y{F(R}ZF_{=) z#AITm5rYY<+9pOCF_;)>#9(5i5rc`5Wg%%(#IWjWqSWHBYHq@+xe2T0Cajv92+0}6 zGomTbfSy9ulACak)fuTbfSy9ulACak)fuTbfSy9ulACak)fuTbfSy9ulACdOGFA7@m7#5ki0 zB&@=lunKR&D!d7+@FuLno3ILR!YaH8tMDeQ!ke%PZ^A0P39IlXtiqeH3U9(Hya}uD zCal7nC^I5tc=6C-MqJSM8ub%xQ`;%p=eSNRFPT)4$6^|^jl5fG%j<6`?=-4v>g4iZ zbVYr6rz^{ux6{Tyl!iBMY8}gIs)Ntr<&VRgRX+9Q!PU&kclw9&sZ-0D44!iHgmUlW z4c@g4-e)VBfvuETcklX2|C5tzI(@2g(v))lhVq8aH=3mU>nB(GWB6ZRSJ|mt@!l+W zCkft86LbQn!eafZU=>dm;efSLu->9r8OejyWOMWwue!mzt+F#qWCXQeJGmy0rBzeP zi#zGduLnKzEK(Am^+Eo4{#ZNJOsSYup09;xfmlslp)Iajx{PDtkhpf0(i(p;g?dq; zEvfObrBh1}YY9WX#Lsu!J@fTB=M9;Xzc-zvdrH3tD7`)Kh z)w54CPj$@Kva7L^!mbKMf$J8gqAo(?;xaP~;;k~0x5{YV+7Iwn{^G4|gtxX4-r7cZ ztGdivWi)T?CwQy6%v<{j-r7&_RvF1#Wn^)g83ysT_{}f~yTxyYLD((+VvDcX;xm)a z_*;BtScKi;GsB?bGBXU~ZOdndLD+5i%rFSMEuR?%VYm3qFbKOXpBV;Wx8*a#Andk$ zW*AglW`;q$ZTZYF2)iwx83tju5O!N$GaSNh>1&2V z#bstV#M_qN42Q7W@|)ohc3WOE{K0O^Ylc7AZF$Y`r?_mG_Hn#z`G(o_huQKCv*{1B zhuidx`d?gT^cLPW{oywK;Wqu@HvQo?{o%Ge!!4fS zwmicvzTvh!!!6$7w*H1&{39&>5w?6rPbw}mdJ=Do-{?u$E&dS}{|JkJgvCF?;vZr0 zkFfYhSo~&6vbfAlN%FSzG*gn;ExwVqyk<%gcZ+YN#W&L8GkP2T7N61Eu!s0;c}Lpv znkmWRGBYK~+u}Dm8+MD|=xo?+d5zA7-QqV>lh|!}jn0PMme=TP*e!mevlW*aosGAp zx6#?K+xj*-8+KcMqqAYR(b;(0@*ABE zyDh)b)v#N>J-bTQr*kI}`j+wvJ*476gaRFO8*N8cV-4mVRk0{ZX;>N5#?~6-$3qEd5cj^hd?g z9~Db~R4o0`vG8MJ<}x*lE`lzrG#@vlOnGKpnV~T%%8YIlI%S`g$R6vE z-DFbs*5R1XI^iEW{`lK#tDHV8bznzURe60iD~$t*LO2PPGP^Oe=lHi&)N;&HE4al<;BA>9<(XJCOCZ*RWo8vU>+>Rqtl)=#%bVR%`ZW zrR7zue*8Ks6KAlxkh_RIZf;|3-g{Yh_kPySO=O+hPg#?;iZx^V{J*i9tB4g?*RY!E zv#gw&z$&S!tcdzLtDkpCWwDp*GgBCVitb)Vf}P>v_=Bgu6u3x){HUiP1;X>g23QZo+>UuJ6P3 zB3yeCZUcBWIv3!29u(>8nlQn|=v%AB*zI6~KSerZYL?0L!VlQ|!m z=+T_NGlgl%kGb=h>-Tfs>j)gC(3sh=-OMHK9``k|!nlQcmI^0KbNbMwoITWsGo1Pc zoGcx1u5`eu(gEi~at6eQIlU>Lvzz)loj4uhB0`@_$UJ;Mf^ULTP~^;9PU*Ah6yRIH zNl+5vY7ODzI}lp}+dwD4)|arotP3~Plfosq4!0>>qB-F-R8Er0C)B5i_YrbX==g+S zm%Hq4r}roz-UY-f!SzFwAdHtUCr}Yea{m!>-;20?6mPzbZ*tN(mh<7n9|&H_r{Mbl z`|IUIJWjeI&WG_$;Cl(>x`fmv?~@626{#1I`lWLAot%8f2?la58>g}n>m$VaFtN@h z)}?Y5o1DZJa1I+OTuKUcr0_*jIF}R>TAIr&z6*(2L`dSn@>j7$?H)e-GrV^-m>4xWJ(An8bKV*9>4n&DhlC>L0s4(M zMRpP5b>sHdLHK_!J(tK&?p;p4;hYQocU$~Yj=tnyxCc4Jc?c~Zaeo`1EbaHuyQTd? z?M(W^q2z06`olX`8_JUZca8p|{FA-^>e~iuU)qNMTj9-J7NVVT8VSGTdbEil1}&|6 zJ?%DM+pp*kC(?eVPw108@K$6p8xGa_Ul9GlhUjkdt{jg%LhIrGmdnL#`OW06`oc?6 z3;g8OK9qNDI>g;C1r}R$lg46jW|4ff{ zkqMUM-YNQG?VqLZg8Prgeo`wA=a#)#I;{N1Q%%AK_ zZcn}}nsV~7(;Lo*&i3JsS4{b;zZp%M zIh1$mgZ^_Qxd#gG6iVy=06hUSSdwFWP1`*DPR&1gJe;oUljpaV15S=KA0+yFIMb~R zNm-UPg{Dk9EQ^ALO61d zbDqN9$$8Lb1%3O4$vdUjfrGiDJNYzyJNLNbcQE+`oZJmLD8E)8^v~nOIDigh_`kpe z$A*bk!N^>6H?d`Wvbm=Pmb6oklvmmtG7qgclveQ?3^|$*Xuz#LJxH7TQ=@WTg!uxA zLCk*8fSc!4dP09j0&)Gps1G$dfYfC@P}&n} zyEy86L0FcwK#@g89}*)Rg{ZudzUnabx-Gd`12Q)hMd*-0Tav?=S|52+k`u}2=y^^s z_hel6o3}s>afH5UmyA4+FzAgb-&Rc*LvwWg=!uOW)2M&k@`P$nQRvnU{o!(LD+Ck1 zV{F&z3^4Zy@C%=?EroXTmi+Z)w%OKV@-bx4h3eHKxhlB``bZ54$BO=zHiDE;wB`ds zo3Q>gW&~(mX3X;kow;5r5KqB509YuRV)92(@RY%D&WmXEu_wJ1g&tA+c|&sJ^ov6E zgg&V!bLmt5?Jx-jDOa{qw!(O4EZtej4M}bUQRtAW=pNnZXSiEAlpKPV9PeV(w4Yl%qW(Aeg!q^T|HDS33|)xx zYv#m7hxj9L|L9ziTnQHLuA_ZjOkcxo>PiLCf(lcyA``2lj5%W;AuCwrIak}Ofjw2K z%@O*bKlBPI#ux+%V(Od`i0CYR{?&q>Cdx@dN!6sB z!jzt5a~h}n=59MZ`Oh7H+aXm7XVM>z#r21_(`h|KPWr>XR2r&3yg`4t$LbIAWhM4R zy|~V9iU+OF%wPQ;jz7oLZ}L}3xf@nEY`^s5!dbDO(Pp?oFqW{BSx;e&wcwa-Lt32x z?NT`D+wu4*Gg9FhT4ktjSdUOo#8)+qtE z+&;;dNI$Nn*jSdzDu2=wYHlN??N$~XM%y|p_fgp}1IhUj<-3r|ndE2l1aq)!ook7e ze?oj2V#2XHe~`f|bdt3u1CaECl1ufs37t?WLN72sIUTo$l1t&z)$|f3LU4=fmkk@r3SaPQa3hm5$}PK&d=-{ zwhQ4($^C-lOy0*u!vO9|{#p9}=qI$`Asku~vo6gfh59|GbbpP}y0o2p1ma%A|3Y99 zGxcXAt0ZLjpdm1S;|zdryD^GKvZo&CzdvOIr(l%1W?ioo_c3N>1XiV7(?p$+4U3Tzb|oeo+E8X{@$9PgV4lwhCksb^QUd<7Xzn1W#fiY z%6^7(f$#v5?ijimEtu9X+_F2l11{)?zSsvkUBJlxIp-{eJqaak{Q~yK^p~{^aPm=P z$zjHg1CU>~FMMkX8pCq2b5ZhvWRv|p&)fW$p@~bce1Lj=l>YxLXfri=H!h-8p2O_; z>u9RaLXQ*4N0QvpPD#%}Qr*d1##2e|W0yG%hidS zh0Hd|x2FMcf$hPCiu?~sJo}_fq04E0Q;*wq&ZBiaX1-%n7zoL|7mnu98tcKBYBlYi z?`THr;47y-q%Nz9w!`U08x+?<0iv_SrKg764@BCfOHm2^|HRYtbeEFeEtF!is@ePx z;c9w~*jhE!F=E+ap6hyQMtEEwm4J4JN&9f50GvGl85Y+x!r`~pJ{D=Ii3rESp=XB4%Uq$DVHxM*5q!Va6!TTS|*S z2AG4O`Ck5V>oL=O zzlaUapp1uDL;M_i!N6>D18MQz&6e}R%u6ln?3Nv4pORV*6F+5d`YO1Ow%9%%{9L9C zy#4hYw$e2mOe+uRk7LSjbvNhn-C#hf zKTD6^vj0o>$5x2GzlSkOYKDPP_{lzu7ap{~XLy_cVn&sb25vAUznOfXEnLjTJkRgH z6dqu#bvAl>cS_t-Mi{w2v=aTQC^49ee<3vkMm=|voSEF^o?^3*DIG~n=FhA>^B21q zDO=qcANh{a*3(x;;?9{0^I6;Q?c@@4s9%t0si|C_bIC<2SIuGxr`umMpHpD%Nj=#QKq&+MjwUj4{QG;A0hN`xD3-BcxiYmZP9)v$IcUr+pX!sY+_J zWq}8nY5X%>`W!Q0dpk5n?#Z{fy-0=bGCL>q(>)*|vXgoDP-&HtSUTF%1iQp#O!6s} zX>DPW6|+a+WoBHN*OR_)M_Au&MUDCQRr4TS!~I@XEuG3=eAzL|W= zlU%3YB-a@m@T@omBG+`oAo&8y+?l{`%rMWRCpatFNRB%oZQ+!KMv6qeau;SMZ2r;_ zpCVg#ByP9V7izP{rj4{sOSbZgRUPsjx(D+{GMm``N2G(9p_jhX%%2&F(f+j3V#w^U z`BAsb6Wgyo2dIC+BrE02lgpk3`TDetwk*&|-ktn8eR`kd&$E>{OP&4LAY@K$8EKs$ zCtDdyhx|v%*5B%nDNa?B)n39-ncl4DTWfzic$@#rEn80V2W{$}+nHsT`O=33g6lH& zfn0`GQqs;f?lKpJyjH1y7ToeIt>uX3-F!!q9>w%3nF^GHn~r#8)Jv^~e~E@(f&68j zw>{4wO$Uz9lolkHX|3Pco+RGgVbSo==Ahma@3eBj+q6FY$qs+>e_rM)`MsQyTcnU=}s=3?|H z6E^!-yHr}H459wPOw%srZud}bI~q)d%+18uTVv|?Y?+DJ)6tZ2!}m@K71Ewrh#aKy zJ1OVw&r8%l{hu#sNE_OP?zAv%MQ2Gm*haz>-vw{cyjUrOMstCTS}^G->s^rZlgJ`x z7#4{3D_X+aBE51MN%u7CjnEX0-Xt~EGu7Xv761A)+dI;d%lAT~v8HN7?DR0ecjsfq z9=YT_lD4u=NKUhOE&kmrmlWP9VVK!!^I=Vnj4_tmF@~(ckX33ThcZ4L{dSizvD4t# z)~HHQ+Hq)Xy&rD-qY?jU$kl01GFl_9crt!rV%5nWW=jjvIoX3jZOht`bLn3@FiVoH zG;gVNkac2hJp=ht^BS`RI(}wN%@dS;AS>d`xVNp?Ir(Q=C6`mgjs!}t=gcWkr_^ep z!Z3uyYhKTpxg?D7j(O*z-J39BNP1}*J^w$WD{EDqlKHx~v(jTLYqMs^d{Af#`krr9z`^95*ZcOrB4DFCr=GpOs=N z50B*{5#h2!vbrI2Slo}M%8<>JTDh2>jvdP%Zs)hl3}{-(g;`gcAx?HDon1JQtp?!A zcCEwaJAoM^Dngx;JIdE)R*h!QK`uVoauL>)*0J<^+WWPgBK$`_!?8|!_%O|M*A}+u zYkTulNP8bE-cFZfYMU+f~ChpE6h2vt@48_hMad-bN;q zYgzv@Km&2cLMkw`l4nxh=UF%MTb&WHx=1QS+a@b%WYv3%M{)IGb@=vZ#Z~uKq+JxB zFlW;0o=mM(jl3}AC==wQT{H~BBS+$o=4v2giWtYo{c|-pPd6=|Vor0(&61@}!1o7p zNI>)kqdPP&v-H+|sOil)q|!=|?74{Zl_bzAby654w^_=Z3iOUNoySbtA?A9|)~|!K z>*Uk#$b2@-6zxjZSG@I&ySA;Lmxq6JY*J|+gP@YjY zdv{o4i@x}deR3#shw|QzGB?+PI)v{X5h>2Wk|EI>_#MV1qeI=xlu4Iw9xroYw0{b} zKW7edT3zG06f^p@YDIiUYEwI6N1c3gdZB$8q&L<%EQOnx~B7eYwnR*?3re!_LzKC;rF`vvUKW-mT9#K zbN-z6s8FRy$FL!XPl#+7 zGWWYu@9jywgJFx>7mt~rm(c2?ojt9uR5o%K8PKL?ku4X}E95qo?5cl8|nY*{!- zchr@ib6INI^rOQjVvdEa|bdZfmiW{q`*I-kTx_VvlW)3Z27`T*Zv z4w5guSDC(_vy}GZats>E*&RE{FPiA7mi4hbwlIcmk-W*Sr2{PjWIW$b#|*lk zhIk^wbCCBfQ_k6?yX1>Mr&I`(otDt*b=oNVBiLijofXiH{@9+4@dD>=JSTf^@#AOk z;9m%RGn6pre6$)+Nc7-$aj~@Z^pmKA>AE_>9BA`=Jhb` z%tN-|XBztOC2;_z?jnI`qq_IfQge{H9MGAvXB4iX3_ICF%TLR*l@MkZbv7&~=iXD- z{Xfqb<4jE5+1DvDeJi{Eo{^lAr$LzHoMUs=!LN~sKUe?hoL(@UJifu1zdWh7esUSg z5ZiJRJ*?b&W1f~@m*IreV_OS1wl_OZ@D#2*O<|+-dzF*&+2_81`g$(z*UT*656$ip z^$;l;(k_zay7#78ypy&!Ozo$)v5&kFlkPufSGta$Y@0a~+~~2P?9uijV^uljX^=TBh7z#*oR%-; zJ@rq>kE^tv4M%lvfu^O4>{&_e^A$>Si&Kkur^bPO+R$j5?$h2zZOhEON^0IBQ&jS4 z3l|^RB`$JD=x9z&zFW;2P{NB}`cJ)14)jD%mDOFBIVHgJSo6UHmTmB+oIkaLebSgP zn|<7C2`%z*EBmtfsSi3jr8@wWc6G|1P|rv6dWL*JtL9JGqqlIk`?1B{@GtMvq*sV; zrTSG5=#?f1o9C*TJ8Wda2hj#!0N?BAJ+eO|*T>un`lJosOZT#zo_?kW^(;Gu9!DG7spm51n#X~J9vH2h zk`r#E?>Ws+s*UH4D7{_h9 zhx%k&aXaW=(7||bL9|eMFfaB8YWwNjQKDD0_zKb9FQz$S>#y3_9>#cgV!BYrDt5hv z9ls(^IQ>-5QJ48qOq`TM>KDon{YUhWv(VIJWZ0`ER`jJqXu@(^TyIXmk-Owh@IN9q z$*FEHC*R7B7P+ZreW;zZOov>^tcjh;Z5ghm3t^QXjjrC-InAOEQGx>U!F_R z7|ZU|ldm%sUT!U5E}yVJz`GYG$@e2){p5@+G}dkSaJD$`IOpP%JETk>(%y&unrgqT z)wP)&Yf;yvcv5vu{FZgi95KHwv7Dt!T%h!Y#_-djjAJJ0KX|mh?Y%&^n2BCXz_G2xan>CVd9i}31OfOtNOo@ zg$7!8<#lV8`&(OoWK}q4p+kkfNYTD%adLLLAwF=yF()Ez#U}TBo<*%l z`#B#;cNQ|ByToh$AosSR3G~x^$z5N^_;0bH>^+x^10G|fA~$dKM`|23+OzN>PiyU( zZ(lqu+O^Hssg~h#J8KphuC?_Sy(zE*-z4FYv{9Fqss#wcM77r+=GM;oH1W^0EkWkrbdC+~go}9M^3lv2sdEZQ z>E7|}I+fj4O(#=RCgGDyLFkC)AQauFJ&c@%_hy)7<@Y{((-aLw*8{3HcOdz&{BYxI zr`Dgntu>67{??nwv?dA9ms+sNEoI$k%gycxYlc~q5&5Pvt`Cr}u;Q537g}WECOtKh z$IM2V9@+Xjd6{ErY9cQ}P8UgrBtTksxBO_+p-*66uj)vODNI=6T78Zip)d`QZv<#z z2hfjnMX*55JXxx)y!kCh8(xk^mHPH^r}}4Wx4pDg%8gd5(E#PXt3&*kGV<+{e3W$c zt|{Kq7s%~Xa^vC)w&yYJtry?Y-=rVpRu_TECPJSe2g~%E$g4oUjwm0PyJQ63$$t%y zpOlujoT|+@J@dnfeJ8>@Wys@2=oA;(J7{*JcP`U)5_*%2p7?S;-#8wRW{$|EVy7-z z>936z*#f=kufG};CbTawBTnq_F=4Xx*E{HCpAYA7;{7!|n+3C^m*aCmj^Vi1 z0!_=_M?~*`F8p{d^<(tOmWd2N$B6e`-o&-CcHz7Ce*YTyXeiu23EvFDq_g5WCw++0_vgzyd+ixl$|*gnCt%alB3ovnV=g*&`HO*J3h>ae zf`DiiWebpy0nQ^5VuZe_+ zQ!GRse;avVr2<%m>+@Awrb2}>Bju7ZnS1|4c7#u_&=7NroYD+@o1!E}_e%4~*^Br(P?-@aPnQ-Ln!EIE5u#nIfrxEJ2JvJvjtp#o4EW+v)6MV*C)=t7$a#el zJI2sP^~;`|fqw{Hi=Rpj`TopGt8^U3hD0w!JKKk?g~W|>fS6@Amzgb@ap|W0h00mx zN!#kTqSiu>uG)^^mKI5>a$0}3=WNSo@{PHThn9bk^!~)!P3Z%kX(M==ciU|^EqMDZ z@C5y))zl27LK)IpLWVLD9y)Q_QOC^w*_g~SwlEo~E4ok?%n=8EFpQk_jr@vAE$N!?i&=x8oQKxNAl0C=-0qu7 zUvnjMPVtBD8*SAnG)ZaMnDm>2oH!wmO6z!n8O(;d89YKKZS{QJ2<@l)ZRAW&Shzn` zMu#S>Y45GI`c#@>X^7vfT&+n2qz1TX0g<#yrP$0=2v0u88t3gg+aPN!PUNz>g_N1) z);w`H6LI96TE20Cbq{wcGlFb}N3FQ_rbn07F))*V+)Ybh#sTIA7Ngg_nyqcc;~H~w zinR=pauHhTNV$!93+<1|2`lXRx+jn6HFA_1CQ1gFnO+qBl4l_G>h`0xHYRO@-PSIQFVrWCjMS|OQ)_U?S+h3gT z8Qn2w!bo>Nv}6xr>uH@DUnt+3wxqL5e4Bp`s&5DXZv9Tbk9@q!{{{X#@Zr``Oq^qY z2KFjB&v(9v=?&)NUf>KLbY}S$iSAGs?gC*ZO6G_p4Ng1cFTYnP=P5r|#k5ekM|;6g zzsyXd48D5PDBKjaL`lcYNb;7u$ls#J)(7{eP%piqXK$!=lzhp~C0Us*`&7lWABw*M zH4n>7548YI$>K+~KG=t2&NNf`D(%KT!l{%;v}pa4vb3wy@JOBw)xaR_!%{G$X|5?^=l463J6|l0hhy!?^9uZ?^DeH8Z|F!6o!F`G3arBAS1+P};d8E0ye1 z0EbB~?TwW-?424~sL>duN)XP`7WkAv-i$x(6V+hoa1!q`7*!Q&-_#o%$Jrrb#wvf3 zoZ}*V{S1F8%cclVcX}5ip;h-Ij`XL$(Q-&jZzv1Ck z;CLRMk^0y}IiMabdo5>@@8|b2{|EU$fvbF*5;s~Ze7D%RzL&b(i>%&7eZi}?-DT8OvnHFf zhxS{t&*V(LE^ou-w}@`qp~c?9w=D;>tMFU5 z1nnPvpAd?hC#(ahjkr1VKgl=i7SD!{53xJuOyGHZNoLIf-}PPs9)Z7)AiIue+hOgf zx*gN+lP~KxmHxOK!WTYc#%w=O#t9GET{B2FTsA2TyMnGS}or};gQ@soZPq7?1hWn(j@?MLLN^gvnz z#+-A$Pf>qpv{I9Y(42D~Y(SxUDz1zQ>G2M#tI=OtN$}Lv82z(yE^=PD8#&UEN5@N1 zT&vTl<^pfEIZK$LKu2(!ILXJ6{xYv3Z=p?miCDbV5vu(IR@<~&4N zwQpyT&6a%m)KSa1ymzQ$q1|;Nt-s|>FzQIy7x_!OlAD1}{<)kLt$UGJkCS5ib`OR5 z5eh8B!aSbU%2_F^nxKp@x@FVP<#b^!3p>tEz8LWoIyUySBdT~pY7S>FT6mlu2jMHd z2MOx5Zx@oyj~RJk5xz1Uk`rH@+Tx&BpxcpyBidHg+%XKPwkkD&c7q%z-J{v+OR=D7 zAqm>-V{*t*fejPBbBJ;ZgD{#tHILcp1XZ|Q7x;9?Qq|p38^gG)K|R1s#164D&PBg$ z?IA3Z>m(m$-}Gz4K|S~46}i2SjJrF!Yc*e-V|j+1@GHIThPC1$Tyfret49izmgIgp@H*3r#kRlHDf^ z5xztEqh&EqEv`m;WUOoElyDPw{U3{B(MEKB7_B)SS2)9hyX5diQhkFlMp{c&A5F{R z(mps$JNI`Amx-h4zQI`J&D_%5Ne7x6!lTq)s6Z?lajv?Zm~Bl+T73$tE%5L}pAtGtZ5wR_04Ey-GCsE;0! z+Dq1h7Q&--y33fc8jT`_L}n0Tnz{9ezC~+&oF4_3R%hCWq-`)LmM8=U)sdt6*HXNI z9&iCZeCvY-GEYnmG48({H$u|Sy#c)kNM3lt6hleNIaTT|eB8&F;!x94hm2n^bX4g6}Iu0+nn~wdUAbw(P9nv z_QH>or%2;ZDzD@_+*42^oOh8rGP6b^uT=Aulp`Hm=xrbL#ck*WvX`kqb}~g;m)!L5 zYH|}bB75|tKG?@Zq%*0D%yEeR*|kyGh;i4 z%h)%@JV8I&>L#s^1LUQ5N&;zp9H33T8c~QZnzlZuW7^sQ!f(?0cpa&~wncpipY@w0Pto+h^dYpuaGtuosiZBt3oM0NZ}M$6~f@6+)>z4I%WB-UnSmX51xh=yI;ieyhK<@B*b#%bryOq=1&Z zA7Ohl5*~oOkhL)v=v;6Q{9dJX3DR2>NBfoac{sgFSG7xC*P81Qnv${AG{D=>QBEi5Ys*Aeyg!PO3T|r+#=|-kMIXr zN3?;p9I}F7AsixmD_*BHJ`Xg%L-=k}Gd`@cdA;K^q;Orlwb*ZCHq$U}w?x&;g|FLQjzla^fOd zDt6f=`7#pYz38|-wEf5QH2kAoRRr!P-+pB}x8`{w%tM zR>@ayqmOIpGzfgL&xytcCR#d-^hDv5)%;)5@rBfm%vL_fU)CT!9_lz+Mw9kR)h!Q) z{6(k-)6>puv$`&QmGbK`+M(>nlkqJ#T_9JHq-F+)+>2Cg^-=1}_-}^^rafc&UPp80 z2>VsFe~)G|1TUDLOUW(p3177FSd6mcX0P_gSzAgQ38i^UZ%ygnK%X86FVj=U+By4+ z(gLd`bR$0@C$tQd)kQTrr7l!wZp2U;t>HDTZ`Q)&_KfA}tf_<^w42n|MI1#NN_%?H zR*!XD>ZPUC%wn~kX0B=0u%)Lt8jJ1ebkCwam)q{r*RS0>DGTizIk%&EzIA9mHmby+_lH^NDr&7sEb}Jv^yo^K>O@t?WV|q&4oUVegejCj@ z7iikPjdw!7hBO=BM5&}?8cuw<`ZFtXHZcoF?}5WPXc8}*ebV^8gbaQvxiWb_RPTvw zI-A-(TW4Mhk`EB-apde{P-O?@mhWlX`Aa{vmVRvqX{|)R}EWdRh}V)%-XIA2JI*HkmodeE;sL{Vp~&s3N5@_cQ8_h7PrHM z!_HX@VpGZp|Jc4ubSrGJoIiJ?cmlEzAc$}Hrb2xWn6=TmqI=>+O%K5kxOOibYuj^)HfHMP(q{jHKr(m9*& znns(_v>21O*^j5Ege}C`!lR{wwk?xuu_{{5+W(-P9_+t9xi+J_{i)@?s0^)D^!?W2F3 z1H=5a_E!F(1(-*qvg-daI);9y_MI)Ct=3tVEX3%KL{NzoYlm4PohIjO<;sRm_t@;= z>!zL;pnWfL1u7IEhjLgOnJwM6+*N*3%gyuK+}>6?;{UFv|4!+*RR>3h6S=PS5PgAb ziw1GMthKOlohLLm*Ec&RIq3C7#^xhqwO>N^9brZyrHy3B)+yjFk&U8rXx|fiH^Y{F zt|AqX5%e?0CNpEoh26AFsUU5dn(J@PPBCj4UuY)1Zttl7m3|=o!6nit(|yux%-e6*53KQk+TBU% z1T}#sD|3F#s<-lpuG;MB9j7>@B7a#Qp>z@d{%CQ%bo_coG)gv+Qu;$nt}-Ej?{@uP z3i6JZ|2j7tkvz>H->=|&8$#QF%t6SgcvbSDw4f(#N#m|fVRAChVfq{$J#7o!b9?Le zt(N-3>u;6*kXtUZhkD!fpJr{mBmHkP{+Isi_3R}+y*}D=wgUw-i83pGhKUl_zB$7p zr@4Jf+l+>}pqG}G>9K8u8OnA(I`^THU)Dfyrb#>FX9ynafin2wM1Q0I%)U9h8lKaB zP;^iE22byJdY_E*B%sXZ-fC{l+NxHAyj7m<<$p>nXS>Grrcj%GtFoMi$L4=fnqw;# z+AnkU@%F3yBi~?N%(eZtl6+RLtnF7hw|!hh{w@7gBQ#$evSL2H9@+Tk|8MU*z_K{D zuxECbUIhfCNfAUq_>hi*6&1w_Ds~Z3Q3L~6V{EbI#uyVzOri#Bj3t`bjlCD_H5zM- zi6xq-F~z9=J7@QUPh-l>E&u=D$K7Yn?#}G&?#wy!o;fpTcYm)$^j<-k9|Vn^$o{j` z0mqE*c>LKD|E>P>G2>OGj|+Si9-tR-33okVj4$7s&Ulu`>U)Hn$aettmy?Vu>!r9- z|MoW-em}xgd;I=cdWyW4lyXnZNnutB_x8rN++wYW7^gI1d|NI%r`ID!Y$-4Z=F(Ta(p%J0K zVUx%!m@cMxX&PU)FXj6AvK>@*4r82+WZ^81C9p(R6P~$AEEQjI9Lm#Yu5WoEN`}N8+(~qB51M)~bzatJ(w1J+UOM_!eU=GAx$wvxBvt=L(f&ePdB-iEhfU+{LkGdqvE z?aQw6e!L$zu$Zr4H~H86Yj&64;*=7Kk-NW3Hw=5 z6qWs|SSdE_iQ=d@b4Bq~Jh{0NqBPnS6Yk-W7sPI--ID6cDT^Gs!`GL?5zW+*dxmhyq}0q?2IQ|9qr$^vB} z@2xCVmhwKza%DN5owGj74DY^J;G6VT7=5=P3&sIfKn3bY`LKX8Sxd${9Ch%G$!@5# z9M%&#^H@GBVEx%ktcVq}!H~pZsL7FR9DAEhXYWBS*YjW#Y3x!ai*xuV{8PS?ui~ru z8orjVmY2C0oqU=3UKY3W4Py;Vv#8{T! z4K*+r8h9L550rm8^WooC)C$z>KSOTt3MY_Wht18#%5?>!yUH!)TV|(x zr~JqqlwX7wa}z$omn8~+;m?vp6%oRcMVJT!FT+JRYbXrDz#54fq6YXHEuvYfh!wG{ ziHH~Rtf@#8i7ZXj617+}kt`ar=AyC4VC_UZ(Vq1X9YsghOLP@kthdM(y;xt7EBdnj zB46aQBGF$IvSLvz2CzW_D;pw)ilJ<%7$%0Zm&F({h7A|v#5guWOc0aVNHJARWv_|p zVmkW=cvnT4NK#%Ic99?Kr2wF6AUyu6;;U@cSO~r=7RIVW+e83YBY~$;CVHrRm!rl6 z4pm5kDT-(~VviQ1A&E0)G%CW2>S^CpwfsWZi$L&uDn>idM--ov^3O%dKd2d3KfKfD zr?2$KMU>r_N*#)l%atKS>Z`nu-mfXUrBb$M0rZq>B|=a6)jsXZeYQXcZFL16xZ>XO z9e6ENM!lH^U(7K1q9$eepA7-1ThmYlH7!FR?)hx600%88R0V#?5R4Y81+TLG5Im`A zkhXIup4u3~!8c=w00)i10Ms*vNR;h)A&Ta%q^%)&tp$~?AahzG?&(FIZw%V|Pfw@+ zw~kcep?s6W0^z^8l#kF!sbi1>U)o9{WBd_n$O9~rquSF+{%PmS_%P_MaJfT^kxRy7 zZTocFdpb>W%8leklO9WwR4H9jCZ5M<+cH^}@@kY%`Futxl6R2&mRFYP(k_!vE!%+1 zBhNFo2YD=mQJ#(0FiN5E32+L@zT9ey+f&yw=9AlUY2v6IZ)$Hcj}cE~y?fJLWvpDZ z8gvCZs>)Klv>j+XLIQ%Z zAFuVT>H>Ksl4^?^xGF7r4;*>|izQM^JeH{B1&Q!RyD<=IOXQVp%LyDbex1S!XItS( zjY}eWDe;gU8wzr^!Jd)~r~xll$9UQ^+dr6ZrZXkav?UtlHLmr_%56;5w()oZZIv}p zOJD0yqLh;I)g7hQR{7^Bx%yD4z3{AZm2XKJaa+omCGPE37Gh9ura}5fYC+cJ(;*gh zYZ@48S__r2eL84Iaj03NtY}(GYA(|diR1FnmUTsGy~+Y3T`Kiy6!>o_3pK$@W2lAF zJuf7K({)hVy5O}jNGUQ-l$TWUixAtTyD6INxNSYt|!haGKPWcy;QK0+i(s>U@fwKF#92vz7%+TVe& zK~u{3k%1nsM7ZZK+Bk~5y1cfORw-RlE}qBd%raT7hck`xDW%RRNg2rRiy-A%rfZ9K zWtm5wXKWMYGOtOn@ft=+G(JH?(kN2?wWpO5rah@g*?o<9r8K#qB=Vay-Z)FPH@O%H z=jC1_#AhlPte9 z?E?IE1eR66D*a`gP*!QJRRlr@pdM;s<%BE>_?m=1RWepf*sisK$#t+=flpm<2WiXM zz?RL%^>VOkcAX3C+CF#^Y28(Tb(asEEWqjjJGVdfU&87@_MS7@drq)=hoVfwuvUWg zI~>n45^H6$11rE1ej6he(i(JvMf@JnXB}3Bt;eduIu2%L7_Di^6pYxkW&)!&8K7-> zTTp2|I$-1`52sbse>kTXxHrH|H2MhZI^M{pvk_EuhKE7S>%N2~VbtnlTu{@~bx`kl5U+ly^Ge{Hv}R;0)hrra@SfTPk)D)M znzhpntu~8wha`kz94QA_(UbK8zV?PL$VHp$15_}eKcLw`Qr7eJ-hjM@0Fr3-Pcukr zXW&vApry*C_|8v5#RMctZ)9;j&i zW^@IaGmSWl$0}Ro`Nkmg{oh)eL64TNEumA}L!YKYmu5hJw#CTlKfBZf?$!cA%igXR zurV2!oQQqd`;&{@XJ|p%(g}M_Nhaj6)M|qe;-P1=!57)58jK*h+7;WEh<{R6HLf8_ zUm9ZDm-c15wP%GuY$HD!A$}kmpr2{F$s*0vOP7>hkPj)XQo7_Fp2z37GFf)RnMV1P z&u4rldABrNSIV|bmy47-d1aYLo@ZX0jU$zywNC}hIkok>y zj9XdiRNOBW=i1;b+1_OD$PRh5r5Ld?r|BYdVLTBdsIZ1Gis}Xw_ENln$li)KtRo-A z2jgOumC6_w^HqGA1x8l`m?cJ7t1v5!vZmwA3?+kEW3;ssM$KMPUSYNvbsdGVvsub4 zW{=U=*%(2augqtT$_k9bS_4t#n3Q}DV{eAjBWZOeccDU1O1Vf(v;}Hv{{^EcoyZ=J zHjX9#8!Q*iz79s8uY6of+J;6nrjyD@xixN#l6QS}k$t3UkgI=nk;rLWEz8RN^i`$m z)K;wqv{dchM(ar1211`{tMLlqRB9vM%V)+H4rtZT*c>|37(7vLrUCE%;xaN+{Y~Jg zThm~?-|ufNbUyt48No;@5B@+)1rsWqPtRe-L>KM&Js zI?;0fmgDk#V|ZRZ(`)?i?@O65F4Ahz76t9kbW~K@j`14ha<83LUM`~~YEou{9-CbJ%6gUZYjP5Ys+QG-F|U*+Gu+P%=Z4}eW8F%5 z))o)MYIioq$gvuU#x0S{3>rimqm*`$9M_Uol(dWF_tqT|C+#9TobQAqX&2d}&I1r9 ztssT0AO}_ltALK`0={&^Y6gwk6S<_#V@)=XCD}YyWb;^(&0|G2k1g3eHe}malT~9w zR*Dr_7fxhdIFohZLe@n^vMyZ7x^N@w!kwSxXIUk(F+9k|@FW|MrU*|*fb^bJ8SB2*5LTSFvK=XAz za(0{f%lU0q1+#XWF&no<-NLHV++8Tvf6i&4}yui0diD_2$I&#>Dmd#Pw9- zdIREmL*jZf;(ANsdPCxROB1eFBd&)K*DDj(Ly7C0xE@AaSKyRTMkLPUb3hiCvgQ+%0xPj`xT?%w6mids!v1PwayP?-%=-hd3Y(Fi%k`N+Ev- z#X-#O9>PqoH@q&6qtvG$i{|2tID;qrTzrn_IV;ZMNzRG$c!mq&0`78AT*h^-U}o5x zW`?b3X4sBqhV5x)*pX(2U1?_612e;QnYY?RZOW|FG_@JCQ=6+Tn7!IkZN(hb)@nL) zRWsB!%tLLfw!@j3YFC`uTP?sjgVhm;nV?QW%$w?D$hVwZwx?NTN9o}K>0ha?LEg3M zIu@X=S2tiE9v{q{+D0VJIeV*Lt6wAUH|jSmjOLt!&_Ys(E1bBZ5LX0oMJ2A75m(HK zD;C5ROX7+ZamAXrVnbZ9C9c>JSL}%^4#X8l;z|YLiW70gnYdDsxZ*-waV4&}5m(%a zE0u^V9>f(-%)g&z3h_e_KP-qJR>Th*;ztGIha2(3llUQs9~Q(9E8>R@@uLFq!;Sdi zsn%0dnL=C<#1#wTiWPCihPYCJxZ*}!@g%MYwVT?D*${86)c)!q>`M-Lsw36$*q3|~ z|oDH3=1I)t4$adLKqfG7?wg9){rnPj4-S^VVKlgbuca?HCI!@uzG}H zA%tN~2*Vl?hJ_P`H6jcPCk(4i7}l6DtO;RQW5Td-!muF1umHlas)S*FgkhBl!;%TZ z{0YOVn2e4E5{CH_hE*l>@+I7gAZ=wJ+=?XJ;)Gi@2)7hMEJ1oIim*y0tcoU-G9#2S zCwz(_e6k>XvLt-6B7CwYe6pdIU`s8*j#`2}wS-t|2@cc}9H}M5QA?;mEg_y-f)llb z1ZoM1)DoPjCDi;Ke5yq)A&FXo8?^*?Y6+EogHK-661=G;_z*H#QA@C=mJmlRA)Z=7 z!f%kthgyO?wS+io3Gvht5`KeBKGX*6sSU(Y8;GYiknkI1@}V|hPtqSxa_>VDZ%@b+ zK@uNNvYudqNl7M{WJQ=1Lvrs!m=r;>ZUx6QG`N5Ot zB(8Q!ImH6t(Q_Ij0PyNTuCvNnT;~hr3;5%lSI#5mf^vZc!_Vg;_Ae=yST*?jT*iH` zC|6i0{C>Vc{7vO1=xyaT`h0%E4?VL05rF;bqB{Bm5h4OKQbZy?N<=~1#)uf`(>M`_ zUSont0Iex%f+mS1(7K{7`gx5+BlH?mMJo0?i_Xx~TU zKEMz$1gS5JmvQA0Vg$|^B}Re1Dqh8tj1^-+$BXfxQ^XWJ&op=)NjssG@UkJ{WkbTt zMueB02rnBGUZxUWb|$<`CA@4x^3;^@GL7)E8%b3clB#Bel+6h#yAo2S5>mDxq-;q@ z*@}>|B_U-iLdwpBl&uLVTM$yVCZuddNZF30DxIV%i=--pq^b=`RdY&BvtK6 zsydQXwI!*_BB{zIscK77l}++wPLgCs{#P9SS9@8QvQOE^qLc&h#WE*fEDMsS>Lfi1 z$&Dbn30KZ3=WwQ!m}HU_mE=SEZe2m%FO@GbMs-!WiZQCMl&>&G^|kUfW)p6}r>lYT zEquBnlsn2DW`JiG{=uMpui&c(%3b9yMy>8C_b?K6U%8L5s~;46AxC+jJYdnvkMIGD zQGQZ>mY!hBFBr#qs61q`%CE|=tb+1Ld4yb#mB;Wze4;!-pHB{5)e&64E)|M^AFIHE zo|!6C^#9C+8Eg)7VUC`ng|I*`&{9~U7icA{&~LLA)+}Dw2>28UJ7LEXguTH38-#;! zfbW^3z<1AulW;=6&{^OsK*B}1Kq4!OijZ|z;RegeUARNqDhbRM3J>9db36sU6eYai z!{#Wwg*W=FKEemjQ(07o9Qz8)CQ~aiC*QW3)Rt6uxZyj>B2Waf`XWdK;rw6`jJzQt zgw-O?w>sqc=0u)vPUQLKMD0zG|64S*x^VJ>iy<#KNAiMmBriBec)=y(dFqHdc*1(3 z9%uv605nCUpj|Z-4biS-n=})RMPt;YY?f=mZBwUxRq#y^IMD7I6qyav)UpWU7c1A70` z6R)o5BsyVVwtoSyysj)-bQ9gsBh3<7c*5?YJBxy!UN&ktN8});m*@rBTlB`2b44z$ z+*kC4Js?q|I(hL~6LwS={Y8J+6)%aGfE0zI5a7J^jdxA;# zR3qJ!Nm{27X`K+#I-#U>qDbpRlh#QftrJ69CziBM3(`8BNbAIr)`=&r!%6EXq;(QV z>x7ZkNhGaPleA7P(mJh4>$D`TlSEpl8EKsa(mLs+b&^Tz)F!QyL0Tt)v`%NzI(10v z2+}&Sq;(=m>m-oYQAz7mCwFWZ(5SRsZ07Miu6qo>6_AWh>(nx+M5nuerlI+3P{CruMinkJq! zO+0Cu1kyAKq-hdJ(}a_zF(XYANSdY=X__F?G_6U~M3AOwMVcmpG)*hgG}TDcG$TzD zM4F~GX_`#ZH0h*iGD*{)0e%SmsOn4Rsn}Z zy+*BlnW0(J2EMFGdh2?=m?>pXo&ejVFMW-Zcu+0fQ4n)$M~Gg>$GWsB+Rc0gl$V5c86 zQ#>#=1sL2K?<-{kJLTP_Uz7uI-5**l3L_(Fn5FLlMAgzPfYYA9<4}wg*THOl2h3o@ zD+KwhfZg)XY%v%^X^#2qo5O*wI}LA)Ptxm(IBE>L~9U@ zCz{-|Fe_U$Ali~>C!)QH784ywbRy9iMCTJ-L3CqYZm%q{m*^p)Cy1UUdWq;YqPK|N z%`3>x6F(7sEUBszwI=FF)HQ!Vze3fEs6WwQqTxiNi6#=QL$o2$G@`AEW)>9o$XC1c z$AQ{|Xdj~ei4G(>jOb{h6NpYCI+f^qL`#aY@`}}kL{}8$=J!-L5Zy|2H_=j}$B3RG zdV%OwqBn?sNAy8aks(t3RZ=taq5<8D%p8fj67?eLPc)clIMHaLiA3uVZAdh&Xh8oW zv(`j2iFP5{gJ>V3{fQ1FI*jOOq7#TtDn|X7O(pss(GsEyi7qAjDbaOAHxu1SbU)D} zzyNqPK&Joot;7uZM&{qAD%!Z_gCKjk|9AE|&`p*?dP;DhBXDYA#_i6dH%J(=hUtaZJq0)Do1Ka;T zl{ObA%j@q@Pw1LD&~h!IX}SUD`=c*Dl1*Tf*$h^~7O@rZTipta;Rrj!F0pUeckCxH z+!A+`cRizTPwCqe`u3QrdxP@)QhmE$-|p46JVf7y>Dx*A_B(B>wAQz)G#OOZ zXvfv^G-;`(U%#6EJR!1e;eH{%YTHoF|A~iYYWYIP>D%f0cA>t-bwl^EZJ^tUZq#W6 zV%DHPz(X-#EGeH2y6SOvri8A8_iX{2%HCj;cz^y9FXTnMm=E}O$Kg&rfMa7B-d7Cm zj(ZN|gZN-Rgb(E}^I`lIKAexB<3UI3AbjOyiz+-d~JkO2`@9X&2wk_wc=ZAK%Xp@KSz|AEM*kNHL9j-g$p94tL7`uiXiA zmpq@tZ#bk1`iwo5#v)M-Q?HnvFn2PaXujWKqvglelWiK>#@i0G{mw4j!O>B1ykB9l z(@dwc&Kb^cS1fkz>6Ynkj}OBqS6Wx;f#(^o{oWgW3M==hJlEIDw}XGJfbc55RZa!& z4KfcJi92*hAGQ#l>7((s=iBf*pNqcbr+5c`JKK-ZnX~K)yTR_VU%0}pxfA!`{yc=& z;EB8*Zvs#B4!k?Q8Bhr68O{H}-{$Y}xp=?*Q+SeZ2S1L%gJTB#)ALzHKAN_!>>b*= z@d>nb=M!mLiDPaN=XvlkwDsguY3rrue?!kdNz0E`L;2BmC_kQn@}nJ5ezYda&j)Dv zA?0*`K19zyRL}pio`0C0{}ny|a6SJBJ^xBQ|0+HIYCZoNJ^xxg|2jSYdOiOJJ^v;> z|7Jb^7Crw~J^wa6|8_n94n6-)J^vm(|6V=+K0W__J^ukcf2p4Tpq~E_^jZyAEA?Po z$oF0T0=N0ARP(OUs z>FI0q^mTgr20eYVp1xI2->#?c)YJFs>HGEcQa$}|l$gCsC3EBd&`Ug7FEQRMfJ}O7 z>5w@}M~NvNC8l&*=fY^fh|=Iz4^8p1ws-->Ro?*VA|C>HGBb z{d#(-o_-KL)gaiUv9JK~W;kq2>C2uE-{s*LADe{HvDs`P`ywN{`{}w&kH-|&+YUVc1->Y zI|gHVnw|5)j?wI%f0rHeLdU$&G0%*QYGYCC#aNk#HWu|_tW1u?U}i-dLwhk+_F}9| zvl{>ESlJ65^FqhG&@nIUm=|_T{tG+iKQtfnLdU$&F)wt?3mx-9$Gp%n|EW2D1#fNt zcYGWL|?f^tze(9m24GT&DOBB4F5cV*WEdGo?T>@*_Z4q_BFfCZsJcfckqXqd-$`=kL+jm zkUe5gILFJtX54~XaT{*W9pQ)P!dhT7=A#V(iy)=`*th6ux=MUAN^u#uUmx&AB{qV0HXCzmZG9xBsm06{I8TQT3R5Ts@(lR8Qf%FN(4V@z4DI z2Va6wloG^WR4=KQ)hp_k>Q(hC^_qGe-j!Z>FGza9KI8R@XX1E622}YTrNf_LP!H1o zpW|z~8)#2xaqyNMfopui523E4M|%VK)+wkvEeE`M;q5;at1T~p2cn&RrUL(;=bbTv z&e*_w;IVoL?-2dom9+DA!hcBK(}|aW%5N*n_e$kGE$N=t@KY;hHYnY2<_J&B^~@c< zxcL48{A3T()m8Wqz6)1p>18UYEGoP=--U0I0#3^-F}jjMPmlHmuYViJg?y_s06u2M zzx(9T*D~e*e1^f#4FB=LU!*$Y>=CGs6nLUFf{%DA{0^I657FXqUvSu6BS9Y$Zx z(T?SJbr^jcM|%fC<^*H#+U_H4wXel7_a6+S-M=@t3K`dU+>dtLLMa*Teg#n%6wV`U z3|8i5q4q-YFk^-+bL&uZ6mN7K3R#kFXk`d9iSe52Gg5v;T&^wP2wH>}!Se9RS22S8 z=v%VE&*WmN%bDE09|p{*z22?=ieH+}Do$Mf%Gzlqqn*1OMw>+&Myp;WLcy=7Ec3!+ zmo1-t)x}^}_K4gJ4>Rg8J)CHxnma3P(jy%W_U1USbhfBlm^-u}KP%GNP(j96I9sP@ z7Zev4^~lQ0i3~IZ$Vh8vuk_-q!k)P~c|CkHaSHv%e=z5 zdigEVa|#FMX6F?7wk{|r_N`xjG2glaihCCn<`xez__*0c#u%cIKhA)qgPUCqgUO*` z)LZ|_5=R?qXipvboTtvn?U#c>_v>H&xW3hW8$}vMbAMCDa5E-Ga|ecaYh^U&Y|r3= z;O+Mu#P)Bgx*|?aCzog)2^&JvdkU>+h#^ zQhe6TT5_m#!pzUQs|{v2pIMuibfD*0s>N@>U^VZ~BOY2v&KD;&f&h3ne zx4xfz>fREE%(~T^e?Dr{wZ4(QuTHu1&@8Lhj=N{Wq8FvTd^>f%UGJ2p-A|urI)1^! zJ=?bXT@Swb<=D7scaPldf2hT}3i~o=ZSSgVeK76h;X^aym)E=G(6?jslreknONo7OXb*y7~=bx)5e$8z4ERyb{@p|VU4P~8o# zBVAVQ9^p~H^!)*yBX%~u`}z#W>)*F>G$b0Y#km@82s4Bjj}3gBk1pN?*+u=IBi4on z^5T`%BtuO@LP=an%(y6Hdnn9%&iN+Ipr~h2A!I!~yD-ntQeMSZO*J$!q?p@u8`qeR zdz8;D+!cdtD|$&4?i&18FK#Mx00YPzXHiiLwyq3xyY=giP4#$e*rsv)d*@zk;P__0 zdWVXg{{0)f z;x5d#=;*ZTa@$Y3ABna^vS#7)cm6z9c7#r%ms&!%ZJM$iYb;i>(6s<-@P2V;FZ=+z|0GV z(PFoTn-IKbD#?)jG<^7xUvo0Ox>$!DY$y z^RkMHd~29MSZ+anIVwmHGsH$l0>mO?qNCy@h?yQ5M(uz4DgGjCdl=m1lUO@fXjDMY zDN$E{$|ysm_LLz;@hOMbqVQe?J!H9_LFq_?AzWq>&Q;5bmY$P6pfKn6N)}nc;2?9D zIa?ay5@Hi-#K)mc|1tXQtbVfM#F;^9w`#=P?7FT!@31gyRQsC!vzL7NMbe&-b^D@@ z54oE7Z7oBdiH(x#>5cYP4(16AJ$eM+#Y#%@txLla(kZL?6Iu#*|45BJo4ETZwA z83WF&ueSI0Pd)ot&s=%$*TKW){xt9I>K*si4}ELfht~qbXD<5IDJQ?r1E&V*{SDK0 z%nZ#8O|mR*a(8p96CnuEdUAJ=`Pik?Vt(D!f;0aDD7Nbzbc;b}fwPR|7Q_Zh~WvmS)wMl9zJo z%I&dT-`nu@z;}C>e*F}V9oxC$*jp#kD!jBZ>p;?+$LAOIIq{{z3DvKmr=`IhFsX26 zh%%xFu&t^=Dt8@CfNgH3*k&RIhKBM&mDSn?z*-4lZCuP>7o3P*J<4FMsl1M_+Q3lH zP{&-wE;Ga%VvSD#Jo_gE@@Z|r&7Wz!gmA~kZN0VW=Q(S7-R@~K*E~^eIjLgd(k8{z z(htNPXpnlxVshW8&!>Mkwe13DgITSyHT+)Qx5s)>mHCq|G&~*{;39f$cRW?#(D~(| zr626d4B57Gw%?)-_m<9YcyIRA>;n;#=U1!7KQ9ccb}^1u-Pq!G@8f=NZe4lx2di(7 zIWA6LwfVc!_BN+#PWPHtCH3N=TaP|${FY0KePV3E*_4$jbL;Lqak@eCQy(aOx%RrsEeymzvK#@6_Sw zxY!;drl4R@{>{5%Th8dRM5Hf!D&%1eKQ+rvynMg6r<+;KwDj9RIP@%(Z#0Ah z_n+w!{?`C5+7MeKAujyF$t zZ9MMA=JQXk-s$CaKd1M~b}yB58T8q=@26hxKQgJUd$wi4*}J7jYL8Gd{4*TSd^+mH z)&WUPN9-B2BYE%=53$;}Z$zKaPj*chzVkDm72D3FR4rH>m-*xPpwnlnKlsRPZRNt) z<_q0w=gfHfTu6TBxsNAYvbiwgt2ZiMzIh<==Q*OFH~Ir_TKSm0TZx zy7x|(BD>pzHof;?$c&AjSoE4((e8Xn=I#bBTPJr9?z*9_MSAAp3d7@zcm4Eab?)Rh z#}waq$8)*D#k^5l4Wl-hfX;IS#!`)sP1Ub1WuK8dMTx?$T+pkNc073zMuX{XBkTh5X#B)7=bD zqTk9cjK5v##piiX4W1wQVCc?_(+|Fi%oKA=4|P8`HKl0vmXv)}R-YWLEDIQt`^LI8 z%?=$-+aDG1jn{<5vtF;8@4C)`rdf;+gA_1lW)24X7ivmMWI)ZKS+BV z^wO2A3dK#HwDTD6Frabx;a0hBC5ltlw3A2ceCn8Xd*@Qe`U@A#wmvzn`+IhWCyd@z z!}eK7e8V3^s2M}`ECaiDRG28WVQ`;VwyS!U#dX!zW z1|MyYKEJ8u!kWe7et75IfMtW${gSfKYTNsx9bZkEk=rs*89v5;b;51`?-ElhE_8ci zwXw@H9yRqU^%%7-3$_Sso>u)9Bhjg${s}BKLvTq@NtJQ_#{LP6E|ZQ7 z`XWU!)gxoc#!8o&eAP5V6GLO8jn$7^xG9DNL!3#UB-D7VKkp<*7)FgW=0yLh*idMw zVmwCw%KdlxR}qFLWoIellK+YO_3F_zH@`TiuwPD(Tnx0JT*Xgy3!mF>EH{snrnjp9 zxle($mF?7lKb-y0ZOe)Gsy%}Y)Q{S*dSOMs@IiM%ZhZevl9|(oV@G`1ZT{+lTwh<2 zGrx4<#4SA*|J?29(0Ye+wtI#4eQR?4jX%C~bg1&p@T0fppKaP~?ABLX%uKfS%QW<9 zd!^?;_Vziyz;BNFL*cCzXIyfoZT!G}P^Dth$APRhPQtZHQ`b)h z)`TaoO-^s?nmP6QF1x_geYI=NGEWH|wfX1E_v=0Q_HMD~oo&J24ewUZ(qm3$(%ms1 zdc?ibu=l2})7TpC+HJCb{QB(HAC?_m6_jy1_}qZ%K_?7TqBr+6tLYlQF08B7v`w=D zFOQtz8FwT8M2kZ?J8!Lb7;2R~sMF0&gQs@tkUS$=nXt%xaEBfbXIxJnuxIldCH+s% zj{EG(Z-X{j7Pp?#aWG4*az0dgm<~e9^~i^^P#Rd$W!X zKYeubRU6;LR;fSr*;aYg&JlgvUz_CiP0rquCGUMu?Ox`(U6*e}IS;(n?A^XG?bB8# zeBZ<{Idn$-{&W(}A%cH=9v%dR&9k>#yAG zb!lAfskK%vd(~yhxcj-SKM(qG{=Gd3O?)3+&GLK4I^xrg}S+S>az)A7xQvWLTzrOymVb=2XlU_aIb?M>2uCMctX8686)^c-fWW_ZP zy;pua+dQ|{jJb}U7aS87w)FzY>yZe8Us$RABUaO|( zspt9CQ%}`CZ5(4vM6zZsxy$|Uakt4o{o+^6`o$e%vhZ$~-1q*qn|H4?)vrFnID6l| z+x;JS=O{`@sAjD-uv$TfcxM5%O}qLD=PRF75vM6@4t8ArN{pLoyIs{pw>rR zdY6kI^tCVi+ix3_|D!SS=N|Qh%dh#=1MNdb z?WK=<>Ew>L$5RD$ZuTplt*84;axxZH^$ry zeU)z*@z#9y*)KTvZnuAU|MvfCvMS|_`Q4X&;6b{7=2PouFCVf4tWnPK;Xynkr-b*twpWW(Cm^oIAmze28R#lt3TzK(?<_C=V&RVsxyqh_{ z`gZftsWET9lol(E%5RWwYO2n^m=m@H)EX`)GQ&~V z$``n|c>jpiUGG9OtDI}x%KOayDz7xH>RZjQ@=TLdE;Y5v9n8$Rhk1nh%)LP$_MCrQ z{)cm|xkII8b}JW~OPtS`v$>yL*)wN5*PBZ!cjog2<`VOt=Fa9nmmeYDC5~tAQ++7! z?#Oi?oBtA(QGVxRX2*GzxhL=L>3q|;)u!>CrE#5an2Pgxvv4lveL^2Dw(TFL4@b>E z(68&4A93DlX4Stok959hw(WJTIcM$n;Vm>db2F}f+1!r2x3~G9Q{yKew?s9x->ryU_#}O{i_TwMTF6HLcW9CBV#f-k&{ ztIUWi<=WxeTwPP{6E3|w!Byz$_saK4Q)6bhaHXf?QeU}Ce>YEhKIL<|`d;d`@|Vv~ z&#%1YvuWiX=1}D)kpB-c-c_*PHRlLRM2E10&z;J>>FbmC@o;}`sO*4w4fy!N)%9BL zTx(6P5ucfNoTq~oUo)BWEt6Fu?q3J1Ho)S~n|@`BxoiWB|L^kTznkw`^RwpPO~~~F zjM-1^&yQfH<`&IoC(kn$^TB&z_$hb|M%#H8%oT20th^Z9`dj+`IQYeU#MJ^LL#_Cy7GhMe;svd{+gH` zI_y^ei0@w@FW6RMs<3R$nA=v*rJhgI5A~s#S10JzcI9m3eY||T)ul_|z2-X2x1UCj z9%$}q$M*w#ehYNm4m~gR<2LmFHjLNjq4Uof>lr$l!>_NKq4P&(4;;G0&PQJ{kEq-h zT*e+*Z<$Ni-p;jy{(qY}zCnL|b06l!ORImzbtfwi7F)q6Bg`ss;=ilU7Ee#ZWz9>P z8!8_IM}_Srj*1U0b8gv2d55md`TX)frQav_xh%IfqnvD;66;p&mF?`;b6P)6$9eGi z1GMoTXsvSpPFb$JGfocx6T^KhJRQ>#F!258TZ#Yhw(@!CdlPzcU-YsZtFj-fd8VxY zd)-THa$djukIEl1j@+wnWX!mb*;eHR$n9V9Ib^nLB@qt?`%0;ahqCN}m57 z*UOQM`_rd8lDBHso%!-}RgW>y+;_bRoL3;jk44tjDF?ri>+`rmu7`8YxbDC;Jn7ot z^Fz5VEH2qd#btRb`o2bg{*$}x5X~L3GqE`|zpVwPyH?@d|E5iiy~gie@b|;q#Utq` z<7&(Q33;fm`cjjkgCm<)`Bm;yrfcn0_-=Wq^4P4lP3aDGRv&@x%1-@5o<9>C=kw(K zdp>^-J$(@Ot8M;lt;YS?%r~+p?r-i`S-|hNp$8A49@z%pK_~wX*?l0-bZJh$)O4Ba zFRI*=&ywdmb6?rI=$^GrE8j&ou~TiH$Q-NQ224=COL_K9?k?^8v)QQb@_At-0 zCOV9{c%}X_PR_e|-a;1M#q(=;KBb>O$NW?WtKhq({gpi5Am69BKaTqgsOJdzze3#) z=lU$q=}UEw`zx7Cz?JHc@ZCoSE~j6mJ*IgZ{#g0`=1KRTWSqM6`#wB-4cE&kHwBBI z%RK@kpGUpmS@k0N^d{3O?~*MmAB+)WZ2L}My0qD~I;rvbftGt`4k_thB}jt#hjxtmweiBJN=HF zs*iSDkO3>F$jaJdp_BCpW2yC`)`Dko_0hq@mWEPiWEZIK;Ew25KP;Wn8L*&S<6#GE zo}xF*L3Yl;1}pW3vAodEJr8629)+y@8#bEOWdCMv<9rxwll^`fpIN&}7U{FAHH_A1 z&gWQTm3nc1)@>iBjz?4WqvZJk=Clf*(GBLGdsgpiZfj|{Zuyn!`tmEz{kXu3>U{Z? z%4fOMr!DUELv5>F+PtmfEx*e3A=?ghs$N?+^}&}{a6J=j`liZ#-%Gf|RqZZ6U-|Cx zbCo~k{`KV-E3aLCw({2HXDz*=`LwHY9r>bn_3t~JJCEug)>=f2MU z-L(4w+WkIbqIYW%`J?3**Zze2P24}q{R`Y*viz*B?@Kd0Svx}h`!2t@jvTFhmvT38 z{~z41qr7D4`}Kb%gUH<9SXqP)j&z5bdu zd&@6Z-i-XAYsF>u&d94LllRW_@2T8>aQWr6O}l1$B5giNG+Vk09sJ_yI{07dO!dE# zIn^&bEY?aFReNSsdzBegKV$CE{UDh9DbupvL+8}+_EW#|t>f%Df#VGOJ2yJh!SlUr z%b7Yi1h0KqaNXe|bK6NA*O~3ybdz)QwL_1G-QMuMmpNB7i}x?Ew@&fJaVk{Sb)4%Q z$9KB#woe<*sqHq_*Vmmr8`QSr+(?MLOu@+l0;StFbP|_v6TumJ3XV4s&9-5cCYJUZANzQY?TI>gLVobsL=U7~YCPcayl z(HTDMvg@um+*BmX4Lwz7!^199yzYwf`^k4mJ!3eFOh;|TU8TpJAh_4PTt2}+{(X;7 zuk+%7nabE`z-hYMVjv^S%^hdxJGW5{?{Kb!vdr<_uE-+1#<`)@Im+mWhE}WH+;3}# zw;g9~uYKc9nOD*r3>|UV=>$%HHgy;sHRL!u{h7l^=uPI?9B^KIE}5tb+RlzDr77|` z1%os1x+|Jq^ZM)e+=R|H6Q>sj@eneIo~OER8E(AMal-m^Q=DTj_IF!^(Id{IX;FLoXI}We*oYp891<)<7_53Ro9XQdNqAb#kJrQ$w$GLGDJl{JG zHO>v!Js`Nl(f%=>w}&TghA;1Jd9&DQerfOd&hwtB0yl2>*PZA)!<%ou*+Ye%$)o-% z?CoW9Y8~)s6^=X776l2l0>x~wU!d74m6Y0X&MH)LZ*RtzXRd(qrZ*>7F@8dY0KEJ#Nk-Jz7)+q+e$*>tfPNY4moNX( zJldvLnn&{aD)T7PtId_9kFn`v%~i{PFpo1=lRn-&hV%*MvCF?VPc)AseUeSDF^}i- zlg$%IpJJZ4{5$hh^CZ%znQKU&Zk|l~4D%GyXPT#y;sYjqmU%kqb>^ANzctS`*OETR zJd5;4N&m(?*IY;XJo9YQ=bPt{zQFt_>Gd{!p?NN!Uu2%Y{Hl4eO08auFaOHC&8EL#-pJ>-n>UgEqIomvFPXQHzQeqY^q0*qkiOHV?=o-a z^RJj+T>cO9Zu3i|H<)*jzQ_DB>3hvPmw##AXWm8ntL9fof6cs`^w-S|r0+NHA^i>W zUeXVk_mO_k{3_{<=GRC+WZqBun>PKh`Hkfl%}2}!NIz=RkC_kh`M1oCq#rjQTK)^HI{@HorysX`B9z`8c0%HlHLdkf^cz?yX34D-zv`MCMi` z`hSZ=x7tLv+C;b7M6!%-MWX+=NThX8)2??~c3so9YnhH+vvln`rDsqt?JF(052b@8ukY4Dllit~BE`MLUMWlDZZ~A+j z%!*0x>g3Dc;e^SE^zP1V`Dt?xXOr}v&LPr!ImebanR`3ONiTNJTYif3ez#kG!ra%n z1L-Bsg{1d$?z;TA`61_?%a57+I~S8a!1)B2De0xogO?vMKkPho`C;=Q=kn!m zng=_NCcVsg?D9tQ5a$WY51Jowo=o~s=NY6AbDp()KfAU+O8N-rdeY0C7n45HdFk@k z&7+)GEPvHp;k=6U(avj@?=x3AKev33xypGX>DA6#mp7QlIKM>tSm#~KUonq!ZXkWU z^J~j@nI||OAbq0qq2)Wxlbnw&-(jwCK1upy=hLK5aejCCi{`1$ACf-J`ONa|=IQJt zzui2;`Sa!5*n#;H>9x*RmTxuBa{d?TbjbKU4XkyruF&(zjM#vV4JgTjgcT=b2xqyn^)Yl~!deSK0x}O z%5N^8VcuK$*z)P-eU(p={%YlSNPn&Jd&{SoU$6Wj>H8~xO!^y@&n=&9K2Z5{(hpX? zw0x4evGPBcPc$E@e3kS!D}TRyy!mkDYos5k{4?oCE8ko`&U~!$o#kW9Z&jA0AFo!H zSDQ~%Yowp7ww70!PvPai(%e)HmX9{Sjko>L=F`=D`6%-{)$#I?=4ST39(k*u=vF_` zt$w0g{Y3vi@Ds^@J=E_n+S@f#tyb6TwPwA#wzgiYu2Xw%)9*^Me6BUR!VTu~)0MX=zctgk6TFcDG+2NjX0S+{R$>s4OE%T=%) z=Ut_Iuzwe&XAU(w+~oHbmbG*oe%I^m4$Kw5#ql$Rs@hy%YuR_=yk&W<0k_05MvtmA znspdnhsL&gU2C@*@QU$g5TFPa+d*Xcquk=$n6{`((20>JJ)lrctA{f>x`83QhO5`xkD^-#J6}qG65(ukL#TPi%W&;yhcp}4ErTTyhFRBDJnoQVV<5!RO-UK8olT7+Ik1(^=s8m zp@1FUkx{ib>VQK_!rh`Ow6)#<1lMc8z^WgJGQny~!6!?V9u{mAA{X!NhcdD9CmEAe zS;;~U4np}<(xJLn0XYZdl&&yuO`_Wbc#AuVfj$;6i})ep2Mwr75WzkZnD7dOFG9Pi zct*@)Y|b3uIto;QNrlKVn9XLVYvr7}d3=U|wt@=lOe+Eh5Db>Xdw3?=sj#IF=ng`$ zzSaQM=@vuU;W;|b_(K3sBsVl6BDk3Bs(o;*S?hP0g8;4-Q$@2f3N!VH4oe@Exl!*5 zWq6}hm90jR9F~ddg>+tBv+qk519Z*xHi9H6qVvTBr#7Y8B}-R#gq*?qS=Cx@eQmC1v;4O6*^Wjg-Ok(1&6wwVra&ajX-Pa(t9h1JT6`o5?M+V_d)^mny7DO zRM}NP0H}u4T64(J3iFUNE5r!2#XN~?8Bc0Lf^5YR%JsS!BMnP|dG!jPPYpFqgJ%qy zXj;NNR9%6#o6T;|%D5W0Hqfb+@oj~99gBHP9$n3g>(Ht|SE)su5ei^nLuZ#(TG$nW zIrPLTPoq@;kx)k$li`{NjuLE@@_!*4c{dYbr)>PNP^00Vd9Bo!*HubwZdYYLQjyM~R@e z+iSKP4Uo72tT5@5tzZg+Om5kMtzvpdjf8pDZWP|oUno$1F$fG2?9+R`>Uq1_wG>hh zK?(-d%%d1UAyp9OsTl>dRt6DO+oqTagjGcVT{@la$(X0-*mO3ugkAgA zSX1D*3dNgthdvQ#lRL~?1#8EFdU~hO>*=6nzh9Q_^*m4CSJ|z`+x3&pEi(-yyCvoo zjbUx_vaG7zWBLLkL|{ow**TunTXFYT&6xhV4PhRWQ@4e6027({%kDNBBA`+0QG=M- zt}=GrcBct>)XOy9wAMKbCO$G#0y}HgXhk%dO!EvH3#A5{*N1t2W36u$u->n=>uWtg zmfF#}T1Ud&LAa5&W(yFk*Sp;=6)N;B#7SG2g%p@q3A`!#scxugVWJK8yQE5@R!FR5 zO0aW~LyS?>QC|g5}No}k()(W)hk`20vT9#}r^ZxHYxjF9PHc zu-Z=3SXho-f93$!8=XdF%_=Cgb~KW%D+WV6V|8QiT$p5+H`6 zNS+HJ0y$6}7(!Q?ZDiH>5B3u^2MrL;~HI2KHihVl@`u%hTlc))r3Ne6^YVg{Ee z;h(sp`9b(>8xpJfP*~u)o_85Gz3mdKno0@@YBhQ-7MDch!8M7EIMJwe z+g@K%D6<@j+8t!O+m=B|C%TOlN9mm4oAD6?8MX!_Vir}IfMlm29K2~_Z>&^F-(;Ur zs|^+ytU&0E(1~@XAZ8Vm$<}V)Vx9GsPob^l=qhwNdZY0YrmouLTM>kDvg^w4t{eD% z;CW?f*9!u^`{jG?J*zkNfqK}d|3!ziWI2_Xj@Ha&Rb5wv3XEml6~yd!4ovQ3y>sjQ z!ISeFMkX*a!D@&ZRhW0syj?5T`j$^fQI)}z9Km~rN@Sr~5(Ete#R|;hWr=wWFt3TX zuI@5^VRPNJ3fORQ^{n^tGpHpNSY2u$vECG69$HP0W$O_TWrDP2g?W}L$XX2?*2L<) zFhOWY2P6cD@+naoxE~5ZEK=3I3c@^)rfCsReyx4XLoA^iET}13;ap+f$yEv0B-m6S zF}x+_*+DxwsUr_(4xmA!+pNH(Vnk@W-S#}0D7FcfVrK{|%K2)M?W*{I1#DSoF%_>< zTU67+K5EiRuj9L7k6Z?H5zJ$X0?0HfP(!W4ZtOp_kM7cyI=lheVH%i6R*YU@p3M)h ztYVOqE6oz~1Q#M%LGU1SDiN=+4jBs@Sc8IHMNWFu!|LA;ym5PQx4=A2QR-n4`u)O= zD@%G_7zSYwl!ZM%3d7J3R@tq_A7GyP3zFRu^VA4k#_hSnJUInDtq-v&fxVI#+ig0> z^JaJ8o)6}Ew{L=Zn8mGr8wJHMW>HplSME$c*IiY?*x`n2H~Sq1li}#J`wSQ0hEG=G z57%3mT5ElkMrt(C0f+L;QNM@YMa^}uz&x+kZLGV1tke)>=`n1z9wVdCvHfVkeGFs; zM46z0!17jTiK;@FMR(sKowP~$_5*#AsFkxQQUzEa1j$+)vV4r-C(8BaUZ5RS8vP|?0 zgYUPPAih85(Lmj0WDu2F!;|RNaU@IN;RY(nsKibO|>=K7H{AQs3u%1F|V)=3!fiv z?HaVq+X3WCu`S;8AxqQhs!a<6%I&(o@A?Fh zK(c*@hBfocszi)1uc!(X_ATaF0!w1b&b0+wBlq?V{?gnis&4jXqVek^x!eMB(ROjbbYBt>*yJYQ2KZZR}|IMOP5U3W^{nr|$a! z*(qeH5IJNM8V*92DY1-9E2}8PUKhf(@F)@Mt#yfRukCX6ZS0_r9W8D4V_A*v0g`D& zzR9`~;ImE%lAy2H(f-?M0bTtbLBrHuVn-CGbQxCU@&jx3iOdW zmMFq^kPA6sxgocPR=Xz$^cJZ^MZ!=cEWrS7`e<{f>oU*qm1(or;kDc8gnWa_HqJd{ zmWH`CSn&eTzHkCq6x8C>S#w=sI9XL0{6mgpb7q=V9-erG%}42o3kyTjDXZ2{%8w+R%&T9fbmAw zu7!os5jOhGTF?<5BFhXhzCxD2O#XEQT*qKq2bdQ~Ni}}8Uf)vJ##BY3#bO0kP^Ed>dyDoo=t?3iCR}EaXZaqNt6TQfQ+UfYTD3d{{#DM!?7*D)m;V8M8t6 z6~H{S0$qgxU5}krXbk(ZfkIcR*=*N@c|8=&nk!%)Bg9h_C{Lr%ZD*lJp_)*nj26)X zkMh(n7J+$W?slTC76n=o?_(Y;E}5v}xKt#!+=Y1sgV7dYUKpa8z#m)$714DHc7=H* zOILSv72$)(D8iKHAcTl)`)F{t=l7rr+4QLa%L1*8u*i^9;Usn-tl)J6$784M`5lJc z0sw18`iT*E40-RZ4o;8N(P7(Tj{Z$9wKaeQ23kfJnx-Qs-nNx(G=O2Kc zR;zgA!~Y)^5P@-Nme@ZTA$5-8Jm-75s#r1}SiQ0NwZjq8|DsQ; z{gkp3jE&pnr9}mdNiV`VVYh)rWRh+yw%rZ?u3%nt&$ciR(ery4B{&1Xyn{Nm zp2UZP$Y37y*m~$<$ZG;?BV1q}C$MzNf#K2C0^rfEpM-f>9!j zf@F`Ge-)(>2ccA0$(-t51!R65n^&e4c!&F?USJ*yVG-|C%!6iPS(WbCa+&~$*uR}y zV4n8hP76)uz%vKX02rt;1jUFzcE8Vr$OM75NO#W^z&r$`5f+#SuM5l*)NwAV-S@;! zjb<;zZv>Sgl)0VQL#yd>O(gXZ919j!idkD>;MWFO9J%d0VhMRF=1~rtj?E3Brf{p% zS|@X_6Ju2NcmvbOA>ND2r(zyCY*Tu_k9pWz%{Z2qOl!@id`G~VaEBYBt( zj4=8v(<{Ih>h_UUzT*(U-V39?-|fcqL~BHsRSV{m`h=9a2rzafh8?g7ept-&Szrj~ zV1|08{9rTa+zxREs1d56Vy_potd@j3kVsl+_b(~7jnNsoNMaTSU;K9-T3F9qhQBSi>9)~@kE z$ry~w@-!_=$H`zI)GPCI57{AD!L+=AAlWT3&o1=na*vm`DmFs=*kT^eMG$U9%zo!& zs?Fnjf_cgPI>J0yANE-h;S9h#chJ1`4>n`WMH$U(J%Ej#1``hT5*@;_yI4pzyHTut z*_!|$@&3w%i)3)#6?WscOJLrxQ%|(oZ?qHK+x3{OMOx|r4gvc>EPt_|8n`6b8EduS zezRDoBl`qti|1MDx_Ad5)|z^ZL5RsxyvL2H074U3pcZhYIaSf^;cMOxk~J%DnvD+v zh+XSp)fFpP)W5Fj+5_LcuINUfn~H^a78A4PfHEc?ZXpC4EhNio^8wFE;wiFo#}J(w zT5{o@F?1Owzste1ULmr+Fh5OkU!kZpp(*Yb0SkrIU!xf_GKdPi#$|vxZa{ zR?{J#%>8Z(!0L@}-63MV7+o?^6=)^s>JW?&WW``u+~Thc#Yi19tMDD<0`%%s!`zG# zo)XYoq!P(XQx7W1Dus{H=AP>lp{j?8*N+n~?DbMG7SRCS^xQ*KW{(W(KIBVAsdn z%bE_i5xrsp0=y*g+7h*+Pr_?ZPHSTY8AHOVBKUqx2w5N&p@5xMt0?OSNfO6pUKi7? zM6KdY7||yNQKwO8lO7f!j#ImKElZ{;e?Dk57?h>6Y&;r{^1&**bUwCvV+*jd4HEia z^r-MKT6|I?7=gZaRcuw-7)f#6vOpJsB{5~^`mW#gx8wWqm(|h-bPP)&TojQDxORHN zyt2D&o#I35wG#RPUbtQj;SOmhV7~EOFpoV`%p4Al3G z*ccsPo|-NLC|6)w=_T@@L3mh1mt~KlBu;g&f-tY&#g$~ec2HKAPR1tyw=3q!b*_9yB#kSJ2jdv40pT2ydDzDniU;x_v*MWI;e~XSbz&! z17j1`JH7g3l&3*=l!kqv3mDjscJ7GT+z<*_L~GZ`?DjG^j&4VQ6?w#WaalRULRG-T z2$gC|?+e`*e&DdcY{L(zV_Yqpqf-xheIVs@%i09X18n&KSQlU*U^DZLwQrAM7XYyCl`AC*$pH%_Ap!h@2Eh#GK@6a{^cHGq zF?6$tp%LbRLvA-@x=`NG4c%JI{)Plk%#D3Si(AA7BQeHu=$(XlvWXSZtybg@QuR%k z2Y0-n)^~9#Kn-QUJldlzI)}s0-YLcycYL-6f<_HT12a<(pim_t;$c750;gfm$71)bn97xc^SU~siy_zp-;`Qb%1$Tlfpb^9QpJJYDQI~Exy+1^j(i} z?yWEnMi=jy;uTm55rF5yL@QTJO#1ePUP_XSC_Pi%tANbcT&%io-9|94P{c@rZ}%Z^ znh?Ja<{^ZNXT-eD88DC8^UR^|dfiZ%hk2tAxUT2rIhY3y(Zv3dCx-nX6qwga85!)n zW+$_lN7sdzs0|KxHn>L!#I!ih!BGm1yFRkY*G@mAhBWh|zMF$b7-Pao z@CT+~f5}5;*S-j>1%LwcgiQbk3uO95-zdqX!0H{F7;KX%3=+aBH;?I>CKg7;diP`m zqfn?+ifN`yVr~-D3QnP`MEFjAy(;LYpEe@attc2~;#bpCO{jLwb-_rep$uROqR?f$ zP4d}eui*s|<^kNE3+7=5GBXMDB=IL>o-pL#bR6EaQ1)37f}pU-PQpAiOnVy&>^0zs zEA#q*V~JYD8`Jm5THnud|foQ?(#JePAKoMx3{oE>JC~_r;&4-x3k)? z22mf6XdnP6*qB(itlq0-Lh1Fh>nyu2vGZ!+N!`n!WshReXHkC;5CAMYY@s@lQ>6X6 zrt1)V4_)Xcde|VI6>r4PPRxOO5C;*Wt7*Q=87sVH+GJ4}M2c=lXMau&9VF?@!DYD> z_1EfBb%jWFE)yb48nh9rPpxS64W}$((8?JZxlX$Sb}CR*lmWy<7h*n0* zWsy6K0~p%jBrLm>fy>H8YK0WrtASw5r=vmCn+?!CjG&Wf?n{F+HgtVz5Q`w5%)UE< z<9ZX3Vigg@=#q(InjD}$4nNt45V&G7yC6Xuj}JKLf$wcRHFDg*dwUe_RI<@Vq!P)) zbf7(Ed5vG*NBx5|h(whedx19?go(!=LuU2ccKacAZlC4|U^-j6J-q4|b|@|akHe)_ zOIY48U)q5W02)ftU(lKPK^7i0gLffVG=xI>YW>d44pW&u1Hx>8fU{@jCZbbUEN8 z%YZK>=7Amu#4t9I&v#oD3+QBon_@*^Nle)}KZyF#(ZR#{Um=H&6y`N>sHTB1&(#5> zlCTv4?E!)WUIbyC0m#rAEOtBr1GaAP>9TXrB*xCZviBRAcCm4=GU1_`U>=X#ogt#T z(Qgckh1ReQ<_$0`X{p~}h}oHHCRD}7kLznMswd17v;{#U?gK6Hthkxq#A7CVCBJL z&_GT-W~Hv%=(&x>Y&?ql8*=EuC+~o2<_$DB1!Jf|EMmn>=D;0eRO$_x$syj0(y!~#HNSaJd#BC!_%gh|5M7aujf1lZ_jn!2)FnJwrSETJSY zL*afF$#~-lTn)X%A3-6WOFOgr{gml~$e%n7>zgX!R&ywjg_4XNn5@P(z;*{BH7Af_WY%oFM>_r*Vi%5*+!>I{9!OYrj^i zfG?e+>_q@W>@I3yE))wu4U7WllIMdgqnHgW6p^$}rzjaG!(l!sa?+zTXQf+&;!T>- zC)h=sGzvFYAs|A2*HiL!6W&9!A4j1jSh$eZYIoQZn!1pb@(&yJ~|Vy zs{rOjn!uP{g?XG4(P<^EU0nETF;AUmrbIMQ7fy3n%p0M1i+*ENVBV-5cfq{6-DL*z zQej?7RbZYMfO*{>|06<2^jm19MijUiMV2}@kui(SQ(#`Uk9jM$708Ed7i$K5mo`Sw zAUrIhWKA(-1)`ItMXWQ=gL$};3e0P}4J}b34`-0wg-A-wlcA+0JrSASj{~gIV#U|c z>tc);mO-ZI_0NELNZFZ#7li#pnCBJapNJdd3GR0oi+1cE^JJ>q4<+Ue85y>VTD_4l zufsGYD>3Ltm`~XMjAl?^UVj8-i8oFo)Dm>VTEU`(#ZoIfbF&U^^t{IA#$=rI7o#-j zbJlX7VpRpF2RHv&~A_=7W2e+aalPuZHQ@jzdXF*G{ySYEjD`4 zmVPJdfO$CZIAww@s2u$U)vy#?Z8=KzZNOGRD$&pJIA(;kvZ4P2b{YLB3lnUbzQ?lG zpNyi+_s2r673R5&DFIlI5SApRqMlYM?1{+zpJnt|+lCr=mdW549qaQ82~BJP_8sOh zEvCUZ!?s&tUeM?N@eoINo(9c91Tgv%GQdA(juAgNNJg~Nqg??Pbh9F%8y>{;J6Sv% z6_}@*yfA6{0T>B2U|xo+N>l-|9w*va?}`e)3uar)Yc&)4Oa_2L1Pb%)iirdaVG)R6 z+2H#C7c)T-;&?b14D-Ce7o9~`rebfGTGG*IQ2bXUWDk+%619pqSuTa7M@5_Tun2>} zWIP%llpK#2^Z8<9qbxm{Zf(vNvyD}DtML}|Y^U(%r3aX&lT(CMf4N1;KIY}1@I;tb z5LgmZb}k4LH#t7K63iPv#$q0#mxmaXJrAK=0lR9h*GW1fJe^=(7&S5I2Qiq3T^|Jl zMuUAUkF^4`kw-D?+D4|$Rh;bmn8)LGcMRrjy3Mf;4YvE^cG7JQ!8~gB`N3z}>3hOF z9TgJhvDD4;oMWU4Lz*ctFODsvJp8N?8j2;NkZZ_knsc~nTBpAC0NIgbVMpMBR*VAa zeHluaikM|f#KUXAx}$+OGhGpz*shIY63)mbtWW%ay_o>FjUqG?3sfx9lQ2)O_m4X6 zW1bzflan4&cIM!7ydw41>L7&eHJBHMlc|S;MZfi7mN`>kF4Q*Bh>_tAubcd)rQ^qJ zvr)buV}?kN@d*vutj1qcZFqrae_JVm~&~pQ= zg@B?VUDraHL^E8~~bWL7O@CW-X z)M7U9GR#acPv98Y;)A$Za7z3KmLu|W&ZVdy!9rpcv3|RGvN0CF+U!;^5K+<$!U5wH zNrE$6RYG7e&o3|!Duj6nm=^{~tBKv27MQ2}Cu5#Y1jkHh1?DmDaaK+ZDJ02=9o3UD zPbZeO2dj`~sg20lPvU6dSddZ2= zV|x6z_Sd-BdCe{xMUjBr*Fp2LyBv|z*_ZAZ9{`dVCrxbhQIZ9k)8lBuoT`IO%$v+c zK4uv%#MVd~4a}6jm$7i=Kohlex>NLS+iOmBfTrV4J87>u#;~OJpy_t~;j~>Kw#LrUjlN`;q}? zXjfs9DF&|2c%K@2>{*>T1X1i}{(1vdx82U7D2|yBaj?h&@%Imto?IbE90hirF(boX zIlOM-UFZg>cIa@$COID<2A|M`{XwtgPM|CcW_bcbdwx?SB>^m!T3IP}`#uJK^U&7D zEc3Rf=xVbGitJNu;cq+;KSLBUV{O+Ua~y22B#1n1eP|>^gScEWQ5AT-B)}U^3B4~E zEIX;2bZ0XT8FRb@O9SM>qesDrxp{TWqGT+r!S6ti+}SK;gtf8(ct_YmVS=pECmaIU zd*f*`2*VkY>vv%QcCH7V1oWDfu$K)2c13M^e=nO3|kgMi#7E(5RFvqy7Mez_-pu%sl8@G@W*+xjg}gp@>C zzk_r!)eO$@1#}f^rLZag)tB~b0-VCwJ z{Dbq#%Qa;X*k&6&^aI}0<)|jrtDmlfE(vct^xCAPxA~X8+vgtj4?{s z^x@ch+1()EM`QdNc!D5d9)Nia*(l9J=JX(mCOTcMqm~8cQOshVN;6a9HOAoq=21(x zH^WP^CPrPw z0@n)6D`dJzC-^=K(QPtgpM-gX2{G_>#{1OJXV2=)A&3$$57rq1E3$sBwf)8%BNN6F z?dk7RE8`oOr){DMBg4Jp&iMN#U|wc1kNF?V1N$EaMB`37hRzw3<-x`v3Gh7y&29+h zg?S>6ULnQ!{+e#k+})mU#zsbaNsL^i z*mG$bfq6ML4JZ-eAe*I}kJtc@@b~#ScCHUZ5-{ZkG>*TIMW+A&^HQh2hC@7p(yK7n zWJk653c);<$paa07W2Xs`)gyEV>t=&sRV5Jj8^-bbe_V*_G@*!FyFUV*{#M~ z%(Dd&PApI9f6*iT?E=2&jfR!6$@QBxTNQ`=hVu^RJqiL#V#?0N30yvZ^0dA&^Jn{D zUW=c)j1w@=3w6-E>@LTGwGZ5zVJ@OGY1U+Fo@7j5NOzhD3R%SJ+z_)7n?_{!TN7=r z;%*9q5z7Y-0)!#Eesfj~yFqK-V4>CZ=KO_&)(pdv+M|}&9rnDiJ)|o3#_?Tn2-BNP zCU|5OX7(hIv?a?db>Tohe~cdCJuVu1;#%*S;uTm55snV8d)F*f12Wy`j892t~+C75EXdM zuk%pUoMV9a2K)?_3?U|9{JQM~8fQ>8h!&#^KaU%>ATG)xSj-ZQe@HRw;FcG*jvn4z z41(Pa?2RUCwgZ}310?=z4C1hDC?>J^C36~XCOFi1!xEDm8WgcvImAL$fcGop@D?TX zzF;tR5}UnXUIGqckl<=l4xhbmim@_1HDIeSfgyRDi<}WoS-RowpJ5BdSk?ok{3x2l zSv;R-<2YWh(8S*t=IDC>ow5qSJRY(If`fX9GI4@gr@qGHkXeAU4)k}xG*3w;1)ROX zj2&XEKlqjNc9bl}Lo6quQxqirnE99)H5>uC%~>9kQ85mtd9&b@_)izv)74IftzSIB zrJ#r{*B=jd<{YvOyQ~pG?QGDD6P5{3gNRS?yUAPW<88u_W5N&>ksA*D!6=Cbo#rr$ zhIAdEki?H*m{klCVMvxEST@A5R9 z7>*Xa8BgdFgGie+3O83_HrtfHZdR7u+}zzgynEep zkm5z$;7f^lcshzVYJ|PnLBe-imGo<~3&RQmOJd5-CD|YxTrhvOYs}{Lf#GBWI}_6k zgVK+{yk6PeDAK+`)SqJy=NQd-lc{+EU$NMuESck1V~Yz3)jW>&lRW^+fNI>aND=A+ z=JB}O-(-9IXxQG=p~0@d*&BN8dDMhG96k1X~w6v+CfYa%;U%2+wjH*Uk z29~;Lq!$dIkUj{eh;Q*8@2rBP9EnEQY%D$FdBP;P9|}Rtq8w>c-K)TMO*09GVbCJ- z3(0VG%49;eQLLEs6bpAC+uy{pD&6NJ1RradMI(;u)xkP8$>t-)D7Yo&c^i;=#t^4D zbNV_{yd9BngzqKW+UBSrzuBe(njvlxSe0?8uHBn6GWxlOzp0i`XC2wz8ihv}=w7oq0$$1( ziO=(?5GM)5A{M`7&Z2FMO1&X7ImCK#xn!b>bG9wQ8%_zmFBnXD9Q}PTD#a4RbJNE= z&9n9>PFV`BPAC-{kECcLb}5p#y)|Tnb5=GiE9Y1+Nj}L(tO=rck_?jh=77DzEi6x* zn$d_=Qy32PW{JZB?_$Y_i>B@6#TQ$x33%&Sm*18r^a0de4}x7hB9@x|!``Ucc;~WR%bS z1)k199Oi=-Hu}bJoQ#>#^K{N%LtqgbfeiR&B7O?mYK85oI*&6KDMB?l#7Ql#y9MU$ zh3zdlmwLfgZ{)QXvBkU?WSMXRsXgiGbW1PJIDzX0oZ(qv-hyUSb*nWTGDPEXG}a0? zPOwB2X7-QM=)Lk03gp8zUYKa9U&KK=)Vo#8<01}NfvD^%fYYrsWD&$^31ScPlMKUn z$~Cqz?JE|T7XuJ6`*8US-t25+wON@ogjmWSi0R$^Xc zF>iY(!oea71dTXTC@`1T%x-MC{aPX2QI%9W0=19B)sgmcqQG z9}f~(j7LvSJvIgWxb4TS<41S4N8#S)G-EDjLtsC$J(`6J*1S12h)J=p%z3;6$Mt4R z%CQkRFD@&GSf~m@bRKUwCG@^vFy-0QbhoyIc_~gUS9^qU*j6!iE>9yGTLr0PMYXd% zq`d*M8nE1qhr@KRF&Gc@H#;`cLAtp$oF(Zt3r+le(HMQl-zRawI2nU^oStCUL;w)u zBBP(PX^b0?{l8?)HALKmc^q4cHUJc?vn&M(huB}+voV$v?6NX9Wj+S;;%PR`S{v+# z3ySFmP-zzp3l{CNXjO~O_Nji$6FQ-Y_3O??yIayiVIJHWj9Y28F^r%F;oeBcg)NDP zolOq5fSAs-wLA{S(<~izTazI$AH>-EB5(@F?23t`_@!5d|3D#4IUj5lR{2Jw#bU8J zn^DXL3@Rk8IKvmm~C190O9wq6Y8?Yun1&TD&vWMhCq$)*oKdoCH2B&`;o-K{~Mjgn|E?1Wjg zF`A@o@}Bph*J0OloZeRwrE(5iIe26hHthxxMhjbc7SR*@tVlHeOB*&|bb*O@ zXB9Y{NI-UqwNhd2Wx*&LY2mYq1Ezk(Ax104=qj=@4_jHprcK+%e$7m&W zhWbexhkiOtCqq`!;DV%>t-v<_&N*xM&?Gv(JsU)w)+8+{#()%`H#fkTB#XqNBxsR& zkQ~lOiQY`G_gLS;dGWbqqAG|y0Aa)rc`?l(&@xzdk~?yDb_O``G8}3i)>@iGok^M( zKl3U!9akx~3Q~#3>hPg4QaWVm#p4TG}*{T+1AczBg+mUxi~fBF{`F1 z9U&@gPJ~l{5P#n|3Izb1!;$-czL9`koOPgAVQ#9B~L)ieWeI6r4)zG`gS`>|$HL21rh*>sBMstA+G*4F0sd|u#-es!qzBYQ+POlOC{t}^d%zPV9`;>~;^cSu5` z`i*8P?dt}=)#WY_1 zeM1JS48b;}o-t&DQ9Mg)O!0O^P@=(bxO*hU!4gMkhkgcqi@>2h{c6nJVPv?&Ywcxu z*+ggT0nzaWK3+5!aM*Nv!?+zChO$|5_>m9^=>tmnfn41%oLc zdt+}0sbe((BKbqMe$%)!%LX2%VX@`7pQh;)sf5TQyOVsv$|h%Fmu_Lfw_mHN=B4yi`vkp+iI#o!< zq=2(G*`CUH1341f!2a4@%<^1=4(1Kw1=9tFT{<7mhn=mdZ00eQ4C0+>r{GkYuvAL6 zsD*Pb)LqccDj%86s3Gzf)4jtIVi(UH12LX;^1;?5ff^nz*iFdfNyNk62A5gT0J(Vp zBc>a}!L--Gy3~daKp|DwfLB&ANWhTkcsd*w=E7j0^TBFJVLIK}(T-|~c^Fhk8hb=G z%;wr_D00%H1v^@+P`ugP!oFo%piLTOLunPZw~rh-yt}~qdKzRE70-`4LN3KZf5^ZXEB4lr-^MvY*m&W3!qRc+2U=SN-6dlUqg#FU*Ij%VrY zZac3Ij5+qU#DM6*B;TF@u5r$GpD%l&2<` zn24l|OM9I$1PEaiQ)eMLA2(uZ+_hOMRWX$G6)_Mv%QTd)dD21Hk8E zm0`v@-p1KzW?$$fCbQj0oeZY=hOJxm6F4^186hxf*G4bv3gKt@HrHaHIN}_{i1TZT zxvx0Q59013$9tpL)$9GEj=KxRJkfc_Q$w^1sb>s>@iblJ^>&V`6S4)qm&sXY&4Muo6!S^!D59c$+duO_s>Th;zjb@`G$7b8Z(cUQK=*%!*$kjb$ z7Ge7)PFVY9TU*0hAVC`8!iTO_=mYR(CT57?QZ7DIAe!1-=K=k z@!rm2I0ATeEOwl3kFhtiQNA_Vnsg2`70iZHOukWec#f$me&m*Qhpni{8Z79>Cbn_J z&-k|I=NuEiJdT0mW|%HIqw&rxgBl)gjW!oU>|>10VK++#04-Du!@)+n*qV$MZfA3r zZw^tZZdU|u!K=c27!L7{VGvCwh1E40aWrmA4Jpj$M|O9Q96D6`h_Mct0JOKEu-Mu= zwtKYr%wFow;q9$eDBkQGqE89xT(r4Wwz#`{{H$YpyGM#P^8Bo`ZhQXuw>|gVvh?w@ zFSvm3=dJQf=XW{ks9%;7rqivhqkJj)q+J!hl%2@)jm3oTwyHy0hqjMtiP4L0Uorn{qy?J>@u z(Z+m_QOBpt;Uv~DqaizA-EQ979kHQD9UgEq8_xG^f?e6*>3tuk!oS$C3e4)UIj{-C!QDIVs6 zZsLS<5EDE`*7?kS?kFs)(tU4ROK8O&zHg3wtis;5;wa-cM5l!W-^Q84Xg1HchxN{I z#II}#+pI%o=bSra;^l}l8hBbw_AAGII40E#&SGSAFgrWZ$Hx(lHsRuAg4!GsJLin% z>qm9MJSS!TQuwd}^ zm@VW*bo}^inhqwoZKIif_LldzM^hdDEm^v{qqo_FpL1vDoW02i&p9@cEk;Li=S=2D z=i77ro_!bWJAPt;-~60uE(iZ`8=u%Tjs~EY zn1R8#iMXj_c{CXu-KM{T`D8lW952R)X6HcRL@p33bBAXj?_fGQym5G=dzABx3))$X zr-Nggb^_ho|>^i>=wp3Y$)KZbYjl zg{`f#_V&&?a-{T_06VM=@Z{OBedz2HduJ6n>CrCR4y&-EH^+C6g7vVAHfeNsw`_55 z@7!}voPAL8oOAB@e~Ekd_^7ILZ~R$%&n+{P%uF(qnM^XX_uTK9WG457WO5~30s#^T zmq@^XSW&?sg2uwJY7h{pwF)h*9IseWLj}c3D?Nu&+vA0vqV-r*j-?)YDlKiT(o;#^ z@7j|f_Vn%N_xtPJGvB?}UiZth)_R_2t-be@DUEe?lc6iCn=?}yYwIWc^FE)%BLvuz z!w+zIk#gK*^Td~ICtP?UE>|Gr#k~?$JQ|Ny7GND9TfoV}OlHpG!?@8?K58eb`avJ9|bSh@j2=PtIEKws;| zT1_r?og^hNVPLqW;s|srSlmY}HhUGA{}z|ID$8_KStAZ}S~B8!A-7~Iw#IG6Zc`kq zX3&{RKB!I|#mQu{P~qzQDP=PU7ve&pC_mg$E(%H>uQC#plwyN8&uMP1%#+5>No+Hc zz`+%RA;oV}VhVXfd`I}i47fBVZu8C{$#E9;guecd|!1!hcdR-|zUv!;wN!|L!6Cf+bP6 zF4rwvc?sQ7uJ)^`bz|anfo*VOz2$!&Sj^>*TiMcR8L0mYimS}faTLm7uDS8}i$ifQ zs)w@!zN9tZk5X2mWKp>~9+bT?(ifgLFXyKsW<0}qHy($Prg@9QBMH11a{TRnxJ}Kc( z_)X;zuPfvUA`-8wJYve$l!P%f=q`_NSv;h~&r7b1l%QJ71oqO%lqyu0+v@jWY?Xph z6IhIp8>IoOpY$fO<0?eEJQvc$zB<|Au}iU%Si$SWqBv4aX_JIpZ z(MTu)zFs-J-b6f>;Jt+(kqDPM%gQFlJiO2X+7vGH@*|e0h76kZi5w+USbohOS(juP z#(HQA`H}+COiZSjPS@5{)uhvtA!}+{TUuJ1nkGZnHFUJMv^F+P_~(5-jopTL;)oxC zKq66zn{1x&8VaZw6&Id}B!#1X+$&L)CCU=DR_kN|Ckr!~Ie!r2#^TB!IEdIAX?pm5L^O*s$OYhpPf!50qLSSE1Wm z?3D|>9+Sy!PJ6(F6+(sUO1NFvyor%F&+e!zDJh&PS?ciCMu*K+R~UC%s=c|`JMZzD zU4==z%afl(RL~!I15hJ4UFme%o@IZluzc>po@TQ-8dXZ?NpMln>w~Pvk5n;l5t;kAc7pZ}^7T)^T#Gk3;XcJ`=B@SoSk*TKJdIIB?9zk7It zVRyolljrf;c!A_ZAP@>QOz~iWjrT^(EPv;~!Uj|@`GwVJ8K@CZ*B0#WwtHiE#L@2$ zx}r%KJiIl7>B52#N?C)FCA{@z5eN!Sj|E$hyb)g_jKKnWBS8vXTT>nkwh_4kv3QE3h#^~UKSJ|gKyo`$@s>K&m!~io zaHAn239~<#ipnSrNIVrNP5Ah@>h$=`61eMPDCL~~B2U7dOa=o9t2r6H^^; zQD2j*WRMiW5Cub=NdlV`;G7*NE`B5uHPw7{;$4j&;0{4)5FnMKw5-0ax+d!rIZ9QQ zPfpZXmsADvU zYHX;*6G!|Ahan5&CYvMv?t%#yY!*aS#1bLgD^aD((&deXg_8xGEX-u)f{}zLvApJ0 zCsFHfy@dA)l_Y|-2_z&3vA5Bg9c%a*n@q4{IunmY%YyzyvH)#YUtSTZi2AY1rV%1N z6jwn{5$5wyz!}1Z6kkC@5YLuCfCzdkFvLL9k64OIT4lLtuHV|qm5dHgYf;*5Z3>z4 z5qqe>Q&jEr1Z~wtg+Z(>hGOO-C~fQO>x;7@UsIIlgmX0IZ?NP5u(0>@OKC4`%nj^K*XM>$OCEDZj5k z`4#yK%Hg3rSOZjq`7a7xQPjyr5(p*5{8t+M{MT5)XLbI|=gyW%O>Sca|Ajn!P3Vh< zyAehGyGJOV^i>A+=3ofQCM>B{#A1m=`_y2O$Lse5z^6F?P1O~{Th&L1!#(f3eR+OwF++JN4iu&Ebg5q#-s4QHWOrY!H zF9-Y{DOex}^XGR@ZL9FlZK*+^{EG1BWe)IKZmLU$6QQV&S5Z*5z;hxrHC7(vE)`+! zgV#K-D7Mv0+FOMeclNHGb%3B{Ti?+0u*G8i4F<&@P5)M?L zH~GV5A<(Mi_EdO7{;HaA+UKbPDPdC!e^RQhHs}W*7b-`t(!mtSEfNC%=8F0oD}tVQ zpezy#q$1_v>UeuyWh5#=LdB>b_tnPZTzMO;Nz^0?rl6~oN0O+~n14#DAX`(xKoY+x zh$SeOhk5);ohZv(Ay3rrEvZey6 zdP+S#o<*LkynhV$C{K-2o)aj~+bGYS;ue%=hxk?T5%D|X zLGh<5QY}~Aq}uA3Qjd^p^Cl^hfCvxj=TvcuS&Eo?4|m z>*URUr#$mKy`IGr<*}eVMVHGnI8h!_%A>hReMKg@zdk)j=x7V zej0dZTp0fkS~>Rbv|_xOmW>B#fZSsb6OBCx*L|pkPW%Wpfj5hh8urJ=ULHF*_N@;- z{NUEJAD%sX_Jgx$&c1i{-Lt39{_^ZQXWu^ii?eT?J$3fyXMc9~Btj_1nar6wqW_GZ z89(#cnNQw-{)3M``1RTHGuMCcPw)4f*>GmwndF)DnaKOQ-~ami_Y%Fo?fot9-}U~+ z_xs=Pc)#_R@B2Qo{vKc8yO94ow8(_MIR?$s#En7<0(Je@016@xW=?1!yu10!m zX$1|@I&nAp(sFh+8>E}r3id7b5c>{0z@A~xvQhEp;#=a|;(v(mh`$v7Q+!kWh4`*` zT6|x8Pdp=jApT1HwfKhWJbQ{gO&S4jKUb>oZ)=f}Fp;at>%{HG!$wq}_CkGXglZr87xX4Ws$>bp~`N&TJ3Q~x|6rm`^C{76~ zr6iS6Ii)B~6;w%8R82KhOLbIF4K#%ssfjYwOfA$(ZPZR3G!^tYji%EKnn_(4hh|eZ z%|R>8qaNy|`LuxgXdx}4#k7R_=_*C1En+U~3LJ-UbPr1i9u zzQP`-f2QZyBeb18!S-Wx+{M0u_S!4{h&@Vo(bw6x>4)@l`UVZt2z!_Y*<Uf zE9o}+CViVmmG(!QE3MDz;NRJk^bXz1ZlL9yK6tx>X6^%hte`K^x9Bn2OOMkdw4a`& z@6Z$U3_XhyK23+|c{;?5bS>RXTeI{-Ujy|Fg4QV0)YsdC38s7Ytge|ercVQZ-QL#P z(wu2(oYGKVR|~GbGFh4cKN0Zzu-yvJb>cm=_{f%4qgIImqj-}uaAeP%BEWM;X68WM52-6xN}*5;Fs zutjtFV7|A_w@@BEub8_Ovnr_Ecco6itQtm7E zjAj<1`WE{7RxISL9YiWRk zc~q0V>2^C|GUn5Yb7LC2f3lb0b87hsm* ztQ!?jPQ{A1qC*~~Zn@95!ne=|8p?F{@y6kGt+elqdA=EQ7WFBuJwYWsU%1P<*Iag+ zFpUbWAi$28(x|*mmHVm6{pH)vzj2;6=`3&6`DV=9%2W1DL`d@1X`=*^&7iy1M)BH?OY&jj43}+lz1I$>-Ay zHlwE{5y#-ua?r=N%sH50Tjnk5dlAnI%3FH+4hpPgA$($BLj_6A+c$ChrmVe&+iQI-qpXl6=tU+n;k$#9 zxjB~!Bm-rDNZmLO0K)h&xL4J79Kl5>kX~er(RUx0j{lkQ_q>8q?r+O?xo+PPy;n!SVFxMR}};n^K5v!kZIV}~F}_iihcwr{&#+J+); zy{l2WXT&RQ89~*J$RlMVV)w|vh`_V`(-BnH2rl3Vp*2H-c}N~QHY5%qf}6g4WAEB8ujyU2cyaGFiN`x36`6?}FCe-g&#adgtz%(K~0?^xp1W(|Tv`n$??}#a^EF{s~y{wu}bm@pER*qEXG3 zQR-c^xbGliI~Lw`@4eLGnlb8{*EhP)wQ$C0Ckz>G*bD=?4i-|&!dQ%kumU^8Pgfo+ zw(e%-o?`2iD=a4NxmU%J!9WPhZ@4*o%P(KJ8(Oz+2np~clw^2J2!>Et+Tce!e*X^- z;V@*cslo?j9{#>a#wiG;)Be}J#4qKStAclZZL z-hUP#jgS8cxQ6WGzXv~V9d8xdgjK?OqK?%I-zVMpMOp@)aT<8eS>QKkgGa0bzuXF` zqaWOF8+hcIuy3dLVA~D3WD2HVoBoyEiLj0T4=eZ|CA}P_8sMcyt)r%u8lUvv2E&yY z#r-R21wYgz(1oZmDr+I}X?H_;PzJzF50cVD-qXKLWRQV10Q?$1hETnMDDMoBIRoH6 zAK?oSu3$U9L^?oJ2!Dlew?p=}-w&L_m#fy{ODLjX0S~W1BQvNLp-aI*6Kk3@vj~wy5TtR8PSc1Ys~=B+Bnfo4q!F# zG11UEU<=VY*sX*4<}#oYSOviT=KVzLw*yFf{W+prklrmB0Dd>Z@2zH{+s+UT<2u{` zAl_l5J$w>Cy0?dcB}8BD1Q6!Sj{z$nq( zZNM5}H*gF$0KfMkFZZ1y`WgXYpa&Qxx*z@@*bE#1;12Z^JqY&) z;r<}pAKVX|Btn*HcLwMt+5@*ecLE5r=QPnbR6qr=gy@?kM0@uE2($Mh(YO4-Oke{5 z`)|Dpd`$Fh2hau}kKf(`wLt^XKBT)3aqk-jP7(cc9Owf!6FqDM5a+|65j}#m9zobg zmH_Jj#QVrAzy+d55$~hjM2{idV~F=LxIG59$KdvOCjkGC?*?G^!~pOy(S8|#+x|5G z-1Z*_J|cQj1(Xqe2kzgwNc5B+m) zf#?S)-wzP~%ecOb^jdCUI0l>q&Hxv(D$>(tTxFmP$N=5I0I&wQ6W9%)Jg1KVr+{++(tj7> z-t_~>z( ziOw7$`T+hvI7IZTJBiN1&#%#LANCRb*Q-S5;O88!zj>SJzv2E{xSuxyi0Ajn;|0X^ z2M5s~*AV^b4AGxEfl;DQ;OEm}qKn6g{xXy3f6fy96>)rqxGo`%v5z3Vm?7sFi3xqg z#NEVHTZpOm64PuTrrSp>=QJ_>8DfS}V#dwH@Zx5cdx}`zI%1|8VrGQ3H~{#`2duEO z>43M16#{mIcK}X=Exw;v$!=n(UX^EiMuU^Rd^J;#8Lh8Q?6jB=VDl zxx5Wn4Ir=O#{q;(Ie?kKW&mlW-X@kd0`Q+k8fo}Vze)_`!z$uH4}g4C90kr1t26_M zw{iopA2>;@N(IyagTQuT)n|y+Iso{qMVz&t5vyNCtl0w9jr z2s39LvAKQ3=E1IKfLQM#V)K#Se7G$*LTq6-u|+!I6tN}n*WXF(stoWdv4JvT%iboo z{3Bvlqg+?R&)}oPRx|*(t~^KVnhV5Mog{YcDDWAvFCmUE!F=5YVyi2NU0(vs1U3`9 z;eOy4u{CP|+^^XMAfIax?^@ud{ltdgHna~o2_U|8h;Q900P(Hc0>J;xgTOjsx0s1- zfc?fhfl&Z)-?{`?4GaU@fztr;e=Fj;%}8vx8yEoA04Isv4!>V+0ASvPcs92IXNcVa ze_z>6?9KzgQDS$&?rvbD1UL>LzxNCh+q#|DwwVCT+mI(bq|fdR1F#1l!|weE_>9;N zBY%RTeFI^?`6__$--LND;@;~AP-oxP0kC`MGh+XYcppaiN01Nj5$rM8 zJ%Q`~II$?PP8JwxmVCB$Av*q4tI!@SCl!Oss7|Gyw#|AMf`5$=QxAifhB;1IDNBg~JH zk5>pdN$e*`|KD~Idllx_W&+2Fy*^Cr4a9d+1t6ZEtpYX>`}YgPPAwt!=EuZ-u^B+P zUm(q293%E01H|50L+qEG#7?75P9wf|5zl)_>%CWrVP0To!o)r>6Z;k7`xWkgh48;Z z_+KIXuiggE0T+p#g`czV`)j1}A>#ND<@oRbfV_Qp8bJF0Wduq9#Q$Gyz!G2`upM|5 zI10QIKo77QxD(h590CyLze@nvV?JX44g24IM(iVmJCFSQ z4(0qE;`=@PUXXz@AOmy*aJ#Su*bM9<_6L;b4=B$cbpXQr@f2{D*q`9{Pw@LE`27?7 z{t15nv=101_A&hb8U80_HtIQwEHZ02x@&?k7RlO+pU*>PrBa^>+eC0N5G)zy{y| zfH;h1pavKKwgbliq>&4Mxjn!za0oa^@8vx|Xiny(a$3_6+uptf`{M+E)hByixKpD^p3;-K|T>!!so&-K4!5#CIaULR)3Fyg1iT8IC85X+z)#T{;8EZd2~HgVJ16X%TY!B4 z^5R5V&T}LbBcH{{Q*jy42O!>J#90itk`iDhFbE6-_X7uj%tUxD#_@q$)cCrINI^Zb;@Du`g3IRNY0G>jSk&gT^ z2_7R*10XHWcHj_jh6Jw;r~qK^g}oQ{UfBC!?}LBv7lQ9m0CxT`fINZE5CQ}sAAwx} z@)0-*Tp%H62FieLU=6Sfc!h+J3TOlF1dfvs#(fy~Vcdrw1&#w}Nr;;YjC}-?562Qv{@djWCFbwPkkbeAQ5)vq90``gBz;O~v zRX_;<`_h@fAb>EXNTc*45|W5NiL}c01E)zS*8vRx{FUzo4gs$MXMxX1NLc~crQu#t z1}p)#0LMwFME)z|z$)N=0A;Ft8@ND1)h-gM;Z}__YY;~b(x_Pn901^_Rt3Pl7V*}? zZ|zaw6o9aG$WtBe>s}?H9_IQ^U^TEGfS(345C$>;%G0n0*aE<93euUf1Q-VP0!M+< zz-J^hmH-XF5?~nE3mgSb1D}!5R01>rOMqcuFK`q%4SYsIrUYmJdI01nb0-PSuy5TA z93o-HFbT6ylQ0M6g4Pm~mhd|gNlVU*UM1vcnNBNe1WLY^e2tmkdkz2cvb4ox2>~g# zD>ZgX_}!)al(6;Edcq;lRA^RTgSIsXyBmBNvtG>EgpV6(?S*1N?$x@*)YSCu>&%j0 zn@k_SlsaBsR$$d=eWh#)OT*;z1}iJ7(y79u#+1bc8NLM%q`?<>@FcU$C@YP z;*E)-QD2}F@x^7WXw=wMqEYQ&Lay2&k zyqKtf704RDT(x=lfGl{V=7^r}ArS z`;`O4oO~yg$`nUPh?RY)G5~sjA9~ zQXy0-f?BI9(>6D=YfG8Wi?74G1-o0cfv9c1%2F1pb~C2wYAjCFOYZtoSMQv8@tJtP zM`u+-bAi9y9qOo*=P#Pq(N|dH?pazMED5{u>W1P_b$IGxqrs>cZP(}v^+CO;f5v)1gNMn3PSN>H4z?vl z2rb>#+T7C8+>&Vy++O|kl-rXXrrTXl+izF5Q`4of^9n$^sL-qWFZGX|?+1Zq4d~^y z$>d0Eg#uo5*|+WMg$+Z(YnWdA)$0xKWN* zCT%9Kmt7jhHZEo(f-%vC_xL2+5|h`eDO0L|v7b*`OkO7(gqBM)l*J;9f~Di13Oj`# zVeeHfb+F;gC%dC8XlDafwz7Z~soDK4>^n{Dn@vm~VFnk|;%%#fR>fN6=2lgu##3c0 zl$)z;YK^B=Ra?bcRaLfDTh*|t)v9W(QdMX?jmj`TBC9 zd^jh>LLHtKxus;|6gFkJ8sp!Q@e7A^hE5|IJciCviq_8d8N1S%ls;9;O3m+`?>}`_ z|M_&%{O|q!$CCZ$mHvcb>-b3Cac2G(NAi4rHVE%YBW6w*e5_J>oa1uGqyFpwHqqU( z-L4wsQ;o^tb0X5(tE%mJOpCsU`6HBv?gy$u{{ul)hw{XN2?Db>ilvT7m1}x&vN;rP ziWS;Jsgj4i`Yx5n?W-?XZuAvIR(CYduPp4(lheWSdGf#J2iygJN?_A`TVcp$ITD&u z9>|+MJDiE*l^-<{9>xor9&75-N0yZZr~9l?TO=K*ZS&+ueRjX+M>!5(8JpuxR)(4z z4Nh+aVH7(5rG5QPXS6M0g&ZgAW+WEcm1`r#iM9FYWkL`eZU+dYdYs5;Q9Ifa*ilCo1ty z6;o*qCXtPc>?M&sE3(ZZ%NLi6H;E!)!0+SvGHE5Ppfwrv%SF}TKh9T0kPoK3qC$;q z&p*sp06VN-LMM*X(Trtd$vq{)`ns@Q)!N*CC&fo7*74^emEyF zM=94d-dn-jg`upCtO;|ALgo_Fh7>|KVOnWq)uk-Ss_h_ug?nNylg{4}(Uj=I-BC|n zk$RfSfiF+_9I9#RqB>8sJFF|wL^}LB(<0&NXjjA<%oBPr{IjfTWKa`{L5Oij77bA?>3hLWfsCEnLjpDEN(H9nJ(C5B3n#&=mj?kqAhb`w77 z*>qctJ$-FyuEUT`!^xmPW(zQ)Co;uYhE@wYbw=1ss%NpK^$l2OWPc|;2sZb8tREAZ z^Ihlb^(M+_cNDp4F12HA3KSio4@#FFN> zCT3B)kEN$BW%K%96rnxh{5Ix)LBJek!2JL2VVBuNT}2qMpTo5P*Gvu!cs!80^qlVV zV9?1psrU&SZq9Izu8AuGp2H@o*k>74OX9xha4#X8}GPN?n$nBEMi9Xo{VWaiHe-UKDU; z$^}dpzfNpTiNy*O$pCE*DIoy%%jeAlH^ImIMj>_E_1E9V!EVTvDuTfZyeMGe$`(I! z^yo7jwJT>P5;IrUPF%BX+K+}JwM{FbVNDuIBk1r|`P_T8-_i<8wKr-v zX+%O3SDcSF0{@744?UI(Hdpn(4xY0Xq>oOTw)iZ0qPD+w zb)u!;=!+z5La?yC0z5{A0j~_xayp;YY1Lmrq@|o_WrqTwlpJ;MXtda4X@_P?{<2)XHf2 znf4>&=adHGhUd|`TDviTfQQUzG#D-(%Au}66j3U^U^w?2qQVs}2AauTGC4Zf^yzmP zd#UMs6K|n(ECwC`hV!vlinkazfwd=6ycv(5S9riLh%gXMzyoUYM4QLv30Ckqy}A*c zbhbq?x{DA1+0R{N4Q@*!T+EurmM|&R=q^h5Yz1=6;VKI{wWT@!RHOg;>jjm+wYdpT zv8GBbvo%I_a!zN)?MNn5CGKbmz7K8JwCG*V{1r+)SC9XJ{RZ`1L;sp_KjC2yc-V-C z<>^opY6nhukpXp8@LTkZ3z_9GEHqzh7R=js`X2H<>l4xae6ibttUq{tPyojqto)M5 zrilw7Fm4}-F)7CKVoVpSa}-ro)&_(69Xg%6igs4=cq_|vyqe1vIBYwM@XiHv4=9(K zVi?YFigDQ_dA@c^5)$5fDPDV7(FC#ynCSj~^C>QyJ;4 zs6NhSYqVSr$uiq~=KNq`mt4{A$NLj2<0V#4%u&{A_ZtJHm9FaU3TI=yI2Eu<&C6Sz z)n$HNzGZe>M?LRGGxg2{URU8Xl$fUC`=N&7^43sQmsRI3Z3rZ~YGi!sN;OC4RK}t( z1|&WDQXXXg>oQGYf$1zP&lXd&u)0PqcP-2*=Tpr5ddhtMrmG-cyqkhxhT7rm3S9-c4CI53 zmYrnKo}xA#E@+vzv~1zrxr@er%BtK`>eANJ7veV$ZzvnQSQ9lu+O_g zrX7&_(Za<#^qFElwqfu)lX2(rJ0niTI(dGcWhcI#NL{%)g&K4VI0c~bc{zDs!sy4# z3gNVNBsL-MgQxC?1jR=~w0r?)fKJbW?f<`m5O~wv*DW3S(jVS>P-{{>%+G4`E%zaW}DL0SQ5nC(uBE%2}kgB zN`iJDPVkPQj5oMCF(&Y-1Ec!IOf3c=k$0d4B2$-Xm`TGl8d`|lZr2vv0zo|KzT5DC zK`?l>PsIZ#0+kx_cH+g2>L9OReCV2H26s9ZXm+Y`e+U()Rwjj}^B7l>=pU$${`0AR z^ogw80Y(Yc(Vv|exbO&8RRpW_xqKO{_G-X2O->Ks5SnVP`Pvd~{j!-Axz1)^{oD$> zvvO|DO}Cu!H9$l+N)=&GsXMos6|VT^m#Wz;=BSuA#c1}|cSVEUEz!Lv@wRrmAwH|# zR}xP<+B%i-qyYr;%#E9lnz7DmA&c%d|Jqe_nr znSDf)Xqg=xdzQWE>7JU_bRT?TXJSrQ@UF*R!h}R%1^8HX31gK9Qhhtidl3`;IbPu@ zUS&C`qf$zR*OnA>Nc1(X?nwGj~#RLeI|g3JK; z(adE>hZ!D~9*}MGz(fa7=8i8)g@x(~mO#_{|)6XpMtTY`sT5|~E3)xl`$P;_dgD^Szwc2$-J z@@lRRwpU2r%8c8Uj(c-!Hsy!#$tx*rlgs=?IYrZ1naPjOa!7&v!g$b~Q`8EwPmhm* zUVfzXr`IzE|K)*Zk`d$64sShNFFuEP78|*h=Ee0Kx5xEjCW1-Yo#Rnv5G*06z9~K> z3b%-CHiRnCvWmBsgoPza#wJ4JdNE@`@EBSU4QDBJgB^ode=OtBgT*t7K^Ck1saWbrCY z@!7c@?+9mqe(k4X(~6mCqqF65FRWcq?>^&ebY0O6_r3meHp@}jGsS4~p$`Vo2g5V3 zzX!e0W{Ay3FN~oVPK6Fw;mHM^5X4h;g#GgTyc1hS4U8;CHFo0b@@B_k7|-CB%NjpW z{F?s8FFvBJW!>1VlJyI6ucVofdGw^AflN@P){u%c&#F~cwMwJrPj}%d-)9BUD&PSC zNE8_3)e6s`he_zB&1h{ZO7_1Ndo9Mmj$BFBxWDoie4<(#s0`Tmva6kA-E7p!V)u2u z(EUP}G6q-D9yZRtkMy)unsJI+t)N!t=!9pRu(kMESgW2b(_}OPB&7cH7$y}KG!4NL z5(xM!3sA{^I#$JTZZ`AJ{zBOXGhPve6E*5*RiafTsxd_nkL+1R62U$lNbw+}3@@RI z@iXhzZ00_$C|&XkiqpSQ=b(JmYMVL~sC2T?v2G`x(fqzry!({$6^#FhZB)j&1l{){ z<$#R^ed{`zgWK2MTt9i3l6xC>0Xv8H#|zRp<-uC-M3z={Iv^TDRT z%he4N6N}1L0%a2)Z&a93u3WEprlra0?JcXF7PmO@G6E-?rLz0OetVT+Qt}gS@pk4H zN@exM-pbNwqSB)_s`1L>ibNafY~96zY(^47puIcY%I` zbEoftNdqgBYD&L1!P4}vy#(w2wG&!*+(1y`TwD@^Nvc*+vR|QN_Xa0)dfBmrzXKn- z;z>q#QuI@_R9y2nIpT2MD1=dmD@7($@`b{8e&ZU3U8GrUjdB>?tc>d}mMJT?-R=s_B}%^tF$yS^e;JRh27tE^1pf)jtQS z5~uOEf~v1|Y7ghDpj3fg`7p*R2c3SAOrY%w^enR}FBjja*XnZg28}_5cNp8yab#mY zn`wYyNMo>S3~CK%8=uv(fyd?@v(?DDj4%&b@JUA_;X_y&i<7uEYmIZC^Q2Q{a)KXI z#MvTIwb8NEcB5^RO~kv~Y(^|RH5-~WEsB;QI|VC)Js;-#*P2gQpsi9Co*Z0N%VK;k zKCV7~9Ou7htvJJp`#KJWmBl>JS9!EP&YrtPyQpZdv_in*HjkZXS`qGOZSgPkx3qSI zeUV5%*!zbM=Fs zGZXrDuY+58CGL%f!T zC=6kLjP=KOGfWNu&|Zt5tA_aa0L}BX4fB(gi#D{y+S9V8B*z;|JFEK|J+8V1b*)%? z)B3AAO=U|)7AzQ9Qf4%pRo(a!R8Fw-noQ%$Y2gw>x7w7)mzdFaIUVi<9h&j9{v8>Y z)yxZo?}kEJ1fSbwHG{mY>nQ`$;>F>*8Ks{VbAPbL?URyoNVnhZwCfPcKFm2WrHYO1 z#TH&Oxv;hj>(spR)VwOv;I*=6X8z>7`4i4`p%(c2jkziX`Y_O-GD$J66W|MLT8oz5cdV=#8`-*L%hpIDCnv!cFS=_%Osg06>9w&1ca44H-c6hC71*WU zftz789|bMM_++5Uj7uxxL)Usir_WXChG@T0y-}-WIU5Zv;zou=YjBCYi=b&R-eU>y z1T?4EAi#Ay%5Oe`fTKvqy9YR zx2}xVGM_y>_A+yg{R&b3Z0^_(6`KE}aFs&yKRc|5C!8oVaS(Y9mrU)2p&^#hu`ZmT z+GIPSX5Al&WKhMCi~)@jVVo*ClZ`9*9khY8-pE53c{ku~lz~dK3syKi8HNfCzF=W@ za=*@D3u9W0HRm#UoY)I3y!9;YA^$|IxL$Yx9{t0D7Hx_qRoawGxSW-S(rmI>`$6BI z;B@{3*Kcr{pQWKgymFGut~P%@2eM1cjEVXVf0oQQwkM}mcr=o0AXT|wiq}=Ypgvlk z%X-I-s`Pqo*^;|2llh#2qDdmpQC)5q;X0-5t22^l7%~YG1`J_;t~zH(yWgnas8VTk zm@|YHQnoB83Yu)|k6{7$7)X-qJUsx&K+rE+Hum(gWo({s_|goP89OE%9(#YH{pkgy zBa;6`Qe!Z-psGpD)ce_xxL-99J!<9Bhy9@Q0z^80*)kqWHlI4k$B!U<0d0H{kHucd zSkbkvF*D0h0q=W!pT&NgO_6bMYtVB`oY3}qhA$ZBHyiSJle*BhdBb`|r>$4>K}gMo zW3>*gtn@uT`ta_@xbVZrBi=S#7KQp@QViwlHLN;TTGH$hTjj!5Z*8epAGEcmI$M^# zpPJtsFjxw5x=fyF3)yQEWfyKl-ko^dV8F@AYhm8TJR#R?rLHZx>}?}^TgRTzFoUCj zx(u=*zf)&$7{UfoXBfgKQ1RtCn^SqkgqoZ>csb@|Kg9x+n$$x!C;z@`1Pj)X038^w z^qeHIOT4R0->o0O8h;7C0zQ<#zu4J)4C__59YdABVPhs6!}m!Fnk_B*D;l`JP$Q4)b|lL)o<}i1J(!hgsiODuxtd02d%EkY@Gv z1Y!eA<`m!Lp0!|MblEar&)jK6!eQ^c1wDRu-{7iba_NHU&N0x&*z2BoJzcKLbjdzN zovEoflS^9Fkg#7PHmf%>a4+YPLyU_j%F6Dba`Jv|_nhm^6V6%0fGVIyq% zixj|QmsON2R}ZIxd|OfHO3&jS;ZvDC;bJRY3`-&Bo`<&uMa;o_dM(U3Hnt`2VxDkq z9{V(h>2waA@E0AL>YPs4qkB>(Y|*i6bqqQ%?E{v_Ey4&^jr=BSo&bH)g-kHS1`Zbsua zHJ$HA>tJHV!3S7A^g!x~y&3C2)qe?UW(Y#5H$n6t#?0sY`!NW?3ddT0LP+Hjiv>#6 zA&qdEx#K)uet|D2g!0r{cCX$Oj0HVP?w=9g@RhGrRej|v8{&A6(l@rVg7ucnoW=8}EBjrtbJHD4 zzkeVjkK{2~WVaZYXn=S;WHwmw&61&fh40Is=>Dy!e3k7^8}>mAv~1IUQ!Cu6 zW!GuhA}yPyWp|qIHw(+nH<<+?W9~K!_(qah(3*7?Fvt34T??Mx<#mP1!hVOPy!bd2 zk^{YC*uJDJ&atK0Z9*Q@3#WIGK1fk0FRX2u+R;+7v@3btwf*waz>=$1F71&oVd_fV zb?=r+Ou87+1chfiiTSI5LQH!&U&cs;Ip+*tf8oM##s!1GZ7rNNv+zM9mz$K?3C*l< z8p;(eTwLayhaxuHVBzMok(*Cc?)BNBaKZjLN2!q;NnFtm2w+mr7 zKf_07o*wa(am)FbFnWpNQ@O$;t`{;+46;STrVbxZ)5m!nA7?6k!+ggOXIqrh74zNY znNOMSIA5bEy7`LV=i5C#-`(-K2v}FScw<}ZEsH8E7v0j@wsCRgO1Zwbva+XMmg{>e zD|_o@ws_%|#igZ-w=A5zHeJ&h3Uyx7G;ziF0Gd4iWEg^#!A2{8t; zXk>P;)-ov(u)O=e6`QkeTGz73id3U#TB^I+Emd|1M{m5Lp|{d8HZDA+*Y=8I7jmVl zXt+W$^0AQ9%2a{Vikni*@FE_=R+i}$GOLLX^`>EV37f7ryOix-fJv%@-!c{#hp2*WFx0uYm} z)Xe>r4rjSuzSZb_3@aj7VFau6IkA{O7 zu;@UPnOsAb{djNqu+6>EKzVuQd|SJ@MXiiUTslpsv-%ZKTtDO@zU@j`KZo?HjNCEo zQ&A>ijdy|qvAhZ?RlJf8pEQ?Or1QUIO_n7Ka*Oj8fF7gw?V0vYqoK~ z^TWYeQycAU><^qUZ@9jFIZKFRf7O?yqoE2nsFRTgd>PkqmoX_*s}4c^%5=F*A7l@D z@#YOMW%+DRKHHMd@&n}I)#7pM)E>2N$nCMZJvz5rT`a7}TJ(j^+v3vb{QR*l_9S26P%2tiHt6IbF&sVQ@hn} z(^TwJy9T)&Ru;4R5-bt!xTWC10)gww3WxJ~Di)CX-T4pX3%BI6`N*dU#E7+haD6EZ z`)ORUBXnX_mMcoIW8|$^N~v?cm;pLGZ>jy_UQ)h$)PbF(%4~`oWiM%UN?D>%Hj$!9 zuH@;nTS)nk$63oycNdq|dxC8#*YNdC*El5Gyy}uNzpXG_DJN!ByYJcn_VjPxc zO|xNG5uLGS%0=fxTs%`W0_XWQ(@(I&l=CYSJzo+1G0{#a2e~OvV0~?a8EM&)>47P6 z$1$pItZ&s-_OcljZ2wqS-Qct+@(8hBxEp!QrypmcTP$pYnO&2|s&l92 zj^v8B7}*g$8_8iCa`1}FPA0r*`n5?oVPXoQlyQy>AG81>8k5F2 zWYAa*z#B*eJC=*tOe~2VJ6urM2~8fK(M!198(1ne86<A)6)0C_wiGq%nzhZU7IA{hd+Qi_Z?-0}HxF!|(gyuSZ}zWsyqV?n z;JP-}&l^Bdi{j3K{gZ1a9luugqDQO__9de)&4mZ%i=xkt-H^z-otucnYH(8 zch_F~*Sqij>$Np^f9+edUKu;EXZ2a7@7Y1uS1Wz*SI_M$;_?jU7o)jztCfjdHFr1K zp+IlPjs=6=oR@DPQ%-?iU7#n^grtFKO3~>lq;6G&k9no)lf6&&LW!TiaGi3*LyOt8Q%VWnERNa6v#bFxQeis@pO7Ez<@6H_!*Ra8_} z9y48+xTW>IHBUWx<2!8|O5M|D&-VFd&z|P)dwzgT9UEi9*!PzmS*X;T2KCmBdNb3u z7s&wnp36(9Gw9TYA*0D^#CGNU8;uVcpEZg`ke*s8wN4GXW$Ganv#J=o5iif=D|055 zq!M&0D27ZXqgm0ltD9B)<(yoaP=v2^QlYLB{i%^Fy0*iNvGs%{Ju=b3xke4TbA?Pm zEg&AtU)yi3x+!>7s{E?Z>Z)7YSmAXi2j@OHYu1x<2jBS8*tzWZ>p@u@D2omI0is5< zbUya%YI!S?){0Tzq?2@lPKPf;7vhDa8?DU-t!`ruvUe%%Gw%$?Y zifSKY4MaS?uGpyN+ZlvB`;@lM_QoQ1_gIdtwz;Fdxp-_Z`=zkTIc?$9D+Uwun!^Kw zE3cX>&BGWofIW}R*z>3*S0-0b=ZKrMI@O3q7$NMw?D3hU{(REmMTG9E-Yt*gnh&~uxXNym*}A7Wn!B79Q|zG zQqlBT4f3GFzUALc<^dVN#-uOi;jLrHMtPYXPs?CtOaF%F;l*iU70&{~C-IgjHR@GE zt1~V4sQ0La8ucpm2DSK<>Lr!%sBlOS?q(1CAJ*OkKCbe-7e4Pfvz*z_?EAiIMx$j$ zyJYFumSjm@B=5#V81EK@C2?8I5>b(0nS7~f;4_A#7t))8u|phUmbgiZn*xD^#ch-P z(v`m!5~4(N=8vPEghB~kt7Krvlk~{tH6T-Y%s?K2bC8qfoAP-UUEQba2qWw z?`F%tH};jUjC~IdlCR}hXzmv|rk%GJ{(!N4@4^u*y?|QzKEIf8}kS5YW{*GKU_S7PDP<~;kWDzQb+BGqW@I2B*_MBB%wn-3c@u&ro5~A z@q$MQqy{=<8m2wmZYS$gb>c5PT?8EQ9Pf;GvPzXM%x<;{Kn~2rc|({Xzoe_<{@M_F zk5BNB0@ZM)4g zq&9c0ZuVG99Ru;kv5r`}Z=%tT5?4AP?J`Y6PK#^9a!L0kz0u%KhAVmYchUCI#<_2c z;FWdd)pDsn=R%yGh5W!n+Kj7VST zX|Lv1ZdEefg`DbS|7HmkMt1cL>>kd!OyYl2&X4MhJFhGZSEC_2_F(nG`|P_|V@ct; z)1YzV7CRkPWU*t8`7_1)RgTCY$F2?P${AI$`bMJZf%JGiQg9aDvpT$SP*(gRxi(jq9$W&?`etOdE zSG)qupah+n7TBVoRZaKj*<+NwLLsZlz_z7{v^v?H9!5o)&iI=3?gq6f+vl{&v0TYo z7}?p^w`;V)Y8y9OcU)B*u7vIK8okM=$6BDVIghnq$LKscKRR&r{FFwATs}`*u#<47 z@2Wn$W5*)k_fC(9?j29Vm+&4BcgQnA{t4YBR|n{Y3h?S`dS6%-JdvVx!Pkf&&C+_& z+Hp1mO}rtt}FoAk^=v}gvdG6bP%Wsu7R&+n;rGHm$hfr`q7I2FDI-|Lw5 zr4M4rAb{N-VU@+Ack|e_8-M3pTl3(dU2Im5orlGQ-3R-h5To@K2A>Hs7+@kHX;BkY z3m8eV`XdZlG3`Lg?IH6r+ks%AT?Alu*{1T;jco4AhIN};m!k^m#*V?AY8+(POS==T zDK`KfLwg5Pci&@h%WF3{k(TIb7}I*uOG?Z;Z2aut3sa6vnlUQmMJ{;WNYT5GDcYtsBIKC?icE?QH8{;f7w| zBN`J++g^Toa)%^a^%DlmioWuixnZ$$*L7SDRxb>)UnBK12F&WeoE8e&oaSqDj49%C z%OwS50-k?K2NJE++TM5%0c>1ZtbECyXhw*6U0-HCF7WNNuM3p<5`D^jLpNdUlE11Qn4 zq@6}|0%?KY7r2x?{{kkNzXxyp#T&)Rvn1+qDF82Oxv4bu?1*)!sd;^WCbjgc-lf}< zcYLOGbHW)}+qiy|*_#V1*ZT9-aJJvoCI@2!S1s+{Hk5bEb1k=iQn9SHIG2sEqdMb` zwPm&F!42Y{Husbh92Bl61Q)=d!s?X@BWy6=G8henVo3x~TlhH9BUbqF@O1cJ!{T`O zd4LiE)57skaLhUuaL>{nBg~dzLL{L<_-JnVSAa^vC}_4nTz*wZh}scDD?~#X8l4l9 zq26f!x>nDmEmp}o5>dZi{6Lxeo!OEe*wQ}tCR17li*DfF#5pWm5ehlT)x>v6Wf!U{ z`1uv5C_9hapc=B{3jDxlR0}{9xuC>R_pH-A&Dur0P_11>sbmBYU_KOyCE#9kO?qq2W;KT_Ee(@b zHr6ig+XnqAN!Q!Wz?QmeyTq?jyHagV|A09S2^UnaSB42;qO=l&9KdcNfyjk>0K34V zUShT#1{4|AB?ER&SY_j~Uy-dNmb>)R(s8SPjb#>mvYKo>A9|ZK2Z1gL z8Gr4#766_7|6|k0r0k0M%;NBvc%yRuus`N9Q3V<-Y>86f%Pgrn)1(fDcy@x9UShRr zatbeahzZYU2}e$v9~WSF!Gj8T{%P$4uDRo6L#Q1K!9>cWiIjR-p}ZE_veb~~h4+9L zyaznS*LhXcjY(DOStc~CVL_pe*m=2G}m?OsISZTU^ys2?4KIR-N zp?H{rzYYgxEij+(ZOBQ+`ofrf@C8eN_zJKV0tA}p=6C1byb1`z^WAU4ZHv&s z!pzp>CV%2;st+z0j`OTb5+u+tZ~YgXkPZyg+qFm)0S4Zw2`oBTGr?dnnV4m`Y)oSV{o3x9lCh-+sn5)OWq|0v^2d z0F)Fd*ushAbdnL=j4Rlo88bf(=uuc@K9TT~9q1=<;GcC&KwalSOnN2+T69)Vn?Z{o za_v#mb?TF|YG|&3^3%>_9rk(a=f#Ti}J>;i7?zW~F&!f61cGy`%eL*B? z#~(Yrb!D;HUek`Z*EHhEP@eYlnWIOf6&_EMLdWd|q;&I7pw)8YoNKop8VTOi zaUv!2Tb3af-cxhvO+Opr?}Vaj11n8d8cQn;ot4|DR%lGzHpfPV62P%I3*kVn44@h| z*Mi(U@dH)^*LI9Nb_~>Tx?NL^9;g|X_U7Wst=qZDxidLgvp|_t7$U=xjpz(Jt|Xh& zEuSAh%S}*P2ikdfE5^tvAlJvBchgzp!r@{t%{q`~fD;)3H-ZTf5CwV}gF`?I=>UsI z(*!EZcr0j8EY(7&Do-YNh;B)*7uV`67IAJR`?VERTlk&=Y_|uor^>8{uqr<#G<>!m zCAGFtn2Q`7CR%+Z8bb#bTrNPKkt_`xTr7Ooa90b)l78n&z)2Y(AlPSoPWdx@EF|W+ zEl86L{|d=<66pcFB9WsmL+=LKmIki7YmiXBs1db`$+6_LUiRqaB%*5}Y5EaF(K08R z2bx)E+EQ$ak=g*P%LmUwVCiFay53WG3(p^@9$ZdIm@Veldi=9)JM9}gm*Egt*aWql zQaGA^LIIx_CNB%BeWWbc>>ZvOnM3TCt7P*NvB1tkkV$AtuXJ~I^v602fjwK0r4yB% z4z--`v4snfY)^yl+MPpd>`rBPc`TVK1g*hTOL}On-Y82GvNN7^hP*DbJ)Eg#N5=ey z2}2E^G6vt*UErSg3s9}Nn{)=%L20XY95FnvSRy|Mx9Iu0pFd#;8dtMN<|A{R0LT3b=V#x# zif^)Sg(DI1>n9zuE3IyBXPLS8wyhH-fW^xcHXHMA}379kF14)K)Bp_#vqoChY$84nCoAIE~mkN~mCJ@}@ zO5ARuP#QT8ibpV5f>;wApYS9I>`nnyxNZ={F?#QZAZeC-3f#Fg44^T^cI!^z4yT>NErT^39`jU0<-qVc#*(0;*V=@-GeLX@G+f_{m#e!$;Te_ zJ?9f|_OV?)w$8_fee6RYd)CJUU)VP-2_8up2#<$FZoGyiBOnf|jR6d*k>8w=lpQ1W zjW>nW<3`pC@STdWG$t^PcN*Eakr)LeV*+Dng!wdWHhO@}g}~(_#s#kl{TTvv6Uyu3 z8uoinyWknZ=kJm;iP}Glui1bYGR=}JUmE#|fqmA%ZZ@z%!!BfL(c5l(iLnb}q5;Zt^ zHZztSO^o_R!%9YByOcjt#FB(EaO?{byH>hg5)}ysoMqHJYJ>r&S>4=#qu?yUs5~|c zxq|@tr?lYgLIf66HuUe)pXM7;d!RQ;^*82Yw|K8qZ+3AIm)c*_1v;wrj8E!)A=Fzc z1zxI!CKvkCjwekN;154VxiE{vzFJNU*^`hH?8C@FDAXTW+q5OW%N&WP9L{7cY+h{& z#ga}(G7&Lfo!`5m=xPTIhp? z=KL_*nHOfN7CC>Z9*4tFToT6RQC#*ZhXZseiz2xBsvo>{ z6u~`cNuV&TyO2#-u1;@n`P$SSckVpavODeT=te2p?(Pon;1|^2Kl|*zE&bCW2oe## zzjtuo3E{V=g&+igCjNd&)`Kp)7hYI43!lw&j!9dUx1@ERBK(;P;JeKfm)CTVXg_(H{I{3(N zS*6Je(h$#=Dz9TGf#-6=zFNXyJ@hhf3f^ZT(qMS(8_vjx)nSBOU^%k|~u>do9*a7*FEIwfb{SlLs zCntm(h5HbN7Cb@*qokZPIfKpyr{r{|grx7J#i>M2>M@&do`W|Wu5b!*Po5)|6h4hO zB(TIt&nI&b?i-C)hHnuV(1goKw5DTKf4CBXU(u{nb*}hDZ?N5-mQpleSKYy;@uWXn(-vcpRw})2*d~@K_T& z+QbY^zNX=(dzy4jZC^^BNQ#K8W(C24t@Al&YpWA!z@@2IKeO&l#W3uxWFgAiP5OwACQaq zHwh+{pMYY9H-~}_a{|kr90~IvL?ej63?52%#tTiV@Q6_^k5vH9o<0T^(L?^(YZ`l^ zoBrnWBFDE{*HjNJ~^ih0Za1%niA%4$GS-}wE!YPZK zZDIvG$#l8!h}R2RFpJmRwx`kGxHWI~TYw{hAD+jnV!}4n5+i#eMtU<6@ZNnICdMir z!O1{pRLFSqdLlY0VKqCZBXMtF*5g`dKWNpQ@d#m2qUbrzbMyB3%9}5Nz2{X36Yi_! z@b8)&mqa5vwI=Yc6cBg|~*6AiOoPYrBPe>cNdn zVJ>hPV4T=)j8jh7i8qXRe3rkzu%9&y{o2`oEb~z3@ZI**3-6~kNs{=ARf<-5-(j{COx#OGb?F4ui7aon}dC2~Kf!y1RRBp59vGLrU;D$5CzP$7XRGW;vmHx}W zOylV9x$vR%9poRl5dXeG9ZBc+o6Uh-s-f8kb3hbszBO<(a4aD00h4T#xp1JEIgraG zipwmi1Bs=wJz(Er-)Gm^?}!c=p#pE#@73#M{T*(=uW_0nbBrjB06M5sIv`aHA^Vr; z9lD~L2e#&e1r8gtSEp~NCj{f!&c2dcv1h=av{+5PM&H1m6*=Zwd++Y+o? z!MRtMd+r>Yn7caI&8}2;4P~*BqZVMECv$p&G@W_GA>92xI3ux7)6;RcYP;5^|6 z3h1}aRUqQ%WCVx_haGUGIR5}k@%POiDS&KWe5MFVHYc0}f4WU*Q2hp@O_(v;;hbu= z4cKn5Nj9SjLtQ(wa3=rgT$MCV_s1Mq;;*Rp-DQ9I3Vvdd%*Xw~w@7^F*K?VEeNE=$ zd)aP$Zw~$vk}EgR`y{V~|A)1)cM+d)KMS0@*8@*Ac-)Dk@HGf-9z>{5P)uZPu4Hp8 z)|_k}nLNoDD+Z{0>8hzCA z4a*r&m9%*VJ)-Ai==snaV5>%czP(#N3hH$}zE$O|$u}oK{oPDFx0P3+2;n$htPs|S z@-(6bU?Q&8J40!&C#^UG7H3p$(YY4?Dt_OZ2*XD$%Mm58@RDLDezs413FoO%Xc4~n z%pfr^x6t-o59ecx{HXOC)-yl~-+v>RcyC11EwvIUo{^l2PjlIm$>)=AB&Fp2DJ+}k z#WzGrykBQ%ZMiag*Es(rB|aR;unmS9f>t z_D8DDmad*~xTmWHwhq=Uk7-DH$UH$Rv})t((A^J!@E-mB712v3e-jkdja| z=n* z#P5zzMH4#)>VeIHo$=)Ej(wjZ9M}3y8jfr3`}2{`9URP+^hnm8YDZT+iF#E zWQ*Q3v5^D2m{N;?-dl%vVGcPiUb+o)NUV28;ciHoFAIKE!SUqI>Z}u@E{a&H6H{4g zYlHZ~-dF(}_ch4mS}h3FftW@;2$Ro`S`ZU5aLJd{g6M>;36Oh~rKLq&uUjsu1tDr0 z<+sJp%u^;|>^Gq7>PxC-XxcwDfUgC~(3pSv%|Heq+p2-)DUZ<9~- z%_d?YQ#2SAqhpp)`xSQ4K5I7W4YH3g@rXnLfc2tQJ3xDe?t@uFh8H)TnhBEy@r@ay z3ILZwI2o@1AZ-e_j+EE;v|Wthv=3(1w~Vv|S-N%8V3X;-&r6=wChJvO3(H$VcH=79 zA%6ZoQ+YYI3&}-{xM+l}nG*hQin4PaK#qFeKweq}o-7Z!vp4~Xh2S?vFAIlc#+-7- zD5drTvq}&Rv$Ms4R0QTohog7+72$wrx1$0O(L0Ey&|Z{k7&3DB|2b{pVgO)7k_ibR zIyw2)t0ho6zeuz|z}9O5m0VLeA>kUqY9)V8f6Wf4Eo38y7kYp9-S5iC^qafc;+&j} zcTco5_C@^dec{HqlijpZu3TT4Sn-7wj+N`jws-p!%S2GgsV&+XY80-+^^H=ltMEnj zYDZgh+jyHKyQ~MTY`66$t7vsw9*wiOBO*n`S@Ecd${#2IE}m>)4MH{Ko%J5|ir08= z^NQZE$FDP+^au41>c!pqn{Ze>n)ycN3<4U)lTFVzz0o8!`Ei&{zKMf_4u6=*uUGgh zO#S?O__X#er-*JN`Gb-rerRJFJvrd;u<&wuW4`k;p5iMaqdjBIy}eB$QN;;j%rbx6* z&t+OCkhWq5dmtt}qh2orlzLwaVc~_jKmCq13p>y`P?y{!b3T07pJt)njsB}J2ig< z_gV$xxhPr&CH8#fN0i`#3@M(%79a*T;OOcm*~Q5&w7Tf$+@JsXpU-w|FYV22C^xRn z?rz-PaR_f+vtrMREl;jn^W~9|FRxkuE9fbdaX zVi3>Vh~+%Zn#*nT=9lLFSbBNxkF`EZkSpIqK5MVAmRZzO*$&oOdb}hS{Op**HV?5- zC$n_2uePy!s_a;W9cyO0OUxT!@HanUWwTZ`wtA*)m}!qjx-6`t$Sg(sS1YWu!YZA} zK3zYsY)0s{r)PY}5jyXJcYa+onwY)C%?$W`;An-JDon17Jy2vf7w;*G*B05PBAXpx zw+*oC2H1mR>>&%g&2q0roU*X3&@sjain=3EF@ozK>SeuMh}06ag#1I*$%WbrWDz^7 zT*D>j5t5MJ#&Pr`6g$DRk%S|fN5olPsNg*kbCk0>|Bt5{YQAQ2vQU&ALXg)Cn0Fy9 zR6>F4jqeNE5^f#?(ZcWynQxQ`Fc=%@>gw)LGfP_|P7v@0quaMsw}iZbp|*UtHB^Yu z2TCCBh-R+Yv3zsrq|s)KX8a9ZNxeyr7lk%vb0stByw4gbbQMD7Y}n*!OAW2{$g54B zWYQJ%x=j3|U}Gj~@^)ocuJ+p4&qclDuEs*?u-5{;%Uy|w(ji2N>D)?-``AYDZNUPQ zso}KXg*xZ5xkkJWNyQURuz<^o^N<%sf}`!V64VhK1&h#@)kUu-{pqwHKaba*#eK<8 zD7p9tv1#HV7SCawf&T&F=6_WGOXs6QZ0H-FGoG^^=^+o>hcM19TZDZmCs#nJROD)k zqOkJ${x|yH>6aesXZ^Pv#(H`__D1ZTm~k1JNN0? z3Rr}q4~`GmgIEsdCn*mYOXi|qh(RAq3m?KYz)wtYW^CiXBhT$}yTe$+?bgY9FCp{N zpvycT0C^GOxvs137#zIgs;>I;Xko?9-rk)n3iao?3*bqM#M_4Rp;E%D^IO}~)xrM0 zeAVvO`;h~G<;H`Pt*w&>H`bq*UALxKTyx#B+VdA8ZL2G-tJ)*7#Uk|?-75zB$DPJL z$zn2MZRFS}o4{FY7g~iQYH=jKB`%JH*=84WyO_?!q;F);WY1=$?ERZPdp%;#)8QEg z$90vX9lgM*Ha~BD!}<HFXz{?q}G?gB9WQCNH66MsxiZNk4Ykb#; z>RArq;Xt#4I4gfdY+I8x&n^a<3bMRVqT~7eByuP)<`luWG&3oRgj4dQ)NS#40uJ1y zFZdeumXzX5M_kRRhOV?Du&yE5S@4G%dlL4P*WgNo{GA@NdkNBh#a*JPvwD?Sko9^p z)x^7c6H(;G8^czBHykm)!(bfH!_tJl2%iS~A$0ki@JZ|`BOcGM3CFIc+V_Bm6aj& zSDQLnd*@Im?sTYaW1IASEBn5Yy$p_+HbA@zPcM66*^iLvdrSL2ls<$O-_^Bb$%F0e zns%0N-`p;?Kka$J^CORRl=fNy4x4>~RNHA|jn9v~G4jrcG;-6KCU!;BRMSIElG?-? zKq#=V>0-BNn{AVM56Gmz`t-y4O?pY&h37RIP1=Ka31=K6I;|0?u6!fTze)Vr z*opX^Xg4c&Hp5Dp1Zfk!goNLwB`70oa*1Ey(*23*FnN^o;K)NFk|3rHa2(c&=l&Br z^tiv19c4d$~^ z#;_!?zM8~oHYR=_5;dke=uI6J`4EK`k&+kT6QDQ|K?dE>R-0I4?w`c(kKpqVyc!jF z83@ZdrH)Wtkay6@10HfPyaN}*1LiXxU>86hrdpH{kJ)2RCfoyY%IY;ljmQe;xyp-t2_U3Ggvv~ z{U`Hvae)`&{i_#wAt%Kj96cxrwn})`c@JiI_{TJCROQ6O#LzdxcvB zaT7ikO!7BT{48R^f9X`%cPcKQ8pUNiwI_0OtV0bdPo~307qtxR)y^mv* zoCV!vYw`LICECVt=$xbY9M%lPI?3(%dJnWxG;(6>Lat-kd6p$`jrX+|T%aO%2kr5o zl8uI&oIz!IYII3wy1`W#XpE~ahp&}=Dj9MH9L8?F)$0g)-EybJ-`mt0w^Y-iQqpBN z^#K;a=WSXXWWCrMlF+5v;UVIH2nixwB~LYBgz1@}NYY(!2QNJWnu}=e`5yll?;)yfCr5uXCwK5~D-v&H3Ha_L{N+B>HVQj$a!WVq-Fj4^a7zKdYdMJlQLqo`mg5>;1L;>S{-t2) zVfPZxW*T_o`nk$~VMw$!thwQi@`hW-idQ$Ru@}V~82iJ|*z=Zsdpg&3MU3V@d|671 z2!7#A>k@u0{1uxL{baof@A2^-y0BcBL)<$mRMemlmj2us{)*RPiFv*8m|%U(@t7Q% zlCL2P1|va((o7~fE{XOd6mw#msv%sfAeqTEGlCh}+4rL%bD$6nm24Jk*qK538Odt3 zNUFh=wI>snkk2mbyLAS?#UV@PaL5bAfL~9A^$NcdzYDIECS1=nwxsTx27}dduaVsj zXq)+zpnpob5g~%NVQ6SYaL&C>svd&MS_K?ttmMYRt;4=ubyUCWnubq)?{eog2& zKju2ltr#bxa4YFJm{ZhImDXXra>4_6KhLgb*V5;c0e!$bJMWD1%ZOp*z?WDurM;Zc?q*kXX!;k|?$f;gqrHW+?> zI*sZHqgd%WME^l9gGHuWT$1TCovj)PddEl^w4$Y4kVw#zg`_{5sa0|H=URybJ<`}2 zPPR1{o7>2Q^SD8RUMLjV3k&W%j1lL^mc9yqBcYCrsB3uy{zms{fV}=+)f5RCoD-rY zTnnLnMEk=SJ05QnW8olg9MT%kxBavEzNdu4wYEa+qK@a=-ag;)=PQ5iIlfbyCVAal8x zOB@h3A`-7NhEshgj(j87TkUO)XB=d*;KV=`1)S}8L_DsOQ%=@pZoSeG)qref8pN_* z`H_^UuMOG4G_)qpRP_Htn)`cZ zn)^K)p4&S2uYqRYzV7Sx?XIxDn%m$0=_UUp?xHB_Hyf`gfAaa`53N`=@+>*fh(~-m z=Mh&~KwY(rc*J)#vGq-C86Z_n)h5x^#H1#+vB=WJYH@i{auu0WWHQLc8^mrnVw-Pk zzPDL=xQXpA-d()EDD5b+q2k7($V<|E2CJ>u-vj%ot+A&EthdYLc8jBwW9yib2r zFK&jT;fbZKUHuJXsjaDNQedo$`{SGAd*izJ9b@UO>1)zbTG*GnHFq>8ZO*aW@Q|_* zRTw2j_6EFLy!*U5?;Qsn4?4sl$419)*j2M;w%5$I-~a=s8!b~(%LzL*i2{xE>L+i# z4Yg&C-X=0Vq!B_EzV_k0JP)$0XltC)!M;^zF zjrH$Zk^c`U$?ey!L&WT|16yaa$emZ-IsS1(<(9aJ8UdG`=GFwAOE_gjAD5|xnoRw? zCR5pkU*nLl3FZmLYUNTss{LW%Gn(vUX>b@&W81v!)A}Zvs`Wi3TvzY=H(-SLn7&C? zYVGgl?L$wANbC3w2qqHfUu1!C)MnDeC9dCrRry1H{eaKVnQ-Cn>fiB8m8dVMgo{DD zB)Wc_(!fs88KSj6eBs5~^@j{P-dJD1ezX<YCSbwgk(a3CNB0DPn>CO1DQ zuuZ}qL3H4XpU4aO8}r}DOX)<6VmHTfmiPg45;;}@APVoWZAO~xP}&bz;T`gpnlr8z zsKOeCHV6rUJha!V=U<1J_B*Up9OaxNuBI0fr%^p|aNcg`E_RT{f4N2)KQYm832pq$ zjA@=Yo^`Kek&C$Ff4uV7upPPnLu+A1qBFCV&(lq)%dTNxgtW)xnqcNsecUzPTRun7 zn)o??R-021r;w@CAeazYEH2C`)iyZ0sQqE#Z?wL}V6ng(H(b&;&8gP+l<-Qetx&$G zW6ZwRFI}_N_9o#6^|qZ_zcswhd|O((THCvMzuGxp?88M!y0&pqS6G;T${*a${t0z} zEy5vni{)z5H%#IY)C@H-{X+n9O0SsNv*wq~;t|NEmvrp3?iHN~GCZ(}S#5@I$m|GA za@j0`#ZC}jF|uckFB!!n(7kmpF?O20!o-IFkTFw)eDYJDhA_heuxDftf0~z_)!x_M zCU7X;23t18s1Uv)AQAi87r)q5|9^Y^1>S+x*K^@b@Xh`Vr(8y87C))xhMIOai5=xV zW${oWyEVr4MOk;06{2h`z;^j5ZDtQB#Q~+H#6Q%7C(0Rh16~iC?=g$lnAj&}CMEFu z0l3k`t!1{gk?m<<8w+eC&EUM=6lFtEc6Wqr2r)2l9|^GCK6Z_lUEyI5n;HHd<*ph6 z-2ss}TAl`b579dPQVoHFAP|iiWxwpF6kI>?g90Co2TF7S6CmmUB=lLAm$-bqV1-#- zrkop1-2zn&z1vhan|!=jDW$ltGU;71(uUquLulnga9Ai(hGda)EsK=FRJ<9Z#eQAGWuBZ@j>QsmkqJteOAx>{afgYg z>YHTD$1k77ADWFuJ$()SmYykToJg9HZ|JO+UP6fz1b4BBIKk7!@9_LPoP=nVu@8JE57p0B%bBBhV%O82?CJ;cse&g?5B4dSrCOQYyp3KaJA29$eMTS}fWo z*6HyxctGrk+z_>IF3)_N4*HsPz5QywOpMU&+Zw<(UTE6W$Obyci4OXoi5uGInfqS5 zMhxAxx@moRdL3~?hr=tICdzkhxNeyJSqTKub6+Et==RO&x!nzPmT)dpE_bL}E7>Fe zRg+Voq*G1dpblcqP%|+;s{LVZzYyvr7z*&lWCj2zG2b`IDXs4*^jwpd(Th5sZ%eXA zYkN0utDQZeMszG1GULn;n3p~H8x6Zb=b(n&I4oRK>p$dn0=j{?g?24Cr$}}$flh0O z2OnJ6eo9FLw1Bo3kz#poHXv@Tg!e}c_%9Jx+;>=n10f6ki^O0Hz$wACR`N#FeRFt) zMMMshQVE82jfuI)jO|_kT@o5MHXO>&Y5dn+Ynokox4XfONGs>Ye%qD+`*k}2z%P7C zWN-DYZx8$lu8@34?~5zoml_g&q<#@qvhst>JIJ1BVNW!(Cz@EPz#;_-q#BU#vz*=9 z#cpX~-5&Nig&ABv7iiR6GihO_D$g7P)GE|H-Fr06j#k-SRptO=V70fmnwC}!lX`h9 zC*>52eI$49U)b0^wj(yt0_>p8d#Ho$>$tT;?3gtyeQYUeYK`}dg&$0?#B9jR1Frx9 z0Z0OE62~%DH5d!(E+ksx%K6t3BBQaI-w_KuuG|q14N?o2qL! zFP%%SKu%Sm0cY8-?cSippKt`Cj&O6@y?u|jm76Kx%9TK(d_U_KeK29rUDPq7yRT z*&AC|EkFNLu~=ExlL(Z0X)SZ^KZ)w`k@jT}mah{utNlaO)ZH0#Pl%2#zSusZ?cpJg z3qxF{gE#D?hV$*%e4kTb%*Rd=oxO`XthW>2nQwQ~Dy^MsNb7HKaew05^X=|NfBf`z zc8%eSCC9RH(Lu*OA(`s^N|t(iwiE5G&q<@yl@Ud0BmZ)3e@>>@n)?E0+~sOHQ^rzx4|x| z2OnW4Es8!8Uf`p^ZbYsKV_r+$K{#X{@V2{qW5S$l>P}V0yK2mdp+(Gz>st`_Pi}3! z1Oj(WTc6@^0(-&v7niaR=YeqHkkJLk#llDNDmE9(jTZsq#{HIvn$d_EtGVCQ&~d~? zxSVql_6XlpZR360`lkD&KGo?P5lL}Kz!BiH9??C9P$zS_V!5k3?t;YVJKV=MBV<1V zf`nhHgOIJ8iS{NQ6JsZO^IM8+6w!j&TzaB?bA{0&m=&z1fJqrK*%Tk^2$EW33I>A> z!KvVZpk5C0Nkm183XIswYbE#$5aq*k;t{7c@s~s3fL9ih=*8D2UqC@6N>G{9e~g9N zS+{I2hqg(q-*UNSYL~04+d>~rSr|^`t-;H!(v-tk9=@{Uaw0<=S#$hsBrZenlVb0U zX!2yLCQm?`m(L1DSO>YfJh`;(;ZJD$Kbgz$hS}Qw*V>Uh(fXX)p|z76v<^veC%MDh zaXF#2yBqDeoRIU~=upzNLd&O4YjT3Bx&IAaE3<0X`U8HgTthJGab7V|vrf@BPGaGM zMQsm%mtO;eWy%|J%M`Ze?@8N0k={?E-YIweP+g?KG{x5I{pw zgheXOTcjdkWJTcUgp|-J{9HZqwIq8e$sUWd<6*V}6(*C+pJY=3Fb%U?6t+oWj{#2- zje3(T$#gU6TsYv%HO<&Fz?h3yh1kjvi-(#+10l&_kK5sz&V}suP)^Wwcafbd277uZTO=k+nr>aldL1jN@2#rNhyVe++a$rj(#pSUY#8^U11VUkV=zq=xZ7U z5|6k*;meu=koAL9^Yp{b4|!AttR4w&@Y~EEs0c{V-z_*|>XHb-T8`19Tr7X5)RvoP zb0z;xzbLj{n`rcRZ5!#mqBolC+uTuI<+7G;_3uemdwt!}JNB~FSfZgj<8-Cl(;(=# ziGP~yxbLcEw{Poi9J#96wRIqwuulv&45ahfs=YN+n!8C>KED>hwZ!)U4pcf25wCFWKSCPM|arO~!AN|Zx&D?UGzK_k+UwvX6*ItE992QHkiBm$6^{IdV zVD|AWDp#;uqsOA+E+jPs*d{+i!hNru9k;P7&DWa64hDezV*-1;$i9?i2eRziEZdr8 zPo&rbQHH4T?kL+3Wt#(VQO=shqfvI$#tzsH*~CCBYO@9rtScnE51ARfMK=rg2%c|hKY2NAH&<%SEJkT*SRwb;y4a6`zXz+$7lL}{bgZx{W76NRg_RE|Nj`$)yD z)XYANJ2oS9e$C*+uQ+V*IR9^vmW!=fcahR|tULC7u=(^JznfHBeOq4Qh=_M1apLb9 z?`duC&|c<;qOI+7cY1%6X&oA81>fJNs(Aixda|2Xy&BZQaQdolBKGom)WU_OW#)?P zy`sN)?pI;rO2FFY95{SmZPE4>-ba*)%j}@v2$^jnTZ-#}m$p5;RoknHa;@K{ zbTZ+_g=zwTxS+vV2HCE_*SJp|dMM2v7TF;&XSZ_{Db*+P zQ8_prKAw}M*;sNSx+b*p^QJFB0$XQ4AN&#$B7A%;5R8;4d`X{xnB}fTvTZQCm_^D@ zAeubNSODgt=4*sqSLf&?k}{BS`t+C5lud@ZL*3h!LrK1JCuimStBaV*q^Fd*-Zmkoo%xG)CIM0yX>V*7 zMFd#eS0yuvXv;v)tnLxxNuvlDfUHr^m%S}(M}}rc=eg%G!qCleQsIU2CPtp1K(L~= zO%k6o_vD|SJp1EU0b;9*Q|Rv>$wU9q!`ZnQ1$wa|#xCclk2>tGg#ktynqBX24g7B~ z)|=pZy=deSnG$s$$6=4X&FdC(A6pLc&4``)WX(^ttXR+?Q_QsB+b7-pyId9yYqD@s zlZ9#~rH>-QKq7#2c&$(Jt!aHu38!j(7Rn90&suN+ZM8m0Zfku`?bQ0r=hM8;%td|P zQSX!OSm?9Z!u#YF#Jv6TUGd#|pKM3H&rFf`$z}HZb$(^O&ut5R78-eVW`Tit=VP~o^d2v_) zC7^|ANu>bCJO#ck;hCpAluNkg$Ho#DvCTjA6gy%MMJhvuD|c|d`N^U4PncZU6}txd zcCN?=EC=AsqB+1o`1tu#;A{Hci{hdPU0f1#r8W4WNM{fZ3Y_uxYC47}WOCewou6CY zFP%ZWUz|bPwYg;%{zWw@G2SnQPO)U@I<$W29OC`5?N@5&kglQqBHLKIURv8)zdJ6v zUc2X``=#}*^}C~POXtfA{X*&3g!3(g^DQl`S6d@3@QFMUJ&8#^jI=Z7e2wWWF9V$k zxh=Ia)51cXY3`6Z2Uv+#Z5TNQFTMVzCJYg;n1?=iKjtjyTvUnrBMuK_wNiEJwU-|k zHiNd7hcGW*WchXr|M*OnZh(SMoUXTtc%-rkoYZ)0QI!Bt)?I;E61+n->hASJoL~QYDW&r`}3XXp0h{MOiq}1Bkw3wz2ylr9g`) z576LlBn`ob)+-uWvq+yid0M##)~hmG@by{YxNW8pfB zE!3y;(mrWlYJKjgUuR3lC4CN3-SqiB&k7$xV3?m}_O>Frtogy{o^7?hjO=fPzeXF< zVmn*97J8ePch~Z8Bdjcqv=oCuO5;2S}mS90tZ1qVtr9s|*$?f`h}d6=bl6*^L0D%Z^ilF@^a=DqSt|ZgOI?z5GM2gI%PnfG40GjPFU(>J_QU= zAnJ{Sko|c2aQZ@8+=jF&(QLX4bm#gr1iC+-N{)HP65(09^t}9r{EiIW<_rJ=pk4g{ ze3ys`*Y0e>KqV2djghj4or~Za@c{hpb&z;fLa!q7kJ}4z5IoR#le~UaJ3r$n*an!= zMU>_fV`Gy~J#~4tggry6mC2z`)(R%P%dGPS6E?ut_;cKABgc1W_?Me5yjq)M=GJgE zwRj@h{v+CE$ahrpOWyPXUpWjdx&M;4L_4fH=H=(4*5|z(Q`1izP-ln$9r0;Y!o~}u zYE#%M9eudbp^t8XVYhc^YXk#D%`bSP-ttIkzQ5)i~vF?LHrVzPb?f;MjP@rQ_E&64WewB6zd zr3_c-1I6z45DX^NFgw3ecG+rLx^V=$= z6Xo3TRA4&dJDvr}ER|MrjRX(H*ZW7|K{EP?va>=4Q`DdELePtF7uK?8UfG6 zmuxr8SJnWCLo+VuvWspL?&hLe8;~y~RsKdId8y6Ojs;AY!Mb>kD3*-2PvV%Bgt+Py z^a^^@AD5=tah<4@{NMv!ulDieBxsfSI#`CkL+udgysI?%2Yk}gm_z=Zz;u@xaQ(QJ zWw0~9ExwEQ(GKsgW>`UZUq-#$f9LX&Qn-!66u4Vzv44-p1+R`vb3dUiILlVlVgWFA z=xWP0qb@VVI(_#9aO9}* zfp%+Z?H;JNJBxNUeXSkogumy!GrT|HdJ)$uL{(2%_4!7^Di{vKWE_N5poY0gKo$WX zQxTO-;Uj%U&A#kqx0%=n1_oFsl9f9w3`Z;cj0H3M(8Tu1pi9-!`91A1`}0C4k_KX&6w8~!YBZtYz63Iffu6l7Vh_V2L__amM(u-*daRnZ{W-eBmw3G50cl z5f!FDuQ|aa406dP%EuJx-Riqw4?qE?2X&ME(|;oUf4)B>?Csmp<|BK=je&Ov>(zukXhZf}?==>7 zyTqoDVCpbiP*hf@H;TvXHv@=v#4MRDhjb4iE~`fx{VZRRK|Q1!GcL6qURYH~8`O*-MV2Eqv-IEY*A&@w#c4(|F~+%VM>gra?a<9rvJsu>O7vJ4BZvnAW&! zRbcp~5SFTb8LwADZ)!zh{KUUU*Ma|V9aI_S-#3kPC$5+rjqj`1hj}&HUq&cz?gzR4 zj&rYM-DT^+$5*s|)QiA@r%WBl$DK{TTcj;m7#Kyo?NR zJn4eJ6>=PU7;z2pYh>H@)Xv&KgkNK{rk@+p=dbyiYK69KU{~Fbug10GebVFR|DN9G zJ2i(mn|7NqZ9p`emhk@x;m~OSe9x-Qkbj}zUZ`zIj@xfHdF&=3Vc)MDOX>F;k0td) zNi(TuEA{Ly`+Xps`PPMRsR?CNwNKcuwo7exrneg$OHHUq9Q1{vPC|PcunMb_RqY(r zRwGBrVGW#v9IO2GL0##fo`hI{I44WlCMgf)m6)BdR2C9>wuLYy- zHfy4%Y|mOua#+p=1Koe}CwG_6|6F{g^0_a}wu|ii%BJDwfLr7*5l#xWP;0Mo8 zQ>k9=VW0{nfo_Ob5IA4s&IAr{zDCW(_pwmvD?O3W3f9ve1}=Nk5xVgwahhr+!JIN`#jIAN{k4f$uZ80Wp$^7SPOiHl>VTAyV9@jhYyy`-&K zQE2SpIOWB*8r9Ju`;Yg@w(qO;nW^x2Erm?$zRX3~XYhai9DVW#Yq8kKamQsK639tP zhy=c#`StSkOnn>iH=n}?+TWxyJSvNvBs+zK=l_QG+fFVM$U-AOY|YLVFZ`S^*-rh0 z=vjoxragBn|Bj7#g}78k+jC)$%dUsT=dN8p=_NbG@8CXpzu51u;977pi5Fgfy1j&M zwf*kGIfq&+Xvh0wXCct}`E|$BF%Nn~tNQtc>m+}G*55XcYs799FZ@6?HI(^va^qQR zuU#j}2Cd(14cc`wmycg(J${#jPWD@V{~fjaUssbiscI|dZmiH9@oUhy%}8Eg)ac%m zTA$IDCeCfvT)TIzPx3=+eNHX#L3UJlpBf7q$snyy@-b+APUW>erD`+pllvI3ACtfx z{T4aMqpa(+&;d4Bu=eT=m0N7PKA$ z_0o!ARkn`|k0D2A=}|p9pl3_;tM%e%V{BcF=}^K8Wnp5D6)V_^y|~;vh6$g%Wta^Y zmJZ+Ie$Xv$0vg132dAHR;-h<9M_l49F186*=l~8G={Z0x0bn)&L_6S16^-GT$MO-` z=easR0p5vPL7xM1__87~h&qFA=mm5{u@zUh3zTb6njB*J|r&`Lqo1C<2cB{%9D`kKAA-ddGDGdjoOr`p!s8#_KDzC(0{3 zW7qEb2%wbJm>Z~M%u)YUL;DitWWZ`mmirs8+!I#DZ9!`w8;sXF-+JJSl1ZX0@eZ53>p!BcUox1Iyj1T;09%8mPM`1fq2)$Cid7cNYIM8 zo}6@ZihV1|KAmJ)Tf0s4*w}3{d)&Z|8W<>E8uZrm5 zdpGDZ39}9D1 zG>;!&2`JN3^i8bP89yo)%Q&#Y_OS(mTtU=b;01#EM@+KaaM?Usft2!Um4i^T0l9Wr z=n`pRS{*k~;({ST&J9BWH3wE5H-J-0NCuL@L_9kkJsd@(nMLCktK^LD4^D>;hls%< z~8QBW744448}M zyhc(5TzwJLBjU{U2Es`qlR;={q1$psQ;kT@IHN}Gfst}sIzAmeUTticZQ=J;4z#RI z9gHVH4e%P6x2uGBBv%+I5uiCKRfweS#g{6$EA7VM3Y+}68^h+;qCm9k7c%#l@$#Fr z$=KMo$%P_Iw(gwHc=-+6k`8^MZL}GsmcBAyeaYY!!KeWFuHbyl@^h<`&KKyjSJm}d z8N^aJF&Fac2upGoKU)#5hK=@jR|!J$v=G3^xD;h1pxSJBfJMb0U@>C`F_By@@bAHz zatLE;qjQ=ahM$o!rW1|(ZI)^IFf2x-6={e)yJB3XH|s3Sen5cF^!ypFaq{H?PW@Nm zTznPJuzJ8KT62wd*9^lK08B*W%s2OzcTsf@YH^;(j{q4jx@>X%WZ?u~4i)>2m`gU`l7Dwq6LlK^%0T&b5AbgYrQ8i$I8Dp~ArRkb=hl0$i(zCvL;qE(!nTnLIfsk)-u96@1}^ zWf3%6J(_2|c{W=*S`w#92f)AdNZ};#ZOOx^3*r|nS4ZxPJQ|TA5xuhC;flLN*>$XJ z+^;{@=v-=8n#v|)mOBIrrtydzGQ%h$_cW5G01iNgROuWcG`Q;>M;EYg6lLq~u4?hL z8sLq5VVus4OfkgIkorQe$o0A4{iHw|_tLU0gS*uD_D_sumox^p_YU~84!dIkfsu7P zile)F*r~ZK`>yi0tZZY)=2ox$OvWBq46}$-o!ERNV~2Qcx3X}fI%bYBVmfVzN=_Oo z%V8_CKH@s*5?zMUw4)p^i*osRb80$)a;u}s(b8~k6JnOLVXMO;2R;iH3sIN~9{`e& z5V^2M>DCGQzi|6FP6!VK0~9`ykGwljfz;q9^Mk=_!dWlFnK*zmiCk1C&T0xRzDIy~ z3|4SYUsgK~YcGPF{LgWJY7gJTQ_NG}8@ZG*G=a2uTJc#Sp2zYKWXFD=5?;pG zkw;Z1=FCZ;NEWyqCjU2 zg(NgDX(H+U{^!m}vLS6hfi=2!?mhRMbIsYF49X?*H?8rgC z%H@)-C6~K@tz4InmsL8=zN0UqZdO z4hH@6KD=+PS^n_3o-(vBS^v!7I>^(wj_Y6SHGJ@^zWZEf6Ev{8{%L_e3z-eq$@@5E zF4wO7`{x`w?BsHJn^7J(A#t6&hrb5>o|pHJ&n0{gqg)>Bmay-0AB0&bRDGg}89-cU zks^`=I369kWkkKGScHv$q&eOVSFrBDd8r1pCS+Jj3**bndamym>Kxxo%Zft>Q9Y~; zCt+FsC2U_tp(Jyxcwm842@wgB#siWFqw}J&jqc`iyyHoDeNJ)7UP-8Ekv5JDE-pB^U zw*;rq2n;8SO6gL*X89q!0D8h%*AvK8h7jZh1lPTh2Qm@F8mJv;3(}H+IE{ol1gw@_ zCh^5UbJD@Onc5O?Is+Cp{&Xap#T)JMmMG$^O(v&LA8m<4ilz3Q5f2N$f=@>;_^O6F zHmFgC2IcSPT3FDp)*{Qr!}VBllp_ke#a=*O>pAw^$!c1t+QY-b6AmAJ`kv4|<6t0a z(|u7V$!JF}n%R>arUeALP`}Mje$masZf15D-Sh6p-3pESwr8LnJPC~)ROzN+<*nGT zrrtUMr}2psi2OJ~b>m1ambdcwA5)3j*XoH8A#pu*GK<%dQ|h0kI$nzSnL18N{j-jZ z!hrofDEuFw+juaqy&{EFI$hfH(&HFjI*Y~U)%H7WF1!&?S;%7<1FUp~HW2r!&k~ST z>$l10+uM9rgIzPFU$e9#gP~ME01# z9;du{rRs6y-3wp#(#`T%2wxjnd|2#9*)_HF{%J;c7jD>5@tXNq67@qON(A>FSwMynp2V zl=`O|Q;G7aXX^cfj26dLTPn5p+SvDvFy`^z{4Mq7+O~?qR`%jo1+t+eq^nLie%Kd8 z$$^DNAxM2rF`aB`+gZ==C^Rm22Q` zgJVNOWAyJwYFp6d3feRp`BTk)d+_MdgY*v|kS-U%AcH0PEK%J&z)~CqhL{Pf#!xk5 zH>oZu*>S#nJD-95>>16A2&r_~wCplKuO;QPk7LO&0i^BKsikj~2-ls57r#m=fo~x9 z6ElyIUgtzIQ!9L(B%+pCuv8lOx~ZY1GpGnx-815!{iJJZs?l2===1K3jHj>$X3$3) zP>&$-Xn|-;QZwc&Q5jeR##_$0UEpFXAO;V2#+E zvM{%Wr7o$C+gY1^$Ub40EcOUuFmi4BA^n8@VZA~hx+G-vE>j8)oXa7-glw12ksOTgxR0f7Eb;_`d+59!5Q^&ilSE&2idF1@7J+vArdi@`E1 zH9?M%o-JO6TlH6$aRQ$|evZ7WcpK2z-oZaqAFY56ga2rtz4aZmifl&sE&qwZ#)leh zhm?gZgFDuM#+X{RF;M=!iB;;H97tkjLtBS)?J-lrM_G5|D6TR_Bo2rE@$CaqP16Z1A$nkwPK^x@Zb37p$^`9ZX$=yaRgcaDLM% ztQg2epv{kZ2guQNbxx*wP$QPQEhPt5vyJzk6-SPm-h0qm)nfGc=^nAESR1Z|lxOl5 zrK&PO!?h1}zbIi0|8I6Ta55iSJr{yCtDUYx{!RV52<~m; z=RUf64vuf9^S4cgNZ}+`ExqH@$j}o-xGhcXIVycx46G zQJwFU&!OX0@FQJ>3=)TL{Txt#Ld+jzERp7g0+ zjQw&f9!Xf5r-kTPghfgg3;f1N&y7Xn79jx&tGR|j_k!aQytO%xALa;JVS3-PB10B{ zdssYQ!+H)Ze;VFI)KPPo;7wMn{B6--Myi&KGhByuw}$(yRA{b)e!B1RZ;|I_b(9TcLn-nS=dxf#SD>FvEXvGw&W6tbkn(L)at+g6KOV^ zz7GjEyAb89x!*dDwG>!vFagqXiacM0K#&&r5?XlWB@*Lu-VOi#!) z9|fl8UkZU21T*3o^?FL``r4OGklL#T!*JbLi~B?Te!~33SQcuSq3iEY$@iyf_ouG8 zpPoPR?&q_U{Q28n5W3|1$);Yf2Yq(YG3vw5Q@wCpwc(F0dO(4GtyUG*Ec{>zKz$?p zc~oD_v$guJJ?{qjIb*fwm1>_i)Sk!B<1uueKko*5)ENCL(XV<$QT=(DdixmW>w7(K zyZpRr?KwbR=Iz{GdmcZJ=h1ooyzTUqD*cMR*YlFA&%?au&qJgiQ?IqJS1!M~_8f}j zq5kZxJ&&Kq^LT_0^=B_VrI~)&-|Knw{`%hI{hj##F@E~6H>{1HyLf$9@Ba_R54}(M z{;S{T>is3Tee}L){I0$vayDQ*cir)1eoyUwPrVar_fz|~Ue$gC zR^a|Sc>7yl5OVVUG(M@HbM%RN@bPNIA2}*;{ZN(1DUBOm?&`Rixw_mQxxD&#>8X{= z#|f3&L*=d?B67J9ZKR>A>bsqnJN=)1U;O^{?@Mm)>iz%G`&zxf{=VRVK!2^?{~x`t zdi_`5*ERQh3o=rT*vT7HJ%=&YIP7-~ArsakSbG9c%A_ z%0nWssftd%vc> zJLURzQ$11NowfSXG4F?+RNrp;RofzHK#4*YcqUHBS~0|1eZG3y2xjo2mfaU& zp{BD>z*};$C399`c7%nnBLgqIF!MUX%ows0l=gi_m3gd+<}< z0BsNX7&3*@RiFnXSIa;4I*h+8m90S~x!jGC9Vzu(OoM^4k^Nm5*0 z+IqYqXw~uCf0}0mA&b~{=V4q*Ib8&*!<9; z_kHOzpWLzIlb`w0`^2HbFTV4gUtkDAuK;%-;?ju2Gl|&$d9dMW6!R*TR-;}38858U zFLP!ZNS-8q!cbDn5E5@XxcvM<@%i7rDSm6IBtg+e`@k3WbCl&4ZhAp*fP)q(E0_~M zrccCs{+Q>m;BD!!4S78a2!NU~nat9R+GDmY08bLB2YqU30XA_AC2D6G6fN9*z&nB0 z!16k%emJ{0Z!9=Bpp79O3Ho?6B(XyqW(w@~)F-_PZMI-h}h9iM>#IT2OK3|rMgb>nH{qER#%kq0Ii=b7MO zMjhfEbSh?Kx_K3JOQxfqS7}x1d5spFhH9h+FqHs?Lo+JJR3PsyA||NF!3YRg9G&DT za?F7||NTKr9f6>JxS;V^@)m|zS$v1Co3aB%&uuSDKn+i;4WG6}LP5)4?D)y9$UtH* zyRIcYIJCJzyztu}?S5iA45C=FfQI;Sv5`H8`B4U2^Ea^mL?WN1C^WBrZQX& zPm%hqtvo}-+yl9jxqEWYlrc$y#xhr!2*JGkj1f8wpFj-Dc7eGoH+6@`EU9j?mN zN|Sp7JR)nWksMuxD`98*yuZQWXz&N}`HyKmk(A5cln(~;O?Fo*;sGz(HD`|Fx&Xi9 zZ{oRJJe^9V4JN63z#M{6v1U`)@oZs`ZB6O8t|(hHPxGW9bL-C(VLGW3r@cZG~e6aw> zs1ughW7WP{+kH0i6V|7#;==|uqq$cjeoXxtH8?CmO{ur|Euuo@PyvhwaEw|7{D4}m z!)Y!Sm2FlB##(+T{s{2Th?NB552o!CFhfAjg-iYc@rZbuu!Ksiyf$8lCf+t$uU*Un>K z2(A27)PYaQ4lBm{tDDX{9(OzgKC@AnkN^`o3bWyv&;y|-LQ?1f0B8$LBP8a%=e>`6 zC2tjBqh4hQDdWdw3W4z`Yl>E*V$@7Dn^RNXH%g__8=hAIib&|Ll75a zW5hItiLp_luy*_bq^=Dt6t8x727{g5)%faP?3go^AWEb}%9$GimJ!=mIk;zMHoJ4r z!OGfSvF=KX&(~7vjt$(}(sC=>J%-6`#TZK=%!u-`Mi7lg^Bw20W>Kz&8!ex&Hhb*s zlx9IA9@a30of#EpFxUOg`KbHp?f5V(p+RpyVE^hSNk-`Db2e>HU@`|#9iuAHRND#jGrP2Gj<%R@A> zfBUPelI7%np!Q-NzlioD^Je9j;yiDESolCSxUTh1%3MJgP&=!Zrz25N(SEJkh?8OO z8N+dOi+g^|%go>v^llF?I>!HlhQpT)lk5_Z34P$Rd)e|!9~YMp*Y!JF4x=nGT_{HP z+D3nEVt9)3UEbZ||1Az}7LQw&&hyL{J{M|jM4LY^ALGTpyfzltMH&m#H!HtXDA%3; zeC>P*`T%uzyj=u?=TqQXFjvvDwC?C6iRR8`r{CfA#=-7wv zukd5f-_UWH;?Tvf;C}BrbWG(_UbIT^{Wm&p#`ph+m+${KIxd2p{b&3*@LM_#q6H&T zkLZFO^)!x4?6UB`rB>AUA$}ZUmsvY~51SKxAHnr){P?5%*n{s!>3Zmh^nC{3Z{Wu# z_;He#U%~fx)Q&H+jr{v*eoW;J@#ml9$6@v?zNh-!$&Z68ABLURj<-m5Ug*zM$CdkF z=hfHjyz;rw%6+i&;yP~UmCr?RZyP`N(baoBxNem0C7rfbUIy1~;OC&H*3KpQbB(x; z?7VV$N!+`UUk81sc8;Dg#Op_PUirH4$^x#VI+L9j=P->Q7PG=nF+L>0Q-v@C0aB@8 z64JC^JMH&J| zQEXQjeaJ@^s^UT6ze+}oA&}4SMf8P5t2<+Uz$}`pAVtQLiavyT6n$@i-I$WwrtI-l z3%NdE9+sS+*vlNzj3WxBFpYQ+g(q4QPGv!B^Tz#hd(MkP!jE|$gsK*z-1|1V;}7JX zxNfy4XjMl~{Fr*;8{eS!y?ted^++2q2K5-f$iG^dL2L>g8~Cvgv@TY5FODsAyz*mQ z|8f4kjep;_a#6Zd(&GELFo63H;QK!Q{f29<@8#EPQ2zho-&gr@2Gh=12Zi5=7~|OSH=z6$;YX~6{Se0(JE+exd|N+fXK_4D*VD1|PyG0#T)yx@rsVgZ z=J#(xcfBfp9b|ejfMYJn>7>`M}B&_@AhZ zPsn9py;cEhhcMrKz}mT|I(an8qGvB?D6h6dGosn6kyLQ&UCjHuE+Gr#9m~@>*LHts z(ejA#NuxMnJdC*8@rSa1k`=S5Mak~I-{zGOcR=Q{7cO+fA&DAF*uw4v&l%A>LoMOV zDbQ1}ZvkMZRC=Xc$AqKZTZS8`4N~HqkZ}k&KpdyCBa!m+Alz%8><%Xf4s`b&if}vv zQ#rNeI!mG>ld4+TTY67=(@ovIhc+c`T5*yC6D<9+LVe@D%wQ?tGhvvS!L9K;xHY2C z{riRU)fRN5CAo;C;mVq*t2uGSTHd3{1Pi%#rY^@IqJ$hnX?V zG~t2jz?lIt)<3N@Piw}M2b7|6W1m5_Va^dK&z4GpV=$hXQ&RXRsrjS|c376Kyn=Mh zH>chtyz?ned<#D!N!}$MnuR|o05okSF&hjq*LV|Y+Xi>MtHfhN$)^n_%^E;@OqFMB z#@XE5+*sAyDBcZIsR#2#bAeA-w|j{qNX#x|*DW>^3&Bzu!!ahx_km0+{Mpw2dH=?mNE%sTFZf)qo2 z!etl^RtAV@3T->?zFNSbSCf61*F8>q_kmVE__Y!zj;=+My?;RDCC$YYzMHo}^h(+eIJdjJi*nrjka2=0@jZ!$5@I5{D2MIt zkstvunz%G=*IGvGjKB1Ki~NMY#Ej;RyQXdA;{A8$>QG{5!}`{-pXoiB;X~cMHxH#S zRgZ0TCiF`q3iVCanjLrBEDqXyJx9o|opUIReR`N*P)gsq~r$%zam4w>sn(XhK>h6Td0hU^)50^BnIUM)@BiNzE{P%7{cy_6%_;1Og7b zz0q6@7ki7h7auPw;XDSZmn+58p!QnF2-fmQfZZElgMrKZz)Q}qu5_R zj@<-(M~gT9Va{OE;OF~9a!vv7_`6OI27a&`psW_l1dEBWhr~31sbi7j@giJNU6)V@ z6;_UosAm`<)|PsY7{Ida9!qbpDW$g{6FU&GX;s=-L)ll^vmqMnob24V2fdwW8#Xsx zzc5L>U!q>q(x_H$k`%5)!KE-7wW;AFRqFPDeoSdL!H7th^zVpG;+;a1aC5b{Eisf3 zlL@9uxDq0i=-7va3?fggw?p%_mNaLFuxegx&NeJoGs!c;2$cH8SY*t?`_9U-Ur9+N zvy$)oB|h_($*u$hw%6rgCUgrm5S!d;`_}B(P}$e@1pBng9g11D@3d#Djmd7SQ4>n# z9liVeA_N^D3fVSvnG)ywpb0X;J6LD@u-e>Tz2RmbyI^NGi!2*H7M=}Do-osbN_gf;fx&J8UHmZO55+J# z?n1*@!xIgn8M3V{YkSnD(Ae%Y>66o%d{XN{>d2hQJPFLY!IT?I^R)zAuauUiu8=_R z79=DL555m#(2%K`TW;h?+tj<|0mf4p(S>ooc!}@SXt=KDTYuM$AKtY4qlep<7w%tN zyuZ+l@F+u^?Yr*WWFAY?)f;_&^4#(#et&-c_u10F&?YG&HTc)aFPHc9-fF^Qoi+n< z>Zv4=DbEPtXVPCtSZ2Lm=CRL7njzaPLx3dG>SRV@Y!tNn)!Z2N)~J=Ng~(XhAa=1< zsgqTJqF5i?x3kYVno3R12cO7|O^;06=uQ~T`W>awwqT@flXz%+X}40P5O04!k+@u1 z`U&dCteoDZB}|Je$Bbl4*w0PaAKqW}PU@H`HXjC{*3(HdOfQp=V$XgSsgAS+Heic4 z`@%j^IKw+Wf;PK?Sv z;V0FPICV)~t4=!YXPb4bsZl94NsaSL$)QyCDWxvZghBqSjedH|@=u)Glk%r6gg8;R zrDM?}OkZN4#FfNjLue@rnyantNVKMLkA+88Ss@74(iN~@BRZ!ZVTS}wn4V=>iriiy zQM7yV-HB*JxOE`mEj2_nR`ceTrWS9m5*pmevHACO2A98Wj#(pZX=fdX-{1_gSbVUz z#o{QX5~YYqsnJSX)edLS8Sr?msrT*5?Hz8+4NU%}-k~*S%blTUSHTxnm zVVf7}zuUY-RmKzCu*2i?$Cq)8M7Lj2!W)t)!Q6#ZVG z90Ca|f`$YVVa8t7GICA5UA5BPID{Z`A+OcubFk?B>N0A8&$p{2P=sfI?Sv6WA)^pv zAnM>-KUK|71Z4OUzb@oLv)QaEF$dEpAOuhW&yYr%BQ7T`H z60#wVaET;Oy~hui_!$Iu!OP1brRcZ@-C7q8xC;IRHn8zw zxIMT`K^@iJ?#-J!OEaOUYQ{@I2wsxh0GtLMI1~w^4StQGAH5ekIIgD&*EAI8QlZMM zAUN{4@HyO&PthGt6CRdASo0icV})&I2Z??l>G~B(kdB)4M;%-S9UJMXZHQn%)6hRvtG@~w-2CH=Lw$#*e!aYJESM|A)0aC>7?AJk{s22#C8 zN5JAy33c@(s(V_(J>{$+?A%kSZcDTeL|fR9K2**Obm&aLE>PLbdUt8GlIbo4HTGRi z#leD0Z7^#9fzVNiH~MvmJ|6PNGGr>N+{2~i3|NVO07_a#J_;*H^Ut9+jLu)q4 zuRjOpqzyijKdXN5J{@~1!cJ>h^dm@6{=GQ6Jw6{7C*v$0_wUEX)H-d(ruI~&w{m;s z@rrb$z*1oOnK^A>M`SDp!-ckm_#<)g&N$l@XM?!Wn_-zbt3Nd7b0d*TJ%njl)9)$udH zHU2I!mHb|`7iw092`5Sb^R@83>X{BdYo7LaT>0r(ERiWGb4HuWl{1>MIb$xFO6v^? z!)Kw`t6YYJP*NHaIh>d_<{U<2&grltY+j`(my{)ZPAf|e{GoIulwrvKtx80fmRzpH z$;3Sgu{SXa1zFiRO9`=}F32>&jmAC$;tqNn30RYMKmz>YVWvFr9ebbbUItiPeY*pZ zAvmiod7Ltvg{eA|HGOS1!&UB~I8_Q35T?j?Rptr-MW?Dct_WFfWyu0AJhBaOBSM;4 zqSb1D^5)iKU0p}pZc1*f_C^hskke?2wP&-4E;qSCmfo}jR6HTaA9mh#_JQ#`-Z**k z`_tp+&z|md2AdmlE?0BL@6R;5T)BqkU~4rJ@u$=NNCe|}Y~^32X4nW}t**|WOEYDP zNsCrQ`!h{;-fj=6<~2`4BTD3Vd+G@gw=i^5T4+iPijpyja8vlV?B7znvGqooA7JHGe#RCjUhKi+Pnf&!U0IeCX+1 z)JxlmcM&V-+s}bWb1VH()q|sQYho<2J-8XZ^tY>CTq7--@clMqH{+LuE-;O&0R_Nw zuk&!1kp@dpXk-Gw&xsQ!_T%4)JMOsS1_-NsJ4Wy0eZmHplslNRBjuj&VKs{lLOJUE z6i)V&j_&S`DQn}7zP=reRy~pdL!J7mDPLQ#cf4r*$)1ssJuI~R-y3%IrPF=88p?zt zWl%1UiNCTe|564^rS)P0ewpJK*Jh!q>em=OMiE=CmBDUi(J1G%1`B*;h9L-mXar;~ zY6C)Ccx3_L$*U>{Wv5yv4i=kyalOsh5j(I$e12K6p$)D)mHr@N{2?RDc}{vf$F0Qb zs0X2}(Euo1l}@LEleu4{XJDNuQ^JqzOh%*%MRD-q%{_^6)1iZh@IT-oQp?}lviwyx zKyAPTT@e2QR;Z=wp;;|UJK2+rCE~GYM2J}7vUcXdbtgJC*yIw<7N__S~2U#aro7F7fU7aEmEl~G9=)wDvPq}Z5#hp=rx z$t=ny*j`f>gL&HcR5B6>&pqU4=ltv>BwnXyuuIQ8knKMJs9C{fX|srCsQea#sn5`_ zXl(EGxq}CttsUKgP^FOTG&fk2CRf%&^SlmCk*|+>l+*hM&e=XpvB^Jb{?iN1AjANal+>RS~c+9IJ;j9qzvqs ztV7S*bwm_=TEkp2MCS7j58JAOtntIkPy_J!c6G|(WLuGh#V~Y`6cLxNY4Yz5JS|v%BK-cK7t4A5Fkm zq&Pr3vJ3R>B9n0z4Uluc1{WIvEgH4+Y86lx^{R791hB2gSFAB-Ux6=!kQK@Oo}Y3P zwjwcR1Fk^E7$I!M?c1lWzrK#F_&}5PXQQJ%RCwepvQRB4|+~=LHH9PW5AyY#nbAZVoX%;WfW}0{=sqad(_R z4$yktk8gjg5mu%v$}6VYmZ;_lRfCeJa)i+_;0jKK69m^zBFT zo%h_oxS=)C8w-XM;ucZW)s*ke?)c+RKG1u^nM?~r|-)Z3d(eBB6b*t1^0yQFmN;G1dY-|7{L(9 z5OoF1Sg9s5pbKe1|Na#IU-~CGTqju*yJ-KB$>m6@UU!5)$<~l!@92}w-Lb*RX4^qS zs5R%xCjwfXmj2FK5;4E}VDhfP@>oIbv>UUV4|lU?mT&3U(dyM0E$Ya&bp237p1pX} z(xlD`ZI;W?T+WILAFVc@LR?~ONuLBLhB(VSqK#D%tUgWF@?V-_h8aqdX=5xCC>-O5R& zsKQP=cQpL*uoxz#jYJXpRW84R#esAT$Q$SbS~d^>M&N|B;zBN~tq*l07~)~qnayNF z8R>15e~J*0Cn82P%hhKFBFIFt)Gv$Z(oi&1;|R zrlyHRVQ#e6NxZYdkzi{a@Ev+Pw^jZ^928Fq5#XnvepUm#*RNH3VD8cHO&>#c-r1Z| z83+gtoBLwpMD#G?`p(w5N(!42lZi(XQerVMKAhW=`*=>uEjrA6EbB}V`}e_)tAtk) zxQ?%2^+eD-?-w#NU%?JUodHXFo+4*zGQ(<{osM-qQmJW9DeN9);s$IS3wzMq>)8&w zla5=j>q{KmJ~+6Y{xJnn0fqv>vfM`1%_EVqMq&y~4-G@}z;;0E2^hMtd*fO}sPG`NHD`F%jnp<`G}hYbC$5&K@`lg~+ysMulEjOt#Mq*8fF#Xm&@>@c1U`xuQ7 z(%!kjnjh8rhg2Ifl5ts#c2oMH@Icx*F>fHJ)-;lQ%lhb{D)05@$(Zf_F%AmOuP~b+B2!ao4S{W*dKLl zZ+1Bih1qR;7ifkp?4{48yVJvmdwUO4cgmk~Uy{xHpJDSRJ^ypn&1yGGyIE2=Yx8Ig z!+L-f?9Cj@h!ONurnMz7&rSNir(27yy{+@D(nRCoMzQfMvZ8gO?qZ97OER{2uZ^9= zeY6VYvHRE_c7E0=o^~!eMU~U#6gAGVk^Ejjel42EhMFgu#pXpoTPl%9if+YNlcQL$ zFJYHLztU`^-?e@P;s7aQHLG=9Pp{icuIc0TP${A*(Mx?-O(d$5Wl&Q(MjE<@)5a-{ zD--s`3{KC1t$lr4=^sY*(p196@n{0r|)9WqF|; z+*#e?acA737D#%Jy4WUhQWO(2o1{tUh$Kn5rW`Zp0QNPlw>hV+3&7kwuYX)Gjv*sM z)MrDp8jYaq4;uV)Rjcg`4Kzf3`IfGfc{mFNvP``x`#PahQ~EH;FIcWHz{uE&n2q>V zkt}ZVSJfj{*vSV!l^;JjvhCoi(`vM_Q5q?YRYKv`A@QrS+h=(R5oGHlQ+BiEx32O5 zt?^fu5qsKpHF;(A-RzaE`NSE{U)ciw%7)@tGP9WA-g7rx%+b+*hs=`8DY6OLrMzxf7H1&@=yV3N@r<=kX@HLW z3f?BRd zboj3H?;kvvEIs(>w$~#K_Cb2*q4FS0IJX@=v+2P zw}i;&$AmEKCBJ}7)WkmZf>3~90*NA9v!rL%e^RIg2|i>KGJ9~O2l3A~JqbTLjO=ZQ zD|ovaCSfXLq2FeEror5hnYNo9c5}wwK=<(iOfbkd*bOc+o4W||mNzGXTzX%Ep8>m7C3z@eJRV^Yn48y3L zp_!Q8zl;k){<#>c!NohO4!IQYDU*pckRWAmus3MeJ%D=~=t0lJE3h?;RhxavXC`640PqYv@ zO5-FAZoG%FkK~0vt)7}mvzZjT&&b-LVk5L6!rH<^VNn@&hLd3_Z3GGpSxq`Mn>Auy z13F`$Mzo!cDiUdvNmx{;^hDY#i8tW)NDe=b5wLRLG zVNilBC+oh5x#7z!>`Jf*|7+)v#cJ9<@jK{DdshJGqET#TG4kT^y;DadWC1I2Pd6G>F)Ko zT~1i*%qFA3s?!_P2mq9vg2C#v3eyIw!yrfot0drWwZotm40jps2j;ihq43{pec1Y0 zt8@x(d9yl<X@||3`!f4*JjBI#|=eD%;Kxd>xdMg{RB>@DcM+rJS;gWi>PAh zz{H)%+`KOPlVM=5ZNik$M>%fNx*WHY73l1<%PxCsPc;1ehh%k49!LTe{GHvEx| zJ4eC;BU{s{t(!J@dv-cI`Ve+2uKWr7Ndc^(w2w{@hVBoMwt%?_N>*JaqqTmx8quCn zdgrxSonf(>JQG}WjUG{+f-Q1E<Y$F0c^ zHv5#)fGCv;qFO>I`jKPoH4EB9a!wUv)G2gSqdJ4nkTZbA!anVg?yPe0Pos0$`&H^Q z0!5wzq!?Q^32+!*zPG-!^g0h)=Lv1Ak+vML+WKOy#2Dz?08$cS=e~DPJd{t?LSqYE zG1K_cC&fd&KmV1T!}y2`unp<$OzB}W?t9&0z#tlvQheU|bRu{(!XgVim{^?gGPT$3 z6*b<`dPf^QmW)Nz!kPf&V&27&-MI`8A&UP|>*trtWL%^LVSPXIWdUv>>pC!cmGjAO zev@}_No%h`7$3YP*9oG;hDcvay>IP`t!kIQ4QSf$KXjV`j&1#>ZW<#N;N%jnxKp^U z+NCjg3>oz4y#2f#G<(dh8ddK{Hj*$sZ$58^pvlZNC|sAtIcx7zNpotQ1ye+~iMA8W zXwFeeeGU}Pws?~WXw&MGrb1`bNZ{bsLbC`$5v8X%)QDi9 zanz4+hu?%Ao)NZG8>Q)FWcs|8Au_=X`?od+S=KdObv%{LoY8zB+UM-^&yASC30*-1 zFX`1&NSu1h_bqfPWVTxL_4gsPGC4a!U3d4av$f$*9%_{q-+#ycK$K0&IoN2wlT| zEX+qkzIheWiMOe$5EnqIgrEymDw1MWPys%jjGa-Q^NpBCyxf#xrua_BqDsqSHMH1e z(A#;KpWgD3!GJf8c58C?Vn^oDH1+5tG9z-tFxaQ%mccL}-f9RmCnCoNS8;T~yFN%Q zyPk<-?#2`vHlndzi=fLJ1>GOmohxr6Cz$M{i`6{~R`w~~=XK&f**s!=F!kw_xC>#K z_&;{Lk$H^lK#aL#%osDql!@R>7&60!X8T#aSqVM=LQ@P8bhCy;pUX4h5!Hw(pF4(U z)GZ?zScFE0z4T?CEq{eeE3{?82wnRHal9T}Nr{gD9+P7Y<(O4UeU8hk6kF`Ob8o9F z(da(U^pUoVJJPwMRNB!Qac3$ZAU^MIOt@P2&RFuhKeV$rvAM^!W5Cz5d2d_S4Slg# z-wj=DdpGy^26ni5Hcu3HerR{THbze(4=XP0t9IQSVG|KHqG6i>wjr_mC6H{liauoQ=5 z4tsbS?@+;jQ#Gw%4h3UoMOXpY%xIWp*f4_Um63igh2B~Qm3@j@`abO}^0B$A{8~qwq_+NM@UFHy(l<2g)7iMj*HUcg zbT-)n4u{WV$~QKcnfsR44(+(G-MwXNpE2JMb@tn=c8_c8#LmF-kLC7DutT&%ek=-q zSq*7@?1+-3luV^aDa6KtScz?deLogVXS|sp3D$dI2#*B=-k3KyAMk?t%!?37ZzeM@ zsvRP7dfCHjhNuiAN3^Mj)M8T2REW_Cgb`cW9N;E(jisqEBMJ+J+?ZFb4~_&ztd0eX zev2$bl6Abdy!4H-+(XnMR!%mCZdu5qOW4!`<*nC5B$g)+iiVh;fbAta78uN;5RYW{ zLOqDPk`mF05<=`OUvEqz(N$8A?w^>M2|7xf!@Z%Z7~hf@t+quc4w z8#^~RvQCSQ{be{b^Ub}5YSu0(RpJ(<7Ksb~Q_Or{;pqEsFQ>O|8*iv=(5Q#C80{om zdbn&kTkSPj>`s@_g*0qItHmGFg4Q7*;-j{K``tE5NORA6>^2*+RFoF$tfWxrJ$**4 z4#*I+tG`6n2pT_R2DFwfOD~~^-hBCGTHs%QnR^e=6G~Z5#D@uzA|WBbJy(|%85W5$ z;{6eMCz>MHH$VEVhS4CqXIUHESv>W*!mjx8C)nSLM-wLow)D=mkM~s;2DkLSKQoSj z!my45Ya4lYUSYP{CpU*lDy=}xnP1-=ogb{68n>0VXko2I=Xi@o(4qxBoN7y7e|L+% z&RYbp*qf_OqK42bMvMNv_OJ_%zU1*whdSJdBb;{j#P{46Zg(yJhMi)6;oQ>HpWBt* z+L^tfsXsg9+sfNR`3g$Bp9bMW)ltA(A}K^^(we3Pr2}{qr?rca5s|?f98T>)IOxnN z`+{9O2I-(t#fjK8!Gd7=z+O@V)uH&@o*)|mys&2oA&_cFVWbX`C9Q7eCt;uFHpf8$ z_09qhl0l26;60J(jSy;NU8F<+D8$QJ3QeAU#S45?3u3drYHn=r4iv__O?e1=OjCZ;^dl4KKXx`l1Hd^-R%{FL67L%@XfS5Yuc~5z| zA>RJ8)iHm7Inzv$X1)+JgQ6%Miif5f(vF6PbORtcQs&0EYUY@C)+@z2DMNQvMbB&hXWKpWK{Z{ zaduJ-z{Abv?e7^{7w;Y~1iRWB&FrhoFIpN~P`ho$NNZ-Gb2X&SQyy(YR|J%yYA?EG z+|l0MO=-yB2-?KHhcTVOe!k1-VW-_B-op4QlARhs)bp9RBa?||D6m9u#*AF{3a6k` z9}X*&h!j_yJ?cE|6eqCFW#i%4LNwz$hXmE=h(Wt(wA9u#bi=w%Knz+1wIe5ycSUzfXWyR*_Gw_gL!nTu$DfrYAHf@Y#~!I{ni zVuL7}M0Q=6ReVhHG0m`^V$9JsI;+R&nKMCxG+8xHrgsJ@_9YQfDHUpkIl{UhkFcLc zSR|oPN7Rb>M8uJZC=%*~NfMsYF+>TTh9l|h(cs5}Vg%C#c`Yn=79Kf}xeJXZ&$%bn z>^?O+rDlhDa-HUMVlg4M!bP88>O}rgBU?1Gh_T5i8jbe6)4E_Mg{?%uC+Jf$KXAh= zesht0iX!y+q{El)Yl5^-P(&0K7FornNNoVeU;R30bjp5tH#bTk3LA;V@&f9_qAE{U zZr$N&j2d^k6iD=!!+UNm@ANJMnKLrk)-+u7B>N^yrdY_K7DrTuJEB>?MXfb?(vd<@ z+ECaT+}@Gh*Q9o*+S5&4X}3Yrn1LecQJVD$8lxDfKY$%DCp=P}Qo7hv2IdR8qmO3U zo-C-~6N(u(LIXs%-y9FeMNPaR+`ytU$)w4gOXQQ$*|-3{qihzLMDhN|VEUfb-ls*B z#ZfG8bB_@a5irs@Y9={YXw8DDbBgaZ6duJb6>na-QUcT|`V!Dh-+@bjIvRd~4jQzi ztgQiL%2CK<5#<;h^3IdO_>J%Wvv{*Dob^OoGCp;qDP8JK9XXMWOn#z0*DbQ%ShBLb-s^;&iJ9OhLE#;PtuD)JR8uOJuxpbf_2jrW_Lh*{!g7ovWIU`kAyx z$&#L#n?PHEP`R&E`;8-2#P=7>1=z=?gE5n_-Z{c-Py-1j8|(;*HjKcaCN&$IP4t=U zb4L;TF$@nJeXqd^mPc=paz{aPM5e|iwwFt9kRceOD!(7A8SjAoQ}#8tlDu%s0yu?n zkXRlyNiTi;Q<05_2ZLSZl*X!w=34{BzN{_0>Ev#OTB#5ZvMbAA4Nxf9)9O=48n?Gc zGzNoWhr*!OIAR5Fsx#wA4OBNo#>Y*i3XqA=2Lagqu3+wFh27PXD#L=-vm8)b$S1<{ zZl7Ok)`S5RtjYO8=K_gyE^3y`B?U&brbUfZGufeOV2P{gucg5usD$i{}yogpaQD79|B;iZ>!?qqizShKK3Z^#>XEUvtJs=!}oxENHctn+pd zMM;Z}N%s-=DYxVvn^Ch(5V;qR!4PS~4)g|1X$p~+%~=RG;RG3SAfIeyrI<6aQzICy z=Cyfh`%tcEYPfE=aIpQrhlZw*)6;QXZ;Ukzjv}`64ohakWcS#K@ecQg#XmL#BRzb zuqsSyHS+a}MF_mLqeN&M~P~_+;(-4}qhj{{2+_d+>eJ{m3I! zh_H#J1ej29|CC5FGVT|FU%>DGne+v$Pn<&sa)kumb zZng6Q=jjmzZ%}0&6ZJLvUR;|8x7ybv;;9+HwJNqB5I|r>5Y26!A^VtU?joijT!$ZK z;bmg1Qkg5S$Yp{{O(QVywQ1{|LMy+<6V@{nLx7S z_5AC4Ju^h*3Qt76OuPf|!}5CWkjn&QBGprf5P_>`s`ClS9A3oHBlB+UM~O9#A`j7S zF%@S&=KUn|ZBg50zODTS~r zR3$*@MXY1Q&qaMEmmjN_FFuFzYj=5ac!HE^8WpuMka`gx5x)Pl2Ii9zAXD&g{ zQ)TeHK%GGBs^?9tKJUxdK2Q6fd)|xSe5*f?$?a3M{?7LGu0HQ82UqWs+ovu6r`q>t z>)RJX`3_G{QYe6U`ftZqByVINR`L@myN>@)uH_)~Ey ze$>GB8rU$v7tab8lm4>@?8gzGQrl85CiLgxaiwjqnYBZFTD0$RG1u4x@GloBoC5YN zvTAd3RkCYAXhO2!FPE@syd>vD*UVb*7qnCW%eWfk36fBm=b*xVo#~$_96iC6=k5VzV+p5{Fb!3MR-PSwq&9wN@H}agP zG0NvW#^`x@j4BW}>n~u|D;mn9k{(3IdQLi58#D6!r!mUszxdo1{tj`MwS6;I0LAdw zsATRR#ez_O6YJKPwdXz0p9j7ZJT95S@<9?#-;So=5PQBwCn{V})$ zZGx>%Ix7)x;2+WYAl#26WqBQ&_Xo^s5HPRJ<%X4aq@+l^fnS%e75*7x80;w0%1Tu` zF==QRlj3{O1QMsPCs97r7a(UBg-=y)zR$!?8(E`}pZ5Dy2&rd0eX03)^ApYDkvK~s zKWXN)g&nalgxPB>7n&vzh3~}xm~-|b(TV8?eY<@(`y}5HC))$va8PQTRTT1*8OB4O zR7VlDOorYv21SXsIP!>amI0nn&j$?`#iuOq5YgnzgnK6oAAmZei0kz^OAtYL5}F*u z1hYW}bR}ivDvga@m913V+!|Ab12?v;%TId$``P;rj9gluq68IuHR5i~%^EQbnR^%@9v9mJ;YI&p&kR^YcEnSQMqA6dvK>?-#<9nm zFCtv2aq%(XB5GnLFhhcWlCe8@$OhL`>Ov01)?)rm!3T}rBM_cf@Hbop5aaV8;#=p0 zbo0)|jFtunr)0n$~?{_&G zqu7_fDvxK@kZI6k54Eh{?*`b<`F;nPhW6!~<^9goSW;WYL<48aMwyhOayu`xu~z2Y zD3h}Sy;0Tr!!{kZW=@_i*P#_x{Z^uR3*0WI62JORjY9}nTmG;SRORN{)f68($m4Vy zgeuEb{W*#hX^d=$h{i}TB5Fp$tTW7x8JQ31uwScMKC zDx*XJ&*2g!6k|C=m*7JvRQLP&R}ueF!wbnHN)G4bkX~B{0!CiV`(B|SO&-(_?IOQE zewSOO5y?Qav>x!#29tD!24#i2IBLox!l+jxd;O(>tUGlT^QF%!fm4UVeGgN-YwIqG zciq)W@vdv3zSU#9y6t-Z8VMLD1_K-@#Q|Rv`O4?`ATSY}usO8A+Hg!`_t-Ob=_9ts zY!_`(w{5HKdYh!T`E7Zdw1@~`LcJ6n0H8i2A%8l&H+u}BzSu9@CW?oPV)3jw91e?` z@Ws~QhCK}*Z;%=m6Jw^m)?-%DYSe8iO_m-hNu@=}$Cc43@MjX}<66usx0TvDC>Rgl z)OJp6ogf3^!65JILMUB42JLFDHqk%Soe!@k4Mo@K6s4WrvDH}E(SdPC5k!L?<~9Y5_y zB4ss!rLQipwzh>Juf{8MC9dOkX_~)cfXc+0u&=fzXbR0i$gAp7z08#**e{=r22)<``CKw>qNX=>vbWutPA11ytWaS8DHBV4g6`X9b0o5zP4rS?Lgnq+D1HYd~FlX zAClL$#->KTwiWr6a-PcnfIbuy_EcL;(+1_V0s{UE1}t;tet(B&1RLO-s2&9U8#0d&h63*> zS=)**Ly;++s!3~$8`}D6bQB_iYM#+AAG9?iROG%#s<%Hp*>_@R(@ndZx~(rro77gL z_U;c&F5EI6-52Z`zirF-qzMugy<1fDEazN>K8bO>QTTFw&-kaR*6q|{BhlnwyQ-E53xINtgr?o>(nVN`1Nz5N6}m;F;h9LFvH=jJxcv z2-_Pu77>Hk{yb{6z0l|B7vZhz?R}{PunYdiFw|hSu)GOC-+Za~lJAX|uyp_>3GWgx z-QFViWO^uN8aAf7{|<3pYv;*GT{Ba2zupz3tP>@u4@ClMiIA3FMbYK@3JK)ke1+$b z5sFAHK(&@TRs>o^8dh0*E%u61tSf*?{#@_P$&I}mqGnqqm29_~q8oZQrf#u@EP+UG zEZ!Tw1fMcY$c{ka51o%(x^(2y;}32!Aik-&Iq!}eHa+;nM>d)Rl~ zKA+p|_kX#&vYp0@Ea!g|^IO&_EN{k+`&#>e(~ShDH_p}xq98v zFJ$kcvBT|M;-$WN-{X#S6gDr(lo}OH#Bf^gd)b~weJ?-f*){p3^F8fpeB8+8KU|&{c46Gy#QU8z2O2lk)w(}XH8$m}$}!1N92Fh;)w(-yjAyfa+#o&Q zh4Pue$+a=QWLp~bJ+}vc`}E#>Z<3Crqpq3JR&P@@y=t00%?5jHVcCK)n#lG@0|A%7xB)f+ z>?z4L1e?UbjVC;|Nr-J6VjOa>$MB~Ra>)c=f(h_5n)|MApQBLG{`Ngvyq1M_?3o z*l_=V{Hqq>1?BhJOT#5GpJm9AF4#Nmqju?{jg3(4LspcSUt&A*?5LeB=pWIGq`!Z` zDLJPTg^y-g7Z_>F?i)|LIG~1eDO`_b?nl;ZDjp1hDR8zz7 zS@6?FJi9!i=TzW$_^z-R=J7&UC(sj6HPJeGgbYfGYS6Vrcm}D4*xw)}O-jmIN^+j` zEeW2Y(f~O;RkpX9uSKzlT1bsYRW^0LZ(B=!-^N5Xnjh^*Y#8LE`QtrpdwMg@M00HY z_WoNR*l5a{baLcIN8M;=b8ptR(V6MY_Kgs2J{V}*+7)VR%v*f7k4(I;FU-VkjA0fs z!HhmV3!kSVJgvNMJixjF?1G;?UrhF?9!V!f-q_uXWFLxYz(N!%&QKO6G)@dm-vc$ONb*(3*&(*DO zkJ}>!f4n*A7h3o08c&pMHZmR2Oe-^?*iiM5U3Xef?&RGnCMc zXa)a_V+=U>S7HnwR}8@@od9ACOCKiy+4y8HzX*M!9wiG-{(y%Kx*2prd@&!2K?aOd zX1`H;%F^x}27z!8RP9cWxb^UsJd(fom^g09Sx>7U>2T_D>|Nkq#AHJOn zm1G`N4z1~&UVFxO&i52Tnmt%Fw(0pWI~tzG#?#wanJ%9#JX*L=kP3};tWG<+ zGn9cGgIl01_}D^$`3h~PMzCXxf)HENTkeHyqVd!TQk1}dps%pOiF%6lHhGm84OoF# zU08OMeoS%jrTa~d4AW>Ox3-;9kkznnji5ueHk3OkO9e(XQAI%7WSa{8&7o+eKa=UN zL;>UcWqo6$lJTB-c*FaK;+|}Cw6WeG@7Eaz*RLNm>h?qaVv{xAluR|ptkzg_D%ljb zzS6nPVThGFQ-^Phv~O%mca&lV$F|PKfoy6h)jvGkkDDxvJrVq5ZX+OG+zEx#b#0Zo zcAHt4b9Wc(=L)H;Zq62kk1R*KY^mwSGmYXv zR4H6gj!}1aOgi2->Me;2)5fhf*;VZm)nis!OTWESzE;Cq)-~n=bqQCxcQ?;Tb|vZp zxkiI-uTJ0H)!D7b9m9_|?Afyc-|VH%T@G`hy+7Bnw>O>c-P@7tZ!ee~yE==Ti>cw% z=8=)jxG55UJ^`$SxR)v6kkSsF4clq&v@RHnYvCtyf}d8f>0;0V(q$5XbX-WxBzs*m zX1l>MVjd1?bu)fFyg1;-FCn$1r^>YCL`%-IBu9<-x{z+b%m5i8u{slEEkk0CR;5{{ zZn)`4n%%QfupzW~6v;P3gS}w{bHKOEe)tog>fgK~#nI85KX~Nm{;e@;OB%6Z;$0>% zqFr`0Mzo#w&FZw!shB0MVznu{lmO0JERc)}vHAF@-DOjovjxqW_v=BptPta}RC%=- z4dO&gm1n8yPVm+om;`G1yV}D^itK`CaMLElIaXz~EPm5Jv|%)~cpYrZZ}_$yJz3ef zBAvyvuI{E2lktr>2V_jr`=wK`iMTJr4ll={LkS*-rbrZy0lb#`jN%XQTJFcN!#Fx9 zzU$~%2R})TKDF@kqF?l4taHLCW!yu_(+}951PRfsq#^MYRPaRbv@;$T^pct_UC_u= z!uh<j8l_0k=+8%jC5y=%a-_X( zz1AU%&ux8e^E+En<;$9gn}S}j(K|IdpUEam);zL-u+A&s?NR))P3U3T=TUa{M~V>; z#SJkw5Mz1*x&z3!XdzXx&K4GIDYl5F78WOoE&TQ}7sk{P)}F*Gnx81MvM-y7luAzm z)b;rUmz%OP-0gFwOT9gK*>gb1d**)SH3w*CY;Bw z42*DfWMlsPDpU{f`vDiqeK3L=1q6Jb!ss6xX8wy&}yE6ufm zK=mZGGPk}`jkGR)supP-Z_?<*-xwOOQaUDD1MJ9B09H~1u(C;O;1O8aCF(8O-xxJ> z(yFf?-gjIL&C=Xf{W6NVsD9bA@XMYgCIH1|i)-NhX}bD0NtzaTfO+zX2q3}VsXidZ zW>p{US@>wxze={i1JpEkZIY~Y@B%4h!~cq}rT2c`^TN0Ad1`F7Jx|W&nh|^y59pHn zqWa-UFoY(sehq)w<|+UH5Z%Z}l(g>gl?(aI4ks zQLh{3EMOgqDZ}RD82+s_JJ#XU02$Y~mi8nOIQ92=OnD#KvBF1GY=yZK$+!#rkQ9F< zfEm2*3D}K(FxpNkgCxubdq|tpim5p{XUj1^Btm9gloIE4X8jw5tOR{7z!{Jp499ty zC^_I7i!WFl4jf7W@LiE*3855FGJ9YV!ajke!n6F|IW^yx)m64=}IITUS6(uA;g@OavX~Kcntb9Mr;`VzS z-6y-*rfyc66)tv_#y%8a2IQ59fp8|=3X4x?_F@D1h^F2RRgsp3P%s$uf+NGcFEm+e|*!&!n5McC3iAam}1v z7e_jSq_fW2nwspkxNX8F*?e<_i@hyPP3=}>Yno(U8e*ZLoz5F4DO^FbWn&_pjtY@T zFi3iue`-RkSXzjZom;9V)i^3#e6mzavcVa2?KNQRcFdk@KP1XCPio#jnc+u_sz;>L zr-(7I!k5YdVPDBHSmlASYb(oxOs;gKUaH?14sWPm>3S^}0@|uE)M|!QU8oxjnge!O zwr7WqEc;xG|GHdnr0T;COE+PiT7@R`=ZBP{&}Z+13g$)koV_dFHPIz?MVjZLb~!Fj zppc3%m%G>-8JC-zwXJl#C#fe}7h>UX5(3TW$iQX;3dFC4w4|_p?LxWEMoW+KGSP>0 zjHA$|dY?KEi|$%8_1%6LNvez!bn!XCBC}LXGn@0IT37ejIwnyMF9AcJs1`o5mW$(i z*x&s29$HhsAspV=z0{*1uret>NL5zYkVZcI9CcJTcTQh_o%d2VRb`wL3bquXorc@d(D`89r# zp?;*subGnEZb@<*yne6WAX%lfl0M0WwQSayRg|qMFv9gS{%|s?afd=0ue;aPYwff2 z88m$o1)g4`04Ld}$akRaZaLKC;}v1cYKB8C?}6kAYmuf}N*%l#gqawUBcSH1iutaJ zOhLF1Uc%A_3JqV(|6EE!txX8Fz=56{@v!5^mjV~4ixF!{_4?B8$t$tMv%TKw0*;-B2|weydTAN{KT3mY%)`u_K$Yhxee zHg6Zky7DDEb-%Rsq)_)f1-> zCF@prNgl%Z7AeDZ@-j}OH%pg!k1wS%+9}G1ex-ir{v}txt%9Z`jmWtTstzP0!dFgG zu^Xa-K`qjST3RlScYU*Oyk*aHU$E?s4~KnWUBnRcd@tA9w-+^2G99BurKL2i&t_i> z2P@mwB+_-Cx|J%ZXf*4iy|Ps^p|$F-{n{Qy*%VZ(aUPGdKO8=pVgIHDA&mPTe}ue) zV;F~e;dx~$P+%r6lT9)+fp?Bh^ZPuq_mLtyTV!_?*@+@6K8zzer58|UC8Uuo_ag_T z{BV{H0fe3lHRv^(&eCY+13cmON;MAut!pYFXIQ?QeGBs$OQ) zp8z-5Ls-fIQ^0zMKZ#P<7CDx$b7xY4b-}f3sXB|nX$-Af{9l3aE#k(lqD~`gH)@TV z#Xr#7s5FbLl_xx#6L)W=>MV?H^DKU;c|(BhI!st6@(V=`d{+y!++zaHv6Co1C|Qj1 zlwKpAw`vVD8ZsPvEi(*@`zp`M;WU15+Fpan2f2g{WZX%I75~5r6g7(nCMFI&{`j_S zY+#&A7r%osvtR$7cvAdNR1dTv!{V61%JRth6$2tWipefA1CqOpI#I7R8j;Ryk&(c(-%!gmOxgL?j`2UzvIQ;c)Uxlz zSZC}4rJW#GJZ5{jpZ#e+JJ-+pg@wL)QUDZ-n^AwweI5uEPEq0skdcqAgD109jZ|*f zVrDl3-2OS3#10>&xvk1hq2x7AIKwYieYL~iMGj8`xFKznv7_=tc}1cn#r15;x8yMM zj31;Lq7unpowS7OV$t@z|L87nT{eO$BT9X)%M!{Xqov>tHxCx%lw9xbsy778220kQ zXh_Fhj%YOI44Vh~dmRC2;h6);#?;_uEpmb;WJfIF47goJYcSQENyDHM+x!Vp9G5gk zPt@(mrlW=-t)Ip)i!uB=U|vPxMrGX>j0{4vxhmKtxVRXHvredEaz0tg3HkZLXcBc? zwD%>(Z1a$R+vB~-D~@_u7dZ&%R(xGu_y52-SjN5n$7J(2${hLPTLK_FBv$f_Ta}c@ z`wRgUr6TW;rXmBJ_Ilm@gHd2e5@@cmzfzo?!|Iqjn0Ji1WRJ+!NW8RSr zA(a$hwvq-g4~>UtcIGZ$9g5j(c6_;R!c-9XiQu=WKT3DTqt!706WsY%M&vf zTGzy;X56WAD46k?{-)4f&bUn8P{KpPRWS<&-)1r=q2S)su$6C#R zZFs~TWMfg*9c5z?mf>NQjFvTPm^e!ns07!e#tS$D=0Z8A%@qR~KYLF9lwO?IGbB6> z>Y1RoljhQW@#AsU9%rUFiwjQ6{GBeg!*vud_fN1f(95V7(0m*Zm=+{@PG9H@i15D2 z35O)_N3lx!Vw1I=!0D@ol6Vogsvwo*`Q~m%v>1pqC}nqDA!&>lbIt9+!^fPFtj8Jm zSxzS!b5Wb46wStEvrV@_XSWzO48$5zVT;)pjC&}?L^Zl5!4C_=KJODAQx1<5*)cS~ zWBM56R_BqL`LtV_a)WK)J_@#F-Sn~Gox%B_1PN9Poall0zyvCEO38SnZ^|fZ&-eGO zJ!SJX&oss4nYcb~i^sssZHhO=1*2^+nOm;aNpf9OJsnyC#Ga;dC@|SyA+|J*mbcOT z6*W5#R7-Xe9l91vBe);Y4ixL8qvv-P>;zkrMR_I5i3xXOQmrGlLw zzG10gCzZ(3QH9HML+nK=kF}~)=lK31#BZ4?f?}PGVau2)SS{9xCvo1nklPMXdEhT8 z;k43aip70?ra{3YgE6L^GRdURb-x~xV3|hLDMyv^xMs>Pph7a%TH0?k7z6~q#lR_4 z5qd{~9QuYVa_NS2y&@+NA{P_}HqwsC;6N3;=GTBMOxoYtkGoeP6lK3#)Q}0s4LUVl zjdKdAmpCZXAVNEx!Mj1A0FaDp{197zXnedTx--tUkmSzdv-{YS%!8tf_#WR{6WrOl z_*2r_85udgpW}3dspBjJm*+gzl!W-{N5qQwE1dLHrTtHo8}nXPFe91L;YE6qUKA{5 z9QSeoP1WOUXY#CGL}Iesp&!wUMLOB(k=|qt*xgf|3~DBfY0vvTZntH|=Joj;MuUCE zY%*yP4Hs;E&KbRqs)XR2Cqt}C#&0IEbWAAfp`X7*>kWDT1YD`oCN)<>bux(CM*YPV z9$*?EKACbP+IES&&0AO z<}|;a16v6=o_nE`sWCLJH0^);(`m~Mo+4TJnUX_wc#(o*zI9iM8^{dRoWOFi%MZ&SEJEs2(1gAVsBLJIdAi@Q<5e3 z?zZM)a9wC!=ifGFx(Ys#xkAC>pX$m5#vyPrYbRR1VYW+8K)OVBr`-mZX{%>@>O*%w zEcr^Ev8HwIdj_`Eou)ls3th{1ur@=8XRS3LmBSaBf@a=vtT0c&<1!juo`5D2_Rj<% zo)^SFt+&@iB|QmnFjCF0YE4f{(N-&F@gAW}Vs!UD)rbb^=uO1oJmL?q zrc$`_0+L-4cDs8PY9}ZI9Y;-N$?CM4%~q$BNn7qSIqq|r@J~S5ugi+f>>Tl*jc&D# z>K8N%0Pm4ij$pnjK)Le5NrRyBI;|Uwp>HXpm|t|On)u_^xv0({%sD=;=B&kR44N7X z`}R$4+_#vJzBBa08xKi|L^#a9DSm`J4ygyWM;hFue^Trg znPNC*zrh4GF8yg#pZSI2Cafn-F`6{xMx>`~b{nKWxzIUofAM8JNsqsRoQceI5DK6W z-K4)M)8CYN9oHZSj7U{oapUE-axhr7NnM>Sq{-fLiljUhGyP4BJ|Z?)r0v#)-xW{U z{Wc_x*ggCmsHmG_#7jIwI%$Sv*I+19DOU;{;YV%QDdYhyPyC?G2RBF^z#M=^%W5q) z$n?QwR^#?$6?+oz$-59=U8&M$wpZ2-Bq-B@q{I8Cceh;o+xJS0uM}~+Ay|ysR|u{D zMxq7wCyL<>ic=hyD-C!iS+2dRY&~&1*aTQ{=SDE67?LvVOoc3xLtj6Bp+Abwe&|$P1d|M5+ zortUytXsw-*Yw_ySc2C^G`ho!53Ufh^DX0RE}T$wCgaCR*f}BW$G0hikI3vSDp!ik zl%E!0?+gWY1VlU7+adziQ^z#(kR8=%8_bC*m)&~4J`q0UbtGr(0(h4ulf~s7v{dWb zENz&o{Q_VB%A?H`N+dQ14rDG0RV%kbqP^UN0lG-*M*^h3Qmy$}M{`TXd6T=`Say93 zyFuYd@u5f8{~b8aR@1JAkqW3Bq~F`OX-7W0X{5)uc$K-v*#@Kj7B1q8vvToQRM4#| zu5k{H&yb%iu}++lVf9v!y@FVwBlx92jU+Nz543V_sy_0X$FWLane?jYnG0ve_X z2o3@_y%DF~;uRboH-u87W{WrKMcFYg%8q%xKGZAISe#CW1eNLy@*M~Y|y;{;pgKf^~IK0>jtSeQ;@-hY!m=11;8h5oB2xiTGAY8Iq zTFl0^Twc`rxo#Tao3`px9Itd$fR~Yo8tGqwq*Il}!fYVyQcL+)QD)!jEx2!SWZiGM zbI#-LqIcVeBVDmW@$SgoEbmA=KITk`@$6V8GnQ3Mw&X*$$+XQV40??NA2 z;k*8f`>ti?{_;$Q;RN8K#)y5tqdblDH=U0)lr)ZFy(#M`79{*|n!S#q&Fr-c9t%QU z`jW{zDGP8I^~vy5)@1f(y{1{S*KPLxf%kJ>aoT&vD{l9) zcJD9>89}Ai-qhHnAZPV-lP1>0;xQpA6|2@uV?4DGEZT*SWW8;8aZthO>oCQF4y3f?Uf^~Z8ug1M($a&LaeQ!ea&qD#59Paskbm5uou@Kw*ru^PVHUrn(mh{>qs2LAK*nGUa7>4U ze__&bTml;yq>)t+Vx>OVveF3AKJW52m-E)epRjwag~rxEalAdA89dnCJ_-H7E#=KS zlImZW_{vS!6P&%s7YpX zcm>7f9nr(+$q9%JT{gWA#eA(@fG)@6tDF+^=9RZ!g^z>%31Kjts<0(v_QkN05~=*OAnCNH zAHa?SFJ(ZxP5TKgH20*(p==^(AmmZ5T%mkHJH8RN47@ZM^j`_QnfLmMahtN7^Egh2}D@ z%YLNT9Vt(jd}l{)19(c-oDc zVuSvZgoHTGc1lU`{(NXp@3T)pp$$gUWhH8Lj(BW_2SDDI6x^2#hA;%h6_;NboDekPBHZVrhb@ZanIgkQSBPp|STkB8WuAyg`3q0^rTuxa${ zM}vVMzzxP6;xQnZ}AhquWkoeaJaktwX%a&4wHmwzoj}%|Ghd)&mFA4 z^*6_fnLd`C#Zdi5A3me3e;B%2)1fnH2AQU3g6D$b9YJ)!nZUV#WD0}=B6#xC)I~;A z9QVikaJTObu}1^!LxGP5#9L80JrMfDavx>h+ed*~_k04KyQ*u@Gw7IC-`gu!u(Gk) zaCD9xSn7=uidp`bU4dEZMK|!S!0q}qx7Po*u4tLfF7-nXpGy&8PH}%a#6B8g4}tZM zT+?tQ;E$Z5D7MJK+MGTZL;+H#IphxnpNOzqA|H-?JR(g-*hT=gjp)J%pXP7y zF}!l+B~aP0?gHfsHU>X(#sl`+?G^t^0Xu$h%k_6Q4f_WIty|vHxNDL9`y(Iv&E|cx ze(l=&1K4Ym;uzbGH5mb;^iCzFw_6<}u}BD7YTd%kf`-ali2^o`2?QmQaM3O+MNHb* z>4Y29i6>28G+j1HrWW@Au*heEF9g30kqfQOYVFjHLK0qpq+z*YzcTsONZE|u0bEN-lX8zn3O804*zEu$wnoxhkcNJggwSIf**`VNRojrt4ODz(o=pl zcqRBM!YbID`FVk&hO{TM;CatyrCTX+kqNz08*7)ofj@%nZbAZx1}1@MLIpmC4Nk8^ z!FZ95s?!>wjLn|N543{?@Bo$)jwYI{IEa9@eEmZ-Fw!>;&^XXpyZqj*O4x*R4jm80 zG(i!y-~>DXPvZ2v_F=V8=^)|nTM53}{3_lRJ?Y}Z-^+(v`lLF#SjX2F#UHZ|;+oa7 z?W7W#k=RWVQrOrGqIW#k)q?jH9uP#FT$hz3rg6Z<^mIJvEf%~5!&w)Oc#RrK5l%DF zj>c8q;@xF`mDfwfoW+jS94I&ArbMZ&G*b!P!(~xxR~#8D_oWB02gR%V(l4v~lJpJi zK%ZNAcF_IbXvbkC@M-Cf!H#5hCd%7|BZBCnD|Q7$oW!VNiTf74UXlb6OG_lm;Jl;kjPyQ=g5a6OpM%R8~v@@2qXwg|37Rb89tL*s*U0UgO)D- zv$~V~_`U7BSerf@fX~_qh#=eM2M1PCpq~C zI3$=?%{S zc|DI)`;l_x^3Ee#fD|7Q^otBI&GS;7DKM^|}q6aVBnHY^-zr5SRpi zEFRjn?ayHjOYt@EUDSSOS1AWmq#R{ESoEZ7MmecL8FEF)z0#|kRqQjw{oM+zFV9+^ z7ozAlsP6-m{>8Hf)bJrm?=OQYjv92oP+ZirB#IIYg85-frP4*{xbQMQxaEv*di)jo z!_YMBrgsz%Kso<3SN+kFrizySTuX1}KwoPw6#O&y2cHOv!JuHL*IS8AW_QV?2;(|M zf-oc^M1wG-KM zy(I0Yk4UeOh#{O9)fIsg(oaGRsrC;@YB03`6M>V1hj>hYAzAB`Qr}r#8q}J={&M)7 zAahdURUtHq&5qu+y|H&9;^;?Yos!7*rcDCt!wQY!kr8--Sw`7wrD(SPO_{;W6@$k@x)X z81cA7Yl!C~3-?_AYm7Y@&N$R`exCGfM=GtRx`6n5$av4s@%O;d0~^3{{pZrZV@<`t zrMgL3m#sy8eA5VnI4N=Ts(Rj~T*4 z0xvm&$PXa}6h#E%jPwX9)s+GiQe7wf$YPWjfmk~V+JdAEVbpc360fmsGsLr{Dq1S> zPc;9P#vHa5)^6=E4Q&X7ZS1VG;AAbujVFhS2aD`fv|~eqBjP5uMIU3!KnuK2L1yQL~^vpnxNII2DIecK+Ir;*pNVf~%J)v}fMaoMt2a@Kn zU*?+v@H(_iEn7r(4x)clC>y#Wu4>vV-x#7y+=n(j_E@z|i(fxv;UcIDttO%Jtxv40Zf$$peFq1&s@vUjOZ!>N>)#$5#wPdQu*uct zJM^n4Kf9s2w=L;cEh+|(C~&3-RT+rt`cSn?#P9LfzgN2iSptl$&@ORb|4*@Bx)*!r zKho=^PYYAky;GlW^v5TdpDRaVo~XH~N6@Dxc&{OO$_OUPlYD<&6~Zwa4*fmil-E8Z9=x!<6nsr;@7e6GwQYAg0A9Pv_eR+2zqf!b6&@0w7s16iCqjI4cnR#9n8V5 zE`AHbG~2E{fj_`}N8Y&j7r1MKJ+cWIJ5yHUly`^cD6+ZjQwEJem=djCgD4ujR!zWf zk}&K0Ed9P2Loc{WIREgU7IrPTMv(=IcyqxV80?M;K~!ijXj)j_3CH{PjaJ$NTE-T3 z?pu6I();T2Z0+;R-1V_fpWkuqGmAfaUOe1)c7Co~L_U*xo>2}L+6ub>{SFe4bUUuM ziJ6thpRQx)p|qY(PX(fG*oF%(W_6+dQNZnX2VM`b(}4#9PX?sh;hCqcX=}z}$+#=0 zd6ni|uFhoAWwYkGTy9FJcMJ6>53bW5KJ6`-pK%h_w!wwThAwQc6aD#g97xqhKApjNEO2 zq_+`P%~1Xfm>$3NmpHsf@-27ERJOwZ#^lQ{W5*N_!@OGp?-sG(+XzObKS8Mr4ervP zaK7%=T^L;pDcR+fwP>2XAa_ znB2KOviKYukF4K0+0c07!CmO12arnxZ@DdQN@YJiC{5m`mIa@r3eHzov&_|^b^PxrJ%>+T znzCB`jsx+@6E~MP90>Of4fl0o54d){b>U<8HD4QtsM59rM{n4dsqPPRe9z{4JofBA zuI|}_FUB``QVxNWQGM;Ld@sTIf%ytshv$`hu=6$NW#*Vdt{L`3!Q`G&se~7OMw=;S z5@iz#sd;7`z4w_uX%dGJXq++9VGpe^+S{Sog!#ke8dQ!L?REHHvu0@D?T4bV-MY$Z zIV2wLIB~=N`X%FJ+tmlqy2Es>{n+PFhYb5(tG- zW$E+aE8u#v{4v=S>h-nr&*x_+K0ht|t#bOD2%X1p02P3uF;^^%s9@N|wYS_JpWo%* z1w$ehn~F2HkWR$GWMU67b_1JY_b{o24X|xY%Hd#Ukd8nUGoF1Q%Wlmw3K)vEY%D99 zj7Aky^k?F|yVwFlNu^kCpx58)B02~aj)HU6!1vzC>hK^94qx_aU_Z>lz{k8>9b=r;Uq>I4%@IT~Ey*-xFj&m`DJ^UcoH|UN(e#P@SjPIJai*ON zY&7r|Gjs&gL5y$l$j*J&eoltRRyuFF=|OX-3!j(3`v-*eN}YMiXth}bQ@)rLWgwW< zXZ3}GHti|WixFj~pME$kC_~g|;)fkR38&jtj&czTsm3w@SYM@3pxzoSZ6JF@ET}wY z%k(t5a_O+)&>`2R`t=9f-3Qs#Vo$*>A;*>-xHis2tufU*+4-01{FZ)?xBUs_PUDm; zTg>--d#`nI2^VL54e!16`QWy=pNawk1L zZF!PE(g_wjUO>OTYV;{$$>^Wb?Y5t=i!mKjC9dr{S=QO5WCBag1x5vyhJhxe zrEEsXvT*E_R+~umC3=Is=2PC4{u--wUiG4JLmC!U&(qsXRsdB(;9gsWx1t>#%Dz+e z$C61Od1ptf9@`=AlAbtp=sxMn1_%Q}p^lDvHhJ9e0ivN7~cCc6Ro)ZS78I7GGnH+C~7!Eg8ZtGX#*uv0sO(9Ky%@z(krl^gYa+v96Ev2oH)rK z$EP`PW~MeNVAW|aG&T~nZ2;>a)>v*7VH9(ijBXVK>^Bsry*BCs8{rlg%Y;=p2&CYs z9p091QN5SoI`kc0Xe31l<4}e^Gs7u*nNusq6DBoAvL<(oP6Q;T0v$MJt~I|^YQ_^l zKFNrtBG|-Asxg|?a_Hm1Q*xv>ekW~KO4 zf;u;0agNv$v4kim8b|QzkUZn_+2VbkKJzK#DdCh2y>XSunzSB~Ova}YsCH!-y_j(1 z<-sPrcDbqXz@(}X?#%E{2MmPKw9O(U#m;Cxa)=wi6lt+IA?>OMYc!V-*qAJ^dspC9ivkRy?V+aO;WG9nxfIj*;-GICd`?E=nq@YviEVfrhpT zhm|$j7A9wltn8i3)wP3dX`FksncdaA&@6hJnFVdW&|#0xrY^QeLkqcbY~E&zr*jj6 zb|Dp4CA&Cnii4qKosrK#TMiHbBK7W{StfRG)D9b4>wX*?y?|#z^GG?!v}3nQXjN$@K0Tf|ZO!y+kmOaLa>w zXVm8p+rVb}gT)t-p7|@V`V*bSY@5y2-CACk1^5D4O8j^Tff9}@Y4vPYx~LQ8HKQWs z$}HnbM4U{phyHnz^|7xm4&e{DEpe+zcL`U5BC}!EWYW*t^}b=>PRMpSXLU?xnFaHU z*>yG>?1_Ni7GT!(vf!IHj~UlH=5<7h;^i4FLC3hy^1aYM@x888Al4U#om#~ zA@PK5AKJC}!CmYRKF4HdBCx*k==<;NTO7FZ;DcA#E#(7~yP+&b>q6BOrFAiaC)AqS zS8?6-%%GghrPH&is5=#XCdH1W?u2k#pjcne)6E2}-EJxtijKks6MF;>q1`^KHM+G% zyS7Ekp475WARb&OIL`T>0?otanvDkB;K3k=>6s{d95PAy@7!}BFs2?qiMzvZ;el$Ir8V!v3$DCu1G1HiFjH+ZWebulfzW2NVi|>t>1u_im z954dmAISiO8fjFh2ptJ{iJn=>C!@cx17MP0oY&UiB|nkR<~h`a%^clYg_F?JOFI@P zO@ew3FG&0wH^hPiQDtq1=eVc6yF0Ku(B0kcIfi+V?> zjtq=$NGC=Ix?R8iwX1tzG?89EIuHr3>*)^G-!k%#|2T3B#UrR5)X&(TaXq7tKMw-s z4-^Mz{#vWY3YW}dVjd%dV#5!B#tKn`Pq+qdAdZ*HnvXs*dFsx&-o-^;cES9{~m6h*UDZ6V^d(IQk6ooFjZ zW+dW1RlP+OG=lX=v^T&;Z`7l5o82F=G_>AztY@#wZr|F~(-+9rxpr=I<`Q04yySBh z^KrdHPL>))k2Bqt_GP0Ujdi$fY{YHYr1Ru*;gnN1rnN`>u8`B9GZ-~B(M7&iQL|JQ z9K!D@9gjIKI>Z^rStOr3BykonKO*DoqU!+{12e)jYrN=uLSi44*dFL`=$PUEOy z47961Q$o(s(`I(ae4AO^VrDJo0m!S!V_=5VW*&E>arpCWIoi=N?dYfjqR>oyT+A18 z^8h-+;Q$yZYWGA(M*93)_XPWfhoSm^?HBC#vq#^56F|MikCcubnM`6GVz0sV|43}3 zI$DBG`t;4}`lRQ9zX1F8@cBTP4b<7Nt87$q9jFc>3UhG^Oqjg0Hg^ms{KY^Gv+;Yz ze5eCyf~`Z6-KKdXSM>NDkPVF`u9{;u5?p0qHd;xxnoNmCrDSR9bl9xeR`yJ?uO`OF zM=`xh5zR(pTQ0d{a(@wR`YOLZ;5OnTxW2UTS!KN7=yZ%aq!9cOyD1n7mcWP!`euc! z9g+gxc+8?PW({qIAp>L`7;63k4U%$B=R#s8GMaH0~|xwAbr_rly-}<(X8Jd-_g;rBfdj#Hp=2Y$!N3}3u)s< zQ>IX4vp2l7bM1Ze_pE7oZhHE;mNoax-?w(>OE<)J?%CoGY}vb$_X(XNze1mwgl;8i zV6#<7?IN6PCh2Fj7tQiK&SB%I4lPj=F}YF2=T>!QH8mzcY^Q*Nr-A}DznXk!690er zLs5R?4Rs%fCY4D0ICP_`XV*{hnH&$pMd?Rffat zr;|ULWPeyY&FKB9-d<32;r+KRog4q1f8G%PJUc%01^#&rN)YNzAdJr1LEWi}3ChwK z)6LV~eeE*F1y0AClh@vy``|3u#B|cNtl)~H>peY4=q#4)n z3g(9qEZnm2DW%+W=@I*Rq?66rp{0=Vn9APtY*MH7`|L2*9u}U)yqT+(B)-&W;yy$L ze$&HL$GZ*up?Uv&`QfrS4VAYsPeIqIdsHXs=94p-vzbRTQf4%j-sBsnL}{#b%0X9E zlwi13HQ26#%ys#0@a$joU#s4}1@rEQD(2(ECZJsh!?r;r&tElh+gsZ`q>hQj_F$xC zxKJ2wiLem;q(^(Yk8f&d*mS&mPuB^$bE1oB>ITXI#%^c9^1wf_KzX39G*Aw*YajUv zOZOjIx9(7Xnq9SDTYjMS9gPRharE6@K0XuIZxvhl93<>)7TDP=$IfW>(ZmzvdCi!( zo(!Acf}N3p!2y&C`w8rdsmXty-0=2;*uMtZ*YNh3ZxoSy3GeR{wkZ{W7(p&?^@y99 z^`=>yA!a~f)r&aXnK0|U=+|o&%x4{s(*A7pjT*;feyC&lQldXidp_&0U9QPeOuAHk zu6Cr@(h00WXdhkElC8KWC*@!w?I;abBBK0gcUji{{Ms+RC8F-GvpCrDn7S6kf8lL^ zPMI>!a_nrDV`m_ETFiVqv00c)#E+4m5QG*3diHIL#%6g2cO;`=p~|`nfU(ytx-NR8 zf@)6!R(stdqYM*3G!<3jm>RuOec~MpK8^M+d*9%QG_RjGu~F@)VbsL;D-NcW2uM@m zG{g(`Pu{)^rty0!hDGQV{hNS7%H>J5=c)Iv(Q!d-ynd^Mpd9SY14_4f7I@mMtee${ zv&(qe*BtB_2NN3|2OWf~X<`lt5i=8Am2J$j-hc~ZRpW{fHCX0|Ui@}Mt#&ntaJH&f zG_-5^nidD&eh|k1Vyo{$OG6gCU??3{*6GdcEI6-oPg|MJ>a}LA=d2p*rGiFE&MJb} z?u~mT@9FAUo!1x^k|>dr@-3h&slcm}f=j_O1o#xe4ibEOGDxHX?oz=paUt)g8faJD zD3~OwJwlKLR^7QX|0suINn2@sXEMHKYo+;M!%N)*?o>lC)almwBQfke-$ZVe=qmKq zm-~t?lc}wt5=i?@lJ?8wK5(DtUGXWj$&OsdoN%i$st>RQ1de8PA#dnh=&6t<6iQ`g z)fBbd#ez^^F3Aa>DDUzvpsr_3*aSur1y*%}kj{>#$Iw!^M-J+Fw2ZscwN-!=S8i9( z!XOm__|d!}RWl1&z(l5~Ar09aWSuL_7OJ>)zEIe-w$GEQ`@2a;Z?rJhk%)I~X(}JA z7k9whWYzYljbr+6YUJf6!`i^uO`z5#oga3@*e8@mU6`Fklxyx>^r@&Ai!vQ5p+_$u z50AM`u35*$tUIt^l4Yk^Sa75^JFAT$|5jbk)s~R+i)Lh24T~OUn#zx;4jc2V8kIkt ze9x%$t{Rj!c5U^b@%4~|-TVUV=Cp87>2f;d-OwYMBWq;0LvqZW5QzC9TtG+#?tZNv za3<(mh`Z*UPHiYYLA8LXWFd_Sr|3QpD^p=IvVS@63A1nodp9bw7h=jm zrDF#K4x*X7d-G=98{aW(7%!}IxQ&Ti(cN=ENiZF0;5ZGNw6b2aeSExslSLlaLbISa z1~nX7OB28=eu4G`5r4W%$?XoE2t69QfY}Bm()a~=mq;`mD97JL$);(pR1zJWD{I#4g%G}D#LLH zARAjUPBr+O%kvG#8aGJT3ZdgazFk*XH_=epsif1&&PwCfbvey#m~lVe(A&F#zF8B1 zKfu~Y)~>s8B$w*h(+(46@z>SDQEFRb*wEfUTfT{GPB39_CBfq0*cwp6F|c)e@8w$Z$|0^lfz+eXe>AuiO&bT6Z$coDsoX>Wv~k? zXes36VT>Sl%kc;`DKbOIlxiHR$2QTh9jUb_5re%1XHhp}Ia}Bg@AmCC#}i3gIPEng zx;B;j_Qm#@Dv8dakldBqgt$LzKWhSCccygt09kY2Brb#5bF)3r3PASiLQf`CL*{|43d7 z0D7&kT~$_yk}AnP28hl@1{%alLOIamD&-PJw_|N_e1qXTZ|F8}b`>&FgT=nRv-f}! zW4g}6V@0iO)Q-!RP5tBJ+ci3ac9X$b7`>6^NFICK!`uc(^c#=+(88}mJJyR~!{h7! zf(8df%pqpRJ)LmRi(K!Ovms$Ih$7gKVvP;S>!1x*|9%7BiMWvOO1=CHXcul*hB`{D z09Z~ln@r8NIonvWE!oy!p3?=qJn=;nxYSv1YhVo>5)J{kJDQwtAN^zlJK8YaaHc_O zz&Tf+AWcaw;XurR+VMaNGn_p@0UaK>Q^_Z*4m>a58 z{BL@)yWevRDk~2`_RMc_a@BqKU5V`IAhJUCDD8TQ`J%Jl`+=`moVhuj)~n5G&uO31 zYGv)EdY66Hd9ltm@9~5d1Ob+=Yt#<4QSOGrr$GAwmvaXU9e^o>C+O&>gMP)SzU=m4 z5%F>a{GcJfLOii_v>&J^k8q!(*S@MB*oNhk{mPF-`8(giVZVOW`OoJLtP$E*fHR2v zG1iZ0qV>aZ2c2*~xe=IS^gLjJ8cref-=#jU`f5MIenq|-@C$MaRlAh^1pQ?aI+Qs1 z9Xi9Z|0~bxE}BiF`cY9kCeM@Sd$s446$}mPAo5CKWfGWzf9xlp+x2;P9}g}&AEX!X zA7TJ|Vjc{FE6V-Z9P$-d(Zxc5dtB_XMz+&Ug)&;)ER)9GlYG44QiFJ+f$g-h2AjRk z{uID}1UQoRx@?_&HkoxNv-V`N&Uga*;v6B8WhAHxm%3uJ$02KYl&V!!!+DoFr;}%r z=aN!;ayWS`DJAQ)f$+TFvvH_xN87nJsjXJ^7^4bU5(gn4=Sd*m&=cYYgqqq~qr!o6 z#iVOA}cSyL{f$S2OOYLQmx1b6T2UAuQp)K`SjTR*w6 zcRZqvjn+4I89Z@+13>?Sv4&P(?|Mh7BR4Y6Smp3|Lt%KbQopIM)#dIk4URL-CKSy< zJO-SqKvVB-rD>=sW{gdZC6%V=aqJUz@H4+8{sZR>->wWWuQxqqcY{>xcl+HX=kDkU z(1xe)l$j3dI+sc+wWui0kSu>Hg+wNYFylJyd%!39JOi1)DLYXOXoI~%A_Y9R9gBmM zs8qX)5MJ6TURTvXSjwaB3_7mS#?Ks}BvLhgfXqn}U}8Ugb;sz`MDfXoxZu*W&mMa9 z=G<^wJkqwQc?;rAX|eACf9uvYx7Acpl%>!15Hm}_BZ zJl>~lm-Ko$Kg&Q2iD}D7!wqVK;j?iTpVc`bU+p~Se9EbHUMkzlv9f3j#~|3;AX^sl zLdKqn17XN$3Xz4NZ*xd@A6O4I4U>^!uAa0cXkE*RR{epO$qZBH47HvJ)g*@E!U@Y2 z4p-V{v_Y~}R<`{Nj@S1X(hXx+FHsfc<+SsvX)_&agh)*m)uxt8GK)wP2wnRCd{4Qn_Ux4)6W-?d!oh7Ct zUQ#=@RZpZrgr|boB)3r1^T!AB4!M(bn76fC*-{@n;Q&^=sB`(3=xZcg%$QJ?mvlCPcqv z8uAKqBR8(AR+PQn=CTEBgPV4Y8_j(V^U%bOaSKH55T3)?g0v9vy7&Ul;!h|$@&V@a z%zMOkCp&IsVaen3IDJzFliOhO8RngA+R28U%;R*JJ!a>W!|ZmLoeqsO3*gx_MIOA( z5p#&LBjo5c_nDv?tUo1Dz@O`m(3u3p;k$%cLd8t@i+Sym(gpz~{25hWgJh;~fa8n7 zXMm6@%@&EM$Q7^C=UOL;4<c>B}lK)P9cA>bUcTC$DT zu8u!?{%f~Uko+Ahe)0jq-H9^1IJMXejXd!D+69D8GgzD#h7pr51 zpa|OarYcb;6JyX1JY8*PB9#?6_Zn>@H%ZTPyI5vh(}~=T=0qmzIBM|3icxpLV|OOP zLDNml{7}=a??0Mnl~5^Wm-Qotc!c)W9oPHC?@RXrBdKQzI<;JpN4N^eCnDQQXY^lqA3M9e08 zh=Lc6iWmM9LTu2218Vy5pfZwg#R%H~wylz4sma~aORvwZ! zE%S>%lNuZ84Hk{@T%C7`YApUj>2$^O`M9f7p|P5{zDL|I{s=joC9vI(+UnU^Bgs%o zg?u8J^s>hy7bD_KP5fX4YBWwbx+vXM{R76 z?IvvJkL%qeVPS0-P-_6lYUw<8d!_PI9+f0AbiK)yM3JRZIFgk!N5Ffx1|F!2>3VNzmShtckd(5eh3N$?w@LO^9&8 zu~%`2>20(U1Bw3#_#xH&8W0M!utX6pNa|3Nmhp!w{NPAwS9zD#v3-v`LN4QYXA+5t zP2~giV<^T^LsAF55OTjVIM{ngqjTnZ>dU=(fWz#;&x+drM!;~X5=eRJI1-454&J!n z#5w(lvX7K!qeD><`n9ql7?MK~oj#-w>!;+9Tb4tOG7HO|`1G)}Q#vL=z{uj6vYpR_ z!flc1$hioLAbDpDZMt(hQD@f6VekndxoPe5xK7!tXA?P*&Q2!;y}@+AAX60&KFtZ& zB9}wmP9V5RI*8aph?a_ziC8qqN4GMV$0z{^zY;KP7i))f0`d$l#r@qqu<%$!DAye?ic>bFZsx0}cwv351(TViIu zNAQ>-V)8lR3(Aoro;y6^W5~4kc&%Q)+2XVKyvTa>&iX8FpT!G;b>ytT_6P_<;JiBT zWRE)8E+;FXd7~)Md8wd_%*HO}b<#pSH4z=RS=b`zsxj3+aa^P`us+>s9l3SRfRIuL`$_RsG1%6i7yaDUscnFJ-=rhB@|Fj z!R6>)yEf=Q)Y8Tl!vIRmSZ#ju1eD7Yi1XnMdY7xr?W<-TOT? zk4@z&eM?jLU4V`Vv^5WHOTtVf(JEY>D3b%dC~~a)+=WJR(R1{PBfC#6J~8F|-c%BVbjWil$Qj z2r@qdeg3|7Gt0taoY5lJfEsmoXrF-{V^26MNsEbI^v%V zUQGGi_d$HxADItv!j<(tndB3f8ux!ldlLY=sw!Rh>~ros&+~li-WqPr^IWIK)R3Vn zb0C!oNCJW(lxEOKr4yhkpn?Mg+HRp6WQxkHrd!)I4LCH3y!Q}o8>0PV({?|j=u^bj zRK0KQbM8=;K->STr0U#z&faHFYwx|*+G~AlY1^o2m`%!3qN;QWIZ^d*1qmn(V~Lq- z!>yCe=Acn)a`p`mPxxBB(`?tmA4nEu^6^8h)5GNq{6Hg?hk0n^5+6>QNQP8xo7DJpc6b;^7 zwKwOf4x5+;Y~##P!cFiXi~~pnL5*gPx*veK_mg4tCkHfZZtAb;PiVF7>i%qhrawFo z8t@Fb2MmX;1ExXpIs$#*mwuKQtdSZBCTr+L5K)QU8V_NQkO0fA*Df($yPW0PH2Cy_ z;TpyV)+~hWhxxd~9a3@O$vaF+yTT*mDGW;d*xfE6xm3vosbLoA_= zwa8z+zu}1nu`-*T<-_?zhV985gnwzcx~@(&FvOTv=c?T~7_SAaqt-*#d#xIm)u450 zt+NI#w$Bnv!(7gNPv~KwDR{lJ${2Sg*b@o%IgD?WY4(2e6W|>Lgzp-qb3cQ(vdUZO zscLutIGcP>t7hHmVAj`-<;G|*tH!cpnK3#(@{GHop0vU&Q!zfg>|k>1!|CZ4O2(1w z4|9k{`yMukBwVQ;u-JMoH+s&G4STzNTzXwN+t>w&Ho+%eK<*eWW z`?;D^H6mg|e6)sbt+^fuQ#GnrY*S-Z`DDLkJSAJMf5~eZv2jPzJ6# z0Cm#t_<^_>KefSP9kvg}heX5BdN{(aUF%vg%!bF0^Z}EiwY+=t5F0A%BS+Xd>q)D) z+j_t%QrO^4P}q_>NYMd7^qPL711DI-ERyv#XNpz#SIk08#S4(DRP`dlDHcU8lJfDR zpp3n*OROFThwl+t5gL;})mb*)F?IP+ixz!$u(jMAHD_wu;~TaoJ66@apAT*QXk%1+ zxzLN|sLkwfB3hWkW-9Tmtw#JzvNxR){zD$kRJK%#o=PTGvX%-AEBiu_H3nHa$UYl* z2ws+f<0ORb3W$RN))HXuKso@78s>Fp+%0ZNatZUuc0mV+WMX^&|w{lgTy*6Ge8fw>?y5}G0WSyNtUE_Q%h8?4#){&c9xnh1* z!CbZJ4Rt_C7+5l(6t9@9R-r8BV_7nS{A1yddx|BMND%a!+HWWXSMf%K&n1g&<)8}fL) zp-^-tlCYahGhPS2IvfdZGf)O|(e*%WH))N!8N;LT$e^R&>($xe25129ryB?zCWmKb zA*4MG{{3KmE;hm#u4y`lm@5U7Yph`ard18Fxz8y-*PxjNXCerlsv3j#DT(h>>|$*7 zrY%)Fcc#~`9SeRqzIwy@Olo{$MQrWXy6v0BLkqxsSvZ$mw|-TWZ$p9piM18v!Kd&( z`@{(Lm>423?eGUeUIUsD3eB1w9<$8~D|Lr^)|Jp3j3%?rtie&J_B6NyV40eA9snZf z67~c$goGIW$8IzqHH%k+BM8q%ACJezqGOS9p!b$Y{tc&m@c;d1yZ1)U+TCQZXU@1pa$IE7K*eygaKGwb***^nfVVAG;_w;qR13hwI&{5ag9Xdb-}5Fcib&a87J zoM)hf@WH7F-Rki1o-Nx4ao+4t24dlv=%eXaf3!a`kV?ie2=O>|+kg|{^@`XK3M*9i z2DC8e$X%Y(&-unT8iD)3yQLHsVn63<3ftv=$Knn`~L^L!TNp_gnznj2&?K%lcpUe z$y62%I|DO-AAdBR>i0YlelmOpl9KnEuvqjvKB~0?sWJ+rBj*5=Yl`17?Kd44D9i~g zVnDtN2t5X+0~9Yg9Mvg$7Y3g|KJAsR1HB@W7tCllEFiHHCB7w!&T|Z;*QD59qO{Evf#1JSMROMuZpRWRjWqs=L;jJQOMY03_7LeF{-qd2&e=fJ z69`0G;lA@Bpbm?>LB(Z9%NT|L%1O(t-RgQg9Yf^bKtLBAv-=!g_n39u0=p|k`v7$; zcrQ{}HPM#A9KUIN8R9$;UiflJq6+|G3S9?^_>mT28RcnA@E+zcjJDV{7aTcg$jxK6d4}RFQLOEcU^gL zIR);7k2>F$FGqj7)~VaF+ILf!YZ2i)a+MHs#Kdp=*+-1*T^-w`W!IWntC>}r*|jEC zVPd~Gvc0el5E&w`|3u#E@sH}t{Ol|K<%D=ZV1D$}tP9iB zS)Rhy=P8VK;@jRVZqj-3;u|qci+^0$qiIiuZt8i^mR%T@%LV-m)68huqfV=7#`36x zK$HlS#&(!?7GP;<2Z42%6e`A?j;(^0ETH)#F?Dq}oJdl*^=NV8TTdmPsFYk*?IIZoPmpbdrUk*Y^# z45UCJx@e*(Ib3RmD-ZPyP2*CtIWD~v)Q{rS&V_I7WPd2A7cZxPR3LE{ey*w*M=sGo zs`NA>^`ehc!VbA36`c)-5taH{GP>45rax5{pG`iVhJCegK)Ov5?FeopNs;JWax6X` z8MhN+#k|c7eIs|WQS_-;w-lW(H4(~GGOQ#=;iU+IZA-O|oFv$2lW>3Xj z#Yvowj%)&RbNJCT+mvS9lnT**Xsw44H+qgpq7k2z4@5G!1AZg#(ZNkEaae>n3*0yc zDv^S=16wNDEf7e7&z}#kn|JpFggWH5qFFRQF62hhei%1ER7`bj8_Zm_*<$rJtm$lB zRqs#rU)ka6l)GG(@=a@3_=gW|Zfe_h^NKn+M4AE>v5r=&wQ8g>EN(Gb%SQGL-S}}& z_KN1VUE{fmp(`31r&qR`V;R4Zt!C~@xmIet;`l}i%Ih>Q>`Qi52dA&@*qGL)+rV~U z4{ch!5i#C8us7@%{)c?Ewwsw-S+JaGlT3=T-P!|MvFw=6(w~NHpClX$Wnf9<4{anu z?TCl!LZZEc8ESR?p^lDFzphq0IAFQg&c?u&&-Z5It#MHs_d*{v|A6sH;~ArLAIwL{ zvL=HgOrx>6zjx9P4y#d3F9%<;$l&|QlGI>J|Jus{6iN>^4K73XGz}16kqr`1RJE1RBFth%ee{X_rN%0wc zp062%y$B2~jMWOc8f%|uon?1209gZOduG;fCwyBmom5jxi*(pP`=E($3GgB$(+RB0 z;B_v-ROKbd_vw6$L=e6Wrd!0!kG5>x_9Mc2{55tz4x$O3ZgC&?Q{=vwnpu=dzKY_k zqogFwoPJ!pl9}@UiiMI;P)Ru?@}Mj@E@GeKu8W^J|0(Xg2s>HW)6!W!Y_YrZZDsIu zfQ#$x^4b*$=L>nB8R5*>$E_qt0X0nT)>e3jQMPE7I(C-Tk^J zbdrGORQ0Fx8pm`xNzy204`8b6h?~JymG6>ec1opIO8jIBESDawQ0;fXF|)U_d+Mj_ zcV`vD9cMO^MDXIf78b61@mtq1b|*L6sn~tPz6Pq3+D7>9I%0yldQ8d)RlQ(L9_r20ifv(so?F1v5Q-ftrXQ$Hz}_zxxt zH-zNvdUg8cCQ_PHvlJVoi!Vc#bvDiM$VPCKYXScc9bMj`7n)d-rT*}V`N2aiH)Xdq zHf$@uzV*<+iBG&be(gVAwf3>qs~=l?)jwW4{_2u33JK53`#^ zJR}A}6(JESG)HJw(0K%1C_?a<;vs=;M{nT2MmKA0aSS^|zk_)lcB9wmfbXNnZgkkq z+l}`dpTNYxf}!$RVZ^+fFl%nr8I3sRP^5mfVtoLe+u)ASQQ#R|tB#~g525V!!T?}JGjZqE1}9>2ryz@1zD>_dLG z%g?Uxvq3-W^aK6IAM{rOb_0M|(FXt8em6sAV|qT(DDc9k291P9&yu6{?qo%7!Q z5)G$n{s*ZZE|HGcunfR6l74bLP%?ykZmi8sZ7bnQy_mfXQ@5%=O0QB+ zk(AH76<_#WrAPPM?fW6Smh@qH6M}T|lTIvXY|fm>R=C|2nS^;qdT0F?uRZdys~$~{ zB}O*;T07cP=nZs0D@H9z7_1b0^lG=W&s=CB>pRb4!*>G_V;<*K|t4E z{I$3%U-mvOqbOxV7Mr!2XP1>dW}4H@!ByIlch!FHve5}({|Oa_6rN%yIc?v;K6o4V z+r}QXdf_wVxlI`OD_})RaqqUu?e;iaZf!FTU>~~NuINmdo9ZJZfGg|@$761wANo%C zM1wCte|)Y;zxA+dfa4!>i5jfSB>;#QX3}6im)mvWu+A>UV|8(+Cq^|X!;yyrs z+_p%+ZNS3S0@x=}-=?$BKu(`6@c6_@a=;+`c_lv#>M=3#NdTjy{l8WsI7)MoivuM;PfRq}Tan5SW<;|_%R_L}IL_~i7Vd03pvNG^k zKvag|&tXOD))9`h-DI0JTf*QYERRQX(XOb7;S%{sn6w8eirM^)Sg2ffbxf>bC~M4I zkxf!dQ`1?p<~qx*+OX`B!T}>fjKNuwbfJpIIzjjVYQq$WfI`D=smcyVGPdbyb7gqA zyssAULiaT`>9_9?^_t%UC_pkw+qR0{s=;|u;g;~&y2?3*L zye9k$27r0*-soVXSQi~0U%zL-$e9(YE0?88;;cqRLAC2Ol>-T)#i9dgV&;MA1`mMAQ54aWKdb>-D_ z!0vjiyOZM-uEdrp97t`#x*v&$16`?9{b4zB7qHEQqwtRuY?~pJ9w{$xE8kOouzapu zTRyzSz_MVMr6X5>nb~VQWD_^pSOxYMKn-FnIP@F$zMw&>3prk%ZiJ&gWT4k@x&w7N zTqPmVH(q#w#t;32-B9@MLg<*9|5pr+!QdB zH4l}qzj=L5%J$WUG!!MIy2;Qwb!~V5-qCVk%LQr%tD7boLlPVMvyU0AHti&!w@i&! z92u9KWgV5ah~B7k8nS8a#QuqF^`>JR4FTPnhP7SEioVGT>UYcHZ^XSg8?O`^g&&?4 zyf9t$Awr1O!wxx_$pOZW8OjMqkj_v!1~@i?%5lo6p#6jdLN{XgDee4}_ki z@FDJ0hDw3`@2bpH4Ixg}%)7~*8+d+-fovTj-G)Gr#9d+#-gq71J}9UM=F){1ax@6U zmnaabIS$3Ab~*2HG8K)oq~h=bu7Z~BOe-W%bpKx`+sl0#ag4E5hU&gmm3#NIg}>0P z+t@JZv^qDm_V4IVvR$mdBhirbNWav0AZyq{=w`cN#M-vDHGIph2D8>Uxxr~zZS-UZ zw|=Z|Dp=7>)>wAz#YE$cLJzo^L89?4_FxVBYz_Nx4Le@VK3vV(s#$>3IJ^Wv+9jfzLpbvW)r|WQJ^qxrbJITgPnrUJ4(#J|pc)#oU%ba0sJe6xAiAnD2P$R> z!n!UiWwYU$W9p0uo@$fZcC_8tc2}E*W&zEI@Ua$kKC~>G4`u3nXw9xvW<<;K8BtL> zCF*HP)EB43rE`Lx0hCM%%n3e5q!9b>%nW7J{*<}l7^~l0w*oLeSN&;|!{8Ec`?#^X zZ|Z4YoWyL4YC+P)s5fhV~~U{=v-WZMhLb zp8?U5^%gCieqjUE&FC#2J*z^?usM9BSSqTF^Ck_C)fJ={rU_h_qNCs|7>?EvL z=VLXHCK!TD(Ce$IV2cA_w-$j_2$eIrN2{v_Dl&&*7hgFLJ$%A?a3;&SXxM?byTs1if zFNA?TW8K$H)^eNP8}^K@tpak#0!8&w?06T!TV;j6ls8FM=C}J8*zQc^m@RL>f-c6{ ztyVkB4KuVl+o_6p1rt))tT{cKdAwYkYLAb`?~P0G+s)=Q88nuSr^o%lTYUsVzm`BI z3D}D4FL*b>g1MH=SYVm*!V6G0yz?qoG%W8NlF8_N1XkI^+~*A~I4UPccUY>Fhv`Zm z%u{ZFHDYIQ&w)tWRNfwVZ0D8sv>pd+861vvdHro2Z2{f!o9Z_Wa+}}{Q`<_lLXH{7)c;NT!n#!f~SHE*qOmNg)cBCW?bjh|f&C&lL&<~trDi?JSzl&HhS@VL->x#>$>ew>yd`~kkiTNH3hg3W z)IzhC0Vp_|=!W7)c3I@V&CY1ntGGOExGV@De4SSGx4KkcCj}31^$zG_-NP-4*Sti;IPZZxoWfRut~pyA9`~7q)DtC04_iP zcm*sC9bV^f?pbPC-`Y|<5ZqacA`;9W4PKlmg$% zgx|@El2K$vgWo=@0+c=;28ZnQ&bl8D`Q{uBS76LD<{CFzfEmOOv1mdmH71)dF0(W$ z=A_U9C70B=2VPhZ2VgjZ6VuWvNBP-lNo{|pp#7<9_n`P~^s67|ZCz%X3wAaGe^f#cTFPyjTTteuD?k%P6(lc223$8=o`h`t$3lA6Wwa)tWI-O;f1?y2u#3@qx z)=qd*0nePx=J1iyXk0jH9oOrC!bgsM`I@3zc}*|E2mbqXG@Hv5D_MF5UFxZ~K{<^s z@yJt;rJ2wVJ%}Qcua_I$GthuIW^5#kL#zqgp!@(_>T>;uHPUY%bi&GC)qqeZqEb+S zkVj!2%;ftQ!AF$pKlpIB6!af|Rg43%b?c_f>OUqBAnJ)?EC}d6RGAxCZ>5S4>nyPL zX7vTUy(lE@|M|amgTr2*rhFw?r=au4@D%c}9or|(f zL1y%_dE2`-@md@E9ekMJhb#Wx0K>1J8N~Yxj~T>y1G^Sx`x4XN<9ygD&f(~I#*xin zUCgvs&m?AYj}WkJj!xyOh>KX0+ny71b@xG{or%ccVjhmLTO)Tz#7z+vX+0p&EegSS zMsB6#Cmi=V9&<>W9W3Ff2ezbXhWpAq*5;E#u~FZV*49YkFydZiRz&*4{m%Y6XuZ#T z)f;3hpVTw@EL)K7A$&gK=qE=^9Mgk`;5#e`nC6-4Tud}enL&uM|wjMuz zsQT`O|4}--KhE3-obuF_8^^(T(*8V%IsOaG@p|C}c~`t1Ytj+`*lZZ}0pFjVjYc9u zL47Y|7`m9|zghx%WYXZ2-@5GBqBJOb{e&_WdDYtE=A=5|&nwOHg5M~p{i*{Ak0l^|v0kI)Or%J(k`qNG#NU$CgGMIpD05!_HT#dp-0|+MkAR+)@{)WT_$6NSIs3H!ElZt((Xf|xTTCrgSZzAGzOsJ({(<9nFVRrlRHC73-EqsRt@B%JzWk*n3Mo-& z1^yS|^M}AWo{+aZnq-IcY+lEVI>4o{>#XdMj#=(av$6CRSQ{M^TyD2PIF$(>J7kzQ zh)Osc!>KZtecl(o^$E*2fpl%ry7&0lX6Q#IWAl5pWUEIYh-9_^#U8qWhYf)!Mf;rN zEu|m$LPdv=+)Pe|L+oMAZOK}WexX8lX?2ha0D#8+STV4%2C5=KjUBUrtkq_1Y?Zm}n3*eJ`g$rB6W9(gC7D;rIqzK+}qB zjP#0ZEF1^eOi?yQdXdYMZ-xZ%M%$Z}-Rmk^4{=VCVC;9s(F+sHAw{ZVm{=VDyEAPXc7mxAsmGsA# zq^I(g^vBio9FK?6Lu01&$9MSq72Fu4=eW@5j}IvCFT_t1HMmiVFB5`%wNGBPIldQm zF75tNIAQ@U zjc}bU1(!KeH@!bV{>{%{k%{Y#Ct5K;!6!Tn!q!6iMbceXDc}uj^Lz zb+0n8lyT)HxG{g+ymIAccJtK8$W%#td4E!SiC&iVk8~UEqkpbb($jc0^7I$f^u4@4 z6BONpIIdns7UrDHYNaeJSaWFG)}1#c|Yx z<4e*%luysDL6mx;U;ci=V^h+zYpzn>PiIU?UVoqf^7bC$=@p!2s=prh(cT_huy?~A zmB&yu3RxM@%{tAD1Y1lKLwG9la#t|4L0nbRUF_qr zGx+-iGhoNXS;ONd0q2(h93IywmZU@pI3QH~xe3Gy7Bv(~1IK8Lf@#2@2K)r|7mstr z+w;HG_Pov81Dsmm@lt!t>iuuxs-Zno(+FQhH@v@_5aZ=<Eu5}Jr>C`hK<)`` z-Bf+mjt#MC_ENZhpuBvbKAgXfw>34j(eJ{~+4_YqW~Q&+yK_V0;_KpbjdOS2-XiJ| z2vL`VNnW^dB$r#!5Dqu2$aM@1bhHf({T$ekSlU&S+IfK?FJ4L%T*^d2fRT?B9W+1NQu7mfo2Pb z%I=5MZ57&NT-thbd$I=+EZ|68qV1#YfRy{F;0Ve=F&K1I-&@D#U{yC_na45Ik(2QD zJn3NbIF=)aPj2_vsBBtTbeaMe8Wo%n^3i`ScLqA%*Dj!s&%6riqazSvt*6y6au9r4 zl01?HY4!@plVnVUV1O_@P7(%eDVk?Xa~s5?Ue*UU`wcd4D(7n&4!Ek;RCY}@_>9e0 z`unrhOuO)9N8f0)4gsM;wb#@SYy>cD%d~&ACc{287>tL?LsqwO%4$nC4<_S*L2so$ zI2cUUwdzb(!+6jct?x}`!-Kxc5QT!k90T_yTDcD3Q}PDCq1+()HRT!++q}(gF=#bL zbFg4grx(p|@td{WX~8)bz^;68evWUm8sT7s;8zB{$E|q+M;tDvR;Lrp1I(8CiIvHu z(+CEw)uLsG^~S^Ieu;#vi<&xDf$*?G#zJ+lWCU%lDtxD7 zvpN3BfYG=E2vYjcCz)2e9R`Kc2BGg9Ae|f+8~KH-wTsouIWD{c_&)Lk;u9QIq@@q? zHGVn92oD66gC{L%mh-Vx*b58qUbz-O<=ZQ7y`yr~zTwU*v(<){`jst_aBa_1E3Uh4 z#qLoyZqi?OZO58M-)?yFvW4H<;w|Ob#wajgK{Hk2R>aHt8OPm77_0%f0h&!3$tIaK zXH2h{egaRZC-mRce@~D7;aUL*j2yFyP7OH#)wb!S_)=&3))X=U8R)EEqOeUBEtG=@ zo9M^#bO|cq?nKvymgWsz30#|7aGhf13;%Qp2;r8#Jp{kEr%%0lC)Ivla?V7&X=xl` z8n;_8PhG-cd92NK&?UB84q3#5IQ+5LEi>dj`k0gq(& zz~wPcetB;5z?gjtK)|#(y`f1B<8+AY(9A<8`H~ZE#;OJD+{a!he!@)0^CmijAU`l@ zKcE~jWJU)1Q-rQJoF#Ov9d%MTF0e z`n@zJG0g`ve-2MSJa^!`(v~*i6>_3&!&&z$hFddPwYt5_={tQ@$_!FcdHgX2_v*+3l~sehFY(}*^mG!Kv z-zFctvaRjPgYq`{z}B|5tq0_7`9}|hTUIqTu4)M{xUyp(7#_ZEEXyV*S$6EY;o%RA zW!H-X`2-*d^s^uRTpE|SAK!lg8VL)(ljnk@m4LF{9-d)V!Y{e`Lj`dS#&5$ zUmn7j7m)QgQR5$??3Xa5x-0rhRGf`6Zsit-otuP+Bs2_AtWY@kcb~x;LpS88*@8Pq z#4y>(hQlIVMA5^Iu2ohQP6maga{?{gK)ooD7Nbmv;>BZuh1Sw z2c__fQjGbCEdr0)*b0j>zCf{WZJ)YvMSR-_wr$66e8r7ZPvs`|cK^p4`**S@7N&OY zf8#&8_fC)y&4gz367x-&t*?##gAuMWp)erztm?<51GW{CYCjAG>InLz7z|j z*bWg%ramM1Or zoMgCRc^%FVxHx*@1uU{JVEU5Y9zS#fsQkeKlgEbu`c{h)(MR!)i2<=V31e#|dgZ)) zU`vaytk!?$!f)ek6@G-=Xlz{DnebP%CKi5sr@yw$*Rtiq;)}TrH?OPPINsx1I~434 z-_qK(tv{9O-`3T-WxO{ywAR-%zOioI%^T1udgmZ;s5q1l%?<~h|Vbh38fpgrCZP0R-?Zmp`a+x3y)coSu5nkQ3r3b#wwuV9DQ zuYqk{AK!inRWMiw3jy+K1ZnW|y9-d%U&!H92hjeQ8aaR3iEdGpd;kOH0iEdJyG5~I zgNIHISZ#cb;+9h0FHHwq)_2veYLB-zRd!{Znc*E>mHi%jPgAnHCOmzW-Vkdk_jPrq z>*Kc5;tv})^reFhqxCf#yyjfHob24x8TFVqnggz~w#>>cEA6qGSi=A?y_2A47i9PI z*gr$UHaUm5jDqW!+d-$u?oqcG!a2V?WIAS!AQo0APLWE(p)vP_YXa;C4l9sO>zFdb z$5R0}>N`uYnVi3ed_>zBolYQ-8$nHDgQa~Ins1*!4XN}a)>JBP_UAGYBCLAYxnJIXuSE3PmgTe-1%q6|LnuNVKK_-`u~U_jI~qfg`d`Z zm5)VyY@~{5{S4MwgFe>mV|pKpMe6~Kbkxb3am?eYs&-aa&AOZ(m$S;{s_xuky%ye) z$LdeX6~_|5`PePdxsY_s-Wl%{J5Tj(H0(A!jEENVEmN`dJlyr7fi;g*vjf%lREwr+ zRt-S7HrFN>xnTm=5rHyc4ngZ2O?`6HQe7-*2jYnBWZSh2ubsmpKxpT-jL3!`up@BA zPypD;)v{JZ%v&gdiCV~aF7H^Ery6DdVl|^{on`Ii7+-g|vT;YY?wU>EhKjh+s|}>8 z1J-oh+f-9N(V12N-Fsr;x_H^11viRL$ zz~;0KZSJYNa;&CmbVqCLq+Ac0X@lt2%naBm~t%J#{6x}*T8)B%vjIfsb@c^ z|F?RP)EYR;OQpMP$6CV2>@{%&nW{O}>6^EE`aI${J>T;zdL)mhzFs(qLmcu^JQ; zxVdR4Y1P$rw=7U!88_Ip(QLJ+b=(uny0%>DuTFVRL|bc;hM+OqJXl_~TCQrWGzWb) zAS;Ppt-+vKBf{|}oee}Ch{)wm2G$uY7R@RMmIiC8x1nOhsqse3yqWf_i}t3)A@&`K zWbPN_#+HiV3NZ~tqzWchFkd+v3o}!=Gc1mU;39ydCCV?NP@FPcrsgULsdQu3JdkaONCBGR~mNF6k4{7$D|V+?Am zD&tiQ1_y!Fn-H&H-lCDn*q{!38CI&IV<+dA$%POz7uz(qlTb*r@K+01OPo?*o#IA@ z(8`mufK5wO>yI(^ow#dKW3?DN`kO}UeBB$aj9*~a_y8}{7^l@8MwB#cVGP`S+v3|I6m`%K(y7#Lc@XE%kNDUj7!qZU zX;0-20{5frnChu@s;X=*7>t*D+B|ze?eq7T*eJ9nQx)-c@&$zt(h4+l4L>I#=UZ+A zs?s-Ee_TAn-R(GC=fyT%7;&J@x-AdQ3z2)s?PI2LXF;`i8 zMR{A93rR$GS({{N+w++#w|;t0Tic#bZ@uy}d)h8`R*diM@83IKA$}-3d{s}+Rl`~8 z`_+r@2*1bPK>m&v14z&6fcRpS5ft={>@`?N%}2F}Yi!Ysndb!uz61HIFGr`O?_3O> z&xOu$6$Lo~gRLXt`1!`sX@e`~Gl?VP?C8Rs{+Ns0J&7-d)@DhpQph9h=jh`U@H4DQ zhna%j^S>c%>Ca#@$MuKLKqNNMcU&>TSUeghfD*G}-D97>|#;;VQPqtYVVX^}&sR zj7s>9_fjLtnRVFU=W=8Zh;YDM(8OoQoZ*F~;3K531#d{~0Ia9!G#Gm$E$;=Dp&#e+ z01gI_a9w%KwB1(S)|+reVr4;_S8LT~0;!gYxOM!-vYnxR_IT^ezCF3lTTYzlt?I9a zQ8iSsp0bA6mlmGBZQC14|MGc6F&*#X->H9L5`^zt_&jUG8udN&cdzhe#Fg)54|lRn zoy?SAk9pa3Zf10`5ox0&wnz-{<-jUBU}SrsI>pMKoim&?h`S9345C3R$7Mz#F^^q~ z$*?yz53TsdZnmPEbsysqW(}TGedSg2>9)C+7U*HK={3;0jvEOrl+M?eu}_49irur3 zE?DV-koW@mo98VX_==RFt+2QtVY9@%D0-N45PkA=j){e>z{e_U<#MOGOtlYOeKo?E zcq6%(J=Hx`S3eA(ua0b4Q^Fq1b)`mn0>g6c%8dqpvL;r#a5=A@&JEPX48~M-W2j-g zF=zuIo(-{xgNfR>eYGXoQ{M~!UC_1~e*t}s_^Jx6Q+zzg=8NciQ5XmBn!p<8f|lx_ zyau=(2B0782C#|9Hiv10fLZ^kw3I}^&D7=?8-rSE-aM(9IN`p}Eq=t!t_7bq;@b%8 z)%ib{DA?XdBz7%!j+2i(3(T=sP2mdV5v*jP+1JR1ktZQhhZ^#m`{!jLL>*l`n9k+H}HCp)*zbo1_ zQgP+3wO69}CeYR2aKDGWz{rs{NMf1PEQxal#wlh!+NwQUu|+Z9m;Cyiwk!R0F+T%ag|G-R8THg)_fYI@f; zdJ~AKl^%?HJgu>{>jSxtDT6Z&;gyQaE)S{m~+nA$4+M0 z2rQ7)vrcTt7^*_+UV9x7<;pNkt4P4=StsjxPa{oDt?Nw zc`@|H^h?CwPG=N}5EhH%S*UQht!?a6wn|USK)LO9cFz+=PZDyTNtE>A<~7Z4uU`Gj z@}{T-aK5P1I56PfL7lupr<}3Pa#fP!aX&>s_Sq4Gc9VGzF^q?W6Qm8q0X-@MUIy%q zy8YAcuO)pC?M2+gm_FDk8RTga)5 zXCj=OCoGS*Whe9}E8SD6&^&Mj@zG4&%EcG^a%XsuW8zkFxz}+*@;YS4w@`I825??% z^b&MNIrRMm>i}OowtnCP6P0zFj;x$IvZ4C!k3a9LA8XpZbs@DAKc}D6Rt|6P>f1e% z&5rEuJMan9lk6K6gG~wT!pBUzCnv8lvty=f3;V(azAumg4)yyA@$b;1VPUNt6QT|{ zLPj44_5mV=*h0Qp&*PEsm=~<;yaguxO4I3s3^RUM`A=CV6r{r(Zxk;R%PqXd1-!3e4>>A67U;eU~ z8{5^v#NS@GO~d{k_3T)DN3voKZ5I}0r@ocln|m}Tp7cE85$|!aTB;h!`1tS>(rD2Q z83rw@YAYSs^D7P5?<J|*4+=V4=FKwKh|DgaN=Fg1fDy| z6v^qs>xg&2^<8-d-sL;yNYHB>^+@ALAPv0uId0IYj@r7(xYIG24bDpmC>$ibYn4QX zNq}cC(2I4XX3)`O%AJ9~K@J4b^m3n~X==oG5C&adpT5`uhd6wCOTDA)i?os#wJ!+d zf&G!6H*&Qa^qNX&Cjyftep2jdTL(vq=4!~Rcw%8z|==enAy{yKBi**3bV z9-(+5wBIRbIWNM_pbR9XlYaUwLGYaxg3$VUyrVezIPBb+knR4(f`8-eXJh`F&Mjqi0JWut~JQ^xTL*;0e zm-7p>AOTx~EOcrpM>xLtkHTM|ZVs@=x`4nY5$0YsFZp~0i^18tur*jmvc1AWj9HTzC?=ug~ib-h}Ee>?_pYozYk(MNM=K(>RyZALH?Bs)zI( z@X_+)5kD=|(+K)T>(wUEwX_LT9@jxib}=h`g^&H4SXLaeS=86n_{`|6S`^fbbX=#v z)4}#1H1Z~nA&?FT(Vf-lNx&Vc>9{<|(|uh@huEBy&J_v>`bj1R)pS@7gx~XY@K>Vu zoe~81X@M>N8u~zsXr5#mDzHr4x={osYp8sM0tlMO|tQ)A`g&p$~a_-e#U&dUK`HH*mQ} za;Ec_zL(csN%yaKZ%p=*yi}1wN=cVpBkDqUIpt6*j`#C5mcRcT>Z6z51mvq)LRW{W zX_7fQsRZ0(!Y9Q(HiDSd5@g2|8xYrupBDcb_F^J4h>{G&p)@C)1n;XAWa%ght~(og zBXkxPF4MsmbAdOobq8O>27$wWHgc?Wzxc-Ivyanz53-*Ni=agbu_}T;7Jey+PYB;c zJtW~%q6oLKenJ4+0iKs&6<{wt4Xg(@-m*9}R4ab@dB=C)obir0z>Y~4r2W zpfhqc>SWbRbk>4u<4jRtqMIt}4n|DyrI!%*$snyEZ3}YJgNKOb zCGl&E@5t7gJ|va|d5tLa5Cst77T#aX^CUz^CC?9JYeO*)6>|AJdd)+ywd7PRiM|@D zlO*(&7IV3Bo+_;yZ-|oV(sK3}`soXB=u+zTE7`hofC_3EDlMqco?@P--y=_HIm%x4 z66P-7%QW|#IW1iETu?5{@Qv)5a8$YaeEcdKou1JkZ6dVIJ(De8dX2@D?_Omae8wH% z-=8+~?U3dkcOq5S?&W2ld*HNi>z`V-Y{cPwP|m3JjHvbW`;{8FLdw;H>QYVZ4&`dG zD_4_+U-Qd5RSiFd+VOqv2RQWBir>b*T?VvGo#w%Bofa-US4DkOMeju4@GJU;uCfh% zQ^ot{J-g4H@4h-Y5E!kKkrgZ%=NtId<>KFE;3DCv)vA6&|JBh($crn>DowzZe-Eim z#g%_|=R4o4e8;PlF0d=#A=+>r1=svuswexum}7uVpk}4!DkgaroKsOD6YIC zh(PEaxbp9br1BkCrQ;&X_fSOn?o+7s8C>~uuR`bSKg)9GVw(|Eq zjq7DPw%ErCm8o5f{so!*eF|4;q<)qMA|B&vVNwNh1E`{dFtiU ze2ibk{W~RHo~PA(;V^fioRf z7w5~Qf3hRb_xy)!?JZ`Z0`lwmGCoc75Y}eS{Z@2RZAAD?y>A&$73#!mucXfxppNYZ z@g;@#7xbEY7Po`fT3n=YD7}Af@dkdM)*Ls+ryQp%7cu?#s-vWrH0piu?708r^Yk8~ zor~&yvTo+oqoxli_W>}Yjx_p6;Ww%OIlrm7XRk6&x zOsr{ulG6URjEB`c_yM&KwSg+66vZ53t5+1qX?gl5!PhDL>07cjQp`dHi^Ks^5biv8i|@%Ng?Qm<@I{1v|hXsN|ur`7XK4vXe6Q`rHn6>%3ir7 z730An!IHKt&-3(q^pqFSf1`2)OuWA_)pnb z*1(e{@-(NU#rP_6sOCY)3s@l}QJcU)+N5M_S|i%(RU!gCFHip@#8-vK{x{iLR?I>L zCmtIh>vZfX~{Z) z`wPnbTDo5tTVP;)osUVQ@N+(o!Ku<7fcsxk@8i_0xM$%0jC%h;ejgl%n*NjOeNZpb zgF8S!DRMZ?doEvV?!h`od%Mn;7N|W&v)z@p<fsDxNeNeP!p|Mcb37vInMgwuS?yHS(kn1g?irukTP zGwyw*@&k1LQ|f)#V&=z?ujwoJ{OlHf$L}liP|<`>ZpRSUfe?e$ z%=>0}+H=BBk(O(rz!mh2^W+^$a_awO`W4NCoH~_J?wCMo(E;wtF{X}kNg1?8EA@F& zIEyk0+(Az<8x@3Ed6{w^Vix34#<_!PB|0Ylt8$(ysT*&Jl1D8BuPc;8W3ANf3j(c- zyc}WkYAUCH^77>r^E`d|Jf-DuKH*IobLlz#lKGFZ)hYL@N@;<3#usSJrRM}}X&7^L z{^S00>ivJ>_X|9u^ilQx{rtW<|B?P4^*%W6CA8B3+ChE5)$6!yfd1e#wOYA<6Wu47 zfci<%ks8oXijL>`!|Iy-L)lng%k?&OoJuZ}_N=-Om@cbNrFSZ_!1G&F%7ZSbr;E!C z-T8MaJbf|k*;NWfM=z^;rF06v_x$zhJO52KhJ&2P4dvgd@SnxBXLl&?3@+8vF22k8 z9!jU||IdF%edqI#>8;rQnZ}lXXAZoA4*rVyv}eDerv2?DI$d?ILRxiidmcT`_ragZ z#&nYJgQ@&`mHnoe_AJ8dVn&O>%jsiz`O4b${B_0l2mO4#F7Wuux=3|Z(w^O>wttx} zR+;mZPMIUm3l~61e2qY_c6ahMf-ApqyD+DU>CX!Pf(Nwz1efYyIjszdW5hEMT?tvz z9b(10TX+=TV$X^~?;04*{NlOQQ$%7ox_Xu?6m!k^r_$xp{Lm*B@<))rhUb?p$_oUp znd7+&Wz)K(lnwo2A#YYT=aq}V`9c+*om`J9K=t@6*F4fP)ePm5GB>CW#rHtxSn?iN z50R3xW{n1K`3ipvz3>Oma&07DgX&!FJ>}Tj?&a&Z(i>SBZ&LJ-%iqM6llv1d3|V|Q~C$`%Hn%Y3mP1X-A3B4xK3iO(K>F-2%Q}JXEe(+ZBNPkeC@1gf&W#!LF)~2-)`KAA4DX&t8Ll>dVA94lFt>tX2m zZ`9|nQvGRd6_omuKBlDpi}d{S%5xLtr?r=!e?iF)*>?yysWexxw&6MCe5TXf{hxvm zlwG3G(e3w5GE=G0ukdBd^Fi)c^F_Xz&j!MljnNV%fZFFuUZQQKOy~jByb0Ma3Eh1t z6GtPLDh1vnKlB2Z%OAZ&LvY#rG$-!BoKRZ5v<8D6LE^?YD{X)5-U*J@!DbQT$b1pxWJSUp} zThJuw14#E&r26Oc`88iupZ|hC&r|&~d79TKvSf~PIR&bhzF5eAM#;}*#{$($-{Q|f z)0z*0rt|uUEax;p)e;Vgh~K#6xk~lQbMTu(l9kgu_8w|K@v^iE0l!zJ`zxm737j03 zvbN|vz7H+U%X!;EUZQ;^>(>^SvAXKmDP^mCE6V1)ZXrLXzUdt(TV&cxS>N|~2j_hY z?t$bSH zcAO#R)7D(VyVG7xyqmJ;gU_dt;rtk^DWGn9u5ZxKd9h`jKL#exdx&netb9%@od&=2 zY$sK$Bwa~4kP!;yMAS20yF7^WrBZ_;8!GK7v|V$uq&~mmai?M=Sp)c^)&D^loQGsilApZRV*syKJZZZUal8zS1_j*Aw9w;{O{HKI$`kf z(=?u{eNplLop-7Ci6?+>rNR@a+yK%af^C8k>z)rQ9u_>|ip3$}w~OZl*x$+yOTyq7 zb+}eY^RJ(UT|(&P5G)9Dei#xrc~$$WZiF#?*60Y@C9gG*OSsvVK3~YH zX%|Inq&gv45gVA^ua*aYrCQnaJ?Y2NFA?HNfae*G>jI;6{i@Y9YSFojPND8)=6L;V zE_ePM?Bf9bjz~>;I|3NV9r7g1PH!?8Ds#oked11M+^r8g{qaQ1na!4wt9h%q3)U7F z1h3E_d$c--(448sac8@Nw)jXp;WU&E7YBNJ$DuXMe`o|Za5hcEE(C8>eJa? z@#~SsG7sx!dPl_TjUZN2H}jM=iWl7J=A=2~wb{HObFw+@h9yN(oPht-PWTG=u^Vn8 zbmud0;dPCAZv>#WF&59<2)C20V)|jM4#+s_4x~^S*&2w9rZREe8icVEEU45Q(`U|~ zIiEX=dcAs#;TrIJM zUt9dQXSw`K!Vl<+^F@4~B9EHd^A(}IN=bb5*-R9|G7{(0^0}(K9~>ugoZSHnIlMog z<&9@EIVFqoe)5T-IjX$>q^e&Osv=wn=Z6aUcjwd5{4DTSoTu%PsXj|G@p-v;UYTbg zn2N*DQwW29#plx^Bu$!s;5Y7E+_iWbPw*V;Ev5e{?q`MECF$vYF+HB6UK=ql|BlZ~ z$Yz`ie-T$0&S75eh4GC8R<`S(al>_w(+4baoSs+AKQX^;mbmMQ2V`Z2S+LgY0$z#3 z<8e9-Fv)qjkwU{FN-kaCR`>e(bB;H1(=g7-g#vGoIT6jL0s(=>0WwnV@Wjkz@n9h3 zjAlIFx}o`IKC5h*!lZiT@$BbOJ=8CZ`c13#+kIMa5`|Oct_B!TnXB0~G z(rSVAY5)0i`f&l0eQ8_sm4ixe#*ODE&?m3Ffu81ctF@p4!5@|n0Z>NEJQu2>}I zPQ^kd)_9qDxcGbMezcsH|BmJq+j&OSlDv-dF*?3dj;{Fm*sqY*3S2Z*PbA!q^C7NL zL0ZdFozikUKFt}VE!y$9%JAl*9Up0;xN-vI0J=Yoa{hnX04{Hj=4447V-DUPvccr- z`6|(p16LuwbM}3KU*Ptjq$lOD9CtUX|@!{4VT0NneC0JTO;P zOjWtQdhw4)8vxE+-nR92?1@TRNrR}kNUP&jQs+FY=X1V#`JCtXi*ufyi$VyrxJ{iq z8|C^D*G3o2>s&`)aOBhIp$eOle^Demd!e2iMT&wbH|-uRwnnd zwMVY|u7^G3dDbJ2d#(Tqo$Ng7a$izCn#=;9%jeE$E$>^^4|YzP%M8u1pToOAGa;`LF1b?=7~M z8v;wZX4vZ%jDZX7)nVdI^10uQdJ}(ry*i%-ZyKiFikY`^R;8q+xzE#r=O(*wK1xm( zPwOt7`>>X#eZ5=wB$gS@Az(cOe*jLVxZmsX{A+kl>&5G+%Mq??Y2xSaiY{fjE$)`D z>WP~5R=~r6GsNbKSK>e#rpaWPCWr7acqhEwqCT?Gts{cU(q<&E{j9Vgqlb~ zT()$JOhm{{jRgB)ST(;vvIES6IsY;3MlG&>xZ)Yfa98szmt7P+h^o&Q$~9d7Pf`@u z!H^zh#5&Ku3C~F1mi4CFFn^nb!&#sz^bH2-AG5~;bZqfj2&ch zj9rcFYoc(jQo`mW>vRf^aar5+AV(d=`pw3ksd!lYhuLN_X+ZjY*y99Xdpd;*IdI1I zitQ&h$>!9`5Vy24Bs{GdE=S8GywbH7o7U^T@|deE6ij-Z=7gtYKX8Wi*sf3v+G2pt z|4#8GRSs5l_0S`LEx7D+uB$IThkj?MXr~Lgfa~f(aUDv2=-P*h_N#c#wU&5Zr9Mag zqWvYFb6q{2vy%Kpn@LqWgXaTiv?Zk>b@LE2;XmZO8HCe#)>^~rjWnXeyrF7|IDAG zeM{`f3O&G1yvK932h``(|Hbp}()Q~MTvqJvTbMRvO z|EZ9_^gO)SerW5I{$Fw~UTiFqWDrt28*O^nt?$zu!?=89ST+RHZCPuLwT@mrQ$HQ$zFU_XKuSV6y_Fr(#@S zJA@lyCU!=6MbPqi!44!A9AyLP0hj%-gV5tR5CNf20S9IO{@nhX5VH*qF!0BPdgsh5 zuU&kRWS1rmn4-EA(+x7bc5`eLK+V-kKpsl!(-cltp9U%cFngd6Dj%GV_Owz0)hx9sZZ*mcXq%3F4|U;Ml~5^;N?QFd3{;R{FI zp2)&W$!IoKYceAeu&FkdjV2qCkwl~+>la6)WLR&~0!GKe9ASHdIq9tn+QSZJar-S= zlRli3Mnr$MA>xdla>PSES1ih|n7CzUN5@VSck8b9_FcDzqaIHF3K z-!eU(Zhv37A>y=0jEJ$`>+1QJZks1v8_te|02g8R!ee^jRHxY_Nmeh!cNQ9{jMS$+ zdR7zgIg`PFJA%0qUHm_~53!F6H%Kw@W;bfhWow49uHd?=JyMk9OCusJGrly_45ha zCwQwTyfNXgCioMw`2phK3GRgPZ>CO}IsVT_{*+Ui_qhkl#*XLHO83p|VI#-P{Q1c3 zBfZrl-x&E@AivN7(ei*13iA% zWXewmzBMo~&|fyt{di#Wz^@1TiwC-M2D*a>y4wdH80fvh>23pK2YSH+`}KFH^p6Pr zPH0}JpY;r<_I?`L5*qYKsQb&%=1}j?Lftu`Zb+!RJ+wO1n;g1YKd#EZ$M^kVU-aru zx!%|PY2Q!#dXMyVoBO(d*4LfW*WKQ?n$tb{PU`E0^pz1kY&h|uI45R#jFAF#A6Z5BmAs4BZ?y~NBB_@ zPegci5pI6O+Yw$+#Iy+SY(#dJ`)-80GQ#Z>ksjgki_^i61$$Y4AAB&_do3+6L* zcYd(j5bW*=c4q{;{O*0Q6EwMrvo3l^#trSU%=DQ<6UL@ZN|PZbPna@uMVgzP_Wd;P z(XE zNgI*or?FPeN_y;&nR^nBB%Dj|-{Z)ti5EEtY@eH*9U7lBbN1N9W4%m^aIy!*JUnyz z*aKs~80(MaMZ(On*}-8m#}3`+IloFlz6l&aLAdO(DKk^=J1Kv^nVmdr%*-FB{!Oa) zqf~cEsymx+&fkpaKQmRnmpXXZm|;_f`NIwlcxdLZQDeTFyzkzdWr-tZ^7p~AM~3lt zz$trZi2lwli;C0VIBH1b%s$C(aPlKk$94*TBr)lUc+SE8e%x~V>7?EKg`JKo=j|}P?>1OVVY>D)?M7qy#WQ7;TLEQV?<=KJJv*tuDiCh!8Bl1>cuaHQ$ zJks4Bc_7k@iyRfXI+C+0-H=Fqo9R7q-gkfMzvX*h`|fSuox`{5-iN-s-RDJ5obN^W zF&yzWFgPN1eC#u^Ka9$)_um}{P5UEV#me$e;fPD*pso% zu|acU*Tnuf)(?pt6YE`wy&3EMb?o-oFJk>!v8!XfNwNCr=)U^t=!ib<)T%!2-}TYY zXf*e6XZLZp_i_97aYOs840HR0xf8=8zUxFqM#V=hj|$3qGwSc7wnkl!3UZ^Ki1O;9 z+M>L-quhB>IZ<9v)U+rsH|pJ}JyA!pGom=ZYebaSJIW1-a=b{-d*ZU!>UkUm#+&gc zJh#+y3whkMOYU;-6&7~AT`buKGbK2gpYp?{KYaCvuj&X+&fwIKUfJwG|M(6sek{hW z-oMy$y(cwuhouwm-=P~U%)86)I>c{0Tgu_3|ltD@Au|A+2G%E)iT zx_|H}0(?_z{_zL@w)EtTfIxTX@5qxq(r|X^7>hus8D|EN&=?&nViR^S@2PI35@14EraZc?a^%R6560=Q^95|K@CS%J`D{ zv~$Jj;xYK2_d9>h(HBwS9JTge?EKxu@j7;GzNWZLZRg$pdm8g(9frx@=d%ZdM>un` zIQZgwS$#<}VI*f_aMXs)pZWWg&d6XMeN7W=UVC04sjqq3HO*-M>4~UeWiz zZ~2E$@aoOZU%*jCR=>3J`6t5o=MS8x;fu~}$PwG{yUuvmEqx?C>4|>)Yoya3 z4&?QQ?huDs~>bDrnVGOj$!FQMk}_tV7lVqSorT=@k z5C0Elo-tIrX(d|mecqTdd>5PPgjHi>6pUFtL z_y2}OM~8$)MU_PdhebvQhe!NmK-8fAgL_9t_8#1SP}G3=3FG}y{;ARVOF)5Bgr8frB4^ zCe=L^`Sr?wd-KR|*NmD*Mumn%MNzw7ghliZ2@mhTVNha7BCkS&2M!2{Net&7f0`Ws z*rQ(mh@h}x{GQ&hu%L+k-lLDjC+}5-BEmwW^?Vo1Bz`~rOV9IN7Ka*;>aP@b}9dCv@;~ zr?v}8YlB>4Z%(Ze}bK?Kqo8+{3nNc4x>MpO&*dY4T0}XHkZ~24$O@S`BMR)lH#zN)kzi;6kmcA5*u#w~YFey+E zM;lX&sm8|xw~0^ZPlz*#F91TE$(+Rz!ux_KhhJ_FbilJbTZSMHIUtXyyh6MNg^}tj zI9uucg-VZvH{lMuTC9|QiCrxvCKO%Wf=NgliacU6cZH%Wg;S0E{ukkN>Kn?sdM(UA z&QNEH#bgG~5zY$SfCb78Ia}c=3s)%Ks|+;5TIGYxV!iJ5t^}H3gT*vj%vDR-to*$e zks7tb*(!y)ARF3lfm@V6+7=5{3ffk9hjR0am78B;ca>U988Knh_aIC{w_(&*Ob+}7 zoPu@2kpC?w3?KM=cuFbpfnUK2bQMM|+Tex2URbAly++-IR4s55(uN@wcOjMdzOjrn zk(AN^(|L0oi4HsA6y6I(I++%eg~lQ&y`8-tNARUcWViv(8Y=?l39Ix-O0R{rctxaF zXRKEaXtEMEDo?K&c_RJk%xEIf8&~}eUxOT851sdUKV={YmqN!ICOf{xELkLfH;$a3`!lJ3m0GR0{z$~X9ETE>* z*yRvBr983D5m>>sXzZeJt#YGwltrr~PkxE)A=qH?jmncfXq;$C9dE+f${(L0H+)7c zR9SeA!aH=AU#xs+vr1WNF=ga4gc^0h(Z&>GsxduKMEoRtYzWr52{ULlL$J$vX9yB< z7ZQr~N{MWQ(Kc7n^9{JeVv2PYeJZ|`m|hT-#7Fq6F&!{{+;VL_nU8HUfdL;3tLbW5J-_7<$5HyeiMUx62t1M*V} z@{9E<1pdj{(y zx@Q?X65R^b(N$lR=vJZmM7P?mUX=W9m!$Gsg}p(N+>24p-lo6__zvOWXtE227(?kB zhoeu$L?O>`&fUKWhgeJkat=p7x=TJh9RJbPOuH)^+YNV?TKsZ6XE?sp=?r(z8mknK zY^103b|;Avufs@sk|b=VZJ!BfBMIBJz(k8lqQoS8TTEsZm$$AKPBlJGf0D%LOfN}a zAx=T(+8Lm5mR;4^21(ef4L)g{X?)5!*Erw!yydwNjU{0z$*`E-HOX0GG0X7YBqs;| zN^;f&&cHk?tH9(eR}R>Pd);%iktFOg09K;;B)3ZPPF=eFUDS(hHOZs}bX#W5gNZR$#Rec$ZkMyWAR; z;@)DM8sTk(eKNi7aMpTBeAk%TV_|~y(6)*a#(8;7GU?0v_A5|%AK%6Qej`pHJyw^CtZZ=bT93W zQrx>rX{~Q0?G8yy52LVnH}CR7u+b>2{3(nM9EL;imQl2VFgVP@iTKGVw9x@a8dmKGj z1Y8sN7g)e}KhF8WN-ReYUG`Rsr20nyQ^y=f$BOB_`-or47-gP|M6E))< zkMky5JzdSRl-YsHglFJy)Z9G~X!aCnM z+Ua;Srf?Oldpx>ATKfMkcroxEtiz+mGcGs47|B3yxdUokevEqEfti8dI*)O0t24oT zegffUemhO0MhaTJ4mE0|&2P#YT-3MvZRbHEN{TsF8y9 zS_x~^NU>2P#YT-3I~gbiZ&Ys6uwx1uxB_$N)l;au?#i>=3ea8(qXsd^IT&ixNTKex zV6|kUheS?B4a&7qBZX0e5@}_`FkVn2G|&X~EIE-nc0tu{BDK2)qtM$#YIg|gIbtF; zDu7ea?L_PMCL(Pm;b~}TqP3uj)`BKt_shhn1x=*K6X#q03$gD+XAz^oM1Egb;pJ9V z4qh}7D=X(bi!Z=B6Y23qsHA|(MrBcmOsb;BEvs9{CD%C8NYL-ehOQo8nQq5ASHnOL(+8n{} zjOC!iRI^d4*(jC1?mVl%vQDbmCDm+^YPLuGWlT;4sF=baZ|Y>X|g1T8PPbS~|5*IMtZW@2jWNZx4nU=p&sPMZipC zOQ$ZE;WT=obiD33e9}16_>}Qk^q-FJ>FPWS&$sY%7XE?V`#fznou2##Tol*^7vn$a z^hJtUO1n$9z9=30eoS}`Plf4>$h%=dU>`h=KGW&dhr)86T+->)+3`THPQ1&PRdAG2 z(np~gy!SAyLaXWMkg}|gN~e$dh;SVvMLK=>C!AQW-g^?76r*WnlhCBX8f_<`u{Nlc zlSydf0-R=Hjk%MMS!p!0nuO#xVF5Lrgg3HsfehS5>9=4fJ}?PCY)99@_`qb!y#zxU z#U^9TZYXOq<3R(Hk>M6hz&ew$W;INtf0&FlTi|G;dWp##1APakSWK!homx-k|DpWJ zKtGesODAK~M+s-sYfYvWSK$n-GZ~wTGmTFfpT#1Rv8m$cS$MvMpR@1}(8***=WB3j z;2zXCG8ql*g=?6*PIlJPE+*5%NdAqqm&s^mC;S{sO~#J#upBR)j2)ThVMnAjJ5I)q zO@z;=6m(b#^&~hMYbs5(g)ge6Sn!(7Ho{;C+Qx&iQ3g6Z4fTANfes^~W-=M*@HR}c zl%tKw_(=xZ)4i$2bR^F}xI=;mkjfP477KJ@C@vpf%e3i#;1@x!+91@ z$Uu9FpJ(Cu7JkmcKS1&fo3UqD&ya!Ms)16;?@3>m@R*-^iff=tSZWuJYW-T~qL`1{lQ*d_YBn;3 z9#Z)%3H%N&GkJ1Mwl&yp3Vq|lupB*4!4q2GIo(A+iOl%J4X7v3Db~KG(7HPaUqq8r z&_gS1x4ZPrGR5tdPP}NP!Dm{iLkOdPCf3#JoBC3ou6bt3#B+ASA>^Y~xi~m1a1?5_ zKNDS5!qLWLM$$}L-)~`x#iSb3okxh7Ok2yudNFVcZ7`GnS(8FBeXQ5U7ro5hlv(RBH)KhR4I;?@Cjd}{sLVJoyHBQ2}v(O&zOOTEg zf93!!P*22J=t}wMi8zZEr?8%gv(S=a^hBJ+6LAOB6LA*)rmKtab3oBPoe_7~+($NF*pn>C1Yp_{p;5MwXtC|63;d|7VIZ`*&Q$rTd z2$XJ5%2_-qcRE?jl*q^Xh4CFEpNdB{z$EH56>W%Gy`PFU6izihj<%;VQ@R8v;geID zbzFfNw1uh6mug@poYs7jd4d!MP;ml#$%o1s=ar?T2f&a90;1S?qIn94fmRamQ1 zygFmON@1Oo{8{Hze53Mbo%1woQHiW46K0*0{QZTJjkR3r;%`!(ta(z3UtlbhJgj*t zW`}ZP&6E8761%t5V#>%r8x3?ry(P(}?xNOsv#Fyv#i;Q&n;H>gYqQzNtgzN&vyoH0 zN{h%w&Q87?m`<&;k*yi(O++>_kjB?qYqnnor!ik`gqnd*qo2G56OeWqo>mVR;sew0 zoKC1!&1rbcO_)de>D+q(hLXc{dW;)T_fEHar*m%yVck2Ow%G!gSj2?p2D>yv;37-2m@#e!^L)iDL(Um^ z^%eF>ba2-!Jaq&NGn6;N}GS!h~m7SborBF|{Jn0eqV@>I-nyPCtV zZOkI)W|+rFF^gxze(-a8yjirJk+7Wl&a(bw7X1nFjOio!g;r^7wrP7d+P+CRfqKoR zc2}UZJsXX6z$N4`+q5(rE!7jwgLCXz<9j>>^mCr37L72P8a++latmhT&rj1oG{Gm0 zGmTG?|I=tpoNqB2cb-N|&2SC<=hMhcZj2Ws;YFcP{`nkUbR0(0|361r=U_Ii<2m%) z2^TWzJ%=y#hw{(o@Fm6M;Cs)Z`I|70necPyzu8$po>fre#RBqagnA#b0Bg3xnY7sj z_`j%?y#-dv0&4oZ9HAdc-lc& z?+cciw=5<9ON7gn#^zc}$-mWE>P0Ibe5S=&#u(QLlhD92diZ*nY%$u6u#A3Qd>pBk zF}hucS>(2i-sbzTfVtu_`g~#-zsSe-BrK!<=Pvqx@}&P)_^PFBLFQ%j{FmTD{A3yZ ze;eFn;VsI6u}Lgco{UWjYsbPe#)W!HO+=FANGR$J<8nsct8fzeFK6UcI0IcRXH>cZ zGtupGWUhtUA+X%W+~th9t%Of0AKoyMo-y}2)ZA$~BQH7gR*~EoZOMW0i`;mVs5C9Q zml2kDBqxSZm3)v~)SJZRNUm_Pa$r1F$})0z!7am=UT}BQ%3g5y8u#H3In28rg4(H) zgB3)rK;|&oHo#PRxg1At40EXO$8Zud=TP6hFoP0vn8Aj^Ox{iBFiRQ;3q;(oErL zcO$hZg<15L8!4Tu_{>#!j9z6Ul8_HRa|u@P+_4d#sfHKmNj6e<^2BGpfQ`xx&u@jz z%(XV+IoF+yXomcK`Ts`z=RDM^<3{8c3so+)P`FsRp*^K9Bex$T^Dm*i{l`dt1xoTC zBlBsPMf_&B1nX>eOYw@$cv>XfgKV4ew+Q$vB-!ll$0s+t2T1>>yN_q6pQE3zU=nkH zpJN>{nbnM+V;zN4jgRApKSzfD2TnpWKSzesFoS;k=V?h9(m_=FpdDdu!S{dHY z(^(r_ZujN{J}0~uOYLWTR2n^-?`OTV37+H0Za>dQ%}{TI_w!`b0BdOJ``wH9$$s}1 z_TA4aP^Yt>HOb5HVM%CflKVZi^!@ai+{^l8jl+&GYwyaEXOA_c(xrbx`xA1Kv>Te!$zTcyhk&l%tcIQ17G5neT@i;(3OeR@wZa zij+49Yff85iS=7hwKe-N1?+C$a4ft2wa0`4Du8J*9K}~9xQP-k-n6#C_CXM(wD(1w~Thw zN{eFGnY)LpH()R+_waWZJiyhx#I(Up3R}#tNO{v`=U|`-ZsO{%Xqz|S0l1HtL+(CG z=nr@EE28@-SAl92hASepmN0QYg&+Mp$C^mXh09+I2geOs&t-mT$vMBs@!7R!o7y^r)nvFTDzR za)(#Y%vt)+Yp_{q=rhITX#1@Hs)eQDv-F(YOV6qJLgh)%shA=Q@3L@-r7Tl!{%%f+ zImZr>2$!)?1zEuhk>kSLsqjPyXGM8Lm{i#ko_>QAn=h}K~1?A zi+>5(H3uswtAd&yhPBEKZxrj5r*_T328&_W9AS3NxfOWnO*mWmQ%7>f6UY-!I0Fk+ zBA!V;_=Dn$Xjv8br($+lxLEn)tIDC&;@M3{cn`i;sqqLV2P)xYT0tciR7@u2R$@W1 z0P9pzBhpYKu2Q24Sb^Ruv0xp%fIO964gOhaUR{a3E)Z_UKP#~m`IuK%QVVj!M&v_X z#Dc(eSZHb9r*%~NA1EL5?Mi75z~e`P#lR3CNTJ7;0`4->AG4BmN* zVFV|9LDHgO<#y3xY6I1T>x}i15X~bYUZnU&%jYWn`FX5>w9LxL2ah5Kiy)`Jz+%`F zLikmS*`Rx|4(YAWIZq#`yS5tHuS@uC3l~Zf{~ZgzYj?dzYd!C8vl#VG=dq*GY`2&q zySl?t{?cN08h2TmVw0i7WGJ;XWs;wM>>S*Kk5w@iBtW&$Dr=!tjMEPhW?l`MS3`C$ zz;s$!74~X{lkwXs>~$5g4+LfgjzOLsAUibND!xGHF3u6y_8G$q z&Jf7V9IEA3F$bm;TCVPGpmtR}WhnjCz*n%DR#xS;(2A?96<4A2PYExiKdfS`p}s(}r(Gz|QkCwPsdO|(>6~v6;#MP7 z2fWHCR*ekpuv9Um>2fci$xg@~c$i{L72O*A_5yy}4Nr5|1$RpEt4} zk}$uS0xw!vqwNK>B(f72UPbZ?$j|`UCk8j@D&D2=R^!{ocZ?csFZk~%PdrL#KCtk1 z3v2wn;Q!LXJB{oUCT2Hd-vzv-l{%zT#~NB_8_c3T*3fGaL$5^)?W+aWTg(-5sG+?m zUj0=KV@e3r9HxeTiF@gV#A2nV7iwcBEg!o`Zk>>wy0AV_?q0O<=pubrBjI9V>gca- z!({sBI_~-iPDa8yWIGQtu~!`uo`D4l(^rs^zJj}uS>cMnL8v~Vjb@l<%1XLt}^n`-rGlD66qW94KW!H zWdDeTQ;m<~fsJ~X1l5ijX-AK^y#M4X@9W6_Iy3WjxD-8i5WWR1>^a1DFekqahoQX= z&Bq1$jW_Pt9!)i4vg+|?={T*ydz7dbD&B}#*Y0=~@Yd!cBr6S8g( z*_{R1oeNn5gshQ5-ZXik9vH~(7s&1xIEk``n5BlG+YZ9A)DU#r3VF{0WvL;i+adBC!i&(x5K27DL7R9E zysMOy-U4HkC#6@ycaZQAByaH^;T)N%-caOe_1ODBdfv4nTRb&V_!&xxS8IaLQ;T@s zsEV{2FWz#FM`H>r|9EeRuHv7hw>mzGY;E47$kqwj-R(V!9va|g!ox_@<|U%5R=8AQ zY|#N9!HW{P+UzaCninB6aL9KQCEpP))C;uf5YsGN3agOnO#;1+X8s{0G zGZqAnlKy~&t3-FCk@xb1*-`8*L7rQXx1}%~%`Cw;#35*Ji5D+Pyd`$^Cq`Lz6Pj#= zYH^#$vjeIT7rWV;Rd;sY}Kg3P{Pdf*dCj}0dWK7<*_{|jW> z3l~!2FDSPjE(x6Xet~|-fpQxl`!gZ?GvQ{Xr1WNQ3!bnWvS$^tXB8#~w!sv9ehcM_ z)6l~f>b?^`87PJ`1H0f;#%BX32+y^v^8)3B=UezW3;!T+gqY_8U%`dgeG3xago|lS zTaZ&RO9M5qAn-mc4}9!xVQ0dxVF&fvLhHEhZJ|f1gpXj0EqFV3c?lMus8Y=Hw<70l zZ!2=%g0j(8jq@$O9BsTqt(##oIlP0<--hZ5-$902?;U)y6+TS*BdoV{!Z6Yt zVXf~fA8Qg&mOZ4j}7m+~^TT?`4tB2`nJ++}x|bvKMHr3z<-S@_xgTpBY%vLzl3kI+t2Zd8UN_+-f+QX+nd@%(1 zV#qtC{TPt1gdkrDLH35hD(ZELTI=dX^m$6p7m()*cuFamMJrt441)TO@f6P&v9MO9 zpdYb5a1b_FxKT2orIU~+3&5ADaKd-a|*4Z0kn#Q zevrlV(p`QZ{OuHaz6QhiTJMz4c}{SkWHxU(g>J7Co*gKG((oyt`4wEG+M(fAxXJF? zjJ;0dKOK@buxr_pvDjC3MklwFNRlGDx*3nySfc5~1>okstaa5+8UY1XuF!fJfu zH2%}>on|K746i6X^Ip=UlN+$b;@SB__%~SXH1(~8s_$vPm+qyGibSL#}vVA#)exTP?`jcF4C{kUg1@Rcpv9F=P!KPDTE&khvDJ_tN_cnMKy#p(Ovx z+SFGj`Bz9zJT@ga@ezYTfU27jZR@o=u9?W^7yBx!`~vxV#pgY3+N?6ZaJvxV%l zh3vD1*~~Z2;Jw!%`&S|RS0VdXy)*0``e#@{k9US=-yx9wsE|GL@M7S z&G=(!9{)jC{$JzgXYry=7)tv(i~qF1D0&!u4?G%X)0WR-qgJ@w!fWu)v-Bhhu!6np zXIVQ^xJIPkAU*wtc-9#R+5H78(e_#TjX|&$JD$ZZB2V0~(b8PSF03u9bb1Nh+ikq7 zyL=xXIP3RP4BBgk5w!ZVeysBZoQ@Zrwf^%gt(zSD&CXDd9r;Lp4$r&^H4oPg;}FQs zI;d8B4nI5x+1UcsF3#bH*CAhfdFSXk+aO+F5Nki=# zV4acoxrEtQ3A>E(+~DhDf9rknqX9)b`Hx@B9>Kp_GrP) zq^v-~Yw#R%stV+cgO&7b6||a2$XAx|0#>V_)qDo)s8^-gy%NoI5)Q=*m9*1#s2-z| z9z*d{joI|Zm1w5XtE9)c4XbGNmE_EGK6+^Ow7%L3uP7dyaxXmwxzS@NzC~f{E6$Tc zm&bY|nmKR%WHmC}_NuYYCCC?5kT0qrUsOT9sDkW6hU^J}vQ#xAT?FLYC9fI{v_iZX z@^upA>m$GfIiCJ`5|I7${$@##eQ<7EM-TO_8tM zVS|NPJtM5qt(wsdIkECJ*lGE6NkY6=dET{r?kNVliyrgIYV3Xr2BFnz>`qGTPF=A3 zbr{A7Rc)hNH9Y{O&;#h+fs&23uNckQv{rTwYMxe&Z=gNKh-$cqp0nEgq?)$hPMEbj zxS0|Eg6W^tGkm)SPY^>$Q-demf?*bx5Abz3dSgE$R%6#8V@D01aNVmRhbCw_VD~#- z4Rz^;eRLNi!f(BcX6uVq)EH?nHI0HQ(dB3T(uw3AE)}#*0gk{dJIc(2%cO zA>Zvn-Y>)Dv_AG$Fk02pLR%r<9C@{rMLh3tIK_Zb<0j;5BUp_#YAO9Hr+*()xr`Le zP~&wietR17UI4N(2J5j%Ej79bdD{h>l`~^R2kf+bx>X|MLMOZ{`I+@0C$m0c@bfk} zo4G-)zlp1tsdX1rTf0nsuR*?Df_%FK`9c$FE^(RK=_+3vLB2MEd~M`irgqJc{tWVk z5#$Ras9xwY^?C>L1_yF33an7M)TBUqp`we ze~yJ0S~#Dp%+ApaXIG$eokcMS@-`gubvBfB>S&b>kZ+u^tMUmFZilR!PRgxPmQRF=oWHlSACDzdr6>d~1*2mV- z`joN@eb&+XID>=M*B{+svtP|qE8*5c}{mDSO{D3$g_ z9eKAE1?Skki_mr*?W+T7Cdv6OSVX6`aDIx-e~^;-Prc25IB$aaPrc25>e1Ut!kYiE ziwcX^WATrn=0Ei||KV*U?YACVABKF712zAtxA{*!y84K)=0EjV|5K>>Prc25>an_s{B<4SRVJFYR_2}?8?6&Z4cml0w{-djRjCWN! zp0gW%Z87&OeL!K~p?|AK+vH&LpL(=?gK&_=^inO*Hup0BQTl#H&423sFrIqqng1w0 z!l?OAJ-wge2O2g1skix0y+72_jFvn$|Eb4PN;z96XkaOoyGXkA^Lf^;rzaGD%rjuU z&4TJ}7IcN(4B=>pZ;K$`7D2u(g0kQhEch|x+ak!mU&yybkZ*#ZEO-SA?uC5C1Nn*v z@)Zxt*i>{CgB^K$hwT*8&!}~$E7*&BX*<*idnx5WyBfnc-dC`f;)hxcZ;A=e zur&FS5W8IC-MK~w&TXPkXt3UrQ-aWNgN+LfSb?|BHZE{>2wG*2JT_{uaiPJ+1@^?z zM>W{E&|u?213f2i8Rc)mo!1~jj51^REG z7v-4&{eKQMI$(3278`7IXkc_8fArh}+a*65R!p}fwCB49^xR4Kj`1!Y(m>m}4ZpUS zfQW{<7p*GX&lqkonw2#$vWT(9!N#GMMr)o8_%^vQ)_jib`GQG(A~kBnhmn#Vo3oIZ zO$9@~V1gRQ8}VC(`FaTQ^^n(ymtKeGkg$=ydN9<;*l2xqBf7dpm@kIlMaB-TJ&*=( zyawxxI*ADlSy;3BMtlz$=$Qw=F63;qS$(7R%#HXMG5D3}VY^29ir>K?i|K_AH_}(| zgh0=%tC|xw;$1i4U<$myqsvo%&iIiv_L)S z=$xU^P)|DSjin8;+tk8((rL0MohGy~k+7b0n(RqOzXVBoG$86pr^%jlG>?uTtS6l& zG;Pe@Gx;H~T=```AGXv^Lr^%jl zn(RrZ$)0rBr$eo;VxtDA^@m%;+=QAl@CKMU!!52}f$V&sY_+v!YirHc);I%$LY|Fjan07^nytn0WehEjuR|*6|^#*B$Ov@?Iu)PqmRK?o2{*pRua;_u0yRqG&6@mkF*YI zWUZr_R?z6Rm^NBW8@xMZl;`9*;yL*Y?X_b4TabNvFdO;VJ4}hK$j?4%rrVk*#wv2OC6-|f_(Ytb)b#2@Gd=4hwtG( z9r%yf3;lQa!4@9Pb4>^HI>j$CZl*nQ1|F@ulNJ#Rqw#IN0U~85{tx+^Gc6&6|bA#hIneBuzHwo+E)Y|fDGN%lXTN>AP41MfbyB&P@~&WE7HHA#7j^z z-$AN2D5>t4RCi3OJ0{f~lj@F1b;qQ-V^ZBQsqUCmcTB1~CeW)cu$E3Q0RM)*b zNOjG-hdh@dJ5Hf|_#PULhEW#g8yUj#!+WM-j?PBU_mJ}@@k8&KuCX!0`T8!pKDHe5zNF1d9=zRvJnc_w6a2r|QmtRDL={vQE-PEmBxq+)t; zj-E>^Q2ZR?J?f%%!m|vF3Y>(rGMEtfHN=-7tqju2AZzKqM=QGsX=VCZCub0(l|fn= zq?JKh8Kjj#S{bC3k&bo^qo})2Syx~Jb@Z)vzLnxT^rFP%A)!xMS78_R^(nCd-cuM4 z5j|?nf1IP|Q%A-0;xt1a85BPnd36MY7m9fQn{K}dC#7(53K zLBb$;4xEYxg5*C?b__B*2ALg$uw#QCgdItbg!Bkz%^9VK z9fk!?zy$OYjQp1&y|*9C?1fc(^w11hy@zv@1`XU|HAnjA8!+k{X8I39|51e1j(C%S z{=?9JE0q4jO!Hx;dA_AU&tazdFl#|!Xr7d&^DxsnzlVIQmxRnxarG#54;Z{nx`UgK;{evHFrG#54;Z_Rs$iPwNVZ51woYw?-%LZlB zXgsIWk7m}_~}aRzz75V|0eBVZsFN9Y}69aG71Dmu99YnK_vic?Og6I+WytP4dAe$zYRw zF!!D#emV9UY_%9{o}54qd;J9Ny$ZtuUqbmn0_iV9`9K0ba30DB67YdKC?7~LAJD0K zxBcOG=0F%3_!ve9K7>O8r(l9J91aUqL3!+O^Vs3&VH@F%fwMlR=h2%DXMTPdRs_mn zl`|4vRBl?;^oR5O@)2Y&7OYTN%t-sg3-oovnUOX_-q}IU+Jje|M_~hAH=NmN9K4EW z4rflM_}0L2*iH{QoPOz_U{~M+*iEg6;~_}P(~WYzW4s$EApEa^L-1>hxfgh!a6n<- zF}kV|xV*fe#T%+$@^U5!zGCy5!eHxow0C$^5;pD60w_N zhT2`DB_Xrrn{bAeILGo?WLNW5FGl%ekabbG89zzlyN*FHlJ>$mgn?2RjpmcE^+lLX z52h3UTH!|SNF%+8GMxSj-}HoK>YnNA&Rp?aR_KgvH{g^wgL;Vxlr@8Twe!g`_Z8@$udT7yY<%F?kkc(7r&~Zyw}6~(0Xf|QGADa-GY5BO+O=FqZ1RZa%qppA-_Zq2dG}OM>I)$RLoFIKU%e;CF&~r zgNr1&pKmE&qb_skUG4bpC`}Hp+=wQZS;AbJg*Yg zxcR(|KF^zfK2OeH5wo0HJa41V^EUb{B!?F5^hG}l$>EZA?$T2DA{x6aBp-z}XIn@P zd?Q2-b^byY#e9Mf5F^kmo+AdEg>ziHnf)GGUGQi;%Ml@>bDbgqL>u z%V`DS@FJRDK~1|LXNy72#`zUkO3bCKtB^M-FhOCPx#ikS;8j{#yZWE-emb3%xW938YgShOEg2) zPatcRko6OPgH|aaDj|Ya{Tk;;~&PjMY`Wlk#6f=F3oX(bv$xEvRR@ z*UY0{L+0y*H6px*g?3o6*26s2S;I>evc37u{?<`DQ%ry1&`x zoSX43;?29Za91f`KIpD3)aWzFjw~3BrM8em8`Klc7V^0T*^vd=kp=Y>xdrX*hwRAm zx0tVPVMGWa%#JL`jx5NIEXW%H$c`+33wLnUFEDblI^p*%T*OoD7QUY%XTGyQ26o6F zge8m}TljiH@ntHVZw<(k-+sISKejv%TKpk2v&BD59k=+O8;==}<7r#`FC>r8E@*f{ zHT6$&?_21h3#x^_g%@3gdir<^`*uTC!=UW@7P`F!*>?mr!+#5%-0^0zYn{xf7}5oBi(zZXDwha} zdy!T#W!Pe?zn8vuD|-G6@-;U+5cnJTQJ@fh5_kuGYT?g}htR`T^nV;4v6!QQza#v) z#qd6Y@Ns5STd_qgEVq~wk``OM2fwuZYn)WV7oAn`w^sV^O#Zu!CR>AgDIBD}Xlqb^ zMy{nO0+QDCj3z*nQNmIts8zEmZ3$u+~vvt)l>o zwEJ(PhgQgrBgl>;$c`h(jw7h~!`tZL9Aw23sztnQea_oxfb`V84YK11Y7~2$`d)#& z>xUY}-lo=ErPkv6#vP14Z&NQ(E&Xk4>2FhutAr1$Txua6Gai?;)B+i(h2l>z?|PeB zAUVF2iZ)e?LR#Ems9F?SEefp`g;t9~YH^Wx&IE&;3Fa4C&sIn)J4#q%aiP_skhaEe zfl!wQ$O=EyxLk-GKlKZ(Muk?RLaR|Bw&RN?S{ZjyFNI~JLh98C57A2(TD=ObUWHb# zLaft4yy{hG^(wS_6>|sMW;}7>RB{-mO4A9e;qfJD}!oAE5JE$j&AI19E7B zvf2meM=aqv>jQMs0(UD7dgz89!tG}3?cCKsSbkDuZM?`@N0GJhB5NH*);fx;brf0a zC^9P-SsO31HeO_HyvW*kk+tz6YS-o$S?egGlq-bQ(u=TfgI{FrqR84sk+q8=WLA6$ zeO-~Y_aYm8im)JeVKv38)fZXoD6-a3WUZr!)`9%iI*P1y6j|#iqIDpHwT>cd9Xo7( zyMvlu_jgd!PN@0q4o2QfP@~BX^jr%yv)w_hyP@WCJE-p!sG02!>e~u6v)y4WYlpS0 z9oDjTSj*Z$t*g1JmbHU1w;2`~3z2FE-vBCxZz^GtWZ-+iI#|rey93)*LQWEZd$ITq z#$2TJ58{nG{G*inOS9lF&4Rx)yYIATy`5ICoz&}^zms~s2icJYH80&sT`D0vvLHLM z;2K)TPM$i0{hj354E1cale$zvc4R@>ZYQ<)67s7tkgwh02S~CLImrPzxz~Jbr}@}U zq@^tXka9!jPJbsYC75=rXU1LhCnq6aF+i_WC`xC}k)LaMX=F6%vZ(Qlj~%=i1S zk`}QGzlwmGW$mKZy$&VeE?UrOSf_jOsLQa_!h4Z(7rw;T?0C^v@UYV3MdC5Ldfei_ zkUZu^yYQbIglm`~?81NM`MYS*-+^k;yO<#ir1#M*uGnUA#WsthKVlYFY_m9iM~7Kl zvCZO&sp(0=n#C1U$7@itxMFHr1T~8*rlv-ZB(3XRCz$ z@#JFsVHO-{93*`*XXA9ppjfP29295#zQuEnE-~*hmKD>xj)I!A72BMxIB2`YYtB}J zMReMN*1Jl~A|+VlQ^H#BLNEB3e%UAvYQ3uji!?#4ca>m~QmFN=5?k*ovGuMJtaI5f zF>frfv8)73T_8s5T_yM=Ibg2@sIjaBOa0pCd4*?|5^N+g?|}R|8~lKtxdeN0ssi?U z1R@J8wU{#MTY|lGb-$#-Qpey&DiKT7z)vmwnenidb;QC)B@bS$(vKNsof530m=p8> zC0Iu>Ut+rwvrdUwr^H6F5^OQwFJb;13^kUOFn{g^w5ZuCZ8u-`l3=aFRH&Swf?pg&9@LPviM!-q}2Lb zY>u`|t-md`{{f#8EQRb=g6vj;>{jy27)eRP zNGcYp6vk79chJMorY%OJY8l?87^HxEX-#GH2IP#7ktg%d8}JkAQpRXI03K3Zm?O2o z!?f!%{7O7#JWk(RMy-DqR9znfMw6ns8P^+f<$iETlIcuM__kHxYA^tx86$SSz z2c+$Q2WeCLm`f=Bu*Dz6Ui;9z(i}4$$G7((gJMqL`TNj(r>}G2TA@}5_ghW(Q^y;G z^|oj~QZ+-ZIqzq5P+0G$bpD&dIp|QQy`6=e(ChEVXULPb(*h4syZ!cbwx8a$#n)MF z%}_I(1GN1%s2PsVYO9CZ^>M&__yC%0^berDXn2@>4&XVYME-Vog4xai{HMeJkg;qS z3`5%=l4m81cE-X4-l%@ad(|Yk+?d0-{~kP^ua$*Z8+ z^@r%N8S4Glhtx&!^5GAWqzRs|^e2)3L-eT}v@-J{p1jQei29y{dRqC&B>V{NH4)bQ z`6KjJ1@mZwA0bIARIl<8^=kG%Hd}m*Z(JuFg~xu36)r)&k^I=af|DTemXEQ1i~k8_ zRYT3&KcTEPD6M{iRuz^PePaIk3FS5s&eL7gt{Y0LpO`*BC5Kl3Q#9EKdFKz=a|N|e z=2LQOhFa(Rl-z3lPtoKJsImA{ypfdXFb4h$b@>z>UV)z*j~O|so*4CqpIT3N5Xp6q zynS=b;5nj6Aq!VZup_nV8NS^JfQl|L-d@Ydd@@mo_L%Z z9WqNDqIThg5lRuIy(5;-5%Q@eyqvO*kVC6~)Z{sewz~*Rs-q^= zQKafmSpCUSq`CozV4b7n)&SL?95tzqnp8)T>LxLg>ZnO|)cTgA$VSeLL7nh3qvSkl za(+&45a)l6_trvoslaTW6h60B@Hzc}!Z}FtIo{jsA2T~1L#oS!Wx->nrDJBnV`jl) z*2<2V)s9)Oi}#_=W7umDlwFQtk!V7p$ab94tDsiTj+5IhC{I3)3^$?1=;M^$;2$SX z?jp}tsBz~wdG?3$f#YWV<7WNi+@W~2)8mvC<#YZ%mi>Yf>!EDTuU}x7FVJciWREn| zGvgPOsFXRDM(d4VAb*#yFX%5rSxR5fH$wSOx%p2yd0rzd|0yR=#mj%}n|dh!(Kq!s zVGcb*xml{*ELConD#udoez{qy+$>dY9#w9ZIzhQ@)I__3PLOjKRC_#Ox;kOHIzj%O z#Asj83EEBz)NJGgy1ESy(vD8hLc5{XsZO9VQR`GE(3L1%ouH+(`zK9fCn@(P;ZWv6 zC#mBl7>&1_G`*d)I-W$5He#mYdnb|S3%DFjo}{KqDIK1qj-+8;)D1tvmrj~joTR3T zKWZ`RE54-Mub_IKFVV1KqNv4}lzR)R6?{p#x+;5pNm)%W$Ku!0FMWwtYy2-wpI@TG zZo(%xHB|pS-f2PyGF`=k)2bh_;MD$6&AMW?9aIja{XVv}q5a*%b1^2`3x+m;AZcsm@`v?B?gk9R` zi}%AG=P=jY5BvOPK=J)B`xbwnrWdD`-nt*JU49Sl?c==JJL7(QU*{1@=*hp|x5B}_ zW;mVq<3pU(-Usf7`6X?_e?qVPit~n(@2qxSa#lI(`Bje;esgUC|HpH61y8wo{8>$p z!P{u!=8)z^PN0mpu;O#Mz7D=f4DWRLJD2?8Nw|shyWw9eknBOZ-@f|bT8~5-r1`^==9246l(~i+B+p~yKZ)Ogn*YC% zYX<3GMz%HRCEo6pbZdxtfqWERdA|hTXmC^tNFL||Dcxnmhwk-&x87Y+bZAK?Ax-gM=!5%&q_+^v35@h z>rBRVoM0vok{7OY##(9mw`6$6?psT(dvcKWb4}I_W(}ozP|uz`U$%d5fNS_)He6-3 zkQSs3=}rES!&Q04YHFlZJvEp2u0wnBz*mTUkoU{{`vuZUW4brb^tZuu)}x_y#L7Q< z+5^9q$@g{o^T1xZt~_=Be`N7*TF4)IqAVeqH{7?kWK#{l@f_7hvZ(GaQI2%8!8H4g zZ$9v{*GQwf=UIwBZaY19=-VxFgyr^% zSz`@3uH%pXCEdSnu{kiF_#R*Ekzex4GvmqmHU8vV`UmnU^(vFDM-q9g^zy=eJIRU< zbnrk=tI0$6$p-5wS@qLh4{FgXm7mM*N_mIc`2$(yt>5mAq}d*u_taGP$gg{P-JZ6t8q3pqv=xt^s+=Az_jr5H z9qQBmt-t)C7JB?#aq0u!pd@K)9kutI zza_8jX&?VyZV$#EjaBQ>R|dZ~Ivy+P|8eA_HqkSBC_lA>ai)!zo$-H?_sSdjt6y5R zK0f8K2@~S~WX0ONwX1Vhtcjnq{>5?e@pD$^D~@h`mbhqA>})(g3-R;*bWpSSYca=ntD z_oulz>&L|_e`OK>V(z-tFRhJ#Jum-9@hjH87{5L@XH`!fSHJwqn%tLj*REf&el_{6 zUPqRz*S^$K+4U=aluH?J#DA-1J-M!b)%jikn%_C^Ioyk zFXz3mdQEP8PTtF}Y*;UW*5%~qVux{I!C}Fw*SefMO8CQyn?dd?arN4qH5VDD@ z>*8NowR%n7y1Z9by%GQVs?|BG;@6=?@?XDd#rpW%*K+gUP*M5u>sIA$Ad?qz<5#>u zoz~|mTDh<0THea_ugl;n0(l-tdB0|)$XS(#2llA_zGbD$ytOaop_j3yt=Dtob2q+% z%`K0WJ#O^+YHCiQxf|E#ngdaAP99>(4v37}x$yfE*F6vcolD_wvQu_<@)>;FXq0yBL7E7wenlZ)P8<|KIK?)_f_lHzmhS2{Ohm3KJG

Vg0IKgs(J_^OKR|7l4e4H81{gf3#rBP6ImLJ|ZKP(ZO8sZj)_ z*w?bFu3IdtyZ*MT>#n=2uD$oJSg;`oSWtRL5nOlIegE${Gq=2#m+(R}?El`+y?18r z%$zA_&N*}D+_~WF2@bPe2#GB+A*C9TB2q;fWZ&lCq8X5Tvmh(CAgvtcwXLx8erwSN z|IBNLzeaSxpZ+?D&X9Y%f_ij^<||+H6um@m(MR+Z_;a{81QhpB(1OEQx-Ehn7{UKk zOT=Kvg!Jc2`d8tR*vEeuX3OQG0nN8(knT09Hc{!#Imcvw6l zek>jo4~b>s=VFa`PCOuqXq1M#kSPuvHZxLy20ED?*vhu~nF#1`=rNSL*tz2|^>&K9?U{+=jNEW60AvYYHK{wcndJ!HP@DSOG@vXAU5`^oCJW>vo!{l&TE-T~+@r76=D`l0emLug+ za+Dk`kCtQPF>jmSIW=j7jl(cE!W7ka-Cc+H^_~0liVz~$gOgl+%CVA*h^S` zEq7v1-*4nU<+t)**g^L{@;muo8O1P{O5xK&qf%6=N>j~LbCs?#u)l2<_L^;>TB;nC zt6Hf%)mpW|-mdLbd(}a8#7?c9X^&LwX4+l#Q2E%Cw3q6w`l!CDpX#p;Q3KSWYM?qy z6{td0q>5EU4N@g)uqst$YKS^q9ifg?L)9=fT$QT|H9}RYDpjpUs-x5>HCi35#;9Y| zST#PtWHsI_w*&Qw#>R5eXaS2NU1RjbZY zXRBH295q|bQRk}j)Lb=B%~uQ5`RW37p}I(2tS(WPVsFvQ)aB|5>?Qg`^&@qax>{YM zeypxlKT$tbKT|(f*Qx8(4eCbq3w4vaS^W|_ecpl{K7Xx#qkgM?r+$yUH~*+^Rkx|z z)t}TI*lF@F>Q41n^*8l*b(gwZ-J|}Y?p61x`_%*LLG_S&SUsX1RgbC1)f4JT^^|&A zJ)@pg&#C9t3+hGnl6qOaqFz<6sn^v)^#*o%d`rEp7O8izOW}Li^A7vVVJEL8*wN}E zwG4YZVJC4#`viT4eRMv@UMSdI0{a`_`+l`vZBQH4CWWux)mF7lZO8ZEU(wgv3STm- zZ`424w+i3?s{g3(@Fi{(U%yIxFN!ZZ@f{<+K-A52b9_6Pp)>KFU$$EXIuSLhM=YN!fd!;I8N=}~$#zRnn|zMW3oq)2Hh*bd5e!Ptj9hkw0C}&@*+dK1-ji zXX$hFY&}PxtIyMO^*lXaFVN@f3-pEhB7L#GL|>|5ldUh;SLiGC5A~1qRr+dujsCH| zR{uo*RR2u>TwkZJ*Ei@J^)K{I`eyx0{VRQo{y+U|{TuyT{X6}8{Rh}3-wM0e+hMhM z2Wha^?Uk#{efPrKh#U~QvH!$rkCp# z`eXfx{#1XaSL)C87kZUmt=H(adYxXcH|ULelisYi=&gF2-mbsYU+EqCYrRwN(%TmVG^uP6g^mqEdI*LzqrBOy3V^U12Ni)q%bCYf|Os2^)*`|eQX>v@iX=U2D4(1I(djpgGJGm_k!zicQ1} zG9_lPDK%wgh&kLGVU9FI%`h|El$#1O!c>|nQ*B0?qs%BX+8k}hm}AUXGtP`R$C~5J z1T)c0GRK<}%w%(-Imw)CPBEvN)6D7S3{zvyG*iq}GtEplGt5j=YtAxfn_1=@GuzBD z=bH1(TrE-{yyADGL`<>m@=rTL-xk-5rTZLTptHrJY;n4g-T znV*~M%=P95bEEl%xyjsYerbMXZZZF7er2JX%@VWJd}NlH zHJ_Q4=5zCfS!Gt6HD;|@XV#kyW~13;Hk&PGtJ!9@n=j2*W{3IO>@>T~H|C!y17|Oo zHOo{jm^&wJ!R*?Cg7O0QtV}(pX3E?-v$M~|9AnN@%*I&kOe?p+X*KqlT8opVXU3e_)6Pz-vCoVVQ)=fZThjHB$=~Ap4726{cL`;oLzJ7oO$!-VmddC%ajoc&{eZ%=xMWOq>XbeHpjKt zINM@#_>nbk=7QNXYUVCDXI9OE`B`(qzSQGvq2}5`9TzG`=G>4c^*CFox%M%^rkcl( zj0r*OX3PuRJWdKrirlj}b)ro?pC4u-_5OV7{Ykd>F`)($q)l>lS>Wn2$<}27KT;;m z#UwCg0o}7Eg=>|dXlZ-#r#M=$;Ywui+yLx zEKGLiWljh+QzoYW{vhCb7ZsMfXGJrloHcFUytC4SF17DQl%<|9V{Q$o#0Bu*#&p1U?o6(<^H3JkYp2hjNm;OCUIr($?sRHK>!g?{`23maloz|^rBfI+;ry8y zNbj8UY(scH+Z8s}yi88)Jlqw|P1&QxZ9&*EkAZtmz_iW`&eyrQ7S^3oIc?Vb8bYO_ z!lDv>78MS1&oVvz^y#>2am`AB`}A7A&uT_UGY|@oG{EO4>Os%u+zRAsMr~jnCh1%Tt z&BsFxHG9^y>GRXs#VXv?qb>sdo}DsbR?WPbs(gM%1qklh(?AZU&u?A<=RA6m=|VY4 zbMj2%eAvZ-StA$J&YB0>H;Z1RRzNhFHb1p$_Ee-!tvZJu*?tsGkzREnRGH^YopZr# zP7JLoQK9McIUf5sUgoh2XmHJ$O);4&6_#2_r?9lp`5h%MEq4BhdorpO6qYjT;W^la zm%3+}ds<3ZSX$xyBiysnJ*(Wa+CIx1{4xi>%)u>laLXLrG6%QJ!7X!e%N*P?2e-_@ zEpu?o9NaPox2!s49C~ne${f1eGL*YImpjzN+9Q+Xu{s;$ugo8iA!5`t^k8touIQSzR{1Fa*rGsDT z;8!~Ml@5NTgJ0?3S33BW4t}MBU+LgiI{1|iex-w7>EKs7_>~TRm4jd9;8!{LRStfY zgI_f$b)=PKX7IyeN|l3N<)BwN=v5ASm4ja8pjSEQRStT!gI?{RS3Bs{4tlkNUhQgM z?P_1`YG3W(SC^%ilXPSS7c3(mwlqZr zwlqZrwlqZrwlqZrwlqZrwlqZrwlqZrwl#_hY-h=Ut(a3c>QMd?3hWPMxy=t52u19GgzqdOD+I3s2HL-A)72Av`;0 zw*QI~1zt`Vco|S8Pbyr><{V>S&Achufv8VjkJHbak{g>jrd;O+K{k0z5CfrDJWe77 z1uU%=78Dc}d#*u+zN^T01#csM*dX6k;=2a>u2SDs=DA9IXeG8kBL$WII}cW2#Lu_T z&#lnUt5DA4ZuE!^vflL4Iz7gWNn=faahU7I<$9 z3p`kb1s<%z0uNSUfd{Lwz=Ks-;MJ$Fz^hN8<3W)@-qRjW}^P;>6vE6L%v{+>JPKH{!(Ih!b}sPTY++aW~?`-G~!+BTn3nIB_@P#NCJ! zcOy>RjW}^P;>6vE6L%v{+>JPKH{!(Ih!b}sPTY++aW~?`-G~!+BTn3nIB_@P#NCJ! zcOy>RjW}^P;>6vE6L%v{+>JPKH{!(Ih!b}sPTY++aW~?`-G~!+BTn3nIB_@P#NCJ! zcOy>RjZ`@tud<>*q{@l{5hw6QoWL7#0&m0#yb&kxMx4MKaRP6|3A_;}@J5`#8*u_} z#0k6+C-6p`z#DM_Z^Q|_5hw6Qsx1jADJ&jj$pv_?6+aQWL%E%h%?RfAPW8hVtI}bKAv&~6(rK|87rakj(%qZyO zQ;x1V_uLvNgU>m0YK=N(ff~C&O|FFowwAQ+YJ9CeZswen3AHoMsnHW_7NkwGS?TdJ zYxM|RdgyjvO))LgS87gM-fNG0bF+$B=pf0RU zgIx@P)^lghNrgStIW>hT{Lu3O9(oq4iH1>-o`MVBlsV^2n^BX_m4{*2oOzk9y6kCI z1#2M+ZBDhd@5$xKMVYRq_Km9@ds;Y;7c+ev!QofwTw|NW)sj8UP(OAwr%KxQ%!_-;f$3a#cBb&XIp0Zu%kpyJ5NhMXYC8?WlW8QLOr!B+ zK7c3V7oI#u@Z>RqCyx<4SzN}GX*8b9C-7u(8BgXDcru^BlW8QLOd|`c?KB8a2j5PE z;CJxtGzfkNztF)ebnvY58SfoDJ1v6W!L!q#!fHDW!qe5yPJ`fg^|R9;_+9<%GzfkN z&rXBjclEQ=AoyMV>@)~|S3f%qDy+8CAUs|D>@)~|S3f%qg5TB8PJ`fg?Q5q)@Volj z=@9&`zIHkUzpJmE4#Dr**G`8DtL=0MPgj3C9fIH0-%f|%clEW?ANXB;?eqtJS6@5* zDXbpEJPuD+zdgVx{RX-A9pvga$kl6*tIr@;k3p{dB`$v}{ufqTxdl&` ze~HV##N}V&@-K1um$>?rI5;J)J|zxbiK|bEgInVIuf)M0?BEY}^|NwPVYQW$@O1F4 zoCLpvKiI(^?BEY}@CQ5igB|?A4*p;V->M`FtF1~BPuHGSB?-TSSL*6(RgwsI@Jb!L zQU}kB zv%&A`Yh^b09egXZ6;@lB4NuqJR%V0W^|zJT;CJ=6G8_D^{#Is#-__sBZ1B7KTbT`h zSAQ$B!SCvCWwydThK>_+9<2tOmb>Yh^X~9b7A`!SCQ&Sq**%*UD<}JGfR> zE3CG%8lDcWmDS*PaIK66zk_RKH257{E2F{h;940Ceh1geXz)9@Rz@qVwlW%?4z88a z;CKCNWit3(|5}+0e%HTNCWGI>v9cKa4vv+@3ahOwhNpvLWij|&{j4kozk_RKG58%^ zD~rMJ;96M>eur097K7j6m6gQ`tF7#Xr^6#Fd%^GESeXlc2dCP#XSIVl87IK$|+!Z1Bh>*K72=h4L>8*LQ-6V@ZmgP3DDyU|hsj9YZ z3=yRubpadxQ#42p)z(f~!xCA+@>oWr^bH*X(_trkz0gxGnmbG6!PEiYT+OPPKO2_D zhLRv2#R}XqW7O;j6`)#b|u!img zi{}BbYCZy%%VS`jOqSLX*30~C_J(~Py2L)OIL$t3xYR!H{@Om@&$G|%PYd~t ztwSxWS~tR)w~g!utK3r9)J}yh>=m$9{hNFgwxVn0e_*ZI2^N?USXUke3(5Jga=aE6 zjJLu1@GV#l;!g#znjfEZES+J424EAm}!Ite_*rmMzd$T35E!zlttkJN! zItg}C*T5F)PiA|{z?AVR(^Jk(IX~snlqXaEneyLMlbW8|GPO-=r_>&)eNzXfMpB2Q z4o|I49h3Ug)YsEe(<;+Or;SfLKJApW-==-ktWC3t%}#1|MziV7W;L7J?80W3HM@a7w@{E z)$m<1e3{7YHQ1xSfpGh-3)1ziCzQ$&q*A;EGKd=hOJF zAO6huHvN%LNcj2*9TVpH-r8*pn@4Q?Sf9;5eD~hlv~76j4%$(b_EV+ZRI!&T?W9Wk zsM0Q~*aK=9c7Pg3`=?^}r^9IPRN6V!VBb`OT~iJAOvS!W{SEfs!tOPvVaKO#v{Nc- zhP^d~LjGOh8pZyu*wcr0NyHwBw6_%U9Y#A!A$>QbAByy&!YL3Z9eYgCZfn?U4KapM z4BBN4`vSO7+Chx=52M|~5PuZ%9EGyBM!rL7&oJ6C3}tPNvTj0Iy8>3fP+7ZjSzCCy zxl&C;4(VJn>~ux@TyYMzrtzu!bDg@OghOdZBihf%)nzE{WQ6>iQ5~?;5BB-No35w> zphmytnnnrGqYhVOeFIOV@QJ9dG5ci#g|+&AYpwO{Tdhcf{$*F;%_d|P0{s`dJfVfx&yV@ z5nT~ogPPged=}jp{Vci-wcCO7tAnay8T{3rD>Bu|9W6aabS3(073z##{INsG*Isy& ze753m4u$9giLV{*eMDY#2};_+D{b@>^x78di@pW-w&GheVQuqL_zH9IJ|Cu;Jw zUmGh6tU+CnVW`rr#mHW){nIEIKWgnJ7~ z1kT^2SPg8%|A-*{2#=ov4|jQPFYfpL#D9q(snO9qx-1HMhCW(} zdp54nf!YwYAen7j^kaGfndmDkVK<>Vg=_PPtIcW@Hm){Y{;#Q?r~^xJZf`uQR};mz zM3{!s(u`meo$PkAIX`48)wC%dkYL<+_evMth8nEK>u`Mp?nx!49-tY)=U#cdvU~o9pLJWK;rRRYZ42xhlZCp(_0N8Vxlc34 zm?l|(`o`08;D310j}J~+fNF!@z}y+N;qe{)6mDDx@sW#FH-Y_ys&VGU)+4%;{89YV znNI&*vp7HgFX!H!1Xl~3*lkp_@Y4Bj{S5Yp1EYQm_~3&m?+durfWJSDom!v3{z`$K zV>9CHV4Y0|#Myz}mvAr@+Y!un0#{r)F%s!u8c1~TdBDJ~)zJr_JL!%coLVBkR@e)6 zE1*Ma!nGYTM|YHJE02Lj>%h>0>u_xbO~TB^Qh|Uw+R|`|b_MSGUAylGlz0b0w0STe zbJRUvxU;x_gmZq(3$w&If| zK#~G;q8oUpExVs3a`q19TY2c2_fay$LSK?A=>zlo&rr@~QT(j~H15NoWU;zViiLO~ z8sW9??mz|kki3Bw+!n<@_0UIz6YJ43phI*xsR^9V`AH7hi8XbSsMeunNzc3vb7joH zY>e<7Z|FqL3A0cSobag=LGX|+hs#9tc2%NsBYY=n*3gVUE4q~6M_#al5}KSZ3lz7A#SgfknGVKyWjqJ3XS?_tam?7tIX z_|ppR_b29Smj5LIe7{DC{tG4iXL2Asj+R{PrXH*DQ~-RQxZI~K+3dnS;TS^Ad@@ za5J@~c&0~R4Bp!`z;xExLs}6H=l-d*v3}f`0Era}3PYn5M;~ zgw$-0M7`?0b1{-EL2Rn;$7jbtJ+L!k!!erfW4W68qYZ1IMf5K8z*cXSJ^Btt-`&xL zd_ICV4@93KiPwd^?d2EDdctD>{OkiKyz{WesN47>R_n(Z{`f?33mA zr{V6zqw1Z+7!9uec=XxWlz|VN6f*`lFYw0|;e|b{%cD15X#6vXAG}FKB}rm;lFjy@ zEgU3&hjxIy zMd-+4`5QZ{qn$RQrM8KVXssO36q=Ru$$IpyXc?SH?=HBYnL-eDeH=^^zo0QEh`fAOTa@dQTPsJ}k660dgnN z8?tt!b&apk!anZ^K|cV_=sVm7R>QRfrG3o<3i`PW7z3SNbTMnTK6IKw&<)gNHA=rG z>d!qvDdOAC%P91uF~;IRx}&%3(uJ(^he&G#LWc(#;WshHcXwG<-B6#m@G#s@#G z2M5FX?QY%`j=QJsr04^!h;6~xa5g+1EJz-WSoNe-b!L4#y}TNF9uPWtYeOXnzl+z& zqgKyHuc>dmgi{_2?&!rym6HC3Sm%ITeKjzJ&pIy?1{?^=pAhhF1EZJjHVQ>(#WO9M zfrgIgBbZ-UEovjjM<|n~;%vS9f^r5)89iW>cY*-ywpT)(9_r^inz1ER4 zXc?c)_v4Q~WbwIatnuuhHi$0XeZJAVXr=`n)q}BdAx~mv)|ew+B26xBW4TgtxyHsy zMq7k656I21G{KBK_MjD|#vDyojsgYT?Gb$vBjY1zs_u`A+8*=)-wHwQ=C!l9w~4%Q z(Cqq8qKGkJ*)hKF&4V?9O*BJCThux1s?45BrA>#A*5LtlYKnl)q8nD6@?aSdb6~tY z!7Cv6S}f*8{T^qPReyx0{3iMj;65Y-Uz@bYg^kCXc>f+}yw?d~ak|?h`U~jwm%(Zy zZk-Am+ZQn(=X1B2a0J-6#vI9TE27XbiS~;p84Uoq=Eu+$E{nbqTLkE?*EVwA9kQ>a zypp322V$NTTeGI>Yr_2Yz&2S+*sYUx@Dr>WEp0kf<-j&V0%&Y0pCJ5yJ*YKS)51qi z*a{{5VvpS|8j&*2QiIBZRUSSYkxLLY37uRJdH=eSqd>G)1%uH;GG;#F|%Z ziUZ|KW(CHr{eeowmkN?L*=y37)DZ)XG+YT*hLXyNBGH#WiO!@m2uF;UY{Kt+H`#%Z zT;1IdVF%W$bL*D+$bAGl3@Fk`}-i2fm_OmQAw(@J`sH!g7^ZxiCB@x`-pY%+Ep z@hRi|N$RKLlQj{)wHs<8h1pNV;N3iSlXvuK8pq(0@5e?2{j8(8jg1lSi+&Iv(q#Ny zk}gRcjYGOFu$i;p114)DSvQYl!0%bAWODu=juXS(|A*_jyQ+bYCuya$yPTTt`()&e z;Cq^;TaN=#vRGUFy@%K&#~E85><%mT%qp+G7TXtcQ+;{wU3kOo(D2*FLr!{)s_|Lx zVG6IGy=UTVFei+g7blK)P=-3oeBQN{R&{6xl6sEtw~zHi`TrvLe|goXF+89#aT|{q zke`#&6*NBUCXizPwq1M$8?WDv&td=hlW7U8sBMS71$)rMmZS0VYm<~oVk_04&$ib8 zFh8oN_DxrYs;9vFDY&tAa8wLvWj5p5!fxD?v0&d%#cyP`_0xt}e83ltuhA?n-VTIo zOgpT=B8J_xgRuQBaVui`Yj{=*W#hyaG5E5@wO_J!cd^;j@!@Ogbz)eZ;6?|0FO+>B zlsl%PjmWQljEKo`A9)%cDf_^JxU>VX8xujj=sQfj zU0Jsz77lo_+rMq!>Ggvez=jLZ_r-zToIW6XvP9NxXoK}+FBZTFO5laz%W3GT>#mj~ z3~go)+iKx2exmPs?;8Jv1rgIJN{R9{(h9us@RCbGoCM|hp5$_TTN&!5}mkm)E2PF zwg<-5+wkwkMgTMd|6K9X?7Jtv6WHwtLk}kPC28VP!Turi-9bPX6URnNG>9R)@3;E$ ztv}q$bNB6=+!q6sA8Kv?RpNsMjSOkPb`J}AG%!-VGBYIXU={d%fJr-SivvIX-AL-k z{iHM9>xh=GLh5c{_0RI#M4%c?76*XKr_9N1N}s)h-Ng% zHTQj)0-pZ;VcMS5s%{VNNiKVq=D@;kxL@|&T+?d{a3R)?dH#l;(N`OK8-54*G>)D? z6ZJw6BUp8$5#U|HdvcN9J2u4nFm}HV=mX|uAzG0*MWS5d!@~LwDm!Qp!HGNLQ#Itb zJsFlB8;ZRr?@029O}96=3QJpmrV_Yf^Cusm`tj<%ts7$Tt0AelZkq2iBp!3W&$0xt zp~uCSz%kz(1TXiyYqvB)U3?+!M|tBBH;%#o=?_CmS77Ce_q)aj-NHLuJPXWu3UuJn zy)SM+C3$bo#bNCh^x^kn$G`h4${6>w2L%Z z!EbDOh2=fBJ|n#adYE?M+T$6}{;ONC^N-yzE5PIZ2eYv`Gd?1b<;v*!5PxlKUi&jX z*2L*Q#`eE)ao;fSPq>ZE8#_L&!}WY)(;bNTC>iU!q7R_IAHW$WPaKFc><)(e;wCHl z2+H^f-J9OQ^yV4tXVC#WrFP)|S2VpsqD0tRWgo5L?!W3`N1zA6Vcupw^Wpx3vo|?o z_mM?tO}5Etk~AE<W#R*;+f5I$h&JW)A^iz zG|O4VvIkrZX11SRvi$ur{soAyqjB}19Y4^P_)j{%kIdLlKpUNHef`;V_NW04#;qEo zzpZ4x9u$fHQH~Jr8K+xqbc5`1g7DYSo=(Vn?s2C3IAQe7_zVL}#`rhimmgmdzk{*8 zh`Eikjw!R1{Sp2w`PJ7mZ1I9qXPTHqfLkbCPM*fZoy(EVL#=?<*zqg90t zpj}U3FOv3<=SgRr1CH7rv}`NWHT!4ZMbM|=KfiTzOeTc*GL4dW9eY@pALQe3cVi$Q zK?3zTyL%h5_3%=n>|YSyLhN;@xp4v-u1 z?~FB=^Dd;aM4!P$|BbqfYQTSLev$vY_Dj6%Or?Tka1Xd_8;<<}bei<9sh>yhi2fND zo!7(nX7qQlbg$mN&Q1J>gS*oonKsdXSu7{OJN`QpQ7*>EufWHs{UGu2-*KES7O{3F%ALaEzsEobTa2Rp zDRmNMM2hXuhJVRrT!d1(GI|h0WyF8iP$QHv`W)IYliLDPA03FrIGlKY23UtDz-XIt z|K8DKp|;x-t@-{fA6kz7lEr&!T1XAfM;u1%?=scRA0-U8BQP}C1Gx1G@UTr-HbYwa z`&GgN8UyULgLYYqKR~^NQA=Z@rNf^V2&bKIaxsEBBIhmGg>xnP_*rN_=#Q-UKPzX- zG9Qnn_vjuzfa$wvSDgck3#bRp==Oropxm(2O7sWR#5)QD8d-v2#mB3CxW)~w(0Vc; zF!O708`swXkMi>Kp7p=+V(k0po{wus!)X_M$PqYqb0kf}ThRzXtFxUCS}ika8lG^@ z1dh8D_`RM+gY5&9+-mv~j6R0FDwuzx=b&K)&h3KKV81X}0)HG84rmYZ{uFW7S7lpyudpmNeTh-S)-16QT$}Pfb!clxPeH#H@2>o@?@=b;f&H2S>&ZKrF0c(J z#j`o{su|VdeMlCYK_$0C@}oaPwX}HwPg&|D>+$#ld-{G5OH=l{{CGb~O8X$&|AM|; zM}Ay~mGnokYVatZ_d}+96H;b~BOyKhj)z@;@-bUzO>0Q8^ZtZ%^Hr9o*J8vzjP&oo zR`xmU%ZN2_`U?R3^sl~vdg9N82-yxTEcgs!F6V#tq0oT55^px*FLm@MCcFFdbBrha z&0B2yCK%US+-{J59|kFs8Q17ZrVA*Ehf^d|d_?rejqA1kxZX*8fw2QNMGPm~LPNOa z82HyB{I85F3Fi*>!w8la_G@xLy&LW0S1T$e@=Sw^K}B;-L`v=P+k z6Z&cZ_?5%+qmDs_M4eDxwnKJh!%LP0K17)lwaze`Rw6W##`mQ|%y;xUwNvNE>+P^~0uwUo_TZ zw?vc`*nzJo9X#ZPkS$!|gggRocLlmk)M7)>ZZ4BL4^R)(iw`xqgls@AxZ=Xim>nL9 z+&;HduTG+U6oB^G1Pu5R6qf!AyN31}C2Rx+)9fs?V`Jk1BG)y*sV%UkZy zirfkJ$c}Cmcz!OPG&i#&pg~}^eI3?(Mi&0Iw{0J@b^R8L?Wmob*>Q$BfI+iA<^+jB zpw>i_`9M6P{(4rouP(nV4zu^t=8~J_UaSznejtd`mITkF76CK{@h<^uo z1l5gRe@yvQ9@xqMjBV`NG3D#EGuoEFh2VB38}F|@X%~>|)Hc3^b^RnWg+kkc1`^e! zekbjSEie8TV!09VVuWr9V>+;gwK}0(;DofY6STlmfY+hfZbSMMlo$4(c)k*jjr@Ep ziV3HfiKr(1Cl_U-n%mj~mc!Fv6*=go*ipi>3ftR$&p4>fkl5Hk4QNIE5a?=ihKCWFx>!_#!xD5=Qe0N zJEFJ7&!r)cSj@BS9FsOEdqS7pce;K2J7Ati$E*&vM>s|xC51y{-6-uEjE?!u|P7Nfl4d(d$^SK8L#TqONqpDU&x7BBogelhAvu87%> z2R@ALy7&jl?+t`6A>2T@JQ>2~NE(69Y;Og9=0*);u0M(?ss84hjzCh z+Jmv$0B`&ri{2n;qPnCRvyq680_!#a4{6P61F#WvFOXy!%&LjJ^m-xs7!`;qJK5`E zuH+REHF`99qvvb-Pn4c|iLNJ^!;_TtKy10eZyxjXYO!ycrVn^VTzXSjC(<-6fs=1P zaH4hi5@mJFU+~C&_#i*1K8>9zHuWk;??Rm(WX(SDDzXE38*8hO_(1cPg6e%lGpwdw zi%|JU|FZ}+Sp<%ojqsMtlRig1zGNLdNx1aQ5@t&W%K<*S3KZ`%SUu-LPWl~lU$TGZ zBl@$0r5@pOf==&*9mr14O8Q{xk8nN0Zb%DjpaWYAef}$U9!_|OKN003RtH?IC^p`` zNY8`gAQ={`H@iR&c*cwJe}#H3!(3_=#?%f_d1y&7q7J6Ii{a}~{=Yrn70t!xF2u(Xfn7M|ggl(>KUP@4 z$#Bw6m>nSTcYtk6J6da^RZ4ISvPf8u)`KlHY_zu`jI1@g*8#BC0iL!WV+k5eNUg+m zLu*BK0XVzAwT>q{X%IZyjX@rduslRQp_K$)*Zh>V1+*sZC=t&`TkuQ)-w>cZU_Vxu z7S}C9;t=Em>K7c~R8%MaIw6o?gZF{U(HH&>0%h>@>^r@31~Kb**?A10k%rq@KY<=& zjgd;=5yk*)Yq*ml4l%ieKW6FDW2%zJuLk9)&Lx7IAIp z9b!F9{|1iUik)KUTZ&)v-F{c`SLAy~^jf^THTb>)`D{fh;!mwvKTa*(9yQ6OdZDgF z3CTXY&YCa6aj-6WJKnZuEOB%bRI|T*4+#W0^My5iJX!8XIuE0}BCH24I(mp=>%iR` zzdb~`AC{zp6nLBNnsi zAKh40;8@(IfJ-Be?1^Fy%oR(3WC;sBTP|Z zIV@oCIyNW=&2k}4?C!uwT8@~$bcnUoBvN^~x)tzUo{c1hLni`V0Zv}y^I{%6PY=KB z2#76rW7@_`37&^d)rY*R5O>t zalQ*W(+TUsWL-kLK(vD1cRjQLFJb&`0G(Tenq>N4arB@SWdCr|C;WLh6CTWSpz#7` z@wXibBYls73Hu4OV^5ES*3AFfeQszUn)~uMApxFvQUs+>%rk?r7rJ;RB;9dKAJW&l;idY&*GZ+QyVJq=DQ(2P7NF!12Y=cUKx&IQ}@g)bi4u8iHXl!g7 zfluv9gj)>XT7Z!yIN9NWdZPD;=u^17V*559sThMWDMRn=M3)9Hh^)a;yUY8Qr<+rF-<=iv=A&_$mCJ3`=sE zJEEQp>jgCUtXGDmuYMOor?wD1xDk6OK9!8d6Ef_*46d#W`+@tO<6(O5tt}-en(Duj z?8GMaowP{w6=xzYeFs8Pvwc3u&j+zG`Y66=e-NwL_v3sX+#&}v$>&hk=fHiQ=5Iz` zM%jH#NdW7B1rc8)VE%I}XahJe^D>fm*qQ}1)K=h2Nk0lQja_JOpR%{&SWd`5Ib>a~c!6%rmp!PCOSmm=Wu>5$rXPYdE& zhh!+OgZFflz@ryV_QHw)aOO3Xc_DEM9ND04R7W>QU|PAJ=@BTNJ&^Zmj1=0h($PN9 zFKhGo72yiOMr~>QFjTaXU0GO#`22Mf$NvhN?AK5?n*Y>$K)bq_UV7utquQX*?;&(+ zbY)D^9Qx}8?D;y6MTupLgWC*&cGhVPjOoMPFND1_*5J?4<*(@@O2z-Q%M^ z9=OLDI$c8I^kIINI7afJj*kI1ti^WnDR&>!!{S6S8$Z@#bHTV=4O#`A5~!;k#km*_ z4Ug#-b;op&tB3XBk&3a)b8t`#jA_8yiIGfC>^?-0gVg)Zb%1dRa#;O`_hlPN3yBU# zO~bEvwiK(m2)|C`_NaBDcgcjIZ=AIyBp#N=l1bHY9P~5GuMNlAcW)gnt|vq9D?Xkf z`*8v}g7DrR)Rw{byq=4B6={=MlBPdByV%$p1Yu4GM4CQuJ4kU2_XyhNV~jn<9FiAo zY>bU{2PVn&TAF=;iTs*ysR{0-zqtg2Yau zMnIq`!Pv9>o1-PSi#SC^{S)Xb(JMT!;mnxQ2H0-H>bnCU34=p+<+d03YkG$}URu|` z9|V3+lSCmX7fXvCHu$kv=HwVV9DktiR{5~Fhw%ovB2lk+c{KW&eX!~_Vr$B@CO6!- zvG4cXhp`+t>b<=7jf`h=bGSg?`8F(TK;scVf1n&3#yQC$mRmVo3S3mk*T4QBjr0?h$>Q9L@LPl*Be>Ubes?_>4q?+o*H!1^0pe}&a{ zYo|ZvFP8z|qkClSVspTM45&8n(2Qcg9pPRhOrcT3&jfR?#D%C&0ta=p+?(%-)9$NK z;^#PWxZeZLAM-!KhGBsY)7SHHWu^A_FumdQd;2y_t+?k2|8OL4>F(OVCJWsg98cby z)_dA?gq1cVFO<=4oS==+KM*&wJ5OO1c#)SRY?a~5i*bCC;s)c`OX)w`@W_ZQr+eA3 zB*|;Hem1*x@Q8G=+6A$}Q@r(E3iR5AMm-;)lG_}-7+wT=w)4}4L-)BGIxkDpTcSnj ztIRL(q_K?^!Q_BpByi05mZecbImCx2$hCzxb9K^sl8`xfeCJMlifudA#Nsu|l@Ws0 z*3G2R5ByE>+B!3;aDN5~TLsSj=khovLE!dx^G0uWv3tl~8^*`+YJ9k)~&4c+NPn@^v?1)Xi9B9estvJ zw6%WFesTnLAiXI1g}$vO{m@EptnLmlq$1*Gb$MJvb!g#o^`5%}(!hJbr}EOO;7X2` zUQc9?a$<~HIu>wXM|UvV>l_&@QH5!P7scZl-qVKfDUTz%MD0j4bqA!mcRVmLJPuYS zbR-(-4PbQrJkG1J_q5qNSrMK_(KG4??_iz8O87FkMj?F^rTHSwN_VyJsB{cc1Gfwf$wdAKC@oilH>q-+B2)2_WrpFn9#;zg!=R@x!k;1 zNK5+w*fG6>TE@QNJn1V_I;pjGLZS#!TrYj1C#c)Ukl!sfHCXFN1CK|TQ4rYKrI;TwJveLfy?tsdg zHP4UsC%J@LoTUtK%sSuSqsKpirpv>n*KAtGaKfcJ<@EE8b5Pqs&OqJq+=`xC2K-pb zzQw?6zkTp_Cx!0m5lEC?4t4Vb{6^6-r&$fHl7#68wWG z6r;pcaj|$@Y?Qe&Pj-|?$f0t$94p7moj?^KRzrP`@} z>KJvrx?0_=?o}_TMd}0fg<7Q#)raYFJxc#fU#D--H|yKTX<`e`Ibs{mbH$f9&l5Xv&J{ax&J*9@oG-q`xj_6I=lSA0oEM0w>?1Ce{bY%_ zU6#sHai1I_hlu;p<`v=rSt%>UQu;y4jilhh=cqE1jJ%2ai# zs*%mr6jdv;)!FK7*;<{WE|P83CF&BHuP#?t$e!vN^%L1!{Y>2?`>S88-^(I(hq^-! zR)0}<%2IWYx(Dqf(WWUP73+Q(pru)`|7i(*J$ZCfWE~=~Qrn;+q)f1y)LEj|x$se)o6|0=Xp5mZGg0T^cz+tsY}EY>#G8V%CAUBh+F%wq%50o@Xp3{P zCPMAe1}$yVXMRY(tKM@^Kv(H6us+s7g|EM1khv;|oQZYhr)jP!){U0O6 zM2yxPagym^x{EVSUvsE93*)s+oNFq~C^6sMU~UqZV&vW~t}yqQ`@~fkz0Zkj&Fkh( zah-X`tQEg78_WjrchoRXKcXSO=*RVoLg|Muk)y;g4#J@qdAZ!y3q(_9pp zT+?0*F+EHlQDFv}LEUs5odJ&ZIW%a6hO}(Yw zR_~~H)qCoFP|C&XL$yRLRUfHkYPnjWK31QoPt|8?rTQFHbiLZ7w(9OWpQ&k~F4lwe zU|psU*GGc3js$f*RiCEM)U)(CdXAo_FVdIj%k`D|NBV00W6<1Rp;qUqSJdljp?X8T z3EB+GtX8WvYOPwQHmHqiv)ZDzsqN}Z^_AM8zE(TcF7=K2m-??3T56@WHabP8>gGCK zXX-57Qs?May1nk8JLxXEo9?N5={~xz?x*|f0eYY=&=FmtOZ5ES46g&v`+ z^ie47XnnLkMvv3u^|AUmJwZ>@lk^GtM18V8U7w++=&5?To}p*zv-H_|wmw&%r|0Vh z`T~8izEuA}U!||n*Xp0>pMt0S99-pk@Rb|&FZ3@_%Qh%mw$9agy0z}8d+6S}NLT7= zJw}h!ll4jZ6kVgI>ACuReWAV#@q4PD0NdMxCv?PjBQ%D(!j82&RvYrcJ$ivZ^npEa zKk$Y_z!MI|m`ij>U@RRPmjU*qiZsy-qp`V=bzSxvL%O z>z$oYZ~9(_&Tj7P$hF4a&U^~ov6jjw6{S^Nd2GEYkSG$Jd0gvs)SOPDQNcm_GtyFc zR|m9P`09wSfne*3($u}WAS`@!MN8Aw4KU-c6!c&!Up>$hbmgNz?A6wH_d-d-7p=PW zMtQxfAE>8yVTR2;L(fA%PrYjZ{E06AF9@K`w!d?M9bW2GgvB2uU3*vjy94Lf+=tE3 zS}C{=AhlO4V zC=bH@;K+^1&r3(o;E-q?`ldY?v-FPIy&adti`fr!(Wrlj<3kXP7=~7$deHam?T}NV z;}EpCJ<`yM!{ID({=xh#=lgWrOL38GUV%A>mC;5(W~metFh)GQ8zc(QVy#iro*0>j zVUE%n7%%|e_ZEXrL@??LMG;dgqQ6-fU)fBbnlqG+h)rMLdq)K*Qz@jPbiQnV(7Phk zy)9rTKI+wUxaibl_85-(dS{hiZ||*rmZAjqq!u{bofh^W5k83z*>fQ3O=kzLbz78` zPJzp#(ZqE$U=Q-I60}?R^1hz77W!nRA6$dcw&6>lrR_Bk&)CcQ%45c&hm+xFF;a%F z8q~I}e+l%PcU7SMy=w^i(z^~v?Gjx_qNj(Vww35>@9N1pP|D6R_zobL%_{$*bl=y} z6F3~4`=S)%#TYSB93#devtz|^nAe^r#=$)i=NWj8<9h*IbQIt`g>iy>Q@|73W9E7^ zdC)IM;C?#0iNfY%zD)f`m}+~CUtxwUFmJYYR(*Kf_7)?>QGS0+#>}Dxq@@$ZNr*+f zEPN2}x4e?_CTu0_A_$54`Ai>|s}R$}PvQVxnI;30T`OtL?>T#yGo_(;-k1pR-D0qp zhlhn;2}UvZApEzbB@DAA?drqz(h@f103Lns(had_ya{L&ijc-0qY-K$y8t{WRbSxb zZ057s%xO9RYtxY`17{kjQzj^27N6L=5>%@tPWqQv4&1~=+MwP<7iq4CnGa6MltiH) zk3jxM;xvFX6kKLF&UBswW&j_~K;CEK?Cj43ry=j@IP-Wun8WkI7Cawp!SlgZJRi)( zEcs&Od@0Vhm@Quh%6bLPPCQS{;dx>%X3xI`y?q>~7Eje*wFwi7T$J?25Chlj+vv8j!XCdYT@&VBwv+f7QA((kTBnDvi{jfL` zGw?^mK+M7)6^CIa{+KAhZ2WOih#C14q6o9{Cq*%4VjqYun4K>cT`@!dP;|pAeTnFf znfg-E1GDvyL_TKh%S2Di(N>6Fn7Mz9x$P&I=k}o)JmP6YFOLS6I5dwsLgaS1DH4yG`bd){VY(c)}Y#LfK4>}8Uk7_fUWlE z3tY1^u1mn}FBLxkMY{}mcqq<+;7$e1_p4A^8s%jed5Y=&2u_}X*cm9PJ$2}WQETDz}*<)hugSB;yqoQXW+ubybz@HG`J zP1iKQjK6G1547xb^aROoGteLL*G!Z&eEkU2s~5`aU1y=+ylWEL-@96iDqw@XDp0pX z7xAI?sO=E+wRc^@IZ(=p+_Qd{z!69rHeLALfplLY!slf0#?v8Jp9DU73aIkQ;K7YO zI%6-Jp`iaXJL(2GZWy>YNufmV>97*%#q1VLw~u3-pnwSY)qKdTxhdN{+Nf$J8D1$`U6ia zrpy3-5VjI_5rjnj+`-3X;*%bJQu(|xjRmBM$d_`a_d;CBrKX%I4aM`ugopDUK6`n1 zSm>2tJhbwJ`#%(8PQ^`*d z67{q2arqG7wTGWx3QBdTgG9JZ@9kl8rZg1C8xtO`yGWsWSq+s}0s{_U4_jKoFv^3{ zdu`!8EjAIB=YSIR3Q|I?r-4cy5uybBkP_TeRZ2MIO&BTJzkZ4bLsw%H?voXvZ^* z_B_Mrz%vY5Nn0se@eHFA&oDaj45JfP)&3|t>s$4$q6=2ZZxdbh?fQ1n4eRB965X+8 zeuwCRb@M-qeEk>w7p#HZsqYlMu#Wy$(Odsb|4sDKf7gE(ef3@XF09ert?w57^*#C? ztknHO|3eJGYWuz7P^`G$CkA5G{eE#6R^A^F1^Pk#peV!|{6nG$>+lbYVywMAA|hDd zdk5utSHBDB@9Fmd_kH~VATHL6ktbH_k#;H803*Bx*qPS=yYm`gKCc1x;x)iScnz?C z*8n5D2H2Ta??rc7zZdzu64(nXfzOHptl~c>4#j%lLU9OI=H3($tO_m>ow2t6DPqzp zU4&QZBIwm?(3=Jl2dz2uW&G%i5t4zq24Tq%#*+4oC4>nrfdhmk`HUrpFqV`dZVyO8 zgex5wSB_v@>CCv&k#VIH<4PaKl|GCs`HU-F8CQBi3Yvp4Oc>J(^3!>66W$DGycx!L z)0OdNm^@9MhB+q9Oe2gvgBg2{X6z|t>?vaGIhL_!5MxgXW6v1Io+BB1iWz&3X6zZw z*i+2dGn%m{g|R1{u_uSIrx{~UE@Mw~#-3J;JsFHWd5k@+8GF(gds;H~v|;SYWbBcQ zJ#86#+A;QIG4^Q29>dt97<*C~d$JjOTIffyemhh@rXLgIv5NaRaPA5Hgeccf>L*17 ztUaC*WA)SeX{;bWqn`mTKC7Pz>*s-~FX$IUwSEyRz}@sq`XzA;)`4FJ zF215)5hL}h`c-k1eoemyEPq|U4vb%@7Xl;S&~E_O-_&nnguJES!dQA+zYY9egf-+* z`U7Ba9&AjO2%|sJAEAWH^fHuZxn7Qvtk9pJ44>*x0p&COIr8}eYtEy1&3P!VIalzS z^9WvZuH-f6?!4wa0Bg?WVw4$ejuu1B7;_BPqQ{zXVuTrQjun;WI5PnlKhaFWs`c^a z1jL+dPDjj{W)9+9Xf8*{wdQ(+++c1LDZFYug4e4nF+%@Cj6Xr>{ zVfP{okC}G7nmx*_GwYCcy;(0>@i=LLadHIrgycR@+y|Qbz;GX=a37>{AEa>~G~+&K z&V7*1eUQO@kjbr|#jT&st>1!MKZjetCAWSqw|*;b{XA~{*4+ASxb@p|i%V{C!!4f5 zE#8bZgI&iZn(u$xy74ti)V3*x8fFW%PlUs#SOQ3Dz|tuZt*N`@mAd8 zZMnszIm65l&A8oD&AH|RxT*Eqnk&qY;if*2Y&p=3`yiDq2bytDG~+&K#eL9%`=AxK zdt37stO%N+t;aJ>>cKQAgK3hLT!}|{T0O%wiM~K>iTNARq}EK6+A~ecXPRW~IC?Wp z>d7=Im1$B=h<~+Vn$(7AQfsD3xlEHCd>*m+>Q$@#7H2k2D^m{TNH~7(co&ezar!Xv_G~ zk@2G!<3~2*M;7Bp3&xMGj30d%KL#*<^k>Y-W6bEqn9-Fnqff~Gqd((B9^*tW#)+F592|9#(=Ke_kFn6`*TnC;-2opJ>83Yx-0tlOzz$P zFC-GOSP?y7v+|%A|IA6OELF_wF}ZNSId#l3bjJ?f!)i;qAzS; zK0$7us!v6K*uZ=S_e!-=90FSy&}7)Id?5~nP0V_PZ&I6Z->SBP3v}1rLGAN(KHP`u zL%}r;(}&?+s0$HZtcxMR4AO(Z7Y6IWkeSMK8SaN`X#ZhHb0qHNx*U9Gq#g;%KT3~+ z`&13zh%kU%@J;AMoibrWs=xs|GO57{GE&AEp_{upHB!X+~eB z8KanH^ktfHDASCwOf$x@9Mgko#(1U~y_ja?GtKD9a?Bx2GY(;z(U)mPZ>Aajm}c~6 zn$eGGMt`Omqgalaz?7pm%P|v}e)MNKri$g55iG~dV2W}S%P|!!!BjJK8OajNOr|l% zvIJAf63h&iV5YMKQ^^v{bjG$WjBT2+tuterg5A<9BAs!rBP^I+7p-B%v{2;1lIac6 z5!Os^LVr!T*o|?qE3BIqi585D8H|f<7#G_zE_P;IOl4f`!nl~lxR}kj*p+dy8{=Xg z<6;NK#g2@NlI*bnk+4uP7HU{gtpcpoYBluiYt$N%345w_q9w3%17dDe8&S4RYBSth z)E1G$nA#DRR@+1_tgW_-<6&|2B{cG1sjtKdu)NwKPKNc>*J2PXuy%@pu)^9UN??ig z4YdFNRNsopu*v$DI8psu{Tr(b|55)DC#mn$cS!YL^I|OJ|8v*i*rN zP`A)6L>bwAL6XbWxnd&hzgi(qp3W0Bu(oO~hUhlBt*F)QbUSezY{S}%!LSeOfH)m> zM==SOVx7c^y0h*qCc|c|3(C_~cNJ&CdaRo`oJX&Q#a0h7jK{EqO<7OKg}rny(E@f{ zy%E2!?u)ejb$@X*tjq?Wjx^3Y!`^HlpwMXV49l|uxM|FHgzZ-m+%)pDV2>6NB|QGK zVVPDUMl%)Y1{<|fl!|CUH(09;ftx5oH`uKm0XNZwZm?h*3imKQ40#UM!;vRZijJ^o ztAKli9szfyu7tZvSBW%Tt*gZprXvdWZbzXPh?;0UT8~Cw9IcNQDSC_^gPGGY`WU#! z>alQ-)8j;@9;i`4*R*2;XXy50yj~vj!e0-U{!ZI>VAekL$rteTMf!dv@8#nc2m$tQ}tBDoTjHC ze7c?v_Y6G)?wNWfVAbkcz&cx>Ely(E*O6&o2JG@?i{qIBX23%4T)5BE=fOU6uAVEV zGEM9PtG)TamIZo&Xby|J^TjmS@Ld4+h5ACciDG8Krte~ujp$}JtotrSzx+V|K(x}A z>B}%%AWGU*U!ku+zY{&}s(+||2scqx2}{7MfFVR%C2Rt(ftx6-gmvJxaQ{UAMC8Cq z@TbW0XZmNrqMz%Z1Bxy^bK&|sBeV(7y1{d?@jt9)R$;nJ^TFS(( za9hiwSj$9uOZJJRL$Vqq(sNp!A-$u6EJSP`J@6!LKOJ3I=V*{RmEV&sh}G}#YhGEP zRRn?^Toj+;QHiY{tQ%b2!Jq8@lNvfLibEIGjkL9-5u%HZj^JK&^a78gn%h`5SI<7h zYLhyEw|V*?YYpgWttfq9Wz_}k)(QHc9{xpesf^4`r?zVXiuwx$05ORXa0R?ZRAj6l(`2F>md_ zytOOy)^5yOj}PgVI@i@LF<0%y{In%x6B>llfpT=7V|62YWLg?8AKUROW!anD@12u6G7=y&)m4cLZ}i$z1P9 z=6XY!>y2fuH;%d9Fy?y0nd_A^*Q;QzCzs2z>t75K4OizPW5Z9|_u6H7H zJ;_|pFxN|Au9wPOFO9jLWUkkYxn6VTdg;vdhBDVHWv(Zg>t!(4%Ve%Mp1Iz!%=OBd z>q+K%Wz6-4GuIo&TyHXSy{r(|>&0B}6y|#Q%=Jbv*UMwBH<`KKFy?yM%=Idn-$~|l zl6jnD9ygMC+*syu6PU-1W9~Mb`Py*iXv3M8fro*MN#i8esmi1qg>`kBbgtKWqve)`O!G$M-!PJwPH>*jCs&7=0W+) zgGMk9%4Z%lf_YFr^PmyTgIY5W8pk{+k9p8!=0SPPgC;W%%3~fhnR(Eu%!3SbAIW@& zct&f+NXb~J82>cmpJ6;pVH`?jj7ejhXvY28oO?8#`z(WdD}!48*=eoRgKF*VgpO}j8P&17nt#nd#Dsc9Bd)0Rw4dowld!ql`k zQ`0P_F}X}v`Y>H-%XB4&>561p(wFH+JEj@!nPzllnvudZqXW~7RHhdBOd+~4ZBR@P z+Hy~{;-2WpHU!5G?(akCv`Wjn@4$(WeJ zIGDoNm%@0L4-QJwOuD=(?IfY6Tr_u<$eS^D+S%f!SvB)#|G)OG1g@s7?eBGlCQT}p zN{&)eseKxin;~V4G`Nzn;WSX4oO3ENG@x>kF+$uVndPEXLK2c>O30i!2_bX7XRouO z>-B#3zTWq{-}l{L`uVT3*0Z0r_u6~yXFY4}|5}UM4}JvOd9WvsqDKsO;Zei9Je_&) z^_=?r8Mo~6;9YcuuTBoYEbxM-8%iVyq@BQ1v4FAp!SDrt5^zDJIxJ|JHDL_j62{_( z0HU9g0`Mv0XqSIXc*MbF)%t44mFKC zz}J;WIS=&o=1~(zxV!PFSWov6JZibO=Wrgi9qTJWZB~Y_P~D)7?+rE56?hb$ln>Ow z2rTaao{kE5R0i;!-x^pJZtyKC5b7XvZic6)3LcFicnLO8k4FHbLjX0Ck;y~N*8^Y3 z7I+#X!D9@9x++a)=A{{dH{uLmEye>ULPYYCgRgS>;E9<7&uSoyAx;231AIjY@DmGI zMHovlR$#nvj5Ydk zo?3w!=+%@C@WPHufLdY^i1AAj$iZo`U`>0XL9{_km;>6^I(1)nZ7#0J@y|#U1)3iLn}85TAImV z=Oe*;iKkMirBphVNo}R}0DHQGDu*$KE7Wc35%rvUizp-qXJpQLg@iREtR~?F5}qSr z6$vXz$joYG^vk6oG9{ro3E`U;BZt}GIAnQ}a6fKs5i4IB?-?eoEj>y8J<0W$GW~hb zH~lCL%}hz?Bh@oYBH=0$=8zEbH7lo%0+wPdCTIyM!0!eGmI8waICEzETl^`OSpl%T zh15!FF_nrU(KIANVkALP|LHV1Qy{!=^QkoWmwc zZQA#a`;%#KCLK7_K~#(mp~L71DnUn4DLRJAaJ(2KZPUJY+@DONSf*FtOvlj)bP|=L zQ>X%+MwRFcs>1OTAZeTSz2p958k{NOFFTVl#X=D%0%~G+@ELVLebsThT83J!y0`lBP7=)^Egx-V*o3Zc=Yr17 zx>xinx)ke+x(0U5;_2~x4Sq7T=+5h2V^nS|V;m1>@CP4O1RUE$>KAG`%znrM-*PXk z7Ewx7P#36Ls*b9M?>p}i3n?Hqq=O8QDYAkU9-Ltv2T$aS{9(p}2x?Cv`UNdVYf%=g z(XbchFqFdcxB%>-beIPbL3KijIMk$8<4_Bw;7}Va!eM8WibEYV4~M#FB@Xq7{$iq^ zD%FR#2J6GSgZ1GGus*y;SRdXdtdF9k`cTX9`OyrbA4~LS68%|3e>TydL-gZ_{yw6= zpXlci{d}T-fan(x{X(K&MD!04{li562+=Pg`bUX=DbYVh^vj6;Nupm)^iL7}3Zj3S z=vNZ`Geo}%dKXsETXBZIg(rCUf8uGQx%kd&q6IkAMoVz0gVLl=gve8+a(Dt*4tE~Q z!HQvhurgR5ER9q?o5Y#Tlcqzda5|I6Ik?2c8pJ zjIX#eT24xkghO2G9ocv=W%G=XK*k%n-!I1a6{G%O%tDG4jV zXO#Bj|KWW`$>csrZLOX(4&}yiC^wcvYcGw*k$54A7m@fe5-%h1GbH})bxYqCJ%mHZ zT^h!bu!w|ZB>a)*+-`yXzgeJmKSJt<{C)k1_BMvG*6nS~|IIe0-TwUD?N56@=8ya7 z?fsaD_I?bE=}G%J?fn>Ozvn;Ik7;jX+S{0KMnN~E?=kIdOnV#C-o~`I zG3{+kdmHmV_069Jt0nw397i_Ht)k(-8)k>MnJkdPqHnU6`K2?n^JIm$2i~8`x>-1MIN$86lVk&qcCG9(6#=wnF+hJ7>Y_K`d4#q~GG)=G@`baqe>Naqe>- za2^A@QV-?@F)Y|`Sg&wR2xiCtvR**x5U~H58N~1l)^RSvzu3|=V9Ulq9>1X~xK|9L z-37RHEVy@44Pf;G+kYkeDIy^-5S7T0Ea3lq?}#{jL=mj^d>nFQR@VN0PSWGbfIq~X zQw?PT%E1*d^NX2t%HeY=08dRqb%4^%p;Up1SqSU56(d;p1bDJ%aPA!75Uv5LGs7}v zZ)>$71Gl?d^ z%BwS|gH$nfh&oIi0si<=V4xnO%BbVi3D~c!oH_-3)YDWY%!;m}&H}gmJav((rY=!6 z)Men5Uj?S>b?PSY&FiRp)B|9h*HaBtBXG}~s8>`o^_F^1eWY5Lhl@B!2FU@NRSBt} zjz}GKLRzRZ>=D-mbw%BfAu>WeU^g=})C*Z6KC(u($R0VMKFA66Lj%x2q-D6;Yr zJP`cHgp~Ftcm~XRgYZxLHJzyaLPp*+X-Lu=B_zwrOw_J}q?;^+_#J3@8LpW!o2A30 zXg?VRGZ`peqCFHc(~I_?&D*5tW$DN3!6Y>1&mD-MVweaP22;Ky@Sj;^urJ-MO=cX8 zg?kzXW&5o#zCLnm_dGTAJ|V#$SB*zL;Qa8H9)`f`bg z3m21c7GE5DG)G3AHQI}>N-N7iL{43HfG9Lp7~#iPr#mt!vg!(60YZsH9OxG&;2Y6~ zOrnCio|nW=6cj253*>nV0zx8$VZz{0f!LfkG$O!)?@0G%4(p)K50OYB9W5;b1R_aj zP-uXkL?E^hx2j4&(;`3^ZYdH(3dNxkp=gFB-;TCnblK{?zMjHMAc_tR5Qur6LZO5= z@M~tg0a20=p(s=`gVxtl;@i^Jpl?sZKVK~+E4odTPFVIoSz;U7N_y31-??h<&~O11 zIz000Yq z{Pqm0c6xttA*V9XNx6$wU8+IOo@#FMwSEs@q>X3k=da&URhg1;(4XUyu72e}nA5W% zUTPz+vMaL=JsY6*x=+K>hMfa@Dx57bdDiH?sNu!ZnwL9NdbfQXy{p!-^GlvD6O)&MfiwYCtuvs!Cv?dcbV&aOlf{YxzYFw@?TaNC+q$_hYIU4frPZTm< zA5qhO7^Jh}f?!>mC@q8T%7_g)+O%f8#{Ls=Is+@$MNP0Q8{V`qUG?z`4^`T+H7|rX z7PL8S+8U=(l0K>4!T@pPcd9k*!eri+<3#tN9Ww1RZIi59-v?3HcaCrK8i<3$BB<*Y z0irN^6q5^&Gn5`oyUKK!oHPU_eTqP`+ANxRS4c@&NYmucX5O~WfiZwOhbU|7%_aMc zv>HAhJLHV)%nv0+hJ@a7QC$-5d^R^!;hdoIK-w^_-hmry{La4Ft{SK!+7KVUdQFPU zi3>&L{R-(~>x0cV^3x4cd+O`oEehH{>c*>)F^{X8rv)tNnwhoL_w4;^ea&xK4q1@> zc~za_`BKUA2kE`n)gQONxj}ZE+VML-|K@+rM)~xrS88X@H?BCRsMsM-ar^9<2Ylz7 zsqgm`1+3oGa{so$^=l%N5BU=>8b7_^r}*i<%j1-pmml;>Dr)e2vaamF+V{EMP6xN{ zuet9xgSG9Z+^A*a^37igE^S!1XJ^yG#-kIx$A{;av2S1LcQ|#TU+3!P%1Q6C8k_Ez zZJzC^1~&61oya~RwVP1!zPU+s!0*jRH(YbT5^8&g2zY~qJQu&fz!|*3B4Jb{v4VWs z5}q7bL6a}yfnk1PG0&=v2@4fQe6tw7hxk_uAFTG0B*6Q=syoxP?g@H`DzOmALnzmq+*y=sL6wONz5G4}) zvy$;U(khGwS6z;_cd&D?>TM72^nY*t%6eVuv?#;at-;Fn$)tj@$T!C?VQinsfE{%1E zcy!vXXCGR8k}hv}MJ--rs(8qmQ?;cZr@1k{Y5OzJjiEuchjn&Ms5K9&*O_|ozK+K* z%5uob^r$O^JXW=?XFVNHiU_8dt*=hnk#YM$-!^|@O7w;h%=?nzHelTr#wN%ctNs zuBodlH5}^f=I71PvHzsmJgwte39Z?pzH(E)c}niB*3Sy=ltmjm_Gzb|)rv6Jn!3jM zlhzhJj9wE``S5pk>_XX|3(KnAI!@c?ciL%V%Z;s5s_)WjaQmg!Q;wDaGs%LbyR2KS z2iUeAG}E{fYXY`StF3KoQw``rOh#Qf{b(?2nPAqEZ2x@4u?!CUV%CN;`S3U{v@_jb zh66t-x;JgtdIez5{)Gzp`_=%-eDm^R3wI%@q~XxJjrqZiK^?MW966&>JBfACHhGjSMx|!KJD-LX` z?qhniY(uxLzAtxX4|=)bUchO~rP)1uqN^hFp115#k7D=6kc-`xlK9lH;OeJ|59_GviF*UT%QnomU~cT3p*SuST$N;90O9Ni7^a{cl{tzs$hd z&~{c1e0xB~OS5hp{cEgjBI30zywvSdV%#n{>~`H;f4P2)_Rx*vo?MXIm@;c+Kpj`f|s zLx-Kmn`$}5?6>17bIK0t?>TzKwTE!Kz0aFuE=wxYL~{ryVcVsb#76x{{hZNzEx!jw_cxezTxA$90YVrpc2f#|LZ{`Rn>0 z?<$<6<9wLqA=tXxPFjMI;^L3J-{JdlWB=@m&YCTI%b!gYD>cR(TH8D$z4$lT z;H*wcH!^)rxXe`O>u)ltXn?Gj&)JT1dP|PK{hSxNbjdtP{c7D@7GiHoD4`P$wJ|#1 zwJ8aUnRnQblQ5r7NQ~F`-Z2}4vju<2Q%!^#E%gvNT$&9AuI(dk^>VC+zua5VciBg^ z6B}h0rN(4h%V>;Ws;~V2vW6QiR zH{a*`u(K+w{I9Ka73UpsJ=Hz$QX*@Y;f&D51^FYY&bn1t8$QxY*}i_^fC$Y~y!#6_ zoas{=`DV@D$9Bg06<6!Nxl?~HFN5h9T0zTV&v;bW;y^di!ODhjZDV6)?MqK><53NE z=BvQX06#@eUB*oq5h#pkO_2SPphxR4M<}SPyTCdf;J%IU^9$y=g@%Vp1c7`aWq()t zhb~Xu*aI!azWGk?;*1+N-J7pdpj)21{AT$}2YhHisBwNx6 z@vWNRUrA^Y-Muvq{+0GW@vkiDVPB47CH4Im&KDdwDKtVN5QPf@Lt&r=$|d=oTlihS z@oV?kX_d#otNKC(dBv5{uWPqx9jRX1^Bc>6{ive6oKD>=VxF1SzgX?WRogN@?(XF5 zJYgu0#};H)<}5lAxc%Ma^Rdon1*LjsQJYIp-U)Yln}RUozJ{qpw0Y zA9~8qbwR(BPr0$V+eXf7QNx}q8iKUqU$tXA#@^X>=Xf`@&=b)gs=*bC+;bvxs(Var zzs2HLv5(#s?$f9UR&!9kcqnk&c*i>y&;vjxA5j{RW7PdhFB)E3zKT^<`;qvK{20x<>V&N9NcMulR{v1UB>&4DitjHGeB( z$@yyUOh}?t+YD4H@|n>W4Hu6{v=yIR>eN~H$tDQC{1}=Bd$wZ7_|^@9(U-wD%{^3i5OV3^@F}DjoG&<&e z9}R!UaUrr%Hh1c;@f$MxOk3fi`}m|s{hr*GJ4Y4Py(-W-qI4_SP;MCSU%)cUFqpSNAUyO6i!Zr#$X;)4P?rIakIhbr6R`=u1> ze(sp>Ue+c5)PU}w?Ebu_I#$hRXNV>H{ni=NQYN1{zRtZQdUf=rr9s!84x9dBgnUz!LT|3~(Hqvak^KyVI`6W#i`MeKn{Leg#r9VA0+lzB>7z!Lt3&g)EB5}I z$hz{rW6rfKob!C%`<_eHt3n!{T-D|_ckx@dO7~&Z!M>-@oiR)-pSbg`ftbVB8|7gJ HZ~K1%`Nrw3 literal 0 HcmV?d00001 diff --git a/docs/canonicalk8s/.sphinx/fonts/Ubuntu-RI.ttf b/docs/canonicalk8s/.sphinx/fonts/Ubuntu-RI.ttf new file mode 100644 index 0000000000000000000000000000000000000000..4f2d2bc7cb6ae34d90066e1b330dc18ae2386e38 GIT binary patch literal 386440 zcmeFZcc3gsb?#d;J4~MGo{rPgllR_d?~~5~34svVB3K|~1eQob0)z+xfdmpcW0Hl* z(d2BBjS*3R!6aWBn_#ZZb08UmZHxh948GU%eqUAhKIcdW-u>^sKUB55dZxR&y4I?- zzFKQl%{CQdOhmD2?s~hs-SPH|x8Aj7*8cPgV+P^v?|Sy#zW=_*ecr5Id~;Jd{Ege+ z?e4dE`Q>MR)vUcdH|CV{&N}yQcX&|ko(GMI+cfa=v+s83=yMMK`~qVte?_bJyT|SB zeBKYA`Lib*GptkRYxlqO!plDW`p2ypb1mQ3zJCA5TroZJk}baf>C~8Nc=2Tqy7V#E z-tLc$`P6reSzkQp!pko+1JmIB`)SX6(8C^k@g4s0nU@&zt+uINTfgK1mtJ+|KYXrd z%#m*x^Std#9(dscYG3=xk9hyRsekGvT6t_3e7HJY|G8P??n?CzmEYl$seY{b zT%LQrJ6HbJoNa!=)z;eT%6hd~UHyisF7Ill_bS`I-L3C@YqkDgt1I>8?agT`Z#LIX zjd|TYxK^!KKR~^yS*iTHIclHyM@k*PFn6rH%6z4IwYgXI#^&6W+nLu^pJMJ}{>6Ny za)xs`?S`f1CSvDb5#iUNf83edaCISD9y2A7S3Q@)Gm=)%%!E_2%Zy)gxw6 zxs5qoxyrnya+~G<p{M+)&eE)8BYA)irb1I)U52!Bqylx&)xor8v>Xyl>+vY6u za~;bU(*9YM&^&DA=H{&G9*%v~pPMP4FREO@z1Ntn$}`QSJooU*H_ek*0`psyzc%g4 z-z`61`K*~$&NLTS0{U>~@@u^RAsm;Oe>N@N^}@;R!X~X6jzU@#e}U=2?}0GiUJJ8Pxy7>d(wGY#$cp%#}ydH|Q?Lcf`A1 z$MIy2$8y}?_T#%|%5$GtIcTn~yw1F~@)L7E?ma`}Yp-2pzEC;Kyn<^tsXWL$f#Z>t zt19cXJ4G&E$#_1I=cio%T;=2DO+0_*%0tW_bG(=1k&N#iJGL6%>l`buM;0{R8tdZ@ zJJuTS;;4SsT(~>d8t>x|$=Uql_*s<04Ugto@FS6s!SZln? z!;N)0=8W-8xmS+0#{2j~@85^aGv3D^8gI#kJ&SI=`?_anx9|UDXX(Lxcuw>qUzSJe zr+D?N&e9pl?Jql{Pm<~CXUqjUi_fC@`sd}pBlABfud7b=2aL;qP#0aa`hY%4C#v7% z+~+#FDg7wUZF}A>zF%SA0 zQ+Vh3;#cKyl?M9q_Z(l~_&&PS;`}X+LmVF~+rRF)e4lyA@_cmdYL2IJJeK379B=1% zHpeqKZpZONj-woVIHb3SIDVbuz8tsUxLM^><}7B0s|!7SLaDEuAItIT$>(*4(YqDt8UrGv#V!=ahDk%(3##V@_v0-^V=jt;(6;;F-&B zg5eJ@@cItm^&R+ruK5M$pK$#r=3KDyHpu5W)vq$!-_zX9e%AK~ntOv~i|Px(i|?Wf z;K9m>I`>A8Ho%2#a|le>UwyB6bTu>QRolyJkmn~c;||T$uAKA7c)D+wvRLnmMH!A%|Z!H?F*g&j-Ou z&5PeQhpRU;_kb^VT>YLoclC+bB0n(~tq5QKlfyR;TYWwA{|7mC=y!psB}VPy#Q&i_ zgQIsX+bGYPmozsZvrnj=Y9_llT4LRGu?X5KZ(n{_`h9$#%jZ^pM8B^x8@pIn^m+F^ zn!hxM6xVmp*TMOM##>*H*0Mh*U?RM^E)S;5pHyDG{Abxy$jn*Q=W~7ubiM#N+RM2d ztFj;E`^)x!*}1^N%Eil1Ro{$!y>R)(mAf-$XVa$IlHKqZ$Ws&B;sO(Z&r>Y&S>=zI z7oGwCuSDNJ0yaN_x;Lj!89MkwlY*h|s{VvA(A;;qxqIbF=9cKi)2pk?uZrL3*Z&Y^ zax6JM%JHup*Bp0z2>sm45xc{Df_wJZwKu+r?*EW?-i!ALuS>gw`EBJJCSLh>?tK~g z*4SUmv2EtnH*pqS(ot+y`~0=be^8q%_cRUUe9P8VeLeS5+L65~zKe%?UN)<2AL$Nl zuAIVW*{L7p`i1DNix~w+7k=&(CQFemtKzHFE+u- zeN9%m*6iK2MVOPTN6m=-oKd|ApEZX{-({O%>&lL`^Vr{E?_#G`e;q9PZ}V`jKXTi@r*yH;LH z{i?a2<-tYB(yF=B%0o?K<$<&-z5Fn|cpCK&Qt#!Q@6P!uWNj}v`6YONcj)^B*Kf&u zm~ehB=kLM$)2a6(#^hemSlVZd72|l8or|&UIll-S|Fr58O%I;6S8hssZ=}5|&70uO z!>gBYUbFqS`oP^l~8k<}rv!RnCg#Sk4lUXPfQ ztR8_wr5<6Uz1i9t+hE5nk(F;SC+!1QK44K*TG*trTbU0TR2itJ+P z$zk|EXa4_vKHnVu_yA)&$5;JEp)21pkH$xOu%+RVVCWCbeJa1sp>g&2{z(q?X`3_s z(7Ua^@J_v#M3Fmv8t8^4} zmGoWzd?q%)?XcVa)7-Q2ea_$G{A11^;aLvL5Apsw$BLnU8@%VsyzkSTU&HyW_+H2H z?xdgJNZlK8T)=TN`Uro2<$?W#++MNrecJyz=l65Imh&Tc_L=mr7>|;tC9g`lcl&+Z zcv>0x{}@NwZrbC&c;CN(ywazpFW)VeYe9 z$Dg^XvdS^A`u8hzkawJi&RmYpoR7|2j?SEq&RmYZTxky{bC)A?=Oc5MBXj2?bC)A? zSHjCHZTqqvobU7kboEkVWOrYGk-6QED*^vByreL8{BV)HCRJqL1hbCXIzB-yrKcHZ>!L= ze!X(Y_TAoAmFuMWk>0d7<)TxRnQjkilF53o!P|>b(B(39js(iPZ*kYFYbO#^sq|=4 zoD%^y%_u!ulro9Ul>@NqNO{*@JW?e4W%ogS+pZ)<(l`IO(M5s|?OWAVmrl^;!^ae$ zFEyr~O2qpV~`}j-C__#ZcCB+5X4G~jzPS>{= zm3vlL*kFmrtQn_aYwPQkwUrh7nC@(>zNc|o=TrT&%pcW1Z|bJC{NJqAsBD@xWy^FZ z+qUeO?(%<`uIW+sj7RAipVBvd%DycF6Y@DU5oKiJ<$syjB$SCQQFy&Eml=4Qlys^2_@~7q$a|-3D zw!DcsmCvV{n^4}=oJQ>TX6B}pr<bC*9f=b5`xo^S3!c~4v3 z%bd6TS95Q3KIMJPJt^;N?nQZlx%cu1=6>crloy)&QeI>(puE4iALRqgh0A|2547dQ z<{~~n$lRau67xXH2b+tD|2@P!i1MMfe3-d}&zG79Q$E~0l=2aj|70#R52Jjfxpet` z^C(+hZXUtsE6gJ)A8pIWm`CyXN^?2oRptuH$C^hkzh@q29z*$fa~0(iZ23g?ToZC=Z#J)8e#5-Qyq@x{<_(l@GjF7PyLl7kJ1GC&ywkjy^7qVJ zDBoq?M)_`AzQ??M`FG~M<{gypGw-DQee-*ie_-B4`F`_m%0D#kS^lm0fO#+FHRgSk zA2h#D`60@`F&{SXr~HWdL&}eu4^V!L^8Yc{nrkROZazr)3G*S!Pnr)?{*n0z<)_TY zC_hd4b@RvOTFTFuPf&i=mY*}9T>iEBye%CP)tCQ$0}`1Vkmv>^x&ev)?;_C+Hjyl& z8<6M*B)S2K{_i4@{Gf*Qcbe9_X<1*UZGD!G^;5dmE9qIk!?V7IZ#|2?^&0WDp?z7hBersDEur}mDYcU?O_Tgb`4IVL{#WFl<7!gz&raf z*9;@y`Bx`9*W9N_F{X=GK+9<)50{R2s|w!7hdlqvhw=i!fh)messX$~#qdmY-pD@xbzrSsyt{dFRS0%TKYMa8t^&+41m4 ztiRoQ`AH(SXD&Zsexq_H%DYwWyu6lJ?Qc-ty>gG`$ILw{=TrV><-W_0n)50bEf!*(dU;<=fbu@!92D&7&$`puD{D#pPRAkNDE^ z&F0aSuPxtX9#i@H@{L59|8DsP)+oNUd_B8v{(7wOt znO9aXUOvmbs`^mMS63gte5QF#_44I2%TfNd zV%}JNF6Eo5S1+GT?EFQ`C$ZZ3vgH$5qkR?S+p4cyKHj{&`o`ts%sZ-YrF>`goy*6X z->bfNd6jur_5I5$&AY4DP`-yfCyz1jt$uv@X!E}6rzn5F`q|~><`1fWLizsc7nhG> zALCb+k2D{sevR^)>erW-nGaU~e)$OVq3XAn4>upKes_7P`AGGjmJc%@t^SbmW7Quo zA8M|x{%rXW^YQ9`Egx(?QT^}bCFYYWRmwkFSzkWLd}^h+yx4qtrAPV4E5Y)C?0Srs z4=|ry$(HvwpIaF(FEXEBnJq88Ax?Bdoalx)(G78;{~yGO6u;)T8ms@=+Oy84w3W5m zdZVWEI>qYxZdzI4<7$&tv-+AKJzBMUVS6A29c!1zICDm6Nde~lWuwJ#Q z)>c;6T72xRue5l@8sApyt1C@aC#|flQj-U1O3&3+R#(^7n$6~_R_okr)bz?q-6dX6 zq62z*eZ9%M-F=;R)7m;j*}PV>xh@)ZQ*nQil1 zS$E2Otf|_1vjHn?whu#!OU;Jz`dYQTuzMDzCr=`>zFvh%ZbU5Et=2l+v9A!fuAdk` z=vZyqJL0@$c`;R7ZY_&V`N|DdZnlJJhvN-T5WB;CK;+B zZ?!eOlZV!>Lo&qB2t?95y^pkJ#|sh~_Q`c*yIyOyAiYMfXr3!pXm}Oh8f$f3Y4T>C z)D^^bWu+lW<_7$4)Zvb@ecDP^vsw0CZ*A1zpZaTuU&3&k4s zptWbswD&sPLoVtf5@-Y5cGC*HuB{~+XOSFO-cv>M8_^^@Qp19I|YhpASDEOo!*Y19j*}R7J3i{udXw?Xl7e_OFc%PArOm22fD$#xQbx(x(Moe zx7B3GR>Y4oTVCq2TCglyQ{{TCjYz^0kkZ`~Jn2!#M0<@ih)v6 zMucXNs*-0|VQC*~2AL>o;N@Vk`)@qCNHs7F!$&xcyNo!5U8<6JB;E7nv z$kNXO$!qYxg+5ty;~5@T1FfbcN?C6Oqo@JHEc(}hH-Q{4rVF+qS5m7ld!#y5a#~Ne=`K76*AmJX$1`i9|(`yRcYgp=PcABvgt~)JBg~dgk zcN4PUgsm(=&E1;}T9GAfB|~Kebtw1})Mnnkt3H2}BD?MXpc8EuVlusYD!g$d(dFp zh7O^gs;gA%dTX=Z0r=@JSM6PTtlX-jRx(5#r=&d=_u6QQE~ynaS2)@&TG|%SfM&NN zo}mW33F8WX2PWH*p<$s4HKi{)(@~vZ28JzD+6v>T#$mV`5pL+LBr{0dK|M+Ob_}5e z5kja^CFBw)xhI=VS!wPwJvvTcn^$34|8-nomA?Y6V;$|pM=Pe9iz8|Zd@&*M^Y zA33eJkD(jzB{VyRdlG=MDTco(+_O!gW37&G&kQ+BQnzBe0j=is{Ool*z)R+*qW zO&Mu*)CE?Q35x)(cQqrZu~i1S)0E}Hw?Fp=slO$*CA=W zUtjHN{#dK^*74RljTNg=D8J-DxwB z?!K+4FG@(A09sSN%S;;XjxF6il`Y%0+9x5Rs~`gH*-VdI#kQ>|F$Oxwa!Sg4tf^+b z>x>RwZXM)Z-=f=AZq%-ido}F)lP58~Rj;n{O55cY7n;4EP|#{sF=0yzjwNOqA;Wr? zkx@vY*3-aHOj5}rzjoHyeLK<+t%UfFYUR#`6XRLS|tg?Us7kM=Y1HT&h2x`6G zrK0$BjB5K)m(_w;gcV8UX1!;p$Sz2!drFSQj*0dfg2xc^4&B$Ymc_Ec09j!oT7*a- zY0RkNy>&#bDi#HgA(aqG?-*f8JgCrtrbZK4)uVMxy+*eO>5ZPKho+7d8Zkuzq!uhL z%0%TpAd8El&s0N5QE1V?06-z^kQ#uX^qnhGhjx?sfEU+0LbIl9f(Tz21d7@T`F&sy^9a-APG;Mi3+Z*^mKbtLlxelGs$j~f3(yX$MZ6{b2J)B@h zie7GLBWHo`5@UT> zZrY|g=va@)SK(Hd#L#WqIj%D@gYGFcSVMYNE_NXLKNe2u!00%t2MJqui)h`FvukNt8~S z8XBfX6|&rjv?ULoClnM7puovefqOlRd&GM@tUAU9Wq@O77;u8Dpsr0Z92$WOTtu%U z;|O>YtaAnPg>TX)4#udl8umS}T@QLRu)5mbrC5T&lhS+6bQpB0sdBU7!ExOY?C@6l zEH0N!6w81psN|k(c>An<9w=Cs7lbQ?)?vZu?waL2ntozJ02o{}joxWWhDShA*M@YE zRrLVbMp`{cZ_+DX)~I(2dysF)X`8Nfy21&~3W5{l*4mHE6@r^qM+DOWzH8u7gRc6_ z+u&@A7kC|pr^b6}%2|KN9M@4RD6!y3R{*?K$1OKQs1@;GSGee!YXNJy?R%1C)PR;6 zEuL(4H8Q$L!|>UT4THlo(4(fHp$(Z>ON^&L7>3*WFimGA;RxVZSYxu`Ahk$>2!VuC z2a9`P4-#Ng+uCVm-IhXfyGiyMgj-_p?i;nriJx5?k4CbZnTodT(w1(bkHRIo$e-8!j@ggEZ zYZ%Djp7hJ5Re0U3d3gMA8O}2RUHB^9X|+7=ppGnBUlxS$VJ`hKSodgz|`R8ou@>LZse z%85nLP32a@N6vJ|RTksL>5_?hN^wQTl2=Kab;sTX_m~a@z2F|sAt(&)(F{;?ecbCH zmEa!c10$>mHUQd_I<$~gAycDEjKTBUAgM3v(afHNhO3ka5Xgx=*ktf60PsrsDJ2G3 zgnQWP5&$6_9bsHSb1X+F;EDnmotEDPZtA>AGi;+PnxL=SLalnt+^PgHG6}3YZfOkY zCas7E5->-(P){>S9Y3J&YupL>&?3gwst7^~=ybCST4{jjOq1CQYnk_H=sEy6K!H2e zmZzk(MN1>1qO+24M82%Eu8;#T!`%^9A&&f&4g^oxYVLl=`lDstR`>WR+s9QEve6S> zsydc|wsNoMlX@1$b;0*TQV^8WeLsk!C<;ScSsiS(dJpPw zqvaplRF59@6(e&5mc-yj+s?HFUG0%~^STLc+XVO4u;jfqN{WGuld1Q*Wc}t^A1=Y} zc4v+8^WZB^4Ktt*?=b8Xa}WyQXlsRnNnR7RM1#K3`&NquIiS3jG}rsGfNPDQ)~&Dm z0Il8vKp=%JTw$c0NJLwH9IWwc&J6C`u88PP$5LkpN+2MqU2Z2IY7RhZaYPX&81HlT!pw?$( zbZ!J#b(j<=1Mq>`^kADTpHAB&z(7pD&s(}J*>Q4J8T}fA&3deq9DRb5L;?|vG)7RH zNgt1RZLLcaWwxB`V=#)RVi5rsDz}>f1hkudAW?V3dvUpBq8?Xx1#bzI(0#{XVFsZ= z%s1>SEN^gu8jK6*#r*92u98~hrG;%r!wq_8<=Rf_o+44qG+KmiH9cDB_q)vB^h)Ma z)8l{*R)#!ThZxc=24Aj?-~=V}G_PZg5;FI?(4fIkFNHGgCi4$U1I^IeY4zFxH5hnL zgD)j<^5wO?HVp|Fm3gd-c!?*N+hpEBYx?A97g{>WZPdMP7)YE^19>FxMq0nDixqWj&UT(EK&|Oju%VDlS=0Ar-}$>w20;?XNfedyeHf)_!lj}< z_D$Qjx??X0zWVgP?30y%vT6CU3aHtp&@nG0LSUDN+n|LbrdM>1E3IB<+P`hXgl9Gl z?GbnII}mAcuOL!{THLD#Ob`>u7O%5|i$weB&ogLnicHHpD}Vkk<18dO|%&4mei^qs^K zk*>E|{xRGuuGq`;s1!CQgG}1CpAP%nJrtafK*>AV2Hdt>Kn$}gJi}=Dan@_+! z8<;7Z(pduSa1XLtc#%cwd&;fmNpLSXIqE6;0p1GtPv?CA(qcV;}(k z;4pYs4;UF-M0m|)L|2Hi!7yGtRq@oSLIGC?8x9E)MqP;@8Yy-h>5D-!tv8sV%Rb^ zj=?v}7zSNHQxh$qN~yBHF_RyVQr1^1cW8qYJ@n`u3BsLR582~_vC{*6GIs2 zB5xWfC4vkjXM(|LFAVw?jMZkx6G9dV3r?OZoxsvA-pM@UQs4Qp*iSBnVMS(0|t>_98232I_5`O`*Q@A#CS#LI>dOr?!13y z!$f!D-!d~kIVH&gzgPm>!B>*dNZmMr3zf@Z2$u3YOnh=1p)0YV9{v8{u1|iOB`%n1MOaKZ)^9#Z{;a+^52Di`z-HxEvI{X5&Q$hTP$}~o(1c*3dPJDW zm~2A%9=2@{>{G^(AX^zzFok@qDYQ$@md)6~?PItX_{wdq$z3NkLP^@mlBOrGy#iTo zM3CohH;Qq}tZu;ZlO@Ro(e99u(YYB}+!K&7i*}nm;6$?+0MRFg1fqpd=Cvb>P9U5} z0_QO+V4<@k8jMkUElZ=wYYjpGjz4Ou`iTi$~lr;SC1zSNw8Hg ziAD`D&f8s&7*=13OSjap_=Ka5YFL~UC8%K!haLl|w(d!2Q7c0J&_tYRSFO2?omTE5 zVgB=g_#%~&H>sNv_O!)4ciZzL;&4vwkRbnfS4DnmKcG*rOv?L zkkYiA@#AEeWm!5XZX@TNK&wx#%RSuGkT0%B#rjOy3Fa10D=oGu=~yh>a|D*e_`d60 zhe_Y-E#f;hOma>e+*=0}f*!a>V1N|~;jK$HUf76W5|(?clz} zK-I|bI_O;w^d!=XXfR#U`wj+N6DV)w?OLpjHuYB0@Ef%d15jT=y=_J4=u$ev>{@yA{e7AN&NOO#v_JLmbH#@X?`cd4uscM z)3G9{-0LKm9=hWyi}T`i$wWQXVLe4-2~;sQj=`vHi+M2&i14+$81q;#SaGeI<-H5Z zIa9@!@CB(Ps6+1Y{EK6ccv8YQ(4ZX_elWaf2C@#@LD*sN zWs(553Y`Yb>kMWGAq_le@IW_ES^*zI4q>Q16HtP)9(a@l+-+hDNbXP)5Ll)`H|Va* z5Oq?-W4>MDifCIXuU51svMXFdOETEj4E#Z&VQ;_(dhPkdumU;(GenW*1skvE0Bm$h zl#uCdrVLW#!X@!Dy7{*|4}T^^UCW*b5%s zbxi+VkBZP<*_67hfSPS8>_!TG~*@=5yc4(nHaFn@?65IpMNX(d>whUr44>PgROwqkj zyO!`Orl_>hZ`LB>>Us$P5jNZ1T1Zn6z`TZ8-G=)G?!_8sjo-TOTeGOk!Xi>#;$CPs zMe4q-sL4VJS#WA;T@2<{Chg;J&k3TFI6Ye=XvwBN}Si+h>}%4~5j#!&{tV4dtVRrWe59Pf4F5T*&^3fwE1sK>3&+gItnV{jic zm!)9rGaTEVY)&Gh0AEeK2b!-#HQEToAbFS%ybs*N(CI`{2QMVHAThzz>j8^lubYZ` zCg}*;G?P%YLS|?XDe7W`$%j!G7;ylTEDONB(1!*D0hFU741Evzlzf4$T=l`DH0%So z9r@Z)5^#^qi%}~XqKXhILKO8a?!}?QJ+&gQxD>8ZcrZkpVLwZyAE*H>bv&NzVQfPY zA|8STHi|&>XqVXEHJWk=z|2TTF_g zQXibjrG)||2O#b+Vy!;8E)%m0626puvJy}>MGUX6^%C1u6vW{`xaSBgi77h=?sWryJ3Y5$2IqAO z+>1PL5AnV}?llw4VnoDarGe?&@AvwQKV~>ntHV7;oCPlcj&<6|jurC=u@vobb-0HK z+ZcChsl&Yi7G5p>mAD7@iTWz(HEt_6JA9OEv=Sk**YW)9pol4|x0{d!2^*4G#7_Jk zl8M~9?Cwbz`(2#zB4e$Bds5w+&B8sZ_}$P}70kg!;x~v)$ zDG8O?#ZX?@J-3)APo8>sEP-$jbyo_+jX~yc4~yHbobR?%ekgD+DRFNg+-ovb$yx+R zQGV99(0MN+b`GMYu%O??e?^B|-5O3`*Y6RO)A|+uFnGjO1Yo3=X}RKP zwo08u*gdo$7Ij;y>~#mY23|Lbvbb9@@lkf!4cW%#Qk;gBB5=eT|_H*y9M1;0DvuW!t^K@4%EK}e1JQCzt;02 zI>96$ibAYc8?WfH;|1IkCFDMatHNP5a5&^Uw!az??&++=ZM3MwJ?1}>yMv5jx5;uV zL&i9bSitzSHaP$(>-u4Q4EXR|(=<*bF;Z65Io4{DxcFW9TH7G$ zHEt_+5Lia_Y(xy(N7wQE?2lf=5%;|)kvrypav3$kSwRQNEbw+YD7T5Li4ffs%5|Zn zTgOFi1U==5Lz8#d^VkFC70Yi9Qp<*P9@rq0CVQgQJuN}FG>DXY>_xb4Y9lWvPac+a z)MG;~>aN5-l74@f6V3ubfTi8#vJ;vlNUIR)fRWL;GbD<~2w{N`r0REqSZvd1`Ux>4 zT<8Img}otqOZbA#Ltd-b_oBY66UJ5ez*PieJ{b<9?lg;i7#8lb4?q={2Q2i0G#DbX z(^R?N8)97Qj?69LPtX1ksbr$+_YgdEkoV}mV=&Kmnti#gIJO?fe3PgR*XlHbU!r)^ z@d>^FFf7qvKJdOiE*vqN1S`hxCw*-??DcSQJ-n*e^Mk5hlmvVayZ-_co`y&tT0Fylt4>n z0=MRi^BHH^U{KcW$H%7ZD3;%vrgVayI8}s!MM~3rm<^9T3C@uwlXAWvjpy^(Y%(pX zBjfaoiBF_ z{-8&MG$3>%5hf+P+u@?;);$~`A`22WbkWYNCtk^nq40;*SGMDlHJ+}cx{zMildnduY4$^Y+1k*7X zR$-F0e0z~_FCPKALT_>WBngehBC5ACMn<^T&DjZtX%Z@W4UnQ0n0+XG&(v(1Jdb*_Api%TXrj!P%UKe5!acDF@0rT|UXF3u z?`28E9hxJH(jjVPOW@t>X)MH+QlD0~GR#j|rDWJt1eeokZhYlHU@BV!}k=UdmW83E%{QR%o4#y0g_$aSNG+?OxQ0 zl72sG)WBhZFoXyvwN%Q$d4+sS5Imsy+Y9$BfqvW8;#=LJg0%W zaBnwb_4K_V{;!ZvO!C^Q9C)L?0&K$++#`$g;p(aG z8}u#3JH-zk`1qr;hPA+hPNXR{a0(I9G=c`$M2LruV3VN+1J(^J?nQuV5{y#Jtd2L3 zo!9RX?bB?)i_?Bx4!FRP$apV{YK~jDmt?gf9+bjG3yiGH!)_;yCnNO_HBdx5j9B6x zfO~cZOIcx%^~s#%*Ri;@*F%dVOahSEkDK*`UeP#eqeh6Y@2WMo(V{Y@$65tRb(G>5 zU_&CMZb}5p@F<0<_O3-Y_n980$6S>p9gT+hAfpr1E#7INK((`MJjzGeuzYef0_L#r z%K3gW-P~Ag%;v>?;a+BO&t3?FG|B0|>k+{?4S(4bPH?P+1lv@WWa(JA=Ljr`DLdB> zV=oDhj4tk&@q>kXbyh0|0fr^w4enX@(iS!57{8sfGY7p19qvVOKgPZf18~nL1k45q zjey5v09jp5F&p)n5*3wYvlEwFoiVt#;WbA3;ccro#=>iWdv^7iA4)O%`ocXQ0{oEO zYMmbI+HAQ}%6Sc&`AAV@tyw>oyNm7PXdl=g!DuqDT`mix$Eju+Jt0V=t`!+UEONvK znld}w^N@ard;C~L)@|gc9CBJ>-{GEfo_$t+eRy{)4~dq!++Yo%*mwt3!&DjEY3TL8=n z5Hcp7SVYv2%Ar3FBK(AW5L0St)weTD$wbvh=kZCvCdSIQ&+0C_)WUW)2#5;`_u8`B zyj~;m1Ki?b_tGxy*ed`GxHlfhjIcJCVHsyK1HwVbq6&l$h|d9wAnDlQo|m!i!LAJW zN*J;mYd+8VF>^ICg?laB8w{wy77E0Q7)1=vVnRuHnHKl54BTV6gN+lsH4Vo&`osV& z?gbbJs>zCMFbL{dW{pDL2JXc*@gk>fp}bmAG;mkA3gN-??+oJUSmWMe3c_j)<2pc2 zCvbE{QHu2{yhAlSY)kzlLAV!p<1`4sy;MTWu(8DhnuL2+h$ysc7_cZ}dI6}C9NSS6 zW3~Z(CB`^cQ;Vib0+8Gqp;EnYkR1cQ!FViWqfhii+e&!nZmYu~>lWi-?ppEv@pxmg z*qF~t+?&p}wl+5xi{d_V9t9@zk1JIi&u4C#C;VX-O{U{s}9%XHd z?O9sl^?3|>8!`@&);5xa8On}vF1I_l?(HqVG12Clwl{63okrfTsr5bpk+E9U$k;`| z4vl^Upm#midsyXH8Y>EGf3lpgEJW(FkqoIOL}AkqMmt^7D}KzLIA99m<|9A6I+7_VV-+iwcxhZ=7D#P+ZI2ll zoxLfm7c6JsdG$l={3H`Q!Imh*cL<4?0T=Leie|I4;Wr?z9|vhH>jX`Pxx@k+2*&p2 zbej5G<19q3StQua76QjZ^dE;*EW&%Ha@3!OF;~Vz%q?Le*|NA`q8jiC^lL0-5E0X{ z4CeV>D^|FUfL_4no3_x45uq9ON3z-Pgw*e+01Q8D#BJhzF&oSPs3Gf;VT7zQSr95= zEqy$J^kAy@KvPb%+Gk8DyF*0-y~`kg;`jqWx!E_2H+)#mw3{*ljx9E`a}bFg{u%A zg#xp5K9w}123WEEIIV}_F!rH{2`mc+;uF&VziK6JYnL!-%1?V~#(n38r4v-VoV^uiF&mKnjNG-bsBY~wMT_^k>_i>6A0Y%&>JFqX>2*|8~mkWHuK zNj_4n7L{(mS0B7D(r7dznl~Dk->1_p(#A$P-_I92+k5tGZWZ^D^KisIv7*aF_XcCW zxE{Hc7Q&J)G5o2vIohW3Y&4v)NvR;PB&O_K7^nR~eCp(~u9;oo8-x*1$RquHC(w^@ zoSmhzUZ?0x2nQs>y#}^=o`8EuPaKVjj^fa=r${4k9PTkzEY5itz53M_t+cx{bZ^^l zPI(n>)2uz{Hb<`Y0NfiAE^H2I3IYOfkFA1mpKU)%6T6HdqM4VJP)ZWEk7H8~0yx~W z04XC`iTT#4W*IFfNb^f@PrrzC8Ee(ExaYIOkT_o3Zz)705lRZB3|XfRv1XOs#tVsU zna3H^xeeX0X3*#N1w|TX%7J&{-fG?Kv5s}}6h<)y!x}?iM?`QR$Fq3=?uoiGFkQZ) zI9uFnwkM1XOGxmVpTpor;&~zP*!h{*#%RV-&YB^(H-WOWKg+ZT0K&2B3soMVxC*`D zLUAxR1@)b+*=*qNnGB?0w7=#NJD z^q_16XOkd{X2StE-OpvsMgB0B_lq$R4Wotvj|s>t*c_#G$1RqX$e<^y!4fcs`Ltli z7E8E094uzi!FGff%r98eMi>!ffFeYE2wKVdWNd_cioQb^z?*vMkZr-O1_4)rFlxh{ z{t)TVS&7^1Dq)q`CUB4B?tpCRm~;&HuoA&NVVTl^^@#DreFlk#vJG9zhFX^pvX!{U zJ28P=8jt5h^TxZlH=pexZEluNFE;k>Z0~ICDXJsq(fAnd5#7rs^xxqgix86ZvT4lK zfpE_@HOj`rd7C{(j=++bvUB__B*>D}CRg;#;_-cOuhC7yQA{Aw3$^pk*;y*>zL?I8 z9X;qxk~SF1ahgRL?tBb!*-&8&5?cJOi;;+I5A{jzuLk*?({HWJA3=h zx&Glm$6s`Y-R2~$+g&$oUjn+qX5MLQ!%vv7Ysd2^lL>nTl=K?+ljT8bQ9Wb>EmExz zh0+Mw)D%Ns-352j)@{3Ku8bO`(EuGNGqbeKDV|8lP|hsjG$Llxe$!^QL&>^L1B`(n zvzfp#S<|%SOu1}I=c$70glj^tsoT4Irlz@a=<^%n>m+XmsV7Yl)6+0qL)`6%1R1|+ zOcopLuZ1=^zPst_gcgwtEt$_48J+zFtG0{~`z+WrpZJ5E4`IrxMm*}Y;(pVgL0J|o z@)U0Mf+maEK^hHHV31d6HH%PGlNG}K+l$38*qH%v@Tp**XvRE@gXu{6FV8Va54Pn!zv82E5}F zdW%%@Tld8Rca%9%vjtAVU=St9Dw72wLVRvEAB>`CA)z6*IaXK^KbX=Ru|kI*JdW^3 zhXNJcMnqvGNyaH;ODwi}h5!uk4sp40ib3-+>!mDr#9SSOd9oN~L`eg@dxE2VqJ5ee zf>At*8{@ISG39MMmNgu=LW^|cv8G9R!-a4Gz{*&{y-~KckmREVitMCWBZ|k2RjL6T zMfp(Hr=so+{B59*jovKlWPX;%an^2t!vbLlfs8;~<8)TyHYQ#f)3eSXkt~-o>^31( zsS*UsFe=<0zaSXqT74+%rX!+uWg0COv-xDISgmkCb@JU-r&GIb!CjX&7JGMg_HJ*N z4{vTA*uQVz_D*pdIgh986f3%%CZl}Dm$FYXdoEDAkUPQy)%OWhfAhiw4x zUOX!+HLB4q4Wvkb;u>30Ub>4XSY5VMJ~o3JDt_FH+F;FsWZosgmkpEh8L z2J?aU4cJ81&!VZ+A)O3{1Lo{-9A``z8T%$S`H?YH22-NdA@et);!ori2a{=xKRN;l zwZMZkjVD%$A|~evc0>f5Vr)oOECP=SZpxxDj7s2a7LC$P3|?Y@6IpXj z=5%Vok+&tmY}jzziom*oZ3VA*SGb5Z*qNEh#GB;Xo05FC%=Ga}2g7EPOy~rrcodD} zQ4WkM>K?Jf8JvU^0*2wRKOD0R&~Adm0%6of>Og!Q{dCFgDk-CHNg~g-yq6DIa6lrZ zZc6xH7!_JHRm#U38*>ZBsy`UB>#j(n2`dwe*-Ww8ke7*HQ;K{y~Ix|j*~ro%kWv9<>3g7Bzt zk3~XMJ*33sYEHx;wmD%L9>YBk*S&in6z&l%2)4Q-uQiJsum?ozcPFgUw)fpJD=ipwhkL`JMfE7x`X{!Jt`qT6WL*0)8x|nlMRW)GW13H~aa_(4Gzw65 zS=;H9Gj#2`xEJOn?sdbqQ^qmXa+@9QIh&5{K;*J1ofkH^F685v{!y{v7^)UyWp=Id z`NZTSEhkTLnqjG|m$(=4dx^ndYfr@HQb{^LFgRH%aBtyo4_>o+0R*$pf*%VF& z9E!^eHuhm*g22&zX`hC=dwe*e6;Ur16_y(2X zOgLdDg9zNqg?qCYdt3m(`h#}DPH;4kqKK(~GMwZV_n1ZbK^|^vIGd@@1N=qa8jlBC zlMy=(qp9pXa1Zt+@MV%t(&lWIgxbXfYzFhZ;kXsq=~S&mo6>m6U9vzeTSIDLn4 zbK(MIX(GsQcR;qBl~yFO#2EbpAO+IheE@{jhq7)qIp(U2CqlN_oROq%@lFc`sy(0Y zvFjG)lY90YAnn^%x;fi>4<9~wX#auYzHo1DanD|0tzx`E|I0pE+$)>HT+Ow;+cq^H zFQ$8hdyc@8n6h(eHj2jCt+t-&o9*X^7WcAbmf@5IiGGA5H`1jhb4=3PWVdxrbaB{X zXTUrkr!4-(!@(wIAp4EjmP&+%?L_)NG7)e_Vp|Q8L`a!m$|MOtG}=b@4oB@R{qL=A zxZN9j?M2d1>j{R@%ny_HjHcM3kz@dRKU^#ptnw>u+Hjs?_jztnJsHdD!}igehKtpS+SjmTt>@tXut_7vfEH6Va#LwKMR+e#4MYGXvBZQAh*Ht4k%BaaExsx za7=d2bIi(b%u3I(yg4C~V`E<}#IV?KOdMr%qMQWR$Gtw1bn=uAh8PU%h`SvTlxvV> z+dBzc_4z?gfEjp_#HKzx!FF$xk>L!l`Nb0>gy$6#CkXPX*oO5t9L%~MLL=c8l#S!< zX%24raf>ZG@h}|^Gp*Yzc!y^fw-Ah@2e-G!(V;C?Kw8c5aWrG~4B|~T_6hmKq}W&G zEZ!c_CU?em9K?BXSvAB$F-^=PcENjOmpKNHfrswUo6q@qNR$%9@CI0)EZWfweu*~V z9iQTO1i-L}x4k{$eMA1SN0`TRsY5m&vZw;Rvoue)_T=oF*cSD~Hs{b5F@N)|KMO`6 z=WLPSk4jaw{EUvxX4JqbWJ~O91P#~<2{tW(Pa)o75%-avbO2}bWSVWy#zaZux$L|_ zNVHEALp&SI1})Yt1&#@k@o+I}I&Lul~d~MF>Qa2^yP9$P^Hch6A%9VA8vtv{Cbhf=`YiqFqJE>c|(?Wr2Z)|AY zVq^Eoot?vnWZ{+b{l5J-I(p>D!9zvM$oXJ{-vkt0&WE$<7GGSC2*zpn%T8dfjg@soTk{Jkq(;#EuziMO;7MP9PS|$;r>Ojv^MfUvW(LYdZJT>> zXGE1zGUJ%ooUvY$6x)~9(Z77>0duJnXtDm&IftQR1Q_Kp5-lR`NcH68Fo^p8a-f4Vvdp?9=ljCS6 z>@iIC5FixtiAhPnN#$X(cQ~?lWNzW4!+CL9HN-+OE%B+5YpG249fK#pLofF?HiiWB zGN1V35bKlwO)}-N0b8g}OgMi43`^5{_l>hrk`D*CoykTr8f7`Mif@o4g!Y&)#*4vV zuVTZ*HaGM;`g9~w2^Qfb#8TfFObAATgqWH7S3(Q?8P>uQCTDE*2|ODQKz8;g3-LBL zF)NdNFy!huoelRcrr>n4Auo0qEpqT2=X##av)0Cjz;T4NkVTu5rsEdjRr1CLn$wqn zIofG~k;Od3Us+5J?3EsROhNeUqe&~vHbyZNA>#AFYzm(kpCsiM-YI)~F^^e%nS_%$ z%K+ULI4lqbETA#b);OJ&?61PuRpO#)S;j`XnY#loC%_jgttG}dE7ASnD@mqv;a6EV zpDSwT(u|1R_V(r$?1Zz$JLhH1t*w0o^tN`N+_w*yJ9_wV`SgKAh0B+?A&lPO=qLqZ@)M& z2j7?&Hjf13Y-}t8zaAs3WT{ai|Wo(nQX$!-hA9s*4>>-h+q0=#l}0R+Pk65?k(qB99KsBAoZkaIGQAjtkz;zl&Bia`Ay^a;GvA| zcKSgM8*NXPSb@{h(LP2-=j0$!JR)8*xR?*e@oW>eWz#`A8Ep|ePrJ!JD4S;oH>QJ} zaA${LS2h_gCel(Y4K0_2S%*mZ%}zOVaFL$6e{%%G=GiftQ}KD<7C|st5Q_$3i^}7{ z!O_&-nP;jY&Wp<>6VOnnnDp`zLjq*Kw+ZpgJC;mzKI|O*Lg6H=bNL^yw~2CW}BFt zsEziiY{E5Zg_3p+&t|1>JIb-}HryQy%K2W>_O{ebNx!-P{q34>mMu25{!rGPY;EJc z7HR9?f&KfpcNDW2@KP~$6FnGDqJxF#HrKn&o?^?2kxueucn7OqtqkJ_Uz>&qbci<{cu%dl#GI&2g5`CI?y0 zv3oFC=iwh{u_GROyF2_~CC3rV(>-hxV)Hqd`_WOhpWHm_9o8aqe{eL|ihBD;ZMzD? zlHN`<$a_1i0JE4jnh{Ek2gE&z`YIi?8{8DX-&k1c@=Y1FV1Tm+_a>4KF{SLaJrfj~ z4wV&KR$h!Z_+K|=p5-pj^92jZWo~Z{()J|V<3QPATh2Of z9+XY#d~lE49_4Npx_9oCXICzILi=#6r= zo!D*AyW0eI+u{RTfml-O1&0_J&hVNYu&j@4z{SaUmTqh_5$2c#v+3TxH_dv3Lr}Jv zAKkMUPH;WDIDPqiv^AHO4)KSxA+}*R9d&Mb(;FS#%1%GLJso!1n+5wsb0#hy+&kwZ ztb<9zs7>WressFXb!U^3urRzApH)LF)T4NM`pJ@@iu;bioB1g1&%=Ftr`UyKmal^8 zVlrYxw(<${vle8JPw-_h&N`j+=#4fei+s*Ti@_q_H(V?xv%T|8He2U8rr!AQk&T`4 z_$WUzhRSRoe(;bnrA&6x&2*IQ>>F)n39b$6p>{{u&JHzFq?hM6b~f|H5c81*4r0Rb zB-_7l7&DWOr*L*L+MXTV*s-)p~L$RFp~5{%d5N-C~)b(0qe&eEWh9AMmInG z^wV#8)AH$4ZgQ(zo^i&_PA~3Hr?cq+c1jdoUd(p(9OjGb5l*RwzwE?lw7IDjX4};M z?SnfvW|L+?;ATNg*}3U_E8nv?_sIJabLz*3;9fUgj1MdTSONq5?=l-jvqh)FDLTsT zo6T{)*z9Jr;lZu#>Gq73o%xa3WNi0fh9g3LxKLy0?Hw4iHJkA7INJy4vxA7sVRCAg zg}2VV8+Qoz1;bOro!C1(Y1>tpUKZ{rdg1L4`(q;ZlLdsOL;QcDA4*4ARv&9Us=Kvi z?V|BE6V%3JI(7Eo0c6wt3!B~5B|VUhBy42OtIC@*Br`9wTWDAS;ag+(A6is)wuf0~ zmT&Wma5B3ZayIHJ@8j6Ed4~T!BZ6duGSQg4F+P@$?33A}+#_b=HlQd%a%7+KB-4J# z|ChM8kB_Rl_QuyfXC^aACNq=CB$*_WnKQ4MWG0!(Op-|;B$HPHNgzNX;Uy9<3cgfO z(29+Uih_uOij^u=Y|&zCuR(%>(weqNxxJvYMN3=I)N*^dx6;zq_R?NSp6@!7Ab9Qb z`ThQSPV$|7&OZBnuf6tKYwvT;m4_{gs(#_2xV;6%4t<70N%lwp7H3aY+=0orkR>Q} z$Iz9Dq5VJ?*gs^AqGwI^pNE{tNq!{b2H zp^+T983^ogRJr{Qz7xQ&8}Hw6*tv~41UDf!T49dQ;qiJP@$vm+0|y+={48HiS()3F zXLn(%dbZo|2IDgoJKUI`c|rE_!{G=Nxa>w_epS2(J?w=jQ{Z=$IsAT?x6Bvt@~(^! zYz(nVf2m8U!hDHZ+QZnVR_O49VhU}g`GI`JUK&;c_Pi2^iw=lS7-OZS2$2u!bvR0k zPzOJxEl^V-EW)`idpPW{VJ21Fjv~eH40@_ci(QJ%QO1Iu+g^(1bJ^XFkUQiyvLMRV zUBA<1j}&DjTg#zNqGd?Mk;?>@th)jh&VQH@a!UhKs+f?iZdU=gw=ZCHxy$^8s8ONA z8FB@S(N3^lIGo190<5E;Cb>>qVIV&ca=QZ-V~O7xLJwlt@Oo_sO~#4w;fA*AFM?jL z9xhj~1SW!sBM^WFT3%Mh!;KH@!h>}M8-UfLI9OQ`jV6a(VWBq^hK!dyf~8f^RKw-y zNl*N@QRVk-H05X^;Ynhf-xcw3 zC0*E*nZx2#@-Q0V=2T&gI-ofG0TV1H<$<6(=y51T-b$D?VS{xQ<|sgC%6Qjc% zVHqvQmaEvyFok0Wk;{d>DO2qBoEArBH7~Yg7f#6u*)n6U4AmNmN8-b_LRV%ONx`V> z@*5#!6vkpP*iiVW@^Ff5!zvC0`EUh!*Q3j=`YTEVw3+0K*c-`5(t&E@Q~1x5pZp7W ziZKQz|NKhwFQ61F{HBoPpAjm((d!7}$w>TV7G^sw;PUt@1A^+GCx`!dZO36#a`~@F z`RuQ<3}Q?^|KZ6m1^X^0j>73P8E6vCIz%Lv|02J>`#gp^IdTnH(S8zDDp+JvwV(BdmJ?j zDpSe=ir1N^m~-8^O28c|@;O}C%Y{7z(5n=)-DR55G<8bI*%A-?&|tyK>I^pNQ>r51 zItrQ&jilrm5!kOx^##;BLA4*a<++tP1UDf!nqmv^)_uj5kB33jxO~@T&o0U>FZX#1 z93E`h%mw#yISVsGiWl=UgpVr@MF|#q943=}%G45Xu~Gz4rm$FvD#gWKKWMdx$t2<_ z_Qb1;BOdn@TtR$tL{T@V3#%L7i-2qYfy zl!eevus$hnlM{LJzB`y~lwd(H?DGb*OyI*|B#vQ&I|?ruu*-+f7YY`a`24IU!DQ%V z2`_mEZ5gb@5smV2;{$sa?Yst(yk8owsjjM;3|kb5^74dwltrf0#H(W!XikKk$TK_{ zvZ4ZdY)$2*m{Y;$np+whCu7$oX3m&Cy{UO3ywB(NRba(%qR4@wNLd^g$r3^H=Eqeh zlLp%k`f;r$6$@8JYOz^qqJoo^nJk5V#32&w;2>Gjn*ren1W5;bC zKSYu|V37Cw^Xr1efij;bRAy0%-8JE8AX*Gfzhqjm-w$hq-<9Wu>g$0%pPA{g#FmmQsJ%8;(4ZUot~XtK>hw!s|p=9*#Ox^$U+cNvS*LPc!?A)E@CgOG-karWU`=ybrN;z7w82uip z!@go~q0a&nm9MNQRvPs99X^)wy-xTl{><*q=BAiucA_fiwPZ#wtFwn&xvsj@AMzD@ zxRHEz4jl3|mxO(MCyL*oms_4&nL}_Ba-(_eWxSQk2Z0**lMNj8`4wAfK}}7t*y$;@ zL*^<8m-xM|teCGPKj4|L>Q35sKy~G=fX8A{8k-}zq-P{8eceE9I7dUu!;J{ zi^Ii`ik$60}0Xud*)pCpY}`@G;$KA4W; zk$BV>_C|_IJOLl%xWZ!3)G0nk&=(4n_#%ODQDvwp9);BGtKr!+=#H0y8+uB7@sfCn zrDjU8r_5jG4;K}?rgbq^J$+_R_uRRivnTEcgP~w; zo@KJg;ZVFXfs15`Ae?dEPbTH}mq$amR+E}qHLbcOFK@Dfla-k)T(B(WuPD2v>Gux8 zAy2?gLcKf=A3n2_MjnRy4y~gUnuW7e!V6sJZc#4cqD{;Z^TZOdRD4<7A?^{6iN~c} zsX(fd;?ivCap|D+W9eU|({iT#pu9=mEN_*cmtT^HV%BLoFEs41dMQJR%i%39?i5oU01s$cZ%Btj+G5FvBMp7x4HY>*ZO`kI{wFt=cV)Gf2O}? zUMTz@&GT?qHSubxy zeIAt`lfNl{Tizr8L_?Zonp-uS9P1o^b`rL1Db6-$*F=4mIM+E}a~^iS?>z1Nv-59C z7F2Es5o&#E)cUMZ)_p;J=DB)Yize!miTdPSs?WegeMqfO$_4r#LVd*e-^c$terEi) zh1ETR$z^}%o@n6z)V?U#7#~WzrxS#sTG4>6jv8Ql%Ct9Hce?*yN#&0V8 zN5+0Mwr}kDkAC;jooD{*%-J))J9FmDM`wO>X7tR5XFfP{>dddt{OZifGru_V-kB4K zp&p}&(J4f~DH$Cf{dDwiAHMd{`H%kdOy%g8K6>E8?$J9&=Z%I(W240%ZvXJf4<8}= z@Zk?Pe)zzLYd`G!u=T^HUw`O1Z~cTQ>#vr-7&fNvL4qnBP9#0)yn~Y;PG0;kch|(- zzo~ad)!(D|MGO4@IPRpIXcf&>V=Vmt7_avW!>zgGTZ^;hw1RG>>%|hfk-m&P?w~Kx zTDqB5(lyBM7P^*J(;9gP#?mrzjToTY#I@q<;yLkc@v`_A@roFde9)@~He<`6Ky^{5$zS#DQIh0E_%AP!ov=e-2Hg(Y)^wK=)rXISA=2I^%poO%E7E>QxO-n%GOHrriXeWJxcG1hUhhC?H z^d^0e-lFf*2ELJLCHfWJDQ>1^Ods6upqa-(AJ@_i^mTfH zcF>FTP1;Q_(YNVa^e^-ZYWQ8+N3YSaFwpgM8*NI`4?O|u833(OqQ1AMd*0kRU9)F( zcC^o&(KfxcrMaoGAyHp9t#;~^nravyu-+8H>J%2{omesCmrL>|OjEQPSrQa#@wE0U zL;n6Djo;JOR?63&rSMpKnMePS0yhar+TjOs}~u#aJdjeX|b(nR)$2s(lXR~`-)91 z{mrEzu_ryP$YCHr z(u~J17pQ*Jq^32L(ln$~(^9SYA|N`0Bn(g~jw zpZTxEH@S+JnrR6AKG9@^vY~{ipUcH%d3b+P(-JIU!wL;4ZUZq4hxL`=?=Q|^l zcd~o<&brAvm!kK3(6TL_mi~$V+gI3z)-6*?L+Dxc-#4W3;l45?`}>z&vx42F*KYDO zqlRcp>h2v%G~*<(bfPg^_C&%6zqB8fxSpF~PVZ3IvueodX-u{@JdlX5<@$NOYLujJ z%aFBci2ARYh&2>$L0phX%O>s^E+D7nnbUiKV&kKGDwKk~%wZOAIfinY&?)|wO}zux z4LSP@20)+JDZK@*p~M0--vUqXwF|hHJm#U|QDlb$9jL}a-98t3GBBz=r1R;OUa3G{ zz`X?zr4>J(##-Dk52Yk8xknpom0nRmlfjV7Lj-3Zeb1Ov!xyY0;9Qxj@BA%eBpy74V8gaiJD)BDF6rr^IbB(HJO# zp1ZS+>rfh!aIWCCen>(+RWI&En=(XQO0VZy&jJrp?6(q-G{ZqJy!t!&bJ+UITJoIMi>lCo*W z5P@V97_QZpie!eO6`a!3y40hXmDWv5_m8hzwrNiyv1wIH|B5LX2b(-I1~z%-_12;@ z)q#Ik!JVAFh1x}XcVlS?%%^dWM{Jz4Cm}Y@TiAO5(wMTbyLXQy8W$iW7#kV@T(CtM z;KmtTuwqmH0w!(BK||tS3<*yi4N0E5Jwi$`45fLlZ5&GXG_rp^``0J^Q`leUX&e$c zqLdB@SxB!AIL!?iLLvo-05Wyqw;zzkM{vKYrgc9YDa(042tlvD=v3Z-kie%R%h`}E z^q2#6)FV>hroz?2)nIlG!&lH-IR6kB7n;O-a$;!f(9R(_@tv;k^nXY0|F+oqZSlRk z4)(nA=38&R`=FUOPwa!U>47@uLmS-AjT_Kp8&f8ZHIByeoIoF`}{i|24mdvY_ z)g!Cr)ts()OS~)O{dd3KbL-tJdv3XVRS&I(yf7f`S|<8DfpVDIpQQRxdvR^b5BV=~#c$3sDt&l#D^ew%b`wRAcRB7y5vRgTREhIA{NhNv#sHion!1&!7MM0jR96Au zyzV$reE|3v+Jyoj??%LH!oB80M6EWW>9uGcV8(f(nFop5QMQf{(JZ*L5U;C^XpV+d zHGAGFqV6H0o(R!ZJBa3Y5%q2*T7Wbc!|g*^uRcn&WHSiG40ID+gM6<7t@i>*dp**7 zV1VdBd-N11GY3}n9y@qsN zNBq|j|8>OQkNEo$e?Q{y-wqrCJ|;R~1rh-2bpYwUv61M_A>b6zK@AWAP>+M_0aW07 zNaOnkpc+73zK`(V-wEso&JewYdv8?$i-9!&;=P6R-a1JzPXGa+13)=OklzT>{J~8y zfb{|h`$Js+@C5KF(T@=JM_s@Q0Ab%&hz?f({Q&YkJPe?mKQ;pi0O|Y~;eLD&Kv|B! z|42130BiYg1 z6hOFNbpYFmeq9S7%~MB!Pl!${0PdZ>19%xgULP0$r1QZVSRQe26y+QJl;|VW(Q_}}#di2FN~^LIOl{v!m807x5A=&S-HfPP>duoD;o zMv4BD00l?@{lGe4Colqx68#qe3XlN$fpx%6V1(#nJzxX25uN*l=nonIW%@%Kuo!^f zd6fN6>j9MO&xrfy?Eu>H6V&080MTDj?!V&x-%bE$0Mzflt$-J(0GferU;tPHtOvFM zyMSTf5O4xG1AIbsK?7I;FHiwA1Kq$1U=Y{}>;m=!M}biQ@&1mw{M`;9+}{rp{R8Rz zqZh#SKTwB%Yy?pDf9wVj_a8@qlfYTv0@45I0UHnis)06OF|Y>M44};};{MnP;0!d5 z0q7<#laMP&Xlx|3=Sk=`13O6QkCRCKm_&Lni45G&*iXXv2?;a8XRaV&!9D9564|39 za_%6J8zGU8Dc)`XkhbF}2?g<7L%;|L5B$BWNcgsrD7uM6u|lF`kVNn-iPCBkWw=+i z4#52|;z!_Lj&ei~l8AMas8~;;a)?AcK%yGuu0h^Ywv(6&w-)!NeL|u>1Q8=bqG2bA zCY(2Sk!a~9(TX&u!*4p`Pd`GU4f)JK8Z!`Y#xCFxa0);gGf~c&UZ57}1`u}UZr}v) zDT#LE-;Q+K2LZ%wN4yRz&;hIm4gyH06Zv-zkeD?BTp%$!0^oY~HUNIJKPEA!pTs=G zotFSs0Jt{~@p~#rT(uK83VcFhz5=uXtALFF?#?GD1 zNZgD2_rqOZOX7ik5)Xb%V&ed?hQvd-ei-MQyGT5;j>My%lGqv{@z^dBk9U*UhV-69 zT3;O@@f6(cgCxF&@K2iogny=u#15SAI7H&>DBIUhka!mPK8rBVA1v=K*h=Dqvm`z=lNb#FwLk|j2y7UmB>;txpoycIyce?s_AaPMzjB>o%z7Z4u2SAdTS@J#VP7f5^x zcMR9#5t68zBzYT2+Vv#qj*yh*CCOkTDPxc%Qw2$x8j>u>NwW5ml>I45xw}cSjgXW# zOj7;;Nd*Ry>>-j0aqT=xlIsL;2Ka;|_sb-C`+-#?`8JZ|2Z~mZ6hJ)aCsIilNx^L- zg$|KadXl8FgCvDVNs8$^!x*hp&7kknX9QnQ()ma``zT30Z6sZV^uRl%`M5tH>CN{72sa<$dI>-p z3%Y>;U=2wN5ocj9fb0hDMjDHe#^MT~nWVn$BrUO%)PEC6%iu0U z+5^CKxL$sUq!qhKx&iTS*a-|l?L|5_A>2(NlD>p8+>A2Zyq=_$NM{xDxpjb~)wsU~ zaiC90w;d$u%K?(sqD*Vo0SLDi>8w2hApD&u&z%tf@$MW1b^%9$Pe}R-()mgUupU5K zUpYn6AkrPI1yH}i{UqI`2awiXD9hb8pbfYKK=`{6{vHE>@b@77do}|||DJ=u3E*Rr z)*-!hcAy!!3D^M~1wJL|-Vgx)dlv(1fXx8n-+K@^L(+W)pcc3Z*Z~{`E|7G;7l8l$ z-2m?0zaGH-`-cI9xgT-Y8-NO60N4f`0zM(>0WZ)EAl?J(0mOS?7(l!S&H$g1^q>_$ z`VS5O+kivBCnRm~0`Q0KDQ!Uf4eJ5K-!KfEB59)rr~n3lZNMSm6OtbC0*LoeH-LB# ztq0IY4tZ{7?H z14#1`#D63NbOVU@$S&YG@F_`;1_1a!x*kCIN6(V9#Ri~Xx1bDLwgdZtlfVU%w%UMd zpcl9U*bST{=`lS3|HoDU+kqp%1(F`O0q}pk7q|o14(ta`0vAYnA_5@J6FUHuX&cJA zts1xqz!=yz0*sRMBmoML0Q!M-z)k@9Jb9j^uiAlTU=^?(I0V4|DfmBC0W1dA0I26v zqa;`TE zHUc|I+LZv1-Y(>^>j-e3q!$zb@n0AOwgE2#NaF>h{lX_Cz1R=n{96W~7FY}n0y}_% zz$xHUl6KpHT3|6S2(AlP@y zE$4!_+)^Ha65Bl9*eXg4f}t*Wg1}r8nA@AU+S4Va=EJ zeb3f8cXodBL)`~2);S8jMR=U4AS;b`8T}k~KgTVD(gr8ra-UZnG zargk)$1fyqM6ESCeY!z52nU{wkuoIdHQ8X5@xo!PSr)P@F9)yN%g-dI-GoQ*&F0rK z@#=qU@5U!eM5a>EfH$@1Uen|W(wHoG###RwzN@RjCmbvq*^u9m*=TOeXf!m+4U*a# zXpnkKZVmSRX2#4HM@B|6W0}}Sub$R(3mra`Y@-c_aG2F!VKbkA{~@*QF7q#sh@gnY zW4f5mqrwyS=zw@kMNEb(9{>8R?pfWIrL)#s9-GzOxdXV$GSK;;<%!wdZ+?B&*TvZD zug}~&^K~5TjCJfqQ=u=r$Dfd{mi1I4W*;E`_-MkKPMroDekv3Lbq4VQa_T7BKYn(v zkvid?+zVg0#}fqz<5WOWPFp5^%xGb!%|xBI*+lOC@$-9eM|I&3_v~KWf_ov6g#g7C;C*09Q93@J#Aw|56h0l+}_}qJa=gjX%PqSMd!5Yn_ zqwmrg)^>c+I;pavOe!jqLFM%#rgMl~U77H>jS}90lIxI}>`lTGFO!Sn4k7R~M43I) z8O+NGy0e$|7tARLwpdCs8zP0VqMT@~AnMC;RCks+<~Z{sB}!`0GP6HDKd9s=`PqiF zd|%Alw$yOzDouf*#gLP3^W_zXYzDhO<_R^IJGA%SC(?|jltpp7KRp-ZA288FeQ?e1pXl2V+;G<+3_)B{konZ-j^t{c%Ohgi ziaKe6X?fiKc!htWM`P<pCeBk+DSbExCA8L3vwgZBz31Z+NwG&~8lr-uzGRNc(k1fZ9Tgc;u zyCE-t(bF11%eN{BSI-@tbWiTZ_^CsK^7w)~x);L>t~zGpa1%z{sNnb&0mKh;R9wIv z;huzhB*Cm9$b6;5mWrQ%o;rQiNGFfefot18zFSQPFYBRBylj>_&B$^%EuA_{d}7E@ zPtNa6qfU679M-2&M>=8lXub>vueAC`xhljWhTcq+zLo~y0JrmKyCIqsRRnavwB=J8a^Q(JCL5KQ}A z@YKaq=gfz}15|1;Z!jLxs_dIx(9Zjx;|HH3p@{|HIA|nZCMs1@aex;XC0%Y+Jl80g zLwL$Wkr7OyOv;VoVM!yn1l}H=lUoNa0!mAnRTyh6&a^q=vm^Ejf37{&TCyfmIL8<- z$qO3#^|{8@^9VWmJYEA>c4icQ{e`7kls! zfU8bNf?bQ~gnM=`l2=`@EzTj~Lbc@phvo(VF|e#kZz5o(X~L{V8`iHqOYUpKwTRyf`5|Jqlj-_}3!)N^xtHr5AfpPm1G(e{Yi zF5~ZvPZv|=bhOJ&2grolp*K2=TwPQft)q@xxEFYwacd>Yj9h=78znO;B-uEIz+5jn zgx-vr@h!vcdM%kv3sMKvk{|xyFv$C|qUuzV%1dw?~(sXU=qF8;WGTE(m$*RP?=(({GQQ zj*djlBT<1_IsA5C?DXNN`E>N{K1L`yeY1du7KX2Qqtnpn-)sn zE$Jw+`i)YzY)X~wm5{?yywm;u>E09wWtDb0)g*UIM!yxo^yn0Uoz*d^U2;P9o|Y(- zrF1RU3)54q=_%={`jnImLkf1a>Rw4F-kdOUEP4?Ls}*}EdO9gQ+ssF~Mw1dBq&@ND z=xbT8MZ3%SS8~2H``veEzr&3-z7)HMZ$)0=1Ec|sV#I0C?TJjV#1w6M0)l@>I;ChS zgUs)|6BQpE3!YZTUL2x$QJow=thISUwtB0}W|nXD&Ya$WH!UX`>kE?OZoYsKTg=Cd z;!9*}69!WonPl;t{H`ovW3E=bB2yT1>HE=ReYc>uac74nxFeiB?1{_?-H5h3H z3VidJP2n|LkYRb?^jbEt$P6I=zN-*B0G;G+_|`!h9mwhuMk8=jB4_XBu|*>-wRoy#EROfgVRun=&zvRRGUt@?fZgORQ)<{1e=T3V`i8mX*Ds%NSGOnp ziJq&Mg_7>lB(3}gx>pXyxPkU1@OgKz!c-Os^juM00$c^$7VQgv0(b1x?;jtUV9vXl zJEfoz6E2*{%s{m%=?1Ki<0~srKvNZXr?P003LZ9+NCzFJ87Tq&#j%(%!#%>p-U(XQ zrWtzDd(y5-g;3ARSWQ?Jk& z2w&NTA7?}n3R*{P4YGCY?q(%-`4 z2NK~`7+Wk{4+C<-R}Or=X^&<=hCYYptO;H`45I5h(f79b;!!lIdK~SWoZ2RLyG`7H z-p_IlTGyp>f#XbwGw=fciA5cf)ajnm5zMQO`t_pJGIpcBxTeKdG^5&G8nZ_O&Q!%% zQaMeDv;?hEpt7rJs*)87m)mAlUe#7>FO1jJ`AWh@d|jt4BR|Jj5UOS#+=4OQi2kXj zKkW;eAt3}OnihSd>ZjaC6N<_x%fx=Zj}~%s3!-1(j_yU*uri@`E>1=hspt#`C#R0p zR379!U1GvLnR>&l_&a^4IulD>^bgF?UI@z}%LKuPfL}YLv#l zd|jTe+)+8d&W#V5Yi4UQ45=U`%mh*&_<|8n>AbWrTaQ+Tcz;q=4^4b!;J!dx!o85_ zK@;m)dek$^Q<;aJ2Z}0ZszRTZ`Kp#jl@=d7Go=eLESap5NlH`7K*;#i{Z&?Nw&79P z1ly2EyGrU2AY7FXSZYQtjzpsn#!f|przR{_mKs|)mSmluvCN;O z@tcx`C1b};_C+i2tX*`&9Lr4atd3Uu&-U!uQy;!#@V3&iwhpn?(cZnVl;M-sHh&e5u0`!EnuErPjvkug#20n;BKKvHF7%d6wrENR}$0sxEWT2?Bk&PElYT7kK2epsMm*ysHX1a9GxPikA3=Urz~SO};FP zR$<{8)0-+c!W~T*xqbT;5e8c+*bHVpl2AaX`eN;)OO%z$bBc_&Y0#tot8%tvjAV(d zEtU*SNbjBNGs8p)mfOeEd+^+;zCLCU??m5;2F-^jSj1(`{27lx6SFvJlqM)sB&iov zicWCp#Htj$&R%=#YIobp4yC5lq4gSD;>FV|9MPFqdChpMa=K`?NXxAil@YV)>iMyS zjefisSe~UX$S#`VEvqchOJ&`2=7eT}9BB}JvsT(qW;_YDdtWK*rEEQ7?hUQ@2)C=9 zTM`Xlz_eNj50wn{Jb@Rsp$YBG-0cxG6BzO+&&f8tD2AKPjvEe=H)p1Aj`;ii>-@4m zOj{hrEiP9sv-U&=0;FsS&dz#3qJ4PM zhH;7YK^@e{snDHZRf6ctoHW^d{*TkrN^6R0i?hR3p6T1B-~0M48R^>Ts~6T=l$q|* zhLS92;@Z~UK2fJM<=3~ks+v5JXvSBsf8*gfvwhR%mYOpQN^4!wYi31mWIAR8{!^f1 zGj%1b8XlS&9-1-}lr9~g#pNocrGv7~53kY-l~hb=AQj3q_oV9{O}mPXFZJhm*nMy~ z*mo{ye*bM27V%hcofd=4#dE{6rt-S!Guz!`uV;z9S;18|_ZL*IUbE`j9><(6-})Ec z=);(j@$BfIq~+l24vJ8tTAXJQ1wg`Li{2F1V4V%S_zB|aorTvoxHw~aHD)t8!F)D9>V(*AT9ElE5K)Flt>kH+0<9a)0H`r zj~@uWdId#pMpX zr`DY9jX6rHm>>0E2mJ!rWECnG(g6ygn=v7Tn93SJM_xUyJZ$DF2dCgD+ME%~$=hP_ZgIG_V6S<$rKe;| z8U&bg^=~s{JAKZq%8VB$rA2fRW?)#=zd(S2zzE?a*<0!Yk*5SoJnZ1;t+-JX!8le2 z6Un6URkVVoS)C2b8vCwpy8E@&+Vr$cIYVk)*;8v(W*R)xy{T!DDrScfVa{jHwyZOJ zW8aN$Y?>`*<5{J-5wp27Bh%63iZ{C|n%oh#Ibn?nx~nLX^jI~>q$OetrNCu>=-jHm zA66G^<(s%`PNa)*M<{ zjQn7OCTJG;#rm7-+AdvQvN@HCxGy(Dh`)@j&k`q6#_kjGnXh-fKKJp*P+ZXA)%28f zt#}ihR!6af1sQ8}1WiAcUWrHvNkUmiUdzg9lTu#MK=a4y9#8Yp)39rqxi7OI;`84w z@q?_fdPV&eZ_a*jHs+D5(H8A$TRg&Tae*gWq<7&pxFwPRn^Btu?)gLAI>7-JN!Y7Bs@YJo1e!;tzq zu&k;wb5^Ig|5df>E(}E-GgBRpWnBbx03#~@)4tIIOHu}d0f`vTD9g>CD2b*)d*e5ods=tgjciRj&hoC z)yWyII*yB2fW&>c>V5SZ>A_W(Rp6?E2q;KR2kwzX6%z7RBbFz?KdjMvxX1B|YyQER zgOvpbiyMW^#|xRsLkv+#i^UO^ZFo(Dh{oj1(?TaH=)ef7_McIgFKE#w`zWBi<`z3ErxO{o^i^wVI$1}Olt*(1aOwc*G za>^w+cXC$dxwpblXi)P-?T+wNrq0O+C)CRKb z_1Ddu|J9r8idvUVoiaOJm+B6d+uH725N*2e;GN$b%AT@(?DtiEja-8zqhNC+AFo?7 zX7=>d+&HJ)qKDFFG+4?z7YE~u8-49}y|A#Uzs_OO%#?LHP4S#NW)J*m`_*#QPhx)pgz|c3mU-b*8*IFB16w!p%#-KFL%hgk zJf!yJC6Ozx^Hf>lF^9|xR$(+fI#2ihvKv;tw_=G2pKCNM)9SUU`fQ_TMdPcl{zP;? z)&8~J2ftLhsASfhojtMVZ^i7=J^pv-6bH#hKJ0n8dWM|3AKz#yqK%$)zk5o0$nEQH4Y$s^Zi%a<#@8_`KboqOG&-%cGfkK2t1X$1@RGMC8MXEvsy$uL%#E`JHS%pg0xcmR*8p64oIP^zuRc6`28EwE@mNY>}o z#c5W7xp_f~Y5=&S2?snfn1u1ENHkQ^l*O!Dr%vEJtQ|b8F=+Wy0Qd|?`t6wxIb|>} zrx6y4d?S{>-o^k0KzbKXC25WqG_E*=TPI&4uA=0QDj55j2E}vjrgeIMaP~dDk?WQ} zy}jzzJzptV=6k;6YV4f7_+OG-x#a#?z02l4_LZxiyR%K7COw~)!tEgNTrD;$f@h`E z0+!XzC&CcY($jP)vXr6Kr)o5*sl&-#VOtQ|pk2E~|D0aZF4W|=!j!}AsUe@R|I^6`%)f&b*MRA# zQNz0jB)y7WluIUmf;R^Z3&{$BQ)sc%sZmVqQ{>%ulZ}T&J^ziwqL3sNCfT>@7#b3%h-fJ(#7@Y-U8K*Hlm76@Yu~}EVv^qU~z;*0(oe)S!wwS z_C9pvb6IeTA1+2d*|W{~25)BOumvBc#m6rTvdtE2Lso;OF%z;>T4Qp%>xBFSV!A}C z!u%7}urZPewevFW95t(}vPqxG5&Jp*jhnpksESi^kxK3`cuRlqFIm1K>}+Y8mU~lv zZGEGw3)DIzbltKZyR^^U)7$GSylUBXWo7-nodsjBVkrF7)!p5Z4_aoXc>(mH#X5N| zUeTb{Xoh9U$}9FMng+Q+yH>&&gv}W>cyDqslsU3bhjAv03t3|~y}0y=Idd>Jb|Ae3 z46kdEUWs@-ky&C!a}~2tP;BPDDq^z22=TK#z?_ax*aPPD3p`h{oAAQJ%|ff&#Ui z1ot>H5xmC=t3;{?Zm0qFGdJXbs{V$P(S(5+k1<8xpleK-Aco|o;>qp{GF4z=|DbPD zG65ffo$6SU48(-Fbdq(b(I)7^RhHxy=y8l%?1za?t#drEP4NL{x z9XZ_C_$V%mHVBc;^Gp^?Iu;&i79PsbO8JagLne<`mj1b2SQ}8=MO6!s7Tn`J-(Y?@ zukN73#|Xg=Zg*l+cOG`m^=sE@Wv$OTnAU0^#QR-%nSd7ucrW%pA06V-B3M#QkS7<* zRB1@ci1#)5Vgp|ts9xOUi(dQHqNbbL1D)N?H{w@%+tqkY&t-S+3-`~xxUONv zeGLniCx0PlNUB`?4DywS=ou z4_s9P0^5fgj^HjP4RzJY#iJBlURC138<3bz&2x0UT`q4MZY#x-Hw&Y9-cwUWMTST@HEJX zcTDwNgeuQXd&SV2Y*Ll?YE$r`cZbB%bY(5?ApC6o$S4(EL0DpsaK@UvZqHTiQPF=p zC~JTzEja()^_Njtx~!M1c58;FLu2+#DU(vPY3uJ`LSusK+aCao{4dNoCy)Gy3nm&V=p!YHZ{EJ zqATF45+MjSDeXmd%IaycHD?pJSP1;t`?=LgxoAPESsX zUpOVI^v~N`V2_evi~6F0u=2j;eFnv?7_Kow?aIi=&**HJ7!>tWi?5nq+9MrYIKTJH z`PmJ#djkGhZS^)G#{M`lKK^0w)K^qTFz@-GC(OtAsNsEI)gbXGdZ0qxLtDX8NChi) z6>L4J;F+v~d#Qp&mI{_k%J^;xH$S>eb#YzH-Gb`?j~Jdt3s^WwjtBH6PDY0_Fyd4n zCT8~GeuR6HCHhQUCl>IC$Y3*BhFTf}4^;z;wR$tUPMcnN&L+@ErPGDl@{cNeYqYmC`VPPTVI;l9#i50o7rA$b5sU$ zgYC;}0}bWw)Y7cEEg6n-ZyvsHX*Af2tBXoI;*L~2>C$1$&9LKJW}bo^gUMM^9f;41 z+o6c)W@ot2hcAGUzX{nzhy4sutse412h?4NhxerLO44|WhCt3(Y|;)(vQ?7t(k&@f z(!(jFed4EV#<;jc8c^*R>p?qz zM81VQ>)MlJOci?37wE(DiBcY0Oec2cnRcE|?L6741W}-_?-p=Bs=G@$29u3ydP=&Z zi3~)+hk%Fk@L^CJn0$7roq#}OS0*uepW|h(kNFIhaAFNRFbxOzL3SNijJsFuU)ou zK$~JHEOYf-ZM$yi3Zt+2OD1RKjFOzHT=Dc+e^!|_Kjg|#P}=5o8(jMaY;s zw3n6cPvmCspnxdPRBl#xF0$|ePNXjHKsi;%6m-+$i4ssbb0!N}Eo7l|2!2|!V&xR? zGt0I#WHuNYNt@ot_VDDkuuFpZ2T2<^EZ`Go6O#j1(#K*o^fcx%u^fwNFPT4op8v-9 z^~;x6EivJHo@oQ-!qv5#o_xA<#hc&x`b^lo-@N(NvEM;#Kwb9Woou`})*~ACxw$uB zLR9Vjswoki0*iv`^rkKjmU4e`D0RP^iD|&d^*6G{f{%@Z)#EGKe2S_<&^*tAR0gLA zmkqM4xWgUcYY5ulEASv@1Tc@Q(<}Z zwTW5CWjO|F5EdJ9vDy&E>TK}b2J>Y~5R1L%-aq%bw*MlIk9{4Nl$_-10~R89hewR5 zFBhwlc=*21=xAtYa4he7u6J3clGc3x%w^bppVF_>%PkMJNJ}65^qT4ipLnM8@YuJ% zcEfKT82ruZIp3H+f6q17AG@KmmR@T}(Hcl6Ycim0fY<1=^us!`>U5NqVbWx1)Cd9W(lIFf z1D|27!K&5b8>c$0746qxKrS-Z8>-(J}ISUXHDvd$m?Tk1?l9sMzbP4lhDgrbEBal9fMSpG~%i>q&|)H z0oL`CtO!-dBLtAgZcms(d3>iRP3noVCqq4cPrs=>gnHOdSA5JXS1i@Kao6yqdSpR2Q^TZTzz zC0#bM`%A@K~@1H(~LhwV{HuEt|TX;OxgFUVu zk#{=t!NU()PRphlpZ;Wq+9od`?ScQp+nd12QJwdqb*g&byQ}wo@1E&ddZsn2Mw%K) zBWXs<%!qv%Bq26|FknC+TWllS8gOi3I}V0mgEwqnzXTj>z+hv9jWBUolmug(04B@L zB{xwX&v6o*YmM&z`>MKUM#f3r@4nyD(xSnW=aU=mEN8hBF7u|K*XdLgQfW|XC zfsjKhqM=&FSAV`ixTdb%Dxbgj_ibYP;x}@152ybOd-Jo?zXz%s)f_NYO9=J3Pod2a zi2dYn8iI?2_@%n&x*8b=xbMG{HSrDPdnwZYrNtCVQ<2F=0oNLCn~l<+1tO6|N!L!> zfKM^E1VZr|n%oagoSIcImiG#|`Ks&6_y zuaK6iIq7?edCN>3W`NP-&?6BOf#|lOrsHz9_SVVgVcPQ%aX@IK z`#C~^D-xQs$AZBHH4sz->catXM?eJ1YH%u+oDaBXqVrN{UYQ2S(^kURK|Zco!@J&6 z012j6?4oG8*NtFtbwGtLz2yb%l0_~ulCO=mhdM4ie32KOtlZz)olLKe&p6`lp^LSG zJyH?>>G0^rIdt`TP=)FX~|hBF*)3x5A~wz^@$3$%e4UnixGxeeCG z_&WR7alqf8H?*_^hPp)3ZY%lcq+((|8J^F~AfE)l@0vGbA5XoEj4+BKho|uQrDRh> zTsJn6vXGGnwp;!J83lPEv9_YKQxL{-l zQ`HzN#+G3`rkxEC@{{i3Cw&NRA%sJPBl&zJvH*xeSGrhCikj|FGIv}rJuIC7Jv6z8V;7 z9(Jr{&n!f@Cn z2Vr;YlYWP^$9FX+`A|Tk@yezI>@h|r_(ZPQ7|F&1QWwb0K~DiAGL-QpxL>k4^Vt`=77}HurYUd$D5-P-G_~z5h5#TF>d6jz9|Vq&5QpJ+j&g z&EP}?lU28$H9_me;awXmR)0ENSX0lR+nDT)wr{_FQ`_oNAV0We=B$!%ru%AYTPbC+ z1uqbO*_r4n*@J#(x@TDo;^2WK#R)>n+vF@>ssK+eZ97?1u6RHm$o z;;R66IqB0#G|ke+1V~E)YJqftxy?aAv}9|#|Ks}M(^CKtepbEaHw z!RHMkWyk9vM(fCfW_e9HpUEDYa@e;hhf%Sd;E9xFW&yR=mYZnbn&mi_ChC!p1@)1V zS+Hlz(9bH$e;D|~X;&cDR@jlwNBo}aT&1Dy{e@9q$yPy2v8-y9ZQBEzMDO;#q{lXCa;f=xnq(qbil5#fZwF7!BZfRhG32Zo!;QwwA0zv9*{z0Mfpq}F z5(IV_5MI|d;Re0rDDyI7rEPPP?TRyFI*1{3FhhtFgNU<{HAdVwHV9!LM%7%{2hE{a zYr&tLWQlT;;cM6_%9e_yQdtN`fJz4=0#3=ubolzP9ByPYnbFM7%ypSNG7n`eneI7P zZ)DrP zbyFcUA#jZqsR7G4NCd{)Q9-2^S~&q=!ibqDlTUsCcnuB0h@kj!+uF{g%@o{FoH?)K z!jE0(LDxk0weIq|tG3t9P8A|sZ?CQoOgQ4M{tL&7-TQ*&RXHdCGZTc;CacS~IMjdc zNG{^v?hn0^a*MibY8$_(r@v0mOh{Yt;CcYFap@*)13Oi`KHq}dgD&A{#jVaclg}i7 zo|KhXT#n1~0&7hu#Uzg5yNUQDf|tCLp2=8vUa_E4#uU0!jRGKvlT!47Zo)Bk1i?46 zC^K~OB||_VD%Vg4lqN5=Dg^}e8kt4P)+csrkw(08tg3pn+0|Be$4Io{ze;}3xA-fY zBUW2e>=<19*MCh8$E$sI+v0Y>AMQn*C%+9^?3K>d2B-XY_#gEv);X^` zkD^MyJc=8rE7Qs@G~_cWe#hM=WkQ}1lY9rGqi+$t!PC52aC1fyjPGb=AVFv@;io6!mk<^pA)_f1y*nUz&Hf4Bgnixyrn^HIUTC}d zqThT`=Oa+AjO3Lj*KGk9MY68Ek3aO}dN!aFr7Psj2Rpkxx6b;Ey9y3Y^+p`FZC2aH zA@MKE?ofxF?SP%A_>(8mT7i{Rwh7}F*+z^Tgcs$6W{05W$*NrLf>|$d0g^&++kDPa zoW32p#Sodw0->hxhz7|z5!6UH)HBvKV0Vy-Yw$7k7-}bBuZ|s!C)g!=OtVMf6U_#7 z$LLWnqAc(^M{3Z#ZzEEJM`&gXMVK~9~7(EL*XUPW#94E~aaCLkRa)a@0Z3-mE zBiROVoi@5on^p#;&t`KJXctf5Rl}M#zHmMAjxO9rNinu(?625mdt8o2jml zL(b=BpE5V?+U0r})zSdxNV=V}eAEg#K$n{cDNnvsn{AO0T`)&d4g$8>Q3flVI`C7o zBi9*f8!Gs0*4uag_i($KubQ`tNO@Hz(wmT7z9#KcHh^CZKnuCPk5n@sMGK&>^Fk&a z%w*D;bZqXr{E@tze=L10eIl(qgxJxvxsyuL+3Z2sux)nFoO!6$-oDV;5$x=Erc-o2 z)^V&u?ig&p2UI)bG^Hx@_34hu+GKh%HR+hNPloSlsPmGca*$0)FY?1OGZIEx^rl58 zja(9v6Pvo7u8`=yX6PL{-PE%nDBSmqx7aO941cX6Khm+Lz`wHk zS>kS=+2AR%dAdoEn;eAzKo@chW^%(aPylsqGLzO8aGvTnW^e7frk!|+jc%QoNeqz| zxMX4^U^7ilg8U|3)*Xe;23mF6wtfnSNK1oC&T|jMTxt7i7_?*x2 zA)RYEObE?6bE!Ec3nwHYHUa*Em+{$O>-Y;N-hXZUrjb5l>eqn}^hyU!WEbKge&b!yejrCp5?{gru^ zltqn`LEL))8s{l36QjtP7!j?ghP#SVBu12QI9i8VL^q32HEC<}?%@JpS&v56(d~oy z7UW+g9NJf?op%!ZeVQ2(m~q0_G*NY&arQ6!~Vf zGPV=lN+S#YK+qpR5tG1;eld-hrDA%{UI=W7#OD2;X>e}X;;{1WFoL4z1=QCqB;27i zVT}bmhDjJpnxR5^Dgrid`Bs`inpc>b$jGD`nUgRuZL3Fyv#hMbyp)_sfAw%`IC@sn zPfDsiTzT@3U4BD9UF-Ipn)zR9K%8eLTM{d#EQ5%@#QyoEVJ&Uh1(%|VQ2Pb1C+PKf zJps?8d(vgG&wI^8agXETA(-OA4H6RdfeS(oMbM6Jj3BZ>aqIhC=~UE`2(F5T+Pol$ z)r)0SHk*|ho2^Og==lk$jNH68fG>U0pKG4%fT$8`SLs0&NqWH3!N?F@APC1f#^$+> z0(egEXj|}{blH%68g33)BL}{VR2$u8P7VQn%HdGCr=Fhkn&-0RdRZI93Ty_xS)qKAqSRiy}I302Y#K#%&zdClgPVd zvS}8Pq=!poJYFW_o+F%#M9L}OzANh!K+?5kwVYAg+v9C1Z+2*VSAL)^VJ%u?h4wL9 zAQSOMf~w0IPPe7DT%_8z+5$E;6HXLVS1i+>YS-FBb{B=JxLj1$3VVI+>0gLHmA`>L zyO(R-!G}X4EZh!!SBUhWZ29eH|jz`n&2{6dPW$R%3IvB(R0o2%D2>S z4Y-Q!sX?#RyVJbxMX~_cDwU6;R}eNe?DsGDoI#&+6nw!cnav9vA!Mn;59o|W zu-_P=gASb*L>I$REvo2h&e2K6+ zJht@MNU!&j@P?`L+8Q7F=qES#TzB1-?d2$9|4>AxBn}a1^DJ z0Qt-f$X?6_UmUzZQ9CTD;7b^p*I?xLDXxQ8^U}|Gh_rYJP!Ze3(8}Ttc99i0j2unJ zBPbt64heD?zlxEG9!8$W=a`4_1YHDqv$Z^af(e^BiwidUpp%)&K4zx)O%w4okVuvW zs0I>|HjI1@YyW#BE#R6_KLeM`Q2|&KyMwn`-hcxMfwJs6;t`j4f~r^1C2RF04lI@h zBR=E)s0cwRi=~6HbPTH8wpcbrFTt?1)sAw#Y1+ka<2x9e#2lgxRu2}^g#~Xg=naC! z;@9y5E~4Z_{k0etDQ1xzQ1n6XbQPuIg4YGD$0gCH9(+ns+wE<|iNXYK>1~ZR-HQq? zuGmC$A~YGCbWJ)Z8BTR51)RbW4NgYE41~f|KbBF|24OA{3=8x3B;~H}aa;+L2YBoq+vwDrY(Ua+#b(K@ z8R+((tyt~*GMC?YbA9~NcYmnsyvHu;+%(J6OahM8*1D+LWAQw$^zptEo66Z z_6606z=UtoiwEMEG)*Wl!5V+SN@}&|XMN8Z&jZfwrAI?y5v;Y%>i)>3fCz++kbGHb zh>`Y9@ylyh_Gh)oZf|$w5B9x#*Og*hiAC*VTTG*)I&dvk1)@RV22^4O@~jP9z)oSyPG}l-FrEca$J0`J zAr%j%QgJ73G73lP#M6T8D%DcFw zBX{lJlP=$I=*P9Eq)lA zjvejk6I*fcw&v}GMM$GlPnHhpy|x5`Ry}qPQdokB+VZQudl3|FpR(;lieW&KJcs=g z$PhYg1J^h?gy4#yZt&CDq^ zrAl%0l`IJqL=hngaMUuWHOAMuY#hIV37}Z-5*ft!o^~O=Y-gTnBWI!8)tgMEzTaL8 zwzt=6?X~u5?6aNKVj=t4DzcEik2qwr#cRn}x*=4V>(!ocSh~-w1}r9LDp^z7>-g&| z+*iE7eV-FS9tfq-^YkM_fC@@prYM=`Up?NkZJa{%Ce@BZ3V2KWco}l|O46gUk$kO! z3RB1>^uk=uxy%+iVrvgu&qqZ+OvaU4!{wA}syTCg+xks`M0+NT#^assA-}~`QcUfg zs%i6fTg{X!iz$Di5IEX3)}~Ha!m~#K?zlhie*hI8vO#&GF%l^q^?H(J8P9-X zTRzZ?KS2P-_gi^=6n}D|bRnZZo_;g_1j&vFWI5;W&*1hzipa80&gMfmff;w2}@$g74WtTw(r3PUJL6HH13~@oEoLqv2WLqX=`z_F5 zT@DT9?0*Oigp*fGKb0>O2SHo5ETpJ{6=~EIm4$2-q*D|3VUMVbOkVMr&0dJdJa${= zfuQn$2L)^1IEBcX=O`HKCvO;uw$KYGc;u(&Q#O!yK(pGC7Js(txF zr;0cH@sPLmhB(WY@I{iYV7R9}k?<@(p=-VhI>;Z&KY)(<=95wlPacp_Bgg>iw}Tkc zIV391hJyHk$RxbsuLB(X1bn_Mj(h}h2wP(Di$@)7-qAMVM!UOEgav;CrJ}<=(78Vu zsPB&j67kSY$c>Qp2l`9ZgSpP+ftaKoXnZp)ykQ}S>#>-(m>ahrbXX30ksQGx7=W5% zZ|x%6Cz{UP)#bMp%KRY-)efiqTK)mE@D_69>Ht)&w z|Af2u&(nVsXdlSB{mv;9^v-MdMK;HJ6Mekz>m%GLR)CG&}I8zcKzsJINpE7FrGL0o!AdulJ;t=5H(gRnv3Q@s2BVr zn47|keJ`U5%@9@iL{+2bdTY1Ap1?It47&oNFIyh@rK0lyPwuZG_OA)H#p>2raLxVd z{i}AYx?dIdo<95T4QM}edfV%-Z{vH|ioWM`4-x4T3l_Qu;Nm;lB(5ovAv;|+ta(0^ zJ@p~@$&boHKFQ(qc&%2i_i;2nhu_18aOpbVUo7Z6;P*H}2dt6@f4xeKvJs8@0D}1l z2l-}Roqdtj2;7I>FGfUPouvY>gqV8bK?xW|6`AO6ns-DUW5htPf}4s2?+@JH*}N|t z1rE=AWc~V&%xryn>(73M7kWN_CT|dLA=$w!J)`B#ES{K2;4#}kfS?S*JZ_GX(b()m z?ho`jCPotn0R{XC(271G+Q#R2z;ymNY9MYkX(R(`s?E9CEZr$JIt$cXWRIciZsz0ITSIV*2Lt-Y3#o(jKw!1+l#8F*@JDAqwe@nnM~dlTA*fHvW#>IT@vWUt&-DDiYM0_W zq4!Lgoqd&?rr_nj&^U#p2wgA!KWUy4(Zkh@+NLX;uKXV~R=M&2%a$u+zpWJu=q2Zj zDPNMy5=uP^tJo=BAw4Kjy}(bb9qErv3w2GaUf?ciR9r581ssIE%?xB9)FTlGAck?N zWGL{8^e2)gSsc(u#4&-0DrDl6t56{koR60(Tr^wdI&naGkRTRCz7Rf&?g6ORp-714 zmb#B4n~B7tmtK3x_vY-G2vyP%D!6w4pA3Kg;?&>#wD5hxC(0N7m8rn_iEYxCpOjKS z0#FPHV=oZqW8^DDmeY6W93nEmkMWqc9+%9u>l7*`$(i1$vL5hyY9O3GUnq36TnUyd zm2!5!x!r#t81#h>MA!KaxW_7qgO0H>aymJ+ofanNrIte#uQJl+yWWZN={ zgns`kVo~ftUpYI)nwu@sjdmy2#A3;QLrxj$!QzB!Tcm5Oy}Uq(R~MI_XPTQ(0)Fwei2;+6U#ONhTR@BJ(I0^+Tm9#S- z&!wlKikdz{rIzH>XO1Bz!}S?whu8KBEc{(wjp`}Jsjzq@?o~QMp>)SZ`HONFrFS}a z+AdOdnm;Fh4sH54iIOdMKwPq-5=)=`$xH0~ISGmT)XTFzoI*>DbvK}CEV;*Yj>4di zGL(M&?aLwAhYWdS6y+RX7KRKDf%yHs<9p@LAjW$m3ZOU>v9P7b5{@SvCW}0dch}jX z36vyDC!;obVa?*Z!ndaJ(1#nh^r*d!4!66bw>Q{xOXI^2HT*pT!->T3Af5u%fral; zHYpa+^>YF07O^u1@eWk|Hp~c33;z&PbwO2}#1^LMf2H}&Hjrhr4}BcA>T(qkccO&+ ze2f4jl6=UTKt^=gM$H81nc`7mL=_w!*_e)Vz4ZiStM@cyC2kYZa0IRxR(B+}STNhb zio6E#1co0Tv6k^ZDp}CyFwtUhVhwn>ipgS9%xGFKb-#JsM}z|0VHWIxDmDK`y?lPJ zrb6zj4BW?jLcGyr6bi*JEBA9uM_QT@Pd|y`y6nj4ryC&e8xB|@#>k$DKBA4_W!(gq zRIR&4ma+=H08}A|;ULGc;WQD_CIB3^d@{d~N+*+BZUcP;I*PU4qVZ`6Pt--QoM_=;)^Sd}F#!&xO2G z`8vJO_2ma~Y4v=`#xc3J`OayG$?rUYi$)mt%vSu$6X@c(brX^U$mL8iEcgfYkseZ$ zRdPfNam`++l|(t0Fid}zt=DA;NAKy~4V%@MVMf*~z)}FX9w*CIlfMUS5uopuzi-n=YEJXq?>sg(k95$ySn-gV0ZXkJ+v zF+RMib4(Aj8EMqlE{hvSamqqR0>#)}rYVcdX=Pmg3W)9N%7=i|tI<(JvkFD2gL}FfwlBmy*H1n=J*eK@fTE`Ns2f zv#{qGw@Ahz1P+j}OC8e4KCsdvCuW`wJT1ElL6KJ%_a}S(rrE%3Fi;=c(O5N%M6#Yt zs$R*s#LZi5jeU*j%^%c zw)N7Q-sbEsH?&iZKWnc6Egr51uDIs3*-vyItVe*+GUmwWk$14@kd z@Tu``PyLcvb=3f@0*IoCfJebtZ3U;Y6!I1Dt8$5JST8;PN0Jl6lijO_ySEHarc#r` zTe^owx+aGwl8Cv;)}r)qo1?gBZ3iZ#QkdGYmX0TrNlfh+O?Kt{{#;iw)k$L~KXX{j zy zN38omMQ1zF60WsfCYRh6TjL-|{Qpjh~?JT9jQV-&C%LC0eUD%vt`OC2jV_))r zDf&hK{HE$IYcP`VCfBYRitHWv1QHfOQQ3~o@t#zN zhp5F24(vog6r#>D#cjxBQss&wau%P~yUnpVM{)Hgo2jyO&aBPl`sXUDH}FsZZq?j5 zpRJ2K>*9vG*i{$x#(W3hlC!88KB*nhCXzxnkyx~vE(GsjJf@M25Q`?^f(mzReMl7_ zM+$9t-pf_y(N7uRMe;rUfkR;yf1m+Af5~hw8mj7TK3+Wu^j)II`rP+@1*t~Q>20=p79e$S2(Q1C1bmmFy{nH#Jh(;hB14B2w@Vb@pv2 zcP4v^p^d9NvGnS52m8-S71ho4b?e=c{Fpx%_XRSwsN3YvCH!ipJ!-KZM!;Q9vHyZ( zYE_%o5eYdr+d`F&RMzJVXX~Y*b5ibFxwy77rurtF;jXe84|p_NG+PR(sc^t%t2nC&SH!EMf7j6kEjYenQFNQ3EuSzaxpG5V$ zPt_45olmKZypJml`ys69mDOpM?&MsSXp2Wi{DGvngnaWQ^>P+SGa(=F#qS4px`m4pk` zlw~xfe`Kv#d&?07>Hl6@TnWALmh&7}I%JC@>?k`Fn`83}gJN*?Z3EZ$iru}U_u<%M zv12jiZUp|^cBNNr_MY#RW7vZ64P&>B-%%AGsEX>Ng=Y${6qJuaHn{C7v)E)l&n$;Q z2cdHT&Q8tFB0#nm2BPIB0Kc~`;SaHEv%Xg$LG7fe0L@-q1|~9hrhUSC28&p-B(;K9 z4f_$g`6|PMmmJ)%;ov2M&2gf-Y0v7_dp1>@ZR=?XfXE|=5qadt+lrNq-AS51+ewi`-MW3}s~(dT-R zl}A2jmQ7!MYbl%&(Tu&o_hmRvLKpXnFmjO@gVFjHnYOLuJH3z)Qc6T@Y&fg!8VmG= z2kZ{pxXCVidajY3w(@9a)a;E1!)32k5t9?EyUri4+3kOlMVZc!%N%rgB4Sv`sa~jg z$*?=@^A_BsyTi^Z_dzEwOZ$L#R=l2I{`?X2ZarVj!~VKj%W?r*g)DI>p(Y#QCUO%T7GPT<1s0+r7neiXehPIVYu2WBCs83;9Q&*yh#h6P`@fBpsRKa20kKO#rCEPYP=LOg~%FctYU8O;}e;28X>!3U(&1LnvB zUf6)aguz6(uI6uU4BfC!*u-OzawC~+lo4aDkLywWwnqQu+p?>Qs#;u?ZH|SuwgUds z?+@VRVtF5Unpc|A+P>}(-w?v>lDr7aK$}Go`jQu+(R*P?g&*h|#KPg!uc(M`P^9|^E{Vm*cmvr-!QW{rIoPh2GB!Xg2NSMR;y0!|`ZaN~& zPfeHZEZtjrxMV72YLPo3efXZrXX?)HJ!%tKIJZ$jzC(Jt`oXaJbn*rxuYnYa8*VrW z@B4Aw;PcPvb(uKel7h*AJnz$!R7Wq$nlnVUcS4o4x~dlP#5{#`D3MAu(48SwDEe0S zv=yV7%Vw%W!Gynu`avc`$>^ZP6ZS^}KHDmb(_yLSt98GloLx8Wa}I)X<9Q1UJO)1n zeN(7Mx&jXr463lep_&F+FG%!OG(110N+OLyg0f6}kKEka?(De_&wz5fE{46RDjk1PD#9a% zwPA*TjP@QQd(J?-U+0XpJRS-kF6oZaPxywje}h9mJ* zJe68VCW6VtuH^MeIhkk+=PXLvtfnTC6NxSHEz-QNJg?5U=G`-BdCsx3aGjwhDrtlf z*pr&2HaW6{qDz2oQ2gFHNfrgx58>Z1Zm~qUo_fVUBLe}h4zd8kaDqPItxN^+O|y0L z?4;Qi%ZA!}y~Xo;GW{Nt+ZMa{8%TTfS%cYldGyA3Z&GwF{z;_jkLS%>L?V`q$0G63 z%$4%9%{&Fz*9m{`$38v>pCi@jN+XB>QFtoCiT%NVUk>;q*p~&x6jT(G-9!&7jqSY` zy}=%)zU4wu16wQ>d@LRId&bPBEmRZ)9X9CxP!psZ#b;(~ODWv1A)TAFV!CV5E=ZAV z)`3NvqJmnM<2KdugYDN`e(r{A=Qp%pQa-W$*_eEt`1Q}kGuE>=ZP~jnZFT(mL8V}3 z{(qbFH&Dd)$`M4t3`y_u{bWzCm)=1&o}`5MM4>BIu;(K{0#_c7NkO~sOA0E#Sb`El zgnh5Q@#Y(EqE*UUr`~wA_a|((MT>LJJ6*2yl)Hs){d+nXT-%?jxFfc>>JR%=izN{7 znGnoYcE%%}U3SZW$?EjDTz18Qh%vLXKzsZn(8&AbrzHn6`TMOlNQYKRnXwWoaN|#S zmLWh|tk&;RmpT(dl}#?ob&}O#btvZROxG*dQ)DJ9=2V7&_K`yko8W^iFKV={g1G&t zYbMh>yJ=&5bx^+6(-vF29hSI|1$!e)UlyBDw*ELcM@Cw!xs3ErQnz7y*Q?W#F<$fI zozzp#&{K-@ zzJ5*hf-ODz>*BM8{&neWRevRU4kC)2U^((uT(4ESmE=gg{~U5m4r2ex((mH^iueEs z1wI$oizgO;gwG*7Dp#-g96ls`{}aaNH}Ln5e{#;;AE|;U zMaY*3e+nWIi6x>$b*}ng*TnV3I}wAf6m#0t#oXJK&$s68ZLRx6EWvY=E9O3?+}4_VGpf>ZOo;r$ zTAJs!ubBG<_D$&5dr114?we5L=VCQXR?LMd*&M+a4Bv!e+~X$n$!(W?U$&!KMIBfcYLyx`VU?lHqA(9118;nraZxDs=ktqj4{jPQqK8cC2 z$>R^W-GRW-P&gP0p;auQ5t+*zM6euL&`t-Tr^6IRu}=qzeLBMCP$-e~9Pr2D2S9ew zxxv?GJAG`5$$j-?{IZ|91Z-j&PAL z-|_8T*gNWtv|gqjW2?n=6x;lcrs8&!M1B%<_Vtrdw4Yq0{gee?qhOdKErS!*f%WkntrOo!4&n@%D)`+xjuLca z%aT3A#%a7{4Ykn&zz@AZmUoOChtDIvfsv!I`5a%Sb8Qoeg>fa~cB!{e5WXeV*IzEJ z>Dr$f*$>Y}+rj;yqWST9pXjR}l-$1Cvi7=N_S=O7p*f=T`|v~kapDxm8>kS4hUl}W zo+m@-Xk+$dFSG$TV&CGZ>h9T7FQQNSe_#o1ieA8UGoIZ0GX14W^~=(QTjA~Eb`%Ib zQzEd2otN$T?QPSFUKF!EQ&@22J^s6|{jJT^Ks#rET=z1atr~RpPMyYy^So|Jo)*H> zqH+3MqOl(`%k5 zdy^-N$+Cz}2~_87(oX$5;s{@Nhko6s|IS$d0;^dO=A zf`T_nou0kqS3nIlZcWWzUZ4!dx3wY6DG+(H&`Tbz%%WZt`SQgP#K*b7K9Ad3LN$3? z*n1%6a`~LLbs_bjPeQnJv(4hOr=HcjiN4%xIHIB?Of;)*EQ5SQ{eXC(H@+aLm&(LK zq>SXf?CjL@IiPTgr&?X_w#)=(AfV^BcvsB@=7yVX@#OC{yWfeSEh0tzFn+q_m(A9A z1`H_<=G8q64>wCcG@kLz<(SnsEo`OMb2|tdx}9OC*MRvy)91?PRZ1Qc9$Wd0xdc1< z+#}MT8gp+e7kTcP>k`cCbN5Qkb+0T}d2ZVo>ym7t&%Igtsj==&gEgKzaK>E14}I<- z>1UXWxCcePsXU0uid3JHr6Rsy$QDAnN!lrI6~Bb7W>oV#2LUr^V~)d&ECimiUD(S3|{ZBW>b>Hc_SBz`HOZysmZN;4^vgk-W$e>T_cHzMRN% zzmNp+*#Mz=fLJVQ&%gIL-Wd)E3L?~qd0*xi4ZrB3U+E-<+)1RQlh|+@MF#F``<*tK ze-LkD{Ek)#Ox#r!A1R2>;wLrw$w7RSqqV+(-=zlu_az&gFmfplI@eHdV4JrN4!zea zwxfi(S0HDYr!k3f;kwqt>aNN{#$!g>EL}P}T;_y1m-ixHGn>~sww#7qg-<=klI9Ogs?TX~%UF&O;*&Y4Vu&8rgZBn~x zsbx{BH@rCI_Z~~F3W{%K$F7=VUda6?m^KX>wCNizOPB)s`rv`nn0q^9c^_*2eM2jzD2p!U0~E#x%41}{ z&^sm)#&F3>inJkYAu>glI359uKz=@Fs)5fbj8ba{d?xl=Gwx7Om?Vz}1TKieTHZ8L zch&_Dh|mGIz+c#|DUpYw5_~6pT=~c-kS-!adR;&Uq2`OQ8jc2!Of5vz2>BRDWFroC zenM?i4;u5rN8+_cG;fq%R@2KcdHIJ4*M|vdhq=zj5K+iMdUKE{ z#Q@QR0Xk~1BN3Rd7t<*cO5^*mV{$$;S0BYRkQP3t_7)rzh65yjV>{8q0+BCVjS=)6 zH8Lnmfv$2b5#jEx^r1Cf8s>Ga>009~j~@#59V&0#xfO-Uqy=(F!XIhb(%n1XRhw~2 zlP;5a^SpP;VuoE06}n;5B;^SR{+gZ^pjRz>mFoTC;naL5&rD)$K9c6BC;L&&R=9$= zt}P7mFkURx-&u+?K(IH5CQz^e5Zd~KWi?&*CFicLj#Pv0L?!Nz`E00BlZ|?EL(^SD z+Z+Yw>aNCEu05XinFh*%RLEJa-j=_9dBN8o?!PKr>Pe((4jiEJ=kyqDw`uC=Z>fpZ%G78Ys!Ig$j)THe%Kcc{~{ zw}-H&HP6+WcjPR6-oBo0o>yNnPqgOkHP$$wG&&GNz|KNbN-m^$30cv1m!h(hL3H%FKg-1{xgy^%J zf{`csjW1$+N6P>O-Nb(FY=GUkk^9ryI3P20Xt<5OgG;~&YK6;ao0;*AOXnVH%q>Anvmwm1+SKhnl($-!cSJwQ50ns4NNt$ z4#}(>t?UrxLZGnc*2fIDcQBko2lnEPLuL z;Yedw)Df;EW2KnOld0#MC9J*Hp>8T*{YlxEZck)0vo{I9egNCbWuV_wdw#XJcVYN^ zKu(1K1J9pFfM%H z-ZAo((F79E`F(&Lp95^674QNWTh;H`+e&ZHEn(#Rd7eN@DYJ?)zB<(3QR_WaDoIox ze+|mxk92fb`}3JZczy^q@|)%HDLk0+bl8K^OlR*#Re+TO`wBobPL{#re^5c643@vu zF7qFi*6%T+%Jdno8f(-szWKM6+YbxtZ<=M?1&{9vuz%1=>Rr&qbbqr>_qXcwcXDVz zO-;+uL4*G4^N8;2^NxVE5`VaEu%G9#w%A&a=)OL0?-qUDg@eO9Z}qbECYYY<^A7DW z==qg{lbEPP*Gj%R-MC&~wCzF@O3luPY|3W}%>}HCtQo`!w%U3a-tt`g8@6dG`>m7QQuTvIRSfZFH%doJ>EenfY zm-If!Q)OwDn0yjxoh(t645S3oG1bP%I%v)~$H?cX@Nj}dci?7cEG2h4VRM6U0_cbl znJ##vhlHyh!ZUCHwo_u{O2|9{Z9tCsoTxmN@q(s@GFVuHdw|1*3e3bu{Bsl|Pcfqy zxxoZzz}wm+5XMf1Zcgwv5l2+$C09&K@klC|N(bjU=A{1KIagma6B~_9#jcCp5jzsI z#0vRTda7eS*gfx`sLbo7fvI#v1LkJbN}zcAS5Kbg#H}Hcvd*OHzky5$IWa9SQ3<~Q z)MC6Me3Mk;v=ESl@rE9VBBLB*ZNu*MmG$*xY4bH3i-Q5#np zi>{45DRX=zb5RcqjMRok1~z{$Vs-sbe63OIoUBS zTk|XC5svBejzCeNdDrH%JTJFm9^sfiZ?7@$+xBiuTP(MGu(%?-es#Q zJg>2Az3q&P`n*HuHD#;(Doj+Y9aFNE)IPTED6s9+kn2&A$lqF!c5B+P=!vKt)m(wi z(XaZB*-oGW6P?(;DrJ3l`tJ29=&0y}x>d;Jcjm9l-;p=vb11_8)ll})yy>g%ywnYV zIK`FGdtaLEC8-;{AHk~hA1%i@5UZImgvfT;@XvCwOT_bB?+hk=;e-<*AK}Es%TErf zi0--73m*__vCylyX4%R2DB1^F{^>X5OXPOgO$t(%*h+R2W-y%w@?k^)JTR6DsY7~I zCz2G)S>mgt^pr`WBLpK{#mKT8pJN)3n@uf@*@YdVPoI|%0;q^&yW6#Vd*7RHC2KCIJ02;D)K_2CX`l!U(0csHNL%Z*9F z%$OFklJ=JDOm&!IZF3H*8aBB?Qay$Uk?zi9EoCZZ=0idMba5VGR}j;FfM8Ahhp`Gs z`#iArd5+wS=om`|3_!&)o@XF#YtTc*IDLXF8hTzuT9}h)GRNi&>au{wxfKzXN2wU{ zx>|SdKr}b;!I`mIS7X5GUPSzih*vu|_r@=y7kTk?SnQlg*Hai*hq+}y<~O^}eH(-h?y zq==4lm>S;U5gY;|H-m)Ez~O5c-_yKU26+TY6Hw==gehyED|vJJsz$n4~qy2XiiZv=xAcz?U)Jbg`l}^v0nYu zh?#v~b4Uxs$i%Pf++^d2VPwGC&$f}KeIK2kR+fSOo84=ATqyp0{!%UI6?LGMZ~0EU zrtGH0dzWfK1CES(ex!ry&*u<&s_^r?y)=LaB%8aZ1ib9HGF=Cy7=rtiJ(#ciEGMsA7QSpf8T?jU|M~K{!ME>sNCILQ|v|uR6Qo()kHhT1dxkg_iNFb zGxEvinqoI}W?J*+#yZxmNnIv*a-1HQZ-qUqie5~2QBRl?+87>PA)7s#X$xlBI?|c8 z&Qx0*cX2e{7L2#W+uG_qUXSgTU~#OY^FS({YQx`5VJy2YvkrmZaXkRwjptu#hWF^o z9wKd!l1RzghOb|b3Glr^MaG&DR8*y=rH5H9OzQh7Fr*a=fRt_OtVACFTU{wX3L-fC zK}X1Li{=M9icyE(YQzCt|C6hBdSlV>gSyM#WD9xB=n?BcR;M!JEF=@XL73}1&+q!9 zAB(f^+j9RSPl=y2UH;gYOR+E1f3AT{hbNzuG(b8adlZCP8wEt`)E?5lpczUC!9BnvN>!X$NlFvv7Q2-nfxN#cgvuS zR_RE~zxIhz!Q=)N*QsMur>QU<-Kf)1T|N?X<)UPRT-KD2^fk#Qt*^Nk5m}5&;?`1y z*Q~a1N!Ndf=Id)3GMCs_uJW4fSp%=p*F4x&;YXKT&VyDT9v8=Q1(hwCq{3^OK#7`VWE;C0$H;ay8o8%rjU=pg3fH8-4VHf* zWHMt5nv*Q^PQoxJnX;%X0Lfc0#=Wf#1Dkrt^qfg2sg-py96_1Ag=8+6%;luyP-D(B zm`F~w=Tv(t{?TltHm{P9qj!9R5qR|ETL>a2U4-gxLmYkMMWd_r5NRmL*=S{-trU0O zxAhy9*Ba%p^WWYA&S48r7%kvFN-f~RpZ9%U-5r_qO@kyS+k3AMql&Ny*f|3a&Ya^ny`z_fOg*to>r0$Jt;+X*@XL5 z017E!OIr;HDi%_=*pVg;i5KIjzU%n zQM=ybOp2*14022m%x;txMaDSALUT+N(ydlF^ATGxJidi{E-g z+^;VF2q`k^;yOXJu}v(U8)ajdPBfG4joi1?Qyc z_Ih2bPuG?DNIEt@GB)q`n};$ZGh4X5B)R~BLv=%=dminLUZNo6=g@vxx8xq@Eir7k zj7hqgj3u};y8*tx9H85EjciSFiC*^GdIVbh#kkq$buO0<5KC@N*c+4e=vB)rO8miZ zZyY#nPlU}Lzq(v(FgZ;~w(nX0iRJYqi1+BQOte~u<()13_z(ni!Vm8X{8-JjT8HJG zh919fc#vV4Yr|m8gQtH1T1|Yao$+|D^rI$zRNH0nJ}W5^I?i!_KeB6~T0Y_NUZ@@< z^Br8(p9xRPzNVc{Uz6~d*90EFWUTq=_90$#iKoz-=P(}gnqv1(ea#2@$9c_O1CRAJ z36J$PFO`~cPIpzi-e=A2jK}(#mm+kTuJi6y!)L5HF8@qE-dghnT&idwPciTh9qlS( zRopoCNWX8=ooGF)_*3Z*FppOJa<6{pe3h+uuYc$LtQq@x)VTL6JU+8?T3D81!^p2W*k9=i`gcQ&urW;<&41nnM=J*tic#=;IIbO36bKN37(K@DvDHG9WAWA=46 zgw*Omo-5>O-?3xhS;vs6znlQ+g)2aY&?Dp3mwORvyHw$l+m=$3Nu(a)KNWdsAR($j z;hyrlTl`yY+r4e^nQgmo!(nuHRE$M;e=W86OiJFd>D0f7b&KDZotyUT*|Yf8t+#^4 z(%#g;k#b=5?FUoeC0tNAy zHi!ZyvKb9xb9sv;pQoDMC@*9-ONIO-N_#{m!;`srr$;zUR;wjFFQIqqv>DlwdM889 z^h22fl%C~m0@{uq+iH3E@4slaJltW>1oU2~SgQ_(x0_G@g8^^*qfUvP-^PNK)-(WDeiN>VbFT<3GE@;WglQ7pvht8YHP1j~44Z!)*w z{Gs>f1^>4D5of|@@q1TjfG`Bf3#YbN{2sH%w}NilTo#Z8Nk-hmIQOAUf=*9pmF!&E znTRWML6;p}TlA0tDpl4Vk4Ub`!rdt+nzc|*QR+H5%8nsaxzcN4pl!oR)E1#sy$Gk% zld}37*Ssu$!7|PIlxn+e_BLnIyG(!mveD4dP?@}FV0-F4Tfn`Hzbm<=29^dKd<0n} z25dp!5XLjR(c)VE%yfL^T11Le)`G20n`jZRqN`?$mh{xAlO}b~L=FkTF+Fqi?u3kw zBl>N`F|Nb2<=;kLN~dt@^T038mfyzvn1}bbNx$azqtM|VV!DeuC(z;cO3xbC`u{}Z z4pc)6CYtcYeK~)R{WG(e3qJN89lnkR!#4l4@U`#&vd%xr3%LI-T2q`r9HYS>ZaZ2? z1SEq$Y{fkE!Nk1n#=J+G^S*F27nAJ9Jm7%x8LnT5^>FPUkYVJ}?_J)7+J+YS-}QUP zD(|sAia;9DM^FDR<6g#X7K9iH#oD|ViFzzPt$YW+4Fe!}$WyQB_wwOjz=?bDs|Nps z%qrgFd*L;4FAp}a@#&);T2<$DF3dyE#^!qBM9#S5Lr3GZBB7{3cTk`33CyGQEaH_* zAC(-Bi_h}~8hA|C_G{Md_}auPkoz4+15M4YwT`;%x-OOOUHoHO>5pt4z9{Sut@BiK z9po@wDh*(c&Ldoa5jV-NDot4_n9WLdo0QGRkhF9( z8VN=t(MT>k21oGMzm39-O@7>h1c0{v$<|FZvw`VkcB@1 zY8+yi7+V9F_ghBWz6SK*H(%`46FLvKz?N0M-0~vyqXNY^A&gQXPPHLl?u=DOdpuQJ z)Dreo^Ge2A7y9qM_nrY6 zU`)@#fF-FS-KY7>KHB^ep=XI6#L*=k!9;y~My zIN+@2?#Wi7QpDsf&ZlqizauY9$EsUX_-5 zXs>98x_n;-#4)1>Dta3(bw))4gSE}=sT7@hbM0oo!&ax%Wt)U80Uqi(2V@KCW!%1p zWB5rwy6HD^4#;jZ$+jTfAAFCYLtb`72gaPHE1##t+uo_!^gTKZ(vcna=5J?#$}6_=a$huaPMt_DQcX zPV~LsxbK|?eLpfX%r(Y2I){IsdS?DT-}kxteFyY4?-=aoy0uL^g1#o%CiFG;qH2zA zL;ujoT3&OsMUQFCciA?fuesM)bMN3Vuc`mKz;&*d&qKc8wD`!v7IJHD0*-P(@J8}j zg0^Brx(Mj&Ixbih7|> zC?1kNAP-MBji7`W+1J@cBbMh8?_)&!H(XbH6hGBQDb#Ibq;4atH0;)_2y?!|eteF0 z!t{dAqf`VdN`Y|PKqx{-<|wLvZZ(q~&P*;_a~-P<^iMeKzFQP!A|4yv-;v)xu|pd0 z4P*zj0n@(ln`n!Wh z^8Y>0cg~rafVNrAd%pcU@B6&Z`>ekwRfz;@xj<&a4QjleMxD=iWM=xLvxmLd!|0@w9K8a(3teUlcmS2-@rlacWH zW3}9|$!*DPA}ISg)sBn0=%UfC#x%$Z=}o|QizFAPdAtMDv;9Mh4XtkMS&mx7xVNjv z!r*ZcNh>_+uz&paVSj6I2==<7a_p*Me(NH$M#EoUKEejSrGFgQ_b4VC_zz0YM(X25 z>zhW`nsVrZCN3}g9~Ps{uj>lQ4jR`7z(2kPSu8EwtgcH^SgI{)a&Jl>O+AwObm~${ zC#1xb>{22DO9DP_N%l&puWmtA6De!=MiOK4Sn`N;giI0_And$~+;uGKjaQy(Ni$@a zpuT(t7*aimM}{O$CN-Gz-)g477(kXb>06#3eb@@C{pFoxidg+0{t@)6*^9q#@tQ7A zp>-6U(gCbk_+2-EUa7WjT{xkxF~T9c$!dd%Fga-+zXd; zJpP@;4--F4$O+&W#)U*Odm=T3Xr?o&6LoegU5mhFvpM}C$hRYnS6*!pu=;Mq2Y z^Uv@v{~h_o2-kXxvb-X&&EFKjYVcWax~y2QW7z%{ajUkJLwUz#C45aDUavlnHSk-! zUJjtE$e+2;T8DaU76XZ^VD-zzrL4XsObVm0v z*^xj-63S)4IileP=?!w!_MlVmRGcW;i#ep#Xb$>XwVA0jGne?9a}NP(0Ahd3T}sGX z08&;iB4(_G*U46~HZc&)a0@Gp>QOA$X-@sQ>oLPy)M{Rw46dlwOtO)dcSiQqK^kk} zu<+H^Snq7)IG2pGRhTX)25S$;KthOx{B{`TAF@+!9cgf^)_S6f&OJ#!*6#Tb=bX`* zJKvP|rp0wptd4fihg$IkTQ7?z)83QhW4Sdn&+o||p3Zv`E{S%}8-#D-p0;mD;>H5y+_6xM^Z0(tF>m4xpm92Dq?cmZa8~DD zBx`H;x>5K6?!^&J_j6L7WX>Q$jgt5}vNqlKVV*nMd)|0UD+cNa2fsZ92BV5U%wl1D(RECtT&g-8f4j( z%dQFd{U?21FZ~P8yN0r(xpcs*Gh{~nqrTC^f^D*2Xc{2;Jbxal7%8Yo>jGU~SSHL@ z&qMYhJPfUx;l*>ry!p?vf7X!J0%SUE>=zLx-NLr{bSzwNu>{Z+Ca)^W9>1rE#n@J~EY9 zqYii14B7Ql)v3yq*D^oqJE~zHX0?^Hcrpb6ats^=}c8Yfe2$%F{tj7-XJs$zOx~6;GAM~?5ec7)B6R{L!eNMBdKN8gL`8Kbc?dfej zR=X$p6ZoF6<9@t#&-q}S@7Z}zU?WoPUW#Ahdy3aX1*Bhpoj1()^LB{Ka%`PTfby^6tQbG|s&FOev zT9?z58j7l(F1PzsOz_48Ar_3s+%7?<4+f?w*Jp+y3D1I2KsRbdaA2_|YcaUOWwjA$ z{uh9Y^Zc92A--cp2B$QzsubeV+7;=UydLE+m!aF@_o1^Odp!5C?J-8oa zN1Uh0JkQaGnyaQPgrLF+-U*_VQu!d8H-+=g-V_kY}JZ+RsBe$ge z^<8z`Pxz@cCH|vq0B-NWQ#!H|ut0|vCi^odNe{=D*BHPPU)X3sJIF+UmQ4h-t$MLU z>GTAJCCdh&{OSNpiWhn1737C8=u-0)DuB~jT}VMdjtY<-uhxnUKH4fah;eD*w8E$M z5X<;~FI_MGi*!No2_-ckCCzv#M6+5@;n!%VdQ$d35%8#s<(C2J{lbgq2-*(_$rRE# z(A2~#q`?3`O}r-F9kI)6#3agNc&+k!^A72Hcf8Xv2Ar<%nvW!p|p0=E^FX$EeqQ|4k7hf(zl6;<9JdyJ}+QF)E z$+!aWOMI-2?$vG^ZFn!~^KCer8lrj{6>Gp;{`(<8#C%M&wt3AY+n$UCrPy z+-x<&h+)R?GlR|`O7d&yErSF!OI6pZt9d5;N+S#%5m37TRzBZA$rJ(;UYU@)IyMrT z3Xn^P@Za_E!tebA|E2FeQ2FTi(eg)^*IJTgwY7Gzj58}p>3DU2LjNTo2neWdzAlm(p!(Y{sm~-V}JV4U-A!~qy ziq18ftU&#u$qM5@jMUb3(d%Yeq2q^Z$qLjjnyfJ1TG#jIvn(rUzf`;g$CmgCj1Ik5L*-;9V3?i-#-;-t_x+~@FMa|R1pXpcP*reu#hJX!tkyPg|9N4VyEg zLmTp*a#!9VJ~ucwSB;Er7ztkZLnYtU<;BcBg7JD0zbhde{yK89v5bHZ@XRNEz}5?V zdFdo2`XB_0?HXu*rRFdsQD;Pq=wo3aV6%FkpgN#mN(C@4OtEiA4%(bgnlMJ}@IsWQ zsQd;ag_WUNrD)`mzPdj0AYYHw%V&=G6bPW>*+Sk-5 zM&FuzLdZX%_mtvKS|d+79Qw?Y!FL*-)C1ABRcDl3fzLm65yj+Jv&a@Pd&pXjpr%g9 z8D}*P0Mw;r9qH@+Xzhx-CJd>up^Dwttt3hztG{bFzi#;Vy)~yPmMV9Pf2Q8FF~1H| zCm%7JlvvIe>o0{S-)%NV+=YB!ihN0+g)f4}|B-2Yjhf}qd7}c1LgBQ-tmoKZt|qEC zDULhz-!>hjA`SQvSO^Jm;pGd+*abhJ`k@(w3F3{v=%}w9OMOof4-Yu+qmaIgPti1ix{VK;1?;OA`FRLr-cwY5Oaug&cd4Ko3`Nrf8+5WGV{@LV)K9! zg#kc`bK$+0R96~b6kO0nW`iSLl-dYU0_P;i?}CtSPCLVGc|b9789#%04u%OW5+QNr zU2f4qt0A8ED`HaoT-<gAzZpn^A$A1{Vp9nxmF_ieYa$kbn?eaE6kjR=({nDItfyQzI%COX zAZ)Xhzh;jl!)}zIFJMfm&gdHPdl=Is#`J~LNJC^a{3MMadKB&JCkaOrN$ij)VAKha zxhKHbnh4sWd5E2;u0h{$0nU33vG#nyOXPQh5s1rNa*J*FI^Ix6Fn0qa2l;7${5-3b zB8Ef>`cTBueAM)a>C-0J)cr&#|Agxap_WZO>GFE@r6=QuY)|SLQlFyq;i0FIAQzZs zwQtQsu&U0tRy`N+EPsOmL6#vzu;>_(9@Q%D0A#1{b2)w`B8nE6GyG z(w?H-ZcNdxinL_}Q&hwZv<7k!lTnFgz43vr(Byq4o}~S`D$5}oF8!PMfcUT!5bwD3 z^`-CezWcCFZx!DI9Pp2H_BF8Y?R1{-{?5JvuDzM}eW0^%0O#FH*NO)_`)WAvVcvJB zvu_&v-YdQr=e@JD?>b!jM||F$oqg+Z-U7ehU7dYvpg-Kl`wnaSKqFf&{apMxmhGTvE_gqovo)`_N>meyGA2k2|C}Sm;OzD8~E`u?l+Ws=mj5W;d(Fdal-X} zKlXQU!8^z4`upB|y?9p}7o3l;#09^V?%z3nqG|(} zi{~F&@&4}zpICnXd-(eH@k4z5o8PZ}{DJoU#e=Qq-@WSk(>Q)&)${l9@prbKPrr|k zcYfdDRmZ=81?sb_u7|N5{c~sg{rULH_t*NbeH^`p>sP-24Xdtypnd<&`yW_!{7C0` zyZ=`ohXn`s|BjFs--+vJ{8t};6vyAa>iwC1#KSAz|J|$lpZd|*IZp4#*LU7e`+e=} z>HW0h?e|-K{8OFdtLdYC{URSn|A=?B-hajQn3K1_hj0))B8OO+FP|2Au|#{o+j~g) z?IHVro!0sytp->y&~kbbZ$p~P((=;4LcJvsBw-B+QC=nrtTQn-0)c5G0N_}l zc`Q|yj|B#RfAqTQ!zz?tjL$k2oz_K|Cl}@FqJRn)6x7E5X|=w17NzD8BJn1%4N$Uy z{$7n^wTiE3X-jO{*2)Di1c|1Re6UA#iLU&buIg~W5}xiK-aQm?rg}Huu>Puj#p!qC zYSTk`OK?2dobCzqiob|BY(ZPsWKYy?-{No;H|}54JAe3=9rgXYH{89axwNC_ira@H z-tNiW<$ka-;v*I?xZ7a+Gsy5(Le3jNox)#2Uo#5Z)d~txo#aAP2gUn=hAEg)p6aC0 zfRI|vdWI^Az$P{8{jA>Z`^x?^ z(y8CPD*fnUO-|FZFZ~+Nem|Za5N)RgpC%DNSbk1jhtW}-NtXy5C=`+gUNAm(V;r1y z46bt!Bj&6_8u$YgZFBBJX&eixDT`Yy@H=jWrihelZeLRikO3@%xX?luS{TjLBFdI; z;g`ElqNnxWLIIBuYmJ&BY%g8x=3EqP)Q9XE< z55uT08x29H=ZI@mK7!iTAP?%Avke0GZ2eInNWcUF*{-wm*||ooeFA4-lR+|t3>#=Z zh;k%Q^|&m4Y1_v(i8pwbx|Q)S%!X@)sL?L|(6jW%_ISD=R%icc_w0tNzPYRC`l}{9 zgR_~*=^YqrSa%Voa28{In#cNX#P3gwvyik=;~uFpvec<@e@=_?z=H>*X%FyE#982+ z0KcGR1CR_NjK8?&Th$raix~ZXmz{zl>^dzd&%T z8SKc2nlp(H=QnQLT$H}_o4@Vay>nYKI*Q*b3pWd&lI|A2fjIIAYB8KUEsSA0!#cXv zPcb!sH{qxqi2K|ErGoW5(s@-g4Y>lE0X@D!b$!sHY&xicW&SbZFW@U^U*a6(3YpnT z#D@qdL#={RfTIWd8O7kZqIFqk4IR%Q_KeqS-+iByMEkzB}Sc+;Mr_LOQB$V?zMT?2r-tnm(3Bw184WI+ST7@wkn^RbVPPV&rlny#lgh;k z0vUqXgaTYfJ69a@C8;7aNA(MA7^$+~D{w9XY_w$D;* zd@I;Es9@$TcQGcYSZ0?)+xh@#PQ)+;P_m7B+xRnEx^KEK9`G3bDA5>q8}3`NBU6pL z3_h>EEmRINL)eLuEaY4<6ZL{xS&2o<&Tul!(8`DQOe@~xHAc!KhNY4d#_iH0 z^weiD83CQ(Mf0c*jx7YB*mXkf3}v#PS1z7E1CDi$4KvR-&OO!Ss)KFjMO{Rp81%nD z>FWGHApX;xo{wJrL(k8znVdZA`S>+I_WbgiN%31V@0~dje>;DIZw#UC_#q%b4Tzt< z^p{JQ@aq$HwY7ius{JXuiuL}^OFxsYL@hcew1Nwi1;Um9Gfl1}6gguM9|i@+00Vvd zWLON+bPJNU2x0;PESay&w4$5n18F0#t1k3{Nx|uY5;o~%-<<%0e&ZXshc%bDlNox1 z89HD%p{~o>gij6=c6XRDt-};=8Kz%o44CBR+S z)>YlPeM=r~ZRhrBd$iHhh}r`vRMPq8+VS;w^zFTJwn*)DSIu4@?H^c^%B<^egkt^u z_%__%L$pY~Q2C3PmwAXXq(@A#+$FP*^at24qvv~sZ=9-7?*SeTc#r5%mZ#9gXn&>7 zp*uaaqqm|f0hLP3nUbc!v;g50b(QOhEgPv!HcdK7PuqV#k(dh#hn z=j$#{=T4-jLeWLvjOBg0Re5E|o1@u_440MuR?3)13C3mbD@aw#rE61a3aJ4F&a2bB zPkNfkovIZK<=^(rN--p>xmwPtr6zl7W4%hwl!~OPNsrO`Rrgo7uk_ZMu4_B6YBa;G zrp-FDCtZ(Mwk>^qh38i5V+nnUwe!p9V~P9r$LL!Z^vXXc%pCX)(W&U&*VP-ywvDt^ zkS~2$l4dd}I-REkmsh|QE;*lzC?GuBaYz|;S(QI1%W_{Kn<-|B#ZyhUx9N5_tG&%) z#;prfE7OI=>{KMa7?^PiMnEPR9@G%^&J$Y2Z|PHnVa>gIR=Ei21pWE!P&+z9qf21y zkm1N!Whi3L!0+nQnH7md@7}*8{fE8!zb;ELl5EP4epm0dX;?ykqJNRMt@XEVWSOSL zFB46-_D`p)&r}G29pzREfZ{_Xaf2Zw(*nWrfO&kyXlDBdG+xd9-$F#i%$FJf0Mfmva zr6uIdKZWz7zoFw_#xHnX9+v##9kF|`{deNy;z_wr@(Ul~?f-)9=jgcbe%}57&VQD- zKfv36h~s}t=Zgn<`(rr%3*J7&+h4=>1$h9+-^tr&QN7Z{$M59r&*S+2JT zqBw6KT?_kD`#dksJH-1Ab@tViSWm&$;p=>wBoVZ4s8(2mx4`cOl?dW0Vh7H$4;{-PoGjv( zW=H#F(@%d&Yx$*rgs=G1m!1XpjHx!W$@y8qWzu6VyQse2xmSP_gNSeG+xz(V?ZSQHof2qVxXrO1_kXYOx1bZsM~0mQ+ndCuG$S6v z@jLl^Z0p8(`!3$ziR<_9_4n}ggt{>+eHXO6fTCv9jfk5R?vuu)0j#BX2G-KsgjWT6 z7Os^_ydT$M|2?h!W0x+9f5P|pBs3G;1M<%7rGEwnlL zp5(qfNzV)-3EMeKfY4tUSDf4yBtyghsFg*rk@AWkJE8WLjyY@5 z2t{@m0i_TTlgOOarLbm;A+Hz`!eR&r+>0UaY%;cJ5#$HM1~@(t299TpA|_ctv0s1- zU_zW7nL9gICJ7Ru;FQ+Jp}noxUIOBKrcBE-`-EDK%JxEykg3a16v(9oAE-X@AH=uNF;)k^YEo#gV4V%*wF85L`4k`QTjz6LEiM$ zA^P-@%F;_xALH@D!Go5=d(d;p^Fo6{|1BU4b0b3em-fKugApLI_KdL2$mJ0TC>?s z+ACgr#jaG6m3l?4tgST`io%gR?o9mxmU_9 zV;c=4ifgxG50|G@>zk;-){`Gan^LeOT{fr0}dljc<=1jNc#sVB8Sz^2k;$#Dq?vH}91y8yO54a%l~Daw9FQ;TTJb14Y_`pT z0)^AP#cS$g+_zoJoJu^0PWy_at4xCdbtOHIPy4dgrGIpIqdgnIr*0f3K83a5TF~|F z;7I`?Cpy$@f*41HSWAR{dYDu$j$sH>%z}?d7=6nm$$gD3<87SAeeSg)zCmy+ZV6Z_ zSO82I6e!Xh!~pZbOGL|UGXiLr$)0E!DdQXgaz?e{Rwf#>*gS~+jA|ohB^VS#(jfDW zDw4|#g-kXOIH}oVOt|6>*jJT2RV=6K$)nlef?^%ZBp1MS$+OBNef})v7@{(=W~p?)$${t8(Kq|nXnQaF45r<1s-OI z@n&d}XJ}Gqh;$iQI!&9L)*7IBAE1R34u7`Wu&4t24ZHR!kct=xEGwL1i*=E^6fGNH z(Zvi_k1l4B9qrR>@}eCanL~TXOiQg=#;wxnZi`t~@z^`$qw*sVa@~#ae0NVOx{xkR zx_t|R#lB#mQF$3abQho1gc;P)d=Uc9Gh{qmUMt_kZ&&OfuMe?^j>(~AMD%$%M1X~V zElO3gCrAC!sR4h^k}!H5kxU4*5BmdQ6R}4FiC}y9ZykR{R&cwJ7O)~Bf8?^^d2#M6259x@bT~+BWPbao#F2!I80c1*0f{)`AJ`Ix z@MI;Jvc!#EyFVUqnH|+k&$fY>HCjW4PC8;RdA2v}n;YTM_QR4_me!Wd`Z3wy%X9~f zmh#5AM!1^s0-sDjV++Lkrn)!Ww{M8$mdkNZNd_GUzjuJs`~}6xun&`BV`xBF&d2mX zi_$6R>i|tOKd+DeI{MMieoV{~E@XoCb#)5oJ4jJu?W%!NY_n-EEA8CO!Pqvh$Ey80l(4M zhV#srO~{5~H4E+QY5?6An-|i4)EEsMF&HdXWz2ZQLP@`j!bA9#VC2A9eyY*2Pg1Fh zRsBThm1|KOZy*IDWTqc0CvQO=fZW3%<0 zYA(>V_A6sIsL8L*UfiWO=p<>EUII*@yEKL>T_JdPAwLj~?!%CSW3b@<)oGziBMg`s zpM#VM1%_rPDzD;$zy}<}nTg4h*#j*L5@-=xhaPLqXMAHH4NhtMYG@j(1K1IbL}D(p zF?CGNhQpjTLwPd>Io7Nkb2YMpEqo%jEmvF&`M0Oc@kQILflQIW&wb%M%K(tbs8Rrm z6~B5JCN%@0teDfS3Ej3tA}5T)f;5%HAD|u;(UA&ApaEbH5Yl3Iu8qTL(Ay{sY63^o4B~M=}8==l?h0yF-Bt zbfsXIm9S)Pkj79;sY_TVR@4X=x?4+qyN07A`-$oH(<<0Qd=(pLSwJ9;NqiSAg99MN zn$>r-yt;L_Mg*pI<m}P~sUHnF^>iK_nZcS*;Lzhr1lMWG8*K&=Cs_tA*YK5*j-= z(Xw+5tKn;^8?RD6mTDdoTuSJe-XyHA(gWc0M$2KVXjwF*Z7uXVs;|oSK~jhZ7xUZq zLA>)W+Bt(~ZsbCld>QzIV2GC+1Qr38=8B{8bQEwI}dZHHOa&%AD zL*m@f+*F_2TS=D&Qcka9${a#qm`@1?BA&z^b@2rkamdVH@;0(n1(>!=%@l&03s22H}+ z^sQ4YRFOA^Tzxd5NhAeDFo!~mz;o*kZfl6uq2Ka2Y(=RU^(do=obc7y6tx7*XwGf@O&)7uR7u=AM01$%m@#NW} zU-}}7n3751;#r!ub1S^pAd2!pZ~s856$wewYrEzlX{J=qV<1IgsfTS&@h66>cTHU9 zH=6PT6NPpA#6mB zfzV4de>EAGj+aPx%F-OmvKu-}({EYQP1BN_rqzZQATz!Mh}k+wV4}bSE1eIymB$M$ zFZ7s?%W>ib+JOX6Z!X)&wr@2^*zK*DD zGb<7_9Ayj&_5OvS;TqBsU!1#uxTF`)QJL8{&p>S&(kE#enxh+|5Xa(V)RrSe4zpN9 ziFm|i2l!L`YerkCxwbZ^cl)#T$Tsh~#P*FnTSv0%Y8k81R2Z1Z-*Qj1F;Uvpm^mPw zC0G??X-^D?(|+@eHM73itefplJx0%N-m|NFqAzRB?djj%8zQ~y($|rn_%P;OK)Cs| z;74bn=U|6_zN^hyO*f+{YTIitKvWx{r zTbW-4$~IAF2ZggGGPVJ>X+3VIAM_9WtN2mR(hr)V+q3kut=3RUZDVKwVhqq5&(AD< zXEkOPXbyPB^6k*4s=~k1$_qGpynKQrt~e=EQObM?aRLGfWfVzH3JOR8F()9fDhVi{ zJ`PBSG{du&f}?33Qo=j+1={DBW_=_Hg01sjX7eB~+E!IOMy}(U7SJFzvzczxG)1PO z*Y0rGyX*S-x?l9yvW10Yq&pU|+3g--Au?e#EqEp!l-fgHLiAM=X^9HtZJObrr8Xxc zki^TWsv~fVT6hXv8zUlR!MDf<(G-_!MUs8v!L7xe*W}jO*X`Y6>lz$Qzx&wGEgzlR zR=r#++AbX;b?1it7X8xFQ%1YR@c-RQ+KzXXMg*Suxl5a5ALu6z4*nZ8AEXKCVaIfP7(`;U@jZUB}?L ziSIgT-E~q}qLYLzod2}ihtqs_C+v3@#8^0dQjB}WcwDqV&NPTfjWmd2wGtnVjdoeW zqRx7py#7#c0$K z)94d^c&dkTBOueD&p@*UmP1MKM&%A-rWl4SO^pnFgYA{+o&!0CC|*;bY2iQSloRp@ zl=k?sW)sLig~F*~$y+RyiUVeg-F^y*M>doaMOs*YzU1OnD}?J(i`CiURAI`z=rAn0 zw%hD89Rxl$zMz+}gpml^v5zkY7og{ZHRNKTletT^k5yQF%ho^xGF>=g9h{QUAG9v- z7r$<@6$XM0*W2d4v0n`|!rjApNX)X?Xh^|?pA1;W=O!(Y=Faiz`kZ3@x5V0TzGgNp zZIgbbEdAPK36$1kg1u3DB9*WutM2@8w-{e~v3$j7F<9zPga^TQ?nDgzji7ntbE*|5 zb+!O3NUz81^>}Jt(W@%nO?e^Z`32$y`$y@i($bI^b4{;QCI+afCM+#mo?uF zLO2l-)vofw$}#vqpLy)yL@|Hl39{ag2o8>Yql(tn>`qFhd3bHX`fl>V!bmG+z#V&K0Z zQ&I&_+95mYfIuieZRdgMKuFyV4FM{?H)VpZg zk!xQh#fZ<-I^#KYno0y8MCPgMph-04%_@5b>NFT;T20OQgL%;j==@eVU@nnf5Q=y! zfue|oLHZGT!LKt%CZM+hi4S`{?t1~fB+E|ssB2UibB+;cJ~3VV0X+=?rKn7ZFqrZe zpT*p0InU-?s4QF#D(B~1T13|}Ux0@b2u3Y?b=z#MEt0Dlvvvsu`o`q|#kC?-x(TNO z5;r?WLxXh9^x=AH)26ZTtZSU!KCz2Uosp9Uj2b4fk+A%WUliIcK zrh0YX?yV6xI8QA-Gjo4k3AxN+zp6M9+X8xqLPJ>ALSFpPX(5Xqh?5o&Ccz|3EEs9+ zSR{8tV(^f=!A>j~l!um$P~)0K z$12&)dcUG4xCeb5x6(6(=nX|z9lKl{AMUE-9xi%iR~;((78hB=Tog#|BEi5_^dUMe zfEwujfWMFr_%e&p8UJRl6=>(a%`U+C8>aLK{Ac>0Wmz*^y!e7<6l1dBfdz;wvLMS; z_OMMGBuBNSr8koTz26!v zu5YwZZvpEn4h4q>o1U;by3QAxfEF>kSYG;#wDnCg>P^6>z8ka<5{{`?1ke*(9YM$| zV0dlRX~0f<1F|AH#RP(09tl1g{7&$PL0!-<_!OVyQ!K_~_bZ=K9#hUBi8<_*9}MU~ zW-BqNxkNYemMNZe?&7l)_pV`62U=leB9Op{A9F_+2^i4mFEv_K+#a-J7Km&XPKu2_hmQt$ko0vr!;P zfcR-LtT1pfr^NOf#N|m0At4OFEHMKv5FD$7GZXmoV0JBylon&S(zOXkDwwM!%u#1f0AA~vF4F)H=1N@q} z1-+hH!_V+|6?l~cVQ(N@4*&op5D140`Q+xr=5S8*NV4KG*{K?aVbKl`C}6HSGUagX zzXfX@XEHH00LB4_?Z4FkTi8Op!oXpq%B?U}jj6qff+;VLEN%uPjBmujfZ*VFgR_Yg zyP5%ciyQAU-EK+695I{Dk@XA@JMJ~jC*%5SC7UxpHq_(W8{M$&s+u&J8_C3CI{ma> zH_$AMe%}M{8pb#uh0p2|WQu;_DblfCR~OK&7E-SO9zsSh za3Nr%Vn{hjS)%QpM&o3&*W2vvZRYa%lbNhHlgVbXrFl7(vI_`Lm70S9Oo9K%t00`* z<)1%l7wh)zcF8`_9BqvD$~|!<eP0(g52ji zKZ|9eHneh&rhK-!LAeYdG4xVPRAjkP6S+v;M!3c5JtS6&(qi=rpS9Rr7w?-Wx{Ri` z?Z4h+>lzAl7ZMi9fi1HY0MeO6$nfF)f1JO?8BLmeZhNGtGak{t<@`z%hk z$>On=hG|cJU9hJn$uK4#xOkPtMQaA>;fzn75dEh(6&_162pPQ@BR5i%rWBwJSTq4O zB0qv=3msxXXPnmPupd6*V8|N`?F)&aV9F%`vRrX`;m$@h3j*Yl2^D0$B{2vQArS+@dwNOGhkTSBp_JwR#ua^tn*?La6ae?gd!~F z7#~{CAG-{Z{7>6Rd9@`*?K(DjHN+k(6a!nQZaXRrgV z7|^^Kwk!{{+AiVgQ(d%TrO_+=n^Uw*<2M7aolU)Hv7qv{mS2q>2v!0U3lLlMllbW; zh*`2dsaaeZ+TD$h!7@H5zTi_Btlh4ug^(y+7ZSIGM6#EuIUIRs_E`2qS$RWN3}v0g zd3|?u-dWBa3560~c(oInOPdV`S|-c$v`Ws+mFHj{WPIRNiquLMHyN17m#>)uJ(P2i zV$5?)!MX8V^T5Xr3|>2)Yuxy;Lhn@*4ad?BdFu;Jd~=Fl6%lxQHZ^v`*cE?#d#7w z$r?=4ozg)HrAW^U4#goksuT*|GVQ*udg)Nte6S(`XbDD{+=7Wb)6an2pi4oaFuhXz z4;f&GsFKVI`fYs`VQ?YQLPMF=f+pJC+(+0*oJAzrZyO6l6@xTqTn}Hx%8nktZMwL1 z=Z0JHDV<%X1y zfb%Fy_sGd({_f&2xtv*4Oxq(2K6(M&MvggzA-;8IF`6Sqwyo~4%K&3MJLah1^c6L4 z(5{!RH4gXd4cIYS+1L~A?&nYY{#{gFy6Man@~*L4(@NS)+cUkh*H@eCv`_TUeV2Z& zvtmA1gkiCKS{T+uj6t5JpsPN1s?#*>9t0U-qH`bv1aEfQqh&=C_Cu!Kbwso1KC~~X zaa=W2N9PQYR5C~=??LLY-Xakc`<<{0EjTK-T%?)(P&f-V8YW>jP2x_>^C$4d;dCMs z%Zu0_o88i!k4p7~m`Ie|^F11NZPFrJM%K>POJZrg6cwrqS(p)lb7LP1Ea)ft+l)cu zxGf5XLGfiQm!!RuiFRd`tyRRlEN~D-L&9j)+d{;1+c(s4C22;kPEe3W;qon`nX6S; zSDeZ%`wtlGMmJL7^6`Md?r2>9p?!TgFcOA3K6*$5>|v^{6GtdfcVic~+BPd( z;6^YNV25TPBU;ar2Li(98;myBHdvz75HVP5$DPn>7E0a$qM#il#~NtvVdT*=lR^8M zx)%48g7|b z@rT$ECf9kGjx?-P&2Y9X<*XV{3bO0WxK^kP7f|B?A?2h+5Oe#TJ4kg)x%h1^@zbh9J=t2sx3nnj|B4`xN?3)69tkEBpeK(my`;YzNxN{ zhX$0?hU&CK+CRO=n2gHSYIGwNzE%T zdE}gjQFFy%ikEMpF5*cMozeC&%)okP4YCKCbiw9OUmSYIp@ zZ@ofrN0%vCyA!R!QKBvLu;e;&Z}YnM%ucM||6wguV>DTIjE{8fo~-PUzJ2X(fbS=k zmZSsAff}=-xbzRs{CM9G0sBau+Vcu(egFfej$etsVMe4eAf)S&NnHzYCuyCdad8YS zS5+W)8p$^#ZK?^J;N+n}*c}!J3)zf0)z3@@c!Y=jisKTx%jJyiSg;pC?TyB%Oxl}C zXZEE(la|uW?%HCekt)ulr&H4i6HUetCh8JU-d8h*amZIm;hjYc4OpN}U%Etga)!zbDhPu^Q;Q>cMNQVM}@L3DWD^uBJl9DxOH+5IrX1_4jcs5)sNM1nsnb7Edep|OGLM$Q==rkpeLCI z(RK_x6l{l;MUxnrOMtYQYv3y0#)Zr^hRG=JaJf!e>|P5@@0L_I8+1sE5&$XU~Flphz;7=2j6ZY?1nt6ZM&1mH6EGOX+dQ6<=Z*(%p37fVIFR4gWslmoj_!X#zqWMc z#!8?#l+Kj^^EoStyRX`PcX;~j(fM!9fM|avo0fLlG9$gwLePq2AF>0(hkP~G>89`n z;^ePC4g))=67F1Z)HpFtrcv}9XcU2_m+Ki6ZSKAWqVk)7WH`Z^FPF#w$DfV zw)csi1@HHbVk!vnW((KV{gc$!QxJPg%0g(Ox=^c))TCNTQ!-ze(*!@L;B&wUqaqEM z(}**AYFQ^)!B=5QWC@RBMWK>2oX)a)0wIWE_TUZOo35@FM=HTa|GFzec6+&ZFuZ?n zW_V{kKiQvBhuZ$!{&DA((?hdE1*binsU-5{sC~wy*iAdfdZ+t~E_)=`%+--a(sJoS zf0;tvmcNmFh|T{6>oa*Ug3mGT#N*5p62Oez1v<^bJ9J9p2_QD`1g)xDnxahNBm~8R z*dHS!RZHLl4aOK=HWnnN>L$G(LdqMg2;mFT#3|spc`WJGA1eoqCKH!vLXD=N*Xghx z^Y$A9CZO&wI(GmPD)&&N`VeJxAzTF$9-=j6n!bvRs*W@QB_0$>(JXB$m*Dr1IF!H0;cm?sr-gk_T_Rg2~d z7ytP(OPBbp)80yk2pw@~ka-M?)x{}xo;zzSD8!Yz{~ zmw9H4Dmr}4`{x4$>A%LIv*$MsyR@oa!L%P`PsO2;m8Bfay4t?2b(4Nv)_aph?gOmj zsQpWEfd?6jfo1f5-<|nIg$!*^Ys1vJny z{iZ~+?Dd#UWxvaHN+=;vtyC%rp=0^31dtI*1ZSO@^__4t1T)b-G8fXt5fw zVvE6gNu37wGLce8N%Nb_o~t4OQ>18WBXLHvg2>oSug z1woT@mrO9^jgU?_avR>U>n+L@3`f!)vp6Sv^J~kZG<0C9oamc+i`oRfWZsorQ%!OG zT&hX%3+aC$CcRHsRIzrV7ve=)Fa4gLqt4#GKCYpQ7!|7pPWAY!i;-EkM++x?lUE+q~nwtuWf z5EKKo$`;F%t#u5%a~`P~Nx4npHT=s*^hU&$>Mio`C@&zHe5qC+Ed4rA4g{(Zn>DKZ zuBrkWPdIw%4f$H|v68TKS}1{*z_~~#B*_^q%WRqDmK8i~zoEiir8)CL#7II4t&t!? z&YXZ*>UB25;0xm~lD$f$lnseaP9<{=%XU0SgG^FEoE9=6SV)Mp*wYXh`D%P&Jq7LS zY91$~6LCBK>Lc^HGRI$d=Jj3i^pV7Tg-eFPVK`;H7x-J0Jpn>jeP>*I&UT60=@ z208mx;p?Y`3S?ybyl%3xpv_Z%V-~|W#SEB@RACZ@{j7-iN$&H}y6Yu*10t7pqo>uO0Q-E;)?fGu@* z4Iy(UyKd(pXRLQ)S6`EAj`+HL!S0kdGrZ%vo0=oTvbb5+#hR1FzWKXu*^Z1%QTSu% z&^2JtMTJMztHU7#*ajd**i1H{(d&`grnj98M7)8BEf9$cVnmE`5Un60pjI@A2>U=@ zzKq0VK@0?dldp@rT{=|z4!Dt+<8n;sM@3Q}$VER?8yRU{Xt)Ry`PG*j&tk&YYBl9P zDt4<6mKEW@~-HFQEtLf2Nx#=7Mu%tKb?LRy)Ci)MazkbITwyk^5nsRr_hrEe+aQvf_OaB1> z$n($He>Mj!|QIS646tod13W=MDgGXuEj*_K-aI(sIZ#iGi15Wi+D(_{) zl)5bS1pM{XRB|d1Ui2W5$r1D9^MYrGtY4&b7)_Z1h2S5hV53)f*TUb3Di=2NL>;CrChK7Jh-iDLa_gOU^>uBZ z-HEWLs0}p3wL`$?Lc&oE`)CsVpiqzjCnp%#m$#2V+6=N;@F;$}*>Crs6ad9#7A&C% zG7D|?u;4!u^2kRNgTWjcwVRLFKqTNcSPD2PotVy9pc)|(7S4KLl~X|75d9A-8d5Pj zgrYIPQSh14z}Mi0200*3Tl!@2u=*kQQ$x3QiSwQ%pR;)9$X)Kw4c%H<`jQ6{_uDdu zCZ zcx8if!ZRhGFhEo%by1ranj8KsT)FtCysGuViKm`&07pmBS}I|(+!tk}Sgh^_lA1sz zO$2OJwg$wIduhQDxuSA~atkIT!dpjenPQg* zoR#_`4_*4b80(_&FRG7$4ALh2_%x|`De4A<=CH?|IVC0utZBT^aEqA(OJ+L=lTC6K z>ckjkPYZ|{w-8Cf63H_u&>h*uzm=>+0)@H=WC;;yO%px{lbXJceR?wW>33tFUd0u9 zvnf08>M|Olky3Oa;x9VxE12=ulvwaj>W`R6x?~3o_|1i;LWtcjYVboq`lESu7E#!m zySzQmXfOW}F`+2(1}+aw7uVi$PXV}>o>C!cafn~` zEd52G;4PtaXKLqkb7e%jb8c7P?3%18qK*uCM`kO-iFJvlEj!X|_I3;xt$7RIYZCLe zDEuDP;$;$~s4+64qvigCjg~#FY^xmt1tt6u|EYAsn@*(TF_Y=2Su}S=Bf@c4Df3X; z?{`EJCt_1(>Kb#9606N7dC@V=ox)v0)-ZNa!JVTA=! zIvmZQrc}FI?i-$t)^lN_!4&WAi@)QR%BE{--h3)-vWo}ZOTYGw=I!qM?1pZ!K4iAr zbvyKSn`v&>+MR=OeSCCeO`v~U{hoCLjx1sO|jRD}Pn+OkP@!jTxr_CXG< zpbi0rz})&Yna8=sL?#OiZKGx32?|l$*sYn*r8=afB%Ou6pwM=;59H^dDeEAs4?qGT zvRZ>U3x+YIxd;`5T*!BqQ^yT8k8<1_s0v*tDhPsqLj{1{*64%Qg8ZO0pZ8X#++L(3 zHHq&JT|BE?C@X}(`8@hQ(P)-pEdUb~ zUrN7iWLizFnW^Rn^KM8%k}g;oDdfi+F(o%#bq-&X{dYGYZ@!9l6760|k>f>{+_jlIuP*9o9toC(QZI~iNYH2%|onveO^_fbKN$E(TUD*@dk_z%tYSr`S8W&$Z_iQI53jxk8U7mXkhNsI{ zl#V%^>Sv(Z=ONFp4K9~cf8_4`mc!fPgVm%VXN=_Qk>bYwWMX9BSh(c5j_S!GLaL@% z_V4PuW;}1U+4ZwJo6YPiuF2=>al5qXT_Y{oruWh>VcR7h`N7jd0h1ZM!4VVaBebt^ zn2?7gT@S6u2_aoG$%fFZnWCQxd zgW(6kGEpTA`aPMbkWvRRpP1y_IanA`OR&=;?GB;-$T2#^s*FOyjbH_mJ4zOxDNfAw zHfQ}&*T_(Opd9j6HusmjG3Qp7_%7E^bXJR1H*!VO_h*gCZm-k2)#S1Sig9n!ZyUU- zzIn4Pl}cEpU~z!vE$rOifz7okd{!-VGoR#?*)mPcG8~h_mIC=(0-SHn)eU(5U`}Ha zBgu@^N4eQN)#&jydU_hhEJ^G4Nv3U8#O+5i9$P5U73)&Fd>|biN-$eZCU-pG40t^@t3O_h zS;GcVfYnp;364p~Lm=r`RkYtp&`Tk*U$VghKNu~m&Ll0<>dX5v716TClm$Zc3GqYH z%n=a$n%avUf#Y>S#baV_S?AKh3Tn`M0Z6Qmx)+^tjgv@Zonz7LddOhjuAkOnAs!id z;etY0n{z~An%NApF|7aWI$iEX^rIJONC?v9K!gJM{UY2aDI?) zIQCs}cyrnuEQ{AXe17n_^f_BB)-$f!^h@susoVB6eWe79vlQ=DzqC=jU3LPOY;Sv8 zS_4ew0=A#QDZC%_b|qw!dF=NH2LY2!K0PQ!PMy(YMKXryb~)^lonSX@UfE`oQJq&W z`|Q&W>w_jy_n_P8GMOaXv^*oh>Pt~?8t|*4RS;%l?=w87@WY>ic1)jQkSg^+B=fZL zCP+&nLpR~Se(dbdU00lSpN*Y!pWC%-7k?8^iq|ZCe)Ih1r9TjF*gQ`%mBjv_9pI@} zXnMb=7R(gTgYq-N)<1NLHNbeQHvcB)?~nLqe3If5Da<(OlQGO^)H)y`e1g#c%;zMn zP!_B86oZtDcL+yu=ZHnL8f-?R)&2XnS?j0(0i8p$Q8o!PgO~;6ORC=LYR(;UA(rpe z^4y_A7s`hYu>p{T@eE~*%gcD74oTcmG5A6e>yXLkt=t+-mZQ;>-5ZupJsI4(VaeX|NEhOTu2tdGi%ywS-wf+YAv%rC)+9w5ZuRMSnTt;D7`bPV>?yqD+`?xSi z`+>2)S9+0;BX3_f1wTMu*htsoc%^lG3m=CsQrC|@%)_EUn5`A@QfvPP`AX@v&i<|9 z67Rna_J=$8e!ynL`CCP#OoGCx^Z{YCpeIv?Lh+rJg{0<>7f4XBMk_b29$ z`$%{`?n7AeA4JuGJiK^U^2)eYH}Mp_e8IVU#5GCHtn8gwCZlR znGB)~XgWR<_vF|~z9-@l_&r~0z301%d53PhBosRLq`0+Fe$O4+J+ExNXErTawoArL z>pitP&Gg$zWT4;Pt|z@Go#Z;rsm?vMy2|w1cWd{=a8S+DowW+rY37Qrcu(z~f7!mL zbP|dk^{J_oE@Bz%v~s#OjV$%`Wy9`cK>wy{?f_qLhGvO$_6|^?wP<< z1GtLn-SJgCewRP*FNF7De6{Co$@bIp%vD^OZWnZ3^}H)P&-+H_d6Sh9dY*a1f9iSP zS^2zVgP*tdxBfo0^Sp1O|FpN9XgzP!f9iQpzQyx?dw(wfzOTROd2i95;6&RY6NO># zb3mGZO3fw}u(t#W?osk}z+{FG!ikSih73G9Sf*&b@^aL25rGAM1^EenDqO_qQaBYY zQgui_B8KUp_216OFSa1IIWG%}7V3~e42SFvaBM#c90~g3aqmE*sXrd?7Z!85ie)i0 z+gNN?7M-mK7Ybv+GWY5QDB#ay(YxG=Ok@H{iZmfMAtNxC4aW$tU~{}~pk360rEyXG z+M0cn1*0n#$PCxhS2i~{f?eAVO_tW?-08vT*(-9QHQrbD7PB#w1laShk~LDznY}J+ zya$B@W6cfujSn1H>&sTdwbAaNLob;uasUvGCW}osV-11EiPwBqrn$kq26N*J+T4H> z@VlWpxQ#B}Gb8IWGm@Sv7`NvJVWC_p)7)UbBb~g4X$M#B>)8a(qwAZRk)5DAXRUoz zhqrxh#q&-HU&QlJw^5dUlF#CCay-|5RBtb)4c?KSb=8VzokDp+mSKZ@B#! zT!Hgt)Qy&9svrMH#6yIK#5VuD6p!k`KP@r56K<~ETfR-A`tje@&J`};q2MC&4SVOD zjqP&gI_+G@2*^Q)51e94-vD|XDUBk9DYx7c*z}Qdt&l{i5Jf?1Ld*{WutuQW*Vt;kX@+uTHoSQSZGf-k99%9h|6%EU97li89t zTPhXuS%(|qB~D@Yxpn8L=3&o-WF z3ne6yh(U@jSSgRuaN`ez|4vY0obU`_DB;ix&O;}8rAe|2R(x?mOERyH*W>20DO&7B z{9r2$J$#GnmcZV?X4iDdhIDj?mSk>IT!tAvii@{X(C?Vqw{Pkzl!cCQkN`lmK{^O| zHjm16cCJrDI&*JJE^SiWS_a+5_$*G+4f;rb?4^$qP3<^aJt(vPaZGW zNJh#G9Jj5>E@p(qh~!Emk76)~5~<^~WFw-*)-HS>sh#{5IXCct<+*Sr7^3#4Jl zP*i{N3}p$^fRJtK`MGBsnw+S#q(n%`&$M+gZ7{U)z$c-5jKI2*(I6x!GA_^>2J9m1 zCrVmy(${ibiyxNOSE44}|IgT)0LFEe=fY>1eLZvL%)aj<%}6uSXkV-|qs5XX+me@f zm6z;ILKYSi6@>(g)FK6vk^+}5m!u`3wA_XeE8vzEL*q21aR{wR!)=^~-a=FO-R8eg zaOt)DKks+WXmQB>>qXz3(U~*nyx;r1-@87qGM1g&S3dY_2VEHey|zzFGwsfNH%JqPRA${k9+E9JHO=cY!1*<&y}EN935qUXAyRKT;tyBK4E+JshcTE@GfO?r~uR`*{JKbpG-T*Q0sWdWeo~ zSj#mg_iALX)~Fh%MtgfF5x0{TcsuRT?NsbnA}N3ajBk=Z4kH6D#K>|+HdKAEnS%f1 zEw#+L9FhZ2Lk}h)p?IB3u~7F?vTcd$uP*0i{SSGi;&KfBkxPu=)QRe~OTb@x>6c4L zGF{2R39_$urf!nGiMr&cqzK*9hH$$u;xCQ1`C2`IkF;$hx)0gdD2CWIzxq!b>L2){ z)f*2@`|Xj9?W`Hi-TYBj8gYE}1uSFJbqP2)}1Z^$8S6_=uZKa3>>$}{%=G7m< z{{A_wZ{bUHP5vlME7H;5S88$PXZalK=zR4m>vjJHI**^%&V%Vh=l!K$v3O>A$)|re zvjve)uGxau*nk_}XEva=zi+Vp%$n`DCZnh?HIq@?!`$=wGdxtxGa0pRyJ#|s`cg9) z#XYRk3XV> zYyckHvgn&|Pq|nXHOsfuyb%5Uh~~2*f{lKcW==2^f?(x!oUWy%K?P_^5^O6?1(jty zV8bW%6fz_Q4@FH(d27NaO)iTs8_9GPBKEOk6Sm~w{MOn;Nw%0ht6$%an)(U8K5?9P zhev}F3X9|-&@~dP-!1PMZ3&n9li}{z*3~~pQT^+D8vA?}{+BOe{($e#J*s+ww8#V6 z4~pd@Jj7h@6fR=UauzRwG{6WH1U3S13cI+2d^hmOzoq7IN_kyI+9R=_i8hh?ig$qD z&A5+0)A?_o&uf-ud5h9qL$EtIp(;{eakAn~+~{6yZ5)Y3c(4t5i17R%*4HOs9>l zim}y*pP|rcu2reFQ+6O0O>68a#MC2CMfqq}^(H2>k8yU%{)YW6yTR_EH$0EM73brv zt?`b|SU6gY@c$OM3Kwp9rKI4kHLixz zltMlV(iD4SLfk?%ftK+u21FEEo2hV5&!Qz!UTfzCKQe4q|K|GJZhP@Ye{Vk57x1#a zKsOB3&D~x~6kJ5c>{ypK#53>6f_%^c@4n9G^CxqrFG+D)elhIrI zj;F8wNWbq}knvBxL;Ko&Lss#hqWjjb{j|Q1Ul*`2-yu5_*VKH6#Cyzl2zvjncHg2f zRA_&=0+-)--$auUMsMar6uu1ggVDR3$-#*zn)5pab6Wqz+IJAWweNVE`#bHv zg`0be%s)wfyLEbxFnVj(ep-{U!roez`6rn+pwR+#Ky=@TEHggY+Pv?s)^b3=eYfGh z$-r6TZ=%U1cHg)t@yQQ$dUyE(E+b|rh#4Yruk$zY$$w+?*1qFu?g9P2=Lbso3V~yu zO~xm5?Vqvx)~@|@obfk*IOoTud5#tutxL@(N%!5S-#6)Opq{`-QyI7j1#1@W$mGWR z*8HEeE}`(yeJlEX``W8;M+(*se4=grzP0ZldTZbDH1|KW`{u_x()bGAnxng6_sy=& z?pwR|)7!QC-m;~_e7DSRjeLopKriS<@1{=fTa>TM^mvvpiakH0TVfbd(+NvKA}b4x z4BS1SQ{4PB|sxsBUNp2&E!Y>?M1T+5fE+JapKNC)0&Q zFeIN$bX6<0>T;!=PCHK7Y*B8xJRMvP`Ie)*VIfezS{U>M4H;y4OUU@TfHNE)iSN~`0jatQA?39VNkigiR{Y@B#lzjP4mF*TW39UzEqy&b`$M+K4FgAR z-*+(98g))A{QhC7)f%uwZVdM9hp`rS?g&*U+G?E<*G?(A_u$t1vcQI}1`m8-dqxm; z^E~MKW9a2yV>y(s5I#L~N0CK)+KR++R(b^mwVBk!jzKWe!c?NAyGlP;0Gf#ABD)Ma zmsa717tGs*Gzn&&A%kTtrH6uzNbPw;t&kZO3>0Dj$~`Gk&w~d{kC+T5uESxk7M6=` zq8L~X2JPwPwpqur9dSgK9d-?sp#cDZ@+E5g1hQ`WgIHoS8LW4m-1;l>Uunq>e*SB7 zBh`*=_kMEP*>=a#kw~d0VpWo(eHkf|_5@1Vu*qbKmulg;{rrbUj`-bb+xDBcgm*d% zTL)ul*|?pwy+B+>%DTfaYp~hO==-P3iC-{(MTyoM;uwFTuZ0E4g-x3`x!2YL*09jQ z{1ww|oi+UxW03?$t$=7zcESHR$8_Z9xG1-Dh6`$uS$MiHtCN@;JL6$f5)%V(Cj4Of zp1|{`xhU3cG#cfMC&FKPrKrHcbQpIxT#cqOtl=*)r_@@F0}7Cv#Vc!C zv5^9`&BPH{1x@T(v*14dF_X1#+>_6x9G^J;xLg|^P4&*zLbfx)bg&i~8WIdf!i171{2~QxdR^3XjxFBaShG4e>^ep0-9$ z+e!X_PAXG{1BM}Nkt0T}k^eqI0Em$wF`PtsViNgT-F-OMMe@Q$zExe`zc8pKcs1D)^`L=SQP%a}MlNFxKs7sP}a>+8&y%e7= z6nC~&mosIg=Z5l`Sy}RoKI9yDNNhnM0m&HTWk8eA5kh%F85nFgme((R7s-5Z*{&IJ zYm=~v<(mgUQEYm6;DbPKUjhkUFQ6kFp%I<{y^)=*d2-`|QENoBhF;14z+YxXbiwjS zzNcx*gs`D*_kok#g&S%7@Id z&Etu5jJ1##Q4oG4T^R^?_KO~)BX zO)0K$?lQ++v$YT#F%Kx^VQwG*)-cc(#C(_>qT&oO9G2~@@# zBDtRgl63;{m%u7I=qruHef{?jgxi+N)uk3JLJc*zK>QUbgvq>8{lsP`v&NGu?4&Ji z{kG*Ax16A9e(loh8h+Pn3?Z{rx`0gt@uFseW^*F-F}Fc#ky*Z;Qm32c%$OlK620~c zNjW&+uggwvDG-vSKJxE#_4l{-cJ8}(d|=;T{HD3VX!wXX(>*Xb=doIaL%eZXE^H}> zb3r@CQaB&9^Dp=A3AiSz>X9vpaQjGp|Ly+R?$+BnT90?MRi;KW^>Ms}8Q%2$XL%F9l2`l0BHk~nH`*2DEjE$A^*G)c{c*WAgQGli)+Us&jT+dA2aJv!ymt z7?~~BMzE=%=gv6%D=Wax*n5U^Kz^1$PuUYXVab`(k@RWKtRMp+hrXwgaGpyqJcQp%;+5TV9@jZkz1_Qq$24X356Sr9pEeK-D1@8{G&7b=MV2mBg=my z+;dCDZdiS=3{%3P>ktWQg{~1|4(rr zU5OB5K|euP1;}RI-GNn$6n3`AF|tf2C?RhlsorKTkBvfE)i6{KYU*O+q%(V9vHPWN+EV)eF%*SLUq;FpkqQY=$~BX+|b zH^lg$*B&ek0$tw{H2GaEd8={tJFfWQ8;)iF1G)bEx$x0<-JYLqAFl*h^=)TsV5ofi zZATJ2ns)EK;v)2GX7}>fH+@FJUxX6O?xhH=reAAz?;AK5>l1$0>)*}vYvG2DUS{`F zR94d|MukVf7kTcpXE=jKGtdf1Cs+-Le7~XYAl=wVqAv?@aGO>7Jy8s1((y>R7)z#* zzmw8%$U?zFY$2J9X530bsZddcDYcMkL>EH!V8iCTuWC|Ff(g7dPn9&9HaD*)V!p0n zx3M53p#7hF9@uylFxKmx-#t%Dj+UE|Qu`^Ep%>FY^4_Db z0ZZ8H@k?HlC1U@^ll*7AtAE+a`@O3_9^_}eU$VIJ_HdxB-D>JJnC&hkV~Vb#8;P3V z+4++>8x$tUv>UIE3hjb|gtwi1`V3doIB6#dCBzbU(6)lS0*r6c@pgJ2$76(R0;a^s za#%a*_YiUznf1bs!H5{)u>@I*6hwxt!ZtCoSxDqzWYD)5S(7G~(48a^6;Jy7z<&$k zD?*ex8zQYogXM!}jn*OfE}Et#QH)M3<>%^c)urg{;3EV4(g1(=06);ZyrsU});7IG z;R0Lcrk7K*Hs?bo)^7sSa_$vYML@XjgjtBtB-$OaszREOcM5+{kocV@Xj9C|U^Xdh zu4O2e-`TrD~ja}k)L80%U95R38(k12 z*1zuz_xH`*hiQehHSKtO<_x*uN8@q2LNNMEJe14z9f_#C95A%v^nL@mY%=qy2a%O5_&<*)*=sB*O8usKo@ z6s>FM^-OKVsD&Qzf@vM}3$;Yy+r*N$uw)4U{29*0m!fTM88N_MP#Z-|-h$)QB zm4XpC#t=jwiF_s^$dq478kdVzUouoK7oq&IjEglhi!Qu@n7{yswMK8KW3a3Is7LX0 zft7YnLCC+my}jgJ>JBfJhL~Lt>U+r9Spl8vXsVmZ&!)Gfuz9n{ z4w1Z*nN^JDO;}-a)gYuxA#}npXqL7%6+Bwa3|5h)zx*PUvpf{4O1I75+kSg%TfOMDn7sc#v-bDVfpD?gWL%x(f9mpt zO2gSeE&StarxAr!FM+RLNA5iJJpRTCpat2yy`lDELRq&~=IQcM`n;DcU@uv~UP^(H z$!*4ZF1X3eaRb<%quL83!cl1zO>z&Z*`*~%B^-&YL=6h+iKB+7z*jP;AoBU!BhlST zAQ?6oJ+X((`G@>I&$OOWKZ0rt&>NL?FlwLgd<7QmE1j>u$PndqP~2D66l_L+{NPz~ z{ieR4@4OoLGC)rD>*z0QhAYVZnd5UCiHpSg)sJtsPT8{fpmgQL+vrJtiJyqKLrxH; z&IJE1H9TMe>H5iA&`z6gk+?iTl!PV8qLCI_9{9~TF>@a&P|R(nlB+@`8jr9XhY?El z8lh6$KJrU4G(pX$L6#ESaj!B@1YR)vw4FvwCPt>yVuadD8U%e>y9@flPTWq2G8}yL zzCx)^Xw!j+o=iCvGO2QGj-3*I?W8OefD$sT10x_$@X72zKi4l5TlzU}g>O;#mKL6m zb}ZQ@8%xox1H;SN)NFsxvJ#kUDKER{in(RMi2g<-;i!Im1pjEjf0n4i(7iS#Hf>sF z&AHwlS<6hxWSC>6A05V!f4px)Wn%bA#E{{h40h z?sbm_HHy$1$u>T8(-wotW^%|8G~m&E7?ZwDjb~REWjB9h-J!vJT3f}N;Ac%khZyC< zs?;E6sgu=GC)eq)KBsKN#9(Cl9uOzlTw`Q4KrHJBAEGQI)~`pai768^m5B*a9RoHi zk@LGmZ)(-=#FX$(uuH-Z!aAOjn?s$(U6^Q%n<%@+M2o*SmG0?Dr;)#)FM5qH6EKM9Y!h8*`V0I=2`A1TaP%J-N!cRpXa36J(Wi8a&1$z13LKkW@hku7mHBj{h(K<9EU}g;;z6SPo%7vYH!m1MQybmb$SK3K~$M{~}U8Mqa`X>}~xuI59eD z9X>xV5%?Rb^f3{7bvn$iPz4eg@D2!_Yv4p7Ne47w@46YFgOOtE_~UjH%0Z5b`6-4@ z$PPdx$4^2e&xi%`Ox57}AlL^pUpo@)2;X}5cW*svv>0w0dDIj495q^vryd{SJ2SsB ze)OclTolcQ@n>2ORKLaV`E;Ny@Kj*+_Md#J?Lgb=n?d2f)t-FMKZd(kza1NjzaRG4 zB53_8XbpXw&#AsL*-cte7zwfx2{H=lkdqcZK?cNvN|zVZHmn;n+5XHsUZr3~m4srI z+)ibZ$z|p&FOg#y8qQf#|47qO-;L`=>EdC+rgT_vzL{KC<|?jX-j9_d%;Hc$8w749 zl@552E^3qka}*T~UW07J924M`HyG$L7EV}eiQvwl5L~PTMgS-8mD?9xzAIxMyXXTvpLb>HK>G&3Wzpjsc37dDLXX?bOs@>W&JVy zc&ci~^zi6Y)I&wj=vWlc+dA^UmK%wTsZ+%wdg2}mw#w~lixjlA+9UGnH&WeO4~89% zVz>G&r-w&%iJhA1x}EkrV<$4VjZ()bgE$=z>O8TgQX^C7wr$ zuWncWkq{AX#foVqEJgIC1-WT5TPR&h+stT^ax|HkCpOZi#P&P9k)-WWB2gz&_@e_y zfuO_cmSS;BJekXz%n9>jasDYYAIGa_EpY`(uhUUZq?fo-A|8Q6Jd1uY@?=0>4o2qO z&it~)?68`s1MazVomZa2E_UVl5~!%7JBbo*2-@+V^- zJl4P4J1wFMklncYao|y~-naJM-h1PBdkRa7|(fG^1I=Q}m6Y(t+P!eZ#C z=FF+}K0ju`>|MQM$98%9#PO}4ls`EzH`i?T^Ak4D-m4eIgm9U2Agk*OXE-O8BxVXa z5|DPWn&90%s~)g9C+$Y3!ENEKMw^8<8Et0BLAO~j0I$ntRBXnit!h&Nf}Aj-p{PgV zTo!YF7l3V^70e2r)swVTEdo-l+zSG4Ti_gZi`m#9IY=_FcIl<2^g~tasnT=OeV8?t z`8NOBJj)Ss;}7QX#gev`_}&13FMG`e9*^qn%?N+2cC6kwI$!#$PCm5lJKi6ieOOo- zZC~BF`p-{aXyc1~ZFcnse@(PcBBuHp_WB84QhgJoR8LTC$^`AO6Qt!eXeWj=!N@{N zb&@eQ(y_M$VQE6o({k9_>4>yFHH(jy8014MbN;kaQyxF5bxens`|ye>Zy+q(-Y+nH z5ib~eHTl6Q&JB}_RhnabQ|-kab=Ahu|9UKh43(v}%+lCo*K(~$DoK$R)<`klyIh@h zSeK>g_%imm&~gx&k0|5xASA^qhG9vSN)#g016J_X)qc4w(s%a&Y*+{$+Om6k;qxJz zwjC%7@oP$CDK^Ehb69-=tEM%*Btr@04MZ<+nGJuno1$=O8(|n?vDs><^|HhsS5(di~z&HM!4QyR&)3Tmy9G= zvYe95a@mZc;vI$102Ff7DTKcRk@W(t1B^{T2j)(oW0h(X6cJcv<#Z|%E@hLaGE))m z!SFV_W!cS8EeL;yp?#s{B1q19h-gH9zEj)Ybs!=X0DyjL^lnG{R}l#ZtmGeVYU3v} z-EoI6oDLd7E~~5PNVX=!ZdWAL8V|!GedDnVd88%p;Ka1$oh%6Ov{F=Uxns^Lk<-S)V%FJ_i@fypG4Xj$FY!%|y;xhA2hl$CMPP=L+a3 z7UuKE+pTcpm&4_R+|x6(H{f&>YlHFQ*M}=xvWeEHY<{72u-X!Eh2q(8p*88)X_j5K zz2mK0ItpG-EZvp_WAP}<=lHXb7dh^kGh7tjB{HokmO%u<$UH0zm=FY^5jgQknjpRb z=g(PfeZe2m@)?5UEzZG=YXbg-(6?qORLE_MGm9a^#YKZZ zyG>g5*q8l!85^NTP~;09U+FnLJy=sT)^!U4?$GJ8mQ0}&2u0lQa*g*B25YGnY|lrL z9g%CRh4#&PbG_MMDhROm!w(EkhF!s6OpYZj4u@ff$zd~%k0d&ZS=j;PRo}0IMk3db ze&nA+UNHGG2Dmp?ilnoFd6-een1}=-EkbQkvPduTR9L8<@>OV&vaDBp4&xi@9wJ#X zkubIri=huh7o$TL9d(`X$wR4ltbHJz9vEQT4=TNFHtZ;a1HFq*pRb)XZ|t3^82;vL z&U!kxXr!!F3KIdf6=5O?yQrjP12N!F)bubPM{_r2TEm4-RB<5UOHsxR$t#4)S0GFd zy$D_dWG1o_MpOo>b~9n9(0l>z6Je{N<+xYLRa)@=OL1pl1P?8yza4$lXqMs@s1e~_P^pV%#k_S6ve z!x?+5vrsD<1d4~;z*5aoIxk+v8(Pu=TwNDC>yHJRjGb!R=Q!~1DrT$n(}svy@BDReJ&BAaE? zlwkY6@KWbmdIecWVD}?hS0+dU_JZby<-pVQupD^mc8Hi~f$FRvQd!PCe?$ZJbj`>! zjpL*I!07P?UMht7IkERh(6joy+h}sc+TA*~=fE`YTm3QppWaQ7pL>tqI;ncwm2f%b z#S(yjopNe#XBf|4WNTvX>O;a`3BQ0=Cd_? zirWIji;x7M2=pFc821jl)gE+sIBCHz1_E~3yMTfNN8M*o7OWPV8Eqg(&emRp&IH|w zR43ZniF|xTdgZ0HLIDsAS|S5d0VP!nJdiuhZAN@PZIN^JHLTCtg zqNbvXYN0wmbOz8MOfYuSBF7%!BL2fjdL^sFV!+^VShM|SfPM?nfRXLGbgYKJoHCgY zo+KG=9$NYyGC**R%al-nk$K!OHVZZ1RIkS`qA|Clt6TBq^7g#7TpAkW3N{;FuM})b z0npBcg4nS%3*3d##Aszy7%BEGi4EB6(dAo$3L1*7QYN{~tsv()$I(R%o9L0yk&~ zHcgEC^%aGt33>o?j$vf-9iz5+LcnW13hZQ4vOq&P6mrF)XqIJ&DTbIq;A085D;}$h z!38d0h(xT>y8AwtylABYJJztZ($DHLS$GCg;WZuQf{JCH%!cg#WqEn)asJ`yo2vT&8m9QHQ&N^vZVsbIDjpTS z`!B+G{~qBD_>*$npQ~AgxD-ush*gP6N#F6%7U&`Wu7`{YH#97!_T$A`A3b7X9KWfS z@qyUMOepAwD@*eER{Xr;=Xrm@X3cxJ2NemJpeFxR@*`p26e3<{S3o!0GCcifzvA*t zTAj-j7`}9|gp`=qnTd#!B5FPe#o&VG(IwNV6U@05y=tlm(DNBnG2(!$nuWsRIv|K? zwcC~I80+wq96l)aZ53DdLC=BOd<|)Y8Guvxa7Eff70C;sMdCioN4 zP%;+_$8*dlG!8`NbI2L&<6cEKdUD~^h*Ye85P3Z>kOF{_q0E(tBr%*)AVQ`{Z%Wes z#I(&MIZNTWe?uL^`_YIypUa(=J&G)QJhD4|!q1sW&p-VIcWHp zoXdL*w#3#BR?gY6Xd8$Bi0LTgNBW8lik;qW0HAcBB`H`0E~LB1DGb$Y@B-+}Ygezf z^EB%=(bTt@=%rawY*TXao2xnb_x2oWP*blPdk;5qu3hF0;M<)>bD-_Sz{X0>W^b=l z<9fAgc=hQ>Y!fW^-u9k7Z>!_H9(g!B5iiVgUEF8RaGjdOMP9?Jssf@S-3v5oBa^a? z3?J5R9R$P3D1+W<$j}7wLP7Ad&6-8ZLbj;1v?$67msN1tY!6Zwy0cR)rDe{Unnjoa z5eFw2lKGqEeuNkp0oPE4z>6qt-|Q4i{c>vQfD5RFh5Ku>bNLms$+renUNxEx8=TA0 zsrc%JP447tC?%~slbzD)%q9mi_!U|D!XHAPrEYU?t>pSZoHXb_UI9okY+xXelY|!x zOO}k7r&Wz(jEsdbvh6QNsy^OlBZ!Fcvg#%a!brq6kjx-zz4M)S?NF^4d1ph-SE^{iM zJ4c1K4kMbf8%UdVS3sUWbJxjR<{im& z(s6?;9*;Yn5$E>C@y4t?JKK6BzSTX#+KucLzIKqhjQHw1_ZIUzrqlqxdWrW=^E+&& zU53@mj;z|%SEc=f65xISJ`Hh))QZU%ak~PLh5^|rc^n>xV`WXx49nZR(u01dlk;qI zn5@eIm}q$FPS#W99UqxVKN#Jt0G~2y5&tE{FhhDgtR(&cM?4lZMU<|fuf<*bnCD|1 z^Bt3($)4h2G$J$_#W{<`WPD=c{P~IRyHIMxErCb=neBHO9$8r#OrjNh5~nZ^+xoCv z5XAW^dsikFf-CK16{-xvyZGTw#uIW}&ghMxVS0mucxH;9Cb7jdCU6DDe~T95CUhsBx*oozcH@LN7Yra(X)+KA`4w+eCa;FPA0Loau&dlhaeKK6#hw9Y z$=)39hg|_9^On&45sT9?>$!jzZ0Dw5s9Ai{ZUQ)o)yCVnSTuSX4&@ zk|6``g)IY&FRKCEQA){ba1Y>D>u+hNP&9;R-Y-2@mmyqZp5alaXb2%2Bj=NB zHT)F4J-vWZ|9L}BOYinfJN&j=EnfSJvEIO4k-qq>=ib6xsgWsF?zeb(fAx6BWPUoE z+m_dUPU4N#AMtn8`eP^qBHiEu@-tNUp$f>*_ziVOnw*P3&Tx4Yy8`eoTT!tUZN&ly zWLS~Q0hodS%ZiE!w8UaHT8Sl>LoTz4d$3&cWR#*9%H_n+F8h>iN}Lj!{g)Z(bizUL zgc3v{qGm*hDfj@SSdS5D?_k3!dGo)70vk1e-h3g`8vubolHYY2=i!R}TsUJnYR`wK zq#)8S2hL4YQ~A9}5J!a&b7WsBqnXjMcD@X|0xJ|Hp53T=CrrF|$ zP~`ZV7`9N?32UtF<^Tdcc;OLDy6liZ>;mU8>U_6F*1AUnS%j0tAZ0nd?{JF7}& zN-sB)eP^Z(5t*%DrA-qfvj#CTl^G){$S|oQoi9>|p5^`{{fWshj4UX~j&TM?Rz{8S zEj0k~WmXNx3@B?6RYYI}{N<@T^;uPRxF>m&YP1^6ocI7Q7)^Nc+RL5ci*Vm!0}Y?Q zP?|q~asIr7{~P>3nzTWru7LPzffsJ5E?hcNx>t03KJ}@NKS=y0o>kC5GNshqm4SwlU8f@*dnV zp>&#_^G}6o{y)XE{+!pT)`vwt90HsnHp8>3op1~vcLyJd@bHI1Qe_gv*H`k>m5SVwkMHL&isNz0xFTj`g z1}7a)x=c^d?OZ{(SzdbWN~wg-ST913^4EMfzsncR1(bO4HtkFOu}mZoP2=O~wT#1~G0TN)(T&HhD5;lAqulj7iU4C|$gW zm@C;gxL5p_E`-m+JM@3y)Lu%)xb|+pmz%skvi$b@JzuP=l^eiA0{2z$&@ZsQ2sc7i z^Wm5hjhGd$Elivmellt{1?W}aN$Dx^-^8n;C_ZV!O z<744&#P~=Z)+<|SCGj`F`KW|#ElNj=C+^yKaDe#xvnEH>70DMImgb8O5To;at61az zS^O#}yp#5+7oPEBNzuNd&=y6)O=MlY1ad8txK?Gzd5$tRctPYKmmdIZMdf_>Vi?;_ zjp(S!*b+|?>7T#o`2+Fp;Z7(KaE^!-fdh_)k;|%XG*01+g4w7F4{*FeLfbQT88&^qU%Sk2 zH7|oF{<`pEVG#GD$@$r5!%3J4)O_fyTF`hX6b?r8)j^;T!4Mag!bz+e?g1E%mdKxxogX8eEQ{KboyI#S#=NSsZQ4~zKU^u_z1`uGGb;vY99UUU3AZ4Ec?Q-o(a z!tGaGY$N3?mDjhF`;tN-u{Q zG#dDyj!=RHIgR}V)Hc7vJ@fw$7UwswxoPoZSet*>yxHamwz`J4F>dlJv1sstaM;R- z8`X&0l-!9(D6Gb=rD*u#MdrmRftaK!htHpfm+&2F$|m_*s;+8l^lfx~N@oJZ05t3f z!i!z}x~ z3NBkg{oZ4=zF=`e%?Xer4MldZvdnCz2x2a2+35jn7M;a0(t=@|x}5$K#|4xnvj`#DbO0K7A0b%*b25c+UxiRcGUv0;lm?x)UFu4_Ljbkdvw~7 zNX4vk#~=L*YDxDG6>B_|6qRzWPTor9Gw(?B;X^&caUO++BTpNu2H%v zAJ$8SHVYV; z?ZN`+Hu7KklgP!P)LAu-d2_Q`1~=vQxG05?b=F|rs9{jPslu~{Og8#KCI`9dR79J# zcqgvGu++&dPr2dD3xg3#H_RmX?eO9abpY=;PZ$g~{(X|%Ug6T|(-n_W@l-q>Tk%A& z(`xIe+?S5EFUX|@pU;z7j5W9gPu-@)FZ8lHswSp12O!q799(Tl0aFr~;|!`|;~Y2L z^=!I%a$CUsr1l2*mqH8(vrdsB@|PAgBn6fcA^L@P|9N1f)m3U7+G10Wr?V3&{zHSl z7HQ$$jsuI^eAUi&`E2{{k?iitY^!-x5w5@cZ}-Q>x0DTgEL%sne*a7VN8r)r`sUFz zMWR)2X}q(yOXOGo#Yl5BclAHSE107YR?vAhkm{qkNL4}F6s-@mUdAyqzli2$0s=NC zu_j>2v4Rw4(QOAY(HbD=4hBz$@(P#Bhw`D2k~m>(@q1*S?DL&QV3cB`MHDI4bBkPh zQ4IJOJd#JmU)fhz>XcraM+*s(Rhk17{v`zGG;Au07?C4%qtJTCv}fJACz7sF)SH6L z(t^p&(qN=E`-MLPA^-Op9e1vNeHReb>U_O^e2i#%-PUZ2xuNhYg79>cg#66v7l5bs z6W)2{Q$)?assSERP?O{lQ~=>T=$WEQC%4`>9jy3S)5$f>DUXw8?%}RGm zqLeX+yd?!o+HBU*(~>~@LH4!M@HSElmgu7FgR|6(R<39w*UYgYQQqILQ|9&gjiiAv ze+4~C&ab7EfF!APnax-Y$s@h6{Rv(Tc_n<$CRy#?f6U%_tkY%-x22gVUz5<2Q^~HE zznzZDaleyuJ|~2LO=J$Vy7iJ3ms0|i$Qn7?D#3@Zs!)%DJ?2#p_sFs zd<=FAHUQgutoHXuYIx{3DZ z{8_eTYSpt8{Lo*q{KiWc;aj0q-ON@Xm-O7{k3Y%}JbL`ezbPMV6IQPLj&S3Z=`&~6 z@(k`}ax%;0Q`#U=;-g_*iSapw@ z3$zYqu-D9edCw7GmnKOpjSHgO(x@Vn2}u~VKkWfcJ}rC=`%#XqE7G;@2aSwen;H@k z#Acn2jrXIop2=9JR>y+Ycm@*&IiarxG8$;%3-^0hzlX`t8W^v@$NK~D%g=E=H+(vu zQui5yr0N?Pi1Aa%e|?`MncOHeJdHA1@QK}KJI&flTPsGG{ z&^QVve@B%P<5FS`IkM2SysYZodq@A=aC?Bi{}cPvgKewP@6K(BUC2FU2yxnpaQpOyN}MNjhMR0!}Z0I!7#q5&S9a+NyIczDu^FNH-1#1 z9m##vGfbwW0)#Q}!-HPd{B}zaXIZMaiiOUykayQYK443d9GVtu0as<7LHZU3pokYN zs!3l*`Fk{~J8?fS9|J){&|o+%h7?fy*h{L!3>Ym$GC0y7xD^b9_X@eiKC=P^=Pg(nr_0rGERe2mteb^;r}#NsY= zrs~F}a*hxRwy?d13Wof$tvFP_1jVAMKN;l&G-Nx*)AJHhydny^#FYcfwte5et` z_ULI)^@*V_l5C>Iy8effD700{HqH4B>8cyotfbYT=p`tW(Soib?1Uf;0R7D7mGsDq z{;szc;cKW5WMLQd)}+WHRu*)a4EXeGH+^B-{I(;HjlciM%3QR+R`%TDZtLm|&Cbsj z_Fgxay)(W0@C}{VHUFCLUj5ddPfs6vax#0}k>l;{Z zKrq6--3>gl9{!NlKNz%Rr6Q!~MJdz(y^b*e%OS#VAro0nCIScSeT+>Fg_%$Aj=fpkMm!z8guxLVNz7~qMfp0A?9RO$lORdPMUr+DW=-I2wlwe? zR{MoxD4)znPnnY1QlXDfFp(W8#M{W0WJQ2T{?Nhz5IfAf4_Icr=;$n+5dCgA-E!IZ z3BvjW{3Gxjd9lx8$)n>|duUObXkX;UAzi4GBg5*VknsG4`75t?B5WjWG~_nUKVENE zLp7a~MM0XX=SCsE88%JiKYHwzP-{=D+Sj)0-D9nzwbWWq$544NJ*8|*jrOEFhKF{e zqN>!@CpmpuGO z&!Fgw?QYH8j?FM;8ic!in!K-g!2}e&L9&338J*3vQ^HZ!z{VHUQG685y-!5c={ax zdLxs&@tTu84Rp)k>6VzZ#mKmpj#UMm=MV*Z!^R}UX5B@LqEedi>z(s@skOG}fM;G= zdrQ-3)(nt|xEurTi<~pP)m64`4f@*E-=*{i*s8s%ps& z#ENv$azd{~1i~4fn2UBICoA#=Ix}8U(Jcyn=uOhM9hBnXAj^~C6+0|A-9g!0c2=ls zPikOBc-Kx*f3GZ`_DBls63P8O)MZLOi&Y`P>s^pg$z!41HT)$F@iveW zc80com>!HSM`}rfXk1rutw!vQq|unrV-xBwXRZ?%u+V@_!S<4ko+09nCR4x}gnMV2 z)K8(jUX3B=IcN{CX)(~keAgtoNlS&EJ#)CD}A`SK+8rTxrct&;gB80u^cM- z9AvNCm5{w+AF&_BE|UyZLqaH&U_~Ov6SMLovLJV~(mheEzV!qL1gC1KQQ;QCfnXzN zTgW;cWA-s{&qd1HVLu>f5b~kqS#o>Lzc}A)e$q@|euu@9qbi4Xp@O8IIMDqmX*Pq& zp^{2UaU?XG0RJz2H*70~+tgg&5pUPwv10vQADdQ=D9x8%?bjpu&k6al`Tk;m-YYyd zDvfaV6gW6hxjqo$@sGYk* z9olFDtSuu6u62`hUBGjWrtJvf1B<|JSP&P;jJ$LS*_=?ZXqBz`UTKA0)To1(x*R9hs5_{l{>Q2>dD zBMR^%XeX)J-II}UTtc;<%c%gK(j}jeY)RDo&DspMSkSk~IVGdf9c@G!;d-d;6n2u&0T_alfqrd1mLY^r=8>UE!yf}*-8u6hH=5Lz%RhGubZGe3;J`xD$`_n z)0&4443R#+J|*kok5wY*6Laq8m=FAa^8ftXlgHE7S)efXsxF9Ge8d@wf3V}hxlr)UZW2TG2=XDv79B|6An(y$5q{K^ETQX%$fe@^n zC2Z*=Z0$^P(H2{Tf6KIBt*7oYf)i=Q5Zo^*x6HvhfAKu3AT(yfqmpb{^G2{*9u|*S zbE2-L=#r0*Ux4?aU4G;by}V=C*DBw?P&<5Iqy0Lya9}E5g2$AV=m-bqn4@(3=F!wH zxinrI=+K;`A_xDB_)*Y6=8}-+-%;&;lB7P;F`=X}rIMYhji1>$V&gNYk9L>UQSkMCV>D;8#@r)V{t60u{@^1ObqwFW$ z%tyX2MnsL6EC7aMmeok4qrH-7NAt-tt*F)?4tno9Qp?4djVSewoTd@!ZH&g`M+SE9y@+R(xIac- z9a)|M;xkH@C$#}1D>;UW)XV{6BUT@at87?>ETo0=)^f(wc3ka!$VEz?Fh(O0*DTgv zo2y))GMd;zIGnLbi*DbdZ6d!|$Y|yztwEF{(=tS6%JUE=&k-Nhq$|&%`=|zppew%X z(L#_%uQ#R~x;5}7^t|RjFm$AzuHE?Q8_HvyF=LxKR_KiP&rejHtFI`0hUfR}9ogfD zROoC7=dz9Y{v&^M5;@fps$tzOYoT$Va~8-}M-GJSdkm;g!}iB|f!aW?7`lmusq;8X zcWog~!P6FrbHGtFvZ_x~v)FQ^7wRBR$r1K!ij2b~1w4{uY9y)pJ4vE0LHcN-3TBH^ zws(Y#gfQ6;s0wA87sTLY@*;re*fA!EC7H8{!uw{tua4lw;TFDFOmN!|75UPMkc?7z zx7(LFVXP>qnL*^o@ALcG1NBgFLH2qTf8Ezm8gVumx}gt=k9nXl?nVWI1wrOfIfm)D zr*zLRwL-wV8)t{`QmFwhc7iRU*o=m-LU2*(K8Rw58$NN2Mp1Z_^_Te#S)IRkSiN3w{dcsElFv=d|Wia@MOgnAvjIo{lRI)X|3O;LX}kur%ffQ2D~s$iM6qlR2yMv(V0t`EHeKp%oK|2LeMFdkYnS%t)!atTy1bX`WLbrvt3=alM zJw1mP#sXcncKP>@*UiP*k>ZZ2>qji@yju*a+h(%)T{|bjp0OeI`g%%$Tl>mh-pwC! z7wVk@MYKQ=$d1zRM!nEc#~5vI2QJ|Qz|6{VeY{2kC%+*Jf_ zEo5gS4oi^U{0v^a%G?@w!D{YtA1{+bRU6rTAua*CW+tC;M#3E@jRP$wo&Awh;hp7W z+gyG>U5#9{`Ap9;>l6On^Hk77-Giv7;-wb}*iVzmO*wR}XKO8af%qNsgnuaGA#;2S zerlCHTD~t*r}&3UBSmj!@?BGV_M`*8q3hl=6U~KXtHIe>8`v}4;*QRI*ejK)rLnf4 z*_VsAP6=GJ+Q^N6@Mzy1`x_6BtG7(ITSOx;KlY%NjVaSTR+RlqLq}4L;r49@+mvF$ z3v@)0o4)$*LJMlqgP5@{UZQFq22s(e3u=taKJ1`lPyw`Nb|H=Y7oRE-a7@4P&j#-}pCX{e78d;#+K=O_`KrzCD&b|U86Pg&`P*b>0`eXvx zs^ybhPd*gx3U_s_xLpeIic3OYAu=lbN?_8}onLl$g){uOCM@6)w`G*`Pl#)%($b3P^x;OsPa%==Gg%-Z6lx}I8I@-~7TW-cx zt#2E%E9v&X z_<~@t1&Z-}dd%v}M#Cw4qK{G-V1rCu{R#g)%vX*3Rn>Z|n~xU3?QD|3otUII)nS&s z5CnPsWT-puhW-{mSuvh098>OA9sodZcb;Y|U(7GxRp1LD&XZa$&pDS}wq+0D09<5> zZa+#-kuX<6?$~q4)<%wq&e(iu9(2$GwapYiA`ml)H&&IBp?oz`$#|Xqh`W8lWt4YS zC-!7|Cs2ft@^zp$Z9ZZ$niH*^k$s1fwL0HwmHi2yga#%d^A4L&9cmkHi8#!XKM7z# zi^DF?QJ;m8k-+Vq(w3y9(tsnR`v#-!NIy!eS*7%i~P`4sDa^n-Vt!+M6TcJ8$@)dB8q~BeKdj=jKUZx;-TJ2dtR+`bZqeC%#PNXoh`-L;_U3o zTtVUTg*grkHg^}Yjl-UkX`alKR+z=<$7c9rb9c`PkEQuUnxC0Vr{`wGUAyO|xSbE? zTUrXUQ={tg*4bLma%HZ#t*|ZRM^i?dW0{beu#)j_L?5wFvH~rSRyhsm;(7F?F9En6 z_0liSuYpXG_Ux&lTRmV{shJ~N;5-x#BDXoO(V1E^6E+se&Px7!Suxip@7yN7Cy@@^ zvzib;W-koRb}3P3NQ!o-dAC`P1$=Rf!Q2+j_hdYRa8vJrUYs;A*Q2DRkSpx0s(FNT z!(KULLX)*%2F0u5&0PohN@;E+Z!*u=`t}?vDtUAmK_5eBv^tWJ(w-mwux;O1iy445 zhJiiD3*LN8HlodyEm|4Lgd*R={Iy>FDU%N!+~qT9uJ?wT2Hyv0Hw=*1IUwQCPs`si z86qb$e%OfDF`bAyuuYi-tZ*)(4sSk#-&0BrEhrYK!m`2078=H;&c7bW!U`fe&ZIhD z#itPic~kY`MbacD5~4?HujH4+&=O?-Sv6vFOk^&t5_T@^;GF9NQ zWu&Y7K+U~yp@cku*N{C6K`!^Rn(VhNDa@;0ZK!82t@%~8G=TL85+oMZ9$%Y2)YY@K zb^JiJHsgy*1O5J5IqFN~J%jR)x10@DTa}h<)MRq)6nrD&#R)k!*)dV}x$QeFk~L6> z`@&A+Hj9#uWP&EE%`j_H*t*jC99gig0C0?TrX9bD{52f&Ch_qZj-x)8Gwpq>?~&G# zis$gQa13=!K|X(mlQlgDMm^JaV0SXf2Hl>mL$WJL*Ei8ICX7uWMhGnegyKnx;R8Iq z!2-M(0mj3QSsV$+Oo769mSz~^V`QFSWL6r+SJh(#KI0awXw$&YSV{OEbip1lJe%GxQ9;(8-ma=L~%v$!5H#wQ?}Wrtf)K-x`C!W#cv~osgV&N zbkLt`jNR{QAz&>4?9ufrTDcpcksee<>4^k|=acVKM$_C$2B zr_FtH{^lXU^4-wjK$kb9j&AV>$7XhLn2u_!4#qLlLsI$WsW|zgN zHK~-{A2KJs3O8f6(RPjGCVPYnbEiUc&TWouu2Xgt=OMU5N+wKQFg?n~E`cP!#AQN6 z(UnSyiex|x{EJ0e;(m)S8B(nLzWe5H`(5CyAhD#_Jz5?Uq+r}#JaqJE`O0PfPg2v< zQ^~?WiysNv+%S0XCD5YCKf6+-JrPRzTk5U|_CASzSdeEv6PE~JC~iR-ew>~=PGo^Q z7rQ~6{QPnHU@VC9V^Wx2;lvo#V#R0|h+2?if$|ijz6N2uT5v|tf?tvu%Sy%q63!3M zg`hPu@x-)9(4XZ~Vlr508^@TXH=c>=BaX@PWm(J?+V@FFsmpY0bOUjk600G)%djGH z3OJMVg`>N|E0MSoiMt~Sw5g0M$ut5PBqtSe{!A;stq4kV7uv3`xE00iRGKfKglZD4$w@^|<{S}U1?H7p2yX`q;{ z7aV~s3Er6<3?A?lTg$#9CXZLKX2*wW@)3jE8*m&%!D?`5u;!ixFMIi4f7kQ-haWt( zG!))_{jYQk-Z4KN?pb>1BSZWD>bA_GL%SlOUGs;*FC?>W1i#q1Tad>JFh1U9Td{Kr zT;Fyl;(BJY!LVX9DR7m42|gYNm7ZEHr;zK$o2N`u#%+deO*sJK=uQQa1@q@N_*h?A zJLssUP-Bf8B($IJMR~}4@ArFY$$!5#|HB^&mJ1hjy#~FeA%9UyhGV+ND$1@+;^56K z#;0S`3C}6+RCErrQBbC2F9UKu2OyeDm(DS1Jb&pm24eNxb6P$a)F{mjIZqCrP3)&{ z#Vl%;&%hf&0T*wtZa%Tt8F14PJLA7VNq6ebgWB-Kk>T6!svZ8|bm?IEw!69xeQeVHbF@jr$*G zxP-QELVRgGZYhsR&ue-^-38g=UN| zkqs_!@RPM?r!rX7xwPyv*t}Cfp0~B3$jAme^To~!=aH+ZMSU3yql4O7cHM=SHUz8m zD2Pr(BSMQjh}P6R!Q12$&@@sOwbBkTtNRL`u*I5a?M;;jbCT7h&JP+Tvo{$m)%}8H z`}`~tO664KH-5_)a9RC|Gh7}@hihTp_Orm2gq#Yw(XA`P*H@qQL|qQQ>_CwN&)o?+ zme~Gxr>ZIvr6B;d5SEb5?XtU2W$th)$TM_AP$#t#3@O22C>Sy<`NE+on|T>HnzHQL zhHYyKo0eWvPS&>W9^6QT^`0+`gS<`O2asYYw~&-?t!@3~oMS_gPcYKE9i5#kwJxPr>*}iY4sK~*8tAQM(&-ge!IDhnmr&BJ)@Eyu)Wk%M zuZ_7SX~pSM5U_N*yh~8w?4tvNbG50?sq|E8N{n=MIFnMw!ckl9;Id^77$($Oigt2{ zdnWy<4t0JbP0(@$+xw;USmx``U->TeW6@Zrxzu2K8{vjv21$1pLYW(QglM+;9Y}om zRGDXqA^*BWp{3X-+tcN)==3f}eSXO3u=;Y*#E@bznu&`X7EjcdA5?gQar^vEBhdSH z8Ev9Hnr(ANgJys{9GI(AdB^2Ie?-Ydq@dFi4RuGrSpMOJCmogw0V%D3v%Uf_kw81p zETfXu@5K`3xqGhO#pY(5yQqGI+gjZ!jFR;|Y9Z}1PkNP`vD+9aj-!pnN?ldzYF+K^ z?&(?S?NfSt`}%qZi-p2UKBoYnCtq5!sE}f5sh6uQaf8)CVQ{Mt2r^z-LDq~nxFk*V zPW4O`rYwEka?V#Y8}nGR-l^Cr=UlyERI8^(jhL6`uAHMVIH_6M?2tomeIDQ$>SRIK z+S;2mD|&J)#mm>0F_VAudM?L*af&uBY$R!;@$_Gtqs5-oe_@(h20a@Vdp8M%s@dmt z{g);x=P7NH0N;VEz!HK_Z#d*K2!s>v3MB~=Z~#9j_XPGHZQXjLt9Cqh+lRg1SArF(%~eQG?(60o2J_fd z-}b5>zP3NwvHG7z!-`-S9LiIQC-(H6@O?mnauTA;Dem_O^OeQ%Nb^*INw(d_;-Uzl zyvc$$%kd1 z$gqw=BxqJNW(5AqP#F)_4X=r zM_VQicXk}h3)>(`uUwwkT^k6sNhMcau>7SFBic%G=4_ncc*T`jQV%>O^n-=O;H-nzBiZ#myN?>Xl^HFSwn zGOhJfZ*aF@E}%aoEB8l?SO)x!xuB=0RDBh50U8IpNl5b`Zc?NqXAKCp#eb^9AGmUWf4)g*dR)A2KiN=ZMe$EyBBD z0>8!F7&6WMB;5}s9{DIH*GJ(5> z216f+tb_wQ%_|n&ioFhWAa#oX>P4Wg#I6jKgO6L8=KyW+&}zsCo(2}MzNMrea~C5GG0k-*N+f z8)RcXf5;yStp)>1Fd%|Et`wRMP6uZEGlF;myMY1oYiF8aLk6|kU0GjRFRTY}xPc22 zP}|sNH|VuE@M<_=-3`G0O0qt@8+?`j>wWgl@dE=p4y3l-J-_1`NxG~5;Qa?LmM1zx zrSA5vcob`uT_gEJdpA9J$F@Uzoe39=m9@=1I}dks*B?m^q4+r-#=%=fKABt8fsosU ztnTnCrFb}<4qq_1D#$>YWZB>-2!71uEdL% z8AfQTqnb2 z5XR>i2a{$7`?O#f*E~n>&%@;BoR{Ws_mwVniW6`Qlk-rJqHHeEM zMo*4Zd#>E2@g`~}6c-fWcn)}0E<8(|o*WcK<^a?@6rQRxP!pQd-#xZmvH237L@5s>cR#sW0q*2SMB)F2UCxyq*Ro(ZPYMCKf*9qg>M z!k|@8i$e6>bycVp14U?Z0~~G9kE*S@(H#1G6n#!I`s-%|qqc)VHPk%ZtPo+lM5yZ} zb%ux+gQ#HPqN-XML>3{m$QNBU6#^cw-;45r*s6T^FYliQS~%mK$%Izyi529JopgKL zdi*E4*0n?=M6Tx{Q?2lK>WUnN(-b$ft&w$tK;{kVVgo}9w04|igwE8`MLll}Ft+xg z^{(2WHU8-($@IrRUhf)hK9ek#3?k^m>&J&!hWu|$hFqh`koQMIBGtJM*JVEYNO*5x zABivyYA^DUR6E+)M^e$Qt7CEGOW`_?@~?!n>pqgNa-GKv%OnXtmu-v%mB5?#kE*=` zX&LahsN^4Sr-7nFJUOd|=oD;K%5cSlpMYZ@!PL-9-cs)*Foc8E+bbQ2w@YO5%ZU&{ z(;@82k*E@hM5B?k|9CaAkT{gMJE2RcAS9|HLVJ~xG|eUxtrC-I#QYVrWOf|a17O-2 znGOR6jfPBConW4>lm-7v-m5_cPz5iZZ-50v9e4TsBEbLVzWpk37(ukvPn6-*YKX*t2lWZZ#o>UW-w4Xg(Q-+n;}zNkTojP$qG&4@<$^jXjL1YU3~~4l zJEVDk?!HG`L8&ZuaLI;%M6tl~#Fs~&VA+}g{6 znpyVr(r=(Gsdw2j5?hH@N%rM2UsO9z=ABhppIiy-*o4cT#;0vsAs7MFzEooZ1b@8U zlux$Byt6Fe{*T$W;;VS$0sx&pQdHm+7Hh4vxT@-QL`f$>yA1Gh+0S8VL| z`N~8`Al^4q2_!R{W(tW~A?a`=CM$j8aRi#QhZo)9q^q>GD`E@hBc0ebskFG_ClZjJp3GMf1851k-j&6pKmC-*x-wGWPKjT`v{pVhz z()Y({dHqrm=rDoIi331$mv~}_5U}>>C`)s(``Ubx1N~%_kgEbFaQ4npNbfV z|9c2^?Fs1{t}FZgUm>Y9V3P1f&Vl#~=pM|Gk|iW2qj_H0jT9$J22MwYEZ zuXD5q&ZFg^0kq(XCWt0=+*%9F_=laP7^rwF_dNPqN+V2%<6pX!r*ZJ|>> zmmr_?8ww{Wb#!Y$$|6X~A`Hud!i4L+OW0 z4>V3qh!27f=8u=)y#^PmxTqXbzU%#Nx|Pad<+r>iHn2H-a$#ZN(RDrtsej?hA8g=s zAi2hRGx3<$gm0*>3Ym-*!gPwXc`)k$wjH!wMw9VQ>;Q~HsOaHbt;SFmVOhy#r_~xL zFU#GqTQoQ#80hkORwA{Im9#Sg#oiQ*ED$o0Yg>o95bFyI1+HMS7s*U)P+U-;KVG?r zhlUHFv2SpAix!Uvs-AT#kyJaj4X=X3q+e{}e*^ERKCJT&oN(k*q}v5MkUQMK0{`|M zHHSk;mD+%pA*Yb*!kj}+Y!T`I-#;UaYSHbZ)MMCKRkR%4izlzK%`t*W#~w{QVc>8x zognQCPhL{vcoUa%Ob(!q#UbMV#A1A2LaZ4g8GH?V3m9IJgHV3php_=)qfj9)VD}pgof4o z8vvZv+x1W}LP)s2J%>L^_Ws53T=z|%y=ma!I5F{mIZ$&+^7cJ_*KVuX0%L9I-fHb; zr6Zc@>8vH)nMBwmZr@Yev$bnu9Q&?cUEa0!36BHu1=k!YPhHpJiv?nVs?Cl^o7-nL zn)TNl$qZqOW`FcQN$__IPS_)xg#UI%=!U{l#PqFD#7>1Gb}EO^pY2?Cr%Zli?&$*O zDnsvLiybW^c-*2#v((kNlv{il;-%S$gd-I-s5sD+KtVrgbqMr&Q?246j)0LUduGs; zU$zc)MB>Zx<_;`{m7sTU#nrds#f(`oEuHbBMRy36TQ0@Q&S(<$&a_&69_bgV_Ydar1rivi&e2b(7lTKbR~o#Rb-*kfnPl)V}Gn-9zE>rX;{2lAT2(yqma|-cUEA>tyPGP*G82DY9Fm3i2SMs4Q_>h$^@;8jYDvalsvmM!m#E zMYL09qz_}Ra+D*5L%`k>AuE4M3NhPuVm**iL+gwpv0-%kJppN}Cta+iI%}>zTh#7^ zo#|LRf5aI^&7hlHF-5ASdb3Itg=B3eB^A1IdG-rW{@(k3XYFr}()~OD<=~5$Q&Hgt zwcBUHEx;j-Oq~XRFX;8F_38rFc+3`YTMf|}Ul38m2uRUwjGVP{cjCd7}v2KDf@-yV2maY?x7KiEAoK!+BRCFdxK2J32{;Tc}pZLU7 z?XLG7DT;lO_PEPo-l{jJVr%&Iq}S|xdmK2~!{DSWOS5MX8u^C00Q%540oNP}6c1vO z#wn48D^mq&16a=}4AKj3vILOi10iIh$PFVsAj}D71SLap+6}Hi%OVf1A|w`Y&=Mab zgyYgT102e6md;a12N^nao_G~L?I$whOHbpaPx?dznmw)_#B&?jBQ}Cntd#nbNSA{N+c`@k-HJp z$5iAXRUKlx3B zdhvA#2}S!F^$yy{2`J?AxO246s}c0^f+AWKR|u?QM0((wv5cXN0}^OqaGht|gTjRd zTjKTWd=d~77cZ1Ao_qBi^Gwvk{l)T0&Z9v_t!8@AmddA4%Hbj+hc7H%JYSbO4Q2}7 z6&hPFAC$}R@iI}K#x?^VJH=R8ksqn$nQ;WM^rAk|F_a!`Q*ApnN{anWl8R5=IJ8wa zB^jL|U#jL95A56Bwqx5+pd-FLTPLenr?2?3^s7Td9#`0FDJBDhLp-nF_x66^8kbO& zenK>;i2;hV8z8&5hh$9;&7B_7V7eD@h$NXe)K8#u2PnR-pTu=PK^y(-d7*vPLhAvU z*F;Q$w~F*uk!F!dsc3_n#;B;(_2UnW>&DZ`RBDxyL@7%&UlwRv5#;!CKD~{6pDs7z z=0H~AU$#%Cr^m+zH;weAroFCYMrZQ4r(yO)R%C(ve9v}Ye)jeABi-b4zj%QLiu`@8 zArY@$ymIc9^7&>A1b!Ph<(lJDABx7vh&nIb4cdL9EB*QF|%u3MHYv>sgP_7o-AFz67Ah!%HRxiuuej zgq#|d1leUlvX_V=yRuj~7C9F1j4@dY)cA9hwg8+FrH@IGhk}X$dY6KRFEGImzz$wG zi(1x`x30&xz>RfHzTq;XMCc!R4|^YQKNxIerV=Y#hv&fs_wklwXzAAN+ox|K%1BC3 zC2lrJnZELutr^iI>#u>Y+9$Ph|J}aoAux#hr5jI@%OP_qD2TayARh><`rV4(?ROVF z!U2w4(NuDB z*6_`1iHy)o$PX_D!frL18|es@wjJ#5xiNPbZW{NZ`*W_xl7pqtdoi(!j-vR)?K+Dq z-Iwc|>!c8c&y7w@jIMpb5p9pp8TJ2B($SvAd-8V>b(j=hfy|~Y3l$Zy10^X;BhiMZ zL;}U?HiyRI1f$WIAZXuGXJ`ZC5>0W^N`eG$1qWQneKRw;rqK{Fh0Vc`$sQ+h5I-uX zeF*-tE6Qmt-O7=2jDhaJe+=L@U^jfe+28|Xdss1fY<8>FKIS>*Bt9_YFOu>?xY*@x zH+)zP^9Fs$uCKD2%VE{yxv`{aIoHGYK|*a{mX|G}RwJk%B@tNv7Qepqk!$Aj&O;p+~k&bMrg#4puZM?1HnuYP;t*P5AR)`Ym*WI4A9!Yc` zN?(`1XT)Dhdd(C<0i6-iveK93K_G?GDgsHG^gd?94W5={1wp?O@(~deEG!XoT$AgE z_y~!ke4YHF8C%6%KUh@aR*+nX)#Uzejpyg#SG4bh|4d3tr|_K zdxbYuzdj-A0hf>*=%$Umo3?oPy*X6}t(JF=83)#4to#J2vT>3DSj}27MRL>f#)2oW zsc}s50Acm8Jn_IJ)QmMrq*%v;ndNGK(Nz*l#^qpN zapeI#lX_!GoiD#qS#Yl0jW<|Ud<32&)sW$HN;!lU0FQXXF$mew)r}V*bPD^f2Z}j^fASkOd*gf`ki>Z95p+ zggHAoG3*p~3gC^s;;@@p)S%_08?=|y9_nyE+_+QzluouCO%+0jX(S7>;VN`4!D0+9 zAu)fHSb2@dKn>4fjGX66{iscBCRK#)1PVSEVh}b63<@T#hYqddNB}uo_B7D}8g-vu zv28i9DY|*0q`G%v4SvGA_9vb0ZTZ0+HGgjBLuYi-oFok%xT|+^-eOq$EzHnA)Z5dW z7do~+axdZbqA>IJq$FVlWrg2X-El(gJ+yOpm_`ahvk~aSP#g9s%uZ}re$sXPly!-u z88)oYG9rOX5XnJiSu%k*0pGGdA4#X8QRt`fm=cf0W4XvmI=CVT(bUPrbbLBC6Gg3S z3stqmy4O01q766j&Qp0NSlW$Fs%w|)ND#V<5eBWd5YrCVMFzbk?rm2~N_y)pTisEU zVsTd{I)mlS{y``562#5kiz(-jxFuX2D-7Oq-DbTsDHq50w)c!1^>CiqaKtP)M9-J_clrYd_Y$2K}7OF7i3Pe&`P+`Osh*Pl8hP1H) zlW`YlzbsVorow)FdO^hp71}7$`j-o$M%BtCm;UN zQPD_D$wfrjZ^>vmGo6p|8_*(`0^b#|$!2{htP2zM zYDAHvk{prIOZ;hQpQMeQdQBb2O(ol72N>{vJBtU^ZYy0Vj~dfuHxql$c73wCM3gXwR~& z#S`X~;TQ1x&;q}s;OISsyJL2=rN>glg*677-MQpd-j#e6ywD9&FHrhxhB3+7lJ>@OSqso;HMCn|pLv<^Yp|NNYc{g8qCOsllmX$vt_mBB za+5YNv{v4eB0{n1zsb=$_{mvNLA@(UE9EZVrR6S*o-+`{3^32rtf-;eb0$1k2&gpC z12Xn-j%G0vuH?uh_Ej;>d;{oxmce)6)O2#DI)mV}fzf55DhbI%q9I(I&R( z4DA(t1yGo-L($2d9Xefy3&YhRbnMzaJ-IToePM8DWuSLw$Bb+^(b?XvtIQ;Pj+d#{3 zW|OQT!!&~oYBgsn8?VZEhBWKzM*sk7J^#EZ&*BY~r`&Vcn%|J|oU0^@_Wpf&#C>GD zQ_i0+<5|2BS<8Rgn(7SkNj4sZ@gl$+qSgMn>j?lv8 z@DeNPoiqWwIFlwcBTY(7m{cNcAiPk~{%*Z`-B}7@<^_mpv5j8Gf=2tiTELvxN^){5 zy>*Nufu<2043qzF~%8N=gfN$RPvFHvL=?+H;HR){XwlUWLQ99FuX%{4u#Q}{-f z+Gt-=x8epQU zSnR^=YEGBNir3ou4#)>kD^VkDJ?s#hU?+ttU|Bbnhz^N-c~;HHUW37F$q#iTel~e;xWV_{`n-~K&A8NHE$?EngobH4nnxI%M?H(JagO#vpq6>SzNHvwGQil_6Q!r?FvJL4euMdD@Pt1AEpGyRjM;!m$3u>mow9t4FW_U$0JJaBq@=0A z8~G${y8N}!oQCP+X~V^nMwtCe6hMv3-)PQZs82MbC_#K0U$crOFdcxt{=C|Ur-EWJ zqwcaC&Ma>oiG&9ROU3H)$o7Gi!J)CS(uv25VzC(SUKv`b2di7`aJQXBYOZYxlZ_Np zVLCua$%XQT*ULP~Tv~|r;$=*oH?c#mTN z@4+E*^Bq>qQ&z>$K2E9_+NVerLyPIkEmSOSaUDb!(aYmQwClM2U0M$~=4nl>x|fu3 zeIQP3`*FJ2IQb0l3@}KXc2=#9Y9~4d3F*Ed;@D3IK-lAl$4$|PWJetCFYxD%`No`M zpqaERImQS@Lcr*G(%3mc>neR6hM_iVTFC**uY#M2|IRlkpuP3k<>PTC7Xk;w405ZYp_FHb)8B8_Jud_5n0yCbIe(*Ge!O=im4eLA&8dC%DlC{`P z%-9cokb0XQxYsYBzZ-E*)cxfRL=Dggp>$ z<75wFU4c1fKPZ}w1>rV3L7~M3UqW(@c{!Px0be2q_VqIsra(na>H|2 z4pYO~ZQ0EH?5OYkiTSJ3U}r%|KnkNFE1;7e*hp0Gr;k=Y8qc|1_p*(e+o z&Pf7T$uzT)@Ds?86KI`a2{E#QmdPo}943MrOpWK&kKw9FGP&vtBe6UD5kb6-N(7~4 z-NQtV|8W>+AcWOzM!AFVFFQr)5vO>}DcSUK&c1RU zjuv_VaHHXnb&wnuTmA3)#aGW$Ar068p20;RV~dN82w-hUuii{^O^$??p(HB|^*9s5 zgNU>28H#QVN45-Bthc&Gr?+~1o$Yz+VSA>~=8bNB^G(V0+C6uMM}}%P@5IcQGcdVh zdn_@oZVG^l9_#Q%3OwO;xJdbO4RNLwIk2l(Tga~`0fwcfqY>1R5{$sKmtgXWb9jPb z!u~`WIBiy>anpW<)x$P1o;**MKfi!sM*AdT?tC7fiS{M+ZrXMn5zTC`lG%G^5th}bpmy}fMl~q^czwd zTqjX(9wk5<+f(qx#y&>H=No@b=?OBAs|HX@3L;4ScU%Ya?YG>xH~L}TyAl)Q!+|^M z`_}S;Yr%WSE8RNrCElQT_lmvehFdxsTUTacJEf3dED>=Jp4YUH6cb=orV$I$O2aaI zlOaqODH#?D8)6C|6KypCh(p#J(6X(B_Hi08v`lk~_IX;|XfLVzF%>*E?tdHYUpD#( zn~IOMkr=kw(?NbQ$N~C6(inoYxPt?@E(jbq5|yG9j~G*gcuefliBggx6#Dz2dN7}}CME(day(#BZv}5-~ulw%6_}unXoqOoEF?I3A8K-z*VnY33 zY-Fex!9L?#d>RMQFILxnBz{TdaX?)H`5LULsJKmq6BnJJkvr31V7{|lqmWKDh7$%_ zUR-BY0Je;0xI9FVDYkZ?QP3IDH!wt)35p{zaDqWLv}}Oz1ypJZPhL`Q!C*KMw;pgwXI%=ric^C@P!03=X&Xu}0&T1aM8O@IfH!4ooS&6c<>j2hxp?12NF z#D%CBjS-tWj3EAQw1CI)yTb%SvaUfSv&1$oEXi0#JX+*EL@F1J*Wz<^NSobVPB-*JU9{`%@gDp>1Uv3MI}H`}Pd0b?>rrP+hLB)V*WPV6A)zYvrq~?MKaCH3D+ zik+8&AEBf`8hPziFZMz78jDRl0UpXHz$k-v+KB>^UZ(vMEyEgUKTk^$EiXm1T;G9? z)jkZ6-D9L*VWeRMn-w1DSKu7QIN?_qO;N-O;Qka4eW1*6aE6UjT#fb()sIX3C|73+ zAYI8bW12QjhfX4oT^lr7VHh-8V@>zkvvq0r%DIMsL#q{gq7%*aMd`L1#GSUdKK>Vd zp!Dj$n$l~_;++q_E3Mbs+v2w|R#b-%^+^P$@ah@Cu8Ar1!SiI!plz%tHs5i~06QVe z+|_tO0jykK3k0&5;B~ctMhNc7xubcQ{chz_IGoDT2<4S6@?m(VwEu>9!e7RukxAEM@=5+x2zO#U=unvsN)I%q+fZKwG}wMAYpcc9(;t1#gJc?Q=r0(tE>yCBDAL?e+6 zWKcgL<6(B45Ni9y$23kTnhTJvU&maq3-_qwHh6AzP`fpsv?$#B0E#v^4MvNxSzGTe z(*r1+;V|`$>ZbyHV$_9%pvBt0l!6yErxpVrQdr8uHhb-~8m^ zmZ6eX_gwkP`bahO<-fxi*@X|NqjoZG>OXpwe>9cg5(UX=)qXVRnwiWdhZP;I*UQpL zJM)g2W{e=%TIU|4xN@$m({K=Sk6uJE@-`G971h-(2)}X$pe#?JJWYyg@RNPSkLMt{h{A+WAzXN7CjEj+kA}TU#N!QnLG~Ub zH)p0uH4ZhI6KwMwi#U(P<6ggSi7J2u#{#TlwYWO5S`Zei)nr(A9j9Eu@>mC#285)9LxCwLhciga1DMGu)nBeQ53PH@H4A@8;f~ln0Q{KPbFG z*|{u-tF+W0hS74|2wH~fI&of&!B|1nLOjs6?jcX0CrIbWZ%Pp+1nRLEo+TL256QGW z9*eC;dzDDEw>O$v?&{JP*(=JFIi;dfDwe?JP~23=u2dqym0ob5TS}FM;!NAjRi05T zC83#+(1@MXT*%a|V8Y=gSKM?L2AmE>bR69dN*_G6{V?6Dk&4KURz zjVy`(x!4eUd0{I>-Jii`^1f0zXle2^CCczgFK&U#q z&mB5nRFpm++L9l?XK&S)=?sgBv0JA~!+B46*L}05j{X5pG`}#}XX`sKk{P)Dmv8Rb z8(4e0?|_<3mXh81F!tC37Tczqe__6Tq~wWpm_2;eJ z@#Mgjh#l8zKu{1lR~uJoqG_lVB~*CXW8@`Y68Z9JVsQ%%lN^;KMnI;(=h0qLNAYtU zP88)F9n3?mGU%84BJud3bvZxoUls<%!7*V)$hb06CbOjvqza>37OJO&TCyh95TI)~ z)kiTom(NjD4#WU0d5+6jq*NJgR-Ann4kS9iPEXS^8yZisi69LlrVV)EU8aZz)i-7c zvjg%BxtQyWSaKtku)k|X593}GYYRQf&d4;~~J`gNcBftRWZUj{%8D~5kJ zFll)n`_E?4u*$*W{WM20vHEDX_{bP=`2vVdG7%ZAodg_yHbZ9YtH7k?&E^BRQlY&j z4SvLAN=YVD$y9%SIUI}C^mdzV)oM|!7OMs7p>vh)588;?vn=Qz)jzJ6^~0SV9jmpf zQmfX4s#qQBD6jPQEYzl}Go3T(nbb_inKbDHn`6deK53t^&IL3QXxigPUL=#9|5$Zt zR2L_I<_03Yh7y3u8HAS8-5_7Q$|U4OIYj1a+9O4kYEhBwdBXn0dzE&ozFGM}q$)kp zKAdwI4IQjwZr0n)zI-$}gqTL7UZcn>~P13X3vJX_%&=;uW{`+iup$_ z4(8qnbV0xHUxosgB|mxiX1DzZx~7&X6zGH8( z zLS;JBsByFb&yzVYNFn2xgh+V`c9vg!T|?r7=R=4tqnoc6H>Mux?njU(5G1bo2Uw$R$oCKLd~(P3Ut4(Y2Qx3@{s-#wA}X9v zC&M9o5NQ}5yW+8X?1-^lHQ5yer=lXDKzUnQ)z`=IHoIMj+3j&tbT)V*G6Pn+X|mvT zC&0r?%v@g5vQj)sX zq4oBUO=s_LooYXGX6xa<{^aK6>nE1pLBsZ2k2FV6rBDigF?|<;Lk11I>JRS3sTdY`W)myOLIM^BDQ1O~$0drS# zCflq&zf)E`ey3MwHU%t3uP%T>n-*CKIQ`C5O8{s^z=8ZR*{k!eqB4l0$hwdpTxuZf zAs!m%jLmL2>6n4ff+Lg~Syx!spc2!1g=8>86zCPFlllX-q|i<0*Oxm*iF9)%m8RPd zap{F_aj3K{d~^9oU!X%FnVN8R27dF7Hy=78ZtuRXH1g0$<@)Ny$11m0&xy8w)%xUD zVQb!t`QQ}3p!!?Tsy5nUnTwtLd9>Qm@@hwWNgd>v8-tOf(2a^@)EOl=qO_?ZB5|~s zD2m(VSTZkRE{r*aCB3|4Z05pTK2O2ompNLrUiS}oh`0v86ZMsi*!AZ9=E#4BO$4MC z;3&$-(u4JanQQW=zT*}D*t_~5mub|tXzbM(>knb9zk#u?3BRFQW2Do^NO;3#^`zQ^ zqewIy^AUl9+XH$@kH_s3YSm5eljpZe8rBd`HG3Hl$niDYrM|l=Z%!R>qX8XF}4xdnwaKElqGfW6lxhbBwCz#Gn&E za8NcXt)52e5FIo1xE#b;k#inyU>ypi_6iiq;g6u?GfLzU2X-iw6cX;Z*Mr?8Z8F=B>Qmt{zsGwl5pf+8 z;&DreefjLsVC5BedG7Kv=dYaq9%18HVXjw^#nTEB(yislSf-ocqO}3?#50vMVrNl+ zEh7%MZ_YZk!nK)Fd?ub8^iaji5%)+WKJz1eq}UVJs@JC5+D-RAAX$v!!7H<<3~ZH< z(yeiQcVXNU!Wq@?A+wSTUVFIsxQBe}jD+KkNs}aF7UTXV%EwX{KtI%5%my=&08!an zQGzXtg<|rWjHwW~DLJOcABZjsUYA$$qN1vFDsc))@_zVA>}Jq&PMd-M5--rYriigW zcmCYvE9WW8aIwj?jBtkY=%B__SRZ?h%dEi|-XNFfKGO)V#mGc3TC{J5le=bZ5Bn$l z<6~eCU(Cz8a6-J{2HB?nXYhyXtdAcN^wGNI0?TB6FOA z=BX>ta$!XncyFkK=qs?I1Jc1x3e(4V)D)?6lAdNx(qJGA5)eC3I_Mpg-yazBkJ-ko z^+*o({^Q;`xw6&mzn%(PhhMY=f1g6P+90|mC|Qh{6X~?=wmWULL*3?0Q<*8>Ud#pY zTeSFh?Jv~+^AED|YOl?-hQjD|F18wRvq8_pEean6hsO=T#Hy$<4Ro?c+dI2)bEF}Y zWuTIIE0HH_6WO>u7l@}V60pcma=_Ic6&`Z7MrXwFM<|kc=;8e zyo^>|B<={Jk2wG8dDqJzRBFUnGq|LdOmE;3^C$94wP5J(b!qB0ytYK`*VxHAoQsQG>yVXvI z_z}yf_&N2iogI<>UH#DmRZqr!-GR7ukKW-hQxVZhyRmPJlJT2uaa$z#Uvpb_RtoJZ z?_rW~J@~D@1T3l>n&{`x2r9gF4)kq5VdwqS)qo^96p0{8#+4YObfABe6z~)x(gH#g z)ea}bv&TEQynrRYHJe(_we{#t%cXc^JeMu?oQmu9{w*t=3!W9PeZ|jdSm;^8cd+}P zhj{8jid@(0&%tzqjs5burh0?UB-S#b+t3KfniaE#G!of*AHrfLkXKK5AKB8t)xR`# z=Ys>1HQrnH7IQI!Nx5dId!{QW4GvpPlajUH-aT{OKyh=`ju}ua^Q>IDkAwfqW?f zUQ^WFVG<2t($vDV1j6JE4l!I8q{V_Ip%LHkTF@302lmp!A~2BFgt`@P8rXEyl1wB{ z*OQkX34SFg1!KWj#%|eCzOTLQzRrGH6`A2gJQl!OXfF#(xdAMUu4HVotG+IXObF}Z z^>g47(vm5$G%kWwg_i{<5H#JfSKb}i)i&3kwon>^_TRZw($y`Q;(_wDH~;)=#cs2R zzy6fxp&NhdYN54q7q68*F#Ei=x`{@nmmmmgAFw zwnC-!a#V2)|G50; z^26W}eig46QN?)jl&chbCoYz}7aq-(Vrgy8p-exzM1T*6*O*WSGM`Yv3n z-=$p(!AAc5KgB*>5&m_xozg5zv_E60sb$4AM}Q8%cZ8*3jDzI#sRvhJ!Fu_S3ix6r zYE^Uqd0tX$ID=AIaQBc3*hXP3ZOlZ~7A?X}3{M)84*mBC`w?X;4B%^_5kHUE4j7@r z0KP^@I`!X0Xkce1j_n!in&8q@D%nvSZ5vIG#v}I&LLxPq97~M3k6G%On^?V9z6U)K zvbUiUGU9L%QGYZQXkkBxfF(wdTEsEUk~p$pA(UGaI-B^VMo{9A#pU+xn^MJH$96kn z7N6eb=-D%rEDeu`ta;PS;uDK=l^d_y75!jp=Yd7>At~Csqi5uSBdREY`K^8WaBtsm z+$f1_{~7U}f0*6BZ$6UTzLSQT{F~BY=#y>2kIx7>^aD98!_>3vndJOUKckQ|HaLw1 zrmap=qDZMi`yj12K1N@oWw#g~V<=$5BjyDGHT9?#jL})ni*UP8X92H1PD75CV_(oB z=L;XBPqsZEm`XGT7zK^+JC!WPBd0QYy}gYKwj^f~Gu{>ZF0NXm;a;SrUwILVs3t7o z5Qmxe>Z@>^qo-X^J2v(`bw9-x!49sEz*RY-9L^#g_79J5OYPp496da$Wr>#5cK>X@ zJ8h;=%--zm#3n^D`3E*{3c7BY>%MhQA7zSWhvwQQCL{@g02jhrhWfmke(HyB;;%99 zW5N&Atr1euf}~9a$WQ5@TBV@@^hk(2R3Ub8hN?FBoI-6#L7W5G)M>j*fpd`J!d-T| zKZc%uiuw@kSv5dIV!YFGzeSQPg3W3@Egc*(3wg0o5|ug(VXSmJr{$@=7d}} z4$p_ft2n&gyu*>t7994I+3C19m_hVYaHnm?pwFGOa##xiMo{ku(FcH3pjOo>-Z7OL z0X;3UUZWI}`Hq?5x&TBR|EFYWQWq)pCi09aq_H~pMfm9blrjW_BYPKk5i^UwdDquTo zFrGw*gq#+^BIx}q&Ru2z;aA6KYeYC?SAcE%XWkub_h!uXRTTZtG;7q|e-$6U7DsdC zt(Lpg?hX89JWf90%j#jT32WR$>L!wt=@|}v5<{WNeM?-G1jQc9NH%vRmWRNC z8*;E^!8YQXx}{rpuP@b>IH$wwYqT}mN!v&E^H>Iid(|-?89Vj3x>d5Tt-z@%st$2= zt9qTHM+92XcG7w>zy(E(s3%Bqbu@SgcJjE1eh!JWEq7A~a2sF(7UIhrr)D$S3GgjT zAh};WwH``#`>vLis14fMM9Zqfpozjd2Kn$AAqd@b79(b(WMdm6i=qjGhhKVHK!Q#Z z3B^&J9Ft?Q)A587PbA`Lx5s}Ji03i0*(*y+qChG_d^9%d9rZLK%Za-LLj*XQV1hjGg0}YRvV|%Fq3&Z7h1DP>GJAnhXT;?L>fUy9B9*ocEmT49*?FjD*)*2f<^!Iz zct*55{q7JVK?k_kb^P$p)DMK{9?cZ>YNqHDGr>p_DNhnvM-pxSQX8e8Nn|5Q1GrEk z&0C@f2WbG(S7dSf6-sxPVh=@IuvhQ0B^pM4QZ%AOBT*sZLTtVaX#A|2bb6;E3HhXS zQi!1liq5~{vKx)g=nSznQ`DgbG0{H5;Np1(@f-Eu34LwBnyvuVUTn;1-jDEr!hGmK z6hYC7(rpA8Gvd&`fysoUUYo83WW0aJV;3K2RHti#j91>GepA6qxP-mCM;y?qmZO() zbxjEEo2)-&sB_ZnZKo-dbfLo#F~Vh*aO>>iK#Pm@;>Mv2EWLfnb!rgC3zrEsikEIXPRHJY5EI2FSLT}qwAk~<#zUnem@L3Cmv zUVZ^CQLW-B*Ezi(!Ug0fy$BqqHJZCVETTh?TBiDfLE2F0 z6o*aSq0b{bUDbi1fvR(d4!fM&p)W1u4+VSs`@`4UP@ck+-M4>tYSGmh+qW*M;$2eG zKe^}Hz0-l<^xkXtO!yyK`-fjT@U7o|a<=_L%g1~BjxXQW{+YG!|8kSE?@`f-F&&0( z@z>agdcK3PWo7edOSl)8OU_lF5#lLR8C2Og94#Fcwn|N7a62>dLv?sVYxs% zfkTRi@l931^=6P6anagCi2D?hDW3m#;)S~-4@RWJs5syc=Y76>ezj0i3MD)cexcBc zoK-%eNbLaUJ4>Bh#1@dr2Q6Zi%h*;Gp;~hG!K3Ev?JLYg!Y7k?E?Vm>2{w=3Qmx7; z*ScQ57Hdfh#vrFy-N#K@UVSVVxps#(u9RSgxWT%_C0hmwPVjxNk9Ug-q>Zfj&eF9F zS^RI8u(dfnmYpp^dg0$JXWMbdy+`|7WcY^4w!A0dVF7DZ7V;_z1`DS}NrBT%)PuTe zRBZT*QL;;`PK!!PkhtGi{Q4r^L$)kffuygH-3#U$wtK-6%XY7HE}WID3z9z2w0o&m z!XAn0T5QF&s1c5mrm%XYTe^lU-UZ3oNmtfC^ULyw8=omG3tz`)a&@FAr3q9Os%(RK|(!>w|Cq zFXf0R-8a3Cq`hU~8;$$Ep+gn?3$lA)UUIkNNdz<)U zs+B7})fhu4sW;*`yvD!bl<-`A4Da=M1>h{ALL50%6?@B~lmeQBRfwZ62^UY@Vt*Y?T?3cpC^{&~?{UcWEq z9q0K^X{9s|{vzx`+`;pIm)3Xt>hs{nbdO|Nkd5v0k}-MJ zchFn}>msE&()%@j?FecjeQPyOzQ7d8bZ9f!moIU82yM_D+liz!j^YiQvs3wUNd+lE&sr^#` z?Ne6KEVtVm73`>v-2#|eQjVyjd$V{vSQ-E<(7l=DM{|s*|60dLC*NBc!5HZp--#v0nyp*nR~5d&Be8{`4i zc>H^s2eMuJ4u}$-oqO6gh20C14XfKmP-I;Wrr-Xt^gUi9f63o*N?59|k(=7`rsRU? zrys;?q+XYZ*2qEr>{AJCjeInp<+?;Ux)Ob(eI~7a?K7A8Gx=BCTo}ZMO8(ls=%>pY z@}mCPv_`bgUPb^vzvH91etbBPMo1Vce6-RYQZrakf^3#evdMJ1ZZ29(OIqHQfKXdeW}FH-3>4EAtWR`nIcb1tE;AKe zj?!SLM2##)D8Tj!aRq#g5ALMs9SXFCc!2&l{q|kVBhxMXWVM?#JGkX|rL&)oqL1hV z%LbMj`2A=v5%|f+(9-xA`Z{C^O}IcXKREa3NZ*vWn=HH`Mpw6HFu^OeB#^ zq(Cx)rRP{=J<|@6DWPXrdH~mScd;=b)Dpo^aoONnPV@#>9tepcYgYEHL>Fr9T{7H( zFTC;`*YaReMpPt)m%@dd*mF&*A7ixfPhU5aAXOSZzYXk*>r9PEK<{=$9Q&_Lc8{hb zof)s)A8|IR7c>2n8Ko`dt95uP?K#W9J`igTkCcbXQL7om{XUo9p|2A!R)&iao6+S@ zf};_6cG6#v?AiVHPvl?ZdHFxIdD+;*b@DxhL4A5bXQ<7~hSv2}ul-B&(psO(6oiKr zrju{V_PG?us}9JkbYo^hJ)*r%_c8d+ort8!2)$zWs)alWFuV{biYHa-{3>;RCs|*b z^NAqFJk3xuo*Oeq3D4B9BtG23&xIDZT#`P#brT8 zH7dT;m3}(X=FYR2I9FwoV0&7xWkHwXTky!N|uJpODUt54T-2Thkubp2_r$ z#glE?<5#y!iGfp(e!O2&uFP)!%oiT%yYk1Rw$mIM7InG-aX0kcdwG3d_x3+Z_e#&w z`PCuv{4yIOstI89cxUG<5sVn6jd1zJI0x3yTE3h$G@JxWr+H=eo+)kh56KJNmZf9d^eS*CAWjeg98fYv&yPn>WqpEj>3@tK((G z=^Sw#b|qssi;s;v+5-!UdEQ_(>chp}NU#zdH+wBpa}x#!eTR?lM0B zz6jm*dI%4X*ZBarp8|eKal7m`pAE>kWL3cV3p!-01OVAKrbmRW*W+{urle`XB!lqY z;qaJrI>9>TTTkpjuXf^Z(G5Oq`VR}|Rj@Re}k%@co z@4H{<8`*jf{+)%UEeW5)!;|PIBQjgIsu`=r2(1^aCUv@IyV-<*aY9v1PgwK>wEJ|}$}yzNEd+p4udu0w{tC;;&^!P{6m>qqlvuJYnL{Q$h9T_4!U>1ME;)X`J#x%7O1ZoQRly%m zo+{#4q{RTL2#gHhoEEzeCm`{5&?80$boWG{$=Oe=W8+Ra8j*wfIlB?jxy|xy*HnhvVE4a(EYrb?{;qDJ~AADeTOYoU&*)&qC?H@1r3*Apm-gevM zk!|9v#kg;7>V~245%Jryxb~K-u(cI@00lYJ20=Tf=Bou)kxJG?C`X6J{@`7DdZIGTWSS6 zoQ|v@gVp-9%ci)1W+D{tw9}>_pWbFuyf#jn2lc6yg7lfb+f%P9vz~%bf7XDNz;@YB zMP+25N{G$3bl!Q_ZSB`PLqWgo$?B&Mi#J%K*L?SPpBO>eoA2ByO-}sy%o0p%lK*rs zkMg|&-@tJO$G^eH!_C*hD}Z}1;|=Szuw+P^g78PJ{6-wE1p)q+O2~JZlmh03geZa3 zpJMBtIz2 zlosxd9W@uRGTMZtDv$yEC4s`Bi;i{@vh4DLP+qUo7dOIG)6AR*_sj(Z!c7JVo7qwK|>dJ$ow;mt8 z=7{#F_4$UF5gG&V=b?`~c)rv8yB+gM5q^od99T(4gz8(QM02Dnx`~cC0n$uLxS6_G zAni$@XEwOPJOaQ}k6<+zPU{6lFX)q4NvLl}1!iocg5El67}K*z@KDAX0i2=E#dn!u z>tWjD{U=IWnrWH5BtBQ#w{Lg;_Wt)CInsB1qt=o%HgxJUU!1%3_kR6LGd$gXM-1bh zRZJfE0&tJj#=Md(d|cysmBu}P9QRDMH?2ay8bR!>UXbl3Y&$xm&Aeo_ih86fh;_yk z8d(xu*f+3q(1ItuOH3j9o(2;Cr2Ez;74h3weqDS)S?l?fctlzIf^@^~D_`C%er7lS zhI(B${3hTl^|kQN^qZs~Hjlr^>%N=EC6C|uRs6<)@WdIxgQ<)e&dMxRq4xXiwh)fa zGKl>F$8m>r*db0h_BteFo`41KtQv>HbKEW7>lSZti+fRzNU!2dS%0nm<47Asb{qUW zbcrI~qlh;v;vOK`LLew8OL{lzsaYII+92;GX{6+!eYJ}@v&!cd%i5D?`2^j*PaYb7bbscLcGPhR+>pn&CF)XduIk5 zLpz5bni@Mky%YWNtGI9EgQB1MxnI79<7UntUO$GhJt+MJ`t7gybs!GXdA@!#_ZzO4 z??b<(gukKqdtT5;L}1}a2?-<|(Y~o#uL_QXbD~Z&LAklSruud+$z)$)p_0An)`v7e+wsMu>}aYD`&jFA0f+ zDQpOsb>8F{yK&%haf>DV|*wsa-u zx}yA2w4>*yPfO?GTMmwFzU}%wxt&{c2X4N-fA6m0L-%dkaeIF2&dl9oyFT}Ut(fBM zYnVp9aTqe~_tkKgx-m=L7^Y`odgdd|t&_SRx7|U#ihD(Si7PLcn76VR1S{hl>4EAb znY|#Jf?iH8WrjL3+3adqz-$+UaO$`!)9xqB^WnR~Qn;)AxThAL&K6cOf<3ShvDkMS zR*V$mJaXWfAFR)Hpkku->bLk%hkUE-im;`Kq;kAe^R}g_o0S%ROlC-XM|pDE+Vq^HMO5i z%1#qzQYRrl9i$}Wsc+LXA=5PJ(`5Lh=rBdTz!Z7sc>$p3(Q+m+9TPV!0113lnD$Bz zgY@F9eS|A@&~BQi0Z7vzjp0b4=~*sikDHQq(Ox@V)vE}29E|z={r!y!r~`pn|E$SW zTImmByA%>Dp4f`dv$JPKn5VHo3@inllh`KCV1f}EOy+}woZ1c3=gK?kF*N2iwc6Y^ zfX=lMeMc2hYH|zBzAU zb0OKe6aFp8pocMDgYX4Mh4)e&$hSz2LvXXmVO0+uN2(rILd6rHl^7Vyacf*S9u2s> z#})nYKrA|~%z9__zu?+Qlt~<(NFim6wOoFc6RJ6AomIWtT7MxIn z8-9^XT(R9upJ^cI!@$}h!(_x7;7oR~=WtRE zB*`_2gU1zTc1>oUbOMciz@FAIKZR*|Oi0PoNfaxUU>dj^94pIZ^S8_w?n9 z6SasnREPq+^MAYl@WPNc(qEj~6SYsFRFTQxiu%%J#a|noC=J}XuP@#={Yc;Tn6o;% zPz|)+Uo4&lyG(N z^2;P#pcP&{Wa|P(tXCo>JTfkA2C$()lUHF|+8!!CxDT=Qqp47>fJFQxc=6`Koq2!% z(8x}Q$#-BpH943a+U!Z@)c3%v9hx;G7d9PM0(RZBH3-JzRK$$L7F)cxSlj2Z6cZg| zCCGmfzQ-{MK_7^ue@*ojsWaPX)wIzZPttw}J%$M&&@#CcS|*o*KEpIc*h5*VLd35=U3ee@3AG#R%0>PG7p<`Pax8N^+-@~4kS1g#xXh@c-;EZ}akFZA6vSvk znOKZegxYNnoKW*(K5vPYt;Um<9e^6nxn3Zx@G>YME&w}3&@?)g^0h9227;Ey#$|!k zpaVjfGCK6s(Yy%AcR*A@;10SeH88vTJ#ByK5%;@uh}uyL)@VmI)e*Co%j0IB*WO<1 z+?2L`uXg=`Jv$~7J7yviJNI9EZ8=hiC}y(~&4tr@(>aqrn(_t%R%@ya!gIbDUG z5)vLeBbd-dn7~NPVFA^Wpu+$zffed7NeLvp+8v7B?yxU74#9}=9=Alk8~I^G5|9=w ziHamj&me{^Y!3{LoX7XbpHKU)%ivk$vQ_C zbC57;lEL_m#SeAdUaE|?c}<2p7jLZ-WD$2rs63nvbcff5#owy)V8Lp<@9j6GyCBB{ zz-YRKKRhFpwJA|khAGk>>pZTy7u=G&mp+@e2DB*5jjPIWC}{tOwl@!uvbysApQU=Q>Z7I2P?|L{qETZ+6cyP) zKnaSpfQp(JsrPfvQ{6O;nfd+kdt><4?fabP+gxXfwiP`s7ejMuXMLe5 z*p-*pP?BbSqiX81`l3*_{Gm4T#_%U*5$(WhEDd$CnOR(f{DMrsxG8(2*W7N;@lhhHC^n5LpnR zn~(t%dpGw+#pRZyOb^9HPwm;2T9%xf6WwKXw&ql2nvBUAdrqel=N@{-o`2E2vIE3C zh#nLeAB21b;?fn=;&c>9zs`E1T4OaMRIZwdd`%&iR87upKG|TFbekONEl9TI zOTuco`PGFAe%a7K>3w=i+K_o%4#5Dj&)&fO*&-^zua3a@eOtfq>n*ax3|V^9sa2Sk z#z(xSW=~}e_dcC4NaKP-ms_tGy)!Nfb-{0xL*lYL;mpq9KFVY)CPf!+1<)YTqKjKO zP3c~vV>m+~oh{$RmMeRmSsQa!v^%*VD>2vYN(>}V=yV4PqLx^0Z^`(U(WzJGOqjXA za#xP8N^?a`i*ij0ZMpEo9m`%^(e#DuztlSI2e*G)WG(*r5|Op>W0gIJtmUpA{$8lE zzZ&~}6|x^|rffA59j}8Cq>lI1-XMThkzX7VY8KNhhnHkz#IG9g;^DuvOa4B}w>YRe zvB|l$7;I(%SYd*JU-rHGGdObW+*V2y)4@7P#;>xI-%yG)a!G7#$LLzVKAEw~8*1Uf zW^&WAYE)@dBpkJ>pc4;DMyRydY+2!q&#p>N3XK{y_KuDzqZ{t5qEfJH&UZh!dQsK| zb)>qx4!?+F?($W`&+lWUQOhM^pJ()CSgIb9Gvq?|Bb_hZu(`Hu-oy%bZcU)DHqRUB z1V)dpX)E^RHFlL3RaZ_~Qah%DPnFh<%5Sa88Q(G?+5Ee-$_Z83#hL!k=@RnG8w;zZ zwN`k%?Nx0H+w%O;IHbv=T1slGXG$GM_Ww|)>>rZ8gF5b^?Z+64L(NyUA>O<9h;M{ytLV241Tpj(m$zep{oL!7l!nZqt* z6$Rs8XddnP(g8k1Y5vsQrXQjt50;UF-pRd^Da=l<*=iJ0M>6B4-!hjrEaMKACw1I` zUDtk1=SSr;WO3r24VrP3=j~8}?nH7v83DC^^eA_gZM~jrT5vC-Vi%QQL zpHbKIcix)LnN_tDDpPZ==-Zf7m)|tCI;EnyeNwVJ(f^`(rej`1Mo!%or5(3@ar{?2 z-kKRpM>ma`RBz3WDwS}vG>Nmg3f@1+4 zAw{VsoCRsI;Vm!B6Gn_ZEgmv(1xYMlGdD6T7)7WJacWV-53Kvp{S;O@&Tch=l$s)_jlyQ>FNNnYd@@1_`G|EP;iY?8*gWH>?q~00jxF4dqObES5 z_j0l07!>ivUp@OShXIf|YkqllRAg;07_m-PMWE}3iSw^2oAvc+W>nH`aS74Zh4Yo; zE4iZ59hY4Xm&z%pxcIpE`}iP9W}MIV z-Vx6wz+6uw`*}p4Xr#EFM|y@`?ZcIVtoSo#rHD*-4W4swZZ3+(>5!q0`7bQKca4pS zYWrcbc}Mbpg<=Y`(n?}oQ869OSykz0XU@Fv*W8@Ej2K(;-537IT1>ukj33Ik1dzX; z%%VYQFQg3&JH;<9HKs@pFxfttd+<7vCyZi*Stj7YYe=*V(& z`?P1M;_w6_lOj7?YKCqoid>-`u|HyfIAZ6lU*SIKrA0bL#2;32LQd0yi8bR(lM=bc zFWOr&x~R4&Ght%S;flHAN;4|j0~M`i{731Xxy21hB^{L}`}&w>rX5VS-si4{Si^6W znnj^NP(0|M49iNyb1IQgk@(DoG7(oO3OdZk()oR?i~eF2cG~XiD5FRvia%F7EFt3v6s(yjFJxK)9&ylJ`9^4)j3?#!9(xzoNg3CkoGR1Waz z8JYJGFI|S!hXy;X%g1)Z+Kyb0HrD1ta_Pw&M;=^Nl)IuB=rIZXuhzI3OBxn*7F{Tp zP~(-IMP|yZN0PYkQtxf(p@w4 z=K0l+J?<(VGqr+XjrwD5j8>)kV{CdyKflQxV!7yNzG=$33tOL9Ij3LX(>_>pKcgA^ zC&cI%8|0UnC!aJqu0Pb3fTN*Xki3-vnO=*+u_i*|gE^;~#HE()6VWj#(cE|*?Lm|I zZlvMihFQ~XcxpW%&n$K)$gvS4ExM5FPd28eaUFJAYImBMmc1&eAfHQe(xxO%^GwTd zrN+37ygR(+9q!q3x@~YG@L8F9Lh+sXz@3Amg~8<*A|jVcwY2ErjL2%t;3#UaQcT;q zE=d<)ocSnSkI~^qvX%Aad0)zC>*@5?&bW~ZD8J#_=%|jKwy2m%?O(QHFLW;ZKYzaP zm(J@Zj{5cb*q%8lb!ivQr&OkmZM4koh?)Z45dO%PF?O4LU#}GdfUNL!wFlt$?a&oS zt44IYMr?YS+%A(Np&Xfo_(6`DEq^%E(qaMiSUD$}QDh;=6lYg=h)7jQ55p6Fwe2t_ zd0zhJSO2DMJ+EF(qSS7peo{jkrblM3ENQV$dyx@wgSHo{xJEh?{BRw%Fx#b*ocK+< zq|c)@44;;i&Lqh|*P$Hg*XAg&c-9BFaSGL5oZ3^|MTTntdp z^3Q-zc4c0ibR1d9TG>M%dlDz?;!aJjzfmJU)*7t$Je&z}$*L{Bx2Kbl)|i$~ckbf) zsaIy#gaT9Z##CgMl$SIVCr1@6DT+#n@#m&hjVW+PCnUyR8RJciOCPf|zPWsK?W|=@ zU+kTeH!5#Z_oDjR#_G_-^nd>6lnyR+%kb7somZURP*>^A_f(9zVpQ8Vmb8kW?d&mm zmOaP;)F;}0n{_>pe4*fp{>*faw#Zg%q3fYd?`EB^#3*IWDaL*~eEnd&Jyzo@M#h`J z(D=$r;@M+hzNKdgDhY9xAUrU*hxuF488&Bs3?Dm^T|@gmC2j6ZYEoWxRU^}0LVVC@ zH@-(UBe~Li{WtmDr|Gmi=@_>SrjwsM%EiuSS8liI@?Vk;oy--Ij=dE_cCn0dmS>9X zXRqoumC?yo=RD2w`q6$iU8l(r5ZPz0bGS_t-0)@!j9*PFl;H zn-qZ1O3YzbxDVpUUiDt+-?iP8$Km_VbB2)@N@Yh&kG^2DjeOWkyoC~wj*iJBKQbmm zS57uXFtwj zgAjRKnV$=}>B$?$cZKHLp?e3uPQD$+wx_9k81tcgt4&n?uach_`=lXzjkRXRw#Sb_ zk{yx)ai$rdS)Q@|cpG&gpDiO9J0!+JjF(P^CrFgREgkks)2PYX$?bVrgD11u64-2> z`Ij+wS^MuTc|`abADgGmU!qgC(Xi1L1H?>=nlgUX4d<5)2X1;q!!|A6sDULn*f>71 za{T32Iu}_FY|D5GF8^+gw?^4+gDY{3Z2Z)Mdo#?%8D>7a3NVaa_UgFItnAv1P{w^3 zc7~5rE3%s-pC_rSxmu^&yUuHSGqP7^Wrp0zU71O1+|g@{8*wpq4eY6?qabEYPu4(1 z&z_#T!*#5Eb3E7R=}FeZxD0u?$*XW!I7oS)XSO#jB{yigBY_#;YWRxvm8{gPpYvZ!W8#mUE(>FK+H!_V`_Dw@&SW8(og%#r) zm3{&AV=m3paQaO{^m8XE{gg}jJ2w8gK^yP7_rKZBB{u%a{`A6OHhv`CtM^3c9_r67 z9Y)728~enbH%eR&KC;z_HUi&5B-HIq#J?f&M&SP#MzpK{A=(-7GKhW3`lG~8k@$yr zOX8(Z+2O=Pf}FS(Q{q{Ku~ym9LQj^WU2DI8kH!}gf49WDHW5R*=}x+i-4&fuyX(5Q z(`nsbscToeJ3gW-Bk5jkbLf^eU7>Wt?Rc~5l*8{qdN8$L*Vj#e&@v{{LkZJ}jyQZp zryTlzHZLlDcY`ptj0w;WY6#^M`fF4_9Quc@iO~PBNjeJ4m;}9a7Q^^oF^qoWxCs3> z8pbQVoLn5npHqF-%hq$quM|ndxb6+l3~wdfuM@x1iD$qY<9ao`NaLwb`*!Lr$c;kh z5NWj3t3z*pEfRlRgVqbwd&OYA57D29 z#7F9VqtLH_{!z}I3H=5`Tk;+M`nmC&G+z9eK3nwUX-7|VMrzN5%lKzi|(f6;3&^IRuV=J-f zQa?)Q-_m+__&@Ykg#PO(;-FcHqo5!3Fe$gtKRb+mI?gFL|-aL>Wg(nBz}axSP7~xl_T|KM7*Ofjz5aNIR2>X-iVLzg@SVR zM{6T`Fp}=o1*$LB!oX;y8`LYIn=ADn;rHNDl{dabK|O?aOao_@hxrB$-;4D9NRj%n zt;t2g*p8{Y^o+C6-zxPV;s4OB5&G{2#DTVB8lfMik3xU-F#3%>5&9d8YL$NUrTiB% zPAbuQtIKulex&^qKh=q+=McLeY5&B3qV-m1oY8uF&}q-azY~c+I=nuKe_HFUPCaOP z@*(;cBk`!T*nMsPj$beBS^ag_y^h??nYlsr>#HL5Gm`FAyaBQM;|i;lPKFB7o*g=| z;|{+E=|{9ZOwO&Y>a>F|H(+Y$ON7s^1y z@^DsJ2P2X8=I|Ha(4pT*gHrzU@~f1-`f~n@wLLrZYbmGFFRLz8dirtCu=BnSfAI?) z`b|UhopnmzcqxCe^JBH1+Zmi+tY?XTS?jai_;^@-O8lo7%TT?E-QJ_^u-&+z z@lJbl#!*tAI*xMPYaHRJ_R#HJI*ytyHKo4VNZMD80}Ndi{lOx}@1M!X~S<)rfvHy=gb`C&)~ zf>z=z-jTuJ-+X7IadhyVZ-l1nJ2O5%9jP}bowde6-q9ZZ_8H@O$4tCN3NJeCl;a}p zCY6)YuI!zwv??f}rR%pFrGD+Lg_pE%;;(e##}BV}`fHa<>fPRIoFxbNbwmC2`AGaR zjUTet_DiA<&~MZDNc)EWzDWEt8t=4k(UZH-6Y|3d06+bXf7QB|`1>T@h2Aiaveo!U zjd#Xg3CIQR_<_&OckJ-QhB}5VR@&hFh(jmy6As-g^BlUbeC~XU@cW&^uhG%Q8IAS0 z#ir39LPlq>*AzFLW=g!LrzwHjcIS$>z+-!BVaw7a3e^U54bgwX}CH!Rm zM%=gI^EcPq!q4fypWE!vH75J%j?KiR2tV-)etdC0#`Vf3hpuNw=yX5A$Mr@+15lJ0#_G=w6xb z(2bm*adcVA>*)P+#%{DlBr~J4LsfaKa2#eIgr`IMit$>6_M4Z^$xwgSaOdC@_4h<8 zOI-JUomm{$&$wa1Fx;DMt8}K!9XRc2BrWp>m(aSqWte}Fc4+PZzRVpA(RxF1+{bgp z+zAe~-qGXm7MtVbgSmqd^i{JX+=u9g<_?UYGj}lJjfHb%5`p|67O`uR#?agWd1CHh z#2Zs)%Orxn5uqQN3xJ-vgAw$h>tqt)Z_zV%a2dT!A`H^Uhd;4@p?ylgk^P!&wCJa; zZ}XSrcjWU||Mk-6i^89{lCU*M_t9-KqQ_Fm`(lse{hN4h%X6JGC~;wl^tsq2c|Mo) zWo*H7<_=24FXGS%G`#dhiIVvpF{6I7I`jXmmv+b?;d)8z35kD%sZrk_CF21 zzb*1y#xh83qvp^4cYV&D0@o_^Yj6xaq=EL*zwzAZGoOw;zac!)cJvQBN%?+erqMSs zr=z}C+GZppypivz|HXUyzLB=s%o@iBcV@BC```O}XO4U? z;#ZNL`eH-xMRfAt`6&ybG#Vwb=3^=mK7+r@X(C;MOCxr%xYIX)P^*)Tn|^M>?fne!YUZJ3_g zs5LS~Poun|hY?@xqMi;6z8_^oo{Md~sHaB;-*@d-JLvds7xfgU1OC!Z-i$mKAMT=_ zKBdn^Pwx>ssJ`4qE&V#Q^1eL()sUT(T;kJ7JF|bF&&6k(Z4EemqZw^3i;Ts;*(g1z zGu%X~oT^Tn5N`dWNNsez$BKWm)$jF?^J39XeJ;Wr0#piH%;#Xe6vu0eRFOKAM%Ej`ye$LnqPsW-*L3&eXI{sqXk#Zwd z=q}+|J2%q%!c*qge_{Uszl^?=J(bIb?k4=&Xy?Z!p z#79G$>E8{{_snN&nSE>nk`=2L%JB|@f%6;+-Y2MWT%f?+>actc!}>4 zI^TO?yR3I~v`*nhKuBbXry=J?|SXK!G_e6LPrUmbkP^!zKF-?-D=+4XgDekaC^&nWSD-NE#xtg_lvYni{$ADiLL zDriov2o`%Z|2wQ}%zf5?k!su>N=VH}l{0k!CE2xs?+WOztnNiNAL!q#*y-PFR?xrM zs=%*vQw9M&!=ME0RpD2^IE+y}8cJf1LsD{llo3kK=rSJg#3WOK?T0v^QFHjv&JjD_ zoUJ)A#m<+8C=GXSn%C!5W_#>bvmh@uFD1bq8#l)qNXiScN!*UhE%c^kC5*=~ddl}^_2R^Tv}2}$o4QE?2=O& z{OS!@{9gPPdJY?P^10qa)*Ulf=a2IHq71eNTJb)%e~EVZc~G%>RE^<@^_AwVDM}Lw ze760__9HuGV?{;J?w+0KjI+$hnET@YE|o{Loc6betvl8a3!DFtQ=a9qo6LfovS4(p zol{s9BC^xfEN4FiJHs0e$_iadb8ghT4lmEB%5{I;GX`b1uVZkS}{4s;(C~r+>iI~*SXnlva zn>Bl+C4N?+A1Pux)8{q75!p5GysY7UA-O2dSCp2SnpsknV&8OGt9w5oJHeBgo}ZnR z9xTd=6CIPekH=Mqb&kYb#@-c~F}N;8mS~*i3h8HsZk_rKN@v{lghMxX#9Yce=#CAW zOL+!<&K?nGGmM>B{<(WwM!aXgbJ=^Jzb8iW^^=SFcm15MSMoohSe9s<<(Z-U+sm*O znt#_X$bV$-N~uuVi7XZ*av7tuprgZYkq=Wm=5h5IDhc5;gio`NNm95YHl6KK&Q>XB zPDN<#=eH;E*BL!P8AuP@HzzztU-p?h(w z-L@|}nlA~9`QQIk&2#K;`K+SnxyY?Z6+N8kA8g1REH~4oDVyo}RVA6pIqB)KY5p%s zQ|`>3T3lS5k)E6%lb-K?Ok1*LJjux)i*_veni$GXF7PIGeJSbNNp~gLzMsjB>Z1Oa zk7?zveG}95extV4<*e*M@UE;?W%eQi5 zS@9N8>NO)JmzCgsFsQWF5TDF{JHzOg#WPj?EkO(!So!D&gr~>w&UGirTMb{ zDNr57vTgj}yzxl7SDpM@x0g05oh;Q{ET@bCw4AP=(-1`-9ksHo<1Fb6(Wwn^=zak| zr<@ZTh0^wPQqKCpMW7)Y@ZU7ReQE>R$*+tXWG|znP@5WHE2FcG(Xjyzt&AI#mT|-F z5!!;3B&AIrZUgLF)dsXP5>bC(&<1eRxa_NRY(NaW9uf7XP8kn!=Z@?xsb{`L)|l8s za@oGL$s7JH!<2Iep+t|rYj9^;cBbw|OQA)kuJ&eR$riLMcXZMk!_5{nJVUgZkF^a{ z963y{L@)ohH=bc3F57ta^LAEnF57taUytTKM7|^Y=B#M@9SUL^hpdpf&Q2ibm5iwh zXnwl4oZWcaLvA^kWpfW98}evy_3Vlp^g2v2P1!%KdcaQjkLvHk*O~i>%y~1e*Ew$) z0m?iLv(uJYJiQ~f$(bM=q*tHOnfG?+)N4G@-!)z-Ma~Z2$ox2bb$8<#s7IUre`TQ@Pe$vN&n6{KfW6!wwlMEpfzlW*ydj znuFUkBmS3p;PJr2*6(j?{%6w4q<{M-?x^+~V?(8eUru&T_dDNr4`HVhqclctr(8XY z<3GuXiLqjgpJ}Nvxqfw^r{Y;Wyb2kY4!6Q|X6B8)y!6Cic4}@0pGNXqot}cgsHBS> z8Rd^>j(KRDjvvqdJgE&`WA{F0g?SFjxMK=d!<1^6xyC@;6HPblq3x76;3pJe2;G z&hzn?mfz_UC_n4Kl%Mt`>n_YKM#@iVBjrCIc^;WtjA+1X`dsAqQe^HC_m=ku%TKQm zd4FHz`7`=_Py;sUb1DB_Qon<9i;>cO5n6d)p5HfA|3h<&l>b(J?zE4MR%9+L(lX*V zS+T{rs^##QjSk8EkUI9%*02-iYFD@PXCy`GNe1YeNsIf+u#?ytrF(yn?r?uoZGnqM zCjA4m|JLsr%La`PL;rD|?;AdAeug>UWflcSl@yl9XXguc6qq}*&4TRg{*uC!l9Iy0 z!V+epVxzvE=1Vq{y@_SfF$-hN7!K2Uf+eLT**6DMqi>E$i75!y21CIg2k#3;?Ft?Z zS}zC9l|l2ipeYZm{Ghos_|@S0;P&9IVARz?)8L$-{xN?%aSGeJ6pw9P7j=c|6ED2y zH{JG}$qW7F?!0vwh31sJMo;_fW%b?)zC(0fa&2v;&u1=+Ne$+AHC1+X`9~LYRfkHG z&D7BJIVFKPGpV>Gn%nAhq17=`T990xKK*{-LQ;#@1=P5^VhXY4&^pla!2&0;Nd~uaI zxXXQPdOC;GH*(-zzAGswFy)fvv~-5N6q*^#4TXh?tQthx7zBM{jh9Q}Eu-U`QLg9-wKc^x+yhwgt&FB``K~a$eB#X--*I#F&92nc>YHm_{FhK% z@}1m?W4@CxNiItJ>^W^uKIe*sfzOz`kr~U~a∋LXPZ=oZ-EA1nlD6rFa+of2=9D z7Y&|)9d@$^|0Lw7}I zmt;3(Ps+YN`}^6^9WmKvTy$1RR#Vobtn0JBpG8a-G0ADkCCS$(yP}i0Vk_zTBv)pX zndvg8mTa5>w` zP#o{XG?`6}b@G?nliZbF7p!Zpv+F9hTrfgORinE`SC|DArdi>yu+Hh^c!aJZSkYWz zR|KKk02#lb4W*U*!YC|^g27;O&<^Ir7MO7bMK!5+r&@8TX4~DV|CJg}wR=;|CsGGe zKTEY2r<&7K&Fob3;nZ!Z*3GGAEbALqd}>^>*_P~ece?xBc1O4SZugV!Gj3O&+kDhL z;I{tWZBBQa32yUY_W`%n;=aLc#me6`u~)|;SF`P%So7}KCu6O=SaTrO{QFpQdaU_y z>;W#LiX9VcCB#Z4TGU~ER;H1@G~Mc$mA*3l$LVL&UB}YTrCX1un{(66l=KPd*2Z-6 zTj>v^TQTYB=~jHY;jQ&9_1YaPz3aV4y|&*w&TAd>nqTwY@3mas30`ZrH`HOS@tW6r z%@}X9*Gljj@wM?*$B*N;$6JN*<~hCNb6&jpR=l|}-kcO~rgPt?;cEF4C!wN!nOuA) zH8Zg*zo@ctOrump%jmYQWsPR2aaN;M*f_e;@->=fqj{|HT%+}P5aigyAcZ|^QgI98;hPTdcDYg0OL}Bn6E)> zF+(ADK}pxN%Egry8$F0HLTOw@^l;_2$`>l_%9V-9U6rADPgiCB7R%UNNB%~SE@>dV zp|-87A)=)Gt_)QbS9E=+;U62UFE^M=8q8@8X2VLpzStnT$ED;I#cfnp!UHop}kXOua*w~PjE5D%){!IBr90|Uzm?|^ADo@1mFp1{{O2!prhB9Ym zF3nt-d0%F9dM20an{C@Ok7inrWtvW`ZD#s23p2-Mx{hU<_h&wxX?-`-{92}YZKmnU z3}jBowAW-loB4X?iA+~h=A_K)GryndipdOSS_zp2(I%feZQm1Zu8cPSF4{a6ZC(*= zuF+U`^bP4hOSfXv&HD6wUyZNRcbm@@>oeQe`Of&P|MZ#NzPo*v$7lMsm`g+9@+s4O zOMEx_9`T*_MJ4#m9X|76-!`9>=_~Wy;Inx#ft9g*+ZwmeHt)9o%eFqV&G&3`y1m4< zeq);t+k8wZ)3&^Jx_rzj-kVXA(VcO1MqkF=8S64)+MdjKIpa)*{p$>~TjT7+jJ%BM z4EskJk7n%57|3u<&$uz;I~jIDMn#5oFyq|}>#mH4GhWEBr)1oaVU5W!%QDQ^43n!e zV$8AoW6XbwF;~Qx12N{b81vy6Gd9L_$6W6*V?1WP$2;Ee`}_smN#g2Q>Ho3+KL1g_ z%k+=)TgUw8{MP+`bFTkdzvc2z@LON-ukmm6KO1WGyVCtZzZLB_6a0qdv#fDPt+ST( zpk?xruW=UB=$te(@mqOhF15aD@xOJkW^6nz;?A$tUEOo_O;_J^)7SW4Z%I!YQ;C3k zz1$_$Lqx?*JGnxdYose8Zmj0_YjV9&-J!Y)fv>%^)46Y&w}*-%)I)y=UvlZYm@VNF zDWmd@kdh(CUDl^U4`*@&$Q$zO+v(&6*SbO@$X&(PC<{51!;!*)|C!EDZ;$gIA2s4q z#CpHkSeUB+2&YOo68|@!eJM9L_rf}};lhjjTbHZwbBX)4*?3_G|9+k8z?aSP3wti~ z3tBhl=6?1?oKKC*hxj##HmCouB=qB}!XGA@+?AEeS*~U#PrhK>!W_?ooWFR|c!hn~ z=eb(%=UZ7yILdM^6W8C36+dmU-tjzdi*v!q+{o_)@$+!t_+^epE_vvXyB#{@d#a=5 z(uV4Y1IVvl=);AfgZE=`nVGPUk{6=ng@KW=j2Nt zy#CA^e~tUuFUQedjh~n<;|~7)qiGwrGqUL8_gnnlV%)&|#`Qe8&Wtmz;$N?6KR$cb zwc~Q3m`VI}{*C9~B>ryWjZ(N(5-uj(z;7lKh$%de=N}?wGLdnM+$ZaNseLfeIk3}- z>3lI=t|{c>J%F{Py)DslQ$DrHNzbj85tCEIO}hyl}|$)lMi+=CdT`g(+6-%(KDzTz9f-MoemUQ+I>8 z%lFy!m%m&(ykwNr=jW5pQrIdYSPRBO~N3p5I!Qb#>$T zlxbf~i1Koyo$B}hG@}3iS&>HnKdn!z_Wy}M8J!zH`ou8PA6&}nLe(iF+UyU%&&cet z@Hz1D@F{S!hB3y3w}sy};*5ad2Ajjb0>=;^XS9U(fvr%+8SUXefUDV`5yz-M4t(D5 zfIEc7+GXT`yNyh6kB0Xu%|RoHnB(D{;G3+!##twnW`KQeaeSFI1^k$M3gWC!h0=~< zd>CiPhd%^mo;{A$WKyxQ&fxv}bdBO8itB`@y+LWV=v&XAMRE2{${241NH?A@uKpP; zSFBTPP;4eP-e^&5SDX+&%3OBRAZVM4F2xkZDMD{g)o{1GW#2E{>@|vO_30xTUa#SPrP-*sP59eS zC_b+oG*|YE8h#l}pk8Nzf$&FQiDJ28onnKcNFxDhc)?a93T)T#gz$TWC!qrg$V9?j z8lI}*8Jzb`Fy?5?JdIgGohBHo!|#GSBp&(jmbC*vA^|Cp2lONz+#@L>F^M^*C=yFR zPki88!U5^YyYGiT0Y3wC5#4H7c?d;VI)ktT!=_cY?p>(go7Q& zUWWub$w&iJG(JP}Z)a;viM~5Ucv2U_p<5(ie_PU}MkIcX;#$Q=6xS9#%=8stE{y-xVp8#KIyRNVGfq~x}L zqxf6J?edoWjMBUUPY+sj608dU7;NUL$7oY*S6oQBJjj$=wT#6YUZS`<{EXqTo|m`C zKOC&x;b*};;S=EA@LBL+_(kxz@Uc!PeoB3Ls7H8W83bd{WsfbI$}M|X7?0g8l=dur zdcSa{jszc3+z>uPxL;{DDsEQ%t@3$BX`a(}cPh_agnimlWN(I>FyC7TtHN8rIt@1{ zHu0_x2|NR~g#QG#VRL-g$-UqN?w|7+lN2W_b}3F(oTE5TaWUHEqrIE}cSwx6LHJ;? z1veT6plFnj-TQwueAX(Vv7VLGktexAE1m|WW%-cmS#S@v>_e(Tb5QbT9g#d+$IwzA z5+={qoBH%Etga7flNNd+^kw?5^_qm`;F-l5d%dLAp zdy2ekYe}gcq@iucr)|e)uhpm0c6|1F4fjha?2SsfS#rY8YvJ>R;*(1A6m{*h|DZ9? zE2^yQ7d5;SUG>>7Yj_tq@f*qH(@&4)1xv!Of#r&IiVcd=)A{M?PJ%7r^kYJdIhPDPES8u8O3KM8J;{9rRlkzSSjV=V;_A_qS$owCr<$tU$lKCzP$KCATS z6h9RHSV+N7BtP`6@u2iRe(inywk`R=HcAYi+X7?Q)9J@DK#y&d_$iW>_DX*0k+ket zQZ9O7@?)=2T&pyXXn4Jb`;~H|;wH%(i}4%5ZIUS!KFe=ErD=(6^xMxV zf9b{iwn|BRF+aVzaCk{+q(}4HyEMH~te(5Co!~(Dl%a%mXSPpiuXCVnaISo!k0!e7gd*Eb^ z>C*624NudjGs$xjzO7Ks(WmqD>FV%<#B9~Hc4+*5p)?<7*Ikmi0lSoB_S5SnnOlr; z;HN@q#S0(wgw(MEl!zWS0PYewUT zB(zAly^qyRqU{I4^O7G+de|h|{u|(5HRgh%^tMU1K|hj&UO|aQ33_RRN%XVi5M7d( zYz<2fn}kM5Ot;9;zE1LkeIU>FFEzYI!w+cqL6NZikcJ;t{FUM(O7m+CufwlMvLDm% zpj`EtbLj=}e0_H(1 zL%=*NJk67mTl2J(%R*N`FD)Wq`6b>;LstVipd zCC}D+_>V$*AA!vpZb7!ADCtSCliD9ePTm6#P?k}oRRP|@(-I?&QixZXk0P=cH#ra`e83s8b*?grZ^h3wjs@C4;KNpZ4bm*P~#Ig0ZXZ=`Q6L2j}S ze22uCuTi2B^Y!o{aF1|9h7xlCnUo;Cv)~~lQ-TclgU7J3CCD(=C_#pCpqCrFN|2R= zZ7oB4{O2Q$ccD0OsK3 z2C0h!^bJ0^l_LKHu!TRxdgLijzl-!rt?z00 ze%ekcvOR8;p-U%0KW(av>vGS5f$-~K6`o8Pv$XMG3z}Spwj_ZQNU@A^2~Jk*Qk<$d z8)=l$E6LNj8lI=&`5L~G)XQkCLeqmh%kWp91a}AxWj_P%K~Kt%zz5(y#RFKdGRl4m z6#XePPfD&RJKQV}k}0F?b3nhuBLRue6K+;MnowpHNm`cZNtrbsjViNlK?BQF-^!2= zsUsg!wC>liw9RsK;5;a;uN?kk!CRpzM{Z~N5c>fnTtR#*m_v${8dIq;l^Rop3W0ku2_ZcSJR>;ra`fZ zwopwSC4ys=PYZ3cnmomWZP?yw(n|w7(9de>?kG4(ak65U;#9>sit`i~XnwBJ@IqQy zHFotRxCG6t#;(2qu0Xr0(cWV41y80L!)uHp>_81NKMV$tRShzK7A#k+BCQ%^E-?*? zBJ&z7_IJTC%%#*|ZSDbE!%u+X*VSNcR)HPVLJijDL2v>Rs6q0AlNGxZrz*}-oTs<| zIoHreBv%Wu?KMb#2e<@lQ-kEUfy=}H2=-}NR-j!q)It`xLpZ49YmoVW5Z;4s)F5-X zq0f{T$xHa4q@tF&2KoP#@Uiey;7Mw>Mr)x4`BPHMizd|2#}Q8-cN9#Qcc~G1Dx>ro zY9tQ4MN&lmyTDbF6SX!q$bT2#ifo2YEwcI;Y^UC9jRmyFT5>f29*`L7Itbo^CXXiO zoH3f17Esz(o%RBC+6&ZaFHonwK%Mpib=nKmX)jPmTDzc^UZ75UfjaF4>a-WA(_WxX zdx1Lb1?sdHsKXYWHtMt&sH4rEA-rEWsIJzT(hJmSFHlFW3J6OtP^Y~>J=*mVyHNa$ ztn10oUNAr&>dDWqz-Hd9Cl5!!c1m5(K9dx15thH6`3)bqgf9WqlZWSxdh$RFd3YDx zFYl6vcfdoE3OV_}s3#}qK(Rmdnv;5JA(3z)60Wz3XfO5T?L2s^#@~f^E#iHj?5gumhXfNQ!>}Cm@YR z+LYjA#V*CEigOg_Dav@ck=6mFwuna6x<=KyM)W-1Xe3wFp!gw;NK#@%580r>TTQgY zcfdu&G#N|KlP1dhvC(AimZ$Lf6L^r^Hfft`qD>7LP4Mgh^Qna<+Qoa|dMKOK<~y^- z&9tI;V#M+{tNt`o3p)ts;>|W2Mbu9-)@eT&2>%u=VI0wnbrP%!-v`z*m)neul9&cX zco1%()XnHeBG`sLG}9Mkft?yZ0o&4y^qv7HYq(3pQ#Cw0{4()#G-j@b=V|UnUvma$K91)f;5@f|JQYIaUH8-LWiy}$^o znK~jr^dM-S8BL$kj5UKN){OknA~u6E%hzn~7j8)YO;D^^Gm?KFJdA~GR%_ObpMV^& zW=H@(;VIBdn`_2TARZ3^2~ayo)hduY(3>z9iMQ}97?2e47Jd)jBDFvbJ_)YUx9->Y z^}IWVTKEWDO}ieWc4G{=8ZgF?Ry&x3C266?KLz6%kGD|QAA)}5&_Z1w2Xpml5xq|f zwY&!`34aEbD^`(i3-v284T{Z5$$P}K;+wTlzhWud8Hu-0ze(T(yrvfF_bqU;hPyO8 zRl~E%VGH#uPv>fQp2pAD@Ku`U9?j>Cl&*yui~;*J|0^`+JDTU!SiBbF4@j>CAD|qR zx#bqE!4|E-7HaSuF?;A?Tc|q;@25suwAHjwckdBCL>pjRzYom?O2;uWGM7vVOo*lpFy!Ot<2p?SS(B{yTJbf&e52;8WwBQ%8piv7g@EU z6>oztpg*lhhIf%nD!2!YZB+@hQuYsxRxN2OWt>A;%GF9);6qtH0mWZ!Ra?}mWnqj# zd>c0WQ_zQ9YNPyKFbVmzVKF`c1I*jBp-XRo<%%*wX+xJJra`fVvbXVH3jbt0*oMs# znh99EHp(tIS+PrTs^T2Qd5R0je;Xdl+n`v3Hnj$A*a3;Z5q)UGTAl`1&_dhPS7}2U zaMsq{M(aLGSbUW>ZQX51<~U)|jW)HYZRo}!!pDRg{^7?)8>60&K+%vk^;O!C-c-Ue z25-ZXQ!XqyB|?Tmc`G&Eh73s;&+t6>J$+Za{dVMe8e~%+=%c4@S8L3ehjiO%q3?mx zLfet8PzGp~?a20Buw1b!{1D+<(rQP-65pWMOwZnqcIAVu$hjREFgwhD1^nwoAKH=j zHgHn-IdHOuyEHsi!?Te_JDMg>=W2MK#?ROAm72q==vmsaz@LCU)I~dz-vch!67?yr z&{BLyakX-gmfNl^x1Ab+Kl)h?itTNuc20t?(_Y%q*jK^5$iJQT%lZU$Bu`~z+ODkCKpsYN0AmJ!bW;r^Lu%OIxbkLRsWtO7@ z*$T=mM~BWPbs)V{gjb*;9cXMaC^H@%$R`05o7RD3pi!IF!C3V?Vd;-LRBt=b+X2F& zw;kxMJUuBnL>k?oU&HCbpHjmao&1ndW(&C;OU~oL5bLdD$@!!U5Zl`XBb!W zbdHASDK24lW-PhoEjSCx`rue*bl(Se;{%LkW#<_7-+f=>KT!T3qUU3o>6H{eLMz6yO85@=iIj`EU%^k6{;$;O zSk@7QGA!}T`VwY^j-1;r4MzzLs|lw-86%HnHJ?)09;NpRA7+O0z!arVRr(B(2D8Kx zU!s&MC0ka*$J*CPiCBjfKL4%Zbx3}!{g{R~(1OM?(<_vlq}0rI9t5}2UdA%(D>?kF zQa+*K--!&F`$c;8)0&^(Yl_d%uE(+_EA)TV7_AFteI;h6rv8$?`?AKo!uWJ7E3@a& zRMGQJV-zWNqU}e(poU8o%M{BszCy#5iZzP0wEa$Fw1(@Hre4Dh8gA5ZGh@I`#;r%e z7Uq09@#>F*?eycFtTx7jlNF~>*PYl?iJ8F;wN7KU#>`cmr}6VO%uT>N6%VkJv5e3! zLH{~wHQAs@uag@-h1-5XR;JznKb3fk`D1XEyu~c^Q{XPzS0`Fp3d)RPCz|;u@R;K9 z@NWpeg)h;`ibEWDR!VK1Q*Iwp7oBL}$KVA)o1J)|sbQObz7y>l0J%H{jL~o$n%s$Y zod8pma+C0<_IHBYgune8k)Bs#dhjhC`dtg#^xlGUL~!^68>< z64M7x)tIU1YML<>`b=XQ^!q>$ZG0L}&wwJUX~;@Yq%;i<$H6|KL_QyY>&eMiSNc%%tUSyGf!i#q%1R;_xKQ$ zHH(?ZDha%iJj_&&XeMb@8#9qrGMG<)Iuj`+fUAT9QaS_Pj|{uj_v zvqRpsWX`&qeEPtAa@eif)lEL3M~3fXFGT)W4dg#t#GA>?S`8H0KM*xx`$FHZCB~*ELCWN9k@8ujd=@F6MapN9@>!&O z79rb2W0CS%quA!aIagCAL`Yz+!TeN{q~MFD55GP;BO6@{}L5y0{jrdm3Dg_FhXZ5Kk?@liWg2EgUnhMV?#0RC$UF;ehm@VV43l>?VSb zy;ft^Vb!m-Wo7ePb}z`&jf$I;&vQz-lRo7}Jnbk@c0}ArKF@(|NbE+P*}f59^flu~ zd{JodLIq`a#Er-e8q(bd-Y@a&xDb3qv7b4C8%a@~ZiaF>n!FQ~ox{tKlAz2IEN9#* zVc9>t9IrGUl-a@M%nu04=x;e~@FXZZW|yPq5|$ma%h7WQ&(W}qSeK*KKLy3-T#i-~ zL+z6aJ9*%PhLZ<&^6UZ+D$4HS<>49v;EBH0G>wcwf26{@CS=+JvX`-KTQyL(Yexm)+WZ$XUX&L$41xOIY^i^Oo_$yhc`AG7`j8ul+yrH(TpzL$6e;x~B?*g^`cz7NDy2S^QlCnxPvz66^6As@ zX&=@A{>Vg7_PO;T4MEwh-G?-e8!OPXeP9!kS%IGa9&BNBzk>Go5!l8kV+Gp&2XL{{ ztd_Uf5ehx}!@IPC9pG-P#0o5l;9kY!!cBL6uF#o*71l|8cYqSDz@D5pR@hO(2dhF_ zv=>sLJ@OW;eQTBZx z;|P#(95{oMZ)H+;kkK5-C;((M2Qr#7Wp~F1Afq{SB0l^_&>emc^oLJ_N#S?E5cH23 zOTz=;wTicd4-@`j_zm+hlfBa*ItFsg5Uq+Q{5WqN1DC?>aYN`Im%Y|#n>=NoCFyPu zzZwjY)&`@OoNs{s40vPs0C-FIb?_(Qx6KXcXBx=9WpE38u!E%DPi_amQ1~rSa@fyX z?}0xQ8YthTSB@nfiy7Vxx=EK0QHS3Lb4h(8@16jchCc*Z%><=fo1lLk^ziN`V=PZM zL3s$gTEjxW3Hmq9O{DTRxQ%jcCap7|NOH5*#b#u9p0IG(tQA;WqNQ8x&pI##^VrYr_Y@Tf#@c9}11^ z(*`#PB@&SEMxi7>dqMWAgPc?aw^F*-=)XPy%gMuQ^j{KgP#lBIUt?d*Eb}#MHz!VC zWB&FWcvvXuiQWW{DZWMOuhGj0E|#Zu4?6!Ev!D{b86AGj{w4bPn*HAz^MK+*ife^~ z{ji3ArTD0%V*gsh>-Fhl8h%`HlcvH4B%s+!K6hgk-v+C~e*&A4|8BAEU>kDVjXgXB zcJS72devhlUwcOKyXkkJx7bGn?$Y?(NM<*^50utkB)l6R20mKq-IV$);Uh?FH>Exe z9@lr@M8doAXN2boNsAszQW+rUyR9?A!7h^+R_QZJj0~_`v5NTD8RJPzgJN^|MZ#k^ zll(f8KMb~$|JRZHTOgw$^L3T{>qwq=k^CP)c720;XmPJ2b10GdKJW&W&zIEC}buOnOHk)*`muHgrTCnq@I#@P+Q4V3Y9$_r1* zEA*R$C*|G4x?q6R_s}BV1zBqYtHMu!wMcRgtwUm1YXjLy0k#vDfLG1X0&AwnnPM>%WiP3@Wi{5@S~CzIv_Fqk_tYayt_$K zVb3}Isq2&GUgYp0ScPWprA_?_Y@@C1rB0879dOu78Q(PbQbuT~O=u{igm+^__fn@P zK=$B)2T6A??L}zbM0$IvK{(J-;7L860ngB)_fnguLH2}$*HO~Fl#5iT&12yG!i{pl z!G2I<9?|eR^m8vYD^L3+6>3&EY?f5e;rGpbl;}_3C~~ro`aKB-HC#%~?la01%Qe12 z!_MdMC&=U6{`Qzq3Bu{?OsJ&pfh8GJrY!rE*F33N1K|ay3 z-QexQpBfRGUkZP0l!VtPKA`xZlnxsu@oSa-VGaLE@e##GC5PB3p;<@U+=qS&=f^bW zam5Xib81#7H)`HEr$czN=8e@8!dofDe#Y8_?JMf;}4ZP2r66j)M0KXGZjbYlR!*dI_)BaKCV-r1Gxx+WTpn@JExM zM?X5yt^>5J_rW8I#}wZ}GY^o5KY;_Zode|I9q>9@)&bHT0B;vc+728@SHkNw%q%)# z&K`oBgb!)G32x=xgS4IVUrFa))T^MAyIe3INau5j%9@n?t)VJQEt`DNUq(T{wf&=99All2j zl=L{bSU4bU(xTK77HJ=()TDy0k~+G27GzBpT%$1$X!t?NIl3zGYbAAj5()oG@e!qb zRMYyk#;jBN^-9UAE|iZeZlFCLL{}vbn!flR z(6^)qIi!~M5c&x{vicDGrlf_ej)M0KCGrt`5S=_k4KDhgIiTjV1;tbcj>J@06G5-1~pu& zSfowe<;YJN}o|O18$oXAzvJ-4YW8X!p@-Fid z=DX%eYV%#z(8&oqwBG~$62lJd55aVKm-VlAz=H6{U?H0Pu2rm0Z^5T}m(lS_@E+kQ zryfA@Kn5t?J75Vl&dD1Mmm*cpOemIXe1(Q96{{6%6l;~kXbsmXWxa+QG~B3RPI$qs zgYphgiub|Ocsm2;M@W8v5|I{rhmM1Z&lgX}*CbA*GHD{rxpei(PlM}`@O!M2`@t!S(-dba zcB3Kh$*eWFfO~e{V}(k>3ppe79y1%o;9^ds$l8m<^au?nE8%8&=%L=D6yE?jCkf_r zZs$GLK>}d0kq?eXyWV3>qze3=(%eIy-(yXr7F;jqe9+ZYP_*tNti2%TLH;j!X9Ay9 zaqj=KWlz`)AfgiSRtr^3!V4sJ(Ey2JZQ;80)&-3aAT=c1EF#=$E4ICDZ*OmJTW*)z zO-eu|N|enFQ5F{#37ZNELV$qmO9&Cv^Z!22nfJ{blCUUhz5h3#{LY*?GxN+m^UO2P z%$b=3iWD`_lM41HSFA-4p0A z0dzCJ|&0h25yK(WtV~sItMnBI=9XHi{w}jYz)uh-@@sp$Up?G-9jo1VuJj z%da6tHX6yf#1h$PB_?Qxv;yAJ$1vT>X;t^)Unn|etFJBklw z*$j527LHRp?Lm>8?4)*LL`#F0`}@JK z`$wG^_?83Gf}A+qSAysJjZQo>8*hQkvw_UBfy}Uh%&>vXuz}35fy}Tu@lZSrGQ;L1 z!=FU(Yxp2vgiL0A=0T8k$sl?O>?$Ft7jfUO_<+PB&kf)d&TEj<9@;x8#EOR_yb}Sx z#;F|b@F@q`;{yuacEtJstj3Kr6Ow~i2_tViSx3v271(f$JrcAmcE?etIbb#Wg1W$y zLm>OJK;cOj<&4u+IoXw12XPPZ_kfJQK=y2cSXoY2dyl`% z>56>r16d;hc7YpRNmGzLBOuxsyx-sEbVI8oft+^%-fEo(-e#qNoOc16Q=AK^)5FdM)ag;MJu7l9AZ4CXo9GTwehqvGnYjSjI{;SW zb0PD|N5E?ouT%V%bv-^esr$QDXWYD#2XC{wg158(=R(qF4K!u^64;Zy;ulhb7lM-{ z7U>@XC(CXP$}9fWR!>5I%R0yDLEJBc55Tb=JmqT(Dw%1NE*>{Kalo(nJDoH_UIyNe z`y%*I5B65fR17IH+vZ$E$g4nlAFwNByh!7lZUI3&Q02$$eS;V~`{UiM!V*!vkH|KtIPCY2KdB3*M`&IJqCx;i}!@gRu3sQPN zB_%HPD~J^VUL@&g8@wOBiT^{2KcYoE0RJxsSq%Z+jx0SueI|meVgl)HS?4#H^e6Ft z;Sk8$B=A~wbJhoLRw#krvTgx~lEX>7Wss1pQvz?Xx`6CV1UVlAWXCsntG@}n4auJb zU3TnPchD{-@t%&j9v*@}Jf%g`bHJH;P4$jT*{+x7267zXbONe*^dqx@aM*&>NhEjJXzroZAC#Q=c6Y zhS7SXv(R-VE^lnNf$ibOLbsFpcL$e1_o%Z3iu=H|aB>M0_k--w2HB$xvKIgpic6rl zl`kI%l_ks!5Rx^zq{FEof{l`zoCgAO`iHZ`wG>@Rf%P7w$@&@bPsH9>LVoH&&iw#~ zp`Bhu9`=J**3FSxgRH9u z-|-n^!-smlSHhcgkT*5pCUUimxfH=#_2)eW?j1<@GPp!sa@*)EQ=TlNUiRURlYGLB z&7hQhncH2F_Y};CaUzGToF55g&Ol;|;#b2&g(se#h2Yglt8copf?P`U--1`G z;GXzwpsrUTA=|-?)c7hmwgaqHWR(%_9q@k@ZSx>_NGQ@$2#HiQfSkMpN?BIXI!Iqz z>nfyzxU>`r$yy+1HTi4+ufk_FxjpEtCRg>~dThMa zD9FxGkaevfJ42l{@a+J&4tZEZi=GR$X)`-n;q~StSNaBdZSm1|y#^^IO;*cL zYNV9ZkWx~kX19PT8os?hA9pAEmo=;%lDM7KzbpO78rEEi|3&KN>;l}qtZv|S8geM@ zXbtkb4;=140^TbnVi%0ieUP@Z204LO?k|x{R^U-PYpK~Ufuc9oqBkxDMQ^NSM^bn2 zE=7^{wJPmvsWsf_ik{#b5|>g?kfT4u+)fg)pTnL`yfJ3YZI5(~Y-DSqgUSdf!I zz#96~wWLi*>h4_dP4dZ`U-j9fVS>1|>fWkPrLW;_FZC#Idk=zAgS_q4^cy7q=!$so zxP) za4k9Koh&8gZLA{uUvRVk1w4puS*N|mI^)-<^z=zEspOyq=#IX(zi2Gi}2jT5HAwTtwt<{T0E!hPZzvkTE!3L4i4b=^GVl)hB#df!dGD~_VT}V%HEBFAO&sj zo8;XSZcZo#IiVChPX0Ghy4@hFcAd@IPjN~d?Q1g}+YR1DNY+^pcQbk046>IK$3t@4vq9at}%1c~*69f1C+RqLfzt(RIjydEF1UTW2Psa5Nx zR;`y>wO&|nt7(e$QVZt~fa~aaYt?#TU55II^->G}w}N85)WZKm;6|*?TKGTLsa5Nx zR;`y>wO(q~dZ~r~?RYBIORZWj$U8MytJX`crq=C>uC7%ZrWPB9Qqao?6|rGz z)rP61PS3+FHcTxx%yXdFFtyk)0dk%L$k`VTE8~#Kt<>*wP)5O9S)tG# z6rH)1`rQL^Ru8xlx!p?5E&!LIs~IQ3?XA@867UWB$F0=t3Xl^pz)j5iZKY-fYb9^c z>;`U=Txt8-O3g~F1B^_!QnN=vPTB+ytDCcSaUY@WY*iazD|Je4sZ(-`{t@?w8vY{< zoFNBtwk7gFV&%8)(aI^elTp8E0)nS04bS zf7zz}%QotQ6wux~K&&wE4QR1ChLUbWhqJTeqRf1$kcy?$z*zC2!i-Y}3AG8yqH|jKYqB-4!PihOq>)$LZA2 zWjzX|-mZ4_cC4dh+%hk;9SJ-P%IIvnYMAZF9#kpm9*}c0ob8l!JGhSCe>+;e9VnLM zc1lN^N9x2aT75fGw+iHhKxez!klWRw-i|&`#fQ^e!MD-&+mW|-K~~Oy>;VC{shiVW zaf?N?9b1TeB5&`32PKCpY1@%8@oA8pAZa_n6 z!lNGqQzU(CA^3o#C4s3Lx4XJ~DRSxv{-WErs~*^n9w5)imH3NXZAY#;f|KBIosMGa zX!~EnEu)w^9mUk?D5g$FF?BkMsnaog9kNvK)WKmv8O5-IPvXMiL*RPaIO}(4iFNQ< zd}I_;2cN~CvmKl|9mUka?O5D0im6kc*THi_!t--M8O7A;CRuXgHEaQG;08O7AWVN%mkOdT9f zz%8SgI$Egs%P6J}zL7T_#jr9L{~fBwSZhPMSgS(HJ7^b;&K|fr17uw~n1ZFTM`tPb z&_dt9EiIItXYgkaT$PX|f^c;|$U0t-{Ue~vgs|F+xt%@QHd$YTMZw&g{{qN))Zh-@ zbnMZY$vsFBDNvTJV0+rp9$Hxg*j;fFQp74u(#Lj3KKH71x)*&?k6Wx$cKoZqSf_hc zd+b&1v6s9xID5(40Z^>dy=ade;9Kgyp8kvVS+spt(~xK85hYEvQJME5CwtKzhe3^{ zcHmyL$5DL5Mnxk^uGB`|tF=iQk_XirdsT1jMQjm293hPOmw?!dl#%n@i6y6`i(BR} z8we>+hf|^kT5&vB1Xml-QAfdgO4NXMA{I~Dfuffhuwl4IFA2KhL#rVjZo#tGbEtZ z$kPU=kzB<)jnGYTj%kl@O#6aklmZKkQtSq$6vtG@9wYp@xR26r9z)aCgU8X~$0*Tz z&N0=r$0$(}Zkh8uM#^cR%yu55L|s66b8$@d>M=?LT}mWz*+T)|D-;z@(`4Od-F!GM_BWjsg$RS~9zqqjvKL8Wq z-be6c3pfma`6BsSpsYIZNlj2v^GOYhlhk;sDfq;#$1QRFATCnf;98P5kT|f> z29XnxT!G}uwM6zn#)f<%%kmpR@&?BEAA;l!q`iRT&9y}WK_n1F0zo7Yq?SSSCx`^P zw#Xh>FCj(tK)y-?GCK_(=hSaoB#;kAB7q3uI3dSgdhN1mW;e@F@K8l((MLJMKhs=%Kg8zq?{@ z{|(%epvZX77d=8x4GM?ZQ|s?>W0b2g@DrJqRsbHAry~F0N8%4Z1(AO+hSSeuC}|>y zMso7Za(+%W(7RcL7Fp=`clDCead=(~^`sEw5NZm`|bsB59 z;w0iy5`UW19Gpi!{A#c#Ip_2me>Hfu{~m~T1&cIHv4$@Zg#V1epibWjUFM#YN+PoT z25$5xh`l5-LF-7-dQZ`MM+(U;XY=?wL6NHzZAU5Ej?kUZN|Dy>B46UxTIP!?Y^P~*W;)^9X`1ac&32k*J53WkEwMDscA6%2h2*r;G}~#KtivED?TLE? zOA);RqBlVF1}ORLM4B?rL~ppAG@VYQP>);Wt&^tHN%cmmw(eAI-KpBTQ&sj-NvED~ zkVxxJ)z+P=a+s>EJ5^hEsL1v)8Z*(sNN-KlVqFBxd- zPL=)zx3un5>iq~PEt>B$AibTnjGaljoqMi(E>hQB%iCSc%ehLFx4V|NyOy`Rmbbf> zx4V|NJLTQ%cGvQD*YaLM3e#N9jfc;dkWMuyvUCZltp-JwE>T&!L}lp`QkL){OP7!` zBXgCdOGtkM?%w`9aG1Xw6j{1NWr^LI);Wv=JNWDZLNCpcF(J8SZzlSXy_xb<=BB_m zkojJWox6e?;CU}B>O~;$1l?YYm%D*A{sM5Vq=psU9(>#12-fOTM#s3fqp5mf*^xdq z^%{6c!yHDodr@EF(||tgMeiwbk0~BUK6^1DCU4Z8gz?4SwG?gfp#}xx{P)2G^>2^% z>xF#v0aNv9XZnj?)Q0$6qG2XNw>Nx91vv)>K>+ei{d1!x0^|-o!$P(WHNZ1Z`kxF&2}K#6ci26pZp&I zu~@(qq^>_w77vQ%=}!&raIa;2*9gj&kgkPSN5SK0s%uHDJs3mXT}x{3fs8Le>`9Oj z9N3xfrCm!pJKZ7J)knZ}1nLz53h8eaj~?*?+hA;^3V$b1gC(Psw~_WvWG$mCFFY#KoJ9)epGYw4ke zB8`0K2045dJVdJ*iUht4Hu`nohwAf@`uO5T-UMy&fg6orf`ml6#HX{Ah_XwVUex$d zbcOg2MIMG?2|P<*F1`OS%D%@PMosa39j&Qh^2FstHaK=0vk(m+>l{GVIe@Hl0Hrs- zjkeD|4ch)rkaZ3q>m1zM;153VWFN>n2XMXrJh;JM2{J+i-|^oCd5i7d#>i+H$e0CW zodd`^2at6RAnP1J);WNza{yWA;NAuYj)J^50a@n&iX_~I3=p2$7i67-d%NmD&a$Ci zZdV<6yXwH(RR`X#I`DSYfwz-FJ>O!Mp6GVfes@ro!|ol7_4b2rki$DkSJCYQ3f$Kf>m0BKNf^o4zbnYt zAAA#u8p+uIe6Uu-FlURKkv_<172HpI8A%H|05VJF7SIxtKlyf?^*Q5Lcc`KT<)vIPO-E=UR}NB2Zdl1tnb%id0un-uFP>IfA@%bSq@O2;`k3 z$QwrR06eTfh6Qci>_+#AWs zgGf<4$a{G3Z6x7AWJY|pQX>x{&wJcS$VNwyF(@cndJ+HedLfYYLZDc`Q`8okA~R;V`Q{GDN+FPyLLe)JKvoL5Qz+dY zkd;CpD}_K-3W2N?0$C{pN*kF%>9)F4h{yMe+)BmiN8V)*pYz`=O}=j z;mT?nN#I063AO5 zFqu+MMb2k{o&5PAt6#vLwEC&^KHEUvAAziX0a^V57WprLVh>EEKN7qTS(*wb4}h$G z0a^V5^8N_q{SnCfBart;An%VrR={vq{=?w&Rtz{F$)C#CtSAL1nl1qsDlSr7j0{Y5m-v4MUzQSa=8VvKO`k5sl9|f+ zGvc#cafOC?U7xO$Qn>7l16QffYX6V8H(R~IE!K_ThxDgYU0+J!b%Fm=y{^>JRPS8+ zyQy9`PDh>UohKadx=SqYeBpz40e#R^?E; z*;Ng$r>Co=rgnoO^OY*|l`8XpxRYzx{na62lzPnsP^NW z&Vc`;+K)e~{rIEWk3Xt?_oLc(KME%s+()(VepLJJN6}h!_(lr{+8G)=a0$F7QvdRc#l@Z7)Bal@_?hI-? z4Xjk0j?FfMdS3-rsn1M$(izmg_;BhEIGg&Kfeds3=c1iv&}J_HpO*X}37f&^(Qh-5 z2XVgu_hwL*M(`y{Jp z7G@wVsh~*945Wn|A}t}1Q`*3rtXS|dBw+@ULrC~}E%>-K1e}RPRjIbDQf*nK+OkTu zCA;F0bGWZ4+OkTuWtD2nD%F-%sx7NjTUNpUJ#Lk1%PQ5DRd9YcKB6tF;J>&#5wwq1XVdNCK}yi_XMC*a;S^yF{MCx4oc@ zHD;ot4uPVhW|FeFWwbIAS>58!RLwjSj*%K%5`0#|Q1<=ce048Chs>nx;{URuSVS|C zu7e=w2ZEfZ2d+R%%!Ci}bfx<6ja1yLHMPx1&P?R0pF0z|>I`;6qGqZVnu#oRz>P$J zqJ?I9PcV-+6N&1XvHNE!C=9s#UjCt8S@Q-BPW(Mb7>@5;tQ>QnBGx{T)nXv4#Xwezfvgq-rCzXA(QHqVE5Rzo zS;*c~Nq%$R{Rt;SUk9x+JDM@8QFLWX{-lVpkbau4m*f`!DklIBJQiuGjg`r zd*E<5Ag78QbZ5aae9&(zL9s?=sm#n$nVCiDHskXSEpZmD>@{$U|C~EZ`?Xoxug%ha zZ5Hy=9)IcAW}(fJz`2qd5+y#*OA1JoxEIh0W@&4hMQiGW`(@hiENxA*RIX;JT+LFs znuT1|^7M6j;aSL)q{&VNa1}h9rP4J^`?y)EwPvZ-nuT=rc4w({%|g05@Z z0LVHnQ0(y8@Kb!m4xbG_w}N7a&sJ%f4L_+@_(@3W{durbQS9*9)V}yUPVLWztKuWp z_-uH49w;N4+32ez@L6o>*~;PBaF`R3=p$Bw!spr8QQ}^xxJXef^VwMD^TC&q$=UFn zJYzvg$fb-aX2XB+S+2N();Ame%hQ#No@Qg2Q!e-~KCAtw!Oiq;v*G^`cQ$r7T%s0w zfzo%(Ry%w)b+V!_U#UO07#8d(5VDpn~z4nOBm3+IA-8y%d-h-kr}W#a9jMPcb)^Emx49)@^iFzo&%p>$1NkEIq>;LcMcrx z0d_-M&QadZ@oo|-+Aq(6lM+TaIR{RXTR7Rzm2>=dfvlkdSv>`^dJ1Iq6ew@&=F%_k z1zDQ`-bG!{RUJE5b?jU?Nl3KW4sadyI2V3$LJE3gH^}NKP(}oEk@KzYTsTR1I4L+? z!XVq?=9DLJHrCf%blMj1IrP0TDv(uA?mTo_SFloXIx;yA&Gs%> zr9PbJgPRi*!MW<@%g(r;M!M!91Mh*)t9!n>Uy$@^gX9hS;Q+W$-HXv(^R(T~L*q$Y zPJ;nu=bxt3=ekc*-gaPj+W6Cy_cBn%ZqKM}Kcnxbzr!v-q zGJhzir|xo}Q5k+lOZ|-Y#d3NoXCzVfcffa$?Pn+{v9$Mph7ujYEtZd*<=6mrpe&r? z2+yB|)*g^`8X)Ucz!E`vw+)hvv)d)(M=LjS25?Agd6;tI+2! zDz{&R+l0~jeNj35A{?%FU&4Zo13QuPmk56plr<-^pSJ-Nxmu|FU&zy)xLI8cik4fb zaVtiSl!a+I35mt4rWXBL31^WpA>Ck#@QS>W4sStxMp;VQ?8~E+J*{ zuVK``gp?1%DQTg!JyLjC+vCf$$0N9T0!n*)SzF@E#5%`)1?rcADRBN3^3VWwvc3#* z5({`0_4Nue-vhi$QQrB!0)O5I=PSxc{}uAq9^`95;H&B{+;|0UNXV5MMmX>a`8)`& zRv&h*;NC)C@Cwp91e9?)Z)>pe*tx;@g56Na@Ta)v$B)Ci|)5{n&} za7Ol1H-N&EWhy`Hq*iwkC0$PVcu?LDEvFV5KzX;aoVrK_7gOrx)I}F?h5AT~SV8)S zL9uXF5PmnvE?tnd`tAz2eFzlox&oeyTeSTOsb^5+VFf&I1o_qyD6@+zh}|9(&aa@Z zJACWuDz9Wm z_F>Wz`$u6l5hc)C=a0MK$A)n%AZ?(Hhb0~X|54o$! z+eVO6ox!W<@pZQ^Sgigfg5>HbC^NCE$(!H`^0@_C13j4!$?_ftLzcx!rr+Rv?%+2h zuBUO^R&3l&#_d?KiFwBDT0P??8aM0560b6D*1jbE!MIslmG}$ej#yxzFut@d&E z7#+qG;jf$aU7|G+J)^+p=EV)Y=;2w#) z6n8o46>z=Tx?BCr!89vR(-S&Pu_cW(DE5K!V5L*8q0%_PBA>s}8d~T^KMg+%a&#qO znp3)gR7XRzh!iA0>7<{MdnsU61{EdeDY1VkcmsA8m22!V+%?r>A!Qr~{Q|C1gXM%S=eg8&8doWseL zQufi%5#CfNXPaa*EM@l+M#^5IAx>;NL99|uLBdI>uq*|wI*_s=<*4LLav@=)bmNt$ zV{k>c$V)Y~aatQiq*%tk+zIc;tM3Rf4gWwEgZxW=MKaS!`Ck4@HGDXK5_*j0F35>U ztnlS-Q%_QhVIG9}R7e^UPwJo?%2Gaw6)r_kz7u)byv~9&B)=uZ6N!$N_U3Ii+?qtb zMr(Mvij;?CYrN7g;QJ;b9n#Ljc@=4m)<(kFpw5GmN*s~vKXrH!uHG;0XC5NQ-%G=CBaEy%DR+5G@8hB&~jQ!E!;Cj)4#k~&ZK`UhsRf1SMWDp|N1~davtxw}o<0h0AjviBwD9bM{yS%KRv~bjAX%%G!Wobjl z6%^k@fV5Es`Q;U*_y|oxj?FKw$ShQ(iJoLys-F zyRfJrZA8h~aTVo~p|TOB1=K^Il*E)oDOcHu5-2n;xK@Z^Vqx)!q6$(>gP<~}D8G1g zMgC}f$fR;ps`6f_msFI6YllarL@6zSq?N%%(k~yAU!GQQZ$aqd4UQLgh!N+EvW~x4BL4Sp;#8q0z4OnPbkPQE$d@MeMotJQQ-)4BemJoN+k28 z1)~eg$_q;2Yk6t@$bzx?rT37ze7`{^(hb^5z&zyt}p2Bwo+cP@q z$SCj}zF^v!uPt@u+j-rr^Z1hE`K+$FkgtTL@g=67*2SF8_$9t!aVg&*>cv+qzJdn7 z96fP`TFaT(l_9?A*q`q@WN{kkm6m*?{_B=}UHED%hcC1a!gkHY`n|@w7M*k*Uvj-3 z>-O8^dKljvy@4-$-h}47#rh5>_R1F{<$H^FSi`M58HwiGuC>^jW-YO1Sd*-U)?3!g z);8+}#tL(-dDd)e4qq*Q%9>@Zw|-%5w-#7WTF=>@^>^z>){m|E*8f;Lt)E!GwEn~T zv-PMo)sC@#&Nqu5vVLP7vJPASY5mUnsU2r+vJP5*u^zLIFj{D^rdW^jrK4A@C+JB> zSieF?E<-E7%6E@eTFb2!*6Y@L^h|548f%p`6McEW`fuwEYpu189&xv|*ZLV2YatqY zESk00`WssNU(vhLbBM)sFPe83J=a8flz-!k&EL14wjQ>AU_D^{(0Y)O&OYl|JKj#P z6YV5B*-o)Ov_7)i+3oEPc1O#%ExVI_j-6_Ew!7F}?Q`vJ_IY-9`+WNX`$D^ion~KT zHCpf6J?)F_f3m-1Ut(Wsf7$M3_qM-cUuIu!_pz_A)9nm9(|XhHYlrN9c7J<-on>d+ zSK42-zh-~k{)T;(eYKrq53~nawboX9u$^n?+1J?D+C%K?>~GrF+uyRkZ4b4F+5c?c zVBcupWZ!JxVt>c}7yG;Rt@ds9?e-nkaq9znxP7O6mz{6lZI7@=+6DF~d$c{qF0{XA z-(wfqW9?$Q#2#n=t6gfB+2wYHeXl*)e`5c;^}PL4`)Bsg?fWZPul*+O)x1X?Q z+ST@x_EXmH?OE0ztv}eat^M{Kd#+W<*z!--bnCyY-&<($_qTFBDlX@ui_>?dR<0 z?fLc#_5%Aw`z3p!y~ti{FR@>?U$I}cU$d9m%k1U$3j1|?rCnpMvRBJDf$Vkm8#Z5x zu-Dt1nPb0WZ?rer@7kQLZr9pd?QQmUyUyNW@3h~uciFpb&b_wx+57DS_CfoQeb}zI zkJt_NQM=K8-#*5<#2?rn+8^0I&D?ez$8|g>#);*u;CLs&NpzApu{VYDciTH1oQ_T> z=Nu>1>FjWJu5&IY(4OaX=cL&SIGeQxXRKbtX{Z--Zt0htOPoucFFU=Q-p*H?%bd%d zKF$?Rx|88#I(?mx)6ePe3~;iXZ0AbntIpS)uRGsxu5zw+a-4zAAZM_X>*P7tIM+Hu zoa>x#I@deja=z^hb%r_r?A+ko=-lMo?A+pf$N3lMyUwl7ZO-k^9nNs)PUkKs-?`fv z;f!<&oKenbXN*(me9yVZDRRa-#ZHMc&iPlT)G2eyoeJk(XS{QtGr^hY{G0QA&NqF) z`GNC8=RwW|eTb7if9(9k`FH21&d;2mJOAPQ!ue0oh8o8&MTZ^_?oknGXj@8 zE1cJzm7IFFiu2ky>x?s=-f-S@-g4G+IuYM*a5!Pd;q)5LTj9hDImJNslsh|}_nckM zZgyAib@s8h_yGHb53!rK-eEtjbCmt5@5>HT=L6?Mc5wRag|uCVeS#kQ<=D&S#=8mZ z8%uJN+3D5JZSQt)JF>6p9NEj{c5%D1U#XkRekJ#O_X77qw}+eNUgY+4FLwXQ{SteG zE_J``_F^Z?SKQ0o%iTWi6>hql!48(bZpiJ&K9m7&mYeNf>3-Gyn)`M48}3!^)ozYE z&>iFsc5~f4_Zs$?3~{e>zv*7@e#`wfdmx6n|Lor2-ss-s-t6Aue#iY6_q*<`>=?M+ zy~7>u-s#@u=DT;hBUn>k;Er-fyJOr!_j~R=Zjn3IEp|)XaqhpmrEZy9?pC<>y5rsZ zSP4GS{Wtgf?)~lq?ho7_%8G0EA@@h_kKLcR|L*?O{h9l7_dncUxc}+?()};@SMGni zzjlA){??uB{*U`R_xJ7}+&{Yi>;B38v-=nKukPR6hgoU-cUHJovSM*MEAAe3A7fos z6>El`U>!}h`y{J8X7SE_j=VkP{n#_SY2s}XZ*X`^!+VF9cptFH`YW^HOJru6`P)bcoH{G|~_3j4uZTB5_qr1s{*WJt)ajgPWL@`m%H2D*1w&7kNFsi@ksHzT{ovUFv<=>*e+KzT#cxUGDYquJF>m3@_8`>xI02UVm?Zm*r)9 zS9)LdzUF=1`-XRwceR(}4fF5W2Jc4i zChunN7VkUWzj)vEZuM^SZujo+hI@Bix}o z*qh@0-J9xFdegk=-Xq?l-ecYjugZJed%~OPReMi*PkFPv+1?y)t~bwn+Iz-()_cx- z-ka~e;4Sc8^j`87dW*cp-V*O+?-lP=?=^3!x6E7at?*v=R(dtwDsQ#7##`&H^WN~@ z^xpE;dmFsBy?4Bg-X`x|Z?m_>tM#^e+q~^wowvi=>AmOe@^*WByuIE&Z@+iIJLnzq z4tw?95wF2J>NR@rd&j)v-Ur@?F@1_Fii*74iqev}isHib^qh2a9UMD0e?)0Xal3Jh zL`p_7W>b4KE+_Dg%MY%xIgG3BEr`w6OI%LL=#t`sd*bqgYto<*g{31Z#*Qi~xG!l$ zlRI(H$ddB>5t3-)h=?z}Xv|CU-I&P@pSc&1-(12qldPx~NrlNRserd(nqWp^Tl#=MX*c*aO zl?Iu*Au1oqrBOGrHw2j~4K6nZvC8z4bYl~DlggUh+DeX;!&dHN|VrC z5qJ4`<^ux%l=3k&o$#IJpy`Gjgl{AVVRw*&$erdOe5W}G-z4OZDlF`uk(rg9P*7Hm zQeY-0o{W@_DJ&hCKrYl#mVlQgGA3Db6S&KgMnT`WleN(1Mv@p+II4V%B%zM7B#juj z6NQa|Q$mvQ@-c~$mb%Ik#ZOpRJ|>Cy##t6HB77HAMG&eiStFYptqS9oL23TPlB0S$2|4IE(_I1LSTDGdpyG$fp%Ax=X>0tPh1 zrHV?5mK4>j+tCX}-L{Ve>cg~KX?emh=BJ8_3PzPDs!Jz&W3Qcn{w|KWu_(W6jFVHI zG!TV*PXX#+RC&TcoMrML+4yRd1i2~DbkwDuDc4jK7L}p79m4{^ts5TqVU4QngY>R$%F5WM!Cp zqsg=Sn){Hss;H%BWU1(J9bo*k%r)Cw15KEbHPGA-GS|W8nrp6k!8O~^&o=b44c%-* zH`~z7HgvNM-E2cQ+tAH6bh8cJY(qEO(9Je0G?Hofp$I#9(v~vvY978+D(9X$?xmjseG|?Pr$~(}|9%yI}G_(gA+5-*kfrj=# zLwlg1JI%z8Tx|^{XvHQAVYtUp+CsbA7tnc zGV})-`hyJpL5BVyLw}H=KiJS8Z0HX*^amUIgAM(`hW=nff3TrH*w7zr=nppZ2OIi> z4gJA}{$N9Yu%Vx8=;s>xxrTnOp`UB$=k|-eCa`2i>m`tsTthwAP|r2ga}D)eLp|3} z&o$I@4fQ-jJnJc>c-df_aXGo_6_;P2 z*QBAUa{_lslUqxZnI7bZ_fzIR$W3N?kekf(AUB!mL2feBgWP1M2f4{i4|0>49&jTw zJ>W)Wdccj$^ne?g=>az~(*tf~rU%@}%rNvb4E+p4Kf}<^F!Y0NE7 zAwxH0=!Oj4kf9qgbVH`xAwxf8=!Xpbkf9$k^h1Vz$j}cN`q`Q7)Q-Qiu$cEk7;?!Y zODcFrb*I{~i6X6csz|mETe^1!!+=DLXX9)ad8Cn=ZZ%@ltrAMsL4}E#pdtF?myKxG zWa`UpxTh~0(W!aj47tWNc?Hp%c_|SIrR^k?p03tvMtXW?->|D+M#PmFaWy>+Mg00j zT>T@i0TEYL#FZU(^^Z{NAJk_keQ@Mim{vw8l5R#MwTwt=8Ija7BdKLZa-11XB|S5e z&&)`AnUQ>EMpDj^RX(11YYhOz>c8Zu^bC@WB@p{ziqhOz>c z8p_HGS5p&Xjp-Z8HZ+XM95N#%vB5vpHnU=8!R)Lpg>A zIfnkgpj!(W(>Y{J=a4a-L&kIt8PhprOy`g>okPZS4jI!qWK8FfF`YxkbPgHQIb=-d zkTIP@#&ixD(>Y{J=a4a-L&kIt8PhprOy`g>okPZS4jI!qWK8FfF`YxkbPgHQIb=-d zkTIP@#&ixD(>Y{J=a4a-L&kIt8PhprOy`g>okPZS4jI!qWK8FfF`YxkbPgHQIb=-d zkTIP@#&ixD(>Y{J=a4a-L&kItY#&gIR&mm(xhm7$YGRAYr z7|$VNJco?&95Tjp$QaKdV?2k9@f)k8lXn6g-| z+D@@#b7NS=GP)p^H9J@?vGBH}l7h%V%PF?A;^too`h*->z`}rI6X&LYcvLh84Ouj46q^ zv2gU*eD|jOinyDDq}*X+3f)2c4=XE-$yd5}3*FH|H)fU#Ik~GY<@;z!IRCsK1@B~p?W52+0_}Nn4l=eU`jX@ z^${Lt!*DjS5v-zCjEY_on=T&Bnbce_*q5Z^|FoY#Dih&BoP~Kd{-jH{}m(HSP`F zz*ghl&<$)g?hW0*R^#5#4Qw^;4c)+2%g76CHLiwkV5@O&=ms_#_l9m@qj7KO1~wY^ zhHhY^ac}4bHX8SaZeXKjY%%VQTm`lm_eQP)TP!0lu)Vk% zISOnq?hT#5=HlMa$us=SGj#F{Kl2QoJX6lR+$8Nsv$FJ!OyJIra_2<32S&LEMY#t@ zxpSl3c}?!@sPwa=($9`cKRYV@?5Om!qtefgN$bU`day(2WNY z2|FS$SPSj4+Sy@sv+et`?+?#J)*}DXaz{)kEwWNsM8Q6>qWtn=Rx^7Ng>Vw8$!$lu z9m~C^pp?_G6)#cjPv|)QZCzs>tLv*R)>(&rJXT#>thkQ84?-od;`)46RbR%+>94Um z`g&GCvznWft_`jU4+Pgf$Aas)+Ti-YtHJfJ2ZHMpdxGoA`rx{sy_iRD)qGE29d0aZ zgnP5nH;8}9as%|J}W%4SiN~YD>28hs`3}Ch^%In z98(B4W87sm@vP$dste{#R z(=O&~F~eiZV}26z`|B*T&r&H#Kf`+~&A_agFg#e0+Sn_;cfX#$OiS zKYnEVuj5~g-xuGQ;3Om`bV*1{=$#OP2TQFUtp84f1Fx~peW}%(yAW%>d*JiR2|g0K z1J64*d)8Y++xRE7;vbz#5Hgl@uYp>BQoDs%!-;>39nWg`rrb2S+78`Xj$4-DM4wZa zAt*_>JZ;BsN~y`!vb51Y0biTSc6udfs)cAyH>J`%zbA%{rXR$2UB0j@U)Ggx<5~`P zz2zHqR&#&3V~s2O#((KIM1`_lPH1l>Y*UKOV>Z8QqSl(Lc@9!J+oHECCke?(s+^-L zr>M#qs&cLnC#-x!PHmENh2-Q^IX9Klg_7jNCOI*cvu1jGoYlm60>eGdY2s|55V__w zO?-Rf+nZhIa_%JO2$EhZ>7|iYXE~#W5Z@rgRm4joUaIBb(*vI#>gt3`&eD)`2!q&3 z#10X=2RVq9vj<5fl{nWDatJAO)_AGhr7G1};`M`SXX5oRR67v0G;tWw5oEAo$-kcDynOftND>>r|3cWOEO?+A(#iK-W*^3mK^GM32TsK_4 z3R=C1C7h8m-3UG5Xd3kTan^yH^}|U&a?X#ICg5L)P$5Djads^y;_##$>3GDyj3>Q0 z7e~%5;nWg*#^5tneLCV3!bi(=LT$BH2jbUM8>gS^Gb^Jl=LnpTo92@AaqpU!sY${< zi7Vho6K6h&>&*D{j}!W2_0by7rG~RCL3+f9Or6~Ik5k$+%SmhH|3rTKJJIV~_2b_E zCHvZjV-?C5&d$R&`vU&_J^qK3pwZ`x#{T>M8h?!y4<6 zsJ!?Y@Tqj?fJCxU#4++bTC zZ~B)kX`Ad~or7;ZBmPLQDzf)E{4Qye=BYS&s^@Jce3l+`=ZuZu*Fi3-@x>YrY+$4R zj23KX#lZKDXi3qGN4PTg9B}-zx8BHU3KH@~{hh;XP)AD8F{%J6#r{6AhFkr0G-Hl# z&0@70^i%abS>D^S;{Q?deu0tqBpvDL`8FcY{Mzf7?-)Im`4?{c$FOJkrlr~q=g=z5 zugy9N2lzCu?KwX(g*K<7RV5(bN#^J8Ym*#b;MHfJ?|47LvdzTB)>>^Uz=yk*a(LdmAJAdY|+6ap@n= zyD$dY>%Zaek}=JxerP<)`bzUqXQ$O^sThAX)njui!Ch-l=@a4OY5s1E4(Bg~p7cqo z1yu$_4)jmLK~3JDn>_h@#VtSo&EOiKU#DYU(f&aX0H<+FJ@WPBAO#chs9z_4dY4R% zuP3c-)c$d1x(@k#qap~`5>?}+h5f0kt&CC0xpJ-E-xhvy=2yRlRCb4FddLYfg#;Z# zvmHP(-V0LnH$M`j?7c=m0@b2sXaw!_lDr6NzMa%R@$+&!Kgo(JFEBi!%vx4 z5I1dAep-KG7t3Fe8ysG+^-Mr{I_xQwOY~O$bycJ zslh$8W9b>Af8U6{5qBiL6Cbp=KZ91)B5qqA=&jRlt5>#_%BSZamb}&}oQ{SxF~7)p z|61#%KV#qclf`J#rV`4ui4!7(XO&N1X04mhr#r$HFMVNyzdf9&zd8C(sj})o?f1=k zw?(mmP)o%X{`sq{cC_Qpw8$>1wbJNOlj&WPIGZvB|L}|_rSMnDA2B;v-OwsBJFypi zu*=`X-5b%ZPsR+CI>GcX)46N#7y5j;8rN_9U-;Gj&;1(zH$g7wpQHZ7kJQB4=PEKQ zS{&TrZ}p!QSMcL*iT{wl!k_HV_a`YgyO7^xSvi4Skb)~2YhW|+{!Hv8`X^;?N6g=n zgRQD%ULx;*KCuq`jbSQ!y|mfg$GB;sxky7auJQ>z*Y+>0W1~X|*Q4)G>drpt(@*8$ zDfCRU{;I7E{Dav9%5QqUh?T@?t|$9-;H=hEdg^nd0<{yj|5|hVs@e0Pt#y*ock91! z|6+RF8h-{UZsMOWP|-fa_Dr)80V}uoVejzN^zwYYrDgg$&JX(XwD8l<+ZGG*5tP8> z=_Gtt`@K&%?=7$Bpr}824j&TK7HNea(ecFwRhws*`Z6oR^&IS9$qlwk@H?Tc2KB9N zwKaZ+V?|xRjxO3|Ms51GCamkD!ZdS+`w(&$*xk*Ze%zZNw<7D<^AW4@L>(EGdN<_q zRxHnh{J#S~68+`Gm9JzaBJa!4{EMUhSMp5mpGPCh7-fS@w=gX0d zO_CTfzHfZbmQ4^Q(&{xV1E%e^s=>p0Jxb5CnwIgD(zA|6e$-Qp6=!OTwbAmH+kYE- zA@Z-GwwYFrjg9o0AAPv=MSJz{ICj8?`c~lrEcgp)F~{kJ#cpp;nAhO2$Ua{S1BKfk z${+VK<`A2`9Wt{|$|zP(lzhq?N70@MW(HT{-@t$Hlhxc&E*+h{4{h@=k8lTVLfUF1 z??EI+bo>QwwOE8R=g2)}+bmaHJA$VJTDY_7=PdoBtif78=I!tE*6F9@P+Dz0^S^tLl|yK-WXgJ+w%(Q2n?xVR zw`8%VuEU+o{IHDtk{RcSYd^S)Rw;k)HTyfjXkSMDn`Hz_T5a}cXSHl+F)`%aL+bZo z+48+$xU|P#;6K7j+m5V%x6m&CF1p@G2>KsBm>D{31o?ZJc`x}7a2r}t?AHVQOKN=A-L(Qu#lk1`$=>tEY-upX=(RyJCJd=3rg zPA%F1RY&@I+E+YInNFqeWXcl;W8^XlCbxbMRSQ z$*X8k842;zIz8yGr6$)iLJDjId2pt`^F>!78#-1yF|xEW@k0_L^B`f3AvT~sYqeJi zo_&g#+A?kJ?L;>CZ)U%p5R`Txe_}bvzv2l&xYhoNXDy%LlW63m)rWlZU|8!9K1JWQ z-ib>u7qJ#kMqg*rB5#IT4=G_)>ucpN!i&~Rt?O<+ z9zSkVs-GQ4E=0Fq*s`Q(lwXOQtE4Y(`TP_4G^3|2^AjcaSw!|%Kt@|MM)#bjPl9mwq;c_f3=M7B{<@+b1~I{&ZnsC&!DVIO8p z_~TA^7FZIkaE~yJ8X`sGH4DL;xoG_)JJfyR&@vS>6Yunw_T?j?;klF7HOoyTFf&DAPqBGb?ApyN^i%d+jiG>B;&_P5IOz+Q>kw^Xi|+ zdpqVnWL?4z-aKw<{ry@SB{*a6GtmKOocLLcAmbG;n!msaLa|EClQMwx5vb zDQ??-Lvo6UXXSBp&7744zmSQrz6Yy9*7BUJwea-NDMwkY+7L}lK}Vg&`-Z0QpN|XM z<2}kMyO^*;KFvIQG4yG`0oD+n;auLCbMExsznpoxXEz4zWjlTDyR0C4+pH}+y96Ss zoy@w41p53P-E=KvSK3ND&U5}0f2TS7_etl+&!_}VJ=n>$=NTpXF#_w`o)hAs$!c}Y zW-IRz&vfjAyl*^N-+uz>&;7Rb@-c=o8vT>c=$!t1uTtd2d= zCZEGRkh!?erfs!0E^4iRAwTb!J&UT{TGufr=Y>4g`7Jq1!u+r`+vJD;Gs3^l^Vc}5 zfKhVu6CuJWoXxB9f57RbXjTNFP087dO>)Bf239Yf{tu1ZpA|H7*%iI_)3>`%KVNN! zY*nA`r$0aoe)7In(m1{TwyE8=rqSBY|Ji;LIX@#RVdj!*g%|9ee3!KVx}q(39IYLr zBDCpbZfhO0<8QYa;1my7qudzm<<$BKcB@3jccNveIo4jSSk*awU623O2A9g`k&L+~Gh+)5zU$tkvM`MXq#7Ru(w_57v zJmq;9HE$@x*Os)Y=?-Qk z!+sq}UCOx;m$nRdf=@YnN5359Cwty6Kfy2R@kyMr#;h0Xus+$Z%LyqkyV=ICBYObl zXn*m1j%6axSS|Z8e;uN}e$mti$?DsK{L8-V z)_&>qR~=4xkiytcxXbTU`zym?xVGcJdyBLrKwCd4YqK2y(EFgRz#q&1#FCw6BDz=o z0J%Bk`j-9i(>=QBg`L0ttp7ib@l(cTub_qM(8bic~?6 zCM5z&uL9D02Sv&EJ7;(A-FtHrLecmCy$`$3&dyFRXHJ{4=tm!LT|S}(PIV|2XKto` zd*1n5k?TglCY_Z;XPE~<*H2I#qVvVrO}`f<&I3)@2l@OU&ScmRSWDBk7X=dVF#t8vox%`6&z7-myIy{ja}|B!i}ZDW5illBYLiD zGWL;8ZRvI$55uKvv>W{<*`aEINVN*MxH?pKb-=fe$i-=0x4>~aY6NILr)$>W=6ot> zu{aY4WI1eZN?Z&lNO3gdj8irUzd_ctNL$QfL57CU2|cOnb67X4Lnf`CnTw^^&TZpH zOX&vIEYWY)3jN+0yUvl$ITSov2`}2^aMoR%CYhXU&KFt|C*L@`-NIKaTD4q(_}Az4 zI|Y4Sngls{&E#14j6ST)Z#q(gSPq?PHyw*pzHwv%6be3#59p4rOmP z;;qMX)X|>SP4~Y8o7&U50n4q$c4S0<_oK^EGhj_S*J}LR=LAlkpg;c=akim`I_Z2zx(hp7%S`!SdpmF&bFP*V3U1~c%53Nd|E&V?NtS&26ms-|1bP}A zB+>ly;26(BQ^ptTPYy#;-O1b|VHv_R;JyE?%fwoa{LGQ)Z~;7k8@FD7gF@%otl@6f z&h28H-bHCxF)m95aR_1YzuA2Lop`SOd42qUtL3uFWi(D*)5B~c&8p&|%dWpBxrQ#r z4~P|e6MA4hh3lA@@!id*Z_yc*ZqJQEh(9=#MW272L~o-vaz2dwP5kF$Kk=9IK+AX; z<)gE(xYe9P+{U7~O^REFPA~gE+J01M^E3{e`!v3ORvL(SzauxVfii=ez)$;e^jZnzn{GXqmEdFAw zTg;Ukh;;-lZM{8>5I6r~sj-OYp*%CFhYG}r@@APhO5v+!ib(OMy)ZxG=HyG~)C#K2Fz=`S9n0EpA7kT_$vkf9%-METiLn zD}PqgQ{fZAju{= z-l118xx%%|?zo|X@r!byy?Q46K>v5VAP0j|V3>JJ00kxj;VU zfAAUR4(r&`L)@SV&4#%KH~%|uSOqzRVE7}He!11p+=`CSOt^@*lT7IbYnc8Rm8a3h zH-PPK75dP2(D<7W&vOBmzA{?uA|w=^7l3Z#2&5^l0dY5Gm8~=db>^NYr&g^k8rZKI+}>(qX;-JP^W zxtk?$zpKEC9i8)XkI$XMT<5Da^koLjL3;a^aG8GEq;ckCm?#bZ(ws^VR`UKxHhYY{ z=<|zMe-;C}hZD35To~E;)4+XSfEMQr>lYW`Kd*t{M3#YD3kN>?9Ta;FBm_5*<(e8o z{R2{BVdLE~s-VX^2;HKco?FY6|4shK7?s~(&%`%0=Zdka|3^+Y-$Px$VgGIL=Zm#k zEN|-T)X5PwLm%KTb4&Fw&L-OS2cAO;fMy*!6r4j6PBamDp2>fQ+7+#M82BI(y>Wnd zvCQUEo++9CX8%S2WBrc0twlc<*1x_aSpWw4G!ZH=v{-+##+m-u1Kyu?R0w5CAP8~U z9OtP2QG~%Cx{w3@Oiu9&yR82cFvFl<&k+R#-8^B%Qbfg!F&T)KrL)rUrzps{ft0g3 zK9D291i4Wtx3G!yuV4iM&5smup^f;@DXu|)aX0H60NRmTP={7P<8L}2>>A@nzs;7s z(RgSD3!Oym`80=usaRVbGeZURFW}=b59A2tu2zLh=F}7R8bF2y6cN19SfaD%bgl>| zC{hY85a?g9tT*Fg&;5oY7q9(r+Vfss<3{=m!kFt(6P8CX(hs19;Rx{yhuRCt)>ki& zPU$d;aEdPQb7{=t;NRD7iWrL2(2u~tM+=<7ME~&IgZ~CnYuf)OX{5g=f31-kD1)6E z{M+;+0;B#QMs88~#Zqas2WV~4m(FQ9!nkcUhj+1T7{vzwnb*y`Sc$m=y7}@s!QUa8 zJ99}||MVqyLqBc=&_hxTu9GjE5z0Ce%(?IR~hx zoOl;3OXZxR19QOVe-Xd98?^;n&5cW8{p;M%4h=lo4}W5JO$fZp25MQ|-Ol4tAJL`b z+&!4LcU=LZ`@5L>$~s*}1m@qXdm~>uX^yd)BZ4s!L0$Pi%JAh&RNA1wmjQvN!E@>K zm*%hS7xNAHf^Oy#r{iDr2~pO#oQOfMffZMCj=NY78ALoG+)n0yZ~ie7f1F&3Hd+qd z%W{+@8g~8fl)5<&rCSKMg`nfh?Zq?JJ0j#U?j>Ke0HiwnrFf$wjBcYA2d!TP4kZs< z&T8iW2=|)&-?tY2F9>0`Q#^2nMsASE7vOs(F#KAa(iaE2t}EBi=3ggD(vDFImA{f= zS}#2bnA%VLfomx9+gcWKL#@^OyHQPsUwG;RP|-$k zqq7>$fY08GzQg`dU_P8Y0nH0EGq}M^{)-p>vxrq85rD0O$dzFhy-RC(BOq^`7hxzX z{@93-b`)@U0;AOjuyl$aghH9YJ)<^s<~;4}JOceRah9~t^B}m6{bnz@s}o`q=T0M+ z<|dh6#@R%`S1^gMh8yhmzCyX!#gP{Bx(purG>tyI>CchI*v6YyM;NOi!NbshT4+rL zhcQz?Oj@Brxfp$__aM^U0gB<4A4gcDkMywiv~&%Nk)tI=vkdlnaDH}418t}C!9G@e zYo_Y@Ht|ex!eZ1|IBeIH_#4<)zs!*OI5l01ep|!3lbrN4t)Z@y9##&a-Rvz>bZC~9 zoyN9(?Uxaea}Gp`PAzYy>L?e=S<-Yh->#5mx+Arn7CYbl%^VvQTU^)-n^ zN1Vf2zT$K{pvmCR+?`N?vOh`)~^(KwFeqTgcl7`jV!_Gb~U%?1lJUnTq zT`nm&K0^&_B*tkOoWYRb@Uq&N=VWf2a1FJUdl+P@jCO_p8KXrRhhRMwL$NhY!|qKy zAYG377vy>M5C~&P9r*S#@WV#auaGh^^(j0>J+`?@A3a%IYURlGHrxI$v;*}YRjbHR zVWns2LzmGO=B8QTruUi~KZlb8M->T^904*9(gbWdTFsHr&D!)@8}Q{KgF2__keqo; zoW~wihJH&ZlE4VlKsF^;;L9rx8Vq=I4R1sRMgb2)S`)jsp`JOhjWrnN`M=v=YRWRKH`9L zDX5*mQy8sn_0#p+4p=}fXm%Ynw1)ck?2zrxfv-Fb>Rb`eLn!xE^u`frpTM61V(3(N z-gOAMIFk30(f)*Em<711*AV#LACfC{YG{emctF3Y7vW2`|2ovWYs2q-op0#N zu;&3I7WkJXF0AjzS7AIeveq?hdg$9(lAB8lctS5f^#b69_D@jxnJ1vPGYpl1pRS!R z-Y1NHk zj94@c__F9FEg9VoE9s*AFhfK#9X+&1V=G4K8Q}lJq?xr`@W-ko+W$cpo0#vwN-Wmc z;1Ahw^7dn9CYU32j#qSnAjhW|)EIG2IiV`HDblV}p zfb#2gqB0|sN`R^gh(X~3@g_Gf%yvUwN626GzM&a4`i2XQ0)y*7jotDe9Pri*oPfYP zahy|$!r54EB|Ro@WskBeYBHV3L`ogE|8mX{X=cfX|v&i|1D7C2&3EV z^U!t=6I0$!J&--|Vp+^tL<(%c!0#f|@l~uuIFKt(g!Js%6M{QqcBc3V79%8PbB^cl zH3O3VA2Zk|fKB%Rl37n<`qA4FQg;O|-KEzbSisG>05lr_sS~NwzVn@w= zJQVX5FYKww|ISQ<(!~m%->^Rtc)Z{aoc!<2koI>$h_ZW`7IQ5+V0AB2#Y!R5=XSiU z+6R61&~$NNzrymNki<<$2K->PnYkL)k(wi< z?gm)6px2Uo+~8ZP-&t;T(lgRpBYm{E8C#BAZp6kA>O6jFmE{qX%$@w=6q3VXwGib8 zm_|I;izNf6vnbFiw8m(!Ysg#q&Yy3MZSeazd(-Nw+w*^Lb#t_N5i{4Wk#6HRxBqNw zg2WA>pEnoeb>Qw&evJK12G4QOG7n=-&UJo{dg^xmH4b}%NdExp4p^lNJBJQH{}~JY z{}KM?egG8XttP|3&7Uu!jivD}dIq!4_bl?{wO09#V~TyO-z+ z+KpBu{B~n|iU`tmD5mmSFH=gL`hJSdaCq8?cXRef|pgmO@DU zy91D33g!xq;S2bf4f`bUKQtfwCG2OA=X$K6U5{_(pvh*xqF^JbyTDpn^jJ8c=X3m* zg!o9OJyjGN5FP|*zkt%NN1lLsToFd!RnYsJ+68rwg0`Q|!mwXPtLbBbBuD-71MCN2 z1b7Kg#G#95YdB&Cq6KvM%inBM_Sa`-BViBZZ-I4Iw5#rd@h6Q^$O&b_S)uWu81x^b zQ`o(6kd4 zTJ&+n?|SXc6!F$;LFqZ>L39l=B!8WX;%(iNgC_f3 z;n)RJTEqcXxYzZvFfT{*k9+Axn7tGqwJ(jbM4%6Xcun#VUX>CHjsd5lGX6P$el*4= z$0*4?1p1EL^}RBH6~0L33x?}v=1$%2nL(LIOTHJ6W8aLi+QQ5Q^}M1d=xkCOS|Q5W zxA?&Kmftz@9Zq(S^g}F~qV3NluYwo?N4? zkZP<@YkIo8QT{y!-Xg6jF4X%9#)5tH6IHffgqz%4PJ20yBQDWxJC6r!Ow^F}XcXXD zL90R>+_{^iukU1H!Rv=C5Q6FIQhlzZfM;KY9}vX=t~%JA#mG<-u1=%FnsV0tiumvF4}YY3*wmT zM~hRk8x0cz`neR8cQG*JDxyiqjbM8{dT$%)1JR#LP{v(=H(*MPkL`dj%p5@XyAb8I zQ)SSarA#@$Wpg=Xb=r^Yix36r?Ly2Dn!99{Lld(eTGaKZ@oCIJtVfLXXgd?Ty01|< zq}`pEO=_NgEwofdVK>E8v^a+@e2JkTmz0Ly=)C(q*{tb80d_3L@~!iC2v(R7`Db5_oV zxxWPzZa4UGa7g5jd{~BZ#?X|DOYAlJw;9e{$&UPajkS}0BpC5|uM6m&RgZ#I39~adg%3;4I%lOzm{EZ4 zDCP-FOyuClsN7T<9S-z)Gt#G%e%-hXn(B|SM71epobhhwkIZnl`;C4rWS{np?+ug_@Ep^^Q zQt??6&zYgk*k)TOo+a2`9i!_FVLuahrov(7zCWrCA?fkuwBw z7%`h+T6)3^d%NCfDR9`gb`{hXI@L51T95^hq3xHwuU$p}aB(;V(&t~zox^CAm4v17 zT?Q*Jc=s>94x?@K{lCHRFR)h_yxb*lQZ%P%U!7stGkx6(?vz>(~l4l869b6$36P zxEM(aNDw++H)Go)ffnzD-!bYl##HVl&PaQN>s##b!q~3s;vy8+kt=RZ@uuL%Zaw@e4y@8Y|{b1NbR5FPiTDI3V&kYP&6jDA^8#EmN75$i$VLm;LmdkOfzO9eT)fXmSi_@;ck|i zb^~kfW)3h^cR|__l=lr@)C<%DF4ygBKbNF$;M1wyuM>}Y-t{Vqe{cV!rQwr2y*6t&2)+< zV5%Zy#Oq0R&iT8k3+a963~jpfSt`q@V$O+hDX5-_Rk%q5v|r^^Y@`*DA{$bNLD6KNAkKS&xFNKbCkL5A!@yb835#-+m_edujtVy+M~fc|!Z z6KAg*{JMQ9xzG5<+S`2^?p$vjzTKtja5L$m!{x?o6yLrhpZRA)t8wJU(s2sS7=ix0 z=h~`{Z^-RBKWFGwoZ{m{mz9gR=Fk|!x=zMeEuyFA$j>$X!oML4Z!5x==4SYE-|_}$ zxv#Jks6@{HE;QPEZ(%Wt;cjnl*RV#~)W;_OTv&T^Zhpl{md{0-W4Fj9>h#z zS-X#3Zj-z6#r!DGL)!fvmT0o-5|(2I#o=Ah#=4LbtUJG)|Et3vS~Lgcb~wAW8L&ne z1OJn98-yLfGZf;h_htS}3Wjp4{(ES?KI83r6`-rC1~&tC3Qzl1d;q5#0i)Ps2dxNb z3~sEN!t)f|l84&^|hK)}WyTP2j+{6nnfB znIlrccsFoW7-$DcLWErdiH@Luy=XQWp+d;SXa&W>mv6D#lDOgPx4S-qi!AAF^<+Fy zSc*lq``%k^cg)F5HAeEUG~)F!&v<4BcE21mu!URcQZF%j1oLu*v}zfrl}@xLjxIWh zs0?J6B=m;CBa$=LxS(&q5tgAZ^MbCIVAsjb^egZt${zseIN=7Lni7nTneDs)Y0p_hqqZWwCNF~PHp7WhVJ-Y3IV9z>zD^KQ*pfQ{herW)42!! zFDvpn4j-d5E^>3QzJrcpUXQzRq+ZZg6hu-D3dXoG7jUxR3G}OIU5gp&mfi#pfoL)6 zIg{Hk6J$&P*f2O8N8Q}R3tHwMq)ld_Ebm~HECxIaL9+>grZ<11#6hg-(c#kcEBIE# z6QU~4w5*N4O5Y_i#BecB98*G+Fr}1omr_q@ptM!mD;<^2N*CpRrH|52c|;kg{Gt4< z2CJcJq?)L6j@z1m2Kp!@^$&9d`EsNr^?Ud=W?2y zF29yD`A?04>UU68tPkB%r zL5mF#CzV0UAaP!quFMn{l*7tl@uzY^IU%kprZ^FFL29Vtt(HVMS#C^_mU>Le6-ny17F zF-nXV&xyCidw`+&cBttNc=<;8R+*)Ir_5I7D07v0%6w&kvQgQjY*w}?Ta|6fc4ddM zQ`x2LR(@0VD*Ke*l>^E_<+yTEIi*}uuBaYr3DpbG76o|Ip>2Ztw)&3xHA-I!A+D-^ zs=peb2CCs|gc_rkR%6vNYMfeDEvJ@OE2y2+&g#?Z2z8A5j5=2RSe>lS1Pqi%y-8a0 zMx7PZIs~mib@qWzdEkY5q5*um;|>xJ;|@mcdm$9HKq%T^AShH8+8~@;AsX%QI7a1o z+@;YD&mpC^ahFlLE8RsL>bqN%Mg8`PWU8O2CMU}|B1LYLJ47>iPW~a<0`5IT7eIVT z@c`gFUi8+IwG=TBFrFcDv^TZ4#bbc;DPlMve3lpi_+BQ)XnESt;#qAY;QD#gDn!na zkP+lgc}SF&$K+X&DF2lCB1QAm{6)GJu9X(`wTfD0akrML)fR2EdfFS}9_=0N9WhP& zQ2SU+*QRPy#Y}CQHbZ=)&DDMobG4tewPLZhPTL@sYrkv9#828u?W9P~f+x?A0&{-*9#_o+wJQVKWdO|&^ zo>tGOXVr7+dG&&NQN5&IRXvbXFj`^iV-069=*$!wV;bLCL^xO_rBDM!dr za?j|Q-Q~kFQx2C;$uWpqL466UFJpK#5yw{+D>2IhTNRlxP{N!c8nJ-HRw9`k&Q=#B5Y3*r*n>0+PDzLcYC5bzv z9B%b0h5DLz8Pr?nb;~d&A#4)MwN6CM=@xkCENQw6UK;8RRKRx$;AOgL-iCB)`b{&> zA;ujJ`W246X}zodltz5(6U#dYCCa1~c*>$}txq}NKzhm}PuHgedeDoXc=QB46@e@D zC)#dLKuN7n1@I|}D6jb>qu!lR_VCj$ z3U5Bx31&L~7v9u|bh-eU|K^1gO^i#I9ISt&Czm)pHX{V}sD4rZ>EY=+33xr(@F9Lv z?_MN#!%4h%%-Arj*H_^n_Gu8UqxE z!kOd2gnJX7%`{9XG)sV}4EyxfuL!5~%y{&6K$C*jDaGTB;+WDVwR~dAacTr=Zx;=bN)YrW0*z0ZgW=j>6K)gMiAK~JZmwzV-X&4-{Ul4F)DfL$rP z`B1$7ovXdL8!}#V(L!_)tswKY5gj2R3b=I;?eK2Nrht54UUeBJ%rE`j39l-4+-mhp zfVwNQmu(gtc3g{kQ0qJx*`FYI>i!j)pI6y{i0Z9fvdU#Ej;IQme6FYlxqP0mK{lT+QXro% z5UG&MHi{U?>6=7p$m*L#EadeqkZ89mTOrYIQ?@~(-L7mGtRl_2&04wnOveJeq_KPVC);U5>(A?2SGH6ZDq5;Y;qUlJM073GRZ zgVgUK(jobm5Vauvdx_f607MD}T7W1~2bzFHp+Xyg`a=IS4(6NcoA8BZK-7h9;2m)n zbW)@t&?#y8CjiYoH8t6MetmxPt-fJyBchT><=oew*nh za;?)*R=SDG)G=;}ktC6Kn*Aw@cC$Wxfg9X?h+(4A)0@2|&x{ zq9<|@VgUNX^%;ngIzLp~bo-NqelwqY(1YgF2z_Zj_oHs^p2q0uVAM7QeQiFyIR%Q@ z!9rh9I9wFod??<(bD7ZL$gQ`q-VXr}b_M;q4}9svpqRtNV~(K3v{e=DL942R$886C ztLp=ZUnV||_*v2v2#laMoF3uOCJYn&X*VJ;Hfvz~;ZS`%)T{bM{YP-B_nHtx;Y>R$ zqJeQA6m9WEVj0PWIUVQ=m@qiN@QU)Mxf>weq%E4Vf z)2SFbJcr_K!Y7r_EYmp1VI7bzrA+>GQK=~&#i4L!8Yaw}@NA}GLZMlLyFtSU_K6=P zNrWJb(xCWe9P>@J9)tYGApZn}qVYyoZNw4c8Mga#Otu;Z#fk$=Mk`m9tH8W|svoeh zzv?d}bg=e6$`rC3L*&l+fInpS?w$$p~rn%1VfiQLWDq{J4S>;r~8ZugI;&6C<)!} z$08j1-N_3=mpDLgr(?ejJnfB{6iD8MiZ8m*r^DEFrzs;tjj$*9;GNGF_6^f z4Q_+>Lq~(clw#^am`%S3dg}tN??T_EuoLm{I(;GhO>zopN*fxyAK^#qMWLJ69Y{(K zN8i-phiHo~{ndwiJ>*^ZrH3orU-!{9PP*C5UT^1ErnE%0Ck>Q->v@}!nEs~u1N}Br zXaoy!Qu`gheXh@D)uJ;?Ph&+Z3Ss82r`|YK(wv(L4fOAUVwJTMg8IWIDAc8 zILd22rW?Jz(Szm_fxa}KNYu^U6Aj!}3bpk`Uz<-QPJv=3pm&`w3U59X@4t0b0t`Fu zf3p<2Tthi(3=__Im>o^m2C*wCcU4`<4Tx@c>uX0Qie^NYp>14>9|L^q>Ba0%AaU zVu3rIFM>XE^a_Sl`lcM*^>al#EH?vOoA7DIpje*3qdFYg*q{99qH#cRD2zEK95Ank zajqB9H67Z*fcNyPI_Q|n5JqWGd^3*urdlV#CkYrT6*xEMo<-j1`Ld)k8`oR|TO@ z8X#Sgt~Bry4|k)0PPv&pTGdyyFg}wo}^=zCs1R zM9`4IaFBsM@`bcT&_Mi)KcI`Cp%z0!8bd=ZhK9Nf4b{Q>l!NYt6YUr#?qZl| z$uQB1A%J*tlDh~3YBL1XVF;+r5KxC9AdMlQCPP3ChJZANfSL>ebr=E~F$C0O2x!9) zP@f^70YgArhJeNl0ZkYJnlc15V+d%-5YUDppfy84LxzCX3;_y5Kq5mxX@-ChhJYl7 z02@O(f5rTC5Y~EZ1$^%SM0&|xau-UtTkb}A z_Q*Xb$!~HW%CKMVM=rn1gGlF)JcL*@pRMwIb{U?}_Tl+#U!Kp_cs@G-^Vv;Bkk(df zCseJy)xGa5wIK-el=ciMrFA7D88hMw5chj+p-9jcX+OY@btb}#M@2QBDG$<)YsV4ygmywy z=9%(njE!d8HwyQS%6%ibZ#3>35AGXJ?wb zgnK2DdnJZ@MdM!avh<1{_eu!&N+kD6jMhwRBP92Y#(m>u=^H=pn-K1sNbZ{$?i)?( ztql-xO=YeZ9IK<_2|xh{GD9 zUqo4~Bl=a8!&;(^h_y)t=Y%yyn~}~Ibqiu`Rky+y>x&R;hq?nUJJp@A?^1V(N?2{Q z8}>cw9+8MuN58?oSKTX;uvTavazCOTfy;6AILuS(DR6l4G9J{nlB@)KicA5et}d&? ztSM{4JzZih6|0nLgTmI8bz#qt88GY1`Y;>HhA>;nR^SeM$R41%J!Mb043>joe^fpS znma@efjLYL1EqdiJ`LZIawJlFMm~cuU^B*oO&JR|V=UN+v0y{Sf(;l8HexK;kg;Gh#)2Ig3$|q}_z+{kc8mqv zGZws;v0x|0f}I%)-ose1D`UY9j0GQJEZCi~U4|?25g0>&XAOb)nKat z0jt&3==(M58q89xRo99rT9pR-I&~d%Rs>rrU~3~>2%h{Ip3)ee0vMjk0-kojmmsMU zLs9}mQW`^&r1fj?B^dIIq1;NtN7P0R;^utuI!?Ue_3Gl z+9g2$W%V+kAFJ4)Tl-V}6S}pl>Q%t>U+Q0g>A%&##e-Pcb`2W8d^I0@B*ZmQQz{Z` zF|pE3g$pk5f>^*SN?_HS2lzZs=_x{G30VT%p_lZ6-CKI|8Z#frH@?zOJShF8KV+0Z z83-u{>*K(=hDglCVVztkRyBsnFcFJYXeA;2M9N5TjZrcR(o(dHM%+@el!(Myx)>3L z^>n3?eyof|8Oq2qu*b`=+%0y8Y>+Wo* zQL0Qu$~9ySR`Olh)u&z z8og<@8#q;f+;xEx{Ah z$oIp#zt(8yHnI)M-&VFoYqyi_z$>?x?I8?<_l`{qK?YApE`Z zUdV`DWmojVeeyooyUA{_-!JbM=~y}Vps0nFeBDJWtRZ{|_J`%euoJFHV_Xw}m4&@f z>)x_Aq|Z#5i4yjaeIOh3m3`3{{bWCc>@WMn{So;H>;vQg*au2TYjThrguJq37I09u z%mx-C%$3HNOT`Ms9P|$1FIDEsT-b-oq2ez2n0!n;z!)tJ>lYsfR6HS{5Vf(^a5ymC zlk!Q}pOR0(PWUbWs~bn4goO3VVx8kC^vh^DT4cyESee+G@n9O(K8^(p5H?K1D#-D$ z6Hb&^5BVHmfH0%P%E%XBC;TX}M)D=tUzRTeOTHpsL7K11S0Tx~CSL=Ly)Ive{SEmB z>~G39VSh`$1^Wa!0kwWxzKvQ>#G1+w#;|GfJ^3Ey9Tat`z~A9mp+a+!w5E@AuKsLS z*}T4Cu92h_+_X-T^fV=Smd~M&cC5rS*J29bXMHxZ0(5!$dQ4h3MXNFeKa_I}ZULR6 z8cz$_KN&XdUkqf zEf!86Vo?^DVsObwELK*Nv3JROw$@NO>4w7tsT>}vP{$bn5H#mnikG9tqIdKf2L_o znWnX7nwH8mtv=JVW=zw{F-@z_G%bW_S}4=B0H$f-Ow+=criC+2E01;4KETRE(^@l4 z14RQ(yPIiRS*B?fn5H#inikJAtpQUrf2L-wnVJPLHEY7uES#xX2vf6gre>*3%_LK^ zaHeJoQ?r&#&FV2VOJ!dDG_4U+v(`+_JeivLF*WPR)T}Ynu_jEx znlSBZ!c+^?3iPTqQ>xZXqgpd{D$Uf%hpAIJrcMe|r}|8tG^S2%m^x`po!T&UN|8jJ z0+>1}Or1J0bqZtZ)QPE67}KTpOqXJrF12U66w4IJlPQuPQ>1Q8ky^XO0H(eKBj zKaod&6p#LrJo*#4|ElnakK$eo#O{o$ko<^4_2JR%%e@%KqcfVvWfJ$O!ab_+DD>x% zSAoY|1@7H=?%jAEVLm*bB6;*w;BixxM@&f`D)UAd$yGB9DM5 zhW#jp`Y48XUxsu)hH*cJZa;?W3d{xgD0g}66|&b8IRiyl-<-?=V*J1!xmn_K@EWqw z-5ukEtxc;YaiUJAj*a55`b6aCGf(9Wn2G`gw_zR?_=?t1!AC`!W!dHnJN_X6nqCh4 zPYPzdnqqayJ%*nIWvAJ|^58vEG4It3t33+ zQkfcdYZ@og8h7j*CpvcS*eVV%N^$%#4*bDylm=&14Ko+DLH`?LZlpcd&XB(^c$)yk zj|E?rjMWMC!CiE~ni}1YRw@#w6^|LbG>nRtSijcI@T1e^BEeHt#M*&$%>K2)nlr2u z?bTyQrkccNDw}oKY{X_uHaoJ}jm@5HKGHiYdytyL=HqORU~?>+FR=L)Z1!ZcADdZh=CV1Q%~9E?pBz6JAMzzO-(Yhhn;)_HDVx*S zoXO^#Aw34>%7tvM9MV6lkKDlK7B+XWxu4A=Y@TBC0-Jvh8DdM(1e-oXhV~qyg|QjU zW*nOp*-U0LmCagg)*CW(@DQyDn=RRF&t?}kA7Ha5oBi0#qN-}SYz}906r1DOe2L9B z*qq4bM*wN;8DtLmR^JMbyyBZQi?8qD(r5HxI~qY{Gzx z$|gxE3d>eEV$y0Ig(a8bn-Zg)))EQONz+F2>6B7&O-D?JO#$AbG>UJMWU2r=71tyw zPGMQ@`erHM&ISe!d>E_C21DC73KaV_F;PqchM$R*&P&89u|aGTd&LoPMqE*Z;)V1n zk8Q?#i}BuMyni*`JB+s(Zm;pZ$9V73-%35>-N1NH*59gTy!#k$%y&}0(D`xxiKFyB zP26vMpU~e)VS2dALB_kD@y1$gieLFX<2}uIFEHLnxAHFWBg`#qZh)y)-T*yFoGc4^ zPkJk*@;XotwekWN*B_LR;J5TzPx!6Gy6tT7mUvmbq6}6ZRdSReO0F{WcDo^`9E^)` zVghV~k>_K|Fy(RO31ztQr1F&Vv@${&$=}1^V|8;Eu9$AfDFHcsuPjs+DL*KSl_koL z%2H*SvYfvc!pG|7E?hC)gqm~+IjvAuDnBW!l-0@_Wv!B@{H(0w@0IYey15HiOgH58 z)W4Qf4eSlbQnG}SlnTzMkJ?<;!K#n_9-BNvJYVu$Q(~dl*FLZLHuJ0H_n6-q|EhsO zL2A&2;AtTrgzO0I9QsDd-0(gTT_XdcL{z<~c~O^2ZHrk`dSPr%ncih4$Hl~TD|c7< zsukiYY>8i0(X-+xdlf^XgtymzI;uM8n#SXDw924inpNgvZ zC?QI;Qcg)yQk6PNBc&yFHFQ&Y;ii2sTnAESojW9)Ezlz`)7 z9C3V%CXTNR)#C%oIe+B|BmQtB{*y-hr;PYd8}UaN@kbi*XBqLoGvd!S;?FVS&o$!D zGvd!T;x91bFEZl)V8mZ+#9v~>|IvuQ)QG>#h`-#3|C14al@Win5r2&lf2|Qe&xrrC z5q}+MR4VxEMg~7xjNVqB;g%0qpkYPNMJliIJ6f5b_lV*DitdjdV1Kkc`vZ${d|(-l z4@{%`KW+GrH2l9a{O1_{^9=t5hW`(S{}RK0so}re@Ly&4uQB}d4F8*`v3Qqj7NNXg z)c7@{#^d;1O7{oMu|I0e{-`ngE4haMaKrye!~bc+e}v&b+wh-b_|G%^=NtZu4gV#E z|5C$$nc=_M@Lyy2=NbM#gEu6}A`SA2E(LXm44#EG{v#k^zk=DgkHl2*wE`_U_vhgcY;l9*xUv9XsG2HVE_nYV^ zrRX>%M)wCUV1Lwv{ecVEA2s6mpnSUj(}w>D!+)gVKiBY|XZX)I z{1+JhKN|i^4gY0^|8m2Bt>K?%`2TG9ud~aK+*`_bI zIH}-xRxmGuo-L*5xHd-rM!oqP^=5xid;NQ)@jc)8USNDLGrpG_-#;7QuI1K8ON_#A zq^`e58t(5f&PEPKzH~Eoe%ln(3m?k<_?XyLu2mH zm^(D)pPKVm)%{p8_iwCml-Tu&^`Y1!i2pD(IoKLBih}Tg(x21^&N-Rd+kZZt

nGZ7Z=54@rSr7{ucR)f{oiAN(seV@l^tpAgsd+Q^J)J?>DunUFGqCCrgipj@5dAO-K%?R&M-f0UPPHSEOI8)Io?1r_oBaz}a$~v?htwV2u zogXS%QjdW(zF2er7H&T!8|xAMjgWL=zq=44Im7~-$h-n6(peAgQ_{mN$8HqLGensL z(+ee_^BpNqFV52ktJZRbFX}o%1Yup~e5~hNs4Nq4ST&22HV{X{io$m>bZE_~{3-sz|Gdz-il%rfURc}euLLT=N~ls&iBO{O zXSLEw8KtaJUWr#KDTzvDrHWEbNl~gRHI;Owwo+HgQ0glUmBva__|zcN4>gceXxZxv@%(FsX{&p`6xZ#pGO@PC~2Z#pSS@M%Y0Xmg6E zuc8-`f8$%<6D=Yy+Qvkl_4G~}-+cUKf2D*vX-wpPIPFmtCB@g~?defDK&sIm!q&sn zr?MxiHzpmGoYcwI!Io@siJ2TbDhAu8=x&Eaz(a7n$3Pt4my3rF{j`;}B&LP+p51=? zwz@Gd?;HX7jffQSm@w zMz80>$$K=QyzRj;$62^9@bumzz7dPPJ;i zGIMhK_vzoOM{eejszc1ExrkY{SN5Q4IhljAhxE_Q&UvC*N}8<(#g(B|99eYA%z3PT zugoEF9ka7@;~F~>i)%PEw_kQn|J)~Ru@U|$HEq=qKi!6_TZDhA&GKm*{rW#y;~KV9 zz0{T6l)7{OL7AxZpuvvf##M>CJH<9eDQE2%#Y4z3N}zzdk2*$C#7~cBCoDZ5IJQHF zV-L4JH{zM|c@;kk8r@@NvrQR)ZhTS8>zxr$I%5AT<)+TuB%D6g`K1$QU)yqi zdSKUvRoZSJz39+@l(=W!Jbl%pN8e@Vb|lyMy!Df(T72r?uW75ETQ{|OcFNVCeq37i zXu|Q|$E8m=x8dC2b?xQ_ukQNc(udR~mnLjpzwU!tGaBs;9B_Y)H^;6z|I&O9arn7& zncq!}tmZRv+Treboeq4O-f(u$KeHS8MLrPw?$}M<->1e0KGiFD+Ng$Wr^me4Y(QS; zMbD+y_|evA>Woo?$Ei3UMfqfm(iSb!(&mR2E*+{U`I>4I46mgF=}VKU=Mq~u`Nq?? zpUub93q#GrqlEObl_vK997Gl7-R`*02NxHIL>}%F{pPQk?@!2?@PVxid6(BBZQ-NB zzFRpmx^dq7Lm#ZRyw$lECk7oo+abtS$4pC6w5qmbTax*0Q^v;{;GNxT$Y3{MZEHe_ zm(en8b#1jLrBA9kzPdRcat68yZy5$d`V7edtXJ)oGtkzaQi;=A*zUG9_4Ivsd~;>| z-&snDNYzGT#i*&OgeMd?aVyLL835)KQN8+cT@3SE@Z|;Pa9x-!wzuRN|HP{e7^>(dVArdZ^0y1t&Tle}DPh_x_yGIph1!zuR)K#}n!o zd%W7ee*c{0^O>7JdVl7Z=UzPZWB1Mv44SiC?%h`ZhgZ7yh}v{1@1Z{?pE|d%@|34L zh5%>ov5k={b-W3{b7>@7FK6^omLUh2FtT&M%(%O=pvb&XP1x25Q%Oftd8fnJAH?VH`3>g9r^Q*5@X6iJ3wvRAEBX0M?+nT6FX zCD;~7F+4)OZ0WVrYNysp$Cxe}`z^1sx#UY9RBU}BwdV1M=G~`so7!XaeRT)-n*RH) zjGvO`t**ZDi34>`-eoI4_LW(-usPp8yDVcuXYHfk-remRA6s@$X5xsNpMTN$_@&FK zwKr9~XTn#fuU_jqe(OgU#LF)w`7LUst^2ILcInipbJI?D{J4Lg9X~{W_27==KF6X5 ze19;yLrYPu`A-vvZkwOD>eQ7!gM2=ib^fo%pPGE-lXJ6|ou5Da^&dYw6kqj&&rgPA zW<7E#q)Dg2wh7BVsNA)3hF5OOb3b&Lx%k-)tt)jMFuUf84`)QAT=9MN)K{a^Jf8QO zxW3Me_-B{2IQH4!eJ?kC<(<5++WXVS%^ne*{&)DLM}yzXwS`{`ee09@WBuEi*e?|= zRn>yW{{FH@>YD?bZrOio+(YjzIQ-bV{qhbw;jv$r&;0fEO|63;oz-J)#>dxofBwj( z-)$jiejR&y**t+JRYlmUo7e-mt&)w1yMaxB+aj#E%>o9tW|UAFt-cLtZ4%Jh_?pEB zoN9f0+tFGpN+(WhVryh;;HkkXY_)7@W(k1LZU7*ise$6@GI$xo{W^ZhiA8^WJg4ue zKE9JZ>uBv?DVg(S%iIZ_)~2s*(&BW9*9KJI{`Q%-x=abRdE7NFwd|9tfAaaf!l$q8 zX|^%Ge34cu1P;G|ETQe-OhjcX|wYm9q6^T+H0RCCMw%=k`sSR zS1K)RcdFmUvac?gb>O1+$zOw}b^7jyGkN#lPke9Xmw~VtA_3rqN~A-Ed0wA9)u=`e{)t8V@Lcd+ajCC*xT zo$c}`w#$pzu00=aJ$7$oi;wR=zV)Hz`cmfaPqb1_WJG_dGO_u`;M=z zvw45WU8%Z{-=g5dhgN`6Bm9{qVMFA{<|l2 zUD@PGpL#tL9$L__M5nIngGbcLU2!FUcK_F29h-aXol-MYMSe1RiEZ>E3(|3mQ%1i` zW4OFFdYo#|m`d=X{KQ8go zE5jyL_Y8aBwb;nZUQ;uCqW*YxRB%@R18+yz@@u@_E2q|}ycp$^(r+bvnsRCQ^3Gc? z9ZcyeC+Dr}x$~{2LuM~-y1K&b&12NB%0JQn<#}`3tXtoDP4)6eVxF7!;foEk!dJ%~ zeEy@K>+TqQdBnRF1X|y2ljaJt5eTZ zo^a)rH^%1FJ|1`MnUl}_{7#nF!sBf#&KXkqz{X3huT^|>e~;kYmihNaKN~o-dDZnD z`bSJsLwZcu{7ZvxgIb?j{$)_(sZ&1k**u}=d;aU68?z$S??C1MG(F`1pM(#-nV;0{ z-mlUFXOtefbJ2ew9X0?SNYHUW39aT6AHKPLze`K~Z*dtU7p8);q!UNQ7zbiv?bI46 z)oav9t=`Qxz`{}8-6$mxjR8KzE7Y@fc2@7~EYqQc-66&nO(A?jL!01y3$Sl(di3ZU z*Si0p{<)dGQw(3}*7v$B&;I-7UR&60PR1W2E1vq~z_{pnrB==O@S@+0Nn65p4NmNK zR?8W4-?}HRgx~8OnVj)dUWX2Q)BT!0UeD`=%Fk7=*Lv39OTCAEm%XK1xrvR3tY2&U zprw+MRQ{u@+aAcT_xRWCPHgU1dDu&#!E2uURPz{icGtwQzn{xY&YN9tRs8e^zdqKa z!GF#+P5Qdj^vK6%yqxk^a^I_`(wZF^{Qc3z2b8{p$}gPlJ3sEF#UAbEjXX2+n~<14 zY9$Q6R(HaSm4~(}eJLn^O4o>2o}1t7{$AnNTKVBRo+Eo`BLZsMH;Jn2mOON;_j!~6*(HCw`@ijyjgFK6;65V|ak40w?tHLIkgv5eJ; zBE@N~Z7prhO&M#DQX)dN)wZQuc#_IyTGwZitJy}6GGl_j%C+U#DwyBkuObWKud3Nv z+C!=1>)k+peS1IDKPxvgXHaJE{!p}_Ub#+epT4;3opO(%W(C`h+j^8x}#N_aZ8?Q_dz|MvR!SDblKnMg;kI2o>KN> z?PAV}ncKoLCoKF=nG4dp(i+ThhnA8KPKJ$St0z_gz#Tx!;4+{MXtUiWGGNd4$K z*N!LmXqXdU>C3Qz3##Ae(M^r~q-L|)LGK2A-(k{yS1+WD@lb$6|AvCkHhRnd6tYz9 z6v3gloHTm8Ey$v%^h+V_OPHs(q0CHBQgC1`RMSG(qU=gWZ<*p}iKN+LEMLAU0U*^5 zZD>gd9;O1-TT6kertvlJ#XB>GTzmPRyDx@*@>$Cl>dn1ig+;Jz8VLTHk3Ro;*H^7_ z*Sxl>%A#S_)?fA7>@)3;2g>ygdn#t{&);5n?}f(`I|Ve#-#q)bW(!LHy7=O{QZ*Y- z>ovP!-kusqg0dccX2Om#+a^b5uY3Mr&W|6gz4nPV`PHWQJ3~&~-FFRblvVP##Ldau zH{bh4*Nv?^4`_NVYy6Ryw=PPY`peTRM9k7D!ynEcnqF>W^`E=cp7OG|`gDn@XKiGL=Ay>g+3ZSeV4i|YnQyn1|3$2v3LXp#JSdX-XNf8QYI;_8e}Uz~X?Pu#b; zd+XS3e@*{(#Ps(P;-7i#%`H7AwmKABZIZ0s<*zSOH+XpUIriDYhc65WSbFv0#Yesj zNw&@YLHYLV`?CfnO_9e|e>_Hg3@m+)qxC#f#;CpE^bkYmuKztfuSKP8fzbz{;IKoG zO!2jUlu!V9b{~(FK-Lncr`W&~)U1)(tpMcp$vpXFrz(MKzsg8{wc#JJep~MC;STa9 z{c(SExAGM#{50TPwa4K| zudV-ZM*PgI=juQ4#(p)$RzZGMX?n};7k};6@6-zkW4F~8e|Gnp9`UYs)t=K|DEaLN z#}_sWO`bXKP<&SOn%r7b+hxT(U#~)ZBXQ3Ye%((tZ+@xuqEh31mj;h*_-W#4LA@$xZ-MCt(_*y|jtE`=!aPsvg$w&P9=gprI6;$V1)l(0& zje2@_&bptrKNI@97+=q$&Z*Y|U;1R~@)pm$yFF}W+d;|yd1(BxKO6J*awprEg8Ay(b^R-+W#LSiQ@+V literal 0 HcmV?d00001 diff --git a/docs/canonicalk8s/.sphinx/fonts/UbuntuMono-B.ttf b/docs/canonicalk8s/.sphinx/fonts/UbuntuMono-B.ttf new file mode 100644 index 0000000000000000000000000000000000000000..7bd6665765768ae885e2868623e7e9c2fd0cfc8a GIT binary patch literal 191400 zcmcG%d3;pW`9J=gduQMGnaoUP?qrfo_DuE!0yBgV0t84{BrJgdA%L<3L-YWRJ2&s=o_p>& z&w0-FoaZbvAx1=25CvK4CypBFTQz$w32(0?N{f!1IJwT8oVJIAU)2)j){dW8TzbbB z^m`(<1+m(%s2|(9sP^g)hzx!rW$)a@v%9`s*&GAI3q-2h=3cu(stM$F5(N(<&b6Ig z^A}(HT>Swe&pNyh&!2sDS29T=_?Ls9X8xj8oy9+^HxX5=Cn3IQ!MxcW=Uxcf5EuNZ zasfP)74!t2C*e7B!QvGwD_$%r#`Ae1UB;rNb7!jt-O@-DswZ;PFP^=!OW&=181IoE zl9tR~Jn!zaU#%hGnsdnT9bHSWUQzbJ?sFtu-%V7st84kZu5Vjk`Xf4Fm;Xbea?fKXF{k30?PbO|iULpKkj3KO+gj5Vp#i7Y7z~fwUdUCq( z^L~FGDfMC8M`=MmCexLqMobG8(^U99q5d68gptV33HwM%Bmo`Zs*_ z8m*`jL_yI@Lb92p=>x3mhm9RZ5>fJ^@N{xIm54*>*LZyR3Zy7#gr^Zs;@rU}^?8D( zkc~1RgOmP1Ga*qC< zA+`h8aQHq4IPvZVv>*dw52ZoW1zB=v9c0>!D;KesBPP)__*Bw^vdOvjA=mt> z1tR^I5pRRY=?|A1?qL6wi5&7P2mI16T{&Km*9i@a#SKuHk1V~v;Tw- zWqUaasS07!AXDc5Kqh(cHV>s!2tFJm5$ZA|zr}MA{0E>-{#|zaAnyPw<$4Q)`&8tL zw}BMW5O)9(|? zvip!KbR(qUeJ6%I2a|{4s|6&4Dd8N7zi#$@LLIf6>Z) zG*#+exwH$x+lTiRi1QrHKq);T=THlpYC$}|yiM|U#8dchwaLqCpw+q&D%BEs{DHRO zMGi{(IrH}c@Z)VO6_3Z^C7K|K{B9j;A%s97bT$5SEv z-H4qba|%G}0@PDIa_xa6CMp9Lep&H67-hoU1+upDAZ!epT*8%#?*S(VVgC)&S^0ai zh^<7r1K=EaUNUg;{^SG~-jmyr0xuISB;a-8!V|AAUPn^Dw0?v%0(yXJhDzisNO9b` zM46y=lz<8SCsh}PxM!lAcx`wnE%`}ub@IyOVyaAbC#R7y*$p0X#7d0?=?Gbd(n_PB z(Qk0)BkpBavN!p9;`^jKS((gDUYA^nn3t~PRms(f?TJ4nUP}BP{C;#LrzJZRn-jlH z^dufie4F^TKebevpvjJ8d*bJbrxSYb z;zP*$qYJW(Ox%#zns`0&Tq2oB$a&zBa;bQ#oIB^iV_lX%?oR$X`B38J#7Bwm68}gR zC3$`R=t{OE+Y+}Ur%xmvO!Ovtf1EN(_`jw7LmFsl$@$5RsJq`l6aNN%dFBuNlQqe@ zWF*P;Qk=%o5?NL!+6R{zy*8PZ45IHh;tiKR8yA<2yN#&JD#V>4``-G4R7pp&KJo8l z8B)BJeuLaSk@$1sT+){`C1)ht{8kT7$1>nxYc=&IWzXTcq{TJF(257EK^U%)EqvvOV7Ra=avf(bGNb)<3#5tf* z$^|WvX({EwT}Jt!<)Gi9PZxq>oC2+qX*CtYT|-gOK~$3b27SL2v{t4=s0{9*R1O-W z3Q*{YkhxdpK2t)}wyUVZ0v%+CYPoU&Hp|w2^8-N6`?_(KHlv46K2#sfpsr zuQ1vS105&R@l*$QGYtoAp?c5>p#Oxm+W;~McG6_f`E&*70-6H4 zkXk{nl<8G8HQ5K7dm89snhv^zW`Hi0X&23edl~5Gu!UxUUQO-E&u9hB2E9h6*U}ug zucHpol{61@l}xXv&g4I6wM^I0e7M)r0?-@iO3)i++D%u%eUnUYrbTeyLW@Dy(Gt*G zK|jT)-UWKQOxM#gxbL9lpd09F(2by<&?dSD^e1#J=$$gXi>`xvGpz)@8}wtkhgN~! zOV@+mN2@{ar!}BIrM0k~eFMr5Um4!Sf<

;rag2I+`H)B>sPuoCWphrMol<79R&Rn z^v`sbUIG0ly$br3Ouwer;66vMgMLGYlkd^DGX0K@zGqkz7ZPu23EqVSR-p; z6WJ^_n_b6lWOuWB1h?Q5DupUxyl@ZJDP9p?6;6s)@iuXTxJleBJ|g}~>=9oT-%!j_ z%vD^Y_*dZ8z}G=%Fg-XTI5s#XI5jvu*cMzH+#Ng+d?)x}@XO%2U_x?AUMV1DNZC?U z8YIYTS zJX(>*v`cyH_+Rqaj6B}mpGW#ebzb*9lk>=u|4M$7Jd^xu^26kb1RGV{n7C= znZ1iYT5)<(@5DNxb zar&jx`%XW7`gaI*^Xcn9JRLsmID<+1dhK?!-M^;Va4Nk^^e9{dxa8UIz^Wv42SFe3 z&kq#k@_+I919aMp&{O=AqW?Yell|V$|M%Db;k)&+=htL+iY~_Zb`{3E>(M$VqJ2(g zSFkCpl@`kVaSofyI_MfUPkc{2F1{!p5?>RKiU-m6UKbCGN5nV8W8$0Q+u~c|JL0<- zO;?B;G2$-8xZQgR;m;i6<;ZpiVKRfN>TA|#g|G!@h`04uu)HeeLCUny+9 za@cy6u<@#4+YLfrsHGvW<6^MihEW}CwtCoV4Y1J~VVjMHP1XckY#e3=&9J>Dpf~YV z-YZ~ZwZgWV2AgUIY^j;Bq1s_PVP%%KVf5aPQFs@|(R~;*pTqe0JVwVCF%rInaqu8U zzE|i~jCqGKz8%5n_7>XoyJ)fR(VtOg8)4hrKsTf2?#8%#2ke(?=`Om3{SvmpQ|vL? z#GYU~pvgD02T*@o#XW30tegAULl}GCp$BLU-Oe7R4)!>E5cbYbVY97<f@SeE zJwv;h0k+>Yv;pG=+9}=3=CKYoizpszojhscgqG&<$DoRN~sV9Mg=3n4ee4-c6*N^JKWe<$e+Wr z;W7I%kM#66`KWw#<*elX%86haJXgl9p$)Wh1P5j_ppF4!=ly}q!3?b7RphlkJ8 z6&BDgogPj-Ts=AAu3ao=D3cvR&WJ&~1kxCJvOQwfh}j)I%`L4X>V2WmRN0S)%e;D2 z!+X>+FKJ;9WTuVMu7dp=Htn&{oc4S}N4R75jMg4;HX>~hM{L+|dyh50CpTQ*lY9Lc z4+?NzPeHhTL{EMgf{mGQDFN1_%(8@~4c`!i5BGfzsW0=H-S4ByvV24QCC}oeV(LM? z_ZJyKHb{v4g+g4GjeFuW2M;~nEv>0%iRSozPx0dXsXanFf3tt!jdL=8(>?I!QuOvP zN_IqeM0@|=wF^8w-E*YE0@SShm(`=l!h5Ml%x<4EcLBf8p0^=fj~t>bX;N!XydIAD z?EbIiG{ovT3UOG!(Ba&a9ygj;Q=ODBNk3OBQ~^lboK<>eI00@ol>hW z)DxeI;+q<7oi~-&QrOay+l%DzK?TaOkhlK`JrEe#?onrHq*lQvPUW=)52*npTvv-1 zmL65=k=JNlt<=hVG!P7_^oQWCAMwG1m^Hi+k#R@V;f=l!8n^uUKZxW@WdLIIXfDa5 zfDp~MpM$D_fOu!#8#e*zhKezubr@+gizc3(zhF51J&qHB>0JntK znjQi9l)ZQ@dZZp|mRiH}!c)U&L-FQTUOBw1<@y~nF+8SaTB}^!{jFrukDgNRt1rFl zcl8Lv(EuCrST41FxkGn(&y38+gj$eugA%7}Y~)vT=0RYFl|K zLDm3G8E%*zmMl`khS__P-E%hVipMu}jc8vm2>oC~cvQ!R@Wj?yRHoeV*ZQvK$=hfQ z8#Ae{umH-ZZdaJCZ`l=R>nBcY-HTljY5k`6{ijYujC;(`|5mE;)oHbJyY-pd# zn>M*nkoaRgEIgEYgz(T^Oi&qmbm4h*J^FAR_m6S^Sju0;{ng>R9_C_&6yJ93lHA}m zOFM!qmUje~56=xQgS%@)|(im^D~j7poI~u{AGf%ri_@ z<|!uAR?AkwoM)P>&(lp-=cy*MJesV{(@Ylg1dLyM7(L};O16h>9rt)mp~=&xx9(!>&Z)QlTdy5XSoT`sDdnx9Yk z@@EAoyPEP@$_KapSKP(J{NUpup@)>hRb=9TrTz`@HG7ZmX(hkLKJ-NaJKI<{{D1jb z16!gKXof{Xa5ckLCDQC#(la!$zASJR{hIBCPbhBRntU)Aa&0H0pUc^0HiL z!K&30qD?r5H35DyA@!Mo+vUK_0(Lox5^w<ds0;NP05cLzCMMO@z*(GKXa?Y~ zcL3nQ&r=xI6B!ZLQ~=;Sf_V~=#RIG)vf;h$1d&|>AdGzlun%V*5Z?jbE}TIYe7OODUj_J8Y{!Nt(yWRDJw(;G*IXbPv;vb-@EMHvweYJ&ydl-V9-^T@ z47_6dVOh2k4FkVn-9&Zez!swV^}ueT5r{wHbD{>w(Xf+fWD{_Xs1f(Zl>m5;Lio}5 z0m#!B$kQ|f*qp*x1<}|;MB_FQjsJwG`7lw7gJ=T6Oo0C+xF;jbWbl}L6zC;mXX`0P2A*U<+^n_?&3f9-`}y z0!VXpCeRG51hxZ*f%8ObBmn+v6#)3GMclRLh;Hx$O~48O;cr0r8zEEoHUK=k5%;D{ z0AX$d&zsARcdn@AHia57{@9kZ{R-*NY zyFLflLv#n?+<`b7;I{$%HY_08*bE@f#tS(7vkuq^90ic>PY~`W;CUy)+u5C8k&|I;l*TM%x`9-^P`26~Ae!1Dv}e{d@Rc^*7VwAByP14w%--u+@TfbhTg zgy0MdB;C;-1-A|Jn;0c-;H0B3O|2<{z7W5)%eUmYjhK`E5CX@K0)hb3{Fph<4%qQ!9y{ZYO$n8_{08|HC?> zeYHf-JBa?Yf@uFvq8IW0CCGAMeQN3Gl>(wen{dMH1kvkpEKVIDdZV7`%}a zP5|#u9tKVTp92?&P8k3{Pyob%Nx%YN4X_yizf*ev#5)CM^p*ny)& zUoRj!S55Ry6L5j(+eJj*!TsHNqVqe6{&gSGzai)Mi1R)CF6<_{xE`ybn}Dsbu)46K z6$iFq@3a*-N=#TpOjH27i77gWDQk(TqQuk%#5B#sv<~1LF&*CPHxV_C3;U~dQLf8=G4s&cLmU)y|76AnScx59@1o?|VuE;RB{Ie3@X0tUyAySPf*YSx0OT!Vd05}VdUY&_k>Zer;!n%><8` z`-#n(M68_v@Mu3wY_?GFF1#BfY4{_%q{dujxCIEh&i-^rf zy!i)!bHo-%0OBs#0~{i@5OOR;-WDDub|u1Gd5jqB3bqJg7cT(r1GW=e;s7#%a-bf7 zTuUJL5`}tflx|i6BE@IcfeJueyfqlfT+ks=h z2Z*gQ0J{OWuZL`_?<2NG14Mxn#MU+vyP*Ks3~VEIBi`NU0djzqz#__7LQG=om4KyKGw*u}2`=qaFZ$k3ojVE)d(khS=lq zdmMhhoJ8yi@PFbgv0pV4`}KNY3$TOOZ;;M!5a%~5fb+z5BK&W+5_=M5^5hv}zr(xV zL9U*a#CE}N*9l_3N8G0*AWCd^HL<7R|4c2hXK{ZP{GUbI&u%BS2lDSN0KoGPi2p|q zu#?!n8N{Ab00{GZJ+VI_&VD}t8TM}j4gnX4y@0qc)B;Ta;=h1*FZ2+5aS;Ibi{Seb zlK7O1m1^`{vq%_)JyEua$o_lh1hF&|GI+MVFLg;j;tj1#v}mgzX6_a90pDRp92?& zy@_yd`hf!g!oPWj*wH3n2CxV?3?Tf`&jEyg>nMOU-#Sa|Z32*&cN_rHJ%;q(-AwE~ z$ouDNV#gbSbHv_3A9NA>5aB=U0rmq&iJd^a6Q2O*iNRiArx529(mA~zI72Z#e*0Qme3 zY5(m!vA<^m%>crDjJO|{104Xue0&H%m`@6Tc3?fw10d|D2>U6*ehU9jA@`?yfL>z% zFaWgx()q_W0O|Y#JU)|vCSWD79f1F57l?hH1GEC*@%cXBb7Fl6+cybV10ZZ4!uBET z7YO?W{J-c1b^^zVeW?H-$CnF$Ex;iFVb4YZ@I8yLXA$-+!u}Is{|Wzp&H&Z}JplZ_ z(g4)}czm@5*bjU{>}v-Q2NnVF{~G>Z!~dKIXarUQJAmWFzR>{S{SA13vmV$D^b-5l z0Mr6qz&7A0vF{+qchx{UfUw^o>~{!z9%0YJ|9l6q8Q25B|6kz!FYx|XE6@$>0Kn&8 z=ZXDW0vdrXU<;aAfpAfr9Kon>P zHUs;Cv&0e-&1rt;V;5pgujUJ3dB`x1>jaj0X(Z_0Q|li zfWI1X)o}oE)tdpNrG^Ze?IdXNPP>K#T>$_Yb?borzy*8>BnN`rgDop~;O9ZOG=xio3~7zPA`-l3Q;*+f`d29A-CZ2;;4$e6tYfM3J` zAbey$2|0M5vyy~d1+Wg-M?xO>!$nv`1l~_1&#|#s7v^V`)8i)7G6yZydsXghtQLbnvDn2o zz^Lz7UrCfXOoBRGBvw?E*&V8IMs`JcWm&0<4HL1M->Foq#5)aTl2pdQUdgPfD3_#) z@|w);7f(bA3L@DB1w6ee>`wNu@C4Gsw}0YRw!~;&68AA-vu~TP$0z#sB=^S+T63e% z?{k{Asf^nw_HyjyVhEAnHf!0%Q(O?|B}u|RIC1(wt5Y^Aby`)OQma>v;W5l_Hg}g4a$dE&uKPV~$`znX9ils59Cyf-$A^G*5ZH4-t>M{;zSVp)itOhE|05`~n^v*zYdT0933C{V~cB@Mo>D^s(Z;;=a;i%X{zjSx)sGD2Y~OXGf}BuCmg~ zit-{Mg2rAxRH&*bbGlq^b#`_*L*;Y?1b0A`+nqD~LTs!(Te>1zU0@AG1L@TTK69ut zvb<=d!=FArFPdfaWqTuaQJ*DiNYQew%CDbePD>BkyiTiL=gq2!_{$4I+SxM{4$XXn zJ;QBrTFhE=D1T7IS5X*JUxiLBV5jCQVHNtm8SONJGbdj@9kJ+XY({_kkoF|cK7;3= zi)r>Gd*fQTRTB5$0n+4q?^7Q6el}j`Mhnc?meG?TW~|8xDt@QYKn{7+S)8=Gi@>cmyZs81d652atb%J z9$P91-s6wA9(f0gH=nXFD-&f^f3)-t91% ztX7lBk?5)|tE{c9EUVq@Fq&*OlhGkul?XSDAK%20mzkNDmyyA)mpz)BoASb8?tyI@ zoIF3zK0-a@;>6D|dT}p~SD%lYP|R6zbkdAC`Xkp}Pr-+G;+)-F6Ixns5317z*_5Pm3)F`a5N+TtP$G z5f!v}kpMN0X3raXS!qB(8LQFQE34cp*%3jHP@&cH(iRL_rVSSRy2J=wbF{k7>XUpUWQ)M>Lw8EKBRK)NRo^cN4!h)xNF z8Y4MFavZjBML0TL@|1eZ8jRKLkx)Z;ZMaS{=La)NZR|Q%p~p7Z=k=i$pswi;Yz-SC zj~_#xp(PWHjG?%@;|6bfBNH0wo^&L%20 z@Uf0r4wgb0VVEnIbrG+SNM$9leW zqu%fLAiPa&HtE^5hK!7WE^T<4&f{^aMU_IgSgWu)92!F?Gs6%JB1XudcGxWn-BPVW zA*!8jk1nk~O&17<V=+3>Ue3kT|CmZ zUoOeEBW-0DOOK>fn!G2EzL#$=! zQm70ryP{l*lvYQ>4YdVo&VLylz!}aV&}x>avHC2sM^e4x2&y>b3@u}}#20MHD!B|F zNq)m7K^8O3+KVsh^ge}F1hb_#9<ewHA!t>!C9v9oWUJqk@eG7V>e@i$_ljG%I29g2ctpM8}V0Q%`4hVq`k4HrYLkDHqI#ijv zLTp=zgE#hL4~H zm08Q2p^A6?jcGZa>grP4q}7S_oot#TsO{AHGqN2QzwhLyE*Ry5yn(X9nb^49J(u*6 zfNriOJKZ}!q}0tb802DrdH7!6LCY!LKIJKcNpzx7Wn#a7fO=^6Z96i5-##SC@MXp>U?TQx{N`P8vC+y4;tY>knO# zm*XlJF3XjRI(!LoMX7r)zIr8_%>}$aV`S#$3ct%{IPTnf=FfWGzw_WomyBq@x$e2y z1s20xDqsbr0c8o#Q*N$#p3N3gsu*g9fna`IuuQskC+3wPK~gI(|K%#P;3 z6;r4JZG)xTva>Rbn^q4WzB-Yx*ETliu(#ahHG}+YMPk#ud+wPQnY&10B4ty%inN?)cwINxQOr&PL(`gvLi(Z@>^a|@K_fCUc2FAJu3xU#Y; zZJFEd>GBAk;{3Vd zT-en6<2JpeQ7WQ&c6)mE{49lje)>Q^$HW1qL?4F!Ha=;vqi(s06oB56D?1|FQ6@p2 zBSV|HQLL4f|Fq}8TG2SdUT46r&C9GD6Lq?yqsta7u9&l7k~*g;UaYrgvTTi7YtyAy zZ#{m^-W0CKnfQFntu8)Y$<<3ax2|w6Vt8&U3C%)3?U-aBCJ?$#TqiT6W3 zJ&_7n8V`dW=ix(w2}7%vo6cGZu8JR`@0X*6xd&#w{LUxD6lQ$F6E|~r1`|uec7-L- zq2j?1pWoxzI%A`%rlNxv4dxpiuI!Fx7|zwDqFoG!a|`DCl)3ZusYT-#DZk~~<;gA*U1pu;a~ikI8WE|E_aFWJa^ir8-^v*+^)kxto!+TyWQ zfr8=!$ywA?J$2z+bErJiAE=2GR?L=4iUtL}#q4pabRePWPm9t2ODn6mfsg)|VZv0v#noB=fXo$E z7>c_}#gz6uv}CO_>~#h0+Jel=rl>2eWOV6*CFQg4n51aF!5d+tG-{1opH`OVwfeK2 z#igCW%8|L5V}?XFt(~@UX33Roc%zknZ%DQ;*n2`YzL9}#Z)!`{R;g^KdxHvIODLW2&8sk10DB^rRN?1mKA z)YwqtFM2Ge_S>*NVb5|amFlcQ)}4{~gn2R&-K^%3MT-|NdQ>jg99j(gHHG44 zfvJ>QQ4K3kAx_5E7-CpjL-W~hIaRv9G-WpNQ7(sVPt1_l;h9A>qw}opa8B4AE|V+)kICc-SS$gz z=`TuM&M3bXU%hiK5b&u;1&K2hqZ>;L|?zY-whpc7z@*dYVd{u9^1uw9a*Bf8XT}qyg zf)kMwffFWy5GTz;*bsAkC>y#;s)$y!SBMoO$5+m(6e?F~H2I;CcX=Mhkg_JfAucwH zLJ%iPR}F~|YaS*HTV9g8q_QL~1=mHY(dJ z2W68|UM?vu?O!C}y6LhH*H;6xjI4qAJvXS`vJt{NH6NxhO*M%>SlgKPt7ZSH3cko? z64)`{NN@JAsLz~PlV|rwi$a6*)0}0KW5tykz18nex79757|m^%R+`&bDZQ*Tr8$gd zjY)0ym{e7Iy}M+5P2T7#NomQh@HbpDwPDeyY@Ij-ZC=QndhgOj_fC(bRZbcDkUd9o ziiZTj%4hci@j>k~jAwd$C#!xhen6l%9^v(+lsLtK7@NVW7DTOE?@_pIjRp;dQ}iYg zzdnFIj#Va<8G7YG%Rzau18W=+tSnaAs>)n8w}=t1tVm?@(;xSD7fj2$tzb&-S30ZN zs9L2mn5}o+^(-sAeSPB1-?Oj7u^~f4p`k-!=>3&g_jy-X4vF~hT}_HRBMnxmp^Lh) zAA&E6VR7Cat>x{P3jQhSpMBerBvN zal#lhJ9C1Lny9TfYVt@{Q^4@Y>M@0OtyY+-(xw*=N-wB)xX0!05CpY7>?@3P=4QHl zW~Ct92_5CbIR7sCV~_?tV`?`tqd%Qz$gMFqriWY&qGTFvw2sz@{?X}aqftw-zITzI zcew)O<7Vl>HmE=)-w@y}Eg++&LP zL(_P#?I2c_uyF%RoLl1|XN+BU;lmG^O}MIaW9O5p`4~_84@g@}qvOTcCWJz=sN?Ex zwTLYNjasi!)HCjh<5Lhtr)gBF1g%CuLGh*iK6wrxr^s6)imWXk)+|pn#1pl~*y<$p z_9Dffb|${-Zzo65PQp|k_e)vI23Mw`K5AkngTW*TAsX!yHKVOs6Yq_E7<2d>gB5ez zs?UNMCrjBByh&7)Ve)yo{^3oARTtDotPS;guYR?wt!_|TU1nb6oN8zwv>8`iFiADz zqe~YG!bgeMHICetRn6m9O~{p-jR|{)+z!AY3%M=^$F+j4o{UOuy=)RY_0~qUL672& zLkWxcwL7Iokd+2RZ0p0K8|-<$?1qMn<|SWPps8T5tlqwQ^>*Q^i}y2Y;!EMGbLWsw zCDP&Z96c31qgQF`VP^1ZHKR2u4O*d5uMtt!yogKj$9eBRdGW-4lr8d&i51GW%vpK+ z?d*=*ZtG+ZcXlRb%eF!u`r$L+Ylp3nX0z0rk(SepwIz+iE?63Eg4Q4_6O=3$`QS{f zo@1ry2MyA{b-~kM&$ufl)y5{J7pD!8qJ!ULW8N%mt_@4>IhH`#2v*$LUtXUgJulV{ z(#-W1s`vVxN?pCiXBKo$rKlBD{i@Yn!;9$R{xVc0pV)_r#0Uzh%*vM!pjffs$7bqt zORLgWuXaWAGYuO}kP3E^>eRv)3=OOv_F@@^+X=8y1kQ^| zW(1)D!vpKE;AL?#2cI^jgyNFL`u7o$B;QAjm%z_#V=B%^$w{#?hObU@mrkd*I2~@g z&7xGgt@V}wzN+D>ck@^Q$h6eWO=q{@PIvkp4wqkWX>4}8-m1~_{XDey8kxcvUc-l= zd{5t7uVM;>-Gd=1o1@0^{;M9$28hptQh&G&SQY&XcHHK`M2XuQfE^8hHwE0nm~4sm zFrFS!J3St~!Rv8oI@LyO#x7GeO&g_L1~Xc(7OryEHH`~pjUN?vwmk5&pEt9=B>v4* ziD1+AN4E@1=~gWDv4f~jGfl*P3a3#wdTv@D%}WPW0va8<$l z&h|{U_Tv2*hxi!zK6IZQqhvum?PCvn&&6~NK`--$sKFsAN2hDequnsKF*KsD$cqD5 z-)ysAS{F#os??WlS#41}v!!6fspfYn+o@iA?ZU;&S6sRHYF1e|eo#in;Bkcm_ic|o zwhfTSM3l>MjEN@f*~j8~cSAdrnon)7*YUD(LJjG>I>FJXvg0C+#ylE^4CF#F6c<~5 z&~|)qwDXl?RTv9C=*wAvc8k4 z()pkiOQd`nHc%XV*9n6_Bs;t6KT6EU3uW45{p8W!Yp&C`Oj-M%rN+v5;cR-uniev) zTE;Xu9=@Y++~CVgkGCh-5-7J%QEvQ~BB#dFt)_ZSyRpmIZ4`~!-iCH%m$F+aDziiN zwtBwtA9w4ljm|8M4d3xJIt9DNq%msJ`^ysMCc08eyQfxy(3!A1&Pz14i^lr`^3z|k zsU<*OxbIb5F*HenHNf+7h)x=ZjSf%RQxI%PU*m-q?r{!P=!Y zXM{P}lowtrDPqDO_>vEPf$D469INn41k?6X0k3js4P`@nRu_KQq}|!&6r53CgM7FE z-N7vH*gA}s#{6R4Xi2ga(C8ekD{ZtqH#~@O+QzrSp;j>lTHe4uKAHvPSIKKxSlPe^ zk6cG7tM1bNH->L{f9jK9u1D+2$aDH@OQdCUYbK{>rVYuN;|NCV>9LB8Wmk`#;m-7p znPzmSo9zL&U8D2n3@(^5$7`8oa*VY3oEEj-S2(x=?pcQhbNjP8I5_PQ6*fYG|42Nd5qjZ8X zG_68oWw+ek9j(3Zv0shn^)WE6=CG^dt}J;Z3-dX8SVFs#XX}`V%gcW9 znFHu)d5KSp{JP`F6(5@T3?FOohx!l3;E9(5&ofryd*vNDT{mKCIni)k51Xntu0sl9 zoDZ_HLBQ7=8GniGIXS@`&KgYk9f2`G%aR57BMM9}9&11wOV zo*Py=auk+y!K1OH##>a2ywHekc)rZmhHW7Xv+kPIQX?NlfB5_`#Qxxi={)KUD{>Xw z&f*FMYvMSC6~Utu)ya^Y-K`e{VY#TnxZ3F|aJiz6PK^Nr?s5iyt=nl+vd#AD`f<7C z*R8p6aML3XKQJP8cU|nh*oX%oeq_wx8`fS|E;WrFYC~P?QQ_PsbW`WkHVLJKqe*f# z$#>KSHc&7v#|xv!U{Z-{Y$Do3vs*M{(qVP0-DsAg!Dd#djNE#Zv(Go;ilJqYb8L&b zYdAa>OmKKM`7q40guIAl?y52o*<~H}szCZ6=dHR(ak=NwTj$JQ^N_E+Fhf_iX6WD> z%Y03(utzcv9!#9hpE-3b-}0b={^r1He#mAu;j6LrN>#UEGwcI{(`6Nm8l2V;l?IK9 z_ZhCfVbsP_d$ezqruKD?aP{5aN3a6|$;w==gg!mpr@zsjofq}5shXI*&Rxx#-3{ZK zrLy*!Z6%+7HhXVp;H9-cj3?CM!P#wp(jyw8$$5 zT4-r4egu{AO{%yVfvjW|%#9X7)u@&Y-@e!pR-BI&p!|dRSRAsvk&opcGz~Nf%+~lu z4LA9p%WoW7m4>~v1+LPeqYA!YHw(_X6$@tok~^vzPS zI5xFsF&4+(wN_k08s&18O`dLFvSZ$8Yr`K3CN*!t_ONr?w!~+`AKNdsw_{wzJ_LBa zBJaiK#hpwf@mhg71cud4g&^2i>U;{{j6Ept!{*<u5&8*@G0E^KR; zd0HqbuPLc0H}1eM5MlF~sYFbI)fx!6oX^rO9x3I`;D>I>)Dd+A@_n}Sh8w!}E@Tyz zAAC^BU_C${4P^X0c@PGbJFXMJkS62%-h8u}523tKyHO(=b|&E;bQQvH5g5B#cnaa= zy>kY%rp!SIAVnj4jcfIhqVKk*YY8~ zt%}dQQww}p+n4Q>A5FtkYlQMf<@b(klOe-o&-7WMzCmM)9KI{-3P+XurOJlvXjVaG zc$mZLp45u(uL-N z%S%xG8*$ub!6&QV(2@`FRShilR5|;1oTug&I3gxfP#>*c8yGaHGTM=`+8gy0H57Zk zsB6$`lAz&ul+o+o$Rm3e(E5oV|-!K$CA?rkWh%lmZ zNODZ^sSQ(cc)qNp`{DOv|X&^qAM? z9bMWuzb^P$*|gyigK4f>@60L>3>&S{&eIvQ>$q4bS3l%>QZ82?wa4u^mvF$x;$F7j z%i?KlKePdgmha5TqngCanise#t;Ls46YYK<^OAaUnr@0qFHXUR3zr+KdwjYN(YZY< zAH{21#;+>*7+956J_*VA3J%{#z-bM4Mb*!X%gtVsDbrDq!<-p&ikB>#)s_~ut^Oj` zEZ}^GM&FP)r8nKY?CM+fy7zGW8?px>`&%eeFHRK9*oz;1-5;+?^HP&4*t-5-x|6U*PCYH2qxLoRw@Mi;b8jyNS4H0!2h>FseBb4@Yhx5(uU z3O@Cb%b1sQs)$qNDyx^&d6$9h`ihDl8jAa&yh2CVWO5l6G0)P~1ua?b^mtUt^XRAr*bEEwcC$C^uOK$!T7Hte9T9&#u(OxG1EEPKSM9G4k!mF zN;joFtg+SRJWF{)o^5p?&l=JRk2udLwLvUDCcgVu-5`ya_$e>POtjy3gqRq+toXQ{EnOZK^Dy!-PskFILhT`uCP}JxRhLRs1^rXZYA5trEA~5L*p%nHb6i>D z^mLoNoX0ntFLf<@|3Ya6s@|F^WaclDq{2c;Dtb11xIa29V!8QZFw+_h2yHmPnwgcC zckv#Z(O=P2^4reD$-G=GtRXIM3FhgWAunIU7#lZhJWvESi@AkJ!dqT$A=n-ia!ewx z#VdK^-ezx?SLL-#w!2&LGy70%ya8a!cnU|S`EFu<+r^_tV2KQDVO+KV8M!PEY_q>) zcqBR@J3DP;dNAX8R%0H>L9k|QvBP6uU`op>Wm7tD@6W)cdj1&o?4_2t3qRy%QAw&e zN>QouNBzvDrxt#sAnrqDr}?ZFOVrY35iMSHGEAC8rCX&$XX>}}ircVui4~wy7*Tu) zXu!T;K7cw?hK zEjFaeb_%V6mn-_c+zxtBu9fi+|1O5W|Lcp>*rILL@nh7Y4(nCA$$GL|rtl+t{p+{y zwY|&d+c2%N_-0&o1@GMhRs4?V%qR&?9(VJ_?DVWsjYH7sHS=b(yE+p>G{Ygv>Eg%_ z`!o9xy?9-GX1<@@XlH_xpHy^mby@6;IcGUdvKoU|z!di-Wgx=N+WGEPAYkM+qj%wl;|rm^>8m&VkDmv^= zl~vObX-fCznyp3bLr-*6N#bJ`^k>*qqQYL}pSdWSEeMIb*a1C`lj?C!U_b{zhuNv{ z8GVb!X={-iumx>_9CnpX#rGwqh+ObCc{JlAF*KFEf0ONpz8;Q+X4h1Y&PQJ_GWpD_ z*(+MhrLNA?MS22$J^X8S9Ag#lJK1rkcOvm&6n$l)PD+Q_<(6wUHR$t>fuvHMV&DKp zKv2rPH&r6+xHPDxw6tZg6dF7sT7rAx#lq5P3CHKv)9W%b>!w#%O&=Bx51U>c8#gW% z8#`8(BL@5PUF4hpXPZjQPy6kqfCKiDyaa4U3Aoe6DPFzHq#H1mxU#-vC-s|1*2_#J z-u`*PxL9jxnMu+cavTMDYhe}@6_>8gm>XTZ;^SD0$Px*SZsdr{>BBPJyM#r0(>jQR zvI#;aKAsq`M^_OKra_c;cNbQm!!)rA<6VY#vPztiuJ-(YoV^KrTxWSNeBN_rU(f9O z%$a@DXht(yEZMS-Em@YgNb)9|M6t-?Y>>oBD0L&pvT+kg0lQ)OfCe0XxsZN9uYHLf zYP!S(+bx$Q4gF#_K%Dw^ffjCn-coK$Yx(}4_sooB*-m;t*_tytdiBnG-sRb!|3d@f zqERz^f=CGGA6E$$#+DlqYormsr^_9_tizmeH5&Wk{o8s2japfLG|&i;-1g&DYb_@D zx1`DCy*H~Fozbkn{K>Cd?P>L9?310?EZ=2+jde>t?=emCus}_Xb#{L0uA^k z_D2_Sf-0yISuT9i7A41WM5N51thq*Xi=FZSApgo^o%N(CButf!q2{EJ+n?5n1g|oW zEF&u%565X{qL8Eo8z~0aHp6MIW6<5dtJIv4v?sExGal&L*wZ;4^SH(;)uc0&^h5@# zaX-S42DgVj>G5g1*Y3943?`q_m5uil0}lJ$`ar;Lbvf(?vp?C$#=3LRnj$NpW>_e=6pwddY_T#jgbz-14d>i-(zAX!ORBm;|Xy_d{C6c zxD!f>VBSW7F9wk1#>KM;{L`oj2|3g9tK@(zpPQyYa}smukg0=odsv94NN zlLpTohRcr5Z=b8dUP!&Se_%a!V4@O@ z&dO%DvV5Y(48K}6q-T4u7r<`WkND?JkW_n#62@RYIZZ|;BqdxTaU9-?OFZ=p(%~i5 zXN7&q;Wi7H9j90FIKeYCi3Jf$hzFv$G}3O$4YElz4SBGdyi}Pk9WaNYF}qz!#LW9j zyDK|?{_))Qsm-a>=Be$ukNiL3KBln00)N!*@_lcgRQoDTrRUkcDe1-HlN#JxJPHU**#9Xai_uV zbm7P$0_GlTKA7n4>Oq=hy<6$HZ|}j8sW0!yty=AWi8*BpV{}B zU}q_1n~U@Y0zJR;^wUY)mMHjn(Mj(8}oFVb6G>BfNpnO_6Un z;br=mR|=*kg^WENoD2jk4wuC#&?jF!hmVF+7WyK#DTEm^N^yBcQvfKrsI_I;8=iEo z9P(r#ytyUGZCY9w`kz!8Nx%^|q6g5Y_`?Ka0Aipr*kVCBQd!PVLd z1$wLg79s=W*GMu!q%)BigkC@vBryS05agdUY`SN_Zw-IcTMa7HcfV&%IMLgi2(Nk1 z-P202N_J>uc#6O65&+vf^uP@H2&*d->x=%>K! zCo+I_!+u3klH7m=9fZVVsG5H=JG)?;Ydv2<7*?~~*u*#&xL?ZMkGd=+#at8w??XPH zIr)&{#*?DMtDf{6asuiXF4L3Za3O1@^@I=_TaQhT2!_^vZr0yh3o5tVRT<36;Y43w zB8)`J%3Zf0td-fCkL=C$XPXb5?az7JkBv3)314MD2I?aShUy@*fmIQFNRJ519}=_&jv|s{9X7+wI&ZR`4p%!0Ui@q~+^qMc zy1wcQ`*ilOKNRZgOwfA=e_utMBXVvLqxqKjL0I#C;}i*nBX4$@N^)VFJFiTIm>J-#O?8zf3Y+`FWo}Ku>|Cp_Ue~O`jM4gVK9+JtO&)I| zbsZZES6@x~-J+hWuS@MMG!LR+yYe9WHY&(?psA%)XDSrUJM<=@;DsB7PY1UMUwGx> znG3JHa-FQMKCqdq(!6Y*Y$9Y#COaef90}<^@MM*cF{QMA-lQ|x18%8|An`^fruOEf z;cM=|A|1v4{2?j^Xt_`8)T$W@#intHLwlW40vT1~P#{I$UP>$Oy&(H^W%@d{|Pqn^4O!RSIv&Sy!+(I-L#Jf z@R=vMPwaiCP;lz>^WmmX5mycffGZE$>A;(iC*X4ln<*pTRx_!l2?T=$1>-|Li`V*) zYnS5zhv<0JDM~cB%dJyP0%!evogd@#^`>VGk|%fgX{WQ5F^I8tiY61x!0d5+-T%ZB zPuw>6zJdPt58m|z4fu(>_}P1q&BM?0JTk~tH6;?M78OWFWf9qNNbMK&M!3QB2BY{8 z1)@I&fm}vp2HYT;ldd05x_*cfh?FUFcSs+5yldyq#z)2ef|73X4+f z??xF3gD=pp!rX$bHM5Y}9ltg)9lz?hZIw3@S%w7Z4Gsv>T43&ew{5>6xIfX!It%;b zx%?)1fDP&s@OEdH5?=lZ0sxunrIXVz@t&8%t{ z%?G8g<3dqVq%&S1cn$f&SzLj%pvg2h}tx9*QwfTPwvG0UN9Zsj+?sPil?_S*0;Xu>b;k9dr zhet<;Gm4U-@8-|PI{v;gf4q5=gc(JL$QF#sghKk94 zW`+jxGcI04tR!4H@Q?KcSn}pOKk=bx+n)rBh20N{39`FHHQJ&3Ky3iqoU+$8dI zx!);=MylQ+M0$)k-3fQqExCt$M8qWDkbT^~3xPg)1=*Wh3_0(Z-{ct^htJhHW*4LD z&0=7^q=gT|IDwE*T45|Nc^F>>X?y!MKBgpTgDs~AMdoVXS?GmO%eC-&=COqwciwZ~ zZO*9U+ygsy%+CMP<#f8DX^+w1O-bUXzWk+6>%`qp?mo7Ax1N1kAM4#zt8MC~1U`mJ z9EaKa#lHZrK&}EXU4F~qwR)a}xI)8uouX(VUQ?EUUcGO{S?SKKcdk@YL} z@T}j|TAuZ*^?ek5lPyG1-9{Dq7>^kSX9i>TJga>Oab*PbEoC`JmSh$Kz3ST3VysOO zbwn{>UPP?>U-I!G$~N_>P*m~Ouwxvb(wmN80Wi!bJyx1=KFsM0 zuUvi$FPN2U=Hwc_99zPNTYR|^1)r|2=>+k;dYD;h^)+{Bk29c&e-)K>zJqc4Nb6>T z#j7XhE=jCsNz3A{%?0BkJLpL_5(@I-Jn6cUXrw)CAl4`Z0)<8_+D%vFP@$V%;UZ?B zzvYjXgil_T``ybvGXFu=e+zFbpzSYtTlWj(>K2=gPs=z96eiAoId9{QneZMlz`h_p z1K-!@Poan-Hv{kpA3B>v@3GtHXKwSL1o8#k8?=CR=w^KVd(rh`OUMW#o*XN5w7B^$;C7pOs_aT zWJiKJwIJ*F_OUPMJ&}}Gjzl7mVNJ{FCm((aJ6%DexYv=0x-C{qz?pX_{GA^vCFl_9 z)Vv9~zzD7H3Q$44fAbCy?sBomp^#KF$dkko@!P6Pyp+a#B}-^@l>-XsIbShEg~2^BZa$Hw20{ zf&ol4GK>l3djvg`;F&Ozbb{vs4h3IMS3eh13K6sTJ>nEMvoBRI{8jBa zI!6*}h5ifs2iRqELR}aX9wZC{o-s;0Oj4o%{F z*b~pXJ-Harudt3hZc6IFIv!6tza~!To zoxFtr(I&9+sYp0Bl81!IbJBBI`nNzY-+t>HkN5*-+2uE(tiA@QwY!&m#CqQuystD3g3iU4t1w zW=GnrkHzCj0RQO_Rwtmc9_-$LgkcHAt260MsWh@cQUNh)eHfb2!-_HCb(u_(OO%lt zsiiq-?4$7(Z4_)FI+96Fh&O~7RZ3*HQ>948 zf=odJl3eR%-D`3^gI4QcPfn)@`n$U1m~vMLDGL%&+#-hAe-XbZkPfe?vd?K&052&@ zL7V%iU^pray@JqFkjIOZHtuPuK6sGEqW7PP7K_nHsq{6v;#&--HRUqhy5h4W)aU+Z zb`ch*7`&uwgpZs;;c4y*8zwq|tv-aSy4Hr1JwV5Pyq|T`RTg3{{0sE$A1drB>@P@# zwSoOA(&AR_kB@ri?BO|S+|FtegL)^esLxf5E9TPN&8#I-Yq)cG2-54w;mp&k@q#T5 z^9B^nri*WZQj)cubLGBl(;3YT(-0g3&9sQNvbWZib;Zh2ha*~!%V~I}{AMMRj3Y^T z{%>j{Z2mR+jyy$>d8{g2B#=UvKKwONEe<)#(QY zZyAio@iKVxU?MSi^9KW+BOT@8PP7{?cZ_sm;Y8tX=3$=_e^amtW#N6QwMc~6LN7!= ziRcnDp-JU_yAs~$lD|Cz&u67*IaCYHgdPNJU&m2U%>zcGUD$UV0&5|=&rVzZCB*g+ zJR*gU5CLy|FT03|e&}{F+9?IASU3dFw(a z`!;(O_5>^9M}v|Mm~B?0VHdW+Uh8J`BJPD%fjbH*VpMOlm`oOf9RbKX8~n}Wsltl4 zWJtPFGU4~W1138E_Vo9^gPb?{d*8tpM+mzSb{Km7=Bit79eR?Dub!S(Kg?b&JojAb zdw;=SF(lCIicn&w8KE>H7FfSmlnjFSknTg6K@u)5f`n!XMkmQm-!p%KeWLV3SQAO+ zYT|E+26$aip0<51+|85mul!_?mv&^B@k5d1hk_U)KNVlKm{aZVE--{dDT#K?BC7o@62q-JZ=`veftvy?S$zH zYhxY{L*zCS4#H>a8I$O&Ihio$W%$PrS$HmCs2YY4(RM&PZDA5-QpiBC+?9)2I{sD4!Zra(xZ$ZU$~ zXFZ`=d(^T|_U|JH9EH_^O1*U%Y>%HTEqoacz(8vfaOVCa(UbH0b3KXGH%+L4L?RGS z6!Dv$48-O}#KM)W;<7{b+ShoKgLKyS zz}`8BF_nbBR;?)&XERAMheA}=(*#>ZnkN@tQ)GbCvz$;ronyrZHQ>!G0#3xyIuT$T3V|=VUb(lsS zu%~3bo}|lOiG)fCx7|8!H)`v>I7b3-=uAS61PL8bXW)D2V-Nq=$`?>bargnO!*U*L zc0mYYZ#XQI&sdLRLx%mrWB@s5NS-m<#)6@s#qTg6%GOF`Ukhe0a}|jm+M{Lm^&*mo zXFuff`XDI81K0-R*kF1m=p-V87zw zUWdDkkZ!r4sIg86y15*}&%U;CQ+m}c{k1!DcUo%x-T&aac?vjTVXNgo=EY;k=(;?v z@sTeI$AE|QUf9nmCi0v3X2MbUMejnSQ%Hc%Rgx`XzrpG-L99NHI1Ty2o0wC5YZbKs zjh^m2m~~$RC>YbLfit!?0$ke=Yk`};?T^Rl$Z}^ak96m+=NG$M(^9w}7hyXWX)3rl^ zSZvzx3x?Lk0FLarP^X&DtDWJnb`9;$rc-%DZe-b+((2AosB?9xG(y*rQn{)(jmCchTs^_n4IhR!C z{~MQ7It#!5T=BKn_$%fNX!cmFpJSbDkny8}BK&`+gs?U*q^eVZ73S+w^UCK7^Ts7} zM3i1SLFuSGg%cEuBPHPvcq-*a+&~yC#jo-dH@AGDZ*UD4k49C6Y%Va31#9 zlL2oML5E&Bspt|mz`g3+AC+~%C{lVQqv7K=;bZ!bbJNDzx_nl~PQ@vKyauxyx8Txg zfsFY5<(?Q)SFx8F?Ptgm*jC6=0i+>IGxps~W@0u_QRa`P z>cOFH-l&J|mP3}tn)z?v!3KZ*$)S9{Qr=i)4QC?o>rY#4`uRT(6uqMU@~5DZ<4fZ6 z_*2Yd3|zHCctBlcR=wC;3SLUZj&iBoajaPK7E8rW+iXziELV=CS^97$UWsQ5QYF=) zE8B{?^hZ-Vm*ca(&&3Xi95ItegVWRUJW+bkmpB~aYfmhKEyY7-ed$~`v9mtX7~6!I zQ)J_!C(hEt{`7ldG3IyK!p^v@=owJ*gMKCBm_O8h^sn-#9vU*(^y!?(VRhL3vb_gx zf>ITC=dX_56e-Nc(6np1wyI5LOCLsoTm5HbX%Ls<@9{R;(Ocd2IO#FVF(i zh%#$%#0_4v!C>}E>flhpH)NW#X6Ga;ay;W!DLAxJH)va7TdwOJ=%`g~J;jf8+FWx% z4WF()biR(A!1uu-CWc^_bMi}?nbp$fe#rmcVu%xS6|=gHD}hR^XubMb-f=jT2GNN6k|m`=J|i* z!W)@wVVpgunPaXm$hDR-ejOY(<253lXwtp+t{XtJg|_uAmHptL^nLO1>%p}-!y?%> zC^zqAP6J5uTtoxdm0!S-Z5J#Pj5!u)z|!^_4FJtxSAMCQ9mtzPd;5*sYjl9O{}r$$ zZqT02w>BQ_e1}n${tvJG3W!b$K0sta_*rb)5yvx7bjyqU89J6e!@u)qFibH0qGwpz ze$g{r;m<(r7d^w$_H9}Qwc92vYTO2ajWgbL9qRAz|iu z;iFlnmaEAjgzk;b2}kg|vOicHF*%WyV=V>EK42r5gF1a~y^I)`7Eqz)I>&~iDAU)@ zk`b^SaX^?!5ZE=9P*0A4tI_q?_lxW9SfLE2dwNQv%D~KUcK#{c{eb=imL6MKF8ZM#ixeB%y;?TUpXCt*h3y zy{_OpscsBH@^_4jeg%Kf^t)0W`%(51ds(mwk5INLm)N24(7A#LZ^8?*N`66{2G@V( z2&Z&IO@ilq10XZZZZ@K@kVQ0EQOE!$R4e}3Ee4)x!aeN7EAR$-24E@?u}vt16aq*L zqs+Kb6bd;-Wj#8&@3FP}_N}4+?7M4c_pN#Cv5|fI#`Zx@j$C;I`|lH=>v5dAkCSwB zNwq*c)Zo%63`89zoLs*x?Ky26?L7xt6759Cq9HfV z4B_^k!`QX>0E+q3;sX|q1#zxKtNhJ@Yxr7kfS(gC*@#*QY$3$kh}&qLBv{M|f-|>GASFSVDLk2ppA6H4ETm08Feeh9~>rfrEQH9(~jv z2({43JiG6?``(Ad`*t$IChM)&8klU3F+g$Ry~1N^1tvR)7Yct(@YgthjgmdjODx$# zFFcct0(({9E(jYFTlBWf79q67w#-eaE+k%*CM$jUsk%@$c#sy40LII&VjE)cmnpZ1 z3Z@~fptp% zOe2vL`eRq9L*&`;)UFlTJ7YhXw6=f4*;CGvxv0yOc3NBaD9obSU z78_{HC)u0Ti2)^8?BVp4V~z0m9ps2GgE0JaB+0125vtdso(a*}MXQSSU)t_4I1IJ( zbX9q~+6~&#KBRW0#`W4ggZ-p^?gyIf%!69H6<785#dbT|tB6XGM03|LK3H-t9~Yff zG$!iU9_P1P?b+>U?^W%RXzZnqCDB3)g-sWR;ydh zDkQIiT)`?bqYlH!Q6-rm~;du2RC=;Ce*2&;`luEv@383P$Imd*)fOo2H zD3r5LMU8|v05>j_T{2!$o(n0wFk#|K;W{^lR7rC$JE^;iOq_k4(hYG|tokLEPlKgv zwBoxi^oo6nIn?L1bgbM&dywOq@G~{mK2u!#y{wvxdBHd#>I$^Iuh;glSvxQOLXJ1g zH_yS+KJU?K?Tn@CwWIT*eRli2NQD7(DCz3sqAs^^UNp=C#P2b(>froeM4}o=-9J_V z7-j+RzEvaac&?>w5C5{+c3w66y}T{OhwZS z)$T8#W6`RNGpn~bY?5s$2K|zF3YvGfu?92LgZ-~%3Ic7 ze*hjy3IihKL&y+PI~QB?QnDu$Bt=iG=-$)_hq^X2yd5sRSH2}Y;!xb{2P^LneKuIO zmWmcn)D7`K46OL=)dTm8SJNvdJIk8}QVw&Vjx?))9I)YwuY|z-TBrAOSnt60ihW zQV(Ay5D{U=jtIA?a+vI|A?*d`6K>6h7lP9l1#dzz+o#-7;Zuf4G_*GyHv2y9G)kYI zGoOaH8$qQM!(VQ4ZHva;h<9W<{tcYpHd1-yVlug?)P(iZeW%)E-cnrCADk?#F?0%RR&7ygF4Z;R zl3XLIf5JcGm;6&JR@la)EIO68b{nJ~s7k0ei4BEEL#R1XDjtzVawCKwfU|*S!JXR- zzd~gm=(8)0EUDI#7Qi>RxV8#Xe3&-8# z=XX>)zd-vW`jJd2LU4lVTD)m#pZ7r8)cWktyj!35RJ1;end|l0i9O55$!=@+xhz%S z<0R&^u)qIOd=_o_IN5D5^3gcEQUyLv-V$eP$vBZW(H^Ig;eBS8^hr4uTA#a`eb$u> z?~}JgpH!pd`+Pq0G@oqOm5X?GE_r@WHK%eR*Mu150wwKB2~P8W0jmBB;G?J;1Z*u& z&@gEW??NnKM4{+;M1^vE4_|PMr?vXb?lE^F&SDnA)-q4|j1t#*!9H>DAUC}QLI)%I z`RTV_yNqBTp3u-l3FPo)bj-NQf{^NT&y&fFU$#V@vCxkbJIlLno4CnaaLj%xHu1Be z31GS}K?-C)_yO^prcD#v|Ev6L5$@sN;2Eeci>ju*a(s(U%m%i2EEzxZQ6RBLjBk^Z zQ#CSmhNp~N;+rO0dgB$u(1S?RIl2HkjVKe%q7N0THBho~_A$+u)`UC!YF}S^ruO~^ zZoL_>hI4a|&i|~^K;$hD4@-IRt}T~;-9k59w`IULzpM>=sO@>p&Q0`JvqL|L+kB1K zmH!O`*fn->P3|WetjY5&8Z6}&DH50$tzV+Syx%4b<`Vb6z#bmv_H(ihW1BAM9YlwD zzim1!mb$s#K`H|AW36A>`&z%ZEsPiaI=t8Km-fHbFSRH7E*3f$`h}!31e*8*(02t< zoc%F5pdj#!P~9eg>jqqTZeNjx5P+OA>r5jG{vzoKKcyd|cwduQT2e9v5}cOD0d5P! z3x#L%5SPW3Q`&@&`$Rd#ZxvIq1U!o=d@|Oou5vX&4-fe9FgO(njGgc*JB5DX;ZsOS zL9QCyQsntlR}ye#bxTU%xOoz4>lTFNk^U_YBKvC~JRaEvYzw>eP|r5dMr^C_=2 zsp7~@S&U@~o}O1UWJMzLFt<}M8!rU&<|}xkp;(p|DE$JR=WgE?s3n|tP5&>|q~m}V z><>774+jhcXSo#R(rk)^Je;;~Y~x&V${uL=0B^Zsb%bd->}vvofY0^ z`>Z%RdU>B*na5{q$7!E9HrWlKDRT}+G+M_0DgoZSYBYd zN)8=1d5$)|Gwr_4WVCs#mMT~E1@^}NjL##bQW*uB8*Lt$Y%`D)+;UEdLLXY3k_H7I zG^{c5$^NVAbVJ8>Oj=`DeF+$wwB5b1*$dH7AQ*YPjj{;}%NfG?S0II5C|^DewhUV^tNzSZB`+fO?M{w<90Z@J$%Al$AF>O_SX zI2u9Ju;NzT6G;0W3HVKls|L*c5vRpztJ=gD0c;vHj(M#*-E-e?FN;dSB5-?ADF5dY9O|wDA(1 z;QcoFDoJz#m@4(#WUB3cK_|3+*?U_yFN`;s;`TAF=F)!X1rMRxQAuGZN8aVx&Roi> zP?0-BM1U;g^dzvRBj8QWnp1U7ICajH%`@gR+1&tzx0sT|FyQaHd>a3WQ`FC2o<4)a zM&X_1#e8B>!KrkcIk1~JPe{g&YBi|lEdC}Rw0OFF;8fI?JuOu(-gU z0bCw!*o$p0(A?UQOd7N6h5eS}wKNe@0}Cj)N5RK!nx>ZT@Ma>eaG)}nX@TO(3#hn{ zwV!9eVRVLE;BsQDXG0Y*xo?*9W(S#T+IwoSz4k<-KgXqc0fNt>wa0q$y~-}Y*SVap zCnc?O3K^z15OY)r+yn({@tU{UEI@!Ij6ryd$V_k%CMV6F(^TCk+pdiOdo{MNcL}0z zd*6KxGVw;fK0$69y$>H4pt?W=04w@NW^`K3q@c?;rVH7`k<$py4Eja8yxwepxQ0^Ts?9wdY^Wqbh@n*yEq48`y!xAht2xFU*k$`M5zQkYWF zZT$<&Un3=fc9qBK7_)RlCx;^A5izn0-o!~x0>ij39``U$MaJXq$aMEt3U#O)%tB48AeQrNf1tmn~c*^m_%&+RpM7X9wbqmR04ic+mA zO08n=^0^#-mlB+vysdSUU3da@ceA--@ju?sneNm}xitIE{PJ6ONMiFo){1Jo{W0gk z#EppuxAeYMsE-96?AAW^e@;3%WrO;@+OfObJyYX`oHk%@2>K`Sf?cfuw5-f%|-Xpc

K6B~TIT$OQsY zjQsla>zZV6ojP)`sS~aSgmn;r08>n{OwRq#LryAFbI_uc8qv%^C1rC0yg;-#{f;#r zlnA<}#@xt;iF|6yjvZO{O-Ib0?CvNA7$GPi6Bcs7|20}PPUG{i;I1(jo5zlJ$c2Eys|=H35TU&=+{z`h^8>X-y|O zk7UQ!r_Tbx1~$lR0H!6#UTg`-^zGk{{Amkl`i|Z66#|+T-?wt*duZI)L#T6!Jw)Ty z^x`G?eIJ%9RU8+z`G z;>l(|M)s2MHP95a`YQK0p_Qo3C3vY7R@>398@3WvdBJRlQsL&fq!GM#dE^lVNFge) zLfl|MX1f!m6zwn?Qa!X5iv2l4vL<8gRXj+mG5FsbNUWl7krx|ecNa>f0>0-T)anlM zH4>L0#(;3(Z&ImBEYw-iU{F-sgiW+1LzBR80dueVn2(lDp>eqU+X4cx;9bNH5b@p` z%tb<;1vn|Gfme?Q6>P~uK_Y0AM~KT>W4rTexN!DhYml=|;P6lGzI<5&4rf<>MSBqQ zW*30vC_oSvMPPZ3=*>n{II~JNgI)lF5dNV8q|PLcp};N)_WU$cfDi?$pL?Am@riqR zARQ-ru$>U0&=)xWzvn;J*Kzyo`%s|gPj~+)@}4^LUg*_oXlQcXacCAR@wv!&1FW{! zHEFg_p60%fsM}+;==An&vh0*2!4_6J_nUL>)cVNgcBT&{j){*oHl>C3mhLO;I(S(v z+`Sk*{lVy#>Z#p-qipVeL7NKfYc0-@aqjrW;vNUynu;sYQOw&Zu48Jx zx2B(rF~8<};}o3w#92Yz!e*a~=RhUZa=W4sIk+j(UtuR9qLMhUwN)!HDb zv`S6JB&~*=7te0+Mg6dmKDAJ95~37Y>q)#l$HVivzb*@h@xsG!*#Zt^k~Y{>VY;VP zc5>}a){NWjaYw!JU4J^WxB}(pr*=THFu~@Hp>tmq_6>B(9u-9pTnQ&)DvXnq$DfNIh(&27})O#b3A8TJ*>sUl;0L za1j0$I{vS>Z0i9h1^o-;wv)$bF4*3+KFLnQ`)u23(31O`7u(){z-2J4&pY9Fcv6ch%B33qd#|Y#RV|=VjFr{pF<>$7PGWK!>Q$m?x^CIVwDMN>H0wZp$e$6(-$H4GQ=w;yjUp%S(*|Z)Q_! zbaj1f*(eu=Q#k$|YZ14vh9*K{Xl9b3-dPqeDzTqig3PLt81H4hQ&oYNqLIQX5Yna` zZc}z;)$cb|t(4PB5*)}a{$B=2BcL2!gP&TFD7!i3s|C{@g< z6RzUe2+{u6!k5Co2utDQGf886iIhc28vPJW z2{?La=v$~EjJgrr?ZcfT=K(ozcAD4qx#7b!O-I+(lrXZXB@ZVWb@8g=T2f{rswzvL zl~Rp-rQ!OwmQw7!Q~OaM4;_i;UH)>be(-l z92x@%wq{5EA!K$ZEZ%mjYC#;cg};(L`2>oMY^3BdHAC-Qz{LeNfH-2e+01sULl*60 zkh~0IHc3LbH5q)6B}TJIZl-f*p_U_MtXfCrEp%P7|Dvug*}RcLOZIMFU-z-cX7}x* z8oMWM|Jl!OKe3yyuT~c%D}3P;z@$%~ARib9HiwBCz~L9qDKgo8e<0ij5WAaGS&oB7PokN!>B+8BSA;M5nKRea7I}H= z1YhEbt>Go*MX+{S{5{#VwV3)3VC6LZK`dzT_f5w;+G;UQ6c?w(E>T;u>qtp0#;GNz zXnm4RTkEqePcbokRkA?4Pm-s!KB+D5)3YcLt36JVr+A+W@)Q%|1)fttVgFhzgEmf* zr+A+&c?y7lNglIB;Z+nzt&MX4d%Xy$WJb-D_Rodc17TL=TO<3L(v$XzqqQEw5Szw{^0!YwhKAmKmQRbSZ7eFI4pC@D=w4)UMV+-S0=8^4;dX52HF)yED%BU7j1~<^p*T}y-pL8qjO#(1 zZcZkky|@Zti`x>Q=qF)go^4LKtAg^H3xW7Y{~X$r__3zRCz=j79d zt%Gc~&2z{qMHzUgGH;1?cKr4qc%NE6&4Mf|gs#e`LEELVi>*HO`9-mdXt!V=806zz zWW(^fP4HL9+KDB(e;6%J@NsIkWok?G!m_w!yHE0I^F9&#)S_#G7pPw7)7_>QTA$?8 z=6&+EZJWd5#_fK|-lFxptKBbi`+2_$F@sCS+Qyg_u4>6ZZ?(Fc9-;5~XJ8Yhon%AI zlG*2(d`5tSgKk)HgDS%T3=|qPkM=IZ8-V0_aEXRXBOd`S_yHx;^*c+-X|jK!QkpjT zPLoWfH0ND-mZlDYXCbW*I@!ghrgibevM%U4L{7P`g}o0s8SS=T-R`eXEboS<(`wh0 z@z9QB2K3jm2mR=T3t4*Yc1^ho?MPlgJLqDN7L>fANej5C)p}&-VK>eqK6*rUJ5BJ< zn!NHhRJuZ9g+sGCa;@YdQH5qiF;_z11)+M<*Hmr1s#xRp-Sj!f+262X*pQs4Z!DN) zlk+H~G|(Hu?(uplo4jSV8D=olcbD=>NXqodSosN04hET`#(NP!-|vv!i)0FPz0JOSAYYCP4GdjV!>}}6$_Yf zuh_w!6}QUWY;0XMxo5 z_M7B&{d;aq@eu9oX=nviK!+USuM<6a|IK3D?~hCG@#lL)zbD(BG=h)hjLGh-Rx9>- zG00Yl&w_5azhVBAWD`DZ_zXHGN)3~0D-aFIV!x(Pb9{@ztfJ&{iUP|iM7ZB&zhbwG z-^RR0K>b4o69NK+{jz_*DJsqF3bCWmq&#zW;FtrLYY+7ca2p7B+`x?yU&}7p?bqdw z;w{%xxJkxpliv7@4lq&Az{iLU!1n-(X}0j92nm{r zN2+^&eWdzZ;{6YH{r2dCU59X9m(ufLSOS|dc>hZ^ca%6u=fOw#c(h+i(}!^$IbGwe zIa$|QU#IUyG`Re3yrM;et>vqEg*INw*VOpWhcK)bHgkCpqZKVZG%M8#Bd) zYkY|QMniKh4`RfkjK7due}Qo?Y&kMW- z+w|Z4@pvc{kNbnN!y(f*JH2yeW+#1D2L`IOe!$H5{W89>CwDSC+b0s1l1tbQge|Uv zIVFZf>(cGyf8pzEjz8s0|`zZ74O$NH8Ac>4CY$Tk8IQVS?!L@{7^F)08NG%0Ytn7B<1g0P^+IdvGNhYihjAOyKH z=g&9Q^)d>5LB~y!m*iP{y>OJd-5DilV2&Mgz1uf<2iI*aV~y{{Tt10&McCav!tZmN z3`Jvf(f+`8s1krT_y`$3VVnc}jDnfvK(c7X_4o|lSQVdN*vQjiO}&mxsTS8+BSH{( zd=m~4q9jkhO5o2O)<`fIu{w0UeU(N&sq;`(1F3Hafg8Yh;x10|B@*%#9f$JtH0A8$ zCtNf;1lb}MSQeEM)EJkBrSJC}d4x83g$#x^WDU}1*^|RJbu3e?N-*SiB^#-Hcfua^ zC&MrKVo`rK?sVS@oF}h8=610?)#cuJ+NtE7?o7m+jk(;>v>Ytiy~T(<7;yMQ221F$ zH4v~mBPNTV@5uw80Z(BbEr{ZJT(f+5F(cgKL2r1CH_Ri4-lh0GyMkoB?!#e@3Tgd5AE9A2&s}qap27ZXR$b@w zL#PIX%G-;yFYs8dCTr}Sa?K%r^#R(?Nt?7c;0sui)wrFu>FDThJf>SS>@>yM1-))O z$|>*U*ll~p#e{;53Yxzg^>z-k_oFbw1A;LBOU@fnnSymEW6I??{X;BT2-uWPB0mT zfoeYYzL2prXW-Qfxz~)q^`{XYNzzlFrY2~+uPM%e2Jiqiaz<-V-W(eGNU+cw%T*)h z-CIkQSWZp`)N;p)jB~m22mPwfhA5(-+xmA*9GvX*L@T}FU7sJ#5B2-4E4_hmWw~N3 z)ed&=-RO)5oxu4nWB3?<1ohg!&mKomS(or$s)BGyMU>8_Y606xMVdq7c!E_ELx~3x z`xA!~dLh9QhpXcL4%RX2t2?U+oUvWi2dew4$Eq(@P1RiZS(##X&z~c!IoZ+PhM|S~ z^a&}WFGco_KvS@7J|*8*cz$2L8^8tFa7L=x*htoU9z?~C=t!w!T||l9+FPAmkw#i; zwR3VXy;&b#Qz)*97<9}leFLR>^inL5ji<{>@48}XeXpYQt}p5L8I0kC5;2(W)9FB~ zMC7#m3wT;ys6)H@riS#0^n6O2JQ0b4{?MBc-cY0%f5Wwf%?hBmdV6}0HM+fx?#431 zY+{*XHnOaz??{DJ4tEy%eCD6S?9}Mh^>o|n)k2|Km&&!uOhv3bUDlcAEJ155W(`Vn z8MAASjO(8hh6vZVi5~6lhe3i$$6_*(ch&%U)EQ))X|R19^`VVN$4!sr>^mXSEdbIj z1@J3#D7qD%78G5;xh&RGjd3KpSlu=MlQxpyS2zsasNQP68ig+BZh_E=nWbQU63#Hq z?_SLB8eyIAy;DLrc9R7>r^ZvN33TiED2FQJ2)2CM!>wtjH#|VEkKV0YJG%DR*gEgn z*t*dT4orAt!`S-nSye3p3!wxv6wUWK-Pl^&Xn*f#2c^OR&R}BLx--Qi#pA_GMP2b} z>zpYDhlMupH0cX-4trqvZTQryLsit8<@0@3K1~SaNcKDPI^s~yJRvWEg#1rVy97{0 zZUN(Gm-aL0B~q1$$s0M6;=3%w>hCdDj0I#Ha1<6HEwX#wbye8cn&6903kP59^|!zm zU*LkU9%ta+P~-9;#HnQ=r40(Jgs-0x>R1>o6X)5uma$Okd+|n4WAuV@dK*^_tsFY0 zuJWqts+F*z%$9Srz6T9+h9ij1nC)6NEBl7k)khSj98N}7uhOZuA=^q_HWi7avQna^ z%qXJrbVAoNS1c~?oD15Q&skf`feg#`=GU~mCNSsgRQ^uB{Fnb&m0xbH1>rFwRT&wU zOW1b6Pj<&eJDw2(*XU^;BnJ#!3o_@poub=kcX{G@uQwm}I9yqg^{S0kSA_Nf_((eF z4LO{lQFj2yMjo5lzl%@)8b``ziF(};H=?b=E>{$&jPY7dbhJ*x{C1noXhqDCdDdVv zF?<6`kA0;Hc!?k=%s-uxu&^3a`ySy|;f<4HDugp$qvVj+hd3EEMYHb1tPc_`&Zyyt zurbYFlPZAOZ@G2))?+u{;=TEnn`e@<1I5|i0sNcUC6EkoR5%8*K07u%>od&Wv<(Y0 zGrg;}de^PGY1=Kfn{~^UHR5x%p_!rML(qYW&+!cx3M<=3zjwLTv%3%@9uY6R+R8sio==pv?$>GpWk?;^@5(SGo7>LhzHmr zOtF<}U_cFFB?oA^`}x~`s;&Uh?h+k8z5~2mjH44LOhBx|HqfBF3GzEn1T?{~m!8MT zq@Pa^wdDRW{DNQc3x35$!Sxae<0M5A<)y2-n>=dUrnXNV+q%uWb=%gRmDy+Fm*Qf4 z=P}_$+B&ON(AHUd6SmII?K_qq?4MZ1mgRO#>9*Up*|zEi4)p8l2Xc`}dYP^?S4*>* z^l_kLe184V(BufV(BzyG9=JA#lV2Hv=0jd}a5)@xzKt$SpCvlGu#*r~x?~Hr#Zc|d zjn6!GQ&WA)Hw}%Hr`FUG-;oMje-HiMP{ot%2uABJ86d6DVBN{EM}q5%#zLhF;rb1=URwA^(xe69|?a1h| z6$7gdH=Y?dJ|ONIcwpf0fHW|=MmJ&`wyoCHR?VzBzDip4^s)oXb)3U`P~f3B7mr)h zSnAr}tj1@**Iljiz(-2+GpS_A;w5bFtn!ek*Lif5Z0nZ|CngTSTmvUx${Z)MW znuVHw!(ej;+;@B{7=`7Vb-dHTFJ5PHzLBaGbK#+Sq*(6G{&UN&L^9>|Vx`(yJ=Rh2c2qjLilx}BqpP!4K6n%%3lAWOw{`@U zgu@1*R@HUdDz*+?YR+o)ln)d?7oJ1;Dx<|>M7^e(enx*BMeLr2P`ki7xoAVYlutgf zP(;MzP=Q{*{rc(l#0!9f;;KCy)*Q?FolXz&O0mroAEtv*4n=S<{yc*YVzVQ!3!1OKCc#jb+WEPr3Fyd@2gdi!=eJ+Hl<=N zlk`$2eYZ{)jG#&s3`Ixq>gTT{Nj?uDonJ{KZc<_~~)HHKH~R@orK=&GOX)h7?sQmmGmNgYo~si$ow z>-)vmJZvC+h8@(GgY+QHK=)i3GCMaM~ z3vSx5Y3$%pm8lP)isB|;e$z(X2HSeuI^ED*p->w;F#5T^xtiU2ps5GcGBcUu87cGm z79=qHof zjyM0HZb1d0-tI>Cv7TOUPfu?n4&^vIlwzp@un;PxKII@kSbaEbP?BxkwuUZMpDWaI ztd^U}9myTf>2gmeb#$cK=c}o%as6P=d4v`bX``b=jODen-+QS_Fn=CI-dEooHl!@V*&L)Ix9TGv84e0&vF0#vxl88Iz?xNp#Mt%|3@K!LN+cX)3i!a zQh>QUhS_w&C^}~_*n|V_&xPh}TKO`fMti_E%1wI%=NCLE2D6GP0m#^uFDw*8U{uKr z25GLpl8OZzb-)Onwz=&WX8gB+;|)}3Jb1mggl_u@{*)9n#gt3&FsRja+LR;?Zy$K;4g_zlXNodVJba zaOYg}{MyrFZzUI=`rR#7n-jgHfs&{t<`U8~|A(?S0g$UI z^TqGEwePp~z3SG!cU5o1umk@YPpsVUu-L5|8JKy=v zxBkBPiTK(08*yzo9*z$W3^ne{SBJd0p+W6{wcpy*HmsE+)rUwoh#KJ|tfkqqdT>PT z7=m334@XBoQ1>o;Abh)W*9U5h0P}bOgVDalzu!|cV9V?9`{)5{SFS{zQ~YfY{>8&9 z7o^RmIP2T{(=LQ@-lv5ppOX1mPr_5V3ENWTR9XiEspSURuX=i=r&sA@BKcSp3mNMj{!h+Hznsayk2L&u>cv2W6+WPdynib7c? z==4pn(d*r{?#FuSo}Qk1tuI^bgI*Nt>*=lDm&o_Z?}=J^>)IY`x0SYh;i2r2{6jE0 zw2s3yBdZzbjVFv6miDGsT`TR=gfr=C!N>Jg;!SYoTiYB|m)y3mi63uy zn*-y=Z{|f2b=(*Cc%1vrDpI#IGpMHD#OZrba0^Ljp54OZO1ez0O!PCv1CcpQj29-x z3(>0(z2f@Pwjik5O-6OC+f%D`ch!T@dijt^sMmUu_j$rS*+Z}6?C$B-)&SVjrHwok zJQ9A$V@>f>`mkG9I9#)`nswfK!m6?U86wC;PSTN7+!@uA@zx~ma3UbdE>M!{^%aC% zaVis6zTDkbk{Z3WHP>8edDluhE`Gmr3bR4=$Z4)nl_n<7y>BHQ*-zU??*~`wnQyf9 z%pCj@FFh?}VOW8p$Y?mMn8^^vU$}unP_(vl;?WsojZxsro1>q3tlhYp<<5yvgLkKcahvqR^=%hgaj_ z)6@!Olo4z-4_~^~<4Tdx(r)IL)YYP`5 z(_6(xM;TrGq%JOzdio)BOwT{Ap1{Mg7E&&bG{A;n8{od=kgGBSz)Z1|AyI>hN{;ZR?+)8eZ1 zV2>_(q!ycp^Y#<&4qXGwbS1sBqYzY~Zoa^k`)A2yntSO2y1q44n@gnpf9nYs(0RU1 z+z-En#-K*DRulcfHl;IfuR4%a#u|{0>4t_`LeWC}s-Ptj3#k)=_Wr_J(YgsJVf z^r@ArbI}t}?jCm7t$p2%UT-e$zGmMpmy26u53V{4=eVfhD?v7y%Kx3E_~}KCMaXTk z%Tzg2=aIy}e;Vl!oT_jH@n_N|PNv(oSt8lC%|bD>>7Y+=G}7~zBM{=UN43s&LN0kU zY*oCGY_s*6#-X!hhAHdFC|frSIkOaKEFN*Y!`vo2QVTOjn2||#0^oQs$J*j%;GUJ@ zW^VtooF^GiE1()=0IWI9&(3A10_-s&KmNU0pI1qwF?>+1lq-*QRXtr@)pEBc zeaHcKbs!Q-+y{*3A{JoDQC&lSIWh5xz>zS_;x@%|%Yulz*V=&rPHL!k2n`^~0mNQ5 ze2K)6>=&W(vQFY(O;ht~!M@7J|4-obklp6kz0BK7qMaSVDZ1p&e|0t4(7Z;KEfl9E zWXAQvgfPPvo)*@DV301zYCClj1{?SCBTVO`>y-NZgq(n18gD$|^$T0LoWUpb%s=5T z=o1_R$hE=wu#Mc?+Z5Ua+qgTsx{bkQAs`=<-rK6ax0P+7_qOo&wy5uIVMF*@C4-d` z1{seH&rD5DJvKe#nVz1R+#VY~RN6j$>AFMV)TMkN2rSdHvH@ei8OR}r9;u!{rc&=A z;bv&=hsMVa>4i&YwA0op>!fz@Fp|T=hr6t!hqE8wc(|v>0$*x?(OE7A{%k8s?#M&O zO(YyNOKKBsCmz__j~MaXYuGw`cR{RSt(P|y_7v@^&QC{?!duR_i|)5wP#x)~Sq>7p zmly*Wt4ra2QnxM|DrOhT#XoFEjDFUZkBh%_1u67z_OgSjne`P%;$p%7#ZQycuq-v% zH!W&t&%F5KHeWrgw;6dVfWFT42Y{5IF6%V%#wb^ILg~>cs0A14fzbmJ`Jg=PjqMez z5^|J#vU|0@?(l7igrRVo6RDfG8BnLN0^xm^fSxYIo619t-hB#rg?2^nw zSKqa6^qz&a(Z)o5VAuML&DNUzMX1;p>FZCgxwK}tlW8e(o&IM?y*8k8kMg9Qv?A2d zpz;DQnAu^|OGcwZD*?vKVAP6MON#(JfIUY^24EAl_JXRgDQUCba5d}bEU1B&UC(As z@Fh06Y?{P{1l%KJaC`26GS-*)`>TlPQ8O;AAcwh&vZtbuvdrYFT* z?syu&qTbQ+~a?T4J?NCR{VUUHurs;}^}U^j1YNO4J&9`iio5o;di5t0&0CSx0f zbUxEc8I#B+M;)&*IIiP;q$z?$N$+S@0odEQXF-@wIxw1CsZE5C0E#B))DxEq+<9Um z_8Z>7%Ge9*wpYsA*B8>osqZKIEWwg2m%^6r><=$3X4vk{*RPMq*I&PR-QB|rvxPe* za~t~;iT;hb$vX6FxZDrRBR0AXI*IPC3H2pdKKCgjUiNwUBZ=AZRT}1{Ew?t=<4$1|PK( zjwMb$sM=sCwKo`&68!GE27$bs!Stwn+(NyHjF+Hr)!`7pa0mlaG$Gk(u;~LX(`BCY3qjo&>C>7$st;|72&mr4# zKe2HqOAXeK1AtL0cYhmiQ%yEkb1mB$r%hJ12kc&t+Zzw+DxP}U*OdtbGF`rOzk{wS z*+3v$@ui!W0AIj|+Z+*_?zdivnza^8)yQP}QqF>pUiW1(4ZJ?!b z=S0(rVbBN+G!~6cfysIR@LLxj2E0>e_&`{R>2jG&Q^znA_Wa`E6bmfAnqr4B5E@LD z59Wczzgyt62%i5XdI263Z0Pa&hl=?YFT2IbZm~1Chk1`J{tWdN&;Ox}B2i|+!gMk; zEnNWb>Lk2#oeqvlw_O(4EkK%c+l@v$s%U~C$p^Se0KgmFc1aJrO@|Kdw6#Z&nu{oL zb*ZpmZa?L|fr^yK!V6W9=S&_SFdc2fPsKMKpRYecg=uys$%e z*=4u(^*QrvYu=D^8Mtz-XhX=uzp!|e-Lep@jMpO?3XNcowdVzy{TF;aUEGc*th=0W zNNMt_6+uC6lYm@|f@~n((io=nB#3wEnWATU2hx9I0UtUec@?k5I~9&mfrJu_BwNwE zV>Zpg+oR^77})MZu*fnCH2~9B|0e-mA_|Wl@hh2)f>n>-W&-sDV(g53s}h`j7ba73^K8`N93Dedv6Ch+psL*Sqokw~9Z( z=Lh)p4fsCw{#*I=_4xcl{O{k!uaDsS?&sI<FiT928dNIm{mFNL8c~P;oGg)CAE7DzVwYy5 z-=5Mt!ya?RX|HwZ#39k*B{mm6CHmP`@mXlMuBUVYGYMLh&k}U$i%@1*D$8RPUgo>e zxNc235*GdAGt!8&l;`8c-mSjPc&o9k;*+2MJYSEi&L3f)5`PIEu?Qvb%ywKqz^|?R zdcW`=><`#}d@dm^|GZE=|326s|A=cBaAb)mpJXopFGi2*$YJ6+e10$gd=3A+8`t09 z*Q5OUMqK{^zgGD5D6XI6*H>L|JjT2?aNR&1 z*)ym<)(f}t`w6q=*Zlf6e*F-B|0DeO-^G9bbLW4{Cd6C7SBG#yJo!=7=QZM5_KlfMR#R&2j%NQ(C1nSZ2{Iki!^uH48UG9)X@dJPHY%B( zaerw%Iy8`))|f4W+WuKrDmh>=hs>6NP*NwjG}&1g8xWQJ)WeZit)eJ`Kz&XVa4oeV zMGZDs-$|;L$8Uf$a@jCY14|k{F|`3HS_8Gw-MuWD8p-IQLGun{nCfn$7 zcWs+B1pEWFPdYXnBSUDmKt%3zc83CZS+gqoASEe1oM9uBE_8w zS8@x5bUDe`gWv+{S@R-nGzl8!RZqk9b&4tvsZ#YxJbPxy_ zR%uQ}{Dyyq1Gro8LZH+D?+n+J&FB$kOofFhH^(-imSN6hU>0ykHurYd!|_?$(x6ZC zgYGo7OrSBV#>i?500U3CRp@<{75_R^L+h|=AU1euqqaB6_WsKwrLreyx5q8De)g?Z zO!ldT#p4|gBwiEG{|fVX3G&K{INn+%2SjVyK_*zD!b}hiURuGlP>4kfOTTKtSUn>S{jB z2h6!bdg;4FUMdf#ZLOg}uH*~%GFNCZzGU-?HHo`#Pi`(ho*f+Q%^Q+p0z>sb5yE*^vFPEi7Ga z@$J8UWV+kyb?nwkc1wQh&Z&n!OXm?VIf0e%-wF{ngP;?sSiw>WRdQo5};&X!%R7tS8dW;jAO!L^Z8lk}d3)(RW<8=2Cc! z99R3i#hG_)n|}9X&Qeb6bXSQQNv62~{}H&cCD>I3#hbBr#b$&`CNY~gxMnSX=?iwc z#6oMPLmzt|evnRc*j0n#V{5zAmPVgXtl2SOi`nemgE3uerJGzGv|&#>A&`0I;L6QBSZhLN;3w zV{9n0U4eM8(L=;ACB<#Rj4x)M4O%p_Zd0`7KrMZKz77Ci{xur)jA!3BM|*OSjK8wJRM?UX zh6ZJm-;Lt9sys3lADHavo*qmrJ_oQgZ!qC9^c9PB7V$Rwn_h1>T7zbMX2;bQn`m&@ ztS)!Rlew-{+tP@H>zf8b#Z=U0OXu>=-g*!AFJV%D8$4qXrWL!6j72Ry=rv=MB=%)s zepzfr752}M3uYy&v8BoXa3vv&Af-{ipOXdOiOH_2>OBtpIrFTr!q_C&fy67gYw%vC7n z9G5JtPrUp3!Rg+BDBd_!LGpr~u`8&PyVWvpvYNErm%VfBlb`LLy0+m=xvrj?Mm=}} zXCTAg`#0!^cOnXL&r?|rw2C?+J{1H5`7@<`d>NC;C{S?mTB$l*Ek{p{$XyGS_eAx3 zZt)-XAN6be-Pyvvq=NqB*9f7I;7aQ3mVGW8pD3IqJdF+oodokiO!newbhYPQx4BNt zR97;=#VyHE#JS-#?>HaSV}LxCb$0hmyf^Dbp;oYbWg=g^ZMf^Qb@|~!Hk}&WTxjeo z6hkw)Y_qqCr8RkzA;0W31>6h%h^Nx(8yxorHYdB*=G_thF1s(DOTpYii;Hgqqx-MH zQ+}aK33!}ApLW~_^rwTN?NQ}Bqz_tEf~T1OwUk*? zv6Xx-yX5R)2hR&<&$_xUsrt3XJvwm|u$Opu3RKfupo%^^s}7!MSue0pow!9}M8d zm8WLH?C!7TdS%;&F-ypD&^NbkaBf{XJ9edb=kmch7|jfCE8KjYDE@TuTSiY|>dwiD zJEse@Crt3|QoP5Dy5e`Dl{WZ<5M$&N3z7|04Kl8<_7Fe?LR@%sGQ=aC=sg(RtMyI^ zxzt{}d&-sddYmj4V@{9O4?XXPDahfNHQyVB48DD&3LcKg0NRv8bNTUrVEsP zD#oWH1^ibm9WEU$JyO!xWK#_p<9`xv?nS#_kYxi%)dtt%hq%F1gt%u<-@LfhF`i>S^T`ZXu8JDTS1CyWL{7*{o9r zcvf|iv1U|^lSZx4<8n@k5=59HOya2XxM5^j4K0(TY1z=#*CaYc9$tjH18EPCTG+GP zGM~d>v2}n}%fV^^mqgrzW^5hl--fKMdmHcHvE%*hgZJ*(aqq(C_IzYv;UjxK2WK?n z{cX(RyP%^_KQ4^%>{%<~6>)DO5;5z>c)T%yHw>~b@C8YuGe^u3on~b}n>HI`M`Q8P z;jRZ-5`qZM;#A zZQIrgF8(7}`uxZJMcGZ>sLPxl_lMSfiJ<5(ZaP2z8MazRxJpUH1ssm3>XW6KG>N?O zTO_@dvk1PiNyPeZLEavTeL6-1+0<<0(|*0+vruyzUAwVOXDfn-X$}yJMAp-wECL?z ziLY*RqxNm(!rc26S0*J}|HReR-R%hu_E+uypEXymxDRdFX^nfFX1Apq`T-jJc>Rt3 zUVzE8T9M%BNYnKbQQAI}=7SD{NF9X>fD|7sdVzp9Y$mInv;uV4 zwzn)1ljl~e)7Fw6UTz0+j^MIr=+9BxJ~)Pnfjb>RR80W>8-n=d9L@f<-5TY{k@qaV z_r2L@y2sdVa&vh5GYgA9+Wx_IUli`^M$Z}OYMYgUFBl1hb#WJ$n`1YIMbElF zIeMg$o|@j4NKa2s#Fe{lyS8j`8?)mnBx&!~ne*MbaZYCs@M8V}`!Xv$N}U{eP90Az zL76#!h9u;P`-tBRFB7yOQA)+_vf#<7w^4s`Dop20c%)GXXgk@V^@&wURX%)OL zR0)78wwDmFuG~sMkmlos-k4=C`rw(+%|pM}8#1`edn=n_(UQ~IV-5GTD(uO{4Uwc< zZ_s9Xzy5qJhxniQ+@~xyRCJ@+$N9f$_x6YYy{%CVjsm-X`uXrHXfLK%q*gelnO2+c zMXe53+$FlAjwnOKMk9now`h}0_j6tJ#pigR4;*p?7WQrYkjIHPPD@~covU?>P7{+o z#XSR7d9b5qbnl7u_f@2u_kCyI;vI$cJ>ib7QQo&OpJsPKfyLg(Sxvn@+(P*&%aqaU zRQqo_u)zh7OK+A;lAX7dYdbK}U4V28RLpP>0?wdzyT;ULyQ9ZJwZ8}JH1e2cpHy3W zfM+z^kMTq3n2;#&aNVZF?}Nh@rj-;y-%ZIS&PQ*FiUimz3VI1mjyg)F5OGDZO3tV& zBIuJTwOh)#>66aZJ%FiK%(hlU_SgLInIp1`Sx8Bac4%2!8rQl{IN- zbU}6^SRP5GM#@M&Al-+0mHblt7VPngkXO9v8IN(Vy&9Sky5i%0ljTDNK0b;+(PqZ~ zWMJ_TscA|;`lO_aR6D59>_8^B(DGojNWa+os?TF4MDJJ+St>vr}xcdkt(t?_`x@34n##o=glQ)zVDw$ah8 zTS4C##{6UOPewo{-qV5;QYD8z;?8MTM&$vgZ6bkmIs1?M*^dsgI?e2z>FVZsihwt|o$Z|0tf;~ElYEMkRw4b^bo-570 z1RTN+Ht&jsT)DMDi5xc@$QV=Gg|L>C87dYB(h@!Q$nK&q+>;B;dr~@!-um1J`C%E9JNB^`p7x3ICf*uzeY^s>Pri`-x78i-pg@<646XU>;+K)(X= zX(3&h`?M4nHI1q!N0G3!SC@^MrY+pHi*B~RAXI=?BFEM>(5zV3;E zoA>;kD6Q~d?H2!MdAI=;m3;R*;R|>YzJQX@t%TwmTtWqyyi=xfayDXdduJV=Hr`*D z)$x!Dx7x54!2e=L(+J+kmIdXJ|`V9wcHf!ZF`f?K$X2fZ3Js;W!Ay z?J@g}x82oKx62l5-cv6Atg&-#+W#f-@!Hy)qy{TRyTu0PsXUnDmTs7cTXo^5y)WPPG6><2BmfALlkFBpA_`a}%Ee zolt1IiXElWxYNs!NDZC2$KQ70gUT=UUA87sZAN-48QXg-iDE6-Jb2LTe&=wv!D9}O z_KODsJzIMRuJ9FiU3FP9HhIP6nST(U9Akgm-NnSehFO9=zU`kol60gAr3@J;Y7;yx0rc#? zUQ)4n`XqOQ0&be50JAnWhtrm1btHG|{v?q8+_|`CcYZjOj&2{=vtRBRig=4jpD9q- z5s~&9oOaW$+4}lQ*kX{pVb?~FeU}v4JzE|E5WUgukGUODKj1g1-_36b#~XEJH!GG1 zq3%Uwq(~B{pM=##aVmNyr;JjzVMF+4a@xM`nYe`B)4haqk4ROyoHWEHfX+Odv}hE3 z>#PB464E>9hvQH19yV%@yBe!Nmh}qLtTT1)Em)a5%4hFm*8F7B6S{0f6%ok9GBjJ;|`6Iv23-vqXH^-e{(t@R{^BJDPm@4Co7ctr+PdiJwzdHYb;&E(Ja+5hRx7}*hB({4#9i1iA=#GQ0M2A?3;QkTFYhy@5 z_$~QE=p;bi7~~x?idAPZnXc?xj+Cvru^?Gep-?sBo87W?))KB|{{KKI5DfWkAr!AI=ykXNt_R5WM4RDHFDlfV@@xN^Ux5c6o<`yC%Gf5IR!~P zRZ1pTBA8sJFqMqSUGaP?t4|vfdW|p}G;sY8c#0%Ds5>(z^3thur{Fr9gToTtbsaF`iuM!jR4LRxXz>|>J72sn6q%PQ)f zEerYPpH)?d(=VJuju%pr+p*$Cop%6op3KFJyKK9zXU0E1BcF-oBph3%pl%RR?MEIoow&%JmK zDQ4uLbFWBYYI_m6hmQ0W?0RHuaZ-JF-@ZV7TeG;%74md>`io!tTD%DBB<6G`C(FgL zTCkJJWH;PkG*nWtg(rIR8iUz*ox?#S!nlK2XO%8PN^&0gOKu0UwRB?+eCBX6=NV)j zy3EE|`~5nhB@&%Zse_$+Ztg{to~XVPjF+h7LH`LpwrtPf_NP$0iw zP`&+2h7t%u{fhaq*ir1r^mw^%L(zF_Jex_>b0G#$Rk1SSDs5EzoP2okwr#^}wz3b) zQKQRb^;@bVrp3Rab|-vn1<1Hpxz5?GM6_t|C~T3Z9ENF2GBo8+1Pswxm&I=QESYwr zZLaBP$t70jzLL7)WJ@1h-wpBxTAlEV~l4tNVu|R z;q)Chnv&|lO@RjW)aEe`__$bGDY~FZOWVtc(~kuP$IH$eZe26gjrJ_AcpzEu8FbEM z)Z{VhZAtM!5i!+A9!!kx=x6sXzOT@qbi|rlD$VI;SfjatGW{6xGX=2RZIJJWR9^uO zGB^R=paTuQfwS~XSq+q>!Lu8>Fem9T<1=tHI>(UjA9Xu~h{hFjqk&~K=9VH6$*ln* zqYE)iuH2JMghPZp!>Y%$jr1%%cka14lqSqXHobLg zF*jQBTZ{`vV=;T{D@e3M|57}l|12!{FDX_ZkIlMxEELmz!s+5LK&O-iIB5;s*`p^S z=;yJZdh*=r=t0AOjmd~j3-r5Ir{wWEj4qv9)M^Bu$>c*;p6J%Oj1I3ya#|%nTFQG` zUJ;G?#Fj(R-J%n9#+I2XMP8c2AxJ*+71lmQ2-JUVl5x6$0eHaze8vdOP#Fd`DSi^{ zt3$QxkA*5;W?sD3SC{7>*zpVGS$cPD+g+Z{Eo>~$_wRmye9`MM_b1TXJ0N^dwLSs2 zr{;(0DYk*S79J?$EPMy1Jqgpx>3Yn{9<#6$zEi$4KFtaLDgPP2=7e-gIwNV0I!`!H zInOw?&*<1QTE>F{r%Y!|sDttOC8x{i)oXNGAz(I{%mD$J)OxSc<&^wBi`5wn1bJK0%@)1Uv>lyXVE=%L2w58G=EOT4S}Z-Qz7TrEUg1#%?j>U&3}h5Nbg08= zlwf~huY{-mFdO~J;(e}ycl2GZq~q&sjvcZ$lN0sI!sh5`d?Hlwa6fnmvgz-+UvNrA zkuG4BlQX7yU=Zc)*|1I@&PC$mKH=7^$&Nx1lg5ZRD9UCGI0MPB-~;Yx=x}&aH+PgP zleS7O%3$|QzTletz z=CLxn%2}?Kq=n7)u13RajFkt|3p-49$*|WEK!iTa&jYeAUdJ5L!U07}(gse-I7kz8 zn)1MIKUP~#Fi}?UnM`lXGKXac6ueB}n@;_E-y9*rM4mZdVNu_$)hd zc1jL-i3drLI=+izAtL-qDGH=@cGMA^C-CuN;;0z%v)!r5P3wkwFOB9x*NqQcxh^$1 z@2OTY7WT2l|FGpyHpgP!y`@?}+G9`pYvc8?E1lk+TFE}MAeE|RC-}GlTlI(FAv=t|L^YYKr$TnU)oM4Gq9(VL!Mc$B^G(>bd8+MlVM#Wi9wwK20a1fTRW4 zL*Kz%$Vc678v@X*3uFXVR~2axb8zCb@4WN&a9=fT3I;dU)(wV-cW*SBwANZ@bF&gy#s52lL%bT+c z3sPR%h&fQtf*-&ZEs_3WQL|&6Gu*}Kv^ZNr1$uc(o{E{NaReEsGA!+IIWz(N_?l=f z!5nC7V9xn+K3yEGVE5_B+3*~ELpXCr=jQ6_oRHb^!nrfAL5!;jogLTllH~3ZbI9#j zX`cH0D2@C}(> z8h1!D>o*&mE+iYgsHURw)DBt?B;$}nz~F>vy;MyobbjTL3*N;OF=%9e`-B{_tL=Q%KxEa-5hB0(xb-T=#o6)5K_P5Jp(6-Dd zNo+Zlc8eN^U5{b|l%btEcZPfhU^LX*&%yb4251v_rK(9yS^~twD87jwUhwnP&wS?4 zG5kC9nSY*|XQ{=P=cncuUtr~V8uw=q1Kdjf8U$DgzsGg{x1w275+s}~Rdj*5UrE(^ zo4$A==@$|bZ~<`mfIU_#lewM@GydA{w4~)I3|H7(4uE0 zg8t2^X=9_Wr`~-cek>vSj|GjD<5o@P_>wsW5&zuF-yzYCJP_1XU>i}?>?d=lP}YME z3(`wy8m8K4h@z=6tR{p!rmBkkI^#yK8UkqYE^jQ1SWm{?=MPrAMWy0DV~xdP)&t*i zMS?-;s;3w4*6FKpgEQtgY9C8pwmtK1*0}23t%$}T?$PPvo9_I>;!W>*cVli#YyZN+ z$lSTt*ljngzr2sEz)_`iU592S@sTB(eN2ggW=?-Ijt(2Xpr$Fo`yXmF8&b)YLAWtBt)@k2j1AwhCJ6UP_apMLq&c8pO*c9j zUp_7U9E96{u7qkzJkEWWjz&V_0U^mn{U*Y}Rr+5fTsR!E?EAVS==a-qt|naKB80O= zTiYhna~o@utxGaYwn7 z4nIBJ?7z?dm|yR2)O#Q4c_el$VfG#i=pD>1B#&Dx<>MMiJqnMJ5yEMSHWK?^eC{WZ zexTm|*GR8ZjZzeY?*}PijQ~rtlbPD%?`yhOQB$`Ra%noVZ9X){>!I;Y_DCrjjL!aV z>uO^Dx!q~fYAk*a%!a!-HSKoWy|?x5P%_T%xfh>bMavnvdrd4<%ldRI?EW{EoRE>O zw%)FTw3${0CM>%w&s$!xXf4yo-1oHXUOhqsvaY5(tb0SJ)sd_Hl=h5PtDR=r?H>KO z+hi31jZVpwAOzT{dJcZ9{okcDe#nrBb)TZ^rpRu%2(Gy>^)|6BYR5Pqmv+sz7+vjYzOD{y#E?}BNSk!VEoum(@*&SF%0 zT}`WKC;7N^7#A&b*y3ujba>`O;tb@^1A5cA=YG3cBkH!(P-)R{V5uE}Q3wbWKX_8% zPo=i;4Con0rbozEL{%-aQ1NNvrD_`y{3}vK}?YH?zs89$+@-(GS zYIT(!_RYoh{o`G3qfUH1p2@`JOorsU2K7sqp(pQ?@SR3+27f}a1!iOyY&IqULXV=~ zC%xeokAm+2Qi1*$D$u2tsd97ap3?KBS4!HF5(u|S83lJ`=%dUrAtj}h)MRQtrAwU= z-VnrH!p&IRa^~R@-B3CnGk9mh4+wynkXoAK_WO-+mX4k)kzWX)?bNZ8w2xBhSrVZo zym$c+q#%a>?Z}{MmrKS(|36)v7C#x>RCHW!i)c%COv5)Eey`6qyZNfwq)YbOW^I|V=HSjN zt{Pdq1Bp~0Wk9TJ>D|dFv1<3mYJkyNy7*dtOt2vXtRy_B_~n^+mSy20@kU!d1?rUV zKC;w_DJNaQme;Dlc|fTQ6VO304S%Sm&PC5Z(2wdT&{E~Tnn6L1%)|D_?4rG#nkhVB zcOH-250AIe%BQL4^K55~(B31{jCWq$e{O&2g;EKRi1}hANfu!vu9)=O^7b+n$`@bL z3rX@83)`j*?PD)Itaah@N;0PaD<`KQzU8A=K6=$PBj=eopFf;`1jiYX$pw<+`{If} z+Cmn!vlYLO5Y!a6FWQQjlwh=Fx=%4rn&;6{klru&!!5Ii?uISlY`X{P&Q zzToln{ZWfYZ`Mo4H5~tVnNsSphh#O-iIb@`w~Hu6PNS8nE|eJn^)L0dTfr6DT*)^R zj#-n0{vvVR>|1OI%8>COlCbzcSvHaP8I0oM-EXxuxQ=Lo(eX3h+ZkR3)I>sa6nHOq zk@>?~wCglPmUF1F`F9ekz>4o=fSVD} zhgs)b`pz`I^LzB2%&LCp>+OD}uj6Q(y%#_4qR=&k{XfGJI*d=RC5JctX;C z=vWkLf#(egD0oJchueBfQI~eO00IdnhK83Gt0#?r#p?_-);IT`zbpv@IT7$DKb!O; zr2#*Si?6<_#%1;_9$)G|zhm*wc>np6p?EwLip4_h=esv@K2vG;;|}crUm*xFl-8pI zeIO3%X-t&~(Ud^5crU0(ya% z{URw&zYORX1pPd3L%*i*7t}%XtYU|FtjKsM(E~KsvnTNkFhljD1ic%l2iWIl6?#!V z`AYWn?D?!FJJ2EcK%=KWbaE2hOL8*p3AN<@4#oTX?rrwg--hV0gWF_>HMN57s(>UG z_^**a!wsw7X8{(^WxA`m%YOeg80<==y0(GfOY0yktplp#JL}Nq@#-g|kEg)#`V~^6!||NUfrPxo@&7N%12>Jb7`Vj9t#}QGZ1gaJ0*d5}jAZXgXdLO#j0=D+##9JJEIRwF*Aky4 z?-Xdty;H=|Jo$$z^Eh-1F*58j9>Rro-%P099z;MXA&!dM$Rp4GE;}+=yzU(uR@*$B zL1Kw|!ifNzWf&*xR zSpl6j*sdr06u1g|h`WGqPR~k~dTYGU!@6XGJtw%DA9ej_msqCDGQTYUXIX@X#D9gJ z6%%fHA^+>Vm~FpH&-fy|oBefGOwz9=dC!g?C7DcDGXEm^KV^~k2E#k_tbS4C*AWr% zWHp@01Ir79B33zhD#v!^m;%U^e#z_8h$du|L-|FXtk)!Jj7>*>U!xg5c{cGzLVP~K zCV>TcOF}aNC!x0a3Yh=F6KKwIZ|!lR$cke6aRH#VqPK-oV#)L+02XoEk(70QT=GK` z=}G`l!#^&0C??v8V!@)u8sY=m4G5fE^#4*Km*R=>6y?>Bkqzy4#YuYMsmk_6k4Fys zD&?~GUSGLX^8Cu|1Vr7PfMs^3I~!%y`Fil+&X0fa$k^B)eE7l3*|$;yjbE z`EZ3yQuQ)ATe)7=Ia|@()X+Nw%}ndqG@)^fOo)!|RcFI$z9|ZyCmd(K`h1pW zgrv#1D~UW9+_{S!6wn)qDND{LnC!@dVtF8tIYx(#9%HL@uu}0{K62xc+}K=SvM(1j zBs>G6U4}EB3jTKPShsG+7mc1j{}fgHS?rQ_H*^#cP=uEwrg#?CZ&mo9;w>mR1M}(w zBK|1lR=YMRqm(01C}urV2=yaVsauw7vMA4(Lp4^o3!Y(eUWlXc|IYgJ_|GuW#kyvr z7K?&v?^y#CD$l{fMT2k59z`B=fKyQm&ZzVowMOUQ(rI?f1Am>;?|8Dtxn5sR-SzH z)|*_`Ymw9yN_pI7^KJWXI}rTN;E36{adNXp1h0?{bcWkNMdB;iU}=@FSRtMF%9AWq zSmG<9-Ba8K8YjMDyHvgs1Nm~oIw__rbSJ*Ef=~a2eaT!vgH>J8V6*iE9eL2=Ey4!e%Jw62CeBs3BmtbMg{hbD{k z-l#ySo~IGG=~P(!m@7@~JWn2lrYd4pJwgnJGPL;S&@3ftk(F;3*$#U>QY(i2J9kl0 zNW6O_Y7SW>qtEe`3rj9Op)+N|ezYO{)csUzvGW~c<)AU5$J-5oH-U!uXbfY#SRBnE)Q;iWaMfvat+cVSV z)?U^}l^LnEJDdHR2fF^HQvzko}1V305Gx5x)P(2mK>D?^E7w=W*T zf3#O_s8$Xds}}~RNJPU42c*5{UgMa7 zRb(Py|GX)*^42k_|3WnC_l!ef0WgQv^SxV%5m3m{kS65Ew0)R#O;+TivL+!j+1br~ zb9K!5VN|3a10hvXP}$811TR64HYwuAlV*@Ye{oX4c1HmUyppGR9ui4&ynGWi-a63q zW@@aCimZsuT|kYu3N8^X)LhUfp`%k==^e@?wytA{2h|Xk?4eLnx4(x@ETRW_E~K7X zjvdXhiQKN-%{fi(efsX$aYTrYBSIwEAGk<_i1=WR0u7Yni?Af-{lXka2>JbkLhSbr z2mQW*AZ{~XaApbjK|A6;Mi$Jb`I)usx4YoX!o6G<5<|s2KeN=+4LT&w!B@l^K+Ri~ za5Xdv02&2h%Fy(w=$Yu*s3w}COgNEO^ia8pH2pB**bl>>Z?H}uMT!f#EPSZ)GAF}k zKra}q2BSqZ8okHc6`*Ri0ncikLwFlOH=f^5kAzQ#blg4)Wkd5paJwVsp$I`bvP&zy zVZ-#*S5ME2M#*k>7}(XOXpjeL)nA}dC9j;N=vaB4%U8-+*3a|9S`j^{&+<%7g=M@Z-O!TRD ztNnQ3b4Feg`R$uj>6?L(=%nm7N;_7%SxEsNGPlmRAdf8no_oA(-pk_Ns&^DVj{%s4 zn*OA~{F>B2G8IillbZg>KyRbJ>pd22f9bH4YOzt+7u`|DqTP~K=xg5Fu>?=IO$wCq z65S{@rfq0&T|`Zb^)Fe0(0S*e^L6YE9ENLPvePk0)ktmQ550tO61ERb_yJYZBT&j` zJ?I9WaJuA>!|KiEivC}jCA-adr_pAUf?m7L=d;$ z+pu@-;SYS|QugAK@%Kd+{<&SQ69d)Fd|z?9kFSwx_k9|B#i1Z%E1HJMBhQ_vSj)DZ zw`7alw`7Yeih?>qJ{NV2Blx>%`abda z`PcA$p)YAfYH4MQ1rUqS7@`xRflgD*4BxNXy^rH})cGI(_qI*O8Z~Z{^>s|%l{Q(| z(%--#qsk#s$f&W7=n@^&?|yXYyXjugK{Sl0v5vkr9fmR5Z)<4Wz<60PZkpsjC^olE zFi(oiHNlvDY24g5CDOQCL>H09tI`(@iS2`PcS{j5Y;`a#({|TJcib$J^jYNp_Qr!9$htx z!J|NJ-ckP!(O&&KOSDJHrW&Jb8>bk%`u#L^_50hjXDp${=u}-CDWKA>f zi`h$iyDwdn?&?Bo$vy9BSu$RevpVEVH*;eHH&}xCXm_u}ezn`<@7dDmnv6tt_ix%e z5@MPgP=3UO&6wX;xji`Zq>19-6yqiYF`jSzb2C%?G5`bVLx@{hKs3nA=j2Viaz~ppJ)k|ljZcDQZ|(HBGDOZ zNq&iM@bj&NR~^3uMO>Lx(!;V6+HvHzPvU9#B)kG4w3HsPpFm>6)L|r?N5eqn(oD&$ z#zYng-Rlbm?)B5 zic;@}qU&I+=tPb=cRYyKct5K%QGV&-zyF_ggMdQ%Q}KA)<$yJ*K)?G2c+Mk~m5^mh zKywVy=yOfUo*HmUyl$iEercAVCNLb(oJ?}^LtmIIfLwt}=DIZ_lU3J2gC`wHTr%G zB>4gKpQmc_(K0K~x;!TFuHnXAk`?ZOXAw^Z9@!ifKGKjt7`Ve;1dU##vg`~z9>fTC zI5#*%jJ}N{NA*yBO%3-Fsu2!nHtSw?8W`9uJ}Fv?*gdGc%&oD_4DHRuazh30S^d`cnJqtXFP;wM z>)}K*=VcmZF{Q}Hu?2wR~dtQB_fSdh|(M85u+d9d<&)p(ehhifpu zUR{bA%et-^jecERbcj{|C?SB1)Kwf*%%3RnEXCPDif1WOtS%Gcl}nxywEpGE{oF~? zC92hh(8hTcZLVW2v_T+#d+i-VRbR-C4h!$p=`<{wNJN=NuYIS~a3r`_ z)q!>-qFU-m9<^qjyVBI#R1N$8#FHBRT?S*StG`zsoUYfW2jlhruB78Gy*3%I)cf=K zW)FL^(FjczQ=75_tzh`tf$ph+cw%s}I&f_`*c#Zpu{arOG!{QM+87ue9cYYVZ+5jY zcHq%`8b!8ePa+LENECr9T-f692?h!IQb{2u#l%2N7Zrr4E*8)w{Rvr&wc?_#eSL{`WeEFfskNpVWM+G6sLWygLazGa z^S+)no65X!Y~5|wU0t26j#YeG<7GN=(6zC&>m7HGFF-iLKHJG_$YR2_r=i53rJ6@x z)s8)|)#^6LIy4WD3v$F4kC~}?fmg3Xex-EW3V0xO$m*D>M38$AURoY8tXkUOe7ubn z1O5wp@5o5tCx2wAdYv|}iTq^r@36;4X#vkj)Y*G=N$P}Wd!$LpocTMm+Rr(O{n;yqss3j%%RITUS}F8>+3@b zH4d4G?Ly;9wIk7Ji1bW239{ixd`$35*wYz}B*77oNgAUq1u?@I^1_0mjD@rti6*p) zl&;K6Tj#iQlu#*nD&w;_9ZI?m!>W|&>&+po+e{JaHIIkjSiFx5FN z&B$p5#lz*{%;3x|Kw}uvpj}qgFnDVwpxD)1D*qmgDUtR3A2~#SHGYs4}qfh0`(U=B~}InJixW4#pOr-!hz8?{`MmWea9s zG6j8Kt9l>{H{}){wEQPcmKyOjee1ry@=%l6GT-b)8%SN?WIxb6uvF-SiSU6?n;$DsV;5PtY5bT|seho@K#*F-LbJ*8(4A=p`~P z@G{Z9k3XYE3eT@n8$P;L_W96Mujk~h^3COY%CDEtmvsux%MtSiAv7O446o+M&4X;P zfA}{tlTS`&=dTYeWof3RWx2GJpM?EJ)C+bB?>ru zMBRAQ}U^EG27@}HC6s(L=UBlKW$lqV{pksuM+}mI8a#Ywe z6;{yF!XAn@@7}A*95mH)w@Gf}^RK@8)(bLd4f`b{P+{yjYsh0W zTJUNok7-}HCVz>Y$79+;m&}deHCPS`5|R;*HN3zE=CZggx089Ef4OXjso%Y1124&K zA(`hkuzKg}^({ftJ@7QziTsy0t74|@OAF2TGMACO9qR6?)@UcPYz<3Ydj$dC2P;U5 zdM3p#y5UxAHNL3oince_+b`$^nFnvPjDZ!22XDP*k#+*5ntO2JI(>F&oyrxyPD|TH zT_{XsCNZzRxu`|ZJJ}3EFmd{th8u$T^on480k$ZseCJRfSO54c7Qa$q`d@?)P zKS5{o3-BnB4t*BrNK#8aHg6|eOJmPx^;1kE;8{nW0R;_-Co$_5pmuG7_H=>IbICV+9B<+<=#X3jZt&TMD)ea`IC zj7BrkXqRk_ZCRGbi#98Y7saxj*h!qmjQBWOco^r#u1F`)pL&zL>@8YuV z?A_UivX*Q&(d`PQ<8t>TB<-%K-X)yqbn7lpXQ#)dyRG)XTvCfjZ70YMgcsMGHX#aF zq#3>wDRE4m8bUER#an!+mY-=x@!?*XG`H-J-|9Erp3SHQ?S|ye-rD+{^R1pzwYF>E zo>$ioSjFWJt2@Jkr56G)YbaWfdQ4-h zQfn6DQYdVB!%*q_Q!mhj?8Z5F^AUo z#@a2qBxuvS(YS{MA3NVqU=eb2$k>9X>|gCj_cu#&)3P22m_9V!4|@Jr-n=hAkn^~W zPLyjc#-s7hq}!7nD0tciBM~dw1-g7z=WlB+&015OR-dZb^BeZ`_E5dn-}-;3XV>lQ z>D@Dyx6jQ?fm|=>UH*vxUYlUPJMsy<2vCp65YG8`VRNRi21DE~tU=Ed&C+NlqAbeD zWNvRx$eoG|4^oQdu8xPir$IqKoPI2+6(941nha|oV+~k61RVlGO|+(OdVg4gR#c-I zJV3GJswD}?lue)^uT{&1quUMkDly|JEG3TM1(CtZXnN=K+<&0+(-&{U4(Fi6dIBzHcFG6;r+p8o9W|bNY z?%*I;pdr)D1;lm(El4e9fs_U7Oa|b=f|pn^z^4)frHcI5+1TCaIlJT=$mchwPb9YY z^j+&S?AcDMGGbAz-UlC~9<)1bpSWZBKOcGUhpMoB)4dy>*OR~Y75%eNaZJbkF?ywc z1v;)mRo7nl^l;!UU%31a^#Q!_MfLWW*oJnFb;Nq=sCuu0IHM~!ZnIWnZBd`agQ6hO z;&F#c4X0>%UnkXsQlMoZp5Ri6IyEtF;HKjMa1Npz1pX?B zgb^XK2@xy@-aNym-(ywd z{iuu=EYrcO^8e$;ZSR^b3H+8|LvdO6+nm9NVaFhiehuiQc{cu=1T2iIGV8TbRcW>di5WpR>3T9r9Lvr|nX ziRPt?jME1Ci12*Cv*8$`8WC4;6TnyFzq$NdQ&UUteecit$o`-IeE(AALaj#j~@I=lTV!N58^Q# zht9oKie>tipUr4lu$(55=-u$UcHQVfHA~ zgGvTP3Wa2v+P2UFII;a?p(bD$i4F$AO^}PMY;LE8XcJy7S6$JJH#*Rn2zG7l?VOBz z^@(yNg=DWcI#fvnYBMALa6S=sIt;%S?ssJR%Z0X%SVk|F+7>`e=yBL3#cy=w620v~ zr{j8SFzC>9r$e#@Qng&Xn)do5E~_Z)kuCmIvDoI^Bdf^FvpuI+5Am#|xHa{(m7;aw zq&0y$1S^{Brc;iLkxtB|)Nn|0s0}wYI5d4Bj%z{ zI|nw5g;PD1N-PoA0$p0Fr(CQIX6;wPJFboMi*5FDDJ5MiTSB=~F4T(furU%w@SDQB zP+yy>yVY^Pu%>x$*5f!75CP_)qh+2fA~;JSw%*66F`1HBog_gNmDi8=WWxE7y+7|O z7Si^%j{Vi%slHfyhc6q~zc#eV?+S;)dV50B?9%>VFkW4o?wF0(BSs-)t`}Ls&q8)` zT(0i5&vIa$C~!CP-n_>(AJX199CG4lJZnv^P7DZ18*K- z7P<%G2d=mKB2F67Es^$AL{r@;wF-v(`hKhK(i&rtLOfuz2O@@_#zfetUxL^57;c#o zvRZdM!`UzY!;{2W^@Ypl>uU+sTF0X@?r$4kggg%oj5$<9u55O7kirfV=M(&S8()gs z6Sj~oVUL$WlC`Jd7Bej#IUF{IXMmMOkpnvP-7vh7o`MO|?7-73ODHgch80^2`a8$s zSESN_Y(?Iq&@xFR*$+g*+8OB0_O)wMllgTsoq8!dT3-G?>(^^xyC)shtL>hAyWJac zY9aMY16#^oo9#oB{0YexuMEXI#(cr;?d_8QvaIyiqaLq<@L{ZrS)2QP=(7-{yU75L zRiX0Mr>I{OqkK=$E7q&lR>$3Tg#ZlPf9P^gA%QjYmbhb#bGcoD%WLR7uj`;P%_Pw9 z+CJt|lOQy9Nl6skDQUOOam*{lFP)o+Y>l9h-ae(R(5c2sF0;pYY%QF+%?w zUbB68Wc$cUY?N`8{vMN)zRREFe+HY>g$PIx?S8sdXBea_HV;}11UMcAbk0yX=pD0$ z6q&QtVUSJOgF%aT!YVj?6Bb3_pJt&0MDYmT5$mUq+0QfA<5+`~HmN*#fHm zCty2gao)?wHuZD2*BhO)A!8+dFzCr9`jdSrLm9BCT}rpC%Y(Vxz+eqX)q%eGl$?CJ zU%xfm-E9qx0;fJ7l~q;w%p?Ug={}~c3m#|L96&?{Wd^E|)}_MGI?v(cnjO?k8-((c z8Tk#jasdWce}CH4GH54XV686t1NqUZV$2uV6zCfi_^-wSMs9sj_wU4d=;5)zn&EQ> z(lNnw&>@}|9L~_k1T;bU5k)Y?je&aP<~c2_T?JixljgNpwgkuHx81Ry*JD|aui)M? z<1w@~v_?GojQ$&Xx*UeDHB?XdeW5Wi%E!a@7)SQlG12FWG=e=@Fv`74$ucudH4QUs=5rzA{8s7B6Bu(rxas zXgDGl$gzNLQNG!4={ zt7}yGhhkkD3e}l>KD;TOO#kIy{v|&+IqB*&jB?oko$cVZiZA57-WkqyKR!Em@JqA& zBiUjxn=2ME&*}U&hGd)*OhKWVA(hHhdY|&`OOxQuTyFd-iaAE zeN%@S6XX9D{`{NvU3;S&&Dk}FH?6hzpdh?6a_x;LBprpY1~nKkPz{?Q+K`{jXuUr*yCkZ_s~J(4i%;q%ot4sGdLP{uuT+K`19#3fZmB=JzFgV z*}z-G(`?uvoj2q8$i(7OOUC-Addm9^yU*wGs-cii8eQ+N1UlB011FHGP1}{2v)l>7 z?|Rm$Ew7Jfq(k5diTWl`L)+v}YuML`*zeN2mu zi_)TYw{}{40)!uhw0kVz_2qTN>zW8;GMrs$(SA2iHRkamOhsH!-Ix$lvtBb50i<09 z#}&Na?5bKTGUjhaul}zKw{+CpnRLQ_Pp~HwTbh{A+uI9!%UJ|Qt0m#sf$RIO4n{^d zZcL6G8GQBCgM7#$ivnoBMX-LG_Ve@n%NToaJsMRs`!s0bV=nDhkE#Y7Tm{^=vjMbv zBa_ACx@Ml8X+hI*>_jXVw<4WNHaHMKQp_UAf8K6n3@ths|C2viTC=9>mW^tmqv+&! zgLx5l`JUN7{nOb$_XK$KOQCy@<;0*H!iYY6?ipW?C_m%m2zz@IPO*AEXjS1KH&e3&o1s@58`#lD7X+=kg5AZ9e{w%lkTC z`)TL?^3{hU{gK!}@bK09+uUa|uy+ga>+Y)ui>%bCKr;}h2FO|Y!%ZV7DEvSa-_BQNhtHRN5 zcZ1*(4S~oyeF;s#FllmIf`jOp^b!<b<9C5le9vYG()JnYIBvW_3~@7B`oC2wk|7=F)D zf3;F{CE`<=qZ{gN=iH@oQ9roFRqE~yDe>}1?!Z3D=1}%IT>E+}IA=EqF8%@3QFu8t zt&t_a!|8KiOdmrD%D27+8AAdE0>yAeejIf=Q_KqgRkF7b*d-LF04T)=OB?M;2} zK7`-G=iXmBx&goOlYf9N@K*tojLHkxFr|9Ha_gye}zkc^S<0d z{kFb(ya4)oDHVzl{f40N?-RbqX&76STU*aXo`~{CqI?yOOw8W!aE%wFmnC5e;PzNJ z;%fLG5F54!Xun^7iE$e=X(1LC&S8mH*A}C_kM^ToGudPag;9p; z^Z>*J8tz!Q;eEi-kRK4ZKW`@JNj;gQ4VW4>H@GU{xw=UG?BT(8eW5kI*IO?{&&P@% zc=%0}3vA8bIF9~$%H4Q8@ND36Knz$KYK(hAcm+`Wn70vrKyEl5;KeHg0{;e#(-ql} zSIvI)g7de%Yv9IXsSvSigi;ui$*v*%zaJ=m?D@A2X=QCVCI@k@@eB%@&OAj|1M8ob zPNXJ6347yl&$FJFJ(p3)h7CzXBjNZ{Zx9I-vXM~G0Nvj%fj0~UxbHATlT+a@-ZIAJ zZ*|Pgmrn_s-Zad^J?qx>9K-qv+!4XS-v`-=I@ zw3c(I-gpwa;Ot8;g4v5C=cRKC_|1&PcTSh`_x;yNQDOhv=RTp29uOYmZvb9U180?MDr z@3|&_N_c6ouWyi;VOIYfm^`h#WVxRc1^P)weL?DuK?#3tVh3A5K@l$ODgKY3i_G)B zp;RskZi(~ z-r-abbpzkqIt?onB}COA{KcC#moYN1v+>69ZK-$L8x;>vxsgc^NgtrxP@NI3K}{%P z;pqLY#u@*4FtmI@Y%m&X+ndKp!z6B`cM?Qe;Ah`5Okz@b%P<*X${W`(&fQpVcp4yh zJ8kDD?R)JfL5-E1jO~pHu~33*aMTs7E=@^`VBk3;S#fIae=z=NT!=@)|Har}JWI$n z5F1jqm>^z^HQ=45V4kJ7PNK<1@|JnDNJo%&H?jZ3QN*zS#20SjrO@($>I-;QTVUes z&G&Y!y!XBAy(U8Z7wC&>;Qaz0LOp`Lnb?O7jJm`h!S>7`-!mAdxKoH8L3&hG-Ua?Rt7h^0CV{~l6ojgV^$Ln1DRRI zCi)G=1$q#*@^_3Alz-o+lgaXyzJ#X$O3bKLwket1V5b&xEKLCwb)OXO+FY$PdSc?W ze7-VJvIxsRL!$~z5Nkw8vR7Gc=W}=^qi$@dxkkfwRS~d88bgZFxg;C|^;b@FwR*&1 zWP^e6@VJ->%?E=D=hPdDn2fd39}MD65a^d)r(T`_y&~gb<~kCr#+}j{WDTyw|M|A} zevq;osou6II*F_+hP#VN>6_=2Z4+jK!|}(zM+ps9givm+fxrsh~a1M_J1AOiO( zDkktftD9h4sHhfbeJ|4f;(N@~++UzJ1W18_LJGl(&9$~Rm;DUI9iC?Y1`yTI%@*(t zyn_8EM!A`Kjq!c9ojQY+DI2!?D$!BuEa>u1M2}$S?~CXi@e@e&*lvvq5m0JmPMFlF zl-*|Cut4;@Z~^VVusmkgwwcn?5&y#45GD@zaEgs}2MYd`m?Hm5v^V{(q_Dz~5zzePD1<9^i2KY`BoSvVb zzWQzE#TS;(3x|L7qt&w^`6Pe(>zEH!0UF$xi9n7zB0wI%ksZa z+n4(-qN_Z+;VH-(q-8ZP0IS8kQUe%|GG2ftJsipAO3k3~Jbn^2gG~1jnnd&JC<okX^ACB_}jRN86V{!V!$m~bCu_t}wZkc2Tz33+7I3F5g669B%6ONeB2nJQUrzf0( z-cZeMF5r`3`+~l^K!}m2<%N_GW}Zyq0-&O-g*03&e<1ML&Vk+a%!xZPd&>OY&-AUS zuPZ8u72V;lZW}ms5KV{o9bCSqv({JqGS6x>&9NQBSaTRFZ|XqEjSaC3BylC{825yY zE?kjXNYtH9&jiBa)(Kg$u+~8E4=B1_qBg}8TI?s}DnvQedxAgo+WpI)JP3hU-iLn4 z0_Q?Jiei^;WGo&fgfSKY(FQ+78{W{Mg8o3J{G3D&D?Kdqr~@!FHU;h^8cHw7*A>-p zRKc+%IzAQCKQ$>sU_zhbxfToOr=qThL;QqOu}y%J^5MvYVm5N1L1SNETex_^+*!OL zq?UQhF!#K_M*4!@sFCa!0u9}H*xP`eOob_GIwo#C>~Sf`y@RGo^Ui|C?=9tNh;?$ z15z$01;k2c7B#ziF_uimin?NzIJR2791D|HBbnwlM#y|Yu9YbdsOuWLk{qN2mQ7~;k9LdI~t}Pl6>K)ebEs`Oz)5q z&9wWA>%zj}{JP=6#DD%OJ~*;Izv;u1@y6UjXK{A>SakU!UyP1zpDlJS%r)ZEAKu93 z8pQb|u9yR+o4pE2KqAXb+aelemREtup0(T} zaYYV`s!tev3LB14vbSYQnDIqCBUW%gWq6IWp2+^A@s()={{&HaOE8?kLoT z149S4RS%cj?dkSPB;TE|4{qAe-&#T}Lb1E#1EFZVx+YoN?A3Slq{sTw;ot$Q({6Kx z47~`&NAkh+AI^vi{ho9uErh+PtaNdVr-{39E%9!O1;!~* zgsu%h4d@vs;w+I&z$F1jKfbg}kX*5@M&E)hoN5oR|N7mR9ucfV?>=^DvKtXj(yc*! z=!@+00bXd12lpKG7wWt4J;Rp@cj5bPHa;3J-GegMgTz*|`rSHqR638e9WAE=%PB#b z0qTHCDmqsbnE~Z0)AndF!hZ2zhn|O)$8ezO51V5ly9)h4@mYwaH9s3RA->PE@6mb} z`79b6GTB%wc3*YT!H9^H z;UZFq_ugL?k2505) zmfNr0RTg&mh6}Hj#{V7RBb)=f8|6;cwTMCNfd+Cn zC<}SzNst5s;m8OE>1%xuf8jRpr~XrQc}l)pen_^+@sQOvqYKpa@*%iPG3Tkru@o^q ze5>82DxT1-f>rzoLSobtsM+D1UAGiNWl*UM-OFY5UWX`&W`bhYH@N@4un2#i0SIkx=V(!<9O;_@(!2rN!Z zW`n?v1su=9fF2_ZWmN(Fz}QjK3x?!+A-Vog5TJib*`kXa&Ko`z)`D4XV#+YJ7&C$7 zfdA1)H(`UlwLjKE*^r~4FD(T-d`K%NmiW)-t8q=V@a0R7ydYY9Jv%pk8RKc5Ijjv> zj*h?*Q{6H@DepxwlXL{moPc?Yf+ATbS|FjbH50Xi3wGfaNG`(&u~YzAPW+3@L*TWT z*+(W)Z_{FH z3(Nss`Zb*a!V>(F|2D?t0S|hAJsBCV+ZJsgi}Z?PkAexEOIRB5I3J|`NfSJlAErgq zT)TiIziBdhncqSNo0)Re!QtI^zc+?dNRKxJEc;0tqPmzA}~RHeN#PQ zMdN>U@#}nNUw;|Pk;Zslz<8WEorp=Wo^|yONJ8KgXL?;Ts9bVSM3SyL2&m7iVwcKO zJDwRb;{K&+#`#dfU`xb=sA6w~!|;y0O~?n0ooyXiLkoZ_yaZ12m)_v2w0tl)Va)aB zVeau;qm_C#z9zls*th3zWUrJ@m&^R<;^OloQ{8^F)!zTDgP@k;hr5Tnm%oAGv$bv6 z#Tt+rqo4DSlWkB>!7Sz?cH5X+HsmVQhy`p72n97%6`SjBh|DOaaS|Sdtugg(VeNFF z3uts!w!G#|&0o0hw%m^LQrEvNe@}_HLdB$a^T6{r+z6tU#ft~O&a1&}bg)9>F>~v$ z!d}Tj&J%XkG0qu=AsG39nDcuYQM+c>xTt86TYf!DbD8aWscaiUM|{7n8aL!ZKYy}D_;@~v}HysZ*0t_vD+tk`d?Ik2ga+jP(ob??&xdo~}bj$|Bu z*M5uJskKkvHPyItM+-zDTuyQvE|A^yAWOkY0Jlko~`_w5@MecA35wH^ObtKE33{W#yZcw%!ryzb^5%l}(A z{EMyE4Ts{JPb{vT>j?yVcB~!U(Gv*tfHMGd^a}&cpEj|NC^eYGx!HqF+;akYm73pC$P#IR71z_t; zJqdrtPGVR!W_=Yd_GoTim&@~X1dhsR;L5_XW>l6nVlq1xnN)%>=U2tWSZoOvRzEVT ztJ-{mL-4td-P`-+T6cbZS1i@PrFh%5+3_1UCI*wszY;*jlZxmOk1bb73!7|8cyK5d zADkN)*)@{*t&i@ze^-x7lI7(OXh~0Gu#)hn%R$iVlASPi`Ty|W;$MMpTzvqS)?Cy$$P7?(*5Dso1iL znz-sw;Kl{zR<%uS^SkE^Z4`IToS!IjQB>Zv?oDmLJYU6DVhaKYYm1dI$E`$z@fP`wwoL!Pt_nc%VaS6`JJoo1o&f;Q3dXszy zGEtc43;TrP9B_OgS~WeC3&dR#-<3J`;<3LI6{p|zp@Z2y`wx_sAA0Tn`}toaH;!+J z^D53klQS9TV1nsXC+7b{%%B90t#uw^K)#!M2w1O~c7J;)8x}JOr`08DQl?!>Xp+{R z$XGkd9!M?Mu9Xs6Li3f>EE)s(B$s5Rh9LAG+jHU<9i-pQPLd(`!7bt?BHmnp`-`@! zjQkNsF=0P2rKS#m7figny*0jM3kLnlAv;QayqS@}A-R}ZOt&eA)NmrL`_jNx9a3Or zsf)bs>+b0Z#%jI&$=>_d8ArCi_{z4MbIA?s*F;j_DUStvdb)gH!xq0T`QNO3LT;z?+`mrq?kSX?=!k@uE{V6_OV*Y8%I|V5iZ+fSw-^Snm zGsYG|4#FW$TU^t3Hw(*XV5q^Ea7Ju1Tou^B=>Ywa54J`i98?1mC;D9I{_c`Q8gI+V z3Yn(Rr3IkQC_cncT{LWrxfx5LVAq#2o5PQIIw}=kc(AYR{IEUW(dj*YoKF?^w+9D? z`U0VKXQ^ta>tk(Lb_rBAuGpxW>Qs_FHdV0}t<~ z%TEm*U%IUe(?hKl$A1BHBp(H~__RylA4NP@5zY3~WC>aA!kkT2CDj7|foYNprn!Td z{4KA;O#)^c8jnm!=!GvVy>AKsfANd_#iyUfIzkRv4JEtdXV@OL&VtOXuLqxnGM|2e zKJ{?{6nngYzPZ+E7Gj_yfy01LtbcQjVvO-@SxGfZb!N zpX48Y(FJ5DBo0>!z9(Db@7OrT**Nl;`wN)649p3zUo;R4^{luXac$g8!0kxpC4+hj zd?-S-3pj$X+wlvC&li6C_;2x_Vjp*uaVxNTPV^?1IMj3EerNSuuw^7f0t(!1^-3Y` zFw#{-E6$|PgBo^*&=sSsQ`vnH_i5~gfeWrKQa;%#&al2hG0-GFj;1$l^5%jRb8L>Q zQEqcYl{UL27pe=$Z$fzit1v)sJX#i1eBg;%uk*0sQ0fFE3<1IbB`;vuW~oI#%HGWS z3i+>#xol}M+tHC-tZXRxyu}S&i}`icXr#KXz`x5nxn|8)iEnHipAatn;NzCUn%Qc3 z``R}71^=to6@s_wLu3T=muso}0FyGRDjqETXxW)oLe! z;%swPR6aqdz?X1_?JPY0bC=G+FQI$1Uwp(HasnFv!gBF08aR%#N%Mk=L zSims?8pWgh-TXuR8Q#KU!lDWWOsj24riu~bMDZW4shmlSXNnqp;5*6C9C0|&9k6f5`z(+eI*R)$-s zt46RItOv#5UCd(iQ37Q#a5NwUK0*Dca$MpQjO#Rr=zu#Lki2Rg`f5HBad_0!yo2?q zV2*cFchUH9Mp+ZR6}zMv;uuDqM8QlSn)ABXmvDzGxj?i$oXoCGExx|E_`#^5dC)Fg zOGWsK#o{fjEmhZK9h$!7tburM)@x@p(QjkTpc@uVl<0Qwe8B|QK47OM^()Y&a|JO2$DCl6iuAN=#E z6G{WQQr3M?*aoPF(e=X{MaPdSK>G8Ex_1g?&!TtE9)^UvouTr*JJQ4Pn}XTsg3g!ETmb=gb$%aX4xoPfH|mkB#t+A~#Ga3R7ogV|FT`f* z+9Dv>B0HIyH!z`foI#@)>gWN4G1{NzXGE{yn>h~)x8#?C^KLl>Vln#VzzNI*nal3Ov#l}W?cpqQW zd@e)s(~N;~C%)1=Sv-M%1vXb2XxD7o zkKVc{D2vTrPiCq(EgwN&>WqIbop$)7@VrAaJ+qboq4*k>LMy6(@@o|2_MsYtffCIS zgBed?db#$$W1YT}k->0B>NlS44G2n|ErwdMg}Xt7zdypBsG+I+keOXro{1ehydonOX%fg3`hQ z9XTYVAhfuxpHnj4=SzYncuAJ3N zXBQZL3pvGB{RHZlDb|1)ui$zZB$`TjOXJz7uhurPRr{;2Y15mVmAs7`HW;jU*X}$Z zYu&|#au=)H&9C1@c3&UHjQUmBWmhpf(BwG%48GsG>U+omPjMuPdoN_hL~VhEHPFU5 zRl%gGvF=_?UQCmBp8kz(OwSUo2lfw_fX9xNX|EHz#a@`Mr;_Bb3OVjUH~O1Ch&6gJ z9_$bSdC^>R2{j1LsP+>YQ@B@R;FRzK^EDy3DA&rhim0Ib{M3iqw)TSL#7zI98_@Rxr@4BgNkEx--_U6bbpemMCBtNd_FTb1#=WSVDd z6t*4Nvl>`5BkFY3MhFry2?A7U+Dhn_B+QDYUxo|YibSBKDs$i~B#V-iNYgjMiMj;; z2>RnqsGED1?mmvV6SJY0i?qi{#9aQD@DvbjBhc;n^0?PPx7o$a(TpXtHac!q`o}3k zv8H?8FdRdTHaRfwXtK(f<^c*?&ysFul?+t6+u||nhLQ&X!OCsaB5dmva$qzopt_jV zL?yLEZz-PjwU2g0+OjFHmYK<81ywCtP7RMI2dBHb(aVA#0{x;l2B){TSgd^~Ffi2b z4-U4+YdJsciQUNND{hB97)=KXhbH=Wu1zI}uUZ!=B1-1SwzYZ2Hmt{7&AQ)@pbo-7 zgsJO6)F?a)6Jxd-uLE!Db2;48s;s2y$WLLmc2P!z)ji>!Qyun?gyzkj(5T)ov4VOQ zc*J*S&O&PGn6@%0q_1&3Ltno+qjKjBndy!V8&vqr2MtH;DxRC3~d*ijzL`8YuVB~o=EIsmwug#ZT*PYlmGkBou8?lr# z7<1`K)#^og&AazJ?|)^_mR0uLP0QbZgRO@JZej}{*GaHm?kA4NGfxqt8#6|GD5{c+ zj@JPJz8g#!eN}z@G(@iVbohy|a2lP^1z)(_)>aPtETYk{p#sn3X>AewEU<(Y^9m?e zj0kqKf{@L~OBhkpRzkIXrzpZof(=493f(dZG1_8VdpVXx?=#S0pc8z^>2mV609~H} zO;Eiy_GcQx*jg}S789Z~4F9fZ=V;EUIb04kzrGq>o(i@Pq+~07Z_f-DSq;3{ihn@v zGMN8n6D8S3yugK7gR66ki0xXqzCd|a?X6~g$)qn^wOEVuE-k#$;m!;bVGkM9)10Si z-d?GEv8I8#fh*LU9>VrGj5JAe`usl_L(|=Knpz!VmS1r@#m>&QitLOiu4F87o1)vS z<&Jz+0UII;j3TcM>|USEuHQY->=iSv^sVdbl+irRk+xWCBi$tluW@Zcv0^y=6aRpvii zo4e+Yxs8AJr@z}(J^8-(_Viz~W2!V$*OQw-=$bOejaWNqo5`j@9im{so>OE8N;pId ze#w!vjJ5zWqF;2H7?A^O@xex^GfoXMX{q+i93*2bz#wVq`H!U6#jh_+=k7t?EU2OZ zfzu}YjB?6X0$jzTxP$!c-p{Sy`STCwubQ7pr+d3==-ZR@$l5+hbYobZm*@G{#6jqQ zB6si^l;fSL4^uJ6ld9Ii*?7gK*wE@Np9ociQDG8Z{F6ksjGKxtg*eg z?avO6Yz}3$@Zhx_H^%ykF>w!;E0~gZi_v1=3TSFsvu%2KO~qIfXW%K}5A;+u5lZ8D zg%XvNPWu25z~!5OoB1`1NQNo!#iaNkL@74}H!Krk)s5o5(Z+^Z}E|Jz&NU+xTmP1cOW3jsFSOe~7Y zR)O=Oxtezo;lDE6KICYp4ICh*3q&sG$5k||qIHR^WGBH-*#J!%P1QaD{IMucy7#(| zxJCCdTuk6hFf;qm?F;N;LRf)RJ>b#+bKqj8+K#uon*vwT{ZNH0-@m@IxA*v_P0737 zz5FwHiInvBr7N-Lu0IGc#n<)^4ej5s&-$0V;?G87g@9_#gW?PS4EZc@chpB>)0{?L zuc)Q%M@tpJsRI4I*LjK@nYH#XDN=!9a$k%0eO-Pb6 zsMR654W}9U!DeAn?hD;#7j7vLY8K!aYKqs41Myc}qvjoEUcswxGF(;LAMlj|xv}2l zb@M~l)iBZNRF0fVPfAmJ_$Oz(R$XE<_Cd)3w}w5-a=YvOvZNTc zWIUnd^67C-Toms{ax(8Q8w-uObCE_efkJE9Neyl|r$Vjb&2;+$2_6lcvEMkZ^GOe+~LD8CFV!V{V%ITP~&^HpF~5GNG^s+fYwE<~9M$eI;*E2Rt> zwIG}pNe;?l(@DkkL=)f#o$g>YvXnkh{f*l)ncA$kujVu~t>7)rv^gZvX8){kljb~i z%Z5Y7e3@^IPK!JYCaqB!PvDqju@B!B{t@;>_0O$;4$O`y6Q=pvH^niab%(ee)_cd z1OoG-s7Rls^fO#P3cq6w5X@siQI;8?90*d-|8}dHhq$>p-d6$M(Yf{Yv}_d}cDoZG z&uN~sh`Ps7$6F@c3U8l4kR0402o9Uv4GS3hbD)l)liZDnFv~Nu&W0;A#|$vOb0q zJdLn()|#5;CUNF7bttjZXXy(K{&V<{ldDU&(eA(WVBjQB0(n-k}yK(dT9ub7=_{n`} z6rhX3^2_F!N70+%@3AIn*eD%Fs2X}DB!=c~*)$IoOm$XuXdpckowr!f*qG-hQfgB2 z&!g!R_8RFY2s_T}a{&3UZiy@d^@ifAD_Lc_|AD#GQ~bwX%4NH@^~HkSll}ID6YU<9 z-p;-?=xedW@8plpOUB4-tu{N7;)Q)Yzj0uFT@=U>#2VW$Uc&ZOxMTHt=o5i1pTDbv zOIf9`t|Tn7BhN{)!y!vt-db^@wRSZR#G_T|&{K&-O78&r-H}v4as{9tG#I%9R~R6f zH3ObJ)9PxX0Lb=&pdoDzMFfKe$AvPEFmZ@j0MV%b773pm@P+5y|G$v%#oN~}|NAH3 z5ekp_JK+-(|3Ha5SRZyvj&dRrwCR3pCL0MB1HO{qYW0_VfnqQMGR|_e!xv20xOT~3 zQZs5q@=Nv!U2?vkz#DW}&DmrBT4`67du;+DP+>;ty;ZX%D907}1N_;yz#qZ``AAx? z%m-WW2j5`9pN_p5{4j8EB(t^f+Wjr?!`gdBQUkRW=mX{%WSlT}A!_*{FnrVj_~{|r zxn|&1jbK4F`nKDEn^*5R@HhyQHxx1l7B}3z;q(S^L!&pe8HD7UdyGo8B2*3y5F7b* zg?hcVxo|F3)78iB-` zT3$BKdkyPKn38c=S^dT7;kC)>brY&voT%kpKu2yG2c0Yk!5e+q#|mo;YyExlX;>ch z*i>v0K6b+odPzW%8J#=3wOLaZ$}=#<|1~Vxg>T}loTXa(cU&vxmGu&jJM`%l|N3p# z%KhfGlH0c=-WGcjT7^*w6$evqUMb*1+>W<`Q4X#~tfafsUW>U-EgW|Y*y#cndor8= zdzTy71!}tBSFO`>JnD2=tbSy~Z2)eCuj6oa;6&jhv9J@=;Q}2b>iJ0SX$ofriE`7G zfI;2V9{g4{SMCZfErCzYP#SXSSE$DVN&%qcXqd=jVxY_-!1*SC3JnwopC46?T+V&`cx>4BQBM)=!;|ad1IJou zlrI(!7K42QJ%Pkk<=5^v*D!{G{tI-q!TlBjN30~r#h!#8eTv#5P{|s5K`jv33sxP* zS|%uTz-4+E0nQ(_rqWg_>J~gMmu(WYTP|nPSpnJellGJ+ivELsi>$cZ4vT6MOpaaz zP@85+lSE9thBU$gV;W=GS~|!rml^;W>(lX^7|$ z7dU%CoiNx7f)244EG*oE0%u#&>U1IO!&_aF1jfark+?S&_1^0bM5n_^uRoTEs6mOd zdVn#)TNsXQ6~>5WOtU@DI3>w;hB_x9#Q)7nvo6NCyKs>;HTeos<<|})9+KZ1nJk7& zxrF_=b0ohpxwMqr$S1v(YSmvm+7YU6nlMIgE8l(xU_f8IiRK!`<7cStNOM;|!%2W- zLI$mvSiOiB_MoO)GFc=_K)q;;j_9$Xr_haiqLa`Pxbcg!tycZUk;gzNpze5E%Q8SE))@3SQUhh74E=SMbO z^_%Iz;dRAKW6S1rV*C8=VrENYV`BNA_+MOwu~Tj9kN9PbeZJnCHdF}YY4r)zb88fZEA`DID}fDqtvn&yU#(=V7NWU5)~Nwn+J}g z#oVzkZP*Yf<&x@0ogKA-NO*X#V*il6&{6gtFPD$=7uVh8@9M64fiLhC0sC7K8A zk#%PMAB`P#C-5`DyD7U7-UL)2;upq3Q^*Z-Vdy1M3V<_P5<*S$k`0tBXtHi05?}^~ zNy9kL-&ED-`F3VNe;}}-9`5eQXb&jSRMx#j^_Q3H_l*pGXlG*T>OIAlf--9^%(WzJ zSREyGR!xk%6A)xciYEfG>2Ne2&^R#|o`^w!SDJ1&eWn-9;lP$;JO0*A+gPygI1{mu z{82}~)aeWMRNI{&Qj?jSYiZjz&|$k9Sy85ZeCxJsX#wPbLBbxl^tcOo^q|X;bO?@V z7q3lI8B84j6+t!=2-KI=ifEK72y?O|h>AAXROmpnvtY?3O4^yD8NN~sf~qUoi6&diVKwYkyI@BF99%$` zR8dE9UdEbC8kj~1>u7^{jS42kuEBf5FAM68$kqnK6Va@rnu#sw!t1wS*e~9KFBrE8 zw7%sQL@(Itnkt$9{?4U?OG^jg#h}Eexwdfvp?`9LxaSJvVz8*%gKu+tG<>SAD3hUj857ONlH4n)PUiSgK?-?(a&w*d0vNj* zQ+i=-Cxxp)RiQ`080U?+Wo6&`Md9%GdEvf?*ImE4jpz69p3mZk4sLF^hy;)R>;?45&mi0KgAxY(D}gy;CXmfwd7K+-&y_wYYq^}=J^ z?>&Pa3rvO~53kgBLxwALJUZ!7rbh=oO6;+>$QQ?b!Ex)UTFs~qV`GQK;ZrVG62RoT z-96zN=MEUrjlRAT5KVo3VqGm+qn(YM7;J>1s3&@nGS*E1s}941`uVbrBrn;0@mp{u z&NU^SRSF{nzQW(Z_$gp(5nFkS|2eV3>Jh|Sk>6(f?iB8ird8@$nD5V`1>i`#XRzJ9 z;h@no*%vi7T(>b&NXGSKsvPVb&AWeJv<3{H&0+&1KTz0w-M`$KA^1WkcS%S zXss4ai=s|$o$jNjui?-thz%mNMr&H?E}6?p;iZ>Ai;1Ef7I^?hq~)3c4QyStbWQ4P zCyM3Xy2gd(YEnYt+|*L0w!Icftl2%189{@_T%^#Obo7bw>PRxuoe#QGU8%ru{)-k% z$nYvff9w<{A(!eimCmcj+O67kvKVUXjvfRGf!d+D)3t20zna$^y7iCrn8V_YCS27v z%BM%+dzp2;f7ry|Ue(0kewCd;!qcG67je9sZAD*pzG+nA0NAQ+sC0Zm-kUUDC4Dp&dTF1B7CpLmBA?| zg2{~+#w10x^U8#(${-tpW`se*Y?&9&ApmvGeU7RhNEbsX;-4mz@72fln>gQJ0Delh zEX~aUef-a?4t9ji#fiE65TE5k#Z_FiOv7IC`?vt26R6RKY2rdzsH&<~j|Cc#SthVm zQGvl+5$HoOTjGOZsp5mNt<6*t|HJ$>m8H)4+PEN-_ajkwBRyypkkJoBY%UVTqt z=lqmmOwC_SCKBe`920ybCZ(@Xxe(df)JBU6jh_sfQcK_C#(M=FnQ+yONim=Pxa(P$ z;L(xEgO1ic)@Up=7L0}jj-hz=I*&L7^w@AZb1dfZWEx^oTP%&sT09=rPI_|fozZu_=lJp4d!}-yf&=_iaD4le(Y>&HcV*_W z$7Zg1YX8I|m|JUoBVacU+UqbLto5Y9ZMD|pL~@b9OOY->)=CyU{2&e1Y?8%qk^D9d z(}|36G544&>W@W0VPcbHBvMY${u9O(b0N10Dr@yD-rz{k*1TZ`u*+eg^FK7U6}H{9 zbYvz!k$l4@-Sk&;H2$l;cH^pT;yDd+LiN&NAYt3>PD!>zT%6k@iUHtf#7O8#JrH$7 zLLRpu+C46dguq?Xzr*sffF0sAX7Sca)ea0ahztfu)c|5G*k2P{-u8^AHy-Ko-lt|u z)xab7?YMU7chYOa9mi_N*AAboMYmoJTtN1@=ayd{xU-je+9XFloSVOfEQjH17h#Oa zV0F>Gq9urCG$1tf1f$M~u38*kw*~#~WLUkSU=uNHiZ)$@6itI%Q@n&E12IMjc#52` z=0FQH(5AP|9|}ck!ALQ10&tCz@3-&Swdce~!rg)DVr|N3+ft3K8C@HD^&=nozR}3O z#$;W;d=399axpH%aW!pBalzghlXX@~69+hk6UR);&E=LS#0k5idcew!AAsaCi|lm@ zeup#6*)JkaMvE!Mg<)4iU$8KJ}mH+j!b@@ksC|GW$HS%DM zs1E>rekbG+b?!)f;pw~$$(Zms}R>7Hz)c_6_6}9K< zqtG^7)Tt<$}%64oD#3bqQ}V0 z!W}@zv{k;0u~U@;2ERaBW}$>46ykIM8Um|G$fC6Z0sOI&{9IY~2RxSISZ8>tm=s-r z9$+57%cJj(URYQCosXsCxEc7rV{mn>FZuYyeG%n0)!ReNf}N8c#PV| zx}r-7W6Tk?FD*I4j>Q{x9rLM}W1xcyoC&+V6yfVo$2X)qEsa{C0uET@SQ;X+t-%nKocV*;EKvWvP;(p4&w zZRzs`_t{GnRWWNx7#a_ztT_ijyJ!wH1z=0e@(C%!$2ZPiy;R+(CgtPD<&@IcVrlI9 zosU)QTeb_r-=Tbh$H-~yls`R>bqx|n3+jFShQI2s`z`*k;uvF6OXWsd$l7qbS-8YT z*(tW^Y(UL?FTuwswZfuUCbY#*yZjbfhNp8~am^ya@IMTp_4n)?`|=9TkKz8fEf^Pw zCxC&Y`t>$gc*mas1N5kSGy{s_a<972o(EIRkef^O}G1dw$`G;#CnT$ha5_%bDL}Ha$sA!HXAeI zy!YB&elX;_9k%l1O{3~`zbomqdji3NaN_-av)6U{^6tf}x9)1Nb@&g~^E3xE;NA89 zb_J)DQ9bKb+_$Ctmi+Vi@8&J}*)IW;ush6K!rAZ`(7&A>ky*EBL1&dL7^P@M;$X0I zoRZ2Nw^9*IJ1?})y8vVKYU$)WQmeEUUn49#oo6ftx;b7zu?Y-3#E~fAfVH6JMy&-{ zSpk+#&ae{tJ^~k-d1XI8z2~5`xnH#I5d~Mkb@jmX4xay>jwUg|l2Z?K$>~rqtKD?i zxp`EJx|~|T=1EF>u35Un9#RwSVa=s1YA!xg>m8_?@^F&LLy7AK(t90vA;@dO5{!0C zcI@pCJ7(MD9?s~lb_?CJJ|iBiIc8inqk9fOd6$`ina_w34J9R#IN#iRvNLJE=IMg& zz3|dm#A#{&7r%DbIhs|5k@x6>q=C(c9Qv z`)_36B$EL;3&-l4EA6B0Li_CA@R9JzFqm!laE4eiGF_2bu`g&D4jjm?wf z&qX5MyiCh<1Pj&N^)?E^pQSCQ90~(}Q&|yPgoW3^CH7p2;Huboa%o!ge#c$M`j{YK zKd%n2v%cfT>pB0vYiR3v&%wF3?mZfdnR~A|#CP$(W9~k~i$hO6%WV4&rY{)x7~{+P zYy8b>zC5lroC7SF>s;Y^Vs+cB=Jv;U@2Z;HuE7j-f9z;teJOYTbLhexx1(N7jr$6^ zX1C`HqB15?d&7JbQHjJN%AguSrv^?t1m}QyRKTKPa>bj*H+uL{HV>8ztO$n0pu7eY ziq}j%v#Z8TYBX8zuB6gmM6!Hose6CnH=X6db?M!QkKN&jIjuHbS-%0fbli@@vT*ok zLra7Hk?}2A?fBBk2PmVyX}&U=b7OMI$sqrayC}!a)obBd&c0|D>;;=>vE&OWZko&T zSq>LeKBwB|xw%9_OiP3TSOkyryvxZ9p{78PK|)OkugrmvB&dyQW@O$n_-1Oo_NDyx z=ttefYIkUQ*Wn}fu+xGN@bHL_c*^a#j`+^P?!2$FTJdW)9Xj%E8vnq?90%Ie zn1cd*9oge?*yEkm0FM$~t$EE;DWMUd5sLv(bGgA*8@Hi@vg=|0giRnyJTj+P>E$;s zBIoiFuKaVg$~lN}KMZlk)U^siXHs@$LvBfT@|n!gNCU9Be4ileiJmQ2n7ghZaThb;n%b z?G^%V14}t}v{?`k#wG8SLBQmnppp?ZYZ7z?;2sMSt#nC3Logzy=cx2-;XL?&h>Hm{ z0!=Iksmb1zh&2E8U2_hz*d>$r#M06yK#uguW`Rq=;4Nl=n%N)2@V%(k8OYX~j_Ju1`w5n;e>e>YGCgO|R+(m~dVM{G&NEQ&dsCN4DJ=(pgP#oe7Pk z&O>G>7p2fEWjL7xD~i@v#`ULWc{JJbru_N1>+9`4W?!I;2o?u?3OwOc;HhewR{#l{ zw~A(u4$l~?Hl)b2TlQn|1n)#0^l?rF?5VQE($!~2U&I=+jb{VBbPn*Lb7r)hhf%x& zb)?`k1@^(H)s#pI?IR0&1+cjig{Ct<+>}Ev#+&z$9nUbnD!oEQ9-y-}73IEa6;K*C z3JftWT3Z^d1EB+-S9PiS9J+;BEjEc$*u4OdW;5x4>kxZ>{^G*sn?90h!*8jVac_aoBMKShP-;i0A0ZUi#>{gbi+J>gC2EQK zLy8}?uBOS!at*knP`3smGK}e4@H7^3Z}yW+LmoTMZ*7r*wan11w;sHq$pyw-C6gZP zF&;%FSV!`e2;vjrrk+7?!|brdmMTZ>v)pyvH{o{ZwrR~Cu_2S@=U$j!=y#LtMZ>@5^|Fxb~b zD54xktmqm7?8gjHi*Joq5kNW;dJwDVq}adnByu=8RYlu0`-GN@MYEA`&T7r(K$oA1 zW`tkDT+GIwgkR^MNcghWSXhiioz7@Pj4L6<`>?tKO=1xxN@3&dzwSQ2aLZSSt%R8S zfJz#4pD%qS1bD&1izQOBWH6gim>SF3ugJ8R5p@cM{DJK8`!##e?@_L^dn`?)vUkJI z5tAE1IP71)b$co|xw-B?_3tNE5X%3!{3~8sPHz3gAAW2d?Ntae{~Goxjn0HXYD=}Yg<@T*J_W1R7TbytT-$=SY8S0k z1-mH4*0#3RYM)x$rNNN$u+gd*TX?Ekzor7%eAi1cWE+a|n%oG`kYdOWbqmNsr;$BOi zPb4E@4VWS$ack4uoQyv1sU;Z+I#wljk-u%S_)PJ)jU{oU5}D#`K(ESJp3o%OP328z zI%VF{N4GrFX{+x*=E5_lS0OOss!JSF*1KEQBZM<=Z_2ZRPbSxj&ynn>{J+D8O19zK z-0O?LpS$wq-Xvkwc~YvEJbNm3BXgXgI)nabclF#g9mVmd?ZKi* zZMFXHe8gJAN-1KmY4TV%I^Fs6F4*iZ&i2hIqxP0{5$GeT3-!_DJ7}M*hXg_az87=N zn49JA6RxIS?kY#^(dbB%Ja;RGsQ<4uS4|hKCaE~Rf2eu7L+UwTHt?Bc+lF)TYF6m!ZaY?%C?}` zsweP#k9@8{F3(W>c*BqPXHe#wh>95Zru*?$XAnOP*taBZf+a`>$m9V;;81x|y?&ft zFXk`SY;fS616x;e2b63(l{eK(<$Zm!?T`YesHdd>4td6l+74^x^s!pllo{z0!Kz*! zjHcp{eqpHXwB@q=1`dqwLRbg&2{%%>lPOZqkpD-tw7v=gEYK8vp zoE&UU+7JdWaYjsO7?P*MK6Eq;z6RxyFvOXiIti9t9CWa!xII{$om~{P^Cy`jSe$a~ zE30~5aq;}>NW3png}ZrGI7*s&&MOP$TM#P`hz;qPq)<7 zwXjHYO-*xZe~Bxm_m?hMaf@c^(|Jv=;Du-GFL7mRf5{Z+FWrq4?nDaUpx6g*$nkVa z;h6k~)X}plRv_(r9F9n6tm%Tb&OJhx)!^L<}=Wrz~jTduKu{?)Mr6B&K@}%*i@+7*v zNpTL2pvfqORt;W5PV$rEMdeMje4#2gc)u*SyJRLZ=NihbeW=`R2^?$ybDV*rtf)ld zC`F1yYf9cgIDWw=5;)iZrbUTkMoF2(QH~S|riprxuJ~Em{=blIlTr_sRh5ZgB(~yS zW(%j*qY{u0OMdoGRgc8DcSI^PF^!`RFjh{aAiI#OperMJVsWh28q0(AqG4%tXpMO< zLSw-all%@chiRF%gEn?G(}?$UssbqdFcm0D#H@a@M*h{+~I$E^bg7% z{-1WzxrXzBlg>5Ru&*0|1Y@$-BGhItkO4sZYt(#8kz5R^z%XyqKCS#Wp2*WVP zCuzNU^kO#n$3gNZG#Gy$Z6*D~%CeFpAdW9`7QFEdv=_f|ERXnw= zkfL;!H?vRo)%6NrqCarLlWfM`f}Yuio!SVrCO?X`c(U@dc!vCL%VOKJc4h5_Qu!J! z(`$IgF-0=Vw5T`ATkE21OLRwccT_}aMfEZG6Nz5qw)Ww))fR`)9A3w62Ss}{IqbFY zMZ|Yo*@$(!br+1jcJ0EpI@=YKXOwp1P-AJ)j@ry~Ff`)plfV|{&NW8Dt8vGIDH4nG@+--$)%V{FmsTi(5x z^)2b`U9zOFZ%JKANnL#j77}PWd|qSku~u+e?_o%-oZStrBJbid&?$4xm}E-GlQwq}GH6LuvW3p@Ib(DPNk|T+_^wqJ^2o*{fRnH?aDRk-6DF zi~o?dR+O9*Ep!xA&n_9gr0DEmOU_~Tkjq&f4Y<~Lvo1c*WYW(M6#C8=wyKiMj5QXY z+qQO<>-)@{2)x#BkJJ4a=hcHU z++%$ZTVYNdN;LPG*1}BBX<{oi$4Wc5L8S_lJ#00#oj$47J#u>n^!_xw%;9e<{?rCB z^d<9nK>#Kv*Pz7g$YA__cK+Z(8K;BBH=Pg6!q^^*b=(VJMib5QCZ>Jbomv-g+I8} z7PXZ%*43SN-g)b~FOJh$!E^gBUbSc)dyw&c)s+>6ay+f&2qTKKxjqf?)LbUNW^?W{ z??d@ys6j-sOFJ<8&kvoBJ;O0r@K8*XbiN6P=`fk$d0Jc*JmW3RFOZL)k-sP5*`4y4 z>nBIR0X`!2gBviRH!)Weq>H zYga{GtgW6tpKx)QP9=FbG%511lQI#()>2W6 zANmD)??5gW}9%0p=z9Ig?L7+i7(&I)NcgA4rAX~h{-P`&wNo;d1llDB&nHlxZ0+ipHyp!J`H&S~ z88I9@#uoDqiq}g$PIkyRdm*3Y8H^IV$gt&D1G#R^g!3es-2qd`jrzMyx+Q>f_7v$t z>iiqX@@ZZz3|q*!7h~~dIxa^l9;IIe|Ifho9jaCU^%UA1HyDp^X2Q>{pM4|#kBk|W zwl{=sFDIrHbrIvTtWV+02-&;~Bl zF==~-XZjuSCQ!Urb%FgV{wSx=w}QstT)_|i(OncQuXkph`x218)WSg*M&+E-Rr zt?Z~Mp0Vte!e+?R(P(A1qrUX#=gcT!7oT-WM}B_CC1`Qwzmbb#MVH*QP{fG-xTOM2?Z7F?S^UsW(C{#0dYv;<~q0efy)*lrI6L&3b+t7cul!|9Iyx;jVP(Ag36R`?GK9xTH! zC0~RWKo&WS`LR)3{}{|OkH#oeNPamhFK=qDj$s5=uh0rtXxM;h&UP=W^Txb=@N>{q zy0T1&vfR2=LFRRP{JE=?zbwp+aKa%^aU|X7CV|Qs z0f}%PPu(G8F#A@~jLw##*6xzLs?gQ>&5J4u7c}ObE-Vk1M4SyxA%{OZ!|EvwzzI~wGR>5UQ?PcdB_JB0 z*4RYH(h2P_uNLfwT&AeM5I7L&k!cGRawqPdv{f~?WPGBqA+u<1#`eMua}m_+zEu-n z+taf4%RN00tl0V1P+bou(S%Q^!|*sVTkAVC$IR+z!7&3xk+#j1E9xKx#tPOJ@PfIK z71rhz+MGI5o^Z`tRci5Nu5#^_qOx(=1s#IE!PdW&2ia=!@|N@wm14D=$3uyurf2pL z6_^pLZ0;`13b*}F_=jpL3kE$GIs^Z`dnoXT7-WNIVCP+@T_1DIh=MfX1xh=cycA7j zVBLUFzo#Z5*Z`4MhAptBJz96H?o^$q%W80zSXY#1tSGFPwz73@=3eP2agF1p$|d8M)z8oeRH|rK`Y%E=9mg!9j!{W#AVv;kBm-%Lm|@(}x*<7OQ<{<8 z6O!*?Nl#!t;SAUvrbXb=Jobar2tVCgrr&IHQ@2Q8@i04}!Gkj= z%38v(uEH8tX~}&>Z3X?Uvlb(`MIL;>B?91)5VHvRt5)b)Kdl~%9 z0S}uDvL*EzE*3xhOtQF=w-^%Q45n5&2>onYlC1ptI0~Q+k)cD*9J!C?`_wxAQ z;I?gpgX6yl7X_W{yRg|S3fI-}@A4|P^3a119y<7~Z^h5eXmj9$5!un!8zfNPo6o(aQxdxlpQ2rF7z-Ghk`;guMaMGFW_0<=hFFO_!W zz!S9hy3_f^zM8yDzbmJCN&Pnmy2cAlQ_ zmlQ>vU-Z}1*Jnm%&#HABCkU^>nYh}9+JHP07w+ipPMnE5Cd-$B^1X(BDh6$2Wi5-8 zX6BnjNonyi&0Ui3D>i3=p{{~k9%GB2b|0l3xTK9n6vGHdqr6WUswU(}|GdpJ$Ig6ZrZI(M2S%oEPLXDv;v!(kP+HEB^ zT?wmg>2=hk{Dmt^Ecp%plXO%^@gay`36=!5O^(E2$U58YUC?sD@{Wd@lHm<4eVLKm z*}3@@VVggdY6p$_CbhCv#rbDw{)hXBr}r90DpxC?+Wqho&@GZjK2gxxRyxl~?7vdVT-q^^v;n z&o~N#m31XEqBS`A~oVLzoFM!EW(*^A%E?2+RzOZA? zT#qxWpfVRNU52g+=E?S?_9ovOnUI?29fZXnar-E^so0UZJCkQt6s_3d+U>&Dp0+Z> zp0~0#>obgOCl1K&{znC)l4QjlJ1BToBwO$Mc3q4 zR_1+twQJ)R=J;TKOUwKZ;(yz+5oj>i$T$PQV+E#SoR3*Xaa_4OhEZ>>-GmS<8h8Lnw1rBs%qaBHNC`@R=cdN{7mr$sLsDYo%7+Jy^WTv zFJP}hH!r8)iQG~^9@~$Gj)nBl@?cbpx%=Fw-0!+|_wwA`=!Iy=o~Px)-L}UK*E!Po zy$wE=WG6JpN?|cd)x?}gbV|!lHzy4y>O>Dh>9HA-aV7odK*tm(v>b zkEhx%njaN++##a#FKR#aM_Pw6nuf4n{&)78lrhI*Gbsd2%yZ16dzQb8HIG)ujzXN| z57r&2<9&6ktd7+!KU(`PJi0_n>q=wr9j=!yFO(kJ1DRRf`Sl27Qn@P2QWp|%`Dr75 z0qF~FAk;DGN*EZEQ6ep>PpaA|qJkU-|1F8IdQUPFVmfwSF{3Z8mB9- zv9zGt>#ff%ZOC_3S1m8f(`_zWrf=p5-892&ziY-a&nR^1l~fh0mGg{yfO(Lo#uK>5-o5}V9?=QjoXJvX4`7HSLh)U1mM<(1(vu32xTg|uPXSIdD>$WN zqdgzkyHDG*{^)q_lRGe`e=hTGF!DZb)FFO+qA-e$ZdHd1@avlr4muoJh6fX6cyJ;V z@FmJ1bvd#O5^h>d`A`MGxTyeE3W1b;r^y}2QMRM_+VnColwn4Bk=v-B)EDqyVlVaU zfHR8|V3A~x0!QffK%cV6p#4s{?vZfcRB-tcjs+U)3$prHRRfR{oRqO89O^QaAIk`4 zlDz?^LK2+vuT6L#QgEjYKg$1#*@BsHr_CG^lw=5wcG~a=FjSGfO!vP4v88ru&T^Ny1ZoCA>I+PNjWiSEe7}OwTadr4+RD z6HaAUa8&lZ7-FF@#6<(7&@16^9-hW^>1kXQ9QjM0A=~{))t*NFj>h^t8-J*?q0ExT50dmaafpT`7@trvFTCpx$CJ8y2d8?XRN@zc&GI zu2%4bARS)JOt#JKsby-ID^V;(5~{Q`Tu8KMN*Xv@nyQD9X5REPlczw1Z}II3KCa(5 z**y6r#mAc`LWM~_{^K;bCnuu`xadTrGyxa?R~p={@h1T1A&ap16BF5C38=>KB<)9} z;=U*TgCy(^CUU32(%wKS>}~Nkldx}2WUC3s$hRU5_TKpGN!ZsXa;L#wE@6))>wo*C zEde`en<%VGE$cld$&bum&F{+LnA+zY+aSe8g5iSMuQ)5i9yk@#`r#gRa@+ z-($AMm;@z@GdTv*VGX+G%+}lhNM6<1%c>F?@*Nw_CKg9*4eG(FSuyEWdI z?EgN{pae8%khnoA?t9`FC1EcD4W_~#NQ1pCesL1^V$fhJ?3dGE?~R|EggqBDmVJFuh9v9_6QP2C2YcT~!y57*(V&$7rf7STXj{sPN!nJj;uLI>wgDR~lCVkI zPKQmUZ9sAdXj{pLini0?r)YbUXj>)$=_Qj8ZKtP6(zZ8DQm(?0LaXWUskEI$kPa{D zRJF|%ZKF*26*38Eds@Xe5l*zN>VG@p?UDRJ^TBS=c51$pX|VUjzmSCe!gN?; zy#abv>kUcUwEohfm2$n2IOm|&B~x%j*AlLF}9G|l_za7h`}S6l!<;ckSzbi!iv z4DdwLQl`~P6@2l(hfm6(cX2^0$nzf~Wk`;U%w9 z&Nw;Z@SVL#?B=S`{o5N~d%gr-LPoi`r#LtvYWeVGdQE~;YluXC-Vm*6)DnpDQ)`(ixI}*5GwMGHPRVU4`9Wq= zG9=}v8(diGl>D=6%2!azvv2d_^>kt116XaEbQwol(C@copAGlrJMd(}2=G zQhth`Pr)V1myxE|R6K*=)c8!~=W8N)*ZABP7|OynQ4!B3!4`5}8XhCY-(c%lLCI|y(bbexbH zKbhhTeRTfdhtuGdx-Si0@;22z;D_nuk(#?{4~WnXDE+BKgs+} zjid^ho_|tjg7O&jlZ3aO0Y0fS0lYy!Q{{PkVi9RhB!)zJB>kxNH0bA};3t=%zy4~_ z&sSwX-XiH|b@Kg_@q<(E5|M;EB_xHwE zq`;q&?-l)!be@2pdVimk+Ku<%Q|H27$dIq5=qDRay&mDrTTc>)BnGriI;=rE3E0Me z2W!v`U=`gck!-48)AKgy2Ji;mOioCNEYVNt@CMx^^H<{7N9S+QO%h&-V`=aSnQDq| zQp+PHt7+v)fj8*pqu?hmML!YWDb-2qnxg0B@kb|`+KL*{>KLz+i_+kd@)wVPaiXOo z0T;hE4K5*n(K@bWVpg*ROvqnpunGB#V7n$}PlNq&8f-%TBG~bXSxu?=ekTn!A%79< z=84(UU?(LkG2KffkH?JIv|qR3cwF zo72i4b7w=9oXiz3PR|oELTa8;5}e8t_V7GeFa0wKd9k@tR;t>NpH!X(9OxEssd-B1 zM4mQK-dmy>vKE~@vdFfQ=kMX^u>>1CseUXJEY2P)*r~I}oQG&5id!O70?GR}P`)^a zlz{Dszc4wWbRWN*$Wq%@MB6u|!R^9KYrst=Z6vTKYm@y?=Wau=yX=WoaWe~NMKlXs z-`f2Yh}^$CBa|cH89lVhX^D(wY52`bXIOB;6XrbRW~r4nYw3v4iIb-*DGU@W%Zidm zgo`yt$6*PpMY2tN z0Owu&q2ip}vi3$^<1g@A^ZZ!_MFr)3C?wN{aJKCxz8|*3SuqE~X}L2syX$_-{b(k6 zx(yK{k!J(q-~`~mmd<$q+U!h>WZcK($8 zHjWa&Y)5{Mul|X&y@Ib;@2jdnDSPRmlzW(1lTjTx1E#ZRq2tBjNMT_lTznK?MMZcx zhq*H&PG=<3#kyFytUf!tzAVJ~*;xezSvk>Yj&WV!4|^>ZZ`fbbT;%l@HJ41uN;Kw` zEO0m|#}dgJQnq?~qR0?_Qe-PR?$z4r20)T#dGf0h`Jh(f=#oy9j5L++(GTZq2t5gS z*n7*dukxjH|59IqeXhbVGG=@#R=1P~Y5c1)1D3{rvdr&JG*Sx50%#24)P_7$XzU|u z9r3%>7-aFgCp>D)kKo$V;C99LC*byzol#<6vJ7zWMTN01_fC-Ct_0kj$WLyaP=57k zaJ!)4lw+U8?@QV@!EBG>LjM(K+-U4?jfEniC>+!--{(KzKZ*laM-dzK6wbnv)nf)l zWLPdVIGxasTIm?9P(fAUvDCWU5?0K?wo=#O_{xftyi>eEv4#_;D-j`fYXdGg1HSqs z1}T%S*9@;=Ne;nU`v=#q9b|5UHNXqoEi5bkJ6unnzA2S6prcTS7{>1e{~bn1hE@=B z!x@0^S`bt*!=kxpB)|6BGpzQRr(Zkq{A*;sf>@ZAv_Z|fH_h4pIE`!sT+5BN)$unT zsNB1KYIIlhVssO(rNDLH6fTS`?$zy?EW-kCr3NnVtIxc4QsIJK3hbY!F%Wj&wR1Mb z-wzbH{6Qcqh}H6M?yY>_;dEqN8wMZViSZtQ&1_37yDS*VIaLT==s1Nw&;n(V{J2Z{)9PP=^$uqNL>Z%f6W+2uf}ZQLaByG+fyUi zK*DODNx+`OUL9?b8LAD+Hvl`_m!z$e(t#X$Cuyhk=cJuh&6(}A($b2bohj`{*m$MY zM^Ba!^(hR?GA8*#`d-;hs860+k^M5}R<>kQhGb3P4@#CHyOJYPMv(hOQ!)b6yjj>R zVkT!|-ZyLvNk&jMhEx7Yn3FcQn8}@hoh+ezC7)2R9r4d4#{ccacWBFs_(Xmh+%Bx3 z3_h_ZY2OIC?@gh5xZ`HRm0`)W>(^==hGB5WirMmMc%e0hSL%d`<6^88!>gulel$0y zFyMC<1m*C$FS@)O6K9q`&kEWHj&9)ihB3B)LxX=pi9;HnDICX7BrMQyfFNNKERUqI zZ)~5l>HfO50^kVxT?GL-s$NaUkvgU-W0_^e1qX2W)Dh6^j`CohDd6z#M180#Fm^jm z-qcn@hXNb1xiO_1#l3r3|*Ep^Z42&XY5;gUXRgnzp3EzMR?KLk!T-Bu9JkPH{9N^zR%nhuLKuUaDjHd-xV$xn*3F-dC| zo#{LrRo$~JPUvT7ir9591qZ_05f_g7NKVFV$| zF}9=zRrZg9rEw@>r(|^;@}~_RW=i^}o197c%5kV*JK}p2<7@v!SZxQitm zynaWDjql_t!2L|_Lp9>gf_mvic8fVDoRwx` zNh0&uxWzB7oP_p07oaa$2&PW$i)UhCup~Mf{dMOhsElg4-#2#8(GXR-=W`ZtN zzBFEmdJ|=(6iSYroapUJWKDgYDffA=1pPEnA3}z^M$rVva=S=v9}`?>8r&}QwXuGC zG{rtV{!iorUqHYQF;wPvae~H%Co0u;59LP`lM1&BS}udv-=DPg1|L@IK|0^w$YwqU zc64;Yh4>34bkf+XosBDkgVCGf7#@pbbn75j0CWa95tNM}rE>&$0+4Po5VI0qUGWxD z_^3Z{tKGcff1TO^u?lmOwMIy6GAlguq$5ys4T+ zt0C%Dd#ic1KL#(N(t~WTe~teI|F8VIf4MCNgW@_zAAA`JM=hMkK3D)pTi$|bfhZ_B znsW?3HkY5$-bIB=ikoWfjjPISB`XW9IMQehtukD`NfTs{=xgLT*n506&OjVrjYw2* zEme7P^%^)DudKx3eK>T%&T{Hs(l;DMdV$A=sWbdoMyW&mm{N=-vHP5!?sKvWW1qKr z92T=X==BEOW;0yL?`|*1VXqrvFuVA(H{JBv_MP)qukto`_Ewg5HRa_uFD#qU+ur0| zwR+x-@t4wNtK&fc+DE-cADAc1eiYGMjPA9 za&wA9eizuUwXiQ`E(fjc$2uu#FRPU)?LS5^jZ3xj0t=Ufbt~ZSPlJCl{=wvzror!; zh)lu9UrB?%HGW$X-q=Ygo5-$H=Cf*D7=JG<%{}q^($lm|v3EB`SdhB zX?P~xX=(0_Ka-xOBOT9$G7atTgB_v0Zjb*tJ}hEx-4iv_)BHFsjnrpPPg9zX=R0X>q+WY^n*4M; zlQNBAUm*JhwsX_d#3mY7PODEmEsfN3Pfyd9mIiYnwOc~hs`!`vVV+%>BZs1tE9hMA zlukyCCCDDdA)ivmkbI)@NzBnxFpbr+i0E@ToW+;&lf6CW%8`y`BJvwyk59=dnBpIk z*C8B3Jr%3RjW1Y|lT%#cG?#>Oi`l<_XOkKX&85Xck!Ci3~R%n4tOE3gI%uJj; z$ED0np+TU3wS-zig=H3;kDUp~7V>cd4>mJ{xJUF5v&9@_kLNWnEH7W!l$X~;*XF$V zcN`v%1D|i$%qDXtBEXr z?De?)_^~o%3m_eWK;WCbmzqEDxjhcM$76SRwwWk@vngP+>*r?XJED;aTZYe39*H{g z*Oce7Kndb6m|RxfnQytxlJC^5ETCx^q4QB1k!ka9-fr(*h z#$bkShAm*Jf6%YbvzeGpXY*|=!nh4SsrUj*DYKL?OChrqFk3#eLwv4w_0+?F|% z$<6K-_n;f@L0epdE@5-D;$Wh+)yn7HQNO>Q57l2;e`CFxIJLYU~@7&&NkadcNY}x~J2_UyjZ9u=_l0(8DaAnI4Wf@f1;Q-fsI*J1?-azu4Jzc6N@P zyBA!cs`C!eWry1MfVtD0vuQ&-HXpVQsn%wo-b&AgzwzL|TQ z8Ea;*H~*!XA8dZA`Nd{&bMrmT{JLhgu6eAPpVQ1bnwhqTpeQ##0{bHR1(HRZxwV;z zW(*Q777XWhA1-{l@OYv4D%7{d)7gVtx`~;T+-BtOIa_x}@6u7>=vgIGeJ<5(As;Z^yj#y(+W%o5r zpKaooHn9tv*jY`iN#=noQDjqgQDxB_czi#K^WH_PDp*COwffQcjzh&|-MAh-lvjl7 zq;@DPm#(oxz6f1+#9Ww2EY+dvvT9+k&ZCz47K)K)EoPqLQXY-OB7KpyksXnJ5pxL9 zF(Pcv(a5O?e<;G#Tfri}NI_&lM1MWPz7lyV!mp38(Fj|Y4EuFom-zIlS!0Ubf%+xR*z~72YAQ zKthMtBk~1b@H4@7iM@iK7VOW0EfI(W_Jm;j1%_AzLBT`_yK4cvCtMru4X+7P@QMe+ zmN`elFNEI-i*J$VO?oHX;kxpo>{ttkLCxdj_vB z3I`1OydA#XzJ0z^KArg%`1tF-zxeo9d~Ahposa9jP9Goe-RC>(dpg$Y(=EP`ugoVL zK8?dC=z>%HUC!_43?A4QaCVThd!QkcKe4rZ3t~3$2jMpq9+2CfA8lB(dd=1~Teptl z@1oTW7b!ocbl>(o9@LBEZ_-Ub0+>9gH3Eh_pHc#OkB3T?*Xp$NGA{)!6Ht=X5=%oR z(8xu0+w-d%Dz`QuR3mv)#Vg=wtZanKKl!S1D}Kj43XL^-B^6!$5ysI<=6$u{)rQKG z_!@og`368H%SQE>{y+&)0`F8QsSS)OOJ}b1gmm~n)hK{pgI5hyTzsveG<4&A9;HGd z;p&+F5S*FHOt+{Uy@zKrSp>XQSB6XC|3$bnS|FioKmZ;%;b`htq z@oRE(bK?)PrucLCJeVuL?##)_!Mo=8kMa3duKK!^&4{0fPtZ5NGAHNs#@t*c-{m8N zm*_QH^523$z7?7deb&3|B<^yx3hno??D8noLFF+Ig$Bf3c9eW6XVFUvI8GWQ=!j0m z-0)*(iNXJqnZ8I(bSP6^PaVQ9x%3PrQ|6z_{s`GHe0Bm%xBVgr8dKz$vTT!w79OA=N9Mb_{W5WIk15*MNfRKhI@UA zE8`_I2MSwEfn{2K(r2FPmxSj$dYTD;#pI|?X@JZSI1N80flvs+rxGr$_4nU@KQo*I zsjw&#sPg-AbNzu(c97+}0|B=;7<}{n_y6`#upl=YbY=(K4rh(eQ7ga1}ILq`5D_Oa2vIITZX&KHr6$|*GeBLe79L?ohx z3yNsMt}!d@>)S8hOw@^R2+j8}XS(R&UxEJs!=X2ghxZ6r<*OO_TC|*)%cOO2VdXt0 zi^|<76QYCx1351vEHA#;x1T-N$DWhrqV$Bz0v}-cUKV40OhnmQwgo%oHr@q!o9{L; zQ;+2?LFI)L7}>1eqogOK$iS2_dk@VdD~pVcavAMw(dyy+-V(F$wU(psKx5l(+GW~n z5@>Qv13laX8`?H3-DIw-Rkl7VDH@+LEkr?8=4im)f;&^v{^C;R&P;-6&KP{&L!%i>tg4$p26_jK9YTu0!q%IP!h()I$X ztBxPQlqtNPJ+2WcV)|0O99UJAl!LhzuHib2z$9HurVc0WH21si6l` z+PyF_et4IT^&7ask4*4Ve(ciBZ9gky>^V(vz zKAS#8K@Mk~`IwoTiENy6Bluy#jd+pRs81fw<3fFR)&9umw{8xs2j+bzULwV!g!=$?k{=%W(xlH~NZrG4N5nnqqk=t=1+Rj>z3^>4D*&qWEbIC;LZI9XNb}B!6nR zLL$0%jdqi~TID}0Rw(mVU9v?xpz%8G7&?)4>4d}7!#ItqsfIJ!t%Nv4L5XZPVpOW# zUL=Z>&4w(l1D;ViS6Q&P?lE=gn6bcQ^_|A7CFd>VEXO^@JlHG!Vfy+YjCdXi-f9BP z`kDpr7XFp&UNA1TDFg&B{0DQmt!*#v`2-NNE+Tz;hI^YsVUB|$S z^sWOKt6Dg)$I@eW^?2PoZF_<}87V{uW`r^*UUd4z>aCK_5jkGn8dO+BGoKH>|7o@4C1XUy3&OQ47#y^T~Z`oC{eG)ebgr?ygt`qANJMpa^3z$Y#4x zye@4odbZ1?dtH0nJq|0)yl8e%Y)at}@Elug#9nCFQ}lS6E)ajf;By!vsx)H$2VuS` zh1Ea;puQkp1It#FVO=b?8=HS!2*t|mKAQBp;1rqJe3~o~Caf+-A}E?}JKM#09m?o+ z?y>iH^d6fT-6wf?+smrm;EQN=r7Rla%z#JGx9rkJCYwvn?v3bMl4ZclUqlC^ZBiH% z+Q=Bos(fv+Vn^O9 zUh=4-0$BnIT_U@Sx(PDRK585)K$167{}7$cjuqOw;EbI{n!^e1VZwN}*mmkYeZ=+K zFvtzQPZOBr_=J;?5@nz}h@TV?G7Rg_8~lproc^L3+t(#|7V+V-Hc*1St4;>IcY;|F ztvW%dwwI=>gT*IxZWo!9A1H(`!W!u3eFu!P$UZeZQRde-R7tJhJ} z$)d`#5`|KKp&{v;9%Y|lBsUYk#2j-S$({*bdHRby$LO;pzjSEpV+*&KcYp_Nw@@*K zrRxAn=iIA3NQ@JLUe`YTfX>@cN+$^qd+lhvEtVZ{npfl>1Vc^^vRH2;TK&s# z=7l+rx^*@6tK_YXs#KE2U|MIRlDGDqeuHmH%;&OCEm|(x4G~rly}E~6dQ9YOQ_k4v z6l`fXqc2LNw2z4zMAEk}b)F%*Cz+rumg(rSTe`SOIPGAO=AE>Tk@6IH5VczaGEE9- zjTs<4Ihc`~lFdE{)2f5!{{*j@p0Dn*@3D~tXx>BXBM@_HzQoIjVg%>~BL`dp85@GO zoDR^onz0sefQMEymm}u!cRRYQ7P?xx>L8zOLE9hIkLhNeYT>Z#CKA@Azzr$0(ctlw zC*H2~l5c2m2^zEXPjLvaDA1=QP7tV+WoSG}-eA+_#7cHq_tMC*?b7#xx=4UQ7%1!A zmYsVsaC>&6*Y76wAWh2K(6f-5h-)X9195G|8i0rvkzfq8kVKmqb)z{Sc!*vw1k5|w zZg89~U31uW!X2C$x$gy%p517UyOs5N8?954coa*(WYwq`!b#$~JO@%IQM0jLf!r*) zkAdX~auhD3YIPLm$Duhv0(*3XjqYLBW6_9cOscoi202ZN^pB{NFky*6d=(#}QJVjy zjBe99VlzHz{vyUr*AWZj;I2_(u)Ek^Sv~B@?6F+W_fP{Wgm54(t0f(ULSbdJA#jzT z4GlJ~1bYmL6uL{nr+-oQQ8B9RxXE^>joZ2oSTUKA0?&3m7JJlZ`t` z+LGE)wk7c|*_QDp>N7Ov)Y=cRZVsD-pcxyP)RGwq79T`WG!xUPz%J(GurdFBBaYoJ?Pl#Z?M|$*?$Peo z9su(>q&ub=`KIFdU%99J%F31|{{Jy?gE#*R_ji?* z;XmaTjsDNx+!c+A`DJBg+wh^k)N6U#bL#KnnEa8zx5-4?$}UT}pL(xpEB~+1!4ujM z?R(m@+K;stw3oD3v|nn!(te};UVBS>NBgVxckN%=B(yTn-!Tu%U?BwV&Syoej8(E) z2J1F92VzbKTg1*n%)b?is;HN!cj=n=eAKfk1ttMY*Z|Hf~UMnNQ? z)Q|d(U!@2+<@b_!Je&TT-_z6o{~bO9 zf_@RqOwaJ~fgFqh@Xj1)mz9^(6j+ve zRg)aO{V;rL`o!-amA|;|gK+8}1g0t3DnnZpYcbP)F86h5ZQ=-4qdZ{Q<=yM$-Y$C` z6g}MK$jsPj7fPD#apAD)POP*@7{iVL`I}E_+Tl+hOFw!A84c5gA-x)kcgT99Sa?W% zvs?)zWLaZHkd&XX9>~CcL^#6(jUOTdnlnwj$C_dD_c%T7ol>5}a;f12RQqz})NuOg zMr3ggqG2u}f_~DGW%z4%AZHPC~7g$A+mjtf^l!rV%k3A-ir69jC;}%CGH(K|NM^e-kEam zO(}yfr3`+FS7;2I5}LM$*`Rlzdw3j2Oi6XmH7k3_xEI=N_Ly<6Yf<)Bkx!B2QQMz&lzI<#Tqc(kFe zzCPN~KRhx#w61?sbjkSonrL*%(7J))v4Qo`ZNuvaMx)~!2cj!4-ZnhGExK@IcwGIw zZXjA;Q)j$Bdt`W|ePq-6l*cGNN6#G?9UB@Mj@H%8N`;j_e)u=araC2`{^9j0W$Pau zh>i|y7#bTN7)9B}NBh?gZ0;YubSyeDm;y#s=+Y4!LQ#jpL^Fd&BU>pI+T!n-Aa zS&wB-RNmA30sKCO@AY`I4fpGDKZ^Tta8xACX(47dmCHj2m@58&Cbn zJ<&_lpX2D?*)VUc#j=wA)c_0iq)J2BC`AqWU<4+pwZubcUk87apF+Hv1Rs)b)R)PN zmmE;AX#l@5L#t$kF2fEk;lxQYH#mwHT6{k^XC_YX2BFUn!-_Er)|NToT6wU!jA{j1 zAuKP85zVI*_Lt?bh?oH@%qm2gtwAA(02^SD*@URmE!s?UU@Iyy2Pe+vY4fpmj%f?f z1sz(a)&+uEq;-QwF2-tl34(7f#hSWLTc$0?%K97-%(+-!pNIHQ7hsirp|)DP2y5-N zT0axo_qDHTPh(Aeo%WRWGwm7e4eh(w6?quz>j~{JR^JD)*8aKnS?#x2Wj&-l!E~&_ zKMC&o9as~*36=flu|EF~?d#gT%%pvWQFMcwwg1Gr>vLGK-++@yC$+z5U)J_(f79O6 z-q*gOeN+1()@t9va9D?+G3&8v8_<5B{RnHf=d|awpJ;zTcfW)!nV({nzX3;czM!4Z zUe=Cd7`>&vt=*_y0j(yc4(i_{-pg`dz@LBjoGmlbTXHAT8lF`R)t>X!x~Xzeyk5OS%3wxN({sBGz)9R z9G1)Suwsm|0_`8#e?f0m#EMx7E5!=3oK>(HSVvZ|YF2~QWF4z#4caSMRW`wBumx+& zS*(@K#tL&To5$v3of*Sn>vqx8?6g;;lXvmUk>tIs9uY_=3@&_1?|EoUp( zIcz06m#t#wvGdsl>|^Xgwi;{M57}qxm`#8H+d!22^O8HgoHOzd!!XED@*mdlB z_DS|Bwv&BY`!>6Q-N-(}ZepKhpJSiLrpRvg1-6IX%)ZEOVYjl|*zN2~><)G(yNmq? z`!e)e``F!x0dWtzm)*y{%I;@hV_#?c*#qnw?3?Uc2>yJ4J;V-bx3fdq9om=Jg!T?Q z%pTV6gE_}t(CO^bzNp=zJ*FLHk7!S_M-hAParOlJHv103)E!|**^}5=_#XQ{dm0fH zpJhK_KV&~*KW5Ld=h;u#3)qYNDSMH<#9l_ct`qDP_A~Z#MDzJ2dlj*9PO@LYf5GeQ z*X%d&81q|1Li;_UXa0fx5wWQL#NK9qX79iv=`ZX**`oL`HRraSm2_;vhx{z?8Rz7wa7Z{Rob&+wc0XZh#&=lL$an}31tLB!xM z@>}?={5F0&Y|QWAck;XVfABB!y?h^{pL~Vi!|&zy@vp+%@N4|*I9K@q{|5gi{}z7` zMiUS5gZvPm;D`Cc{1N^re~drQpWxr--$8W3Bm5|Tl0U`2$G^{?=FjkF`49LH`H%RI z`E&ev{uBNJd`$k7zsO(WFZ1L41b>D9jQp<+x*Y`9oRtrh5sl2D}Rswjla+T&i}#xi~p1Vi+{jR^EjUr8f<1b zVr=QcB+SAhtO8zfghM!mOSpwcc!f{+MTW=}0TC1-5r&aymdF-4B3I1W z#iB%%iZW3yD#Q#?DXK)Zs1dcIPSlGA(I}ckvuF`B#VpY(W{Wvuu9zq0i#8Dx3q-r< z5S^k+EEJ1Gx9Aaz#aUvBI9n_gy`oPn6U)U4agJCi&K0Y~dE$I=f%q7#R#%IQ#2T?y z^oxtdItHjmf8u4*) zt=KMhh);;?#P#Bn;!|R$__Vk|+$cUHZW5mrpA(-KyToqs1+homEWRji5x0ul#O>ls z;tp}AxJ&$p_%h6B_ldj3SHwNyUU8rJs<>Z#O?+MK7Y~SUh;NE-i3hRg_K-NJ?G=Z_ zgg7i77LSNW#be@e@r3xc_>TB4RzXL_liHo)De*n=eetw-Mm#HiAbu!*Bz`QO6VHpE zh!+rZ?5E;I@sfC192Y0VE8=J3=i(RQm*Q3Nnm8$bB~FRg#jnM0#2ezb;&*{B{8_vs-W7il|0(_|-V=Wl?~A{Se~AAQ{}lfcABfW;E+%yix_Yh)UDr+6 zZ@~tXZqx0$LwD*f-K~3cukO?RdWN2<2lSvG(!+X0&(gE?96c8Xg!y_@FVGA1BE48I z(M$C*yzAseLx@7H|QJnA^j5lQhk%YSs%vfpe_1VeN-RQ$MtRcW%}j%75bI> zRr=NXHTuW(YxV8=4*e7Qb^7)CC-qP1JM~ZNH|RI&pV4p9KdXOE|Gd6S->rW^-=p7* zO^93cTlL%Y+x0K$cj$NOcj^D3e;M0H`}Di@uju#a_v-iQU)Ar|zovg(->*NQe?$MK z{w?fu9?&1s59){X3H`ACu>OetsQ#G#xc-FxZT&m?cl9IK=Xz3qO8=hzef??u8U0!P z2l@~7AL&2VpVOb$f1aedOHVJDcw08clWOlF*~v6^fqyUAg4np`Hg$z$@Gd?vps!<1S|ta@#w&1 z1Ll5tu`C$bFfu%Fsij|C9Ube2M%QiIJh*A#3dg#sdwa+Fk@5a@l&O7P^48qBt{)i9 z>(!+b==;aEh!ffp+&DwerR;T@0{dsi|O`#|#6(q)upKwZsUD&qlpaV(lDk7L8s zy?s$K1N(;Lt#c7pVOWjHGCMbK_mAou@n!BAAKJ8jz&s=`mL8)f zLq<({R859d3-%ag9#U6(PqGN+p_)x2>o)P8#eC=z$KokWj!UNQooA&K&3S3cgYVJ} zqXPrOo3K_LT355Ke{8^+`o_GZf8Dn60rMt#aV|+o>D-j^U|ymcag)60OHe$06TZw# zRr+C-erZY)=Wxn{d8tZ2EHB>S{w*V8Wtv(Q00`VYDAy;&OFarLbQvFSb?d zhoC1J8yd4+p13oguK=%<7w1(2qa$P6BqJJi4vuUaoq8C$Y#{OA7#q4Gaqk)fQyNY_ z4Uh^c@#GvH8crsXc@GT_5|bNsfOjSD$1fjA+`Gm%V(28EWC^AoP=dq*l^}7iN|1b# zB}hEU5+ojM{ewe8E%gnvT5SVk<6sKo1M96Q$oR&g(e*ZzLf(wo@JeQ~(J4!#?#CR1 zz;E0;Wu=V=%3^S6aC{?WA#cVUGNHP+Q!}btf<(c`H`*yLc{gUKchrRA8y!e*+>WV+ zNIa>oP*7t|nb>%cU18i)_Gocc5P35uktc3}Q{6gbzQ(<*g}OI&4s06lCsJytZ)lO% zhWcjX+A0Ru4B@lMMnqDBJ{}{4>INm3H+ETZd26G38+X90;814;CrhAiWdRf*ilG1v z9OyZPgKi`a+$3<|*1#d}Bo2a;I0(+bLAM4D0#rEYPO^_0X#X53gUyXeHs#Ti1gaU^ zI5IkJ>x0g5c+~V;lK`aYsAY;H3i?q=VzOcHEB94^HE) zOk$&l0hy1ylP_J1whe6>14r6KKbYGgFbs^FyN1^zwYh6EUEE0!nZn+6#kx%h7(H_N zuuQyZU^DTC!Ep&EpCp`f*)}5ikzs+Sf1TB6JU1CvNdR^Avm`;_ zI@5SR%eb~0SH+*|XSEy89mciOxON%Wh3eXB;BPhXw;Fg`4ZN)e-c|!|tAV%Gz}srz zZ8h+=8hBd`ysZY_Rs(PALQ^k#aM(0L->M7?j5;qca4#@$FEDT~FmNw0a4#@$FEDT~ zFmNw0a4#@$FEDT~=rXO8IJZsVY&YuLZs2Y=aJL({+YQ|92JUtPce{bR-N4;$;BGf? zw;Qpt6ukLjK(cW6r;u^n&@}B>P$1{k}vn>-apUx-$!{o z)u*cKymfl1eyh9cj1lpTh;KxEW1v-M#xDlb1ZyF>5z&o^ZbWn=q8kz2i0DQ{HzB$S z(M^bMLUa?No6vg`dT&DSO^9zY*oBCkh0%#vY12ByNVBYC6KHDRi}pEeJH2|FdZXc4 zYv4-{>Z~;yp0!59v({*M)*21ZTBG4vYcxD-jfQ7OL&LM9q2bxl(D3YNXn1xsG(0;R z8lD{u`2NUn1;iH+UqE~T@!7+N*9eF&AijY11+*`qeF5!j(7p!kYtX(1?Q77!2K{3X zJ6@wf`x^95gZ^pIKMne)L3|D3YY<<9_*%r*BEA;!wTQ1pd@bT@(LXKXY7tk9xLU;3 zBCZy3wTP=lT!Od+aS7rQ#3hJJ5SJh>LB9#&6T~NoPY|CVK0$nf_yq9{np%`y$0Vl> zPsjv%YWH)}~nv{JQ7D^{x%$bnLQtZ7U4 z@Q=-kt5r?FMb-SI&x))4rg0buWmIRe>ThIG5OFVhy%L_M98%zUjn=#sC`elxX{)-F zNO^(MmQLEzOItzGmchKGlhAbRd=kEsRA$B!h-6ogtO=4eL9(WitZAecYs^-7jnqz! zWKSctQzKc{NR~B{WvygcD_Pb`mbKEc&`KCu2}3JkXeA7-grSu%h=f5T3?g9=34=%& z)yIWM7(~J#5(belbW*EyQVpF{LnqbHNj3CRtMpP^^io^&Qd{(rWxZrsFIm=0mi3b5 zAjxu&8q`ou>cKG1>RgL@MbK5H)9FB84ITFOEt_`5I|naGy5apGl&G5?+rnaungK- z=&MdgU+J*h7+)n29qSf}o^_KD6rPpqSvN`ateYf3tQ#aqZAlR821yX>21yX>21$^~ zd}yl=2GUhxKn$e01ZgfonoE%867%7d>anhvAk8I6a|zO1f;5*P%_Rob6%%~DNJ6md zK&nfS>Jp^71gS1Ts!NdS5~R8WsV+gPOOWakq`CyDE(yV75Q6xj>`_FJ?h>TC1nDk8 zx=WDm5~RBX=`KOKOOWmoq`L&^ETC1nDk8x=WDm5~RBX z=`KOKOOWmoq`L&^ETC1nDk8x=WDm5~RBX=`KOKOOWmo zq`L&^ETC1nDk8x=W0BjT;#iAVx+7h>=kNf`peK;U!3T z2@+m{gqI-UB}jM)5?+FYmmuLKNO%bnUV?;|AmJrQcnK0-Vq#s0PS6Ij?gE~@jD7;! zr1vSXPopXu-d-kHWm2|bm692oof4}GNzF)#RfZ;H$ErHV!YgHZb8F$oGiGEZ!#g)+ zG!!X}P#l>ATgtBRrd-uMHX|bzUeOL66dx<^kt6S!Bkz|C??scvcj5Bh$%^o#bX7$1 z;GwaK$k-g~C}v90J1JSw5&rkiN>;^E+(9DlU=ddpPhYDfAnGU)RV;)_RDhZ+qNY$( z7|8=FYi4Lid0LJMK-|0OBm4;MFv2}!GBOy=|d9+$J$Zn zVa8K>mIJy=6&quAEZwjby=CR%mYEkhpr@<^y`zc~D&{@ydWkr+$c}ot?+ zhOOu%D;KxSCR{8PR*c?K#Rr1biNl-?td(t89_dXGR#?-5989}OvePC!cOGNkl50V#b>KuY^a zNNFD_nAk7~Qp9J&AkYz?4TC^Od;#$U#AC07p&aqpun2U-W5Xc9#D+nTqJL}{1UmZ1 zhC!gCe{2{8I^wZm5a{S18wP=n{;^>Y=;$9C1_>rM41yH>W5XcO(LXi}0v-Kh!ywS{ z__E;;=;$vS4uOvTvf&Wu=r0=%fsV(Q4Tl618xBE={@Geg&dGf#^pdwqJ+#8T}VbjJH6F z_H}4qhxT=7Ux)T}=#LI@bm)%`@pR~q4smsO{&a}1M|?f{$9R%pVmt{_#AiGSbi~&q zz8>-Qh_6R{J>u&TUyu0gm84)|uOuPGz zpquf~-yrmty^<76?3E;>h|f41=!nla8|dgS<7}WKK6^C@I{M2v8|dgS<7}WKKI3eH ziE%ba@pv=N20ET^#@Rqe{~2ck9sOsV4RrLMaW>G=f5zEBNB&IT#^ z&o~?C=s)9Xpd&8hYM>)7<7%KIF5_yTBQE1=pd&8hYJ!PzHAoScaW&8pmvJ=E5tnf^ z&=Hq$G|&;3aWv2omvJ=E5tnf^!NfQkq=?Hn8t8a_87BiB&oAR-pyT;voD6itVO$J! z#9>@aFflF$DdI3L20Hr3xESb&%eWZmh|9Pb=!na>80dIiF)ju=URR8Z2`0w9AjRv5 zaWBvjhjA{@5yynb(}XxCJf0@RF`=I(qdk3&1_jZtC~Vtcu^nQu9cr=N(PF!k#kSF6 z+f==6u&{5iuy3%iZ?Ld$u&{5iuy3%iZ?Lc*VqrhT!hVQ_{SXWLAr|&SEbNC^*blL= zA8N6GM~iI}-4?kBa9MiHjl79oGeAvf-)l0lV{L@gAp!^qmN^Hf+!g zF^5oSv50yk7EuSp9117yW8TnE7%|7ZGcBQ(%~)D91d;5R(Y5A=5wjg?My#$iH-nh% zXrvsemf14A!e;IS()y}FFkvLcIyE~h36>zJsI-nxp(&VV2TI&9yTQ&RFO0bF5B8&ridGvnJROG=_x6) zS*fwvX)w1Nazi_Zt7ZN@x_45`x|wro1DJar3^U35!nAlX-wrG~ zz$|t(%ug3!=6M**CTBJ50L>9BHiUWW8kmvZ17?}WVI2j`g7<(K?k!;sdkD-(e-CDR zE5&AlMSIwCf*J9?FuT1i%wq2f^VOqaCU_&6DkR#dmUZYD9;uc^_vjS{ODMv7^-#;E zMTU1*!;EjSwgb$#cZS*YjbUbd8<-8>5$3)3hMDb&h-?Kj@4aAFeJhwZ-w9^He*iPd znIG0LBflQZw)cnm^hTH+-yi0cizPPj=M8i4gJ33o1k8?4##~#NtKS^v-FJpr^f55^ zoLRAhS^YjRTR#Bi<9C7C^#fr>dTMN9W}JK)m2;?EOywFXOQ`&U$|F>sqVf`zH>s== zCl1MCD)XqENaZvtXHhvfD~lJDMO3Z=sZnmGayOObRGy&nB9+&vyhr6zQL1EA z+EMA2l`|+ymk}EtR2EcA>H-m623Ni?b|L1F1};GL=ekT27WqoP(34 z%A;~3mD8x4Mde&7i{J(m?>r~CL;jjAIbG)>u9$IwyX()V9NdF4=xP4El+(30VhbF^ zUvv78r5qelv1MZK#X;XAO7R~D2%;1<2%-6JOKY$o{(_+!^tF~-;`&Ds;m^yOtp2rE z3B-<}KKwgUTw%$aPp1kb20@T}+ueRdM89Lj~2K~rEI(mZ&wtbu3aPFWeO zMmhy6p|0Us-HB-_rrR(r!E`gG8!=sv=?hGMVJX)Q(|MTQW~rR8t4gk8dVLM1gk4Yd z^HHCUDdPJeu1^`u_c?_rwA<&A>;TAnRNh7z06Ev-iN*O`0x1XCoJ)sQH#1~2-&ig5 zZ{&g11#m}9f|WdSpLt+^I5*lCHl3m`Pvw#kdm17+7`iEzCa8Rjs!gZr#D=wCxZ(VwYrh0+uMvaU4*qd95<1 zX-@l`8$0)NsjR)tHP6l6?OGkTI-}}r^yuJe=XthnD*PbB5U*2UF&ucv3~v>W%ehVEvh_ zK3uW1KCE)1^#P66hZS$MKCFAA^|>5YAFeuz&yB?Tqp<#HtUm_pkHz|VSbrSW-;DLQ zVEq!TzZL6m!}{B?eks=9f%SJ|{XJM8*4K&t!TL7V{(V?~Kh`h9`Ul`y&;posYv9P; z{`YeOfvdzL>&{K3sVDa_O})56ntEgTOjZs@j+Vm_qvfzpkk*I0lh%iIf~v8Pv^k(I7SJ854DJ_S)ik3r*X?<8p%F4%Lc^;OJ!}4udz8%X;v3v)X@5A!_SYC$Z z2Y_Qaz?JU}BfOT}r`SfCLR(lm7SrvR?gxJ14x=)0Y^Q_Kt4Y=q#;*flEi3bk^+VoF z2T!ODp3rhG5A|`Vm!iG{^)l4oY#F;wy*ZkKEtZbMbO)yY%6WNv5C2v7@Y^RHds6=2 zdD6Y@Rp0iiVt@b7_Ns61;QwoP@LR6>ma8%j`-_(ctG?}3-}b6+-vF?Y+}k$* zZ{Gm?XWjt3?N#6Qs&9MMx4kMG;lJ%w|1-U+Ts{xKhRNl2@U`vV_;y)SUHBHy$>B?z zJdb{HmcjdFxjY}fW&Kkz2;nVsE7*TL#Gh>ZCn9``F)kNEY{W$nJ#z_son9(iCR;9B zAzLY1C0i|9Bl}#oR<=&IUbaEDQMO68S++&CRklsGT~;dFA=@e21z+zjLu|*ZvhU!x z5N^S*A>5_$Gao=S&c_go^O@{th$Zj<_G6SEdX!mJGuFx?^gr58lL z^x@R-ZLcxc6e3-=fGCaCh-u`P8F*RnOlvG(gZOqyFvWQo)Eh-9O72? zg@~2!LtM%v_znoa-UG+a_8($*U4s1KkpJ5lUY8+14f1~*%j+BXvizgWuBPwD@a3C> zIcXr}H(@Vvu7mjFFT)|ir5$_|7T>>%Gc`KF_cJ+sS)irjcW?M&FbDn|AYNvU%n|qe zy*+OoMEnwFMQ`{4>KADz-)$88U-~Q zW;Bd}sH}5k3m|T2f7pB6pNbDV0wSpHk$nMCUiU%V*D{zxa1efDqZ}f|9)aksUqKAl zV-UHuf<|mTNu#x%p;21T!|!iggm|%+AhPJUFo)tg#FM=ZabhcJ^wl5XtFagb_POkZ z>=%f=3MY(Ha#oxTd`EVKIIJ!Zf3*(8UabppSL;K})rOoe*Mw^ZQC9u9RuErRfXJ$W z5LMLx5mnnkG}RFJ-3}u}Q0)rQQ+q(<)IJb3H3}l8MnkOB!4MHOg&Qg!RfvigEt5gi zx&k-{q8_J&nS2nZt`PMs*5>o;*0Qo~QP8E} z8T<&hyg1+UHJ|VKQqFOLJ#TBJ@~fqgd#Pl6td*Ug6*!i!2lt92_&$6~iyZG|KI6S% z(xdp-3qG}HK@i(inEEJ2LJk)H_=Xn7ly0(VZMLlaBx&o)maZcLSA|}F65eP{alUIl zpRel6=PQGY6*M}jTE#m`jpJ0%j0q=cvlLNED_40`gy78AvI51%)fxgyj7m?76;$0+?<;27xq3%r$3h&V1PI|BnGlzhmY$kEI5{D!rMhccoWIbT z4-$8?cNH+Qb{wq#PfkpZgCI*;{#oX#*-(>4+0IOWXk^LR>6s$~1RYPrx(e4;)esR0 znZqIEc$PXmJw039vD%nABqtk!sU&BQ4jVwn(pvh5y+?8GNr-S>K5cU&0rUgH;r2J_EM&4}uil!}$qO{qGo?Rqc7b z=(*>?@lST#%ietAVEbV0vj+#f?ay^NnxN4SwU0U))$4DKy!S78I48hwUGW+|yJO4m zr*&65Hd@yqx6g680`AV``J4%kNGR_B2e-Z}$GwJM%9GLSyS|gCDHU?7GTvP*Z6fLp zyq%Q|+>|O6L~rHmi}|%6OsCs1-{tCUTT(KY>`q_sVX*zti(4+P<{OB`zDiHteZ1SY zBjda}RxHfvA5h-?(MR)~?>_9~%(ph%;y9&0-;!@()_JbL2QQBFxU7sCZUf#R8gHN! zCz1OXw=8Z^(A<1AWv14!e^z2vCfpGIaha)ngjiLr4CA};U99W}7IfhXeof=7J>@W6 zTyJiIoOAaREoMQmd-0b1gA3I1T7ymlt~L1a(1^V3^{YoM_p8i(?{wRPKOcP7Bqmh< zep{DV?^TM|WJuD!ON~}EjP5dNR#cA@>sB2nN6Lsk_!~>Px%i^on=CtNf->$@aq`J{RKdE{@h1Dpc}o;r5?Pk{(p2+&7Yom|v@A;}|Ox!x?RpEY<-(fu~ zC;QDY;^W@zWg5~820BbnSXHd8dz8j;VbEuCkbk)zld+0f4D+eH^D-}UUe^!*<$ z#B?dB+;`>m%?E?Me@aN&`tGpe0VDR@U)c3-#`t!9J>zWBFFmR_)qb2jvQeb-#gYkU z%W~RvANS>mL&3T0ycFBjDFH+Lwj7?4SH8z*^MQ-TX6bA7{hm#3df{TLr=NT5XppJv zxyqw`!n{u|w@B;1?A4TO_TP@XHKWdVKOAp;?t1NIuB|T4+!Ry0U9pYIru2iA2|-HZ ze4ph52WB4*S(!Pg-k`$`(qp_r_sRPttl8-6IpmjI#pgZ7jX(5aUGy(YJFGZX*Zoz= zR}ThcIaZC>yWr`_d0%X?9=xoM>tR3m()wW_O5nM8A_Rc|qBSpTFLoJnQ3$ z*_EHw+a%`{%O{la6ZTqkDW}UfpPqd-%w^ct*yHV%zPhqz$k`kGgc+<)nJ|f;kU!q7 zrhS$UUXk#ZoYj1|qFKMGRPhSv9W76>xew5Ee_V1bc=j)~k1VyGK66B|*2?XJSw5c6 zY*w|itNZih@h)k}H|KirugUDV%%G|YZ*F=0In7rHPe+wUUU+&-=%-j#abnQrImWE* z`;A8%Z$FnW-{3nkdB)Dt9w$zQ9n<>W@t(4F(MKU^?nl+PrY`HyG1rx zmzFi@_QHmX>{9bf8sD9m}0!KiW|BpY)?RSgQPlV{djv|0Kop;yuOg$j;TJb2{y;M23c4RgEl1 z;&p@5IUJuh=*7Y4~lzJ9&X?K9Bt2=`)StY}2U14G&(v>Q``K@lUcD(_1*~ z4OO04-Cp^$YW$KDSK{t_30)H=E5H_JP&6oA?*4xnDaWZOGHwogy;$!b3%V{ruY5WOsYCug~WF zlTU>;>zA@U@bIEd9>R0`kE=FJ(5a@{%sbh7QaX+w;8i zzq&si=CUB0cYozNXLs6Ct7VQ3h`23`b@894s zHT5=pZLve5%*lqgf=)mVy@J+EB7oO4iWQXR*LrPxj)Y7yV8|c zwVkACIQr<9c5521nDwpcOcP%>#o&X^=hL0~j~-RA)}>!EZZ$3oIePX&r=G#PvWK5r<{H)V$mHeQ=dZV#IC)%-)i3+q!fI8d zm0xYQqxP_$?mX<%p;7a$*XnnlyoOX*ExS@X`tJq0ctv131pWNs(WKt<2CP#=Y?$pE z*TB8#Z@WrVajn1mDXE@^DzGr33dWDY(91PtJ)D*OgP-;%kN(Yp`tRys#NO1v8#F}F z5~9(H!$$~cD5-pkMQ7SMRB(cW0bP`ht5uj7Mm5cxVJ&5N^IqZ}cCM~({Mc0T&}4{& zCt#_f#?n9R?UpHHZeP57dg-#qd56jOnHM*{EIfH{MP;q}GV4z+yFXnY(ID{Q9Ij~j z%vtkoOxILSezQwgy|%CCu-ng+Ht6=$)%GDz+-{durbK1B^q+b1n||7B5*a+_i+j^%>qgy=`t@SFlx8N|n6sA;#4LL@<>r*U7dP^+1%wXjW7>0s zA2zzAV!C$t{cGFjZ#Y!n@y3)9xkB5>@H(mAep8Y0nfJm;KLtHgb?)A5bN}US6C15; z{+ZqIIfD=E`FM%fk5*&G&+g}yqgGqZiMAj1py~Zb1M<%-u)qE34r}+2%0cJOo}T{c z+UEzzg=sHm7{k)ir;pjh%}D%7_+evxb8lAwM=GB_ELd+vDT|DE6?=;&Z;a~{Z{GFR z<9Us^Qv;@9K}_xJ=dFm~_GQHys1*LHG6zw%z7B_Qm}(uZ*Qvuh#AIeEIZq zE|DLf{iKuYfnmwZ5Ajyx>tE7uJk~ks>#a>}bq;rxZLVMLH0#jf z^i4OMI={HmcwqeM58`B3KHt%sBz)Oi)%8{MD9=joGE?b-7GFtpWHNijgPNQigDI_t8ZrO9rvHTk{A;u`|070`vXZ~@Mp^o9vdZ|@m*(gPOw(M8w7Y&%GZ_NMA|9@2a8Hd z-rGX67iz&sr21uP9bg>h_p7!_0p8E_eSYe=a^B|)4#w6=C@da##9>jLy_T0Ej7XI* zo~hS>cMtQOeysa1t?oFzAN6ST9$RCprVo0S&xfVA&#o-o=C0QoTqdd-U!4|Rd!gx6 zm(~gSn?H?>8FAxSy?e*Il%0OpLq9d@U9Rd*GehGiuiCu~$Q^iaO?u;JPfmAm?)h=Y zGk4mL?(*;}?MD|j`CW2y?SJN;=Id{oUMa|HuKD|o;VmxCANcD1Cu=4aEbwpK?e(5I z)1Uav@wu8-<+AZ|gLZf8ygWVdhn@8@W3LaXceBmc{X4vFXSL_JbC2^kgBQ%0+UK#{ z(f{Y7s`nShckI(s@w8~KN&Wp*2hI4>rW=lT^)0NJaw>JjnaN8Ie>ta5UT9!$cn`P=_8swywY;m zu}A*B_pWrm?$Q3@tKNft?lf*#R#C$9#I~dDWseu1`oQ{5NYSP*lPA_&99Fu)G~&Qn z+aX7S?yRo(YVnZSQ4Mc9^^Y~Wys`5WBeS6ga literal 0 HcmV?d00001 diff --git a/docs/canonicalk8s/.sphinx/fonts/UbuntuMono-R.ttf b/docs/canonicalk8s/.sphinx/fonts/UbuntuMono-R.ttf new file mode 100644 index 0000000000000000000000000000000000000000..fdd309d716629f4e5339d5e5508225ed857a3ede GIT binary patch literal 205748 zcmdSCdwi6|**|>Eeed~v-py_{d&+J$*(94}b0(0@IY5Ar5DX^`2#SJ=f*3RkB1l9O zRH$gFqS8t&Y7n%bw$hebYXPZ6A6i9HOIw~+lt_u<WOrjMDoEaubaE%i{AEHWcW3a;_fS#FY{}sSSAzsONj*8 zRZFhEZu!p|4-&bMzan(?+@(uWDH4%?68WjFUcBO}UAb9VMCE-X+_G)qg1PfQS7e<) zdB~s27a~AjMo;5;8lJNkUbn3GiXU~I!Si_{O>prISI$+O>CGkzRub77ubbPuM7v7; z6yEnDzW@5U*DY9AbzwCL&$-axWlL^Yx-9Xhz2``HVFOX&?j<)ZSn}Yw_zt41ok+8u zc;C>WL%05Ht^NvQ&F7>RPxFx9{`Kd-z!Q&deY$SI0%Ezp9uEfUQI z<JKC$h=<7jT z-fI4xG5obit@fgx{M!r^4S)5haSK}e&DS^FZr=9t;ctc1VjjZ3g+Sx*HydxVQF`?# z_y}B#a*1!6gWeuN5!&`$@MEO)Xl*(AYy?k8Iq;M%bP!{G8?C0F(_{1#nh(CR zj)JGlpk;Iot;A^FO}Ee*Jl!FU>cwGY;1eC$A%V2RUpsO!;yDwL{HOzeZzm&sTD*-& zeP4{8D?}N)(bg=?k1(G2HwPS({w||+C~p<&a0}gxvTwoDcZI!;+V7{grCGNDyc!*z z8B@^iO~c&#I5@Tz95`DVT|O#W)FKb%@p@P!9?C(=3_wIEZ+|1kkB?nBYFLnZ3qH<` zQSiM7DfqZmP#vCQ$k`%|2Ok9s-s{my-s3K6KzK3ceiR%x4rz|j3JTGS$iV}-#K-1J zQ2ymS$@zts@Li)>Fv_tW%)t>ZOrrD=UU7jNTZVJy@A(|(yv1|oX?VO5&L83KPDx^> zOXcq?s1sN;T7xXqopX5sdM29!Qmc3#Jbl(McslM+^I8}!=B-mpbnzV4y%92F1HSFjm&*n|TOz32Onl3cPXR)bcvho- zx%A{;3*yP7SQU83C1nB1DL_APzT)GZfv0kSr_KiDvbGBCDL{=Dq1I7I!dA3^&ksGG z)6$d6)@sCeBR9?u>GV9!7(At=j1B3FCHc-<$K|sPZY@%^plsfD-eNs^ssf?>nM<;A zq$)=*@VsOwJA%?V&lMq*$Keu_zvJL7wg>Yy zJvMyYdB1t3Ii{T*1DlX!ROSCRTW)s*T^^`_>fo=fdO z%F%CXck0EIGL?~Xr<793y!7F3>aJA(&>x5XG4#>UAMxHj+WW(!kQzwsO({|?q*kO_ zQ?01S=r{Fb>h7U;hfd?2Y$U%CH??-?v!R1SDb)9pZ|d>XnxS`w{+@ECgw*s@jnoQW zQ(hllCeNMwd8$iWSe)9Q+BtMSrA@_Bj#N+TGAZ6@OQ;2Hx$Ba)Tv9S+r@oiEZRpU@ z2PwnQzf+B=yl>@?)jaiD>O+k5e%b@9#ylR)J+&rvcd9Ej17qJq*V0{5UAY9{U##~i zdo3h<58jNX8TNr=Q&*+xF(%{j-TF;`q?V+%rLIps3U1ko^1d~K-yWI&=()7)sHJLX zb~4nOuy*k8$mbg$f5Sf`bhY&K|Aa~rCBn5-#y?mm&#O|<)-`pV3#;wdn8Td9$pPviSL!RQ zshoN#12l`=pgxKEu~L79+3HPwiCM{Mhg=P?Lk3iUVhsSTqsr7dNZ%^Z28lM(82Fp02DF*Rg0@Js zRifi*96~05eg@s67PO7(KqpCbGS#O(g?`)s+D?t2Q>h8GgPK7*B{~iB=6|rNwSrEk z@t~K{1ki4Y&Y+3#&!jfcSrVO1lT&ADjzlk~DezxG?Vvq06?86jfX<`N)F;pgIGs<^ zKo?LK=vAN})75kt=t7BJgPHR&=F`m78LS|jE~Z(a*U@ay>m_;v&4GUjT@HGqL~o)V z_?Ob$)JKraSAyOw(d9HB{#$4PXs<+9&{e5_(yeqg=xw0?fbO*r^md8fLD#^)lCA|^ zMTKYc$nNH0tD71{>>tMmiVpGg!NJN&QF6P z^nJ*|=RyBK1E9xfH|RT{@6o&T0_cCy9?;{o7xa(xBIuta`X0TM`V+lR`#?`f^aI)t z|4Dio6s-jPGrbD>A^i;WFQ9*UnTlCIspIQ=@+12>%&q2GX>r8hwThkgtCDZL5$8T}6Q932Av9Q0lKf)0cJOQPrL2>k!1 zw?Mz7->2T8ujp;iuO)hc{s8|F9Rp2C6lMy@d5%nOkAO|2PqIDmXPK-A0Uu(HC@{CV zbwdvcd2TmOto^_>272{zm^2{|f&-{$2j({CoZT1J-~e5DY{Dg@Mb1LQoMj1}#B* z&>hSQ#)7TEp5THog@v##Yzo`Lu5e~JJDeXb4cCMhhx@}1h2I=ZeRAQf@VWWC_bVZF z0ed|DQAus|({@(ED%p6}!KSeuHjnkPRqR3bkl+$B(Z))tjjyAP$I-?$Vn5n=zxaUo zl=zIeTYOVSvU#$bWb3n5Wqs-+pUda>wffqJ+jxa%Mn=Cw!m!zVKW9E`O%q zFSW5sYU48hs_$rH=WrX%Xk*4`8|VKoZEQyy9~f>UeXcmK`HD$xWT}5cV?34mOX|JU z`>7L{KZJQe;9H^@LvK@est%Gnf>pvi^d!;H!+7@)-i^T*AKpt?4{2!6&nB~Q%6s|b?V5e!>4|C>djNXJ@uPYub(=2>Q_7+{|qJvtBL-c zH<%jydhm;rFMW9O!{ev22e12Z*~w{xy@Q=ZC%2y5a`Ha7_nz!Ox%T9WlXFfspKLh! zx08Q4dHm!DC*L~x=E)-`e|7TJlP{ip97Vrr(|Tx#8fSfA{Neg>Jj(`Ax~6rq^K? zz6k5xt>Dg1@MjmB&Msr!bd5A0=dmla5bW_PiEb`M+6?qwU;eQXU| z%kF0D*bms_awhwi>CcFJ(aTG`>69WgVL7Cf z67yHh^-}1gdg!4>*i_BXJFU<+?a(uw&@VHfS9&1bxZTD_e&~)t=#1IW6(iWUMWGw! zK_}!kgF@(lMbQ09p!1bN*W>oCN@>462KwAsSVU?m3Eiz8I$I-jwPxsOt4s~fw9nb4_bLzlW7I#dsICs<~&jz5Vtdly#PpJJ_i1uNxi z;Hd-Ps)JY&e+{mB11sQf=}mC!5ju?3?f2m6cfhyrV&%FTTFC9NF|EePJ%Dxh9_TO2 zp@H1Rend~u9`+P%U{AB1kmQ@#qZq$!;y$(m+RYaB7}nlDK-1`>b?ix+&wj|h4}Ir* z(AjQ-=J6N}Kqp(lxkTa)&L?lPA7f>_m0gcDfpZBT$%W8ut_1H~3k~Im&{ci}Eo3LO zjAvjKc@CNcL9=)fdct0&!*1zjT90)Dd`b_o1#CXMf+$(r-8HSVV`}@9$&=b9P8i?X z(%jV8P+ym<9XGaSOm$UdMR{4gupmDg31^3bK9|jGGU~M&wMwaw%S3@uep9Hq$3GD1 z8IVOnt*r(8IW!jmb1w?$8So>h`O-K8ex7bFUR@G1iI`V?D`qksGdUWQnfx_WQ;_d( z3i$^PH-`NC*vzTj@ZZ-Mn&BTfBl#yuepy6%(BmNxKnj18Yhj~*fc5yB2AY>IT;J5w zSdh#fN>x0GD6)@L$ogt;B~ooUy|nGVPMtN?)0;t=6PPAWIQ%wKqB!Eu?Li~1;oUH`dmtWKGGGhUr+XU#$Ryl!O=q{1Bpuo` zU~3qlo-2n_4aA#}7A(@Vo(~MKAkQl_wR=DIhJ(9H{hmEs!pz|H7;rRTP$Et1yXRju z;Op_s2Y+7W@Ad=+k~7eKGeX@9X7Eu8nFewPQ5-%PKq(d4_N~|>kQfoT0H?UxAghH zRLPTW0P-JDjn+wqO31&dQ@Wi0wQA|uyh6GDrUi``Rq&Eb@gP-jIJfVvr@;GSxHC`% z6(7!4-iCsF0e(MTs|EzLQwrjv=<*LxyT3cMAT%Qc9!j=%^TFYLEsgKQ&d|iEGrOhH z9_Es1mprB4SB}0L_6-OPV8G^>G^l(`rRNsudGxXMTd&8Dy!NkGg(h~c=Ou@RGbI1| z@dE^wO=7xMT1wLevSvuiQ1jf7-{fyzKX+eh)x7n)lgaff9K5Z{U#!R|FrJi0;`{am=J8}07$_m z|9sv#eKQuW@0r0_n;hs!{9^+wG>!&@(74@9Q0N9Up#}8=+E6_YujS#j>2L)PSBB~b zn1dBi((w3G&p#z3f8Y)@e}6@uZ(r&_QunCN(){p>R^OJT>40gQ5%AzrtM7rOt-g(j zbw6Hiz{`8_d?(!Xcjfu+xx3ZZk9TYF?k>b#jqsIt-wU@7;m@ylZN*zF#N-NJsChZU zUWWOrfl)HpwXospuB#drbj@#=+jV6_PuIMLE4nUknA0`8VOH17h8bN0`w(pcGcLft zl?yg55Q`x2<`&KEnY(H3z}&&Pis!FjG=~+<>6x=>j@aEWz3Z}uuCC5ale#)KP3)Sw zX+l@~rtw|Pv+BE=X4PRuM0R@|OwRVPO%wNtfA5$$plY8r!1@Qmot!48&Kywm4^Y?4 zS>3xCyMM;o`|hK9@5BLbXZOH%?~I89t?(qdXB9l;-R+?I8L=3}hCfS}EycfOOGln# z4Day75Ri@pA3Xe73c&kiu1hqq|BoJoMZ*Q_VfVs^LBoedl%&&bTm?vd0ehRIUkZz0 z^)ev70Wm&hr9g(Tg!Lj+4U65E&=?8scYQjfKz`EzwlmOb=ywEtkB4_aqgx6suo>DP zA-n;$rw-_O4G7_}I;aP99YSglQZD&h;V*!15p};9uVO507zaPh z3X3Is0x8;Y*JCS@vKu&uO*Z1FRlq`E6M!9ADMQ+Flv|+!P-f*c;1p5ScCb|v8|+G=8W(V$Xly&t zIFwzBvTG41xeZJ=pQs@lUA>v8$p)MwYQ}Sm4A=_>JWezod5lN;35Y)t{)t}{+;xE}nbQ7L$+6SB> zT51DO#?ocLcHj`vGNfI0jIj9t@_}w(4KM&8&GJT~-XyRDK%INv08r-@QQ#cWZ79DF zY5VZp*ADaoI|1Z*$9$rdn}GwsX`)po0C}xi3~U7s0_TZV<9RinS0mnP#Jdae?y3Y9 z0(f5Q0#J{&h_@E`twp-E9}(UCJ_LylK-_gbzy@G1QU5NY^)jFc=mypRJnT4OLkQ#p z(*T5Tm=7!?x^FRn_T6_7I7f7UCeQ}p-Nq=|MAq7pby^kg=G_)jAKlZgK$+VPYOC2@Q(-OB*f;|0WdVK#s=UqHG&CIIjE93$GB1dwj; ztH5cZ7i~Zdumso+90ic)OO-@FN!Rc=rm*`T0Vk*HHFry#Vrg4dJh$jMv@( z-UrSS9gqPoAfM5%wpfe{U7h`zY@O@;-_9gDCUEOrpP_zJEoWzqJ#c-bM7^sP{h*?;kse{)zHF ziUN4|Q4g>TK>9QLh(1Qzk4pjWN1BgOpHEH^okhC;nN9R5>iOxbz##x>KK%&zn&>lx zf0ha412sS!FdJ9`tO2$HyMP10F#!2~hIHplKsJE7oI{**DC={CeU7?+UIZioy!#yW z{Co+p3fKf}2L^xxz)@fjI7=|*12zD8et~v;fwuk&^*Dc==-+#ZzC<0qLfWr^3#(v> zg`4UH`e8-u#aV4PF(I3nxR;pBL`)tfrsxCC5mO;t4OgoJwi46%fwRQ)uM#sLoe}9x zMZh32^D<(V0b$$9C+{CM9hUa8QX}t;m^z`=G_eJAeM!=SX-IDhFCxaAYO1b zv5<*aHphhav^Y*Sk)l0>Vp9MV_ZNZumso!AbbqMvBt8osNdKm zfI5yH08SGdhqA|Y1DlA|qTb0>z&>JicwdKn>vcdWv4&;D8n*+7fOEu}vWYe0T}vCW zR@ABW7=X5pj{@xg%9wyWu@B-IK-lF-cR9+q9QC?3w-8?oDT#QKuNZf_)Z$86vbv6aYs72@3q|LQ2vOYE*}0O5C? zBerHQv9-&H-Ho(&9{|o0TUQDo-a6E&e*>|5knWyt0RHu8@A_@T?nNKm*ADCi-Y0hd zVqzO>fb+yQAxh&^BeP@f030*Lp(KHv>v588l30Mb455wR_m0LtFN{a+LN-VOkH zeD5G|jM&32APOMf!>zbpT}14WQlJsoO6*ZQKe~a~_hrC2V%w1Z2R+2F{;|hb5!=2Q zK-d$5#Gb_ar}6>RdL;7$Ek{ zK>+c8g0g?Im)I`kv#X!jvxxH?{LkUt^P7ncpkBNCfE@tBUO=1o$N-eT2l?+o{(DjW zUexJDxG&=Q#q-2o@&m2F65uGYeMQ9fR}y;}dB3ui*sI9vXUO;G*~DIp5<39*7b;@E zL>|BDA$AaDA4Fci#=Bo{1CZzIc>WFY`YrN)b3U;{tB4(O0SJ2wX^z$q`#tjcJ>tHN z{QrQuA4Ax&0b=hU{2k=^E&=C={ntTaf1FM1PssC6i2t4nKpyYC3LGN#{z76WbiiI> zA0YfB{3rW>kBAK-pFc-|W5hm0yuZi*8?jUKiT!mkvA>-rb{g?dX98`&GGhOYwEsZd ze^vtLh<$|TGb&&^v5)fswBZxHKf9CI{|o|WiG7OnpEd%$0Kz}r2fP8GzMuJlA|MGM z|IhILv-fc&9p#=w*g1rqTLWwc4gjZ#eUAJ-M}4qPF|1GQ3#9p1KkzE>5w6+$foTBV zpU1oN$nW3C@83ya39th=M(oQdfc(EioG*_P`wDga+C}WbE@DHQ0OW;}L;-t8fu@nb zmH?|r5L`eM*bWSkAbtdVO@a)+L6EnRphyCTNKjS+tw1-fwATQqNKhl48sTb$tC3EF z^x6X?=-}$ll3-Xug7H-nOgl+1?MvKY+wWMD)12rMVUYwfV_*4chMo>JPF0w z0K$t`0eb=TQHcvcSP8;Pb^=F%uSrNmfoTB36T1Mkr4;3r<^!llDZ)z;zZCIH5x)%a z%i4inU_0;zaF&E}6ahWJCSV^hNJ6C!s08K%2(LtYDo>M8g*>WS zfnH!IaGZo{6@a+a3xQR@R^T9TmV_~A{}{v{gZ7Wv4jcl`lTZ@{x`BRRA8?w4u`VD9 zECeDq2sQ0)fz&79w;5-Sn$h)=`KzJ>}YY|?1j)Ww_lZao3cXcSU?lge- z_2|R;uSsY?zcs+$um%_a21#gC0YyMJu!@8xKd_yI=4{{qfO@o`9xX`MvI%$q5M)uSuBh2O3GZtcZl}0TSlI zojXXvJQ+|5%m+3DsMEYtBwU#ZOanFm2T7Q30u}>r0Ov_q&!BWW3_g~ss(9R-NF+>WN=iybJ$S=Rua}g>FMM#ubcDON zuRDm3NutbUI$}x(z`0#Ob1MbQ`&R&C6zl`=I&BZPYO)B;q&D2&L zHPEEkzSQZx*v_`)?MofstJY9k&c4*(9urN1dwQ?lKy8tIsk1yFh=62`ktUg=Jf7Z< zFtuMplkEBTTH*Tgfk?TG|!%#RlqmS<#SZnW5~6hBdNrUV@| z>{fxHz@A_!(+41&y%J|iii<`MQ{bs687GvL7796Fw$kznaDl_&R7N79pu%p;5}a8g zXA66%EE377a5(-uyEs$l$}P?Gl;yhHS|>ysY-W41xV*~jk9mU0BJbp>6KW@09i9nY zTD#Yr5%SnI8ds<|JK3(idcI&(HLJ|gh&|I`(dfO=%A7GBnx#twm$pgo#19K`=lV1D zq0o!DW(05L;9kou$=1QlvzbEXCxxj(p>QyIHY!AeP{oA%M6!t_iovo^G%1as88n?W z38qgRDTm;YF(xaG`HI7rW$3NSZb6(*tcz+B_#S@$Fb8Lxxaq{459S=61Kx?Ri>a5`PHs?s4< z+xQa?6&Bs!Hf2g%TYGz3L3MQjF!X^GfWYAZ%wG{V#m{4&t)LjrXX=^mr8>Xa0?y(r z#Q6*yv&SsCXZL_{3OEO;;mKF2XcGA9bke8RQ=8wVqe*^~7R1F_%k4rUcM;;4!Ihl% z;GW(Cb`|!ej`E!0N;$)om=*3>{+@9c@8N=1kxRw$XjEw`&G*Q%49hiQEGZkS*DIDP z8^taO}^D9I8y?b>4*bz^3rWm-;# zyTIZtiZYKa*O^%#Raegn`x_%6e>9YlU+s_gLcDmBG1cQ8IDAZE>p;v(tnRXTLVcrf0>kQERc zy!)MO)tq_G`1q27r8nMmQ@(I#>#H|Z&YwL!R@3$8+xtF*f^kXxEre?(M%0^EgV!ex zkCL;ff(ui*iC2gdj2M_-$pg)5wFPyvky)jl308_IvlD&fUEuRueXRco+^E-S7gU?r3kgIk?old#lhc)|9 z2?Xllk`ig?AY>06hDbStAp}D@l{t`@U`}OD1=tk+oC+txM^{<|Rye_%%;%}L$(rT% zpwSd`%A4elN>6xlNa<0ATKp>gbiK;o98$U!*^}5485KTxLXp)H2()C$OBBBH47pY( zbclwaC3|v2sff=I+vEQ%{ao;dIX;jFRTBgzHbuxjel^P7`;S+}w z>B=8IQNoph1mr)KL5TZM;m+0{|G0H0%iFiFdH;U!+m_T4+=ROqi@Gm~wSF_HRIs~R zwU5eYQ|%c@RL;Oh&Qui_Ime08987C1&}6n)LRl`Q-&^1fN1XBIqA4x!4(PUO(VV1A35NVrIv)J>(E65yLm;mQKCfFDgMEt|+ zIA^4Ie4U9e251M?fJeKSv-5{y4=)?PT*dnII^?kyH#KAQ#Y?#+zJiDOtio)9D{(Py zen`)7&n9i)W{(uj;ew=f@Tp}(guO-+wV8Mdgu*?VG~kVa$1!kjSMgWDVK+;1Pw(}3 zsSQ{B4}?;=`1NIsn)g9M#bZbw-llx>B(w^95|5lBUGUXx;9t} zf*W-CwIUO@tC?DD%-Lwa%)8Opjqa;GW3Gy0DdZv;@)r-W*qp<$IXA}sQ~I)tdimld zG7L2$6f{8SW<+H2>{UBnu7nT5e%VWw`xWp(aI#O;no z!`q&IdK*V#R%0~UI4d#i@-d$X@)G8wiRzOPfiGt)%9kNOIv2eXNG6zg~KMyPN^|gOg*eO_CQ&}Y!H!jOIxDGk`4F;6t)$aQ%W9B68&NHl7er~RU=ZyAdmvKE*S(5y(B#r1q0AX4V&}kiWaO55jL~ct^A6pEQ;`af zBiCm&dm|2aEZ|b)s{93&{<(A5VSi0^rN@|;pJ!~AYvp;Z$tsT{FR#GmiDc*uHmjmq z?RJ`Gr2AwH=EBS9lM*`jVj&+5Xtc+98{r=1i;Se<4y(M!_dwgo<~lI%ngDu3@_2{! z4Y<;J#ofIss3@7dpO6<^>4lw7C0>ZZ#pjKjPZMcnkek2)jO)q;CX{LC1Ost2nae$< z4L+Z^AzbQos@3sCP<_8f<1Q+qjd_>d;8+Pg(P7;Pdl~QGIh=s)&p=~_W{7U)D)X5V z@c+p5q7ls_?N*dXYfA|G2uX$J>Y*~H95OGhcBGdau99%Q`Ph_(%)*+0-Rp?wxN7ra zH8#J!tF*Yez>$a+HG3*9t8o_R1(YUJb4_g-pB@crXVjO7W$0^-0ayN*P;sNhFts7t zRFbLGYQ+|n1A`z?Hu&;w%nJixjN8O*>4l!DKcf27`_bVs41;_4xIAlZSbto{dE2(Ea}D27`H{>N1H5 zBz^P@+C2vxfW4-~1K$#W)=LLAJ@}Yz=#PLsWDsAz`&M^FSG6mi=f`k1B%BBO6_p zDK>JpNv|Ma8>}F6&~yJOsD`Hvmrzdd%g9VIV9khBVD2bvBMV1aX{5Y(*6I#r*=3D| zI#-pybbP+eQP^5?^;N(2mwA}hQ<$9a3Lwp#13xR_dX|9Bm7Q+T2g?xkBq%f-G_baF4u3Rl&D>%#ZO$lUd zf{$ofz>d0pU!Ggt92`2v`m>sA3l%MoZ&{h!+7w#;(9@kfZxOeo`B<&Mo;5~enE%CU z7y7Mom|5XU>Og{bsKn-RuEWNo==Eq3hAQd;3rC|EoDdgrp(4D1?vNId9-bN#B!j!$ z8o+Z+yAsRu=VSr{YUH*8qaQwvvpLV;9EWRiz^pYw-s2cqh0QzrdUZ! zzO6iT_0TV&NCbQZUPDJ~G=ET+5zX}GxV2*%BLz=P?(r4Zc*{C6imnWfE6mJ_S9!`N zIg6K?LRnb+vMp6(O^$kI)CW9Pizi^pZ813{{a?U%4#B3g0>8+~rDyrvlcpBdud|Yt z=I2VB--I#7^gGR$HfgqDns7H6MMs{UQrz3IhiF0Eax$JK*i(6m2F%T3s$g%j*P+5LPHN?Rb_jeXK-E2(v`8Gx*Y#Im zbyZmu`qYgiA8`Kq~R& z{Kgpm@jYUNTp2D4JMUv-okMr9)y~viO*>k4H1Rnt;MY}auy?u#vm1XmBxzM(&qOMj zQrwQSQ(VD7ttmcd&W(pZ_$F(t00A>l$Q~KGn&WpZOx|)y`<5iN3eFG;&Jfb_g$KCD zxeSKLJ)4Z7WqV-2GQoWX7rRZoBe+OVh$@mR#=E38&c zA_r^!X0^oH);SO^31N*x3Tz%mkl&nDy znOsO<;tA9$bex*o;1t}a;66k7Qo^5-8&{}uEDevX?$et4@|qHTqNmSK+@@U%U^%_; z!Qu3B`W@39V;mlt>U_KHn=N%HO?KXDah!Vq%x{X zt3uUzE>~hoMKq==D;U41DHyJsUebNl@8p(%S7p1D`{g5U?NL&im?79 zA`!MZ{Bia)b6#YoJc%J!FXSwSQXW5fa)<62>QxhgU_2i@V_(jQ&x@SI(IVnQ# z`-=TaxDk3^E>+U4$*H%Muxm@$ib8fR{zYz$2#bQZ1%7AiAU803(Q=b1d%3GR&$HAdXYwk$XGLC~udGj7=j+1{0QmaNl^lLLz?HT1R;Rd# zEBN1hoP6(M<~vBfqk$QRYrYB*2Lz)^Z_cO>3fv)MG#WJ;b8>S`h3#VkhKztU(X{;6 zLaxtOmG8;OE%#2V%P5Ju9NBTVJ4YoKM1@S~mMKKR6d70O$j$aB4HIi-U(O;Yn5gmO zhkSV%+D45d;`Kya8pi)}A-BIA!rb-KPxq4tT!HBY1xb=taMSy8tjW?Wggc@MOM7o= zjRtdY_osaNM(xZvJnP}U!9^Zi?CA~C7Lzj?Utf43TuIss&f)>5lTHXlFmceeToo{z zt$q3?zu(&@Hm8Lg->whu)koE!IU@`*I$NbV36tqJ)3v;U9STh;sF>53liPfGS$I;| zRbQQ3SD4``YRK^>gKnEOXUeUeQ+hk{Y)%-S>t|ObFCUj>#DN~4Yn*Qmfo}|u=1obx zOVTv0(u~vbRzQb@^#Q9TJdWj*Wn5}fGNm`8Pg7^^lc$+N;s>xpy58Kh5DMm)r9CYh z9(74XvqQ0oSJ#ZItsPf$^~BiFt1yi>7rEzNq0i8;^69-3gGQm-7;NhudRg?0nNxSi za*Q5C0e)AE3r~;-S}IR^l}b_6=;i9Agt;k@PPIZVSIbtgI`s-Z6Nh>50{G4|n%i&7Pp=9=hXpNYJ513(?DCQ6P4&}2vi80IeaOTWDS-vR52udVTWTkcXWJ#f5M^*TbO@n zP*^nd74LJHnb`NG{9{SGO0LifY^g$lWmvgFUB?tFWSmDz_@<2;o-Z6Ofq@S>4;%Ji zm9Vo=@6gYCds)2@9tyysce0uD2;W!lK)zO*kaU_PbCQO4yT;F#cn#kwadQH+N*E+8 zOGP`8)`nx6K2G_ndYZSAXeVDI9W*ytA!c=mq&BE~RiaI$5*@IE_gWoTq+st+ zxvYkzFmB?M6V{tLt3eb^<~mcON-cFVPRY48=#tK9hPU8p!;Q3NsbYM&!jgoQ2{#LJ z(ESNBETQb(;+q@&txaR?b26&ynnE2Nb+;4G&kkEi#897B8E z^lz?lN=v?^aYEmPD{XFF5aCHTw{g2vm`P3*#z&@SIvo>L9!ZX!-^FIgot zwXuxlGp55I1iMYEvuU+Dt)kq`!fvK_llwM<-exf9iL8pHg3AjX!O!y-T+lSYTFp37 zmS-BQOSvwWbh}|_7c*Ff&0}!a>5Qm0jx}wKT0Z_?vaEQX!$ zsICBOnK?16Ex@0iqc`$c_*kt8hea9&F(kskAgK&r^-QvvmF+l+5QUkovzaK0tX))T zjp{c1L7UPChmJg5e#hPG>xTZu+;#V?yQ92q`(ux`NOKVvwP2rKg#FayWRV*e=7~kr z49bsMP~%wr4ujfeP#cz-t#U5(8RWjjSSMH4DH{!Gr3a1TqlRJo;6nN+oa+I&EHTU} zU>ZJ>*92=S$}=ZU%N?62%9_}@ZuvE3Ll$At#3k3$$Y#Pu#<|*f`rv2f%Ya8A6CC z#TNM{+r3;9uq~&g*3?RVXP>dz+b74LIK)&%vtoR&{4F6FvyL7S^F^*usIXyygGraK zZ(e`()RN+k>Oi2nqqt;hwSQWDQ!_qI^{l+})+srB8ScEbJrZfZwe!~1t8WGPTo&-R zHMmT?5$lu_Wjv*)TVbGgPgjSsc1$z|s_hls*F4--Doc;b=lLXQ@L zuLAR#pM4e6@uW7Nuax~ z8Z}&LpAC0Vn&;9BfOV5PKF@l(w?Be$Twi(!V(a?*F8zR{R2x&bwEj`NS& zdRMf>omCObxN24gj%+k;TXU?S-WtevM`{Z)uDdEwT@X}f*d|vO6?t=gPK_=rS{|M{ zOQ|s^n{=*%0(Z8@p*8vQYhqI`QyUD5My;324#t1f%ML?^E3vK`nYdJejjKwKuTa); zO=m>UIdTE(D#N_Tw~QTrrsEkXsu$jaa>4T`!dM+d9vRSW^hW8jkkQ2Fo_5&U4_DGf z;o>-fzp*T}dsIv1ZmXhB--jQ9L+D5*-ETxD-v^dK`j6OVxz`|kSuv@|(P8%GXJ+R6 z%pHy*O#A9-rR;k{OXIZ>lPOXgXZH!z!+OU4GS@{K9URtt-2w`}Q8B-U@)JTAKK=~rgXeEI4ADDNj!Nzy@V?Bss@anC_+ zc96^v&SB$?%LWfOL1F_1!sWO%3htI{6lwQ#(#AKD8b8u%ppk*tK{$JZdHGEiJ{{ED zMGWpHLx`pJOZ!Sbg;*4FlW|KB@l1$k0+VNYcL9%Nbmjqk9>J9i9dO^^8DqK(@QmRe z-Q$wn?R$^`p11EoMWpv=1>8-0pjyG*$}0xBmN`$=AoC#Fzh zRw;UwDw|TJRP|Zd^|-~U*J&+UeXkDcuvVw>by#iI+q4=eS{k*lgKTu0N)4q|{R)!W z_iCBeVYAsCT5F?TS7+0x)k;O3YS_dA{R!$5#ul@4Y#cKb|0G>0mNu}&a24;JbuknD zVx1fV&ThQXWxD9OIDP*pE$byK=ZN<|+yv*31oSQZF6JR4i>f#Ir%w zHh1hp+jn+e_=>rQ{wBz$?R@;faSR4)hIxb^(tu~}uuIoj>;{$Ds5aRRIyHt*t}^RM zWm21Z%_^H&Wj5QPc9Fqu=*7)0J^m`YQ?FM$%%(bnzD})bv=293YPPg_I5MoA8xCUA z;!58@G~$!ix}d3tpq`5fXGKE9#UZvzn-$Elhnlly1iDL}n6+Z{j2%TYL!QRgR$t`< zO%tANXW3`Y44s_3bK0fz4Xm5YRcTdnZLiK~(;0QfrA#H4_sW<}#$abQTXfnwqlz)P zEWI~Q@C$kAv5B9MCLZoZUVtw>_Y(XnXaY6j*CM2to*zm%R%^F(M%OduN((mp5M z6$&Ix3>&fg1ZKl7f%u>E!WHWDRiX4vA!~w#nmd_&n()fk+mUuT(k>V&R}M=Tsb$KU zIFi7Pl*3q!(&fr=cK}j6!4~j>e^@7cz{`!Y49P~Kpt}7egVYFMLJC|56Dzqw!A}fD zZj+Yr17-a08lr+<u`F0KviH?WsWk(%6!k(Z`xGV z_G%zO;lZU3HAE>FKiPcSEz4eMD=940t@aix@1dY6D5!!#BlWwc78K<58{3E1cPN0+ zjM1Oz#T_*np8r_T(`IgN3U^q!x_pUE#F;(|Q}7ELDPOV4RFL7!4?4!?m$u|vyjPS& zS}TL0ik9r+xH=;ij3vz)^OP|%alKrjw0Io_A-3IJSf4ZWf!v_SdLOL_8nsS)j^CsMHskDuIpxU{mIE6ot1cWO4}e%4=>t$oAAxLo$d?Vb{a9@ z;-EdpTw&(++w|QPD2$I9t3vS!36HajA4L>E)}OO63ljR~xYr z6eyUH;pq2HRjYOV@{#eA45i#ukiMB!A!+Ty*Uv`|G0OQBU#@-?N1NxA1sfvPKt*PD zGM?#<*GK(hLb_0EUgeyI@ZW1^*Lc;s7M;=xn`wS+u1%?H(rbM+vru>x^?VlNVL(mi zCM_5WzHPyw09bLD^NwGoS5Q_6M@swf(lKM$;s22!O7{ zFAb!3n4|2+_yLQ=dFbd0^!UZ*I7srDhH`Hpo@Hno>x*eRJ<}>nI;#Di((&7c zzd|T&ukj#lulc=jhY7re=_V=WI8Bih3+%`wMFZ|pu4uqbk0aluj$W!kLYTg#8zXR~ z`(1FM(x4ABR?BocStuZ1ZR7o93(D^f1aO^A)o+}d*-w15)4I5{m*w^nY5O)hTfbSf z8Ghzs4@e9;GVJ_*!0@S-l8KjJHMCdWH7S3bNo$;3Tr;aCD>82KBjXa@c+e)Y_inz$ z+d9#J9~oG}$r+{NX4hoBKBmc$U5MXxO7}lL1P^#D1;N~=p_|j=+s&TE_-5gR@|XL; zy3&oNC?5=r4qRyqj_uV^e$)u}I1iV$TNr(~(sdF3jKSa%2eJ5=OGjxJ%i6QaDn1P~ z{3?Qm@7uq*98!?A(i{)3Rym!jLdaXuCkiT2EOfa%{kDn0e*Nf>Cei}<|8gPWTL&Iy z>GCMQ632y*dGv=Se5PPxR7Y}K%6#66_C!sW_qyu~#%CJc4bj$dy1eXUgEf%n@>Q5) zDvJjp*?oqCdXlOKa@;x}$g zygy8QdO#(Yt|fAJ(}s^!YG38#_|TW`=#(0 z?C1e%Oy>GrT9~1I{0@oFkIIO5sf{ajI=wTb58}RJf96!hdeW^mj>oLR5i$0-e1miZ zOW}oMX={k}qBC?epR4 zsW1D!rlG$y#W9gYwMyYCYKfzsEve~jl~hk3Rqe-rl5jeiDP1wTOBAzK8Us$J&d>Ry z1NHN*HH_A8#8QsyL74IE;>!J}(VUeI*X{%}cnZb@B9pLgjLnReUQ)NRq6TdD%*{G; z?ijXic&tCbSUYGzvRna+=bc)GO-nYd!fGO$)kb%ktTtSzFxhOlI;vesdZyAlwI;c3 zyumn0KS8d*=q50^`A^M82AB(}U#ydj?n2h7_$jcQ-wdzd<`--%Ft;nX5gmH)$DYQ9 z8p}LuWo>OnXJ^Ir`Ez3{Qns%06!J26h zSx0_#&~W#0wKdb~E#bqQ71HvtWIt^l5<~eO&G7i5KDpraqwG)MK*&Z7^fG=JC2e6* zAxSL@pi*|ZYh^|TmPCEXzcPSYkw_8?{blQb!ZomZbPEd?`j=3LQX z^5(j11@=z%E3K~Q+M%aOZpJ)G7& zkAM(DNC+@fo^8Mu$Ouao#uj)0zu=DIAx?PLPCom23c|LMmzWR_+&qMpT;eD(U?t9t zabj-BXD83*My>a+wX3RIt;Wf_57D(xo!Yf)pFOO#_8R_WUU;CxuU`N?Cw=&7!=EAg zlOb6!LskuPaAx%vE|{>x^dWDs4aA2k2pPcRM5#8&_iF}XUdVxrUTyqpq9-L%K{THT zdHAG~OPq8PGj{44LWN70Vg6xdNBwhg3YSg!lXS3tm>W%H= z*=yHMPOMooF}e1&v3*9NVC)+kyJ5Can7v_a$Nv30w(p0Tm*~ZQ@dDCp4*>HhA}A!7;KYh~q(@e1cc`Q;QBL{_w%BncF6{BV=~Q}We2WvJ z7(LgDR2i-@9a2opW(FF5()5>U(@J73?%z6{uedtW*tN;_W|F}6B(EJKf$Yb-_F2sf zKk!5o_37dW$zQIotGBZ_#&o-i=lf#k`5rL(5n2a|UB%>PX>xJep%*+wkSth1x)j=>>$R{OvS0z8a?OJ_uPiu5fdXI0MME=x|i_`T))FVn}>%Lti;|J`QK7k-%i2Ss# zfL|%ThUY`xF(YX8c_csd+H6kRA|whi?;&PLwmujWX^SHUtdO?_?ta@H`eebU52dGP z#n%fK`zD7aKpamX_shSE-^YHaC_goVc^xiQTk}=Y^yX-~IT8Rw2PL~L^Lq>>%I9f~ z^Lvac)XEo04F^i@H3zUzLaaoo)1Q~ae(HA0a5+ZJ* zn2yJxu<>}*w4w>SmP#Z|(MOc{Civ!^@^_dDPBJ*q`@eG&$HPLNzzupD(vC>a?A}pq zWCW~cWb9|(`j%5GCW-@Lw|BZeyt?E)e0aAwzwQDt7q@f0HB9X0!n%_HHWkS8^KaNM z=OK@Q$9SZ}BN>T|K_YJ)>t`jdXQkP(ki2H00~!v!8W=WoiuP#Ou?h59=0jj*%|0qhva+5pr+ z-@?k<&mw6QyZn$V&>32tu{^9!pYweVYuJHkcLY?tuM<$=bL;?6zN$nW5hc9I z>Dc6x;)K+25~p73L)I|~56Q3+QfrYNhy2B$+7jOnHU?YTmgb?-4eo5d5D1itIkz}J z_t5>n*1YMBlLLnj?=KejA3jVWpy)STf5hLS-~D3aGgVR`(DA@XVieg$IYk=fq>h(F z3@<-T2-+TB!{tB31^CNrq%g(~`Gw)dMU>WkgxC{2q}ZmzDsi+*{zI@9kn=KDlba}= z%TC*gHXkO6C1`w%l1UpKDUEHo0Shfra8yw#8j5MTlE^0BZ&AW<$H^9tmz?o%{QVYZ z*y6NUy#2mXwzQ*ku=K-{r8E%s9d~(arQ)VU9L)Q915OazES7lO=iLM|p=)!0Hp_}Q zh~@1j8|9m|0BJ7$-{*tbftIw#cS5^g@5HgdezJJt>|PzHbzHQ_;(g_$bmoTC$6~J! zLW|cMjcC4^RLQa3WOI7#{%A1ZoN@YtVV}e6w41hAyy2K9KR!NPsZ5WL=O6r+TPs_3 zADXI8jgA)z?r5^S{rhz@1Ui;y#}%77A|i`!>0po3-vig$IHTW-IBLKj;Nc zLQmIB&kHHGLb_&(rWVJX>3k^|td?}wwYh_h-#zfqeb@hHeZL+aB>L5A4~C|WPrUrp zQ-8JU#0;&&;^phbIrLu_c4Kv%Y;`eOOd8F+MwC?}S`?*2c97l%=&d}Hk$uHa+|jS& zo{v7ja(m6_$9>y48nLopF^hCoGMHFdk7%Jwi%!1u*q^)#QL+~`%IA$KkbHKuj?qqy z#KQ2QTC#tkbk0UZB(Li_LLqZ8pVjJsNU4O$VUu{a8N`<1HJVgek=2XCbbxg zdz*CSbOgg@cjUZ7W7_y({RU?;Uy1rtaEG`~-%$@#8i*gS+xJ?mwV}IycC>on@GbSm z4f_v{oc#G6)yZBIZ}Kzv0>(Rlc*tS|9-dICcgT@csVfd)C$;(`elXrg?BLeY zRf@%RnNHmpxxUihuZ?Ap25-;3?ye~)b0e`|gHSoPq6 zYf|uz7s#)+UwlFRL&QVgZUE^YvsWN7tw3U0Ax27F2km^ANuULE(40Dm4>@8W=-x~y zaeN?ZEtMK|3T5|XvT)030!jru=iCH)bG6$qUTTrEes_C<3sICEi>Kg60H>hPemJBO zsizwdU0J7F*ij860uEnsy0Pop{z4UzrN#bhb~UDpK1U!P=o2+xJnR3R(s(62S8hGF zX4d6iJ^NUzJQuEvmwv~Wjr-~OUc&R`@O*%n__})BWI_%PP?{$94Gbp)RnJS?wz0Bb z&Ijs$R*uJ6r0!$=8f#)`P&$$dy=Q$l^bYU?#33IS@U_5@WW4d<$I4N~X2Xyu0|VaP zkih?=GbAsz+e?R}#2Q9&%jF2fQ9L~ZACUF|%$YRa%(UC$vsFB|!&h29ASIuj2IQaq zGviTG{z!aJ?1Ch}{wz`)@_7oZfTE%a;0-yaSaY-!q@uJFrph}8Tw8q4P2XLg*mB2>(kha3ZW^5D;=;?fGiTv!s-k;U#V>Q1n|^!-XUptn)5cFq0J2I}D_n zyMp%}thQtRNISXKaDLbQEg_zE|F&n-RCzQK^lfR}@xOW3!U1kteDk-g}$jjJlxqFnElfL@drt|7-F5Pj=$@8!3+GZ>|{6Z-c&w^sQB8 zGx=)Mkq*MOg?NA^Mlrrx#1%iDQIv)gydzAaXLB%(rf1lg01tK{1GV*7g0GE2_i2lxS^HC_x7 z1OnJ8qhWwwvhO^_%U*G#KR@9~r*pYl>{-1?&} z@0p%{&z2vpd+s@o&suC>Q>KiR+inYKk$~cL+HCPy*cI@35qIW`I2D_jV3E$Xny-NK zb$${tQ!QMx!!TkI8UKoYwfoBj{&l;Jf1Q5+qaS@>)4Nx#diSQazegPa&bCnAr`mz7 z^<^j<_ZvwI9r8_dXfctvVj_}bK4f{PMTO-0tdWewHd@qoAQPb~3|tFC0ptYC!Y3@~ z9$8Y!5gP8h31BX?=x>N!97K&wtG3FUNAr94=G8BssBGU}fi>F!Kc9bs?;hoQ&*CKA zM)tc|<;}0Hs(M1o)(HqgXXs)Kl93Uhs}cU7GDz2@?#JLr7v#q|{umxE_?Xl${B6il z7mZu#799HU3U~kU@Vue#)DP(i(9~w3dH|EFZrlzOe*7+U& zgZ_8;O@3wG%_*{Gre>zR<)QTHQ6n$%HSP3d`9{;}9dIgfoc2<1*h>f4miE#C&`Yce zEKxrY8z9MFdilWX@PBK|t5*+n-!G93h%T_Es-t=zZnq-gLS9?p-clDpTc=*BBDD1$ zj|bkt9?!^jtrjxbW5Jv|2j`6M)B5JsjF?8C%4oJHJ~VmD zEt3o1&VKH5I%rw)@|&Q=6dO`hKKM+S&SLNbdX4Rca43iHP2w7kZEvszmo0w~T_~uE zlq@KJVf2x=Q%b+jokAfcPN0DyoXlzb77MZgj^8wolnnwBufsU>7 zlKIiQB_dsDiHWpaHg)X+8mSvPf7X|iwUlpSJRCN8B947`+;M{|`!`uRilK+`2%jG zO-ZOp_~p1Jh$F;V#>By;%&oDZsXhXK8TpA^3*Zc_gg?Z*+bN_aR*$npsn zn!f}v9EpSzT2A$sb58M-tD$f(Up4V{@n_(jA?)pj5sl}cOvxt*r(D@jSmLm0RPaOX zb6`C%KsR4}m7c~=;5%165Dp#7p775CdXkt;m-+nlGUlT`*x@#@cwcoOHNJ%ZEZ&hk z68-$IoqqNkVe~VMj$$anN+lGxd?HK30lAeKWb?&K6R$Er&{e~7HFx~gT^tnuf-Xjb zY85Q9y2v80yn`-cp6*q?h)j|HH^$QQwBq!E_h5D)hRW!sMU}TW87j21daDo$6 zT?mP(^l(MfD#Pj2FhHNGa0x?u>y)30FN+qopXX_E3+lEPg4fJCao57UXt6IQApgbB zJM~P2HAKG)?;46=5yu-z^ia1w=!LK9?NRXpBg zGUSX|Jj6L6O+$>9()0lqr@O*5*(4<5i$-$Ln0UX*7tMq`1y{oFiCJs(E-2r{t?GlW zR4f1>r-WCdD6Ku@PCLF7Dq8GPFYTCvBd7BcCgJsM3rJmC`*HJL6WP{LX&08%9q zQ7yK8QM=veLk1hT^bwt&WnM!xa^w-IFG(&1M-LXpUMC*ln5wPLt?Y?{2;HQtMCN6`qQAWG}34&;+Ng`>`tRv@S4IC47@oy{3O zmE(EgAO^k+a8XcJBCO=yME*^+u?qfae@!&?L*x4AK9~JAtu2zj{#Crny6jcRy7cR3 zk;0vwoAX3CAqVhzLu#p+j?;U?03AnoDl```{6mw*;6YLA>g>sS-8*$MsVK>{V<)|9 zvL9Hzx)_~372nx971~)n<=9oJSc_8s39w5^Vll9bG?t(jKx3D}FR=NYz!dn1+!3A0 z{DI?!tEj9Sv`rh}6w{yf}>7N)|1Mt`oE#Uu~rN~7N3VEU-|iVJQUo{YBe zBVX8Kv3jB8iF&LypY}f!;dt8TbywPrf&O*ZH|l%W_Vo`oYd^Jm9jTGNxZSIznp3(y zJCsc~rn9-3R_3o(t=m9)Fw7nM2%8d^I{+~VoANNG;zNpN_^}*9C9`{{YEJJE<^ZO! zHcZqL()BUmx;&|A$%F;is!%L|(93f>;CvwO5{<`lgXuBEn5sV?T$xTaeRn;RUX&EokZ<62BXT)>ZBL(HqStSa~1h^->Y*_gT`HB5# zP$I|!T-2U9Zpo29OtJ*STrrW*9?j%*M3kMf*x|azn4R(!TZWyXFpKRjtE4!UrLdem zzaktFB`)VsW^~KI=HzHLm>W$MXB&xIcEa}J&P?Su-}nw;9@#aSw;n&HI-Kj^8&#RD z?b%^>uXQ=qWAF6<{~TT>F>k*KLX+9$THvDFXPHy95Yo;90S?`?%~ zyp4ME6E$8BW#wkXV>mgkWsgxX$Kxi1mOyXn3I@~Og3=dEBtmdTb0PW^z^S69c)$#c1;koK~dupnUKVEOV zFRE`+y5k`gWI9wFseSeZkON9R9RXpFJ&(niFO_ z{=v@|R0>`W5>A)36r`(w#$1BKLY(O0pn_+2FNp%mvk|EyuJHZs%4&b{v5$T1JwtoT z`}M7Tl}-Bo>UBd8KJmm82WR&i+dsK!{f7+WL+iKv=5}NM>_MKRMg5vhNgHmf_?Qha zZg!m2h)s6DFnJ3AWQqb6N!_+>+gBGpZ#uN_c{G82zZQG&%ZN)ES2l|+&uq|f_L{_& zBcmTmmRsAbX@l5`i;E0)Ge|mO)I`ZO`8^0UN;V^+yhzX%O)9Yg8gw6JmA=<4vDxvS z-KHJCpViA){wjE}R|%9h|}`{t2sbFMTO0}DDfl1gQd#T1bJ zCj9|>2g8K}6ft0_?1giz+TbcFYIWHKtKo2x;%FGqp03uSqpZT(W>8>n2M>VM zc%cpeD6}4=gst3=G+MU}PUI#A;yx_}3;N#ejqR~ebh=q+4YcUCH=6V$^n=$=ZPVVL z&?CiGI)I|k1OQE7MlXb1@j|PpRdaEBu#uVB7_hIi2h*7>U^n8$p<=X>OV~rL+?ur^ zm-t4Yp49YM&}j_}q_ixMh2{FVM=gto)yG*kQaYhUp>q|E;=lvK#R$F2(kUyeW9Ad|5~p)mV31yPI$XgT%AA8d1UOI}>Pc2p;$X&3 zekggh(R+gykcl9`Oca`DBI}8%ihJa)LjfS{wgU#ZO^M;1LX~i$f9+`)(NF?s26rtn zGO1DAO0gJL=BGB)=2Oo3*80Y2&3Ah4#_H*u<@Am*F$ScYrFbN-lbWm5Tm*q#aZN49 zgS1^Kgs`UoLGzNRT4L%iaVAJo5vP;&@l0mCp5zkv5xW9Vxz*s0nW|;{g+SO9b?C`l z#-X_uep;U1UafAQDpA?DZL0KRn4M#>=7xqW*BgK;E!1PNMlou!k6KLCxLz__CZ}(l z&Sa+dPfhQi&PqSwBcco+w<9#kTnE!Qy3}=Dn8Ia?GvoDT6aN0}rpf5W(yFamwVn2)Ll%Epiwp)Gfl+ZlRrf(_ z;0*Z^nuxC*f8Jsn98XnZE>%@M$q3}Paf_X4>a4N@+1I}Wnb@UF8gZM;umjp1{{9w2 zHJ>mkE{jdzJ!>A?EF6=NoOq=L4OYVca*Hn@WU&rHzRuo1e9g|*%meK`J6j81Nq+o^ z?3ei!zej#&HSwI-kKYSCg9rq9O2RSe6*`~6izPQAp4+hSB>+8~|Ht)^4?7sK06v15 z1`!L3d#-}qr|ZPMhHIQ~lg0=p3bdSs8I)|Wpwb|RsxpJ3m1sx8>*^Q84+uO2UZP~J zq*;ZxAm+H**_5xHp|^5ZVrH@X|LWDD6;Vkas3tCJ(kndu+?77@eJ;9TG!EJhjn4spwRHKC@v} z-~3=dAbLUD`tVu5bAB)^!t2|!lVbAp;3~0dRb%vrsNg$YSikyo1DhE!?cL4%BH72A z_q=`&d9dGm>DAi3U=!cJRD1ORuD*Yu_3e9F9q7v;8E>_M*_?c=7S9c2qg%d{$Kc~f z=M6|oWLhR?2cX7u0qU;&-xAa zc@1Ko18{uU>elJi&aZr0chh?%>`eHyG|uQqtpKh<`4xz{F4r_%;aqorxKNMB>xFQ) zoGK@iW%^Sm(hWTj&>QJ)sTYen{$$@8EVuV#r~07z*W3VS14e<_28d^W!0p?A1{Ca?}%R*%|B^Xezlb;4?v&9XWGm{h2dAA=gUf7~+v0fSjc(e@k9`uRV<= zuG7}SDo4rZU6d>?p=3lmevjo$@6Whl1IER9qXO=fB0rV_s>UNjgJmAl^X&m1xg5n6qv8Mdu znWB#8VuLVgc@Vns8a*h85dg11YRDQn*zAVayY74$7ulL z_7NE=q?B!a1{&xa#}D)w_dbdIj#93UTfRp3VNfVfNjVb9`3KDoOQiEgUOsg1mDv5HG!j>*!|xAd({)~DLsboknbw_swI>e@^qIGxgh3m7zuJ#(~c`C z2OJ{ZIC&-G?oF;Op^jS`J0HO>ts92bQNNI*0)-fMLa4irX?^v8N$lCIaBFG(Ei;9k#r0~R)qH7CJnp>l#-UBExYhaZZxWuP z@(r<8>{1z>QTZ1C_NOlI1@cJ{XX;@i7BD50xGNln(_A>5w#T9GVfQ=*u^{KL2$;~o zS7M_10_Y8~atmqL;i(|!w%r;Tu0T&oUh~4AfF7}s(5fz{E9TQnHWR{$)d`C~=gy>^ zTF7Iww9S@q*rhsRv5=XAAekY!mW(a}g{>%uQjw+09M8e6Khf4JUXuNCv9tlJz17-_~53Rwo~`}%9Qmu}AX^_BC7g1+e6GN%2! zV%UlC9EG4@RESma%Q+sP?yxKsz)E0Ia1B8g3F1;$P*N}~u{eMs443%3Z;NUo8iP-v zPj~Bq;Y72UC|5lTX9~?&->Psf*r0)HwM+q%4u39h+>5MCo@yx6(i5dr%q=c=hxF2A zj3UY2z{L_j1V3{F0cA=tgzc=-0;LQ`l&vjdXc!`t9D+gb89fgde30b|ki?;0dF>4G zxjKD-8#Q8PkPyI&E)r8i$xf;$FVG~>{WBr_1btv^q*&qU*_qi-8Pj27+5pHeOu>U= zg~FJojk(9ih1q6X`7qbj*4E0tP*y7-BV>yrT} zsd~zI@`WPp@aqh)-y6b`76$4o=>(RlWUwVrvk)YamH&pEJu|H(81TLT1Y*c#SgO+QMOB2`Jm%)XtfBQ9<7 zE7X1b@}*8)5!bkGY+2pOUb}ZLLKNTel?JEiP-9Y$LM24|ClC zBk$M!Wp%JD26ghyctU?xKd)cZ-_Y&4$x+y$Iy5vP{D3MR!Z(O55Z>JDkZp3Hf1e@w z=7Mnms;I4=D!m3jop*n_T2(Wtq{Ec#L8xYv5tt|+NJPSkNYeax;xh?#N8(`Oc;d^6 zZzldZaXDd2G|dg)|52&|RW+N*n3EAlZB9w7Hkmou6X;qOR~1qsbdw0Jx+gHf1b;cM zs(=z6!Hsl!>H?~EwUD%DGCge7UP33FC?(FSzc$#0)8JUCG#2v4+s(c%+-f2j4kzjF zsi$T?`I-4u?vmC&G}Iq0yH@?iZ+~*8gTVR)4dxmAVQ;_=2R=cV6;b6bV>}d5O*T^y z<6#4&tS#vBA^yw^h!2M!NV49eEvj{R|71d}*t2lz~$uYo9I!|H0qGY`Ym8@=r9)Ux% zh_-S~T)aWrZMs2PacH;sxQCLDdpNE0`zX;sWsm zCMNiG{($u1xL~a(WU1#_(SnQf)IXFLj26NC1qMxqX(#aT#t;h<4yTI6k%@sLsd31k z<37Vaeqwld=$JOPzEr9l%XR!QVLfO?%S25Rj|_r z(yFWk+NwcDnO-i%n%&l+JyW?Aaa^O5o39dXT}h9nw)0)vt_F8qo3misf(9X|PQ1YM ziXe=LUU@--LP*VY`CpLr&7(MX3ekaDU#b4%*zru?gxTxn%AOu=k!=&rl5O7!S^q<_ z?Oz%W;M}a(Hqjzk|6#75_^Jv_fL|IOuZ}OMBDMo)jQ9nzI(k$Uxm7heV28q@3P$N&_Js3v?OI@r2F&|XB7rwJJ{G@&NHYpv@1={%mh;FrFjN8)ZVJb=R3URTOfH119zj%8gr$M7M56Ha~@ zoiLdPcBp1#`|J7;0P9EDjZCS32whs;0M&Ak8P()~dERBh>^Ix-Z?|GExA02p?%o>! zoRZNO)?m_ii(@BGwz~iCe)!?m!}9IJ;JN9`KLpm|hZJOgRqEn)&LKsFbpRCC7yxDM z8^;o=l15C1aS_~4MaNm9AkpSgH;-fHHbVIzDvB`33q~5Br$}QKqgcimS%5TJiW=D| zy6ce;zDS}*$?gd#FBqh6Hj%Xv_Di;VR;Z-kq*aV|P+lO4U;f7BZx{$9*_JlYFn;yC zk;ca<9k)_+D@DdFjer%{jtN!x^YncH+58?m4mi`9aKsU@RV!LFVvpJ%a74n6h{KUM z;%Nec@QBigMsml3>mBx*1bO@p9KXLq+k*6Ugl;S)1d3NeVplGfXqP0-?un0G5-v*# z@yTZTu9%JKDwC1E0!S^$3?&#dLllG{AwS2Pk(o@kK&YQH4Q*P_WX0_+_cwi&@cQ)& zuUlPz>?=mP7@)~|cDnDuYY7H4HJDvpJ$h~Hn(V?6kMrbv2KQveDYug_L9reglaKe$ zcxV48*b_{*FBy(>(j49?tSPxIR;u6IL&B3vaOGrg56QM^56QNBdq^nRD;n2n7stgcXF6-K0=nG_v?0am1#FRnL72Pz!aR$?nUBk9vHoLq}Bw zc!00Gj{mVTNWa!quytm-9Ra13lMID+D4!=pREdPSX?Her-?4(Re{5{`r{V?gBr+Xn z@oHPW`*zd*>sRe;M^A`vieGy4k-l6lPD(@4|NSd`;GR)t#mHG@2A#xKnV~I#rH%69 z8HzjO8#pG>4a1AxPXPOA+XMxz4$*_+0Z}5t2b-gx%&#TdaYgd^;y@|dp{yLo1v?#} zyg)!C^qyno$>c;{2Pj#sj`A0s&~fH9un$YsBrX^Y2F&N8F^3<3*WyXLfzCDUv-Wq` zP4LmHpHvLHYons*Cw+6n$CVLbA2F1A#qQJVt8}|PJ$P!>wvo;0Q^8J1Js8vkx$V(E zIqJM0fpXk#9)OY;HiRqp+v2;99=#Xi44(i%X0X|Zqo8{_3r16rkOSfgUo_?RdXm*f zHMx7QKbMXmr*t@x@%5FH)xl~qqeXJXYJYu?)<0ct7|@QEW7S;Bn25WmQrrZj?#(siG zTi8m4cB;NMt?U)*Jsyq3l&oV39o4KOB z$9wf?zcLrIwAbN>O}^J+S_ldD3Owr`w-9kRaAngpeP&4^RgEhhKL znf}DwTz<_-_*l8Nji1az!Sk$94MjJ$TKTObk5=3t*iykiW!0%fdRHLeJEiS1Z3ME; z&`?7HM3Fxufw?1&7fy`i{*Uk!oDyMZz!eTl?AwSVWEWASv)EuChu2Bhoe?x$;@m9v zcwE$wg($H#(S9(33Niwd_0k%d9~k%f`xEaIXNUXrlFJ;5r98QIC^??a4dwiS{7}xF zb{EUhe!IglGMLL{^+3go+^gX~cld&Kttftw&t&pHwFGP%w?x+ixYeSCwJ@kmGCS6% zS*%(UUQWPVrJ0qiLcUKGo_)7dy;*Hhj4Bq9JMj!!)I}bllWWgTZCapiL}m` zju=PA)1LQ11IEXrLAnai;YjTqjuQF&@I>uoV)1a)ZV#T)#eUy$tp7rgc1=v?ci z#lz8CoP-ul3hcuneMV_SNj)pdSDl4Cw*7B^3-Gr5`u?lWLK&~;{<~I!b8{o76!TQV zbNepuUC^`6-UUZhFJCqsr9w#EiPVU+jc8viuiM?fv0|Pp7CQS))}#F^+q@IZkM^an zvZTRYd$ccQy@yec_oc5miUyG+b_WE_#eFHUen4jg{EeuuuKySz9q0^TjKzh-)rx_A`KlD?=hne} zU@IZP5VXZbY!Nhr6ZueS%uubI$e1&Tevii!@TdwGPMXICPI^Z*5mWNHL_QwtI~7m@ z{(v4Z+4HeLAeJ|!GuwvX3(a~J4rK#i#p`}J)J*UTNsi!CaFCvufKMl^lH?7yoK*=9 zi6D~{8D>a!&_E7YIwbR>Hf9rxuK8TFm&6V;quJZ%DoSyJ;l}8(zqVT1_nJfy}a<@ zXwaUF-moD(+7~NLZI$bq4DMf1i8t)xwL-js*9z8kKCD=WoqW)}l?~*%Fh`NqH=VM1Oz{xzlUoI0l#+q* z#r7*NA`dwQU09ZcElPMfIioTQn^jLFb2+$-bW72{{{69HF%~bCpl2+V0HFefs)>O1 zfLHVev?N9J<a-w_QE!S>;zc&1qSgi&>qNi>=cNif~} zK9||8xILca$pF$ZD5aC;X11E?GY{lXMWF?Dc}3jpi0&FV6gd3mk2*v_Xt3ING2Vm|MNBB?-A{-C%#S z5yR#7Ms70RFH$zgGu~oka_yTo#~E)aGO@-yqwi@Glv8n{IGe>K(49g6xUr{N;eT~I z_ixWO!asMrpe@4uGM)>szw71t>#o%WqH8uJ{(~B&L#vk8?W{rJjUfvyDl$>)wMlDG zw%J*OLL`?o*sDitOV;bGEkp^#`q7~305NlPi5coMJ_YynM(*q5K3>}*T*&DW{Jzv+ zbTF$x^TLSvJ!WJJM7c2QB(P)BWArvg#EwrhgpR_1V&KG#J%o~Rxahr+!Fq_CR4N&d z{kY;3c4s+p%D>a)-saqr>!5LwUUQ4rY~UtM}iK<8tqOO#$AM4N^@6eUr59J&EW3D&)vv zoMt|87I09k=%1zan1IYa;3tD=fjox+Gf4tvCy5Sw6_e)j4231}DYAj}I}z_YZixn5 zmUVL{bFEfxt;YzhJu&sDQijFJUM?#mfTO%Zgoi-`r}OS0k<{*g_2n1N!P2+X#Wlo$ z%n1Lwa(I^d2QPJV4MDVA^oad`2&37Nhy{U};Ic+b?Iv6eO2L&Nn@5&FJBuGk$YyIK zo^yGozu@0w<9bi))M;x!zM~@Y9M8VvPI#9+$W?Dm{ zy;XU=0O^Utaeu{(Le&);EW`$~^9_Om#c<2g^r#N`|6=`o!FMl68F&a{$;k23YA5d5z zi~byRnXm*)u*Ur-5u6Jk+W8V;I9IwD&gEhWaA+&RI5RLirwVFy9XDYBAP(9Kxw;C< zc?|ffBJLW9CyJVDYA{}~?~ZM04{T_qv;m{4H{3snjr~eQ=YRX|cWK-@_67Jge*w>{ z@|oo#o|ke!zW1zB0)N4ylt_H0V>t;Ot8pX30tp9Xg(;nopI(wCp&Yka9ks&AV8288 zfEDmHnNxE>jne#@u9@uG&N9%$&6W;=^-ak7)U!okySC0xbn5nI3d)!nOCCw7hw?ikM|5U^Dk_Iig>$PeP#IFYV8)Z)xK@1B`UKUoTBy=xKd zn%B9sLlJ+e@;-Y^S!#!Zr@=BilsvN$kCA7wE{}2LuROEKc8SMuyWks3+eI=_YL^T? zwB9fuvR&dc+^)E}!@FGNVLmf<_l9hj_M2??Fl@ygyBT!5-tfxp(w>v;9`3eV>|bmb z`p5mCTS3vl^mZz9|o#O3vJ$F>I8J-i0Mke+IjGg3C(MxW~ zQ9lGb;|B?bv0?>|1iL0@EM`-4PP`D;Bsa1~!Hpt*yVru$3f(k|UTu*HMauZljNCKG zyhwYL*6cpW?>~U-JVx0$hrx5wSfh2)1J_B0s*{LZrMDFlq)358s~Y9SGvq|V;uE;k zQZb6O#jq)|Js2fxo={#eDkPbwW5K-J-8^ZU7_*%09}gRe@e`I0jEyn&cxhMbO6>6t zSCUBxAzOoi_f~m#u~W1~j^$@oW?aR=N5>YKls3w=;Yw6;XTj(35kIF99Mt>{huv@Q z;*^WotANVmf$o@s9TojfWM}I^mrrb9=yI$_xz30N%XM}TCnU)$gxk-HEYPFDa_tfg zmTT-_ca7!CyvDjTnCSXqs!X74*H{`oi?rFPlJl${F?AI`_Lc}0j2@ezq7rzz7>_v zTpAp|qAjrZ&Nw3e6tV%0jT}eVpKTaNrE8Q|+3Nfi(+qs)lFDQMA5h5~(4_#C9Ddu$ zn06={kEgo$ zid9$?4y~yMch|?X zA?NPZ>S1D|`4gt$t%qUw}iFE>$jZ!{vp4t2Tn#bQg#xm1@bQQaZ#y^42O*P@CldgRDM^Zsyt$1 zVEuEmueTTb`{JdSTXY9HfxHnum>!k=Ao*wCn%X%>|IrY#v|18Ug#l z!7AoQ)Hr1Zh;&f-ft=P!3=oOfmoTmp)UzsM%imU%E|yEzBhhX-zeJBa^Xm;SonOou z&o5#wB1+YWhIASU8i7bei`odJSUx#u8LR&;y|C;_JJ}6-Ptwb3u-NBbG6UW#ay|VP zWbUo#72&=8O#Btrj0u#hirj84C3v4Df-KBoO8pyB=LA+tM`c4AW*l`97muh8Wd5}l zx}gm~pF6gDx7fdTOJRL77ii`yed^r{#^LMY@in0&vaEiSe5YxBeoFlf{;jN1Q#Kft z^uxd)JRYd`JzOXN2-0*M>)5UgBpwR`*7cNmOZhQf$P6Tu^2}M{@U&VS01U`H0MBR_pWNZP>AF2?>nV9zcBc_7Ry?b8TqN6 zUzoVzI`!MR6lqdZxo(MJ<9+!v@mZE5h!Yb3Yjx&$HXd=oS4(uZCF)WRi4T$-Ar7D} zLDjG)(u6ufj|EvuCxVqZ6-*o$%ep4=X^AVb%fmCoi?%F ze$iQPKR=U<;H1)BZ$vAgeT2TR$FqY`w1@lw%lb%X zP3|Mt?b<8DG45tZ;6z?2M_J^Jo1{fJ@p;_bFDtRkwb{`m7bsn&fj5_4qehQ(=5&;G4%yASE`> z9Q>o6MG|Ud+dJKm9yuVPb)Ys2c6p!%3v5rD(=8l)RU zn^8&;KS=l};@;>;YW)^(IvI1UUpSvijR$-}9QtqfF6;+N+3jz;c|d&l(#O?j9PQnW zNMRO4+(Puhb;Z2e#7&nm)6&Yj5te&7x#WchNtV|B7-R*??XD|(jAq19TAI>b@gfP& zeStisb=PgGE$2g0_w=zSqn|1^5^Y;I9e5cL2z>mIasnqcqC7?f{#|OAmOS3lAkEPc zac_9cSf_8fCS?HmbBjGbRQ2diyIr&8w8+4H?|t7YO8!1{8#-)w)R(`(`HrR~8y zNk3vb^FWCWKGi$(sEWSaKbdqcFQ}x4+>N?cu1oq6)V#tLFWaQ^4!5~@-hsbLi~Xa? zAdZR0@5?qxKf-NtU2e13;x@Tvub)IyWSh6aHutFXNGart?C)HHzjN1$x1{Z!?|`@s z;yU}V6!S&4&Ep&F7|`)8Bbx9%wttN9SUirE$v&*=<^O3o2Ks~covK#rtXcF45rX1t zOuMe-@#xw>64=RgDri+I2MArAhs$hg>wMNA20f zpI(M|EV=5fXS4v?L``ZBpMH<+3fxcF75)LTD0>FIVmSI6+|TCneiHrSeu{$_2a-oU z2*$%3F5UL@R~dh>ulMZK zCh6Z~n|CUXj@;}RYjd0M*XyhW*(T}VWSbq|LVy|eahv^IlW4_W&egs_uIu{|1Mdp4e!ZDh(CB`))tGC_qco#jKC4V&N-(ZdG^Oy_ zM9BeLC@=6Dz{Pn|X8{?FD-uLBRYZA_2r-bNIlU4}R(m06>^0*yip&K}5Gm|Yr$RBI zMe++RQu2*r4EJ)R&PVzT%x;x($VG$lAUw;Xf9LgcJ7w3{g&`2FI)?&|M4a8~E;{;3>CuiUQ_Zlm;R453y+Lh7yY-d7>`d=l zJQ=nkN#oKM*^|e~<8=L18_{DcHIvT6hj%Y#sPas%bnl%nd1#k5sHm3T=7 zgK>^|32_y|?C#0IcKC}xufG_BCi89)&EHEjUwr!xK7rkwNogL*#IOdaJ*)vAa-b(I zCSkqLOOW{ffa*EwvpSBNki5`0XUD`ty+GpvTORAW&T;+&433Z?p``o9IKc9J?(;{E z?7sj0&%+G&ys_{jkv5)(-JRzUXJ*V{0ojg6G@7$0&7KX3z;cO9CL0IE&VNR!&+$O)@BeUv}FE;D0(Gj5Jb>yXzdw}-0G+UTH^B&3wn;J_x7n5Hgh*7mP1cn4+9a7yws{MF`vZ#m>nh@U=-EjuqcM{0 zkN-2ur!m>FXSpaj$)_=8H}X@FVA3o#C*ub9bLg7*O< z=|0PVULFWp=aQad@Ed_U;gk|1W{1O=d^$eMybis6&o!!al}l95-h5?JJ1e5uyVi!mnBVQzYW^#;+*zZ^ zbkEHRfgN_$ygcn4)`pIq^%BdVlf1{4*e(-Ms|SH;i)Ve#HAlKz=WE3bY4W`S%dNKh9jKdX1gJ7 zs4v?k`!cu7^{KDQ(yG07NrxiamAs?dZZOL2c7~Srn{1cPA+lYn&+T4ORVcrM=c1fC zA*FFv@j*n3kV79*Br1ribVQs^&nfFR*uG_MPB2!IgI~vKxgF@mu0xE4LsQ^)mSrRt zZ(fm&e8EQjlDZ|blha7`&S&ECU!Peuf-_3@e6||rGsvQ-$LEvoIgaWL)o?=T)~lc% zcp&N#Peprw-#Nu0jLij}+O0Q>df;EEC;920;#>x8WxSMKqEl`p{>(qSZMZ&rz=e7{YD7m3hjO185>QăESk zR9Jz^7m9nWxD4h7)LbCj$N+`Q?G98>pFt{puc(->_a_J8ycz+&<6o~!~pEUd+{zJQ@< zC!pF=uxX@WwMi;r$k}W%8)G}i5-uaW0?xA2E=hrl> z`#XWrcS0qMzL0YCtm4OmLvo^^XJZ{CC$EkNck96Ta?=pFkunD30FX)-0bRNXdD%r^ zYL1|n3a`&+n-}H?p>_q4j@o<3`VFBh!R-=o54wc2WNlHLVp_qTjRYSD$9p2nZLz0b zpZb!!GB}(tr6wbHtM{HCx#pU_=;YL7baQ$`p62~H=I(yCq01uZ z1=6+fd&so>9%3!%76-R6{VKaazkD$~U2HxQ)HKh$lANcMY{ApXq%(FpatOHtPn$4z z9c>ozX+f@ z{>g_`VZL^&I6gQHButAZ8}`Km&ielT@nA7znZS-BY}=qXslH2zDJ5|YJ>~NRxJFN7 zFq9o~lA`wvOirtnCJ*JsGo-}h&=>OAq&tKY;UoPLL}8R%6D1ECzsI1VWW5vL$Dr|j zd=G9`=jr<}|6HJ-N684~Tw>Z$GSDpc#sx}N%q5lvN)C8O$+}CF>`V$9(0OVHCD%v! zJmJRieSDAZ8)brX7CJyq!+wC8hUmqSoL36-0kb)v#8123rp)OmZ7lO?6KAs^Zx77R z3mnn#ItXD?jOOytvAeCA(E;5W%z5*J8ILd9 z)Yq;(S;(n+Eui_VS@GFh??gr_S2P>3n}eBZG+fO`wjXp2O}T?nM;ZW}SgRkvK6`}s z*$(2UjAe*Z7ZP?sXKSwFXkwNr>G1dxpPG&TjLwp3!@CW8tzCZHS%fWgzV;1r9u5D{#lS4sc=e|1m=iiUD^blxW68`EV>gNns zxr#|B6Br3n-tdY*`37m3`8`$yU=&#!&2WmShe$d=1q18}7Z;5ztts7ww{9Je;U>$G zRi}@wReZ#I%t;@&?U-F?pkI5s!Q~rI*E;X}7=GbA-6t3Zx{vbw)AIhsr*(e+#?x6Y zUwb+&KR**s!Uc=IfG0rtn(^zADDVac(M~nSFIX;BKUPmQMi{()K;%|wr&nX>X@x#0 zQ{{3Dzf|_4`EoTwZxbnHYnf`7iRzV!)|H9Ym1%lP2EJ0N;wz;pzEX;zJEbaqsWeU< zVkG(!;Y^kYdx!@Ujq+fk9hA=-4zv~1ahHaY9uMVfXRu0WNZ%mnN-ptr+I@xtHGDDr z7Qgf2_uSNDH+9xYUqHJkFBpVdZjIrt)sISGPCRCqf(ynbd|kkOew(2F#@iK_IXXD+ z_1gRAqtVMnQJhy&^Y#h>5bv*u*@~!~j=K)FA8)J2+dpipj|1MkemZbVu1g7LUvD0` z=U%9m?zyK1#O9Y@KY-j7kjP%=;Kv@O@LTP;UwywzO}n+2szRM06X!}bKSMG`ZBms* zMqaD6hcO470rAipWDU-^^+-52H=b*xy@`mfeFyw8RLZvNp~wmHkSg~FL6z&{p>*CK zAMpD6wd!Orne)d1>0H%qevcy=jHg`Q%#*Hk${WntJt@%R_luZ#6niKNt=)$WH_~hp z&JKZ!BD2s1V=qYpL0UcmJH3#Z9BCs!j6JNQ^{~KTW!Pt{&QnJ8jpMQaA_N2vZVieBrG0%@LlTM zjh-cBY|Xlp!MtD6F`M}Dt#^;A{WZHKn5{-aefh|?gJvrcv4|6LA!M?5AwS^>aWimB z-=QcAukpS2Dgya3ZvYPQlf8S#aPI-Cr+lP$@4fi$5x)1)-n~0f?*x5Uyt8-jIO^Tc z_wMQ4dkFVViW^by-rl_r;Jc4-z59Ci?nk|cxPR~J-FrWX@1uMV+D7U#=5Pc)gkOZL zpM!7HvxZ)von4@S(E=q+N|6dIMfQ{wJFft-nFje%e(!V%inB9>8(A`~sFVyK>jZmsSnmG9B^_AI)sB0#yB>+BS z>mNKhd~~ZX6Z1JUBQ*>q#xjZAwtp=?fHTh!yp7`Pz1MkFi&r43I;Xd5rbtU^G#upw zxpsWb;oXQhYCoP4cp=R$!^Qf+mZtk}{WVI!-deUmY+ia%iF)8lLzZ4h2rzz5XLZr{a;grp=46ca% ziIRylzXyj#$!1r6kIl~Su{!v@7t>9jqaI3t>p~5Li#J$0Lwp!>FO&?POYhHwz{GID z&hGSqu?uUH5^j8IQVmZ|s>AcGk){yMM8fNBR7#=we7=GVS@V^Vo8d1t+B#I4_3rSh z-qV9Vq|5X9(g49cJ#YsSX`N2LO*QRPkj8^7d5gwbN-Y5dU8qH78GWDVIJs0q$|dku zWUiDBlhBy-)?DX;PErz~>puaVy9DcaH=Vvd1KeCqUkNwY*Y8gBWtydhf9b*=t9M^| z!EE>VqlB01b*_MytM+%1k1cPA(GhcmqvB07-Ij0TCGraDyaI zOdHDcJS#A(^Q=%bF7Z}=4?0cn&k&?B-vD<;$#(WEeE|ytB_~~=_h*9mjTEgEe1Ni- zFW>@072pn=>`|UKc98rYBjIIDYkqFs#MXL!Yv24jI>vrV9%D`Gw)^MJ>8R!qB0uj~ zQ*Sh|&dZzc7#|;*dK-iN-;zIVz4?mi@*Onm3%~r1=u1Sk5JOz&g6+g$Gg+#7 z&cD@a$aEHidiS67V6UTqy>@#l40~NnMcoS@S!r?Tu~37tl(DZZmoH;Y{1x_f7JM5! z8v)~&4EN9=W;RpxVp<{KVnyI0NGk#pkMca7N$BijApA=~A`yBuSBcrL!sHt7M71_a ziEWY++r-X?=xT`M#X+4?I|NBSFjJkr`AUCL&*$==D(K-tLC+Nng{Y}D9Wq;I=l%ZZ z+ok_r9+&-2di-W3n_fy4$vnSGgPIvVlD*13x=M@kDOgLX$S z8Sth&j&wYf4mpuKY*4*>vb&KN)&_lcf86W#ob>vvfgtjxP{t#k$D=%tJD@MSO+0m0 zxdvMgLwpVGD-8V}lEgxoh}}DJcXySp4BX$`onu^_XDr?I^bORZl4pNirwNpRJjZl{ zFkCcT0Ziqxb;4(AG>Ub?XW}L6<$`gF*9$K!Gp_(zXr?M&cI(s|It~S?UuJsSo?pGX ze}3bRrK=;iV{&pwqp^b)$)20ANDk2=*^fnX?Yy#cJ{uL$b?<11#$eNE9%`DJ&FNyX za(dgX6BDDSr*Gk=jyioh8;=UCTJdf4JCwH3?Z( z04CjCi(W0%TZ>;_C*HGR;W{ENxk}ls#g{>}`@)(#NxVipdi5%G+n21;wEK!x`bR6m zx2IjsoW?X~;rXiLeXvy(%kVa6lEKBc=S$xwTql^G{(mB{; zWUaCg4Fj#Cvoc=FbXAIFa}Z$Y@LFQ(mZ3aZP?rAU>4N-GDoGwTHsb?x4DW_3BCi+p zPhFP}Uw2(Tms_)D+nzm}=cljrBl*?*ZoP@!u+3Cyh0OluytQv$Db7c+=7;C~(a&uA z<~Eglp`LvjwWu`cAUrr}Ozxa~=j0QUUzxN{PHwpN^zK7ziCE*LjPhAh6`;Imv~Vsr z){3=jH=H(Z?d*ubmS|N>m5Po%QQ=dVf#a@g;B@kivCf|0{eTVO|F8FO_6yn+_h3PD zz&0+<-6NVW(U$OEdg=9-=*-(}*IvK3MKl<9yIVuKXQ{CM7CYlV+8DsMT4A|E=92p1 zp02UXfF+T_X-NJnt@n+}Ul{I;9>8kL(BYW*F1_QmiyP2>Fp4HE%`@}?E?zSZ z;1euNTBGEocm<_=ry-2V`Hi#lYgS%IYi3W+9h$tkvjSSHTfmMKt^b$0HxHBRs_sS4 zJ~hwtJkRso^LTocT4Sp<*sXTkk|zu{Hlm@eHjQNq%e1(Bm`8A@L(C=DF$qZsm|#0m zNWu_elU&Pj2;nMV8(&`_3V8x2ki=hzTJN{^sp_tlTg1HYdw)FHU8hdfsj9Qr-g^zd zHDS)N4mPJ9B9&$y43X={nDvcmeyKUl1iQ`Go2;*0AO3$gjnrJH3Ecg1^LANnw)^aN zeBK*&n$*AiY&{k4C>8wmTmU`0(J2{WVpsm1>qdHkvbWdBXASlP&H__ce&V7zC}BTk za@pKt`HVB4$>+^!Ll_Ow!sb*euxid`1=XrTE#&gEne1E`*e1gKgVCJ^gEzgFxXrs} zyF-0kF9;e1pjx@f3_QNDa|`E*;M8M=HWhCG1^|~#5E3(Trx^~iBaD2b-OM$20JWX5 zZs;C6w_oAw-zT}y)_~^m?bh!%;8MarvM2tXeV^l|5n+H?&k4O?#$dk)%j7CQjvW5x z=itQ%%Y0RGk_u2Kov=<`k~)=%R&sjcb!1Mwh^{nvmS64ejwXWPQ24P(&>6wT2@ND_ zwL~PM2nY_ZPUk>hWb3M;S}m=0+%m8hKOTc<2Lb-rE2L zzWBwM3<*9Ji3)r83o=%S+=^fbujox{>N~hYgT%Bv2bWIpRWJMCubKm1p0CB$An{>U zK;UnR_|z|)3>XiD-EkZOK@HsF-Yf#FVQ;_2{9NWbWLuN8$JEZL z$9C;-?%J_yS9!9qIyBbNF;t$I=wB`G+?kJAR>NWSY9jA;=k@yh)UMebJLiT9t*I## zdM4M#ZbN5>uMm8V;{_>+z0}#+vsSw!c8{Lvs|Lw%%z&m^aAhjivbO>aTJw>wuoXfL ze<7@NoVF&cxoNn_k##WIE}JvQ12&txM;1Q+g`L*cjl<~F+a4pMA5M#205>uDMaFt}^&o8Lf_ zveSV|)a#B}cVvj#+in*2yR9xn)NgA&E%P}gY~+7uUjcnxK=TT~M*rv;3paT&V!4>PZMmcFFw{{8IUS1S5@=j>g1)7a+u~>bRbR+msc036Rcj7?-vn*3TCU8N zg2$s3_pp1v8=6eWe+-TVl`6fLJi4w&T%zmt^qPqn)G!u30il!_g+9E)h;&7bYeJ=< zdGY0rmh}+W8xpzYi>0z|aOX7*TDi4e8~()N8lHF$)QZFf`%IogVJ!di18x?2;$>tk@~aN@*GaQn#1{lq0?=aKA| z<@HPFPsse}*?F|_vtE7)<;O8Q^IO=^wsUh$j^p^Rr|MhVbDQtB=I!6NpEvJzd}h6S z>l`ZJ^$^(KVh;6)G6@McOWpopAoy6w?+p1-3D>u3FxafCXjw$ck46ai!@y_UT#HizJnHSaCaZ6QalH)Dqq>w}_Ty+lk<=6O`ihP$nsnBq0n zf;Nw~3>v<%ts?MBI~Bw`x0U}Pk8%C_c6yLLN3l!a=DI*HB0ry?%55_G!v+5JWM%XX z^bb5X*ykMV8yxKDT`i#h*=k3B|J9;?U~smtf3BmtR==$<7aP{^*WaU8=-1wYI497Z zF9q5@Z<69$mjvYZTNd7I>za8B(mK;l#&zDM?!S`J>mO(*DV7*yGiXYF6Emc96uFIe zO9Qb)Jn>jE=1eAI@whh-3|bxVH`^j8>#H-bVpkxtA(5Po#pi;7V_s`y&Ea+(*QwSt zx1ss~Ck}Q1$BC`VW<%$Z5pe*Yhs(jzJ|ygYaiwxvf%Qx275?U=wm3PIUo z>9X2?jDCke68?J>Bv92)>qV}h+{(2`;1*4m{q9RA-o16@p>%%>yr`fBD{7`}FeCEi z%d77ifJ56>B^Gu2_PqEz?X+M2Uz}eBw&TB-zp`Z>xcw#fu>2111MY+7*CG75WJHrp zC>>mM0w0ix529a??jX_Wi2@69(}T*2hwD@^A>gZcX!m?xVUVb?8!2xl6gM6mL{ArSE8E&35ZnKg;uK!D=&*X4b%1~6i zT{Tx>to)vK%KoR(ZSc9EtB7~TMX%r3uBTi+(@t6T6RlcSR#4}L>wSO6^^_=I*?&xZ zbU8jqfnc)pL(jo%4S%G#GHEAP*~Y3a7m7tU*Y?U~QueZ>qC5iqmVwtdb_u>~} ztb>hQlxFc{LkE-whlYI7)sov?s{1k-pCrj@phX+ep3**|RcaNTt5#X}gNuAEe@lJM zd%Urxu&5#`Q6YA||45o0xh>qvNs8y0f#hjy@fcc&QZf`d2-xq0UZ4YSo(O zwvDx;bGF`?E5(mRJXL=vcsxPMbcU97rnRhPb7qT?*osyp>m7W8q#Def*1DE$_rmrR zr+mI<&t=C3iFwg#ZY92%&et{N-WyHA{uLRD`E98yzON+&*KIO6+1EF$MWtZE8kc!S zP3RYfg@4^@+i)YNjiwhQ_ti8FMB({Ha19UBB_>Ycx}1mKh$reQ9tMU6haMXqa1IX- z3=YE1Nw4nrF>dJOB9ReH65_E>Loem*z_WJ0=Uh^y}vYx4h!P%`eC+-pp6Lf%AA0n308^Ry9VaV_u3T7$qO^D32nnd+qoDAV^-k z0Y@H|3#W+OP@8*4z@~8Ik=*o#bSpd}O0OF@rIK7K*B_ld`q&I*p{358NU15dKFiaUTadB>`7bZ++g*}1N@L@L!6UF*D~Z>@B@V|r~uF)?v? z*V?;KJ@eMXYX+XUKxHzqDgF_)N?Vi4w+&3ZOI99(KrJx9$XZjpMUkYb-T2qsKs?`J zqfJJ$+4e>t0!i+xrFr+pCQ_i)!ZzM92Skj+=5GZjAi|*K5Kf2f%{%vAoChwtL=) z)Q2O1M#j@IeG{q-f<`*nTBt3Eyc{>xT~ynR_LBzW1sl{Vo6&YsP&wgUGztbU3R#RB z)v6J@ZHc--5W0f;jdJ}snY%Q5KA;RF_y^MIJPL%$$I1$wr&y|oZx3|V^0t4`$I@9l zbJ?@$=!XYUS6hh%RY0*0^7QNlB z^a%>ZNsZo#gcIb@c=hm^{Z=w8kmrx*TAbjA zVNRgYPA4`E%0;2RL@caedwOn;vGV%6!?%o7M~Z$8`_TFYbD`eBEC*LdC;Eq1Z=Sk& zG-K|W^o;M>hkLYRps#`Nl_-x|vkCV~WvsBxs(u!S!@H=rTJ@D&DivQ8;QcE*QYlMr z$(|Vx$vr}mL|q5|C#Q5m&^F`-ad;vxIJxnsoO7XpDudh~s^-$HGURZYn4r|&pi-O7ct(+~6sQHT zj}`}?Lh6Tv&EjzY%EvruLLUefoS&Tf>Mn!Z6R?i3-oo_zhQwo+dy-=lQ+XF|F)XaG zZ?iMl3k784_DX?>rBk8sR5ChGJs!6xIwMNEI%qE%jhH^3;fmCCaAL%CA|Dg^uBhcf z&9%CDJ3U!!QvK2P@LI%mZS43AmDSR8X(X+=q|cYkS(6Qm zrGw7A-ek_X*0B(D5gDjG?}vCid6t3u2dWTsQ{Veq4CGxfaY= z3zxAIN2Qp>Xuxi^+L@?QqA;OGZ?f7@LPe`q8AKzqT0q&x`Iqaj)L%YNh#hFlAJ7C! z?)lW+AZI?(La~zhU#2@zUK#w0f9&te-*$HJ*&p@w=WqS1dw0AydUywa#4X_7%22AF z6BS~HeG2Cx++F1I;I^;FE)Rk)X0H4*aeYviIK zg&H+%UX?<4qVjkmc6}r$m?DuxJZJ}lQAJ1(LBJ|kC2;(TWP<(>F?p&en6Sq~$;}1) zUw|z+1tC$_gr12Of(>-qn=}V_o_E^+s2?|JDvV zvbsGS4%=*zP{bDRNyK|tSM9p}Q>oO{{_AQte_{&9BlSpEt>pEVYn_q7W99OVAeKT1 zV!=?aJL)}_Mr=>sPNDjm517~~AsY?5 z^(T%Tt$2+{yzVK!?|lb5*^7t5K3^#0^Mw!Pj~-X=R4RtMaue(CMVk6H_dhNrH*YL&D$nw%XdvmBC@s7n-X1GkiX+$*P!#O<2?se zMyF-{_N_$Li9@4e*?jq%E>sv+uwQvIq5pq&zu4>VLDtFx;`bqI?h)?9`3KoUY(;z- zip9rubiR!9lk`6FY3Td`TrZ!0M5Ob#&hHbyhxgyj z&+o_e@8|C?@N>HU{rvae!#}^wKENL2=kMk3zvs#^_JHtQGw%mAobjC>yz(}-B7BAC z{pi-^*Ou|xNxF{b{m8F9fX~XWeMAtO*S#IrJwTu3c|Y=X_u{&H_-iMwywSYwy?E_D z;cJxlv+>&f`0V@nbqgD>(P!V!?~n3+TK950dyv2OUimu6ns2fnvl!Wg+xq zl+PY4JKdI;qogt@d#mayiZtOL6V8cI)-NKYO0YexwunaL|ZRl|d1$L>?N=XU;n_R7=jTd2*VM!ft0-hTw|-_PG4;_px5 z{B!(#n4d4={5F0r@$>yS|2=+wBR`+Q`KS5$F@FA0;U0FF{Rh7PF4Ql%BD@<_J5EEJ zQsbG2?gzQ5pJ&(Od;#_nd13ABXZ-v<{QOh+{H^@+C;8`}LGIUp_%5uyWzdRb=@r=R zXV@nZxur%`CK}^moIlOaSNZu3SKeTs5Et;7PvA486NtQr70DRt>GW$-Fi8e=k_0NR zkQm8Q)uf1*j4_z^=>LskCUCm&>U{i&>U}W5UX)P%b8qalv5|K({118$^1r}1=g&6~D6*v+1xz$T{x%gh zs%y`yjdk<3gS;pr6eZ1P9)H}@6)#Oz{o$T{)vg);=;(|+X_cl-fnqq=FpD=2-KKLS zrP;2Yqr-8lR`j6z)8$`LsSY1b4ww8MIJ`*iQs1lB#1r8DHPkVDPO9|v0D|bFY~L=* zbM30)Sw+ILGCeC3&2m+WBF0!I_P)|s19ABrjazak1ydk|Vb>m8; zcTnym-U{_B`u)YlsFWB&72&8_)T(s?3Jeb$jq3g-XDG2$uRBLF%jl#>;p~-5y%6zK zM&{e|FTX;?f*~gdj{s`S^8yB)cZ?`Xx^tE*Lu?7t`ZaZdZZp~e-4|`3M6Vt za?8yvNy~FaX(>9WZYNJX1pO%Skjh7@h|oNUyGdAjK?>p>_oBvX)x=n6!4wTHF=i8% z%pakWl7KDiz+g{sL^Eogj0!T8vA@Or#oK);uSa8}Cmc;GOpv0+|~ zv`Pa+HZDTU3HLD2vNBllHlmJRr}cs(uS<;MMJa*d1y1XnPF;$*P6;-qwIzi!c647` zv6&AfqAN^E9bB9H3t9A3hxE-O#ooGlW1)3OGe3cMA=iAu(wnI4Y6PNvGxhExes&NQ zT++6Qedcf_7V0vKcYb!uo_b>P^2_ZzN(2@w_iT1y+#ir!;V8j1G(;ag^AVQQ#!Glc z0C>tp!h&$*L#J~oj;#_nZA>ZLr_e+mC~?y5CB}lmD#1$gw#LmzjrKg) z745SN#Ng^dJFxaQ_=q98D`V~29P~l|Oe)bFaEDnu>4@t8ZOfR`>n?pe520S4w2n_; z9mj;#bAnffNICqEX~pqH8Xk@^Pes5nj{?V$V_^IoQ;y?BO1hwofbKQa4wRu1~m7gG(y6~k_A=FbeWleJ}p6e zTB@m_U5uxO}7)T%*+(h*7X`KO+nKNRbbpu3*- zRzV&bH_bUQF)4^A2|>u&8rsu=dMPcaR-)5X;?sQq6|l&20ykB?Rc&!&Yz)qJx!N%w zQnR^E6RRclU~^2TRc^pWQ~T|ifkLd?YSaW0S$p4g{o&}qp-ywqtgn|00i9W6Rofx2 zke07etFAkoMzMHF=h2arLhQ(>RRi$+L~_unuI`CR=ikRZrx=-cN_*2g zG1N4zgp?O^o1#LDalV9Ov_=3A!+_t|!pTKdF}EO?t?)!C%r?P;E(V1N#FNvUTM|Zu zVR)#i01Ec+-+h~E%(rtfwpqSqt61l;Q@oT5m)_dSbbmbFKV9+nx@8&O*nQZjwW=f4 zm~C`KYgLLT;(JaWK5}w*T&Hf6+MT@t)#Y!Y9%ujj$o-2b@=5w)4dW$Dm*n%Qb3#~V zTfFKJRymHm;0NCqt4H`{3M8H^P4D6o6^hHEx1CG2btz2mn_qPx=6FA6349)W3JL^vBkacgp1z{ZB`%YvQa#Qs7`8-iaPjs&KwD4p5Toq zuW~ZcD^$Rnzd#isI4p->qg~H4{D9BBE+z0iWmV2|TB~iG7KU=CBW81Cu&h$qdsdRu z7K{C?VRw_okppg%a!_s2D5Xu5w^%%m46!dfsh3uSoGHdPL58ZO%W1zVLSQygclNwB z(UXnjj_xb&w^?-KMPoGJDCH7TJ>;oR_jT`Y_}0JRj1@doTm{NpB3cPsm?k>hTeCXq z>CT2#J+5+y8k51B@q0==Q}xtTe=^>?FPH4jM@`0bxx*iXlgE{&+%SfD5ZJF_?-+!- zJeCl1w%c(I%AyxT=5vQWm)9n#q~GX(aGf&nytc^0%SdM9jb2jknyvQM8vCcse;+6Z}j*`BsqMzcKf?T^sby5 zjCUrTBHQ(kTBA`pqB5Iw)g$knn7Qvj?i0VRb*Uz9eS4~Z3e`D5bJXkjmbi#Yp@{OT zQz;5;fGi1Tj1PmM|SnBH1CG+{xa&m%eESvJ10Om`*;PBjPBRhoV zx}8$=oXJd$v>3upT7taIkK6)osYFnN-IdQxbw#h+(R;}4GbF41@vhn7xI0}BbajWj zb{B)4<)ks-oUV3_#XAuy#gck|B{|d?GK{J$X1%jGQBQVd{TkbzLT)hQQ0vW_5reCd zi{`NRK~n|lRFaM65lRv|)7pJbVL@y0dX`Wp-mzqb1_~s-8FGT5JujObSi)B|M1c#6 zfaYfmp<2ci)N6G%ZPdeVTL0;#OPQg9Mm16jYOiU1L3-%gxuWBI) z@ZJRND+cw;wCr$W`kHnXW^Y3S!wfbytCaC6yh;Z{)22;v1zlyU#`2KA>dp=1oX-4c zITS^e*h9T1AIyy%DOw}uH!ESeiMd+O4WlWo@<;2hXk4H9^#e->vMP0(7A7KQ=>~QY z^OO=AtW&Z!xH7_5I_>{3E&dXoxM|6|3CTd^COl+ecUVb8SV<;WIrw8G&jX6uaH)dGQrEUT7Mu7bHD#B83(|#Q9I0#EwLH&5JruAR1`4xl^U0siv1Z zPmY;xT#;XNq@xatj_Djxv|d#Bqe2y|u5;LbkN=ckK@Xz8Lr9IJqww|w{3E3$GcCLZ zWCon#BsbH~g%K(7_= zjNEbmheq!L*_{P)DHfczeDIwJRxTZ$zjL(f zZdVJZJf67zl&O-8or;&Ep_Np2I+5HP-=$iyA24v8oZ3usJx1jBxkvk39E#bKBe_*g^R!^WFaB-qa_cDtI>hbD8k93r9*XbP&wSuY8RYB0BtFYeX z6f8?NrD2Jg&9)Jhen~3_aZuXVMsEd}>i|JtI1k~EKLF=EE3Sc92WqfDf7IS}Ztmpz zpPjtnhLdbmOnq(SrOC;cM!q<rl<}5*~go-V1%;ZfVG5vg64~g9-5@CWpyxI*CFG zUazBKUGQz82i z|I~HI>*eeB4145;lJa$C??z@Y}3rkm=gOgK;)*PtYz9*X7`gpDX zbM+?bHrd`ca8!y10#>vMH0U&&T>>9A>(Kuc-2qV?TJ|kAqc&;xk;ZT%K=S8-lGECd zn*z$K0uJi7ju&P{vsL874_|obp*OVze01phlk49edbGVAAj2|2Eoaau z9}TgGL(D->9aTt*We2;<&SEizS*y@Ks57I)yEy^W{J~7ZnaLy&M4-@Raz39f8@E_v z5qmU>@7K28PtB0i>2{cF1H7v37ATDuX`W?usWohG36S)VaJWm zS#!*1vZ;)!sJmmxb&u<=NKY+inR|Aw^0wRNll8^r|uYpKGi>>(G~{2`Mj%`^oXKZq5Hn_*U;IhUta_ze#$z%PcOO{ zO5HQ2x9IOzqnIK(zvyC?1+NgXM#M-oxa?Bv$2B7sGQ+WRV0q!j=by)|UzW2x=I7C< z&q1OP_slo>R`ss?5H>-VYxizT=jhIOQ^&LDt=gDdytDVc3-{F6S1&(WK6(0s!|V1o zeXqISVY^bFK8G;#jFI>5Al}Rekt&v)?WCM2srs`g^d#d7nJkSPpp0V#4`n zVq7&s65Z>hgiclm6k3^rydetuj)-Sbp9p&w1<7FDDa5@?mT)AzKde9t6X&vJ zGSCc5qop=avxoH5HuPbus?#2vM)J-BQzM32Yw-VIlZB#v2kNz%zF4eprdB`D7ya(& zxN7~!s*w?CRK@J73D$KG&?td{2k)Csr>F1xop;}L*Spyp?|R2OQ0o#(8`18^;{QYp zXi@kEX)nzX&m48p%#js}b|5gODEO18iQ`4dftSN%d;&Jc1C5ze7q1X?30LLkc)b;b zj3cKfa97X_7ivl2)spI~;LC_pPH)RBIyIhhtVz345@0f75%bF?73AFum%vFm@K(Tj zuh%cVbbgDb(;}TrH0beEleK}Y=`Cf&x?9OifZ;d+r#qc`#%5SD?(wwTRmRo@nNtolR;Uyzlhs`|wA5L&m6H5^LDY1z}Ax=DBAqPlSX)i$rzV z!sTR45}7~+964EV1h$MT<3!dtIeO#tK_gkTT6#ck-|JEYPn?11>99>GrBCZ6opGnW zm{Gzt}x1B@)tXclXg@6rCu9VB#CBs{CYR=!X4sbNlzr&2hRAZzc>R zik!L6k+qKbhH+bu(PF1S@;>DFYTE zo^Ue|N3>PMl2ULaT;U~TP^51zo%U-jp-4y!IZjzSGN*+`ekFduzT59z(Hf?!D=N4! zWy!fozWFzkue;3!fcRP>Ao2Ar6l|Jl*oy&gy5@J~ZRVmsQ}Jo{D-o0Iw4rWKriQq^ zjCWrk7Wez(vB1S0H+Fk0HiI+Jv8%E^#XgLXCjs9hF3XsE}nz7M>+Hm@BEGXG6piUrDYKybq15OUFHdqx4S0_rY zxw-O;><*~zIW}yMYx5m-@kFpOSvdaoe-PsvzWa{8fNBR5|6^bRfhHnKivm-Iei(x( z{;QI;Ow1!m=4O(3IIRV8SJK)**K~OE2tvT9d4dS1LhBs186P~@5DlI_MduPB>haS8 z$~8H(r?|~jORa>aJ!h?Z^}CBr-h)L!qrY(;p@CP0ihwuEtS9|u72XBgBrM9zr{(r! z&j%X22wC5%%$HG%us3>m&tRx%XkzaF&^aq5?S?-Tzu2bLAGXJbkM{R z!Mii^Dv+Z**yjftu5u}Fo42I%1(({ToIH3i6?xZ*?|2Hj&SY=S?M~L%=X$UAq^`g5 zSg~-!?7;;4nfUY$#mxaG{zM}Ru zk}tzcKrIgvvCu*?lOAR8;yVny2O8WE9Ot753ewd${)ZLFaX3Rx+ZGd3**t&G*EbHS?im)c}qXw$5acn@9PMWkfex34^$_7`K0(Nba3>DR~dRsY=WzCw2xj(G2AA9}JP;9hs# zfx^Qv-N^!1_*SQn`*XQS;D~=bW0@mf8mU4>;Hj}bzrgp4m zPJ1u;yW#Kyo(^618?*+vLx^UPri803^oo?gTaME)wK|qVjgixWk!g+Dl+N#Wtysg; zDwVjRBjp1Our&=7)`BFvt0Q=}OhLDE!v#*0fX1t`_kjbj0QZz1e|G_XlH_#t9XIEO zb`It4a%Pi3NTvgsV{^Rg>U(-!*4s8gq^Y(B$Tnw6!iR^Z%h6HHE^L9Bnc!?5JePZW-ADrE^|*|htYCMrxr9!t7!ltw4kD8rcyYY z+#T4ZH(1nXjJheGs|lQt*?pdCUr5EApC_3?RW`0(FPkVzH^`i?TN76WTB)fWE|(@V zSoEmGK~Yi4D%EJaMf4&4f%>pIg{a|2a08b#HTb3_S{kjs5={PVm+EqD$Z zuR_z|leH1i$Ih?KjK(t*sTZma#mGbaT``r4%5iwv&WMrEg&dES5sp$Vn2S=KHe!I* zor7=HXw+m9a|q=0x%oQF#$w5p&|Zc6jNqFBgt}sFZbA^3HX|3sEwVNpSUhBtlaZWy z@)G0VCGYpt@>l&-CSkJZG@ARW9iu7p%{L!@TfWz5F_vN@6|`c#u%!{}g^B#^&3e^N zm0_^K>6XE|lIfP0Tn>$}U=_?vYc_+i0%sjjEJI?F{@ujQkOP50WR(oDc;vg1dlR#S zC#tpSwC-T09x_lzVoR>T#8H)}Fq9#v7e5EuQLk3AW3$3L&%wd|4U${nrF>`O2=fB_ z)Iw1X7BV2X-H_oP5JIDQM+7m8&v?T2g=8LGMso>2AmWi`lTmcxeBnIENeIyvqw~!z zMtRbbY<0quN{IXS>SHu=Q0=C?kDbhP#W1m`oN3lO?wI=(E zY&8;*Elp=G?o+ORvNqitk;h2=TgkqR3;WK&iNyCRDfLnsBT^GbS4W9~xkL6-@g%@j z6u!_V;y$}wHwDZ^whrZS$lXL=Zt@@0!jd@-kSz{!*|s@-K+lrCzVU@^p+iBym^Cj3)rc@IcrB zWDnOraOC<1!%^yoFl484pU-_cr^w}!i|C7>EXjRL1eewIF4u3ko^+{PF8`w0ZZ{Wm zE*G;c<((rDSs@_)(w_7;-zdnurH*uOIF@8N#1dPbNPuh6zo^ybjQ4c!Y_QkfSuF>; zXS%v(x&xKUoqyp?qs&IEkw`RRRds1v`)zu{!8(0=;@13M@b3isyW6=N680jxO(uai}ZJ!mKG?&ubQwF z7B8lo8!AxQFG@r}zu(|k6cUC7ZQQ*a8qtlImsK3rY#C;RGPQggc>jeTS40`=Zzt8FS`4_mmhdGo%p93Mv z%hm}$pcj>LgmPwO2O;rOB(_{bn^<=H~Vi- z-k^_Va?Ya$k3VD!l&iS?iV2>0u_ay`4q zUP6TZyCrFti}fNn-WT>g=taE`uj_4qUdfxGP@}wnI_yn zkr{m6Dfy zN?oYk`TF~^^Ecm8o_u(J9o_6kv=}pWW+j~52mezSvU^<)tJ&l>F@+kOL+3WRPYOB& zQtHr$B;fJDzwQ^@OFp%ANr6tEBPQLF@hZO(34xdkq6c*bMt}U?O?%r;;On)>ywMG?qBN5*rDx{{Xo{h0GnjQvZqCWLNJ} zztnZS0B+CZ{J#pgy5%v*Ly$-C;MNgvmlH;D2BV-sOqq0NjPP(kMDpAQ1nP5F z<5k0u$H0g3rV)_G5BDyQ08T&lguN$v^G5;==au#U?&u2dJsGGuzR&itk2y#4{i$8? z$?n9#e1BrtgMbMpc)dRe}j}W z?lA_x=jV8x!d;pk;}@k~2)U@4QL&whN}*Mmb>^n?UZ;yM+A^ru7_eepr<2P9`fde- zk!AO!PPL@v@CB(1*mMLRK8yO&E%TL^He)x^qLsNOf22H1Odhp++vK5gco(#>MB=yH zwMx#s{u=wRIbZAa&EF9ox=~6DR1wqSJkoRE`e$uy-re0@w@=ob9liYl&5hH!iF!b9 zwy4GpVX1df=9goj)eE3iQTUs4LJsl)QZ7d_uZE!pNp=TG0}p6H8s1(zz@<3h${y-< zFF~|ad%#swX#vLABv^v{iia%m(MIIJ&cc+_?mk%SJTe#y)ko9r zN-=F@b3Zer@`ZGf#cX-A>0x!=<8kJ9yKHBih~)rF0)S-ig`2}pNXCuWg;WJkhLPlbxVZ~G zG;$7GWMpm>a}l^ihLMb1kTPF$CQ80&e>t%4Sb3NGXKc3jctOg$Vtso{#z?@f7DrTu z+e2xuS*;-PFo?8)x(Pc(KNQM=;xM4>a`)GIV*^yG4?%mz|Knb3=eKLw_g6}~39 z)1;}SNsZ%}bjV8@C<48>Mu+3;L@Y`uAoPOD#5_eb!;^0iw1^`jk%*0XDX^Z>O{8uP zKSb%#8*oKfCazp`p*NY&m5(gOX;BGrrj6$U882h@$WnaVXw+<`8xRMBl`T^bJd9&O zbcFjFWW72{)d4BQksna41^sYIMba6fDh(nh=6@$z7|4f9F^@WDiWR!!H{2Ks?LCWF zQ;~(%&noT7THtMLG%97gs%ED{-EZ={Oh*o;ClXRedLlHL+cDe|;IzwvpHc0Ol<)}& zeIIC$o-FZw10S$n!j=N!!Z9GAUmT&tk>hXt2wDN5OYMnIOjDbP~k)e+9dwM4) zjpaJIzOjz_fPX!O{gn_tbxw$5Oz`t?Tnj4&$BUGcN9WwrLoaYgtYaG6%|YRwuoHMs zGqM-xT7C{Lh9f|GT8F`)?X-{zg-?53F0Iy=be;`|%^~l@{wV}U$QBXLXpm8RuE}gm zkQAlgAWaXrgKQZkHi)4i=$bus$F05wdb3(o!A#lHJ39Ba5|YiP*xSCXcT{Hv;vXJ6 zq}FK_lM1a)oi0?;js1nu(RW&tw3X0yJ6uC>%Lnh)8c9N=p&nY!1jJgjF;>8GL`V?GAMQA&bKX^@kWOupX|fv!#jQbk>xama>Oy zhu$@OFmzr2Z41mev;&cGk6Dskd%JerHq~%0h;s%XtR>0|{ubnLO#Bk^f^XvIOE_P~ zd6#h0rv=1M-9+wFtd9grcYIP^oO$n5zZ4EYwd^71#?Pv3u%ZP4ek zcy@z6PfD&TY5i4Nf+bpvCEDMy=9a~gYyRZ&CXJs$DR^_FCQ(%ib_~m-NzjLy1l>x{ zGj0`=l;Q&l!98U$oH6g=%Ec?^{Vx+m+o)+h|0ZHKKu4L3ElrhWI6dDoIX`(kJT@8* z=mO!O{*KS0+egT7^KY(y@EYV4jkC$FuH@f(_Z&T5n(WTrG=C^K@jtFbPOLW-_~m8b z_bTj&w9q5`+A~q^y5@>K2!wHx(DHWgPwFjQN}%4FKDe_0c>nA|p9E*LcLwDo0@oe7&OUi3I)T2|Rg*e3lh znQYeVSmXE+jd+jw^7UG4Vq~^!a=yoF*O#`C7Hd+3tP$AXLl2=+O*zRWs1~$NlYPPB zP+LdrOO|nAnH%~TF$Km^Ip)g%Xj5+BMT8u|k4e$y9Q!VQOMw~(vxxurRm>Mv3+j*p7M;!&T!2tBZj!afLP5!YUY4^Bkb>^ zLF%>~j9%_jsm2vb;CkO!?>%}1_je2K?{Tar1Nc`)=#qjiizR>}J~@N>6yi#ZiK)nn zclVZxGOasA-5$8Q=?*=cwPYN>;5J_#>z<){G7r$5dSkJV;7;{)r|FpkSJjkx?OJ!- zK7Vx2y;4X}X?<>+-RZF!fp5FV9U~s=2$<+H9Fnl@iKrAT2%>_YzJx#PD^&R-Mfvmc zeDdjZppJ+wpm z#NMTag{RZUu;1W({0(UUPg0R+Nd2D6ltCn^ZJDDDuQK zT4VanCdEHQYs29wWOnRa|3A&~QD9};>d>?n2YbAIw6vCKytI~GSjjbEFOMjZa%d*J zC*t!JQz^r#&uhP|6}81vm4@S#P!GCGQ@NG+ZoO-dwHfwEyo9gsOIYHsAW(or8dgw& zhd;K($xwLyn@7h3X87=u(cxee$)daUR+mv5(CudTZCU?8eIc{^0Q+-;(Uh9#S^qm0 z&Xl|w1Wlg2YP@Z`f%Fny^H4D;ra70;FlZ;je-o^zH7IxjO3SpU3+^uz5bcd?Nr!(@ z`~zG&4vwPc*V2`$T4&HPEn2$hN?ga|@A-EYab4SYGKAD9#c8IqZG2}JzVmDJoy;hI z=gWfNIEP@_@1kqHpBbi^7~mJLP?huT0Q6nh(~fKxAUGx+s?>95pr;^GPrlMY$h!tv-lgXK){8+PdS4@ zC;q-bFXfBq!ecc_D%UjJZa7%3I$ z;R;(?zrW*9UlcTy>GC|*1*ePn+gL+k$%V##%$o;g6uRnuQ5WCObZ*cRYotS7PcrR? z@HwKr8X3Q>&k4meXs=M`_lxTAex@eMZhlVwy`OLV-tTUF?w9+$KiK%35G?cG>&EY; z@q7Mle(#4HzxR6^pKJYI<1LNv$&Jqm(fXG0(H^_@_ObFJUohMth~C0g@{G4aF7 zM&5J?AYC5?qUuNi)kO(;5Utd`lSRR=89{#u&1rYaY*r)#rJQHa*i4%)pq3;2@ZE?@ZgVIR9F=J%kN)$Gw==dwHNCGmWHng!)duDU!s(&? zt8B0lD#aWM!+Y;l*)=lZCXiP)G*?Xr53kMhhL$MzAm*3NKYFl~h#TTE%o~ zBoc+%fgGyl-l9wnpa48it(od@zUAGpeqByUdH>g~+|PkDwO8=wFWz@7li;Zkyyh#p zLDK1MHXSqMe~>+7%h$TXw}(0_s0Hh(d%x_dZoBpV^YO<=KmLhN?%MUqPkek-vcUeExfxjl5@I30 zv4sclFku0qbQ-m;l3KKvL!sz0=5a|>i%R_GnLyY*7do<(fz^orDX4^k?=ekiC$hD+ z3HVit5QGMg)oC|#!lE2mVn!!+x$p^_+p*&yI?qgZbRHgxrKRg?(Q4eS4!HWFiN3tY zmF-Xa0-Dc_962)bDUGWzv$S{L$(aJ&L&^!eCpkLbD`(k~E}VrQ_cidiIOHn2hE_ok zj1WJPbU-cQx2P}yL4I`2xz;UiL@~#v7qP=bn1+ba2OxJKm9>@LPOCsj>c}M~&&|z>qzhaR(dlj@tv>hx;0b zhY~jJ=Li4bu488Xl)>CL@}f=1eb(=h`U+8OH^7>_+>AVg( z{N}>O`X#!`y3HM5E7vtx=|+H?!^M&+K_KIQ%oF*uoktQ}01qI{^I;?^d;^;xhBs77xI-RPp6byKd`Fz%9_FxDp z2F|H~NAi0g@CD5lq!FsravEWyWt+o|0{;m);p%n5ht4;g&utfVX$5U)*hx4>;cuf$Ah~Pr<1@kA!n&F5)&z>0u zR%GVO)a0eBw6v17gdibN1m|i+0zKhUg+*6AwTOnE)}1HP6y@DP%vePGL4mR_W?*4F6<3;H)ze3TaXD@Fi)X=`3 z<+@8oXb8_r#yZcZsT0+z;AuQK6;JpkFScI5lh-8&F3A(Fh7=q;5C#nHhgRe=JLEyk z@ZX`t7tmrV|Ny~Z=xO2z?cT`5%cQ>2HFbWlQ0V)$tH&O0M!ufyyz$<%$MnUw=Rz}F_pF%g(9 zmtz|?UahWo!gAxgo9h&O9!QRfW4IP_46B=4gB_hl_q1qh*?2szf%t%EY2yR95&;MK zfOVQ_HhD`CnD*z%ZW4c!zO!XFGGne3u;a>dleg?Z{nKCNw&1*c9e^wP#y+Rl0IQM7 z(pJGS=g z2tbR4w+1}}uOMvxwGFx~OC~f7p~wdQNR)XBE`M^z!tYAYvWpeZJs#0hmWl9CiwJ^_ z!F9ET5NB*tI@KAi3@x`4g8V{FNVJ_4Z=DXWZ3Q^5i5#l~jTtLAW=y#sCV{$L zyziNSmE6$qH*<&`$5yR3WG7-xq$~N#L$S0ohGed)kZ0O_CKk&?g;N&oX>Y7@rZ$yN zpULe}oDEGI&N>c23bim|A_U^sF1>X5D;yi%BnI3P#9SS}1RDG&Zyg0@C*L~$yP*e= zoz3+C;St!|XZgZ$pr@(*CV_%qf6q(Ca1*6~z!8QtkLF6TOjqWHbYCSvu& zo_g>b{<<4+(mwjjec17^cz43n`_Z*WhaP`?Xm#x)J%+F&T`azD_|cng{I&nf;yXiEzQ-=`b?`;L4jutA&G)gwTP+L5X@yqa zophftEh$G3-}$$E4LstJzcWy)D6G>8W3~C6G8RDh31Q1LBAn6qPHq(oVJ`q+g)Rhe zi$pJmCa*^s2d3|qX+WQm?dYC5x1#~0ag~BTfqRjEBfIe%PvH6{#+=(8WB%mEchj|` zf2hW`V$5^6+vhngDC4Jf-~KO%2nhKH2?bUJ{j|vJ`x!IKx6WzuuZV}G``$@3;bZ0Z zE#?vq5k`7;Kb&RFk>Yy!H|W0Q-*^JE%I}-8uod5rTE;}hrrt!~P4_K-_Y+O~$=Q*{ zSECLfU5W2Jh+qD7e%~A$7e9UFC!n`{-#?-I20kw8aNoMk`>t?|9QQ3_82IR^nOtpm+z)YcX=(&$aMb+-T%fXfX6G$_=LIn2~JNL>!Wf9b%y%V&zw$Wbx9lCeTNL)k_a@iV%CGJZz%G`A}4k30Eq z(EZE5@dTI$>AlLR9pBGH2fmxu&Q`n}YyQd`8*Aqc$rK9!Qx?@x;MW{a?x4@eSUIhE z8Jpj{|9_^n19YA|JWSWVcI4lo`zKspBW}>13B~PwB6RQa_cv+J7;4vT`b4nkAcOx- zJc-%-GR5}t0$3dP0!Tx-JG?Mus;RZ($fYsxuh;n-NSJt4x*p+hevo9ZpJJF` zdpi#}1D;z3>W2ptgT3Q>hTm~^mp-P4OZTWHGukNi#m(ckSR>v)h8|;PkGs07qjuEm zyj|LPtluZ@W{hGoLCY^7m!T&7iIj{JxF07H@FEiaYKtr`8oi4W$|!G$laXhXfE=U> za|0RL4M!kJ%OP_KsU}=U#*s&o;V9R4!45%r;6rwxrr#AYkiwc#_7h+so} zZ?TwJ5eO!uAiK9jN(T?pkt^RLPbD*i{x^s`Omw!WDo1JlO<{L;q`TNRICkellG-;s zGE@!a2gguUajYXU-0LZ(0&0skny;{z?CF6*Zin5puR1hSb51ao!4WBjV_BDaLhsFl z3Kb+iD0V8e8W=a&8zro686P8*>MB2_2KboJJc69Loh6@POp9(mJ%#I^3+% zhp;;yj@Jse!x8nu5%_94Wefqqavy_t0%hU_rWJy=74@{=E%`hTc#+4w*VL@Tv;k_h z^hpkBHO^zTw<(s5%|dR7;%Ww|$spE_gU-6Qb4T7jQyucx40m(?Cl1H;Q#;MkCGH zYwx}Gdi>Xa<&^VY9qf38a;{?tb|a!lsO$kWUO@nyELPA&q5t!BLEhcIU7ucFNrlb4 zXJIcz7I#ye6ERj#6IepM=nivs)t(OmRBr`SLPTbcglo@XPp**#w;jp=0^w3zbtO7d zokQ-)>IwEvU(|*COf6 zVhnaxwK|+jkEDmu?iZKb@OPZ?YHF;{8Ly>NRZyf;Y&Qe@i}=_Stj}N90_~JIZ6}$v z)9z>|<_$_XJVaq7JOD`zgh0rpMZIkmP=|rMIWiYrzBCKTPl6KaGFv{f&KU@UH2e<$+{sV7W1U zS5V#8D9#qsqv^Tv@i|%F_Fm_a<0FiT9K_6<|=# z#J0YWT3lMn>$PQi3~d)@h}t)H{{FL#8M@DT+~*$vn{M3ahJK&tC>*wZpXW34bf4$L zJOuW0?-PZ!FLR%I>DcJ(OzcG)NHuYrs8N@*p{@TN7@Hao^9r)S;<3BhXLgmQ`wWC6 z#EJ7t_oKRCYvpmj=iTTWzF!lm?DB7qu%$arQgEZ|3~ zoTE8wpz9-AJ-U%);2|AscwX4gtIHl~Jl*|x6-X8H4MhgMJtY`SO|-Vx>4)(h)q)HR z-nKw48Y(MxWb4uet68=FHaoWUpU*wVQtva{GLB>dt?!&xbHilz`xVidL+caJZ+~kB zHDUOV@(4Gfzv8zL$rup6c^ONP=V8ix-vR%C2fR2XM{yp%kzqwC0-p2o3;sGbHNWEM zMy8b;NVsyGF0TBPq34>4H>OArq(~3w((54U)w%TIU7LmW_QKFWaWg&$k=0dsuy|o$ zAXBSVE{5s{dM;*K)JmN9lp1J4l%z8aZUj8t79qCxuK!*^psn-`7@;$~;Rc;cR-R;l zF~wpx%GczybT4#8ila-F6Q{NwG9TVcXbsm)``*z;qBHB4ULtWN;j&c5mODpp9ZtUC zjfuHMmpmi8MV20#4(2<;m;*Cx{U5V$NFxSzqZ2dnH_wiewI6=pen>P6t#w)l66L^A?@jb5!Y{r(eJoQ^co&rb_Flsi5CUkw>7j)Dc*O z<3Vsj6^H7paY~QH2OI0v866MOT+dJ~q>i%U)(lUP(IgM=IdTx$QcP$$|04Cy8cHixUW`z_XZn z`c*F{0rc{Zk!XWq-f-o0P`L8tK(C`P6B&F&kJU`ZrK;JX)!KO9YL=!ks|~Do%_KAa zM8dB`%`TUDWW7X_iP~iM6@Xr8{;r==Wa*xQZMVw?**&*7VCZP!IeDWt45ZVPq$Bvr zD^DzYo8%5AJ?^Aa^(tz}QkK+U-0Ml8ldGbJEnolVe}2s?&GSDg(V*KdTdfhNSBav6 zRhBJb=b?dDm~3pVmznSXftU4YU1ypHQZ!68CDe@An;u8WVtw#93O@&o*ju)YSdD0+ zb+Hq}dPJl%gRiCSGegLhc^pN5=g!(u1QkfLcHxVcg_=HV$jJUgBjyKWo+ufMM`bdP z%Jc|!JfB)zf5O*MhA)W>EeSA1@O4Ct5k!f^uXvq`3;FKHgJ-pNyyD}(JSTsWy-lVd+K@hA~rBYF5!=+}$) z-b!bGD~HQiCYufbr<&t4F5+;!nSDn5G-Cfn;kM7Z!Zvt)aAHw|hX+)Es1@i@-davX zHq>AU&51)L)Yk9ys;~tFF`99JRhR(WaE;s$b+^HZz=J4wg-Cv=JvoHje5pIsOBF~& zZn|ymKVPWD076yM-MNP5nXDdXcRoBFN~!sDI-Sy@*ZDWHQx&?Nga^oh0&IZ?9y-3uHW&o94f`O#Z~5AWzut`3^X&zHsTgYS z$rKBP%%b_CYrh>9A328l5RJl8G}C+rqoW4nPZ<8MkMkYwc7Jc^Zw4Q*r-<&GoCUCj zr?_hM#C&Sfd@wjyZ);|pFZKP{ySAM_soG3CWN~YaeHpzT>a(3s-Qe_@+&;I-xg!!0 zoKG~zwF?!KPuDGiAA8fG?N!jv zR{^Ja8VQ9|U^B1~ZWuIH0=plDf)7q_y=Q0WJRko5pzh^i^fK=hG~u@|3qw#Q6hY`E zEraj@u3%z?Hy5V52Edkw7q3qix=+}F|5v*=IsIc8r z3PCdLnp`WltYhpRUvQl}}|M8hOtvPKr=jIu`j%e$=+2U=RtoKcoTmjV?a+Rj~>XU6=D{*BJ z*5DZX2JCEIw!eHC&E|B>4a_sWcs>YGX}u7UjYtG6JO^*V8MW6H*EWPyO77qEPn0(0 z@#JCyrB@@DJo~ekl>N0!5_fmuP~eMK zBd(|%K|!Tl5F%4Puh(f7nPn}XOJ-AkkI9)x$WfOQ4C7NKiMS{Y;H@__z~fX@L`kpe z0L5L|Ro7P@FcS=J8_*2rx>a057+iFZ*RjiJqOLQyOO#zj-~b)w+4~AN&yGzj=MC7h z*=8w?jQR4Jr1RfGec|On#j7O-KKkF@AAWS=gCG6v1$W&2fcu%DwKu%BF6PEQe)FT5 zo-f@6u|P+6KrY{aTyjEHc!pLE-;6LBIWB{)95Yv;7=9Vr3B&_LQsW_ zN|lTY0LFx^RQ3ntKq!%{qk6U06tAC@M2B)6~KgE)y68JaH7-Z3P*W$&m5to`A5 z`g|;&(6U>Pj4+F+DrP{YLvg&(s@l=xi^+hgg z>Z$x?v4Hj0E_|6dzn|57&~-ZHH#MX}vuDosc~!duuk&tII>mXJf>=@=;upye6G_wv zR?#EaUW(V3O54-faz(afY<7Dz>gr5qGKEc{BLkDY9EqSodp4Cg;8j(yRoiVgMTRci zB}Y8uqNT;E#|aIQ8lrS_$=)bXoo2Y3)+ZMtNs)^Yj&3fi3mR@$$cNTe<;vV`eHMo` zjOy*U+viEDuXaRSnbDjhw@}L@gZ%+*;ZR%tRAHhk{)4ewhZAfOOg9$utQlwQ!=h+) zOgk0JjBg_H+QZFRKO6B^G#FGo`a&@iC-q(uRK@04v6v(mT8P=OU&ftAX(QKJ7#VM- z?4}C5K!!{nLbISn1bbxbx8~=U-}SDU8J3x3)~%mTeoNmU-WQ){|AFkZ1NQY1t!gq$ zF1u54Vh^my78Fj)lH_qaEoQ50%`Qj|lS5JL<7Sgdq<9SNe6U0zdX1G!T^y*y0ZpDC zxpt*nf0?j~3^!se`S3jhNj7uLvwXJqlfTa{6#Bl0-oUY~?|ty|S>|DZnZfM8y$@q1 z9vR{<9TWbXDogkw2qXPj;$py+!z^*-B^}{iI139kKbtQqu(l+NBOZ~?SRJz_;rh~z;O5YI_eP7v5wMrbab#2 zoPPA!$>M>8OHSk~zI*u#$4|R`N;5p!CkGW7g@*Y?DHrgjQ)yqkZ8{xlOZ#3QNryw( z?sEU4Vp}lTtfrwrA{@c{`o5*HrYLp^#Wvl1@Xu>;bU4L zL7Aom?Z5;XDG4%Ccz_<;7S;*p?BoG@$PsW>9ugt+5(VyI!(SykhhOm*aD5JDFCLV# zB_7`t%s!t`E0;OTN>wPGugqu77czU)i$PwOsUzHW=pPKI-!`cpS9BDd1sxCP%V_aT zLVn2P@oIcfX8A^D=aQhD3Ce0Roe!9TiVXrwR`Y4EJyEPDyn(UF@$mP+Ise|k{H=F) znLK{jEa|A5iBpoKhVeFJz$h4cFfolyf__8z_9fI&B>7SehQ0d_tgKD8v{`A*)8 z466#)tHeM<&$SY?mzR>JUQQaZ8p*AA1ko+xzd}CA&|S>Rg3}Cp3CMEVLOPAYqt}RR zprzOwNV|b7#-Nk2Y_rKA$_CK%&z4>BYBF1&?de+b#qGt;zSya|sjWpQ6I4Ez?1;ipRMlvrh|E9ZD1hHXezzdJN8f9-0%!=BQofh;J;mF7@#k0) zxN>d~T%XkXWx_fWFIIpC8ldoGfb_SY7L$E5R@m?vLoOB53mCf80tfV*;szu)pc6Sq3a&hmi>uBx16L3XV0dSwf7S1=t;Q$1v+3N5 z4IFxr)LM7WvSv%$zR=COZQZug$hu06-+6`$@op4@=yV%y-an8ldR_Hgm+KLsF0n3cR@lalNW}NcthptP9#2@+j-jKU+M_{eW5QF5?1N5wQhJGtE3d+>_~dwZ8p2J;c;7oCxu z^S)P~8u@ShH*)Hi&dfSK(cDLyCQD?3b73fCbubVl4P{T4z1bTs8xaO=vy<7JN;`WRKE(u8EhDl zV>poL{3S;QmN_}f$eI|r5}58+&>;`)8OaFu;7pdVD1anq4Lrra|Hx{IBP<^nd)2`H z`M=ou&aY^ni_PElYR}E$=@HM?V@QCoyZ>S|2cO@y&(q zxf!XVcf(MUr)00$yx`lLx_5?h6#w(BELf;VibI~)jqS^?Kt7b0)Yo}T7zf#TSV0&l z8V;?PAr^o+s+qdqRiM4tl8+3`S>}2;9y&#VIAJhK5A>~I4bc3Oa%h$el zaOi+H;~g!J4!`-$ATfrWceJ)Nkjc6yUFoR<%aZ_oQcs5?h}nG@Ig^sG1k{Km6>}RN z)mzEu9gbMpo4cS2MR!q@i$xcx9505KEjX=RL?lNcPJVZ=@{H^$g}=M6&}r&4+P_pa&Bjr~0Z0^FV% zho>_14`aXr@cJiFz{)vZrdHoY5b$05X%4Fdcpd={igR4#uoTeixO+j7W z!U<{zS9p8KsB>cmKP70kR>3>;=1cV6Xm!blhJeu{uJ zl-5B9)ZJ=?baHjO;nEF#27C4R0#Dzx5MGI7?_zt$Vqa1Xn*C;3jw`upSXL(6+ZTJ2 zhX#g0hN6y)4iD^fVcPm!r7DW!qB+nuRvAgRp(7J|2!T9pigyvxYo7iMvC1^|DSA|N zK+i%ZJcR<0A&_!a8^;R@SF~VH#-VQJSr;?$TbU`WVkTd#lHLe=x-y$G)ho$$|E1Vs zJ4zNS#ft*PQm`l}mh!T4xS>+<204_B`b{2Ev9NhpZ@MOBWy{;0)ok>#XP z=!n@L0d680?{+G=bpNc^?xWW2{YS^L9(k+2OAJ5AkF-ZYL0d3cfKa6~2OILA_*vgB zy#HZd!viyp`|r5^giaK0)?uu;KFb@La5^t|_s?lPux_?ncgW~#C-`I;;FQjsZzUWQ z{D8%Gz$#e-8@E5T9!K{M8x`|V7eZYVV>@r3G~_Yh)mB8L#o_sqHXi&G=R{y73SPIO zOYBdFyVXK5uO4@0G8xqpmU@>pEj5$A@65MCVSAqU@+eR*kDJ2b(dqeYc4oZa&;I@2 zr&yb8y}p|V!wD>~Kg8My2%TC8Id6}D11Cz*&n|dC*Xz1y-7oOCbn8Ib@iO)Hl)8&U zp)lMb^wXUa6Q_PDHI!4+U5U}rkAM76#=ev@%P8vcykqQ7Fb@HI-nVh~$MDIo*81a~ zxZQKs8})m=QFIrMuCO?Goly~Pvw_^##z1H4@s6icA(P+bWYM@}wW1arRyh$nck)2g z6*NUb5Q;>KbR49LGE9`v!wsb;yBMCKD~WwP7$T0~1_Dl;IXEB@Kp^-J$-eMnPbP9) ziMc-zt0rwRzt54u%PB{vLj=E~bTPje3eUS$=wFJzQGoI|@j>H%5K>Z%Xqzh81J*L5 z1RfC$ifXh9;%#f&=!ntGgMD_lAy6BH?(m zJ?43r5^@}Jgk8h?{3t%TWdSVGKXe3?S2^Q15lM8<%J6W` zfdw|~R%Yz(@xfdz0#psgy(wnc>%`x{J_!7Y+2U~virItM>Qh&M0i+ZbfmN;Ou*gl8 z9Ed`H7O7>ttdCh-5uY!tTJX@DsfoYgNp}!N#o_RU?1>Jv!V!hLL<@Tmc?e0c3VBTh ztDGQdi0GOH)BPaU>ui9g4J_zSak@4hoe5b>CH!NRyQ{x^692@9-<^JQH~!&XCE*h= zE%!?8c%)*#?z=3gP>fW@MEzax-Nx&7;OsxCh3L7-9n^&TVfF_F;$(69B31$UD{Mrn zz@gn4y%KFD>Z%MTXo#mDj0&4wpfa}iUA_k*-I-jSifPKNDjMa$LrHZG^&juR{Y^QH3m*SBQPyxjd$wbxZ`lBzPXic7bjX42=M%0a}1f|Eljn@mgOO zP?GficZy$Pzl8S#6sft)>~@5r%_fOdi;0xj)6pwLixDAxMgqp-w3dFx5$MwB;c~NC zzV2^iG^g1l+>YPXI2R~BJIWa=@fV220e^u{#XGs^ckt?PNX7TC-{JR7`md(>xLS+& ztj?g_#5J9pZm7Z48cjR^L2$llH}RW#g_-~EO!-jN*hSCKt^&A78aAg5bftN1Ul_H04g=^! zy=S&Kjx{f=X{iu}IYVT(gvhV-QmFtZu=l3%)I=MyohZn2IsdA;2=dL8Q*=5J9Y`@b zl`iB{YZ>&M6GRccDW*K@_DMptQwIseYhECi;b~$U={&CE+PB?G9~s>@L;`j|A!Nwp zF1J^2z7zgn)frPHv+C?>c#@T{uM}85%wF{usO!Gxcxk#P$wVXwW_kcucUmo5SE%(7 z)K!34|;#}S`rrIEwlfM=$wI^G^J{jcv?Z$IoS=h3>>8mshW25z4&=BG}G zYY9a|gO%n|=gi$_t%}1kVRpJ~)#bBG#6kp}wcS@ycv4epq}gkPXDb;3!IcYy9CpHp z;QAQ(tvPy*^~OWfI8wQwAz&UU)vr9HkLNnU3I759I;dct)kg6^aZ?UfNz+;tDV)z} zB?ki1YO&GL5nmOYZYzZvG00@ev>Io@wD&a_S+7)zcL5mhpnPPvj z+}W)!yzz}}Tr6y5kXQXS-#7g4O3)|bWka7({V`CJIPhF)UT_O#VrwZAe%4Wp@ON-8 zK4C!%xp~sTPBU-kXS$uTa4@j1Y6uR4`d~$Z|E!=Yo-^<7gbWP`#tVkXDOh-YpwP3y z3ck*L!^6wIjBl(>8>0Z>t-Hd5>g=jQi@>d`54Y^cxXkD>n%ds22=a;ZYr>5$#* zop+tQ?X|Kj#y|4Nn+9F;mT>2uH~#L*cNp9H%!=1d+jm2O~ly zQzqD-S@8gb6kU}HZpVr^2qT)i~fvzQ5AR&l)_dtj| zB0wx+YU!@WPxYoIxQm+)@9W}L;(X|@RXhfwxtP!rJmsg{{@ zPlzZw$5}jy{DOYwpq&)(!;Bfk6L_!f#hgZM~;8*EFnRk{>_PnDu^ zL_v;S$aDV{-|saoXj!q@>}a~^WGi-u1c6xCnw>U$<5A9KY{0-E4j%z1Jm{?qYLK^H zJ@`9IzfJ7ZV&U5RKlU;4G~EY{k#pAP`I!5_i}PiA4*UX*Nq>F@u6KdYCqGwlA2y+& zc_jtqKP!UGZWciNW7^)!SY?lsg9;o+6J;y3tTMgtW+TsE*!sH}+O^O(Sl3>{#o=$c zu{vI*`8~8dBfN!j#2zuZSDZ0qB=zE3o}wfhh3gR<6d^?RR-~wB%|0G-nATLva*ti< zMi`$*Z=t#yIQUxomevNX4us2k8wiv%c_N}04O~D$Uzm{U3~@U3j~;CsqlwFNrt}CQB4&E9jAoJoXwZ{zdLBhijF5hM6bO1f48>$TL7o*u^BNHF8d6UghtJ7m^@5&^#-t1&weIE+eZ||=m_0jB$brplzv77s{LtS}$Byeb8?nt_C zzS72CV+&W(l}11rSA)LNNTs^RV~v*k^4-%lKlS;VP!heP`Oc^vvgA4iYYU+%t+OJ} z%c5OoW>3K*${vU3tR$lepX^w%`6T4)+_b4A&y+HSJh3=V0cM@t{5WZZ*6N^!Wuz6b zHlP}4nKT!Z^~Ol$&|f|i-pbFv_SN?-g3A0yy{}$<;NZ4yBYnkno1w3Wc|iyy zxNf8RP`x&S>rK8tpf@oFC(dK4Z43xUA9m3E153@#U|hMiOV2r(CpQz~n0R4D@G#lq zvH4egAzRQtB@n%s-l_-ZGWG!9+K7d=biNO8G7N=E<H;4#mSBu5aqnSr9MR`=VT zR*6-X#loqF4wPqlQsSI-d^&&Pp4Fji???KV@9Q*f_8<9uqYX92%xm8HbJV=!Ij;{9 zK?6$lAsCnOb3`iBnp;@0+N2eeEFz^1n_(NY4NxwGuXAlo1d=We^^5-S|9Q|VP94i5z$K2g$L$&MS^aI z0hMknm#PtghYt>g+9a=ms}yJvL!Xcj!9&ew!udo*U(qC_9iJQ?nn@y_Wk{5KS`=CDQ&UDa7!T1o>`hm<Io)!!$4QFu%+cS5e&bY$J-aZjb9>lO(S5vs=+qi^I596$3y74B7)6fXSQ z?rlhy52eDem-LEF^t|cqK=+$q2+}q8lstWHC-=|qI~nO5FU^<7J0r{O-QDfXa^eKr zv%0P9tQ-i-57LCW6n&VSnI_`UREb^!+WakgX~X>1Jsz44PSfzb7os=aJlgrTIa33 zr3f8b$g(0yigm@_8m%%VS_b($7>>N4yVo>vcIr>Lt!hDMQo$p~m$TqpZo13;stpgw@C)zcFCTkkI{7eH&_ zy?FnjSbeGtnhCWS&x~}$ar5Y%cE@+byG|7wh{A1MgQ!y^YOHBGHy-CPtdD7j3KaUF zChDl?B9|&j@sMO1YB9;H144vj4-%nYkn$J7e*DBqZ$u>~zNPU~6lfrvVkK3|d)i~U zJ*TBG_E>n;T+Zhs5w#Rqi$(>vJFsq_$>q{74M?@vfm%AjSb6+HIYK@B*U@SpN6n}x zX~+$(e;mARvQV17eIV0YiCY7J5|@34Pg=kKJyW!OyxKM633v~SYnA1-ef!rARBSG% zdBWm=j<{#0bE%mM+cX9EBtEC8uZCR0sB*jTS+LN+y5vw`jFv-zF<_Vxir}7@vCJz$XM&g6;k_6$=G!ZZI?+oJy{{X3Fa(3MS!;RN`^k zdC1mPyGa}GM3Q{S-M3(k+>+$1jk>}l1Py^1UE;5dm>0(KeMO(Y*vw{o@_shFwDbOU;33JH@#^opPhT%0nX(3x6R{I#p2ZQ=D>-Ge175t$pKjm z_BX(e#D%KxtCxio%1ZCRY})u5=RM$ToYvP$**Pmkf-U_RzNL=gTl%rYO|)E0NRjT1 zn+5aPP~0Dihk!R*@jz8)S9wqMTFC5ME0-1TRAOBjkCPEZa2irVTytU%!*xO060nAs zHh(3@%%CbviXrHwToyr3$x7u3ocf!3To0)Ed`|5de%))`6|oyu38em*S={%#=j}_Zo2z=yDtfnRE}MY?k!(b^pY+J4W@>!KB!Q8 z*8spwU{i{3(={}o#@24zi)J3hc__zs{N5%JP0I* zD_lw)xmC5tIt!V4QgtM|i}^7x`%p0arh7Y&Oq4qJpB`R1e`?ZULiS3ULsu5Fq}=i^ zZF`2m(KV7y4z0*3aKpaU-=>@E*>p63b zas=HwGXl1xSprC9!Z0)TUyD!c*X%vfXlE|qOV=VNkJQHkxmqw#b{+0J5{(||%g^*> zvWa3xW^idtl&s!lD46tGM-r7l#08wuTerS%x3I6Ezc7TC>vXvq^|tf|#TcK*y>7DrU`3e|q&ZY8xLPxfB zwwoOO2QgJ{#5&!YozrENZyTnI0?Jqs4Ifgj?&3U^g> z)7EfUcsK;aQ@Y#2ofi4c+eLh>=M26tgA8`XL0}qV&$J>XaBI-yD(Q&FqV|LCTt4p( z05;=VwkI<=b>5xJB<;(tVp}!fCOx!lkH+JUdFBi>db$JAfx%|bKQu9uiVhC+_#c0Q z8hA%jGZRDpU=x5E9$Wn?#D=vo2RVKL`=utlLsL?8UZ;S6(GyBW0*SYGQZxJ zc(`%Lt&Q&f;rM)%eMNCPK_2BzN4+LjZ+&v!E6PENfl|&x7cVG?X-E z447O!hJ^>u0^|S{C~Q!KV}nOH76jrAKTovzWI$|3I9ht&M{@$r&I24`507v>FIgRS z|MDJ3t)V)d7Un(3-jSS~9FGqygK4HKm)vvcPyu6n2W}7d7sI!2;QsQ$y0&=K{TjDe zbq}G1tmIBbQ*U#+{Z4l@beEki+gXo&$}Z;Y%$^p~Z*$uHXm#Y2LYtmoQIIxmrb5&` zFWBc(&U89tq8<|nw;I98C*U&!P!0EJ*F<<44}|H!XB2y)NDXZ_f-zDE0b36B*>ut) zEcr&6Nuas6DVDvyo^qwvzsI83EFheftj>Ths4lyLz5qLN?2}8))w8R;^#|{|>%n?2 z9yXUAI+W_|A8TtH>+jXaOY=kXp`a6B+Qv2nr)=5~%*^bt&r9c3IR#Q?8M(80^8%w~ zM1~615cwSXnF7N#12cpNu#p#GpG2(${=b5Pv(JAXpMf>NIc2y$T;?)veWq0?YJPmA zjenwSmL;g>*5{C6s4rIf06jFs|2R9v-m&!t+%o^$v+z?NVc&$VJ;F$UK(K?iAG$T_C`9|}aMO(nxf@YT!y>;uam;KvPn$F%-g zoCkx}GVx&GJdfhDzX@B&g38U3@IkT|dB_f-+Mj4qXetMJ2@YQPDwoMolF4<2xx?|u zxau^Tp?PIN#^Lxf zaTuRY7lIfS1Y_j-doK=j=j*2Gh_IEcZxHWbCGZtN3p6F((>0WFr$U({pYu)4wXC(pY?`+2if7bHHaVRTx0;qg`s zh8Y1aU7)y=6BK~?gT=jzOZ2IRT=Chkt-R<+d9EO1Fb7X6Q z^+UH_iT*>2;+62Gqm;(bSut_RYLx<)JO_mHl5T9#kTLq}f-F8BR@vp};T$!x1!RUM zrF)Nk(lr>#YxQ`nd$w9#F8yA;&mAuWLY*G7KODuz{3FTg$q$y>hKe4WQm=Fb(*e6= z{!K>3QhblLV=Q08SR6dQa`3Vc#@)kVCrgpy!nj`5GI+thsfL&wN^K-_s%ayUO)UtQ zP{?S#6g`lpE(1C!n=3w2-rK>JYLo7jBduw3=`j~h+)H)=NK6|Kxf2dK>&#R-erri7 z_~VUI=%(r1ScZLYY3cj8Sy8HVw3mNq4CT~0K&xJ%FCrG5u{}>4;HeL%oMATHX|92VkY}*B(k!%fWzD#>0+VnX_e*K_ZOO)sOQY*K2-c%dh7P~01U)?nf+8;yE$J9eG z54)uvqAv6<{*3}HE-FCwdp3n4fMi~|5RXSLro9(@zVv>Z&2iC8$2>qMSUJesVMX5% zD``dN3_s?&&8~{(3hD^c4d8bWma}(M*;GnIiP-`#7jaQY9G*74@6FJbfY-&IaHvd8wkq2XlO7t zB{!KZ5Czk9$B<=vI-QO@Sj{!16QfA&PzIl(?}{jip1>g` zo=m#BbBUhWwxRv;gZ65&F{(8VJj7V_WLvZeE?)0su{2on+vTmkhrTUJZSCz@!$#S~ zoopk&vM^Rd^fO!@a>pIc&pRkOH=cGobw+%Tf#Q+JOiBL7V4dW zh!T959PP;*MUN;)%VQ*X!1WQ=s@S#^Hr1LWPBoH>h>=J+z2RxMT1@4QDibQKQmZT^ zE(I5@Z6?N~{6%sn(~2a6vtQ!8K#(JaMXpd#iPn$aO-?^_U|1S)k%mr`)Y{@VqKG&| zpF>0Z6U!g{sIM#7HHmii$z61)?afe^eR)E>W7>6a^jM1xdKV)qlXPZiF;8{@_w$MO zUi?0n+q-dilfRG!0|g-stvoYI7!LIB<@)00%R&foB4`Y*;Gi!^!I6Il89k{b@B=t? zMUQ_|DEKaTy=JaH4sgwJy)&n4Is}OH;p>zi*FpWRqZ;VSPu$wyJrnjNdP~{CTHN&Y z$EA43NWM7lclZu829A&Ce%L%Znsv&virts(N=|0_3VsKah?*HYhOtgy41dgR&?DR? z)q4_u7nM}g&;Q*kbDxIW_gv`d8i^cXEp7MGmd3{>T|3=TV2 z>0T#rU zZqpONXmiwGXrw~j(cg-s6~FAVW^jyW4{o05x6W9r`&XCe|IoTTT^&L@GWi|FcJpsB zR?_vbKHd-_k9QNRcx%^O<(4yTAFW1-OM7y|8VX6_O*L;3H{24Faid;V`w=)y{`q$ZG zpZnaWw|Bu^Yuv&diD4D@-@!amofGl+2*?M*R4gZ8+N+_ z|HvtB2nv%Ghs`RUR~AgjzEgm@@u;q&x2;zrYsz6$vvBy{x%5umG~cS9JExzWC16}A zR_p=C;Ab9gQiW}UwlJ>k6rzEt0(xs6@~x2CYaoIgq=0ge+@v7oRf1*g_aKD^g8a&aw&w73am>*nA{Rq%Sl^2Oc*nTuhlNJI{R zVa1UF`v;L7qFq7<&Vg+*FkM5^cR1lZrcPu41ZFh?@7-|7Ijf5va_4YX7w2aM*7Zeg z%7v_1x}H*lx$2Q@+tHvolDNq#l}DpW0D!-R#F5Ud&U_`%b^nifmaxu?}pP;4*?>rY5-fg@8Z2>`8R))yqB@g z_^F%VyWGOWdf#vxd>0G(E|2|_>w8o8>h25K{OE=LhvWxrdoNN8O9RYs9@&;304q+3 zmKrgb5vdvP_ldH09&^C;CzSFg$cNUBw?!xk8zB@(gc_Kj1uAA=&n>&L0YS8hZ?xG! z{=->raOLoFWc>IR<n zE~@*Zx;v!TnP2H9X>K1`H;7XAi}Z9C?LG63z$ldpH}5)mvPaO!qoaLqf2!3abn9Py zNmWX2xK&96{dnQI<}F$-r`^&tnuQMfontc#6J8ez44n3{ zxrK4Xg~#y!U>>t;;_DGtozqIeP|z1Tt2h9&as++8vtFm)>-5H*isbW-2OU6TD;6U~ zPC*Prgs7P9i3h0Eo3aynk+)u^!K*YR0%wS&^x5bkPZ>1OC{@#z?@%F7By@mZw5{+j`m!h8#zWs0bI}zcK)+vB5 z{#-=xMaO#qvW^W_M^Af?mT%c z&%EJMOa*z69FLODZ-S5hyHXDFtNvA5{Z z$MA|>lL6&dsx1Iyn-rV!xb179sjxg=Oy}YvfI`na{V1e9_QF$_U+V!HWVt_;<=Ka{qX%S3WvpyqkT#u zmrHmWNYN7q?LF+D#b4txSk=Z+*s+1b88TqLff%dCSPZM`TrlPj24l_*Mq_7UHHgdz zlYMQ@*gTCmFdy_HVaCooC_JZ+*$@GS&f}1~$IeHN%57uh022q1XW%2IpuCk z_GcxruQF)y`8?)qY-G5faw`2p!|~T#H*#1_Zy0-hF=q*+HrUg=N|2LE8B|K^eO*)!P#>Dk%kH}$3Z%ArtYFh7X)MBh6_NBW&7 zai)Juo0-wJj%}am661Ca#l4;b4x?Roj|K$mS8Nw zet&dy@Bjn3{!S2+o!a`F?SNVqEK)rge@=lbdJgN4U`%wp;fmhIw7%>qn=NBa%jp#I zL8)jCMUGK*MQ}6OU9j6g8<|Nb3Fb5vTqndK59>4@X^2NDMp4X@pf{ujw*xdw!08$svHxD*rC&vb-JZazDvbS2TgrarFl-(m& z`x{;2nRsKSy54m<^G3=11Mv=%#l&Wr_%m@Kdo;NZ)t88;@>~)2PDOY~ODFmHm*H_lY`?N{yzx`xHv;TP&AN`VG!wg9Xe1rLJs0$ zkJL&%{XMRvyU_1C7(3kTULH(;s@Lz?GmYww97CLM7SkM%5aw$y}H_SHch9FzcO9t%YQHpy~nuG&C z_@6q>#6@5~UVjjoIxTnH@SH*NWhIH;wXamsv>(o?@R%sL!M)At1 zmxBYH(2HTn%z?eb4Q{~qcb7_0s+N~aec6+YhwT6Y<%&KRsP&!8;jZX>qA$Me%H(pY zCxc?D@={odrLtbu5uQcCRQvHGdy~nT#l88x7Y3-~_Q3h2+~VR~Dl$4XmwoVA-f-?lQ{gvvp{Z2Wao)3FlJv}91KkM;yYUi8)s8HW@0KN*{kud7Ymp0) z5tIXRByK80WG{!T3WTuAoatP_n;i{T_StPQbRn8o)2Wypm1rOzS995A;6&g)1*L!e|O^VQRsEwK0daL3q1q;fc#gV(<*Y1kC|?4^5gTqG7-T&J0ZR$7cr*bkG(}92t)E z6EZ9@f0#CX{=jsAS4P`52L{IVY3rqFo8r@kS&L>i$7j2`3I(ptXY`qysn^>t_KX%T zpv}qtSn}c&buPrjQA+rRdD{l-(agQl#J$2y!8LEq)b;qi?RkQC%b|WC&v==M>Y8=G z1lH%h4*GZUkoBcA6nBd14N$-N>#=~Nb7lqeqTw8&8sIQ0fCnVW5)OpV3KC*dk|J58 zvpR}Y5UAEE8gQ=&UM71ZLU=sjmL#ul+&g8ntSP{mzwju*Ul97{-o0UQewEYbA!5;j zeV_swUw8Gk?#JH-174H8{5Ux^AFCoKd}G#k9FLWGF>I#&XY`*@H(a6Dr&0nsatggMNR=WD4Upto?AMW;i zn?3fI_1hYad-U~?3a~n9CGvRCF6o{) zP6X!=FvW!E7~ldXn;FL|dqRm7x-#{{?Z<0N#qsL$a&CD*F-um!|?|aRA z3YQ+(0`xZGCew+fvm|+r+i>mc$>C}bdQi0Bvc6|EsEuwS@4_9;BE*f&LstZ zQb;DvVI}Y>*B6iqba~8qnv+~IG4FILDq^1KXkko^Sx?iy!T|a3u26H3>qf{F)ipYN-^Achylhi*aH`_#DQ;%QKC=5Rb%-yP>k&y^@T)if`OCWwCBg;R#?xXf*onIIfd#qxaA&?hkJ95LB=g z5Wwk6=b`yPco{;$dRXxn3Y2Jwy*B6>g- zn4{t7xtQRO#egg{3+JdT)gmadm^q__gZ>a`e7Q@Rjz#A~F26?!`@{LL81`tga}M2< zyv_w<;?Q`wvpRrMcMstKbYFbexZJ{*9xzj|a%XYw%-im9k0xO;!-Q{w7*8Jme;*3p3@dINB1R|qpsqz6Bv0<{ebk$`nJ&xiu6j%OM zEi%~O8#wOo?CDP|pZN69O*!%O-F@rQkO!IzqznHt_x1@sCkPAk{S+4N z(6G160dL?O_67FF?l}nt%~8d>q0dJo7?}4eP8TrB+cQ8uNb9!2pUjhuzewr;WsrVj zzHqa@8v^g>ZiJVQeX{3B?qu6dFZxDi7E-B+;fDHc;NSkTak8WL6y&^9uQ`m~xYiXB zHJcuneMNEG)>K!DcDf=s#+50vxJGN9)NKRHgBM_Nrx0uuke?0{@(P1m%IsVb;Rae)WEbjC zojB$UpHQ}qn{;AcK18Ty9#g=Pg0+KDLM3ev(ZjxbV)--6%b$UliV|33fD8(g)-UDe zzYD$U1jaODc5d*`L%6~XT(nC(@0=$L7vlgflZ^3^j{u?am<}JEE>`-$ZB59&du;hb z2M>OTql;TZ!)Nswae$m~5jYSYj`F+7{sqEPx3G9D4_O=0b22<;*hQ6G8g~Uoy zbum}cmCS}#Q&wi3v&~xznH6_7ovml3Y(BDXGG)_ix$$In%De8M$N+-%3JCJg85TwYWc8_aeGEf>U*inXH4X3=;c{pbC%k$#t z?=ZG`;lP>Mv^dRJYWPV1=TQCn7kX*GE?+)oes0}E+>soUiGEC+_=@^6ag&o?(Awbt z`yCrjHOsQjtkYxJjON`NZiKFL(xud*d@&UAsOP=&P7j|3J~Cq(U`gCCGW5IUWg77J z>3pIuqguAbx5jc9Ojl~&9FQ@T|7DL@^g)`P<`azFdhh}ExQ;`ASY&tKJAP~+3dkw( zmfy;2DQm)@@GlQ{6U>ovwd7vm%9$K+<*{r29AQKHx#q$g8Yx>O1Cc0vk~=(h`W;L- zuDlQoS8jaM>l&3^THIulTf$_b!`|i}MAwIi%n5Omt6B%#F?Ze9z8aEzW;1%%Dn4I6 zuM7*T@uB{8xm+le*E7>~Y26)~@vZy$x`2sIUePmr*O1b}6Nr!+*^?w&t3wZn8)0!^ z%&FhH0hA&823%@r+tLE;8O&-SybpjO?g+hhu;JZ1(Ld+S50w04?aK7YMCZPNOl9tl z{=$?$5bX|CXS!qmLzW}Cpgj;xq*>qTHShe9jo01%OO*q&z0OLvIBh;KDV6uVaX*o( zxs*voK{e<5+xF&cmAk)3TW#_ir{e+ocpx4(g@h{UPa6rRPA$rA{8aA}?px6znWum|Ft_ zn1`3l0rmZA^^f5RUV^7!P7K5(VKCsv;Bd6UE^ECS46&%qQtJ&RlZj3_<4yHdLLGfp z^vY@Evt4P`m+#5gv$+iVXE%E~+_#-6j2@^(JLHdLn?ZR`U!~dngk%lW#%ps&UEyZB zG*OR7YJ-{FSWm%*et;G>!d&rM+WeN4!K1?|8RtCkNgePrb^eZz^5ik4mZeHyXx=+Eu^(oXrBZ zbBpTtpCjiD5vvWGU|}*qMldYqRrJO~TeEpHFY9QzX*9qS$FE#_`o0poD|AP~s{^Jwh-{7g_{IQdF*67}hdxbxFMCef70YRIjml2m1^R0vZD5FlUx38WxW5KSnifGyZGGAbevZRti( zE=Z(ph8F2of;1|k0)j0xiUGe~`NnO5Nsj+K{0);*Y2ki1o7~AZgT(xaoeyc9nUxX-!1f zt6>ePhdcm3GHYP^#GSm>LlSYROE{E8XmsogK8wjsEvH{Pd&%jo8rAqF7<1X_lAZF!L6b4igvB}; zoR?%^F|JNXtq9IsRm`gXU&q^SpOD(z zbH|q5m!I(YrseVG0|%m$Q&Wkdzg@BVz8RK%`|Z+C#xGy~7Undj%HvV^-nH9&cHd=w zo6m3a``O+|%p<$y%fcSmJWxi~hOiIJtb5vKUmd=Z{0Fs;c2ZB(UWT|TSzU9{Pf`-2 zpE>HM&>^q|hb5ZKc#yv-VcneC+Hqj(rE|yMnjCLvzU(qz7a2qJ^mchi_YS{w*Ihqo z-O}+iUw|)MpT}&J6y7TUhkYR>gF+-2x><7s9i#d(C->a zATAcmjNn53%(3|k6y4>e&73k28=_JN$SLaFi1zlPy}jl3_VV_w)H|n*x+^VK%*KDa zy*sGA*Eh58tSJ2xyn4vb=301@30{xzCJMZ91u2qDAc-?3K>kboA{Gn-KHn`g;P^JX z=B&;+TTGe@H|Y2HkV!T&;Xo8aK?jMA7Y8+YPHC)LRd5+j7OMixn8NMZ(YC5x)5##Z4EGF3^7DW)FD2i%j>mU!ifBc+dArCFD2gLq6n~= zUlbk^Q|QIv37rhE87PGKJVbB7%^*Nerh9p))jB&H?pxkF(dfYBEt|4jFejT79-+si zpPSRAhu3#KsP>g?Y$-Po;@E(lFnV=RcUm2L?J?}T2BTiL-{?8*uDV6t8c>;>8ql zaYvJ_u;o-3jI$_3KUg(xd1Q z&QX%LxNWoqEf%*0`7JEzDeiEm^w>cuB{*DS#mL$bpTcvJzYsjydpvXmZcM;~CCC9M zfkZc|D<)ko@~9KoUEKN=b>Ne`V*+vBD|C=kB<+;+HwGD3n~h9xnr zDoq&qk{fe0Vc^r=*7Yt=cNzo6DU!(XJodfCF_rSEx7la z+YKWwOQe0{&Si=_(Vek}5g@{q%(82)`RvUmzkcNzA8K4OjnI{1K6z{cKA-akk)Gq- zf}dup(S)m*#t_}ZG?IZ0tVg&GpJ9dzdAbD3Ehsjd(%q?FNJ~DKPxd7i!d*W7Rp|!A z35Ec?-?_1MKPC4fa{$tPmZ#+K8KJ9J5n!1n0A@sW(=o0D)p=k&Q|n&U_4h=YELKZj zvTa#MNTx6pG#AO3K9TP|xhd|9;NGA8c+dH)^vxy zIkp@rtSONM*$i*tc-4YP9IqdQ$vl^w5Nes@6+Q)C;ek7P;qza47P>UYt2BroB2odb zoMdd}G(kjjlE;^mN0W0jLnLsh$R;Frj&*noEaUO$IJWgc+OW*o?Vi@%O-5r=Uyrmq zDS2F;Bq=CkyMw(RX+9b0=~3GEWH`pzt%P%jfNMv`I?ViGm`4~`!9GFB{(Jam=*q0m z4P{&(h=4$}+wL&;tv_SQ2OuHM{a%WX0c-6p>4t+)UAVL z*8N&aX1ECeJ)L_!9)I(KP3h^&UgNR)X ze;=^y_?^d3<*{(-8n-4E?qb2*J#1{6VeSqQUXtLU1BafR;xqglPl(R|tmnQW{bLE& z4Ab|hJ|G>~2e`A5^3v6XKt>oXllKKImnjk!o?!mO?aH{P8jziT0`p;B|7xKX2SeFN z!Dcijce~peoYv-A+Zy*Uo2@lJ(TYGvu$6=*4(?IKWr;X2I)y2U%0Fu9vGQIXbQ6rE za80KGN80TiMSX&iQ^vgyg8hj9%<$0Y(nQzncqY=fu1}4CKf1nUd}V_zVxPqY$?Neo z>!xC<6{}Vxbn%fb%Z5%_*-Yjsr=C_=(`1D%>J1DXU&1DZd~I{mMFn>Pq#kyLbQVO( z6pWk5(;-3(Ssq(Iw&0NTB4~?MZ!kDopcl^UZEUt87GTNQS}s%e0xfYJu7*`)N|7FaUU@80I?9vBFn^r3LqRHs!n zOqn=tqdjTZw22w~{e%6!V0U*{K!4#``Sl~hI%VzDvFjC?T)O#K?U1)ghnga934_W% zRjC%=BX@5wpYIjYK!R{2F-JzDZgX&uwak+63@DT0m8o9GCne=wkh2#AQI-zPm0 zq7ZNcVNQ3zreHO3mx|a+;KQqIg%6KD+E8sJ96M4Z(rWWy9+Z?~iohNigG)%qKBR>a z;R-~eAB8l?NiY=K>*J9`;(NWmlo@H1y;sKT!igMx42Q=RsaXHk#}`RdjDE96iZoJX z>-%xy#o!-GabLqyf1x34anH%okZ;Z(@y>cJ}uaPqo@Zvr|*%6aJsTeZj)gSRoxW!CNpI@Q}r{ zH{!n18At?VQy}0C`KGF0(edAbCn*S_a{}`o3hRufk8xfpkN4^l2INcq^d7S zj3wfQ@Hr9q8I)EP8ck-$oDy`-$x1i??la_`=ewy|#Et}r;l<~nHPMNr|C4yjSqGOfhND7kP zD#=j`P1?F4cckE?2j04?9G(>GNV21leO44&Lc|`0NX8A3j0+62Af$zb%RsvQe!tZO z`R7WTkgkv1v+774yknXasYdI_Z^#`XUdLrmf4C}Q2hsYZO8=UqZyba{)Vri$Zz6tI zC3{5|xL^{#RqJR@OE|*@l`nE;ko-%j(F-dfMp$j`IYYQfYPvKM_C+G$5G?914Tg}k zEF?u>=P)Oe=fA8sG=q*dCUcRdiI9X?Udc(DRX^{U43Y_L+3P~Y2m+>%5b?tIiF1Yu zQ0QCuEiLyfA>vw&ubcOJ$pfZ>-%#%=83iPl2M~H^^E!{)P>tvzh7fh~hE*Gxf^hCL z@Ev!W*Rny@w@~`+4OPw;10TEU+KJK|EHZJ;)gK#Jd*>auK{%uNi>matO}ej;35DZ( z{jLy2!gNu_1y_=$$AyIOB3e>9!S5_^isJJ{?z6^UV9x19p#zg{X_lJH5tI^p-9CQ@ zX-9SK;gIjj#OgE;q?EHaH}g13Y8WN$%n`wqzF!qhiB6qzG$lMENhCjw;LlkTREhLx znimJOl{8~D!IgYnv1EsTozCBkSw}_{MO@D=_<5349X`ORMHU|Ymhq62lBk^+-hq1!X z$-2JL2JejQ>?TOSi8?9Q5w8=uj?~;F$Tbnpqf*73*&r(BuI1D(Q8&dj;C1sd$Y!F* z`rZ|&Tyc(V5DicXz*CGY@DJckKgY+FfWP}I+~55P{yQT7Ag>UOi=s#nuS)rrcz&k$ zke?~Y^E25hysC()Kx5-E6#&n9RatIq=dl+koC1w4jQFiDQrvIYN>D%A(Jo?(Acr%8 zS!sW#ye#y0hCEM;@1Whtmlf>YUl;5xBVqT9V(Z-?+j6K8gVE}scn(wte6KHmk9_f| z#P19CrXkrsqqw>@$gZp?!Q0UR^4C273+Kfvb1XBdYZ*9k*}Y_g;Ks{yEckJ1hx6mw z97D(6w-OAwtRLSXm~wTFd42%i#<$e5yvN5PLm>Y{!9F;hYrv{cY+%m*@>r%YACK{| z{Gw_sRN|e2y>lV}jFN{DSD?LWEFsJ(?6Wb4PChm@UnhRQoBxi8>d4n&K)=7u`$3VH zJ}x8)=n87{bqN3TO9A^9Z=Ybf%;E9Y_@|3HDSwWrvy7vdKVK6nm029gxG02NdHzJ* zG=HLQDkC!P_?l3;ETIGsI;YMbk3&!MM{(#07kIxpR!iwVw4vzQHpseUbsOBzlgIYJ zr6J*hXahSZjVtyU#eouza*1mH+z5E-{ST%1y`U=KQ(`O%UV+ay3qBA=KmFBD{_AdT z983PTT)5?2YAXrA2=j&0oAd?=IM!z3A=R-q9h!&DmJcqq(JGf(VknN}OIz_D_v)*wS4~Z`O_R%(f&PIe zlyOJ7xE6PGh}S&;+|lVeHYmDslou*f#vNt88h3aJ;Ev9L5)Q2d;CU=+zQ11;ZK$-0 zcI%r&tDHI@buW;*LaTTzCBjby%Ru<~jutoMjew@y`}YOj z&b2rp#Qrrl<#+;}W{Zv-c*{$jmQvWxlY=@qRz{CoqRVM zo0p(c+1j%~WacUFUr{&uuGW1y>gFYIvx>@Pb2~C-QD6#n|B8N(Yi+RYIM1#TCDP5U zyp25CP$viTQSLwDV~94`b||`e8y%TO-bNGJs9FPlkHFX9M`8_7jh4qNf;1!ORTd>E z{6={kROUWTWB(-90A+X^rbwF~luJShp6`g45PbSG;L}Au0=s#Rk^xz5lnlsH&ITm% z5xo39qW6(k61ks%GoiKRD`ls0MN;cLb);obS z`g@qaQ3=6(x@cy)C~{g?hysrx_<+crjfYps6s3`74T1?ixh@;}I{rJ?+d*}T&-X~; zq4$Mj$cQWv3Z>$apbj$C(5S5I(e3uPw))4Vfq~5K9^_N(arGp76jRSwWOQB*%BlYO zq4*F5A(Wj%i6L1Yl80O^Elqpc4^JXQ=47xxg>1=x;GUZd^j}(vk1){HB9?(S!Bvq)G1{18?=8ZS`I>!9&rj?C- z(``O;=SKfJIU z>@c`JdcEGvj0VLr=X1O4_HfAKFzICfd{B?@qh62G;W8ynGMVz~Odf~BgRrEwAo7Jk zX^0u=#21`~NR>nXFoVF2PHxbEobU+p+4Ibyp3aY6trI!mp?s_Pog2jX2ZKibo#{vV zUH*+*@aG@+Q1o*A-}s@(0{%ZBpEI?;duaTu?xC@NxTbq}^sKI-v3sY;W(ouSHpXbg z&P4`Ai$Q0GDGqvRmkskq3yg6ngW}TnaYxCmW!`_53|x83q=o8lghM6!_7^vPk={pg(S5vw@Y9m~_P)25K#51rXSG?7t=qx%& z3!R9@pyi4$dngjV|EVT=fE=xg5I|=$DtwE}W|03tQYbgwlkx?)D{qm8q)Q4LFYRGx z_ptd6b~gSuUD70RsWG^$zCm+U;^>cZZg= zM(13J3_R?Q!j&q~kMsqJJxJh3>R(bMA!fE}&?_9Kw$^+F>5dPoec||o8&2*}qwvU? zVh%GoZ8k~E|BSP_x!LK=wd7nKGb1TSDDLViT=bOOl1L1D`~Gg*w`fB|)L zAt}^Yr>dz@KVT0<%6(WEky0krp_qg19lh~Wq658cu3wo`xx9}BeJ$De37`4Y4eM9l zec&?%ITPNp=a$WzZ`pGa`pM;KzNXlbz!&N_>5SddU?HXlu~EBbFi2kHr1v1UgKNU9 z7j|-FMkvgS%AO3^q0|xVPV_6)pJI9=m|FZKRB&-+2}}@!eq); z1ql-DSA4glF|=D(u)3ynSz^e|(LLUksXfFG09omRg3C^@t`K&?<-myA`9q&xI`Db4 zNntz5gXdH+1oz)^%MHmT8+*EEm!wilW)XX6N%ELwD^}ub#WJ>KReIAU8*;e~muymF z3~jn(Vc`;d^SP|i1)0Cdbp!Rhv)g={SBpe7s&DAFt%fRV!0K1N2?nHvwsNA?LE_Ef-r|2=N0m z0=;x`zzwGfH~gmqA!|?yOuF?hGJqqUr*O47%AUbK;Tk!0>#!Sqo%xK(oNep$9TRM8 z?}?uo8R*WtwtwaN?V<2lpZxM^mEA*qO5?|O`F!45$S}I3XGy|LMz_l>38f=**d3Qj z40{?8sVS%~As9*PMH}Go@M<9sFlR)He9Q%{K9JRKnv;zUF8^FO5Ou)>OL98>fk~5b z(k_&^G$gK_1a^@Ew>rc-5Q=n?g7GBuf>EiL$8{I_S~AYf40r~6|FmU`0p_mC2AR~f zn`e*12ist9IJS_EcI1Z7-MeXE;o473lzz+_Cq8lQ!ocTP=k0tQNU!qGoGz>{bVV>M zL}E5GxJ8>~GnV3G4zmx$V$SW=&$)~Uxyg(k=Y-xoVVraj5$geq%tMA!+@JS_#Uzn% z#9v1j=~f9S173uk8i6?=aCaj2R{@xF9T`ITN2#3xFIFCKSq=ZM9NFt@YAKU*sZ0L z*}bJ>yV&Z|!*X`j`!B6xJEn;)sdNZ*3A&zYIwe1kd8x!sp&VOR7yMCjNRATi;n~~+ zWUQf6ISYL9Ok()tF3==;5Hrn15pW>%$=zY`fILVbJ>lI-!i$&~W@a+Sjq_e8#U`DV zFesH)}ErBsBA=4oD*>jzIFDlOU|weZ;~3w1#rm87o2|DIa}V4x9N-uLIcWw zvcY35sQD`s4`|{o9+r5$)3A!_C8o_ zQcm8Lw7z!KQMR?l@2&V9c@S}q|A6m<0DdQ%2EVkq(C)OEO)fJ`oJ~GAl4bfOhu?9r zT|%}7$sdHzP{8e)aM&lzrb)lp1XTvP&(@pcx*Xqtc{6PXx=O%2lnrv(N3HQR#KRTw z6H_Pj+_mMB%TBnb>%>gO6n6t_Bvah=e}4?`BTi8EZ|GxG+Rgo5xFPi}*xzQy{F4y94QX>a8g5L>&&JcP0=MEw!%qY+qG!azV2Rb86V0C4T=(kk+^h##8Slt0+dBO3&u%~F z4}Umj`?LQ(ymc8ZqXZQW?g8edymSj$<{{rRPIjJIlFoCk+oXfLu+agvpOJPQ1SLAQ z!4}|j!Vmh@z0<$ff4~1RzYf_rcRS#i+0IUFIltx3mIn|-rzN{vCrP@t7B=5H>4!_; zWI{W}E1V6?p|~sgs0~0V6?OI zoToxfVTUW#o5}P-r5SDtJ-u@5Q>zEhT-(vH_RPW6pBh^^8kt--+uXW#IGr9|+uA(4 zZZa|oI@67qygy(+!d-rzV$`-`@i0=z;jgNnaMi*Lg-F;5k(Sp(li(o>69g!QnMrc5 z&Wu~H+=9O?vfs7Qyx+1B5uSxfozUnAp}De(l$$*0MkcEuIok+JI&!!{EGq2La)fLI zL$`Mw7gWp?T`uePO|*Bd?v5meXVb|(yCNG~Lrd4#W9{rmUQ_9N0YoX)tu%N7?s&Fv zeE-miOVgz@f>wLf`D?|rWg{Y~BN83aRUS_XaW|vL%lhSm7(OSJ-9#C^z}`HCgve7! z2wo0k*U_+ZSxM?1HbqA&QH4 zW@3HL=Brv-jEVi>ja~bV>listsK*J3BdU)($s=0yXF-1PGnjFgnL8~GLk6+oH6OQ{ zPyqhhHpRLpvYFBLNLNQ=f6AE|T9qB^^mT_JgZNjiHyGQ;+MC+?4#+omPj`m`ZH0Wx z8m}eSy(BiYp*z^H#_e<^d(ta5O!g1-_AMo1NcQ+!*!Q5v^V9igQzYjCE*1?7#voFD z1Ym6GGWe%mWp@w^N8QH6w1RuU^(82f8c&2+x%uowXn2`>){^R8)@riIGy0Z+;Q)K? zq<`LW#*-WJJ1<>W+B(yCT=Dat?BnZKiO;)4`a;3FgshW?Nwd^U3jx%`Cr}n^7oaU0 zAWj~!cyYb!9U|)j59J|qg(%!TZhf&{gw7V))8wB>6_8O8H^z=e?F${F9ubmvXvEX9 zpC&*;Sl-@^scXt%dEq%pk)$XtuP_d)+R9?#aEE)On7nW{qqK+)?((D=j!_8ABL(E` zo`!P9pJ)nDK;F*g|3*08@sO#Ym@P)d>i2{i8xD)c%cK>!dwU+SGx}ju-QO1?@4G%S zc4(nVZJ{ThPoEj=a4hupQd}@*$`5q-uk!h%*#4%CR&AG)Xrdx6pMz)1c*_tTO$<^@ z0E81hT#}iq)nMFCk)?tixwz4;k2bb?`zJlItmlLigRM#5<FWnrmyc z1ibe1*h@O2Nm(VEjD~o|A3@L%qbKH{Hd?H@mFBQDG1!(Jcj;W=lz;g$TDGN&$Aj0n zAC`%qI4I>o>8)UxbE+9NKDpsAJ~{czkh+mnG=vI6Ko~f-lCcU$9ZZX>8H$`p5)hGi zTxVWTq>jb~Z#3#{Z@$LiXpcv(jIC4nwuTCknZ@nx&q#v0w7nWe#i z!5@y=oIZyY0V294JK8pHST)w|Svle99iQHCOzXsm73oQc<>EB(0nmJ}H2biP-|N9( zo*&})K)$Vlbg3x#}O|0#R_4IW6xu4J#<(RnJ$=71jAHW6Z`_ZW`wlG3lm*$ zD%241$b|%6HHH`T`D|pt=}aJ)Mr-8CY*zB&OiS#Czp_TAvE79ic-5gMwmN=_n1EVv zZ93L~?3uVi=`M{(g!-qRwLRf5erTWZe1k)Ni#cL#aXdQZw`6BSUVfVE%#7$`$b;zU3pyP(Z+^1-KUS1p&vryC78`h0 zn9@*u0oXDit{2*k;m7x|W?AW4%302xe6c3a71q%n5jHj4UDZKT?0~2BWo8Hb2^|S6 z_+{CI4{@)QB({>Gn6pj6pt(`Xu1?&kJfJ)dD<6l$drf4W$&9-pm>OXtZ7n;UafOwZ zz`U%n64to5F4kmlqON6CJT_C1eIziNiL^Jx%(M2E-r=}29FF_#ZoN&P48+^hQEO_n zFYns&%`Kg0ZQq*h*}Z4aU~Wm1SCN;=dQY+~y6)D$+dqP#(_G*jgq;}VH&}k)cZ$Ue z-%0!qEeYnP0D43CyhM8bAdFQwd0C?3?*Ne<;2J((Bz(r_d*sC1PqsyLbj66*Arcu{;2|nT zf<0GucPFH4oX(LDWv?Fdri?9XOtBk_!CP{9-kWV_y!W2PmFYoPB{j8%NP;~o2*Skt2=v6n9K!M zm~5x6?-)+GvEI$d=Rmm;eYnGYN?1-}FgQ}Ud_zY|dDJ7?s6|jmT6&iW<8=}yz^4kT zTzaz7A1t&(E#e6v;2HTnCh?B6v-$6Mk8_mc7e80=o*PO8(N1JR@%faN%!0jHiX#Ao zf4`a_lCzRREIb?=_!+}!^Hq))>@bm;ped(qI(BI$6&qO7-n4o+(=>5R=hLs_XmK?* zdi=d@ac>Gv;Q5o=yEcucW5dUdEZe#yx}x-8xOFhmb!yh$v|_M%G$-y0mx4ch5_1=j z1_~5@2~4zouL-h^WD9ZKQP6I>(lYJcFN;HlboNL<0QC#8gy?>wf%MP)IB8%VAXs38 z8+vkNY3tG!|7mRJqn1EpB+(IcM%=AagD=e*lcIV#<9#_Ns%~u;%GdMA3RkerU5jS&iU&6h>bY= zp2gaf^+04IMf#rt*&4e!0mMRaj*`pAV&V8TD7`NvFljbvuQM9;>Gm39!M(l)M2hlH zv&ep%bEAWck90j%P6=422V%I>R5d^3=>+1zRYE~Gi+8ur`tr*=raPDAeY0&nYbY} zxm?|mOlQn)M~ar!zL?+Q4F_YZW5KZ30#D1;-W1e@u`YAEu`!+KUzN*kTDL3|iB3+h zPIfJwSbE%X_|cVIJv|wXgqE$_l*_H^Plz=a_apPLOCq(IQTf5*IR0QK-{lR(a1chh zFu+<|T>K~emEvLyDnBUw3J?amfyaB2m7m7@Cg_!T`O?=!c~<&%(P1+(wfw{Q>+Kv4 zK4a8Q=}ispkATz30#4W=bK6J`CzWj@aeL-S0!)U@6El;Au4ebN_=swIOMUwV?^_S= z+sDw-n`)mQ;O`Ot0(j1Kw7d=cUTuGgHoT2G+l;J>A@z#8x((_-^og)<`}@QD-_a&{ z)c$iloBSx?z6dyj@&Xt}vYK{vz}5pMSY+Qyc4}NE=WzE4I7}bevjv6*S~JL(G^oN6 z|M>uiyI;UTflP321j|SMCE2gSi9BA^?w17|7M9?YP{4xxOIB{Jjdleb+39gO>GGE~ zJG~!MelNhvR^<1x2DHJWOcR|C@7&^lFy zr}1)ltzHBs3jmxMwDF31sqX^rMa)aQ;78|Ka~hC}0UbA>OTrZ4Q? zE?<9L`W93uJ%XEzKGUF&i zjU27a%^-ciHARlJjq?Ias~R~%8~1orcvA&?$l;PJ*aQNkbA5}Ya z1o#8hW2h=pJq81i=q>pYjc)6%UR<~MgrM8&ib3+w5On*$>foMO9M#}Pi_u&ejskzY zCGRQMcT?$gz&Xj=p!9k%*vbLLo?bk@4)*TSJ7w5+is9yJSh7;CuJ`6ehX%XoC?XjF zbyThQv^v;(7UeRmTnvlOs<2<;u*GtJZ&}PQeopjvF<%^LtFHH+I@kk?sWNP;7FMOp zgxj1h>#l||7|~Jlzyznus|Z=KW`cfK;8eV3aDXr`S;;{Ki73Moj*2>O68I)F&%iVw zWob3+a;ajPi6g)ZoK}4$hF0++Qz$|WXgFPWp6G7oIHZ;tnBrxotC~4dJ1Sm-d=1eE zAVgO+g0r4ZjAuB`;p}Hd-PNV{us+}wSm~9bja+90&OKBI_eAM08r)Bdu7)xkEXhzG z;hd=NrqUPqdZX8+>x#An2UOP^{; zz6Cri^PKzZ;GQUbM}zwg@KA#*{gA^E9*X*ID$SR1YaV#W0R;{ae~Gp$uy>a(E5lv} zJgkQOWgYCzrG+x=LeUnlhOO_zJvDuBh|a2ef$;ljnP{Kr?=7X9IX$C&b8|7Ds;YOf z9`?Y|VO8FcaF+9ix~st(a?iLQ7tDbaXCuj{f#bK}BP*~^fG6azKP#9K4~1Ax;?}BQ ziT;UtZvw2qi=P2sTR6|zTJ10aT&m+|b$3^n3FUYh?28&cwZ6>F?`iG8UoOzh%d~tz zJNLY!m3bTdFbzb8BgYZi;dm~_b4zvK`VoTxW#BRbmbkM2c;BkZ95_lDnlyFKE<$F3 z%tUz3Wg+1CA2j^^1MpmvnHGz6a8H!}tik;mcwUAxa5%zUQQu9a&zJG>^T2ZssNz_t z4)*TS{bktuf#=n*M4NBtdqUKEa}BI5UJYB{hkI)J;1Hcv`!L1pB|I1P-cow1jOR}Q z&#UXLhdpp~SXCwg?h2WN({a#dSxV-)OrrU#3fZLsr_ylQl+j+4a2x$=^_TfoPntTe0Jh>Q zh;#ieEb<9QPr2TE zifPeV(FaxbBwEI0L=7L96i9Jdk`q0CzCl;X&wl}@o#`NW9F7ybG91x60Y`ES)(eti zpap=k0mRNgm8$q4WYh}0iVuJfd~#)9cIB@O=HNcp1nMf3=-5uDAzj5Hf%(jc8-x zYcJ-fhUYtGH7~LjMOM_0rK(H~&sSBZYAlPN#hU$;a7O6ga2CFy;mjMwwn0t*ws=Jy z+!Lj5YjEE#c8zLqrSEe%;Fen7O{I&<_;OLPZ7By-@#R13VDBz{tPK0HV#in&>|(GE z_U6)kW!U?QZR6FjavkhFrMt?ocNIHCXGI?tkL9qyS+&2nl)hWW+3yzDOjOrPSp8Gt z4^`L$rGsVIgSD`#eg=N2sxIdtovNStQ^DNX4sC@jiO5}8YoW`jz&@_(HoZsGZ4#W2 zchx%C;%^G(;Xz225HPhpBjnZ!tXe0t9Z?TTa6-1AI!T_AgMP>rOs>#g(wA1?wE7y3 zs4pcr!NWZSeoW(E!$Gic%*s>S)4mpbWd-(e@Rb}E`mSpAD#41g9k42Iq4rZ&GASIr zGIz7C@C+3=Z7yR+)QeKvf);Dz)cN82)>kVeD07i(cbAFE(3 zU8EeVg{3o5)QdAzg>`=gIY|)$1DjO9bJ{EFuE2vn*28mcAnHFNJam96yt80N140$Z zp;etH^}SL*=wc1LPzBb(a~dc54;^4FJlE?T9Ue5XzW*VoRSAQ+c+(uY-Gn>*_e%FN*EM8XPn^R3GS}THj5jTR1J!DUXzHEVhht zK$R9*>tOFz=@!A>QOqx?hRxT(-duX3T<_P5EhE*ifjZcGN)MM|zf#PL&Z>PlmBWI@ zsr|jB^fIS$)Q2Ayr^c)6J+2P+KuPgAsDt42` z=VDR!#^;QNNp565fKf1LNV^}kkJMw*_Q`m5koysp$= z3%__dU#m;xK~<|`&;bFIOFt~*4B)U2G~Er!1g94x?S4CTg|AiV7j>|j z?uKB`DK_M*VSiZ%tLbhC_S_=kDOA;4-v>>1Bl^(LS_Qip;q?;UivDW48-l&8INbTy zU^U&%5n#bn9?PERcni8-!CPprZC{m{w|@<&JD&*PR6VSUvnp(Gn7FoDSi(P1uZpjL zRq=JP$T?PRy+z#>coko(;W@W@Gbt3QE~kM4m&P}8Koy@~se`>+^-Gh%YFD{u^>9D(&0%COZY7Mdkg5hdJj{2q_}lcRlSR?b+8AZYu8}!sD)K| z&CiJQpBdOTU^RFye#h8Fw{+shO+Cxu+ah18!AjRw!L}X7!_qlU{Es-7!T%8b0>8rV zx)%Rbm_f6TFgIC-FdnJLVN~eu?^89+ysy zVg-u8xq`HoB8^m zgB$D^ZhZD57htw2*Bm!HBlipi%arntg00S+U16f&@dLNO&U z9oyqt>2yq*CnPqX&196gX+lr8|=}9((tm}W4X%CyHbvB=? z^oZVScU#W4xb3#P?pk)+U3afuefM3rEi)^=R7ad`E* z|AWx#EWtg#TMB_*+1!!=Rs(L>3%rcW|7UwBzCSGMxsk01yAEUWgPsP9(;E*2ldeeC zD<_=|ZUgcKMjN8ebS7yBqB7}0;OW%jcO{49eONES8w7Umu2)_`r7u6z-KB?hQLi6X zdK5cmu$Sq*DQD2zF~-=;l31+E&^4^H>Nzf}{gVw`)4`+#ImLF#pOO5C|DZRxU6R${ zLT{X^rYJ4&$yEvF-y>Evw4G- zSO;wU6zP1~#;#Cw@WBn@CZoCFjwPBJ&3>n14y6-~9)k^$CVF1(d8J2f&GkLeWR>kg zZ`E@ST|wk_ZdhtWbpLVrPJcA&$MV)wT^}3eu zDS^ayCcAeYk%=9F3AcaJFm2b&ui;d{Bg%HZa`M*qUx8Z(`Ey}sRBd=fPU8O%(uV!K zvd#azdiDJD^nBg6mOBtCNlnOy{+)__eIx9E+}J67g`ltC-RJSs_Ev0OBrx)OJmr0k zctS9@M*^T;gi&$5awzh0gf>$Bu19>F+^OCOERdr?e*zv(o-d!)d4BEgPp9l(yCr=c z+CLlZU#qr1Pzd=8o_%OnbO337+{of_}%9Bukg04;Lt2BzVnAZ3S;2l!(V&l3unVt8N@*9e*G?hw;;frqQEqPDJVm9(S#& z*~t%P9acv$?2mdH(yosBZJdmFO+K3|8i}|Q(V&@m91ShnE^fgt#(oew9NG_D-@~@O ztm<%Zw;7?U!Ncw=iJ#!G(zR8vfjZq#oo$@%LBLjQ;~F|pbHz4}M{C1&R(T82Cz3UJ zJIagDE2(AQ{vf-$y7B0$``8@eP+<+4P)%W3PehLs5%x_)QK;BIieHUN_(!h?VWtbQQOsfuA|_ST!>|YZRgOdn+|>* zbckx3?ht%7vE@W4EON#uk2!ew@yVK9=>|`OFC4_?%dV>5b<7-$Cft!o)MfLTypiA5 zZaRJj(R~^1xvygt1rJX;TNa^fDskmRx=^9Jr2WR>INor$z>##Ev|l)!jw~ZpTh4|K z)L60QtlDVh`pe~%|E>)v*`_?hW$J^}f9>u^hLyNEnb%uqWD{rC3HR$^AyW%^<&On( zwu{5^>tX?0GcR;Db6qxTj_`Tm8&~T$-?w7CAFqs;8^tOHY}$%ptk|?D2ab@v$@eV3 z->TlT{tPa+glV(bvjUd(EQhV$vu+QE^_KVSnN%;|vjTQ`>0h+H_*l_L&_W(qros(M z*K;kRf$GLyz6bBQ-H!4(JQ;EC_m(IxmtHQWJIve$9DLz4Y+Z5Bs@l5ZGzBLq7uY^Y zQH=J0rQp&boZ~*2+HyPBDr;AMkl{?hX^Q=8tl|x;`NVf;I=7AxM+lSGw^g%O`QWV$ z*PW$VxoV$B>WkfIR0`Dk2Uy-#`a;IPN432zRNLPE!W)Zu(W9f;-h$7+1zwq3;BN@8 zm4Zcr!b5Zh;TegIz^Te52#o&e8#8yx4_(%A0gwhbA@nk;-XHv+%ELmhLHZ%x&{)0B zhx4ybV4c9f0?P6*i;WL+psM=HdLHG4um(x>`3Gz3gYN~W1ERiazI7GV$y`gcvr6=n zXa-=>Pqd95Pzk}eE*6ia3sQ|IUOb=Q^Uni+xvc^C%(6|wzZEkn%_d>-(<&U{^{d3MCW*Qn(9_W0$^SMstbDfZMTX&me*)%Xcw!dp*;~x78gbE2N^AR322Hq%c z5{OA8?uC0giNw8}3x1Y|yX@)AZ>pagXJ+``)CDG~Vw-Qh zo86hATy8MqwzvZJiK}dWr`d?Sdw~YG(d_iw*oHDcy)rPdc4Kb%%(d<9Yqt;QX4g&x zR*w1$Yi61{XGb%c(b>+XnKcFfidrce(_f4G+}6GzjNYqppPSlm`E2$^`6Cx}Tn4wqfFU0l-7lA3#bfen4loA=uE2?l9=cH zb@1Fqv<7}p(WO~bE-vD}f$FDqfn3Yi1-7Cpys8n;7Hv(U0kJN)cc?AH?;UE(v=<%O znlitvE5q*}YRh!gw^QFYeh*PwCR^7I?jxvgv@T*i{63<#%!*>Zzq)USmErdiA5iAA zXs2wy!Pf=$8)_M`E>{=ZmZ??@SeGm6;JF<~4g4j=F3suz>+*dLuiA6)b%8xcZJ*M` zww0m*bzT0mt_-*9s4bH(c1%{6Sq#>d;r1Q1WtP{q11|;|d!=vO&ZD->aD6++@-kQ# zvf;pZxV=YhnbV7FHrMoRw5|-d`=~8*Y+V`XWQmTQBlac1f__22?N3JeR^(@WJ76fb zrm!~_dkOqN+>c0o#PSh6^zgQE4s)B63QT_&?;@weOF@h&uWYk)VWD7!3UFN}mX2NA zobfd`XVPhddAC1=K=}xS*6MT`jm<3~4;U04F*A9D4m#d4@KiQtkYdG{sYIJxIuRc1YBc@oU0pEM zigeSr+4khjBld1X%gE|ncywgIw=KM61VM|&P2N~ z+MstL^2jrYIZgVfPW8c!fXe86wIeu=Wj(ph3qR2&gxw7W0)qns2+)v&c9+7x!E@Xg z2ttcIh!9-($Qcld91i!!;6N~)Gos|+z~BIdXae+L0MGcd!DtAuN8|k~o10hm#p8YS z*&i=`-HPnc`2I(;L2vL`%zFI12C1anA-%(4&G?+2HSt!ZQT8~TE*Gq}UZwzSXe zbz5_hq&0C$bBy^L9eSh1rGrua&BlaH=du{}jz&L=HGhFJl>5;+lhrFZ7Pmk+zEv)Q zPo@};B$-ou_XJ|W=CB@}hzd4nyuXm>rLY@46!IWXnOIxtM~>b#(GQ9X^dLUr0RCRV zfrk{mO%hO?ULC|kj9xWR4Tfk_bRfDidS>*hsA0?)WoAR9DKZdQ896g@RRnJ$c;gLt zo4jXwbqHbRX~La?Zp^G_W*r+hvoJ#_%&;U+7@L@}kr~s>m}2GxGdEmpo;C+}1ZA^t zhfg**1{`NP6oY-hex_Y9TZgT(*)(jD$8PJsw_D!PJ>Pvzx6)m(IHoM!th;kx-^f(w z-sbC@<&&GwYnInFv+-uu{0Q4uSl^tVx~=)%W_d^ReDgKUN;8#de!x84oTWm0v)5r1UK1NFr%DtfDQEb&~G-o zcPiME>ly4(dh(Byq=L7-d#XFnl6l7R?!5f#Jd^Sopevuucjc9Q4uB5=4xfbwo7?b- znif%$E0@f5<&<25Ey>JEGTrIF-Y=W|Y~*_XXZ?$QAZcz7H@Yg~4D?zp?$b7-cp!`sf?GAoEC>w*pplk_B&MxPvPGxML z^8x3pPQ~qIm*h&ivT9`%B4Zoo<#o!7j#M-QwN~GKRhx%zLM!H9)w)L|@|4cuE z=6CnYu71Y)*=zm3?w7yP|78F3{mS3<-`y`S^t03Z=lbPi`q}b+Cfz_#RGY`)nd=Ue^0^8*6)n6$-Xw)6|-_Ep75Be<2kb zf(=vmwtcPbTWv}klyy@lwy|ma3Bd)X+7ge*(pP)X;qLCHK0H6zH8R!r2z&g&wodxo zSLn^;r}p&yO`m*DA3Ld!t?6TZybgR4M)pNB`OHX0$vp0hOl6L1VJ-PB?T?i9J($f+ z;q&na;~9J|N)JY2^jUb&9j4EH1-sofWo!?&=h_uZdz@zKOXx=2lx5Cr(+SCNAv_a4 zHM}o;XV?%7GbzkQ9uL17mcJZk;;q8M?r|!H(+sM`! z*}X<)GBTU-Ogl5$S+Cu>g~BZ)-KV;BWBc5nMBs&2-8$x;aLcc`f9;mpZ zm+^JKiJ2@XzzKU-&na6^x!{xwF4%=Hq=Z1GgA4FQ&r1*C7xAL}Hwr_{|4ab5V%pjZ z81d$0@r+;cqOPrV<#}BKx?IIp-bzm%&A|LSpI>@tYft`yp8VE4^#U*GmOI~@-@28* z%3pxL;~Aaaddk*3bzOW>i@Wm7^-|AEJ^5GgV;7Pz0J7XS8b|FfR1kx3ReDKtpboh_ z2`I;la%lRi>(D89)kEFIk5i}&J-7~`SLozcK9P8pr#@4!FgSYO-6ioZ;H~&%_|X2J zj3;#lXcp*;fiqI@%@AgWf8*It&+7Z5{Y~Bzi^WR!v%bxXZQPAf9c!! z{!&c*IES^CUMLmmr##=#@cxHlF~;8|P{DWUHCy|EAmINLiTqFAWv}2VCLxb^ArM3` zeO-e)my;!*Lzj&^@Q)#_$}dKH z{)ikk*w3Bl4Emx+IB=GpnYmYa6FnFGrg{kuP=KROpwEOmzavN*AmG&cjIebu%6jB$ zz$npU8e*@gm-1{--OoQib1!>lhCQQ|qxz|wLDn-_Z`4sa1b{$caPQQ0;}`p?Vhp~}_sz9AZpDCefeFilh{jkfqS0ffd)^Gf9uJ(G;;%+ly7lq{cHnl0)k zpItFuG(IY4#jT0WXf{B7Y(?4>11Zu`Pz;k-z=ug$nNSJpz<;d+R1@7hX>}RFTQ?P4 zCZk1fN18s11J_>YlGOPWD#Q;4EhSa{I88SnPD~cF!K`vBx(i!ySorDm-;*+tDT-%SU{EdAyx@9$2+dBv5I3% zC*h_6U8RvDN{2f|%S5ZocD?^IT3gWLd{!2^0WbNO3fvE~RPl-sNLc`%|t%&vXVPF#r{(CBysx$3@H^GWhxR-+ju_hW zv|==DcoS(?y?c%`mi21F8MvLD~>UOl&bS)ggdkLPC= zN;dout9mE(n~2X9cM2>9RWA46EOx&IIi;)^fns-9^k&?xpee#(w2U9rHdY92;2S^v zyfw@(4hzwoGX9s4d~VfFQTQAYUc+iov|%+m3{FfH;`!PYgGo>8MnmG$&Iikw zTcTuWeCBAzFs3_c7}Sv1@6-mZwYuLeMxYGL^Oz3iFk+VIR)#M+tpsL=c72L!OwW|A zQ+Jl!@cxaWzJ>DsQt6S7SwTN!lOSY#KGgcunc(%&rdTLlhv`u1hkP!b(PAxWkCo?H zn*#)Bc9^W3l55nqJO^}eiWyFcwIs9=II{~gKo}!%MbOV(eBbf@N}S+<-tnWAD&*^j z2acD($$p}rpeze?P-?sH{Tt;5b^PT$$m@gp$AArp@YmSSG>t0G(I(>iuvgT_5gR0w z?c)1z=KY_^=b}PE^ThaRFJc?&kRF|%3FsKms=KQngGE$z&=rtOOykU*f?rU_hP5RP z6VWFNPASC#4#3PeGw%y0Q|0ri*9)BC2#HF>(e#%PxD-JXs_3{0qzUJORYLM86$^ob zM9%q6;wQ6$xd)N}yHS~X%nMRc#aoD3GV2XkV7=AIahejrfN~0~BYY;rqkjUIv1zc1 zdWUu`wH!1xdF#0M*?w%6Tc;9-Grng60*|hfUKAzUXeOB!c!u1 z^p7xrDgxD^?TK%({zS_-KfwEBH0W{WDRgReKEO&q{YoUy%Mmx?g%w`YK#JfM-E`52~MZ6a2sXcdDDRS!wlFxA8xDruuTZ_1gbm zXb*VvKY0FhE{FeATQd2-`ta#wQW?+Xau?y7zN$Z)>wd5PyYd|WBY|JU3tg1kUG-df zFG;Yn{Xc*Qk4le8{~|pteOvmD^j+x((vPK|NdF=Ir}UQej`UmU57M8dMW#Sjv@$32 zvLK7H1k11-%d<|_i^NbPY$;pLR<|Hj`qjsi)5sYm-+x_p%|Z2UtNy+InYNbp zrIn%ItDlvHnqO=GnB%)stD^pI)z#GhO_HX|JpEs}r~1E5$Nwk$cLe5(kPd?QHmaY4 zAMm^W1O8rL{{QdrUNEZ}m_{Ap8*0AF5v1;f!`>WW_Z<%U|3#ox$qKeZpZRXpZqd-4 zKDBQGu7AH92~_EQ^`|)G=;rd}UpGlG`gg&3c>B zVt3j+W?Anwk%CZd1592o>=k&^XiqfPkIf|bazs?;Dh;8CBdL%SWoVeI%}6SWv-7A$ z{soGnJ~Qyg)9SMf8RZ!DS&@?91O+_#UTH9T$p(&4yf;W5@P*>pC>5kz)n^lA@gJ(s zB$sQ?R^$fdvy9elRnKr2E7$L?>Vt>BhY6n!X429P6g8JWBjgghQGKTD)Ay>+i2KSO zQJ-~HFnTG(-c#Qjq^yi6xV#>tv`_9+pG{Jn+W}Bp=Bj6_)F(f$!q}>wT~+nFtNP%f z_se&lKfi0oSs%JE+0)hCom{@{yq)LmIDOl>$+Z`r(UDB9-EsQ%^X9gnk-X@vo>Eb9Vb#7oEFpSJj)O`YL(s_FZ#3 zcAl5)>KN*(eipD)xV^UYw)4)Y>eRMf+mpMtpS5G|!tJ}zsS9^)J7fEYx9vJ-F1ho} zDlqE%Qc1q_<^U^M9 z2V{v4Nf!d2dSIT@jekk}b(?e^AkM>IPsj7Qc()cXXFz62@@IO#9erNkE^An#73K;kRw5U0WAg!3(jXOJEh#38|3& zb)c0>8ETD6bYRwZN*@Lk=}qtj?;PA7sq}!q5kK@Uyp#cjdoXCe4A}W5>^%#1y$#+8 z$W04ZFgIw77v=p@0J_W&EMFq9&}qPZSsZpcNhu|zVXc!zw$>)t>@?#RtreC#ZOHW8 zfgTXP^}vd!4_VCyq(Q9FFh(!}ORF(y9CB|#nvj-ZjwhuRz@Jsp6zI@uNWyE8-f2DL z;Tfcnn1xh)3^3zZ$i~ORd+9{b#gnA1(#epMPnEXecJ3R}=cT704=+ehN-s*^lzt}t zv-E)UFl6JR^bjcIS0E?Tc-@=}PJAxHWrIx=OkZvh`=AFG}|? zy>u;)YW{c9Zy+;$0@C(=M4o>|`n7b2bg%SZ((k0-OLs~4N&f~p>r24?(~)oJ3`ktt zrGJ&a1-a`P>5%lS^mDBBcctf~e}{yAmh`Ulx6%vJ_oVM**SsaYEnOp>4V*a#D|9Y! z_fD+U1z6Wzz>| zInIXsyzfgT=72=!Vs6NH67xW|^D#dQK*9^bSSbQIuYtu_9MWErrKI_oPOoy4|64*d%| z8QHc^W!u~wYp+s@8pXR!~l9qeq}n|(xjL;6p4 zF`H+XuuIt<_EGjR={2?&QtnIA%hIdTPuM?(G(^iOO*yM|rMKF4f`!_RQ`+op8bKn$NtFv#Qx0w!ro^kwuo&GUl>`Db+R5= zZjCaGrDTh2m2I+JcF0bcSh!^m?v{PBUk=DYIV6YWh#Zw0WUL`F^EPS^s zo+J<(vBTGgTanhJ4QWdfNjuV>bbv2LbRwNe66r#cNmtU1bSJNo6!JQGgY+OhNiWiy zI7lCoO45jvq>~JiNnE5atai;J*(8U!VR6U+l1n_qOY&gv(;zY!z5+26yiE)zZ;}yY zBpF3UlYH_Pd7F$O1!OE4N5+#06WDQwM){*sO1KCIl$tGB%y@hNg+sJm< zk+u^&QSBys$X>FK>?a4vL2`&3CP&Co@)7x%d_sUy&>1D!E3!CfCU~LQ+I;y7uv=|Mf25O{1G?*5rC1^=n zik7A!vFrIlzHtxT)H8l-SqjaH{MXiZv+)~0o6UHS^GN9)rDv>}b4 zji^LT)J!c@rjay?M$;H-rHyG5+LSh<&FQPO1&yU~G@d3<8@1Dxv=wbl+t9W&k+!4l zX$RVocA}kW6752hX;<2fcBik=6#6=>bm~ES(q6PTbI)aX*qv&XwPv4?%(=oJwj-})1cshZ; zLnqQnbTWOHPN7rjH2NN$PG``WbQYaW=g_(IeL9cMrwd@|)k3<6E~ZQ9Qo4*Trz_}6 z`XOCKSJO3gEnP>~!&mY)(n8G#bQ9f7x6rM08{JNK(4BM_-A(tuUZMel&-eR_}{ zqKD}bdX#=dKc=71WAr#ZK|iG@=_z`een!vGv-BK2PcP7m^b-A?UZ!8rFX>nG3cX6N z(XZ)s`VIY--k>+>ck~v$P4Cd}=@0ZSy+`lUAL&o@0sWc&LVu+X=_C4>{zjkB-{~Lp zPx_QTV;ZJqgi*%e?TMbjt9lm549v)a7`%*RC0I#Tij`&|tPCs5%CYjS0;|YEStS<6 zDzhrADhp@TSanu|)nv6;ZB~cXWv{S$tUhbN8nOu1h)K-E%*?`M7RjPmG>c(Y)|fS6 zO<6P6oW06guviwy;#mT-F*|F?TCvuw4QtC1Sv%IAbzmJ?C)SxIu`Vo`b!FXHclH`f zVXw0{SP#~d^^4LH&hz({# z*ibf%4QFq%5o{zI#YVGy_7;1ajbR0BEE~thvkB}SHjzzYli9m$3Y*HNvG>??HiOM% zv)F7lhs|a0vw3VjTfjbG3)v#Jm@Q#T*)q1AtzawJhinyF&DOBBY#m$AHn5GXkZod{ zVc*_XwvBCPJJ?RPi|uB6*j~1e?PmwrL3W58W=Ggj_7VG-eZr2h33z%H^&>~nUReZjtDU$HCfD!azMX4ly_>|1t&-DKafTkJNwqpPS3)m74k z=_>20=&I_%b=7p$*{|%Ot_FL|eq&GA@9YouCwt1C=`=d6j=%~Zrqk*4x&U1pSSJ3Y%e z*qB-rH^is8y^d6+QbVd5)hDDn08yVNf&_qfctKNw02|`M#7SwE-X?IJJTTbQN(@dl z8eqfLI7O(piHe;(Ft#jek1?YtZfL1iV8~FTK`mj@1(Pq{=AaBe#n`H-tTD4F&RX?x z}q;z2-bw8Vv$v=)}QL=U#cHoHVrTS&$I-NOLFg10hMx;7C&LIC3eWD{Z&+F7@@gOMCuVhe`pQ29` zotVV~mI%#bSs?W7Mfn_2zP(?Opd3F%-(Hl@;X%n9M}N1+o9phM>EvxP`Xx|XP6l=6 zWCV1;9&=-lbr3z~=0R|W%)FcoM{ZtrmLty_?Dp66okgQ^MWZ_VwIe9kPtkW4jmi~4 zk|^cjfibD5ca5H+IKNL!QDzJ+`Yxidmj|qia`wH-*-sW{KTn+fWV9s@ZAlikgVAQ`WcJP{hZ6}8Ja$S)3`s#Nd4Aw_Y0im-4f4-6^lHD(y9 zMs->4oD5G;l3zCkdHfV^x7ienVO%jNndS6&`WlK(smP1B>bqs+I$)F-B!X@NeGm@< zyQR6{v53dz2^{2$>0c8E4&g!2P-m{&lg9_5+@N%KUT%@%8tC*XMvrT-FCOfHK`BSo zoXVpjpB9wk%25mPx?MTx${?3(gt1GFdk49F@nCNz+&Vsux1dOY7WfpU1-`gwfvWKq z_%z-EpAzUuce$cW<``?B)8mCf!Rt&b1`Y9Mx^mM3p%pyh34|nGNoEjljfi`U>41;% zAZ|1&N)_p@bZ@3o1&?@)yr761lx`GJ79|lAbgU2|AavaA{jzbJ3iWtg)0z--M;UfYb_8I+dw&L(3>!+4b4~p<)x^umO z9pMpUPL?y>Yv3{dXjI>72#l&Zx}+?JCzHf_jd3sx_H)8bn(hsZgQ!Qz2*OleBv4VD zydECoiNP)NTv;9%k+PHweH;)5r&n*wNrTdQTecDuR}bMO47S0kS&r;9_n;hJILn!> zj1B2tejL~MaY3E(luO>7qa4Y{3R8^WAEp=+>Nvi}SWuTSZX;t`%{uh-*b$E86>+VIYqje- zz!}WZxfLne5Q{d)B6cid$0BwtV#gwOEMmtZb}VAYB6cid$0ByDO_$6u^NKLz(B3%2 zjzjD?#EwJkIK+-a>^Q`ZL+m)jjzjD?#EwJkIJ7$s`#T={J09`l5kDUB;}Jg|@#7Ic z9`WN5KOXVp5kDUB;}Jg|@#7Ic9`O?pKLPO*5I+I&6A(WE@e>d~0r3+MKLPO*5I+I& z6A(WE@e>d~0r72!Z$o?=;@c44hWNHfeM`YFGI$`a6dR)35Z#98Hbl1}x((57h;Bo4 zJEGeW-HzyXM7JZl9j&*c^>(!0j`((~Ay(lmf=)QpXh5uuCj~g1JT!LTV~&Wsi{jiG zvm{yrZ*))>tuafYHD*b)#w>}}m?hB~vm{z$mPBjJlIRVyBznUviQX_vqBqQv=nbo;NjCam9#^_#JNGuCg$`psCs z8SN84c9PkQ^_$T?GumfH`^;#c8S%}CZ$^AG;#&~kg7_B1w;;X+@hymNLHjI-Ye8HK z;#v^bg18pMwIHqqab?7n5m!cB8F6LAl@V7)Tp8__5no1p8S!Prml0n^d>Qd&#J8G@ zb9UX!l{3(p3-l@|&7IdL%h`*wOM`N?_Trah2_OILCCIq}C@n^dt698Ik;)4esT?SX zQ++HM$d8C{cv6cO5pYHI{nC3{H0C|6d~BGp)w8jDtAF>1`}i$$quQQ~~cQi7W2!!pTgy(YCblUkcet<9{~W>#Bl z_SGVp)pnZI`pjxO&1%hNwPv$gvqi1hqSkCtYqqF;VNo$GDuzYHu&5Xo6~m%p$SQ`c zV#q3ntYXM2Mp3`WDu%3L$SQ`cVnnH}ic(8NsU@P+5>aZ2Xth<*YFnb!wnVFKiB@Zl zR%?z{YmQcHj#g`qQEQG-?Tt|}VpNP66(dH)h*2?ORE!uE17<(UJP58~tBPS&F{~Q z_!}fg`tA*rNyV~SilePjQT&mPxQ+2q0=NPcdbAiO$BS|-4jo8!Wu&??Qe7FTu8dSyMye|#)s>Oz%1Cu(q`ERvT^Xsa9E*Jr zi}-Qkr$|P+DNk?zV!cV(ozGSXcc>8^})S4O%kBi)se?#f7aWu&_@(p?$pu8ee7 zM!G8_-IbB<%1C!*q`NZGT^Z@FjC5BN zk?zV!cV(ozGSXcc>8^})S4O%kBi)se?#f7aWu&_@(p?$pu8ee7M!G8_-IbB<%1C!* z8(!l!K?P)+paL=yUKt6mjD%N4!Yd=;m67nuNO)x=yfPAA840h9gjYtwDR0??{UF1Hylg<*$&#pkr$9Gs-hh;T{Is4cl5Y)4vyPL!Oc)`b!q&u ziW5>(8SDyh3uu~~>DGG`T$7Fm)C=(N5Js_t z_6O)x_z$Yio$btU7`XAUz{%|iLUXxN%;t6QNT6b^$X8-MUKE6uiX60#DfJQTFaFZXr1ryAk=wgnZIQ6L<6^-M|E5V za;XrwU|%gfMd@RcT}*=@I^> zgq$uz$bTmwmVmv?Is_rwFQ!AF zqy1t!1UlL)raz#gy<++UI@&9yKPG!5|BZtX?Tf_vBhkJ{tUnU%i^TqoMEfGqu1K^e z677h@_D5m;g8rNAg1113^+#d-QCNQz)*prSN1;7Yh!chOL?K=j+7pGiQF#8M5I-96 zqtQOWlT3EOlORNV!IMBo{Ak3FM*L{Rk4F4x#E(Y&Xv7zfBu#elND@NqPw_|+bi|86 zd&MJ3NJqRF#EU^Z!P_7o@dR%J-G_(v#-P38k)+8k9!Wxo_=2;6j`)JJfsXbH&IUT- zi${~7qrHN&fsXbH&IUT-3(jV;3(f{1_P5|{pyT-#oDFoeUvM_i(SE_%Ku7xpX9FGW z7n}`rv|n&G(9wRu*-Uo9*&syw1!n^t?H61Pbi@^04Rpj6Tn%)@6s%w20Gd&xESb&E4Ucwh%2}l=!h%0 z80dIi2`&aYURQ#Pne2jlL5SCp;9j63j^JFNBaR*W(~dZH>`y!5*wIeA&B%X8V`BJQ z6cM-j#bf>Aaenc5zj%UQ+~yaz7sai9^;`YwxBAs@^{e0NSHIP-eyd;oR=@gV{pyeP zt3TGS{#d{IWBuxn^{YSDul`uS`s4hLkN1n)d0gQlz-4)#+ax=`W`LUTvDa=FeQkp< zCBQaGG)j4xv5FiMK=V4lNk_F-9k z5VBg258dKxnCz>ESECfS_?jX6>M^S+YAIjM@CaL&6Uoc#`oMybegRotPbTa*&~X`% z){lo!wdg1%;xj{>Nk|cAQHl6!6lV`oc!JV0cv2(4Bwx!UU&|z4gCw7Y;yj3D>F}W( zSd*>=#h~>Dl+)1EA-P$aGO#?QpJqyy!L;hI)So#Vn`HMZj6 zRN1Lwg!SrGVeNTySV`U$*2F962BCH$HI#A*I>0b?5F3sMu?Sw74bD-b$e4-#oij$tEa$9@ah^} zY>F*h(;~iemvBu=yAFx4W1@41cHx={T{^c7hZWySdxBuaeMwkNUlUfwH-Xjg@v!c_ zBdlx(@BO^BdRTcM3ajcH!n*kcSOxzEtRxpX0k9&!60Ek5fc5k?SRLO3)|D$cir>{R zSc4w}E9sM9b-W8x17WRxU08SD5?0aog0<(O76Yv6uL7&}8^L<~R^m{a-`>` zk_lW+=W+p;E4eJ>ayOSpxjfC~WiG$v@}9DAh&)y#)o@vi%aUAH;4+-cx?D)@WnC^|4ILaWbJ^IP zo0h{`c;Nj#vvUb^@0@g&!ewtR)45b$si!m8R|Ik}mm|1*o68AYPT_K<$0M28JT8}m zG_ws{?&R_?mnXTr#N~A^f8g?=B6S)r4P2J-3STXET* z%Pw4|D61@Vy}3;1GK))PS&m1itikc6pbThSfH z>`d4>G#GXUje~tiv*DLzCHyvS*X)PgNT*>Z)HOg-(6(c^6~oOK7Gk&o!*v+0!SD%& ze~3`q2E*AH-V`B``ER0@Lf?s z^kP&6dmAO{7OxdAj z*OhNk!BF8`#Vl~*-8b|!)Yut#SRY_Ixv+~aAHJ0|4fbm-hW&emnw_vi@ECZ%y9~S6 z?!X?uCt3nK=}N;cx$3YB&J6q9;$R~iDf0gac39dEom?0e(o zwRxgETy-2@I|R!Q#qz_j{BSJ)CYB$84Le zzYEL5{yN1z*xx4FzZc8z!}9yF`~hI&^?+G729Dh3zdkqGw|I}0(~jq11?{^$4Asuy zVHoC57WvR~JRf?D=fgfhULN)c^761xP~^Xf`6DrZBj#_y{4JQj4fA(l{vOQVhxz{v zOJFa)xJD+RB~#FnF+8j!^5Gib`Ctjp2TOQ9_;cmu;rbK#!!Z9%%pZaIg_yqy^S5CB zR?Odx`Fk*bALj1|ZWRu9%HRDp(Y}N2o{H_B$-^*_4(;XX&|aPnJ>QGfd>eUB&aEr92<*DxME5=H+20 zsmOm5^G9I*NX*}i`CBl5E9P&*{JogJ5A*k9{sG`vL2%`V!3?i~_C0JP51}n0d=tYh z814gRQ4VHh%G@prX0LWldzioWguSfFwNyzf#-T8wgC$%COL)F^1nMJE--`M+)c2$Q ze9Odj8m1N3TONiZG2DjXf9Jfsyodi&_wdVKI`K>Szvq|k<*52{R8_|Ne|A)Tc?bV* zyMteH)e3?uYC;89glEly8@%MIg4@32s>-bIe=}EoIjX)KRbM^<5To|XCjc*>0Q}E9 z0eCs8z8qCwj;b$5RWZYVIja88jH-mp#X1EY&R2EZ3~i ztkis{S*2O6S)*C2S*KaA*`V2|*`(R5*`nF1*{0d9*#U3wz5w5jS2bV5cMNX8mke%m z|C#r}8|Tm9i}R7@H}EC-CwRTo!gmdH@MVKQ@QGO*JYkjw518e^`(-G2zO14Rhj)85 zwY9<1Wj*k6837(H&EVTI3jA6&2A`JA!JlOu__4Hu56d>-zp_2}uIvncE4zZn%Gbd! zWhT4_%z{1`p$YsO-(8m>eITU&)rZ#?ke&nSfA!_{CA?Yw5mvP+UM&Ce{uthTYhg_q zNTPhJL|N;gd~9SOc(^pcJ7MMdyRuRv0p6bxc(cHBmG|E8#$Y=91%bcJJWVhj`S*?( z2}f*)x~lx$I+P>UX}7@<3R-FHLXZJ~T?wup1+5rIGr)T*uf_;AjL?(>znELWzw-|5 zet4s#xS3Sm?248vbx>YT!^;ugO1L6n9i9>1j+BJ8HZ|Zq$E&cSp(m_n$l_j5y|AKT zICy29shJCYLwmr{BmX7;u!F#Z>MqT0@bbDB{J!poH3SFY`xuA8Q|wXj-uf~4a6JZ| zTTgJ0t*5xR*0bD8>jn6B#wG9Y!Kv`nkl7K8W5!Qh9r6!>2)3%*w?g5TB3;B&Q_wuZKrwhnk%t*>ne{#8xjSv3;8 zs#?LLYBTVr8Vldtuz?5F*5Ez09e7Ud1YT2ge|TzDhw7q zDt{f|Rl5hA*k-}fN5u_tbLCH}=2saj(|d4O%-JTN1fR&?@>5pbh5$*z$tocI9y_1IPq+qpiS{*cF^eNsfn#}YeBss}cQYx+orC3M+IFuOb&T*JRq*6*s zK!^ccQF*-{@Pq9%)sku`iH4A{B(DSf7&)`j!n-(AGjrTo?hKdH(;&QcPHKdyu@s{m zW(+Z*Bkfe!|L;n7rGk?sPlU%;)C(oKQ|(+Qcq4Op-MK>=nW7|FDN92d7C|IAa|eQJ zaZh+>x7!;YUsPFmY@QdKskppDq$=fuVXbT=EO_OsVN*bj@>8YJ2mXIrY>`aD;(C4- z|07cyNezXmwO?Rr7gsho>2YND_p>oyTiyRef>&jluPvdG^0fw%uhnWEY?``k=fw-H zgCD+m;b6llCx5@)J0&!=Y{hw-rG@XG8+=C}-{kK68gP(fy3a<1pQzX9?7p9NtZvh@*{q>?#TJ#FLwfbRdtyb43!{^J+_KfVx9i#b z#}y8a`gPk6-VG-YzS`XK=>CB)b0x^}>~sH@?Al z6WWFcS6|&?aHr#h!ri$fUu%aRiIak$b1R2vwa*xlH2nImTtd+pCHnnRIVHE2q6bL^ zeKEKxbvp3gDpgj}i-ViaGRJBx3E#Z2U+xDx-E-e+Zv5oZ#!D-ts!DbZRzWH^s?6r2 zBSYg)yr0*j(c!ia-kDwU_D`KkN{xMWX|*guY9Q6~>5{gf3SJ!UR8RjG+y;_Wsk|yv z7Li9RY_PCiL0#X~l$-T}<2~t~T(}`3QggGUB&BFLOO)D3t@Os;1+BCNf97ZdDiByM z9_?!a(Uz;P)aU`<_R1~!4=zyuYYhesxYo3q3P~fpYgPpCylw&PCnTg@BW+D;FhnO5$?t=`|PkDSz{ zR^scAFGPRNR&S5G)@J!O%B&9w-%2eYQ3=EhRU{`T?OLusJBQ0%6cuUxu+#d%^lhg>#9SoLr)$Dli z5atOt`;BzUR}h{X>tM@3l-X*E1}VWArC#Y+tz zepr56)!eA|%gev&oIUM}dO1B7KOJ|?cxB{`NoBwO{&?f_*Gn%BX?SV!`d+1*Ei9%h zw)Kr=&KPE!Q)Nl--rggz%X0fv>T{&3yH{x3Ued|Aa$SuIeg7CtKWsO0)S)MVM2z>y z<7Zo3Q{H{sduLXq^+ZdTjNUJe-s3lMyIg#D!_=KF zK5??o7t?K?E&FVr)ZB7DpRBDh#5HOA)^;aPB_6ZXxD_^T)%MM8hCp_E)9R$DSXG{z-}#DpgR1BST23 zmTo>+DGUvVsu!{xmDgps)0DyOFN_ZMEk!65(vUjp_?F~M&4X{V6cM@ShBs3wsf1Dj zJ`*HGTcfPzm}nSO{%huQxZ(M-6X(@V{J|XgeXs4WX;YRvM!(jif9mRQzHIhUz3rb^ z&JOvu@!h6UjkhOnlFDo?9DAtQj4o`!)j3}oYgMUs#revJ$dw;<`TpS}v-Mo<=FEQh#a2 zp?USY*KbzL+vdUEP8;@(J)Kymd%rD_N9M0DZ+dKe_ukskQM&QPW}j-jzSh|Nt?#V( zGvkqM@~jhOtk* z;rhKXz2@%xZs45E6W=|@VO})aNTrnli8H5Sk{$*D_-edl@sSANHFYFqB7mF;cujeK zUgLKeNOq;7s_a#%nbc&VbzyWtq>s=Pad=OJUx`M3Q-O>$mEE*e>Ir8FQk>L6&mgLS zt!`1i767gBr``YHf_$C{YW07)c{$5DQ?UPsJ-;p5nsG1PxLDtqb(~x_cTF4bjHKhy z#}iuL517)=^7+gkr*~ZzBI%lrF;^S*$w!8jHJ47gVn17}Mj4uMu;c}Ii5|m-p7`KM z_j(5oFQ~RM<>xg^?LRO0HuZR;DNA2@Mf-VfgIBIbYwPUpa4++0wRiV#`u5kryJt$S zO4_{l#}ls^FEp7MHlt?it0#Z>b49DEWo*S8N4YQCHrW=(esb<&Li^@ByaUfK4oPls zbnKEXbJpnJ9y>Bm|Hr;EiN#Ok9KPCYTj>G6-1@0gi|Tb-U#r}9>`M8Be(_hOQ$8z* zN~4i(aQgZEgE1Xv_gqbr)=sUFTD9D~Pj?jRQX7B$OJ=3=y2u$x_hA0m97eg?VuaHh z@BgyTHS8}P^?z%CQASg%WHrksi!7Th%JdN&8mg+)&u=ho8D}a1odH8su@HTt;zl*c zmk^*Pgh`>w5r&YE=e{lF%65S#JQL>97v}!M(QYy8b@S2}XBI8~dBhR#HAz(?f10kHw`B5^ImPVPbS3If-Majlu~N{^`u3bYH^;9q#{OF7 z=KeeVl52Tt78xB zb?%D;y%s+j_wBe5Prk{&)+nw|C;P6W(tu%wCnj13-o3VE&e}tjgTEO!Xt1eim(FFg zu6%i-|E#e0$NUoWNY}D$oee#fG)=F*tnMts!08zWcD?&S=#Tp0qo#Hb%?l6LPfsxp zxL^D3gP!?k=NfOmw=JMt?43U6&z+h0-m1q3F-Xmvb6!_UpUFaIo3ZIjT%X#NBPDv7+Jkiu2j>f!^m3U?~JUCq&DhNq@cO4 z>HpNI3jP@3n*!O+G#5OM0lU1<{UE&X7o%uWoS80_%t&6eY0>TIqj{yqTfP}{G2|}; z10O;6bZs8EIpobJch5exZM}N6VynkXCY~?V<=u1B5<(6Pa4k6`=|@$*9KG&X%goO= z)e4LXy3Lwg|Dsb#@6(b!Ke^JRL`}MJfpzAgg(VU@ANwvYy;MqGX6wccYxL`>KOFzl z0`0~|#%1$LS83j?LQcwt8QxbT+I}r%dk!sdum7e*%O_ve?47paja1E7A8zX?J3p$c zYyC83XoWjr`|Vrj*86<4vvBIMpbNvs{dlMO?Fz}#*i-ALuB=j{SU=m8Ir=ZBMhEXZ z_f>kYWX&%>eRH?BJfr!n#Rre|o#bdCO+CC!tAG7;@9Yk8)e-XpO-VOy51x7Yt;4JK z+~~8)99F$X`_d7^i*5bj>Kip?n)2CG7(t)F13+o?`TtX6CGq_p6g}2lIJ!V8>GvEn z$fP`SDWea>XPtGmrT_|05a3a%R8f5r8Awe*eubD6=BF7=#bG8=^suxnFb?1I)j(!~ z=QFK$4|^^A=UY`uo_q9px!Cf?Pu;Eh`d^ALBV{n3NjVT&=VqVb;d#-cA2fdb)tT|5 z>Noi;b?4GnJU*CyBpionCh4<5fpr`OISPJpD@5 zI_rKrs=sNxdialqv3Dk1*|K`uw!MEYxb_9Bn|1N?s@vxkt~IUvY9q~+wms;%cvh{< z`wt!8=YD-?c0!-r_ijH3EkC|zT-656>YQu)dVFnZ?z|Q|58B>;_msxcFLOtWGbNto z|LC}WaP-yAv*q6&ObTptf95;uSi1R*OS)CROiQ|X@|)eKcCVUTx$N#L@6xWxV-j-~ z)nA*2AkJ!_~8plU|wzNm9OAW2^3$DA5f1P^m!4%Vpw+jk8rjIYX zVxTT@akI{&tY`Xn9cQULKK}4`1rvu=I+(C&z`g{-#GM;6K0Wy5t=cPHbK>Id@3nHw z59&H_(R%6A#E?H_Z}zhFuQwe!=<&?q%^#mUHNJDlK273IE*kjr!m<@=uF=jKUy%6C zor6zp=f^WLic9~!oWkX~=r&pHuQP(0?q z!>YEgx0i1`_p$rzy{_}$J8xXBy*FXnTYqXSC)9#it20Z9aF4>=r++)(z*jO>mRqfWvojJ<}OzY=39Ts%sWM*`k_OE@W G(fmJpf?fdt literal 0 HcmV?d00001 diff --git a/docs/canonicalk8s/.sphinx/fonts/UbuntuMono-RI.ttf b/docs/canonicalk8s/.sphinx/fonts/UbuntuMono-RI.ttf new file mode 100644 index 0000000000000000000000000000000000000000..18f81a29258d13e1d6f1ce98cdd167091ea9bd4a GIT binary patch literal 210216 zcmb@v3wV^p6*qq7-TVET>?YaEyV-0u_secb0)%AAbqNUsl0d>m!W{%PXw;~nXi*Tc zqGF|%Dk>_q*oJ~_XsuF9EwyNAMN8|2)KW`Zs8mr?E7|Wivk4b#|Ihz>o-fPq%)Ia1 zXU?2Cb7poSMnpCcC0Xm+r!-yt!o=H2kugk^R?^hoSzB<^)vuHE(RQNTE2g&>M>hTJ z{3ApR&(t%kzO`%hqkUl_V-}HWXz^7Gdp~QRp(C;@iPU#3zM)S}vs$}}V}`zA0l#ZL3nWa!s~hy2~r^ct;kQieDzJshLoS%h{g?&ba&Q@r3;sQvc`8FX*~!p zUx63u0_8?Lci=f|#Z`U%Py4<-6VIrxzF_q=ix+C@?_EI@=pu4-u)Sxxz%!&k>J!o_PVqOt`pb*I=I*OcPyZm1otP!pR(VWeQ^*j7>zNiRs7k#0-UW$#jiKF3>w zN~cgudPzA%QlgFIxnp_PPi~#eb5ER?o=?oBQbjdAD-%673-2VY^gQCpJa^=i{Ckex zr5tKRS>ss&JwTPTnP$;S8ldkbKBNwsM-5a(C3xRM_t11|rtcwi8r9(Klhly-ma{4h%VmkUKeT%+MPtg*T zc8sn^4o^}A$|ky>7El+>MLWKU($1pneY6U#9Dwg1bb`^8^^et?yPPWu6Q_k+j{YA*7pkyTPZgfVW>q-M7-M;N4s4I$A;N=`lQi z9b;32F?9pUkB7V%;gEm@ZBK#k%O8wCW@<3;1!hPp{RypVAp?~nr%Vdc!o;rRhu#P0 z{0e+`gnmbV2QU5|^;kx|;QKi=n`Y8-x|gn|E5T)J*hCf+vu*&htzmR#KoWrKo}#PJ zdr#8y;Lio9c@r%~AMn}IgxTATHc!TzY3RXh%;{#DnfNK*t)dKi5i$7qUWNDNiEqN! zf=?Ufa5+-g5!Q;j+fl+Qx><}z4Q5j~DL4Rsymsl*4!hjTff6_Zd3_(;^W9C?nV8FM+$6roHH;+7=-E&8?_BRvfg z<}P{!z1EDh>T8K|Z;%}JOpCMijK81*5M}2v}lq2qT#O#Kg%c9!>EFKkCVS)4_v5d{!V`oa&KNQUbLhgoDeU6r{}- zDLas=1Lg8}9Z0nZHQ+734bn6RZ`zOpm-2RmWPn33o{7&;hYXa($Ck^>32=K5&fCGq z!Yk@ihg_RPs~$w|H^8sM`%dI|J8H$bo)At~^I2>Xyu@T*TsKUzCQNPk0YE zBX{6JU9vDnyuQggC;5%HBZB(#o*4r#Hv_$3M=g0@Pr{nehqj*)W0WCyhxb00nT2@b z9GZ?NUL!kN^Pm``WsnVR~YVB)-6>IdM(mmc-qO-zJjn;C1A+;^p!7h;|~~m)pqG z&PK}H689$FNc@)1(@Q`9)t1XjMi0M}_#7~?MR#Dj@nCia4(UZR(v z>s+W+Vi0-mNxYvp$6T!b%Om*Z)_l3=z%jJTTSN`*gz+=>4{o^a}=G*BOX9 zzD8GrZlG&G?*#oD=KLDaje>5XYvI3}t^?gneW3S%o}w*uJ?Oo31L)W3M$r2N-3qPh z6!slAC;kdekJAU~7SL_97FxQ!oQtv1N|ng2Yp1)Z_(G_-vRm;`ZnDO z`lz6f(OvNG6!dZ02>%nb2^!p!bT{ZOL7$?{@INi+Gqfe~XK2QpeuwS_eU`os`dzvY zbPsI>eU9!=ybs-()9*umy^o#IgNZ*ui{1wM19}K_A3Y4ZU(n}iJN!Qs^hfkf_y_3` z&;#_X#1OPtPJcq*27N)$pVFi7zbNQSv@>yn4$|YGKNIw2dIJ8RgT66f4%(qYiEg8qwMh5sW#Kc-*9e@@U(=t$x%tUs@TekSNJy$=7s=_u&u^gC!2|DiWP zzYz319fN;F&;-2+Kg<=Q@NmlkY$I!h4T2zXmC7ExcptkaHRd)!>YE^eZ)K&dg2mYk z*3K5Nh3rOl8@r!9Ai1Orsa&d%rb`dNUhzxmSJJx*o8m6TX2ll8R>k9r?P%0gA4)uBzH2Scw8B|bcVR{F#??ER0FI1g(S|I>;#%CwV3 zu*00fX0i^}!xpiAww^t}9+cdY2W_krZF~i7JdQSQP;5dQzpl7n@ucEe#a_j$N>VOT zUaQ>fTkreGPky&w_Q(BgqitN^U+@2+{}umR{&)Q!`9GB%vRn4ZvS{OY(Z)V`{a3WH zeYA}>v@z{M8<+f#HnyRS_m8%bK2ZoS`PZB4gx4aF#=v~Yr!aN{wFH!f% z?;w{aLuO}Vm9ULGK{WC(!noyx>uKCl2yVfeOe6b7emJswWZU~6ynpk_cTc{3@((9} zfAYeHd-69YUqAWU$zPv*_2l7`zeGCmHxwJ1K=h})p~TP^L!X}b;roAn z|DBULLsz}uf1+ckf2f`4#P$;powyh7JtsDuxbwtKC+44MJW+SzA16+oc=yDgPaHe( zn-g!GIDFz~Cw_clKVoe>aogJ`f`4}Y4OYlax?QN=sU#1Nl{o4ig*%2X1wn4W%m=_K zco{{%{9pY27&7f;$SMApq+gx*d!w&k{OaH@z1?xi^Q*$2q*q~mTZQ%RW^iXa__LGE zVzXHntrYWd5nIfb(DiJo;*W}V6t5_bC|*|_Q@pBpP4OGWQN?c+zf&AnyrFnY@uuSU zia)?A(x%0xRum>SuSbudz++Znl}-!?v({*#>qeyNhjP-)4`g z)XFcE|52G$D&^-YlS-)^RvA>1@-vlQ#gw0@w916?oJyk{QT|(HR4J67s&pz+IaLnj zdF4s=EZf7r%bp|HFnOyWc7)`)q_qrI(d6Hldr9DB-egLJ*dMB4O@)36z0?4G)C4`$ z0{znlz0(1GGX;943;Jamc5WGvZeHk-ev+X(a{Emdbj57wh&j*=^Pm$JVAoj$9k2wt zUj#Z|8FamJ=y;XT?Iu8{tAZ|9jX4p6?p6z(tsc5sBld7{=w{8($y%U`O%r?T8PL1h zp>K6U&zcSWsvCOMT);fP;9SB-as_mo#o(PQp`knlUFB(LA-kbvJPW(w_n=7- zG>hk|FQ+kjsWlPusqF7B=XGiVn)!uZOH@^QsQg#|g;p{!u0-|e(nEhd9rr`4!cN`=Izpdr}UBM)Tv3@EdM@pvJB z4lcxtg_peO8IbX+@$xtWGEcVLN^Uy z+()~NP&d>N?F$5WUG5o-(IPwyte?@9e3ofZ#t$e~oZmel_3)5`V<9P>JY@Y?$c5xR zLG)}xu%T!4-wi9=1M3&bg#{Q{@h>!>3?W<|P-OQkTD*e03zu#V)}w{!OX}zvh}FXr zTR7U84SP$95r1J18nKdh!;G$h;$ZK9GgzDKZM;Axp@x<1T_Q>HZNq@GZh(3gkER+Z zZa`YFNW*46Fua01ui%WX1K1A^?Jbit_HhZ*&Fe9cT8BZ&ZrI$lWZ8hfCu0ftbD7+g z5g3Sdqx-spT}!+9CQUypS6~g0)o$ zunwq`k9QqvdEclrkEF`!34|4~kG-9Esr~XUv7NFGf29RnYR`jPo`W7D({R z2-XfrXs39^N6{@0P@CKpTpH{Sf`?*lU3_qOUyJdb+8&%bV@{VC?NKi2xa=tzUU?yG z)Hfj2fdL!y#h~&r70*rL`NCuTOTkmdg5}NH;MDfbyyW0$h9qyEGC*M27^Z8by)0QE zYlNf>HZBaxR=IKW!okG)MVt4=Vw-y#dR9!pJlGtZvSf3xy{ig?DJK59jGKA!cACnj zcGMOYK={<|4YEx$_Qu$z_BmY#tVHsrj;_5DtL;Wi2sU&8q+o-*gm=!`?iHJRx;bl8 zDmoJX*Z>Pw(|{DL-peGlaX=qjT039}*7El?{C!RGy_&z*1ZxLaDl4Rz@rL?5e_uS$ ze{DSOA50vKy|Kn{rBT9#eWl5#Nz&7VXe<9JaeZZPv5D@Q+KjFs08;}@00IS+&gzmr*5vcQ!!WSM7y5fqBS&jv=1`c zm&#OZkZqkhsQBy5sRP=!xdUv|K&YM5*o-*?>P-XGIcILyUdF!OedoRRQmuFDfVaJC zV5hfx>OdTx827A)hrD}JskS>mpYri{9Vc-5uEW2+(I>oM2<4N``D4&2uA9iB=FRV`)+^>*we1EDe^;kN5|+(9bwP zCs0J1&HF^cj!FDgfnEaUM9M=5KaG7#3^xF9pFo3Wtq~Z+<{B;0%fJTUB#{B{4R~kR zhTY9DkqPh3`-v>reOZy#b`Ezf;CIX;N%ZUFIJD8q$k_j;mqVv(0?hbAq$@=J z#Yj_vyi1Ws!~^sLco#*SXb*s}DB4+uHjRT@zK5vdIMI0IHDNW;M7*m)nn^80)k@$f zHk*CW2zL@qt|zLkBC11O>JeU#d>f8nSW$;2gvUFGrfec=M*OLWJM|z@3-W6<5>0ah zyNIR_0cVNYhKXiu1C!(chl$z|)_xjnf_I(!iDqeuW~0ut@jUw+Q5W*>jsx2P27%+iFwxC!0Quaq7T5v20K5ZyLA2Hb#DM)o zw^{+z?bbG+7eGF@;{9!?<5kk=ZNld z0%b%S*8@9&gTN5svIrmpF#vHlqb-}402_c^z#-ry(LKmx3-Z{4JhpTIeZV%Nd$$sO z9r@gceC|U&_aUGAdVux7PT(LgM7RooDD{`)5I2%aCo^CK<5YG4bn2RK6XE!1Vl z3&1->-(C-(LXX0I3}rsH9T)_T0;h;}BF^J@_c-1?u@*qNPavNs&=*f2?1^(kPZ|M? z$u7L#h5UD&CVENrL(E!r#Mflz&zy@F!a0oa_^aCZ31H=L3 z|AQ?=`_LErPZK?F1PXu_U^TD>*aI8^P80pm2owKphUPCi(@^yfTmImq&1OtcB>;GK@{g>-8R@ z-|Qj!E&Abi{X}n^BzhC^-x?zN{UM^`i1SCJeY=b39pwF90jym}Gjtf{*b<^Y?<6{T zmgob7{q;1_sr3NdzilA;JN$p&10d}0$mbt1qSFPy5HL)1W;-wdAg_O-><dG-|Ak9Gmah(1PJ zK3)Q#?2mT?g8<6^_&9J17$!QW1>8UmPzl6=E?@=F4{QQZk8`NUIn?9aQKC;#?q?f_ zhEd+Xw-9}fIR8PpU-S{3$MeW;U=X^=5m=b^;2aaKq6IiiOgT(U4Zr#ioBai`@P1-B{ls$XiRD!i%LfWp z6T>>oigpnz9w1hNI+X4N;4g(gvI*D@1*MBvxtmzU9%7a7V|`^4;7;rzR<)hjq$2>@ zP;CSXfEHjium#uy93d9V0a}1w0CkNG0;v0B0O5omv3(?L@hqD}XJ)9^eRYn%FEWPy)08XwNLvW7dA)7;ui*Y&TE| zbOHUq4&VgV8chu{EgYwS&a2L)i5QyI~u# z8`1U~k@rn#+s$ahEmg#@CbM;@)2#=Aqr`4|f!OUi#O^>{?m*fNDCbVJ^{(B-HlqHU z;>7M=L2NTztefl}^yxha+mZvUC3bHNI85y8Jpj_*mj$c<5N9juv=!ytk38@12X+v9 z0Pi0_{B2sm4dehQXWKkt4 zh&{8K*lxJr0iHcd?7OFdFNi%?M(le?_x)YO2F?=Oi+q3Z0+{*fepldyocCN;C}&eUNizI=b)R|&y>Irv7c8#<>#0O ztR?n~0RUyaf-+ut2RKdamq_?q#< z7Ik|A^*q*3?9G$J-r7#=_c3C}*Ax2#%6{8Q>>b2^x0l#^2Z^011GW(xg8L_=fBywy ze?CI&FL7cY3==!GpV;3Ei2Xw*b{gfK0saYmh<9f>5a(a0<3~G)ecXlX%}QVou}{#B z&pL1o`wL>9Zv}P&1H}H*LhK8Ke}Qt&uO>EvauY`23zC=;I7E{44oQk3l9XpjQfo=l zWC3`mIZYDev7|pnlCg{=(+j{60PoF4k}OL|vf`e&4S6|QNOHP?b0no8Ug`#tT$@O8 zZzm~j7fI=d0OXU7@C+wV33LG~fPMh+G6sReBzcBO@_K+O0Ofnv1IWXRJiN%mdy*ud z637DL0P^r{0rrsOKTT2q`3EY2E?_ON19$;=honpbWS|~c0&D_ylN7|etUh2nFi281 z^3N_HDZGuOoDC%9;yJG#z;oU%U_WpOI0l>q&XJU_B&lE?uo_rPQlSy>0LZ6s2e1ct z0XRZZQ9ppPi%?z>$}d8h#mKW5d6o>56zL)XBbP;$zK_ux3d0=SXUB z0|;w~1FL}zz%BrB8cvebs06YAgf}AZ#!bL(;0SPn#hDmC61C>A*&*0)qhZnm$ZYn;WPEx`2LQJ1__w z1(44S0^C3)&;|4Z+krvgI514oOgB&h#DN~5AJ_`)1`Yy`hn&ISL@MVz^D0Q^073$O<`1Yi!#cLNBY zkNoE&%@yGFD~^-20A(*g*aGCepa<9l>;wjZqrfSWdXAB_Fb*KyBE(s=9zdK$$a@jO z7i)n6paobBYyftUv;_5DvX-Q!9-s=C2O#azT>#Q9JxS6sC6EKeffWG4mu&|INLpS7 zpdQN+Zw1O&Ap`Zm5?~X6I;=qW3erGotlF4XPsnsrSjJF!?an~A~EhAm+yxx3=v7c&c&cDuV z_VLAM@}tGC;otny5*U%iA2Ta7!D>ZCMO2ZQJ+7=g8c9uYs@V-Xo86%wuhi&_x}5GG zrU!Dp>A^zw^H6nVh0j+}SsmJa{%)TyE648(<`DiQdY65V{abnl=l%{_6q{^wJE#?> z!**)1xy{^**4W%eYSr)%jTP@SGTv$UJJRV?dWXYoQL0oaPK(N+yOV07uSG<)-+hl) z+6G*#cRtgo)tX>=Ick2v$2tv$EN7m|X3+mjZ^&}wDXj*B^h{yFn&RR$g#}}7vc9M` z?ho;AYWV4u*p+E%DJdClmlIz^v3dLwv)dWFfgDb>#=#sGY+M5-y-tm*77Cx&YEddJ zmK)3}r`fC`Gt-(428~7~+a3L0k4t~83FqRb427h=R_FJ*btZgN7IVK+bsNKd$C^k@ zv?gjFKfbuw7L7)&XCjfv1y4PCXnl0dK`r~xXX0#QvAofFjrIS>+M1yh@@X=-kaSz8)bS#NHb+HiH_)W*ryX$`Bb zH>F%O4JSBjLH@eKB!SXfZ;)~ zFdniwYhoHi8($nfgZ?W9 zgTr$Pi-5r^BGuBkvLY#5qyTesUP(=LX|l6}nPw@)ndQk-T5O8Kh>hsd4c#5W3bF8&pI#E>2YPC^InU>QMD>|wWeaFQ^F7I2Xa8Jebb_ca&%XsY_l?HH!V-5^W z3R1SFXyLQ*el`y#hIn#4;_U}7x4?5M)`T}2p1h`aXOIQ+B-G;uCOH|C6pD)8yu3Ph z@AnPNAonVjwQNFPNe;`2^cCOX=&P|ZYet{$c1h8XT`y)RK4;#Ue?|}nZZ76e+=&*0 zc{i>*1dhd<%Lj!Eo@kIoRb|yuG{OfUn3?SoBQ-WKj{hCh8ka2b5sf8tTzHl%9P#88 z_BhgQ8mrBe<}_Nb{2%Y7RR?|XNqNg7t>Zl9ELa?|qz7C%q*TMoYy6uTnPk8dbe&wN6perffCNZ0#l4Doe6l z+UuIpHo;qB(J3lQDr8lON>ZuH;(ejp%lhn_j2NaG3=n3={PE+tnBid7w=hKW&sbl# zxyDC|&sfjE<>U6{kz$xHL`#x#>BrO}q>GP@14wECRRd~b24!{jZ^a$4-ZXkAunj?ZSzs>(O) z$jtIg@TQig>e6Mq=DxIWy2)xwDHsmhTrRV((C-YULawm_wu22|y)u#G zhh#FTH5wBZa4g?qondH0a$#fx29?$6)I}wY-k{cFIY}KqX`;(Dangj;0?5Y)65WzP z`YGAys^_hI=3#8l@-f!%F~<jv(2iVi`RD`s})Tfsw*eQ2=e$fk?ZSc#+R1x#*b=t zSnI;oiVr-V{Omx`9c`=7+QLDPRvE@JRUGujCgf`-GrcVh`47elPlC={X&_@>(#Q3FU6*G0|JES>da7t5X; zv&(DD4CECAgAQLRdW|JMOw5&XrJtanV9a*ul7v+W)e+O6cyv`ko>)KXI@n*^pHlRo z8c5ZFHPr}N?Z7S4V)|n&D^m+*&D3HBW?G?+1UT;o`23P{@J{BcOFEyDcz`>+AA{GD z#^)yDxw)K10Nmqzt~wAgmce6K+?Wg&t4>cXX1>_!-2AO-RGz~y^;fH5a686f3CaVppprqg5`MJhQYV&fOW2mUxGpmlrSh1#(%r<|w3GEUZ-N z4N8M*rQYDw>kUK(gI=rEtJQkF-KNqn)hew^$)GSoOLz~hORDmm%kd8c>VcJhwowHI z7d(Yo8C66zfr_XDa`*YltD_S)^w~!C+wNLs4CdrJ**~0kP!#=i{+l?3XgdNTqO%)ydUQn+#U4a#?0|8%-EaAee47F*9FV}F7^JSXrQ!xj!)0^@jmHg?;?IDwXsY%HPay;}@ zo6t`&U=U8PV|~3;G~z9WP~r%vmW=O$lHC8ICeknJih%+xTGZRBB1R?laq*XGH;BTGmkKL?nPpuZ2tb*ylwHi_(&?fVS-Pcqy{D{*(B=^;*tf8W{|uv7*1!Tu$h7(5-r>#ko?YcdAtS6oq85NYYAXaN;|i(6$XG z6LYCj4Mtp|Uz%c6Ii1X+H*y<&a<_=(0^6HN4K_ZUr6SgK*b=(Oc8D9{u~Fq`mOyqmNeRt-fYO&d81RY-vW_ z)HboF=la6OQW$Lw(*v=Pmyf-dk9`_f4cxrVZtkgD+=_i`5mC&VV79(+xRM1;nEX%9HmYAAr0ObD)wV{yjT7Fy1jT8@?CkWQBq z4VJ?mQYu$(sOfuhiBYetS>86@>aF$VOvtunOqf$Mt(|$i6Wx{7zLF|`exYIG6;H37 z(iEtel4G{IbI17#XE)}<7RsP;z{oB5KOA$Y7VC6YGo+;2qEju^7|jHBjc{qtjTmAj zgDs2?2L=S=b&s=k!SbS!KU&!aTlSL0o$jVbzj1qRV?1#EgU_^cIi$GC9Y$X^Zix!Utt}__iST_tZkAsmrwci5SD25VI zg#wS*T!H7S1l*&%rm*Rqij|=jRO+`X?d6L-o}$IFqC_Dn>SK$^&a`%W)?%xPnIL=o z+KJ1lwA5wFU9J`S0JdWoeH-7Z&4*OH0-H7AIb(N0r%TGkucT0elY45uPlF14ag(OT z5TrPL*s^h}NVZsbim>?>wh;EPFW)z@dtzaA*gmzc+*>(4k~cBi-gv-W7;x%RvNC*S z;nXTsYA$wVjzC&^VZc$yDpMwwgyZFMS~!w6d5N4~pA)Z;-Pw_}>Uj}^94>O({BE;d zF3czxS7-2M6=aw^F0(yQm=S^)m9U*2!S@yWNyb<|c>rJKJ}Y+DScQ_?Y`!eTEa<@; zHy>M%8@-LK^ieV0jEKb-eYj`2y$LQBe+&>j$74l&!U=$D3ws%ymd1ARrr?V&wQqAJ2<#z96gIpuq@=N%v%>NjM2+XgByq=jo zPv6qSnwY<$InQivFjy)ll~#F+C;D;am+;LU)8OYRuhfB>wYcG3c`wEYsJPR6sichR4VrP z$a6OKglgowEVW`+)2`+_Zs&7Tf)!+gWMOw>mTJfoGccyoC}8|nXq4C;yvMWQ+cIS2 zfM&x#x3c?fBiDEZWp_8-*u?W;R7Dl|Z7p7}aLj^AVN*0#v5jA<7!;`2FbWQpMimZ) z9%t>gktS^9NiAeX9$kL`KU#2>&%YGTMqD9*XNYqOf5AD0KgXPq z-%7qRYkOTTUoTnEbx<1*#+)#q=d8)hEWj@kT<^cbY&P`SZ%-~sm)OzKQY=yz6uXLw zYLys!=p`3~uTpcVKK{N!6)cM8c|v*K3R&lF4tvV;(!7P`r6E;odLYjO1N$2eZ%KYQ zw;;olWwgXhcB7{_Gc>+9C$GeJ;-a-(!tV#%A{9$FLzkrlgJH_RhnbcU_t4;6CYp9>xM+!wl#rVE*tI3qoS9+&E z1TNuAJ6B{dy+9${&c6pM6!e)fV>h~!3eA{RitmV0oY;|% z3N;?c-f)+>edBW785OgtG#0HoTv9%-E@Tf)$hC!1G=JG->C|Ni>IwuwQNy3SZIZDm#YwO1}^%$-#q3`NwQ zqDh%~h1jc-#P8v=H?c-qD3xWztf|&CFr5{@U6#T-&xU@E>Clx{{+^31zB<7j=3@l+ zY|M$CHMrCH;)5u9cUt!7;rWFdAmg}Bcu9m|% z3c|Gyn?q9Q6jnuxQs-0x4C;*Doq;0YX|X^*)muyOXys*F-7bs8tt5+9FEJ_ZbU2h& zoup7|FKDD^A~iU#5PLfN`275hNfnfzRgCJR)9@|@be0;q52dq1&lV) z>}-6C{huxEfwtN6ix(LzdbQM>J+J7nWPaj_+DD#vvbp)mCmyNA7gL_@n)3{oB?|oV z$A4fqT7z$u25~O;?U=2Ab7=urGJRr?B4#~$0Sm`jv8OTdX@bsxE5riaf(^;m&uI!6V0GAXzK86AA;n7XOP%OgFEHzrboD2D(=DQ|| zizA7z?gm3fz}cvfjYdneR*|0WYQ}+LaytM+8FXN-SAM1XqY@?&h=WTHc=-HxnH9{{ zwXA6N+G$l&a40)DIALy0W^7VPvt6h5=U1Bg7Ek}y%~NG_t;Jon=$2T#J+GLekzo{F(%5?NQS(wO;^aZ-ur4NExT^yCauRm)NQ$L zWQwFHnSJw=mYLkZhNT(5sIUq)%h~(YYDvPV9gO8^4RO6mrPV=L=voM0o?(n2Dr8b< z$*7I1R61pxNxHb03u9Zhx2~9P6@(93RA>d*p+GZe`Uab08yPM-Wjj^I zd^TxS)czHAbZ>ZqVyB zI<2JEXcZVX$RTlfD9*u?iok!#&gj@NH`b4+BIpPLFcPv4XFfEu;bh~CZ8NJ+N~_L4 z#N?47Y1PPoMtR38>eUm;U*^QBC5FPGNnRq^ja z?}|Bx!bc60u%>9(Lw)_Wk(X>YUU#F7O}0s)kpOIxCmOkl0Oi+#fAUbii)O}399*(F zaDsycTaQ&5Q>Vq5;&eJwK+;liG@KGA7kbTUG}@ZgNihe#2=iX-p84i4xtt^yP=*0a zS~`4KK*}o|!3rsFiNO<{UgeMGdNlc(R9{wVRh?tz@2u#LdHJmqGL1H;cCyB9F*HqM zvv?&L|H7Emf;y%$T`Vg#UI0#R%Ln0#LrMuAQ(|~bDZ!(;k`rzmg=B+!JO-0stGR@) zo!s!F<*&FRqvBUOupJi51MD5UV-DouNX?&Vv8T3>%1JQqAcM29EW|cI>Lra}I%1f@ zZifZ;04yz5o6~BuSzX9T9FoF4%u9wl5VNB^mE9&;tXllq1x(F+J5m!JpH>`ob5>%- z5Q^5fM&*uK$ejyUC|J_g?9SKbTMzMXR(@#(;ie?0AVC}#2_}O%T58E^YMxe@Qd&~v z=+2%~)--e5%*h=a$4jfSM+ZNJzEx3vEQK_< z%+ew$oH$jN)cAD-RUDj;T_&H$qf*^%eI2_lO#qC|p0bWS{?N<~jg4UHx0C#2$5<61 zKbfwIRh4<`y&YbK*(A%%Lq?6JMa^(khp98Y4!64{&Erh-c+vu1Nj90yX%3I%PQ%YK zXpNX_qN|b<4&pHyg%NSA1`%8-8Ldo2OoAwG2eBwRgezu>V38us{pI$GD2~zCpIX(a z839|H(d+XWAB{^YjYeV1$_kjLsE-qfL8I5Uk^8;E7Sz0*C3GW}SJIBdj*7&4J5JP#T;X zOk=wl$D$Uiq*DoLBIF3ahae8MFLdjuG>Ep*Z==Hm|+WY8Kuz!+=Z!v=`zNvq8<%mvNHTBw6*G^@BIsXtUEQxi&i*>;Q9dlpIn<=ajnS6d{ za(l1G%1sO&H#a`;6C)x0;W;JD5m1kWodT|~Q@|aHrSZ5HH)ex{s|`A?tLyjz0Sl?P zvH@4z7~n=Et~|j#8%yOguQ7%TNg-9EH%r@`uA^qFf-{w{5?YUa)m;miN|Pp@Q4Jx? zwa*J@NNi1MYni7czqF++qgam5G5d;ZXO&NxYxb4Y&XyumuKC*drb(PORyQqJ7Fw{R zXKK-y%ligAFL|MVTk%USx5o?_{6rvwACh6(itQxKVP}QGM%c%=qQ?XHGRQk345crv zQK9gs==4s#)7fG)Kpq;52A?jTl0tfe)@f_ToxbEkh+9)hoA4!i_GO9@6K#`%*jGT$ zc0rBSKvwcAKy2yEWjW2us^gV2?lGN5wX~9%zfPC!dqJ7*RSwz2x8H#xOa=0m6+;_r*jON5bc;OXn;T3G);qoz+Uu{d} zhmWb^B@_ZNws3_>6YkN`t)I9tz~!l688P_CfOj3&ta*>c{CtOEHtQQxQrrcNiju5G zcd@zI5^he>>-^2w331VKCTT9V9ut=1uU3_leWcWg>jStLHBMY1P`WN-5_U^`jxi%| z;M>a47WGJj;E;D~}txJ9~Y!Ls0-1@ottX*6=KwpQcF9G9mu&!3s(lBP>}N6aI> z_E^CyX_QUdW43I*Q_JSMa{w|+oW7nF?Z+|f@mLI;q0pJ3Mkt_0D9mPC7GJ@%R;{GX z@mZ{1{PVWhZBD!0X19eE=D5#i^QJf3UC^(zIxW|t`R7c8GtDKtGaA29l~hdU!-9iA zFcZ#BlB+B~oZ|;dE-v|!Tm0nG>!9Dvv)hMc4b5+HkXc@T9NBKCoSTevl#|S`p^`dSXcsk9@gS==nDbx);Rjr z4@=!9Y%B`+h@)5Fis>(0%o*XLLtvp2;vmdja0XlAgFy zPxGbp%YVtUI_z`Bl{XxA$?-YXT$ff7_G!bG+Coop z&}nuDQ__n9j$ln!c|(^i+ZLZ_%qYZ9&1JZZhV)=*aK>`2(WI(1IgDvJ87|rFG?+6& zkzi?aX_{=rju-vA9sJgcbw)#zV*zaAu@bi^Rj_=ha3urV2ByWnMvH}6GiKHRpP-Sj zwqI1T$J9U#S3se2wc5V3q5aP9@IA}$J}UTW0=N`J#wg)}N=usCnU>~urzz7|n#Qlw>&1G<7d(y6<(5#( zv{b#uHo6_gjZx0psM?s0$g4dc56Kh3FtaGS%pvI?wsI4(-s{`rGhaVB>{*sfhL za{+ds0e410mdChg<`QGDqRr$fuEsChv3p1QGQBAwkJXe}Rm>h9S%3>8Ue33h(639- zUi=nGEZ3-3U~x7=%f^8^ewo{D!i+R2>>3SR2iYZsNo&-qHA3Ydtu@!Q?c$m+38fm9**yBWD-h&I}LBcYXKZoH+--dzUQc z(L~gz3-!rl2M^%qWyQ=1aA6B3hb!zGa1ZkxINY)8sl%}#HgyXxQo5NtOVXOOEgA`d6J(KRp?i8{>kOmU?>AY(d3nwz z>?hR7Ai*=*Eica zVE;sO*#=X{b#xK4uADQiXjb+W(OV{(z3Hji*zK{A1Z!r2KUJ=&Y<{>QtG%-$#OLCJ zXwTJRF1`}O?g{2%Tv39wFVqXOEt>IMJlxSa6DEnIU4q+=Y!r)SnfVf@!bT#w0mT`$ zqr}227Hn9}aU1pzajqgHxBuL#IG-Ow2opA!o_tG)11x@j0%zA!LEcr@UKwU3){$$i z#miT&EE)N$jrHRjf;WBbj`GI(Nw=-NA)4G@FM_@p#630*?*65t3vVC|jz%=xZl+OT zyQEcKt5IBwFN<(h4Px-(eW;{C2lg=-9Ki1XvOcl*N!wZJCzH=-PKKC6``%8>W!H&2 za=9@lzm#`_FuL#!Uh?Pn2!=LsTNK|d7;TCp>IlBw-q0cagaW9N(v1CUtv+@Wrs1kQrlb8I&1#5mf!qs(g#tdWL*f$t_66?o4 z*x6JvZA#9Jn`apD6Su~C71V~`WlwZ6m9j$R(MH>=WUV8h(&OkoctyPG+BrBC)~QEM zrG!#aa?{G>R7vBqcOhi{A?H*da&t2DSCCv;D^ zLpW#0uEf`_)n-wu%kHw6R!j1cYm)u_oJ1QK|zZIhv?jmV8rQ8=DA994-ZkmzN=zeroT1L5Riqjo! zpCD^fg6u_;H7&m?Slu_L++>j+GLH<|Z6m)`@%A}G$@am{jI;CvdxrwpwORvwc@2o2 z2p?8)7J@f$kBc)9EdJtNlTZTq5|3wb2Lwi~Q?X1WQ3#u^gx+Y?YCS<)J7s2Mq|Wvm zbUNc~71}+jL~|Q17c^tiPKU>z7^_%VHTBMt^t7xrAd7edL~?6|yr zf$?1x75rEb#!f7dmooj2wc071@9Uz|nseIvr@LH{&RbQQm&cgi3#OmQnSLG^T#xH{ z_Taqcs_VKd6i3bHKTQc$el^c?p7@Ntjk|qC^uYlfEsB${LcUFht`1k62!!|w3hsa_ zw(;T_od#E&i{Z|shzD1k9N;8PbT!;l`}w6)ezeAq4&WY-Ind`W&VDYwAF%Q50_*}8 zZnTWq2V%Jxk>veKRlCnuP(s0WXK`@01&4SrD^j+8b{aNg*|RO^c)@F88S7zB_%hpw? zr^QkV!#=gfG3y-Dx$^^ByH%f2IALVSTT+u*b8TnT;m>o`GzRrj&3KK@plsB;z?;y; z5?#_P@MbnW8}p~~_NQ_cH@VIsn`T4HKC9*J>BZS z%}V@ALNLf!x5eqSSRjMo;LeRDoa3AAG6$VbvUX-U@GCMF<7}KOp_7EIJ%ZIKc~>24 z-6abi&aU`DHdo;gaLIH{+Tr>Bb<_$U1$SO@>jr1{oU#^1AS5F=ag z9%iiS_n&(svzBgwrFaJ8|R*TmjC=GpR6W>PWK-N#WNd^4)1LszOlzYJ0iYy zPwlD`K6%0J4W{d{DnXn9W;rT_u})=#A>r#JldRwf@c<@!*s`oGiw|HlXxmMZ43RtH zr)kX50mwlBsz{hkz~ERd8QWrbDah1qW9;qa@;XmYAVo3KT=gWAo?&~7j+Dv~`!Ve; znxtug>`~mIuoiRHjs{4t0i=j5H>B-aqf=*@3zcQ5xMrsy0sd^p2@Fa`ZJFaK$zX{M z77(D|K|9=A-Sj7y5Bu$*`OLlpVTEZz3z zN`|Pu^%JEW+kG@9vunpWc*SLFeEiBzWYDNg7J{;~b7a)%uZ%VF$D~gwKa$;gc|4;H zMt}5o=2$e}R5l)9y8Mv~uZf?PejB>HEL__iQwh7HR`A%l$)8UqbrTeMnvMqu^$Z}O z+pTGpY9^*%fnF|xbIp${C#C!{>?!zb+eMx&!7#G$ya2di;8McYSl}8wHdue<%?blW z5{DeFWHp#k9Ij%nIFd%{ukncbY$28#h{y7N%{(6|1QSJveNl2na)WVg!1&UhrBpIs z$s~g@Ah5W6i$B3Vg&^Svpye2ZJfZ7&Shn?G2=f^6yX8RV&q|oJw_f|7siJbL@heC6Pi8#vRLVa(p^0C)0WcOisT5xF)b@|-rG%jvSM`&<#9F8N$O z-Q@~KZMvjyktj-g8KIy@^Z8sbmKD7xP*yr?n`y*ySy14Jm<%6a7FB1k6V6Bm5PL zTEcR4&3)p^8>Sx|Ice_NyE}$5g0gQtb7gA+lC^Ps;KX2TvNIZvOzvLFExon$65Y#_ z7k(=KHwnD3!j;|O@C0UjxJ3ck&=T~6&2C@U1+4fi_phTWOOG0MUHAJvYeBDYg-u~f z0H!U#su#%=k3@-(9B#sr&cuSkmiV^Vc_jGky$)xh6dP8Y%3N(>$}hcXal;=es!70A z7G+dPS4Y`ek;Zs?p$D_VSHBRDk#A%{6t-xs#-gSp7BfwM7885j?~9;(-k;B;)9V7LWAF{xoM|RAS&!oP_yU2@QI}}M zV(H{jASamtODhLoKA3;IIs2(V+sZ+)kw8rs6}d#IV4IHwDMNUiQ|OKQlL)sQZVSM$vG(FWZ069WkJj?1lYBw=Wrr9$yx}ZeUJ?3gd;1FM`sm zWO`%Dhkqkqac|sd$)@;YjFpKz^ne-&tSkPA;zwFgjFWz#T3=M9iJ~mV0*c2}{rZ{& z8x=)q%@ZS!7GVb1dL&}g_~cI^aVqHE>~&FT8Ukz1ec#K1C2A2D`vh#FiOVwC%?5 zc*80=B4Khw5PZYi5LpY9Tqc{0veXvl=*4c4GA2$I4UsbRUR(8MldDgl1BztJMAu|d zT_eAYXU_nz{_aIa602RCB~%evMCD%f2}4Z3yu6y6zj2AZPFA`DMy17Gy;rV`-f?`E zzb-cx*Q$+?#$LRFHbO$bt*hC6M}RUp+toAd^5QJ;$fJ)~r;!NyDv2;9ga~`$vf_t8 z554ph8RZN{M22~C)lt^`N>M2m*VRA-l}&iuB_-h0qR{o;Vs1?(T}2=ga=f-ijLEo( zZog&Gs^!J(EVBfftp_XOkTmgdy<3eGFT3ZkC+jX9`L$4Eu<>zs(lc_nlX6FE8GX<% ze$R5f+79Vs(n*&O-6w9AY~=;=y^=v0SP`C6Qy`xq z1RD)FW1As#49Mmj#WZ#7G*ig??i(j?z4LW#GzkZU9PeyC?fuPrVq^NUPlxj{nQ?^+ zpM1(2fZG9o+vb#=ul>dgdQfa}Kb!akpw{qgh}_15u~3DfZq(@v1*ly!2U-PTsfsoc z5KU%oP!6k?wkKzqj0;8*k&^ zcMv|#PcZMA!XsT@og5DoNg#>`2av<(vzB+l_#2=#VJ89}i8l%xV=vho9vbs-*s)p| zO04?*!hk3bwB)LhRvQgrt?G?Lj5U>v!|j`)B1;Bk1O#D)EE}t9%SlQV;slFk7W&V%UCz}o#OV(7(?@@g5!Mxrw z|7_1YmG|%Y%WxrBGGXUIwk`)7xD7nv72MmBjiOez7Uqq_(oqtHvakxSC*qMrJf2G@ zYA8%zCp;nn5-I2}S95u9EG~H50=YOF*npI>+XLZcscd7}!G#wUgjy*>f9Zr{fpTjLh zc6*HSSjreQUjClePN+%4pVgIgNK9>fPb@3Ix1y6ScnkFq)s;6+^6C@n9Q)!K+eJ| z?)up)@^FA(F86X4u*bfp=WLgYPLIzO?~D&9mq(`e9w=V(>O%u>c*8Zt+%?zVSf6^^ z{kIM9d3gxeyuhB-fBS;g#Z!XW@=|vU7pj>lb3Ljdt)oTqsr*&s-$p#>gL)MKwgVnF z0>SGX(4ES7d7=?OTik1aq6q>yfdXMp0|>7MQnskwUIXh&A&}3TQ6Uupen9YeY<8H` zc%IfjqTG)~egD5+UtYQ5 z`nlR1{E))<*c9ZO@KGs@nJN7GIkc?=2MR=5qPV|EfjEHzddQbO+nvE1BZ$Pe88lT4 zW)OoJbjfbbso8Bh>VceyYB^xz0%)YhqftGEk@Un<4E;X(5Y) z7y(|s0TYkyLDGkI^fTik-8j4>gv*#^o^O{ItY$+*{@$x^+NbtlJ-wNPIF-0^?D z^BS>cv>HXfoF5n(D0(_~EDRlK{K5bFKItj+9X~1&=YLMPq1!PllwdZac)YQckXld1 zBFSXT3uc*hrx$>Alw&)cg=9V)&U=MeER__Xj{#$6w*r_596$DWd*ZzPv9g(4WS4G3 z$(W^n$#UoNEyi>0TGF}ZDU5WBiO&4NA+zR9%IWavVlF%ExEu@u`u_1dZ$28&-Eivu zc5S(x_Q|_tcWvm+Kfb?m{KlI|H%;Q@HQY~7nCfOIO|#B$f|RB~DGtp-W8vE1T# z`Pi|`6Nsr0{{3oc8aa>=;kNE*I+ZkZ#5EN~(@LextuAK^Eso?yOO_EMXf(z~8|Vrr z+#!le>5j6D2*@1@vNuqGtW2L75DYXxvnAAlf`>%d5#EG(MFD^O9^VH!8EQcfQj7x^ z+^f}uTI7`gm=WZ2Bl$yqYMU36t*g~YHWsv(JjvGXq057ZqNRAmnN{k=FnrCdvsk%2 zxHiAXRkA1ZKkNp~wED3sA`0`)a6WN*YC%=2hMEeTjw#9Td}G{9e9Z4RnU4HT*r8v- z7}ywA5li6RTmi!1usQ6gW3f0Fuy9c_sRxk(5?8$WvS%*i=_LG;fY12{e9o9~Yj?CY zGz^4qQyy+MW!*@o(g+xr%b5(u_ErQbWw||`X*SDuR77OJDw-^BjwLWUsG;C4B-N4a z96D$t3~qmHA)^>4l)93D!n zF+qb_D~45vJuBIZ)ysoN=l9qF6HMgA`skO_)26n|kg%su-H*pF@yEV~ zcc|6N`?q_h0UwXCF+4jwPP}5KY}Ry;VTAcI;(9)u88E98y3H9c)U@kP9tkW-9_OCG z{?O>&t0wY8Mph~0^POhV|2MI}mfg}<&2Ouvp@dKI?zOpP=ZOVtZh>MSj86-kG8O3!sOPK``q7TyX*4zRyhx*o)=S9Dri;gP-4ox)%iix@gM zsgZzC0K3-3@#so9{!0SVEV|HFDbOGN&?1XSlkMNLp#P78(G_>t$p7+SG?GV`3`R@n z<@^Bp$lM2=ofihXx|Rw>Z%^5Lw+l|-y7R%f`;=yT5A&~{!=uI{fBLn~cVBxtL?kr5 zxoNr5E=*BAS$jLuxe0$Fk;x@%T79neKk-vM+52hPrRSxJVOGln=6I{%n%wa-v{)2= z&C|kh*rx`r4)|;LZ8lpxaGO@l-WD%}oT*bjA^J{S9K1ieG?Y^_jN~?c8t2Gnh|rnc z^8V#WJZnS}g%4WWjgMMyd{HBrF{AO!&MnE!=?iZcUt@TLW8Ie9N1*wDA}U}Ol>M-> z{VFOWWuU}m52#bZA;En|07Q-oQfk;s1VMQA3_yXU4|*6+ohH@ANeWVim=%l;5i^Fd z{)xv>Az)NpT4>@i^|8UdgO91=^*`AE)|r{N?*GA_KmYSRxW2>I^%=sM?p}mkLjlF> zaXAA{K?8%K2oTZT&H&7bK)~tqfxif$K!jg`w7WwIDuU|{kLJPs$cjht*ww(jKyJW_ zWS4F68BgpjVw*2=`N^ds=Gp zclYi)H8pi=-|kP-ZGCz-*MF}<6aRzsdEm*5s4=#SQWrP^gr02gKoF0?0&pEbB@jS> zK?J}UWw^w#+Vlv%$&C_bJZ9F8cVbOS^`;cqp>O5^>_e0q1M z*vzMPcS;+7nr`%uhgy7Riw+fAuX_Z~8#YU8O2!zCUQ>fowyJ_(f3!8&C9 zE5d~M3GwTYhoN&IU}O;{2Py3UrDSb(NCohrD2*3PaKN1xp<|yvuRhPxAw@15SG8~c z!sxFaiGBO4>CfUzC3JuPxwOu(?=>{Z(M(ESnuL`yC$Qdz$-xFl;+5_+)`eWLlr5p; zOHdJFRs~hn1NmkiNcD8OJm6W>>&2y9E~ToaCGZwymr{~#IWGB^gM?9{zr89j4)ka1 z=e1N6)}KerYKMy^GE>6dOW*X9y1Ie2lh#kRhKl!rwkbVU&*2%S zT0nUa)9JaF#pVkycVKQ{aJF-yi8lcHTI6JCu3!P5K4g75V?*PgPS5(cU@cE0-xEge zZKNAD%|y=OPz3pQC6c&3Cq%+!hk44IhH80jn5}-erx)n9DD*?$3{Pd-t-)~JzC)T0 zX5yN2bJhF1V4D4$%_i%5ty`1sx4RTABvqnjwPG!V7ww^IeN6l!>V}?T*V^prrkT4v zl0ey%a=Rd>y{AkRWR=6X((|}dDCQ<;;+pCU^a@1+S8CfJk#Dta$78rG-I+*c*;3uD z(PiRiYw7OR#D4{MAo6##UR#$rbS(5UfN2yWzs{4 zw0;4MJn76Z`Ln~BG%^rkDmhvsIgPxEy0b) z#bLs07la>4mDl;bQSm3i4L|?A?*hr^lzt8Ig-jO=kzp)_h6kb;Jf{dhF64_h@0Ur^?-u6;4{YW0{TAGF$EFF#%f;)E6Zg&yj4%M!-P7t9W zUhxlLT?paR&qHnCp$A8v8>R>VTlTcPmLJQHIZ)=MG3c#9p&BDkthp|+H9y%EN6QkR za+5ZsdmQ5ftuY6>{n{o){HaT~41f2#!(Y2AGTj-l4=+!T#NYFt_~`WVkbR&t9k~m7 z8S!Q*Bs~eed?g;aQ#=-ji~ppkjzBAu417YEL|5y-fL=~?Jxm8vBjHUgeExa-g;-*7 zF1LT!e$y96epURvo(jg3ZsYT7h-X)YQLte=_r)omP=VT|+yRwiSzA_%&VELG2wR5D z!S)%-HPHTU8FqXminBli1iRkHGEF{4A|SI@7uy4OiQ#*&WuL*^rzYh~!F#f5o0)Of zR!y_KIJWBElRDaJ6&h>0815cbMB4FAn5^YT zjNyY5qNpd*RXNgL2`a{zl5HmZ8=nsc)M7@D(5vQa<|@^r%M*89H-)smH(MMYPtT2& zoOZ9bHDGiDA@Mdddf=d_rHX%@F6S3-+LJ2h_uPc%&+y5%7@q$$9=A()7K?3$;j@2a&}!sg6Zphy0YX z{wM&*oCduM1{Y3&?f?ZkKDBuf19~5AjA11ON9l89yjZk=4e}m;$xyA{%6sJUGl&T3>G7r~@Ei2){mSO%WsYfD8 z9weo|fX8`}I3!uoR}C(ECVLp=;bx%#l+$5dgPBovteTZ#QCLf5!IJ7()5BT-F)~Jv zJ;#W$nS=8*7bTd95HQHpHj&~rfhp)$T4rH#Gt4z*R}NP6%g_3%>b*ujqHp$8Urx1^)mW_NU zgwie{7&L6IC6xWb7GgI8--u#FlzYbw_N^dz$Vfsk^9Z*qlDUI>gZ_uR$-If};RG@A z8TB)g7ik1raN`NH5wNeSt0A>Mxo>cAG*Z-nW2xs89`V2~SL0-3Z}-8jf7kM^wc&8k zyUXhf-21b$&y~57026^g^^vc*shU)r${8IPl6Ob-P@D`7nn){zO6eF5JJ ziZ#8c&4us=DAp8kc)bpk*dl*nt~i7UyfCPF2SU@tiJM7>!jcITz8;X1;*vdP56Eex zo$RvR=ao{N&S8Y2Nj)c$9yleONSc`sxt#-%0e?`DV)4+>;BrQqo?{6l8uuvSRZ=7y zLJp~*!i%0|{0-v+fe&c!58Rg-)Yp`TG5Y4lb)CC+-LIb2-ye9tacu7D?x7DH-uKw_ z?ECi|`p{+FtLMOpCkdOeRF?qe0n|s_ZFix}%moH0;Cp(ZRph=AdUDY)Ail~tx3C8D z`{4r2ZlR9{2WEyS5Ar{}>^UVnHp6S zMcpq2Qh<~si<-lIpF5nYXIlr&ShLV6Ya!3P9LiN*w5I$)TOMxjs04o@OjiRM1r}x%xOL%S@UL3s32;4Pa zxhw0qs||S|&cl zDCn2OKaDp!$yBEi$2OIkXvB{M0S2ol6(uo{3gknYSM#LfnKbGzHhxr^xvWyTY^F%t z>VcW!KehHYqtWKxLB3t=%BTluM5BWR-64-VY!x$8v^yqeu9-=tX0D!|xq2p@p1zvR zrzgcSxc=`&^sow>djbhPR1eYMN%T&l1-%-L-tF~8yr@nO27UF6046QTR*S~H@qAROu-l++6f=_}$342#0|Q`y$k@SGc+B^-vzbO*lH_nZMjs$Uvc8HueH-(9K|%L_ay~g4ctz zj@yZ(kR*5=F3~BtZJa_7BFxq=ij}+oOC1ptD`>*RfymYk7k|CwV}th(kG+|ny1b5^)2g{+0;vanYm7iV^XP zNDb0+{h>4keDD1i`{Y=2fBy5p&!zjj_&rJZd+|?DmqziGG$cTXcwzw~iHHCO1Q|1? zBP|utiwZF6b4!ni|1*+rm}Uboe``BkipR?3SiB^4l7pFGFf*9!Z8L>J2LI{$B;@MQ z&`_#jRs@8(F4PQ4u6;g<@Q`*Adl&L#qQ{P?xPn$1&%f~eFyxW1+2ldv4>LvZ0vTn7 z1SjqfBP%UFUi*0P;{*Hap9p@Uejk`HgXkN$_!RzaB=>@Fi^k{6qA5O&bv!G)l~9l` zQJWW_AbAxUb5pScTjnE>o63S}c=JrR2Avck?Zjwn<%|YNtw02QCQzPPDIAt^2%={N3B|~Ni+dat{^*=g!sH^0 zf+~*4M8TGE=EL-O@hLruYBD;2d%^Y@8Vzi5)987_cHo|AM|YC^s!WtL7QI9byvRB+ zzNgcUVzDj|`FP#!uIErppBNYrRJ5^qudat#fE~EBYcU=)`8rg+i8W zk*G(#K-5eC<+UD2c-%-Dpm=l16A*K;(T4e#i`cY`Y z!Z--}Ku*|qcC33vENRp6zTtRp0f&j8%2+tEfT&h7Tx|H~k0x4vyT_#;`E`a3 z3nq>H*c*+8Df%{k6v?Yb%CSp~>cdgZ=)|v)PH}LU=0l~Aa2>{C1o8Q(u-F;-4?+x2zJ#j+3k@?%xmItIvu)A2&)fZ%|q0T<~N)TVqPQM7sb_jYBP~wbKcw z`#=6&I#2Ept!3YXHn>$hEE&kKHiU1mxpVJ@HL(VyQ(So993JkAG$U993KN|oP;6zR z5EPmBh#5RfzkuyCv~bbS>=$T9*TiqAHdBbY!{I~{Y!k@mhZBCMGa-=d<4##}jw!eA zj66U5w=DU=*6})c`*~QNkeGZ`A)0kKPog~(nrOxH-iT}j17XAOP*ug=k@cL%(8@L0 zIb?Ub{Q<@1jv8TyH^uaUDSl461Cg28ZW4Yo;Ad`!!)AB8T)^Hb*uDcTd4NfK0K!I> z2HnL~F4tP$9<0Y!$WH?S`;@=y#US6?)=T|e}f zW=nci`QfNQiMu&ktO(x0M~z;4ltet`X6xw?1|b(88lTacD{b}~Of=GJB9k1zt90M= zc;V2(0Ds;1L3(I1o-FWJhz0KFn6Ov;zW866J-5)!x(`tZX#y`;v>?5tE8H;J9A3oS zke3C5lbIEkxduz^h3B_gYn0+Dw_WU2{64eMPBMG#!Zu6Iju;2=$K3%;q=DE#PWW*5 zKsuYr-jhp5a_L;I5K2XZQB+zaBaz@~Ux1LZ$a1S{0YuS)3!G@Do%u{QcW*j#U({>7 zE#gZBz?^xX^FauK%eDE$=OBQ1)(nscr@x7G{V;#*Y$n2uqy`8KVntw7{!`!QC((dx zKr$c~o69oxQQBq1f%Y+{OYKx;W~yf7BjT}Q!B_B3c^~qW4i5)`ya{{eH=bP)|KT!e zNJ$t!|2?nb-1vWgW4P6-4jwGb`?QGWKZ)Q7tQx?$!DU9{QN#N7QK}?o5$7^V4ju)>tziNs1BEeP)!tVagxgM%&obUyE`9ZDWgO35S)&aZasfzXowcEnRR2dX*H7`(SW zaG!Z5^Jwji{}O{lsX^$e9mDf77&osaYm(fvKBWN_o@^NtTJf3dOx~E4tH6?vkj0L{ z+2{QeyC;+Y3^g7C36tLlO(aqSTDp)ir2p74MuWq8DjM-AK_jSm6>mAHrAk^Zp{suT zFpXDFe(uBiG%8G?is}hs+I*&ac`zxgOwZ2D-ZM8HnVX)Qn;#t;t29mz4%Q}zhHABW zfY{=3=jlvY(>$JXcV>3(-sze9#ww$48>&tXG#i8Wr95Z6UZ9_BXNr$N_|8P%y#;^{ zir$MPiX5{hDj>*(WkN+*3npb-hb`RGcMN6*b9(D=AtJ#&*RrE;`)w7nn>`tz&C%|J98BL~zF<=~^_i|s)6v7RvQlGVfEnpms_O=8Nq{sWO;;p%-kwaDnq{vs^!nc<8rX z&_k5#m)z#TIzKM?w;Vs)KOXHLx7#L>li=sye2L=~Te5%rRR4Ike}10jH2C=sv*Yqp zHpy-9oQ92E5$+(n$QFa#rrt$`$JaUZssT0a{r0Z<2FQ$3b#I z|3CimnGb&SqkDbXNDY(LsQdQ()<@nyY4LUc9*XD;{O9Wz;Gn=x5Lb&1^wEB=67YCH z`6z_oGK9jKWOLa<7zY+c74?t+WdA6ZJ;6>$BsFSRmb@4WO-DS)s|7+H&fyiXn24!9 z&+4#>pt1Tg6ePF!*0~n5GOg&Q1!tQY&?Eixo_pr75~@z zYkh3Q>hQ7BjUWH`=ft63WmpJl{OISF>D~xmyvF#o$AvqIae*;ES7?&WKmb6eMK44E zY4BIp*5VLwx8s5i)6C3fhbC%^W*gR7+wW{Qmi2LWaXDo%`~gHtmKx9SFc;=Kuv4GA zwr_M?%2b0+qNi*Hoftxd8lY032@ngH7~NsRIm7P7!$cH(F=ckVGMw0H+IbU-?=43! zL8I;SxhW0++ZOJw)Mj(CV$In(j?WPlno}1YKZ{He!|#axEyroj^7C&7&gbIelxO6} zA7BC%Ica@Il3fFeE|}gZ@XzpUUc=VoXHh}IzQeP54N0aq`1vSproczf!;PqOu$+HGcqFB7HJjY zuqWzF$`vx28kRJ~$=JR`NkeQ|<2hKTKkK6S^gwJ;5Q-=i3Z+A#6`&4%ZV-TFvt(V% zg>-T`kasVEZ5=!*A#DrwI7_h+XpcoNu^jSLi&eM8(iEG@pL7ZS^a;ty93Mw?Q>2yC z%0Ck;LSFKekGy>?IU8Hp8{9iRGjY|88y|J*?%^xv3X`+CI(R5}ut!iXMt5y&qbUFS zE-puSy3#JDn}^slJSCL)GjJ!EoDhdMe}*WxWY4(Dj!SCklE=>q8S8j)%W;x3e*Vpn zCwj(`x_P|GzMmgIg?KSPKG;9M#$M^O9l$A~%2b`um<6+9Ap z=Xv0WO5oVG*+d{M&=QP6@X3#+>ULCY@IVDzAFA9Rf&as;cFGR|x|sV|_2VZdPJFEP ziIWq5`|$X~4>jJwUP&j}gzAOAmxiP>u;0tLGw|fqc-W;z_Nf~(#WDpbv;7w@?e zy-`XcAP)LUcQ4+k*>uKX589=nW-A;DG7TM!V23@q=yHvQLXAazBqX=8+5EB+h98KE zeYai83=LJ50k13cI3Z zer%b2hORd(LyA!UE8YDBK(SHNhjCC{5xi$*YI+&|%k=uP5LsRpLaReiN4uA^+2#Fv z*XEtm%gZTwJcPoi+R(Vokpml8$~&)Sc>!;c;9>($zaAC z0Gou55cc&=ZMbn(@DbH7EaM5R=a!r(DcnIjt@Yeh>9ecQV*h!6ra3>jcfo7qqX9kO zillO>NM>v|LJP5Uq!dD$nCG7Pt`Mqu}1Lwww#0v4s#L!4_YJF*A&nCqUZlBg+R&z_3u-$k} zPGJ{pK4@5Fh%jN7IDXbT-r9Ej^ZoO0zQpmo^lSa&r@&fDpHE2O-sh*Jv;E@_<2Y$( zrHR?p|Nbxcj*D;T9UrFIW)lW+{aNH&+qnM2!mC|Bxa*NsnqseciV)F{c=IeH3Bwx( zGNT(R{W8vk%)ByD12xi)N?QwgV8U zD|J-VT|xhXnT}A#3{ZpgJekW3ibjFnEwX2+-y*A8A|Y#!k1~K66?8DR-%U&!GcbDu zGQ^$GCUMmXc?5JC&JsP|bfFZ=kHp4~Oo)Yay6Vsev=9Odc5PoiKVps_>Gb#JQu-af zWFqP+4yXM=vAFsEpq4Xy0Hn=N6eX8WZZ?cPiqE6v%zBgdwqcS1q_)WRIU?oBvJ^=b zRA7&;q8~&poe##4F(FR4HO2|o5uQ2+K>1hcA&t|+gWkaQTckG{q#>~%TZXK__Gi|9 z=2VlN&z?F0K&S|U&Wux`mBC&Z4Y*3Cey3;Zk4-_HOv2Qk^gAaSd0w8ORr43cZ=ITZW&bbYoU>nK{-+e>nq9BQL)V-0;8tTe&?P?S zH8v;B%{jmQ_*tBWIcsjtc{)yWo}Yg+!p1v}gJXy0G(Y|@KA+~aY0YWQodlgD0(n6? z=LI@nG+{L|oj}L`imuN(e%3l3-*Wt`^!?WHn=f(v@9F!k;}7FFS^j2>bOv!=`~>(n z;yN1@K6_3W#p(hn8nvW|rKVYf=^BcJKp{*D#1n<|crt*`QLo7tyHiAWk}af!d_I*j zVo8wHBnKj^XuLMO>KjAHs(dzv8Um9@e51`Z0W6FXfM2Qdnu{iU6I4}HKyocb`8%ES zz~_*~MGFp3Vs<*T`VeAgbHc-@hk-SSwS@bQNGcQjjHSDn1*TI(8#_3pLwwbx6{jwr z%uZB|%Ghuju>v@l)3E+UEI^%w&-t ze;A=}l0`BHY5h1V6u<%V&&Yqok&S3|HLRj?A|c4Blq_d6W;mUqL`m}n2CCT1d{CMa zZhnz3_q>oHy!8izlFmz>FmmVdYT7U-J)szSxz$pJc~5ZTHuYD0G0mThBpOMv?Wea| zvYz+^+Sl072JA&7r(Qv>47Gj2_q*{jL2t`s{+Fp-w8Y4EN~FeeJr##H%yt502ycms zH?II&0*0C}TMJ=4v6YS)QA_07CgTakAN6}1^#Sxf2Dm!9F8Cq>=45r%Zf~JFc~xyD z2jUHTA-$$~6%k7Ti0C!Z?Zejw><=bcj`DC;q%!*`i*LBRLO9KlonW%pDR64bV0KMB?>1_PA_=?u3 z%s0$y=tcb3sQ6dA)RIBmKgG%NLT-S++xVQr?f5qh3_$N8E+G8yY8W!ixH*`N9_2Fn z3e!jKx+Oz9kDs-U_hgJ8CmH4E-~8|V{O!k~kF4Vl<9vp?t}+{k^9iu;zlMGP+5g4P zPqH}#eZ_c+ps$Fh=)ZKc8De705JjWKRYVFZ#>m=Yq^7{e#f=^2A?)xNx(&DtNm$Nh zp{SwF52zW}!y%C7hQgr|1UMKXz9Q96d_{edSS)-!&V@d@_mUn1w>x?^Fp|mb9kfM1 z%S?l~xEQV+y!)Uh1LC4@U-4mg%F{YDnRUZT&^vMQPb2OgWvnFqj%`JG?J*(?k10nauWxCfURNq%$*%xljeHWU4I2Kr5m+7w zoxbqG`KPfg;4y&p0zDmj!Bb+oU}c8mF#dq9hQmfV;gk(I0D%6i0Hcc_1gy8?qr>Hl z?hd%@J9<2N4Zjy@KshYC^f}(|@l$Ct+6c*B$H%ucesl%Baxw%0QEAL0{r6rINaAu{ zN0{&L1VTT)>zpuap=aRYz1UrZ?iwXkrnT@AAxk<)g?YgYgtS@hOiZjN6JXCs*s9fh zKDl>(HME!*5cYPak0uOpBAFaMns*baD(_lKzz04kjK`N0GM7$5o%ff`%|XFRxxHiq zV}WtmF+i8#b-snh%CE~d$EE0&6>+|AMldgqHL*<27Ez4d*^^`jQFcRsF=Uq5<=lK;uR zUp&VAN6~=@AG?0m^O4oo*4|5(*|TN<5*@A zxoOh99?3GIFXEjp_p;j=nrvp9nLuIb&HFG%iE7#TRDL7~rk-(|=4>pFB%DfAe0JY> zlkqKwlA(O8-cHWkd+nqs?OI{j(L5$pF^?oAMjCRwnlLu>NJn5Z2D+;Ky9{0vGcJ;^>Q#sZ&>rn$JQuzzIehq zpRG}JoSjeenxB92;`8C-(Y)s8pWJ#r^Uv2=kJ3DNN(ZvGIQR}>5k`uEP#CLRc*TR7 zX0O)+52+AZ3IxK)5lZ1DjjD!55Zs{bKI!f)AxKs$#9#o=orn6~)Z5uD%}Tc~X5#hM zDz@=Y+nbpB;!0m9_m?lLv#Ap+SISzsAm)&BtXYg}ybT@nm*>#Zn{^Z2%?xOg=qYAf zfn|h68?a?jOJW@%4TJbRt3kw;)gV%|@+lwUL#$c%B3a-eiXnw$SZsbuD*4GuL!TGn zzzo8duJY1EYBjKT%+{<73wu*X0~6^9NuHR_nKw%(WEFdn@u&Q3&`?~bvPG~Q= zKg3_#%1O@08!_nDV;r~p1FEb42*lso%2UpCK9^03pL5wf)|bsdU$#ZIW^ma&X2l;6 z6103q^p0h@!5W)e{rsc{7CmI2@p!ZN#WGtnZ%#4$Pi=2IpX@(&{^s2B@VphBud}(u z&KFPc^8?$zpXL@nzdyIOoF8U$i=WTeOliycSE6S8K7PL71XBY3^soCI_Ve?;0a7g3 zt^M<`^h)#WzA+BaDgE4q7{r~SP6>OTv&{krkr5v1?%K+ z9#5w-$y6ed+QPk!@FbNQoQHg}HSl5 zyGNsMl|HKc!zH-6rN1vsc4~0LXkJrn;xO_oVc_F_zk4mZ3%Pubh@k*x>G!V?Ewm3H zM>NYa13Jj(RFzui1|yP)=B7bFwj~PNWP&z12)aLSXi1b&FQx>RbOZTRQK#N^e%4M4 zJ(2lB#q4#URIN1H2xZfV;)dF5V6oa>Bu9`r%-(H_7+b-Bm}A5-06rj73lJ;&p9NdQ zgI)cI{s-C-ts9uX?Z}?b?>YRId2!+MvCm7Pb^MvzXiy7Y@o(OY`$rFDy!;sJcSd+` zcb^V>rbj8ClVt}QL!>j#jMKS}azL05loJFe3-MuRbR6ncG_|hahH6ZCZ1GENpn_BD?Cl8W30eDbZtBIt_5Wwc%_Ew zKRr^__s?65?D=LTcb!z2rG@rt*?nYw2PeC=rqx(JnCJXY^>TY|oy~iSEB=&XMOIw! z6!){uUaX4r4tUBjzxes5`*}OQCe!&ppf%Y#|Fm^}FK$WaC)t|J&hPt;qMNVDbpAh) z-r(npC#>@kmSoS1d?)IeTo8_fqsW%i6A2%9i9kiOLd@8Hp91D+ADR?rZVG!73d=Tg$EU%+W*3gb7RX2+ z#{CAMX9vKUFjc74GQb6{tC@(J$*6;VH24FqgmJy20vW7;MEBlEXN35g<}7=%VA&8r zH^fQbDFZ$7!ti;@0aCF85j9)dle>|dwDtrbghs{1mp2928Rjg8Z9p$@8`};&xq90X zRB2RDomgA%_}Wi~7aO34WF1ldtiPLV5!PRw z*&1Y3kgZ|G6@+BZ#sbD4aRu>O9Cr#ghgeKg1nQH?P2<9q)cYK=KM1*jjRRfC@(I|F zUJlrQ8Q+grTFdb*i1>X9ar%OAsyh=dWD8bA&FS(B0@`dZMoZa5GLy_?R??|RI-N?V zirGXM0epPEGn1B*DcOw51!Z%sCh#mK2*L5O6mRbvLe$u-1`sP3Z%GSXf`2?*ihgg|G0qk_?71(eMp zDLzE4JZ`7QVfWxK8jJduBu3`J7#=`s*y*qr27}o&TYG>*7F;bNyM;l6r~vTh5 zT4>Gm+OKf+`k&wyny63e-3cv!5Cca4g;~v3!;4XrJpu%h24*hMt@YPQ%zG9#YX7*a z9H(X}3wr`L7PiZaIFy=g{Ah9G-!ikU4{w(ldj9ZcftMt|mg6Niv1g#)!EwxY*y|Jv z<+;?e7&+v{9lgAF1-fw;lLwr?U1w5{5q{p5{X4!7u~Q2pD{KAl<2V5JeJr+0-vN1$@bBi1}((Bt=9M#(4q2b&F&wkrCCpic;X8x5Y+1AYYtuj22bO=vXY zF=S1b;G6{gsst<>TjT*@J5P%}Et0HxA$7Jz8{8<>DKi#)+5z@kP>onwk|FAVCDyTr zDB#M_+35H(M*3UVU8si?3r-`R4vfYM&JT&wjf;=(x6Afpi;qiRNQ@8F0+HHk{k8qa z|K^U3tEF46f99z8tFJxI)-3kiXw9N=bcxqpc#HMqXe33HA+6JMgMIMEZre120l1Y1 zsK-@6b)#tP0O@nLl9Ry-e!wM1P$}lhCYSYqD#>8mSA-yn$8gIdBfJEwhuovvi>l9Y zVinvXEmKU{AuT-!+GN}o(m%MZoC90=i6fMz)R-9JGA1o8r_g<+%tTb z%?dkboZ}JUFw$g1`6FXYV!k6qu6W;@t4c@q$Kp@XJ~uVfDZ{ z*wvcmtA~!b=Iu%>A9+z9HbNN#q99dbOuX=c|* zTks68N=4=avh(2s_Rfcw$v*$5z?@U=kex4{u+B#|h3S0y{>zz;;OF1K>?(#?MoMJV z`kkLj6{aWnXWRfDH->3IN{BFXWGkucGk`S3J)A|&D#Jw^6?P5lIPPKRUxDNOoRKYL zT?5%>s&qT95$A8}lM6q>e)LDdew>GO>gyNoXV>liXlYga6apk!p>*BbvVxSqT0hN5#MN**`l<y15$5A7aMLp_@@WMG^nWJm>P?Q(Sh@!wxkv{@(DklOMw&K9pKHI$&K1_qcxivNo zYE&suqR4KMmbfB;dePnh6C_H-1yOQzqU7jAX~kpcvlWg$%PsC59o>7`%;La+c>oYJ z-S0fG&`g%~v9XEeCP=K3%PYE@JHce?0EP|@_8u4wUJio^0)NqI?x;cOMTD_6E>SrQ zCCDK}ygp!1>UDofNd~edJ@OcXNPiGKer0EMO3*#AtdxRFoj6L!g2}R>RZ`*G?=)NG zlw1xhG!o4`tkt|08_b5&?aNvh0oG!Ed&0ZhoAkvSSv?y!eBM}oD1Z2k=o9EzK;4;H zi5nRZ9V_wTaDH&_P#nIL2$@)8y>oU8pFbxoAo7mYWdTp*DJtecw)v&*wb)Z90<1a_ zV3i3iQ=n{fv_%hvrK+M--Ju=_25`6a6jtY3t@*{ys!$WpYA9#6x)f4m?iR&v!n6kh{4MM6aE}U)Yo9_`!zA~8OOn;G>x$I6LBs|EhZQ7_oYlUL+3M8EJdIqG<2WfazI#Ka^U z^AdGB+yd>-&tCu%wHWetbRVLym5A!0Z8iQ*%~Nh&svVJ(n9gk*5fuJ=(~3Mceo=>_ zy&k`aA%d>`4e06vZ0%^1F5R>l1uxUZ)T1fMe3dmEcZz>;g6ZNg!|P#;+4+!@fN*1X z6!A)r$8Wd$nJdDa5bz3e!gT?(0U^(BG4g^2bIB)p|Lj5HL55twpN30*F1YdD3QI8QfmzDJlqaX7dg90T_a)`_t91GC%cIPM6F8sWLE zK{@h9te82~LiT+U@r(U#RMLsSiPXv9Npz%oGWcZjj{<*WyQnLbYxb?IFV$OT1O3ia z^vrop4At09&@&hMadVm53xsdu7|)~h%yFDOb2sCS?VnF^bAEmgZ`G^0;rKYRnfUqe zE6A_uInE}yaAuVFn9ypW}?sFz8SxU8(7YfeFlIgo1dXGJA{A64RBl7XTZ!Egpe+gQGe-!ZU1#e*VZ|Q7FxgTeiI=-Wa+v|p}H zmP7KfBgfEZEDP%GLc(|Q$n{F4Yz+Aw0lyn4FvR}!p!O~_RWoj}87-Mod#)SHw%?cmvu4@$S)iN-GkUPT* z*+dc>C#iy!S!!X89v!UYa*54mXrLmtTA`s6+FX5TjyFNebvl=7ghne04cqID7ret4 zp60P2vWtFcN3`vE0yc8vZDuk3l0Io$QDGRtjBW-AKK4sHr)|Z9r3rTj$VAACifhb+ zDd^^-%+95bO<#TH(S1m=;5{a99K!_ zb6n-k{~w!Y4rl>(KINCE+1fC}zP}&82=e#^UDa!Be(;#DWvA28E$36dgPo7Kl@*T& z!t=oW@$(6D!p;{@GT#Vmz_#Hw>_g9R4Lp0mfy6aXL)F|luP{QExpQd zs~AhfCdsG4SivVEAMSa+{~%(M=sAh~@P#&gJK+d^ANC#gW8J6y-{-%78vC(UVn5b< z+7BVXVwibrhiNP_R^5DB^95BunrylZO zw5o~t+^qOB>7&4EYhOZJX-CNA0};yt{Sm`6-R0LjAr-_=NFPA0vj0i9&56$?iX#l+mh6vslNQe#kz`3K zm}rL+GvZmCEQw*Da=$Ho8Rr^8=bYe$KnGD!u;QYs;uQyb6-mrthQSf`IYaJ%Mnlo( z{3CrSTJ0c6P`7dZeVdpl=zpWfKOtRP9~!DN?g?;BL^;=lC_I4J(IB3fA>_J><_^d< zn~BL5mE|ZgU-c8aY)$KBsTnbF-|BHW|CTG%Bi>Z7k3r%|SZK@0CZHBE%=55Z{EWBF zMb#Z3JwlClSCl|ICK4s^CW{-MIQ>OsH`>rp+XxIS9y)vQ_dJ?^@ay<5-FIi@-P5<1 z-p!sp*T0dYN4V z$LB&1=(xs3*gQ7OqY&f_2v0QcMCAa1H$}?YQ{Jh^d^7?+qmwJ*56F|W34Z}D!WS(b zusU(%QRiu}4FXBWxEHbQA?$tznlRKyt2i1$*A~1$Er*EE9bsbz$3xF?R^Ni{D_!(~ zg*i{w2BVD4luBCCrg?4oYE_NO52?a?89^9xM}ZiiOu=>*Mv`@!RjksA0w3G^O}EKD zFCp+q)CwabQ<3^YV`MT?Tc{_hai11XR^qhr|3LK01t+d zi(mH-L}ntN^e98qyV8>*)45=|nD>dlJ-oVFjZRH>wC}!8LB|}d#iaK?hiCTx;QErn zo1Sz5c1*!AEST87#KL4KitV$rJ;TT)vFBUeBrLnQ5Y;p{@_HdLWOHk90OQdI;2%2a zVPL)Fg_U?5pfH9i!2MXL#%smxaVy4SLCPJ@5Y*@RzR9aBHb)~;hzDj51(N=+DerOk z#aG^v(q6r))(!%0L1X<*CVzJ!16dKi+07QCM0pt_SVD{fbukLm#VTH4 z#7(kPHIgvgE4GZ-8{0m85S5)G%fSGk*gpFdd6JAG1QLra;|gRyg9;E^CaSc*o5$DL zR3ar~48Pti`oTCHVIdXwDvF~JeXr92>OHX8K}0bmViOz`DxvKzf_##K4wJ+ZuNsLa z$9s~XA~fDppJSuntnGi}tTQz^Qt^e$3dpuSkeEe6#RmEnHr9j*8w$3$kxp5JN zyHVK{Ftg!UtEkW3E<3%NoX<5=l(QFw=OL>bOjc7}zr*cBMZMGQkRK38An8((pyH=q-q#xwaB=mcVF>IlDgPB1Wb z7(;+*nNA4PpyOw3H-E;MvY%nJVf$itnYw8E33}p;;&+`HXbi9^V~lNN*x4v7%URVk z#3oQlI%4g*Z1)aoqh4>$A=hJA%ZAj4iko_Z4Lw2l5#&Lg+jd?-8hPjoj-u(2`&ejO z5?!bdM(_iOTiNOCvpE^#I)yN9ouZ9QzoZ zE4=T*-|%B%@7UY$x&MV7d#ra}g+7(eyA$Vqh(1%ijeV#4Nl~!TiCBK=_)R$X33mMU z3t!=%>+GHT4jlW4crDJogB_!DsV`#h+~2`xf0dnk=Y>D#=c3~y|6aP+|H|(5E_Q6^ zy*>t8^mFX^sSD5JT>5PG#dKYeiK7=@6`z6aoCS8_GhJVv*2=ibDmO?jX#JFFia`%z z%Subx&(MF^KHJ4_VoG_S8$qSOaPg=>eX%=;nU!We&5K@L_bRztvuQy<-Zhu4WtFru zlX1RZdqR_tu{YmYL(4JZ69wNdVTMuij2G@NoquhZ={cN9Q;SV7ytIQ%glK9xT^4}N zu!L(2#u{%wz;YH(Myun=QZweh;qvNWvJ}Yb-TJ_EL7mKguG6*qw4f3VdH+$AW)2UA z6OHlMv5zj6=Q_G~He$pYQ|J!TdgthUE7XO+lNuwZK|ly^xMyN4 zGBGwWF$prqYS!X*%w{JChZ-Pz92#n#ZnZk&?TLHG#^2t0ur@k6G}L&26Fl0^l->h! z$499X3}riB2C*Yn?(@JJk=2K{FVoKmUlB4BfGPxa@mOJL_Y6X@Ui>ATjuxq7schp5 zK6Hr-jgLpfqB|Qgi}{?_ThKY5qdE*eN8LbL9fXcrRek3st>`e3W47&=U~xp(FQRco z#0_g9rx$(gKVY6>+@ct_CFx$+I(yMi`0;bX#D#A?6#_XX7Ncjo`{~`%^1kJJ_Af>D zFYVudU}U6H**iDgINj+KPS4F9@SX9q3Qf=!&1ch;TGrN)Ki<*T(yP;lO)nv;}zL zJvmLn9vc<9sLuU^FD5I*MjD_2KSA%%<`+;?Tht`=gH>#P*TSxQcF#w4&+p#77@in# z*yX9y=;%0hT9%uqh3aX2Fv6{C{RG`vbATh+3SP{tqB3ux#v{Me>2|Nor534A11buV01z3*LJ z)m^>s`>t-OTf17CQA?xItQw6*<5|6fV~nw3#ybRWNQBiS53_|m3wb~=PAtqqrgnZyHF9s*T!vse2{^wSy)tb!^%ydVi%j^@Cl+P9u0-K9_qw8{+O(fvuyX{V+MX{J& z@)s}#oAkd6>wOlPEXTRi+@H{ze;R4LpnPv8p6;C5nu!yqPM$h*`hpHJJ+2%Ge0ZO z&(6;;B**KrUYS~p#WEx4fZSYjRn{^K2K266LrOHat2;M;cDDOKa$K&D*Tb##;-fR` z;YTcnb=Yu_NpRSzGO2&Iu>A<4s(JOP0xRq@`u>~K^IlgllJ?*1_@p&jj0auQzuK(u zXOn}KQm|17m20ic#-IM`vq3sQ_`**$jP)$4`M!9Lb3-YHVF`((;;aBL9Jv12H8^>? z<05;~L?LAq?yzEquXOg}guRt3@MCI@vpQN;+1e(epg4RHb3_jJOi1838T#FnwwS5uEq4o)`?tAEmU< zJmCZl5rtvMfaC$}%)*u!9UmJ%GchVpj805UjYQX40|U84yIoyNOsU!xDOZzY;}d5` z#~v71k48%)>#h4s>*+@?QLPyBVR|Wp_j`&ID-aE&f=arLRLtDCx?*(&KEwq0l{Kj= zQt@f>iC#s4`q>q!y0u0L$9)Gh)!!kU;};oS0Vw)3qbun7bZ0;Dj-B1v?wPrr^4!k3 zxm`Q*Yn`#NfztH!@LFltc3AiM+3wugowE;&t>^PYJJvh*53N@p-BkNC4@2!olZBpW z#>sa2f=l#7^c6__a{8$zgD;aMqj7zr_RFHWk6(4=UKQE>*(*|A&t$I~E*SZwMT}LYRW=efU7={mxF};@c+6nOh50)}(k` z8rovjo0F4Rce{%=))>NnSw7uAA6u3LlceA7=g~bshwAU>W7IsXUJ5p-dqTA@Oyt!? zNiVq+U_V^MvH9!Ev&b|F=e>!79Ir=*4>VtG3pjYM(-U`Z{N+V#`zgU6b|zD3G~_B4 z6ElN}H={cyDx^ID#UY+y2HMt|521d6tg}ya?BisJmGVxIm>@NupcBLbz;$Fev}xV% zrn7BUT5Nc&Jh_I9yL5M(8o6nmHP#b}vGDr9BV+4@N3X0z_O0=L4f0Af^#3EjmQHIAJIB z0@8Ww-0P?>*)yFfa<5cs)!LbQMXp!s^+s=Sjo?}?=PJKiOeDmCYOQ{@QhgvEkF2NP zP+k}B+crG#LV_jOG#piTiu-b->mM7#&bq8mg^hJ+bF7vajrH^uJtqUZ`G48dKlH1J z_`|A>q|)Lp(1N1MkmUu?;s%o3dPk5cIWyXpN86*L z<2_Q1SE6ghqIa#OHP`z4$4 zVo97;*I^iYl6p%yVf9qGZ&3Bua|}zD1=^s?uxKZOYdEsjfOP$Yh}MAg2Ky#Xp6MLN zS2b@P$zh$JS*k>6qWiW!Og%!^i>@`KV*B&?*qX<$bzXWPx$bg>i|e_2!|UFMFJ7`& z5C&IXu$PeZioS)*k@k15;5fMT67pV_^Pm4S5P5T5-UAwY;PGs8U+wtdisAMo^X_}N z#Uy2(C80kGvzk+FEL8EtJoP zQp4`Ty5HZB*7FZF*5eP0p0h6Z1KWs;)w-!sQvEPRWeB7CvOJU#ReR}Mt_f^)!^rOJ?vmx!7h|IWl~2;R`59Ir)&4-AqXBlw(RLhR?Q!Y#?G$jx$c1j4oQv!7c5tY0p3@uee}q zR^T;pIM3Sb4_s=cUqru6Kk}wvWr^RLL}elUKCMq(dI+CtDZ85rV7q~y#Hz~}>R(^? zv;w2pH%nbPsPt=oxA}vr;^*lK%uAhIgJiY>m#51rtVEKkOWrfEcf1X z+yJyX)Z2551xBj}Lp+Oz%#*;*Osq9_tQFhsVxuvKdfoV$L{v_okYcVc7}AXmujg`| zB>aS(_1Yux#Mx-<0ko&+4~D2xyKm(&y^d`5D^ZTBI$uU`!=AZ1DX$U*d0En4UAAAH z)P|moL-wSC+=nsh&zgfr_9Rg{#wZKs0b=A7>~`<~hGS?W1187p8A@sDpct83OpUG8 zr`Pgmf>*E4hNF?_nOInkg=4YVZT8E~2#B1SjIR$Nm{fTr8ao?~Ja7g3P2EZT3Cpf!MQ=Z{Cd=KmpyA+}-M+YH;J5KlXxi5Ck^4sF&q+! zS7+S1D@1v2W^-V_eB|J%E6d48FA4PsxBQ9DgA6FM*L_KJb>lr(k)!;?rO_Ssx*~KeaDcA0S+9Bpv=eG-n%-ZFY3hM%gYe+KjTzXtM?FfQ#Y`s5$_Koy}|% z>?pR8I8+lpNd_0PV*6pxwDgHhglwG?fD5gv;7IIWIbOTg=Aw3rj(oLQE4q;4s5jeY z9{e@t9$G>&=>l?h}-gt|%^5BtZA>`IO`P;;eADM%Z z7;iiD_LTxCAQtvk}$M1Oc=~adS*H^TdImF<+vd=xP0qKVx$~UiWAxE z#3${UnSt<7HaCxCEuZ~M-QCw8f7^9~N_D={HxgYKXZS@-^pLcdW<)@ zZ?HMuhdRXDg+J!pT&*M9ZKy~=p`gdbbI2j*^>*xXj2Ic-*tOsId$woU1XBaHNU=_A0Bs0tDC4d!Wq`^90K7~2Za+C24 zU>7|efdmQ)y>Di^DR5VlYlvlUQx51RxPb4Q`K&cC6&4c#w~}jy3t5|gG%hC4IV0En zmRJgzyg@N6*#iGZDh5s7fEbpoe*U3CB$2TN^5J+p@5@JG+0FBjNIp_<1!As2T_kKX3{B-CyKW3qTPVWqzEd# zT)vE}SHFcUSE{yT-M|!6Hc2UnCLU1wwH-A_!YW$*2HH)=+pMwLPWFyDXowXlWC_)2z9?u(WE|(3Eikzr(I#4}nvg#f8Lts-kZ*&r9up?z@6Lu@j zBL1;Bk=o{u)eDfLiT>p%ft&qP_}{rneCWVA@gELMO}#>V=nl z$f|z*Wb-r_0m#qkE_?*Ie><_3C@Y}Fy}z^KqjYm0;TKj12aAP#el=H=5$MkiXEJg) zOaIzbt;MI#>k=gyqnK0HW+uRw%!@QnQpah#8hHLJ|DYep|FW zRZ`o{<;%AHEmzBC&s2w_az;rwLyl6`X1h-uJNW8@PH#Bv^M*70`o<%DHHml64z#;@ zm&H6|GK@6_W;b5TKYeJcCJlW&G#Y{*{vK#5uwl_WiHo^B3s* z{Hxjb|CYZGxI%P&JG=fjTH5YCr}#H;Ulu5z|AQNQ*)zZT!cF{5+@C>aK6c@p_TII4?<{=}x%}G%s_(t! z!iTl@R@nD&FLL!isl9g)-&>>K<8Qz45$(O3*x&tgy!V>k-~A2T`#;(D?zr$N?R&3c z_tNv-dEvLU_g;D7M*JSV_geM&pb8G~Kjc4&bq((PIqE3eQxm{%SxHu#|KxnDCVUoc z7)VatjvC#>g|EXe9P9whk>}kmbPaQH)cl3Xp=ZAepcEvLn@GCm(3rE;{+s z;>V2L;XpiP72;F-Yvim=KVT1pea3|K_z3?r6n61@YxJQ7K_V4)4!!$O;f>(Tm{!2m)vwblgR18jztn$26VAv{DR&R=%Q@ zoIOne0bHx)ca)7rW$idV_XM>bpf@^60zg`F#q_*h?{Zai=q(=;V(7-fD==343a-*ioumtTs<5V?tQ8<@0t#}2DgghY9x+r@x*M}#Aem$! zQ(RyOQUV#|5q&opY;@xz12`FKoBSc`dR^G8y2j6m8h; ze7@Kkt!L5f>|nXEgKzF$POhGAjTh3noyS|japkcgebgKs%K5}l%ER9<)2gD-ir3eM z&3dyi(M^~;i-U(0$5eLmP}6I&@X9~&f|wr8`=TDyqSBgeu|DdzVCTlT$2#r^`6nVo zBR^3G1-Yy%Cl%(>TE+4C&p`J^BRW<_iR1Hx-bL4)B35dsYX(4aLLZZK5)k=053G6* z=ZVMWQOzRx7Ca8KZXSPDmDfZ*T7Er*AgF{4eXDQ9p@9gr*v;&js*r=Jq!}Wq)R*|3 z?*Gh>-*A1dd&7iOEalxNOnD`{qZyeWo&k8!$96A`u8f2Mk#86kF!HhD5CHFJ+*8=A zapBXfFWcjtV2o<0VpKUAqYWEnF9blwMvf7p9~;A*=TUJyF#iYm z8TSv1y*)M(Gs$WGPaI<3_WD5g8_3~AiO#?9Uo|9SA0(s*j} z&ZERvQahx$b>lhWEr$FKYDyQ@#{P5QN!*Twn&95oNkrv{UI<&9 zPTPV9?jU5O&_AZEV_;^pNB zmdf483CT5a?Y*6S3l4eOEBjlAClCDAYv&}eBA)eRd!z7qNRjtk#POw01cOEwJYbs_Owv=V?vp?i!?;2cbl%5W`lWY2x|uBAOF*8 zrFM8ner6~*kus!r71GlKk)dnO?m)&+Gi6Pf!!B1aDtMxUNAH%kXYpvqU8gRUTlkAv(pc~gj?d5#BQ#W8>!$(vuZat6 z!Rl;!ouX)n1eZ-8Rrs52A)_)`@J7u+qhymqvdiqq$IIP;pfym8yVEhh!6eRCfc2nc z=57Xvjxdxp8^&}7Pc-K>T5_GGic*Y8FfH{vZQfvgIyZ6KVImE5zl(dT-2j;x2EPCf z3io@RY$8uXP0*50P`88#Q7=M~u?X;3_Jr9+LT)OnJ)j&_VjeiY$b6{4z<81N6~n@S z9AQw(Ijo-;ioMeQWO9*HuyPeZ#waOW*W?c_D6$#SG`V0`RS~9%KnY=boXR|y&-mi~ z1gG&ft%IthsAs~aH04dCV+2|&leb-;+k598WgvLU;cPB80?l!us3{d$c>G^`+v3}9 zpEa7tbUSZ&O?5xPlyG}N6Y`~#9&ztEE{3cZO64Vprp^wK!sAAIug6bC${xa41#}n$ zisCc*fGS80$E@ggn}~Edpa@bch`2IuG+KSqg3WC<&08&A(_`Hi2r_>+%`g+k7C;<~>Mr7hz#+1bJP^y4GTqmhqw z&%Yln?)U?C9siO$JyvR$XnY5NJGc}2LJ)b5@1*EHTlqO{R_WN;11=!Z+-M={VwpI-f{HLq{xjn~^$AGtUv! zN)iuKq$_Bn)&S&GOc0G%66zq*Nx&4C*H-hNqeEUh!Gi!08(S`0{>uiF$+F90l)Lr4 z3;6?g9gvjNzl;3j#^*9)GOshV&5C94&{#b8`&v&tchr+SwlIFjYFqbM_xz&?uQMTk zht%_xS{*<(M4v1$rGCbL3w(8y`{p@ranK|lo6Jy0#HpGgbpp}G^XXqyABVQq&46HBK&W)AB zrEy=`P*9+u3@mZncws3PbB+aVtrbJLoQ8`|K4R0*z7YLHAcDyu3QLggzO8%rCXs=m z1lRCZC_k!Gb$SN7OS*hiFkliWRzX2G^l|tZ8WuObp=(aocgYch63@z&;k1$hXheAY zc&9L)lQ#aO7OhO>JXT-ApB>Fgd?DVQ8J5Iye5@Xj9>>Rp2TTzo>H_T&q>Cp?z zqUqomwW@(5v_zVB|8~-03o)m0qAg_KweePwj}1OAK40B<39y{!-_`wA_wy7R!Q3xE zZ}3BJpdKo}PZcarlXSooGiib2^BtL3WSX?6cpS4ECsb|}7Q39w#Z~n4*{m(G5M_!50E|@eN@;~`N&)6e z##pIewy+sRB33)G6(A+IYR{ylw$<$f+f)lqCx4C68LcG-7eu2mQfft;yQ;p-!mD@B zANxdhyqd6Y{K#M$_*`HqpNOX>s==^zrygGWOlP^?eaG3wQ}AOh6g&m*$WEFJ;I;i2 zdEu{vto>3aRb!fV%}wJkxE&~70NgRwb`Al-Jvm~P0B2yU8pl7QRgU9xRII|@2SLy+ z9NC*1vnBZqRqZ930VYz^Bdg59_ISRNp>KN7d?(&4*}IiWpqp=$qV=58AWv6z z9*~n|e^+dWcTHDzjZ7@d7IU&Okv#c|dFT-|oG~VT{dLWlEq1Cb}V^DHzHH;qLAiW@+9DAO3FWo;B_R=ePfnDjQS4AVN0ylcaSa07+VBpR%xB_i6*+4kANsKhOhz>1ks$yKK6h!iVqk zXKcd~>a`?*l)%<-#%HCd_39wOM~~4lchJJ2I%@AxuXmRy}zuU~R~; zL#h;x&yxsY*N`xD%~UH=(L1BqM%k{_I%LQsGc3)(z;Q!LBpF!@D+ul=N*S0Qzr)q z;J!4MNkO*6*-`I~Wj&jl!^e7I4aLe%P z@4r1C85zjggY~RWj-_0sTNXy&aL=u|!inpytM2*oP3Q0M4OD7fk1OmzIThnGA^14p z)J1goABihJ-vLlEGEf*Rrq#wglAtN{cBaqcxT(*x*27Tqxv& zc|Ko=1cOISdf8;sqsySXP?MZ4%2n<;KB~Dq7c`liwiU?-&o_`gtc5~08`0|%y}%7Q z9!bw36^Cg$#ISop2;QJCZNW`qD;}p_AlR5aWe;qeHA`i2X^Ms+0uBS2j0UohS$!4w zIP0UqPY)GE8Tc6Hkn6`bOz-*s45R*P3m+U?M{V5 zh9|y;o?(!~iVJXY0Y4IYm<4PxaPtCF;fdK|_!J*t><2F=j`wX&;<#vk1m}-VtA?j8 zcr1;l%~x)7!{_scW9E1yv z(HZl2h%q{CR+p8PE*cDrRu@!pmms)Y=u>Dlo1r&YtzMaP&5L^5JnwXhg275^1fH2V z3WNe&$PDV6vLH7fzc+{d!A**ns4?k;7LTSe@$af$T z+kK8;uGGr=cPyP6eC69~8{a_pu>Z)lstn%_<}v08z0?qocni>KJSZj8rKL35YFRjR z5z|{_y&fRXo>hwzVQ8mb@64tVJ5`&6Mj}8W%6QUVZ{kSMDalq32X)Zpv?7;@nH6dP z9)2fGBB5q7%W*Twin(C5`NMW|^Iv#Gk3F|Z0+!;wHFV%NYzs$!ef+-WwSgUTJA=wV zC1+oaqtn>I`>j3_lPR;$;B}2wOal=(jhY$aykI9}?W|G%4~ScPJjx z;hwZTp0J|TtKkT`Rja85w2V&xe(@>n!I6=tkXQv~>i!xrP?}l@F0GRi(`oSLK>c`0 z$}zjpXo87Io)$o+`aDVsi5HmS6r@%z^>x#=wphf09$k(Ye$@FY)6LPK;Q+5QS}m#R zk-Fzl{qds~p8x)EEbP}Ab{KSxN@_Uyo{b;gkv(wil~a{dr%zYze(_axMhoiqvJ?EL z$ery>A=6@!E5f@`EOPN!Y)>>IN0Fi(iMY5j{Krgn1A{6RiUOK4qTfI~67jfP8D$~Q z31(7knhhp6nCw7q6{@rPxA8XN(UTn+;+)J(W^ld)v(5xXoAuFb0>_J$vTUwF6HM=C}&k|N@IQ_$>1kr#up;2xhS1M6oCV4iT-HuYAht#Rn9abM6J zFausbCPLn5iYwz^R0g`4@u10!9>~1bSPF2y7b~z@dnuafJI(Uu?vxzqlns^UKl_a3)a~(9<+vB3I+Q=PcBey*3*b4g@ zdNZiT%)>tFF|`j=WBN3#40cUcM<+^FNf$8bZbvs1svEkQTEGp+l!da+ynxs=c+U%8 zW9#o5%*;lP>?MwTm6-gdNywBnhGI*}U48Tg1LAL}?`j6ix%xsQSUTwOA{BVaI9zu) zBh}9G(CiA1(}#vqBSK@>ZEqZzo1oY3q~eUHlCJSn(QJD=i3yljfZg>IVL=#x@2<%G zE>$SA)dz3(i%$?(K!#QimL-nQleI<1P6G=r%ECV^78oJhBSMad2zm1YvyI#t z-aKt)A{*YOczy?gr9Gx4b9~7rILrAZUn#UA*=&N4S}{SmO?{29^~k3OGwd6U27s_G zXH>I{P@+*kbO0^FtyEZkshjn9Z3f|>v0XP9B9qs4XZPVXl$|L0GNtTz(U<1GRdFVW zJ}0Bjs5JPRQ2>4!N_VADX;$X&+5nw~;g_gj-&UY~{B_4S$~<+W6ciny;g66v zyFsJG5gG0;vdzd+-2-G(l<7-lT5M(Vg_o&K7UC()8H6Kq22p&4XpQ5Goff`2*^OD_ z$$GMr)FqRW&+A>3C3I|&lEMD2{lcey1Lx(;s)ddszCK&Y?)7OaDYpQ`5 z;&C8pTtZH`h4m!hG~0k#3Y*YvDuJ=fs{;15o}s(zhX#l3{#Dk*@8AfN1t^|-b~2-J#Q`8i=)?CTifPn*|hE^PW z)M_oSn6M^)HKJaLo@9h+dzw)bHkcM)Xqi2c;&8^Bb9qLCt*q5}u%9gC~k)7Pe^mK%*>zH)d^Fy*!I!ue-;4+@{@dEP4djhvR`kco(>KcMwdK^=x0Gz&l*f2<>BNw%`W?F5sJP%T(YpJZca z0$a+0%-=<|$)__fE9tJ$nCBuMf+5`jV;k~6G)pAsOrhl4Tq7LS7~OuI^<33c(bmNfXCLoU=HZY z<-!7|#mT7=3k%L@;V(3dy{v|zIf9^AsMXb`95YPG4+K+P)9H~|&YMoJW~cTS(j$3q zrQTZb+3mS%Lpi)ZI=HKp>p=Nn0M55!kf9BQ|!EQ5?9!$M1|C#?bX!<>-7bC|5J$-J0Ui>k(_CAXJ`oFODa;O>G z)5)fq%@AgFH5ihE!B8m_3Ob#^V7p}s1|2INV<>9O*O5m$^{m=ao-Fk(2a%@f6VG`H zehJc3A=6Zw6($Ud7|6J3wZVJT(@BA0cO%@vy!1YP=ggqNaGSvrE9E^XJctivWs~uG zIqwc-6stEsX7D8?qizrZ3gNSpO?OJ%sK^;Hn4RNo;enit4CePbY+^X$jkOE@FG!-~ zGYkx%S0sjtwRH>Z9k*}_oavRFVY7IEOQ+E%7*-pcua|AsH<-{m^PyK??TBo(A7Q^-e4f0)8PP5HsXH1u@UiW$A)%Hp{d@Mh}h=7Dj1s2EJYRISN5Ac7gx5X#ht`zg$ zdt;JSa7A2^!MxvWtllZ!iFRyX6Ten7nCx=MEy47hFD}oPkPt5zJdulxf=J8b6gZ#7J`AcZs!Pgr$n;CL%OVy$qr+jN~VpZxUrP{tj(QpXIE`**=BdS zZElCd?Y7wl>Zufm;59c8Kwg{I>E<)`<)n*4Q9)U2qNfF|F?r~rM0H+x(T1kAR)k}T z`@$mzHOhi9Y6cg=*xTl;&$ona%)Ey^zYPETtb<VfwQ1*l^Hcb=pH!b-Id`ZY^LpcXT!}Rt^?szufDnhaQMnx76VT)yth6{4lT} z7S$>vh(xL~;zS;mMghO#nU@7r8W|Ssh#`?Ks`)`_HL@_$wn>CHm^2}zZ_x0jJybuZs;Xoi~wPaS+ zf9Zaf0v$a!J5P~NguhHIpF-m*@R_J?67sI|FZrXQnP1Y0$)W6Fdwg)Qm2IazIs^LC z84Rg%AfE_WuM=*O!bw+nuoy9Hyr;Rp9r2e(Q({J@u5_NXm~W{~=`haSh+ABPT%;!V zKxa=lPd00~PBGCCSzI9!DIpRw%|>HY8}gEo#ypftr&kk6Igv~z25p8Wmr8Q!M51B0 zm(gS1BeA3knk&_GxOm{?2IwC-gz@IsRc|20ID3vGijT3kiJPz#3yJ@-9B>)=1A;qN zOAH%~X7etCS?8ImryDVc*)V!=$lx$K1DJUa(kyoJPfJmiBF2C7X1(5gz-kRRJ!vI3 z6jiFq3*Yj#!|sUUNceyW#-o23Xft!+KZWbDK6Bj7otZefO=6_s#o!Iw1B6e!P{=r! z;{lP~)$0qCdx)y%x_7@<@AU?|_I$?c<;D4|EJPM8%zg)RCD}rb5VDL$&LS(bi>z^4 z7o^BCGZZJR(E(|=NWz4w;mX7^wT#Z3iNXa`L{Z(MTa?|%O)YptL2|nT3ua3Sp#bK> zU<+bv8<1E%|Fsk7X{+%iQp~n;keOiZ+X8C32l-I>wduLS{xf^>?S#{6S~+;g?1+`C z2Pe`tU&80`m~3(3RR>NU{Ky**D*1LiJRav?x$)bvnMkTW_KLSGB};xYdh{7Ui@P8{ z?iTKZ2km61VRbkbLs2;tiiY6RhbvUe>@Z-4DX^4?ha7&SR7R2G4~JunYNrw0ptuIO zk`|uXTHQ=&YBC0nL3n_3T8wg&-I5gt$Ajtj+Noj3lFljnY_;7Hq;bc^V9r^U6$G-P zCkNZ#yY5e~OC4A`n3=o163O~3erYfiP1V;9ei!q3;a^c_H_3k+{)Bg&1L!8p5roys zas=tvp@~J*7e1J$J`HAR*Dzr@N@AUnbd*h=He>XSlye%~yeAdHv`FF{)#j(O- zxZ6rCmB!MO$}Ag08hnOwMbe=CaFQ&*B-OSj$&a$t>m3j!@vfM4qA`*&kV(&TPA4?; z$b!#eG0dBKaa$zFG}SyK@J#SftTv5nP$?@2P3x=2K#^_<-4seV3LJkB9v^N<8$WXM zud{mwC#GZj=BkU=w`)uJoH#vr?7F$bB7Z#4Zq+^A0eNtAEM%V>A6sq(C11y;%+9qM zG#}^%BT(PkGIv|Y&7`72Qb2J-3LxKynQoL8*C~R3=AxZTu_T8$UIL<4Gr9P;!Hj@}SXbH|#VxY^G4PlTLJy zr5hR}njnG2dA#B}QdCzaaj=6iOsrZ?VNk zDwVoyLniW4cW_@Ts&Br!TA%d{4iEb<{s?j{X%Ciw;_A(it0zh=c%$T*j?(P2j2I|L z%$sr1*vb2f_gNCM0W@J*m^gW^W5exv2$Lmag{_zb?$l*63i|FXDP=CdT*{;m>uiU^ zVVzDcp|l5NVIHv&LY3QEE5vY1z?j?G391k!UZidWRed1-OC?aM#ZJi?LX6A!8Kh;oQjR zG^X84m{4mT!1SIvuI?(vGZzC!QhQZXL>(QMzIeDkJ z@tdYZeLQi>{jusqwi$qH!W_0|YpqCW5*QpWj2?_lS5MTsm4(Sc|8#1hnXcG9vU$R; z$Z%#89tPPLRi<0MucIW$n~&6XNNDC6lk%_=)r?!vfK@|)1UNp&NQjfKkXwj8=&+sD zwQ`)b0HbX&nURxFN0ZqsC%a|AEa!#Hd@ea}GUd=eDY$?%UxiMUE>`wWq|H{lepZK+7ql-+OgDw;UmKyklU3v){0w^yIw@s+vqZBTEf;JS z99iKHj(^s1Vy#HDR$Nr<$<_+U!6K0rd=!a@OI#6LW>pEIOI1)&LLtt~o6QB~Fr3e^ z;NdXDzkS8PO4_L|M$2DSrDKm4w5_&QNrtsLp(K9h@nCu=MeUhs2^s+v=1b{`rCN1f z4!DP#p@EDd7G~-hPtdW`#UF6}h2CPd=!bV#q{l0hd5^=k)9f^R(;*Kc8I3)qnHgIo z8nO!B^nfaBe$4*_KAj5pwvH{F$NC77l7`}bR>6SdbL0_3X#-0iV}Y)L`QPsA6?cr8k{oda9pT=47tl>bN0 zflA=JJFy@+RDfhoE>O^j`9ZxDz?R8!1#f=t2~^W9Qkb=q0lkzZj*ED7dLRMmR}DrP zt^z|?bgrO8%d?`>q3bOrI#4Delg5o+nQ4E(feaMFD@tkJ_8cX{sfp{woS#Z1)f%kr)J{;2U<;Tl^YP#GV!8aDoiZ*+ElMM{S~X4FZ#7~onD19$s6nmsfkPuO5DLexX8dR+o@YWwR>^lQ|?a%KP`T0adDBI@elE> zjlY_C#mvTE@Dnqyz&QT^e%tqxpB9*R;N|F#{d3{BbtQCF@*zqv%u5}2lpHM)n!hle zLAhWda(0BBilfQ~QL@caDOn9Si54b`u@oS3S+YBhO!VT&cnOY_s(@s7!j+o21*@iF_I>zQ&tz51$s${c!D5Qsf(nxM-zTLr->-g6ThPF^I z&)3XKa6xjLvzZ0i2u&3WhyBChJ5K>Q07MO{oOUw>7@3w(U(v`f0K?y3E5U$b0OG1g zWSiln3G+7P3K@F&5jm_o9W{)cMC7!J+z4pF`&i`uKa5$?2)U-Qu4+k|V>Tsq4f~=v?8wyJELz4$p;-z2cUY zw%#CIXVjnnTfVq+<>;ZfI~jE9%XdBaP`lgOb@v^w-AOiz9w}BoM>YS$m_I*sqzT^A zi7`(}oa{}Qu;eo#eJPK9$|jcCn>MmToh-KkLhMBbgG?usVvHk8Fd^wioF7NV`RTfI z7<+hNbZGQwc|b0g2Zn|ksjkZwLsQJL4ho4*aa?(93@w-%Q>8#)(d(1F(1Iq*qs!wR z1B$iv!s~Tt;5;<2JZKGs7rY*GDZk*m+_X`Ss5)<2AW1dkwRr=Y!&5adSbVgj9TVEX)PB`TPm3}8Me>dg~jyH-r&X?qQ$TSb2qlH$>uJ1kHLhw%fu9i z&L(?wCOv;`v|cRuZx_!w67^y}aGm)30`mXb!wI`m7)@Pv0s$1{=HU!n*i-MeW{xiG zEX}h0_haE9_^b`^!WL2O|NV1Z9rJ+MqGSV7;%hW7P)+FA$zVbv2+UsZv3;gweqUrP!d`k$v6jImZ2LO5Yf06 z8JR3zV7J+{pt%E`A~?b6Gob27C&)S-a8kU$TsAI9X1hbs>jc9*Vn1r8BJFi}vN`zr}mv zl@R}ljaqgjN0@qE_?_m3-(vhb$=!dBvtYMk)zB{POn`?6<8j2xmb{5kM3JMGZW1%VWs2RB~i!W6}b1=qkuYf=xxc ztxd*15({$_0cc@D5w+v};(tDN@Qr-a9xY9l+*zCC%@j)ZTMoLFSRtUq06|BC9Bgze zUbA`DG1=t*bZ8Sz!d zN){go(8F1}K^=6)hNM$%(9t{%dgEWm$||^$S@L@>JNEP6vF@n%At@@C91+n>G+{o*6%dkG@nS!LHcni2O)&`}2)P9)PY62Ma(U^knDbaes?blvRP31(1Os%KH7SS^-rssg(#2zO7E1 zO_5gwsB}EU2gt*W9GvvgsE;RNYmwQr2{oz-5G^d%RP}r{>QCod&VzJi8eO~VmdH$S zvSKpsT-af>1S4j@Y2!+y;{Vj{8Yy`z%EotjKV1Gn(Wu{8yAsKO0rewnJO^SIE%I#h zCjKOJ=XK8b8Nm|VSAvc`hd8uN_zXVZiO-GvNpK>3>TK*oE((2)`y=dr6hN^1L+pOu z;$rtdeBnIsV{t!kSMUE0-OmRi+Wk~pr`}I)QTqF7_3yiL?0)2cB3Fw3{z3JA%rySK zIi=lyfc&WJ?+k zBvGx_4?Jr$5mo$e9?VyhK!$vCz-KjyTDlA})25mL5rpZCN&sx7O`*y+kSKz;(AFBZ z6ih3XYi}tZC57cmFy6z8I5kG()JbGi^$DzI-}wuL(VWM8^dNDJgg;bHhwaA?p0uah z``zDld{^)U60#?l`jE#Tr=ufWn@mQN{9PN5CL`VqOsV8}jeq0D9TX1MEsWf!NWrKg z`(v9&kQQr0rTteicZ~MJ$3c7RXMx3Lsq8DEJv@D9`}`S&Pm}kFeJ9!bj`}-4@BPm2 zslS6njzaG{7yr&5s=tHpM0?*+f9LzX-}(Jt;&(m;FCm`iGQYF+Jiq(H&F^T>1D%9$ zIXL8mI?-L}H#&t{oV;*ZR*#p}FnVYqg-QQqrfE1%mGP*lW?pX`nW0KPnN9&q%t1Dg zo!!Z$mSnk6ts0i111V58Z#@#QRVw)vAl5Q}9BX~1`v0NNUIb@VLbA=~I??s&rYSuD z0t|r6tVR^(D*w^(Q#;ZoF`{6u6W7$|>q-vphum;loW9|{ah)eU6!%tgQKLyZ{B7Rq zFDA^A+Zw8j@v(4yDmnF$O@Y=Ciu> zcsd^G0Lj~> zOQbwfK#EI?gkvQK#B?_9j%VHRAPSQgV?i07ZHrD9kIS*V?2d_^`E)83KrkR447^#A zT}X#{ijp2lMW$>f$|bm%cpN@q(Y+oSDc+}25hUzmFgcJ@x(wMKlmZDf(oUWJuJgMq zmnWC-h$07LemM~P+{iC}aTzi(xdXW*_0j2ffYf7tLMJ$DAQR{al~TAJzQPvwL6QsH z8k*}exn>G5xlqOZ3E>`m{sodK+#2>dzR31%81aT8_u@GOY?woo;pM=a0BE|Gs9XhZ z2j(ook?HH?hM@2aj?a;GOP_acqwtoE5+%Qt0LW8$MjqhTv zh}le}Gx1D3zQ|=EYP0!#HcNT-LNbX`|1xmeO4&>?F`rAP9Z}??A-z5xMPUqF@t85% z{@Ua{#Ug-el;SuX5L%fa3|A`c?2{jwivbo-zsb4@46tdkk~awXBbZhGy{Y+RZgwbI zIdpb+q#RewIdL%6UKx*%jUWMh-aY3%=&iUbPP^0BI5@uVJ$LW6INhchS703APP-4- zZk|4Tc$)Nm(sL#FU(=Age|?S{1oa?M2Z^fSia0VK4jntUf?9DF$%xlMJ%=Ao1qUnh zu=q(-Tk`k<0|pd`v^1EC+n>p|RG)Bl-k^D-1=@HIqG7Am7WYK4fm zm9fw!InAiLiH_v^-MKvuoj4xdIiKBo=U#g(5w(>kol|9dVq|q^svC&Q6R&b7!irg5 zbsmkH6?1jZa4dW6bVsyG^V8$6Ioc8o7SpFD{%0L!&a!*fC7**4Z#*(_A245L4wdR; zc4BXk&edW%Q&H2Irc|BD3i*Z4Xv`A4VTd-%j<3SyTN(<}bFgf}@i?!TlERu@c< zjuat|sSa$F)zKA^b@5ckHcCOrQ3^4k2!}BaR*ZvdfJnSVZc6GQp&c1E8M}tOr}76a zSNm!DoUq%70pZ93SvWr5nWUsCk^Y8Ae?ugFRV2n@qcbbF%Z3U}(459>GllcJd!B5O}4{4S40GMjui4lE9Z>P333eLNQMSKyQs z%qNd;R)od&E-&vMN5X9|;Bwdfn4ZScwzsa7jTx`rVj$d}6_8A;khh(K`P4QB_J+gz=*Ts1@g zaoNq8YK}5)fEh=6dY(Y5sQW{FXLQLf+|E*Zc?Y~kKMP0i;7WTp~EMiX$aGzjE zIuu1IlDNQHEYK0W2FDjW2f%*(RBPyGshG*kKx!bBT1|W8blQ{lSPV{!^QhXT2kDl8 z-9lPiv%C~+q|(kz?npAm57dsJ6qR!>i=4%2=3OUL2fs`4in ztSs;k9_#r>z(T);O8_bIIx9(6s~`TJMJv@3TUqX!0}*nU6ChPiC*a=$92W>MCnE5= zg@`K^LX{W#)va!VBP4^N`2<=f$D%?wVz#?n=s;pRBHLgm@ND&xM-hrT{!dn{YJzR? z0w|hVz-0@sTJ^~GGX6_E`JdI467mNzpJEm=f#T|jvGYgw-U5g@m)$PQ9$RN$*A~hR zWwJ$=#o@VecJDj)P2C7j^i;AOwAy0r5^vvlwl-T+A|uP~-5by0qo0E`cvRFc3Q6pB zvfdx|Su0L;eLcCjn{5CZz?rofH@4P(U@&08Lok*j6#wbq7A<$X06JBd0sJz3Y%PbnB7f z;lX&(_EF&lr2m@sAH3$VI}U~RNjp#7wa^?u`x&eqB-05y*xI4=856f-bM07UCYzw& z@;_i}=K#qbe9mN#A6G>h~0I9|j|sgrnpDrGB` zgh&WRc~G~gBE#@Nl0v!rA`JL|9MlII`a~KInS7NO<^ivv3(A%%7clGes^T@;Tv{oK^;Dwaaht(+h1X;c4}8VoIP*5wo2vnjCqVx`^r6n1 z-|@~lUkqG3t0b-6x4q>}6M}2vZO4winI9;Zr~byPC|)nsA#K|6yso19J2<28F)Rgo zpX~QlHU}SMbMRK~glfN={cH|Y`iyrNIn;UU>ix{eBCz|RSnwv{qgVrPWgZ3#90;oKl6>R5@JaRA zc_Y4~`5*?E4}yM!|AnrM&(+`f2)s3KB`t{jmKdXY|NDCPe?;X$&S`B7cP(o5qQ(Y6OF}|I2zil! zMhuJ1CSky1dyI{@c?`BC;I%OpV}oHlNYfqzZW|=T8ygE_8QI1lFe<%szlf}*Tf)rz z8L7J>v$l@-miyg%?z!jU>-6(~Lib?&{I9dQ;KK}~$JejP5#SzTY#dC2uP_(~Jx@U6 zu%?d#HX-3bBEiVJzk}|f&BpTA!G>dV;TvW5p#MCLgZ}fzIEaHh2gSTTHWwqtTyVxc zgb4IyYjzvo<6v`fYTsN4yeXjHgZ?|{9`xTa7zaTaXZN80Jl%u-^ZI%~hdN_D9K^Wy z)}+9T>A^kd7&narLQz@|Y#cCKRsA0H-$C~s@YfS{a``8Xn? zgntKH_*{?<5M4;rO9zUVP7oV?k15Qs9lY}QQmHJYOxpE2Y8Z!5(wKGjkpShED&era z6xZc1sW~0BcYv>=|DnFwz`YC*&M|YqAU})jq(%Gpp1*bV#BhD~H6PfLY7W_+IIFaek7sHzXD?KpDK*gSV%`&3Ij+4r zEg!EPyKNENxgOR3;B=D_=b-i&ejXH9sT(DH;Guzgj2G5_hUWLFfCRQD% zw{fb0K*s_gi#{4DL@*2-Kw!cm78anW2xm=!b!%!J)7hz1A`xf1T+VGaO_5X4Xp?v8 znz}^g1uNXpcGrtLh}(PZ&=Fm#xCZGLNfJ?I%LFWlHw7A^1(YID?}&gI}-Bpnhzd$N(O%$D7qs ziP-sc+7yX`{h=w^cuv8`NZSEln#0%`vIpxk`4fq zZ4{>~${J=cfli6KavL7Zccv5#o-BSUXq^h-VpJ5vza+xZwIU+lzRC0y}IXgitG> z{kT0S3--j|wC?&{QLjgGyCb0`!D1r#joeU{>qa7AKkMi5Hmd>ND>bENvIc*Zm9y_l zY~Q{1?)uG@`fMp6THdnuMyso-MMov!jN8K=tgbx&KZI0dSW%m3B8s@Zg&GOcT+6{m z9_A-#PcRGyTY$wpEqaU`b=gTX_%}@kBuzzzX{x126B?7&unib?hBvq}mNP^#8CZ`i z!*JMp3q6w$`VEsH0jN3yEgS-14%QEe*)%3cb3CZ5KYlP~%6n*t+{!_TEr zM@7=}PclS~UVfPpdb=56DiC9_!1dd5A5vG{*Sxn4Vl@b8gM~=^>LUERB2k(e;5RYA zjww~_76)UMel3+6(lXPh$HDM*3+;_x2$s?GOmT#YW7+e;Q~5j7u9)W-?{d5N!Wfw8 zPb$zI;Q44&N`%~sT{?Pn=C!B0XlrxD^ZeUADD}t(NpWEHc;%K87Li{-n8dgGrwT)D z733YO)1oBYO3KfK2n25Gg&$&bUPL}*l>4$KkCLSuB}+F%6Fx)}-k_Por*UPl9m3i$1~w0a!e(Rk1cK!#%M8 zZmKAb#pP5l77o{X{;oxqi%XeItiW;c7$j#&VFt5?31a7tUXqJ>Gqw&Zj=0u<(o9jT zJUCzU@@$=Dg(hRV_)gb!08163ycn+LQsv~#Pb@a(s=?!n!9Z3%7Dyk?4W)dh52O#( z<5MklvKE;ZE~+Pw&jEC-*Vbn8N~x1rzE$xw;)R#B>gS4!x!KcWJD&~|CyIrlzc5xT zm0?bSTYm?2Bp*Yq%{cc((t>BH=y79sk%wW37_Ngn4Ganfu1@DsjV7o@0CbIroHa^U zXG@r+EWOIm=cp5j1_mZVLcH@3{L0QK_yV}%cM*}dU{cqM$mF6h{7^Kp9zg^4?z(TH zPz0YL(B6cAa>P^FM9C8kIh|G%E$g{%mZ-rwuMho;j`(gR(?G0X--uI~L$yp8ekvc| z16zfJtJ_W%6Vo@%=O-)5T3?Q)Wz-#H3dla7?eVH$-T9xD>0+Q>XCH-Z=akFIQN@%evM#}4P}jQc;L38zenyB``sk&q12qgmrpy$WM>=UO%v3dKeNh#oPGDq@hq^`( zyIB=!<<{4{s)!0wJ0w1Ng-`$}an+ag-mb9W*S!egVO;{65Io&T8;YH(~Pi44>dFXvAvPjt4Ebn7tUq-Wpou`q93(_ zJX$<=?qqyX=R5IVGR5KFvY3p&fS63@J1NZn)nl@E6jQ$K&Z(KP;sCS%nT( zqhmX!4yK(9{a$qlW27<;*%#1t`H3^&CRoT!5W){4D$OI-CKwuBbs%SsX;%4=U+T7^ zsuQwnk}nW(+7#!b5AiohJI^(~DSdO8PfD-LIuyBB5v@aJtKIE!TimJ#)l`3kmH>D* z>Vvn5dYG?Z_xE}CWxQqC?89Vcv4?xKeI3}WQw;rLsTJ&bO05tm$=>6u$Z4_j6<4N1 zR3x*3&*RE|U5?BNOgOH34I^IYZS(Nrs&)$YH$~=}@%{CZ9I`4=I%p$UKdTWk(KG9X z!Y~{DE~nT@1AJ+sx*k8m1%q9;^+_raCIMeTBeh>u} z8>2^{3)-67^u7qwM@SyN<-W1GG5R<= ze)xu)a%V1_JyIWBuU=31VHm`}3KHY2=orIqg5bfpJz@^QIWPq95%N9!W~ov+G~DQRi;cllVPdeks5#id`T8n2_oQ}3JL%wm z2em~H&X;cL^kz|oB5P7%1m-l8KXS&7J7f^k?RkH-;Dv(FzBk8cE`Rjg-D+`0++j8A z5C<<_Hjb$==Fh)x{{A1#AH$fCl-$FZ=xkva6V8@V{cQ1Je)XRRmzB;IHvjwu{5;MU z0&jNbz6f3y?a?OoC^TgMukFwb=6ztAd|Uj(!tWv$uR?>hT1bbG5e}oH!%BfVXi0=_NhOl$l3Ezr zJ(dP44xfHF3^o&4Rj60t%HSLNJTtqBF{hwHVl$r_dY{+th@Wj<@<6t$4W8Hi}|2_%@F1b4;||EI8JKn_EK>G`i- zzfl7yWwo}kwFo*eJ>95|0dUFz@8$^kB*@T}L^~eywPZE)#@T%VP?>Z0< z-U@|mVeR?fzb*`9xuz}t8F0j!+$^8ge3K=aTb)EX%<5zq!^$E&FPs7o8(I(f2Nb>0 zfa3b>BOwJTJL9~o6r=u$oT#1bI5RGT05df7a=jR2Il(!F3?N@RYWI zlMtwqf4$q~B49XiHLR!_0B&_goX?_TSWZO-R#oS6kygm zKJ?Suoe?%CyMPNx`|B7IrsT`;R|dRqMzw?^GteqIXioDlGD~}@FeCx#>%`a*Y}bYR zykMOXmUHVD)62=p2^2M(qyy85h;CnKPgD6BS0O%~!bNQu0&^^SN@ee@eZ2sz zP0G23tesJt%!U`A1m>b|11x>Laq^G10e;?pA-So3%KwK)gT(`2$z4`qd-?!CV$`Yc zeC)dMcq$!i&4lOBF|Z`ZD-<5GErjW67kMa?)>Z{#8`#9c7^r;bK9_+m>Y*5!=BJfYiX0P z@5GBML`I{lHid6(q`-F*>S;dB^V{46w!;J`O-zJ~>vsF($a?rtqqUVv@DpQO0cSe9 z<#E<4TLSu*@GwnAj(5O2*yEx>5NelY@FFzJ-Sy7{Xx*nUOosPuq4bI>**;DwnHHr`Oh9KVL33kxSDt&C`OP|0~4F zm^<$4A8V63T9J&79v88a*n(lD@-&|`jr4U)9}p|{o*`HIdj^QYEe8P!Gfkxe+Hw3w zH%+vgP*AZ%U$7BCnQ2UL6GAQ8A6fh>B)9xyJ6Jz_vQpp$h?wgBn zBS4cum9T+mIOwIxs7mogeJYf&qE=u$xCqOqtg>h*;qo`~BPwXKM5aOJQq zC?)R+Mm*@{P=Q?$k%PAgytQA-rBf-lt(eIKgKp?dMoBEeCYnt!oXoZpI)(oTy=DIs zkV`lfmHY7E)1dai$kz|*5*WNoDq#3SIeT3^fe$~SzZhzvxgWq=qacBhU4`ZCiFgC@ zUjT|lHvSU7^|NDluC1U>uClVt&e;yr<-b~oQHpcF_@Nuxa>ga5)>`u0t*PqR+hX6Gx@lf@+c%=8 z_AG9f{cjdZ{AVXG{1o;$@lPKSM4)J(| zyGENDKynqESqoyI%9Qzp)HjgMGD(Y+X!F{!txF`*51YVp6#Hz$Rn3kssD!RUvHA04 z8F0NqmI2qRtSma^mz<8YLoAoF8G8m5XKr`2nMV29I@icxu(PRDqD1tJ;AX-pc|7G! zi^Fbril}I$)oBbiwmD6J{y$}WNE6K%dt=Pme&5IT+O@u{d274PhJJVCbtFX3H53Y6 zG}xp$I9@(>=d#UZEw(dpIgR!f|HZF_D!G`==3g7n#By!5HMA}#ezS9;oBWNb+c!G= zvZUF>p2cq7`3QQ~I4nJ9$l8+@LMNt^9WUQ6X(xe2B6rSz61be3`UpB4oY(H6CVK7_ z!G@}El=-6HnVCbTT=2L|eRN9{ZGwAH+Rmz7km6#RJqML)7|#tVC3#zhq)CWI1sH+< zq_p#JZ^^ebvo`Z{zMmWE_4v#@Z`=9){8z9Rd@np9{5)6+E<|$oXp;_)+iG#55SMeA zT`rrK=h;ocPM{=EK;=3*-1|_HZ#P*vw^{Id&^OmEpdw$d$;JHWX*h*C0x>OVG8{Bd zMokCvTF5-`;lV_qzQd$;ZABP0z`cs4tMY5}>-k@6{Nw!ZNc@{Sjh(N*@hl(R`NsP{ zndNn09Kj_Bc; zRvIO|!`;mm@7#i5 z)l9I~3>D+jD{g8mdr}?^<~J3nRwLzv_eQhH;tcyd0T+}#=PagdAySB;8K&R_u;7gb zr!ZP^{JQ6Uc`5oZv74BxEn<7Rx#5_47u%oXc z;5iE>2k1Mu%B9hdD#rzLknDEWG8rz$i?M1heM$vgW($gzn_isiGwucn$YXFy4YOwf;XtIl`8b+n$=AhqxO(=L0aHlJI)i&Np1IA~ovf&tKDc`KN8g1seiW8Bx0}fJqYYOfk46wnLXKAk zxopyEBVB7cgAr30@f8sX&pfjWPIcJBk^mEFsUDD`w_RN;+e10@ek&)WpX?qDxtt`7 zxP3|~jb#!=Ozy+^k!ntMDKRyCB<`HGK~QOBsxVpsvmlbJWawExh!5Yw{!+QSE^`rV zCp-juR>~ejiR&sfI`GOz`^7hg{ldD6Qas72@TgTz^?Fq`pR=wjN*=!vF(t$wx6p%{ zb_L5q67fYBB;S3?-EuEVa2Xr~1c3)1&!#@?nFgj^8VXfZDBRn#m8NoRSyDThP&(u> zN7i1`)f9+AN8?amz@$3umZ|YLmYB~e$(XUn){fhj4_Nk$F%5j zlx$VWVZhnN4n|;M7`FUP9~?PR~(igC?6Jw#bL8qW~L7< zd6infm9X~hb$hcl)B0%Z(U!SoZ`slOFquJLSomFx2ToE{x)PO-QCf(>&}<(x?y#6N z{TMC;i0xhLK^4{Tuwd@=hsE-j-h3hFPK|g+Zt?-J z^cJ*wWMWPoe(#4RXEc$T?PR1>HL@DK)jKf}AFsuMlb|sL97&Va{J=E-pcy(^o>VJy z2%B}fa`PPztq6iE)2&et-Sz1&ITLVz<9?AxP^I~&CVHpWuGj-u6OCd0doZ;}#mzaL`bJRl>E2Lca)>AWwQ@}|6c>kPNU4)VCu z>9h0poIfBW6P%+Tl)xMDdW4kS9_M*w2{MXUc?NBHzjy1Sh7Z>axPF=%pEP3b-L(mm z&FhIjy)F*bhOFYyLOB&UyhLs0|2E=Gw~q{;or{FJ-tOeu)TgJ`rnUGbV2rj*fY8O0i5K9Qkn@O zY4rCCa}({Ahxm!Yq05J)jko@_^uOMG_hWYk-}b6kMve;?ry@I7k=)~7@kcwEuaK=Z zqlfiJ1x~19)zpA6k8^);8IS**hQ7S3ZAPe(XqmwH;L2DPgiC6x=vIh$5=+U|8Vbr; z)v4M`#qKDNL)qbU*4Mq>#G%~qx>?1)flyOb)7{|k#t^Dh?W3}?mF3gUR%y%bbU0jg z=5;cs6GMWr7>o&dH@d*)V;CMf(wPIQ$31$iiLux#T~!9PPR!wFsFsawPd#T)w3*uN zZr5Y#B3lX;mc^=ct=aptwOp}(^IUd3)2e32S1aTGu-vL(B6_t+O5m{yzn7&vff>jqPAaf zHt$_ z=nXUuJw9{y&m|LTDV>m_K>~5~nob*hlstH8f2Ng(h@ILZAGgI`kyp|pZ?{DdG*}hT zIHQ;i@g4J&DWcP21hC~;c2%YLImyzk$uxcf+?XqjyMz~?*MQz2*NqQUA4MKGt}Nw> z>r+|^-yiA7J+T9Ue2>_z_EMvbr3l0bm;432MQ2lS7EZa*>TkW;?6;%k z0&50Hof9WkcmAU754ubOdSX->o{BP*jSm_r9zIaU$!a(S53qh8@ZdLT@*Yb#L@q;! z_*o3g$5(RAC9bmq&F#XcUA_!i2t=Qo?dLNZWsdT(4p z1$Wm3lxC+>sBS!Idr7m zULLOn`0sp&@9uTVLi~hrb6`D%feBP>wkTW|wA7HdLy$F9sMa6R z?o9%u*~-{gfJN2*x&hjsCKzfVH=sw3h><82My5#Zs{NJbt1hNmYRVf4Dc;m7vliPCGqeju@f|at_ypONv-ofu&WJcp1^FDH3@)EZTfJymX7ao2Xs_#chGfCv6yx}%R3Fc#iaJT)k3M7Ud}Yy( z;d1C@@XVO9R!q-ezCc~UW8fp61PB_OV0`R^lnw$1s+C7i5#cs8kvi(VHNR3CTkHB$ zp0nN=(Pde)N`D-#1^y=73P0e0N^^EDGut}TdiopfGp*UoTy}OroloujL2@>eoh4sH z&~vJYZ_B7ActGo=E2>$opmfoU#F@EN%HmW+XgkD6bLfsUtg>A7BCNz;9&gFneT#0Qm>ZPSre zragbJ6r@*+z9(AeYL%sK%7vicUKtv_V{)>7W21PcGjTqVJ~uY`9`#6}aD>K(=U5Fi z#;3sDqD5KP(g>Y1Xz7Zy4LM^$vWoyx25n)V(lXfpDh_9*CzdQdvLm3><*}melG_#AjFE^!m<< zFYcdcr6%g}a2ZeKj*N}8{Qn3Lfd7Cz+#L%$mS$dchwPklNZ!n7F;$es(a^~7P+$?y z_l%I?pAdeDlR5bl7KcB;xov)w`+@k}L^T^0Ba6Mz&f4H&Qe$iWb+KaDWg6z=u|Q06 zn7ZN-;g_h3Gk|w7nsf&h$DvtlfzR_l|KSv}S_MFXChmR& zQq7L8s>}Qh)W(gEx10EYe_DaVjlaBYt9r{9PZlo1aQ9tLh`ol3~C+%L@#L)xdpQ4Jr$4HVA z|F%Bf-)1A_w+HU@xzMm6L7V32>k}d=lC5XzpkB(NC zD6aXM;NqVbzJOO$saeo`&{(o*{Qc;*&Y4I#3D5sTn}%Dj3)Baltk|CWWZkbC#z#S) zFx5)*^!~`ZB0?l`yL`X= zF4-jC=Y6O5SG*?g?e_ca?}FmLc01^sY;vp+r)#z!LzPezqj4ts#F;10JcfQ?XY_ld z$n+(Kq)3Y-U<}Fc7}xu|l~vsOHKJ(WeoKUM1%r7RJVQ+j#KK5$+hwm^GsW&l73IO( ziDF*Jc0YzPoR_){wmclWx1r0nSuW;JUw<2q-j=*yA4`3G{2d$11lQHVv3MkWKB3== zDIShRqBvOgZU%}gBngGvVWKP8IzQ@`m}IeyzxJm7Sg&olZgf6j$fscMK8ba+gLM;u zDj)VPdVAP{pH3tKPym4sruZCzfXM;1DuZr@dRDApOr7rw48-9XNA@L&W3SuK2fLme z1||P%=wG*vb3CsJpX0xYdLk1S_&9ezVjlsO$!!19&gE%$e)EIg_X#`QI`$sVXM|7k z|BUaqa48K4Fn3-+#tS(^Z2is?kNF;J^Q2Gn78-h9v4R7e_=VTh`=YK~)j4QX?z{W-DENb{mX~`I`#M$H@-DF0@Jp!g#SZok)y@2Z z=G&uBGpffRcw$$C1xOt{O}#%@3ZaXTHJ1zbY$Yz4Dil%>;LAXOk6Q9&ynqA+uQy#R zWcq3{hURO6DnN2Cu*7;=!P#U{!2r}cC^tq7rf2r0W_TQJgsD;)(mwwJVV2d#^#6&> zZY`8hoDz%-pPX<<9g@ZG&JJaKwN{`cEv;QTEAh8Uf5hM8j#S6f<@NchSR*Iu7Slg=8O0aBMI0}pTQFV? zUND|Iu1uqei2?zS$CV-1AS$r~2Uo_w0g}z$6K{`-IKim-yw;RhcTf>Y)NG~at7|>1NpU(LO{%EX3Z1r90i;>kbe0p8>ag;10ueAG((AbUl%obMj`PgKt|I_JjN>7^vSA3|@>7jMn zx;rSg&BKt@$%YA_@Rz+{t*{)pxry)rd0^vp^v7;@5e8X}Wv9U$)tW$jd)< zqA=4+nHR*Fx!n2N?m6`Q7ft!``9v$NWBw7;#L?J9krDjQA4`$g#(p*y((zOwUY!o_cY zo5rd;9Yy~ZwDKi8uX6(ao{iUC+B6CiS0V~%vWmx}D3Q1*`Ru^#SCHRzIvr@g>f{`} z=!o$Oy8J}Idt8zN0f*1ocMEn0EgNJx^fjYXRCE9Y3+EtyzxxTqlB1(KYkgqVh@ln= zQE1J-#RB9rA8Z7d*Djru_~X)VS6cPaamDH=t^KAv(oEYeJCBnY`!Am2%<zsu44euA(=8GHJF|E5Mr{+%>$)YW7oHPdXHsDgzf4~@J&1kDG;w57 z7|`p9XE9z*?u^#5S$m@0?y#5yVTGi`k@9f!XsWA^7e|0ng*CW^0-YNMi60Mg)5FsvlN+b@0N(%OT+QaW1v#rKk4zL0Z- zCvKZjPo&<(Z}@ipJhwQOU0j}-iX?^nuS)1$K7Zpx)M^)Q>g~k5g{fwz@&gkOJ4nyw z6z+g6C6Pv6KfCa(c5X~dVDOF3p_l*ma{!954ER1{-Z=21ndr-4J{eMv4}X*P-6i1j51I5Mgdl z`iPx>ls>d|0_Zc=?Z7g3GnD!0^5;YDSfP`@eCN(POGn4l#-VajitzHK()iJ$kU!Bl z{}Znm;lK9$S3dl$>Dw;euAP1UE8qI?;QZ>cvk5y3+85u$BD@vjRfliotdNRpg@y+z z7gs2;3RSbGwOKc)U9ny~UZ{nYx>B#Na%ddGb0M@qv=w`WLet-qBx?^mR52D8YMHPM z;d`KwXl`q@iFKC0rmX~n8zHVBo}J#H$2gr)_)A7;zme5Vuf9M#(2-|K#o)MfFfG_- zIHafvG^Bl0eA4v!egyD~d?GY4qs1K58GF?kk+dT-we9A5VsxYvL!V<8zbe=~0Z*TA zh7X_EELG3na6FdP=9g-#4~#<=>bv7_Ua74fUdYB)HgBw!Hcs@yJCM;~>lQp^w{SO3 z?_bw^dQmV{ZP!Q?3c4UyS&{?U|EHNE9A2NW0a-!7vnR_0b(8o6SSc5^W!se7Xz>mJzG>V=@iYsFb`=GCypo7#{-r z&TgFN?3CY?w%G5U68!bqMsnd$akM$S8gpjOjjf(pSS*g#m(F!Ywpyk1a!s8bN=9na zxibG&?=SyC`m3m=!;M@G7T0WTZ5E?)6L1AAs;k>U?aG1 zG|8r8)4{OQA}l?${JQ4q(d|PgA6mY*bo|uWQKS-MM_zNwoy+KR@x75-UjMdr+GF~e zMQ0MuERN2kA@1#D4>2w)*n3tE8nYND7tSs^n*!XgXwCrTK3wzx?hbokT$xxf3_lYO z#+5PCaMi15sO<0&%3@O;A|tc0Lc}umFL=8vdgBm`Ymf8tB7iDMwg)jXbVPUsJ6cYY znZ@bF4mVaddX^eC4Qws*bM!Su5IP2cyhHrSU^w_2BE#iCr9GJ!t8>}>bd)bYxPD2< z-}>}h#Aqix7E;V$fhvm0$dKt-^DI?@L}VW1xNQYSSi#>_>_nD`qm{q3a_5Atut zo#AA@`20ic--ovk-4QygI_$j>N8x>ey?;NxzRK>m%kGc)9hkc;cgtl?0o!04p1g-> zfnGT*ub{D0FzDrw1Yb#V!DNyPhw(8N6xBo$>Y(AUMGguM(e7HZFs{iAIqx_VbUyiw-ShK$OouLexFBTVWSj$cQiCIw<|RqOFtBvy$1g zf)IvSkv=fzhP9j!NDe5VX5o%Gg27d+RuK|}vfVDrrc@6c-%!s~il|FmASjF3C|cb( z?68Z#duiI~BL$Iko(!D!J-2-y$6}wYG}spCYXetDXIrQyBK3Mqc`z)n_y2NoE;e~~ z-haezyjY4RGFuP_3GfNL$d45QM;&KxXuRU|oOtAj^Xv`voAGLu50A|{`P=P7b1Ms@ zbIzT2;ngawb4X7K=h-?sq_1M&u5ZBzzdGr+n|trtrK^|LbhknGRLN1`xi{cG$u`B2 z#fpYnFiW8^%vPv{ISol5fc@bV zmwbVM2jU`L4|U;UuJs^dB`Av071x>NeX|xI1(77u)W~1M97*QZZnK|dd(RYe=hk%|hGQ|AFI$O7VBQ=3GAkc#zzC zmoJ@MSzbALY55`6KWt*>Pbpkr_h+mPFM6D=La=6Kp!S4yvP$a&9alv2IWG?dRCEbj z;dpS~cusVv!}ZxdYEWE-j%Mm_85?lwn8w{s>kN0*Q<^*mDM| zL8fug#}{zMD0*myYy;sK8*C)hSXKV!*!bpTbTabpW22&9)Rw-K>!iKaoaCKyO8h;? z9y<2j_UXm4%__X?>%!^_srFQ|UN`^HWD=^ht|{jI0slibCK>JxT6%9pf)t4bSr(WU z1I7j?3dVtzxYD?2WjHM>Gzh9QnR2A|jR7qL{pnNJJ^kL|zJ3WDcwTariJHk$!&n0J z#6PT_xT{|{o_WvOm_O@(&BdLk3P;A(NPVW@Ogg5$g=eNuPbLxlUigN*vNNTaU17_b-Cb2q)bzVTB>lbuq`Qjlh<)gy;0u78mDbFz||Y{sIF zMcMb$cdxwrjzy=}XVyFsb@D_Lb3}6;L+sQ99-V~W_pBDHi8%ag^zaqN_^Gg$I6~l$=a|B}3do77?Ob{73K|hzE@k^vBhEI$UkV-#-FH)pHKf-(wd<(tT z#)v&s=-EHYJ&N1nEKS5)ZGb#BGlG1p1q~J<=|5D021E)2X#x;o!3s9BZN$zgR2dMp zY7ji^t|XXv(EIiU4SW7YcX%LEJRn_r%rwxb88S0DET{}#^^7k-rWlb;VPv5q=VLx} zKp*W@>D4#nViw)6^KyYM@0?lF6^n;|Vx{TH9jcdKdFv}rv^}{={?E&cH=I9LTBVpIehyg^b6bvg-Ucw{J;&o@?nvg<3B^4|BZ9qKt{OQ6X7qbrM*`hZqf#A5^&U@{n{W~-5|KAL0)i!$mb2_=+jzurOBtIQAl z`%Wp;^$d z3wKMNLbW(qmaPG3zG?h_i&Q7F)3={$-*j~HzUlEB=gT(q`Zfv6*b|miYbqxNUOT#; zoamP4PL%v=T!Mc`9P{t;PoeH3jFB7W-hUa!j&0!~+HWWagoYu;FHLD76!Zce(JOm_ zf}l16L_S9U#Pw;d35E6*Q*E8&vg_8-NMRTyno%Zhi9>$G6xkT|77B?bNZ!YWlgxm_Pe0-acVZtSqDc!2;7hz)6gX2e#g9{8PysI|e zE2^EWwDV=vT}{VFO5w)P)?$1pCudZ&i;mm)i=9!gqnU2c06ISZ(z zbZkjRbVvRx!ywzm69os&e9+?A^%omIWyg{cWWL>le#z)H|`LNUK2_}Mx zunnPIkCaizuxSbrwof-PcHhH3P2(*2L#jvB)dEn6%1#P)#rUzp)L9Hej-4xnX{uOX ztJxOzYnJwKipDxcW1S+l8S1Xd*}&UCn%Z9kN;r6-)xdI}v`)1QK2eCTI~?uCItnF% zLxu8YJQA^GHYKOY#BJJ0iG<4d$luq!PHf}rPu{_XhHJ5V^x{Mqv^P;2CKGud1AcCZ zH>a}zp@#~$-D3^rCQcpdACFF)T~L~S!I7Dnu50B0dY@LOih-Q)YKIAhcyE7aYUAvg zBaIvS!?)cq?h@l#H~;*9*UsKjx4A3xYo!*Y)R_&$Sn^+i4Fu2#9Qb+kli$Xa3XO- zvIoec*Gmqqr)OuAM{Miia57msc8oIbO;DEB(av5R!xGn2N$!u0mAI`HKAzg>FD@nz z_qfrmNxrs~cP5e!7t|HVR#JP?-83f-V;IZo*)zV!QItai4>*|&=&n->bFf#;e}={$ z+DtfjSrplU-PH9Izov};f-#p-q#nyT0eLNugC{Z5PE@JnV;%`F&c zRTj;{aC^4hcEk(qj3+3%kr2z)V=mqvK+g)QmrWI9n@JdJYN%K5kNLb-Wd1&osE?0# ze8F5?;wJ?mTpmq%ioQSp^XBo1j7gXh`0?W#@nAmT=cjo-TQViOcK8t zHf09=ME?mkrN!M#*=4qD32mkmAJ>7f+0&1Zm1W7)niHs@yRuDqdOQCa|d6bOni0I0Q ztWc!)NZ~}WK9%=5Lb*sfu8f~MTsf*{JV!?lFAjIMd^dJyTBDw9PWAGiak~9rSV{#o zVVBBkbgYqZd3u(>P%f^{)sm5v+3K)jJu{7O{tDJJG`_ZIOpB2_>k#==oP$Yp?)Y@2!Y zdLubIGZwla&mZYW!<}ZybyIw!HO620RA^|ZB`Xt$MgsE0d_UX2x9~KZf6EKs6YO{< zh5JKoSfZ$sDZql;K#(NW<-6&no6Z#%9my_oXAFf1LM7#4)E z3JrWGuDYdVNwP8>NEk1pN43nYa{*pNURjPf!XX*$Fi!;o=-92hH$N7u92{;g9uE;mAyfkLXxgR@7k18ER6>rp4{jre?$cbxoz0rePz9yp zI3T)ImO+1YH-(&E$YEBgo2TImSKkt5J~0i$KCl;vm)@ZhNiQSgrD9+(M96wQny7@1 zd(?a>up$Os<7ZMQto~rgbsQ5R+5Bm>6kZ2A*v4<1{>ahp-S^x*()!@(^AEK~@UmMx zwY61=4NuHfDzjrF`o19io7Rw%dnK?ifp_o@$F`FLj{u)?n*eozV7zUy2EjG9xG=YZ z>6G0orbIzxkrHRNIH+=Nm!{8Zo(2z1OCR71$$;)cF@WS@b*Zm7(I)s0tPMRnwD#(? z`lI#r#~#CK{}kKDtcL+Rr`Fhe)~AH|?&wp3eU82@=#fU}7@SArTzi54D&8Xi#rqVV z%gMg~IK3b6^YL|Pp23Hm0mdf5rx1b8RJrd_O*)gXsgV7|2FYVDXl<+)m7Iw*%T2{- zi^V8+7bC>lkpIV9Cg>RrW6i(=V^ZbJGs9Orw9X*zh3gfH4{*Jz_3^_tDvGvI#37J^ zPFAgk6}tkYP7c{aj?gxQKoteiJ#|~FD@tiSQB%cDXO`otn=*<+6-dbIT0?p!N5{Z* z_RpXy0HQX7Qp0^XkG|>jk9l(OfOmJ1Q)QGO9EgSvs7)`GQuus+qA05s%WAhYn(?S} zXD5nFrP2sq&Yn3W(HC>&dA=~YoU6}^eAM&*iJ7)m82O3S=7&DC`?6P@T*}o@zr*GZ zbCYB?`!us-$6mOP|0dR8nfoy7!=PQDR0C*b^pOHE^q|8BGFd_ivmvx7^v|L*luql* zr1R)jy&a1Ni6)e;0w&$oVN#CjT`Li&-rKn>dPB#YqL>aK7K2+sI4CRi{Q`nlwqT*Z zpm#b4(PNOYCv^JS88Ys zi)#zmNRe3cSlZ{XDVeH6fuF84lxMyocjG2+e17==9|H>%tHn~Xcx&P@l0*Kc2|iqW*{D@+$% zP8_!XVYF(qJh9Vym;^w4g_*`%_2*DY{|ob7<^Djsvsi*qU@;7d!J-d(c*S%8GHJyY z&3&qu3i3dk^9vdj;Mn;oppw@uCEcu09k6wh9nZvJ5Fu zage%6u7{jV_Mw2Z#hbj&v?t~gT$N=ssLD!FJ8!WpEcG0MG;6jB?oxCt?5#%^O7i0J z!`islRce3y_qFkq0;xr;g}*K>x9wImq>8H^`KBBA49+_Bh5OhTwzyAyyvAB_x(?J_jA3MF-o6nexc%|!iw)s5gZa|KxVMuIjHIaUj-;p#MsnWRR9Uy( z;tj>6A32=H)_S)H4v*h87*b$oHv`uoJ4BqUcWAB{i_c@kS|G53KuKJgcg^0zW1^Hi zVfQQ_R>v+(tXr)aE~NPVqc}AQ^C} zndBiM8RTQX;B5wv9Lr6esMk-W&z+V&;tiHPC08~vy;SGZChO!}d!ZHpNb$3a-!z+l zRWOf?qC>C=Eup_FP#yET!g=}bMsWSloByIxF3P*GmPsB@;7nrogb4Kbp_+WqF#}F(hHr9wSW;AWssI$SZ3q9C$MiRa0N?9T(~BpEC!2Y`yt@wm zW zXHg-yk2z8*sp~X@MRe8@Jwzf%1CnO0IPZGSFq(})0HV|_Mv_TKg==1dS z1jpgZG*j7od^@gBX{bVk_5p=iR6OrySsgb4?D=&^6NAfHYZ#}N9T^1+4rZdWpl`Ib zS=@{{(-vDDk|i9Va76BEhV|jD^P2On$K`EQhx_6Rdzqmc3j=@m&J8Hx`NCW>DOxvWF6;}Z!&=xZhIy~g(@3QdM__HSV04DXXK;L}_=19TN^Ko1 za?xW37PJ9Y8@ND}!vR7JA~>sH)yrE9L0Q-!gKdaFeh>cX@;`5}tIbmO?AoO{@0@Q# zevj|npMkegZXtj(Mj?Q65tEUG+HkuAt+ z3Dq*)0p!T>*vnK^gAda`YJd~4_xL7fYGra3q~Jg1Z6Bwfh)7y zxIV`seH)>{rZAM4O+K7ZD<%SlO;piB#Vq-9FuHCjg*IfF6|-zQfRv>+DTWvrIgI5? z6|(&30v26Ykk53Fb;9LiuU*a^il%&xQvWAof9v~Ov_{N~6l9=ZR-6BrE8fy_Gk0u2 zadlC&FV4(60#2n6_fju0B*l!e`3{STH`w~4UWC6R{4!$RmEHGWqxHz6L=@}wO;6H# z6!-{Q-IH!O`pEL%Vc);XY^Mch;CJ93c2!fZS}lv6A-flL+NxlMOlV3P~RoGDzMx1w`3A^MDK1EvAX zr!%JopTw1=hH<@0fCqh^X(7`mSWXi!n16@s=V_J+CVT|p(+a6>(JV3C5VjuIr?gc} zr#GZ{6g~@B8L_!X38FZ~M26+|9g<~Kqz^!H35M5I6u zCBH)r?|H{K4zI1%Igs;Xeh~{Y3^9v6*nf9&Sjp4AX&Ic9-N62N;Xhc7`*)|Kbw}sO ztB=&~XgK#x1%KuD9fK+O+!y&PpZw&`&HG0m_8hy4?0K5|Me36KoVE_9VLxP=1!R_T zI&9W-+G^c~MiPX#P*n?sBs3Y~xeTGG!C)$}>2dHIz}>9qWbN~$J(|ZXdU%V~lO7;# zu;RM?MvV$e3D~*FtoT83A;Wjvh2Q9a>`?sB?J|XrJ-fZHo!{|GbDlYALw>h+&sbAC zKW53Vwa&Y({9r$T(Lp1MZ1Xd^ZH5(rZRTNKnElcFaZ;aKVDofdKFhvN?L6u0MqdKL z?t#(qI(Cnrx3Hd}SlcIo*_mLEOsMsFm$qSR!L(S(^|DfO&q_YJm36K|)ViHcq2e=@ zO7q-0IC8E+x&h+Yw#yv^p^kI$qN`rOQJ>;GZZ45dgT<(9nn96+QGb#oy9`|5dSnO^ zPVC^kmO*6!?9&AxLYex5z>t9qkr=0r4Dg}+(VS8o&JaAbKBB`zg~@^6FBH zn`pdEC46%=KtWERPgs`n+iYK7!e;1d>I6u-cg_v@aZO z#agrXM=P1QOX^I{r{q#9kRR8vWI9Lx7xl|9&ds;!K1YQ0$kxwIA;7R^l*_Yq`dy&~ z?h~!kw`wQQ8Ie{eWlODTDx$TP2*2E0q&%NW?OUHNx5;#HjdG^_tCaa2#`=8nF@1$n zYHrV2BfNd@t>G0@gRQ`iw?O}tf0cLVeZ_x&g$l2qe*Tj`-V(*Q5bih5#-&L}FU4XT zSfB&!HWsChi!lTQ+in-KF6hSSswZPZ=4NxdQ4cm6b(5*l@YVTx3tZy{XKFS$bG?qO zYul_i0q*)Y^TZAW+{+>oNg| zt-Ad|NV)qVS>pG*bBgDb6qM2%VG0ujQ3^}pfZvmeY`H0M$I^CG9gFlj^66AktTSm3 zXhs>w3OPw^OYb8pF?0&{kCayoN-dQW^0WDwX3QYe-h144!oTMKW#6x);~OW2M~5as zslCsW87=9QTK?a9M~?K~yz^<0YV+SGMlH0}fmNBHe?>j$KYy7^!2`j=Qq2`}TF7V- zHbtK>imX|KM+(s&Aux-@>@Zlk4r2J-s;sA>YmH`airkPJjqRKe%n1T?hfC`~M-e)0 zJ6%C15Sw~+OOYcHZzI2z%Q)?Vb<5@D9Zo%L$1%(>WvnHPAs7mJCgC~{We}n=|6~wM zF|hzTiwOp?9>BDq+os1`G>E7*Pa-+wJb(1ol$HpWl9JgRix16(>hq2KeBvFgW;QBE zi=y&R>bRU#Oy-^2`Okv(?R~qsdC&^?@ z(t+Bd0VKc#FP_!F@!+T9!cUciE~X6#pp?zSe&CdK z0wS#J5mJmKuuRL~2S)Rd0Gx?5dhY3JDLy)`W+IS_9D-70P!|H!SvFs7Kh`Em4U!F@ z1-Os!wdeEk2fC$^>L2sXi2%~2@ic*mvrC^dN(%V9kFZ{8o1=a7N^8z-)-q!a73h{P zRn8UT9=E6Ys5{~`n_HFSNKJK#K6|RH7D*W}f9@yFFE<9)!`TT4;@jnjY}3Yi(>pJC z97-c}cq-YMFPH^r^{^rL&aD@H0#6iP@L;*~jy)m=uIikK`}7g;FctEGDDHR=ibAI6UcKAP(gzZ_+8a zHdlsUbACqu_$5*F_&ouqQ?b`am15@s`ZyeSdb|=8tDP8Yp1ThQmGft~OE6#t%ND+?9_?)kO2=TWSW2zQcnp`OyJh^HgS=oxV?)c#`J3A^2V!W6Z` z4J4&fc?)nNxIwT;@CtxUuzP2d#>#E!lrxkJnGzoAXc;S#{8E}I)2|^GI|)%9(e`$C zBvnrMGTyiwG6TLxZ~T`x)LwSsbe<0a{ql(7lp_`0`A@LRCG-$2nR2+#0{6$df)%U= zVWpbQ-=YRxYDW8L% z#P6?zDn>*{00j^tY;-acMLiBY2EEjiMM6(L!3v@i`%l-IM+Jlc+<(?=|JEY8QXGlwSHLqqm!GTzhC7&kG|?lzG2E^i>$ z151j8USKm%pw$d`=Z%zYN1BCPYQC3k)s?a z8#rC17oYxeu8jsWRz2iFX|_5V&?6q3l6EeQw&bxO@aLJ6G>p8}qXZIF_oTdfU5b1+ z1`4D+{-|a4j%3L@KIBmRIRPiC&#OrGTq4*ZY76Y_51`9OIwM6WxI5ECy8xR5+zVrg zGSU;yFkD${SX}p*+$}86Br1@~aHw+RP~`*p{K^4`s-&OXz)&2kVyj zuP)5ZEu21Bx+EYM^j-cc|4$6l{~tQ55c?Sr5Tmi+$|$$EvNMK#9&44ohk?Rj&Ptc* zP#>J`S2T!ka4RXKz|g|Omk-H)DI#GRJAFZ<|9noj+vjr@WY>n*@6BhoAOlZ4QK7|Y z97<-rNEk-qyZNyu8^$xb8vc*%pz5B1?iK9jPz^8jK>iHMEsYb~MM|KZ$ZqyMeeat0 zjh;7#q~>egDV9i!orzdXM&88u#i8V(H4>iT`sS4bG`go3UhiGINs)iTL zb)_NF=4oW?5T~`JASIiy;eSsSZcxb;R@`nyS)l}p*W>jR6Ua)$<6*1aZbRN4m?jP? zCAfqFK*nTYc_Zvm#4q$e)Z@r+-^DHU3?iCFG!cbMvDzU0XC(<+90)A8 zOs6wc?+ER02>eg3y?kjd2c}THKX&5X?ozF4Q7X=!b?hV5ThGvAVK+TjJ)( ztL=X$TridM7Rs}HVw$|hGbg~U!7AX{-ozJZZ$82n69!RR0Q{2@?a4&knSh)){tsjk{L~c5U#a;0+t9bCKUIIg znm{5Y9#^899?|Laz^9iy&Ps6;Ws}C}0iR&wrgMUHK+T{4?IvKa8$PbOiw5hPR3An# zKS1cD28E^&3hDNSk_ zYNR%)u02@0F?kM!r^2ra7refmpA@{OQYW)79}ni^l4!#16X$VT_&V(RtOnX}54Ec> zvDV$HVNP_oY#gL*tbK^oaWjvDNlkv-XZHuahL#OXIQE1tv+`4yz8yc-*wb0L`wyAW z3iC}a;NP?g3#ic_)nYonhV-Uo8`6d-owJJOQ~Yi|^Kr_H?A9U=M040bqXzh2j329i z_T2jI{FS>d@4Ob!9{c?<{QgDQY>7LswQz_~`y(_!B2oGOpS3rEldP)l$KQLk@B6-Q zU0YXIbyx3ebW%^a!``)Yf&OP_sbIxs7%V83GBGwjJ}OE6-rn+B1FRiSr5Z9`#|E=!qWRFB&Hfk;OO_*GMX!)DDA&E*RZ0)HrU(_HwD1Wp- znQeJc7i)Q*RvawnII>R<$1~)s*IZCZ^tYyoo=&n{0v4OhnUFNWpnV~eDMq{u^1m#i zngcqWzsKtW0DasaUS#AjYy=2q82Yp@xRYG%LRc4)wF?rkTE#}F$WaWGP9PL(s&1cC zx1h8;`h+`d^BFw0;e&(GdL!L%F0R}uPk8>L;v7m=rpmtT?l*o!r|eXe!TlH1cJ2az z*54~vEPm2pOAqfZP2O<%9MfZFPw*+;roA+CZY6PfBb0nnsasPpMaG?hXsRxA#*YABDkSS}J=OG{ELbvTaFf>!66 z22cHK)1^CZWrR0`DtRC)1$pG!zNOUEd6Vw2$zyevrYphXpnt&Gzj~z{@%(kdIV8u| zcQr3x9YPI2U14&$*f(i3d{aI%e?8JQfoTN)0AU){rDt0=AcsGdG$zevOFSOKy4qK- zFZb3kXKJ-x)L-3eO88BQgvnHO!uPUVE%~dZYPFYgu5%@Su9VC5_V$;M>$8k1#MoR> z`8AO#0Df_1b4n={HyeCDtlCN>tY9_n!`w8Pd#j6e6`6r!;>bKpi*uxde?-|UT4K72 zS{~-9iRx7_J2FG5pBQCKYwd)giYx*ut7v{WgZ-uesi6>Y+I%8x4w|?cH;yli8ud0= zHo2UOyZ=|fB!ARU8{J>59ax&rwEzBpgG{R3x(A>U#EZxydYeLdM9b1sr;up*vsM&_ ziAkDrlN=H=ZYK6jQK$`}PO?b}AHLfv(CmrEBxM&i0&hb%0eUe{{rboD<`DI#j645WqBqAlUKu!umlP5P1)TQ4neF&}%q#*_6f3gQ1 z1N-vD^#7N{A+tz93QXw@U%$n=H1umH4T*fCBD7PiVKMC63EOH(`VXp&Cm^imNjhMJ zW}sei@)tgw;l*r{dLSNf##-6!S&9z_b?5fw!dnafB+4 zydI7b;mLM@4X-L}hhiLK}(9>W(GUF)T!Pi-ABzirUfPR^dob z&#;VvIJy`Tj)Gq{5QN2Z&T%mO68dZFC0n|Q`oiQ5qb){9!zhIPn^sPfEUV-Xm_UBN z3*`4&%lotE%p%*8ZszS>96kr}9cSm2?cSPv78afKM2PQd*eT99RjQc))u74 zz~Hv*r{D&E06>7t0YKyhfN7#P*_Kgf$nJsbAP_YJZ2-VNY937_=&>t0kB5*3z?29L z4EPtrTbB)9GQu-5c5K>41VwbovsY)}Kr`jm7_ES$9tyefOJ zzH8;qmDxkLj$M}DwY0C6-jk^V!sRu8SZ_Z8lhuFidB;r8;^LlC>82IN1Db(ccR|O9 z!mE4?%00}c2vwz=peW$%Ls0^tStkG*LZGpGydirCK^`H$7rQX86c1Uj;aVq?9!!^# zMK)VvUde>a7Pw8|g9WCJ6g@1GrU*lTMYZB93S*w6xz8s7pP2z7ruTYCDv)_cG1a+rn`I$ zpkOlg@shG1;~oVL;86rOFZ)9fQ4m_Fh3eAl_ZpmjgVSj+Al(dTJfSE8=A+TL-Go=i zu7y%D@b#VMY7I!Q;uqHtD6rKcWdKGwBEXyd|m0|>vhy4KwR#CZn-v1DvL z8UWr?z?!tA(s&P(IgS78-0o=BfCNgN-jCYJx(v`l-~dmjlahSI7_b^qFV<+(0SI0J z{C(%$u^y9s4DZjcuD!Wnd)O`Nz(<4eg3TAgn9XKfGnMD*1ooVjTbcW2t+|Q;uSF(9 z;lW0a^%c(Hsd29>la58n+>S14PDZl4hDT*7a%9?k#NB8 zfG1nk94Ro~nF_lW1Kx<;;Kl!uQA(;K;GB|d$f36;Hh{WFIw6>VHtSoVjMVTOa^U*hrO~;CUCF>e ze--(*hld8`tH`AHs^;rTiK&UXbO4jVYG4d_tTvc5A^%l3lN!z8M~xSq-2tFpn;q;AKt?j&@t9*1MLPsA`j$uz zGE}hOJ8P81eBK;m-SCLAI(Fm1;-2(+Vn=b;>O0PNe`@x&yuWFwN-0@w#n!5 zf>|=0Mmi7dfXM81bZSw#&6Y(NTT@O2*%Y_qZ= zZ}9XMqibi+2K+4Ah~d?ES#HYzDX{k{^WU34_@0&N?-6F&4?ZHN1=0^*1!FXfwbz6( za!I$ecHte?#j`6i)*UBSoOPFkxrT1p)1CK+#fFNq8%>AB@*-iCg#%5N4kK5WRcLi- z5e5yKU|Uw0U-k|KeuGUhE1xW3IjsylG(hRQ5B05J2~{(A1&-%c7zc-RRcqQ{cj)z? zw4(DXKxKvLPUiyHp4HTap+HUL1+y+p(BvdO$je zRT1+AvmYkR4xxR@RqoYytSo$W;ozMs(_fiUuGsnVKWb!_A+AAZSeKM>(3zhV1x_4z z*7fdZHA0f1X0Mu5YIZ6|9LU!=EFP6sdHC5(W~*LZ%J^AD9`vU5Q=7`?c-9U{m2ubM z3s?H@=X~h<`{Xmz?bmBL(Rj`T$7d7v=;;=KeaLu71HH_+j6pa2F9G&71SoG3;8)ML ztP~i)xYsD*z#BLmc>{+dN>S4W&Xma-joIv8O^NeC-O)z?yP1b-r@)dT za|d`etAan#tPrfkLGWG1UJjw|?6Jk*2v-dMg^;G%K=Cdj|ECB50L{v%I|X>krMtdA z<_iQ%DQ|Y}!WnmAsv0)Cf=;8;yjP&O{y^`{Pd9e`{u}0X^SZI~uAPZzeI`X|f0f47 z3;Wnhh#4A^{`s?Iisr{|RP1YcTS{m|2nXU60UXbKhN2?zfy1G3WGpcp*^|xRu>t1q zFreZ1d~2TQ2NTO+ATT(%KBV}Eh7@HepC1~s^{yroBVEBm!_EFRXoar9A!~6hYYZrg zWqbS(0u4GKC!HxN?28m~+D%6%v3VCIe_0?AD65uwzz$dJYRQIc0&2f?ODs_cFybZy zGAnDt(cuHbC?;sPSBBFLlf!3s1qb$@9Z(b~`%H%U#m4K-n>5bo2KOA!hT?96^$gau zT^p|ew*7VN)Bag2RNzP;z(K(PBs@K2e~l1v zO$Co!TtiJE+oet}~#nzs1gl)Ew-K)h~yl3|n7^fY`yZ<3_OJG zrS>7_NEi<&*ods_IUG4E2_HBW4o9{W;rJw{j3&9@G7<;bDo?OqbR9BmIB1D8Z^WQ! z;d#%K@Bsn>#slN>e5-=)ieYsq78|v$7Fw-ByG-Q0a3sqX>geKd2mVyy2v+|xUwGdoSS^OyVK z7>VSU=NcxY?;GU_*_o)N&1 z1+kt;`V(+=B@&JTFbO$Cm}0n!dE}Z%1#H6#QlSSq@A-n2GOitmkxUXxChc~gFBilj6>k_E#-32* zRM1CV?)I6%c-7Hg4;290FwyZ z=Y~~;BLsp$HqQXqMF!YY$nB;;bhP7pP{LHAKyijJ0!fG$F#ejy0fj0ABhZfOIF%?b zHZe<7b=`DlHIOnKl8taM$HsJ8Ps^HZ`OjJU{kJvfE@7_&fd^q!4)^(zX5_$2#JWPYa$p1^5%yar6G$^e(r?(IKN6FzaUKX-WOz5o zbCTW#|7|)bFfD2Axm63{tA^-ZwvGwC;+>^yofmr(2;|!w8BhPjZ2AJ{TT37L$kfqC zuG$=(f!DnH;_8&};ULEPJY^qbOGx@a>u4}!57>PUztik;ApALi{gXYQbNkV{?C`^= z0W+tbhD=BwgWjXS=wo)7mvNHLt;PSh`#;^pU@dv>w%^C3e23zQYhnC<6AXK*3prCDUb(guZ%_EFU{IQ#;&q zym_5GKX&WP4?fbmvDMy?m*mX%M&B^H^gf{4H%l zRUH=*wU5p}epn?DFUN!%*z}J+!I$m&#d5%XAz=W{h zYC?3=1OT;=W28Ce1QS&aKpzHLFy2&r!|PJqvT3?Se;Li~ac(rV&<`3j~-0ujt=BuCGE2)23XgDb9FC&_tA;rYXQ z%!v*V9I07qt|n_7n>)MBa$;e3m)WRGxnRw!1GEIRDc-|@L^}3lRH~+UHt)<$79FGqq5C$I)neTO9Iaaov&5GEpoX~PsImar4f zoduOPP_=z;5Q)Nb9HbyC3A7NziFKES(n#VH0mj0m0p6f$5ZKGIJ04U)J%~^) zIv0!9>|7ASQH{pu;`5_gMTlg@eAOEjvyN**=#BEV*P0fGxhjM#T?V>XAVZ?kms?kb zMnQs50~863f+9h-sst&RAxPkfL7FtEw&3*|jmHc=1f}_X2E>9y>=q|1ifYCX5MJzY zg5Qcn{g5}281kO|a)ja-^rkg94DI+a=;mO#E(-DFQRPcFeL7%Vyh?6TNQ-CFNK~y7 zNLPqRM0}!As1FsyzMrv2dVJG?Mw+3zY`tOsls_|+u`pIwqiQ&GNM~laF0*cRMe!9U zssz}@_A&Vf;F&1m@qjZ4EgkuHY&OLz5eM2)G^$DrEO#-$G?Q>J7*L;A35CrLE>tP} z8nj==%XMB%7{yemaC!xik3dOK7*^p1=H#g6((cz;Bpch!>7UuKJ8uD7qrRD{}1xOnXtlYh7-CtdJ8LeB>Hc}&Cb4Det%Ej;BU&% zW}p58f8^M|>(^##;_2UJo^HZ!hHA^xf~N^6n|XSKc$%dO77QE_7YrjkHMIO->KX<7 zrpZW|E>WB?^Dsz`Biqc_T8Zyut>hsH1y@m=(ia~imYy3luU6vmQf4+~SR1Si=JSJt zj>)5Snf!9Z)e&NA5c(WL@Psx56aq|w<}BmoIXGM!jo*yNog;<#{^aQJZ^+~pul_C9 zJJ-j44K|0ZjB1Q`)o2zqEx9J_-$3$H{k=YkYr=Z^sOGr9Iwx#sxumJ^5|b95woFkU!*mn>d5o}q{= z{w{K2czxmV9LEW{QYu?oE=&HhR4SvknZZ!c#SwU_mMPC<9O*u{R92`sxs=Xks5-f4 z$tt3dNtJ{~DZ+w;t3};7!#vPrylM8YZt4T9URPxeP9Y0VK$j~(tgc+_5T)eCGUL@~ zVfSkn98oi(6C8cZgNbyl>9eKHb69P6mJaQk3tkqV+r3{tq(mCK`bMu>A60hAGBRfB zjp3M4mfNUO-2T_}zJ0sG$@$%Q0~p;ljww;-Rwe11t$cJ8w2HPMTB58_QNVK0jIRM& zD+8p4vP}?_1BIEAIDUiRgb>WE0T6z-H4D;*SIwoI0r$;uh(Rh#{yYG_=8{ZKZQtj1 zr^|+9Yz-T^Y(`3@t-dt}Jl4pPq_}QDQH0ra$8{sritL~;x0u}>6mJ*?yJQy8RfJjy zoC*pe>m+sQ&(;!GQA> zJ8I|eX;64`dT3{UdRkGwC7(GR9vQ9!WSVHHhkdvQJerce*J>mv*fK%e8Aks`ESlNSUgCUW)U4gfe znJF}KN~=W9V8IF!1`cPfxwDYfNl76>Zl~jBmgW{hZbev!RfWh1f+7RwTuAHf3rf0h z4**ddiAcauedW19*WZ+#9jm)bmPi7mznyq9zp>7H%ZT*G){HR{Hkl9)DL{J79*-p^ zA$tc!?3Z;4LNXMc5)CXlQ9vysEgD^hlmRG6ie9ILEf$p6!x{z~3r|k=`a@mVw9sq5 z^sYRN{)SIPR$yDW1%uA_1@`=Ze`e(_Yaln$>&Tgd2A?CBvhLmt19f?1sQ65$~qGn~IiBK@D4CFre^n29gL_UQi((v8&tig7S4=MuNmD;iq4T zx(cIJ?G4jb5j)UsbiJGyr=zINbp>jDUe}uQcmoT7L$XMCS}ufWMbJRVr09$=Np;Ez z2E86+pf`K^gjb)?uPCg!%f!BgES;u|xmD9frA64Yk(;{4-0 zSdY)F+*0dI<*s4sp20LmV*ZBk9R%GSjI_1xKD~W+_dZ zU;_-7Q6ZBhxl@`W+9pUCU^WYK_7?Y#m5RT#DCb9>yLYoJC+sh<(~QzA@xBW#@tr?LEmi6mhnNrXWGG6G=Gh~69WE}QglIq1VEN3kyy z##jUXGZaDsQZlzt%qL4q7|y0#-V9TXY0--kH6a~a;$~>=U`8iL1aHZnIK5evg3Q(A zj1dRCICHs-HMePm4MCl$lx(CUtP6b44SPqBbtISa`^tN514(ra&W+oshELM|u0J_JiZw+0Ag+T~;2JqQ(T{yl ziS|K?6R@;&zYV%Rq>F0TOE<&Ad^?arb$o+C@teR^jx)9`-$S|?o?1GCZbDe1fYn4^ zGWn`M%;)#v{0w80ezo(=U?Kblew?3iSnSngyZVeTpgsp-0WOMXgo7W?NYJ@_{Ss_> zVTzMLJTiWY@$W3KGdaN}_q8VLv`+UmuwwU6R#FdbH43zfrzuP>#fou?t>1A}%7q=9 z)V(-Y0qX|8ezw&|AzltLlh~;eg`L7N5r+ALGxQ9+W2lURLP|Po|ma(D7J=0tp1~s9SKj!b?FlC3%i0l83f8#db^08e& z_A{>uTuR{kskoH4{fzAb8ZISqD6Xex6xZJjt&nI1H;-3)MsW{3qk4~i@rZYGj z$7fpwieXfdp|E5ElM6e*Uk8+ntf$!0Fq|*%R4^ZSrvlE$kuBdiKG}+4)s2)9{$492 z7973NMWA*2vE55|fpjtN!_I$B)>qSj)$(_GDttGRVaE>2qbjD1FjH>_;{vEwU(VKk zQLk%!FgpfZF4?Bjqrj{Nx}_ao{%U@De{ZN3*fk~pEI+xg5~%tYC^Vcgw_c>0LGW|O z;4A+4XN%+|X3S#DY#e#-3o*J|qwg(0sNmy`wT~)*dJzmkI9t4*!;$?4uv&0z z8$~j;svswjwm^J^WCxeI4-|m3RnA0Kb-Y{b!lOJ1bBrabOQK-Lo8yR zwOa`C;+k7V_mvh9)7Q?h1D)!YzK!da4oQDWl{Yz5m!m=k5)~p<6b)hx<@d zEwvWtLA@Ml4JaTclY`9LSXS{4NI+$X3m67~U4^%WmQGPN+l+LSwTC7!e*;idaJ#A%N2jQT&b1H zrG5FDKcBCatHnaTu(zk^M}%2VK3}bsdzDJnT+Elug&rlB4ohwT(9Asg)T7TlN>)_- zhdZ1twdg?g-k~{Ob_@BH5IgkXJ3PA#YC9!9b_L@2}@5tXw z#ca`9E)}=MYA&14WicU334cHOVb_N*Szmnbl>6Aiozrrz(HmY}nQZii4y{be(fr74 zBIp)>+wYoxgM7`)cgb&T-+}!VhzqIkf0dHlj}^l4X&L(|2|4BUM`2L{`s<+lg1c>( z`{!}q6y#zQG@p_FtmSPo6E_LCrOCCRwHRj{fqexA$A>3dd$3%7-YREPv9LZ+7@e3w z*%iY=AdpT+BDLAV!qC_lW~(&Rip?xSm}N&7CsGriRKBbzE__gw31z}vTxwWMOKwmb z&^DX}xgGxs)m51P$!vuGKj#SnLM8-o7wNc~Cg2<4g_ZDIhO{Cf91@953L+zU0p9A= z1irxt719{F*eS;x?n9-ipfg{{+8a|@yUj7`I&2HMuYAVY{&$D}yhyc>^;qibmC96) z*Wny>9(Bf}=gF5%I*NX5J{OEglnxc@;b1X1Y4%uJleTPVkHO+F%?BNUe1FW{=bd!; zT(tgx&XA(Y3dV-w5cgUv1_Po?9KeqcAOI0rLpBBJLCf|4ARGbj7(kSw&jk=*pl}2h zLk_Fc;x@U=MvoT}hkiX}Vj^(QX%A7-9Yn_rvMZ5O4J<&y!Fn2hp20uj^V6+IaYOrA|JFOrN*BOw$2%Z-?d0941n+=#N`{Z#sm&Uc63==j6(!OS&|cZcz> z^eHd!TYk5Hbo%oC(WyUuXaCsb<&Dv)k1pbU73muMp_pzHqPiC$-K~g1L%5L|S&5iQ z1XEBLw}LQk>!M8!;ih~9^?~`Bx+3e;2c#^hk%B2RqLe%jzVhHJ5w-mdPy2ii08;?A zbo=}Xf-}PJgNlq-7Kc{(#g@BF7l4tiWFU%#@^Dpe(cg1v1@Ge`_-S$v;BORbMz0z{DkfeNKtVF9XBTA%$B==Z0Cqsz<6}{b@``2$E+YN+9Ck9)f>p zn4$*ciwWXT7c3+h;82MHwJ?zrn1y2hEq|N$&QK(vKh&^Z*pxS5FJ0j8Dn1tWH-Amv zX}>Pcmrrm%`9(+gdhA?qJ?f5Iy#6ySep<$K7l)I;8+ z9>S#R2}6h#$b*!ouW2&8Q7RRAGbodaA~5(nI{7>L8IT!QAdQDzN1Vw!cFvQoz@Eqp(ZdDJqps;REOK}I=>YtO-eK!!O- z=D^Y8^^0sSt5G>D>&-TUZ(-$7dhYJ~{&;EEefQrpxAMpDesdvp{RjSJHy#IkLRfNr z{Co}m4(?HQ@b`Y^lPJEoAg6RJshX{b#iG+0fMEhq4wG%sY*zFL@s>sGFQYYcscsAf zh0_d>)Xa=zWWu4xKc(J&lSjVo<`#6)17bP7jJZdmulT8KJ}A@nF$_7e)%B z7>U!r7&2R(kf&Kk^y$Sfx}B+Q=3g~=e|5o;$tq=VD*yEB1u zHeztdf8c3RpDy=@x$boR*jWR+w1B6Op_637Ta*ZjAZq&mAye`$e zR{i7f+d{9yf3(uTY^*Mmoh3&Nat06uRbUaWa}I!J6FKVrW&s`p2LVN};xD8i{z4m< zt$T~Lk*MA|usjg<4Ug}g=${D>>>Y6Chn5CEl%G33_N~V*J@nI`9=i0gZ;c%X2m#Sz z;}>{$$Sc&p{16%lPl75UH7cu;OE$ae*}_`LFK3Wcvu3v$)=;a3 z)H9Cpr9}&Hy3YZIvp%3MTucd;KK!S^P`SwdL$o)??s1M_2;~b$C@&2J(h}8@iu`3; zDB(lppy2NQeY;Bsf9qhl6>9%HF&vOhhCxHX)LfZJnSHr0RuZA4VNMSE-Ra{?lUE-b zLE*AD`8@`U!B+`BqUcIHj@JD>Nx~iQV?SwDJ_AcuKcZbcW!{1%X`hzlm@py|IEv*l z#4wIOqckpfxjFw2M^*;-J7|XEldb(!XC6r)hVeutdq~&JC zrS(?BXK>rB24u$)=B>@^6{F!G_DO&wLX^q!#c!M_ zUvSa+rP7tZealquf!y%bljCoE)v+vif@;VVQNM_4$ozTBF~wH$PWc#KpQ(HdO{ylX z*O)tqY7=PmedM7lbEYrK$-pP4>IXQobqvSvw)(*amaqkZvEULIDyyqhKBm<$7$RVc zp;c+7ant~`!SSO#HeiaZp^^+(08z0VGbjw|&p`%p`pj9o{O(dRfHd!e15TviYN1cR zqLR!Gf7TF86@0&0C7I=jy`_f((Eu>(U!#-^@daos|2MEh`=uLOsXE0{m&q+rB4w*U z)2~1~$^z?IWOhX#ER!s-aQu8L4-$GjijrzpY^$|ec(piC@gDJb;PQ$y|^~Pzg?5C`H=Vo3&KokkBeA%Gazm)1K*c7*%#0;f!y|y&UPw z2ZtsnmYpX5p_%mTaCT_e6VFZ_l%JAAJCN||O@_Pyn|>B0ctY7k*o+ufTda}q-Rrg# z;^m2g7f*V@#u4bIpM;J56D^z2Hc7pVs`3X%HZkGIn-2aCqG_8F99d5B<{PA;%{R#@ z9G`9VgF$s>wCX5$Poem-IAU$W28$&YuDDkv6rC&w*7EssJZ7>O4#PkN!p+bk2df#S zXgvp-iDZ_uWDIj#4vK)&K%N}Hcu~|kqG||Lu1|Nt&R5?sh6<$%?(E8;{Zj>dyq;@~ z6niGkK98-|sEuVEAD_Ga4Hs7y=EBp9`wy=4gtHOYmHYaV%c+dXA4z%w0L@C4p!yKs zpk6(4wZ8*-{jQdcBh0w~xS8G;T!Z5o!u7=Q$!=3VsSB@L)rJ+#ODSsJw0>xo?twQbB$u~xt;ar`npV2<#qKzLbUdSI8G7U=7 zwNz15GsQDB04h{H+d?HIgbHG|cuC^$`Xu%Z-)$Aps-xMYBcER&51CR)hgYR?@Nhb9 za36KpVq#TMbyGO#&T>-Fu&VYzEXyHbXWwFG?^7=7JMfyx#hrcoufX5C;El*weqc|0 zJTu&zvHb_2z1-1HT=}Kj_g}VtUvfMg>&yB{=i~Z} zGW=9jSBl0M$_!!hgr&E%TKA(oo*4yt)-6tya(806SSS3^u;TPtEWW4?X;%tXP)aSO zywZ>k0Kk491v4PcSu30>)VGL07TO+QM4^oaQg2mA9_cuY!q^(AOA75Ipq`j!u3V`l zXJsAzGE><0BU%TG+ySbTnF!HtL_cPg6jb< zvPHeRbS$kFfi=WpQXp%yNmTRB3w%e(yoM^-aLfY`2?6<(lgwd6ywTB2ik+{~e4=kiSDKS7p`^-ft2J<~=3y z1(is^lt}5xa4nW}XR{n*+aT4oWE@Q{Y)MIGG;tXO6(1O+0>@`ba^c7;D~AsgFOz0f z13!B_!Bxk^1S()TrgI~!P?lDcQ@P2*6BE@bIG`g__4>fks?*~(k=9OzafmTe)SuH< z0Lp5heb_lwCV^LRwjg73`6eg=G*)euXqx1A7x%ZyB-&=iRMA$i*TyrBSiRMgESGm4 zsSS@h6V66HG1?oQ9o^}X_xp=erEm&pHQPm9ywFILb_^Bl&Y{xK{-K!5xYOYDWSZG( z30o!_7x+iXe}{2d;c=k-AH@urq=i-i&<1K2u1T^GSdxmhXjXKGO-4$_l?8W!u~H#4QyzygvbuRB*8!zB## zBUm<`lFHI&TDB4`*~Ku{Wte@~i^}F7%nAC=j8C^VmMBy#UchF#fxyCCS7%>Cb zz=&&U(vXfxj@B0K$#krc>Nv?NyNa5Fk*a4^ssz^xg-Rk0Y$E$nEMBbpsB8EWw19)( z&)OiUVm{Pi=d&4qt!Ljg`;wEW$J?75IyizdP>sx}#^#k`ZMxvOf9$IDVJ^p8ojX{F zrGqYuv(~kM`z+RI0k#zA*1Mov4}w>{@YdY%Sx5=iad>%yPQ!aEAmE77PXvwA;+-fh zW=>kntmG`S5``Jj8_hVLAx)g(jayMLQxL%2&;xb4LVVShmx71Esz*`Hop+_A1Jd3d zrkL&FC}0XTfSrMAnkEwz7;TPY{ga=tn9{9Rw)U+Qc3r;XAKbrhvXyJQ2BMYz@)Qa! z-i|T`! z-Iny&4?88V&6Y?+kLu`gA)*Khi4DJa=8lnp!tsGdqQx6xi%ja5$fFi9iSk2<-MPeI zDQq_OUE`7O^gLEKnC$+TJH0as$ACT7mkTx`U!I@;x-akXg`Gx3eKIeyM#Te6ZZoLgBYpCeRDe*z(-+i9N+Ay| zl0$K}!Ny7yufVeq{DmWL+*pF)JC0vzO@QHSYFGoVi}WPJN#uW;&CpK5Nq-nIc43QQ z)#EAURxQO)7)9NYkYqI{A;E|iBzjq)BxdBiJGK%*e4Smnw;)t$LzhB^Ej)6<)Lori zD2x{axk~$y+TKe>4_}^}JAb^mR4NT+oIjwRe0hi5Gr1>U+hP9Z{Hu2rF1&Q;lD+l& z?lWfwS}ztSm-4;y@T}0f;>83_^7?)r8e}ANou^d64=L$WExRx5Kq#({vJRnaGP)6t zPqq$%6ne6CBt7nw8?Of-J|M58{O(i=h-*P?$=50N9e4W#TDW>f89K{5;mdCdC6Zg$RPBjp>5pvn>=`+*=S}P^1q5hVEyyi3R(h z?kr6r2MIMhMfjTB^qugii7N>qyfs8|&kCI()1TfdN&&7yJ+zco>veRxysMVMYOjpU z2$xe195vc?#jvL#d{mDWm2@qQ?O+sR?|drkpHxC3Fz$lGX;yl zS3Zr3CK1_F9YPcM6#rwpCt@c5O_FeK`z31M_%YgN`5xrYq4sC_eBsxld-sa=4Vad2 zAMy_+DE@%jIlf24q9Ixh!IvWDE(Bk9fbThgs2qAO2mjW$aqT7CK8YWv-}*bgC)=<2 zo|D_|Df!fUcI>vpY`3L*V&lhp9qhNtLx?x}IIcD7zJtd?tf#-B#_^C{%EvTQsv*`XmYKq^% z^@#5{rSNBjNeyNdToxV!_k`^E6NQvJN z{X_%q*L?><3Ge7YxChgS`ZM$lYX4IhQGN!#fp`XuC!ya6{hyFM53Bmd!zWc=P}?nmlz{?+x1 zlxoNqO@^`ZXva%#kKNtjDWVtil>QF5u!yH-RC=<{faxjvPh-ubel5P3`rXPGI@jL~ z-vh;B`debW#Pyr~Ctpz%pS^ub9-#P#8_OslM z`M#z7Wc#1F{Yh@Wp>zI;_6yt&!G!ZS+aGBE54Vfo{Y>Zldo~gqAMQNQX8VI1K57?s zQiaBk=e+)oQRZc7P8~nCqjvS5#`;MzVPLag3Gw)e>+i-CpgAq=5cCt*)A))0lP|0N zxB-n1$($)3AJKn8yMEVZf2OPdf#BBbL3HG468%ev1P1-v|4np&j=8n{bo)C@pUb(O z=r7K{yZs?+ ziQd#7?&^O4%MHg+c3p4c`5>;p2S_{IKfQTqXuplyuiDoBK>Hosev;dX@5TA| zwBOJ3VSD?7qFvYuX?(;QrN2X6!?f{ZTVhxL>4$jyXbI!-qy9%|{M763{;r^3L>)hI z{bv8kPpSPX{i*-QG(PI}C$#I;@uU7Hy80jZyR)zVYZ^cG`g^{q_N(JZ*LU|nsP(JA z9{{})JWjo0{5EVvM_{>ZZ9m=q0n_&_+)m>s&cD0;NpAn(w)T_lliW@=z68rHasG++ zecXQMw)O|w4|4n8ayyNmIRBpZ7kK=(w?8P_h3$&QN9YIY{8P-Dj>ERCuKv>q`!s%< zL;qDB=|#m(55#z(#Wgmyg?6tNz?2zj~L z|A2k#^%m9#X`Zk?2zj^2^GBS2 zqJ1y7zk6Hz17f^jeKwdet^?Q5&Y0!iEp>B2bDI?1>asAzX!H*7g zeHPb)p6dNi{;S&GrLXl6z102_+VvEl3%bztwyypMz_lc=w&;5-&&2QFqf`6U^@)GK ztN%f*U;TX}`0w>RAE0kTo@sQyncIo)Mf=J29ZbjL+)nfr?GLoC=Jp%8o%mR^KZy1Z zEYb{?pHi{=u&P|6%%y>+g1n_jAq*`iSd^zM}u+_tbve zfar&Q=#WHT(SJg_9?GoNZ|>@U;N`Qfmw(Fi6W8CP(%-q(xn6#$tN%f)cQigu@%!pt z1^h1dD&Y5*m|njCy;u&Z?WfzPxP6J+L3g$N?)Ht`e&x3IlkMxc{jJ=N@lek{A=c@Q zcW!HcK-B}j#qAg;_56D<&oE9KU)t9GAmkj4pU_V~5BdrH_7oHnBlKH{3ss)bo{Pp; z^gj#%OZ}QW68aHcFZ7>NkOvrlNgLno`q#s7CQ^Ubo=pCsLf4D+`jo=`hPe9sLSLZY z7yS?WM1S|5?4xwOx?Y^ZdV>2$wCicT_;Y%Gwg2I#M89^ukcYTlm3OCP>Q~I!&ilic z&?Rpl=Ka?8{Te;Ln4hO!RC z_h>$XA8;P_Gu`LWuA*~ZXJ3Q!u&?Pp58`3-yw3gx=V5=-ecqP)b@nkh5Br?%^Jurz z`Q7gGu;1xEPrKj7FE;)gd85Cjj9|y3YTjd#yV_a9>$D%`^RLJGcemfwb^cpB z?I%fN>zw~KZodKNpJ<=xYQLk?{s3tXo%8>m+dqTz?`c20@!?MUw>s?)(oELcrN+iO z=8ZZpKo98YvPu7Y8;}>o{~djO`+3mUx16WxeK>DZZ^!+hw|CBC{aMxj#QkXeF&}Xr z^!Kgjsd^aQucOD~Jm~RT&!dq5-_dy;eIDmQpWk|3*Zn$rJI;e%zx6y-KcxG0p9lSZ z>v`gS8$V{c^7zvZ7Iggp^N+pLu8lvpZye%wG5*l-wevTw>$J0m-)X;?+r{`p!|$|T z)oEu9ztet_+r{`p!#_tmYxr6_*1dJPBNspqth+Miv>1I_eL>sp=V0yaItLP3J*Tt& z;yze^)pK~2qg9ycBJQQG!#EG?aQAt%8fxcluE#hJ>v8vav?_Pb>#WN-59@OGdENKh zT%U0s*5~f?XqDFPx4BN^Jgn2*=V|xbc#7#P#{F>~m%pOxH@?$pKiz(BS9=e)i*Y~R z)xM|GezJYIt9^~z#kgP7)qYv0{ekvdyV^g_?PA`_L_brkEhber10xt^2!ru9b1Z>$uclUVh2eppS^wLm9-M?FWZ6vF(GK^ue zNxqQtF|nRm7?*(i!<6qS`lZ`C{Sm%i*pRNHezs|y+HkTiC2Z)lH-QZuy70pr0~iUN zD)R~FCWpx2KW(i6(Rpt$hqS(2F4!mK^A==L7JCYLmnCo6YXyRY)m7`QR>~!$4#8BE z&r3TIMQsI;Rj^^r=6){|45A*08C8l(#iC0JnDan4w^&7(G<PBbOxfC3kYNZeBjf#95Vm*U?Z?(^3w$CoMf8-g>y;_!KSGBL|Djh6y z`2Qsj-gWET*9!efx4xy1H<$Wl^Wl+?TgGmaFLuHABE0 zwhkytwrWPy7Vf9rANTWo)+QM(IydrVaJR?EqKxPsia3ECSd{#<2D3J&HRtaS=c_&? z?Mk>!0cR-Q@9W8>pqJ9~Z6I>$N6H5=)`8C%tUj;gF!`ihS9oDRhtO*;G`>%=VV*+0b28#Tm`r;!C8^|k!H zJ!yjtXgtxhbDV0qGR!5vU3W^NWmot2O+#O@9QC z3ePPC=Y%O0Kw!d)SRFNE0{ns8R;?-=JdvA|T)u4gUAq_Fys&uZ?&&u_uw_!CSlnG2 zD%Sm5W-;Dbk^Tm+@qd*sNFL0Fo|fD1^9Jma(eCwHbd&`HPDTFXqm-NW^kd*r_PcCO zIrex`USsiZ{Ar3n@`fUzT*>q3)F1-+Y3>D`p;$EJE9O$Rzx<=v`}sG&4{$KA@8JRc_g>(>Y85Sq^ml`thfqd8%4fT}Y*OK z&RcWuyJy=Y;O7zY=t49S_WQ_S%hNlf+@I5#LUMr(b@Jk&JP8*J0L{(E#N?!ziC5h^ zFX!}^{B+bsGKjaN&OJ1E1p$2xHDHy>tti)aaWer*F z!2p6O{JCVz0dt0nuqE>_jCWK z`5sC25jqn62JdCXIl8CdoDu#>?8dv!`OM~XDEI$^_#JJY(mfv2={vvk``B-bdyqp! z{LU^AI>GCAFXsB@`ps@*ysPM^^_%-U>$hxi^7>74obq?LV00{f*A!TgQXuG5WFm_YX?S`i{26|%VV)pCgh0( z{AREFeBxv|GK*@ofq*Aw48+_Y()joX;A7bB_&4({mmApr_)VV=KZxL}t{;39Km#n_ zxBnWsL+kNUHt2}}MBnRv=(lTc+V*R&1sgNZ%FMHF@NA+ia+$lXAaw8{3%VEjE$@uOY%l0;jX;vmWd4 z6#YimIl8BC58>Ay?VN*LCBfgihiHw_-vQAMt>|!zV}?u@c)m0fBQ51a{oT`M}Tc2#{Bbm8rNrJo%D7^1TxTK zLeqWfmeQTd=kF-Lg=DbU@cW zoC`em!q!Lggl&1s{la(Z#GSkDq4rBX)DJGEU%+glv!J(pp8Xso8-@SlRQuCH|KWDh zXGFWE|9p)31Lv#u;8Us}>t8g!QQIGG{~hT+8!xc_a~<%}hNX|4lKMqvMS~&%5od)X zr(N@R#9~o4H^=7U1IMURS~pM|5S&$ANF;#Hg3!%%$?2CQr_+fvn$c{J7a_&~ws7|? zMRh&H!&&cQfy#eKcD&}ANezXhI7pFJ@*LHELab-=u>rvULXdZdxphIfV6TI%1qJG& zI1Iuek-A48J6Rf3){Eg>w7B$;e8yx7M7(2t9&CTE_+3CJS}HpZSE@si@=$!%bE_*c zR1Swc;o(}sX#85Df>KU~mZ4s&&dKI>V<9vafBi?_I61#qd-I!LlUbO|z2U9bmI{Tz z%ini#asW$!EQb&+`UK`6@gC~Jyj=~VQ56~ai9brePkHkj`fs9hcVZ3uIL`G*zy@#{ zY#xtImFo2VShK*eTO>J(w7<(43)pjEUo;pr2i%HmPoy*M&9#bnYU8KS+c)DoiXy&) z`1WVaw`cWpoJUvxpYiqNC!)P{5!O#(Ez_?5_O^bG`{=sFO8HPktxy`y3DQEBZMuq^tkOus3Y_?eYFwpI@?X>({J)+WQ^ietLh}C(!!~>z~$t z-L`(s3aIs8%>DHK;(GS?cRk-#+xj)DpmzO9?x*(`*R%h>>-z2enw3zy{uj7@(+@@O z5C2rx_1pW|Pu11G#Mf*7DtdqTtGfEH+}6*2tFHdHazEam$tFjYw!1^ZT;-mqU&J&c`u`eu2cTz1sP9E$^E<}xA1hMKUG1KYv`wiv=U(lC{rDMxI86YEN04|(P zm+f|=v8NO?E}DF%SkGcHU2GH;6JpjJnY7t$M`3Fb{4CH-5P`22cp=1jVI?9cbb*;f z;9LldQ}YddoPb6mFUP^|*d9XOA>o&@vj~XbW2x3ypZx{bk950d4!Gp|q8|(<5mH`}X|tVa$^@6j7vQvH$8m`s1_b-aTILAD~@ zqz@P?B%M(M1$B-omX<6Z*xDjR64_csB#WNa0t6HoIVo7XLK83-clmTp@mXuVKA8-q~lPs{Y4bMv?6QxW2iM~^joaR z!}Gt>>+*ZT*Z~@_Cv$oCBrCeS3_u{aTXuM2L9Y`S5XevSIAp>{_R4u(C1~}dKogL? zaToc8?q9$!I$bvLE7uzQWFjyGELQyyf6A7&XZ;o=cKS2+v@P|@QbI;GLW9Zb*4tC2 z_nA_5z1xcN%7uWOD4jIo_5nPe+2#Z5f(Of3;|CFAxdV0D?2{BzKEW~eNVXQMa1$Rs zN5T1{eR2_>Te}cs9VR4GPJ(n$8nJ^wTBK=Xy56WO^|~>g)*I)2<%M8yc)`6hlgTfk zc-&%r+PJ8%TN=7Y7 zPhU7tPWfz+a>C%YS8`W^bGa+SH^_1S!~Z!EU&wISzZtiGe-*PCp{ z9Vnp{>WO)hLC0LUI-VJ=C;DfyHn-OV+B!GR!~FgLa1I1!3GE~)CY3PLis11&wCfQJ z0r*#kfAUZ!!2j?$K%dq2U)HBwpGYLypOgpNkKo@Y6a42yJRV2eQ2X!j?-L2}=L)&f zexm&u`m0Mlb^w-I4ok*twhkGkH^zJvaZL{ zXu>5p0bq6H3Fv3#k^@ zKq$nM7FlALz@?X7e9;$iBoaNy>6DYMK)~e+2A_TDr5FD!m`S9A_85vw z+50?kcQ}>~Szir^73{A)oaqena2;bpOLSYA9?xvbpGQw{{{7Y#efobIG>=~7`qMU z2XOx5?Pqk;?ZE?l{>Bmc1^H^ezoL^2*pBl3ABC{>Wdb=*4tIR~fPD3VHVhuPKhCG; zAzU~hEP|Q@=LBna4ykw90|!2;d$#l3bYD6TXW=}02s|^f&`COut;&}m!@xl51k$qmUb z;C=b&aVcG=(uc1zD6-DL&jyfdah->L3}m9KviL0~6HcM`Cc4sfIs;0as+6U-C$J44 zT}0HP$7JdXdhv7OI-8Vi*-aLsq*H8q3yi|B`QbwGntTI(P4yhz8zG`^(=(xHZ+_EFxF!CGQ3B=o!Npi* zRUVV|l0qYVn%?|09xy}0M58NT{qpx|Y{jz(o)=WJ0%=UL*o+crj*HZ5#pU#RnE>B} zCj#B*Yj`{Qart^dH*M?;Vias9EAD4Pfll!txDh=I{tvdv@aPk@GV%-UXT&hj^lIPo zJg6m}53@}00zV&0!s5ZKHZj>~48;8eyQ}oi41x9lP3(}K`5*5}GZtfNkStQPWi^70 zWpIi1rZSJIHq`@oQ}LFV^5QKIfL@QQ&qMc!wQMFPmr*&!uQ#JTjrMW|+(f(@Zju$U zqkYT0+Vk+d`WpCLdpC$2!3#ut3_a6|-c6liQwq&!yd6(#<|wd1XB_3PY42t+WANeC zA`y04B@*$GU;)U546^|}QkDkqd44zbc~trUO;6SvEi&8_JY=8`SRNUWJYofYwZ}1W z#H&3{BSvqgNH^g=SA)*9=D{1L2f7}XUuJ8%2RISz3|7VjrvE{V{UR)(Cb%|#iFZ6$ zCx=^MliTXB*}aCK?9*EUrl8da)k%+K_#c2e{n51(!tp*EV&HKQ5s$w)b7-w5e&6yNPMc)aSqx^_0my-eaaC`v z{ss+=9LNl@Aj@U=m%zSurW{cW?{qJ{2K|tj@AMlq*6Mt>n!qv={RMuPpc2^`c+ly& zK^>a)8MJ*J>#aO<8dC{S>Mgx<>;56GjKzL@G>S1Mv;dQ!$>qDu3;XwNO6+sxQh{$xgnAGneb@hUV?*ZrVIYXjYt;+_k!2( zjvalF*B7(J0Ikg|Mvlc4N#g&vz3+gJs`&Q5b7ywb2_cja0xTUV;qK<9EJ#UPItU?v zC}l}D$wHFF-3?tzq)V3~g7hZ6SLuif2uK&Dh=>9Lii(H||8r-~ZWhH~@%Ntp_uhxV z&dix|zH{czoqJ~P%();RzpuCw$9wH1?Jkz1;4#WOfp~^%`W%-n$e;N^bprhvbXKSi zXXL35TsCc()Bb5aKw|`>j&^&(Ph5X(EaUnBuah5qt(F8(?WqOrBs!B;C+*G*t5OYI zyv>D%0R6~w?TUDSTyT36ty)_D<{c8{0?9P#JiQUB^GMZNM-vR?;$t4@v!I;8V+C3k z8U&t7+NIHkNv_huE(hsxK8{^l?|b^ZsR3B5Nrtz6En%e~P3k1QBz2cEU`3_3x=PM z!WzFCHQIRo-}D3^<}ZZj)TjafHEssOzZ;liFwjOdYSbuzpZ4eL!~UcvXy0^tf+uR( z3wWl28hw4jMe&l9{{=lFmt=N|&WCq_3n~(p~9$=_lzI=`o=& zR}3PdB%G8X?q$O!f(nPP)u99|jHQ)35Gg{}9$CFp{ z|GVS0UioJj{|Nv8M;h;=&`F@D{+at|py0o{vWM>{ioyjU%7u9z_*NH zc2EX>e(1;l6I%CA(tlt6e|!FLP*$sydg?C>x&z(-e;#<#1krzG$cKot^K#Xx^^dX|^CuIy1LQD+9d z@^^SrShyS-pbPd33<(V`5g_Zr{j~)`!~i7^%;%dpG~fxiSh$(QdReI|VoBp9Ux?FY zh1x*;yfpzuo0ogSK~f~>0iq7UKH=g%bqMpRLkW&cCBopqlr)uqSu7qV zQfaaX!?F}iw0HPg9x62=?_ropRbl=i;&oDlTm!>;sj}P{!+x;g#EM~mse=4Dh68-U zL6Ryz#`s{LaB-hHg!$B=goc~!=rh1+&(3ihOp4KHNVeuX^6eScTth2&W;A?J!Jc8u zciA!x1^Jmar@@_LGo<${$afbQERKA)NY1bsjL`~4w|3+^n!ByJ_6(m0gNQM7v^iaN zN4`OcPVmi-$$w1MnALrPn>9bvr;b*q&ET|U+g)y(6YA)8S~G2VR%dUQ!I9;YO%o-> zn(GGS)>dn_CR&c$-KT!Ndj0zKi_YXJd5{pD;mE586AXvc2Re~cvcuFO2R@czkWBEA zKO_7zK&n;BhaCBkngQWlh-(FTGGPj1;9)J^2I($vGa;q`!kG|uLf8%bY~ZI$J$bwv zT!Uoc{4|_aoU2w^<6!{AXh424cWa*80k?vi<7;?N&tZ5Xk3s6lYvBS6t^Nk!94#gM zDgP%+|0`uZHLLps?vr)XT2E`0r?sOM+DMaHbF-nAE|5@bH_?u62w8bc=7H~oNuLYy zI^aWAPv_>jDk;2`+$eKvpsc{%bJeu#>xS!HA70JXgDIr;FB(v^D=W%qXj+MAXlDn! zp01}2OWIlqZ0CABQi2^xI8JEs_@^rckuv0>u*#`}al#L5qG?|N4T3Q#1olLQYUdDO z%m|0_rC^_b8L*&Q7RH%!@RqGS*zBkX6|4li|Eow<;Ts&);oV_PuzXkx-XPY2uR26S zCA1D{g13pP6bn17;^9J?L5K#h8?Yf*({2o7T%wc&&72~oLI-OKU$ty5wSbv(D|l(! z2IkK%NbRKdFpKU0ou?zrr8~nH0J^}8`emuB)D7mbEOs1kJ1m)eQBYzTKW*?WozK}$N*cYnJ`1M zNgqguVV-tW`bat^-GIw|N;)BZ3^V#{>04=vbXGbooq^lxmULShEA@hI(;F^QE_Ac` zaJgQAOY4M=QUDjTFI?K2Qh#Y6+}wktSEa$yHfaH@7z~kyNyDXYq&w0M;!gs=0#OhN zCLz*q(j!s~W`M;>7|aJHQUd0JB}pk#8fJtMq%4Vqd0`YOPb$Fd&_F6l52T-AJ*Wz) zN~)3SFk7rio+Gtj&RB=kCDAZ*RN$C}Nje8JNR`BrIG9H!5HqO{v&rX4L(&N5lubw? zNg~P8Rp|?oLQ;tZ=9tY$bJ7B4nypA{(gx<6FOYVmJxL=SNIL0AI+4!gMbd@5L|!Ic zVcz;H=|;Mf9>hv|k_?hbY$S_hlN@3vz2Nn4F3BVL#6kLyS743EMckx-^d(W=G zKN&yd4o(N)5#1nle|f0k+;ZfGKaiP=8}12K3PB(l0{@OSwfbQWn?*dhpZqg z$ttp%tRZX3I*ugEsSu`f=z(Rzd><`~C4TL@2!Eg??m>ddL zox{FBmn->wV=Ot1u2Vb)-FISK&$_6;+SXr(jSA~7a)xjQqP5C*wmRwt| zBiDtmqtufX*$9?2VqnKcELeDomlI^OTpzyE^*q=MY9u$7o4~%bB=~Mh3VffVa$ETYxgC7nDoySnr^_AXPI71XPHq?ZCHZB!E9^w-F87eFa!)w} ztgPAOEIC`wk?nFX*y)rj=fO^4hujCgc;b{@vRf{Y`^x>~{;;cQAeKY;$TWGnJVTxd-`Jfcza`I> z=fLTJx$-=DzPvzQC@+#1%S+^?@-lh3{EoarUMa7VSIcYUwemW7y}SXwcDPC2EN_vw z!kNSE@(wsT{w`P^+YKKs+bi#r_sa+5gYtXwA^Cmz1NlSwuzW;5Dt{y&laI?M`5XDR zd`G@3e=C0{-;=+We~^Ea@5?{Q59FWahw?A-ukvs5Bl$6?ZUjDV2j{h@4!&XUNBwC4 z4WvOdn1;||G?W&nVHD18(2}$iEltbN2wIj#(sDG4mZueHMQWgxXk}W3R;ATwby|bg zq|eb>v^K3n>(Xcn=Rv5EnrIAFX)KL{&tNA|Gp$b>(C2AG+K4u$O=u!bqRBLcrcw)S zN}JK_&}2kk>&p-$?eZdyS5(tfl*9Y6=tL3A*El@6gp=`cE+7Sh+~ z2s)CEqNC{;I+l*3uha2#0-Z=F(aCfQol4)J)97?MgU+OH(pmH^I-Aa+Z_~MS9-U7Y z(1mmnT}+qIrF0oxPT!#`=t{bZuBL0~TDp#|ryJ--x`}S4Tcmk(E8Rx7(;ajteV6W{ zyXhXfm+qtc=>d8W_CwF6hv@tC1NtF7Opnl`^dowV9;YYh$MhsUMNiW+^ejC`&(lxn z1^Oxdj9#Rd=w*6^eon8_FX%P;CB06+qF>V+^d`MUzoED39eS63OTVM{==byo`Xjwh zf1(fQ&-5Yvh5kx^qmSrgCNaWfMj3;*Eqdn1{8<1CWI-$#K2KJRg|gx-jFn*FtRySN zO0zO7f|X^FtQ?DCkKGtIg`Lx-1%YPbtjEOe}_} zESANwc$UD-tUhbNo@WhNBi0xWRVK0|mdsLEDzmVrtQl+0TCkR^6>H7fu(s?4){eDj zX{-ZFXB}B5)|tJ?y0Dkn%d9Kw#=5f}%*uMQ43^1kEQ@8c9A;;|SZ|ig@>o7|us-Y+ z=43ABW(BM->&N=D0c;=}#0Ilh*$_6A4P(PuA$yIDU?bTmHkyrLW7#u!(FE zo6M%Lsq76ljZJ4W*i7~&o5kK@v)LT>Hk-@lvH5HPTgVo%#cT;%%9gR^>>aj(tz@g% zYPN>0W$V~_wt;PAo7iTyg>7Zq;H2>mwv)ZfcCp=T58KQ3vHk1-JILN+huHh<1NI?1 z%#N_5>?3xJ9cL%l$Lu6K#ZI#`>?}LS&a+S01@?XU#zG1i79d=h&L03^{&{fh^)>Y9})m76~*VSMT*)O`9>^Js^J=RG&qLX1q z5YxdvJDs1-A3lK-s0-2s>q2zJbfNGmmM~ojUAV5Ku9U8{u8b~1S5_CPE2oRnmDfe* z7v$!$)B>l&uOQ#9D2WRCDf&EXhSQN>tdGrUcVxm$jL&oY5=FG1RrvbEo=#g|o8HPj zzeGp2Bj48B&no<&7m^JHZb+R0A^v&J&+)SI^&ON{8D2W{S!Z_0v(70+c0P$Wp*PUAohrpRFs<+>mr%NkR&IDZg~=B?ZC{>Qq#( zpng8#7k$D5io*IXLc)RE3+&?UV}S#`L0zsRKid_Y=F?2UE+2x+Z89dJpX3iEb8RkH zufU>9D$v$+$gCYWI;32dcc*3FvUW(ViL-87ThyZJr-5zH&C71(jE;kGcZd;~5RK%TQ zcV-4aEqK5c08yMtPB5>H2)lx^03XA_TxcXT7FqTzcaFw_2V6nCpa=(Q%_xFePN=v$ zCs5s^6?soAg_SP2-Of75d*HAz|aC50|Fil2qFd#aSSaV$I$X2h89E&Eu+BDLVWm$ zhIPRppPQ{1JY;>yP;aJaSB}H!4tN1pBlB}@S?)j{;)|;KW&>bU&DW*nT3tDEqB|%F zhQZ!8xJk3z0Z9;aX$ip?%ZmhPgpKpzAs!jhw7{P0f)OcKOVB5Q!eDdjQ}Z*Sv_3UY z^NM-1@DhQk{WEf{d6|xW`MhwhEl(R8vfMl$r+B{Lb_H6OcjRk1`B-605c-EP!H6`D zuL&_otLXC%pcoT)hX6kw;}g&~qc6rMV?q+r$>^t`pNhUk_-4d6Bfc4N&4_D8Tr=XD z5!Z~kX2dlkt{HL7h-*e%Gvb;py0&ly^K}l*6?I5NnG+E^5wQ~yI}x!H5jzpF6A?QR zu@ezH5wQ~yJ26$4&M^y$Fq2T;B*aca>?FiaLhK~OPD1P?#7;u&B*aca>?FiaLhK}z zI|Jr&VY5j_>rQxQEC(NhuKg6I}Rw;;L&(JhE>LFp|hy#=MWAil*Mn5gM2 zLY=UBgMNvrJj%~%<9<+EKIVw9qbSU!F)5-p@Gb~xQ5%yYYGYDFZA^-&jY$!;F)5-p zCPmc7q=?oqDWWw@if9d!B3i?wh}JMEqBTs4XbpHhDR7O5Z$x|};u{fPJbVRF99ADDrex?}2k3swxlrIKxV-Pn6abplS261B$HwJNI5LZQ96>(L>RS{Q3 zTorLu#8pvl74cQXR}o)Dd=>Fk#8(ktMSQcV7}u`5+w=R{oSXF3Xc=GwY*?J`j7 zt=)N-4E5-r-Gy=<2r4ZGi+PiHp(2tOEFw8jFjw`lWB|_*ZFOZ7D^kEU((|NuWt4c5 zIZTB56h(>RPegGLEf>FTs-kcm(x|{C^n_xK-jK-~DoRzoak1V|oHrEj4JCL(W=|;2 zixwxYr>dlQ(>z#4)yvoDcxoj)+)|hBF{PNbq7Lcrg;Z7zthsnEhz;An3zpFNWERVfJE}y%=UMhS`f@_F|x3rp9`? z#TRk&U;!GU8Wm5fQSo5G_aVKh9xT|v?v3+c!O22zoJSrbK7-U)&%I$Zda=wg#ZcC` zIKHG)!b2u-GTQF8dZWyLh)OX2F-rADi6H@(CBS5kpyS1mtHQUEw4q*&7elTZFNRz- zK@6!Xs>y1C7*f>)F{G*qVn|gJEGVi{)Uc@fs%FGMm03lVSw)puMU`3gTpDjVF|4bo zGOMUEtEe)os4}alGOK1WtgEa3#btfK0yqUx-o>a3#btfK0yqUx-o z>a3#btfK0yqUx-o>a3#btfK0yqUx-o>a3#btfK0yqUx-o>a3#btfK0yqUx-o>a3#b ztfK0yqUx-o>a3#btfK0yqUx-o>a3#btfK0yqUx-o>a3#btfK0yqUx-o>a3#btfK0y zqUx-o>a3#btfK0yqUx-o>a3<>A5Rr(g_v02T={(pnry1h z4J)BGy_0J$`rb~fySG)BnA<1E%93nutFEaPmZ$m69RoLBY9E&!*6&ysNTR8b+#v@- ztU0W@>sng-^s&NnZ(h$#tK7OkZc`w4w!<2$U0YX|U$E2mISyT#Jv+}zJ6H?+(giE} zLXMp#!|w%`U1#OEJvH2H4Of@RmuPH=I#5H^5@E|0pxQOm-W(NH1prl4GbvflFOd7& z{Tu?CI&&O)mxgQ9agVwI9u{;oNoXH{&VV0~I!B%@+ZxD)hkaEJS1^jp3I9~Ll?MVe zX+^pg^5|H>D5*$6={OOJgePZUTMdUN1#*c+5tNb>{vaO@1ZYBvbS>mz5#~#XWR#W@ zp(vdvdoa>GvE=U(d1N4$odb%Nu_#9@);|vUi>ZXsBJ>vUk$)WWk3;@($UhGG$DurN zh!cnM#35cB$`gmUad`dW5I-LA<551LCmAh5PXZtDg`Na7;>RO?JmSYAemvsGBYr&M z$0NR2-ZWao@+SD$o?>|uXv9lEdByT3#3Nn;;w2!S(Ayv#@r2$6vv$}e;_pizFIvjL6r3!M#UlwascAdUs)w4?^{=V(F#eB;ge^s3vk!l> z4}Y@{f3pvNvk!l>4}Y@{f3pw&L?8Z%KKv7X_$T`CPxRrR=)*tJhkv3E|0JLM$v$BV z4{N#z=(4=cQx%IP#F_^$b6v0#AzBfd2`DOjB(_*Y%cp`LoCfL%#4B1RjerH>A_C^_ zUIOOUK7it#|GUOpc57*EAi4RIQF39u3u(v?gMMlP+GtvhPaXtBd($r z@Ng7Y4`O(PRx?-w5@3p_W{Rg~il;)b0D*b9U}En(0sE&i-w_{3+>r2Nq^9i+QgrKT*aL5b-R-Sl$GRvH2xuX|u@dZ!H^Hv=*07U31Itj@XUW3z?Se}noE)eCCj#ohp8saBgTDvtde60HIWy#O+?~eVx!hgO-3{D*m%E3!dxEM2@@Nz8TDaSayY0E#nY-P%o5|f? z-0j2NzT6$01@F9RA$P}dcPe+^;_gE3uHfzl?(X33e(oOT?n!N17QMjTE8M-#-EX*i zkGl`@3-X-wk>)bS-9YXZ=Wc24Msc??cWZJNcIQEUmAmyF&dhw)#05J8n1#DA6VK0L zUAWtWyII`TUe;$ZIPC;(f9?+9?g;LVMHsfv^?snjA7j6HBt_OFs zxSPveZNraCr|s@>>4tE31b4@AcQSWpaCZ*eVA`D*3U|og6O#E^8tqh07~EZd-6wDl zN-)y=br;U~!Dyt_;J?-S*<&+yw{1GIt4g;Tw$*^Pjky4MU2jl6*tj*-MT0 zUw5Cz_3!N^1fC+A4F8F%J)gi_+Fx|bz*8*&o>9%>N0q)E`bCje)aHZ^Dyh zIXoM;NqgbM(+N0jbp?<#v~B2bL4Ona8_?f@z9-*aL6c(W!-vZ>KBOD^tI&Tae7TwE zTXG9Qm$#tbO!TDkGmxH-{s+RZa1i~|=wCzs2Z>bFOZ&i;G`GS-aAk0HMQ0!&_5nP* zTr zh&KChhbRe8*lp)wC8;Hu%InE#Fh(fNLY*`n0o7+S#Y=km7s( z>1p|%5(g&!wHAI#3O`Zx*SUgOayVHAr?$&)0Bxls`C8sU2g7NHOR(#`ziySjuU`}Y zlL5T~)xey5^AUl`J)|)S5C)A_5~$ zm(7igi|iG70ywq@-K-~QKTbHkR|wxamGGq+*BglB} zmn9RqA4x`VzZ{vy{U|Iy0n1Mm<)O#&@^HG2mj^Un9!}cv@^IdcmnQ|HJoGw_PX=K5 zfmnVJmLH7eU&Zo6u>4RgzYfc<$MPGn{6;Ll3CnNB@>{U{RxG~*%kRYUaIR0256;zz z`tQc_d$9aoEWZyl^je^8*9X11#Xr6_2N-gmxr^7ygZyw6zQ*G`cO>7PoFU4b*%RktT%jF1LTMj@lanL5B25o(DFP#w77_W72}6u{6>u5jPYAB zeiz2?!T5ipg~73r^H`VdSX zis_p$eKV$S!St<|z8ll`VESH6-v`=PF!cN=nDx~mZ(tp{4|Ng#tLSe=e-CIIrD3L~ z&G+J9Mr)DUz?`-loT1g)z8n$bP?VrS5>A68Je>?ddMMIcklu>)UZkI_ndqlcMD(`; z^oOFq75#tbx;(pw|E_!Z*^^E@DgWm@>7I?M&qh^ky#H56)n|9`|Fk>!nXdXwR~0(! zGhJ1i-TiOWRiBNj&qmc}D*$3f_iP2=*$Tja%?iM?QT5rV`fOBvHmZsl{*I}`m!ufhId*2lI=rSg{}+vCxYF}s(-<< zsAgMpHrQl*8?1KDgE!U-q=nKVX|c3KS}HA*mP_wQE2NduDrvQ}Mp`Salh#WcrA^Xi zX^XT~+9qv>w|Ad{P07pB=kUFSFX4*|H@Mx-yI=+Md$0lelk_v#u>1|IZ4&tYf)2jG z5CFC~i-85s5@30=G+5n?1dE#$hymX1RVCHI!e%Y7t{DxMHBDesGY;%&)(2afjlhm( z64=kQfbGl{U^lZ3*vxDX_A)zyrOcPW9%c@_2h4>w7%v6+ z{Mp~x4!Z(xmLExhPkVn1Z^H@fQ-eJlU|H}w*cH4d|ER^u+80)|-4NO*Qu>0O%|LiV ztgXgtdpT0zZJG@48F;Gp798FmOoM;HV70SA3c;LzmSZU7*ao~R{3#DD#~QK~a%gBJ z$b4}90J|LYB@NA=qXoiSEVmQ{@5zTq#o-P17I@pWo$Q78OPaAu?LDukxyFO?auP2m z^IAgxgq?ap@UEmd?8d2r)@ZxIeurFci`5N#9tMML*csAWV7;^}SP7j_x!hp&1Z1belIz=rGxU`h5c*pEHR?ZzJGHe*k5Td`;1iy!B~YV8HE zZ+Z!KSzHCHw%5U0?M-e2_FH&|tl6S{AU%|R1q-ln!3ZOI;ty|?L%#Vu;1Da zY`3O^-PSH(u{9g)vi2rvXMY*c8KAxYzd{XY%zU6tx?TJ{S-p{6W5VLS*pKTT<;)bWXlT3BIN6l{#t{!=j6M)N7Rl4{T?A>PUn9aLlZab7K& z&h+7OdYZAgQcMqof4Co*vl!^ew;IEhFfGO}JP-_Fx!o=>*ljabQ>ti@f#FeUZYx+( zvgKwPI@mID@*TO3Y`e`>$Iv`KBidMBNzk$dg&Wc0cLrD=uxHsbz{Ha)+T|(ghLYU+ zx6=l;(Clu9b3i>~oT6%FX?Wcth%}qCFPKDk8QMD>ZbNbrGecs58%(*_-2;>gWkO&- zZ7gg~<~wG)02${)D#Q2vcS;(tdR)O1{u%9JOcOchl;ql1+|y+7QPIvrS%RmyAe#lT!>$-`9^88)r&?VPv6 z@z!gNf<8RI{`@kfqLy5RMJT0*mE3e_Xk_xy*#%we9c+2;^*4*(_^w@XrM`z3AuL*{ zqtx=y3K>-aJBK5~)#oXf6^~(15;1q=>X3 z?p4bME~^|6&pkEn;Kegqw$QhZX&wkzGi?y*6I#g@*(u1?{pRkqN;;yt9`%9qRakSItH$SVqVe@;5 z70zYcn47t3!-4mAU+8zG^V@M`)|ydevJ%Sg%DjK5eYfKEdYm|XH`Q3_b>X4nA*W`5QZwPMxM(YhN$-RAJnoj>H_hj1gR^LW68XvRh z;JD+*TvMA@o^*TX2Xh8ztb|b&?l<{sF|rcrcWtC(JUPl#;vEJC%m_G#Y-s8*q*yaE z2N;^dY34pSSQ?djaP45Qtm#co2K!_#gUM&4)4t#E#8?N%3gS#=V?4MDjCC=-C43mUc@`hLFyjry;Qq?--B>-DO={=G3n z4(_b5Zr}OT8jcn5oqrl#{oMJw_unbAwW2ew&C)WBZEsHfv{ruCg^$Ku3A!}&%L%1E zzjdVknX4rhhSxnmac%b!4d?so{I|Tk#FoHPXH{6#qlf#w#3jz2<$AtX(a}9JX}8?Y zwtP*Mh+e<;r|+~LI_$v1m0f;a&}8x9vZWtw_~33gSIC`yyWYA#;LUf}`(-aI6>@QY z=R+xj0vq+L*?mW%Us~tmVM7w!?>%_D**vKQO_maAF_Jz9*LOs7y79eppc zXACg4{C>mXMpJ$*acF_x_=)}I$LLGGJh?)|PyS0A2A2JK^sume`?VQml*j6n3}?cf zqfum0`Dry58}AQ1*x}s$FO8k)!lTD}emX7HwRunKhgCP9DU?@N8DO8VZA#Og)R(tw`iBm^7&9@9UU%UOF&N-@VnQ`W9F1Yp3qFdQ|6#a`TUZfJC4M&0DVND%;u+lU%9IBqG<#_eFY)7UxxcyF}gR@Q18bcah z!#lpE*)j^?BQiyb+!Mo_F-!^7O2Frhlz4NT*_03ugUUbFd=AzL2>aD&p#op?^ z4Zh8=)H?jd27NMCe(_nu_iJtYFy_>NYxQqGuT&W^aidal%ZAYh8cy%P=3bt4F{oOF zN|$WU4T)X;PKR6fe=?a*S5Ke5`tC1}I*&Rx_Xlah_*%iclGw3jjoJM>!|tuP+kSyP z>%#8H)m<;t$+{WYd*_#t?OI6nn!W#K!TIgaeQ@VNR$kzojo<&;fAGQwi|%bc@cs6I zQ}!*pUM+gg^4leB`MvI!NJ;CXOg}KEcIVm+{oO6@?QXYj&*&4aYIN?sIrhD`*OoCp z2%2Iog@X`_u&LK~2{=H##F zVGw|?-77I3B?9!C8j3a%K%EKnnliq6jZZgFEE=PVtg+HiX)xbBKYmoKN1-Xw;a$-_ zCF=Q11+p`}+D%K1kAbBqNlFtvgP;V*;o>|s0JX+f?fxen@<~mQ=zn+faxLfNsJ-9p z`gy^Y>^oUO3-$Hc3lmE@SG90YPdgHSB&GRXzsbF0KAG|Dw2n){72WeAO_c_H_ zs*5LIvYe_`r6kSXU;L~iwCkXON9VoQxz@geb1N8q;k#XSIV~>y<9!2UwE-ZmybuqWztv&m>j)zZ{!Pac3Vl)R!^ytQL*%#kG5~n zWz_%thn#X{bg|RZ?!f%95sY%x#R#Vly8FW(`=H-7)c>skMjK7dirJ(ZV^q}?qfH;d zoT8UhdixBfO_PkF&=@d8`G@OUX+~W0JrRE1h$tme%MlnJ{=`SH?0I&u!)L@)`qb2a zI@&E{-LIej^yGqt-w%0D{mOZM%`elBf3x^zvGS7N)K5#_UzJud_Pc3h&Z3EvXZc&M z=t65x*|PL;P`Th8wJrHQua8|8l=x%G>w9nZPIrcNop}7S&M{*je>u6}vja!#_GomL z-gxIwhep%h{bt;hxPiCRe>>l>cMVHG_tT&5>%Q=(G1tZndH6-)m3m1%+gWxVQeGLf z;pq67zPGPzp0)Zw`H(Nh^y_bYzC-&`xtBgW+Gl3e?2$ht{G@Bzvc|fui=NM_yrkyL zz`oP6_wAfCFY;Uc;9*lbM-~_i`e|K)Ub$QS_PuU}r``&>{>E0n(up^Fo;iJT{2MDC z>{HK;`(;9Et9-}!!E4EctRIZG)|B^*cB7!B3i-oAj8;ikSS=tf_y%im_0x96-H(cQ`|whO(5iI(T=R?r z^Fv#;Km1ivR#=yUoaXiGR_WbMe=zyGxnzC4pe1ukRA|&NBEQSJ>F&nSEk9TCTnFYl z)_xJ%^x?&-Ju;WQoFQF&XX^{9?fsg%=8w7zjJO%K*RtiUTAvKJZJ2U6`0SuD-`;F= zBO+ZHeSGbdeuPFJ^U5mwx!}i`zZa>5XPC+<&;&1Zxvz%E2W> z|I&#bd2Q8-L*5QBrhR#%|BMr_9bB>N%bqJtQI)H-DG@!`f6KhfFISmiEM$*h1bqk# zfXeVQ|EI=E+4DRoTGpIDe3Vk$XB{)xs4cma)Cb^NXH8=Cqp*SiOQlL#?@D9 zVoH<`6=W<1Gm)aj(o&#tc-B_~m=V@z8b6-u9T<0U#w=D>o&@z01HO#jw!iaNQZtd~9abSZ@@~G~%tOEy5 z-PuUeYTdq-_sXrxxsxt5zcc!L#l`cdpL@08?yV#Bey=`1<4S65-_N$CTeD-T)Qw%3 z)97qQ`P_BEAM6ReYIrr^>pn{o3d;`Zza%oHW3La~wdWe&4}bAM>F-l^&6;*Gsr2{T z+77ug;Pq*>)8=h%F?806GoO64qucOs>k%E@{)Y3;b!oZ_1NCO zJnl7rC}E3W-V%Z@XWdeg|Zt~Ecz6+p59m}TOq0|@0@4DLP{)Ur08az|_7P6BEgPYZW z_!co|-`wBu;OCD&n6JP3`S;rTLYx$J1NP7KKed`LIW=>KzNREsp{(uFcrKtRP3%_3IOrXUx79 z)nq{UygG{uFOIr$YJa1EEx)Z(UYj?zb;Xs}C+M zd8ptM-PR#DOJxT=?p*t{-_}b#8&`R$-sPp4t8)v&z)?#{Qn6BFO)wg%;y{o$WhOUk}4dp>f z2!d!(8Y=n_#KaFlWD4YD;G6cL=Uw1H;i_@Y9fAbW@E^kanuj(7u|p^oMFXFd=?+mE zh@Fn4z;|DB#EYX36ZH^B`ZP?aa!)N&fKz8nC5;Y{fH(gt4~|xV&l?-l?FbqOqJEh^ zzOHKdMuF(U-hcgU>%(h9@HP1Hhd}s?m+4Dq*v3d>o-qEe-wqoR6MhSTA>gpd4gwAY z9Cq6Y0v`x`An;)~0t7znMuT7<2z(&$VK)K^v4An;)~0t7znMuT7<2z(&$ zVK)K^v4An;)~0t7znMuT7<2z(&$VK)K^v4_`eY!ezeYg-QEj; z7i-wiW`Y)8?`I)vNn2(=7NvsSE$;UF*}Q|`En!Wcuui|l2!dVP1cHDA0f#M>z#j;F zAn<{}husJe_^=xdf_)(Hfxw5|2oU(N8x4YeAn<{}husJe_^=xdf_)(Hfxw5|2oU(N z8x4YeAn<{}husJe_^=xdf_)(Hfxw5|2oU(N8x4Ye_kxAy`NuGJ^phX7A} zg8u)%M*j&qPtbXS&Tpza0S5vOyAarXOPC7@IP4|`fe!>e5cseg0RkU(qd~9_1U?Y> zup0paA9kZbunz=25cseg0RkU(qd~9_1U?Y>up0paA9kZbunz=25cseg0RkU(qw#;i zKGcaX?%&=E@PBf@e!~3%{x9JCe}XOHSqLzn3HTE1+W(L28bRL(&tM_kw}xO-cg)HE zzvq^AMfmAT#Pt?IblmKSjYoGz1NYob%9;!aho8^%SE<%F6lfaKDw^?LU|e)Z(Sjeq zH(3&;$5+xoK|4EhCoE`Q)86Z73Pzlt^sfpa$SUW1rE;gYR^`1_gP1J`qMia0At%N; zpIu1HCigd2_`yDwhWPY9pTLCaJ{;q9v2sq(ODksUu}z8;kSIi4@7W%!OYtW^@9=NE zy{Ul;!}N6O|MT8ZtKnIer8?u?;hslyUA8))2LxawQqV5qpGvz(UB);=OG3Pun+cv) z^;f~1ANb*|c5QB@D7Zf6@YeZ-;CyQ0g2jj98&hZwQ#n2cmTKSf|9$@Hqmwcm-BSJ^4P}cxO#?bfGS%*a8$kKRDF&TK@JE1v$9@xfzl|^+!^Qx~}VixE$?uFLk zs>jLjzcFpx=fDBxK?V&@gj!W`gQ60>pneW}$b(otn&|BrAKr6eWaFp*vZns=W5XPs zGiJO-F*$#792^aAvx>3~tu3>`)w+h=2eA48bP7qrzxFr)r7KkC>6Dz zhW9VUyfyFxmB&5tK|k*IOG)qQgt7(d1lo^yGdfz%4L^Mk7POE87PP)jPpwG(9c7ZP z+9;=;#^-U`E~=*iO8>Rlvo8g7WMj?tT<-hWS@?M2nyiV5VR;>1E7Fc`cU_T5K^Ic# zI6&&C7Hp}yk4dGV(BtrlWM8go=(0W)+@W2i)~TvwDE2U_Cyf_-dYn7+d%sszcsBkA zGcji12+ODk1_x5EKZ}S7V?4}G!>vtOk4WRHIMZ%`+xK5nfZ026#N|SaK+|IV1=E;0 zn(VTg!5>u4cp1;$8{4ugiZmDnIvg&Kfjd|1YXQ&e`|R3Jka7?`(EaapXymk_^+deM_vhYy7tCE2 zR7?X3_P{ks3pIfwTvI&-+%=qSjF&iTY34oI5b|MdI;CN^{}LZ}xwIxWhx;Yvk>1J7 z@2d)UghsVdlAt!Y9#I;ME+a|3A7vB~gIf^x*o}h-ZtiBjzE9uW|ElU(OY=GNZhORD z-%|VWMcsX{M6+ezfIqfb6AnnEn0%fk6rI6n!U*+?8GK_U(j2z@3#1Xp74D=5@&iA6 z%D*pum4oXUE!!TnLO>&c(JIPQ*@&@z__fmPr67gnzcd%w=C!pW#Dz;@o~Em^;e71x!*O=y(iD%>2dhp*p^c&N{<8PS&<@;MyOe- zUiVCB;IlMyGO2H0{sOviKn`U=Wmz1PQs%3Hf5hml=C5thLG#qaqRFTOA@WrgG9GVH zbkl2p`BlbGzhBkUp7EFR!goA$#|+_}3F3MKL}x*e1oy*-X+=|`JR8z~0iB&}d#?Od zUbc7v-rBA2SRL3khlmT$(o2&zJ+TUGsJC2@{qNbMGA`aR=lh?X9b9t7TmRLgP5+<= z!h^z|19u8S49sRn8TOo5>;22Gv~;YBaegM}MkWCh1V@e9_QqiG!Rcq|nWHhbX0y`& z`}FsRZ^;!8{5Wj_8ilONxItNgxO)0;o{L&YxcioL zql)AP@SPVo?A|g2JLqYs$p+t$dz%-mwf;B7$qh>_CEh20KN~aGZx53vk$2mYz|j#v zuZ5zuAjm_`fjzKzF zHG8BFtBKv^O{-+P3>zPeKWbak=^+I`diR^53zi+DfmeA73)T+)m-VjoXWYzNMDX@z zQ7>le)GgS15Dd{l9?q`Hoaa~a|C%7woWP(7$bDReXBG&0jlQxq=6V#MVbc0uTtshO zD0!Il`A09-^Zy$2-j=KqgVh&8qIF(pT(rjG56{0$oTp2@ z;WuCSJV+YZ1YY6c#t#Lsv!rs~uMTPmP*3 zEqV|4)m_5E#HL`5!UP!hjfSbbn78~Z-i++>;yu^n+qs0F<)FyeF`ysYeTCHuP&+8# z`2W%ATAqRnIYVA+M_^h(YN+i2g3Tca6O;}G82lf}+>JES#;dY%%#PjNJWK3Qz}f#V zXSHm?7QfTet;XWzCp(OfCM&J8{Fj0vk8>%;0}jG6;$pbBCQbw#1c44BKt_P!&~&_p z590D)G*ID5+^BMCn+KP5LXe1B%+|R;Yar^7f>?=-Z;yhrN^xv|QTL`!DM>1PQo8lv zrnMd@1T!@qX*-oPhD-Wp<_RS=R}!fR62Y(*im;8P$>mHylNYBlU9 zgjmsdmbBAp+X7Sr)OXIm%!Cl+E#zCX1p<3iuw3+fX5Jb*LdlU!uMc z`n~`vF_Z&eR4AVV``5gig4mzX<&4dY!D3-^%H4K{xKRhc)5Ol_{eB_Er=Hv!b)-pu z5d7G5W=;6cPDG3IWv*g-(Ou{Pw>)}_(|QYp4hjrAqk`TD_i-hzk`0MVR&>nt{+ z&+n_m9o1nxo2E38=HOeHjP(>ac4`H^;y^Bs4de$w)q>HCc1pZ_sdU6}PKz;Py=se{(gGhbZaJ`<>iw3UjyN*qpIFp65_!M8pZ^vWLJ7y!uJlx7u>r7I`|Fd zu4)6g={VlfP`(gh#C)`Ecj_9VdS2Q%GoUz;qUaj^Vjnt8mq?hFe`L=&r8iOKVemYK zxhwPF*w8atPx&JYCGn;U&2zGcKs~eG_xUEfLQs2R$8Wo_<>w;aV{ar}65zbqxbr0Q z(ZMe%r`N0TO0`!5Sp$TC`Nu&^Bub~y;b_G~!4Uc+Ptm#palsItGTdej=&0P|Kha|b)xS-dgZ#k|9Iu*#N9W* z@xhs8#nEPpJmo{487OsMt?nm!w8m#~t;`dT1N>soQ{Gky%Y%`*6(I$VoALz1XmE;X zM)5VD+@JWFF(p{w2Xo(z3iCiLm9|5l7>b=^cq?cUs zs>=GL|7FqfPWrsET-p&EpSlM~6WKjl35l>k!{aUM@_L=EbkZ8-{s94>unR1iZ9}jm zaKZJPY2yPUD;tiG?YL5u@`VDUY6s$I9!@7B*O)5a@k13>JKpM^nyI4NFO-U)GC6%) zVB_zAWdUG|W+#}Zv{g{I) zKCHri!^?@`Q)2m(Kj+rKkh{EX_M?cg2thqi_I%EQLkD zrJ-Ny{oenK#bEHO_M>xY6^TM=XD)fUotXYSAnE3q{5VBSF`QY18 zPu--Zd_LV>1x#RvP%4TBYmGlyg_wk4C;FfAMnUCdUxf`92E$IB=}Uj0g--K{LaB#> zYC@9u{!VD7W!f1LunrHzbuDq>4jm_nm(Bxwjt-avVZZ#UP?sw^VFvJDRYpI}*Xw+` z-uins`&oznW>#aT6^wjD1Tc9p^q}(!Kqe)RUSu=%uiSs*=6oLrx!N zH*Uk8U#pY}^F8>e3vOTQ&BR;y z2yMh~MN+UFR&=DJ3;P*dDSUlBiCmmND7>+cL>^WM;U3u|h5Pw@ zKJ}qKggKHOpR85x$uoCv(Lcu|M}DqyD#MHiP6R#jx!=>geEc%_xDtXpyJNp!p(d zxrg(YHuEo+c@KZH{2xUxgClz-_PmUWZ4%6W6+cQ9}fE8zgIZ_E{!Y^ zKP)9#f4!#Rd%?3FEUtu6=~v!|;9=*d>A%B&Ok}>$Pw!by_KTr|Hk4$LB`+j7d$7;D zW@TVW;4*tVPCx0WnM}3)8<~{__?r?Pv?D#edy{|b2|Z$!hOJ1MgZ702n3ei@p72N? zez-@`m6A3vdzAk}@FCauYm6i{wy2-!4&^gRg|SUvVSggv_l>B$*XNY7w5#se7n_?! z6_IFOZZsd8@FN=3QeTRmZ*P-TGfid?^h-HCQy`3sBfm$aTNS4-6^8P4(|^)RN1wnT z%p|m<<+b+R3Kk@41)hhtD(wv5gZihHdJD%Ic<3}+2xz24!*k0Uq4qO^F* z&r4S9Wq$Tbu(9a*H}8tdbJ3(mx6;U$&Ww-0zZL_)@gT9Ug>(jP zMchgKc;U<9tVmj1=Q^{HIiqUf>=+CrTyRt;K3~86rw(WpD3)BDt>6HQnn6RP2;)gY zN~B0^T#3u<;FeGjuqyDGmB1)k^L?R9KZ;@j~IW>G(ZYrXz%Hd&qzC} zp&PxZ0*-F1@~fBNr&U;@#VnUWQ{<~V-`M%_&Rl6k1c=PHB*a^mm7pM!8`+TH8H3Do z>6P)K1%fZh(sdW}FkHt&;t`ZjuTIJ|nUD5Lr2+fCnobpU$vY^E>mpmP@GlLvYV)4Q ziMfH8L^EAtJ(F`U2_9+MgCU z{y+V}CaYJ(F*jCSXeQ~~yPNMt=ZiZ|uTAcInxrcEK)q%#fA}*Jt0pk;-tNHgDM22$ zVHX;}^~-1^&1JXFz!uE@BbnG_(-IFu#?a3@F4E#lB`shV=Biz{1Z5lx-wh zfv-gO9I|2|)(f`7T+2Q|DK3GWe-ms%O?Kbk@(S^Xnz5(v;L&`TB``te9E?&iL}g_hNJ?kSc<>dU zhOYWGx);#?7ub=6u7w(jd+-$f3YFO;pk~r7`sACWE6K>ppOieK(EAkK(Bx;VmEz2Sv5=FXVIq%cs0pR9sIroymHaA8!2 ziuc@qR1sf`H{M@wNBC@o$tU2U#e8)C+<{_z#7U3s$Jq4+SvZkid?nEpuVgL2&srL3 zR!I6YamKX1VxntdKR@Z{OzF)IarD50xDFxrM2~M@*}UpfK9^Za&9BKs4VqqhXh>aW zb#NGarq#OO#4FFLiym=cob=Ia5ysU-*w3$zk@!45toYz@Tz15p!p`hGr!;&70LwXA z$NFJmiZ!_w{s1i^>3@O)Ky#>y2E+sk9SbI$aZJXPJ>;a3N{aWi>MgFDa%mPQ#kI-Y z9yBg9Gw!(!FuXOlH@1hxmh~0;s#oRD$}Eh#M%s^Pk7}|gUn=W(kpHvd&(CkY zhbBlNt5h-fgb^@A-jg$4Cp@rGliKAa*KWvi@^*dmptm zCrht_1sKL-yzg0Bq+Vo&It1OG8T>QTI#m6>|L5W0iyeVOvreDC%Y}7|Sv*$0{$TII zUPvL|ZoHBv?uXXFuNcE(vEn-smAB)EX?B9?YhON%SU-k+3kXs`aee|K!W1k7paCOS z%-Er39aPfZE=uGsLMlX+m2OYM@6Z=<^FG4?8S4mX|I@#q9+XjPEx^u@U$3)!T_kj) z^1MyNy~SF~pB3i!SG=X1Gv&=yJq{Upbzi%#Q`pIDQv*SQmgvdFy>UMx4<%;EakhTJ z#vM6oa^Kx+b;nV8=enOi^;kLHh0;xmSlo7;FB0j|k&SL}oDXJqjujq7=nEiSO0;j9 zv4?92-164Ae8J{3O*J}?ouV&y8u`hlZiZxToXtY&Gb~`@$y1NdUHUcq>%M&vd|_5RU> z*OKrhD#3n+7yCOhqT;K`MCTt6hXbExTBQMK7Ch8={UB|h;3sD+3%t)yRRG1(-5_N_ z^hKOoELFRUOmV$4Hr!KlV`?F(EzJ8g6njS0tc77&XxVH;%5Sko-kt4 z=y<>P&Rzd%z0iLxcIgrw@{7QX@#N(FK{tW3l#s$cH1ZwyN}FIcWqYAvj3(0VrsU~f zpVuZ+L*a1O;ez40t%Pmyk){JlKL`roZ`w2uz@~ysn}XtFRco@dcEm+{so3?zsSVyR z2p#?8EfpC1+@BuUda+MgIdd$7Vt(sK#Psh+H+7cmO$;l4yG9Szk47&MVWG!j#ZdI$<0;D_EWhU$co=pW~UqLj)Z6+^F>~x2mKHb?u0?NSd(i&oPa*% zY@(>KtU-5eHuLz76}HSE6>B^DQ!jOII&4Ko!;e;Mc6g|Y0x!vi^&_ivXM1&K4&xgY z6;CUcysX%m3v-@cc}2;5J$E8bq~3N8p1^{&?;Adva)}RjXI`17=Vfxvsx+_q{n$`hA#R^V-1YSD{5m)DIxj z=B%Ko$JqGM{b9R?h6=VI)WnYV%vbI<2Fg&O-waeNflS;br}G@*Vt8XFRwSQqq<@>9@69!o>-RUsRc_@DHP_)#-n((*5($dV6T-bXW$PvRI&sIyn41**EDoN&D z^Gg9;Sy5pH8+5_%xFkb++GY^oZx;D8O4$8#8x56tQ*&&!V0#n<4RCQD0S8#T8k)fK zP-w?Wm9*CNBC4ZkyqaNbQ4UEvqac9MWkJ*Z);_?yv$qZQz=4I32t@yyMe#u~XD#yGP4PVoi- ziMSrR;J&~o`DS`gEHa)`EY;HM=&XS)St1S+mUfk=?0PK4EOIP6PO@B)pVmK8UN_`W z)PF0k(_qc?HjoEbevv!>^{*JSSV0Jx^UY(ag zGTTS|oS;qFcWeJj)%QPaDoqaExLbW>!N;OC;KbSYM?MhC>se#JtO1&ri@6(dUR4&{ zi&+MPmzZ?axUx_lMguMeUt&LA%Tqp#Uk+obiuk%k@xt3giqxd-mnl-uN+=>ETn{Ag zyF$v&A4vNoI0SetoNpq?$vYlMrXxs*gl0TPXWZsJ!E-v##KS2{+xnqY}HjV*9+N!u4Pbt9EBi}q?35Sw`6$hga_*v_WwJ9%8Z zjn3reuv9BK*u)*1ug!6M1_4TcSxDwBs3O^hC<#)}0h)cauzh9r5hz zk!NS_NTnq&<44&cHNt0eUi$Ei9%S=K+szdkUvWHq8pbe7->%Nb>3DKG+s*ps366U(Yx&j zhH8K7p9>epJ1V#FvhsQy;lnZ~_(=clb6hR_tyK-@ClJrTV71U75Oieim-8fh6p7L8 zk+NSKTJ)%NelRdSQ7!7dH>5(UQ842vQrCDO9F5=^zv|(3_4%WI=QG6>%%gUG-lx6g z*3CJeIW}Gu<-H!8!PZ#oYyvjkSs55kWmj_d^PYP{iECr=ns@B`XjrPh<3cP(*3N{h z&px268xd;yF%kspBc@677dXH|;mJK zSSb1dv}x@uIti?w(7WA^@En0*c{~%#4Fp{z#ujnXhE5B$Ml!|sjQbyz-J6u0-5 z82EG*Y5M_FCEsJuNnSl1JY$fq=fKGO((o8^ze1G6`fAN5`kuZ<=W2z+Ye_lG% zKdt(Xf4s4@QqB8w3!C-6co~;tXR5=3abSr>!TtfK^|=?aSBVY22CRhQixTVDjYqs0pbgn;qKomqicU2n6$ysGX5p=2wJ-+)= zoO?Gy&L_Q?BUpy7>^=ShnUBHaN}@EyiwGde=27BVs39}Gd?cWiniU#KftTCV5PN6Z(xC@ojp*$cJxE}iAWZdlu)f|@!NpAS0&gX1v;6D z+SgNL$wVPMAXTzej%62iGK`vipVi31C$QFeupXP%AD>PGjY*M|#}oB*(vY2GQb6)$ z(UXQ6%4P@{&3!T`5>1(-H z>sA93aNYxJWhclWt5r1e8MjolKBnnJuL+y|wxfkP-)*uNRW`%N%eKH>qk&IfttN3F z17hM;faZlRHA#E%SBLZr8*;Vu3sgM86mQ6KR8SWfZ_qgSzwq5>ET{QHM-Pcp;^VWE zn3=eC6D<{PQE@VswXqi7!+j+6TRKf6`i zZ)8`Vw!5SCabWsw`_ zMH+0J9r8=cSiCKVB&Oqe#6f(c;AP;9lOOHT)FIsg8J-1h)6DZDvPYPaZ!^n&H7chrNm4=W1Oq@!~y$x6}WXQP?K6BS}wGEiP3 zK|%D+>FD0fM1{p8!`?wFDeiLzA`s~`Yqs$nUTHsnIAp~=I@R_#4f*vH<%iRcXv~O4 z{;W@Zydq=>VZuDk%TZTE!IYcu!_d?46le=yN^-N07?z@oG_I_4RMMix)$rT#Fn6~J zJ0wb@qzG(w#Z4k54P6ZJLGDrFNUK0vCPs}#k~1EfI;4#gr%02VEy|P57*NjIxm2`% zyWTWE|MrtBaKiywMD}s+sMQ(D#1{9AC%?k+FE=#I#4F3FdSf z)JKA?i5aeBO)EHjtf3HII3}|IrrPTr9>wpj2Q=H3G7)FaR*(F8p5o7$<9*|^tt19D zD!#n(V}lxkUUo=mCy%Ar3Nd5qde&C9rxD01GCTWO_NzBkntM_4hTUhoJ)t=~YRa)= z!0E-)haN=Br0px}>~sf{4rEePsO-7I>Yzx);HPnvAxQ-p^6)~f#-81yhMkz9?h%;TlO-aFP~wBFf&f~?Gu1JJhYfPubk|a zI?ElAe)p@NpDbG2*A=XH1T~KuH!OXcZMtXEmGdx+0ST8aoIu)-q`jYnks^bZIz~(( z0|^DDQwu&IqU%K%?V~KW-FFdF_0G3xxh_ERoRs)SXjMnxmg$4Mr2O)-R=%3FyC{-! z>6ASpq^oMaGx>wB$`H_cR$LMK%ITt51T-SQJ#bJW#>6Qt>ln7Av(qoeCZXl^uocOxx1~DXY z7A@0-nHZi%ycw;-?SuoXX;&YFM|^ef?(EECP8hFs^7-h*{CGUZ5D#Z9GyUaFxHc0n zKr;2HBH~OD1vE3}z?1$U*`#152QkWrnPNq@S-%xXI(%cCOh<%s1HhD6>s&gdS|zV) zQvPr}|5RRrs+rY$R{v2(k$nAlKY2DREhLf&7SAF^-W|r=P-MZg2D}tFmzH?=tnJSZ zo_Xvvm%*`!jVqZx-gBi>bmICPyix^W%2gZo;Rg{8%;8Louc9J-1B2u+nO6CpmhZ37 zf{pDBYK&aL^mfz|BBnpxbmTyB<-4q8U(48T8PeJ3=@NI-oGi!ddN1MJj>vQV8uf+#&+L* z*V9%{tT5gqsy>HQa$Yc(49|2}IyC3r++`WCE^Q~3>{S(n8eMt27Lalp?EG3xU$*)k zW6OI1viL9+zMZOqF#1-q+y^c)NZr7T`7GLY({6(yQ^4;qI2fvOo~88dm3WcR1A zHs!$7Ztew0GNRDqM~yAj()`HV$iG5^ndn+$87hg0(@&|+RgLrrIruTZRrm7yN_hyU zsgHj7C)Xm25p$wAcMFiML)w1&6DPbKz&;mM#P4;35=W)l?4aYbhFUoG;{}=rNP{nA z%D#Z4$wO1b>wTq+ES0g)<#y_-uDPRsBpx3qdL*LAxw&c8TFbM(Z6waW{8 zCW)cz3P?Nj6;1swR5+?IyxHAp81rX4z5oe)V1LO*1M0J0C4W6NeYSp|&(W%I5fd7( zyHI8X>) z=Ot_JpZ!cu8TyoznwHz>BWKDDuDC;8=jo*{DX?>B4`eBF@(IlxO^!4cEsiZsOV`Kj zr75=4nhysHkPo6Pe9c;aR-2zVWxZq>-v4QjY@ip7{TxevncIxwq6nlgsE@XTtc6LU z<=rkuCP{t!BotEeRfz?}tmdJKJw@NTylz)kpIEyV`@5w>?O$?Ybat&y(&KkY-J`yc zM{H7W6G-F$p|e8HIONeZTXQ}PW)EDj_j)K6tBn9VFVgEhYF~L&F3YaJm=g7GclCYl zF-!UNrF{S+$k;9F-Z(t`ifRerq;m4v4Sp3_6^{~Cdtsr4Y}}+7(IdUqiVz)dOY=yJ z+$7{bt|%V1NRDl9ANZg6%`jD26nyqiNJEt}jWMLN&VgzoM9&HkTq49Ip*|rbiU+my zgw|@umfls3je#Y=b|u3$>!Klb!_$6;f`2Xsr+;)P{Dxy}r}_Lv_EMvH+)B3^@cpBb zk|U%e;ySrN*i5S4mZsOK|MnHbpd*P+T^O%;vA?=z^5q|wsN*;N&>eoYv+b+|ZmpjB z3RrU%?mM_BrZ;ybD+XR}hVA8@^X7?Z1Dk&Yjig ziHBJ}7w`Kct0c=dC1$U___)$Tn7wxPhv-jKbtq3TaQeO0n3>6&(z)};{3x^{MwFc7 zsnU#o?xAP>XpSv4IJ|~+M4$e7M6v=u?)|-Zkc>r6Q`n2y_pc7mEcBXh! zz9-5m+uq{#$~-$=G9C3D$#yF~#DFw9gPZ%8hyf;(n1Mm5$eKyxQpEy)Vk+vae+FRx zuXVbsz31pN|2%(??0@ZTabjK>aUx0B7uJyng7H7AN6g5;w$HfEY7)|3uUC7`I6oPX zqI}gCPk$-%V-*qFIL#_N6pgU_$Vd-%+ZkiU3sn6Q ztRP7!Sn)8jBI+g?Dz9QjQ&{He)rH@HULrQ7L$8)U_$gh|E$;Q~&*&U)XP%|xJLB&B zx!)43k>U2rFi5L$E{r#@eYo=E${W4T`u3@K{mKcy#UC%YEv~)2P<{DgnqkI~_p|u@ z-(oB*l2Fh zoYE^PsZ&?Zd*K4#4rW)ud8ssjRVY{rcvB!8?mjUlx3;+ueb)CU$^3)YFO9Ee9aegl z!l6R+lf0f}B-k;0C@|?4705cowMbU2a6NnfN`oCWSp8lyzyHp|k;y+xvLN`A5PD|A zyz(+<;V@(+sDwUn!%APR!_z!9YkgiAYoKi9Xem`bec?gCGVEFWQ>f#_EPi)*KJOE)EG86eHgsaGx46*)wlIf0nb2|_smWgleUIsS#xpl0*X?1? zs(UgoA>Tr^##v2-G;+|ku(kM91p~NvDm%LjMeFrq&j-!8--23iquyGcn9pctu>6sU zJ=Dn3kULd5zjqiPX6%TxdVkx)-(HAySB}=8KV*v$#8Fc#q|va1(u?W$g|)sRCBGpV zP3?bLwxYCc4J@$Vk6-3kes{cb?!z+w=)3%I^xpSRgG?2M&`(x4U=`!he@pfwU;3#A zN9h}xe0sg{czs!a70q`t%TLS&0~UF9M1bF9{^R=KMG`rUIs)Fn zV^mLrIL{c`ae|pS)>s$eMDw*?jmkiQRTAAELgb;a_w2PO-h)vQEn4F#l zm9>f(_#<5WSv8BX*5?#k&Dw+05zifYS$!xxMtmxY7$6ZJ?e{6F=%o%`ol0%7+-z;b zR2B4OW_G0^Sf&|AF{5ZvKVGlC>)r{>@G?Qy1e&&$Y11NJuzr}6%W^Kr#evD5`TWI_ z+ylwvK}nJ1#8hNOVN)q*>L=D#Den1Ei=gx^=D)KK*K@^_;(5CryGrNzd6Ts(mmmV-MRWLR;BesLULi!*DaIq&13-N1Ct=objV`$gumlk}X3g?nk-=tBAve+*7TgmXjy|S@bv5>`Is_nSWk#mPoUCrUb2`TDR;)1DL(kHlC0-Mg z7{=&{I+ff1_AT5se{IEkV0H979asQTQKdVf`>ZdzoMOtyWa`YMGcH2qAzf%|n~Xr> zhsnC={X}&+$*skGY^vyw%Dr<>`%|rV^{{{p;@HWDgUDOBu&|_zJs^- zScvo8Va~_Ai9=_J|M<7eM<%bGCqi01=y7R347IazVQ)#&az2Qi&i-a>SdL{QS;uA{ z`OL=Sh|)nlV2yW6RRF}>RWLJ0m%ztuFu*#W9-WE^eY2p_i2`z}LQg z(F9^mk>~h@kEEgB;Ig;-=ilp{Sx#TBPkT(kHAFJBU5wa zbgxYYN1$3!l~4DQgmE?rGzm4;X44vaZmjk9)U5bkb=V~f@HY4iy1~r9DNV30$iz^Y zWEGWo-ixGjMffJTLgDVAIdmFp$~cOK@hKUu>UULNT#iz7e2_`~QRU0Z)AqLw;fnn{;{AqWn6!W{H3*_aWB=h_JIZ*%x!N-9a8lGe$j_=5coAF{_=_C0+nb+s;f- zND~ABEj%qEDw*z79Q#TB#Rns{(Dh$O3_h#^Su0rvs)l zuDG|8a^$3v7ll*5LKt&#{becYxEJ+DlVT%Lay9GA>udR)%Kvl~yu%e5bZ=)KC_;1r z>4Eksnu?TB=7&4IvKDM?CKGJv(h&TF3#c`!FM8)JeG?sME%9Dzt(s3inC-+u?i(f} zmjw(m-T9A5B|D_ceH5GT%EuSFP%-B}A=kv)w2UKNRR4FI0smZUM-MWNDjlr$4xbUc zi#I4Q>NhBHgA16X`>2VYq-(tJrMz@$1xz&4FGO?>ysj$5+-)VgHCq}x3Wn6OSYz^h z4KcQy8$jDQAU9|cYZfDTXsIFdyA!eZzgh(Ow-}}^A_KP>QtepC)zXk)^rC)AOPhYi zSbPs_av{;a>q@qynKABaKKXU9Z53!a+S{Ax9^lOgUGJOhNn(K(PhjJOES6?JaA^Cc zd(aV+{GyF-E$z7w<8_zinB`%$lL!9Qtn>qJ0r17P{(wt1h>4%N`e0L^I(C14E@m(G5vws#^-fp>OsNR%S#6gM~<}Z(?WPU$%4I7 z>B5}YgyZTeX`)Jj`lD&9GzUam6Mr5NG^e%bdK@Pv^KVAE%FzGZ$}en9>{SQQ1(1Ff zMt?elKT_zm5_R)*y`3<-WR;>%e#p=&*uPNK6%?GXQcV51Td}=kVQzh}!t?{ku}R-G znc~#HCM_f(&6^Zc-6}^mJIE}k-5G=}zf<2C?)$H zmW;eA%*#t?b8(ly@VI5!5%XKuD0)Dx8W%k5!$}8?@-nK5-ioLwleIZSZ+GO->H<4v z0UP(r=j*R|^|1xp<$7sN!+&`kP%7ij_FV!|!AAS!R2aZx)!uZn)UzQBQ*SyU|e{q4fPMM-9&Keo*gnh+773_r0N zT}mjU&U-2X8n(YN(fdAW3UbU@P!!kO1HasdI$D1?=aq(ONC~NiY1HqN^Cz_42FSg4 z2B}6CGo&5rm-_^VGpe?<=g)U#$j^g1e)&Hd|9t22cX*u;xO!cj&l5~->FaMFR^HPt zGcCl4C@iCJxPCdLY8|j4zx_3bgr5gl_ldGEv{6T<1l7Q*;A}e+vPJJ*t9_c(c)KOq zabtx};VNkmHg@peEVvj-r?cI=t;=ORpK^2Ag$r8E@C$!bdsOHZjtM0{edM`<0z>2k zF4S~n5Zt5$H%|N5z4H8Taxbjhc=eC+lk%dSW#s@ks|tPe2&X$IR{k>jN=~W8#u^=N zxt39|CPEOfd{?Q89|H~!ta%wUFX2uO@(Fl_fIGpUs}vki#(D*T0-B2F?{S{<96t2% z4p6#u0kF?Zug3^|E4sEfj+uAOxfVF3&vEofKc1xNrSf@h_uM~jU=-JN>N}Sj$>%?T zFlbk?azNFBk8q3NLKrKc>nrT3bgscAviG>8gSe!_ocby-J#J+6N<_RA^T?LAIb40W z_ZnDq9=+R}X0Pwz z&?D^L_;~&0*{?sPZ0b8N*n@y%mmFaEl6hx;auo%*DT-=Gzd?bTQvtDN0ZFpBm?*QY zim22+`3an4!Lh_?aCZ4VV#Dpfmt7_R&GKR6PU#OAe<>Ykp59oe zz`5IvAEqC=dO7b>s}=fREsoA{T5lT}8jufA>F9s!@I^MAG=aR-nA4nl3>Wx0mbT8Q z-hpxv46XquHYZ(v_uK?$hPRCR1%a7N&lvLr&5`*v#xQE{)~qEW-au z{H@k;TW-M&7CdyRRXZk7V6{W+pw^2c9$nN5$zeAsq7)u2S(C&?xtkc3t-t_BY9KY| z?_a)Z(KaHD#4*>fc?ax)m@~5HQ98AS=*Ay%&THg2S*LQqW#;>V+F0%W{cWZ`JeNMeuDtj8Smol0@Qdhr#jM(*8)utB; z2QQSF$w+6m=OuVY{q|aIK+R0Vp2yTJ%u*pR^iQ&do9dZk-}CmD^f>R)8lHVunSCuZ zpP6mCV-%n8ih~tr1I;uZx`Z za?kqhdQiWrrf})W#P>=S6kCELMI5MP);v4=v>4B1%J}1yUX4k=DP?E_TMCxKWc0sn z?kd^o_+ZrbQrrpn9xE#Ko*~Dx*bxXH9O<881$D(M6rALB2Pmr6z-Bz*qxx@$TBRoe zhsKer-KVM@ z8A0GqaA=KnaB<7*0k8p=QwNxxf(O|LQNq1KpHWx57f$-&_j~XuL}jDG6kepr6fUt-CH> znc{AFZD-fmX16ewH{omUHa!Ro820)VCI?66i}dkU_Sr(@)|@Hq@w4=xRmr|ta1DUr zjksSSHV^WoC*^)e4_1M&vnBL^yc<=0@(g-FQCz4&QJgB98m!G zEt-0BHWw$X)vP6i>ti7Ks7NPKNJ4t`0{Zzo5cc{2b-FD3F5d5;{<3hR*dW*pkWT9o z^Ex3-YB;*{&&KWvh=q#qSUtuOr0So^b6R13D zY^xXb6d+gu?eqqfW=RN$Nq*!xnstaNG{@p*ga$5&K?l(Yg7)LyR_@sx z(Vl~Z4OaN2AlDl`16)mKzSos;AIQE~>HD8nFoPP~BQHu5f**O>D34CvE0lZ=U!yVP zc?g6lUD1A51q|Gw(>QRKMxB0MY$*!aYdm2&_Tx~+<>p_~&Z4EE?|U2>>7nQ5=%+U$ z&Q7Wi@?g{S-_FkOY(U%Mbv^@q0C+vk()$a2AsX5zTarqH3WMPD!jP;0L&*4BF)8E-awAtG1nVp;0Q~@#ogW|`kcmG78 z1BQ~^9COQUoSHjgw32Lto7)~OT^}|D*p?itU#s^n<&T_w4Nd=py+TV*O?VVPDpzTf zLF+mHAGW?SAgZ-%dk+lVjdTiwNJ~i!4MRGBAWBGsq)6A$9U?8Mj#3Ipi8Kg^AgPE_ zgGzTv!?&@XbI$wiKMtsK@4HrB>smFV-1SQV#({>W{r@SK1~4B|&QreU3)e>QvvOUY zC_`~c9lQ2%!jn`Bg3n`NByVc87uxxQqM74`*uFFQkThbw(1Yo%`miV?ifeHY({-B- z0WliGU3Sggh4Q|1K@~ErF4#ae41JG6*mvL6RAl@09+*!4*W)F~asBtWg+I^x5YIK! z!qN(Cq7U9_u{y0#WKDB)=#-uSK)2t;ddC3iX|6hxQmPyO8V~?dxXzREzl6lEGnxB2Cf%CZ5)>2G zPA&m%ZSI$dXbVC)B=y@bVL)!DhOE@P$`?|DUW+#?l{3~I2&%@pjk@MlV*>*Bk&YaX zuJ5_Ods6*QD#?`$6sZ4vS}*>coiNC_Mvc?9ch#B=hXP+|^g?T&X&8`AL=a-B+D-^k zrdhmuxq1<;CCodkdE#`~q117H1QiUQYmhnzcmKkX{qL($4d=u}KPLe$8vv%K1PAZo z@K*^FUKPTQRL~nsgtHZ7!`X^r#c4>mazxwxPeIeg-1+`+H7`l0TCYskgn|DP>i!)+ zulv^ZWEi}g)_z&IAe!P#Pwh>|%Zy=``@^Se|CLP}|C>%BI2}-}-cS<7=bybc>p-ZG zOrHV4<@oQVYHf&q^+)d!w4X2C-pw#eaSyZ; zhMp2%GITAaUz!}+);`PzH9r;@t8m{1vm4UhPe6pg@YTI+D^utyeRgoWKUNFS+Kou*De4$AxwAd}???fN zvkdv?u{ihCj(9pn6`gMY;|XrWgTf`!c$^h@gmJ}e?DSeBj~;3FUzll@IRbSd>(Xgf z@2)L9>9UNCuk02J-s26rA4M)7s}pf}R?fhBfXnDq|CIg$d8Pkz6u1BK<(=ao=p%;C zF0=ipj%|lN8Xa%Lx=2wzNS>gq_J~c&F8t=i78rXIh%KSr`&K3Tb)zGBst1CZ*X3QiNZoq5up(^ zii8n+s{3xMQlK)i89^7_RFFJ=s+;cq_D3$xj3<*|yJsmF^*VRU0k&cdSqgdhqbq(OX0J3h&ZezGtF!xjl=2 zo!`>Iavq;LGkHJv*XdVuUv=wqtAFYlxJ!)=%u8x~D!hL5+>h`y8p2s7x`P7*S?k=T z^zhb9@i^z)_}Alf|2NbU^en@Ef@BJb*!1{2R80%pya>1&gz!q9K6?7dHym>bp1jfQ z8h*C6G6@ZT`7uej8pp8ytsiHsOl^>6}C_|-m!70f;u>~ z|K68zeDcvdM)_5;1`HL*y>af2MG(l?>8EYQ;{2_3qqAyVE*J}R!C*G|-}zcwME{R$ zapm&;Ey8|prIGqrJGEZ|0sR}|i^3@OR9c~EWp=)yWp(N^Db9epmaNp|r;pYi72RCs zS&(}=-p$_csUeF)@G8k?yF~bkj3k(j12E6!I1n_!HB$d)H$^Gje~Yq08n^|0#LPOK zavblY3uPR=xXFFDu`i9OP>FQ|vEP_xg7YZWR$Xsvztz1_cWw8rhv2 zNQAa>D#x+G>i>~upH$v}+38=_0oHlxQ1FapWw_?$-mwo@{H;5OLd}HAR+>U0GUPhR zG;M@X;jumGOxMhN(uRf1aqs0!TV8Ie%D8^g>JU%rt=y#+bCF9Z-s^c_yYDmI5x_DF zE+rCiol<-(bR|5yzBY5&NDg9dEm5Mx?D!trt`{Tp0d3p^?qm*O6mB~}dY zloaE{`j23Cf$xQ74ZO>vb)xP99%X@6PpDbCMKmBu{*B(#-@$$$44jXU>k>)`hrS)J z|Ew$sI{a%yQ2ey{>O}1w;rcktPvY^3Lj@jLWfkHvXlAmz$0-z0D6B{^AMc&e@I~OR zkan*Ogc(T`H0NbS%5D456ov`*ezPUrH;(X!pjgw8IvUbPC-0j^{T%+!ptZ?=LQUs^ zA5dG|VIFMC;jyMK?VEvS_j71GY}Zj=XT`7e3WXkn>dDu4{7w<|=|qW%-N;H#J+L>E zSwA)RWmQub!kU+{eWX@!FUg_rxqNCKh`cr{owU@^h(CAR|M_g()Gz~o{&|FcPc*Ds zh21_vWPx1;4xwi#2(cJSg;GH4`wFh%XZGZcw6#pjE1`uvdQX#8>bB;x{E53KyvFzF zIX6CU`(2Nm)6UReCIC=^X~-WMqlYJ*nb!Junk0PA<@i6JmefB1fpglKpUR{ScB`GD zOeEwv6&UBTCUwWUbkuj-hBG|e7}`njMwK0`i(6xETq90v55HV$O1qpur8`#T>LKqm z!n|Cs24N-1(C->I)ax5PvXjZK0w-#I30;=5!o5fL3oiYS;rDa@cb0yI6I;|_uR?1? zCF4E$=*V-pZd&85I`vUsSEL;LS|2(F-Rl303ECU|^cZPeY+E-l=TkdHb3|MxGp;n1 zbY~TYvGbUYQK@;_ta-s4jGOOwbN5`YSII%Z_6XJyt1L>fVRaYrGmSU4R z6j6L7nKDa>!ppk#Rrno}6d~;SdmGaOUAb`8b!zmB5u_!+-MmuOafhkl)fHeP z15YeT6fO2q@?2^D^SPk%=2ry)h*$xw1klbh;u5gx#1|VB!g9xrya%zmL?nbNWGgF( z5k8)G+E`nbFGNaa^}1<}cun~!jxT3e@^nngJ3BLG@#soZ^&3E3(ZT+&# z9zj}rtkaJur-msFqXkc?c`s?(*QC$Ov4XDWf8)7M_&hT>`V0aDl%~GaeB{;K*v$lc zUNd!*k?Eh4Juln%duz`lIG|K?PcKt6Wm;%Aq$;^aH1qlq4h6-L8Q%852^C*Ne$f(j zF>}*))Tl$W=aObVgvB!gv0Zr~jbo*%nI3S{q@ze!H2XB0lhOWvCVA-}!IgGB06KVN zu}tca3tD;{&tE)hT1&n?OaOzjCj<#8cVAWX{dFu+`8}pE7^gg+uBgTp z_OOJtOgO+o9tw4;5Y|IT3nlA@Vn?r|G6^zY9RXH*Mxsop+ycA zJ1e%sh71=R6Hzl*9~W34QJn^bLfR@l;xqU(jIRUNakrDeGO*j<66fz2?6xry2~W9h z*5`!JvOOqXw+xbfukGHvJ_C9#fN|j!6EAJVVrA9C|1&BDsO^6)a{~nko5mRo3{i$L zkf$swk}(X1(O+gb5Je=@=X*$xH8d<58W0Lz_X?yobdF%H)K*&A-ru9gcpZIR-_P5A zk!FSs7@AzMp#vW{3f3tKiD5_Aepo6QLAL(FE0n z21SM5*i@99CJUt0MLrVk!F!!o`65_rzBpA0Aa*aeE{lJEJw0n?bjE@c@aFMV8>ggp zJK?+&DJu^>UO*_KqtDkgh5oJn3%*OV9$&_w+_k7dr|(5=i_e84F^%Sw4iuCDav z^W77*z5lAW)jzBa6FlM0IOv{!eC5Az97y-ad4NcLCve24i)uZ5d!}<`Nu%np z<3eYKt)oVCA!6KvoD`5O0~O2Nz50>HlzVjbH2;_%_!0HxuhbPj55YwaT}{5XfQoo= z1qJ0Qz$Q?)cSeB)ceVXa$!bDF8yF^>y}4;n*1vsQIfC^f4duvXXdUKj?bM z=H9TptQCRRwYnp%qk-pTK|w5lWTgSpk8Xo~F4|te?Of>o^SMh)!3h5R>&~`=n*3V6 zGB$n;g?$x{65HHceBQVUKuJhtiTYlu7_SQ z^pnp&Jt5Xho!>>;9N#~jNHmp+Y%Xc)5?TyscsSRIC}RfXxX{%>QHX;?rG8(xJO6wM z@N#AG}~y_Cf_l%}9OU>fRu(3yKk zlh*!jwcn6wolKYpp#e+1lXd9hnE<`<+}B>h*J^9}0TDu;bocU)jOFrfEY#(9+-RPj zpw3LB-)URke_kS0;4gAtnDnP8`JDI$E}0UA0e<)pI<6Jez1$^K)+AI^v?@zzc)0hj z_~Q1n(^v$%$E4>e@A4xi1fnoteVlrEn_c5&)!FQ_oZ$s650+-zRY^5z&*0B^fMY6h zDd`b1$TcQ94%CtVdi27h$G~6w-3lB%O$riNQPCJ1kq}fCk$ZujO|ycPQJFAwbYZEQ zm$2I(-LPGEZxTEWjI}MqmCOAchYH{uu#AkUHRn^>h`y8U-@Ez!&I^H5B=QTBZk%sc zjghG%u%R+*C2PFE*VPwr+;;Up3ZqCt`7d4>OqZVHJs%;s-ryHsh#(jiA-Gh*KyroA z8uBEL!vvV3jnE9w$RMHS$`eR-^@R7_ZPv z-gloOGb&QxHI98Uo77b4uq8uE zU%^E}(4&bMG4@HK(5AF(ndb85udnj&1goHh6t^eYX^#+MRF9ufzx#2xzBYx(YFT9c zwBVv$2`O9J?#}vb%h>yEk>?12#~=~Q-q&E$-aS(ClmA@-jhOR--t!fZM_?;ZcW+MX z$FV7o7~fbR>7)2TI!9Z}0xxrZ-h_&ZMw{~8X=-CgrKZ)zy^cT7!^O_k^?na~WJTU~ znwqF3un%$x*C~JPBXjB2K!paZf>DmerN-OmiH>JatkvUYv%D+KEiTSOS3km!c%BiN zJ`@+rC1#z?|5h_V1fXaU4^vsHD(>uETzopa4yKtZw)@K7eZVwckP6gj!dXtwbFZ~b z$e+t8=k9#J8_evnHxv7-J`&&+smd&VGl5R6f6_Q>8AI4&CvxB6@kP!9itUv94WA;8 zejhlt-abpR8-0rY+WDXPd*=#A=5`-&m%op;bU~P30GtNn^JbCeTeZ9V^UZ>rthZLz z(7`^Ss1#H`1TA%Ng(jb$^P5G^c(h)O=E!_5?y91^{8@ zURz=OP=C2pI^1S+0-tW{RjhfrfV`-FZ(A?HqI07N04TqcPR^@54w~CaR7z^8Z5Czi zvAfu(@$>Hh6!cYG=JD}}-Ov|;oNxGo(OaKI%yqg|^ner^>+}abY3owPDV=Vv?H>5g~LiH}o$qSd6MXZxvXNkjP)iZ$(q(KZpNQ+} zOqlO=yRymzNVgZ(q!h~Om${!>I+<1z;JuCHCn_&*SoY{gg9MvtV`Q4Q!r6vZ7JBFl zUR4oz4!)LEFDAu8bx=5Frxc!Qn!CUn~fIPEA)=NBTM7}+qq&)8)WdV`Kbwrwsk{F$@D)?sn+(#v}a_%JMXc5D3g z6J1cwu&a6RIjrxrb2@}4BloAn(~vj!n$=zFJ~>DQPkr`p@=HqO8A;tEtCjPX3f3r> z$S{0CWWrrUP5;0nNKAWEEhn=JAJEg~JzT3BlPt+BXVw+Y{3iOg&)NgXreq-To88n? zk5H{~7skI5Y5N8>a^sVyO)D;-cLRT2nvCRNRDAlAgie2Z3*|C1u>U9oA_V>ip!iDP zD-rw}GQ8L`$1)=T7}JoNFSXlGJFPtP4 zQO8qM4S}J_ey>iUPKO>?Ni@PnPQ}HgkMBdcL+uJEY~flAqPkGZGi|yf5^(KpT&S=b zQbh4VuQnepbM^8bx2A2nQ{AKYrUT}M$c5<0;L(=T(N%jvo|PepDnqnVj=I~O)~y7Rr|BG*Bj>P3}nIm&OEa7^k;OG*Sj z9ZO&VWw$6#vR@UuCchKwyFEsOYDrePoITaRvY74{&6Z#tK>GLs0vk1b@LIe?=?Rr^ zdGIy7_PmtaJ@ceNx`4elrD_ttPb<7A$l|(A(k^GpJ|?+1KH0aqF=fQ0WJ(K#$!msP0!uq?TV=6ci)^NthE=1 z!~!q+X#$d8HB{@ll|qqH(VZoR+24=4lG&Nw-dzg@HA4lbj!QoEX zg%zWD_j{gnvzS5kvDnJg)V18a&duG9^3zw+0{mACrp4xI;$KqRXt0+xV1EdL32 z{ZbStVIFE^XnVBkRwQ}m>1PJ;;p4YHMZi4w90iz6W%XsGovQBLFK~yE0CJyJ?H$oi znl>}vX^x+$i~a}!Dvpq!mCpYiQRm~Z49&2qJ+XdYFr*|{oLa5pd*$lj%tLfz)|M1~ zJz3T);sVS(`37!~*0sew7~g8hA1%=$5&n{1$t9d1WF#T!{1#o{SrUQgna?)DZsCCNai__YCevV@;9y37(Sr@)&y{Z zx9)eVIPo^c)_unIA(Mq%;ZDCmXu6Q$SwSx*DpXG8G^pZZ_ynaV!<*xgvQ+-3}>2)U)^v)az4K5CC>;Rb=1G>nKRv724~z7VNRJKFla3d7IJ-lzxd{i`2>-0%ATobaOICkV<{>>x-BNZ5p z*H^tc9HGkqpi$GVIX=fgj9+$!EtA)c9>M)RY z>zC*}Z+(D^iPs^`d&BvG5no`cP4m_AZRvWy^gK9u4vlaGLu^5jcF*4BNqs~|Z|@m2 zt-bZ>!@x{~OXchydmFDtyqI5Pcr0o{8rjNHb<=+2XRVT&pXh|gbc7Wk*=U}@SuXbt zTn=Z00O&=BjfV}%2wO1-Ry^EJcL>+aU~};+P;Z}tL3+Z0m$Z9Ez5Sg5yV);mcJE7% zs)YwY1~2`fM|W5ft6rqj?O1~1LV#3FAz1JzmlAajO$U63UleOHZ}v+TQ>v!k;t@10 z5sp9edyD14+s)LvIn8*Fye&_OPJ&r<`6~(ax}F3$LCN}hNgt?xI1_u=0}SRn2L*SC z8gB96m*%TB^P*F+JPs1mbY84k-Z^`V z63(bpL3ry3TJ3%Ho7oF&$?fXi{?@)u#0}!oB9Vwa3U?QabjQ(J=bE;BG619I4c`?S zU$6^fMLXc$CdD&`oL)n~$nO6bBB~@p7?Oo9OkDzui`Pt-%Nm&a<|VYnCAO@e0A1YZ z4+A|r!PFz=M=J+>dIi!+8L=Sr!s&(6Y1PZFK8B(ypWzT^R=~I5QcIeSk~j3j|z* zZHm$OH??ZXufKfPA2dzk_0(5%`$upnVum$A(3OKkt#VR~?Bdl-7BvQzFU{%B66>3O z?zH&>x+=ju6~T`W42f-@T~B8XoS5z!|Jo=Kx5NDXYJHGBI+B8)G!zkH`f&i~Qt$9< z&iC8^+@Zuo#C2l?qaBleF#~(W{PKn(8!V9h6*Wpe11a6pt`QNp$++xP)SJtITfhWE z%Y@%sdLEVMQ#?5k7%>4_*}r%Jd_d!Kp=e1<)ZzCy)?0jc&` zBvkiYad4;%zT^}PlSW4i{#avqcAFmTN%y>+x|mUm+4%Eas2A?VO#iT#ZV(-ShqtUk z$n&WhhC{3RPKilO1z-AgWyh5H`!7{r%D&kgI3nPS$fM8IZeIvUVR)dZ73c1!qhGKn znRDwF!xDCY{4F9F4(auY$*8YhPq7b1{DjHmx4RWQb;cphrF-)ge*TWDCvGdyG^~31 zZ$BQ}i+p+Usifp-pbHz=T1vQU&Mp7lH{y@tw^mf_VXZ++Qp#C457Gr<6t>cE9tAH^ z0;fuWQZ4nF!8TJWMCmu|i+3qdiEm>E(r(PqAIWSm-a0I-AO>1DOV6CMYX%sVRJ$)% zVUS0i6;|_oFJ%QI-)7k?2rHnEz~z9jho4tuof}b=h&Mt2F6NDbvgE7Ip3cd(kMH~Y zn^EfprP1q{vWIbTt{BbJu>!P`chbk12o(o$9*aQ83lz9h z#aPvr2u%EopczZ%z@W+HoDW|EP9L0c0 zJUZ=e)U7k0pmtQcY?#L>nk*a{iZ{8utOcq~>s)e<5 zpUJ#y;A@k9$6KpKJBjkME$00^-EYf5WBbdk>>%H$_&cQsNw~vB*V1i1T|Nx};Bf|d za&m5O$sB!4m8F;fsI*clHAC98h0vvP!HIC(*6SK6#C##hP2nH!gP;~<${K~&dhg0V zPz$wHCBaw!z{3VvLF7=!o^fu!3lmtq<-mL!IrdreU|dL8QPS*(*6wFf=8)+9U%7bD z&c;@tM-2rNQiMiJ3~D~nwR)T(l#t;0g$d5z7%QQE$HD439lmPCOFdlM+x+~r54e{b z@ox9Fie0^W^#~+0*(hZaeDB^AcGsD^g2xSaMUnIh%k)I&%+AEV_|o=)@RUpWx8-k5 z^$^KyL94sMtSe`ualLbv737L&I5&ESlHysHwcS>6t(|xT034M#Ev&Ua5oLYRp6~n) zuk_%}R@w~o^nv3P8-lRI|M?vKBQ%h3sdB$`t17*t*^k$QPC*cL83D^RSQdTsM5s*L zvnXDQR15)sBo84dNZRTf>C|XSip3CZkE6Hc13Mg_J7Ft zd`b}=?fU0TxSZ=wi^rsC@U++WmYLsu;M~DgagtT6hb)p{sMT!>j27R#BhkaFMHCa; zE~XMI3!lots%D?5SFX&U75!RvaBvj|dl%ff8h<`aUz6w?wS_HC9hkBO@7k zfKADP*@u*e#)K?`3cHgQmfA5ugerRy2eB%o8`MXrSULSWe+S02Yb*S<^`H~({Lm6wjPC?25&F-ZSH``7t9l;IV)_` zOwenJu3TX>CDrfq*ZspL!XLWb9azWb!#OPzr4NcqXCYOqF@HNyXTvYht%wMD-n%!j z_TH3fN0;BLBd}4Xd+Uev6sz6y#?zGrNxzY(CYj~(2XUh>uC9XqShOMgRryReTjAP^ z^2u@=9%R5+-G{e+X4#4Y*2G@xQ*Z7Tlmy{7Z8QP9!n$qdz7N_S9N`Yi+(^%T>V_ma z6br%CK$$<;3#wP;d<9ujfRk5812OLjl0mxi4$*Sxr?!?0PvGb$Cr$VlKUU#37&X#e z?59+yDHe6s$t}kH!-GC4tJ5Jwk89zNWw^s%A(RmlLQqU(b@x7pdx}{BwuHT!z#xsw zU?CBux`IMv;Z5|ZXMh=zSk`s z)&OxFY?0`G&wp!5`@MIeTt-|)Zi@jkD)3`}`$C~?Z%xanYs<7(Q4A-slpFRXUy+|PB22*d=&^{b>OjQr# z(rcps_FgBj%ZxNtLFg*A4(iP*R2^urjMpv+)*&WknlNAeNCpCF?9$n9mR7UYiK!&B zdOkfV79{}yCR)-hF|G2WUM|m4AzPn0*F~fjnM{Fl!7Gl;LbW z?o1lU-r3B;2%_SjeCZeX=v$1*{c9NHHL#LR#*p4m3r zIhA_wh38oH;g1Byqpo;`0TFAJ0THca=@GXjtqb_r~BgI}`$o?f5&KC`A=<v_#G9)-OlR$q zVkB&4+res843^>CCjyXt^j232Qcp?bh-|qyS4}hT18(X4cJItZ8Gd*GEzUIqStIkn z8Yld#H@GH2BcJWaEk6BdqJ_7QzJA>0PryO2%D+dzgOj6d0ZZoS%L?kw>49);{dO_R zDbE`|Y1ao7jk?#Ag6Rgtr?um6-N&v~Py*x{*BMe4wYk!JMH5h)p_%gz z<}b!QKd5acGY@cIdvVD)=BjAl#G036M0JkP%@wa*?E2j)eIB6Ra4(ZQo z?v~OAqTl{bMg7#JxP!s19FBLRKIAFr-CVYCHYpWLpK7Cm4uA0nTrnyfT@b5@SU)v77SA0MSE)xsE< zE}db*deE}#NKyL9o!>m~y-97LSHqre0=?$)#CJ z^lij~F5<0p_>)$rV#Q3tl2PB-kHSZNd*{2>nm0-tUl?_cjCx9H5o#8)NsX+1*Sbvp zCocus6HsA#+(9S~&TWde{`OJqG1r;|G~EXN_zJ9SRTdSRaN>h?^$yNeg%6HI+#=r! z!X{hSR{G|esH{_x3FLd|6ws}R&fIHb(s>4jwhyD!a>Zvoy(r~aS+#(I4DlaiC9T7& zo5hf&VqbStoYbHunfWQ2mUnDhP21yn)pG;go&0@qrOje^>8g6L@0Yra%~D=T;H1yV zqN^L8PU8Y)dhwOSyiNCJXkN~2uv!arNuJVaEw##5*n_kt(jQ(ukvE(U8C_cn)GS;^ z34FA3%HF+@goPbvn~#mn34bIDp{zLlAa{Esk0Hsl`GQXSz?Y!w14PTx-wTiFwDb`Y zU5u|E_kYNf9s$D1n}6Mwi53AI1yGY_;a}4X<;`nl=n&=AgEA^Zp6_o z++3%n=Io$eaIyR}k-P36`dR8>Zck4h80{@!(0q9Hwr}GnP2TC=PWMc+JeZtb)3I}3 z2s(~&Jk~H~?`V7gHC)&5aJ24g6q8)@-Mcij*FW)@e9RCFBqhUZU~iK9Si!UqUx2hX ziWiQWSnn|cRJ4E)`#Nr2*R-Ob>JrJ0x&;g#MZDON zPx&3^-qW1VH(UI~`dtbH*QA7apz3`(C@8T}yu0l5?Y@hx7BcA;@AN~^sRhH^a}roz z9;@NV4%=nt%8fALv;WOe5wybr_z)3osKxEuJPWv9qt|u5V~MN0E=vl6kegj+YIFLo9->`G+m)3`HdRA_)yqi-8_y58&7)H(x>Xgw2^7@!b)C%pn2UHUHj-+X>+jANJg&W z*KPxq-f5mXSn!LRn|_5b@aX187m1rSUN~u!na}BF4s-=tv!bKXV;A&91>2CDLXw3h znLG28Gi>WRL;ndG2Xm|eOurd-P5%*JM11&`j9anOHx+$V_b6VYJ6MUjWTEFOZU|BUCTG+n$JjiX)L84 z{>U0{3|i4vUrg$mG}Lk_oi!%z%PK(f>LQAp)Pu@)h^m&`8G#CW1_~5xiRrrZOQ{Wc zB;qQCFtrvT^_&!5dLj)A#)wq8^q8t0S-kBJdrNeEEWb@yDTDydPMjLTUEuooDui-S z*H==XyMQ{@Yeek5#^OUgk-b3_%xvo*HP0p!dtPf&%5DktjX@C6ukZ=>Ij7?djui2T z+=A!$qv^%^IMsBl?Q*V`E5lDJv}taR?6ZX8hh`!)#^AB!Qj$vjC(UzTnqX^@P4&Sz zX;=v#rKQbq(`y@yZo1y4klXY6L?weq{cYn|VLiCD*tIE{x80~S16zHlxg3D-yz_S5AGY0&^e z>25)vd##C~tB>c8@PU;O5&R(6%P7Id^fvimzNpLg*-z=30s7Q(DX^c=)C{ESsq)Hp z6h{UvYssd8qS@5EV#K?~-Uvy_)`I2e1sryaD}lO`4jgLHBC71Qf$xyZU8a#j{X!9url8;^ z?r6!LoNx*vTV7vHPTbRJp)w%k?@~I*iJiO?tL=UPdD5)A+jhYZoDpr$D0j0rh{|w8Y!<5<2hcK5UigF+IAK7_x$z!n z!Ejc#`&lv8C>tKS22YFivSi=zP12in-XRxaq8}$Sp-P+Y2CDL2orwAA-?UcO=Md~i zomopp83$()6m-k&VRCLnhJ471)VIq9Gpv7vxGdrgm_r=$cds7&@=oz)O=Zp%V{MyD zFW?y%%3GmC6>fMYI#LN^{j@94h_@t_p5#nIuKgkWY;;@Qn$23`fdKsKR6gq=Fgew! zy^?3%IlpE2gxW&Sypr8)o!$ zt&wrje?xxfKn+~XUh5cs+dDsJtJ}p9-5bE@m+!ci&NB*);a;`0l^;)h)XK z&!JOoQQKI6AHS$8)Cyp}g+Gm&?$NS)0(@ymh<@OAP2)YP@NM5J!%kJBF%EHWpt9Bp z2Ip`f4$Q49IlUgwApNSG9kxilm3Ps(rPQ%N zwmu>?a>~Nsqvwrs=?yVpaI7!2#`eC0DFCl?z7m5?()TTW>(%pH+mgWGqp`<CZJd%KFDpb_ zIV9NHvPV;rCFv=JxAsp`GCplKc{zLuIwJ&ux|oNnme=!@K6!UAn3%L{>Idsh8=WXT zc{tpBR--fFJi1wVrejVV5_48hdSm<1v0rAFHY%! zjdH1KY^FOCp&d`9=8c;0fSk9^$})AKVa1`?7$$V8>g9r+A)sBwhi{wq&P4#;ohsG; z)sn`>rU^<6;g- za~#6378HpP1y~Kt_HFOA4GN%_7p$$Vxxaqpp;(dA6~XC~@W^WM2E$UoMk*zx$(KOX zV$-S5;a!D@S*ivrWqyzTJJ>|PBn?H_#R7x3 zOdI?P=n3g!+>OY)r(P8jID-l>G??lCrE$+Wx^M;?Xy1^=x8e$6(OAYik&8#ur=?$f zn=+!OLP&9KYYLiZI=gZN8X5p9pYre(sgkofAzo1i2GYF1X$f%#Nd!Lj&8VZ`eWApu|rDL2LS@sbtoeksw zzgokmw|(p!E(k=31PN|e=2sI8k$`L!|5a!O^bcLw4L@n?{q`ojaaZ8E->AZ9j1VqJO3j&y6t$squ z;<;{lZ#4kpc%?&VijQPMMNC13{5F)*@dKWhvd`w%Nhn~iPArq}VT=tnRR|a`7Aa%G z7%9R&Z(pOqJaJ4WZB>S|Cl2#{hvA%9?47Akwp?obqU0i(x+o zVH!Z|`!w}MD|%N(7zs%HwY2f_S&Og4;Vl4e%5;d`KN=Sa0qA-x>03WumtV5$!1LmD z2m9)NzbOn1#@hL+QCi`l4lmz-2IG)khLRpKurUVVV&|0Ix_2yWfWrM#g7~`?V4Dx8 zcqoZ+!ZnLWY;>^2iZ}Bv&}Rx(-rxUoM+D-DA~fR71{P{C(#1CVZjq%n_@I^rdr%jFyCd(>jiWbdu# zjLxZLkBfKRsFBi@UzlyHXo1Yw=s;(Vr%exJaez5C(UV(bJ1;4~*9zzhL%ODFs9fm*3s^seyL&dUadoM&wP_RvnD|)F+4CH~()OFY68j8;~DNznudm*(t6n zYN6rRYhBS_uyLmZ=%WK|rzV_%f}kwlnCRuBK&%2mxqt>J3u+iQB}rnauPfHk#6kabC|J&qN&4={JiaXZ z`gCDzdf{;7>nIcmMU>X3A@dT}NPvB9+%r_R_y{Jy0tr}EyxcZq{EIc(gI)L^Nqp+VEo85}dr{bMk04ghpRWZx)}U&zRAHa~{G z@~ZQHa0eTc&GB_{$mWUwSP}DlGfYPP zAc zwSM0}7E4rvsgTnHgAbo20wnlgze>C1D-XoaJS_=;>%j&?C3=Atfj|Ac{%q?JGZwq*ZJehCw%GPXS)9y_HfUbP zaE^cEzFgp_IN!89{(;F=6&V2xFk zWdB~M-)+6J*vPeG6>m$bT;}DE^}t9HN0#pJGNB!?(y7~qU8b(K%_WUldwKDnzZ1e{ zq-)MAY3{D!SHZH{24nAMojG(UKbyHByuSQOa4|DEm4e|KxMv_(YN{8phs2ZX>Dwfk zXXmm|CAC_=PKE;%q3YOy{Rf{;#?{{3AVFdIv5U6ptHTuzk$@%*#W}eDr^o;6k}{Kv z>0cTg`_AD(wN2DlL#-(+RztP=hE$bQ3y0#?8VHCtp5y6V5xN7m=mp{jt(#!I+cjEs z{+p*3wO5JP`ha-krO_52>!)A1#ZbQbx_@rvwOSzF&V6-DJn(y5 zEzbujubM6Ct-%%ocXmWF@f8fPp!Y^Y87_qd8=b!Q%{(2fHy!_oDSw}iP7 zB$D^yNZSB|CBpbt_4v@_k|_$uQss5+aOmjXVKv? z@WJ`U+m$qTs&d?QC{X?Fd3r0v4}81U#PBq%(!R#anpLNrD3b}%?cyXXKn!jS1DqDd z<)foNGh$z@66_G{{Fxw2*1_Tis6OSx zPf^#Q;IX>`yM(i(cA}{~F)snJ(Cq)g3&43&!BV33rDhBI$WM*(fbqyxQ5(I3&XH=A zs-x|J?LNRr{)b<0vWcKW2;5OB81jh_6zQ83pFCpSGojYyZYv~+h12nf;*k^<5(G}2O%k^>0R-9w6WDlMRZA{~;#d-0>c@B61~ z;ad0JdCqyx*=L`~2$@6}nI5jvL^P6$))vjs&^B zX!#Xr!_UQ4*wj6%}V8P)9 z%i?Cy=mZ$+QdJAOlT7vf))B*`13^f+zlx1n;U3; z3Y~L&@D?#N@Z3*4Snxn?1wk=q|FcIgjZ`4|^$Sa8me+POXS78aC^FIJyvGbWm=BaD ztBD!Zw>)OZM{il|f0rMON<7OcuUve1k8bgOuct8H)$A7@8(&U0OhBy3*M*E+vM_7l zp3$%QJ?h@05+N~QN%>1CXMdl97m&9-HBdziMe(k#KXA#k&glOMAjJJ+QhWRc8Q@PO zcaTlgq7z0eVv*fh0R#~dJ1UH#kL=2aR0KbhMyr|1z&L z$dE-_^--49?!EsU!^ZkSjH8S|I zohMn4uPaacyo6F};YZg^Sdv7?$@7Qyk8bzPrro+k!_xw}?v)%?n_zIE!bDTXDV7fn zcWvVpkHpA|fBRp4w+2=l(Y6Cf_8%G%0TUXgNTM*b^c{YC#Z76| z7NlNx56+m&0)dI@g{P8Q8#p^M0@vztv2LbPEwD_Vul@Z;%l>kXs7}Z@+^?b@=P!cJ zQ`#bb!CFvk{O;wN(9vb;S1Tccs5|l)1xPrh!MOE#D2g~N-O3pBuZ`IW?$OoQTyzc_ zF}rXk`|#aD*~0IUq+b%0u9Np(W1}xF!|8%!vM&36gI))}e3@n; z3Hn~?-d0K$x!?egtqcSbqTt|E>A)nyi^L20Lm9gN{4R1%Fdr+dPp?w?LR z<9(Q%47@)Qu1%}+bU?N?vJzZ`rOK&hg`dnF#?3a%-w`Bjd{}=XB;gDUy68SnUV!hc@OwALUW z_^1~aGmV}tUKSw%frBQKG>K8$fzRv|Pyq=$B1`O^j@2M2E9$dBA2i_nZ^YDP+uP(RII~y{(I&?k;^+)cGD}1uf)$%*)<)A zHC9r>IE|{@(Wtk* z@Xx=0QFExTO3ug}4KN=4Jm%2anWlQ!HVgY&TxO!N2 zi6?x|H`>9{T`Ssece}L`n`)tgCHmu6F*+P%#Fl@Kf+GCO^i>MCTkGa2SN8Rz7InE z%3p>jrzU-A21-=PI0W+rGtzu@fYN8Usl^|b6AekPWG6j=z)Azn%$6Tjq9rNLsR2ZQ zW=%>G`24RLc?McO0>DF&%UhW9^Rx)u0d#y)pO1#%_y1m<%8dfFg9PmGqs^4ZM$6Qi zc{zfzKsc06?C(SstQEOIb|MX`IR=(1K5-zq`oR)t6LhH0LD-Aa3@8Sp7}ugk(lN$9 z^xKCz$!7_ehO7K2G7*S&Y%3$2vFT&L39^3SRj98Tc9eAXY;77s^ z5B%K%c7T#k$<}iZz9Rv4g;@s34fL^};eQ3~T7=%>OR?(&L!#v&*Pqo1+7@+IKtdw$C ziW4}L-2}1a&_ee&}AVUbh%*@TW;=Ooyc#b+T(z8J&nJ_b=ZuO;?U3eyK z)qGe_+M8|{r;r!Su2#7{6~2DQjz9IoQStJkzFwe;`}%v0v-tCy!^7*7{S_i$o4%y# zxO!^-+PY38G}*hYOY0@@$-1;Q)m@YWn9!-qn_^fl?|4I!U)zPFlj-jlC`li9guHrV z@$gt&D|K3XNZv*S#K#;}s#4riGq%`pPal9Y2Y6NWl(~&Y3TPLS-qF8eYx)(iONJ*- zy&XV)^q@3_O)T?e-0BFglZT#4%c$Bh?rN1>-#@&d<6Vy?2%7qbv&=OIcci8^dLd)2 zHCC=dkk@1#vJl&@Ts*YKF!X10Pk4jv>@j`^*yux%8=L#A%_Yrn@9JD*?` z^-QgdU;F>w6~I)58ya(%D>;O&(617p{3NEPd-@UQ1kE=TU%3K%q=%c3&ivNmE&7z>BQ;OH z;hiimlGGzEV{pvl-=eK4Qczoc;s8z-u9o}9P=OP=ii&sdJ${{A1)_Td+~SWq?yaD~ zBsfN%bAgtEz!qD0+uHy?W}or3j)d!1^c+njBXNV$6~4}a%HbFna|PaCeK65huqB@} zG36ltq-VhdxWhgd+pjE5_tvwpTGQtCn<#wi$gTVodMRAdfp=L9<_#fR6DDLtzY^+l zbX|I)`lA%iGo@SYwBcDJny){L_|ZV= ztOXJsnd(fTZ1N@FAn-!9RfS*xOJxI!_#$RUScCQq6PbXb6 z-tz9B&V4d`R~7MMyGJ>X;JZPkr@-0Phqqqq2WsO-(;ez^{sE2#dp`{JO2VUx%6z|H zfyJ@MSj(M~)1PYD8ANfz*D}aiA2LIYpD-I@NBxa>&iza3* zctts%WKDpQ^y<^ETV-O$rnacl1-|ji7lOQ%Vk#w}Szi)4Ls~C){cbsP>uf_n1;W9> z@OnI^1f!{-lLnJP^UH~mivr5ti*mO%m>X!MI@7U1YIAB~b4HQ_W-zXrn{xl=F^LY2|``tBgt3n%7QQ-)lG+~ zeeL0e>DSzO_|?=j%qY+nr)8J8Q^OgA(-;f=pr?$)oY6==N98cScOUPBLn6=?WK5TfFp77cBIHyYcmJQq~Y@)C3xZq`e|9hbE zYvt?lv!a36ZH7`}=o^PkQ@-$ff`kMbAkGMMtCSiDx@T46(UE9{d9Ha^O+URy@!_jn z9$JXBCaakB-mXZW40`-j;_Am|i%%f;aheoZOxmPzP;_|+UbEIgmeA?o=e=~aI}aPB zv`w9Nr-g-Q!qJpd=)$O!>A=!8t&+6v30+aEUh;Ixo+6dVw3b6ET9<0}tC!dXp#HHW z5+gpJjLM7RxP{v^591SZl|4)Ev1-e%oW913OQuRu3v~8Nd?n&V&Rr~7qXsO`^)>f-Q*I;>-f~@RpjSMm$O3W zQe!RPc~$%JQPP_>2Op|sd{EmN!Nvb&^6aC&K)Geai*S(+2A}fC{%aFJ%FQvpsN04I zJh^R@p;gqzn*AveJMHsptA>6SL}u3NFiP*y4<^$(Br?q$0klB93N~HbX(5@EO0&F- z^WIs7^A_$K-96a-V^j`aP2Eq#AbYW48CDbNQ|scVUa`ea5wn?L{Qf)V%U6$*rtqe| zPQNO{q%#FDiGT9dwZ?+G=&VyU3!f8Cxpd?1jhrK1_I#>Q;!9}R;(Y-~adK!zBx-Yf zl~s1&Y*usmC}I=%yVi8VdSRsZ@Ut5>Tfo8X{0Yj&=FmSbZZ>IGU&shU-^_Y=GYC!ZqVwU8Tuift80VoZS-LmUNl*hQjb}*oud&#o>Z>Ym9FUhI7>1GH<951USN}I zE=G?@o&l{NAEtE$+y&B2@cJazzb~gBgO4kP-(0=^x}6R?|F(C=oBHsL93#$e3KlLl zzqA*Gerch-zQigqFN=?B#)@D(o1mD(pG^B-6Lp69YDk*DaayE@i8HUn6~z}raKb^Z z&xR(8u8Id=NC1o-G0T)PX-)p>3GLcEqVI#i9ZKsnHWt z5E_@5A|ET7|5@ivB7!5bW30&zQrEoSmGv7k-#Tq)XBBmT6)ml2*`*M6L;Q|4Wr%Fx z(p*B5D=>l087s9*!1icsod&vyt~JFsX?5k#$b}VRGNLyL$;DJ`g_4Vw&8Nt>&l_Iv`ZGq(+MeVCKwfQ@^JC|GF4#*n3*wKh zb2}m~OlD}L;jqV_4yvs#D=Ww0;6Yn8PGa8{d$0@6)^`$Qs} zQ<}P_1$ao?F?rfepGZAk8_@m`&eqZGD#XJMoV&?~9@97T7mIRILAr)NEyNz=b4U9= z9+Kt19o`P@mskEJ^g`2Ax{yF;TkoPf-Hn!YOGb!&))vYc=TK1gcoH2VK|rfT1tGK} z^vnAZs*K}g9JXX|OR+Tp;a{bR_$^pDWO@N z#Q5)=iDQB{dc>MOH00b1*@3;n@eB=9 z0KJ|TTaW$9v9*WZtEk;0^v>;<6Ax*9TkHeqQtp)~BTIYLxsuSk`K zf_V;@uA*wD3-cwDC9bYn&I4n~2x!+50E{A;%ZGj|y0v}R6rh!?xrGp=J7S@~>f`%< z19NjcjdcE>)ZK$4wKyD9S{ruUTqrNU^Ia5<6GJRV{?799!J8R8ZyEJSvt?!E{KWxb z5=bHFLgDWKU1P`c=UQSiJ}8XwJKi@G6j_(ui#CDdW|6+H&+q-^T)_NQB z1GaJX^a}sUs#KsU%dZuVPpaKEi$Sb zuVI742z!aE_NA^+`3Vl08}6I9*BKoOTu9e>;~pZHYWMM9gVdb=GTPma`oN(TNw!#& zFS7V6&&dW81oHRwZ{RwrD65e0e7^xYGqa-fD`IUH4b0hg#@jDAnNloV`vG9RU_l~n zIBHeqQTUNbe%q&`bkVVhy2Nrv6#@!?KO3f^+Yj={N|+7kir@63qX2_6xBioS=##A7 za$Sqqk4Tr)0D#XEiQLxWbY#ebjmNr^s5F25Aur0&cnnubPV*g+&w~RC*;P~{h8cG6 zfRKb>U;B!ft2D?kdA1v^{fON_nn{(bZG9-S?q5(r}IJFVu0uu8jz|%If2x zfX9hU1L^WRF+dkS?V&glEQTe<7!(S>s{-egXxb}>{rkB*rcxW;07VcV~`IG#cZKCstcVD(?K{4q<>!h z61^trlB4^`-j86FCPc-->jJZ#mIL3UjwZP!@|O5T^SkZ5U3s9);!B$VF+ZCq!TeFM zZMNg;)1iaktu1*-%yN<&jz}W_S>)3xPg)SWa276L_$sa^HzvszLBy z|Lf=f&~l_EMPK1!NJ~Ff?ZtIOpjAU+@dXCaG^cnWd{$vII?z|2SdtjRuQS(a?tR4n zG%5Usrx@X))6m-IZb6o;d8v9K{6;LY7kwTt3`p)qH%}y%flG^%U-5ze@vUj^PE^E$ z;8QF$I@(EU2!?)fSxeMTMjxYbKz0g@!S|~qt*+$o$zkQiT6Pw1?{}3C4qpr6lL?a| z5LG!m19h$7c<>b8Y1Rz@N2A0JFS-|w3Kkvb3!fz$1^xQGQ>C1FV z=(GOdpV;})5&MGFR{QOH;0zs^C=%6#aaoDHU!JFN-*Noi1I@Pgtm_l&`csTQqrdcN ztNr5wpyD+?OYot^M`Wt79*Sr41xRG<%LdbV_tCpDUff6 z#xBQ_4x(ieH?lNyK$v`Ekw5gS@x zv0pI_w4~X)2X(Ta*ycGHpKvs>iw}c6h*o*(+YP2KPA6Dz$dRRc)s2=K1~g0Z$IwO+ameV1q!jYZ0RcLOqWni9Kkm0kLzA$6U0ex7afx))eYpZv zib4}*RGvULK5mSJ98^qawQa9!frHHJZ(mP8@`)7GEna=R)&p=gG=Hqww*!Dmor~-W zXM|pxW{oxfK<8D7X0+XnYA<8VNZiWx*b+Wl?22Jk#CN1I(=ZdwT7G<@m;JifkDMQ# zvtS&BNS6I+PByoZOkTc1a7Df6zqoMX6Cs)e0`oBie}aus0#QYbmgKM`=W@RG5)%`Kf+G8d#-L-8Z;); zE0Z;&W);6T#d5?u0>T%O07=8fn0m)A6=O8Q&CQkT;t;Yvxb?D#G>DjK%yUC`7(&pC zwPFL9bz;dqj0F>9_WdX%$eB`P=QqdjXV^j}u8Iekka+k>Q#KS5?_Ix5oLa9yQepmm z_F^}t+iQ|rc(`W{H7)IjLFfaWcO;uqqqT{-_SrtHA70(c0kQI)XUZ2Q*v|`4UNB#! zho?C^C>7^vqs`(;Ev{aaXKs|Y+std!{4B6((W(<;8;b;Fm016MlD0e3XsJnq5maP8 zY0+xbU4#Vo3}LMLdns-{{u+GMYK-aBU;}()gZ?kgTOO-{QfY#qdhwAikM_db$|V$P z!otR!4Gj<)+Y_P@;2e+aOY|*Ybm((IU41#FXM-+o`tzF^8gNjuP1!1Hf^&&u;VqRC zQXH*SbIw_G7P7y6PoBpM4;VDSw1B2<+UDR=BcE2tLS;X*iz2~i^!n#eRqGlb*P#Iu zEUeeugdC$|BSH6oz%W$xi^YLCOM^6`FVY{?qtok@8%N{ja z8sU&65)R+VFt}k2h>3%&(1yAGE!(?sLco>k2{%`AE^6`CSIrm&nwm z9-hfO!s?R_oO4+s78+BMRNng!;MXz+tU$Y$Fm=zVKQH_>N7_%0N+Osv#wzaP?@%DU z{HgVh@dQ^y_0y2R1N_f2M)x$>Zn096xPeV6b9=XSybqYu`6a(#!4*Ca-_9O~LRR{)T%r$roxoSF2ABqgn8hv&>ZvGZ3>vE!MI7ft79erJfn zlwh6FFh{R(8>v8N+wX8TP#_JPGtBj`ro!JLK>N@D)eOdtuix5-KMKJdj8AgW_9Au`{8jN)^0g zUiR7N5$)>bww1cKK$mvV=Mj$H$man~4L${W>O1lfD?Q@=f3K;I%mZpAbVY<9)u7{e zq|ES-BxW)(FpA4FLD|DXAak_r)hHFO;h&iZ2V1|b?=K?uHAH?~Uo{nIGkG0f>Q(06 zLwkI0NCmQ5ojYFfL+#u4-ixT0NE4|AQ#UAF08F)En07lfkLKE#v}wuKE^S(0p|4^d z*;RR=yGC1uz1zsI+SZBh5?D>=I9|R##Zlku_){+}=L_xk;@=LAa6E&PQ|sEg1407M z2#A@tf&R8k#&J{aV-&;;eZhv@3QnM>1aS&)=Cx$oNXJ%xaO|R2#moH-Gy1C$X%^=2 zpwfoM-)GDj8_Cab+C5=6Dy&_9Yu7(_DC$H9_G`_Me8Mpv3__|2d^hw7$gI>hA#D@C zT^|aRPF4Sd+pmtNJt%&D3td4ZsZ+BTqXD86``9_kAXNmGyW7a+)D-Y22iHxq;5{+S zv{j&5xkD7xveM8+Q{#(bv%`!mm+~@^@!=f^dNKLzSVkCNW~N`Er|;c;s?uS@uG&5T z$AkRxuKX=>oOWCL=5#bz@`=1@VL?^lp;<06klQK7Qpb~I@NA>dQ2LW$uT|Bka%-UWCpwhyO!# z;y}0@b>f8^ecrv=m{(EK1;85wiEH;ufJzg9JZMIJBX!S8p*#!!6~K+w^*Q)fC2eE* zqP#R^MQ!tE`ll|WE!I0a%*(A!+KjjU0bB})*}xK)i``}o`JEkMlZWwB+_%4>+Yhkw zkPd2Ui94{#-lzEDBw0u{7nGGb$&Fa?**W2EeYTeJ*)gA>kvDbONZ()wxP1+_>psfl zdhYmOPYifr0pbg`S^~XZY*!A}xfMnQmL036CTzM};TdiIRgeRPBhy)4`kVKQszU52 z2Q2?ALjE!2it@w6OJx*4K&z1+p}v<=?`5gRDA&}YuKgAQ9b!yBSV8mBV+7MZ2AefL zYmrB*sJ%eP-I#5kIz$DXFN5p0NE;BLEv@%!sv!a4lM@E|F`2&3o-j8+fs39~c;@Hx zhM3w~yx_)bwVejI{*QoDGJ?3_3;$u&iO(_!G2Aeq7}Yy$TSVlf+KQ2oi3Xf6?LugGDWeW(pvaSi#*8@QhPzw_9#P73obx2q*me4!MPZf{!1JMSa`B0 zfk$7ta)ry^RemZCGC^)1sk>{iR$MF2v>1Fn3rc37K>y!(J`15!$O5gnRXpOaqi{r+j?fG#VU9zw5xGk&jzlu3Z~d&pz?6g!CKyJQh}9ST-llXBK)ZHbsf?~ zvv#Zm`*7Nl=?(6MD_(u&&(^IJZIck+=i)J#8}Rz^sP7ExbG~FVCBy-vBmuhYZvrcx z;X#0#OWoE^5{*YxSb z4evedO?g<5OMzGgo4w&`YdOb`QzrdL#D%2(V7@SX#y2CQtp;6sQ6*UJ;bm>3{j}mk zYw)cGN7PySwNWO+&MJRi)}tD44Xtzz<$ISDtz)RI4zhdg(_Vo6{;;GH#8BIbVJvEYUwb zKdaJY%^94hPx~CH#7gsMIpD*!|1lwuH=y!k#p<{95YV2QK|%C<`8Zb`8~{xe65^Lr z-1ezl)p!9Uup0Z!;xGuF1sP4#kQzEZS;dH$d|&@PZlN>622RLe4PHoB;mx9B1sr>f zm%dK|SPdudck@~1ZdOBs>CHCW7QVyPe&tG~BGkDz4gts-$k`hdW@+AR0@r$S|Aq*E z+Dt%7HD8L@<6T}JJQSz&odGOUm&FYE`+a%_Zd~KU2TeK{8VE0n^M?<(7H_MxSWS5( zb9${BNR7}07ioGuys8NR;{91M6+CHD-43X32ZtFP@L07d3>ptI1kD>0-`K$CS*1|( zgq#)ye)#Km@^JV->6n^YdTz zA^k{ZQY{i@G6Rauu}IBO*vjf(PsmHQ(#sSK{c!u<)fButaCFur3qRTOT3+9}9+(=fGI@3bh_$3*|DOqjeX!=4K~dlRSJ)&d9g zicdG1MSuXFE6QA6=7p3Ntup~MaM0qJhCZu9%r13Hzy238&#wR>I&gP4ly2=AVj93z z@kUcGg_#|Az=|>XaetRd7epk|YT62|_5_-ui?%(lJq95Vkw@ujmd*O?Y#q~%cv=w* z_mHJ#D{o5{R1XM{!7idctNd{ZXM_;g(N>a>lrpPwlS60N z=&~cv0vNtYLq86KZr3ABinQ+7gwN~sU8bG~2~Yr;zuJuryHMmg!c`#N<8Hg{av<9l zW?*p5K7g?S@IR!Fx5N%T@|C2Wh_3wUCUju7s_R{p(rAf|aibx(#6bVWowL|5+$0;+ zgO7>o7R=8*YDYp?tpw=(ASMuvd=veuV*`x+yre{V&#?{%CTG!lS~7Uq!^z zO%*W_zq6a8WyG4`QDak}Q!Ogaw?LhcOf}7Lr-D##OEm4IVX&y&P$ZhH1J@f&l<`H=1wgqJHhnfJl{H7T&FM0VdRs z3Ly+xefpAYAo6V?5!hKoS7hyl??-ua!u1g!mO(3^u$r?05xzIFTu8t*d~dpgXnVlV z=Gir_)DxTB-&&_y$G*y7xpQkJ@sfzoodp&_zy7yn1&xxq@xdseC)ojBvcND^Kn^_$ zsgwoE989?M`#ZA8A(kWuMhOgXISsAT0eqLSJncY>=K1gfBTS|W!G*nEGi?=OkciW4 z%-99#_n5ulLppffQvEv{F9!gm9*SK%gn?)2#DrR}Y}0OKZk4l@bHE#$ZiMl2UxO9? z(j*Gfk@zz!{IZy2%qJf-;+5$nDnlb#>VNlQFB4m(<}$sp65P5tg9 zv@s`3Uo(}4`&WcX2xNuI9Pusu7M7p(JtBi} zrz7e}(jWlR6tmUXR~LD?AFQ~3B~8P^KOgBR&wX~}P}R2w!9mzlk6f(xqg;ie3nY+( z_$ZdMb7uK0)Lif=ov>{AKNPijL={V`4|`mc0>ZTaU5&WlZwZ@BBD;rPi73m;%2J&8 zc;!vZwK1~(jfDS^x`+^HcXkAp^D0VqA0stcO_ggt5C?<>)!KbBe|faa3>=@>Rjv7S z8T<}@DA-o8g`C$k0KcjrvoxF%126rPKC&kxYmWA4?i?PRz<0U#9>iCa?qLPr5HT#v z%~N&$SznmV8&@n$?|F5Xf-uH>5SV47QsWCqUjcaxe$LaY%<3R~HE26B_9;S3ln?nk zUD(0j@BJ5yRF&-}#Fm0EX!4;t_JDFAP!A3SKd}OHO92EWjSe*GnbS_0J511IrTI8# zsX(*#Wu)mU{UK@}kY2oaYOzT%Z2K+t5*ZQN0J$hTj;aJ<;d66%imY7rh!zoUB_Q=c zZy_8X%`#=53yW`29W74a^et}ko0=-^p|Rkhz4%8~IDi-(_%|K&fC(?QY-K=YtlrbW zDHLErf7#I8xfbUO2Be*xe(zrZ5uW3<$^v6ZBgFobFYeqmEU`3>JX-Eo^`Cv(7 zY1)c42~oZgFChq8*15`4-~Q}t`Sj$d@4X(NTE%@j_<{7Z(t2<1948vR)|qt(?Ndy4 zC#qytn|lN@^uRgW=uwr4z4q_xW3w9!Kr?K9Mkqf13Ih79{|_d=s}fgX`WVj)ghR0O zMZy~jTS6*Q8=fpdLumEIg`>>8-g*nSUv=UfO@*B$fogph3r2$sLC&>C@cFTl7$A21 ztDDM;uKA02_0L(-Rd_JZBfv7>QF0>*ocn011*Wum9aa%VGysUy8G+|hGA~gT! zI8S7X$%kiv9U%d_ZMMlQ9vA95G9r?`pltknQ>Op>I4~i%UuRnNIJ1oB9=Pm~BIdQi z=FJSw6&I9P#s6XhGUZ=U{7~cEqbP(ho3x%ADe%>PxqAOm z^89F*47?p4FN(W`)%$fTPH>SwUF{(uY^B9SBkjhT0bKFhdpP>_tN(Yf38`n>@+Y0W z#(a$pc+-BHW!nB@~< z9pnN0_Xu7pmGZWZ&79?`p5+3-E}PdAQOjGQd~HxlP~|T{_HX~BsaQ}z%K)}bw2soF zxZD6LJ2%opl6pruYvPZnAwxaNDc?G9#+c>rsopS`rZ}pXe)Vs2ca0se2%1s@n6^&a z?R|%B%1=vwBGYE&P4!sBo@w2+QP?t=GtJw2TEk^!*Mi81H~d~k*{VOcPX_O!v5!up zQ|-tfD}50};q^xe#9-ewp^_2OsIUVUk~57tl7B=9qrzzH*9PW4o(%kE2BZ=!Vn;cy zCqfGZNH+ni|0{&RHwd{SZnpKL+o@&uLh2i8i`{Va!O;pQyP_+$sH__*JYAIFyc1`o zEdsa=idOmI6yPjlN}`+jz1{G@V87Jv3j&9twTEfaEoKWQ_E0Mwe^frvf~T zr~4_cS4OWM1F$a5i{iALpfrdCiH!H(+CVx!7)<69+i^o9RBXjw?K$S#>y&gY$o;^EU`q|&JE8e`?@=QBf zd(@-yMFsH)5M$+QBB=S?q=&P758}H2YjQyQ$%;izMo$(XSGb~~9+XBk|I08= z;5~#oabMaBNr_Upx)iviWk!1{gXOVG7)2%QweA^3N@ws1m66$5SO_#^;-5k*oCm|z z-nv%ciAB0XmCIr6<%BWtcIa?RwU?b@99&*L7)Rf7{*C*N3>-xqf}6$+7F92EGHi-L zVt#Yp;hI#`Q{yxSAE6B4n5dkw<)vR-MbPG?>ZuhD-f2-ZVAqK<`Q4a58jLAY;PS=W zpg;-BH2^p(OL23RD|xb?(L$*y4xGyUwZB{jZNRy~vh0nlG`<2{r;)CJqATiW z_n7!K^^kS-(!>G6E|<_vW0kCH0ygW~*+b&x8?$aZJ&-efIsk*5Q=DaK{#a@?DJ6zA z<-l1~z@-*IKZMeQOuc{%4Bzurl0(Ah>7QFRA`1;Js?R@pm$!-(;aR^*y%~7`|JI`m zoQDism65d<0{G*qnMabZyDfB>LCe)@qfXUS>s)*UF~Q-#k9}9XplX_8$yDE`I_5@- zMQG2=(-D#+X~{h&#`utU4#uP>D8dikm)*v;BDTYy zho#>1;d=zwS33je;F^rCzA0=#zR#SJQq>q_C<8a?Z#ULYpb)j!+P;6&;GY{4RZ~%u zmMv3XP84N%k|QGnNGJu!zY5%EWH>1bK*ef8D0v@(FMsH^CG zUXA4j4HhQE{cNEkz!c^`#YixXgwc}0v`Sr|p!<-XEAo~bN>ejWB_HDnIdbV*2SJ#^ z;VnMfM#?x#sfOf^7vOvJMenC^21rBqNso5JUISzM@mE+4<^BZVy2HMzs~-Kb#Xt5# z3=gNh-GIs?25ro^sMHmiFchFt*;ZC^yfV7G-xK&fl%MyJ)b9D6r?EH5EytU$6vT+v z_&uN)BG`TZajgf#E!bNLS(r5{rwIL_5;$aNtAXsNCALM9nD0x^8OQomg^n;+tJRun zvDRIJ$F=$qi(Vm3!X%DpFmg3!)d%B=R43eM6$tcA=5XfC4|5O%+E8T`XIQ5nqQ5>t z2l(8AKhI~Ey`Wwz+2A$4m#_e`mE$(*;?F8`0yq(9Kxd+M<_>-tuOaNTb*S^*_|5bP z1R!M$Qf>SA9xBQL6DGJbNd5yB{HeAPUefa2nDc;u87iBvz@S~Ml!6(0sWy)ku@!3o zW)g6?jCPao(7@-`L1(CR*FcSGrBTB?z6;(pF)-jxFokui;~=0VfPR`v%cRV zDY!1K^_}C_sBr*>2*tuUp;4JNvM$d3+Z>LE>w9Xj{qI*dM|20BR+fE`)9Z4}r#@A1TY8WxAmc4*$4_=T0s zxk1nI-wg91n9fBdYoDr7{X;HjoaF;)0s6f}-e(&*e-j^qO5LiQ+rCi3G-p z5y_%{=GHvz1tIjphoLk@dU@@AsGauSrvXV|)Ekp6XX$yJu{RdP+p;QD0o3jVM=5X# zsjvAWlI}n70112ouVC%u8fx>(kqZ$O=!q6+IA+`6u+f2>xW~}0ItMVlY$LSXt`%(_*1A}z28vh|ZKD}_THb@5ZW)elZO4z)C-sjwUQ1PCMN?pGb`bJ@OUk$)&>4Dv z`eVoS`?Dp-Wn`e0J1&7c?s0#mUBf*c%n4BU9gB|)>CIZ_M-RbBFHHmT4_kvw0bt|- z`nEAiyO1oDLqV>6oD7{RW9b2&8w4vEng5cqw7Y)E0fN9g3hcM!-Dt^$yf#r>|HlO= zHIj1-khPumE5ZQsR6-l$H*>9FF4`)f8NeJ=nhX=+sv@FT?TO7?Z4NwjMOJ))Vmy#3 z-RwtgqQWXfgx7oK1lYq8Z^2orme7}eJNB#;X& z&-jUsy=_2w+c#U#J8{ANczojXjx^GU^8dh+Kc9A@S(ZN*0p&&#m!;*A26yxYl$BMx zsb}~j>BDi!2^n_Uo4PN^hed9QbcPILa`Lpj4fYbokYL;5&iB;EO7SGo%^I;kY7CRw zf^-IAB&q=ecuL~~@aO9yCh(GuNM0;T;b8bmQ!lY?>qVl0Z5|KmJ=yblg2Knx?9frnVLj zl6XOp1+IWO$s9~8FMo_yDU!Y=Gbp=?xRRKy78|D}jObsF00 z2~+gCQv5`y7Zn}D%N)*CUX!8&+z|Q{CZ*~9MOq&e6Qm1p0xPk@`7{g3rS4kL)j#(D49OB~~1|u=4fs;sl=ON(1ypGq*ABDnF(WV)-Ip zt%s9=>h~hS^T0vYp>e-t!G#Bpf;0heTC+8>KU?&1-VcCzo>M;>&HvVoZ1q13>Awe_ za7RVz=HNf!ca$2(j7`#=3*(=`4zUVLL2C^oBL*dLKIRzpdES7(f4{$1RJ}ecW_yOy z+3Pe1YY-zoThtB3x_j1KcLVT&)06fnHs9O#!c&Z{kzqI2OQM|8WY^IRMtWK960_GK znr+#~59r^2t&KN!6#yno8FT`4e%S(S7E04k$-obLVB1<(r}qWj4|jN8?PMM@^ePIR zs{Ab_{)lp@5(`4891zeEj4T9W6i%KZuS_c%3aXLJnx6|Yvm1fpU4~6IuWO(^=&t@m z1I&1eVzBMn*BH${#Dz75z2o=d)C2Q2H=gK~*sHonfIllA9>I%x=TT_S>i)n7F6!+w z_t`~FSsRH>PQS(Z)Ky22WM^YCP_4b-YKo#6Q)go;VUGl)a~+r3kK_R+@_ir=^6nP+ z2Q13GmwwiV%s3VRe-_6GUi9I)Kar?MW!Ysp`y#;!nmF7+xZ*SB+FdP(J0XljVtjW#e!t3)D6lKo-2aH~rsYfR)J?S=BSV%N# zO;<|C@C`_webcZ3j6L(c;OH0*tVt}EDh;m?tjF}J5g7WmjRk>XbkwfD_Fl;y9KFhAm{fP(B;uOb{=;u5qK8ok#BQ zp+Pxd`#P zjU_P_hn-bLrr6=ei-GG^ZFgpS|1aael#_W#PMqyTQ%=s8*8K{guJZgs`(vVPzh5+-2=g-*;Q**dRNovub$5#GkC=$^T=vp-&%x^x_J*?R z?1e^)Wfc~>9Xvb{l&eS@R>yiQ);u+voSt*kW+JH8J)6;YJ44P^BPQxGD%V9Ilk16fV}Uo!y80nvfq zP0@TGEq;~FIgg~a_79cH6sjbM@zC2a}VM|lqV=A_Q^bDpe)IdIj5W(U94^4xpfb=M}0qw)A z#MHSctvQB%I(a!2A`F8X;t@ZJ?5f(aJD@InRsQ^~nJM5ah{fi#$s3!ahlap4%mssE z&Q~Pvd0H?aC7z2H|KevpbnFMwrRV3jOw<`aIMHrxr;csHasjFE5r2#)l6{ZpM`D4% z@o&Zfd}(0(R)5HD*Ov2UK&fVfxBqSbhcRTNLFgI9h&52f)#*{11(v57Miq)-4N7;a zd{ow!o)v${S7EAeHusqBN2{`f0hb;qwab2gi0y{*711+MlD6#PlQ)J@kB z-lgi*`z~pV8Ilk&xqqqpPspN9WQ5wPP7reR<1T5xpQ`(19x`vWuRw}B=tq*c#*1hp2uYY#0;jc~>z*#LQCo{vwoJC`d%t7y#FGFs&NK2{3a-uaKlp5YBUDYF-2CDr8@i!Khqjaz~;E1VN{xeWHP~0&_eLuncjSS9Jznn1OJJj0m+S zAE0VbY}+}<)VZ}53E2ii8%1z{(qNgTkI^`5{wANcZSVRu zqEEjNS64a<7|WU^_>5Cl$w0VvL`77eoDs1-LT0P@ky?_k-rMqyFa$6uQs{M(zwrZM z^dHJMG}Pd65%s?4G$!5{_JSa1&@m(PM~2yC(-T6kd(u|w^DSO55x%$oBM}@ABZeN} z*2!lQ0W9F_l^FP}IPN0thq5IcKt$`M#f$wa9@6NpaDkPSXMS4MZsZJQvP0sV6yr$H zAR3ruRsJBj2oXfw8S_CF&&_0!S$35!thk$IAO4d5U;MC2Odi#jOMoSs%5q7^{_cg3 z$3#S!&^pOzzc`b%HYyJV)67r`5!>L=&{_Q-@A?A&)$K<14b6fML~&1*C%hGC zWUex#n)a8egDZh=JDsDXax!SP)4npvd?)bcB|#8Rc6Q z5Na`(kq5BCR@3Xp0}#8iJ{+)2ctcENVAJEJ46Q|xjX#;^hK0d*SfgxEolMxeank(6 z+cuJYE*=dEso(dVlp`krt%>`uD{kYf*C3hoVed%K4&T+6Wdgw1o$6P?tyi$1jAEu4 zj5IkSv?G)$fMp5zl0=eUE8{VIoV()VrBTG5Z}g~qAiY){op8eH6$|CYUVrv5^5PY@ zU%c@BdRhtIm^n3#a`kaC{U|A3M}XE^BiSbg3at36QO((W=;pUr zcVf)(ytC!0Jd|#QC0?4|ld@GbHp(FbNt|v26BIx?%3v8!NmT_~cc0HrSsVC9KxO!a zjdQX(Cy2`&`D5~fIU^8HipYfQ_6=N@Z9x6`?f@%n*g3sr9ao!{n*+3;cjOyYXf@-Z z&DYy_h;NjAp>ho|R1+4$z81Ur^UE`NxWW)p#EEhn#&M!aHOg0~^sfkviqAaA++3;= z;wjitm`T5S=ej64co=|82|Ll8u)~Tue42M!(VGosTyDBFjnu_3;bzPX)c?pbYx9o8S(#$z4%D&ibzj}=$S#m?DWPav!-V6MeTCY+kyK}b-^on5*VBH zU3^CJOpxFObxL4KD9H=E{5daC$hS5LOk71aL*CRS@=+$9cJew-CciDd)8zkz%U&Y9M`QRIp)NH`+%2Oe2IV*FA@2M8k>3I*pnxz?5dfUj23|Jwvm=dM;aMZZ4 z0@QNzn$$wJAe18bk+X}wJIDh&Qr?2U%l3yY41G4B_4n7SenE;yPCqeqF6 zP*P0a5sWXC`H@yUl1kNkZCxD07hE@jhLInQvo;%AH~OD-Hv@Y#dFGwJGt_`$7_=@UryE2Y0#;p58l-)??|w2Wgx73?K#>0l ztn5N5OBO>Lj?4;JQMA48jgYHP13z6J?K`xq`zb=s5BtFk1b;v8^1*Q!)Sf8MJR$e% zlGJJBrH!WrTg_er%FG53+h*>o7=tk_6&TIku1VNu#Zc{rI!Nc}=Tr`!1Ax@;?HiFf zYIoxJEVJwIRO7Fq-XqfrT4h}CUM#g4K}|W*x{R>OzUgP?g$?q}+fOGDnS^O?#BG?z9@n3t}aYDC#f@o`x`E|+H7 z4R-O{rv3%XcJ5E@iNUjs!SA;Q!AjDB?D&WbG--SpVPboJ+P8k!ev#;&I1~3}#GFdb`;$tg*e%@|f9@L?(+`0)J z=Q?;SKTy`3>jC4YmKeYuZA@KinUh?1pD>@Z?Xtleo{gt${wwiD7YSTJv8nK@aOXnD zFmJ*Q$L*k3uQ-~62G-#@DB4uVS4-EIp|WmF$%8VXoN6k!7{VErsK~IaOEuXDJfdJkb zB3yy=TfCKPBbRM~m}+SMJRRKgD`r|(RHqjXlA?(*(T}+&bZMC-?>#jR)NPwExSHQd zgpeUs8xY802Q!QOxnTu^Aao-1ckokc*BkLH?D%b&8!BsphHBh%h@SfYPwIld@QA52 zhiI(``!Rkky(c<)u4X9FIP{MY_McOhi*I4@6lZVe`w%k78H-i94ZagqZk0F5B5HZ1 z1hO?mp;^!=u;D^~6fKD7ulmlS!LoAA{GN#>QKXdn#<%LyOAnP?WFcr%Nv2G28po$u zQrwPMO?-W8w7~@>_+W>Qs~X}D@8-?W4>e?tQ2bji2tW)0PfJ~hK1flONgL?sXXSZd zfnLQWOpZ+^DGU@mWRws)G`ILr>(%&_3lUn)uER^<<2t!1XOG`J%(~U(3;h9p@brdi zniPcJ86<6WPq)Y!Hx(hJ)kpY=?Qnt7mfn>oYKtqYq__r#tgc)`;pMZ`gaA7m%%XpS zVh{7IJTu_$O7-F?hX}plRx0qmwA?aXd?K=hfbbKIi-`U0Ns3?y!=qTTOtK8Q1HKsq zf4}X$_aPF2n?J{FVT2-%b4b2d?fK-MTP7L7dA(Qm`Tgf)6=X;tDxccb)WOSui|?>n z#EIVU)D~oeYBE)!e#ddMnxy~0Q2yER9BAFx&RvR0?jlXrl1J;gUUePOF^#X`S!|

>{fx}4`PgBlvMki?Td%v_Rq&lq#%lvXjqiNaZYOfDq=wWUbEZodVuv# z2_e>L zt=VOak_G|HtHke06)fQhUsB%;vT8{UT!rKFvA(eEznVi!9HKh%Xsb7#2P@!r=2*Oq zOL&ha!0D)EupVbZY>?DE_0}?SzUa`s&ks={a%WmhmRJI_BX<(xss2!_1{DTPiNu~m z(4pBzYGe4-SiY2V@b(Eces5ax#3OzFX|1n6T`Z)5Dx)E)t8w)KjZ5Nm&Ll@*0uMHW zfp5o3);ydLoY>6uHFWN|0v4`T-AkK;``PE0=bt-8_Vdxd2nYNIplP)`vP6A8CEE#g zoM>h@Bk&=YLNHoTglUppt>&&~@gB53PyPvTcyE6?;6E z9M+7nhl%kDuq!-QgAdLFh)m>Faym(Mq)Hi+9gytr!Q#R&p^$m*x&X`-k$Mm9Ban?# zMOf3Qe9-1HfT}f7l%Ev81^}- zkX6TS7U(vzgFUeyYztoW#n~ojsJ&r~w#C(YN^D@wQ>c^U*SdqM6aTQX8oF-`Snrix zE|j==^7;a^W814I|}y*S@fK}P~QTaZ5!zkIJP9V54$P^KQqjF7Hf8f)+L^?kHRmb z#mGG!BuI14YjONtcnzu;d=%e3Ix!r$%Y(YhgP_P?Vby$bjmD5zuRDbNLxlHp-E#QV zGs`>t_%8v>a=#2Q;98*l*ebD%vvH>NWZcidej^G2O2G_fy7Z`3b|#3;$uS?0R6Cdu zuQoRY$b`$Q9L+o^0QMBak6)GDa$@MS<(Yqv+~2LgF7L~D{u%?k&K0l}Q?YV>!QL_4 z)aCjYlAwG8nBqN|@jMg^olIw;M@eK7qD$o|-DxkSe~5Y57JG_E_@VWK=XA9_!n<-z zL4??x3wCe6yMW)9OkJsUA>4u_jK;4agm zswPF8_kUqp_*I}qqLu5eUD%wPq!Yt_4z&WGDUT_b6Wrdgv^TY|et)&_-EI89n5Rwt zaP2I7^W{J-$X!vK&kW71n^)v}aR=G=EFYcNKX)2@`NW^=y9t%8ZuP4|!q7J^s9pZ6 z;2Pq@(=j{P2cG*6ADubux#oJmJ8D{Utnmm^pzu@7J3-A`;ymWRS3Qe z?mwjZ1sV0sF&Mw3jPm`<ieDDFDHp=bHb2ln((3q<)b^6M&>V@!|*TAk) z+L*7(3qD{^gBt#wY?pqrSLsq8a2>UtRQaj@iiw?1(@_YLNeM@S_L@c;A022yN^| z|8wCSMS0C4t8bznlRc;-XOA&8dkg3UI7;st)Fx=*pbIe~#dhkv#olW#UG4IrPvLEE zAQ51gQN#L>;bRO)I@(@wbAap;(lWc}W6^IV`0i}Y#y_6O$%PQ_-u1G#(oC)pf-S1Y z_ZRvRwFNaE`Kz*9Pd4G<-C!SBAjRG_>w)`-r@uPX5y^kSj#S&3lk-X`m@WAFgf|c@ z5aJ{iwadG=1Dv@Ll*_A9s_>cDGVj8lScMfFkculE@%??gX?22xR!d*FmM_qp(pvzi z9xq}&UWCXg9&@Wqf>smghTW_Te5TIH#1r{(1)dxpps%H2VI(~7ut@DiOByMJ2^Xo& z67Mkc?50)?8cAZRWeq`(HTH&Z_8IA6u*}d#wH;j4Ml|FZW{EdX;K!HZ`UQ(&V(;87 z;z@4Wty1rrC)Eb8&CWI)JMZ}G!@Z{gGr?3~gZ}Kc!RFYi#F`6u_EA;g23~@CU-@bZ zBP{Sw!_%OOg>^YPYNFSX4=l0W=Q~(AcrYdsQ@rKK^Z~v1C!gv=j8gUnW5;EFj6?nq zo^QcsGU$*E@1ay$W+zpHD;5Sz%qZLCt5x;`N=X8Q7vD`9F}{!oK80JRtdQ>vZkWCe z>qJ2yQ;g(KnD<`E=kUjNG4+S#4#`A%74H|>MCMa8CLcd9^_~zHLeG$g9=UtbWNDC0 zBsO5@TJy<21M?)sGJs;{v&ZwQ3CE164fm8%S*a05z3f??MPy)|Ea^&pvZWk)&_Fmu z%Omf5?gU;^lFE(`f-gt>7IlR5?#}lfll(@+LsM5DmWyaIm!Jn-+8oanBE?RqFh1SSBUUit~v+4^m{m*Jvh^KB4q}nvsM{IHnW%kieiTt%hH3RsM7%6b1=K{!Jz!t>d9>g!dm{9@I;RI(<25-? zJ;5#ms-3;#7TrYpMQCl=v2od^L*L$~-Gu7PpLUSWLwUu~G-B#b?i!c~)5g!D(1b(Q$>@|Q+cgU1u;v%yTtGW*{ivCs$ z)s+lExsT9%4ka2CP7vCQj~d!B{5T0{cX*qioV(QV!(QfULcHsDWjXsbaFW*IL)Tv1 zDY*3p!fX25D=y%J%=w~vb9f-z`}asFh5004A4dy~e?TNU4f~r>w3dissFQe9PR9tu z=pp?TG(Jh1&DT_AzONXj#lidF@3^OPT~(A|2^TB6SIud6^8M77#)l6-(qW%FE!16h zrrmO!F$RrZ(xPDIvZ?tA7~2P~^oyW?vG&WqR>UJFMuc^y-)blvn zl(AP^?_Jw}dH{KjT4ypB=E8rqTc$Lquuyy&GRTQww8X_n=6;l+h?cNwZmTRtYrZ`N zA;^&uFG_={&qId$r-fSWG+#)KI+5XMs{ZJ#I@l2XUG4Iv2>7Jk^anG};k|ER0w2J@ zf**fwsHs0@(INV~JLC_|oe0-2Hv283l6h^>UF@V}$yzh{xW-wI^P$@1TEFjnn^Z`` zX!e95ekwfL6~Brf5#u6+Bm~#%3`=`lu(|g#&6>CFtUSscQMYGNTHM#M78o-crUIEt zEBAV2aDAX{bIWV-5YiAx{=a>crbgpaAt%m#qMSNpNG%>wiOO~mDAjq4dKsedzR;l= zIs`oyG=fkMtz!%jKXWbK>A>B9i@UsXNeJM$G|PRAFV{?EUR`VdO^ORd>hw&M0H4$A zMIgw);9g367f4LrABHzs5dZ64pvZ(0gP$6Pf& zwvojY$8of4mixa*l3EYAh#w5Lb3QpRO-hH9fAPb&p}Psy?-G6?R5kD>EuSGh#c?AL=i>#F#0t_7V`NWi$G>= zUfC~2ZD^{T^ZciGf!_l%1mCSjA5H2=f}AtXGm&eRWs+CZ2++FDq{@;H7@#0)2ICsgvtGL`Abxh<~X#Y~8J0>P7en+r2ob7e`s)?{VwbY9`Pp)z# zn1Xpc8b^a3iroVsjTW_+uBo)x-ul#dQ`(r@FlzW*7X?}|DD`+ zFZqxaLoVGl$Hn=*w&%UiD$FP6&6NeW|Fb#Z6&$=vrs{M-2bE37FlWcW*oy&1xjO0W zW9TxtuWx=uMSl_%nJ>qnMg}~o#_RIw!07~ANuNIxz{rdHNy;2-^nK3ntIkVT#|=6! zon73}^ z_a3n8dMBLzs{0;`Ot+l2fN0z-BUBnH3lG=rW;# zPlOMtyXg74w_mHZU-HFrv@5)zL8jxM)uHHkBsSX7^ys_z!N5V6+o;d&+*4Y~rNR@| z?g5lTDzW_65}zY*g_C3$$;NTF16YO#V18@Aggb*D=jfym4JD6KH6IeJp5XTfG$)zK zqnfH(6(SEX20V3DnKVf(A20T*Slf-juNEH{fZPn-!LJG}?Y{*bDSg(@q%4c=5C-5R z9&A+*po@O@_@%w1&2MyLLc<~(+N0c8a0)O^1 z`p7>swN09PGIlXw$+|ft%}d*6>Y6Kkj9~aIncYk@n(H&OMNju4?@d(d*m(7EFlBaI zC;IuDXR7(CN45)iK$06wo%I>V`n&~yi7dcLkndRK+5u|lQc%2pgJsUdb{HIXsMHid zw=5KUp8pF{pH?A<785Ykq`w9czIf!%{fH{eLK5)4dH%;_9pl(xd zAH!p7|L-&27-sK}obHIMUh#P0?a5275xX%%dVXGWlPt>*!cE`*;UrH4aEzXeB19Mx zRfeNW{pamso`Ta0!%l{u%G9LT7R!w_6@gDL7ZLXSic4X7Bc26=E|atPJ^!D@bhqgu zvat>vN$;cQkR%JfiSEY=1dTRMsw1+G6LZX-Z@!>{a>l>v8Y`3#9?;3-> z^3!uABZ|Bn;EU*jtQOSDRo3fS4v+3PRWk#czYkafHx5b*f_)grLn}0&JvAL2GCrN{ z@@Yb{)e!!vT=!SZA_AhZ26J`nbp1_Z!Ueroz5%(K<+w53jXZyM{M2DPz&h)1&?*Wa zUmzKEdp5xb7xgB}kwJtACpzQebN~+o0NbRzQ}6{(Egg8>m1u~GWGG`xvGi(VEW2V7 zuBlW(l6+O;{`zTJx;Nr58>=bn**2wU?DL6=;XcIAwh9=E4sxASj&yk(Ka>NP+{E&9 zqnWbwg_TB0+Izx9`AOlv;hf-|W@_$Et(~3dj^D>da^97{14~o?DOOpm`*nNijmd%? zg7+GxgEXO>Fp=jJbhRT%cX)8M1zUUQH;h>yQi@Z_Vw>oJ2d zyc-kWVwFY*QJ+XG7SeiUUEq0WKd~Hg#gg*D<1qL(+%m1HK-IdC;U8G(})e_#q7j{S773jkQw7&=_kJ{bt| zUH&k5DvYP))C*gNPp}-pt1s$WF`R_Og|hW&Eo|_UZ^|?M;8g#Im^>Etlrbk;qH!9r z@$3u+k}wx4oL4;d7;)CfDz`=6xUf{u^$$!t?aKDRzIo@0<`Fx94uM|2hu7tnXnKrN z_R!b9PO$`v1F2{QV)S$EbEgiDRJo`BQ<60r$_FMFJ7n&CdCWpDb!x9KlS)QYOUqO1 zwuq*(sePM5$5Kme{(ho?lGwOF`=FJ5=2KO{PM9Iuxhj#GvC?n?l!qlB-DDWe(1)?{ zro^^(%;73nQ?Cj&a$kUZ-Vh2D4c$-IU9IeU@&K+c#+uLJ?}I|=1b258({8oH5 zw{wgbJl&0l(hKaEeZo7gtjLLDo$y7kQpj>oZUaDj)@UJqk0jlTFT{U@_Kd;OpBn{= zfAG2{8qyaJ$_mnv{G?GmLS!}>aw9%g{zHY4jaGeoVAMR#iUgr7Q`TmEQ%Ki$HzHm6 z8x^Tep`t<{w2`q~5n$@2{*3G+M)+*6 zfnov1bA@=C*rflb&_GTMom}YQ`j`#f4`(RT=#W*6Lvep#-JQv~2qSoT z&grt?86;Y?7X>Yu$tdSem%9(vh0hINjW6#Kx*%%5yjJyd$1v zpT^*2+H!RjQT>?);pTABp7WI=kdo{r!K4%*TPy>r@cN37nN}!#IbtJ6zQv)dx16d* z>MV&%>=TVLB*ahJ(%z%XB?Bl5ZQk{ijYor~7b9EA-DA<1rk1b# zb4>s%tkeWuTov&-e`W#+;K=5Ap_HP>DES4gD{J&Gxcv!xe1=bue9?TLcC630KN#5j zl`&>k79*Bb`+94;BK06^SM3T5Xua8D=Nc}=wFLuoVRu-yJBIuhvR5QTUEanSGL&JV zOV$#Gek;NV8EF-Q{`h#|#p;iYJr`WGNMRMm_E$zU8+S|=m7Og?vG8v(Li8y!13Wi6 zA`9}PNT>0Vpp*e+3NPb3eIfC;eZ~zHcSy-UedeLo6dI=1cKxz*x_?hujw~WVyPPsW zeWlc{+Tqz0i=cMnYQwiHgLX_H)I{NG*)H!s)UTnb{r-J}&cM@^Z>n0tt3EPVZ43+^VQ~waAOdXYnw{QE|0$g2c>4dV`4 z`yXt~hMvpLb_UlE;p8U`vv@mXcp43b+cq2g0r>hfG5*$xg)_lB>M%oe{D%+5`Gb(i zuQ!c;w^%^qw?YKycch^J2U?~K(e52rEE08k`!l+|di8`<_*a zs>zEKWKOkTJ0&u;*Dw$gYWT8VvMi5NX*|AB>uT2rN8aO zRkK2;nuBRZvS%}v4-9Rdl~pJJz-?+EdnnZPrKq&%Yd$m0(5;UZ04=h{3hqi}yt6xi z0-k=Am2t&%>)C$%%rzmJ(9yA~fzA_{d3gtYiRGhQBFZvKi6xRXCtBdv3NAe3>X=XUzK(drfhPe4fxHqp%DrlF7zFQ3?@9kF;8&jd^ zy|`rPzb^yH=!8qtw<&Xlcf+t#kVoezR?^;_X;J&g^MMFuQ1$TyX==jAFj}ekg11x5 zQ~+bT+Ze*ekQLr_m03zRJP%&OXv1d#%bw#p>+CQkM#H%YVstjtT+XK1hB5qad$$U2 zL1I}Y=fz*6e>m9@<^#Wny=M8T#>h#<I3?6S*4o{PgN4He%O~ClKmF1;84%zNrrwi!o^akQzXlbs z;$!+fr}UESi`eQT?nh!bA1sIx8XtwuBf9M?=S)!%DjbV;fmsp75=b$Xw3ZCgEq-h^W5+Hc61E>Y{Cr3nb)u=cdaV(ymmDs|kN!|bjcRPS{J~F?nU>+goM|nr#Uge+6N%i2% zPL~klTf$oNA-%~FrY{ZO(5&p)5%z|MyjP->CC-v*c_y;YPbumo?0GFUBAr5Q5LE54s13BFuI^ID{we5O00JnE@W(^E9NCqokBS9o;H@ zzmo#2w;Ls>IH%{&5FrbW=?%){Duqkfzk?Kdm+#XbE8t&57<-9JGGuw(F0 zUu)*P)oN=Vs3alA@)O9pV-c_&RbziwfZS%+1{Dw1RJ&nOaEd+ z;OU3-`g!C5w5~FLVd3oHwJDFjMo4q#I>U8OEj^7YlOgMo%`hAYKF%w7C|Q;HNPkDe zQn)2o(;&{!9SdqZO4L|qQ@I*`dk+$0`BvW)&BJ4brO7*SQz5v6Ea>dX{9YFd47?Lq zr_O*{=o(3qX5)esT3$a`eN0uu+`F=kXVzFqF^25*ISMmX4 z3|>Xo^56`j^b-&_`Q`QnLqN--c%0huw~sfGewTnOjE7aqtTp?=12I9Ked~U1?5At{ zD`aH`-~e$X0(kLtSqePA>GG90DVYk+1bZT=$nv!b{YF5F%E)AB`XReu0`Ij zTt*1-@)2vOId~HQ$zHGQL4_V}Sm!1aZ_xg8IpR^kO!A|gEHSC3_Vv~1S0YcAgoSRJ zMN;!>#9qPi91Hf2QVCR>ICOS1;^w+kz8LW6cWce$2?*^{oWARDFY}^Bv$+j53}ddi zoB1j3bMraJW=en^nkN1wb2TG(GG0+fiyq}p;R_wgb~A0cLP>i?u5qD3VDH*RMG|m_ zOq;NnDU2Cx?AY~*QNU1_pRw_cf7DOt?(O7ZK${A+Ud-+$nCZACxItax1nXvkzp((f zKFC@Mn_2Q@?OU?!b}F%N*ikT-m{Hev89aA=f|SpXbNShNJ(>_x=&xCRR{ZULS0y1_ za%+@hXyX@n32Z17`Pdf4?GgD6XqKaw&6Wv;jrRtv>;nqESg6jzZ2(>%=R9{}d`4|P{ z#1Lk#Kpb)>m{QtLf_kL%YjXogX`g*}ay@HWj1U-Uq^rQc!Ofe(i(~M3-R|R)GQWvE z-AJ6CMEfvali!2|***IB7M&RBxi{pqw@07p;4Z!3BlIV;&MEmvAr-4yPDGL z6*emh&}wH-rrp0|HB9q$pt7it9Y_X;W{%77;iJ$)HOLbpVlpb~Y8T*`2lukNo_k)r zG7XfPX1ScL{l39BiG0@Bx-KHX8*IK4jO$B^hdk;JX~8T%S|aQ;R_kY04h!3d$P@45 z%Ppf5nrw5dql<3^@m1M}?tFZiOYNo5WFHLE#HJh98hoD@I9hu1RYt$sm=916C-6jI zo(a~+CZzUp!>X1_YHq#K902>q?)2xuQ_r)k@Y@M2P!`rMT&R|d;qYdP>$Ax=qaH(` z4a*svP6HEO+1ZbGd-xIHIwOka@64pBqwvnzdmaf2-z>&#BF8c;eMk+LJa8OcFJI~* z5@PF09N%=c21XaU1|E`UnPrZb|I#Y>(Qj3q`N;Rnr*P%2@1ZQ@;MjYztcsAGadmZG zK;cDj=D{W@8Q_U5dIQfE2KfoENduE-(Z2w=u-8;?qpRfvd4FtDJk)RTN3VwJg$V;@ zI7EMgGRB_L`3qfPB-IAXxh13!!)a0ieN9ZF0Re;c^#SDi>zSRl1eH>6uac4GoY}cd zpPA}UmJ-_V0G={088Nn{-dCUD1flQxAfRZdv9pBCRZdh(yb$~Vl=&>E6YAa=rG1}; z)yp@2PBFkq?e%#4ST;Uo3)Ag1W$Rl#`^Azn2>_*rmd*ch1w2ElmpLWEa)XKmp?ss{ z65(}XJwqLP23o!v)4PS?$|dKsjN&$4Yol|1VOvot`(dSh_Oq|*#b0{RKbwP-YSM=i$SYtxGaDSr-1j<=vx^%YX$cl3j2DL254 zx2yM_PLC~uB(Hw^^PlT(ssz8IL_<6IxQS>Y5xtG%DBVu-!eYW&1iQ)kPKFqJTI8v` zQj=qu6|RF5xaaQejZL|ftj)UDl6#$52e>qoT zu8+EDc_Y9VZSx<7!mG1$JmoLA;aoyJ*DTbfAvnzaX*|tEj_?xz<*i|>nO!KQC8M=k z;b-uq#!C*5B817M?WF%k&eaj}{?!T@<)aYt^*NN0b5b{t5R>+~mk!cGdpPk~l1Z1v zN1aBxsZTW2xaVqfbWYsS_LfPr*q%R^Ga1fY>BPyL)C$v1Y?BNQ*P5ppexCv}-Aa$l z4fY5Ddd}|QE%g~R+)}VncPksQK}cN??)`r31)QGHjKNE=aoL#_6x*YGA^XL%uo6bd z!fp&RM_#^hoe3L|CGmo?5VLpvee!!Bx-^38noWT*FIB%4ovF$!O7|XTdaP=ETd`n3 z&HMOfSi)=N1|D%xTgWENh&g=7<`_5!u#0yyyUY?VF~d0LF31i5`gqJP2pY!`!3jXZ zzYHxS8zldPzkeIHPeh!J<*!vF#?s5t^L)*XYQq+{AP5XM^;HP;_4Dt@z6e`L$ak;G z?B0Dc*!r+ijApSqm3hvZevB%x&HJ>v8Z=zYI@D+EVVh?eF%u!jCI%q*Ik-{2g4Z;X z^=r1*ctD$cw;lfQCF=`2t@1!LV}FRF>U^vl+M)3aQHMfYf|9arf`#mDGA)9$@vr=> zhcLu1`2?KxXmvq<*EA!H#&hs*y*e|mJAn{G#{QgAP91hO}6LaI~Fa&PAaG!=W5)IVn zbOA=Ar>_Rj!4V1Zc+>dN=1{!=kPYmUrN*$4AUn3J4-I(=uC#8J8uL0EXJo@6WlKhO7w9LWJANzk%%Fu>}*HdPAHg{8F?k_PH1hJt-Di3qD#} zgWYy2iS^Gdfj10t3n%9fSh`eK>Zho!{MmUUA|uT}&a(~d9Og6M}-?>PJULc*5sO?W0W-#I#Rdsk6S9$4?MQdQcHzo^|)RI-m2N>ValCaOOYsL}@w%9;$Lp@2ent zg3~~q?k5gv-mHWI%~H1{tsw(OL;~_v&^ocKdcmDp=slaMsr4TZ^tF^IO^qI!MMEY2 zAa(e%U=59;=Xie+3bS~>hjwInmxU6@Ny@&?4W7_xPl&(w5?;rWB~_UbBl>t531D>3 zJ`EHGPd+KvtERQ_dBH)Z5V$lNzY8-(4sGJK5J$#-gGaXfR38DO$aHWIXD4opA8I!EVY;c(k$rw*6{F$Sh z@Mmu<#jTqQ)j| zN(Fffm0A7jR)Z-fncUqO1sMfKc!JM?hzXduB*@43uRe$WhaPPx3U6c|!z)+#SwT|{ zegku3keZB^9KXEg5{R!xb(b%EtTm;S_}=ZOZaPb$#& zt#-cB&dm!}Ook;pZp5qK@ z;|Jak3RcQ0a+Tck7Dmbn;bqd($Hy0ds>@XWZ)$@o@uZlDjNAwD@Ar-<>wn@&j`oms z=oD=$lhHQY`%!92F>Lz7W2eN?`Au4?l$2Vu)Y02*mp>Ki69@c^GWZxhJ~U$Uuyo0w zuZ6Dv*-MYMdllC@S7mNwP>*j}A~4G00VEl}5c>?k8yYNT=AsWQCd*)2?5*7W#g2>a zEC1#M7i?5!iv`sN??2GagbMt-Sa`bFTXS?-Ea`%XwvQFj*;N@T2F z@;P}vJ}xzyDT197=Q$pk2)9tyN=R~nx2z#$JR`fPIW)DD}_S!d(5$dN1*0tCT;g1@Bn z7Yk=+gR=Px?(1FMAEb7j6#lE97Wg!e4;z$4E8e%f@|;FfhA6$El^0rl$hogmNqFA5 z;9pXnF;Uv*baHj zn)#cM){{>;2b}Da;2Sf5>>N<$oH;m}9gKy`ZAyr*fzS~kRNx;f6Z95CSV_$ALDH$% z>$J?ex`E7txRgShlTkwcrd48h z2Np@uA~m>q=}Hfi>1-foC=Hn(;xaL>s`-ns0~ISe7)n;7Z6GW8@F2<@=G}y}cs5&S z1nCg~HOX#4c>BR7^~CY}pXUoQ-mfz-!z+4UAd2z-3;~lM17EQvqdUo;utuI`ja90m zr4zT+LQQ+xN4Uc>KrqZ>>WLTM@9uIqhIi$(e*>jF4UoFIgIf<)o1H%z20s)Of6kq~ zn$E9ZZv#NH!QXI?KS4C;;k)$6^S(rZjng%r)ixR$UPMaTsXOwdu4XZk_{dDoUf;w^ z!siYmm*3A#jjb&randCtKcLeabFruIdgZ9zlE2ZkY-88)HZBY|`@*a17yVW)FkdC`xq!003M1SxgZD@x z#?Nndl?m5W^S**-y4UlFJyRl`HP-{2lu>zuz9-3&p$#C>`l3%lNdvzl0UDF z=W1o?9DheBfhqU2NbDe*LJ`TN?e4F|{RC6OX+z10y{z|s7596kKLo#4DPM0$@424y z<{hs){3Y`@nCtTw zFXNAz4{_)0RH8^{kesC>QDNTEpD(H>z$t?b^S7<>&u+D>e6v}kttT)kx14Q|d8^Paak7LP2*@d%pWH$KJ$e*eyrWIP zX9Q?#yw%oQc}dHflb7ht@VF zf?No8?B_m#&#?7(wjRrAI8~Ek^OW)yJ!Vnnt?APKzzhLQJaXBaOi7c;bMk zl}f%(|8+9Gfoj(A%k^ zjv1JA9qDvOz2Yoye??T;<9l7_!v~Q4n=~cRXemYaC?;b=S(AuHTv9E>P<+Th_V->j z%=n$7>27-&P+;6VbYorh0~H zp96_j7FJU`mx2L?+-ZRpRp$A3WdJ6BpPd$b&CJcnfPCscE$TS@3w|_d6kHx8cHL3X ztro@ciiFNbOE((%M(Xl-$FHaAcwz(8e&y8zG*7L=GZ-#3eV<#4YMjKP{V(jCbS9SpJexz51}Zc|A1zluNa?K-1#iAND6p0pbdP)Xf8q0jPY;WnQ zG)rr%wY@lc`PQ#3zxc52Ccqrw0z*0h3_(^Z^qi0KnidF;Xg}<~j>yqHyPX@H5?^yh zxu{R|+`I9XY7$@>*9XDPDp&2bAC@hUbVlIXhgnJ<-G7xYaCzak_P5xvt=CGER9)N= zsweStw9KP;dNkM8?|ovTW<7b7Nr|blJ^zoYuYihj``&(s2I&@%mX6zB$SepasZ{J)1g5cLApc)0SW2;&ZxipU*EV~clkPA_Sx?_`|No3vrGCtjSTb^ zRUD3_BpbT|%~DsE9eKbe)Bj(g?;lD_SDho6MuM#e%}Iz~o*!*lXEXzW^NOuT18v*j z86Jl4&h2oNMa5_cQK{|zf^cz6?dr?mhQbCYr)=>Ru!_h_^(<$fVy^Eu`0neo6 zaUOIeHYWlYus{0-?@tlhcFRsGW_8CgQ}U6|Z@lKP*i1b<5(RwmcX)?)dU(<_r9)6g z(j8V?;}wG)cog?3zykUZK*Lp1di&TPLO$)J{-ir{UqeArKlbDYY{);tTZJ=5dcVd% z%J`-GUir>f5=^kiGV*$_4FAXlg`y1z%Iui#e@Go=?9HOa}zk})41j377Kaxhf$A3x7a)GIAb^Oa}Ri35gq;myil zsUWXFdyU!;{Wy>8PsDAL2kIRTZS3pK&8L5QKxvf!CCQrsB`7LzH={N3r*(8&BGmeh zLuk2#6T65LYw5&k4dRGSnfZ1v#$ZqR7w$5oM8I4ikumny%#Llkf1Q?ny#~fHJyhEL z=wa_e^8rFO3VK~9@p}3_Y{q?|1!HI}=SRh)req@b3e1!LGNrh{jS!zKQruuuq- z`<(_A(|uMJT_)m)rir>kgXHsz5|n)iF?KRlL}2^LoPC-Rf@V@b3*T{_>%7GWJZwWw zgg419{~fL}DI3E2*w4FVHk|n4!J+XmB$%D+^-p;~*+Qu%E$JK-sVmn2Mv15PUQ)_u z9&~qelHI?iWKI@rH*lhD%{cs6$|h;oN@g3@N{tE`!;Cw4XSg2CH_F-@GG#HKkm)3WjEl(g;`tytv{{%;Hs3E*^$=NhE-tOape8Ib zc7o^gBO_hY<9#5?%RqhL_hRPIcb=!2Y~c$Cr`pYbRyRsrxmgPiDRNg&O$dAgWo!OI z>4v?OyYT>x`t>IQoYbu>NE{cqssly?GwG{%VhoZ`>~>JrO|i=pL)5-|>>{%1vd~}p zXkk16cAS>imm5b*Swjyl#_Q|#RBy`$nz&c-eaG>S{U2qpmsG1O&;gzSpGV^%wG}%4X3#-<2;d>b97ehz z?LTnNHmH}^eDtAcz?a0u@IWfyi?}R012VA4oT_qErV&Kg}0Q4+T!i! z@~!n!?R;JVK-%Y#12oFPH865Z(FRmFo=2U8uh^QVix_sk z!~3PW%Y-q>=az8dq5+^ClQ~~UVaKnEP%Ufk;`3mkNs1kc6^r@3JPDFneRXLoT&|)~w)vN!y zxsAbQxbz#lzxL?o$3+`57sO!SX|&b8`739rbVI4xB`>KhC85DVhHa|tOzg}Cj}Vq> z%cXbngu#KKfx{A@fiVC@x<4lb;PX)9b}}s;p{L?%*%)eY9pYds@t9n675BTLjOwwB z#BbEa+vZy)TF>h;gSb&U5l`s;!%iu_feBbOetO>8iof#%9ZuQ}5O(^l(C%=xv@s|9a?YF=iwrmk_ zX)@Gh%a}UuQ)VaQE}3=dIsox(<#t5B!M;ZZ?I>1%t>dE`6Gk{+Jr8=Zn7H)L_J9=1 zIBfyGDD~5vAc$yC0Z2zZWU3AGQy${kCg(=<@G#i)*f>8-Heo9&==W?gc?jP2u?pu3 z&^gM!{L8}CTgE%+;AE4%$R;+;CR4i|my6DUE@GQ-!00M}=vNjoMZz6&37DFo(AeU* z0^^4@Z#S{c0bUU5*V1*OMa6I0rEFuF4$TTJWhp%u2$Po|hwRGw5EoH(WA5C**bVuZ z6NRQqg;L!3@jom8J_ww%aRETa(S`b%u6@1w(QA{zegUB&#P{6=>^4u^A9scNuv6`z z7E%(o!!1heFlrohM`wQV(lA+1eDc*r9KXSjXq7avZ4@dh?l%*PBWy7TE}MPBwbIi< zGDix@sgoRAYU-<;s^?~?p=0Y{Db7At`r9sR+RVw0|S zvo@Yy8t$UcGwP%F?yEhQT(_(QQ3rXDIC^N<2?R8z6N66(jj>ls-J0O7Y>MvxJsREG z)Oi*S;ET=g5|ugykH^8-_qg!PCMqVcQ9y=eJsVCr?;t&}e9lo~F|EK}&RvM;sb z5{|fxFEJ$f`!g1Q+l5AgoH5E0IfVc!PpB*FECS3)59%E_R(Bz9$h1 zx$$-n=Nnst5;R0k9(ck+5F-rAffX;bTB5(YoZM|P+>Xh;oiR-S&CW(QpR|0jV(2ab zb``IZl{bp84yC*<}WjjOpk z%kCyH^kx4`rvm|HWvQQzoJBsnbV*{WBgG};5Zn5%hbI8Y|3#d?<-h`#HL4ANQE z^Y*_o^$sedg6Lz~hi`@?8A5$Cfcp(T=V>1vyyl_1=T;py+J&kYQ?b_n)!Li@-k<3p z8VJUyl#1Glnq9^~W^K!#uy60HqHTAfXlk*#?E@y;(Wku(vIwMhG100(ws*CR)_f^e z>eoj@L61}+9#fYZ8y(I)zgb=`BDfGDk&XoKJhJL7ZZjpt9A$7C zmThRD{=P*cpev>Qa&$N?iEiWx!RHyobfr|HUK8k9)d0+j|J;~A=n`o7s~n{`o)|Jm zckMwDUEFVL>gE$J-bTF~NJY>5Wv-+d$7R+%qBGV70_4yQ0`}le9%h~vw9t<6 zl-`N=tHb;=Q5;1dBoOpq^FdXU3R%E(0=YRO(;&asc2mKzPMoP-;uBX%V(+m*J>_Fm z-9Od-vy%eGg?QRbIC%9mIJX%2#f6`d7B1nWWXIySl6msnn>>J1N=WG))XN7RlP91Dg>(#)eFtpuA%;9+FR7Z7{C-dgL&E=8ke>r5Sr;_u%Dm#h z0Y}WZHCvW9=^YtLD&{PWuJPR@)!!3Fk7YZa|C4Yef3KEj&~S zrTPw1@9%_-(7tQ+$=Zs{w1y3HmAwU;JdKkYWRC`ZPV&8cXMvcg{yagb%IHMsjYb?i_V-jm|!i!}X2G!k-*xeVamjQG%q z4V}xIB-irv4U!1x?@SvIT{J$+1QsbXtM`j!3+*L-BJgs-^xqZW$pT92F_m&Ch`%v$ zo{3pB0Hie^kpEvh#vk8pxH1$ABR3~kb%6Y5C3KS?r?`uw&GnCbJ(%8pY~L6xKwz3x_S0XIQU@3MUc1Swc+p<%e?SEL37t>h z*KwjOv66wtIGIgTdf8W)Z==M~X?*yL;8^c!0yX*wf()Xf5{Nfcr+@-`ZX$%i6V&A` zpoT6>4&FRgH4a9)@h{w}DXxGgRX%U!hFScep~V|KE}NUI26}$sck_v&B9f4~)f>Ex zeJw^8zlZQO1kO(^^7M|wM}(t$2jn-UzgEl?FK=A@V&6*7+v^j5V=o{v5V9OACNC+~ z7_~elB~8V5qX!F0t8}B6ZfU7(zcno_L+ArCV)hG#`(FdhZ|0%)bE}I;~n5r=bB1Y$xyhSayQ0!!6SH%b&|R`GOW5 za+FgD0!#jHd02~LZ{!q4XdQoX9uit-ar?nqX~8JuC)Lvd&yq0kTiMB2zK+!O*?%fC z$*1<)OAE95VIhkse@dfrD&V$UUVobAeUZTMF(CN)y{d{J08`0gS$*gxn=cYnbxO!` zXEKPLDn&O|OQOudD7K(>gMMNj4cYR62_ZjU7RgKHwtLAzeIs;mpz3@w5doNWc_` zY)O*czmdwEz=Jj&I^@z--iyWW-@cDl^ZsIfi&RW8&$(mX%jAjCEE^a>m}|!Rtz8zc zCMoL2S+WK$pT9im?_0h;TyZhbfKi)Vc=jA_6TF&bhnDvR+ zrz2|D-KW~FxZG*MK?Z-=UcER;pK8w4G>OVZAFewcis3|nT4&=a)e#p6GD=tyr<%4; z>x({c!9u_qEcp<^g`dLeY2eY#Z_Xc|G%ZztrMZJS5-=R+ct@M>i&xP>3JY_0TJ z6q3(-PnG5M#MN5auX-fB?gCX1>o%PmgY(opZOoruqC4m288Kc|6JjKAf%o zPQiw<-zJWVGY5Q~ES$Tew>~5Y!O57vf$-|jCL{UNFWGqaJyMR95k~S#mV`-IB?^3C z#qU%qaI&r6%nB^s!Tof3cEs#BxwR)~ZeS+#a+MGa|MdQ~{j8t+Y|zbS4I2BdvnMv4 zQCXn}i4$e@_5~;@6#UJ@mV1(+u%X!b+vw1l)OVvXa+2mjAcHI?0?7GSeScy@3&k)? zOeN4Uc(-3xsRvD?gSZ&Uqmm=6rl_sJ?76M!UQ@qZ_6Wh9QVHGICSxi6@ve_IM!E_Kb(?Db{bFn6nV>hA_?Kq9Hvoh&sBv z!Y3I$;H~zSAB4YtmX~Lh?%LmNOb+eHqnpa`l2r8cKf>(<(X>vLJYdTh)-W*8AE~xB z5eFu^ThNPr*|6yX_Br37o?-j#iiy3e8V4n`2&PS4`}-D~!PGV|{}Dsonfuy}PJ+#j zLEYI77$F92ppgd}_Xsa(9j=sI?DsQKKPeR)e;KT#wygQ^`Mzn&qDRK`O$#tbdHRS; z35NC~kE9Vb=_BMxL6d-ba+=na(GL*lC4;}ATnuI8ap`2R0Wr7U*(bZ0LR!^*a4{UIR ztCl|u#b^dLxI&}7JgY|oJbWM&gd`|Q7{J&6ZbQ^ireQx=2VgVj*lgwMM`Bb7-!&2< zkVBKT!-&F+ie>TL)?A!?oo)=+bM6B0@AMJ2{l>tU836dsHq3Ds?_Yo0>jr>8uTv^r z(fRB8H#Ks^ie9w<--b+Wo{tHY$tRcumj=_xQcxxl#kn=3qv+C(*Dss$ilY$xdc|B8Z;9LuB%Aa_ z3|(O)wV~Y}Ucad0UW$8o7+H0L=LXF3zNhiey&zJ<)0<@*i06T5Ix)IMFVoph3*}in>iuu;oZ}C(~98HNiC}UZ+SD{|jB*ZfY|= z?@3NxcBF2Xe#ubX9%Z41$OMC?EY<6*qJ|Hm_!W*_D+6GaPT=)@`kB-a1$t(jrZ#*jKobP?jEnhS ztd1(~Gm>M%qYyDMnO-K6Pr^;=!i2M?z2*@Q)2K{0|tP+|12MabU(_eV%ZKDWPLD7*DbHMP;rn?zt+=};>o zoSMLFtmrG1ll!SFssK~FnD-wA1YlVE^9obBagC8}YH&2U_$L%nchT6ytt|OiZEv|W zzVlwtAJ)=-7y^(0j+UH+>3!`SlJSu?8Lmgoaj;NXPVR>rdm)|o0EBe7$BzF4{mj<;jwsnLo3rh{|8Tek~#W4p@bA&>}1`F9Y*o7Ah0$ORwtz zC@pUu=9a$)Z#L)e^(e%F5j+efa}B=>uZkzsQ@)!f&xaLmyY>3^Vl$rWVLC-E7*9+7 zF=$@NUp&0allEeabp-~$Qg1(oh^{K*^5TFlhVXJsEp6MFCCD;3n}wFm6d^sTpe zd7+p4(zASPo4)GEAJc$QLEc$;pM35({CKBL1U7nTzG&968mDKm+vIpFj7FT&oJ9?V zpT3+(ZyPvO<6Q19Zjg|HWPaG!->*&e|55;A%YD$e|Idn)xVGs~hc0c?%D#%ft`p@% z?n)|CIoI9azlBz@vB<^tikjE5mkzf#*|H|$HR&dP;?tTT8!fxQ*!3ZQ?z?yt(}N2U zYGo={{*>txku}=r!^~3~%15qrV&S^p&+^vjy7hd6ET$9^!@B2A_uS7bP3gK8#+iL) z+``r#vl<4_ztV#qe7j$`Z%r?>SHpovn*n9#3wkko>%Qk>&;>Fgv!taW#WMlX$2Co! zQC_51IC&uyrOmjZvQp4l2~dX#&`1l9&zU771I z_@B4AP`soL#m) z(mY4a*+qWB%NaEdDkPev%^3}7DgwEII^H3x1AL;5OIY1~7O(Uqkv@R0AR$2+nm?=4 z0s&a)k{Fr_KVzLD<_Faqc;P><2cXA7Vo*DUN&v=PMNHXhG>h;LUBXOp_!xxcQ=)Uf zj&7!p@3EOwq+Wob38sg)gQNBu9c<>v3d9m7o0>a*TpSE5!@OsAEy>?ienksPbZ9t`WcQyJn4{GWM+Gf*to^TW$)7yv*C~9?Wo~IdRE~{AD{Cdw z(AvYYrEfk-wZp~zU|XOgU!__1>+IfKwdU4q=Q99*^ya~yl$N;+R@ln8cc;12N1B8c z{e`FQ+zQ9fmG))TV$Sf5bn3A$)L*{@olD+3Z4MAqu1&N-3{_G$^LD6R4F~=50=auU z;NJfl5Jz}#!^EJ()$(V`9VKQH&ovdAGLZgYjqt3mrLNpyg@ey;mu24X4F`7=N8-hh z&j&Dh6Y0T;m>zmBQR$S{B?(^T&F4}7oS(Uz7&O$Yq;jWv61un+M!7?+#%SCx;!eSX z_EagW4UQ=sDyxr%rTo!$kgS83%KoGU&wie@@xi6jZT`ZA17EujZmgIy4bdwFaj+iv zi`V(v29JZI%qyY?Hw!A3HpqE3M@F}DqgsDZH(N7UB=}chw~HCyf9tyX#iCgFsklFn zqS{jrSWo}gu;#Ji)7W!lf2SUEu&zY|sQ|+mFcF5GgsY@Wh6+3Z<8cjz zJ_8;sDG`y}>AH4IC_eqafzfvWvJVO!Ay-hw_VA@}XdUUK{i#b%7f9BrXe8@fwpb|7 z+8iohw7=R+_HKY!Ee*7v?x2^=+-};YDyvb#+A|alqlNhyU5!D}Ok|J}}W z6%Rr8bm-C%D;_zcu{G>LGNXJsTvR22(k?={7f1*mUxHG{5Gb#Tzz|X*QlaVOEO3$*j_DjYOyFo|UchAa5SxqCoNc zVg-eBBc?^8CY`i-qx3TdgIA-!{T!D*LyJb=bSH!cH9%BX$CPTK&@uZ~r0q5;Id_Rf z)Sn7|xv7=S9ih5T(hbc0v4fq-DOJ%>`%TD~L#TlMyK{#$v-#E{$b~hqGq?Qp*5>XI z!eoK9SM|nY&hcbP;x0T05W$RT!zG`U&B@No_CETvBASf z52`cmqJ(@D3@Om}1j)WKfvDWI_{bP=J7*HN{WAri4-O8NARkYRgH>Y*KiPRqvxpm=#JU^TUA{oc?0^I+6$JU!^rYt z`E*66DFa-mwf0g^OA3w(?V4-GrfEDsVF2sORZQX58*oc{l)t!oLzog zs8l|*^7~G5w+t-Q=cB{ztUD+>b&Ux)kAFiBRHO^+R5`IO4;|b&W%ve$vvPU)Bm5g} zA{j`64B2u+PfG`;XXsub3mEk&TPl}0NpgK#>~WIkxl8s8%~R(K-B8sc1xF^`(1=AT zGl5dq>}$Hm1FfTMSdH^|$t}Be3*USuMREooC$k{@DIuNPIio%g8_zwUVG2%!iGs#M zM-sjS)OG25FPpov5ZE6E(wm%K@Ba|;B{fbXnFp(2-WqD0SKBvcCYT3-LpcUG%fY%( zSLUBM7_Muf8AcuZmf%eo0d?5x*8sPv5tTY;oxZ5%AimWrcwcyg&^qekm z_Tv9RpH@x1l;!d5$ZOB$ZppYjC3H#<1MVt87n_O2Rar!3bz2OAGVlU+4ftgULm z)n(3BR=X>RN~Cn&WUQu zLrIBh#sOMRz`+Mu7#<`uMx6CEG_0raoGGl=cw?`~aCrC<`{s@`hg;Ylj<%dra6Ki# z$CmLg)Ww|{5IvjkhA@&iet1_?a+Dw?jU^V|ezC3C45njvTdPhJ+xQ~ZQR=2%TBI^x z!8Q1qR_U%b0PevrcrH3m96?41S|H(yA>+a{U6rO{>A8rCe_(6L~bdH#V6nLnk{@+2>cUMba5 zmF%*X=I_-tUC#)VymWc;<#95fi2s1qc}SBRC|74QK2bYzHa0N$^c@YB4M}^g`UBD4 zqL9syI}a+;*mNCE*?1${xY5jOCZZCAihwJsRQqDc`U+QvQWoL=*5}9o3=%X^DE_DX z#y>cwMXw4H-KLmK$+{=<;-N__leo1$7~GO(%4CW&DjD!P>8<56wjT7?#ILV#xSlff zE?Ele6H?Rh8rfs}nGt^KXL_@I!24pP11WNskmpvBzD8{%b^niGhS-$85VD^h&T#b* zmaI>s7t@iYXu}|>Scz?EVf3i!F*IzdsGCSq!5>~tXEuw1BRisD!q<0o8P)`y?*$*4 z0F!g22hXMVMTc(W@Q*7WXJJCam?XO(DTLZOe6GNez+QBcdopQ@$qrv0DS2PEPQp(; z2%|$(udQ&fmdK4;^{}Y#aI>i&4IO1J4$vO3B`kn}jM|=euHLC1l+4{QDD`y`w0PM} z01r>eZHhGix|H$=hwXy@eoMjBW&Dewfi<^c!e8ezr4l--XQitP-tSwUg=j!ss&#i8 zrRkX*A^6d8Pv$B)i9r_d!vU<@vSx5^dKJ{=nw)grMiED$?%z-ScK$p|Sk#2u&Hk|@ zRss|dlK5SsEBHEU8K5{L3p&-sZs`)&>TPslX2_Q0cwpsBsFU+9vVO!Pm@0XckTka& z%>E|z!Ec9oz)-jp`C(afekhV)+M!LqxhPWxDRz@7*V!de$ZB-%>B z-v`wst)h}z5JWC_nW}n;tAp?FMqlX$=p&+{hys0I%EO7D!u&`jXh<{VHppFbd@!iu z*8tYKDxgG5Q9W1RN#V)MVlC&7#dF(|t^Mh?g8u#|$~v4uBg@|SDJ%DSuW?7x+CW(moz~AdwgxQ37DQ|D6k~ArS_GHD9-Dcd^ zS4_AJzdtDM)!ko&fp>hoA%?E3++%9ThSv9tw+=;>P)@;-j&xnD+u!xPih6~ z7;2_kRMV7-q4@erj8EfIUBor`gO#>M%`KQA?_w%~YZP~llTsDSo zplpyGm|#t}pRWYPV~4+Q*jpul7}=R3fE$XEdluwhQ8s8wL+ZR$ji+^1rySBJV@at$;l*<0F$5;gEFChW~|&R8b&p_E){H zv4cS*zntjbPkjiK|8izmr&p}kuJOf&tNs%;Xt9WgvIVdZK#3}9 z?`cVH`2H5nx(dVLKrQMrn9#`f!U;no6QfZ(?`=j54uFrdf02-{?;WmF9yNudMm zBb3%}Y01kHLyJ@IR8vs*vo-o*wC+o>^`%go-;;pu2sE_B z?9P1|3Y~5_X-NojnaKQn`fIlZrVAmh?CdE>Xzip6O*lK1oFPX-&Bq6hpfMX58U6Qm zw;T|OPSMNQ$1$H)(geN6*HM}0hIZ!X0e~&JD(mgarx}O*x8UyLeICX4Zx4YkdlW}f z=%lf6l%eY)8sQRUjVPt7N6BOWxA7WAthECR*Muqtd;B%)t*tXQKh;GFqIm#U*kK>i zi!$7LR`iX`7{|NYvI0Nv8+Aa!d!y|)moD^Ojb7|$m%)v=6#=$7stxN^L?Dy;vl|L^ zOLARb{d!A=0TO1VxSh2NDroaeoJK7?gwTNaD z?UdE3GU{D1PWl!dOwhf18pthXiVhdu?7g`EOu`+A(32Q``V-?K)VhPZ@mR%1F=5gS z9E9IXw6`(=^>6!+JM*CV34%NQ{{jP;9J}r?lkRW@77M>-a+ISLmZKBrG$w~G0i)r=PE;pI>-xmpN8)z72Y|0;JD7284pupSC0B_+3>c#?xrij7ytw)P}} z9FA@*EF6XvCgBw+M|Yj{$?dQy0;`nZvL{(5y>C*3^&jFa1TzA=5G(|G>nDe6pR({an4}K{`oPV0WLd} zII4XMIGQ`gI7@$vb$~wQPnz^A2`OpYb8!spMRGbQTFz3(ub)OLvXx0}QAPF63%2rK zfaFw*{klME5ZKiY7f!UJl@rgx`k0>W4R~xWK$@vMMphM#5#pInJPa#SS>YeNvVT!G zZPo6GZx-z! zrt_1PTtVet=%#(U8OT=lYV7^~{R0#Xmip*d_3s&a*{HyaX5yOOTmsujG97O9y|aVg ze}lqM;xemzbkCFWXn6^n>ty!fr{^24nP6n5PUO?ludd&XoS|bbS;UI}J~)cdL3yD? zrlK~Zze(}|bFR(nBp0$$fMU&l-*o%K-~~H8ZIdu*^&FH^75;N$1_;_1AuOGyH(hJ2 z&HHN=l69dhemm2*)^jBw&CG00CfMmb#yJKKhBQW!9P9x;rsN0LARO+epG$0xPcyt( z(ldE$9~=Ly|HP0x5|ZT$LriW-P8gU&J#ZbTkd5|_MjJ^Op-%`T9K=#kHk*+saLb#1 z9sL%63ZgO}C^fNLS@UPcbx^R(T*uFz~lIa$6po?_DWU==SC z^CGddER9<^IjF-v$98;fqbHT5xy8XM5I2j#bw#}O9oRYll)jbMzMsIQ6SH=Ud^2sl zd^CM(xw;nCa93V!gZ|m44_1if6J{mfqpKF*$l6Ci&BZi@-yP0Y^npbytT}nk&Y?oc{rceI7Z;(uylzyoH~SH)!BYF0NY6vgP8;oPUpeJxWFf$igW0Xs zOZoOgum<4@7k2-xa(fV=vM|T~TgqR`z~Lf&q`8wIx`^5ED8H;ACW|g2W-Xrhn$CA^ zht+1>!5Z5>_LItNJ(b*dI{eIOhn`X85{1v>^}f0{%o9~yX}8~!rML?2GHS{S{y_?} z)F!HIuHWM;uKF#21~;S+7+QAl1V3*wx$(&JR2u$Mg1hd`9st5JUS|*~QMw|_mU^PL zO5#Zf=@k91bn`#x`JU3t*Sc?*Xv<-D2;>oYXrvN}IGnc#*j{BeiM6V-n|utuq`ZrV zc@ps?rmP_Ot~H<4qjF3+wUdH7#aG*ARP8Hw;Wrl!RzW!tM$}kw(J^*mc+or#O`j=lZ+eC*lM zvm2Tv`GdnFL4DL6Rc7k^zf1LR%^3_eCMryQ^2+$>lVnUi2S~{hgH=KeZ*Sdww#tH3gBX+R z-v{a^XQk)o(bF!lKoPpmcM7|hk0P8w!aVe4>4%!MBL>FIllD`?6+^NBZ~}-EWi>5q zhH>HaPt;OI_%Ic=1k7S5Wpzv6r9Q zlS-|RvFVJKT#hsAe-sQ8)*&}q~LLafnb3`2*=OK#>E)KuMVIT8PP zQK&Zx*EREIR8WlUz;lu7q!Tu|c?X>z<0Zx`;!Kk3Oq8u!^XbSG{SOKYatNJ5hna}| z_2L3SYsAju1z-0^5;GWi&-)%RaNl?FO$b`so~b5^NX~XnXC8z>2sO_8ayUfSPU~Yh zc%YYEzrMFey#q2L#WBAA{sj`D(~*$9vMuXE^C6HEvPa6OoWxdxZeNxbBLct*1@YT4 zMG%3%`C|(~xD3i-ja^DQNA9q0cl26!YHsJ&8$9=scNF{>MPD3>k}jyzFNn3?WV)yK zJuX|XaICUX(Kp_IgxLzgpV8}iFcm&r>udZos4+TYQ0exONQUZGfsGXJYU>7I(yf_`h&WQS$EzM(0FKe2mX)yqsd*+e2Tru2Yfpkq2$rkmce&V|BX)8l3*e`hJr0 zGY8OYuK&NAZx%Hzkr)#$$+*O>#>mFRiXc-U>bMKjj30p^;J6tIO)61Xu?d6J_B1=C z77YO)@a+?c%#7kf6qBDOD1R|hb)wfgmrx|2EE1mIdMp^x{r=vniPtQ`Pq=d)J2Xw9 zLj>VXY04*hd-Z@}6BoL9`}C~8x+@2zRJ|8p!7Sm7)oMQ2Il&6^+#HMC6v(+EQvw$d z3*X051HD2e`oE8vE8KgKejUt>*HhE}Zxj4+`l&XHU5a^TySuL6Yn!HUxxbWw{A`Hr zj#g4iNq)QB15JCm^Q;9EZCh53aT{!ewYq%i?rKwK{hWv-Ir_X6Hmv3655C~GPkrM% zx&**q&EVdat!3}1Gmn(u`w++MHfh(H!}t+s8%y!uKYBJ14}LlnAGy>xM0}2&XkDsb za$6FtMAiPtRu%vLSNr1v_i*Q?}xXNyR?#56+<{& zti*bhQ8=wiD4WE6&OXNpZWa{pw)hQ21CCC$rAD^sM=v*04cNH97?94g=728gM2ipQo6WmUPONZi+a|j8F$>r%|=x#gKvH{ zqf}{KUL6Z5ff$ujv`bWfXkmv7H)0I3n2yYCB0?KyhMEuWQ{o_b3Knuh9GW?|+ zhRzS&1iuyW^5OWeZaJpHFoadIRrqB?kb{BflfUm<)z=L@QDb7Rl_z<-nvkrxNo$xE zv)7V>_MmT~F+PS3uh)XMpVCU)f^GbrvOj*=S@rmx4+nf_nni&ST$`L`F7=lKKLH?s z!}kMs5&TF^#I1uXObGhRz>yiH=RF5@V0h4bfU$w%0e>&;U(NnY1Uuur zU?djDpb57nlcM!T8@)Lh=0S}X8OEmK`F)2&?dOe!+SbN`w7v_F3GT1L9x0tg82>E3 z{UWIin{7tor4g;N3T1v{F!cacClB}hj8XA^x?aYG$L*_tyAX#gUedhFN2;H)rhC|4 zXi&RvH4E4PYep}3ziZ`_ZG89uNcdohsv7TTzlnmsIN7~5K_K%0jhf>~A0%d!aF+hT zO8*7^RCQ{)bghQmVilg(S`}UHAu(Neym6@Nrb%4JDo-mXO>}0b~MWl~y$KuRnppvJ&)Y6guuY&@4598@?y5@t#o77{*TH=FmZg zCmld8yG2Ezu4B};{g-2$lDnyU`{^~u%(k1tc-Za{w>p^a$>t3^xgZSIydxCkaHh~X zp4r-e+6FwA+Xh0Z=PZTfq~0cpODzi~_rJ|sA?8j_$r^Bi%7i|1@4T{iJUGp{L+9{i zW7!XsU? zLfu-K4%-TsADiY!Ub`Y*FYhSpz(PHrS@|h+bgF!^PuE*l{%8bHR?l;R(vWVm{moGZ zYEE-V>Cl>}sKljGpya|7F;%-`d{pV6P+8%Bg(9X8a;OBZ5TG!8gezt?`y|?LOOC(( zTDVgB+|4&GMCM;z1Wb7FUU(`}SvF`l&2O6_k>}W0`RB^IoQY$P8lNv)KM1l|)HR%@ z8OWVKdmli)qjzgVAy0;!6mj6UogThBfxq+dGG->kXwrZ6lU>GT&N*mGOp9JBVdF&j zJlz780DO{CR!^9i4Go5J81Z0Xaj*0~Gv_)pKh*)p4AL>b^zJPGJI5mKf0b*%Q1GXH zN+-fs8jA5XIMtJQO9FqTt6W@c|`>WXq$yUiCI@J%N{9&7;V5+h` z)oa`%RWpv$0ce|yGk*0x1^e@k5=C5ZPE*NwOzCUuwhTEPV35rGv>qX)%@ycMNQaI8 z6*I{A>ySWM4o)`BwGs`05}@NQ1jfQLzGZLi`_2SvA^Yj-bs*7C{I3joj&@|}w-tD_R(`I=7c6Y1EO^t>&d z-e)sRxiDMVw`lX^?BtE7R$QXAtNv#b2&vqbx=?*EBZB&w(D{v=Q960&0h{1Oqe~kZ4H65;%Fh0F#>!WRiadMzPAR99qmAhosWj$d@wE+lZTV zjIXt9mxSi=4p&_Bi7t}UI~as@2zBr zRsRC+jF2MWTl*7E0nRJb-n~vt!V?f)VqH$t945;jh!K}fB|uy3!)GIC(!tE~MpJ^P zv2tO8z5lG8pYQyIS`HMqx3vA5KMi4|+2;2c|KjI8LGO9@<_mI3IaRD^1A(VwLw!G2 zE6ZjKmL#AtXNURfv`*>)R2ddr{)!}K^nKJe25pL=hBHxo(Sd5cplb{o4!QI>nY;}N z_W@QQ(1VGy1RS!z#!D6?jfYjeNuMjNDv%HEP&{~QIu_78c;jxBRx1fH>G)^uM6MHA zAJBF)*iV`6V&4U9ZHJvmwD%`22c`AamvfzL)9oHV-)CEvn9EFuf2Lqm&wTJ!(KxRC za9OO!|Mqk5M&S@PXt6m_uemdT?~aAYxWeDvs%XOPYa_gYF0*&KdgDEu#piklSb|Pd z;-~<#7GgDr=^&R)9!2#VdPVuaE*2E~Dk?ARup~miO1}z8#5N1zVAl`=egJE`U&P6B ztj#gRQmQR(Prl#5`QCa4#sc5;>@gxd%ay*kq;6lLiyqHz6fP)Z?IDpiiJe&!ZRC28 z(606gP^y1Bs2d9Qh8#!UZOByD#G{}_5cErhbBGFXFyxGPdniL0{m*TG z(A}}#@=Z`>ORdLBl2a;;yr1#)+N}W{2l3c>7mAY0?0pW7o-3&P@JOYv*VI>VD7Q(y z+TZbF!GmFSVdcvqpxQQ?ctk;BM$$Z{t>$E^gQ}wfHRig@S|GQ_QJ0K z^7ceZntL_zp(K_z`;X>`$yE+iI~M2Qa%A_&$gyUw-IaN&6i*-KC8bH6fgbtO;DPf8 z{y1Wthsm3mINy>Y=C;3ZA7&+`rwSC3<9W?LY~Magakw??en@F9mSwdsUDix~*ZO=Z z>*;R-wl6!QJXz8X^vRdL$MqX74H2-8HGkDFy0-#eQHh9Pen)*@jY95!9Ni@ZawwjNXh@dP zEv_3ifvp|O7|Swzl^PZ!FGRqKb63^8oHgoq!Xe%Lk;61mr%#}18qa&GKZS_d^|+N@A;wb+OC7u#F>L-z!YR2C`~Lmm0R|J+1g^{52gXi zHswTw51mf&h=ikuzzZ&dB0vEZBzo@iF~p<+0Yk6;qkBei-l5KatqVy4PWnD?+JMh4 zAwAMn&<}6Gu!w30OEjG^iZRM^qMYaW@a%U)>f^Q@>Uj__k_MO$dd%_MduTn^D|K2F zoH$;*a%;>^^hX*62dRs*;;qQJ36a`g67&T&EP%wc#q>p?$F`DbCrWVuj2>=( zae6#~MzeQ4R_e9i!=^~^@TBlyU5NWdZpsQj_!C_4zY(EKv45^AQe=Qu=>4zg>~Jqu z!q7?DMGt4CY(l~iHa|| z%L@*EwmU>4Hq4din*9w=EAJ5oDMC(kDpu*E$?p77rltL5K!_qDzM|WMYG^~TLb*}4hVuyZhyHYqTJ@IKwk22G!{ zH<^3__e9t<%Lsl%Q;Rsuf9H#-rHD}5UXVx3g?vBYX`zP}Yik~Y*$#WDFJ|5)Dp-S~ zj=GmZ%#-7~PvN-T+H|Q>08#?-Z!7&NLxPC!mt>*RX=yZo-0Q!#7*vBY&?cvX>KKqTJe9B?qa2W{NRmUqK=1j|aFv9}+27^Im!IU?7?IvN!78kKUTr3st%%xB+*7=x&bH(B5ES zAR__0fO%=2@k5rF{9rfi$N2%3;hwH8`_tL?&Vx_NHddC;#a&ICiJ+bPgY~BxGLHJ( zhnzQOe?6LTL-{DjYFui-&c5-a8DosQk61 zQJvb)S4d9tt;IyiL&DKlzN-7nTB+~I+x|3jya(?RWZ^798x&t>)(@QTcYmvUoE6u1 z+qFn>

5zTfeWQX^)CuCxqUK>gfUjj=9Z#sn}bZFdQ>^?Rl5lnc)3Ds=hiP%I*nw z>29POLAnJbm+lrM1nICqx>*`&r5h9w>6T_eRJuiw?kj)C}o?YskykE zS>xihr(O~*r!i`c9y1jI2TYKKgm-M3L{&eEa#BAe+EPy7L41d_5s0^i3QUf&WCodB zXZ8XCOzZrbB%+64i18S=?N5_DR+m}tphA}$L1~74Q-mjYA0ZT+_yFUCHvA)=A^t8~ zGE8Qv$QI4eT|3YYi2^s9+k6rOeE|Q={_R_0u5zs1-!y_3t>Vtkz&UVL)+ckH=2DpB z5B|atHm&#jUQKyL5PHd;oud#L(L;p-ujVM#CqL9APPd1!AhoJQLH-$a;oTJ-jA6 zsznNUVUOvCEb8}VGY3uLf{8d7g@c1U z&fxzzMHJ*rpmG97Ha9I|9teLN9uV;#9^h}%RE3c9Q6Ar8%lnZ&PN=9(B&ebeRMEI!`|EGVmREPu)$K-J5{&G{R=|`gOvbPVLp?M; z)hePuq*HX86uOMpmBwyit;MwnoD|UX6He$Z0*j>*6Bup6A#}X10-TF8;Pc}u^8S)` zJt^Lg3@~XY;rzHWLqbR{;BErmD?$|WfJH(GTPz7eqCgD|Wh9LLjLG)fB#@Q@l@%Iq z9v3g6KzLV3$m_Zdue?m`5TNG8+^6@M=smP@^(rvumONw6ZKp4Fh9{r1JjBjHB(S)x z0YBZN@cI6{#OfW_{|zp+x?|U%jt(Ul(oQH@zMYts!j1=iA9OI5+ODaAoV`CBlL05m z^gkNlznR;#jR=K2y@uDE4INvwvg15U6ff_-Dask%0^P_?{X|mRGh5Dc-su(@HqI}3 zYa1BX&;Sc5$MTiLH~Yq7Nqq14gf;zioEE($9LR6`dslP)*>T4LE@qoo5csLE02l#4 zdZ;#@ah1Eo9tXzRtW8MOxkMsvP7dqSbCMUfDE&-Ty1=AoQi)cDVO7@g&`_tVA1b#0vBD5?vmyr?74Db0`dji#__1({ zyG=yZb=EdUOJ16MUUtRj0{ejRhK}db?QtB21);)&$Qw(N&)<0>ow*3-SlxU^()!VG zwb;P$e!g{SO9?vvo^RT>6-Wbtnxec0zX(75xW;Q@GFJ4_3;O_><=X&gA_F|gZ^g|+ zHG;#UXqAv0m$z;+R5Wx)HT`o}3biy*rNr@<%mqb}fYqsJH?GOl?C~E z&P8hXsjNV-t@bO^_cgb@X5ujNhS@$uZ8*B?3?|Fw>3^|j()N_&cQ=5*Uan*g5mgZf zeDEgHDM-ZKLppn8l5`vK3318#e#~^4-JdMcDnVyw5#(MdSfBasHzK9h047lcjLbLk z+gHs4J87bQ_7fbz^#G-FT3gklecqH_&Dde#ngJBxep8&b`duj4p)LQzEXW}94rC!i zpvHgFl`o`%>IchNPoolK}FMg_s$M?kioln!gp+o zt;{=IIDLEppuLZvsU88y*(I%}i0a3Q&gUSjovS223BN@3b#L%;M1l?It5!C44hujI z(DD#*jY`MscMS$HWNzbQ$a5;}$Dccr9m-414ekjlS$FipN6m#cfb1GyGetrCqSLli|#w34+$I|L8)!OHj-ygANAf(%@7 zP^8GWC7ikRlODCJ$m>(=>fyV}#2(v7RSRNAU>m{9X($h$#Gy=s^9b3uE{p>8tF4&k-xeh`=WUCy-H}LSE-Z=T^E| z-iM6`22O`2Eq5J1`w#|>$mlK_KY~7^O5{nH^#!A&00sIPl=-U zOE7{nEv}>|-#D0TPd)i_nA(m9ydhN8JG;y(2QJ(t|tmI&BYJS>~ z03QO4((MJ)LP#e9APc%vJ{gW;ip@1Mg{x$Kz9VM*=wRi$Oo*~hm!AG}#%>?xyM*=$ zpkf0}YV?b0MM_P_Qdy60+Ly&M++=qhRnPmg*gTz|Y@1v8Q6Ntj&Gl#vRE$A^Pj0vz zV!yQ;byYJ~th3QS)qg-+p<|ylBv53oN4Tr>^D)Z~bhi=^iumv}|D~5CpknYJzxF@0 z3}+G2Ycz@|S_6)IN!+r0*zOkm&F5cIMBpYD(q(B#4QS3 zC(x5$^87H|8v=*f_&Er>Vc7xNyx>G#5~6zp6rsYUu9By+5I(OuGV-cFX}8;s;A;yS z-!pW1`K0yY-`mNb>k((@LyODH{bv*oR zdkluX)0Q>&aZ{n74$r>(z~aPGE}g*u8{%6{ybM+jb^@rV_IbWXz&q*t`u*fx2cdWN z5C`=u;aKU1zW%YtT_xv|oT0N!qOK z00Pzj{0n1rlI`r_)T>2?Bozsrw&DWmpa~Fho8#_nigSh0t?2)Pj_Q zBABSC$S9DmhmG01lJqU2-hbt*#~%iuRyq%h0$-b^>2K8!zHNEFHuBT%N1_}c=Qnc< zGehqdm_qoIP0R(ZF%b#Lu3?~x{i1*Pi4?&J80i81&(P}+W_K)%=)*p?KH_ZUeYd%o z1|G0|vm;-9xP^1zBEm9YivW+u{o7qINCbU@wo(xG>o9IZ*ju7pORV&rR|ER}ave}U z8A4@TsP-_?+%!W~X73G1b3XJ6P3pY2wynVxCs(SOVo38#ug78wP^?dqe7rc6pLjx4rFY8uvVhc)1B`8-Vjx4LPJ?|l zb_nC(#Ul~30YHlf1>*x2Btr2ZvVEYz&G{x~Qkil?U~9Blg?3}8{Fetbok*Equ;i;l zC%U_TUbj*AXE?7($`wHCe;95q`w}udp*A=Yn%f!MaaJ3f9ieyfY zu}>-#YIfr+vn&P4r%%xlN%CMQ3%qPQDWJAoa-=1JYLx3+5#qw5ceu%TQeXghmbUP7 z2o_TIMhELBY>*)vx&JXz{RJbbDYMZA1+f^y1jOOcJXXi0B)2 zPsfmeP}9uzJ4wh2+1Cn2?7=-Oz8cMHCCl901nc9qK8u?D&jEX_YQKmHXd|HiI-*6? z{eDt08<0m`rgtJEO#TS&1Q`8+e`N*ar9>8i=>qS{+tE;+xTVERfKXXb%UV$Ms20cP zi)f~Zngou!)as3PbK)q7|NlP%83n^mwm@i%8%q z=kvxhG7dC<#nQx|!k1P;vn=(W1=II9CPn0Ifime!OcRkdy=4KnNwRE_Yg0XFuZh52 zrpEc>cItdCYJ3m%%7acr%cfd{!Pb+TkXd{>;0Z?NK5 zKl&OK)8&8yOUHk0{t(*o57n)!{5yz_4jjD{sx^Sj1;@mNCPeBKy-5vG35u_Vhy}ex zaNT-%oB&uK{0A6h3TvPK!*D&W^0?F|FZpNbnM=~>e#f@~Gq9m9s)jD{QpJ!RB4@Wz z5sheR3!zB7ZU^3i>~hQmBjxsWPed2q-|%u9BDU zBcy}{MZ=XXNLl%+Nk`sy5psG^ceO`Yn+(YoK=~~TuEs7rv8T6pNw{Y-c`fRsQ?az` zXspp8MbPEC?Wx|X(YZWnNFC)84R0_tAR7aN*&3Z9VBg#8M=b{BpyJG2#ndP32(>`W zUJ&lHCO!6*A|uq76K<`m+WMVl;1&bM;*);!BSdwbE93y2i2qI(=uIiF5@-%;xXtg7 z$*5{2aJXpe1S4c2s2U=V{;lOx$2mvepR2PpBuO`jvDVc~^lM@Bw+mOV&}5!^@mBDw z-R6%U{wjK0Zeg_l^pFfjDR3qd^G6m^-yF6Ue6QIV1OQDx4iS(?b0Ryt8(zq#ZYvwBWeGb>e? zQAT+Tr6B`F;!3I?Uq>XoAuyokypxD#u1+7H5cs_i)o`wVfoD)5|3@jb zH|@mxj=V`_nhA7i#@0i^8kc!WoY_p-jNC`t5UilA`3AZ%{K~r`c#8hHz{UF_(grM> zf@qyF=|Vp*wNL&-S4a0|ZBtI%(h8q+KZDqu@HGN!12*=wtmN)|wta1El$}qg4P@pG zuZ8JAJ7V}A`4bl@)+{w0k}10NBsoN^p!a6tid=f|z=u^6ZzP+1%%T>dSNA?su!*1v(g3>U&BvBgRC> z>|+Nbbx$6n-Qhyv)71*Toi40ir%j1C0~7k6Aj{|g0dZkx3z7fDv8G+ZWe(Aq?m(tu zrjRN4ghV~L643==lGy)p`ohU2!(`@&K2JB-z_OrL;ZwSNKwI>pE&2CFs^wXB^z9eF zZKE~}^iDCa)RiPCA@*@rh4it}Uta)2WA z`z&C7D&PcPJ7eFs#t^MiR=ztQEGza$tNe9BTv zx?uOx<(S93Oe8-n%HiC4z#F_@A0V9*GYcg4?rg`y)KI*29|n@cR> zgk1O3hUB%bY_);!Jkgx1;1R;Q_5HHz8L|D8wKOqDzt4MwLgQWCq`XH>+;gAUL2vSb zO@Xb?ug0s}mcT+v+QR2IcA9hc&6P{N)?_YPZHqQ^zowOmr z-OIw0V$1iI7B&p2c9M<{M%{huJiQ`Ur@4~%YYZi%{jtQ$FJdu62PrlGh(`>$ur$iUta(+XGA5+A?+GT^Kzk>?2QkB60AI2nF@`xQHZ8;L*seV(#TGqo08G9}*k|MfF5w)XJpTZ{qKj5K~pV*UWo_ zIGFviT?2)mQ05heugjK9rHPt8VJRny%P9hYLfKV3hpwX_WtYR$J)=AYM~oAL5(QE_ zQ`*E;Y&4JmIZ>CcvfHA7rxSS?wE+FM)(YC~JE|M7$)Fm}=-BwT(H4JP#OOPz@q0`c zvZ~J>i6W3;@SHnAs<(=U>~NoRz|JZ4gj&9<-vk8pba(kG?tHY+RrUDaO#bo4;Sl4M z3~Pg?)`~E^(Mk;5PJC-*gIuL|g)%b9x{Ms8i>U1)GR{AyZUPK0Ah1Jan}Sn6+PI@0 zg9Qza0}X}3C~xwk)t{cZ=0h2PmfZa31#Ijq)jgI_2(P~W{Q?4Hn2yt?L}noYaCkwt zg^~Fh(TdwL(((D^-=E{7-i~q^FCwZ#owu9zsECxJy1!Dg!R_WiGvNh5!Hnj>eaTsZ z<$rV=^$#~bTSe5#2Ym4J*z7w+4u*mHlYvN+5UP`IHX}4L!gXOPi9HFJY{yc^y%nxFkji(If8S&n|03B#LUR-|Sz8Bz1;k zvS+Dhq>=4{Sry6Jn$e7>&a@?tUU}g`=md^vh*~3~ZBqre>CbT>Eu$X?O;D32*#4=^ zS5L7&{KEqLi@Y46M#Hh6cVR~(`|zPsTcZm@6l7h)l~aVPooGN2&M5EWGelGKO5^=$ zHxAB$A8g=Wf=m`BC|&aGGFu)z6Nca!WtR6jJpdoOvI@4V;gL69XIASLsjD~$Y8Ctd zAD3#_W-~AGq!z{ktHrjT>&I#=(gM9ieoJ?GqVvYV%rqd%JlUH>x1fkX-k6n-hA`*n zTZJO(y^y(S?>ys!Xpr{2dnZd4TL#z+D{8M1!GVnWExN$6#2M_Xp>GihD8R zALJF)miyUiGQYrtw0TnW4&i5&`#dJ90`DL;7oh5)xait;B*J-ibm-=ZV0@KGcWNJL z>+s3M>*Tw-Ua>T`dyR1#lBV4If-*$`r!0C+Y=aMsIKdOz5 zu+#?qoO}Bda*rye?`zZ)m$HJNDf&ssXLsH$irC+f#MrIWwB4X>Fl_Tqftmnb(T$Of z3(8j(1@I-CHUCY!1C+8$G+3_@#ktgN;s@6MYq9&mN9z35Te&n4(N zFd_ZA4s7CvvroC1mlAbH0dK9e!xgoG)DYSj!u$|mp<%C;#{aCEcTY}L$*voLs@3~+ z`sVoVN^=HJL9Ih8A@r!_3!WMv1gJ6iHTt_INhdq?zY<8mtSJK+QCB!76KFk;ZP}k< zOb4M&2D5nndX5pq;7Q1YBb*!2B);z!-}A!u7w`-zqMOW?T8z71w2uj;Cnq>;D?tXD za$?g7AkhZ;ZlEX2qKt`R7o(tE89nN7?9HK|U~_+M)!`*-lE2w)ZabX`0(mkFk-KbX zE+sYljayHsdm)}tELLkQ0UmtT*8dQ(QM=9i+rruBG#9#jWpvZxWoulF22VZzb|fX} zeS7!61nl2%pd+B$R7Sb~scS$^Lq%=~`-d*7f^!VvDEk=*Vl}Al_<~q;uhE(n*OAI% zZtnVZ@pB*u;;lWtF0uu?%u8?c{Df1GGLn!AB!{aAu!M&yAgo;r)jK{_OVuzLyp!{ADW3mYcMX)yRXE3BZTH)D0 z1C@%oN#)IMiBT%~eMU$ksa>oFiNIqH}XFG(WcAsGbcOyLoHtOYv zBqAgeP%$U++{NTH?l~%gfehN5pO_rhas9oNEmHsMcKD}kS=GzAiFx(yfNjJ!q}M!0 z$qo#Eido-m19jiZ3%qcee{_sv(8dXI9apiC7Ot1JkN*c-|EsCAb0`>SxtaN}xoO{5 zB1gkPK`0CDop&}U7ntm9x<&E1(7UgG&7s$`sGUp!s#@eJ4&D#0Pk6_c-RmNv2d&fX zv>n*3i9nu2)^IZyAfrH+Fg9FB<0YZ?g|2)^<><-oH{pe3(x!IA_>+Bq?oV(q#Xe;^ z;9=Uj-sH-!)tfFZo&l^zkocrEfR29JT3s}sd|$%>@>TwG(`{;o2?SkLd(-i1WIO7= zsAmV>A0S(rrfV)LOT$(WaW=kdE+I>U=mWjLcv0oMT6g#1Ju-9?{!cKP1FFMk(~N>u z1K*i?Op6L7G?YFH3PG-2Pe@(B3%f>!)Y(tFlMo38-o|WRTYP~?=gOx&0GXcOZ(R0{ za5;8|_yq6VfP)E@X*x}6>~DKIet(mIV-Cf0bhe6jxA)O5^Sh6p*I@Azcg^(t6Bo58 z-A{9+hLE4Wvu%`K?tgr>y#y&r*19|YzWwUazaCUGc{+f<1AW0HP>UXv2Dk=&M!vJK zTm(ZVq!eSkLm1o%g9>C!rG*c{a1k0m&Y3*e08idC7^bZ!lZ58`T%{^oNEc&2z z!};SK9^9+`AJZkhND#T6e(bMJ-;bw?%-h}MJu`7!EwI_jS~qOsV55#fssvnu^Cr)< zMLw2!t$9Co&o=!7V$(bd1ZAM5r4*!v%3#OE8$Rdr}IS(_Mz9K zhZIFA0Cu?R*J>yM$ra`QDnwLcaITWJ{;hF)lpL9&&^5wH|2scMB2W8OcbeR=S*rG2 zSy>b!9mXei^6OeH?)T6IXb}^xC&YcRbM=JQYFr7S_{V?Eo#aObCtgU$bZ9^sPq1e{ zlEPY34{njP<7u1+9cLOTgZ?E^{_#|$bp>lrJCT}*i3W)<%)qHP9@yKzPKv4eLPDX; zCUp0i@FFVl!L0{C&F`s;q@9C_Xq@|-e*57}_F*>s>u7Cr&ox{7qgV`!&I2XseG@<& z+w@S?$dK!qrsSZh?V4sTJs;_PJ_f;gCQA|`0&ShRokMh68H;A(TT3kuUVaLbB0;ru{i(MAdscfx?m?!e!W zh~MR_iMAbwEax2c?7KPrY{qdf&_akGjmW%>v_wkIar4q>S@^dpYx*+(_wd{6y?O&Y zNQ2$|-@AR(!&wS=sL>I1fk=E|7yGXx7@6?z^DU@{7osJZ8QIbq8?vVy+b$z~Rdpp> zd|OTtt0`MXtsBbTG17Z5AXf~$W*_XpKDJWJ_E_$-LnH5aQ9ih}CQ!WO7n)Io?~^AMY%zpT^FX_3dnH&otd7wPNEjP+E=u%P+pYM%49*gN>SA~S%^i+2?GW}Hva8?L-77S zXfhJ%ZaVbYMi}?>NF|qDb?5l@MD$azP1FH)6aanvG%_#_Rhdp*A(@7uqls-5(1P_)a8UiRNN3G8z)7eH_U>ZS+`5WPb6-Shya<`}zzHC}_sl zAg&|C8$7ESbt-!M@=iu!OG}%6V^-gy4{8al>2a(y2Rg*bXZUvev#P@*VG=GuWo=9< zCxWTWaW_-pkZYwbJ9%|Fr%J&u)Lm;>rxJ;EK8W+QrLAhD(3RpGquLg{<2U>P?Eyn6 z0ecq5Mv?FDU?{>2dvFb7ZB=vY4*cca8A!HiPIr^KYD&w z`j)GR)G*}Y0eFlI!?CBJ6D$7AARX^RQ&?d;L7GS^vM1I?O#_p%E>9qvu{}uSbCJcKA(GNnTdVwGV|}1 zaM^?1nU{v?Fik!#NkK+*VYSZ7w_kG-BwcKpFAbz7SQ3BY7-D(4;#(B@wL-iHLw& z#nd7Z5x@02*_zv4cvM3<#2U8=l7kxhcoGn_^Xci7JlO*NI zJ=S@&dotBHY*UwQlV`PTjQ6?nga9d5E=)c9TkFCv&estDIQD0*pvw~!)TN=$$N_`D z@{==)k~YpWJ16AX&z(p!3YDZ$-5s2$FHmo1yg{e#a(%i7PgO15Qr6n^I5pvQ_pcu~As*u<& z3NN;TQ_Ih~zarQE8CSBkdDSx8&dVoPvtdLx-bMr=RnXqNEX^{#2rP7X`M>GSRB50h z4&oI4#)7J$DiafH9z>Uz$+>8u990z-L8`hyD6bqGjgIwtC1l~Cci*j&PK|SF9sxzl z_nrDWcK+%)uNL!@oEOMs4m}D5s^k_Pjs&Olx7>gnw6Fh!aPQ|Ru7U;ou&i77F28H& z*2EpLtzDhpT&Q&c`VEJoKRrCm%NKGMq`_!hxdgSCmIkAnYKt%9-1ofrE-Z(0no^p} zEKM(5AEJS8gz!c8MrEa)E!7?kyRCL4^}`8jqkjo$l(E&=eB^B-P4qYJ;lC~GZ+UBU zLtfMQ3_`Z{74H9CvD|iuX^Hl)E=9~2bdJ-35E0Ript?e3k*1OFIH3`0Bhx;1XE#A2 zrj%61qT2q0zyBkVf(in9J~| zbR)?J?_ZkM_a)IidyjK}yCm(&?y3P_0{xVm?Oe^+$j4%35_mPF|df|U2HzSOuB8)U9In=GQg_?)gH51>cU=W=KDA-jQKLknFn#WhKYC zFp>#2{I-&HoBm$=;*o!_laCf;qwkH-HsHTEirj;GEOaTp?6oJxV~V!2@(m?O)p6f>yt z5aP+Q0fLul20H~E>)G2NRV1^ng|2B^BD&)dLpIqSnSvM0zC=Rl$D2Wuq zE}I1f!vY47Erg^>plQ74Co$|zEMWTBfbmMpMz@dtEB`4zo~1~j9ao2#pEzm?N<6bn z!8M_QSO{U~|Dd`53vQz?Oot>@BeCFE2aY?;a)AUd z3cA}fD4)zy^r9*b>BCKW#+&i_oH)Q1Jj4{*~g(v)4|e zO3btM9~Sd9I8(BunTu+<^g|qW?#CefI!Y=Jj;lBYx~mlnsTZ#;0#Y#j?6()iXT`_e zT5ATu?jDSf!V2e%M7G{N{rOvVk305a=fVEI1ff(|a@|1MIsWm_YOZ&7Q+`ws7XFZG zas3wBll|$?#L>TMw@TwP6yP?0XxpJZrJ4+R4iOp_K)(M_ozN!uc{~vX8XD@Z!ad2m zB8teXaPok8^mXy`9gm@Qv?OHT_r5J(_6~*JwLEmB=1nj&Buabsr2=>h#y=%eXtytFYIE?o zET%YaI7>!!laU3Vq$VC<8rp@n4UZEVn+;r}{G zRK+0dU2R9GIwNX6s&XO}OG#Z3t=5Saict$C&qqxO4C$6pRBR(eLgqF*X~k|iQOrIB z1`~up*&_0C^MHy9qhRwldW>Yk(H?JReFm}t@+#2^4&;E!qF`oZNH3h=0h@*#Q;SNv zSY|NnHedIx_FUta<^g#XTm&DtYmoahthO#<_30c zrKP9`rc+=N*-il(+r4QGTfs{NX&}-GX~t=F_Du5eXVcfa;ngECB}f=ag}c5J9s1A! zsTA-AB({#kph;W(CSJxttITM3L<>{&aoKUxeV=mYEhijgDH{^g{Sd|+l}obJ*k5bm z|5ISDOiV9v1E@=Le7NvekD_3sQEwOvN~#bg-H;O^B0ZFJ9<#leIlK9%WydV1@ULcs z7sFteMW)twzn=vV9oo)rrURPN!Qw1O?-No@rf`#%`kL5@E2|`3pkn^aSy~lzcfnYg z>J&SzRB>SLI+{#n?xHrzV4Cp8tRt80eW-;#$8?vS82R!WzzFVe^>y~QAXt-~@~$tR zT}jM+yRj;B#qAu}oh^D2!lx*je4C03`V}sCPr-Q$Bq+{Y!i?~^2N=5^(aK|Thm!ot z^=XEtFt!s_eeBD2ITmx65Q?cBy;#X^{1j7VN879i5g{F)m)k0Wr!zE8PHuo3=M+RmclscJi@wI;+&@51mS=D6r2G?a z-bup3lgZOMe;pz~s1Ox_VNpP1kx0)Jk}O-SmNA8saq-^gSzx)&`zJ&Xy&1jSetX3e z%xj&N@!|C$G6}EL1+;|!)cdo zB{(GG;4F3V6eF`exn}Z10F~y?LJTotA`|hx)>obo?HoXg9nRkTV?`&b>^hAkN!R_~ zwEw5b)`PO~C>VW)LHqMzK8z^_6YYFeN*xx3tq3&xcqW#CyoA9~ov-nt_3e%!c2mhi zx7VPF`~rbyGazP^`nu?65&e7XC0wB(FOkS!C467hp9>ESvVfeJG^%52{4=|{%qf1P z&mu!u;)jq%Z{C12Z~xdIP0Tz6gP5asW$Phy05!44_n@kEH-^suBTDxSeEU$9Cxd!!RFu~*boYieFvpM?x zzCs^CP4riKUOEnm0ypK40v1%vJ*6XkkPtnW*zJCrPWi_yedThB&K=3>&}|O39K~GY z;lLXDZn-44ws6&L`oY1B_qsc`!Gj0P>9OJbsgCQJ`QUr!jLSJ5g6b*#Soxj4^g^%5 zccEwgHXo$LUcsIvhay0}@Ylbf30IT1?uN!xKDrni4^(%?1=}ZgS4%$J(Qtg1f9ma= zvz?{)!2lqvI6e7SWa^9zn;vTW=j-+Y3+In+L!5Ka^|e!#FPk~0z@u`c#L$rX0M!iY zjKaM`5@&9ek;%XiX^hFK#afN&-pt>84vzayXYlR7AV>xcza3iDE9KE#a`V1(JRMbC zt>d%2Ty#RESd(8F}@n?_ z?JHJCZ&MVyZ19cE4YT`NgBT0Io5QjF5<^J|{iCXy-X<4zE*PBjm_(2yw)W4`cVk9YV5qq?I=N)Ira?$(O#t0zN_|8qgwzm0_W7n}y;lX3kOy4`gfd*FV5}yu1^-DPtie%Dd1eX>6DCa< zHIK_#_M`Mu^ovEt8{2Kk==Rriw*@!;$G!2R3fq4!ea6+yb?@w}h1?&Uriv3MhV8Yq zBLR{-O)t$ZR$J+Iba1&!J2bcFy^sa^+$Q&Jk}D8>>B};YMxjSB0#T<)+s%NhY+qM3 z2dwcQvBB;H)b5K@y;duj1{3b}KaJ6-O(cWrg}qUHWPU zPu+^kP!J>cOpAcJE*MI^Z;#8TL`%Vxq2uXs#k`2VU;;WnR-{2}U z&NoqI=M3evx>kAh{l#=+Sc>g)!(g>K-O(+l#_zhLt>|mAb8ECsT@-S|6>{E1KGeIA zi;vi^?Y^cikwaD_qvAKO`p8k@0=k(F$A|}Oo$6sYTZFLeOsPc^wx|l*$bdIhh zjxV#wk&^ts`;s5@V*(3eI)bLdSj5(kCkjz0a$qCG$juL;4q+bF9vfT1lz9x#gw>K_ zItR%xOR5z{)T+RZDsHu^-;NshnfbW8v-&?aNFJDiK=TyWe^{Ju33rXqrBK{{jau@b z%RKRhdEm!(-Yh>uw?lTV2=SqSyVFXwEAb#fN|mBMYoWO{D@dPx-825C{^bZ}&EaXp z&Tn3NOUgJfADlMA=o6Kwt>@BCIwV4(e*fEGxD-XV9%qMR={!lc#UWfnakAWoxv=D8v1*WQmkml?G>=eq0W>^buf3-H0$$4#y(AnwlNB6hm4 z^}+th)G$l0V6ALNPA`5z?AMU9FVvI87Tlv%*&ziHUgfc=_f(<%B-DmNjq_qp1ut!( zM-!3F!Viq)T2JG8KI|l~WjydnimbPv7_H6znhE3jIBBLZ`0Hx~|Dx6g?PAo(4%$%0 zVe7io5W$hDSjfTWx$E~rglMm5ayn3--%Uyym~gPP+nj@Tfa`jW;n4v)mV?6ZSAXu^ zQeDnTBcq~FEKZaf>q^oZ$6H_N1LfxD-EA$W{(|E6@cR(xy5HQ;YDvSJ;7#?DBb+v; zovyjXH@MYRr8$qvT01g6Jvuj&>~-=Tg_R&}9lz43rvR&vRL!+70XHRtKx0^?b~K*3 z!>#EF^1L=l2GoeCQf>0s9TY|Dzn3;-Di&ZFLDcm>kiK-AOC#_}9@R$aIrm=n=#Hxc zSsMt<;NUvZWxm;#dyMzH(bt0Fw(zA(Gjj8*d%W2FpK}>1=aYrl!Nmv?Jg2@xf**|7 zZ_HPC7evdbOiQ-Z`U8B>Gq1fW_v*A2tRVz~I=9+gN5`RW2(1$a`WimDz z)Gwfm!{h<&8KZ?)!cSE1wh@+Nl1#*y0)%SrOv?8L4TiaQNl zVQ;=YO&u3PUaivTf^27>#*0(-f{U<`u_ZbAt!@67!u$}V(JuL4WQ1=*9j#vv8vT?$ zP9S7Rf0!yfcX^uMp=_vrPsxT!RFv2%N|B=egU@mTJ2atrjt5t( zmr17e)@R0OCv?a5>XF1=38Un~=pRYm+`*H5YE-ht_wE?E0r{D5hxwqls8*-ZxWxAR zwbzM;6TwItm^LrY9dnSRwUu5ds+@Q$YnHtISRBi2Xy;t?+Rfk!Eiwbx_J{MUaFTxeW2FJy}UU0hy7hdN+YLy=?ev!TvFLJNzj0--19lE{x1Xfly$ z8mJChJD8qEGOF1od@IBYlAd*MX;7i$e5rK%&- zN;-OrLQk&6`nYh-I4|Hf<;_9rN+T9l#((eUq2#ljz5u8b!@(jxI zdcODAEg^)H1y4R@d@gNC(YvOOYDKXpssWwuv`N1n9#M8-qT*7;rO7iK)OZr##SZ4xf-^G^VbTR2qUPJW zD==UNq7pRbuLw6LR@LSW{G7Yx{g}3;xnIAN=`!^FXrz1_?gxP;*0wpk@98-$7(tJM z#CVG5OezU)yYc-vIeEd^xChUI>|XkMRsR@6VZvLOcYnE-34{{w@ZQcE%1Z2OcJB>8 zo#pg%WHN$U$_|woG9kFpFa&x?-zxl$es6{$)oSVLKF^oGKltFOCk0JA<5u9ksK~wR!b>g+^K?9R z&koj(&$+g6ZQX}SYtO=I?piWB^m7cLx*6q8tG(YHlvvvA3i`F5W8C^$$GR z4?brS-|Pj?>r))Ga*T>T#z;yn=lv?$a*wU!^uo_V3S4waD>l96VV%gU(w8|3mv4f9 zbapvkzqRADstNH9oKp|1V@KR`u&{?V1r`3}n*9fq+xCs@);}UuIw8+ zm&f)0pZ2~oF3K+G`=Yx$l$7p}mXIz11!)$L7D?$?8cCIq21O7732CWC!XO2uOC=?x z7NnlD+}=L-`|17md~!dyKQ7Pi&Y3f3&di*d|Lk}WiS*vA?57S3)vEbM`(2B>e5w3P z%t^6}mW6g+#bW=ZA5#P@;F|kFf~z%w0)c;};FFe=X_8#~#wz({kE%<54k1ypwa9!g zJU$+DwYoo)#E);#6sGlni(kB9={SAp6?;_VY|1%)8am~I?Fo5hMEv+Q>BN~`mkxvU z*L4j{tr4AmOhgjDFbDFOY<~GM$Z(#bw-J@UlYLJBDNGE<*B6QCx+9{_DrDdS!AXB2^1nNM9cwjf;ZRNCl}b z%_EGXU&#Q{#q)XzwoFPIE;bhSBSfeV(6w*4!^E z{qcf`u(MBO=o#pns{65XVP7uzakti*ASR09UYvUhr_s-k6-{pm^?{ zN%b18^BS(^j;;Qks8(gN9OiDFK(L#L`C3mQ+*o}_ieZIdPjT88<^7^*VkN%&!g@K+ z(&nJPh4O|HP4e#8xZ5?gQ2SLn$}|zf7jyZN3v;vJvH|z`#^dhj^-6hs1~g#g-x_wn z^{0)49|bCxZ=LcT`r6S}y;LuxCr;2*5OV&CC>4<%Z@Bt(p_tT4!x(H**t66$bnjx& zpa$fk_sQRYeWR~Q*n5$2<5yKeB7G*ohx`a6?=lrvk0I2u{p!Aa~x|$QRmF(Sbj(+FF#1XH9 zlZTykUw$t%5gj^7VT7f}<*KP@LG-WtSjN2-5~}+GTfbd%eR*b^g$h&cg~uO5b$Ay7 zf7yKrkI>{tnvQj*rDvc`Li2RZ`aN>jj8zltm7L**48c;gV(x8_v#%8@_@|6Zm^ch% zSq(jXq;9TOr1$cY;wxVg{3oOmLqi&$i3{`|ptGniJo!RE{)h>*m)q5;%g)Vw_5)g& z^N>xr-%LFf!YNQz6!%l_srdtgx}Ow^8#puXiJKX7FlU#=7`pwhrEvjNaSb9{lk}oN zNUjcJo+wMHFV{$!?@SKVh(qw(MLnmnRf+WT*RG=!<9xi|E@p_ag@+f*DcjshATEU1 zILpM=)m84Ox%S47nY99Z2plK>a=y9nPHGhz!;lazn=;?qyX6lfC%GQSi#>X;#-22g zi3sqqoACu1yOhe-+&6P7kk|WogR_R(@?<3O$_oW&H(Hz^__Lza%Tj(Eln{cvf%f|Z zCX!7smH?H_2KB)_m|&@(T{TeGdS|;W?^DolZZ-{V0Hpyzt&^08pN=ad@L7U>3&S5o zrX1*<__p{ojzAaxHnT_B5H928>*{zPup@xI=89~k5DVqWvflw@-BP#azOGHvo6)zV zb7#M0x8eI!cnShpF{Lvt=%9fP-KwyX)jB`?j8(u*-G`szwaIEDe!vLGfv!CT#RG{K zq?H)A-$)0tO{5WR5}mUvz&dI>hz9w!5*$2(!AEXfkNX46{QH8exzIMP9D%D&_?RvO z;!vnv&4^CF#463srnaf57?-d+i#ggpARWrfgLP;NfFSPF$cUwU@&i~B_=o*#9wdWb z*;OF8YHD}QN%nfbHd@Aq*H%%QPka0~P-)mupZ=!N!R1X1t_zW*2DQ=jHHpGL(WWt} z1|i-d7J@_39nKlFD7!bl8>diHsctdzbF@0xmVzcf8in;!2iqFl z{ikq=piyb*6-9H1v)N%Ty{Fbz%)Tryy?{t0Buu`pgn)nUVxEitr~e>yom z==@2kGgZXhB{sd`>QjcjF^aGNl?FUTdt@HsLD-0xAC(JlH5=CKw^4S(ybNGe=sL@V zQra;I%ySU6Q$VMQZ@lCpIFU;a>Fp0-wg{iqD*T%d4&ZtK$S3@hnM~B~3Z~CD!ok@q zj0l~(7Kll_1#1_NE2KlJdIWg>%i5%mc|t*RD}@-%s=YTBU5#elr$Mi~C?w48y~%=4 zg*d_}w{ywI`JV#nex+x=i_I8Ic7V3IpAM^ji3xRia)MgQcK-)yzZyxjyIDjptd@eC znf@M2c-{&nwV>z}QjkUFd=qOioU=K-p)3o=qxK~V4gf^D8pza!G)gQGhN<^hlja#2 zq8NsnAaPDT4P{D^XX8rM`tP%j+9>+^=K5QXz(%;U9y0#UPB@S%eYW03pQcnkQ`JqV z&we*~M7UzV6oWVHfN~ujN@XL$d7kV*R!u1b@pJQRRHbxE~5h< z1KuM3apCGS?6c1$rKQ!|Zx&CBmy+lpb(Ny!Z#Tkj_{htr#rplb($yCTf34LDy!51w zN&-}$!ZOF;#1G??1BT$n7|)h9FkLFhaQjGSe5K}YcSt$Z$Zng_=>D+3o8K&^XeZ2qXD&v+>|VpN?{ZW+)ECH4)s? z!^Dv%C3eR1C#MR9qlh|tQ`E~llqf^-$a#l;up7a!@Wty3hRg`5(qeV<9$LLrX33Xw zz!CL*?6fqae+ysl;gko{lP`R_-_L3!w|rz{+etT^X~t4&W5-|m%~xE*3M_9C)&y+Ck2|0 z{kPgpd>TON+mD@{L{UWi7EPLJ*YDd-Vf>5iwwH1#iFGfA-oE{)L;`bZNB&d_$1YE^ zC?+LiQ1nSb>ORz_5Mf6FBZ;ke2wr!ewUbF6z7)+Y_d~+0qHNNZsm1KgDXtNE{=VXy zu@O~}twoRASsi5qiC|>6q|q*4DDM*i`Aw!Y@)86;EA@m7>bjmj4MW>#f)~obS1e*n zcZmNAnu6Bn26DI!gbJ$vZ@I9ml0GP>X_qFqiAZ=T1R3(+8Y7#l^Ka;O1jrWK>N)v4$$g$9 zjyG8^F2ruZ9B_@ve*tp@ZEEIN!gQ5`xN#wxmUM$zs^TNU3%bn(Mau#_nC2~CCB>g) z9tp-P0MZp|KF4TZi+m6HF1$(|9<5p`O+L>w!G?3DWzLc5ugZt=xmhOsZ$axn)x#cf z$|M44o^dQ3K3GE#X4eot-5quxEK)@%7B>=mW|h&{Gdfaovz7czouO~D&-50)!fO3g zm(wq*V@1J%UHxevvyPU`WTR$tqhI$1YOKvejdTPB1&bxs1n0Eu(4hI`K63~A>d1Sn zbkNx+8cjLBiz4{#MrZeS7k8$Tr{BCj>Ux})p;8+Wm8G}0P4wJgJs$_i4TAm`1xyCiX~fZm`GL1vO^hqF98z0M zcDMlY*sxeX&j-E_8V?~qeLU4r$A2Vx*2_Kgt~=ApBMT|riBSjzf;Z$^WUuFp6VMCK z%lK8YIRXHeLMuHnGuSs64Rm(E0F+zHi|Sp6JwN)`9lH_jHhKi-S8Pc}8#y&aPqc80 zhWej7U1;!g7?Gs?$ue50~S zfZCNoX@R(+hUoOVdQMsyKse4m<~s(wD9$SwCVl(c3I7ees;@PzBIto7T~Y82I|+f+ zg~d+adb7krp+uR5Zen5I@|oY|Ip2uf31{CO&`AQC+1xFpgVG);)yDs$o(By>ITmy6p5`EE zctV>%!oL&BDc8FV;5?qW=`tSLT<>=x5$y%dYel@6$XssESBg{IqW{xnsFe&r%wU6S z1JMAzShzhV>jRF3tVbV6$w+w>l%ipYxvul}gua{p(&PE-fk+FLBIxsug20Vi504mNE&bE3l1qx7M=qa?p0)$~E%^)l7NPNco>_aKrzc_2v ziQqy5Yse!(nP?16%w3MupwsR)ns_7Tx8}8uE2L!C6}*)mGLylnU)564;!UgvQu#UX z$z&b@uK;f8Njq0}oH*i4_pWlV@ub${T%K!5eW763UL?4;W)ZnFc}g^|QKCZ3-9Pts z>R#D0F#ppHq@RR^wFEWa)_^^w zzKV+^G7eLH)c~!re8R(en)1ksGT__&!HJI6k%1tkB1m@Q^-PzOaH2&!-LZ$vK<^R% z^gCqf7lsDo)pqGVRhy!gevfNpz$l!zyPV|4{|qg)%=Vz2Tl59lC*D&O-=Vy;%rYM0 zmG|U_1=jc1EuxeOQAW65R3D?V^6gvLha&tKM{-Ex)vCQv2tGWGbehghb2zQ0QR|}m zXD?QhT~xf}>PKi3MU&qOSI44%7}rh73^Ew?Vq(eOkIH&o^6LzoMc%Jsn3>)@1=*-@ zQ$y?E6xL9?i3B)1`hSPbF zvd+*@ux)lU&9=Wg*FTTBvfH~RiPJFVKX40&*foU#B@ysYWn1$ zU!aY}bLBRay$J>EzOibzex#)Jj$6>k$zN8ywP)w7m8pSD7LT9Y03TAA)9hqs{m48y zfo2XjnOM$|(7a|LUS7L@%7g*$QTGRqX3DZ`&&ouryExSot!}LQw^Fp zD33xj8+wZ^0X^1#eiz=@-XfuBL-Xj_VLTuj8=!w=jn1$bWp6w~j$7UM=`Y7wMV_vV z3j1FF*cYE)gO*h@w&PzGu`Yv#NHQW^XaFn@kdlqk&(#2fmJmxp5FwPHq=v^Jgl2#R1;cr?sT z1RFYP7GrC%?};8?oOcyojP`{&2!^cCNjnN?Sl}K?U!0gPtB;sSzy-7Km|Qj56RZ6? zcGNzG2AxG!4KJMf#K^K*{^ohB6G+y_9zwJGNc9qTP5R-t_~|eY*zE$2=gL&L;!i{F zR25=$S~sp6d)ZvSf^#Ni1d_aEIxw4eQQ$NjFWqJfWta+QT9tSANH@;*>4hdFnD7q> z?BnhF)|S5w+y{!aM|0+O&^;HF@MsTIVeyiDy~p}ZCkl$Qm3$+_U34?#WUK*2bBKcG zDk)i-H32NrI@TdA0_D>{99IOL=+krLP2-48s_O^@)y`_nSFb?sOp$5S8#|RT@v&~d zCnEe$?gjUHOV?!a4irGxA^Myw{xi93L~zAJBL)}Oa)ZDyQru!(TsDgOI)Yz*!1dy* zA!uIDMm0%?`g>=t9=Hw0z(4Ho@r;hF9h%DaoSiO`GQao8nVasO5R!V}JX%v5oF(pl zrMBYjBMFj*pQlZpl|W?}*|*u-yAI~LutFgAKk2i1HhkPatQs%qSipqV3-szp2 ziR^mHa-tpTHz9h1!vgUjFxZd(=mOpxKOyl7=<(V=ZSu%{q+ zy8%+elv)5TcuQ;CAydj575`A+zSf^v$7b`?9U)I~Yf@p~%yY9-9+D(}tI4ohrC3B( z4RkGP-v~P^p?tTo@kRnO1}&OL(y;7uW|>$mp($M4QKR$@9-Z`usss<1GZg$pzS7j& zC@%#L;74b^jP^$Y|Fa-Kp2@8`Ft=;TpR(*YZ+=+R`&Z}6tejEv+09_V$%OHU_gpe1)upu9f~5auv#**yDMU3Pg$x(g@#w66)Z-k)eqc{&}91t2B9W| z!sZ3bBuALoPsrCnE>;JvH7f8{Vei&(+wzhI!Pv|B%59#1cz`@?!%x4Iu49kFb5U5{ zuX^P1Z!SO(zCdC_e0Zp^dAhX_J?Nov{|(c@*G5a+`o%?4*SG%77e`xJkz#YpzPCUX zWkGcwT2TtEZISkA>RVAy41mT3h=FGEZS^2}RxG2tg_p zVXuyvw7~S6+xrz;zG#pIlG^CUoLj@qipBFt(#zncsseb`IP;%0jpN3{P3^E&#N(Rd z$GB?C6^=gpJpH0YiLbA|w8(DhS*S;ruw~ZKy1Sfr$8!@jS3uWm32M zbQ9h{Ca;FXOx>v*Ri3?BiBb=j3w>TriP0m8c!Lthw<5;Re_j&W0M8XPSnmidPv76f zlYLMy{MI5cUCkq@A_?3YINuMoFO@gK>~A;HTm=>#YJK>1uY<_Ukc+di%6%e9?b}c` zGcEZoth)u&80b1f%nG*7*}t3#OP^~ns5A4^i3k=BDSYjh;?3y0!O@g?jM90fH6b}Y zphZyn6Ha0InfQqg9}3;W057twl$gT|Im32t>DHO?N%<2Dwj&F{+nvTam&C);KHG_3 zdbjJ*j&~KLC|&)i=qE*b1ICR|wE*?o(~NSjDT53Tx|7sUs|3w)7I|MLn=#18nB>pj zJ<%A?y^j*XN$nYmLzZw&Ui}{{N0*x_g9V_14Fk=H;oE)ZHAiQiv4_C(Kuz&?ImZ*` zvNa(&B{_`kj+Ty`2p1)BDv;V_{)Q=1`kcpNgB6AS%) zsJiW;0Qtpgd``ZxGOqNL!>ohIC#qeYhjP-%Gx9=@19Gojt7d8`tZN66_HpQ8*ExEmIdidM-LtQt{eN{HZvtlsP_0=_CwTblg!7X6o zLd24kmcM*Nncix(UmmqX)?Nzdt2t)e*uGyA@9Ezx6()ETdW?L+()b$NSY+w^#Pr%` zMT|di&~BzIwB47dGREJQaQ?I<^1;x;DOPV@3+yuZ z_^$zUk@o~4TIa=>qjCcW=;*YAu>-}mKpkwu+nARlmF;RjQB~k6`N*>6 zF6^w=c<*ckG|(X!A(+@}Kc}QN&+1tJ=A>eack9mg8}s;Yd(^jFK7Bhd*5DCxPHS~M zhSs-qZim*pHJEHH+p0V=tG#h>!<3p~V88!a7bv4LoH!L@tuIO~pKX8neV71k+vVuG zH;40v^EP$T@Kjli*J`%zKA0dBTDbPcLeA?0?T3hW_=S6UKl=lcP!T;Le~Yn8JAInm zX8vChWUsfYWmg`&blAwYJkcHyfpQAoEYE$}>Tz(9y&K^;PEUq9=)wAeVlz-2i47Zh z980A>h~D=w4*SOxGq=)%F7ovb+$uD&&rT%|ho9^0v8vsOWhIgh%b7;%z|7u!TSuP9 zX`&UpF!lB;LDWt@c{0j6Qnt3GG*Yu0U&zzS=u2|k>YC0(RK9fnCAf0)g`KyAVByrn zP<^Opy;Z*5X|3d8D`@+w$IXYevLUX;o{#nHh=8oRPZ6HYc-HJagqrH96< zq5c(Ye|oJZGxtah$Z);mCFD8)hfd-Ymd>n&J7MdLbWGIBAx($&+=U9I-UK^W4LpORg^i zT4eWy3HG5UOzTM(qH6KYiB3fdz}o>^7kTv{%E23iKr32A=5Yibe7pH-zbRFOrWG50 z&f9*h$-Qh*zBgQg<3PJi#r6l>OtTY4iL?EL`YG4O(q{@kg5>$34&m0Y>&rh_yvJPp zFy!Ez?rY4{jL#_-T&ym2Q8Q{Pot`qYUyqJt$GkRsjH+W9dbqfLzm6(@FuCmXU9uK8 zOR*ZA&EyBz$b06Ife*0Y0S`QBxv4cB?;A0nDqjeN%70FgMto5$sCO?zUtLM>9 z-=G$}A>5uD6bj5l#J%jdwS2l|yT&&K5R=#OxW3@(+@ySnvZB}3Dvr_=g>N@)+NcxO zb_QO3mu-NG&TOkm#kN+I{!neDtBQgfgcJdwO=7FFEkV!5tya@aBkqVN*)(KUU?ggB zg`F=-8%)-1@;|<1SiqHn-xqjDutFyrrluZ1uy#v>M*Wft1Fww!P=Rt@A2yy=ta0NC zvcsoSq>q^Jw;lR<9O;?Yc5N>C2kblZP%ULgu?q3k(;LSheHvb!23}41`Q=9Dmo=eR z@|MFo%fjMJZ^T!~4C`y0Ol9{&!{KNU{ChWli9YOoSdoViazF_E_6k3ZnOYM>;DB_& z@b4Q8v_iQ%^WJ3986@ThJKssMbJQ?XRV7yu?f&3D;3K$vSUj@J@L_=dDTw2uPG{^4 z@MFv~8mAk$;(RREu(-cmmlGgY=SH2qs7Wj0hbz#+KV@1BS-%PQ#g&dxTfxm^HdTwi z`f3e-=BY)m`efu&?Rf!A#ZO2CK_4#h;W6lZ3{mX*PiL3Ca#>G3{}H>srWc7^q)pG3 z<$GOc$nc;v=xX52JYO#>piNeEc#X5@_#pdlqj4$p2;17>(@cNRqy>b1I913RgnN{# zD6#cJnez#Nxe6X?RZ-e+AtOp!j~w5Wmi}-CD^|?gnm=fp@WR{Pd}32E@q5c2OI zGRWzi4iG~!FBgcKX>b3GT)TehsulH4WC($#eDtK;94hew{=mD6StACY`a7H%AwFUB zMbEH|y_elh$!DHPy#{@iQaA+V;B{v$8!ZzMRvc z1{j+1R(VJ}N#IWBsLmnlDCSFfL|ww}eW{a#hn4j->nN9(DQX($6#BUNW|}l-7_l8G z4I$ot7W#=as>}n91A?>`Esi9!>F%6)sX!D)sOO;#8*j{@1WapK1u(C0lsym)^8;nr3@5cG4v<{!tmfybb!3OOHocTW21r0+$s*kTY6Vm7nm| zIz2|!mzF*^k{TD*V&|?R2sG%)gyDJF+FJ( z?U3;OSa$mw2HvD$f3RU;KAaplAa-?%3Fa_v+42({E*H+^I>SM=riK)&8L ziD*S<7DutP>$mTij3z1C+sDBvXAbyiW_24Y>&Jchs`mJYGmCKl6np)Ko#n;s_(*p5 z5`yaPT}H(mX3@r23fv^vDmpP~RZShKB55a{8a{!(pfG58r|uE9y%`EZsgRYo%%x8M z*3!3Grys-!?R$q95?gm9%zd(XbOYqp&5-NhJiDSn>Plb4ryUZ_yERlbZ2T_p)Xh@zJH#{owzB37|>}tKKADpp+p@inq-lS=E z4tsGGsf?n*2b#|3361kT7Q3@}*Fxj0&-(_tdbSZ=_J$P%Pr!l}OG7J0OQUfZI9LaEV|v-DW1=+LCX&r@NXcxaUO&=! zwcn_=j5W%<){?yW<`D(KJ(KQi2d`OK>l&3Vp}>Klsg60JoK(w?zb0;93x{26s~bGgIBR{;8E~o| z^_VscbzxrjEWoRV=b$Ydb1*-Jo6n+vgrNd8yK?XP$;hLCHF0IToIMZe$YT$tys=*9 zJUkd7XhujI;m77&SJ1pY3|HQfRA<)3ztmXGsLr0;8GJv(TfI}5G*Yvfln0BRZ==D% ziK&>k_qCm@n}-JB&ARyIgK#|soswE{07$D?QcLmFpv`k>B2V-NbBnE*VeRKWx|4KC z?$AyohC2Is?Bl$CzU$}fSFYR#O)pOz=%fE!3w3~LflG^-c$~zmHW)rESM(ki8OL35 z#Pfy;c?mId#Am@X>nvrch z^s2D&^H&T#%@yL1`Iicy_=sDmU^Vi%f?6h%K&7Y~)NRP6AM~0`;_%s42{mNQ7OpTi}}WLz;L18d=hi+QD2u;3ma@`g%FOLxQ9 zIpy?L?mnSgHO)_}eji1CU*PnnJd|li8yinA-}~!cwVTAL=^HAt(BI-HjDK<2R98j5 zhd=66yDNRUpKXPo&$V`xEf)4viQO7KURmqGPq_??yT#*oj%0*U0vU1d*wrGf!_k~X z;F6Iz|8SM@iFxnGwJUN-F#$TryRP87H57>awx$U=66bTjKHpZEIOBtGPkjd>g2^`5 zK;wC!SH|p?`2}o;a9+^9ZT8V1Ma|;9UqxwL--L+s0g?n~(v`JxF(Ive^mXWazU%F+ z_UXQMCYyVVzc^<-vYCzt*w}7v{G`}8D>0kH<}Tv=J)hsWaRky4X;F0}l5vHS;a=lK zb#XeTq7g6_e9gC)FcZc8Gr_2KQ``Hp!i+-W_$3|BpC`@-T4TJAfS40>C#EDVyW#mFsFh*bp^cDF zr%u?I{)#fNwl(^mJ(n4(ZPak$zUljeD#etQ2;)w=wfDyi!+YR;(x$CIjw1RQ*VWe0 zmYlxkme;iZX%|S`p$Bqc;`N7LQILGsmt}QB*o%*A7<;D}v(q<8T#9^*+u4o0qBC+& zC#LyiSsrX0sBOrpPJOJ-QcAn1sJf+gL~yuuN>E9nO%R9a^u1Rd!Tma-{htpt)d!DV z1Ckb>R~v&nuXzgzGz>KHL)TsVstHy1_vTuVJ3BKpVOmf5SQ?ywkjRKgg7DS58qvl5 z;nffFQ4>S(-lLY_&i$T$H!H}S?@BJWeZ-h7H~*y%eAj)_Z$~}Y zXBr^bTvW{xiHdgqYw&`JO?W2}4`G@5EJ$mrkxte*UkcOiL)=WDevohwJm1sJhZ!t% zcA+T7W5-SpuJvFQ>+=g_49k_lKyPUy~6Qpuz(G6b_7(rJMb*qFL3 zP>C@kXfq`;Oup$NkOMXs!gt@6a7)Rt>&nTUzH6w8S?4V_?58+UCeV(}fYiaIsSa|GXZtd@}yxh;&*|&6HQc-qC%T_HnEG)jg1wRO%+o%X07l7(HPD=vC#EGc4 zuBE2nvm$<}C_fo+Na?j^tdwzBEw)~62^Ia* zN6v*tj*+TP=n-5yq>3@`f5>fL_9I>2JqCGGfI&E*n;m=+M>$t+RGf+`Pu!lOBQOx{ zygu*K6gg{*7rq9N1IasZ28oQ&D7q-wddBZ$)_fe$gIn`nvDp0-EvFcEC;cmV zrrkVMh<*L~v$Mq^~-1%0Sye#Mq%OfX!Qor3m^S-FEL^26?<- zTm~GxHF{A|y=jiqh}wd4D#7(~o4sf@fz-{HEy1&sf3@gmc@E!2g=nD!fh0-(IIUI3 zc!OcaCdVd$LtxXFXx>Sy0V@~r0C_AueVk(;{qOJpgTEVyZV$sq9KZ*_2=B42(MPy^ zOC2AFXCPJG3v2j-0pcZCD?D7ljxD~mx2t({<@LB6SV#5QAIh&J zc#GB$o}|nMrvAE2Gt1O=K5g;5?f@_swK00};6kLBL#Z}+2cfSq%`~vctTE#Kh9V9F zD<3FizjTvOiQI&l^EYxX!%2ZN1If5@T?XXcP}ML zh_LhI#zxU|VX>tGlsf?*jFnwo9pNZkR7jrogrubCgHkui;C#%6Cc(t{H%h>k7JP~HNPeM#(&X#Y#y^wAp0_!Y; zpv@;)q+Vs~foOrQ>wMWv=G_A#hzC7%R?&1;vW^2|Qp;b7j`_HYz$8$7>cG3`i^qNC z(zueQCNK8~;=A4WS8;2qVxL4J-T+9h$~d8_kaHl?sHH?n_W6fz!v`@IPtom*QYmRo z?+I6C_c2A>m0Gks$ccDVBb3GeT`3sMK$~~aFfXKvabPxQRb~ta#WO(*$`Qt~_+`mj z@m))Cir|H|`UhJyEAy!)SLF{?_*oL;`(C?+K$pb5+R~pKa0v%LF|ce1B>96<53C{~ zVC?yzPax=Kx*q*dl~x2-TsunNbkIk)WIS2-6qrM;i2flJlrTfb^!lc=RlHpDPg*>K zBv_;EvBFGTZ4g(m!fwZ(NqF|rkj;q_U7@<*rRpnjw{o$TJ-?r!h28QYF{OZD2yso7 zx9u)*zh$L`?9NTUglxx`7+$2}?vni?OxO>d)6qCY0-#!XtE*<(1Z++FOXDUC_J;j6Fkb)x*}k z&Was_(hRg1xmQX=kOqFL)hngN`*LcIm5C11gnNt3bG)nvX(;q_sFa~5m474Z?!onY zzS4L5?xOS*^g}W=qrUcI&dm2*5m?Q<>t$V6BYZwBdw-L;JLze5819epb(({6<8_+P zuDSQk%Cg#okbL=MdJH~#AqyyKF%_ODoEsKlt}w5{NjP8ev8qs$P}o~4V5BEa)m`Y7 zLkw^{!ie=Pvz}TIV4AN|STEx9wL6@WVYy3q)cD7D!%vpdcZHj@Eq~SU&ZQ-xbYj;V z*cth`YM;))e$DAVu29y-#nIP4A$80XKWq8Z+)Mw88=~;kJ>)%G;>0uaTF{CKPWGzq zcb1|e{zdvPV}IckgCAw`e9xmf(s)+j7T`R6=*^T7WG{BH=omwQn@dz*!?Yr?F|o&A z%MMojqzZvDv_Y#8;nkMCM)SrF&ivY9+1W_nu7;plE0Jg5RlCuC%p{F%t^Kqta_h#$8iNt=`adm9 zJMbVDQVc}!c&M9?4Nf34e*8RgTX;liRwK*%;@jp!Go=KQ^G0}9MnyIS*6BrpZwOYt z+V8l(yjBDZ7VwI*T^U(H*?SkS7S?~E{6QBxphBZR$x}2c9aJ)QQ%$quk|n`xId?4m zNhQ^TK`!&fCxY~(hGz2XU0&_82S3Q1t?8RsaA1YTX=8)N}a`D`H zpVyWhBR_JU(1aAfQ*J(8ZR>(v%=2O>>YsTeD=X?E4~%tg?UjV4 z?5}GQC|N;i@Vb{y=Jt8EnG-KwP?VL{pP`=q?`s~73|xa=e2*{@1mR*-9ZAT^l9J~c zfxP95VF=TynmyF^{m;uU73DyHA0I*kA0q55SUOX&dar=K{O{uZXDoPIzHbd@WVVB!A* DJ!q!2 literal 0 HcmV?d00001 diff --git a/docs/canonicalk8s/.sphinx/images/front-page-light.pdf b/docs/canonicalk8s/.sphinx/images/front-page-light.pdf new file mode 100644 index 0000000000000000000000000000000000000000..bb68cdf8f5c2b6749fa5490253a1695c148ba197 GIT binary patch literal 9676 zcmb_?1yod9)ITL6NH+ow4I)gDBVE!pAdL<%z)*w3&|MM|l7b*Dp-8uMNr|9HsVFH3 zf;0-qH{kO<-+N#E*Z-TfX3d>*_Wj*`cb~HlkFJu65Lj58lxJc7c367=1UI4&R6#jmkr<$g69S7=LRzD3kU(t!6sV7Iu|t}H0AL)^&##4y45=Fy zgG4x!dQCq}^)xV;V2F6x;^~w70`!X6CrKC-v?B~)Bhq8CC1x7H>$<4r6j>~%L`{va zd@m;mKR;KsG}4NLzxWoVDwVDkD7v`VMrB;x&)a)radH27%ZF*Z4Y&O%-|SjpJZ_!K z!oYK>1b}qDkLP_PUK@p9AE`XXBlZfyFT?|xtdz9MuXo6C1H~DAn))sr-JQ9JuX@yq zTwc*B3O&(zRcg?Rhu3$rd&x-~rqTV4Q+t4}Ao>fGv#^&tnpq_(9jLC`jj@U|TX>Z1 z&oHGov}VI@);*UApXzr4??-z1-nqwR)qTDD9J9H0VI=ylF;p#Wh)9;ev@Q!`VR2h8aKdc`MA2jV>IUpQMx z58go|$M++?lppDT#=A8X?NGf+X*Lvq2dg6hc%D#ZEOFp*EBiaPZT5KE&v{2NlIT0f z#6qFa*ap_rgod29)j-%0x&Nj#*QQ6?{fPB}C?shT5%%_bV*xb*1sQ4Sl>WI9@)N1< z6N#_o+r}(?QHx(CrSz1F?FSl~CG?(oJCy}xbmqHxpOi$MfYx+OGaVE7ceC+C2S`-k z=MXG>k_pPA!l&`peYgAJa4D4X+*}4@A*@njKl|MAVVP^xLBeqCA?qg^CQZ8w-kn>ebHcVt{Z}N&Sc#fQ2d$L&hv$nBd8OF*+nK|Ds+Uzm5S(bhx^rvmAZ?6}{_v zUy9ksgvR(Ch<7h&sR-thkBHd=cdlSrVYC)O!q>%f-j3WK@f?|77H7J6=gw${F+vJF zn?^JQ(*!T!71F!0LxY&RhO8=$y-V@ODOMwpR_7)O)&kbRYm#dK57tA5>)j=DL$2!$ zB&?M8BLts|&JNEJ-==NwZl<#&Lx=8nRc}rm(D+HWk_8gV#%1%V(qc(G!fq)LAfUM+ zBMJ>lUaDTo+%#{Z#=G%2?>9sl%S&lDE3opka`oTaQ4=muO}tl=gbl-HVdHnAHF+JA z*!rn$@V)sO6Z{g6(vEI~a3Z*8c{)-j`So~4g~9xr3N*kHo)zxK8<6W&=34~|vfvOo^q4m|-K zgr4GxxqjM>f-BQks_4k*b@*qDLQ-~82vWuc*lv7=KQO$Zx2LOZI8*MY=WQBZI9HsQ zqhE-*fmBb)b0{A$6oN|^eUA~=@XX^I6qr%b1S<8uk7a zLNPHn32_HeJzGruqVGBX%i^x(@XEs5VVf@Vmh(Ei47_T*yS$W|NKK=(rF4(<9}b1+ zUdR*3GiPlvPw@}-GpHY!^bW{yRp{WlsqR%jp*j<+nO{v!)q+`_v9<}yRN2hXj2v2g zF;E3OA1yjPJ>`?Xi(2&*OBEx?pcQMIWSQoj7Ms!*o-i3Uv261j(taO@GIA8R(y5QH zleLkZ%UNp27Q1=P70>p0IJsuJzH(D{g)QxLPIaemyjzm`WHnzkv)C*+_j%TId3u9) zo?-6B%HE{Kd+FhpDgWNCPV0xyy>)7e>OZ->L;#V%RHOWfA<`%Gt42FsNzI|nf-Ttx z%ZFe6oBR+T=v#gLE|-m&_M1)3oW_-sR3h!heS(7oNQ7yAMZXXix3QR>$=8OL7huYPF?-v z{f!L^X?7H~36*4xik;T@gC~yk>F+UTwqbNd%7pJSG#wr=Sx&Zv}YtRK6|OjRj?6AD@E%-vqW=D6VENo z9nMqBJD-@Jq_b(`71f+Ymy%qX9BdFe7BZF~l2Oxwg8HEY6k*A&ye)7!`eV)A3+~}& z;rYya%!bTps3KIyR?Tj+>U-60wWp2FLc=G&7K+-q+Olg#LY{8x%RWWBwU=_p!IzrE z9h`A|_Kw@&qMoUS{6 za@qKRXth3x(+OYebX4Y5UR1suZPGK*3ORl}_ayvb<+VeNs~QyRoojPnSf;;J9NL#) zQQ9k$>>s4RAa|-dt0sK&_bi2O-mt8Wuh3~g7jzcoxwS3*usD=8=rx)t!IU{Xz43TP zPuerc|JK)>`HobU#Rqv0_9Gf1*2jIu>LySVDVKX$hb4|`WNKRX9eXEY$w|qT$uGx$ zjf-I=mzsWU|7LQsV9emvMRBr>qBv#tXWwF1#UBdY5vqM!GoCm9vEl1MH9EhI4L0ka zcgQ_&Gw5mh!LVL$n)Ge%-r8Pz+(BHz@YmsBxS+PX=afgSKYHgl;k852li|KB0Z9#s zj6jcB^Wny+?UGMLz-|ks)ws_AuD9Rxyp_h6KEB@!v}jxl_-0iO-)I!{Fw(wR+vxL| zW#06;`{3#qe+GYNS>vOTarD%OfUeIfpR`spEC>hB4^zM{S~e{DtZq4%zn$19ZH9vA zAXrZcjMswj;rc>LfiG~w?p=0Z#R|uF#4K0I^~LxU_KD--ee2c8#lCdCiP2U*c^&qc z%HFJ#T zCZfI3zWZfJLmHPQ_L{#oEED4=nZr{%9c z@Hz(V?ux5`;Xnfn!o|%MfkC=hdjl2WKqaIH${MMET>+>Dz+&8yGPuuQ<*tRPM%E=2w-uIP4mUV-2G1@XOmPBX7 z_{4h#Oh43(i<pHZ(J?7(caV!r%kYq#uHT?Ip?V2S^W!g)l5>1|^0!yI`l zzD)l&gB``|j<*iqm)S;q-`pZlIUJ#Ad>UdZ74f#=#@Ce;$BwqpFeT$?AgMqbt10?k zoI%U?1$}#~1YzBvXBJ3xVuaj}g53f{`Ma(EZ`|7z&c%?YPsaiGRV@OwRaBSnv7M1x|E;cR)Gr6`A zTdlbN4SP`Qns~-jC-o&ed zm@uJ31r=kPX~RmY>%bpbvFaTP#gBxP?>P}4&fPDgZ0>*IOJtr><{FttzI<3Q-)tJu zV$XRQeXeY~{&M+A>ksc;&Z0Xn17`R0j+vkF#@!YENJbD;enjerNEDrsrXWcmo8bV- ze{^!&ZZLcxmjh}h>+wuuf1bX&QxB|B-0uGSy|8C zUJ7eWJ!gg_I!w)H@?%+_?uZ>728Aq-GfSu)d$~6?y+=Dzs(a_vV|Jq-RfcYch(V^o&l&ZE!TUd`p$c~umt>=urFuILh7Ajw0+>5g#T0GXYSh<)@` zHOxOEjqQ0smia4dEkfxsQkA}h;rb-feD_AAuB^>$fNI2ism_yBNkK5O9Xq0#|xd$%E|E@~Ujf;~$ib}q{1{x3V zEIocLaF>;wFKC|Q6?qf;PK~xBV0zhJGk=7I+d=;%`Mb$2Z;})W{f8{N>FT78TIoB@ z$~#k3TuY@b^!}4d)XL)T1i6EJRju#%;M?uJQ8a$}{laBVGwiuY{_oslQF7x z3Y6vomv|0H67lq}-+YcAVJ>=9t|5J6F)$bIaQK=g{c64brP3z*j2z><9Nyx@^Nw5c zPOy8oFOf|y%@BqMrAN!-*%GEYX}R1q7G&||*6$M_w4k#P=PwN(O!010?$Fh}H!7D| z%W;9F%NHP0JW$MK{Uih$l6zcfO>0Z%vn4l*48hh)5%%9#t^&KWs!F zoCR;P>B@MLe0*or59;+&nb;1%Ckj$Ns^{F^USiAA|956OjO8MmXX zil++{v@@>w7+;FW+3z6rmf^7}jqTzKuibgzvm73ob?Dca7x2N4(d?zWhsE0Nbb@_{ z_fe`x8@vT!)fo;RciLVn@7=94w+wx>0j zsmC=iT4k9?j`J=#G>l^kcXHv6`}Fx#0dQ-)$qW{0etPyc%~*~r_FYDXJjwK?nD&Og z2vxsjQhrcNvg96b9C4zJ@7A~x^<3@c)TPh(4UK!yR3N)~9@7JDBBudVS3{W32nUl$ zY-z(?*>j3?iZaBpLlQSY^K*@Ht8n>2c@ zB-Y@N@kAqJzp?7bvl$-ic|7Or#7eDQsk@zb9;UPE^iM`oIPRN;Yk!^6%-=0xx^xE- z5*J;m$Jvq^GM-OAZu)1LR!W{cg;RL!_Ia2H)+rk$p{KsB!LN$V27RNu z8@ukk1HU?+Ringk_gwb(VtV407tbv2M&J@_Re}q z%K2aw&f#x{hH~Vr;NVf&KI*M^lq0Xx8=g;S`XA5EsO;EOUMuvkd*fQbl~H~DnKENf zk0IBgHN#3tR`@_pCYE_C8JaAM0tX2aKiWu{{ca z!?+Bt@B0w!+@lt1vz!iU-2uWLnxrl?8>z&M^wy0}u2lEj$RB(()^$U*{q8fh5qgtu zh2egg0HP(m1Gt1zJe0gY>{V@XF8|#tj)xoxRAH~*QR;5rpCMCq<1wjR+LWL=x4}%$ zhH+&Pf)yd?FNqFFY?+2Q-o^|At4eF_ z`ARZH>=R{e#y;`LC$i0p)7L#|jV)LqExDXe3D_t!!|J0-H;<3tK`6=u!)2`xO3}*s_cS;c5&}AlZ1}0ei+na*o^2l<0F>O z7^APK5;qq-EqmcLg7H@Shv7?v$=etYoxxsGU5B_q zkyr%>B4W+?o%kqbYE^S=Hc4q=uAZExBva}X1FOH>)e%gFT%~U8oe;P1){hB~W+YOn zWwQi>ufj!!l&UD)b4nFAw#AmR@v6Ix-|{>_5?!NL9i_OWsm@3#H5i#hoYh^cWVv!X z*q(XRQfNBZiDPV>5EZ=c@a?7JgEy4L=kyh~V;vA=NjdnA!8^}xb59hvL^-l;eKZw+ z+Nk^iLqdLw%;xSCSAvifz>>X>foL==YlK0Sk>z%UQ2$fr8={0oH0Bw2scS!iUHW&b zrOT)4hY4Mo5iXnRVS`tj4#FA={9_Y38x}a$Df`Y@e{qxr+-In;xv)qey0IW?4JF>| zXtZfv>rXR{>faAV&H^lshk~12M+DHa8`4MI?ZPE#Q;Rtk6-gJe$QsBNB4@poc>uN* zm)pr~+mcczIif07FZ8YQQZBi(vyPC}s2jCgeq4WdO)550xipx>isvZGZIi zOI0z;fT4iUn~3$4n#z3s)US+8;^aHQfx+fRI!7A9OM>_n*q4MsY-njbrWEgwz;OIn zI=r+o%ih?a;If2JQ_Y83`&Xhc%)U=-DM@&rlpQzQ(biI4v~|)OCk*Yd#&S?eF!3|C zGRUQE4lEIpKrPdYo5(ICt*)o&PUccDcr4>}EfnLD_#HM`Y1gy@;|me}YKqTaofNr4 zwzr0fUoK}kSeem2UTC_fFgMN?{k+3;SF}kVB>E!>B3o zR3w$7vZn+%lg(kJDncW)Fz{ldW9U1l3l@!Eyep(GMHJY{@zPBj_NCcgijF5^jSP8_ zp4EED3#;Yfkt1w!qI;DRIk>ngdUczkiYi zuEhp=xlgkjW|uRriIG}}v0v4?ycP@V2+Dcqrc0T~NX$gK4%Aw_`pwj`0rqh0x%Wuk zvmu=%m|xP6)&@{954|;@<;rAQw(_`|zX~Drn%;J%Q!M?WzdABYwaPd(CP!=k+9>G3 z(t@@k&qhH73k7noS>?loj10xr?8BWYn5;~Qf6^gquZXkG?6aFdhJ=p782VRX>l_QX5}C@qm%eqo#X0sOypNa5vW9YHV%L_*0u3< zrk9cE&4OA<6BO&lQtN+QiP1lzi!yLua~e63~l~K?7i_I zn?1cX%I|8U`)Zv8jbDq`;l`-n^X_8WjwbXTz4AAZLC;E(^*urNH_J1M(V-VI~^{wAP1WSh7Gz zzMb7bLjBt2f3K8Jm%yj1W2l(8_^*|+*dJqmb#Fw^7PSBF-u%97jn(gP=mK4A`6P&C z*G#$EU$-7wHNVVvv5t+Qx9%jOAE|9x6ilO=XScGl(i1Ts_3_vf#;WsfCd~2{x$Fkq zO7jM*reKp%ni2OUn9)IIX8t6Uh~+v%-}9Zlir`OCjX7x{k{rInHwb>iw|Kg&f zgk!5sD{?*cG1ojxD4V|-7dQFmEWv!yn~z`)qEzHUnb$^1UM3~S@VIC>oYyyf!lS9o zL0`(A{Om^D)9u)j{IVC&kMpi>2$sW7mc5r@)y4tY;XNM z8-El20pqFhCgF*6YiOpXxuCAE56!Tx=eIWYayP-S2Gpm=43|@iXCv%Fipp1bvSb4* zCfon5om07=X$SJxHpXw-!D0}uu1FgIzb(Sa4JkkhRK#`6uxJc`ACAPJYytANwkQ`A z)*GONbVJ#>ATa>2Fc>5(hNCn1XtdJ|h4k_e>va`qj!a$*2lyE&d0KXCp z0)pW7D?v~&NK`^ZQV_sRCXK|uY!57cW_)K`GFnJ1!Ulmw{JAG%tfl#v4NA#+xgx9` zkywBg(hlV!&AIWcjT3;fk>)fK)dFd`DkAMssy-Mb+(+BM+Q-pa(uPx3h7^GNNO{4$ zoL!x9=m0NgCl@!Emoz5=w`+ui;jT}Ift)`HaikapEy=US%g*_G0 z*`yNM+T9uHg8dU1BC05+2$B#|fQl&!fpLZ+Bq1g*FQlTR0#XqXg@BbMA-{lsyZ29E zDd6dQ|0ak3X9@lH^7&2TKi>g%<|W8eLiJ%Qya4EdAj}XS9C;{eNo0 z^*2}eo2B9=aFz=FhneC=VZQ=|%zqLeeuf7DDd67-{|}kP`S>4>`%iAY{&RM{V1EQ$ znX`C%#@SzE|5u#ZSpUhFt2@T&ES%U_1CdV1Q?GNwu?GH!ByFr=*wb+Sm*bqd>#1AG zJ7NDm`bXGtLY)Q}m=o^cg*2y^kPXrn;qHXxl=){q_-PVOsK0~!9Q_Bj6!71C{FfH> za{?Dee*)vI`&R&#A^j_i!e_?}Ux5y_Z`PCACTHFi`5v>ZcLx%lZM#)HMaWiCQ*--YDamlQ^N?;oE{6;t~M$62qn zRNa>}eUzx2DbIO3*I?W1UBXAY?r(0MSkYoLl@B+J{5k%u&ofD%>JuXIXQ=}@RoLkm zPM!a*J%4K0SRZK%G%^F@4j4f!fN+!#5&(e!_0ec70Q|GPqvm3Z27phiCVilql9`l< z0$2$I7Keb8mBF~or2+zriONI3P!%y{5vYnhSmuAGu)uY2P7g2XA~4QwIOY`5PVUYw zZU9lBE(U3XvOX=rzz`XkUx%N-V9~P-3IP0W9y~)}iV$5orP0Il1Yw=gy_1zxH0s8L z*DC7AcPHOAP+c>nxps*LymbH+sh3EP!GlIA^4l!NmZz2H1SRxqv)wfY3d1!XH}Lhv zc?QgFdt|@V^Vlz|`aUbO$GwU82;7n)9UROMwUll#sK6&$xK#9SspCon4Au*Sv?Y~< Og21FaJjyyMr2heHrkTzF literal 0 HcmV?d00001 diff --git a/docs/canonicalk8s/.sphinx/images/front-page.png b/docs/canonicalk8s/.sphinx/images/front-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c80e8430393b328d2eaf7640dbd7dc3bf3e6d3d3 GIT binary patch literal 75868 zcmeFZcTiMW*Eh?3xSM$F2IR=9E@7ea_iu@3mL>t>0RwgC3~J5nZ6TKtMo1 zq#!T-kbvOVBKTPH%g^wQ3e`C?0)n%(RvJ1;9c3jEQwO`-kIfuR%x}BfIl_4Y0x?N< z$H%5N=14jdb4x3Gar))zdU`r5GjV!teq}CYM=5iJmAt33xw@x{hN-8GsjwNnq{Ia= zcM%xC&K&ue&fU(|-bKV+oc?575%`Sznv5FGpHg{BJJDo%wH$A2y0zdYh!r~liHAin?k7Wc=F|I@|F%K!J5 z+u8k>Ww;<^+&~bgLj5mu`uhPc8Xk`3oDa=i99*4E&1Kxo?U4*8lEBGD! z{}}JzXOztCEpey*HP*=~+zf49aa*iuZv|`OIeE;26reci^yBK zARU}NPQJn`yt=s){xAHWwpJ&aPDgjL-y)AqabgmucXW0zb2T+LJ9#(^hd=A$V1YzE zb~e9j30o~rf7imo3Iysw2S#LNX>aaK$9$bpuy$OXd$8G-qc6pqqljFph-`}$n z3@h_ibZV!&g89WZX5(jv-pZ>6do%wG&LO{Us z%Jo&X;+ea@2iD)T{)_NZ$-8&ITyCU)mGyf`(R0L=UV2$B>j(p*do<04f1K6-DDakU zXy?`jXSdcnva>Rm{t_ughX%NG{&I=?eS2qlJ@&eripU^V%D)BrGzcCxE8W8ySytz!G_cH28Ot?kUOp6s=B>Vb`#|WA% z&C|f--bO_TpUnGXzx^C$*?`=>;e+lS+iQhBkH!M-w{S^>{g&$dTN!gjd;gkCAlDv~ zXLd#<@rR;cr?vSxsxFf2cOPcSmV7QZBQ0mTyyARe@$pQ})95JcF5fL-k0;#$-hKQF zi&FIos65}F>Xi}1$$`dV5IcT#l-G43Ah^wd`~Q=Bx}+Nc0Ud#Y^j!`2gas_hyKfRJ zdBj^RCI95nSE=9cI%!-fan;E8D!G^F>X83_NZ-@XaNEvFe|VG{-Pf;K+K+kY#EB@S zfAL)C&bhNsf4}#c{?``a>1{dodUxVK7d|vkuNVICkw~8R^m|RRwK~H#;Ob8rB>l@t z93!B6OOM6kKN8$wejS7he{kGoB0Y!y^oJ4?E=a<0Hdg5h{?ji!u`Kvcznk%>;Xl!R zHbdh--Fev}{nN?ECv*}23<#3=M}{Zr@Q>P@h~Xbg`G4sgic6O4>2`cKQfWE#%krwL zXQU`*97(B+`+DD%TQ#OIkMS^T&J6nu#81`^2;tl`-NrIMbg$jCf{%3|Do z^Y1C|#bUA2nHK`@YsVDi5us4DCpX<8Ft<1_iWsE-DoTFx1;IbcdLoDaLzMNbx)7C$ zqGDTTXP9g%7JKnz?pW6RYD$79VH!F*LXSWFnTQ(o=*?2|+1r@y%N@|vHr#BYbU>nv zPp(B$#$8FXiZQoC8%?lSH9?`dtW+k|q>&Pn#FM!9K`=q-3LV{r z3m1IXfUVNdOAO}ja5~Y5Kte3(1;%?p-BtC6zK4XzqmIf` zJ5tW7HS~5LoU+t)>x6N`qAUL8m%BoFwlb?%W^`ncMubd5~h?hyVF`9N=Pph><> zp0Z5pV<}1D{(kRV{gE-+&5)dbjAz`@{m185%t`Lwotmj*l9K9nDdRr3w^MP0$SyGu zi*Izlc=4i{*6$#QIcaC%eV0hKW|=pyWvAG3%{m%`=rK`N?$CFr?K9*!+4B!%_n2Cv znW=()Y|lEib`@{!`m)rtFgWDWR*GK<7xYbZ=^Yf7OQ@XvsX=&5Qu0cWmbjy7py05@ z;NYO-Zi}jl_-5}GN#A?RuJ@fH^Lg((tEQ8@?CTG=wn#qr&tOqwK5H$^;o@6giK3+G zS7%bg3v`Oml+`CvdBX8jDUw4G8UN8^T18>Zx7<<7o;QZkI%l4|ZeYi?$$qTk@Z)Yg zweY?dbAQc_ylo>o%&NqvDV)}?jidaxYg}(l1F^kJ+1^qk-s>If(_NB_B|Ya!XbyI# zlgGT4Yr77k>|x#Z7&_p!)XZ!JW%r-NowMSHDlT#c+aOPfJTHE-uc=xy8%- z{_R^jN!;Q0?ZeYy`)a#n37=2nj$cB%#J3G%#Lntx<>chZ(Rlm-)doE;(#fkHK9T+t z4u6oqy_@y#1~_`qK6|ArdqdY%eKs}q^oGhz_1(2gRF7u_o|(2uI!Fal(_aoUaOvR3 z?Y*pIes;D8h}Lhn%~(rA!`3ZpydluocXyJI%JDrvyB}{ImD~`**}#c?XMDB z`s{zMS-1bqa{Fs9BbXP_#p(Xqed`7^i3uBdvlb@_zwR0G7EW8N_bdnT1JR*0g$SGi z_j0%#uZH`LI5rU33>4TcJ_(Zk9?V&{(?EN)^3^n)+IMH1)@MVF&=n8#e`n!Qt5P3& zp19`gy`SOSDlO%MrR>reJzkfVnaz-WPR?o7=p7`DF32cVc6;tL(S(J86&iKe-8TEQ zC3k;BEK=1J7q5X=w3((maUTSC8A;QJ)0VkXzU6ocTz%eOw-%GrycANXJ9t1x#75T4 z)-Ub3W#1AKVVWB{z`%@@doN^S$|5&%rW>|MFk1+{&~qn zecztgpdr_M3XZz6wC{qF9rX*^9nA@vB%>RebQBjRY1Sw9RHyU&j*au#yVE;}a7TspomnM%?48qmb)!f|N$!T?MvW@h3m)|uhFE7s!g>_x|_OaG;v$drq z8*Gk^ZU11sOY&f)LB(@UcHFTdD=W*gD~Xaul9@TPs;Vj{$9i$7G?<*zsNUCSx?@xT z+$Ibly6{d4Y;$dWo#BX)lg^@mn9Cd!me zxnAqBYY))P3ddJDC=&Lpz;(3}X5=LwI!}~aH8lN5a+hhCUT>AydyKAgVaR&LAV=eO zu&U4qwvC2EeHxp!u&`iPj&<9Z!Hn&8qUzQYm#z4<~;gNk={ zya5g4pFVy1_>7Q*R>B)@Xb2>6X#ar5%w*VS=j9zhq%!haEFArW^$QJQ%y|`j4XKmMQE1<=n(9N zvSGdN;U0L`gZ%Q*y=lo~VTVz$pyK|{iniO;3-!lG%4|Iu%KH#~hPu7S>U`=q^Bt(2 zKi?QT+A8g#l_YN2nV^}g#m{Tu>wEP16+?3vb@g)Hei)_T zZBfzc*x>p3`Qyz(zuJSfHeQQ%oyua$u%FK3HiJ(7li|CY^OQ^Ahm4BN6ma<3o^te^ zrBQXXn8o7ZA&sR$wZ$4{^)=@(uZj={!*X-E`J$^13)Qdw4Jp#}kX>^$5#7sUb&z-%3nD(*(@MxOMgYg^zNQzsokK>c1FB?oRE`A&wWtMqy6PEj*H)x zYPUz>Uv(*p@p6z=PsZW4-!aO^$ER(XLfmr$BL_|jBexA0rj*zI9Rh>C$XVlvLCY*2 zcWJ;v!C!cP_=&LOAlfq7XDiO80Jh3@(ZJu|KakdUXS@FRkQz1Ol-gpWsG*@@;M%8& z^S`fgKGodz-7M?^KkBI9kfgqcbRGzXg^Wz?sEae)O(*Uaw1XW zKUpTSU<S)OrH#YwF$XCo3gWMus^N`4DtO-*w_~AhiHsF`RCM`yH6( z+QZ<4U?Rg>*w;B={UEaCG53kk_Vd7)Q(#x$FJrQM2q)6WDx8(~?SosVFG4{09A-3$s??nFhtQy=te?9y_9E(f^ zcpOMf9j9?HP+#@^_ny!=K?kGwWoiJ|xX_B|eoMTN$yogUy{hElM)L8&G}J=uDr(=o zTj>;C7CSyz*Qb0gFo&(){?QV#Trm+=h8^|A8PPJ>7+C!6H*8eI$u6D3eg_k@fkc%3 zWp|LfYm*%{rVud!D_glZL@+7u^&}rf#>WqrT{>CZiN7zn95j{W=&^*E_D3Hd>yxt? z6>sfDnB>NwJ|19x8qOdZl*oP~y4pZkq$dW zDAVPjCTiUncHLsf@lT~T1As)}_>D%)9TFGtFRktEO5$rS0Hkp^rEVX)TwpxbB&9=o zTr@rmm)a+nX~>|LU{&_Q?ANVo}?Y zh^FK_R#vm$8-wM-sA7|o$J`aIsoVio5mWHZM5?P;tv?fd(LAA?>~pxc$;imKySod9 zh)6)DHs^(1ZX)&0&CLaI^MK7>=e1xrs;MX` zDapuS+AMYy8mad?KHM5!MhD-%ub1*QQ#Cn=lo@AF`H7yO6*xct$GMAI`FfhVy1M(c zq53JZ^sm63kBp4il?_?|+!F;bw7)SM!S^W~*bBi?_leB`V~6n&ajz|$smX=YB<^AI zbl)#k%@@c7lSM^E@gJQ9psS*y0uJqKk!hFca!rwGGZVHLtp8{&roLw7(?$LLZz&J5 zGBTzhL0TWFbkWY!DRNsJii?YbKs_`xw70j{6mx@@mse0wkdxD48;g=0|C7`W(!E|w zVaQtSs~5`z+DGqMCc5@RQu9X7xYWAu42c+**VaN~FnLT&jDye!9~H6SQLD3yOF7_g zP?m*v4aCC>6f?T-EjSD+93h8xsNL+3G4`#r=!gq#YJVkfHf&ce{{1;ar_e+Q#M%s6 z2!d9HHEXS~z@fdjC${1(4K`c9Eh>v*>z?uuffOh z(dNN^KO+{IdBIj7kKJ~k>&>p;>njxSN}B}OHoPH*fgnunIg`@Y*B5W+)vzFWyxSGw zHXqtN(M;pDKuGJ|eXt1L_>1d+;XsM=$8+Q$EVhoZQt-#404)_Rn%P)eA00vHn$xbo z#bJjr{>{wNvUy^)s;VR50u^!jcRys=nD0I~@M`0FU*%xf60N!FS3myOa75O5LWp!X z{zo{P7E=?^7UHP=7DpIQA}y8jpuar)K5d<;rJ(xu)P{85fFNC{G_TuWChyc-Po`?m z11^Z!}MTrr3v&24GVE4D|iZt{Oon54I4n>7{eyEPfa#>OfT(iiBL+vn;> z8yXt=^e785mI4IvLVfJ@13y325kF9JnK-Zz_C9(fzN%$$VeowyD7bs@wxv;>_b#kD zx+F_bT>LOv-(KNGm1qN4Y(&Wj@0AOSb^A+++yhbCMzK}&Ti`@I7fT03Oso1mj}NzL z!T!^}Ly9!a(Q#rK?=~TutSsKLosIh>e|Kzy+Y4#Un*!<3fy_gWs*bmvZ*st0D8wS{ z?CjcjD><5hbBHQ2afY~H$mQVUb4VmO(%rpMx){l<^yXzu%)mh?F3gC_Za~&!Q0Z)* zOQBO_(#Stx5P|$Q3HIy=ZobSqq0D14O8d3%0yua|uD9p>jJhd?ZQpkQ7cx-tTK;B+ zO5)yH8z*W(dT|v%A=4oXvCy|C2)-dhJP-AbA2;nUWz@qjf(cQcU;E#!)TZ4}dldg5 zZQ}UG#^SJGcCkISDxaIwu-a`A$CH%sJo@mYKp|}uoGT!<_g0Kl#NkxJ#j*MjwgHk2 zrF}O(-W%9mpDs^%3dm(2P_xP{8rNPmyK6b6_Z1a!ekUUe;!QhuGjf5Qlu1cmq+$by z-+^TtD0*L_4vEN6sZG2VIH{hEG@}#wer1nkNn}Zg0-R;txS3dkvS+#SLOUk2og!>w zp=X>l-2z=&TB?s7tqe8tUTsXfKWCqtXtp#`sSwr6|5iDaT2#QwVVJZ2V9oD%+i!T} z187Nnq}eiTA%|FhNn(=cTsAn~j40ZJZ-fejer0le6tx>)6eC{X^vK%AM%4NRu^J?7 z$k{I$Q4q%G@ij8URouMPv`MXX>UZY_42;zWJvzMk8>>QJ)8|3) zyX%iO3)5P`s;VsJ&RrzCsp&T2)ND~O2CPs-8G907Q&8e~N}U>ar!TU_5ORUH@{T98 zt%Shv`t|FKC;$gWwVtlMJE@>dV(yMTt#SM|Kz{^fvUaLsO7Z#5C8+azVJgVj4Jt5 z+SVWB3sj0i6l690E{8V)sa|V%%%;Z-4K_fSd8r``p17JWLh#fYRwTsVNaE z{i*^$R3VDkV0@tQ`>OjF-<)jGGpN_;iZM*ei7_$d*};TF6p>f@wY0Un5`^C;inBwq zS94&ae|sCO`t94EZ4Z?WY2aPqp>m;;7VU4+S|N4#s`d<(_vOo%j4^Qc5ZjlmPjaOv z`LC2BJ2lroHLMnE#@FBOf8a6T*W4x|5wCQ4QBur&PRG{nqKIvJuM(fAsHm0x0LOhH zs?OF{NFo$fRaFo9$buOSNB9jJO^VXQc!26sCwBnsqY#BNij0hmL~$TJ8S~ZKTU+Pi zly1)siVBc&u(K=WumpL$~o zWZ)R!9#9k_-CnRFh|+5i9uL-&kG+p}r-y0T%H#m4si|QC8~`s=X0yqKTzjQ4`|@RB zU7ZALJYdfSz}K%C6YKh1zUcQB#UkcDO#-Yy^?u{H6eR5io*ZCQ*md3vzvH7?$X-|E z&VU*yMg!+5QouMfyvcs-ELpOd&-o{l;w(L zzZ^4)sDSovyOD`a`(^+$>U3%a15O1R0cE5e9~Bvxo^H2Rua~_)$do8GXptR@ zAWvYX82T!LA@=rvO_KuVpOWHod>f*bn-E|@CY6K=%wen`BOC6>U9UP}8NbEfVY*Kq zl&@E{mBB0ZN`9}K8>s$9wgEoxqq{Z5c{X3VWn(8uE?D~c80yihZ7;PYa%)>zS+SGZ zP<(S;_CQMo{IncWn> zCzqd%jRb`40LV%I(?hG1U9Woz!8_l*#usz2C$nDdJLM>AvGl7p(^b+<*Hz6n2%x~n z<2-FF!q?aL@#FDg^F$uQbvHnt#s}ZYJIrU@-Z^h?ZE1KiMcn3M*@62`NV-(0(=$kFzEGoDviu>G-CX zujGF`X9#;E;%aTFG!O#YrJ5+h?`miYl*c}#ob9|_>^korfi`9;Px=r7}RfE<2nGctgZDxmka+_Htb3JFK!i4qts75~vy^=@s zc(7UnX;`&wf&35>zXCXv(Hy6+*P+e>d{Mtg1k-MRc^$v+!A{!uNLFMTrV8}?JaeZ1Vq&P#G7!+MrS3;vFi^%D*)ZK@zb%9|8(1GO9S*5dnbY14^l`nH@>t*(puFfae1zjxp^ zB@lj_y=EC}G;k;kRTX-VV_l|e;o2jI$0ks(@Kj$6$rNGo$Nm{(~7b!V|WAgP}CdZ4u6r%IoWoD}~m#w>= z*=hkig*-Ll1&(^kREfLk+B4v_RGG;}IdebR@5tk!`Iyf(QDDO&l>nryR<%~j%F1&R zwfc#@N=RT|sU_NQiG(j@aHH>LuCeP5`-%Q`i^Z}Sa;O=q`L+qCMC$MjRcC!03S>Cv zqtCA=#PEI~|M>IJ_M7e|bfLU&vXOeyXNhkWg&75fxjw61P~(hzu085vXU#V}o}nBc ztuYATBTVvWr!xul3?4gJY;GvvMGlo2wJ%$h=gytW)+a3Qhx+B~PR4v7TC%bb)9hKwvvhMA2Ka2CRZ0AF}n=I{XxW14r@bkkBD7`Pjl*+~+Tq+M{hwjNSQk z-x4*b4<*GM3)mrCf`>opR(echuTih`{hBeKam;F@Tjo1TId572b*OCk5#ZSDKm#1Y zgo>^qmlq2oDO9Tz7MZyyC@65uU)p!TSYJ9HheNp+uzATEuw7>#CC(%WyS%;yX_NMT zOrHQh;BJV{8Bsu7ygSoOc%qnO0N<%8=Gq*@1+}VpHX{(nk8Ax_@9oWC^?8)`I=w8z zL?5jW$e=we4aauO(HS{=!Vh~VRi>qQ&G+Lg4}H=?camnkBN-Dc{Ln%6|(fKix#SJRasdqmw#QW--E=z zZ@_OceF(N)1-L>168F8?OlFSDhbs*vpp94ol8VVJ;Q9ggBxuyk<>UgjCSv^pvJCp{ zhZ-8aYR}5=zca>rQh~N(Wu@}$V|Ta4L~`c-feha(DqWuw9Oajd>*GXc(Is}x0lYkd z&dOT$dtsz{5{6Bk`@ohB3^cixK`=``_`y6sP^g-ND+-b_m7tHybW5!@dmJDnJo)L2 zh}ReU5+GS{H6~oLbi80GNeS4UQkD`3PpiztXbo@h_?Hd$FSsTFN6yE3k4D%TR~j8u zo6y$KxJg}8)uSTndRI)>&@fSB7RnZuswb7c57A0Y_fa{(NAE6@|M{KLxb(V;Vwd>% zi&4SD{FORkag{wQp-j0R)l{E7|9kmD`&@co{np7{!+-<=4$(!SF(Dyg>~IMM%p~}E z^_Z-sI_xku!XFTf{d<#qf2_p_}M~b{l1{SHb65}|nG?Q=|@g(3H6gg|5`654YLM{~p zm9)%$at^&n4Pgk2ygWQZ!q{kbn(#45OBEU!!i2sL)E~K4n2T}*-b(>Uc|1D0-EIuWPj0yf~gP4Oda5_Qxsm(0x~lkQ;<7h0lygcOWK%JiRJmmEsJQeLbT=k0AK)wR z(WZF?pdzdTG^xM}%H0a`KSSL>(xyM}#9^%Ax=?1iQ#!^di30(}uLc_*m_UVH>B2e7 zjyQhk${=1Ut@ha(w9IBRzIfq6LH*GlsftjFcA*gm6|=aw&%)OtfYAz@+D0CX+0HX5 zfw;`s&V5+l9{6k`A|hqBKq_bX;Vo5sap{^F+V+x3qj99+VS{VW5_TcVN=nvmQ}b}I zN|&?5`$bi`v8}!XwK?1j_kDhGmF=M<1;2GKK$?9h&EXb^L6k72PEJj!#PL}{(}=3X z?hhPVgM{U$Gv^mddQ=o*fSp`%@Y~ma=mZ38JoJ_Ta}=GFG+Jgk_z6tT7z#f?wP)82 z7VTw@I?bq4gx(w zb_!4P9Vexwrze72#+CMsfu3ERXlC{i0hp2&RSMV-$N2y$9xgofhIm%8Z>}$Q3~20( zC`cl4c3LWaq6>95hN?}Ok#F4d=AKg8SV|=BKU?SB77@EL>i#HMz+FSAT5iIqdOqXu z#{95c06N|;bU=K!+Ff_;dW2zNRn;Egton&C(WWr!_zg8kF}u3zzrSGfg$jn>?qm$q zhFMryp%j*vmG!*Q1n7H!D{??ELy`-XM8e;$J=snm5t8|Oz?Hz6-ezUhEi#b-)XzuJaTE@egMbQ-0_ffJ)2{&QRgL4DEvR0a8z?mH z@#LcrhsG&lv6T-%RsaiZ(FgTm7~|G0Ywvb2aVBcIp{$CEo#M9JibT54Zjc4z`jOy4 z%ium@Hq^ju3xE<;yj}UDjkBJeld}-qHzy}28(SOX(E#n++9-t_p+)43Ap2ed*W*t% zg|+?2KY);-COgl?1j=*O6Y zHBn9#zo~Fxxx^?5Pw%w1T(d76wN#dzVsPy}EUyqceD!-lV?SuTS~7m_m0jg$8#tUG zNgQ-zgOUTT;iCdd0Cj-q)2Sgy)Z2jW)GP^z4Yvw67P#&HXGSW7j;>T@Hy*Mm zd<*!u_=eF++n_n}8vUc-;QO3AD!cj9{eC-IEUTq1vhTOVnG$w2D;^#W7!TBLdh<#( zwrLmc4w8J2GEe+!&!!3WSD+mMC#!r(LNAs>k=qs--{XIg+{p3cIR(OCU()tOQPlUp zf}jV?)un|yC2Fp&n-KE0hR2QsULm%0#w_gSD*AC9JVQ2xcI)r#9;m5t zJAMBP9A>C5G`eXO8eyaGRAqN9_@C^{LDCI-;Az;am;UUtTsGP|W{Mi~z1w$2uwZ{* z+|@xmS;FEVpsm%fknK~e8uB~TIvjsTrZ zXkjZLtHSB|7e!7x1Y#y_w2Ti*`sMY9i@3HkNEA!Pw?MBU1>(aNlx0J4oEo~Hp!kc} z_e+8nk9g0n_?&_QiP^LWBhT6N-f(CGIPBOhJxT0;FGk(g_jhlMb8pO$s?d>wZk{~f z?Y=x8-{SJ%U$nM7%745XX!zA47j{S~Uce53Cn(9-UqPfeHwi8_ExmNc z*c>S63E{U6b-Poh;o@ab=Ia=J`0ybQC>Tyrp>8+`fs&Az>MJBm@@bWlAqWHl*RhqC z$Iiy4U+Fvv$-s1H;y&0`Z*MQ314mr*MUP>IFPmZvR5mpc>;2GKZvkl zP=AM*Yyz|4WM>~iAjyLpfeI$SZLrg;u6j5@dyE)<(SifERx1WtTK!X3tJ2fc6}mZyFPn!> zM$XC~ua|w6y+Z4^p(@A(Tp$%O1k!nqO6n6I^5K_q%Xn$M@4&7TZ#Bi26FGe4bx<6N zzg5Xh(4);l@gd9IS`3YL)U_*eJDK2&fvIJT^b)X0< zB_$}0`> zdix=v4A9bn0vrOA+5&KoYHDi0Vw?V~2V4WVYmj;tJhEYaAZg4?h{`^JTU68w5F*s~ zK&^2id^dSb1UUoEAl;`8-!0PRZidl88PJmh95{%=?xMtLdtkCs$wg@KE;9&aTdAtX zw+TPV*LRWo72jw_V7vJL%WEu(^GoNy&T-`Zn(6ul-R zB|LqR!QziCO1ve$dvdFM#@~w6!uR(ZT(N(@>2^z=Qt}@W8E8n&j_ZfPb*sKky3t=|Ax5A9w|7@DIEq_y=D79}KS+Hu?l# zE*I7x4VBp$4w&ms$-!daaEBK_=JY>j2909jb?a4V7w^@x$QKl-$ zqvFViHjDFF+GIyJZf1IL?92O^x@A~q$4Yhpo`wA2 zmja_F|72*?EVVyW=|Z*$W%WgweMRI0{LmFwl{a`dN?n>SRIQ6t9lj+A>9qM#7b|1; zH-jUo2+J>Go{85jNw&@3EOn{&c!aF0Gd?i)yNn-VCx8!AP1%sh5KNOa7Y(Wyz&Z37!>2xMV&)U~6Lg4}{I)&*4UiXDFW}=NC{D+T5ANT&r($!E`c`}&~ zcCa6)nYRpogtZS|e88HXJW^&iw%tFp>n)L}k{+pNGiF&r^17^lN-$x}Ew9Js!^XE( ztWM#9;`{RXTElh01yQO18(*q|<3`tpu|IuPaL;{02$RCbdpIAl?7kG(7pa1cny*_f z?Qh_3o2SD*POv|#X6i;j6~ag;5phg&GF6g$q&^1wxe}CBN~!4%8QmWVyYbTELZHJD zAzoYN&I7KC7w5K$Fj8wJVQl!5-giiS9*95hG!6@uA(28GJE8F3uh_v|HtY%2HB4V5 z1Vr4fiQDps7;Q45@VqlYxB{ta6nej|a9+=dL!E3_+{N_kNz(M70~cjZ_deDN zO=4EkHCY-!<95|>pj7pbtt&&c`&;O?`CHX(8V~D#sN%0AAdw;Up^H(R3M=qHq#wR@ zU>~9l><1s=!-^FSHmd7$mJ#rFc=ZYeo-Me;+C&$!t#^{56H#r=m*p8LO*90lWGKP2vnu$Y`o&^ z$utP=&?s-jd$_zB-aX)gmtabhR5H1lJ%u-RN3YGi;XAdFWku2s?f~f+bF2K)e(U_U z`LfjYp~{IpS|-&~fj?PRAw9I1itVh_qOlOyw~4vZ>hfSw+_L$gXO9BQC)XeH0a|S@RQ}V zBr)WED*=a|si)fKtsXZc=u-J@QRw(%3`1C_!xwVQ;(97AXVa;6kHs+U9oEFi#IX9) z6wEf8S|EqZB)Ilg*DC)w<&=No!#G&o?DF`_W#Pu&)aFD*3}_GQByw+6@B^WG8h%wP zJ8)ITbjv6!$z5cfZHRlAr-)GnyCV2>$>gp!8>L0wRMS8;DKxxww_l|PITIWP3OGS( zcwGOJ_=d~b&NiF9325wrA3@u1LL0K08$Cd6^zJI()}HiP_Wky)EdMYLwQlz-%6T&U zeezx00N*Yl&|L`cmsq{w?b`mK`h`W8ByPha@ke{3`?&K21Rol{NGA`~L@reo43}+2 zq(^RQO0G8?SY5`yg7l<0El8rY?W=H;tQVQ#QEmB*7u)3DmMg}typbI$j9E1&L7QH} zs>w=zM#s#aS{+Rw)82wC8P=Hk_M3)juj!6cqJHHapV|>;aNVHvbgc}hG0Stj?&0K< zDbWAfFykr4)v(-do;>oQHE7tw)_Bh2_R|s)E?h~JUgDo-7x@E0dwDSmX|QWVSo-&` zxPc>@d?UQ=gbj{m zQ1~B=Adtk3UTNN`p0r;Vp4snu2$kG2yWGOPUBUNRYNzD|noy>_-l-Mg%j3&r*1DxV+qvQHiU_oc{5*9ys+Js;%3z64cBX{Jlx%MqwR*H z!HPoDk^7@)hF20T7plq+&lu5074A;o?l7k;R8x^Q7cX@?fZ%(PF+QgdF^J7a^o*hRVAIA-WVO!i|;DwZ)!pt zqipaeR?aI&(uyuz_56$$e_n<&|B^dPlg`!2$ZGrrTo~!f)&!aTkM0HorG=@(f~1Rt z>5)e{ZAsSAc*S_ql@_$dHg#o)a=NMj7q2Z!`aMMwt@9@aCtbTRoVBNqN_xfA${9B; z-5hH-ya)IoYo@~1OzmH0OQ9TTL#_3Zx~au(SkFe>uaguVeB*SB>cW^>J2ujhF#|U+ zmW8ij{Q{SuB=;EiIln7FBci0_SwUtDG2F*_{?Hj@V zhVkqvY@cdKTQLG{U~2U9_OmQu$v$T3=B$|mXUgEy2gJey7FuEV2ag;k{^-}Ey~dFq zvc7(_B?8vsyaM{EAU{@l7m`l?8PucMc`{0)u#xXy9j4;bTPm>KTNhUF zA1he9?uiv!pb^pPp`M=!+f`$m!EcNsTO5lZ?+c4#XDWm9nB74qu`+Uwh^|VPZ+;8d z;pic;vL|Y~-DJ&Pvg41y<`+ zpjx`{xOL$TQ!6&_`=Istjqj_C=Uh{Rj^LG(qrE+A5RAT!)641U2eaSEcS$D|?7ag$+tKS{<^9BgQo^AxjN-`-7kxa{ zDWA};2%h-yg=b8yvNE#^%bC-AuS2SiJSQ%{)&l{c9 zmk)RZRGIgs3fw<-_pB?-)w*E}58Iw)u z-C6g=?TEKbrvQy5jwL>-AyN2O3Mur2aAjBl_bL1@z(@~fX)cJ33GziZiBl05-LbE% zlPxg8>*NZQpagDd*L4VEM!kqbq94vFBvtCMYhS=?%v%In_4oC#dU53s)iWm7Int@Z zn>9%dqc8`aQ&0bfZ4wbotzOSvouqyX*&0m^YAT)fLB?fJar}+@B%)!)<`{!$b1H&R zRj*|aO`H6F3fit^>C-atj!qm4WvQN$(9pEIrneYPI5!tqh7E`IEt)QTiuEnR3T@lF zEAcj07*nz0F4puC;Z4ytUDkj0)EoW5RCN_)FycxpyfQ>?W*}GoTM%f55F)?vLRC=< z!aF2XzP{d)X0fU8AlmPVgSV}3(>EvI{rye3!W+K&I0O48g+Pmz?3 zu1usN4*Uh3Us@r+tX%sm@k*Gz$7bCj=Uu;(pZ)tV-7W3mK)#Ro{0jv*R^j?u{Lcdt zfV!A#H&Mi?rxd-l&wHz1z@Ce6$NS|+g?wsT3?`P#;*xgxGW4N0FixCb*i&<*b3*V| zv=GA7S`ebk$0Ti&-^16KfVh5PCMSgKZ;vdR9<(;vR8mQC7?RzsBUfH3kocFTN4Hm3 zyv?Z%@23V83ku&7nd&MmEPQhvJgd)!H!J>KBmy^CQuDy3A`I2xLM={@8-#A^1t_SW zLdr)md}?ki=kGKtPI(whv)+S&Pxx$%Ao&jI zWNp5)MW?65vO(eqPHYL$U-C;;>ODIfPI`F>zFEPdtwK^g#*5i2pW7>imGw9A?4b$q zV}CefgI81SNN^bttsem}DR3|#)Xm2Z8dMn?f37?KM&YdgO^zbO5 zKG-lasKNto_p8dta(e}yWuqjmIu8+3i#B$>`@*0{!W6+XG{k}ZdMc4q%}y_ogpKz5 zOV_R#Z+28ocJ(Qbm)d*#xVIF}MblE^tgD7WIa1Z>sL9EmJuVqSa;|>EQ?5nzoGQlhJ<>^av&N8LG3$%>Cf2f2+6qAdc8N|Q+r>B*+8bXiezXgHR&8#I z4W2CcjxeCSI30INVz_g{1&`a4$D}(}|J)JkT6h0c%wFVOV1+k8{PT-Vk~n?6oF0`V zWXQC=l!-Bqov!T1{a8^+f6_)b{z*HcFwnSnPq%a2*$!7^p`8%yQS@W^lG48`7d01Q zp)d8HhE>04(wrU+F1TzZY>wFxQdXy$7MDC6Tp=v0Ik&Le%X6~ym0#j!N5o;&eflISw~~s9B(_MT9O^^?akE!brRU{Sfq0DC-?YxN%Mp&WnIgx zxTo7DFkSFtM_uEHp_q18ND>&`8v0wHXO*uU=?Gw~;-)-0+cJ$O4Xj3Qm9ujMyufc* zk_@T8WLZK;bJ0_TO@8F%;o#17u_aSIU&Bv==GAOV46*f|b~Lw4oXvDoJL3BHEa6jy$izsGGdE=kt9VR(nBh|f zd*J2*r7u!rNWo8E6*mX{=*gkC(-m<`tL`CIkT64R4G9c8lbUf#2_(T9C8L#*rD_PH z_-WWmCl&X`34Czc0qN9R9=Am)#gFlI?x1DJ#A(7OH55$wv3=qOYhc!)_{@(E*F6A~kcG4;7`07!D@%5dv zf=9Am+_>=bB&J(>T&)Qi*T>r^k?N$U5*B8fI?Cm-}3VgJh5srowiQ2K91F`}LX!ySan)%rBkX{*BWLy~2{4aNPwx zK~Y)cZO?~s9`fT;>9pVb(fr%VCGRBTSj6tDcoab7@JX5$yYUAiPUXd<3*MrZ?vnb; zT~|lE_L=|L6%GGY`D5EHT zB<5KtofzdfJ9!36^j-Sv?1r?%)w;W!RrVDm5;xiF%V&y9W zH!Q{1>7IcZToP4e-TdKQWI%fAmdRoBJzohlGdi}h28T_g6g^)Wcf7{g9?|wv120$k zIF_1Gp_%K8?-PEuq@fLOMxf1SGGb*it#V2!uHsEWC^P6&aAIIPw|_zBbycHi!0i^8 znj82DDval`@@nqO;Z3f{=J;gh z)7=8;73r*$9f(kP)y3Ht1dDbCbgm~bZ;#sK2R5Yi@3lAMNtky|u*$F2-7c<+)*I^w zKSsTT7r7{~8m9>HWP-v36v<5=g_z@PeuPnmg-v&@k9dWX!aMfKsMMtnT4G z@K;*g14j5t65=4_SBRC9Q)kK>$IPXC`nwlkRUWTGNz$bL)Gyixy}Fp<3Lf z%E~^S#~5xNeH+s{QtPk#hlH3#UgPh2a)^HJWMFYK2+-Q*XYQJ+R?Mrc86F z%sIT-o-86obC&8o!n-PtG}Kh|6vtMl1${~~$F{Rm+%4%BN&IWlDK7x;Lja(D8f9<0 zY~`|$I63euW@7bP%s|9yyNSl>sxHB*CTq+Kc%~~d?0a!psCkr3$KT_o1br$n`%G2- zi+J);!gS^Ks9rE#m7W~_hqxc9@?iu`Jsld!e^{Da!mhqH*VVJhbwz6Xm+Bahf4j^X zgxgrqwVD0O39d1T(T2@)*9{M>6C?{KUr#_dczy*o-@LB2be13Hjif zF_EA|8KrUhveyZ@^Nux+#T)IUj2+#d8|v4q;iYjZF`ytZTvWj)Rqu3h=MCt}Ba7J; z&HgWlMjiVIm5`Oqc~>a=B$Qnz zhY|-zM#S&+x{uHI*FQa+bD!6`*7JH^*L~lVUW4kwieBNIf+L$b7bgg>I&8{a{hb06 z`i7z}zquS6O@^ptfP< z4u}`I45>|W5Scbn6Rl>e+aaEZwQ&c@BF@Tv`ey?3aK|R#vZ*htx%Acj*oK`f&)#Zw zoyf_hF*8uSM32rl_9ngTm7fYSyeSh6*(D{IqCCFp^1hdwq6ZN4?tvs~2AhtbRyj*g zrnDHZCEDw-ae0OCCc6W#xPabC8B!{@u@aDvbzPv;ef;JVElylw+{$Mvv(GlLThsFP z-uY^rx!`9jKMM-SU~IfLX_G2`?F0cK{bj!LZbvE0or@>!D}e;6Gbg_&bjAL>s>kRV z2?g8?aUx;gY;tzS%$UgbF-5PH)eo^^P&qX0(@@m32Kao%qRnb&~m4|rGJ2V1n&e$9eDKrm%G*7 z5#DPf8`UN4nNgfK7@F{ydZdriQLpQF?(^OnxM38T0d`?taJ`!$u9U&arN=%E!sCH^ z+M*|^7@I#o@{x;BSutB9X<^`=4cBDKRb~024#Umdd+a3IbWFL@d#jQ&MTL8by?0X| z0BX8f(6EQ}RgKZ^LCQ@W2^Dq9n81*#iC+5?n3}Fa0BcLqEwdrc+c;4e?nuIr_J#v! z-excPY#2Nmv~firwzm81d&-C0r@CDS9IVj$^IY8uRT=*=x4#`QcOP$Rt$#>v^eUlw zDzb(*-!0&%37IWu3#DVv823bOtd3S)k0a2$a-LeftJ?8%g{ru58?`vGs=1~zp?H9{ z*7avE1Y2ZKH4&OgB{LL?LoyfQyZpxsg9RnChOYOO>oAwH?(>JTuJ8u=*S_KSIFHqTwERc|@byI4w;^--s|o-R3ap!4alYlBuxU(}JjQFx5&Y=flL^1f`XyY3 zUnK(6-vvLOpAsbLF_Ai6ofNaR%MW{W=&FwVcTAz|E)7R3wBfJd$JiJq`+%o|#W8Li zv_0H05_+TacMjk;j@6i+ml|Puu`y0~CW=Eitd&3izc_*}qg^^yIGnkJs)yiIx>nLA zas26kVL0U49+PY@&uMFtvBIp=<3YSEH7zjJnsL8vKN6-wQMPukF2N`WvHWwkpv--J zdJ2I$_yhSdGd+gKx`+7&8JSIeXTNC=&$X@IE*@Mlo}X)H)QKDZJ~IIB%j#l;De(U~ z&y%Oictaigsc^1lZvjeZvf1J%pS{Fp9GK-No_Z~z_--IH!SH)epOtf`ij2Bl+^bQR zM@&&=YP0Wn<3!B6s!*ADD2IeyK?0~8kAOSIuD0f}gTWp|8&2f{b?JNmt7^P_ua`I} z)%{yDa65xXtUhmsXkdGThaP7=)e5EepvTKGkiTrXVijSW-QV|_3E|X$DS23!ME6-u z;OuOdm&(Yg=<6Hc)^9swsAR`1QH2Q`b9_l2I#!-m7|oZW&rUFGKBAP@Qzx|9p8#yV z<6|2Do31mz%jKWNn)09B2L?EEvh$!BC-;Uf>#d05^tXKK2P&zhCo8r#Zz2 z;6>l?VPC7W@cb0rOR5JKg>6ff4_Sp6swsp;jvRBWBt>26`GqBwrHByr}6 zt`w~|Y*u+$4`s9Ps4>gCx^i&iZxy{Bx?TwXuUSXT=7kO2un`U#x?WzfSXR4ZEZes` z^7ax;E6JT;f7VuovC8qGiz8Hp1HJ;o?joUl$PIg_KyW9_NbeT~ivn755BZ|x1M3S{ zV#oiN%Up8-o>PM0mzjehnJQ85I9a+CjwhP5@ad^e*C!Ni;vpVje1_HDHp!j6&Hyb+ zmZVN3EWLioEP0aG!SuDQvpl8Y@y3AhlumimXCO+wj42EVP)C%Dxjjv zHG~dampA1Dsg)^(-$}xI>vEqz;p(rmErbz*%0g-@eNV=?dlK`k+`TlJ=J`7TTvmb| z?XEkMK)q&jF^EG%ho31YxXVC{(KAbp7GB@7Ps~{d++00EA4cN!OUTJ&!eP8K(nbe1+)1&cAPh0AjUgfVy|DEKv=?Xepzt}=J zFlbOm4*fbms#B@{rgtL-3KtL3nyo=$jlOO4ZzD4+-eX>CQ-M^j8@-~9ir?1Kr2V2s zLIFbJoSM|*><9rIuc;B$bBSL?fbL_NY&A7~fpd)VW{nuR)DqYx@GB3Vw$M5D9m}J8 zYp`j#GJs6$I+u;rD(VKN?ya{8s<}StY-ueO2Z13Icv>p4MscT=q(s*#CSgE!b|s-2 zUxg{#J&7F$^$(S78=eEh^9D(XC}#mLgWr&)Byk^>$kpL2tXLe0ipps*nbaOK*0+7gXF_SZxgJ40d71i(X2C$^fgpS%08WQm*d`EO$1?FYXc*f z64%=mlG)8S&n(0Rxb7Qu? zl5r92VyJlW5}U0Hy#!_QN}2lQaStrZkkxj)-N`b9ULXt(aw2?TjoEmD?+53xKI*nI z1d{TU9?5J=ZBUr;{C$QwuSYWY?J!`$Ih&x{KZa?h%ugMwp)%i@g0jwvc`Nd0CgKQj zvQ)gHZ~0eYDJI#}`aa@)$$1!3UFE8CenRV=ptVoaV^e``7LLTck=422R~3L29)DKB z$roEh#5hwJtOnj2+FKTh64&wP zm1W4eL8c6E-K2uy*XNYTeg7O|le#Sju>O7BjDH3a_DuHXLQc%qA-4*RnW}n_b^G4W zd8pDdTWw`*!OXt#ppLM`>#$>1{gRDleIRJTd=ajDqqu> zl2o|~q_L}L2Sp)T*B^wLj;Q2IMw^OTfFYqGugMPa^kh<5Frv9jf>V=rwb^sb2o?;& z$Jl{azBI8gS_OD%V+Omi|M=WyVga`w*l=^Q$({OAIyM=QQZP69+-)_rqKd2yl>h?Z zkeDy+%UR$Bn)lQ%?FM^r0x0Zzd2|kTIyQr;Enx=%>oZfOl@~UTk&nm^JATEkbmwow zhJB;$Q6N89`N^$wJP`<9;dw>GhKr>o*Yb8LoOI;6{ZeJ)v(P!1cn5OOI(`%75;&pG0yx1Pkq1CPqBucsgj6b@Qnb=4cT{w^jZ0Rm${AE z|0rH^=6|q^JPPitoS_f&HCDgFKxmc>w68u7yp4;lFnnQyW__{My2!B;nv1uM?!`V^2+ zC}S>vTKivCFbk?d_!i!6F8uFL_MrcafVLfmjfu4EBJexB%z`q$7Km;}s$gQ-)lOMZ zpS|NsNQQ0_lNneBB_r~`UMuR6paY;P-AtKFE~+UbVuJYVOF2w|RGvg6 z4L(dZV-?spsi6M%mI(4asu)y0Jgi>jr1q9oBpd$hvyuUYq++bm4CoHb5>P#CRYT?%6nhCQb9@RuBo1*GrDc^*OiC5ezLYqa0Z(}wtCpU zX~$()q};L5lrQes3Vi!!x{R!@M%rz0#Bm2ePgmq=Iw1EetYFbZmtpol$w+w2^rj*} z)^eV*P)+7z5N0S3vh# zbY-reiXp8oJaRo#I8OL|&2Dx^-Mcc(*zS*ZM&wMzE}oJyz=#WQ^~074i^^8QIjNEB zS9)vJw&5=XQKx@zEcF~Mhe6pafxukGez1+u2amJZlqYcT9TwK^IFlO`8~dQNy&X3x(s^o( zIp%)BdQr-z?$h-x%_P7NPwTe5NHyt6+_B)W9LJuq_?j7iC}7*xp6Z;m<8k7=LKC>o zt-Ovo1s7{-9)F2mh)G};E(L)CE^n*+U9~cwRh9Ps2gZ(DIfiETVLY(qDTRf!$c#e} zt>IOpPx|FxihP}I%nf1^uv&$(Z@4b$bADgQJHJU0?7~_%TAlsTYUJA#3otKs*)X z$fuRz3LckO9OB`)y`xaOt5_m`KW~1oRf_$%QVnXTZKZ8K0T+YF9rOl;hODRhrxrS> z{3ii^^LI}*o&Hv$%ORk%=|~Ol(dqgNJ)bW$3lCVuUI~eqn24QQ?=ai8%wJh|?N>US z69(b12k!JYEy6hrl@!Ar3*QSj6TA^nSDCf+ouI6hr|F$@v?}i-<|i3yE`0y8385ei z(rixhZVB)=6lK$CJHw}BZ1!7%I3MAw|H(xi(FN49AJ9#g>Nf{x6cmY?=w`i~IJKqg z%wrn{-NBW-MK#TxVdS1yoQ<}uaguFkyZq3gi!$R%gn&%=uj6o^D10MuyI~LL8>>xK z@vthV$gIkp_;ifP(anM;B7E1U&<)SdIKU!l4l8Vg3D|C%fj>so?ErC}D&FQR9UET) z%7@SML0~#bRjP?%CS<{&Mno3j-KFtP%x`goK@BeGvx>Xle2Ga!y$**P;2Ct0j0hFf z_Y*_+Q>H#eMk^X#R*>zDkdn$T@;DzpQ>E4|N8a{rD@UF%+lQI17 zjhk(C2`>@<2DuZIdZID<5=QWSGDtYfLEg%v)8=Y|p3rn+VhB+D-7$8rSr=<4O40O_ z9j@~kx=_y2Hl1vCOoFo$vG=iuXi7q|?A9?ULI7~#QHwmgdWu`m$owxXTqI8B*XC+Z z=8<*Vvey2Fl!~{hbb+j^qK})Kb;5GN=>oDEd_BNg%h~*UBrMi%>)P=dqZfHP9(OQ# zYvxk>L%Ya|Ah~&$qjMCI6=w#<7Sd`AuA@LW@1;2MDYXMXmN9Lrs!#FNx$O1 znl;$#)7bBRe=afv0W(nLlQB`{mINv&=el;C_j@=}$9Zj^7cME{eLFTEL8hdjZU9e6T_ z;OQ%^9hRS9f)fX%W;u-29QGYg52|JQ&RH37QV|T^(5>U0eRHEvOt>xwpq9UoRP&Yx=hKr48{%DD@lw-IVuR z@{+e^INI!%w|n0luALKS2S}DbX9J|unO@7=l|hFIC*mM=c#{ z+;54ND!QdSBdFBHc$txW$syAeA5=bYWkrhqOL9qOB-`mDIBEPa=!EsV(OB?2Uq^tr zJhVE)i<(ut@^wS$6P1M(&1yO4nGoj)aHbx*+bIljtEelywf7fCT8#DlLMdOYKPxcX zOOFG`RrnzphkY+oxt}m=X%KUk*BH$X>fuY0Ob7S?Xp7wSih*hQ)1x#pMw|o~v!j$W zNm&U5`H%qvbj{C~ZFmh`d_P>}RHT@rryhZf8xZ!yR|o+X;fl4WEFBV@~w_qiXDW@Z&Fbfb4T6 zf)1`m@ScbHsr8%!Mq93Q&)l85E0=c2jW=`U^4YiB&wH~J7l4t;pnnqes_@NX*vDz@#M0N>j&E=^bXcnCC&uT;||)U|C|nmi-1h}*4Nt7XLvQyhv*e}VoGM_MY#v} z5Yq>)=@d%&bEvvt0^o?PY%Kv^lZpH{L5@!1f6y`2)3^a*M!1-+uXNj>Mi#Cbo; zq)xgW^8e$y7DZ%AA{ca7p_Dlw=`q)1HC0tI8T{ZQ!-3gsHdY8$``b*8GX8A;vB09z z=S&_1b|Iox6WvDuk?kSHyYH7X=Vq?^8d+7Mu1r3#bC*}>=p}XSjYd$<@mRZTxAc%a)w~-3sM|FIo@E`7Q z&$(^ap2-Xmo8K~y5L1>$%AUZ!erihaQ0n&HJ?M(QPI(@}SpYl1Ow^m>R1KhlqSkN0FRZ6o zctc=4WRX-|GU=v*PLK*@rYLe+ppCly+J9aiikuNLe7uG~0qHefUV!;vdrtqMsnB{f zQ_FHVmwfi{cQ5gto_h-w^J(0RJYp(<{<=X1qDr zZ#7{k-2H)2K!)fxm!i9&5n4rAd@1k!LA_gLBIW>6Il%*6_G*%#=i7%i3fdX6eh=3@ z_%GtoMA`vTZCe3vYUCPj&-BkTdqG>?`XJLM0akgo zAcCGMY!xAJps<40QguVtY7+;lz^BVJ26+l~SECZ!MFhvE!5_L6pJ1F^$P;i_A#T}n`Lg=^x(4A?~ zLr4n9TqYx01PWS=UzX{w z!O3o!sXJ605FRAT)g+P9&{RV7>Wpa)#-#OxCJfSoG4TZEA@D;3R*+eE)a^Tp%ac&= z5vW>CS@P@4ucyn@kB`i(+J0G13EEYPg)t>_QURu@?h;)#$>X43zXH5Zu?vPO^HUw6 zR|S6j%iQ3$v1#NQyAa;l*x?nn*A8~O!4C8>G5Vecws$WMRQw%?U=)=6N_3R$aNw;* zPZ)I3eTGW?ldiR3dwu=z2=}$@19qrl&diT^_f0qd=kJUC>*rB0!Npv)Du5KSUTMES z*Ds2sf(qjzr+`KGzaDy3=0QZWM#28=^g8|;!Ixna0t#^7k9hZKyS4wSu6F<1jfi9j z+~_OwhGlzj5GW|G1egvD-B<{d`t& z?~eZ6-foyR!k8@cN)V;Oj!k)Lg{&99LmQV60GLFwD5n^Rk$Tf6b={D}jw}H*D)^-< zkrbl07t}p6;|Ma$JO$xQXD_oUJFW~xXH_S972UOV2avxmjNi3`k9QSu2g?#br86Y> zTxJdf26X&0xQ$eifB*QUg90C!Fbh^|>e?kl+oB%Ua_lHi`^WNQ7Kk~@YU-+9OWdZ( ztU=C!S3d7m+VLCmpsZrAuge&y6T5_Ik890D)KDGJmSnRgZcHaW*{~-wHxZX%?arpt z*eG9!0N*i?#;8qSd+o97!p*~@X6G!W8%2rrOTce}&LdCDWO#p3U&wS3Dxx_O0eFDN z{L9i6nfmi2-E&wqXnIWa_593e4c=(-n-v%}=pFcEODp;#V3F!z9-V#duQ+IxWg3D-gjqUCmaN98~k-|h~prvNZ znAgnU@#EKu9VUDaWv+vFAXW6a`YbWg+3XBZoG&CSDM&mWkS^5cnCM=Ai=dMa5nF(T zB0Qn>diNT)CR!hWlj-Fk?~|+?c-H!{n(=!|@1>gDMD9JHqq?FGltDe~ z>Ygyc8EjTS&2suWqvIGk6rGm+Zs!nbgC^0fWW8~Z$(8Yy5@1VRY@e*$i(V;9=DI&e z8pz;buBm^$78!N{XFu1&CnQyrUOR9Dy~qj9wKE~WKj%?=Wz8ZVo5*rFVt0Y(*@yG_ zQjF^8p`+Gz`E!ddZUs&Ms>ee^mc0A!tsNPz(wHJ#xZc*aVBU=DHVrHEJ%p}g11koc zlM-my&#njr6{0(HCiAqF{J2qr(cNPtK6`$<`Qq+XHMy}0uNA`L6e!WH;b949DLlb> zS5A?<+Fb#ao{8Avt3@e%DGMWpqJXQ*4(hX#TE7u5`gt%GMRs55KLQeEP%uN)m7L3X zs-^8E3R*yV{jJ@lO_bvA#ZPe2wYHKsN`iu{?~AqZYTUGPY}{DQkW}ERj!Q~EqARNP zs2yjj&31UDhc*=rAXJv^SyNP1-Q_*Jy(F9gF+q3W-*AGw)FIn;1LPzIj8hYzQFGp?dD*WoMZ z-ko{o`^i6NRhj27v*oAoQOs6v>w`d7bPP6}EWV3dYpg z%8%U@`Ed&P@$;tmn?vEeWZLP%Xx-Saq(f+e1o7D=3flGs;wrnvzFMZ&Vd`VxWE-|KEo=LO?w(5Twb}&(t zIt*_q5u!QeNHf-YKM}%qjw0oIjg#PE!sNzgtkI4fiu;mf#bn(Bbk~*KY`7H-bL7iB z*T0O33kKS?`Zqn;e2U83CC(wWG`ztFaLz8h@hNr1=r^EExxcKhilV3BT~NCmvmJ5z z8meFfpXaUmA_6TXtD#lh*SY6QbREknl2bX>3})vkI4>V}zBV53M=QoXXk)Ycy6?`g zfEzb{>Z!$H+zM7bI(}q}!sU>wZ;;kJ47WTGjPcpS%Kwrz?2h4+yq~M9%HugNlDq_C z0~22RjSp%v;oWC#;Z|X--OueiT3kEY^d#SWUU;C#O%SYJVab;`iHs)&M2+A0QNQIF z>-7459R`k+SqGGLbPjDEx*>0X?onw-NknXn_6W zmnDc|28_-c>BeJ-VrCrz_Bf{g(23TYIedII?rb+lv>yBLpA^K8Dx?^3m~a*fpT5i} z{V&(^{N4-df9LPED}T?su>g)hOs7X>YULF9=NiJjR>?e_Z0Q)>(?DG?{890B>2057 zLC~n`jkf$R>+zBTG=6;lrRkOHtGCii+nT<2jH>?9&xc~}LXO_HKbOx`h1gX$&z5Fa zl|)dklOkSF9=`#*3_ojtEw5Sq72>8UG*5HHE*@A(n~)HO`_$+M2byJ)atcTr+Zq-g z&I%-{4W5Q`hNB|@aVee0*zfj53*mKZ4>%B=1zWKEEe&+DblBovM=1-stcW0Uej_-= zX~N+eEbY_*f=J%WZjOhYsgr>TXmn)ClhTP6I2&p?6^N*4dO<^auik3I#`=1E%!>rC znpDoS|BNXw+>kRJJ9E}lY}{9oY_4-k+1RXA$Lt8aGwcT_u$uMrAl)DekBkyS((P8Z zABBj^PS)$bu2~1>?{3C^W~E@)V^Gn|ts)$^b&9l()1}Tpx1w|J zdbH1Fo&Q_->^|$#G{YZP1722(&vUFg->WUIBuRON{QG&-cx`>%#1!)@uYg&3Qn+ix zLG(>}dp1j&Et->kV{PT}eVra{;5Y99D@m}u1a~U;OZa zt;s-dY*F>Y@W6x;-P$6)7VP>^m$S&_h~$Z&P6bYAaPa=GOD%34#c(C)^TK<(Z<*aUb1#Z6#C>&pqZ)D5zFr!S@rbS?0czueL2Z#? z31-fpg5|XBqkW9iZGqRnYUq5G5W_X5{%0H*iD*z$qcj(BIN? z@{T)bt{4uy9uMZeu45EObY3G|FG>oiX?I@uJ`MLb-q>FaQ#Y_Gl(6XTCZ0>;ys80o zvv6ehVbNgD)k~_cd$9$Kv!IGi>IL;dUW?bofyatx+3arGt#H&LaZy^enzl z!&rXCe7C={>dE0gO$1&AKQ$`nRJOZ4QcwH2T$5&<aXF->M79z zuTgo`agQ?Uw}X2|6TEBsmAxYWyYOnzKKu*GY^LrG`tWVqKVJr$Ue7|E)xy_-qLsCs z%75ojuhw>5|39@E$l7V8DL2bDrq3rero=zs*D7brU(FDZs8TnkitixDI?=eP#w zUg7;V876(-?J}k}d0Tf0JdX$9JW%&SB+@$!&&6)h53)v@8?sEHSQY3xPjo5PcXAvM zcX2Hp3W7b~_T0l5y&hXuEkxM@0N_aHc{{B&Q&!>@9}!vMv9ie9GWV5?#5k1V(^KU2 z_cE_)rv=Y$j15{eeZNLxc-7D)j=T8vgY^OQI2#IQ2oNx=y0M!TYS;5%Tqsj{>8(85O{igAjxs@8CkxP^**d z;{!IUJFAlA-+czRdR!>A;WhivPw3K5Lx*5U#GZ?eq=%E4zn`Sw(t>yHrF^5^6$`*O zIZ0mabyd#W5dx$85D-Ln)@~i}1Q?)f+HA2!+cW=)K^8~D5R4f%R4B&rLdO8jmD6!q zvF4M5e90&@ISrW`puN5I*%|4Hb{QE4> zUCJ$35af?bPJ7tHU0{Ghp$0@4`+(2>c{K8a6&w+P%wrh7vPy!d?Md9-tKJM*_5%cJ zm4db!HoTk}xU}FlSLc^yYG`>!0SKkBBf3}s#7CC+ZJidfCsqi+I>L5zmu3^9h~0v4 zgYij6wHWtEm(d+(5_FxIUp)Hudk1Ry$cvpr7o{^MRmRc;IlYA%kZv(@%M12#%&PO{ zRl7R1lj?r|{`I^ky{hdJES>WxqwmErdhLS$*6o;a7{{ntFDjpSaQ$B?H-?!_C5GH zISE{jj~qTTdwMHnWwU5wF%T+)jeugkH4Wrx>)>%#Hy zAuwtvhxDCY`nm=@YX{~%X)AKtRolVQY4raS@F`+BOBB4%2QSz72ShM55KnM9d87Z) z*3K{kyMIrQb*;>j0NPZ`?P=hKSG|M|IXvx>!YM*%iwdXlr@SYvMZmexy~JRJ$Mnv zuqeVI{T~|dZjgj3>E|5ZmQ_=WrRWWZd6#$lJPSYYH2lE5orj8Fs%e!3EZV*yo$+67 zpG$POLka6#-jJM=*E>4wI)_Nd9=_3|uHe*8LM_&s39dz8Y^Xa~%wtSDp2UkowqkMu zR3!V}U;Yg`WjT9*>AAQ-+rl%zp=asMm+gC+=gQwwC+N=|<@Le}`3VF-sCZ#P_Y0q6 z@(9ZD)H5tA=SUBqWYng?qxHD}4gnw3@vf8Op`N%HE7Tx7JF5#QnrR%*YgdSWczZ9> z;W1|O3;e&xu?NF@1I_y@a6lN&Og?{uq+z?r$};f0W1z}pVEJ`-R1?*dS=Mm@%If2; z+tQ52$$llFHDT-%;}zCi#F*&vovF&Q1O0X zSE!LkZW_l|jo7)i&7-?Y3=wJj|2jO@&s&u?OxFMM{N{xL@SnxD)6ZxL7a66!9>hGC zlW$GM1_Fi^;(O4!ji;G6V+H1$lpFI&xz+NnmQo#W56kz3KT0sui+zRr<7N3qPVJ|t zo83`aDeG7|oY(u86gmcjM1puhT8~#Y6WRN^Y^P*3 zh?iMfFV3NLUQ9NB&fjgY1Mvp0)0M!fYL6dJh^H!S*zaDMe73@kcu2B4PIlBABkkT7o9@s1@{_$2yUC<2L7{Dj?B&IRX+#qpL_lly*PY9v? zr6vFLBBo4-QR?#1To5exzsq96YaJ_GnjgA%nQ~K1<22ADdPH{npm0%Lv-F4{AaKb{u6pT)8#umynh7!n?Pv);7pLnn^d>I92u8g z^?DV~_k3nOPkH8qOJSwi@7iEKdt)mGac7_PHlgb|;TLYRMN0}g%-OA^=G~%%U8a23 zlQ+DiUNU=8F%&jyz6O3y<)myQr>O8{uQrN&f+FKY07x}E!)Td@#e zOE^$e{;WxFPdWq-Tm#r<0Iu)SBij$>#z-`g=Fb;_Z`&UTzCwKfap_l8;s);&>i}m7 zCXt{guC!6RjD+|q@PcR*S(c*&BlgPv0AfUV=xr~i;+!TN3SCCjj}sK#UGB zL8#}paTRHMwW)#a54;M%-$2uJp|tmX$mwn}Lhm49k(1dCKMNVJ_c_iITRBguaP3l4AXH(zM%Nd4Yv zO{JA!+K(_V8}eD)idt(LUri_t$&Tn+r@sxcANs5u#NQ%XHtzA|6e+a8L?%u3QnhoCX6p!|Ks~?)#Gnj{HvxVTNbqmKLDOgGJqT6^&Qs{w)q|9FLg>@k*XfwXtA21qhiwFjj2;MDw|t`tlGl)xY4ih!G#Z?+Y}v_gh(O*#5Oi zG@ob|kqp%>6IspIWW30D-oxAb-*u}dgk9nrS&+B0QG;^V=m0Jaa0zcay*Tq|FI?K$ z*`1KxeTKUuM;_ZN&>}tX4S1CHWUr}*Ff$^bgoi$PKU;%wrG_n*v+M;Dc*ew#k(_e> zmH|#exF&rOd8)}}<~Z{jAbq{g{e8xv(Z&?tS61j1+KQZPc?n+BtQ%ooGA&!v#vjdp$iv=cJmLaaw3jKRV>mK;qneZ~gX5V$+FnyztR2_pUVGG^QPDvo1XB(7vuqj0$Xhhfo!8aPL zK-M-N8*a1l4jf!ObaOK70j0A9>NNQ)_$F*f6dTR5bAR#y4y((towq;v4`LBJl7=es z`?%0m^e}fzN!R`1=e06^FfT~{ zK?lGm5q2-k`18yJ#hOc2zkVa;Eg4k?ay7hl8{e;tdU3eM^7H9HL?TZFIc{$Sf6lr> zb?tn}6_s~`NuH5K;EomaZ;(Xy3Pf#01w23sLXb@7*nSaoG=y!Ft{QU93WuAr_|*p<`@D-#*E?QZYA9D%)k`< z7j7S;XbHLL6;FUdzI-AC417f~RI zh0emJ=6Iic8_uCh>){5WY??_((YLqWo{FSFg;Ep6px&^zuPiI33g;caRmN6UWiZ?* zXuysBd)K_1x7j4Y6K0O=T4@VLR}~Rgbvc4|>fAw`d9a>521JGR8#g`I?C5 zr^Ft8R(>UKA-S#G8aPqjMEsouMOiuQ9|(7b#y3vrkrd`LOB1*pm%1er9g(R1FR`^nkN!Y2q& z9^{S4xLaU)U<(Q@{!({>CbMdbIOcp4aOUo!4xJo#ZMB#a=adlBVcdhD z4TU-gC1nE=eNI!%kU-SYOr#)wgXHiex z6_(S+L6z;$Rg-%^>ZF=8fSP|D>1AF&$%g$ZW%Q@eT9(luOrlr~EI%g%hh;LV_UV9a>+%DLk~3N^!)avy1X z_R<1=Qsed|4y*F6j^m#=q5)X4yDTONH4_s96kF2BV_R$n;e?WLkIKpE(o%}c1t@^A zPvCSeisD4-@;=BiYIT3Di0=(pfYytKMGcL%`44{5LcOApbAjXvzHqVLp-A;OSwuX; zwr5Y>IlUI_Zy}|MZ16qG82aSyTR7etK|h)<>D?I*9OB!!5WUf4_{$jcv`FXa^bY~A z|A<0*j`+Bp$d)?FH2ksGC{Kw(NZ5&4(S5b^?@aP7RTA2qp&^Z30USGrtR!ld_+1%2Y^;Fs> zst|dc1*V&*%VJKMxIL~WPX*wI=Fi#h<~_IBf?qm(6cbjTckr`?1ak2Q9rc;7Pt134 z^?!*a9!3Gzq)W9nM`DT(;_*(6&rP6>-<{FX`PC={58EalhzMn%dmb}n9PZx)6c&Z* zKL)G~?<5^J85V4cxG?fvcvROq!nim8uK1wiUNT1A`47C0~cj0-W~t1;^v6wNHZDH&Po{fZcBV^LfGruYHi3M)=; z$8>$)BVuecL8jB`GtyVIu7=2TUK0jx5W3{KYpqR;sW*fS`f5}FPaAE7Oc$+PTNRHcuYdbF$EpY zc7C}fT_i^g2|Xqd@8ByzT})4E$p82{D4>Noi;9BF$@#!rE{ngb*c$Y}x8sAt>b;r# zo@;6^5nm6-8Ve|*Zjq zAZ~Rhy~{w$k>mqSYD^n=w@W@6450b~ma^T~4?S;fJuhlS&8rnXX#5To>zZQQGv}$b zaQxSIjmj;R?Udb*Y#&%=b88s;Lca24SafhIQGU4ePuD=GyPDgK<7lBz>z*Fb_$jgY zyACd$x4XQO6QYi-8ky0Y^5)$3!=^!`R8T%%aj_WGM>}PYNb8U7j{D%L!bZ6Y7?r8NM z56IMKYITQsY+Btu7*J-hQ<}~hQO#@rw3ni_Dn3C44TjZXlv=@VolM=-7ods}yBpXm z3S|euI-c5|(?L4tpWB3}Z7~S5v&Xn5w?w#)w?93=p_HKOc;62?88R4Oh$}~9+9CYJ z%L8ARJ`IWrWpBy1K@B&Qyb&Lf%@^!%?(ronXXV-9%$mAf}pPbRr zQR&whwGWuNS1RUz{+PzNMc((Qbej9^4Mv7cYFz=%@Y<@Rbw?)0xp@QSs^=^H#sdXC zqYd3RWABGxiaox!Zk`kpl% z6Xi1Bl4T{zX{?Ab5}(-$E_(p|+}O)Y*D-9d8C4JsA%y^tloh7j*{cuF^cI{@^7q#- zq!uX{q%|rKu!&l}dyH=MbTU!V6-mr~!O(+`jk${6N||AcrOCswVC?|qa~?O#Q#pZr za3*82X(2rFPn$Js*mgTJMxMIUSGk54TfTX<d(y zP}o`F(rOsCM9H&{;KkkC%)t}19@qH-6cX0?-SVEq3GfYB|7SY*6(P0qUAka1sOw7) z{3=q1F{msa=u$B@rZZ1# zXq;x8hW~SHRRBCyX0>h!zSs9qLx$EEO=|M0k&e%K3=aboJ|LTm#Twe)S_47_yD{7Cq@WTJJRjk$sntHKZU5byPM}Va!Kw!MN zGpUOqioAFW8F&O9p?rdhbu;vkcgPeuD1-v_!y9t5KB zgKtI1an!|>rtN@_K&yJ^@@1$Z!rTdkiN9pG#Ph=Cs1%DiTsaCMK~UmP4v6wrI&xDa z4fPNJqET^!RPkl$uW1LNjd%IkQuUY0aKJ;0$kLN5OX(;KO9tqK{CBDp5SST+M5 z5va;es4C!ZyF8pY@22A+|F;0|&|8!?HXBippV0#P7m=g8_zodHoy zP%Ojz&I`Hl(6DKsHLsQH{eU|3sPNeV;?_E2{U-824J%llLzz4XY6wq8vhUwo(2Rwq!P|ImV0wyxXJqqzS`jE?x zEZyBos$pSlP!v;-W8Qq+AnrnCMd0=mUD8%Y)9j(QCc7_mdiKS0#jVjpK^zrn-X*b< z$Ce-c`5c%9iHmTu48qQuLxD6#EW}gH{)FyZ;k7UC52;De<5RtB!#Y}WaED!)S$+fp zg!#q3w;!X$=}+8!hLxumhrTZb+eaBgG6;2#m~xME%S4Fy0HPtN2v??wD;xX=SUY8g z5@oHq>~~qDf`cWTFcuh`kNv9M`5;@tYx=k&HG=VQthIA=n}|1b^L3(>bNVBf&vja3 z*R13Jo4yxU_xQN%>wC*;V(8b#@=8uUUAuOrOBqoF09g%#ZnXZy;3@Dfu+LlP1-ypFeFnXNB5Zl;B`176v2$$;A_CUgL+!qM#9qs z_UjNXk1IFy2 zgC`b?t|#VUKWBm%^0+M|SotX8 znyVEuFe8>rmXWaeWK0d2twN$1^lxSt{lE6UJf7;V>w6<@3q%n!*{K{_TE_W5l#o9U57QQgT*%6wdO50BH=cpymXURdhfVs#*yfsH=QX3f15){mcCYEJ?++e) zHgBwH=f3_601;K!&)L{7#jh3G)S{exH}|58&$V8hTZL+hG@EncGsdm%yYBZ7brX1$ zDefQnZtGzWtX) ztXfWTe)eXey)R<1A3$-oYpVAidN{2~>mCQ9i^h(gUZUX|wD`C)xIko&-w!! zS~^l8*X#@%{vRI2_}nRE{r0${7c$x6w37oiWQ3mm9(xYAFLErNR%Y>b8Zpb{8>fcc zf}ut%GjS%Qh{#@0-A%5!s)+Hn@UKeQY@<7VD8F6R;ZkYU zRy=q=z{`6();9k|Mxl>t`y)ezPU?SJ$)7lV_;Sd4`=QTm`;QFmxaB``dBpRZpEne) z%9%}+FYa#by=fG(M9F&j+2?Je9uNT7sNuK@O+~2GT(nTs&RcddNNE>4_9UdcM-vhu z+Ob2`CJ8g(BY}AAq-oBPNrkPTnWb(Ko9)HD@>ne9u@hIoR5g=LfijYxDHAD#))Uj6KS`Hv3GGuzB&Kv`0r^w$F z=3aD!Z%{Jn#6!Q?ZrZteeXMRX2DGL)ghiu!td>KeiIrC5i|!k3!7p*nh99G2q`!T! zkfmGD0Z4zf)wN~k<1#_!YRqdQpkOIuP7ctEGN3px=IHR!Z+Hp+oDo*JGj}`*Zr* z!&G)UuYY6E<}aP!UMLB*$%=feJl?d9Z&#TIj0GzNu$IgFP8hfHUdesiH)BrG5f)fR zZ!_m@>BQJnZ0^b8SVVl_%W}%Uk~HUe=7J!RTr7NaUvlKRuZ#IF#_bx$3{)nqd%?la zvsK=m*Qs-wG(Ku7itP$c!TDW?1V*WuE!yTjX&id(`#n7Wx>Tx{NZTvbA0_g;$B3s} zgIySg18Q$0Ne^L z-fMj;&Q%_y%S~1i=1DbSuT$Xk_?4ol#(hDn`!}!%j7pM&od;Rd1mA>P4Xe4Ljj*%V z)b0Ib{x-Es`_St2GI?kE#=;z@&)*G2xcNXb&6HeXZ#v#FFOq2Cjmm?kKdyl56lM0D z-pX;k_NZO-)$Q*J4lVBXT^%)~x44#vZaFTp=X$^fQ(vJJzsE<#2BQ6r_C|)tua6z; z>XMH2o?LjeK_OM+DA3cViJ<|ixWA_4jwBwb2PuxKb-ypYO%}`427SgZyRD43$~)VF z+ysE*c3`UF;YDQe8ZKu9k=#FE1|W1{5E-^H{fi)HR^wNC7i!RL?ARDrmhnWdiSEY& zZKKt>>6Wr`@*ZWmdjDEjguVqu^?_%KEUg=%qdr_fhiH5|o>;Wpg7*}5K?mkrx+!CX zO$cLmhz#G4_$!r^+f~b!=~h~3!h?CL)JT*>We4~0T9TP$#zAsEcO|rkr;!I*e}+7? zP1;M>xrpE{4e;6q6&@Q?MZ04Jf{Sq2L^E9Rs&e>o>aram_xq=HX7vX*-^^v6oy)h% zBf(GZVq|q;FRt4?BP@L8mhYSmk&~70U){L|Kn)* zRz*pizIxCE? zUco;UM;71att6@B+*G?Lu%?yGv3iY)NMw@Kk=giBvaSGd!om&*k#iNZH||^=nbfwY zV?!Bc2A?1a?2(l~N9$nKdD1kxkp3urf1>@7YU`0b*`JgwkHE8di86j= z?tL|kPEO)kn2S{-5$o|j=4Y$(UzGA*9of^WSZfR4P{u26L(pN@K%5LA%<*h7t{)2i zEk?rj)2383AQ<5nEs0=i*Y>}6Q&gA}Ogi}0)?oebsDX=*WZm+loTJ}MGG=5n2` zWBP>>*ovZm6^k=Wu@lFa~j*- zoSG_5b``0;e*JfcT}uUg0?Z6#UX`wzf92^G!}-T$;MQA1sqZDvs@+YE@PMC|Y*K6T z>AvKZg$P^K%#M;Z6`y9Qnp(eC=PwUXn7A${M+2dY^DnCCt~{|aA*w*tyfmoA1jTWh zERYjD>F>Oj|ACmy^$CM8IVT}y6}b@2*vf?`D~{XmRy^!68)ziX#({sXOYhe1UNcp{Sb6>Un(p6lT z6o{bUU%O%*_cNyq0$VgMERIjBmV%!vk>LU(=3U87Tl~{Yh8UiSqd;MUM;DD%1Z%m;B{GL8dWBZ+q<^0DAXX@NgkU!-vsTt+8wS{4wjf`8p2Q)V*@MOP_QlCL3@Zdi>~MG60A0zt_KO72|3FX;U?AaAe&&tk0&FyluV8^AG7^@! zFA5S;ghvQ|)-wimjzY?w(zE#RHbCRkcp4?_ul=kAfMxF+b7ODfoF5I!tKo-*SCen) zeXlk*vj2$RR@i*SQGVf?*=q)tC|yh%H*3CKHo6l7NnFR|Q9x+3M>Qx=v4+ zUp#N8Lsj<9>rW0A@Wl3es+nX5SjFmkdi*%cG_S8OTX}!z^PaM^^lTZovF0)Hx6i~* zIgfstI5Nfy%`(jQ$6FlmNaFA+eKfs-8U6D5tK8hHHO23@X1@u0_(Y;@ao=hlgC}{P zN(?kHec|NbEo>M08F~&pYu_l1iQ&CLs$H2PDLB|-4e*0hspg2|a+v^}C%XYP z<&k=spgS?&`dvkX#N2r8+JFSQYJ?hn`ix8^f7erUZ5r=w1m& zwO;Dkq)??NSbOn?Gw^6%T9~=cn$`Cwlych#gPeI9u9@;eJ8T*UGvI5aE)q1aec?IT zUg)0jh@6tVEmnM%b5)a%w0A1So7>@Y$r)SMY!^~iYh?TCX2^pC^@QX`vee9aCdH}_ zO=2N}jW7C-=Bay&StTAcY<{{ZwIJJ13c2{{KgL!6ym#I+PI=SrEEnW}Hcy^I8ya|W1v~Yd0WWfvn%0@4ao$q=9 z+s?jq4Q3TG>wmbftHeZ%4BmYVV?}*u_PmbhDY7oJhc|iaG%yk0Gq1ZFhP2(Qs#*5< zPy>A66hX?hu-77b>+FPQ`1k50_nh=2jqa=0Sja}Kzn#PdQ4RAJP65(x7M@oe(9_}G zD-4gW$IBHcZnIp|>w8u1-#0(U(s5Z(ZNy#d)YY_`{-#KwHw*F1anPV z7)3cRuIJ?BwiLyNy$(>iX)-uw@noUb*r7BR*~MBgMS^&~=j!n?l}8UD;W{BT&#u&y zVRE;@$1zFhj?O4|T{ZM{oOuUpvW-_OroqO~X8;KDOu|GmN_MCy73G=CynX}d2{s^Q z-S(wma)IJh@5UMM1YMD|A!qmkG=4K1%=W9fkAt2cYsj;h0&jw)X|$9ri1a7Dd_L8v z%-x*Lx%_1_vEce7ll^4wZhBoHlb=6vpV1)=7@T23NnUh;Or)nyV>GVWCS=>OPS6Fs z-$XPX*Nh!&(uV<}K+-9}A4rF4KGWf1<-M48cXRBBY<8`w-hGN^o2i?Tl@HQn-qoPp zdUk^DSloQ35=JW+yzRai*YTFHtf7`bH>F1PcV7;t!wn(|GVTnb38)xv%EqK^PEiKB;?meIsC(7`)G? z%xUfYNS}(L220Hu@W{@=O}DsZVy&FLL2{ThsmWcq*t0z-M$-LuOMBM-hN!jdDDJ32 zQAdeK{*}gP{#qaUa2Jg5z7C!NH0k($TC`=YqYp?TVc3DWB6p|os8Nbcq{yDn{&#SF z?;wqQ^!>fzP35a#qN;>Rx+WYW0#}5r=C>5Kzz$_C>D-th>eDQLbX17%fZ&msPJU+7 z;7B^edt;`)KpgB@F3VIrby_C|F3$C+tZ(AknrKc{( z$OL>`7@cJOu+n25*uC%=NygLU_`RB0Euqq9oxH`lh@ix#G*9mPOK|9B0o&Q2t5|ab z702hD70sJ*&?^g^CKey-jn#e+vZAoBJT_~JV;Y%>w43(mC>v1u-3~CP!^#o zYtKYPkD(53oG39iFH_P#QX%v}qV6Tx_p-tfo^ZxuvzI%MNz2Rd7XB<*d&4TK(_ zdm>V=d-Sc*T)ZMpR{$&${dDcEPg(u@?`7^Rc_kLvaM{m6`FDoQi-WI(7Z%#j3sCb) zJKoyxLE8HG+O+n8hsPtneT(gT3I3S5bxpPT!QtSw$Zth?Rgru_5`94m0A=)9p_S1$36ScmJ7g%mYz7n!kC!qwVU{tsp{~cqbx4hfCe6luEJ97NwdI_O4x5w&CDi z5D`Y^>y@u;Egk~W9cg~V*!D$qe~#I4mHi@|Zb3dc=`q}K-Zi1?$=OFfLPW%>m8bnh zqF)`HWhv>M_W6L->&i*FoZ|<-zdgz_fbPxvT!t?p7g!>K<7q^PUq8>mG4FsV=)M0=8#~bD*c(UqP4@YG-*s(-G|+3 zt?-M_wvN(}6a^9Qp>#F6^me(_(6&0qR~wQSk2MG##5U=aV>cgkiq@Xy8E$%AXS7pw zeVM+aC#cVn%|@Yx!oG>w*&K-RLScGe;#HO7U(%EMQuYOx*}4wIw7=KN&lmClsLHS* z>0@qr$MLdYL1f0ZAwG!j?rbJmdFHnz2A;{+@*9@{DT0BdkM8r5#20ony}|yDcw|J-!4M?dv00MV)ObW9dVw(va|QL$wDIf{=|!<(rv~$|o)af1ZQmkuHpu*C)xt|T z1>c|nQAN`0xo4=Cy|$}%_w@!cY?hPaFMslxnUax4vJXJ6GQ0-$yo&1l#yi>r*y~8# zq~0ss(}^jIX@9O15A?KC@ju^-aP8*DdRL7&yU?ZO4I&ETa z*m!K;he2j&NReQ`@#DW|qt}p5oEI(RnLn`S(!+9shJ_Oqg=mlUs(W z3Rb3K=s!rV3!=OAi!@C!?sq3Knudaz1pTr7VWkEDP3Y(tkTn@ z+U~M>NfoL3TNNlvriXwPVD2IXgmJ||ygl+7d~nAQ1eb{SxTN?I-Q6p5rZrY5`_Wj_ zhr43X7M9=5Q4govlpR-a?@ARit%rezSM#2J6=e;~n11_|n>z@ z^YQ7ep995CP2_&FE_F$ZfObT&oiN@oV}lMSoj2{ggO70$m{ALInF(1q>Th)X((dlr zkrCoP?^wVvB9SP%wjCnxugc#&BxkAbHNCYM{Cie2cl(_|_`j}{3g*Y|(0 zvy;VW#*>oS@l^lfnbZ2mJz9q2fRnjpXpTCXllN? zs4zT<7huxCxe9KW@zfi}e`KFWyEL|aRum+!QZVI$Igq2q)nF!bzLldhNjKeE1@vYQ zDT*|eeXUpQW8cngYKJG&NTWkDaya2+HPb)~K7rj$Y@Lz?#E;spPrYvMCj2L1D_xJn zN?eCgyH9gFaiBR`kz)eDG5w-5d-Y&ranqF^O}rJDagyXpRqP&fcMnjPrIgsYJJ<0W z1aE+*n@NjD$R;v(nge%gNtA%{vrG^VXc-Ru@SkgZP$n z2m2;mgN-t-M{SZ8jlZ|QbZ>I^UQJ6U9`#|9I-kQ~7NxR6pVwTByJ@5v`Q-epMq}st zBV%)CAQXxt&m~Q@iuQ)G9LP_6a%i-DRDU6e;B!h+?(%{bP*D|P$RwoRQCJ7+dxYxT zvN_Aic1y02iXc z580e97*L!%f~%AdL;Tuc_+UGiD+I%9DdR?$8;`qi>yP*8#RK8M%S?~O?19{ak&^J_LNd@0ozIV{$jVf(PI zHUsK+FpeQc=Fna1oDIG|@JTxEOpHh|l=nGwT{-(>70_Ztx?*PkXu0Ow769fG9(!L8 znc$cN53l_^Z$C0!GXM+<-hiK6FV4@IM_YBi^>Fn>GPl}(c!Wwu(mm5U95hSYJ6)up zNP;FuNsD=Xif@u;`+L9mG#QZiIAxGxhHumm2RbufyH-fRvu*wm`11BkAbfqI-Yenw zYnRRl2flLA?GSbmg(aJea(&7>t_IMF@ zB0(!E+jiD~T{ujl7MML&xQpn)_O_;Oz_z`3mmff924tip+VLyyucQSKWn56IN?gI99~xKjl$gmAS<{ zi}a}nSb-rCbc#oxpSQtZu1HY(#^m_u_(~Z+03HMf)nvt*ts9dcVL+aDgGEYMatsEH zL?=0cXkKRH`QRFyj%H~(vYIqF-yReI8s8AApxw}3PtZ|yYyjBt*@T{92rDsi?h}&?g+mpU?wqK zukyqHckS*Wc0_32FdFQcr!LlVQxI8v{cclQtfA{XEP0>)vOs{j{IpAY*N9kn_Y#LG zA0@blg=eUWy_ z2iv;2*WrkFh9;SNMJmS*(QCEmMEt%Z5F8z>H$rQuD)%10bMSUm_?tUIlIy@1A2aw= z((@1;^7#D*d-eO>05H=XHMd`K|GIiLq<>N^*jtzY!rSb%1%d0MzgE^NYK8E7Q#8&PusAip4mAs9?6!_|1Jwhg2PEXs2s)E=dkp12=) z*hcqtjTKgj$QVh!8y>(x&86R_X@&)q%@f<^>F9gCBfYl?oC+CV8Sk`xBbA5>LtU#T zbUt!Egd{DIMa92N**Bd0fYyijWg*Oggczy&{fQBqOx=tJz#PcK5(EsA@fatL=qh9y z5Ki>)dsC&(1xqmZGWUYZ(8M!A%$u=_c;4a`wBnd4z$L@@m9O5tGHMxJ0UqSxRXbUQL+J!oGtC**3cYP<8lfk-mG9udKudRYh`Wd6yNp zxNSi$Qhsj2$IYz1otoZ!D&MNmXyXipqS)Bji7Ry%b0=kbePFpAXHRLI#Yr~|A3oD7 zc*s2S`?IEU?w8wq zr%?24 z#YleIrMJ3sd=)V2^zakyq^s>;L53_gk~WrbOMFrDE*C~iRzM)8O~2`63HboI#{=B^ zux_E{MQzU`V9sGxn9`fzHi+*-=|wNe2cAYt5DnbeS4XUBZw9SH!f_YAQo zS3Zlsf+)bRcMq9NMa(DCC~2{j=)H%ApdH%Os3UiG-Qw18hH&CGsW>!$Zw>e1rSLO7 z>Va1|owvr8-{ymbA7VQt*iJR8MepUUfSB2UR56-CS*F{u5(`YXD76L$^vkcI#-V)L z+I;ri_gGe=vfNGt?ON1S^1%TWxiNK9x%Jz%%K}e-yhslXuir64tY~y#;F{K&M_Ciq z=2O!Uvcs7uhJis__`wWL6uS5LA%j?ZiST)&H5{-gLYdSm1zX?>KHU#GZNCXwK>}8w zu}Z~l9b-J~$N_v#NKk_ABf$pZi%)0);klG(c3)m}u2_PH6qIgIvmWQtl66OEA*`8E zDR$b(?zdHY*jGWEK@~dybgt_RJj0VDYS8Z(ynP& z4XG+s)9hqtKW;8qMc0({pYd!orQaT)znXuV5uHcw|XqVnX zSR0}&*r)2<`%>X*9(g$Mh$dWYLg;SL6Op>X__qPr4hk#a++CGI z+if;glM7mQ!DDAHJ%xhu?^I-ue82g$f87AfIdLmz(H!-^(<%&r04{y&jSkn&3vCiW zaRR`iIVDoy7Sr1#-FKO19D1c|89EbHVb5upTsISxM|DuR@|$wG_0t;O>*qL-5~O;F z6{>;I5(p%aUUjr5Gk%`jy%-`MEbavRA?#x>(WpTIeam$xkQ%kk9w8k1z_6pfW{kWCm z|2QS_XDz_w5szVp2G%Tc> zl;>JH#KH!9Vt_Tt?;JLyKwgBE6hric@aN5i$~ZIMh|Ld}crA(fmR|~PZ)7@ z2SoggD!c;adwJsRVRH**ewgNBr^21HmcVHrR0;|C_1ydY>uP=j&u|qW;xeH8xa}r7 z%iSh9<2GG~!6dXIupy{`|gB@b-Kt^)vjIF^usL zRNp^W61ScVxx3=_^NC&#w2NFC21h-%ny0~g2_hDdde>WB!^TvUfbtQsm$8~)jad06 zbgv3ZYe;tX#Xjq*icW%nlcRiIW^#_xaSm7jp|U(Q^Bww~KAV0n*C6JsFQ%o>@Z7RO zw7AW94sNpsu^oT2aUu=YzG(roxW@Bicy-X})UT!8iEKH;r{p}#6pDDXC%fJX7N|XX z-=SMBlFtE!a^QY~?WXSXK)ip@JI?&7r=e}{X&0 z!PbOQwuY#W@qSPr>Wqzl$EF&o?kJ_%8ZKr-@vB(rvc`l6yB;qB$dM<{hw43^F&(;M1PbsgDG%!9v0|Adev| z?7N~w>Nugz)pLCI$m7#f@fz!@Za?$?P+4j8agkwoa`SkRdwmSlO57x)OT^?)Vk*9j zU4NT()(ikfD~B)8ejiS9_1(ML)fMdmtH2k21e%;p0o#Geuy{(AD&OmQYDck$td0z>@2r_bAm@ItRehIyapoJ-7Ma|3fg{7 z%>>L0xsDDLlywf2^AN%X~$dlAcpQK?^0&Q(hUa{J!+-u}vN(c5P^c;c9J z>}*ELo5|GuE(5M@YcqaWiD z&68pmF_O258y4tEu!6iWuxUSsquh_KUsDph&aQDgFo$VoGClFW;@QQk{F>xE_22eA zOnXxJfNN`0PvOH$c&j+@n4WM?aUXz^1Ky*iYwGVb>A*e?)|d^mB7Gn%B)TZ;MPzTG zvHi5YC@(Y)rj+IQ|Ace&W%rCx9J!MNA~ac8uQ!IXim`I3zB#~-gUVIkS-D7}I$@g9 zDS2P{fN6*+L|PTZ*b_End>T%>^P!l_+yR=;+{b!z0Kd^^z1j4;5sJ$XAeRy$FJlp` za4OSJzQJk|Y&8u(GjDf`U)VP`8Xs5BKzFIFS6S}Z8p-nBr21iQK+RO%)=xWSwrbTv zzYAJy#5Ky;5W8WEHlaub9q5kDlOwWA;84te4jfTU_=Q{jrVT@Yp2(seG+8TJz5rmQ z8WpX!zKEys?Nm|fKDjU0Ll-f`So5Z{2u@2?Jw+j=s>@K^3qm!IWo7?}OMzj*uPNk6 zb9*x*AB%V)m7A_viK}5MFd%2lxTJ9{1}^llNU1ZcX=C4YWq77U@6&L#%N=@=4VB(%jo_+3)-o&ZmP#v5JD(D9}rq#)*1JzuP*ii?bq+4c!+nQWbug2)U2*)Ntibx|c>C{D6o> zlmV8`rR)U5EiPM{)v38|49>`1ro40oCL_`&hrI^$CgA=A<8ta4arNBnDD!#<^` z5J=6Ty1(gJq0IaKb6%cPul)M21&s9P%6*sSK(=2=hmOMCa((n~q09PY_7bIUVdEsa z=-nhlCbUlNK;cb=%l`%&(x zQ0s0)#AcISGcv3pfr%c%WexBm#NMZ{*=%QZ;Tzjx1eZ_jhT9bIm!HIf*lBa%J`Z>? z3nxDmXBb6rA+Jl+r1i-EQW)M?xebi-sWIKnM)|*)ol`PYKz29M?_*BFoNh3 zQcvlgvlP*l8-DbwB<5OQ@B^^Co5fD%<4R5b)~0YkYJ_N{G!|XnKuyVL zC`c?@4te;`cv@;;Z23cNVr$(9O>y4@tts=RY~ha$ojs{SV|#?WQ?Hz5Lt3_Y#%fPw zd!d4we$kN=E^~{9{6(iDbzQ2(8#)PG1P7}tL|a47+pt33@63EULcL~uoP;UGJK)1| z)?a+Kw^u|qvv3o& z#U(Q}O)qdD*&dIvPu5c_-rTIa&BhvmhoTp35?$T-RSZ=wQWq2saH{{YSy;M~*`v}G z zxI~GPmz9ZS^X7FiFg?CUwMgm8GwN;L0@M8{U<9tNxXseBsFN>^k=J}yV~$75;&X?p zLaf=4h&`oSHf%Xt*qF|&0Sf_>e##tu{Wl;IZn?uEsVWX4GE4~|)7wPZ_mt7P^D`NX zqK3`Zb=8{J%;n`YuJbHB~m_&JHQEaB+7vYE{$iW2|Kgq}ik8eA6Y#S$Zgt~yg{J3AYW1jl##;0D9` z>t4FTz2u{CZy0``dA0IeGVmxCE@r{+`Nf0S85>!Y43)$pdDa}5U4^FtDM8<#x++tp}@WP3K|%8ICV9f$f6^tjh$ zUav!1YHrndkI8iFnv7-WZUvS%cwPM=tohCWrR!0gIX85a7cOUKp0psdh_GLO5YAe9 zMhQ19RI%|6A4+1$%H`Is)jsCjCPr*|Gg#Aj&G{PY+c8XyDMoDnpWIdQkwFvXtWFWJ zpY@FFtw&RnA5wiru0OgP#m>WEbyOHK=C=IYC9OHAVjD%+pL`v&U>6{y-LPyCoZHr& z@6h%}JTO1Z-&m3bI|L|3LQILT)gfQY;bJ`U4`P2kc{U74&V!!GVFi<8jOD10WvPdHorczRytnWVx2><|iFhnG-cas0;c>Hq>#!Kv0 z;AP_thRYf*CnB5dQwW-shzdyM%FCA$_{xbcRX4nnL_MUL+qkEuV;9WFX4a3Fo~o2* zqlZ(nLIa;egs>!F_pw~!RXi$S*?~-X&V_`_;cO_eL4=aYgAY5`mCi=uM|5A;Zy#+k zMR{vTX36jG3r^+DK=f6bHq#h#)MsW2(c3wR&Bt=NW!NmDsD$I65=xu#;TU4de!!VY zW@nL6j7UJ8#)lzJBIBW?EE50k&iSF68kiBVp0(REME!26mBvi8lV$z>RHc8ER~C-> z>sk0GX>JS2r)2%3(A%wr)*!;*hBbl9eFh^vXztBvZbu0x3RsT0g!9Vp6UH|Wu zZ#0&~frt@9SxuDe_Hp&chHPC#R5w*Sha@9`|AgNDcGNZj4H~}F0Nzugh){&iZ%!t{ z@-zPszW;NMW(HG4XU4EJp1W2d$YaFH2*e>O;-7`(ukFVlb8cb!bIxh<|2E~7O{M01 zi7h2s3?%^4J)iqG7st*ef&|r-Mqh9O3>k z-?uH)XT6t^8kBKG{)IHSQL%}G&_kPyt}Zy*l$V+a)kjh)aDC{~Gpye*FFjTEkF{W{ zsH7b2-{}!38Ow>mv2kgD>)$qTZG-&Vs=pPfPb7zki0Qq2>s{-s{jKK{8;YM?<4}J^ z_4wiU1a&w{@lTxn&ussfIr_KW_b;qj-CAE561e@nAR=FM^L>YBAnwK9y*|DHlf#xD z>zDRPQX|W}@$RN9!*RM@a_$BuD=7L8jCx4!2LkiA?1;duuND6qEB}TfL}=yvHrtvE zb?Onz|JH7@dcNz}r{fct+roiL9R4+lWVum@l5hMJKbx8VN>?w03a)%+9v%aT%EIM; zYRF$t)z7ZB?KWxDOnSt9W15Y1V6UaPOCaM7%Z)Yi&OyX67Eb<0C)9eJ3T7`qEo;k% z>MQ!%zoqdnTKJRAEbEUB;+T|@-9Dbbk=^jt{6?P2A0&bx!~)B0nsaVvmxwSNbv}z$ zOiWJqV+HB|K@|R$f`0>w{LjN#l91}*m(!y;xtVKj#dIV<#fz_SXW~4}v*b&$_a1Q{e|gho%5i1ITBqXP54=XlCbdL=W*`v5 zsC?B6@eJQqpC4V*nhZn{6a5=J!%r$u)Gia@i3<%Hqa|1Biel&fp(uGxqf6KKyv}A@ z$;xm1wG^}XWp-6fU+3dUedpO}UfEQV0}<04FBv(;bkC_6ZUd+A=+CUczs6)%*!*Ad z^H*bkgwp?LBL38ff2(@^YV3a;sQ;U6*8k7yR2@G4V|;|%Oo)+<47$PoztcR11ip9PXk`2LyI`0GIR zzl+@eDv9^cP=N@j&E~+{2#F1o??*=U#Zg5Rxncq^z4d46PmxM;LrA@jMJV$%wa5W0 zW%wi>{8DwJ^0$Z)@iX=Kt0~NwU%bLx_$5~)7k&xDFJbs)MX?P0aucK`{1S#=!te`U zVHx-ZATbw+U&8Q97=A@wSO$KDmY55_!f?!mU&26g;g>M{5{6${H7o-^6Dc(n!cp>b zrfuMP5w~#dlxpv>3(xL4r7pV>0K2#Be`Y(4|5*L{_0iA7?JrLJ;sj|-(J$@zWhclj zEC0_~%;7`a?KdObDyS{CaFV%`L(a;tS%93xN%d-e$v1>Do3Y{}+;nIv4-| literal 0 HcmV?d00001 diff --git a/docs/canonicalk8s/.sphinx/images/normal-page-footer.pdf b/docs/canonicalk8s/.sphinx/images/normal-page-footer.pdf new file mode 100644 index 0000000000000000000000000000000000000000..dfd73cbc7e2f28fffa73fbc5e27317f5dc1f1148 GIT binary patch literal 5532 zcmb_g2{@E%`$s8FC~K*XCLz+yJBu+(M%h(%vQ4TnGZ`SW?RC!go$LC4b6qp@%=6ywZ|>(_fA6hfYhngN!m$vIuFi*# zA!sN9%J%Sq=<5TPG?o|N8;SyV>;W@6gHPiEW(+c)WdI2`)he7ohI3zpZ2RY_Yh zqH;Ey$jOPD9!U!o&q%kp80E1>D`)o-i>0<6h?txls#)XKpuoW4?(X+@%3rp64fEc& z>`lD_7gM)c4F@EXC7>tQy;>;5J#mgOufIGawm=Xno+XBG?aQq&9J;Yt9l$OVUc0+! z`cRv+xW#k@?RB3`cKEE#${fk-C0Q4OVWks~x1OlBzpSJG9(mAm2v`_8vU4)}z|IT2f_)bygJnkPCXtiCU#m z(jEpX@}#U-jC%26+(m(0O4Nz!C9-_EQLY##vjo8PELP?e%j9w;X&x}2cMxzgxtV&KONvj+PAxz5zj}q68`d1#09IA!_ER)vun#ja(XYS#dYIdjzje4y>~cQ2=U!k0*Pq%6xKT*kdmm7JN%<3vv;)E%B$ z)hoZ;(reKNl|#NAzKiNZ#ni=>?#@$66X)+=gP7;^r!r0gn=diBfA><^MhWGph4(_2 zpbX*7(vZz^&5{#gTW#m{8?N;hU$=Q7P6i%&{}rKR(NO5Z-ScC^dv`A=6CYbTpS%WT zvcGH1c8kTR&|2sM>XK4J16!z~tf}#yrAy?EO6!$#q}E5QPj}0a`%9T1=^mPAG_RiM zt#~SIUqoA#lx0|MKI)>($|~vRMH2_Z+cBI~rx*18`C-JmL?SOd{>GaT$w@-cLe>4L zRfSTUqoic)jHTrkbc9W=k+axv(_9Z4VS%@gEP}dQ0NlkYhFJ*#TGBCL=Q5=2inVMU zrD7ts8Z$R5WvsU|w|kSL+5l_N@>%e1k(HTFx=g*EH!!}QzlxyX9tt(2rK;BBvP8%z%wn5 z9w|!XAK;(m$B)NYYWgPrc2ABf9=NVFAt+(`#I#eG8d<$v<3@6`mYv2UI8tlWNFK=5 z=utDaL1$u?ObxMD?O$twA2(8an^-(#_k1q;jB}vGeb;btg10!Hyqk#73}iTXw%Nht+NNk z8N2C!VsN_=`HJNYLTxtv#bdJZ(ey;}L2_Yxj@*O0ceEbnRK1S4oVDk`D64a4r;Vnv z<`&I&noBHcmd+=7PWqqx=#$01jkR_w|r z1r-$)bdic(tX=7Drljp88FY?xh#9go2GiQwBFuP49|+J(){{t4(5q}-(W=?1*J2HC za;;gE4o}dL(|*^V!8y%&%-hN#^o-wZsXjUU zyhp#+qqCr`yG*B}zuoP1>#%00a)(pjM6>$~VqJMl@a?Lblrwh%ZHlt5_Oc$50UD6( zoY7PZxu7)QJT6Eq3op|tPn~={H4=O+i2PEiVsFsuyau;>q?Y!D(`C~Wlf<`8qc&r+ z24V`YR@*9#=+^5Zu=&_1c}1lL#c|DMe2My`VH7J0k-5FVb1Jj4ZkE;P-f$7A_i~znrfPMo34&=z138KnmONbA>z#C zjZ@n;Y?B?jIoR=LMeCdVDeqi9-MX(?^(FBQZM@)SLDSxhiJh=rPCEhx=(F#yzShU%gyuo!|8mR9Wfv@c=t$J=Z)kQ-KWl-dLLO5In*d@C~l%RC9S@_ zstz|@WKdM`-uHIXVHt>wsm$v5k+|4ZGWxAgyq`8VXEr!Kmc}kl$&NEsz5e0w0QL;* zAneK?MUCe=UzLnZ7P2!celbaAjN&& z{e^Y11nHe6-NJ#l%uCOjhA)<(5sD~&0FEo@f=>-~m1ph+hP|GrhUE9H`HS4XHrKp6 zK1sD{Cg(k6AgcTBNxP;;73&ObRAVpSK0ABtFloTZiVv-hZ8*$v$LOPvkXWx zjOoDsu@8M=slSKh?Mt8PxV~#uNMDL82L18qEVsR>!};x{xU!uS*Y-AsOpK;TA2P0$Rg{!X{1cnGpj+Et(tbBi9YzjhSQ9qMKa3$iMBDOjA zjlt`Ru8P)rzi?8_KXB6Tx#wZqjj~lx=@M=Kuj1qv=If#Ttjs+! z`f@(w+@sh0SKHACWl4oE2Kw)t&Fj|)IWo^>`LD+p9ZYm&q#owW>5(E{E!qPqIiE}B zaA;JhmM59PqiI6`V~}X`*<7fW1C2}fgc^E!(phwVAk>7$qkFMvTqqKbM8NexNk=-L zL4#_s*jy%=0ppOpXfRJU8|3s~Q0Q!y2}tgtS|$V(0tFU21R9CJ;4r#6NW?k>VjU=F z#isr@5nC>s>PG?pSPOivV9-5uY)!U6@o+R838O=IXgSkaXw(jEZ3yV8&)!A;`pAL& z^vvNH$e{sNG(MS1=92*jKM%fW!^O(-o167F2{>emFO3iNpn1_*M781Tm10AhdR*2z@Dds@f(42o!wj3kU)xhY6xX1xyBuM-ULz$Y8k92;f?@ z4XAw*1Vy=2PlCOP*=IrU7g5cd&*u;TARr(B9)O0kxn2MgkH-TD6o5j(KnWNxki{np zU@YF+uQ;EPK;KZfbPgXhI8=m8_F((*iE3(J^k8zVtiJvMiwB?63Ql1&0RfoTJtU`%j^FjEu)2}7dMNEp^s*A%9Q#^KNi zw4t7{E?yr1t?=W$bLJ7jii|XO(S%L$W71gsFTlDeU1Kvn914a)toczyN zUvlGLsq{II=48JD{Xady`7RZHh*aw(@PFL>oKy_DsK5{y;KYWgCV)|Co@74;U(Mjxj_@fc81x@uKJEU5 zt`GdG$v?)_rwd>q{R9lg_m>iE0QpwP!L~qD1{{iU zd3-1e`>h`dTAA^Nhr$s{BZfaH4KHKFX6Z$A7+$q-eI7GpC6w}WtBH|QNS_+UCK$Ok zmop z0IoJ(&G%gKTea{KB4do2kk@XO4kgFH$vgf%#5(6rdWgj zF5wP*8dlnpxlA5Npp4lJKPHO@`p%Y1qtYoN?u0}c7QLe->se!WU{b}Q~ x6$PF)XDEL6TZ!1KuiX#BVL{0&6oP-XD%iQXd;yo{3Be$7c!-9Esf`)r{{SuG!Z-i` literal 0 HcmV?d00001 diff --git a/docs/canonicalk8s/.sphinx/latex_elements_template.txt b/docs/canonicalk8s/.sphinx/latex_elements_template.txt new file mode 100644 index 000000000..2b13b514a --- /dev/null +++ b/docs/canonicalk8s/.sphinx/latex_elements_template.txt @@ -0,0 +1,119 @@ +{ + 'papersize': 'a4paper', + 'pointsize': '11pt', + 'fncychap': '', + 'preamble': r''' +%\usepackage{charter} +%\usepackage[defaultsans]{lato} +%\usepackage{inconsolata} +\setmainfont[UprightFont = *-R, BoldFont = *-B, ItalicFont=*-RI, Extension = .ttf]{Ubuntu} +\setmonofont[UprightFont = *-R, BoldFont = *-B, ItalicFont=*-RI, Extension = .ttf]{UbuntuMono} +\usepackage[most]{tcolorbox} +\tcbuselibrary{breakable} +\usepackage{lastpage} +\usepackage{tabto} +\usepackage{ifthen} +\usepackage{etoolbox} +\usepackage{fancyhdr} +\usepackage{graphicx} +\usepackage{titlesec} +\usepackage{fontspec} +\usepackage{tikz} +\usepackage{changepage} +\usepackage{array} +\usepackage{tabularx} +\definecolor{yellowgreen}{RGB}{154, 205, 50} +\definecolor{title}{RGB}{76, 17, 48} +\definecolor{subtitle}{RGB}{116, 27, 71} +\definecolor{label}{RGB}{119, 41, 100} +\definecolor{copyright}{RGB}{174, 167, 159} +\makeatletter +\def\tcb@finalize@environment{% + \color{.}% hack for xelatex + \tcb@layer@dec% +} +\makeatother +\newenvironment{sphinxclassprompt}{\color{yellowgreen}\setmonofont[Color = 9ACD32, UprightFont = *-R, Extension = .ttf]{UbuntuMono}}{} +\tcbset{enhanced jigsaw, colback=black, fontupper=\color{white}} +\newtcolorbox{termbox}{use color stack, breakable, colupper=white, halign=flush left} +\newenvironment{sphinxclassterminal}{\setmonofont[Color = white, UprightFont = *-R, Extension = .ttf]{UbuntuMono}\sphinxsetup{VerbatimColor={black}}\begin{termbox}}{\end{termbox}} +\newcommand{\dimtorightedge}{% + \dimexpr\paperwidth-1in-\hoffset-\oddsidemargin\relax} +\newcommand{\dimtotop}{% + \dimexpr\height-1in-\voffset-\topmargin-\headheight-\headsep\relax} +\newtoggle{tpage} +\AtBeginEnvironment{titlepage}{\global\toggletrue{tpage}} +\fancypagestyle{plain}{ + \fancyhf{} + \fancyfoot[R]{\thepage\ of \pageref*{LastPage}} + \renewcommand{\headrulewidth}{0pt} + \renewcommand{\footrulewidth}{0pt} +} +\fancypagestyle{normal}{ + \fancyhf{} + \fancyfoot[R]{\thepage\ of \pageref*{LastPage}} + \renewcommand{\headrulewidth}{0pt} + \renewcommand{\footrulewidth}{0pt} +} +\fancypagestyle{titlepage}{% + \fancyhf{} + \fancyfoot[L]{\footnotesize \textcolor{copyright}{© 2024 Canonical Ltd. All rights reserved.}} +} +\newcommand\sphinxbackoftitlepage{\thispagestyle{titlepage}} +\titleformat{\chapter}[block]{\Huge \color{title} \bfseries\filright}{\thechapter .}{1.5ex}{} +\titlespacing{\chapter}{0pt}{0pt}{0pt} +\titleformat{\section}[block]{\huge \bfseries\filright}{\thesection .}{1.5ex}{} +\titlespacing{\section}{0pt}{0pt}{0pt} +\titleformat{\subsection}[block]{\Large \bfseries\filright}{\thesubsection .}{1.5ex}{} +\titlespacing{\subsection}{0pt}{0pt}{0pt} +\setcounter{tocdepth}{1} +\renewcommand\pagenumbering[1]{} +''', + 'sphinxsetup': 'verbatimwithframe=false, pre_border-radius=0pt, verbatimvisiblespace=\\phantom{}, verbatimcontinued=\\phantom{}', + 'extraclassoptions': 'openany,oneside', + 'maketitle': r''' +\begin{titlepage} +\begin{flushleft} + \begin{tikzpicture}[remember picture,overlay] + \node[anchor=south east, inner sep=0] at (current page.south east) { + \includegraphics[width=\paperwidth, height=\paperheight]{front-page-light} + }; + \end{tikzpicture} +\end{flushleft} + +\vspace*{3cm} + +\begin{adjustwidth}{8cm}{0pt} +\begin{flushleft} + \huge \textcolor{black}{\textbf{}{\raggedright{$PROJECT}}} +\end{flushleft} +\end{adjustwidth} + +\vfill + +\begin{adjustwidth}{8cm}{0pt} +\begin{tabularx}{0.5\textwidth}{ l l } + \textcolor{lightgray}{© 2024 Canonical Ltd.} & \hspace{3cm} \\ + \textcolor{lightgray}{All rights reserved.} & \hspace{3cm} \\ + & \hspace{3cm} \\ + & \hspace{3cm} \\ + +\end{tabularx} +\end{adjustwidth} + +\end{titlepage} +\RemoveFromHook{shipout/background} +\AddToHook{shipout/background}{ + \begin{tikzpicture}[remember picture,overlay] + \node[anchor=south west, align=left, inner sep=0] at (current page.south west) { + \includegraphics[width=\paperwidth]{normal-page-footer} + }; + \end{tikzpicture} + \begin{tikzpicture}[remember picture,overlay] + \node[anchor=north east, opacity=0.5, inner sep=35] at (current page.north east) { + \includegraphics[width=4cm]{Canonical-logo-4x} + }; + \end{tikzpicture} + } +''', +} \ No newline at end of file diff --git a/docs/canonicalk8s/.sphinx/pa11y.json b/docs/canonicalk8s/.sphinx/pa11y.json new file mode 100644 index 000000000..8df0cb9cb --- /dev/null +++ b/docs/canonicalk8s/.sphinx/pa11y.json @@ -0,0 +1,9 @@ +{ + "chromeLaunchConfig": { + "args": [ + "--no-sandbox" + ] + }, + "reporter": "cli", + "standard": "WCAG2AA" +} \ No newline at end of file diff --git a/docs/canonicalk8s/.sphinx/spellingcheck.yaml b/docs/canonicalk8s/.sphinx/spellingcheck.yaml new file mode 100644 index 000000000..648d9d7ee --- /dev/null +++ b/docs/canonicalk8s/.sphinx/spellingcheck.yaml @@ -0,0 +1,30 @@ +matrix: +- name: rST files + aspell: + lang: en + d: en_GB + dictionary: + wordlists: + - src/.wordlist.txt + - src/.custom_wordlist.txt + output: .sphinx/.wordlist.dic + sources: + - ../_build/**/*.html + pipeline: + - pyspelling.filters.html: + comments: false + attributes: + - title + - alt + ignores: + - code + - pre + - spellexception + - link + - title + - div.relatedlinks + - strong.command + - div.visually-hidden + - img + - a.p-navigation__link + - a.contributor diff --git a/docs/canonicalk8s/.wokeignore b/docs/canonicalk8s/.wokeignore new file mode 100644 index 000000000..c64a60376 --- /dev/null +++ b/docs/canonicalk8s/.wokeignore @@ -0,0 +1,4 @@ +# the cheat sheets contain a link to a repository with a block word which we +# cannot avoid for now, ie +# https://www.sphinx-doc.org/en/master/usage/restructuredtext/basics.html +doc-cheat-sheet* diff --git a/docs/canonicalk8s/LICENSE b/docs/canonicalk8s/LICENSE new file mode 100644 index 000000000..31081ad40 --- /dev/null +++ b/docs/canonicalk8s/LICENSE @@ -0,0 +1,694 @@ +License for Canonical Starter Pack +================================== + +Unless otherwise stated, all code in this repository is licensed under +the following GPL license. +Documentation for this project is licensed under CC-BY-SA 3.0. + +Starter Pack code +----------------- + + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. + +Starter Pack documentation +-------------------------- + +Copyright 2024 Canonical Ltd. + +This work is licensed under the Creative Commons Attribution-Share Alike 3.0 +Unported License. To view a copy of this license, visit +http://creativecommons.org/licenses/by-sa/3.0/ or send a letter to Creative +Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. \ No newline at end of file diff --git a/docs/canonicalk8s/Makefile b/docs/canonicalk8s/Makefile new file mode 100644 index 000000000..72fe7c602 --- /dev/null +++ b/docs/canonicalk8s/Makefile @@ -0,0 +1,31 @@ +# This Makefile stub allows you to customize starter pack (SP) targets. +# Consider this file as a bridge between your project +# and the starter pack's predefined targets that reside in Makefile.sp. +# +# You can add your own, non-SP targets here or override SP targets +# to fit your project's needs. For example, you can define and use targets +# named "install" or "run", but continue to use SP targets like "sp-install" +# or "sp-run" when working on the documentation. + +# Put it first so that "make" without argument is like "make help". +help: + @echo "\n" \ + "------------------------------------------------------------- \n" \ + "* watch, build and serve the documentation: make run \n" \ + "* only build: make html \n" \ + "* only serve: make serve \n" \ + "* clean built doc files: make clean-doc \n" \ + "* clean full environment: make clean \n" \ + "* check links: make linkcheck \n" \ + "* check spelling: make spelling \n" \ + "* check spelling (without building again): make spellcheck \n" \ + "* check inclusive language: make woke \n" \ + "* check accessibility: make pa11y \n" \ + "* check style guide compliance: make vale \n" \ + "* check style guide compliance on target: make vale TARGET=* \n" \ + "* check metrics for documentation: make allmetrics \n" \ + "* other possible targets: make \n" \ + "------------------------------------------------------------- \n" + +%: + $(MAKE) -f Makefile.sp sp-$@ diff --git a/docs/canonicalk8s/Makefile.sp b/docs/canonicalk8s/Makefile.sp new file mode 100644 index 000000000..4dbfba2bd --- /dev/null +++ b/docs/canonicalk8s/Makefile.sp @@ -0,0 +1,156 @@ +# Minimal makefile for Sphinx documentation +# +# `Makefile.sp` is from the Sphinx starter pack and should not be +# modified. +# Add your customisation to `Makefile` instead. + +# You can set these variables from the command line, and also +# from the environment for the first two. +SPHINXDIR = .sphinx +SPHINXOPTS ?= -c . -d $(SPHINXDIR)/.doctrees -j auto +SPHINXBUILD ?= sphinx-build +SOURCEDIR = src +METRICSDIR = ./metrics +BUILDDIR = ../_build +VENVDIR = $(SPHINXDIR)/venv +PA11Y = $(SPHINXDIR)/node_modules/pa11y/bin/pa11y.js --config $(SPHINXDIR)/pa11y.json +VENV = $(VENVDIR)/bin/activate +TARGET = * +ALLFILES = *.rst **/*.rst +ADDPREREQS ?= +REQPDFPACKS = latexmk fonts-freefont-otf texlive-latex-recommended texlive-latex-extra texlive-fonts-recommended texlive-font-utils texlive-lang-cjk texlive-xetex plantuml xindy tex-gyre dvipng + +.PHONY: sp-full-help sp-woke-install sp-pa11y-install sp-install sp-run sp-html \ + sp-epub sp-serve sp-clean sp-clean-doc sp-spelling sp-spellcheck sp-linkcheck sp-woke \ + sp-allmetrics sp-pa11y sp-pdf-prep-force sp-pdf-prep sp-pdf Makefile.sp sp-vale sp-bash + +sp-full-help: $(VENVDIR) + @. $(VENV); $(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) + @echo "\n\033[1;31mNOTE: This help texts shows unsupported targets!\033[0m" + @echo "Run 'make help' to see supported targets." + +# Shouldn't assume that venv is available on Ubuntu by default; discussion here: +# https://bugs.launchpad.net/ubuntu/+source/python3.4/+bug/1290847 +$(SPHINXDIR)/requirements.txt: + @python3 -c "import venv" || \ + (echo "You must install python3-venv before you can build the documentation."; exit 1) + python3 -m venv $(VENVDIR) + @if [ ! -z "$(ADDPREREQS)" ]; then \ + . $(VENV); pip install \ + $(PIPOPTS) --require-virtualenv $(ADDPREREQS); \ + fi + . $(VENV); python3 $(SPHINXDIR)/build_requirements.py + +# If requirements are updated, venv should be rebuilt and timestamped. +$(VENVDIR): $(SPHINXDIR)/requirements.txt + @echo "... setting up virtualenv" + python3 -m venv $(VENVDIR) + . $(VENV); pip install $(PIPOPTS) --require-virtualenv \ + --upgrade -r $(SPHINXDIR)/requirements.txt \ + --log $(VENVDIR)/pip_install.log + @test ! -f $(VENVDIR)/pip_list.txt || \ + mv $(VENVDIR)/pip_list.txt $(VENVDIR)/pip_list.txt.bak + @. $(VENV); pip list --local --format=freeze > $(VENVDIR)/pip_list.txt + @touch $(VENVDIR) + +sp-woke-install: + @type woke >/dev/null 2>&1 || \ + { echo "Installing \"woke\" snap... \n"; sudo snap install woke; } + +sp-pa11y-install: + @type $(PA11Y) >/dev/null 2>&1 || { \ + echo "Installing \"pa11y\" from npm... \n"; \ + mkdir -p $(SPHINXDIR)/node_modules/ ; \ + npm install --prefix $(SPHINXDIR) pa11y; \ + } + +sp-install: $(VENVDIR) + +sp-run: sp-install + . $(VENV); sphinx-autobuild -b dirhtml "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) + +# Doesn't depend on $(BUILDDIR) to rebuild properly at every run. +sp-html: sp-install + . $(VENV); $(SPHINXBUILD) -W --keep-going -b dirhtml "$(SOURCEDIR)" "$(BUILDDIR)" -w $(SPHINXDIR)/warnings.txt $(SPHINXOPTS) + +sp-epub: sp-install + . $(VENV); $(SPHINXBUILD) -b epub "$(SOURCEDIR)" "$(BUILDDIR)" -w $(SPHINXDIR)/warnings.txt $(SPHINXOPTS) + +sp-serve: sp-html + cd "$(BUILDDIR)"; python3 -m http.server --bind 127.0.0.1 8000 + +sp-clean: sp-clean-doc + @test ! -e "$(VENVDIR)" -o -d "$(VENVDIR)" -a "$(abspath $(VENVDIR))" != "$(VENVDIR)" + rm -rf $(VENVDIR) + rm -f $(SPHINXDIR)/requirements.txt + rm -rf $(SPHINXDIR)/node_modules/ + rm -rf $(SPHINXDIR)/styles + rm -rf $(SPHINXDIR)/vale.ini + +sp-clean-doc: + git clean -fx "$(BUILDDIR)" + rm -rf $(SPHINXDIR)/.doctrees + +sp-spellcheck: + . $(VENV) ; python3 -m pyspelling -c $(SPHINXDIR)/spellingcheck.yaml -j $(shell nproc) + +sp-spelling: sp-html sp-spellcheck + +sp-linkcheck: sp-install + . $(VENV) ; $(SPHINXBUILD) -b linkcheck "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) || { grep --color -F "[broken]" "$(BUILDDIR)/output.txt"; exit 1; } + exit 0 + +sp-woke: sp-woke-install + woke $(ALLFILES) --exit-1-on-failure \ + -c https://github.com/canonical/Inclusive-naming/raw/main/config.yml + +sp-pa11y: sp-pa11y-install sp-html + find $(BUILDDIR) -name *.html -print0 | xargs -n 1 -0 $(PA11Y) + +sp-vale: sp-install + @. $(VENV); test -d $(SPHINXDIR)/venv/lib/python*/site-packages/vale || pip install vale + @. $(VENV); test -f $(SPHINXDIR)/vale.ini || python3 $(SPHINXDIR)/get_vale_conf.py + @. $(VENV); find $(SPHINXDIR)/venv/lib/python*/site-packages/vale/vale_bin -size 195c -exec vale --config "$(SPHINXDIR)/vale.ini" $(TARGET) > /dev/null \; + @cat $(SPHINXDIR)/styles/config/vocabularies/Canonical/accept.txt > $(SPHINXDIR)/styles/config/vocabularies/Canonical/accept_backup.txt + @cat $(SOURCEDIR)/.wordlist.txt $(SOURCEDIR)/.custom_wordlist.txt >> $(SPHINXDIR)/styles/config/vocabularies/Canonical/accept.txt + @echo "" + @echo "Running Vale against $(TARGET). To change target set TARGET= with make command" + @echo "" + @. $(VENV); vale --config "$(SPHINXDIR)/vale.ini" --glob='*.{md,txt,rst}' $(TARGET) || true + @cat $(SPHINXDIR)/styles/config/vocabularies/Canonical/accept_backup.txt > $(SPHINXDIR)/styles/config/vocabularies/Canonical/accept.txt && rm $(SPHINXDIR)/styles/config/vocabularies/Canonical/accept_backup.txt + +sp-pdf-prep: sp-install + @for packageName in $(REQPDFPACKS); do (dpkg-query -W -f='$${Status}' $$packageName 2>/dev/null | \ + grep -c "ok installed" >/dev/null && echo "Package $$packageName is installed") && continue || \ + (echo "\nPDF generation requires the installation of the following packages: $(REQPDFPACKS)" && \ + echo "" && echo "Run sudo make pdf-prep-force to install these packages" && echo "" && echo \ + "Please be aware these packages will be installed to your system") && exit 1 ; done + +sp-pdf-prep-force: + apt-get update + apt-get upgrade -y + apt-get install --no-install-recommends -y $(REQPDFPACKS) \ + +sp-pdf: sp-pdf-prep + @. $(VENV); sphinx-build -M latexpdf "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) + @rm ./$(BUILDDIR)/latex/front-page-light.pdf || true + @rm ./$(BUILDDIR)/latex/normal-page-footer.pdf || true + @find ./$(BUILDDIR)/latex -name "*.pdf" -exec mv -t ./$(BUILDDIR) {} + + @rm -r $(BUILDDIR)/latex + @echo "\nOutput can be found in ./$(BUILDDIR)\n" + +sp-allmetrics: sp-html + @echo "Recording documentation metrics..." + @echo "Checking for existence of vale..." + . $(VENV) + @. $(VENV); test -d $(SPHINXDIR)/venv/lib/python*/site-packages/vale || pip install vale + @. $(VENV); test -f $(SPHINXDIR)/vale.ini || python3 $(SPHINXDIR)/get_vale_conf.py + @. $(VENV); find $(SPHINXDIR)/venv/lib/python*/site-packages/vale/vale_bin -size 195c -exec vale --config "$(SPHINXDIR)/vale.ini" $(TARGET) > /dev/null \; + @eval '$(METRICSDIR)/scripts/source_metrics.sh $(PWD)' + @eval '$(METRICSDIR)/scripts/build_metrics.sh $(PWD) $(METRICSDIR)' + + +# Catch-all target: route all unknown targets to Sphinx using the new +# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). +%: Makefile.sp + . $(VENV); $(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) diff --git a/docs/canonicalk8s/conf.py b/docs/canonicalk8s/conf.py new file mode 100644 index 000000000..c3b447cb8 --- /dev/null +++ b/docs/canonicalk8s/conf.py @@ -0,0 +1,252 @@ +import sys +import os +import requests +from urllib.parse import urlparse +from git import Repo, InvalidGitRepositoryError +import time +import ast +import yaml + +sys.path.append('./') +from custom_conf import * +sys.path.append('.sphinx/') +from build_requirements import * + +# Configuration file for the Sphinx documentation builder. +# You should not do any modifications to this file. Put your custom +# configuration into the custom_conf.py file. +# If you need to change this file, contribute the changes upstream. +# +# For the full list of built-in configuration values, see the documentation: +# https://www.sphinx-doc.org/en/master/usage/configuration.html + +############################################################ +### Extensions +############################################################ + +extensions = [ + 'sphinx_design', + 'sphinx_copybutton', + 'sphinxcontrib.jquery', +] + +# Only add redirects extension if any redirects are specified. +if AreRedirectsDefined(): + extensions.append('sphinx_reredirects') + +# Only add myst extensions if any configuration is present. +if IsMyStParserUsed(): + extensions.append('myst_parser') + + # Additional MyST syntax + myst_enable_extensions = [ + 'substitution', + 'deflist', + 'linkify' + ] + myst_enable_extensions.extend(custom_myst_extensions) + +# Only add Open Graph extension if any configuration is present. +if IsOpenGraphConfigured(): + extensions.append('sphinxext.opengraph') + +extensions.extend(custom_extensions) +extensions = DeduplicateExtensions(extensions) + +### Configuration for extensions + +# Used for related links +if not 'discourse_prefix' in html_context and 'discourse' in html_context: + html_context['discourse_prefix'] = html_context['discourse'] + '/t/' + +# The URL prefix for the notfound extension depends on whether the documentation uses versions. +# For documentation on documentation.ubuntu.com, we also must add the slug. +url_version = '' +url_lang = '' + +# Determine if the URL uses versions and language +if 'READTHEDOCS_CANONICAL_URL' in os.environ and os.environ['READTHEDOCS_CANONICAL_URL']: + url_parts = os.environ['READTHEDOCS_CANONICAL_URL'].split('/') + + if len(url_parts) >= 2 and 'READTHEDOCS_VERSION' in os.environ and os.environ['READTHEDOCS_VERSION'] == url_parts[-2]: + url_version = url_parts[-2] + '/' + + if len(url_parts) >= 3 and 'READTHEDOCS_LANGUAGE' in os.environ and os.environ['READTHEDOCS_LANGUAGE'] == url_parts[-3]: + url_lang = url_parts[-3] + '/' + +# Set notfound_urls_prefix to the slug (if defined) and the version/language affix +if slug: + notfound_urls_prefix = '/' + slug + '/' + url_lang + url_version +elif len(url_lang + url_version) > 0: + notfound_urls_prefix = '/' + url_lang + url_version +else: + notfound_urls_prefix = '' + +notfound_context = { + 'title': 'Page not found', + 'body': '

Sorry, but the documentation page that you are looking for was not found.

\n\n

Documentation changes over time, and pages are moved around. We try to redirect you to the updated content where possible, but unfortunately, that didn\'t work this time (maybe because the content you were looking for does not exist in this version of the documentation).

\n

You can try to use the navigation to locate the content you\'re looking for, or search for a similar page.

\n', +} + +# Default image for OGP (to prevent font errors, see +# https://github.com/canonical/sphinx-docs-starter-pack/pull/54 ) +if not 'ogp_image' in locals(): + ogp_image = 'https://assets.ubuntu.com/v1/253da317-image-document-ubuntudocs.svg' + +############################################################ +### General configuration +############################################################ + +exclude_patterns = [ + '_build', + 'Thumbs.db', + '.DS_Store', + '.sphinx', +] +exclude_patterns.extend(custom_excludes) + +rst_epilog = ''' +.. include:: /reuse/links.txt +''' +if 'custom_rst_epilog' in locals(): + rst_epilog = custom_rst_epilog + +source_suffix = { + '.rst': 'restructuredtext', + '.md': 'markdown', +} + +if not 'conf_py_path' in html_context and 'github_folder' in html_context: + html_context['conf_py_path'] = html_context['github_folder'] + +# For ignoring specific links +linkcheck_anchors_ignore_for_url = [ + r'https://github\.com/.*' +] +linkcheck_anchors_ignore_for_url.extend(custom_linkcheck_anchors_ignore_for_url) + +# Tags cannot be added directly in custom_conf.py, so add them here +for tag in custom_tags: + tags.add(tag) + +# html_context['get_contribs'] is a function and cannot be +# cached (see https://github.com/sphinx-doc/sphinx/issues/12300) +suppress_warnings = ["config.cache"] + +############################################################ +### Styling +############################################################ + +# Find the current builder +builder = 'dirhtml' +if '-b' in sys.argv: + builder = sys.argv[sys.argv.index('-b')+1] + +# Setting templates_path for epub makes the build fail +if builder == 'dirhtml' or builder == 'html': + templates_path = ['.sphinx/_templates'] + notfound_template = '404.html' + +# Theme configuration +html_theme = 'furo' +html_last_updated_fmt = '' +html_permalinks_icon = '¶' + +if html_title == '': + html_theme_options = { + 'sidebar_hide_name': True + } + +############################################################ +### Additional files +############################################################ + +html_static_path = ['.sphinx/_static'] + +html_css_files = [ + 'custom.css', + 'header.css', + 'github_issue_links.css', + 'furo_colors.css', + 'footer.css' +] +html_css_files.extend(custom_html_css_files) + +html_js_files = ['header-nav.js', 'footer.js'] +if 'github_issues' in html_context and html_context['github_issues'] and not disable_feedback_button: + html_js_files.append('github_issue_links.js') +html_js_files.extend(custom_html_js_files) + +############################################################# +# Display the contributors + + +############################################################# +# DISABLED AS IT DOESN'T WORK FOR source not in same dir + +#def get_contributors_for_file(github_url, github_folder, github_source, pagename, page_source_suffix, display_contributors_since=None): +# filename = f"{pagename}{page_source_suffix}" +# paths=html_context['github_source'][1:] + filename +# +# try: +# repo = Repo(".") +# except InvalidGitRepositoryError: +# cwd = os.getcwd() +# ghfolder = html_context['github_source'][:-1] +# +# if ghfolder and cwd.endswith(ghfolder): +# repo = Repo(cwd.rpartition(ghfolder)[0]) +# else: +# print("The local Git repository could not be found.") +# return +# +# since = display_contributors_since if display_contributors_since and display_contributors_since.strip() else None +# +# commits = repo.iter_commits(paths=paths, since=since) +# +# contributors_dict = {} +# for commit in commits: +# contributor = commit.author.name +# if contributor not in contributors_dict or commit.committed_date > contributors_dict[contributor]['date']: +# contributors_dict[contributor] = { +# 'date': commit.committed_date, +# 'sha': commit.hexsha +# } +# # The github_page contains the link to the contributor's latest commit. +# contributors_list = [{'name': name, 'github_page': f"{github_url}/commit/{data['sha']}"} for name, data in contributors_dict.items()] +# sorted_contributors_list = sorted(contributors_list, key=lambda x: x['name']) +# return sorted_contributors_list +# +# html_context['get_contribs'] = get_contributors_for_file + +############################################################ +### Myst configuration +############################################################ +if os.path.exists('./reuse/substitutions.yaml'): + with open('./reuse/substitutions.yaml', 'r') as fd: + myst_substitutions = yaml.safe_load(fd.read()) + + +############################################################ +### PDF configuration +############################################################ + +latex_additional_files = [ + "./.sphinx/fonts/Ubuntu-B.ttf", + "./.sphinx/fonts/Ubuntu-R.ttf", + "./.sphinx/fonts/Ubuntu-RI.ttf", + "./.sphinx/fonts/UbuntuMono-R.ttf", + "./.sphinx/fonts/UbuntuMono-RI.ttf", + "./.sphinx/fonts/UbuntuMono-B.ttf", + "./.sphinx/images/Canonical-logo-4x.png", + "./.sphinx/images/front-page-light.pdf", + "./.sphinx/images/normal-page-footer.pdf", +] + +latex_engine = 'xelatex' +latex_show_pagerefs = True +latex_show_urls = 'footnote' + +with open(".sphinx/latex_elements_template.txt", "rt") as file: + latex_config = file.read() + +latex_elements = ast.literal_eval(latex_config.replace("$PROJECT", project)) \ No newline at end of file diff --git a/docs/canonicalk8s/custom_conf.py b/docs/canonicalk8s/custom_conf.py new file mode 100644 index 000000000..83795a3ee --- /dev/null +++ b/docs/canonicalk8s/custom_conf.py @@ -0,0 +1,227 @@ +import datetime + +# Custom configuration for the Sphinx documentation builder. +# All configuration specific to your project should be done in this file. +# +# The file is included in the common conf.py configuration file. +# You can modify any of the settings below or add any configuration that +# is not covered by the common conf.py file. +# +# For the full list of built-in configuration values, see the documentation: +# https://www.sphinx-doc.org/en/master/usage/configuration.html +# +# If you're not familiar with Sphinx and don't want to use advanced +# features, it is sufficient to update the settings in the "Project +# information" section. + +############################################################ +### Project information +############################################################ + +# Product name +project = 'Canonical Kubernetes' +author = 'Canonical Group Ltd' + +# The title you want to display for the documentation in the sidebar. +# You might want to include a version number here. +# To not display any title, set this option to an empty string. +html_title = '' + +# The default value uses CC-BY-SA as the license and the current year +# as the copyright year. +# +# If your documentation needs a different copyright license, use that +# instead of 'CC-BY-SA'. Also, if your documentation is included as +# part of the code repository of your project, it'll inherit the license +# of the code. So you'll need to specify that license here (instead of +# 'CC-BY-SA'). +# +# For static works, it is common to provide the year of first publication. +# Another option is to give the first year and the current year +# for documentation that is often changed, e.g. 2022–2023 (note the en-dash). +# +# A way to check a GitHub repo's creation date is to obtain a classic GitHub +# token with 'repo' permissions here: https://github.com/settings/tokens +# Next, use 'curl' and 'jq' to extract the date from the GitHub API's output: +# +# curl -H 'Authorization: token ' \ +# -H 'Accept: application/vnd.github.v3.raw' \ +# https://api.github.com/repos/canonical/ | jq '.created_at' + +copyright = '%s CC-BY-SA, %s' % (datetime.date.today().year, author) + +## Open Graph configuration - defines what is displayed as a link preview +## when linking to the documentation from another website (see https://ogp.me/) +# The URL where the documentation will be hosted (leave empty if you +# don't know yet) +# NOTE: If no ogp_* variable is defined (e.g. if you remove this section) the +# sphinxext.opengraph extension will be disabled. +ogp_site_url = 'https://canonical-starter-pack.readthedocs-hosted.com/' +# The documentation website name (usually the same as the product name) +ogp_site_name = project +# The URL of an image or logo that is used in the preview +ogp_image = 'https://assets.ubuntu.com/v1/253da317-image-document-ubuntudocs.svg' + +# Update with the local path to the favicon for your product +# (default is the circle of friends) +html_favicon = '.sphinx/_static/favicon.png' + +html_context = { + + # Change to the link to the website of your product (without "https://") + # For example: "ubuntu.com/lxd" or "microcloud.is" + # If there is no product website, edit the header template to remove the + # link (see the readme for instructions). + 'product_page': 'ubuntu.com/kubernetes', + + # Add your product tag (the orange part of your logo, will be used in the + # header) to ".sphinx/_static" and change the path here (start with "_static") + # (default is the circle of friends) + 'product_tag': '_static/tag.png', + + # Change to the discourse instance you want to be able to link to + # using the :discourse: metadata at the top of a file + # (use an empty value if you don't want to link) + 'discourse': ' https://discourse.ubuntu.com/c/kubernetes/180', + + # Change to the Mattermost channel you want to link to + # (use an empty value if you don't want to link) + 'matrix': 'https://matrix.to/#/#k8s:ubuntu.com', + + # Change to the GitHub URL for your project + 'github_url': 'https://github.com/canonical/k8s-snap', + + # Change to the branch for this version of the documentation + 'github_version': 'main', + + # Change to the folder that contains the documentation + # (usually "/" or "/docs/") + 'github_folder': '/docs/src/', + + # Change to an empty value if your GitHub repo doesn't have issues enabled. + # This will disable the feedback button and the issue link in the footer. + 'github_issues': 'enabled', + + # Controls the existence of Previous / Next buttons at the bottom of pages + # Valid options: none, prev, next, both + # You can override the default setting on a page-by-page basis by specifying + # it as file-wide metadata at the top of the file, see + # https://www.sphinx-doc.org/en/master/usage/restructuredtext/field-lists.html + 'sequential_nav': "none", + # Controls if to display the contributors of a file or not + "display_contributors": False, + + # Controls time frame for showing the contributors + "display_contributors_since": "" +} + +# If your project is on documentation.ubuntu.com, specify the project +# slug (for example, "lxd") here. +slug = "canonical-kubernetes" + +############################################################ +### Redirects +############################################################ + +# Set up redirects (https://documatt.gitlab.io/sphinx-reredirects/usage.html) +# For example: 'explanation/old-name.html': '../how-to/prettify.html', +# You can also configure redirects in the Read the Docs project dashboard +# (see https://docs.readthedocs.io/en/stable/guides/redirects.html). +# NOTE: If this variable is not defined, set to None, or the dictionary is empty, +# the sphinx_reredirects extension will be disabled. +redirects = {} + +############################################################ +### Link checker exceptions +############################################################ + +# Links to ignore when checking links +linkcheck_ignore = [ + 'http://127.0.0.1:8000' + ] + +# Pages on which to ignore anchors +# (This list will be appended to linkcheck_anchors_ignore_for_url) +custom_linkcheck_anchors_ignore_for_url = [] + +############################################################ +### Additions to default configuration +############################################################ + +## The following settings are appended to the default configuration. +## Use them to extend the default functionality. + +# Remove this variable to disable the MyST parser extensions. +custom_myst_extensions = [] + +# Add custom Sphinx extensions as needed. +# This array contains recommended extensions that should be used. +# NOTE: The following extensions are handled automatically and do +# not need to be added here: myst_parser, sphinx_copybutton, sphinx_design, +# sphinx_reredirects, sphinxcontrib.jquery, sphinxext.opengraph +custom_extensions = [ + 'sphinx_tabs.tabs', + 'canonical.youtube-links', + 'canonical.related-links', + 'canonical.custom-rst-roles', + 'canonical.terminal-output', + 'notfound.extension', + 'sphinxcontrib.cairosvgconverter', + ] + +# Add custom required Python modules that must be added to the +# .sphinx/requirements.txt file. +# NOTE: The following modules are handled automatically and do not need to be +# added here: canonical-sphinx-extensions, furo, linkify-it-py, myst-parser, +# pyspelling, sphinx, sphinx-autobuild, sphinx-copybutton, sphinx-design, +# sphinx-notfound-page, sphinx-reredirects, sphinx-tabs, sphinxcontrib-jquery, +# sphinxext-opengraph +custom_required_modules = [ + 'sphinxcontrib-svg2pdfconverter[CairoSVG]', + 'sphinxcontrib.kroki' +] + +# Add files or directories that should be excluded from processing. +custom_excludes = [ + 'doc-cheat-sheet*', + '_parts' + ] + +# Add CSS files (located in .sphinx/_static/) +custom_html_css_files = [] + +# Add JavaScript files (located in .sphinx/_static/) +custom_html_js_files = [] + +## The following settings override the default configuration. + +# Specify a reST string that is included at the end of each file. +# If commented out, use the default (which pulls the reuse/links.txt +# file into each reST file). +# custom_rst_epilog = '' + +# By default, the documentation includes a feedback button at the top. +# You can disable it by setting the following configuration to True. +disable_feedback_button = False + +# Add tags that you want to use for conditional inclusion of text +# (https://www.sphinx-doc.org/en/master/usage/restructuredtext/directives.html#tags) +custom_tags = [] + +# If you are using the :manpage: role, set this variable to the URL for the version +# that you want to link to: +# manpages_url = "https://manpages.ubuntu.com/manpages/noble/en/man{section}/{page}.{section}.html" + +############################################################ +### Additional configuration +############################################################ + +## Add any configuration that is not covered by the common conf.py file. + +# Define a :center: role that can be used to center the content of table cells. +rst_prolog = ''' +.. role:: center + :class: align-center +.. role:: h2 + :class: hclass2 +''' diff --git a/docs/canonicalk8s/make.bat b/docs/canonicalk8s/make.bat new file mode 100644 index 000000000..32bb24529 --- /dev/null +++ b/docs/canonicalk8s/make.bat @@ -0,0 +1,35 @@ +@ECHO OFF + +pushd %~dp0 + +REM Command file for Sphinx documentation + +if "%SPHINXBUILD%" == "" ( + set SPHINXBUILD=sphinx-build +) +set SOURCEDIR=. +set BUILDDIR=_build + +%SPHINXBUILD% >NUL 2>NUL +if errorlevel 9009 ( + echo. + echo.The 'sphinx-build' command was not found. Make sure you have Sphinx + echo.installed, then set the SPHINXBUILD environment variable to point + echo.to the full path of the 'sphinx-build' executable. Alternatively you + echo.may add the Sphinx directory to PATH. + echo. + echo.If you don't have Sphinx installed, grab it from + echo.https://www.sphinx-doc.org/ + exit /b 1 +) + +if "%1" == "" goto help + +%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% +goto end + +:help +%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% + +:end +popd diff --git a/docs/canonicalk8s/metrics/scripts/build_metrics.sh b/docs/canonicalk8s/metrics/scripts/build_metrics.sh new file mode 100755 index 000000000..610724e2a --- /dev/null +++ b/docs/canonicalk8s/metrics/scripts/build_metrics.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +links=0 +images=0 + +# count number of links +links=$(find . -type d -path './.sphinx/src' -prune -o -name '*.html' -exec cat {} + | grep -o " + + + + + + + + diff --git a/docs/tools/.sphinx/_static/custom.css b/docs/tools/.sphinx/_static/custom.css index 443412c5c..2b9e81fb1 100644 --- a/docs/tools/.sphinx/_static/custom.css +++ b/docs/tools/.sphinx/_static/custom.css @@ -84,8 +84,8 @@ Based on: https://github.com/canonical/vanilla-framework/blob/main/scss/_base_typography-definitions.scss regular text: 400, - bold: 550, - thin: 300, + bold: 550, + thin: 300, h1: bold, h2: 180; @@ -168,34 +168,63 @@ a.headerlink { border-left: 2px solid var(--color-brand-primary); } -/** Some tweaks for issue #16 **/ +/** Some tweaks for Sphinx tabs **/ [role="tablist"] { border-bottom: 1px solid var(--color-sidebar-item-background--hover); } -.sphinx-tabs-tab[aria-selected="true"] { +.sphinx-tabs-tab[aria-selected="true"], .sd-tab-set>input:checked+label{ border: 0; border-bottom: 2px solid var(--color-brand-primary); - background-color: var(--color-sidebar-item-background--current); - font-weight:300; + font-weight: 400; + font-size: 1rem; + color: var(--color-brand-primary); +} + +body[data-theme="dark"] .sphinx-tabs-tab[aria-selected="true"] { + background: var(--color-background-primary); + border-bottom: 2px solid var(--color-brand-primary); +} + +button.sphinx-tabs-tab[aria-selected="false"]:hover, .sd-tab-set>input:not(:checked)+label:hover { + border-bottom: 2px solid var(--color-foreground-border); +} + +button.sphinx-tabs-tab[aria-selected="false"]{ + border-bottom: 2px solid var(--color-background-primary); } -.sphinx-tabs-tab{ +body[data-theme="dark"] .sphinx-tabs-tab { + background: var(--color-background-primary); +} + +.sphinx-tabs-tab, .sd-tab-set>label{ color: var(--color-brand-primary); - font-weight:300; + font-family: var(--font-stack); + font-weight: 400; + font-size: 1rem; + padding: 1em 1.25em .5em } .sphinx-tabs-panel { border: 0; border-bottom: 1px solid var(--color-sidebar-item-background--hover); background: var(--color-background-primary); + padding: 0.75rem 0 0.75rem 0; } -button.sphinx-tabs-tab:hover { - background-color: var(--color-sidebar-item-background--hover); +body[data-theme="dark"] .sphinx-tabs-panel { + background: var(--color-background-primary); +} + +/** A tweak for issue #190 **/ + +.highlight .hll { + background-color: var(--color-highlighted-background); } + /** Custom classes to fix scrolling in tables by decreasing the font size or breaking certain columns. Specify the classes in the Markdown file with, for example: @@ -268,6 +297,15 @@ button.version_select { .available_versions a:hover {background-color: var(--color-sidebar-item-background--current)} +/** Suppress link underlines outside on-hover **/ +a { + text-decoration: none; +} + +a:hover, a:visited:hover { + text-decoration: underline; +} + .show {display:block;} /** Fix for nested numbered list - the nested list is lettered **/ @@ -319,3 +357,36 @@ details summary { .sidebar-search-container input[type=submit]:hover { text-decoration: underline; } + +/* Make inline code the same size as code blocks */ +p code.literal { + border: 0; + font-size: var(--code-font-size); +} + +/* Use the general admonition font size for inline code */ +.admonition p code.literal { + font-size: var(--admonition-font-size); +} + +.highlight .s, .highlight .s1, .highlight .s2 { + color: #3F8100; +} + +.highlight .o { + color: #BB5400; +} + +.rubric > .hclass2 { + display: block; + font-size: 2em; + border-radius: .5rem; + font-weight: 300; + line-height: 1.25; + margin-top: 1.75rem; + margin-right: -0.5rem; + margin-bottom: 0.5rem; + margin-left: -0.5rem; + padding-left: .5rem; + padding-right: .5rem; +} \ No newline at end of file diff --git a/docs/tools/.sphinx/_static/footer.css b/docs/tools/.sphinx/_static/footer.css new file mode 100644 index 000000000..a0a1db454 --- /dev/null +++ b/docs/tools/.sphinx/_static/footer.css @@ -0,0 +1,47 @@ +.display-contributors { + color: var(--color-sidebar-link-text); + cursor: pointer; +} +.all-contributors { + display: none; + z-index: 55; + list-style: none; + position: fixed; + top: 0; + bottom: 0; + left: 0; + right: 0; + width: 200px; + height: 200px; + overflow-y: scroll; + margin: auto; + padding: 0; + background: var(--color-background-primary); + scrollbar-color: var(--color-foreground-border) transparent; + scrollbar-width: thin; +} + +.all-contributors li:hover { + background: var(--color-sidebar-item-background--hover); + width: 100%; +} + +.all-contributors li a{ + color: var(--color-sidebar-link-text); + padding: 1rem; + display: inline-block; +} + +#overlay { + position: fixed; + display: none; + width: 100%; + height: 100%; + top: 0; + left: 0; + right: 0; + bottom: 0; + background-color: rgba(0,0,0,0.5); + z-index: 2; + cursor: pointer; +} diff --git a/docs/tools/.sphinx/_static/footer.js b/docs/tools/.sphinx/_static/footer.js new file mode 100644 index 000000000..9a08b1e99 --- /dev/null +++ b/docs/tools/.sphinx/_static/footer.js @@ -0,0 +1,12 @@ +$(document).ready(function() { + $(document).on("click", function () { + $(".all-contributors").hide(); + $("#overlay").hide(); + }); + + $('.display-contributors').click(function(event) { + $('.all-contributors').toggle(); + $("#overlay").toggle(); + event.stopPropagation(); + }); +}) diff --git a/docs/tools/.sphinx/_static/furo_colors.css b/docs/tools/.sphinx/_static/furo_colors.css index 422c777d9..4cfdbe7bf 100644 --- a/docs/tools/.sphinx/_static/furo_colors.css +++ b/docs/tools/.sphinx/_static/furo_colors.css @@ -11,7 +11,7 @@ body { --color-background-hover: #f2f2f2; --color-brand-primary: #111; --color-brand-content: #06C; - --color-api-background: #cdcdcd; + --color-api-background: #E3E3E3; --color-inline-code-background: rgba(0,0,0,.03); --color-sidebar-link-text: #111; --color-sidebar-item-background--current: #ebebeb; @@ -25,9 +25,11 @@ body { --color-admonition-title--tip: #24598F; --color-admonition-title--important: #C7162B; --color-admonition-title--caution: #F99B11; - --color-highlighted-background: #EbEbEb; - --color-link-underline: var(--color-background-primary); - --color-link-underline--hover: var(--color-background-primary); + --color-highlighted-background: #EBEBEB; + --color-link-underline: var(--color-link); + --color-link-underline--hover: var(--color-link); + --color-link-underline--visited: var(--color-link--visited); + --color-link-underline--visited--hover: var(--color-link--visited); --color-version-popup: #772953; } @@ -40,7 +42,7 @@ body { --color-background-secondary: var(--color-background-primary); --color-background-hover: #666; --color-brand-primary: #fff; - --color-brand-content: #06C; + --color-brand-content: #69C; --color-sidebar-link-text: #f7f7f7; --color-sidebar-item-background--current: #666; --color-sidebar-item-background--hover: #333; @@ -54,12 +56,11 @@ body { --color-admonition-title--important: #C7162B; --color-admonition-title--caution: #F99B11; --color-highlighted-background: #666; - --color-link-underline: var(--color-background-primary); - --color-link-underline--hover: var(--color-background-primary); --color-version-popup: #F29879; } @media (prefers-color-scheme: dark) { body:not([data-theme="light"]) { + --color-api-background: #A4A4A4; --color-code-background: #202020; --color-code-foreground: #d0d0d0; --color-foreground-secondary: var(--color-foreground-primary); @@ -67,7 +68,7 @@ body { --color-background-secondary: var(--color-background-primary); --color-background-hover: #666; --color-brand-primary: #fff; - --color-brand-content: #06C; + --color-brand-content: #69C; --color-sidebar-link-text: #f7f7f7; --color-sidebar-item-background--current: #666; --color-sidebar-item-background--hover: #333; @@ -81,8 +82,7 @@ body { --color-admonition-title--important: #C7162B; --color-admonition-title--caution: #F99B11; --color-highlighted-background: #666; - --color-link-underline: var(--color-background-primary); - --color-link-underline--hover: var(--color-background-primary); + --color-link: #F9FCFF; --color-version-popup: #F29879; } } diff --git a/docs/tools/.sphinx/_static/github_issue_links.js b/docs/tools/.sphinx/_static/github_issue_links.js index 7963d9554..f0706038b 100644 --- a/docs/tools/.sphinx/_static/github_issue_links.js +++ b/docs/tools/.sphinx/_static/github_issue_links.js @@ -14,8 +14,7 @@ window.onload = function() { link.href = ( github_url + "/issues/new?" - + "title=Docs:+ADD+YOUR+TITLE" - + "&labels=documentation" + + "title=docs%3A+TYPE+YOUR+QUESTION+HERE" + "&body=*Please describe the question or issue you're facing with " + `"${document.title}"` + ".*" diff --git a/docs/tools/.sphinx/_templates/404.html b/docs/tools/.sphinx/_templates/404.html new file mode 100644 index 000000000..4cb2d50d3 --- /dev/null +++ b/docs/tools/.sphinx/_templates/404.html @@ -0,0 +1,17 @@ +{% extends "page.html" %} + +{% block content -%} +
+

Page not found

+
+
+
+ {{ body }} +
+
+ Penguin with a question mark +
+
+
+
+{%- endblock content %} diff --git a/docs/tools/.sphinx/_templates/footer.html b/docs/tools/.sphinx/_templates/footer.html index 403c482ea..6839f0154 100644 --- a/docs/tools/.sphinx/_templates/footer.html +++ b/docs/tools/.sphinx/_templates/footer.html @@ -70,6 +70,26 @@ {%- endif %} +
{# mod: replaced RTD icons with our links #} @@ -80,6 +100,12 @@
{% endif %} + {% if mattermost %} +
+ Ask a question on Mattermost +
+ {% endif %} + {% if matrix %}
Ask a question on Matrix @@ -95,7 +121,7 @@ {% endif %}
- Edit this page on GitHub + Edit this page on GitHub
{% endif %} diff --git a/docs/tools/.sphinx/build_requirements.py b/docs/tools/.sphinx/build_requirements.py new file mode 100644 index 000000000..df6f149b4 --- /dev/null +++ b/docs/tools/.sphinx/build_requirements.py @@ -0,0 +1,127 @@ +import sys + +sys.path.append('./') +from custom_conf import * + +# The file contains helper functions and the mechanism to build the +# .sphinx/requirements.txt file that is needed to set up the virtual +# environment. + +# You should not do any modifications to this file. Put your custom +# requirements into the custom_required_modules array in the custom_conf.py +# file. If you need to change this file, contribute the changes upstream. + +legacyCanonicalSphinxExtensionNames = [ + "youtube-links", + "related-links", + "custom-rst-roles", + "terminal-output" + ] + +def IsAnyCanonicalSphinxExtensionUsed(): + for extension in custom_extensions: + if (extension.startswith("canonical.") or + extension in legacyCanonicalSphinxExtensionNames): + return True + + return False + +def IsNotFoundExtensionUsed(): + return "notfound.extension" in custom_extensions + +def IsSphinxTabsUsed(): + for extension in custom_extensions: + if extension.startswith("sphinx_tabs."): + return True + + return False + +def AreRedirectsDefined(): + return ("sphinx_reredirects" in custom_extensions) or ( + ("redirects" in globals()) and \ + (redirects is not None) and \ + (len(redirects) > 0)) + +def IsOpenGraphConfigured(): + if "sphinxext.opengraph" in custom_extensions: + return True + + for global_variable_name in list(globals()): + if global_variable_name.startswith("ogp_"): + return True + + return False + +def IsMyStParserUsed(): + return ("myst_parser" in custom_extensions) or \ + ("custom_myst_extensions" in globals()) + +def DeduplicateExtensions(extensionNames: [str]): + extensionNames = dict.fromkeys(extensionNames) + resultList = [] + encounteredCanonicalExtensions = [] + + for extensionName in extensionNames: + if extensionName in legacyCanonicalSphinxExtensionNames: + extensionName = "canonical." + extensionName + + if extensionName.startswith("canonical."): + if extensionName not in encounteredCanonicalExtensions: + encounteredCanonicalExtensions.append(extensionName) + resultList.append(extensionName) + else: + resultList.append(extensionName) + + return resultList + +if __name__ == "__main__": + requirements = [ + "furo", + "pyspelling", + "sphinx", + "sphinx-autobuild", + "sphinx-copybutton", + "sphinx-design", + "sphinxcontrib-jquery", + "watchfiles", + "GitPython" + + ] + + requirements.extend(custom_required_modules) + + if IsAnyCanonicalSphinxExtensionUsed(): + requirements.append("canonical-sphinx-extensions") + + if IsNotFoundExtensionUsed(): + requirements.append("sphinx-notfound-page") + + if IsSphinxTabsUsed(): + requirements.append("sphinx-tabs") + + if AreRedirectsDefined(): + requirements.append("sphinx-reredirects") + + if IsOpenGraphConfigured(): + requirements.append("sphinxext-opengraph") + + if IsMyStParserUsed(): + requirements.append("myst-parser") + requirements.append("linkify-it-py") + + # removes duplicate entries + requirements = list(dict.fromkeys(requirements)) + requirements.sort() + + with open(".sphinx/requirements.txt", 'w') as requirements_file: + requirements_file.write( + "# DO NOT MODIFY THIS FILE DIRECTLY!\n" + "#\n" + "# This file is generated automatically.\n" + "# Add custom requirements to the custom_required_modules\n" + "# array in the custom_conf.py file and run:\n" + "# make clean && make install\n") + + for requirement in requirements: + requirements_file.write(requirement) + requirements_file.write('\n') diff --git a/docs/tools/.sphinx/fonts/Ubuntu-B.ttf b/docs/tools/.sphinx/fonts/Ubuntu-B.ttf new file mode 100644 index 0000000000000000000000000000000000000000..b173da27417c00101dff72617f9b9a2b80ecc8f3 GIT binary patch literal 333612 zcmeFacf4&^Rrfvj-sha%*4lgZvU@r0o^yLD5YPZgC;>tXp+g`E0fM1LLTCaPmELTB!lR5i{R8LU=iYbnzw*p;Dd77Q@ZEdd`_R$nKj24yZcOEmDD`0%-tlf1 z{nb~${l~`i{@$46Ymd0%;a7g{HdnvYm>ZsE%<3OM;;JW2;vYDq{nC$&sYaJxdD#_L zee#Z-_$Pxu9|u&pv6c=YER0p!Rd-tm=2UC&WK@d4B_O z=ThgT)c-l!^LwUM`v}i(Bj2mcYV~3>uRPH_KyBvUqW%CnsP9pAA8mgS{rs*u!2Lk= zPUb-6os@Aep6|x{sX3!EU3|QH2cFL|=hhxV9Pg_Swdv1Q9;L7RrP-?7V9qA)?CK`< zd(^YTHHUuRwe`;{x2Fw7{V8oYX#T}?EAL!5RnCJ> zf618ri`lm6Z#3IVUwN$AR3F5dl_#5(+J%gX+Hjs3)!t3p=yy53)OCPMb>`JG7eA~V zgkCi>sAlFKwE^S&5|dT$Ysc=W#@D`kis@G#W8WR&?s56hs|Q`qtWir_hwh^o4nI_YphSWpzoaPDA!8mti@kc|DJTqvDSE>c+r>J zSsu`MpLl7!;fv}kc(1WN$yIwa^=P~q>k}`=I^o*Kcz=)UcdPd&z8q_f_lcMISid#i zCti#AS7}mhPGd@1tz>{~_E(BenIvyKByfZ*S@T4a&Kjxg#`f zRqw|fIE(o(U3{JUg8M%~_XhXxaGyYjF88~0w{xI&XY&3u7{Od5&ByJ0WKPuX!25IQ z?z@{b4ukyW~(g!=68!<)MsA1xRANl<%+m^Tw|^gSG>F{ zZj-B+tGAG@IyAl7b>FcdnJoxSqrF z-J#>}n11yr^j|j~>&1xqHL2dl?5p;8e+Y~?5zdkJ%{OC4%Mv94}2uePiAhTq<@_#-=)UJM^JHE>EZ!w+^Jz;(*&86T*jWX7#|1^H@=Wd|O|7O0PPrFzbt4FwQUC?DU zG8e3Tit9YubbHqL3uylX&AF=;-i7>r9Q7Ubab zA9MdsnXkMrF|e|Sg$1Uax<`vM8LvNu<^}$rTm3XN?9jh2($5PSmlDg$b}ZMKviw`R zm)KPKkHrsbD~zM=uYrHKs((#=ucG{__>$*`AwR%J!pzDKO||k_Q%CM=RsVqtdCm6u zzNAHVs_ZU4QQJ>m$z$*2_w~fTo9h%V(ffI3O8yA^9Dt`Iu3J@plXA=Jq44Tmsq0GQ zOkKZ8n&oBdp?|f5@ZmifoA*I1x0OemXhpJSjWim2jo%A-7M6)dnxm3g z$zMC2_bTrXd4Dl7kJ9QQUo8eRC9gtvOGD+CY$Dl5^MW#Kmzsl;Q;ENzdY##>{RkdE zlk}^^iFaPX^=`Ahax3m1WUM4dNG`b$djAIV;GL9%Y*4!=boxhd@G-p8br&wlnm?fa zd-5zkV{oAAl8<$z*5g@n>QjhAPOK4M6UIK1`X$?+%GET(+M~GNiSkRCN%Dj0 zZ$fv;orRqIyP6BN=g}XqQ8I>YhuTA3d+qo;@a1W?&qvj+T1x%*<@asq<5ke+mHa-P z>&5&AqpG)MY<`FPQ|XIK{M&hdE86*E@?1_j=x+O7=nvo<@}yd=GD-ll*bsG$`2@4YyHLv_b>B&SL%E(<^3wpUnSq& zpviUIk8;0(a*-EnR}%Mm(k<`eE%ArOs0ywzAI`05PDnq2H>wx$JK+9A+6)iaarn47 zi?KN>`K!db@?PSHfbH?qxP7^e^kE21zyyy=J$ga z{~=zfUB+GQpl;QxIxD9w{+R2N%lUV<%C%)vUggu~nU$xT%W2b?23Fe|LlmD;zEFFwz8gQ+2>)GS>@n_IYQ z&qSwuoT;ol!ZcRy$aR*ft=yfw-=e-hUwogwow4lSr|92ras4^hA94M_USDTj{u5Kd zme8oamFxA?c|F(JwDqUBghwa2z@C-bTd4Qvsq=EvTsfC|A7{dnZnt!=ox1q9+K(2C zm4ndc_ZHvQc>R~x)2Qd2l>L0_c{KGL;rWix^Y7^&*WNgk^jy-3K092JafwYK>2$~S562NpkA`EBZd^y2%vZfQKq_bVSYD=Qx{mDP8c#_ID- zldHD+ZWFHNi|?;ywEe&7_sWOJ|1I)=n*47g|K;R=6ZvQ4=lU<(uQ|+B+l1FUCRnMn z=3HzZ3_b2@@6Sc{&dh_$ww`z=kEtCnE;Ki__ZfF3X1-r#9s`a)sPYWf^V6_PoVNH8 z*W0;1$@MQ>e`{qP^i%YfRpxep9Ck4n@Yu@FV{=&2p8Kusv(_A4<$K|`=H=t5^Oe+n z0DjDvYs@#~Z|9`6`ZnpmgdX%A?w_HL=OIUokU1_k52!h&!_}^RgE{zV`0TCB!S@}X zgLck59p1eHp1KEPdI3E31QV8XrY4?yKk;uO{#nFdLHyf@FL_S%m8?+cN(Z3vaP6(= zPG2#1c0b0N^f}YA*27Ar^8QMY`rE(JYE|C*g_qyhO!wT4H}dGT&S?)?&cHc*ZL?W9 zJ$0InUpW?^bG~z|(rUI|TB!uNlea$W=ht1=ddCy;-8_GC=gR#4=WJf>)efi6u{N%G-w~}`%9(!yPbtK_?K52gWmer)uf^DC8ef@`mHcK7<6w?ya4YUQZoL%Q9{ZnLd^JO0zQ z(%i=EDupO7I+sLL0cmap_c>b|-+U@;q7&Hu<{^^IEVRLZo{Hq<`d+<&@!q(;Vx$Qh-|L*?W`S7*R*v!%^AJuu?3)>gKO3t+1ft#N3tfcK+`_$bh zzTVmWse4D`W~=G!RJ=~Jb-VjAz^wx>aGRA%w%Lj)${SRUz4O@nUiLo6JLQFm^SswX z?F7#9FP{!Nn}?Gm^wLvrcU?g#abTt8Uk-uWp%Yr_J5cTXYvsLk|MbY~95;Qz%hSp^ z?frLhDu2~D-m5Qlg|5~+4 zR@c@lt2GFQ(>BKX%KMvVx}OcsH=k*I(KJkZ@gMBRC~O&rux(sI$A+%y@Z2$7!mjZa zKVt92C-iL?n2_htM2jDq$i#%PNeB}grY2qdyU9#Wn42CUb|%8U84wQ4kZ?%&12Zxs z!m$|>PRwNSeKR#v!kL*9&TY7E)_LAA8-$x?lW@!ITl^c=rJcq1%sw0Lm|dQC&Hlx| zn*BCBU=Hwn&>SK>WR4IXw&4+Tl;@-7l*M<=DK|?&e>S(Z;qA;%E&j>;l=*4GpSI!I=4_sCZ|*>N2OHke+>z&V z%sGqi7-VX~^UQgKcQSV(ytBE>;vdaj%v}lZYR)G--`tJxZZ^ETx%=YV<{mtM+gxDo zL3mFa-pgFT^S#YI3GYMr59Yq+UW>ms7n=JJ-p^b}c##e7Z|=wQ1I$H)547Qf%ma9S zuzBF(@61EYg9smL9=!Nl^Dx5yZ60nOLU^%x7~vz#LkS;g9!_|PxtQ=$^9aJr%p(_n zV;*HLA-vpNO897V8R26H|Jpp(Tuyj}c?{v>%wrdSWq!tnSDGt$e!O`c;S+55L~|w2 zPcn~R{H1xac>>{8=822HFh6UaMEDdNUTv=8`Kjh-39m6vA$*#-n(*o7sf%x!XV~zW z=4m`X%RHU%=WO_F^9-J!W1hMArg^S;7U41TbA-<`&nEnN^BlroFwb55x%owNjPUt3 ze1Z7|o?mFg7nxsN{F!;Nc|PGw%nJx#O8Ebpmzft5zTCWs@D=7Igs-&WtISJzezke| z;v42Q<`smmCHzzKI`c}x*PB-nzQMej@Qqlf|I}P-UPt&Q^LoNJn>P^t65;=2-eTTJ z_*Qf6;!n)m%$o?`Zr)7z4)aTd?=){&{IPkL4X-nAmS zK64%6`^~!vf0^))%m>VS2tR1vOZXvkJ>iGV`v^Z`ewpy2gnwv$#e9J9W9EZ|A2%N& z{8bx%!hB@$HS=rcR|sz~A0zyv4S${R56q{`#|b}eK0){y8-CW@!1L$KCl_BepEtiw z_!~C7(R_OG`{oPgGlXBXVSz-A#gBi2MCK<*^b;id2@?I^MIsl;;{T5_k))xY$V5Mp ziGCsz{eML!k{;Bw`cBJgH*KrSI96wIt)9}cT1nUH9iG)Se5+XmR*wj+)(}}8A-1|e zVkQ67%K4d<>T@f@_pHR;w=(&_%HcyRb&srcJ+>0{#LCZ8D<{vaR6Msb@Vb?FH>`ZS zX{FgME46N08FinPNO!FKxof4({Z_U-V5P@{R#rS@CBws38a!fdL^3>TzO?uX+S%_c zeixbO_XtljUt9b(+S%6$&oJLu{4cb#Z!W%!cJ^0`-$Fb4+r@91+n8@JzJzx6&x!FiI(;`8S0$|~XQEA7SS%pEH3;0e&b1KQ=Q|v+X z39)uAe%;)uGFyDo+_|#3xPh}e`v~t^Ik5PIIlpq0@NSjU7a!-m&#ejXQMv8nSJ>OR zJ>fko=Po{K?p3+V;v?qXmAfxKZ0=LJ*WyFwzLg6XA2b(M9i(fVuRW4q< z-`u})8Q}vek6ygbJg{=b;(F}6k6*kOEAdr}_n3!Np1OFqd1&Psi|fq8D$icL%RIdD zyu~}s#g*qT-eDe5dGX@y=8=_`FWzP@sl1x-(#q=>Z!wou-bDDQ%3Bw2HkVi4Mfm8- zdlzpqkEy(WaV@ss4=vtkuHXd58_nY?pIE%!{7mIji`SVeE1zAw);zv) zd}8Id7q2!?s{G#KRp!Z+uPt6_uB!aW;uYp+E8keW+&rc7t;I{t)s?>{d}`%y7cVi_ zRQ_@CV)L}hKQCTno?iJk!e>^nkfd46?=@CDU_i)V7e^C;nqs%I>o zVP0Il&Eo0iC7k4Vnt5sU_KR!G%c|!to@!oRz3bv?^NQ*{7C&oVS-m&mtE%@~TxDKe zec)|6Txs4|eIntt)vFdiW8PG~X7M=l z=IS#SSD0Voe92?YTdF_5c#L^#_4$NvtG;+~xp{l_<%>s|cT`_X_|EDZ7MGfLRo_f_ zUG;5?OU%2g?^-<4yr=q}#UspntG~Rs*j!)z@Z#a-ebtXG9%kNO{lwy-=9jCVT0F#j zp!&JRgUtu4H!dDzK2-fJ!Vgz}XYoMuk?QX+?r%O?{Tkt~RR3ggk@;Bl&ldMHAFqCs zvq8UF{j0@&%_rDryN~&`>bD7RsQ&ZfUgne4eW?_|`l;%V2|rz{E$(4HQ>!oT zZa!OUFYabOSL-g$H=nPCi@TcNsAY@0m>X;T#huL;YNN%S%ol5O!k^fQeqty3iJj;t zcB23Lb|TrY2m1b^y|u>1dTq6_)^5~RR@UmZl^TZb($#8uYB%cj#@brFUR!IdwdxH# zKN_t@v%a#rvbshh^6-!3D^2BCUFBD+&YkFbZMEKBTU+U_t+ZEa_4-QPS!u4WG@C`~ z@ z#q)mY8+GNa(R%_~UsDBZE7sGZB3X;tR2&7`;^-}2&nFgDUt=R}nPNrJDs@#P)uyB3 zsw+2lWVr=LC#kP0irIG4<3_`AMCiiZyeR#y;<&B0H8QI!qBRAqiCj23z^JUPL83;Z zxyrDwu0dZY)27diSDkmOs<*+I>p^Z6TGVSDHqV;%PP^4$Ff3u01hiz~wQX+G4vZ4l z*IfIi-D;{{TaxI!M?|tyAx%?NidT$0gV0=SQlRP=%En#j_Gw94LUtf+Tw>L~6iQNHN)@%!3ps|o$cvZ8V| z*J|pFN}-k}{n3Lcx>DSVf}lM;ZLQW?O?pG5CNvpVNwsv1Mq7MnCn?Qnv~em&j=fCn zbGAiTIaom)vvjQ%5MwCSPE<~XjNT~~L;WUU#t zxA?lr*%9WgFjVa(1+O(URmw7%Y%2`vsskl8;XoyLr=Yo-#>kQ!hNHK3hLC&({^8m7 zo7a@7DO;z@t3iFm(a&1lU1@=TfE!60^sYsft1V~@?$m8N>hxf>Ad6!MSiN4734-G6 ztW;esjVmox(bn1YdeZzW=9`^K>cgHZriVBd;6CnP75I!k&=ZSyD@7q~o6r^qC;$s5 zFl&)wnNI9z0YzRm>uyT`LCe?Zp57GGSmS8fY;DEsx^Ao9 zbwNjlVvimar5}!v%_0CVY~n`URY5jJcR96F&my6H2jjs>!@H~WoZgPBf7D&)^Py?8V*;s>W&_uc)=$QDB-wbSj$Y5Vwr~IIEoO@w!kRh zOm8TivOzZM)S}jMsfR#h78Nx9z1$vE|rb zBq+v}g!R=nGgS>+r5qaBY_6y?&_QtOG{`ET7Yi)8!QNW+mJXh*(scDj)K(9i)#Ed| z*#y)80tkoW7iT$&Zh}s24ut@0BCMP+5n?V~yDjW0f3+MTVBu^GKP@S#RB4W*qvLkF zo$el{)jJ&@=XquBPB*Z>mnDN%O|<|~Nsco#Z5If#4N{wUx7Qm%HUn8Ji*j6Ho?u(q zIJ75eVJ$!miJWU& zqfRg7Aqau9Ff6jPsasW3`H7A;iNnNfh36>K3GrGi<;AngyL7a9rP%-%gm`qVv7!Vm z_^i0Yzgo=co%NQ{%NX5VEhyH5Ct#ig5-nP8TOQ2g_f1`0On6eKsonZ`y4!m47% zlBu=gvlzDZyDh}Z0N1qdD0L!Ls3 zu(SXi99~i%<73|lOIB7Kak5%PFIuWZ0x1KoDS)78Nu;=T6WWP%mKgw7(E;+cTkY10 zOH9$NCcI%W4>qurQYnD%Uat#oRV@u<)~+iMWZ5SzePJ$>-u8x>>Zmo40)kSn?z(|< zbfVQ>TOnS2NGFJCpc&|9-Eo;r16v3|WgL|P4=xN-IAJ37t8|>>2)l}BXzohvFC8)D z6Sr6lu&K+GZU=z#x_dc2FARdv_shKe4)uGPUJ{zCp)IOywH>E(0_LfPN~`%Dw(=kxK+to^{#MJ zLgNYp-M>v_Far^{<`bG0i7Tx)budsaIw zE4ir)4tduQ1zCPpSf^-5lO9Oc!*#8EqhU}_aCWJpNlOSrn!qVu_dUlf(#W^>cnTie zi==TUc;#I>aD2t0Iq0pq(OgPs2noy_d6s;9!Ju>ye_~OP3Z|7ujEJ2M zDstM<>_Bh?2tW*)dai&$;se0Kn>I-#SI8lH!^=_Nd2TcGn6m)F3FKp-+YQNo9Bs8E zf`%l9rJ%TCgeJ^VoTyw9QR$^#SS`uM7X+pq$O#Pq7CcmE!D%&yj8@zN2_)g5h1(n0 zO|{H!-*c!Bpiv__QgP5}9DX*MotD$?be#_5vt^RUGC9Sni_|9ZK+6HkyXq9?S@lb7 zZ2LqdLOBMv)$Ae~>n#^k!EO1jW0_I-MSq31#A%UR>7WAIguLiDz_#d7a9>9PHl#jY zKEK7a)Y57DT^fdtu96_pN=r*7y`g^fMym<&NR9;j<6?{fCd8up3Ie%=UOJ)fpd0FD z9n;BbngzmGl*x#)wChlJ(Cq>wO(*Z1R_70%oLOR?*OoAgD0ef=Vl zYUQ=y05{<*42v!u4Y{37@S2<&fD^Y^51+{+#q+N8%Q#XX;2w9vJlIvtg#8ExL$Q~K z&sb>XmzZZ^=cJft#ex<@VKPZUK>y#vyyhO}m5{gA)Z%(l#~Me?RhF)sVV>O;%m@R5+Dqs!K%{s^Nkk%xV$>~=YNGV*$!h^>gEnH#kqjc*!U7#x{)4HC- z{-q;EsAow@rH~0~mMJ|yj>718&M?$j{5UQ%hf$U${9dM)g6(T)i{CDqu@4=}Ht}{j z8}!toE6vubElR>m*^m!!C^R5vqKLEgM5AOOfb(stBIVqib=wAR1uanY(IN$ zRmS&*57WVkj!uhU}xgX-j1y&NYDshYmwmqwYJ7ANKq7WhyeCt5=n z)(}k{jk|<)8q8>R5vN+KO`o1IZ@ZeqU|xgnF~W#Fs$w~x5Vcm5I1D?jB%lC>;)Fhn z$}PWJQd5|v#7--KXo^u-42no>=Qku&dOPPOC23|a2~27@qS@_Anz69QG*Fpo*d%>-d4|wH>~FvXzRtfD(QP4#YxTug&0F z?v<3jy6W>RoP!vxF2uKekX%NOWWy7QglnC4*zE|Ltan;S%m`wz0^fE~2#H82dU+k} zbT+poo=Rboh}gF0f<<{z#p{I3bo2tXlCg4EnQp3*pVAnF&l($;w76@5XC@%exLw2v zk`O^B)IsK&Zq{iBK|2O?8dpemWn8ygXqg%$IWSSO&eC5hd5t7wHzPvcPLik2=4EuBN;Khabq0)j~Fwi8$HLgu|U-5VtObk zS7pO0N=cJ^CP+PmS{}{n(5j#dYuVhEbSg!FsFEyAEFX)S?Pk!8nK4WX2^b7px6WLq zbBtS?VlBlqHjYqK%@ofG41E;MX5IH(Bn8b0($m-DHe-oDlF16t=yoIosUkVw*B8zq zbF^^6MCval6>Elc(jq0i7)Aif(k)R9Qqmaeq*6d;>7pphB-fR{)3o335AwXsoMwZ5 zub=13cnNlqhPI$aw;KeJ_{KW>wwMj71e&mLu&~GhyFrX_VZ~8&bYIN{^@1cx(lBJ| zw7Zkw4ozdCa|_Jtw1bW?&js_)4@$ShJO-RO1LZZOUC(7HYg4!mBw&ANF)NuKNXqng z%^D|Jz(@fRO3aHGzrItCgn5ltRQFr;a1Zm^9xF=2YuLjLs9dzeksNIit{XAv1?C}# z%eAd!WQRlT^r>4_i`drfAs;+IgNs#^wHmNK?!;>)zm+Y*0xg!pyk^*yKN;q=r81n4Ed&0CK-+`>FU`N*W&>nbr%@|C;VV=?xf zUW}kuUj-ocybz%cW?FiRNMIg`J5B=EC`M=ktl&gxr4SKSKpSbOgIbJKM0`PDVr2?M zs6^tEn1O66T*qHAfM^(#G!^_#0>(%>6{2+< zYJrj+C+Gy7dIVAxQUWu~1GYsE(O;{Km`G1WzdK9JqlH*a6J`vPLJ&@JPurbv13$q$ zb_Hk|q~QdJRuYj`lB5sj0TRu60NzqKg0MR1v#(M*E6btsEitbv*{zI2BEv2;yc@ zM7eEm7Mu&_#dm2-&V%$}7tDjT!Mw70I#k1RE3#W4a1og2gdQ|!y|I|b{sAHyvl4#T z!#vQ)VxA-lW*vCcXaVz$fm4qq`8L{dBWTqlFi$lhO8O15`(PfDiG%gM(V{m20In1T4>@rOJW^2B&1v5rdZ6g7*Ese4*5;W;s?e<$$8C)krC##<2p8h786Ce=`qG9=}C+xnAa8NF>QS} z4K#d&P~#zQDXJ^*Wvo zMyL@nI$XyO!2s5GH-uvmQo~Ls1&^@yfqCK++bGr#UzH2<+KfCV5NYqLAPLI#v)YN6%_2%F%RrUIB} z=Y;|w0hlYLFyJLRzMBvRzylJQ1v~=uFDzwRD&?@dWof3FCFjRUY$qdujUivbE!0V+ zaMaQzNxzr(vb~&nKEn0;W$wH;9t}r>!7{m&)Z{qkfn`ww9f~#qP&CIPxGJGhAP zc_`3PD$G-tXq3e|#8#_Hv*01ed+W(vz`XRHj=_iq>0?g{yt|4as%)-{n#pr30c4mn zo?mBSi`WH$zxkD74n+-slNn`BN3rX$>ej7s67{RleVKJGWwugSckDJ&VP4ZoIVsaf zx@*=##|C@QBs=Sqw!1qXIMMFV@K!;VRFt;|gV=zPb6KafPedc+B0DI;L~F|wZ_1$% ziI?C^_)H#!-@a80onh&h7l148(uK?|&qbN9DBU1LJaJjPTGWTJ+UVk{(l zRIAky3Q5!%O1Z7qgC+UYXG`Z4iH08_KtL`f_Bt6{1DaB@MnY5DU_`)dMp=JwyXUyun)(r)8Rb@JH0$$gthU=n^b#=0ldmjQ7-TR z?6~XYAUo7>LwnkcVyRl%Vn@0!gCB{|nB&+Mjv}=fX^|d|D59*!|-RTW23cb({j`lR`u&5R@ps@{=1!qyaj#v{hdJtP33^}M%I#j+y*0ln; z0v};0DdXa($KM)C)8$k^rjqT?mQIp57Iu|sL;m!Z3}$jRhI}+aEh_3{eJNa)jS%d5 zdpQS#DQ+|>@`mAHIGaxRy-Y48H3K!+j*+AEBm*4EHo*~{z22Y&V>a&8ZBYoJNnUSA zzLQQX@iJ$Xj*~vBbDF{qZm^ZylfSH%-A9<$U3|WrQSi1fi=Pw~~ESnxKv#P8(9NU8&_FbGE4o&{pQb+NHxeqRp(<*FzsWAog zK^#>00?Nd>K}UI)4t`vNT{#7Z$7s{Rv?7l&2-uKEM8*r%@YXO>*y?Q95sw!TtITaI zlWc=<+9D0*K`=1zrq0FgaB|m0^awh_ykbPGKsXo(^X%-{+ZsEuKw%!gTPY)h839^D z7gX9%RP>lOu{Q1)&A?CCokDWTn6}K@n6A-eS%n}9b`S}LKn%hSY=w9`MgfUB;~e<} zbD_0Q7CpC!ma(BL)Dwxi&KimRP9KWx*`< zgHW7_M1Nq;ZtTZ?gB79!^3pZd!>}PbWHH3YXOS31%vJPTa-%$RtBr7!X>K%GdO+T1{eG6k>0r5FhYuMaze*q zULcU~vi>YFFWF*_~hx!t8DE`c#wJn=r(9}Fi}bS&`icu_$&7v@=yna>0B*glionuqcy!@Q1` z+LJmkkEy|7ThC%1W^LSP1ar$VcTdE+@_C7Q?TnGZjL>v*(WTAIl%<4mPee{TnknWh za6O}EQMaGaHG0)TodzK=GTK4aDvv7G=y;7Oj2m|+y~GD$B8n)zq`6McJY*&UH*mYV zM&h8`mvTuAC6hw57o|%gDm_-OZXhWM#sa*S-eO*sNn^C49;nEulF>&WLGvsyPv@hM z^OVh}V0X}$`2fuGS)p=p+>cVqhEMziA*nYAQ_t_K9yVGNW@i^*z_EY`HIvi>^HRMj zFfY@yFwct^{8%z1?UnsbdVA27!XsHO_6AAB(M9M+F+n$@KR$g+f+T1_mQHLF`hc8O z8girp^_@FB)(=zvHys@s|%aWzc_88ihoz-w=n)P(L z$2u+FNC0IcAVs=|c^D0|KA&2k%gTO7XK;C*NX#6uWdcJ-JK05GUjLyTVIHK57Kpd%m79;j2aAS9tVP1QKvam7vtD{ZlUmKqaA&LZB1QV`_DwaUA6*o4;5gS>77PuIMr5=36+ zi@D{4w!ATMFE-?UEFW~sZ%GOpvcj&|?xYSw30+u0 zt+Au*S!H500#xan-0?z=KgsaHFQ>=IU`Bw}P3Ynv8Zh?}(W6Y{WM3f)Gue%rXlCr! zdBc>h(I<{`xafo!MI>Tajz`^Mgd6keXqbBQ0T{{Ja6+Gvb;2%FfLDPfk>6P(ap(=< z8pV*96e7E*ToO@4>$;?fQQ9R4EeT9J*kyGyu!E5WbDba}MHj^YYQsm`%SA}hu?220 zJ_Ruw#={thL$V8a)5mTV#PBM}gl#^EgTW}ygJ7t7u&gEM_J~eu6Ht}_ELrZe31Yby z*%mnu`=B;KC|pug5`a?}C!`q+GE6*P?6cDlBz_uH}4B%lNb?FVp`6S3BVNiUy_$CG}a z9gc2%u>VkpKQwT0$6yR*2z${U=BdoWakdq<>vL|0eLX18Q06fM4R=RjpQDJ(ES7z( z<5*aim`Cf;{lGldMdqF7fq4UXb;D~83d|d{vQD#yK&M(zNfGJ17W?4BJU_t_eNU!k+ zo@o`nMIp_CA#)g$^%WnsB z0hkxitAxSlPt>E@u#PbW205w#!WJ<>iXUenqSaTCCA>bEr?oVX@~8n>SgVv6Ff1@{ zkU@Mrci2Q4@RG5Xh==*l?WN-ZEatV5R_S}3G!V()K=y;w8w?4wt-w6^Tx{P7TtD$L zNRYdYJS#Cz^C4kVx^xy2Fmp+Wl#LDntuN-1LkqPM*>TL%uCCxkF7Hhy<4N%h%>l;} zwesF{B1w)$Sj!isSN z4TBY^#JnNP^`_q(TFmPX+j*ziUt%6#r=;MewmH~1Yxpsz^9sx>%v?jQHi4ZjiT!ix z9(zPFrW%GrE{BVY&-Ipj9QLDSX%_`t703t5M{p*(PvQ444~|pWOPBfGwaAAng?UJy zezRc6o?Xzz;QG_{p*20jXI9P=+m;?#W68QrMGN!vnUgz=<&pEy#%}67w1Shn0LZur z<_YR26EM%>HiLf>x5PYmz{p6>>kcjEF;QdV@pfF(KGH-Lb#w4_u z$Eqd)37eQ?2rRk6yiJTQxxX=D?ll^02<-LQ$|*zae4?pH6m-`}EX)&H3@KS15#2@Q zl87n*^Dr8ygdoK$rpRwGPj*15qAp86aMQ>*sfDPuhk0!2f_Y#7)iN8V<0L}Nfmi)3 z7;^3+O8arjPmU`@X$0o6*pDNoup9fC&Z+U=gAlNMSj_98`*!WIu|3SQB#6}}EjTFr z*hA52M>z^BZ@EGws&FFOVer+^$9^A02z}V^#ekf)d@^33WqX6v%D6*T9rb;fDTg%R zqSq4Yta7D3n6~*Dkq9jK5>h_ zG1Cb^EE7vt>aJzZ`Fv;JzMaj@GWUFacW0a5%j9vKrXyiq0kvt??~gbsSz;cnA6U#& zB|(6O?F9{66bD`glSV7GiguRuEY=N&YTR@-9D*2LdSrMhm^ZpynAe2$1~JPgDh%f! z%jOA5ck|r{GKV_X^MHl9U1?Dv^Z@@)OzPCW*Wos4dpT}N_4(C&f+Z}Pl zWYcer3ggnK-RrgnD6y&u%*){Ac4jfJ8N`hiR&-=;?PK6Z7W35UB(=TsGrh*RSG2Ro z)GR)2(H)1(i-VnuX<1?(+c`F(2x2%^UL02rGI!SYW{joMrzb2ZZ2T7t*%xzLkD(YZ zRzr}q8+v6?x(~G+Sk!|XLu{`)?!rFLFqIE|dkXs|Q01|wb#fQPaJj#VT4P5fU~4Q* zH#T5y@dMXQ%31zklUV1--65E#lOA0dNJ0pjBAADrhfPMQN36tsw;h9KLwc44lOEHO zg~G)mhg8Jo7c9&_s==PrVs>p|bjgFwaW96ivnBb|XA6I$o)k#H1R@1pC60p$2DR89 z^+?QEi0-1aQiz1gip8G^t*R7X5I6&S*@Ng?3!_Z1ok)%G$r#CsuYDGooOK$Po3g1z z-fWV_DM?WQaxf2Deb!G9d|;G*lttrNI$+6AJ=m^g@8evV+Qd9XQuO=7uorkey+QJ$ zodceQIBBSM7u zqd4K<#3{qeJH|||^b98&7{Xx+=6MmA2OE`6d!<2l%nU$INYXYk`Y_Xf02KnqWB3b! z4x12yyS7uqW;1M|2y^NgW17!;<}u}w(YjrPVs|%eO)Tbl6Q}RBMsb7L7=$g)M~w~I zxx-0Pj$@{cmeUPcf4WwxODDivXb+3?&5B$x`GLKnl>_Ql)l`0>gZ~P+Dx|#_x!)>> z%QOiSTON)Ji=)K~L2M*DY3(gMNF26hmdV0_nA`doTT{&W19?n~c(HBiwXG?|CE`;6 zqV<`8{=^5{o$|3?o}1RLS>b%nCY{_xF>=Qrh{%fL0g<=QJ#mhK`z5u=&DP+N$p-0GKVZW zA(N)LgVCiQ?wbzMpxw;(dd&0_ohO6T(o;l=JS9%TIb5R{5|cuN7mbxdBoxW)oafX7 z3LxoW}2{3lzSROp3c zPLn11kP{VJABRbvOy@a_KS#+7yIClEA4j*;CZqNsZ+;p~Ydvj}jFXz_Q!2<^l?(CGgH@6QR+|Tc2 za+KM8%5vsFd0ekI8cien#URaMlmljiB6Q3U)tuu2QPUQMh&rA(`G4QoG8v%|54BY? znG8pp8|#~s33DgNPaj_i=1rgETg*$tQOf-EBmNW);8i+K7QiACVO|ubS(_mp<_t6= zaUApfCK3Y1mq?h`9%^&7#5|5Avl9X4Ar!m&!}e5|$A81-47~Oj%u_wc5Ir{vogSO* zU|y7R1iKrt{wy(XszZjHN^jF2D-dyZ3CEWucJ2p5OC4bzTwFL6yVSFeD`8p6T8$~Q z@G0t!ymCFa@XdWm^D;>TgdTgJQq`|rse zTUJ3HuA0T+_$Ojr`7F%ixihht2kT7R>}7SCncBanK!kQodF)_h zL-q%Sd3l8GY(AuG2r(E}vH8V4V1_}};Z9aAXc0Ddx7XJP(asFHu-)u2;Y)83ZHg8L zJuQ*Ym`R*Q8z|CgFr{S8bn!H6 z$AJSh@*ocT!$)*}?rJoDPLmJ*3KB(vJtp#<0g}!op`@ zp3H|#6a@SB1d$ABlf(%iXEBf5b{U-r^L$zTmW;Ku>!F`_$Nh~dXcmHbP?dur$S=r+ z^oBtM^JqA8j>fe@?sSQbkZxo#FK1YX1C%gdn5Pc**(oZWAVK>Sg^HA;%}yqoEpnsb z#`-$Ke2IBj)9hzkMc&aE@YpEJ=>u{lY7L1gc4BqVWLf7P=FQM$Wxp%x2*d5|!-ozX z-rX&8Z|^&D_~4=4-DSyqn%0}49l8b7_WR@UEDr65(ZW0sSSNA{2Prrnu*5tR@5y@8 zkxn}Xj%{Z)r_dZYXV^&LpaI7JQPc(2^*CT909#&Z2$J+ zDDSmd^u|3cVEQt6mhn*~TWmoKYhN6pijur7%{k^!5nROL%)!ct?Otz=#&9rd&$YSg z1ao)fx2Gvz3xGn%5Cf!WXW(`?%H4|j|1H^qV*SCWDmS-FwJ@*OvjS0s=&G}mOc}Yc zhTQ%s8r6&|c6V7H3%Nn_O}>}GnQY`0zWm=xrGcD)dGKR1i-uq<-bJx!D?u+FC%u@( z6Q6S4HMQGq;xqZODBWl9xRkay;M*ePJdVHW&l+`Sefcyj|4ssisHF?p(>l3}(;k4l z+KdxB%JHzkJgoi&ZZ8iUlm!)ceQ*Zmb!Uu>PV@%zHhPg451=CX!`@ir>?Q2qjk<0Y zIpLh14dTra#xFIwn|6uD$cP**Q5uQDkK2&t;O^$;C_b<;&VjCh{@>E2w{prHDK=+i z6p7+MiSu{^uF1psn8cFppu8wu5>e@8^~(FIO7R7OA#v#S{pnQNwzgfptVfEFj2W~> z^TdpYkfP(#+*s_Xw%rc5H~U$SZN4g7F66-gIbX-1(Tpzxde@lni>nanbJ#*-##x*_#Zu z<_I!TC+C0}!!>BLIogZp4Wl^DhB>WaZ20~)qD~r#k;adQ05_jCAWn?Z5eha_Mjae- z9J+Kp^w+}nCV`>flfJ4na%12@JF1#$a>&2-*vB$YPnL66|BsqxxT4>_u-qvk-N7qCEdk0j29ESzq*(U}C!JZrME%&>*gu$#m#+Z_6QCFyZ8 z+Dlk}{KCw&!FQe%jpI8#xft18XCRjcgeKHo#OuE2;GSarER<8!nS8JpnZRjyQGzFvOHa=|1lxxLEHh8m*QylpLs-_vN!t z-?iM-MQ8;lcWK^_M)6uR$?S+EY>f?v`wzg}1#UyF|Ln9&z*}#fkzwBmT087z`3d{7 z?BDmJ!9?Wjr!fW(PMXDTv^hxO(Cvv7z#!>j49j?fIgNg>tbjH_(vFkX;RE}&$H}3s zNe^*cl2hq15%!{uNuL)v*Z?|&O597fp}1m5ObQWSBvuNMP}yS?zaFO^Bp+f>UwUj1 z!*G2aD;a_*5_>-2TtwuI$cBo}K8sGo^GECKElGG!!O_n4Fdt-t9_JTE$a5HVhSUC# zW2sp-%ZK^qzTqs(w^ffnNG9m^NouzqSwKbr%WR%a)6jA+vMpwTb)K<&a8gd~LVCl} zBwWkm&8ZYt;3XMmqime*n~Y@SmUR!wZ$6|?X)l@frafnU!g|>wahk{Tp;J%_`s3Fp zti)CWF8ZBY=?}dlPW;()-v*-`cY8>#v~%dN|A_F`$3R1Gs851pn53@uZ8*-rSOv)_ zo=kd!iSJA&*#rd}J`m9-9I7qd0R443E5Cvm45Y6rjofsyvn`3NWGc1@kS&;@MeIy_ z4aGAw-`qxVEZlTX3_GvlmV`=`M#^O2Hn$4hwaj_oz-gzRdivqRW$yh4Pe1LH(~cZj zCP$eaZXzjR#FZOyVtFeqK0npxX3!+%_&6O#2F)_M5+O{>A%w2)!;X!xI-8>qPqkID zu`!)vF5JJd(d&=m;ZJQo+c#$On8iGXaNcKrhWsDkO~9*k>>I!$8ytBVq)C6^Afr!* zqih7`_4_a-pZK6|v{{)`4l03p37ALgg?aIatq(AdKNI7Hn_%A2#MzX#?}nSgymc^7 z^|YgCgyq2H>l3!n+i9QAPW%*Ws$Yn|o7Q%(*)kaFQ@s&qmv9*O3S^${VIEv8$44kQ zbb{hgTxlg5AfPI)@cp##TBlX^(oK@6)k`KN=0&MnFyt&7CM=%#|BQKJ;L@*;Q1MR0 zJRR`^^VUc5S)}h;Zt7yRiIclDAH*Gw4mabFpuLM{stps zF>ljhFUwEamqols6Pt>hjOM^%UgE}^!*n!C_f6><8#-Rl1M~O}9P1&NCxsYJ7Umr} zxU+AP9@(Du`7hl^;6>>Xm-^tq0E+f3kJO8N&gN!F&Qz_PjV!U47YXxHHYPFU?@UK%P6g(HWkZl2@=W{FzN4i897;!spz9-hWC_Hy%jgEM zlp+Lzo0hS9AZCG@sXw3YZfb%t`s}7!sc?BetUqK89(pN2W5zMB$JK9k_j(PgpOzkLwH!Qn#_6Y@ar9`J`{3a-&p3_W%aT!MM_c+7y1=~g zc)q@!alqO-{l$VLUD~{4-JZ_JCFX5zY;Nqd-O*?h7)K!nqIb|tX6py`?;hCP><=c% z=*P9X5~Vqe%}d1^X$R{T^Rb zcGIYBd4v6FrkA^}g_V^uleEM~T&yuIKioz|J}q^(g?V1I-JON*2FGS8J)<8J5A>XL zJDhxPX9GSv2{NpyL1Eh8mPltmQ67yfp;9KlzTjIPikwGkt!9(b;fmeeI76Y3FQmO* zH0+NQxAaH^)@!9!-ldzRaf^cjY3ky;Z2h?)JbpbNWh|cfK4NH+kxVWAu%aL zc~Q9}qRkqTOQ#+p#TNvgpbCcLaB~wY8R8R`t3Go*OUT&wQPDk41!xdAsZI+MLGABtVr>YV^*v-RFI zjprgX);)`PSb*a^8|P}*6e#Vn+mbT{w&$2XvN4}DF%|M@Z~uIf3$c1^6A#l(6e0BL zY(AI|oUPd)McSm0e!4k!3QB>a_^lZPjz>A0( zdAf&r&?MLQ3f7@&ZcJkg2yz_q+uYCI-FO@Hn@-oky8Q>Yx7Rlh9XxPodwVdPq~kko zzc4Un=M}Lqk0IO|aoRu5_$!sLQR!MOp2B^s`r|wsj$MTLtqBVl+&vm@1BL9A=dmN+ zU^_K;TA90!=A5&ok%JrwA8~cFtQCX^#r_#tXUAe*yyLA$oh^>dQhM$t=@iRBXUd6C zHaPMTAMOVE23Ak2$qsky0X7Z9cwz;jjD2zaWd_7Hxee;3YTR;<1Kz};6BGwT3Tdw& zkB4KuU%DacjyxQlv#cyV3OD9~Y|hZ(+3L+Z6B11F4a?k8R|cGS9dPDKzK_kaABt^D zj}(OEPo7VW`XQLdR}_3bzde=jC;u7q(k;4rQr8=f(^dP$4K!~DQt zLfp>Aw5Jpzyy#pKQ3YTg&PUS`+hU4Wj6A1QrZL7t@QK52aX1)rE+Tbi`G8Xce09Oe zSM0d@#*iC!WvWG^I&@$%ob<;-KA)QB`;di()2;E;?k;W&ro-JsldZw= z6tAMY&C-6hzS*B;$%a~qbq~zj;2Hh92YGsvY~F+C(YCRLWV`DqtogJ*%BO=FCW}KG zGd|1X2nmwwDBtE&Cz*dXMjIn{-)scR1vH7D~Zhy*O0ZaNE)<#m7J7^DcXkO3e zws$?N4Wj23WZc#tA?%AL9L2U0pq8gTD{TQ+rN%UyASiKIyYLg1etCFyP<$Y((B0~1 zoG(Cv?c)7j)?ZrU_6_F!^@02t8DtFW%MaP@7)DZJO24~~;DYKnNIAScjN1Cjmp@e( z?XJrYvwE>%c0!nA-#xh-jA!|JuihSTa!iEUnoMT1Q%>vi7bC3S`x9g*l*S*c)t4{b z=l~<5vuEkSuFHfRY(Pb<9QkZ}1OXULOh%DE>3jL1`2aog$TnT0PaNBghqECh9?%Qq zE99iKk6p<<>&&A^w+6R4ygkXg?)sqY@wDF;oeyqL2Oy3m(jaS-c+x*Qo)dSFl9fVq z7mZ6Is(@ZH>rd8ImEsEmuQSiE$L;O{7d!RN z+Z)4?WH<0>+TWdmhBQfwT=xLx&&@H3hvVLXb+@1tW(E9#EeLF-!J^+|t59Gc?DgZ_ z%~KEZhctV^WZcJ$J6rFLr#tf=z3Bsf<1J{!3YGQ;9X`3r(fzT&#{CU;_4$-5?(W-0 zAj$Lx0W=l1`0%cD^Z5a*hZaK3e0K2v(Do+aQC9c<_&M)8TV^tAW+s!F%)IaH`#zcM z$z&yj2uauyVAw&VE`Wd#0i$&*TD7!TYpGi5wbpuVwCELUEk)o`E7mGTL^hGSRlHuW z_4axt`F+kzg4*`}p5Om@{`b6j^S<+L=bZ2Pp6`CniA18Tx3ClpWKtjf70>c3A8xD%FKg z#iFrD3U+KyEE0xJ8w_UB=}asZ3}>q{)v=feIo>lpvfD&RYNUd|0aos=jJXj7R$<2k z7lqNe#Ug-?03VZHm*{oa-Cmv5RT=dK!~l$XZg1Qr3h)%zD>UG24p*V^|y!x(Z7XOgf0b79?OdOO-6p5(A4Xy@jnv`5>yf zybS**Hn*d=dF?*O#8@siiZx`ns$KSwy;6s*tkUYx`|NCs3O;+l!8WIvZOjZaX^3&# zzue*h5nP>Z2tjp}V;Z9}6B`m553o(FWbuw)PqsL!`VW%;SEIjDp>~KYTCvgr?~}(< zUE=_MLD0Fa@?tRQS3d}UJ{uy0ec-R1K|G=CMA0XJA{9;!EM*u zQa&LNaAd=N2jWd&&3Bq{+wZ~D7Z{7gT;*1a9it}IEnv521CI<5mJbwz?KXHz#xbKe*v*v@KUf1B`l8xYf>m^rP1pGR0VH9=ki8e}KtzM0M@gA*wlud8M6F>J9TQ}#?SIGJO* zD%af5R9joj!)|YA=$bO6tEFY~?S|&=u8ywO)`{o6-he*?NeM1!mIA?eJOk%!u|zr@ zuwF2-3@}U%_#BA^ZGxuosZ=7BsMZ+#{uE+ig28CCwz|4Dm5Rpe>uT#$DX-UG>7Sh( zDJLZRoQ+`aj0&HS@}Ym)1k7G!nJlg#XrLbp6;%O`JKz+20iE6JNCd;~um{oAfwafv zgn}p7v<~oW5q3+RM$jji0t#tc6v9wI5$_-f>hg*#xNDbS$g0&KezvSJW;LW;YW8(e zS7{G}qZkmOgGd3b=+hXC6=EFHa8dlpx|v4HDjf)hSrS0TfzgmR3n^}6(jdDJGRTs^ zf{uXc1x!NcEVxYFwtzR_WI;T|%_kPOfEc_u6cC??3U-ZGhzbrpHc(>G5X1vPG2sk~ zVJF)>ITS3e=4;8GMpge|a{B%D zprFt=U1ruIA{c8R(A13H<-oW|c;mnJorxa^T0=0M!BT~mK?DO}ZP1`YIwOE0Twsns z+zkNuor2$=D95M@gCi4khQrRfc*yBNk;^OG7BS!o`C;_2F<}oetX9$B5H+2x_4P4l zM@>8c1{8LFS!+fU9ND-Zm%IW4k+YIL>=SD}LEOv6!%p@DgF9=bNg%Qh2-bk;3;AF! zVfTvw4ufb}L$*XB2+31q69Rbx0gUL>MV#Jpj{{N|LRcW;BQlL0oX!Zc)#>bwbs=xi z;|m}XHR7yt27}&kA`nLGh3H9m!rp9cDCP0idC^l~pNXMvq6>r!S%aH6TtY12jtZ4= zhB|QmA`&`jayn<*+MH{nd zW5ERPD1yrZVVyUS2s%(3$odISEC?7u_QhB*!2uQG4UsnibNO_t*i_NvYAX3t1?T8IJC}&Y<5y@08R9Gyn;}CIhks1tZytn ziEqLLH_50IxKmf3%`$93v<0G!a6dAcWle2IdrNEM#W!18ruXzr@9dm>yQO``^l8(l zOqqB-5Qv0oASs#bg{&fxRJz6`6b44KX$9;K!CBD%SSBu4A{ntewS`Y*GuceNwk#Ba zIGT<`5{br!hQ@3*kRz-HSiEgPXH`&(uo@QzdjpLo6M~6h z>!}I*ePK7umSsY~nU2J~F+WBIhpYWwH>_q(yB@}3w+p(r9=?gR3qly83tY}9Oe%24 zJDr*eTb&@3U*amO(`cY*+3U=y%Can6i!2|5Lx`2Ton&Vi7o7kxLGWFanmQAf;QkvxSVC!Oh9>K#KpFZC*q2^+2*fcn+xpNRq3{}ZSqs> zSRM5;U|=({+b~OD%EK~4MRk;IUXjKAd_4(SRP`SwPcVeuTcUM)nHSsXN`^v_NLz;s z`~@3O@#`Nd{zA|ioI+(4H7v#f0b};MGQAt6j01`=2aDmf57iHOoS{&r!W3|s#QKOQ z7IQbHqHY-6-4?6Q2A&oTfzLq}ggPubDqRMrTR*Kc*PL{BH>Sg4nLg(JveqsJ=Q=ny zf)J+|h&&E09uB&4{s`{XrDJaP1cN$*@+1)12b`5*S1=lMyY1|L5x_AwqFZ8)>gtHk z;dCQB$LbHGr7X96D~&@nB#^Li%96|34yJ=; zwdtTU;SalG9=|gi(-$G-c7?FjrU76_!~^gb5Gw$Ql5Kvc%bHEJ)Uh@%ho=D03CGF; z;dDeqZP1Eoe>#Gp1#XAkt9NEk&&2cLa6H-o zNvRy3SEP76Tixh&P7FU_BiUS@a&`mF2k}2$6&F1E!l&wL>S}U&6Xd&^Y&C?#OlvOJ zT345;?r3Z6sH+QyBhKj3nis8vwEfvdFe!@=_cg^K%)0!TQ^d~1sAAITaCEdJqv2!_ zD!dVm+>ovcS4I7Sc(OSf3BrQmb(MJoaGO*H{6?MMT<1p+pxx>4d$X`G!U*j1>Fr{h z%Vit%o7?ny2pz7ridv_+IifSLT#Rl{l`Y^auc|1A3#lxS&|%K2Kz)6^qX?F^Fe7nH zj7g=dSn{FG;&Hf`in?#Ti|O<1e!$P340_R2e!nl^OM2NBb``f|EENp;C%2-q84o1= zY50^crW(In7xUNneP(PGK6juT7>2DOnD$o%*%pNzJZkqtRPq+EMxZmUm1d5;x< z6m;wGa6HfzP2*l$eN~V>!647zJPAbh0iT%k$1{mQ(8cZ-0bCV~_`F$9Q&T$P@&%kO zmm``=1_NGWHW0PPe4t3Mltb=?^`0Gq!D?h{G`f4bGO=_7oIe_<4z>o<=~z`mvI;~X z5UGn+#oD_vO_5kv%nNA5{dJId{GoIJxC(oB)*JHGHH6Xl^}rmc2AJJV*HjOD@`ZxQ zFe_JeDB_C*eL~0`^|jXroylNTG#;#qWWzO)?z(I!48j|M$eQpsCzAdM>Q*1Gj~iR- z;=Y<_GEfzY`EpgpBBX-;B(~N%$aro>8H@Ffxse05m@nXHs+rct+T5Cq2B4@VtBkQ^ zL)welKn|*l)?|WVZ_w@X2Tgvc?_LaaaD|+Kthc5nnW`6z4Rw*apxX~Fi24O;9M(d= zVEPmgnmB zuGX4~)X+S=r)z3k8^abqG7TcrnwrThJEqK;)!X0GQ_REf@9SH#Xwj0nb0^>Ko3(67 ze(}J-#Pi8yHq(JnNUNvtLN?pn+!^v=GyzLSqsQwHT3I1jCXq;eW7ZQaD}1W0r9C&b z%))40Q*(87Lqkt@cTZbeL-UMFdV1U1lF5uOv##yW4#E;Yu~!mW`1vxfu(L`c;rHP9 z5*a2kG970nL{02u8%@$`+C}^5OuC3Jq1Vt&^g8+-x`Qj{Y+RPB=4Nm^xM#V4<$lMV zKOuk7|JDBAlJRj?Q=%x;M6s@6C zX+NDs7t^Jv&t^JIchK*07OoQYsVUUw5bARb^|_J174^A;{|^5X{t^Ch{sjqk5SRcBpirOMLVebY!~dW@Go7=Y z^C#+~M|~_=zcIXiUjopa~T zojrHv+^KUX&z(5;=DFkNj-7k`+~~QZ=UzSc$8#^^jY2w;J5xuKd>-l@o zmzL6HbUE2TSI{5P`{^U}QTiDD1s&mE~bKh2-w&+upY zxA{Nue~_G~Kd1jpWE^HcFM#lGp-2fgQL4$~#LvGw6yM~D1o$8$a`clDq9iI{h?;1K zmgtC{7)Tj05)(0#a$+GB#7b{8^=Ty>7rjZ_U3Fy!a(o6c# zN;AnUGMmgHbIAZ1B=g98vVi2tLb3=Lz65o;pFBWzlLyJ8ksHu<-yzSCZ;>0x zMsg?lCVhzfnEaCdgxpSlN*@Mwyo=t8_S(fCqz{st$WD46`7L>s+)K8QTj*}Goc6z9&wQEXeM|)dqORl-8u>n?2SZ}Kk$P+3U;>CS&g!e68x@;9Y zE?KeN-HsXpmSonzNUj|xxg`_8?07s8$MZ`TqY{@fF!T+K#NBH~jPBMVv~d9+@pfD` zbD;1_@oLA2v2BDbUN-U8NW25@0!2EuvxZ>>WZ!c44eTZ9@iUKSMB6VJg&Ab!7%{h@ zQG6ZS2bQlK5f}iGS|a2Hen%$cjH%i?%k11Jp()A44t^Pq4GEeFr~yZ(A2$#u2Z! zb=jOi?n3&%6vq7fZ zo9Uj`H*cWO+7nnZ>ubM?_iHZRn>ZWc+JJza;X4{o;rD3+^%p> zo4K9k?4I}_5w}krAwbz2x@(OgQ_PTdf>OFWm$*fp*tvbl)8oTSw?CfCZC}%|cvT(x z!FKo5<=fpe2O7|rg^s_~HpH?wkZE+AWpLH@#e)pBi5Y;zA046YCNjdgn;xf}taL=_UeP+Da<{VU z&Fp$}@w$v%m%Cd>sF_B=)=DT(xhIwjVvCw`B!NALohOU&e+_nSd>`&-YdiN+O34!s z35ga91O!SI;Cpg1o62x3!BL8%1RS{;S1HlroRUA_|G!a5?%Uk;*BOP4R|bXkYqUac zjn2|}WvflNY)MeKbj5OEMO#o9PgC+sGnLY(>0Q&FmXG&O8&UMmAECF7cxSTzxxRTLvRg;U?0NGC9;ftKjsFX;rs44V!Ug(w$HL{S*I$k2D0^o8 zhOlKJ;WR|UJxO%fH9Xd#hD`o3_D|S8-a!cWTXyY#HSHujA;auK9zVu@Bld4$zZ-io z?Zn|8>|3x8W4|5ySJUMEt++UhedAYeLY^xo=m&+=3(2n&a^PA#`#fae*^ul0*Alf9 z($zy5AEO?TPuvcDSZjEjvo7#}tsHGYCIxi^~5 zm=osP&7YOmls{VjiN#}CXZaM73pZBmw`!~_tfD^J&DH>hm)aXE;*3AGI?Y2 z-sGO-N2%qhEvX%;M^Xn;$J4&_qv`$WW9g4FT*jJ-WX@GBui8?zqw3+ReO04XA5@KH zE!pp7AI|Q}j%GisCe@bef$9U*C#pZGk<~bAGBr2U+*>nJbD-vU%}2F&)Wz!B>*m$1 zsk^c6-nx;xLv_dNKB*h4m({PYzrFr}`lst(tUp)(MZ>Iyvkjj&Y8pL_HI367mo{!{ zyrc1f#-|!zYCPAJX}Y~>chgf%FE*WN`m9;mJiYm$=I5G^H=k|(sQL4pF6YVB&>la+Cpu)wpnef+qSjc z(>Bs}xa~yS$L*5#%JxKiXZyVNHSITcxH?8VBc1nlj&$zt{B%loO3#$VQ#MZ7KIMTa zd!`(oa$?G7U7D_;u2Wr~PA#44nwp*3Gj-|Ip{aLGeQ4@4Q$OnFy3O68?xyaI-S>7s z-Mz2-<7wt;tEN3L?UiXC^l&|vo>)&;&(fZup1XP;=s9zV>yn{MMyHofzhnA4(?6d6 z`3%Vn%?!&7*Nn)F?2O!u?iss#xn4uBt2fo#+S}i|w0B+a4ZS;hclSQgyTA99-m|@* z^l^QLK389=ueGngZ)xAUz8m_^_UHOn^*`5tsQ*O&x&Du4hGuS`d0ws$@G>{so8)zNq9_SyKH?VYI^}xD; zp@AC)whw%7;J$%}2c8&scHq#!%LB&;&JBDtC>cx)_7AQaTr;?7aCq?6!Mg_U8GK;y z;lYu?rw8{99v*yo@Yvv)!4C#Mo5#&7owsq`NAq*@@1FnBf~Ey`EciIzlb@A;H2=lI zISY?2DqXaC(TT;D#WydpEZMT;(Isb=)-64-Otx(MvUip@EgxDwx}tN%Lo2N-Z(RA# zrPD7RS!G={yz16f?_Jh;*|y7GUaefcc=glY@O@+BH$J%h-pfC|qUVY|S6Z&za^*)? zExzi&8qb<7YYwe>Y0dGqzO}KnO>3vGUAT7j+Kp>(SbN9Xd)Gd+_PMpMtbK3o7wZh` zeCrz4^{%^o-S%}4uRE~r?7Fe5E3dA(de_y@Ts?aA$LkgA9qY5}@7ZA8kl4_^VZnxV z8{XSEYvbyT+cti0(7i)@hF%(aXXx{5jn~GmZNGNl z+WlKxTWYpU-*W3#%hrdsIks)uc5d4j*BP!G9u|k2hUX2hAHIEf_wduhuMB^1J-Oa^ z{pHuccSF|=qu*Tc&5v(fe&Y)_k((NBI&pK?&G+1V?v^#TymZUxt(~`i_N}^a-Sw@% zZeP0nrQ0mGZNGia?a$o)-nSj!Ui0le-#&GR?~XNhJa?z=PT!rKcdoqi(K|oAtNX5{ zcWt@rgYS^;^+N8 zzvJhJAN4(Y!$0>tMjm_U7t??7?1**b#*tHxuX_C46Vsn~>X+OvdwzNAFZb_B?Ah^T zu{?OnWg$+d}|9a1JmCvnv?#ypuzZw3`%llmWuH3i(x2?Z@@wexG`^A3U{?Pu`{oVWf z_pjc+ZU4>t@7VwF{{8z;?Ema}-SeU6Q_t5u-~0UX=eIq7_wysqA3oqaaQlIW4(vN{ z{J^INl?NRMYYz4vTz&9{gS!syIe7Mv@lfng*P)|_PWGpJ-hKFy z!%rN3=J5W*FZ?d?yPDtSe)sI}4*c%L7fN3+zR><0Gq%oO@~dOSivt;t#SvX#TL}4>$hd_LnPP_PpHx@&kWV{&B${cm46`D>bj= zUb*9y&t6r&YJS!AYV6gnS7*Jt_|>6TZ+`XOS08(I|Er^~etcAO)OED(==7tjj}9Nb z`{<)bKYLB{n(wuy*9Kl&^V+Si?SAdq*ABmS^tCguefZj6MQv7^V%9Q*LtU*C|tp?jn9jldh3H@e?g{Klp?cD(V(8~fjQ z>5b!Wyz|B zcb{H*dfn+8PVYFq`}7m1_n&^{^x4y&pD~;XooPR_5Z2-yXC6KC?3owOoH+C0nJ?Zd zeXH`V$Xl&%4ZOAPtsCFE@2#iadikw)-umLK;;iwkcs6jh|LoA&hu+q`9eBIp?OAWH ze*1>E?|A#(w;y`@iMOA7`?GVgbKB27aPBGCt3UaZ;!nOmHTBKvA z?@WJZ={v*k?0RRYdNu)xGO`H}!7QyWQ`8@7-PRKK1U)@1A}4^Y?V`1>VcN zmwT`0y@B_ZzqjSR2jAQC-huayzIX1uPv4ikZ+zeLe&+r5_h-Go{QdRs-}wIb-hc4@ zJ?|fQ|LFVY-v9Ii$p^*{JRf8~==xyZ2j~9$;GduSx848#$|pmR@Hoi9gzo1)f~qAa zVoodJatc)!S0bkhIWOZ#{7C!=)tx$`I~6{XOr-Try&rpu-jy0V%6)Xfkm9yqfT)e{ zjQtVChv%hU!1N1B^YzC?ASsRI{M2M&dki87;1 z?vBw$n#LKXu&K&q(<$@mQsp|O`hIn-$5YF8j_bR0dP=^~!;2CH6)g?O+?wzATOC5=p0 zJ(idgY&uzag;g)Ln5}wQIkD-a7MUQ8OPi&<)QNf4oim(QIj?ix@07_fEQOQld^*mi z(_^6(-Jl-J23d6@R%-3lQ@y1e(^XPMnJ7D5PRpfNS*XRz^H#3pWg|5ze^W+D+2S$| zt2&e_NOL-VDxcr?T7DnSbf@zBPUiOkunY71_U#+ZAIy{A-Xaa_*#E7%12mt{TXduO zeJtJ_|L`}OKl*piu)8cJ6Et0&mZweb!tSni%duCb3wxT!k#?+i-r$_N$a2lMAz!b@ z-nG!O@pk78GuB(ybE-!kx%%3xA3jXq$h|Efs}?En7Wot>&Y& zR8MI%s8>hT`pbe*V=$@@2Gw^~)9PxUa!G<=W1?1DE7UHkg+x-w{w zOsf_Qp|<2UrOc_iT3?A(o-o-G=E(^)hMkQmx8m|uQloN{#wc1b11u)s_9a^*j{1~G z!TPKeu>6?6nmY(z2+$3ljWqdru3YO9;HcX&JR`O!#>KYg0$VEo00ep(9dR~*xDT*m zz{G4~*4daT6{C+a^_Z-(>bj~stGFt5i@>D<4RFhFqBK{^m2S-$a4O5mI9bLU-j)>9 zHq6XfA+bn!(>861lr*0lJJQS&j(}?3dciuDx1L{^59f7<^tH9|_$}dEwjQA2wc)iE zUGZifxb>BeF3%v|3lKB|zTPx-d;f=f^rppqeT&(?76WGxkX7lSncK!T-^M-hcQ-hG z;qv7R*^ZGgX~gXQ>B6)p{^kb6fZ}s;#3!9j)t&>*x&K zA|0pG5lb89s}fs9X;lVs)Utg}szN*{Ol4HkYHa14tzzq-%xRQ4TV>^a7IBJpiZCTU zWyTbVO$M`6j^a;|>myhrLsamJ$V}2{k(HOLl5_nkr&3flH`2zrDxNf-&jXg{4Yl#w zG{AZOXda+ko6hHTqod~wJ-GnQ{Mvl}7R>>cbj2gp8)_}_{Mz&RwaEm@S2F~S(E=rP za3&Dg@+MkcuHofCS>{WwS^p^X43;2n_08p;YPfdMT|Y|Yfk&M_O`&lqKa^> zvvHBQ#@L8~57Ahx%riTz_G`qjySgK(6>XR>_{Vai%|+YFJ$}KOG#kK)Kqo-c$wAQc z65`xTR6t%eFjFNVeNu%|QlcWw4AoK>QZF&)!75ka9tX80%T#Lauic4tb#?2KQ(5~` z(m6hbF5Lkg>d^~_Qo4ia>kIR2K~(f=zzzVT zZ*(`Tn!RAb>{SijG`w+icH6SgZoBQXWo@%Zi{F>x`;Nl*qdALGB1a?k$yrZg>;19Z zzRYAHS}{DC58%yc3M;+8iQe{q$%T>t_0X5V%W~wV+?3b@Q5ua}#l_Aw&S58y;8){S zW!IJ6S;k{dV9e`pt*^J%)@J-_VzsumSTU@MWaQDP45O&(oMmMqnu8kaz=aQjDyH;l z5Ww1W8b|go&G4uqUI_NI#PwkeDs-!{E}%v!k+4;*wX1asjKC<>cziB3 z9xKJXq$;UODZfFkRB>!xd%Z-lMIn(;1!j#UjKZ(|F0F@G78GkQkxt|x<%lGXn+Xo)@p%479+{jh^a?}drleqN=wdzix?(F^Quh8IQlM>jBXdIzO z@i?pV_`AUSmw@*?3Fpe-p@pnO1}SGmL14y*`7j=*@pzGBO^P7NM7f)$hkrnOzrUA1 z%*w?P*Z3!#8T3~TPkkb1*DNCiHssb~80aE5udpnWxymk8N$r>NYLLg~^QaGQY2%1H(n3psY>OfEdhf#@G`dD5nlR(mK1}Q(1&mW|$$dJG;q)tIF14f~zr1fsS zhRQqb%?;J&RXZKsZq8dOc!T8^rqTZ}I$0D9WF`Pf3iyObZ!TqBMpO(us)#lsL>5JO zh0H}=dI`!eHjw)R^Q}1jXtgDRqv-M*8WmtSwBio{?$V6=3@{&!8GG_%=7sTBAS18Sf zQhU{uQ1B9?d2VB(uinXUh(lBgK^)qXh+Zip-MMfXDP1B}$}wTCU|MA2(>(R?)WlO6 zPZhkzsNs3p3I!%RCQ@Kdy7^@4JjgR^xrIO+CIXzm6|g7@q)C_Qi}c7@1x%vN{sG62 zc64{|7<ubnhkp3ODznnw z{$g*_sD>4}QeBrq%4EiJoJldvxl*{)EM0+>p>0?UZbb=72c!aGpVu+Wf+!sx4O@?( zm{2dQ=MN+kUIuXp98QxPWi0}m$r}@GLswaIm-nkQ5_-+&oRr^jo2&iO4qJV7q|{c? zU)$02qCM)+<@e3n>S?P`ZdjG*Z*a*~rLt>PCTMkls~0rG#65$^pEzmDVWgODSC@)(kCddj*Dj8Vem8e$O3)pjx6`PTeRI#|{nS4)y9L9nSUqlz5 zzknthU=5T}NKz1*&`+8uHJDQxs}11k#9K5^j)6Zq1=0Suxtp^$gT zeAVslu~+Gz#7jETvZ?pob4&8N%iUXkv}Yb*#}hwbXF&gRf-AOwro`_N==ZHZwQ{K? zm7yg$l%`GFCbTVT;}s1{46Y^0*5G15HQ=cGk(v!Fz2XxT-2ZHCOr8HA>MV`skBqN{XchC64&>`dd_nu@fq zHaYf?%Hp$S5++X)#Cvav2}=-&CS|-D)peYA3Xj8k)m&_ffXHYXZ+`7%#Rn-Wrs zQoJIlUsjnUE6U5Akrlzx(iKi9Jm;I=nZ%(3tmefo2_YH+V^xeVav(D#$4M}NH5K$i zNZn05b(W_}DNrbgS;x$(s+&w{L(78tN?YAv^Y!0Mf8(KbRKnFR=uFb}Sgu;4;62T8 z%wO*_WHU>YB|>d)A~35XdjHO)cdx9XVuMJv?z(~uPp*Z9(I7NQNOSr7!J@^Z1tH~cKvFBE5x`>xPiuK<ogeG zR@hvbrb-Mg_vlJ(4yPXUQdv<_8TGq#}Ys&!5Z##R{wsXL(qg7?1Y4e16z6i-Zsq05fgEzA-6_ObV$54fD&V zict15Q)od7D@w9i?$;P17imk)tamzd`TF|#SnEzFm^I=33vjrTP* zT{<XDr)s%T-h)M@73x12$Bmp(!7x`Llwpy^E(y;|j8p++ zRCAc;UxA2VW_@Z-FU;4*88)Ly!W9Sew^)jXl6-#c+Mdf)&oCbZ(UyyZ~QCIyN# zakF?YnQ($eJ0Y>SnRE^XmV%+CV>~CSZ0fO3)Hc;_e`i~Zd#9_lta7X)qQqhAA~{OSor+W6!@(a zSf+29=${2SOUA<}Suj-k-2RCpIx(%TUE7#gmu$VNH`?2pxc@_az|uLVt8HmdS5vOZ z7&DZ})!YMEuqQUHdS;?xPWFl`Y4tBTE|5(Guki*$E~eI@4}QX}2d!~KPH|||qLWp? z>AlWN&7J&ak4E3ER`8;&+sR4|S+%Hnj1>&6sYB=$DDR|1P&AxQb_B>+;F$FGpFN&k zctcO5E9+52#o1X;N0n%b_hen!kf;tjH))>z=Q+3J6KcIdx(ySOR?TWi%xrKgR2tb< zqgcdC2J2q{)}@F5&*U7kPBkl}dNYPYP||MRSiv7I z!Vhqh7Q~s0K>ko=H*Q#a`39X!OP{Z~^m_|JYqHr5p~3I0s=1ERjjOIenA-7qHxESQ zD()vrd0@`XC=^AMIN|EiS75oyc^R+el&nxnwFrDKX{Vb?rCo98l5$$orBd)+0QSX3 zr@FBV`#X zsa7t?IRzMIi9*uF74iUE1U^9^24d+(A-P}7K;KJW9($1*#y-Nwzw^zpvxWBm4{mFr z{hM-br&!uvgzYA;=%sw8d9w%WX*)@`Xya9iZjJs+@FE-30}%c!e4gO}1nvpi1}i#r z;IEQEh8T4B6-z9Mu7uUA*;Tn^{`BkSC9?~!>q^e3^#U(ua*dlWOV4a@a{RxK{Y+Jn zSa9>4xi=TlVynJ_;Xx7RcNAdWk_!;Noid2iO=<$5uTk?QvUbI$(h^SD6_>zpL}dyv zXn>@ku; z6m2wE?5Rt-iEAgDBom)!-~EW0E%C|TUAx#fitj4NKcT-zdG#cnb7(X}1(po~6d(n=nZVNtXh68HC3r?Y7T2d^l0=(Ot8(?Kr!k$UWx$= zpy)Qj9ViHZTB!gdlvLVNSRD$pB5Tc5u?K!EsZy#e0NI4aZ$PZ|dRYl4o1oWBg|`6K z1-v7*wOe^mV9SflG;!z_i7w3iRRrW2J}YM4E)Z}i8>6>`nSTaXadYwpquRW`&^XXI z(*=FAoW5_WZR_&v+SPb%)!r$0&Y1bbDXtkardE!9aqSXk$ItgZ)4$@Q&7qYm^G;`e<;u|J zk5=?Qv-jr+^_=WK529{bNR=6)Zige6h|6D%n!>U;Gs>!or@yKIwATWH>EA^yuD zJWCZ4#d=uD7++2?Uq*A9{b#*DRUoja4db$`y-+CzRA<|+fqSoW_Rj40{P3FhE*+~w zF&AI4AxnQy>>Et>`-D3Ox>E)zHjGKcxO!mT&PRHhew%g51yDQK)3MRsf z)VyrM7+ACcX}BUmpA^d++^ZGw_DHw`b2-L4!jblP1*flCaNX1?+ZJYP7H#cdM>;>< zUoVRF{ps|~deK=wGc|b2{8()MErWx%EQrMxFas-Bpz%uze5V53Q82ahtc?7%Hmwah zyrNyX$!h45$*|Ovx|_B8dDh|}ydX2c`U2;nOi`4DsmTqVUJmYKDlqUEN5vmL^zg3a zuJpPpES8t->o@spxL;qfW$RV%aX(ioZsO?SNQ2#1UV;y&#@i=gl_KrAfZ#Azcs%4H z$TB3O%ZM4CbOtx4wcRmZa8yXUJq&K?qX(IFbpmv73mhppKmQQ~V|s7X!Ho0Z`?q)l++esOgGE^ySmTps_ z*FiX$AoUR9(FQQ5K(2yO`OqyoCOM+d6+F44(^=>sT&Kw9~VZsx+)UpgYWlt=3k>Kv+7(?YpD=#OC&DI+8u^#wOE4)%Y7ma!k_6(E%}BD z>x*yE+fYYl|Lg}1k;C_9DghIg6g^|05wKiyU92T8>|@knG<@R13D8-F``D_ueuO!3 zPu_IlWiD}30bZSe*H(P1oHXS8`gQ|@kzrFsbH$8`UsU|2LLydBImnU4!0BPvka6f` z1!6Eke2PLdlR(k;L3Ji9QS1!vsYO#)cQ|*IIpdYJQ+ByJFV_U8u4tsc7+V;s_v$)l z(cNQxjVq@HSi3R3=P=4)CO^w9Ghh)GJxogKQk71XHB+P6W9EpNnsq8&kKT+GQ7!lD z|Dfmeas}3Bm#HK?CDK}g@i$?@F*5?gVkt37iAu^UB*ki%RG~5}^sonlm|`4QQN3aM zO;NM?Qn4vGeka|(Usr1;t`-kP2Fa)`V70pMX`<~W8a2@h6IGe$IuD)WS?S@Xd4BKtvxiT6sLMmkJQTiAlSlA$u{CE+ zgIYRGOUJeJoR3Bp zT5HfswT4B8s|-9l{KD`X!?;0;89NsX+=xJh3f3-|ESsy~q=H~p?)`I=uMU4|=1_}QALR!1_%l2g2=;T#)y+DUp)Xv(q z6}qo!t+?`~Od#W!`@0|v_&EPWGjq;TyVIpp+breE-R}8Sce-0e#LV1THQ)U+r3JI~ zVpbNLiu*?J(kriwr#B5>SO3`9y+2<3>gv_6F8(oH`B?pR!<*8{E3aI65$At^_BWB& zbKg>O)Sy?GF#48iO>D^*U5Oe(V~I{K(<}5^$N_qVnjFy4IXYURqrX?sK?THXs)OXy zQ=-E%g*vQMiHLpr4egb7PTjRu|`U{T%u4&IDSG2 zDTsxv%L8>L{ihItFT4ihg@TF43t1S=gv1M)i3+4a%BP2V#7Ap~+IO{ITl=KgP4Ag< zN7tHHR*(HBm9IX!rt6MEe`Y?#c9c~Q?}=MVG$qm!O%IV8iBv<1cHlB?iGgUlbXpgc44{_sKUYB(r7QY(#IJFUUs)_X3nK zOm+pC(d3**wbx%i_V2v*nhU;b@Tsr)qJudDGs?mpJ;+fbM*&R^Ut+H4zbQ43NTZ7H z)7~HO+AnJGf)eGam@E$~#zcu^R3V)$|FS%z1#ykpUYt-}-BnInG4}7*Ur)7rui=gt z%R>y*$@#dwu&pO@WeS+fWiqLh<0bIjz&Q?kaQq;Qgv_@$nyNUMvcyxE1@5(!g)u<6 zU+ynUbH1(L{`S^CY@`bt|MHhcI=@g)*z>2*Psg7JR(bZ|E0Th79%4-w8BTCHj>8bH zX4oIYRJTtDh%rk6{dBCfaSQ5a)qP?L2t|vO~o|%gKs^0CKt9 zf7KoB|HKQs8*f9V9O9$?Lf_*m;hRd51-V);-&YjAhtk@#kiI{SU?wq|h~}bvw6xED zZAv1?BvsVq(((!9I@@GXMS`=VS~@AO+Klo(6_%qCbbRjZ3xWKxv6bYr=%CaeM1Pm04WZ2aAB{ZR!o%qncQ)uiI9p_Q%qz zIBqQ`k!makw~g*`)bu9DUXYg=f~|>I&Zn13G`^Thxk*wYm!htn^qFfhkFo(>VmEw zDC3Y}tR9NyV$gW4c{ z*iZeXfN#K{oon&ORn3rpRMIkwsu?|DE(0~f`k2E!f280sXSy)zkUyVi-e=Tj0_H3- z!CAx+_?uZ(yhVqiJR0ttpICDPN5>wM_T+*yDvYIpWKHFi%Q~ENAyt*TtrZ@N8oamj zvQE#pZc+=Sv8-0LSyoyi3r$^qb(yEqps)0np+~Z~mVZWDm`Hujsemb+muO)DD~F*T zYpL~>4Ve*ZI$J{|a(G4HA!26Sf*s_-z7zRF>AW5;G{~axXuwX#I;$NaUQB4uWN9eW zS!OrJjW(~THEF>_7Cq?@mtVLx;h9w31A}a=;PQ)TKLVlfa^D{lR{NRf6fJWso*4NP~-~3i$ zanS0%B$=zSq#akR_jD|8w$;|8jnuNWRPhnVPapf}`mK7+R*kL(%h{{0UthPV-OG9? z!=D1IxzYlx+j2p93Dxu!qj!d|_7sKMRL&_lQy(2NLmtr2T?9XZ$50RFMvMjV_3=x*hRG9|b{c1ee zn>%-Esyv=5wsV?$FwJogJMtKRdVESD4=wD2t$T?bdB8Z|W#6nT?aP_9yugFQ534p; z!m3$TAu9!v&4q+iM6zO@))yf`TZru#OMH%rrN?*Zg*GiT)BR- zG<#)=%~DAyK>u@0x@tMU=wi_(+M*V1VIfcCFk@wfmOEgiwMH5?(h4J@?-#2OST*%__Crp|MIcEmXFhsnsSwNW$6l}Sm zxgnCKXpBIAtA5iQkN7o@SFLDp}IB!Q^_LJGal$X;WGk!+V=)s|iK5gZ15S8!k)B1no z=M;WLRl^5_G-4%w;qSiEa{sf{hPvi@Ba&XQfqQm@x=q(m0 zQt(D!>;VWa(!1%U-l)c**;$sZZLrr)DHmtDoBI-mo!)3^SR+|lUU#QBy%$=30&_BV$xfFO!88pk9-2Y+i zP2l6Y%JboS?wx(#_kGulMl+hxYRS@-Ez7cOM^a>4b{u()6P(RUHZKGVObH1P2S^A@ zfI!(PB@|O=(?7U0N%_+_gw`d38cqCwJUwew$eoW-P?1mkUKYqW>gzY=4A#ZP>p(jh$N&iMXOu)pRyzl{Py? z9?IoG)rx~2d$_r6zdyEOOJBSv_)v5AX40A&4BD@ZmiMl_ZoFVIKP7&JcJKV!>(y~w z3x87DTVmASqwHQV)xb1AN&1f`s)_l8XivlwIK9tUj>C8XAE<>vDG=?8o#Eku@YkAVz`0X%zir53Ou2Pc#E*h}9GKztEOyFQ@wpzFT)yw*vTo zWo}I8iU&GjNWJ5xu{l>TH+2&NWWr8sB;S*p*y1$ZZnWi%NFQi)rQ2%BtEK{mqjva0 zVZ28cUt%8-KMUDsg`6c4u8Tg`Zb~sYujfr&RQMtSI|QC0YiL-D_Dsso_XOZ za)Bq&$KA_4!4gxNU zo3ttX1+o?`B6kaaF=75aZtTFEzo;jQ<@_Z}6sM{%6~Py-?aLXA%j_oAJIgLy9G4;B zzK{2v^p+94+a;Wq-*}I}jyTv2I+k%U!R2s?54t|#I_Hv7u9{2a7hE=@ZJXWY!T%?q z=rNW^VFsPohu}i~LqRG79}Nmjt_0H|M%2KqOLAZ|?95}{TM@OD?RT=9L_;P(10)*xab zZZ;sHFj9kh-G&b#ja2gS7m@FQ*6I>+e{`iv+dgU;`VDcXRi9d zy|))PEYV5=V-{v>+tlhy%cDTU86wOSCvw*)c0v6mX?x;9KtAllrx;1PU?G~2B zfmvW4h)dY0LVD(cs*kx?7=}b*FWDwKJ$Q#M z8jhBt15wEyWuiXB3?ao>5D5bs&}DL(^d_B&+*!D6M)Db{+2BSF84O`ot(w{vCF~rj z3fYqC5TRFWCtXyOjLM%UP=W~dkgDKi>fb{!Oe>LB6ez>pi%4I`{BQW+>A^kGM-71( zaz(}?Vbl99#m=5k`I`2Rv0ER#wEq4+d%3gIbWZw-qY|#hKuO|cgUad z6iW8`^<{91SlouhazPUgEDJB+T^??8TMc&^bfw&Nzx~h>*TA@@F}UY3u1=gx2R+&h zc{i}Itz;AJHm2%Ix2d|)hO)HkX5^<~=StJf4#B9~OkypaoUwU7QzIW6$1~{YG94tT z_DP2ef`D3+)Tg9P{H|-|*xKmA!bb1Fh#dYg`#AfYXY}f8if`PSnb|a%0Q3>ssOnC0 z!nj;4m;q%ytx4_59Ry^Jq!u24I0p>7qCygI@8+$1ikraY>y8<1nOAi;jIK4vOEBptK7YfKG?J2}L%?ldn zA)%XfoDW@?1D_+Gm}~C8pDSefGo+K9!ZW;|y9x&j^989Oq@-!T-5e%b3+IK|T+Zz_ zg=Za+YGhYLikN3jq&c2j)=%^i{UisfEbp96Wk0eYCgf1)QFsNMJZ;Jy(QM&S%y*2Vb@)+^=13=%f9D&pFoyGjUBnKPJToBQv6t9N`DF6r!F4j#5yZa0{_>U+(0gTZ3nJ6N&UZnJrh-n!Rp zF&JEiz2p;bUwpIh55fmUKUkP>=|eWU^OQCN&6V1GNNF>!4KDsl`ZEY*Il&14?Y!V*M^RWWIK^{({iGKUs6J(FGBT=Z z1lzR9ptWER+-ygrEMi}WU%(VG$Mdx_XDKxCX|N+wLh^W8OaPC1WL+lHjLG!A_Z@$j z9r?-hJJzjx$MjEb`}VhQTlNk=Wa@~|6@(n;pbm&#Lf3$g}h$eJP(#fth{WQYQ)ORx+%oUZ`ep`kRTr2 zD0kt$JSB_r-Lf#|7!$|dIKP7K4&m;Ki2T}+{dqfbrdJ{dBBvr+Lu6%kb?Hs(I(uI~ z^1gndwm_>6yNnur5BL2SN})@06pDWd@tjL>`4kATEG8dA)1p;t)ffD}Q2hUYLiGPX zMeWxwkK)HV;J!4{Uy3=Q2TNHG#Nquw5Om09=BV{_ZLte6+3K|GP18_9KqCxyH2{l{YfR0O8KHjwnYJ~E!(Mx~n7NwU;o0?yVr{Lhneg-`Q^;>C^4)$b|&pquACG>v3 z&L=qdz*4|HbskI+KWGz%l(;WNh4bEHLtOTqeQ>EIEsbi7OtTfQZ4_cZg@0mWm}j>T zkj-8}aX|NI?XX3YB={ViGcVH~vN2DtJDKdxc^ZG&?r1&l_vh=;NEiL3B?bBsgp2GY zwjb*yCA+m^1;FV%FrEIigr+|`cLBOI@?a;cG~3T*Sv)KK$N!sWrT=&}pgyY+XW5W_k#5rrOb%cn9@aYy zH+nH?ZNPH9;kUoNVc@fGeEfY6C5F2)(i=ZJP@XH7ugh_ng6jn(FZd>c-kFZ=9KenS zuIVaO@`)*Ct#Ymj-5_{oo%75-IVSDGJ2XVvCje9bBSC8rWN}`rmozw(iY*)y!fgop z4T_Tj=jbJt86$?dkA06A=Ho;=5^Tf2l->y4B*m`{2?yk1$rTxzDHP19bk|G;;5EnP zgv{(R>zFYgA0F;!{iRt)SB2yKM05@uV;w9Nk9W@MaB`D$q%^Bn$ZZ;$7JTA?e`Iy# zigLy3`UJ_M7i<0fc+IX5qm7jBCkR|Sb@CSdIuuni=*gZ%M%TZ)}Kl-Q@fLxX)9@puwDR^A$ z&s*a380Pc6I6t38eDPIs(U_b!B@&X|7LL$KBa-&cNU3mOHW?A(cGs+}f^&o+f#m`% zGJHbjAX5W-uFJLDmmjq1JnGo>}4rhY{5oA(OK35j2ph4uF0Mw-)UppJ9tSa6g zs`!)M&iF7A&yatDrz>%PHhAA$`}C?#>wE6eSWIwHSTB#Rg^Pm0s<{{Z%a0NLjrdKp zd4t>@3@D)@imPfGCedk&(H^%}tfDn#6J~)7W{AvsCEcun&iH)iM!T_q=PvLA4=IyM z{GbEFI9djNhjmI~?UH9jp1fQZKlLf5$I)ajQ^q?y*Fg*FE~fSy15ObuHR6cx&b1iXsp=MEjl zAAW`O^|%LC1SLI|F$L~nF>})gN!6f_UPwbj%+F1A%0gk0VA(e@2a#ud$Aq^%wCvl> zRitO5A2DGtt=+yRU$5uaTsv+uEdTaosU1nc+uPA!w)i`AdL{U6LU>r-9Ev62{uYYTwl^wy(3VtE@Y)4w6*A zD>Ln<6H43}8TYT8Ce5Mf8uzY{J2fFeyScx|7E5l9hL&8=U4B@82m+vlV3{Va0s#W_ z#$dEvLQU%-Vp%fw(E4qlrje*aIz6`yAIQv05gQ}^wl<(`my98RYnN)LTA367T4U&GAZtISR8$$ZA~7kV1R*%ia+n)^`?uCsIQp3RNFgL}quxv@Qi>faN4wqLU+q}ysR z7YnW=xS4LdK7cU}09Aay_ypoLONj09C#4hf?sA*yM6g}|W@LL8=6%_Ds{?TY=Ws-F zkk;~IKVXV3l1$O`=mEu$!(g=4m#4*FkbTP$HR?m=SbN%29Vs~dvnwXA371zUJxOz_ zEz$?X#r5o7kzFN9ju2>Jz+33c{F~O^H@ii5v9W;ID$SCeDw@!)1XyeKY1w zFWijaX7DHADO3>R_dc8}BaomV4{3C=cAhU!j;!$a1 zK%FYK6P$k>s7teq76#z4b*ns5D#!ypU9#OZ-sKU-2M+)PY**!AMXbb3YX?iEo}TiV z)ogX`M1}2wvulG|3J1%KimDU?tVp65z!9CDBMm&kdV+Eg!H(e13)pT!QpD%~5C!32 zro_Y4YuF25j%tZC{v&AUubcsUVRvf4_pu%`a^jkwawQUxupZoP`k!ec zxqknhY>PpEbSUbKC-cE4oB@x6F^qp$Jiz9}=dh9jvIPQn1G0(uBT3g7drFrZW~&yy zE$glGWQra0qQk&Zqo6 zhdlI@i#`rA0O@q%mtH&s{$m$Ll@oM=PS95EW3om+Z)A@l?nFf}(?15_o_QNM19TJ| zx=aBvgOUv>X7H#Y$*vX0jJ$&zSZ0KT@%Nwm+})r1+}XP^mayotRp3P_L52g@37ahx zu6p35?KuJaZ5aQhGdnW}GGfR-AC5U7235{-9}iW#1j4!qKSBIfXi3j^L5?xi(@Ts! zryRhz4+HB1I)vSsF+Z~KFMw+bCtc2Hr?V?GUC#HW9KdqV#KTrw+P>Xj)pt&o{3(~+ z<+oks%es;r)5ytkOh#MVh5dklfGBw)f&`ShwyFf%w{&6{Ashh1JkTM6?-$$3kHXC@ zV%@1bpgW=as7|BPS&PDaTgG9XcY45OAjlEO5-GD?{X{oUkyjEyccDl91eJG@+_7kK z6$?T)ckIQ9oqHv5t4V_l$a~?TbY!fp%^z#`cX)Hb^_fC%(&qLjqOQV7#hJ~-E&f!6 zz18bzyV~VS*iDo0WQe!m-vlj9-?pg1lWz~Kz;Egh&V z&7^}jeg0$dHKTIqUA8XY{Y`QmuHfe?lon%QPp$&^LW&dqULvr5*w^lJ>9a1ImoeDRC9}mO?bW#oj&^^w zrq|7iMzhW0(MqOJ(5p3P(dHal>PDMQLP$1iPUsN11zVp6v~%HXjci%ZgX&@8XrR00 zij&dV!=7SHywO?mFC1bvv)hcdokXU`&+z>o##GsulszZrpGEy&W3p@soxr&%IBC8*M9$lZ(R{iMk2ua~w#iM!Swm^-y$NQR4X=uZHs~3jZWt^?8L?vBm$Ejdp~4PBCU%;yss_KZR_doVT&X z1=(n`@bcEn%M-6s>ZhEcoL8~Mmt~{lb;=X}QOci$v`73$WM5nSrEIk&@B)zqCKAD}3RqpnI-+QBlSRQZ~w(yv6v}!b&vSaXWvmLGY zeLioX5Y5NT27|UZ;g-;{!~{VOkzY4--Tr>ABS!2R@#&Y<3k{JpM=ffgev+;@#`Ilz z369D`V%Fn#@Dg^rjz6ySw}&G}Z!5*;aZ??+Z;m1jY|g8voOtrlNu3(<#C zUXhs;drhbvrA1w4lIa2}akSWYNJdm_Jg1QVS>Ztew-Y8Fq#scm-@u#sir|9oqF+vi z#|Vk3qNE#P2EWxbYB`bs;;iM&6mVmphX@OcFO&_ z8L!9FnaOk(XFdx0mmwesLS#n45*o4(F+=Bc?byn=S;}id<=H-6&EyTW1ddz;ty6;$ zBn)Vl{z_?%@^z5vimMiMT!6=>*|M!d-`tEUXet{JBIM-8mzW4WfXA11gwmc&&z?iQ zt2{wd1kRzWdy3JtOP32dUByhb@}9`Rwv{V3^#sK|#hO3V9 z?Fqq!G?q-civ2N9DwIqN_Fei9(c8UkBm>PN_&DuB6gw@&F`tl+m`+%I9AXkl{MZ${ z>k&x&_AWl5uPLjC=lOl8gyeB|SB)2~H)&C+*Ve3eKT=!rdO?Xjt%V!)iob4_y<=Lb z)gUVchpEQ~#L61wrH)2+x+py}c7N`QuyHXoWb?A!*CjR7(8%c9ln}fJ!@d~%^)H&xy^B_8|e8W)HI~3fwG3^1cagd29;p{ z@;dF9oSPb0sxMePM&% zkSY5`QHf|j*J2~a(2(AP;=p@_ZE`uA$UwM4=4@d$$*>`jR6bmP>fBi;l%F>#nx^=?-xurGN-decP z4w2T9QuZXgGx=K576(zSq=8tVX@~_V?<00W?PeB*Pav`qt!57hdV+o0f`e;siFlbRUueNP~tR~ zCrKCV-_nJ+ymxeX$1osncMOO6J(l=^=#(?(K`dzaw&5)?@XgIzm7b?;YoRIu6Me&P%~W zK?8T(tcqDu$Y6i4Li5(BT`F=rGe-xKWn3S1EhPVTJb#9ZJEn%KQ2IIlU_7PG(ek6;fSz zy<}^j6m6ty;+`cEBzg<%66?S=$Y(Y!+oK`DqH~2KMkx^XlFAb4_s)YOpFdx_P&?0E z%a$BT5Xs$iD#_yb&JK4alU=Pp3*X?_+`ld={}x8n4?iN9ZtN@N#qT3lwg)n83Rc4n za@8O3c_Fms^ahjBVhsa|p`4z!9&hL3Y(AQcnV`IAn{_cD2PKryS-Zz@Hzf~;bVb#&)`ob?W6t} zLJW9tZEB!q zwdrnj156L6bXtb0{G;e|Z^d|Gv0#ngC;XZ40WPlz@ny# zdO0xn$m+3z*>ASmtxjVQ_>g@I=a*2rFVxz+1-CtDYJuxs`_QM)95(pOR=?S7leE_v z4C1esu)7KWD9wHjnaU=t6AsF&3SsPMo|WY$4AOf0`uKX$Fq&9XT_dlN)>x*yk56dy zE2~H#x58e{#uOZ+vbSm;9of9534}y3GtZyp?upP5lGd;ZhEzL4-pVhWeLYO1Wh0`n z(%zn4GQ>4-O>FyOrxG@hjSS*IfYaYO`66&#LjbGGN$s9KUaClKq4mirkG}l{*`*^ zJg(HcU-&y!2iH@$a=pa+s9x~C>l6-ENVU}3Z0m!KI@um(RomK~Yv*mvEN`p$l3J&p z?Ge7z;CqQ2Z)>bsR%t86C-Al+KH(eS)TA%$&J=jP%j8Uqfw$3Cwo`3uDVE~3rm0r6 zmE)ZAn1?)#73%x|>g2NSzsbf}%4?kx1H3Srh4O^K^c;9^4!&Pxzx$3@=hsb&t`WW` z#J5Sd`<1u}fDtgnYQx7eCad@y01h`XAm-wZ*OaF&sIKkm)<=(Yir$`*&$vpsiwiYmARmLiFfmQ*=_`D@_O5Qc)fHq;B(B|OZ2GJyGQsI z=#jUV^y;1~*Gn`>^%6~f1~23^0nI?Mx>PwXxV+$6U_1|4ZfA z3-4Tltv3Z)71&OfEpjOY_W(^p`%hsraoO`wV4Xy z&X1F7=`+wGglFu>R}NM}!yz#gG7Tf4>@2d^l#;R86!2IfVSqxPZ)g!9ueJhn!4vs; zP$)3Tmpa(OVVC)cFW;mj)k&Pahx%-A8GVG)^%?{(dz)j44Fl$_0pg_$gxP5Ta@UIG zcwVMt3+EMs&C`FA28qWgw6YT#cg_zO*_SO2PAlXc-b#a<&k(J^_kWK{|2rXojHXGs#Dm1r&4FUy%4iZiD}N|&{m~R zS}(j#te3ATat&P00;ud}gMlsajxD0MFJ?rN_6ignUD zp*m@ud=>OXE6`i4F4fA{YHcw?IS-okB1jBnO@GNE)jX=@>$D8aZHp9a*7sf54V3z- z#qwqK5f8ebk7r38&(E~zksTI2nVMQ`Wsn$A_cu}ZdKy#lak%Vr4)Eu)G329J75&Pr zDmhtx&h58;VY6KJ>#U(KAB$wqH z$8zXV3)!mQlwnr@hukHzQX&&EY$8H>XZua!d6Q89ch z7D1XtJ&-q~Ffbc@v*h$dVN=i^Kz#tiD%rKrK-jf7)Ei6^ynPBhi>mP>y>E`Z&8VTS zp@&YLS_YT)(2)40;lS+NtcscTGiKnJX(z-@;M0r$juGF+ZCHx!?vBNOYuK<{ik(kg zP$>I-lwD6}ZB>tQ$8($l7;`E57G4tN7Ex}5??FnP_rXHQ&kazqEHg@?=>MQ>o%SEK z&il@*b!xOrN+Hx}K)DTYw#q@uCwkt!ctNexVsLSLBx!H>xnc1|l<1=Mq}0iFKdIJf z02B;}Nh!&M1ms=;v=l*9o!4f!8@yg2##32D%`Rvy!HyyNp99l;`O?qGl@yjK8h<#1 zT}eJA(SGWYWelH7o{-_QlmufLw{M8)#PjWoY2g>Zts{A)OAZx}MXl2&XqMcPlr|k} zOXT!s=+A(r3(~+2MX7;*h73*A9LGzwpYfpV#@PajrpsE_8sPFyb%%;Qw5*w94RpDs z4a#=um&@8Kom7$LFc(*0<^PvNd`Ov#JyEHnb*1Na^a<2}824tRc$+cqe&4Rq}i=8L}<{##`RyAzeencINz z%TYO8-^k+pI`WNREuKa@$&Hfu`e~J~pYpj3pah4zNi!51-_CW3P@3fL8^W5oVK<@#&q&AJA9I*IM4x`1({b{4zKc3D; zd^WWlc%`(N%dDsmZNC-1uy}yROdP~8goLllHvjJH2DN?&w*4l}VJ>iGOWU_my8mVzp_ovFq); zH0F!u6**E+me-AW{d!}*etp_yMAgc?Ru?mbFW9J)J)2Tz|9huHPE^^DJ!lV%BkOvj zzVEQM#V^vHx`nrs@2O*G-v{~JqkVK<5&l=9bN+0zExbJA^f2rPyyBl8FNY(Q4BeMw$7DjZE))!D2-spmA8@iM^@jM>qtN$&u%? zNBk{#!#*ZrNo5uJPoE|z=diXWyfzF&pm*RiX+`IUCvhZ{F zv|9H4Xn*6J;Zu~`sw$DzFVO>X!(je+-Jl1|jk3-!o{qTT-LbUJf%A%Tyk3<1K%?A` zPAB}3GnH~mTS<0R>e~sumnyry1ZwnfcafI&)B3k?*_G;r?7CfTElyjW0IFr8Vu?pv zVM>vTn1ej(ejDDdV>`ZyJ}h2D9dsRSgLMX1zkr*dk*UQs)Hm!mTjU;}cPaBtOo&k+ z*;MS=n3DM>N?~J5d2hTfUyw52XmD1l16b!QWf-C4H_EYsplEAPLxjpg!v$%Clv~)3 zxGtQG8c=X`i^k!1Pc~BF?6|?!35Zi#~GEzfqYH3zCyGsGC zR8i(O-C!;ITxPGecL`NfMYR0Eu4^@hnXl8EUfBB3(FjOP*$-& zJcqK1{oy{?lKFW!(PAoT*7;DQPMjOQ-l(&^hx`5T(*WlaN}Y6W;B~Uy>iI^JaO5OW*sP>Xn3Ym0ZFUi7Q z(xNLS`o4#+MZiRG-mLnih>QOs8?$MT8Tw`Q$iw$XlzN2MzZsu&!l|2-{np@t-WB^T z-+Xsc)xnS3{@t9DI(ms8AGgOM3{`A=>F}*1HqiG;tW63t&ZPCqI~=oeDk&`L*<@ z{r{rMiy~dMjx6vwmV6tOm~`@)*rN0uHXo`pR4(zDbncbhtdryyrOy43U=$xbYmZWA zx6)9QRqCX3sZ!_u0i{lRrKL`+{Vengl#^#%Kn{myP9B6Tb_@(4cV06!&jeEQjICMM z*|(IOXN-*r6KmR5Eziya^@5U~hx~4kC;K9~u|R4ddHLy@(a1$D4e3V zVRUD7;Sc8Tx&C^i_6i1gi|(r3!9Oag57xZHcDX01Icn3SY?SE-6NNEObBxhZ;p6gl z6=Ss8S?ulAHUUPPkfXm3X>`m!HaRA)8W|y^(KXd_XBW^$R|zATp=EHR(3xW#p9hyE z_6lR(AHp1k5B4+Mx%iKO9>oFX^*wcI#D5Pc>D3#w`YSo>T6BFAjz0ueIlSpF-0B+&?x0pN(sYq(&04u{c#DYMn>Z)@>5Qw9ag6&97n)+Qf%f|dO=0yDn0+w z^G}h<0Yd?C2D5N7L zvyI!K86k<3Lesdt===qUiWkVVuEdvX1?{Se}dQX z`B3n0gF>$y4kHJq2+-S*Lyy#qMlBJJSql#LU*j)R!EY&^ z{j~tNfAJTug}|MjGq-@?Vk{ItO7gMA`4oHM9m1y@I+dK_M7g9-SQzVzX}eTPSsstfAC-U&C(7gupVVPh~FPyFjvrQs;d)Ds_sU7V~N=is!z}M3N(RKPKr{`8|9RKlkB3jai8$8BD;vJEfnECroaT@Ua3vlg~rs) zWecUP``~-P?fWTTfZO+ju_ z^0V~}+q`a9i{*eTlAzgvzIG`j(_yBx}SL9@*G3R(dlk{*>l2O3zx*VBGPDL%6L17+@sHDj$34JxM2bK1e$b&JV+r16 z{>Z3X@dF_lOYxuB4|O$hLowUp1%h($1`|iQEWDDp;gs-~!lS&T6Vk1&Rqw=OI23y@ z>77WYF^~3At*$GTMZKhV3pixP0+Uruh&4*rHWM*e4}126D#%Z>{nW>T~?CousGhNQ^?6)jpU{@=oPDEu-cBe zY$p9Ir*MHiDZY9D!OcCx!kuYQ_Ux>qEZ_N|} zPC{uyLR=~8Zwkc<4_SiPeCYZHsHTz+1h2!om*LCtQ=I#)g7Yhq$%Z%!L{LMBBwL?5 zLb_{?zXo9XpE6A)G@`DY#Ec1p+B)U$8VNZt)ccvW8+bS~O$_3dHN$ z#jV1(#h2i(7n5xVk*Z`~vd9OKhkTyHn9Koy7T^>V*xtYffpznEqEboVN8DP>WQz2I zwjyXo9A^Qk18t3ibC!gIb`Kjm0c-@*!BFCh_HWq5Z`i*Bq>_aHS>WnFs(nl=KBhgR z6}3@}^W32q4&fI@`{E0Sk>mqZ{rf_h1MXxg;4dcKjhM%EjQ~gS@kUT%pqru~Ta9}tde7a)|LRwtv!h(SAZ&O4Uz3O`l_<&x(N7?BOx8>DNacw@eQXs3#Q^%Kz(p!>KKLY1 z-;sIEaRFa3_=ug+;^*aeu0Fz&_$7Y-{q@g};fG`lh0oJjU*Yqs*?Qq43V(x_a3RN8 zeO?hssJz1K=^U-_`qe<{Ryo{@va!9$d3|ZA{N?qZ;`MWRHh<-PWU1~`@RL!voV&Da z6KS^l?ag+dgdXU9sz+hIAFUQmos-N&LSIux;ce%>c+__I;@#QsNk(K<`w*Hg8oME; zG?g-VkCyLMq+?L_s@0GyRsIj(Nso(%&!{F18lUBUi-^qtyXL#a_he%x#T^$_?-{m8 z9C0rc3m?9Z?IW`lE|QIk<=C~*8<0P2x16k6WCW?77}iY!3O2YicpxZF zx|r*P5b(|$?ekJIq@Uy=LYBbXx5S{ghX2}UrzU4-C#PorHIPb$!>Lq&y}bA4oA+LK z^Uc?Fjf`}4kBs2`9#&@C5ie)~2Ev$Ja9XN*Sug5OAi0?)t`UckzrelIeZVa`j4ms> z;MC|50EuRt<%bD~`S9913-EgaynfM9ze(4gk|RPEcaZ+|JyAoai+~Lx!x^mPptl zVcWbmjJH335kUnM&O?sEXI=fuU{LC1&J;-5!J~PAicNMB4yG29*qE~*ccdqf+0^5Y zxMgo)upsG?v;E=+m?(CxD!AAeqP2|2YT1S;I;r4v8^zGbaIbT_DGk9PL8c^(Ssd-1 z62Fdhk`~s>9kG~4msGXX`8f z1*?17GDx`4vFCx6yEgepuijC`7)gQ`V>Ao8CXBgWc!Leeh|f6@3ProytQu1_C+EZ* z=6DiK=-=6YpkExWP1eNP35R1c!4fA-ece%OnJ#5yMU)f$8N?S9bNWhir&$X{e+v34&^!tHCJlKYa z`Tan~^92(gH~Vm?J?`?QpnoqrJ%yORm~eX%Id`~X^L4~+;gCHT(VL?mvxGtxXUt>{ zp<^+utx1f5Nk|H7+U~##zclW?6fq>4ipR1m4gg^lx88~wO4Ux#oU?5~(B9XVgOS^G{)07l}LcT5H z4u;peljTsTGwa_zb?b?3Vmb}-0AI5&zQV3$A3)x&1A?${j-OAFPlLJHyMdANVDp*- z*H%$E;a$yZPCP5)nqIiSc@36Rww<132bT)GOWQYa|e}_?_mJnf%n&#JD@@dhuN+WA)M8_Rnlj?g+cS z*LQnozF)E?;FtjU-)yPRB)Y|p8DCe`42jW@4x9r;vBRuL^ao?vR9Omha-BE)?vDQuSo5`-fU%^^NN$-&*Ytt-1Qz>dbp? z9v;5=Ju@@!y=C}8+!`WUbvsAaKDP<;^6lQ#|88v5RS`!`~{^naA0u%nq|*# zr2Fjl1`Z6r---jXd)a-^l=3_SP4W7d-*+|d-}aJnANzbu{nY+-%ifQ32kswgY5zK` z`iS`SY#q+q>+3vwm6!ynWQprTXdq%(C~xD2e-r)%R2X`2A-8l=nC8d%$ov zEqi_yfBv>c`}zIW_U~DC-`~97z}bOq3h!?`->kpc{+-M2hZ^s1wr~0KuqvZ{Ul($; zzIp#QEqk8ohg8r)Kg#^y(bE2_myJJ-qnqNgekT&jP{br#Tt4W0BTopRyV60=WrKZX4^>ub6Z-|A%LfZ{k zy*KEItHUp#5$XUeLabtC*9TKkxXkjvwGJjJQKUSbM+f^|XfW+BPo}rtwmKADeQ*W| zRnplty9ZM}A?=JM-xas@6*65Zr|9n$?=#r$a9UU0{EmsSQ@4#LR&MQ=Z(Lur+orZG z3ek>%_+U?V)wMki8`=+)t&&Y#@bzuv$S(wgZw`?%$a6tFj z37%T(v3r!1-^gZ#T##`}XYaMZ^Fb%t?OM?@PJpNvhn38guookxNAO9wx0C?Of?$r; zeDo!3-F1@CVA2Mwq6|l-^s157xwmB3tQtvwtF$&~iKX-2Tfg?n4^B;e=#yW&J0?0H|i|-ZhL)-O2Q4UDEmCT1m!I(e>vE6!uW}n_cC+jn0w>}Sa6&TSV zEI{K;{)ggyk1Q-aB7Wu77sQWT+9Rb$<3>FWYEXV-j)Q=VhhtCad}!rapr3^Tc<~wTB1y6edPyE2 z*j~_O2vbRjruT-rY85vdUC?yiRPWkXXTM$e2X}i1Qg0>Jj*ll#?%Mvy_{6){&z%g* zqcEP*ehm}8`0voq=%lakvFHS1v!3IjJHG-~Qx5P7g!ZQ>K@0&HcJk1;{deQp#<@h) z5iO&xD`BBwABE1D(ytB3A(PPx&=Z}YH-KiKX~5x1hooLE1IU_UGLfdVQh$=aUYuA4GA#yDm|9jz08lyWbnIf9_qsx;wTawT10k9q;Pu%ZQV&{@aH8#>gB9 z*)b-(P29nr!W^XGH3ZMSj9>|9VntVHOjpe(rE=H;nOb8vdMQ`OImBu|S#!{<&p+vS z;Yn=gjV+vS-b&t20_G;`4n=-80*v{lsf2E`q2N$)V)N#S;&7n(X`?OYBi(>6bFBI4 z*?4L5`i(Qig!=c+2#~40=}=7lOEih|A$zA}M0_K3CQ+kpw?7>5-{3ReKx4%-(*v}h zClY{gu>zJSKP67`l0!!kB6_}?&H!(^@h~$x9J*35v-C+U+_f1HF8zn$gt~+O;zPY>K>TyKu2 zB5HhZq$X;7&-Jnaf7Gw!CK{|KTR*?l`laXYM=M${WzW~T*i zeRi$ME7(176XZ8_=_%w>0O=xfo#@A%gzgQ;MoO;*y$Z}@z3EQo z7~NFb_My(F7k)Xqsr}jy*S^F4alYf~yLa6EmX1w#!;u5?(1~A!yGhBI-y?_ZV5VeT z1@;)!=bCA)&Z9+w5NajCB=_PLtY(rRiPNy-!E2VWVJ$0ZSrlNR!xCKLSO}*Ey;0E0 zP=whb>jEm4l8c<(F?V(@fD8;3qynR#`tp>Sr9%$(xA(wrkpH>c@q|!90yKBlZ$;P? zv7Z`yEVJ+ot7R5|$V4cfPkiC7Lx=DB!nvcD_v6%;1->VokvG1!D|U2+dU$y^`n9Yb zeZWB&sSm?a35c3-DA!J+7XnTSuhWY^suN6`FSA~)o6vA|3sV_ZTX-hJ9%JakdA9Kj zcO5=-*B2HB(GAQ;W$_ncR{VRebL^CTo~S>h5ll%TVe)tczcy+|u2K-e6Ub~vP!K$? z24V~0u*b;&TNAh!_;rUw&Q~~vW3>*kN_u2yFd7{k8c8=lv6Z1(FjxcL=*ZSUQ^ zb*8OtX6x?WrBCf+>GW7T|4lp>Y+Rb+eq`&=R=u!}kuR&ned^wc>t1Lfv%-nflxjT> za`_5|Ie#ofgk#0WP;fdyBcC9|?Jv8$;~aUrh%0_2F}u*n%br6z!)RI;RD4ojlc60J zHo_}?nJ1$HsM`5bsRoa;($4@o_j>u-FH7u={O!H&kR#vB-_D+FN%bumY=%4Zy4Gaw zul{dK{%>V0MD!W^(dYTR!G}})E+2!mutPS{5M+Jn=yX`^EB%!-=xbQgAUTzqfIbt6 z>e915fQ2FtJrw_~dFUaLV2LZ8bk<)em6UYVuh&5`F{)XtFYlWukrO3PYkj4j{r789 zT~q&*{-A$fK>su}#~O-f_Ch~W0m{ke|B|}6@>sPoyVc5c56x~*S?w|Xm0h?}4ifw- zK$%!3m76Z8x9P9kf!l@F0U50K>ncLKDGz7loMUswW)EpJQT^tiB>BipM4(WJ&Y*-B z6fsSduzZZpAoLa_f#Fg};&mw^*+|1{!?{xl@#yLS7VEP7?;w*gchpm9l8NZ~{dCis z&+JyRO#OaB!rEDUS#!HOuKmIX6v`QB@2^jHsslxTWy&VhiKH5T+$gT7)ph-|?dCsr z6qivNR@0?3h&Ta6;U6NpE05taO8f)Ew~RFZh{3xet&)#o66YAPd`f7mbhci+qOJ%;;;%)ouWiM}Ur|2O=5;1&AbhWdlzU*mpI zL*G%qD2RWF@1Ymzdja>|kZXO&BC9;VfZVK4;eLddx3iD1Yk>~rgP!UL%IDapm|N;b z`3L!T2fnYO`_MPgeJ9Gx{QLd`kDa`Hcjqz)wM^nnhaScIrsvb?b7Q;KHc{$RfDc8Ix zH_O|H^Q?L;hIdTzYtSvwHEinz(Ib2uYe|B=6B*4kkW+ZZrzh#us!w-+9I9o*OE2-V z@Dmljv-q^&5(2W(Drhurj})ViQ(PAUFqI(Cy*Bl^{_prvxnX0 zF0)UQtHrDuag)Xx^r2d`Au7%a7o;Fgl)%Q^OjmSYaf%dzhh=9Q6i; z?qp`dWhsqU6D*O?dR@k-uQq{0$MB`v6T{T6Ip}_%M`ByEc`lR#iXx;r>G_+j2~Er^djpa~1+) zTgF%K*)TpN549IW^T>Eg@9tRNJ5vpA>AB@ry;Uq~5`L}U;jp!T`^%zO=&82dm2E4g zV63D$oLc;?I0wG%K#xb{ti$0O8%A8^@nj;&>`7*b2&1+miO4u(CSe>Yx+km@>Z@>nmL@c)R?CTj2R7GJ^qe*^QM1m;e}Ii@?F4mw7ymLn;P)#?aNz&3$w zP!jN-CQE`q}2$GtIroOuA zEwkk-VkEDb4wjNf#3!rQ-m~QjXvks9-JS%skK$PV8%CxM0Xcbsr4qCd?bYO%bhHwT zOc=bfZQdZ2aue+W;XtE-l+&5>1)j>YR>M%L{(-OnL%bfs>Te`JwnI^*Kn#)-B-g|+ z_Ri0Ki5i^f40=aviEc;65`;5~*`L_llUdW9@K!eTq+n=eq)b^7kC&2X1i z=Sr`01_Iri2CFlJX@l9OQ~N-&;9BukaJ+ux=uM^U23xv4G9#2y@!53F>wp2?a`o!9S0OE%*-@Io5p@P@QfPK916k~V3;g*9;B;H#F z?_Htt-a$F#b&QI18WfKtiSr6Vc+8maj@#|vx;lenoMH}}eD?+HCd4O7+`Q18MBA~E zkg0fpbxSZHcQ+{KR`ztyO~ns=x_##8#`=&aZtf_^?SW9KPwaf_rR`SJq1%SG^aKts zY-H@~245}~&3MU$jkoVthyhmk?wDMR8K*7OKFhIeHOmzCYcdfp&V**IF0*m7h4`-l zx)!1jI*UUgzrY*XY$@OTfIkGi4iMRiAbM3#Sgy4#tN2_<_Hw$3>GJ-em7Ww~bai(# zHn@l2TOK%m$w7cF`L%mTMy>|zyu?vlM4|XCUQyez&SC$am*2No36WlXsQs8jTMbPm(`u=Nv#>rtlF_+ zV8^P=!UxU4BAgNemcjP+0ajjnFk=ly)4q{ur~P(|jp?iwo6jHd6mA;tMYgTf@a&K` zn~Xb5iEP0=)K8`?bdAnzHqettfc2wRSR z+@#PHxqi%HvR-&%?uo`!)oG5D{~&KoF8n9+E_{ofJNfDPx1YQO?_J6t`Ad;FV8ma>Mp}x0l;z-?GKrW}aU=8EET)p_0a`jC^YAV2|&D-+EgipGS&p4*WbDhH=mg?nmkwhnLa@S5~HKa3z-;kZ#HuDh4-{Vv zglJf0oTGZ3?TF6{@E*wtan3Y><6e`ey!;e)D91BIXd^Ys3PsX$w-fDluPB2M%8Cgt&H zY%E}c3(El1Hf=H6JfMz)REb{W*Fg7Juh}9A9tmJjy=3lgbTg^Tqi0Ap8?u5;uaV-j zezU{m&^QPPh+nX`{KGhiVAm{Djk#PV5&=rHE^|5o<*Vf?sfZ8^7y;c(RwNA@48~wh zC+huC$;+>Y98TXsMS2WjZg?Eb)qGq1Q$4#Y<=tJ6O}uqRb_Z-4wzt*V%e2;j=Vp&D zWVeTWe{}~i!Pk8Gnya3<_TF>CTXNBAA?27_SeSC83f1U01J1~Z-#-#@29&*px)Z4a zzc3^0deUKS*(k2vC}V7LN0Y4v_bU=|>kbWTfMiAksu|nSY*Ijhm(#=S4xP;uS;85H z`$Lh;pwf^RF#yZ2ytur4_T>`HCvGy0Gu6&SmbXLp2m}n(RVY|*asG`r>l{(p1Iej} zh}dOY*#(uw=tDQz4&C0DuEsIk?VH8l1pcJ(yYx?wk598;`}?;eW`d2s0F2Q`FxO5Y z(Qvp8Mi2?CxD47kqs54ofYy<***^Os73722M7hUQGpB!HHClBS9Dd($v9VZji%+%V zoc((})U5x`?^X4qYE5cGm*z^I(rfa*~ei0LbkbTx@ag>Qh49fjBCbO|!$ z)t8j#!v5lHJ1Oz%)vNIzB3J(QFAuiA!z#*rEMVdOmG}*u)6E97kaa$9Qb?P0P5nwL zY4FK&UYBGtXk#(G0ckYK>nl7KNRnbByo>5yalLu1?_ zT;c#WLj>&(C-5+ObViVrWmq(l@&NLXG6UA`ZTXL;qlrjR=Y?*8)^4(yboLZCSJW;C zFsb~=Is4r5v%>H&XYU9&z6}89>3cbG2WUG=L`-?F#-Xrv(863Mh%O-mR7(Z*QS`58x{2c#YAYULLKeYGCv_)Vjs%?k^OV7)%#d0E`jDVSHr z#00(wQegE8S_?$(Pi%N+cDi z(Sw!3$ss}YsS39(T1Gx_Qp(BU@{aTT%d)s zICr_c9+%6@^cHAgG7zXRi^ZiYAh{lk#pAAgEDUD?dgnf0%3^WGQ#u#&6?&77C~WWx zmny*toV5Vb{M0l2G0CAY6k!q((+9e5u3Fz1yVer*TZ0bS-Ip3$OdJt!FKqhc$KGAb?Ym-6I=$zL zeYp=Z!J-3zr*NRrX@>Kdv&W%F$~gjKa_wt;VUxsnUOo}t zJ+@{4fO|DR7Opz=y4Bp6r^mVKADNuCl_6QXQUU;;#_oW{@th;7Wv)wc?S5$af-Iv&pS#x>mv=Ll7Z+Vz6+FF42t3>=5+U z>3paz6AT1%2Kowxzv2b#kT&;45=fz5NL$h2vJewft2_60Xe(lYI}!_v+tMF8{EKVa zo7Wi;iT!W5ZGe4%OiVt`3U`GY(TTXJr2uk{dMjRL_cDX4(L*Xc}W#sS4fWhdf*6v01 zEDWAnBFYFAj)7C8Pd2{!vVoy}w@=gm+mCHtwzS`8xoq?1y;gROb&sNW(zEB@U8Hu> zv-jTiH}}rZ?`40t=aNhIs5be}B;>wf*#eI&_#OVZUov19mOAYpa16u;!~~k(?~GRF z8c-3GvU31Xy;2Xp5X72PO)hA-5CQ?)>w-qZsvwv(5A+lB0Qov(>{6VMY~Kqzas4)< zp0T%!Vl11;oc;ggaAZkTr#n?|S+)eMkOeC*rn?Vqs%;}t)NQre;%J;S zT+ly?RqPU1xcvo9R`e^r$lbc`N;gx2&)G%Ov972ywdA+6f)Wm_zo2%DFALtW*XveC z`cJ3#t=CLcsJut^HM7Lyy`yfh0W!skiS+viYqg=FT5V7v@y>6$W`Y>JOSVkJ9CA9M zw(6!-eQA1retNpqqBETPOwv!VuBc9DvQg-r5yH(7?ZME>m@wuTi;qb;%*<%WkWS9I zywU(xR99z3skbpVh>_aH>b`Jll<{H#t32U%$<=Dj&Mf0>#N~4x8 ziOAU2MmdGaD}-Az^;AAu>8r3%h1o02AQmuN<)AGQBkM1_WM^IKlu`Jg%J=deG znvQ1dd8SQn@t@z{7tLHcJ-K&yXzx@e+uS>_RF7R!oNRU5ACgPyu>AhM@<302x!iZ* z>{a}}-1KsPyNi9hIprRi?o1!*crby#MtmuV+wYP_cWMSkiRV~hbAeR~OpF(py}%4n zoT-v2AD^v*Y1AK*4SFFo=Y+XPi2<_U;AWpb^AbgQm-i`=a~x7@@qZ=qL`XKo%u{qO zAf(O}(to6eo$^yldv<3&^hpxl`QdrZo&I&P5qfxU?G$0qas^i-+28bs_l$xo zU~YMB*E+FI-nH{~-g(hhROv2cW!Lh|4Y%1djov`arJKo)2ZO<#mHh{O`QcP|SMmm@ z{fHs3ur&d1)&2tJ)&i(VbY1C$0 zc$^tIo|vu`4S)%tyVSk8Te5fKP|Mi5bjDIXA5FS-QDAG;vJUQBoH|M8nd4Q|qQLMY z;D>7Z@z5xpWMr00e8yB34fcKlBboD&$WV7U*4NAoZYg`oTK_-6XfPa+?NRerI3S6A zS7-ASCyJ#FUEajR?vXa*2E6!iq?q;uQdXeAF*h5~{*Q^DLgh@ekx9hkpfz-q;w7V_03whvzoeDKT?^JezuOjY1>PXnYRN>Gipl3Txb%pY(@FarX;Pmqodo8U zTx6w^3dvO-o=tFP`3HqK)2wI=jVliiG5NczVkNC+N!?Skan0M#en*7&Ok?#s_9)Jm z6!JUKpe$#ghR0G8s2|eej+79LEXh8&noA}ttzGqW#1Rihlov2MCy>^|5%L;76z965 zlE75#fu~c|K)=@;YF5Tu70)fV6q^81b$ddH#)~!@5tHGN*~y1!@xY41aM)66 z-V%tp-F8o)*LKZi-xVjm>&+J>?Gc0as%ypA+up|Kfw)Ef6Lu!-7-TtRXEQ;wkXXqJ z`FLK`H+3tyL?dvg6F^y&>7!28B@g}byZp>aa(fWCBQJ*s^YE2Y7pY=M^iG^pY~QBq zrxPl-$8b5#*gc|X3iV`?GdJ1_o30*T&*+hrEgrHS{XK=4q5b*s1DgP!=W{3?hs~J8 z`C3GTqvfEsI*z6*=|*~gTC%5^A=C;UO+hdw4l~5;Xz1@mFL{GIR~^pn{vYZr?N0jk*&S-Pt z_-sV9fUHvVD6S{wo=^Wv6i;17{vKHk$I0cBj+0c|Un=q0K-gU={Zx(~GU};%A%!~- zlX2JVvE8-4+F?|v_ar@+wOW^XQawRdK74I$_c2>(`_YBjWo(0GyKdohTn|da)UYG^7zf!>CEc%(c!1!b478?+mn+6i34V<%d_F0$@cG={`yll&;Hpgrh)p2 zIQDKJhVsHojX%e^mNFR~KaR6fd^CP6E^%VW&&0nH|55zk;+l`d*^xLKk2CslIWEQ1 zLV8y!?n$NM-*K};ZpMWj9(6zIKIQ(ITl1isy~)k0%8%o2$qnfHE{EIWa7)FtJb(~S z(I!k4Kxz^9rE$LUqtxbbn5;`isGQQigAgquEwNqFc`CY4X%JOJ)TP3 zaA|53TF+@uzGSan)BRy+K}NqY^5%iDVWasCddcPA|MmSlcUTRF4Z2eH%K!Jl+@597 zCh%0{b_dM1sd7y_4m8V&f z!sZ*6a&t=5moAhtvH2+2v<{EKg;x zc`7y@YJW@AMJ_4b&q}2o`MZ|8uNyj8+8V#>#^~Mws&(V}LvY^M(B?gjn$c(V?GlV0 za2f!7Ehv|4s1joK5aKSbK)@Q5+&YKDDEM{+1gmj}8G*b`gSnx@n@gt73#E%&jNs$N z?Z&CYzUv%LEIs1QIhmn-iL)AM-0RCbf5jeQpL1=BF(PkPok#)#H3YW3jrhE&mR8 z;t8~ofH#!wE!WUq2ag>|%6Li~s->Je3XFuiWF_{5y97Gs_RrbREyZe||AyVA`J1MS za}#A-PvYv4$vJYNd)a;N?w*qCt;_bxz)-+_MQeC*AZT@Y4ac3yLM4**14K#v8AN~R z9?!#LF6Q&PM8aaFULYYEi`o4#zi99uDa2BLx!CABck&z|fhhktHz9Adbz}74E>$K*hfNR#&N~+pY8?kJ_j<)=?Iyz)Ci& ziN!3|ygeVwmw{Vf^hP3fFC~g4gZEf2lGqUoW9iUW{>^Kmda+F4^;bl`ZNZM{;p47szy09WYBgY0l1$+f&J?<(KR+TPl}x<;IHMM13y^ehk_pCeML%Z_;nlTO0wGLw1># z?D2TSeEfhdk;yoWfoy-aJW+~RO+lwAWD2+t#-=@lbIJhUvj=*-gOX16X#!fU#S)z< zqsR=w&WgPftB8hx+3C#YsI$3pHZfO}WS!542!Ujtwb4PvbK=WD^?8bdEOC|?fr#t zB_A`-bse3p?->oVbJ>Z+L3c5iFx_rWfOxT14jgpEqA`0{+U^aQt}XP3Yn%8y{+8n+ z($JNt22Al#2*PCAWfi%;LMIa(j=GQ~nm18G2@!;?2{H&`^6v0wfXy521Q z-O9GH1V|mVcUi)=K+GBLir6>4aqP}J<5O{9@RfeB?_oVAh24!lk1h@24~2X<>Iy9Ji@Wl?(iINgT;oF^v+M$?YOavXR1$-EA6(B^Av;#|J-Brt zU;t&R!|#?|mQZf2o0$S1I%>n^ZwqG!X#b0_RX2i%K8T!G2>6z`uvo`99*fu`v508U zQSKqE-{Fktq$Q7^(aA;k3CvZVFQrHlXRuPU4%pwctKobqK^S)La20G(r41$T`)j-2 zH2F~amdUYwQ)yP|9o9yvbj~q&{i=+(FTOF23FV1YebFS zr8nTWWU*1CkLrC1^#l(A15baG0aiV87T=wzo`9hAZ!r~DZDF)lu_ z_U|79kJ|Zv$NTW_%i=%qe}^8KrojK5_$csx@ox3saXRzQ|E=^V?n{;V&$~rbZ}OjS zl>A)xLizb6Vh{g0&3O|3KG!|Kb1q>3S1F&P`3nCWydOXB7Jsw$Isd{xNBQ|B>d)~x zs3sv@4GR3@b42KC;B%-B|C^i_HjOP!ys)e2FPNpob7vdISc=OyuH*Vvw7k9Gt!m=+ z;IaqI7_3{Ow>rRe90!S_3!jToVPpJrDLskLJ@*5AF7b1TV4NpW5u-xph5Ce7@roYe zAXGJ8_I*oX=VCyVgPB(3uf%669PPwwSXDj~8hZRQMV2S(b1}(Ppm@J1FH_~bhG-zQ z^MKM$Ax@O%A}G(-bDYv=Dx9Q>E*<9)3lJqK(?vS%q}U5AVd}fWMM^yW{FNS}B4tKS z;*WNcPkB4nK;oY%J_&x;cL~vk7q~znlE$Y>iR!$l%Yy7Qh)*XbF&Z=F^ZPoVFFuJj zC!WBYz61q!ryR#aq-f8)XiS1kjC57`8!?@)d8SVM+hc3*{bR$aJT%aI@k5pOD$l)n z?YVz5CY*0AJ=B=RLxb}yz=>9=wXgfkuidfsOte>hX8-^6%)M*R{1T`t)e%xU>Oo^K z?&$0E^Q#v;GaaG9Ez;n2VQ{$yu+m%_ql^3b#q<44M|eLW987|-#r1=$RKkt4h3s zuw(q1=DdE$wkmOB09b(6BqlLL%EeGehK+60ZfO*^${tI;cPLB(ZS6;x*_RH=>3~&Y z=9%j@rtZ6Ey(By6Wp4#K&*==OVN{*p>tDy1^SzFB`Dv`n#1k4xob3u4J`>?9B za9b#>buOSPV{H#3mW8Uh@1q}or@U791qKJ_opcV`9XogBtP7H`TX{KNK=*_A0_@Qe za_*T@f)$&fGSKK(x)U>wBVD2BoL67efR>4wgI;8<4QB5CaPt$D-KqgfQsGL~E63~B z6hShMfg{gn0{Lo=e4!<Vs**cJ5@BDDa(7hf)csU!Io4etQ=iz}?r%QYL zdFUXJRGBcYcNn;>6XMekBV@#-`*eV7h!Og7VUvp0M_-fJ|SI| zs=Yl+UY8g5b=6z-+VV@FeKOmYOnTKRswpu$l3OZ6FMlJybQS|oc zoG;S6U}hv&U3vzVrNv&HANqf&iOgK7Iz2A6X}jil*)1F0%j}pN_-|pSA2xu zak#7bXTC?dJK4FPG>l#u0#e|RSJx6=uVBb%FKngH6`w)TD(7(gIJEJikda~mMF$3R zRt1ms&-l8lQyokpDM?)e00M95nz0^fjLx~Fe5N4u&IJv8!JVm|gdI(W9{z(heFmWz zRR@y%>dqRY#339Wp4~-oo0t;WMQ{oBcbrbtx$*ekHPpv+-4Tb!e_sBv{r@foPAF<) zJ{#-Vb592fvg_IhDi*KT?>H~ND-KNm zACbKxex5#)?dw+T74Y`?>6NM$N4X`nCHwjsoy6TrdyzP`e~dGYc4Mo% zM7uG=6;|*wj*pdo37a^A98fH_Vr-gxLX(98O*tB#^&9<082~ciWgSL_a2tXIicf)U z^U~Ssi?38)dgWz0tQ5c-&jTr5^f)L5kYz`a*}tuJ4-RyH$TxiDmd#g=1kSClo&#)j z$L5V2H#1B7Cqw&Z^0bnA+dssQe@|!c0_^w0;#ZI-3<@kyOVJ*(F1YfTB?#F+Eb=XAs9c5=`ul^Lx2!6`4smGKpKlgx7yl`Z{n>w2MbrrePf#9vK|QZ~u2tt4fgTk2)ac z+1uNLyBx$JrBV+NW>U6Lj0^GoL6#1JmDLdxJ;8MFy+H{T^2plJ7em&P^+Q(4ZeY6nij?#tb7v zo}Rv7HZ!YvPy+ig`wdl{XyVKe4?-8q08djv8pCP6Y#AZ$Ti!^{^Y>4mIet3uJWt=A z=Mz(6`VLB(sDklKUe7Q_836vTP>siHSZ%!gb%Mh?zK*|cLG%ELuIC-k6Lgua$;T_C zt83s6RXTo+JCu%VumXwkH3|9jWPLntbA~hCVqLF|Pt>O}?GLN!@ib&W4E=#2QD`kKE~ zKTqG&g%?S#^M0YSPDz78v4Nj}qQ@huJ^D(+nvIh^YK0({V*akPN9pqw+xH0<@jH_R zi+2py$RxE7bu3@iH&UKM{Qk;w9v2=}_M3Q)v_{pY}51Fj5=zY-r1 zpZGwBUz@)J2R~BqC{Iw|LG3@+#(O5u>zay>Lu2-%{EiVJ7fSI56OAZ;?QihfK5D!A z`H%l2Z#$9zO8kMp662`EA872Wcn6LB+t=34ztTu@`8AAWQXNTk?3J~NHGaX^|GHt# zCAj<=ylY!>-PkM7p|ztt=W(v1POCu}P~sft?|2^P;Nz}*{^K_)<1X|laSpDgfp*Y* z-pj|mUv2x?TH7CQSc_?|8T&3bFA78>uB;n|SFY1_6Q6jcGwx>^R@n{BG|?QGXJ*oi zS-)=X<>RhA=W*eV&bkLvc{Pv6h=OWr)4In!1FbiVy`uFdK8`M%Nc2YiQr{c#Zf(d|mrPq@Tm18cHbTf|v%4 zz4DyLg^#G~M#w7hplD~^DDec|cIERQzg%g%kW}J9is?`Mjx(IQrVoq;iDXP`@jGT> zG3`v|$UqsTr%BLQg1dRH=yT8caq&^KpbXcl{0hKy$eHmFGmLsfnL%ixBAZLBUqPoR zQ3Dl6rzo$%YT=xIgHf@1u(GRJh*dWvHw@42s@HN0(OT)+k&!EA3w^c84U;#$r=|0U zBA}E&BDmL@9PY~2V%EEchAUN%{kT^S4la$=cE@4|>)UQ>MnPD9AF6;bWynR%uqU|9 zKGVn;w7x}iBpYAUYR$*GGR|ztPyzebj&N9TE;($O)DkK)Q~(9_Ygz5s%jl<5tzvZ( zD4uYQzyb2)3rrm%YUt+}96*P26Vl_grFyz&V7NYc%lmd1tNXX~cr(>-aPv&DI6W4% zq>5!R?CF{+=jI}wONX0#hJ)XFk2~hXLySVR0kVoH}7Qd1s!c7nP0% zlVeT*Y!Z`P=3rtDKDw|h0O>cNIi0D6%H6GP2d5&d-b{ZiSaYq4pG58W{2Ml${fxNO zHJ){9q_f{bZ2)1Lb%+sXkQtm1u5XMvv)yi&Bi*WI`i9t$p%H2@dxMGDMSCa~Du*OP z=vY0S(REjrQgJphDoFiSm&56_7C>W$rN4V5(w6w2`;YgEH78CcSe=9x=zo1vxAY9!TbsCIDi@_kxQ2JzWrtGWx zMBkCAM4?zL&lDIMXDHI24{U2RwgvM2?D0mgC!Wa2h3Rf2m~%E~ zp}RM5;MQ9Y1bVv*PFt?jPW1s&Y;b$faMj=d>RO<{B*0^oY)yyDc7aZztdpM)h0%=)BA>p_f2O< zCTcmO;hlO-SFU$tq!)kKFDFJLyUY1jX<{iHy{R#@r=CpK_Y5^|iiVdaO09f(cVu*; zeSdv)xY-;Yt-~fHEZa24!9xkxS{8eTd9TD8+0^s^2zb%tbG6rSC6P*YT_Bh>~Jj5r+MdD-4HyL``;q?8K) z(s29caBJtD906g(O^NG{-#zw5Dm=PXD@`reZolJj8Rg5o%^NumCMFziG;LN7_&n2E z2!pdwxD*!cVWt(r0E>oq30jY!MO;AXM53Zl=0qa?xDeS9h3dS`>DTS>abV0^X8?=o zfMPD}5kZ+C_R{GU)O*(DH^&+87e~ps#%DH0+UuaR?QeNUH#9>33Z%@ZJXjjYG(->umBqONZQ zR=8-dsxPKHkirQhe&J`|f<~E|c%|bSlwZ?AdPgjq(wFfJD5dvE|b0fvTuOy>>EHsC1(M zGF&JKF85>otbef#t%qY9>>Jo$)>++x)?Y~BHqcAUfJeO89y4RB`~^Ih?&@j|p!F6oLB;iSK@xXU2EPTeiH3J;Z{F*%CM1qqlX;mfo(#*}JSJ@tMG%eyS znsWVrLY^jvoqbuOpLEds2Q)!XPz<(uQt5P3X!V6$C6{P-p{4`1&3(P4bSf3gB$F|l zkrdMnRJ;triuHYAWvcJMWsDTfi)WWlp!^fpl!^lBpg%4ykAf+e?e|~M!3$;8*I93B zZ{NGt*^7nNKdyCL)cJnZI)e$qIlnMZz~K-}&c+6;cpO^EJXCi1Toru&5D=XL5+1St zX0~_{$Y~TfoUNX$y?AE%znwAy<6Jatuk8pxIqN3wHEkC!Lq$mYhP57${rw-(^{}DL zK&_1k2OHCsF*bHgXjO8J-2U8yIZaL*Z4Fc+jmZAUgAq-nylD5tKu9YYJjX^OQJr>R zKpb9*g~Lgi>H7PP)uk?rol+goo_!WGS*O30uZZRhX6K8`v@(}pd6|-H>j>Dilve9x z6v_Nnu|0~>m0fR)i~qDn%hvv5ayGTz@?OVWn4E3@;Jg`b?l84|*=)PO?pBE0CWzk6 z#!MX}oOq?lH@Ti;mb&0kA80g2j&(0qJPpr&&x0O~#}cl!VijFOw_o?5PNNeRiN>j% zkqnt*!xiI_-BM&=z)ALLwS(f4oP>rq7PvAjv|0HOts9eJ8WcEFTs4O~9lDG5t~b@c zF8Ao`>;t;Eo?jagrb}*0(uj1b05Kvrzlpf`5}R1z{CG$YSd7dnN{fGEcH}l5=oAE= zFkAlo&Er>Z$~)TsHNA)e?*A}aXe>Z2Whr_E4`ZPhXwD>%dFE0h-jvNRKvf1RU#S9uey4mXNN#3oGWC$F zYw4$2Zz$%N9^a+6>qBDCq4xj%41&?WmtV?mN#FdpfBC-I+}i>#+xw;$yTANpPr*gv zT-9?QM47*r`?DJx1&t(S1bsSHGsg*&Vrjx2C8z(x1@-Q=mFXnfKYHg}uDj(6HS z>~-@Nzd3qE=!&a}?#`2OhOcVBDc5~J2Az2B#82pLx;N{r+V)PB$&Rtzk!`8Z-bIvm zlDH$>zIwy85%w|0z<7sakK1vNv7d=o0e@IT?R7RK=#zPa+mrKo&EU$mb)^^OVU_x(V)icYAO@nAOXgDk)ihmU57&5Ar8iJRr!+;+{ z1A!xu*YJBNA#kQlt=0SQXSH^3i+!4z+y8m+i}$cGjGOb^KZ&0gUxh-79ZWS5U^Sgu zgT0AhId+-DYG7s!Dw6EtEL8S*G_79aB5oWh2o>_@u)=#Qbttm*Lvn%srw61o_Koj~ zncBwo3#-RjV1C~62iEnr4I}NN?Z3bI!|V?S&_}|NLvt2q{Ay#T-@>}O=|YNK6=tq5 z6T<8|1B)1#9k*8)X~wYDuuBem<|2fJdr9UuOKSGXMrDGsJMWeoqq96OEo6F6=8W$saoSF(Zo#}YR3UzGFN4L3M_u8`9j&JASeE_Ip?8ErYY>~y8_)x`8>=9cYx-5d4VK(10L z+OEN6*70Krho2H|YHaZ6(gemOC0c6``s`L#|gdF5KfV9s|MVMPVs&c18ORr>qNuIy-k zUpyJN$%7UGZui#t6Q zUdv3R;PK}5Nx@^E^CG6p&t$?m^T;PKxdh%u{x8KNLhCW-Xr+?uMSO_qR$Y;d+nbFz z`@4v-$69sv4o}37zRfNt-QH5tdm=qlN0<+7DG8VNKcpaaUj*Od2wS557S5@vZ1!Ec0t>So^*ZFUVX?J zN;&NjzcpISw4y!cLjPFw`kT!j+3wCnT(`!1GhvI_?=$$1bA6=wt5kS+#og89I{z)gV%0v`!{EuaeogbFGRi4A#{^V}@+-1_oM%dqYp zuaqbP{X395S0T*&EPPw+ty5J@2rx4_h=|tK3@62ll{kuibh{1+*`bjNRSb8 zz-lrf*YQ)Fr2*`e?TvCo*EE~-E15fqHwe)1VF>ddk)w$)U?h~xoeBv zIK1(kJ5grfWIu-$bxt_AfvQ=l;B~_bGu!+6ilZ3^`F(T`{4ZXc{+E1?7tVc1Y{4WU z_ehZbw zx|LavjaEikY?PJz7YTw_7BE1^M*1q*^03p<->;1%6Nw?e%Y*QIAY!h8_(E$m7)*MK z&!CG`492Y-GIpxGpas_{T^UvCIvfNwT%$tf*ScSGbOu7XE0oX;nQ}Zi(H!e4yZaz>$8%m^w{!bm zPs)lkINcev7sA*JGB7<6uh-%UG$m1930W;czc35hLZd8N9dnir2?ZGz{2Z$)i=CSl z3ILJTIf?XAj0)=Z_ z2Ww|vsMUVPZ)vH60lhG$nsW2+6%8@_(nHPWf&I3@fX6PoQ{kmQ_NUYR^oMQy<~Nsr zaP3t(!x62fnExJorcf>y@Q22X?B{9eGTcXT#DOLnDWNbU2jgJS>PyTJSQ%iKBekA6 zt0ep8f{`rJQ5-^u^G|^gV*S8&rk#bz$9j(v3A**9g4uorJIG596{9)1zdm(T#SI?c z)4#54zx{4P4DQ_DAzEsriyf9FkVfrle_1W*-+3*&lpun)-OwRf;@myryHp=?q0#Gd zhjcA_SFEetC3PL`iT5yj4}<5JjG^HCShvo&)RkjeaVZ?5Feex!RZ9Wg<4Xg%8YP;E zfWd{nqUs5RssNZ86pT{Q}eDOdt#AHyou~}3p zX=PN&I1FJ<@DCUp6(m2)T^_p9KpKNYUFnq*JU5|~<-)L@z`DPPIi^3wkZ4p0eX^!j z?G2^XPl7q7r@IK|m|P(b=9m`CsKhbs2&UuPOQITQ+&LLyb@iUz&8<*-|h2K9~|rV0*0t3{BOWDi4%uCrArN`(Uq8>RYf zPD+A64kL$*8i}il^u22+E#{zM_72ZL%$76VaR;_Z{tZ)>WHM=CZ->Jo-M;*#FD;+3 z$&wbj;mTMOZ)OB>z#ALGQA<>7*<$s1tiG((2XLTPBS&TJ7LDxD$g(EmN+iNgqmlVg zY#)|20fSYvAb(H31pQJERoLg;QD%-)C+}TfIDhucbN800YM$;{9GX-aPleD##)wYf zZ>3^BrKLi)C^JnuqV~^QBKEI4qL#<(F~`)Mk$QYJQIFoiwwgWW9cHiCh>S+UqtWPS z7+)OhKTvD`iHWsq1{OU9pRYiBo_Jsju&oP1g|WuRtGP^C`i{g7frL(SNaCZ?lhP^a zXA*(m-XyWBBvw`a1r$C~s+ii9mON=GpDqT1A=i&xtmGPX9dk)`SIi}T#`P7~k6i!e z(tO0lj=0zjE;jB0J9W%eM#$Y2E{1o7T%M3?KdiD)93csxQsLZ7Mf63Y-R<$_VzB^_ zK4bxYmL)%DhwwPu0<((s~M3K+>}l$53kS zdC@)pmw;M@PHf(tq`Q0P-2ObcFis(zjc1*~AGk;8Crn58S|VF1-&jx3 z_wr|Ak8~m3Tn|I;5l{d8YajYKl%jw|wTMGtVI!yxxBB zud^jG2&jBG8w_PKpM)R(?}=GzxOF^8x8zs`q$oqzV*)zAGi{+W`H!aDk_bTfKMi0HnC4`3Ju zT#?VD@j1ehfG^#8nbI*Qs}v)`vIjfeNf)#dVY}l{z!NdKe$H2~DU$a~8tslOl(JMzufHyZ`d)pNoHXQM*<~HfnPTG^aF!=T0$N_wE0iSPV|U+{JH z8EY))G@6Y*dzUrh1L6l?9pGyWaXKl$;?mb?jXenpW?XbsU4EL*222!-|1f$=TArT1 zn$EReymkq%)d~^dkD>7u7vX0z8rd@^am$igX}8uRDhTe|L=k`%as-p|)xRD6*=g6AuHz0&YuZY{1L zWa@&LX1R>Oh6K@JK8B}mIf*u*Bd1T|F9&CSTDSJs?*mM44xXF3;oE=eth#p`t==Vt zE}GrvZW_IU_QHj2>2LS~@es}&S=SJPaXB0S{gAro&Qwn+P2oo{6lAD5{Pg|rmK=@V z+5yBgo%Sr;RXzHe_Do(edeg=2i3pn-=@76kVOa<;Lm(2jxFR|s5)H}0GO&gXqkXos zCD6LkEz0npJ{>rTNerAMTLL^J2#Q>IWW9Dnd#6>*;)s44^hp;ilRYEH!})HMnTNZ z=A&~4gDWp)488y;)+v4h>w;W|R}fCXvMQ|!gYgOlA`xdWx+&~O&`i~R=5+RyJw{9b zhHR=|-1c)*Boa2YZkdf|8asL&MW@yss*TOQ*XPANnqR^+c7ZI>O*Sd zkdz%9sNkq)?eB?|w{^y^K;tKNF#OLb*ac=Y=$M2maQzy#hp-fHfi`1OSZ)kCoi4;i zf{M)v1~piwGfG|KkyOw-7q!olsakh^&7}cNkTw(r_-~B}i`QwAze@uEzYqZ6j4C5V zq1gxFTAM#LQ__zj_I9Kv#QkT3Xm5u76nXV`7iJwu*f0}zl<1%J8KdV#)|4pfE3{f( zdPU)lB<40Cr09%%gZaqrbHI=9Y7I zt4H>V{`DekPrbS(!j_o2_susgR;Bw4!=syi@vgJqTCd2)HRFI9dJ1}M8DW28G|8Ga z07AecBM8oLld7{t!;zejbL8SV$>T&MBDM&2npS-YT@NK?UcNhml@RalPwcJ+K0+kaeLWx5}}e$SXssT6Df)A}CK zz2d>-L6QJ|^v=c*?esc>on&n)ibpFULh{x_l1FR`erE71M8-iNFJy=_>3p*2Ggv6; zuzr7kpGO9XxETFYH#hgCVY90+md=j$SG`-Ws|QzyroBBbWeZE%&2Pb0R! zPusS$Zy(|3UJqZR4=}sBZ_|D+FMw5{(drq=YtY1h=C7R+{td6?HE4gN8Z^O(Gjd%` z32CjpRr&zVgrCyurN011`vV;5bzB_x_p{AsW?codrW4f%t@hh!9=S^fikRnc`c6hjaKAk>Obc zsK{^m#B-2+;GzzsWKUFxmvL2_j-oxIYInnPhUXx>0nhMk_4enU3!GX8d#Um^{+4B7 znL{f&-(ar+JP!~Sy!9T5=>7Z{aeM<1I7070S8xRrd}E4CPH)N-XE#j5pNaO@`l9cT z4)*nhzLKstrt+?I@|C1XGJbB(E`MsHtVCgAOviRfm$-UyxhkpZhULtkY2 z1Hvp=$ou*n+0tAl4%>Rp+R@9x8OTpZ%433gigW4V`b2dK5xcoN2{K%lDt#8=LRI*C z5Ajhcp$R%E-*sK6obn9x4sOd-^S8{Rcs5rk`U^4FU%WFlT_5!J*b3Ew&}1vvJ)XXd zJ!bI41IeW9JqBH=-p$qQ=Ab2B>`&ZuwaM-=AJy4yrffNqb|Y%i*=wXLVMiPi3gt}& z@w?&_oDOH)`Jhu{7XkcrTm@T1licw!4HT6cd!2tZB0uoK1x&cEuBi6q2X}iQNu^3oOHi zSv{io*ymWqCrZ4i1T%uYj6m?8W_haJzcH{+|cVZU!k4+65%0 zG|k&pS?klg`1fcP{+(l5x&49=k=hTO!C?12e=b}ueii3JZSD1k`0KO$d%EMmFNl91 zT281(wEGQ11g_W+H%v9NrQUJP{#<>gjT1U*x99MLf#dMsG2l>cFJN5y5e-0lkZ zH156YNHw=>-@fjhU)poYJu7fKXw0!_OqhXuQZvKTv z;~%|p%PDk|`iXJ)Ebr&Aa{ov8{f~{0PNLIv-|Misjasc{mZ7V3A>!<(&YpTjQN1Z3 zklFbyefCd}u0Ds~N-ud&)$!D%@f^Fb;R{Yn(@N_pN{_M{n+9!DLz-N;+x4bdi_Ks} z+JGCCbsAX$;PHo{PN+n%Vg>D_J`wlt0)ODj!+-kv`G@lRmf!!s7ylX0bzpZ)Hu8}U zTVTqbilsz@$JEp-=RwjrXTwD@YZL=>l-OHS(}UuYBIQf>euhV=V5H;L=W@B)BJ1em zQr(^S&!7EJ>863dVw5OKxT{x__sBIsIdxa%TZ5I!q?KZ@=`WlhY3<A)6UF;VUdNDIZp-sb5YMM06(Cbl?+ZN++4|MJAZr;5VYgw;@aj^fJC~8%c0}f z^NX44loV%Iy}iZ5gZu8BoxXLrY6CbSzOdiYeu>2_%L}7dgnNdMjBbJ^5Zkl=zMX|= zJy|5)>I~omj?Yf_j>2Ec9v_FVE=eCA3J>#?6ozaeNaz0P{Ct|eBa_UbBNKPxan&Ol3(Jqmvj>gxpDA-zP0>*{P(lH^q*AFa0HXP;cT z?z*E#ue)wVSsQf5T`oQY%wYl1m%1j%jB!GV$G7-{9=|_m_J@cL*W_wC=}vL3K)`^3 zoj8Ot-y)Q&3~}Qu*cgzu73QpDk=OV!$g^FiUpYYuX`F-r=_o|XxINH0#8`magMe-} znS*K=b}OOxR0ys@bi?k84i^|CiW(@5aKy?6}{Q=&2WmFCB@XkGM+|4uUZ5<0jt^RDaS1Xi7||2vd!m zP*|*!>U_0QW%g>U3LHUv(SNKr-m_#dnLNUdm@d2Ip#oAKC4i;K{b#yLFkw^`iI(GN z8dw)kQs8fF5dVap@~jn)2#e0lWGXsV%NjO}SGJ9(^3!|z-my~LetcVEDusGE);rSM zX92<_I4s_8(CM_ER6kJBjeYgzRa1#iJ$mE&t{!pf^@jEyTiUjB_m+lSPWzB>7G}=9 z3Lh*8AH@rF1oo6|F`F&u7VAB%=U88*@6J9jn8o^Vq6)3h(OSW4GWo)FCvz?(AQ1%4 z5T!(R8KR)ew5v{1C8z?fqD~@c0H=z=L`wcm!D3SM$m=FPR!-)^V)Hzo$%?!k#hc*Cy2Kr(2H1nlzI6$eF0PQ>M_-0`SS60c}~QKL6% z*dH`{ofItg1ydtdoiA1j$H#h500>@t{Ph*&9koKL;nwQKmR*WT2nin1u^k#gFi5H9U(otoWiE(TAk)gT@=e!Qd_wnaQ%p>Tv9GdZ5Vz4)lmKEl0w@+*>V{NGpnR z1CvQ_Hb-Mg0b`cjB}gz-B@+hPBtc40f|MYV=24xHN}9l+E}5gIh$(22O-|g-7Fb$( z0llRWUi(Gfq3U6t`1VB(CifKA+)LHFglqXqRUo*pD*5>0i3?oJHTM#+0$7u3VjH}2 z+_Y5m2eUZJ~Ek|n%tPb<@SI7_vQ-hdW>NdF~x6V&ytm?YF%t9Z7U`Z4I!q zR);+`T*?i)+!K{<)XQs)Hp3x3Cjc9|LaECBXq;3V2xwxd859rC=_^QcD(c}kv9km*}N>~u{3A^m6c5@DPB z^vGFb(F2M{zT`5uH1Q2T4sq1;1KycJh`Arj96>}}#58+i=3!BkA|w4}*If@GJUMoC zMYNs$ZS~6Sb$elZYc3|*s(a=J?K|H&OlLN4yClHR`~$i|F|xPfspMyhkqo$Rn7|n{ z_&m~U8|Y_Hc(!q!o3KXCkW&o#nBB*mKHo00!(+3W9eRVwtTR*EOpA{+YeQPp8f$my z%vkuS7zG>?|M_)}Fcry{!;()3;=iE36*wBAkPQAYDEJ|!=`iW&Ba~f0Ti`MZnINQk zeqp1)_%zoLRGzI-c^3PEJLm z%?+d8PrG`mHQz%Iu}i&RGIV(-rY3{_=GKK2a9ULt5m(ds0GqEHUn1nufG@?P#w`bQ z)I4T?OJP$#8swssidQ3}dU}UPFz+xa7agYcLcZaL!dcqJ~yOYTv(XmSVLqB~&sSeO=U2HI95ZSFIRTC*3Gy;SNP3z*!( z-MF^n_9(>QqB=83IdDdCnbVpKjc_E41DF|P@0KAqOEEC4%^)pM`P3==9XLUG5tt)x zTBkJbh*;4vgD4i21^xe|y$gI@Rh2(}_Br?ce!t)M=H8p!B=_dtJenqHZre0T-wkO9 zElnR#${Skc(KcYK;7nu&W9`A?>%x?&xQ|=zJ_M1>(7jKnx$3M784s2KFou# zQw717L9ZFp9<-Px!vxP2uf?=72?2{8c#2#ewJn%ilR(vrv}gcX%I28|X7KC97iCNw zREIUg<7)XHaS{KS)&=T^4gIY68NTGA9Ks$lUMr9Id)iY_65osMfc+ldtCuoWH&QQ; zDO!>gS_9KypHukWDh||mz9+u9!q8&B|M<+u*$-)dWgj?*?+|gUs8`yC_wrad`5g2u z9Wp!@pqrH2rY+;h7MD#porSSDVj?gvm2o>9V8x(f2u`=g6FR3fnT#RYVzS^d!PUW` zbo^vbjTJmYblIFFn}@~;MawVzbnQ?`(p^H4?CI+9lAjL8dTgkF)r!G;{q0SDe^a~v z-c?r*r;|h1jNZFs&-%8ub$fc*-)O6=RxH!o;+?r%XWYilfBv)D*5PfPNByRCOxKVbcV z_19J%@w#z0g{&Xb9Ry5JCt(IC7<#11Q~eaAK#->bbQ5GE)_fH(<7G2chFuu>gU}LW z8}&KWjZ-lO_I+r7%d5>6LoI=;pVC?E0Qh69o(sa~l{AxfJMwEG9Y)=0aT*#^-D@FK zR!aIVq6*vP0ru67R%6yaGvg^*2*E1bK9P+n@=wmc_9;c1WS{UJlW3enwIES3qkTp82bp_s)o> zQghG0Ci+^r5%t)mYBlA=&Sf)?RZYkBV^!U8^!Pysb*n6a4@EO!XQFFW$H;80CZZ#P zlGx}TAtg=z#rcbQm0J$YS4v75h8sT2*X3=fm!f^vRg21aAJR{PTED5#bZL{qT>xhL zSVCm!$`~dGA=_M$1Oj}d$w=LX;K?b;Z&5pH#2AxiEl?vkOsqSZ#pyKpGuYndq64IO z_KeYz@3gf=OJjYhME`hY#SOi;GuKt|v@2)_Mq|G$|BpuNYg^UczOvx8+Sr{3xqa}u zO!Gs5_q9n{_cW3Oz+s5hojZu`3XeH(Y*W%7)@$^Rrm@VytYvbLQb;E7TUqq|?PL9E_4{dbx4vluX3_7%=yxaY z_atK8n-Y{A#6RXx5=u!qtY{QVax8H$RqyY5Z*xIP1Q+zZ6j%J#{aj&9i@vfr)?e%8 znK$oaqGgk!$YJ*?;*nB_2Oi`;jYT;lLgBEn=GmaMrIWEukbHFF^=0P^P7U{OFr#JC zprvp~EDS+dF@+>Ekh^ej-~?azWEML)piY8Tn?pfq4AkkvUd@kO-d~<9N1_|j!S<%0 z=IdWGj8w7%$w=Gg9HseWrj=I>H`&}bL#YYmBG)cyv6|ivW~-4syw6`#`p_QoacroT z^3$2|l5dl5ukRk82C9|87aO-|P5Lq8!JK)bh)r21g(scNC>c!2N$h$sj6}!|O?QmI z+48xU$uN3VWTaDbeB$t^W;iQ6gP>4|<-yYC|BWoh#b`zKf(nNSZq2DR(m5xcr0R@w+Zc}i= zWtB7_6Cy1TN9#1rD(B!sCpiiu;5UWy<SHXCDEmJY?T@sS5A6*O^!K=DOfB}FJi^2rqhBcQXj^_=&bO-blI5B!5HHBh%`G{_V91Wixq~e^ zQy@I)_t=;wuh%Q7N$?0b%*g*@mlaBIJ4m<#bQ?}@`BaClQzl_y+Q%@ri%y3|%dfQi=~4K$TKY1_;)`SHQPCZhZbQbN;do3(SE&V_K>`p`URR0`vP$?%D>|Ma^#?}It&IKoWNjW<)>T3 zxAbfFGrrcZsxE&FeiWSY6I_SS9ps0xyBb2E;K#&Lhq7AafSngy8jjd88;Pk4tDVB1 zu*Bz=JE3+kk>Jpz+){+vAw6{=YzI9ee49KX8aqdRboW4Ra~o2aWGf?vuYFw;Y-$gt zH$)?qiAw+FBUtOzJtIvv$JkFRSlZ&)1`A?sesI$nYF+ zK~vS9CDXC7YPG-$$2+}axtfjQ7WPO_XMQqWDS^!gr&mEwHf@$B8_g3g86hH7h}YTk z+o#T+D~Dd5g8o1rxrL^RI(2GbFQt{sh}-&KP>^hQeKZ^ZL$`LGGZ*Vk zZsKLRoe#Nn7-czj=G#?c7>H?@`VCz3+_oUUfCSru>6E|QD&EYp?Pe-U$sIa{en_?t zcA+t$hnAr0SfPg=Hs52G51CoQOnG?}yE#rm3AEda0(Bh5m`*ZIz)1kfeu6Mlq?y9| z$pf)z@8Sv%MeIOSadrHWL;nD6{Jy#_F7j%W;U#GS_uQ6hS6c}jgoW`z;6J8&N=P%e|L$ts2D! zf}HK}H+)I{Z}=N>Kz4OIniI`(^8sn7dSerFAj7utIEbq3Lsq+y8O{0NXu`J>io{`` z#%FSk0)4MbjEZxzGoXMuE0VW^4dz6p5^}r@yItsR>Y)zQ;aZ&G8xQ%i@|V=(vWFi& z`lT=NBeU7ZE^uC^pWd`-dUXD%565K`Z}hsn5$B6yjdo&ZD@;2ereb@62M-?4>2;bh zs1z;PG!oj8Pe>o041m{S5EN?@3?68)xe0Mj`x~}7j!#0n)W(RmxGM{GwYq3ZFI1&X z2WO5SU${&UvMmj3RJQ$h@Q+t+Z(OMC{@JfA6h2A~(||aaG~#(Ls&*jzIicH;dam2i zo#>V$xnZa~rUPA(5(vq28D9yiXOdqbl=1osZ1+LGi<^oj#bBE5&cr<(?O9($)A3lxD;+=YP~si&4sBu5&VnM@ z4W0df-+T)EF%G2it!>c!4Cn&Q*QORUw+FoeyhN=x5snQS;K#fo`$0l12`W9G()7ibzMaAL?mnM!3gV&fNzmSEWM0{ zSpir!#tdLJ(XZ1XlOQ_+4J9FX7o)x)@YOgc&RFiW$Pr7#0>(i=4mjovof9kuisTcf z^D#;xyCBAmASC2-Ys@H1fiGk}s^}5;KI^m|;2(J6zI1iPaPFT1t*x!0cN=`!{`UM( zy5Af_P@ZAU2S4`3z3c8gc=G_e)mJV=eDSMH7M~kKFWN5ekm0+PzEHJ$+-_3cUzENl z{Q_oN(zT%=o7d{C9}!AB_w%}hAv_cy#j8skg34>s6XONetIAe_sAk+O zDheh^6=qiPaq|?M1h9wr*`Z3Ki0I@R`s@aI#i}d9N%Ivzp?x~hSBfiF8k&NkCc_>j zUhJR8rM$oX3{| zqizuA0iDjIRLtet^MzDEiup`>9_@SL8JIQoK7oXQ0uKk?KE!!(f8NwS2lWi4SA;qb zP>v5yNto(AZ#*r@(V^;m$H>mD%#|!gwgsZ5ix(fGT>r)%f?KdS5vqo>$n-#vl(&`vNFuI}>p_oTOARUH&R3=>{@xI<4LSCM%Oe^Z)gg2w5krZ%#Uj}Z z-ZhXHP(QJFdtJQ%2a*yhU|!&fh5repGH5;8OavT^lW$-;iy(Z&X92N@_!=Mr{Mhfj zm8Gl)F=E`g$yy%x*kE_}RVxwRz2a!FZ)s25S+H~(toqWG{b6rziTuUuZyVhixwLnm zto&GhREvbJ@0QuWv+<=@g*(&)&N6&~BXTd!Z39wXx}`dx%cPsMO&M)dlakA7vKnnx zYYmFczNOT{C_Qz;ilfbDjkYPP%~~Uq9)>`q^rS`MiI>ne?xsSE1eA?a%0R2BHIj#4 zS0s2Q9Pi3LHrB!oAXCbNi@)jMO@H>k~WZ?Ua=dp}~UXq zIfy7E04K!Z&PkG4{2d}QP*;VZ6TdkmpcA*zJNoe*ge9{|E1#Au*i184*QmuV*-Q3K z_MLVF8fu1&dhLFjWE_QsqqUBjWJ<9<51skVNuoi3X9JcL5t#7M416xaBbz_|aj^4H zZ~%M%4YS{6O*gRAowR=;UmgCSvnkYD&2N%uOGg-F0@YUS2xirdnT`5`HZttYT9ELt z2@8_j)~XfCYOP+9y%0VSK(OKfe{Qef{x-}b}|Rtp;@@J0(%2;AReD)8q3!BFvEe>+|OUHtS zV!=2-ISUluQxLd~H^U-<|Aa>3E$~P!)#&y^U2lR%YFn3^ef{1#Ac^8w(mal3t#mW| zqOIlL?o=YtR9;(N+aK_*Y7A*vZ?*Q*Uf#csLR!|cwQC&%E7m0P#s1z!VJ(%HPpEo0 z&$_ZGv;|t)2}J&bdV*61y+xFZp3HZ_OHk8GYrN;!>bN6X;F;bu`sHoc7`2JOx@Epr zpG)85vLUyq*Kg67_0^lRe_2S(&fOM=Z7~x%sB@Ks=M8Z(vAHzIc8y4PRM*E7**0XM zaR&#p8?#5UO13}SUosoI$8F1NXs^}w)y35^k?Rc<`v?2K-2XzqroUh5=$v#%(xo=H zd1P>i4K<>^=6m)6$S?8~H1=#wbc$Yt+7ILBt@`uN!NY>BeJPFMLX7ejUHg{Ap976$ zy0d<*!Ku4YXS!@}fRaHj(_ToiZvpAO)nSVr6uxdy_`3D7yv_&66*|{#@cH}>hcsmO z7YQ;P(p${EP(>zp8uXjq)1Ew+Jkst~fYs+|Dt3*vza12n*V5cCAilj{#>C366yh zMx}57d5ywS$mFz5xa(Lj>flplL%-_y>HC4J#trK3kna?krx zgM&l)j)dIDfP1iOfQrH>+B)@9SWbWW?)0dh>Eet$Ay2*{um^E(YTbJQHw`(?dBr~2G5QnYrs{C>V% zl75^iyX?K1>Kr163^{+rX8q=l@drjyt4CHwW`8cX@7}a&_xls0Yeo|tlVh7&R(;~_7)LnPuhq@8iI+6_a zbe6r(Gr;U<{sKp*xUnXEz&EbE$;GTL*E*xc11ozPVN+V|I-L=aQzJN2b(Vn7<9Epn zznFW-;|JZN$KW;t|96v>4z|%?rm>UwV5@V0P5nB)^Bt$Xlv?P{p@cT^_5|CF}KDC@ZPK3eG2k zD;AI$ezD+~6pC7{5RpNX+vGACU~@7lJb_nnP)K82K+n5C>SMMJ@JMB9Nv$2!3NUso zT)0lO!Ug)^y!~o9po{R+)#`v)v!Q|hCEo9`hj@D^evrn< zE^V*&>#=DuwgbYElq$xwLyEKHJnVeY`90?^oLak+0pvPl-tVxD7IA)MG+Sg?>GG&v zP%8+@52T)I@eyzjVE|M61g`?z3UpkkGAe*X;obM$E!Yz%91a18EL+Q~OBli%;fEt! z+s^8M);4yj{ZYFt!Vc`p*lt94-3c5E@XZCMOy7kM0sh8emn;)J%a73{8BK~bL1@DI zcZt1~W6e(Eum+z-U&c{|_%hmkyc|-x?a-pXe2U&f_LKurKfw7O&vyi~Byb+C0hAw`?=4Y?5)t@?A>x?_k zzcAkw>OOD>`hsl!oCPp7$P-A5jrK3w6(jr?2W@2Ln4B>!v zJXfn3_0}7kl<(Nj0kq7@9-7@*Yb@7uG9wUN&1Ojf?zaX>hC2+d4c@CF@(CUdcm*lg4hTR# zsBh^Z;D}}R>|1#V*x%0HAlttECN2WBf&BR+@_BH;R)7?Ed$lv)KU_4VgF$EKaG^Qf zo0iiDRyD6;;Z@AKiZQ2P%rQs@hJ1r-iiOeEV$Yfw9Rb;#o>7o86b%bVb9#$~bB;4A zYYxVW$PF-ZWoo*s7o!R>)Cj_%FgD=0YPlA~XhN^&85!CYt)LUa@wWuMK>cREUN?x1Wj!&bhGa9L?4vG>4AZ&(Kc$w5f|Xu z&GF`9vtnqT?oTAMy;bifuM85ujw;-IvVAg|g?AjRc8CMv_^m1K+$ZiXtUBIv6wO#Z zNBP9?n{pyx?IYHYa}H6z`FOX%A0}Agd8a8k(UmYL&|`wSh4tlD#G{_}Xlq}_-da-R zZCl1Sx^e@B!0H}X-z6(b?%UsySh?rjvXaXC^f7lhAxEsX8x7`gTW_p?%xMeRuDSB! z_3?r37K`1h+pGAq9Z}<5w^uITP?|mDjM%h+c+wV)P^>JlE0o(_#PWZH|BReuDn|aR zd<}Up{}9^`TuBLxjzc=xD#=4efmyPc7`WLr;9dbY9QL{M$LS#SrSmU6=XeQzS#pYt zt$@g-zIEGu@A?)fq-Hl$$T?VN$oF+4`#IL9Sz1y}!1z$cByfPpz=w?)1kZy7*c7uQ zPw1iVE~o)r?sy4UX83JuRV3NZKfdeGtpb_-lPsdu*oKyMiBERlRK4}iqj%gicvJUNi8btlBkvo%=IdA7aO~I( zyZ`N)(f2Lr_YhWP)$8zv99!%bkIinuF`73dDPAQ+1A%Ur6n#X}>c>n5a0l8Q*aVdu zEr$@YWx|2K-Ubm(gMk0A&O{qdojiZ?)N>Bvh+i-e(30!d<_Bb96VzeJjI~|z_L*C! z+9uKqhUT_!ZJ&Dj>8b56-o9XPX#S4KpTpP$rJq!1Ofu{<=63`Vfl@#LORm%4#av-_ zugzh^uz@+wVRYzqPJ`19h?~=3m7a01iyh49VBa*bEr`4{FbDXc*BKp9ogGfM$7}Oq zxmll)*u@evO6;39w#CMDHgIA%u_<(<%qAUE=rnq_*P+J9_aYSjQcuDTI~hc>ECSQ7ZnP zio$&m=`MCQx~k1qC}fRKwB9`W$`{{r=MyiN*2S;AZ|SYeT-DJP?y)B>XB+?XKamY~ zZy6Fmtiv1S9<2X3yQ=z2bC|VySi#NwNQ!17F#45GlMBQ zuJdCQ;yT%@!|C^Wjy-e$6&mrp%V`g~r zP{$TXb=lhq6Q@sit!`R(HxgeZZ$fx+vXJacD)uC}?kHAEM4u(%unT=K>x?=x*fYqW z!}L8#!@~z>`xM`OPfeXxLDXW5NRZS9hK~dfoD(5+&j4s$8!9G7>=`?ox(#C$puv)+ z_Thi}kEws}gUv_#HJ6#NfcZ#*%Lwe&%)jU8r{hZkmmOM4tc(tOED|z(*wS3?3bk!% zeVFb2`}4VV8HiPTYe&iBZY#EVfYCLt~fJMf#Smq-^rDkFC8?9{$8kKSSA598mA!+HvuL${K4 z*2NAvL`P+d4f*lSTHQH!+P&6g5B6$hX|0&9B(nbLv#3&qQBCu@(~gHZ1La z8i6p!t5$q_^q_9cptVZ2FzMV)fL(=sW8O&BCxs7(G;E?uWIfiy7Ngy+_riRuht<+< zTnU{(^yc|;IRpwj{^^DC88{*5zgmq?TlCq3R-bWZ#_Th%uWam&%tX@cmI)j%QluJ) zIVZ+tZ`*L?(NDx<+RgZGI#)l8IqR1Y&E+2wIeNgT#9jz82Qs(Z6I3ilnEnAjv^vZZ zhZzKfaAlheMmp8TfAp<6U5Z^NZ~({%*$=GAoXb+0V*P{Yax^R_^FKRmV_U2vdy+73x~k+%J`7;5h3*maYxeW|P@m9_na6 z(7#j~&Ujlc{OT4?FbSz zYF7xuL(M0_Sy8DY0NkW*p|~AFS!)T&X_NJbTyay!ijB>C-vz$cTBcu1zGF#b#qL#E z&BR)bcAti^_crAA{VQM0*twxIG@ss=62)YeU(#t^x5*NB+HA3l=2QBL_K)y!@011* zGf;B6T!9V@e%DZE$AQ5CX*d^1W)jh5$waPeG$00l$(mLge78#sKTz!0Pu_e2z<*dg z0d01E7KjD)|7jkWn>q$k_YG|6Pbh!+M9?8et@6pw*p^E`ipV7lvg7xHRt?2;>yaff2E8g-qi_+%F8mK+tO2vSiw9QI0iM_$gS zrL38VQ6|0W%z%CR=Ozbr6D$NAJ3%|B&xP6&;R#6U6NW4tw>nGM+ji_SsB_^$6UMcs zaA;xTHQ8v~QR$CWq#3_V2YR0(%wmtC3rm<9<(YZqd_F1HhZWI>9Z<<0+7P zylX&8ZepgApy(remvF)(6i0NY_N>XrB1ez@_~|8wR&-uc%`}Z(`!t8cL`#E7 zk~PZg58)eom4#M(aM;|jdiS!yYd0ZE8f_qKObUBdUb?i}ZA^^2LcySHqDWnlykf9r zW6O>f(!~%++#HGo{Wf@2VTEbzO-)c$Rb($Eub?(zR@9(AuL25KYY@0jA^K~lC<6Gm z05zl2e|Kia*ulOza;Ho zr1fK6tOVBkDPSFuMF>Y?p&^II8QBzJDv<@pHyflOn}|IPBl+rR&=4B6HLxopFA}NU zr%Cg|9#%ec4vGw1MyG8#=J zQe(b|KV!~ZoB3`=c_70!XKu>KgJ1y56f!cHz~J*0+!cpBjOZ(brzIVY_$HEItnfB4 zR;W#YhJ!|MUQz&V8(Ok3B&-2_`zACNyXuhJZ5NLCY5>`C{dd#cD&%t_U1Dvu4T(Ad z(c|X{`;j&%0iH(11x0Otz$5zv9hl^T`*9S`B4}z{haefGvOZu>LI~;eSQxCbAmFiU z-gka<+m*Hs#5jWR#aHv8pWk-XZXVazl4s7^u>zm-BVdUoE|@LV9;d_aN7ycXoRMf? z4hLThDn!2ktyeduIT&zK@Q1@{(@pR#1w4u>w-P@bK8GpK!#`AhD3DWNPleJ`KT25m z#q9Qv%*=dbrXeCz_}kCV?b)fuVDh;EjJiCB{&OROs8eqO6Uh*`E4(jynOyQ7_8#*d z_iF53Soj3onA;i%e zRlxaG^=_<9+xY_tk{eqQS71XtF&M`^=5c(Yq+|X^{cOm;+kdD31Aa}|U+~LzFjvbq z=eXmb&o#k6(CkI5rQKvR>6n=U%br(dp?YK_(BYV?FL7`Tx%%n#%B8M#56 z)6_xU>H!Av>Wy$4B1~r{_91eR)p#qT_UNI7rWec}mAdjIDF`(6>g1K+Mp$5Z@v)t^ zyy_g5hweLY0n2Oc(=7h3c_K^jQ^2=L`~$@M-3uZugxwX*irEaaOPz<@?Aj3~stQ2_ zQn$V&^6*$yzKZ8z6{z2evn*OBK$c_K;A7`au!SG1QdjIhbXna5dq0s^{QLRW?q#}- zg1-VR8YG|kAxj^_94sNDmOUr63>6}#;1GnW$5|#LCXY2!Hb00HlT=b$0)$mA7_`Zx zxy2x)DzPv}aygod6d8e2py$i9Xr3jv#@Q3Wm&+g`2%LDnfcz$eswP#G7CA^~Xs^Iu z_4%oKmdGt3l2bE-s|elHhs-Fh_Ze&!lcqLrrxcUP)mq5guD9h2tuB*E`Jl#Zb(-X- zlDqcZ(%E^-zFo;B@A=#NSE~UNSN!jRmOXo>lF6w(ds+_s?-dt){^>_o@%AHLLV?Q+ zd*cVH$bZGTdD3I?R4Nv9;E1TyqO@F?pl1<3PjfsLsHW>2Jpi2N^Ez`j`&Jx1p%Z)) zBAy;HrBs@pXAm;MyXsB2dghl3I!vE_@dBhhT9eVBTvlH^7rzO8PxEEhTvw?tsRcYf z5^>fmlCNsg9+bzVgBmc+!BYbnL*d3m**QEjgX7$_s!k<;jdUqCfORF*TFbHA&+StLV3ir?!cy3HOuy%!3c`l%T!e8YIrZ@P2lg9?m(>eL&&Y6 z$e)}0ebt(*;Khoyuu;4mf%|wya34~fKYzD$2bd~&oWG`X7%x}s%QlJ%D9&Hi2fxhE z2L6HDq3OBTlmX5W^cDUy*~@*rZD5Wh{Zjg?ntlnM0cVis1EJI&jXVRqZJcL7`8yF$ zFI(EWI3)p54A6HH=kmviLz%soYA4gky$y@ibWCQYq9g0GJ1`K@Trf7N2}@kC`+z=jxne4I?`J^wh= zvh3cEAL)7*04P@-55EI zt$m|nqof)2`BWck<^PDW29IXwagD+yWp)XFsDy_ywTCc2I43b*`{&epS}>kwwWMMpbx5aQ|J2sx>lb>0w@2jvpf&e>Ue8_9ed?Oir_wzC z2YnR;DBjQc4rt9u+xYwM0@WBXDHxI|&Ue5~bCeVBq%|krd55&7w&qNkZoE`>w{H}Q zMe2Pd-c9R4y!#GKO=_jP@NxhLu;z$RL0xmAj<3|}U{^@*kUk<-X*QGPb>vWo+BstE zcpb#=AnIUO^r>~k(@ngNEb6F@9E}0w(ItEgex!~;cdZ>P)ao&9l8ulA#+oGHeFUo> zx+RT)p7+rmTD1-qXmLZ@;QdUZbS=E)!iPcmN{mva8dVVL#|+pUxtS^HK&ft`%q57e zqVvLYCq()Z;(vg)i6eHA!-PEM-@b!Fm2STeK{vDG^H^fePivHxJZUs*#yEX!5VW#7 z9k^-{iH8>-FtG`Pqye~wKw7*4!b|{{RU@tCM+ksNec^kT9okP}Nwai-54DW9mvfOT z@54A?vT@n>P2^yJB-1GR>=J`(lg5atjecra55%7(`pB$4b01#DpV2n=Ww3_i@GO}2NHm0ehj8?LB<&m)uA4;y>>Ee-r-ABtLYQB*!FOS6!CQ$U}B_sLS3}?2-+}=uk_gwKJW_Rdxbc z?s=%pc9d@{%jM9GAdzhg1}&MKnT~g~MmxF$q~M^7P?><}AE3SNtJ;?73$^ z33U4S%lI3+2vIRp;23B7A`c`5wZT@Xc$44(A=YVfS0h4kfU<()mivTb`ywaj5^t@b-5n09fPahqBR;d29PBNCG(I)Wa|pxVPqO`yEIy@%V^W! z1wOCLv4!W$#|J^ffF;QPhZcUi@bdYWpF>3I^AwNnI5}0e+wl)jvg5bij=u7yy~rKN zf2X^UvycA<4yX02W6cN03b!3yUASp&^G(Q5Fuf}~*}EZo>Cz{zPF>o)AwAjsiD_yl z&cyLY5be|hq0?3kSPe`W(wGD}0=N)HB|60g3T1HcJh+JHtB#*OfBHDVayaNQ-PPnx zcFDnGNB^1qVOGa}Jw5v#c3}D|)9U;Ecz*=(yL8$yR&8q<_S!|XvLT7|@LCoGR7OdS z%E#cTjF5*0$7umWB08$2^b_Rf$LSay?csC>wU^HxKYso=1?--F2Ig^37bd|xPd8$8 zYp9R;WZCWV&ef~!xz<+C;FW8e?>S3xeKuz(LHY~aJ ziuE_|*l{zvN@fqYwE5yly~iY@d@;Km4qvAft6HoU9nkC+i`I(6)8ZLEIQTHc!^37; z7~%ezHwLj^yeLSW%Rb`V{2I4UGBsH!zn$k|X%au>I_fgYvif`Lye2kz1})%Ir7u!jVk=RjMcjoI5+UK)-aXsza1K28YA z#~=|~wDvV=MY|>_@>IYjJhhLjfag!bxjI`o5A={Y)UG+ZZL)TePN>D`e4BF17giO6 zwe0e;b1`em?2=brVV6>7`9$AE6*aefc@a@c=(bwh7MvB3p8gTu_IAFGsc*lI`R$WF zRlVE=yp7N4v)il|@V1401z(>}0qdX6!F&$0W1Z9Iarzuiy}>A0m0=%g35C^(P6Ike z$H4b$)~(Y@9<8JcXpbP4M$pCieX`SlZ1LPh0^v{VB>2+QOAXv0F{E{Y;pUGSO^u3bfMuqT^0A_>4JJ;jcq+fytRJs>?z`U6 z-u{le?(Sdl@z4FsB<4Ur6z0YGfRJMebAo)<3ZElp^b6&2HcP9k?K-(?++^HoRE*Y* z)*aRxtq)o?TE$=?ISwGSWEcWaOODHMrw&mw;g9Aga6}Mz_V`IG$f@Hr1+Y)Kf#%TS z?=<`IY@h%D>`M9v;R1jEu6KR(-F)2CIf(Cpt%Eg2<3>5*^vI#xgc@i%O8bq2Mz+_; zHX5-A6Ufkl#2&z6>#^NpD98~-4pDUMK606%)3BG41600Cpol3s5!1}>)EA8K1%h+%I-Q8smJ3ssHEnBnpuBF{hU=My> zdK=pwUoqI{zv7O{4LH&r?DyVrUGMF*FT-4z&%1=5p$0bK9FXbwL8;)Iqwc;=tn3@_raivC2tk^(P z3^*~H%lG9x?p%NVgPU$ypUtknWz+mW^8GotC)bxhh3p7D@pw-mqB;M+7ir2HFYoHy zJ=U$;utC>7w!5?I@{MH;JFbZos8CBtq5h%u{UJWDp@d^xmt%5UFs@;#Phd7Ew@?&k z6p|f4CFK2ycoDW|l&y}@FlQN{*6|e!90}2Mou?Rnuu|7SBiN9afg%S05}c2-U%Y?y zwZp0VS1iAO`HK5f!`H5UMAN$V%4NSeyLGdUpx(O8ThIPt*_CTsVRz8?knaB@=uu5l zcQukT=(WQnc!uN2ST-CRjUbuXs0ktVSchbh5=aWm>2&%0>C>mdwn^J8&zeH|Pge~- z%zG3+SF)6ngS~fjdTZsXTW7x&YEOH%kBx2jq}oHX-@5h6%GPQ5*}~@OjrUyp&YOH) zgX`LM?b)-dZQWp(@1}QNcVy%A<^sNvu+*;uOAQ`)oPds3yTVFz%YzN&fuK z{NemP`D6L-<+b*FJYUQ!hRm38Iu}b$g6<~l4@@eMirA~k^GiE6sk@MNv{^&Rg;J*l zp9I(0=yQqo$4OHHq_sWJ;s}93nw>n-vnJqO-@W%h)9~)Wp0_t6^2R&+VyMNbvxfY= zgFR+sjZfYC&Vegd=UtZBZv^9Rz{_mrRQ@ZnGQMhbHT5^~Xbj62L0<`CHH=hqi4N8= zts74uR#1_~Thg}BnB!n6J&D8zin(pltFzf66cj)aJUA|(<;>$dFcDrpS3V`^b%_{* z0$YiGE(fiLw<0Dp(ng`K7Fbt3$k;0*V0qm@c4)_v!Je6T|JMG#$)(ZRFLd-(s(q{7 z7I!LWZ^`bG*L1HB#jaXe-MTdFdsaTxb;)2VR#`P02`*XES>12)Wy7iR4K#lYIQs~~ zNb*B_DuCx+r^P>YTf`OwVW15<#wcdSDQL|D9)y+SGLegmZ3rnc&msJ%$hVt1b{XiM zj*=e&icAl3((4Gv=zqrE($O9Hdvh4LKu03uy2Qi_uROV`*HP?ru{e zikY(ldK_jVPCY?r4nLAj%$_^NlV1LYj=aD)(F=@V11TWZfGxkP6)V5?G#oI z7SD52I0F*vzoE^2P`d%tX*7k1pRPum$WnnyvB?}rt%+tUR&UUJ#g&ej-_~C4-sVmC z_l;%8SG8xFqw(~zNjai5nzc9DO#YD5V^Xfyn7yuO$Ya=R4qBU*ccz#7oSn)1K(m+2 zvHrQ`3>mE<&$d>JCR-|N%BHs1OdgvlWwT|S8vQurF>+ZmLwr2ob51vhd=oYVWI(UR zT%-g_h>64amY<>4y@bEe>|O`*b{1;+R3Ip@&|vuS-9+6=2pOvGAu)yhJ`s3_!v)^7 zcyUc7)Uo=adcRo7bcZ(VW}rbvX>ybobh>!JGD6oV@LZ=;o^q zEcZ7d#ezN2Tp?LOXP+ao1#-`g*o2g6OdtskdT|^}#PYJig+mdK%Ve}UZM7hIf_ZT9 zwvQNtu*a)G@K8F0-HJn#?EV!iw{-euvYn2MZHE2H>`qrN>7I?T7f1UQdG;FAtw<%T zn;xtiv*d!T0{@HOE_|6`B%-p1K}78s*G;1n z5t+_BO&q2IBrNzA=UtXe?z!v0fxGWMaNw@l^W9zY%W_Y5cMtyRV(<9+GtYeeYybMM zvu)S!+I79`yLQ*EYenA-&ArZ&kUM6nsp@$FI)OxxX-@7Bg>eGc@f~zjbawj`0eQ7B zeY&t!0%ghU{Tqs|nQ)sq*fyAB*Uvtj&hWjO{NerNr)OeL!D}NY&<9!Rs%qa_En6+I zSXOex9MYC-%#)2d%z0!~Fl5a>zrP!p+c5!@$Yo7F_oM^!7AR{RR}&=;{4J0d9AI2P zvM1ngAon2l8iF1;SeinDNu};~soaI!&j6_s)B4#vO(EnKvL)gX(}&uwu2{T*gx?x+ zgxsC!RBtiw^0yaqsfa0e*%jL}neA6xmV1C%cE^heheo$wXSOA}vK{+wzUBIzP0&l| zT-`!#mG0sCF6k)|{__?-_d2kievP&-MV!P+5IyzER^(;1ZjpOEa<3J%@Saj!ThtC} z6>Y!0pB2W<$Z8X;g4D2k+%w$=bE7y>Dg}dv{A5yRM6dwXSbYP-%HpDQ3RnR+_)bqf zvv{ph$OPt06QPjQHJ9b!xMebs;P)w1Cb?|O zlEd#zEW6}mww6%WK&jK64mnIV^Viwgo=dCg_a7$u`g;xLm1FCNZPE55+TDhE@@?!l z&5*losiyIm&1#M1Ssc86ec&anR_Zt<&jh zno*9-Vp=go#!S~z>OXT#1O<7oTfRUQKI|h_RNay zONj-zdF?e-mfD{P-WQ2_`qqLExa*foriQY)kt>!}cMqj+OI;G{*yLZiZq>RCG~Z0% zLVp(D=#`c}4QD74AHt6CLvC4ZV`^xe&tyg58X&q7NoDG65gd2s{0T5co`e|zdVGS} zlB*KmrtaD7$v|hScQ|i*5BtJ{fhKp%t>_JjrQ?+^-FDkIiaCW02iP&_Bf=~=rE)cH z8LK&{54!E{xSOWC<{(&MHIlKGlt4^(1Q>|PC}c6sKoZJ2)_l`VGwD((HS>1cO}Dec z?5nE=23E1q>`S+kzgOh5`3dHkPm02l+*B==_a!+oJ4Y^P-+5SEUXt=b`Uz8y!$*S?}n*ZvtnRCaX3CVTQE*AteUW4z>Hvb zZ+_R-_RR2AL-!6{Ih<+V`Ysk3T)up8cJE-dIw(h)*Id!xH8oN)96M$xjZAg*U$Lfn z_GbfYO|$=HTDNT3Iupy9>No`?a)I2qRPDzR`5gK&EDZ~LFhlm>K@H_pu|lV|g^&9| zPag4NU|DFwZh=0E|7b(Ofbz{g^l}-HeahrQMA;PNT(brnV+)+@mHxr^N2^z^xp&Q; zYV`ffu+z=%(N2v1ZmxUB+782Gj~U8qc687EZgfJ+KFq(ZH1``Ngg$R2+^M(FYSfKa z6O`M~WIf&rb^mxWGoFY}w;7YkR#Sp0xk;}pKvRt`Y$Aoga)2zN1T*-^S1A(|AicCI zRMUj8nKgPwF&9<5x0s7)2m5)rttH*mc5q2|V(G?G|41-6(qG!RG||1}U|UnVr7iq{ z-wmu@w`$<#ftG>$*NyI87Afa)<;b$#qwDU+rJDy9=E-CnI1Uv*F?Sy2zAm4D_c1U14SE74KLA^vt}9`Fy|DN?JHW5EF1Y>! z)H20!8wjLiI4_@@k^Yg+e-N&v3rGy7WT5Yt>h%4*4q!jP`U9P#e7RaPeLJuF5?)8Y z^!52~68;um2Rv$2hqMHBi1Sn6Q`}8f%_gLP+lXjCam=K?Ymn+tp1P!=4q<026`bjP zhWF3+Vc`)b#^0PX_yM1(;YPTP!OMMKlv^dvM+=?hTmpRX71TuMv|NAX<^DyK!#O#f zqsDw5;82+CRm+hsm*VBVB+5M}$}tvKk%#oLq?zp>l?)!r()FPBc zw*vG*P#Avfh_-$a&)lzcpiT6QUisnNE$F@E6N=0}H}|`$(;2{H3UDH_E`&#I^eCR? zcn4uSqCW(7LHYiq=nroyfwOGc#(D42P9Y2FEc6@n{n8!L+L^8=D+3^+iEU&Wm-2BqPEG}q^}Ms#7O?<~-cB{(8j}vm!)%*UfrPa`DFMdCq$17(>9By|#D;CV zcikcRe;!%#6qUW2ox*v@i8m`7+_oueUD=-@Gi2s8n2%e*XL$2sg9$34zm0A7&Y|n`~Mp28z;lcN7U=z<=2n> z9bHEmWv_bupZN8U(skeuB%I=l_k4|Cf1H;G0!qm%S^6HVMxEx7|KQ&o4=6myN2k9U*M7Vjs)tQJ&u4 zP##(#EOzSGyz~#eU+?=z>TkyPQgNN{rJ9rcx&i$y#xu{}&C5T`$A_-}gLn_y!>=Fv z7`+DvT-fFKdlSW zbBoKK+%Lw6`O>@~N!R)PZ2p}O|FpLM0NWTqFeR{n0OQDY*vkdpee4&tXMR$(hQu@2 zv)=NVkH*x#cLr$V6qV5CsgBj+?|&SVpO38)66L9aH&AFuj+(746*H_V4$tJfFL zho7m}7te=T^?Jj6;OqGPSl>8NM#=zng+orz`o34aj=6++g%ytP?;-yZUyom+JzaC( zf2s55Ox0-dbG0N)(}LQ{eNhc%PyVl3_J6_cf;6^JVFWrC^?e!d-BB;A*E~G88MO+1 z?M&6`uyQRXUQ!k_uSc;>SDGgvKHWTKXz zqZZPuWF6H)x)n_$v}5i&cxF%i8NKH5x$ElnoI^e0DXK?(3eWr=&r}qe8={{c`A)4K z$bNs4*Hgh0jXK%lXP&sgGk}jZK11_~{S_bAR*v+=h}7f@yIZ~fARoW_e3JKx>x<_T z&MQfdv@Vt};G-1R7tJT+o)p&?%_sItK5tqV&nNbC^?Kuc61pU02iGM@_jnh+mb7bq zqQJGuBA-q)pB9$YX-?jzYAJ{&Oci-yLd-VksI~WESNtPi%V6iuBvDeaRe-N;!1^tI z_b~)}iQWCzRclr}l4*G4Lf`XI9MMBwC~_=Aim<4o0kgQcj>pAbqsZ2*C{GnMl-I!K z8ABh#=DD6$AV!w!0u0x0 zrJt`YVI$PbVw`IGJM+0wRMs@r)OaCt7k|Ssz|Y0{1@b;19`Q9iLgTdfnfkur@{wU7 z>LBAn-8ZOwpy8VykE#1WJ|N0d1&hi%_*xhJ@(B8c?;F-=j=#Sb<=>{ac3Ac;->*KY!>`7jhYY?y%iv7HJnY%a^oaB->JhUKJN}XtysFK3j5+{S)!RS+%o7q6M)7T0 z^?{Z158xJ_Ast~e#t(jo1?!%4x_8jHDo;uGqbSz>KhgL>H`H7vuCr-=U0wIMzCyiD zUNu-!HQi8SRIjJ_b+PVY185@Z^)7yW-UfJv<_+pS!>_{%z#jKIe9yw`LPrp`m>2y- z{t~_BtJ25t6t^dTSv9th0Vj+%hyZHu;_@fpsZq=S5A4YXCyOXAbZ~mVupPd7ld4zz z2~p*w;HazfUM{b#=H3F+gtvW=b_J|;qD()W^#qA@&-vb^VhR5f}@ z& z--gen%)IYF%4ue(Ke$Z8-YHo=3k6_lD<&Wp1aDDZ_%x`zw*SwUhg|a@b$r#R0j_vi zpLoBjhg|4;gipiy1d4xd?#EA7>rbfb;lj_5Peats7 z#yt1B#-ZNFwqN&o)O{Pc|8sGlX386V9Jqf{z5gkCUIQNoP8u`Pcd35T!8J$K`&jn4 z4_^nr56=h2-iZ63SMSs6B_GNH-v{nr47rEzhVLWGeII(|OA5(GdjIbh-6tPN!+pq; zjBMe01mp>xp8@eOv^ea5_Q%Oe{L+)jGNej$|+fws0@CWt#8udQeR9Kbj4E#Q?zciOoLVW)5)uWkVa4B+G zNcx@Svp~XC%Mi9TS@>qlUP=`Pjiynh{{upbU(;Mb=O{_*T?8X(O4) zrD07Yq&0PJ(S4eWZ@4dXJ^4>!?_oN&>ng5Q$aByP3te0@6ekDxR<0LPyrDRE<1xN9 zEi%`rMe?$=XOd1K_O#l*|5fP`w8GBg(tq*ffV$D*QtcTzq`tql|Cv66+-YLVua&vL zdrwH8YVXA8>tQZM7_K;ud|5f#JB(P$55$R6x>_+Tcj zoy#!G-1Cx4@_rVHCEP}>%Og3?Qji_8R07jVyo%oWv+l|>pcA$0V)k$aNE!K-6~3TV zvsup)DP_p>0K*MVWqj?=Q|nd9XX&jDltkRJy{5wecpQd5B@nlN3h^!=^h=^wI4wQPqZ!VJz{(iERc2(aaM>YvHUVc z?wmz7l(T21PCW}g&S!zqXgmq@H=YEltY2x$*$Q0Hf9J!IY&H_ke7#C+xD`C3DHrXyX5Fa~Vyt|ya0zQ;F|RGpPbLdO-4O4_pGfET4eY;pfh~|$ z{_Ih_$BOGF_4*4agw^mXx=!UU=GO~vC_klMZ!EtFvYzp^Q^2FNcD{$dW$9XZST-wz zm^p4K%h?_jhg)OvD3X=Q8aF1xbLE$x0V?;@bLBIX2?vMLNC2r{G~LP}I0FF#kS4QI^S z#kHMz---jXryHu1=bk7Xe|~Xws4t0xzL#P>c+s<9ggxSY(EFHI@k&xE=ZhRR-(!9V zY&<4YB!2|dHd?PKo|B3%ohqND$&c(gnD@`2(fAwfUNpxS_5lTc*e*E7e`*Pv+}3E+ zpCwST{HMh;{C%c?*$}aL6496~9MAYjrp^5kcKINmKir0AyI|CCix^%CM~K_-_4ABB zq3klgck!~)UH^B!tYx9SKlf3TeaAc&LvwtNc5W4m@k$+wk-Y#GuNH_Mf8cNW*!?2mhx2g|F7X5dP~$Xc69Tvsm#f_+Hg2_NuvW zi~WZIs|~o1fckL#gH{n+uFzh^%Sw06{h(G>1Moe{>bMJr_HXP}>;zv|trEId>{hsr zy^5Vtum6%?r`<}HF2g+kzv?`1t-3XC%x_F`JrDbb9S!kRG~uPSy>Dfs(nj%{#oURf2d)Mv~P(qBEMkI|D)~A zzM&;f+Qd#`jM$yTD>gR9!3G3K0waM02ni4f*#kEBe1Dg4oTTl{KQs1+FNbrV`z+VF z&UKdiob%Y6>kZ1Fwe+u1xKGD^+4-XqSdD&YM1_^kZ-!?@m#L?PzQyfK4_Rn^rLy_c zZ^JAW`zZg&#Du8Mqg5rx*AN7mvrFERN<{cYB#d3WyTea62mH1E-#yuY?~TCTh^ zrhM{#+jCMUvR`gwuiVHyVI-{DsfBg^!uhLD!$$bM=HQ;AgGubPSK10D|@Gg*DUyhf3bJ!iQ|(GBeVN?;%>km za?1S!-tV|c^ku%rkTNe(YVzdc5IJaL8yBgQO5GcCj{B)!UHbddfsuKn#!@45&rj#+ zBkQ6gW0S$%zw@i9_pjdJWWuLws3Y^#*u8E}=}5T$MZ8B{jW;x(PyF2dS+KP~TW7WQ zM?TQq?>LtUXKT1+580xuHnxn^spa|8u$r^nUt1V?M{zq#=KtE-!YIC3{>EnV0-!Ej?a0+`|0m5{i?z@V6S7b*P2r}p)r0qG@9!IUZ+23J85%@ z-!jW*OBO#cY2vhT>H)m!yoO)5{;H=$)?hqznfXzfV{(dDu0Pw?^=~}?Yz;KmKVfYl zm$N)0F`Tm)?(g&B{ks_v*-8seewL6`_I)jRg*ul z=l8$;@cgs=UwT?#Pk*%!?B95<*}uvk#q-$~|HvAgV)(knaDSfy&-3p;|A+hO%VK`^ zO*=O#Yvj4D!STNLAME+3-?nr8;QsT?Bky~w?fIwQxO2HK)YkaiE%%?ZU6uGh{nniu zm3{yDx9&gxBYSS&yjg?G^?!YTjPl=S&+mT&MJA9e^vg!vgf}lf7IIh&p$0ctCOVgS@{>-f8L0H z-pG0nQf#vHlY`u-KfeE5<h?-JF?OF@&M*=F@+zu=&(KRz2e6&JV@MCya@imNzMS>XfQPH!&|E zA$np}3O|V9R;7GCr77h`N>s{&lQ@?&dy@Nylb)XR@}y&v&QBVpzr0C0Uq3y4e9cRf zTxU|4P=7cnYSN_WaWNS&W2#1BS=_2opC8pU>c*(3QMy;)=!VT(IC-EWejE6`y)9eV zsJrEmu3$d21>65F*K58}z|qh-I{(7Fh2zJQqjScl&56$8WZV5~BRG-Fy=z78^3fTS zrzSt=?Cy+`veJwv${N$|UGn0_W`;*^+&FRC#%T{v z9XmR`VnI!IPW9)?)4!B8b))KmJHZCMLF{5OHz&+=DxI~?zjyxBNvVpRzG2OOj2ad4 zM{zHRZm=OwzkVi%1%pv`zI)^_lxwFXM@}D1;nb?G0kz)@*3gtimf|!9g{(2m(M6$l zc!qn)bFwLyPE!?Y1%jW^;?|!;?yJvBzJI{V&W{g1{Kc=;)qd@ZB_&_{T5a9ezWDGb z+mpwSPfp3oa{qc_cx+}?a?1F7Z%oe0n=mUjE)?N83+ zC#d4nlH=WQX6T`~$*Hq5LYZMVJ~=IZRBUwSWPWFk-`N@;$$Bn4aopIX30ZDK?bjYF zDS3?K{___fe)x<3IWsFIB{MT6CF|bDX=AfeQpZiaG-X~&d0OSvnDLR&_%V4E=@m)y zy2=w%a%N@bRr5o9F(Gah^6x!Y8W-#P38|qN*Bw_qef)ztDba2|=V&Kqq$iJ8`wj)S zM*ofbcg|FoMechi7}G@D-=}7#y8pp@%>MmX{yY2~?Y4|6=5HMVU&Q$5zo5q>cYK7X zJM9&p$lV|MQlZ|&>ubY=MVW0RmCRO#Bw@+_S1!BHM9S8+Bdkv ze!u&2>jSfE`1|RqoM|&_woQ9>n)k%CKbrRE)BI`n0_$11df`uVzmeWU-)NiDEV^ZBR&6k2yzcJPQdFnvwC#n9rRJShG%}jNlO+A?E z@l(Yysp+X+Z0eX~w=6jnUm4#L@6THr|Bd*U;;+X?O^A1Y5kh`c|0&j88S7q*b@#-&)v<0Gr+A&Hl3s2J7#+@-I8rkUY9?ksQ1oz- zDx&0}vYN+=+^V9_7kQJ59xC#}MXp=qb`=d4dAo{UEqcGm|C^#`ioE|+gYQ#`z5Ig$#GZ*LO1_8Iv;}$%yL8aKD%FYKHgK40lV0yD`I! z%E--_pW*)?<50%QjGm0Bxf#_Nk7s;6BPu#$Y6ka{O&aY+k9N!3M!QdscK_eeZr5n{ zcSgHEFyHvmPo({we)-&;lQuCtJ6sw5({NNw*e!oPd_C-K54%gl-w1P=iW}bVHdO^P z7S)B{i@y7;?~d^^d@tnlTU@EBv7z+Y=}XhUklvF14bHVhm%Wt!%k=B%{!i20rRL`+ zrcX$pmG1xd^q-_3O&>^)s!QLL{wL{vT>8v(uOt0xy7w39&!)ef?k`GzBHep9-JPE9 z#-zJ(>7i)1;!L#rSJCd)Xm=pmt&Mh{jdo+A-T3Io6Wr(ocTPem#)*U@lOj!#sCiFE z{yOrH{BUlR8+jz+bwvgv-uEKzipa)@7ZsTw@xB!KL1a(lP*rIpDlIZK;*E}QGnC_n zJ@1k8-VM+DXOF{Z?jxSNi+jbGIoKn&$@@c(|DNYEBVBfObW6b(Hhf|87dF%9Z`snQ z!`s|!#DDrnAnyx&MY~`#ZnBlj^u`M(oFLpcQdz87ILUl z|B8YC?*H&z)!Kj;k|eG^L&=!@8$PX zx9Hvx{`@p+1i$ajxYu@Xx9I&*R@Nu~j-iP8O(gJfdAoK0+aUDgDZx;}-*8s|zx3i1 zJC8bFVm;+=SS4w7USbq{!MV+kJpcUxmN?H>MH0hK-B)8GNlx9mNg>=TIfd66aUNZ9 z|L^(xgY&In=TZJXUB&M*I(75HNzSA5VhHolv_$98S!^U~#fQI-weoL%=IU~5$ayrL z7pul8`cZmelwNr5t(SNIkApYcV!pNgo4-J-pK`tq|Eu%IuG9L&|MU3TM-uqwYG(=j zU8fd4>QuqcIkR1N*M#D{N4VFEG9^QP^a74?y{h*VVnd_3mwo_U1!>U@*s z&Huum|K|G6pSh!*7XJPUe?Q5IInQ~VC%@~Can|yu(e-yN`~1d7vIwyR|2qDBjz87> zyNoxuvYmbDzLSHykiRq750S$2SpM+KfsT*A?hfFOE(H42VHcX(Ki|};a(~ZmXG|FoL!8mmx}+j*MH-v{BI4*(>^^gOxjcL56k(~`RSmX zG54IjsX7}tH7_SSI&E%R_S9&O7#FJ$X4^p9%L~SCC|?+wlr?tL zhO?0c`46utpEzZHQ~BpMPTG(-C$F|4oLe$2kEQI#e>?Plob-DODwaQ#vVo7ZQ-~mK z)CTX%hYrQ3=cdn?6PuJ+onN$IMr4Dx`?p_oZ)cY-&Cg#_nw?#`BtL&?Y4*MUFD@x5 zEZ>N>N#2C67PNaUxrr{m1~Rcb-LjP`8^-ck8U+J65?6hibnhE-2>Q{k-6PGXQ}g;^9QUuhH_Sw zP9OJ$qR*w&{=2wQp=hVl^!tA`zxzL|NC*C})~EO2{}q9t_-wn>gsNfh31p_b% zxyAY^!6lfg*!)cMskZQ&kwC1!MKSnaL7uVxcICm}Vf>--Ipx;hsr>l6EQY=I?g5p> zKNwtxFIo(*oBtcZIegwU_hHM=k)RWwcY~{>9EX1#<@r2JAci<6j2z(RG3=OE>cbB-vy`vNkFLrZVN z-RxS3qsA#Cb=?d1v#JnBT@xD`%Uj+d{*TSQQ)TyGP@SS_%3G_-?(emC_gT!c332`bD~l{Zoc}Y) z&HuUO=ND*Wod1&fyi6O6^ItLdtM=Aw(ggo?$;3Zo{%@N5u<>on?Gdy$&OfReL}UAv zU($+4R|jC&ktA}6C!SWXr}^eCwx=b*2l$klPnkU}$J)d@^U#fWXB|0=$0qQWJ1yvg zyNsphj_GQ5FS>XSP9QwV;63*1OhY~iw7V`S879#BhMWZCMoy3$xx%{chi%G( zcS>Qrj)3;+bt)BPsPH|?tv7&d6KHV?IfRW(z}_nS-Qa!ru{~AGN}x^QPiwjcM=5Vu zUE-nb5GQR%OgC0r$j!k%e6}F%1lk38rbgu6t{hSq;t!2KLbeIif?{Y@u4n~HYro2l z{`bQdu`mh#%hY&+|El@FraYU5C-`sJThj0ZUmBj^AF-$JSU%q+-LR8KUm50hN->{u zg}J#=?m}a6@D}b8-VIZa=V5v9b2yJ&h52=%5UeJ)u(QxuV_bw?3iDeO@?UOTX>8yG zRhU-L4|gEduyaKI?lkO4*nI)J6sAR-gRSUNn7*Fd?%aLO6v*rf9-#GwX%VDO&5~Pc z^8!4l+Opc6-O!VHKKXA4`6%4oaho?q?ZY^qfh=nx3qp?xq8WbUbfP`V(!;0&etuTL+0~_ z@lEqNY7Q!(8C)}gzr4$(>tvEbK+(KJmHLo zZO9?QuR9Ua>(E>D?39@+@ z!M2cR`s))gmevvBw`WMj&sNO-0@`&13;!~#!_G(i`rs$90oxeyH#=GI%VVG4Q4@KFfi2oL?IO4x;AvLCo`0rSXM{y_7vz&#w!AmfY zcAbR&i21<*SYYl#V=>=tk{BgE2usaf##kbWQDOm{M;#}jGiTreb5}FIO+s_T8slPP ztv#(nds)gs&PmP^^I2+KM$1Y4!{jaAPHOdU!nS`B(w`3 z^olsqs|>g&coptbt{5v~3+eXIn`aTnny=5tS_^8&fK zr}PGN^%lJz^}^^;{$q@Zik}{^2PV<#ljsNKPL)isfyfgZNZA=f>ghy#Yk_je7*cW8 zqI*gH=HP9(g?=rGaig9-CArZ{A`N;;@fp!%6hB@;_?scbWa^&cF!Fr_@>4w^v~avdY4yg~C<1S{#kwd93z*5E@IgBVS!E$VS4kL;oxQ<%Rp}oAt3gk32EeAV%3$`jGBV@ub zx)b-4=Nv`?#6wFVej6L-FdjIM`xH8pL)l5uMglpE0f>PyKrg(m@QjT~i?Q)dSgVj| zo&2Aq<>sJi{ZM1$9Qs^Rw6SrH|Gc?(TKE@~bH--G%ouDCzC)b+pg?dG#*v3yW(_;7 z?k7OCh+OJ08D^8uT>hWJpFCp7#ioh*Xl5=pP3}VDTnk@JKbT9O*bht4_FQCm8kSiM zTF1yme-wYErC3EtbFp=|A-@9!7aD7fi;c^TD~+qsu3UP_v#`P5U59nbrI(b?23l^e z(`cpJ$Y?Rw*+hABoo4#4T&KnIvlR`=ML+d}AV-jDu6rCw=DH`)gj~0cd0ei0%KXm+ zzr@{cJ{^kF?KJmUmCn6QE#!Kx;`hdyJ57@Go}}-~^}bIGQ=E9TVhXYyf?@Q3ijze9 zoq}xT&L$q@O3YKxx@%A)*eOU%KAMkALF>-JN())V*l!AD*VA>Jwx2?&<(BoH;xrjI zTFje}(iCT_xpyF?Def7?@3t#Ww-ZTDA)hxHw~k@tkcSQo!Fbw89=RQcVZ!9miu79o zNk}Ho^dZm5rX1S4GagDG@=PD{(1(e*r4Ma&++nF4Q5oHn$Rv*%r_}6HB3<_^nlP1G>xW_9Wp@VJJC#~{2WH#TT*^2V zTX6*z8%xYbwKkPnYlr2Gkf+-0W2#eSu{B{OraBwR`BX=>Gu3G^?!W?1bx)v0Q{6W5 zJe8UvW@_pJ>_o4oy8YA?7l$YYZ@jsmq{o@+eH))?W~-+m`D?ffjV09kG~}ED%SmM# za+c40Qs)PSAa|Ff*s&!VQr zHg0eW9_&xY)SdxY8*5Kg(HT;nyPPS=ht(VS{lUIyDQ4$!7z)F^j(77TjoM z*+hRg%Phbw=WXOTi~1r4H;TS|mOGkK&T?ZEKRv=#s2*V!R^pdX{lYBzg$s}oDpbEP z%T>QH%ld^`SdYWFyJ$hP+(FvrEcd28RZlU?`y8CjT`sY3j4?L&2iyt4HW;SHXCw1z zP&2*RV;>U?VWAC@N8_cjgQoRA2DCulu zJDdMEp+&RN&zE5fIxripONBd>A~L)LwT3(!`}PKGH+KhiZ#L4C|5-G7w%diJnoZwC zZs|jBQ$qDe%#)1Sr2C+?mj@}A{L6{qLF*qMB=vsWE%G6iA$}oCZxxt5FED#vVD_Bx zHTJx~?0Erg=Mrw&^8&Ny1;i{L+4BOk=LKfZ3(TGum_09`?6-I-dtPAnyuj>v0j=zH zrvQ6?8_J#+m_09`#Sy33^8)O-o(^FX3e2h(VAb)V)P3ybljWR4oY{tV^^{|t-GN8^M!!!r5=E7j5g;`-t(}NGR~nbkRLBz zPrWSV5PNu)l{@vbg;pIwjQQAsBI|#Ptp6=C{VbyOeT09By{o>sh}?bvHRdToV-=f5bVbzEC0K1- zXsj_VHZC`=G|KK3(JP7TEFR6aifDtA;3hPo$olIdN*#w=que5D=b}?&t*;0P+`_Ha zS7hyOu4x+US&X0OQWxXRg2cikaz2-`55r<=YOb}oxhDU)rf+l2V$8)>+~8>gG0&y1 zybafz&qi`Mms$uxwavNI0z@~&PTEefX?wBFL5h)e20me|M=|>FJWL9r&nn2nr^ zsfA9M%PgaqTDSsd81q?2Dz?!=F?AvTLSwPLrSEaY^hAn5-{XquiL&85q*qK&r2RNm zj2w!oi#@Q~xX@T*Tx?txyvWn#=3Zg$mF8Y$?$xZ@7gIY5Q*Zta#&yQ^#tp2N6k|WH z!Hukt6jN(Tu^Gu1Q)?-3Yw!!WBlz#|O>TQD=3eSd_%=OOF}3-9rw7aR+(?pNEn2+fcpy!^pND=F?gq zwz0&+oq1mA=F9yQFS zq$Skj1*o;M66*01)V#8Ubbkaj>MNlh<)hhU3FTItC5*UAs7JZWjOC1^OQ=Uy|E(TN zs7HmF&&pv5_4pQCXsj_VHZDUqN~lLYU19E(=3Zs))r{dwsK={tgXLNERYHBe0yi-Z zDY5!0K_*IT2ls!La8pnUd>d<6LLI&4lvo{=P)E#!siVnoy5h0gft|uQc~6bFaoGlp@ueu%5h^(&LEQpHNDVBe!PmrO5d*++^X^E=rNJ^00&U zQfjTB6bW}arAU}L05T+3rtPJs?WOcMx6uzttjxx@njwtCtr2(`nt2{ZkX0F4n+92T zhS}6$8PdB6wdPTV^xEMJW4?tiFn6I*W34hYQ!&fJl#x5R^>!H+W-`=Rw+tChfK?Vo z-vY{zp{TF_W%ezg%)SMbAwBu%t6~`=u~@hkX_R44#0H~gyJgr|`E0`+1TZRomN;cvxvz3rC zlWm!ec*|_WTV^BPGW4^Pkm}#dSPvO;%FxxDlspQ}DM$YA!Z<8aIr7hj8q1X<|DVGM z>+{S97>kx;8QNhs^?>GKyUMW)^3P))U5@<4{NTs%L3D{#a`P!P&b2tzKa^7o%)O}v zxmBO#{I8jz`rLBUy+~KjqZOM7R|Rm!r>r2wy_0%c&j42h`3# zIpx$&J{+xlQagM}!ftd!ty7g#McIOidGg~>&S=OOtaIK!wB&OBr;pF$&}2HeH=Rtde# zJY=pI)VI!~9BFVKx-<`&r@$%;Gas#(hs>3V=Hv6wd{Oi9c}QE-9DE)&Asue8@Ee(_ z%|nJ=Q0qDKkfGL~w_47%o->dBF&4f}-sd5`$#ArMkkSBbQ%K|^pLTP18nupBfu>!A znp;&+UNPT%G^?thykar!w*u|Tfu-gyGoqpR%wv{aK^Yt1d}_afGIqj+#v0>dV;y;@ zV2s)bm!Urulv*KIn0uwUSDAY?wN`%B;Rxtl6(7Ltc6T4CYpap z<>LEJ3e@+V3cl}9aap1x%6mo4Y7nEO==|GLTKkoml6?!(5nEZw&)&qqv#?^yVw zjFBqXJ9L3onoDez&J_GBX$z;}RC7-=%KlW+I^;jo+z%M@kz}Pa%iOb#4;mjb>Wg`$ zGsoQeZeHmWnY$P(SIPWHJ|)37VJQ~166>Knl$(!6=9RRjOHebTN?MbsnNcMcLwuCq z8L6ZN$*uWOrL7BbrjhbiTC1s~)yTabn^bADp-OBlKD3nMaF^1hrH~daWf<;L4*6>H zE>ugYWG@^(d}AVS{y&)eAB~z@Rr=pExAuuu`rkLVzD-y9|77leHvZ5;K5K4$r>^vW zV(yY(&K2+Mbze@JfC_g_}4*A}vbXEJ6{%a~1J8BgE zP2*wXTNYB^`zra~r;z$uU4`@}vx|QhcA$#yRyW`tbMHeARY>5rQ)N3?s;~q2UiZ<_xR zqjqZXB>?%eCWTd*&&Z)0X48J>Gj~1>tI+fL)bcH;9gp+rf8}l>w)u>O;$buK&u2xb zkMHQ(jj({&Exgd=8pto!Q$~ecX{^W6E~1R$I$FUZ$|!de7IG2uf;XX7 zq85?2JlI0dyoiy2@}T+GBE|qpU2S|3BY}L#X%WbI5$*Is{)+?7aavB_aE z`5A{>(pYTLSZvZ*Y|>av{a(UftBbYhQa_YzYb~}~lWMI=wbo**wRmbRo?45i)-MWi*i>J=wsk3E?7Tw)`iC1|qT8u=`-an2HIS?)E|^%AVK!fWku2{kUN#+Ojz zqUJSA7)9TJ8`0Y()caZ3Oc|F@@9FReql+c1v0sO`$jMTxk)=rBGH$KoEhV2RFdO+S zHEAq0sV>DTgz(W9mZeBT)HkoC$V6_XzLaz)!cF$BYJVy6>4jT~a~V2t4N3==nar1& z%$Hdz{H`h1X_-lTnMr$@Nqd>;z%pWv=c(dcW-?!Hv9SjcpXJ2X4P~8{n{`@l)@eEM zU&Ke&X*uzCLRqKf#6JXOotBe|d}N)Llhzd|>$IG-dZDb-a7*3QKW?rMSXU zTwy7$uoPEViYqL|6_(-(OL2vzxWZCgVJWV#6jzu%Twy7$uoPEViYv?>vbPdhtu$G! zG%Z?5{8#W%8(e7;TZwMYz%4CZX>wa>a$9Lyy3!=J(j>OZv~(5P8DX!tEYd3Sd>G0i zt->P3LVXKcMa;uc`nd}I6gB%;WwVb}=%?J8eXK%1#d_*}6*?(OCs(19a&NHMHd-pu zidAUic-X>MhgGH(tI)}t%-dyWR#Vbpn1n{Hrlg%vC0%VLU5&&(!mZwFHKj{*RwJeB z&Km1A)>yBx##-4L-W|kWdjQt(?gvn7`)eqRsFNUTD2uq*sFNUTD2rH6p4V8fv4*lF z;a+b(`kuH3-5!9=)chK9KFnsYR#&F{3JtZ z#X8g2b!Jz!Un&6~&BWJ{<76nisxNJcP$PtOCaZPi?K19a<3eMNaj|i^aiy`Ibk~tu z3S7r}-8%9npA8m&Bl%xPeJPbq)TlKi! z>T$i*<9f^6dXw9FtHTw%+o#p48IuQ9Z7=dR%YyxZdh< zJ^7i0zv^+l)#C4Zx{Z#R&-m`$77V0E{FJPhL2cdiZOLDYAy4dg-8cdiZOL99m( z8_0vWjy`1rDaftwm>ZDHc&Js!4JMflM&?bOxHWff zWF{iF=FW|_*SC>*lO&^Ab0f1Sg?X3Qnpi2i1+{mpiJ9zmSY|%@D&6GlklSWhO*X@7 zvKdwrS}}~jW>`(84^6DY5R!Em{Mkc$1Gbruz6&&=A;ixvK~X1Yn%E_%@B>JoiCGwF zar#5C4V(X6k-dV%<7wMcc7U#BpBz4sVHqWAW_@HF)M-v|*u!*qkWx2uLV>)Y|KuF~r$p%gTTmwyn$i5% zVW(2TLQ+Q7At?n`aR~M(=jf~uNd%Tf6Er@(#uSA_kXvSWVH(HZ?bPBZ@ zdnKQp$}RQ^*8?^@BY&*J}u~7>7E~&8hk#FcN=t&2hVayM{gS)`og~qvr*IYURAEwW5 zK|?ZODgAAWX-EqiG8VVK8?>MyufPRJqXj+L4;LD1jEm6x7W!ZL*IJl5;}YXi<1+Hx zLhr0FE6lyp+^fvJI%vgzEf%JQHm+2(I?+Pw7B`sxj^IymOJXf(+CFZR*u$=;7WQ2e z#(LfsG%dwx!Nw8>9i!Cf7}7w;UWFa#WD9zQWaxRXK~8kQi)d+!X;+J_akZdbl$YN2 zDjZ_}QVTlvOZXvHw1qWo`QI_#wU|F^a>Z>y&|-`c{8-)Z=|BtxGo|2O#F*MdIF=P*0s zTIhMvBJ}y2@TjHrE@^E=pKriCw0$dcMKPZgx3UjQ?n0yVc`Md_4=kZa*h+si0JS@J zE0%vJoJU=3wf<-;t7Uq3p|Qre*vPyb|CPpd*o3X<-gUTx^^mR35&6?cMBpy=9B!qT zKMQv&W=;hr!+pqbD}BdX@E~R1YTCFJZ6wcVBV|Dw2Vom^z12IVcdf_Y%4tF3r+=Xo z^!p#c9_62YzYAWsklIDIm42VRVeu5(J-x+O5_}l54MCl^+KPr;flp!sx1trKf>sb7 ztq`9vpC8z}KQx~ooBMgz4YtxZkq7#wop6`=w<;(8>*jvbc-Z(3>HZ0le+BB4@t+|1 zVOWmFKE*isHrz#=Pa&%zxDRt$# zUpM6cfH9w1+s4-o`OG$|Z{6lRWNv-k*v8ilJ=NEZZG7F3doJU{ZAjod@L?pd4LQ6D zbvAGt8Yp);mTDUs_%75ruWi^;h13q%ZP-##J7Bjti_Bm9V7FmQ6-MXgwlPv#0GF71 zsd1T6du6v_Q58lzX16)3%)Ocxy^WPOw+*{`1vVJhS;O4A;vBHOg$MZFP3r7ny9Twx@Bq8Wh?%=b zN!{(oLLOjWA3olAb3dtgSXU9ZqkCu%ayV$E;0#i*7k8MOQx1~zt%LbwTX|KS&=WpC)_SjGklv=n)Qj6R|J{y{FLagQR#F>!7dgNB9#D^_AfWvg(D| zScW64O{Ksp?ClZe3bAmLh13e?5&Ex1<6@)cbbXB8li;JqCFZl#xXfZ$ZXs8gd!@NonR_+1sE?JW7^r5=!3N_x<^p|;C#OM;=b6D+uCxcB5BaDpFWI|qvd_4WJpc>g+s;>YP>?4N}d{mqJh~XxrO!Rirll^G+SjdewFb=)dJV8F;paVt%q(hwF zg;{9tesrb{R*?FBTJbbknPmr&Qu*E_? ziNp?2>Uj4c<&A}kQ}($JasmrRDDOeydbS>D0bUHw z!yftjy7%EYBlB*^oDps||1T?~PNzbPnNc?}=yWRlvAJKc@VgWnSp-cmgSygq)Pnc5Px!b9X_L{tWb5qoqCsCDNL({ z*~86$ZAk2wkQ4Wi6ZbGbco9BGDcY!U`Ec$Ya&`=Ib_{ZM43-($frxttZK{o&^DeSI z3{M1yV4G4Q|F1#LPC`z#!!BdDVqmpayoemy&0m=^-YBA?uIj{JIGpDH$xeJZO#BiE%@&J^!vuD|SIH`oYoV=Z8 z%^?YLlE^*H{=EkGH0y7~Lkq=+7CH{LnY%+Fshv*Pg$ABR--w@j>3}^J=2CDDcc1xR zr}dq-)^VD8IfJ`aDf;!w39Xp;nN1T9typf$12bq+p{7WMwk-eW%;(4E!yOd(>{R?n zL$NWNhOHKIH*MiGcTj}bkH{%nn1`ItAfGFclXOrTd&V@Dz5Hn48RT;fmZ0Znkk18J zX782yhCZ51(2RXTjTUykC zWI}ESIl;&Dqysq+()6Um^rXY|q{Af8VS3VGdeUKSxdREL5Pp}%Al>MoEd5Zr(Mek# zhWW-~%G*ip%csn^L!?EEd^LcqA;30spF%R7v}pNs8!yl*J89Pn*=Ii7zU6jOv$r8P zD!|QpO6$G}`9=UO6)dpA@TCB9hY#GT7--|e%)2-!zpb1@+s26gF7<^tip+v-q9_lUD6Wks& zDh=i#jUF^gWEV6nFn6JmUC{WbUV3Piw;($hA!qR*`=24Z1YJ%u&|kA#pD=u7A52$d_oiknqFIw#3Cqo;@9;JIuWPHsmZAWZne%F5nU?k{ovV z`r{6BF9AMYn(_Pi+##PsP-BTZZR`?*FA#Z{=(HZAW zB%Z6@Byu(Em55gV6o8Eff!pF-Z zhV{I4#e0&nUx#Rd_oU0OC3#PJe+K^y|ErL%W8SwZMIW3&oZm*yy|B<&9K42`UI~^2 zuRvC}V0rK&WG@Y@CqLgtR%g9$qZPN|Sj9$3d5bbqA3PrizfW4% z%&)`J;5;l3S|K~(A!}A}z5J=2ccHZCyC%KuNaMJ-9cjD;=abfUTGLUu(EMu%znxlm zA1>pq?c`QIoL7P?&ArOr;(jE2*rf({P~PomV86HBosJB*Q+KDl?Vfb$A4z2x9>M*6 zQojlFgUfJ7(C&R7UBU-ly5;R;6=D)!ykc=5VorA(a?TfW`VumSg4|vTnL|NNU&0FV zd5D=#2(qf<9b)ZE>_jIIVGnV8mlPW|P~=WU$o-7oA-?bTKwmzr3G-C@5zv z8$fo{!zyZxH7@eNmp62k)h+7o2qSKO)s5A>PS|d4ZeR6|P$GWeiV_WZN67ymWCs-F z_8VAd{`JPqPC7o=7W(hl;0?%aHjvwFV8odKxy=T0n+@bP8_0e|$SMb9-z?;Q7|8uF zko#f0V>)XCIS&On`wy96!7~A6)=4PXp&00s<>oAjcZ~WW6=XIU9^;OcWAu#j;Zy}Y zrI;C45GUh`OR!6+P~M+HMi;Qh-nv9x9MirIIBf6U<>s|xd`r6R9kV(;Mx9>8J<7>| z(dgSTYL+~3-&!IJ8B>wxF{|rij8zn#@f%dVAEVySLRqt8jA8O1Ggc@~cn^6F!gx}A z4|(=L)$Ds{$aTn$N?3se-eYaHAD%IHdvFdntFqpEeCZ$tN=HcgYeF&tk^7QyfEs+y zboD*HUtIIvqg*$juczp$7;8S37I~Hr`@P{)219H0#OhVJ%r>^DZb{)tG zYsfA;$XWs9Rvhnr@;nGxNrvrui#+2d&%=;06=V+vWZwnkzD=n1^*(vVha7$cYf0s} zY29(wXEJbeei?Fp8FGFZa()?dei?Fp8CDSUan@%hz(!?<5ZRa>`^Cyt+>F`9b4|W8*V5ioCO~fHf!xf)FA#I<8f1S3Jcl$+lA_py)}5r*hP;!+oC>4Oz1hjc z%@;%7;jS3HNesk`PI9u2x?pw8nFu*c3)!Iuvne&Vjv==;RfKsz*HaR4MQnEsj+h{0POey=NrD$?9a^8sg*VXQHZ+_PnWb$*x3A$Iwm4;P+mHrj~I@) zn7pC4H{nx^ThJ1ucgk$tDYJE_%+{SUTX)KA-6^wmr_9!!GFzwb-f`Y3Y~2t%gT*_A zt+)(j>rP?oZbR8Rtp$m)bz1-FgV!m=DYJ4~1-j<7TkW@7?W0dfhO?B^e!JCvyVbsK z2aLr>_1A5-D!JZMUAc9Zeu7XaaIGO=w3G zS)3l$SH5wpnRGpw4({vaesxnYey5_@VE_~TI)m~Za{XJLvF=^ z>We$kfm@K2HXS4_8hu5=$#{PU2wBvW)^?hJ5LTjg4~J&xfKUyAyv+pqHpJ|?B~hbFm6r> zLGG)8oEL`NSL2;0p97FPYM^p>-rB->a`?|4W5eKQ@B}(}o_yYb>TS={d%h02nHs8f zoF|{ej~4Yqe(3<-rTw0#2fPjMk^l2p={U%3+i-@F-GI2+F9$ahCw&9)chRQ!Nj9s^ zF51*>+}ykerA1woF&T369^{rh$hR}tgyrm_q?aLIMIpPrAUEB4U9>V{rhWB7?zn?0 zOBd}c7OJ1>qD}R9U5r|}`Ij~|5wda!Ws_NZF{+1R?S-6E8`M-6E$cdD-5at$8EWLv z#f*cPX-#@}SUK0ONT@!g3pu32B!!_xjE0%!RzJ>)jp9f1`=NTAF0+AM===>*;&u_J zv3)nP%77YWv0IB#7Wbht%IdaJR=16^x^0xDGmaDR=k5-ue!Lr5?SUF)X=hvt)F_MZ z36!fFtzb5Vd{Uw8WH(Y8gxs0})sJ`E$g0~$R`kq_J-U$+F{2^GW8?< zwh>V`Bcca!a|bu9Ry;^@EM!M3+>Cwh_P1aSx~(_imp3Q{zZgKv!X`2s5`j%L3$96UeP5 zP+E5ZdG>i1kmQdb_XfigjL*{$e%JY zI+gzzW1`}xE|4B|kpfe&As46%g->&eV5a#`wD6j9U7%jb1ND*#H)FLfP$O61S9p4n z5$P=$&%F2|wwIfcsS8%*sSA;v9+0o+u!?vtV&8hbi`cRAu#HmirA0BA)xC(E34=|$ z=v_p@XW=ng=tU%q)Uauc_ONO4=}?N+BV5D+6C0L|6tQgQ;B|E1A~L)T?^^hev3M7` zhgQrq)+!_=>V!`cTMv3Q0J&=gYBit-?ZRSW%`%|Ihdo#`-73yqD^TNv9<*yB)Ofqc z+9^ArDMb(36$`n;#Otv!Lyu`!53QB7Y|PMuj$OsAHrr!kh8`O;^w^l82TfxnZT5|I z3*`a(mJ2mvWQ>U>_b{p=6&pFw^H7gH=vxm|`|UyB5+Qe?Lya4I(6MV!V}>3ZG4|M) zp~uDyJ?Ikc9R0ZtJ>`utgWOSQY>(N%9(rD6!k9r%ldumxXc1+%aY7IJBOgu*!v$zs zkBu06&>zakH~|S`Ct1z65ke1katJrSi36Xa277Ie(@QOk#jQC`FY+G`HOJ{iqlTd7 zIK3wGUXyt*GQWwB<~Y4J$LU4dSza%4egJBY(`yp$wN~6~67IFO%xXGTr56bkClVGl z$6;)1ZuKC&NLW6a9sjdug!6K zkwCWBPkCR1YC-(g1o`Aff6C7N*3?u#!je(R?-U4m*y ze9OWz_gg#aryX7KSY6Y*v>jq2|1ZM}*s*@vi~P0n)=#V9U0O{q9Hx%?seSyZef+WE zH({*#Xf3OsQtXFX%j&1rx;=i$1Uoihqptxhz-inXeGS;?YrsZd12+2NtOmK_YyoG;KI!e57BTHGMz z8i4Gz{?1S8;1Cv{o=G$o7V9R;98gOx`I?+rOO3fXf=yy`uP9jShZ91@|{&p$*0@?obL)NJTOQjhoUSV`|# zN$*%m?^sFiSV`|#N$*%m?^sFiSV`|#N$*%m?^sFiSV`|#N$*%MaK}n|htx>LN_xji zdWVu;^X{0A-JzuExTDaYJ66&=rfGL<=6J_SdWXK?7EiM+q-G6w%>Lh@ys0V!Wxs1R zewQ-J%|2DAGTx;&Z+ah_Og<*$5N`J4LCp|9CS(tkK735btKKIT+b0&=CxjWqN9(1Z z5auSo=&RV+O-_5^*JZFC_e|gJ5k4L_J6a+4W{R2bMZN^i1l3r5-4Z?k0Sr4C5E}xSnL=zkBz4#nT!h#k z*b-d!9nu~29mXxUA-00w#R&)KAN3xA=r*Lcg`B#DipM1$e$JSBAB5bh0oiftyVPSP2~=9-p*6fb2(w%BN2%sr;nn5IOWog^;8|KSV0Hd7ciUkcLkx zV#Y{O zh5WC=4=Gm^R!;OuJxcZmMhCP9KNNffRYy^bEybruYm{0m#4f=wr9dv^c9dExCxtd{u<8=x{9K)yuHX ze4YwUD^F-(0;!1fQxLlWu^SM(0kIoUEiQqyu0!kw#BM$hVv;ZsO5h1w56zU0Cx@{mHz z*We~1bN4pU&SCpe!nDF2t5;Av3M)tV>cNRuCvrrj;nu(#j+)%|@C@H`7X&>8F!! zCh=V3x51=o6D^gAyfuisiqt3a7PPdmjKRCKlX&9ECYARgCq$qub~fQz4<&prY__K@ zNHQDk`T+XqZ8myN-;a*lH7dv|3*Uo-;_VA-ZHy0`{! zQqn0{a&nIC5R&pith$n87S&J=7KVbHGEV2t^5q91oCI0cyx z!W1Mwg%ynRFw=av4G;GMD;NP%-EhvH>VNIiGlb3R{97`138c`4-!Jboit{-{PE4oL6zjBH{TXF{8KL zxa-iL`N;FC&v|%sUiXp>!!V^=Kq~TADho*EJZwQG3z&~5!!z<>|6Q!Vfcfcl$m|bx z)AKH1PInWs4;&6qq6N(9uEAmIbOCwDhPA=lKIb0MnQGEK4>hu?rk@HyZsvjN$E!*A zgkMdG`XFEAVY)K|GX8|jVbPB`@~`u#=`hS&{4!baGE55g!Ytn9jx2iHT3Q@m&1rF& zu#wnmX?JpOvhdtnj(aQpPOVlHAu9>+WWX9Rt?wXY{R(p5DdfIW$bF}Nt-fc$!_-tQ z?U9hQ$3u{>OORhHhTJ+1&r#l5+M~!iHe~-cyomj&r9H}h39YC_ZlpzfgKa_%2 zDW9R>=kRv$2K*4&*3vfRf5&(?coFx-ru_MBG8o8B+hmoNws{CfDOYF+rJ#lC z=@=vPW!#Bawpv>2FJTg`rk2*qJ{Vf-NtkIq6D|A#m4((yD##DXpjSwbcKRCJqWsfN zKcIy~jOu@N!&o0=b`06)L6nr#dtfSp!z!`d%x8>G| zaSa;v8sr2GWDWuoNQ--os7Kvv6bGgMYtZdMScQF9Lod(;n}gROYcl>CeZPRGsna!R z`#b&`bo&)}3CXNMdtZdy-vu|*Z>}ZX^H8mIt@Ta1#po(-^=oUbHLWGBbGX&7>CU2y zkdt5jTI<)=(t})=jpMC)-in8;AVKwR_2hOKGKYekJ@M;Vb>S&_>xa_Ade&PYtq*_N z-A%}D3csG*_WDia?HXi74pzu*8s3CH-^P8KRGL^@8-iz%d=pxF9d^-1n$S#qXoDS) zUqgnRgo5<*FkA6su?bImRG4~dncF|~E-QpL{l`o)k0Jjg+!}K}M!hHakD1ka%&gX9 z)OD=?7e3jLi`2TJMNCL_vf~0O2*?h$YAr4(f&#M1CbjeL^!~rk zbI$wT_a^ryHvwGc_ukKa-m^dFJm)#jdCqyyLJhtKWabCRsve+>HEO{kF3kS`MgOU# z?gTQA;n#xqgx{dG)<~yj_JG36} zfX>{GsinIEDS8~Uj8*TTHn}w!slv<-H7I88*c5WDd$fo_JzPkg|j3NtdrjZY*H8QM#MZJt z&@iX_>B1e`|secV?g1_-%+y#KvtRoS!o7jr5TW&p+FgJ{SJx=WQG>V8Vvt;aNQ9g z>&<|yHv_T;!~dPEv^MdAm{J^7b2;C=X0MjkbMC__Cf+zDcsC>c?P;xU!X|5 z8T7n;fM-y5GvNQbfxVJH0G@gr~&w$eN&Y)(G16g|pWbGM{wP!%qo&ovV;?JN&V5dX^?;__jD3_So{Q=}0 zC*T4&VFvq{1_9YS3FI6nAbU%JoHYSt|32^`dW0FAG9fOU77Kis8lS=W5&~B!TnX>Z z@E=q2Dtd|;)bCQ@W}w+i)q?pp$GcRu9L z2)LsQ*jFeMoGH`}u15~c2tJ|kZpm%XOIvHyw$`X^tr7aafs3@YMr~`2 z+R7TWmCb}oC;XXE>3kq#ZXjp$0XfAH_)++6CLAkJ=F?`vtG$4%>+ol4k26zyoSE9= z%%s%){h72s;=<7a8`Wi|nrBHm{_oX%7gU<*->v4^3Y#>f)aFbmBfj^kd7i@gP8VD_ z8w$8ceL1liGdsS4E0KybDfMySI)&`k#LVh(;AVJZCgm0LcIP60COmd7@JuHU*u?3~ zGvTEK^~C7`K$-QD6I;#(3N>cYqI&>k)@v4&=>z;IY0gqzdKUB%GpFSPrA5zzN^&de zZ4#HZyc@`>Js|5qfUMyHiqoct0m7+M&LSy>|nyY8EVg>-JJ*APV1Yc?QRzBt^o6y z3j0ByS{$hQ;z@8L0l+nMG2J-)c(JJ7!iiG2XbS|%W0(|~+U1IpO#F4g7k zqQyxV(F*QTS$!9@%J=V*uW3NmG67l31eCt}E+qCI|1RX4Kz6wTXMz1L9dFaK{`>l~ksAkrGM<`E zyVwR~tsRh+mO#Fw17+@dHk@!2D4Z}GP8bN}>kRNFHM8Q*pN-tu50pN7HaxH%C_VLT zq{l8GEAD{OQ_oiEFM{qOpAA2V%Y3x) z*+_VD2v?9YT(K0m7#(u9wvpM$5J`vguYeCS9-IxIh?%p^fsd$}6NE5xb`WrthFPt? zYt(n0!u1L{;hZoV)yzEzm^ULsW~)@6jZ_zx7o1Cg+;Qd4R_>Y&cj2N^eRj}Ks2WJy zpG_@%3V07KaW;~?kP?dS#2IbWT9Zn0xm|b=W|8DgD#@EvlGA$WL7G&OH>vK_r1HE; z<$06J^Cp$&O)AfuRCj99dTG)cX;R&(Np+_tt&t|JktVH?CTe8A-=y-qN#%Ky)Qr1HE;<$06J^Cp$&O)AfuRGv4f?$o66yh-JG zlgjfZmFG<=&zn@9H>o^tQhDBllsf@-(Vd!9s^3FPJnr8E-Hrl9o4tq9;X;m9+G^jb`^Fu)4u{p|PbKo(;!()Ue|2F`I$L63ja2Gh7*2kZ# zQfsbCt+^_-=Bm`1t5R#OO0BsnwdShSnyXT4u1c-BDz)aS)S9bOYpzPIxhl2hs??gR zQfsbCt+^_-=Bm`1t5R#OO0BsnwdShSnyXT4u1c-B+#G$#pUXL2C+G`B_THy8av$Z* z_wUnsxlbk7eUxjUKaaA!31qD%khPjX)@lMjOr6f76vu#HR5RZ$G0T{A9(~q1K zp-+-GxC^|Li~RVj)OWSItU))PM@e@A*Qt5ELe5~sWfRhVp4Rw0WXl2Cm}ubhwWnrR zGt`)`95`P~H=lC7hD$Y4alUfkd|Lepe?D@UxNsxkwJ)9zH;S1xazJ)M0k?x|KAede z&J@T=gFs{wa1MRqd^l5F7Lxz@aHg1rGv{lm=WBWA(`La%Sp=?E$ekdVH%d-aGnubC z$$V2H?ThDAvsd`@soCMczSQY_I9Z@b$obUr2cR`8Gl3!-7tmXs1!QF=kd>K0R%Qa( z{{m$H3y}RUKpBZFpoI%;V+vPkNEvY~V8kKroMi`Gr!MOiZdCV8>b_ZBwx|my z+7a>v=W^h7r_^5nwLc8(izcuDYF`5Er;t7$bCWX}c#m@x@Lp!T7a%t-1umt3ToBw3 zlv9iffZVzTEToK_szxnyq7gHe3#k`0d+Oy*Ah&J-xpfQ3ty@5;7fv@qFI`Bz90uN` zW^S;;%nepRZm%!cUp+9(4DCYdXcU5Xl2ICFYgPmMo;c#4ID|g|rBX`?$JDeJ!NE#AUt0jp{D-wU80w0pJ#O*~(~i zA@x-P+>Q)iNPTg43-!f~KGYYKp}sB!UJv&!3_c-c3GRkt7b5w^y~(Kq-opvP3#mZ~ zKZm+rgpP3pC|c_xmH&%W{>yn#n{g4XbrF*DFi^DCMJoRnsr+9=jpX}_kdr%rtOy0N zk_{-j>mumSDFevNSNuiV3oPOmn>R4eP$+urB5tt}7tv-H`Loq5I_)BQ2XPmjc9B0% z&7#>Z(mrC5_7RJ;k645hC2!h0$Qe@ysV7!}0$BwLWECioRiHr8T^G|A^aRQ`^u?;d zE{698VP-8TQ2GT&A}bcdf#(4isk`X0i&c+Z zth&=;_;4pK55kj+;lsl~krj*4pu}A?*u`+2_{xZQF}x@4>lAVhB<2n1sEd)thk%^K z4wNy`Vz};Ap!70};kwI!A|)2Xbr%BrA^{e|bp^nFQfk#M7QT@OyT(<-+67zFNl_l`c0iT&aH0>qu53%4M zfsN`iQ_Z5$ErEZ;y-D5gfm@b9PjR28?wlHdc?tZv1bHj&LcJxNEcynJQ@eqj=?awD zo+Y$p3IC|V6$&3yxLSRMl1pgC5@xN&5~?nt6$_N!Z3*-g^A^P@lw1NO`vSL9k4vEB zKp^`OfHMAC0^Kg5US)oJDID7iC^LIYX?F*KoE7gc)n0ok?Q0)q>9vZRIK zFV#MpK7l+erKRizO252RwW+0WMZPbmjU5JZvLBFB?tz>#2NXT|e(>%D$~T((!TScV zTA|Fl-fvRSGTslj^uUF4q5TJtAxD7S$g`Y0)&Ke`vQ^;)#n7M5McpI(wL2B>>Q1q(@slg+_Y03@mF8Y7TX7u@3wNbSU!*w*nquA;UVbrI#4u8 z&J&~G;XE<%)xO{%mGBQCw~zP_QLgSjCy5b@lf)>Cob-4E$Vp;A`I;jqiMFoOaIb{FTywZw%e$O> zlA6k#<^IFaYB{+TmlbMWDe3r+sag8I<>Y)1kaGxt+!O}nrZC_JyDy{o^1TEIm)e+9L$6EkNO0+&OL6^eI-^8X5W<`6F2G60k@)Cwps zW^Ne(N-J0a<+lMht663US3vn!q@6Pp&Kx&ilhI?C30$ePU8%BSCFMPV3wNRcMMkZJ zw$A`-p!rH@dju$b&`KyQX3_jtf{R#+YbE@71pX+b6+8yby8-39-ea2DW0d`{{}?4Y zMoC0ItfEHN1Eoe*seD*P$X%F4KCFU1eSsn$R;hegrSf5wQfZaShgGC@)L(_pZ~!PH zuT|QnR;iR&rBY&*N{Lk}B~~eYR*~l;gcK>UN~OeVC!iFosnZvMvWjUnb-EKMvSKy$ zxEuIkXtG*I8LO$mJ(yWN4!lhudD{r&&IlkUS_8T74=6qOYI>g?KxzA{>4UZbSE$Ql z3b}U=m(}Q;tI4^*$JKo;`CLu@#bv!hnekqYWRUbXF+N%i%_X(1>LOo_SJSf2@>j#v z!+`hDv#+7vcL58@^BPLG6DVJ$*HAh!%NP7L)RaI@tOd$Cx;4~-Kw0^=hLY|E%F4Gj zl<_EVmBI~Z+G~)IhmZoYj_Yx)_s2=?2xj?)^*HGq_1BVz-M~U}vX(p?2TC5+YO7qU zd00!VL%4``x>j?tR&%nJ6kfrF6IOvDpVw-QuLbW3e;u`U6j(?;*Qq322UicmEIP?L z@Ki6vWs-17w#-B?a9=>_D(dLV25{q^wPAmA#6 z($>~1=dV}Ewn4FPAntDX>?SC%fw+DA4a&D0h?|djmBKZYbOSXjaJ|9}NbC)yR_Jep zN{4{5&S9g{XCrw#fLZ9X5z3qZN{_P8e&~`hJeJem&@1bV}1Eqd9X5Wdfo%eTZcAdP=L#)|zg3eXe>^tXn{t+})F(ft0_+{Nk9`ATc<8Z+m6vpP3e_X1}?evLIVUc>A=ZqSwd{hYrs zyR^{>*6eXg>kHQGbNBE9YYsTYdaE^eBFt`U&U4PpTVl{P|aiDzNyabPOVevOmZeW^_&x3!rg1d{ED10PB}bU!@trQkGTrB zYX~#J8H`EH;$DG&9dH6J4VWijuEktWdKJ8HbZ%DndSH>m+Bd=oo>Xi}qX>+H!8}&+ z)N80BPIoHjH%UVa-neh*XL9s@!lYvwO&V32t0AO3(izIF1Fh$%3|vzvQxy~`!d$EQ zs>0=FYo2IxUx)w1sI*e@n>9{$iWS)s-AtO3NxO>p;wCUNrKW^d)LlKH>+zR*DdH_myZL@x0bUm#M^=NL*9T21A|Zv5qqUg?EJiCOVfZHnB?{uG4tc zl-i^q6tB>{HfU`~n6R8C%_(Yc09M&LoUEk~DhM@%Zo--4@s--Gq})=|rsTr6b(Bwd zZ)z;QWKKr z23y}!ZYg1kbEG_y7b*KB@Ca=hl(H$_47u!9TlN|a(Y)1|Shbph&`3gsykuIB;WE>* zBxjNf2_vPOrZk<5Dc%+@($uEH_d>-QY(kC6O8aT*Iv!YryWvHXf61?KW)Ugh%D+~_ zhxwDxlQnlHC&IBpmz%*LCaJ}c1|gj)NkigE9n_Q8u!V=EFy(7b%k(-kX-Ix+D2;G* zoZHjeY}lHFzb0vTc?*|^d^=6^T7ga_+#&5e%&Tx~Tp9^wO`V&PN*v*9BX3Pxml6x7 z8EO^5r-DZ~d>SPeZZ|QCNU0^iq*KB0xwwf8xE)MFtvX5@uh~>dGD*IWzS1@(fnVxZ z>d~~udQ9cY(UMP*Tf()bePl{4?0Mq&-{*unlmG zvW_Gxt0$R~)|cN>0gl^?V#PA4*55w0Vq!UECPH0#b=~{wDrzeyUS8BtS5a4V-PDTe z8wgM|v7)@bp%xdxNysVX)eYrUlyGuobv-4TSW{axzN);ovi^1{47t3ezGkY1o>Fsj zWmQGd_?jtG8|o!Pb>nL*sD#1Y^1J0rx$4H(fFZr$S{s&#mDS^`8c4ASgi4&M^6E(q z<&$tBlS)mg$6LW((@+;y4PLcGsjY$J8Viz9S(VjA^$pb(Mbj$lC)=PG)fG*hTv=69 zS2K0;?M2fjSB{@tR0kDFzkYIgeNn}&6}7hus@kHu$u$ima&tvd`OTE6zDArS^-BC| zCe}}r3KtaQC(NZS86n0`u7Ujw*=@}VEo-VL)j*fam0Hs(iYjiKN}X#O6Ac?ptEA*0 zt+=heLKz6e<7>#4)B{%uHRb0PTc73H;cgDsy+1*Tes#m*(prOsu@Sc@)xS3_9pIwAd@1tGI3PW87AL4O;58Xe-xq^YkaVSMdfU zik-1VI`&fU)A&K&1ooK?;?XRY&!^C&w1{mui<5@)IN zeP@xg*m>6ZvGXc7u`G0!yMZ&y`Hu5l=Mm?Z&R*wx&QF~mIlp!8aenW1a(?LMIp22v z!#V04bAICdm-7R+v-6^J#F_5g>%8F{cTPAno%^`OWt}sResR3>GvwhWr0;s}ba}$r z>}+9#@f!WiQ_dfpKRWY~jfb6ocb;*ccK$^Fw%Pw~yP`J=5*y_IJ;62e@au1Ko4nLGHP3k$ax=rt??#eD^)>1@49J zd)L%P_?r?X6JJKz6-|v3F{h<3H_rvZ- z+>g4W+|lkBXQ#8v9qW#B%iJs7tK6&IkGcQgUgLh;z1F?Xz25zV`$_jx?hWpZ?x)?) zxSw_Z(fyqJPwwa4FF607^Eda4?w8z~+;aD3cf32nt#Bv0libN}rTb;~7Prcs;#Rvg z?o{_HZmnDA*1HYvt?o2NYkS<=+}qu+x?gj@?ta6)!+F{Lrt>@_z3t8p=Oy=B?mxT# z;(puxj{9Brd+zt0hut5z|LXqG{gL})_b2X8-G6g`=Kj0;bN4^oU%3D2{?h#~_gC(J zyT5jS+0ou1)NgdP0phB&hUDAy}aIDAFr=> zCMQYv_s;SLcxQ7`^f_|YvsdJu=bi7phtr%d^xo@T%C8SpY%TE-QeBmecJns_gU{Bz0Z07eK6Pu@dzw>5zjowUe7H1^i<=ySg_L{tVynDSl-dyiKZ=N^bTi`A97I}-k zCEil+e(wSALGK}NnYY|~*n7l#)LY@L^d9q8d8@rOoO!&~TgREi8@!F2AH3Py;%)Vw z;MCkda%SsOoS@11ikxe>&Eup!?|DwclXK`^;U;bP{0rH;c#(gx ze~Evof0=)||2}`Pe}zB9FJ?#LP(R@h^N0H*{E>dC|9<}i{s;XJ`5*Q_;(yd1<&XBq z_+$NXewlxzf0ci=|1oxZUE_b;zt+Fbzuy0Z|4IK-{tf<({-@b3^;z~Kea`!Py2uJpYi|fZ}Xq^pYxyhUtkXJMgJv#hySv_)8FO4 z;=k(e_V@UE{nz|`{(k>}f6zbVzwRIQkN8LZWBzgf4gZAy7ynKFum1n||DXRi|9}0z z`^mrw+`tR`AP71Ic|qr(OVBmQ4+?_9pj*&A=nf!@);_j|QWH(ZQHtY%ne;3$6^V3a$=57W_kSP4MyH+Tgn2 z`rs46CxcG~Hv~5ZpAJ3~d^Y&U;B&!01)mST5PUKCQgBmH9^4#^4<-Z^!Ng!vFgd6U zz8u^VR0UIl>Yyf=8hj^}&Wuv6 z89Ws{9sDVHCiru(EqFF~E_gn8A=n(px!Jc4m@LI4h*dH7S z4hDyU*Mq~sk>F@>EI1y#5u6DA61>@IaCJjfRWPohwx)AKb>)yDqlVb`*t{v_<7;cG zyH91fQ8R&2nQEY&M;YhN<>s9?iow&Z6?x_Q>O87uQcZQmEuG8FyI{=t%G&V_Qzlkb z+*U9?WzHWnp{Blkyd;`GJ~HNw9nWx}I&Xq`jRk#qJvMoD9%u2Q{Ytj-#u>a7`pO>{ zC6Zqe89R@&xv4Pkym2Ps3Vjt^naWSWq?9@T$|!;SNs+PeN;GCPXU%irq?o1Ps#M&9 z$tiPi)y?I#!DK+*)%BHC6Dsm5_0{=mTarp!lB-QgWE6U9Mdzz+o-55e|LQ0Ud6k2! zYQ|T2SAWc_{Bps^QkV+9oH7^wLo92Bx5O+xZ+Iz~McD#s5VUtU*H7u0r!v5OeUyRZsFOswZ{6&Qh$#QtUcIu^N4KyKZtr^`!FJhACC$4fWk>;CHxIt>a zUTXhFQ~QjqVS>&#+Ojm*vfOCO(x9(SH`X#9?9?Ez+l}#(bZdy)I^Sryq`|xkK9kB< z!L*q9A7kd*Q|7$SnG$|gU-_Slcr5>`k+D-1G>$*-0O?m%l0^Y8#!mn1; z*3>nqAgV2#Skq9OvQ*w$5n2lBDsKzT-Rfvd)sd}2CY(ZBVRdD76iL&rtez-BuC@T# z6`AX&G3Yn$-RdXPbV8fvAY~y3p+#~KnoSNOo8}<2X%0e5*Yb&#mBWimMwWK1sH;aP zFkRDyjMPuAtew!6T&SV0D^8loE+D=&))_*CHd7TQR9&G)wic}lYnJ4pxXFkb>J)is z1g9|;Xu8&{r7-4BV=Joa%Y~Inic5y;yQFxSeV6(Zzci75CI6~Un7>r1u&RqN&0r=x zI)h)|ltbQKl?r0&A~Y}tGNEB8y@t`Os7W)Tfyj*p>Z&QjO?6VV!D^7S#gK0j7h_jV z-IyeK4JYYqIDzR?NuBw<=pRXpJ%FVm#cI0<;r%zRt*G=|D)fbFL z;NDV!IG9-9bu`90@hG&e8l|gPDl{E6sbjY*8!D^nkbPC+kvAIEq@q4=T=fKE=Z%{p zukKM0jgdd@HfA-aOsJVwt&y2v6)7~aUc;$P!xes_K^j+0wS-iuR6NpXI>jT4t=&rU zkwdLLVc*JXLyAW#>+v38-ACGYseKzsSUhsHwU4pyvGzUAzRS$J)Z#C-_)9I`Qj53L z;w`m!OD*0~i?`I`Ewy+{E#6X#x76Y-wRlU*I$cK%R(GlqX!0=1mU)!LJ<8%9WpR(P zxJOysqb%-G7WXKNdz8gJ%HkenagQ3;=|;ubkit3ImUpzpJ=)?PZE=sbxJO&uqb=^y z7WZh2d$h$p+TtEC#N%}IJGR|TjXR(j7*vDDy<1F@Z z7W+7heVoN!X0ex9>}3{vnZ;gav6tD>m)X*n+0vI;{AH#2qeMG0iVI&9tg-W`aq85$ zyh7gv*Qv}g=9-jQOH(q$dg?Q8L6(qhyGoM#&IEjgldT8YM#vHA;#t{$h*2*y1m?_=_!m)6ESjDYp2FE&gJg zez8rz*rs1>(=V~_7*z`+m`ATg0N^JQ`Z23wo{t}D7 z#Nscp_=j5jLoNQH7XMI-f2hSj)Z!m%%Qw{G9cu9owRneGyhAPCp%(8@i+8BSo3MBj z7H`7hO<24Mi#K8MCM@2BEqB7=Pgwj3i$7uUCoKMi#haqF4tzS}>>=A0ZUoyjhe3WNv>>hb(q?A=7rmTvnPzMz@W>*a{xV&zB z_mrwH*086q8{aEEafVz|Q%)v&nv)`tP})usLx!lfT0CS($dDIOA*r`YyEiD6;eC@zk0l@9H0%Q}3xP9B+NY$q)e!;M%>j4)y{F(R}ZF_{=) z#AITm5rYY<+9pOCF_;)>#9(5i5rc`5Wg%%(#IWjWqSWHBYHq@+xe2T0Cajv92+0}6 zGomTbfSy9ulACak)fuTbfSy9ulACak)fuTbfSy9ulACak)fuTbfSy9ulACdOGFA7@m7#5ki0 zB&@=lunKR&D!d7+@FuLno3ILR!YaH8tMDeQ!ke%PZ^A0P39IlXtiqeH3U9(Hya}uD zCal7nC^I5tc=6C-MqJSM8ub%xQ`;%p=eSNRFPT)4$6^|^jl5fG%j<6`?=-4v>g4iZ zbVYr6rz^{ux6{Tyl!iBMY8}gIs)Ntr<&VRgRX+9Q!PU&kclw9&sZ-0D44!iHgmUlW z4c@g4-e)VBfvuETcklX2|C5tzI(@2g(v))lhVq8aH=3mU>nB(GWB6ZRSJ|mt@!l+W zCkft86LbQn!eafZU=>dm;efSLu->9r8OejyWOMWwue!mzt+F#qWCXQeJGmy0rBzeP zi#zGduLnKzEK(Am^+Eo4{#ZNJOsSYup09;xfmlslp)Iajx{PDtkhpf0(i(p;g?dq; zEvfObrBh1}YY9WX#Lsu!J@fTB=M9;Xzc-zvdrH3tD7`)Kh z)w54CPj$@Kva7L^!mbKMf$J8gqAo(?;xaP~;;k~0x5{YV+7Iwn{^G4|gtxX4-r7cZ ztGdivWi)T?CwQy6%v<{j-r7&_RvF1#Wn^)g83ysT_{}f~yTxyYLD((+VvDcX;xm)a z_*;BtScKi;GsB?bGBXU~ZOdndLD+5i%rFSMEuR?%VYm3qFbKOXpBV;Wx8*a#Andk$ zW*AglW`;q$ZTZYF2)iwx83tju5O!N$GaSNh>1&2V z#bstV#M_qN42Q7W@|)ohc3WOE{K0O^Ylc7AZF$Y`r?_mG_Hn#z`G(o_huQKCv*{1B zhuidx`d?gT^cLPW{oywK;Wqu@HvQo?{o%Ge!!4fS zwmicvzTvh!!!6$7w*H1&{39&>5w?6rPbw}mdJ=Do-{?u$E&dS}{|JkJgvCF?;vZr0 zkFfYhSo~&6vbfAlN%FSzG*gn;ExwVqyk<%gcZ+YN#W&L8GkP2T7N61Eu!s0;c}Lpv znkmWRGBYK~+u}Dm8+MD|=xo?+d5zA7-QqV>lh|!}jn0PMme=TP*e!mevlW*aosGAp zx6#?K+xj*-8+KcMqqAYR(b;(0@*ABE zyDh)b)v#N>J-bTQr*kI}`j+wvJ*476gaRFO8*N8cV-4mVRk0{ZX;>N5#?~6-$3qEd5cj^hd?g z9~Db~R4o0`vG8MJ<}x*lE`lzrG#@vlOnGKpnV~T%%8YIlI%S`g$R6vE z-DFbs*5R1XI^iEW{`lK#tDHV8bznzURe60iD~$t*LO2PPGP^Oe=lHi&)N;&HE4al<;BA>9<(XJCOCZ*RWo8vU>+>Rqtl)=#%bVR%`ZW zrR7zue*8Ks6KAlxkh_RIZf;|3-g{Yh_kPySO=O+hPg#?;iZx^V{J*i9tB4g?*RY!E zv#gw&z$&S!tcdzLtDkpCWwDp*GgBCVitb)Vf}P>v_=Bgu6u3x){HUiP1;X>g23QZo+>UuJ6P3 zB3yeCZUcBWIv3!29u(>8nlQn|=v%AB*zI6~KSerZYL?0L!VlQ|!m z=+T_NGlgl%kGb=h>-Tfs>j)gC(3sh=-OMHK9``k|!nlQcmI^0KbNbMwoITWsGo1Pc zoGcx1u5`eu(gEi~at6eQIlU>Lvzz)loj4uhB0`@_$UJ;Mf^ULTP~^;9PU*Ah6yRIH zNl+5vY7ODzI}lp}+dwD4)|arotP3~Plfosq4!0>>qB-F-R8Er0C)B5i_YrbX==g+S zm%Hq4r}roz-UY-f!SzFwAdHtUCr}Yea{m!>-;20?6mPzbZ*tN(mh<7n9|&H_r{Mbl z`|IUIJWjeI&WG_$;Cl(>x`fmv?~@626{#1I`lWLAot%8f2?la58>g}n>m$VaFtN@h z)}?Y5o1DZJa1I+OTuKUcr0_*jIF}R>TAIr&z6*(2L`dSn@>j7$?H)e-GrV^-m>4xWJ(An8bKV*9>4n&DhlC>L0s4(M zMRpP5b>sHdLHK_!J(tK&?p;p4;hYQocU$~Yj=tnyxCc4Jc?c~Zaeo`1EbaHuyQTd? z?M(W^q2z06`olX`8_JUZca8p|{FA-^>e~iuU)qNMTj9-J7NVVT8VSGTdbEil1}&|6 zJ?%DM+pp*kC(?eVPw108@K$6p8xGa_Ul9GlhUjkdt{jg%LhIrGmdnL#`OW06`oc?6 z3;g8OK9qNDI>g;C1r}R$lg46jW|4ff{ zkqMUM-YNQG?VqLZg8Prgeo`wA=a#)#I;{N1Q%%AK_ zZcn}}nsV~7(;Lo*&i3JsS4{b;zZp%M zIh1$mgZ^_Qxd#gG6iVy=06hUSSdwFWP1`*DPR&1gJe;oUljpaV15S=KA0+yFIMb~R zNm-UPg{Dk9EQ^ALO61d zbDqN9$$8Lb1%3O4$vdUjfrGiDJNYzyJNLNbcQE+`oZJmLD8E)8^v~nOIDigh_`kpe z$A*bk!N^>6H?d`Wvbm=Pmb6oklvmmtG7qgclveQ?3^|$*Xuz#LJxH7TQ=@WTg!uxA zLCk*8fSc!4dP09j0&)Gps1G$dfYfC@P}&n} zyEy86L0FcwK#@g89}*)Rg{ZudzUnabx-Gd`12Q)hMd*-0Tav?=S|52+k`u}2=y^^s z_hel6o3}s>afH5UmyA4+FzAgb-&Rc*LvwWg=!uOW)2M&k@`P$nQRvnU{o!(LD+Ck1 zV{F&z3^4Zy@C%=?EroXTmi+Z)w%OKV@-bx4h3eHKxhlB``bZ54$BO=zHiDE;wB`ds zo3Q>gW&~(mX3X;kow;5r5KqB509YuRV)92(@RY%D&WmXEu_wJ1g&tA+c|&sJ^ov6E zgg&V!bLmt5?Jx-jDOa{qw!(O4EZtej4M}bUQRtAW=pNnZXSiEAlpKPV9PeV(w4Yl%qW(Aeg!q^T|HDS33|)xx zYv#m7hxj9L|L9ziTnQHLuA_ZjOkcxo>PiLCf(lcyA``2lj5%W;AuCwrIak}Ofjw2K z%@O*bKlBPI#ux+%V(Od`i0CYR{?&q>Cdx@dN!6sB z!jzt5a~h}n=59MZ`Oh7H+aXm7XVM>z#r21_(`h|KPWr>XR2r&3yg`4t$LbIAWhM4R zy|~V9iU+OF%wPQ;jz7oLZ}L}3xf@nEY`^s5!dbDO(Pp?oFqW{BSx;e&wcwa-Lt32x z?NT`D+wu4*Gg9FhT4ktjSdUOo#8)+qtE z+&;;dNI$Nn*jSdzDu2=wYHlN??N$~XM%y|p_fgp}1IhUj<-3r|ndE2l1aq)!ook7e ze?oj2V#2XHe~`f|bdt3u1CaECl1ufs37t?WLN72sIUTo$l1t&z)$|f3LU4=fmkk@r3SaPQa3hm5$}PK&d=-{ zwhQ4($^C-lOy0*u!vO9|{#p9}=qI$`Asku~vo6gfh59|GbbpP}y0o2p1ma%A|3Y99 zGxcXAt0ZLjpdm1S;|zdryD^GKvZo&CzdvOIr(l%1W?ioo_c3N>1XiV7(?p$+4U3Tzb|oeo+E8X{@$9PgV4lwhCksb^QUd<7Xzn1W#fiY z%6^7(f$#v5?ijimEtu9X+_F2l11{)?zSsvkUBJlxIp-{eJqaak{Q~yK^p~{^aPm=P z$zjHg1CU>~FMMkX8pCq2b5ZhvWRv|p&)fW$p@~bce1Lj=l>YxLXfri=H!h-8p2O_; z>u9RaLXQ*4N0QvpPD#%}Qr*d1##2e|W0yG%hidS zh0Hd|x2FMcf$hPCiu?~sJo}_fq04E0Q;*wq&ZBiaX1-%n7zoL|7mnu98tcKBYBlYi z?`THr;47y-q%Nz9w!`U08x+?<0iv_SrKg764@BCfOHm2^|HRYtbeEFeEtF!is@ePx z;c9w~*jhE!F=E+ap6hyQMtEEwm4J4JN&9f50GvGl85Y+x!r`~pJ{D=Ii3rESp=XB4%Uq$DVHxM*5q!Va6!TTS|*S z2AG4O`Ck5V>oL=O zzlaUapp1uDL;M_i!N6>D18MQz&6e}R%u6ln?3Nv4pORV*6F+5d`YO1Ow%9%%{9L9C zy#4hYw$e2mOe+uRk7LSjbvNhn-C#hf zKTD6^vj0o>$5x2GzlSkOYKDPP_{lzu7ap{~XLy_cVn&sb25vAUznOfXEnLjTJkRgH z6dqu#bvAl>cS_t-Mi{w2v=aTQC^49ee<3vkMm=|voSEF^o?^3*DIG~n=FhA>^B21q zDO=qcANh{a*3(x;;?9{0^I6;Q?c@@4s9%t0si|C_bIC<2SIuGxr`umMpHpD%Nj=#QKq&+MjwUj4{QG;A0hN`xD3-BcxiYmZP9)v$IcUr+pX!sY+_J zWq}8nY5X%>`W!Q0dpk5n?#Z{fy-0=bGCL>q(>)*|vXgoDP-&HtSUTF%1iQp#O!6s} zX>DPW6|+a+WoBHN*OR_)M_Au&MUDCQRr4TS!~I@XEuG3=eAzL|W= zlU%3YB-a@m@T@omBG+`oAo&8y+?l{`%rMWRCpatFNRB%oZQ+!KMv6qeau;SMZ2r;_ zpCVg#ByP9V7izP{rj4{sOSbZgRUPsjx(D+{GMm``N2G(9p_jhX%%2&F(f+j3V#w^U z`BAsb6Wgyo2dIC+BrE02lgpk3`TDetwk*&|-ktn8eR`kd&$E>{OP&4LAY@K$8EKs$ zCtDdyhx|v%*5B%nDNa?B)n39-ncl4DTWfzic$@#rEn80V2W{$}+nHsT`O=33g6lH& zfn0`GQqs;f?lKpJyjH1y7ToeIt>uX3-F!!q9>w%3nF^GHn~r#8)Jv^~e~E@(f&68j zw>{4wO$Uz9lolkHX|3Pco+RGgVbSo==Ahma@3eBj+q6FY$qs+>e_rM)`MsQyTcnU=}s=3?|H z6E^!-yHr}H459wPOw%srZud}bI~q)d%+18uTVv|?Y?+DJ)6tZ2!}m@K71Ewrh#aKy zJ1OVw&r8%l{hu#sNE_OP?zAv%MQ2Gm*haz>-vw{cyjUrOMstCTS}^G->s^rZlgJ`x z7#4{3D_X+aBE51MN%u7CjnEX0-Xt~EGu7Xv761A)+dI;d%lAT~v8HN7?DR0ecjsfq z9=YT_lD4u=NKUhOE&kmrmlWP9VVK!!^I=Vnj4_tmF@~(ckX33ThcZ4L{dSizvD4t# z)~HHQ+Hq)Xy&rD-qY?jU$kl01GFl_9crt!rV%5nWW=jjvIoX3jZOht`bLn3@FiVoH zG;gVNkac2hJp=ht^BS`RI(}wN%@dS;AS>d`xVNp?Ir(Q=C6`mgjs!}t=gcWkr_^ep z!Z3uyYhKTpxg?D7j(O*z-J39BNP1}*J^w$WD{EDqlKHx~v(jTLYqMs^d{Af#`krr9z`^95*ZcOrB4DFCr=GpOs=N z50B*{5#h2!vbrI2Slo}M%8<>JTDh2>jvdP%Zs)hl3}{-(g;`gcAx?HDon1JQtp?!A zcCEwaJAoM^Dngx;JIdE)R*h!QK`uVoauL>)*0J<^+WWPgBK$`_!?8|!_%O|M*A}+u zYkTulNP8bE-cFZfYMU+f~ChpE6h2vt@48_hMad-bN;q zYgzv@Km&2cLMkw`l4nxh=UF%MTb&WHx=1QS+a@b%WYv3%M{)IGb@=vZ#Z~uKq+JxB zFlW;0o=mM(jl3}AC==wQT{H~BBS+$o=4v2giWtYo{c|-pPd6=|Vor0(&61@}!1o7p zNI>)kqdPP&v-H+|sOil)q|!=|?74{Zl_bzAby654w^_=Z3iOUNoySbtA?A9|)~|!K z>*Uk#$b2@-6zxjZSG@I&ySA;Lmxq6JY*J|+gP@YjY zdv{o4i@x}deR3#shw|QzGB?+PI)v{X5h>2Wk|EI>_#MV1qeI=xlu4Iw9xroYw0{b} zKW7edT3zG06f^p@YDIiUYEwI6N1c3gdZB$8q&L<%EQOnx~B7eYwnR*?3re!_LzKC;rF`vvUKW-mT9#K zbN-z6s8FRy$FL!XPl#+7 zGWWYu@9jywgJFx>7mt~rm(c2?ojt9uR5o%K8PKL?ku4X}E95qo?5cl8|nY*{!- zchr@ib6INI^rOQjVvdEa|bdZfmiW{q`*I-kTx_VvlW)3Z27`T*Zv z4w5guSDC(_vy}GZats>E*&RE{FPiA7mi4hbwlIcmk-W*Sr2{PjWIW$b#|*lk zhIk^wbCCBfQ_k6?yX1>Mr&I`(otDt*b=oNVBiLijofXiH{@9+4@dD>=JSTf^@#AOk z;9m%RGn6pre6$)+Nc7-$aj~@Z^pmKA>AE_>9BA`=Jhb` z%tN-|XBztOC2;_z?jnI`qq_IfQge{H9MGAvXB4iX3_ICF%TLR*l@MkZbv7&~=iXD- z{Xfqb<4jE5+1DvDeJi{Eo{^lAr$LzHoMUs=!LN~sKUe?hoL(@UJifu1zdWh7esUSg z5ZiJRJ*?b&W1f~@m*IreV_OS1wl_OZ@D#2*O<|+-dzF*&+2_81`g$(z*UT*656$ip z^$;l;(k_zay7#78ypy&!Ozo$)v5&kFlkPufSGta$Y@0a~+~~2P?9uijV^uljX^=TBh7z#*oR%-; zJ@rq>kE^tv4M%lvfu^O4>{&_e^A$>Si&Kkur^bPO+R$j5?$h2zZOhEON^0IBQ&jS4 z3l|^RB`$JD=x9z&zFW;2P{NB}`cJ)14)jD%mDOFBIVHgJSo6UHmTmB+oIkaLebSgP zn|<7C2`%z*EBmtfsSi3jr8@wWc6G|1P|rv6dWL*JtL9JGqqlIk`?1B{@GtMvq*sV; zrTSG5=#?f1o9C*TJ8Wda2hj#!0N?BAJ+eO|*T>un`lJosOZT#zo_?kW^(;Gu9!DG7spm51n#X~J9vH2h zk`r#E?>Ws+s*UH4D7{_h9 zhx%k&aXaW=(7||bL9|eMFfaB8YWwNjQKDD0_zKb9FQz$S>#y3_9>#cgV!BYrDt5hv z9ls(^IQ>-5QJ48qOq`TM>KDon{YUhWv(VIJWZ0`ER`jJqXu@(^TyIXmk-Owh@IN9q z$*FEHC*R7B7P+ZreW;zZOov>^tcjh;Z5ghm3t^QXjjrC-InAOEQGx>U!F_R z7|ZU|ldm%sUT!U5E}yVJz`GYG$@e2){p5@+G}dkSaJD$`IOpP%JETk>(%y&unrgqT z)wP)&Yf;yvcv5vu{FZgi95KHwv7Dt!T%h!Y#_-djjAJJ0KX|mh?Y%&^n2BCXz_G2xan>CVd9i}31OfOtNOo@ zg$7!8<#lV8`&(OoWK}q4p+kkfNYTD%adLLLAwF=yF()Ez#U}TBo<*%l z`#B#;cNQ|ByToh$AosSR3G~x^$z5N^_;0bH>^+x^10G|fA~$dKM`|23+OzN>PiyU( zZ(lqu+O^Hssg~h#J8KphuC?_Sy(zE*-z4FYv{9Fqss#wcM77r+=GM;oH1W^0EkWkrbdC+~go}9M^3lv2sdEZQ z>E7|}I+fj4O(#=RCgGDyLFkC)AQauFJ&c@%_hy)7<@Y{((-aLw*8{3HcOdz&{BYxI zr`Dgntu>67{??nwv?dA9ms+sNEoI$k%gycxYlc~q5&5Pvt`Cr}u;Q537g}WECOtKh z$IM2V9@+Xjd6{ErY9cQ}P8UgrBtTksxBO_+p-*66uj)vODNI=6T78Zip)d`QZv<#z z2hfjnMX*55JXxx)y!kCh8(xk^mHPH^r}}4Wx4pDg%8gd5(E#PXt3&*kGV<+{e3W$c zt|{Kq7s%~Xa^vC)w&yYJtry?Y-=rVpRu_TECPJSe2g~%E$g4oUjwm0PyJQ63$$t%y zpOlujoT|+@J@dnfeJ8>@Wys@2=oA;(J7{*JcP`U)5_*%2p7?S;-#8wRW{$|EVy7-z z>936z*#f=kufG};CbTawBTnq_F=4Xx*E{HCpAYA7;{7!|n+3C^m*aCmj^Vi1 z0!_=_M?~*`F8p{d^<(tOmWd2N$B6e`-o&-CcHz7Ce*YTyXeiu23EvFDq_g5WCw++0_vgzyd+ixl$|*gnCt%alB3ovnV=g*&`HO*J3h>ae zf`DiiWebpy0nQ^5VuZe_+ zQ!GRse;avVr2<%m>+@Awrb2}>Bju7ZnS1|4c7#u_&=7NroYD+@o1!E}_e%4~*^Br(P?-@aPnQ-Ln!EIE5u#nIfrxEJ2JvJvjtp#o4EW+v)6MV*C)=t7$a#el zJI2sP^~;`|fqw{Hi=Rpj`TopGt8^U3hD0w!JKKk?g~W|>fS6@Amzgb@ap|W0h00mx zN!#kTqSiu>uG)^^mKI5>a$0}3=WNSo@{PHThn9bk^!~)!P3Z%kX(M==ciU|^EqMDZ z@C5y))zl27LK)IpLWVLD9y)Q_QOC^w*_g~SwlEo~E4ok?%n=8EFpQk_jr@vAE$N!?i&=x8oQKxNAl0C=-0qu7 zUvnjMPVtBD8*SAnG)ZaMnDm>2oH!wmO6z!n8O(;d89YKKZS{QJ2<@l)ZRAW&Shzn` zMu#S>Y45GI`c#@>X^7vfT&+n2qz1TX0g<#yrP$0=2v0u88t3gg+aPN!PUNz>g_N1) z);w`H6LI96TE20Cbq{wcGlFb}N3FQ_rbn07F))*V+)Ybh#sTIA7Ngg_nyqcc;~H~w zinR=pauHhTNV$!93+<1|2`lXRx+jn6HFA_1CQ1gFnO+qBl4l_G>h`0xHYRO@-PSIQFVrWCjMS|OQ)_U?S+h3gT z8Qn2w!bo>Nv}6xr>uH@DUnt+3wxqL5e4Bp`s&5DXZv9Tbk9@q!{{{X#@Zr``Oq^qY z2KFjB&v(9v=?&)NUf>KLbY}S$iSAGs?gC*ZO6G_p4Ng1cFTYnP=P5r|#k5ekM|;6g zzsyXd48D5PDBKjaL`lcYNb;7u$ls#J)(7{eP%piqXK$!=lzhp~C0Us*`&7lWABw*M zH4n>7548YI$>K+~KG=t2&NNf`D(%KT!l{%;v}pa4vb3wy@JOBw)xaR_!%{G$X|5?^=l463J6|l0hhy!?^9uZ?^DeH8Z|F!6o!F`G3arBAS1+P};d8E0ye1 z0EbB~?TwW-?424~sL>duN)XP`7WkAv-i$x(6V+hoa1!q`7*!Q&-_#o%$Jrrb#wvf3 zoZ}*V{S1F8%cclVcX}5ip;h-Ij`XL$(Q-&jZzv1Ck z;CLRMk^0y}IiMabdo5>@@8|b2{|EU$fvbF*5;s~Ze7D%RzL&b(i>%&7eZi}?-DT8OvnHFf zhxS{t&*V(LE^ou-w}@`qp~c?9w=D;>tMFU5 z1nnPvpAd?hC#(ahjkr1VKgl=i7SD!{53xJuOyGHZNoLIf-}PPs9)Z7)AiIue+hOgf zx*gN+lP~KxmHxOK!WTYc#%w=O#t9GET{B2FTsA2TyMnGS}or};gQ@soZPq7?1hWn(j@?MLLN^gvnz z#+-A$Pf>qpv{I9Y(42D~Y(SxUDz1zQ>G2M#tI=OtN$}Lv82z(yE^=PD8#&UEN5@N1 zT&vTl<^pfEIZK$LKu2(!ILXJ6{xYv3Z=p?miCDbV5vu(IR@<~&4N zwQpyT&6a%m)KSa1ymzQ$q1|;Nt-s|>FzQIy7x_!OlAD1}{<)kLt$UGJkCS5ib`OR5 z5eh8B!aSbU%2_F^nxKp@x@FVP<#b^!3p>tEz8LWoIyUySBdT~pY7S>FT6mlu2jMHd z2MOx5Zx@oyj~RJk5xz1Uk`rH@+Tx&BpxcpyBidHg+%XKPwkkD&c7q%z-J{v+OR=D7 zAqm>-V{*t*fejPBbBJ;ZgD{#tHILcp1XZ|Q7x;9?Qq|p38^gG)K|R1s#164D&PBg$ z?IA3Z>m(m$-}Gz4K|S~46}i2SjJrF!Yc*e-V|j+1@GHIThPC1$Tyfret49izmgIgp@H*3r#kRlHDf^ z5xztEqh&EqEv`m;WUOoElyDPw{U3{B(MEKB7_B)SS2)9hyX5diQhkFlMp{c&A5F{R z(mps$JNI`Amx-h4zQI`J&D_%5Ne7x6!lTq)s6Z?lajv?Zm~Bl+T73$tE%5L}pAtGtZ5wR_04Ey-GCsE;0! z+Dq1h7Q&--y33fc8jT`_L}n0Tnz{9ezC~+&oF4_3R%hCWq-`)LmM8=U)sdt6*HXNI z9&iCZeCvY-GEYnmG48({H$u|Sy#c)kNM3lt6hleNIaTT|eB8&F;!x94hm2n^bX4g6}Iu0+nn~wdUAbw(P9nv z_QH>or%2;ZDzD@_+*42^oOh8rGP6b^uT=Aulp`Hm=xrbL#ck*WvX`kqb}~g;m)!L5 zYH|}bB75|tKG?@Zq%*0D%yEeR*|kyGh;i4 z%h)%@JV8I&>L#s^1LUQ5N&;zp9H33T8c~QZnzlZuW7^sQ!f(?0cpa&~wncpipY@w0Pto+h^dYpuaGtuosiZBt3oM0NZ}M$6~f@6+)>z4I%WB-UnSmX51xh=yI;ieyhK<@B*b#%bryOq=1&Z zA7Ohl5*~oOkhL)v=v;6Q{9dJX3DR2>NBfoac{sgFSG7xC*P81Qnv${AG{D=>QBEi5Ys*Aeyg!PO3T|r+#=|-kMIXr zN3?;p9I}F7AsixmD_*BHJ`Xg%L-=k}Gd`@cdA;K^q;Orlwb*ZCHq$U}w?x&;g|FLQjzla^fOd zDt6f=`7#pYz38|-wEf5QH2kAoRRr!P-+pB}x8`{w%tM zR>@ayqmOIpGzfgL&xytcCR#d-^hDv5)%;)5@rBfm%vL_fU)CT!9_lz+Mw9kR)h!Q) z{6(k-)6>puv$`&QmGbK`+M(>nlkqJ#T_9JHq-F+)+>2Cg^-=1}_-}^^rafc&UPp80 z2>VsFe~)G|1TUDLOUW(p3177FSd6mcX0P_gSzAgQ38i^UZ%ygnK%X86FVj=U+By4+ z(gLd`bR$0@C$tQd)kQTrr7l!wZp2U;t>HDTZ`Q)&_KfA}tf_<^w42n|MI1#NN_%?H zR*!XD>ZPUC%wn~kX0B=0u%)Lt8jJ1ebkCwam)q{r*RS0>DGTizIk%&EzIA9mHmby+_lH^NDr&7sEb}Jv^yo^K>O@t?WV|q&4oUVegejCj@ z7iikPjdw!7hBO=BM5&}?8cuw<`ZFtXHZcoF?}5WPXc8}*ebV^8gbaQvxiWb_RPTvw zI-A-(TW4Mhk`EB-apde{P-O?@mhWlX`Aa{vmVRvqX{|)R}EWdRh}V)%-XIA2JI*HkmodeE;sL{Vp~&s3N5@_cQ8_h7PrHM z!_HX@VpGZp|Jc4ubSrGJoIiJ?cmlEzAc$}Hrb2xWn6=TmqI=>+O%K5kxOOibYuj^)HfHMP(q{jHKr(m9*& znns(_v>21O*^j5Ege}C`!lR{wwk?xuu_{{5+W(-P9_+t9xi+J_{i)@?s0^)D^!?W2F3 z1H=5a_E!F(1(-*qvg-daI);9y_MI)Ct=3tVEX3%KL{NzoYlm4PohIjO<;sRm_t@;= z>!zL;pnWfL1u7IEhjLgOnJwM6+*N*3%gyuK+}>6?;{UFv|4!+*RR>3h6S=PS5PgAb ziw1GMthKOlohLLm*Ec&RIq3C7#^xhqwO>N^9brZyrHy3B)+yjFk&U8rXx|fiH^Y{F zt|AqX5%e?0CNpEoh26AFsUU5dn(J@PPBCj4UuY)1Zttl7m3|=o!6nit(|yux%-e6*53KQk+TBU% z1T}#sD|3F#s<-lpuG;MB9j7>@B7a#Qp>z@d{%CQ%bo_coG)gv+Qu;$nt}-Ej?{@uP z3i6JZ|2j7tkvz>H->=|&8$#QF%t6SgcvbSDw4f(#N#m|fVRAChVfq{$J#7o!b9?Le zt(N-3>u;6*kXtUZhkD!fpJr{mBmHkP{+Isi_3R}+y*}D=wgUw-i83pGhKUl_zB$7p zr@4Jf+l+>}pqG}G>9K8u8OnA(I`^THU)Dfyrb#>FX9ynafin2wM1Q0I%)U9h8lKaB zP;^iE22byJdY_E*B%sXZ-fC{l+NxHAyj7m<<$p>nXS>Grrcj%GtFoMi$L4=fnqw;# z+AnkU@%F3yBi~?N%(eZtl6+RLtnF7hw|!hh{w@7gBQ#$evSL2H9@+Tk|8MU*z_K{D zuxECbUIhfCNfAUq_>hi*6&1w_Ds~Z3Q3L~6V{EbI#uyVzOri#Bj3t`bjlCD_H5zM- zi6xq-F~z9=J7@QUPh-l>E&u=D$K7Yn?#}G&?#wy!o;fpTcYm)$^j<-k9|Vn^$o{j` z0mqE*c>LKD|E>P>G2>OGj|+Si9-tR-33okVj4$7s&Ulu`>U)Hn$aettmy?Vu>!r9- z|MoW-em}xgd;I=cdWyW4lyXnZNnutB_x8rN++wYW7^gI1d|NI%r`ID!Y$-4Z=F(Ta(p%J0K zVUx%!m@cMxX&PU)FXj6AvK>@*4r82+WZ^81C9p(R6P~$AEEQjI9Lm#Yu5WoEN`}N8+(~qB51M)~bzatJ(w1J+UOM_!eU=GAx$wvxBvt=L(f&ePdB-iEhfU+{LkGdqvE z?aQw6e!L$zu$Zr4H~H86Yj&64;*=7Kk-NW3Hw=5 z6qWs|SSdE_iQ=d@b4Bq~Jh{0NqBPnS6Yk-W7sPI--ID6cDT^Gs!`GL?5zW+*dxmhyq}0q?2IQ|9qr$^vB} z@2xCVmhwKza%DN5owGj74DY^J;G6VT7=5=P3&sIfKn3bY`LKX8Sxd${9Ch%G$!@5# z9M%&#^H@GBVEx%ktcVq}!H~pZsL7FR9DAEhXYWBS*YjW#Y3x!ai*xuV{8PS?ui~ru z8orjVmY2C0oqU=3UKY3W4Py;Vv#8{T! z4K*+r8h9L550rm8^WooC)C$z>KSOTt3MY_Wht18#%5?>!yUH!)TV|(x zr~JqqlwX7wa}z$omn8~+;m?vp6%oRcMVJT!FT+JRYbXrDz#54fq6YXHEuvYfh!wG{ ziHH~Rtf@#8i7ZXj617+}kt`ar=AyC4VC_UZ(Vq1X9YsghOLP@kthdM(y;xt7EBdnj zB46aQBGF$IvSLvz2CzW_D;pw)ilJ<%7$%0Zm&F({h7A|v#5guWOc0aVNHJARWv_|p zVmkW=cvnT4NK#%Ic99?Kr2wF6AUyu6;;U@cSO~r=7RIVW+e83YBY~$;CVHrRm!rl6 z4pm5kDT-(~VviQ1A&E0)G%CW2>S^CpwfsWZi$L&uDn>idM--ov^3O%dKd2d3KfKfD zr?2$KMU>r_N*#)l%atKS>Z`nu-mfXUrBb$M0rZq>B|=a6)jsXZeYQXcZFL16xZ>XO z9e6ENM!lH^U(7K1q9$eepA7-1ThmYlH7!FR?)hx600%88R0V#?5R4Y81+TLG5Im`A zkhXIup4u3~!8c=w00)i10Ms*vNR;h)A&Ta%q^%)&tp$~?AahzG?&(FIZw%V|Pfw@+ zw~kcep?s6W0^z^8l#kF!sbi1>U)o9{WBd_n$O9~rquSF+{%PmS_%P_MaJfT^kxRy7 zZTocFdpb>W%8leklO9WwR4H9jCZ5M<+cH^}@@kY%`Futxl6R2&mRFYP(k_!vE!%+1 zBhNFo2YD=mQJ#(0FiN5E32+L@zT9ey+f&yw=9AlUY2v6IZ)$Hcj}cE~y?fJLWvpDZ z8gvCZs>)Klv>j+XLIQ%Z zAFuVT>H>Ksl4^?^xGF7r4;*>|izQM^JeH{B1&Q!RyD<=IOXQVp%LyDbex1S!XItS( zjY}eWDe;gU8wzr^!Jd)~r~xll$9UQ^+dr6ZrZXkav?UtlHLmr_%56;5w()oZZIv}p zOJD0yqLh;I)g7hQR{7^Bx%yD4z3{AZm2XKJaa+omCGPE37Gh9ura}5fYC+cJ(;*gh zYZ@48S__r2eL84Iaj03NtY}(GYA(|diR1FnmUTsGy~+Y3T`Kiy6!>o_3pK$@W2lAF zJuf7K({)hVy5O}jNGUQ-l$TWUixAtTyD6INxNSYt|!haGKPWcy;QK0+i(s>U@fwKF#92vz7%+TVe& zK~u{3k%1nsM7ZZK+Bk~5y1cfORw-RlE}qBd%raT7hck`xDW%RRNg2rRiy-A%rfZ9K zWtm5wXKWMYGOtOn@ft=+G(JH?(kN2?wWpO5rah@g*?o<9r8K#qB=Vay-Z)FPH@O%H z=jC1_#AhlPte9 z?E?IE1eR66D*a`gP*!QJRRlr@pdM;s<%BE>_?m=1RWepf*sisK$#t+=flpm<2WiXM zz?RL%^>VOkcAX3C+CF#^Y28(Tb(asEEWqjjJGVdfU&87@_MS7@drq)=hoVfwuvUWg zI~>n45^H6$11rE1ej6he(i(JvMf@JnXB}3Bt;eduIu2%L7_Di^6pYxkW&)!&8K7-> zTTp2|I$-1`52sbse>kTXxHrH|H2MhZI^M{pvk_EuhKE7S>%N2~VbtnlTu{@~bx`kl5U+ly^Ge{Hv}R;0)hrra@SfTPk)D)M znzhpntu~8wha`kz94QA_(UbK8zV?PL$VHp$15_}eKcLw`Qr7eJ-hjM@0Fr3-Pcukr zXW&vApry*C_|8v5#RMctZ)9;j&i zW^@IaGmSWl$0}Ro`Nkmg{oh)eL64TNEumA}L!YKYmu5hJw#CTlKfBZf?$!cA%igXR zurV2!oQQqd`;&{@XJ|p%(g}M_Nhaj6)M|qe;-P1=!57)58jK*h+7;WEh<{R6HLf8_ zUm9ZDm-c15wP%GuY$HD!A$}kmpr2{F$s*0vOP7>hkPj)XQo7_Fp2z37GFf)RnMV1P z&u4rldABrNSIV|bmy47-d1aYLo@ZX0jU$zywNC}hIkok>y zj9XdiRNOBW=i1;b+1_OD$PRh5r5Ld?r|BYdVLTBdsIZ1Gis}Xw_ENln$li)KtRo-A z2jgOumC6_w^HqGA1x8l`m?cJ7t1v5!vZmwA3?+kEW3;ssM$KMPUSYNvbsdGVvsub4 zW{=U=*%(2augqtT$_k9bS_4t#n3Q}DV{eAjBWZOeccDU1O1Vf(v;}Hv{{^EcoyZ=J zHjX9#8!Q*iz79s8uY6of+J;6nrjyD@xixN#l6QS}k$t3UkgI=nk;rLWEz8RN^i`$m z)K;wqv{dchM(ar1211`{tMLlqRB9vM%V)+H4rtZT*c>|37(7vLrUCE%;xaN+{Y~Jg zThm~?-|ufNbUyt48No;@5B@+)1rsWqPtRe-L>KM&Js zI?;0fmgDk#V|ZRZ(`)?i?@O65F4Ahz76t9kbW~K@j`14ha<83LUM`~~YEou{9-CbJ%6gUZYjP5Ys+QG-F|U*+Gu+P%=Z4}eW8F%5 z))o)MYIioq$gvuU#x0S{3>rimqm*`$9M_Uol(dWF_tqT|C+#9TobQAqX&2d}&I1r9 ztssT0AO}_ltALK`0={&^Y6gwk6S<_#V@)=XCD}YyWb;^(&0|G2k1g3eHe}malT~9w zR*Dr_7fxhdIFohZLe@n^vMyZ7x^N@w!kwSxXIUk(F+9k|@FW|MrU*|*fb^bJ8SB2*5LTSFvK=XAz za(0{f%lU0q1+#XWF&no<-NLHV++8Tvf6i&4}yui0diD_2$I&#>Dmd#Pw9- zdIREmL*jZf;(ANsdPCxROB1eFBd&)K*DDj(Ly7C0xE@AaSKyRTMkLPUb3hiCvgQ+%0xPj`xT?%w6mids!v1PwayP?-%=-hd3Y(Fi%k`N+Ev- z#X-#O9>PqoH@q&6qtvG$i{|2tID;qrTzrn_IV;ZMNzRG$c!mq&0`78AT*h^-U}o5x zW`?b3X4sBqhV5x)*pX(2U1?_612e;QnYY?RZOW|FG_@JCQ=6+Tn7!IkZN(hb)@nL) zRWsB!%tLLfw!@j3YFC`uTP?sjgVhm;nV?QW%$w?D$hVwZwx?NTN9o}K>0ha?LEg3M zIu@X=S2tiE9v{q{+D0VJIeV*Lt6wAUH|jSmjOLt!&_Ys(E1bBZ5LX0oMJ2A75m(HK zD;C5ROX7+ZamAXrVnbZ9C9c>JSL}%^4#X8l;z|YLiW70gnYdDsxZ*-waV4&}5m(%a zE0u^V9>f(-%)g&z3h_e_KP-qJR>Th*;ztGIha2(3llUQs9~Q(9E8>R@@uLFq!;Sdi zsn%0dnL=C<#1#wTiWPCihPYCJxZ*}!@g%MYwVT?D*${86)c)!q>`M-Lsw36$*q3|~ z|oDH3=1I)t4$adLKqfG7?wg9){rnPj4-S^VVKlgbuca?HCI!@uzG}H zA%tN~2*Vl?hJ_P`H6jcPCk(4i7}l6DtO;RQW5Td-!muF1umHlas)S*FgkhBl!;%TZ z{0YOVn2e4E5{CH_hE*l>@+I7gAZ=wJ+=?XJ;)Gi@2)7hMEJ1oIim*y0tcoU-G9#2S zCwz(_e6k>XvLt-6B7CwYe6pdIU`s8*j#`2}wS-t|2@cc}9H}M5QA?;mEg_y-f)llb z1ZoM1)DoPjCDi;Ke5yq)A&FXo8?^*?Y6+EogHK-661=G;_z*H#QA@C=mJmlRA)Z=7 z!f%kthgyO?wS+io3Gvht5`KeBKGX*6sSU(Y8;GYiknkI1@}V|hPtqSxa_>VDZ%@b+ zK@uNNvYudqNl7M{WJQ=1Lvrs!m=r;>ZUx6QG`N5Ot zB(8Q!ImH6t(Q_Ij0PyNTuCvNnT;~hr3;5%lSI#5mf^vZc!_Vg;_Ae=yST*?jT*iH` zC|6i0{C>Vc{7vO1=xyaT`h0%E4?VL05rF;bqB{Bm5h4OKQbZy?N<=~1#)uf`(>M`_ zUSont0Iex%f+mS1(7K{7`gx5+BlH?mMJo0?i_Xx~TU zKEMz$1gS5JmvQA0Vg$|^B}Re1Dqh8tj1^-+$BXfxQ^XWJ&op=)NjssG@UkJ{WkbTt zMueB02rnBGUZxUWb|$<`CA@4x^3;^@GL7)E8%b3clB#Bel+6h#yAo2S5>mDxq-;q@ z*@}>|B_U-iLdwpBl&uLVTM$yVCZuddNZF30DxIV%i=--pq^b=`RdY&BvtK6 zsydQXwI!*_BB{zIscK77l}++wPLgCs{#P9SS9@8QvQOE^qLc&h#WE*fEDMsS>Lfi1 z$&Dbn30KZ3=WwQ!m}HU_mE=SEZe2m%FO@GbMs-!WiZQCMl&>&G^|kUfW)p6}r>lYT zEquBnlsn2DW`JiG{=uMpui&c(%3b9yMy>8C_b?K6U%8L5s~;46AxC+jJYdnvkMIGD zQGQZ>mY!hBFBr#qs61q`%CE|=tb+1Ld4yb#mB;Wze4;!-pHB{5)e&64E)|M^AFIHE zo|!6C^#9C+8Eg)7VUC`ng|I*`&{9~U7icA{&~LLA)+}Dw2>28UJ7LEXguTH38-#;! zfbW^3z<1AulW;=6&{^OsK*B}1Kq4!OijZ|z;RegeUARNqDhbRM3J>9db36sU6eYai z!{#Wwg*W=FKEemjQ(07o9Qz8)CQ~aiC*QW3)Rt6uxZyj>B2Waf`XWdK;rw6`jJzQt zgw-O?w>sqc=0u)vPUQLKMD0zG|64S*x^VJ>iy<#KNAiMmBriBec)=y(dFqHdc*1(3 z9%uv605nCUpj|Z-4biS-n=})RMPt;YY?f=mZBwUxRq#y^IMD7I6qyav)UpWU7c1A70` z6R)o5BsyVVwtoSyysj)-bQ9gsBh3<7c*5?YJBxy!UN&ktN8});m*@rBTlB`2b44z$ z+*kC4Js?q|I(hL~6LwS={Y8J+6)%aGfE0zI5a7J^jdxA;# zR3qJ!Nm{27X`K+#I-#U>qDbpRlh#QftrJ69CziBM3(`8BNbAIr)`=&r!%6EXq;(QV z>x7ZkNhGaPleA7P(mJh4>$D`TlSEpl8EKsa(mLs+b&^Tz)F!QyL0Tt)v`%NzI(10v z2+}&Sq;(=m>m-oYQAz7mCwFWZ(5SRsZ07Miu6qo>6_AWh>(nx+M5nuerlI+3P{CruMinkJq! zO+0Cu1kyAKq-hdJ(}a_zF(XYANSdY=X__F?G_6U~M3AOwMVcmpG)*hgG}TDcG$TzD zM4F~GX_`#ZH0h*iGD*{)0e%SmsOn4Rsn}Z zy+*BlnW0(J2EMFGdh2?=m?>pXo&ejVFMW-Zcu+0fQ4n)$M~Gg>$GWsB+Rc0gl$V5c86 zQ#>#=1sL2K?<-{kJLTP_Uz7uI-5**l3L_(Fn5FLlMAgzPfYYA9<4}wg*THOl2h3o@ zD+KwhfZg)XY%v%^X^#2qo5O*wI}LA)Ptxm(IBE>L~9U@ zCz{-|Fe_U$Ali~>C!)QH784ywbRy9iMCTJ-L3CqYZm%q{m*^p)Cy1UUdWq;YqPK|N z%`3>x6F(7sEUBszwI=FF)HQ!Vze3fEs6WwQqTxiNi6#=QL$o2$G@`AEW)>9o$XC1c z$AQ{|Xdj~ei4G(>jOb{h6NpYCI+f^qL`#aY@`}}kL{}8$=J!-L5Zy|2H_=j}$B3RG zdV%OwqBn?sNAy8aks(t3RZ=taq5<8D%p8fj67?eLPc)clIMHaLiA3uVZAdh&Xh8oW zv(`j2iFP5{gJ>V3{fQ1FI*jOOq7#TtDn|X7O(pss(GsEyi7qAjDbaOAHxu1SbU)D} zzyNqPK&Joot;7uZM&{qAD%!Z_gCKjk|9AE|&`p*?dP;DhBXDYA#_i6dH%J(=hUtaZJq0)Do1Ka;T zl{ObA%j@q@Pw1LD&~h!IX}SUD`=c*Dl1*Tf*$h^~7O@rZTipta;Rrj!F0pUeckCxH z+!A+`cRizTPwCqe`u3QrdxP@)QhmE$-|p46JVf7y>Dx*A_B(B>wAQz)G#OOZ zXvfv^G-;`(U%#6EJR!1e;eH{%YTHoF|A~iYYWYIP>D%f0cA>t-bwl^EZJ^tUZq#W6 zV%DHPz(X-#EGeH2y6SOvri8A8_iX{2%HCj;cz^y9FXTnMm=E}O$Kg&rfMa7B-d7Cm zj(ZN|gZN-Rgb(E}^I`lIKAexB<3UI3AbjOyiz+-d~JkO2`@9X&2wk_wc=ZAK%Xp@KSz|AEM*kNHL9j-g$p94tL7`uiXiA zmpq@tZ#bk1`iwo5#v)M-Q?HnvFn2PaXujWKqvglelWiK>#@i0G{mw4j!O>B1ykB9l z(@dwc&Kb^cS1fkz>6Ynkj}OBqS6Wx;f#(^o{oWgW3M==hJlEIDw}XGJfbc55RZa!& z4KfcJi92*hAGQ#l>7((s=iBf*pNqcbr+5c`JKK-ZnX~K)yTR_VU%0}pxfA!`{yc=& z;EB8*Zvs#B4!k?Q8Bhr68O{H}-{$Y}xp=?*Q+SeZ2S1L%gJTB#)ALzHKAN_!>>b*= z@d>nb=M!mLiDPaN=XvlkwDsguY3rrue?!kdNz0E`L;2BmC_kQn@}nJ5ezYda&j)Dv zA?0*`K19zyRL}pio`0C0{}ny|a6SJBJ^xBQ|0+HIYCZoNJ^xxg|2jSYdOiOJJ^v;> z|7Jb^7Crw~J^wa6|8_n94n6-)J^vm(|6V=+K0W__J^ukcf2p4Tpq~E_^jZyAEA?Po z$oF0T0=N0ARP(OUs z>FI0q^mTgr20eYVp1xI2->#?c)YJFs>HGEcQa$}|l$gCsC3EBd&`Ug7FEQRMfJ}O7 z>5w@}M~NvNC8l&*=fY^fh|=Iz4^8p1ws-->Ro?*VA|C>HGBb z{d#(-o_-KL)gaiUv9JK~W;kq2>C2uE-{s*LADe{HvDs`P`ywN{`{}w&kH-|&+YUVc1->Y zI|gHVnw|5)j?wI%f0rHeLdU$&G0%*QYGYCC#aNk#HWu|_tW1u?U}i-dLwhk+_F}9| zvl{>ESlJ65^FqhG&@nIUm=|_T{tG+iKQtfnLdU$&F)wt?3mx-9$Gp%n|EW2D1#fNt zcYGWL|?f^tze(9m24GT&DOBB4F5cV*WEdGo?T>@*_Z4q_BFfCZsJcfckqXqd-$`=kL+jm zkUe5gILFJtX54~XaT{*W9pQ)P!dhT7=A#V(iy)=`*th6ux=MUAN^u#uUmx&AB{qV0HXCzmZG9xBsm06{I8TQT3R5Ts@(lR8Qf%FN(4V@z4DI z2Va6wloG^WR4=KQ)hp_k>Q(hC^_qGe-j!Z>FGza9KI8R@XX1E622}YTrNf_LP!H1o zpW|z~8)#2xaqyNMfopui523E4M|%VK)+wkvEeE`M;q5;at1T~p2cn&RrUL(;=bbTv z&e*_w;IVoL?-2dom9+DA!hcBK(}|aW%5N*n_e$kGE$N=t@KY;hHYnY2<_J&B^~@c< zxcL48{A3T()m8Wqz6)1p>18UYEGoP=--U0I0#3^-F}jjMPmlHmuYViJg?y_s06u2M zzx(9T*D~e*e1^f#4FB=LU!*$Y>=CGs6nLUFf{%DA{0^I657FXqUvSu6BS9Y$Zx z(T?SJbr^jcM|%fC<^*H#+U_H4wXel7_a6+S-M=@t3K`dU+>dtLLMa*Teg#n%6wV`U z3|8i5q4q-YFk^-+bL&uZ6mN7K3R#kFXk`d9iSe52Gg5v;T&^wP2wH>}!Se9RS22S8 z=v%VE&*WmN%bDE09|p{*z22?=ieH+}Do$Mf%Gzlqqn*1OMw>+&Myp;WLcy=7Ec3!+ zmo1-t)x}^}_K4gJ4>Rg8J)CHxnma3P(jy%W_U1USbhfBlm^-u}KP%GNP(j96I9sP@ z7Zev4^~lQ0i3~IZ$Vh8vuk_-q!k)P~c|CkHaSHv%e=z5 zdigEVa|#FMX6F?7wk{|r_N`xjG2glaihCCn<`xez__*0c#u%cIKhA)qgPUCqgUO*` z)LZ|_5=R?qXipvboTtvn?U#c>_v>H&xW3hW8$}vMbAMCDa5E-Ga|ecaYh^U&Y|r3= z;O+Mu#P)Bgx*|?aCzog)2^&JvdkU>+h#^ zQhe6TT5_m#!pzUQs|{v2pIMuibfD*0s>N@>U^VZ~BOY2v&KD;&f&h3ne zx4xfz>fREE%(~T^e?Dr{wZ4(QuTHu1&@8Lhj=N{Wq8FvTd^>f%UGJ2p-A|urI)1^! zJ=?bXT@Swb<=D7scaPldf2hT}3i~o=ZSSgVeK76h;X^aym)E=G(6?jslreknONo7OXb*y7~=bx)5e$8z4ERyb{@p|VU4P~8o# zBVAVQ9^p~H^!)*yBX%~u`}z#W>)*F>G$b0Y#km@82s4Bjj}3gBk1pN?*+u=IBi4on z^5T`%BtuO@LP=an%(y6Hdnn9%&iN+Ipr~h2A!I!~yD-ntQeMSZO*J$!q?p@u8`qeR zdz8;D+!cdtD|$&4?i&18FK#Mx00YPzXHiiLwyq3xyY=giP4#$e*rsv)d*@zk;P__0 zdWVXg{{0)f z;x5d#=;*ZTa@$Y3ABna^vS#7)cm6z9c7#r%ms&!%ZJM$iYb;i>(6s<-@P2V;FZ=+z|0GV z(PFoTn-IKbD#?)jG<^7xUvo0Ox>$!DY$y z^RkMHd~29MSZ+anIVwmHGsH$l0>mO?qNCy@h?yQ5M(uz4DgGjCdl=m1lUO@fXjDMY zDN$E{$|ysm_LLz;@hOMbqVQe?J!H9_LFq_?AzWq>&Q;5bmY$P6pfKn6N)}nc;2?9D zIa?ay5@Hi-#K)mc|1tXQtbVfM#F;^9w`#=P?7FT!@31gyRQsC!vzL7NMbe&-b^D@@ z54oE7Z7oBdiH(x#>5cYP4(16AJ$eM+#Y#%@txLla(kZL?6Iu#*|45BJo4ETZwA z83WF&ueSI0Pd)ot&s=%$*TKW){xt9I>K*si4}ELfht~qbXD<5IDJQ?r1E&V*{SDK0 z%nZ#8O|mR*a(8p96CnuEdUAJ=`Pik?Vt(D!f;0aDD7Nbzbc;b}fwPR|7Q_Zh~WvmS)wMl9zJo z%I&dT-`nu@z;}C>e*F}V9oxC$*jp#kD!jBZ>p;?+$LAOIIq{{z3DvKmr=`IhFsX26 zh%%xFu&t^=Dt8@CfNgH3*k&RIhKBM&mDSn?z*-4lZCuP>7o3P*J<4FMsl1M_+Q3lH zP{&-wE;Ga%VvSD#Jo_gE@@Z|r&7Wz!gmA~kZN0VW=Q(S7-R@~K*E~^eIjLgd(k8{z z(htNPXpnlxVshW8&!>Mkwe13DgITSyHT+)Qx5s)>mHCq|G&~*{;39f$cRW?#(D~(| zr626d4B57Gw%?)-_m<9YcyIRA>;n;#=U1!7KQ9ccb}^1u-Pq!G@8f=NZe4lx2di(7 zIWA6LwfVc!_BN+#PWPHtCH3N=TaP|${FY0KePV3E*_4$jbL;Lqak@eCQy(aOx%RrsEeymzvK#@6_Sw zxY!;drl4R@{>{5%Th8dRM5Hf!D&%1eKQ+rvynMg6r<+;KwDj9RIP@%(Z#0Ah z_n+w!{?`C5+7MeKAujyF$t zZ9MMA=JQXk-s$CaKd1M~b}yB58T8q=@26hxKQgJUd$wi4*}J7jYL8Gd{4*TSd^+mH z)&WUPN9-B2BYE%=53$;}Z$zKaPj*chzVkDm72D3FR4rH>m-*xPpwnlnKlsRPZRNt) z<_q0w=gfHfTu6TBxsNAYvbiwgt2ZiMzIh<==Q*OFH~Ir_TKSm0TZx zy7x|(BD>pzHof;?$c&AjSoE4((e8Xn=I#bBTPJr9?z*9_MSAAp3d7@zcm4Eab?)Rh z#}waq$8)*D#k^5l4Wl-hfX;IS#!`)sP1Ub1WuK8dMTx?$T+pkNc073zMuX{XBkTh5X#B)7=bD zqTk9cjK5v##piiX4W1wQVCc?_(+|Fi%oKA=4|P8`HKl0vmXv)}R-YWLEDIQt`^LI8 z%?=$-+aDG1jn{<5vtF;8@4C)`rdf;+gA_1lW)24X7ivmMWI)ZKS+BV z^wO2A3dK#HwDTD6Frabx;a0hBC5ltlw3A2ceCn8Xd*@Qe`U@A#wmvzn`+IhWCyd@z z!}eK7e8V3^s2M}`ECaiDRG28WVQ`;VwyS!U#dX!zW z1|MyYKEJ8u!kWe7et75IfMtW${gSfKYTNsx9bZkEk=rs*89v5;b;51`?-ElhE_8ci zwXw@H9yRqU^%%7-3$_Sso>u)9Bhjg${s}BKLvTq@NtJQ_#{LP6E|ZQ7 z`XWU!)gxoc#!8o&eAP5V6GLO8jn$7^xG9DNL!3#UB-D7VKkp<*7)FgW=0yLh*idMw zVmwCw%KdlxR}qFLWoIellK+YO_3F_zH@`TiuwPD(Tnx0JT*Xgy3!mF>EH{snrnjp9 zxle($mF?7lKb-y0ZOe)Gsy%}Y)Q{S*dSOMs@IiM%ZhZevl9|(oV@G`1ZT{+lTwh<2 zGrx4<#4SA*|J?29(0Ye+wtI#4eQR?4jX%C~bg1&p@T0fppKaP~?ABLX%uKfS%QW<9 zd!^?;_Vziyz;BNFL*cCzXIyfoZT!G}P^Dth$APRhPQtZHQ`b)h z)`TaoO-^s?nmP6QF1x_geYI=NGEWH|wfX1E_v=0Q_HMD~oo&J24ewUZ(qm3$(%ms1 zdc?ibu=l2})7TpC+HJCb{QB(HAC?_m6_jy1_}qZ%K_?7TqBr+6tLYlQF08B7v`w=D zFOQtz8FwT8M2kZ?J8!Lb7;2R~sMF0&gQs@tkUS$=nXt%xaEBfbXIxJnuxIldCH+s% zj{EG(Z-X{j7Pp?#aWG4*az0dgm<~e9^~i^^P#Rd$W!X zKYeubRU6;LR;fSr*;aYg&JlgvUz_CiP0rquCGUMu?Ox`(U6*e}IS;(n?A^XG?bB8# zeBZ<{Idn$-{&W(}A%cH=9v%dR&9k>#yAG zb!lAfskK%vd(~yhxcj-SKM(qG{=Gd3O?)3+&GLK4I^xrg}S+S>az)A7xQvWLTzrOymVb=2XlU_aIb?M>2uCMctX8686)^c-fWW_ZP zy;pua+dQ|{jJb}U7aS87w)FzY>yZe8Us$RABUaO|( zspt9CQ%}`CZ5(4vM6zZsxy$|Uakt4o{o+^6`o$e%vhZ$~-1q*qn|H4?)vrFnID6l| z+x;JS=O{`@sAjD-uv$TfcxM5%O}qLD=PRF75vM6@4t8ArN{pLoyIs{pw>rR zdY6kI^tCVi+ix3_|D!SS=N|Qh%dh#=1MNdb z?WK=<>Ew>L$5RD$ZuTplt*84;axxZH^$ry zeU)z*@z#9y*)KTvZnuAU|MvfCvMS|_`Q4X&;6b{7=2PouFCVf4tWnPK;Xynkr-b*twpWW(Cm^oIAmze28R#lt3TzK(?<_C=V&RVsxyqh_{ z`gZftsWET9lol(E%5RWwYO2n^m=m@H)EX`)GQ&~V z$``n|c>jpiUGG9OtDI}x%KOayDz7xH>RZjQ@=TLdE;Y5v9n8$Rhk1nh%)LP$_MCrQ z{)cm|xkII8b}JW~OPtS`v$>yL*)wN5*PBZ!cjog2<`VOt=Fa9nmmeYDC5~tAQ++7! z?#Oi?oBtA(QGVxRX2*GzxhL=L>3q|;)u!>CrE#5an2Pgxvv4lveL^2Dw(TFL4@b>E z(68&4A93DlX4Stok959hw(WJTIcM$n;Vm>db2F}f+1!r2x3~G9Q{yKew?s9x->ryU_#}O{i_TwMTF6HLcW9CBV#f-k&{ ztIUWi<=WxeTwPP{6E3|w!Byz$_saK4Q)6bhaHXf?QeU}Ce>YEhKIL<|`d;d`@|Vv~ z&#%1YvuWiX=1}D)kpB-c-c_*PHRlLRM2E10&z;J>>FbmC@o;}`sO*4w4fy!N)%9BL zTx(6P5ucfNoTq~oUo)BWEt6Fu?q3J1Ho)S~n|@`BxoiWB|L^kTznkw`^RwpPO~~~F zjM-1^&yQfH<`&IoC(kn$^TB&z_$hb|M%#H8%oT20th^Z9`dj+`IQYeU#MJ^LL#_Cy7GhMe;svd{+gH` zI_y^ei0@w@FW6RMs<3R$nA=v*rJhgI5A~s#S10JzcI9m3eY||T)ul_|z2-X2x1UCj z9%$}q$M*w#ehYNm4m~gR<2LmFHjLNjq4Uof>lr$l!>_NKq4P&(4;;G0&PQJ{kEq-h zT*e+*Z<$Ni-p;jy{(qY}zCnL|b06l!ORImzbtfwi7F)q6Bg`ss;=ilU7Ee#ZWz9>P z8!8_IM}_Srj*1U0b8gv2d55md`TX)frQav_xh%IfqnvD;66;p&mF?`;b6P)6$9eGi z1GMoTXsvSpPFb$JGfocx6T^KhJRQ>#F!258TZ#Yhw(@!CdlPzcU-YsZtFj-fd8VxY zd)-THa$djukIEl1j@+wnWX!mb*;eHR$n9V9Ib^nLB@qt?`%0;ahqCN}m57 z*UOQM`_rd8lDBHso%!-}RgW>y+;_bRoL3;jk44tjDF?ri>+`rmu7`8YxbDC;Jn7ot z^Fz5VEH2qd#btRb`o2bg{*$}x5X~L3GqE`|zpVwPyH?@d|E5iiy~gie@b|;q#Utq` z<7&(Q33;fm`cjjkgCm<)`Bm;yrfcn0_-=Wq^4P4lP3aDGRv&@x%1-@5o<9>C=kw(K zdp>^-J$(@Ot8M;lt;YS?%r~+p?r-i`S-|hNp$8A49@z%pK_~wX*?l0-bZJh$)O4Ba zFRI*=&ywdmb6?rI=$^GrE8j&ou~TiH$Q-NQ224=COL_K9?k?^8v)QQb@_At-0 zCOV9{c%}X_PR_e|-a;1M#q(=;KBb>O$NW?WtKhq({gpi5Am69BKaTqgsOJdzze3#) z=lU$q=}UEw`zx7Cz?JHc@ZCoSE~j6mJ*IgZ{#g0`=1KRTWSqM6`#wB-4cE&kHwBBI z%RK@kpGUpmS@k0N^d{3O?~*MmAB+)WZ2L}My0qD~I;rvbftGt`4k_thB}jt#hjxtmweiBJN=HF zs*iSDkO3>F$jaJdp_BCpW2yC`)`Dko_0hq@mWEPiWEZIK;Ew25KP;Wn8L*&S<6#GE zo}xF*L3Yl;1}pW3vAodEJr8629)+y@8#bEOWdCMv<9rxwll^`fpIN&}7U{FAHH_A1 z&gWQTm3nc1)@>iBjz?4WqvZJk=Clf*(GBLGdsgpiZfj|{Zuyn!`tmEz{kXu3>U{Z? z%4fOMr!DUELv5>F+PtmfEx*e3A=?ghs$N?+^}&}{a6J=j`liZ#-%Gf|RqZZ6U-|Cx zbCo~k{`KV-E3aLCw({2HXDz*=`LwHY9r>bn_3t~JJCEug)>=f2MU z-L(4w+WkIbqIYW%`J?3**Zze2P24}q{R`Y*viz*B?@Kd0Svx}h`!2t@jvTFhmvT38 z{~z41qr7D4`}Kb%gUH<9SXqP)j&z5bdu zd&@6Z-i-XAYsF>u&d94LllRW_@2T8>aQWr6O}l1$B5giNG+Vk09sJ_yI{07dO!dE# zIn^&bEY?aFReNSsdzBegKV$CE{UDh9DbupvL+8}+_EW#|t>f%Df#VGOJ2yJh!SlUr z%b7Yi1h0KqaNXe|bK6NA*O~3ybdz)QwL_1G-QMuMmpNB7i}x?Ew@&fJaVk{Sb)4%Q z$9KB#woe<*sqHq_*Vmmr8`QSr+(?MLOu@+l0;StFbP|_v6TumJ3XV4s&9-5cCYJUZANzQY?TI>gLVobsL=U7~YCPcayl z(HTDMvg@um+*BmX4Lwz7!^199yzYwf`^k4mJ!3eFOh;|TU8TpJAh_4PTt2}+{(X;7 zuk+%7nabE`z-hYMVjv^S%^hdxJGW5{?{Kb!vdr<_uE-+1#<`)@Im+mWhE}WH+;3}# zw;g9~uYKc9nOD*r3>|UV=>$%HHgy;sHRL!u{h7l^=uPI?9B^KIE}5tb+RlzDr77|` z1%os1x+|Jq^ZM)e+=R|H6Q>sj@eneIo~OER8E(AMal-m^Q=DTj_IF!^(Id{IX;FLoXI}We*oYp891<)<7_53Ro9XQdNqAb#kJrQ$w$GLGDJl{JG zHO>v!Js`Nl(f%=>w}&TghA;1Jd9&DQerfOd&hwtB0yl2>*PZA)!<%ou*+Ye%$)o-% z?CoW9Y8~)s6^=X776l2l0>x~wU!d74m6Y0X&MH)LZ*RtzXRd(qrZ*>7F@8dY0KEJ#Nk-Jz7)+q+e$*>tfPNY4moNX( zJldvLnn&{aD)T7PtId_9kFn`v%~i{PFpo1=lRn-&hV%*MvCF?VPc)AseUeSDF^}i- zlg$%IpJJZ4{5$hh^CZ%znQKU&Zk|l~4D%GyXPT#y;sYjqmU%kqb>^ANzctS`*OETR zJd5;4N&m(?*IY;XJo9YQ=bPt{zQFt_>Gd{!p?NN!Uu2%Y{Hl4eO08auFaOHC&8EL#-pJ>-n>UgEqIomvFPXQHzQeqY^q0*qkiOHV?=o-a z^RJj+T>cO9Zu3i|H<)*jzQ_DB>3hvPmw##AXWm8ntL9fof6cs`^w-S|r0+NHA^i>W zUeXVk_mO_k{3_{<=GRC+WZqBun>PKh`Hkfl%}2}!NIz=RkC_kh`M1oCq#rjQTK)^HI{@HorysX`B9z`8c0%HlHLdkf^cz?yX34D-zv`MCMi` z`hSZ=x7tLv+C;b7M6!%-MWX+=NThX8)2??~c3so9YnhH+vvln`rDsqt?JF(052b@8ukY4Dllit~BE`MLUMWlDZZ~A+j z%!*0x>g3Dc;e^SE^zP1V`Dt?xXOr}v&LPr!ImebanR`3ONiTNJTYif3ez#kG!ra%n z1L-Bsg{1d$?z;TA`61_?%a57+I~S8a!1)B2De0xogO?vMKkPho`C;=Q=kn!m zng=_NCcVsg?D9tQ5a$WY51Jowo=o~s=NY6AbDp()KfAU+O8N-rdeY0C7n45HdFk@k z&7+)GEPvHp;k=6U(avj@?=x3AKev33xypGX>DA6#mp7QlIKM>tSm#~KUonq!ZXkWU z^J~j@nI||OAbq0qq2)Wxlbnw&-(jwCK1upy=hLK5aejCCi{`1$ACf-J`ONa|=IQJt zzui2;`Sa!5*n#;H>9x*RmTxuBa{d?TbjbKU4XkyruF&(zjM#vV4JgTjgcT=b2xqyn^)Yl~!deSK0x}O z%5N^8VcuK$*z)P-eU(p={%YlSNPn&Jd&{SoU$6Wj>H8~xO!^y@&n=&9K2Z5{(hpX? zw0x4evGPBcPc$E@e3kS!D}TRyy!mkDYos5k{4?oCE8ko`&U~!$o#kW9Z&jA0AFo!H zSDQ~%Yowp7ww70!PvPai(%e)HmX9{Sjko>L=F`=D`6%-{)$#I?=4ST39(k*u=vF_` zt$w0g{Y3vi@Ds^@J=E_n+S@f#tyb6TwPwA#wzgiYu2Xw%)9*^Me6BUR!VTu~)0MX=zctgk6TFcDG+2NjX0S+{R$>s4OE%T=%) z=Ut_Iuzwe&XAU(w+~oHbmbG*oe%I^m4$Kw5#ql$Rs@hy%YuR_=yk&W<0k_05MvtmA znspdnhsL&gU2C@*@QU$g5TFPa+d*Xcquk=$n6{`((20>JJ)lrctA{f>x`83QhO5`xkD^-#J6}qG65(ukL#TPi%W&;yhcp}4ErTTyhFRBDJnoQVV<5!RO-UK8olT7+Ik1(^=s8m zp@1FUkx{ib>VQK_!rh`Ow6)#<1lMc8z^WgJGQny~!6!?V9u{mAA{X!NhcdD9CmEAe zS;;~U4np}<(xJLn0XYZdl&&yuO`_Wbc#AuVfj$;6i})ep2Mwr75WzkZnD7dOFG9Pi zct*@)Y|b3uIto;QNrlKVn9XLVYvr7}d3=U|wt@=lOe+Eh5Db>Xdw3?=sj#IF=ng`$ zzSaQM=@vuU;W;|b_(K3sBsVl6BDk3Bs(o;*S?hP0g8;4-Q$@2f3N!VH4oe@Exl!*5 zWq6}hm90jR9F~ddg>+tBv+qk519Z*xHi9H6qVvTBr#7Y8B}-R#gq*?qS=Cx@eQmC1v;4O6*^Wjg-Ok(1&6wwVra&ajX-Pa(t9h1JT6`o5?M+V_d)^mny7DO zRM}NP0H}u4T64(J3iFUNE5r!2#XN~?8Bc0Lf^5YR%JsS!BMnP|dG!jPPYpFqgJ%qy zXj;NNR9%6#o6T;|%D5W0Hqfb+@oj~99gBHP9$n3g>(Ht|SE)su5ei^nLuZ#(TG$nW zIrPLTPoq@;kx)k$li`{NjuLE@@_!*4c{dYbr)>PNP^00Vd9Bo!*HubwZdYYLQjyM~R@e z+iSKP4Uo72tT5@5tzZg+Om5kMtzvpdjf8pDZWP|oUno$1F$fG2?9+R`>Uq1_wG>hh zK?(-d%%d1UAyp9OsTl>dRt6DO+oqTagjGcVT{@la$(X0-*mO3ugkAgA zSX1D*3dNgthdvQ#lRL~?1#8EFdU~hO>*=6nzh9Q_^*m4CSJ|z`+x3&pEi(-yyCvoo zjbUx_vaG7zWBLLkL|{ow**TunTXFYT&6xhV4PhRWQ@4e6027({%kDNBBA`+0QG=M- zt}=GrcBct>)XOy9wAMKbCO$G#0y}HgXhk%dO!EvH3#A5{*N1t2W36u$u->n=>uWtg zmfF#}T1Ud&LAa5&W(yFk*Sp;=6)N;B#7SG2g%p@q3A`!#scxugVWJK8yQE5@R!FR5 zO0aW~LyS?>QC|g5}No}k()(W)hk`20vT9#}r^ZxHYxjF9PHc zu-Z=3SXho-f93$!8=XdF%_=Cgb~KW%D+WV6V|8QiT$p5+H`6 zNS+HJ0y$6}7(!Q?ZDiH>5B3u^2MrL;~HI2KHihVl@`u%hTlc))r3Ne6^YVg{Ee z;h(sp`9b(>8xpJfP*~u)o_85Gz3mdKno0@@YBhQ-7MDch!8M7EIMJwe z+g@K%D6<@j+8t!O+m=B|C%TOlN9mm4oAD6?8MX!_Vir}IfMlm29K2~_Z>&^F-(;Ur zs|^+ytU&0E(1~@XAZ8Vm$<}V)Vx9GsPob^l=qhwNdZY0YrmouLTM>kDvg^w4t{eD% z;CW?f*9!u^`{jG?J*zkNfqK}d|3!ziWI2_Xj@Ha&Rb5wv3XEml6~yd!4ovQ3y>sjQ z!ISeFMkX*a!D@&ZRhW0syj?5T`j$^fQI)}z9Km~rN@Sr~5(Ete#R|;hWr=wWFt3TX zuI@5^VRPNJ3fORQ^{n^tGpHpNSY2u$vECG69$HP0W$O_TWrDP2g?W}L$XX2?*2L<) zFhOWY2P6cD@+naoxE~5ZEK=3I3c@^)rfCsReyx4XLoA^iET}13;ap+f$yEv0B-m6S zF}x+_*+DxwsUr_(4xmA!+pNH(Vnk@W-S#}0D7FcfVrK{|%K2)M?W*{I1#DSoF%_>< zTU67+K5EiRuj9L7k6Z?H5zJ$X0?0HfP(!W4ZtOp_kM7cyI=lheVH%i6R*YU@p3M)h ztYVOqE6oz~1Q#M%LGU1SDiN=+4jBs@Sc8IHMNWFu!|LA;ym5PQx4=A2QR-n4`u)O= zD@%G_7zSYwl!ZM%3d7J3R@tq_A7GyP3zFRu^VA4k#_hSnJUInDtq-v&fxVI#+ig0> z^JaJ8o)6}Ew{L=Zn8mGr8wJHMW>HplSME$c*IiY?*x`n2H~Sq1li}#J`wSQ0hEG=G z57%3mT5ElkMrt(C0f+L;QNM@YMa^}uz&x+kZLGV1tke)>=`n1z9wVdCvHfVkeGFs; zM46z0!17jTiK;@FMR(sKowP~$_5*#AsFkxQQUzEa1j$+)vV4r-C(8BaUZ5RS8vP|?0 zgYUPPAih85(Lmj0WDu2F!;|RNaU@IN;RY(nsKibO|>=K7H{AQs3u%1F|V)=3!fiv z?HaVq+X3WCu`S;8AxqQhs!a<6%I&(o@A?Fh zK(c*@hBfocszi)1uc!(X_ATaF0!w1b&b0+wBlq?V{?gnis&4jXqVek^x!eMB(ROjbbYBt>*yJYQ2KZZR}|IMOP5U3W^{nr|$a! z*(qeH5IJNM8V*92DY1-9E2}8PUKhf(@F)@Mt#yfRukCX6ZS0_r9W8D4V_A*v0g`D& zzR9`~;ImE%lAy2H(f-?M0bTtbLBrHuVn-CGbQxCU@&jx3iOdW zmMFq^kPA6sxgocPR=Xz$^cJZ^MZ!=cEWrS7`e<{f>oU*qm1(or;kDc8gnWa_HqJd{ zmWH`CSn&eTzHkCq6x8C>S#w=sI9XL0{6mgpb7q=V9-erG%}42o3kyTjDXZ2{%8w+R%&T9fbmAw zu7!os5jOhGTF?<5BFhXhzCxD2O#XEQT*qKq2bdQ~Ni}}8Uf)vJ##BY3#bO0kP^Ed>dyDoo=t?3iCR}EaXZaqNt6TQfQ+UfYTD3d{{#DM!?7*D)m;V8M8t6 z6~H{S0$qgxU5}krXbk(ZfkIcR*=*N@c|8=&nk!%)Bg9h_C{Lr%ZD*lJp_)*nj26)X zkMh(n7J+$W?slTC76n=o?_(Y;E}5v}xKt#!+=Y1sgV7dYUKpa8z#m)$714DHc7=H* zOILSv72$)(D8iKHAcTl)`)F{t=l7rr+4QLa%L1*8u*i^9;Usn-tl)J6$784M`5lJc z0sw18`iT*E40-RZ4o;8N(P7(Tj{Z$9wKaeQ23kfJnx-Qs-nNx(G=O2Kc zR;zgA!~Y)^5P@-Nme@ZTA$5-8Jm-75s#r1}SiQ0NwZjq8|DsQ; z{gkp3jE&pnr9}mdNiV`VVYh)rWRh+yw%rZ?u3%nt&$ciR(ery4B{&1Xyn{Nm zp2UZP$Y37y*m~$<$ZG;?BV1q}C$MzNf#K2C0^rfEpM-f>9!j zf@F`Ge-)(>2ccA0$(-t51!R65n^&e4c!&F?USJ*yVG-|C%!6iPS(WbCa+&~$*uR}y zV4n8hP76)uz%vKX02rt;1jUFzcE8Vr$OM75NO#W^z&r$`5f+#SuM5l*)NwAV-S@;! zjb<;zZv>Sgl)0VQL#yd>O(gXZ919j!idkD>;MWFO9J%d0VhMRF=1~rtj?E3Brf{p% zS|@X_6Ju2NcmvbOA>ND2r(zyCY*Tu_k9pWz%{Z2qOl!@id`G~VaEBYBt( zj4=8v(<{Ih>h_UUzT*(U-V39?-|fcqL~BHsRSV{m`h=9a2rzafh8?g7ept-&Szrj~ zV1|08{9rTa+zxREs1d56Vy_potd@j3kVsl+_b(~7jnNsoNMaTSU;K9-T3F9qhQBSi>9)~@kE z$ry~w@-!_=$H`zI)GPCI57{AD!L+=AAlWT3&o1=na*vm`DmFs=*kT^eMG$U9%zo!& zs?Fnjf_cgPI>J0yANE-h;S9h#chJ1`4>n`WMH$U(J%Ej#1``hT5*@;_yI4pzyHTut z*_!|$@&3w%i)3)#6?WscOJLrxQ%|(oZ?qHK+x3{OMOx|r4gvc>EPt_|8n`6b8EduS zezRDoBl`qti|1MDx_Ad5)|z^ZL5RsxyvL2H074U3pcZhYIaSf^;cMOxk~J%DnvD+v zh+XSp)fFpP)W5Fj+5_LcuINUfn~H^a78A4PfHEc?ZXpC4EhNio^8wFE;wiFo#}J(w zT5{o@F?1Owzste1ULmr+Fh5OkU!kZpp(*Yb0SkrIU!xf_GKdPi#$|vxZa{ zR?{J#%>8Z(!0L@}-63MV7+o?^6=)^s>JW?&WW``u+~Thc#Yi19tMDD<0`%%s!`zG# zo)XYoq!P(XQx7W1Dus{H=AP>lp{j?8*N+n~?DbMG7SRCS^xQ*KW{(W(KIBVAsdn z%bE_i5xrsp0=y*g+7h*+Pr_?ZPHSTY8AHOVBKUqx2w5N&p@5xMt0?OSNfO6pUKi7? zM6KdY7||yNQKwO8lO7f!j#ImKElZ{;e?Dk57?h>6Y&;r{^1&**bUwCvV+*jd4HEia z^r-MKT6|I?7=gZaRcuw-7)f#6vOpJsB{5~^`mW#gx8wWqm(|h-bPP)&TojQDxORHN zyt2D&o#I35wG#RPUbtQj;SOmhV7~EOFpoV`%p4Al3G z*ccsPo|-NLC|6)w=_T@@L3mh1mt~KlBu;g&f-tY&#g$~ec2HKAPR1tyw=3q!b*_9yB#kSJ2jdv40pT2ydDzDniU;x_v*MWI;e~XSbz&! z17j1`JH7g3l&3*=l!kqv3mDjscJ7GT+z<*_L~GZ`?DjG^j&4VQ6?w#WaalRULRG-T z2$gC|?+e`*e&DdcY{L(zV_Yqpqf-xheIVs@%i09X18n&KSQlU*U^DZLwQrAM7XYyCl`AC*$pH%_Ap!h@2Eh#GK@6a{^cHGq zF?6$tp%LbRLvA-@x=`NG4c%JI{)Plk%#D3Si(AA7BQeHu=$(XlvWXSZtybg@QuR%k z2Y0-n)^~9#Kn-QUJldlzI)}s0-YLcycYL-6f<_HT12a<(pim_t;$c750;gfm$71)bn97xc^SU~siy_zp-;`Qb%1$Tlfpb^9QpJJYDQI~Exy+1^j(i} z?yWEnMi=jy;uTm55rF5yL@QTJO#1ePUP_XSC_Pi%tANbcT&%io-9|94P{c@rZ}%Z^ znh?Ja<{^ZNXT-eD88DC8^UR^|dfiZ%hk2tAxUT2rIhY3y(Zv3dCx-nX6qwga85!)n zW+$_lN7sdzs0|KxHn>L!#I!ih!BGm1yFRkY*G@mAhBWh|zMF$b7-Pao z@CT+~f5}5;*S-j>1%LwcgiQbk3uO95-zdqX!0H{F7;KX%3=+aBH;?I>CKg7;diP`m zqfn?+ifN`yVr~-D3QnP`MEFjAy(;LYpEe@attc2~;#bpCO{jLwb-_rep$uROqR?f$ zP4d}eui*s|<^kNE3+7=5GBXMDB=IL>o-pL#bR6EaQ1)37f}pU-PQpAiOnVy&>^0zs zEA#q*V~JYD8`Jm5THnud|foQ?(#JePAKoMx3{oE>JC~_r;&4-x3k)? z22mf6XdnP6*qB(itlq0-Lh1Fh>nyu2vGZ!+N!`n!WshReXHkC;5CAMYY@s@lQ>6X6 zrt1)V4_)Xcde|VI6>r4PPRxOO5C;*Wt7*Q=87sVH+GJ4}M2c=lXMau&9VF?@!DYD> z_1EfBb%jWFE)yb48nh9rPpxS64W}$((8?JZxlX$Sb}CR*lmWy<7h*n0* zWsy6K0~p%jBrLm>fy>H8YK0WrtASw5r=vmCn+?!CjG&Wf?n{F+HgtVz5Q`w5%)UE< z<9ZX3Vigg@=#q(InjD}$4nNt45V&G7yC6Xuj}JKLf$wcRHFDg*dwUe_RI<@Vq!P)) zbf7(Ed5vG*NBx5|h(whedx19?go(!=LuU2ccKacAZlC4|U^-j6J-q4|b|@|akHe)_ zOIY48U)q5W02)ftU(lKPK^7i0gLffVG=xI>YW>d44pW&u1Hx>8fU{@jCZbbUEN8 z%YZK>=7Amu#4t9I&v#oD3+QBon_@*^Nle)}KZyF#(ZR#{Um=H&6y`N>sHTB1&(#5> zlCTv4?E!)WUIbyC0m#rAEOtBr1GaAP>9TXrB*xCZviBRAcCm4=GU1_`U>=X#ogt#T z(Qgckh1ReQ<_$0`X{p~}h}oHHCRD}7kLznMswd17v;{#U?gK6Hthkxq#A7CVCBJL z&_GT-W~Hv%=(&x>Y&?ql8*=EuC+~o2<_$DB1!Jf|EMmn>=D;0eRO$_x$syj0(y!~#HNSaJd#BC!_%gh|5M7aujf1lZ_jn!2)FnJwrSETJSY zL*afF$#~-lTn)X%A3-6WOFOgr{gml~$e%n7>zgX!R&ywjg_4XNn5@P(z;*{BH7Af_WY%oFM>_r*Vi%5*+!>I{9!OYrj^i zfG?e+>_q@W>@I3yE))wu4U7WllIMdgqnHgW6p^$}rzjaG!(l!sa?+zTXQf+&;!T>- zC)h=sGzvFYAs|A2*HiL!6W&9!A4j1jSh$eZYIoQZn!1pb@(&yJ~|Vy zs{rOjn!uP{g?XG4(P<^EU0nETF;AUmrbIMQ7fy3n%p0M1i+*ENVBV-5cfq{6-DL*z zQej?7RbZYMfO*{>|06<2^jm19MijUiMV2}@kui(SQ(#`Uk9jM$708Ed7i$K5mo`Sw zAUrIhWKA(-1)`ItMXWQ=gL$};3e0P}4J}b34`-0wg-A-wlcA+0JrSASj{~gIV#U|c z>tc);mO-ZI_0NELNZFZ#7li#pnCBJapNJdd3GR0oi+1cE^JJ>q4<+Ue85y>VTD_4l zufsGYD>3Ltm`~XMjAl?^UVj8-i8oFo)Dm>VTEU`(#ZoIfbF&U^^t{IA#$=rI7o#-j zbJlX7VpRpF2RHv&~A_=7W2e+aalPuZHQ@jzdXF*G{ySYEjD`4 zmVPJdfO$CZIAww@s2u$U)vy#?Z8=KzZNOGRD$&pJIA(;kvZ4P2b{YLB3lnUbzQ?lG zpNyi+_s2r673R5&DFIlI5SApRqMlYM?1{+zpJnt|+lCr=mdW549qaQ82~BJP_8sOh zEvCUZ!?s&tUeM?N@eoINo(9c91Tgv%GQdA(juAgNNJg~Nqg??Pbh9F%8y>{;J6Sv% z6_}@*yfA6{0T>B2U|xo+N>l-|9w*va?}`e)3uar)Yc&)4Oa_2L1Pb%)iirdaVG)R6 z+2H#C7c)T-;&?b14D-Ce7o9~`rebfGTGG*IQ2bXUWDk+%619pqSuTa7M@5_Tun2>} zWIP%llpK#2^Z8<9qbxm{Zf(vNvyD}DtML}|Y^U(%r3aX&lT(CMf4N1;KIY}1@I;tb z5LgmZb}k4LH#t7K63iPv#$q0#mxmaXJrAK=0lR9h*GW1fJe^=(7&S5I2Qiq3T^|Jl zMuUAUkF^4`kw-D?+D4|$Rh;bmn8)LGcMRrjy3Mf;4YvE^cG7JQ!8~gB`N3z}>3hOF z9TgJhvDD4;oMWU4Lz*ctFODsvJp8N?8j2;NkZZ_knsc~nTBpAC0NIgbVMpMBR*VAa zeHluaikM|f#KUXAx}$+OGhGpz*shIY63)mbtWW%ay_o>FjUqG?3sfx9lQ2)O_m4X6 zW1bzflan4&cIM!7ydw41>L7&eHJBHMlc|S;MZfi7mN`>kF4Q*Bh>_tAubcd)rQ^qJ zvr)buV}?kN@d*vutj1qcZFqrae_JVm~&~pQ= zg@B?VUDraHL^E8~~bWL7O@CW-X z)M7U9GR#acPv98Y;)A$Za7z3KmLu|W&ZVdy!9rpcv3|RGvN0CF+U!;^5K+<$!U5wH zNrE$6RYG7e&o3|!Duj6nm=^{~tBKv27MQ2}Cu5#Y1jkHh1?DmDaaK+ZDJ02=9o3UD zPbZeO2dj`~sg20lPvU6dSddZ2= zV|x6z_Sd-BdCe{xMUjBr*Fp2LyBv|z*_ZAZ9{`dVCrxbhQIZ9k)8lBuoT`IO%$v+c zK4uv%#MVd~4a}6jm$7i=Kohlex>NLS+iOmBfTrV4J87>u#;~OJpy_t~;j~>Kw#LrUjlN`;q}? zXjfs9DF&|2c%K@2>{*>T1X1i}{(1vdx82U7D2|yBaj?h&@%Imto?IbE90hirF(boX zIlOM-UFZg>cIa@$COID<2A|M`{XwtgPM|CcW_bcbdwx?SB>^m!T3IP}`#uJK^U&7D zEc3Rf=xVbGitJNu;cq+;KSLBUV{O+Ua~y22B#1n1eP|>^gScEWQ5AT-B)}U^3B4~E zEIX;2bZ0XT8FRb@O9SM>qesDrxp{TWqGT+r!S6ti+}SK;gtf8(ct_YmVS=pECmaIU zd*f*`2*VkY>vv%QcCH7V1oWDfu$K)2c13M^e=nO3|kgMi#7E(5RFvqy7Mez_-pu%sl8@G@W*+xjg}gp@>C zzk_r!)eO$@1#}f^rLZag)tB~b0-VCwJ z{Dbq#%Qa;X*k&6&^aI}0<)|jrtDmlfE(vct^xCAPxA~X8+vgtj4?{s z^x@ch+1()EM`QdNc!D5d9)Nia*(l9J=JX(mCOTcMqm~8cQOshVN;6a9HOAoq=21(x zH^WP^CPrPw z0@n)6D`dJzC-^=K(QPtgpM-gX2{G_>#{1OJXV2=)A&3$$57rq1E3$sBwf)8%BNN6F z?dk7RE8`oOr){DMBg4Jp&iMN#U|wc1kNF?V1N$EaMB`37hRzw3<-x`v3Gh7y&29+h zg?S>6ULnQ!{+e#k+})mU#zsbaNsL^i z*mG$bfq6ML4JZ-eAe*I}kJtc@@b~#ScCHUZ5-{ZkG>*TIMW+A&^HQh2hC@7p(yK7n zWJk653c);<$paa07W2Xs`)gyEV>t=&sRV5Jj8^-bbe_V*_G@*!FyFUV*{#M~ z%(Dd&PApI9f6*iT?E=2&jfR!6$@QBxTNQ`=hVu^RJqiL#V#?0N30yvZ^0dA&^Jn{D zUW=c)j1w@=3w6-E>@LTGwGZ5zVJ@OGY1U+Fo@7j5NOzhD3R%SJ+z_)7n?_{!TN7=r z;%*9q5z7Y-0)!#Eesfj~yFqK-V4>CZ=KO_&)(pdv+M|}&9rnDiJ)|o3#_?Tn2-BNP zCU|5OX7(hIv?a?db>Tohe~cdCJuVu1;#%*S;uTm55snV8d)F*f12Wy`j892t~+C75EXdM zuk%pUoMV9a2K)?_3?U|9{JQM~8fQ>8h!&#^KaU%>ATG)xSj-ZQe@HRw;FcG*jvn4z z41(Pa?2RUCwgZ}310?=z4C1hDC?>J^C36~XCOFi1!xEDm8WgcvImAL$fcGop@D?TX zzF;tR5}UnXUIGqckl<=l4xhbmim@_1HDIeSfgyRDi<}WoS-RowpJ5BdSk?ok{3x2l zSv;R-<2YWh(8S*t=IDC>ow5qSJRY(If`fX9GI4@gr@qGHkXeAU4)k}xG*3w;1)ROX zj2&XEKlqjNc9bl}Lo6quQxqirnE99)H5>uC%~>9kQ85mtd9&b@_)izv)74IftzSIB zrJ#r{*B=jd<{YvOyQ~pG?QGDD6P5{3gNRS?yUAPW<88u_W5N&>ksA*D!6=Cbo#rr$ zhIAdEki?H*m{klCVMvxEST@A5R9 z7>*Xa8BgdFgGie+3O83_HrtfHZdR7u+}zzgynEep zkm5z$;7f^lcshzVYJ|PnLBe-imGo<~3&RQmOJd5-CD|YxTrhvOYs}{Lf#GBWI}_6k zgVK+{yk6PeDAK+`)SqJy=NQd-lc{+EU$NMuESck1V~Yz3)jW>&lRW^+fNI>aND=A+ z=JB}O-(-9IXxQG=p~0@d*&BN8dDMhG96k1X~w6v+CfYa%;U%2+wjH*Uk z29~;Lq!$dIkUj{eh;Q*8@2rBP9EnEQY%D$FdBP;P9|}Rtq8w>c-K)TMO*09GVbCJ- z3(0VG%49;eQLLEs6bpAC+uy{pD&6NJ1RradMI(;u)xkP8$>t-)D7Yo&c^i;=#t^4D zbNV_{yd9BngzqKW+UBSrzuBe(njvlxSe0?8uHBn6GWxlOzp0i`XC2wz8ihv}=w7oq0$$1( ziO=(?5GM)5A{M`7&Z2FMO1&X7ImCK#xn!b>bG9wQ8%_zmFBnXD9Q}PTD#a4RbJNE= z&9n9>PFV`BPAC-{kECcLb}5p#y)|Tnb5=GiE9Y1+Nj}L(tO=rck_?jh=77DzEi6x* zn$d_=Qy32PW{JZB?_$Y_i>B@6#TQ$x33%&Sm*18r^a0de4}x7hB9@x|!``Ucc;~WR%bS z1)k199Oi=-Hu}bJoQ#>#^K{N%LtqgbfeiR&B7O?mYK85oI*&6KDMB?l#7Ql#y9MU$ zh3zdlmwLfgZ{)QXvBkU?WSMXRsXgiGbW1PJIDzX0oZ(qv-hyUSb*nWTGDPEXG}a0? zPOwB2X7-QM=)Lk03gp8zUYKa9U&KK=)Vo#8<01}NfvD^%fYYrsWD&$^31ScPlMKUn z$~Cqz?JE|T7XuJ6`*8US-t25+wON@ogjmWSi0R$^Xc zF>iY(!oea71dTXTC@`1T%x-MC{aPX2QI%9W0=19B)sgmcqQG z9}f~(j7LvSJvIgWxb4TS<41S4N8#S)G-EDjLtsC$J(`6J*1S12h)J=p%z3;6$Mt4R z%CQkRFD@&GSf~m@bRKUwCG@^vFy-0QbhoyIc_~gUS9^qU*j6!iE>9yGTLr0PMYXd% zq`d*M8nE1qhr@KRF&Gc@H#;`cLAtp$oF(Zt3r+le(HMQl-zRawI2nU^oStCUL;w)u zBBP(PX^b0?{l8?)HALKmc^q4cHUJc?vn&M(huB}+voV$v?6NX9Wj+S;;%PR`S{v+# z3ySFmP-zzp3l{CNXjO~O_Nji$6FQ-Y_3O??yIayiVIJHWj9Y28F^r%F;oeBcg)NDP zolOq5fSAs-wLA{S(<~izTazI$AH>-EB5(@F?23t`_@!5d|3D#4IUj5lR{2Jw#bU8J zn^DXL3@Rk8IKvmm~C190O9wq6Y8?Yun1&TD&vWMhCq$)*oKdoCH2B&`;o-K{~Mjgn|E?1Wjg zF`A@o@}Bph*J0OloZeRwrE(5iIe26hHthxxMhjbc7SR*@tVlHeOB*&|bb*O@ zXB9Y{NI-UqwNhd2Wx*&LY2mYq1Ezk(Ax104=qj=@4_jHprcK+%e$7m&W zhWbexhkiOtCqq`!;DV%>t-v<_&N*xM&?Gv(JsU)w)+8+{#()%`H#fkTB#XqNBxsR& zkQ~lOiQY`G_gLS;dGWbqqAG|y0Aa)rc`?l(&@xzdk~?yDb_O``G8}3i)>@iGok^M( zKl3U!9akx~3Q~#3>hPg4QaWVm#p4TG}*{T+1AczBg+mUxi~fBF{`F1 z9U&@gPJ~l{5P#n|3Izb1!;$-czL9`koOPgAVQ#9B~L)ieWeI6r4)zG`gS`>|$HL21rh*>sBMstA+G*4F0sd|u#-es!qzBYQ+POlOC{t}^d%zPV9`;>~;^cSu5` z`i*8P?dt}=)#WY_1 zeM1JS48b;}o-t&DQ9Mg)O!0O^P@=(bxO*hU!4gMkhkgcqi@>2h{c6nJVPv?&Ywcxu z*+ggT0nzaWK3+5!aM*Nv!?+zChO$|5_>m9^=>tmnfn41%oLc zdt+}0sbe((BKbqMe$%)!%LX2%VX@`7pQh;)sf5TQyOVsv$|h%Fmu_Lfw_mHN=B4yi`vkp+iI#o!< zq=2(G*`CUH1341f!2a4@%<^1=4(1Kw1=9tFT{<7mhn=mdZ00eQ4C0+>r{GkYuvAL6 zsD*Pb)LqccDj%86s3Gzf)4jtIVi(UH12LX;^1;?5ff^nz*iFdfNyNk62A5gT0J(Vp zBc>a}!L--Gy3~daKp|DwfLB&ANWhTkcsd*w=E7j0^TBFJVLIK}(T-|~c^Fhk8hb=G z%;wr_D00%H1v^@+P`ugP!oFo%piLTOLunPZw~rh-yt}~qdKzRE70-`4LN3KZf5^ZXEB4lr-^MvY*m&W3!qRc+2U=SN-6dlUqg#FU*Ij%VrY zZac3Ij5+qU#DM6*B;TF@u5r$GpD%l&2<` zn24l|OM9I$1PEaiQ)eMLA2(uZ+_hOMRWX$G6)_Mv%QTd)dD21Hk8E zm0`v@-p1KzW?$$fCbQj0oeZY=hOJxm6F4^186hxf*G4bv3gKt@HrHaHIN}_{i1TZT zxvx0Q59013$9tpL)$9GEj=KxRJkfc_Q$w^1sb>s>@iblJ^>&V`6S4)qm&sXY&4Muo6!S^!D59c$+duO_s>Th;zjb@`G$7b8Z(cUQK=*%!*$kjb$ z7Ge7)PFVY9TU*0hAVC`8!iTO_=mYR(CT57?QZ7DIAe!1-=K=k z@!rm2I0ATeEOwl3kFhtiQNA_Vnsg2`70iZHOukWec#f$me&m*Qhpni{8Z79>Cbn_J z&-k|I=NuEiJdT0mW|%HIqw&rxgBl)gjW!oU>|>10VK++#04-Du!@)+n*qV$MZfA3r zZw^tZZdU|u!K=c27!L7{VGvCwh1E40aWrmA4Jpj$M|O9Q96D6`h_Mct0JOKEu-Mu= zwtKYr%wFow;q9$eDBkQGqE89xT(r4Wwz#`{{H$YpyGM#P^8Bo`ZhQXuw>|gVvh?w@ zFSvm3=dJQf=XW{ks9%;7rqivhqkJj)q+J!hl%2@)jm3oTwyHy0hqjMtiP4L0Uorn{qy?J>@u z(Z+m_QOBpt;Uv~DqaizA-EQ979kHQD9UgEq8_xG^f?e6*>3tuk!oS$C3e4)UIj{-C!QDIVs6 zZsLS<5EDE`*7?kS?kFs)(tU4ROK8O&zHg3wtis;5;wa-cM5l!W-^Q84Xg1HchxN{I z#II}#+pI%o=bSra;^l}l8hBbw_AAGII40E#&SGSAFgrWZ$Hx(lHsRuAg4!GsJLin% z>qm9MJSS!TQuwd}^ zm@VW*bo}^inhqwoZKIif_LldzM^hdDEm^v{qqo_FpL1vDoW02i&p9@cEk;Li=S=2D z=i77ro_!bWJAPt;-~60uE(iZ`8=u%Tjs~EY zn1R8#iMXj_c{CXu-KM{T`D8lW952R)X6HcRL@p33bBAXj?_fGQym5G=dzABx3))$X zr-Nggb^_ho|>^i>=wp3Y$)KZbYjl zg{`f#_V&&?a-{T_06VM=@Z{OBedz2HduJ6n>CrCR4y&-EH^+C6g7vVAHfeNsw`_55 z@7!}voPAL8oOAB@e~Ekd_^7ILZ~R$%&n+{P%uF(qnM^XX_uTK9WG457WO5~30s#^T zmq@^XSW&?sg2uwJY7h{pwF)h*9IseWLj}c3D?Nu&+vA0vqV-r*j-?)YDlKiT(o;#^ z@7j|f_Vn%N_xtPJGvB?}UiZth)_R_2t-be@DUEe?lc6iCn=?}yYwIWc^FE)%BLvuz z!w+zIk#gK*^Td~ICtP?UE>|Gr#k~?$JQ|Ny7GND9TfoV}OlHpG!?@8?K58eb`avJ9|bSh@j2=PtIEKws;| zT1_r?og^hNVPLqW;s|srSlmY}HhUGA{}z|ID$8_KStAZ}S~B8!A-7~Iw#IG6Zc`kq zX3&{RKB!I|#mQu{P~qzQDP=PU7ve&pC_mg$E(%H>uQC#plwyN8&uMP1%#+5>No+Hc zz`+%RA;oV}VhVXfd`I}i47fBVZu8C{$#E9;guecd|!1!hcdR-|zUv!;wN!|L!6Cf+bP6 zF4rwvc?sQ7uJ)^`bz|anfo*VOz2$!&Sj^>*TiMcR8L0mYimS}faTLm7uDS8}i$ifQ zs)w@!zN9tZk5X2mWKp>~9+bT?(ifgLFXyKsW<0}qHy($Prg@9QBMH11a{TRnxJ}Kc( z_)X;zuPfvUA`-8wJYve$l!P%f=q`_NSv;h~&r7b1l%QJ71oqO%lqyu0+v@jWY?Xph z6IhIp8>IoOpY$fO<0?eEJQvc$zB<|Au}iU%Si$SWqBv4aX_JIpZ z(MTu)zFs-J-b6f>;Jt+(kqDPM%gQFlJiO2X+7vGH@*|e0h76kZi5w+USbohOS(juP z#(HQA`H}+COiZSjPS@5{)uhvtA!}+{TUuJ1nkGZnHFUJMv^F+P_~(5-jopTL;)oxC zKq66zn{1x&8VaZw6&Id}B!#1X+$&L)CCU=DR_kN|Ckr!~Ie!r2#^TB!IEdIAX?pm5L^O*s$OYhpPf!50qLSSE1Wm z?3D|>9+Sy!PJ6(F6+(sUO1NFvyor%F&+e!zDJh&PS?ciCMu*K+R~UC%s=c|`JMZzD zU4==z%afl(RL~!I15hJ4UFme%o@IZluzc>po@TQ-8dXZ?NpMln>w~Pvk5n;l5t;kAc7pZ}^7T)^T#Gk3;XcJ`=B@SoSk*TKJdIIB?9zk7It zVRyolljrf;c!A_ZAP@>QOz~iWjrT^(EPv;~!Uj|@`GwVJ8K@CZ*B0#WwtHiE#L@2$ zx}r%KJiIl7>B52#N?C)FCA{@z5eN!Sj|E$hyb)g_jKKnWBS8vXTT>nkwh_4kv3QE3h#^~UKSJ|gKyo`$@s>K&m!~io zaHAn239~<#ipnSrNIVrNP5Ah@>h$=`61eMPDCL~~B2U7dOa=o9t2r6H^^; zQD2j*WRMiW5Cub=NdlV`;G7*NE`B5uHPw7{;$4j&;0{4)5FnMKw5-0ax+d!rIZ9QQ zPfpZXmsADvU zYHX;*6G!|Ahan5&CYvMv?t%#yY!*aS#1bLgD^aD((&deXg_8xGEX-u)f{}zLvApJ0 zCsFHfy@dA)l_Y|-2_z&3vA5Bg9c%a*n@q4{IunmY%YyzyvH)#YUtSTZi2AY1rV%1N z6jwn{5$5wyz!}1Z6kkC@5YLuCfCzdkFvLL9k64OIT4lLtuHV|qm5dHgYf;*5Z3>z4 z5qqe>Q&jEr1Z~wtg+Z(>hGOO-C~fQO>x;7@UsIIlgmX0IZ?NP5u(0>@OKC4`%nj^K*XM>$OCEDZj5k z`4#yK%Hg3rSOZjq`7a7xQPjyr5(p*5{8t+M{MT5)XLbI|=gyW%O>Sca|Ajn!P3Vh< zyAehGyGJOV^i>A+=3ofQCM>B{#A1m=`_y2O$Lse5z^6F?P1O~{Th&L1!#(f3eR+OwF++JN4iu&Ebg5q#-s4QHWOrY!H zF9-Y{DOex}^XGR@ZL9FlZK*+^{EG1BWe)IKZmLU$6QQV&S5Z*5z;hxrHC7(vE)`+! zgV#K-D7Mv0+FOMeclNHGb%3B{Ti?+0u*G8i4F<&@P5)M?L zH~GV5A<(Mi_EdO7{;HaA+UKbPDPdC!e^RQhHs}W*7b-`t(!mtSEfNC%=8F0oD}tVQ zpezy#q$1_v>UeuyWh5#=LdB>b_tnPZTzMO;Nz^0?rl6~oN0O+~n14#DAX`(xKoY+x zh$SeOhk5);ohZv(Ay3rrEvZey6 zdP+S#o<*LkynhV$C{K-2o)aj~+bGYS;ue%=hxk?T5%D|X zLGh<5QY}~Aq}uA3Qjd^p^Cl^hfCvxj=TvcuS&Eo?4|m z>*URUr#$mKy`IGr<*}eVMVHGnI8h!_%A>hReMKg@zdk)j=x7V zej0dZTp0fkS~>Rbv|_xOmW>B#fZSsb6OBCx*L|pkPW%Wpfj5hh8urJ=ULHF*_N@;- z{NUEJAD%sX_Jgx$&c1i{-Lt39{_^ZQXWu^ii?eT?J$3fyXMc9~Btj_1nar6wqW_GZ z89(#cnNQw-{)3M``1RTHGuMCcPw)4f*>GmwndF)DnaKOQ-~ami_Y%Fo?fot9-}U~+ z_xs=Pc)#_R@B2Qo{vKc8yO94ow8(_MIR?$s#En7<0(Je@016@xW=?1!yu10!m zX$1|@I&nAp(sFh+8>E}r3id7b5c>{0z@A~xvQhEp;#=a|;(v(mh`$v7Q+!kWh4`*` zT6|x8Pdp=jApT1HwfKhWJbQ{gO&S4jKUb>oZ)=f}Fp;at>%{HG!$wq}_CkGXglZr87xX4Ws$>bp~`N&TJ3Q~x|6rm`^C{76~ zr6iS6Ii)B~6;w%8R82KhOLbIF4K#%ssfjYwOfA$(ZPZR3G!^tYji%EKnn_(4hh|eZ z%|R>8qaNy|`LuxgXdx}4#k7R_=_*C1En+U~3LJ-UbPr1i9u zzQP`-f2QZyBeb18!S-Wx+{M0u_S!4{h&@Vo(bw6x>4)@l`UVZt2z!_Y*<Uf zE9o}+CViVmmG(!QE3MDz;NRJk^bXz1ZlL9yK6tx>X6^%hte`K^x9Bn2OOMkdw4a`& z@6Z$U3_XhyK23+|c{;?5bS>RXTeI{-Ujy|Fg4QV0)YsdC38s7Ytge|ercVQZ-QL#P z(wu2(oYGKVR|~GbGFh4cKN0Zzu-yvJb>cm=_{f%4qgIImqj-}uaAeP%BEWM;X68WM52-6xN}*5;Fs zutjtFV7|A_w@@BEub8_Ovnr_Ecco6itQtm7E zjAj<1`WE{7RxISL9YiWRk zc~q0V>2^C|GUn5Yb7LC2f3lb0b87hsm* ztQ!?jPQ{A1qC*~~Zn@95!ne=|8p?F{@y6kGt+elqdA=EQ7WFBuJwYWsU%1P<*Iag+ zFpUbWAi$28(x|*mmHVm6{pH)vzj2;6=`3&6`DV=9%2W1DL`d@1X`=*^&7iy1M)BH?OY&jj43}+lz1I$>-Ay zHlwE{5y#-ua?r=N%sH50Tjnk5dlAnI%3FH+4hpPgA$($BLj_6A+c$ChrmVe&+iQI-qpXl6=tU+n;k$#9 zxjB~!Bm-rDNZmLO0K)h&xL4J79Kl5>kX~er(RUx0j{lkQ_q>8q?r+O?xo+PPy;n!SVFxMR}};n^K5v!kZIV}~F}_iihcwr{&#+J+); zy{l2WXT&RQ89~*J$RlMVV)w|vh`_V`(-BnH2rl3Vp*2H-c}N~QHY5%qf}6g4WAEB8ujyU2cyaGFiN`x36`6?}FCe-g&#adgtz%(K~0?^xp1W(|Tv`n$??}#a^EF{s~y{wu}bm@pER*qEXG3 zQR-c^xbGliI~Lw`@4eLGnlb8{*EhP)wQ$C0Ckz>G*bD=?4i-|&!dQ%kumU^8Pgfo+ zw(e%-o?`2iD=a4NxmU%J!9WPhZ@4*o%P(KJ8(Oz+2np~clw^2J2!>Et+Tce!e*X^- z;V@*cslo?j9{#>a#wiG;)Be}J#4qKStAclZZL z-hUP#jgS8cxQ6WGzXv~V9d8xdgjK?OqK?%I-zVMpMOp@)aT<8eS>QKkgGa0bzuXF` zqaWOF8+hcIuy3dLVA~D3WD2HVoBoyEiLj0T4=eZ|CA}P_8sMcyt)r%u8lUvv2E&yY z#r-R21wYgz(1oZmDr+I}X?H_;PzJzF50cVD-qXKLWRQV10Q?$1hETnMDDMoBIRoH6 zAK?oSu3$U9L^?oJ2!Dlew?p=}-w&L_m#fy{ODLjX0S~W1BQvNLp-aI*6Kk3@vj~wy5TtR8PSc1Ys~=B+Bnfo4q!F# zG11UEU<=VY*sX*4<}#oYSOviT=KVzLw*yFf{W+prklrmB0Dd>Z@2zH{+s+UT<2u{` zAl_l5J$w>Cy0?dcB}8BD1Q6!Sj{z$nq( zZNM5}H*gF$0KfMkFZZ1y`WgXYpa&Qxx*z@@*bE#1;12Z^JqY&) z;r<}pAKVX|Btn*HcLwMt+5@*ecLE5r=QPnbR6qr=gy@?kM0@uE2($Mh(YO4-Oke{5 z`)|Dpd`$Fh2hau}kKf(`wLt^XKBT)3aqk-jP7(cc9Owf!6FqDM5a+|65j}#m9zobg zmH_Jj#QVrAzy+d55$~hjM2{idV~F=LxIG59$KdvOCjkGC?*?G^!~pOy(S8|#+x|5G z-1Z*_J|cQj1(Xqe2kzgwNc5B+m) zf#?S)-wzP~%ecOb^jdCUI0l>q&Hxv(D$>(tTxFmP$N=5I0I&wQ6W9%)Jg1KVr+{++(tj7> z-t_~>z( ziOw7$`T+hvI7IZTJBiN1&#%#LANCRb*Q-S5;O88!zj>SJzv2E{xSuxyi0Ajn;|0X^ z2M5s~*AV^b4AGxEfl;DQ;OEm}qKn6g{xXy3f6fy96>)rqxGo`%v5z3Vm?7sFi3xqg z#NEVHTZpOm64PuTrrSp>=QJ_>8DfS}V#dwH@Zx5cdx}`zI%1|8VrGQ3H~{#`2duEO z>43M16#{mIcK}X=Exw;v$!=n(UX^EiMuU^Rd^J;#8Lh8Q?6jB=VDl zxx5Wn4Ir=O#{q;(Ie?kKW&mlW-X@kd0`Q+k8fo}Vze)_`!z$uH4}g4C90kr1t26_M zw{iopA2>;@N(IyagTQuT)n|y+Iso{qMVz&t5vyNCtl0w9jr z2s39LvAKQ3=E1IKfLQM#V)K#Se7G$*LTq6-u|+!I6tN}n*WXF(stoWdv4JvT%iboo z{3Bvlqg+?R&)}oPRx|*(t~^KVnhV5Mog{YcDDWAvFCmUE!F=5YVyi2NU0(vs1U3`9 z;eOy4u{CP|+^^XMAfIax?^@ud{ltdgHna~o2_U|8h;Q900P(Hc0>J;xgTOjsx0s1- zfc?fhfl&Z)-?{`?4GaU@fztr;e=Fj;%}8vx8yEoA04Isv4!>V+0ASvPcs92IXNcVa ze_z>6?9KzgQDS$&?rvbD1UL>LzxNCh+q#|DwwVCT+mI(bq|fdR1F#1l!|weE_>9;N zBY%RTeFI^?`6__$--LND;@;~AP-oxP0kC`MGh+XYcppaiN01Nj5$rM8 zJ%Q`~II$?PP8JwxmVCB$Av*q4tI!@SCl!Oss7|Gyw#|AMf`5$=QxAifhB;1IDNBg~JH zk5>pdN$e*`|KD~Idllx_W&+2Fy*^Cr4a9d+1t6ZEtpYX>`}YgPPAwt!=EuZ-u^B+P zUm(q293%E01H|50L+qEG#7?75P9wf|5zl)_>%CWrVP0To!o)r>6Z;k7`xWkgh48;Z z_+KIXuiggE0T+p#g`czV`)j1}A>#ND<@oRbfV_Qp8bJF0Wduq9#Q$Gyz!G2`upM|5 zI10QIKo77QxD(h590CyLze@nvV?JX44g24IM(iVmJCFSQ z4(0qE;`=@PUXXz@AOmy*aJ#Su*bM9<_6L;b4=B$cbpXQr@f2{D*q`9{Pw@LE`27?7 z{t15nv=101_A&hb8U80_HtIQwEHZ02x@&?k7RlO+pU*>PrBa^>+eC0N5G)zy{y| zfH;h1pavKKwgbliq>&4Mxjn!za0oa^@8vx|Xiny(a$3_6+uptf`{M+E)hByixKpD^p3;-K|T>!!so&-K4!5#CIaULR)3Fyg1iT8IC85X+z)#T{;8EZd2~HgVJ16X%TY!B4 z^5R5V&T}LbBcH{{Q*jy42O!>J#90itk`iDhFbE6-_X7uj%tUxD#_@q$)cCrINI^Zb;@Du`g3IRNY0G>jSk&gT^ z2_7R*10XHWcHj_jh6Jw;r~qK^g}oQ{UfBC!?}LBv7lQ9m0CxT`fINZE5CQ}sAAwx} z@)0-*Tp%H62FieLU=6Sfc!h+J3TOlF1dfvs#(fy~Vcdrw1&#w}Nr;;YjC}-?562Qv{@djWCFbwPkkbeAQ5)vq90``gBz;O~v zRX_;<`_h@fAb>EXNTc*45|W5NiL}c01E)zS*8vRx{FUzo4gs$MXMxX1NLc~crQu#t z1}p)#0LMwFME)z|z$)N=0A;Ft8@ND1)h-gM;Z}__YY;~b(x_Pn901^_Rt3Pl7V*}? zZ|zaw6o9aG$WtBe>s}?H9_IQ^U^TEGfS(345C$>;%G0n0*aE<93euUf1Q-VP0!M+< zz-J^hmH-XF5?~nE3mgSb1D}!5R01>rOMqcuFK`q%4SYsIrUYmJdI01nb0-PSuy5TA z93o-HFbT6ylQ0M6g4Pm~mhd|gNlVU*UM1vcnNBNe1WLY^e2tmkdkz2cvb4ox2>~g# zD>ZgX_}!)al(6;Edcq;lRA^RTgSIsXyBmBNvtG>EgpV6(?S*1N?$x@*)YSCu>&%j0 zn@k_SlsaBsR$$d=eWh#)OT*;z1}iJ7(y79u#+1bc8NLM%q`?<>@FcU$C@YP z;*E)-QD2}F@x^7WXw=wMqEYQ&Lay2&k zyqKtf704RDT(x=lfGl{V=7^r}ArS z`;`O4oO~yg$`nUPh?RY)G5~sjA9~ zQXy0-f?BI9(>6D=YfG8Wi?74G1-o0cfv9c1%2F1pb~C2wYAjCFOYZtoSMQv8@tJtP zM`u+-bAi9y9qOo*=P#Pq(N|dH?pazMED5{u>W1P_b$IGxqrs>cZP(}v^+CO;f5v)1gNMn3PSN>H4z?vl z2rb>#+T7C8+>&Vy++O|kl-rXXrrTXl+izF5Q`4of^9n$^sL-qWFZGX|?+1Zq4d~^y z$>d0Eg#uo5*|+WMg$+Z(YnWdA)$0xKWN* zCT%9Kmt7jhHZEo(f-%vC_xL2+5|h`eDO0L|v7b*`OkO7(gqBM)l*J;9f~Di13Oj`# zVeeHfb+F;gC%dC8XlDafwz7Z~soDK4>^n{Dn@vm~VFnk|;%%#fR>fN6=2lgu##3c0 zl$)z;YK^B=Ra?bcRaLfDTh*|t)v9W(QdMX?jmj`TBC9 zd^jh>LLHtKxus;|6gFkJ8sp!Q@e7A^hE5|IJciCviq_8d8N1S%ls;9;O3m+`?>}`_ z|M_&%{O|q!$CCZ$mHvcb>-b3Cac2G(NAi4rHVE%YBW6w*e5_J>oa1uGqyFpwHqqU( z-L4wsQ;o^tb0X5(tE%mJOpCsU`6HBv?gy$u{{ul)hw{XN2?Db>ilvT7m1}x&vN;rP ziWS;Jsgj4i`Yx5n?W-?XZuAvIR(CYduPp4(lheWSdGf#J2iygJN?_A`TVcp$ITD&u z9>|+MJDiE*l^-<{9>xor9&75-N0yZZr~9l?TO=K*ZS&+ueRjX+M>!5(8JpuxR)(4z z4Nh+aVH7(5rG5QPXS6M0g&ZgAW+WEcm1`r#iM9FYWkL`eZU+dYdYs5;Q9Ifa*ilCo1ty z6;o*qCXtPc>?M&sE3(ZZ%NLi6H;E!)!0+SvGHE5Ppfwrv%SF}TKh9T0kPoK3qC$;q z&p*sp06VN-LMM*X(Trtd$vq{)`ns@Q)!N*CC&fo7*74^emEyF zM=94d-dn-jg`upCtO;|ALgo_Fh7>|KVOnWq)uk-Ss_h_ug?nNylg{4}(Uj=I-BC|n zk$RfSfiF+_9I9#RqB>8sJFF|wL^}LB(<0&NXjjA<%oBPr{IjfTWKa`{L5Oij77bA?>3hLWfsCEnLjpDEN(H9nJ(C5B3n#&=mj?kqAhb`w77 z*>qctJ$-FyuEUT`!^xmPW(zQ)Co;uYhE@wYbw=1ss%NpK^$l2OWPc|;2sZb8tREAZ z^Ihlb^(M+_cNDp4F12HA3KSio4@#FFN> zCT3B)kEN$BW%K%96rnxh{5Ix)LBJek!2JL2VVBuNT}2qMpTo5P*Gvu!cs!80^qlVV zV9?1psrU&SZq9Izu8AuGp2H@o*k>74OX9xha4#X8}GPN?n$nBEMi9Xo{VWaiHe-UKDU; z$^}dpzfNpTiNy*O$pCE*DIoy%%jeAlH^ImIMj>_E_1E9V!EVTvDuTfZyeMGe$`(I! z^yo7jwJT>P5;IrUPF%BX+K+}JwM{FbVNDuIBk1r|`P_T8-_i<8wKr-v zX+%O3SDcSF0{@744?UI(Hdpn(4xY0Xq>oOTw)iZ0qPD+w zb)u!;=!+z5La?yC0z5{A0j~_xayp;YY1Lmrq@|o_WrqTwlpJ;MXtda4X@_P?{<2)XHf2 znf4>&=adHGhUd|`TDviTfQQUzG#D-(%Au}66j3U^U^w?2qQVs}2AauTGC4Zf^yzmP zd#UMs6K|n(ECwC`hV!vlinkazfwd=6ycv(5S9riLh%gXMzyoUYM4QLv30Ckqy}A*c zbhbq?x{DA1+0R{N4Q@*!T+EurmM|&R=q^h5Yz1=6;VKI{wWT@!RHOg;>jjm+wYdpT zv8GBbvo%I_a!zN)?MNn5CGKbmz7K8JwCG*V{1r+)SC9XJ{RZ`1L;sp_KjC2yc-V-C z<>^opY6nhukpXp8@LTkZ3z_9GEHqzh7R=js`X2H<>l4xae6ibttUq{tPyojqto)M5 zrilw7Fm4}-F)7CKVoVpSa}-ro)&_(69Xg%6igs4=cq_|vyqe1vIBYwM@XiHv4=9(K zVi?YFigDQ_dA@c^5)$5fDPDV7(FC#ynCSj~^C>QyJ;4 zs6NhSYqVSr$uiq~=KNq`mt4{A$NLj2<0V#4%u&{A_ZtJHm9FaU3TI=yI2Eu<&C6Sz z)n$HNzGZe>M?LRGGxg2{URU8Xl$fUC`=N&7^43sQmsRI3Z3rZ~YGi!sN;OC4RK}t( z1|&WDQXXXg>oQGYf$1zP&lXd&u)0PqcP-2*=Tpr5ddhtMrmG-cyqkhxhT7rm3S9-c4CI53 zmYrnKo}xA#E@+vzv~1zrxr@er%BtK`>eANJ7veV$ZzvnQSQ9lu+O_g zrX7&_(Za<#^qFElwqfu)lX2(rJ0niTI(dGcWhcI#NL{%)g&K4VI0c~bc{zDs!sy4# z3gNVNBsL-MgQxC?1jR=~w0r?)fKJbW?f<`m5O~wv*DW3S(jVS>P-{{>%+G4`E%zaW}DL0SQ5nC(uBE%2}kgB zN`iJDPVkPQj5oMCF(&Y-1Ec!IOf3c=k$0d4B2$-Xm`TGl8d`|lZr2vv0zo|KzT5DC zK`?l>PsIZ#0+kx_cH+g2>L9OReCV2H26s9ZXm+Y`e+U()Rwjj}^B7l>=pU$${`0AR z^ogw80Y(Yc(Vv|exbO&8RRpW_xqKO{_G-X2O->Ks5SnVP`Pvd~{j!-Axz1)^{oD$> zvvO|DO}Cu!H9$l+N)=&GsXMos6|VT^m#Wz;=BSuA#c1}|cSVEUEz!Lv@wRrmAwH|# zR}xP<+B%i-qyYr;%#E9lnz7DmA&c%d|Jqe_nr znSDf)Xqg=xdzQWE>7JU_bRT?TXJSrQ@UF*R!h}R%1^8HX31gK9Qhhtidl3`;IbPu@ zUS&C`qf$zR*OnA>Nc1(X?nwGj~#RLeI|g3JK; z(adE>hZ!D~9*}MGz(fa7=8i8)g@x(~mO#_{|)6XpMtTY`sT5|~E3)xl`$P;_dgD^Szwc2$-J z@@lRRwpU2r%8c8Uj(c-!Hsy!#$tx*rlgs=?IYrZ1naPjOa!7&v!g$b~Q`8EwPmhm* zUVfzXr`IzE|K)*Zk`d$64sShNFFuEP78|*h=Ee0Kx5xEjCW1-Yo#Rnv5G*06z9~K> z3b%-CHiRnCvWmBsgoPza#wJ4JdNE@`@EBSU4QDBJgB^ode=OtBgT*t7K^Ck1saWbrCY z@!7c@?+9mqe(k4X(~6mCqqF65FRWcq?>^&ebY0O6_r3meHp@}jGsS4~p$`Vo2g5V3 zzX!e0W{Ay3FN~oVPK6Fw;mHM^5X4h;g#GgTyc1hS4U8;CHFo0b@@B_k7|-CB%NjpW z{F?s8FFvBJW!>1VlJyI6ucVofdGw^AflN@P){u%c&#F~cwMwJrPj}%d-)9BUD&PSC zNE8_3)e6s`he_zB&1h{ZO7_1Ndo9Mmj$BFBxWDoie4<(#s0`Tmva6kA-E7p!V)u2u z(EUP}G6q-D9yZRtkMy)unsJI+t)N!t=!9pRu(kMESgW2b(_}OPB&7cH7$y}KG!4NL z5(xM!3sA{^I#$JTZZ`AJ{zBOXGhPve6E*5*RiafTsxd_nkL+1R62U$lNbw+}3@@RI z@iXhzZ00_$C|&XkiqpSQ=b(JmYMVL~sC2T?v2G`x(fqzry!({$6^#FhZB)j&1l{){ z<$#R^ed{`zgWK2MTt9i3l6xC>0Xv8H#|zRp<-uC-M3z={Iv^TDRT z%he4N6N}1L0%a2)Z&a93u3WEprlra0?JcXF7PmO@G6E-?rLz0OetVT+Qt}gS@pk4H zN@exM-pbNwqSB)_s`1L>ibNafY~96zY(^47puIcY%I` zbEoftNdqgBYD&L1!P4}vy#(w2wG&!*+(1y`TwD@^Nvc*+vR|QN_Xa0)dfBmrzXKn- z;z>q#QuI@_R9y2nIpT2MD1=dmD@7($@`b{8e&ZU3U8GrUjdB>?tc>d}mMJT?-R=s_B}%^tF$yS^e;JRh27tE^1pf)jtQS z5~uOEf~v1|Y7ghDpj3fg`7p*R2c3SAOrY%w^enR}FBjja*XnZg28}_5cNp8yab#mY zn`wYyNMo>S3~CK%8=uv(fyd?@v(?DDj4%&b@JUA_;X_y&i<7uEYmIZC^Q2Q{a)KXI z#MvTIwb8NEcB5^RO~kv~Y(^|RH5-~WEsB;QI|VC)Js;-#*P2gQpsi9Co*Z0N%VK;k zKCV7~9Ou7htvJJp`#KJWmBl>JS9!EP&YrtPyQpZdv_in*HjkZXS`qGOZSgPkx3qSI zeUV5%*!zbM=Fs zGZXrDuY+58CGL%f!T zC=6kLjP=KOGfWNu&|Zt5tA_aa0L}BX4fB(gi#D{y+S9V8B*z;|JFEK|J+8V1b*)%? z)B3AAO=U|)7AzQ9Qf4%pRo(a!R8Fw-noQ%$Y2gw>x7w7)mzdFaIUVi<9h&j9{v8>Y z)yxZo?}kEJ1fSbwHG{mY>nQ`$;>F>*8Ks{VbAPbL?URyoNVnhZwCfPcKFm2WrHYO1 z#TH&Oxv;hj>(spR)VwOv;I*=6X8z>7`4i4`p%(c2jkziX`Y_O-GD$J66W|MLT8oz5cdV=#8`-*L%hpIDCnv!cFS=_%Osg06>9w&1ca44H-c6hC71*WU zftz789|bMM_++5Uj7uxxL)Usir_WXChG@T0y-}-WIU5Zv;zou=YjBCYi=b&R-eU>y z1T?4EAi#Ay%5Oe`fTKvqy9YR zx2}xVGM_y>_A+yg{R&b3Z0^_(6`KE}aFs&yKRc|5C!8oVaS(Y9mrU)2p&^#hu`ZmT z+GIPSX5Al&WKhMCi~)@jVVo*ClZ`9*9khY8-pE53c{ku~lz~dK3syKi8HNfCzF=W@ za=*@D3u9W0HRm#UoY)I3y!9;YA^$|IxL$Yx9{t0D7Hx_qRoawGxSW-S(rmI>`$6BI z;B@{3*Kcr{pQWKgymFGut~P%@2eM1cjEVXVf0oQQwkM}mcr=o0AXT|wiq}=Ypgvlk z%X-I-s`Pqo*^;|2llh#2qDdmpQC)5q;X0-5t22^l7%~YG1`J_;t~zH(yWgnas8VTk zm@|YHQnoB83Yu)|k6{7$7)X-qJUsx&K+rE+Hum(gWo({s_|goP89OE%9(#YH{pkgy zBa;6`Qe!Z-psGpD)ce_xxL-99J!<9Bhy9@Q0z^80*)kqWHlI4k$B!U<0d0H{kHucd zSkbkvF*D0h0q=W!pT&NgO_6bMYtVB`oY3}qhA$ZBHyiSJle*BhdBb`|r>$4>K}gMo zW3>*gtn@uT`ta_@xbVZrBi=S#7KQp@QViwlHLN;TTGH$hTjj!5Z*8epAGEcmI$M^# zpPJtsFjxw5x=fyF3)yQEWfyKl-ko^dV8F@AYhm8TJR#R?rLHZx>}?}^TgRTzFoUCj zx(u=*zf)&$7{UfoXBfgKQ1RtCn^SqkgqoZ>csb@|Kg9x+n$$x!C;z@`1Pj)X038^w z^qeHIOT4R0->o0O8h;7C0zQ<#zu4J)4C__59YdABVPhs6!}m!Fnk_B*D;l`JP$Q4)b|lL)o<}i1J(!hgsiODuxtd02d%EkY@Gv z1Y!eA<`m!Lp0!|MblEar&)jK6!eQ^c1wDRu-{7iba_NHU&N0x&*z2BoJzcKLbjdzN zovEoflS^9Fkg#7PHmf%>a4+YPLyU_j%F6Dba`Jv|_nhm^6V6%0fGVIyq% zixj|QmsON2R}ZIxd|OfHO3&jS;ZvDC;bJRY3`-&Bo`<&uMa;o_dM(U3Hnt`2VxDkq z9{V(h>2waA@E0AL>YPs4qkB>(Y|*i6bqqQ%?E{v_Ey4&^jr=BSo&bH)g-kHS1`Zbsua zHJ$HA>tJHV!3S7A^g!x~y&3C2)qe?UW(Y#5H$n6t#?0sY`!NW?3ddT0LP+Hjiv>#6 zA&qdEx#K)uet|D2g!0r{cCX$Oj0HVP?w=9g@RhGrRej|v8{&A6(l@rVg7ucnoW=8}EBjrtbJHD4 zzkeVjkK{2~WVaZYXn=S;WHwmw&61&fh40Is=>Dy!e3k7^8}>mAv~1IUQ!Cu6 zW!GuhA}yPyWp|qIHw(+nH<<+?W9~K!_(qah(3*7?Fvt34T??Mx<#mP1!hVOPy!bd2 zk^{YC*uJDJ&atK0Z9*Q@3#WIGK1fk0FRX2u+R;+7v@3btwf*waz>=$1F71&oVd_fV zb?=r+Ou87+1chfiiTSI5LQH!&U&cs;Ip+*tf8oM##s!1GZ7rNNv+zM9mz$K?3C*l< z8p;(eTwLayhaxuHVBzMok(*Cc?)BNBaKZjLN2!q;NnFtm2w+mr7 zKf_07o*wa(am)FbFnWpNQ@O$;t`{;+46;STrVbxZ)5m!nA7?6k!+ggOXIqrh74zNY znNOMSIA5bEy7`LV=i5C#-`(-K2v}FScw<}ZEsH8E7v0j@wsCRgO1Zwbva+XMmg{>e zD|_o@ws_%|#igZ-w=A5zHeJ&h3Uyx7G;ziF0Gd4iWEg^#!A2{8t; zXk>P;)-ov(u)O=e6`QkeTGz73id3U#TB^I+Emd|1M{m5Lp|{d8HZDA+*Y=8I7jmVl zXt+W$^0AQ9%2a{Vikni*@FE_=R+i}$GOLLX^`>EV37f7ryOix-fJv%@-!c{#hp2*WFx0uYm} z)Xe>r4rjSuzSZb_3@aj7VFau6IkA{O7 zu;@UPnOsAb{djNqu+6>EKzVuQd|SJ@MXiiUTslpsv-%ZKTtDO@zU@j`KZo?HjNCEo zQ&A>ijdy|qvAhZ?RlJf8pEQ?Or1QUIO_n7Ka*Oj8fF7gw?V0vYqoK~ z^TWYeQycAU><^qUZ@9jFIZKFRf7O?yqoE2nsFRTgd>PkqmoX_*s}4c^%5=F*A7l@D z@#YOMW%+DRKHHMd@&n}I)#7pM)E>2N$nCMZJvz5rT`a7}TJ(j^+v3vb{QR*l_9S26P%2tiHt6IbF&sVQ@hn} z(^TwJy9T)&Ru;4R5-bt!xTWC10)gww3WxJ~Di)CX-T4pX3%BI6`N*dU#E7+haD6EZ z`)ORUBXnX_mMcoIW8|$^N~v?cm;pLGZ>jy_UQ)h$)PbF(%4~`oWiM%UN?D>%Hj$!9 zuH@;nTS)nk$63oycNdq|dxC8#*YNdC*El5Gyy}uNzpXG_DJN!ByYJcn_VjPxc zO|xNG5uLGS%0=fxTs%`W0_XWQ(@(I&l=CYSJzo+1G0{#a2e~OvV0~?a8EM&)>47P6 z$1$pItZ&s-_OcljZ2wqS-Qct+@(8hBxEp!QrypmcTP$pYnO&2|s&l92 zj^v8B7}*g$8_8iCa`1}FPA0r*`n5?oVPXoQlyQy>AG81>8k5F2 zWYAa*z#B*eJC=*tOe~2VJ6urM2~8fK(M!198(1ne86<A)6)0C_wiGq%nzhZU7IA{hd+Qi_Z?-0}HxF!|(gyuSZ}zWsyqV?n z;JP-}&l^Bdi{j3K{gZ1a9luugqDQO__9de)&4mZ%i=xkt-H^z-otucnYH(8 zch_F~*Sqij>$Np^f9+edUKu;EXZ2a7@7Y1uS1Wz*SI_M$;_?jU7o)jztCfjdHFr1K zp+IlPjs=6=oR@DPQ%-?iU7#n^grtFKO3~>lq;6G&k9no)lf6&&LW!TiaGi3*LyOt8Q%VWnERNa6v#bFxQeis@pO7Ez<@6H_!*Ra8_} z9y48+xTW>IHBUWx<2!8|O5M|D&-VFd&z|P)dwzgT9UEi9*!PzmS*X;T2KCmBdNb3u z7s&wnp36(9Gw9TYA*0D^#CGNU8;uVcpEZg`ke*s8wN4GXW$Ganv#J=o5iif=D|055 zq!M&0D27ZXqgm0ltD9B)<(yoaP=v2^QlYLB{i%^Fy0*iNvGs%{Ju=b3xke4TbA?Pm zEg&AtU)yi3x+!>7s{E?Z>Z)7YSmAXi2j@OHYu1x<2jBS8*tzWZ>p@u@D2omI0is5< zbUya%YI!S?){0Tzq?2@lPKPf;7vhDa8?DU-t!`ruvUe%%Gw%$?Y zifSKY4MaS?uGpyN+ZlvB`;@lM_QoQ1_gIdtwz;Fdxp-_Z`=zkTIc?$9D+Uwun!^Kw zE3cX>&BGWofIW}R*z>3*S0-0b=ZKrMI@O3q7$NMw?D3hU{(REmMTG9E-Yt*gnh&~uxXNym*}A7Wn!B79Q|zG zQqlBT4f3GFzUALc<^dVN#-uOi;jLrHMtPYXPs?CtOaF%F;l*iU70&{~C-IgjHR@GE zt1~V4sQ0La8ucpm2DSK<>Lr!%sBlOS?q(1CAJ*OkKCbe-7e4Pfvz*z_?EAiIMx$j$ zyJYFumSjm@B=5#V81EK@C2?8I5>b(0nS7~f;4_A#7t))8u|phUmbgiZn*xD^#ch-P z(v`m!5~4(N=8vPEghB~kt7Krvlk~{tH6T-Y%s?K2bC8qfoAP-UUEQba2qWw z?`F%tH};jUjC~IdlCR}hXzmv|rk%GJ{(!N4@4^u*y?|QzKEIf8}kS5YW{*GKU_S7PDP<~;kWDzQb+BGqW@I2B*_MBB%wn-3c@u&ro5~A z@q$MQqy{=<8m2wmZYS$gb>c5PT?8EQ9Pf;GvPzXM%x<;{Kn~2rc|({Xzoe_<{@M_F zk5BNB0@ZM)4g zq&9c0ZuVG99Ru;kv5r`}Z=%tT5?4AP?J`Y6PK#^9a!L0kz0u%KhAVmYchUCI#<_2c z;FWdd)pDsn=R%yGh5W!n+Kj7VST zX|Lv1ZdEefg`DbS|7HmkMt1cL>>kd!OyYl2&X4MhJFhGZSEC_2_F(nG`|P_|V@ct; z)1YzV7CRkPWU*t8`7_1)RgTCY$F2?P${AI$`bMJZf%JGiQg9aDvpT$SP*(gRxi(jq9$W&?`etOdE zSG)qupah+n7TBVoRZaKj*<+NwLLsZlz_z7{v^v?H9!5o)&iI=3?gq6f+vl{&v0TYo z7}?p^w`;V)Y8y9OcU)B*u7vIK8okM=$6BDVIghnq$LKscKRR&r{FFwATs}`*u#<47 z@2Wn$W5*)k_fC(9?j29Vm+&4BcgQnA{t4YBR|n{Y3h?S`dS6%-JdvVx!Pkf&&C+_& z+Hp1mO}rtt}FoAk^=v}gvdG6bP%Wsu7R&+n;rGHm$hfr`q7I2FDI-|Lw5 zr4M4rAb{N-VU@+Ack|e_8-M3pTl3(dU2Im5orlGQ-3R-h5To@K2A>Hs7+@kHX;BkY z3m8eV`XdZlG3`Lg?IH6r+ks%AT?Alu*{1T;jco4AhIN};m!k^m#*V?AY8+(POS==T zDK`KfLwg5Pci&@h%WF3{k(TIb7}I*uOG?Z;Z2aut3sa6vnlUQmMJ{;WNYT5GDcYtsBIKC?icE?QH8{;f7w| zBN`J++g^Toa)%^a^%DlmioWuixnZ$$*L7SDRxb>)UnBK12F&WeoE8e&oaSqDj49%C z%OwS50-k?K2NJE++TM5%0c>1ZtbECyXhw*6U0-HCF7WNNuM3p<5`D^jLpNdUlE11Qn4 zq@6}|0%?KY7r2x?{{kkNzXxyp#T&)Rvn1+qDF82Oxv4bu?1*)!sd;^WCbjgc-lf}< zcYLOGbHW)}+qiy|*_#V1*ZT9-aJJvoCI@2!S1s+{Hk5bEb1k=iQn9SHIG2sEqdMb` zwPm&F!42Y{Husbh92Bl61Q)=d!s?X@BWy6=G8henVo3x~TlhH9BUbqF@O1cJ!{T`O zd4LiE)57skaLhUuaL>{nBg~dzLL{L<_-JnVSAa^vC}_4nTz*wZh}scDD?~#X8l4l9 zq26f!x>nDmEmp}o5>dZi{6Lxeo!OEe*wQ}tCR17li*DfF#5pWm5ehlT)x>v6Wf!U{ z`1uv5C_9hapc=B{3jDxlR0}{9xuC>R_pH-A&Dur0P_11>sbmBYU_KOyCE#9kO?qq2W;KT_Ee(@b zHr6ig+XnqAN!Q!Wz?QmeyTq?jyHagV|A09S2^UnaSB42;qO=l&9KdcNfyjk>0K34V zUShT#1{4|AB?ER&SY_j~Uy-dNmb>)R(s8SPjb#>mvYKo>A9|ZK2Z1gL z8Gr4#766_7|6|k0r0k0M%;NBvc%yRuus`N9Q3V<-Y>86f%Pgrn)1(fDcy@x9UShRr zatbeahzZYU2}e$v9~WSF!Gj8T{%P$4uDRo6L#Q1K!9>cWiIjR-p}ZE_veb~~h4+9L zyaznS*LhXcjY(DOStc~CVL_pe*m=2G}m?OsISZTU^ys2?4KIR-N zp?H{rzYYgxEij+(ZOBQ+`ofrf@C8eN_zJKV0tA}p=6C1byb1`z^WAU4ZHv&s z!pzp>CV%2;st+z0j`OTb5+u+tZ~YgXkPZyg+qFm)0S4Zw2`oBTGr?dnnV4m`Y)oSV{o3x9lCh-+sn5)OWq|0v^2d z0F)Fd*ushAbdnL=j4Rlo88bf(=uuc@K9TT~9q1=<;GcC&KwalSOnN2+T69)Vn?Z{o za_v#mb?TF|YG|&3^3%>_9rk(a=f#Ti}J>;i7?zW~F&!f61cGy`%eL*B? z#~(Yrb!D;HUek`Z*EHhEP@eYlnWIOf6&_EMLdWd|q;&I7pw)8YoNKop8VTOi zaUv!2Tb3af-cxhvO+Opr?}Vaj11n8d8cQn;ot4|DR%lGzHpfPV62P%I3*kVn44@h| z*Mi(U@dH)^*LI9Nb_~>Tx?NL^9;g|X_U7Wst=qZDxidLgvp|_t7$U=xjpz(Jt|Xh& zEuSAh%S}*P2ikdfE5^tvAlJvBchgzp!r@{t%{q`~fD;)3H-ZTf5CwV}gF`?I=>UsI z(*!EZcr0j8EY(7&Do-YNh;B)*7uV`67IAJR`?VERTlk&=Y_|uor^>8{uqr<#G<>!m zCAGFtn2Q`7CR%+Z8bb#bTrNPKkt_`xTr7Ooa90b)l78n&z)2Y(AlPSoPWdx@EF|W+ zEl86L{|d=<66pcFB9WsmL+=LKmIki7YmiXBs1db`$+6_LUiRqaB%*5}Y5EaF(K08R z2bx)E+EQ$ak=g*P%LmUwVCiFay53WG3(p^@9$ZdIm@Veldi=9)JM9}gm*Egt*aWql zQaGA^LIIx_CNB%BeWWbc>>ZvOnM3TCt7P*NvB1tkkV$AtuXJ~I^v602fjwK0r4yB% z4z--`v4snfY)^yl+MPpd>`rBPc`TVK1g*hTOL}On-Y82GvNN7^hP*DbJ)Eg#N5=ey z2}2E^G6vt*UErSg3s9}Nn{)=%L20XY95FnvSRy|Mx9Iu0pFd#;8dtMN<|A{R0LT3b=V#x# zif^)Sg(DI1>n9zuE3IyBXPLS8wyhH-fW^xcHXHMA}379kF14)K)Bp_#vqoChY$84nCoAIE~mkN~mCJ@}@ zO5ARuP#QT8ibpV5f>;wApYS9I>`nnyxNZ={F?#QZAZeC-3f#Fg44^T^cI!^z4yT>NErT^39`jU0<-qVc#*(0;*V=@-GeLX@G+f_{m#e!$;Te_ zJ?9f|_OV?)w$8_fee6RYd)CJUU)VP-2_8up2#<$FZoGyiBOnf|jR6d*k>8w=lpQ1W zjW>nW<3`pC@STdWG$t^PcN*Eakr)LeV*+Dng!wdWHhO@}g}~(_#s#kl{TTvv6Uyu3 z8uoinyWknZ=kJm;iP}Glui1bYGR=}JUmE#|fqmA%ZZ@z%!!BfL(c5l(iLnb}q5;Zt^ zHZztSO^o_R!%9YByOcjt#FB(EaO?{byH>hg5)}ysoMqHJYJ>r&S>4=#qu?yUs5~|c zxq|@tr?lYgLIf66HuUe)pXM7;d!RQ;^*82Yw|K8qZ+3AIm)c*_1v;wrj8E!)A=Fzc z1zxI!CKvkCjwekN;154VxiE{vzFJNU*^`hH?8C@FDAXTW+q5OW%N&WP9L{7cY+h{& z#ga}(G7&Lfo!`5m=xPTIhp? z=KL_*nHOfN7CC>Z9*4tFToT6RQC#*ZhXZseiz2xBsvo>{ z6u~`cNuV&TyO2#-u1;@n`P$SSckVpavODeT=te2p?(Pon;1|^2Kl|*zE&bCW2oe## zzjtuo3E{V=g&+igCjNd&)`Kp)7hYI43!lw&j!9dUx1@ERBK(;P;JeKfm)CTVXg_(H{I{3(N zS*6Je(h$#=Dz9TGf#-6=zFNXyJ@hhf3f^ZT(qMS(8_vjx)nSBOU^%k|~u>do9*a7*FEIwfb{SlLs zCntm(h5HbN7Cb@*qokZPIfKpyr{r{|grx7J#i>M2>M@&do`W|Wu5b!*Po5)|6h4hO zB(TIt&nI&b?i-C)hHnuV(1goKw5DTKf4CBXU(u{nb*}hDZ?N5-mQpleSKYy;@uWXn(-vcpRw})2*d~@K_T& z+QbY^zNX=(dzy4jZC^^BNQ#K8W(C24t@Al&YpWA!z@@2IKeO&l#W3uxWFgAiP5OwACQaq zHwh+{pMYY9H-~}_a{|kr90~IvL?ej63?52%#tTiV@Q6_^k5vH9o<0T^(L?^(YZ`l^ zoBrnWBFDE{*HjNJ~^ih0Za1%niA%4$GS-}wE!YPZK zZDIvG$#l8!h}R2RFpJmRwx`kGxHWI~TYw{hAD+jnV!}4n5+i#eMtU<6@ZNnICdMir z!O1{pRLFSqdLlY0VKqCZBXMtF*5g`dKWNpQ@d#m2qUbrzbMyB3%9}5Nz2{X36Yi_! z@b8)&mqa5vwI=Yc6cBg|~*6AiOoPYrBPe>cNdn zVJ>hPV4T=)j8jh7i8qXRe3rkzu%9&y{o2`oEb~z3@ZI**3-6~kNs{=ARf<-5-(j{COx#OGb?F4ui7aon}dC2~Kf!y1RRBp59vGLrU;D$5CzP$7XRGW;vmHx}W zOylV9x$vR%9poRl5dXeG9ZBc+o6Uh-s-f8kb3hbszBO<(a4aD00h4T#xp1JEIgraG zipwmi1Bs=wJz(Er-)Gm^?}!c=p#pE#@73#M{T*(=uW_0nbBrjB06M5sIv`aHA^Vr; z9lD~L2e#&e1r8gtSEp~NCj{f!&c2dcv1h=av{+5PM&H1m6*=Zwd++Y+o? z!MRtMd+r>Yn7caI&8}2;4P~*BqZVMECv$p&G@W_GA>92xI3ux7)6;RcYP;5^|6 z3h1}aRUqQ%WCVx_haGUGIR5}k@%POiDS&KWe5MFVHYc0}f4WU*Q2hp@O_(v;;hbu= z4cKn5Nj9SjLtQ(wa3=rgT$MCV_s1Mq;;*Rp-DQ9I3Vvdd%*Xw~w@7^F*K?VEeNE=$ zd)aP$Zw~$vk}EgR`y{V~|A)1)cM+d)KMS0@*8@*Ac-)Dk@HGf-9z>{5P)uZPu4Hp8 z)|_k}nLNoDD+Z{0>8hzCA z4a*r&m9%*VJ)-Ai==snaV5>%czP(#N3hH$}zE$O|$u}oK{oPDFx0P3+2;n$htPs|S z@-(6bU?Q&8J40!&C#^UG7H3p$(YY4?Dt_OZ2*XD$%Mm58@RDLDezs413FoO%Xc4~n z%pfr^x6t-o59ecx{HXOC)-yl~-+v>RcyC11EwvIUo{^l2PjlIm$>)=AB&Fp2DJ+}k z#WzGrykBQ%ZMiag*Es(rB|aR;unmS9f>t z_D8DDmad*~xTmWHwhq=Uk7-DH$UH$Rv})t((A^J!@E-mB712v3e-jkdja| z=n* z#P5zzMH4#)>VeIHo$=)Ej(wjZ9M}3y8jfr3`}2{`9URP+^hnm8YDZT+iF#E zWQ*Q3v5^D2m{N;?-dl%vVGcPiUb+o)NUV28;ciHoFAIKE!SUqI>Z}u@E{a&H6H{4g zYlHZ~-dF(}_ch4mS}h3FftW@;2$Ro`S`ZU5aLJd{g6M>;36Oh~rKLq&uUjsu1tDr0 z<+sJp%u^;|>^Gq7>PxC-XxcwDfUgC~(3pSv%|Heq+p2-)DUZ<9~- z%_d?YQ#2SAqhpp)`xSQ4K5I7W4YH3g@rXnLfc2tQJ3xDe?t@uFh8H)TnhBEy@r@ay z3ILZwI2o@1AZ-e_j+EE;v|Wthv=3(1w~Vv|S-N%8V3X;-&r6=wChJvO3(H$VcH=79 zA%6ZoQ+YYI3&}-{xM+l}nG*hQin4PaK#qFeKweq}o-7Z!vp4~Xh2S?vFAIlc#+-7- zD5drTvq}&Rv$Ms4R0QTohog7+72$wrx1$0O(L0Ey&|Z{k7&3DB|2b{pVgO)7k_ibR zIyw2)t0ho6zeuz|z}9O5m0VLeA>kUqY9)V8f6Wf4Eo38y7kYp9-S5iC^qafc;+&j} zcTco5_C@^dec{HqlijpZu3TT4Sn-7wj+N`jws-p!%S2GgsV&+XY80-+^^H=ltMEnj zYDZgh+jyHKyQ~MTY`66$t7vsw9*wiOBO*n`S@Ecd${#2IE}m>)4MH{Ko%J5|ir08= z^NQZE$FDP+^au41>c!pqn{Ze>n)ycN3<4U)lTFVzz0o8!`Ei&{zKMf_4u6=*uUGgh zO#S?O__X#er-*JN`Gb-rerRJFJvrd;u<&wuW4`k;p5iMaqdjBIy}eB$QN;;j%rbx6* z&t+OCkhWq5dmtt}qh2orlzLwaVc~_jKmCq13p>y`P?y{!b3T07pJt)njsB}J2ig< z_gV$xxhPr&CH8#fN0i`#3@M(%79a*T;OOcm*~Q5&w7Tf$+@JsXpU-w|FYV22C^xRn z?rz-PaR_f+vtrMREl;jn^W~9|FRxkuE9fbdaX zVi3>Vh~+%Zn#*nT=9lLFSbBNxkF`EZkSpIqK5MVAmRZzO*$&oOdb}hS{Op**HV?5- zC$n_2uePy!s_a;W9cyO0OUxT!@HanUWwTZ`wtA*)m}!qjx-6`t$Sg(sS1YWu!YZA} zK3zYsY)0s{r)PY}5jyXJcYa+onwY)C%?$W`;An-JDon17Jy2vf7w;*G*B05PBAXpx zw+*oC2H1mR>>&%g&2q0roU*X3&@sjain=3EF@ozK>SeuMh}06ag#1I*$%WbrWDz^7 zT*D>j5t5MJ#&Pr`6g$DRk%S|fN5olPsNg*kbCk0>|Bt5{YQAQ2vQU&ALXg)Cn0Fy9 zR6>F4jqeNE5^f#?(ZcWynQxQ`Fc=%@>gw)LGfP_|P7v@0quaMsw}iZbp|*UtHB^Yu z2TCCBh-R+Yv3zsrq|s)KX8a9ZNxeyr7lk%vb0stByw4gbbQMD7Y}n*!OAW2{$g54B zWYQJ%x=j3|U}Gj~@^)ocuJ+p4&qclDuEs*?u-5{;%Uy|w(ji2N>D)?-``AYDZNUPQ zso}KXg*xZ5xkkJWNyQURuz<^o^N<%sf}`!V64VhK1&h#@)kUu-{pqwHKaba*#eK<8 zD7p9tv1#HV7SCawf&T&F=6_WGOXs6QZ0H-FGoG^^=^+o>hcM19TZDZmCs#nJROD)k zqOkJ${x|yH>6aesXZ^Pv#(H`__D1ZTm~k1JNN0? z3Rr}q4~`GmgIEsdCn*mYOXi|qh(RAq3m?KYz)wtYW^CiXBhT$}yTe$+?bgY9FCp{N zpvycT0C^GOxvs137#zIgs;>I;Xko?9-rk)n3iao?3*bqM#M_4Rp;E%D^IO}~)xrM0 zeAVvO`;h~G<;H`Pt*w&>H`bq*UALxKTyx#B+VdA8ZL2G-tJ)*7#Uk|?-75zB$DPJL z$zn2MZRFS}o4{FY7g~iQYH=jKB`%JH*=84WyO_?!q;F);WY1=$?ERZPdp%;#)8QEg z$90vX9lgM*Ha~BD!}<HFXz{?q}G?gB9WQCNH66MsxiZNk4Ykb#; z>RArq;Xt#4I4gfdY+I8x&n^a<3bMRVqT~7eByuP)<`luWG&3oRgj4dQ)NS#40uJ1y zFZdeumXzX5M_kRRhOV?Du&yE5S@4G%dlL4P*WgNo{GA@NdkNBh#a*JPvwD?Sko9^p z)x^7c6H(;G8^czBHykm)!(bfH!_tJl2%iS~A$0ki@JZ|`BOcGM3CFIc+V_Bm6aj& zSDQLnd*@Im?sTYaW1IASEBn5Yy$p_+HbA@zPcM66*^iLvdrSL2ls<$O-_^Bb$%F0e zns%0N-`p;?Kka$J^CORRl=fNy4x4>~RNHA|jn9v~G4jrcG;-6KCU!;BRMSIElG?-? zKq#=V>0-BNn{AVM56Gmz`t-y4O?pY&h37RIP1=Ka31=K6I;|0?u6!fTze)Vr z*opX^Xg4c&Hp5Dp1Zfk!goNLwB`70oa*1Ey(*23*FnN^o;K)NFk|3rHa2(c&=l&Br z^tiv19c4d$~^ z#;_!?zM8~oHYR=_5;dke=uI6J`4EK`k&+kT6QDQ|K?dE>R-0I4?w`c(kKpqVyc!jF z83@ZdrH)Wtkay6@10HfPyaN}*1LiXxU>86hrdpH{kJ)2RCfoyY%IY;ljmQe;xyp-t2_U3Ggvv~ z{U`Hvae)`&{i_#wAt%Kj96cxrwn})`c@JiI_{TJCROQ6O#LzdxcvB zaT7ikO!7BT{48R^f9X`%cPcKQ8pUNiwI_0OtV0bdPo~307qtxR)y^mv* zoCV!vYw`LICECVt=$xbY9M%lPI?3(%dJnWxG;(6>Lat-kd6p$`jrX+|T%aO%2kr5o zl8uI&oIz!IYII3wy1`W#XpE~ahp&}=Dj9MH9L8?F)$0g)-EybJ-`mt0w^Y-iQqpBN z^#K;a=WSXXWWCrMlF+5v;UVIH2nixwB~LYBgz1@}NYY(!2QNJWnu}=e`5yll?;)yfCr5uXCwK5~D-v&H3Ha_L{N+B>HVQj$a!WVq-Fj4^a7zKdYdMJlQLqo`mg5>;1L;>S{-t2) zVfPZxW*T_o`nk$~VMw$!thwQi@`hW-idQ$Ru@}V~82iJ|*z=Zsdpg&3MU3V@d|671 z2!7#A>k@u0{1uxL{baof@A2^-y0BcBL)<$mRMemlmj2us{)*RPiFv*8m|%U(@t7Q% zlCL2P1|va((o7~fE{XOd6mw#msv%sfAeqTEGlCh}+4rL%bD$6nm24Jk*qK538Odt3 zNUFh=wI>snkk2mbyLAS?#UV@PaL5bAfL~9A^$NcdzYDIECS1=nwxsTx27}dduaVsj zXq)+zpnpob5g~%NVQ6SYaL&C>svd&MS_K?ttmMYRt;4=ubyUCWnubq)?{eog2& zKju2ltr#bxa4YFJm{ZhImDXXra>4_6KhLgb*V5;c0e!$bJMWD1%ZOp*z?WDurM;Zc?q*kXX!;k|?$f;gqrHW+?> zI*sZHqgd%WME^l9gGHuWT$1TCovj)PddEl^w4$Y4kVw#zg`_{5sa0|H=URybJ<`}2 zPPR1{o7>2Q^SD8RUMLjV3k&W%j1lL^mc9yqBcYCrsB3uy{zms{fV}=+)f5RCoD-rY zTnnLnMEk=SJ05QnW8olg9MT%kxBavEzNdu4wYEa+qK@a=-ag;)=PQ5iIlfbyCVAal8x zOB@h3A`-7NhEshgj(j87TkUO)XB=d*;KV=`1)S}8L_DsOQ%=@pZoSeG)qref8pN_* z`H_^UuMOG4G_)qpRP_Htn)`cZ zn)^K)p4&S2uYqRYzV7Sx?XIxDn%m$0=_UUp?xHB_Hyf`gfAaa`53N`=@+>*fh(~-m z=Mh&~KwY(rc*J)#vGq-C86Z_n)h5x^#H1#+vB=WJYH@i{auu0WWHQLc8^mrnVw-Pk zzPDL=xQXpA-d()EDD5b+q2k7($V<|E2CJ>u-vj%ot+A&EthdYLc8jBwW9yib2r zFK&jT;fbZKUHuJXsjaDNQedo$`{SGAd*izJ9b@UO>1)zbTG*GnHFq>8ZO*aW@Q|_* zRTw2j_6EFLy!*U5?;Qsn4?4sl$419)*j2M;w%5$I-~a=s8!b~(%LzL*i2{xE>L+i# z4Yg&C-X=0Vq!B_EzV_k0JP)$0XltC)!M;^zF zjrH$Zk^c`U$?ey!L&WT|16yaa$emZ-IsS1(<(9aJ8UdG`=GFwAOE_gjAD5|xnoRw? zCR5pkU*nLl3FZmLYUNTss{LW%Gn(vUX>b@&W81v!)A}Zvs`Wi3TvzY=H(-SLn7&C? zYVGgl?L$wANbC3w2qqHfUu1!C)MnDeC9dCrRry1H{eaKVnQ-Cn>fiB8m8dVMgo{DD zB)Wc_(!fs88KSj6eBs5~^@j{P-dJD1ezX<YCSbwgk(a3CNB0DPn>CO1DQ zuuZ}qL3H4XpU4aO8}r}DOX)<6VmHTfmiPg45;;}@APVoWZAO~xP}&bz;T`gpnlr8z zsKOeCHV6rUJha!V=U<1J_B*Up9OaxNuBI0fr%^p|aNcg`E_RT{f4N2)KQYm832pq$ zjA@=Yo^`Kek&C$Ff4uV7upPPnLu+A1qBFCV&(lq)%dTNxgtW)xnqcNsecUzPTRun7 zn)o??R-021r;w@CAeazYEH2C`)iyZ0sQqE#Z?wL}V6ng(H(b&;&8gP+l<-Qetx&$G zW6ZwRFI}_N_9o#6^|qZ_zcswhd|O((THCvMzuGxp?88M!y0&pqS6G;T${*a${t0z} zEy5vni{)z5H%#IY)C@H-{X+n9O0SsNv*wq~;t|NEmvrp3?iHN~GCZ(}S#5@I$m|GA za@j0`#ZC}jF|uckFB!!n(7kmpF?O20!o-IFkTFw)eDYJDhA_heuxDftf0~z_)!x_M zCU7X;23t18s1Uv)AQAi87r)q5|9^Y^1>S+x*K^@b@Xh`Vr(8y87C))xhMIOai5=xV zW${oWyEVr4MOk;06{2h`z;^j5ZDtQB#Q~+H#6Q%7C(0Rh16~iC?=g$lnAj&}CMEFu z0l3k`t!1{gk?m<<8w+eC&EUM=6lFtEc6Wqr2r)2l9|^GCK6Z_lUEyI5n;HHd<*ph6 z-2ss}TAl`b579dPQVoHFAP|iiWxwpF6kI>?g90Co2TF7S6CmmUB=lLAm$-bqV1-#- zrkop1-2zn&z1vhan|!=jDW$ltGU;71(uUquLulnga9Ai(hGda)EsK=FRJ<9Z#eQAGWuBZ@j>QsmkqJteOAx>{afgYg z>YHTD$1k77ADWFuJ$()SmYykToJg9HZ|JO+UP6fz1b4BBIKk7!@9_LPoP=nVu@8JE57p0B%bBBhV%O82?CJ;cse&g?5B4dSrCOQYyp3KaJA29$eMTS}fWo z*6HyxctGrk+z_>IF3)_N4*HsPz5QywOpMU&+Zw<(UTE6W$Obyci4OXoi5uGInfqS5 zMhxAxx@moRdL3~?hr=tICdzkhxNeyJSqTKub6+Et==RO&x!nzPmT)dpE_bL}E7>Fe zRg+Voq*G1dpblcqP%|+;s{LVZzYyvr7z*&lWCj2zG2b`IDXs4*^jwpd(Th5sZ%eXA zYkN0utDQZeMszG1GULn;n3p~H8x6Zb=b(n&I4oRK>p$dn0=j{?g?24Cr$}}$flh0O z2OnJ6eo9FLw1Bo3kz#poHXv@Tg!e}c_%9Jx+;>=n10f6ki^O0Hz$wACR`N#FeRFt) zMMMshQVE82jfuI)jO|_kT@o5MHXO>&Y5dn+Ynokox4XfONGs>Ye%qD+`*k}2z%P7C zWN-DYZx8$lu8@34?~5zoml_g&q<#@qvhst>JIJ1BVNW!(Cz@EPz#;_-q#BU#vz*=9 z#cpX~-5&Nig&ABv7iiR6GihO_D$g7P)GE|H-Fr06j#k-SRptO=V70fmnwC}!lX`h9 zC*>52eI$49U)b0^wj(yt0_>p8d#Ho$>$tT;?3gtyeQYUeYK`}dg&$0?#B9jR1Frx9 z0Z0OE62~%DH5d!(E+ksx%K6t3BBQaI-w_KuuG|q14N?o2qL! zFP%%SKu%Sm0cY8-?cSippKt`Cj&O6@y?u|jm76Kx%9TK(d_U_KeK29rUDPq7yRT z*&AC|EkFNLu~=ExlL(Z0X)SZ^KZ)w`k@jT}mah{utNlaO)ZH0#Pl%2#zSusZ?cpJg z3qxF{gE#D?hV$*%e4kTb%*Rd=oxO`XthW>2nQwQ~Dy^MsNb7HKaew05^X=|NfBf`z zc8%eSCC9RH(Lu*OA(`s^N|t(iwiE5G&q<@yl@Ud0BmZ)3e@>>@n)?E0+~sOHQ^rzx4|x| z2OnW4Es8!8Uf`p^ZbYsKV_r+$K{#X{@V2{qW5S$l>P}V0yK2mdp+(Gz>st`_Pi}3! z1Oj(WTc6@^0(-&v7niaR=YeqHkkJLk#llDNDmE9(jTZsq#{HIvn$d_EtGVCQ&~d~? zxSVql_6XlpZR360`lkD&KGo?P5lL}Kz!BiH9??C9P$zS_V!5k3?t;YVJKV=MBV<1V zf`nhHgOIJ8iS{NQ6JsZO^IM8+6w!j&TzaB?bA{0&m=&z1fJqrK*%Tk^2$EW33I>A> z!KvVZpk5C0Nkm183XIswYbE#$5aq*k;t{7c@s~s3fL9ih=*8D2UqC@6N>G{9e~g9N zS+{I2hqg(q-*UNSYL~04+d>~rSr|^`t-;H!(v-tk9=@{Uaw0<=S#$hsBrZenlVb0U zX!2yLCQm?`m(L1DSO>YfJh`;(;ZJD$Kbgz$hS}Qw*V>Uh(fXX)p|z76v<^veC%MDh zaXF#2yBqDeoRIU~=upzNLd&O4YjT3Bx&IAaE3<0X`U8HgTthJGab7V|vrf@BPGaGM zMQsm%mtO;eWy%|J%M`Ze?@8N0k={?E-YIweP+g?KG{x5I{pw zgheXOTcjdkWJTcUgp|-J{9HZqwIq8e$sUWd<6*V}6(*C+pJY=3Fb%U?6t+oWj{#2- zje3(T$#gU6TsYv%HO<&Fz?h3yh1kjvi-(#+10l&_kK5sz&V}suP)^Wwcafbd277uZTO=k+nr>aldL1jN@2#rNhyVe++a$rj(#pSUY#8^U11VUkV=zq=xZ7U z5|6k*;meu=koAL9^Yp{b4|!AttR4w&@Y~EEs0c{V-z_*|>XHb-T8`19Tr7X5)RvoP zb0z;xzbLj{n`rcRZ5!#mqBolC+uTuI<+7G;_3uemdwt!}JNB~FSfZgj<8-Cl(;(=# ziGP~yxbLcEw{Poi9J#96wRIqwuulv&45ahfs=YN+n!8C>KED>hwZ!)U4pcf25wCFWKSCPM|arO~!AN|Zx&D?UGzK_k+UwvX6*ItE992QHkiBm$6^{IdV zVD|AWDp#;uqsOA+E+jPs*d{+i!hNru9k;P7&DWa64hDezV*-1;$i9?i2eRziEZdr8 zPo&rbQHH4T?kL+3Wt#(VQO=shqfvI$#tzsH*~CCBYO@9rtScnE51ARfMK=rg2%c|hKY2NAH&<%SEJkT*SRwb;y4a6`zXz+$7lL}{bgZx{W76NRg_RE|Nj`$)yD z)XYANJ2oS9e$C*+uQ+V*IR9^vmW!=fcahR|tULC7u=(^JznfHBeOq4Qh=_M1apLb9 z?`duC&|c<;qOI+7cY1%6X&oA81>fJNs(Aixda|2Xy&BZQaQdolBKGom)WU_OW#)?P zy`sN)?pI;rO2FFY95{SmZPE4>-ba*)%j}@v2$^jnTZ-#}m$p5;RoknHa;@K{ zbTZ+_g=zwTxS+vV2HCE_*SJp|dMM2v7TF;&XSZ_{Db*+P zQ8_prKAw}M*;sNSx+b*p^QJFB0$XQ4AN&#$B7A%;5R8;4d`X{xnB}fTvTZQCm_^D@ zAeubNSODgt=4*sqSLf&?k}{BS`t+C5lud@ZL*3h!LrK1JCuimStBaV*q^Fd*-Zmkoo%xG)CIM0yX>V*7 zMFd#eS0yuvXv;v)tnLxxNuvlDfUHr^m%S}(M}}rc=eg%G!qCleQsIU2CPtp1K(L~= zO%k6o_vD|SJp1EU0b;9*Q|Rv>$wU9q!`ZnQ1$wa|#xCclk2>tGg#ktynqBX24g7B~ z)|=pZy=deSnG$s$$6=4X&FdC(A6pLc&4``)WX(^ttXR+?Q_QsB+b7-pyId9yYqD@s zlZ9#~rH>-QKq7#2c&$(Jt!aHu38!j(7Rn90&suN+ZM8m0Zfku`?bQ0r=hM8;%td|P zQSX!OSm?9Z!u#YF#Jv6TUGd#|pKM3H&rFf`$z}HZb$(^O&ut5R78-eVW`Tit=VP~o^d2v_) zC7^|ANu>bCJO#ck;hCpAluNkg$Ho#DvCTjA6gy%MMJhvuD|c|d`N^U4PncZU6}txd zcCN?=EC=AsqB+1o`1tu#;A{Hci{hdPU0f1#r8W4WNM{fZ3Y_uxYC47}WOCewou6CY zFP%ZWUz|bPwYg;%{zWw@G2SnQPO)U@I<$W29OC`5?N@5&kglQqBHLKIURv8)zdJ6v zUc2X``=#}*^}C~POXtfA{X*&3g!3(g^DQl`S6d@3@QFMUJ&8#^jI=Z7e2wWWF9V$k zxh=Ia)51cXY3`6Z2Uv+#Z5TNQFTMVzCJYg;n1?=iKjtjyTvUnrBMuK_wNiEJwU-|k zHiNd7hcGW*WchXr|M*OnZh(SMoUXTtc%-rkoYZ)0QI!Bt)?I;E61+n->hASJoL~QYDW&r`}3XXp0h{MOiq}1Bkw3wz2ylr9g`) z576LlBn`ob)+-uWvq+yid0M##)~hmG@by{YxNW8pfB zE!3y;(mrWlYJKjgUuR3lC4CN3-SqiB&k7$xV3?m}_O>Frtogy{o^7?hjO=fPzeXF< zVmn*97J8ePch~Z8Bdjcqv=oCuO5;2S}mS90tZ1qVtr9s|*$?f`h}d6=bl6*^L0D%Z^ilF@^a=DqSt|ZgOI?z5GM2gI%PnfG40GjPFU(>J_QU= zAnJ{Sko|c2aQZ@8+=jF&(QLX4bm#gr1iC+-N{)HP65(09^t}9r{EiIW<_rJ=pk4g{ ze3ys`*Y0e>KqV2djghj4or~Za@c{hpb&z;fLa!q7kJ}4z5IoR#le~UaJ3r$n*an!= zMU>_fV`Gy~J#~4tggry6mC2z`)(R%P%dGPS6E?ut_;cKABgc1W_?Me5yjq)M=GJgE zwRj@h{v+CE$ahrpOWyPXUpWjdx&M;4L_4fH=H=(4*5|z(Q`1izP-ln$9r0;Y!o~}u zYE#%M9eudbp^t8XVYhc^YXk#D%`bSP-ttIkzQ5)i~vF?LHrVzPb?f;MjP@rQ_E&64WewB6zd zr3_c-1I6z45DX^NFgw3ecG+rLx^V=$= z6Xo3TRA4&dJDvr}ER|MrjRX(H*ZW7|K{EP?va>=4Q`DdELePtF7uK?8UfG6 zmuxr8SJnWCLo+VuvWspL?&hLe8;~y~RsKdId8y6Ojs;AY!Mb>kD3*-2PvV%Bgt+Py z^a^^@AD5=tah<4@{NMv!ulDieBxsfSI#`CkL+udgysI?%2Yk}gm_z=Zz;u@xaQ(QJ zWw0~9ExwEQ(GKsgW>`UZUq-#$f9LX&Qn-!66u4Vzv44-p1+R`vb3dUiILlVlVgWFA z=xWP0qb@VVI(_#9aO9}* zfp%+Z?H;JNJBxNUeXSkogumy!GrT|HdJ)$uL{(2%_4!7^Di{vKWE_N5poY0gKo$WX zQxTO-;Uj%U&A#kqx0%=n1_oFsl9f9w3`Z;cj0H3M(8Tu1pi9-!`91A1`}0C4k_KX&6w8~!YBZtYz63Iffu6l7Vh_V2L__amM(u-*daRnZ{W-eBmw3G50cl z5f!FDuQ|aa406dP%EuJx-Riqw4?qE?2X&ME(|;oUf4)B>?Csmp<|BK=je&Ov>(zukXhZf}?==>7 zyTqoDVCpbiP*hf@H;TvXHv@=v#4MRDhjb4iE~`fx{VZRRK|Q1!GcL6qURYH~8`O*-MV2Eqv-IEY*A&@w#c4(|F~+%VM>gra?a<9rvJsu>O7vJ4BZvnAW&! zRbcp~5SFTb8LwADZ)!zh{KUUU*Ma|V9aI_S-#3kPC$5+rjqj`1hj}&HUq&cz?gzR4 zj&rYM-DT^+$5*s|)QiA@r%WBl$DK{TTcj;m7#Kyo?NR zJn4eJ6>=PU7;z2pYh>H@)Xv&KgkNK{rk@+p=dbyiYK69KU{~Fbug10GebVFR|DN9G zJ2i(mn|7NqZ9p`emhk@x;m~OSe9x-Qkbj}zUZ`zIj@xfHdF&=3Vc)MDOX>F;k0td) zNi(TuEA{Ly`+Xps`PPMRsR?CNwNKcuwo7exrneg$OHHUq9Q1{vPC|PcunMb_RqY(r zRwGBrVGW#v9IO2GL0##fo`hI{I44WlCMgf)m6)BdR2C9>wuLYy- zHfy4%Y|mOua#+p=1Koe}CwG_6|6F{g^0_a}wu|ii%BJDwfLr7*5l#xWP;0Mo8 zQ>k9=VW0{nfo_Ob5IA4s&IAr{zDCW(_pwmvD?O3W3f9ve1}=Nk5xVgwahhr+!JIN`#jIAN{k4f$uZ80Wp$^7SPOiHl>VTAyV9@jhYyy`-&K zQE2SpIOWB*8r9Ju`;Yg@w(qO;nW^x2Erm?$zRX3~XYhai9DVW#Yq8kKamQsK639tP zhy=c#`StSkOnn>iH=n}?+TWxyJSvNvBs+zK=l_QG+fFVM$U-AOY|YLVFZ`S^*-rh0 z=vjoxragBn|Bj7#g}78k+jC)$%dUsT=dN8p=_NbG@8CXpzu51u;977pi5Fgfy1j&M zwf*kGIfq&+Xvh0wXCct}`E|$BF%Nn~tNQtc>m+}G*55XcYs799FZ@6?HI(^va^qQR zuU#j}2Cd(14cc`wmycg(J${#jPWD@V{~fjaUssbiscI|dZmiH9@oUhy%}8Eg)ac%m zTA$IDCeCfvT)TIzPx3=+eNHX#L3UJlpBf7q$snyy@-b+APUW>erD`+pllvI3ACtfx z{T4aMqpa(+&;d4Bu=eT=m0N7PKA$ z_0o!ARkn`|k0D2A=}|p9pl3_;tM%e%V{BcF=}^K8Wnp5D6)V_^y|~;vh6$g%Wta^Y zmJZ+Ie$Xv$0vg132dAHR;-h<9M_l49F186*=l~8G={Z0x0bn)&L_6S16^-GT$MO-` z=easR0p5vPL7xM1__87~h&qFA=mm5{u@zUh3zTb6njB*J|r&`Lqo1C<2cB{%9D`kKAA-ddGDGdjoOr`p!s8#_KDzC(0{3 zW7qEb2%wbJm>Z~M%u)YUL;DitWWZ`mmirs8+!I#DZ9!`w8;sXF-+JJSl1ZX0@eZ53>p!BcUox1Iyj1T;09%8mPM`1fq2)$Cid7cNYIM8 zo}6@ZihV1|KAmJ)Tf0s4*w}3{d)&Z|8W<>E8uZrm5 zdpGDZ39}9D1 zG>;!&2`JN3^i8bP89yo)%Q&#Y_OS(mTtU=b;01#EM@+KaaM?Usft2!Um4i^T0l9Wr z=n`pRS{*k~;({ST&J9BWH3wE5H-J-0NCuL@L_9kkJsd@(nMLCktK^LD4^D>;hls%< z~8QBW744448}M zyhc(5TzwJLBjU{U2Es`qlR;={q1$psQ;kT@IHN}Gfst}sIzAmeUTticZQ=J;4z#RI z9gHVH4e%P6x2uGBBv%+I5uiCKRfweS#g{6$EA7VM3Y+}68^h+;qCm9k7c%#l@$#Fr z$=KMo$%P_Iw(gwHc=-+6k`8^MZL}GsmcBAyeaYY!!KeWFuHbyl@^h<`&KKyjSJm}d z8N^aJF&Fac2upGoKU)#5hK=@jR|!J$v=G3^xD;h1pxSJBfJMb0U@>C`F_By@@bAHz zatLE;qjQ=ahM$o!rW1|(ZI)^IFf2x-6={e)yJB3XH|s3Sen5cF^!ypFaq{H?PW@Nm zTznPJuzJ8KT62wd*9^lK08B*W%s2OzcTsf@YH^;(j{q4jx@>X%WZ?u~4i)>2m`gU`l7Dwq6LlK^%0T&b5AbgYrQ8i$I8Dp~ArRkb=hl0$i(zCvL;qE(!nTnLIfsk)-u96@1}^ zWf3%6J(_2|c{W=*S`w#92f)AdNZ};#ZOOx^3*r|nS4ZxPJQ|TA5xuhC;flLN*>$XJ z+^;{@=v-=8n#v|)mOBIrrtydzGQ%h$_cW5G01iNgROuWcG`Q;>M;EYg6lLq~u4?hL z8sLq5VVus4OfkgIkorQe$o0A4{iHw|_tLU0gS*uD_D_sumox^p_YU~84!dIkfsu7P zile)F*r~ZK`>yi0tZZY)=2ox$OvWBq46}$-o!ERNV~2Qcx3X}fI%bYBVmfVzN=_Oo z%V8_CKH@s*5?zMUw4)p^i*osRb80$)a;u}s(b8~k6JnOLVXMO;2R;iH3sIN~9{`e& z5V^2M>DCGQzi|6FP6!VK0~9`ykGwljfz;q9^Mk=_!dWlFnK*zmiCk1C&T0xRzDIy~ z3|4SYUsgK~YcGPF{LgWJY7gJTQ_NG}8@ZG*G=a2uTJc#Sp2zYKWXFD=5?;pG zkw;Z1=FCZ;NEWyqCjU2 zg(NgDX(H+U{^!m}vLS6hfi=2!?mhRMbIsYF49X?*H?8rgC z%H@)-C6~K@tz4InmsL8=zN0UqZdO z4hH@6KD=+PS^n_3o-(vBS^v!7I>^(wj_Y6SHGJ@^zWZEf6Ev{8{%L_e3z-eq$@@5E zF4wO7`{x`w?BsHJn^7J(A#t6&hrb5>o|pHJ&n0{gqg)>Bmay-0AB0&bRDGg}89-cU zks^`=I369kWkkKGScHv$q&eOVSFrBDd8r1pCS+Jj3**bndamym>Kxxo%Zft>Q9Y~; zCt+FsC2U_tp(Jyxcwm842@wgB#siWFqw}J&jqc`iyyHoDeNJ)7UP-8Ekv5JDE-pB^U zw*;rq2n;8SO6gL*X89q!0D8h%*AvK8h7jZh1lPTh2Qm@F8mJv;3(}H+IE{ol1gw@_ zCh^5UbJD@Onc5O?Is+Cp{&Xap#T)JMmMG$^O(v&LA8m<4ilz3Q5f2N$f=@>;_^O6F zHmFgC2IcSPT3FDp)*{Qr!}VBllp_ke#a=*O>pAw^$!c1t+QY-b6AmAJ`kv4|<6t0a z(|u7V$!JF}n%R>arUeALP`}Mje$masZf15D-Sh6p-3pESwr8LnJPC~)ROzN+<*nGT zrrtUMr}2psi2OJ~b>m1ambdcwA5)3j*XoH8A#pu*GK<%dQ|h0kI$nzSnL18N{j-jZ z!hrofDEuFw+juaqy&{EFI$hfH(&HFjI*Y~U)%H7WF1!&?S;%7<1FUp~HW2r!&k~ST z>$l10+uM9rgIzPFU$e9#gP~ME01# z9;du{rRs6y-3wp#(#`T%2wxjnd|2#9*)_HF{%J;c7jD>5@tXNq67@qON(A>FSwMynp2V zl=`O|Q;G7aXX^cfj26dLTPn5p+SvDvFy`^z{4Mq7+O~?qR`%jo1+t+eq^nLie%Kd8 z$$^DNAxM2rF`aB`+gZ==C^Rm22Q` zgJVNOWAyJwYFp6d3feRp`BTk)d+_MdgY*v|kS-U%AcH0PEK%J&z)~CqhL{Pf#!xk5 zH>oZu*>S#nJD-95>>16A2&r_~wCplKuO;QPk7LO&0i^BKsikj~2-ls57r#m=fo~x9 z6ElyIUgtzIQ!9L(B%+pCuv8lOx~ZY1GpGnx-815!{iJJZs?l2===1K3jHj>$X3$3) zP>&$-Xn|-;QZwc&Q5jeR##_$0UEpFXAO;V2#+E zvM{%Wr7o$C+gY1^$Ub40EcOUuFmi4BA^n8@VZA~hx+G-vE>j8)oXa7-glw12ksOTgxR0f7Eb;_`d+59!5Q^&ilSE&2idF1@7J+vArdi@`E1 zH9?M%o-JO6TlH6$aRQ$|evZ7WcpK2z-oZaqAFY56ga2rtz4aZmifl&sE&qwZ#)leh zhm?gZgFDuM#+X{RF;M=!iB;;H97tkjLtBS)?J-lrM_G5|D6TR_Bo2rE@$CaqP16Z1A$nkwPK^x@Zb37p$^`9ZX$=yaRgcaDLM% ztQg2epv{kZ2guQNbxx*wP$QPQEhPt5vyJzk6-SPm-h0qm)nfGc=^nAESR1Z|lxOl5 zrK&PO!?h1}zbIi0|8I6Ta55iSJr{yCtDUYx{!RV52<~m; z=RUf64vuf9^S4cgNZ}+`ExqH@$j}o-xGhcXIVycx46G zQJwFU&!OX0@FQJ>3=)TL{Txt#Ld+jzERp7g0+ zjQw&f9!Xf5r-kTPghfgg3;f1N&y7Xn79jx&tGR|j_k!aQytO%xALa;JVS3-PB10B{ zdssYQ!+H)Ze;VFI)KPPo;7wMn{B6--Myi&KGhByuw}$(yRA{b)e!B1RZ;|I_b(9TcLn-nS=dxf#SD>FvEXvGw&W6tbkn(L)at+g6KOV^ zz7GjEyAb89x!*dDwG>!vFagqXiacM0K#&&r5?XlWB@*Lu-VOi#!) z9|fl8UkZU21T*3o^?FL``r4OGklL#T!*JbLi~B?Te!~33SQcuSq3iEY$@iyf_ouG8 zpPoPR?&q_U{Q28n5W3|1$);Yf2Yq(YG3vw5Q@wCpwc(F0dO(4GtyUG*Ec{>zKz$?p zc~oD_v$guJJ?{qjIb*fwm1>_i)Sk!B<1uueKko*5)ENCL(XV<$QT=(DdixmW>w7(K zyZpRr?KwbR=Iz{GdmcZJ=h1ooyzTUqD*cMR*YlFA&%?au&qJgiQ?IqJS1!M~_8f}j zq5kZxJ&&Kq^LT_0^=B_VrI~)&-|Knw{`%hI{hj##F@E~6H>{1HyLf$9@Ba_R54}(M z{;S{T>is3Tee}L){I0$vayDQ*cir)1eoyUwPrVar_fz|~Ue$gC zR^a|Sc>7yl5OVVUG(M@HbM%RN@bPNIA2}*;{ZN(1DUBOm?&`Rixw_mQxxD&#>8X{= z#|f3&L*=d?B67J9ZKR>A>bsqnJN=)1U;O^{?@Mm)>iz%G`&zxf{=VRVK!2^?{~x`t zdi_`5*ERQh3o=rT*vT7HJ%=&YIP7-~ArsakSbG9c%A_ z%0nWssftd%vc> zJLURzQ$11NowfSXG4F?+RNrp;RofzHK#4*YcqUHBS~0|1eZG3y2xjo2mfaU& zp{BD>z*};$C399`c7%nnBLgqIF!MUX%ows0l=gi_m3gd+<}< z0BsNX7&3*@RiFnXSIa;4I*h+8m90S~x!jGC9Vzu(OoM^4k^Nm5*0 z+IqYqXw~uCf0}0mA&b~{=V4q*Ib8&*!<9; z_kHOzpWLzIlb`w0`^2HbFTV4gUtkDAuK;%-;?ju2Gl|&$d9dMW6!R*TR-;}38858U zFLP!ZNS-8q!cbDn5E5@XxcvM<@%i7rDSm6IBtg+e`@k3WbCl&4ZhAp*fP)q(E0_~M zrccCs{+Q>m;BD!!4S78a2!NU~nat9R+GDmY08bLB2YqU30XA_AC2D6G6fN9*z&nB0 z!16k%emJ{0Z!9=Bpp79O3Ho?6B(XyqW(w@~)F-_PZMI-h}h9iM>#IT2OK3|rMgb>nH{qER#%kq0Ii=b7MO zMjhfEbSh?Kx_K3JOQxfqS7}x1d5spFhH9h+FqHs?Lo+JJR3PsyA||NF!3YRg9G&DT za?F7||NTKr9f6>JxS;V^@)m|zS$v1Co3aB%&uuSDKn+i;4WG6}LP5)4?D)y9$UtH* zyRIcYIJCJzyztu}?S5iA45C=FfQI;Sv5`H8`B4U2^Ea^mL?WN1C^WBrZQX& zPm%hqtvo}-+yl9jxqEWYlrc$y#xhr!2*JGkj1f8wpFj-Dc7eGoH+6@`EU9j?mN zN|Sp7JR)nWksMuxD`98*yuZQWXz&N}`HyKmk(A5cln(~;O?Fo*;sGz(HD`|Fx&Xi9 zZ{oRJJe^9V4JN63z#M{6v1U`)@oZs`ZB6O8t|(hHPxGW9bL-C(VLGW3r@cZG~e6aw> zs1ughW7WP{+kH0i6V|7#;==|uqq$cjeoXxtH8?CmO{ur|Euuo@PyvhwaEw|7{D4}m z!)Y!Sm2FlB##(+T{s{2Th?NB552o!CFhfAjg-iYc@rZbuu!Ksiyf$8lCf+t$uU*Un>K z2(A27)PYaQ4lBm{tDDX{9(OzgKC@AnkN^`o3bWyv&;y|-LQ?1f0B8$LBP8a%=e>`6 zC2tjBqh4hQDdWdw3W4z`Yl>E*V$@7Dn^RNXH%g__8=hAIib&|Ll75a zW5hItiLp_luy*_bq^=Dt6t8x727{g5)%faP?3go^AWEb}%9$GimJ!=mIk;zMHoJ4r z!OGfSvF=KX&(~7vjt$(}(sC=>J%-6`#TZK=%!u-`Mi7lg^Bw20W>Kz&8!ex&Hhb*s zlx9IA9@a30of#EpFxUOg`KbHp?f5V(p+RpyVE^hSNk-`Db2e>HU@`|#9iuAHRND#jGrP2Gj<%R@A> zfBUPelI7%np!Q-NzlioD^Je9j;yiDESolCSxUTh1%3MJgP&=!Zrz25N(SEJkh?8OO z8N+dOi+g^|%go>v^llF?I>!HlhQpT)lk5_Z34P$Rd)e|!9~YMp*Y!JF4x=nGT_{HP z+D3nEVt9)3UEbZ||1Az}7LQw&&hyL{J{M|jM4LY^ALGTpyfzltMH&m#H!HtXDA%3; zeC>P*`T%uzyj=u?=TqQXFjvvDwC?C6iRR8`r{CfA#=-7wv zukd5f-_UWH;?Tvf;C}BrbWG(_UbIT^{Wm&p#`ph+m+${KIxd2p{b&3*@LM_#q6H&T zkLZFO^)!x4?6UB`rB>AUA$}ZUmsvY~51SKxAHnr){P?5%*n{s!>3Zmh^nC{3Z{Wu# z_;He#U%~fx)Q&H+jr{v*eoW;J@#ml9$6@v?zNh-!$&Z68ABLURj<-m5Ug*zM$CdkF z=hfHjyz;rw%6+i&;yP~UmCr?RZyP`N(baoBxNem0C7rfbUIy1~;OC&H*3KpQbB(x; z?7VV$N!+`UUk81sc8;Dg#Op_PUirH4$^x#VI+L9j=P->Q7PG=nF+L>0Q-v@C0aB@8 z64JC^JMH&J| zQEXQjeaJ@^s^UT6ze+}oA&}4SMf8P5t2<+Uz$}`pAVtQLiavyT6n$@i-I$WwrtI-l z3%NdE9+sS+*vlNzj3WxBFpYQ+g(q4QPGv!B^Tz#hd(MkP!jE|$gsK*z-1|1V;}7JX zxNfy4XjMl~{Fr*;8{eS!y?ted^++2q2K5-f$iG^dL2L>g8~Cvgv@TY5FODsAyz*mQ z|8f4kjep;_a#6Zd(&GELFo63H;QK!Q{f29<@8#EPQ2zho-&gr@2Gh=12Zi5=7~|OSH=z6$;YX~6{Se0(JE+exd|N+fXK_4D*VD1|PyG0#T)yx@rsVgZ z=J#(xcfBfp9b|ejfMYJn>7>`M}B&_@AhZ zPsn9py;cEhhcMrKz}mT|I(an8qGvB?D6h6dGosn6kyLQ&UCjHuE+Gr#9m~@>*LHts z(ejA#NuxMnJdC*8@rSa1k`=S5Mak~I-{zGOcR=Q{7cO+fA&DAF*uw4v&l%A>LoMOV zDbQ1}ZvkMZRC=Xc$AqKZTZS8`4N~HqkZ}k&KpdyCBa!m+Alz%8><%Xf4s`b&if}vv zQ#rNeI!mG>ld4+TTY67=(@ovIhc+c`T5*yC6D<9+LVe@D%wQ?tGhvvS!L9K;xHY2C z{riRU)fRN5CAo;C;mVq*t2uGSTHd3{1Pi%#rY^@IqJ$hnX?V zG~t2jz?lIt)<3N@Piw}M2b7|6W1m5_Va^dK&z4GpV=$hXQ&RXRsrjS|c376Kyn=Mh zH>chtyz?ned<#D!N!}$MnuR|o05okSF&hjq*LV|Y+Xi>MtHfhN$)^n_%^E;@OqFMB z#@XE5+*sAyDBcZIsR#2#bAeA-w|j{qNX#x|*DW>^3&Bzu!!ahx_km0+{Mpw2dH=?mNE%sTFZf)qo2 z!etl^RtAV@3T->?zFNSbSCf61*F8>q_kmVE__Y!zj;=+My?;RDCC$YYzMHo}^h(+eIJdjJi*nrjka2=0@jZ!$5@I5{D2MIt zkstvunz%G=*IGvGjKB1Ki~NMY#Ej;RyQXdA;{A8$>QG{5!}`{-pXoiB;X~cMHxH#S zRgZ0TCiF`q3iVCanjLrBEDqXyJx9o|opUIReR`N*P)gsq~r$%zam4w>sn(XhK>h6Td0hU^)50^BnIUM)@BiNzE{P%7{cy_6%_;1Og7b zz0q6@7ki7h7auPw;XDSZmn+58p!QnF2-fmQfZZElgMrKZz)Q}qu5_R zj@<-(M~gT9Va{OE;OF~9a!vv7_`6OI27a&`psW_l1dEBWhr~31sbi7j@giJNU6)V@ z6;_UosAm`<)|PsY7{Ida9!qbpDW$g{6FU&GX;s=-L)ll^vmqMnob24V2fdwW8#Xsx zzc5L>U!q>q(x_H$k`%5)!KE-7wW;AFRqFPDeoSdL!H7th^zVpG;+;a1aC5b{Eisf3 zlL@9uxDq0i=-7va3?fggw?p%_mNaLFuxegx&NeJoGs!c;2$cH8SY*t?`_9U-Ur9+N zvy$)oB|h_($*u$hw%6rgCUgrm5S!d;`_}B(P}$e@1pBng9g11D@3d#Djmd7SQ4>n# z9liVeA_N^D3fVSvnG)ywpb0X;J6LD@u-e>Tz2RmbyI^NGi!2*H7M=}Do-osbN_gf;fx&J8UHmZO55+J# z?n1*@!xIgn8M3V{YkSnD(Ae%Y>66o%d{XN{>d2hQJPFLY!IT?I^R)zAuauUiu8=_R z79=DL555m#(2%K`TW;h?+tj<|0mf4p(S>ooc!}@SXt=KDTYuM$AKtY4qlep<7w%tN zyuZ+l@F+u^?Yr*WWFAY?)f;_&^4#(#et&-c_u10F&?YG&HTc)aFPHc9-fF^Qoi+n< z>Zv4=DbEPtXVPCtSZ2Lm=CRL7njzaPLx3dG>SRV@Y!tNn)!Z2N)~J=Ng~(XhAa=1< zsgqTJqF5i?x3kYVno3R12cO7|O^;06=uQ~T`W>awwqT@flXz%+X}40P5O04!k+@u1 z`U&dCteoDZB}|Je$Bbl4*w0PaAKqW}PU@H`HXjC{*3(HdOfQp=V$XgSsgAS+Heic4 z`@%j^IKw+Wf;PK?Sv z;V0FPICV)~t4=!YXPb4bsZl94NsaSL$)QyCDWxvZghBqSjedH|@=u)Glk%r6gg8;R zrDM?}OkZN4#FfNjLue@rnyantNVKMLkA+88Ss@74(iN~@BRZ!ZVTS}wn4V=>iriiy zQM7yV-HB*JxOE`mEj2_nR`ceTrWS9m5*pmevHACO2A98Wj#(pZX=fdX-{1_gSbVUz z#o{QX5~YYqsnJSX)edLS8Sr?msrT*5?Hz8+4NU%}-k~*S%blTUSHTxnm zVVf7}zuUY-RmKzCu*2i?$Cq)8M7Lj2!W)t)!Q6#ZVG z90Ca|f`$YVVa8t7GICA5UA5BPID{Z`A+OcubFk?B>N0A8&$p{2P=sfI?Sv6WA)^pv zAnM>-KUK|71Z4OUzb@oLv)QaEF$dEpAOuhW&yYr%BQ7T`H z60#wVaET;Oy~hui_!$Iu!OP1brRcZ@-C7q8xC;IRHn8zw zxIMT`K^@iJ?#-J!OEaOUYQ{@I2wsxh0GtLMI1~w^4StQGAH5ekIIgD&*EAI8QlZMM zAUN{4@HyO&PthGt6CRdASo0icV})&I2Z??l>G~B(kdB)4M;%-S9UJMXZHQn%)6hRvtG@~w-2CH=Lw$#*e!aYJESM|A)0aC>7?AJk{s22#C8 zN5JAy33c@(s(V_(J>{$+?A%kSZcDTeL|fR9K2**Obm&aLE>PLbdUt8GlIbo4HTGRi z#leD0Z7^#9fzVNiH~MvmJ|6PNGGr>N+{2~i3|NVO07_a#J_;*H^Ut9+jLu)q4 zuRjOpqzyijKdXN5J{@~1!cJ>h^dm@6{=GQ6Jw6{7C*v$0_wUEX)H-d(ruI~&w{m;s z@rrb$z*1oOnK^A>M`SDp!-ckm_#<)g&N$l@XM?!Wn_-zbt3Nd7b0d*TJ%njl)9)$udH zHU2I!mHb|`7iw092`5Sb^R@83>X{BdYo7LaT>0r(ERiWGb4HuWl{1>MIb$xFO6v^? z!)Kw`t6YYJP*NHaIh>d_<{U<2&grltY+j`(my{)ZPAf|e{GoIulwrvKtx80fmRzpH z$;3Sgu{SXa1zFiRO9`=}F32>&jmAC$;tqNn30RYMKmz>YVWvFr9ebbbUItiPeY*pZ zAvmiod7Ltvg{eA|HGOS1!&UB~I8_Q35T?j?Rptr-MW?Dct_WFfWyu0AJhBaOBSM;4 zqSb1D^5)iKU0p}pZc1*f_C^hskke?2wP&-4E;qSCmfo}jR6HTaA9mh#_JQ#`-Z**k z`_tp+&z|md2AdmlE?0BL@6R;5T)BqkU~4rJ@u$=NNCe|}Y~^32X4nW}t**|WOEYDP zNsCrQ`!h{;-fj=6<~2`4BTD3Vd+G@gw=i^5T4+iPijpyja8vlV?B7znvGqooA7JHGe#RCjUhKi+Pnf&!U0IeCX+1 z)JxlmcM&V-+s}bWb1VH()q|sQYho<2J-8XZ^tY>CTq7--@clMqH{+LuE-;O&0R_Nw zuk&!1kp@dpXk-Gw&xsQ!_T%4)JMOsS1_-NsJ4Wy0eZmHplslNRBjuj&VKs{lLOJUE z6i)V&j_&S`DQn}7zP=reRy~pdL!J7mDPLQ#cf4r*$)1ssJuI~R-y3%IrPF=88p?zt zWl%1UiNCTe|564^rS)P0ewpJK*Jh!q>em=OMiE=CmBDUi(J1G%1`B*;h9L-mXar;~ zY6C)Ccx3_L$*U>{Wv5yv4i=kyalOsh5j(I$e12K6p$)D)mHr@N{2?RDc}{vf$F0Qb zs0X2}(Euo1l}@LEleu4{XJDNuQ^JqzOh%*%MRD-q%{_^6)1iZh@IT-oQp?}lviwyx zKyAPTT@e2QR;Z=wp;;|UJK2+rCE~GYM2J}7vUcXdbtgJC*yIw<7N__S~2U#aro7F7fU7aEmEl~G9=)wDvPq}Z5#hp=rx z$t=ny*j`f>gL&HcR5B6>&pqU4=ltv>BwnXyuuIQ8knKMJs9C{fX|srCsQea#sn5`_ zXl(EGxq}CttsUKgP^FOTG&fk2CRf%&^SlmCk*|+>l+*hM&e=XpvB^Jb{?iN1AjANal+>RS~c+9IJ;j9qzvqs ztV7S*bwm_=TEkp2MCS7j58JAOtntIkPy_J!c6G|(WLuGh#V~Y`6cLxNY4Yz5JS|v%BK-cK7t4A5Fkm zq&Pr3vJ3R>B9n0z4Uluc1{WIvEgH4+Y86lx^{R791hB2gSFAB-Ux6=!kQK@Oo}Y3P zwjwcR1Fk^E7$I!M?c1lWzrK#F_&}5PXQQJ%RCwepvQRB4|+~=LHH9PW5AyY#nbAZVoX%;WfW}0{=sqad(_R z4$yktk8gjg5mu%v$}6VYmZ;_lRfCeJa)i+_;0jKK69m^zBFT zo%h_oxS=)C8w-XM;ucZW)s*ke?)c+RKG1u^nM?~r|-)Z3d(eBB6b*t1^0yQFmN;G1dY-|7{L(9 z5OoF1Sg9s5pbKe1|Na#IU-~CGTqju*yJ-KB$>m6@UU!5)$<~l!@92}w-Lb*RX4^qS zs5R%xCjwfXmj2FK5;4E}VDhfP@>oIbv>UUV4|lU?mT&3U(dyM0E$Ya&bp237p1pX} z(xlD`ZI;W?T+WILAFVc@LR?~ONuLBLhB(VSqK#D%tUgWF@?V-_h8aqdX=5xCC>-O5R& zsKQP=cQpL*uoxz#jYJXpRW84R#esAT$Q$SbS~d^>M&N|B;zBN~tq*l07~)~qnayNF z8R>15e~J*0Cn82P%hhKFBFIFt)Gv$Z(oi&1;|R zrlyHRVQ#e6NxZYdkzi{a@Ev+Pw^jZ^928Fq5#XnvepUm#*RNH3VD8cHO&>#c-r1Z| z83+gtoBLwpMD#G?`p(w5N(!42lZi(XQerVMKAhW=`*=>uEjrA6EbB}V`}e_)tAtk) zxQ?%2^+eD-?-w#NU%?JUodHXFo+4*zGQ(<{osM-qQmJW9DeN9);s$IS3wzMq>)8&w zla5=j>q{KmJ~+6Y{xJnn0fqv>vfM`1%_EVqMq&y~4-G@}z;;0E2^hMtd*fO}sPG`NHD`F%jnp<`G}hYbC$5&K@`lg~+ysMulEjOt#Mq*8fF#Xm&@>@c1U`xuQ7 z(%!kjnjh8rhg2Ifl5ts#c2oMH@Icx*F>fHJ)-;lQ%lhb{D)05@$(Zf_F%AmOuP~b+B2!ao4S{W*dKLl zZ+1Bih1qR;7ifkp?4{48yVJvmdwUO4cgmk~Uy{xHpJDSRJ^ypn&1yGGyIE2=Yx8Ig z!+L-f?9Cj@h!ONurnMz7&rSNir(27yy{+@D(nRCoMzQfMvZ8gO?qZ97OER{2uZ^9= zeY6VYvHRE_c7E0=o^~!eMU~U#6gAGVk^Ejjel42EhMFgu#pXpoTPl%9if+YNlcQL$ zFJYHLztU`^-?e@P;s7aQHLG=9Pp{icuIc0TP${A*(Mx?-O(d$5Wl&Q(MjE<@)5a-{ zD--s`3{KC1t$lr4=^sY*(p196@n{0r|)9WqF|; z+*#e?acA737D#%Jy4WUhQWO(2o1{tUh$Kn5rW`Zp0QNPlw>hV+3&7kwuYX)Gjv*sM z)MrDp8jYaq4;uV)Rjcg`4Kzf3`IfGfc{mFNvP``x`#PahQ~EH;FIcWHz{uE&n2q>V zkt}ZVSJfj{*vSV!l^;JjvhCoi(`vM_Q5q?YRYKv`A@QrS+h=(R5oGHlQ+BiEx32O5 zt?^fu5qsKpHF;(A-RzaE`NSE{U)ciw%7)@tGP9WA-g7rx%+b+*hs=`8DY6OLrMzxf7H1&@=yV3N@r<=kX@HLW z3f?BRd zboj3H?;kvvEIs(>w$~#K_Cb2*q4FS0IJX@=v+2P zw}i;&$AmEKCBJ}7)WkmZf>3~90*NA9v!rL%e^RIg2|i>KGJ9~O2l3A~JqbTLjO=ZQ zD|ovaCSfXLq2FeEror5hnYNo9c5}wwK=<(iOfbkd*bOc+o4W||mNzGXTzX%Ep8>m7C3z@eJRV^Yn48y3L zp_!Q8zl;k){<#>c!NohO4!IQYDU*pckRWAmus3MeJ%D=~=t0lJE3h?;RhxavXC`640PqYv@ zO5-FAZoG%FkK~0vt)7}mvzZjT&&b-LVk5L6!rH<^VNn@&hLd3_Z3GGpSxq`Mn>Auy z13F`$Mzo!cDiUdvNmx{;^hDY#i8tW)NDe=b5wLRLG zVNilBC+oh5x#7z!>`Jf*|7+)v#cJ9<@jK{DdshJGqET#TG4kT^y;DadWC1I2Pd6G>F)Ko zT~1i*%qFA3s?!_P2mq9vg2C#v3eyIw!yrfot0drWwZotm40jps2j;ihq43{pec1Y0 zt8@x(d9yl<X@||3`!f4*JjBI#|=eD%;Kxd>xdMg{RB>@DcM+rJS;gWi>PAh zz{H)%+`KOPlVM=5ZNik$M>%fNx*WHY73l1<%PxCsPc;1ehh%k49!LTe{GHvEx| zJ4eC;BU{s{t(!J@dv-cI`Ve+2uKWr7Ndc^(w2w{@hVBoMwt%?_N>*JaqqTmx8quCn zdgrxSonf(>JQG}WjUG{+f-Q1E<Y$F0c^ zHv5#)fGCv;qFO>I`jKPoH4EB9a!wUv)G2gSqdJ4nkTZbA!anVg?yPe0Pos0$`&H^Q z0!5wzq!?Q^32+!*zPG-!^g0h)=Lv1Ak+vML+WKOy#2Dz?08$cS=e~DPJd{t?LSqYE zG1K_cC&fd&KmV1T!}y2`unp<$OzB}W?t9&0z#tlvQheU|bRu{(!XgVim{^?gGPT$3 z6*b<`dPf^QmW)Nz!kPf&V&27&-MI`8A&UP|>*trtWL%^LVSPXIWdUv>>pC!cmGjAO zev@}_No%h`7$3YP*9oG;hDcvay>IP`t!kIQ4QSf$KXjV`j&1#>ZW<#N;N%jnxKp^U z+NCjg3>oz4y#2f#G<(dh8ddK{Hj*$sZ$58^pvlZNC|sAtIcx7zNpotQ1ye+~iMA8W zXwFeeeGU}Pws?~WXw&MGrb1`bNZ{bsLbC`$5v8X%)QDi9 zanz4+hu?%Ao)NZG8>Q)FWcs|8Au_=X`?od+S=KdObv%{LoY8zB+UM-^&yASC30*-1 zFX`1&NSu1h_bqfPWVTxL_4gsPGC4a!U3d4av$f$*9%_{q-+#ycK$K0&IoN2wlT| zEX+qkzIheWiMOe$5EnqIgrEymDw1MWPys%jjGa-Q^NpBCyxf#xrua_BqDsqSHMH1e z(A#;KpWgD3!GJf8c58C?Vn^oDH1+5tG9z-tFxaQ%mccL}-f9RmCnCoNS8;T~yFN%Q zyPk<-?#2`vHlndzi=fLJ1>GOmohxr6Cz$M{i`6{~R`w~~=XK&f**s!=F!kw_xC>#K z_&;{Lk$H^lK#aL#%osDql!@R>7&60!X8T#aSqVM=LQ@P8bhCy;pUX4h5!Hw(pF4(U z)GZ?zScFE0z4T?CEq{eeE3{?82wnRHal9T}Nr{gD9+P7Y<(O4UeU8hk6kF`Ob8o9F z(da(U^pUoVJJPwMRNB!Qac3$ZAU^MIOt@P2&RFuhKeV$rvAM^!W5Cz5d2d_S4Slg# z-wj=DdpGy^26ni5Hcu3HerR{THbze(4=XP0t9IQSVG|KHqG6i>wjr_mC6H{liauoQ=5 z4tsbS?@+;jQ#Gw%4h3UoMOXpY%xIWp*f4_Um63igh2B~Qm3@j@`abO}^0B$A{8~qwq_+NM@UFHy(l<2g)7iMj*HUcg zbT-)n4u{WV$~QKcnfsR44(+(G-MwXNpE2JMb@tn=c8_c8#LmF-kLC7DutT&%ek=-q zSq*7@?1+-3luV^aDa6KtScz?deLogVXS|sp3D$dI2#*B=-k3KyAMk?t%!?37ZzeM@ zsvRP7dfCHjhNuiAN3^Mj)M8T2REW_Cgb`cW9N;E(jisqEBMJ+J+?ZFb4~_&ztd0eX zev2$bl6Abdy!4H-+(XnMR!%mCZdu5qOW4!`<*nC5B$g)+iiVh;fbAta78uN;5RYW{ zLOqDPk`mF05<=`OUvEqz(N$8A?w^>M2|7xf!@Z%Z7~hf@t+quc4w z8#^~RvQCSQ{be{b^Ub}5YSu0(RpJ(<7Ksb~Q_Or{;pqEsFQ>O|8*iv=(5Q#C80{om zdbn&kTkSPj>`s@_g*0qItHmGFg4Q7*;-j{K``tE5NORA6>^2*+RFoF$tfWxrJ$**4 z4#*I+tG`6n2pT_R2DFwfOD~~^-hBCGTHs%QnR^e=6G~Z5#D@uzA|WBbJy(|%85W5$ z;{6eMCz>MHH$VEVhS4CqXIUHESv>W*!mjx8C)nSLM-wLow)D=mkM~s;2DkLSKQoSj z!my45Ya4lYUSYP{CpU*lDy=}xnP1-=ogb{68n>0VXko2I=Xi@o(4qxBoN7y7e|L+% z&RYbp*qf_OqK42bMvMNv_OJ_%zU1*whdSJdBb;{j#P{46Zg(yJhMi)6;oQ>HpWBt* z+L^tfsXsg9+sfNR`3g$Bp9bMW)ltA(A}K^^(we3Pr2}{qr?rca5s|?f98T>)IOxnN z`+{9O2I-(t#fjK8!Gd7=z+O@V)uH&@o*)|mys&2oA&_cFVWbX`C9Q7eCt;uFHpf8$ z_09qhl0l26;60J(jSy;NU8F<+D8$QJ3QeAU#S45?3u3drYHn=r4iv__O?e1=OjCZ;^dl4KKXx`l1Hd^-R%{FL67L%@XfS5Yuc~5z| zA>RJ8)iHm7Inzv$X1)+JgQ6%Miif5f(vF6PbORtcQs&0EYUY@C)+@z2DMNQvMbB&hXWKpWK{Z{ zaduJ-z{Abv?e7^{7w;Y~1iRWB&FrhoFIpN~P`ho$NNZ-Gb2X&SQyy(YR|J%yYA?EG z+|l0MO=-yB2-?KHhcTVOe!k1-VW-_B-op4QlARhs)bp9RBa?||D6m9u#*AF{3a6k` z9}X*&h!j_yJ?cE|6eqCFW#i%4LNwz$hXmE=h(Wt(wA9u#bi=w%Knz+1wIe5ycSUzfXWyR*_Gw_gL!nTu$DfrYAHf@Y#~!I{ni zVuL7}M0Q=6ReVhHG0m`^V$9JsI;+R&nKMCxG+8xHrgsJ@_9YQfDHUpkIl{UhkFcLc zSR|oPN7Rb>M8uJZC=%*~NfMsYF+>TTh9l|h(cs5}Vg%C#c`Yn=79Kf}xeJXZ&$%bn z>^?O+rDlhDa-HUMVlg4M!bP88>O}rgBU?1Gh_T5i8jbe6)4E_Mg{?%uC+Jf$KXAh= zesht0iX!y+q{El)Yl5^-P(&0K7FornNNoVeU;R30bjp5tH#bTk3LA;V@&f9_qAE{U zZr$N&j2d^k6iD=!!+UNm@ANJMnKLrk)-+u7B>N^yrdY_K7DrTuJEB>?MXfb?(vd<@ z+ECaT+}@Gh*Q9o*+S5&4X}3Yrn1LecQJVD$8lxDfKY$%DCp=P}Qo7hv2IdR8qmO3U zo-C-~6N(u(LIXs%-y9FeMNPaR+`ytU$)w4gOXQQ$*|-3{qihzLMDhN|VEUfb-ls*B z#ZfG8bB_@a5irs@Y9={YXw8DDbBgaZ6duJb6>na-QUcT|`V!Dh-+@bjIvRd~4jQzi ztgQiL%2CK<5#<;h^3IdO_>J%Wvv{*Dob^OoGCp;qDP8JK9XXMWOn#z0*DbQ%ShBLb-s^;&iJ9OhLE#;PtuD)JR8uOJuxpbf_2jrW_Lh*{!g7ovWIU`kAyx z$&#L#n?PHEP`R&E`;8-2#P=7>1=z=?gE5n_-Z{c-Py-1j8|(;*HjKcaCN&$IP4t=U zb4L;TF$@nJeXqd^mPc=paz{aPM5e|iwwFt9kRceOD!(7A8SjAoQ}#8tlDu%s0yu?n zkXRlyNiTi;Q<05_2ZLSZl*X!w=34{BzN{_0>Ev#OTB#5ZvMbAA4Nxf9)9O=48n?Gc zGzNoWhr*!OIAR5Fsx#wA4OBNo#>Y*i3XqA=2Lagqu3+wFh27PXD#L=-vm8)b$S1<{ zZl7Ok)`S5RtjYO8=K_gyE^3y`B?U&brbUfZGufeOV2P{gucg5usD$i{}yogpaQD79|B;iZ>!?qqizShKK3Z^#>XEUvtJs=!}oxENHctn+pd zMM;Z}N%s-=DYxVvn^Ch(5V;qR!4PS~4)g|1X$p~+%~=RG;RG3SAfIeyrI<6aQzICy z=Cyfh`%tcEYPfE=aIpQrhlZw*)6;QXZ;Ukzjv}`64ohakWcS#K@ecQg#XmL#BRzb zuqsSyHS+a}MF_mLqeN&M~P~_+;(-4}qhj{{2+_d+>eJ{m3I! zh_H#J1ej29|CC5FGVT|FU%>DGne+v$Pn<&sa)kumb zZng6Q=jjmzZ%}0&6ZJLvUR;|8x7ybv;;9+HwJNqB5I|r>5Y26!A^VtU?joijT!$ZK z;bmg1Qkg5S$Yp{{O(QVywQ1{|LMy+<6V@{nLx7S z_5AC4Ju^h*3Qt76OuPf|!}5CWkjn&QBGprf5P_>`s`ClS9A3oHBlB+UM~O9#A`j7S zF%@S&=KUn|ZBg50zODTS~r zR3$*@MXY1Q&qaMEmmjN_FFuFzYj=5ac!HE^8WpuMka`gx5x)Pl2Ii9zAXD&g{ zQ)TeHK%GGBs^?9tKJUxdK2Q6fd)|xSe5*f?$?a3M{?7LGu0HQ82UqWs+ovu6r`q>t z>)RJX`3_G{QYe6U`ftZqByVINR`L@myN>@)uH_)~Ey ze$>GB8rU$v7tab8lm4>@?8gzGQrl85CiLgxaiwjqnYBZFTD0$RG1u4x@GloBoC5YN zvTAd3RkCYAXhO2!FPE@syd>vD*UVb*7qnCW%eWfk36fBm=b*xVo#~$_96iC6=k5VzV+p5{Fb!3MR-PSwq&9wN@H}agP zG0NvW#^`x@j4BW}>n~u|D;mn9k{(3IdQLi58#D6!r!mUszxdo1{tj`MwS6;I0LAdw zsATRR#ez_O6YJKPwdXz0p9j7ZJT95S@<9?#-;So=5PQBwCn{V})$ zZGx>%Ix7)x;2+WYAl#26WqBQ&_Xo^s5HPRJ<%X4aq@+l^fnS%e75*7x80;w0%1Tu` zF==QRlj3{O1QMsPCs97r7a(UBg-=y)zR$!?8(E`}pZ5Dy2&rd0eX03)^ApYDkvK~s zKWXN)g&nalgxPB>7n&vzh3~}xm~-|b(TV8?eY<@(`y}5HC))$va8PQTRTT1*8OB4O zR7VlDOorYv21SXsIP!>amI0nn&j$?`#iuOq5YgnzgnK6oAAmZei0kz^OAtYL5}F*u z1hYW}bR}ivDvga@m913V+!|Ab12?v;%TId$``P;rj9gluq68IuHR5i~%^EQbnR^%@9v9mJ;YI&p&kR^YcEnSQMqA6dvK>?-#<9nm zFCtv2aq%(XB5GnLFhhcWlCe8@$OhL`>Ov01)?)rm!3T}rBM_cf@Hbop5aaV8;#=p0 zbo0)|jFtunr)0n$~?{_&G zqu7_fDvxK@kZI6k54Eh{?*`b<`F;nPhW6!~<^9goSW;WYL<48aMwyhOayu`xu~z2Y zD3h}Sy;0Tr!!{kZW=@_i*P#_x{Z^uR3*0WI62JORjY9}nTmG;SRORN{)f68($m4Vy zgeuEb{W*#hX^d=$h{i}TB5Fp$tTW7x8JQ31uwScMKC zDx*XJ&*2g!6k|C=m*7JvRQLP&R}ueF!wbnHN)G4bkX~B{0!CiV`(B|SO&-(_?IOQE zewSOO5y?Qav>x!#29tD!24#i2IBLox!l+jxd;O(>tUGlT^QF%!fm4UVeGgN-YwIqG zciq)W@vdv3zSU#9y6t-Z8VMLD1_K-@#Q|Rv`O4?`ATSY}usO8A+Hg!`_t-Ob=_9ts zY!_`(w{5HKdYh!T`E7Zdw1@~`LcJ6n0H8i2A%8l&H+u}BzSu9@CW?oPV)3jw91e?` z@Ws~QhCK}*Z;%=m6Jw^m)?-%DYSe8iO_m-hNu@=}$Cc43@MjX}<66usx0TvDC>Rgl z)OJp6ogf3^!65JILMUB42JLFDHqk%Soe!@k4Mo@K6s4WrvDH}E(SdPC5k!L?<~9Y5_y zB4ss!rLQipwzh>Juf{8MC9dOkX_~)cfXc+0u&=fzXbR0i$gAp7z08#**e{=r22)<``CKw>qNX=>vbWutPA11ytWaS8DHBV4g6`X9b0o5zP4rS?Lgnq+D1HYd~FlX zAClL$#->KTwiWr6a-PcnfIbuy_EcL;(+1_V0s{UE1}t;tet(B&1RLO-s2&9U8#0d&h63*> zS=)**Ly;++s!3~$8`}D6bQB_iYM#+AAG9?iROG%#s<%Hp*>_@R(@ndZx~(rro77gL z_U;c&F5EI6-52Z`zirF-qzMugy<1fDEazN>K8bO>QTTFw&-kaR*6q|{BhlnwyQ-E53xINtgr?o>(nVN`1Nz5N6}m;F;h9LFvH=jJxcv z2-_Pu77>Hk{yb{6z0l|B7vZhz?R}{PunYdiFw|hSu)GOC-+Za~lJAX|uyp_>3GWgx z-QFViWO^uN8aAf7{|<3pYv;*GT{Ba2zupz3tP>@u4@ClMiIA3FMbYK@3JK)ke1+$b z5sFAHK(&@TRs>o^8dh0*E%u61tSf*?{#@_P$&I}mqGnqqm29_~q8oZQrf#u@EP+UG zEZ!Tw1fMcY$c{ka51o%(x^(2y;}32!Aik-&Iq!}eHa+;nM>d)Rl~ zKA+p|_kX#&vYp0@Ea!g|^IO&_EN{k+`&#>e(~ShDH_p}xq98v zFJ$kcvBT|M;-$WN-{X#S6gDr(lo}OH#Bf^gd)b~weJ?-f*){p3^F8fpeB8+8KU|&{c46Gy#QU8z2O2lk)w(}XH8$m}$}!1N92Fh;)w(-yjAyfa+#o&Q zh4Pue$+a=QWLp~bJ+}vc`}E#>Z<3Crqpq3JR&P@@y=t00%?5jHVcCK)n#lG@0|A%7xB)f+ z>?z4L1e?UbjVC;|Nr-J6VjOa>$MB~Ra>)c=f(h_5n)|MApQBLG{`Ngvyq1M_?3o z*l_=V{Hqq>1?BhJOT#5GpJm9AF4#Nmqju?{jg3(4LspcSUt&A*?5LeB=pWIGq`!Z` zDLJPTg^y-g7Z_>F?i)|LIG~1eDO`_b?nl;ZDjp1hDR8zz7 zS@6?FJi9!i=TzW$_^z-R=J7&UC(sj6HPJeGgbYfGYS6Vrcm}D4*xw)}O-jmIN^+j` zEeW2Y(f~O;RkpX9uSKzlT1bsYRW^0LZ(B=!-^N5Xnjh^*Y#8LE`QtrpdwMg@M00HY z_WoNR*l5a{baLcIN8M;=b8ptR(V6MY_Kgs2J{V}*+7)VR%v*f7k4(I;FU-VkjA0fs z!HhmV3!kSVJgvNMJixjF?1G;?UrhF?9!V!f-q_uXWFLxYz(N!%&QKO6G)@dm-vc$ONb*(3*&(*DO zkJ}>!f4n*A7h3o08c&pMHZmR2Oe-^?*iiM5U3Xef?&RGnCMc zXa)a_V+=U>S7HnwR}8@@od9ACOCKiy+4y8HzX*M!9wiG-{(y%Kx*2prd@&!2K?aOd zX1`H;%F^x}27z!8RP9cWxb^UsJd(fom^g09Sx>7U>2T_D>|Nkq#AHJOn zm1G`N4z1~&UVFxO&i52Tnmt%Fw(0pWI~tzG#?#wanJ%9#JX*L=kP3};tWG<+ zGn9cGgIl01_}D^$`3h~PMzCXxf)HENTkeHyqVd!TQk1}dps%pOiF%6lHhGm84OoF# zU08OMeoS%jrTa~d4AW>Ox3-;9kkznnji5ueHk3OkO9e(XQAI%7WSa{8&7o+eKa=UN zL;>UcWqo6$lJTB-c*FaK;+|}Cw6WeG@7Eaz*RLNm>h?qaVv{xAluR|ptkzg_D%ljb zzS6nPVThGFQ-^Phv~O%mca&lV$F|PKfoy6h)jvGkkDDxvJrVq5ZX+OG+zEx#b#0Zo zcAHt4b9Wc(=L)H;Zq62kk1R*KY^mwSGmYXv zR4H6gj!}1aOgi2->Me;2)5fhf*;VZm)nis!OTWESzE;Cq)-~n=bqQCxcQ?;Tb|vZp zxkiI-uTJ0H)!D7b9m9_|?Afyc-|VH%T@G`hy+7Bnw>O>c-P@7tZ!ee~yE==Ti>cw% z=8=)jxG55UJ^`$SxR)v6kkSsF4clq&v@RHnYvCtyf}d8f>0;0V(q$5XbX-WxBzs*m zX1l>MVjd1?bu)fFyg1;-FCn$1r^>YCL`%-IBu9<-x{z+b%m5i8u{slEEkk0CR;5{{ zZn)`4n%%QfupzW~6v;P3gS}w{bHKOEe)tog>fgK~#nI85KX~Nm{;e@;OB%6Z;$0>% zqFr`0Mzo#w&FZw!shB0MVznu{lmO0JERc)}vHAF@-DOjovjxqW_v=BptPta}RC%=- z4dO&gm1n8yPVm+om;`G1yV}D^itK`CaMLElIaXz~EPm5Jv|%)~cpYrZZ}_$yJz3ef zBAvyvuI{E2lktr>2V_jr`=wK`iMTJr4ll={LkS*-rbrZy0lb#`jN%XQTJFcN!#Fx9 zzU$~%2R})TKDF@kqF?l4taHLCW!yu_(+}951PRfsq#^MYRPaRbv@;$T^pct_UC_u= z!uh<j8l_0k=+8%jC5y=%a-_X( zz1AU%&ux8e^E+En<;$9gn}S}j(K|IdpUEam);zL-u+A&s?NR))P3U3T=TUa{M~V>; z#SJkw5Mz1*x&z3!XdzXx&K4GIDYl5F78WOoE&TQ}7sk{P)}F*Gnx81MvM-y7luAzm z)b;rUmz%OP-0gFwOT9gK*>gb1d**)SH3w*CY;Bw z42*DfWMlsPDpU{f`vDiqeK3L=1q6Jb!ss6xX8wy&}yE6ufm zK=mZGGPk}`jkGR)supP-Z_?<*-xwOOQaUDD1MJ9B09H~1u(C;O;1O8aCF(8O-xxJ> z(yFf?-gjIL&C=Xf{W6NVsD9bA@XMYgCIH1|i)-NhX}bD0NtzaTfO+zX2q3}VsXidZ zW>p{US@>wxze={i1JpEkZIY~Y@B%4h!~cq}rT2c`^TN0Ad1`F7Jx|W&nh|^y59pHn zqWa-UFoY(sehq)w<|+UH5Z%Z}l(g>gl?(aI4ks zQLh{3EMOgqDZ}RD82+s_JJ#XU02$Y~mi8nOIQ92=OnD#KvBF1GY=yZK$+!#rkQ9F< zfEm2*3D}K(FxpNkgCxubdq|tpim5p{XUj1^Btm9gloIE4X8jw5tOR{7z!{Jp499ty zC^_I7i!WFl4jf7W@LiE*3855FGJ9YV!ajke!n6F|IW^yx)m64=}IITUS6(uA;g@OavX~Kcntb9Mr;`VzS z-6y-*rfyc66)tv_#y%8a2IQ59fp8|=3X4x?_F@D1h^F2RRgsp3P%s$uf+NGcFEm+e|*!&!n5McC3iAam}1v z7e_jSq_fW2nwspkxNX8F*?e<_i@hyPP3=}>Yno(U8e*ZLoz5F4DO^FbWn&_pjtY@T zFi3iue`-RkSXzjZom;9V)i^3#e6mzavcVa2?KNQRcFdk@KP1XCPio#jnc+u_sz;>L zr-(7I!k5YdVPDBHSmlASYb(oxOs;gKUaH?14sWPm>3S^}0@|uE)M|!QU8oxjnge!O zwr7WqEc;xG|GHdnr0T;COE+PiT7@R`=ZBP{&}Z+13g$)koV_dFHPIz?MVjZLb~!Fj zppc3%m%G>-8JC-zwXJl#C#fe}7h>UX5(3TW$iQX;3dFC4w4|_p?LxWEMoW+KGSP>0 zjHA$|dY?KEi|$%8_1%6LNvez!bn!XCBC}LXGn@0IT37ejIwnyMF9AcJs1`o5mW$(i z*x&s29$HhsAspV=z0{*1uret>NL5zYkVZcI9CcJTcTQh_o%d2VRb`wL3bquXorc@d(D`89r# zp?;*subGnEZb@<*yne6WAX%lfl0M0WwQSayRg|qMFv9gS{%|s?afd=0ue;aPYwff2 z88m$o1)g4`04Ld}$akRaZaLKC;}v1cYKB8C?}6kAYmuf}N*%l#gqawUBcSH1iutaJ zOhLF1Uc%A_3JqV(|6EE!txX8Fz=56{@v!5^mjV~4ixF!{_4?B8$t$tMv%TKw0*;-B2|weydTAN{KT3mY%)`u_K$Yhxee zHg6Zky7DDEb-%Rsq)_)f1-> zCF@prNgl%Z7AeDZ@-j}OH%pg!k1wS%+9}G1ex-ir{v}txt%9Z`jmWtTstzP0!dFgG zu^Xa-K`qjST3RlScYU*Oyk*aHU$E?s4~KnWUBnRcd@tA9w-+^2G99BurKL2i&t_i> z2P@mwB+_-Cx|J%ZXf*4iy|Ps^p|$F-{n{Qy*%VZ(aUPGdKO8=pVgIHDA&mPTe}ue) zV;F~e;dx~$P+%r6lT9)+fp?Bh^ZPuq_mLtyTV!_?*@+@6K8zzer58|UC8Uuo_ag_T z{BV{H0fe3lHRv^(&eCY+13cmON;MAut!pYFXIQ?QeGBs$OQ) zp8z-5Ls-fIQ^0zMKZ#P<7CDx$b7xY4b-}f3sXB|nX$-Af{9l3aE#k(lqD~`gH)@TV z#Xr#7s5FbLl_xx#6L)W=>MV?H^DKU;c|(BhI!st6@(V=`d{+y!++zaHv6Co1C|Qj1 zlwKpAw`vVD8ZsPvEi(*@`zp`M;WU15+Fpan2f2g{WZX%I75~5r6g7(nCMFI&{`j_S zY+#&A7r%osvtR$7cvAdNR1dTv!{V61%JRth6$2tWipefA1CqOpI#I7R8j;Ryk&(c(-%!gmOxgL?j`2UzvIQ;c)Uxlz zSZC}4rJW#GJZ5{jpZ#e+JJ-+pg@wL)QUDZ-n^AwweI5uEPEq0skdcqAgD109jZ|*f zVrDl3-2OS3#10>&xvk1hq2x7AIKwYieYL~iMGj8`xFKznv7_=tc}1cn#r15;x8yMM zj31;Lq7unpowS7OV$t@z|L87nT{eO$BT9X)%M!{Xqov>tHxCx%lw9xbsy778220kQ zXh_Fhj%YOI44Vh~dmRC2;h6);#?;_uEpmb;WJfIF47goJYcSQENyDHM+x!Vp9G5gk zPt@(mrlW=-t)Ip)i!uB=U|vPxMrGX>j0{4vxhmKtxVRXHvredEaz0tg3HkZLXcBc? zwD%>(Z1a$R+vB~-D~@_u7dZ&%R(xGu_y52-SjN5n$7J(2${hLPTLK_FBv$f_Ta}c@ z`wRgUr6TW;rXmBJ_Ilm@gHd2e5@@cmzfzo?!|Iqjn0Ji1WRJ+!NW8RSr zA(a$hwvq-g4~>UtcIGZ$9g5j(c6_;R!c-9XiQu=WKT3DTqt!706WsY%M&vf zTGzy;X56WAD46k?{-)4f&bUn8P{KpPRWS<&-)1r=q2S)su$6C#R zZFs~TWMfg*9c5z?mf>NQjFvTPm^e!ns07!e#tS$D=0Z8A%@qR~KYLF9lwO?IGbB6> z>Y1RoljhQW@#AsU9%rUFiwjQ6{GBeg!*vud_fN1f(95V7(0m*Zm=+{@PG9H@i15D2 z35O)_N3lx!Vw1I=!0D@ol6Vogsvwo*`Q~m%v>1pqC}nqDA!&>lbIt9+!^fPFtj8Jm zSxzS!b5Wb46wStEvrV@_XSWzO48$5zVT;)pjC&}?L^Zl5!4C_=KJODAQx1<5*)cS~ zWBM56R_BqL`LtV_a)WK)J_@#F-Sn~Gox%B_1PN9Poall0zyvCEO38SnZ^|fZ&-eGO zJ!SJX&oss4nYcb~i^sssZHhO=1*2^+nOm;aNpf9OJsnyC#Ga;dC@|SyA+|J*mbcOT z6*W5#R7-Xe9l91vBe);Y4ixL8qvv-P>;zkrMR_I5i3xXOQmrGlLw zzG10gCzZ(3QH9HML+nK=kF}~)=lK31#BZ4?f?}PGVau2)SS{9xCvo1nklPMXdEhT8 z;k43aip70?ra{3YgE6L^GRdURb-x~xV3|hLDMyv^xMs>Pph7a%TH0?k7z6~q#lR_4 z5qd{~9QuYVa_NS2y&@+NA{P_}HqwsC;6N3;=GTBMOxoYtkGoeP6lK3#)Q}0s4LUVl zjdKdAmpCZXAVNEx!Mj1A0FaDp{197zXnedTx--tUkmSzdv-{YS%!8tf_#WR{6WrOl z_*2r_85udgpW}3dspBjJm*+gzl!W-{N5qQwE1dLHrTtHo8}nXPFe91L;YE6qUKA{5 z9QSeoP1WOUXY#CGL}Iesp&!wUMLOB(k=|qt*xgf|3~DBfY0vvTZntH|=Joj;MuUCE zY%*yP4Hs;E&KbRqs)XR2Cqt}C#&0IEbWAAfp`X7*>kWDT1YD`oCN)<>bux(CM*YPV z9$*?EKACbP+IES&&0AO z<}|;a16v6=o_nE`sWCLJH0^);(`m~Mo+4TJnUX_wc#(o*zI9iM8^{dRoWOFi%MZ&SEJEs2(1gAVsBLJIdAi@Q<5e3 z?zZM)a9wC!=ifGFx(Ys#xkAC>pX$m5#vyPrYbRR1VYW+8K)OVBr`-mZX{%>@>O*%w zEcr^Ev8HwIdj_`Eou)ls3th{1ur@=8XRS3LmBSaBf@a=vtT0c&<1!juo`5D2_Rj<% zo)^SFt+&@iB|QmnFjCF0YE4f{(N-&F@gAW}Vs!UD)rbb^=uO1oJmL?q zrc$`_0+L-4cDs8PY9}ZI9Y;-N$?CM4%~q$BNn7qSIqq|r@J~S5ugi+f>>Tl*jc&D# z>K8N%0Pm4ij$pnjK)Le5NrRyBI;|Uwp>HXpm|t|On)u_^xv0({%sD=;=B&kR44N7X z`}R$4+_#vJzBBa08xKi|L^#a9DSm`J4ygyWM;hFue^Trg znPNC*zrh4GF8yg#pZSI2Cafn-F`6{xMx>`~b{nKWxzIUofAM8JNsqsRoQceI5DK6W z-K4)M)8CYN9oHZSj7U{oapUE-axhr7NnM>Sq{-fLiljUhGyP4BJ|Z?)r0v#)-xW{U z{Wc_x*ggCmsHmG_#7jIwI%$Sv*I+19DOU;{;YV%QDdYhyPyC?G2RBF^z#M=^%W5q) z$n?QwR^#?$6?+oz$-59=U8&M$wpZ2-Bq-B@q{I8Cceh;o+xJS0uM}~+Ay|ysR|u{D zMxq7wCyL<>ic=hyD-C!iS+2dRY&~&1*aTQ{=SDE67?LvVOoc3xLtj6Bp+Abwe&|$P1d|M5+ zortUytXsw-*Yw_ySc2C^G`ho!53Ufh^DX0RE}T$wCgaCR*f}BW$G0hikI3vSDp!ik zl%E!0?+gWY1VlU7+adziQ^z#(kR8=%8_bC*m)&~4J`q0UbtGr(0(h4ulf~s7v{dWb zENz&o{Q_VB%A?H`N+dQ14rDG0RV%kbqP^UN0lG-*M*^h3Qmy$}M{`TXd6T=`Say93 zyFuYd@u5f8{~b8aR@1JAkqW3Bq~F`OX-7W0X{5)uc$K-v*#@Kj7B1q8vvToQRM4#| zu5k{H&yb%iu}++lVf9v!y@FVwBlx92jU+Nz543V_sy_0X$FWLane?jYnG0ve_X z2o3@_y%DF~;uRboH-u87W{WrKMcFYg%8q%xKGZAISe#CW1eNLy@*M~Y|y;{;pgKf^~IK0>jtSeQ;@-hY!m=11;8h5oB2xiTGAY8Iq zTFl0^Twc`rxo#Tao3`px9Itd$fR~Yo8tGqwq*Il}!fYVyQcL+)QD)!jEx2!SWZiGM zbI#-LqIcVeBVDmW@$SgoEbmA=KITk`@$6V8GnQ3Mw&X*$$+XQV40??NA2 z;k*8f`>ti?{_;$Q;RN8K#)y5tqdblDH=U0)lr)ZFy(#M`79{*|n!S#q&Fr-c9t%QU z`jW{zDGP8I^~vy5)@1f(y{1{S*KPLxf%kJ>aoT&vD{l9) zcJD9>89}Ai-qhHnAZPV-lP1>0;xQpA6|2@uV?4DGEZT*SWW8;8aZthO>oCQF4y3f?Uf^~Z8ug1M($a&LaeQ!ea&qD#59Paskbm5uou@Kw*ru^PVHUrn(mh{>qs2LAK*nGUa7>4U ze__&bTml;yq>)t+Vx>OVveF3AKJW52m-E)epRjwag~rxEalAdA89dnCJ_-H7E#=KS zlImZW_{vS!6P&%s7YpX zcm>7f9nr(+$q9%JT{gWA#eA(@fG)@6tDF+^=9RZ!g^z>%31Kjts<0(v_QkN05~=*OAnCNH zAHa?SFJ(ZxP5TKgH20*(p==^(AmmZ5T%mkHJH8RN47@ZM^j`_QnfLmMahtN7^Egh2}D@ z%YLNT9Vt(jd}l{)19(c-oDc zVuSvZgoHTGc1lU`{(NXp@3T)pp$$gUWhH8Lj(BW_2SDDI6x^2#hA;%h6_;NboDekPBHZVrhb@ZanIgkQSBPp|STkB8WuAyg`3q0^rTuxa${ zM}vVMzzxP6;xQnZ}AhquWkoeaJaktwX%a&4wHmwzoj}%|Ghd)&mFA4 z^*6_fnLd`C#Zdi5A3me3e;B%2)1fnH2AQU3g6D$b9YJ)!nZUV#WD0}=B6#xC)I~;A z9QVikaJTObu}1^!LxGP5#9L80JrMfDavx>h+ed*~_k04KyQ*u@Gw7IC-`gu!u(Gk) zaCD9xSn7=uidp`bU4dEZMK|!S!0q}qx7Po*u4tLfF7-nXpGy&8PH}%a#6B8g4}tZM zT+?tQ;E$Z5D7MJK+MGTZL;+H#IphxnpNOzqA|H-?JR(g-*hT=gjp)J%pXP7y zF}!l+B~aP0?gHfsHU>X(#sl`+?G^t^0Xu$h%k_6Q4f_WIty|vHxNDL9`y(Iv&E|cx ze(l=&1K4Ym;uzbGH5mb;^iCzFw_6<}u}BD7YTd%kf`-ali2^o`2?QmQaM3O+MNHb* z>4Y29i6>28G+j1HrWW@Au*heEF9g30kqfQOYVFjHLK0qpq+z*YzcTsONZE|u0bEN-lX8zn3O804*zEu$wnoxhkcNJggwSIf**`VNRojrt4ODz(o=pl zcqRBM!YbID`FVk&hO{TM;CatyrCTX+kqNz08*7)ofj@%nZbAZx1}1@MLIpmC4Nk8^ z!FZ95s?!>wjLn|N543{?@Bo$)jwYI{IEa9@eEmZ-Fw!>;&^XXpyZqj*O4x*R4jm80 zG(i!y-~>DXPvZ2v_F=V8=^)|nTM53}{3_lRJ?Y}Z-^+(v`lLF#SjX2F#UHZ|;+oa7 z?W7W#k=RWVQrOrGqIW#k)q?jH9uP#FT$hz3rg6Z<^mIJvEf%~5!&w)Oc#RrK5l%DF zj>c8q;@xF`mDfwfoW+jS94I&ArbMZ&G*b!P!(~xxR~#8D_oWB02gR%V(l4v~lJpJi zK%ZNAcF_IbXvbkC@M-Cf!H#5hCd%7|BZBCnD|Q7$oW!VNiTf74UXlb6OG_lm;Jl;kjPyQ=g5a6OpM%R8~v@@2qXwg|37Rb89tL*s*U0UgO)D- zv$~V~_`U7BSerf@fX~_qh#=eM2M1PCpq~C zI3$=?%{S zc|DI)`;l_x^3Ee#fD|7Q^otBI&GS;7DKM^|}q6aVBnHY^-zr5SRpi zEFRjn?ayHjOYt@EUDSSOS1AWmq#R{ESoEZ7MmecL8FEF)z0#|kRqQjw{oM+zFV9+^ z7ozAlsP6-m{>8Hf)bJrm?=OQYjv92oP+ZirB#IIYg85-frP4*{xbQMQxaEv*di)jo z!_YMBrgsz%Kso<3SN+kFrizySTuX1}KwoPw6#O&y2cHOv!JuHL*IS8AW_QV?2;(|M zf-oc^M1wG-KM zy(I0Yk4UeOh#{O9)fIsg(oaGRsrC;@YB03`6M>V1hj>hYAzAB`Qr}r#8q}J={&M)7 zAahdURUtHq&5qu+y|H&9;^;?Yos!7*rcDCt!wQY!kr8--Sw`7wrD(SPO_{;W6@$k@x)X z81cA7Yl!C~3-?_AYm7Y@&N$R`exCGfM=GtRx`6n5$av4s@%O;d0~^3{{pZrZV@<`t zrMgL3m#sy8eA5VnI4N=Ts(Rj~T*4 z0xvm&$PXa}6h#E%jPwX9)s+GiQe7wf$YPWjfmk~V+JdAEVbpc360fmsGsLr{Dq1S> zPc;9P#vHa5)^6=E4Q&X7ZS1VG;AAbujVFhS2aD`fv|~eqBjP5uMIU3!KnuK2L1yQL~^vpnxNII2DIecK+Ir;*pNVf~%J)v}fMaoMt2a@Kn zU*?+v@H(_iEn7r(4x)clC>y#Wu4>vV-x#7y+=n(j_E@z|i(fxv;UcIDttO%Jtxv40Zf$$peFq1&s@vUjOZ!>N>)#$5#wPdQu*uct zJM^n4Kf9s2w=L;cEh+|(C~&3-RT+rt`cSn?#P9LfzgN2iSptl$&@ORb|4*@Bx)*!r zKho=^PYYAky;GlW^v5TdpDRaVo~XH~N6@Dxc&{OO$_OUPlYD<&6~Zwa4*fmil-E8Z9=x!<6nsr;@7e6GwQYAg0A9Pv_eR+2zqf!b6&@0w7s16iCqjI4cnR#9n8V5 zE`AHbG~2E{fj_`}N8Y&j7r1MKJ+cWIJ5yHUly`^cD6+ZjQwEJem=djCgD4ujR!zWf zk}&K0Ed9P2Loc{WIREgU7IrPTMv(=IcyqxV80?M;K~!ijXj)j_3CH{PjaJ$NTE-T3 z?pu6I();T2Z0+;R-1V_fpWkuqGmAfaUOe1)c7Co~L_U*xo>2}L+6ub>{SFe4bUUuM ziJ6thpRQx)p|qY(PX(fG*oF%(W_6+dQNZnX2VM`b(}4#9PX?sh;hCqcX=}z}$+#=0 zd6ni|uFhoAWwYkGTy9FJcMJ6>53bW5KJ6`-pK%h_w!wwThAwQc6aD#g97xqhKApjNEO2 zq_+`P%~1Xfm>$3NmpHsf@-27ERJOwZ#^lQ{W5*N_!@OGp?-sG(+XzObKS8Mr4ervP zaK7%=T^L;pDcR+fwP>2XAa_ znB2KOviKYukF4K0+0c07!CmO12arnxZ@DdQN@YJiC{5m`mIa@r3eHzov&_|^b^PxrJ%>+T znzCB`jsx+@6E~MP90>Of4fl0o54d){b>U<8HD4QtsM59rM{n4dsqPPRe9z{4JofBA zuI|}_FUB``QVxNWQGM;Ld@sTIf%ytshv$`hu=6$NW#*Vdt{L`3!Q`G&se~7OMw=;S z5@iz#sd;7`z4w_uX%dGJXq++9VGpe^+S{Sog!#ke8dQ!L?REHHvu0@D?T4bV-MY$Z zIV2wLIB~=N`X%FJ+tmlqy2Es>{n+PFhYb5(tG- zW$E+aE8u#v{4v=S>h-nr&*x_+K0ht|t#bOD2%X1p02P3uF;^^%s9@N|wYS_JpWo%* z1w$ehn~F2HkWR$GWMU67b_1JY_b{o24X|xY%Hd#Ukd8nUGoF1Q%Wlmw3K)vEY%D99 zj7Aky^k?F|yVwFlNu^kCpx58)B02~aj)HU6!1vzC>hK^94qx_aU_Z>lz{k8>9b=r;Uq>I4%@IT~Ey*-xFj&m`DJ^UcoH|UN(e#P@SjPIJai*ON zY&7r|Gjs&gL5y$l$j*J&eoltRRyuFF=|OX-3!j(3`v-*eN}YMiXth}bQ@)rLWgwW< zXZ3}GHti|WixFj~pME$kC_~g|;)fkR38&jtj&czTsm3w@SYM@3pxzoSZ6JF@ET}wY z%k(t5a_O+)&>`2R`t=9f-3Qs#Vo$*>A;*>-xHis2tufU*+4-01{FZ)?xBUs_PUDm; zTg>--d#`nI2^VL54e!16`QWy=pNawk1L zZF!PE(g_wjUO>OTYV;{$$>^Wb?Y5t=i!mKjC9dr{S=QO5WCBag1x5vyhJhxe zrEEsXvT*E_R+~umC3=Is=2PC4{u--wUiG4JLmC!U&(qsXRsdB(;9gsWx1t>#%Dz+e z$C61Od1ptf9@`=AlAbtp=sxMn1_%Q}p^lDvHhJ9e0ivN7~cCc6Ro)ZS78I7GGnH+C~7!Eg8ZtGX#*uv0sO(9Ky%@z(krl^gYa+v96Ev2oH)rK z$EP`PW~MeNVAW|aG&T~nZ2;>a)>v*7VH9(ijBXVK>^Bsry*BCs8{rlg%Y;=p2&CYs z9p091QN5SoI`kc0Xe31l<4}e^Gs7u*nNusq6DBoAvL<(oP6Q;T0v$MJt~I|^YQ_^l zKFNrtBG|-Asxg|?a_Hm1Q*xv>ekW~KO4 zf;u;0agNv$v4kim8b|QzkUZn_+2VbkKJzK#DdCh2y>XSunzSB~Ova}YsCH!-y_j(1 z<-sPrcDbqXz@(}X?#%E{2MmPKw9O(U#m;Cxa)=wi6lt+IA?>OMYc!V-*qAJ^dspC9ivkRy?V+aO;WG9nxfIj*;-GICd`?E=nq@YviEVfrhpT zhm|$j7A9wltn8i3)wP3dX`FksncdaA&@6hJnFVdW&|#0xrY^QeLkqcbY~E&zr*jj6 zb|Dp4CA&Cnii4qKosrK#TMiHbBK7W{StfRG)D9b4>wX*?y?|#z^GG?!v}3nQXjN$@K0Tf|ZO!y+kmOaLa>w zXVm8p+rVb}gT)t-p7|@V`V*bSY@5y2-CACk1^5D4O8j^Tff9}@Y4vPYx~LQ8HKQWs z$}HnbM4U{phyHnz^|7xm4&e{DEpe+zcL`U5BC}!EWYW*t^}b=>PRMpSXLU?xnFaHU z*>yG>?1_Ni7GT!(vf!IHj~UlH=5<7h;^i4FLC3hy^1aYM@x888Al4U#om#~ zA@PK5AKJC}!CmYRKF4HdBCx*k==<;NTO7FZ;DcA#E#(7~yP+&b>q6BOrFAiaC)AqS zS8?6-%%GghrPH&is5=#XCdH1W?u2k#pjcne)6E2}-EJxtijKks6MF;>q1`^KHM+G% zyS7Ekp475WARb&OIL`T>0?otanvDkB;K3k=>6s{d95PAy@7!}BFs2?qiMzvZ;el$Ir8V!v3$DCu1G1HiFjH+ZWebulfzW2NVi|>t>1u_im z954dmAISiO8fjFh2ptJ{iJn=>C!@cx17MP0oY&UiB|nkR<~h`a%^clYg_F?JOFI@P zO@ew3FG&0wH^hPiQDtq1=eVc6yF0Ku(B0kcIfi+V?> zjtq=$NGC=Ix?R8iwX1tzG?89EIuHr3>*)^G-!k%#|2T3B#UrR5)X&(TaXq7tKMw-s z4-^Mz{#vWY3YW}dVjd%dV#5!B#tKn`Pq+qdAdZ*HnvXs*dFsx&-o-^;cES9{~m6h*UDZ6V^d(IQk6ooFjZ zW+dW1RlP+OG=lX=v^T&;Z`7l5o82F=G_>AztY@#wZr|F~(-+9rxpr=I<`Q04yySBh z^KrdHPL>))k2Bqt_GP0Ujdi$fY{YHYr1Ru*;gnN1rnN`>u8`B9GZ-~B(M7&iQL|JQ z9K!D@9gjIKI>Z^rStOr3BykonKO*DoqU!+{12e)jYrN=uLSi44*dFL`=$PUEOy z47961Q$o(s(`I(ae4AO^VrDJo0m!S!V_=5VW*&E>arpCWIoi=N?dYfjqR>oyT+A18 z^8h-+;Q$yZYWGA(M*93)_XPWfhoSm^?HBC#vq#^56F|MikCcubnM`6GVz0sV|43}3 zI$DBG`t;4}`lRQ9zX1F8@cBTP4b<7Nt87$q9jFc>3UhG^Oqjg0Hg^ms{KY^Gv+;Yz ze5eCyf~`Z6-KKdXSM>NDkPVF`u9{;u5?p0qHd;xxnoNmCrDSR9bl9xeR`yJ?uO`OF zM=`xh5zR(pTQ0d{a(@wR`YOLZ;5OnTxW2UTS!KN7=yZ%aq!9cOyD1n7mcWP!`euc! z9g+gxc+8?PW({qIAp>L`7;63k4U%$B=R#s8GMaH0~|xwAbr_rly-}<(X8Jd-_g;rBfdj#Hp=2Y$!N3}3u)s< zQ>IX4vp2l7bM1Ze_pE7oZhHE;mNoax-?w(>OE<)J?%CoGY}vb$_X(XNze1mwgl;8i zV6#<7?IN6PCh2Fj7tQiK&SB%I4lPj=F}YF2=T>!QH8mzcY^Q*Nr-A}DznXk!690er zLs5R?4Rs%fCY4D0ICP_`XV*{hnH&$pMd?Rffat zr;|ULWPeyY&FKB9-d<32;r+KRog4q1f8G%PJUc%01^#&rN)YNzAdJr1LEWi}3ChwK z)6LV~eeE*F1y0AClh@vy``|3u#B|cNtl)~H>peY4=q#4)n z3g(9qEZnm2DW%+W=@I*Rq?66rp{0=Vn9APtY*MH7`|L2*9u}U)yqT+(B)-&W;yy$L ze$&HL$GZ*up?Uv&`QfrS4VAYsPeIqIdsHXs=94p-vzbRTQf4%j-sBsnL}{#b%0X9E zlwi13HQ26#%ys#0@a$joU#s4}1@rEQD(2(ECZJsh!?r;r&tElh+gsZ`q>hQj_F$xC zxKJ2wiLem;q(^(Yk8f&d*mS&mPuB^$bE1oB>ITXI#%^c9^1wf_KzX39G*Aw*YajUv zOZOjIx9(7Xnq9SDTYjMS9gPRharE6@K0XuIZxvhl93<>)7TDP=$IfW>(ZmzvdCi!( zo(!Acf}N3p!2y&C`w8rdsmXty-0=2;*uMtZ*YNh3ZxoSy3GeR{wkZ{W7(p&?^@y99 z^`=>yA!a~f)r&aXnK0|U=+|o&%x4{s(*A7pjT*;feyC&lQldXidp_&0U9QPeOuAHk zu6Cr@(h00WXdhkElC8KWC*@!w?I;abBBK0gcUji{{Ms+RC8F-GvpCrDn7S6kf8lL^ zPMI>!a_nrDV`m_ETFiVqv00c)#E+4m5QG*3diHIL#%6g2cO;`=p~|`nfU(ytx-NR8 zf@)6!R(stdqYM*3G!<3jm>RuOec~MpK8^M+d*9%QG_RjGu~F@)VbsL;D-NcW2uM@m zG{g(`Pu{)^rty0!hDGQV{hNS7%H>J5=c)Iv(Q!d-ynd^Mpd9SY14_4f7I@mMtee${ zv&(qe*BtB_2NN3|2OWf~X<`lt5i=8Am2J$j-hc~ZRpW{fHCX0|Ui@}Mt#&ntaJH&f zG_-5^nidD&eh|k1Vyo{$OG6gCU??3{*6GdcEI6-oPg|MJ>a}LA=d2p*rGiFE&MJb} z?u~mT@9FAUo!1x^k|>dr@-3h&slcm}f=j_O1o#xe4ibEOGDxHX?oz=paUt)g8faJD zD3~OwJwlKLR^7QX|0suINn2@sXEMHKYo+;M!%N)*?o>lC)almwBQfke-$ZVe=qmKq zm-~t?lc}wt5=i?@lJ?8wK5(DtUGXWj$&OsdoN%i$st>RQ1de8PA#dnh=&6t<6iQ`g z)fBbd#ez^^F3Aa>DDUzvpsr_3*aSur1y*%}kj{>#$Iw!^M-J+Fw2ZscwN-!=S8i9( z!XOm__|d!}RWl1&z(l5~Ar09aWSuL_7OJ>)zEIe-w$GEQ`@2a;Z?rJhk%)I~X(}JA z7k9whWYzYljbr+6YUJf6!`i^uO`z5#oga3@*e8@mU6`Fklxyx>^r@&Ai!vQ5p+_$u z50AM`u35*$tUIt^l4Yk^Sa75^JFAT$|5jbk)s~R+i)Lh24T~OUn#zx;4jc2V8kIkt ze9x%$t{Rj!c5U^b@%4~|-TVUV=Cp87>2f;d-OwYMBWq;0LvqZW5QzC9TtG+#?tZNv za3<(mh`Z*UPHiYYLA8LXWFd_Sr|3QpD^p=IvVS@63A1nodp9bw7h=jm zrDF#K4x*X7d-G=98{aW(7%!}IxQ&Ti(cN=ENiZF0;5ZGNw6b2aeSExslSLlaLbISa z1~nX7OB28=eu4G`5r4W%$?XoE2t69QfY}Bm()a~=mq;`mD97JL$);(pR1zJWD{I#4g%G}D#LLH zARAjUPBr+O%kvG#8aGJT3ZdgazFk*XH_=epsif1&&PwCfbvey#m~lVe(A&F#zF8B1 zKfu~Y)~>s8B$w*h(+(46@z>SDQEFRb*wEfUTfT{GPB39_CBfq0*cwp6F|c)e@8w$Z$|0^lfz+eXe>AuiO&bT6Z$coDsoX>Wv~k? zXes36VT>Sl%kc;`DKbOIlxiHR$2QTh9jUb_5re%1XHhp}Ia}Bg@AmCC#}i3gIPEng zx;B;j_Qm#@Dv8dakldBqgt$LzKWhSCccygt09kY2Brb#5bF)3r3PASiLQf`CL*{|43d7 z0D7&kT~$_yk}AnP28hl@1{%alLOIamD&-PJw_|N_e1qXTZ|F8}b`>&FgT=nRv-f}! zW4g}6V@0iO)Q-!RP5tBJ+ci3ac9X$b7`>6^NFICK!`uc(^c#=+(88}mJJyR~!{h7! zf(8df%pqpRJ)LmRi(K!Ovms$Ih$7gKVvP;S>!1x*|9%7BiMWvOO1=CHXcul*hB`{D z09Z~ln@r8NIonvWE!oy!p3?=qJn=;nxYSv1YhVo>5)J{kJDQwtAN^zlJK8YaaHc_O zz&Tf+AWcaw;XurR+VMaNGn_p@0UaK>Q^_Z*4m>a58 z{BL@)yWevRDk~2`_RMc_a@BqKU5V`IAhJUCDD8TQ`J%Jl`+=`moVhuj)~n5G&uO31 zYGv)EdY66Hd9ltm@9~5d1Ob+=Yt#<4QSOGrr$GAwmvaXU9e^o>C+O&>gMP)SzU=m4 z5%F>a{GcJfLOii_v>&J^k8q!(*S@MB*oNhk{mPF-`8(giVZVOW`OoJLtP$E*fHR2v zG1iZ0qV>aZ2c2*~xe=IS^gLjJ8cref-=#jU`f5MIenq|-@C$MaRlAh^1pQ?aI+Qs1 z9Xi9Z|0~bxE}BiF`cY9kCeM@Sd$s446$}mPAo5CKWfGWzf9xlp+x2;P9}g}&AEX!X zA7TJ|Vjc{FE6V-Z9P$-d(Zxc5dtB_XMz+&Ug)&;)ER)9GlYG44QiFJ+f$g-h2AjRk z{uID}1UQoRx@?_&HkoxNv-V`N&Uga*;v6B8WhAHxm%3uJ$02KYl&V!!!+DoFr;}%r z=aN!;ayWS`DJAQ)f$+TFvvH_xN87nJsjXJ^7^4bU5(gn4=Sd*m&=cYYgqqq~qr!o6 z#iVOA}cSyL{f$S2OOYLQmx1b6T2UAuQp)K`SjTR*w6 zcRZqvjn+4I89Z@+13>?Sv4&P(?|Mh7BR4Y6Smp3|Lt%KbQopIM)#dIk4URL-CKSy< zJO-SqKvVB-rD>=sW{gdZC6%V=aqJUz@H4+8{sZR>->wWWuQxqqcY{>xcl+HX=kDkU z(1xe)l$j3dI+sc+wWui0kSu>Hg+wNYFylJyd%!39JOi1)DLYXOXoI~%A_Y9R9gBmM zs8qX)5MJ6TURTvXSjwaB3_7mS#?Ks}BvLhgfXqn}U}8Ugb;sz`MDfXoxZu*W&mMa9 z=G<^wJkqwQc?;rAX|eACf9uvYx7Acpl%>!15Hm}_BZ zJl>~lm-Ko$Kg&Q2iD}D7!wqVK;j?iTpVc`bU+p~Se9EbHUMkzlv9f3j#~|3;AX^sl zLdKqn17XN$3Xz4NZ*xd@A6O4I4U>^!uAa0cXkE*RR{epO$qZBH47HvJ)g*@E!U@Y2 z4p-V{v_Y~}R<`{Nj@S1X(hXx+FHsfc<+SsvX)_&agh)*m)uxt8GK)wP2wnRCd{4Qn_Ux4)6W-?d!oh7Ct zUQ#=@RZpZrgr|boB)3r1^T!AB4!M(bn76fC*-{@n;Q&^=sB`(3=xZcg%$QJ?mvlCPcqv z8uAKqBR8(AR+PQn=CTEBgPV4Y8_j(V^U%bOaSKH55T3)?g0v9vy7&Ul;!h|$@&V@a z%zMOkCp&IsVaen3IDJzFliOhO8RngA+R28U%;R*JJ!a>W!|ZmLoeqsO3*gx_MIOA( z5p#&LBjo5c_nDv?tUo1Dz@O`m(3u3p;k$%cLd8t@i+Sym(gpz~{25hWgJh;~fa8n7 zXMm6@%@&EM$Q7^C=UOL;4<c>B}lK)P9cA>bUcTC$DT zu8u!?{%f~Uko+Ahe)0jq-H9^1IJMXejXd!D+69D8GgzD#h7pr51 zpa|OarYcb;6JyX1JY8*PB9#?6_Zn>@H%ZTPyI5vh(}~=T=0qmzIBM|3icxpLV|OOP zLDNml{7}=a??0Mnl~5^Wm-Qotc!c)W9oPHC?@RXrBdKQzI<;JpN4N^eCnDQQXY^lqA3M9e08 zh=Lc6iWmM9LTu2218Vy5pfZwg#R%H~wylz4sma~aORvwZ! zE%S>%lNuZ84Hk{@T%C7`YApUj>2$^O`M9f7p|P5{zDL|I{s=joC9vI(+UnU^Bgs%o zg?u8J^s>hy7bD_KP5fX4YBWwbx+vXM{R76 z?IvvJkL%qeVPS0-P-_6lYUw<8d!_PI9+f0AbiK)yM3JRZIFgk!N5Ffx1|F!2>3VNzmShtckd(5eh3N$?w@LO^9&8 zu~%`2>20(U1Bw3#_#xH&8W0M!utX6pNa|3Nmhp!w{NPAwS9zD#v3-v`LN4QYXA+5t zP2~giV<^T^LsAF55OTjVIM{ngqjTnZ>dU=(fWz#;&x+drM!;~X5=eRJI1-454&J!n z#5w(lvX7K!qeD><`n9ql7?MK~oj#-w>!;+9Tb4tOG7HO|`1G)}Q#vL=z{uj6vYpR_ z!flc1$hioLAbDpDZMt(hQD@f6VekndxoPe5xK7!tXA?P*&Q2!;y}@+AAX60&KFtZ& zB9}wmP9V5RI*8aph?a_ziC8qqN4GMV$0z{^zY;KP7i))f0`d$l#r@qqu<%$!DAye?ic>bFZsx0}cwv351(TViIu zNAQ>-V)8lR3(Aoro;y6^W5~4kc&%Q)+2XVKyvTa>&iX8FpT!G;b>ytT_6P_<;JiBT zWRE)8E+;FXd7~)Md8wd_%*HO}b<#pSH4z=RS=b`zsxj3+aa^P`us+>s9l3SRfRIuL`$_RsG1%6i7yaDUscnFJ-=rhB@|Fj z!R6>)yEf=Q)Y8Tl!vIRmSZ#ju1eD7Yi1XnMdY7xr?W<-TOT? zk4@z&eM?jLU4V`Vv^5WHOTtVf(JEY>D3b%dC~~a)+=WJR(R1{PBfC#6J~8F|-c%BVbjWil$Qj z2r@qdeg3|7Gt0taoY5lJfEsmoXrF-{V^26MNsEbI^v%V zUQGGi_d$HxADItv!j<(tndB3f8ux!ldlLY=sw!Rh>~ros&+~li-WqPr^IWIK)R3Vn zb0C!oNCJW(lxEOKr4yhkpn?Mg+HRp6WQxkHrd!)I4LCH3y!Q}o8>0PV({?|j=u^bj zRK0KQbM8=;K->STr0U#z&faHFYwx|*+G~AlY1^o2m`%!3qN;QWIZ^d*1qmn(V~Lq- z!>yCe=Acn)a`p`mPxxBB(`?tmA4nEu^6^8h)5GNq{6Hg?hk0n^5+6>QNQP8xo7DJpc6b;^7 zwKwOf4x5+;Y~##P!cFiXi~~pnL5*gPx*veK_mg4tCkHfZZtAb;PiVF7>i%qhrawFo z8t@Fb2MmX;1ExXpIs$#*mwuKQtdSZBCTr+L5K)QU8V_NQkO0fA*Df($yPW0PH2Cy_ z;TpyV)+~hWhxxd~9a3@O$vaF+yTT*mDGW;d*xfE6xm3vosbLoA_= zwa8z+zu}1nu`-*T<-_?zhV985gnwzcx~@(&FvOTv=c?T~7_SAaqt-*#d#xIm)u450 zt+NI#w$Bnv!(7gNPv~KwDR{lJ${2Sg*b@o%IgD?WY4(2e6W|>Lgzp-qb3cQ(vdUZO zscLutIGcP>t7hHmVAj`-<;G|*tH!cpnK3#(@{GHop0vU&Q!zfg>|k>1!|CZ4O2(1w z4|9k{`yMukBwVQ;u-JMoH+s&G4STzNTzXwN+t>w&Ho+%eK<*eWW z`?;D^H6mg|e6)sbt+^fuQ#GnrY*S-Z`DDLkJSAJMf5~eZv2jPzJ6# z0Cm#t_<^_>KefSP9kvg}heX5BdN{(aUF%vg%!bF0^Z}EiwY+=t5F0A%BS+Xd>q)D) z+j_t%QrO^4P}q_>NYMd7^qPL711DI-ERyv#XNpz#SIk08#S4(DRP`dlDHcU8lJfDR zpp3n*OROFThwl+t5gL;})mb*)F?IP+ixz!$u(jMAHD_wu;~TaoJ66@apAT*QXk%1+ zxzLN|sLkwfB3hWkW-9Tmtw#JzvNxR){zD$kRJK%#o=PTGvX%-AEBiu_H3nHa$UYl* z2ws+f<0ORb3W$RN))HXuKso@78s>Fp+%0ZNatZUuc0mV+WMX^&|w{lgTy*6Ge8fw>?y5}G0WSyNtUE_Q%h8?4#){&c9xnh1* z!CbZJ4Rt_C7+5l(6t9@9R-r8BV_7nS{A1yddx|BMND%a!+HWWXSMf%K&n1g&<)8}fL) zp-^-tlCYahGhPS2IvfdZGf)O|(e*%WH))N!8N;LT$e^R&>($xe25129ryB?zCWmKb zA*4MG{{3KmE;hm#u4y`lm@5U7Yph`ard18Fxz8y-*PxjNXCerlsv3j#DT(h>>|$*7 zrY%)Fcc#~`9SeRqzIwy@Olo{$MQrWXy6v0BLkqxsSvZ$mw|-TWZ$p9piM18v!Kd&( z`@{(Lm>423?eGUeUIUsD3eB1w9<$8~D|Lr^)|Jp3j3%?rtie&J_B6NyV40eA9snZf z67~c$goGIW$8IzqHH%k+BM8q%ACJezqGOS9p!b$Y{tc&m@c;d1yZ1)U+TCQZXU@1pa$IE7K*eygaKGwb***^nfVVAG;_w;qR13hwI&{5ag9Xdb-}5Fcib&a87J zoM)hf@WH7F-Rki1o-Nx4ao+4t24dlv=%eXaf3!a`kV?ie2=O>|+kg|{^@`XK3M*9i z2DC8e$X%Y(&-unT8iD)3yQLHsVn63<3ftv=$Knn`~L^L!TNp_gnznj2&?K%lcpUe z$y62%I|DO-AAdBR>i0YlelmOpl9KnEuvqjvKB~0?sWJ+rBj*5=Yl`17?Kd44D9i~g zVnDtN2t5X+0~9Yg9Mvg$7Y3g|KJAsR1HB@W7tCllEFiHHCB7w!&T|Z;*QD59qO{Evf#1JSMROMuZpRWRjWqs=L;jJQOMY03_7LeF{-qd2&e=fJ z69`0G;lA@Bpbm?>LB(Z9%NT|L%1O(t-RgQg9Yf^bKtLBAv-=!g_n39u0=p|k`v7$; zcrQ{}HPM#A9KUIN8R9$;UiflJq6+|G3S9?^_>mT28RcnA@E+zcjJDV{7aTcg$jxK6d4}RFQLOEcU^gL zIR);7k2>F$FGqj7)~VaF+ILf!YZ2i)a+MHs#Kdp=*+-1*T^-w`W!IWntC>}r*|jEC zVPd~Gvc0el5E&w`|3u#E@sH}t{Ol|K<%D=ZV1D$}tP9iB zS)Rhy=P8VK;@jRVZqj-3;u|qci+^0$qiIiuZt8i^mR%T@%LV-m)68huqfV=7#`36x zK$HlS#&(!?7GP;<2Z42%6e`A?j;(^0ETH)#F?Dq}oJdl*^=NV8TTdmPsFYk*?IIZoPmpbdrUk*Y^# z45UCJx@e*(Ib3RmD-ZPyP2*CtIWD~v)Q{rS&V_I7WPd2A7cZxPR3LE{ey*w*M=sGo zs`NA>^`ehc!VbA36`c)-5taH{GP>45rax5{pG`iVhJCegK)Ov5?FeopNs;JWax6X` z8MhN+#k|c7eIs|WQS_-;w-lW(H4(~GGOQ#=;iU+IZA-O|oFv$2lW>3Xj z#Yvowj%)&RbNJCT+mvS9lnT**Xsw44H+qgpq7k2z4@5G!1AZg#(ZNkEaae>n3*0yc zDv^S=16wNDEf7e7&z}#kn|JpFggWH5qFFRQF62hhei%1ER7`bj8_Zm_*<$rJtm$lB zRqs#rU)ka6l)GG(@=a@3_=gW|Zfe_h^NKn+M4AE>v5r=&wQ8g>EN(Gb%SQGL-S}}& z_KN1VUE{fmp(`31r&qR`V;R4Zt!C~@xmIet;`l}i%Ih>Q>`Qi52dA&@*qGL)+rV~U z4{ch!5i#C8us7@%{)c?Ewwsw-S+JaGlT3=T-P!|MvFw=6(w~NHpClX$Wnf9<4{anu z?TCl!LZZEc8ESR?p^lDFzphq0IAFQg&c?u&&-Z5It#MHs_d*{v|A6sH;~ArLAIwL{ zvL=HgOrx>6zjx9P4y#d3F9%<;$l&|QlGI>J|Jus{6iN>^4K73XGz}16kqr`1RJE1RBFth%ee{X_rN%0wc zp062%y$B2~jMWOc8f%|uon?1209gZOduG;fCwyBmom5jxi*(pP`=E($3GgB$(+RB0 z;B_v-ROKbd_vw6$L=e6Wrd!0!kG5>x_9Mc2{55tz4x$O3ZgC&?Q{=vwnpu=dzKY_k zqogFwoPJ!pl9}@UiiMI;P)Ru?@}Mj@E@GeKu8W^J|0(Xg2s>HW)6!W!Y_YrZZDsIu zfQ#$x^4b*$=L>nB8R5*>$E_qt0X0nT)>e3jQMPE7I(C-Tk^J zbdrGORQ0Fx8pm`xNzy204`8b6h?~JymG6>ec1opIO8jIBESDawQ0;fXF|)U_d+Mj_ zcV`vD9cMO^MDXIf78b61@mtq1b|*L6sn~tPz6Pq3+D7>9I%0yldQ8d)RlQ(L9_r20ifv(so?F1v5Q-ftrXQ$Hz}_zxxt zH-zNvdUg8cCQ_PHvlJVoi!Vc#bvDiM$VPCKYXScc9bMj`7n)d-rT*}V`N2aiH)Xdq zHf$@uzV*<+iBG&be(gVAwf3>qs~=l?)jwW4{_2u33JK53`#^ zJR}A}6(JESG)HJw(0K%1C_?a<;vs=;M{nT2MmKA0aSS^|zk_)lcB9wmfbXNnZgkkq z+l}`dpTNYxf}!$RVZ^+fFl%nr8I3sRP^5mfVtoLe+u)ASQQ#R|tB#~g525V!!T?}JGjZqE1}9>2ryz@1zD>_dLG z%g?Uxvq3-W^aK6IAM{rOb_0M|(FXt8em6sAV|qT(DDc9k291P9&yu6{?qo%7!Q z5)G$n{s*ZZE|HGcunfR6l74bLP%?ykZmi8sZ7bnQy_mfXQ@5%=O0QB+ zk(AH76<_#WrAPPM?fW6Smh@qH6M}T|lTIvXY|fm>R=C|2nS^;qdT0F?uRZdys~$~{ zB}O*;T07cP=nZs0D@H9z7_1b0^lG=W&s=CB>pRb4!*>G_V;<*K|t4E z{I$3%U-mvOqbOxV7Mr!2XP1>dW}4H@!ByIlch!FHve5}({|Oa_6rN%yIc?v;K6o4V z+r}QXdf_wVxlI`OD_})RaqqUu?e;iaZf!FTU>~~NuINmdo9ZJZfGg|@$761wANo%C zM1wCte|)Y;zxA+dfa4!>i5jfSB>;#QX3}6im)mvWu+A>UV|8(+Cq^|X!;yyrs z+_p%+ZNS3S0@x=}-=?$BKu(`6@c6_@a=;+`c_lv#>M=3#NdTjy{l8WsI7)MoivuM;PfRq}Tan5SW<;|_%R_L}IL_~i7Vd03pvNG^k zKvag|&tXOD))9`h-DI0JTf*QYERRQX(XOb7;S%{sn6w8eirM^)Sg2ffbxf>bC~M4I zkxf!dQ`1?p<~qx*+OX`B!T}>fjKNuwbfJpIIzjjVYQq$WfI`D=smcyVGPdbyb7gqA zyssAULiaT`>9_9?^_t%UC_pkw+qR0{s=;|u;g;~&y2?3*L zye9k$27r0*-soVXSQi~0U%zL-$e9(YE0?88;;cqRLAC2Ol>-T)#i9dgV&;MA1`mMAQ54aWKdb>-D_ z!0vjiyOZM-uEdrp97t`#x*v&$16`?9{b4zB7qHEQqwtRuY?~pJ9w{$xE8kOouzapu zTRyzSz_MVMr6X5>nb~VQWD_^pSOxYMKn-FnIP@F$zMw&>3prk%ZiJ&gWT4k@x&w7N zTqPmVH(q#w#t;32-B9@MLg<*9|5pr+!QdB zH4l}qzj=L5%J$WUG!!MIy2;Qwb!~V5-qCVk%LQr%tD7boLlPVMvyU0AHti&!w@i&! z92u9KWgV5ah~B7k8nS8a#QuqF^`>JR4FTPnhP7SEioVGT>UYcHZ^XSg8?O`^g&&?4 zyf9t$Awr1O!wxx_$pOZW8OjMqkj_v!1~@i?%5lo6p#6jdLN{XgDee4}_ki z@FDJ0hDw3`@2bpH4Ixg}%)7~*8+d+-fovTj-G)Gr#9d+#-gq71J}9UM=F){1ax@6U zmnaabIS$3Ab~*2HG8K)oq~h=bu7Z~BOe-W%bpKx`+sl0#ag4E5hU&gmm3#NIg}>0P z+t@JZv^qDm_V4IVvR$mdBhirbNWav0AZyq{=w`cN#M-vDHGIph2D8>Uxxr~zZS-UZ zw|=Z|Dp=7>)>wAz#YE$cLJzo^L89?4_FxVBYz_Nx4Le@VK3vV(s#$>3IJ^Wv+9jfzLpbvW)r|WQJ^qxrbJITgPnrUJ4(#J|pc)#oU%ba0sJe6xAiAnD2P$R> z!n!UiWwYU$W9p0uo@$fZcC_8tc2}E*W&zEI@Ua$kKC~>G4`u3nXw9xvW<<;K8BtL> zCF*HP)EB43rE`Lx0hCM%%n3e5q!9b>%nW7J{*<}l7^~l0w*oLeSN&;|!{8Ec`?#^X zZ|Z4YoWyL4YC+P)s5fhV~~U{=v-WZMhLb zp8?U5^%gCieqjUE&FC#2J*z^?usM9BSSqTF^Ck_C)fJ={rU_h_qNCs|7>?EvL z=VLXHCK!TD(Ce$IV2cA_w-$j_2$eIrN2{v_Dl&&*7hgFLJ$%A?a3;&SXxM?byTs1if zFNA?TW8K$H)^eNP8}^K@tpak#0!8&w?06T!TV;j6ls8FM=C}J8*zQc^m@RL>f-c6{ ztyVkB4KuVl+o_6p1rt))tT{cKdAwYkYLAb`?~P0G+s)=Q88nuSr^o%lTYUsVzm`BI z3D}D4FL*b>g1MH=SYVm*!V6G0yz?qoG%W8NlF8_N1XkI^+~*A~I4UPccUY>Fhv`Zm z%u{ZFHDYIQ&w)tWRNfwVZ0D8sv>pd+861vvdHro2Z2{f!o9Z_Wa+}}{Q`<_lLXH{7)c;NT!n#!f~SHE*qOmNg)cBCW?bjh|f&C&lL&<~trDi?JSzl&HhS@VL->x#>$>ew>yd`~kkiTNH3hg3W z)IzhC0Vp_|=!W7)c3I@V&CY1ntGGOExGV@De4SSGx4KkcCj}31^$zG_-NP-4*Sti;IPZZxoWfRut~pyA9`~7q)DtC04_iP zcm*sC9bV^f?pbPC-`Y|<5ZqacA`;9W4PKlmg$% zgx|@El2K$vgWo=@0+c=;28ZnQ&bl8D`Q{uBS76LD<{CFzfEmOOv1mdmH71)dF0(W$ z=A_U9C70B=2VPhZ2VgjZ6VuWvNBP-lNo{|pp#7<9_n`P~^s67|ZCz%X3wAaGe^f#cTFPyjTTteuD?k%P6(lc223$8=o`h`t$3lA6Wwa)tWI-O;f1?y2u#3@qx z)=qd*0nePx=J1iyXk0jH9oOrC!bgsM`I@3zc}*|E2mbqXG@Hv5D_MF5UFxZ~K{<^s z@yJt;rJ2wVJ%}Qcua_I$GthuIW^5#kL#zqgp!@(_>T>;uHPUY%bi&GC)qqeZqEb+S zkVj!2%;ftQ!AF$pKlpIB6!af|Rg43%b?c_f>OUqBAnJ)?EC}d6RGAxCZ>5S4>nyPL zX7vTUy(lE@|M|amgTr2*rhFw?r=au4@D%c}9or|(f zL1y%_dE2`-@md@E9ekMJhb#Wx0K>1J8N~Yxj~T>y1G^Sx`x4XN<9ygD&f(~I#*xin zUCgvs&m?AYj}WkJj!xyOh>KX0+ny71b@xG{or%ccVjhmLTO)Tz#7z+vX+0p&EegSS zMsB6#Cmi=V9&<>W9W3Ff2ezbXhWpAq*5;E#u~FZV*49YkFydZiRz&*4{m%Y6XuZ#T z)f;3hpVTw@EL)K7A$&gK=qE=^9Mgk`;5#e`nC6-4Tud}enL&uM|wjMuz zsQT`O|4}--KhE3-obuF_8^^(T(*8V%IsOaG@p|C}c~`t1Ytj+`*lZZ}0pFjVjYc9u zL47Y|7`m9|zghx%WYXZ2-@5GBqBJOb{e&_WdDYtE=A=5|&nwOHg5M~p{i*{Ak0l^|v0kI)Or%J(k`qNG#NU$CgGMIpD05!_HT#dp-0|+MkAR+)@{)WT_$6NSIs3H!ElZt((Xf|xTTCrgSZzAGzOsJ({(<9nFVRrlRHC73-EqsRt@B%JzWk*n3Mo-& z1^yS|^M}AWo{+aZnq-IcY+lEVI>4o{>#XdMj#=(av$6CRSQ{M^TyD2PIF$(>J7kzQ zh)Osc!>KZtecl(o^$E*2fpl%ry7&0lX6Q#IWAl5pWUEIYh-9_^#U8qWhYf)!Mf;rN zEu|m$LPdv=+)Pe|L+oMAZOK}WexX8lX?2ha0D#8+STV4%2C5=KjUBUrtkq_1Y?Zm}n3*eJ`g$rB6W9(gC7D;rIqzK+}qB zjP#0ZEF1^eOi?yQdXdYMZ-xZ%M%$Z}-Rmk^4{=VCVC;9s(F+sHAw{ZVm{=VDyEAPXc7mxAsmGsA# zq^I(g^vBio9FK?6Lu01&$9MSq72Fu4=eW@5j}IvCFT_t1HMmiVFB5`%wNGBPIldQm zF75tNIAQ@U zjc}bU1(!KeH@!bV{>{%{k%{Y#Ct5K;!6!Tn!q!6iMbceXDc}uj^Lz zb+0n8lyT)HxG{g+ymIAccJtK8$W%#td4E!SiC&iVk8~UEqkpbb($jc0^7I$f^u4@4 z6BONpIIdns7UrDHYNaeJSaWFG)}1#c|Yx z<4e*%luysDL6mx;U;ci=V^h+zYpzn>PiIU?UVoqf^7bC$=@p!2s=prh(cT_huy?~A zmB&yu3RxM@%{tAD1Y1lKLwG9la#t|4L0nbRUF_qr zGx+-iGhoNXS;ONd0q2(h93IywmZU@pI3QH~xe3Gy7Bv(~1IK8Lf@#2@2K)r|7mstr z+w;HG_Pov81Dsmm@lt!t>iuuxs-Zno(+FQhH@v@_5aZ=<Eu5}Jr>C`hK<)`` z-Bf+mjt#MC_ENZhpuBvbKAgXfw>34j(eJ{~+4_YqW~Q&+yK_V0;_KpbjdOS2-XiJ| z2vL`VNnW^dB$r#!5Dqu2$aM@1bhHf({T$ekSlU&S+IfK?FJ4L%T*^d2fRT?B9W+1NQu7mfo2Pb z%I=5MZ57&NT-thbd$I=+EZ|68qV1#YfRy{F;0Ve=F&K1I-&@D#U{yC_na45Ik(2QD zJn3NbIF=)aPj2_vsBBtTbeaMe8Wo%n^3i`ScLqA%*Dj!s&%6riqazSvt*6y6au9r4 zl01?HY4!@plVnVUV1O_@P7(%eDVk?Xa~s5?Ue*UU`wcd4D(7n&4!Ek;RCY}@_>9e0 z`unrhOuO)9N8f0)4gsM;wb#@SYy>cD%d~&ACc{287>tL?LsqwO%4$nC4<_S*L2so$ zI2cUUwdzb(!+6jct?x}`!-Kxc5QT!k90T_yTDcD3Q}PDCq1+()HRT!++q}(gF=#bL zbFg4grx(p|@td{WX~8)bz^;68evWUm8sT7s;8zB{$E|q+M;tDvR;Lrp1I(8CiIvHu z(+CEw)uLsG^~S^Ieu;#vi<&xDf$*?G#zJ+lWCU%lDtxD7 zvpN3BfYG=E2vYjcCz)2e9R`Kc2BGg9Ae|f+8~KH-wTsouIWD{c_&)Lk;u9QIq@@q? zHGVn92oD66gC{L%mh-Vx*b58qUbz-O<=ZQ7y`yr~zTwU*v(<){`jst_aBa_1E3Uh4 z#qLoyZqi?OZO58M-)?yFvW4H<;w|Ob#wajgK{Hk2R>aHt8OPm77_0%f0h&!3$tIaK zXH2h{egaRZC-mRce@~D7;aUL*j2yFyP7OH#)wb!S_)=&3))X=U8R)EEqOeUBEtG=@ zo9M^#bO|cq?nKvymgWsz30#|7aGhf13;%Qp2;r8#Jp{kEr%%0lC)Ivla?V7&X=xl` z8n;_8PhG-cd92NK&?UB84q3#5IQ+5LEi>dj`k0gq(& zz~wPcetB;5z?gjtK)|#(y`f1B<8+AY(9A<8`H~ZE#;OJD+{a!he!@)0^CmijAU`l@ zKcE~jWJU)1Q-rQJoF#Ov9d%MTF0e z`n@zJG0g`ve-2MSJa^!`(v~*i6>_3&!&&z$hFddPwYt5_={tQ@$_!FcdHgX2_v*+3l~sehFY(}*^mG!Kv z-zFctvaRjPgYq`{z}B|5tq0_7`9}|hTUIqTu4)M{xUyp(7#_ZEEXyV*S$6EY;o%RA zW!H-X`2-*d^s^uRTpE|SAK!lg8VL)(ljnk@m4LF{9-d)V!Y{e`Lj`dS#&5$ zUmn7j7m)QgQR5$??3Xa5x-0rhRGf`6Zsit-otuP+Bs2_AtWY@kcb~x;LpS88*@8Pq z#4y>(hQlIVMA5^Iu2ohQP6maga{?{gK)ooD7Nbmv;>BZuh1Sw z2c__fQjGbCEdr0)*b0j>zCf{WZJ)YvMSR-_wr$66e8r7ZPvs`|cK^p4`**S@7N&OY zf8#&8_fC)y&4gz367x-&t*?##gAuMWp)erztm?<51GW{CYCjAG>InLz7z|j z*bWg%ramM1Or zoMgCRc^%FVxHx*@1uU{JVEU5Y9zS#fsQkeKlgEbu`c{h)(MR!)i2<=V31e#|dgZ)) zU`vaytk!?$!f)ek6@G-=Xlz{DnebP%CKi5sr@yw$*Rtiq;)}TrH?OPPINsx1I~434 z-_qK(tv{9O-`3T-WxO{ywAR-%zOioI%^T1udgmZ;s5q1l%?<~h|Vbh38fpgrCZP0R-?Zmp`a+x3y)coSu5nkQ3r3b#wwuV9DQ zuYqk{AK!inRWMiw3jy+K1ZnW|y9-d%U&!H92hjeQ8aaR3iEdGpd;kOH0iEdJyG5~I zgNIHISZ#cb;+9h0FHHwq)_2veYLB-zRd!{Znc*E>mHi%jPgAnHCOmzW-Vkdk_jPrq z>*Kc5;tv})^reFhqxCf#yyjfHob24x8TFVqnggz~w#>>cEA6qGSi=A?y_2A47i9PI z*gr$UHaUm5jDqW!+d-$u?oqcG!a2V?WIAS!AQo0APLWE(p)vP_YXa;C4l9sO>zFdb z$5R0}>N`uYnVi3ed_>zBolYQ-8$nHDgQa~Ins1*!4XN}a)>JBP_UAGYBCLAYxnJIXuSE3PmgTe-1%q6|LnuNVKK_-`u~U_jI~qfg`d`Z zm5)VyY@~{5{S4MwgFe>mV|pKpMe6~Kbkxb3am?eYs&-aa&AOZ(m$S;{s_xuky%ye) z$LdeX6~_|5`PePdxsY_s-Wl%{J5Tj(H0(A!jEENVEmN`dJlyr7fi;g*vjf%lREwr+ zRt-S7HrFN>xnTm=5rHyc4ngZ2O?`6HQe7-*2jYnBWZSh2ubsmpKxpT-jL3!`up@BA zPypD;)v{JZ%v&gdiCV~aF7H^Ery6DdVl|^{on`Ii7+-g|vT;YY?wU>EhKjh+s|}>8 z1J-oh+f-9N(V12N-Fsr;x_H^11viRL$ zz~;0KZSJYNa;&CmbVqCLq+Ac0X@lt2%naBm~t%J#{6x}*T8)B%vjIfsb@c^ z|F?RP)EYR;OQpMP$6CV2>@{%&nW{O}>6^EE`aI${J>T;zdL)mhzFs(qLmcu^JQ; zxVdR4Y1P$rw=7U!88_Ip(QLJ+b=(uny0%>DuTFVRL|bc;hM+OqJXl_~TCQrWGzWb) zAS;Ppt-+vKBf{|}oee}Ch{)wm2G$uY7R@RMmIiC8x1nOhsqse3yqWf_i}t3)A@&`K zWbPN_#+HiV3NZ~tqzWchFkd+v3o}!=Gc1mU;39ydCCV?NP@FPcrsgULsdQu3JdkaONCBGR~mNF6k4{7$D|V+?Am zD&tiQ1_y!Fn-H&H-lCDn*q{!38CI&IV<+dA$%POz7uz(qlTb*r@K+01OPo?*o#IA@ z(8`mufK5wO>yI(^ow#dKW3?DN`kO}UeBB$aj9*~a_y8}{7^l@8MwB#cVGP`S+v3|I6m`%K(y7#Lc@XE%kNDUj7!qZU zX;0-20{5frnChu@s;X=*7>t*D+B|ze?eq7T*eJ9nQx)-c@&$zt(h4+l4L>I#=UZ+A zs?s-Ee_TAn-R(GC=fyT%7;&J@x-AdQ3z2)s?PI2LXF;`i8 zMR{A93rR$GS({{N+w++#w|;t0Tic#bZ@uy}d)h8`R*diM@83IKA$}-3d{s}+Rl`~8 z`_+r@2*1bPK>m&v14z&6fcRpS5ft={>@`?N%}2F}Yi!Ysndb!uz61HIFGr`O?_3O> z&xOu$6$Lo~gRLXt`1!`sX@e`~Gl?VP?C8Rs{+Ns0J&7-d)@DhpQph9h=jh`U@H4DQ zhna%j^S>c%>Ca#@$MuKLKqNNMcU&>TSUeghfD*G}-D97>|#;;VQPqtYVVX^}&sR zj7s>9_fjLtnRVFU=W=8Zh;YDM(8OoQoZ*F~;3K531#d{~0Ia9!G#Gm$E$;=Dp&#e+ z01gI_a9w%KwB1(S)|+reVr4;_S8LT~0;!gYxOM!-vYnxR_IT^ezCF3lTTYzlt?I9a zQ8iSsp0bA6mlmGBZQC14|MGc6F&*#X->H9L5`^zt_&jUG8udN&cdzhe#Fg)54|lRn zoy?SAk9pa3Zf10`5ox0&wnz-{<-jUBU}SrsI>pMKoim&?h`S9345C3R$7Mz#F^^q~ z$*?yz53TsdZnmPEbsysqW(}TGedSg2>9)C+7U*HK={3;0jvEOrl+M?eu}_49irur3 zE?DV-koW@mo98VX_==RFt+2QtVY9@%D0-N45PkA=j){e>z{e_U<#MOGOtlYOeKo?E zcq6%(J=Hx`S3eA(ua0b4Q^Fq1b)`mn0>g6c%8dqpvL;r#a5=A@&JEPX48~M-W2j-g zF=zuIo(-{xgNfR>eYGXoQ{M~!UC_1~e*t}s_^Jx6Q+zzg=8NciQ5XmBn!p<8f|lx_ zyau=(2B0782C#|9Hiv10fLZ^kw3I}^&D7=?8-rSE-aM(9IN`p}Eq=t!t_7bq;@b%8 z)%ib{DA?XdBz7%!j+2i(3(T=sP2mdV5v*jP+1JR1ktZQhhZ^#m`{!jLL>*l`n9k+H}HCp)*zbo1_ zQgP+3wO69}CeYR2aKDGWz{rs{NMf1PEQxal#wlh!+NwQUu|+Z9m;Cyiwk!R0F+T%ag|G-R8THg)_fYI@f; zdJ~AKl^%?HJgu>{>jSxtDT6Z&;gyQaE)S{m~+nA$4+M0 z2rQ7)vrcTt7^*_+UV9x7<;pNkt4P4=StsjxPa{oDt?Nw zc`@|H^h?CwPG=N}5EhH%S*UQht!?a6wn|USK)LO9cFz+=PZDyTNtE>A<~7Z4uU`Gj z@}{T-aK5P1I56PfL7lupr<}3Pa#fP!aX&>s_Sq4Gc9VGzF^q?W6Qm8q0X-@MUIy%q zy8YAcuO)pC?M2+gm_FDk8RTga)5 zXCj=OCoGS*Whe9}E8SD6&^&Mj@zG4&%EcG^a%XsuW8zkFxz}+*@;YS4w@`I825??% z^b&MNIrRMm>i}OowtnCP6P0zFj;x$IvZ4C!k3a9LA8XpZbs@DAKc}D6Rt|6P>f1e% z&5rEuJMan9lk6K6gG~wT!pBUzCnv8lvty=f3;V(azAumg4)yyA@$b;1VPUNt6QT|{ zLPj44_5mV=*h0Qp&*PEsm=~<;yaguxO4I3s3^RUM`A=CV6r{r(Zxk;R%PqXd1-!3e4>>A67U;eU~ z8{5^v#NS@GO~d{k_3T)DN3voKZ5I}0r@ocln|m}Tp7cE85$|!aTB;h!`1tS>(rD2Q z83rw@YAYSs^D7P5?<J|*4+=V4=FKwKh|DgaN=Fg1fDy| z6v^qs>xg&2^<8-d-sL;yNYHB>^+@ALAPv0uId0IYj@r7(xYIG24bDpmC>$ibYn4QX zNq}cC(2I4XX3)`O%AJ9~K@J4b^m3n~X==oG5C&adpT5`uhd6wCOTDA)i?os#wJ!+d zf&G!6H*&Qa^qNX&Cjyftep2jdTL(vq=4!~Rcw%8z|==enAy{yKBi**3bV z9-(+5wBIRbIWNM_pbR9XlYaUwLGYaxg3$VUyrVezIPBb+knR4(f`8-eXJh`F&Mjqi0JWut~JQ^xTL*;0e zm-7p>AOTx~EOcrpM>xLtkHTM|ZVs@=x`4nY5$0YsFZp~0i^18tur*jmvc1AWj9HTzC?=ug~ib-h}Ee>?_pYozYk(MNM=K(>RyZALH?Bs)zI( z@X_+)5kD=|(+K)T>(wUEwX_LT9@jxib}=h`g^&H4SXLaeS=86n_{`|6S`^fbbX=#v z)4}#1H1Z~nA&?FT(Vf-lNx&Vc>9{<|(|uh@huEBy&J_v>`bj1R)pS@7gx~XY@K>Vu zoe~81X@M>N8u~zsXr5#mDzHr4x={osYp8sM0tlMO|tQ)A`g&p$~a_-e#U&dUK`HH*mQ} za;Ec_zL(csN%yaKZ%p=*yi}1wN=cVpBkDqUIpt6*j`#C5mcRcT>Z6z51mvq)LRW{W zX_7fQsRZ0(!Y9Q(HiDSd5@g2|8xYrupBDcb_F^J4h>{G&p)@C)1n;XAWa%ght~(og zBXkxPF4MsmbAdOobq8O>27$wWHgc?Wzxc-Ivyanz53-*Ni=agbu_}T;7Jey+PYB;c zJtW~%q6oLKenJ4+0iKs&6<{wt4Xg(@-m*9}R4ab@dB=C)obir0z>Y~4r2W zpfhqc>SWbRbk>4u<4jRtqMIt}4n|DyrI!%*$snyEZ3}YJgNKOb zCGl&E@5t7gJ|va|d5tLa5Cst77T#aX^CUz^CC?9JYeO*)6>|AJdd)+ywd7PRiM|@D zlO*(&7IV3Bo+_;yZ-|oV(sK3}`soXB=u+zTE7`hofC_3EDlMqco?@P--y=_HIm%x4 z66P-7%QW|#IW1iETu?5{@Qv)5a8$YaeEcdKou1JkZ6dVIJ(De8dX2@D?_Omae8wH% z-=8+~?U3dkcOq5S?&W2ld*HNi>z`V-Y{cPwP|m3JjHvbW`;{8FLdw;H>QYVZ4&`dG zD_4_+U-Qd5RSiFd+VOqv2RQWBir>b*T?VvGo#w%Bofa-US4DkOMeju4@GJU;uCfh% zQ^ot{J-g4H@4h-Y5E!kKkrgZ%=NtId<>KFE;3DCv)vA6&|JBh($crn>DowzZe-Eim z#g%_|=R4o4e8;PlF0d=#A=+>r1=svuswexum}7uVpk}4!DkgaroKsOD6YIC zh(PEaxbp9br1BkCrQ;&X_fSOn?o+7s8C>~uuR`bSKg)9GVw(|Eq zjq7DPw%ErCm8o5f{so!*eF|4;q<)qMA|B&vVNwNh1E`{dFtiU ze2ibk{W~RHo~PA(;V^fioRf z7w5~Qf3hRb_xy)!?JZ`Z0`lwmGCoc75Y}eS{Z@2RZAAD?y>A&$73#!mucXfxppNYZ z@g;@#7xbEY7Po`fT3n=YD7}Af@dkdM)*Ls+ryQp%7cu?#s-vWrH0piu?708r^Yk8~ zor~&yvTo+oqoxli_W>}Yjx_p6;Ww%OIlrm7XRk6&x zOsr{ulG6URjEB`c_yM&KwSg+66vZ53t5+1qX?gl5!PhDL>07cjQp`dHi^Ks^5biv8i|@%Ng?Qm<@I{1v|hXsN|ur`7XK4vXe6Q`rHn6>%3ir7 z730An!IHKt&-3(q^pqFSf1`2)OuWA_)pnb z*1(e{@-(NU#rP_6sOCY)3s@l}QJcU)+N5M_S|i%(RU!gCFHip@#8-vK{x{iLR?I>L zCmtIh>vZfX~{Z) z`wPnbTDo5tTVP;)osUVQ@N+(o!Ku<7fcsxk@8i_0xM$%0jC%h;ejgl%n*NjOeNZpb zgF8S!DRMZ?doEvV?!h`od%Mn;7N|W&v)z@p<fsDxNeNeP!p|Mcb37vInMgwuS?yHS(kn1g?irukTP zGwyw*@&k1LQ|f)#V&=z?ujwoJ{OlHf$L}liP|<`>ZpRSUfe?e$ z%=>0}+H=BBk(O(rz!mh2^W+^$a_awO`W4NCoH~_J?wCMo(E;wtF{X}kNg1?8EA@F& zIEyk0+(Az<8x@3Ed6{w^Vix34#<_!PB|0Ylt8$(ysT*&Jl1D8BuPc;8W3ANf3j(c- zyc}WkYAUCH^77>r^E`d|Jf-DuKH*IobLlz#lKGFZ)hYL@N@;<3#usSJrRM}}X&7^L z{^S00>ivJ>_X|9u^ilQx{rtW<|B?P4^*%W6CA8B3+ChE5)$6!yfd1e#wOYA<6Wu47 zfci<%ks8oXijL>`!|Iy-L)lng%k?&OoJuZ}_N=-Om@cbNrFSZ_!1G&F%7ZSbr;E!C z-T8MaJbf|k*;NWfM=z^;rF06v_x$zhJO52KhJ&2P4dvgd@SnxBXLl&?3@+8vF22k8 z9!jU||IdF%edqI#>8;rQnZ}lXXAZoA4*rVyv}eDerv2?DI$d?ILRxiidmcT`_ragZ z#&nYJgQ@&`mHnoe_AJ8dVn&O>%jsiz`O4b${B_0l2mO4#F7Wuux=3|Z(w^O>wttx} zR+;mZPMIUm3l~61e2qY_c6ahMf-ApqyD+DU>CX!Pf(Nwz1efYyIjszdW5hEMT?tvz z9b(10TX+=TV$X^~?;04*{NlOQQ$%7ox_Xu?6m!k^r_$xp{Lm*B@<))rhUb?p$_oUp znd7+&Wz)K(lnwo2A#YYT=aq}V`9c+*om`J9K=t@6*F4fP)ePm5GB>CW#rHtxSn?iN z50R3xW{n1K`3ipvz3>Oma&07DgX&!FJ>}Tj?&a&Z(i>SBZ&LJ-%iqM6llv1d3|V|Q~C$`%Hn%Y3mP1X-A3B4xK3iO(K>F-2%Q}JXEe(+ZBNPkeC@1gf&W#!LF)~2-)`KAA4DX&t8Ll>dVA94lFt>tX2m zZ`9|nQvGRd6_omuKBlDpi}d{S%5xLtr?r=!e?iF)*>?yysWexxw&6MCe5TXf{hxvm zlwG3G(e3w5GE=G0ukdBd^Fi)c^F_Xz&j!MljnNV%fZFFuUZQQKOy~jByb0Ma3Eh1t z6GtPLDh1vnKlB2Z%OAZ&LvY#rG$-!BoKRZ5v<8D6LE^?YD{X)5-U*J@!DbQT$b1pxWJSUp} zThJuw14#E&r26Oc`88iupZ|hC&r|&~d79TKvSf~PIR&bhzF5eAM#;}*#{$($-{Q|f z)0z*0rt|uUEax;p)e;Vgh~K#6xk~lQbMTu(l9kgu_8w|K@v^iE0l!zJ`zxm737j03 zvbN|vz7H+U%X!;EUZQ;^>(>^SvAXKmDP^mCE6V1)ZXrLXzUdt(TV&cxS>N|~2j_hY z?t$bSH zcAO#R)7D(VyVG7xyqmJ;gU_dt;rtk^DWGn9u5ZxKd9h`jKL#exdx&netb9%@od&=2 zY$sK$Bwa~4kP!;yMAS20yF7^WrBZ_;8!GK7v|V$uq&~mmai?M=Sp)c^)&D^loQGsilApZRV*syKJZZZUal8zS1_j*Aw9w;{O{HKI$`kf z(=?u{eNplLop-7Ci6?+>rNR@a+yK%af^C8k>z)rQ9u_>|ip3$}w~OZl*x$+yOTyq7 zb+}eY^RJ(UT|(&P5G)9Dei#xrc~$$WZiF#?*60Y@C9gG*OSsvVK3~YH zX%|Inq&gv45gVA^ua*aYrCQnaJ?Y2NFA?HNfae*G>jI;6{i@Y9YSFojPND8)=6L;V zE_ePM?Bf9bjz~>;I|3NV9r7g1PH!?8Ds#oked11M+^r8g{qaQ1na!4wt9h%q3)U7F z1h3E_d$c--(448sac8@Nw)jXp;WU&E7YBNJ$DuXMe`o|Za5hcEE(C8>eJa? z@#~SsG7sx!dPl_TjUZN2H}jM=iWl7J=A=2~wb{HObFw+@h9yN(oPht-PWTG=u^Vn8 zbmud0;dPCAZv>#WF&59<2)C20V)|jM4#+s_4x~^S*&2w9rZREe8icVEEU45Q(`U|~ zIiEX=dcAs#;TrIJM zUt9dQXSw`K!Vl<+^F@4~B9EHd^A(}IN=bb5*-R9|G7{(0^0}(K9~>ugoZSHnIlMog z<&9@EIVFqoe)5T-IjX$>q^e&Osv=wn=Z6aUcjwd5{4DTSoTu%PsXj|G@p-v;UYTbg zn2N*DQwW29#plx^Bu$!s;5Y7E+_iWbPw*V;Ev5e{?q`MECF$vYF+HB6UK=ql|BlZ~ z$Yz`ie-T$0&S75eh4GC8R<`S(al>_w(+4baoSs+AKQX^;mbmMQ2V`Z2S+LgY0$z#3 z<8e9-Fv)qjkwU{FN-kaCR`>e(bB;H1(=g7-g#vGoIT6jL0s(=>0WwnV@Wjkz@n9h3 zjAlIFx}o`IKC5h*!lZiT@$BbOJ=8CZ`c13#+kIMa5`|Oct_B!TnXB0~G z(rSVAY5)0i`f&l0eQ8_sm4ixe#*ODE&?m3Ffu81ctF@p4!5@|n0Z>NEJQu2>}I zPQ^kd)_9qDxcGbMezcsH|BmJq+j&OSlDv-dF*?3dj;{Fm*sqY*3S2Z*PbA!q^C7NL zL0ZdFozikUKFt}VE!y$9%JAl*9Up0;xN-vI0J=Yoa{hnX04{Hj=4447V-DUPvccr- z`6|(p16LuwbM}3KU*Ptjq$lOD9CtUX|@!{4VT0NneC0JTO;P zOjWtQdhw4)8vxE+-nR92?1@TRNrR}kNUP&jQs+FY=X1V#`JCtXi*ufyi$VyrxJ{iq z8|C^D*G3o2>s&`)aOBhIp$eOle^Demd!e2iMT&wbH|-uRwnnd zwMVY|u7^G3dDbJ2d#(Tqo$Ng7a$izCn#=;9%jeE$E$>^^4|YzP%M8u1pToOAGa;`LF1b?=7~M z8v;wZX4vZ%jDZX7)nVdI^10uQdJ}(ry*i%-ZyKiFikY`^R;8q+xzE#r=O(*wK1xm( zPwOt7`>>X#eZ5=wB$gS@Az(cOe*jLVxZmsX{A+kl>&5G+%Mq??Y2xSaiY{fjE$)`D z>WP~5R=~r6GsNbKSK>e#rpaWPCWr7acqhEwqCT?Gts{cU(q<&E{j9Vgqlb~ zT()$JOhm{{jRgB)ST(;vvIES6IsY;3MlG&>xZ)Yfa98szmt7P+h^o&Q$~9d7Pf`@u z!H^zh#5&Ku3C~F1mi4CFFn^nb!&#sz^bH2-AG5~;bZqfj2&ch zj9rcFYoc(jQo`mW>vRf^aar5+AV(d=`pw3ksd!lYhuLN_X+ZjY*y99Xdpd;*IdI1I zitQ&h$>!9`5Vy24Bs{GdE=S8GywbH7o7U^T@|deE6ij-Z=7gtYKX8Wi*sf3v+G2pt z|4#8GRSs5l_0S`LEx7D+uB$IThkj?MXr~Lgfa~f(aUDv2=-P*h_N#c#wU&5Zr9Mag zqWvYFb6q{2vy%Kpn@LqWgXaTiv?Zk>b@LE2;XmZO8HCe#)>^~rjWnXeyrF7|IDAG zeM{`f3O&G1yvK932h``(|Hbp}()Q~MTvqJvTbMRvO z|EZ9_^gO)SerW5I{$Fw~UTiFqWDrt28*O^nt?$zu!?=89ST+RHZCPuLwT@mrQ$HQ$zFU_XKuSV6y_Fr(#@S zJA@lyCU!=6MbPqi!44!A9AyLP0hj%-gV5tR5CNf20S9IO{@nhX5VH*qF!0BPdgsh5 zuU&kRWS1rmn4-EA(+x7bc5`eLK+V-kKpsl!(-cltp9U%cFngd6Dj%GV_Owz0)hx9sZZ*mcXq%3F4|U;Ml~5^;N?QFd3{;R{FI zp2)&W$!IoKYceAeu&FkdjV2qCkwl~+>la6)WLR&~0!GKe9ASHdIq9tn+QSZJar-S= zlRli3Mnr$MA>xdla>PSES1ih|n7CzUN5@VSck8b9_FcDzqaIHF3K z-!eU(Zhv37A>y=0jEJ$`>+1QJZks1v8_te|02g8R!ee^jRHxY_Nmeh!cNQ9{jMS$+ zdR7zgIg`PFJA%0qUHm_~53!F6H%Kw@W;bfhWow49uHd?=JyMk9OCusJGrly_45ha zCwQwTyfNXgCioMw`2phK3GRgPZ>CO}IsVT_{*+Ui_qhkl#*XLHO83p|VI#-P{Q1c3 zBfZrl-x&E@AivN7(ei*13iA% zWXewmzBMo~&|fyt{di#Wz^@1TiwC-M2D*a>y4wdH80fvh>23pK2YSH+`}KFH^p6Pr zPH0}JpY;r<_I?`L5*qYKsQb&%=1}j?Lftu`Zb+!RJ+wO1n;g1YKd#EZ$M^kVU-aru zx!%|PY2Q!#dXMyVoBO(d*4LfW*WKQ?n$tb{PU`E0^pz1kY&h|uI45R#jFAF#A6Z5BmAs4BZ?y~NBB_@ zPegci5pI6O+Yw$+#Iy+SY(#dJ`)-80GQ#Z>ksjgki_^i61$$Y4AAB&_do3+6L* zcYd(j5bW*=c4q{;{O*0Q6EwMrvo3l^#trSU%=DQ<6UL@ZN|PZbPna@uMVgzP_Wd;P z(XE zNgI*or?FPeN_y;&nR^nBB%Dj|-{Z)ti5EEtY@eH*9U7lBbN1N9W4%m^aIy!*JUnyz z*aKs~80(MaMZ(On*}-8m#}3`+IloFlz6l&aLAdO(DKk^=J1Kv^nVmdr%*-FB{!Oa) zqf~cEsymx+&fkpaKQmRnmpXXZm|;_f`NIwlcxdLZQDeTFyzkzdWr-tZ^7p~AM~3lt zz$trZi2lwli;C0VIBH1b%s$C(aPlKk$94*TBr)lUc+SE8e%x~V>7?EKg`JKo=j|}P?>1OVVY>D)?M7qy#WQ7;TLEQV?<=KJJv*tuDiCh!8Bl1>cuaHQ$ zJks4Bc_7k@iyRfXI+C+0-H=Fqo9R7q-gkfMzvX*h`|fSuox`{5-iN-s-RDJ5obN^W zF&yzWFgPN1eC#u^Ka9$)_um}{P5UEV#me$e;fPD*pso% zu|acU*Tnuf)(?pt6YE`wy&3EMb?o-oFJk>!v8!XfNwNCr=)U^t=!ib<)T%!2-}TYY zXf*e6XZLZp_i_97aYOs840HR0xf8=8zUxFqM#V=hj|$3qGwSc7wnkl!3UZ^Ki1O;9 z+M>L-quhB>IZ<9v)U+rsH|pJ}JyA!pGom=ZYebaSJIW1-a=b{-d*ZU!>UkUm#+&gc zJh#+y3whkMOYU;-6&7~AT`buKGbK2gpYp?{KYaCvuj&X+&fwIKUfJwG|M(6sek{hW z-oMy$y(cwuhouwm-=P~U%)86)I>c{0Tgu_3|ltD@Au|A+2G%E)iT zx_|H}0(?_z{_zL@w)EtTfIxTX@5qxq(r|X^7>hus8D|EN&=?&nViR^S@2PI35@14EraZc?a^%R6560=Q^95|K@CS%J`D{ zv~$Jj;xYK2_d9>h(HBwS9JTge?EKxu@j7;GzNWZLZRg$pdm8g(9frx@=d%ZdM>un` zIQZgwS$#<}VI*f_aMXs)pZWWg&d6XMeN7W=UVC04sjqq3HO*-M>4~UeWiz zZ~2E$@aoOZU%*jCR=>3J`6t5o=MS8x;fu~}$PwG{yUuvmEqx?C>4|>)Yoya3 z4&?QQ?huDs~>bDrnVGOj$!FQMk}_tV7lVqSorT=@k z5C0Elo-tIrX(d|mecqTdd>5PPgjHi>6pUFtL z_y2}OM~8$)MU_PdhebvQhe!NmK-8fAgL_9t_8#1SP}G3=3FG}y{;ARVOF)5Bgr8frB4^ zCe=L^`Sr?wd-KR|*NmD*Mumn%MNzw7ghliZ2@mhTVNha7BCkS&2M!2{Net&7f0`Ws z*rQ(mh@h}x{GQ&hu%L+k-lLDjC+}5-BEmwW^?Vo1Bz`~rOV9IN7Ka*;>aP@b}9dCv@;~ zr?v}8YlB>4Z%(Ze}bK?Kqo8+{3nNc4x>MpO&*dY4T0}XHkZ~24$O@S`BMR)lH#zN)kzi;6kmcA5*u#w~YFey+E zM;lX&sm8|xw~0^ZPlz*#F91TE$(+Rz!ux_KhhJ_FbilJbTZSMHIUtXyyh6MNg^}tj zI9uucg-VZvH{lMuTC9|QiCrxvCKO%Wf=NgliacU6cZH%Wg;S0E{ukkN>Kn?sdM(UA z&QNEH#bgG~5zY$SfCb78Ia}c=3s)%Ks|+;5TIGYxV!iJ5t^}H3gT*vj%vDR-to*$e zks7tb*(!y)ARF3lfm@V6+7=5{3ffk9hjR0am78B;ca>U988Knh_aIC{w_(&*Ob+}7 zoPu@2kpC?w3?KM=cuFbpfnUK2bQMM|+Tex2URbAly++-IR4s55(uN@wcOjMdzOjrn zk(AN^(|L0oi4HsA6y6I(I++%eg~lQ&y`8-tNARUcWViv(8Y=?l39Ix-O0R{rctxaF zXRKEaXtEMEDo?K&c_RJk%xEIf8&~}eUxOT851sdUKV={YmqN!ICOf{xELkLfH;$a3`!lJ3m0GR0{z$~X9ETE>* z*yRvBr983D5m>>sXzZeJt#YGwltrr~PkxE)A=qH?jmncfXq;$C9dE+f${(L0H+)7c zR9SeA!aH=AU#xs+vr1WNF=ga4gc^0h(Z&>GsxduKMEoRtYzWr52{ULlL$J$vX9yB< z7ZQr~N{MWQ(Kc7n^9{JeVv2PYeJZ|`m|hT-#7Fq6F&!{{+;VL_nU8HUfdL;3tLbW5J-_7<$5HyeiMUx62t1M*V} z@{9E<1pdj{(y zx@Q?X65R^b(N$lR=vJZmM7P?mUX=W9m!$Gsg}p(N+>24p-lo6__zvOWXtE227(?kB zhoeu$L?O>`&fUKWhgeJkat=p7x=TJh9RJbPOuH)^+YNV?TKsZ6XE?sp=?r(z8mknK zY^103b|;Avufs@sk|b=VZJ!BfBMIBJz(k8lqQoS8TTEsZm$$AKPBlJGf0D%LOfN}a zAx=T(+8Lm5mR;4^21(ef4L)g{X?)5!*Erw!yydwNjU{0z$*`E-HOX0GG0X7YBqs;| zN^;f&&cHk?tH9(eR}R>Pd);%iktFOg09K;;B)3ZPPF=eFUDS(hHOZs}bX#W5gNZR$#Rec$ZkMyWAR; z;@)DM8sTk(eKNi7aMpTBeAk%TV_|~y(6)*a#(8;7GU?0v_A5|%AK%6Qej`pHJyw^CtZZ=bT93W zQrx>rX{~Q0?G8yy52LVnH}CR7u+b>2{3(nM9EL;imQl2VFgVP@iTKGVw9x@a8dmKGj z1Y8sN7g)e}KhF8WN-ReYUG`Rsr20nyQ^y=f$BOB_`-or47-gP|M6E))< zkMky5JzdSRl-YsHglFJy)Z9G~X!aCnM z+Ua;Srf?Oldpx>ATKfMkcroxEtiz+mGcGs47|B3yxdUokevEqEfti8dI*)O0t24oT zegffUemhO0MhaTJ4mE0|&2P#YT-3MvZRbHEN{TsF8y9 zS_x~^NU>2P#YT-3I~gbiZ&Ys6uwx1uxB_$N)l;au?#i>=3ea8(qXsd^IT&ixNTKex zV6|kUheS?B4a&7qBZX0e5@}_`FkVn2G|&X~EIE-nc0tu{BDK2)qtM$#YIg|gIbtF; zDu7ea?L_PMCL(Pm;b~}TqP3uj)`BKt_shhn1x=*K6X#q03$gD+XAz^oM1Egb;pJ9V z4qh}7D=X(bi!Z=B6Y23qsHA|(MrBcmOsb;BEvs9{CD%C8NYL-ehOQo8nQq5ASHnOL(+8n{} zjOC!iRI^d4*(jC1?mVl%vQDbmCDm+^YPLuGWlT;4sF=baZ|Y>X|g1T8PPbS~|5*IMtZW@2jWNZx4nU=p&sPMZipC zOQ$ZE;WT=obiD33e9}16_>}Qk^q-FJ>FPWS&$sY%7XE?V`#fznou2##Tol*^7vn$a z^hJtUO1n$9z9=30eoS}`Plf4>$h%=dU>`h=KGW&dhr)86T+->)+3`THPQ1&PRdAG2 z(np~gy!SAyLaXWMkg}|gN~e$dh;SVvMLK=>C!AQW-g^?76r*WnlhCBX8f_<`u{Nlc zlSydf0-R=Hjk%MMS!p!0nuO#xVF5Lrgg3HsfehS5>9=4fJ}?PCY)99@_`qb!y#zxU z#U^9TZYXOq<3R(Hk>M6hz&ew$W;INtf0&FlTi|G;dWp##1APakSWK!homx-k|DpWJ zKtGesODAK~M+s-sYfYvWSK$n-GZ~wTGmTFfpT#1Rv8m$cS$MvMpR@1}(8***=WB3j z;2zXCG8ql*g=?6*PIlJPE+*5%NdAqqm&s^mC;S{sO~#J#upBR)j2)ThVMnAjJ5I)q zO@z;=6m(b#^&~hMYbs5(g)ge6Sn!(7Ho{;C+Qx&iQ3g6Z4fTANfes^~W-=M*@HR}c zl%tKw_(=xZ)4i$2bR^F}xI=;mkjfP477KJ@C@vpf%e3i#;1@x!+91@ z$Uu9FpJ(Cu7JkmcKS1&fo3UqD&ya!Ms)16;?@3>m@R*-^iff=tSZWuJYW-T~qL`1{lQ*d_YBn;3 z9#Z)%3H%N&GkJ1Mwl&yp3Vq|lupB*4!4q2GIo(A+iOl%J4X7v3Db~KG(7HPaUqq8r z&_gS1x4ZPrGR5tdPP}NP!Dm{iLkOdPCf3#JoBC3ou6bt3#B+ASA>^Y~xi~m1a1?5_ zKNDS5!qLWLM$$}L-)~`x#iSb3okxh7Ok2yudNFVcZ7`GnS(8FBeXQ5U7ro5hlv(RBH)KhR4I;?@Cjd}{sLVJoyHBQ2}v(O&zOOTEg zf93!!P*22J=t}wMi8zZEr?8%gv(S=a^hBJ+6LAOB6LA*)rmKtab3oBPoe_7~+($NF*pn>C1Yp_{p;5MwXtC|63;d|7VIZ`*&Q$rTd z2$XJ5%2_-qcRE?jl*q^Xh4CFEpNdB{z$EH56>W%Gy`PFU6izihj<%;VQ@R8v;geID zbzFfNw1uh6mug@poYs7jd4d!MP;ml#$%o1s=ar?T2f&a90;1S?qIn94fmRamQ1 zygFmON@1Oo{8{Hze53Mbo%1woQHiW46K0*0{QZTJjkR3r;%`!(ta(z3UtlbhJgj*t zW`}ZP&6E8761%t5V#>%r8x3?ry(P(}?xNOsv#Fyv#i;Q&n;H>gYqQzNtgzN&vyoH0 zN{h%w&Q87?m`<&;k*yi(O++>_kjB?qYqnnor!ik`gqnd*qo2G56OeWqo>mVR;sew0 zoKC1!&1rbcO_)de>D+q(hLXc{dW;)T_fEHar*m%yVck2Ow%G!gSj2?p2D>yv;37-2m@#e!^L)iDL(Um^ z^%eF>ba2-!Jaq&NGn6;N}GS!h~m7SborBF|{Jn0eqV@>I-nyPCtV zZOkI)W|+rFF^gxze(-a8yjirJk+7Wl&a(bw7X1nFjOio!g;r^7wrP7d+P+CRfqKoR zc2}UZJsXX6z$N4`+q5(rE!7jwgLCXz<9j>>^mCr37L72P8a++latmhT&rj1oG{Gm0 zGmTG?|I=tpoNqB2cb-N|&2SC<=hMhcZj2Ws;YFcP{`nkUbR0(0|361r=U_Ii<2m%) z2^TWzJ%=y#hw{(o@Fm6M;Cs)Z`I|70necPyzu8$po>fre#RBqagnA#b0Bg3xnY7sj z_`j%?y#-dv0&4oZ9HAdc-lc& z?+cciw=5<9ON7gn#^zc}$-mWE>P0Ibe5S=&#u(QLlhD92diZ*nY%$u6u#A3Qd>pBk zF}hucS>(2i-sbzTfVtu_`g~#-zsSe-BrK!<=Pvqx@}&P)_^PFBLFQ%j{FmTD{A3yZ ze;eFn;VsI6u}Lgco{UWjYsbPe#)W!HO+=FANGR$J<8nsct8fzeFK6UcI0IcRXH>cZ zGtupGWUhtUA+X%W+~th9t%Of0AKoyMo-y}2)ZA$~BQH7gR*~EoZOMW0i`;mVs5C9Q zml2kDBqxSZm3)v~)SJZRNUm_Pa$r1F$})0z!7am=UT}BQ%3g5y8u#H3In28rg4(H) zgB3)rK;|&oHo#PRxg1At40EXO$8Zud=TP6hFoP0vn8Aj^Ox{iBFiRQ;3q;(oErL zcO$hZg<15L8!4Tu_{>#!j9z6Ul8_HRa|u@P+_4d#sfHKmNj6e<^2BGpfQ`xx&u@jz z%(XV+IoF+yXomcK`Ts`z=RDM^<3{8c3so+)P`FsRp*^K9Bex$T^Dm*i{l`dt1xoTC zBlBsPMf_&B1nX>eOYw@$cv>XfgKV4ew+Q$vB-!ll$0s+t2T1>>yN_q6pQE3zU=nkH zpJN>{nbnM+V;zN4jgRApKSzfD2TnpWKSzesFoS;k=V?h9(m_=FpdDdu!S{dHY z(^(r_ZujN{J}0~uOYLWTR2n^-?`OTV37+H0Za>dQ%}{TI_w!`b0BdOJ``wH9$$s}1 z_TA4aP^Yt>HOb5HVM%CflKVZi^!@ai+{^l8jl+&GYwyaEXOA_c(xrbx`xA1Kv>Te!$zTcyhk&l%tcIQ17G5neT@i;(3OeR@wZa zij+49Yff85iS=7hwKe-N1?+C$a4ft2wa0`4Du8J*9K}~9xQP-k-n6#C_CXM(wD(1w~Thw zN{eFGnY)LpH()R+_waWZJiyhx#I(Up3R}#tNO{v`=U|`-ZsO{%Xqz|S0l1HtL+(CG z=nr@EE28@-SAl92hASepmN0QYg&+Mp$C^mXh09+I2geOs&t-mT$vMBs@!7R!o7y^r)nvFTDzR za)(#Y%vt)+Yp_{q=rhITX#1@Hs)eQDv-F(YOV6qJLgh)%shA=Q@3L@-r7Tl!{%%f+ zImZr>2$!)?1zEuhk>kSLsqjPyXGM8Lm{i#ko_>QAn=h}K~1?A zi+>5(H3uswtAd&yhPBEKZxrj5r*_T328&_W9AS3NxfOWnO*mWmQ%7>f6UY-!I0Fk+ zBA!V;_=Dn$Xjv8br($+lxLEn)tIDC&;@M3{cn`i;sqqLV2P)xYT0tciR7@u2R$@W1 z0P9pzBhpYKu2Q24Sb^Ruv0xp%fIO964gOhaUR{a3E)Z_UKP#~m`IuK%QVVj!M&v_X z#Dc(eSZHb9r*%~NA1EL5?Mi75z~e`P#lR3CNTJ7;0`4->AG4BmN* zVFV|9LDHgO<#y3xY6I1T>x}i15X~bYUZnU&%jYWn`FX5>w9LxL2ah5Kiy)`Jz+%`F zLikmS*`Rx|4(YAWIZq#`yS5tHuS@uC3l~Zf{~ZgzYj?dzYd!C8vl#VG=dq*GY`2&q zySl?t{?cN08h2TmVw0i7WGJ;XWs;wM>>S*Kk5w@iBtW&$Dr=!tjMEPhW?l`MS3`C$ zz;s$!74~X{lkwXs>~$5g4+LfgjzOLsAUibND!xGHF3u6y_8G$q z&Jf7V9IEA3F$bm;TCVPGpmtR}WhnjCz*n%DR#xS;(2A?96<4A2PYExiKdfS`p}s(}r(Gz|QkCwPsdO|(>6~v6;#MP7 z2fWHCR*ekpuv9Um>2fci$xg@~c$i{L72O*A_5yy}4Nr5|1$RpEt4} zk}$uS0xw!vqwNK>B(f72UPbZ?$j|`UCk8j@D&D2=R^!{ocZ?csFZk~%PdrL#KCtk1 z3v2wn;Q!LXJB{oUCT2Hd-vzv-l{%zT#~NB_8_c3T*3fGaL$5^)?W+aWTg(-5sG+?m zUj0=KV@e3r9HxeTiF@gV#A2nV7iwcBEg!o`Zk>>wy0AV_?q0O<=pubrBjI9V>gca- z!({sBI_~-iPDa8yWIGQtu~!`uo`D4l(^rs^zJj}uS>cMnL8v~Vjb@l<%1XLt}^n`-rGlD66qW94KW!H zWdDeTQ;m<~fsJ~X1l5ijX-AK^y#M4X@9W6_Iy3WjxD-8i5WWR1>^a1DFekqahoQX= z&Bq1$jW_Pt9!)i4vg+|?={T*ydz7dbD&B}#*Y0=~@Yd!cBr6S8g( z*_{R1oeNn5gshQ5-ZXik9vH~(7s&1xIEk``n5BlG+YZ9A)DU#r3VF{0WvL;i+adBC!i&(x5K27DL7R9E zysMOy-U4HkC#6@ycaZQAByaH^;T)N%-caOe_1ODBdfv4nTRb&V_!&xxS8IaLQ;T@s zsEV{2FWz#FM`H>r|9EeRuHv7hw>mzGY;E47$kqwj-R(V!9va|g!ox_@<|U%5R=8AQ zY|#N9!HW{P+UzaCninB6aL9KQCEpP))C;uf5YsGN3agOnO#;1+X8s{0G zGZqAnlKy~&t3-FCk@xb1*-`8*L7rQXx1}%~%`Cw;#35*Ji5D+Pyd`$^Cq`Lz6Pj#= zYH^#$vjeIT7rWV;Rd;sY}Kg3P{Pdf*dCj}0dWK7<*_{|jW> z3l~!2FDSPjE(x6Xet~|-fpQxl`!gZ?GvQ{Xr1WNQ3!bnWvS$^tXB8#~w!sv9ehcM_ z)6l~f>b?^`87PJ`1H0f;#%BX32+y^v^8)3B=UezW3;!T+gqY_8U%`dgeG3xago|lS zTaZ&RO9M5qAn-mc4}9!xVQ0dxVF&fvLhHEhZJ|f1gpXj0EqFV3c?lMus8Y=Hw<70l zZ!2=%g0j(8jq@$O9BsTqt(##oIlP0<--hZ5-$902?;U)y6+TS*BdoV{!Z6Yt zVXf~fA8Qg&mOZ4j}7m+~^TT?`4tB2`nJ++}x|bvKMHr3z<-S@_xgTpBY%vLzl3kI+t2Zd8UN_+-f+QX+nd@%(1 zV#qtC{TPt1gdkrDLH35hD(ZELTI=dX^m$6p7m()*cuFamMJrt441)TO@f6P&v9MO9 zpdYb5a1b_FxKT2orIU~+3&5ADaKd-a|*4Z0kn#Q zevrlV(p`QZ{OuHaz6QhiTJMz4c}{SkWHxU(g>J7Co*gKG((oyt`4wEG+M(fAxXJF? zjJ;0dKOK@buxr_pvDjC3MklwFNRlGDx*3nySfc5~1>okstaa5+8UY1XuF!fJfu zH2%}>on|K746i6X^Ip=UlN+$b;@SB__%~SXH1(~8s_$vPm+qyGibSL#}vVA#)exTP?`jcF4C{kUg1@Rcpv9F=P!KPDTE&khvDJ_tN_cnMKy#p(Ovx z+SFGj`Bz9zJT@ga@ezYTfU27jZR@o=u9?W^7yBx!`~vxV#pgY3+N?6ZaJvxV%l zh3vD1*~~Z2;Jw!%`&S|RS0VdXy)*0``e#@{k9US=-yx9wsE|GL@M7S z&G=(!9{)jC{$JzgXYry=7)tv(i~qF1D0&!u4?G%X)0WR-qgJ@w!fWu)v-Bhhu!6np zXIVQ^xJIPkAU*wtc-9#R+5H78(e_#TjX|&$JD$ZZB2V0~(b8PSF03u9bb1Nh+ikq7 zyL=xXIP3RP4BBgk5w!ZVeysBZoQ@Zrwf^%gt(zSD&CXDd9r;Lp4$r&^H4oPg;}FQs zI;d8B4nI5x+1UcsF3#bH*CAhfdFSXk+aO+F5Nki=# zV4acoxrEtQ3A>E(+~DhDf9rknqX9)b`Hx@B9>Kp_GrP) zq^v-~Yw#R%stV+cgO&7b6||a2$XAx|0#>V_)qDo)s8^-gy%NoI5)Q=*m9*1#s2-z| z9z*d{joI|Zm1w5XtE9)c4XbGNmE_EGK6+^Ow7%L3uP7dyaxXmwxzS@NzC~f{E6$Tc zm&bY|nmKR%WHmC}_NuYYCCC?5kT0qrUsOT9sDkW6hU^J}vQ#xAT?FLYC9fI{v_iZX z@^upA>m$GfIiCJ`5|I7${$@##eQ<7EM-TO_8tM zVS|NPJtM5qt(wsdIkECJ*lGE6NkY6=dET{r?kNVliyrgIYV3Xr2BFnz>`qGTPF=A3 zbr{A7Rc)hNH9Y{O&;#h+fs&23uNckQv{rTwYMxe&Z=gNKh-$cqp0nEgq?)$hPMEbj zxS0|Eg6W^tGkm)SPY^>$Q-demf?*bx5Abz3dSgE$R%6#8V@D01aNVmRhbCw_VD~#- z4Rz^;eRLNi!f(BcX6uVq)EH?nHI0HQ(dB3T(uw3AE)}#*0gk{dJIc(2%cO zA>Zvn-Y>)Dv_AG$Fk02pLR%r<9C@{rMLh3tIK_Zb<0j;5BUp_#YAO9Hr+*()xr`Le zP~&wietR17UI4N(2J5j%Ej79bdD{h>l`~^R2kf+bx>X|MLMOZ{`I+@0C$m0c@bfk} zo4G-)zlp1tsdX1rTf0nsuR*?Df_%FK`9c$FE^(RK=_+3vLB2MEd~M`irgqJc{tWVk z5#$Ras9xwY^?C>L1_yF33an7M)TBUqp`we ze~yJ0S~#Dp%+ApaXIG$eokcMS@-`gubvBfB>S&b>kZ+u^tMUmFZilR!PRgxPmQRF=oWHlSACDzdr6>d~1*2mV- z`joN@eb&+XID>=M*B{+svtP|qE8*5c}{mDSO{D3$g_ z9eKAE1?Skki_mr*?W+T7Cdv6OSVX6`aDIx-e~^;-Prc25IB$aaPrc25>e1Ut!kYiE ziwcX^WATrn=0Ei||KV*U?YACVABKF712zAtxA{*!y84K)=0EjV|5K>>Prc25>an_s{B<4SRVJFYR_2}?8?6&Z4cml0w{-djRjCWN! zp0gW%Z87&OeL!K~p?|AK+vH&LpL(=?gK&_=^inO*Hup0BQTl#H&423sFrIqqng1w0 z!l?OAJ-wge2O2g1skix0y+72_jFvn$|Eb4PN;z96XkaOoyGXkA^Lf^;rzaGD%rjuU z&4TJ}7IcN(4B=>pZ;K$`7D2u(g0kQhEch|x+ak!mU&yybkZ*#ZEO-SA?uC5C1Nn*v z@)Zxt*i>{CgB^K$hwT*8&!}~$E7*&BX*<*idnx5WyBfnc-dC`f;)hxcZ;A=e zur&FS5W8IC-MK~w&TXPkXt3UrQ-aWNgN+LfSb?|BHZE{>2wG*2JT_{uaiPJ+1@^?z zM>W{E&|u?213f2i8Rc)mo!1~jj51^REG z7v-4&{eKQMI$(3278`7IXkc_8fArh}+a*65R!p}fwCB49^xR4Kj`1!Y(m>m}4ZpUS zfQW{<7p*GX&lqkonw2#$vWT(9!N#GMMr)o8_%^vQ)_jib`GQG(A~kBnhmn#Vo3oIZ zO$9@~V1gRQ8}VC(`FaTQ^^n(ymtKeGkg$=ydN9<;*l2xqBf7dpm@kIlMaB-TJ&*=( zyawxxI*ADlSy;3BMtlz$=$Qw=F63;qS$(7R%#HXMG5D3}VY^29ir>K?i|K_AH_}(| zgh0=%tC|xw;$1i4U<$myqsvo%&iIiv_L)S z=$xU^P)|DSjin8;+tk8((rL0MohGy~k+7b0n(RqOzXVBoG$86pr^%jlG>?uTtS6l& zG;Pe@Gx;H~T=```AGXv^Lr^%jl zn(RrZ$)0rBr$eo;VxtDA^@m%;+=QAl@CKMU!!52}f$V&sY_+v!YirHc);I%$LY|Fjan07^nytn0WehEjuR|*6|^#*B$Ov@?Iu)PqmRK?o2{*pRua;_u0yRqG&6@mkF*YI zWUZr_R?z6Rm^NBW8@xMZl;`9*;yL*Y?X_b4TabNvFdO;VJ4}hK$j?4%rrVk*#wv2OC6-|f_(Ytb)b#2@Gd=4hwtG( z9r%yf3;lQa!4@9Pb4>^HI>j$CZl*nQ1|F@ulNJ#Rqw#IN0U~85{tx+^Gc6&6|bA#hIneBuzHwo+E)Y|fDGN%lXTN>AP41MfbyB&P@~&WE7HHA#7j^z z-$AN2D5>t4RCi3OJ0{f~lj@F1b;qQ-V^ZBQsqUCmcTB1~CeW)cu$E3Q0RM)*b zNOjG-hdh@dJ5Hf|_#PULhEW#g8yUj#!+WM-j?PBU_mJ}@@k8&KuCX!0`T8!pKDHe5zNF1d9=zRvJnc_w6a2r|QmtRDL={vQE-PEmBxq+)t; zj-E>^Q2ZR?J?f%%!m|vF3Y>(rGMEtfHN=-7tqju2AZzKqM=QGsX=VCZCub0(l|fn= zq?JKh8Kjj#S{bC3k&bo^qo})2Syx~Jb@Z)vzLnxT^rFP%A)!xMS78_R^(nCd-cuM4 z5j|?nf1IP|Q%A-0;xt1a85BPnd36MY7m9fQn{K}dC#7(53K zLBb$;4xEYxg5*C?b__B*2ALg$uw#QCgdItbg!Bkz%^9VK z9fk!?zy$OYjQp1&y|*9C?1fc(^w11hy@zv@1`XU|HAnjA8!+k{X8I39|51e1j(C%S z{=?9JE0q4jO!Hx;dA_AU&tazdFl#|!Xr7d&^DxsnzlVIQmxRnxarG#54;Z{nx`UgK;{evHFrG#54;Z_Rs$iPwNVZ51woYw?-%LZlB zXgsIWk7m}_~}aRzz75V|0eBVZsFN9Y}69aG71Dmu99YnK_vic?Og6I+WytP4dAe$zYRw zF!!D#emV9UY_%9{o}54qd;J9Ny$ZtuUqbmn0_iV9`9K0ba30DB67YdKC?7~LAJD0K zxBcOG=0F%3_!ve9K7>O8r(l9J91aUqL3!+O^Vs3&VH@F%fwMlR=h2%DXMTPdRs_mn zl`|4vRBl?;^oR5O@)2Y&7OYTN%t-sg3-oovnUOX_-q}IU+Jje|M_~hAH=NmN9K4EW z4rflM_}0L2*iH{QoPOz_U{~M+*iEg6;~_}P(~WYzW4s$EApEa^L-1>hxfgh!a6n<- zF}kV|xV*fe#T%+$@^U5!zGCy5!eHxow0C$^5;pD60w_N zhT2`DB_Xrrn{bAeILGo?WLNW5FGl%ekabbG89zzlyN*FHlJ>$mgn?2RjpmcE^+lLX z52h3UTH!|SNF%+8GMxSj-}HoK>YnNA&Rp?aR_KgvH{g^wgL;Vxlr@8Twe!g`_Z8@$udT7yY<%F?kkc(7r&~Zyw}6~(0Xf|QGADa-GY5BO+O=FqZ1RZa%qppA-_Zq2dG}OM>I)$RLoFIKU%e;CF&~r zgNr1&pKmE&qb_skUG4bpC`}Hp+=wQZS;AbJg*Yg zxcR(|KF^zfK2OeH5wo0HJa41V^EUb{B!?F5^hG}l$>EZA?$T2DA{x6aBp-z}XIn@P zd?Q2-b^byY#e9Mf5F^kmo+AdEg>ziHnf)GGUGQi;%Ml@>bDbgqL>u z%V`DS@FJRDK~1|LXNy72#`zUkO3bCKtB^M-FhOCPx#ikS;8j{#yZWE-emb3%xW938YgShOEg2) zPatcRko6OPgH|aaDj|Ya{Tk;;~&PjMY`Wlk#6f=F3oX(bv$xEvRR@ z*UY0{L+0y*H6px*g?3o6*26s2S;I>evc37u{?<`DQ%ry1&`x zoSX43;?29Za91f`KIpD3)aWzFjw~3BrM8em8`Klc7V^0T*^vd=kp=Y>xdrX*hwRAm zx0tVPVMGWa%#JL`jx5NIEXW%H$c`+33wLnUFEDblI^p*%T*OoD7QUY%XTGyQ26o6F zge8m}TljiH@ntHVZw<(k-+sISKejv%TKpk2v&BD59k=+O8;==}<7r#`FC>r8E@*f{ zHT6$&?_21h3#x^_g%@3gdir<^`*uTC!=UW@7P`F!*>?mr!+#5%-0^0zYn{xf7}5oBi(zZXDwha} zdy!T#W!Pe?zn8vuD|-G6@-;U+5cnJTQJ@fh5_kuGYT?g}htR`T^nV;4v6!QQza#v) z#qd6Y@Ns5STd_qgEVq~wk``OM2fwuZYn)WV7oAn`w^sV^O#Zu!CR>AgDIBD}Xlqb^ zMy{nO0+QDCj3z*nQNmIts8zEmZ3$u+~vvt)l>o zwEJ(PhgQgrBgl>;$c`h(jw7h~!`tZL9Aw23sztnQea_oxfb`V84YK11Y7~2$`d)#& z>xUY}-lo=ErPkv6#vP14Z&NQ(E&Xk4>2FhutAr1$Txua6Gai?;)B+i(h2l>z?|PeB zAUVF2iZ)e?LR#Ems9F?SEefp`g;t9~YH^Wx&IE&;3Fa4C&sIn)J4#q%aiP_skhaEe zfl!wQ$O=EyxLk-GKlKZ(Muk?RLaR|Bw&RN?S{ZjyFNI~JLh98C57A2(TD=ObUWHb# zLaft4yy{hG^(wS_6>|sMW;}7>RB{-mO4A9e;qfJD}!oAE5JE$j&AI19E7B zvf2meM=aqv>jQMs0(UD7dgz89!tG}3?cCKsSbkDuZM?`@N0GJhB5NH*);fx;brf0a zC^9P-SsO31HeO_HyvW*kk+tz6YS-o$S?egGlq-bQ(u=TfgI{FrqR84sk+q8=WLA6$ zeO-~Y_aYm8im)JeVKv38)fZXoD6-a3WUZr!)`9%iI*P1y6j|#iqIDpHwT>cd9Xo7( zyMvlu_jgd!PN@0q4o2QfP@~BX^jr%yv)w_hyP@WCJE-p!sG02!>e~u6v)y4WYlpS0 z9oDjTSj*Z$t*g1JmbHU1w;2`~3z2FE-vBCxZz^GtWZ-+iI#|rey93)*LQWEZd$ITq z#$2TJ58{nG{G*inOS9lF&4Rx)yYIATy`5ICoz&}^zms~s2icJYH80&sT`D0vvLHLM z;2K)TPM$i0{hj354E1cale$zvc4R@>ZYQ<)67s7tkgwh02S~CLImrPzxz~Jbr}@}U zq@^tXka9!jPJbsYC75=rXU1LhCnq6aF+i_WC`xC}k)LaMX=F6%vZ(Qlj~%=i1S zk`}QGzlwmGW$mKZy$&VeE?UrOSf_jOsLQa_!h4Z(7rw;T?0C^v@UYV3MdC5Ldfei_ zkUZu^yYQbIglm`~?81NM`MYS*-+^k;yO<#ir1#M*uGnUA#WsthKVlYFY_m9iM~7Kl zvCZO&sp(0=n#C1U$7@itxMFHr1T~8*rlv-ZB(3XRCz$ z@#JFsVHO-{93*`*XXA9ppjfP29295#zQuEnE-~*hmKD>xj)I!A72BMxIB2`YYtB}J zMReMN*1Jl~A|+VlQ^H#BLNEB3e%UAvYQ3uji!?#4ca>m~QmFN=5?k*ovGuMJtaI5f zF>frfv8)73T_8s5T_yM=Ibg2@sIjaBOa0pCd4*?|5^N+g?|}R|8~lKtxdeN0ssi?U z1R@J8wU{#MTY|lGb-$#-Qpey&DiKT7z)vmwnenidb;QC)B@bS$(vKNsof530m=p8> zC0Iu>Ut+rwvrdUwr^H6F5^OQwFJb;13^kUOFn{g^w5ZuCZ8u-`l3=aFRH&Swf?pg&9@LPviM!-q}2Lb zY>u`|t-md`{{f#8EQRb=g6vj;>{jy27)eRP zNGcYp6vk79chJMorY%OJY8l?87^HxEX-#GH2IP#7ktg%d8}JkAQpRXI03K3Zm?O2o z!?f!%{7O7#JWk(RMy-DqR9znfMw6ns8P^+f<$iETlIcuM__kHxYA^tx86$SSz z2c+$Q2WeCLm`f=Bu*Dz6Ui;9z(i}4$$G7((gJMqL`TNj(r>}G2TA@}5_ghW(Q^y;G z^|oj~QZ+-ZIqzq5P+0G$bpD&dIp|QQy`6=e(ChEVXULPb(*h4syZ!cbwx8a$#n)MF z%}_I(1GN1%s2PsVYO9CZ^>M&__yC%0^berDXn2@>4&XVYME-Vog4xai{HMeJkg;qS z3`5%=l4m81cE-X4-l%@ad(|Yk+?d0-{~kP^ua$*Z8+ z^@r%N8S4Glhtx&!^5GAWqzRs|^e2)3L-eT}v@-J{p1jQei29y{dRqC&B>V{NH4)bQ z`6KjJ1@mZwA0bIARIl<8^=kG%Hd}m*Z(JuFg~xu36)r)&k^I=af|DTemXEQ1i~k8_ zRYT3&KcTEPD6M{iRuz^PePaIk3FS5s&eL7gt{Y0LpO`*BC5Kl3Q#9EKdFKz=a|N|e z=2LQOhFa(Rl-z3lPtoKJsImA{ypfdXFb4h$b@>z>UV)z*j~O|so*4CqpIT3N5Xp6q zynS=b;5nj6Aq!VZup_nV8NS^JfQl|L-d@Ydd@@mo_L%Z z9WqNDqIThg5lRuIy(5;-5%Q@eyqvO*kVC6~)Z{sewz~*Rs-q^= zQKafmSpCUSq`CozV4b7n)&SL?95tzqnp8)T>LxLg>ZnO|)cTgA$VSeLL7nh3qvSkl za(+&45a)l6_trvoslaTW6h60B@Hzc}!Z}FtIo{jsA2T~1L#oS!Wx->nrDJBnV`jl) z*2<2V)s9)Oi}#_=W7umDlwFQtk!V7p$ab94tDsiTj+5IhC{I3)3^$?1=;M^$;2$SX z?jp}tsBz~wdG?3$f#YWV<7WNi+@W~2)8mvC<#YZ%mi>Yf>!EDTuU}x7FVJciWREn| zGvgPOsFXRDM(d4VAb*#yFX%5rSxR5fH$wSOx%p2yd0rzd|0yR=#mj%}n|dh!(Kq!s zVGcb*xml{*ELConD#udoez{qy+$>dY9#w9ZIzhQ@)I__3PLOjKRC_#Ox;kOHIzj%O z#Asj83EEBz)NJGgy1ESy(vD8hLc5{XsZO9VQR`GE(3L1%ouH+(`zK9fCn@(P;ZWv6 zC#mBl7>&1_G`*d)I-W$5He#mYdnb|S3%DFjo}{KqDIK1qj-+8;)D1tvmrj~joTR3T zKWZ`RE54-Mub_IKFVV1KqNv4}lzR)R6?{p#x+;5pNm)%W$Ku!0FMWwtYy2-wpI@TG zZo(%xHB|pS-f2PyGF`=k)2bh_;MD$6&AMW?9aIja{XVv}q5a*%b1^2`3x+m;AZcsm@`v?B?gk9R` zi}%AG=P=jY5BvOPK=J)B`xbwnrWdD`-nt*JU49Sl?c==JJL7(QU*{1@=*hp|x5B}_ zW;mVq<3pU(-Usf7`6X?_e?qVPit~n(@2qxSa#lI(`Bje;esgUC|HpH61y8wo{8>$p z!P{u!=8)z^PN0mpu;O#Mz7D=f4DWRLJD2?8Nw|shyWw9eknBOZ-@f|bT8~5-r1`^==9246l(~i+B+p~yKZ)Ogn*YC% zYX<3GMz%HRCEo6pbZdxtfqWERdA|hTXmC^tNFL||Dcxnmhwk-&x87Y+bZAK?Ax-gM=!5%&q_+^v35@h z>rBRVoM0vok{7OY##(9mw`6$6?psT(dvcKWb4}I_W(}ozP|uz`U$%d5fNS_)He6-3 zkQSs3=}rES!&Q04YHFlZJvEp2u0wnBz*mTUkoU{{`vuZUW4brb^tZuu)}x_y#L7Q< z+5^9q$@g{o^T1xZt~_=Be`N7*TF4)IqAVeqH{7?kWK#{l@f_7hvZ(GaQI2%8!8H4g zZ$9v{*GQwf=UIwBZaY19=-VxFgyr^% zSz`@3uH%pXCEdSnu{kiF_#R*Ekzex4GvmqmHU8vV`UmnU^(vFDM-q9g^zy=eJIRU< zbnrk=tI0$6$p-5wS@qLh4{FgXm7mM*N_mIc`2$(yt>5mAq}d*u_taGP$gg{P-JZ6t8q3pqv=xt^s+=Az_jr5H z9qQBmt-t)C7JB?#aq0u!pd@K)9kutI zza_8jX&?VyZV$#EjaBQ>R|dZ~Ivy+P|8eA_HqkSBC_lA>ai)!zo$-H?_sSdjt6y5R zK0f8K2@~S~WX0ONwX1Vhtcjnq{>5?e@pD$^D~@h`mbhqA>})(g3-R;*bWpSSYca=ntD z_oulz>&L|_e`OK>V(z-tFRhJ#Jum-9@hjH87{5L@XH`!fSHJwqn%tLj*REf&el_{6 zUPqRz*S^$K+4U=aluH?J#DA-1J-M!b)%jikn%_C^Ioyk zFXz3mdQEP8PTtF}Y*;UW*5%~qVux{I!C}Fw*SefMO8CQyn?dd?arN4qH5VDD@ z>*8NowR%n7y1Z9by%GQVs?|BG;@6=?@?XDd#rpW%*K+gUP*M5u>sIA$Ad?qz<5#>u zoz~|mTDh<0THea_ugl;n0(l-tdB0|)$XS(#2llA_zGbD$ytOaop_j3yt=Dtob2q+% z%`K0WJ#O^+YHCiQxf|E#ngdaAP99>(4v37}x$yfE*F6vcolD_wvQu_<@)>;FXq0yBL7E7wenlZ)P8<|KIK?)_f_lHzmhS2{Ohm3KJG

Vg0IKgs(J_^OKR|7l4e4H81{gf3#rBP6ImLJ|ZKP(ZO8sZj)_ z*w?bFu3IdtyZ*MT>#n=2uD$oJSg;`oSWtRL5nOlIegE${Gq=2#m+(R}?El`+y?18r z%$zA_&N*}D+_~WF2@bPe2#GB+A*C9TB2q;fWZ&lCq8X5Tvmh(CAgvtcwXLx8erwSN z|IBNLzeaSxpZ+?D&X9Y%f_ij^<||+H6um@m(MR+Z_;a{81QhpB(1OEQx-Ehn7{UKk zOT=Kvg!Jc2`d8tR*vEeuX3OQG0nN8(knT09Hc{!#Imcvw6l zek>jo4~b>s=VFa`PCOuqXq1M#kSPuvHZxLy20ED?*vhu~nF#1`=rNSL*tz2|^>&K9?U{+=jNEW60AvYYHK{wcndJ!HP@DSOG@vXAU5`^oCJW>vo!{l&TE-T~+@r76=D`l0emLug+ za+Dk`kCtQPF>jmSIW=j7jl(cE!W7ka-Cc+H^_~0liVz~$gOgl+%CVA*h^S` zEq7v1-*4nU<+t)**g^L{@;muo8O1P{O5xK&qf%6=N>j~LbCs?#u)l2<_L^;>TB;nC zt6Hf%)mpW|-mdLbd(}a8#7?c9X^&LwX4+l#Q2E%Cw3q6w`l!CDpX#p;Q3KSWYM?qy z6{td0q>5EU4N@g)uqst$YKS^q9ifg?L)9=fT$QT|H9}RYDpjpUs-x5>HCi35#;9Y| zST#PtWHsI_w*&Qw#>R5eXaS2NU1RjbZY zXRBH295q|bQRk}j)Lb=B%~uQ5`RW37p}I(2tS(WPVsFvQ)aB|5>?Qg`^&@qax>{YM zeypxlKT$tbKT|(f*Qx8(4eCbq3w4vaS^W|_ecpl{K7Xx#qkgM?r+$yUH~*+^Rkx|z z)t}TI*lF@F>Q41n^*8l*b(gwZ-J|}Y?p61x`_%*LLG_S&SUsX1RgbC1)f4JT^^|&A zJ)@pg&#C9t3+hGnl6qOaqFz<6sn^v)^#*o%d`rEp7O8izOW}Li^A7vVVJEL8*wN}E zwG4YZVJC4#`viT4eRMv@UMSdI0{a`_`+l`vZBQH4CWWux)mF7lZO8ZEU(wgv3STm- zZ`424w+i3?s{g3(@Fi{(U%yIxFN!ZZ@f{<+K-A52b9_6Pp)>KFU$$EXIuSLhM=YN!fd!;I8N=}~$#zRnn|zMW3oq)2Hh*bd5e!Ptj9hkw0C}&@*+dK1-ji zXX$hFY&}PxtIyMO^*lXaFVN@f3-pEhB7L#GL|>|5ldUh;SLiGC5A~1qRr+dujsCH| zR{uo*RR2u>TwkZJ*Ei@J^)K{I`eyx0{VRQo{y+U|{TuyT{X6}8{Rh}3-wM0e+hMhM z2Wha^?Uk#{efPrKh#U~QvH!$rkCp# z`eXfx{#1XaSL)C87kZUmt=H(adYxXcH|ULelisYi=&gF2-mbsYU+EqCYrRwN(%TmVG^uP6g^mqEdI*LzqrBOy3V^U12Ni)q%bCYf|Os2^)*`|eQX>v@iX=U2D4(1I(djpgGJGm_k!zicQ1} zG9_lPDK%wgh&kLGVU9FI%`h|El$#1O!c>|nQ*B0?qs%BX+8k}hm}AUXGtP`R$C~5J z1T)c0GRK<}%w%(-Imw)CPBEvN)6D7S3{zvyG*iq}GtEplGt5j=YtAxfn_1=@GuzBD z=bH1(TrE-{yyADGL`<>m@=rTL-xk-5rTZLTptHrJY;n4g-T znV*~M%=P95bEEl%xyjsYerbMXZZZF7er2JX%@VWJd}NlH zHJ_Q4=5zCfS!Gt6HD;|@XV#kyW~13;Hk&PGtJ!9@n=j2*W{3IO>@>T~H|C!y17|Oo zHOo{jm^&wJ!R*?Cg7O0QtV}(pX3E?-v$M~|9AnN@%*I&kOe?p+X*KqlT8opVXU3e_)6Pz-vCoVVQ)=fZThjHB$=~Ap4726{cL`;oLzJ7oO$!-VmddC%ajoc&{eZ%=xMWOq>XbeHpjKt zINM@#_>nbk=7QNXYUVCDXI9OE`B`(qzSQGvq2}5`9TzG`=G>4c^*CFox%M%^rkcl( zj0r*OX3PuRJWdKrirlj}b)ro?pC4u-_5OV7{Ykd>F`)($q)l>lS>Wn2$<}27KT;;m z#UwCg0o}7Eg=>|dXlZ-#r#M=$;Ywui+yLx zEKGLiWljh+QzoYW{vhCb7ZsMfXGJrloHcFUytC4SF17DQl%<|9V{Q$o#0Bu*#&p1U?o6(<^H3JkYp2hjNm;OCUIr($?sRHK>!g?{`23maloz|^rBfI+;ry8y zNbj8UY(scH+Z8s}yi88)Jlqw|P1&QxZ9&*EkAZtmz_iW`&eyrQ7S^3oIc?Vb8bYO_ z!lDv>78MS1&oVvz^y#>2am`AB`}A7A&uT_UGY|@oG{EO4>Os%u+zRAsMr~jnCh1%Tt z&BsFxHG9^y>GRXs#VXv?qb>sdo}DsbR?WPbs(gM%1qklh(?AZU&u?A<=RA6m=|VY4 zbMj2%eAvZ-StA$J&YB0>H;Z1RRzNhFHb1p$_Ee-!tvZJu*?tsGkzREnRGH^YopZr# zP7JLoQK9McIUf5sUgoh2XmHJ$O);4&6_#2_r?9lp`5h%MEq4BhdorpO6qYjT;W^la zm%3+}ds<3ZSX$xyBiysnJ*(Wa+CIx1{4xi>%)u>laLXLrG6%QJ!7X!e%N*P?2e-_@ zEpu?o9NaPox2!s49C~ne${f1eGL*YImpjzN+9Q+Xu{s;$ugo8iA!5`t^k8touIQSzR{1Fa*rGsDT z;8!~Ml@5NTgJ0?3S33BW4t}MBU+LgiI{1|iex-w7>EKs7_>~TRm4jd9;8!{LRStfY zgI_f$b)=PKX7IyeN|l3N<)BwN=v5ASm4ja8pjSEQRStT!gI?{RS3Bs{4tlkNUhQgM z?P_1`YG3W(SC^%ilXPSS7c3(mwlqZr zwlqZrwlqZrwlqZrwlqZrwlqZrwlqZrwl#_hY-h=Ut(a3c>QMd?3hWPMxy=t52u19GgzqdOD+I3s2HL-A)72Av`;0 zw*QI~1zt`Vco|S8Pbyr><{V>S&Achufv8VjkJHbak{g>jrd;O+K{k0z5CfrDJWe77 z1uU%=78Dc}d#*u+zN^T01#csM*dX6k;=2a>u2SDs=DA9IXeG8kBL$WII}cW2#Lu_T z&#lnUt5DA4ZuE!^vflL4Iz7gWNn=faahU7I<$9 z3p`kb1s<%z0uNSUfd{Lwz=Ks-;MJ$Fz^hN8<3W)@-qRjW}^P;>6vE6L%v{+>JPKH{!(Ih!b}sPTY++aW~?`-G~!+BTn3nIB_@P#NCJ! zcOy>RjW}^P;>6vE6L%v{+>JPKH{!(Ih!b}sPTY++aW~?`-G~!+BTn3nIB_@P#NCJ! zcOy>RjW}^P;>6vE6L%v{+>JPKH{!(Ih!b}sPTY++aW~?`-G~!+BTn3nIB_@P#NCJ! zcOy>RjZ`@tud<>*q{@l{5hw6QoWL7#0&m0#yb&kxMx4MKaRP6|3A_;}@J5`#8*u_} z#0k6+C-6p`z#DM_Z^Q|_5hw6Qsx1jADJ&jj$pv_?6+aQWL%E%h%?RfAPW8hVtI}bKAv&~6(rK|87rakj(%qZyO zQ;x1V_uLvNgU>m0YK=N(ff~C&O|FFowwAQ+YJ9CeZswen3AHoMsnHW_7NkwGS?TdJ zYxM|RdgyjvO))LgS87gM-fNG0bF+$B=pf0RU zgIx@P)^lghNrgStIW>hT{Lu3O9(oq4iH1>-o`MVBlsV^2n^BX_m4{*2oOzk9y6kCI z1#2M+ZBDhd@5$xKMVYRq_Km9@ds;Y;7c+ev!QofwTw|NW)sj8UP(OAwr%KxQ%!_-;f$3a#cBb&XIp0Zu%kpyJ5NhMXYC8?WlW8QLOr!B+ zK7c3V7oI#u@Z>RqCyx<4SzN}GX*8b9C-7u(8BgXDcru^BlW8QLOd|`c?KB8a2j5PE z;CJxtGzfkNztF)ebnvY58SfoDJ1v6W!L!q#!fHDW!qe5yPJ`fg^|R9;_+9<%GzfkN z&rXBjclEQ=AoyMV>@)~|S3f%qDy+8CAUs|D>@)~|S3f%qg5TB8PJ`fg?Q5q)@Volj z=@9&`zIHkUzpJmE4#Dr**G`8DtL=0MPgj3C9fIH0-%f|%clEW?ANXB;?eqtJS6@5* zDXbpEJPuD+zdgVx{RX-A9pvga$kl6*tIr@;k3p{dB`$v}{ufqTxdl&` ze~HV##N}V&@-K1um$>?rI5;J)J|zxbiK|bEgInVIuf)M0?BEY}^|NwPVYQW$@O1F4 zoCLpvKiI(^?BEY}@CQ5igB|?A4*p;V->M`FtF1~BPuHGSB?-TSSL*6(RgwsI@Jb!L zQU}kB zv%&A`Yh^b09egXZ6;@lB4NuqJR%V0W^|zJT;CJ=6G8_D^{#Is#-__sBZ1B7KTbT`h zSAQ$B!SCvCWwydThK>_+9<2tOmb>Yh^X~9b7A`!SCQ&Sq**%*UD<}JGfR> zE3CG%8lDcWmDS*PaIK66zk_RKH257{E2F{h;940Ceh1geXz)9@Rz@qVwlW%?4z88a z;CKCNWit3(|5}+0e%HTNCWGI>v9cKa4vv+@3ahOwhNpvLWij|&{j4kozk_RKG58%^ zD~rMJ;96M>eur097K7j6m6gQ`tF7#Xr^6#Fd%^GESeXlc2dCP#XSIVl87IK$|+!Z1Bh>*K72=h4L>8*LQ-6V@ZmgP3DDyU|hsj9YZ z3=yRubpadxQ#42p)z(f~!xCA+@>oWr^bH*X(_trkz0gxGnmbG6!PEiYT+OPPKO2_D zhLRv2#R}XqW7O;j6`)#b|u!img zi{}BbYCZy%%VS`jOqSLX*30~C_J(~Py2L)OIL$t3xYR!H{@Om@&$G|%PYd~t ztwSxWS~tR)w~g!utK3r9)J}yh>=m$9{hNFgwxVn0e_*ZI2^N?USXUke3(5Jga=aE6 zjJLu1@GV#l;!g#znjfEZES+J424EAm}!Ite_*rmMzd$T35E!zlttkJN! zItg}C*T5F)PiA|{z?AVR(^Jk(IX~snlqXaEneyLMlbW8|GPO-=r_>&)eNzXfMpB2Q z4o|I49h3Ug)YsEe(<;+Or;SfLKJApW-==-ktWC3t%}#1|MziV7W;L7J?80W3HM@a7w@{E z)$m<1e3{7YHQ1xSfpGh-3)1ziCzQ$&q*A;EGKd=hOJF zAO6huHvN%LNcj2*9TVpH-r8*pn@4Q?Sf9;5eD~hlv~76j4%$(b_EV+ZRI!&T?W9Wk zsM0Q~*aK=9c7Pg3`=?^}r^9IPRN6V!VBb`OT~iJAOvS!W{SEfs!tOPvVaKO#v{Nc- zhP^d~LjGOh8pZyu*wcr0NyHwBw6_%U9Y#A!A$>QbAByy&!YL3Z9eYgCZfn?U4KapM z4BBN4`vSO7+Chx=52M|~5PuZ%9EGyBM!rL7&oJ6C3}tPNvTj0Iy8>3fP+7ZjSzCCy zxl&C;4(VJn>~ux@TyYMzrtzu!bDg@OghOdZBihf%)nzE{WQ6>iQ5~?;5BB-No35w> zphmytnnnrGqYhVOeFIOV@QJ9dG5ci#g|+&AYpwO{Tdhcf{$*F;%_d|P0{s`dJfVfx&yV@ z5nT~ogPPged=}jp{Vci-wcCO7tAnay8T{3rD>Bu|9W6aabS3(073z##{INsG*Isy& ze753m4u$9giLV{*eMDY#2};_+D{b@>^x78di@pW-w&GheVQuqL_zH9IJ|Cu;Jw zUmGh6tU+CnVW`rr#mHW){nIEIKWgnJ7~ z1kT^2SPg8%|A-*{2#=ov4|jQPFYfpL#D9q(snO9qx-1HMhCW(} zdp54nf!YwYAen7j^kaGfndmDkVK<>Vg=_PPtIcW@Hm){Y{;#Q?r~^xJZf`uQR};mz zM3{!s(u`meo$PkAIX`48)wC%dkYL<+_evMth8nEK>u`Mp?nx!49-tY)=U#cdvU~o9pLJWK;rRRYZ42xhlZCp(_0N8Vxlc34 zm?l|(`o`08;D310j}J~+fNF!@z}y+N;qe{)6mDDx@sW#FH-Y_ys&VGU)+4%;{89YV znNI&*vp7HgFX!H!1Xl~3*lkp_@Y4Bj{S5Yp1EYQm_~3&m?+durfWJSDom!v3{z`$K zV>9CHV4Y0|#Myz}mvAr@+Y!un0#{r)F%s!u8c1~TdBDJ~)zJr_JL!%coLVBkR@e)6 zE1*Ma!nGYTM|YHJE02Lj>%h>0>u_xbO~TB^Qh|Uw+R|`|b_MSGUAylGlz0b0w0STe zbJRUvxU;x_gmZq(3$w&If| zK#~G;q8oUpExVs3a`q19TY2c2_fay$LSK?A=>zlo&rr@~QT(j~H15NoWU;zViiLO~ z8sW9??mz|kki3Bw+!n<@_0UIz6YJ43phI*xsR^9V`AH7hi8XbSsMeunNzc3vb7joH zY>e<7Z|FqL3A0cSobag=LGX|+hs#9tc2%NsBYY=n*3gVUE4q~6M_#al5}KSZ3lz7A#SgfknGVKyWjqJ3XS?_tam?7tIX z_|ppR_b29Smj5LIe7{DC{tG4iXL2Asj+R{PrXH*DQ~-RQxZI~K+3dnS;TS^Ad@@ za5J@~c&0~R4Bp!`z;xExLs}6H=l-d*v3}f`0Era}3PYn5M;~ zgw$-0M7`?0b1{-EL2Rn;$7jbtJ+L!k!!erfW4W68qYZ1IMf5K8z*cXSJ^Btt-`&xL zd_ICV4@93KiPwd^?d2EDdctD>{OkiKyz{WesN47>R_n(Z{`f?33mA zr{V6zqw1Z+7!9uec=XxWlz|VN6f*`lFYw0|;e|b{%cD15X#6vXAG}FKB}rm;lFjy@ zEgU3&hjxIy zMd-+4`5QZ{qn$RQrM8KVXssO36q=Ru$$IpyXc?SH?=HBYnL-eDeH=^^zo0QEh`fAOTa@dQTPsJ}k660dgnN z8?tt!b&apk!anZ^K|cV_=sVm7R>QRfrG3o<3i`PW7z3SNbTMnTK6IKw&<)gNHA=rG z>d!qvDdOAC%P91uF~;IRx}&%3(uJ(^he&G#LWc(#;WshHcXwG<-B6#m@G#s@#G z2M5FX?QY%`j=QJsr04^!h;6~xa5g+1EJz-WSoNe-b!L4#y}TNF9uPWtYeOXnzl+z& zqgKyHuc>dmgi{_2?&!rym6HC3Sm%ITeKjzJ&pIy?1{?^=pAhhF1EZJjHVQ>(#WO9M zfrgIgBbZ-UEovjjM<|n~;%vS9f^r5)89iW>cY*-ywpT)(9_r^inz1ER4 zXc?c)_v4Q~WbwIatnuuhHi$0XeZJAVXr=`n)q}BdAx~mv)|ew+B26xBW4TgtxyHsy zMq7k656I21G{KBK_MjD|#vDyojsgYT?Gb$vBjY1zs_u`A+8*=)-wHwQ=C!l9w~4%Q z(Cqq8qKGkJ*)hKF&4V?9O*BJCThux1s?45BrA>#A*5LtlYKnl)q8nD6@?aSdb6~tY z!7Cv6S}f*8{T^qPReyx0{3iMj;65Y-Uz@bYg^kCXc>f+}yw?d~ak|?h`U~jwm%(Zy zZk-Am+ZQn(=X1B2a0J-6#vI9TE27XbiS~;p84Uoq=Eu+$E{nbqTLkE?*EVwA9kQ>a zypp322V$NTTeGI>Yr_2Yz&2S+*sYUx@Dr>WEp0kf<-j&V0%&Y0pCJ5yJ*YKS)51qi z*a{{5VvpS|8j&*2QiIBZRUSSYkxLLY37uRJdH=eSqd>G)1%uH;GG;#F|%Z ziUZ|KW(CHr{eeowmkN?L*=y37)DZ)XG+YT*hLXyNBGH#WiO!@m2uF;UY{Kt+H`#%Z zT;1IdVF%W$bL*D+$bAGl3@Fk`}-i2fm_OmQAw(@J`sH!g7^ZxiCB@x`-pY%+Ep z@hRi|N$RKLlQj{)wHs<8h1pNV;N3iSlXvuK8pq(0@5e?2{j8(8jg1lSi+&Iv(q#Ny zk}gRcjYGOFu$i;p114)DSvQYl!0%bAWODu=juXS(|A*_jyQ+bYCuya$yPTTt`()&e z;Cq^;TaN=#vRGUFy@%K&#~E85><%mT%qp+G7TXtcQ+;{wU3kOo(D2*FLr!{)s_|Lx zVG6IGy=UTVFei+g7blK)P=-3oeBQN{R&{6xl6sEtw~zHi`TrvLe|goXF+89#aT|{q zke`#&6*NBUCXizPwq1M$8?WDv&td=hlW7U8sBMS71$)rMmZS0VYm<~oVk_04&$ib8 zFh8oN_DxrYs;9vFDY&tAa8wLvWj5p5!fxD?v0&d%#cyP`_0xt}e83ltuhA?n-VTIo zOgpT=B8J_xgRuQBaVui`Yj{=*W#hyaG5E5@wO_J!cd^;j@!@Ogbz)eZ;6?|0FO+>B zlsl%PjmWQljEKo`A9)%cDf_^JxU>VX8xujj=sQfj zU0Jsz77lo_+rMq!>Ggvez=jLZ_r-zToIW6XvP9NxXoK}+FBZTFO5laz%W3GT>#mj~ z3~go)+iKx2exmPs?;8Jv1rgIJN{R9{(h9us@RCbGoCM|hp5$_TTN&!5}mkm)E2PF zwg<-5+wkwkMgTMd|6K9X?7Jtv6WHwtLk}kPC28VP!Turi-9bPX6URnNG>9R)@3;E$ ztv}q$bNB6=+!q6sA8Kv?RpNsMjSOkPb`J}AG%!-VGBYIXU={d%fJr-SivvIX-AL-k z{iHM9>xh=GLh5c{_0RI#M4%c?76*XKr_9N1N}s)h-Ng% zHTQj)0-pZ;VcMS5s%{VNNiKVq=D@;kxL@|&T+?d{a3R)?dH#l;(N`OK8-54*G>)D? z6ZJw6BUp8$5#U|HdvcN9J2u4nFm}HV=mX|uAzG0*MWS5d!@~LwDm!Qp!HGNLQ#Itb zJsFlB8;ZRr?@029O}96=3QJpmrV_Yf^Cusm`tj<%ts7$Tt0AelZkq2iBp!3W&$0xt zp~uCSz%kz(1TXiyYqvB)U3?+!M|tBBH;%#o=?_CmS77Ce_q)aj-NHLuJPXWu3UuJn zy)SM+C3$bo#bNCh^x^kn$G`h4${6>w2L%Z z!EbDOh2=fBJ|n#adYE?M+T$6}{;ONC^N-yzE5PIZ2eYv`Gd?1b<;v*!5PxlKUi&jX z*2L*Q#`eE)ao;fSPq>ZE8#_L&!}WY)(;bNTC>iU!q7R_IAHW$WPaKFc><)(e;wCHl z2+H^f-J9OQ^yV4tXVC#WrFP)|S2VpsqD0tRWgo5L?!W3`N1zA6Vcupw^Wpx3vo|?o z_mM?tO}5Etk~AE<W#R*;+f5I$h&JW)A^iz zG|O4VvIkrZX11SRvi$ur{soAyqjB}19Y4^P_)j{%kIdLlKpUNHef`;V_NW04#;qEo zzpZ4x9u$fHQH~Jr8K+xqbc5`1g7DYSo=(Vn?s2C3IAQe7_zVL}#`rhimmgmdzk{*8 zh`Eikjw!R1{Sp2w`PJ7mZ1I9qXPTHqfLkbCPM*fZoy(EVL#=?<*zqg90t zpj}U3FOv3<=SgRr1CH7rv}`NWHT!4ZMbM|=KfiTzOeTc*GL4dW9eY@pALQe3cVi$Q zK?3zTyL%h5_3%=n>|YSyLhN;@xp4v-u1 z?~FB=^Dd;aM4!P$|BbqfYQTSLev$vY_Dj6%Or?Tka1Xd_8;<<}bei<9sh>yhi2fND zo!7(nX7qQlbg$mN&Q1J>gS*oonKsdXSu7{OJN`QpQ7*>EufWHs{UGu2-*KES7O{3F%ALaEzsEobTa2Rp zDRmNMM2hXuhJVRrT!d1(GI|h0WyF8iP$QHv`W)IYliLDPA03FrIGlKY23UtDz-XIt z|K8DKp|;x-t@-{fA6kz7lEr&!T1XAfM;u1%?=scRA0-U8BQP}C1Gx1G@UTr-HbYwa z`&GgN8UyULgLYYqKR~^NQA=Z@rNf^V2&bKIaxsEBBIhmGg>xnP_*rN_=#Q-UKPzX- zG9Qnn_vjuzfa$wvSDgck3#bRp==Oropxm(2O7sWR#5)QD8d-v2#mB3CxW)~w(0Vc; zF!O708`swXkMi>Kp7p=+V(k0po{wus!)X_M$PqYqb0kf}ThRzXtFxUCS}ika8lG^@ z1dh8D_`RM+gY5&9+-mv~j6R0FDwuzx=b&K)&h3KKV81X}0)HG84rmYZ{uFW7S7lpyudpmNeTh-S)-16QT$}Pfb!clxPeH#H@2>o@?@=b;f&H2S>&ZKrF0c(J z#j`o{su|VdeMlCYK_$0C@}oaPwX}HwPg&|D>+$#ld-{G5OH=l{{CGb~O8X$&|AM|; zM}Ay~mGnokYVatZ_d}+96H;b~BOyKhj)z@;@-bUzO>0Q8^ZtZ%^Hr9o*J8vzjP&oo zR`xmU%ZN2_`U?R3^sl~vdg9N82-yxTEcgs!F6V#tq0oT55^px*FLm@MCcFFdbBrha z&0B2yCK%US+-{J59|kFs8Q17ZrVA*Ehf^d|d_?rejqA1kxZX*8fw2QNMGPm~LPNOa z82HyB{I85F3Fi*>!w8la_G@xLy&LW0S1T$e@=Sw^K}B;-L`v=P+k z6Z&cZ_?5%+qmDs_M4eDxwnKJh!%LP0K17)lwaze`Rw6W##`mQ|%y;xUwNvNE>+P^~0uwUo_TZ zw?vc`*nzJo9X#ZPkS$!|gggRocLlmk)M7)>ZZ4BL4^R)(iw`xqgls@AxZ=Xim>nL9 z+&;HduTG+U6oB^G1Pu5R6qf!AyN31}C2Rx+)9fs?V`Jk1BG)y*sV%UkZy zirfkJ$c}Cmcz!OPG&i#&pg~}^eI3?(Mi&0Iw{0J@b^R8L?Wmob*>Q$BfI+iA<^+jB zpw>i_`9M6P{(4rouP(nV4zu^t=8~J_UaSznejtd`mITkF76CK{@h<^uo z1l5gRe@yvQ9@xqMjBV`NG3D#EGuoEFh2VB38}F|@X%~>|)Hc3^b^RnWg+kkc1`^e! zekbjSEie8TV!09VVuWr9V>+;gwK}0(;DofY6STlmfY+hfZbSMMlo$4(c)k*jjr@Ep ziV3HfiKr(1Cl_U-n%mj~mc!Fv6*=go*ipi>3ftR$&p4>fkl5Hk4QNIE5a?=ihKCWFx>!_#!xD5=Qe0N zJEFJ7&!r)cSj@BS9FsOEdqS7pce;K2J7Ati$E*&vM>s|xC51y{-6-uEjE?!u|P7Nfl4d(d$^SK8L#TqONqpDU&x7BBogelhAvu87%> z2R@ALy7&jl?+t`6A>2T@JQ>2~NE(69Y;Og9=0*);u0M(?ss84hjzCh z+Jmv$0B`&ri{2n;qPnCRvyq680_!#a4{6P61F#WvFOXy!%&LjJ^m-xs7!`;qJK5`E zuH+REHF`99qvvb-Pn4c|iLNJ^!;_TtKy10eZyxjXYO!ycrVn^VTzXSjC(<-6fs=1P zaH4hi5@mJFU+~C&_#i*1K8>9zHuWk;??Rm(WX(SDDzXE38*8hO_(1cPg6e%lGpwdw zi%|JU|FZ}+Sp<%ojqsMtlRig1zGNLdNx1aQ5@t&W%K<*S3KZ`%SUu-LPWl~lU$TGZ zBl@$0r5@pOf==&*9mr14O8Q{xk8nN0Zb%DjpaWYAef}$U9!_|OKN003RtH?IC^p`` zNY8`gAQ={`H@iR&c*cwJe}#H3!(3_=#?%f_d1y&7q7J6Ii{a}~{=Yrn70t!xF2u(Xfn7M|ggl(>KUP@4 z$#Bw6m>nSTcYtk6J6da^RZ4ISvPf8u)`KlHY_zu`jI1@g*8#BC0iL!WV+k5eNUg+m zLu*BK0XVzAwT>q{X%IZyjX@rduslRQp_K$)*Zh>V1+*sZC=t&`TkuQ)-w>cZU_Vxu z7S}C9;t=Em>K7c~R8%MaIw6o?gZF{U(HH&>0%h>@>^r@31~Kb**?A10k%rq@KY<=& zjgd;=5yk*)Yq*ml4l%ieKW6FDW2%zJuLk9)&Lx7IAIp z9b!F9{|1iUik)KUTZ&)v-F{c`SLAy~^jf^THTb>)`D{fh;!mwvKTa*(9yQ6OdZDgF z3CTXY&YCa6aj-6WJKnZuEOB%bRI|T*4+#W0^My5iJX!8XIuE0}BCH24I(mp=>%iR` zzdb~`AC{zp6nLBNnsi zAKh40;8@(IfJ-Be?1^Fy%oR(3WC;sBTP|Z zIV@oCIyNW=&2k}4?C!uwT8@~$bcnUoBvN^~x)tzUo{c1hLni`V0Zv}y^I{%6PY=KB z2#76rW7@_`37&^d)rY*R5O>t zalQ*W(+TUsWL-kLK(vD1cRjQLFJb&`0G(Tenq>N4arB@SWdCr|C;WLh6CTWSpz#7` z@wXibBYls73Hu4OV^5ES*3AFfeQszUn)~uMApxFvQUs+>%rk?r7rJ;RB;9dKAJW&l;idY&*GZ+QyVJq=DQ(2P7NF!12Y=cUKx&IQ}@g)bi4u8iHXl!g7 zfluv9gj)>XT7Z!yIN9NWdZPD;=u^17V*559sThMWDMRn=M3)9Hh^)a;yUY8Qr<+rF-<=iv=A&_$mCJ3`=sE zJEEQp>jgCUtXGDmuYMOor?wD1xDk6OK9!8d6Ef_*46d#W`+@tO<6(O5tt}-en(Duj z?8GMaowP{w6=xzYeFs8Pvwc3u&j+zG`Y66=e-NwL_v3sX+#&}v$>&hk=fHiQ=5Iz` zM%jH#NdW7B1rc8)VE%I}XahJe^D>fm*qQ}1)K=h2Nk0lQja_JOpR%{&SWd`5Ib>a~c!6%rmp!PCOSmm=Wu>5$rXPYdE& zhh!+OgZFflz@ryV_QHw)aOO3Xc_DEM9ND04R7W>QU|PAJ=@BTNJ&^Zmj1=0h($PN9 zFKhGo72yiOMr~>QFjTaXU0GO#`22Mf$NvhN?AK5?n*Y>$K)bq_UV7utquQX*?;&(+ zbY)D^9Qx}8?D;y6MTupLgWC*&cGhVPjOoMPFND1_*5J?4<*(@@O2z-Q%M^ z9=OLDI$c8I^kIINI7afJj*kI1ti^WnDR&>!!{S6S8$Z@#bHTV=4O#`A5~!;k#km*_ z4Ug#-b;op&tB3XBk&3a)b8t`#jA_8yiIGfC>^?-0gVg)Zb%1dRa#;O`_hlPN3yBU# zO~bEvwiK(m2)|C`_NaBDcgcjIZ=AIyBp#N=l1bHY9P~5GuMNlAcW)gnt|vq9D?Xkf z`*8v}g7DrR)Rw{byq=4B6={=MlBPdByV%$p1Yu4GM4CQuJ4kU2_XyhNV~jn<9FiAo zY>bU{2PVn&TAF=;iTs*ysR{0-zqtg2Yau zMnIq`!Pv9>o1-PSi#SC^{S)Xb(JMT!;mnxQ2H0-H>bnCU34=p+<+d03YkG$}URu|` z9|V3+lSCmX7fXvCHu$kv=HwVV9DktiR{5~Fhw%ovB2lk+c{KW&eX!~_Vr$B@CO6!- zvG4cXhp`+t>b<=7jf`h=bGSg?`8F(TK;scVf1n&3#yQC$mRmVo3S3mk*T4QBjr0?h$>Q9L@LPl*Be>Ubes?_>4q?+o*H!1^0pe}&a{ zYo|ZvFP8z|qkClSVspTM45&8n(2Qcg9pPRhOrcT3&jfR?#D%C&0ta=p+?(%-)9$NK z;^#PWxZeZLAM-!KhGBsY)7SHHWu^A_FumdQd;2y_t+?k2|8OL4>F(OVCJWsg98cby z)_dA?gq1cVFO<=4oS==+KM*&wJ5OO1c#)SRY?a~5i*bCC;s)c`OX)w`@W_ZQr+eA3 zB*|;Hem1*x@Q8G=+6A$}Q@r(E3iR5AMm-;)lG_}-7+wT=w)4}4L-)BGIxkDpTcSnj ztIRL(q_K?^!Q_BpByi05mZecbImCx2$hCzxb9K^sl8`xfeCJMlifudA#Nsu|l@Ws0 z*3G2R5ByE>+B!3;aDN5~TLsSj=khovLE!dx^G0uWv3tl~8^*`+YJ9k)~&4c+NPn@^v?1)Xi9B9estvJ zw6%WFesTnLAiXI1g}$vO{m@EptnLmlq$1*Gb$MJvb!g#o^`5%}(!hJbr}EOO;7X2` zUQc9?a$<~HIu>wXM|UvV>l_&@QH5!P7scZl-qVKfDUTz%MD0j4bqA!mcRVmLJPuYS zbR-(-4PbQrJkG1J_q5qNSrMK_(KG4??_iz8O87FkMj?F^rTHSwN_VyJsB{cc1Gfwf$wdAKC@oilH>q-+B2)2_WrpFn9#;zg!=R@x!k;1 zNK5+w*fG6>TE@QNJn1V_I;pjGLZS#!TrYj1C#c)Ukl!sfHCXFN1CK|TQ4rYKrI;TwJveLfy?tsdg zHP4UsC%J@LoTUtK%sSuSqsKpirpv>n*KAtGaKfcJ<@EE8b5Pqs&OqJq+=`xC2K-pb zzQw?6zkTp_Cx!0m5lEC?4t4Vb{6^6-r&$fHl7#68wWG z6r;pcaj|$@Y?Qe&Pj-|?$f0t$94p7moj?^KRzrP`@} z>KJvrx?0_=?o}_TMd}0fg<7Q#)raYFJxc#fU#D--H|yKTX<`e`Ibs{mbH$f9&l5Xv&J{ax&J*9@oG-q`xj_6I=lSA0oEM0w>?1Ce{bY%_ zU6#sHai1I_hlu;p<`v=rSt%>UQu;y4jilhh=cqE1jJ%2ai# zs*%mr6jdv;)!FK7*;<{WE|P83CF&BHuP#?t$e!vN^%L1!{Y>2?`>S88-^(I(hq^-! zR)0}<%2IWYx(Dqf(WWUP73+Q(pru)`|7i(*J$ZCfWE~=~Qrn;+q)f1y)LEj|x$se)o6|0=Xp5mZGg0T^cz+tsY}EY>#G8V%CAUBh+F%wq%50o@Xp3{P zCPMAe1}$yVXMRY(tKM@^Kv(H6us+s7g|EM1khv;|oQZYhr)jP!){U0O6 zM2yxPagym^x{EVSUvsE93*)s+oNFq~C^6sMU~UqZV&vW~t}yqQ`@~fkz0Zkj&Fkh( zah-X`tQEg78_WjrchoRXKcXSO=*RVoLg|Muk)y;g4#J@qdAZ!y3q(_9pp zT+?0*F+EHlQDFv}LEUs5odJ&ZIW%a6hO}(Yw zR_~~H)qCoFP|C&XL$yRLRUfHkYPnjWK31QoPt|8?rTQFHbiLZ7w(9OWpQ&k~F4lwe zU|psU*GGc3js$f*RiCEM)U)(CdXAo_FVdIj%k`D|NBV00W6<1Rp;qUqSJdljp?X8T z3EB+GtX8WvYOPwQHmHqiv)ZDzsqN}Z^_AM8zE(TcF7=K2m-??3T56@WHabP8>gGCK zXX-57Qs?May1nk8JLxXEo9?N5={~xz?x*|f0eYY=&=FmtOZ5ES46g&v`+ z^ie47XnnLkMvv3u^|AUmJwZ>@lk^GtM18V8U7w++=&5?To}p*zv-H_|wmw&%r|0Vh z`T~8izEuA}U!||n*Xp0>pMt0S99-pk@Rb|&FZ3@_%Qh%mw$9agy0z}8d+6S}NLT7= zJw}h!ll4jZ6kVgI>ACuReWAV#@q4PD0NdMxCv?PjBQ%D(!j82&RvYrcJ$ivZ^npEa zKk$Y_z!MI|m`ij>U@RRPmjU*qiZsy-qp`V=bzSxvL%O z>z$oYZ~9(_&Tj7P$hF4a&U^~ov6jjw6{S^Nd2GEYkSG$Jd0gvs)SOPDQNcm_GtyFc zR|m9P`09wSfne*3($u}WAS`@!MN8Aw4KU-c6!c&!Up>$hbmgNz?A6wH_d-d-7p=PW zMtQxfAE>8yVTR2;L(fA%PrYjZ{E06AF9@K`w!d?M9bW2GgvB2uU3*vjy94Lf+=tE3 zS}C{=AhlO4V zC=bH@;K+^1&r3(o;E-q?`ldY?v-FPIy&adti`fr!(Wrlj<3kXP7=~7$deHam?T}NV z;}EpCJ<`yM!{ID({=xh#=lgWrOL38GUV%A>mC;5(W~metFh)GQ8zc(QVy#iro*0>j zVUE%n7%%|e_ZEXrL@??LMG;dgqQ6-fU)fBbnlqG+h)rMLdq)K*Qz@jPbiQnV(7Phk zy)9rTKI+wUxaibl_85-(dS{hiZ||*rmZAjqq!u{bofh^W5k83z*>fQ3O=kzLbz78` zPJzp#(ZqE$U=Q-I60}?R^1hz77W!nRA6$dcw&6>lrR_Bk&)CcQ%45c&hm+xFF;a%F z8q~I}e+l%PcU7SMy=w^i(z^~v?Gjx_qNj(Vww35>@9N1pP|D6R_zobL%_{$*bl=y} z6F3~4`=S)%#TYSB93#devtz|^nAe^r#=$)i=NWj8<9h*IbQIt`g>iy>Q@|73W9E7^ zdC)IM;C?#0iNfY%zD)f`m}+~CUtxwUFmJYYR(*Kf_7)?>QGS0+#>}Dxq@@$ZNr*+f zEPN2}x4e?_CTu0_A_$54`Ai>|s}R$}PvQVxnI;30T`OtL?>T#yGo_(;-k1pR-D0qp zhlhn;2}UvZApEzbB@DAA?drqz(h@f103Lns(had_ya{L&ijc-0qY-K$y8t{WRbSxb zZ057s%xO9RYtxY`17{kjQzj^27N6L=5>%@tPWqQv4&1~=+MwP<7iq4CnGa6MltiH) zk3jxM;xvFX6kKLF&UBswW&j_~K;CEK?Cj43ry=j@IP-Wun8WkI7Cawp!SlgZJRi)( zEcs&Od@0Vhm@Quh%6bLPPCQS{;dx>%X3xI`y?q>~7Eje*wFwi7T$J?25Chlj+vv8j!XCdYT@&VBwv+f7QA((kTBnDvi{jfL` zGw?^mK+M7)6^CIa{+KAhZ2WOih#C14q6o9{Cq*%4VjqYun4K>cT`@!dP;|pAeTnFf znfg-E1GDvyL_TKh%S2Di(N>6Fn7Mz9x$P&I=k}o)JmP6YFOLS6I5dwsLgaS1DH4yG`bd){VY(c)}Y#LfK4>}8Uk7_fUWlE z3tY1^u1mn}FBLxkMY{}mcqq<+;7$e1_p4A^8s%jed5Y=&2u_}X*cm9PJ$2}WQETDz}*<)hugSB;yqoQXW+ubybz@HG`J zP1iKQjK6G1547xb^aROoGteLL*G!Z&eEkU2s~5`aU1y=+ylWEL-@96iDqw@XDp0pX z7xAI?sO=E+wRc^@IZ(=p+_Qd{z!69rHeLALfplLY!slf0#?v8Jp9DU73aIkQ;K7YO zI%6-Jp`iaXJL(2GZWy>YNufmV>97*%#q1VLw~u3-pnwSY)qKdTxhdN{+Nf$J8D1$`U6ia zrpy3-5VjI_5rjnj+`-3X;*%bJQu(|xjRmBM$d_`a_d;CBrKX%I4aM`ugopDUK6`n1 zSm>2tJhbwJ`#%(8PQ^`*d z67{q2arqG7wTGWx3QBdTgG9JZ@9kl8rZg1C8xtO`yGWsWSq+s}0s{_U4_jKoFv^3{ zdu`!8EjAIB=YSIR3Q|I?r-4cy5uybBkP_TeRZ2MIO&BTJzkZ4bLsw%H?voXvZ^* z_B_Mrz%vY5Nn0se@eHFA&oDaj45JfP)&3|t>s$4$q6=2ZZxdbh?fQ1n4eRB965X+8 zeuwCRb@M-qeEk>w7p#HZsqYlMu#Wy$(Odsb|4sDKf7gE(ef3@XF09ert?w57^*#C? ztknHO|3eJGYWuz7P^`G$CkA5G{eE#6R^A^F1^Pk#peV!|{6nG$>+lbYVywMAA|hDd zdk5utSHBDB@9Fmd_kH~VATHL6ktbH_k#;H803*Bx*qPS=yYm`gKCc1x;x)iScnz?C z*8n5D2H2Ta??rc7zZdzu64(nXfzOHptl~c>4#j%lLU9OI=H3($tO_m>ow2t6DPqzp zU4&QZBIwm?(3=Jl2dz2uW&G%i5t4zq24Tq%#*+4oC4>nrfdhmk`HUrpFqV`dZVyO8 zgex5wSB_v@>CCv&k#VIH<4PaKl|GCs`HU-F8CQBi3Yvp4Oc>J(^3!>66W$DGycx!L z)0OdNm^@9MhB+q9Oe2gvgBg2{X6z|t>?vaGIhL_!5MxgXW6v1Io+BB1iWz&3X6zZw z*i+2dGn%m{g|R1{u_uSIrx{~UE@Mw~#-3J;JsFHWd5k@+8GF(gds;H~v|;SYWbBcQ zJ#86#+A;QIG4^Q29>dt97<*C~d$JjOTIffyemhh@rXLgIv5NaRaPA5Hgeccf>L*17 ztUaC*WA)SeX{;bWqn`mTKC7Pz>*s-~FX$IUwSEyRz}@sq`XzA;)`4FJ zF215)5hL}h`c-k1eoemyEPq|U4vb%@7Xl;S&~E_O-_&nnguJES!dQA+zYY9egf-+* z`U7Ba9&AjO2%|sJAEAWH^fHuZxn7Qvtk9pJ44>*x0p&COIr8}eYtEy1&3P!VIalzS z^9WvZuH-f6?!4wa0Bg?WVw4$ejuu1B7;_BPqQ{zXVuTrQjun;WI5PnlKhaFWs`c^a z1jL+dPDjj{W)9+9Xf8*{wdQ(+++c1LDZFYug4e4nF+%@Cj6Xr>{ zVfP{okC}G7nmx*_GwYCcy;(0>@i=LLadHIrgycR@+y|Qbz;GX=a37>{AEa>~G~+&K z&V7*1eUQO@kjbr|#jT&st>1!MKZjetCAWSqw|*;b{XA~{*4+ASxb@p|i%V{C!!4f5 zE#8bZgI&iZn(u$xy74ti)V3*x8fFW%PlUs#SOQ3Dz|tuZt*N`@mAd8 zZMnszIm65l&A8oD&AH|RxT*Eqnk&qY;if*2Y&p=3`yiDq2bytDG~+&K#eL9%`=AxK zdt37stO%N+t;aJ>>cKQAgK3hLT!}|{T0O%wiM~K>iTNARq}EK6+A~ecXPRW~IC?Wp z>d7=Im1$B=h<~+Vn$(7AQfsD3xlEHCd>*m+>Q$@#7H2k2D^m{TNH~7(co&ezar!Xv_G~ zk@2G!<3~2*M;7Bp3&xMGj30d%KL#*<^k>Y-W6bEqn9-Fnqff~Gqd((B9^*tW#)+F592|9#(=Ke_kFn6`*TnC;-2opJ>83Yx-0tlOzz$P zFC-GOSP?y7v+|%A|IA6OELF_wF}ZNSId#l3bjJ?f!)i;qAzS; zK0$7us!v6K*uZ=S_e!-=90FSy&}7)Id?5~nP0V_PZ&I6Z->SBP3v}1rLGAN(KHP`u zL%}r;(}&?+s0$HZtcxMR4AO(Z7Y6IWkeSMK8SaN`X#ZhHb0qHNx*U9Gq#g;%KT3~+ z`&13zh%kU%@J;AMoibrWs=xs|GO57{GE&AEp_{upHB!X+~eB z8KanH^ktfHDASCwOf$x@9Mgko#(1U~y_ja?GtKD9a?Bx2GY(;z(U)mPZ>Aajm}c~6 zn$eGGMt`Omqgalaz?7pm%P|v}e)MNKri$g55iG~dV2W}S%P|!!!BjJK8OajNOr|l% zvIJAf63h&iV5YMKQ^^v{bjG$WjBT2+tuterg5A<9BAs!rBP^I+7p-B%v{2;1lIac6 z5!Os^LVr!T*o|?qE3BIqi585D8H|f<7#G_zE_P;IOl4f`!nl~lxR}kj*p+dy8{=Xg z<6;NK#g2@NlI*bnk+4uP7HU{gtpcpoYBluiYt$N%345w_q9w3%17dDe8&S4RYBSth z)E1G$nA#DRR@+1_tgW_-<6&|2B{cG1sjtKdu)NwKPKNc>*J2PXuy%@pu)^9UN??ig z4YdFNRNsopu*v$DI8psu{Tr(b|55)DC#mn$cS!YL^I|OJ|8v*i*rN zP`A)6L>bwAL6XbWxnd&hzgi(qp3W0Bu(oO~hUhlBt*F)QbUSezY{S}%!LSeOfH)m> zM==SOVx7c^y0h*qCc|c|3(C_~cNJ&CdaRo`oJX&Q#a0h7jK{EqO<7OKg}rny(E@f{ zy%E2!?u)ejb$@X*tjq?Wjx^3Y!`^HlpwMXV49l|uxM|FHgzZ-m+%)pDV2>6NB|QGK zVVPDUMl%)Y1{<|fl!|CUH(09;ftx5oH`uKm0XNZwZm?h*3imKQ40#UM!;vRZijJ^o ztAKli9szfyu7tZvSBW%Tt*gZprXvdWZbzXPh?;0UT8~Cw9IcNQDSC_^gPGGY`WU#! z>alQ-)8j;@9;i`4*R*2;XXy50yj~vj!e0-U{!ZI>VAekL$rteTMf!dv@8#nc2m$tQ}tBDoTjHC ze7c?v_Y6G)?wNWfVAbkcz&cx>Ely(E*O6&o2JG@?i{qIBX23%4T)5BE=fOU6uAVEV zGEM9PtG)TamIZo&Xby|J^TjmS@Ld4+h5ACciDG8Krte~ujp$}JtotrSzx+V|K(x}A z>B}%%AWGU*U!ku+zY{&}s(+||2scqx2}{7MfFVR%C2Rt(ftx6-gmvJxaQ{UAMC8Cq z@TbW0XZmNrqMz%Z1Bxy^bK&|sBeV(7y1{d?@jt9)R$;nJ^TFS(( za9hiwSj$9uOZJJRL$Vqq(sNp!A-$u6EJSP`J@6!LKOJ3I=V*{RmEV&sh}G}#YhGEP zRRn?^Toj+;QHiY{tQ%b2!Jq8@lNvfLibEIGjkL9-5u%HZj^JK&^a78gn%h`5SI<7h zYLhyEw|V*?YYpgWttfq9Wz_}k)(QHc9{xpesf^4`r?zVXiuwx$05ORXa0R?ZRAj6l(`2F>md_ zytOOy)^5yOj}PgVI@i@LF<0%y{In%x6B>llfpT=7V|62YWLg?8AKUROW!anD@12u6G7=y&)m4cLZ}i$z1P9 z=6XY!>y2fuH;%d9Fy?y0nd_A^*Q;QzCzs2z>t75K4OizPW5Z9|_u6H7H zJ;_|pFxN|Au9wPOFO9jLWUkkYxn6VTdg;vdhBDVHWv(Zg>t!(4%Ve%Mp1Iz!%=OBd z>q+K%Wz6-4GuIo&TyHXSy{r(|>&0B}6y|#Q%=Jbv*UMwBH<`KKFy?yM%=Idn-$~|l zl6jnD9ygMC+*syu6PU-1W9~Mb`Py*iXv3M8fro*MN#i8esmi1qg>`kBbgtKWqve)`O!G$M-!PJwPH>*jCs&7=0W+) zgGMk9%4Z%lf_YFr^PmyTgIY5W8pk{+k9p8!=0SPPgC;W%%3~fhnR(Eu%!3SbAIW@& zct&f+NXb~J82>cmpJ6;pVH`?jj7ejhXvY28oO?8#`z(WdD}!48*=eoRgKF*VgpO}j8P&17nt#nd#Dsc9Bd)0Rw4dowld!ql`k zQ`0P_F}X}v`Y>H-%XB4&>561p(wFH+JEj@!nPzllnvudZqXW~7RHhdBOd+~4ZBR@P z+Hy~{;-2WpHU!5G?(akCv`Wjn@4$(WeJ zIGDoNm%@0L4-QJwOuD=(?IfY6Tr_u<$eS^D+S%f!SvB)#|G)OG1g@s7?eBGlCQT}p zN{&)eseKxin;~V4G`Nzn;WSX4oO3ENG@x>kF+$uVndPEXLK2c>O30i!2_bX7XRouO z>-B#3zTWq{-}l{L`uVT3*0Z0r_u6~yXFY4}|5}UM4}JvOd9WvsqDKsO;Zei9Je_&) z^_=?r8Mo~6;9YcuuTBoYEbxM-8%iVyq@BQ1v4FAp!SDrt5^zDJIxJ|JHDL_j62{_( z0HU9g0`Mv0XqSIXc*MbF)%t44mFKC zz}J;WIS=&o=1~(zxV!PFSWov6JZibO=Wrgi9qTJWZB~Y_P~D)7?+rE56?hb$ln>Ow z2rTaao{kE5R0i;!-x^pJZtyKC5b7XvZic6)3LcFicnLO8k4FHbLjX0Ck;y~N*8^Y3 z7I+#X!D9@9x++a)=A{{dH{uLmEye>ULPYYCgRgS>;E9<7&uSoyAx;231AIjY@DmGI zMHovlR$#nvj5Ydk zo?3w!=+%@C@WPHufLdY^i1AAj$iZo`U`>0XL9{_km;>6^I(1)nZ7#0J@y|#U1)3iLn}85TAImV z=Oe*;iKkMirBphVNo}R}0DHQGDu*$KE7Wc35%rvUizp-qXJpQLg@iREtR~?F5}qSr z6$vXz$joYG^vk6oG9{ro3E`U;BZt}GIAnQ}a6fKs5i4IB?-?eoEj>y8J<0W$GW~hb zH~lCL%}hz?Bh@oYBH=0$=8zEbH7lo%0+wPdCTIyM!0!eGmI8waICEzETl^`OSpl%T zh15!FF_nrU(KIANVkALP|LHV1Qy{!=^QkoWmwc zZQA#a`;%#KCLK7_K~#(mp~L71DnUn4DLRJAaJ(2KZPUJY+@DONSf*FtOvlj)bP|=L zQ>X%+MwRFcs>1OTAZeTSz2p958k{NOFFTVl#X=D%0%~G+@ELVLebsThT83J!y0`lBP7=)^Egx-V*o3Zc=Yr17 zx>xinx)ke+x(0U5;_2~x4Sq7T=+5h2V^nS|V;m1>@CP4O1RUE$>KAG`%znrM-*PXk z7Ewx7P#36Ls*b9M?>p}i3n?Hqq=O8QDYAkU9-Ltv2T$aS{9(p}2x?Cv`UNdVYf%=g z(XbchFqFdcxB%>-beIPbL3KijIMk$8<4_Bw;7}Va!eM8WibEYV4~M#FB@Xq7{$iq^ zD%FR#2J6GSgZ1GGus*y;SRdXdtdF9k`cTX9`OyrbA4~LS68%|3e>TydL-gZ_{yw6= zpXlci{d}T-fan(x{X(K&MD!04{li562+=Pg`bUX=DbYVh^vj6;Nupm)^iL7}3Zj3S z=vNZ`Geo}%dKXsETXBZIg(rCUf8uGQx%kd&q6IkAMoVz0gVLl=gve8+a(Dt*4tE~Q z!HQvhurgR5ER9q?o5Y#Tlcqzda5|I6Ik?2c8pJ zjIX#eT24xkghO2G9ocv=W%G=XK*k%n-!I1a6{G%O%tDG4jV zXO#Bj|KWW`$>csrZLOX(4&}yiC^wcvYcGw*k$54A7m@fe5-%h1GbH})bxYqCJ%mHZ zT^h!bu!w|ZB>a)*+-`yXzgeJmKSJt<{C)k1_BMvG*6nS~|IIe0-TwUD?N56@=8ya7 z?fsaD_I?bE=}G%J?fn>Ozvn;Ik7;jX+S{0KMnN~E?=kIdOnV#C-o~`I zG3{+kdmHmV_069Jt0nw397i_Ht)k(-8)k>MnJkdPqHnU6`K2?n^JIm$2i~8`x>-1MIN$86lVk&qcCG9(6#=wnF+hJ7>Y_K`d4#q~GG)=G@`baqe>Naqe>- za2^A@QV-?@F)Y|`Sg&wR2xiCtvR**x5U~H58N~1l)^RSvzu3|=V9Ulq9>1X~xK|9L z-37RHEVy@44Pf;G+kYkeDIy^-5S7T0Ea3lq?}#{jL=mj^d>nFQR@VN0PSWGbfIq~X zQw?PT%E1*d^NX2t%HeY=08dRqb%4^%p;Up1SqSU56(d;p1bDJ%aPA!75Uv5LGs7}v zZ)>$71Gl?d^ z%BwS|gH$nfh&oIi0si<=V4xnO%BbVi3D~c!oH_-3)YDWY%!;m}&H}gmJav((rY=!6 z)Men5Uj?S>b?PSY&FiRp)B|9h*HaBtBXG}~s8>`o^_F^1eWY5Lhl@B!2FU@NRSBt} zjz}GKLRzRZ>=D-mbw%BfAu>WeU^g=})C*Z6KC(u($R0VMKFA66Lj%x2q-D6;Yr zJP`cHgp~Ftcm~XRgYZxLHJzyaLPp*+X-Lu=B_zwrOw_J}q?;^+_#J3@8LpW!o2A30 zXg?VRGZ`peqCFHc(~I_?&D*5tW$DN3!6Y>1&mD-MVweaP22;Ky@Sj;^urJ-MO=cX8 zg?kzXW&5o#zCLnm_dGTAJ|V#$SB*zL;Qa8H9)`f`bg z3m21c7GE5DG)G3AHQI}>N-N7iL{43HfG9Lp7~#iPr#mt!vg!(60YZsH9OxG&;2Y6~ zOrnCio|nW=6cj253*>nV0zx8$VZz{0f!LfkG$O!)?@0G%4(p)K50OYB9W5;b1R_aj zP-uXkL?E^hx2j4&(;`3^ZYdH(3dNxkp=gFB-;TCnblK{?zMjHMAc_tR5Qur6LZO5= z@M~tg0a20=p(s=`gVxtl;@i^Jpl?sZKVK~+E4odTPFVIoSz;U7N_y31-??h<&~O11 zIz000Yq z{Pqm0c6xttA*V9XNx6$wU8+IOo@#FMwSEs@q>X3k=da&URhg1;(4XUyu72e}nA5W% zUTPz+vMaL=JsY6*x=+K>hMfa@Dx57bdDiH?sNu!ZnwL9NdbfQXy{p!-^GlvD6O)&MfiwYCtuvs!Cv?dcbV&aOlf{YxzYFw@?TaNC+q$_hYIU4frPZTm< zA5qhO7^Jh}f?!>mC@q8T%7_g)+O%f8#{Ls=Is+@$MNP0Q8{V`qUG?z`4^`T+H7|rX z7PL8S+8U=(l0K>4!T@pPcd9k*!eri+<3#tN9Ww1RZIi59-v?3HcaCrK8i<3$BB<*Y z0irN^6q5^&Gn5`oyUKK!oHPU_eTqP`+ANxRS4c@&NYmucX5O~WfiZwOhbU|7%_aMc zv>HAhJLHV)%nv0+hJ@a7QC$-5d^R^!;hdoIK-w^_-hmry{La4Ft{SK!+7KVUdQFPU zi3>&L{R-(~>x0cV^3x4cd+O`oEehH{>c*>)F^{X8rv)tNnwhoL_w4;^ea&xK4q1@> zc~za_`BKUA2kE`n)gQONxj}ZE+VML-|K@+rM)~xrS88X@H?BCRsMsM-ar^9<2Ylz7 zsqgm`1+3oGa{so$^=l%N5BU=>8b7_^r}*i<%j1-pmml;>Dr)e2vaamF+V{EMP6xN{ zuet9xgSG9Z+^A*a^37igE^S!1XJ^yG#-kIx$A{;av2S1LcQ|#TU+3!P%1Q6C8k_Ez zZJzC^1~&61oya~RwVP1!zPU+s!0*jRH(YbT5^8&g2zY~qJQu&fz!|*3B4Jb{v4VWs z5}q7bL6a}yfnk1PG0&=v2@4fQe6tw7hxk_uAFTG0B*6Q=syoxP?g@H`DzOmALnzmq+*y=sL6wONz5G4}) zvy$;U(khGwS6z;_cd&D?>TM72^nY*t%6eVuv?#;at-;Fn$)tj@$T!C?VQinsfE{%1E zcy!vXXCGR8k}hv}MJ--rs(8qmQ?;cZr@1k{Y5OzJjiEuchjn&Ms5K9&*O_|ozK+K* z%5uob^r$O^JXW=?XFVNHiU_8dt*=hnk#YM$-!^|@O7w;h%=?nzHelTr#wN%ctNs zuBodlH5}^f=I71PvHzsmJgwte39Z?pzH(E)c}niB*3Sy=ltmjm_Gzb|)rv6Jn!3jM zlhzhJj9wE``S5pk>_XX|3(KnAI!@c?ciL%V%Z;s5s_)WjaQmg!Q;wDaGs%LbyR2KS z2iUeAG}E{fYXY`StF3KoQw``rOh#Qf{b(?2nPAqEZ2x@4u?!CUV%CN;`S3U{v@_jb zh66t-x;JgtdIez5{)Gzp`_=%-eDm^R3wI%@q~XxJjrqZiK^?MW966&>JBfACHhGjSMx|!KJD-LX` z?qhniY(uxLzAtxX4|=)bUchO~rP)1uqN^hFp115#k7D=6kc-`xlK9lH;OeJ|59_GviF*UT%QnomU~cT3p*SuST$N;90O9Ni7^a{cl{tzs$hd z&~{c1e0xB~OS5hp{cEgjBI30zywvSdV%#n{>~`H;f4P2)_Rx*vo?MXIm@;c+Kpj`f|s zLx-Kmn`$}5?6>17bIK0t?>TzKwTE!Kz0aFuE=wxYL~{ryVcVsb#76x{{hZNzEx!jw_cxezTxA$90YVrpc2f#|LZ{`Rn>0 z?<$<6<9wLqA=tXxPFjMI;^L3J-{JdlWB=@m&YCTI%b!gYD>cR(TH8D$z4$lT z;H*wcH!^)rxXe`O>u)ltXn?Gj&)JT1dP|PK{hSxNbjdtP{c7D@7GiHoD4`P$wJ|#1 zwJ8aUnRnQblQ5r7NQ~F`-Z2}4vju<2Q%!^#E%gvNT$&9AuI(dk^>VC+zua5VciBg^ z6B}h0rN(4h%V>;Ws;~V2vW6QiR zH{a*`u(K+w{I9Ka73UpsJ=Hz$QX*@Y;f&D51^FYY&bn1t8$QxY*}i_^fC$Y~y!#6_ zoas{=`DV@D$9Bg06<6!Nxl?~HFN5h9T0zTV&v;bW;y^di!ODhjZDV6)?MqK><53NE z=BvQX06#@eUB*oq5h#pkO_2SPphxR4M<}SPyTCdf;J%IU^9$y=g@%Vp1c7`aWq()t zhb~Xu*aI!azWGk?;*1+N-J7pdpj)21{AT$}2YhHisBwNx6 z@vWNRUrA^Y-Muvq{+0GW@vkiDVPB47CH4Im&KDdwDKtVN5QPf@Lt&r=$|d=oTlihS z@oV?kX_d#otNKC(dBv5{uWPqx9jRX1^Bc>6{ive6oKD>=VxF1SzgX?WRogN@?(XF5 zJYgu0#};H)<}5lAxc%Ma^Rdon1*LjsQJYIp-U)Yln}RUozJ{qpw0Y zA9~8qbwR(BPr0$V+eXf7QNx}q8iKUqU$tXA#@^X>=Xf`@&=b)gs=*bC+;bvxs(Var zzs2HLv5(#s?$f9UR&!9kcqnk&c*i>y&;vjxA5j{RW7PdhFB)E3zKT^<`;qvK{20x<>V&N9NcMulR{v1UB>&4DitjHGeB( z$@yyUOh}?t+YD4H@|n>W4Hu6{v=yIR>eN~H$tDQC{1}=Bd$wZ7_|^@9(U-wD%{^3i5OV3^@F}DjoG&<&e z9}R!UaUrr%Hh1c;@f$MxOk3fi`}m|s{hr*GJ4Y4Py(-W-qI4_SP;MCSU%)cUFqpSNAUyO6i!Zr#$X;)4P?rIakIhbr6R`=u1> ze(sp>Ue+c5)PU}w?Ebu_I#$hRXNV>H{ni=NQYN1{zRtZQdUf=rr9s!84x9dBgnUz!LT|3~(Hqvak^KyVI`6W#i`MeKn{Leg#r9VA0+lzB>7z!Lt3&g)EB5}I z$hz{rW6rfKob!C%`<_eHt3n!{T-D|_ckx@dO7~&Z!M>-@oiR)-pSbg`ftbVB8|7gJ HZ~K1%`Nrw3 literal 0 HcmV?d00001 diff --git a/docs/tools/.sphinx/fonts/Ubuntu-RI.ttf b/docs/tools/.sphinx/fonts/Ubuntu-RI.ttf new file mode 100644 index 0000000000000000000000000000000000000000..4f2d2bc7cb6ae34d90066e1b330dc18ae2386e38 GIT binary patch literal 386440 zcmeFZcc3gsb?#d;J4~MGo{rPgllR_d?~~5~34svVB3K|~1eQob0)z+xfdmpcW0Hl* z(d2BBjS*3R!6aWBn_#ZZb08UmZHxh948GU%eqUAhKIcdW-u>^sKUB55dZxR&y4I?- zzFKQl%{CQdOhmD2?s~hs-SPH|x8Aj7*8cPgV+P^v?|Sy#zW=_*ecr5Id~;Jd{Ege+ z?e4dE`Q>MR)vUcdH|CV{&N}yQcX&|ko(GMI+cfa=v+s83=yMMK`~qVte?_bJyT|SB zeBKYA`Lib*GptkRYxlqO!plDW`p2ypb1mQ3zJCA5TroZJk}baf>C~8Nc=2Tqy7V#E z-tLc$`P6reSzkQp!pko+1JmIB`)SX6(8C^k@g4s0nU@&zt+uINTfgK1mtJ+|KYXrd z%#m*x^Std#9(dscYG3=xk9hyRsekGvT6t_3e7HJY|G8P??n?CzmEYl$seY{b zT%LQrJ6HbJoNa!=)z;eT%6hd~UHyisF7Ill_bS`I-L3C@YqkDgt1I>8?agT`Z#LIX zjd|TYxK^!KKR~^yS*iTHIclHyM@k*PFn6rH%6z4IwYgXI#^&6W+nLu^pJMJ}{>6Ny za)xs`?S`f1CSvDb5#iUNf83edaCISD9y2A7S3Q@)Gm=)%%!E_2%Zy)gxw6 zxs5qoxyrnya+~G<p{M+)&eE)8BYA)irb1I)U52!Bqylx&)xor8v>Xyl>+vY6u za~;bU(*9YM&^&DA=H{&G9*%v~pPMP4FREO@z1Ntn$}`QSJooU*H_ek*0`psyzc%g4 z-z`61`K*~$&NLTS0{U>~@@u^RAsm;Oe>N@N^}@;R!X~X6jzU@#e}U=2?}0GiUJJ8Pxy7>d(wGY#$cp%#}ydH|Q?Lcf`A1 z$MIy2$8y}?_T#%|%5$GtIcTn~yw1F~@)L7E?ma`}Yp-2pzEC;Kyn<^tsXWL$f#Z>t zt19cXJ4G&E$#_1I=cio%T;=2DO+0_*%0tW_bG(=1k&N#iJGL6%>l`buM;0{R8tdZ@ zJJuTS;;4SsT(~>d8t>x|$=Uql_*s<04Ugto@FS6s!SZln? z!;N)0=8W-8xmS+0#{2j~@85^aGv3D^8gI#kJ&SI=`?_anx9|UDXX(Lxcuw>qUzSJe zr+D?N&e9pl?Jql{Pm<~CXUqjUi_fC@`sd}pBlABfud7b=2aL;qP#0aa`hY%4C#v7% z+~+#FDg7wUZF}A>zF%SA0 zQ+Vh3;#cKyl?M9q_Z(l~_&&PS;`}X+LmVF~+rRF)e4lyA@_cmdYL2IJJeK379B=1% zHpeqKZpZONj-woVIHb3SIDVbuz8tsUxLM^><}7B0s|!7SLaDEuAItIT$>(*4(YqDt8UrGv#V!=ahDk%(3##V@_v0-^V=jt;(6;;F-&B zg5eJ@@cItm^&R+ruK5M$pK$#r=3KDyHpu5W)vq$!-_zX9e%AK~ntOv~i|Px(i|?Wf z;K9m>I`>A8Ho%2#a|le>UwyB6bTu>QRolyJkmn~c;||T$uAKA7c)D+wvRLnmMH!A%|Z!H?F*g&j-Ou z&5PeQhpRU;_kb^VT>YLoclC+bB0n(~tq5QKlfyR;TYWwA{|7mC=y!psB}VPy#Q&i_ zgQIsX+bGYPmozsZvrnj=Y9_llT4LRGu?X5KZ(n{_`h9$#%jZ^pM8B^x8@pIn^m+F^ zn!hxM6xVmp*TMOM##>*H*0Mh*U?RM^E)S;5pHyDG{Abxy$jn*Q=W~7ubiM#N+RM2d ztFj;E`^)x!*}1^N%Eil1Ro{$!y>R)(mAf-$XVa$IlHKqZ$Ws&B;sO(Z&r>Y&S>=zI z7oGwCuSDNJ0yaN_x;Lj!89MkwlY*h|s{VvA(A;;qxqIbF=9cKi)2pk?uZrL3*Z&Y^ zax6JM%JHup*Bp0z2>sm45xc{Df_wJZwKu+r?*EW?-i!ALuS>gw`EBJJCSLh>?tK~g z*4SUmv2EtnH*pqS(ot+y`~0=be^8q%_cRUUe9P8VeLeS5+L65~zKe%?UN)<2AL$Nl zuAIVW*{L7p`i1DNix~w+7k=&(CQFemtKzHFE+u- zeN9%m*6iK2MVOPTN6m=-oKd|ApEZX{-({O%>&lL`^Vr{E?_#G`e;q9PZ}V`jKXTi@r*yH;LH z{i?a2<-tYB(yF=B%0o?K<$<&-z5Fn|cpCK&Qt#!Q@6P!uWNj}v`6YONcj)^B*Kf&u zm~ehB=kLM$)2a6(#^hemSlVZd72|l8or|&UIll-S|Fr58O%I;6S8hssZ=}5|&70uO z!>gBYUbFqS`oP^l~8k<}rv!RnCg#Sk4lUXPfQ ztR8_wr5<6Uz1i9t+hE5nk(F;SC+!1QK44K*TG*trTbU0TR2itJ+P z$zk|EXa4_vKHnVu_yA)&$5;JEp)21pkH$xOu%+RVVCWCbeJa1sp>g&2{z(q?X`3_s z(7Ua^@J_v#M3Fmv8t8^4} zmGoWzd?q%)?XcVa)7-Q2ea_$G{A11^;aLvL5Apsw$BLnU8@%VsyzkSTU&HyW_+H2H z?xdgJNZlK8T)=TN`Uro2<$?W#++MNrecJyz=l65Imh&Tc_L=mr7>|;tC9g`lcl&+Z zcv>0x{}@NwZrbC&c;CN(ywazpFW)VeYe9 z$Dg^XvdS^A`u8hzkawJi&RmYpoR7|2j?SEq&RmYZTxky{bC)A?=Oc5MBXj2?bC)A? zSHjCHZTqqvobU7kboEkVWOrYGk-6QED*^vByreL8{BV)HCRJqL1hbCXIzB-yrKcHZ>!L= ze!X(Y_TAoAmFuMWk>0d7<)TxRnQjkilF53o!P|>b(B(39js(iPZ*kYFYbO#^sq|=4 zoD%^y%_u!ulro9Ul>@NqNO{*@JW?e4W%ogS+pZ)<(l`IO(M5s|?OWAVmrl^;!^ae$ zFEyr~O2qpV~`}j-C__#ZcCB+5X4G~jzPS>{= zm3vlL*kFmrtQn_aYwPQkwUrh7nC@(>zNc|o=TrT&%pcW1Z|bJC{NJqAsBD@xWy^FZ z+qUeO?(%<`uIW+sj7RAipVBvd%DycF6Y@DU5oKiJ<$syjB$SCQQFy&Eml=4Qlys^2_@~7q$a|-3D zw!DcsmCvV{n^4}=oJQ>TX6B}pr<bC*9f=b5`xo^S3!c~4v3 z%bd6TS95Q3KIMJPJt^;N?nQZlx%cu1=6>crloy)&QeI>(puE4iALRqgh0A|2547dQ z<{~~n$lRau67xXH2b+tD|2@P!i1MMfe3-d}&zG79Q$E~0l=2aj|70#R52Jjfxpet` z^C(+hZXUtsE6gJ)A8pIWm`CyXN^?2oRptuH$C^hkzh@q29z*$fa~0(iZ23g?ToZC=Z#J)8e#5-Qyq@x{<_(l@GjF7PyLl7kJ1GC&ywkjy^7qVJ zDBoq?M)_`AzQ??M`FG~M<{gypGw-DQee-*ie_-B4`F`_m%0D#kS^lm0fO#+FHRgSk zA2h#D`60@`F&{SXr~HWdL&}eu4^V!L^8Yc{nrkROZazr)3G*S!Pnr)?{*n0z<)_TY zC_hd4b@RvOTFTFuPf&i=mY*}9T>iEBye%CP)tCQ$0}`1Vkmv>^x&ev)?;_C+Hjyl& z8<6M*B)S2K{_i4@{Gf*Qcbe9_X<1*UZGD!G^;5dmE9qIk!?V7IZ#|2?^&0WDp?z7hBersDEur}mDYcU?O_Tgb`4IVL{#WFl<7!gz&raf z*9;@y`Bx`9*W9N_F{X=GK+9<)50{R2s|w!7hdlqvhw=i!fh)messX$~#qdmY-pD@xbzrSsyt{dFRS0%TKYMa8t^&+41m4 ztiRoQ`AH(SXD&Zsexq_H%DYwWyu6lJ?Qc-ty>gG`$ILw{=TrV><-W_0n)50bEf!*(dU;<=fbu@!92D&7&$`puD{D#pPRAkNDE^ z&F0aSuPxtX9#i@H@{L59|8DsP)+oNUd_B8v{(7wOt znO9aXUOvmbs`^mMS63gte5QF#_44I2%TfNd zV%}JNF6Eo5S1+GT?EFQ`C$ZZ3vgH$5qkR?S+p4cyKHj{&`o`ts%sZ-YrF>`goy*6X z->bfNd6jur_5I5$&AY4DP`-yfCyz1jt$uv@X!E}6rzn5F`q|~><`1fWLizsc7nhG> zALCb+k2D{sevR^)>erW-nGaU~e)$OVq3XAn4>upKes_7P`AGGjmJc%@t^SbmW7Quo zA8M|x{%rXW^YQ9`Egx(?QT^}bCFYYWRmwkFSzkWLd}^h+yx4qtrAPV4E5Y)C?0Srs z4=|ry$(HvwpIaF(FEXEBnJq88Ax?Bdoalx)(G78;{~yGO6u;)T8ms@=+Oy84w3W5m zdZVWEI>qYxZdzI4<7$&tv-+AKJzBMUVS6A29c!1zICDm6Nde~lWuwJ#Q z)>c;6T72xRue5l@8sApyt1C@aC#|flQj-U1O3&3+R#(^7n$6~_R_okr)bz?q-6dX6 zq62z*eZ9%M-F=;R)7m;j*}PV>xh@)ZQ*nQil1 zS$E2Otf|_1vjHn?whu#!OU;Jz`dYQTuzMDzCr=`>zFvh%ZbU5Et=2l+v9A!fuAdk` z=vZyqJL0@$c`;R7ZY_&V`N|DdZnlJJhvN-T5WB;CK;+B zZ?!eOlZV!>Lo&qB2t?95y^pkJ#|sh~_Q`c*yIyOyAiYMfXr3!pXm}Oh8f$f3Y4T>C z)D^^bWu+lW<_7$4)Zvb@ecDP^vsw0CZ*A1zpZaTuU&3&k4s zptWbswD&sPLoVtf5@-Y5cGC*HuB{~+XOSFO-cv>M8_^^@Qp19I|YhpASDEOo!*Y19j*}R7J3i{udXw?Xl7e_OFc%PArOm22fD$#xQbx(x(Moe zx7B3GR>Y4oTVCq2TCglyQ{{TCjYz^0kkZ`~Jn2!#M0<@ih)v6 zMucXNs*-0|VQC*~2AL>o;N@Vk`)@qCNHs7F!$&xcyNo!5U8<6JB;E7nv z$kNXO$!qYxg+5ty;~5@T1FfbcN?C6Oqo@JHEc(}hH-Q{4rVF+qS5m7ld!#y5a#~Ne=`K76*AmJX$1`i9|(`yRcYgp=PcABvgt~)JBg~dgk zcN4PUgsm(=&E1;}T9GAfB|~Kebtw1})Mnnkt3H2}BD?MXpc8EuVlusYD!g$d(dFp zh7O^gs;gA%dTX=Z0r=@JSM6PTtlX-jRx(5#r=&d=_u6QQE~ynaS2)@&TG|%SfM&NN zo}mW33F8WX2PWH*p<$s4HKi{)(@~vZ28JzD+6v>T#$mV`5pL+LBr{0dK|M+Ob_}5e z5kja^CFBw)xhI=VS!wPwJvvTcn^$34|8-nomA?Y6V;$|pM=Pe9iz8|Zd@&*M^Y zA33eJkD(jzB{VyRdlG=MDTco(+_O!gW37&G&kQ+BQnzBe0j=is{Ool*z)R+*qW zO&Mu*)CE?Q35x)(cQqrZu~i1S)0E}Hw?Fp=slO$*CA=W zUtjHN{#dK^*74RljTNg=D8J-DxwB z?!K+4FG@(A09sSN%S;;XjxF6il`Y%0+9x5Rs~`gH*-VdI#kQ>|F$Oxwa!Sg4tf^+b z>x>RwZXM)Z-=f=AZq%-ido}F)lP58~Rj;n{O55cY7n;4EP|#{sF=0yzjwNOqA;Wr? zkx@vY*3-aHOj5}rzjoHyeLK<+t%UfFYUR#`6XRLS|tg?Us7kM=Y1HT&h2x`6G zrK0$BjB5K)m(_w;gcV8UX1!;p$Sz2!drFSQj*0dfg2xc^4&B$Ymc_Ec09j!oT7*a- zY0RkNy>&#bDi#HgA(aqG?-*f8JgCrtrbZK4)uVMxy+*eO>5ZPKho+7d8Zkuzq!uhL z%0%TpAd8El&s0N5QE1V?06-z^kQ#uX^qnhGhjx?sfEU+0LbIl9f(Tz21d7@T`F&sy^9a-APG;Mi3+Z*^mKbtLlxelGs$j~f3(yX$MZ6{b2J)B@h zie7GLBWHo`5@UT> zZrY|g=va@)SK(Hd#L#WqIj%D@gYGFcSVMYNE_NXLKNe2u!00%t2MJqui)h`FvukNt8~S z8XBfX6|&rjv?ULoClnM7puovefqOlRd&GM@tUAU9Wq@O77;u8Dpsr0Z92$WOTtu%U z;|O>YtaAnPg>TX)4#udl8umS}T@QLRu)5mbrC5T&lhS+6bQpB0sdBU7!ExOY?C@6l zEH0N!6w81psN|k(c>An<9w=Cs7lbQ?)?vZu?waL2ntozJ02o{}joxWWhDShA*M@YE zRrLVbMp`{cZ_+DX)~I(2dysF)X`8Nfy21&~3W5{l*4mHE6@r^qM+DOWzH8u7gRc6_ z+u&@A7kC|pr^b6}%2|KN9M@4RD6!y3R{*?K$1OKQs1@;GSGee!YXNJy?R%1C)PR;6 zEuL(4H8Q$L!|>UT4THlo(4(fHp$(Z>ON^&L7>3*WFimGA;RxVZSYxu`Ahk$>2!VuC z2a9`P4-#Ng+uCVm-IhXfyGiyMgj-_p?i;nriJx5?k4CbZnTodT(w1(bkHRIo$e-8!j@ggEZ zYZ%Djp7hJ5Re0U3d3gMA8O}2RUHB^9X|+7=ppGnBUlxS$VJ`hKSodgz|`R8ou@>LZse z%85nLP32a@N6vJ|RTksL>5_?hN^wQTl2=Kab;sTX_m~a@z2F|sAt(&)(F{;?ecbCH zmEa!c10$>mHUQd_I<$~gAycDEjKTBUAgM3v(afHNhO3ka5Xgx=*ktf60PsrsDJ2G3 zgnQWP5&$6_9bsHSb1X+F;EDnmotEDPZtA>AGi;+PnxL=SLalnt+^PgHG6}3YZfOkY zCas7E5->-(P){>S9Y3J&YupL>&?3gwst7^~=ybCST4{jjOq1CQYnk_H=sEy6K!H2e zmZzk(MN1>1qO+24M82%Eu8;#T!`%^9A&&f&4g^oxYVLl=`lDstR`>WR+s9QEve6S> zsydc|wsNoMlX@1$b;0*TQV^8WeLsk!C<;ScSsiS(dJpPw zqvaplRF59@6(e&5mc-yj+s?HFUG0%~^STLc+XVO4u;jfqN{WGuld1Q*Wc}t^A1=Y} zc4v+8^WZB^4Ktt*?=b8Xa}WyQXlsRnNnR7RM1#K3`&NquIiS3jG}rsGfNPDQ)~&Dm z0Il8vKp=%JTw$c0NJLwH9IWwc&J6C`u88PP$5LkpN+2MqU2Z2IY7RhZaYPX&81HlT!pw?$( zbZ!J#b(j<=1Mq>`^kADTpHAB&z(7pD&s(}J*>Q4J8T}fA&3deq9DRb5L;?|vG)7RH zNgt1RZLLcaWwxB`V=#)RVi5rsDz}>f1hkudAW?V3dvUpBq8?Xx1#bzI(0#{XVFsZ= z%s1>SEN^gu8jK6*#r*92u98~hrG;%r!wq_8<=Rf_o+44qG+KmiH9cDB_q)vB^h)Ma z)8l{*R)#!ThZxc=24Aj?-~=V}G_PZg5;FI?(4fIkFNHGgCi4$U1I^IeY4zFxH5hnL zgD)j<^5wO?HVp|Fm3gd-c!?*N+hpEBYx?A97g{>WZPdMP7)YE^19>FxMq0nDixqWj&UT(EK&|Oju%VDlS=0Ar-}$>w20;?XNfedyeHf)_!lj}< z_D$Qjx??X0zWVgP?30y%vT6CU3aHtp&@nG0LSUDN+n|LbrdM>1E3IB<+P`hXgl9Gl z?GbnII}mAcuOL!{THLD#Ob`>u7O%5|i$weB&ogLnicHHpD}Vkk<18dO|%&4mei^qs^K zk*>E|{xRGuuGq`;s1!CQgG}1CpAP%nJrtafK*>AV2Hdt>Kn$}gJi}=Dan@_+! z8<;7Z(pduSa1XLtc#%cwd&;fmNpLSXIqE6;0p1GtPv?CA(qcV;}(k z;4pYs4;UF-M0m|)L|2Hi!7yGtRq@oSLIGC?8x9E)MqP;@8Yy-h>5D-!tv8sV%Rb^ zj=?v}7zSNHQxh$qN~yBHF_RyVQr1^1cW8qYJ@n`u3BsLR582~_vC{*6GIs2 zB5xWfC4vkjXM(|LFAVw?jMZkx6G9dV3r?OZoxsvA-pM@UQs4Qp*iSBnVMS(0|t>_98232I_5`O`*Q@A#CS#LI>dOr?!13y z!$f!D-!d~kIVH&gzgPm>!B>*dNZmMr3zf@Z2$u3YOnh=1p)0YV9{v8{u1|iOB`%n1MOaKZ)^9#Z{;a+^52Di`z-HxEvI{X5&Q$hTP$}~o(1c*3dPJDW zm~2A%9=2@{>{G^(AX^zzFok@qDYQ$@md)6~?PItX_{wdq$z3NkLP^@mlBOrGy#iTo zM3CohH;Qq}tZu;ZlO@Ro(e99u(YYB}+!K&7i*}nm;6$?+0MRFg1fqpd=Cvb>P9U5} z0_QO+V4<@k8jMkUElZ=wYYjpGjz4Ou`iTi$~lr;SC1zSNw8Hg ziAD`D&f8s&7*=13OSjap_=Ka5YFL~UC8%K!haLl|w(d!2Q7c0J&_tYRSFO2?omTE5 zVgB=g_#%~&H>sNv_O!)4ciZzL;&4vwkRbnfS4DnmKcG*rOv?L zkkYiA@#AEeWm!5XZX@TNK&wx#%RSuGkT0%B#rjOy3Fa10D=oGu=~yh>a|D*e_`d60 zhe_Y-E#f;hOma>e+*=0}f*!a>V1N|~;jK$HUf76W5|(?clz} zK-I|bI_O;w^d!=XXfR#U`wj+N6DV)w?OLpjHuYB0@Ef%d15jT=y=_J4=u$ev>{@yA{e7AN&NOO#v_JLmbH#@X?`cd4uscM z)3G9{-0LKm9=hWyi}T`i$wWQXVLe4-2~;sQj=`vHi+M2&i14+$81q;#SaGeI<-H5Z zIa9@!@CB(Ps6+1Y{EK6ccv8YQ(4ZX_elWaf2C@#@LD*sN zWs(553Y`Yb>kMWGAq_le@IW_ES^*zI4q>Q16HtP)9(a@l+-+hDNbXP)5Ll)`H|Va* z5Oq?-W4>MDifCIXuU51svMXFdOETEj4E#Z&VQ;_(dhPkdumU;(GenW*1skvE0Bm$h zl#uCdrVLW#!X@!Dy7{*|4}T^^UCW*b5%s zbxi+VkBZP<*_67hfSPS8>_!TG~*@=5yc4(nHaFn@?65IpMNX(d>whUr44>PgROwqkj zyO!`Orl_>hZ`LB>>Us$P5jNZ1T1Zn6z`TZ8-G=)G?!_8sjo-TOTeGOk!Xi>#;$CPs zMe4q-sL4VJS#WA;T@2<{Chg;J&k3TFI6Ye=XvwBN}Si+h>}%4~5j#!&{tV4dtVRrWe59Pf4F5T*&^3fwE1sK>3&+gItnV{jic zm!)9rGaTEVY)&Gh0AEeK2b!-#HQEToAbFS%ybs*N(CI`{2QMVHAThzz>j8^lubYZ` zCg}*;G?P%YLS|?XDe7W`$%j!G7;ylTEDONB(1!*D0hFU741Evzlzf4$T=l`DH0%So z9r@Z)5^#^qi%}~XqKXhILKO8a?!}?QJ+&gQxD>8ZcrZkpVLwZyAE*H>bv&NzVQfPY zA|8STHi|&>XqVXEHJWk=z|2TTF_g zQXibjrG)||2O#b+Vy!;8E)%m0626puvJy}>MGUX6^%C1u6vW{`xaSBgi77h=?sWryJ3Y5$2IqAO z+>1PL5AnV}?llw4VnoDarGe?&@AvwQKV~>ntHV7;oCPlcj&<6|jurC=u@vobb-0HK z+ZcChsl&Yi7G5p>mAD7@iTWz(HEt_6JA9OEv=Sk**YW)9pol4|x0{d!2^*4G#7_Jk zl8M~9?Cwbz`(2#zB4e$Bds5w+&B8sZ_}$P}70kg!;x~v)$ zDG8O?#ZX?@J-3)APo8>sEP-$jbyo_+jX~yc4~yHbobR?%ekgD+DRFNg+-ovb$yx+R zQGV99(0MN+b`GMYu%O??e?^B|-5O3`*Y6RO)A|+uFnGjO1Yo3=X}RKP zwo08u*gdo$7Ij;y>~#mY23|Lbvbb9@@lkf!4cW%#Qk;gBB5=eT|_H*y9M1;0DvuW!t^K@4%EK}e1JQCzt;02 zI>96$ibAYc8?WfH;|1IkCFDMatHNP5a5&^Uw!az??&++=ZM3MwJ?1}>yMv5jx5;uV zL&i9bSitzSHaP$(>-u4Q4EXR|(=<*bF;Z65Io4{DxcFW9TH7G$ zHEt_+5Lia_Y(xy(N7wQE?2lf=5%;|)kvrypav3$kSwRQNEbw+YD7T5Li4ffs%5|Zn zTgOFi1U==5Lz8#d^VkFC70Yi9Qp<*P9@rq0CVQgQJuN}FG>DXY>_xb4Y9lWvPac+a z)MG;~>aN5-l74@f6V3ubfTi8#vJ;vlNUIR)fRWL;GbD<~2w{N`r0REqSZvd1`Ux>4 zT<8Img}otqOZbA#Ltd-b_oBY66UJ5ez*PieJ{b<9?lg;i7#8lb4?q={2Q2i0G#DbX z(^R?N8)97Qj?69LPtX1ksbr$+_YgdEkoV}mV=&Kmnti#gIJO?fe3PgR*XlHbU!r)^ z@d>^FFf7qvKJdOiE*vqN1S`hxCw*-??DcSQJ-n*e^Mk5hlmvVayZ-_co`y&tT0Fylt4>n z0=MRi^BHH^U{KcW$H%7ZD3;%vrgVayI8}s!MM~3rm<^9T3C@uwlXAWvjpy^(Y%(pX zBjfaoiBF_ z{-8&MG$3>%5hf+P+u@?;);$~`A`22WbkWYNCtk^nq40;*SGMDlHJ+}cx{zMildnduY4$^Y+1k*7X zR$-F0e0z~_FCPKALT_>WBngehBC5ACMn<^T&DjZtX%Z@W4UnQ0n0+XG&(v(1Jdb*_Api%TXrj!P%UKe5!acDF@0rT|UXF3u z?`28E9hxJH(jjVPOW@t>X)MH+QlD0~GR#j|rDWJt1eeokZhYlHU@BV!}k=UdmW83E%{QR%o4#y0g_$aSNG+?OxQ0 zl72sG)WBhZFoXyvwN%Q$d4+sS5Imsy+Y9$BfqvW8;#=LJg0%W zaBnwb_4K_V{;!ZvO!C^Q9C)L?0&K$++#`$g;p(aG z8}u#3JH-zk`1qr;hPA+hPNXR{a0(I9G=c`$M2LruV3VN+1J(^J?nQuV5{y#Jtd2L3 zo!9RX?bB?)i_?Bx4!FRP$apV{YK~jDmt?gf9+bjG3yiGH!)_;yCnNO_HBdx5j9B6x zfO~cZOIcx%^~s#%*Ri;@*F%dVOahSEkDK*`UeP#eqeh6Y@2WMo(V{Y@$65tRb(G>5 zU_&CMZb}5p@F<0<_O3-Y_n980$6S>p9gT+hAfpr1E#7INK((`MJjzGeuzYef0_L#r z%K3gW-P~Ag%;v>?;a+BO&t3?FG|B0|>k+{?4S(4bPH?P+1lv@WWa(JA=Ljr`DLdB> zV=oDhj4tk&@q>kXbyh0|0fr^w4enX@(iS!57{8sfGY7p19qvVOKgPZf18~nL1k45q zjey5v09jp5F&p)n5*3wYvlEwFoiVt#;WbA3;ccro#=>iWdv^7iA4)O%`ocXQ0{oEO zYMmbI+HAQ}%6Sc&`AAV@tyw>oyNm7PXdl=g!DuqDT`mix$Eju+Jt0V=t`!+UEONvK znld}w^N@ard;C~L)@|gc9CBJ>-{GEfo_$t+eRy{)4~dq!++Yo%*mwt3!&DjEY3TL8=n z5Hcp7SVYv2%Ar3FBK(AW5L0St)weTD$wbvh=kZCvCdSIQ&+0C_)WUW)2#5;`_u8`B zyj~;m1Ki?b_tGxy*ed`GxHlfhjIcJCVHsyK1HwVbq6&l$h|d9wAnDlQo|m!i!LAJW zN*J;mYd+8VF>^ICg?laB8w{wy77E0Q7)1=vVnRuHnHKl54BTV6gN+lsH4Vo&`osV& z?gbbJs>zCMFbL{dW{pDL2JXc*@gk>fp}bmAG;mkA3gN-??+oJUSmWMe3c_j)<2pc2 zCvbE{QHu2{yhAlSY)kzlLAV!p<1`4sy;MTWu(8DhnuL2+h$ysc7_cZ}dI6}C9NSS6 zW3~Z(CB`^cQ;Vib0+8Gqp;EnYkR1cQ!FViWqfhii+e&!nZmYu~>lWi-?ppEv@pxmg z*qF~t+?&p}wl+5xi{d_V9t9@zk1JIi&u4C#C;VX-O{U{s}9%XHd z?O9sl^?3|>8!`@&);5xa8On}vF1I_l?(HqVG12Clwl{63okrfTsr5bpk+E9U$k;`| z4vl^Upm#midsyXH8Y>EGf3lpgEJW(FkqoIOL}AkqMmt^7D}KzLIA99m<|9A6I+7_VV-+iwcxhZ=7D#P+ZI2ll zoxLfm7c6JsdG$l={3H`Q!Imh*cL<4?0T=Leie|I4;Wr?z9|vhH>jX`Pxx@k+2*&p2 zbej5G<19q3StQua76QjZ^dE;*EW&%Ha@3!OF;~Vz%q?Le*|NA`q8jiC^lL0-5E0X{ z4CeV>D^|FUfL_4no3_x45uq9ON3z-Pgw*e+01Q8D#BJhzF&oSPs3Gf;VT7zQSr95= zEqy$J^kAy@KvPb%+Gk8DyF*0-y~`kg;`jqWx!E_2H+)#mw3{*ljx9E`a}bFg{u%A zg#xp5K9w}123WEEIIV}_F!rH{2`mc+;uF&VziK6JYnL!-%1?V~#(n38r4v-VoV^uiF&mKnjNG-bsBY~wMT_^k>_i>6A0Y%&>JFqX>2*|8~mkWHuK zNj_4n7L{(mS0B7D(r7dznl~Dk->1_p(#A$P-_I92+k5tGZWZ^D^KisIv7*aF_XcCW zxE{Hc7Q&J)G5o2vIohW3Y&4v)NvR;PB&O_K7^nR~eCp(~u9;oo8-x*1$RquHC(w^@ zoSmhzUZ?0x2nQs>y#}^=o`8EuPaKVjj^fa=r${4k9PTkzEY5itz53M_t+cx{bZ^^l zPI(n>)2uz{Hb<`Y0NfiAE^H2I3IYOfkFA1mpKU)%6T6HdqM4VJP)ZWEk7H8~0yx~W z04XC`iTT#4W*IFfNb^f@PrrzC8Ee(ExaYIOkT_o3Zz)705lRZB3|XfRv1XOs#tVsU zna3H^xeeX0X3*#N1w|TX%7J&{-fG?Kv5s}}6h<)y!x}?iM?`QR$Fq3=?uoiGFkQZ) zI9uFnwkM1XOGxmVpTpor;&~zP*!h{*#%RV-&YB^(H-WOWKg+ZT0K&2B3soMVxC*`D zLUAxR1@)b+*=*qNnGB?0w7=#NJD z^q_16XOkd{X2StE-OpvsMgB0B_lq$R4Wotvj|s>t*c_#G$1RqX$e<^y!4fcs`Ltli z7E8E094uzi!FGff%r98eMi>!ffFeYE2wKVdWNd_cioQb^z?*vMkZr-O1_4)rFlxh{ z{t)TVS&7^1Dq)q`CUB4B?tpCRm~;&HuoA&NVVTl^^@#DreFlk#vJG9zhFX^pvX!{U zJ28P=8jt5h^TxZlH=pexZEluNFE;k>Z0~ICDXJsq(fAnd5#7rs^xxqgix86ZvT4lK zfpE_@HOj`rd7C{(j=++bvUB__B*>D}CRg;#;_-cOuhC7yQA{Aw3$^pk*;y*>zL?I8 z9X;qxk~SF1ahgRL?tBb!*-&8&5?cJOi;;+I5A{jzuLk*?({HWJA3=h zx&Glm$6s`Y-R2~$+g&$oUjn+qX5MLQ!%vv7Ysd2^lL>nTl=K?+ljT8bQ9Wb>EmExz zh0+Mw)D%Ns-352j)@{3Ku8bO`(EuGNGqbeKDV|8lP|hsjG$Llxe$!^QL&>^L1B`(n zvzfp#S<|%SOu1}I=c$70glj^tsoT4Irlz@a=<^%n>m+XmsV7Yl)6+0qL)`6%1R1|+ zOcopLuZ1=^zPst_gcgwtEt$_48J+zFtG0{~`z+WrpZJ5E4`IrxMm*}Y;(pVgL0J|o z@)U0Mf+maEK^hHHV31d6HH%PGlNG}K+l$38*qH%v@Tp**XvRE@gXu{6FV8Va54Pn!zv82E5}F zdW%%@Tld8Rca%9%vjtAVU=St9Dw72wLVRvEAB>`CA)z6*IaXK^KbX=Ru|kI*JdW^3 zhXNJcMnqvGNyaH;ODwi}h5!uk4sp40ib3-+>!mDr#9SSOd9oN~L`eg@dxE2VqJ5ee zf>At*8{@ISG39MMmNgu=LW^|cv8G9R!-a4Gz{*&{y-~KckmREVitMCWBZ|k2RjL6T zMfp(Hr=so+{B59*jovKlWPX;%an^2t!vbLlfs8;~<8)TyHYQ#f)3eSXkt~-o>^31( zsS*UsFe=<0zaSXqT74+%rX!+uWg0COv-xDISgmkCb@JU-r&GIb!CjX&7JGMg_HJ*N z4{vTA*uQVz_D*pdIgh986f3%%CZl}Dm$FYXdoEDAkUPQy)%OWhfAhiw4x zUOX!+HLB4q4Wvkb;u>30Ub>4XSY5VMJ~o3JDt_FH+F;FsWZosgmkpEh8L z2J?aU4cJ81&!VZ+A)O3{1Lo{-9A``z8T%$S`H?YH22-NdA@et);!ori2a{=xKRN;l zwZMZkjVD%$A|~evc0>f5Vr)oOECP=SZpxxDj7s2a7LC$P3|?Y@6IpXj z=5%Vok+&tmY}jzziom*oZ3VA*SGb5Z*qNEh#GB;Xo05FC%=Ga}2g7EPOy~rrcodD} zQ4WkM>K?Jf8JvU^0*2wRKOD0R&~Adm0%6of>Og!Q{dCFgDk-CHNg~g-yq6DIa6lrZ zZc6xH7!_JHRm#U38*>ZBsy`UB>#j(n2`dwe*-Ww8ke7*HQ;K{y~Ix|j*~ro%kWv9<>3g7Bzt zk3~XMJ*33sYEHx;wmD%L9>YBk*S&in6z&l%2)4Q-uQiJsum?ozcPFgUw)fpJD=ipwhkL`JMfE7x`X{!Jt`qT6WL*0)8x|nlMRW)GW13H~aa_(4Gzw65 zS=;H9Gj#2`xEJOn?sdbqQ^qmXa+@9QIh&5{K;*J1ofkH^F685v{!y{v7^)UyWp=Id z`NZTSEhkTLnqjG|m$(=4dx^ndYfr@HQb{^LFgRH%aBtyo4_>o+0R*$pf*%VF& z9E!^eHuhm*g22&zX`hC=dwe*e6;Ur16_y(2X zOgLdDg9zNqg?qCYdt3m(`h#}DPH;4kqKK(~GMwZV_n1ZbK^|^vIGd@@1N=qa8jlBC zlMy=(qp9pXa1Zt+@MV%t(&lWIgxbXfYzFhZ;kXsq=~S&mo6>m6U9vzeTSIDLn4 zbK(MIX(GsQcR;qBl~yFO#2EbpAO+IheE@{jhq7)qIp(U2CqlN_oROq%@lFc`sy(0Y zvFjG)lY90YAnn^%x;fi>4<9~wX#auYzHo1DanD|0tzx`E|I0pE+$)>HT+Ow;+cq^H zFQ$8hdyc@8n6h(eHj2jCt+t-&o9*X^7WcAbmf@5IiGGA5H`1jhb4=3PWVdxrbaB{X zXTUrkr!4-(!@(wIAp4EjmP&+%?L_)NG7)e_Vp|Q8L`a!m$|MOtG}=b@4oB@R{qL=A zxZN9j?M2d1>j{R@%ny_HjHcM3kz@dRKU^#ptnw>u+Hjs?_jztnJsHdD!}igehKtpS+SjmTt>@tXut_7vfEH6Va#LwKMR+e#4MYGXvBZQAh*Ht4k%BaaExsx za7=d2bIi(b%u3I(yg4C~V`E<}#IV?KOdMr%qMQWR$Gtw1bn=uAh8PU%h`SvTlxvV> z+dBzc_4z?gfEjp_#HKzx!FF$xk>L!l`Nb0>gy$6#CkXPX*oO5t9L%~MLL=c8l#S!< zX%24raf>ZG@h}|^Gp*Yzc!y^fw-Ah@2e-G!(V;C?Kw8c5aWrG~4B|~T_6hmKq}W&G zEZ!c_CU?em9K?BXSvAB$F-^=PcENjOmpKNHfrswUo6q@qNR$%9@CI0)EZWfweu*~V z9iQTO1i-L}x4k{$eMA1SN0`TRsY5m&vZw;Rvoue)_T=oF*cSD~Hs{b5F@N)|KMO`6 z=WLPSk4jaw{EUvxX4JqbWJ~O91P#~<2{tW(Pa)o75%-avbO2}bWSVWy#zaZux$L|_ zNVHEALp&SI1})Yt1&#@k@o+I}I&Lul~d~MF>Qa2^yP9$P^Hch6A%9VA8vtv{Cbhf=`YiqFqJE>c|(?Wr2Z)|AY zVq^Eoot?vnWZ{+b{l5J-I(p>D!9zvM$oXJ{-vkt0&WE$<7GGSC2*zpn%T8dfjg@soTk{Jkq(;#EuziMO;7MP9PS|$;r>Ojv^MfUvW(LYdZJT>> zXGE1zGUJ%ooUvY$6x)~9(Z77>0duJnXtDm&IftQR1Q_Kp5-lR`NcH68Fo^p8a-f4Vvdp?9=ljCS6 z>@iIC5FixtiAhPnN#$X(cQ~?lWNzW4!+CL9HN-+OE%B+5YpG249fK#pLofF?HiiWB zGN1V35bKlwO)}-N0b8g}OgMi43`^5{_l>hrk`D*CoykTr8f7`Mif@o4g!Y&)#*4vV zuVTZ*HaGM;`g9~w2^Qfb#8TfFObAATgqWH7S3(Q?8P>uQCTDE*2|ODQKz8;g3-LBL zF)NdNFy!huoelRcrr>n4Auo0qEpqT2=X##av)0Cjz;T4NkVTu5rsEdjRr1CLn$wqn zIofG~k;Od3Us+5J?3EsROhNeUqe&~vHbyZNA>#AFYzm(kpCsiM-YI)~F^^e%nS_%$ z%K+ULI4lqbETA#b);OJ&?61PuRpO#)S;j`XnY#loC%_jgttG}dE7ASnD@mqv;a6EV zpDSwT(u|1R_V(r$?1Zz$JLhH1t*w0o^tN`N+_w*yJ9_wV`SgKAh0B+?A&lPO=qLqZ@)M& z2j7?&Hjf13Y-}t8zaAs3WT{ai|Wo(nQX$!-hA9s*4>>-h+q0=#l}0R+Pk65?k(qB99KsBAoZkaIGQAjtkz;zl&Bia`Ay^a;GvA| zcKSgM8*NXPSb@{h(LP2-=j0$!JR)8*xR?*e@oW>eWz#`A8Ep|ePrJ!JD4S;oH>QJ} zaA${LS2h_gCel(Y4K0_2S%*mZ%}zOVaFL$6e{%%G=GiftQ}KD<7C|st5Q_$3i^}7{ z!O_&-nP;jY&Wp<>6VOnnnDp`zLjq*Kw+ZpgJC;mzKI|O*Lg6H=bNL^yw~2CW}BFt zsEziiY{E5Zg_3p+&t|1>JIb-}HryQy%K2W>_O{ebNx!-P{q34>mMu25{!rGPY;EJc z7HR9?f&KfpcNDW2@KP~$6FnGDqJxF#HrKn&o?^?2kxueucn7OqtqkJ_Uz>&qbci<{cu%dl#GI&2g5`CI?y0 zv3oFC=iwh{u_GROyF2_~CC3rV(>-hxV)Hqd`_WOhpWHm_9o8aqe{eL|ihBD;ZMzD? zlHN`<$a_1i0JE4jnh{Ek2gE&z`YIi?8{8DX-&k1c@=Y1FV1Tm+_a>4KF{SLaJrfj~ z4wV&KR$h!Z_+K|=p5-pj^92jZWo~Z{()J|V<3QPATh2Of z9+XY#d~lE49_4Npx_9oCXICzILi=#6r= zo!D*AyW0eI+u{RTfml-O1&0_J&hVNYu&j@4z{SaUmTqh_5$2c#v+3TxH_dv3Lr}Jv zAKkMUPH;WDIDPqiv^AHO4)KSxA+}*R9d&Mb(;FS#%1%GLJso!1n+5wsb0#hy+&kwZ ztb<9zs7>WressFXb!U^3urRzApH)LF)T4NM`pJ@@iu;bioB1g1&%=Ftr`UyKmal^8 zVlrYxw(<${vle8JPw-_h&N`j+=#4fei+s*Ti@_q_H(V?xv%T|8He2U8rr!AQk&T`4 z_$WUzhRSRoe(;bnrA&6x&2*IQ>>F)n39b$6p>{{u&JHzFq?hM6b~f|H5c81*4r0Rb zB-_7l7&DWOr*L*L+MXTV*s-)p~L$RFp~5{%d5N-C~)b(0qe&eEWh9AMmInG z^wV#8)AH$4ZgQ(zo^i&_PA~3Hr?cq+c1jdoUd(p(9OjGb5l*RwzwE?lw7IDjX4};M z?SnfvW|L+?;ATNg*}3U_E8nv?_sIJabLz*3;9fUgj1MdTSONq5?=l-jvqh)FDLTsT zo6T{)*z9Jr;lZu#>Gq73o%xa3WNi0fh9g3LxKLy0?Hw4iHJkA7INJy4vxA7sVRCAg zg}2VV8+Qoz1;bOro!C1(Y1>tpUKZ{rdg1L4`(q;ZlLdsOL;QcDA4*4ARv&9Us=Kvi z?V|BE6V%3JI(7Eo0c6wt3!B~5B|VUhBy42OtIC@*Br`9wTWDAS;ag+(A6is)wuf0~ zmT&Wma5B3ZayIHJ@8j6Ed4~T!BZ6duGSQg4F+P@$?33A}+#_b=HlQd%a%7+KB-4J# z|ChM8kB_Rl_QuyfXC^aACNq=CB$*_WnKQ4MWG0!(Op-|;B$HPHNgzNX;Uy9<3cgfO z(29+Uih_uOij^u=Y|&zCuR(%>(weqNxxJvYMN3=I)N*^dx6;zq_R?NSp6@!7Ab9Qb z`ThQSPV$|7&OZBnuf6tKYwvT;m4_{gs(#_2xV;6%4t<70N%lwp7H3aY+=0orkR>Q} z$Iz9Dq5VJ?*gs^AqGwI^pNE{tNq!{b2H zp^+T983^ogRJr{Qz7xQ&8}Hw6*tv~41UDf!T49dQ;qiJP@$vm+0|y+={48HiS()3F zXLn(%dbZo|2IDgoJKUI`c|rE_!{G=Nxa>w_epS2(J?w=jQ{Z=$IsAT?x6Bvt@~(^! zYz(nVf2m8U!hDHZ+QZnVR_O49VhU}g`GI`JUK&;c_Pi2^iw=lS7-OZS2$2u!bvR0k zPzOJxEl^V-EW)`idpPW{VJ21Fjv~eH40@_ci(QJ%QO1Iu+g^(1bJ^XFkUQiyvLMRV zUBA<1j}&DjTg#zNqGd?Mk;?>@th)jh&VQH@a!UhKs+f?iZdU=gw=ZCHxy$^8s8ONA z8FB@S(N3^lIGo190<5E;Cb>>qVIV&ca=QZ-V~O7xLJwlt@Oo_sO~#4w;fA*AFM?jL z9xhj~1SW!sBM^WFT3%Mh!;KH@!h>}M8-UfLI9OQ`jV6a(VWBq^hK!dyf~8f^RKw-y zNl*N@QRVk-H05X^;Ynhf-xcw3 zC0*E*nZx2#@-Q0V=2T&gI-ofG0TV1H<$<6(=y51T-b$D?VS{xQ<|sgC%6Qjc% zVHqvQmaEvyFok0Wk;{d>DO2qBoEArBH7~Yg7f#6u*)n6U4AmNmN8-b_LRV%ONx`V> z@*5#!6vkpP*iiVW@^Ff5!zvC0`EUh!*Q3j=`YTEVw3+0K*c-`5(t&E@Q~1x5pZp7W ziZKQz|NKhwFQ61F{HBoPpAjm((d!7}$w>TV7G^sw;PUt@1A^+GCx`!dZO36#a`~@F z`RuQ<3}Q?^|KZ6m1^X^0j>73P8E6vCIz%Lv|02J>`#gp^IdTnH(S8zDDp+JvwV(BdmJ?j zDpSe=ir1N^m~-8^O28c|@;O}C%Y{7z(5n=)-DR55G<8bI*%A-?&|tyK>I^pNQ>r51 zItrQ&jilrm5!kOx^##;BLA4*a<++tP1UDf!nqmv^)_uj5kB33jxO~@T&o0U>FZX#1 z93E`h%mw#yISVsGiWl=UgpVr@MF|#q943=}%G45Xu~Gz4rm$FvD#gWKKWMdx$t2<_ z_Qb1;BOdn@TtR$tL{T@V3#%L7i-2qYfy zl!eevus$hnlM{LJzB`y~lwd(H?DGb*OyI*|B#vQ&I|?ruu*-+f7YY`a`24IU!DQ%V z2`_mEZ5gb@5smV2;{$sa?Yst(yk8owsjjM;3|kb5^74dwltrf0#H(W!XikKk$TK_{ zvZ4ZdY)$2*m{Y;$np+whCu7$oX3m&Cy{UO3ywB(NRba(%qR4@wNLd^g$r3^H=Eqeh zlLp%k`f;r$6$@8JYOz^qqJoo^nJk5V#32&w;2>Gjn*ren1W5;bC zKSYu|V37Cw^Xr1efij;bRAy0%-8JE8AX*Gfzhqjm-w$hq-<9Wu>g$0%pPA{g#FmmQsJ%8;(4ZUot~XtK>hw!s|p=9*#Ox^$U+cNvS*LPc!?A)E@CgOG-karWU`=ybrN;z7w82uip z!@go~q0a&nm9MNQRvPs99X^)wy-xTl{><*q=BAiucA_fiwPZ#wtFwn&xvsj@AMzD@ zxRHEz4jl3|mxO(MCyL*oms_4&nL}_Ba-(_eWxSQk2Z0**lMNj8`4wAfK}}7t*y$;@ zL*^<8m-xM|teCGPKj4|L>Q35sKy~G=fX8A{8k-}zq-P{8eceE9I7dUu!;J{ zi^Ii`ik$60}0Xud*)pCpY}`@G;$KA4W; zk$BV>_C|_IJOLl%xWZ!3)G0nk&=(4n_#%ODQDvwp9);BGtKr!+=#H0y8+uB7@sfCn zrDjU8r_5jG4;K}?rgbq^J$+_R_uRRivnTEcgP~w; zo@KJg;ZVFXfs15`Ae?dEPbTH}mq$amR+E}qHLbcOFK@Dfla-k)T(B(WuPD2v>Gux8 zAy2?gLcKf=A3n2_MjnRy4y~gUnuW7e!V6sJZc#4cqD{;Z^TZOdRD4<7A?^{6iN~c} zsX(fd;?ivCap|D+W9eU|({iT#pu9=mEN_*cmtT^HV%BLoFEs41dMQJR%i%39?i5oU01s$cZ%Btj+G5FvBMp7x4HY>*ZO`kI{wFt=cV)Gf2O}? zUMTz@&GT?qHSubxy zeIAt`lfNl{Tizr8L_?Zonp-uS9P1o^b`rL1Db6-$*F=4mIM+E}a~^iS?>z1Nv-59C z7F2Es5o&#E)cUMZ)_p;J=DB)Yize!miTdPSs?WegeMqfO$_4r#LVd*e-^c$terEi) zh1ETR$z^}%o@n6z)V?U#7#~WzrxS#sTG4>6jv8Ql%Ct9Hce?*yN#&0V8 zN5+0Mwr}kDkAC;jooD{*%-J))J9FmDM`wO>X7tR5XFfP{>dddt{OZifGru_V-kB4K zp&p}&(J4f~DH$Cf{dDwiAHMd{`H%kdOy%g8K6>E8?$J9&=Z%I(W240%ZvXJf4<8}= z@Zk?Pe)zzLYd`G!u=T^HUw`O1Z~cTQ>#vr-7&fNvL4qnBP9#0)yn~Y;PG0;kch|(- zzo~ad)!(D|MGO4@IPRpIXcf&>V=Vmt7_avW!>zgGTZ^;hw1RG>>%|hfk-m&P?w~Kx zTDqB5(lyBM7P^*J(;9gP#?mrzjToTY#I@q<;yLkc@v`_A@roFde9)@~He<`6Ky^{5$zS#DQIh0E_%AP!ov=e-2Hg(Y)^wK=)rXISA=2I^%poO%E7E>QxO-n%GOHrriXeWJxcG1hUhhC?H z^d^0e-lFf*2ELJLCHfWJDQ>1^Ods6upqa-(AJ@_i^mTfH zcF>FTP1;Q_(YNVa^e^-ZYWQ8+N3YSaFwpgM8*NI`4?O|u833(OqQ1AMd*0kRU9)F( zcC^o&(KfxcrMaoGAyHp9t#;~^nravyu-+8H>J%2{omesCmrL>|OjEQPSrQa#@wE0U zL;n6Djo;JOR?63&rSMpKnMePS0yhar+TjOs}~u#aJdjeX|b(nR)$2s(lXR~`-)91 z{mrEzu_ryP$YCHr z(u~J17pQ*Jq^32L(ln$~(^9SYA|N`0Bn(g~jw zpZTxEH@S+JnrR6AKG9@^vY~{ipUcH%d3b+P(-JIU!wL;4ZUZq4hxL`=?=Q|^l zcd~o<&brAvm!kK3(6TL_mi~$V+gI3z)-6*?L+Dxc-#4W3;l45?`}>z&vx42F*KYDO zqlRcp>h2v%G~*<(bfPg^_C&%6zqB8fxSpF~PVZ3IvueodX-u{@JdlX5<@$NOYLujJ z%aFBci2ARYh&2>$L0phX%O>s^E+D7nnbUiKV&kKGDwKk~%wZOAIfinY&?)|wO}zux z4LSP@20)+JDZK@*p~M0--vUqXwF|hHJm#U|QDlb$9jL}a-98t3GBBz=r1R;OUa3G{ zz`X?zr4>J(##-Dk52Yk8xknpom0nRmlfjV7Lj-3Zeb1Ov!xyY0;9Qxj@BA%eBpy74V8gaiJD)BDF6rr^IbB(HJO# zp1ZS+>rfh!aIWCCen>(+RWI&En=(XQO0VZy&jJrp?6(q-G{ZqJy!t!&bJ+UITJoIMi>lCo*W z5P@V97_QZpie!eO6`a!3y40hXmDWv5_m8hzwrNiyv1wIH|B5LX2b(-I1~z%-_12;@ z)q#Ik!JVAFh1x}XcVlS?%%^dWM{Jz4Cm}Y@TiAO5(wMTbyLXQy8W$iW7#kV@T(CtM z;KmtTuwqmH0w!(BK||tS3<*yi4N0E5Jwi$`45fLlZ5&GXG_rp^``0J^Q`leUX&e$c zqLdB@SxB!AIL!?iLLvo-05Wyqw;zzkM{vKYrgc9YDa(042tlvD=v3Z-kie%R%h`}E z^q2#6)FV>hroz?2)nIlG!&lH-IR6kB7n;O-a$;!f(9R(_@tv;k^nXY0|F+oqZSlRk z4)(nA=38&R`=FUOPwa!U>47@uLmS-AjT_Kp8&f8ZHIByeoIoF`}{i|24mdvY_ z)g!Cr)ts()OS~)O{dd3KbL-tJdv3XVRS&I(yf7f`S|<8DfpVDIpQQRxdvR^b5BV=~#c$3sDt&l#D^ew%b`wRAcRB7y5vRgTREhIA{NhNv#sHion!1&!7MM0jR96Au zyzV$reE|3v+Jyoj??%LH!oB80M6EWW>9uGcV8(f(nFop5QMQf{(JZ*L5U;C^XpV+d zHGAGFqV6H0o(R!ZJBa3Y5%q2*T7Wbc!|g*^uRcn&WHSiG40ID+gM6<7t@i>*dp**7 zV1VdBd-N11GY3}n9y@qsN zNBq|j|8>OQkNEo$e?Q{y-wqrCJ|;R~1rh-2bpYwUv61M_A>b6zK@AWAP>+M_0aW07 zNaOnkpc+73zK`(V-wEso&JewYdv8?$i-9!&;=P6R-a1JzPXGa+13)=OklzT>{J~8y zfb{|h`$Js+@C5KF(T@=JM_s@Q0Ab%&hz?f({Q&YkJPe?mKQ;pi0O|Y~;eLD&Kv|B! z|42130BiYg1 z6hOFNbpYFmeq9S7%~MB!Pl!${0PdZ>19%xgULP0$r1QZVSRQe26y+QJl;|VW(Q_}}#di2FN~^LIOl{v!m807x5A=&S-HfPP>duoD;o zMv4BD00l?@{lGe4Colqx68#qe3XlN$fpx%6V1(#nJzxX25uN*l=nonIW%@%Kuo!^f zd6fN6>j9MO&xrfy?Eu>H6V&080MTDj?!V&x-%bE$0Mzflt$-J(0GferU;tPHtOvFM zyMSTf5O4xG1AIbsK?7I;FHiwA1Kq$1U=Y{}>;m=!M}biQ@&1mw{M`;9+}{rp{R8Rz zqZh#SKTwB%Yy?pDf9wVj_a8@qlfYTv0@45I0UHnis)06OF|Y>M44};};{MnP;0!d5 z0q7<#laMP&Xlx|3=Sk=`13O6QkCRCKm_&Lni45G&*iXXv2?;a8XRaV&!9D9564|39 za_%6J8zGU8Dc)`XkhbF}2?g<7L%;|L5B$BWNcgsrD7uM6u|lF`kVNn-iPCBkWw=+i z4#52|;z!_Lj&ei~l8AMas8~;;a)?AcK%yGuu0h^Ywv(6&w-)!NeL|u>1Q8=bqG2bA zCY(2Sk!a~9(TX&u!*4p`Pd`GU4f)JK8Z!`Y#xCFxa0);gGf~c&UZ57}1`u}UZr}v) zDT#LE-;Q+K2LZ%wN4yRz&;hIm4gyH06Zv-zkeD?BTp%$!0^oY~HUNIJKPEA!pTs=G zotFSs0Jt{~@p~#rT(uK83VcFhz5=uXtALFF?#?GD1 zNZgD2_rqOZOX7ik5)Xb%V&ed?hQvd-ei-MQyGT5;j>My%lGqv{@z^dBk9U*UhV-69 zT3;O@@f6(cgCxF&@K2iogny=u#15SAI7H&>DBIUhka!mPK8rBVA1v=K*h=Dqvm`z=lNb#FwLk|j2y7UmB>;txpoycIyce?s_AaPMzjB>o%z7Z4u2SAdTS@J#VP7f5^x zcMR9#5t68zBzYT2+Vv#qj*yh*CCOkTDPxc%Qw2$x8j>u>NwW5ml>I45xw}cSjgXW# zOj7;;Nd*Ry>>-j0aqT=xlIsL;2Ka;|_sb-C`+-#?`8JZ|2Z~mZ6hJ)aCsIilNx^L- zg$|KadXl8FgCvDVNs8$^!x*hp&7kknX9QnQ()ma``zT30Z6sZV^uRl%`M5tH>CN{72sa<$dI>-p z3%Y>;U=2wN5ocj9fb0hDMjDHe#^MT~nWVn$BrUO%)PEC6%iu0U z+5^CKxL$sUq!qhKx&iTS*a-|l?L|5_A>2(NlD>p8+>A2Zyq=_$NM{xDxpjb~)wsU~ zaiC90w;d$u%K?(sqD*Vo0SLDi>8w2hApD&u&z%tf@$MW1b^%9$Pe}R-()mgUupU5K zUpYn6AkrPI1yH}i{UqI`2awiXD9hb8pbfYKK=`{6{vHE>@b@77do}|||DJ=u3E*Rr z)*-!hcAy!!3D^M~1wJL|-Vgx)dlv(1fXx8n-+K@^L(+W)pcc3Z*Z~{`E|7G;7l8l$ z-2m?0zaGH-`-cI9xgT-Y8-NO60N4f`0zM(>0WZ)EAl?J(0mOS?7(l!S&H$g1^q>_$ z`VS5O+kivBCnRm~0`Q0KDQ!Uf4eJ5K-!KfEB59)rr~n3lZNMSm6OtbC0*LoeH-LB# ztq0IY4tZ{7?H z14#1`#D63NbOVU@$S&YG@F_`;1_1a!x*kCIN6(V9#Ri~Xx1bDLwgdZtlfVU%w%UMd zpcl9U*bST{=`lS3|HoDU+kqp%1(F`O0q}pk7q|o14(ta`0vAYnA_5@J6FUHuX&cJA zts1xqz!=yz0*sRMBmoML0Q!M-z)k@9Jb9j^uiAlTU=^?(I0V4|DfmBC0W1dA0I26v zqa;`TE zHUc|I+LZv1-Y(>^>j-e3q!$zb@n0AOwgE2#NaF>h{lX_Cz1R=n{96W~7FY}n0y}_% zz$xHUl6KpHT3|6S2(AlP@y zE$4!_+)^Ha65Bl9*eXg4f}t*Wg1}r8nA@AU+S4Va=EJ zeb3f8cXodBL)`~2);S8jMR=U4AS;b`8T}k~KgTVD(gr8ra-UZnG zargk)$1fyqM6ESCeY!z52nU{wkuoIdHQ8X5@xo!PSr)P@F9)yN%g-dI-GoQ*&F0rK z@#=qU@5U!eM5a>EfH$@1Uen|W(wHoG###RwzN@RjCmbvq*^u9m*=TOeXf!m+4U*a# zXpnkKZVmSRX2#4HM@B|6W0}}Sub$R(3mra`Y@-c_aG2F!VKbkA{~@*QF7q#sh@gnY zW4f5mqrwyS=zw@kMNEb(9{>8R?pfWIrL)#s9-GzOxdXV$GSK;;<%!wdZ+?B&*TvZD zug}~&^K~5TjCJfqQ=u=r$Dfd{mi1I4W*;E`_-MkKPMroDekv3Lbq4VQa_T7BKYn(v zkvid?+zVg0#}fqz<5WOWPFp5^%xGb!%|xBI*+lOC@$-9eM|I&3_v~KWf_ov6g#g7C;C*09Q93@J#Aw|56h0l+}_}qJa=gjX%PqSMd!5Yn_ zqwmrg)^>c+I;pavOe!jqLFM%#rgMl~U77H>jS}90lIxI}>`lTGFO!Sn4k7R~M43I) z8O+NGy0e$|7tARLwpdCs8zP0VqMT@~AnMC;RCks+<~Z{sB}!`0GP6HDKd9s=`PqiF zd|%Alw$yOzDouf*#gLP3^W_zXYzDhO<_R^IJGA%SC(?|jltpp7KRp-ZA288FeQ?e1pXl2V+;G<+3_)B{konZ-j^t{c%Ohgi ziaKe6X?fiKc!htWM`P<pCeBk+DSbExCA8L3vwgZBz31Z+NwG&~8lr-uzGRNc(k1fZ9Tgc;u zyCE-t(bF11%eN{BSI-@tbWiTZ_^CsK^7w)~x);L>t~zGpa1%z{sNnb&0mKh;R9wIv z;huzhB*Cm9$b6;5mWrQ%o;rQiNGFfefot18zFSQPFYBRBylj>_&B$^%EuA_{d}7E@ zPtNa6qfU679M-2&M>=8lXub>vueAC`xhljWhTcq+zLo~y0JrmKyCIqsRRnavwB=J8a^Q(JCL5KQ}A z@YKaq=gfz}15|1;Z!jLxs_dIx(9Zjx;|HH3p@{|HIA|nZCMs1@aex;XC0%Y+Jl80g zLwL$Wkr7OyOv;VoVM!yn1l}H=lUoNa0!mAnRTyh6&a^q=vm^Ejf37{&TCyfmIL8<- z$qO3#^|{8@^9VWmJYEA>c4icQ{e`7kls! zfU8bNf?bQ~gnM=`l2=`@EzTj~Lbc@phvo(VF|e#kZz5o(X~L{V8`iHqOYUpKwTRyf`5|Jqlj-_}3!)N^xtHr5AfpPm1G(e{Yi zF5~ZvPZv|=bhOJ&2grolp*K2=TwPQft)q@xxEFYwacd>Yj9h=78znO;B-uEIz+5jn zgx-vr@h!vcdM%kv3sMKvk{|xyFv$C|qUuzV%1dw?~(sXU=qF8;WGTE(m$*RP?=(({GQQ zj*djlBT<1_IsA5C?DXNN`E>N{K1L`yeY1du7KX2Qqtnpn-)sn zE$Jw+`i)YzY)X~wm5{?yywm;u>E09wWtDb0)g*UIM!yxo^yn0Uoz*d^U2;P9o|Y(- zrF1RU3)54q=_%={`jnImLkf1a>Rw4F-kdOUEP4?Ls}*}EdO9gQ+ssF~Mw1dBq&@ND z=xbT8MZ3%SS8~2H``veEzr&3-z7)HMZ$)0=1Ec|sV#I0C?TJjV#1w6M0)l@>I;ChS zgUs)|6BQpE3!YZTUL2x$QJow=thISUwtB0}W|nXD&Ya$WH!UX`>kE?OZoYsKTg=Cd z;!9*}69!WonPl;t{H`ovW3E=bB2yT1>HE=ReYc>uac74nxFeiB?1{_?-H5h3H z3VidJP2n|LkYRb?^jbEt$P6I=zN-*B0G;G+_|`!h9mwhuMk8=jB4_XBu|*>-wRoy#EROfgVRun=&zvRRGUt@?fZgORQ)<{1e=T3V`i8mX*Ds%NSGOnp ziJq&Mg_7>lB(3}gx>pXyxPkU1@OgKz!c-Os^juM00$c^$7VQgv0(b1x?;jtUV9vXl zJEfoz6E2*{%s{m%=?1Ki<0~srKvNZXr?P003LZ9+NCzFJ87Tq&#j%(%!#%>p-U(XQ zrWtzDd(y5-g;3ARSWQ?Jk& z2w&NTA7?}n3R*{P4YGCY?q(%-`4 z2NK~`7+Wk{4+C<-R}Or=X^&<=hCYYptO;H`45I5h(f79b;!!lIdK~SWoZ2RLyG`7H z-p_IlTGyp>f#XbwGw=fciA5cf)ajnm5zMQO`t_pJGIpcBxTeKdG^5&G8nZ_O&Q!%% zQaMeDv;?hEpt7rJs*)87m)mAlUe#7>FO1jJ`AWh@d|jt4BR|Jj5UOS#+=4OQi2kXj zKkW;eAt3}OnihSd>ZjaC6N<_x%fx=Zj}~%s3!-1(j_yU*uri@`E>1=hspt#`C#R0p zR379!U1GvLnR>&l_&a^4IulD>^bgF?UI@z}%LKuPfL}YLv#l zd|jTe+)+8d&W#V5Yi4UQ45=U`%mh*&_<|8n>AbWrTaQ+Tcz;q=4^4b!;J!dx!o85_ zK@;m)dek$^Q<;aJ2Z}0ZszRTZ`Kp#jl@=d7Go=eLESap5NlH`7K*;#i{Z&?Nw&79P z1ly2EyGrU2AY7FXSZYQtjzpsn#!f|przR{_mKs|)mSmluvCN;O z@tcx`C1b};_C+i2tX*`&9Lr4atd3Uu&-U!uQy;!#@V3&iwhpn?(cZnVl;M-sHh&e5u0`!EnuErPjvkug#20n;BKKvHF7%d6wrENR}$0sxEWT2?Bk&PElYT7kK2epsMm*ysHX1a9GxPikA3=Urz~SO};FP zR$<{8)0-+c!W~T*xqbT;5e8c+*bHVpl2AaX`eN;)OO%z$bBc_&Y0#tot8%tvjAV(d zEtU*SNbjBNGs8p)mfOeEd+^+;zCLCU??m5;2F-^jSj1(`{27lx6SFvJlqM)sB&iov zicWCp#Htj$&R%=#YIobp4yC5lq4gSD;>FV|9MPFqdChpMa=K`?NXxAil@YV)>iMyS zjefisSe~UX$S#`VEvqchOJ&`2=7eT}9BB}JvsT(qW;_YDdtWK*rEEQ7?hUQ@2)C=9 zTM`Xlz_eNj50wn{Jb@Rsp$YBG-0cxG6BzO+&&f8tD2AKPjvEe=H)p1Aj`;ii>-@4m zOj{hrEiP9sv-U&=0;FsS&dz#3qJ4PM zhH;7YK^@e{snDHZRf6ctoHW^d{*TkrN^6R0i?hR3p6T1B-~0M48R^>Ts~6T=l$q|* zhLS92;@Z~UK2fJM<=3~ks+v5JXvSBsf8*gfvwhR%mYOpQN^4!wYi31mWIAR8{!^f1 zGj%1b8XlS&9-1-}lr9~g#pNocrGv7~53kY-l~hb=AQj3q_oV9{O}mPXFZJhm*nMy~ z*mo{ye*bM27V%hcofd=4#dE{6rt-S!Guz!`uV;z9S;18|_ZL*IUbE`j9><(6-})Ec z=);(j@$BfIq~+l24vJ8tTAXJQ1wg`Li{2F1V4V%S_zB|aorTvoxHw~aHD)t8!F)D9>V(*AT9ElE5K)Flt>kH+0<9a)0H`r zj~@uWdId#pMpX zr`DY9jX6rHm>>0E2mJ!rWECnG(g6ygn=v7Tn93SJM_xUyJZ$DF2dCgD+ME%~$=hP_ZgIG_V6S<$rKe;| z8U&bg^=~s{JAKZq%8VB$rA2fRW?)#=zd(S2zzE?a*<0!Yk*5SoJnZ1;t+-JX!8le2 z6Un6URkVVoS)C2b8vCwpy8E@&+Vr$cIYVk)*;8v(W*R)xy{T!DDrScfVa{jHwyZOJ zW8aN$Y?>`*<5{J-5wp27Bh%63iZ{C|n%oh#Ibn?nx~nLX^jI~>q$OetrNCu>=-jHm zA66G^<(s%`PNa)*M<{ zjQn7OCTJG;#rm7-+AdvQvN@HCxGy(Dh`)@j&k`q6#_kjGnXh-fKKJp*P+ZXA)%28f zt#}ihR!6af1sQ8}1WiAcUWrHvNkUmiUdzg9lTu#MK=a4y9#8Yp)39rqxi7OI;`84w z@q?_fdPV&eZ_a*jHs+D5(H8A$TRg&Tae*gWq<7&pxFwPRn^Btu?)gLAI>7-JN!Y7Bs@YJo1e!;tzq zu&k;wb5^Ig|5df>E(}E-GgBRpWnBbx03#~@)4tIIOHu}d0f`vTD9g>CD2b*)d*e5ods=tgjciRj&hoC z)yWyII*yB2fW&>c>V5SZ>A_W(Rp6?E2q;KR2kwzX6%z7RBbFz?KdjMvxX1B|YyQER zgOvpbiyMW^#|xRsLkv+#i^UO^ZFo(Dh{oj1(?TaH=)ef7_McIgFKE#w`zWBi<`z3ErxO{o^i^wVI$1}Olt*(1aOwc*G za>^w+cXC$dxwpblXi)P-?T+wNrq0O+C)CRKb z_1Ddu|J9r8idvUVoiaOJm+B6d+uH725N*2e;GN$b%AT@(?DtiEja-8zqhNC+AFo?7 zX7=>d+&HJ)qKDFFG+4?z7YE~u8-49}y|A#Uzs_OO%#?LHP4S#NW)J*m`_*#QPhx)pgz|c3mU-b*8*IFB16w!p%#-KFL%hgk zJf!yJC6Ozx^Hf>lF^9|xR$(+fI#2ihvKv;tw_=G2pKCNM)9SUU`fQ_TMdPcl{zP;? z)&8~J2ftLhsASfhojtMVZ^i7=J^pv-6bH#hKJ0n8dWM|3AKz#yqK%$)zk5o0$nEQH4Y$s^Zi%a<#@8_`KboqOG&-%cGfkK2t1X$1@RGMC8MXEvsy$uL%#E`JHS%pg0xcmR*8p64oIP^zuRc6`28EwE@mNY>}o z#c5W7xp_f~Y5=&S2?snfn1u1ENHkQ^l*O!Dr%vEJtQ|b8F=+Wy0Qd|?`t6wxIb|>} zrx6y4d?S{>-o^k0KzbKXC25WqG_E*=TPI&4uA=0QDj55j2E}vjrgeIMaP~dDk?WQ} zy}jzzJzptV=6k;6YV4f7_+OG-x#a#?z02l4_LZxiyR%K7COw~)!tEgNTrD;$f@h`E z0+!XzC&CcY($jP)vXr6Kr)o5*sl&-#VOtQ|pk2E~|D0aZF4W|=!j!}AsUe@R|I^6`%)f&b*MRA# zQNz0jB)y7WluIUmf;R^Z3&{$BQ)sc%sZmVqQ{>%ulZ}T&J^ziwqL3sNCfT>@7#b3%h-fJ(#7@Y-U8K*Hlm76@Yu~}EVv^qU~z;*0(oe)S!wwS z_C9pvb6IeTA1+2d*|W{~25)BOumvBc#m6rTvdtE2Lso;OF%z;>T4Qp%>xBFSV!A}C z!u%7}urZPewevFW95t(}vPqxG5&Jp*jhnpksESi^kxK3`cuRlqFIm1K>}+Y8mU~lv zZGEGw3)DIzbltKZyR^^U)7$GSylUBXWo7-nodsjBVkrF7)!p5Z4_aoXc>(mH#X5N| zUeTb{Xoh9U$}9FMng+Q+yH>&&gv}W>cyDqslsU3bhjAv03t3|~y}0y=Idd>Jb|Ae3 z46kdEUWs@-ky&C!a}~2tP;BPDDq^z22=TK#z?_ax*aPPD3p`h{oAAQJ%|ff&#Ui z1ot>H5xmC=t3;{?Zm0qFGdJXbs{V$P(S(5+k1<8xpleK-Aco|o;>qp{GF4z=|DbPD zG65ffo$6SU48(-Fbdq(b(I)7^RhHxy=y8l%?1za?t#drEP4NL{x z9XZ_C_$V%mHVBc;^Gp^?Iu;&i79PsbO8JagLne<`mj1b2SQ}8=MO6!s7Tn`J-(Y?@ zukN73#|Xg=Zg*l+cOG`m^=sE@Wv$OTnAU0^#QR-%nSd7ucrW%pA06V-B3M#QkS7<* zRB1@ci1#)5Vgp|ts9xOUi(dQHqNbbL1D)N?H{w@%+tqkY&t-S+3-`~xxUONv zeGLniCx0PlNUB`?4DywS=ou z4_s9P0^5fgj^HjP4RzJY#iJBlURC138<3bz&2x0UT`q4MZY#x-Hw&Y9-cwUWMTST@HEJX zcTDwNgeuQXd&SV2Y*Ll?YE$r`cZbB%bY(5?ApC6o$S4(EL0DpsaK@UvZqHTiQPF=p zC~JTzEja()^_Njtx~!M1c58;FLu2+#DU(vPY3uJ`LSusK+aCao{4dNoCy)Gy3nm&V=p!YHZ{EJ zqATF45+MjSDeXmd%IaycHD?pJSP1;t`?=LgxoAPESsX zUpOVI^v~N`V2_evi~6F0u=2j;eFnv?7_Kow?aIi=&**HJ7!>tWi?5nq+9MrYIKTJH z`PmJ#djkGhZS^)G#{M`lKK^0w)K^qTFz@-GC(OtAsNsEI)gbXGdZ0qxLtDX8NChi) z6>L4J;F+v~d#Qp&mI{_k%J^;xH$S>eb#YzH-Gb`?j~Jdt3s^WwjtBH6PDY0_Fyd4n zCT8~GeuR6HCHhQUCl>IC$Y3*BhFTf}4^;z;wR$tUPMcnN&L+@ErPGDl@{cNeYqYmC`VPPTVI;l9#i50o7rA$b5sU$ zgYC;}0}bWw)Y7cEEg6n-ZyvsHX*Af2tBXoI;*L~2>C$1$&9LKJW}bo^gUMM^9f;41 z+o6c)W@ot2hcAGUzX{nzhy4sutse412h?4NhxerLO44|WhCt3(Y|;)(vQ?7t(k&@f z(!(jFed4EV#<;jc8c^*R>p?qz zM81VQ>)MlJOci?37wE(DiBcY0Oec2cnRcE|?L6741W}-_?-p=Bs=G@$29u3ydP=&Z zi3~)+hk%Fk@L^CJn0$7roq#}OS0*uepW|h(kNFIhaAFNRFbxOzL3SNijJsFuU)ou zK$~JHEOYf-ZM$yi3Zt+2OD1RKjFOzHT=Dc+e^!|_Kjg|#P}=5o8(jMaY;s zw3n6cPvmCspnxdPRBl#xF0$|ePNXjHKsi;%6m-+$i4ssbb0!N}Eo7l|2!2|!V&xR? zGt0I#WHuNYNt@ot_VDDkuuFpZ2T2<^EZ`Go6O#j1(#K*o^fcx%u^fwNFPT4op8v-9 z^~;x6EivJHo@oQ-!qv5#o_xA<#hc&x`b^lo-@N(NvEM;#Kwb9Woou`})*~ACxw$uB zLR9Vjswoki0*iv`^rkKjmU4e`D0RP^iD|&d^*6G{f{%@Z)#EGKe2S_<&^*tAR0gLA zmkqM4xWgUcYY5ulEASv@1Tc@Q(<}Z zwTW5CWjO|F5EdJ9vDy&E>TK}b2J>Y~5R1L%-aq%bw*MlIk9{4Nl$_-10~R89hewR5 zFBhwlc=*21=xAtYa4he7u6J3clGc3x%w^bppVF_>%PkMJNJ}65^qT4ipLnM8@YuJ% zcEfKT82ruZIp3H+f6q17AG@KmmR@T}(Hcl6Ycim0fY<1=^us!`>U5NqVbWx1)Cd9W(lIFf z1D|27!K&5b8>c$0746qxKrS-Z8>-(J}ISUXHDvd$m?Tk1?l9sMzbP4lhDgrbEBal9fMSpG~%i>q&|)H z0oL`CtO!-dBLtAgZcms(d3>iRP3noVCqq4cPrs=>gnHOdSA5JXS1i@Kao6yqdSpR2Q^TZTzz zC0#bM`%A@K~@1H(~LhwV{HuEt|TX;OxgFUVu zk#{=t!NU()PRphlpZ;Wq+9od`?ScQp+nd12QJwdqb*g&byQ}wo@1E&ddZsn2Mw%K) zBWXs<%!qv%Bq26|FknC+TWllS8gOi3I}V0mgEwqnzXTj>z+hv9jWBUolmug(04B@L zB{xwX&v6o*YmM&z`>MKUM#f3r@4nyD(xSnW=aU=mEN8hBF7u|K*XdLgQfW|XC zfsjKhqM=&FSAV`ixTdb%Dxbgj_ibYP;x}@152ybOd-Jo?zXz%s)f_NYO9=J3Pod2a zi2dYn8iI?2_@%n&x*8b=xbMG{HSrDPdnwZYrNtCVQ<2F=0oNLCn~l<+1tO6|N!L!> zfKM^E1VZr|n%oagoSIcImiG#|`Ks&6_y zuaK6iIq7?edCN>3W`NP-&?6BOf#|lOrsHz9_SVVgVcPQ%aX@IK z`#C~^D-xQs$AZBHH4sz->catXM?eJ1YH%u+oDaBXqVrN{UYQ2S(^kURK|Zco!@J&6 z012j6?4oG8*NtFtbwGtLz2yb%l0_~ulCO=mhdM4ie32KOtlZz)olLKe&p6`lp^LSG zJyH?>>G0^rIdt`TP=)FX~|hBF*)3x5A~wz^@$3$%e4UnixGxeeCG z_&WR7alqf8H?*_^hPp)3ZY%lcq+((|8J^F~AfE)l@0vGbA5XoEj4+BKho|uQrDRh> zTsJn6vXGGnwp;!J83lPEv9_YKQxL{-l zQ`HzN#+G3`rkxEC@{{i3Cw&NRA%sJPBl&zJvH*xeSGrhCikj|FGIv}rJuIC7Jv6z8V;7 z9(Jr{&n!f@Cn z2Vr;YlYWP^$9FX+`A|Tk@yezI>@h|r_(ZPQ7|F&1QWwb0K~DiAGL-QpxL>k4^Vt`=77}HurYUd$D5-P-G_~z5h5#TF>d6jz9|Vq&5QpJ+j&g z&EP}?lU28$H9_me;awXmR)0ENSX0lR+nDT)wr{_FQ`_oNAV0We=B$!%ru%AYTPbC+ z1uqbO*_r4n*@J#(x@TDo;^2WK#R)>n+vF@>ssK+eZ97?1u6RHm$o z;;R66IqB0#G|ke+1V~E)YJqftxy?aAv}9|#|Ks}M(^CKtepbEaHw z!RHMkWyk9vM(fCfW_e9HpUEDYa@e;hhf%Sd;E9xFW&yR=mYZnbn&mi_ChC!p1@)1V zS+Hlz(9bH$e;D|~X;&cDR@jlwNBo}aT&1Dy{e@9q$yPy2v8-y9ZQBEzMDO;#q{lXCa;f=xnq(qbil5#fZwF7!BZfRhG32Zo!;QwwA0zv9*{z0Mfpq}F z5(IV_5MI|d;Re0rDDyI7rEPPP?TRyFI*1{3FhhtFgNU<{HAdVwHV9!LM%7%{2hE{a zYr&tLWQlT;;cM6_%9e_yQdtN`fJz4=0#3=ubolzP9ByPYnbFM7%ypSNG7n`eneI7P zZ)DrP zbyFcUA#jZqsR7G4NCd{)Q9-2^S~&q=!ibqDlTUsCcnuB0h@kj!+uF{g%@o{FoH?)K z!jE0(LDxk0weIq|tG3t9P8A|sZ?CQoOgQ4M{tL&7-TQ*&RXHdCGZTc;CacS~IMjdc zNG{^v?hn0^a*MibY8$_(r@v0mOh{Yt;CcYFap@*)13Oi`KHq}dgD&A{#jVaclg}i7 zo|KhXT#n1~0&7hu#Uzg5yNUQDf|tCLp2=8vUa_E4#uU0!jRGKvlT!47Zo)Bk1i?46 zC^K~OB||_VD%Vg4lqN5=Dg^}e8kt4P)+csrkw(08tg3pn+0|Be$4Io{ze;}3xA-fY zBUW2e>=<19*MCh8$E$sI+v0Y>AMQn*C%+9^?3K>d2B-XY_#gEv);X^` zkD^MyJc=8rE7Qs@G~_cWe#hM=WkQ}1lY9rGqi+$t!PC52aC1fyjPGb=AVFv@;io6!mk<^pA)_f1y*nUz&Hf4Bgnixyrn^HIUTC}d zqThT`=Oa+AjO3Lj*KGk9MY68Ek3aO}dN!aFr7Psj2Rpkxx6b;Ey9y3Y^+p`FZC2aH zA@MKE?ofxF?SP%A_>(8mT7i{Rwh7}F*+z^Tgcs$6W{05W$*NrLf>|$d0g^&++kDPa zoW32p#Sodw0->hxhz7|z5!6UH)HBvKV0Vy-Yw$7k7-}bBuZ|s!C)g!=OtVMf6U_#7 z$LLWnqAc(^M{3Z#ZzEEJM`&gXMVK~9~7(EL*XUPW#94E~aaCLkRa)a@0Z3-mE zBiROVoi@5on^p#;&t`KJXctf5Rl}M#zHmMAjxO9rNinu(?625mdt8o2jml zL(b=BpE5V?+U0r})zSdxNV=V}eAEg#K$n{cDNnvsn{AO0T`)&d4g$8>Q3flVI`C7o zBi9*f8!Gs0*4uag_i($KubQ`tNO@Hz(wmT7z9#KcHh^CZKnuCPk5n@sMGK&>^Fk&a z%w*D;bZqXr{E@tze=L10eIl(qgxJxvxsyuL+3Z2sux)nFoO!6$-oDV;5$x=Erc-o2 z)^V&u?ig&p2UI)bG^Hx@_34hu+GKh%HR+hNPloSlsPmGca*$0)FY?1OGZIEx^rl58 zja(9v6Pvo7u8`=yX6PL{-PE%nDBSmqx7aO941cX6Khm+Lz`wHk zS>kS=+2AR%dAdoEn;eAzKo@chW^%(aPylsqGLzO8aGvTnW^e7frk!|+jc%QoNeqz| zxMX4^U^7ilg8U|3)*Xe;23mF6wtfnSNK1oC&T|jMTxt7i7_?*x2 zA)RYEObE?6bE!Ec3nwHYHUa*Em+{$O>-Y;N-hXZUrjb5l>eqn}^hyU!WEbKge&b!yejrCp5?{gru^ zltqn`LEL))8s{l36QjtP7!j?ghP#SVBu12QI9i8VL^q32HEC<}?%@JpS&v56(d~oy z7UW+g9NJf?op%!ZeVQ2(m~q0_G*NY&arQ6!~Vf zGPV=lN+S#YK+qpR5tG1;eld-hrDA%{UI=W7#OD2;X>e}X;;{1WFoL4z1=QCqB;27i zVT}bmhDjJpnxR5^Dgrid`Bs`inpc>b$jGD`nUgRuZL3Fyv#hMbyp)_sfAw%`IC@sn zPfDsiTzT@3U4BD9UF-Ipn)zR9K%8eLTM{d#EQ5%@#QyoEVJ&Uh1(%|VQ2Pb1C+PKf zJps?8d(vgG&wI^8agXETA(-OA4H6RdfeS(oMbM6Jj3BZ>aqIhC=~UE`2(F5T+Pol$ z)r)0SHk*|ho2^Og==lk$jNH68fG>U0pKG4%fT$8`SLs0&NqWH3!N?F@APC1f#^$+> z0(egEXj|}{blH%68g33)BL}{VR2$u8P7VQn%HdGCr=Fhkn&-0RdRZI93Ty_xS)qKAqSRiy}I302Y#K#%&zdClgPVd zvS}8Pq=!poJYFW_o+F%#M9L}OzANh!K+?5kwVYAg+v9C1Z+2*VSAL)^VJ%u?h4wL9 zAQSOMf~w0IPPe7DT%_8z+5$E;6HXLVS1i+>YS-FBb{B=JxLj1$3VVI+>0gLHmA`>L zyO(R-!G}X4EZh!!SBUhWZ29eH|jz`n&2{6dPW$R%3IvB(R0o2%D2>S z4Y-Q!sX?#RyVJbxMX~_cDwU6;R}eNe?DsGDoI#&+6nw!cnav9vA!Mn;59o|W zu-_P=gASb*L>I$REvo2h&e2K6+ zJht@MNU!&j@P?`L+8Q7F=qES#TzB1-?d2$9|4>AxBn}a1^DJ z0Qt-f$X?6_UmUzZQ9CTD;7b^p*I?xLDXxQ8^U}|Gh_rYJP!Ze3(8}Ttc99i0j2unJ zBPbt64heD?zlxEG9!8$W=a`4_1YHDqv$Z^af(e^BiwidUpp%)&K4zx)O%w4okVuvW zs0I>|HjI1@YyW#BE#R6_KLeM`Q2|&KyMwn`-hcxMfwJs6;t`j4f~r^1C2RF04lI@h zBR=E)s0cwRi=~6HbPTH8wpcbrFTt?1)sAw#Y1+ka<2x9e#2lgxRu2}^g#~Xg=naC! z;@9y5E~4Z_{k0etDQ1xzQ1n6XbQPuIg4YGD$0gCH9(+ns+wE<|iNXYK>1~ZR-HQq? zuGmC$A~YGCbWJ)Z8BTR51)RbW4NgYE41~f|KbBF|24OA{3=8x3B;~H}aa;+L2YBoq+vwDrY(Ua+#b(K@ z8R+((tyt~*GMC?YbA9~NcYmnsyvHu;+%(J6OahM8*1D+LWAQw$^zptEo66Z z_6606z=UtoiwEMEG)*Wl!5V+SN@}&|XMN8Z&jZfwrAI?y5v;Y%>i)>3fCz++kbGHb zh>`Y9@ylyh_Gh)oZf|$w5B9x#*Og*hiAC*VTTG*)I&dvk1)@RV22^4O@~jP9z)oSyPG}l-FrEca$J0`J zAr%j%QgJ73G73lP#M6T8D%DcFw zBX{lJlP=$I=*P9Eq)lA zjvejk6I*fcw&v}GMM$GlPnHhpy|x5`Ry}qPQdokB+VZQudl3|FpR(;lieW&KJcs=g z$PhYg1J^h?gy4#yZt&CDq^ zrAl%0l`IJqL=hngaMUuWHOAMuY#hIV37}Z-5*ft!o^~O=Y-gTnBWI!8)tgMEzTaL8 zwzt=6?X~u5?6aNKVj=t4DzcEik2qwr#cRn}x*=4V>(!ocSh~-w1}r9LDp^z7>-g&| z+*iE7eV-FS9tfq-^YkM_fC@@prYM=`Up?NkZJa{%Ce@BZ3V2KWco}l|O46gUk$kO! z3RB1>^uk=uxy%+iVrvgu&qqZ+OvaU4!{wA}syTCg+xks`M0+NT#^assA-}~`QcUfg zs%i6fTg{X!iz$Di5IEX3)}~Ha!m~#K?zlhie*hI8vO#&GF%l^q^?H(J8P9-X zTRzZ?KS2P-_gi^=6n}D|bRnZZo_;g_1j&vFWI5;W&*1hzipa80&gMfmff;w2}@$g74WtTw(r3PUJL6HH13~@oEoLqv2WLqX=`z_F5 zT@DT9?0*Oigp*fGKb0>O2SHo5ETpJ{6=~EIm4$2-q*D|3VUMVbOkVMr&0dJdJa${= zfuQn$2L)^1IEBcX=O`HKCvO;uw$KYGc;u(&Q#O!yK(pGC7Js(txF zr;0cH@sPLmhB(WY@I{iYV7R9}k?<@(p=-VhI>;Z&KY)(<=95wlPacp_Bgg>iw}Tkc zIV391hJyHk$RxbsuLB(X1bn_Mj(h}h2wP(Di$@)7-qAMVM!UOEgav;CrJ}<=(78Vu zsPB&j67kSY$c>Qp2l`9ZgSpP+ftaKoXnZp)ykQ}S>#>-(m>ahrbXX30ksQGx7=W5% zZ|x%6Cz{UP)#bMp%KRY-)efiqTK)mE@D_69>Ht)&w z|Af2u&(nVsXdlSB{mv;9^v-MdMK;HJ6Mekz>m%GLR)CG&}I8zcKzsJINpE7FrGL0o!AdulJ;t=5H(gRnv3Q@s2BVr zn47|keJ`U5%@9@iL{+2bdTY1Ap1?It47&oNFIyh@rK0lyPwuZG_OA)H#p>2raLxVd z{i}AYx?dIdo<95T4QM}edfV%-Z{vH|ioWM`4-x4T3l_Qu;Nm;lB(5ovAv;|+ta(0^ zJ@p~@$&boHKFQ(qc&%2i_i;2nhu_18aOpbVUo7Z6;P*H}2dt6@f4xeKvJs8@0D}1l z2l-}Roqdtj2;7I>FGfUPouvY>gqV8bK?xW|6`AO6ns-DUW5htPf}4s2?+@JH*}N|t z1rE=AWc~V&%xryn>(73M7kWN_CT|dLA=$w!J)`B#ES{K2;4#}kfS?S*JZ_GX(b()m z?ho`jCPotn0R{XC(271G+Q#R2z;ymNY9MYkX(R(`s?E9CEZr$JIt$cXWRIciZsz0ITSIV*2Lt-Y3#o(jKw!1+l#8F*@JDAqwe@nnM~dlTA*fHvW#>IT@vWUt&-DDiYM0_W zq4!Lgoqd&?rr_nj&^U#p2wgA!KWUy4(Zkh@+NLX;uKXV~R=M&2%a$u+zpWJu=q2Zj zDPNMy5=uP^tJo=BAw4Kjy}(bb9qErv3w2GaUf?ciR9r581ssIE%?xB9)FTlGAck?N zWGL{8^e2)gSsc(u#4&-0DrDl6t56{koR60(Tr^wdI&naGkRTRCz7Rf&?g6ORp-714 zmb#B4n~B7tmtK3x_vY-G2vyP%D!6w4pA3Kg;?&>#wD5hxC(0N7m8rn_iEYxCpOjKS z0#FPHV=oZqW8^DDmeY6W93nEmkMWqc9+%9u>l7*`$(i1$vL5hyY9O3GUnq36TnUyd zm2!5!x!r#t81#h>MA!KaxW_7qgO0H>aymJ+ofanNrIte#uQJl+yWWZN={ zgns`kVo~ftUpYI)nwu@sjdmy2#A3;QLrxj$!QzB!Tcm5Oy}Uq(R~MI_XPTQ(0)Fwei2;+6U#ONhTR@BJ(I0^+Tm9#S- z&!wlKikdz{rIzH>XO1Bz!}S?whu8KBEc{(wjp`}Jsjzq@?o~QMp>)SZ`HONFrFS}a z+AdOdnm;Fh4sH54iIOdMKwPq-5=)=`$xH0~ISGmT)XTFzoI*>DbvK}CEV;*Yj>4di zGL(M&?aLwAhYWdS6y+RX7KRKDf%yHs<9p@LAjW$m3ZOU>v9P7b5{@SvCW}0dch}jX z36vyDC!;obVa?*Z!ndaJ(1#nh^r*d!4!66bw>Q{xOXI^2HT*pT!->T3Af5u%fral; zHYpa+^>YF07O^u1@eWk|Hp~c33;z&PbwO2}#1^LMf2H}&Hjrhr4}BcA>T(qkccO&+ ze2f4jl6=UTKt^=gM$H81nc`7mL=_w!*_e)Vz4ZiStM@cyC2kYZa0IRxR(B+}STNhb zio6E#1co0Tv6k^ZDp}CyFwtUhVhwn>ipgS9%xGFKb-#JsM}z|0VHWIxDmDK`y?lPJ zrb6zj4BW?jLcGyr6bi*JEBA9uM_QT@Pd|y`y6nj4ryC&e8xB|@#>k$DKBA4_W!(gq zRIR&4ma+=H08}A|;ULGc;WQD_CIB3^d@{d~N+*+BZUcP;I*PU4qVZ`6Pt--QoM_=;)^Sd}F#!&xO2G z`8vJO_2ma~Y4v=`#xc3J`OayG$?rUYi$)mt%vSu$6X@c(brX^U$mL8iEcgfYkseZ$ zRdPfNam`++l|(t0Fid}zt=DA;NAKy~4V%@MVMf*~z)}FX9w*CIlfMUS5uopuzi-n=YEJXq?>sg(k95$ySn-gV0ZXkJ+v zF+RMib4(Aj8EMqlE{hvSamqqR0>#)}rYVcdX=Pmg3W)9N%7=i|tI<(JvkFD2gL}FfwlBmy*H1n=J*eK@fTE`Ns2f zv#{qGw@Ahz1P+j}OC8e4KCsdvCuW`wJT1ElL6KJ%_a}S(rrE%3Fi;=c(O5N%M6#Yt zs$R*s#LZi5jeU*j%^%c zw)N7Q-sbEsH?&iZKWnc6Egr51uDIs3*-vyItVe*+GUmwWk$14@kd z@Tu``PyLcvb=3f@0*IoCfJebtZ3U;Y6!I1Dt8$5JST8;PN0Jl6lijO_ySEHarc#r` zTe^owx+aGwl8Cv;)}r)qo1?gBZ3iZ#QkdGYmX0TrNlfh+O?Kt{{#;iw)k$L~KXX{j zy zN38omMQ1zF60WsfCYRh6TjL-|{Qpjh~?JT9jQV-&C%LC0eUD%vt`OC2jV_))r zDf&hK{HE$IYcP`VCfBYRitHWv1QHfOQQ3~o@t#zN zhp5F24(vog6r#>D#cjxBQss&wau%P~yUnpVM{)Hgo2jyO&aBPl`sXUDH}FsZZq?j5 zpRJ2K>*9vG*i{$x#(W3hlC!88KB*nhCXzxnkyx~vE(GsjJf@M25Q`?^f(mzReMl7_ zM+$9t-pf_y(N7uRMe;rUfkR;yf1m+Af5~hw8mj7TK3+Wu^j)II`rP+@1*t~Q>20=p79e$S2(Q1C1bmmFy{nH#Jh(;hB14B2w@Vb@pv2 zcP4v^p^d9NvGnS52m8-S71ho4b?e=c{Fpx%_XRSwsN3YvCH!ipJ!-KZM!;Q9vHyZ( zYE_%o5eYdr+d`F&RMzJVXX~Y*b5ibFxwy77rurtF;jXe84|p_NG+PR(sc^t%t2nC&SH!EMf7j6kEjYenQFNQ3EuSzaxpG5V$ zPt_45olmKZypJml`ys69mDOpM?&MsSXp2Wi{DGvngnaWQ^>P+SGa(=F#qS4px`m4pk` zlw~xfe`Kv#d&?07>Hl6@TnWALmh&7}I%JC@>?k`Fn`83}gJN*?Z3EZ$iru}U_u<%M zv12jiZUp|^cBNNr_MY#RW7vZ64P&>B-%%AGsEX>Ng=Y${6qJuaHn{C7v)E)l&n$;Q z2cdHT&Q8tFB0#nm2BPIB0Kc~`;SaHEv%Xg$LG7fe0L@-q1|~9hrhUSC28&p-B(;K9 z4f_$g`6|PMmmJ)%;ov2M&2gf-Y0v7_dp1>@ZR=?XfXE|=5qadt+lrNq-AS51+ewi`-MW3}s~(dT-R zl}A2jmQ7!MYbl%&(Tu&o_hmRvLKpXnFmjO@gVFjHnYOLuJH3z)Qc6T@Y&fg!8VmG= z2kZ{pxXCVidajY3w(@9a)a;E1!)32k5t9?EyUri4+3kOlMVZc!%N%rgB4Sv`sa~jg z$*?=@^A_BsyTi^Z_dzEwOZ$L#R=l2I{`?X2ZarVj!~VKj%W?r*g)DI>p(Y#QCUO%T7GPT<1s0+r7neiXehPIVYu2WBCs83;9Q&*yh#h6P`@fBpsRKa20kKO#rCEPYP=LOg~%FctYU8O;}e;28X>!3U(&1LnvB zUf6)aguz6(uI6uU4BfC!*u-OzawC~+lo4aDkLywWwnqQu+p?>Qs#;u?ZH|SuwgUds z?+@VRVtF5Unpc|A+P>}(-w?v>lDr7aK$}Go`jQu+(R*P?g&*h|#KPg!uc(M`P^9|^E{Vm*cmvr-!QW{rIoPh2GB!Xg2NSMR;y0!|`ZaN~& zPfeHZEZtjrxMV72YLPo3efXZrXX?)HJ!%tKIJZ$jzC(Jt`oXaJbn*rxuYnYa8*VrW z@B4Aw;PcPvb(uKel7h*AJnz$!R7Wq$nlnVUcS4o4x~dlP#5{#`D3MAu(48SwDEe0S zv=yV7%Vw%W!Gynu`avc`$>^ZP6ZS^}KHDmb(_yLSt98GloLx8Wa}I)X<9Q1UJO)1n zeN(7Mx&jXr463lep_&F+FG%!OG(110N+OLyg0f6}kKEka?(De_&wz5fE{46RDjk1PD#9a% zwPA*TjP@QQd(J?-U+0XpJRS-kF6oZaPxywje}h9mJ* zJe68VCW6VtuH^MeIhkk+=PXLvtfnTC6NxSHEz-QNJg?5U=G`-BdCsx3aGjwhDrtlf z*pr&2HaW6{qDz2oQ2gFHNfrgx58>Z1Zm~qUo_fVUBLe}h4zd8kaDqPItxN^+O|y0L z?4;Qi%ZA!}y~Xo;GW{Nt+ZMa{8%TTfS%cYldGyA3Z&GwF{z;_jkLS%>L?V`q$0G63 z%$4%9%{&Fz*9m{`$38v>pCi@jN+XB>QFtoCiT%NVUk>;q*p~&x6jT(G-9!&7jqSY` zy}=%)zU4wu16wQ>d@LRId&bPBEmRZ)9X9CxP!psZ#b;(~ODWv1A)TAFV!CV5E=ZAV z)`3NvqJmnM<2KdugYDN`e(r{A=Qp%pQa-W$*_eEt`1Q}kGuE>=ZP~jnZFT(mL8V}3 z{(qbFH&Dd)$`M4t3`y_u{bWzCm)=1&o}`5MM4>BIu;(K{0#_c7NkO~sOA0E#Sb`El zgnh5Q@#Y(EqE*UUr`~wA_a|((MT>LJJ6*2yl)Hs){d+nXT-%?jxFfc>>JR%=izN{7 znGnoYcE%%}U3SZW$?EjDTz18Qh%vLXKzsZn(8&AbrzHn6`TMOlNQYKRnXwWoaN|#S zmLWh|tk&;RmpT(dl}#?ob&}O#btvZROxG*dQ)DJ9=2V7&_K`yko8W^iFKV={g1G&t zYbMh>yJ=&5bx^+6(-vF29hSI|1$!e)UlyBDw*ELcM@Cw!xs3ErQnz7y*Q?W#F<$fI zozzp#&{K-@ zzJ5*hf-ODz>*BM8{&neWRevRU4kC)2U^((uT(4ESmE=gg{~U5m4r2ex((mH^iueEs z1wI$oizgO;gwG*7Dp#-g96ls`{}aaNH}Ln5e{#;;AE|;U zMaY*3e+nWIi6x>$b*}ng*TnV3I}wAf6m#0t#oXJK&$s68ZLRx6EWvY=E9O3?+}4_VGpf>ZOo;r$ zTAJs!ubBG<_D$&5dr114?we5L=VCQXR?LMd*&M+a4Bv!e+~X$n$!(W?U$&!KMIBfcYLyx`VU?lHqA(9118;nraZxDs=ktqj4{jPQqK8cC2 z$>R^W-GRW-P&gP0p;auQ5t+*zM6euL&`t-Tr^6IRu}=qzeLBMCP$-e~9Pr2D2S9ew zxxv?GJAG`5$$j-?{IZ|91Z-j&PAL z-|_8T*gNWtv|gqjW2?n=6x;lcrs8&!M1B%<_Vtrdw4Yq0{gee?qhOdKErS!*f%WkntrOo!4&n@%D)`+xjuLca z%aT3A#%a7{4Ykn&zz@AZmUoOChtDIvfsv!I`5a%Sb8Qoeg>fa~cB!{e5WXeV*IzEJ z>Dr$f*$>Y}+rj;yqWST9pXjR}l-$1Cvi7=N_S=O7p*f=T`|v~kapDxm8>kS4hUl}W zo+m@-Xk+$dFSG$TV&CGZ>h9T7FQQNSe_#o1ieA8UGoIZ0GX14W^~=(QTjA~Eb`%Ib zQzEd2otN$T?QPSFUKF!EQ&@22J^s6|{jJT^Ks#rET=z1atr~RpPMyYy^So|Jo)*H> zqH+3MqOl(`%k5 zdy^-N$+Cz}2~_87(oX$5;s{@Nhko6s|IS$d0;^dO=A zf`T_nou0kqS3nIlZcWWzUZ4!dx3wY6DG+(H&`Tbz%%WZt`SQgP#K*b7K9Ad3LN$3? z*n1%6a`~LLbs_bjPeQnJv(4hOr=HcjiN4%xIHIB?Of;)*EQ5SQ{eXC(H@+aLm&(LK zq>SXf?CjL@IiPTgr&?X_w#)=(AfV^BcvsB@=7yVX@#OC{yWfeSEh0tzFn+q_m(A9A z1`H_<=G8q64>wCcG@kLz<(SnsEo`OMb2|tdx}9OC*MRvy)91?PRZ1Qc9$Wd0xdc1< z+#}MT8gp+e7kTcP>k`cCbN5Qkb+0T}d2ZVo>ym7t&%Igtsj==&gEgKzaK>E14}I<- z>1UXWxCcePsXU0uid3JHr6Rsy$QDAnN!lrI6~Bb7W>oV#2LUr^V~)d&ECimiUD(S3|{ZBW>b>Hc_SBz`HOZysmZN;4^vgk-W$e>T_cHzMRN% zzmNp+*#Mz=fLJVQ&%gIL-Wd)E3L?~qd0*xi4ZrB3U+E-<+)1RQlh|+@MF#F``<*tK ze-LkD{Ek)#Ox#r!A1R2>;wLrw$w7RSqqV+(-=zlu_az&gFmfplI@eHdV4JrN4!zea zwxfi(S0HDYr!k3f;kwqt>aNN{#$!g>EL}P}T;_y1m-ixHGn>~sww#7qg-<=klI9Ogs?TX~%UF&O;*&Y4Vu&8rgZBn~x zsbx{BH@rCI_Z~~F3W{%K$F7=VUda6?m^KX>wCNizOPB)s`rv`nn0q^9c^_*2eM2jzD2p!U0~E#x%41}{ z&^sm)#&F3>inJkYAu>glI359uKz=@Fs)5fbj8ba{d?xl=Gwx7Om?Vz}1TKieTHZ8L zch&_Dh|mGIz+c#|DUpYw5_~6pT=~c-kS-!adR;&Uq2`OQ8jc2!Of5vz2>BRDWFroC zenM?i4;u5rN8+_cG;fq%R@2KcdHIJ4*M|vdhq=zj5K+iMdUKE{ z#Q@QR0Xk~1BN3Rd7t<*cO5^*mV{$$;S0BYRkQP3t_7)rzh65yjV>{8q0+BCVjS=)6 zH8Lnmfv$2b5#jEx^r1Cf8s>Ga>009~j~@#59V&0#xfO-Uqy=(F!XIhb(%n1XRhw~2 zlP;5a^SpP;VuoE06}n;5B;^SR{+gZ^pjRz>mFoTC;naL5&rD)$K9c6BC;L&&R=9$= zt}P7mFkURx-&u+?K(IH5CQz^e5Zd~KWi?&*CFicLj#Pv0L?!Nz`E00BlZ|?EL(^SD z+Z+Yw>aNCEu05XinFh*%RLEJa-j=_9dBN8o?!PKr>Pe((4jiEJ=kyqDw`uC=Z>fpZ%G78Ys!Ig$j)THe%Kcc{~{ zw}-H&HP6+WcjPR6-oBo0o>yNnPqgOkHP$$wG&&GNz|KNbN-m^$30cv1m!h(hL3H%FKg-1{xgy^%J zf{`csjW1$+N6P>O-Nb(FY=GUkk^9ryI3P20Xt<5OgG;~&YK6;ao0;*AOXnVH%q>Anvmwm1+SKhnl($-!cSJwQ50ns4NNt$ z4#}(>t?UrxLZGnc*2fIDcQBko2lnEPLuL z;Yedw)Df;EW2KnOld0#MC9J*Hp>8T*{YlxEZck)0vo{I9egNCbWuV_wdw#XJcVYN^ zKu(1K1J9pFfM%H z-ZAo((F79E`F(&Lp95^674QNWTh;H`+e&ZHEn(#Rd7eN@DYJ?)zB<(3QR_WaDoIox ze+|mxk92fb`}3JZczy^q@|)%HDLk0+bl8K^OlR*#Re+TO`wBobPL{#re^5c643@vu zF7qFi*6%T+%Jdno8f(-szWKM6+YbxtZ<=M?1&{9vuz%1=>Rr&qbbqr>_qXcwcXDVz zO-;+uL4*G4^N8;2^NxVE5`VaEu%G9#w%A&a=)OL0?-qUDg@eO9Z}qbECYYY<^A7DW z==qg{lbEPP*Gj%R-MC&~wCzF@O3luPY|3W}%>}HCtQo`!w%U3a-tt`g8@6dG`>m7QQuTvIRSfZFH%doJ>EenfY zm-If!Q)OwDn0yjxoh(t645S3oG1bP%I%v)~$H?cX@Nj}dci?7cEG2h4VRM6U0_cbl znJ##vhlHyh!ZUCHwo_u{O2|9{Z9tCsoTxmN@q(s@GFVuHdw|1*3e3bu{Bsl|Pcfqy zxxoZzz}wm+5XMf1Zcgwv5l2+$C09&K@klC|N(bjU=A{1KIagma6B~_9#jcCp5jzsI z#0vRTda7eS*gfx`sLbo7fvI#v1LkJbN}zcAS5Kbg#H}Hcvd*OHzky5$IWa9SQ3<~Q z)MC6Me3Mk;v=ESl@rE9VBBLB*ZNu*MmG$*xY4bH3i-Q5#np zi>{45DRX=zb5RcqjMRok1~z{$Vs-sbe63OIoUBS zTk|XC5svBejzCeNdDrH%JTJFm9^sfiZ?7@$+xBiuTP(MGu(%?-es#Q zJg>2Az3q&P`n*HuHD#;(Doj+Y9aFNE)IPTED6s9+kn2&A$lqF!c5B+P=!vKt)m(wi z(XaZB*-oGW6P?(;DrJ3l`tJ29=&0y}x>d;Jcjm9l-;p=vb11_8)ll})yy>g%ywnYV zIK`FGdtaLEC8-;{AHk~hA1%i@5UZImgvfT;@XvCwOT_bB?+hk=;e-<*AK}Es%TErf zi0--73m*__vCylyX4%R2DB1^F{^>X5OXPOgO$t(%*h+R2W-y%w@?k^)JTR6DsY7~I zCz2G)S>mgt^pr`WBLpK{#mKT8pJN)3n@uf@*@YdVPoI|%0;q^&yW6#Vd*7RHC2KCIJ02;D)K_2CX`l!U(0csHNL%Z*9F z%$OFklJ=JDOm&!IZF3H*8aBB?Qay$Uk?zi9EoCZZ=0idMba5VGR}j;FfM8Ahhp`Gs z`#iArd5+wS=om`|3_!&)o@XF#YtTc*IDLXF8hTzuT9}h)GRNi&>au{wxfKzXN2wU{ zx>|SdKr}b;!I`mIS7X5GUPSzih*vu|_r@=y7kTk?SnQlg*Hai*hq+}y<~O^}eH(-h?y zq==4lm>S;U5gY;|H-m)Ez~O5c-_yKU26+TY6Hw==gehyED|vJJsz$n4~qy2XiiZv=xAcz?U)Jbg`l}^v0nYu zh?#v~b4Uxs$i%Pf++^d2VPwGC&$f}KeIK2kR+fSOo84=ATqyp0{!%UI6?LGMZ~0EU zrtGH0dzWfK1CES(ex!ry&*u<&s_^r?y)=LaB%8aZ1ib9HGF=Cy7=rtiJ(#ciEGMsA7QSpf8T?jU|M~K{!ME>sNCILQ|v|uR6Qo()kHhT1dxkg_iNFb zGxEvinqoI}W?J*+#yZxmNnIv*a-1HQZ-qUqie5~2QBRl?+87>PA)7s#X$xlBI?|c8 z&Qx0*cX2e{7L2#W+uG_qUXSgTU~#OY^FS({YQx`5VJy2YvkrmZaXkRwjptu#hWF^o z9wKd!l1RzghOb|b3Glr^MaG&DR8*y=rH5H9OzQh7Fr*a=fRt_OtVACFTU{wX3L-fC zK}X1Li{=M9icyE(YQzCt|C6hBdSlV>gSyM#WD9xB=n?BcR;M!JEF=@XL73}1&+q!9 zAB(f^+j9RSPl=y2UH;gYOR+E1f3AT{hbNzuG(b8adlZCP8wEt`)E?5lpczUC!9BnvN>!X$NlFvv7Q2-nfxN#cgvuS zR_RE~zxIhz!Q=)N*QsMur>QU<-Kf)1T|N?X<)UPRT-KD2^fk#Qt*^Nk5m}5&;?`1y z*Q~a1N!Ndf=Id)3GMCs_uJW4fSp%=p*F4x&;YXKT&VyDT9v8=Q1(hwCq{3^OK#7`VWE;C0$H;ay8o8%rjU=pg3fH8-4VHf* zWHMt5nv*Q^PQoxJnX;%X0Lfc0#=Wf#1Dkrt^qfg2sg-py96_1Ag=8+6%;luyP-D(B zm`F~w=Tv(t{?TltHm{P9qj!9R5qR|ETL>a2U4-gxLmYkMMWd_r5NRmL*=S{-trU0O zxAhy9*Ba%p^WWYA&S48r7%kvFN-f~RpZ9%U-5r_qO@kyS+k3AMql&Ny*f|3a&Ya^ny`z_fOg*to>r0$Jt;+X*@XL5 z017E!OIr;HDi%_=*pVg;i5KIjzU%n zQM=ybOp2*14022m%x;txMaDSALUT+N(ydlF^ATGxJidi{E-g z+^;VF2q`k^;yOXJu}v(U8)ajdPBfG4joi1?Qyc z_Ih2bPuG?DNIEt@GB)q`n};$ZGh4X5B)R~BLv=%=dminLUZNo6=g@vxx8xq@Eir7k zj7hqgj3u};y8*tx9H85EjciSFiC*^GdIVbh#kkq$buO0<5KC@N*c+4e=vB)rO8miZ zZyY#nPlU}Lzq(v(FgZ;~w(nX0iRJYqi1+BQOte~u<()13_z(ni!Vm8X{8-JjT8HJG zh919fc#vV4Yr|m8gQtH1T1|Yao$+|D^rI$zRNH0nJ}W5^I?i!_KeB6~T0Y_NUZ@@< z^Br8(p9xRPzNVc{Uz6~d*90EFWUTq=_90$#iKoz-=P(}gnqv1(ea#2@$9c_O1CRAJ z36J$PFO`~cPIpzi-e=A2jK}(#mm+kTuJi6y!)L5HF8@qE-dghnT&idwPciTh9qlS( zRopoCNWX8=ooGF)_*3Z*FppOJa<6{pe3h+uuYc$LtQq@x)VTL6JU+8?T3D81!^p2W*k9=i`gcQ&urW;<&41nnM=J*tic#=;IIbO36bKN37(K@DvDHG9WAWA=46 zgw*Omo-5>O-?3xhS;vs6znlQ+g)2aY&?Dp3mwORvyHw$l+m=$3Nu(a)KNWdsAR($j z;hyrlTl`yY+r4e^nQgmo!(nuHRE$M;e=W86OiJFd>D0f7b&KDZotyUT*|Yf8t+#^4 z(%#g;k#b=5?FUoeC0tNAy zHi!ZyvKb9xb9sv;pQoDMC@*9-ONIO-N_#{m!;`srr$;zUR;wjFFQIqqv>DlwdM889 z^h22fl%C~m0@{uq+iH3E@4slaJltW>1oU2~SgQ_(x0_G@g8^^*qfUvP-^PNK)-(WDeiN>VbFT<3GE@;WglQ7pvht8YHP1j~44Z!)*w z{Gs>f1^>4D5of|@@q1TjfG`Bf3#YbN{2sH%w}NilTo#Z8Nk-hmIQOAUf=*9pmF!&E znTRWML6;p}TlA0tDpl4Vk4Ub`!rdt+nzc|*QR+H5%8nsaxzcN4pl!oR)E1#sy$Gk% zld}37*Ssu$!7|PIlxn+e_BLnIyG(!mveD4dP?@}FV0-F4Tfn`Hzbm<=29^dKd<0n} z25dp!5XLjR(c)VE%yfL^T11Le)`G20n`jZRqN`?$mh{xAlO}b~L=FkTF+Fqi?u3kw zBl>N`F|Nb2<=;kLN~dt@^T038mfyzvn1}bbNx$azqtM|VV!DeuC(z;cO3xbC`u{}Z z4pc)6CYtcYeK~)R{WG(e3qJN89lnkR!#4l4@U`#&vd%xr3%LI-T2q`r9HYS>ZaZ2? z1SEq$Y{fkE!Nk1n#=J+G^S*F27nAJ9Jm7%x8LnT5^>FPUkYVJ}?_J)7+J+YS-}QUP zD(|sAia;9DM^FDR<6g#X7K9iH#oD|ViFzzPt$YW+4Fe!}$WyQB_wwOjz=?bDs|Nps z%qrgFd*L;4FAp}a@#&);T2<$DF3dyE#^!qBM9#S5Lr3GZBB7{3cTk`33CyGQEaH_* zAC(-Bi_h}~8hA|C_G{Md_}auPkoz4+15M4YwT`;%x-OOOUHoHO>5pt4z9{Sut@BiK z9po@wDh*(c&Ldoa5jV-NDot4_n9WLdo0QGRkhF9( z8VN=t(MT>k21oGMzm39-O@7>h1c0{v$<|FZvw`VkcB@1 zY8+yi7+V9F_ghBWz6SK*H(%`46FLvKz?N0M-0~vyqXNY^A&gQXPPHLl?u=DOdpuQJ z)Dreo^Ge2A7y9qM_nrY6 zU`)@#fF-FS-KY7>KHB^ep=XI6#L*=k!9;y~My zIN+@2?#Wi7QpDsf&ZlqizauY9$EsUX_-5 zXs>98x_n;-#4)1>Dta3(bw))4gSE}=sT7@hbM0oo!&ax%Wt)U80Uqi(2V@KCW!%1p zWB5rwy6HD^4#;jZ$+jTfAAFCYLtb`72gaPHE1##t+uo_!^gTKZ(vcna=5J?#$}6_=a$huaPMt_DQcX zPV~LsxbK|?eLpfX%r(Y2I){IsdS?DT-}kxteFyY4?-=aoy0uL^g1#o%CiFG;qH2zA zL;ujoT3&OsMUQFCciA?fuesM)bMN3Vuc`mKz;&*d&qKc8wD`!v7IJHD0*-P(@J8}j zg0^Brx(Mj&Ixbih7|> zC?1kNAP-MBji7`W+1J@cBbMh8?_)&!H(XbH6hGBQDb#Ibq;4atH0;)_2y?!|eteF0 z!t{dAqf`VdN`Y|PKqx{-<|wLvZZ(q~&P*;_a~-P<^iMeKzFQP!A|4yv-;v)xu|pd0 z4P*zj0n@(ln`n!Wh z^8Y>0cg~rafVNrAd%pcU@B6&Z`>ekwRfz;@xj<&a4QjleMxD=iWM=xLvxmLd!|0@w9K8a(3teUlcmS2-@rlacWH zW3}9|$!*DPA}ISg)sBn0=%UfC#x%$Z=}o|QizFAPdAtMDv;9Mh4XtkMS&mx7xVNjv z!r*ZcNh>_+uz&paVSj6I2==<7a_p*Me(NH$M#EoUKEejSrGFgQ_b4VC_zz0YM(X25 z>zhW`nsVrZCN3}g9~Ps{uj>lQ4jR`7z(2kPSu8EwtgcH^SgI{)a&Jl>O+AwObm~${ zC#1xb>{22DO9DP_N%l&puWmtA6De!=MiOK4Sn`N;giI0_And$~+;uGKjaQy(Ni$@a zpuT(t7*aimM}{O$CN-Gz-)g477(kXb>06#3eb@@C{pFoxidg+0{t@)6*^9q#@tQ7A zp>-6U(gCbk_+2-EUa7WjT{xkxF~T9c$!dd%Fga-+zXd; zJpP@;4--F4$O+&W#)U*Odm=T3Xr?o&6LoegU5mhFvpM}C$hRYnS6*!pu=;Mq2Y z^Uv@v{~h_o2-kXxvb-X&&EFKjYVcWax~y2QW7z%{ajUkJLwUz#C45aDUavlnHSk-! zUJjtE$e+2;T8DaU76XZ^VD-zzrL4XsObVm0v z*^xj-63S)4IileP=?!w!_MlVmRGcW;i#ep#Xb$>XwVA0jGne?9a}NP(0Ahd3T}sGX z08&;iB4(_G*U46~HZc&)a0@Gp>QOA$X-@sQ>oLPy)M{Rw46dlwOtO)dcSiQqK^kk} zu<+H^Snq7)IG2pGRhTX)25S$;KthOx{B{`TAF@+!9cgf^)_S6f&OJ#!*6#Tb=bX`* zJKvP|rp0wptd4fihg$IkTQ7?z)83QhW4Sdn&+o||p3Zv`E{S%}8-#D-p0;mD;>H5y+_6xM^Z0(tF>m4xpm92Dq?cmZa8~DD zBx`H;x>5K6?!^&J_j6L7WX>Q$jgt5}vNqlKVV*nMd)|0UD+cNa2fsZ92BV5U%wl1D(RECtT&g-8f4j( z%dQFd{U?21FZ~P8yN0r(xpcs*Gh{~nqrTC^f^D*2Xc{2;Jbxal7%8Yo>jGU~SSHL@ z&qMYhJPfUx;l*>ry!p?vf7X!J0%SUE>=zLx-NLr{bSzwNu>{Z+Ca)^W9>1rE#n@J~EY9 zqYii14B7Ql)v3yq*D^oqJE~zHX0?^Hcrpb6ats^=}c8Yfe2$%F{tj7-XJs$zOx~6;GAM~?5ec7)B6R{L!eNMBdKN8gL`8Kbc?dfej zR=X$p6ZoF6<9@t#&-q}S@7Z}zU?WoPUW#Ahdy3aX1*Bhpoj1()^LB{Ka%`PTfby^6tQbG|s&FOev zT9?z58j7l(F1PzsOz_48Ar_3s+%7?<4+f?w*Jp+y3D1I2KsRbdaA2_|YcaUOWwjA$ z{uh9Y^Zc92A--cp2B$QzsubeV+7;=UydLE+m!aF@_o1^Odp!5C?J-8oa zN1Uh0JkQaGnyaQPgrLF+-U*_VQu!d8H-+=g-V_kY}JZ+RsBe$ge z^<8z`Pxz@cCH|vq0B-NWQ#!H|ut0|vCi^odNe{=D*BHPPU)X3sJIF+UmQ4h-t$MLU z>GTAJCCdh&{OSNpiWhn1737C8=u-0)DuB~jT}VMdjtY<-uhxnUKH4fah;eD*w8E$M z5X<;~FI_MGi*!No2_-ckCCzv#M6+5@;n!%VdQ$d35%8#s<(C2J{lbgq2-*(_$rRE# z(A2~#q`?3`O}r-F9kI)6#3agNc&+k!^A72Hcf8Xv2Ar<%nvW!p|p0=E^FX$EeqQ|4k7hf(zl6;<9JdyJ}+QF)E z$+!aWOMI-2?$vG^ZFn!~^KCer8lrj{6>Gp;{`(<8#C%M&wt3AY+n$UCrPy z+-x<&h+)R?GlR|`O7d&yErSF!OI6pZt9d5;N+S#%5m37TRzBZA$rJ(;UYU@)IyMrT z3Xn^P@Za_E!tebA|E2FeQ2FTi(eg)^*IJTgwY7Gzj58}p>3DU2LjNTo2neWdzAlm(p!(Y{sm~-V}JV4U-A!~qy ziq18ftU&#u$qM5@jMUb3(d%Yeq2q^Z$qLjjnyfJ1TG#jIvn(rUzf`;g$CmgCj1Ik5L*-;9V3?i-#-;-t_x+~@FMa|R1pXpcP*reu#hJX!tkyPg|9N4VyEg zLmTp*a#!9VJ~ucwSB;Er7ztkZLnYtU<;BcBg7JD0zbhde{yK89v5bHZ@XRNEz}5?V zdFdo2`XB_0?HXu*rRFdsQD;Pq=wo3aV6%FkpgN#mN(C@4OtEiA4%(bgnlMJ}@IsWQ zsQd;ag_WUNrD)`mzPdj0AYYHw%V&=G6bPW>*+Sk-5 zM&FuzLdZX%_mtvKS|d+79Qw?Y!FL*-)C1ABRcDl3fzLm65yj+Jv&a@Pd&pXjpr%g9 z8D}*P0Mw;r9qH@+Xzhx-CJd>up^Dwttt3hztG{bFzi#;Vy)~yPmMV9Pf2Q8FF~1H| zCm%7JlvvIe>o0{S-)%NV+=YB!ihN0+g)f4}|B-2Yjhf}qd7}c1LgBQ-tmoKZt|qEC zDULhz-!>hjA`SQvSO^Jm;pGd+*abhJ`k@(w3F3{v=%}w9OMOof4-Yu+qmaIgPti1ix{VK;1?;OA`FRLr-cwY5Oaug&cd4Ko3`Nrf8+5WGV{@LV)K9! zg#kc`bK$+0R96~b6kO0nW`iSLl-dYU0_P;i?}CtSPCLVGc|b9789#%04u%OW5+QNr zU2f4qt0A8ED`HaoT-<gAzZpn^A$A1{Vp9nxmF_ieYa$kbn?eaE6kjR=({nDItfyQzI%COX zAZ)Xhzh;jl!)}zIFJMfm&gdHPdl=Is#`J~LNJC^a{3MMadKB&JCkaOrN$ij)VAKha zxhKHbnh4sWd5E2;u0h{$0nU33vG#nyOXPQh5s1rNa*J*FI^Ix6Fn0qa2l;7${5-3b zB8Ef>`cTBueAM)a>C-0J)cr&#|Agxap_WZO>GFE@r6=QuY)|SLQlFyq;i0FIAQzZs zwQtQsu&U0tRy`N+EPsOmL6#vzu;>_(9@Q%D0A#1{b2)w`B8nE6GyG z(w?H-ZcNdxinL_}Q&hwZv<7k!lTnFgz43vr(Byq4o}~S`D$5}oF8!PMfcUT!5bwD3 z^`-CezWcCFZx!DI9Pp2H_BF8Y?R1{-{?5JvuDzM}eW0^%0O#FH*NO)_`)WAvVcvJB zvu_&v-YdQr=e@JD?>b!jM||F$oqg+Z-U7ehU7dYvpg-Kl`wnaSKqFf&{apMxmhGTvE_gqovo)`_N>meyGA2k2|C}Sm;OzD8~E`u?l+Ws=mj5W;d(Fdal-X} zKlXQU!8^z4`upB|y?9p}7o3l;#09^V?%z3nqG|(} zi{~F&@&4}zpICnXd-(eH@k4z5o8PZ}{DJoU#e=Qq-@WSk(>Q)&)${l9@prbKPrr|k zcYfdDRmZ=81?sb_u7|N5{c~sg{rULH_t*NbeH^`p>sP-24Xdtypnd<&`yW_!{7C0` zyZ=`ohXn`s|BjFs--+vJ{8t};6vyAa>iwC1#KSAz|J|$lpZd|*IZp4#*LU7e`+e=} z>HW0h?e|-K{8OFdtLdYC{URSn|A=?B-hajQn3K1_hj0))B8OO+FP|2Au|#{o+j~g) z?IHVro!0sytp->y&~kbbZ$p~P((=;4LcJvsBw-B+QC=nrtTQn-0)c5G0N_}l zc`Q|yj|B#RfAqTQ!zz?tjL$k2oz_K|Cl}@FqJRn)6x7E5X|=w17NzD8BJn1%4N$Uy z{$7n^wTiE3X-jO{*2)Di1c|1Re6UA#iLU&buIg~W5}xiK-aQm?rg}Huu>Puj#p!qC zYSTk`OK?2dobCzqiob|BY(ZPsWKYy?-{No;H|}54JAe3=9rgXYH{89axwNC_ira@H z-tNiW<$ka-;v*I?xZ7a+Gsy5(Le3jNox)#2Uo#5Z)d~txo#aAP2gUn=hAEg)p6aC0 zfRI|vdWI^Az$P{8{jA>Z`^x?^ z(y8CPD*fnUO-|FZFZ~+Nem|Za5N)RgpC%DNSbk1jhtW}-NtXy5C=`+gUNAm(V;r1y z46bt!Bj&6_8u$YgZFBBJX&eixDT`Yy@H=jWrihelZeLRikO3@%xX?luS{TjLBFdI; z;g`ElqNnxWLIIBuYmJ&BY%g8x=3EqP)Q9XE< z55uT08x29H=ZI@mK7!iTAP?%Avke0GZ2eInNWcUF*{-wm*||ooeFA4-lR+|t3>#=Z zh;k%Q^|&m4Y1_v(i8pwbx|Q)S%!X@)sL?L|(6jW%_ISD=R%icc_w0tNzPYRC`l}{9 zgR_~*=^YqrSa%Voa28{In#cNX#P3gwvyik=;~uFpvec<@e@=_?z=H>*X%FyE#982+ z0KcGR1CR_NjK8?&Th$raix~ZXmz{zl>^dzd&%T z8SKc2nlp(H=QnQLT$H}_o4@Vay>nYKI*Q*b3pWd&lI|A2fjIIAYB8KUEsSA0!#cXv zPcb!sH{qxqi2K|ErGoW5(s@-g4Y>lE0X@D!b$!sHY&xicW&SbZFW@U^U*a6(3YpnT z#D@qdL#={RfTIWd8O7kZqIFqk4IR%Q_KeqS-+iByMEkzB}Sc+;Mr_LOQB$V?zMT?2r-tnm(3Bw184WI+ST7@wkn^RbVPPV&rlny#lgh;k z0vUqXgaTYfJ69a@C8;7aNA(MA7^$+~D{w9XY_w$D;* zd@I;Es9@$TcQGcYSZ0?)+xh@#PQ)+;P_m7B+xRnEx^KEK9`G3bDA5>q8}3`NBU6pL z3_h>EEmRINL)eLuEaY4<6ZL{xS&2o<&Tul!(8`DQOe@~xHAc!KhNY4d#_iH0 z^weiD83CQ(Mf0c*jx7YB*mXkf3}v#PS1z7E1CDi$4KvR-&OO!Ss)KFjMO{Rp81%nD z>FWGHApX;xo{wJrL(k8znVdZA`S>+I_WbgiN%31V@0~dje>;DIZw#UC_#q%b4Tzt< z^p{JQ@aq$HwY7ius{JXuiuL}^OFxsYL@hcew1Nwi1;Um9Gfl1}6gguM9|i@+00Vvd zWLON+bPJNU2x0;PESay&w4$5n18F0#t1k3{Nx|uY5;o~%-<<%0e&ZXshc%bDlNox1 z89HD%p{~o>gij6=c6XRDt-};=8Kz%o44CBR+S z)>YlPeM=r~ZRhrBd$iHhh}r`vRMPq8+VS;w^zFTJwn*)DSIu4@?H^c^%B<^egkt^u z_%__%L$pY~Q2C3PmwAXXq(@A#+$FP*^at24qvv~sZ=9-7?*SeTc#r5%mZ#9gXn&>7 zp*uaaqqm|f0hLP3nUbc!v;g50b(QOhEgPv!HcdK7PuqV#k(dh#hn z=j$#{=T4-jLeWLvjOBg0Re5E|o1@u_440MuR?3)13C3mbD@aw#rE61a3aJ4F&a2bB zPkNfkovIZK<=^(rN--p>xmwPtr6zl7W4%hwl!~OPNsrO`Rrgo7uk_ZMu4_B6YBa;G zrp-FDCtZ(Mwk>^qh38i5V+nnUwe!p9V~P9r$LL!Z^vXXc%pCX)(W&U&*VP-ywvDt^ zkS~2$l4dd}I-REkmsh|QE;*lzC?GuBaYz|;S(QI1%W_{Kn<-|B#ZyhUx9N5_tG&%) z#;prfE7OI=>{KMa7?^PiMnEPR9@G%^&J$Y2Z|PHnVa>gIR=Ei21pWE!P&+z9qf21y zkm1N!Whi3L!0+nQnH7md@7}*8{fE8!zb;ELl5EP4epm0dX;?ykqJNRMt@XEVWSOSL zFB46-_D`p)&r}G29pzREfZ{_Xaf2Zw(*nWrfO&kyXlDBdG+xd9-$F#i%$FJf0Mfmva zr6uIdKZWz7zoFw_#xHnX9+v##9kF|`{deNy;z_wr@(Ul~?f-)9=jgcbe%}57&VQD- zKfv36h~s}t=Zgn<`(rr%3*J7&+h4=>1$h9+-^tr&QN7Z{$M59r&*S+2JT zqBw6KT?_kD`#dksJH-1Ab@tViSWm&$;p=>wBoVZ4s8(2mx4`cOl?dW0Vh7H$4;{-PoGjv( zW=H#F(@%d&Yx$*rgs=G1m!1XpjHx!W$@y8qWzu6VyQse2xmSP_gNSeG+xz(V?ZSQHof2qVxXrO1_kXYOx1bZsM~0mQ+ndCuG$S6v z@jLl^Z0p8(`!3$ziR<_9_4n}ggt{>+eHXO6fTCv9jfk5R?vuu)0j#BX2G-KsgjWT6 z7Os^_ydT$M|2?h!W0x+9f5P|pBs3G;1M<%7rGEwnlL zp5(qfNzV)-3EMeKfY4tUSDf4yBtyghsFg*rk@AWkJE8WLjyY@5 z2t{@m0i_TTlgOOarLbm;A+Hz`!eR&r+>0UaY%;cJ5#$HM1~@(t299TpA|_ctv0s1- zU_zW7nL9gICJ7Ru;FQ+Jp}noxUIOBKrcBE-`-EDK%JxEykg3a16v(9oAE-X@AH=uNF;)k^YEo#gV4V%*wF85L`4k`QTjz6LEiM$ zA^P-@%F;_xALH@D!Go5=d(d;p^Fo6{|1BU4b0b3em-fKugApLI_KdL2$mJ0TC>?s z+ACgr#jaG6m3l?4tgST`io%gR?o9mxmU_9 zV;c=4ifgxG50|G@>zk;-){`Gan^LeOT{fr0}dljc<=1jNc#sVB8Sz^2k;$#Dq?vH}91y8yO54a%l~Daw9FQ;TTJb14Y_`pT z0)^AP#cS$g+_zoJoJu^0PWy_at4xCdbtOHIPy4dgrGIpIqdgnIr*0f3K83a5TF~|F z;7I`?Cpy$@f*41HSWAR{dYDu$j$sH>%z}?d7=6nm$$gD3<87SAeeSg)zCmy+ZV6Z_ zSO82I6e!Xh!~pZbOGL|UGXiLr$)0E!DdQXgaz?e{Rwf#>*gS~+jA|ohB^VS#(jfDW zDw4|#g-kXOIH}oVOt|6>*jJT2RV=6K$)nlef?^%ZBp1MS$+OBNef})v7@{(=W~p?)$${t8(Kq|nXnQaF45r<1s-OI z@n&d}XJ}Gqh;$iQI!&9L)*7IBAE1R34u7`Wu&4t24ZHR!kct=xEGwL1i*=E^6fGNH z(Zvi_k1l4B9qrR>@}eCanL~TXOiQg=#;wxnZi`t~@z^`$qw*sVa@~#ae0NVOx{xkR zx_t|R#lB#mQF$3abQho1gc;P)d=Uc9Gh{qmUMt_kZ&&OfuMe?^j>(~AMD%$%M1X~V zElO3gCrAC!sR4h^k}!H5kxU4*5BmdQ6R}4FiC}y9ZykR{R&cwJ7O)~Bf8?^^d2#M6259x@bT~+BWPbao#F2!I80c1*0f{)`AJ`Ix z@MI;Jvc!#EyFVUqnH|+k&$fY>HCjW4PC8;RdA2v}n;YTM_QR4_me!Wd`Z3wy%X9~f zmh#5AM!1^s0-sDjV++Lkrn)!Ww{M8$mdkNZNd_GUzjuJs`~}6xun&`BV`xBF&d2mX zi_$6R>i|tOKd+DeI{MMieoV{~E@XoCb#)5oJ4jJu?W%!NY_n-EEA8CO!Pqvh$Ey80l(4M zhV#srO~{5~H4E+QY5?6An-|i4)EEsMF&HdXWz2ZQLP@`j!bA9#VC2A9eyY*2Pg1Fh zRsBThm1|KOZy*IDWTqc0CvQO=fZW3%<0 zYA(>V_A6sIsL8L*UfiWO=p<>EUII*@yEKL>T_JdPAwLj~?!%CSW3b@<)oGziBMg`s zpM#VM1%_rPDzD;$zy}<}nTg4h*#j*L5@-=xhaPLqXMAHH4NhtMYG@j(1K1IbL}D(p zF?CGNhQpjTLwPd>Io7Nkb2YMpEqo%jEmvF&`M0Oc@kQILflQIW&wb%M%K(tbs8Rrm z6~B5JCN%@0teDfS3Ej3tA}5T)f;5%HAD|u;(UA&ApaEbH5Yl3Iu8qTL(Ay{sY63^o4B~M=}8==l?h0yF-Bt zbfsXIm9S)Pkj79;sY_TVR@4X=x?4+qyN07A`-$oH(<<0Qd=(pLSwJ9;NqiSAg99MN zn$>r-yt;L_Mg*pI<m}P~sUHnF^>iK_nZcS*;Lzhr1lMWG8*K&=Cs_tA*YK5*j-= z(Xw+5tKn;^8?RD6mTDdoTuSJe-XyHA(gWc0M$2KVXjwF*Z7uXVs;|oSK~jhZ7xUZq zLA>)W+Bt(~ZsbCld>QzIV2GC+1Qr38=8B{8bQEwI}dZHHOa&%AD zL*m@f+*F_2TS=D&Qcka9${a#qm`@1?BA&z^b@2rkamdVH@;0(n1(>!=%@l&03s22H}+ z^sQ4YRFOA^Tzxd5NhAeDFo!~mz;o*kZfl6uq2Ka2Y(=RU^(do=obc7y6tx7*XwGf@O&)7uR7u=AM01$%m@#NW} zU-}}7n3751;#r!ub1S^pAd2!pZ~s856$wewYrEzlX{J=qV<1IgsfTS&@h66>cTHU9 zH=6PT6NPpA#6mB zfzV4de>EAGj+aPx%F-OmvKu-}({EYQP1BN_rqzZQATz!Mh}k+wV4}bSE1eIymB$M$ zFZ7s?%W>ib+JOX6Z!X)&wr@2^*zK*DD zGb<7_9Ayj&_5OvS;TqBsU!1#uxTF`)QJL8{&p>S&(kE#enxh+|5Xa(V)RrSe4zpN9 ziFm|i2l!L`YerkCxwbZ^cl)#T$Tsh~#P*FnTSv0%Y8k81R2Z1Z-*Qj1F;Uvpm^mPw zC0G??X-^D?(|+@eHM73itefplJx0%N-m|NFqAzRB?djj%8zQ~y($|rn_%P;OK)Cs| z;74bn=U|6_zN^hyO*f+{YTIitKvWx{r zTbW-4$~IAF2ZggGGPVJ>X+3VIAM_9WtN2mR(hr)V+q3kut=3RUZDVKwVhqq5&(AD< zXEkOPXbyPB^6k*4s=~k1$_qGpynKQrt~e=EQObM?aRLGfWfVzH3JOR8F()9fDhVi{ zJ`PBSG{du&f}?33Qo=j+1={DBW_=_Hg01sjX7eB~+E!IOMy}(U7SJFzvzczxG)1PO z*Y0rGyX*S-x?l9yvW10Yq&pU|+3g--Au?e#EqEp!l-fgHLiAM=X^9HtZJObrr8Xxc zki^TWsv~fVT6hXv8zUlR!MDf<(G-_!MUs8v!L7xe*W}jO*X`Y6>lz$Qzx&wGEgzlR zR=r#++AbX;b?1it7X8xFQ%1YR@c-RQ+KzXXMg*Suxl5a5ALu6z4*nZ8AEXKCVaIfP7(`;U@jZUB}?L ziSIgT-E~q}qLYLzod2}ihtqs_C+v3@#8^0dQjB}WcwDqV&NPTfjWmd2wGtnVjdoeW zqRx7py#7#c0$K z)94d^c&dkTBOueD&p@*UmP1MKM&%A-rWl4SO^pnFgYA{+o&!0CC|*;bY2iQSloRp@ zl=k?sW)sLig~F*~$y+RyiUVeg-F^y*M>doaMOs*YzU1OnD}?J(i`CiURAI`z=rAn0 zw%hD89Rxl$zMz+}gpml^v5zkY7og{ZHRNKTletT^k5yQF%ho^xGF>=g9h{QUAG9v- z7r$<@6$XM0*W2d4v0n`|!rjApNX)X?Xh^|?pA1;W=O!(Y=Faiz`kZ3@x5V0TzGgNp zZIgbbEdAPK36$1kg1u3DB9*WutM2@8w-{e~v3$j7F<9zPga^TQ?nDgzji7ntbE*|5 zb+!O3NUz81^>}Jt(W@%nO?e^Z`32$y`$y@i($bI^b4{;QCI+afCM+#mo?uF zLO2l-)vofw$}#vqpLy)yL@|Hl39{ag2o8>Yql(tn>`qFhd3bHX`fl>V!bmG+z#V&K0Z zQ&I&_+95mYfIuieZRdgMKuFyV4FM{?H)VpZg zk!xQh#fZ<-I^#KYno0y8MCPgMph-04%_@5b>NFT;T20OQgL%;j==@eVU@nnf5Q=y! zfue|oLHZGT!LKt%CZM+hi4S`{?t1~fB+E|ssB2UibB+;cJ~3VV0X+=?rKn7ZFqrZe zpT*p0InU-?s4QF#D(B~1T13|}Ux0@b2u3Y?b=z#MEt0Dlvvvsu`o`q|#kC?-x(TNO z5;r?WLxXh9^x=AH)26ZTtZSU!KCz2Uosp9Uj2b4fk+A%WUliIcK zrh0YX?yV6xI8QA-Gjo4k3AxN+zp6M9+X8xqLPJ>ALSFpPX(5Xqh?5o&Ccz|3EEs9+ zSR{8tV(^f=!A>j~l!um$P~)0K z$12&)dcUG4xCeb5x6(6(=nX|z9lKl{AMUE-9xi%iR~;((78hB=Tog#|BEi5_^dUMe zfEwujfWMFr_%e&p8UJRl6=>(a%`U+C8>aLK{Ac>0Wmz*^y!e7<6l1dBfdz;wvLMS; z_OMMGBuBNSr8koTz26!v zu5YwZZvpEn4h4q>o1U;by3QAxfEF>kSYG;#wDnCg>P^6>z8ka<5{{`?1ke*(9YM$| zV0dlRX~0f<1F|AH#RP(09tl1g{7&$PL0!-<_!OVyQ!K_~_bZ=K9#hUBi8<_*9}MU~ zW-BqNxkNYemMNZe?&7l)_pV`62U=leB9Op{A9F_+2^i4mFEv_K+#a-J7Km&XPKu2_hmQt$ko0vr!;P zfcR-LtT1pfr^NOf#N|m0At4OFEHMKv5FD$7GZXmoV0JBylon&S(zOXkDwwM!%u#1f0AA~vF4F)H=1N@q} z1-+hH!_V+|6?l~cVQ(N@4*&op5D140`Q+xr=5S8*NV4KG*{K?aVbKl`C}6HSGUagX zzXfX@XEHH00LB4_?Z4FkTi8Op!oXpq%B?U}jj6qff+;VLEN%uPjBmujfZ*VFgR_Yg zyP5%ciyQAU-EK+695I{Dk@XA@JMJ~jC*%5SC7UxpHq_(W8{M$&s+u&J8_C3CI{ma> zH_$AMe%}M{8pb#uh0p2|WQu;_DblfCR~OK&7E-SO9zsSh za3Nr%Vn{hjS)%QpM&o3&*W2vvZRYa%lbNhHlgVbXrFl7(vI_`Lm70S9Oo9K%t00`* z<)1%l7wh)zcF8`_9BqvD$~|!<eP0(g52ji zKZ|9eHneh&rhK-!LAeYdG4xVPRAjkP6S+v;M!3c5JtS6&(qi=rpS9Rr7w?-Wx{Ri` z?Z4h+>lzAl7ZMi9fi1HY0MeO6$nfF)f1JO?8BLmeZhNGtGak{t<@`z%hk z$>On=hG|cJU9hJn$uK4#xOkPtMQaA>;fzn75dEh(6&_162pPQ@BR5i%rWBwJSTq4O zB0qv=3msxXXPnmPupd6*V8|N`?F)&aV9F%`vRrX`;m$@h3j*Yl2^D0$B{2vQArS+@dwNOGhkTSBp_JwR#ua^tn*?La6ae?gd!~F z7#~{CAG-{Z{7>6Rd9@`*?K(DjHN+k(6a!nQZaXRrgV z7|^^Kwk!{{+AiVgQ(d%TrO_+=n^Uw*<2M7aolU)Hv7qv{mS2q>2v!0U3lLlMllbW; zh*`2dsaaeZ+TD$h!7@H5zTi_Btlh4ug^(y+7ZSIGM6#EuIUIRs_E`2qS$RWN3}v0g zd3|?u-dWBa3560~c(oInOPdV`S|-c$v`Ws+mFHj{WPIRNiquLMHyN17m#>)uJ(P2i zV$5?)!MX8V^T5Xr3|>2)Yuxy;Lhn@*4ad?BdFu;Jd~=Fl6%lxQHZ^v`*cE?#d#7w z$r?=4ozg)HrAW^U4#goksuT*|GVQ*udg)Nte6S(`XbDD{+=7Wb)6an2pi4oaFuhXz z4;f&GsFKVI`fYs`VQ?YQLPMF=f+pJC+(+0*oJAzrZyO6l6@xTqTn}Hx%8nktZMwL1 z=Z0JHDV<%X1y zfb%Fy_sGd({_f&2xtv*4Oxq(2K6(M&MvggzA-;8IF`6Sqwyo~4%K&3MJLah1^c6L4 z(5{!RH4gXd4cIYS+1L~A?&nYY{#{gFy6Man@~*L4(@NS)+cUkh*H@eCv`_TUeV2Z& zvtmA1gkiCKS{T+uj6t5JpsPN1s?#*>9t0U-qH`bv1aEfQqh&=C_Cu!Kbwso1KC~~X zaa=W2N9PQYR5C~=??LLY-Xakc`<<{0EjTK-T%?)(P&f-V8YW>jP2x_>^C$4d;dCMs z%Zu0_o88i!k4p7~m`Ie|^F11NZPFrJM%K>POJZrg6cwrqS(p)lb7LP1Ea)ft+l)cu zxGf5XLGfiQm!!RuiFRd`tyRRlEN~D-L&9j)+d{;1+c(s4C22;kPEe3W;qon`nX6S; zSDeZ%`wtlGMmJL7^6`Md?r2>9p?!TgFcOA3K6*$5>|v^{6GtdfcVic~+BPd( z;6^YNV25TPBU;ar2Li(98;myBHdvz75HVP5$DPn>7E0a$qM#il#~NtvVdT*=lR^8M zx)%48g7|b z@rT$ECf9kGjx?-P&2Y9X<*XV{3bO0WxK^kP7f|B?A?2h+5Oe#TJ4kg)x%h1^@zbh9J=t2sx3nnj|B4`xN?3)69tkEBpeK(my`;YzNxN{ zhX$0?hU&CK+CRO=n2gHSYIGwNzE%T zdE}gjQFFy%ikEMpF5*cMozeC&%)okP4YCKCbiw9OUmSYIp@ zZ@ofrN0%vCyA!R!QKBvLu;e;&Z}YnM%ucM||6wguV>DTIjE{8fo~-PUzJ2X(fbS=k zmZSsAff}=-xbzRs{CM9G0sBau+Vcu(egFfej$etsVMe4eAf)S&NnHzYCuyCdad8YS zS5+W)8p$^#ZK?^J;N+n}*c}!J3)zf0)z3@@c!Y=jisKTx%jJyiSg;pC?TyB%Oxl}C zXZEE(la|uW?%HCekt)ulr&H4i6HUetCh8JU-d8h*amZIm;hjYc4OpN}U%Etga)!zbDhPu^Q;Q>cMNQVM}@L3DWD^uBJl9DxOH+5IrX1_4jcs5)sNM1nsnb7Edep|OGLM$Q==rkpeLCI z(RK_x6l{l;MUxnrOMtYQYv3y0#)Zr^hRG=JaJf!e>|P5@@0L_I8+1sE5&$XU~Flphz;7=2j6ZY?1nt6ZM&1mH6EGOX+dQ6<=Z*(%p37fVIFR4gWslmoj_!X#zqWMc z#!8?#l+Kj^^EoStyRX`PcX;~j(fM!9fM|avo0fLlG9$gwLePq2AF>0(hkP~G>89`n z;^ePC4g))=67F1Z)HpFtrcv}9XcU2_m+Ki6ZSKAWqVk)7WH`Z^FPF#w$DfV zw)csi1@HHbVk!vnW((KV{gc$!QxJPg%0g(Ox=^c))TCNTQ!-ze(*!@L;B&wUqaqEM z(}**AYFQ^)!B=5QWC@RBMWK>2oX)a)0wIWE_TUZOo35@FM=HTa|GFzec6+&ZFuZ?n zW_V{kKiQvBhuZ$!{&DA((?hdE1*binsU-5{sC~wy*iAdfdZ+t~E_)=`%+--a(sJoS zf0;tvmcNmFh|T{6>oa*Ug3mGT#N*5p62Oez1v<^bJ9J9p2_QD`1g)xDnxahNBm~8R z*dHS!RZHLl4aOK=HWnnN>L$G(LdqMg2;mFT#3|spc`WJGA1eoqCKH!vLXD=N*Xghx z^Y$A9CZO&wI(GmPD)&&N`VeJxAzTF$9-=j6n!bvRs*W@QB_0$>(JXB$m*Dr1IF!H0;cm?sr-gk_T_Rg2~d z7ytP(OPBbp)80yk2pw@~ka-M?)x{}xo;zzSD8!Yz{~ zmw9H4Dmr}4`{x4$>A%LIv*$MsyR@oa!L%P`PsO2;m8Bfay4t?2b(4Nv)_aph?gOmj zsQpWEfd?6jfo1f5-<|nIg$!*^Ys1vJny z{iZ~+?Dd#UWxvaHN+=;vtyC%rp=0^31dtI*1ZSO@^__4t1T)b-G8fXt5fw zVvE6gNu37wGLce8N%Nb_o~t4OQ>18WBXLHvg2>oSug z1woT@mrO9^jgU?_avR>U>n+L@3`f!)vp6Sv^J~kZG<0C9oamc+i`oRfWZsorQ%!OG zT&hX%3+aC$CcRHsRIzrV7ve=)Fa4gLqt4#GKCYpQ7!|7pPWAY!i;-EkM++x?lUE+q~nwtuWf z5EKKo$`;F%t#u5%a~`P~Nx4npHT=s*^hU&$>Mio`C@&zHe5qC+Ed4rA4g{(Zn>DKZ zuBrkWPdIw%4f$H|v68TKS}1{*z_~~#B*_^q%WRqDmK8i~zoEiir8)CL#7II4t&t!? z&YXZ*>UB25;0xm~lD$f$lnseaP9<{=%XU0SgG^FEoE9=6SV)Mp*wYXh`D%P&Jq7LS zY91$~6LCBK>Lc^HGRI$d=Jj3i^pV7Tg-eFPVK`;H7x-J0Jpn>jeP>*I&UT60=@ z208mx;p?Y`3S?ybyl%3xpv_Z%V-~|W#SEB@RACZ@{j7-iN$&H}y6Yu*10t7pqo>uO0Q-E;)?fGu@* z4Iy(UyKd(pXRLQ)S6`EAj`+HL!S0kdGrZ%vo0=oTvbb5+#hR1FzWKXu*^Z1%QTSu% z&^2JtMTJMztHU7#*ajd**i1H{(d&`grnj98M7)8BEf9$cVnmE`5Un60pjI@A2>U=@ zzKq0VK@0?dldp@rT{=|z4!Dt+<8n;sM@3Q}$VER?8yRU{Xt)Ry`PG*j&tk&YYBl9P zDt4<6mKEW@~-HFQEtLf2Nx#=7Mu%tKb?LRy)Ci)MazkbITwyk^5nsRr_hrEe+aQvf_OaB1> z$n($He>Mj!|QIS646tod13W=MDgGXuEj*_K-aI(sIZ#iGi15Wi+D(_{) zl)5bS1pM{XRB|d1Ui2W5$r1D9^MYrGtY4&b7)_Z1h2S5hV53)f*TUb3Di=2NL>;CrChK7Jh-iDLa_gOU^>uBZ z-HEWLs0}p3wL`$?Lc&oE`)CsVpiqzjCnp%#m$#2V+6=N;@F;$}*>Crs6ad9#7A&C% zG7D|?u;4!u^2kRNgTWjcwVRLFKqTNcSPD2PotVy9pc)|(7S4KLl~X|75d9A-8d5Pj zgrYIPQSh14z}Mi0200*3Tl!@2u=*kQQ$x3QiSwQ%pR;)9$X)Kw4c%H<`jQ6{_uDdu zCZ zcx8if!ZRhGFhEo%by1ranj8KsT)FtCysGuViKm`&07pmBS}I|(+!tk}Sgh^_lA1sz zO$2OJwg$wIduhQDxuSA~atkIT!dpjenPQg* zoR#_`4_*4b80(_&FRG7$4ALh2_%x|`De4A<=CH?|IVC0utZBT^aEqA(OJ+L=lTC6K z>ckjkPYZ|{w-8Cf63H_u&>h*uzm=>+0)@H=WC;;yO%px{lbXJceR?wW>33tFUd0u9 zvnf08>M|Olky3Oa;x9VxE12=ulvwaj>W`R6x?~3o_|1i;LWtcjYVboq`lESu7E#!m zySzQmXfOW}F`+2(1}+aw7uVi$PXV}>o>C!cafn~` zEd52G;4PtaXKLqkb7e%jb8c7P?3%18qK*uCM`kO-iFJvlEj!X|_I3;xt$7RIYZCLe zDEuDP;$;$~s4+64qvigCjg~#FY^xmt1tt6u|EYAsn@*(TF_Y=2Su}S=Bf@c4Df3X; z?{`EJCt_1(>Kb#9606N7dC@V=ox)v0)-ZNa!JVTA=! zIvmZQrc}FI?i-$t)^lN_!4&WAi@)QR%BE{--h3)-vWo}ZOTYGw=I!qM?1pZ!K4iAr zbvyKSn`v&>+MR=OeSCCeO`v~U{hoCLjx1sO|jRD}Pn+OkP@!jTxr_CXG< zpbi0rz})&Yna8=sL?#OiZKGx32?|l$*sYn*r8=afB%Ou6pwM=;59H^dDeEAs4?qGT zvRZ>U3x+YIxd;`5T*!BqQ^yT8k8<1_s0v*tDhPsqLj{1{*64%Qg8ZO0pZ8X#++L(3 zHHq&JT|BE?C@X}(`8@hQ(P)-pEdUb~ zUrN7iWLizFnW^Rn^KM8%k}g;oDdfi+F(o%#bq-&X{dYGYZ@!9l6760|k>f>{+_jlIuP*9o9toC(QZI~iNYH2%|onveO^_fbKN$E(TUD*@dk_z%tYSr`S8W&$Z_iQI53jxk8U7mXkhNsI{ zl#V%^>Sv(Z=ONFp4K9~cf8_4`mc!fPgVm%VXN=_Qk>bYwWMX9BSh(c5j_S!GLaL@% z_V4PuW;}1U+4ZwJo6YPiuF2=>al5qXT_Y{oruWh>VcR7h`N7jd0h1ZM!4VVaBebt^ zn2?7gT@S6u2_aoG$%fFZnWCQxd zgW(6kGEpTA`aPMbkWvRRpP1y_IanA`OR&=;?GB;-$T2#^s*FOyjbH_mJ4zOxDNfAw zHfQ}&*T_(Opd9j6HusmjG3Qp7_%7E^bXJR1H*!VO_h*gCZm-k2)#S1Sig9n!ZyUU- zzIn4Pl}cEpU~z!vE$rOifz7okd{!-VGoR#?*)mPcG8~h_mIC=(0-SHn)eU(5U`}Ha zBgu@^N4eQN)#&jydU_hhEJ^G4Nv3U8#O+5i9$P5U73)&Fd>|biN-$eZCU-pG40t^@t3O_h zS;GcVfYnp;364p~Lm=r`RkYtp&`Tk*U$VghKNu~m&Ll0<>dX5v716TClm$Zc3GqYH z%n=a$n%avUf#Y>S#baV_S?AKh3Tn`M0Z6Qmx)+^tjgv@Zonz7LddOhjuAkOnAs!id z;etY0n{z~An%NApF|7aWI$iEX^rIJONC?v9K!gJM{UY2aDI?) zIQCs}cyrnuEQ{AXe17n_^f_BB)-$f!^h@susoVB6eWe79vlQ=DzqC=jU3LPOY;Sv8 zS_4ew0=A#QDZC%_b|qw!dF=NH2LY2!K0PQ!PMy(YMKXryb~)^lonSX@UfE`oQJq&W z`|Q&W>w_jy_n_P8GMOaXv^*oh>Pt~?8t|*4RS;%l?=w87@WY>ic1)jQkSg^+B=fZL zCP+&nLpR~Se(dbdU00lSpN*Y!pWC%-7k?8^iq|ZCe)Ih1r9TjF*gQ`%mBjv_9pI@} zXnMb=7R(gTgYq-N)<1NLHNbeQHvcB)?~nLqe3If5Da<(OlQGO^)H)y`e1g#c%;zMn zP!_B86oZtDcL+yu=ZHnL8f-?R)&2XnS?j0(0i8p$Q8o!PgO~;6ORC=LYR(;UA(rpe z^4y_A7s`hYu>p{T@eE~*%gcD74oTcmG5A6e>yXLkt=t+-mZQ;>-5ZupJsI4(VaeX|NEhOTu2tdGi%ywS-wf+YAv%rC)+9w5ZuRMSnTt;D7`bPV>?yqD+`?xSi z`+>2)S9+0;BX3_f1wTMu*htsoc%^lG3m=CsQrC|@%)_EUn5`A@QfvPP`AX@v&i<|9 z67Rna_J=$8e!ynL`CCP#OoGCx^Z{YCpeIv?Lh+rJg{0<>7f4XBMk_b29$ z`$%{`?n7AeA4JuGJiK^U^2)eYH}Mp_e8IVU#5GCHtn8gwCZlR znGB)~XgWR<_vF|~z9-@l_&r~0z301%d53PhBosRLq`0+Fe$O4+J+ExNXErTawoArL z>pitP&Gg$zWT4;Pt|z@Go#Z;rsm?vMy2|w1cWd{=a8S+DowW+rY37Qrcu(z~f7!mL zbP|dk^{J_oE@Bz%v~s#OjV$%`Wy9`cK>wy{?f_qLhGvO$_6|^?wP<< z1GtLn-SJgCewRP*FNF7De6{Co$@bIp%vD^OZWnZ3^}H)P&-+H_d6Sh9dY*a1f9iSP zS^2zVgP*tdxBfo0^Sp1O|FpN9XgzP!f9iQpzQyx?dw(wfzOTROd2i95;6&RY6NO># zb3mGZO3fw}u(t#W?osk}z+{FG!ikSih73G9Sf*&b@^aL25rGAM1^EenDqO_qQaBYY zQgui_B8KUp_216OFSa1IIWG%}7V3~e42SFvaBM#c90~g3aqmE*sXrd?7Z!85ie)i0 z+gNN?7M-mK7Ybv+GWY5QDB#ay(YxG=Ok@H{iZmfMAtNxC4aW$tU~{}~pk360rEyXG z+M0cn1*0n#$PCxhS2i~{f?eAVO_tW?-08vT*(-9QHQrbD7PB#w1laShk~LDznY}J+ zya$B@W6cfujSn1H>&sTdwbAaNLob;uasUvGCW}osV-11EiPwBqrn$kq26N*J+T4H> z@VlWpxQ#B}Gb8IWGm@Sv7`NvJVWC_p)7)UbBb~g4X$M#B>)8a(qwAZRk)5DAXRUoz zhqrxh#q&-HU&QlJw^5dUlF#CCay-|5RBtb)4c?KSb=8VzokDp+mSKZ@B#! zT!Hgt)Qy&9svrMH#6yIK#5VuD6p!k`KP@r56K<~ETfR-A`tje@&J`};q2MC&4SVOD zjqP&gI_+G@2*^Q)51e94-vD|XDUBk9DYx7c*z}Qdt&l{i5Jf?1Ld*{WutuQW*Vt;kX@+uTHoSQSZGf-k99%9h|6%EU97li89t zTPhXuS%(|qB~D@Yxpn8L=3&o-WF z3ne6yh(U@jSSgRuaN`ez|4vY0obU`_DB;ix&O;}8rAe|2R(x?mOERyH*W>20DO&7B z{9r2$J$#GnmcZV?X4iDdhIDj?mSk>IT!tAvii@{X(C?Vqw{Pkzl!cCQkN`lmK{^O| zHjm16cCJrDI&*JJE^SiWS_a+5_$*G+4f;rb?4^$qP3<^aJt(vPaZGW zNJh#G9Jj5>E@p(qh~!Emk76)~5~<^~WFw-*)-HS>sh#{5IXCct<+*Sr7^3#4Jl zP*i{N3}p$^fRJtK`MGBsnw+S#q(n%`&$M+gZ7{U)z$c-5jKI2*(I6x!GA_^>2J9m1 zCrVmy(${ibiyxNOSE44}|IgT)0LFEe=fY>1eLZvL%)aj<%}6uSXkV-|qs5XX+me@f zm6z;ILKYSi6@>(g)FK6vk^+}5m!u`3wA_XeE8vzEL*q21aR{wR!)=^~-a=FO-R8eg zaOt)DKks+WXmQB>>qXz3(U~*nyx;r1-@87qGM1g&S3dY_2VEHey|zzFGwsfNH%JqPRA${k9+E9JHO=cY!1*<&y}EN935qUXAyRKT;tyBK4E+JshcTE@GfO?r~uR`*{JKbpG-T*Q0sWdWeo~ zSj#mg_iALX)~Fh%MtgfF5x0{TcsuRT?NsbnA}N3ajBk=Z4kH6D#K>|+HdKAEnS%f1 zEw#+L9FhZ2Lk}h)p?IB3u~7F?vTcd$uP*0i{SSGi;&KfBkxPu=)QRe~OTb@x>6c4L zGF{2R39_$urf!nGiMr&cqzK*9hH$$u;xCQ1`C2`IkF;$hx)0gdD2CWIzxq!b>L2){ z)f*2@`|Xj9?W`Hi-TYBj8gYE}1uSFJbqP2)}1Z^$8S6_=uZKa3>>$}{%=G7m< z{{A_wZ{bUHP5vlME7H;5S88$PXZalK=zR4m>vjJHI**^%&V%Vh=l!K$v3O>A$)|re zvjve)uGxau*nk_}XEva=zi+Vp%$n`DCZnh?HIq@?!`$=wGdxtxGa0pRyJ#|s`cg9) z#XYRk3XV> zYyckHvgn&|Pq|nXHOsfuyb%5Uh~~2*f{lKcW==2^f?(x!oUWy%K?P_^5^O6?1(jty zV8bW%6fz_Q4@FH(d27NaO)iTs8_9GPBKEOk6Sm~w{MOn;Nw%0ht6$%an)(U8K5?9P zhev}F3X9|-&@~dP-!1PMZ3&n9li}{z*3~~pQT^+D8vA?}{+BOe{($e#J*s+ww8#V6 z4~pd@Jj7h@6fR=UauzRwG{6WH1U3S13cI+2d^hmOzoq7IN_kyI+9R=_i8hh?ig$qD z&A5+0)A?_o&uf-ud5h9qL$EtIp(;{eakAn~+~{6yZ5)Y3c(4t5i17R%*4HOs9>l zim}y*pP|rcu2reFQ+6O0O>68a#MC2CMfqq}^(H2>k8yU%{)YW6yTR_EH$0EM73brv zt?`b|SU6gY@c$OM3Kwp9rKI4kHLixz zltMlV(iD4SLfk?%ftK+u21FEEo2hV5&!Qz!UTfzCKQe4q|K|GJZhP@Ye{Vk57x1#a zKsOB3&D~x~6kJ5c>{ypK#53>6f_%^c@4n9G^CxqrFG+D)elhIrI zj;F8wNWbq}knvBxL;Ko&Lss#hqWjjb{j|Q1Ul*`2-yu5_*VKH6#Cyzl2zvjncHg2f zRA_&=0+-)--$auUMsMar6uu1ggVDR3$-#*zn)5pab6Wqz+IJAWweNVE`#bHv zg`0be%s)wfyLEbxFnVj(ep-{U!roez`6rn+pwR+#Ky=@TEHggY+Pv?s)^b3=eYfGh z$-r6TZ=%U1cHg)t@yQQ$dUyE(E+b|rh#4Yruk$zY$$w+?*1qFu?g9P2=Lbso3V~yu zO~xm5?Vqvx)~@|@obfk*IOoTud5#tutxL@(N%!5S-#6)Opq{`-QyI7j1#1@W$mGWR z*8HEeE}`(yeJlEX``W8;M+(*se4=grzP0ZldTZbDH1|KW`{u_x()bGAnxng6_sy=& z?pwR|)7!QC-m;~_e7DSRjeLopKriS<@1{=fTa>TM^mvvpiakH0TVfbd(+NvKA}b4x z4BS1SQ{4PB|sxsBUNp2&E!Y>?M1T+5fE+JapKNC)0&Q zFeIN$bX6<0>T;!=PCHK7Y*B8xJRMvP`Ie)*VIfezS{U>M4H;y4OUU@TfHNE)iSN~`0jatQA?39VNkigiR{Y@B#lzjP4mF*TW39UzEqy&b`$M+K4FgAR z-*+(98g))A{QhC7)f%uwZVdM9hp`rS?g&*U+G?E<*G?(A_u$t1vcQI}1`m8-dqxm; z^E~MKW9a2yV>y(s5I#L~N0CK)+KR++R(b^mwVBk!jzKWe!c?NAyGlP;0Gf#ABD)Ma zmsa717tGs*Gzn&&A%kTtrH6uzNbPw;t&kZO3>0Dj$~`Gk&w~d{kC+T5uESxk7M6=` zq8L~X2JPwPwpqur9dSgK9d-?sp#cDZ@+E5g1hQ`WgIHoS8LW4m-1;l>Uunq>e*SB7 zBh`*=_kMEP*>=a#kw~d0VpWo(eHkf|_5@1Vu*qbKmulg;{rrbUj`-bb+xDBcgm*d% zTL)ul*|?pwy+B+>%DTfaYp~hO==-P3iC-{(MTyoM;uwFTuZ0E4g-x3`x!2YL*09jQ z{1ww|oi+UxW03?$t$=7zcESHR$8_Z9xG1-Dh6`$uS$MiHtCN@;JL6$f5)%V(Cj4Of zp1|{`xhU3cG#cfMC&FKPrKrHcbQpIxT#cqOtl=*)r_@@F0}7Cv#Vc!C zv5^9`&BPH{1x@T(v*14dF_X1#+>_6x9G^J;xLg|^P4&*zLbfx)bg&i~8WIdf!i171{2~QxdR^3XjxFBaShG4e>^ep0-9$ z+e!X_PAXG{1BM}Nkt0T}k^eqI0Em$wF`PtsViNgT-F-OMMe@Q$zExe`zc8pKcs1D)^`L=SQP%a}MlNFxKs7sP}a>+8&y%e7= z6nC~&mosIg=Z5l`Sy}RoKI9yDNNhnM0m&HTWk8eA5kh%F85nFgme((R7s-5Z*{&IJ zYm=~v<(mgUQEYm6;DbPKUjhkUFQ6kFp%I<{y^)=*d2-`|QENoBhF;14z+YxXbiwjS zzNcx*gs`D*_kok#g&S%7@Id z&Etu5jJ1##Q4oG4T^R^?_KO~)BX zO)0K$?lQ++v$YT#F%Kx^VQwG*)-cc(#C(_>qT&oO9G2~@@# zBDtRgl63;{m%u7I=qruHef{?jgxi+N)uk3JLJc*zK>QUbgvq>8{lsP`v&NGu?4&Ji z{kG*Ax16A9e(loh8h+Pn3?Z{rx`0gt@uFseW^*F-F}Fc#ky*Z;Qm32c%$OlK620~c zNjW&+uggwvDG-vSKJxE#_4l{-cJ8}(d|=;T{HD3VX!wXX(>*Xb=doIaL%eZXE^H}> zb3r@CQaB&9^Dp=A3AiSz>X9vpaQjGp|Ly+R?$+BnT90?MRi;KW^>Ms}8Q%2$XL%F9l2`l0BHk~nH`*2DEjE$A^*G)c{c*WAgQGli)+Us&jT+dA2aJv!ymt z7?~~BMzE=%=gv6%D=Wax*n5U^Kz^1$PuUYXVab`(k@RWKtRMp+hrXwgaGpyqJcQp%;+5TV9@jZkz1_Qq$24X356Sr9pEeK-D1@8{G&7b=MV2mBg=my z+;dCDZdiS=3{%3P>ktWQg{~1|4(rr zU5OB5K|euP1;}RI-GNn$6n3`AF|tf2C?RhlsorKTkBvfE)i6{KYU*O+q%(V9vHPWN+EV)eF%*SLUq;FpkqQY=$~BX+|b zH^lg$*B&ek0$tw{H2GaEd8={tJFfWQ8;)iF1G)bEx$x0<-JYLqAFl*h^=)TsV5ofi zZATJ2ns)EK;v)2GX7}>fH+@FJUxX6O?xhH=reAAz?;AK5>l1$0>)*}vYvG2DUS{`F zR94d|MukVf7kTcpXE=jKGtdf1Cs+-Le7~XYAl=wVqAv?@aGO>7Jy8s1((y>R7)z#* zzmw8%$U?zFY$2J9X530bsZddcDYcMkL>EH!V8iCTuWC|Ff(g7dPn9&9HaD*)V!p0n zx3M53p#7hF9@uylFxKmx-#t%Dj+UE|Qu`^Ep%>FY^4_Db z0ZZ8H@k?HlC1U@^ll*7AtAE+a`@O3_9^_}eU$VIJ_HdxB-D>JJnC&hkV~Vb#8;P3V z+4++>8x$tUv>UIE3hjb|gtwi1`V3doIB6#dCBzbU(6)lS0*r6c@pgJ2$76(R0;a^s za#%a*_YiUznf1bs!H5{)u>@I*6hwxt!ZtCoSxDqzWYD)5S(7G~(48a^6;Jy7z<&$k zD?*ex8zQYogXM!}jn*OfE}Et#QH)M3<>%^c)urg{;3EV4(g1(=06);ZyrsU});7IG z;R0Lcrk7K*Hs?bo)^7sSa_$vYML@XjgjtBtB-$OaszREOcM5+{kocV@Xj9C|U^Xdh zu4O2e-`TrD~ja}k)L80%U95R38(k12 z*1zuz_xH`*hiQehHSKtO<_x*uN8@q2LNNMEJe14z9f_#C95A%v^nL@mY%=qy2a%O5_&<*)*=sB*O8usKo@ z6s>FM^-OKVsD&Qzf@vM}3$;Yy+r*N$uw)4U{29*0m!fTM88N_MP#Z-|-h$)QB zm4XpC#t=jwiF_s^$dq478kdVzUouoK7oq&IjEglhi!Qu@n7{yswMK8KW3a3Is7LX0 zft7YnLCC+my}jgJ>JBfJhL~Lt>U+r9Spl8vXsVmZ&!)Gfuz9n{ z4w1Z*nN^JDO;}-a)gYuxA#}npXqL7%6+Bwa3|5h)zx*PUvpf{4O1I75+kSg%TfOMDn7sc#v-bDVfpD?gWL%x(f9mpt zO2gSeE&StarxAr!FM+RLNA5iJJpRTCpat2yy`lDELRq&~=IQcM`n;DcU@uv~UP^(H z$!*4ZF1X3eaRb<%quL83!cl1zO>z&Z*`*~%B^-&YL=6h+iKB+7z*jP;AoBU!BhlST zAQ?6oJ+X((`G@>I&$OOWKZ0rt&>NL?FlwLgd<7QmE1j>u$PndqP~2D66l_L+{NPz~ z{ieR4@4OoLGC)rD>*z0QhAYVZnd5UCiHpSg)sJtsPT8{fpmgQL+vrJtiJyqKLrxH; z&IJE1H9TMe>H5iA&`z6gk+?iTl!PV8qLCI_9{9~TF>@a&P|R(nlB+@`8jr9XhY?El z8lh6$KJrU4G(pX$L6#ESaj!B@1YR)vw4FvwCPt>yVuadD8U%e>y9@flPTWq2G8}yL zzCx)^Xw!j+o=iCvGO2QGj-3*I?W8OefD$sT10x_$@X72zKi4l5TlzU}g>O;#mKL6m zb}ZQ@8%xox1H;SN)NFsxvJ#kUDKER{in(RMi2g<-;i!Im1pjEjf0n4i(7iS#Hf>sF z&AHwlS<6hxWSC>6A05V!f4px)Wn%bA#E{{h40h z?sbm_HHy$1$u>T8(-wotW^%|8G~m&E7?ZwDjb~REWjB9h-J!vJT3f}N;Ac%khZyC< zs?;E6sgu=GC)eq)KBsKN#9(Cl9uOzlTw`Q4KrHJBAEGQI)~`pai768^m5B*a9RoHi zk@LGmZ)(-=#FX$(uuH-Z!aAOjn?s$(U6^Q%n<%@+M2o*SmG0?Dr;)#)FM5qH6EKM9Y!h8*`V0I=2`A1TaP%J-N!cRpXa36J(Wi8a&1$z13LKkW@hku7mHBj{h(K<9EU}g;;z6SPo%7vYH!m1MQybmb$SK3K~$M{~}U8Mqa`X>}~xuI59eD z9X>xV5%?Rb^f3{7bvn$iPz4eg@D2!_Yv4p7Ne47w@46YFgOOtE_~UjH%0Z5b`6-4@ z$PPdx$4^2e&xi%`Ox57}AlL^pUpo@)2;X}5cW*svv>0w0dDIj495q^vryd{SJ2SsB ze)OclTolcQ@n>2ORKLaV`E;Ny@Kj*+_Md#J?Lgb=n?d2f)t-FMKZd(kza1NjzaRG4 zB53_8XbpXw&#AsL*-cte7zwfx2{H=lkdqcZK?cNvN|zVZHmn;n+5XHsUZr3~m4srI z+)ibZ$z|p&FOg#y8qQf#|47qO-;L`=>EdC+rgT_vzL{KC<|?jX-j9_d%;Hc$8w749 zl@552E^3qka}*T~UW07J924M`HyG$L7EV}eiQvwl5L~PTMgS-8mD?9xzAIxMyXXTvpLb>HK>G&3Wzpjsc37dDLXX?bOs@>W&JVy zc&ci~^zi6Y)I&wj=vWlc+dA^UmK%wTsZ+%wdg2}mw#w~lixjlA+9UGnH&WeO4~89% zVz>G&r-w&%iJhA1x}EkrV<$4VjZ()bgE$=z>O8TgQX^C7wr$ zuWncWkq{AX#foVqEJgIC1-WT5TPR&h+stT^ax|HkCpOZi#P&P9k)-WWB2gz&_@e_y zfuO_cmSS;BJekXz%n9>jasDYYAIGa_EpY`(uhUUZq?fo-A|8Q6Jd1uY@?=0>4o2qO z&it~)?68`s1MazVomZa2E_UVl5~!%7JBbo*2-@+V^- zJl4P4J1wFMklncYao|y~-naJM-h1PBdkRa7|(fG^1I=Q}m6Y(t+P!eZ#C z=FF+}K0ju`>|MQM$98%9#PO}4ls`EzH`i?T^Ak4D-m4eIgm9U2Agk*OXE-O8BxVXa z5|DPWn&90%s~)g9C+$Y3!ENEKMw^8<8Et0BLAO~j0I$ntRBXnit!h&Nf}Aj-p{PgV zTo!YF7l3V^70e2r)swVTEdo-l+zSG4Ti_gZi`m#9IY=_FcIl<2^g~tasnT=OeV8?t z`8NOBJj)Ss;}7QX#gev`_}&13FMG`e9*^qn%?N+2cC6kwI$!#$PCm5lJKi6ieOOo- zZC~BF`p-{aXyc1~ZFcnse@(PcBBuHp_WB84QhgJoR8LTC$^`AO6Qt!eXeWj=!N@{N zb&@eQ(y_M$VQE6o({k9_>4>yFHH(jy8014MbN;kaQyxF5bxens`|ye>Zy+q(-Y+nH z5ib~eHTl6Q&JB}_RhnabQ|-kab=Ahu|9UKh43(v}%+lCo*K(~$DoK$R)<`klyIh@h zSeK>g_%imm&~gx&k0|5xASA^qhG9vSN)#g016J_X)qc4w(s%a&Y*+{$+Om6k;qxJz zwjC%7@oP$CDK^Ehb69-=tEM%*Btr@04MZ<+nGJuno1$=O8(|n?vDs><^|HhsS5(di~z&HM!4QyR&)3Tmy9G= zvYe95a@mZc;vI$102Ff7DTKcRk@W(t1B^{T2j)(oW0h(X6cJcv<#Z|%E@hLaGE))m z!SFV_W!cS8EeL;yp?#s{B1q19h-gH9zEj)Ybs!=X0DyjL^lnG{R}l#ZtmGeVYU3v} z-EoI6oDLd7E~~5PNVX=!ZdWAL8V|!GedDnVd88%p;Ka1$oh%6Ov{F=Uxns^Lk<-S)V%FJ_i@fypG4Xj$FY!%|y;xhA2hl$CMPP=L+a3 z7UuKE+pTcpm&4_R+|x6(H{f&>YlHFQ*M}=xvWeEHY<{72u-X!Eh2q(8p*88)X_j5K zz2mK0ItpG-EZvp_WAP}<=lHXb7dh^kGh7tjB{HokmO%u<$UH0zm=FY^5jgQknjpRb z=g(PfeZe2m@)?5UEzZG=YXbg-(6?qORLE_MGm9a^#YKZZ zyG>g5*q8l!85^NTP~;09U+FnLJy=sT)^!U4?$GJ8mQ0}&2u0lQa*g*B25YGnY|lrL z9g%CRh4#&PbG_MMDhROm!w(EkhF!s6OpYZj4u@ff$zd~%k0d&ZS=j;PRo}0IMk3db ze&nA+UNHGG2Dmp?ilnoFd6-een1}=-EkbQkvPduTR9L8<@>OV&vaDBp4&xi@9wJ#X zkubIri=huh7o$TL9d(`X$wR4ltbHJz9vEQT4=TNFHtZ;a1HFq*pRb)XZ|t3^82;vL z&U!kxXr!!F3KIdf6=5O?yQrjP12N!F)bubPM{_r2TEm4-RB<5UOHsxR$t#4)S0GFd zy$D_dWG1o_MpOo>b~9n9(0l>z6Je{N<+xYLRa)@=OL1pl1P?8yza4$lXqMs@s1e~_P^pV%#k_S6ve z!x?+5vrsD<1d4~;z*5aoIxk+v8(Pu=TwNDC>yHJRjGb!R=Q!~1DrT$n(}svy@BDReJ&BAaE? zlwkY6@KWbmdIecWVD}?hS0+dU_JZby<-pVQupD^mc8Hi~f$FRvQd!PCe?$ZJbj`>! zjpL*I!07P?UMht7IkERh(6joy+h}sc+TA*~=fE`YTm3QppWaQ7pL>tqI;ncwm2f%b z#S(yjopNe#XBf|4WNTvX>O;a`3BQ0=Cd_? zirWIji;x7M2=pFc821jl)gE+sIBCHz1_E~3yMTfNN8M*o7OWPV8Eqg(&emRp&IH|w zR43ZniF|xTdgZ0HLIDsAS|S5d0VP!nJdiuhZAN@PZIN^JHLTCtg zqNbvXYN0wmbOz8MOfYuSBF7%!BL2fjdL^sFV!+^VShM|SfPM?nfRXLGbgYKJoHCgY zo+KG=9$NYyGC**R%al-nk$K!OHVZZ1RIkS`qA|Clt6TBq^7g#7TpAkW3N{;FuM})b z0npBcg4nS%3*3d##Aszy7%BEGi4EB6(dAo$3L1*7QYN{~tsv()$I(R%o9L0yk&~ zHcgEC^%aGt33>o?j$vf-9iz5+LcnW13hZQ4vOq&P6mrF)XqIJ&DTbIq;A085D;}$h z!38d0h(xT>y8AwtylABYJJztZ($DHLS$GCg;WZuQf{JCH%!cg#WqEn)asJ`yo2vT&8m9QHQ&N^vZVsbIDjpTS z`!B+G{~qBD_>*$npQ~AgxD-ush*gP6N#F6%7U&`Wu7`{YH#97!_T$A`A3b7X9KWfS z@qyUMOepAwD@*eER{Xr;=Xrm@X3cxJ2NemJpeFxR@*`p26e3<{S3o!0GCcifzvA*t zTAj-j7`}9|gp`=qnTd#!B5FPe#o&VG(IwNV6U@05y=tlm(DNBnG2(!$nuWsRIv|K? zwcC~I80+wq96l)aZ53DdLC=BOd<|)Y8Guvxa7Eff70C;sMdCioN4 zP%;+_$8*dlG!8`NbI2L&<6cEKdUD~^h*Ye85P3Z>kOF{_q0E(tBr%*)AVQ`{Z%Wes z#I(&MIZNTWe?uL^`_YIypUa(=J&G)QJhD4|!q1sW&p-VIcWHp zoXdL*w#3#BR?gY6Xd8$Bi0LTgNBW8lik;qW0HAcBB`H`0E~LB1DGb$Y@B-+}Ygezf z^EB%=(bTt@=%rawY*TXao2xnb_x2oWP*blPdk;5qu3hF0;M<)>bD-_Sz{X0>W^b=l z<9fAgc=hQ>Y!fW^-u9k7Z>!_H9(g!B5iiVgUEF8RaGjdOMP9?Jssf@S-3v5oBa^a? z3?J5R9R$P3D1+W<$j}7wLP7Ad&6-8ZLbj;1v?$67msN1tY!6Zwy0cR)rDe{Unnjoa z5eFw2lKGqEeuNkp0oPE4z>6qt-|Q4i{c>vQfD5RFh5Ku>bNLms$+renUNxEx8=TA0 zsrc%JP447tC?%~slbzD)%q9mi_!U|D!XHAPrEYU?t>pSZoHXb_UI9okY+xXelY|!x zOO}k7r&Wz(jEsdbvh6QNsy^OlBZ!Fcvg#%a!brq6kjx-zz4M)S?NF^4d1ph-SE^{iM zJ4c1K4kMbf8%UdVS3sUWbJxjR<{im& z(s6?;9*;Yn5$E>C@y4t?JKK6BzSTX#+KucLzIKqhjQHw1_ZIUzrqlqxdWrW=^E+&& zU53@mj;z|%SEc=f65xISJ`Hh))QZU%ak~PLh5^|rc^n>xV`WXx49nZR(u01dlk;qI zn5@eIm}q$FPS#W99UqxVKN#Jt0G~2y5&tE{FhhDgtR(&cM?4lZMU<|fuf<*bnCD|1 z^Bt3($)4h2G$J$_#W{<`WPD=c{P~IRyHIMxErCb=neBHO9$8r#OrjNh5~nZ^+xoCv z5XAW^dsikFf-CK16{-xvyZGTw#uIW}&ghMxVS0mucxH;9Cb7jdCU6DDe~T95CUhsBx*oozcH@LN7Yra(X)+KA`4w+eCa;FPA0Loau&dlhaeKK6#hw9Y z$=)39hg|_9^On&45sT9?>$!jzZ0Dw5s9Ai{ZUQ)o)yCVnSTuSX4&@ zk|6``g)IY&FRKCEQA){ba1Y>D>u+hNP&9;R-Y-2@mmyqZp5alaXb2%2Bj=NB zHT)F4J-vWZ|9L}BOYinfJN&j=EnfSJvEIO4k-qq>=ib6xsgWsF?zeb(fAx6BWPUoE z+m_dUPU4N#AMtn8`eP^qBHiEu@-tNUp$f>*_ziVOnw*P3&Tx4Yy8`eoTT!tUZN&ly zWLS~Q0hodS%ZiE!w8UaHT8Sl>LoTz4d$3&cWR#*9%H_n+F8h>iN}Lj!{g)Z(bizUL zgc3v{qGm*hDfj@SSdS5D?_k3!dGo)70vk1e-h3g`8vubolHYY2=i!R}TsUJnYR`wK zq#)8S2hL4YQ~A9}5J!a&b7WsBqnXjMcD@X|0xJ|Hp53T=CrrF|$ zP~`ZV7`9N?32UtF<^Tdcc;OLDy6liZ>;mU8>U_6F*1AUnS%j0tAZ0nd?{JF7}& zN-sB)eP^Z(5t*%DrA-qfvj#CTl^G){$S|oQoi9>|p5^`{{fWshj4UX~j&TM?Rz{8S zEj0k~WmXNx3@B?6RYYI}{N<@T^;uPRxF>m&YP1^6ocI7Q7)^Nc+RL5ci*Vm!0}Y?Q zP?|q~asIr7{~P>3nzTWru7LPzffsJ5E?hcNx>t03KJ}@NKS=y0o>kC5GNshqm4SwlU8f@*dnV zp>&#_^G}6o{y)XE{+!pT)`vwt90HsnHp8>3op1~vcLyJd@bHI1Qe_gv*H`k>m5SVwkMHL&isNz0xFTj`g z1}7a)x=c^d?OZ{(SzdbWN~wg-ST913^4EMfzsncR1(bO4HtkFOu}mZoP2=O~wT#1~G0TN)(T&HhD5;lAqulj7iU4C|$gW zm@C;gxL5p_E`-m+JM@3y)Lu%)xb|+pmz%skvi$b@JzuP=l^eiA0{2z$&@ZsQ2sc7i z^Wm5hjhGd$Elivmellt{1?W}aN$Dx^-^8n;C_ZV!O z<744&#P~=Z)+<|SCGj`F`KW|#ElNj=C+^yKaDe#xvnEH>70DMImgb8O5To;at61az zS^O#}yp#5+7oPEBNzuNd&=y6)O=MlY1ad8txK?Gzd5$tRctPYKmmdIZMdf_>Vi?;_ zjp(S!*b+|?>7T#o`2+Fp;Z7(KaE^!-fdh_)k;|%XG*01+g4w7F4{*FeLfbQT88&^qU%Sk2 zH7|oF{<`pEVG#GD$@$r5!%3J4)O_fyTF`hX6b?r8)j^;T!4Mag!bz+e?g1E%mdKxxogX8eEQ{KboyI#S#=NSsZQ4~zKU^u_z1`uGGb;vY99UUU3AZ4Ec?Q-o(a z!tGaGY$N3?mDjhF`;tN-u{Q zG#dDyj!=RHIgR}V)Hc7vJ@fw$7UwswxoPoZSet*>yxHamwz`J4F>dlJv1sstaM;R- z8`X&0l-!9(D6Gb=rD*u#MdrmRftaK!htHpfm+&2F$|m_*s;+8l^lfx~N@oJZ05t3f z!i!z}x~ z3NBkg{oZ4=zF=`e%?Xer4MldZvdnCz2x2a2+35jn7M;a0(t=@|x}5$K#|4xnvj`#DbO0K7A0b%*b25c+UxiRcGUv0;lm?x)UFu4_Ljbkdvw~7 zNX4vk#~=L*YDxDG6>B_|6qRzWPTor9Gw(?B;X^&caUO++BTpNu2H%v zAJ$8SHVYV; z?ZN`+Hu7KklgP!P)LAu-d2_Q`1~=vQxG05?b=F|rs9{jPslu~{Og8#KCI`9dR79J# zcqgvGu++&dPr2dD3xg3#H_RmX?eO9abpY=;PZ$g~{(X|%Ug6T|(-n_W@l-q>Tk%A& z(`xIe+?S5EFUX|@pU;z7j5W9gPu-@)FZ8lHswSp12O!q799(Tl0aFr~;|!`|;~Y2L z^=!I%a$CUsr1l2*mqH8(vrdsB@|PAgBn6fcA^L@P|9N1f)m3U7+G10Wr?V3&{zHSl z7HQ$$jsuI^eAUi&`E2{{k?iitY^!-x5w5@cZ}-Q>x0DTgEL%sne*a7VN8r)r`sUFz zMWR)2X}q(yOXOGo#Yl5BclAHSE107YR?vAhkm{qkNL4}F6s-@mUdAyqzli2$0s=NC zu_j>2v4Rw4(QOAY(HbD=4hBz$@(P#Bhw`D2k~m>(@q1*S?DL&QV3cB`MHDI4bBkPh zQ4IJOJd#JmU)fhz>XcraM+*s(Rhk17{v`zGG;Au07?C4%qtJTCv}fJACz7sF)SH6L z(t^p&(qN=E`-MLPA^-Op9e1vNeHReb>U_O^e2i#%-PUZ2xuNhYg79>cg#66v7l5bs z6W)2{Q$)?assSERP?O{lQ~=>T=$WEQC%4`>9jy3S)5$f>DUXw8?%}RGm zqLeX+yd?!o+HBU*(~>~@LH4!M@HSElmgu7FgR|6(R<39w*UYgYQQqILQ|9&gjiiAv ze+4~C&ab7EfF!APnax-Y$s@h6{Rv(Tc_n<$CRy#?f6U%_tkY%-x22gVUz5<2Q^~HE zznzZDaleyuJ|~2LO=J$Vy7iJ3ms0|i$Qn7?D#3@Zs!)%DJ?2#p_sFs zd<=FAHUQgutoHXuYIx{3DZ z{8_eTYSpt8{Lo*q{KiWc;aj0q-ON@Xm-O7{k3Y%}JbL`ezbPMV6IQPLj&S3Z=`&~6 z@(k`}ax%;0Q`#U=;-g_*iSapw@ z3$zYqu-D9edCw7GmnKOpjSHgO(x@Vn2}u~VKkWfcJ}rC=`%#XqE7G;@2aSwen;H@k z#Acn2jrXIop2=9JR>y+Ycm@*&IiarxG8$;%3-^0hzlX`t8W^v@$NK~D%g=E=H+(vu zQui5yr0N?Pi1Aa%e|?`MncOHeJdHA1@QK}KJI&flTPsGG{ z&^QVve@B%P<5FS`IkM2SysYZodq@A=aC?Bi{}cPvgKewP@6K(BUC2FU2yxnpaQpOyN}MNjhMR0!}Z0I!7#q5&S9a+NyIczDu^FNH-1#1 z9m##vGfbwW0)#Q}!-HPd{B}zaXIZMaiiOUykayQYK443d9GVtu0as<7LHZU3pokYN zs!3l*`Fk{~J8?fS9|J){&|o+%h7?fy*h{L!3>Ym$GC0y7xD^b9_X@eiKC=P^=Pg(nr_0rGERe2mteb^;r}#NsY= zrs~F}a*hxRwy?d13Wof$tvFP_1jVAMKN;l&G-Nx*)AJHhydny^#FYcfwte5et` z_ULI)^@*V_l5C>Iy8effD700{HqH4B>8cyotfbYT=p`tW(Soib?1Uf;0R7D7mGsDq z{;szc;cKW5WMLQd)}+WHRu*)a4EXeGH+^B-{I(;HjlciM%3QR+R`%TDZtLm|&Cbsj z_Fgxay)(W0@C}{VHUFCLUj5ddPfs6vax#0}k>l;{Z zKrq6--3>gl9{!NlKNz%Rr6Q!~MJdz(y^b*e%OS#VAro0nCIScSeT+>Fg_%$Aj=fpkMm!z8guxLVNz7~qMfp0A?9RO$lORdPMUr+DW=-I2wlwe? zR{MoxD4)znPnnY1QlXDfFp(W8#M{W0WJQ2T{?Nhz5IfAf4_Icr=;$n+5dCgA-E!IZ z3BvjW{3Gxjd9lx8$)n>|duUObXkX;UAzi4GBg5*VknsG4`75t?B5WjWG~_nUKVENE zLp7a~MM0XX=SCsE88%JiKYHwzP-{=D+Sj)0-D9nzwbWWq$544NJ*8|*jrOEFhKF{e zqN>!@CpmpuGO z&!Fgw?QYH8j?FM;8ic!in!K-g!2}e&L9&338J*3vQ^HZ!z{VHUQG685y-!5c={ax zdLxs&@tTu84Rp)k>6VzZ#mKmpj#UMm=MV*Z!^R}UX5B@LqEedi>z(s@skOG}fM;G= zdrQ-3)(nt|xEurTi<~pP)m64`4f@*E-=*{i*s8s%ps& z#ENv$azd{~1i~4fn2UBICoA#=Ix}8U(Jcyn=uOhM9hBnXAj^~C6+0|A-9g!0c2=ls zPikOBc-Kx*f3GZ`_DBls63P8O)MZLOi&Y`P>s^pg$z!41HT)$F@iveW zc80com>!HSM`}rfXk1rutw!vQq|unrV-xBwXRZ?%u+V@_!S<4ko+09nCR4x}gnMV2 z)K8(jUX3B=IcN{CX)(~keAgtoNlS&EJ#)CD}A`SK+8rTxrct&;gB80u^cM- z9AvNCm5{w+AF&_BE|UyZLqaH&U_~Ov6SMLovLJV~(mheEzV!qL1gC1KQQ;QCfnXzN zTgW;cWA-s{&qd1HVLu>f5b~kqS#o>Lzc}A)e$q@|euu@9qbi4Xp@O8IIMDqmX*Pq& zp^{2UaU?XG0RJz2H*70~+tgg&5pUPwv10vQADdQ=D9x8%?bjpu&k6al`Tk;m-YYyd zDvfaV6gW6hxjqo$@sGYk* z9olFDtSuu6u62`hUBGjWrtJvf1B<|JSP&P;jJ$LS*_=?ZXqBz`UTKA0)To1(x*R9hs5_{l{>Q2>dD zBMR^%XeX)J-II}UTtc;<%c%gK(j}jeY)RDo&DspMSkSk~IVGdf9c@G!;d-d;6n2u&0T_alfqrd1mLY^r=8>UE!yf}*-8u6hH=5Lz%RhGubZGe3;J`xD$`_n z)0&4443R#+J|*kok5wY*6Laq8m=FAa^8ftXlgHE7S)efXsxF9Ge8d@wf3V}hxlr)UZW2TG2=XDv79B|6An(y$5q{K^ETQX%$fe@^n zC2Z*=Z0$^P(H2{Tf6KIBt*7oYf)i=Q5Zo^*x6HvhfAKu3AT(yfqmpb{^G2{*9u|*S zbE2-L=#r0*Ux4?aU4G;by}V=C*DBw?P&<5Iqy0Lya9}E5g2$AV=m-bqn4@(3=F!wH zxinrI=+K;`A_xDB_)*Y6=8}-+-%;&;lB7P;F`=X}rIMYhji1>$V&gNYk9L>UQSkMCV>D;8#@r)V{t60u{@^1ObqwFW$ z%tyX2MnsL6EC7aMmeok4qrH-7NAt-tt*F)?4tno9Qp?4djVSewoTd@!ZH&g`M+SE9y@+R(xIac- z9a)|M;xkH@C$#}1D>;UW)XV{6BUT@at87?>ETo0=)^f(wc3ka!$VEz?Fh(O0*DTgv zo2y))GMd;zIGnLbi*DbdZ6d!|$Y|yztwEF{(=tS6%JUE=&k-Nhq$|&%`=|zppew%X z(L#_%uQ#R~x;5}7^t|RjFm$AzuHE?Q8_HvyF=LxKR_KiP&rejHtFI`0hUfR}9ogfD zROoC7=dz9Y{v&^M5;@fps$tzOYoT$Va~8-}M-GJSdkm;g!}iB|f!aW?7`lmusq;8X zcWog~!P6FrbHGtFvZ_x~v)FQ^7wRBR$r1K!ij2b~1w4{uY9y)pJ4vE0LHcN-3TBH^ zws(Y#gfQ6;s0wA87sTLY@*;re*fA!EC7H8{!uw{tua4lw;TFDFOmN!|75UPMkc?7z zx7(LFVXP>qnL*^o@ALcG1NBgFLH2qTf8Ezm8gVumx}gt=k9nXl?nVWI1wrOfIfm)D zr*zLRwL-wV8)t{`QmFwhc7iRU*o=m-LU2*(K8Rw58$NN2Mp1Z_^_Te#S)IRkSiN3w{dcsElFv=d|Wia@MOgnAvjIo{lRI)X|3O;LX}kur%ffQ2D~s$iM6qlR2yMv(V0t`EHeKp%oK|2LeMFdkYnS%t)!atTy1bX`WLbrvt3=alM zJw1mP#sXcncKP>@*UiP*k>ZZ2>qji@yju*a+h(%)T{|bjp0OeI`g%%$Tl>mh-pwC! z7wVk@MYKQ=$d1zRM!nEc#~5vI2QJ|Qz|6{VeY{2kC%+*Jf_ zEo5gS4oi^U{0v^a%G?@w!D{YtA1{+bRU6rTAua*CW+tC;M#3E@jRP$wo&Awh;hp7W z+gyG>U5#9{`Ap9;>l6On^Hk77-Giv7;-wb}*iVzmO*wR}XKO8af%qNsgnuaGA#;2S zerlCHTD~t*r}&3UBSmj!@?BGV_M`*8q3hl=6U~KXtHIe>8`v}4;*QRI*ejK)rLnf4 z*_VsAP6=GJ+Q^N6@Mzy1`x_6BtG7(ITSOx;KlY%NjVaSTR+RlqLq}4L;r49@+mvF$ z3v@)0o4)$*LJMlqgP5@{UZQFq22s(e3u=taKJ1`lPyw`Nb|H=Y7oRE-a7@4P&j#-}pCX{e78d;#+K=O_`KrzCD&b|U86Pg&`P*b>0`eXvx zs^ybhPd*gx3U_s_xLpeIic3OYAu=lbN?_8}onLl$g){uOCM@6)w`G*`Pl#)%($b3P^x;OsPa%==Gg%-Z6lx}I8I@-~7TW-cx zt#2E%E9v&X z_<~@t1&Z-}dd%v}M#Cw4qK{G-V1rCu{R#g)%vX*3Rn>Z|n~xU3?QD|3otUII)nS&s z5CnPsWT-puhW-{mSuvh098>OA9sodZcb;Y|U(7GxRp1LD&XZa$&pDS}wq+0D09<5> zZa+#-kuX<6?$~q4)<%wq&e(iu9(2$GwapYiA`ml)H&&IBp?oz`$#|Xqh`W8lWt4YS zC-!7|Cs2ft@^zp$Z9ZZ$niH*^k$s1fwL0HwmHi2yga#%d^A4L&9cmkHi8#!XKM7z# zi^DF?QJ;m8k-+Vq(w3y9(tsnR`v#-!NIy!eS*7%i~P`4sDa^n-Vt!+M6TcJ8$@)dB8q~BeKdj=jKUZx;-TJ2dtR+`bZqeC%#PNXoh`-L;_U3o zTtVUTg*grkHg^}Yjl-UkX`alKR+z=<$7c9rb9c`PkEQuUnxC0Vr{`wGUAyO|xSbE? zTUrXUQ={tg*4bLma%HZ#t*|ZRM^i?dW0{beu#)j_L?5wFvH~rSRyhsm;(7F?F9En6 z_0liSuYpXG_Ux&lTRmV{shJ~N;5-x#BDXoO(V1E^6E+se&Px7!Suxip@7yN7Cy@@^ zvzib;W-koRb}3P3NQ!o-dAC`P1$=Rf!Q2+j_hdYRa8vJrUYs;A*Q2DRkSpx0s(FNT z!(KULLX)*%2F0u5&0PohN@;E+Z!*u=`t}?vDtUAmK_5eBv^tWJ(w-mwux;O1iy445 zhJiiD3*LN8HlodyEm|4Lgd*R={Iy>FDU%N!+~qT9uJ?wT2Hyv0Hw=*1IUwQCPs`si z86qb$e%OfDF`bAyuuYi-tZ*)(4sSk#-&0BrEhrYK!m`2078=H;&c7bW!U`fe&ZIhD z#itPic~kY`MbacD5~4?HujH4+&=O?-Sv6vFOk^&t5_T@^;GF9NQ zWu&Y7K+U~yp@cku*N{C6K`!^Rn(VhNDa@;0ZK!82t@%~8G=TL85+oMZ9$%Y2)YY@K zb^JiJHsgy*1O5J5IqFN~J%jR)x10@DTa}h<)MRq)6nrD&#R)k!*)dV}x$QeFk~L6> z`@&A+Hj9#uWP&EE%`j_H*t*jC99gig0C0?TrX9bD{52f&Ch_qZj-x)8Gwpq>?~&G# zis$gQa13=!K|X(mlQlgDMm^JaV0SXf2Hl>mL$WJL*Ei8ICX7uWMhGnegyKnx;R8Iq z!2-M(0mj3QSsV$+Oo769mSz~^V`QFSWL6r+SJh(#KI0awXw$&YSV{OEbip1lJe%GxQ9;(8-ma=L~%v$!5H#wQ?}Wrtf)K-x`C!W#cv~osgV&N zbkLt`jNR{QAz&>4?9ufrTDcpcksee<>4^k|=acVKM$_C$2B zr_FtH{^lXU^4-wjK$kb9j&AV>$7XhLn2u_!4#qLlLsI$WsW|zgN zHK~-{A2KJs3O8f6(RPjGCVPYnbEiUc&TWouu2Xgt=OMU5N+wKQFg?n~E`cP!#AQN6 z(UnSyiex|x{EJ0e;(m)S8B(nLzWe5H`(5CyAhD#_Jz5?Uq+r}#JaqJE`O0PfPg2v< zQ^~?WiysNv+%S0XCD5YCKf6+-JrPRzTk5U|_CASzSdeEv6PE~JC~iR-ew>~=PGo^Q z7rQ~6{QPnHU@VC9V^Wx2;lvo#V#R0|h+2?if$|ijz6N2uT5v|tf?tvu%Sy%q63!3M zg`hPu@x-)9(4XZ~Vlr508^@TXH=c>=BaX@PWm(J?+V@FFsmpY0bOUjk600G)%djGH z3OJMVg`>N|E0MSoiMt~Sw5g0M$ut5PBqtSe{!A;stq4kV7uv3`xE00iRGKfKglZD4$w@^|<{S}U1?H7p2yX`q;{ z7aV~s3Er6<3?A?lTg$#9CXZLKX2*wW@)3jE8*m&%!D?`5u;!ixFMIi4f7kQ-haWt( zG!))_{jYQk-Z4KN?pb>1BSZWD>bA_GL%SlOUGs;*FC?>W1i#q1Tad>JFh1U9Td{Kr zT;Fyl;(BJY!LVX9DR7m42|gYNm7ZEHr;zK$o2N`u#%+deO*sJK=uQQa1@q@N_*h?A zJLssUP-Bf8B($IJMR~}4@ArFY$$!5#|HB^&mJ1hjy#~FeA%9UyhGV+ND$1@+;^56K z#;0S`3C}6+RCErrQBbC2F9UKu2OyeDm(DS1Jb&pm24eNxb6P$a)F{mjIZqCrP3)&{ z#Vl%;&%hf&0T*wtZa%Tt8F14PJLA7VNq6ebgWB-Kk>T6!svZ8|bm?IEw!69xeQeVHbF@jr$*G zxP-QELVRgGZYhsR&ue-^-38g=UN| zkqs_!@RPM?r!rX7xwPyv*t}Cfp0~B3$jAme^To~!=aH+ZMSU3yql4O7cHM=SHUz8m zD2Pr(BSMQjh}P6R!Q12$&@@sOwbBkTtNRL`u*I5a?M;;jbCT7h&JP+Tvo{$m)%}8H z`}`~tO664KH-5_)a9RC|Gh7}@hihTp_Orm2gq#Yw(XA`P*H@qQL|qQQ>_CwN&)o?+ zme~Gxr>ZIvr6B;d5SEb5?XtU2W$th)$TM_AP$#t#3@O22C>Sy<`NE+on|T>HnzHQL zhHYyKo0eWvPS&>W9^6QT^`0+`gS<`O2asYYw~&-?t!@3~oMS_gPcYKE9i5#kwJxPr>*}iY4sK~*8tAQM(&-ge!IDhnmr&BJ)@Eyu)Wk%M zuZ_7SX~pSM5U_N*yh~8w?4tvNbG50?sq|E8N{n=MIFnMw!ckl9;Id^77$($Oigt2{ zdnWy<4t0JbP0(@$+xw;USmx``U->TeW6@Zrxzu2K8{vjv21$1pLYW(QglM+;9Y}om zRGDXqA^*BWp{3X-+tcN)==3f}eSXO3u=;Y*#E@bznu&`X7EjcdA5?gQar^vEBhdSH z8Ev9Hnr(ANgJys{9GI(AdB^2Ie?-Ydq@dFi4RuGrSpMOJCmogw0V%D3v%Uf_kw81p zETfXu@5K`3xqGhO#pY(5yQqGI+gjZ!jFR;|Y9Z}1PkNP`vD+9aj-!pnN?ldzYF+K^ z?&(?S?NfSt`}%qZi-p2UKBoYnCtq5!sE}f5sh6uQaf8)CVQ{Mt2r^z-LDq~nxFk*V zPW4O`rYwEka?V#Y8}nGR-l^Cr=UlyERI8^(jhL6`uAHMVIH_6M?2tomeIDQ$>SRIK z+S;2mD|&J)#mm>0F_VAudM?L*af&uBY$R!;@$_Gtqs5-oe_@(h20a@Vdp8M%s@dmt z{g);x=P7NH0N;VEz!HK_Z#d*K2!s>v3MB~=Z~#9j_XPGHZQXjLt9Cqh+lRg1SArF(%~eQG?(60o2J_fd z-}b5>zP3NwvHG7z!-`-S9LiIQC-(H6@O?mnauTA;Dem_O^OeQ%Nb^*INw(d_;-Uzl zyvc$$%kd1 z$gqw=BxqJNW(5AqP#F)_4X=r zM_VQicXk}h3)>(`uUwwkT^k6sNhMcau>7SFBic%G=4_ncc*T`jQV%>O^n-=O;H-nzBiZ#myN?>Xl^HFSwn zGOhJfZ*aF@E}%aoEB8l?SO)x!xuB=0RDBh50U8IpNl5b`Zc?NqXAKCp#eb^9AGmUWf4)g*dR)A2KiN=ZMe$EyBBD z0>8!F7&6WMB;5}s9{DIH*GJ(5> z216f+tb_wQ%_|n&ioFhWAa#oX>P4Wg#I6jKgO6L8=KyW+&}zsCo(2}MzNMrea~C5GG0k-*N+f z8)RcXf5;yStp)>1Fd%|Et`wRMP6uZEGlF;myMY1oYiF8aLk6|kU0GjRFRTY}xPc22 zP}|sNH|VuE@M<_=-3`G0O0qt@8+?`j>wWgl@dE=p4y3l-J-_1`NxG~5;Qa?LmM1zx zrSA5vcob`uT_gEJdpA9J$F@Uzoe39=m9@=1I}dks*B?m^q4+r-#=%=fKABt8fsosU ztnTnCrFb}<4qq_1D#$>YWZB>-2!71uEdL% z8AfQTqnb2 z5XR>i2a{$7`?O#f*E~n>&%@;BoR{Ws_mwVniW6`Qlk-rJqHHeEM zMo*4Zd#>E2@g`~}6c-fWcn)}0E<8(|o*WcK<^a?@6rQRxP!pQd-#xZmvH237L@5s>cR#sW0q*2SMB)F2UCxyq*Ro(ZPYMCKf*9qg>M z!k|@8i$e6>bycVp14U?Z0~~G9kE*S@(H#1G6n#!I`s-%|qqc)VHPk%ZtPo+lM5yZ} zb%ux+gQ#HPqN-XML>3{m$QNBU6#^cw-;45r*s6T^FYliQS~%mK$%Izyi529JopgKL zdi*E4*0n?=M6Tx{Q?2lK>WUnN(-b$ft&w$tK;{kVVgo}9w04|igwE8`MLll}Ft+xg z^{(2WHU8-($@IrRUhf)hK9ek#3?k^m>&J&!hWu|$hFqh`koQMIBGtJM*JVEYNO*5x zABivyYA^DUR6E+)M^e$Qt7CEGOW`_?@~?!n>pqgNa-GKv%OnXtmu-v%mB5?#kE*=` zX&LahsN^4Sr-7nFJUOd|=oD;K%5cSlpMYZ@!PL-9-cs)*Foc8E+bbQ2w@YO5%ZU&{ z(;@82k*E@hM5B?k|9CaAkT{gMJE2RcAS9|HLVJ~xG|eUxtrC-I#QYVrWOf|a17O-2 znGOR6jfPBConW4>lm-7v-m5_cPz5iZZ-50v9e4TsBEbLVzWpk37(ukvPn6-*YKX*t2lWZZ#o>UW-w4Xg(Q-+n;}zNkTojP$qG&4@<$^jXjL1YU3~~4l zJEVDk?!HG`L8&ZuaLI;%M6tl~#Fs~&VA+}g{6 znpyVr(r=(Gsdw2j5?hH@N%rM2UsO9z=ABhppIiy-*o4cT#;0vsAs7MFzEooZ1b@8U zlux$Byt6Fe{*T$W;;VS$0sx&pQdHm+7Hh4vxT@-QL`f$>yA1Gh+0S8VL| z`N~8`Al^4q2_!R{W(tW~A?a`=CM$j8aRi#QhZo)9q^q>GD`E@hBc0ebskFG_ClZjJp3GMf1851k-j&6pKmC-*x-wGWPKjT`v{pVhz z()Y({dHqrm=rDoIi331$mv~}_5U}>>C`)s(``Ubx1N~%_kgEbFaQ4npNbfV z|9c2^?Fs1{t}FZgUm>Y9V3P1f&Vl#~=pM|Gk|iW2qj_H0jT9$J22MwYEZ zuXD5q&ZFg^0kq(XCWt0=+*%9F_=laP7^rwF_dNPqN+V2%<6pX!r*ZJ|>> zmmr_?8ww{Wb#!Y$$|6X~A`Hud!i4L+OW0 z4>V3qh!27f=8u=)y#^PmxTqXbzU%#Nx|Pad<+r>iHn2H-a$#ZN(RDrtsej?hA8g=s zAi2hRGx3<$gm0*>3Ym-*!gPwXc`)k$wjH!wMw9VQ>;Q~HsOaHbt;SFmVOhy#r_~xL zFU#GqTQoQ#80hkORwA{Im9#Sg#oiQ*ED$o0Yg>o95bFyI1+HMS7s*U)P+U-;KVG?r zhlUHFv2SpAix!Uvs-AT#kyJaj4X=X3q+e{}e*^ERKCJT&oN(k*q}v5MkUQMK0{`|M zHHSk;mD+%pA*Yb*!kj}+Y!T`I-#;UaYSHbZ)MMCKRkR%4izlzK%`t*W#~w{QVc>8x zognQCPhL{vcoUa%Ob(!q#UbMV#A1A2LaZ4g8GH?V3m9IJgHV3php_=)qfj9)VD}pgof4o z8vvZv+x1W}LP)s2J%>L^_Ws53T=z|%y=ma!I5F{mIZ$&+^7cJ_*KVuX0%L9I-fHb; zr6Zc@>8vH)nMBwmZr@Yev$bnu9Q&?cUEa0!36BHu1=k!YPhHpJiv?nVs?Cl^o7-nL zn)TNl$qZqOW`FcQN$__IPS_)xg#UI%=!U{l#PqFD#7>1Gb}EO^pY2?Cr%Zli?&$*O zDnsvLiybW^c-*2#v((kNlv{il;-%S$gd-I-s5sD+KtVrgbqMr&Q?246j)0LUduGs; zU$zc)MB>Zx<_;`{m7sTU#nrds#f(`oEuHbBMRy36TQ0@Q&S(<$&a_&69_bgV_Ydar1rivi&e2b(7lTKbR~o#Rb-*kfnPl)V}Gn-9zE>rX;{2lAT2(yqma|-cUEA>tyPGP*G82DY9Fm3i2SMs4Q_>h$^@;8jYDvalsvmM!m#E zMYL09qz_}Ra+D*5L%`k>AuE4M3NhPuVm**iL+gwpv0-%kJppN}Cta+iI%}>zTh#7^ zo#|LRf5aI^&7hlHF-5ASdb3Itg=B3eB^A1IdG-rW{@(k3XYFr}()~OD<=~5$Q&Hgt zwcBUHEx;j-Oq~XRFX;8F_38rFc+3`YTMf|}Ul38m2uRUwjGVP{cjCd7}v2KDf@-yV2maY?x7KiEAoK!+BRCFdxK2J32{;Tc}pZLU7 z?XLG7DT;lO_PEPo-l{jJVr%&Iq}S|xdmK2~!{DSWOS5MX8u^C00Q%540oNP}6c1vO z#wn48D^mq&16a=}4AKj3vILOi10iIh$PFVsAj}D71SLap+6}Hi%OVf1A|w`Y&=Mab zgyYgT102e6md;a12N^nao_G~L?I$whOHbpaPx?dznmw)_#B&?jBQ}Cntd#nbNSA{N+c`@k-HJp z$5iAXRUKlx3B zdhvA#2}S!F^$yy{2`J?AxO246s}c0^f+AWKR|u?QM0((wv5cXN0}^OqaGht|gTjRd zTjKTWd=d~77cZ1Ao_qBi^Gwvk{l)T0&Z9v_t!8@AmddA4%Hbj+hc7H%JYSbO4Q2}7 z6&hPFAC$}R@iI}K#x?^VJH=R8ksqn$nQ;WM^rAk|F_a!`Q*ApnN{anWl8R5=IJ8wa zB^jL|U#jL95A56Bwqx5+pd-FLTPLenr?2?3^s7Td9#`0FDJBDhLp-nF_x66^8kbO& zenK>;i2;hV8z8&5hh$9;&7B_7V7eD@h$NXe)K8#u2PnR-pTu=PK^y(-d7*vPLhAvU z*F;Q$w~F*uk!F!dsc3_n#;B;(_2UnW>&DZ`RBDxyL@7%&UlwRv5#;!CKD~{6pDs7z z=0H~AU$#%Cr^m+zH;weAroFCYMrZQ4r(yO)R%C(ve9v}Ye)jeABi-b4zj%QLiu`@8 zArY@$ymIc9^7&>A1b!Ph<(lJDABx7vh&nIb4cdL9EB*QF|%u3MHYv>sgP_7o-AFz67Ah!%HRxiuuej zgq#|d1leUlvX_V=yRuj~7C9F1j4@dY)cA9hwg8+FrH@IGhk}X$dY6KRFEGImzz$wG zi(1x`x30&xz>RfHzTq;XMCc!R4|^YQKNxIerV=Y#hv&fs_wklwXzAAN+ox|K%1BC3 zC2lrJnZELutr^iI>#u>Y+9$Ph|J}aoAux#hr5jI@%OP_qD2TayARh><`rV4(?ROVF z!U2w4(NuDB z*6_`1iHy)o$PX_D!frL18|es@wjJ#5xiNPbZW{NZ`*W_xl7pqtdoi(!j-vR)?K+Dq z-Iwc|>!c8c&y7w@jIMpb5p9pp8TJ2B($SvAd-8V>b(j=hfy|~Y3l$Zy10^X;BhiMZ zL;}U?HiyRI1f$WIAZXuGXJ`ZC5>0W^N`eG$1qWQneKRw;rqK{Fh0Vc`$sQ+h5I-uX zeF*-tE6Qmt-O7=2jDhaJe+=L@U^jfe+28|Xdss1fY<8>FKIS>*Bt9_YFOu>?xY*@x zH+)zP^9Fs$uCKD2%VE{yxv`{aIoHGYK|*a{mX|G}RwJk%B@tNv7Qepqk!$Aj&O;p+~k&bMrg#4puZM?1HnuYP;t*P5AR)`Ym*WI4A9!Yc` zN?(`1XT)Dhdd(C<0i6-iveK93K_G?GDgsHG^gd?94W5={1wp?O@(~deEG!XoT$AgE z_y~!ke4YHF8C%6%KUh@aR*+nX)#Uzejpyg#SG4bh|4d3tr|_K zdxbYuzdj-A0hf>*=%$Umo3?oPy*X6}t(JF=83)#4to#J2vT>3DSj}27MRL>f#)2oW zsc}s50Acm8Jn_IJ)QmMrq*%v;ndNGK(Nz*l#^qpN zapeI#lX_!GoiD#qS#Yl0jW<|Ud<32&)sW$HN;!lU0FQXXF$mew)r}V*bPD^f2Z}j^fASkOd*gf`ki>Z95p+ zggHAoG3*p~3gC^s;;@@p)S%_08?=|y9_nyE+_+QzluouCO%+0jX(S7>;VN`4!D0+9 zAu)fHSb2@dKn>4fjGX66{iscBCRK#)1PVSEVh}b63<@T#hYqddNB}uo_B7D}8g-vu zv28i9DY|*0q`G%v4SvGA_9vb0ZTZ0+HGgjBLuYi-oFok%xT|+^-eOq$EzHnA)Z5dW z7do~+axdZbqA>IJq$FVlWrg2X-El(gJ+yOpm_`ahvk~aSP#g9s%uZ}re$sXPly!-u z88)oYG9rOX5XnJiSu%k*0pGGdA4#X8QRt`fm=cf0W4XvmI=CVT(bUPrbbLBC6Gg3S z3stqmy4O01q766j&Qp0NSlW$Fs%w|)ND#V<5eBWd5YrCVMFzbk?rm2~N_y)pTisEU zVsTd{I)mlS{y``562#5kiz(-jxFuX2D-7Oq-DbTsDHq50w)c!1^>CiqaKtP)M9-J_clrYd_Y$2K}7OF7i3Pe&`P+`Osh*Pl8hP1H) zlW`YlzbsVorow)FdO^hp71}7$`j-o$M%BtCm;UN zQPD_D$wfrjZ^>vmGo6p|8_*(`0^b#|$!2{htP2zM zYDAHvk{prIOZ;hQpQMeQdQBb2O(ol72N>{vJBtU^ZYy0Vj~dfuHxql$c73wCM3gXwR~& z#S`X~;TQ1x&;q}s;OISsyJL2=rN>glg*677-MQpd-j#e6ywD9&FHrhxhB3+7lJ>@OSqso;HMCn|pLv<^Yp|NNYc{g8qCOsllmX$vt_mBB za+5YNv{v4eB0{n1zsb=$_{mvNLA@(UE9EZVrR6S*o-+`{3^32rtf-;eb0$1k2&gpC z12Xn-j%G0vuH?uh_Ej;>d;{oxmce)6)O2#DI)mV}fzf55DhbI%q9I(I&R( z4DA(t1yGo-L($2d9Xefy3&YhRbnMzaJ-IToePM8DWuSLw$Bb+^(b?XvtIQ;Pj+d#{3 zW|OQT!!&~oYBgsn8?VZEhBWKzM*sk7J^#EZ&*BY~r`&Vcn%|J|oU0^@_Wpf&#C>GD zQ_i0+<5|2BS<8Rgn(7SkNj4sZ@gl$+qSgMn>j?lv8 z@DeNPoiqWwIFlwcBTY(7m{cNcAiPk~{%*Z`-B}7@<^_mpv5j8Gf=2tiTELvxN^){5 zy>*Nufu<2043qzF~%8N=gfN$RPvFHvL=?+H;HR){XwlUWLQ99FuX%{4u#Q}{-f z+Gt-=x8epQU zSnR^=YEGBNir3ou4#)>kD^VkDJ?s#hU?+ttU|Bbnhz^N-c~;HHUW37F$q#iTel~e;xWV_{`n-~K&A8NHE$?EngobH4nnxI%M?H(JagO#vpq6>SzNHvwGQil_6Q!r?FvJL4euMdD@Pt1AEpGyRjM;!m$3u>mow9t4FW_U$0JJaBq@=0A z8~G${y8N}!oQCP+X~V^nMwtCe6hMv3-)PQZs82MbC_#K0U$crOFdcxt{=C|Ur-EWJ zqwcaC&Ma>oiG&9ROU3H)$o7Gi!J)CS(uv25VzC(SUKv`b2di7`aJQXBYOZYxlZ_Np zVLCua$%XQT*ULP~Tv~|r;$=*oH?c#mTN z@4+E*^Bq>qQ&z>$K2E9_+NVerLyPIkEmSOSaUDb!(aYmQwClM2U0M$~=4nl>x|fu3 zeIQP3`*FJ2IQb0l3@}KXc2=#9Y9~4d3F*Ed;@D3IK-lAl$4$|PWJetCFYxD%`No`M zpqaERImQS@Lcr*G(%3mc>neR6hM_iVTFC**uY#M2|IRlkpuP3k<>PTC7Xk;w405ZYp_FHb)8B8_Jud_5n0yCbIe(*Ge!O=im4eLA&8dC%DlC{`P z%-9cokb0XQxYsYBzZ-E*)cxfRL=Dggp>$ z<75wFU4c1fKPZ}w1>rV3L7~M3UqW(@c{!Px0be2q_VqIsra(na>H|2 z4pYO~ZQ0EH?5OYkiTSJ3U}r%|KnkNFE1;7e*hp0Gr;k=Y8qc|1_p*(e+o z&Pf7T$uzT)@Ds?86KI`a2{E#QmdPo}943MrOpWK&kKw9FGP&vtBe6UD5kb6-N(7~4 z-NQtV|8W>+AcWOzM!AFVFFQr)5vO>}DcSUK&c1RU zjuv_VaHHXnb&wnuTmA3)#aGW$Ar068p20;RV~dN82w-hUuii{^O^$??p(HB|^*9s5 zgNU>28H#QVN45-Bthc&Gr?+~1o$Yz+VSA>~=8bNB^G(V0+C6uMM}}%P@5IcQGcdVh zdn_@oZVG^l9_#Q%3OwO;xJdbO4RNLwIk2l(Tga~`0fwcfqY>1R5{$sKmtgXWb9jPb z!u~`WIBiy>anpW<)x$P1o;**MKfi!sM*AdT?tC7fiS{M+ZrXMn5zTC`lG%G^5th}bpmy}fMl~q^czwd zTqjX(9wk5<+f(qx#y&>H=No@b=?OBAs|HX@3L;4ScU%Ya?YG>xH~L}TyAl)Q!+|^M z`_}S;Yr%WSE8RNrCElQT_lmvehFdxsTUTacJEf3dED>=Jp4YUH6cb=orV$I$O2aaI zlOaqODH#?D8)6C|6KypCh(p#J(6X(B_Hi08v`lk~_IX;|XfLVzF%>*E?tdHYUpD#( zn~IOMkr=kw(?NbQ$N~C6(inoYxPt?@E(jbq5|yG9j~G*gcuefliBggx6#Dz2dN7}}CME(day(#BZv}5-~ulw%6_}unXoqOoEF?I3A8K-z*VnY33 zY-Fex!9L?#d>RMQFILxnBz{TdaX?)H`5LULsJKmq6BnJJkvr31V7{|lqmWKDh7$%_ zUR-BY0Je;0xI9FVDYkZ?QP3IDH!wt)35p{zaDqWLv}}Oz1ypJZPhL`Q!C*KMw;pgwXI%=ric^C@P!03=X&Xu}0&T1aM8O@IfH!4ooS&6c<>j2hxp?12NF z#D%CBjS-tWj3EAQw1CI)yTb%SvaUfSv&1$oEXi0#JX+*EL@F1J*Wz<^NSobVPB-*JU9{`%@gDp>1Uv3MI}H`}Pd0b?>rrP+hLB)V*WPV6A)zYvrq~?MKaCH3D+ zik+8&AEBf`8hPziFZMz78jDRl0UpXHz$k-v+KB>^UZ(vMEyEgUKTk^$EiXm1T;G9? z)jkZ6-D9L*VWeRMn-w1DSKu7QIN?_qO;N-O;Qka4eW1*6aE6UjT#fb()sIX3C|73+ zAYI8bW12QjhfX4oT^lr7VHh-8V@>zkvvq0r%DIMsL#q{gq7%*aMd`L1#GSUdKK>Vd zp!Dj$n$l~_;++q_E3Mbs+v2w|R#b-%^+^P$@ah@Cu8Ar1!SiI!plz%tHs5i~06QVe z+|_tO0jykK3k0&5;B~ctMhNc7xubcQ{chz_IGoDT2<4S6@?m(VwEu>9!e7RukxAEM@=5+x2zO#U=unvsN)I%q+fZKwG}wMAYpcc9(;t1#gJc?Q=r0(tE>yCBDAL?e+6 zWKcgL<6(B45Ni9y$23kTnhTJvU&maq3-_qwHh6AzP`fpsv?$#B0E#v^4MvNxSzGTe z(*r1+;V|`$>ZbyHV$_9%pvBt0l!6yErxpVrQdr8uHhb-~8m^ zmZ6eX_gwkP`bahO<-fxi*@X|NqjoZG>OXpwe>9cg5(UX=)qXVRnwiWdhZP;I*UQpL zJM)g2W{e=%TIU|4xN@$m({K=Sk6uJE@-`G971h-(2)}X$pe#?JJWYyg@RNPSkLMt{h{A+WAzXN7CjEj+kA}TU#N!QnLG~Ub zH)p0uH4ZhI6KwMwi#U(P<6ggSi7J2u#{#TlwYWO5S`Zei)nr(A9j9Eu@>mC#285)9LxCwLhciga1DMGu)nBeQ53PH@H4A@8;f~ln0Q{KPbFG z*|{u-tF+W0hS74|2wH~fI&of&!B|1nLOjs6?jcX0CrIbWZ%Pp+1nRLEo+TL256QGW z9*eC;dzDDEw>O$v?&{JP*(=JFIi;dfDwe?JP~23=u2dqym0ob5TS}FM;!NAjRi05T zC83#+(1@MXT*%a|V8Y=gSKM?L2AmE>bR69dN*_G6{V?6Dk&4KURz zjVy`(x!4eUd0{I>-Jii`^1f0zXle2^CCczgFK&U#q z&mB5nRFpm++L9l?XK&S)=?sgBv0JA~!+B46*L}05j{X5pG`}#}XX`sKk{P)Dmv8Rb z8(4e0?|_<3mXh81F!tC37Tczqe__6Tq~wWpm_2;eJ z@#Mgjh#l8zKu{1lR~uJoqG_lVB~*CXW8@`Y68Z9JVsQ%%lN^;KMnI;(=h0qLNAYtU zP88)F9n3?mGU%84BJud3bvZxoUls<%!7*V)$hb06CbOjvqza>37OJO&TCyh95TI)~ z)kiTom(NjD4#WU0d5+6jq*NJgR-Ann4kS9iPEXS^8yZisi69LlrVV)EU8aZz)i-7c zvjg%BxtQyWSaKtku)k|X593}GYYRQf&d4;~~J`gNcBftRWZUj{%8D~5kJ zFll)n`_E?4u*$*W{WM20vHEDX_{bP=`2vVdG7%ZAodg_yHbZ9YtH7k?&E^BRQlY&j z4SvLAN=YVD$y9%SIUI}C^mdzV)oM|!7OMs7p>vh)588;?vn=Qz)jzJ6^~0SV9jmpf zQmfX4s#qQBD6jPQEYzl}Go3T(nbb_inKbDHn`6deK53t^&IL3QXxigPUL=#9|5$Zt zR2L_I<_03Yh7y3u8HAS8-5_7Q$|U4OIYj1a+9O4kYEhBwdBXn0dzE&ozFGM}q$)kp zKAdwI4IQjwZr0n)zI-$}gqTL7UZcn>~P13X3vJX_%&=;uW{`+iup$_ z4(8qnbV0xHUxosgB|mxiX1DzZx~7&X6zGH8( z zLS;JBsByFb&yzVYNFn2xgh+V`c9vg!T|?r7=R=4tqnoc6H>Mux?njU(5G1bo2Uw$R$oCKLd~(P3Ut4(Y2Qx3@{s-#wA}X9v zC&M9o5NQ}5yW+8X?1-^lHQ5yer=lXDKzUnQ)z`=IHoIMj+3j&tbT)V*G6Pn+X|mvT zC&0r?%v@g5vQj)sX zq4oBUO=s_LooYXGX6xa<{^aK6>nE1pLBsZ2k2FV6rBDigF?|<;Lk11I>JRS3sTdY`W)myOLIM^BDQ1O~$0drS# zCflq&zf)E`ey3MwHU%t3uP%T>n-*CKIQ`C5O8{s^z=8ZR*{k!eqB4l0$hwdpTxuZf zAs!m%jLmL2>6n4ff+Lg~Syx!spc2!1g=8>86zCPFlllX-q|i<0*Oxm*iF9)%m8RPd zap{F_aj3K{d~^9oU!X%FnVN8R27dF7Hy=78ZtuRXH1g0$<@)Ny$11m0&xy8w)%xUD zVQb!t`QQ}3p!!?Tsy5nUnTwtLd9>Qm@@hwWNgd>v8-tOf(2a^@)EOl=qO_?ZB5|~s zD2m(VSTZkRE{r*aCB3|4Z05pTK2O2ompNLrUiS}oh`0v86ZMsi*!AZ9=E#4BO$4MC z;3&$-(u4JanQQW=zT*}D*t_~5mub|tXzbM(>knb9zk#u?3BRFQW2Do^NO;3#^`zQ^ zqewIy^AUl9+XH$@kH_s3YSm5eljpZe8rBd`HG3Hl$niDYrM|l=Z%!R>qX8XF}4xdnwaKElqGfW6lxhbBwCz#Gn&E za8NcXt)52e5FIo1xE#b;k#inyU>ypi_6iiq;g6u?GfLzU2X-iw6cX;Z*Mr?8Z8F=B>Qmt{zsGwl5pf+8 z;&DreefjLsVC5BedG7Kv=dYaq9%18HVXjw^#nTEB(yislSf-ocqO}3?#50vMVrNl+ zEh7%MZ_YZk!nK)Fd?ub8^iaji5%)+WKJz1eq}UVJs@JC5+D-RAAX$v!!7H<<3~ZH< z(yeiQcVXNU!Wq@?A+wSTUVFIsxQBe}jD+KkNs}aF7UTXV%EwX{KtI%5%my=&08!an zQGzXtg<|rWjHwW~DLJOcABZjsUYA$$qN1vFDsc))@_zVA>}Jq&PMd-M5--rYriigW zcmCYvE9WW8aIwj?jBtkY=%B__SRZ?h%dEi|-XNFfKGO)V#mGc3TC{J5le=bZ5Bn$l z<6~eCU(Cz8a6-J{2HB?nXYhyXtdAcN^wGNI0?TB6FOA z=BX>ta$!XncyFkK=qs?I1Jc1x3e(4V)D)?6lAdNx(qJGA5)eC3I_Mpg-yazBkJ-ko z^+*o({^Q;`xw6&mzn%(PhhMY=f1g6P+90|mC|Qh{6X~?=wmWULL*3?0Q<*8>Ud#pY zTeSFh?Jv~+^AED|YOl?-hQjD|F18wRvq8_pEean6hsO=T#Hy$<4Ro?c+dI2)bEF}Y zWuTIIE0HH_6WO>u7l@}V60pcma=_Ic6&`Z7MrXwFM<|kc=;8e zyo^>|B<={Jk2wG8dDqJzRBFUnGq|LdOmE;3^C$94wP5J(b!qB0ytYK`*VxHAoQsQG>yVXvI z_z}yf_&N2iogI<>UH#DmRZqr!-GR7ukKW-hQxVZhyRmPJlJT2uaa$z#Uvpb_RtoJZ z?_rW~J@~D@1T3l>n&{`x2r9gF4)kq5VdwqS)qo^96p0{8#+4YObfABe6z~)x(gH#g z)ea}bv&TEQynrRYHJe(_we{#t%cXc^JeMu?oQmu9{w*t=3!W9PeZ|jdSm;^8cd+}P zhj{8jid@(0&%tzqjs5burh0?UB-S#b+t3KfniaE#G!of*AHrfLkXKK5AKB8t)xR`# z=Ys>1HQrnH7IQI!Nx5dId!{QW4GvpPlajUH-aT{OKyh=`ju}ua^Q>IDkAwfqW?f zUQ^WFVG<2t($vDV1j6JE4l!I8q{V_Ip%LHkTF@302lmp!A~2BFgt`@P8rXEyl1wB{ z*OQkX34SFg1!KWj#%|eCzOTLQzRrGH6`A2gJQl!OXfF#(xdAMUu4HVotG+IXObF}Z z^>g47(vm5$G%kWwg_i{<5H#JfSKb}i)i&3kwon>^_TRZw($y`Q;(_wDH~;)=#cs2R zzy6fxp&NhdYN54q7q68*F#Ei=x`{@nmmmmgAFw zwnC-!a#V2)|G50; z^26W}eig46QN?)jl&chbCoYz}7aq-(Vrgy8p-exzM1T*6*O*WSGM`Yv3n z-=$p(!AAc5KgB*>5&m_xozg5zv_E60sb$4AM}Q8%cZ8*3jDzI#sRvhJ!Fu_S3ix6r zYE^Uqd0tX$ID=AIaQBc3*hXP3ZOlZ~7A?X}3{M)84*mBC`w?X;4B%^_5kHUE4j7@r z0KP^@I`!X0Xkce1j_n!in&8q@D%nvSZ5vIG#v}I&LLxPq97~M3k6G%On^?V9z6U)K zvbUiUGU9L%QGYZQXkkBxfF(wdTEsEUk~p$pA(UGaI-B^VMo{9A#pU+xn^MJH$96kn z7N6eb=-D%rEDeu`ta;PS;uDK=l^d_y75!jp=Yd7>At~Csqi5uSBdREY`K^8WaBtsm z+$f1_{~7U}f0*6BZ$6UTzLSQT{F~BY=#y>2kIx7>^aD98!_>3vndJOUKckQ|HaLw1 zrmap=qDZMi`yj12K1N@oWw#g~V<=$5BjyDGHT9?#jL})ni*UP8X92H1PD75CV_(oB z=L;XBPqsZEm`XGT7zK^+JC!WPBd0QYy}gYKwj^f~Gu{>ZF0NXm;a;SrUwILVs3t7o z5Qmxe>Z@>^qo-X^J2v(`bw9-x!49sEz*RY-9L^#g_79J5OYPp496da$Wr>#5cK>X@ zJ8h;=%--zm#3n^D`3E*{3c7BY>%MhQA7zSWhvwQQCL{@g02jhrhWfmke(HyB;;%99 zW5N&Atr1euf}~9a$WQ5@TBV@@^hk(2R3Ub8hN?FBoI-6#L7W5G)M>j*fpd`J!d-T| zKZc%uiuw@kSv5dIV!YFGzeSQPg3W3@Egc*(3wg0o5|ug(VXSmJr{$@=7d}} z4$p_ft2n&gyu*>t7994I+3C19m_hVYaHnm?pwFGOa##xiMo{ku(FcH3pjOo>-Z7OL z0X;3UUZWI}`Hq?5x&TBR|EFYWQWq)pCi09aq_H~pMfm9blrjW_BYPKk5i^UwdDquTo zFrGw*gq#+^BIx}q&Ru2z;aA6KYeYC?SAcE%XWkub_h!uXRTTZtG;7q|e-$6U7DsdC zt(Lpg?hX89JWf90%j#jT32WR$>L!wt=@|}v5<{WNeM?-G1jQc9NH%vRmWRNC z8*;E^!8YQXx}{rpuP@b>IH$wwYqT}mN!v&E^H>Iid(|-?89Vj3x>d5Tt-z@%st$2= zt9qTHM+92XcG7w>zy(E(s3%Bqbu@SgcJjE1eh!JWEq7A~a2sF(7UIhrr)D$S3GgjT zAh};WwH``#`>vLis14fMM9Zqfpozjd2Kn$AAqd@b79(b(WMdm6i=qjGhhKVHK!Q#Z z3B^&J9Ft?Q)A587PbA`Lx5s}Ji03i0*(*y+qChG_d^9%d9rZLK%Za-LLj*XQV1hjGg0}YRvV|%Fq3&Z7h1DP>GJAnhXT;?L>fUy9B9*ocEmT49*?FjD*)*2f<^!Iz zct*55{q7JVK?k_kb^P$p)DMK{9?cZ>YNqHDGr>p_DNhnvM-pxSQX8e8Nn|5Q1GrEk z&0C@f2WbG(S7dSf6-sxPVh=@IuvhQ0B^pM4QZ%AOBT*sZLTtVaX#A|2bb6;E3HhXS zQi!1liq5~{vKx)g=nSznQ`DgbG0{H5;Np1(@f-Eu34LwBnyvuVUTn;1-jDEr!hGmK z6hYC7(rpA8Gvd&`fysoUUYo83WW0aJV;3K2RHti#j91>GepA6qxP-mCM;y?qmZO() zbxjEEo2)-&sB_ZnZKo-dbfLo#F~Vh*aO>>iK#Pm@;>Mv2EWLfnb!rgC3zrEsikEIXPRHJY5EI2FSLT}qwAk~<#zUnem@L3Cmv zUVZ^CQLW-B*Ezi(!Ug0fy$BqqHJZCVETTh?TBiDfLE2F0 z6o*aSq0b{bUDbi1fvR(d4!fM&p)W1u4+VSs`@`4UP@ck+-M4>tYSGmh+qW*M;$2eG zKe^}Hz0-l<^xkXtO!yyK`-fjT@U7o|a<=_L%g1~BjxXQW{+YG!|8kSE?@`f-F&&0( z@z>agdcK3PWo7edOSl)8OU_lF5#lLR8C2Og94#Fcwn|N7a62>dLv?sVYxs% zfkTRi@l931^=6P6anagCi2D?hDW3m#;)S~-4@RWJs5syc=Y76>ezj0i3MD)cexcBc zoK-%eNbLaUJ4>Bh#1@dr2Q6Zi%h*;Gp;~hG!K3Ev?JLYg!Y7k?E?Vm>2{w=3Qmx7; z*ScQ57Hdfh#vrFy-N#K@UVSVVxps#(u9RSgxWT%_C0hmwPVjxNk9Ug-q>Zfj&eF9F zS^RI8u(dfnmYpp^dg0$JXWMbdy+`|7WcY^4w!A0dVF7DZ7V;_z1`DS}NrBT%)PuTe zRBZT*QL;;`PK!!PkhtGi{Q4r^L$)kffuygH-3#U$wtK-6%XY7HE}WID3z9z2w0o&m z!XAn0T5QF&s1c5mrm%XYTe^lU-UZ3oNmtfC^ULyw8=omG3tz`)a&@FAr3q9Os%(RK|(!>w|Cq zFXf0R-8a3Cq`hU~8;$$Ep+gn?3$lA)UUIkNNdz<)U zs+B7})fhu4sW;*`yvD!bl<-`A4Da=M1>h{ALL50%6?@B~lmeQBRfwZ62^UY@Vt*Y?T?3cpC^{&~?{UcWEq z9q0K^X{9s|{vzx`+`;pIm)3Xt>hs{nbdO|Nkd5v0k}-MJ zchFn}>msE&()%@j?FecjeQPyOzQ7d8bZ9f!moIU82yM_D+liz!j^YiQvs3wUNd+lE&sr^#` z?Ne6KEVtVm73`>v-2#|eQjVyjd$V{vSQ-E<(7l=DM{|s*|60dLC*NBc!5HZp--#v0nyp*nR~5d&Be8{`4i zc>H^s2eMuJ4u}$-oqO6gh20C14XfKmP-I;Wrr-Xt^gUi9f63o*N?59|k(=7`rsRU? zrys;?q+XYZ*2qEr>{AJCjeInp<+?;Ux)Ob(eI~7a?K7A8Gx=BCTo}ZMO8(ls=%>pY z@}mCPv_`bgUPb^vzvH91etbBPMo1Vce6-RYQZrakf^3#evdMJ1ZZ29(OIqHQfKXdeW}FH-3>4EAtWR`nIcb1tE;AKe zj?!SLM2##)D8Tj!aRq#g5ALMs9SXFCc!2&l{q|kVBhxMXWVM?#JGkX|rL&)oqL1hV z%LbMj`2A=v5%|f+(9-xA`Z{C^O}IcXKREa3NZ*vWn=HH`Mpw6HFu^OeB#^ zq(Cx)rRP{=J<|@6DWPXrdH~mScd;=b)Dpo^aoONnPV@#>9tepcYgYEHL>Fr9T{7H( zFTC;`*YaReMpPt)m%@dd*mF&*A7ixfPhU5aAXOSZzYXk*>r9PEK<{=$9Q&_Lc8{hb zof)s)A8|IR7c>2n8Ko`dt95uP?K#W9J`igTkCcbXQL7om{XUo9p|2A!R)&iao6+S@ zf};_6cG6#v?AiVHPvl?ZdHFxIdD+;*b@DxhL4A5bXQ<7~hSv2}ul-B&(psO(6oiKr zrju{V_PG?us}9JkbYo^hJ)*r%_c8d+ort8!2)$zWs)alWFuV{biYHa-{3>;RCs|*b z^NAqFJk3xuo*Oeq3D4B9BtG23&xIDZT#`P#brT8 zH7dT;m3}(X=FYR2I9FwoV0&7xWkHwXTky!N|uJpODUt54T-2Thkubp2_r$ z#glE?<5#y!iGfp(e!O2&uFP)!%oiT%yYk1Rw$mIM7InG-aX0kcdwG3d_x3+Z_e#&w z`PCuv{4yIOstI89cxUG<5sVn6jd1zJI0x3yTE3h$G@JxWr+H=eo+)kh56KJNmZf9d^eS*CAWjeg98fYv&yPn>WqpEj>3@tK((G z=^Sw#b|qssi;s;v+5-!UdEQ_(>chp}NU#zdH+wBpa}x#!eTR?lM0B zz6jm*dI%4X*ZBarp8|eKal7m`pAE>kWL3cV3p!-01OVAKrbmRW*W+{urle`XB!lqY z;qaJrI>9>TTTkpjuXf^Z(G5Oq`VR}|Rj@Re}k%@co z@4H{<8`*jf{+)%UEeW5)!;|PIBQjgIsu`=r2(1^aCUv@IyV-<*aY9v1PgwK>wEJ|}$}yzNEd+p4udu0w{tC;;&^!P{6m>qqlvuJYnL{Q$h9T_4!U>1ME;)X`J#x%7O1ZoQRly%m zo+{#4q{RTL2#gHhoEEzeCm`{5&?80$boWG{$=Oe=W8+Ra8j*wfIlB?jxy|xy*HnhvVE4a(EYrb?{;qDJ~AADeTOYoU&*)&qC?H@1r3*Apm-gevM zk!|9v#kg;7>V~245%Jryxb~K-u(cI@00lYJ20=Tf=Bou)kxJG?C`X6J{@`7DdZIGTWSS6 zoQ|v@gVp-9%ci)1W+D{tw9}>_pWbFuyf#jn2lc6yg7lfb+f%P9vz~%bf7XDNz;@YB zMP+25N{G$3bl!Q_ZSB`PLqWgo$?B&Mi#J%K*L?SPpBO>eoA2ByO-}sy%o0p%lK*rs zkMg|&-@tJO$G^eH!_C*hD}Z}1;|=Szuw+P^g78PJ{6-wE1p)q+O2~JZlmh03geZa3 zpJMBtIz2 zlosxd9W@uRGTMZtDv$yEC4s`Bi;i{@vh4DLP+qUo7dOIG)6AR*_sj(Z!c7JVo7qwK|>dJ$ow;mt8 z=7{#F_4$UF5gG&V=b?`~c)rv8yB+gM5q^od99T(4gz8(QM02Dnx`~cC0n$uLxS6_G zAni$@XEwOPJOaQ}k6<+zPU{6lFX)q4NvLl}1!iocg5El67}K*z@KDAX0i2=E#dn!u z>tWjD{U=IWnrWH5BtBQ#w{Lg;_Wt)CInsB1qt=o%HgxJUU!1%3_kR6LGd$gXM-1bh zRZJfE0&tJj#=Md(d|cysmBu}P9QRDMH?2ay8bR!>UXbl3Y&$xm&Aeo_ih86fh;_yk z8d(xu*f+3q(1ItuOH3j9o(2;Cr2Ez;74h3weqDS)S?l?fctlzIf^@^~D_`C%er7lS zhI(B${3hTl^|kQN^qZs~Hjlr^>%N=EC6C|uRs6<)@WdIxgQ<)e&dMxRq4xXiwh)fa zGKl>F$8m>r*db0h_BteFo`41KtQv>HbKEW7>lSZti+fRzNU!2dS%0nm<47Asb{qUW zbcrI~qlh;v;vOK`LLew8OL{lzsaYII+92;GX{6+!eYJ}@v&!cd%i5D?`2^j*PaYb7bbscLcGPhR+>pn&CF)XduIk5 zLpz5bni@Mky%YWNtGI9EgQB1MxnI79<7UntUO$GhJt+MJ`t7gybs!GXdA@!#_ZzO4 z??b<(gukKqdtT5;L}1}a2?-<|(Y~o#uL_QXbD~Z&LAklSruud+$z)$)p_0An)`v7e+wsMu>}aYD`&jFA0f+ zDQpOsb>8F{yK&%haf>DV|*wsa-u zx}yA2w4>*yPfO?GTMmwFzU}%wxt&{c2X4N-fA6m0L-%dkaeIF2&dl9oyFT}Ut(fBM zYnVp9aTqe~_tkKgx-m=L7^Y`odgdd|t&_SRx7|U#ihD(Si7PLcn76VR1S{hl>4EAb znY|#Jf?iH8WrjL3+3adqz-$+UaO$`!)9xqB^WnR~Qn;)AxThAL&K6cOf<3ShvDkMS zR*V$mJaXWfAFR)Hpkku->bLk%hkUE-im;`Kq;kAe^R}g_o0S%ROlC-XM|pDE+Vq^HMO5i z%1#qzQYRrl9i$}Wsc+LXA=5PJ(`5Lh=rBdTz!Z7sc>$p3(Q+m+9TPV!0113lnD$Bz zgY@F9eS|A@&~BQi0Z7vzjp0b4=~*sikDHQq(Ox@V)vE}29E|z={r!y!r~`pn|E$SW zTImmByA%>Dp4f`dv$JPKn5VHo3@inllh`KCV1f}EOy+}woZ1c3=gK?kF*N2iwc6Y^ zfX=lMeMc2hYH|zBzAU zb0OKe6aFp8pocMDgYX4Mh4)e&$hSz2LvXXmVO0+uN2(rILd6rHl^7Vyacf*S9u2s> z#})nYKrA|~%z9__zu?+Qlt~<(NFim6wOoFc6RJ6AomIWtT7MxIn z8-9^XT(R9upJ^cI!@$}h!(_x7;7oR~=WtRE zB*`_2gU1zTc1>oUbOMciz@FAIKZR*|Oi0PoNfaxUU>dj^94pIZ^S8_w?n9 z6SasnREPq+^MAYl@WPNc(qEj~6SYsFRFTQxiu%%J#a|noC=J}XuP@#={Yc;Tn6o;% zPz|)+Uo4&lyG(N z^2;P#pcP&{Wa|P(tXCo>JTfkA2C$()lUHF|+8!!CxDT=Qqp47>fJFQxc=6`Koq2!% z(8x}Q$#-BpH943a+U!Z@)c3%v9hx;G7d9PM0(RZBH3-JzRK$$L7F)cxSlj2Z6cZg| zCCGmfzQ-{MK_7^ue@*ojsWaPX)wIzZPttw}J%$M&&@#CcS|*o*KEpIc*h5*VLd35=U3ee@3AG#R%0>PG7p<`Pax8N^+-@~4kS1g#xXh@c-;EZ}akFZA6vSvk znOKZegxYNnoKW*(K5vPYt;Um<9e^6nxn3Zx@G>YME&w}3&@?)g^0h9227;Ey#$|!k zpaVjfGCK6s(Yy%AcR*A@;10SeH88vTJ#ByK5%;@uh}uyL)@VmI)e*Co%j0IB*WO<1 z+?2L`uXg=`Jv$~7J7yviJNI9EZ8=hiC}y(~&4tr@(>aqrn(_t%R%@ya!gIbDUG z5)vLeBbd-dn7~NPVFA^Wpu+$zffed7NeLvp+8v7B?yxU74#9}=9=Alk8~I^G5|9=w ziHamj&me{^Y!3{LoX7XbpHKU)%ivk$vQ_C zbC57;lEL_m#SeAdUaE|?c}<2p7jLZ-WD$2rs63nvbcff5#owy)V8Lp<@9j6GyCBB{ zz-YRKKRhFpwJA|khAGk>>pZTy7u=G&mp+@e2DB*5jjPIWC}{tOwl@!uvbysApQU=Q>Z7I2P?|L{qETZ+6cyP) zKnaSpfQp(JsrPfvQ{6O;nfd+kdt><4?fabP+gxXfwiP`s7ejMuXMLe5 z*p-*pP?BbSqiX81`l3*_{Gm4T#_%U*5$(WhEDd$CnOR(f{DMrsxG8(2*W7N;@lhhHC^n5LpnR zn~(t%dpGw+#pRZyOb^9HPwm;2T9%xf6WwKXw&ql2nvBUAdrqel=N@{-o`2E2vIE3C zh#nLeAB21b;?fn=;&c>9zs`E1T4OaMRIZwdd`%&iR87upKG|TFbekONEl9TI zOTuco`PGFAe%a7K>3w=i+K_o%4#5Dj&)&fO*&-^zua3a@eOtfq>n*ax3|V^9sa2Sk z#z(xSW=~}e_dcC4NaKP-ms_tGy)!Nfb-{0xL*lYL;mpq9KFVY)CPf!+1<)YTqKjKO zP3c~vV>m+~oh{$RmMeRmSsQa!v^%*VD>2vYN(>}V=yV4PqLx^0Z^`(U(WzJGOqjXA za#xP8N^?a`i*ij0ZMpEo9m`%^(e#DuztlSI2e*G)WG(*r5|Op>W0gIJtmUpA{$8lE zzZ&~}6|x^|rffA59j}8Cq>lI1-XMThkzX7VY8KNhhnHkz#IG9g;^DuvOa4B}w>YRe zvB|l$7;I(%SYd*JU-rHGGdObW+*V2y)4@7P#;>xI-%yG)a!G7#$LLzVKAEw~8*1Uf zW^&WAYE)@dBpkJ>pc4;DMyRydY+2!q&#p>N3XK{y_KuDzqZ{t5qEfJH&UZh!dQsK| zb)>qx4!?+F?($W`&+lWUQOhM^pJ()CSgIb9Gvq?|Bb_hZu(`Hu-oy%bZcU)DHqRUB z1V)dpX)E^RHFlL3RaZ_~Qah%DPnFh<%5Sa88Q(G?+5Ee-$_Z83#hL!k=@RnG8w;zZ zwN`k%?Nx0H+w%O;IHbv=T1slGXG$GM_Ww|)>>rZ8gF5b^?Z+64L(NyUA>O<9h;M{ytLV241Tpj(m$zep{oL!7l!nZqt* z6$Rs8XddnP(g8k1Y5vsQrXQjt50;UF-pRd^Da=l<*=iJ0M>6B4-!hjrEaMKACw1I` zUDtk1=SSr;WO3r24VrP3=j~8}?nH7v83DC^^eA_gZM~jrT5vC-Vi%QQL zpHbKIcix)LnN_tDDpPZ==-Zf7m)|tCI;EnyeNwVJ(f^`(rej`1Mo!%or5(3@ar{?2 z-kKRpM>ma`RBz3WDwS}vG>Nmg3f@1+4 zAw{VsoCRsI;Vm!B6Gn_ZEgmv(1xYMlGdD6T7)7WJacWV-53Kvp{S;O@&Tch=l$s)_jlyQ>FNNnYd@@1_`G|EP;iY?8*gWH>?q~00jxF4dqObES5 z_j0l07!>ivUp@OShXIf|YkqllRAg;07_m-PMWE}3iSw^2oAvc+W>nH`aS74Zh4Yo; zE4iZ59hY4Xm&z%pxcIpE`}iP9W}MIV z-Vx6wz+6uw`*}p4Xr#EFM|y@`?ZcIVtoSo#rHD*-4W4swZZ3+(>5!q0`7bQKca4pS zYWrcbc}Mbpg<=Y`(n?}oQ869OSykz0XU@Fv*W8@Ej2K(;-537IT1>ukj33Ik1dzX; z%%VYQFQg3&JH;<9HKs@pFxfttd+<7vCyZi*Stj7YYe=*V(& z`?P1M;_w6_lOj7?YKCqoid>-`u|HyfIAZ6lU*SIKrA0bL#2;32LQd0yi8bR(lM=bc zFWOr&x~R4&Ght%S;flHAN;4|j0~M`i{731Xxy21hB^{L}`}&w>rX5VS-si4{Si^6W znnj^NP(0|M49iNyb1IQgk@(DoG7(oO3OdZk()oR?i~eF2cG~XiD5FRvia%F7EFt3v6s(yjFJxK)9&ylJ`9^4)j3?#!9(xzoNg3CkoGR1Waz z8JYJGFI|S!hXy;X%g1)Z+Kyb0HrD1ta_Pw&M;=^Nl)IuB=rIZXuhzI3OBxn*7F{Tp zP~(-IMP|yZN0PYkQtxf(p@w4 z=K0l+J?<(VGqr+XjrwD5j8>)kV{CdyKflQxV!7yNzG=$33tOL9Ij3LX(>_>pKcgA^ zC&cI%8|0UnC!aJqu0Pb3fTN*Xki3-vnO=*+u_i*|gE^;~#HE()6VWj#(cE|*?Lm|I zZlvMihFQ~XcxpW%&n$K)$gvS4ExM5FPd28eaUFJAYImBMmc1&eAfHQe(xxO%^GwTd zrN+37ygR(+9q!q3x@~YG@L8F9Lh+sXz@3Amg~8<*A|jVcwY2ErjL2%t;3#UaQcT;q zE=d<)ocSnSkI~^qvX%Aad0)zC>*@5?&bW~ZD8J#_=%|jKwy2m%?O(QHFLW;ZKYzaP zm(J@Zj{5cb*q%8lb!ivQr&OkmZM4koh?)Z45dO%PF?O4LU#}GdfUNL!wFlt$?a&oS zt44IYMr?YS+%A(Np&Xfo_(6`DEq^%E(qaMiSUD$}QDh;=6lYg=h)7jQ55p6Fwe2t_ zd0zhJSO2DMJ+EF(qSS7peo{jkrblM3ENQV$dyx@wgSHo{xJEh?{BRw%Fx#b*ocK+< zq|c)@44;;i&Lqh|*P$Hg*XAg&c-9BFaSGL5oZ3^|MTTntdp z^3Q-zc4c0ibR1d9TG>M%dlDz?;!aJjzfmJU)*7t$Je&z}$*L{Bx2Kbl)|i$~ckbf) zsaIy#gaT9Z##CgMl$SIVCr1@6DT+#n@#m&hjVW+PCnUyR8RJciOCPf|zPWsK?W|=@ zU+kTeH!5#Z_oDjR#_G_-^nd>6lnyR+%kb7somZURP*>^A_f(9zVpQ8Vmb8kW?d&mm zmOaP;)F;}0n{_>pe4*fp{>*faw#Zg%q3fYd?`EB^#3*IWDaL*~eEnd&Jyzo@M#h`J z(D=$r;@M+hzNKdgDhY9xAUrU*hxuF488&Bs3?Dm^T|@gmC2j6ZYEoWxRU^}0LVVC@ zH@-(UBe~Li{WtmDr|Gmi=@_>SrjwsM%EiuSS8liI@?Vk;oy--Ij=dE_cCn0dmS>9X zXRqoumC?yo=RD2w`q6$iU8l(r5ZPz0bGS_t-0)@!j9*PFl;H zn-qZ1O3YzbxDVpUUiDt+-?iP8$Km_VbB2)@N@Yh&kG^2DjeOWkyoC~wj*iJBKQbmm zS57uXFtwj zgAjRKnV$=}>B$?$cZKHLp?e3uPQD$+wx_9k81tcgt4&n?uach_`=lXzjkRXRw#Sb_ zk{yx)ai$rdS)Q@|cpG&gpDiO9J0!+JjF(P^CrFgREgkks)2PYX$?bVrgD11u64-2> z`Ij+wS^MuTc|`abADgGmU!qgC(Xi1L1H?>=nlgUX4d<5)2X1;q!!|A6sDULn*f>71 za{T32Iu}_FY|D5GF8^+gw?^4+gDY{3Z2Z)Mdo#?%8D>7a3NVaa_UgFItnAv1P{w^3 zc7~5rE3%s-pC_rSxmu^&yUuHSGqP7^Wrp0zU71O1+|g@{8*wpq4eY6?qabEYPu4(1 z&z_#T!*#5Eb3E7R=}FeZxD0u?$*XW!I7oS)XSO#jB{yigBY_#;YWRxvm8{gPpYvZ!W8#mUE(>FK+H!_V`_Dw@&SW8(og%#r) zm3{&AV=m3paQaO{^m8XE{gg}jJ2w8gK^yP7_rKZBB{u%a{`A6OHhv`CtM^3c9_r67 z9Y)728~enbH%eR&KC;z_HUi&5B-HIq#J?f&M&SP#MzpK{A=(-7GKhW3`lG~8k@$yr zOX8(Z+2O=Pf}FS(Q{q{Ku~ym9LQj^WU2DI8kH!}gf49WDHW5R*=}x+i-4&fuyX(5Q z(`nsbscToeJ3gW-Bk5jkbLf^eU7>Wt?Rc~5l*8{qdN8$L*Vj#e&@v{{LkZJ}jyQZp zryTlzHZLlDcY`ptj0w;WY6#^M`fF4_9Quc@iO~PBNjeJ4m;}9a7Q^^oF^qoWxCs3> z8pbQVoLn5npHqF-%hq$quM|ndxb6+l3~wdfuM@x1iD$qY<9ao`NaLwb`*!Lr$c;kh z5NWj3t3z*pEfRlRgVqbwd&OYA57D29 z#7F9VqtLH_{!z}I3H=5`Tk;+M`nmC&G+z9eK3nwUX-7|VMrzN5%lKzi|(f6;3&^IRuV=J-f zQa?)Q-_m+__&@Ykg#PO(;-FcHqo5!3Fe$gtKRb+mI?gFL|-aL>Wg(nBz}axSP7~xl_T|KM7*Ofjz5aNIR2>X-iVLzg@SVR zM{6T`Fp}=o1*$LB!oX;y8`LYIn=ADn;rHNDl{dabK|O?aOao_@hxrB$-;4D9NRj%n zt;t2g*p8{Y^o+C6-zxPV;s4OB5&G{2#DTVB8lfMik3xU-F#3%>5&9d8YL$NUrTiB% zPAbuQtIKulex&^qKh=q+=McLeY5&B3qV-m1oY8uF&}q-azY~c+I=nuKe_HFUPCaOP z@*(;cBk`!T*nMsPj$beBS^ag_y^h??nYlsr>#HL5Gm`FAyaBQM;|i;lPKFB7o*g=| z;|{+E=|{9ZOwO&Y>a>F|H(+Y$ON7s^1y z@^DsJ2P2X8=I|Ha(4pT*gHrzU@~f1-`f~n@wLLrZYbmGFFRLz8dirtCu=BnSfAI?) z`b|UhopnmzcqxCe^JBH1+Zmi+tY?XTS?jai_;^@-O8lo7%TT?E-QJ_^u-&+z z@lJbl#!*tAI*xMPYaHRJ_R#HJI*ytyHKo4VNZMD80}Ndi{lOx}@1M!X~S<)rfvHy=gb`C&)~ zf>z=z-jTuJ-+X7IadhyVZ-l1nJ2O5%9jP}bowde6-q9ZZ_8H@O$4tCN3NJeCl;a}p zCY6)YuI!zwv??f}rR%pFrGD+Lg_pE%;;(e##}BV}`fHa<>fPRIoFxbNbwmC2`AGaR zjUTet_DiA<&~MZDNc)EWzDWEt8t=4k(UZH-6Y|3d06+bXf7QB|`1>T@h2Aiaveo!U zjd#Xg3CIQR_<_&OckJ-QhB}5VR@&hFh(jmy6As-g^BlUbeC~XU@cW&^uhG%Q8IAS0 z#ir39LPlq>*AzFLW=g!LrzwHjcIS$>z+-!BVaw7a3e^U54bgwX}CH!Rm zM%=gI^EcPq!q4fypWE!vH75J%j?KiR2tV-)etdC0#`Vf3hpuNw=yX5A$Mr@+15lJ0#_G=w6xb z(2bm*adcVA>*)P+#%{DlBr~J4LsfaKa2#eIgr`IMit$>6_M4Z^$xwgSaOdC@_4h<8 zOI-JUomm{$&$wa1Fx;DMt8}K!9XRc2BrWp>m(aSqWte}Fc4+PZzRVpA(RxF1+{bgp z+zAe~-qGXm7MtVbgSmqd^i{JX+=u9g<_?UYGj}lJjfHb%5`p|67O`uR#?agWd1CHh z#2Zs)%Orxn5uqQN3xJ-vgAw$h>tqt)Z_zV%a2dT!A`H^Uhd;4@p?ylgk^P!&wCJa; zZ}XSrcjWU||Mk-6i^89{lCU*M_t9-KqQ_Fm`(lse{hN4h%X6JGC~;wl^tsq2c|Mo) zWo*H7<_=24FXGS%G`#dhiIVvpF{6I7I`jXmmv+b?;d)8z35kD%sZrk_CF21 zzb*1y#xh83qvp^4cYV&D0@o_^Yj6xaq=EL*zwzAZGoOw;zac!)cJvQBN%?+erqMSs zr=z}C+GZppypivz|HXUyzLB=s%o@iBcV@BC```O}XO4U? z;#ZNL`eH-xMRfAt`6&ybG#Vwb=3^=mK7+r@X(C;MOCxr%xYIX)P^*)Tn|^M>?fne!YUZJ3_g zs5LS~Poun|hY?@xqMi;6z8_^oo{Md~sHaB;-*@d-JLvds7xfgU1OC!Z-i$mKAMT=_ zKBdn^Pwx>ssJ`4qE&V#Q^1eL()sUT(T;kJ7JF|bF&&6k(Z4EemqZw^3i;Ts;*(g1z zGu%X~oT^Tn5N`dWNNsez$BKWm)$jF?^J39XeJ;Wr0#piH%;#Xe6vu0eRFOKAM%Ej`ye$LnqPsW-*L3&eXI{sqXk#Zwd z=q}+|J2%q%!c*qge_{Uszl^?=J(bIb?k4=&Xy?Z!p z#79G$>E8{{_snN&nSE>nk`=2L%JB|@f%6;+-Y2MWT%f?+>actc!}>4 zI^TO?yR3I~v`*nhKuBbXry=J?|SXK!G_e6LPrUmbkP^!zKF-?-D=+4XgDekaC^&nWSD-NE#xtg_lvYni{$ADiLL zDriov2o`%Z|2wQ}%zf5?k!su>N=VH}l{0k!CE2xs?+WOztnNiNAL!q#*y-PFR?xrM zs=%*vQw9M&!=ME0RpD2^IE+y}8cJf1LsD{llo3kK=rSJg#3WOK?T0v^QFHjv&JjD_ zoUJ)A#m<+8C=GXSn%C!5W_#>bvmh@uFD1bq8#l)qNXiScN!*UhE%c^kC5*=~ddl}^_2R^Tv}2}$o4QE?2=O& z{OS!@{9gPPdJY?P^10qa)*Ulf=a2IHq71eNTJb)%e~EVZc~G%>RE^<@^_AwVDM}Lw ze760__9HuGV?{;J?w+0KjI+$hnET@YE|o{Loc6betvl8a3!DFtQ=a9qo6LfovS4(p zol{s9BC^xfEN4FiJHs0e$_iadb8ghT4lmEB%5{I;GX`b1uVZkS}{4s;(C~r+>iI~*SXnlva zn>Bl+C4N?+A1Pux)8{q75!p5GysY7UA-O2dSCp2SnpsknV&8OGt9w5oJHeBgo}ZnR z9xTd=6CIPekH=Mqb&kYb#@-c~F}N;8mS~*i3h8HsZk_rKN@v{lghMxX#9Yce=#CAW zOL+!<&K?nGGmM>B{<(WwM!aXgbJ=^Jzb8iW^^=SFcm15MSMoohSe9s<<(Z-U+sm*O znt#_X$bV$-N~uuVi7XZ*av7tuprgZYkq=Wm=5h5IDhc5;gio`NNm95YHl6KK&Q>XB zPDN<#=eH;E*BL!P8AuP@HzzztU-p?h(w z-L@|}nlA~9`QQIk&2#K;`K+SnxyY?Z6+N8kA8g1REH~4oDVyo}RVA6pIqB)KY5p%s zQ|`>3T3lS5k)E6%lb-K?Ok1*LJjux)i*_veni$GXF7PIGeJSbNNp~gLzMsjB>Z1Oa zk7?zveG}95extV4<*e*M@UE;?W%eQi5 zS@9N8>NO)JmzCgsFsQWF5TDF{JHzOg#WPj?EkO(!So!D&gr~>w&UGirTMb{ zDNr57vTgj}yzxl7SDpM@x0g05oh;Q{ET@bCw4AP=(-1`-9ksHo<1Fb6(Wwn^=zak| zr<@ZTh0^wPQqKCpMW7)Y@ZU7ReQE>R$*+tXWG|znP@5WHE2FcG(Xjyzt&AI#mT|-F z5!!;3B&AIrZUgLF)dsXP5>bC(&<1eRxa_NRY(NaW9uf7XP8kn!=Z@?xsb{`L)|l8s za@oGL$s7JH!<2Iep+t|rYj9^;cBbw|OQA)kuJ&eR$riLMcXZMk!_5{nJVUgZkF^a{ z963y{L@)ohH=bc3F57ta^LAEnF57taUytTKM7|^Y=B#M@9SUL^hpdpf&Q2ibm5iwh zXnwl4oZWcaLvA^kWpfW98}evy_3Vlp^g2v2P1!%KdcaQjkLvHk*O~i>%y~1e*Ew$) z0m?iLv(uJYJiQ~f$(bM=q*tHOnfG?+)N4G@-!)z-Ma~Z2$ox2bb$8<#s7IUre`TQ@Pe$vN&n6{KfW6!wwlMEpfzlW*ydj znuFUkBmS3p;PJr2*6(j?{%6w4q<{M-?x^+~V?(8eUru&T_dDNr4`HVhqclctr(8XY z<3GuXiLqjgpJ}Nvxqfw^r{Y;Wyb2kY4!6Q|X6B8)y!6Cic4}@0pGNXqot}cgsHBS> z8Rd^>j(KRDjvvqdJgE&`WA{F0g?SFjxMK=d!<1^6xyC@;6HPblq3x76;3pJe2;G z&hzn?mfz_UC_n4Kl%Mt`>n_YKM#@iVBjrCIc^;WtjA+1X`dsAqQe^HC_m=ku%TKQm zd4FHz`7`=_Py;sUb1DB_Qon<9i;>cO5n6d)p5HfA|3h<&l>b(J?zE4MR%9+L(lX*V zS+T{rs^##QjSk8EkUI9%*02-iYFD@PXCy`GNe1YeNsIf+u#?ytrF(yn?r?uoZGnqM zCjA4m|JLsr%La`PL;rD|?;AdAeug>UWflcSl@yl9XXguc6qq}*&4TRg{*uC!l9Iy0 z!V+epVxzvE=1Vq{y@_SfF$-hN7!K2Uf+eLT**6DMqi>E$i75!y21CIg2k#3;?Ft?Z zS}zC9l|l2ipeYZm{Ghos_|@S0;P&9IVARz?)8L$-{xN?%aSGeJ6pw9P7j=c|6ED2y zH{JG}$qW7F?!0vwh31sJMo;_fW%b?)zC(0fa&2v;&u1=+Ne$+AHC1+X`9~LYRfkHG z&D7BJIVFKPGpV>Gn%nAhq17=`T990xKK*{-LQ;#@1=P5^VhXY4&^pla!2&0;Nd~uaI zxXXQPdOC;GH*(-zzAGswFy)fvv~-5N6q*^#4TXh?tQthx7zBM{jh9Q}Eu-U`QLg9-wKc^x+yhwgt&FB``K~a$eB#X--*I#F&92nc>YHm_{FhK% z@}1m?W4@CxNiItJ>^W^uKIe*sfzOz`kr~U~a∋LXPZ=oZ-EA1nlD6rFa+of2=9D z7Y&|)9d@$^|0Lw7}I zmt;3(Ps+YN`}^6^9WmKvTy$1RR#Vobtn0JBpG8a-G0ADkCCS$(yP}i0Vk_zTBv)pX zndvg8mTa5>w` zP#o{XG?`6}b@G?nliZbF7p!Zpv+F9hTrfgORinE`SC|DArdi>yu+Hh^c!aJZSkYWz zR|KKk02#lb4W*U*!YC|^g27;O&<^Ir7MO7bMK!5+r&@8TX4~DV|CJg}wR=;|CsGGe zKTEY2r<&7K&Fob3;nZ!Z*3GGAEbALqd}>^>*_P~ece?xBc1O4SZugV!Gj3O&+kDhL z;I{tWZBBQa32yUY_W`%n;=aLc#me6`u~)|;SF`P%So7}KCu6O=SaTrO{QFpQdaU_y z>;W#LiX9VcCB#Z4TGU~ER;H1@G~Mc$mA*3l$LVL&UB}YTrCX1un{(66l=KPd*2Z-6 zTj>v^TQTYB=~jHY;jQ&9_1YaPz3aV4y|&*w&TAd>nqTwY@3mas30`ZrH`HOS@tW6r z%@}X9*Gljj@wM?*$B*N;$6JN*<~hCNb6&jpR=l|}-kcO~rgPt?;cEF4C!wN!nOuA) zH8Zg*zo@ctOrump%jmYQWsPR2aaN;M*f_e;@->=fqj{|HT%+}P5aigyAcZ|^QgI98;hPTdcDYg0OL}Bn6E)> zF+(ADK}pxN%Egry8$F0HLTOw@^l;_2$`>l_%9V-9U6rADPgiCB7R%UNNB%~SE@>dV zp|-87A)=)Gt_)QbS9E=+;U62UFE^M=8q8@8X2VLpzStnT$ED;I#cfnp!UHop}kXOua*w~PjE5D%){!IBr90|Uzm?|^ADo@1mFp1{{O2!prhB9Ym zF3nt-d0%F9dM20an{C@Ok7inrWtvW`ZD#s23p2-Mx{hU<_h&wxX?-`-{92}YZKmnU z3}jBowAW-loB4X?iA+~h=A_K)GryndipdOSS_zp2(I%feZQm1Zu8cPSF4{a6ZC(*= zuF+U`^bP4hOSfXv&HD6wUyZNRcbm@@>oeQe`Of&P|MZ#NzPo*v$7lMsm`g+9@+s4O zOMEx_9`T*_MJ4#m9X|76-!`9>=_~Wy;Inx#ft9g*+ZwmeHt)9o%eFqV&G&3`y1m4< zeq);t+k8wZ)3&^Jx_rzj-kVXA(VcO1MqkF=8S64)+MdjKIpa)*{p$>~TjT7+jJ%BM z4EskJk7n%57|3u<&$uz;I~jIDMn#5oFyq|}>#mH4GhWEBr)1oaVU5W!%QDQ^43n!e zV$8AoW6XbwF;~Qx12N{b81vy6Gd9L_$6W6*V?1WP$2;Ee`}_smN#g2Q>Ho3+KL1g_ z%k+=)TgUw8{MP+`bFTkdzvc2z@LON-ukmm6KO1WGyVCtZzZLB_6a0qdv#fDPt+ST( zpk?xruW=UB=$te(@mqOhF15aD@xOJkW^6nz;?A$tUEOo_O;_J^)7SW4Z%I!YQ;C3k zz1$_$Lqx?*JGnxdYose8Zmj0_YjV9&-J!Y)fv>%^)46Y&w}*-%)I)y=UvlZYm@VNF zDWmd@kdh(CUDl^U4`*@&$Q$zO+v(&6*SbO@$X&(PC<{51!;!*)|C!EDZ;$gIA2s4q z#CpHkSeUB+2&YOo68|@!eJM9L_rf}};lhjjTbHZwbBX)4*?3_G|9+k8z?aSP3wti~ z3tBhl=6?1?oKKC*hxj##HmCouB=qB}!XGA@+?AEeS*~U#PrhK>!W_?ooWFR|c!hn~ z=eb(%=UZ7yILdM^6W8C36+dmU-tjzdi*v!q+{o_)@$+!t_+^epE_vvXyB#{@d#a=5 z(uV4Y1IVvl=);AfgZE=`nVGPUk{6=ng@KW=j2Nt zy#CA^e~tUuFUQedjh~n<;|~7)qiGwrGqUL8_gnnlV%)&|#`Qe8&Wtmz;$N?6KR$cb zwc~Q3m`VI}{*C9~B>ryWjZ(N(5-uj(z;7lKh$%de=N}?wGLdnM+$ZaNseLfeIk3}- z>3lI=t|{c>J%F{Py)DslQ$DrHNzbj85tCEIO}hyl}|$)lMi+=CdT`g(+6-%(KDzTz9f-MoemUQ+I>8 z%lFy!m%m&(ykwNr=jW5pQrIdYSPRBO~N3p5I!Qb#>$T zlxbf~i1Koyo$B}hG@}3iS&>HnKdn!z_Wy}M8J!zH`ou8PA6&}nLe(iF+UyU%&&cet z@Hz1D@F{S!hB3y3w}sy};*5ad2Ajjb0>=;^XS9U(fvr%+8SUXefUDV`5yz-M4t(D5 zfIEc7+GXT`yNyh6kB0Xu%|RoHnB(D{;G3+!##twnW`KQeaeSFI1^k$M3gWC!h0=~< zd>CiPhd%^mo;{A$WKyxQ&fxv}bdBO8itB`@y+LWV=v&XAMRE2{${241NH?A@uKpP; zSFBTPP;4eP-e^&5SDX+&%3OBRAZVM4F2xkZDMD{g)o{1GW#2E{>@|vO_30xTUa#SPrP-*sP59eS zC_b+oG*|YE8h#l}pk8Nzf$&FQiDJ28onnKcNFxDhc)?a93T)T#gz$TWC!qrg$V9?j z8lI}*8Jzb`Fy?5?JdIgGohBHo!|#GSBp&(jmbC*vA^|Cp2lONz+#@L>F^M^*C=yFR zPki88!U5^YyYGiT0Y3wC5#4H7c?d;VI)ktT!=_cY?p>(go7Q& zUWWub$w&iJG(JP}Z)a;viM~5Ucv2U_p<5(ie_PU}MkIcX;#$Q=6xS9#%=8stE{y-xVp8#KIyRNVGfq~x}L zqxf6J?edoWjMBUUPY+sj608dU7;NUL$7oY*S6oQBJjj$=wT#6YUZS`<{EXqTo|m`C zKOC&x;b*};;S=EA@LBL+_(kxz@Uc!PeoB3Ls7H8W83bd{WsfbI$}M|X7?0g8l=dur zdcSa{jszc3+z>uPxL;{DDsEQ%t@3$BX`a(}cPh_agnimlWN(I>FyC7TtHN8rIt@1{ zHu0_x2|NR~g#QG#VRL-g$-UqN?w|7+lN2W_b}3F(oTE5TaWUHEqrIE}cSwx6LHJ;? z1veT6plFnj-TQwueAX(Vv7VLGktexAE1m|WW%-cmS#S@v>_e(Tb5QbT9g#d+$IwzA z5+={qoBH%Etga7flNNd+^kw?5^_qm`;F-l5d%dLAp zdy2ekYe}gcq@iucr)|e)uhpm0c6|1F4fjha?2SsfS#rY8YvJ>R;*(1A6m{*h|DZ9? zE2^yQ7d5;SUG>>7Yj_tq@f*qH(@&4)1xv!Of#r&IiVcd=)A{M?PJ%7r^kYJdIhPDPES8u8O3KM8J;{9rRlkzSSjV=V;_A_qS$owCr<$tU$lKCzP$KCATS z6h9RHSV+N7BtP`6@u2iRe(inywk`R=HcAYi+X7?Q)9J@DK#y&d_$iW>_DX*0k+ket zQZ9O7@?)=2T&pyXXn4Jb`;~H|;wH%(i}4%5ZIUS!KFe=ErD=(6^xMxV zf9b{iwn|BRF+aVzaCk{+q(}4HyEMH~te(5Co!~(Dl%a%mXSPpiuXCVnaISo!k0!e7gd*Eb^ z>C*624NudjGs$xjzO7Ks(WmqD>FV%<#B9~Hc4+*5p)?<7*Ikmi0lSoB_S5SnnOlr; z;HN@q#S0(wgw(MEl!zWS0PYewUT zB(zAly^qyRqU{I4^O7G+de|h|{u|(5HRgh%^tMU1K|hj&UO|aQ33_RRN%XVi5M7d( zYz<2fn}kM5Ot;9;zE1LkeIU>FFEzYI!w+cqL6NZikcJ;t{FUM(O7m+CufwlMvLDm% zpj`EtbLj=}e0_H(1 zL%=*NJk67mTl2J(%R*N`FD)Wq`6b>;LstVipd zCC}D+_>V$*AA!vpZb7!ADCtSCliD9ePTm6#P?k}oRRP|@(-I?&QixZXk0P=cH#ra`e83s8b*?grZ^h3wjs@C4;KNpZ4bm*P~#Ig0ZXZ=`Q6L2j}S ze22uCuTi2B^Y!o{aF1|9h7xlCnUo;Cv)~~lQ-TclgU7J3CCD(=C_#pCpqCrFN|2R= zZ7oB4{O2Q$ccD0OsK3 z2C0h!^bJ0^l_LKHu!TRxdgLijzl-!rt?z00 ze%ekcvOR8;p-U%0KW(av>vGS5f$-~K6`o8Pv$XMG3z}Spwj_ZQNU@A^2~Jk*Qk<$d z8)=l$E6LNj8lI=&`5L~G)XQkCLeqmh%kWp91a}AxWj_P%K~Kt%zz5(y#RFKdGRl4m z6#XePPfD&RJKQV}k}0F?b3nhuBLRue6K+;MnowpHNm`cZNtrbsjViNlK?BQF-^!2= zsUsg!wC>liw9RsK;5;a;uN?kk!CRpzM{Z~N5c>fnTtR#*m_v${8dIq;l^Rop3W0ku2_ZcSJR>;ra`fZ zwopwSC4ys=PYZ3cnmomWZP?yw(n|w7(9de>?kG4(ak65U;#9>sit`i~XnwBJ@IqQy zHFotRxCG6t#;(2qu0Xr0(cWV41y80L!)uHp>_81NKMV$tRShzK7A#k+BCQ%^E-?*? zBJ&z7_IJTC%%#*|ZSDbE!%u+X*VSNcR)HPVLJijDL2v>Rs6q0AlNGxZrz*}-oTs<| zIoHreBv%Wu?KMb#2e<@lQ-kEUfy=}H2=-}NR-j!q)It`xLpZ49YmoVW5Z;4s)F5-X zq0f{T$xHa4q@tF&2KoP#@Uiey;7Mw>Mr)x4`BPHMizd|2#}Q8-cN9#Qcc~G1Dx>ro zY9tQ4MN&lmyTDbF6SX!q$bT2#ifo2YEwcI;Y^UC9jRmyFT5>f29*`L7Itbo^CXXiO zoH3f17Esz(o%RBC+6&ZaFHonwK%Mpib=nKmX)jPmTDzc^UZ75UfjaF4>a-WA(_WxX zdx1Lb1?sdHsKXYWHtMt&sH4rEA-rEWsIJzT(hJmSFHlFW3J6OtP^Y~>J=*mVyHNa$ ztn10oUNAr&>dDWqz-Hd9Cl5!!c1m5(K9dx15thH6`3)bqgf9WqlZWSxdh$RFd3YDx zFYl6vcfdoE3OV_}s3#}qK(Rmdnv;5JA(3z)60Wz3XfO5T?L2s^#@~f^E#iHj?5gumhXfNQ!>}Cm@YR z+LYjA#V*CEigOg_Dav@ck=6mFwuna6x<=KyM)W-1Xe3wFp!gw;NK#@%580r>TTQgY zcfdu&G#N|KlP1dhvC(AimZ$Lf6L^r^Hfft`qD>7LP4Mgh^Qna<+Qoa|dMKOK<~y^- z&9tI;V#M+{tNt`o3p)ts;>|W2Mbu9-)@eT&2>%u=VI0wnbrP%!-v`z*m)neul9&cX zco1%()XnHeBG`sLG}9Mkft?yZ0o&4y^qv7HYq(3pQ#Cw0{4()#G-j@b=V|UnUvma$K91)f;5@f|JQYIaUH8-LWiy}$^o znK~jr^dM-S8BL$kj5UKN){OknA~u6E%hzn~7j8)YO;D^^Gm?KFJdA~GR%_ObpMV^& zW=H@(;VIBdn`_2TARZ3^2~ayo)hduY(3>z9iMQ}97?2e47Jd)jBDFvbJ_)YUx9->Y z^}IWVTKEWDO}ieWc4G{=8ZgF?Ry&x3C266?KLz6%kGD|QAA)}5&_Z1w2Xpml5xq|f zwY&!`34aEbD^`(i3-v284T{Z5$$P}K;+wTlzhWud8Hu-0ze(T(yrvfF_bqU;hPyO8 zRl~E%VGH#uPv>fQp2pAD@Ku`U9?j>Cl&*yui~;*J|0^`+JDTU!SiBbF4@j>CAD|qR zx#bqE!4|E-7HaSuF?;A?Tc|q;@25suwAHjwckdBCL>pjRzYom?O2;uWGM7vVOo*lpFy!Ot<2p?SS(B{yTJbf&e52;8WwBQ%8piv7g@EU z6>oztpg*lhhIf%nD!2!YZB+@hQuYsxRxN2OWt>A;%GF9);6qtH0mWZ!Ra?}mWnqj# zd>c0WQ_zQ9YNPyKFbVmzVKF`c1I*jBp-XRo<%%*wX+xJJra`fVvbXVH3jbt0*oMs# znh99EHp(tIS+PrTs^T2Qd5R0je;Xdl+n`v3Hnj$A*a3;Z5q)UGTAl`1&_dhPS7}2U zaMsq{M(aLGSbUW>ZQX51<~U)|jW)HYZRo}!!pDRg{^7?)8>60&K+%vk^;O!C-c-Ue z25-ZXQ!XqyB|?Tmc`G&Eh73s;&+t6>J$+Za{dVMe8e~%+=%c4@S8L3ehjiO%q3?mx zLfet8PzGp~?a20Buw1b!{1D+<(rQP-65pWMOwZnqcIAVu$hjREFgwhD1^nwoAKH=j zHgHn-IdHOuyEHsi!?Te_JDMg>=W2MK#?ROAm72q==vmsaz@LCU)I~dz-vch!67?yr z&{BLyakX-gmfNl^x1Ab+Kl)h?itTNuc20t?(_Y%q*jK^5$iJQT%lZU$Bu`~z+ODkCKpsYN0AmJ!bW;r^Lu%OIxbkLRsWtO7@ z*$T=mM~BWPbs)V{gjb*;9cXMaC^H@%$R`05o7RD3pi!IF!C3V?Vd;-LRBt=b+X2F& zw;kxMJUuBnL>k?oU&HCbpHjmao&1ndW(&C;OU~oL5bLdD$@!!U5Zl`XBb!W zbdHASDK24lW-PhoEjSCx`rue*bl(Se;{%LkW#<_7-+f=>KT!T3qUU3o>6H{eLMz6yO85@=iIj`EU%^k6{;$;O zSk@7QGA!}T`VwY^j-1;r4MzzLs|lw-86%HnHJ?)09;NpRA7+O0z!arVRr(B(2D8Kx zU!s&MC0ka*$J*CPiCBjfKL4%Zbx3}!{g{R~(1OM?(<_vlq}0rI9t5}2UdA%(D>?kF zQa+*K--!&F`$c;8)0&^(Yl_d%uE(+_EA)TV7_AFteI;h6rv8$?`?AKo!uWJ7E3@a& zRMGQJV-zWNqU}e(poU8o%M{BszCy#5iZzP0wEa$Fw1(@Hre4Dh8gA5ZGh@I`#;r%e z7Uq09@#>F*?eycFtTx7jlNF~>*PYl?iJ8F;wN7KU#>`cmr}6VO%uT>N6%VkJv5e3! zLH{~wHQAs@uag@-h1-5XR;JznKb3fk`D1XEyu~c^Q{XPzS0`Fp3d)RPCz|;u@R;K9 z@NWpeg)h;`ibEWDR!VK1Q*Iwp7oBL}$KVA)o1J)|sbQObz7y>l0J%H{jL~o$n%s$Y zod8pma+C0<_IHBYgune8k)Bs#dhjhC`dtg#^xlGUL~!^68>< z64M7x)tIU1YML<>`b=XQ^!q>$ZG0L}&wwJUX~;@Yq%;i<$H6|KL_QyY>&eMiSNc%%tUSyGf!i#q%1R;_xKQ$ zHH(?ZDha%iJj_&&XeMb@8#9qrGMG<)Iuj`+fUAT9QaS_Pj|{uj_v zvqRpsWX`&qeEPtAa@eif)lEL3M~3fXFGT)W4dg#t#GA>?S`8H0KM*xx`$FHZCB~*ELCWN9k@8ujd=@F6MapN9@>!&O z79rb2W0CS%quA!aIagCAL`Yz+!TeN{q~MFD55GP;BO6@{}L5y0{jrdm3Dg_FhXZ5Kk?@liWg2EgUnhMV?#0RC$UF;ehm@VV43l>?VSb zy;ft^Vb!m-Wo7ePb}z`&jf$I;&vQz-lRo7}Jnbk@c0}ArKF@(|NbE+P*}f59^flu~ zd{JodLIq`a#Er-e8q(bd-Y@a&xDb3qv7b4C8%a@~ZiaF>n!FQ~ox{tKlAz2IEN9#* zVc9>t9IrGUl-a@M%nu04=x;e~@FXZZW|yPq5|$ma%h7WQ&(W}qSeK*KKLy3-T#i-~ zL+z6aJ9*%PhLZ<&^6UZ+D$4HS<>49v;EBH0G>wcwf26{@CS=+JvX`-KTQyL(Yexm)+WZ$XUX&L$41xOIY^i^Oo_$yhc`AG7`j8ul+yrH(TpzL$6e;x~B?*g^`cz7NDy2S^QlCnxPvz66^6As@ zX&=@A{>Vg7_PO;T4MEwh-G?-e8!OPXeP9!kS%IGa9&BNBzk>Go5!l8kV+Gp&2XL{{ ztd_Uf5ehx}!@IPC9pG-P#0o5l;9kY!!cBL6uF#o*71l|8cYqSDz@D5pR@hO(2dhF_ zv=>sLJ@OW;eQTBZx z;|P#(95{oMZ)H+;kkK5-C;((M2Qr#7Wp~F1Afq{SB0l^_&>emc^oLJ_N#S?E5cH23 zOTz=;wTicd4-@`j_zm+hlfBa*ItFsg5Uq+Q{5WqN1DC?>aYN`Im%Y|#n>=NoCFyPu zzZwjY)&`@OoNs{s40vPs0C-FIb?_(Qx6KXcXBx=9WpE38u!E%DPi_amQ1~rSa@fyX z?}0xQ8YthTSB@nfiy7Vxx=EK0QHS3Lb4h(8@16jchCc*Z%><=fo1lLk^ziN`V=PZM zL3s$gTEjxW3Hmq9O{DTRxQ%jcCap7|NOH5*#b#u9p0IG(tQA;WqNQ8x&pI##^VrYr_Y@Tf#@c9}11^ z(*`#PB@&SEMxi7>dqMWAgPc?aw^F*-=)XPy%gMuQ^j{KgP#lBIUt?d*Eb}#MHz!VC zWB&FWcvvXuiQWW{DZWMOuhGj0E|#Zu4?6!Ev!D{b86AGj{w4bPn*HAz^MK+*ife^~ z{ji3ArTD0%V*gsh>-Fhl8h%`HlcvH4B%s+!K6hgk-v+C~e*&A4|8BAEU>kDVjXgXB zcJS72devhlUwcOKyXkkJx7bGn?$Y?(NM<*^50utkB)l6R20mKq-IV$);Uh?FH>Exe z9@lr@M8doAXN2boNsAszQW+rUyR9?A!7h^+R_QZJj0~_`v5NTD8RJPzgJN^|MZ#k^ zll(f8KMb~$|JRZHTOgw$^L3T{>qwq=k^CP)c720;XmPJ2b10GdKJW&W&zIEC}buOnOHk)*`muHgrTCnq@I#@P+Q4V3Y9$_r1* zEA*R$C*|G4x?q6R_s}BV1zBqYtHMu!wMcRgtwUm1YXjLy0k#vDfLG1X0&AwnnPM>%WiP3@Wi{5@S~CzIv_Fqk_tYayt_$K zVb3}Isq2&GUgYp0ScPWprA_?_Y@@C1rB0879dOu78Q(PbQbuT~O=u{igm+^__fn@P zK=$B)2T6A??L}zbM0$IvK{(J-;7L860ngB)_fnguLH2}$*HO~Fl#5iT&12yG!i{pl z!G2I<9?|eR^m8vYD^L3+6>3&EY?f5e;rGpbl;}_3C~~ro`aKB-HC#%~?la01%Qe12 z!_MdMC&=U6{`Qzq3Bu{?OsJ&pfh8GJrY!rE*F33N1K|ay3 z-QexQpBfRGUkZP0l!VtPKA`xZlnxsu@oSa-VGaLE@e##GC5PB3p;<@U+=qS&=f^bW zam5Xib81#7H)`HEr$czN=8e@8!dofDe#Y8_?JMf;}4ZP2r66j)M0KXGZjbYlR!*dI_)BaKCV-r1Gxx+WTpn@JExM zM?X5yt^>5J_rW8I#}wZ}GY^o5KY;_Zode|I9q>9@)&bHT0B;vc+728@SHkNw%q%)# z&K`oBgb!)G32x=xgS4IVUrFa))T^MAyIe3INau5j%9@n?t)VJQEt`DNUq(T{wf&=99All2j zl=L{bSU4bU(xTK77HJ=()TDy0k~+G27GzBpT%$1$X!t?NIl3zGYbAAj5()oG@e!qb zRMYyk#;jBN^-9UAE|iZeZlFCLL{}vbn!flR z(6^)qIi!~M5c&x{vicDGrlf_ej)M0KCGrt`5S=_k4KDhgIiTjV1;tbcj>J@06G5-1~pu& zSfowe<;YJN}o|O18$oXAzvJ-4YW8X!p@-Fid z=DX%eYV%#z(8&oqwBG~$62lJd55aVKm-VlAz=H6{U?H0Pu2rm0Z^5T}m(lS_@E+kQ zryfA@Kn5t?J75Vl&dD1Mmm*cpOemIXe1(Q96{{6%6l;~kXbsmXWxa+QG~B3RPI$qs zgYphgiub|Ocsm2;M@W8v5|I{rhmM1Z&lgX}*CbA*GHD{rxpei(PlM}`@O!M2`@t!S(-dba zcB3Kh$*eWFfO~e{V}(k>3ppe79y1%o;9^ds$l8m<^au?nE8%8&=%L=D6yE?jCkf_r zZs$GLK>}d0kq?eXyWV3>qze3=(%eIy-(yXr7F;jqe9+ZYP_*tNti2%TLH;j!X9Ay9 zaqj=KWlz`)AfgiSRtr^3!V4sJ(Ey2JZQ;80)&-3aAT=c1EF#=$E4ICDZ*OmJTW*)z zO-eu|N|enFQ5F{#37ZNELV$qmO9&Cv^Z!22nfJ{blCUUhz5h3#{LY*?GxN+m^UO2P z%$b=3iWD`_lM41HSFA-4p0A z0dzCJ|&0h25yK(WtV~sItMnBI=9XHi{w}jYz)uh-@@sp$Up?G-9jo1VuJj z%da6tHX6yf#1h$PB_?Qxv;yAJ$1vT>X;t^)Unn|etFJBklw z*$j527LHRp?Lm>8?4)*LL`#F0`}@JK z`$wG^_?83Gf}A+qSAysJjZQo>8*hQkvw_UBfy}Uh%&>vXuz}35fy}Tu@lZSrGQ;L1 z!=FU(Yxp2vgiL0A=0T8k$sl?O>?$Ft7jfUO_<+PB&kf)d&TEj<9@;x8#EOR_yb}Sx z#;F|b@F@q`;{yuacEtJstj3Kr6Ow~i2_tViSx3v271(f$JrcAmcE?etIbb#Wg1W$y zLm>OJK;cOj<&4u+IoXw12XPPZ_kfJQK=y2cSXoY2dyl`% z>56>r16d;hc7YpRNmGzLBOuxsyx-sEbVI8oft+^%-fEo(-e#qNoOc16Q=AK^)5FdM)ag;MJu7l9AZ4CXo9GTwehqvGnYjSjI{;SW zb0PD|N5E?ouT%V%bv-^esr$QDXWYD#2XC{wg158(=R(qF4K!u^64;Zy;ulhb7lM-{ z7U>@XC(CXP$}9fWR!>5I%R0yDLEJBc55Tb=JmqT(Dw%1NE*>{Kalo(nJDoH_UIyNe z`y%*I5B65fR17IH+vZ$E$g4nlAFwNByh!7lZUI3&Q02$$eS;V~`{UiM!V*!vkH|KtIPCY2KdB3*M`&IJqCx;i}!@gRu3sQPN zB_%HPD~J^VUL@&g8@wOBiT^{2KcYoE0RJxsSq%Z+jx0SueI|meVgl)HS?4#H^e6Ft z;Sk8$B=A~wbJhoLRw#krvTgx~lEX>7Wss1pQvz?Xx`6CV1UVlAWXCsntG@}n4auJb zU3TnPchD{-@t%&j9v*@}Jf%g`bHJH;P4$jT*{+x7267zXbONe*^dqx@aM*&>NhEjJXzroZAC#Q=c6Y zhS7SXv(R-VE^lnNf$ibOLbsFpcL$e1_o%Z3iu=H|aB>M0_k--w2HB$xvKIgpic6rl zl`kI%l_ks!5Rx^zq{FEof{l`zoCgAO`iHZ`wG>@Rf%P7w$@&@bPsH9>LVoH&&iw#~ zp`Bhu9`=J**3FSxgRH9u z-|-n^!-smlSHhcgkT*5pCUUimxfH=#_2)eW?j1<@GPp!sa@*)EQ=TlNUiRURlYGLB z&7hQhncH2F_Y};CaUzGToF55g&Ol;|;#b2&g(se#h2Yglt8copf?P`U--1`G z;GXzwpsrUTA=|-?)c7hmwgaqHWR(%_9q@k@ZSx>_NGQ@$2#HiQfSkMpN?BIXI!Iqz z>nfyzxU>`r$yy+1HTi4+ufk_FxjpEtCRg>~dThMa zD9FxGkaevfJ42l{@a+J&4tZEZi=GR$X)`-n;q~StSNaBdZSm1|y#^^IO;*cL zYNV9ZkWx~kX19PT8os?hA9pAEmo=;%lDM7KzbpO78rEEi|3&KN>;l}qtZv|S8geM@ zXbtkb4;=140^TbnVi%0ieUP@Z204LO?k|x{R^U-PYpK~Ufuc9oqBkxDMQ^NSM^bn2 zE=7^{wJPmvsWsf_ik{#b5|>g?kfT4u+)fg)pTnL`yfJ3YZI5(~Y-DSqgUSdf!I zz#96~wWLi*>h4_dP4dZ`U-j9fVS>1|>fWkPrLW;_FZC#Idk=zAgS_q4^cy7q=!$so zxP) za4k9Koh&8gZLA{uUvRVk1w4puS*N|mI^)-<^z=zEspOyq=#IX(zi2Gi}2jT5HAwTtwt<{T0E!hPZzvkTE!3L4i4b=^GVl)hB#df!dGD~_VT}V%HEBFAO&sj zo8;XSZcZo#IiVChPX0Ghy4@hFcAd@IPjN~d?Q1g}+YR1DNY+^pcQbk046>IK$3t@4vq9at}%1c~*69f1C+RqLfzt(RIjydEF1UTW2Psa5Nx zR;`y>wO&|nt7(e$QVZt~fa~aaYt?#TU55II^->G}w}N85)WZKm;6|*?TKGTLsa5Nx zR;`y>wO(q~dZ~r~?RYBIORZWj$U8MytJX`crq=C>uC7%ZrWPB9Qqao?6|rGz z)rP61PS3+FHcTxx%yXdFFtyk)0dk%L$k`VTE8~#Kt<>*wP)5O9S)tG# z6rH)1`rQL^Ru8xlx!p?5E&!LIs~IQ3?XA@867UWB$F0=t3Xl^pz)j5iZKY-fYb9^c z>;`U=Txt8-O3g~F1B^_!QnN=vPTB+ytDCcSaUY@WY*iazD|Je4sZ(-`{t@?w8vY{< zoFNBtwk7gFV&%8)(aI^elTp8E0)nS04bS zf7zz}%QotQ6wux~K&&wE4QR1ChLUbWhqJTeqRf1$kcy?$z*zC2!i-Y}3AG8yqH|jKYqB-4!PihOq>)$LZA2 zWjzX|-mZ4_cC4dh+%hk;9SJ-P%IIvnYMAZF9#kpm9*}c0ob8l!JGhSCe>+;e9VnLM zc1lN^N9x2aT75fGw+iHhKxez!klWRw-i|&`#fQ^e!MD-&+mW|-K~~Oy>;VC{shiVW zaf?N?9b1TeB5&`32PKCpY1@%8@oA8pAZa_n6 z!lNGqQzU(CA^3o#C4s3Lx4XJ~DRSxv{-WErs~*^n9w5)imH3NXZAY#;f|KBIosMGa zX!~EnEu)w^9mUk?D5g$FF?BkMsnaog9kNvK)WKmv8O5-IPvXMiL*RPaIO}(4iFNQ< zd}I_;2cN~CvmKl|9mUka?O5D0im6kc*THi_!t--M8O7A;CRuXgHEaQG;08O7AWVN%mkOdT9f zz%8SgI$Egs%P6J}zL7T_#jr9L{~fBwSZhPMSgS(HJ7^b;&K|fr17uw~n1ZFTM`tPb z&_dt9EiIItXYgkaT$PX|f^c;|$U0t-{Ue~vgs|F+xt%@QHd$YTMZw&g{{qN))Zh-@ zbnMZY$vsFBDNvTJV0+rp9$Hxg*j;fFQp74u(#Lj3KKH71x)*&?k6Wx$cKoZqSf_hc zd+b&1v6s9xID5(40Z^>dy=ade;9Kgyp8kvVS+spt(~xK85hYEvQJME5CwtKzhe3^{ zcHmyL$5DL5Mnxk^uGB`|tF=iQk_XirdsT1jMQjm293hPOmw?!dl#%n@i6y6`i(BR} z8we>+hf|^kT5&vB1Xml-QAfdgO4NXMA{I~Dfuffhuwl4IFA2KhL#rVjZo#tGbEtZ z$kPU=kzB<)jnGYTj%kl@O#6aklmZKkQtSq$6vtG@9wYp@xR26r9z)aCgU8X~$0*Tz z&N0=r$0$(}Zkh8uM#^cR%yu55L|s66b8$@d>M=?LT}mWz*+T)|D-;z@(`4Od-F!GM_BWjsg$RS~9zqqjvKL8Wq z-be6c3pfma`6BsSpsYIZNlj2v^GOYhlhk;sDfq;#$1QRFATCnf;98P5kT|f> z29XnxT!G}uwM6zn#)f<%%kmpR@&?BEAA;l!q`iRT&9y}WK_n1F0zo7Yq?SSSCx`^P zw#Xh>FCj(tK)y-?GCK_(=hSaoB#;kAB7q3uI3dSgdhN1mW;e@F@K8l((MLJMKhs=%Kg8zq?{@ z{|(%epvZX77d=8x4GM?ZQ|s?>W0b2g@DrJqRsbHAry~F0N8%4Z1(AO+hSSeuC}|>y zMso7Za(+%W(7RcL7Fp=`clDCead=(~^`sEw5NZm`|bsB59 z;w0iy5`UW19Gpi!{A#c#Ip_2me>Hfu{~m~T1&cIHv4$@Zg#V1epibWjUFM#YN+PoT z25$5xh`l5-LF-7-dQZ`MM+(U;XY=?wL6NHzZAU5Ej?kUZN|Dy>B46UxTIP!?Y^P~*W;)^9X`1ac&32k*J53WkEwMDscA6%2h2*r;G}~#KtivED?TLE? zOA);RqBlVF1}ORLM4B?rL~ppAG@VYQP>);Wt&^tHN%cmmw(eAI-KpBTQ&sj-NvED~ zkVxxJ)z+P=a+s>EJ5^hEsL1v)8Z*(sNN-KlVqFBxd- zPL=)zx3un5>iq~PEt>B$AibTnjGaljoqMi(E>hQB%iCSc%ehLFx4V|NyOy`Rmbbf> zx4V|NJLTQ%cGvQD*YaLM3e#N9jfc;dkWMuyvUCZltp-JwE>T&!L}lp`QkL){OP7!` zBXgCdOGtkM?%w`9aG1Xw6j{1NWr^LI);Wv=JNWDZLNCpcF(J8SZzlSXy_xb<=BB_m zkojJWox6e?;CU}B>O~;$1l?YYm%D*A{sM5Vq=psU9(>#12-fOTM#s3fqp5mf*^xdq z^%{6c!yHDodr@EF(||tgMeiwbk0~BUK6^1DCU4Z8gz?4SwG?gfp#}xx{P)2G^>2^% z>xF#v0aNv9XZnj?)Q0$6qG2XNw>Nx91vv)>K>+ei{d1!x0^|-o!$P(WHNZ1Z`kxF&2}K#6ci26pZp&I zu~@(qq^>_w77vQ%=}!&raIa;2*9gj&kgkPSN5SK0s%uHDJs3mXT}x{3fs8Le>`9Oj z9N3xfrCm!pJKZ7J)knZ}1nLz53h8eaj~?*?+hA;^3V$b1gC(Psw~_WvWG$mCFFY#KoJ9)epGYw4ke zB8`0K2045dJVdJ*iUht4Hu`nohwAf@`uO5T-UMy&fg6orf`ml6#HX{Ah_XwVUex$d zbcOg2MIMG?2|P<*F1`OS%D%@PMosa39j&Qh^2FstHaK=0vk(m+>l{GVIe@Hl0Hrs- zjkeD|4ch)rkaZ3q>m1zM;153VWFN>n2XMXrJh;JM2{J+i-|^oCd5i7d#>i+H$e0CW zodd`^2at6RAnP1J);WNza{yWA;NAuYj)J^50a@n&iX_~I3=p2$7i67-d%NmD&a$Ci zZdV<6yXwH(RR`X#I`DSYfwz-FJ>O!Mp6GVfes@ro!|ol7_4b2rki$DkSJCYQ3f$Kf>m0BKNf^o4zbnYt zAAA#u8p+uIe6Uu-FlURKkv_<172HpI8A%H|05VJF7SIxtKlyf?^*Q5Lcc`KT<)vIPO-E=UR}NB2Zdl1tnb%id0un-uFP>IfA@%bSq@O2;`k3 z$QwrR06eTfh6Qci>_+#AWs zgGf<4$a{G3Z6x7AWJY|pQX>x{&wJcS$VNwyF(@cndJ+HedLfYYLZDc`Q`8okA~R;V`Q{GDN+FPyLLe)JKvoL5Qz+dY zkd;CpD}_K-3W2N?0$C{pN*kF%>9)F4h{yMe+)BmiN8V)*pYz`=O}=j z;mT?nN#I063AO5 zFqu+MMb2k{o&5PAt6#vLwEC&^KHEUvAAziX0a^V57WprLVh>EEKN7qTS(*wb4}h$G z0a^V5^8N_q{SnCfBart;An%VrR={vq{=?w&Rtz{F$)C#CtSAL1nl1qsDlSr7j0{Y5m-v4MUzQSa=8VvKO`k5sl9|f+ zGvc#cafOC?U7xO$Qn>7l16QffYX6V8H(R~IE!K_ThxDgYU0+J!b%Fm=y{^>JRPS8+ zyQy9`PDh>UohKadx=SqYeBpz40e#R^?E; z*;Ng$r>Co=rgnoO^OY*|l`8XpxRYzx{na62lzPnsP^NW z&Vc`;+K)e~{rIEWk3Xt?_oLc(KME%s+()(VepLJJN6}h!_(lr{+8G)=a0$F7QvdRc#l@Z7)Bal@_?hI-? z4Xjk0j?FfMdS3-rsn1M$(izmg_;BhEIGg&Kfeds3=c1iv&}J_HpO*X}37f&^(Qh-5 z2XVgu_hwL*M(`y{Jp z7G@wVsh~*945Wn|A}t}1Q`*3rtXS|dBw+@ULrC~}E%>-K1e}RPRjIbDQf*nK+OkTu zCA;F0bGWZ4+OkTuWtD2nD%F-%sx7NjTUNpUJ#Lk1%PQ5DRd9YcKB6tF;J>&#5wwq1XVdNCK}yi_XMC*a;S^yF{MCx4oc@ zHD;ot4uPVhW|FeFWwbIAS>58!RLwjSj*%K%5`0#|Q1<=ce048Chs>nx;{URuSVS|C zu7e=w2ZEfZ2d+R%%!Ci}bfx<6ja1yLHMPx1&P?R0pF0z|>I`;6qGqZVnu#oRz>P$J zqJ?I9PcV-+6N&1XvHNE!C=9s#UjCt8S@Q-BPW(Mb7>@5;tQ>QnBGx{T)nXv4#Xwezfvgq-rCzXA(QHqVE5Rzo zS;*c~Nq%$R{Rt;SUk9x+JDM@8QFLWX{-lVpkbau4m*f`!DklIBJQiuGjg`r zd*E<5Ag78QbZ5aae9&(zL9s?=sm#n$nVCiDHskXSEpZmD>@{$U|C~EZ`?Xoxug%ha zZ5Hy=9)IcAW}(fJz`2qd5+y#*OA1JoxEIh0W@&4hMQiGW`(@hiENxA*RIX;JT+LFs znuT1|^7M6j;aSL)q{&VNa1}h9rP4J^`?y)EwPvZ-nuT=rc4w({%|g05@Z z0LVHnQ0(y8@Kb!m4xbG_w}N7a&sJ%f4L_+@_(@3W{durbQS9*9)V}yUPVLWztKuWp z_-uH49w;N4+32ez@L6o>*~;PBaF`R3=p$Bw!spr8QQ}^xxJXef^VwMD^TC&q$=UFn zJYzvg$fb-aX2XB+S+2N();Ame%hQ#No@Qg2Q!e-~KCAtw!Oiq;v*G^`cQ$r7T%s0w zfzo%(Ry%w)b+V!_U#UO07#8d(5VDpn~z4nOBm3+IA-8y%d-h-kr}W#a9jMPcb)^Emx49)@^iFzo&%p>$1NkEIq>;LcMcrx z0d_-M&QadZ@oo|-+Aq(6lM+TaIR{RXTR7Rzm2>=dfvlkdSv>`^dJ1Iq6ew@&=F%_k z1zDQ`-bG!{RUJE5b?jU?Nl3KW4sadyI2V3$LJE3gH^}NKP(}oEk@KzYTsTR1I4L+? z!XVq?=9DLJHrCf%blMj1IrP0TDv(uA?mTo_SFloXIx;yA&Gs%> zr9PbJgPRi*!MW<@%g(r;M!M!91Mh*)t9!n>Uy$@^gX9hS;Q+W$-HXv(^R(T~L*q$Y zPJ;nu=bxt3=ekc*-gaPj+W6Cy_cBn%ZqKM}Kcnxbzr!v-q zGJhzir|xo}Q5k+lOZ|-Y#d3NoXCzVfcffa$?Pn+{v9$Mph7ujYEtZd*<=6mrpe&r? z2+yB|)*g^`8X)Ucz!E`vw+)hvv)d)(M=LjS25?Agd6;tI+2! zDz{&R+l0~jeNj35A{?%FU&4Zo13QuPmk56plr<-^pSJ-Nxmu|FU&zy)xLI8cik4fb zaVtiSl!a+I35mt4rWXBL31^WpA>Ck#@QS>W4sStxMp;VQ?8~E+J*{ zuVK``gp?1%DQTg!JyLjC+vCf$$0N9T0!n*)SzF@E#5%`)1?rcADRBN3^3VWwvc3#* z5({`0_4Nue-vhi$QQrB!0)O5I=PSxc{}uAq9^`95;H&B{+;|0UNXV5MMmX>a`8)`& zRv&h*;NC)C@Cwp91e9?)Z)>pe*tx;@g56Na@Ta)v$B)Ci|)5{n&} za7Ol1H-N&EWhy`Hq*iwkC0$PVcu?LDEvFV5KzX;aoVrK_7gOrx)I}F?h5AT~SV8)S zL9uXF5PmnvE?tnd`tAz2eFzlox&oeyTeSTOsb^5+VFf&I1o_qyD6@+zh}|9(&aa@Z zJACWuDz9Wm z_F>Wz`$u6l5hc)C=a0MK$A)n%AZ?(Hhb0~X|54o$! z+eVO6ox!W<@pZQ^Sgigfg5>HbC^NCE$(!H`^0@_C13j4!$?_ftLzcx!rr+Rv?%+2h zuBUO^R&3l&#_d?KiFwBDT0P??8aM0560b6D*1jbE!MIslmG}$ej#yxzFut@d&E z7#+qG;jf$aU7|G+J)^+p=EV)Y=;2w#) z6n8o46>z=Tx?BCr!89vR(-S&Pu_cW(DE5K!V5L*8q0%_PBA>s}8d~T^KMg+%a&#qO znp3)gR7XRzh!iA0>7<{MdnsU61{EdeDY1VkcmsA8m22!V+%?r>A!Qr~{Q|C1gXM%S=eg8&8doWseL zQufi%5#CfNXPaa*EM@l+M#^5IAx>;NL99|uLBdI>uq*|wI*_s=<*4LLav@=)bmNt$ zV{k>c$V)Y~aatQiq*%tk+zIc;tM3Rf4gWwEgZxW=MKaS!`Ck4@HGDXK5_*j0F35>U ztnlS-Q%_QhVIG9}R7e^UPwJo?%2Gaw6)r_kz7u)byv~9&B)=uZ6N!$N_U3Ii+?qtb zMr(Mvij;?CYrN7g;QJ;b9n#Ljc@=4m)<(kFpw5GmN*s~vKXrH!uHG;0XC5NQ-%G=CBaEy%DR+5G@8hB&~jQ!E!;Cj)4#k~&ZK`UhsRf1SMWDp|N1~davtxw}o<0h0AjviBwD9bM{yS%KRv~bjAX%%G!Wobjl z6%^k@fV5Es`Q;U*_y|oxj?FKw$ShQ(iJoLys-F zyRfJrZA8h~aTVo~p|TOB1=K^Il*E)oDOcHu5-2n;xK@Z^Vqx)!q6$(>gP<~}D8G1g zMgC}f$fR;ps`6f_msFI6YllarL@6zSq?N%%(k~yAU!GQQZ$aqd4UQLgh!N+EvW~x4BL4Sp;#8q0z4OnPbkPQE$d@MeMotJQQ-)4BemJoN+k28 z1)~eg$_q;2Yk6t@$bzx?rT37ze7`{^(hb^5z&zyt}p2Bwo+cP@q z$SCj}zF^v!uPt@u+j-rr^Z1hE`K+$FkgtTL@g=67*2SF8_$9t!aVg&*>cv+qzJdn7 z96fP`TFaT(l_9?A*q`q@WN{kkm6m*?{_B=}UHED%hcC1a!gkHY`n|@w7M*k*Uvj-3 z>-O8^dKljvy@4-$-h}47#rh5>_R1F{<$H^FSi`M58HwiGuC>^jW-YO1Sd*-U)?3!g z);8+}#tL(-dDd)e4qq*Q%9>@Zw|-%5w-#7WTF=>@^>^z>){m|E*8f;Lt)E!GwEn~T zv-PMo)sC@#&Nqu5vVLP7vJPASY5mUnsU2r+vJP5*u^zLIFj{D^rdW^jrK4A@C+JB> zSieF?E<-E7%6E@eTFb2!*6Y@L^h|548f%p`6McEW`fuwEYpu189&xv|*ZLV2YatqY zESk00`WssNU(vhLbBM)sFPe83J=a8flz-!k&EL14wjQ>AU_D^{(0Y)O&OYl|JKj#P z6YV5B*-o)Ov_7)i+3oEPc1O#%ExVI_j-6_Ew!7F}?Q`vJ_IY-9`+WNX`$D^ion~KT zHCpf6J?)F_f3m-1Ut(Wsf7$M3_qM-cUuIu!_pz_A)9nm9(|XhHYlrN9c7J<-on>d+ zSK42-zh-~k{)T;(eYKrq53~nawboX9u$^n?+1J?D+C%K?>~GrF+uyRkZ4b4F+5c?c zVBcupWZ!JxVt>c}7yG;Rt@ds9?e-nkaq9znxP7O6mz{6lZI7@=+6DF~d$c{qF0{XA z-(wfqW9?$Q#2#n=t6gfB+2wYHeXl*)e`5c;^}PL4`)Bsg?fWZPul*+O)x1X?Q z+ST@x_EXmH?OE0ztv}eat^M{Kd#+W<*z!--bnCyY-&<($_qTFBDlX@ui_>?dR<0 z?fLc#_5%Aw`z3p!y~ti{FR@>?U$I}cU$d9m%k1U$3j1|?rCnpMvRBJDf$Vkm8#Z5x zu-Dt1nPb0WZ?rer@7kQLZr9pd?QQmUyUyNW@3h~uciFpb&b_wx+57DS_CfoQeb}zI zkJt_NQM=K8-#*5<#2?rn+8^0I&D?ez$8|g>#);*u;CLs&NpzApu{VYDciTH1oQ_T> z=Nu>1>FjWJu5&IY(4OaX=cL&SIGeQxXRKbtX{Z--Zt0htOPoucFFU=Q-p*H?%bd%d zKF$?Rx|88#I(?mx)6ePe3~;iXZ0AbntIpS)uRGsxu5zw+a-4zAAZM_X>*P7tIM+Hu zoa>x#I@deja=z^hb%r_r?A+ko=-lMo?A+pf$N3lMyUwl7ZO-k^9nNs)PUkKs-?`fv z;f!<&oKenbXN*(me9yVZDRRa-#ZHMc&iPlT)G2eyoeJk(XS{QtGr^hY{G0QA&NqF) z`GNC8=RwW|eTb7if9(9k`FH21&d;2mJOAPQ!ue0oh8o8&MTZ^_?oknGXj@8 zE1cJzm7IFFiu2ky>x?s=-f-S@-g4G+IuYM*a5!Pd;q)5LTj9hDImJNslsh|}_nckM zZgyAib@s8h_yGHb53!rK-eEtjbCmt5@5>HT=L6?Mc5wRag|uCVeS#kQ<=D&S#=8mZ z8%uJN+3D5JZSQt)JF>6p9NEj{c5%D1U#XkRekJ#O_X77qw}+eNUgY+4FLwXQ{SteG zE_J``_F^Z?SKQ0o%iTWi6>hql!48(bZpiJ&K9m7&mYeNf>3-Gyn)`M48}3!^)ozYE z&>iFsc5~f4_Zs$?3~{e>zv*7@e#`wfdmx6n|Lor2-ss-s-t6Aue#iY6_q*<`>=?M+ zy~7>u-s#@u=DT;hBUn>k;Er-fyJOr!_j~R=Zjn3IEp|)XaqhpmrEZy9?pC<>y5rsZ zSP4GS{Wtgf?)~lq?ho7_%8G0EA@@h_kKLcR|L*?O{h9l7_dncUxc}+?()};@SMGni zzjlA){??uB{*U`R_xJ7}+&{Yi>;B38v-=nKukPR6hgoU-cUHJovSM*MEAAe3A7fos z6>El`U>!}h`y{J8X7SE_j=VkP{n#_SY2s}XZ*X`^!+VF9cptFH`YW^HOJru6`P)bcoH{G|~_3j4uZTB5_qr1s{*WJt)ajgPWL@`m%H2D*1w&7kNFsi@ksHzT{ovUFv<=>*e+KzT#cxUGDYquJF>m3@_8`>xI02UVm?Zm*r)9 zS9)LdzUF=1`-XRwceR(}4fF5W2Jc4i zChunN7VkUWzj)vEZuM^SZujo+hI@Bix}o z*qh@0-J9xFdegk=-Xq?l-ecYjugZJed%~OPReMi*PkFPv+1?y)t~bwn+Iz-()_cx- z-ka~e;4Sc8^j`87dW*cp-V*O+?-lP=?=^3!x6E7at?*v=R(dtwDsQ#7##`&H^WN~@ z^xpE;dmFsBy?4Bg-X`x|Z?m_>tM#^e+q~^wowvi=>AmOe@^*WByuIE&Z@+iIJLnzq z4tw?95wF2J>NR@rd&j)v-Ur@?F@1_Fii*74iqev}isHib^qh2a9UMD0e?)0Xal3Jh zL`p_7W>b4KE+_Dg%MY%xIgG3BEr`w6OI%LL=#t`sd*bqgYto<*g{31Z#*Qi~xG!l$ zlRI(H$ddB>5t3-)h=?z}Xv|CU-I&P@pSc&1-(12qldPx~NrlNRserd(nqWp^Tl#=MX*c*aO zl?Iu*Au1oqrBOGrHw2j~4K6nZvC8z4bYl~DlggUh+DeX;!&dHN|VrC z5qJ4`<^ux%l=3k&o$#IJpy`Gjgl{AVVRw*&$erdOe5W}G-z4OZDlF`uk(rg9P*7Hm zQeY-0o{W@_DJ&hCKrYl#mVlQgGA3Db6S&KgMnT`WleN(1Mv@p+II4V%B%zM7B#juj z6NQa|Q$mvQ@-c~$mb%Ik#ZOpRJ|>Cy##t6HB77HAMG&eiStFYptqS9oL23TPlB0S$2|4IE(_I1LSTDGdpyG$fp%Ax=X>0tPh1 zrHV?5mK4>j+tCX}-L{Ve>cg~KX?emh=BJ8_3PzPDs!Jz&W3Qcn{w|KWu_(W6jFVHI zG!TV*PXX#+RC&TcoMrML+4yRd1i2~DbkwDuDc4jK7L}p79m4{^ts5TqVU4QngY>R$%F5WM!Cp zqsg=Sn){Hss;H%BWU1(J9bo*k%r)Cw15KEbHPGA-GS|W8nrp6k!8O~^&o=b44c%-* zH`~z7HgvNM-E2cQ+tAH6bh8cJY(qEO(9Je0G?Hofp$I#9(v~vvY978+D(9X$?xmjseG|?Pr$~(}|9%yI}G_(gA+5-*kfrj=# zLwlg1JI%z8Tx|^{XvHQAVYtUp+CsbA7tnc zGV})-`hyJpL5BVyLw}H=KiJS8Z0HX*^amUIgAM(`hW=nff3TrH*w7zr=nppZ2OIi> z4gJA}{$N9Yu%Vx8=;s>xxrTnOp`UB$=k|-eCa`2i>m`tsTthwAP|r2ga}D)eLp|3} z&o$I@4fQ-jJnJc>c-df_aXGo_6_;P2 z*QBAUa{_lslUqxZnI7bZ_fzIR$W3N?kekf(AUB!mL2feBgWP1M2f4{i4|0>49&jTw zJ>W)Wdccj$^ne?g=>az~(*tf~rU%@}%rNvb4E+p4Kf}<^F!Y0NE7 zAwxH0=!Oj4kf9qgbVH`xAwxf8=!Xpbkf9$k^h1Vz$j}cN`q`Q7)Q-Qiu$cEk7;?!Y zODcFrb*I{~i6X6csz|mETe^1!!+=DLXX9)ad8Cn=ZZ%@ltrAMsL4}E#pdtF?myKxG zWa`UpxTh~0(W!aj47tWNc?Hp%c_|SIrR^k?p03tvMtXW?->|D+M#PmFaWy>+Mg00j zT>T@i0TEYL#FZU(^^Z{NAJk_keQ@Mim{vw8l5R#MwTwt=8Ija7BdKLZa-11XB|S5e z&&)`AnUQ>EMpDj^RX(11YYhOz>c8Zu^bC@WB@p{ziqhOz>c z8p_HGS5p&Xjp-Z8HZ+XM95N#%vB5vpHnU=8!R)Lpg>A zIfnkgpj!(W(>Y{J=a4a-L&kIt8PhprOy`g>okPZS4jI!qWK8FfF`YxkbPgHQIb=-d zkTIP@#&ixD(>Y{J=a4a-L&kIt8PhprOy`g>okPZS4jI!qWK8FfF`YxkbPgHQIb=-d zkTIP@#&ixD(>Y{J=a4a-L&kIt8PhprOy`g>okPZS4jI!qWK8FfF`YxkbPgHQIb=-d zkTIP@#&ixD(>Y{J=a4a-L&kItY#&gIR&mm(xhm7$YGRAYr z7|$VNJco?&95Tjp$QaKdV?2k9@f)k8lXn6g-| z+D@@#b7NS=GP)p^H9J@?vGBH}l7h%V%PF?A;^too`h*->z`}rI6X&LYcvLh84Ouj46q^ zv2gU*eD|jOinyDDq}*X+3f)2c4=XE-$yd5}3*FH|H)fU#Ik~GY<@;z!IRCsK1@B~p?W52+0_}Nn4l=eU`jX@ z^${Lt!*DjS5v-zCjEY_on=T&Bnbce_*q5Z^|FoY#Dih&BoP~Kd{-jH{}m(HSP`F zz*ghl&<$)g?hW0*R^#5#4Qw^;4c)+2%g76CHLiwkV5@O&=ms_#_l9m@qj7KO1~wY^ zhHhY^ac}4bHX8SaZeXKjY%%VQTm`lm_eQP)TP!0lu)Vk% zISOnq?hT#5=HlMa$us=SGj#F{Kl2QoJX6lR+$8Nsv$FJ!OyJIra_2<32S&LEMY#t@ zxpSl3c}?!@sPwa=($9`cKRYV@?5Om!qtefgN$bU`day(2WNY z2|FS$SPSj4+Sy@sv+et`?+?#J)*}DXaz{)kEwWNsM8Q6>qWtn=Rx^7Ng>Vw8$!$lu z9m~C^pp?_G6)#cjPv|)QZCzs>tLv*R)>(&rJXT#>thkQ84?-od;`)46RbR%+>94Um z`g&GCvznWft_`jU4+Pgf$Aas)+Ti-YtHJfJ2ZHMpdxGoA`rx{sy_iRD)qGE29d0aZ zgnP5nH;8}9as%|J}W%4SiN~YD>28hs`3}Ch^%In z98(B4W87sm@vP$dste{#R z(=O&~F~eiZV}26z`|B*T&r&H#Kf`+~&A_agFg#e0+Sn_;cfX#$OiS zKYnEVuj5~g-xuGQ;3Om`bV*1{=$#OP2TQFUtp84f1Fx~peW}%(yAW%>d*JiR2|g0K z1J64*d)8Y++xRE7;vbz#5Hgl@uYp>BQoDs%!-;>39nWg`rrb2S+78`Xj$4-DM4wZa zAt*_>JZ;BsN~y`!vb51Y0biTSc6udfs)cAyH>J`%zbA%{rXR$2UB0j@U)Ggx<5~`P zz2zHqR&#&3V~s2O#((KIM1`_lPH1l>Y*UKOV>Z8QqSl(Lc@9!J+oHECCke?(s+^-L zr>M#qs&cLnC#-x!PHmENh2-Q^IX9Klg_7jNCOI*cvu1jGoYlm60>eGdY2s|55V__w zO?-Rf+nZhIa_%JO2$EhZ>7|iYXE~#W5Z@rgRm4joUaIBb(*vI#>gt3`&eD)`2!q&3 z#10X=2RVq9vj<5fl{nWDatJAO)_AGhr7G1};`M`SXX5oRR67v0G;tWw5oEAo$-kcDynOftND>>r|3cWOEO?+A(#iK-W*^3mK^GM32TsK_4 z3R=C1C7h8m-3UG5Xd3kTan^yH^}|U&a?X#ICg5L)P$5Djads^y;_##$>3GDyj3>Q0 z7e~%5;nWg*#^5tneLCV3!bi(=LT$BH2jbUM8>gS^Gb^Jl=LnpTo92@AaqpU!sY${< zi7Vho6K6h&>&*D{j}!W2_0by7rG~RCL3+f9Or6~Ik5k$+%SmhH|3rTKJJIV~_2b_E zCHvZjV-?C5&d$R&`vU&_J^qK3pwZ`x#{T>M8h?!y4<6 zsJ!?Y@Tqj?fJCxU#4++bTC zZ~B)kX`Ad~or7;ZBmPLQDzf)E{4Qye=BYS&s^@Jce3l+`=ZuZu*Fi3-@x>YrY+$4R zj23KX#lZKDXi3qGN4PTg9B}-zx8BHU3KH@~{hh;XP)AD8F{%J6#r{6AhFkr0G-Hl# z&0@70^i%abS>D^S;{Q?deu0tqBpvDL`8FcY{Mzf7?-)Im`4?{c$FOJkrlr~q=g=z5 zugy9N2lzCu?KwX(g*K<7RV5(bN#^J8Ym*#b;MHfJ?|47LvdzTB)>>^Uz=yk*a(LdmAJAdY|+6ap@n= zyD$dY>%Zaek}=JxerP<)`bzUqXQ$O^sThAX)njui!Ch-l=@a4OY5s1E4(Bg~p7cqo z1yu$_4)jmLK~3JDn>_h@#VtSo&EOiKU#DYU(f&aX0H<+FJ@WPBAO#chs9z_4dY4R% zuP3c-)c$d1x(@k#qap~`5>?}+h5f0kt&CC0xpJ-E-xhvy=2yRlRCb4FddLYfg#;Z# zvmHP(-V0LnH$M`j?7c=m0@b2sXaw!_lDr6NzMa%R@$+&!Kgo(JFEBi!%vx4 z5I1dAep-KG7t3Fe8ysG+^-Mr{I_xQwOY~O$bycJ zslh$8W9b>Af8U6{5qBiL6Cbp=KZ91)B5qqA=&jRlt5>#_%BSZamb}&}oQ{SxF~7)p z|61#%KV#qclf`J#rV`4ui4!7(XO&N1X04mhr#r$HFMVNyzdf9&zd8C(sj})o?f1=k zw?(mmP)o%X{`sq{cC_Qpw8$>1wbJNOlj&WPIGZvB|L}|_rSMnDA2B;v-OwsBJFypi zu*=`X-5b%ZPsR+CI>GcX)46N#7y5j;8rN_9U-;Gj&;1(zH$g7wpQHZ7kJQB4=PEKQ zS{&TrZ}p!QSMcL*iT{wl!k_HV_a`YgyO7^xSvi4Skb)~2YhW|+{!Hv8`X^;?N6g=n zgRQD%ULx;*KCuq`jbSQ!y|mfg$GB;sxky7auJQ>z*Y+>0W1~X|*Q4)G>drpt(@*8$ zDfCRU{;I7E{Dav9%5QqUh?T@?t|$9-;H=hEdg^nd0<{yj|5|hVs@e0Pt#y*ock91! z|6+RF8h-{UZsMOWP|-fa_Dr)80V}uoVejzN^zwYYrDgg$&JX(XwD8l<+ZGG*5tP8> z=_Gtt`@K&%?=7$Bpr}824j&TK7HNea(ecFwRhws*`Z6oR^&IS9$qlwk@H?Tc2KB9N zwKaZ+V?|xRjxO3|Ms51GCamkD!ZdS+`w(&$*xk*Ze%zZNw<7D<^AW4@L>(EGdN<_q zRxHnh{J#S~68+`Gm9JzaBJa!4{EMUhSMp5mpGPCh7-fS@w=gX0d zO_CTfzHfZbmQ4^Q(&{xV1E%e^s=>p0Jxb5CnwIgD(zA|6e$-Qp6=!OTwbAmH+kYE- zA@Z-GwwYFrjg9o0AAPv=MSJz{ICj8?`c~lrEcgp)F~{kJ#cpp;nAhO2$Ua{S1BKfk z${+VK<`A2`9Wt{|$|zP(lzhq?N70@MW(HT{-@t$Hlhxc&E*+h{4{h@=k8lTVLfUF1 z??EI+bo>QwwOE8R=g2)}+bmaHJA$VJTDY_7=PdoBtif78=I!tE*6F9@P+Dz0^S^tLl|yK-WXgJ+w%(Q2n?xVR zw`8%VuEU+o{IHDtk{RcSYd^S)Rw;k)HTyfjXkSMDn`Hz_T5a}cXSHl+F)`%aL+bZo z+48+$xU|P#;6K7j+m5V%x6m&CF1p@G2>KsBm>D{31o?ZJc`x}7a2r}t?AHVQOKN=A-L(Qu#lk1`$=>tEY-upX=(RyJCJd=3rg zPA%F1RY&@I+E+YInNFqeWXcl;W8^XlCbxbMRSQ z$*X8k842;zIz8yGr6$)iLJDjId2pt`^F>!78#-1yF|xEW@k0_L^B`f3AvT~sYqeJi zo_&g#+A?kJ?L;>CZ)U%p5R`Txe_}bvzv2l&xYhoNXDy%LlW63m)rWlZU|8!9K1JWQ z-ib>u7qJ#kMqg*rB5#IT4=G_)>ucpN!i&~Rt?O<+ z9zSkVs-GQ4E=0Fq*s`Q(lwXOQtE4Y(`TP_4G^3|2^AjcaSw!|%Kt@|MM)#bjPl9mwq;c_f3=M7B{<@+b1~I{&ZnsC&!DVIO8p z_~TA^7FZIkaE~yJ8X`sGH4DL;xoG_)JJfyR&@vS>6Yunw_T?j?;klF7HOoyTFf&DAPqBGb?ApyN^i%d+jiG>B;&_P5IOz+Q>kw^Xi|+ zdpqVnWL?4z-aKw<{ry@SB{*a6GtmKOocLLcAmbG;n!msaLa|EClQMwx5vb zDQ??-Lvo6UXXSBp&7744zmSQrz6Yy9*7BUJwea-NDMwkY+7L}lK}Vg&`-Z0QpN|XM z<2}kMyO^*;KFvIQG4yG`0oD+n;auLCbMExsznpoxXEz4zWjlTDyR0C4+pH}+y96Ss zoy@w41p53P-E=KvSK3ND&U5}0f2TS7_etl+&!_}VJ=n>$=NTpXF#_w`o)hAs$!c}Y zW-IRz&vfjAyl*^N-+uz>&;7Rb@-c=o8vT>c=$!t1uTtd2d= zCZEGRkh!?erfs!0E^4iRAwTb!J&UT{TGufr=Y>4g`7Jq1!u+r`+vJD;Gs3^l^Vc}5 zfKhVu6CuJWoXxB9f57RbXjTNFP087dO>)Bf239Yf{tu1ZpA|H7*%iI_)3>`%KVNN! zY*nA`r$0aoe)7In(m1{TwyE8=rqSBY|Ji;LIX@#RVdj!*g%|9ee3!KVx}q(39IYLr zBDCpbZfhO0<8QYa;1my7qudzm<<$BKcB@3jccNveIo4jSSk*awU623O2A9g`k&L+~Gh+)5zU$tkvM`MXq#7Ru(w_57v zJmq;9HE$@x*Os)Y=?-Qk z!+sq}UCOx;m$nRdf=@YnN5359Cwty6Kfy2R@kyMr#;h0Xus+$Z%LyqkyV=ICBYObl zXn*m1j%6axSS|Z8e;uN}e$mti$?DsK{L8-V z)_&>qR~=4xkiytcxXbTU`zym?xVGcJdyBLrKwCd4YqK2y(EFgRz#q&1#FCw6BDz=o z0J%Bk`j-9i(>=QBg`L0ttp7ib@l(cTub_qM(8bic~?6 zCM5z&uL9D02Sv&EJ7;(A-FtHrLecmCy$`$3&dyFRXHJ{4=tm!LT|S}(PIV|2XKto` zd*1n5k?TglCY_Z;XPE~<*H2I#qVvVrO}`f<&I3)@2l@OU&ScmRSWDBk7X=dVF#t8vox%`6&z7-myIy{ja}|B!i}ZDW5illBYLiD zGWL;8ZRvI$55uKvv>W{<*`aEINVN*MxH?pKb-=fe$i-=0x4>~aY6NILr)$>W=6ot> zu{aY4WI1eZN?Z&lNO3gdj8irUzd_ctNL$QfL57CU2|cOnb67X4Lnf`CnTw^^&TZpH zOX&vIEYWY)3jN+0yUvl$ITSov2`}2^aMoR%CYhXU&KFt|C*L@`-NIKaTD4q(_}Az4 zI|Y4Sngls{&E#14j6ST)Z#q(gSPq?PHyw*pzHwv%6be3#59p4rOmP z;;qMX)X|>SP4~Y8o7&U50n4q$c4S0<_oK^EGhj_S*J}LR=LAlkpg;c=akim`I_Z2zx(hp7%S`!SdpmF&bFP*V3U1~c%53Nd|E&V?NtS&26ms-|1bP}A zB+>ly;26(BQ^ptTPYy#;-O1b|VHv_R;JyE?%fwoa{LGQ)Z~;7k8@FD7gF@%otl@6f z&h28H-bHCxF)m95aR_1YzuA2Lop`SOd42qUtL3uFWi(D*)5B~c&8p&|%dWpBxrQ#r z4~P|e6MA4hh3lA@@!id*Z_yc*ZqJQEh(9=#MW272L~o-vaz2dwP5kF$Kk=9IK+AX; z<)gE(xYe9P+{U7~O^REFPA~gE+J01M^E3{e`!v3ORvL(SzauxVfii=ez)$;e^jZnzn{GXqmEdFAw zTg;Ukh;;-lZM{8>5I6r~sj-OYp*%CFhYG}r@@APhO5v+!ib(OMy)ZxG=HyG~)C#K2Fz=`S9n0EpA7kT_$vkf9%-METiLn zD}PqgQ{fZAju{= z-l118xx%%|?zo|X@r!byy?Q46K>v5VAP0j|V3>JJ00kxj;VU zfAAUR4(r&`L)@SV&4#%KH~%|uSOqzRVE7}He!11p+=`CSOt^@*lT7IbYnc8Rm8a3h zH-PPK75dP2(D<7W&vOBmzA{?uA|w=^7l3Z#2&5^l0dY5Gm8~=db>^NYr&g^k8rZKI+}>(qX;-JP^W zxtk?$zpKEC9i8)XkI$XMT<5Da^koLjL3;a^aG8GEq;ckCm?#bZ(ws^VR`UKxHhYY{ z=<|zMe-;C}hZD35To~E;)4+XSfEMQr>lYW`Kd*t{M3#YD3kN>?9Ta;FBm_5*<(e8o z{R2{BVdLE~s-VX^2;HKco?FY6|4shK7?s~(&%`%0=Zdka|3^+Y-$Px$VgGIL=Zm#k zEN|-T)X5PwLm%KTb4&Fw&L-OS2cAO;fMy*!6r4j6PBamDp2>fQ+7+#M82BI(y>Wnd zvCQUEo++9CX8%S2WBrc0twlc<*1x_aSpWw4G!ZH=v{-+##+m-u1Kyu?R0w5CAP8~U z9OtP2QG~%Cx{w3@Oiu9&yR82cFvFl<&k+R#-8^B%Qbfg!F&T)KrL)rUrzps{ft0g3 zK9D291i4Wtx3G!yuV4iM&5smup^f;@DXu|)aX0H60NRmTP={7P<8L}2>>A@nzs;7s z(RgSD3!Oym`80=usaRVbGeZURFW}=b59A2tu2zLh=F}7R8bF2y6cN19SfaD%bgl>| zC{hY85a?g9tT*Fg&;5oY7q9(r+Vfss<3{=m!kFt(6P8CX(hs19;Rx{yhuRCt)>ki& zPU$d;aEdPQb7{=t;NRD7iWrL2(2u~tM+=<7ME~&IgZ~CnYuf)OX{5g=f31-kD1)6E z{M+;+0;B#QMs88~#Zqas2WV~4m(FQ9!nkcUhj+1T7{vzwnb*y`Sc$m=y7}@s!QUa8 zJ99}||MVqyLqBc=&_hxTu9GjE5z0Ce%(?IR~hx zoOl;3OXZxR19QOVe-Xd98?^;n&5cW8{p;M%4h=lo4}W5JO$fZp25MQ|-Ol4tAJL`b z+&!4LcU=LZ`@5L>$~s*}1m@qXdm~>uX^yd)BZ4s!L0$Pi%JAh&RNA1wmjQvN!E@>K zm*%hS7xNAHf^Oy#r{iDr2~pO#oQOfMffZMCj=NY78ALoG+)n0yZ~ie7f1F&3Hd+qd z%W{+@8g~8fl)5<&rCSKMg`nfh?Zq?JJ0j#U?j>Ke0HiwnrFf$wjBcYA2d!TP4kZs< z&T8iW2=|)&-?tY2F9>0`Q#^2nMsASE7vOs(F#KAa(iaE2t}EBi=3ggD(vDFImA{f= zS}#2bnA%VLfomx9+gcWKL#@^OyHQPsUwG;RP|-$k zqq7>$fY08GzQg`dU_P8Y0nH0EGq}M^{)-p>vxrq85rD0O$dzFhy-RC(BOq^`7hxzX z{@93-b`)@U0;AOjuyl$aghH9YJ)<^s<~;4}JOceRah9~t^B}m6{bnz@s}o`q=T0M+ z<|dh6#@R%`S1^gMh8yhmzCyX!#gP{Bx(purG>tyI>CchI*v6YyM;NOi!NbshT4+rL zhcQz?Oj@Brxfp$__aM^U0gB<4A4gcDkMywiv~&%Nk)tI=vkdlnaDH}418t}C!9G@e zYo_Y@Ht|ex!eZ1|IBeIH_#4<)zs!*OI5l01ep|!3lbrN4t)Z@y9##&a-Rvz>bZC~9 zoyN9(?Uxaea}Gp`PAzYy>L?e=S<-Yh->#5mx+Arn7CYbl%^VvQTU^)-n^ zN1Vf2zT$K{pvmCR+?`N?vOh`)~^(KwFeqTgcl7`jV!_Gb~U%?1lJUnTq zT`nm&K0^&_B*tkOoWYRb@Uq&N=VWf2a1FJUdl+P@jCO_p8KXrRhhRMwL$NhY!|qKy zAYG377vy>M5C~&P9r*S#@WV#auaGh^^(j0>J+`?@A3a%IYURlGHrxI$v;*}YRjbHR zVWns2LzmGO=B8QTruUi~KZlb8M->T^904*9(gbWdTFsHr&D!)@8}Q{KgF2__keqo; zoW~wihJH&ZlE4VlKsF^;;L9rx8Vq=I4R1sRMgb2)S`)jsp`JOhjWrnN`M=v=YRWRKH`9L zDX5*mQy8sn_0#p+4p=}fXm%Ynw1)ck?2zrxfv-Fb>Rb`eLn!xE^u`frpTM61V(3(N z-gOAMIFk30(f)*Em<711*AV#LACfC{YG{emctF3Y7vW2`|2ovWYs2q-op0#N zu;&3I7WkJXF0AjzS7AIeveq?hdg$9(lAB8lctS5f^#b69_D@jxnJ1vPGYpl1pRS!R z-Y1NHk zj94@c__F9FEg9VoE9s*AFhfK#9X+&1V=G4K8Q}lJq?xr`@W-ko+W$cpo0#vwN-Wmc z;1Ahw^7dn9CYU32j#qSnAjhW|)EIG2IiV`HDblV}p zfb#2gqB0|sN`R^gh(X~3@g_Gf%yvUwN626GzM&a4`i2XQ0)y*7jotDe9Pri*oPfYP zahy|$!r54EB|Ro@WskBeYBHV3L`ogE|8mX{X=cfX|v&i|1D7C2&3EV z^U!t=6I0$!J&--|Vp+^tL<(%c!0#f|@l~uuIFKt(g!Js%6M{QqcBc3V79%8PbB^cl zH3O3VA2Zk|fKB%Rl37n<`qA4FQg;O|-KEzbSisG>05lr_sS~NwzVn@w= zJQVX5FYKww|ISQ<(!~m%->^Rtc)Z{aoc!<2koI>$h_ZW`7IQ5+V0AB2#Y!R5=XSiU z+6R61&~$NNzrymNki<<$2K->PnYkL)k(wi< z?gm)6px2Uo+~8ZP-&t;T(lgRpBYm{E8C#BAZp6kA>O6jFmE{qX%$@w=6q3VXwGib8 zm_|I;izNf6vnbFiw8m(!Ysg#q&Yy3MZSeazd(-Nw+w*^Lb#t_N5i{4Wk#6HRxBqNw zg2WA>pEnoeb>Qw&evJK12G4QOG7n=-&UJo{dg^xmH4b}%NdExp4p^lNJBJQH{}~JY z{}KM?egG8XttP|3&7Uu!jivD}dIq!4_bl?{wO09#V~TyO-z+ z+KpBu{B~n|iU`tmD5mmSFH=gL`hJSdaCq8?cXRef|pgmO@DU zy91D33g!xq;S2bf4f`bUKQtfwCG2OA=X$K6U5{_(pvh*xqF^JbyTDpn^jJ8c=X3m* zg!o9OJyjGN5FP|*zkt%NN1lLsToFd!RnYsJ+68rwg0`Q|!mwXPtLbBbBuD-71MCN2 z1b7Kg#G#95YdB&Cq6KvM%inBM_Sa`-BViBZZ-I4Iw5#rd@h6Q^$O&b_S)uWu81x^b zQ`o(6kd4 zTJ&+n?|SXc6!F$;LFqZ>L39l=B!8WX;%(iNgC_f3 z;n)RJTEqcXxYzZvFfT{*k9+Axn7tGqwJ(jbM4%6Xcun#VUX>CHjsd5lGX6P$el*4= z$0*4?1p1EL^}RBH6~0L33x?}v=1$%2nL(LIOTHJ6W8aLi+QQ5Q^}M1d=xkCOS|Q5W zxA?&Kmftz@9Zq(S^g}F~qV3NluYwo?N4? zkZP<@YkIo8QT{y!-Xg6jF4X%9#)5tH6IHffgqz%4PJ20yBQDWxJC6r!Ow^F}XcXXD zL90R>+_{^iukU1H!Rv=C5Q6FIQhlzZfM;KY9}vX=t~%JA#mG<-u1=%FnsV0tiumvF4}YY3*wmT zM~hRk8x0cz`neR8cQG*JDxyiqjbM8{dT$%)1JR#LP{v(=H(*MPkL`dj%p5@XyAb8I zQ)SSarA#@$Wpg=Xb=r^Yix36r?Ly2Dn!99{Lld(eTGaKZ@oCIJtVfLXXgd?Ty01|< zq}`pEO=_NgEwofdVK>E8v^a+@e2JkTmz0Ly=)C(q*{tb80d_3L@~!iC2v(R7`Db5_oV zxxWPzZa4UGa7g5jd{~BZ#?X|DOYAlJw;9e{$&UPajkS}0BpC5|uM6m&RgZ#I39~adg%3;4I%lOzm{EZ4 zDCP-FOyuClsN7T<9S-z)Gt#G%e%-hXn(B|SM71epobhhwkIZnl`;C4rWS{np?+ug_@Ep^^Q zQt??6&zYgk*k)TOo+a2`9i!_FVLuahrov(7zCWrCA?fkuwBw z7%`h+T6)3^d%NCfDR9`gb`{hXI@L51T95^hq3xHwuU$p}aB(;V(&t~zox^CAm4v17 zT?Q*Jc=s>94x?@K{lCHRFR)h_yxb*lQZ%P%U!7stGkx6(?vz>(~l4l869b6$36P zxEM(aNDw++H)Go)ffnzD-!bYl##HVl&PaQN>s##b!q~3s;vy8+kt=RZ@uuL%Zaw@e4y@8Y|{b1NbR5FPiTDI3V&kYP&6jDA^8#EmN75$i$VLm;LmdkOfzO9eT)fXmSi_@;ck|i zb^~kfW)3h^cR|__l=lr@)C<%DF4ygBKbNF$;M1wyuM>}Y-t{Vqe{cV!rQwr2y*6t&2)+< zV5%Zy#Oq0R&iT8k3+a963~jpfSt`q@V$O+hDX5-_Rk%q5v|r^^Y@`*DA{$bNLD6KNAkKS&xFNKbCkL5A!@yb835#-+m_edujtVy+M~fc|!Z z6KAg*{JMQ9xzG5<+S`2^?p$vjzTKtja5L$m!{x?o6yLrhpZRA)t8wJU(s2sS7=ix0 z=h~`{Z^-RBKWFGwoZ{m{mz9gR=Fk|!x=zMeEuyFA$j>$X!oML4Z!5x==4SYE-|_}$ zxv#Jks6@{HE;QPEZ(%Wt;cjnl*RV#~)W;_OTv&T^Zhpl{md{0-W4Fj9>h#z zS-X#3Zj-z6#r!DGL)!fvmT0o-5|(2I#o=Ah#=4LbtUJG)|Et3vS~Lgcb~wAW8L&ne z1OJn98-yLfGZf;h_htS}3Wjp4{(ES?KI83r6`-rC1~&tC3Qzl1d;q5#0i)Ps2dxNb z3~sEN!t)f|l84&^|hK)}WyTP2j+{6nnfB znIlrccsFoW7-$DcLWErdiH@Luy=XQWp+d;SXa&W>mv6D#lDOgPx4S-qi!AAF^<+Fy zSc*lq``%k^cg)F5HAeEUG~)F!&v<4BcE21mu!URcQZF%j1oLu*v}zfrl}@xLjxIWh zs0?J6B=m;CBa$=LxS(&q5tgAZ^MbCIVAsjb^egZt${zseIN=7Lni7nTneDs)Y0p_hqqZWwCNF~PHp7WhVJ-Y3IV9z>zD^KQ*pfQ{herW)42!! zFDvpn4j-d5E^>3QzJrcpUXQzRq+ZZg6hu-D3dXoG7jUxR3G}OIU5gp&mfi#pfoL)6 zIg{Hk6J$&P*f2O8N8Q}R3tHwMq)ld_Ebm~HECxIaL9+>grZ<11#6hg-(c#kcEBIE# z6QU~4w5*N4O5Y_i#BecB98*G+Fr}1omr_q@ptM!mD;<^2N*CpRrH|52c|;kg{Gt4< z2CJcJq?)L6j@z1m2Kp!@^$&9d`EsNr^?Ud=W?2y zF29yD`A?04>UU68tPkB%r zL5mF#CzV0UAaP!quFMn{l*7tl@uzY^IU%kprZ^FFL29Vtt(HVMS#C^_mU>Le6-ny17F zF-nXV&xyCidw`+&cBttNc=<;8R+*)Ir_5I7D07v0%6w&kvQgQjY*w}?Ta|6fc4ddM zQ`x2LR(@0VD*Ke*l>^E_<+yTEIi*}uuBaYr3DpbG76o|Ip>2Ztw)&3xHA-I!A+D-^ zs=peb2CCs|gc_rkR%6vNYMfeDEvJ@OE2y2+&g#?Z2z8A5j5=2RSe>lS1Pqi%y-8a0 zMx7PZIs~mib@qWzdEkY5q5*um;|>xJ;|@mcdm$9HKq%T^AShH8+8~@;AsX%QI7a1o z+@;YD&mpC^ahFlLE8RsL>bqN%Mg8`PWU8O2CMU}|B1LYLJ47>iPW~a<0`5IT7eIVT z@c`gFUi8+IwG=TBFrFcDv^TZ4#bbc;DPlMve3lpi_+BQ)XnESt;#qAY;QD#gDn!na zkP+lgc}SF&$K+X&DF2lCB1QAm{6)GJu9X(`wTfD0akrML)fR2EdfFS}9_=0N9WhP& zQ2SU+*QRPy#Y}CQHbZ=)&DDMobG4tewPLZhPTL@sYrkv9#828u?W9P~f+x?A0&{-*9#_o+wJQVKWdO|&^ zo>tGOXVr7+dG&&NQN5&IRXvbXFj`^iV-069=*$!wV;bLCL^xO_rBDM!dr za?j|Q-Q~kFQx2C;$uWpqL466UFJpK#5yw{+D>2IhTNRlxP{N!c8nJ-HRw9`k&Q=#B5Y3*r*n>0+PDzLcYC5bzv z9B%b0h5DLz8Pr?nb;~d&A#4)MwN6CM=@xkCENQw6UK;8RRKRx$;AOgL-iCB)`b{&> zA;ujJ`W246X}zodltz5(6U#dYCCa1~c*>$}txq}NKzhm}PuHgedeDoXc=QB46@e@D zC)#dLKuN7n1@I|}D6jb>qu!lR_VCj$ z3U5Bx31&L~7v9u|bh-eU|K^1gO^i#I9ISt&Czm)pHX{V}sD4rZ>EY=+33xr(@F9Lv z?_MN#!%4h%%-Arj*H_^n_Gu8UqxE z!kOd2gnJX7%`{9XG)sV}4EyxfuL!5~%y{&6K$C*jDaGTB;+WDVwR~dAacTr=Zx;=bN)YrW0*z0ZgW=j>6K)gMiAK~JZmwzV-X&4-{Ul4F)DfL$rP z`B1$7ovXdL8!}#V(L!_)tswKY5gj2R3b=I;?eK2Nrht54UUeBJ%rE`j39l-4+-mhp zfVwNQmu(gtc3g{kQ0qJx*`FYI>i!j)pI6y{i0Z9fvdU#Ej;IQme6FYlxqP0mK{lT+QXro% z5UG&MHi{U?>6=7p$m*L#EadeqkZ89mTOrYIQ?@~(-L7mGtRl_2&04wnOveJeq_KPVC);U5>(A?2SGH6ZDq5;Y;qUlJM073GRZ zgVgUK(jobm5Vauvdx_f607MD}T7W1~2bzFHp+Xyg`a=IS4(6NcoA8BZK-7h9;2m)n zbW)@t&?#y8CjiYoH8t6MetmxPt-fJyBchT><=oew*nh za;?)*R=SDG)G=;}ktC6Kn*Aw@cC$Wxfg9X?h+(4A)0@2|&x{ zq9<|@VgUNX^%;ngIzLp~bo-NqelwqY(1YgF2z_Zj_oHs^p2q0uVAM7QeQiFyIR%Q@ z!9rh9I9wFod??<(bD7ZL$gQ`q-VXr}b_M;q4}9svpqRtNV~(K3v{e=DL942R$886C ztLp=ZUnV||_*v2v2#laMoF3uOCJYn&X*VJ;Hfvz~;ZS`%)T{bM{YP-B_nHtx;Y>R$ zqJeQA6m9WEVj0PWIUVQ=m@qiN@QU)Mxf>weq%E4Vf z)2SFbJcr_K!Y7r_EYmp1VI7bzrA+>GQK=~&#i4L!8Yaw}@NA}GLZMlLyFtSU_K6=P zNrWJb(xCWe9P>@J9)tYGApZn}qVYyoZNw4c8Mga#Otu;Z#fk$=Mk`m9tH8W|svoeh zzv?d}bg=e6$`rC3L*&l+fInpS?w$$p~rn%1VfiQLWDq{J4S>;r~8ZugI;&6C<)!} z$08j1-N_3=mpDLgr(?ejJnfB{6iD8MiZ8m*r^DEFrzs;tjj$*9;GNGF_6^f z4Q_+>Lq~(clw#^am`%S3dg}tN??T_EuoLm{I(;GhO>zopN*fxyAK^#qMWLJ69Y{(K zN8i-phiHo~{ndwiJ>*^ZrH3orU-!{9PP*C5UT^1ErnE%0Ck>Q->v@}!nEs~u1N}Br zXaoy!Qu`gheXh@D)uJ;?Ph&+Z3Ss82r`|YK(wv(L4fOAUVwJTMg8IWIDAc8 zILd22rW?Jz(Szm_fxa}KNYu^U6Aj!}3bpk`Uz<-QPJv=3pm&`w3U59X@4t0b0t`Fu zf3p<2Tthi(3=__Im>o^m2C*wCcU4`<4Tx@c>uX0Qie^NYp>14>9|L^q>Ba0%AaU zVu3rIFM>XE^a_Sl`lcM*^>al#EH?vOoA7DIpje*3qdFYg*q{99qH#cRD2zEK95Ank zajqB9H67Z*fcNyPI_Q|n5JqWGd^3*urdlV#CkYrT6*xEMo<-j1`Ld)k8`oR|TO@ z8X#Sgt~Bry4|k)0PPv&pTGdyyFg}wo}^=zCs1R zM9`4IaFBsM@`bcT&_Mi)KcI`Cp%z0!8bd=ZhK9Nf4b{Q>l!NYt6YUr#?qZl| z$uQB1A%J*tlDh~3YBL1XVF;+r5KxC9AdMlQCPP3ChJZANfSL>ebr=E~F$C0O2x!9) zP@f^70YgArhJeNl0ZkYJnlc15V+d%-5YUDppfy84LxzCX3;_y5Kq5mxX@-ChhJYl7 z02@O(f5rTC5Y~EZ1$^%SM0&|xau-UtTkb}A z_Q*Xb$!~HW%CKMVM=rn1gGlF)JcL*@pRMwIb{U?}_Tl+#U!Kp_cs@G-^Vv;Bkk(df zCseJy)xGa5wIK-el=ciMrFA7D88hMw5chj+p-9jcX+OY@btb}#M@2QBDG$<)YsV4ygmywy z=9%(njE!d8HwyQS%6%ibZ#3>35AGXJ?wb zgnK2DdnJZ@MdM!avh<1{_eu!&N+kD6jMhwRBP92Y#(m>u=^H=pn-K1sNbZ{$?i)?( ztql-xO=YeZ9IK<_2|xh{GD9 zUqo4~Bl=a8!&;(^h_y)t=Y%yyn~}~Ibqiu`Rky+y>x&R;hq?nUJJp@A?^1V(N?2{Q z8}>cw9+8MuN58?oSKTX;uvTavazCOTfy;6AILuS(DR6l4G9J{nlB@)KicA5et}d&? ztSM{4JzZih6|0nLgTmI8bz#qt88GY1`Y;>HhA>;nR^SeM$R41%J!Mb043>joe^fpS znma@efjLYL1EqdiJ`LZIawJlFMm~cuU^B*oO&JR|V=UN+v0y{Sf(;l8HexK;kg;Gh#)2Ig3$|q}_z+{kc8mqv zGZws;v0x|0f}I%)-ose1D`UY9j0GQJEZCi~U4|?25g0>&XAOb)nKat z0jt&3==(M58q89xRo99rT9pR-I&~d%Rs>rrU~3~>2%h{Ip3)ee0vMjk0-kojmmsMU zLs9}mQW`^&r1fj?B^dIIq1;NtN7P0R;^utuI!?Ue_3Gl z+9g2$W%V+kAFJ4)Tl-V}6S}pl>Q%t>U+Q0g>A%&##e-Pcb`2W8d^I0@B*ZmQQz{Z` zF|pE3g$pk5f>^*SN?_HS2lzZs=_x{G30VT%p_lZ6-CKI|8Z#frH@?zOJShF8KV+0Z z83-u{>*K(=hDglCVVztkRyBsnFcFJYXeA;2M9N5TjZrcR(o(dHM%+@el!(Myx)>3L z^>n3?eyof|8Oq2qu*b`=+%0y8Y>+Wo* zQL0Qu$~9ySR`Olh)u&z z8og<@8#q;f+;xEx{Ah z$oIp#zt(8yHnI)M-&VFoYqyi_z$>?x?I8?<_l`{qK?YApE`Z zUdV`DWmojVeeyooyUA{_-!JbM=~y}Vps0nFeBDJWtRZ{|_J`%euoJFHV_Xw}m4&@f z>)x_Aq|Z#5i4yjaeIOh3m3`3{{bWCc>@WMn{So;H>;vQg*au2TYjThrguJq37I09u z%mx-C%$3HNOT`Ms9P|$1FIDEsT-b-oq2ez2n0!n;z!)tJ>lYsfR6HS{5Vf(^a5ymC zlk!Q}pOR0(PWUbWs~bn4goO3VVx8kC^vh^DT4cyESee+G@n9O(K8^(p5H?K1D#-D$ z6Hb&^5BVHmfH0%P%E%XBC;TX}M)D=tUzRTeOTHpsL7K11S0Tx~CSL=Ly)Ive{SEmB z>~G39VSh`$1^Wa!0kwWxzKvQ>#G1+w#;|GfJ^3Ey9Tat`z~A9mp+a+!w5E@AuKsLS z*}T4Cu92h_+_X-T^fV=Smd~M&cC5rS*J29bXMHxZ0(5!$dQ4h3MXNFeKa_I}ZULR6 z8cz$_KN&XdUkqf zEf!86Vo?^DVsObwELK*Nv3JROw$@NO>4w7tsT>}vP{$bn5H#mnikG9tqIdKf2L_o znWnX7nwH8mtv=JVW=zw{F-@z_G%bW_S}4=B0H$f-Ow+=criC+2E01;4KETRE(^@l4 z14RQ(yPIiRS*B?fn5H#inikJAtpQUrf2L-wnVJPLHEY7uES#xX2vf6gre>*3%_LK^ zaHeJoQ?r&#&FV2VOJ!dDG_4U+v(`+_JeivLF*WPR)T}Ynu_jEx znlSBZ!c+^?3iPTqQ>xZXqgpd{D$Uf%hpAIJrcMe|r}|8tG^S2%m^x`po!T&UN|8jJ z0+>1}Or1J0bqZtZ)QPE67}KTpOqXJrF12U66w4IJlPQuPQ>1Q8ky^XO0H(eKBj zKaod&6p#LrJo*#4|ElnakK$eo#O{o$ko<^4_2JR%%e@%KqcfVvWfJ$O!ab_+DD>x% zSAoY|1@7H=?%jAEVLm*bB6;*w;BixxM@&f`D)UAd$yGB9DM5 zhW#jp`Y48XUxsu)hH*cJZa;?W3d{xgD0g}66|&b8IRiyl-<-?=V*J1!xmn_K@EWqw z-5ukEtxc;YaiUJAj*a55`b6aCGf(9Wn2G`gw_zR?_=?t1!AC`!W!dHnJN_X6nqCh4 zPYPzdnqqayJ%*nIWvAJ|^58vEG4It3t33+ zQkfcdYZ@og8h7j*CpvcS*eVV%N^$%#4*bDylm=&14Ko+DLH`?LZlpcd&XB(^c$)yk zj|E?rjMWMC!CiE~ni}1YRw@#w6^|LbG>nRtSijcI@T1e^BEeHt#M*&$%>K2)nlr2u z?bTyQrkccNDw}oKY{X_uHaoJ}jm@5HKGHiYdytyL=HqORU~?>+FR=L)Z1!ZcADdZh=CV1Q%~9E?pBz6JAMzzO-(Yhhn;)_HDVx*S zoXO^#Aw34>%7tvM9MV6lkKDlK7B+XWxu4A=Y@TBC0-Jvh8DdM(1e-oXhV~qyg|QjU zW*nOp*-U0LmCagg)*CW(@DQyDn=RRF&t?}kA7Ha5oBi0#qN-}SYz}906r1DOe2L9B z*qq4bM*wN;8DtLmR^JMbyyBZQi?8qD(r5HxI~qY{Gzx z$|gxE3d>eEV$y0Ig(a8bn-Zg)))EQONz+F2>6B7&O-D?JO#$AbG>UJMWU2r=71tyw zPGMQ@`erHM&ISe!d>E_C21DC73KaV_F;PqchM$R*&P&89u|aGTd&LoPMqE*Z;)V1n zk8Q?#i}BuMyni*`JB+s(Zm;pZ$9V73-%35>-N1NH*59gTy!#k$%y&}0(D`xxiKFyB zP26vMpU~e)VS2dALB_kD@y1$gieLFX<2}uIFEHLnxAHFWBg`#qZh)y)-T*yFoGc4^ zPkJk*@;XotwekWN*B_LR;J5TzPx!6Gy6tT7mUvmbq6}6ZRdSReO0F{WcDo^`9E^)` zVghV~k>_K|Fy(RO31ztQr1F&Vv@${&$=}1^V|8;Eu9$AfDFHcsuPjs+DL*KSl_koL z%2H*SvYfvc!pG|7E?hC)gqm~+IjvAuDnBW!l-0@_Wv!B@{H(0w@0IYey15HiOgH58 z)W4Qf4eSlbQnG}SlnTzMkJ?<;!K#n_9-BNvJYVu$Q(~dl*FLZLHuJ0H_n6-q|EhsO zL2A&2;AtTrgzO0I9QsDd-0(gTT_XdcL{z<~c~O^2ZHrk`dSPr%ncih4$Hl~TD|c7< zsukiYY>8i0(X-+xdlf^XgtymzI;uM8n#SXDw924inpNgvZ zC?QI;Qcg)yQk6PNBc&yFHFQ&Y;ii2sTnAESojW9)Ezlz`)7 z9C3V%CXTNR)#C%oIe+B|BmQtB{*y-hr;PYd8}UaN@kbi*XBqLoGvd!S;?FVS&o$!D zGvd!T;x91bFEZl)V8mZ+#9v~>|IvuQ)QG>#h`-#3|C14al@Win5r2&lf2|Qe&xrrC z5q}+MR4VxEMg~7xjNVqB;g%0qpkYPNMJliIJ6f5b_lV*DitdjdV1Kkc`vZ${d|(-l z4@{%`KW+GrH2l9a{O1_{^9=t5hW`(S{}RK0so}re@Ly&4uQB}d4F8*`v3Qqj7NNXg z)c7@{#^d;1O7{oMu|I0e{-`ngE4haMaKrye!~bc+e}v&b+wh-b_|G%^=NtZu4gV#E z|5C$$nc=_M@Lyy2=NbM#gEu6}A`SA2E(LXm44#EG{v#k^zk=DgkHl2*wE`_U_vhgcY;l9*xUv9XsG2HVE_nYV^ zrRX>%M)wCUV1Lwv{ecVEA2s6mpnSUj(}w>D!+)gVKiBY|XZX)I z{1+JhKN|i^4gY0^|8m2Bt>K?%`2TG9ud~aK+*`_bI zIH}-xRxmGuo-L*5xHd-rM!oqP^=5xid;NQ)@jc)8USNDLGrpG_-#;7QuI1K8ON_#A zq^`e58t(5f&PEPKzH~Eoe%ln(3m?k<_?XyLu2mH zm^(D)pPKVm)%{p8_iwCml-Tu&^`Y1!i2pD(IoKLBih}Tg(x21^&N-Rd+kZZt

nGZ7Z=54@rSr7{ucR)f{oiAN(seV@l^tpAgsd+Q^J)J?>DunUFGqCCrgipj@5dAO-K%?R&M-f0UPPHSEOI8)Io?1r_oBaz}a$~v?htwV2u zogXS%QjdW(zF2er7H&T!8|xAMjgWL=zq=44Im7~-$h-n6(peAgQ_{mN$8HqLGensL z(+ee_^BpNqFV52ktJZRbFX}o%1Yup~e5~hNs4Nq4ST&22HV{X{io$m>bZE_~{3-sz|Gdz-il%rfURc}euLLT=N~ls&iBO{O zXSLEw8KtaJUWr#KDTzvDrHWEbNl~gRHI;Owwo+HgQ0glUmBva__|zcN4>gceXxZxv@%(FsX{&p`6xZ#pGO@PC~2Z#pSS@M%Y0Xmg6E zuc8-`f8$%<6D=Yy+Qvkl_4G~}-+cUKf2D*vX-wpPIPFmtCB@g~?defDK&sIm!q&sn zr?MxiHzpmGoYcwI!Io@siJ2TbDhAu8=x&Eaz(a7n$3Pt4my3rF{j`;}B&LP+p51=? zwz@Gd?;HX7jffQSm@w zMz80>$$K=QyzRj;$62^9@bumzz7dPPJ;i zGIMhK_vzoOM{eejszc1ExrkY{SN5Q4IhljAhxE_Q&UvC*N}8<(#g(B|99eYA%z3PT zugoEF9ka7@;~F~>i)%PEw_kQn|J)~Ru@U|$HEq=qKi!6_TZDhA&GKm*{rW#y;~KV9 zz0{T6l)7{OL7AxZpuvvf##M>CJH<9eDQE2%#Y4z3N}zzdk2*$C#7~cBCoDZ5IJQHF zV-L4JH{zM|c@;kk8r@@NvrQR)ZhTS8>zxr$I%5AT<)+TuB%D6g`K1$QU)yqi zdSKUvRoZSJz39+@l(=W!Jbl%pN8e@Vb|lyMy!Df(T72r?uW75ETQ{|OcFNVCeq37i zXu|Q|$E8m=x8dC2b?xQ_ukQNc(udR~mnLjpzwU!tGaBs;9B_Y)H^;6z|I&O9arn7& zncq!}tmZRv+Treboeq4O-f(u$KeHS8MLrPw?$}M<->1e0KGiFD+Ng$Wr^me4Y(QS; zMbD+y_|evA>Woo?$Ei3UMfqfm(iSb!(&mR2E*+{U`I>4I46mgF=}VKU=Mq~u`Nq?? zpUub93q#GrqlEObl_vK997Gl7-R`*02NxHIL>}%F{pPQk?@!2?@PVxid6(BBZQ-NB zzFRpmx^dq7Lm#ZRyw$lECk7oo+abtS$4pC6w5qmbTax*0Q^v;{;GNxT$Y3{MZEHe_ zm(en8b#1jLrBA9kzPdRcat68yZy5$d`V7edtXJ)oGtkzaQi;=A*zUG9_4Ivsd~;>| z-&snDNYzGT#i*&OgeMd?aVyLL835)KQN8+cT@3SE@Z|;Pa9x-!wzuRN|HP{e7^>(dVArdZ^0y1t&Tle}DPh_x_yGIph1!zuR)K#}n!o zd%W7ee*c{0^O>7JdVl7Z=UzPZWB1Mv44SiC?%h`ZhgZ7yh}v{1@1Z{?pE|d%@|34L zh5%>ov5k={b-W3{b7>@7FK6^omLUh2FtT&M%(%O=pvb&XP1x25Q%Oftd8fnJAH?VH`3>g9r^Q*5@X6iJ3wvRAEBX0M?+nT6FX zCD;~7F+4)OZ0WVrYNysp$Cxe}`z^1sx#UY9RBU}BwdV1M=G~`so7!XaeRT)-n*RH) zjGvO`t**ZDi34>`-eoI4_LW(-usPp8yDVcuXYHfk-remRA6s@$X5xsNpMTN$_@&FK zwKr9~XTn#fuU_jqe(OgU#LF)w`7LUst^2ILcInipbJI?D{J4Lg9X~{W_27==KF6X5 ze19;yLrYPu`A-vvZkwOD>eQ7!gM2=ib^fo%pPGE-lXJ6|ou5Da^&dYw6kqj&&rgPA zW<7E#q)Dg2wh7BVsNA)3hF5OOb3b&Lx%k-)tt)jMFuUf84`)QAT=9MN)K{a^Jf8QO zxW3Me_-B{2IQH4!eJ?kC<(<5++WXVS%^ne*{&)DLM}yzXwS`{`ee09@WBuEi*e?|= zRn>yW{{FH@>YD?bZrOio+(YjzIQ-bV{qhbw;jv$r&;0fEO|63;oz-J)#>dxofBwj( z-)$jiejR&y**t+JRYlmUo7e-mt&)w1yMaxB+aj#E%>o9tW|UAFt-cLtZ4%Jh_?pEB zoN9f0+tFGpN+(WhVryh;;HkkXY_)7@W(k1LZU7*ise$6@GI$xo{W^ZhiA8^WJg4ue zKE9JZ>uBv?DVg(S%iIZ_)~2s*(&BW9*9KJI{`Q%-x=abRdE7NFwd|9tfAaaf!l$q8 zX|^%Ge34cu1P;G|ETQe-OhjcX|wYm9q6^T+H0RCCMw%=k`sSR zS1K)RcdFmUvac?gb>O1+$zOw}b^7jyGkN#lPke9Xmw~VtA_3rqN~A-Ed0wA9)u=`e{)t8V@Lcd+ajCC*xT zo$c}`w#$pzu00=aJ$7$oi;wR=zV)Hz`cmfaPqb1_WJG_dGO_u`;M=z zvw45WU8%Z{-=g5dhgN`6Bm9{qVMFA{<|l2 zUD@PGpL#tL9$L__M5nIngGbcLU2!FUcK_F29h-aXol-MYMSe1RiEZ>E3(|3mQ%1i` zW4OFFdYo#|m`d=X{KQ8go zE5jyL_Y8aBwb;nZUQ;uCqW*YxRB%@R18+yz@@u@_E2q|}ycp$^(r+bvnsRCQ^3Gc? z9ZcyeC+Dr}x$~{2LuM~-y1K&b&12NB%0JQn<#}`3tXtoDP4)6eVxF7!;foEk!dJ%~ zeEy@K>+TqQdBnRF1X|y2ljaJt5eTZ zo^a)rH^%1FJ|1`MnUl}_{7#nF!sBf#&KXkqz{X3huT^|>e~;kYmihNaKN~o-dDZnD z`bSJsLwZcu{7ZvxgIb?j{$)_(sZ&1k**u}=d;aU68?z$S??C1MG(F`1pM(#-nV;0{ z-mlUFXOtefbJ2ew9X0?SNYHUW39aT6AHKPLze`K~Z*dtU7p8);q!UNQ7zbiv?bI46 z)oav9t=`Qxz`{}8-6$mxjR8KzE7Y@fc2@7~EYqQc-66&nO(A?jL!01y3$Sl(di3ZU z*Si0p{<)dGQw(3}*7v$B&;I-7UR&60PR1W2E1vq~z_{pnrB==O@S@+0Nn65p4NmNK zR?8W4-?}HRgx~8OnVj)dUWX2Q)BT!0UeD`=%Fk7=*Lv39OTCAEm%XK1xrvR3tY2&U zprw+MRQ{u@+aAcT_xRWCPHgU1dDu&#!E2uURPz{icGtwQzn{xY&YN9tRs8e^zdqKa z!GF#+P5Qdj^vK6%yqxk^a^I_`(wZF^{Qc3z2b8{p$}gPlJ3sEF#UAbEjXX2+n~<14 zY9$Q6R(HaSm4~(}eJLn^O4o>2o}1t7{$AnNTKVBRo+Eo`BLZsMH;Jn2mOON;_j!~6*(HCw`@ijyjgFK6;65V|ak40w?tHLIkgv5eJ; zBE@N~Z7prhO&M#DQX)dN)wZQuc#_IyTGwZitJy}6GGl_j%C+U#DwyBkuObWKud3Nv z+C!=1>)k+peS1IDKPxvgXHaJE{!p}_Ub#+epT4;3opO(%W(C`h+j^8x}#N_aZ8?Q_dz|MvR!SDblKnMg;kI2o>KN> z?PAV}ncKoLCoKF=nG4dp(i+ThhnA8KPKJ$St0z_gz#Tx!;4+{MXtUiWGGNd4$K z*N!LmXqXdU>C3Qz3##Ae(M^r~q-L|)LGK2A-(k{yS1+WD@lb$6|AvCkHhRnd6tYz9 z6v3gloHTm8Ey$v%^h+V_OPHs(q0CHBQgC1`RMSG(qU=gWZ<*p}iKN+LEMLAU0U*^5 zZD>gd9;O1-TT6kertvlJ#XB>GTzmPRyDx@*@>$Cl>dn1ig+;Jz8VLTHk3Ro;*H^7_ z*Sxl>%A#S_)?fA7>@)3;2g>ygdn#t{&);5n?}f(`I|Ve#-#q)bW(!LHy7=O{QZ*Y- z>ovP!-kusqg0dccX2Om#+a^b5uY3Mr&W|6gz4nPV`PHWQJ3~&~-FFRblvVP##Ldau zH{bh4*Nv?^4`_NVYy6Ryw=PPY`peTRM9k7D!ynEcnqF>W^`E=cp7OG|`gDn@XKiGL=Ay>g+3ZSeV4i|YnQyn1|3$2v3LXp#JSdX-XNf8QYI;_8e}Uz~X?Pu#b; zd+XS3e@*{(#Ps(P;-7i#%`H7AwmKABZIZ0s<*zSOH+XpUIriDYhc65WSbFv0#Yesj zNw&@YLHYLV`?CfnO_9e|e>_Hg3@m+)qxC#f#;CpE^bkYmuKztfuSKP8fzbz{;IKoG zO!2jUlu!V9b{~(FK-Lncr`W&~)U1)(tpMcp$vpXFrz(MKzsg8{wc#JJep~MC;STa9 z{c(SExAGM#{50TPwa4K| zudV-ZM*PgI=juQ4#(p)$RzZGMX?n};7k};6@6-zkW4F~8e|Gnp9`UYs)t=K|DEaLN z#}_sWO`bXKP<&SOn%r7b+hxT(U#~)ZBXQ3Ye%((tZ+@xuqEh31mj;h*_-W#4LA@$xZ-MCt(_*y|jtE`=!aPsvg$w&P9=gprI6;$V1)l(0& zje2@_&bptrKNI@97+=q$&Z*Y|U;1R~@)pm$yFF}W+d;|yd1(BxKO6J*awprEg8Ay(b^R-+W#LSiQ@+V literal 0 HcmV?d00001 diff --git a/docs/tools/.sphinx/fonts/UbuntuMono-B.ttf b/docs/tools/.sphinx/fonts/UbuntuMono-B.ttf new file mode 100644 index 0000000000000000000000000000000000000000..7bd6665765768ae885e2868623e7e9c2fd0cfc8a GIT binary patch literal 191400 zcmcG%d3;pW`9J=gduQMGnaoUP?qrfo_DuE!0yBgV0t84{BrJgdA%L<3L-YWRJ2&s=o_p>& z&w0-FoaZbvAx1=25CvK4CypBFTQz$w32(0?N{f!1IJwT8oVJIAU)2)j){dW8TzbbB z^m`(<1+m(%s2|(9sP^g)hzx!rW$)a@v%9`s*&GAI3q-2h=3cu(stM$F5(N(<&b6Ig z^A}(HT>Swe&pNyh&!2sDS29T=_?Ls9X8xj8oy9+^HxX5=Cn3IQ!MxcW=Uxcf5EuNZ zasfP)74!t2C*e7B!QvGwD_$%r#`Ae1UB;rNb7!jt-O@-DswZ;PFP^=!OW&=181IoE zl9tR~Jn!zaU#%hGnsdnT9bHSWUQzbJ?sFtu-%V7st84kZu5Vjk`Xf4Fm;Xbea?fKXF{k30?PbO|iULpKkj3KO+gj5Vp#i7Y7z~fwUdUCq( z^L~FGDfMC8M`=MmCexLqMobG8(^U99q5d68gptV33HwM%Bmo`Zs*_ z8m*`jL_yI@Lb92p=>x3mhm9RZ5>fJ^@N{xIm54*>*LZyR3Zy7#gr^Zs;@rU}^?8D( zkc~1RgOmP1Ga*qC< zA+`h8aQHq4IPvZVv>*dw52ZoW1zB=v9c0>!D;KesBPP)__*Bw^vdOvjA=mt> z1tR^I5pRRY=?|A1?qL6wi5&7P2mI16T{&Km*9i@a#SKuHk1V~v;Tw- zWqUaasS07!AXDc5Kqh(cHV>s!2tFJm5$ZA|zr}MA{0E>-{#|zaAnyPw<$4Q)`&8tL zw}BMW5O)9(|? zvip!KbR(qUeJ6%I2a|{4s|6&4Dd8N7zi#$@LLIf6>Z) zG*#+exwH$x+lTiRi1QrHKq);T=THlpYC$}|yiM|U#8dchwaLqCpw+q&D%BEs{DHRO zMGi{(IrH}c@Z)VO6_3Z^C7K|K{B9j;A%s97bT$5SEv z-H4qba|%G}0@PDIa_xa6CMp9Lep&H67-hoU1+upDAZ!epT*8%#?*S(VVgC)&S^0ai zh^<7r1K=EaUNUg;{^SG~-jmyr0xuISB;a-8!V|AAUPn^Dw0?v%0(yXJhDzisNO9b` zM46y=lz<8SCsh}PxM!lAcx`wnE%`}ub@IyOVyaAbC#R7y*$p0X#7d0?=?Gbd(n_PB z(Qk0)BkpBavN!p9;`^jKS((gDUYA^nn3t~PRms(f?TJ4nUP}BP{C;#LrzJZRn-jlH z^dufie4F^TKebevpvjJ8d*bJbrxSYb z;zP*$qYJW(Ox%#zns`0&Tq2oB$a&zBa;bQ#oIB^iV_lX%?oR$X`B38J#7Bwm68}gR zC3$`R=t{OE+Y+}Ur%xmvO!Ovtf1EN(_`jw7LmFsl$@$5RsJq`l6aNN%dFBuNlQqe@ zWF*P;Qk=%o5?NL!+6R{zy*8PZ45IHh;tiKR8yA<2yN#&JD#V>4``-G4R7pp&KJo8l z8B)BJeuLaSk@$1sT+){`C1)ht{8kT7$1>nxYc=&IWzXTcq{TJF(257EK^U%)EqvvOV7Ra=avf(bGNb)<3#5tf* z$^|WvX({EwT}Jt!<)Gi9PZxq>oC2+qX*CtYT|-gOK~$3b27SL2v{t4=s0{9*R1O-W z3Q*{YkhxdpK2t)}wyUVZ0v%+CYPoU&Hp|w2^8-N6`?_(KHlv46K2#sfpsr zuQ1vS105&R@l*$QGYtoAp?c5>p#Oxm+W;~McG6_f`E&*70-6H4 zkXk{nl<8G8HQ5K7dm89snhv^zW`Hi0X&23edl~5Gu!UxUUQO-E&u9hB2E9h6*U}ug zucHpol{61@l}xXv&g4I6wM^I0e7M)r0?-@iO3)i++D%u%eUnUYrbTeyLW@Dy(Gt*G zK|jT)-UWKQOxM#gxbL9lpd09F(2by<&?dSD^e1#J=$$gXi>`xvGpz)@8}wtkhgN~! zOV@+mN2@{ar!}BIrM0k~eFMr5Um4!Sf<

;rag2I+`H)B>sPuoCWphrMol<79R&Rn z^v`sbUIG0ly$br3Ouwer;66vMgMLGYlkd^DGX0K@zGqkz7ZPu23EqVSR-p; z6WJ^_n_b6lWOuWB1h?Q5DupUxyl@ZJDP9p?6;6s)@iuXTxJleBJ|g}~>=9oT-%!j_ z%vD^Y_*dZ8z}G=%Fg-XTI5s#XI5jvu*cMzH+#Ng+d?)x}@XO%2U_x?AUMV1DNZC?U z8YIYTS zJX(>*v`cyH_+Rqaj6B}mpGW#ebzb*9lk>=u|4M$7Jd^xu^26kb1RGV{n7C= znZ1iYT5)<(@5DNxb zar&jx`%XW7`gaI*^Xcn9JRLsmID<+1dhK?!-M^;Va4Nk^^e9{dxa8UIz^Wv42SFe3 z&kq#k@_+I919aMp&{O=AqW?Yell|V$|M%Db;k)&+=htL+iY~_Zb`{3E>(M$VqJ2(g zSFkCpl@`kVaSofyI_MfUPkc{2F1{!p5?>RKiU-m6UKbCGN5nV8W8$0Q+u~c|JL0<- zO;?B;G2$-8xZQgR;m;i6<;ZpiVKRfN>TA|#g|G!@h`04uu)HeeLCUny+9 za@cy6u<@#4+YLfrsHGvW<6^MihEW}CwtCoV4Y1J~VVjMHP1XckY#e3=&9J>Dpf~YV z-YZ~ZwZgWV2AgUIY^j;Bq1s_PVP%%KVf5aPQFs@|(R~;*pTqe0JVwVCF%rInaqu8U zzE|i~jCqGKz8%5n_7>XoyJ)fR(VtOg8)4hrKsTf2?#8%#2ke(?=`Om3{SvmpQ|vL? z#GYU~pvgD02T*@o#XW30tegAULl}GCp$BLU-Oe7R4)!>E5cbYbVY97<f@SeE zJwv;h0k+>Yv;pG=+9}=3=CKYoizpszojhscgqG&<$DoRN~sV9Mg=3n4ee4-c6*N^JKWe<$e+Wr z;W7I%kM#66`KWw#<*elX%86haJXgl9p$)Wh1P5j_ppF4!=ly}q!3?b7RphlkJ8 z6&BDgogPj-Ts=AAu3ao=D3cvR&WJ&~1kxCJvOQwfh}j)I%`L4X>V2WmRN0S)%e;D2 z!+X>+FKJ;9WTuVMu7dp=Htn&{oc4S}N4R75jMg4;HX>~hM{L+|dyh50CpTQ*lY9Lc z4+?NzPeHhTL{EMgf{mGQDFN1_%(8@~4c`!i5BGfzsW0=H-S4ByvV24QCC}oeV(LM? z_ZJyKHb{v4g+g4GjeFuW2M;~nEv>0%iRSozPx0dXsXanFf3tt!jdL=8(>?I!QuOvP zN_IqeM0@|=wF^8w-E*YE0@SShm(`=l!h5Ml%x<4EcLBf8p0^=fj~t>bX;N!XydIAD z?EbIiG{ovT3UOG!(Ba&a9ygj;Q=ODBNk3OBQ~^lboK<>eI00@ol>hW z)DxeI;+q<7oi~-&QrOay+l%DzK?TaOkhlK`JrEe#?onrHq*lQvPUW=)52*npTvv-1 zmL65=k=JNlt<=hVG!P7_^oQWCAMwG1m^Hi+k#R@V;f=l!8n^uUKZxW@WdLIIXfDa5 zfDp~MpM$D_fOu!#8#e*zhKezubr@+gizc3(zhF51J&qHB>0JntK znjQi9l)ZQ@dZZp|mRiH}!c)U&L-FQTUOBw1<@y~nF+8SaTB}^!{jFrukDgNRt1rFl zcl8Lv(EuCrST41FxkGn(&y38+gj$eugA%7}Y~)vT=0RYFl|K zLDm3G8E%*zmMl`khS__P-E%hVipMu}jc8vm2>oC~cvQ!R@Wj?yRHoeV*ZQvK$=hfQ z8#Ae{umH-ZZdaJCZ`l=R>nBcY-HTljY5k`6{ijYujC;(`|5mE;)oHbJyY-pd# zn>M*nkoaRgEIgEYgz(T^Oi&qmbm4h*J^FAR_m6S^Sju0;{ng>R9_C_&6yJ93lHA}m zOFM!qmUje~56=xQgS%@)|(im^D~j7poI~u{AGf%ri_@ z<|!uAR?AkwoM)P>&(lp-=cy*MJesV{(@Ylg1dLyM7(L};O16h>9rt)mp~=&xx9(!>&Z)QlTdy5XSoT`sDdnx9Yk z@@EAoyPEP@$_KapSKP(J{NUpup@)>hRb=9TrTz`@HG7ZmX(hkLKJ-NaJKI<{{D1jb z16!gKXof{Xa5ckLCDQC#(la!$zASJR{hIBCPbhBRntU)Aa&0H0pUc^0HiL z!K&30qD?r5H35DyA@!Mo+vUK_0(Lox5^w<ds0;NP05cLzCMMO@z*(GKXa?Y~ zcL3nQ&r=xI6B!ZLQ~=;Sf_V~=#RIG)vf;h$1d&|>AdGzlun%V*5Z?jbE}TIYe7OODUj_J8Y{!Nt(yWRDJw(;G*IXbPv;vb-@EMHvweYJ&ydl-V9-^T@ z47_6dVOh2k4FkVn-9&Zez!swV^}ueT5r{wHbD{>w(Xf+fWD{_Xs1f(Zl>m5;Lio}5 z0m#!B$kQ|f*qp*x1<}|;MB_FQjsJwG`7lw7gJ=T6Oo0C+xF;jbWbl}L6zC;mXX`0P2A*U<+^n_?&3f9-`}y z0!VXpCeRG51hxZ*f%8ObBmn+v6#)3GMclRLh;Hx$O~48O;cr0r8zEEoHUK=k5%;D{ z0AX$d&zsARcdn@AHia57{@9kZ{R-*NY zyFLflLv#n?+<`b7;I{$%HY_08*bE@f#tS(7vkuq^90ic>PY~`W;CUy)+u5C8k&|I;l*TM%x`9-^P`26~Ae!1Dv}e{d@Rc^*7VwAByP14w%--u+@TfbhTg zgy0MdB;C;-1-A|Jn;0c-;H0B3O|2<{z7W5)%eUmYjhK`E5CX@K0)hb3{Fph<4%qQ!9y{ZYO$n8_{08|HC?> zeYHf-JBa?Yf@uFvq8IW0CCGAMeQN3Gl>(wen{dMH1kvkpEKVIDdZV7`%}a zP5|#u9tKVTp92?&P8k3{Pyob%Nx%YN4X_yizf*ev#5)CM^p*ny)& zUoRj!S55Ry6L5j(+eJj*!TsHNqVqe6{&gSGzai)Mi1R)CF6<_{xE`ybn}Dsbu)46K z6$iFq@3a*-N=#TpOjH27i77gWDQk(TqQuk%#5B#sv<~1LF&*CPHxV_C3;U~dQLf8=G4s&cLmU)y|76AnScx59@1o?|VuE;RB{Ie3@X0tUyAySPf*YSx0OT!Vd05}VdUY&_k>Zer;!n%><8` z`-#n(M68_v@Mu3wY_?GFF1#BfY4{_%q{dujxCIEh&i-^rf zy!i)!bHo-%0OBs#0~{i@5OOR;-WDDub|u1Gd5jqB3bqJg7cT(r1GW=e;s7#%a-bf7 zTuUJL5`}tflx|i6BE@IcfeJueyfqlfT+ks=h z2Z*gQ0J{OWuZL`_?<2NG14Mxn#MU+vyP*Ks3~VEIBi`NU0djzqz#__7LQG=om4KyKGw*u}2`=qaFZ$k3ojVE)d(khS=lq zdmMhhoJ8yi@PFbgv0pV4`}KNY3$TOOZ;;M!5a%~5fb+z5BK&W+5_=M5^5hv}zr(xV zL9U*a#CE}N*9l_3N8G0*AWCd^HL<7R|4c2hXK{ZP{GUbI&u%BS2lDSN0KoGPi2p|q zu#?!n8N{Ab00{GZJ+VI_&VD}t8TM}j4gnX4y@0qc)B;Ta;=h1*FZ2+5aS;Ibi{Seb zlK7O1m1^`{vq%_)JyEua$o_lh1hF&|GI+MVFLg;j;tj1#v}mgzX6_a90pDRp92?& zy@_yd`hf!g!oPWj*wH3n2CxV?3?Tf`&jEyg>nMOU-#Sa|Z32*&cN_rHJ%;q(-AwE~ z$ouDNV#gbSbHv_3A9NA>5aB=U0rmq&iJd^a6Q2O*iNRiArx529(mA~zI72Z#e*0Qme3 zY5(m!vA<^m%>crDjJO|{104Xue0&H%m`@6Tc3?fw10d|D2>U6*ehU9jA@`?yfL>z% zFaWgx()q_W0O|Y#JU)|vCSWD79f1F57l?hH1GEC*@%cXBb7Fl6+cybV10ZZ4!uBET z7YO?W{J-c1b^^zVeW?H-$CnF$Ex;iFVb4YZ@I8yLXA$-+!u}Is{|Wzp&H&Z}JplZ_ z(g4)}czm@5*bjU{>}v-Q2NnVF{~G>Z!~dKIXarUQJAmWFzR>{S{SA13vmV$D^b-5l z0Mr6qz&7A0vF{+qchx{UfUw^o>~{!z9%0YJ|9l6q8Q25B|6kz!FYx|XE6@$>0Kn&8 z=ZXDW0vdrXU<;aAfpAfr9Kon>P zHUs;Cv&0e-&1rt;V;5pgujUJ3dB`x1>jaj0X(Z_0Q|li zfWI1X)o}oE)tdpNrG^Ze?IdXNPP>K#T>$_Yb?borzy*8>BnN`rgDop~;O9ZOG=xio3~7zPA`-l3Q;*+f`d29A-CZ2;;4$e6tYfM3J` zAbey$2|0M5vyy~d1+Wg-M?xO>!$nv`1l~_1&#|#s7v^V`)8i)7G6yZydsXghtQLbnvDn2o zz^Lz7UrCfXOoBRGBvw?E*&V8IMs`JcWm&0<4HL1M->Foq#5)aTl2pdQUdgPfD3_#) z@|w);7f(bA3L@DB1w6ee>`wNu@C4Gsw}0YRw!~;&68AA-vu~TP$0z#sB=^S+T63e% z?{k{Asf^nw_HyjyVhEAnHf!0%Q(O?|B}u|RIC1(wt5Y^Aby`)OQma>v;W5l_Hg}g4a$dE&uKPV~$`znX9ils59Cyf-$A^G*5ZH4-t>M{;zSVp)itOhE|05`~n^v*zYdT0933C{V~cB@Mo>D^s(Z;;=a;i%X{zjSx)sGD2Y~OXGf}BuCmg~ zit-{Mg2rAxRH&*bbGlq^b#`_*L*;Y?1b0A`+nqD~LTs!(Te>1zU0@AG1L@TTK69ut zvb<=d!=FArFPdfaWqTuaQJ*DiNYQew%CDbePD>BkyiTiL=gq2!_{$4I+SxM{4$XXn zJ;QBrTFhE=D1T7IS5X*JUxiLBV5jCQVHNtm8SONJGbdj@9kJ+XY({_kkoF|cK7;3= zi)r>Gd*fQTRTB5$0n+4q?^7Q6el}j`Mhnc?meG?TW~|8xDt@QYKn{7+S)8=Gi@>cmyZs81d652atb%J z9$P91-s6wA9(f0gH=nXFD-&f^f3)-t91% ztX7lBk?5)|tE{c9EUVq@Fq&*OlhGkul?XSDAK%20mzkNDmyyA)mpz)BoASb8?tyI@ zoIF3zK0-a@;>6D|dT}p~SD%lYP|R6zbkdAC`Xkp}Pr-+G;+)-F6Ixns5317z*_5Pm3)F`a5N+TtP$G z5f!v}kpMN0X3raXS!qB(8LQFQE34cp*%3jHP@&cH(iRL_rVSSRy2J=wbF{k7>XUpUWQ)M>Lw8EKBRK)NRo^cN4!h)xNF z8Y4MFavZjBML0TL@|1eZ8jRKLkx)Z;ZMaS{=La)NZR|Q%p~p7Z=k=i$pswi;Yz-SC zj~_#xp(PWHjG?%@;|6bfBNH0wo^&L%20 z@Uf0r4wgb0VVEnIbrG+SNM$9leW zqu%fLAiPa&HtE^5hK!7WE^T<4&f{^aMU_IgSgWu)92!F?Gs6%JB1XudcGxWn-BPVW zA*!8jk1nk~O&17<V=+3>Ue3kT|CmZ zUoOeEBW-0DOOK>fn!G2EzL#$=! zQm70ryP{l*lvYQ>4YdVo&VLylz!}aV&}x>avHC2sM^e4x2&y>b3@u}}#20MHD!B|F zNq)m7K^8O3+KVsh^ge}F1hb_#9<ewHA!t>!C9v9oWUJqk@eG7V>e@i$_ljG%I29g2ctpM8}V0Q%`4hVq`k4HrYLkDHqI#ijv zLTp=zgE#hL4~H zm08Q2p^A6?jcGZa>grP4q}7S_oot#TsO{AHGqN2QzwhLyE*Ry5yn(X9nb^49J(u*6 zfNriOJKZ}!q}0tb802DrdH7!6LCY!LKIJKcNpzx7Wn#a7fO=^6Z96i5-##SC@MXp>U?TQx{N`P8vC+y4;tY>knO# zm*XlJF3XjRI(!LoMX7r)zIr8_%>}$aV`S#$3ct%{IPTnf=FfWGzw_WomyBq@x$e2y z1s20xDqsbr0c8o#Q*N$#p3N3gsu*g9fna`IuuQskC+3wPK~gI(|K%#P;3 z6;r4JZG)xTva>Rbn^q4WzB-Yx*ETliu(#ahHG}+YMPk#ud+wPQnY&10B4ty%inN?)cwINxQOr&PL(`gvLi(Z@>^a|@K_fCUc2FAJu3xU#Y; zZJFEd>GBAk;{3Vd zT-en6<2JpeQ7WQ&c6)mE{49lje)>Q^$HW1qL?4F!Ha=;vqi(s06oB56D?1|FQ6@p2 zBSV|HQLL4f|Fq}8TG2SdUT46r&C9GD6Lq?yqsta7u9&l7k~*g;UaYrgvTTi7YtyAy zZ#{m^-W0CKnfQFntu8)Y$<<3ax2|w6Vt8&U3C%)3?U-aBCJ?$#TqiT6W3 zJ&_7n8V`dW=ix(w2}7%vo6cGZu8JR`@0X*6xd&#w{LUxD6lQ$F6E|~r1`|uec7-L- zq2j?1pWoxzI%A`%rlNxv4dxpiuI!Fx7|zwDqFoG!a|`DCl)3ZusYT-#DZk~~<;gA*U1pu;a~ikI8WE|E_aFWJa^ir8-^v*+^)kxto!+TyWQ zfr8=!$ywA?J$2z+bErJiAE=2GR?L=4iUtL}#q4pabRePWPm9t2ODn6mfsg)|VZv0v#noB=fXo$E z7>c_}#gz6uv}CO_>~#h0+Jel=rl>2eWOV6*CFQg4n51aF!5d+tG-{1opH`OVwfeK2 z#igCW%8|L5V}?XFt(~@UX33Roc%zknZ%DQ;*n2`YzL9}#Z)!`{R;g^KdxHvIODLW2&8sk10DB^rRN?1mKA z)YwqtFM2Ge_S>*NVb5|amFlcQ)}4{~gn2R&-K^%3MT-|NdQ>jg99j(gHHG44 zfvJ>QQ4K3kAx_5E7-CpjL-W~hIaRv9G-WpNQ7(sVPt1_l;h9A>qw}opa8B4AE|V+)kICc-SS$gz z=`TuM&M3bXU%hiK5b&u;1&K2hqZ>;L|?zY-whpc7z@*dYVd{u9^1uw9a*Bf8XT}qyg zf)kMwffFWy5GTz;*bsAkC>y#;s)$y!SBMoO$5+m(6e?F~H2I;CcX=Mhkg_JfAucwH zLJ%iPR}F~|YaS*HTV9g8q_QL~1=mHY(dJ z2W68|UM?vu?O!C}y6LhH*H;6xjI4qAJvXS`vJt{NH6NxhO*M%>SlgKPt7ZSH3cko? z64)`{NN@JAsLz~PlV|rwi$a6*)0}0KW5tykz18nex79757|m^%R+`&bDZQ*Tr8$gd zjY)0ym{e7Iy}M+5P2T7#NomQh@HbpDwPDeyY@Ij-ZC=QndhgOj_fC(bRZbcDkUd9o ziiZTj%4hci@j>k~jAwd$C#!xhen6l%9^v(+lsLtK7@NVW7DTOE?@_pIjRp;dQ}iYg zzdnFIj#Va<8G7YG%Rzau18W=+tSnaAs>)n8w}=t1tVm?@(;xSD7fj2$tzb&-S30ZN zs9L2mn5}o+^(-sAeSPB1-?Oj7u^~f4p`k-!=>3&g_jy-X4vF~hT}_HRBMnxmp^Lh) zAA&E6VR7Cat>x{P3jQhSpMBerBvN zal#lhJ9C1Lny9TfYVt@{Q^4@Y>M@0OtyY+-(xw*=N-wB)xX0!05CpY7>?@3P=4QHl zW~Ct92_5CbIR7sCV~_?tV`?`tqd%Qz$gMFqriWY&qGTFvw2sz@{?X}aqftw-zITzI zcew)O<7Vl>HmE=)-w@y}Eg++&LP zL(_P#?I2c_uyF%RoLl1|XN+BU;lmG^O}MIaW9O5p`4~_84@g@}qvOTcCWJz=sN?Ex zwTLYNjasi!)HCjh<5Lhtr)gBF1g%CuLGh*iK6wrxr^s6)imWXk)+|pn#1pl~*y<$p z_9Dffb|${-Zzo65PQp|k_e)vI23Mw`K5AkngTW*TAsX!yHKVOs6Yq_E7<2d>gB5ez zs?UNMCrjBByh&7)Ve)yo{^3oARTtDotPS;guYR?wt!_|TU1nb6oN8zwv>8`iFiADz zqe~YG!bgeMHICetRn6m9O~{p-jR|{)+z!AY3%M=^$F+j4o{UOuy=)RY_0~qUL672& zLkWxcwL7Iokd+2RZ0p0K8|-<$?1qMn<|SWPps8T5tlqwQ^>*Q^i}y2Y;!EMGbLWsw zCDP&Z96c31qgQF`VP^1ZHKR2u4O*d5uMtt!yogKj$9eBRdGW-4lr8d&i51GW%vpK+ z?d*=*ZtG+ZcXlRb%eF!u`r$L+Ylp3nX0z0rk(SepwIz+iE?63Eg4Q4_6O=3$`QS{f zo@1ry2MyA{b-~kM&$ufl)y5{J7pD!8qJ!ULW8N%mt_@4>IhH`#2v*$LUtXUgJulV{ z(#-W1s`vVxN?pCiXBKo$rKlBD{i@Yn!;9$R{xVc0pV)_r#0Uzh%*vM!pjffs$7bqt zORLgWuXaWAGYuO}kP3E^>eRv)3=OOv_F@@^+X=8y1kQ^| zW(1)D!vpKE;AL?#2cI^jgyNFL`u7o$B;QAjm%z_#V=B%^$w{#?hObU@mrkd*I2~@g z&7xGgt@V}wzN+D>ck@^Q$h6eWO=q{@PIvkp4wqkWX>4}8-m1~_{XDey8kxcvUc-l= zd{5t7uVM;>-Gd=1o1@0^{;M9$28hptQh&G&SQY&XcHHK`M2XuQfE^8hHwE0nm~4sm zFrFS!J3St~!Rv8oI@LyO#x7GeO&g_L1~Xc(7OryEHH`~pjUN?vwmk5&pEt9=B>v4* ziD1+AN4E@1=~gWDv4f~jGfl*P3a3#wdTv@D%}WPW0va8<$l z&h|{U_Tv2*hxi!zK6IZQqhvum?PCvn&&6~NK`--$sKFsAN2hDequnsKF*KsD$cqD5 z-)ysAS{F#os??WlS#41}v!!6fspfYn+o@iA?ZU;&S6sRHYF1e|eo#in;Bkcm_ic|o zwhfTSM3l>MjEN@f*~j8~cSAdrnon)7*YUD(LJjG>I>FJXvg0C+#ylE^4CF#F6c<~5 z&~|)qwDXl?RTv9C=*wAvc8k4 z()pkiOQd`nHc%XV*9n6_Bs;t6KT6EU3uW45{p8W!Yp&C`Oj-M%rN+v5;cR-uniev) zTE;Xu9=@Y++~CVgkGCh-5-7J%QEvQ~BB#dFt)_ZSyRpmIZ4`~!-iCH%m$F+aDziiN zwtBwtA9w4ljm|8M4d3xJIt9DNq%msJ`^ysMCc08eyQfxy(3!A1&Pz14i^lr`^3z|k zsU<*OxbIb5F*HenHNf+7h)x=ZjSf%RQxI%PU*m-q?r{!P=!Y zXM{P}lowtrDPqDO_>vEPf$D469INn41k?6X0k3js4P`@nRu_KQq}|!&6r53CgM7FE z-N7vH*gA}s#{6R4Xi2ga(C8ekD{ZtqH#~@O+QzrSp;j>lTHe4uKAHvPSIKKxSlPe^ zk6cG7tM1bNH->L{f9jK9u1D+2$aDH@OQdCUYbK{>rVYuN;|NCV>9LB8Wmk`#;m-7p znPzmSo9zL&U8D2n3@(^5$7`8oa*VY3oEEj-S2(x=?pcQhbNjP8I5_PQ6*fYG|42Nd5qjZ8X zG_68oWw+ek9j(3Zv0shn^)WE6=CG^dt}J;Z3-dX8SVFs#XX}`V%gcW9 znFHu)d5KSp{JP`F6(5@T3?FOohx!l3;E9(5&ofryd*vNDT{mKCIni)k51Xntu0sl9 zoDZ_HLBQ7=8GniGIXS@`&KgYk9f2`G%aR57BMM9}9&11wOV zo*Py=auk+y!K1OH##>a2ywHekc)rZmhHW7Xv+kPIQX?NlfB5_`#Qxxi={)KUD{>Xw z&f*FMYvMSC6~Utu)ya^Y-K`e{VY#TnxZ3F|aJiz6PK^Nr?s5iyt=nl+vd#AD`f<7C z*R8p6aML3XKQJP8cU|nh*oX%oeq_wx8`fS|E;WrFYC~P?QQ_PsbW`WkHVLJKqe*f# z$#>KSHc&7v#|xv!U{Z-{Y$Do3vs*M{(qVP0-DsAg!Dd#djNE#Zv(Go;ilJqYb8L&b zYdAa>OmKKM`7q40guIAl?y52o*<~H}szCZ6=dHR(ak=NwTj$JQ^N_E+Fhf_iX6WD> z%Y03(utzcv9!#9hpE-3b-}0b={^r1He#mAu;j6LrN>#UEGwcI{(`6Nm8l2V;l?IK9 z_ZhCfVbsP_d$ezqruKD?aP{5aN3a6|$;w==gg!mpr@zsjofq}5shXI*&Rxx#-3{ZK zrLy*!Z6%+7HhXVp;H9-cj3?CM!P#wp(jyw8$$5 zT4-r4egu{AO{%yVfvjW|%#9X7)u@&Y-@e!pR-BI&p!|dRSRAsvk&opcGz~Nf%+~lu z4LA9p%WoW7m4>~v1+LPeqYA!YHw(_X6$@tok~^vzPS zI5xFsF&4+(wN_k08s&18O`dLFvSZ$8Yr`K3CN*!t_ONr?w!~+`AKNdsw_{wzJ_LBa zBJaiK#hpwf@mhg71cud4g&^2i>U;{{j6Ept!{*<u5&8*@G0E^KR; zd0HqbuPLc0H}1eM5MlF~sYFbI)fx!6oX^rO9x3I`;D>I>)Dd+A@_n}Sh8w!}E@Tyz zAAC^BU_C${4P^X0c@PGbJFXMJkS62%-h8u}523tKyHO(=b|&E;bQQvH5g5B#cnaa= zy>kY%rp!SIAVnj4jcfIhqVKk*YY8~ zt%}dQQww}p+n4Q>A5FtkYlQMf<@b(klOe-o&-7WMzCmM)9KI{-3P+XurOJlvXjVaG zc$mZLp45u(uL-N z%S%xG8*$ub!6&QV(2@`FRShilR5|;1oTug&I3gxfP#>*c8yGaHGTM=`+8gy0H57Zk zsB6$`lAz&ul+o+o$Rm3e(E5oV|-!K$CA?rkWh%lmZ zNODZ^sSQ(cc)qNp`{DOv|X&^qAM? z9bMWuzb^P$*|gyigK4f>@60L>3>&S{&eIvQ>$q4bS3l%>QZ82?wa4u^mvF$x;$F7j z%i?KlKePdgmha5TqngCanise#t;Ls46YYK<^OAaUnr@0qFHXUR3zr+KdwjYN(YZY< zAH{21#;+>*7+956J_*VA3J%{#z-bM4Mb*!X%gtVsDbrDq!<-p&ikB>#)s_~ut^Oj` zEZ}^GM&FP)r8nKY?CM+fy7zGW8?px>`&%eeFHRK9*oz;1-5;+?^HP&4*t-5-x|6U*PCYH2qxLoRw@Mi;b8jyNS4H0!2h>FseBb4@Yhx5(uU z3O@Cb%b1sQs)$qNDyx^&d6$9h`ihDl8jAa&yh2CVWO5l6G0)P~1ua?b^mtUt^XRAr*bEEwcC$C^uOK$!T7Hte9T9&#u(OxG1EEPKSM9G4k!mF zN;joFtg+SRJWF{)o^5p?&l=JRk2udLwLvUDCcgVu-5`ya_$e>POtjy3gqRq+toXQ{EnOZK^Dy!-PskFILhT`uCP}JxRhLRs1^rXZYA5trEA~5L*p%nHb6i>D z^mLoNoX0ntFLf<@|3Ya6s@|F^WaclDq{2c;Dtb11xIa29V!8QZFw+_h2yHmPnwgcC zckv#Z(O=P2^4reD$-G=GtRXIM3FhgWAunIU7#lZhJWvESi@AkJ!dqT$A=n-ia!ewx z#VdK^-ezx?SLL-#w!2&LGy70%ya8a!cnU|S`EFu<+r^_tV2KQDVO+KV8M!PEY_q>) zcqBR@J3DP;dNAX8R%0H>L9k|QvBP6uU`op>Wm7tD@6W)cdj1&o?4_2t3qRy%QAw&e zN>QouNBzvDrxt#sAnrqDr}?ZFOVrY35iMSHGEAC8rCX&$XX>}}ircVui4~wy7*Tu) zXu!T;K7cw?hK zEjFaeb_%V6mn-_c+zxtBu9fi+|1O5W|Lcp>*rILL@nh7Y4(nCA$$GL|rtl+t{p+{y zwY|&d+c2%N_-0&o1@GMhRs4?V%qR&?9(VJ_?DVWsjYH7sHS=b(yE+p>G{Ygv>Eg%_ z`!o9xy?9-GX1<@@XlH_xpHy^mby@6;IcGUdvKoU|z!di-Wgx=N+WGEPAYkM+qj%wl;|rm^>8m&VkDmv^= zl~vObX-fCznyp3bLr-*6N#bJ`^k>*qqQYL}pSdWSEeMIb*a1C`lj?C!U_b{zhuNv{ z8GVb!X={-iumx>_9CnpX#rGwqh+ObCc{JlAF*KFEf0ONpz8;Q+X4h1Y&PQJ_GWpD_ z*(+MhrLNA?MS22$J^X8S9Ag#lJK1rkcOvm&6n$l)PD+Q_<(6wUHR$t>fuvHMV&DKp zKv2rPH&r6+xHPDxw6tZg6dF7sT7rAx#lq5P3CHKv)9W%b>!w#%O&=Bx51U>c8#gW% z8#`8(BL@5PUF4hpXPZjQPy6kqfCKiDyaa4U3Aoe6DPFzHq#H1mxU#-vC-s|1*2_#J z-u`*PxL9jxnMu+cavTMDYhe}@6_>8gm>XTZ;^SD0$Px*SZsdr{>BBPJyM#r0(>jQR zvI#;aKAsq`M^_OKra_c;cNbQm!!)rA<6VY#vPztiuJ-(YoV^KrTxWSNeBN_rU(f9O z%$a@DXht(yEZMS-Em@YgNb)9|M6t-?Y>>oBD0L&pvT+kg0lQ)OfCe0XxsZN9uYHLf zYP!S(+bx$Q4gF#_K%Dw^ffjCn-coK$Yx(}4_sooB*-m;t*_tytdiBnG-sRb!|3d@f zqERz^f=CGGA6E$$#+DlqYormsr^_9_tizmeH5&Wk{o8s2japfLG|&i;-1g&DYb_@D zx1`DCy*H~Fozbkn{K>Cd?P>L9?310?EZ=2+jde>t?=emCus}_Xb#{L0uA^k z_D2_Sf-0yISuT9i7A41WM5N51thq*Xi=FZSApgo^o%N(CButf!q2{EJ+n?5n1g|oW zEF&u%565X{qL8Eo8z~0aHp6MIW6<5dtJIv4v?sExGal&L*wZ;4^SH(;)uc0&^h5@# zaX-S42DgVj>G5g1*Y3943?`q_m5uil0}lJ$`ar;Lbvf(?vp?C$#=3LRnj$NpW>_e=6pwddY_T#jgbz-14d>i-(zAX!ORBm;|Xy_d{C6c zxD!f>VBSW7F9wk1#>KM;{L`oj2|3g9tK@(zpPQyYa}smukg0=odsv94NN zlLpTohRcr5Z=b8dUP!&Se_%a!V4@O@ z&dO%DvV5Y(48K}6q-T4u7r<`WkND?JkW_n#62@RYIZZ|;BqdxTaU9-?OFZ=p(%~i5 zXN7&q;Wi7H9j90FIKeYCi3Jf$hzFv$G}3O$4YElz4SBGdyi}Pk9WaNYF}qz!#LW9j zyDK|?{_))Qsm-a>=Be$ukNiL3KBln00)N!*@_lcgRQoDTrRUkcDe1-HlN#JxJPHU**#9Xai_uV zbm7P$0_GlTKA7n4>Oq=hy<6$HZ|}j8sW0!yty=AWi8*BpV{}B zU}q_1n~U@Y0zJR;^wUY)mMHjn(Mj(8}oFVb6G>BfNpnO_6Un z;br=mR|=*kg^WENoD2jk4wuC#&?jF!hmVF+7WyK#DTEm^N^yBcQvfKrsI_I;8=iEo z9P(r#ytyUGZCY9w`kz!8Nx%^|q6g5Y_`?Ka0Aipr*kVCBQd!PVLd z1$wLg79s=W*GMu!q%)BigkC@vBryS05agdUY`SN_Zw-IcTMa7HcfV&%IMLgi2(Nk1 z-P202N_J>uc#6O65&+vf^uP@H2&*d->x=%>K! zCo+I_!+u3klH7m=9fZVVsG5H=JG)?;Ydv2<7*?~~*u*#&xL?ZMkGd=+#at8w??XPH zIr)&{#*?DMtDf{6asuiXF4L3Za3O1@^@I=_TaQhT2!_^vZr0yh3o5tVRT<36;Y43w zB8)`J%3Zf0td-fCkL=C$XPXb5?az7JkBv3)314MD2I?aShUy@*fmIQFNRJ519}=_&jv|s{9X7+wI&ZR`4p%!0Ui@q~+^qMc zy1wcQ`*ilOKNRZgOwfA=e_utMBXVvLqxqKjL0I#C;}i*nBX4$@N^)VFJFiTIm>J-#O?8zf3Y+`FWo}Ku>|Cp_Ue~O`jM4gVK9+JtO&)I| zbsZZES6@x~-J+hWuS@MMG!LR+yYe9WHY&(?psA%)XDSrUJM<=@;DsB7PY1UMUwGx> znG3JHa-FQMKCqdq(!6Y*Y$9Y#COaef90}<^@MM*cF{QMA-lQ|x18%8|An`^fruOEf z;cM=|A|1v4{2?j^Xt_`8)T$W@#intHLwlW40vT1~P#{I$UP>$Oy&(H^W%@d{|Pqn^4O!RSIv&Sy!+(I-L#Jf z@R=vMPwaiCP;lz>^WmmX5mycffGZE$>A;(iC*X4ln<*pTRx_!l2?T=$1>-|Li`V*) zYnS5zhv<0JDM~cB%dJyP0%!evogd@#^`>VGk|%fgX{WQ5F^I8tiY61x!0d5+-T%ZB zPuw>6zJdPt58m|z4fu(>_}P1q&BM?0JTk~tH6;?M78OWFWf9qNNbMK&M!3QB2BY{8 z1)@I&fm}vp2HYT;ldd05x_*cfh?FUFcSs+5yldyq#z)2ef|73X4+f z??xF3gD=pp!rX$bHM5Y}9ltg)9lz?hZIw3@S%w7Z4Gsv>T43&ew{5>6xIfX!It%;b zx%?)1fDP&s@OEdH5?=lZ0sxunrIXVz@t&8%t{ z%?G8g<3dqVq%&S1cn$f&SzLj%pvg2h}tx9*QwfTPwvG0UN9Zsj+?sPil?_S*0;Xu>b;k9dr zhet<;Gm4U-@8-|PI{v;gf4q5=gc(JL$QF#sghKk94 zW`+jxGcI04tR!4H@Q?KcSn}pOKk=bx+n)rBh20N{39`FHHQJ&3Ky3iqoU+$8dI zx!);=MylQ+M0$)k-3fQqExCt$M8qWDkbT^~3xPg)1=*Wh3_0(Z-{ct^htJhHW*4LD z&0=7^q=gT|IDwE*T45|Nc^F>>X?y!MKBgpTgDs~AMdoVXS?GmO%eC-&=COqwciwZ~ zZO*9U+ygsy%+CMP<#f8DX^+w1O-bUXzWk+6>%`qp?mo7Ax1N1kAM4#zt8MC~1U`mJ z9EaKa#lHZrK&}EXU4F~qwR)a}xI)8uouX(VUQ?EUUcGO{S?SKKcdk@YL} z@T}j|TAuZ*^?ek5lPyG1-9{Dq7>^kSX9i>TJga>Oab*PbEoC`JmSh$Kz3ST3VysOO zbwn{>UPP?>U-I!G$~N_>P*m~Ouwxvb(wmN80Wi!bJyx1=KFsM0 zuUvi$FPN2U=Hwc_99zPNTYR|^1)r|2=>+k;dYD;h^)+{Bk29c&e-)K>zJqc4Nb6>T z#j7XhE=jCsNz3A{%?0BkJLpL_5(@I-Jn6cUXrw)CAl4`Z0)<8_+D%vFP@$V%;UZ?B zzvYjXgil_T``ybvGXFu=e+zFbpzSYtTlWj(>K2=gPs=z96eiAoId9{QneZMlz`h_p z1K-!@Poan-Hv{kpA3B>v@3GtHXKwSL1o8#k8?=CR=w^KVd(rh`OUMW#o*XN5w7B^$;C7pOs_aT zWJiKJwIJ*F_OUPMJ&}}Gjzl7mVNJ{FCm((aJ6%DexYv=0x-C{qz?pX_{GA^vCFl_9 z)Vv9~zzD7H3Q$44fAbCy?sBomp^#KF$dkko@!P6Pyp+a#B}-^@l>-XsIbShEg~2^BZa$Hw20{ zf&ol4GK>l3djvg`;F&Ozbb{vs4h3IMS3eh13K6sTJ>nEMvoBRI{8jBa zI!6*}h5ifs2iRqELR}aX9wZC{o-s;0Oj4o%{F z*b~pXJ-Harudt3hZc6IFIv!6tza~!To zoxFtr(I&9+sYp0Bl81!IbJBBI`nNzY-+t>HkN5*-+2uE(tiA@QwY!&m#CqQuystD3g3iU4t1w zW=GnrkHzCj0RQO_Rwtmc9_-$LgkcHAt260MsWh@cQUNh)eHfb2!-_HCb(u_(OO%lt zsiiq-?4$7(Z4_)FI+96Fh&O~7RZ3*HQ>948 zf=odJl3eR%-D`3^gI4QcPfn)@`n$U1m~vMLDGL%&+#-hAe-XbZkPfe?vd?K&052&@ zL7V%iU^pray@JqFkjIOZHtuPuK6sGEqW7PP7K_nHsq{6v;#&--HRUqhy5h4W)aU+Z zb`ch*7`&uwgpZs;;c4y*8zwq|tv-aSy4Hr1JwV5Pyq|T`RTg3{{0sE$A1drB>@P@# zwSoOA(&AR_kB@ri?BO|S+|FtegL)^esLxf5E9TPN&8#I-Yq)cG2-54w;mp&k@q#T5 z^9B^nri*WZQj)cubLGBl(;3YT(-0g3&9sQNvbWZib;Zh2ha*~!%V~I}{AMMRj3Y^T z{%>j{Z2mR+jyy$>d8{g2B#=UvKKwONEe<)#(QY zZyAio@iKVxU?MSi^9KW+BOT@8PP7{?cZ_sm;Y8tX=3$=_e^amtW#N6QwMc~6LN7!= ziRcnDp-JU_yAs~$lD|Cz&u67*IaCYHgdPNJU&m2U%>zcGUD$UV0&5|=&rVzZCB*g+ zJR*gU5CLy|FT03|e&}{F+9?IASU3dFw(a z`!;(O_5>^9M}v|Mm~B?0VHdW+Uh8J`BJPD%fjbH*VpMOlm`oOf9RbKX8~n}Wsltl4 zWJtPFGU4~W1138E_Vo9^gPb?{d*8tpM+mzSb{Km7=Bit79eR?Dub!S(Kg?b&JojAb zdw;=SF(lCIicn&w8KE>H7FfSmlnjFSknTg6K@u)5f`n!XMkmQm-!p%KeWLV3SQAO+ zYT|E+26$aip0<51+|85mul!_?mv&^B@k5d1hk_U)KNVlKm{aZVE--{dDT#K?BC7o@62q-JZ=`veftvy?S$zH zYhxY{L*zCS4#H>a8I$O&Ihio$W%$PrS$HmCs2YY4(RM&PZDA5-QpiBC+?9)2I{sD4!Zra(xZ$ZU$~ zXFZ`=d(^T|_U|JH9EH_^O1*U%Y>%HTEqoacz(8vfaOVCa(UbH0b3KXGH%+L4L?RGS z6!Dv$48-O}#KM)W;<7{b+ShoKgLKyS zz}`8BF_nbBR;?)&XERAMheA}=(*#>ZnkN@tQ)GbCvz$;ronyrZHQ>!G0#3xyIuT$T3V|=VUb(lsS zu%~3bo}|lOiG)fCx7|8!H)`v>I7b3-=uAS61PL8bXW)D2V-Nq=$`?>bargnO!*U*L zc0mYYZ#XQI&sdLRLx%mrWB@s5NS-m<#)6@s#qTg6%GOF`Ukhe0a}|jm+M{Lm^&*mo zXFuff`XDI81K0-R*kF1m=p-V87zw zUWdDkkZ!r4sIg86y15*}&%U;CQ+m}c{k1!DcUo%x-T&aac?vjTVXNgo=EY;k=(;?v z@sTeI$AE|QUf9nmCi0v3X2MbUMejnSQ%Hc%Rgx`XzrpG-L99NHI1Ty2o0wC5YZbKs zjh^m2m~~$RC>YbLfit!?0$ke=Yk`};?T^Rl$Z}^ak96m+=NG$M(^9w}7hyXWX)3rl^ zSZvzx3x?Lk0FLarP^X&DtDWJnb`9;$rc-%DZe-b+((2AosB?9xG(y*rQn{)(jmCchTs^_n4IhR!C z{~MQ7It#!5T=BKn_$%fNX!cmFpJSbDkny8}BK&`+gs?U*q^eVZ73S+w^UCK7^Ts7} zM3i1SLFuSGg%cEuBPHPvcq-*a+&~yC#jo-dH@AGDZ*UD4k49C6Y%Va31#9 zlL2oML5E&Bspt|mz`g3+AC+~%C{lVQqv7K=;bZ!bbJNDzx_nl~PQ@vKyauxyx8Txg zfsFY5<(?Q)SFx8F?Ptgm*jC6=0i+>IGxps~W@0u_QRa`P z>cOFH-l&J|mP3}tn)z?v!3KZ*$)S9{Qr=i)4QC?o>rY#4`uRT(6uqMU@~5DZ<4fZ6 z_*2Yd3|zHCctBlcR=wC;3SLUZj&iBoajaPK7E8rW+iXziELV=CS^97$UWsQ5QYF=) zE8B{?^hZ-Vm*ca(&&3Xi95ItegVWRUJW+bkmpB~aYfmhKEyY7-ed$~`v9mtX7~6!I zQ)J_!C(hEt{`7ldG3IyK!p^v@=owJ*gMKCBm_O8h^sn-#9vU*(^y!?(VRhL3vb_gx zf>ITC=dX_56e-Nc(6np1wyI5LOCLsoTm5HbX%Ls<@9{R;(Ocd2IO#FVF(i zh%#$%#0_4v!C>}E>flhpH)NW#X6Ga;ay;W!DLAxJH)va7TdwOJ=%`g~J;jf8+FWx% z4WF()biR(A!1uu-CWc^_bMi}?nbp$fe#rmcVu%xS6|=gHD}hR^XubMb-f=jT2GNN6k|m`=J|i* z!W)@wVVpgunPaXm$hDR-ejOY(<253lXwtp+t{XtJg|_uAmHptL^nLO1>%p}-!y?%> zC^zqAP6J5uTtoxdm0!S-Z5J#Pj5!u)z|!^_4FJtxSAMCQ9mtzPd;5*sYjl9O{}r$$ zZqT02w>BQ_e1}n${tvJG3W!b$K0sta_*rb)5yvx7bjyqU89J6e!@u)qFibH0qGwpz ze$g{r;m<(r7d^w$_H9}Qwc92vYTO2ajWgbL9qRAz|iu z;iFlnmaEAjgzk;b2}kg|vOicHF*%WyV=V>EK42r5gF1a~y^I)`7Eqz)I>&~iDAU)@ zk`b^SaX^?!5ZE=9P*0A4tI_q?_lxW9SfLE2dwNQv%D~KUcK#{c{eb=imL6MKF8ZM#ixeB%y;?TUpXCt*h3y zy{_OpscsBH@^_4jeg%Kf^t)0W`%(51ds(mwk5INLm)N24(7A#LZ^8?*N`66{2G@V( z2&Z&IO@ilq10XZZZZ@K@kVQ0EQOE!$R4e}3Ee4)x!aeN7EAR$-24E@?u}vt16aq*L zqs+Kb6bd;-Wj#8&@3FP}_N}4+?7M4c_pN#Cv5|fI#`Zx@j$C;I`|lH=>v5dAkCSwB zNwq*c)Zo%63`89zoLs*x?Ky26?L7xt6759Cq9HfV z4B_^k!`QX>0E+q3;sX|q1#zxKtNhJ@Yxr7kfS(gC*@#*QY$3$kh}&qLBv{M|f-|>GASFSVDLk2ppA6H4ETm08Feeh9~>rfrEQH9(~jv z2({43JiG6?``(Ad`*t$IChM)&8klU3F+g$Ry~1N^1tvR)7Yct(@YgthjgmdjODx$# zFFcct0(({9E(jYFTlBWf79q67w#-eaE+k%*CM$jUsk%@$c#sy40LII&VjE)cmnpZ1 z3Z@~fptp% zOe2vL`eRq9L*&`;)UFlTJ7YhXw6=f4*;CGvxv0yOc3NBaD9obSU z78_{HC)u0Ti2)^8?BVp4V~z0m9ps2GgE0JaB+0125vtdso(a*}MXQSSU)t_4I1IJ( zbX9q~+6~&#KBRW0#`W4ggZ-p^?gyIf%!69H6<785#dbT|tB6XGM03|LK3H-t9~Yff zG$!iU9_P1P?b+>U?^W%RXzZnqCDB3)g-sWR;ydh zDkQIiT)`?bqYlH!Q6-rm~;du2RC=;Ce*2&;`luEv@383P$Imd*)fOo2H zD3r5LMU8|v05>j_T{2!$o(n0wFk#|K;W{^lR7rC$JE^;iOq_k4(hYG|tokLEPlKgv zwBoxi^oo6nIn?L1bgbM&dywOq@G~{mK2u!#y{wvxdBHd#>I$^Iuh;glSvxQOLXJ1g zH_yS+KJU?K?Tn@CwWIT*eRli2NQD7(DCz3sqAs^^UNp=C#P2b(>froeM4}o=-9J_V z7-j+RzEvaac&?>w5C5{+c3w66y}T{OhwZS z)$T8#W6`RNGpn~bY?5s$2K|zF3YvGfu?92LgZ-~%3Ic7 ze*hjy3IihKL&y+PI~QB?QnDu$Bt=iG=-$)_hq^X2yd5sRSH2}Y;!xb{2P^LneKuIO zmWmcn)D7`K46OL=)dTm8SJNvdJIk8}QVw&Vjx?))9I)YwuY|z-TBrAOSnt60ihW zQV(Ay5D{U=jtIA?a+vI|A?*d`6K>6h7lP9l1#dzz+o#-7;Zuf4G_*GyHv2y9G)kYI zGoOaH8$qQM!(VQ4ZHva;h<9W<{tcYpHd1-yVlug?)P(iZeW%)E-cnrCADk?#F?0%RR&7ygF4Z;R zl3XLIf5JcGm;6&JR@la)EIO68b{nJ~s7k0ei4BEEL#R1XDjtzVawCKwfU|*S!JXR- zzd~gm=(8)0EUDI#7Qi>RxV8#Xe3&-8# z=XX>)zd-vW`jJd2LU4lVTD)m#pZ7r8)cWktyj!35RJ1;end|l0i9O55$!=@+xhz%S z<0R&^u)qIOd=_o_IN5D5^3gcEQUyLv-V$eP$vBZW(H^Ig;eBS8^hr4uTA#a`eb$u> z?~}JgpH!pd`+Pq0G@oqOm5X?GE_r@WHK%eR*Mu150wwKB2~P8W0jmBB;G?J;1Z*u& z&@gEW??NnKM4{+;M1^vE4_|PMr?vXb?lE^F&SDnA)-q4|j1t#*!9H>DAUC}QLI)%I z`RTV_yNqBTp3u-l3FPo)bj-NQf{^NT&y&fFU$#V@vCxkbJIlLno4CnaaLj%xHu1Be z31GS}K?-C)_yO^prcD#v|Ev6L5$@sN;2Eeci>ju*a(s(U%m%i2EEzxZQ6RBLjBk^Z zQ#CSmhNp~N;+rO0dgB$u(1S?RIl2HkjVKe%q7N0THBho~_A$+u)`UC!YF}S^ruO~^ zZoL_>hI4a|&i|~^K;$hD4@-IRt}T~;-9k59w`IULzpM>=sO@>p&Q0`JvqL|L+kB1K zmH!O`*fn->P3|WetjY5&8Z6}&DH50$tzV+Syx%4b<`Vb6z#bmv_H(ihW1BAM9YlwD zzim1!mb$s#K`H|AW36A>`&z%ZEsPiaI=t8Km-fHbFSRH7E*3f$`h}!31e*8*(02t< zoc%F5pdj#!P~9eg>jqqTZeNjx5P+OA>r5jG{vzoKKcyd|cwduQT2e9v5}cOD0d5P! z3x#L%5SPW3Q`&@&`$Rd#ZxvIq1U!o=d@|Oou5vX&4-fe9FgO(njGgc*JB5DX;ZsOS zL9QCyQsntlR}ye#bxTU%xOoz4>lTFNk^U_YBKvC~JRaEvYzw>eP|r5dMr^C_=2 zsp7~@S&U@~o}O1UWJMzLFt<}M8!rU&<|}xkp;(p|DE$JR=WgE?s3n|tP5&>|q~m}V z><>774+jhcXSo#R(rk)^Je;;~Y~x&V${uL=0B^Zsb%bd->}vvofY0^ z`>Z%RdU>B*na5{q$7!E9HrWlKDRT}+G+M_0DgoZSYBYd zN)8=1d5$)|Gwr_4WVCs#mMT~E1@^}NjL##bQW*uB8*Lt$Y%`D)+;UEdLLXY3k_H7I zG^{c5$^NVAbVJ8>Oj=`DeF+$wwB5b1*$dH7AQ*YPjj{;}%NfG?S0II5C|^DewhUV^tNzSZB`+fO?M{w<90Z@J$%Al$AF>O_SX zI2u9Ju;NzT6G;0W3HVKls|L*c5vRpztJ=gD0c;vHj(M#*-E-e?FN;dSB5-?ADF5dY9O|wDA(1 z;QcoFDoJz#m@4(#WUB3cK_|3+*?U_yFN`;s;`TAF=F)!X1rMRxQAuGZN8aVx&Roi> zP?0-BM1U;g^dzvRBj8QWnp1U7ICajH%`@gR+1&tzx0sT|FyQaHd>a3WQ`FC2o<4)a zM&X_1#e8B>!KrkcIk1~JPe{g&YBi|lEdC}Rw0OFF;8fI?JuOu(-gU z0bCw!*o$p0(A?UQOd7N6h5eS}wKNe@0}Cj)N5RK!nx>ZT@Ma>eaG)}nX@TO(3#hn{ zwV!9eVRVLE;BsQDXG0Y*xo?*9W(S#T+IwoSz4k<-KgXqc0fNt>wa0q$y~-}Y*SVap zCnc?O3K^z15OY)r+yn({@tU{UEI@!Ij6ryd$V_k%CMV6F(^TCk+pdiOdo{MNcL}0z zd*6KxGVw;fK0$69y$>H4pt?W=04w@NW^`K3q@c?;rVH7`k<$py4Eja8yxwepxQ0^Ts?9wdY^Wqbh@n*yEq48`y!xAht2xFU*k$`M5zQkYWF zZT$<&Un3=fc9qBK7_)RlCx;^A5izn0-o!~x0>ij39``U$MaJXq$aMEt3U#O)%tB48AeQrNf1tmn~c*^m_%&+RpM7X9wbqmR04ic+mA zO08n=^0^#-mlB+vysdSUU3da@ceA--@ju?sneNm}xitIE{PJ6ONMiFo){1Jo{W0gk z#EppuxAeYMsE-96?AAW^e@;3%WrO;@+OfObJyYX`oHk%@2>K`Sf?cfuw5-f%|-Xpc

K6B~TIT$OQsY zjQsla>zZV6ojP)`sS~aSgmn;r08>n{OwRq#LryAFbI_uc8qv%^C1rC0yg;-#{f;#r zlnA<}#@xt;iF|6yjvZO{O-Ib0?CvNA7$GPi6Bcs7|20}PPUG{i;I1(jo5zlJ$c2Eys|=H35TU&=+{z`h^8>X-y|O zk7UQ!r_Tbx1~$lR0H!6#UTg`-^zGk{{Amkl`i|Z66#|+T-?wt*duZI)L#T6!Jw)Ty z^x`G?eIJ%9RU8+z`G z;>l(|M)s2MHP95a`YQK0p_Qo3C3vY7R@>398@3WvdBJRlQsL&fq!GM#dE^lVNFge) zLfl|MX1f!m6zwn?Qa!X5iv2l4vL<8gRXj+mG5FsbNUWl7krx|ecNa>f0>0-T)anlM zH4>L0#(;3(Z&ImBEYw-iU{F-sgiW+1LzBR80dueVn2(lDp>eqU+X4cx;9bNH5b@p` z%tb<;1vn|Gfme?Q6>P~uK_Y0AM~KT>W4rTexN!DhYml=|;P6lGzI<5&4rf<>MSBqQ zW*30vC_oSvMPPZ3=*>n{II~JNgI)lF5dNV8q|PLcp};N)_WU$cfDi?$pL?Am@riqR zARQ-ru$>U0&=)xWzvn;J*Kzyo`%s|gPj~+)@}4^LUg*_oXlQcXacCAR@wv!&1FW{! zHEFg_p60%fsM}+;==An&vh0*2!4_6J_nUL>)cVNgcBT&{j){*oHl>C3mhLO;I(S(v z+`Sk*{lVy#>Z#p-qipVeL7NKfYc0-@aqjrW;vNUynu;sYQOw&Zu48Jx zx2B(rF~8<};}o3w#92Yz!e*a~=RhUZa=W4sIk+j(UtuR9qLMhUwN)!HDb zv`S6JB&~*=7te0+Mg6dmKDAJ95~37Y>q)#l$HVivzb*@h@xsG!*#Zt^k~Y{>VY;VP zc5>}a){NWjaYw!JU4J^WxB}(pr*=THFu~@Hp>tmq_6>B(9u-9pTnQ&)DvXnq$DfNIh(&27})O#b3A8TJ*>sUl;0L za1j0$I{vS>Z0i9h1^o-;wv)$bF4*3+KFLnQ`)u23(31O`7u(){z-2J4&pY9Fcv6ch%B33qd#|Y#RV|=VjFr{pF<>$7PGWK!>Q$m?x^CIVwDMN>H0wZp$e$6(-$H4GQ=w;yjUp%S(*|Z)Q_! zbaj1f*(eu=Q#k$|YZ14vh9*K{Xl9b3-dPqeDzTqig3PLt81H4hQ&oYNqLIQX5Yna` zZc}z;)$cb|t(4PB5*)}a{$B=2BcL2!gP&TFD7!i3s|C{@g< z6RzUe2+{u6!k5Co2utDQGf886iIhc28vPJW z2{?La=v$~EjJgrr?ZcfT=K(ozcAD4qx#7b!O-I+(lrXZXB@ZVWb@8g=T2f{rswzvL zl~Rp-rQ!OwmQw7!Q~OaM4;_i;UH)>be(-l z92x@%wq{5EA!K$ZEZ%mjYC#;cg};(L`2>oMY^3BdHAC-Qz{LeNfH-2e+01sULl*60 zkh~0IHc3LbH5q)6B}TJIZl-f*p_U_MtXfCrEp%P7|Dvug*}RcLOZIMFU-z-cX7}x* z8oMWM|Jl!OKe3yyuT~c%D}3P;z@$%~ARib9HiwBCz~L9qDKgo8e<0ij5WAaGS&oB7PokN!>B+8BSA;M5nKRea7I}H= z1YhEbt>Go*MX+{S{5{#VwV3)3VC6LZK`dzT_f5w;+G;UQ6c?w(E>T;u>qtp0#;GNz zXnm4RTkEqePcbokRkA?4Pm-s!KB+D5)3YcLt36JVr+A+W@)Q%|1)fttVgFhzgEmf* zr+A+&c?y7lNglIB;Z+nzt&MX4d%Xy$WJb-D_Rodc17TL=TO<3L(v$XzqqQEw5Szw{^0!YwhKAmKmQRbSZ7eFI4pC@D=w4)UMV+-S0=8^4;dX52HF)yED%BU7j1~<^p*T}y-pL8qjO#(1 zZcZkky|@Zti`x>Q=qF)go^4LKtAg^H3xW7Y{~X$r__3zRCz=j79d zt%Gc~&2z{qMHzUgGH;1?cKr4qc%NE6&4Mf|gs#e`LEELVi>*HO`9-mdXt!V=806zz zWW(^fP4HL9+KDB(e;6%J@NsIkWok?G!m_w!yHE0I^F9&#)S_#G7pPw7)7_>QTA$?8 z=6&+EZJWd5#_fK|-lFxptKBbi`+2_$F@sCS+Qyg_u4>6ZZ?(Fc9-;5~XJ8Yhon%AI zlG*2(d`5tSgKk)HgDS%T3=|qPkM=IZ8-V0_aEXRXBOd`S_yHx;^*c+-X|jK!QkpjT zPLoWfH0ND-mZlDYXCbW*I@!ghrgibevM%U4L{7P`g}o0s8SS=T-R`eXEboS<(`wh0 z@z9QB2K3jm2mR=T3t4*Yc1^ho?MPlgJLqDN7L>fANej5C)p}&-VK>eqK6*rUJ5BJ< zn!NHhRJuZ9g+sGCa;@YdQH5qiF;_z11)+M<*Hmr1s#xRp-Sj!f+262X*pQs4Z!DN) zlk+H~G|(Hu?(uplo4jSV8D=olcbD=>NXqodSosN04hET`#(NP!-|vv!i)0FPz0JOSAYYCP4GdjV!>}}6$_Yf zuh_w!6}QUWY;0XMxo5 z_M7B&{d;aq@eu9oX=nviK!+USuM<6a|IK3D?~hCG@#lL)zbD(BG=h)hjLGh-Rx9>- zG00Yl&w_5azhVBAWD`DZ_zXHGN)3~0D-aFIV!x(Pb9{@ztfJ&{iUP|iM7ZB&zhbwG z-^RR0K>b4o69NK+{jz_*DJsqF3bCWmq&#zW;FtrLYY+7ca2p7B+`x?yU&}7p?bqdw z;w{%xxJkxpliv7@4lq&Az{iLU!1n-(X}0j92nm{r zN2+^&eWdzZ;{6YH{r2dCU59X9m(ufLSOS|dc>hZ^ca%6u=fOw#c(h+i(}!^$IbGwe zIa$|QU#IUyG`Re3yrM;et>vqEg*INw*VOpWhcK)bHgkCpqZKVZG%M8#Bd) zYkY|QMniKh4`RfkjK7due}Qo?Y&kMW- z+w|Z4@pvc{kNbnN!y(f*JH2yeW+#1D2L`IOe!$H5{W89>CwDSC+b0s1l1tbQge|Uv zIVFZf>(cGyf8pzEjz8s0|`zZ74O$NH8Ac>4CY$Tk8IQVS?!L@{7^F)08NG%0Ytn7B<1g0P^+IdvGNhYihjAOyKH z=g&9Q^)d>5LB~y!m*iP{y>OJd-5DilV2&Mgz1uf<2iI*aV~y{{Tt10&McCav!tZmN z3`Jvf(f+`8s1krT_y`$3VVnc}jDnfvK(c7X_4o|lSQVdN*vQjiO}&mxsTS8+BSH{( zd=m~4q9jkhO5o2O)<`fIu{w0UeU(N&sq;`(1F3Hafg8Yh;x10|B@*%#9f$JtH0A8$ zCtNf;1lb}MSQeEM)EJkBrSJC}d4x83g$#x^WDU}1*^|RJbu3e?N-*SiB^#-Hcfua^ zC&MrKVo`rK?sVS@oF}h8=610?)#cuJ+NtE7?o7m+jk(;>v>Ytiy~T(<7;yMQ221F$ zH4v~mBPNTV@5uw80Z(BbEr{ZJT(f+5F(cgKL2r1CH_Ri4-lh0GyMkoB?!#e@3Tgd5AE9A2&s}qap27ZXR$b@w zL#PIX%G-;yFYs8dCTr}Sa?K%r^#R(?Nt?7c;0sui)wrFu>FDThJf>SS>@>yM1-))O z$|>*U*ll~p#e{;53Yxzg^>z-k_oFbw1A;LBOU@fnnSymEW6I??{X;BT2-uWPB0mT zfoeYYzL2prXW-Qfxz~)q^`{XYNzzlFrY2~+uPM%e2Jiqiaz<-V-W(eGNU+cw%T*)h z-CIkQSWZp`)N;p)jB~m22mPwfhA5(-+xmA*9GvX*L@T}FU7sJ#5B2-4E4_hmWw~N3 z)ed&=-RO)5oxu4nWB3?<1ohg!&mKomS(or$s)BGyMU>8_Y606xMVdq7c!E_ELx~3x z`xA!~dLh9QhpXcL4%RX2t2?U+oUvWi2dew4$Eq(@P1RiZS(##X&z~c!IoZ+PhM|S~ z^a&}WFGco_KvS@7J|*8*cz$2L8^8tFa7L=x*htoU9z?~C=t!w!T||l9+FPAmkw#i; zwR3VXy;&b#Qz)*97<9}leFLR>^inL5ji<{>@48}XeXpYQt}p5L8I0kC5;2(W)9FB~ zMC7#m3wT;ys6)H@riS#0^n6O2JQ0b4{?MBc-cY0%f5Wwf%?hBmdV6}0HM+fx?#431 zY+{*XHnOaz??{DJ4tEy%eCD6S?9}Mh^>o|n)k2|Km&&!uOhv3bUDlcAEJ155W(`Vn z8MAASjO(8hh6vZVi5~6lhe3i$$6_*(ch&%U)EQ))X|R19^`VVN$4!sr>^mXSEdbIj z1@J3#D7qD%78G5;xh&RGjd3KpSlu=MlQxpyS2zsasNQP68ig+BZh_E=nWbQU63#Hq z?_SLB8eyIAy;DLrc9R7>r^ZvN33TiED2FQJ2)2CM!>wtjH#|VEkKV0YJG%DR*gEgn z*t*dT4orAt!`S-nSye3p3!wxv6wUWK-Pl^&Xn*f#2c^OR&R}BLx--Qi#pA_GMP2b} z>zpYDhlMupH0cX-4trqvZTQryLsit8<@0@3K1~SaNcKDPI^s~yJRvWEg#1rVy97{0 zZUN(Gm-aL0B~q1$$s0M6;=3%w>hCdDj0I#Ha1<6HEwX#wbye8cn&6903kP59^|!zm zU*LkU9%ta+P~-9;#HnQ=r40(Jgs-0x>R1>o6X)5uma$Okd+|n4WAuV@dK*^_tsFY0 zuJWqts+F*z%$9Srz6T9+h9ij1nC)6NEBl7k)khSj98N}7uhOZuA=^q_HWi7avQna^ z%qXJrbVAoNS1c~?oD15Q&skf`feg#`=GU~mCNSsgRQ^uB{Fnb&m0xbH1>rFwRT&wU zOW1b6Pj<&eJDw2(*XU^;BnJ#!3o_@poub=kcX{G@uQwm}I9yqg^{S0kSA_Nf_((eF z4LO{lQFj2yMjo5lzl%@)8b``ziF(};H=?b=E>{$&jPY7dbhJ*x{C1noXhqDCdDdVv zF?<6`kA0;Hc!?k=%s-uxu&^3a`ySy|;f<4HDugp$qvVj+hd3EEMYHb1tPc_`&Zyyt zurbYFlPZAOZ@G2))?+u{;=TEnn`e@<1I5|i0sNcUC6EkoR5%8*K07u%>od&Wv<(Y0 zGrg;}de^PGY1=Kfn{~^UHR5x%p_!rML(qYW&+!cx3M<=3zjwLTv%3%@9uY6R+R8sio==pv?$>GpWk?;^@5(SGo7>LhzHmr zOtF<}U_cFFB?oA^`}x~`s;&Uh?h+k8z5~2mjH44LOhBx|HqfBF3GzEn1T?{~m!8MT zq@Pa^wdDRW{DNQc3x35$!Sxae<0M5A<)y2-n>=dUrnXNV+q%uWb=%gRmDy+Fm*Qf4 z=P}_$+B&ON(AHUd6SmII?K_qq?4MZ1mgRO#>9*Up*|zEi4)p8l2Xc`}dYP^?S4*>* z^l_kLe184V(BufV(BzyG9=JA#lV2Hv=0jd}a5)@xzKt$SpCvlGu#*r~x?~Hr#Zc|d zjn6!GQ&WA)Hw}%Hr`FUG-;oMje-HiMP{ot%2uABJ86d6DVBN{EM}q5%#zLhF;rb1=URwA^(xe69|?a1h| z6$7gdH=Y?dJ|ONIcwpf0fHW|=MmJ&`wyoCHR?VzBzDip4^s)oXb)3U`P~f3B7mr)h zSnAr}tj1@**Iljiz(-2+GpS_A;w5bFtn!ek*Lif5Z0nZ|CngTSTmvUx${Z)MW znuVHw!(ej;+;@B{7=`7Vb-dHTFJ5PHzLBaGbK#+Sq*(6G{&UN&L^9>|Vx`(yJ=Rh2c2qjLilx}BqpP!4K6n%%3lAWOw{`@U zgu@1*R@HUdDz*+?YR+o)ln)d?7oJ1;Dx<|>M7^e(enx*BMeLr2P`ki7xoAVYlutgf zP(;MzP=Q{*{rc(l#0!9f;;KCy)*Q?FolXz&O0mroAEtv*4n=S<{yc*YVzVQ!3!1OKCc#jb+WEPr3Fyd@2gdi!=eJ+Hl<=N zlk`$2eYZ{)jG#&s3`Ixq>gTT{Nj?uDonJ{KZc<_~~)HHKH~R@orK=&GOX)h7?sQmmGmNgYo~si$ow z>-)vmJZvC+h8@(GgY+QHK=)i3GCMaM~ z3vSx5Y3$%pm8lP)isB|;e$z(X2HSeuI^ED*p->w;F#5T^xtiU2ps5GcGBcUu87cGm z79=qHof zjyM0HZb1d0-tI>Cv7TOUPfu?n4&^vIlwzp@un;PxKII@kSbaEbP?BxkwuUZMpDWaI ztd^U}9myTf>2gmeb#$cK=c}o%as6P=d4v`bX``b=jODen-+QS_Fn=CI-dEooHl!@V*&L)Ix9TGv84e0&vF0#vxl88Iz?xNp#Mt%|3@K!LN+cX)3i!a zQh>QUhS_w&C^}~_*n|V_&xPh}TKO`fMti_E%1wI%=NCLE2D6GP0m#^uFDw*8U{uKr z25GLpl8OZzb-)Onwz=&WX8gB+;|)}3Jb1mggl_u@{*)9n#gt3&FsRja+LR;?Zy$K;4g_zlXNodVJba zaOYg}{MyrFZzUI=`rR#7n-jgHfs&{t<`U8~|A(?S0g$UI z^TqGEwePp~z3SG!cU5o1umk@YPpsVUu-L5|8JKy=v zxBkBPiTK(08*yzo9*z$W3^ne{SBJd0p+W6{wcpy*HmsE+)rUwoh#KJ|tfkqqdT>PT z7=m334@XBoQ1>o;Abh)W*9U5h0P}bOgVDalzu!|cV9V?9`{)5{SFS{zQ~YfY{>8&9 z7o^RmIP2T{(=LQ@-lv5ppOX1mPr_5V3ENWTR9XiEspSURuX=i=r&sA@BKcSp3mNMj{!h+Hznsayk2L&u>cv2W6+WPdynib7c? z==4pn(d*r{?#FuSo}Qk1tuI^bgI*Nt>*=lDm&o_Z?}=J^>)IY`x0SYh;i2r2{6jE0 zw2s3yBdZzbjVFv6miDGsT`TR=gfr=C!N>Jg;!SYoTiYB|m)y3mi63uy zn*-y=Z{|f2b=(*Cc%1vrDpI#IGpMHD#OZrba0^Ljp54OZO1ez0O!PCv1CcpQj29-x z3(>0(z2f@Pwjik5O-6OC+f%D`ch!T@dijt^sMmUu_j$rS*+Z}6?C$B-)&SVjrHwok zJQ9A$V@>f>`mkG9I9#)`nswfK!m6?U86wC;PSTN7+!@uA@zx~ma3UbdE>M!{^%aC% zaVis6zTDkbk{Z3WHP>8edDluhE`Gmr3bR4=$Z4)nl_n<7y>BHQ*-zU??*~`wnQyf9 z%pCj@FFh?}VOW8p$Y?mMn8^^vU$}unP_(vl;?WsojZxsro1>q3tlhYp<<5yvgLkKcahvqR^=%hgaj_ z)6@!Olo4z-4_~^~<4Tdx(r)IL)YYP`5 z(_6(xM;TrGq%JOzdio)BOwT{Ap1{Mg7E&&bG{A;n8{od=kgGBSz)Z1|AyI>hN{;ZR?+)8eZ1 zV2>_(q!ycp^Y#<&4qXGwbS1sBqYzY~Zoa^k`)A2yntSO2y1q44n@gnpf9nYs(0RU1 z+z-En#-K*DRulcfHl;IfuR4%a#u|{0>4t_`LeWC}s-Ptj3#k)=_Wr_J(YgsJVf z^r@ArbI}t}?jCm7t$p2%UT-e$zGmMpmy26u53V{4=eVfhD?v7y%Kx3E_~}KCMaXTk z%Tzg2=aIy}e;Vl!oT_jH@n_N|PNv(oSt8lC%|bD>>7Y+=G}7~zBM{=UN43s&LN0kU zY*oCGY_s*6#-X!hhAHdFC|frSIkOaKEFN*Y!`vo2QVTOjn2||#0^oQs$J*j%;GUJ@ zW^VtooF^GiE1()=0IWI9&(3A10_-s&KmNU0pI1qwF?>+1lq-*QRXtr@)pEBc zeaHcKbs!Q-+y{*3A{JoDQC&lSIWh5xz>zS_;x@%|%Yulz*V=&rPHL!k2n`^~0mNQ5 ze2K)6>=&W(vQFY(O;ht~!M@7J|4-obklp6kz0BK7qMaSVDZ1p&e|0t4(7Z;KEfl9E zWXAQvgfPPvo)*@DV301zYCClj1{?SCBTVO`>y-NZgq(n18gD$|^$T0LoWUpb%s=5T z=o1_R$hE=wu#Mc?+Z5Ua+qgTsx{bkQAs`=<-rK6ax0P+7_qOo&wy5uIVMF*@C4-d` z1{seH&rD5DJvKe#nVz1R+#VY~RN6j$>AFMV)TMkN2rSdHvH@ei8OR}r9;u!{rc&=A z;bv&=hsMVa>4i&YwA0op>!fz@Fp|T=hr6t!hqE8wc(|v>0$*x?(OE7A{%k8s?#M&O zO(YyNOKKBsCmz__j~MaXYuGw`cR{RSt(P|y_7v@^&QC{?!duR_i|)5wP#x)~Sq>7p zmly*Wt4ra2QnxM|DrOhT#XoFEjDFUZkBh%_1u67z_OgSjne`P%;$p%7#ZQycuq-v% zH!W&t&%F5KHeWrgw;6dVfWFT42Y{5IF6%V%#wb^ILg~>cs0A14fzbmJ`Jg=PjqMez z5^|J#vU|0@?(l7igrRVo6RDfG8BnLN0^xm^fSxYIo619t-hB#rg?2^nw zSKqa6^qz&a(Z)o5VAuML&DNUzMX1;p>FZCgxwK}tlW8e(o&IM?y*8k8kMg9Qv?A2d zpz;DQnAu^|OGcwZD*?vKVAP6MON#(JfIUY^24EAl_JXRgDQUCba5d}bEU1B&UC(As z@Fh06Y?{P{1l%KJaC`26GS-*)`>TlPQ8O;AAcwh&vZtbuvdrYFT* z?syu&qTbQ+~a?T4J?NCR{VUUHurs;}^}U^j1YNO4J&9`iio5o;di5t0&0CSx0f zbUxEc8I#B+M;)&*IIiP;q$z?$N$+S@0odEQXF-@wIxw1CsZE5C0E#B))DxEq+<9Um z_8Z>7%Ge9*wpYsA*B8>osqZKIEWwg2m%^6r><=$3X4vk{*RPMq*I&PR-QB|rvxPe* za~t~;iT;hb$vX6FxZDrRBR0AXI*IPC3H2pdKKCgjUiNwUBZ=AZRT}1{Ew?t=<4$1|PK( zjwMb$sM=sCwKo`&68!GE27$bs!Stwn+(NyHjF+Hr)!`7pa0mlaG$Gk(u;~LX(`BCY3qjo&>C>7$st;|72&mr4# zKe2HqOAXeK1AtL0cYhmiQ%yEkb1mB$r%hJ12kc&t+Zzw+DxP}U*OdtbGF`rOzk{wS z*+3v$@ui!W0AIj|+Z+*_?zdivnza^8)yQP}QqF>pUiW1(4ZJ?!b z=S0(rVbBN+G!~6cfysIR@LLxj2E0>e_&`{R>2jG&Q^znA_Wa`E6bmfAnqr4B5E@LD z59Wczzgyt62%i5XdI263Z0Pa&hl=?YFT2IbZm~1Chk1`J{tWdN&;Ox}B2i|+!gMk; zEnNWb>Lk2#oeqvlw_O(4EkK%c+l@v$s%U~C$p^Se0KgmFc1aJrO@|Kdw6#Z&nu{oL zb*ZpmZa?L|fr^yK!V6W9=S&_SFdc2fPsKMKpRYecg=uys$%e z*=4u(^*QrvYu=D^8Mtz-XhX=uzp!|e-Lep@jMpO?3XNcowdVzy{TF;aUEGc*th=0W zNNMt_6+uC6lYm@|f@~n((io=nB#3wEnWATU2hx9I0UtUec@?k5I~9&mfrJu_BwNwE zV>Zpg+oR^77})MZu*fnCH2~9B|0e-mA_|Wl@hh2)f>n>-W&-sDV(g53s}h`j7ba73^K8`N93Dedv6Ch+psL*Sqokw~9Z( z=Lh)p4fsCw{#*I=_4xcl{O{k!uaDsS?&sI<FiT928dNIm{mFNL8c~P;oGg)CAE7DzVwYy5 z-=5Mt!ya?RX|HwZ#39k*B{mm6CHmP`@mXlMuBUVYGYMLh&k}U$i%@1*D$8RPUgo>e zxNc235*GdAGt!8&l;`8c-mSjPc&o9k;*+2MJYSEi&L3f)5`PIEu?Qvb%ywKqz^|?R zdcW`=><`#}d@dm^|GZE=|326s|A=cBaAb)mpJXopFGi2*$YJ6+e10$gd=3A+8`t09 z*Q5OUMqK{^zgGD5D6XI6*H>L|JjT2?aNR&1 z*)ym<)(f}t`w6q=*Zlf6e*F-B|0DeO-^G9bbLW4{Cd6C7SBG#yJo!=7=QZM5_KlfMR#R&2j%NQ(C1nSZ2{Iki!^uH48UG9)X@dJPHY%B( zaerw%Iy8`))|f4W+WuKrDmh>=hs>6NP*NwjG}&1g8xWQJ)WeZit)eJ`Kz&XVa4oeV zMGZDs-$|;L$8Uf$a@jCY14|k{F|`3HS_8Gw-MuWD8p-IQLGun{nCfn$7 zcWs+B1pEWFPdYXnBSUDmKt%3zc83CZS+gqoASEe1oM9uBE_8w zS8@x5bUDe`gWv+{S@R-nGzl8!RZqk9b&4tvsZ#YxJbPxy_ zR%uQ}{Dyyq1Gro8LZH+D?+n+J&FB$kOofFhH^(-imSN6hU>0ykHurYd!|_?$(x6ZC zgYGo7OrSBV#>i?500U3CRp@<{75_R^L+h|=AU1euqqaB6_WsKwrLreyx5q8De)g?Z zO!ldT#p4|gBwiEG{|fVX3G&K{INn+%2SjVyK_*zD!b}hiURuGlP>4kfOTTKtSUn>S{jB z2h6!bdg;4FUMdf#ZLOg}uH*~%GFNCZzGU-?HHo`#Pi`(ho*f+Q%^Q+p0z>sb5yE*^vFPEi7Ga z@$J8UWV+kyb?nwkc1wQh&Z&n!OXm?VIf0e%-wF{ngP;?sSiw>WRdQo5};&X!%R7tS8dW;jAO!L^Z8lk}d3)(RW<8=2Cc! z99R3i#hG_)n|}9X&Qeb6bXSQQNv62~{}H&cCD>I3#hbBr#b$&`CNY~gxMnSX=?iwc z#6oMPLmzt|evnRc*j0n#V{5zAmPVgXtl2SOi`nemgE3uerJGzGv|&#>A&`0I;L6QBSZhLN;3w zV{9n0U4eM8(L=;ACB<#Rj4x)M4O%p_Zd0`7KrMZKz77Ci{xur)jA!3BM|*OSjK8wJRM?UX zh6ZJm-;Lt9sys3lADHavo*qmrJ_oQgZ!qC9^c9PB7V$Rwn_h1>T7zbMX2;bQn`m&@ ztS)!Rlew-{+tP@H>zf8b#Z=U0OXu>=-g*!AFJV%D8$4qXrWL!6j72Ry=rv=MB=%)s zepzfr752}M3uYy&v8BoXa3vv&Af-{ipOXdOiOH_2>OBtpIrFTr!q_C&fy67gYw%vC7n z9G5JtPrUp3!Rg+BDBd_!LGpr~u`8&PyVWvpvYNErm%VfBlb`LLy0+m=xvrj?Mm=}} zXCTAg`#0!^cOnXL&r?|rw2C?+J{1H5`7@<`d>NC;C{S?mTB$l*Ek{p{$XyGS_eAx3 zZt)-XAN6be-Pyvvq=NqB*9f7I;7aQ3mVGW8pD3IqJdF+oodokiO!newbhYPQx4BNt zR97;=#VyHE#JS-#?>HaSV}LxCb$0hmyf^Dbp;oYbWg=g^ZMf^Qb@|~!Hk}&WTxjeo z6hkw)Y_qqCr8RkzA;0W31>6h%h^Nx(8yxorHYdB*=G_thF1s(DOTpYii;Hgqqx-MH zQ+}aK33!}ApLW~_^rwTN?NQ}Bqz_tEf~T1OwUk*? zv6Xx-yX5R)2hR&<&$_xUsrt3XJvwm|u$Opu3RKfupo%^^s}7!MSue0pow!9}M8d zm8WLH?C!7TdS%;&F-ypD&^NbkaBf{XJ9edb=kmch7|jfCE8KjYDE@TuTSiY|>dwiD zJEse@Crt3|QoP5Dy5e`Dl{WZ<5M$&N3z7|04Kl8<_7Fe?LR@%sGQ=aC=sg(RtMyI^ zxzt{}d&-sddYmj4V@{9O4?XXPDahfNHQyVB48DD&3LcKg0NRv8bNTUrVEsP zD#oWH1^ibm9WEU$JyO!xWK#_p<9`xv?nS#_kYxi%)dtt%hq%F1gt%u<-@LfhF`i>S^T`ZXu8JDTS1CyWL{7*{o9r zcvf|iv1U|^lSZx4<8n@k5=59HOya2XxM5^j4K0(TY1z=#*CaYc9$tjH18EPCTG+GP zGM~d>v2}n}%fV^^mqgrzW^5hl--fKMdmHcHvE%*hgZJ*(aqq(C_IzYv;UjxK2WK?n z{cX(RyP%^_KQ4^%>{%<~6>)DO5;5z>c)T%yHw>~b@C8YuGe^u3on~b}n>HI`M`Q8P z;jRZ-5`qZM;#A zZQIrgF8(7}`uxZJMcGZ>sLPxl_lMSfiJ<5(ZaP2z8MazRxJpUH1ssm3>XW6KG>N?O zTO_@dvk1PiNyPeZLEavTeL6-1+0<<0(|*0+vruyzUAwVOXDfn-X$}yJMAp-wECL?z ziLY*RqxNm(!rc26S0*J}|HReR-R%hu_E+uypEXymxDRdFX^nfFX1Apq`T-jJc>Rt3 zUVzE8T9M%BNYnKbQQAI}=7SD{NF9X>fD|7sdVzp9Y$mInv;uV4 zwzn)1ljl~e)7Fw6UTz0+j^MIr=+9BxJ~)Pnfjb>RR80W>8-n=d9L@f<-5TY{k@qaV z_r2L@y2sdVa&vh5GYgA9+Wx_IUli`^M$Z}OYMYgUFBl1hb#WJ$n`1YIMbElF zIeMg$o|@j4NKa2s#Fe{lyS8j`8?)mnBx&!~ne*MbaZYCs@M8V}`!Xv$N}U{eP90Az zL76#!h9u;P`-tBRFB7yOQA)+_vf#<7w^4s`Dop20c%)GXXgk@V^@&wURX%)OL zR0)78wwDmFuG~sMkmlos-k4=C`rw(+%|pM}8#1`edn=n_(UQ~IV-5GTD(uO{4Uwc< zZ_s9Xzy5qJhxniQ+@~xyRCJ@+$N9f$_x6YYy{%CVjsm-X`uXrHXfLK%q*gelnO2+c zMXe53+$FlAjwnOKMk9now`h}0_j6tJ#pigR4;*p?7WQrYkjIHPPD@~covU?>P7{+o z#XSR7d9b5qbnl7u_f@2u_kCyI;vI$cJ>ib7QQo&OpJsPKfyLg(Sxvn@+(P*&%aqaU zRQqo_u)zh7OK+A;lAX7dYdbK}U4V28RLpP>0?wdzyT;ULyQ9ZJwZ8}JH1e2cpHy3W zfM+z^kMTq3n2;#&aNVZF?}Nh@rj-;y-%ZIS&PQ*FiUimz3VI1mjyg)F5OGDZO3tV& zBIuJTwOh)#>66aZJ%FiK%(hlU_SgLInIp1`Sx8Bac4%2!8rQl{IN- zbU}6^SRP5GM#@M&Al-+0mHblt7VPngkXO9v8IN(Vy&9Sky5i%0ljTDNK0b;+(PqZ~ zWMJ_TscA|;`lO_aR6D59>_8^B(DGojNWa+os?TF4MDJJ+St>vr}xcdkt(t?_`x@34n##o=glQ)zVDw$ah8 zTS4C##{6UOPewo{-qV5;QYD8z;?8MTM&$vgZ6bkmIs1?M*^dsgI?e2z>FVZsihwt|o$Z|0tf;~ElYEMkRw4b^bo-570 z1RTN+Ht&jsT)DMDi5xc@$QV=Gg|L>C87dYB(h@!Q$nK&q+>;B;dr~@!-um1J`C%E9JNB^`p7x3ICf*uzeY^s>Pri`-x78i-pg@<646XU>;+K)(X= zX(3&h`?M4nHI1q!N0G3!SC@^MrY+pHi*B~RAXI=?BFEM>(5zV3;E zoA>;kD6Q~d?H2!MdAI=;m3;R*;R|>YzJQX@t%TwmTtWqyyi=xfayDXdduJV=Hr`*D z)$x!Dx7x54!2e=L(+J+kmIdXJ|`V9wcHf!ZF`f?K$X2fZ3Js;W!Ay z?J@g}x82oKx62l5-cv6Atg&-#+W#f-@!Hy)qy{TRyTu0PsXUnDmTs7cTXo^5y)WPPG6><2BmfALlkFBpA_`a}%Ee zolt1IiXElWxYNs!NDZC2$KQ70gUT=UUA87sZAN-48QXg-iDE6-Jb2LTe&=wv!D9}O z_KODsJzIMRuJ9FiU3FP9HhIP6nST(U9Akgm-NnSehFO9=zU`kol60gAr3@J;Y7;yx0rc#? zUQ)4n`XqOQ0&be50JAnWhtrm1btHG|{v?q8+_|`CcYZjOj&2{=vtRBRig=4jpD9q- z5s~&9oOaW$+4}lQ*kX{pVb?~FeU}v4JzE|E5WUgukGUODKj1g1-_36b#~XEJH!GG1 zq3%Uwq(~B{pM=##aVmNyr;JjzVMF+4a@xM`nYe`B)4haqk4ROyoHWEHfX+Odv}hE3 z>#PB464E>9hvQH19yV%@yBe!Nmh}qLtTT1)Em)a5%4hFm*8F7B6S{0f6%ok9GBjJ;|`6Iv23-vqXH^-e{(t@R{^BJDPm@4Co7ctr+PdiJwzdHYb;&E(Ja+5hRx7}*hB({4#9i1iA=#GQ0M2A?3;QkTFYhy@5 z_$~QE=p;bi7~~x?idAPZnXc?xj+Cvru^?Gep-?sBo87W?))KB|{{KKI5DfWkAr!AI=ykXNt_R5WM4RDHFDlfV@@xN^Ux5c6o<`yC%Gf5IR!~P zRZ1pTBA8sJFqMqSUGaP?t4|vfdW|p}G;sY8c#0%Ds5>(z^3thur{Fr9gToTtbsaF`iuM!jR4LRxXz>|>J72sn6q%PQ)f zEerYPpH)?d(=VJuju%pr+p*$Cop%6op3KFJyKK9zXU0E1BcF-oBph3%pl%RR?MEIoow&%JmK zDQ4uLbFWBYYI_m6hmQ0W?0RHuaZ-JF-@ZV7TeG;%74md>`io!tTD%DBB<6G`C(FgL zTCkJJWH;PkG*nWtg(rIR8iUz*ox?#S!nlK2XO%8PN^&0gOKu0UwRB?+eCBX6=NV)j zy3EE|`~5nhB@&%Zse_$+Ztg{to~XVPjF+h7LH`LpwrtPf_NP$0iw zP`&+2h7t%u{fhaq*ir1r^mw^%L(zF_Jex_>b0G#$Rk1SSDs5EzoP2okwr#^}wz3b) zQKQRb^;@bVrp3Rab|-vn1<1Hpxz5?GM6_t|C~T3Z9ENF2GBo8+1Pswxm&I=QESYwr zZLaBP$t70jzLL7)WJ@1h-wpBxTAlEV~l4tNVu|R z;q)Chnv&|lO@RjW)aEe`__$bGDY~FZOWVtc(~kuP$IH$eZe26gjrJ_AcpzEu8FbEM z)Z{VhZAtM!5i!+A9!!kx=x6sXzOT@qbi|rlD$VI;SfjatGW{6xGX=2RZIJJWR9^uO zGB^R=paTuQfwS~XSq+q>!Lu8>Fem9T<1=tHI>(UjA9Xu~h{hFjqk&~K=9VH6$*ln* zqYE)iuH2JMghPZp!>Y%$jr1%%cka14lqSqXHobLg zF*jQBTZ{`vV=;T{D@e3M|57}l|12!{FDX_ZkIlMxEELmz!s+5LK&O-iIB5;s*`p^S z=;yJZdh*=r=t0AOjmd~j3-r5Ir{wWEj4qv9)M^Bu$>c*;p6J%Oj1I3ya#|%nTFQG` zUJ;G?#Fj(R-J%n9#+I2XMP8c2AxJ*+71lmQ2-JUVl5x6$0eHaze8vdOP#Fd`DSi^{ zt3$QxkA*5;W?sD3SC{7>*zpVGS$cPD+g+Z{Eo>~$_wRmye9`MM_b1TXJ0N^dwLSs2 zr{;(0DYk*S79J?$EPMy1Jqgpx>3Yn{9<#6$zEi$4KFtaLDgPP2=7e-gIwNV0I!`!H zInOw?&*<1QTE>F{r%Y!|sDttOC8x{i)oXNGAz(I{%mD$J)OxSc<&^wBi`5wn1bJK0%@)1Uv>lyXVE=%L2w58G=EOT4S}Z-Qz7TrEUg1#%?j>U&3}h5Nbg08= zlwf~huY{-mFdO~J;(e}ycl2GZq~q&sjvcZ$lN0sI!sh5`d?Hlwa6fnmvgz-+UvNrA zkuG4BlQX7yU=Zc)*|1I@&PC$mKH=7^$&Nx1lg5ZRD9UCGI0MPB-~;Yx=x}&aH+PgP zleS7O%3$|QzTletz z=CLxn%2}?Kq=n7)u13RajFkt|3p-49$*|WEK!iTa&jYeAUdJ5L!U07}(gse-I7kz8 zn)1MIKUP~#Fi}?UnM`lXGKXac6ueB}n@;_E-y9*rM4mZdVNu_$)hd zc1jL-i3drLI=+izAtL-qDGH=@cGMA^C-CuN;;0z%v)!r5P3wkwFOB9x*NqQcxh^$1 z@2OTY7WT2l|FGpyHpgP!y`@?}+G9`pYvc8?E1lk+TFE}MAeE|RC-}GlTlI(FAv=t|L^YYKr$TnU)oM4Gq9(VL!Mc$B^G(>bd8+MlVM#Wi9wwK20a1fTRW4 zL*Kz%$Vc678v@X*3uFXVR~2axb8zCb@4WN&a9=fT3I;dU)(wV-cW*SBwANZ@bF&gy#s52lL%bT+c z3sPR%h&fQtf*-&ZEs_3WQL|&6Gu*}Kv^ZNr1$uc(o{E{NaReEsGA!+IIWz(N_?l=f z!5nC7V9xn+K3yEGVE5_B+3*~ELpXCr=jQ6_oRHb^!nrfAL5!;jogLTllH~3ZbI9#j zX`cH0D2@C}(> z8h1!D>o*&mE+iYgsHURw)DBt?B;$}nz~F>vy;MyobbjTL3*N;OF=%9e`-B{_tL=Q%KxEa-5hB0(xb-T=#o6)5K_P5Jp(6-Dd zNo+Zlc8eN^U5{b|l%btEcZPfhU^LX*&%yb4251v_rK(9yS^~twD87jwUhwnP&wS?4 zG5kC9nSY*|XQ{=P=cncuUtr~V8uw=q1Kdjf8U$DgzsGg{x1w275+s}~Rdj*5UrE(^ zo4$A==@$|bZ~<`mfIU_#lewM@GydA{w4~)I3|H7(4uE0 zg8t2^X=9_Wr`~-cek>vSj|GjD<5o@P_>wsW5&zuF-yzYCJP_1XU>i}?>?d=lP}YME z3(`wy8m8K4h@z=6tR{p!rmBkkI^#yK8UkqYE^jQ1SWm{?=MPrAMWy0DV~xdP)&t*i zMS?-;s;3w4*6FKpgEQtgY9C8pwmtK1*0}23t%$}T?$PPvo9_I>;!W>*cVli#YyZN+ z$lSTt*ljngzr2sEz)_`iU592S@sTB(eN2ggW=?-Ijt(2Xpr$Fo`yXmF8&b)YLAWtBt)@k2j1AwhCJ6UP_apMLq&c8pO*c9j zUp_7U9E96{u7qkzJkEWWjz&V_0U^mn{U*Y}Rr+5fTsR!E?EAVS==a-qt|naKB80O= zTiYhna~o@utxGaYwn7 z4nIBJ?7z?dm|yR2)O#Q4c_el$VfG#i=pD>1B#&Dx<>MMiJqnMJ5yEMSHWK?^eC{WZ zexTm|*GR8ZjZzeY?*}PijQ~rtlbPD%?`yhOQB$`Ra%noVZ9X){>!I;Y_DCrjjL!aV z>uO^Dx!q~fYAk*a%!a!-HSKoWy|?x5P%_T%xfh>bMavnvdrd4<%ldRI?EW{EoRE>O zw%)FTw3${0CM>%w&s$!xXf4yo-1oHXUOhqsvaY5(tb0SJ)sd_Hl=h5PtDR=r?H>KO z+hi31jZVpwAOzT{dJcZ9{okcDe#nrBb)TZ^rpRu%2(Gy>^)|6BYR5Pqmv+sz7+vjYzOD{y#E?}BNSk!VEoum(@*&SF%0 zT}`WKC;7N^7#A&b*y3ujba>`O;tb@^1A5cA=YG3cBkH!(P-)R{V5uE}Q3wbWKX_8% zPo=i;4Con0rbozEL{%-aQ1NNvrD_`y{3}vK}?YH?zs89$+@-(GS zYIT(!_RYoh{o`G3qfUH1p2@`JOorsU2K7sqp(pQ?@SR3+27f}a1!iOyY&IqULXV=~ zC%xeokAm+2Qi1*$D$u2tsd97ap3?KBS4!HF5(u|S83lJ`=%dUrAtj}h)MRQtrAwU= z-VnrH!p&IRa^~R@-B3CnGk9mh4+wynkXoAK_WO-+mX4k)kzWX)?bNZ8w2xBhSrVZo zym$c+q#%a>?Z}{MmrKS(|36)v7C#x>RCHW!i)c%COv5)Eey`6qyZNfwq)YbOW^I|V=HSjN zt{Pdq1Bp~0Wk9TJ>D|dFv1<3mYJkyNy7*dtOt2vXtRy_B_~n^+mSy20@kU!d1?rUV zKC;w_DJNaQme;Dlc|fTQ6VO304S%Sm&PC5Z(2wdT&{E~Tnn6L1%)|D_?4rG#nkhVB zcOH-250AIe%BQL4^K55~(B31{jCWq$e{O&2g;EKRi1}hANfu!vu9)=O^7b+n$`@bL z3rX@83)`j*?PD)Itaah@N;0PaD<`KQzU8A=K6=$PBj=eopFf;`1jiYX$pw<+`{If} z+Cmn!vlYLO5Y!a6FWQQjlwh=Fx=%4rn&;6{klru&!!5Ii?uISlY`X{P&Q zzToln{ZWfYZ`Mo4H5~tVnNsSphh#O-iIb@`w~Hu6PNS8nE|eJn^)L0dTfr6DT*)^R zj#-n0{vvVR>|1OI%8>COlCbzcSvHaP8I0oM-EXxuxQ=Lo(eX3h+ZkR3)I>sa6nHOq zk@>?~wCglPmUF1F`F9ekz>4o=fSVD} zhgs)b`pz`I^LzB2%&LCp>+OD}uj6Q(y%#_4qR=&k{XfGJI*d=RC5JctX;C z=vWkLf#(egD0oJchueBfQI~eO00IdnhK83Gt0#?r#p?_-);IT`zbpv@IT7$DKb!O; zr2#*Si?6<_#%1;_9$)G|zhm*wc>np6p?EwLip4_h=esv@K2vG;;|}crUm*xFl-8pI zeIO3%X-t&~(Ud^5crU0(ya% z{URw&zYORX1pPd3L%*i*7t}%XtYU|FtjKsM(E~KsvnTNkFhljD1ic%l2iWIl6?#!V z`AYWn?D?!FJJ2EcK%=KWbaE2hOL8*p3AN<@4#oTX?rrwg--hV0gWF_>HMN57s(>UG z_^**a!wsw7X8{(^WxA`m%YOeg80<==y0(GfOY0yktplp#JL}Nq@#-g|kEg)#`V~^6!||NUfrPxo@&7N%12>Jb7`Vj9t#}QGZ1gaJ0*d5}jAZXgXdLO#j0=D+##9JJEIRwF*Aky4 z?-Xdty;H=|Jo$$z^Eh-1F*58j9>Rro-%P099z;MXA&!dM$Rp4GE;}+=yzU(uR@*$B zL1Kw|!ifNzWf&*xR zSpl6j*sdr06u1g|h`WGqPR~k~dTYGU!@6XGJtw%DA9ej_msqCDGQTYUXIX@X#D9gJ z6%%fHA^+>Vm~FpH&-fy|oBefGOwz9=dC!g?C7DcDGXEm^KV^~k2E#k_tbS4C*AWr% zWHp@01Ir79B33zhD#v!^m;%U^e#z_8h$du|L-|FXtk)!Jj7>*>U!xg5c{cGzLVP~K zCV>TcOF}aNC!x0a3Yh=F6KKwIZ|!lR$cke6aRH#VqPK-oV#)L+02XoEk(70QT=GK` z=}G`l!#^&0C??v8V!@)u8sY=m4G5fE^#4*Km*R=>6y?>Bkqzy4#YuYMsmk_6k4Fys zD&?~GUSGLX^8Cu|1Vr7PfMs^3I~!%y`Fil+&X0fa$k^B)eE7l3*|$;yjbE z`EZ3yQuQ)ATe)7=Ia|@()X+Nw%}ndqG@)^fOo)!|RcFI$z9|ZyCmd(K`h1pW zgrv#1D~UW9+_{S!6wn)qDND{LnC!@dVtF8tIYx(#9%HL@uu}0{K62xc+}K=SvM(1j zBs>G6U4}EB3jTKPShsG+7mc1j{}fgHS?rQ_H*^#cP=uEwrg#?CZ&mo9;w>mR1M}(w zBK|1lR=YMRqm(01C}urV2=yaVsauw7vMA4(Lp4^o3!Y(eUWlXc|IYgJ_|GuW#kyvr z7K?&v?^y#CD$l{fMT2k59z`B=fKyQm&ZzVowMOUQ(rI?f1Am>;?|8Dtxn5sR-SzH z)|*_`Ymw9yN_pI7^KJWXI}rTN;E36{adNXp1h0?{bcWkNMdB;iU}=@FSRtMF%9AWq zSmG<9-Ba8K8YjMDyHvgs1Nm~oIw__rbSJ*Ef=~a2eaT!vgH>J8V6*iE9eL2=Ey4!e%Jw62CeBs3BmtbMg{hbD{k z-l#ySo~IGG=~P(!m@7@~JWn2lrYd4pJwgnJGPL;S&@3ftk(F;3*$#U>QY(i2J9kl0 zNW6O_Y7SW>qtEe`3rj9Op)+N|ezYO{)csUzvGW~c<)AU5$J-5oH-U!uXbfY#SRBnE)Q;iWaMfvat+cVSV z)?U^}l^LnEJDdHR2fF^HQvzko}1V305Gx5x)P(2mK>D?^E7w=W*T zf3#O_s8$Xds}}~RNJPU42c*5{UgMa7 zRb(Py|GX)*^42k_|3WnC_l!ef0WgQv^SxV%5m3m{kS65Ew0)R#O;+TivL+!j+1br~ zb9K!5VN|3a10hvXP}$811TR64HYwuAlV*@Ye{oX4c1HmUyppGR9ui4&ynGWi-a63q zW@@aCimZsuT|kYu3N8^X)LhUfp`%k==^e@?wytA{2h|Xk?4eLnx4(x@ETRW_E~K7X zjvdXhiQKN-%{fi(efsX$aYTrYBSIwEAGk<_i1=WR0u7Yni?Af-{lXka2>JbkLhSbr z2mQW*AZ{~XaApbjK|A6;Mi$Jb`I)usx4YoX!o6G<5<|s2KeN=+4LT&w!B@l^K+Ri~ za5Xdv02&2h%Fy(w=$Yu*s3w}COgNEO^ia8pH2pB**bl>>Z?H}uMT!f#EPSZ)GAF}k zKra}q2BSqZ8okHc6`*Ri0ncikLwFlOH=f^5kAzQ#blg4)Wkd5paJwVsp$I`bvP&zy zVZ-#*S5ME2M#*k>7}(XOXpjeL)nA}dC9j;N=vaB4%U8-+*3a|9S`j^{&+<%7g=M@Z-O!TRD ztNnQ3b4Feg`R$uj>6?L(=%nm7N;_7%SxEsNGPlmRAdf8no_oA(-pk_Ns&^DVj{%s4 zn*OA~{F>B2G8IillbZg>KyRbJ>pd22f9bH4YOzt+7u`|DqTP~K=xg5Fu>?=IO$wCq z65S{@rfq0&T|`Zb^)Fe0(0S*e^L6YE9ENLPvePk0)ktmQ550tO61ERb_yJYZBT&j` zJ?I9WaJuA>!|KiEivC}jCA-adr_pAUf?m7L=d;$ z+pu@-;SYS|QugAK@%Kd+{<&SQ69d)Fd|z?9kFSwx_k9|B#i1Z%E1HJMBhQ_vSj)DZ zw`7alw`7Yeih?>qJ{NV2Blx>%`abda z`PcA$p)YAfYH4MQ1rUqS7@`xRflgD*4BxNXy^rH})cGI(_qI*O8Z~Z{^>s|%l{Q(| z(%--#qsk#s$f&W7=n@^&?|yXYyXjugK{Sl0v5vkr9fmR5Z)<4Wz<60PZkpsjC^olE zFi(oiHNlvDY24g5CDOQCL>H09tI`(@iS2`PcS{j5Y;`a#({|TJcib$J^jYNp_Qr!9$htx z!J|NJ-ckP!(O&&KOSDJHrW&Jb8>bk%`u#L^_50hjXDp${=u}-CDWKA>f zi`h$iyDwdn?&?Bo$vy9BSu$RevpVEVH*;eHH&}xCXm_u}ezn`<@7dDmnv6tt_ix%e z5@MPgP=3UO&6wX;xji`Zq>19-6yqiYF`jSzb2C%?G5`bVLx@{hKs3nA=j2Viaz~ppJ)k|ljZcDQZ|(HBGDOZ zNq&iM@bj&NR~^3uMO>Lx(!;V6+HvHzPvU9#B)kG4w3HsPpFm>6)L|r?N5eqn(oD&$ z#zYng-Rlbm?)B5 zic;@}qU&I+=tPb=cRYyKct5K%QGV&-zyF_ggMdQ%Q}KA)<$yJ*K)?G2c+Mk~m5^mh zKywVy=yOfUo*HmUyl$iEercAVCNLb(oJ?}^LtmIIfLwt}=DIZ_lU3J2gC`wHTr%G zB>4gKpQmc_(K0K~x;!TFuHnXAk`?ZOXAw^Z9@!ifKGKjt7`Ve;1dU##vg`~z9>fTC zI5#*%jJ}N{NA*yBO%3-Fsu2!nHtSw?8W`9uJ}Fv?*gdGc%&oD_4DHRuazh30S^d`cnJqtXFP;wM z>)}K*=VcmZF{Q}Hu?2wR~dtQB_fSdh|(M85u+d9d<&)p(ehhifpu zUR{bA%et-^jecERbcj{|C?SB1)Kwf*%%3RnEXCPDif1WOtS%Gcl}nxywEpGE{oF~? zC92hh(8hTcZLVW2v_T+#d+i-VRbR-C4h!$p=`<{wNJN=NuYIS~a3r`_ z)q!>-qFU-m9<^qjyVBI#R1N$8#FHBRT?S*StG`zsoUYfW2jlhruB78Gy*3%I)cf=K zW)FL^(FjczQ=75_tzh`tf$ph+cw%s}I&f_`*c#Zpu{arOG!{QM+87ue9cYYVZ+5jY zcHq%`8b!8ePa+LENECr9T-f692?h!IQb{2u#l%2N7Zrr4E*8)w{Rvr&wc?_#eSL{`WeEFfskNpVWM+G6sLWygLazGa z^S+)no65X!Y~5|wU0t26j#YeG<7GN=(6zC&>m7HGFF-iLKHJG_$YR2_r=i53rJ6@x z)s8)|)#^6LIy4WD3v$F4kC~}?fmg3Xex-EW3V0xO$m*D>M38$AURoY8tXkUOe7ubn z1O5wp@5o5tCx2wAdYv|}iTq^r@36;4X#vkj)Y*G=N$P}Wd!$LpocTMm+Rr(O{n;yqss3j%%RITUS}F8>+3@b zH4d4G?Ly;9wIk7Ji1bW239{ixd`$35*wYz}B*77oNgAUq1u?@I^1_0mjD@rti6*p) zl&;K6Tj#iQlu#*nD&w;_9ZI?m!>W|&>&+po+e{JaHIIkjSiFx5FN z&B$p5#lz*{%;3x|Kw}uvpj}qgFnDVwpxD)1D*qmgDUtR3A2~#SHGYs4}qfh0`(U=B~}InJixW4#pOr-!hz8?{`MmWea9s zG6j8Kt9l>{H{}){wEQPcmKyOjee1ry@=%l6GT-b)8%SN?WIxb6uvF-SiSU6?n;$DsV;5PtY5bT|seho@K#*F-LbJ*8(4A=p`~P z@G{Z9k3XYE3eT@n8$P;L_W96Mujk~h^3COY%CDEtmvsux%MtSiAv7O446o+M&4X;P zfA}{tlTS`&=dTYeWof3RWx2GJpM?EJ)C+bB?>ru zMBRAQ}U^EG27@}HC6s(L=UBlKW$lqV{pksuM+}mI8a#Ywe z6;{yF!XAn@@7}A*95mH)w@Gf}^RK@8)(bLd4f`b{P+{yjYsh0W zTJUNok7-}HCVz>Y$79+;m&}deHCPS`5|R;*HN3zE=CZggx089Ef4OXjso%Y1124&K zA(`hkuzKg}^({ftJ@7QziTsy0t74|@OAF2TGMACO9qR6?)@UcPYz<3Ydj$dC2P;U5 zdM3p#y5UxAHNL3oince_+b`$^nFnvPjDZ!22XDP*k#+*5ntO2JI(>F&oyrxyPD|TH zT_{XsCNZzRxu`|ZJJ}3EFmd{th8u$T^on480k$ZseCJRfSO54c7Qa$q`d@?)P zKS5{o3-BnB4t*BrNK#8aHg6|eOJmPx^;1kE;8{nW0R;_-Co$_5pmuG7_H=>IbICV+9B<+<=#X3jZt&TMD)ea`IC zj7BrkXqRk_ZCRGbi#98Y7saxj*h!qmjQBWOco^r#u1F`)pL&zL>@8YuV z?A_UivX*Q&(d`PQ<8t>TB<-%K-X)yqbn7lpXQ#)dyRG)XTvCfjZ70YMgcsMGHX#aF zq#3>wDRE4m8bUER#an!+mY-=x@!?*XG`H-J-|9Erp3SHQ?S|ye-rD+{^R1pzwYF>E zo>$ioSjFWJt2@Jkr56G)YbaWfdQ4-h zQfn6DQYdVB!%*q_Q!mhj?8Z5F^AUo z#@a2qBxuvS(YS{MA3NVqU=eb2$k>9X>|gCj_cu#&)3P22m_9V!4|@Jr-n=hAkn^~W zPLyjc#-s7hq}!7nD0tciBM~dw1-g7z=WlB+&015OR-dZb^BeZ`_E5dn-}-;3XV>lQ z>D@Dyx6jQ?fm|=>UH*vxUYlUPJMsy<2vCp65YG8`VRNRi21DE~tU=Ed&C+NlqAbeD zWNvRx$eoG|4^oQdu8xPir$IqKoPI2+6(941nha|oV+~k61RVlGO|+(OdVg4gR#c-I zJV3GJswD}?lue)^uT{&1quUMkDly|JEG3TM1(CtZXnN=K+<&0+(-&{U4(Fi6dIBzHcFG6;r+p8o9W|bNY z?%*I;pdr)D1;lm(El4e9fs_U7Oa|b=f|pn^z^4)frHcI5+1TCaIlJT=$mchwPb9YY z^j+&S?AcDMGGbAz-UlC~9<)1bpSWZBKOcGUhpMoB)4dy>*OR~Y75%eNaZJbkF?ywc z1v;)mRo7nl^l;!UU%31a^#Q!_MfLWW*oJnFb;Nq=sCuu0IHM~!ZnIWnZBd`agQ6hO z;&F#c4X0>%UnkXsQlMoZp5Ri6IyEtF;HKjMa1Npz1pX?B zgb^XK2@xy@-aNym-(ywd z{iuu=EYrcO^8e$;ZSR^b3H+8|LvdO6+nm9NVaFhiehuiQc{cu=1T2iIGV8TbRcW>di5WpR>3T9r9Lvr|nX ziRPt?jME1Ci12*Cv*8$`8WC4;6TnyFzq$NdQ&UUteecit$o`-IeE(AALaj#j~@I=lTV!N58^Q# zht9oKie>tipUr4lu$(55=-u$UcHQVfHA~ zgGvTP3Wa2v+P2UFII;a?p(bD$i4F$AO^}PMY;LE8XcJy7S6$JJH#*Rn2zG7l?VOBz z^@(yNg=DWcI#fvnYBMALa6S=sIt;%S?ssJR%Z0X%SVk|F+7>`e=yBL3#cy=w620v~ zr{j8SFzC>9r$e#@Qng&Xn)do5E~_Z)kuCmIvDoI^Bdf^FvpuI+5Am#|xHa{(m7;aw zq&0y$1S^{Brc;iLkxtB|)Nn|0s0}wYI5d4Bj%z{ zI|nw5g;PD1N-PoA0$p0Fr(CQIX6;wPJFboMi*5FDDJ5MiTSB=~F4T(furU%w@SDQB zP+yy>yVY^Pu%>x$*5f!75CP_)qh+2fA~;JSw%*66F`1HBog_gNmDi8=WWxE7y+7|O z7Si^%j{Vi%slHfyhc6q~zc#eV?+S;)dV50B?9%>VFkW4o?wF0(BSs-)t`}Ls&q8)` zT(0i5&vIa$C~!CP-n_>(AJX199CG4lJZnv^P7DZ18*K- z7P<%G2d=mKB2F67Es^$AL{r@;wF-v(`hKhK(i&rtLOfuz2O@@_#zfetUxL^57;c#o zvRZdM!`UzY!;{2W^@Ypl>uU+sTF0X@?r$4kggg%oj5$<9u55O7kirfV=M(&S8()gs z6Sj~oVUL$WlC`Jd7Bej#IUF{IXMmMOkpnvP-7vh7o`MO|?7-73ODHgch80^2`a8$s zSESN_Y(?Iq&@xFR*$+g*+8OB0_O)wMllgTsoq8!dT3-G?>(^^xyC)shtL>hAyWJac zY9aMY16#^oo9#oB{0YexuMEXI#(cr;?d_8QvaIyiqaLq<@L{ZrS)2QP=(7-{yU75L zRiX0Mr>I{OqkK=$E7q&lR>$3Tg#ZlPf9P^gA%QjYmbhb#bGcoD%WLR7uj`;P%_Pw9 z+CJt|lOQy9Nl6skDQUOOam*{lFP)o+Y>l9h-ae(R(5c2sF0;pYY%QF+%?w zUbB68Wc$cUY?N`8{vMN)zRREFe+HY>g$PIx?S8sdXBea_HV;}11UMcAbk0yX=pD0$ z6q&QtVUSJOgF%aT!YVj?6Bb3_pJt&0MDYmT5$mUq+0QfA<5+`~HmN*#fHm zCty2gao)?wHuZD2*BhO)A!8+dFzCr9`jdSrLm9BCT}rpC%Y(Vxz+eqX)q%eGl$?CJ zU%xfm-E9qx0;fJ7l~q;w%p?Ug={}~c3m#|L96&?{Wd^E|)}_MGI?v(cnjO?k8-((c z8Tk#jasdWce}CH4GH54XV686t1NqUZV$2uV6zCfi_^-wSMs9sj_wU4d=;5)zn&EQ> z(lNnw&>@}|9L~_k1T;bU5k)Y?je&aP<~c2_T?JixljgNpwgkuHx81Ry*JD|aui)M? z<1w@~v_?GojQ$&Xx*UeDHB?XdeW5Wi%E!a@7)SQlG12FWG=e=@Fv`74$ucudH4QUs=5rzA{8s7B6Bu(rxas zXgDGl$gzNLQNG!4={ zt7}yGhhkkD3e}l>KD;TOO#kIy{v|&+IqB*&jB?oko$cVZiZA57-WkqyKR!Em@JqA& zBiUjxn=2ME&*}U&hGd)*OhKWVA(hHhdY|&`OOxQuTyFd-iaAE zeN%@S6XX9D{`{NvU3;S&&Dk}FH?6hzpdh?6a_x;LBprpY1~nKkPz{?Q+K`{jXuUr*yCkZ_s~J(4i%;q%ot4sGdLP{uuT+K`19#3fZmB=JzFgV z*}z-G(`?uvoj2q8$i(7OOUC-Addm9^yU*wGs-cii8eQ+N1UlB011FHGP1}{2v)l>7 z?|Rm$Ew7Jfq(k5diTWl`L)+v}YuML`*zeN2mu zi_)TYw{}{40)!uhw0kVz_2qTN>zW8;GMrs$(SA2iHRkamOhsH!-Ix$lvtBb50i<09 z#}&Na?5bKTGUjhaul}zKw{+CpnRLQ_Pp~HwTbh{A+uI9!%UJ|Qt0m#sf$RIO4n{^d zZcL6G8GQBCgM7#$ivnoBMX-LG_Ve@n%NToaJsMRs`!s0bV=nDhkE#Y7Tm{^=vjMbv zBa_ACx@Ml8X+hI*>_jXVw<4WNHaHMKQp_UAf8K6n3@ths|C2viTC=9>mW^tmqv+&! zgLx5l`JUN7{nOb$_XK$KOQCy@<;0*H!iYY6?ipW?C_m%m2zz@IPO*AEXjS1KH&e3&o1s@58`#lD7X+=kg5AZ9e{w%lkTC z`)TL?^3{hU{gK!}@bK09+uUa|uy+ga>+Y)ui>%bCKr;}h2FO|Y!%ZV7DEvSa-_BQNhtHRN5 zcZ1*(4S~oyeF;s#FllmIf`jOp^b!<b<9C5le9vYG()JnYIBvW_3~@7B`oC2wk|7=F)D zf3;F{CE`<=qZ{gN=iH@oQ9roFRqE~yDe>}1?!Z3D=1}%IT>E+}IA=EqF8%@3QFu8t zt&t_a!|8KiOdmrD%D27+8AAdE0>yAeejIf=Q_KqgRkF7b*d-LF04T)=OB?M;2} zK7`-G=iXmBx&goOlYf9N@K*tojLHkxFr|9Ha_gye}zkc^S<0d z{kFb(ya4)oDHVzl{f40N?-RbqX&76STU*aXo`~{CqI?yOOw8W!aE%wFmnC5e;PzNJ z;%fLG5F54!Xun^7iE$e=X(1LC&S8mH*A}C_kM^ToGudPag;9p; z^Z>*J8tz!Q;eEi-kRK4ZKW`@JNj;gQ4VW4>H@GU{xw=UG?BT(8eW5kI*IO?{&&P@% zc=%0}3vA8bIF9~$%H4Q8@ND36Knz$KYK(hAcm+`Wn70vrKyEl5;KeHg0{;e#(-ql} zSIvI)g7de%Yv9IXsSvSigi;ui$*v*%zaJ=m?D@A2X=QCVCI@k@@eB%@&OAj|1M8ob zPNXJ6347yl&$FJFJ(p3)h7CzXBjNZ{Zx9I-vXM~G0Nvj%fj0~UxbHATlT+a@-ZIAJ zZ*|Pgmrn_s-Zad^J?qx>9K-qv+!4XS-v`-=I@ zw3c(I-gpwa;Ot8;g4v5C=cRKC_|1&PcTSh`_x;yNQDOhv=RTp29uOYmZvb9U180?MDr z@3|&_N_c6ouWyi;VOIYfm^`h#WVxRc1^P)weL?DuK?#3tVh3A5K@l$ODgKY3i_G)B zp;RskZi(~ z-r-abbpzkqIt?onB}COA{KcC#moYN1v+>69ZK-$L8x;>vxsgc^NgtrxP@NI3K}{%P z;pqLY#u@*4FtmI@Y%m&X+ndKp!z6B`cM?Qe;Ah`5Okz@b%P<*X${W`(&fQpVcp4yh zJ8kDD?R)JfL5-E1jO~pHu~33*aMTs7E=@^`VBk3;S#fIae=z=NT!=@)|Har}JWI$n z5F1jqm>^z^HQ=45V4kJ7PNK<1@|JnDNJo%&H?jZ3QN*zS#20SjrO@($>I-;QTVUes z&G&Y!y!XBAy(U8Z7wC&>;Qaz0LOp`Lnb?O7jJm`h!S>7`-!mAdxKoH8L3&hG-Ua?Rt7h^0CV{~l6ojgV^$Ln1DRRI zCi)G=1$q#*@^_3Alz-o+lgaXyzJ#X$O3bKLwket1V5b&xEKLCwb)OXO+FY$PdSc?W ze7-VJvIxsRL!$~z5Nkw8vR7Gc=W}=^qi$@dxkkfwRS~d88bgZFxg;C|^;b@FwR*&1 zWP^e6@VJ->%?E=D=hPdDn2fd39}MD65a^d)r(T`_y&~gb<~kCr#+}j{WDTyw|M|A} zevq;osou6II*F_+hP#VN>6_=2Z4+jK!|}(zM+ps9givm+fxrsh~a1M_J1AOiO( zDkktftD9h4sHhfbeJ|4f;(N@~++UzJ1W18_LJGl(&9$~Rm;DUI9iC?Y1`yTI%@*(t zyn_8EM!A`Kjq!c9ojQY+DI2!?D$!BuEa>u1M2}$S?~CXi@e@e&*lvvq5m0JmPMFlF zl-*|Cut4;@Z~^VVusmkgwwcn?5&y#45GD@zaEgs}2MYd`m?Hm5v^V{(q_Dz~5zzePD1<9^i2KY`BoSvVb zzWQzE#TS;(3x|L7qt&w^`6Pe(>zEH!0UF$xi9n7zB0wI%ksZa z+n4(-qN_Z+;VH-(q-8ZP0IS8kQUe%|GG2ftJsipAO3k3~Jbn^2gG~1jnnd&JC<okX^ACB_}jRN86V{!V!$m~bCu_t}wZkc2Tz33+7I3F5g669B%6ONeB2nJQUrzf0( z-cZeMF5r`3`+~l^K!}m2<%N_GW}Zyq0-&O-g*03&e<1ML&Vk+a%!xZPd&>OY&-AUS zuPZ8u72V;lZW}ms5KV{o9bCSqv({JqGS6x>&9NQBSaTRFZ|XqEjSaC3BylC{825yY zE?kjXNYtH9&jiBa)(Kg$u+~8E4=B1_qBg}8TI?s}DnvQedxAgo+WpI)JP3hU-iLn4 z0_Q?Jiei^;WGo&fgfSKY(FQ+78{W{Mg8o3J{G3D&D?Kdqr~@!FHU;h^8cHw7*A>-p zRKc+%IzAQCKQ$>sU_zhbxfToOr=qThL;QqOu}y%J^5MvYVm5N1L1SNETex_^+*!OL zq?UQhF!#K_M*4!@sFCa!0u9}H*xP`eOob_GIwo#C>~Sf`y@RGo^Ui|C?=9tNh;?$ z15z$01;k2c7B#ziF_uimin?NzIJR2791D|HBbnwlM#y|Yu9YbdsOuWLk{qN2mQ7~;k9LdI~t}Pl6>K)ebEs`Oz)5q z&9wWA>%zj}{JP=6#DD%OJ~*;Izv;u1@y6UjXK{A>SakU!UyP1zpDlJS%r)ZEAKu93 z8pQb|u9yR+o4pE2KqAXb+aelemREtup0(T} zaYYV`s!tev3LB14vbSYQnDIqCBUW%gWq6IWp2+^A@s()={{&HaOE8?kLoT z149S4RS%cj?dkSPB;TE|4{qAe-&#T}Lb1E#1EFZVx+YoN?A3Slq{sTw;ot$Q({6Kx z47~`&NAkh+AI^vi{ho9uErh+PtaNdVr-{39E%9!O1;!~* zgsu%h4d@vs;w+I&z$F1jKfbg}kX*5@M&E)hoN5oR|N7mR9ucfV?>=^DvKtXj(yc*! z=!@+00bXd12lpKG7wWt4J;Rp@cj5bPHa;3J-GegMgTz*|`rSHqR638e9WAE=%PB#b z0qTHCDmqsbnE~Z0)AndF!hZ2zhn|O)$8ezO51V5ly9)h4@mYwaH9s3RA->PE@6mb} z`79b6GTB%wc3*YT!H9^H z;UZFq_ugL?k2505) zmfNr0RTg&mh6}Hj#{V7RBb)=f8|6;cwTMCNfd+Cn zC<}SzNst5s;m8OE>1%xuf8jRpr~XrQc}l)pen_^+@sQOvqYKpa@*%iPG3Tkru@o^q ze5>82DxT1-f>rzoLSobtsM+D1UAGiNWl*UM-OFY5UWX`&W`bhYH@N@4un2#i0SIkx=V(!<9O;_@(!2rN!Z zW`n?v1su=9fF2_ZWmN(Fz}QjK3x?!+A-Vog5TJib*`kXa&Ko`z)`D4XV#+YJ7&C$7 zfdA1)H(`UlwLjKE*^r~4FD(T-d`K%NmiW)-t8q=V@a0R7ydYY9Jv%pk8RKc5Ijjv> zj*h?*Q{6H@DepxwlXL{moPc?Yf+ATbS|FjbH50Xi3wGfaNG`(&u~YzAPW+3@L*TWT z*+(W)Z_{FH z3(Nss`Zb*a!V>(F|2D?t0S|hAJsBCV+ZJsgi}Z?PkAexEOIRB5I3J|`NfSJlAErgq zT)TiIziBdhncqSNo0)Re!QtI^zc+?dNRKxJEc;0tqPmzA}~RHeN#PQ zMdN>U@#}nNUw;|Pk;Zslz<8WEorp=Wo^|yONJ8KgXL?;Ts9bVSM3SyL2&m7iVwcKO zJDwRb;{K&+#`#dfU`xb=sA6w~!|;y0O~?n0ooyXiLkoZ_yaZ12m)_v2w0tl)Va)aB zVeau;qm_C#z9zls*th3zWUrJ@m&^R<;^OloQ{8^F)!zTDgP@k;hr5Tnm%oAGv$bv6 z#Tt+rqo4DSlWkB>!7Sz?cH5X+HsmVQhy`p72n97%6`SjBh|DOaaS|Sdtugg(VeNFF z3uts!w!G#|&0o0hw%m^LQrEvNe@}_HLdB$a^T6{r+z6tU#ft~O&a1&}bg)9>F>~v$ z!d}Tj&J%XkG0qu=AsG39nDcuYQM+c>xTt86TYf!DbD8aWscaiUM|{7n8aL!ZKYy}D_;@~v}HysZ*0t_vD+tk`d?Ik2ga+jP(ob??&xdo~}bj$|Bu z*M5uJskKkvHPyItM+-zDTuyQvE|A^yAWOkY0Jlko~`_w5@MecA35wH^ObtKE33{W#yZcw%!ryzb^5%l}(A z{EMyE4Ts{JPb{vT>j?yVcB~!U(Gv*tfHMGd^a}&cpEj|NC^eYGx!HqF+;akYm73pC$P#IR71z_t; zJqdrtPGVR!W_=Yd_GoTim&@~X1dhsR;L5_XW>l6nVlq1xnN)%>=U2tWSZoOvRzEVT ztJ-{mL-4td-P`-+T6cbZS1i@PrFh%5+3_1UCI*wszY;*jlZxmOk1bb73!7|8cyK5d zADkN)*)@{*t&i@ze^-x7lI7(OXh~0Gu#)hn%R$iVlASPi`Ty|W;$MMpTzvqS)?Cy$$P7?(*5Dso1iL znz-sw;Kl{zR<%uS^SkE^Z4`IToS!IjQB>Zv?oDmLJYU6DVhaKYYm1dI$E`$z@fP`wwoL!Pt_nc%VaS6`JJoo1o&f;Q3dXszy zGEtc43;TrP9B_OgS~WeC3&dR#-<3J`;<3LI6{p|zp@Z2y`wx_sAA0Tn`}toaH;!+J z^D53klQS9TV1nsXC+7b{%%B90t#uw^K)#!M2w1O~c7J;)8x}JOr`08DQl?!>Xp+{R z$XGkd9!M?Mu9Xs6Li3f>EE)s(B$s5Rh9LAG+jHU<9i-pQPLd(`!7bt?BHmnp`-`@! zjQkNsF=0P2rKS#m7figny*0jM3kLnlAv;QayqS@}A-R}ZOt&eA)NmrL`_jNx9a3Or zsf)bs>+b0Z#%jI&$=>_d8ArCi_{z4MbIA?s*F;j_DUStvdb)gH!xq0T`QNO3LT;z?+`mrq?kSX?=!k@uE{V6_OV*Y8%I|V5iZ+fSw-^Snm zGsYG|4#FW$TU^t3Hw(*XV5q^Ea7Ju1Tou^B=>Ywa54J`i98?1mC;D9I{_c`Q8gI+V z3Yn(Rr3IkQC_cncT{LWrxfx5LVAq#2o5PQIIw}=kc(AYR{IEUW(dj*YoKF?^w+9D? z`U0VKXQ^ta>tk(Lb_rBAuGpxW>Qs_FHdV0}t<~ z%TEm*U%IUe(?hKl$A1BHBp(H~__RylA4NP@5zY3~WC>aA!kkT2CDj7|foYNprn!Td z{4KA;O#)^c8jnm!=!GvVy>AKsfANd_#iyUfIzkRv4JEtdXV@OL&VtOXuLqxnGM|2e zKJ{?{6nngYzPZ+E7Gj_yfy01LtbcQjVvO-@SxGfZb!N zpX48Y(FJ5DBo0>!z9(Db@7OrT**Nl;`wN)649p3zUo;R4^{luXac$g8!0kxpC4+hj zd?-S-3pj$X+wlvC&li6C_;2x_Vjp*uaVxNTPV^?1IMj3EerNSuuw^7f0t(!1^-3Y` zFw#{-E6$|PgBo^*&=sSsQ`vnH_i5~gfeWrKQa;%#&al2hG0-GFj;1$l^5%jRb8L>Q zQEqcYl{UL27pe=$Z$fzit1v)sJX#i1eBg;%uk*0sQ0fFE3<1IbB`;vuW~oI#%HGWS z3i+>#xol}M+tHC-tZXRxyu}S&i}`icXr#KXz`x5nxn|8)iEnHipAatn;NzCUn%Qc3 z``R}71^=to6@s_wLu3T=muso}0FyGRDjqETXxW)oLe! z;%swPR6aqdz?X1_?JPY0bC=G+FQI$1Uwp(HasnFv!gBF08aR%#N%Mk=L zSims?8pWgh-TXuR8Q#KU!lDWWOsj24riu~bMDZW4shmlSXNnqp;5*6C9C0|&9k6f5`z(+eI*R)$-s zt46RItOv#5UCd(iQ37Q#a5NwUK0*Dca$MpQjO#Rr=zu#Lki2Rg`f5HBad_0!yo2?q zV2*cFchUH9Mp+ZR6}zMv;uuDqM8QlSn)ABXmvDzGxj?i$oXoCGExx|E_`#^5dC)Fg zOGWsK#o{fjEmhZK9h$!7tburM)@x@p(QjkTpc@uVl<0Qwe8B|QK47OM^()Y&a|JO2$DCl6iuAN=#E z6G{WQQr3M?*aoPF(e=X{MaPdSK>G8Ex_1g?&!TtE9)^UvouTr*JJQ4Pn}XTsg3g!ETmb=gb$%aX4xoPfH|mkB#t+A~#Ga3R7ogV|FT`f* z+9Dv>B0HIyH!z`foI#@)>gWN4G1{NzXGE{yn>h~)x8#?C^KLl>Vln#VzzNI*nal3Ov#l}W?cpqQW zd@e)s(~N;~C%)1=Sv-M%1vXb2XxD7o zkKVc{D2vTrPiCq(EgwN&>WqIbop$)7@VrAaJ+qboq4*k>LMy6(@@o|2_MsYtffCIS zgBed?db#$$W1YT}k->0B>NlS44G2n|ErwdMg}Xt7zdypBsG+I+keOXro{1ehydonOX%fg3`hQ z9XTYVAhfuxpHnj4=SzYncuAJ3N zXBQZL3pvGB{RHZlDb|1)ui$zZB$`TjOXJz7uhurPRr{;2Y15mVmAs7`HW;jU*X}$Z zYu&|#au=)H&9C1@c3&UHjQUmBWmhpf(BwG%48GsG>U+omPjMuPdoN_hL~VhEHPFU5 zRl%gGvF=_?UQCmBp8kz(OwSUo2lfw_fX9xNX|EHz#a@`Mr;_Bb3OVjUH~O1Ch&6gJ z9_$bSdC^>R2{j1LsP+>YQ@B@R;FRzK^EDy3DA&rhim0Ib{M3iqw)TSL#7zI98_@Rxr@4BgNkEx--_U6bbpemMCBtNd_FTb1#=WSVDd z6t*4Nvl>`5BkFY3MhFry2?A7U+Dhn_B+QDYUxo|YibSBKDs$i~B#V-iNYgjMiMj;; z2>RnqsGED1?mmvV6SJY0i?qi{#9aQD@DvbjBhc;n^0?PPx7o$a(TpXtHac!q`o}3k zv8H?8FdRdTHaRfwXtK(f<^c*?&ysFul?+t6+u||nhLQ&X!OCsaB5dmva$qzopt_jV zL?yLEZz-PjwU2g0+OjFHmYK<81ywCtP7RMI2dBHb(aVA#0{x;l2B){TSgd^~Ffi2b z4-U4+YdJsciQUNND{hB97)=KXhbH=Wu1zI}uUZ!=B1-1SwzYZ2Hmt{7&AQ)@pbo-7 zgsJO6)F?a)6Jxd-uLE!Db2;48s;s2y$WLLmc2P!z)ji>!Qyun?gyzkj(5T)ov4VOQ zc*J*S&O&PGn6@%0q_1&3Ltno+qjKjBndy!V8&vqr2MtH;DxRC3~d*ijzL`8YuVB~o=EIsmwug#ZT*PYlmGkBou8?lr# z7<1`K)#^og&AazJ?|)^_mR0uLP0QbZgRO@JZej}{*GaHm?kA4NGfxqt8#6|GD5{c+ zj@JPJz8g#!eN}z@G(@iVbohy|a2lP^1z)(_)>aPtETYk{p#sn3X>AewEU<(Y^9m?e zj0kqKf{@L~OBhkpRzkIXrzpZof(=493f(dZG1_8VdpVXx?=#S0pc8z^>2mV609~H} zO;Eiy_GcQx*jg}S789Z~4F9fZ=V;EUIb04kzrGq>o(i@Pq+~07Z_f-DSq;3{ihn@v zGMN8n6D8S3yugK7gR66ki0xXqzCd|a?X6~g$)qn^wOEVuE-k#$;m!;bVGkM9)10Si z-d?GEv8I8#fh*LU9>VrGj5JAe`usl_L(|=Knpz!VmS1r@#m>&QitLOiu4F87o1)vS z<&Jz+0UII;j3TcM>|USEuHQY->=iSv^sVdbl+irRk+xWCBi$tluW@Zcv0^y=6aRpvii zo4e+Yxs8AJr@z}(J^8-(_Viz~W2!V$*OQw-=$bOejaWNqo5`j@9im{so>OE8N;pId ze#w!vjJ5zWqF;2H7?A^O@xex^GfoXMX{q+i93*2bz#wVq`H!U6#jh_+=k7t?EU2OZ zfzu}YjB?6X0$jzTxP$!c-p{Sy`STCwubQ7pr+d3==-ZR@$l5+hbYobZm*@G{#6jqQ zB6si^l;fSL4^uJ6ld9Ii*?7gK*wE@Np9ociQDG8Z{F6ksjGKxtg*eg z?avO6Yz}3$@Zhx_H^%ykF>w!;E0~gZi_v1=3TSFsvu%2KO~qIfXW%K}5A;+u5lZ8D zg%XvNPWu25z~!5OoB1`1NQNo!#iaNkL@74}H!Krk)s5o5(Z+^Z}E|Jz&NU+xTmP1cOW3jsFSOe~7Y zR)O=Oxtezo;lDE6KICYp4ICh*3q&sG$5k||qIHR^WGBH-*#J!%P1QaD{IMucy7#(| zxJCCdTuk6hFf;qm?F;N;LRf)RJ>b#+bKqj8+K#uon*vwT{ZNH0-@m@IxA*v_P0737 zz5FwHiInvBr7N-Lu0IGc#n<)^4ej5s&-$0V;?G87g@9_#gW?PS4EZc@chpB>)0{?L zuc)Q%M@tpJsRI4I*LjK@nYH#XDN=!9a$k%0eO-Pb6 zsMR654W}9U!DeAn?hD;#7j7vLY8K!aYKqs41Myc}qvjoEUcswxGF(;LAMlj|xv}2l zb@M~l)iBZNRF0fVPfAmJ_$Oz(R$XE<_Cd)3w}w5-a=YvOvZNTc zWIUnd^67C-Toms{ax(8Q8w-uObCE_efkJE9Neyl|r$Vjb&2;+$2_6lcvEMkZ^GOe+~LD8CFV!V{V%ITP~&^HpF~5GNG^s+fYwE<~9M$eI;*E2Rt> zwIG}pNe;?l(@DkkL=)f#o$g>YvXnkh{f*l)ncA$kujVu~t>7)rv^gZvX8){kljb~i z%Z5Y7e3@^IPK!JYCaqB!PvDqju@B!B{t@;>_0O$;4$O`y6Q=pvH^niab%(ee)_cd z1OoG-s7Rls^fO#P3cq6w5X@siQI;8?90*d-|8}dHhq$>p-d6$M(Yf{Yv}_d}cDoZG z&uN~sh`Ps7$6F@c3U8l4kR0402o9Uv4GS3hbD)l)liZDnFv~Nu&W0;A#|$vOb0q zJdLn()|#5;CUNF7bttjZXXy(K{&V<{ldDU&(eA(WVBjQB0(n-k}yK(dT9ub7=_{n`} z6rhX3^2_F!N70+%@3AIn*eD%Fs2X}DB!=c~*)$IoOm$XuXdpckowr!f*qG-hQfgB2 z&!g!R_8RFY2s_T}a{&3UZiy@d^@ifAD_Lc_|AD#GQ~bwX%4NH@^~HkSll}ID6YU<9 z-p;-?=xedW@8plpOUB4-tu{N7;)Q)Yzj0uFT@=U>#2VW$Uc&ZOxMTHt=o5i1pTDbv zOIf9`t|Tn7BhN{)!y!vt-db^@wRSZR#G_T|&{K&-O78&r-H}v4as{9tG#I%9R~R6f zH3ObJ)9PxX0Lb=&pdoDzMFfKe$AvPEFmZ@j0MV%b773pm@P+5y|G$v%#oN~}|NAH3 z5ekp_JK+-(|3Ha5SRZyvj&dRrwCR3pCL0MB1HO{qYW0_VfnqQMGR|_e!xv20xOT~3 zQZs5q@=Nv!U2?vkz#DW}&DmrBT4`67du;+DP+>;ty;ZX%D907}1N_;yz#qZ``AAx? z%m-WW2j5`9pN_p5{4j8EB(t^f+Wjr?!`gdBQUkRW=mX{%WSlT}A!_*{FnrVj_~{|r zxn|&1jbK4F`nKDEn^*5R@HhyQHxx1l7B}3z;q(S^L!&pe8HD7UdyGo8B2*3y5F7b* zg?hcVxo|F3)78iB-` zT3$BKdkyPKn38c=S^dT7;kC)>brY&voT%kpKu2yG2c0Yk!5e+q#|mo;YyExlX;>ch z*i>v0K6b+odPzW%8J#=3wOLaZ$}=#<|1~Vxg>T}loTXa(cU&vxmGu&jJM`%l|N3p# z%KhfGlH0c=-WGcjT7^*w6$evqUMb*1+>W<`Q4X#~tfafsUW>U-EgW|Y*y#cndor8= zdzTy71!}tBSFO`>JnD2=tbSy~Z2)eCuj6oa;6&jhv9J@=;Q}2b>iJ0SX$ofriE`7G zfI;2V9{g4{SMCZfErCzYP#SXSSE$DVN&%qcXqd=jVxY_-!1*SC3JnwopC46?T+V&`cx>4BQBM)=!;|ad1IJou zlrI(!7K42QJ%Pkk<=5^v*D!{G{tI-q!TlBjN30~r#h!#8eTv#5P{|s5K`jv33sxP* zS|%uTz-4+E0nQ(_rqWg_>J~gMmu(WYTP|nPSpnJellGJ+ivELsi>$cZ4vT6MOpaaz zP@85+lSE9thBU$gV;W=GS~|!rml^;W>(lX^7|$ z7dU%CoiNx7f)244EG*oE0%u#&>U1IO!&_aF1jfark+?S&_1^0bM5n_^uRoTEs6mOd zdVn#)TNsXQ6~>5WOtU@DI3>w;hB_x9#Q)7nvo6NCyKs>;HTeos<<|})9+KZ1nJk7& zxrF_=b0ohpxwMqr$S1v(YSmvm+7YU6nlMIgE8l(xU_f8IiRK!`<7cStNOM;|!%2W- zLI$mvSiOiB_MoO)GFc=_K)q;;j_9$Xr_haiqLa`Pxbcg!tycZUk;gzNpze5E%Q8SE))@3SQUhh74E=SMbO z^_%Iz;dRAKW6S1rV*C8=VrENYV`BNA_+MOwu~Tj9kN9PbeZJnCHdF}YY4r)zb88fZEA`DID}fDqtvn&yU#(=V7NWU5)~Nwn+J}g z#oVzkZP*Yf<&x@0ogKA-NO*X#V*il6&{6gtFPD$=7uVh8@9M64fiLhC0sC7K8A zk#%PMAB`P#C-5`DyD7U7-UL)2;upq3Q^*Z-Vdy1M3V<_P5<*S$k`0tBXtHi05?}^~ zNy9kL-&ED-`F3VNe;}}-9`5eQXb&jSRMx#j^_Q3H_l*pGXlG*T>OIAlf--9^%(WzJ zSREyGR!xk%6A)xciYEfG>2Ne2&^R#|o`^w!SDJ1&eWn-9;lP$;JO0*A+gPygI1{mu z{82}~)aeWMRNI{&Qj?jSYiZjz&|$k9Sy85ZeCxJsX#wPbLBbxl^tcOo^q|X;bO?@V z7q3lI8B84j6+t!=2-KI=ifEK72y?O|h>AAXROmpnvtY?3O4^yD8NN~sf~qUoi6&diVKwYkyI@BF99%$` zR8dE9UdEbC8kj~1>u7^{jS42kuEBf5FAM68$kqnK6Va@rnu#sw!t1wS*e~9KFBrE8 zw7%sQL@(Itnkt$9{?4U?OG^jg#h}Eexwdfvp?`9LxaSJvVz8*%gKu+tG<>SAD3hUj857ONlH4n)PUiSgK?-?(a&w*d0vNj* zQ+i=-Cxxp)RiQ`080U?+Wo6&`Md9%GdEvf?*ImE4jpz69p3mZk4sLF^hy;)R>;?45&mi0KgAxY(D}gy;CXmfwd7K+-&y_wYYq^}=J^ z?>&Pa3rvO~53kgBLxwALJUZ!7rbh=oO6;+>$QQ?b!Ex)UTFs~qV`GQK;ZrVG62RoT z-96zN=MEUrjlRAT5KVo3VqGm+qn(YM7;J>1s3&@nGS*E1s}941`uVbrBrn;0@mp{u z&NU^SRSF{nzQW(Z_$gp(5nFkS|2eV3>Jh|Sk>6(f?iB8ird8@$nD5V`1>i`#XRzJ9 z;h@no*%vi7T(>b&NXGSKsvPVb&AWeJv<3{H&0+&1KTz0w-M`$KA^1WkcS%S zXss4ai=s|$o$jNjui?-thz%mNMr&H?E}6?p;iZ>Ai;1Ef7I^?hq~)3c4QyStbWQ4P zCyM3Xy2gd(YEnYt+|*L0w!Icftl2%189{@_T%^#Obo7bw>PRxuoe#QGU8%ru{)-k% z$nYvff9w<{A(!eimCmcj+O67kvKVUXjvfRGf!d+D)3t20zna$^y7iCrn8V_YCS27v z%BM%+dzp2;f7ry|Ue(0kewCd;!qcG67je9sZAD*pzG+nA0NAQ+sC0Zm-kUUDC4Dp&dTF1B7CpLmBA?| zg2{~+#w10x^U8#(${-tpW`se*Y?&9&ApmvGeU7RhNEbsX;-4mz@72fln>gQJ0Delh zEX~aUef-a?4t9ji#fiE65TE5k#Z_FiOv7IC`?vt26R6RKY2rdzsH&<~j|Cc#SthVm zQGvl+5$HoOTjGOZsp5mNt<6*t|HJ$>m8H)4+PEN-_ajkwBRyypkkJoBY%UVTqt z=lqmmOwC_SCKBe`920ybCZ(@Xxe(df)JBU6jh_sfQcK_C#(M=FnQ+yONim=Pxa(P$ z;L(xEgO1ic)@Up=7L0}jj-hz=I*&L7^w@AZb1dfZWEx^oTP%&sT09=rPI_|fozZu_=lJp4d!}-yf&=_iaD4le(Y>&HcV*_W z$7Zg1YX8I|m|JUoBVacU+UqbLto5Y9ZMD|pL~@b9OOY->)=CyU{2&e1Y?8%qk^D9d z(}|36G544&>W@W0VPcbHBvMY${u9O(b0N10Dr@yD-rz{k*1TZ`u*+eg^FK7U6}H{9 zbYvz!k$l4@-Sk&;H2$l;cH^pT;yDd+LiN&NAYt3>PD!>zT%6k@iUHtf#7O8#JrH$7 zLLRpu+C46dguq?Xzr*sffF0sAX7Sca)ea0ahztfu)c|5G*k2P{-u8^AHy-Ko-lt|u z)xab7?YMU7chYOa9mi_N*AAboMYmoJTtN1@=ayd{xU-je+9XFloSVOfEQjH17h#Oa zV0F>Gq9urCG$1tf1f$M~u38*kw*~#~WLUkSU=uNHiZ)$@6itI%Q@n&E12IMjc#52` z=0FQH(5AP|9|}ck!ALQ10&tCz@3-&Swdce~!rg)DVr|N3+ft3K8C@HD^&=nozR}3O z#$;W;d=399axpH%aW!pBalzghlXX@~69+hk6UR);&E=LS#0k5idcew!AAsaCi|lm@ zeup#6*)JkaMvE!Mg<)4iU$8KJ}mH+j!b@@ksC|GW$HS%DM zs1E>rekbG+b?!)f;pw~$$(Zms}R>7Hz)c_6_6}9K< zqtG^7)Tt<$}%64oD#3bqQ}V0 z!W}@zv{k;0u~U@;2ERaBW}$>46ykIM8Um|G$fC6Z0sOI&{9IY~2RxSISZ8>tm=s-r z9$+57%cJj(URYQCosXsCxEc7rV{mn>FZuYyeG%n0)!ReNf}N8c#PV| zx}r-7W6Tk?FD*I4j>Q{x9rLM}W1xcyoC&+V6yfVo$2X)qEsa{C0uET@SQ;X+t-%nKocV*;EKvWvP;(p4&w zZRzs`_t{GnRWWNx7#a_ztT_ijyJ!wH1z=0e@(C%!$2ZPiy;R+(CgtPD<&@IcVrlI9 zosU)QTeb_r-=Tbh$H-~yls`R>bqx|n3+jFShQI2s`z`*k;uvF6OXWsd$l7qbS-8YT z*(tW^Y(UL?FTuwswZfuUCbY#*yZjbfhNp8~am^ya@IMTp_4n)?`|=9TkKz8fEf^Pw zCxC&Y`t>$gc*mas1N5kSGy{s_a<972o(EIRkef^O}G1dw$`G;#CnT$ha5_%bDL}Ha$sA!HXAeI zy!YB&elX;_9k%l1O{3~`zbomqdji3NaN_-av)6U{^6tf}x9)1Nb@&g~^E3xE;NA89 zb_J)DQ9bKb+_$Ctmi+Vi@8&J}*)IW;ush6K!rAZ`(7&A>ky*EBL1&dL7^P@M;$X0I zoRZ2Nw^9*IJ1?})y8vVKYU$)WQmeEUUn49#oo6ftx;b7zu?Y-3#E~fAfVH6JMy&-{ zSpk+#&ae{tJ^~k-d1XI8z2~5`xnH#I5d~Mkb@jmX4xay>jwUg|l2Z?K$>~rqtKD?i zxp`EJx|~|T=1EF>u35Un9#RwSVa=s1YA!xg>m8_?@^F&LLy7AK(t90vA;@dO5{!0C zcI@pCJ7(MD9?s~lb_?CJJ|iBiIc8inqk9fOd6$`ina_w34J9R#IN#iRvNLJE=IMg& zz3|dm#A#{&7r%DbIhs|5k@x6>q=C(c9Qv z`)_36B$EL;3&-l4EA6B0Li_CA@R9JzFqm!laE4eiGF_2bu`g&D4jjm?wf z&qX5MyiCh<1Pj&N^)?E^pQSCQ90~(}Q&|yPgoW3^CH7p2;Huboa%o!ge#c$M`j{YK zKd%n2v%cfT>pB0vYiR3v&%wF3?mZfdnR~A|#CP$(W9~k~i$hO6%WV4&rY{)x7~{+P zYy8b>zC5lroC7SF>s;Y^Vs+cB=Jv;U@2Z;HuE7j-f9z;teJOYTbLhexx1(N7jr$6^ zX1C`HqB15?d&7JbQHjJN%AguSrv^?t1m}QyRKTKPa>bj*H+uL{HV>8ztO$n0pu7eY ziq}j%v#Z8TYBX8zuB6gmM6!Hose6CnH=X6db?M!QkKN&jIjuHbS-%0fbli@@vT*ok zLra7Hk?}2A?fBBk2PmVyX}&U=b7OMI$sqrayC}!a)obBd&c0|D>;;=>vE&OWZko&T zSq>LeKBwB|xw%9_OiP3TSOkyryvxZ9p{78PK|)OkugrmvB&dyQW@O$n_-1Oo_NDyx z=ttefYIkUQ*Wn}fu+xGN@bHL_c*^a#j`+^P?!2$FTJdW)9Xj%E8vnq?90%Ie zn1cd*9oge?*yEkm0FM$~t$EE;DWMUd5sLv(bGgA*8@Hi@vg=|0giRnyJTj+P>E$;s zBIoiFuKaVg$~lN}KMZlk)U^siXHs@$LvBfT@|n!gNCU9Be4ileiJmQ2n7ghZaThb;n%b z?G^%V14}t}v{?`k#wG8SLBQmnppp?ZYZ7z?;2sMSt#nC3Logzy=cx2-;XL?&h>Hm{ z0!=Iksmb1zh&2E8U2_hz*d>$r#M06yK#uguW`Rq=;4Nl=n%N)2@V%(k8OYX~j_Ju1`w5n;e>e>YGCgO|R+(m~dVM{G&NEQ&dsCN4DJ=(pgP#oe7Pk z&O>G>7p2fEWjL7xD~i@v#`ULWc{JJbru_N1>+9`4W?!I;2o?u?3OwOc;HhewR{#l{ zw~A(u4$l~?Hl)b2TlQn|1n)#0^l?rF?5VQE($!~2U&I=+jb{VBbPn*Lb7r)hhf%x& zb)?`k1@^(H)s#pI?IR0&1+cjig{Ct<+>}Ev#+&z$9nUbnD!oEQ9-y-}73IEa6;K*C z3JftWT3Z^d1EB+-S9PiS9J+;BEjEc$*u4OdW;5x4>kxZ>{^G*sn?90h!*8jVac_aoBMKShP-;i0A0ZUi#>{gbi+J>gC2EQK zLy8}?uBOS!at*knP`3smGK}e4@H7^3Z}yW+LmoTMZ*7r*wan11w;sHq$pyw-C6gZP zF&;%FSV!`e2;vjrrk+7?!|brdmMTZ>v)pyvH{o{ZwrR~Cu_2S@=U$j!=y#LtMZ>@5^|Fxb~b zD54xktmqm7?8gjHi*Joq5kNW;dJwDVq}adnByu=8RYlu0`-GN@MYEA`&T7r(K$oA1 zW`tkDT+GIwgkR^MNcghWSXhiioz7@Pj4L6<`>?tKO=1xxN@3&dzwSQ2aLZSSt%R8S zfJz#4pD%qS1bD&1izQOBWH6gim>SF3ugJ8R5p@cM{DJK8`!##e?@_L^dn`?)vUkJI z5tAE1IP71)b$co|xw-B?_3tNE5X%3!{3~8sPHz3gAAW2d?Ntae{~Goxjn0HXYD=}Yg<@T*J_W1R7TbytT-$=SY8S0k z1-mH4*0#3RYM)x$rNNN$u+gd*TX?Ekzor7%eAi1cWE+a|n%oG`kYdOWbqmNsr;$BOi zPb4E@4VWS$ack4uoQyv1sU;Z+I#wljk-u%S_)PJ)jU{oU5}D#`K(ESJp3o%OP328z zI%VF{N4GrFX{+x*=E5_lS0OOss!JSF*1KEQBZM<=Z_2ZRPbSxj&ynn>{J+D8O19zK z-0O?LpS$wq-Xvkwc~YvEJbNm3BXgXgI)nabclF#g9mVmd?ZKi* zZMFXHe8gJAN-1KmY4TV%I^Fs6F4*iZ&i2hIqxP0{5$GeT3-!_DJ7}M*hXg_az87=N zn49JA6RxIS?kY#^(dbB%Ja;RGsQ<4uS4|hKCaE~Rf2eu7L+UwTHt?Bc+lF)TYF6m!ZaY?%C?}` zsweP#k9@8{F3(W>c*BqPXHe#wh>95Zru*?$XAnOP*taBZf+a`>$m9V;;81x|y?&ft zFXk`SY;fS616x;e2b63(l{eK(<$Zm!?T`YesHdd>4td6l+74^x^s!pllo{z0!Kz*! zjHcp{eqpHXwB@q=1`dqwLRbg&2{%%>lPOZqkpD-tw7v=gEYK8vp zoE&UU+7JdWaYjsO7?P*MK6Eq;z6RxyFvOXiIti9t9CWa!xII{$om~{P^Cy`jSe$a~ zE30~5aq;}>NW3png}ZrGI7*s&&MOP$TM#P`hz;qPq)<7 zwXjHYO-*xZe~Bxm_m?hMaf@c^(|Jv=;Du-GFL7mRf5{Z+FWrq4?nDaUpx6g*$nkVa z;h6k~)X}plRv_(r9F9n6tm%Tb&OJhx)!^L<}=Wrz~jTduKu{?)Mr6B&K@}%*i@+7*v zNpTL2pvfqORt;W5PV$rEMdeMje4#2gc)u*SyJRLZ=NihbeW=`R2^?$ybDV*rtf)ld zC`F1yYf9cgIDWw=5;)iZrbUTkMoF2(QH~S|riprxuJ~Em{=blIlTr_sRh5ZgB(~yS zW(%j*qY{u0OMdoGRgc8DcSI^PF^!`RFjh{aAiI#OperMJVsWh28q0(AqG4%tXpMO< zLSw-all%@chiRF%gEn?G(}?$UssbqdFcm0D#H@a@M*h{+~I$E^bg7% z{-1WzxrXzBlg>5Ru&*0|1Y@$-BGhItkO4sZYt(#8kz5R^z%XyqKCS#Wp2*WVP zCuzNU^kO#n$3gNZG#Gy$Z6*D~%CeFpAdW9`7QFEdv=_f|ERXnw= zkfL;!H?vRo)%6NrqCarLlWfM`f}Yuio!SVrCO?X`c(U@dc!vCL%VOKJc4h5_Qu!J! z(`$IgF-0=Vw5T`ATkE21OLRwccT_}aMfEZG6Nz5qw)Ww))fR`)9A3w62Ss}{IqbFY zMZ|Yo*@$(!br+1jcJ0EpI@=YKXOwp1P-AJ)j@ry~Ff`)plfV|{&NW8Dt8vGIDH4nG@+--$)%V{FmsTi(5x z^)2b`U9zOFZ%JKANnL#j77}PWd|qSku~u+e?_o%-oZStrBJbid&?$4xm}E-GlQwq}GH6LuvW3p@Ib(DPNk|T+_^wqJ^2o*{fRnH?aDRk-6DF zi~o?dR+O9*Ep!xA&n_9gr0DEmOU_~Tkjq&f4Y<~Lvo1c*WYW(M6#C8=wyKiMj5QXY z+qQO<>-)@{2)x#BkJJ4a=hcHU z++%$ZTVYNdN;LPG*1}BBX<{oi$4Wc5L8S_lJ#00#oj$47J#u>n^!_xw%;9e<{?rCB z^d<9nK>#Kv*Pz7g$YA__cK+Z(8K;BBH=Pg6!q^^*b=(VJMib5QCZ>Jbomv-g+I8} z7PXZ%*43SN-g)b~FOJh$!E^gBUbSc)dyw&c)s+>6ay+f&2qTKKxjqf?)LbUNW^?W{ z??d@ys6j-sOFJ<8&kvoBJ;O0r@K8*XbiN6P=`fk$d0Jc*JmW3RFOZL)k-sP5*`4y4 z>nBIR0X`!2gBviRH!)Weq>H zYga{GtgW6tpKx)QP9=FbG%511lQI#()>2W6 zANmD)??5gW}9%0p=z9Ig?L7+i7(&I)NcgA4rAX~h{-P`&wNo;d1llDB&nHlxZ0+ipHyp!J`H&S~ z88I9@#uoDqiq}g$PIkyRdm*3Y8H^IV$gt&D1G#R^g!3es-2qd`jrzMyx+Q>f_7v$t z>iiqX@@ZZz3|q*!7h~~dIxa^l9;IIe|Ifho9jaCU^%UA1HyDp^X2Q>{pM4|#kBk|W zwl{=sFDIrHbrIvTtWV+02-&;~Bl zF==~-XZjuSCQ!Urb%FgV{wSx=w}QstT)_|i(OncQuXkph`x218)WSg*M&+E-Rr zt?Z~Mp0Vte!e+?R(P(A1qrUX#=gcT!7oT-WM}B_CC1`Qwzmbb#MVH*QP{fG-xTOM2?Z7F?S^UsW(C{#0dYv;<~q0efy)*lrI6L&3b+t7cul!|9Iyx;jVP(Ag36R`?GK9xTH! zC0~RWKo&WS`LR)3{}{|OkH#oeNPamhFK=qDj$s5=uh0rtXxM;h&UP=W^Txb=@N>{q zy0T1&vfR2=LFRRP{JE=?zbwp+aKa%^aU|X7CV|Qs z0f}%PPu(G8F#A@~jLw##*6xzLs?gQ>&5J4u7c}ObE-Vk1M4SyxA%{OZ!|EvwzzI~wGR>5UQ?PcdB_JB0 z*4RYH(h2P_uNLfwT&AeM5I7L&k!cGRawqPdv{f~?WPGBqA+u<1#`eMua}m_+zEu-n z+taf4%RN00tl0V1P+bou(S%Q^!|*sVTkAVC$IR+z!7&3xk+#j1E9xKx#tPOJ@PfIK z71rhz+MGI5o^Z`tRci5Nu5#^_qOx(=1s#IE!PdW&2ia=!@|N@wm14D=$3uyurf2pL z6_^pLZ0;`13b*}F_=jpL3kE$GIs^Z`dnoXT7-WNIVCP+@T_1DIh=MfX1xh=cycA7j zVBLUFzo#Z5*Z`4MhAptBJz96H?o^$q%W80zSXY#1tSGFPwz73@=3eP2agF1p$|d8M)z8oeRH|rK`Y%E=9mg!9j!{W#AVv;kBm-%Lm|@(}x*<7OQ<{<8 z6O!*?Nl#!t;SAUvrbXb=Jobar2tVCgrr&IHQ@2Q8@i04}!Gkj= z%38v(uEH8tX~}&>Z3X?Uvlb(`MIL;>B?91)5VHvRt5)b)Kdl~%9 z0S}uDvL*EzE*3xhOtQF=w-^%Q45n5&2>onYlC1ptI0~Q+k)cD*9J!C?`_wxAQ z;I?gpgX6yl7X_W{yRg|S3fI-}@A4|P^3a119y<7~Z^h5eXmj9$5!un!8zfNPo6o(aQxdxlpQ2rF7z-Ghk`;guMaMGFW_0<=hFFO_!W zz!S9hy3_f^zM8yDzbmJCN&Pnmy2cAlQ_ zmlQ>vU-Z}1*Jnm%&#HABCkU^>nYh}9+JHP07w+ipPMnE5Cd-$B^1X(BDh6$2Wi5-8 zX6BnjNonyi&0Ui3D>i3=p{{~k9%GB2b|0l3xTK9n6vGHdqr6WUswU(}|GdpJ$Ig6ZrZI(M2S%oEPLXDv;v!(kP+HEB^ zT?wmg>2=hk{Dmt^Ecp%plXO%^@gay`36=!5O^(E2$U58YUC?sD@{Wd@lHm<4eVLKm z*}3@@VVggdY6p$_CbhCv#rbDw{)hXBr}r90DpxC?+Wqho&@GZjK2gxxRyxl~?7vdVT-q^^v;n z&o~N#m31XEqBS`A~oVLzoFM!EW(*^A%E?2+RzOZA? zT#qxWpfVRNU52g+=E?S?_9ovOnUI?29fZXnar-E^so0UZJCkQt6s_3d+U>&Dp0+Z> zp0~0#>obgOCl1K&{znC)l4QjlJ1BToBwO$Mc3q4 zR_1+twQJ)R=J;TKOUwKZ;(yz+5oj>i$T$PQV+E#SoR3*Xaa_4OhEZ>>-GmS<8h8Lnw1rBs%qaBHNC`@R=cdN{7mr$sLsDYo%7+Jy^WTv zFJP}hH!r8)iQG~^9@~$Gj)nBl@?cbpx%=Fw-0!+|_wwA`=!Iy=o~Px)-L}UK*E!Po zy$wE=WG6JpN?|cd)x?}gbV|!lHzy4y>O>Dh>9HA-aV7odK*tm(v>b zkEhx%njaN++##a#FKR#aM_Pw6nuf4n{&)78lrhI*Gbsd2%yZ16dzQb8HIG)ujzXN| z57r&2<9&6ktd7+!KU(`PJi0_n>q=wr9j=!yFO(kJ1DRRf`Sl27Qn@P2QWp|%`Dr75 z0qF~FAk;DGN*EZEQ6ep>PpaA|qJkU-|1F8IdQUPFVmfwSF{3Z8mB9- zv9zGt>#ff%ZOC_3S1m8f(`_zWrf=p5-892&ziY-a&nR^1l~fh0mGg{yfO(Lo#uK>5-o5}V9?=QjoXJvX4`7HSLh)U1mM<(1(vu32xTg|uPXSIdD>$WN zqdgzkyHDG*{^)q_lRGe`e=hTGF!DZb)FFO+qA-e$ZdHd1@avlr4muoJh6fX6cyJ;V z@FmJ1bvd#O5^h>d`A`MGxTyeE3W1b;r^y}2QMRM_+VnColwn4Bk=v-B)EDqyVlVaU zfHR8|V3A~x0!QffK%cV6p#4s{?vZfcRB-tcjs+U)3$prHRRfR{oRqO89O^QaAIk`4 zlDz?^LK2+vuT6L#QgEjYKg$1#*@BsHr_CG^lw=5wcG~a=FjSGfO!vP4v88ru&T^Ny1ZoCA>I+PNjWiSEe7}OwTadr4+RD z6HaAUa8&lZ7-FF@#6<(7&@16^9-hW^>1kXQ9QjM0A=~{))t*NFj>h^t8-J*?q0ExT50dmaafpT`7@trvFTCpx$CJ8y2d8?XRN@zc&GI zu2%4bARS)JOt#JKsby-ID^V;(5~{Q`Tu8KMN*Xv@nyQD9X5REPlczw1Z}II3KCa(5 z**y6r#mAc`LWM~_{^K;bCnuu`xadTrGyxa?R~p={@h1T1A&ap16BF5C38=>KB<)9} z;=U*TgCy(^CUU32(%wKS>}~Nkldx}2WUC3s$hRU5_TKpGN!ZsXa;L#wE@6))>wo*C zEde`en<%VGE$cld$&bum&F{+LnA+zY+aSe8g5iSMuQ)5i9yk@#`r#gRa@+ z-($AMm;@z@GdTv*VGX+G%+}lhNM6<1%c>F?@*Nw_CKg9*4eG(FSuyEWdI z?EgN{pae8%khnoA?t9`FC1EcD4W_~#NQ1pCesL1^V$fhJ?3dGE?~R|EggqBDmVJFuh9v9_6QP2C2YcT~!y57*(V&$7rf7STXj{sPN!nJj;uLI>wgDR~lCVkI zPKQmUZ9sAdXj{pLini0?r)YbUXj>)$=_Qj8ZKtP6(zZ8DQm(?0LaXWUskEI$kPa{D zRJF|%ZKF*26*38Eds@Xe5l*zN>VG@p?UDRJ^TBS=c51$pX|VUjzmSCe!gN?; zy#abv>kUcUwEohfm2$n2IOm|&B~x%j*AlLF}9G|l_za7h`}S6l!<;ckSzbi!iv z4DdwLQl`~P6@2l(hfm6(cX2^0$nzf~Wk`;U%w9 z&Nw;Z@SVL#?B=S`{o5N~d%gr-LPoi`r#LtvYWeVGdQE~;YluXC-Vm*6)DnpDQ)`(ixI}*5GwMGHPRVU4`9Wq= zG9=}v8(diGl>D=6%2!azvv2d_^>kt116XaEbQwol(C@copAGlrJMd(}2=G zQhth`Pr)V1myxE|R6K*=)c8!~=W8N)*ZABP7|OynQ4!B3!4`5}8XhCY-(c%lLCI|y(bbexbH zKbhhTeRTfdhtuGdx-Si0@;22z;D_nuk(#?{4~WnXDE+BKgs+} zjid^ho_|tjg7O&jlZ3aO0Y0fS0lYy!Q{{PkVi9RhB!)zJB>kxNH0bA};3t=%zy4~_ z&sSwX-XiH|b@Kg_@q<(E5|M;EB_xHwE zq`;q&?-l)!be@2pdVimk+Ku<%Q|H27$dIq5=qDRay&mDrTTc>)BnGriI;=rE3E0Me z2W!v`U=`gck!-48)AKgy2Ji;mOioCNEYVNt@CMx^^H<{7N9S+QO%h&-V`=aSnQDq| zQp+PHt7+v)fj8*pqu?hmML!YWDb-2qnxg0B@kb|`+KL*{>KLz+i_+kd@)wVPaiXOo z0T;hE4K5*n(K@bWVpg*ROvqnpunGB#V7n$}PlNq&8f-%TBG~bXSxu?=ekTn!A%79< z=84(UU?(LkG2KffkH?JIv|qR3cwF zo72i4b7w=9oXiz3PR|oELTa8;5}e8t_V7GeFa0wKd9k@tR;t>NpH!X(9OxEssd-B1 zM4mQK-dmy>vKE~@vdFfQ=kMX^u>>1CseUXJEY2P)*r~I}oQG&5id!O70?GR}P`)^a zlz{Dszc4wWbRWN*$Wq%@MB6u|!R^9KYrst=Z6vTKYm@y?=Wau=yX=WoaWe~NMKlXs z-`f2Yh}^$CBa|cH89lVhX^D(wY52`bXIOB;6XrbRW~r4nYw3v4iIb-*DGU@W%Zidm zgo`yt$6*PpMY2tN z0Owu&q2ip}vi3$^<1g@A^ZZ!_MFr)3C?wN{aJKCxz8|*3SuqE~X}L2syX$_-{b(k6 zx(yK{k!J(q-~`~mmd<$q+U!h>WZcK($8 zHjWa&Y)5{Mul|X&y@Ib;@2jdnDSPRmlzW(1lTjTx1E#ZRq2tBjNMT_lTznK?MMZcx zhq*H&PG=<3#kyFytUf!tzAVJ~*;xezSvk>Yj&WV!4|^>ZZ`fbbT;%l@HJ41uN;Kw` zEO0m|#}dgJQnq?~qR0?_Qe-PR?$z4r20)T#dGf0h`Jh(f=#oy9j5L++(GTZq2t5gS z*n7*dukxjH|59IqeXhbVGG=@#R=1P~Y5c1)1D3{rvdr&JG*Sx50%#24)P_7$XzU|u z9r3%>7-aFgCp>D)kKo$V;C99LC*byzol#<6vJ7zWMTN01_fC-Ct_0kj$WLyaP=57k zaJ!)4lw+U8?@QV@!EBG>LjM(K+-U4?jfEniC>+!--{(KzKZ*laM-dzK6wbnv)nf)l zWLPdVIGxasTIm?9P(fAUvDCWU5?0K?wo=#O_{xftyi>eEv4#_;D-j`fYXdGg1HSqs z1}T%S*9@;=Ne;nU`v=#q9b|5UHNXqoEi5bkJ6unnzA2S6prcTS7{>1e{~bn1hE@=B z!x@0^S`bt*!=kxpB)|6BGpzQRr(Zkq{A*;sf>@ZAv_Z|fH_h4pIE`!sT+5BN)$unT zsNB1KYIIlhVssO(rNDLH6fTS`?$zy?EW-kCr3NnVtIxc4QsIJK3hbY!F%Wj&wR1Mb z-wzbH{6Qcqh}H6M?yY>_;dEqN8wMZViSZtQ&1_37yDS*VIaLT==s1Nw&;n(V{J2Z{)9PP=^$uqNL>Z%f6W+2uf}ZQLaByG+fyUi zK*DODNx+`OUL9?b8LAD+Hvl`_m!z$e(t#X$Cuyhk=cJuh&6(}A($b2bohj`{*m$MY zM^Ba!^(hR?GA8*#`d-;hs860+k^M5}R<>kQhGb3P4@#CHyOJYPMv(hOQ!)b6yjj>R zVkT!|-ZyLvNk&jMhEx7Yn3FcQn8}@hoh+ezC7)2R9r4d4#{ccacWBFs_(Xmh+%Bx3 z3_h_ZY2OIC?@gh5xZ`HRm0`)W>(^==hGB5WirMmMc%e0hSL%d`<6^88!>gulel$0y zFyMC<1m*C$FS@)O6K9q`&kEWHj&9)ihB3B)LxX=pi9;HnDICX7BrMQyfFNNKERUqI zZ)~5l>HfO50^kVxT?GL-s$NaUkvgU-W0_^e1qX2W)Dh6^j`CohDd6z#M180#Fm^jm z-qcn@hXNb1xiO_1#l3r3|*Ep^Z42&XY5;gUXRgnzp3EzMR?KLk!T-Bu9JkPH{9N^zR%nhuLKuUaDjHd-xV$xn*3F-dC| zo#{LrRo$~JPUvT7ir9591qZ_05f_g7NKVFV$| zF}9=zRrZg9rEw@>r(|^;@}~_RW=i^}o197c%5kV*JK}p2<7@v!SZxQitm zynaWDjql_t!2L|_Lp9>gf_mvic8fVDoRwx` zNh0&uxWzB7oP_p07oaa$2&PW$i)UhCup~Mf{dMOhsElg4-#2#8(GXR-=W`ZtN zzBFEmdJ|=(6iSYroapUJWKDgYDffA=1pPEnA3}z^M$rVva=S=v9}`?>8r&}QwXuGC zG{rtV{!iorUqHYQF;wPvae~H%Co0u;59LP`lM1&BS}udv-=DPg1|L@IK|0^w$YwqU zc64;Yh4>34bkf+XosBDkgVCGf7#@pbbn75j0CWa95tNM}rE>&$0+4Po5VI0qUGWxD z_^3Z{tKGcff1TO^u?lmOwMIy6GAlguq$5ys4T+ zt0C%Dd#ic1KL#(N(t~WTe~teI|F8VIf4MCNgW@_zAAA`JM=hMkK3D)pTi$|bfhZ_B znsW?3HkY5$-bIB=ikoWfjjPISB`XW9IMQehtukD`NfTs{=xgLT*n506&OjVrjYw2* zEme7P^%^)DudKx3eK>T%&T{Hs(l;DMdV$A=sWbdoMyW&mm{N=-vHP5!?sKvWW1qKr z92T=X==BEOW;0yL?`|*1VXqrvFuVA(H{JBv_MP)qukto`_Ewg5HRa_uFD#qU+ur0| zwR+x-@t4wNtK&fc+DE-cADAc1eiYGMjPA9 za&wA9eizuUwXiQ`E(fjc$2uu#FRPU)?LS5^jZ3xj0t=Ufbt~ZSPlJCl{=wvzror!; zh)lu9UrB?%HGW$X-q=Ygo5-$H=Cf*D7=JG<%{}q^($lm|v3EB`SdhB zX?P~xX=(0_Ka-xOBOT9$G7atTgB_v0Zjb*tJ}hEx-4iv_)BHFsjnrpPPg9zX=R0X>q+WY^n*4M; zlQNBAUm*JhwsX_d#3mY7PODEmEsfN3Pfyd9mIiYnwOc~hs`!`vVV+%>BZs1tE9hMA zlukyCCCDDdA)ivmkbI)@NzBnxFpbr+i0E@ToW+;&lf6CW%8`y`BJvwyk59=dnBpIk z*C8B3Jr%3RjW1Y|lT%#cG?#>Oi`l<_XOkKX&85Xck!Ci3~R%n4tOE3gI%uJj; z$ED0np+TU3wS-zig=H3;kDUp~7V>cd4>mJ{xJUF5v&9@_kLNWnEH7W!l$X~;*XF$V zcN`v%1D|i$%qDXtBEXr z?De?)_^~o%3m_eWK;WCbmzqEDxjhcM$76SRwwWk@vngP+>*r?XJED;aTZYe39*H{g z*Oce7Kndb6m|RxfnQytxlJC^5ETCx^q4QB1k!ka9-fr(*h z#$bkShAm*Jf6%YbvzeGpXY*|=!nh4SsrUj*DYKL?OChrqFk3#eLwv4w_0+?F|% z$<6K-_n;f@L0epdE@5-D;$Wh+)yn7HQNO>Q57l2;e`CFxIJLYU~@7&&NkadcNY}x~J2_UyjZ9u=_l0(8DaAnI4Wf@f1;Q-fsI*J1?-azu4Jzc6N@P zyBA!cs`C!eWry1MfVtD0vuQ&-HXpVQsn%wo-b&AgzwzL|TQ z8Ea;*H~*!XA8dZA`Nd{&bMrmT{JLhgu6eAPpVQ1bnwhqTpeQ##0{bHR1(HRZxwV;z zW(*Q777XWhA1-{l@OYv4D%7{d)7gVtx`~;T+-BtOIa_x}@6u7>=vgIGeJ<5(As;Z^yj#y(+W%o5r zpKaooHn9tv*jY`iN#=noQDjqgQDxB_czi#K^WH_PDp*COwffQcjzh&|-MAh-lvjl7 zq;@DPm#(oxz6f1+#9Ww2EY+dvvT9+k&ZCz47K)K)EoPqLQXY-OB7KpyksXnJ5pxL9 zF(Pcv(a5O?e<;G#Tfri}NI_&lM1MWPz7lyV!mp38(Fj|Y4EuFom-zIlS!0Ubf%+xR*z~72YAQ zKthMtBk~1b@H4@7iM@iK7VOW0EfI(W_Jm;j1%_AzLBT`_yK4cvCtMru4X+7P@QMe+ zmN`elFNEI-i*J$VO?oHX;kxpo>{ttkLCxdj_vB z3I`1OydA#XzJ0z^KArg%`1tF-zxeo9d~Ahposa9jP9Goe-RC>(dpg$Y(=EP`ugoVL zK8?dC=z>%HUC!_43?A4QaCVThd!QkcKe4rZ3t~3$2jMpq9+2CfA8lB(dd=1~Teptl z@1oTW7b!ocbl>(o9@LBEZ_-Ub0+>9gH3Eh_pHc#OkB3T?*Xp$NGA{)!6Ht=X5=%oR z(8xu0+w-d%Dz`QuR3mv)#Vg=wtZanKKl!S1D}Kj43XL^-B^6!$5ysI<=6$u{)rQKG z_!@og`368H%SQE>{y+&)0`F8QsSS)OOJ}b1gmm~n)hK{pgI5hyTzsveG<4&A9;HGd z;p&+F5S*FHOt+{Uy@zKrSp>XQSB6XC|3$bnS|FioKmZ;%;b`htq z@oRE(bK?)PrucLCJeVuL?##)_!Mo=8kMa3duKK!^&4{0fPtZ5NGAHNs#@t*c-{m8N zm*_QH^523$z7?7deb&3|B<^yx3hno??D8noLFF+Ig$Bf3c9eW6XVFUvI8GWQ=!j0m z-0)*(iNXJqnZ8I(bSP6^PaVQ9x%3PrQ|6z_{s`GHe0Bm%xBVgr8dKz$vTT!w79OA=N9Mb_{W5WIk15*MNfRKhI@UA zE8`_I2MSwEfn{2K(r2FPmxSj$dYTD;#pI|?X@JZSI1N80flvs+rxGr$_4nU@KQo*I zsjw&#sPg-AbNzu(c97+}0|B=;7<}{n_y6`#upl=YbY=(K4rh(eQ7ga1}ILq`5D_Oa2vIITZX&KHr6$|*GeBLe79L?ohx z3yNsMt}!d@>)S8hOw@^R2+j8}XS(R&UxEJs!=X2ghxZ6r<*OO_TC|*)%cOO2VdXt0 zi^|<76QYCx1351vEHA#;x1T-N$DWhrqV$Bz0v}-cUKV40OhnmQwgo%oHr@q!o9{L; zQ;+2?LFI)L7}>1eqogOK$iS2_dk@VdD~pVcavAMw(dyy+-V(F$wU(psKx5l(+GW~n z5@>Qv13laX8`?H3-DIw-Rkl7VDH@+LEkr?8=4im)f;&^v{^C;R&P;-6&KP{&L!%i>tg4$p26_jK9YTu0!q%IP!h()I$X ztBxPQlqtNPJ+2WcV)|0O99UJAl!LhzuHib2z$9HurVc0WH21si6l` z+PyF_et4IT^&7ask4*4Ve(ciBZ9gky>^V(vz zKAS#8K@Mk~`IwoTiENy6Bluy#jd+pRs81fw<3fFR)&9umw{8xs2j+bzULwV!g!=$?k{=%W(xlH~NZrG4N5nnqqk=t=1+Rj>z3^>4D*&qWEbIC;LZI9XNb}B!6nR zLL$0%jdqi~TID}0Rw(mVU9v?xpz%8G7&?)4>4d}7!#ItqsfIJ!t%Nv4L5XZPVpOW# zUL=Z>&4w(l1D;ViS6Q&P?lE=gn6bcQ^_|A7CFd>VEXO^@JlHG!Vfy+YjCdXi-f9BP z`kDpr7XFp&UNA1TDFg&B{0DQmt!*#v`2-NNE+Tz;hI^YsVUB|$S z^sWOKt6Dg)$I@eW^?2PoZF_<}87V{uW`r^*UUd4z>aCK_5jkGn8dO+BGoKH>|7o@4C1XUy3&OQ47#y^T~Z`oC{eG)ebgr?ygt`qANJMpa^3z$Y#4x zye@4odbZ1?dtH0nJq|0)yl8e%Y)at}@Elug#9nCFQ}lS6E)ajf;By!vsx)H$2VuS` zh1Ea;puQkp1It#FVO=b?8=HS!2*t|mKAQBp;1rqJe3~o~Caf+-A}E?}JKM#09m?o+ z?y>iH^d6fT-6wf?+smrm;EQN=r7Rla%z#JGx9rkJCYwvn?v3bMl4ZclUqlC^ZBiH% z+Q=Bos(fv+Vn^O9 zUh=4-0$BnIT_U@Sx(PDRK585)K$167{}7$cjuqOw;EbI{n!^e1VZwN}*mmkYeZ=+K zFvtzQPZOBr_=J;?5@nz}h@TV?G7Rg_8~lproc^L3+t(#|7V+V-Hc*1St4;>IcY;|F ztvW%dwwI=>gT*IxZWo!9A1H(`!W!u3eFu!P$UZeZQRde-R7tJhJ} z$)d`#5`|KKp&{v;9%Y|lBsUYk#2j-S$({*bdHRby$LO;pzjSEpV+*&KcYp_Nw@@*K zrRxAn=iIA3NQ@JLUe`YTfX>@cN+$^qd+lhvEtVZ{npfl>1Vc^^vRH2;TK&s# z=7l+rx^*@6tK_YXs#KE2U|MIRlDGDqeuHmH%;&OCEm|(x4G~rly}E~6dQ9YOQ_k4v z6l`fXqc2LNw2z4zMAEk}b)F%*Cz+rumg(rSTe`SOIPGAO=AE>Tk@6IH5VczaGEE9- zjTs<4Ihc`~lFdE{)2f5!{{*j@p0Dn*@3D~tXx>BXBM@_HzQoIjVg%>~BL`dp85@GO zoDR^onz0sefQMEymm}u!cRRYQ7P?xx>L8zOLE9hIkLhNeYT>Z#CKA@Azzr$0(ctlw zC*H2~l5c2m2^zEXPjLvaDA1=QP7tV+WoSG}-eA+_#7cHq_tMC*?b7#xx=4UQ7%1!A zmYsVsaC>&6*Y76wAWh2K(6f-5h-)X9195G|8i0rvkzfq8kVKmqb)z{Sc!*vw1k5|w zZg89~U31uW!X2C$x$gy%p517UyOs5N8?954coa*(WYwq`!b#$~JO@%IQM0jLf!r*) zkAdX~auhD3YIPLm$Duhv0(*3XjqYLBW6_9cOscoi202ZN^pB{NFky*6d=(#}QJVjy zjBe99VlzHz{vyUr*AWZj;I2_(u)Ek^Sv~B@?6F+W_fP{Wgm54(t0f(ULSbdJA#jzT z4GlJ~1bYmL6uL{nr+-oQQ8B9RxXE^>joZ2oSTUKA0?&3m7JJlZ`t` z+LGE)wk7c|*_QDp>N7Ov)Y=cRZVsD-pcxyP)RGwq79T`WG!xUPz%J(GurdFBBaYoJ?Pl#Z?M|$*?$Peo z9su(>q&ub=`KIFdU%99J%F31|{{Jy?gE#*R_ji?* z;XmaTjsDNx+!c+A`DJBg+wh^k)N6U#bL#KnnEa8zx5-4?$}UT}pL(xpEB~+1!4ujM z?R(m@+K;stw3oD3v|nn!(te};UVBS>NBgVxckN%=B(yTn-!Tu%U?BwV&Syoej8(E) z2J1F92VzbKTg1*n%)b?is;HN!cj=n=eAKfk1ttMY*Z|Hf~UMnNQ? z)Q|d(U!@2+<@b_!Je&TT-_z6o{~bO9 zf_@RqOwaJ~fgFqh@Xj1)mz9^(6j+ve zRg)aO{V;rL`o!-amA|;|gK+8}1g0t3DnnZpYcbP)F86h5ZQ=-4qdZ{Q<=yM$-Y$C` z6g}MK$jsPj7fPD#apAD)POP*@7{iVL`I}E_+Tl+hOFw!A84c5gA-x)kcgT99Sa?W% zvs?)zWLaZHkd&XX9>~CcL^#6(jUOTdnlnwj$C_dD_c%T7ol>5}a;f12RQqz})NuOg zMr3ggqG2u}f_~DGW%z4%AZHPC~7g$A+mjtf^l!rV%k3A-ir69jC;}%CGH(K|NM^e-kEam zO(}yfr3`+FS7;2I5}LM$*`Rlzdw3j2Oi6XmH7k3_xEI=N_Ly<6Yf<)Bkx!B2QQMz&lzI<#Tqc(kFe zzCPN~KRhx#w61?sbjkSonrL*%(7J))v4Qo`ZNuvaMx)~!2cj!4-ZnhGExK@IcwGIw zZXjA;Q)j$Bdt`W|ePq-6l*cGNN6#G?9UB@Mj@H%8N`;j_e)u=araC2`{^9j0W$Pau zh>i|y7#bTN7)9B}NBh?gZ0;YubSyeDm;y#s=+Y4!LQ#jpL^Fd&BU>pI+T!n-Aa zS&wB-RNmA30sKCO@AY`I4fpGDKZ^Tta8xACX(47dmCHj2m@58&Cbn zJ<&_lpX2D?*)VUc#j=wA)c_0iq)J2BC`AqWU<4+pwZubcUk87apF+Hv1Rs)b)R)PN zmmE;AX#l@5L#t$kF2fEk;lxQYH#mwHT6{k^XC_YX2BFUn!-_Er)|NToT6wU!jA{j1 zAuKP85zVI*_Lt?bh?oH@%qm2gtwAA(02^SD*@URmE!s?UU@Iyy2Pe+vY4fpmj%f?f z1sz(a)&+uEq;-QwF2-tl34(7f#hSWLTc$0?%K97-%(+-!pNIHQ7hsirp|)DP2y5-N zT0axo_qDHTPh(Aeo%WRWGwm7e4eh(w6?quz>j~{JR^JD)*8aKnS?#x2Wj&-l!E~&_ zKMC&o9as~*36=flu|EF~?d#gT%%pvWQFMcwwg1Gr>vLGK-++@yC$+z5U)J_(f79O6 z-q*gOeN+1()@t9va9D?+G3&8v8_<5B{RnHf=d|awpJ;zTcfW)!nV({nzX3;czM!4Z zUe=Cd7`>&vt=*_y0j(yc4(i_{-pg`dz@LBjoGmlbTXHAT8lF`R)t>X!x~Xzeyk5OS%3wxN({sBGz)9R z9G1)Suwsm|0_`8#e?f0m#EMx7E5!=3oK>(HSVvZ|YF2~QWF4z#4caSMRW`wBumx+& zS*(@K#tL&To5$v3of*Sn>vqx8?6g;;lXvmUk>tIs9uY_=3@&_1?|EoUp( zIcz06m#t#wvGdsl>|^Xgwi;{M57}qxm`#8H+d!22^O8HgoHOzd!!XED@*mdlB z_DS|Bwv&BY`!>6Q-N-(}ZepKhpJSiLrpRvg1-6IX%)ZEOVYjl|*zN2~><)G(yNmq? z`!e)e``F!x0dWtzm)*y{%I;@hV_#?c*#qnw?3?Uc2>yJ4J;V-bx3fdq9om=Jg!T?Q z%pTV6gE_}t(CO^bzNp=zJ*FLHk7!S_M-hAParOlJHv103)E!|**^}5=_#XQ{dm0fH zpJhK_KV&~*KW5Ld=h;u#3)qYNDSMH<#9l_ct`qDP_A~Z#MDzJ2dlj*9PO@LYf5GeQ z*X%d&81q|1Li;_UXa0fx5wWQL#NK9qX79iv=`ZX**`oL`HRraSm2_;vhx{z?8Rz7wa7Z{Rob&+wc0XZh#&=lL$an}31tLB!xM z@>}?={5F0&Y|QWAck;XVfABB!y?h^{pL~Vi!|&zy@vp+%@N4|*I9K@q{|5gi{}z7` zMiUS5gZvPm;D`Cc{1N^re~drQpWxr--$8W3Bm5|Tl0U`2$G^{?=FjkF`49LH`H%RI z`E&ev{uBNJd`$k7zsO(WFZ1L41b>D9jQp<+x*Y`9oRtrh5sl2D}Rswjla+T&i}#xi~p1Vi+{jR^EjUr8f<1b zVr=QcB+SAhtO8zfghM!mOSpwcc!f{+MTW=}0TC1-5r&aymdF-4B3I1W z#iB%%iZW3yD#Q#?DXK)Zs1dcIPSlGA(I}ckvuF`B#VpY(W{Wvuu9zq0i#8Dx3q-r< z5S^k+EEJ1Gx9Aaz#aUvBI9n_gy`oPn6U)U4agJCi&K0Y~dE$I=f%q7#R#%IQ#2T?y z^oxtdItHjmf8u4*) zt=KMhh);;?#P#Bn;!|R$__Vk|+$cUHZW5mrpA(-KyToqs1+homEWRji5x0ul#O>ls z;tp}AxJ&$p_%h6B_ldj3SHwNyUU8rJs<>Z#O?+MK7Y~SUh;NE-i3hRg_K-NJ?G=Z_ zgg7i77LSNW#be@e@r3xc_>TB4RzXL_liHo)De*n=eetw-Mm#HiAbu!*Bz`QO6VHpE zh!+rZ?5E;I@sfC192Y0VE8=J3=i(RQm*Q3Nnm8$bB~FRg#jnM0#2ezb;&*{B{8_vs-W7il|0(_|-V=Wl?~A{Se~AAQ{}lfcABfW;E+%yix_Yh)UDr+6 zZ@~tXZqx0$LwD*f-K~3cukO?RdWN2<2lSvG(!+X0&(gE?96c8Xg!y_@FVGA1BE48I z(M$C*yzAseLx@7H|QJnA^j5lQhk%YSs%vfpe_1VeN-RQ$MtRcW%}j%75bI> zRr=NXHTuW(YxV8=4*e7Qb^7)CC-qP1JM~ZNH|RI&pV4p9KdXOE|Gd6S->rW^-=p7* zO^93cTlL%Y+x0K$cj$NOcj^D3e;M0H`}Di@uju#a_v-iQU)Ar|zovg(->*NQe?$MK z{w?fu9?&1s59){X3H`ACu>OetsQ#G#xc-FxZT&m?cl9IK=Xz3qO8=hzef??u8U0!P z2l@~7AL&2VpVOb$f1aedOHVJDcw08clWOlF*~v6^fqyUAg4np`Hg$z$@Gd?vps!<1S|ta@#w&1 z1Ll5tu`C$bFfu%Fsij|C9Ube2M%QiIJh*A#3dg#sdwa+Fk@5a@l&O7P^48qBt{)i9 z>(!+b==;aEh!ffp+&DwerR;T@0{dsi|O`#|#6(q)upKwZsUD&qlpaV(lDk7L8s zy?s$K1N(;Lt#c7pVOWjHGCMbK_mAou@n!BAAKJ8jz&s=`mL8)f zLq<({R859d3-%ag9#U6(PqGN+p_)x2>o)P8#eC=z$KokWj!UNQooA&K&3S3cgYVJ} zqXPrOo3K_LT355Ke{8^+`o_GZf8Dn60rMt#aV|+o>D-j^U|ymcag)60OHe$06TZw# zRr+C-erZY)=Wxn{d8tZ2EHB>S{w*V8Wtv(Q00`VYDAy;&OFarLbQvFSb?d zhoC1J8yd4+p13oguK=%<7w1(2qa$P6BqJJi4vuUaoq8C$Y#{OA7#q4Gaqk)fQyNY_ z4Uh^c@#GvH8crsXc@GT_5|bNsfOjSD$1fjA+`Gm%V(28EWC^AoP=dq*l^}7iN|1b# zB}hEU5+ojM{ewe8E%gnvT5SVk<6sKo1M96Q$oR&g(e*ZzLf(wo@JeQ~(J4!#?#CR1 zz;E0;Wu=V=%3^S6aC{?WA#cVUGNHP+Q!}btf<(c`H`*yLc{gUKchrRA8y!e*+>WV+ zNIa>oP*7t|nb>%cU18i)_Gocc5P35uktc3}Q{6gbzQ(<*g}OI&4s06lCsJytZ)lO% zhWcjX+A0Ru4B@lMMnqDBJ{}{4>INm3H+ETZd26G38+X90;814;CrhAiWdRf*ilG1v z9OyZPgKi`a+$3<|*1#d}Bo2a;I0(+bLAM4D0#rEYPO^_0X#X53gUyXeHs#Ti1gaU^ zI5IkJ>x0g5c+~V;lK`aYsAY;H3i?q=VzOcHEB94^HE) zOk$&l0hy1ylP_J1whe6>14r6KKbYGgFbs^FyN1^zwYh6EUEE0!nZn+6#kx%h7(H_N zuuQyZU^DTC!Ep&EpCp`f*)}5ikzs+Sf1TB6JU1CvNdR^Avm`;_ zI@5SR%eb~0SH+*|XSEy89mciOxON%Wh3eXB;BPhXw;Fg`4ZN)e-c|!|tAV%Gz}srz zZ8h+=8hBd`ysZY_Rs(PALQ^k#aM(0L->M7?j5;qca4#@$FEDT~FmNw0a4#@$FEDT~ zFmNw0a4#@$FEDT~=rXO8IJZsVY&YuLZs2Y=aJL({+YQ|92JUtPce{bR-N4;$;BGf? zw;Qpt6ukLjK(cW6r;u^n&@}B>P$1{k}vn>-apUx-$!{o z)u*cKymfl1eyh9cj1lpTh;KxEW1v-M#xDlb1ZyF>5z&o^ZbWn=q8kz2i0DQ{HzB$S z(M^bMLUa?No6vg`dT&DSO^9zY*oBCkh0%#vY12ByNVBYC6KHDRi}pEeJH2|FdZXc4 zYv4-{>Z~;yp0!59v({*M)*21ZTBG4vYcxD-jfQ7OL&LM9q2bxl(D3YNXn1xsG(0;R z8lD{u`2NUn1;iH+UqE~T@!7+N*9eF&AijY11+*`qeF5!j(7p!kYtX(1?Q77!2K{3X zJ6@wf`x^95gZ^pIKMne)L3|D3YY<<9_*%r*BEA;!wTQ1pd@bT@(LXKXY7tk9xLU;3 zBCZy3wTP=lT!Od+aS7rQ#3hJJ5SJh>LB9#&6T~NoPY|CVK0$nf_yq9{np%`y$0Vl> zPsjv%YWH)}~nv{JQ7D^{x%$bnLQtZ7U4 z@Q=-kt5r?FMb-SI&x))4rg0buWmIRe>ThIG5OFVhy%L_M98%zUjn=#sC`elxX{)-F zNO^(MmQLEzOItzGmchKGlhAbRd=kEsRA$B!h-6ogtO=4eL9(WitZAecYs^-7jnqz! zWKSctQzKc{NR~B{WvygcD_Pb`mbKEc&`KCu2}3JkXeA7-grSu%h=f5T3?g9=34=%& z)yIWM7(~J#5(belbW*EyQVpF{LnqbHNj3CRtMpP^^io^&Qd{(rWxZrsFIm=0mi3b5 zAjxu&8q`ou>cKG1>RgL@MbK5H)9FB84ITFOEt_`5I|naGy5apGl&G5?+rnaungK- z=&MdgU+J*h7+)n29qSf}o^_KD6rPpqSvN`ateYf3tQ#aqZAlR821yX>21yX>21$^~ zd}yl=2GUhxKn$e01ZgfonoE%867%7d>anhvAk8I6a|zO1f;5*P%_Rob6%%~DNJ6md zK&nfS>Jp^71gS1Ts!NdS5~R8WsV+gPOOWakq`CyDE(yV75Q6xj>`_FJ?h>TC1nDk8 zx=WDm5~RBX=`KOKOOWmoq`L&^ETC1nDk8x=WDm5~RBX z=`KOKOOWmoq`L&^ETC1nDk8x=WDm5~RBX=`KOKOOWmo zq`L&^ETC1nDk8x=W0BjT;#iAVx+7h>=kNf`peK;U!3T z2@+m{gqI-UB}jM)5?+FYmmuLKNO%bnUV?;|AmJrQcnK0-Vq#s0PS6Ij?gE~@jD7;! zr1vSXPopXu-d-kHWm2|bm692oof4}GNzF)#RfZ;H$ErHV!YgHZb8F$oGiGEZ!#g)+ zG!!X}P#l>ATgtBRrd-uMHX|bzUeOL66dx<^kt6S!Bkz|C??scvcj5Bh$%^o#bX7$1 z;GwaK$k-g~C}v90J1JSw5&rkiN>;^E+(9DlU=ddpPhYDfAnGU)RV;)_RDhZ+qNY$( z7|8=FYi4Lid0LJMK-|0OBm4;MFv2}!GBOy=|d9+$J$Zn zVa8K>mIJy=6&quAEZwjby=CR%mYEkhpr@<^y`zc~D&{@ydWkr+$c}ot?+ zhOOu%D;KxSCR{8PR*c?K#Rr1biNl-?td(t89_dXGR#?-5989}OvePC!cOGNkl50V#b>KuY^a zNNFD_nAk7~Qp9J&AkYz?4TC^Od;#$U#AC07p&aqpun2U-W5Xc9#D+nTqJL}{1UmZ1 zhC!gCe{2{8I^wZm5a{S18wP=n{;^>Y=;$9C1_>rM41yH>W5XcO(LXi}0v-Kh!ywS{ z__E;;=;$vS4uOvTvf&Wu=r0=%fsV(Q4Tl618xBE={@Geg&dGf#^pdwqJ+#8T}VbjJH6F z_H}4qhxT=7Ux)T}=#LI@bm)%`@pR~q4smsO{&a}1M|?f{$9R%pVmt{_#AiGSbi~&q zz8>-Qh_6R{J>u&TUyu0gm84)|uOuPGz zpquf~-yrmty^<76?3E;>h|f41=!nla8|dgS<7}WKK6^C@I{M2v8|dgS<7}WKKI3eH ziE%ba@pv=N20ET^#@Rqe{~2ck9sOsV4RrLMaW>G=f5zEBNB&IT#^ z&o~?C=s)9Xpd&8hYM>)7<7%KIF5_yTBQE1=pd&8hYJ!PzHAoScaW&8pmvJ=E5tnf^ z&=Hq$G|&;3aWv2omvJ=E5tnf^!NfQkq=?Hn8t8a_87BiB&oAR-pyT;voD6itVO$J! z#9>@aFflF$DdI3L20Hr3xESb&%eWZmh|9Pb=!na>80dIiF)ju=URR8Z2`0w9AjRv5 zaWBvjhjA{@5yynb(}XxCJf0@RF`=I(qdk3&1_jZtC~Vtcu^nQu9cr=N(PF!k#kSF6 z+f==6u&{5iuy3%iZ?Ld$u&{5iuy3%iZ?Lc*VqrhT!hVQ_{SXWLAr|&SEbNC^*blL= zA8N6GM~iI}-4?kBa9MiHjl79oGeAvf-)l0lV{L@gAp!^qmN^Hf+!g zF^5oSv50yk7EuSp9117yW8TnE7%|7ZGcBQ(%~)D91d;5R(Y5A=5wjg?My#$iH-nh% zXrvsemf14A!e;IS()y}FFkvLcIyE~h36>zJsI-nxp(&VV2TI&9yTQ&RFO0bF5B8&ridGvnJROG=_x6) zS*fwvX)w1Nazi_Zt7ZN@x_45`x|wro1DJar3^U35!nAlX-wrG~ zz$|t(%ug3!=6M**CTBJ50L>9BHiUWW8kmvZ17?}WVI2j`g7<(K?k!;sdkD-(e-CDR zE5&AlMSIwCf*J9?FuT1i%wq2f^VOqaCU_&6DkR#dmUZYD9;uc^_vjS{ODMv7^-#;E zMTU1*!;EjSwgb$#cZS*YjbUbd8<-8>5$3)3hMDb&h-?Kj@4aAFeJhwZ-w9^He*iPd znIG0LBflQZw)cnm^hTH+-yi0cizPPj=M8i4gJ33o1k8?4##~#NtKS^v-FJpr^f55^ zoLRAhS^YjRTR#Bi<9C7C^#fr>dTMN9W}JK)m2;?EOywFXOQ`&U$|F>sqVf`zH>s== zCl1MCD)XqENaZvtXHhvfD~lJDMO3Z=sZnmGayOObRGy&nB9+&vyhr6zQL1EA z+EMA2l`|+ymk}EtR2EcA>H-m623Ni?b|L1F1};GL=ekT27WqoP(34 z%A;~3mD8x4Mde&7i{J(m?>r~CL;jjAIbG)>u9$IwyX()V9NdF4=xP4El+(30VhbF^ zUvv78r5qelv1MZK#X;XAO7R~D2%;1<2%-6JOKY$o{(_+!^tF~-;`&Ds;m^yOtp2rE z3B-<}KKwgUTw%$aPp1kb20@T}+ueRdM89Lj~2K~rEI(mZ&wtbu3aPFWeO zMmhy6p|0Us-HB-_rrR(r!E`gG8!=sv=?hGMVJX)Q(|MTQW~rR8t4gk8dVLM1gk4Yd z^HHCUDdPJeu1^`u_c?_rwA<&A>;TAnRNh7z06Ev-iN*O`0x1XCoJ)sQH#1~2-&ig5 zZ{&g11#m}9f|WdSpLt+^I5*lCHl3m`Pvw#kdm17+7`iEzCa8Rjs!gZr#D=wCxZ(VwYrh0+uMvaU4*qd95<1 zX-@l`8$0)NsjR)tHP6l6?OGkTI-}}r^yuJe=XthnD*PbB5U*2UF&ucv3~v>W%ehVEvh_ zK3uW1KCE)1^#P66hZS$MKCFAA^|>5YAFeuz&yB?Tqp<#HtUm_pkHz|VSbrSW-;DLQ zVEq!TzZL6m!}{B?eks=9f%SJ|{XJM8*4K&t!TL7V{(V?~Kh`h9`Ul`y&;posYv9P; z{`YeOfvdzL>&{K3sVDa_O})56ntEgTOjZs@j+Vm_qvfzpkk*I0lh%iIf~v8Pv^k(I7SJ854DJ_S)ik3r*X?<8p%F4%Lc^;OJ!}4udz8%X;v3v)X@5A!_SYC$Z z2Y_Qaz?JU}BfOT}r`SfCLR(lm7SrvR?gxJ14x=)0Y^Q_Kt4Y=q#;*flEi3bk^+VoF z2T!ODp3rhG5A|`Vm!iG{^)l4oY#F;wy*ZkKEtZbMbO)yY%6WNv5C2v7@Y^RHds6=2 zdD6Y@Rp0iiVt@b7_Ns61;QwoP@LR6>ma8%j`-_(ctG?}3-}b6+-vF?Y+}k$* zZ{Gm?XWjt3?N#6Qs&9MMx4kMG;lJ%w|1-U+Ts{xKhRNl2@U`vV_;y)SUHBHy$>B?z zJdb{HmcjdFxjY}fW&Kkz2;nVsE7*TL#Gh>ZCn9``F)kNEY{W$nJ#z_son9(iCR;9B zAzLY1C0i|9Bl}#oR<=&IUbaEDQMO68S++&CRklsGT~;dFA=@e21z+zjLu|*ZvhU!x z5N^S*A>5_$Gao=S&c_go^O@{th$Zj<_G6SEdX!mJGuFx?^gr58lL z^x@R-ZLcxc6e3-=fGCaCh-u`P8F*RnOlvG(gZOqyFvWQo)Eh-9O72? zg@~2!LtM%v_znoa-UG+a_8($*U4s1KkpJ5lUY8+14f1~*%j+BXvizgWuBPwD@a3C> zIcXr}H(@Vvu7mjFFT)|ir5$_|7T>>%Gc`KF_cJ+sS)irjcW?M&FbDn|AYNvU%n|qe zy*+OoMEnwFMQ`{4>KADz-)$88U-~Q zW;Bd}sH}5k3m|T2f7pB6pNbDV0wSpHk$nMCUiU%V*D{zxa1efDqZ}f|9)aksUqKAl zV-UHuf<|mTNu#x%p;21T!|!iggm|%+AhPJUFo)tg#FM=ZabhcJ^wl5XtFagb_POkZ z>=%f=3MY(Ha#oxTd`EVKIIJ!Zf3*(8UabppSL;K})rOoe*Mw^ZQC9u9RuErRfXJ$W z5LMLx5mnnkG}RFJ-3}u}Q0)rQQ+q(<)IJb3H3}l8MnkOB!4MHOg&Qg!RfvigEt5gi zx&k-{q8_J&nS2nZt`PMs*5>o;*0Qo~QP8E} z8T<&hyg1+UHJ|VKQqFOLJ#TBJ@~fqgd#Pl6td*Ug6*!i!2lt92_&$6~iyZG|KI6S% z(xdp-3qG}HK@i(inEEJ2LJk)H_=Xn7ly0(VZMLlaBx&o)maZcLSA|}F65eP{alUIl zpRel6=PQGY6*M}jTE#m`jpJ0%j0q=cvlLNED_40`gy78AvI51%)fxgyj7m?76;$0+?<;27xq3%r$3h&V1PI|BnGlzhmY$kEI5{D!rMhccoWIbT z4-$8?cNH+Qb{wq#PfkpZgCI*;{#oX#*-(>4+0IOWXk^LR>6s$~1RYPrx(e4;)esR0 znZqIEc$PXmJw039vD%nABqtk!sU&BQ4jVwn(pvh5y+?8GNr-S>K5cU&0rUgH;r2J_EM&4}uil!}$qO{qGo?Rqc7b z=(*>?@lST#%ietAVEbV0vj+#f?ay^NnxN4SwU0U))$4DKy!S78I48hwUGW+|yJO4m zr*&65Hd@yqx6g680`AV``J4%kNGR_B2e-Z}$GwJM%9GLSyS|gCDHU?7GTvP*Z6fLp zyq%Q|+>|O6L~rHmi}|%6OsCs1-{tCUTT(KY>`q_sVX*zti(4+P<{OB`zDiHteZ1SY zBjda}RxHfvA5h-?(MR)~?>_9~%(ph%;y9&0-;!@()_JbL2QQBFxU7sCZUf#R8gHN! zCz1OXw=8Z^(A<1AWv14!e^z2vCfpGIaha)ngjiLr4CA};U99W}7IfhXeof=7J>@W6 zTyJiIoOAaREoMQmd-0b1gA3I1T7ymlt~L1a(1^V3^{YoM_p8i(?{wRPKOcP7Bqmh< zep{DV?^TM|WJuD!ON~}EjP5dNR#cA@>sB2nN6Lsk_!~>Px%i^on=CtNf->$@aq`J{RKdE{@h1Dpc}o;r5?Pk{(p2+&7Yom|v@A;}|Ox!x?RpEY<-(fu~ zC;QDY;^W@zWg5~820BbnSXHd8dz8j;VbEuCkbk)zld+0f4D+eH^D-}UUe^!*<$ z#B?dB+;`>m%?E?Me@aN&`tGpe0VDR@U)c3-#`t!9J>zWBFFmR_)qb2jvQeb-#gYkU z%W~RvANS>mL&3T0ycFBjDFH+Lwj7?4SH8z*^MQ-TX6bA7{hm#3df{TLr=NT5XppJv zxyqw`!n{u|w@B;1?A4TO_TP@XHKWdVKOAp;?t1NIuB|T4+!Ry0U9pYIru2iA2|-HZ ze4ph52WB4*S(!Pg-k`$`(qp_r_sRPttl8-6IpmjI#pgZ7jX(5aUGy(YJFGZX*Zoz= zR}ThcIaZC>yWr`_d0%X?9=xoM>tR3m()wW_O5nM8A_Rc|qBSpTFLoJnQ3$ z*_EHw+a%`{%O{la6ZTqkDW}UfpPqd-%w^ct*yHV%zPhqz$k`kGgc+<)nJ|f;kU!q7 zrhS$UUXk#ZoYj1|qFKMGRPhSv9W76>xew5Ee_V1bc=j)~k1VyGK66B|*2?XJSw5c6 zY*w|itNZih@h)k}H|KirugUDV%%G|YZ*F=0In7rHPe+wUUU+&-=%-j#abnQrImWE* z`;A8%Z$FnW-{3nkdB)Dt9w$zQ9n<>W@t(4F(MKU^?nl+PrY`HyG1rx zmzFi@_QHmX>{9bf8sD9m}0!KiW|BpY)?RSgQPlV{djv|0Kop;yuOg$j;TJb2{y;M23c4RgEl1 z;&p@5IUJuh=*7Y4~lzJ9&X?K9Bt2=`)StY}2U14G&(v>Q``K@lUcD(_1*~ z4OO04-Cp^$YW$KDSK{t_30)H=E5H_JP&6oA?*4xnDaWZOGHwogy;$!b3%V{ruY5WOsYCug~WF zlTU>;>zA@U@bIEd9>R0`kE=FJ(5a@{%sbh7QaX+w;8i zzq&si=CUB0cYozNXLs6Ct7VQ3h`23`b@894s zHT5=pZLve5%*lqgf=)mVy@J+EB7oO4iWQXR*LrPxj)Y7yV8|c zwVkACIQr<9c5521nDwpcOcP%>#o&X^=hL0~j~-RA)}>!EZZ$3oIePX&r=G#PvWK5r<{H)V$mHeQ=dZV#IC)%-)i3+q!fI8d zm0xYQqxP_$?mX<%p;7a$*XnnlyoOX*ExS@X`tJq0ctv131pWNs(WKt<2CP#=Y?$pE z*TB8#Z@WrVajn1mDXE@^DzGr33dWDY(91PtJ)D*OgP-;%kN(Yp`tRys#NO1v8#F}F z5~9(H!$$~cD5-pkMQ7SMRB(cW0bP`ht5uj7Mm5cxVJ&5N^IqZ}cCM~({Mc0T&}4{& zCt#_f#?n9R?UpHHZeP57dg-#qd56jOnHM*{EIfH{MP;q}GV4z+yFXnY(ID{Q9Ij~j z%vtkoOxILSezQwgy|%CCu-ng+Ht6=$)%GDz+-{durbK1B^q+b1n||7B5*a+_i+j^%>qgy=`t@SFlx8N|n6sA;#4LL@<>r*U7dP^+1%wXjW7>0s zA2zzAV!C$t{cGFjZ#Y!n@y3)9xkB5>@H(mAep8Y0nfJm;KLtHgb?)A5bN}US6C15; z{+ZqIIfD=E`FM%fk5*&G&+g}yqgGqZiMAj1py~Zb1M<%-u)qE34r}+2%0cJOo}T{c z+UEzzg=sHm7{k)ir;pjh%}D%7_+evxb8lAwM=GB_ELd+vDT|DE6?=;&Z;a~{Z{GFR z<9Us^Qv;@9K}_xJ=dFm~_GQHys1*LHG6zw%z7B_Qm}(uZ*Qvuh#AIeEIZq zE|DLf{iKuYfnmwZ5Ajyx>tE7uJk~ks>#a>}bq;rxZLVMLH0#jf z^i4OMI={HmcwqeM58`B3KHt%sBz)Oi)%8{MD9=joGE?b-7GFtpWHNijgPNQigDI_t8ZrO9rvHTk{A;u`|070`vXZ~@Mp^o9vdZ|@m*(gPOw(M8w7Y&%GZ_NMA|9@2a8Hd z-rGX67iz&sr21uP9bg>h_p7!_0p8E_eSYe=a^B|)4#w6=C@da##9>jLy_T0Ej7XI* zo~hS>cMtQOeysa1t?oFzAN6ST9$RCprVo0S&xfVA&#o-o=C0QoTqdd-U!4|Rd!gx6 zm(~gSn?H?>8FAxSy?e*Il%0OpLq9d@U9Rd*GehGiuiCu~$Q^iaO?u;JPfmAm?)h=Y zGk4mL?(*;}?MD|j`CW2y?SJN;=Id{oUMa|HuKD|o;VmxCANcD1Cu=4aEbwpK?e(5I z)1Uav@wu8-<+AZ|gLZf8ygWVdhn@8@W3LaXceBmc{X4vFXSL_JbC2^kgBQ%0+UK#{ z(f{Y7s`nShckI(s@w8~KN&Wp*2hI4>rW=lT^)0NJaw>JjnaN8Ie>ta5UT9!$cn`P=_8swywY;m zu}A*B_pWrm?$Q3@tKNft?lf*#R#C$9#I~dDWseu1`oQ{5NYSP*lPA_&99Fu)G~&Qn z+aX7S?yRo(YVnZSQ4Mc9^^Y~Wys`5WBeS6ga literal 0 HcmV?d00001 diff --git a/docs/tools/.sphinx/fonts/UbuntuMono-R.ttf b/docs/tools/.sphinx/fonts/UbuntuMono-R.ttf new file mode 100644 index 0000000000000000000000000000000000000000..fdd309d716629f4e5339d5e5508225ed857a3ede GIT binary patch literal 205748 zcmdSCdwi6|**|>Eeed~v-py_{d&+J$*(94}b0(0@IY5Ar5DX^`2#SJ=f*3RkB1l9O zRH$gFqS8t&Y7n%bw$hebYXPZ6A6i9HOIw~+lt_u<WOrjMDoEaubaE%i{AEHWcW3a;_fS#FY{}sSSAzsONj*8 zRZFhEZu!p|4-&bMzan(?+@(uWDH4%?68WjFUcBO}UAb9VMCE-X+_G)qg1PfQS7e<) zdB~s27a~AjMo;5;8lJNkUbn3GiXU~I!Si_{O>prISI$+O>CGkzRub77ubbPuM7v7; z6yEnDzW@5U*DY9AbzwCL&$-axWlL^Yx-9Xhz2``HVFOX&?j<)ZSn}Yw_zt41ok+8u zc;C>WL%05Ht^NvQ&F7>RPxFx9{`Kd-z!Q&deY$SI0%Ezp9uEfUQI z<JKC$h=<7jT z-fI4xG5obit@fgx{M!r^4S)5haSK}e&DS^FZr=9t;ctc1VjjZ3g+Sx*HydxVQF`?# z_y}B#a*1!6gWeuN5!&`$@MEO)Xl*(AYy?k8Iq;M%bP!{G8?C0F(_{1#nh(CR zj)JGlpk;Iot;A^FO}Ee*Jl!FU>cwGY;1eC$A%V2RUpsO!;yDwL{HOzeZzm&sTD*-& zeP4{8D?}N)(bg=?k1(G2HwPS({w||+C~p<&a0}gxvTwoDcZI!;+V7{grCGNDyc!*z z8B@^iO~c&#I5@Tz95`DVT|O#W)FKb%@p@P!9?C(=3_wIEZ+|1kkB?nBYFLnZ3qH<` zQSiM7DfqZmP#vCQ$k`%|2Ok9s-s{my-s3K6KzK3ceiR%x4rz|j3JTGS$iV}-#K-1J zQ2ymS$@zts@Li)>Fv_tW%)t>ZOrrD=UU7jNTZVJy@A(|(yv1|oX?VO5&L83KPDx^> zOXcq?s1sN;T7xXqopX5sdM29!Qmc3#Jbl(McslM+^I8}!=B-mpbnzV4y%92F1HSFjm&*n|TOz32Onl3cPXR)bcvho- zx%A{;3*yP7SQU83C1nB1DL_APzT)GZfv0kSr_KiDvbGBCDL{=Dq1I7I!dA3^&ksGG z)6$d6)@sCeBR9?u>GV9!7(At=j1B3FCHc-<$K|sPZY@%^plsfD-eNs^ssf?>nM<;A zq$)=*@VsOwJA%?V&lMq*$Keu_zvJL7wg>Yy zJvMyYdB1t3Ii{T*1DlX!ROSCRTW)s*T^^`_>fo=fdO z%F%CXck0EIGL?~Xr<793y!7F3>aJA(&>x5XG4#>UAMxHj+WW(!kQzwsO({|?q*kO_ zQ?01S=r{Fb>h7U;hfd?2Y$U%CH??-?v!R1SDb)9pZ|d>XnxS`w{+@ECgw*s@jnoQW zQ(hllCeNMwd8$iWSe)9Q+BtMSrA@_Bj#N+TGAZ6@OQ;2Hx$Ba)Tv9S+r@oiEZRpU@ z2PwnQzf+B=yl>@?)jaiD>O+k5e%b@9#ylR)J+&rvcd9Ej17qJq*V0{5UAY9{U##~i zdo3h<58jNX8TNr=Q&*+xF(%{j-TF;`q?V+%rLIps3U1ko^1d~K-yWI&=()7)sHJLX zb~4nOuy*k8$mbg$f5Sf`bhY&K|Aa~rCBn5-#y?mm&#O|<)-`pV3#;wdn8Td9$pPviSL!RQ zshoN#12l`=pgxKEu~L79+3HPwiCM{Mhg=P?Lk3iUVhsSTqsr7dNZ%^Z28lM(82Fp02DF*Rg0@Js zRifi*96~05eg@s67PO7(KqpCbGS#O(g?`)s+D?t2Q>h8GgPK7*B{~iB=6|rNwSrEk z@t~K{1ki4Y&Y+3#&!jfcSrVO1lT&ADjzlk~DezxG?Vvq06?86jfX<`N)F;pgIGs<^ zKo?LK=vAN})75kt=t7BJgPHR&=F`m78LS|jE~Z(a*U@ay>m_;v&4GUjT@HGqL~o)V z_?Ob$)JKraSAyOw(d9HB{#$4PXs<+9&{e5_(yeqg=xw0?fbO*r^md8fLD#^)lCA|^ zMTKYc$nNH0tD71{>>tMmiVpGg!NJN&QF6P z^nJ*|=RyBK1E9xfH|RT{@6o&T0_cCy9?;{o7xa(xBIuta`X0TM`V+lR`#?`f^aI)t z|4Dio6s-jPGrbD>A^i;WFQ9*UnTlCIspIQ=@+12>%&q2GX>r8hwThkgtCDZL5$8T}6Q932Av9Q0lKf)0cJOQPrL2>k!1 zw?Mz7->2T8ujp;iuO)hc{s8|F9Rp2C6lMy@d5%nOkAO|2PqIDmXPK-A0Uu(HC@{CV zbwdvcd2TmOto^_>272{zm^2{|f&-{$2j({CoZT1J-~e5DY{Dg@Mb1LQoMj1}#B* z&>hSQ#)7TEp5THog@v##Yzo`Lu5e~JJDeXb4cCMhhx@}1h2I=ZeRAQf@VWWC_bVZF z0ed|DQAus|({@(ED%p6}!KSeuHjnkPRqR3bkl+$B(Z))tjjyAP$I-?$Vn5n=zxaUo zl=zIeTYOVSvU#$bWb3n5Wqs-+pUda>wffqJ+jxa%Mn=Cw!m!zVKW9E`O%q zFSW5sYU48hs_$rH=WrX%Xk*4`8|VKoZEQyy9~f>UeXcmK`HD$xWT}5cV?34mOX|JU z`>7L{KZJQe;9H^@LvK@est%Gnf>pvi^d!;H!+7@)-i^T*AKpt?4{2!6&nB~Q%6s|b?V5e!>4|C>djNXJ@uPYub(=2>Q_7+{|qJvtBL-c zH<%jydhm;rFMW9O!{ev22e12Z*~w{xy@Q=ZC%2y5a`Ha7_nz!Ox%T9WlXFfspKLh! zx08Q4dHm!DC*L~x=E)-`e|7TJlP{ip97Vrr(|Tx#8fSfA{Neg>Jj(`Ax~6rq^K? zz6k5xt>Dg1@MjmB&Msr!bd5A0=dmla5bW_PiEb`M+6?qwU;eQXU| z%kF0D*bms_awhwi>CcFJ(aTG`>69WgVL7Cf z67yHh^-}1gdg!4>*i_BXJFU<+?a(uw&@VHfS9&1bxZTD_e&~)t=#1IW6(iWUMWGw! zK_}!kgF@(lMbQ09p!1bN*W>oCN@>462KwAsSVU?m3Eiz8I$I-jwPxsOt4s~fw9nb4_bLzlW7I#dsICs<~&jz5Vtdly#PpJJ_i1uNxi z;Hd-Ps)JY&e+{mB11sQf=}mC!5ju?3?f2m6cfhyrV&%FTTFC9NF|EePJ%Dxh9_TO2 zp@H1Rend~u9`+P%U{AB1kmQ@#qZq$!;y$(m+RYaB7}nlDK-1`>b?ix+&wj|h4}Ir* z(AjQ-=J6N}Kqp(lxkTa)&L?lPA7f>_m0gcDfpZBT$%W8ut_1H~3k~Im&{ci}Eo3LO zjAvjKc@CNcL9=)fdct0&!*1zjT90)Dd`b_o1#CXMf+$(r-8HSVV`}@9$&=b9P8i?X z(%jV8P+ym<9XGaSOm$UdMR{4gupmDg31^3bK9|jGGU~M&wMwaw%S3@uep9Hq$3GD1 z8IVOnt*r(8IW!jmb1w?$8So>h`O-K8ex7bFUR@G1iI`V?D`qksGdUWQnfx_WQ;_d( z3i$^PH-`NC*vzTj@ZZ-Mn&BTfBl#yuepy6%(BmNxKnj18Yhj~*fc5yB2AY>IT;J5w zSdh#fN>x0GD6)@L$ogt;B~ooUy|nGVPMtN?)0;t=6PPAWIQ%wKqB!Eu?Li~1;oUH`dmtWKGGGhUr+XU#$Ryl!O=q{1Bpuo` zU~3qlo-2n_4aA#}7A(@Vo(~MKAkQl_wR=DIhJ(9H{hmEs!pz|H7;rRTP$Et1yXRju z;Op_s2Y+7W@Ad=+k~7eKGeX@9X7Eu8nFewPQ5-%PKq(d4_N~|>kQfoT0H?UxAghH zRLPTW0P-JDjn+wqO31&dQ@Wi0wQA|uyh6GDrUi``Rq&Eb@gP-jIJfVvr@;GSxHC`% z6(7!4-iCsF0e(MTs|EzLQwrjv=<*LxyT3cMAT%Qc9!j=%^TFYLEsgKQ&d|iEGrOhH z9_Es1mprB4SB}0L_6-OPV8G^>G^l(`rRNsudGxXMTd&8Dy!NkGg(h~c=Ou@RGbI1| z@dE^wO=7xMT1wLevSvuiQ1jf7-{fyzKX+eh)x7n)lgaff9K5Z{U#!R|FrJi0;`{am=J8}07$_m z|9sv#eKQuW@0r0_n;hs!{9^+wG>!&@(74@9Q0N9Up#}8=+E6_YujS#j>2L)PSBB~b zn1dBi((w3G&p#z3f8Y)@e}6@uZ(r&_QunCN(){p>R^OJT>40gQ5%AzrtM7rOt-g(j zbw6Hiz{`8_d?(!Xcjfu+xx3ZZk9TYF?k>b#jqsIt-wU@7;m@ylZN*zF#N-NJsChZU zUWWOrfl)HpwXospuB#drbj@#=+jV6_PuIMLE4nUknA0`8VOH17h8bN0`w(pcGcLft zl?yg55Q`x2<`&KEnY(H3z}&&Pis!FjG=~+<>6x=>j@aEWz3Z}uuCC5ale#)KP3)Sw zX+l@~rtw|Pv+BE=X4PRuM0R@|OwRVPO%wNtfA5$$plY8r!1@Qmot!48&Kywm4^Y?4 zS>3xCyMM;o`|hK9@5BLbXZOH%?~I89t?(qdXB9l;-R+?I8L=3}hCfS}EycfOOGln# z4Day75Ri@pA3Xe73c&kiu1hqq|BoJoMZ*Q_VfVs^LBoedl%&&bTm?vd0ehRIUkZz0 z^)ev70Wm&hr9g(Tg!Lj+4U65E&=?8scYQjfKz`EzwlmOb=ywEtkB4_aqgx6suo>DP zA-n;$rw-_O4G7_}I;aP99YSglQZD&h;V*!15p};9uVO507zaPh z3X3Is0x8;Y*JCS@vKu&uO*Z1FRlq`E6M!9ADMQ+Flv|+!P-f*c;1p5ScCb|v8|+G=8W(V$Xly&t zIFwzBvTG41xeZJ=pQs@lUA>v8$p)MwYQ}Sm4A=_>JWezod5lN;35Y)t{)t}{+;xE}nbQ7L$+6SB> zT51DO#?ocLcHj`vGNfI0jIj9t@_}w(4KM&8&GJT~-XyRDK%INv08r-@QQ#cWZ79DF zY5VZp*ADaoI|1Z*$9$rdn}GwsX`)po0C}xi3~U7s0_TZV<9RinS0mnP#Jdae?y3Y9 z0(f5Q0#J{&h_@E`twp-E9}(UCJ_LylK-_gbzy@G1QU5NY^)jFc=mypRJnT4OLkQ#p z(*T5Tm=7!?x^FRn_T6_7I7f7UCeQ}p-Nq=|MAq7pby^kg=G_)jAKlZgK$+VPYOC2@Q(-OB*f;|0WdVK#s=UqHG&CIIjE93$GB1dwj; ztH5cZ7i~Zdumso+90ic)OO-@FN!Rc=rm*`T0Vk*HHFry#Vrg4dJh$jMv@( z-UrSS9gqPoAfM5%wpfe{U7h`zY@O@;-_9gDCUEOrpP_zJEoWzqJ#c-bM7^sP{h*?;kse{)zHF ziUN4|Q4g>TK>9QLh(1Qzk4pjWN1BgOpHEH^okhC;nN9R5>iOxbz##x>KK%&zn&>lx zf0ha412sS!FdJ9`tO2$HyMP10F#!2~hIHplKsJE7oI{**DC={CeU7?+UIZioy!#yW z{Co+p3fKf}2L^xxz)@fjI7=|*12zD8et~v;fwuk&^*Dc==-+#ZzC<0qLfWr^3#(v> zg`4UH`e8-u#aV4PF(I3nxR;pBL`)tfrsxCC5mO;t4OgoJwi46%fwRQ)uM#sLoe}9x zMZh32^D<(V0b$$9C+{CM9hUa8QX}t;m^z`=G_eJAeM!=SX-IDhFCxaAYO1b zv5<*aHphhav^Y*Sk)l0>Vp9MV_ZNZumso!AbbqMvBt8osNdKm zfI5yH08SGdhqA|Y1DlA|qTb0>z&>JicwdKn>vcdWv4&;D8n*+7fOEu}vWYe0T}vCW zR@ABW7=X5pj{@xg%9wyWu@B-IK-lF-cR9+q9QC?3w-8?oDT#QKuNZf_)Z$86vbv6aYs72@3q|LQ2vOYE*}0O5C? zBerHQv9-&H-Ho(&9{|o0TUQDo-a6E&e*>|5knWyt0RHu8@A_@T?nNKm*ADCi-Y0hd zVqzO>fb+yQAxh&^BeP@f030*Lp(KHv>v588l30Mb455wR_m0LtFN{a+LN-VOkH zeD5G|jM&32APOMf!>zbpT}14WQlJsoO6*ZQKe~a~_hrC2V%w1Z2R+2F{;|hb5!=2Q zK-d$5#Gb_ar}6>RdL;7$Ek{ zK>+c8g0g?Im)I`kv#X!jvxxH?{LkUt^P7ncpkBNCfE@tBUO=1o$N-eT2l?+o{(DjW zUexJDxG&=Q#q-2o@&m2F65uGYeMQ9fR}y;}dB3ui*sI9vXUO;G*~DIp5<39*7b;@E zL>|BDA$AaDA4Fci#=Bo{1CZzIc>WFY`YrN)b3U;{tB4(O0SJ2wX^z$q`#tjcJ>tHN z{QrQuA4Ax&0b=hU{2k=^E&=C={ntTaf1FM1PssC6i2t4nKpyYC3LGN#{z76WbiiI> zA0YfB{3rW>kBAK-pFc-|W5hm0yuZi*8?jUKiT!mkvA>-rb{g?dX98`&GGhOYwEsZd ze^vtLh<$|TGb&&^v5)fswBZxHKf9CI{|o|WiG7OnpEd%$0Kz}r2fP8GzMuJlA|MGM z|IhILv-fc&9p#=w*g1rqTLWwc4gjZ#eUAJ-M}4qPF|1GQ3#9p1KkzE>5w6+$foTBV zpU1oN$nW3C@83ya39th=M(oQdfc(EioG*_P`wDga+C}WbE@DHQ0OW;}L;-t8fu@nb zmH?|r5L`eM*bWSkAbtdVO@a)+L6EnRphyCTNKjS+tw1-fwATQqNKhl48sTb$tC3EF z^x6X?=-}$ll3-Xug7H-nOgl+1?MvKY+wWMD)12rMVUYwfV_*4chMo>JPF0w z0K$t`0eb=TQHcvcSP8;Pb^=F%uSrNmfoTB36T1Mkr4;3r<^!llDZ)z;zZCIH5x)%a z%i4inU_0;zaF&E}6ahWJCSV^hNJ6C!s08K%2(LtYDo>M8g*>WS zfnH!IaGZo{6@a+a3xQR@R^T9TmV_~A{}{v{gZ7Wv4jcl`lTZ@{x`BRRA8?w4u`VD9 zECeDq2sQ0)fz&79w;5-Sn$h)=`KzJ>}YY|?1j)Ww_lZao3cXcSU?lge- z_2|R;uSsY?zcs+$um%_a21#gC0YyMJu!@8xKd_yI=4{{qfO@o`9xX`MvI%$q5M)uSuBh2O3GZtcZl}0TSlI zojXXvJQ+|5%m+3DsMEYtBwU#ZOanFm2T7Q30u}>r0Ov_q&!BWW3_g~ss(9R-NF+>WN=iybJ$S=Rua}g>FMM#ubcDON zuRDm3NutbUI$}x(z`0#Ob1MbQ`&R&C6zl`=I&BZPYO)B;q&D2&L zHPEEkzSQZx*v_`)?MofstJY9k&c4*(9urN1dwQ?lKy8tIsk1yFh=62`ktUg=Jf7Z< zFtuMplkEBTTH*Tgfk?TG|!%#RlqmS<#SZnW5~6hBdNrUV@| z>{fxHz@A_!(+41&y%J|iii<`MQ{bs687GvL7796Fw$kznaDl_&R7N79pu%p;5}a8g zXA66%EE377a5(-uyEs$l$}P?Gl;yhHS|>ysY-W41xV*~jk9mU0BJbp>6KW@09i9nY zTD#Yr5%SnI8ds<|JK3(idcI&(HLJ|gh&|I`(dfO=%A7GBnx#twm$pgo#19K`=lV1D zq0o!DW(05L;9kou$=1QlvzbEXCxxj(p>QyIHY!AeP{oA%M6!t_iovo^G%1as88n?W z38qgRDTm;YF(xaG`HI7rW$3NSZb6(*tcz+B_#S@$Fb8Lxxaq{459S=61Kx?Ri>a5`PHs?s4< z+xQa?6&Bs!Hf2g%TYGz3L3MQjF!X^GfWYAZ%wG{V#m{4&t)LjrXX=^mr8>Xa0?y(r z#Q6*yv&SsCXZL_{3OEO;;mKF2XcGA9bke8RQ=8wVqe*^~7R1F_%k4rUcM;;4!Ihl% z;GW(Cb`|!ej`E!0N;$)om=*3>{+@9c@8N=1kxRw$XjEw`&G*Q%49hiQEGZkS*DIDP z8^taO}^D9I8y?b>4*bz^3rWm-;# zyTIZtiZYKa*O^%#Raegn`x_%6e>9YlU+s_gLcDmBG1cQ8IDAZE>p;v(tnRXTLVcrf0>kQERc zy!)MO)tq_G`1q27r8nMmQ@(I#>#H|Z&YwL!R@3$8+xtF*f^kXxEre?(M%0^EgV!ex zkCL;ff(ui*iC2gdj2M_-$pg)5wFPyvky)jl308_IvlD&fUEuRueXRco+^E-S7gU?r3kgIk?old#lhc)|9 z2?Xllk`ig?AY>06hDbStAp}D@l{t`@U`}OD1=tk+oC+txM^{<|Rye_%%;%}L$(rT% zpwSd`%A4elN>6xlNa<0ATKp>gbiK;o98$U!*^}5485KTxLXp)H2()C$OBBBH47pY( zbclwaC3|v2sff=I+vEQ%{ao;dIX;jFRTBgzHbuxjel^P7`;S+}w z>B=8IQNoph1mr)KL5TZM;m+0{|G0H0%iFiFdH;U!+m_T4+=ROqi@Gm~wSF_HRIs~R zwU5eYQ|%c@RL;Oh&Qui_Ime08987C1&}6n)LRl`Q-&^1fN1XBIqA4x!4(PUO(VV1A35NVrIv)J>(E65yLm;mQKCfFDgMEt|+ zIA^4Ie4U9e251M?fJeKSv-5{y4=)?PT*dnII^?kyH#KAQ#Y?#+zJiDOtio)9D{(Py zen`)7&n9i)W{(uj;ew=f@Tp}(guO-+wV8Mdgu*?VG~kVa$1!kjSMgWDVK+;1Pw(}3 zsSQ{B4}?;=`1NIsn)g9M#bZbw-llx>B(w^95|5lBUGUXx;9t} zf*W-CwIUO@tC?DD%-Lwa%)8Opjqa;GW3Gy0DdZv;@)r-W*qp<$IXA}sQ~I)tdimld zG7L2$6f{8SW<+H2>{UBnu7nT5e%VWw`xWp(aI#O;no z!`q&IdK*V#R%0~UI4d#i@-d$X@)G8wiRzOPfiGt)%9kNOIv2eXNG6zg~KMyPN^|gOg*eO_CQ&}Y!H!jOIxDGk`4F;6t)$aQ%W9B68&NHl7er~RU=ZyAdmvKE*S(5y(B#r1q0AX4V&}kiWaO55jL~ct^A6pEQ;`af zBiCm&dm|2aEZ|b)s{93&{<(A5VSi0^rN@|;pJ!~AYvp;Z$tsT{FR#GmiDc*uHmjmq z?RJ`Gr2AwH=EBS9lM*`jVj&+5Xtc+98{r=1i;Se<4y(M!_dwgo<~lI%ngDu3@_2{! z4Y<;J#ofIss3@7dpO6<^>4lw7C0>ZZ#pjKjPZMcnkek2)jO)q;CX{LC1Ost2nae$< z4L+Z^AzbQos@3sCP<_8f<1Q+qjd_>d;8+Pg(P7;Pdl~QGIh=s)&p=~_W{7U)D)X5V z@c+p5q7ls_?N*dXYfA|G2uX$J>Y*~H95OGhcBGdau99%Q`Ph_(%)*+0-Rp?wxN7ra zH8#J!tF*Yez>$a+HG3*9t8o_R1(YUJb4_g-pB@crXVjO7W$0^-0ayN*P;sNhFts7t zRFbLGYQ+|n1A`z?Hu&;w%nJixjN8O*>4l!DKcf27`_bVs41;_4xIAlZSbto{dE2(Ea}D27`H{>N1H5 zBz^P@+C2vxfW4-~1K$#W)=LLAJ@}Yz=#PLsWDsAz`&M^FSG6mi=f`k1B%BBO6_p zDK>JpNv|Ma8>}F6&~yJOsD`Hvmrzdd%g9VIV9khBVD2bvBMV1aX{5Y(*6I#r*=3D| zI#-pybbP+eQP^5?^;N(2mwA}hQ<$9a3Lwp#13xR_dX|9Bm7Q+T2g?xkBq%f-G_baF4u3Rl&D>%#ZO$lUd zf{$ofz>d0pU!Ggt92`2v`m>sA3l%MoZ&{h!+7w#;(9@kfZxOeo`B<&Mo;5~enE%CU z7y7Mom|5XU>Og{bsKn-RuEWNo==Eq3hAQd;3rC|EoDdgrp(4D1?vNId9-bN#B!j!$ z8o+Z+yAsRu=VSr{YUH*8qaQwvvpLV;9EWRiz^pYw-s2cqh0QzrdUZ! zzO6iT_0TV&NCbQZUPDJ~G=ET+5zX}GxV2*%BLz=P?(r4Zc*{C6imnWfE6mJ_S9!`N zIg6K?LRnb+vMp6(O^$kI)CW9Pizi^pZ813{{a?U%4#B3g0>8+~rDyrvlcpBdud|Yt z=I2VB--I#7^gGR$HfgqDns7H6MMs{UQrz3IhiF0Eax$JK*i(6m2F%T3s$g%j*P+5LPHN?Rb_jeXK-E2(v`8Gx*Y#Im zbyZmu`qYgiA8`Kq~R& z{Kgpm@jYUNTp2D4JMUv-okMr9)y~viO*>k4H1Rnt;MY}auy?u#vm1XmBxzM(&qOMj zQrwQSQ(VD7ttmcd&W(pZ_$F(t00A>l$Q~KGn&WpZOx|)y`<5iN3eFG;&Jfb_g$KCD zxeSKLJ)4Z7WqV-2GQoWX7rRZoBe+OVh$@mR#=E38&c zA_r^!X0^oH);SO^31N*x3Tz%mkl&nDy znOsO<;tA9$bex*o;1t}a;66k7Qo^5-8&{}uEDevX?$et4@|qHTqNmSK+@@U%U^%_; z!Qu3B`W@39V;mlt>U_KHn=N%HO?KXDah!Vq%x{X zt3uUzE>~hoMKq==D;U41DHyJsUebNl@8p(%S7p1D`{g5U?NL&im?79 zA`!MZ{Bia)b6#YoJc%J!FXSwSQXW5fa)<62>QxhgU_2i@V_(jQ&x@SI(IVnQ# z`-=TaxDk3^E>+U4$*H%Muxm@$ib8fR{zYz$2#bQZ1%7AiAU803(Q=b1d%3GR&$HAdXYwk$XGLC~udGj7=j+1{0QmaNl^lLLz?HT1R;Rd# zEBN1hoP6(M<~vBfqk$QRYrYB*2Lz)^Z_cO>3fv)MG#WJ;b8>S`h3#VkhKztU(X{;6 zLaxtOmG8;OE%#2V%P5Ju9NBTVJ4YoKM1@S~mMKKR6d70O$j$aB4HIi-U(O;Yn5gmO zhkSV%+D45d;`Kya8pi)}A-BIA!rb-KPxq4tT!HBY1xb=taMSy8tjW?Wggc@MOM7o= zjRtdY_osaNM(xZvJnP}U!9^Zi?CA~C7Lzj?Utf43TuIss&f)>5lTHXlFmceeToo{z zt$q3?zu(&@Hm8Lg->whu)koE!IU@`*I$NbV36tqJ)3v;U9STh;sF>53liPfGS$I;| zRbQQ3SD4``YRK^>gKnEOXUeUeQ+hk{Y)%-S>t|ObFCUj>#DN~4Yn*Qmfo}|u=1obx zOVTv0(u~vbRzQb@^#Q9TJdWj*Wn5}fGNm`8Pg7^^lc$+N;s>xpy58Kh5DMm)r9CYh z9(74XvqQ0oSJ#ZItsPf$^~BiFt1yi>7rEzNq0i8;^69-3gGQm-7;NhudRg?0nNxSi za*Q5C0e)AE3r~;-S}IR^l}b_6=;i9Agt;k@PPIZVSIbtgI`s-Z6Nh>50{G4|n%i&7Pp=9=hXpNYJ513(?DCQ6P4&}2vi80IeaOTWDS-vR52udVTWTkcXWJ#f5M^*TbO@n zP*^nd74LJHnb`NG{9{SGO0LifY^g$lWmvgFUB?tFWSmDz_@<2;o-Z6Ofq@S>4;%Ji zm9Vo=@6gYCds)2@9tyysce0uD2;W!lK)zO*kaU_PbCQO4yT;F#cn#kwadQH+N*E+8 zOGP`8)`nx6K2G_ndYZSAXeVDI9W*ytA!c=mq&BE~RiaI$5*@IE_gWoTq+st+ zxvYkzFmB?M6V{tLt3eb^<~mcON-cFVPRY48=#tK9hPU8p!;Q3NsbYM&!jgoQ2{#LJ z(ESNBETQb(;+q@&txaR?b26&ynnE2Nb+;4G&kkEi#897B8E z^lz?lN=v?^aYEmPD{XFF5aCHTw{g2vm`P3*#z&@SIvo>L9!ZX!-^FIgot zwXuxlGp55I1iMYEvuU+Dt)kq`!fvK_llwM<-exf9iL8pHg3AjX!O!y-T+lSYTFp37 zmS-BQOSvwWbh}|_7c*Ff&0}!a>5Qm0jx}wKT0Z_?vaEQX!$ zsICBOnK?16Ex@0iqc`$c_*kt8hea9&F(kskAgK&r^-QvvmF+l+5QUkovzaK0tX))T zjp{c1L7UPChmJg5e#hPG>xTZu+;#V?yQ92q`(ux`NOKVvwP2rKg#FayWRV*e=7~kr z49bsMP~%wr4ujfeP#cz-t#U5(8RWjjSSMH4DH{!Gr3a1TqlRJo;6nN+oa+I&EHTU} zU>ZJ>*92=S$}=ZU%N?62%9_}@ZuvE3Ll$At#3k3$$Y#Pu#<|*f`rv2f%Ya8A6CC z#TNM{+r3;9uq~&g*3?RVXP>dz+b74LIK)&%vtoR&{4F6FvyL7S^F^*usIXyygGraK zZ(e`()RN+k>Oi2nqqt;hwSQWDQ!_qI^{l+})+srB8ScEbJrZfZwe!~1t8WGPTo&-R zHMmT?5$lu_Wjv*)TVbGgPgjSsc1$z|s_hls*F4--Doc;b=lLXQ@L zuLAR#pM4e6@uW7Nuax~ z8Z}&LpAC0Vn&;9BfOV5PKF@l(w?Be$Twi(!V(a?*F8zR{R2x&bwEj`NS& zdRMf>omCObxN24gj%+k;TXU?S-WtevM`{Z)uDdEwT@X}f*d|vO6?t=gPK_=rS{|M{ zOQ|s^n{=*%0(Z8@p*8vQYhqI`QyUD5My;324#t1f%ML?^E3vK`nYdJejjKwKuTa); zO=m>UIdTE(D#N_Tw~QTrrsEkXsu$jaa>4T`!dM+d9vRSW^hW8jkkQ2Fo_5&U4_DGf z;o>-fzp*T}dsIv1ZmXhB--jQ9L+D5*-ETxD-v^dK`j6OVxz`|kSuv@|(P8%GXJ+R6 z%pHy*O#A9-rR;k{OXIZ>lPOXgXZH!z!+OU4GS@{K9URtt-2w`}Q8B-U@)JTAKK=~rgXeEI4ADDNj!Nzy@V?Bss@anC_+ zc96^v&SB$?%LWfOL1F_1!sWO%3htI{6lwQ#(#AKD8b8u%ppk*tK{$JZdHGEiJ{{ED zMGWpHLx`pJOZ!Sbg;*4FlW|KB@l1$k0+VNYcL9%Nbmjqk9>J9i9dO^^8DqK(@QmRe z-Q$wn?R$^`p11EoMWpv=1>8-0pjyG*$}0xBmN`$=AoC#Fzh zRw;UwDw|TJRP|Zd^|-~U*J&+UeXkDcuvVw>by#iI+q4=eS{k*lgKTu0N)4q|{R)!W z_iCBeVYAsCT5F?TS7+0x)k;O3YS_dA{R!$5#ul@4Y#cKb|0G>0mNu}&a24;JbuknD zVx1fV&ThQXWxD9OIDP*pE$byK=ZN<|+yv*31oSQZF6JR4i>f#Ir%w zHh1hp+jn+e_=>rQ{wBz$?R@;faSR4)hIxb^(tu~}uuIoj>;{$Ds5aRRIyHt*t}^RM zWm21Z%_^H&Wj5QPc9Fqu=*7)0J^m`YQ?FM$%%(bnzD})bv=293YPPg_I5MoA8xCUA z;!58@G~$!ix}d3tpq`5fXGKE9#UZvzn-$Elhnlly1iDL}n6+Z{j2%TYL!QRgR$t`< zO%tANXW3`Y44s_3bK0fz4Xm5YRcTdnZLiK~(;0QfrA#H4_sW<}#$abQTXfnwqlz)P zEWI~Q@C$kAv5B9MCLZoZUVtw>_Y(XnXaY6j*CM2to*zm%R%^F(M%OduN((mp5M z6$&Ix3>&fg1ZKl7f%u>E!WHWDRiX4vA!~w#nmd_&n()fk+mUuT(k>V&R}M=Tsb$KU zIFi7Pl*3q!(&fr=cK}j6!4~j>e^@7cz{`!Y49P~Kpt}7egVYFMLJC|56Dzqw!A}fD zZj+Yr17-a08lr+<u`F0KviH?WsWk(%6!k(Z`xGV z_G%zO;lZU3HAE>FKiPcSEz4eMD=940t@aix@1dY6D5!!#BlWwc78K<58{3E1cPN0+ zjM1Oz#T_*np8r_T(`IgN3U^q!x_pUE#F;(|Q}7ELDPOV4RFL7!4?4!?m$u|vyjPS& zS}TL0ik9r+xH=;ij3vz)^OP|%alKrjw0Io_A-3IJSf4ZWf!v_SdLOL_8nsS)j^CsMHskDuIpxU{mIE6ot1cWO4}e%4=>t$oAAxLo$d?Vb{a9@ z;-EdpTw&(++w|QPD2$I9t3vS!36HajA4L>E)}OO63ljR~xYr z6eyUH;pq2HRjYOV@{#eA45i#ukiMB!A!+Ty*Uv`|G0OQBU#@-?N1NxA1sfvPKt*PD zGM?#<*GK(hLb_0EUgeyI@ZW1^*Lc;s7M;=xn`wS+u1%?H(rbM+vru>x^?VlNVL(mi zCM_5WzHPyw09bLD^NwGoS5Q_6M@swf(lKM$;s22!O7{ zFAb!3n4|2+_yLQ=dFbd0^!UZ*I7srDhH`Hpo@Hno>x*eRJ<}>nI;#Di((&7c zzd|T&ukj#lulc=jhY7re=_V=WI8Bih3+%`wMFZ|pu4uqbk0aluj$W!kLYTg#8zXR~ z`(1FM(x4ABR?BocStuZ1ZR7o93(D^f1aO^A)o+}d*-w15)4I5{m*w^nY5O)hTfbSf z8Ghzs4@e9;GVJ_*!0@S-l8KjJHMCdWH7S3bNo$;3Tr;aCD>82KBjXa@c+e)Y_inz$ z+d9#J9~oG}$r+{NX4hoBKBmc$U5MXxO7}lL1P^#D1;N~=p_|j=+s&TE_-5gR@|XL; zy3&oNC?5=r4qRyqj_uV^e$)u}I1iV$TNr(~(sdF3jKSa%2eJ5=OGjxJ%i6QaDn1P~ z{3?Qm@7uq*98!?A(i{)3Rym!jLdaXuCkiT2EOfa%{kDn0e*Nf>Cei}<|8gPWTL&Iy z>GCMQ632y*dGv=Se5PPxR7Y}K%6#66_C!sW_qyu~#%CJc4bj$dy1eXUgEf%n@>Q5) zDvJjp*?oqCdXlOKa@;x}$g zygy8QdO#(Yt|fAJ(}s^!YG38#_|TW`=#(0 z?C1e%Oy>GrT9~1I{0@oFkIIO5sf{ajI=wTb58}RJf96!hdeW^mj>oLR5i$0-e1miZ zOW}oMX={k}qBC?epR4 zsW1D!rlG$y#W9gYwMyYCYKfzsEve~jl~hk3Rqe-rl5jeiDP1wTOBAzK8Us$J&d>Ry z1NHN*HH_A8#8QsyL74IE;>!J}(VUeI*X{%}cnZb@B9pLgjLnReUQ)NRq6TdD%*{G; z?ijXic&tCbSUYGzvRna+=bc)GO-nYd!fGO$)kb%ktTtSzFxhOlI;vesdZyAlwI;c3 zyumn0KS8d*=q50^`A^M82AB(}U#ydj?n2h7_$jcQ-wdzd<`--%Ft;nX5gmH)$DYQ9 z8p}LuWo>OnXJ^Ir`Ez3{Qns%06!J26h zSx0_#&~W#0wKdb~E#bqQ71HvtWIt^l5<~eO&G7i5KDpraqwG)MK*&Z7^fG=JC2e6* zAxSL@pi*|ZYh^|TmPCEXzcPSYkw_8?{blQb!ZomZbPEd?`j=3LQX z^5(j11@=z%E3K~Q+M%aOZpJ)G7& zkAM(DNC+@fo^8Mu$Ouao#uj)0zu=DIAx?PLPCom23c|LMmzWR_+&qMpT;eD(U?t9t zabj-BXD83*My>a+wX3RIt;Wf_57D(xo!Yf)pFOO#_8R_WUU;CxuU`N?Cw=&7!=EAg zlOb6!LskuPaAx%vE|{>x^dWDs4aA2k2pPcRM5#8&_iF}XUdVxrUTyqpq9-L%K{THT zdHAG~OPq8PGj{44LWN70Vg6xdNBwhg3YSg!lXS3tm>W%H= z*=yHMPOMooF}e1&v3*9NVC)+kyJ5Can7v_a$Nv30w(p0Tm*~ZQ@dDCp4*>HhA}A!7;KYh~q(@e1cc`Q;QBL{_w%BncF6{BV=~Q}We2WvJ z7(LgDR2i-@9a2opW(FF5()5>U(@J73?%z6{uedtW*tN;_W|F}6B(EJKf$Yb-_F2sf zKk!5o_37dW$zQIotGBZ_#&o-i=lf#k`5rL(5n2a|UB%>PX>xJep%*+wkSth1x)j=>>$R{OvS0z8a?OJ_uPiu5fdXI0MME=x|i_`T))FVn}>%Lti;|J`QK7k-%i2Ss# zfL|%ThUY`xF(YX8c_csd+H6kRA|whi?;&PLwmujWX^SHUtdO?_?ta@H`eebU52dGP z#n%fK`zD7aKpamX_shSE-^YHaC_goVc^xiQTk}=Y^yX-~IT8Rw2PL~L^Lq>>%I9f~ z^Lvac)XEo04F^i@H3zUzLaaoo)1Q~ae(HA0a5+ZJ* zn2yJxu<>}*w4w>SmP#Z|(MOc{Civ!^@^_dDPBJ*q`@eG&$HPLNzzupD(vC>a?A}pq zWCW~cWb9|(`j%5GCW-@Lw|BZeyt?E)e0aAwzwQDt7q@f0HB9X0!n%_HHWkS8^KaNM z=OK@Q$9SZ}BN>T|K_YJ)>t`jdXQkP(ki2H00~!v!8W=WoiuP#Ou?h59=0jj*%|0qhva+5pr+ z-@?k<&mw6QyZn$V&>32tu{^9!pYweVYuJHkcLY?tuM<$=bL;?6zN$nW5hc9I z>Dc6x;)K+25~p73L)I|~56Q3+QfrYNhy2B$+7jOnHU?YTmgb?-4eo5d5D1itIkz}J z_t5>n*1YMBlLLnj?=KejA3jVWpy)STf5hLS-~D3aGgVR`(DA@XVieg$IYk=fq>h(F z3@<-T2-+TB!{tB31^CNrq%g(~`Gw)dMU>WkgxC{2q}ZmzDsi+*{zI@9kn=KDlba}= z%TC*gHXkO6C1`w%l1UpKDUEHo0Shfra8yw#8j5MTlE^0BZ&AW<$H^9tmz?o%{QVYZ z*y6NUy#2mXwzQ*ku=K-{r8E%s9d~(arQ)VU9L)Q915OazES7lO=iLM|p=)!0Hp_}Q zh~@1j8|9m|0BJ7$-{*tbftIw#cS5^g@5HgdezJJt>|PzHbzHQ_;(g_$bmoTC$6~J! zLW|cMjcC4^RLQa3WOI7#{%A1ZoN@YtVV}e6w41hAyy2K9KR!NPsZ5WL=O6r+TPs_3 zADXI8jgA)z?r5^S{rhz@1Ui;y#}%77A|i`!>0po3-vig$IHTW-IBLKj;Nc zLQmIB&kHHGLb_&(rWVJX>3k^|td?}wwYh_h-#zfqeb@hHeZL+aB>L5A4~C|WPrUrp zQ-8JU#0;&&;^phbIrLu_c4Kv%Y;`eOOd8F+MwC?}S`?*2c97l%=&d}Hk$uHa+|jS& zo{v7ja(m6_$9>y48nLopF^hCoGMHFdk7%Jwi%!1u*q^)#QL+~`%IA$KkbHKuj?qqy z#KQ2QTC#tkbk0UZB(Li_LLqZ8pVjJsNU4O$VUu{a8N`<1HJVgek=2XCbbxg zdz*CSbOgg@cjUZ7W7_y({RU?;Uy1rtaEG`~-%$@#8i*gS+xJ?mwV}IycC>on@GbSm z4f_v{oc#G6)yZBIZ}Kzv0>(Rlc*tS|9-dICcgT@csVfd)C$;(`elXrg?BLeY zRf@%RnNHmpxxUihuZ?Ap25-;3?ye~)b0e`|gHSoPq6 zYf|uz7s#)+UwlFRL&QVgZUE^YvsWN7tw3U0Ax27F2km^ANuULE(40Dm4>@8W=-x~y zaeN?ZEtMK|3T5|XvT)030!jru=iCH)bG6$qUTTrEes_C<3sICEi>Kg60H>hPemJBO zsizwdU0J7F*ij860uEnsy0Pop{z4UzrN#bhb~UDpK1U!P=o2+xJnR3R(s(62S8hGF zX4d6iJ^NUzJQuEvmwv~Wjr-~OUc&R`@O*%n__})BWI_%PP?{$94Gbp)RnJS?wz0Bb z&Ijs$R*uJ6r0!$=8f#)`P&$$dy=Q$l^bYU?#33IS@U_5@WW4d<$I4N~X2Xyu0|VaP zkih?=GbAsz+e?R}#2Q9&%jF2fQ9L~ZACUF|%$YRa%(UC$vsFB|!&h29ASIuj2IQaq zGviTG{z!aJ?1Ch}{wz`)@_7oZfTE%a;0-yaSaY-!q@uJFrph}8Tw8q4P2XLg*mB2>(kha3ZW^5D;=;?fGiTv!s-k;U#V>Q1n|^!-XUptn)5cFq0J2I}D_n zyMp%}thQtRNISXKaDLbQEg_zE|F&n-RCzQK^lfR}@xOW3!U1kteDk-g}$jjJlxqFnElfL@drt|7-F5Pj=$@8!3+GZ>|{6Z-c&w^sQB8 zGx=)Mkq*MOg?NA^Mlrrx#1%iDQIv)gydzAaXLB%(rf1lg01tK{1GV*7g0GE2_i2lxS^HC_x7 z1OnJ8qhWwwvhO^_%U*G#KR@9~r*pYl>{-1?&} z@0p%{&z2vpd+s@o&suC>Q>KiR+inYKk$~cL+HCPy*cI@35qIW`I2D_jV3E$Xny-NK zb$${tQ!QMx!!TkI8UKoYwfoBj{&l;Jf1Q5+qaS@>)4Nx#diSQazegPa&bCnAr`mz7 z^<^j<_ZvwI9r8_dXfctvVj_}bK4f{PMTO-0tdWewHd@qoAQPb~3|tFC0ptYC!Y3@~ z9$8Y!5gP8h31BX?=x>N!97K&wtG3FUNAr94=G8BssBGU}fi>F!Kc9bs?;hoQ&*CKA zM)tc|<;}0Hs(M1o)(HqgXXs)Kl93Uhs}cU7GDz2@?#JLr7v#q|{umxE_?Xl${B6il z7mZu#799HU3U~kU@Vue#)DP(i(9~w3dH|EFZrlzOe*7+U& zgZ_8;O@3wG%_*{Gre>zR<)QTHQ6n$%HSP3d`9{;}9dIgfoc2<1*h>f4miE#C&`Yce zEKxrY8z9MFdilWX@PBK|t5*+n-!G93h%T_Es-t=zZnq-gLS9?p-clDpTc=*BBDD1$ zj|bkt9?!^jtrjxbW5Jv|2j`6M)B5JsjF?8C%4oJHJ~VmD zEt3o1&VKH5I%rw)@|&Q=6dO`hKKM+S&SLNbdX4Rca43iHP2w7kZEvszmo0w~T_~uE zlq@KJVf2x=Q%b+jokAfcPN0DyoXlzb77MZgj^8wolnnwBufsU>7 zlKIiQB_dsDiHWpaHg)X+8mSvPf7X|iwUlpSJRCN8B947`+;M{|`!`uRilK+`2%jG zO-ZOp_~p1Jh$F;V#>By;%&oDZsXhXK8TpA^3*Zc_gg?Z*+bN_aR*$npsn zn!f}v9EpSzT2A$sb58M-tD$f(Up4V{@n_(jA?)pj5sl}cOvxt*r(D@jSmLm0RPaOX zb6`C%KsR4}m7c~=;5%165Dp#7p775CdXkt;m-+nlGUlT`*x@#@cwcoOHNJ%ZEZ&hk z68-$IoqqNkVe~VMj$$anN+lGxd?HK30lAeKWb?&K6R$Er&{e~7HFx~gT^tnuf-Xjb zY85Q9y2v80yn`-cp6*q?h)j|HH^$QQwBq!E_h5D)hRW!sMU}TW87j21daDo$6 zT?mP(^l(MfD#Pj2FhHNGa0x?u>y)30FN+qopXX_E3+lEPg4fJCao57UXt6IQApgbB zJM~P2HAKG)?;46=5yu-z^ia1w=!LK9?NRXpBg zGUSX|Jj6L6O+$>9()0lqr@O*5*(4<5i$-$Ln0UX*7tMq`1y{oFiCJs(E-2r{t?GlW zR4f1>r-WCdD6Ku@PCLF7Dq8GPFYTCvBd7BcCgJsM3rJmC`*HJL6WP{LX&08%9q zQ7yK8QM=veLk1hT^bwt&WnM!xa^w-IFG(&1M-LXpUMC*ln5wPLt?Y?{2;HQtMCN6`qQAWG}34&;+Ng`>`tRv@S4IC47@oy{3O zmE(EgAO^k+a8XcJBCO=yME*^+u?qfae@!&?L*x4AK9~JAtu2zj{#Crny6jcRy7cR3 zk;0vwoAX3CAqVhzLu#p+j?;U?03AnoDl```{6mw*;6YLA>g>sS-8*$MsVK>{V<)|9 zvL9Hzx)_~372nx971~)n<=9oJSc_8s39w5^Vll9bG?t(jKx3D}FR=NYz!dn1+!3A0 z{DI?!tEj9Sv`rh}6w{yf}>7N)|1Mt`oE#Uu~rN~7N3VEU-|iVJQUo{YBe zBVX8Kv3jB8iF&LypY}f!;dt8TbywPrf&O*ZH|l%W_Vo`oYd^Jm9jTGNxZSIznp3(y zJCsc~rn9-3R_3o(t=m9)Fw7nM2%8d^I{+~VoANNG;zNpN_^}*9C9`{{YEJJE<^ZO! zHcZqL()BUmx;&|A$%F;is!%L|(93f>;CvwO5{<`lgXuBEn5sV?T$xTaeRn;RUX&EokZ<62BXT)>ZBL(HqStSa~1h^->Y*_gT`HB5# zP$I|!T-2U9Zpo29OtJ*STrrW*9?j%*M3kMf*x|azn4R(!TZWyXFpKRjtE4!UrLdem zzaktFB`)VsW^~KI=HzHLm>W$MXB&xIcEa}J&P?Su-}nw;9@#aSw;n&HI-Kj^8&#RD z?b%^>uXQ=qWAF6<{~TT>F>k*KLX+9$THvDFXPHy95Yo;90S?`?%~ zyp4ME6E$8BW#wkXV>mgkWsgxX$Kxi1mOyXn3I@~Og3=dEBtmdTb0PW^z^S69c)$#c1;koK~dupnUKVEOV zFRE`+y5k`gWI9wFseSeZkON9R9RXpFJ&(niFO_ z{=v@|R0>`W5>A)36r`(w#$1BKLY(O0pn_+2FNp%mvk|EyuJHZs%4&b{v5$T1JwtoT z`}M7Tl}-Bo>UBd8KJmm82WR&i+dsK!{f7+WL+iKv=5}NM>_MKRMg5vhNgHmf_?Qha zZg!m2h)s6DFnJ3AWQqb6N!_+>+gBGpZ#uN_c{G82zZQG&%ZN)ES2l|+&uq|f_L{_& zBcmTmmRsAbX@l5`i;E0)Ge|mO)I`ZO`8^0UN;V^+yhzX%O)9Yg8gw6JmA=<4vDxvS z-KHJCpViA){wjE}R|%9h|}`{t2sbFMTO0}DDfl1gQd#T1bJ zCj9|>2g8K}6ft0_?1giz+TbcFYIWHKtKo2x;%FGqp03uSqpZT(W>8>n2M>VM zc%cpeD6}4=gst3=G+MU}PUI#A;yx_}3;N#ejqR~ebh=q+4YcUCH=6V$^n=$=ZPVVL z&?CiGI)I|k1OQE7MlXb1@j|PpRdaEBu#uVB7_hIi2h*7>U^n8$p<=X>OV~rL+?ur^ zm-t4Yp49YM&}j_}q_ixMh2{FVM=gto)yG*kQaYhUp>q|E;=lvK#R$F2(kUyeW9Ad|5~p)mV31yPI$XgT%AA8d1UOI}>Pc2p;$X&3 zekggh(R+gykcl9`Oca`DBI}8%ihJa)LjfS{wgU#ZO^M;1LX~i$f9+`)(NF?s26rtn zGO1DAO0gJL=BGB)=2Oo3*80Y2&3Ah4#_H*u<@Am*F$ScYrFbN-lbWm5Tm*q#aZN49 zgS1^Kgs`UoLGzNRT4L%iaVAJo5vP;&@l0mCp5zkv5xW9Vxz*s0nW|;{g+SO9b?C`l z#-X_uep;U1UafAQDpA?DZL0KRn4M#>=7xqW*BgK;E!1PNMlou!k6KLCxLz__CZ}(l z&Sa+dPfhQi&PqSwBcco+w<9#kTnE!Qy3}=Dn8Ia?GvoDT6aN0}rpf5W(yFamwVn2)Ll%Epiwp)Gfl+ZlRrf(_ z;0*Z^nuxC*f8Jsn98XnZE>%@M$q3}Paf_X4>a4N@+1I}Wnb@UF8gZM;umjp1{{9w2 zHJ>mkE{jdzJ!>A?EF6=NoOq=L4OYVca*Hn@WU&rHzRuo1e9g|*%meK`J6j81Nq+o^ z?3ei!zej#&HSwI-kKYSCg9rq9O2RSe6*`~6izPQAp4+hSB>+8~|Ht)^4?7sK06v15 z1`!L3d#-}qr|ZPMhHIQ~lg0=p3bdSs8I)|Wpwb|RsxpJ3m1sx8>*^Q84+uO2UZP~J zq*;ZxAm+H**_5xHp|^5ZVrH@X|LWDD6;Vkas3tCJ(kndu+?77@eJ;9TG!EJhjn4spwRHKC@v} z-~3=dAbLUD`tVu5bAB)^!t2|!lVbAp;3~0dRb%vrsNg$YSikyo1DhE!?cL4%BH72A z_q=`&d9dGm>DAi3U=!cJRD1ORuD*Yu_3e9F9q7v;8E>_M*_?c=7S9c2qg%d{$Kc~f z=M6|oWLhR?2cX7u0qU;&-xAa zc@1Ko18{uU>elJi&aZr0chh?%>`eHyG|uQqtpKh<`4xz{F4r_%;aqorxKNMB>xFQ) zoGK@iW%^Sm(hWTj&>QJ)sTYen{$$@8EVuV#r~07z*W3VS14e<_28d^W!0p?A1{Ca?}%R*%|B^Xezlb;4?v&9XWGm{h2dAA=gUf7~+v0fSjc(e@k9`uRV<= zuG7}SDo4rZU6d>?p=3lmevjo$@6Whl1IER9qXO=fB0rV_s>UNjgJmAl^X&m1xg5n6qv8Mdu znWB#8VuLVgc@Vns8a*h85dg11YRDQn*zAVayY74$7ulL z_7NE=q?B!a1{&xa#}D)w_dbdIj#93UTfRp3VNfVfNjVb9`3KDoOQiEgUOsg1mDv5HG!j>*!|xAd({)~DLsboknbw_swI>e@^qIGxgh3m7zuJ#(~c`C z2OJ{ZIC&-G?oF;Op^jS`J0HO>ts92bQNNI*0)-fMLa4irX?^v8N$lCIaBFG(Ei;9k#r0~R)qH7CJnp>l#-UBExYhaZZxWuP z@(r<8>{1z>QTZ1C_NOlI1@cJ{XX;@i7BD50xGNln(_A>5w#T9GVfQ=*u^{KL2$;~o zS7M_10_Y8~atmqL;i(|!w%r;Tu0T&oUh~4AfF7}s(5fz{E9TQnHWR{$)d`C~=gy>^ zTF7Iww9S@q*rhsRv5=XAAekY!mW(a}g{>%uQjw+09M8e6Khf4JUXuNCv9tlJz17-_~53Rwo~`}%9Qmu}AX^_BC7g1+e6GN%2! zV%UlC9EG4@RESma%Q+sP?yxKsz)E0Ia1B8g3F1;$P*N}~u{eMs443%3Z;NUo8iP-v zPj~Bq;Y72UC|5lTX9~?&->Psf*r0)HwM+q%4u39h+>5MCo@yx6(i5dr%q=c=hxF2A zj3UY2z{L_j1V3{F0cA=tgzc=-0;LQ`l&vjdXc!`t9D+gb89fgde30b|ki?;0dF>4G zxjKD-8#Q8PkPyI&E)r8i$xf;$FVG~>{WBr_1btv^q*&qU*_qi-8Pj27+5pHeOu>U= zg~FJojk(9ih1q6X`7qbj*4E0tP*y7-BV>yrT} zsd~zI@`WPp@aqh)-y6b`76$4o=>(RlWUwVrvk)YamH&pEJu|H(81TLT1Y*c#SgO+QMOB2`Jm%)XtfBQ9<7 zE7X1b@}*8)5!bkGY+2pOUb}ZLLKNTel?JEiP-9Y$LM24|ClC zBk$M!Wp%JD26ghyctU?xKd)cZ-_Y&4$x+y$Iy5vP{D3MR!Z(O55Z>JDkZp3Hf1e@w z=7Mnms;I4=D!m3jop*n_T2(Wtq{Ec#L8xYv5tt|+NJPSkNYeax;xh?#N8(`Oc;d^6 zZzldZaXDd2G|dg)|52&|RW+N*n3EAlZB9w7Hkmou6X;qOR~1qsbdw0Jx+gHf1b;cM zs(=z6!Hsl!>H?~EwUD%DGCge7UP33FC?(FSzc$#0)8JUCG#2v4+s(c%+-f2j4kzjF zsi$T?`I-4u?vmC&G}Iq0yH@?iZ+~*8gTVR)4dxmAVQ;_=2R=cV6;b6bV>}d5O*T^y z<6#4&tS#vBA^yw^h!2M!NV49eEvj{R|71d}*t2lz~$uYo9I!|H0qGY`Ym8@=r9)Ux% zh_-S~T)aWrZMs2PacH;sxQCLDdpNE0`zX;sWsm zCMNiG{($u1xL~a(WU1#_(SnQf)IXFLj26NC1qMxqX(#aT#t;h<4yTI6k%@sLsd31k z<37Vaeqwld=$JOPzEr9l%XR!QVLfO?%S25Rj|_r z(yFWk+NwcDnO-i%n%&l+JyW?Aaa^O5o39dXT}h9nw)0)vt_F8qo3misf(9X|PQ1YM ziXe=LUU@--LP*VY`CpLr&7(MX3ekaDU#b4%*zru?gxTxn%AOu=k!=&rl5O7!S^q<_ z?Oz%W;M}a(Hqjzk|6#75_^Jv_fL|IOuZ}OMBDMo)jQ9nzI(k$Uxm7heV28q@3P$N&_Js3v?OI@r2F&|XB7rwJJ{G@&NHYpv@1={%mh;FrFjN8)ZVJb=R3URTOfH119zj%8gr$M7M56Ha~@ zoiLdPcBp1#`|J7;0P9EDjZCS32whs;0M&Ak8P()~dERBh>^Ix-Z?|GExA02p?%o>! zoRZNO)?m_ii(@BGwz~iCe)!?m!}9IJ;JN9`KLpm|hZJOgRqEn)&LKsFbpRCC7yxDM z8^;o=l15C1aS_~4MaNm9AkpSgH;-fHHbVIzDvB`33q~5Br$}QKqgcimS%5TJiW=D| zy6ce;zDS}*$?gd#FBqh6Hj%Xv_Di;VR;Z-kq*aV|P+lO4U;f7BZx{$9*_JlYFn;yC zk;ca<9k)_+D@DdFjer%{jtN!x^YncH+58?m4mi`9aKsU@RV!LFVvpJ%a74n6h{KUM z;%Nec@QBigMsml3>mBx*1bO@p9KXLq+k*6Ugl;S)1d3NeVplGfXqP0-?un0G5-v*# z@yTZTu9%JKDwC1E0!S^$3?&#dLllG{AwS2Pk(o@kK&YQH4Q*P_WX0_+_cwi&@cQ)& zuUlPz>?=mP7@)~|cDnDuYY7H4HJDvpJ$h~Hn(V?6kMrbv2KQveDYug_L9reglaKe$ zcxV48*b_{*FBy(>(j49?tSPxIR;u6IL&B3vaOGrg56QM^56QNBdq^nRD;n2n7stgcXF6-K0=nG_v?0am1#FRnL72Pz!aR$?nUBk9vHoLq}Bw zc!00Gj{mVTNWa!quytm-9Ra13lMID+D4!=pREdPSX?Her-?4(Re{5{`r{V?gBr+Xn z@oHPW`*zd*>sRe;M^A`vieGy4k-l6lPD(@4|NSd`;GR)t#mHG@2A#xKnV~I#rH%69 z8HzjO8#pG>4a1AxPXPOA+XMxz4$*_+0Z}5t2b-gx%&#TdaYgd^;y@|dp{yLo1v?#} zyg)!C^qyno$>c;{2Pj#sj`A0s&~fH9un$YsBrX^Y2F&N8F^3<3*WyXLfzCDUv-Wq` zP4LmHpHvLHYons*Cw+6n$CVLbA2F1A#qQJVt8}|PJ$P!>wvo;0Q^8J1Js8vkx$V(E zIqJM0fpXk#9)OY;HiRqp+v2;99=#Xi44(i%X0X|Zqo8{_3r16rkOSfgUo_?RdXm*f zHMx7QKbMXmr*t@x@%5FH)xl~qqeXJXYJYu?)<0ct7|@QEW7S;Bn25WmQrrZj?#(siG zTi8m4cB;NMt?U)*Jsyq3l&oV39o4KOB z$9wf?zcLrIwAbN>O}^J+S_ldD3Owr`w-9kRaAngpeP&4^RgEhhKL znf}DwTz<_-_*l8Nji1az!Sk$94MjJ$TKTObk5=3t*iykiW!0%fdRHLeJEiS1Z3ME; z&`?7HM3Fxufw?1&7fy`i{*Uk!oDyMZz!eTl?AwSVWEWASv)EuChu2Bhoe?x$;@m9v zcwE$wg($H#(S9(33Niwd_0k%d9~k%f`xEaIXNUXrlFJ;5r98QIC^??a4dwiS{7}xF zb{EUhe!IglGMLL{^+3go+^gX~cld&Kttftw&t&pHwFGP%w?x+ixYeSCwJ@kmGCS6% zS*%(UUQWPVrJ0qiLcUKGo_)7dy;*Hhj4Bq9JMj!!)I}bllWWgTZCapiL}m` zju=PA)1LQ11IEXrLAnai;YjTqjuQF&@I>uoV)1a)ZV#T)#eUy$tp7rgc1=v?ci z#lz8CoP-ul3hcuneMV_SNj)pdSDl4Cw*7B^3-Gr5`u?lWLK&~;{<~I!b8{o76!TQV zbNepuUC^`6-UUZhFJCqsr9w#EiPVU+jc8viuiM?fv0|Pp7CQS))}#F^+q@IZkM^an zvZTRYd$ccQy@yec_oc5miUyG+b_WE_#eFHUen4jg{EeuuuKySz9q0^TjKzh-)rx_A`KlD?=hne} zU@IZP5VXZbY!Nhr6ZueS%uubI$e1&Tevii!@TdwGPMXICPI^Z*5mWNHL_QwtI~7m@ z{(v4Z+4HeLAeJ|!GuwvX3(a~J4rK#i#p`}J)J*UTNsi!CaFCvufKMl^lH?7yoK*=9 zi6D~{8D>a!&_E7YIwbR>Hf9rxuK8TFm&6V;quJZ%DoSyJ;l}8(zqVT1_nJfy}a<@ zXwaUF-moD(+7~NLZI$bq4DMf1i8t)xwL-js*9z8kKCD=WoqW)}l?~*%Fh`NqH=VM1Oz{xzlUoI0l#+q* z#r7*NA`dwQU09ZcElPMfIioTQn^jLFb2+$-bW72{{{69HF%~bCpl2+V0HFefs)>O1 zfLHVev?N9J<a-w_QE!S>;zc&1qSgi&>qNi>=cNif~} zK9||8xILca$pF$ZD5aC;X11E?GY{lXMWF?Dc}3jpi0&FV6gd3mk2*v_Xt3ING2Vm|MNBB?-A{-C%#S z5yR#7Ms70RFH$zgGu~oka_yTo#~E)aGO@-yqwi@Glv8n{IGe>K(49g6xUr{N;eT~I z_ixWO!asMrpe@4uGM)>szw71t>#o%WqH8uJ{(~B&L#vk8?W{rJjUfvyDl$>)wMlDG zw%J*OLL`?o*sDitOV;bGEkp^#`q7~305NlPi5coMJ_YynM(*q5K3>}*T*&DW{Jzv+ zbTF$x^TLSvJ!WJJM7c2QB(P)BWArvg#EwrhgpR_1V&KG#J%o~Rxahr+!Fq_CR4N&d z{kY;3c4s+p%D>a)-saqr>!5LwUUQ4rY~UtM}iK<8tqOO#$AM4N^@6eUr59J&EW3D&)vv zoMt|87I09k=%1zan1IYa;3tD=fjox+Gf4tvCy5Sw6_e)j4231}DYAj}I}z_YZixn5 zmUVL{bFEfxt;YzhJu&sDQijFJUM?#mfTO%Zgoi-`r}OS0k<{*g_2n1N!P2+X#Wlo$ z%n1Lwa(I^d2QPJV4MDVA^oad`2&37Nhy{U};Ic+b?Iv6eO2L&Nn@5&FJBuGk$YyIK zo^yGozu@0w<9bi))M;x!zM~@Y9M8VvPI#9+$W?Dm{ zy;XU=0O^Utaeu{(Le&);EW`$~^9_Om#c<2g^r#N`|6=`o!FMl68F&a{$;k23YA5d5z zi~byRnXm*)u*Ur-5u6Jk+W8V;I9IwD&gEhWaA+&RI5RLirwVFy9XDYBAP(9Kxw;C< zc?|ffBJLW9CyJVDYA{}~?~ZM04{T_qv;m{4H{3snjr~eQ=YRX|cWK-@_67Jge*w>{ z@|oo#o|ke!zW1zB0)N4ylt_H0V>t;Ot8pX30tp9Xg(;nopI(wCp&Yka9ks&AV8288 zfEDmHnNxE>jne#@u9@uG&N9%$&6W;=^-ak7)U!okySC0xbn5nI3d)!nOCCw7hw?ikM|5U^Dk_Iig>$PeP#IFYV8)Z)xK@1B`UKUoTBy=xKd zn%B9sLlJ+e@;-Y^S!#!Zr@=BilsvN$kCA7wE{}2LuROEKc8SMuyWks3+eI=_YL^T? zwB9fuvR&dc+^)E}!@FGNVLmf<_l9hj_M2??Fl@ygyBT!5-tfxp(w>v;9`3eV>|bmb z`p5mCTS3vl^mZz9|o#O3vJ$F>I8J-i0Mke+IjGg3C(MxW~ zQ9lGb;|B?bv0?>|1iL0@EM`-4PP`D;Bsa1~!Hpt*yVru$3f(k|UTu*HMauZljNCKG zyhwYL*6cpW?>~U-JVx0$hrx5wSfh2)1J_B0s*{LZrMDFlq)358s~Y9SGvq|V;uE;k zQZb6O#jq)|Js2fxo={#eDkPbwW5K-J-8^ZU7_*%09}gRe@e`I0jEyn&cxhMbO6>6t zSCUBxAzOoi_f~m#u~W1~j^$@oW?aR=N5>YKls3w=;Yw6;XTj(35kIF99Mt>{huv@Q z;*^WotANVmf$o@s9TojfWM}I^mrrb9=yI$_xz30N%XM}TCnU)$gxk-HEYPFDa_tfg zmTT-_ca7!CyvDjTnCSXqs!X74*H{`oi?rFPlJl${F?AI`_Lc}0j2@ezq7rzz7>_v zTpAp|qAjrZ&Nw3e6tV%0jT}eVpKTaNrE8Q|+3Nfi(+qs)lFDQMA5h5~(4_#C9Ddu$ zn06={kEgo$ zid9$?4y~yMch|?X zA?NPZ>S1D|`4gt$t%qUw}iFE>$jZ!{vp4t2Tn#bQg#xm1@bQQaZ#y^42O*P@CldgRDM^Zsyt$1 zVEuEmueTTb`{JdSTXY9HfxHnum>!k=Ao*wCn%X%>|IrY#v|18Ug#l z!7AoQ)Hr1Zh;&f-ft=P!3=oOfmoTmp)UzsM%imU%E|yEzBhhX-zeJBa^Xm;SonOou z&o5#wB1+YWhIASU8i7bei`odJSUx#u8LR&;y|C;_JJ}6-Ptwb3u-NBbG6UW#ay|VP zWbUo#72&=8O#Btrj0u#hirj84C3v4Df-KBoO8pyB=LA+tM`c4AW*l`97muh8Wd5}l zx}gm~pF6gDx7fdTOJRL77ii`yed^r{#^LMY@in0&vaEiSe5YxBeoFlf{;jN1Q#Kft z^uxd)JRYd`JzOXN2-0*M>)5UgBpwR`*7cNmOZhQf$P6Tu^2}M{@U&VS01U`H0MBR_pWNZP>AF2?>nV9zcBc_7Ry?b8TqN6 zUzoVzI`!MR6lqdZxo(MJ<9+!v@mZE5h!Yb3Yjx&$HXd=oS4(uZCF)WRi4T$-Ar7D} zLDjG)(u6ufj|EvuCxVqZ6-*o$%ep4=X^AVb%fmCoi?%F ze$iQPKR=U<;H1)BZ$vAgeT2TR$FqY`w1@lw%lb%X zP3|Mt?b<8DG45tZ;6z?2M_J^Jo1{fJ@p;_bFDtRkwb{`m7bsn&fj5_4qehQ(=5&;G4%yASE`> z9Q>o6MG|Ud+dJKm9yuVPb)Ys2c6p!%3v5rD(=8l)RU zn^8&;KS=l};@;>;YW)^(IvI1UUpSvijR$-}9QtqfF6;+N+3jz;c|d&l(#O?j9PQnW zNMRO4+(Puhb;Z2e#7&nm)6&Yj5te&7x#WchNtV|B7-R*??XD|(jAq19TAI>b@gfP& zeStisb=PgGE$2g0_w=zSqn|1^5^Y;I9e5cL2z>mIasnqcqC7?f{#|OAmOS3lAkEPc zac_9cSf_8fCS?HmbBjGbRQ2diyIr&8w8+4H?|t7YO8!1{8#-)w)R(`(`HrR~8y zNk3vb^FWCWKGi$(sEWSaKbdqcFQ}x4+>N?cu1oq6)V#tLFWaQ^4!5~@-hsbLi~Xa? zAdZR0@5?qxKf-NtU2e13;x@Tvub)IyWSh6aHutFXNGart?C)HHzjN1$x1{Z!?|`@s z;yU}V6!S&4&Ep&F7|`)8Bbx9%wttN9SUirE$v&*=<^O3o2Ks~covK#rtXcF45rX1t zOuMe-@#xw>64=RgDri+I2MArAhs$hg>wMNA20f zpI(M|EV=5fXS4v?L``ZBpMH<+3fxcF75)LTD0>FIVmSI6+|TCneiHrSeu{$_2a-oU z2*$%3F5UL@R~dh>ulMZK zCh6Z~n|CUXj@;}RYjd0M*XyhW*(T}VWSbq|LVy|eahv^IlW4_W&egs_uIu{|1Mdp4e!ZDh(CB`))tGC_qco#jKC4V&N-(ZdG^Oy_ zM9BeLC@=6Dz{Pn|X8{?FD-uLBRYZA_2r-bNIlU4}R(m06>^0*yip&K}5Gm|Yr$RBI zMe++RQu2*r4EJ)R&PVzT%x;x($VG$lAUw;Xf9LgcJ7w3{g&`2FI)?&|M4a8~E;{;3>CuiUQ_Zlm;R453y+Lh7yY-d7>`d=l zJQ=nkN#oKM*^|e~<8=L18_{DcHIvT6hj%Y#sPas%bnl%nd1#k5sHm3T=7 zgK>^|32_y|?C#0IcKC}xufG_BCi89)&EHEjUwr!xK7rkwNogL*#IOdaJ*)vAa-b(I zCSkqLOOW{ffa*EwvpSBNki5`0XUD`ty+GpvTORAW&T;+&433Z?p``o9IKc9J?(;{E z?7sj0&%+G&ys_{jkv5)(-JRzUXJ*V{0ojg6G@7$0&7KX3z;cO9CL0IE&VNR!&+$O)@BeUv}FE;D0(Gj5Jb>yXzdw}-0G+UTH^B&3wn;J_x7n5Hgh*7mP1cn4+9a7yws{MF`vZ#m>nh@U=-EjuqcM{0 zkN-2ur!m>FXSpaj$)_=8H}X@FVA3o#C*ub9bLg7*O< z=|0PVULFWp=aQad@Ed_U;gk|1W{1O=d^$eMybis6&o!!al}l95-h5?JJ1e5uyVi!mnBVQzYW^#;+*zZ^ zbkEHRfgN_$ygcn4)`pIq^%BdVlf1{4*e(-Ms|SH;i)Ve#HAlKz=WE3bY4W`S%dNKh9jKdX1gJ7 zs4v?k`!cu7^{KDQ(yG07NrxiamAs?dZZOL2c7~Srn{1cPA+lYn&+T4ORVcrM=c1fC zA*FFv@j*n3kV79*Br1ribVQs^&nfFR*uG_MPB2!IgI~vKxgF@mu0xE4LsQ^)mSrRt zZ(fm&e8EQjlDZ|blha7`&S&ECU!Peuf-_3@e6||rGsvQ-$LEvoIgaWL)o?=T)~lc% zcp&N#Peprw-#Nu0jLij}+O0Q>df;EEC;920;#>x8WxSMKqEl`p{>(qSZMZ&rz=e7{YD7m3hjO185>QăESk zR9Jz^7m9nWxD4h7)LbCj$N+`Q?G98>pFt{puc(->_a_J8ycz+&<6o~!~pEUd+{zJQ@< zC!pF=uxX@WwMi;r$k}W%8)G}i5-uaW0?xA2E=hrl> z`#XWrcS0qMzL0YCtm4OmLvo^^XJZ{CC$EkNck96Ta?=pFkunD30FX)-0bRNXdD%r^ zYL1|n3a`&+n-}H?p>_q4j@o<3`VFBh!R-=o54wc2WNlHLVp_qTjRYSD$9p2nZLz0b zpZb!!GB}(tr6wbHtM{HCx#pU_=;YL7baQ$`p62~H=I(yCq01uZ z1=6+fd&so>9%3!%76-R6{VKaazkD$~U2HxQ)HKh$lANcMY{ApXq%(FpatOHtPn$4z z9c>ozX+f@ z{>g_`VZL^&I6gQHButAZ8}`Km&ielT@nA7znZS-BY}=qXslH2zDJ5|YJ>~NRxJFN7 zFq9o~lA`wvOirtnCJ*JsGo-}h&=>OAq&tKY;UoPLL}8R%6D1ECzsI1VWW5vL$Dr|j zd=G9`=jr<}|6HJ-N684~Tw>Z$GSDpc#sx}N%q5lvN)C8O$+}CF>`V$9(0OVHCD%v! zJmJRieSDAZ8)brX7CJyq!+wC8hUmqSoL36-0kb)v#8123rp)OmZ7lO?6KAs^Zx77R z3mnn#ItXD?jOOytvAeCA(E;5W%z5*J8ILd9 z)Yq;(S;(n+Eui_VS@GFh??gr_S2P>3n}eBZG+fO`wjXp2O}T?nM;ZW}SgRkvK6`}s z*$(2UjAe*Z7ZP?sXKSwFXkwNr>G1dxpPG&TjLwp3!@CW8tzCZHS%fWgzV;1r9u5D{#lS4sc=e|1m=iiUD^blxW68`EV>gNns zxr#|B6Br3n-tdY*`37m3`8`$yU=&#!&2WmShe$d=1q18}7Z;5ztts7ww{9Je;U>$G zRi}@wReZ#I%t;@&?U-F?pkI5s!Q~rI*E;X}7=GbA-6t3Zx{vbw)AIhsr*(e+#?x6Y zUwb+&KR**s!Uc=IfG0rtn(^zADDVac(M~nSFIX;BKUPmQMi{()K;%|wr&nX>X@x#0 zQ{{3Dzf|_4`EoTwZxbnHYnf`7iRzV!)|H9Ym1%lP2EJ0N;wz;pzEX;zJEbaqsWeU< zVkG(!;Y^kYdx!@Ujq+fk9hA=-4zv~1ahHaY9uMVfXRu0WNZ%mnN-ptr+I@xtHGDDr z7Qgf2_uSNDH+9xYUqHJkFBpVdZjIrt)sISGPCRCqf(ynbd|kkOew(2F#@iK_IXXD+ z_1gRAqtVMnQJhy&^Y#h>5bv*u*@~!~j=K)FA8)J2+dpipj|1MkemZbVu1g7LUvD0` z=U%9m?zyK1#O9Y@KY-j7kjP%=;Kv@O@LTP;UwywzO}n+2szRM06X!}bKSMG`ZBms* zMqaD6hcO470rAipWDU-^^+-52H=b*xy@`mfeFyw8RLZvNp~wmHkSg~FL6z&{p>*CK zAMpD6wd!Orne)d1>0H%qevcy=jHg`Q%#*Hk${WntJt@%R_luZ#6niKNt=)$WH_~hp z&JKZ!BD2s1V=qYpL0UcmJH3#Z9BCs!j6JNQ^{~KTW!Pt{&QnJ8jpMQaA_N2vZVieBrG0%@LlTM zjh-cBY|Xlp!MtD6F`M}Dt#^;A{WZHKn5{-aefh|?gJvrcv4|6LA!M?5AwS^>aWimB z-=QcAukpS2Dgya3ZvYPQlf8S#aPI-Cr+lP$@4fi$5x)1)-n~0f?*x5Uyt8-jIO^Tc z_wMQ4dkFVViW^by-rl_r;Jc4-z59Ci?nk|cxPR~J-FrWX@1uMV+D7U#=5Pc)gkOZL zpM!7HvxZ)von4@S(E=q+N|6dIMfQ{wJFft-nFje%e(!V%inB9>8(A`~sFVyK>jZmsSnmG9B^_AI)sB0#yB>+BS z>mNKhd~~ZX6Z1JUBQ*>q#xjZAwtp=?fHTh!yp7`Pz1MkFi&r43I;Xd5rbtU^G#upw zxpsWb;oXQhYCoP4cp=R$!^Qf+mZtk}{WVI!-deUmY+ia%iF)8lLzZ4h2rzz5XLZr{a;grp=46ca% ziIRylzXyj#$!1r6kIl~Su{!v@7t>9jqaI3t>p~5Li#J$0Lwp!>FO&?POYhHwz{GID z&hGSqu?uUH5^j8IQVmZ|s>AcGk){yMM8fNBR7#=we7=GVS@V^Vo8d1t+B#I4_3rSh z-qV9Vq|5X9(g49cJ#YsSX`N2LO*QRPkj8^7d5gwbN-Y5dU8qH78GWDVIJs0q$|dku zWUiDBlhBy-)?DX;PErz~>puaVy9DcaH=Vvd1KeCqUkNwY*Y8gBWtydhf9b*=t9M^| z!EE>VqlB01b*_MytM+%1k1cPA(GhcmqvB07-Ij0TCGraDyaI zOdHDcJS#A(^Q=%bF7Z}=4?0cn&k&?B-vD<;$#(WEeE|ytB_~~=_h*9mjTEgEe1Ni- zFW>@072pn=>`|UKc98rYBjIIDYkqFs#MXL!Yv24jI>vrV9%D`Gw)^MJ>8R!qB0uj~ zQ*Sh|&dZzc7#|;*dK-iN-;zIVz4?mi@*Onm3%~r1=u1Sk5JOz&g6+g$Gg+#7 z&cD@a$aEHidiS67V6UTqy>@#l40~NnMcoS@S!r?Tu~37tl(DZZmoH;Y{1x_f7JM5! z8v)~&4EN9=W;RpxVp<{KVnyI0NGk#pkMca7N$BijApA=~A`yBuSBcrL!sHt7M71_a ziEWY++r-X?=xT`M#X+4?I|NBSFjJkr`AUCL&*$==D(K-tLC+Nng{Y}D9Wq;I=l%ZZ z+ok_r9+&-2di-W3n_fy4$vnSGgPIvVlD*13x=M@kDOgLX$S z8Sth&j&wYf4mpuKY*4*>vb&KN)&_lcf86W#ob>vvfgtjxP{t#k$D=%tJD@MSO+0m0 zxdvMgLwpVGD-8V}lEgxoh}}DJcXySp4BX$`onu^_XDr?I^bORZl4pNirwNpRJjZl{ zFkCcT0Ziqxb;4(AG>Ub?XW}L6<$`gF*9$K!Gp_(zXr?M&cI(s|It~S?UuJsSo?pGX ze}3bRrK=;iV{&pwqp^b)$)20ANDk2=*^fnX?Yy#cJ{uL$b?<11#$eNE9%`DJ&FNyX za(dgX6BDDSr*Gk=jyioh8;=UCTJdf4JCwH3?Z( z04CjCi(W0%TZ>;_C*HGR;W{ENxk}ls#g{>}`@)(#NxVipdi5%G+n21;wEK!x`bR6m zx2IjsoW?X~;rXiLeXvy(%kVa6lEKBc=S$xwTql^G{(mB{; zWUaCg4Fj#Cvoc=FbXAIFa}Z$Y@LFQ(mZ3aZP?rAU>4N-GDoGwTHsb?x4DW_3BCi+p zPhFP}Uw2(Tms_)D+nzm}=cljrBl*?*ZoP@!u+3Cyh0OluytQv$Db7c+=7;C~(a&uA z<~Eglp`LvjwWu`cAUrr}Ozxa~=j0QUUzxN{PHwpN^zK7ziCE*LjPhAh6`;Imv~Vsr z){3=jH=H(Z?d*ubmS|N>m5Po%QQ=dVf#a@g;B@kivCf|0{eTVO|F8FO_6yn+_h3PD zz&0+<-6NVW(U$OEdg=9-=*-(}*IvK3MKl<9yIVuKXQ{CM7CYlV+8DsMT4A|E=92p1 zp02UXfF+T_X-NJnt@n+}Ul{I;9>8kL(BYW*F1_QmiyP2>Fp4HE%`@}?E?zSZ z;1euNTBGEocm<_=ry-2V`Hi#lYgS%IYi3W+9h$tkvjSSHTfmMKt^b$0HxHBRs_sS4 zJ~hwtJkRso^LTocT4Sp<*sXTkk|zu{Hlm@eHjQNq%e1(Bm`8A@L(C=DF$qZsm|#0m zNWu_elU&Pj2;nMV8(&`_3V8x2ki=hzTJN{^sp_tlTg1HYdw)FHU8hdfsj9Qr-g^zd zHDS)N4mPJ9B9&$y43X={nDvcmeyKUl1iQ`Go2;*0AO3$gjnrJH3Ecg1^LANnw)^aN zeBK*&n$*AiY&{k4C>8wmTmU`0(J2{WVpsm1>qdHkvbWdBXASlP&H__ce&V7zC}BTk za@pKt`HVB4$>+^!Ll_Ow!sb*euxid`1=XrTE#&gEne1E`*e1gKgVCJ^gEzgFxXrs} zyF-0kF9;e1pjx@f3_QNDa|`E*;M8M=HWhCG1^|~#5E3(Trx^~iBaD2b-OM$20JWX5 zZs;C6w_oAw-zT}y)_~^m?bh!%;8MarvM2tXeV^l|5n+H?&k4O?#$dk)%j7CQjvW5x z=itQ%%Y0RGk_u2Kov=<`k~)=%R&sjcb!1Mwh^{nvmS64ejwXWPQ24P(&>6wT2@ND_ zwL~PM2nY_ZPUk>hWb3M;S}m=0+%m8hKOTc<2Lb-rE2L zzWBwM3<*9Ji3)r83o=%S+=^fbujox{>N~hYgT%Bv2bWIpRWJMCubKm1p0CB$An{>U zK;UnR_|z|)3>XiD-EkZOK@HsF-Yf#FVQ;_2{9NWbWLuN8$JEZL z$9C;-?%J_yS9!9qIyBbNF;t$I=wB`G+?kJAR>NWSY9jA;=k@yh)UMebJLiT9t*I## zdM4M#ZbN5>uMm8V;{_>+z0}#+vsSw!c8{Lvs|Lw%%z&m^aAhjivbO>aTJw>wuoXfL ze<7@NoVF&cxoNn_k##WIE}JvQ12&txM;1Q+g`L*cjl<~F+a4pMA5M#205>uDMaFt}^&o8Lf_ zveSV|)a#B}cVvj#+in*2yR9xn)NgA&E%P}gY~+7uUjcnxK=TT~M*rv;3paT&V!4>PZMmcFFw{{8IUS1S5@=j>g1)7a+u~>bRbR+msc036Rcj7?-vn*3TCU8N zg2$s3_pp1v8=6eWe+-TVl`6fLJi4w&T%zmt^qPqn)G!u30il!_g+9E)h;&7bYeJ=< zdGY0rmh}+W8xpzYi>0z|aOX7*TDi4e8~()N8lHF$)QZFf`%IogVJ!di18x?2;$>tk@~aN@*GaQn#1{lq0?=aKA| z<@HPFPsse}*?F|_vtE7)<;O8Q^IO=^wsUh$j^p^Rr|MhVbDQtB=I!6NpEvJzd}h6S z>l`ZJ^$^(KVh;6)G6@McOWpopAoy6w?+p1-3D>u3FxafCXjw$ck46ai!@y_UT#HizJnHSaCaZ6QalH)Dqq>w}_Ty+lk<=6O`ihP$nsnBq0n zf;Nw~3>v<%ts?MBI~Bw`x0U}Pk8%C_c6yLLN3l!a=DI*HB0ry?%55_G!v+5JWM%XX z^bb5X*ykMV8yxKDT`i#h*=k3B|J9;?U~smtf3BmtR==$<7aP{^*WaU8=-1wYI497Z zF9q5@Z<69$mjvYZTNd7I>za8B(mK;l#&zDM?!S`J>mO(*DV7*yGiXYF6Emc96uFIe zO9Qb)Jn>jE=1eAI@whh-3|bxVH`^j8>#H-bVpkxtA(5Po#pi;7V_s`y&Ea+(*QwSt zx1ss~Ck}Q1$BC`VW<%$Z5pe*Yhs(jzJ|ygYaiwxvf%Qx275?U=wm3PIUo z>9X2?jDCke68?J>Bv92)>qV}h+{(2`;1*4m{q9RA-o16@p>%%>yr`fBD{7`}FeCEi z%d77ifJ56>B^Gu2_PqEz?X+M2Uz}eBw&TB-zp`Z>xcw#fu>2111MY+7*CG75WJHrp zC>>mM0w0ix529a??jX_Wi2@69(}T*2hwD@^A>gZcX!m?xVUVb?8!2xl6gM6mL{ArSE8E&35ZnKg;uK!D=&*X4b%1~6i zT{Tx>to)vK%KoR(ZSc9EtB7~TMX%r3uBTi+(@t6T6RlcSR#4}L>wSO6^^_=I*?&xZ zbU8jqfnc)pL(jo%4S%G#GHEAP*~Y3a7m7tU*Y?U~QueZ>qC5iqmVwtdb_u>~} ztb>hQlxFc{LkE-whlYI7)sov?s{1k-pCrj@phX+ep3**|RcaNTt5#X}gNuAEe@lJM zd%Urxu&5#`Q6YA||45o0xh>qvNs8y0f#hjy@fcc&QZf`d2-xq0UZ4YSo(O zwvDx;bGF`?E5(mRJXL=vcsxPMbcU97rnRhPb7qT?*osyp>m7W8q#Def*1DE$_rmrR zr+mI<&t=C3iFwg#ZY92%&et{N-WyHA{uLRD`E98yzON+&*KIO6+1EF$MWtZE8kc!S zP3RYfg@4^@+i)YNjiwhQ_ti8FMB({Ha19UBB_>Ycx}1mKh$reQ9tMU6haMXqa1IX- z3=YE1Nw4nrF>dJOB9ReH65_E>Loem*z_WJ0=Uh^y}vYx4h!P%`eC+-pp6Lf%AA0n308^Ry9VaV_u3T7$qO^D32nnd+qoDAV^-k z0Y@H|3#W+OP@8*4z@~8Ik=*o#bSpd}O0OF@rIK7K*B_ld`q&I*p{358NU15dKFiaUTadB>`7bZ++g*}1N@L@L!6UF*D~Z>@B@V|r~uF)?v? z*V?;KJ@eMXYX+XUKxHzqDgF_)N?Vi4w+&3ZOI99(KrJx9$XZjpMUkYb-T2qsKs?`J zqfJJ$+4e>t0!i+xrFr+pCQ_i)!ZzM92Skj+=5GZjAi|*K5Kf2f%{%vAoChwtL=) z)Q2O1M#j@IeG{q-f<`*nTBt3Eyc{>xT~ynR_LBzW1sl{Vo6&YsP&wgUGztbU3R#RB z)v6J@ZHc--5W0f;jdJ}snY%Q5KA;RF_y^MIJPL%$$I1$wr&y|oZx3|V^0t4`$I@9l zbJ?@$=!XYUS6hh%RY0*0^7QNlB z^a%>ZNsZo#gcIb@c=hm^{Z=w8kmrx*TAbjA zVNRgYPA4`E%0;2RL@caedwOn;vGV%6!?%o7M~Z$8`_TFYbD`eBEC*LdC;Eq1Z=Sk& zG-K|W^o;M>hkLYRps#`Nl_-x|vkCV~WvsBxs(u!S!@H=rTJ@D&DivQ8;QcE*QYlMr z$(|Vx$vr}mL|q5|C#Q5m&^F`-ad;vxIJxnsoO7XpDudh~s^-$HGURZYn4r|&pi-O7ct(+~6sQHT zj}`}?Lh6Tv&EjzY%EvruLLUefoS&Tf>Mn!Z6R?i3-oo_zhQwo+dy-=lQ+XF|F)XaG zZ?iMl3k784_DX?>rBk8sR5ChGJs!6xIwMNEI%qE%jhH^3;fmCCaAL%CA|Dg^uBhcf z&9%CDJ3U!!QvK2P@LI%mZS43AmDSR8X(X+=q|cYkS(6Qm zrGw7A-ek_X*0B(D5gDjG?}vCid6t3u2dWTsQ{Veq4CGxfaY= z3zxAIN2Qp>Xuxi^+L@?QqA;OGZ?f7@LPe`q8AKzqT0q&x`Iqaj)L%YNh#hFlAJ7C! z?)lW+AZI?(La~zhU#2@zUK#w0f9&te-*$HJ*&p@w=WqS1dw0AydUywa#4X_7%22AF z6BS~HeG2Cx++F1I;I^;FE)Rk)X0H4*aeYviIK zg&H+%UX?<4qVjkmc6}r$m?DuxJZJ}lQAJ1(LBJ|kC2;(TWP<(>F?p&en6Sq~$;}1) zUw|z+1tC$_gr12Of(>-qn=}V_o_E^+s2?|JDvV zvbsGS4%=*zP{bDRNyK|tSM9p}Q>oO{{_AQte_{&9BlSpEt>pEVYn_q7W99OVAeKT1 zV!=?aJL)}_Mr=>sPNDjm517~~AsY?5 z^(T%Tt$2+{yzVK!?|lb5*^7t5K3^#0^Mw!Pj~-X=R4RtMaue(CMVk6H_dhNrH*YL&D$nw%XdvmBC@s7n-X1GkiX+$*P!#O<2?se zMyF-{_N_$Li9@4e*?jq%E>sv+uwQvIq5pq&zu4>VLDtFx;`bqI?h)?9`3KoUY(;z- zip9rubiR!9lk`6FY3Td`TrZ!0M5Ob#&hHbyhxgyj z&+o_e@8|C?@N>HU{rvae!#}^wKENL2=kMk3zvs#^_JHtQGw%mAobjC>yz(}-B7BAC z{pi-^*Ou|xNxF{b{m8F9fX~XWeMAtO*S#IrJwTu3c|Y=X_u{&H_-iMwywSYwy?E_D z;cJxlv+>&f`0V@nbqgD>(P!V!?~n3+TK950dyv2OUimu6ns2fnvl!Wg+xq zl+PY4JKdI;qogt@d#mayiZtOL6V8cI)-NKYO0YexwunaL|ZRl|d1$L>?N=XU;n_R7=jTd2*VM!ft0-hTw|-_PG4;_px5 z{B!(#n4d4={5F0r@$>yS|2=+wBR`+Q`KS5$F@FA0;U0FF{Rh7PF4Ql%BD@<_J5EEJ zQsbG2?gzQ5pJ&(Od;#_nd13ABXZ-v<{QOh+{H^@+C;8`}LGIUp_%5uyWzdRb=@r=R zXV@nZxur%`CK}^moIlOaSNZu3SKeTs5Et;7PvA486NtQr70DRt>GW$-Fi8e=k_0NR zkQm8Q)uf1*j4_z^=>LskCUCm&>U{i&>U}W5UX)P%b8qalv5|K({118$^1r}1=g&6~D6*v+1xz$T{x%gh zs%y`yjdk<3gS;pr6eZ1P9)H}@6)#Oz{o$T{)vg);=;(|+X_cl-fnqq=FpD=2-KKLS zrP;2Yqr-8lR`j6z)8$`LsSY1b4ww8MIJ`*iQs1lB#1r8DHPkVDPO9|v0D|bFY~L=* zbM30)Sw+ILGCeC3&2m+WBF0!I_P)|s19ABrjazak1ydk|Vb>m8; zcTnym-U{_B`u)YlsFWB&72&8_)T(s?3Jeb$jq3g-XDG2$uRBLF%jl#>;p~-5y%6zK zM&{e|FTX;?f*~gdj{s`S^8yB)cZ?`Xx^tE*Lu?7t`ZaZdZZp~e-4|`3M6Vt za?8yvNy~FaX(>9WZYNJX1pO%Skjh7@h|oNUyGdAjK?>p>_oBvX)x=n6!4wTHF=i8% z%pakWl7KDiz+g{sL^Eogj0!T8vA@Or#oK);uSa8}Cmc;GOpv0+|~ zv`Pa+HZDTU3HLD2vNBllHlmJRr}cs(uS<;MMJa*d1y1XnPF;$*P6;-qwIzi!c647` zv6&AfqAN^E9bB9H3t9A3hxE-O#ooGlW1)3OGe3cMA=iAu(wnI4Y6PNvGxhExes&NQ zT++6Qedcf_7V0vKcYb!uo_b>P^2_ZzN(2@w_iT1y+#ir!;V8j1G(;ag^AVQQ#!Glc z0C>tp!h&$*L#J~oj;#_nZA>ZLr_e+mC~?y5CB}lmD#1$gw#LmzjrKg) z745SN#Ng^dJFxaQ_=q98D`V~29P~l|Oe)bFaEDnu>4@t8ZOfR`>n?pe520S4w2n_; z9mj;#bAnffNICqEX~pqH8Xk@^Pes5nj{?V$V_^IoQ;y?BO1hwofbKQa4wRu1~m7gG(y6~k_A=FbeWleJ}p6e zTB@m_U5uxO}7)T%*+(h*7X`KO+nKNRbbpu3*- zRzV&bH_bUQF)4^A2|>u&8rsu=dMPcaR-)5X;?sQq6|l&20ykB?Rc&!&Yz)qJx!N%w zQnR^E6RRclU~^2TRc^pWQ~T|ifkLd?YSaW0S$p4g{o&}qp-ywqtgn|00i9W6Rofx2 zke07etFAkoMzMHF=h2arLhQ(>RRi$+L~_unuI`CR=ikRZrx=-cN_*2g zG1N4zgp?O^o1#LDalV9Ov_=3A!+_t|!pTKdF}EO?t?)!C%r?P;E(V1N#FNvUTM|Zu zVR)#i01Ec+-+h~E%(rtfwpqSqt61l;Q@oT5m)_dSbbmbFKV9+nx@8&O*nQZjwW=f4 zm~C`KYgLLT;(JaWK5}w*T&Hf6+MT@t)#Y!Y9%ujj$o-2b@=5w)4dW$Dm*n%Qb3#~V zTfFKJRymHm;0NCqt4H`{3M8H^P4D6o6^hHEx1CG2btz2mn_qPx=6FA6349)W3JL^vBkacgp1z{ZB`%YvQa#Qs7`8-iaPjs&KwD4p5Toq zuW~ZcD^$Rnzd#isI4p->qg~H4{D9BBE+z0iWmV2|TB~iG7KU=CBW81Cu&h$qdsdRu z7K{C?VRw_okppg%a!_s2D5Xu5w^%%m46!dfsh3uSoGHdPL58ZO%W1zVLSQygclNwB z(UXnjj_xb&w^?-KMPoGJDCH7TJ>;oR_jT`Y_}0JRj1@doTm{NpB3cPsm?k>hTeCXq z>CT2#J+5+y8k51B@q0==Q}xtTe=^>?FPH4jM@`0bxx*iXlgE{&+%SfD5ZJF_?-+!- zJeCl1w%c(I%AyxT=5vQWm)9n#q~GX(aGf&nytc^0%SdM9jb2jknyvQM8vCcse;+6Z}j*`BsqMzcKf?T^sby5 zjCUrTBHQ(kTBA`pqB5Iw)g$knn7Qvj?i0VRb*Uz9eS4~Z3e`D5bJXkjmbi#Yp@{OT zQz;5;fGi1Tj1PmM|SnBH1CG+{xa&m%eESvJ10Om`*;PBjPBRhoV zx}8$=oXJd$v>3upT7taIkK6)osYFnN-IdQxbw#h+(R;}4GbF41@vhn7xI0}BbajWj zb{B)4<)ks-oUV3_#XAuy#gck|B{|d?GK{J$X1%jGQBQVd{TkbzLT)hQQ0vW_5reCd zi{`NRK~n|lRFaM65lRv|)7pJbVL@y0dX`Wp-mzqb1_~s-8FGT5JujObSi)B|M1c#6 zfaYfmp<2ci)N6G%ZPdeVTL0;#OPQg9Mm16jYOiU1L3-%gxuWBI) z@ZJRND+cw;wCr$W`kHnXW^Y3S!wfbytCaC6yh;Z{)22;v1zlyU#`2KA>dp=1oX-4c zITS^e*h9T1AIyy%DOw}uH!ESeiMd+O4WlWo@<;2hXk4H9^#e->vMP0(7A7KQ=>~QY z^OO=AtW&Z!xH7_5I_>{3E&dXoxM|6|3CTd^COl+ecUVb8SV<;WIrw8G&jX6uaH)dGQrEUT7Mu7bHD#B83(|#Q9I0#EwLH&5JruAR1`4xl^U0siv1Z zPmY;xT#;XNq@xatj_Djxv|d#Bqe2y|u5;LbkN=ckK@Xz8Lr9IJqww|w{3E3$GcCLZ zWCon#BsbH~g%K(7_= zjNEbmheq!L*_{P)DHfczeDIwJRxTZ$zjL(f zZdVJZJf67zl&O-8or;&Ep_Np2I+5HP-=$iyA24v8oZ3usJx1jBxkvk39E#bKBe_*g^R!^WFaB-qa_cDtI>hbD8k93r9*XbP&wSuY8RYB0BtFYeX z6f8?NrD2Jg&9)Jhen~3_aZuXVMsEd}>i|JtI1k~EKLF=EE3Sc92WqfDf7IS}Ztmpz zpPjtnhLdbmOnq(SrOC;cM!q<rl<}5*~go-V1%;ZfVG5vg64~g9-5@CWpyxI*CFG zUazBKUGQz82i z|I~HI>*eeB4145;lJa$C??z@Y}3rkm=gOgK;)*PtYz9*X7`gpDX zbM+?bHrd`ca8!y10#>vMH0U&&T>>9A>(Kuc-2qV?TJ|kAqc&;xk;ZT%K=S8-lGECd zn*z$K0uJi7ju&P{vsL874_|obp*OVze01phlk49edbGVAAj2|2Eoaau z9}TgGL(D->9aTt*We2;<&SEizS*y@Ks57I)yEy^W{J~7ZnaLy&M4-@Raz39f8@E_v z5qmU>@7K28PtB0i>2{cF1H7v37ATDuX`W?usWohG36S)VaJWm zS#!*1vZ;)!sJmmxb&u<=NKY+inR|Aw^0wRNll8^r|uYpKGi>>(G~{2`Mj%`^oXKZq5Hn_*U;IhUta_ze#$z%PcOO{ zO5HQ2x9IOzqnIK(zvyC?1+NgXM#M-oxa?Bv$2B7sGQ+WRV0q!j=by)|UzW2x=I7C< z&q1OP_slo>R`ss?5H>-VYxizT=jhIOQ^&LDt=gDdytDVc3-{F6S1&(WK6(0s!|V1o zeXqISVY^bFK8G;#jFI>5Al}Rekt&v)?WCM2srs`g^d#d7nJkSPpp0V#4`n zVq7&s65Z>hgiclm6k3^rydetuj)-Sbp9p&w1<7FDDa5@?mT)AzKde9t6X&vJ zGSCc5qop=avxoH5HuPbus?#2vM)J-BQzM32Yw-VIlZB#v2kNz%zF4eprdB`D7ya(& zxN7~!s*w?CRK@J73D$KG&?td{2k)Csr>F1xop;}L*Spyp?|R2OQ0o#(8`18^;{QYp zXi@kEX)nzX&m48p%#js}b|5gODEO18iQ`4dftSN%d;&Jc1C5ze7q1X?30LLkc)b;b zj3cKfa97X_7ivl2)spI~;LC_pPH)RBIyIhhtVz345@0f75%bF?73AFum%vFm@K(Tj zuh%cVbbgDb(;}TrH0beEleK}Y=`Cf&x?9OifZ;d+r#qc`#%5SD?(wwTRmRo@nNtolR;Uyzlhs`|wA5L&m6H5^LDY1z}Ax=DBAqPlSX)i$rzV z!sTR45}7~+964EV1h$MT<3!dtIeO#tK_gkTT6#ck-|JEYPn?11>99>GrBCZ6opGnW zm{Gzt}x1B@)tXclXg@6rCu9VB#CBs{CYR=!X4sbNlzr&2hRAZzc>R zik!L6k+qKbhH+bu(PF1S@;>DFYTE zo^Ue|N3>PMl2ULaT;U~TP^51zo%U-jp-4y!IZjzSGN*+`ekFduzT59z(Hf?!D=N4! zWy!fozWFzkue;3!fcRP>Ao2Ar6l|Jl*oy&gy5@J~ZRVmsQ}Jo{D-o0Iw4rWKriQq^ zjCWrk7Wez(vB1S0H+Fk0HiI+Jv8%E^#XgLXCjs9hF3XsE}nz7M>+Hm@BEGXG6piUrDYKybq15OUFHdqx4S0_rY zxw-O;><*~zIW}yMYx5m-@kFpOSvdaoe-PsvzWa{8fNBR5|6^bRfhHnKivm-Iei(x( z{;QI;Ow1!m=4O(3IIRV8SJK)**K~OE2tvT9d4dS1LhBs186P~@5DlI_MduPB>haS8 z$~8H(r?|~jORa>aJ!h?Z^}CBr-h)L!qrY(;p@CP0ihwuEtS9|u72XBgBrM9zr{(r! z&j%X22wC5%%$HG%us3>m&tRx%XkzaF&^aq5?S?-Tzu2bLAGXJbkM{R z!Mii^Dv+Z**yjftu5u}Fo42I%1(({ToIH3i6?xZ*?|2Hj&SY=S?M~L%=X$UAq^`g5 zSg~-!?7;;4nfUY$#mxaG{zM}Ru zk}tzcKrIgvvCu*?lOAR8;yVny2O8WE9Ot753ewd${)ZLFaX3Rx+ZGd3**t&G*EbHS?im)c}qXw$5acn@9PMWkfex34^$_7`K0(Nba3>DR~dRsY=WzCw2xj(G2AA9}JP;9hs# zfx^Qv-N^!1_*SQn`*XQS;D~=bW0@mf8mU4>;Hj}bzrgp4m zPJ1u;yW#Kyo(^618?*+vLx^UPri803^oo?gTaME)wK|qVjgixWk!g+Dl+N#Wtysg; zDwVjRBjp1Our&=7)`BFvt0Q=}OhLDE!v#*0fX1t`_kjbj0QZz1e|G_XlH_#t9XIEO zb`It4a%Pi3NTvgsV{^Rg>U(-!*4s8gq^Y(B$Tnw6!iR^Z%h6HHE^L9Bnc!?5JePZW-ADrE^|*|htYCMrxr9!t7!ltw4kD8rcyYY z+#T4ZH(1nXjJheGs|lQt*?pdCUr5EApC_3?RW`0(FPkVzH^`i?TN76WTB)fWE|(@V zSoEmGK~Yi4D%EJaMf4&4f%>pIg{a|2a08b#HTb3_S{kjs5={PVm+EqD$Z zuR_z|leH1i$Ih?KjK(t*sTZma#mGbaT``r4%5iwv&WMrEg&dES5sp$Vn2S=KHe!I* zor7=HXw+m9a|q=0x%oQF#$w5p&|Zc6jNqFBgt}sFZbA^3HX|3sEwVNpSUhBtlaZWy z@)G0VCGYpt@>l&-CSkJZG@ARW9iu7p%{L!@TfWz5F_vN@6|`c#u%!{}g^B#^&3e^N zm0_^K>6XE|lIfP0Tn>$}U=_?vYc_+i0%sjjEJI?F{@ujQkOP50WR(oDc;vg1dlR#S zC#tpSwC-T09x_lzVoR>T#8H)}Fq9#v7e5EuQLk3AW3$3L&%wd|4U${nrF>`O2=fB_ z)Iw1X7BV2X-H_oP5JIDQM+7m8&v?T2g=8LGMso>2AmWi`lTmcxeBnIENeIyvqw~!z zMtRbbY<0quN{IXS>SHu=Q0=C?kDbhP#W1m`oN3lO?wI=(E zY&8;*Elp=G?o+ORvNqitk;h2=TgkqR3;WK&iNyCRDfLnsBT^GbS4W9~xkL6-@g%@j z6u!_V;y$}wHwDZ^whrZS$lXL=Zt@@0!jd@-kSz{!*|s@-K+lrCzVU@^p+iBym^Cj3)rc@IcrB zWDnOraOC<1!%^yoFl484pU-_cr^w}!i|C7>EXjRL1eewIF4u3ko^+{PF8`w0ZZ{Wm zE*G;c<((rDSs@_)(w_7;-zdnurH*uOIF@8N#1dPbNPuh6zo^ybjQ4c!Y_QkfSuF>; zXS%v(x&xKUoqyp?qs&IEkw`RRRds1v`)zu{!8(0=;@13M@b3isyW6=N680jxO(uai}ZJ!mKG?&ubQwF z7B8lo8!AxQFG@r}zu(|k6cUC7ZQQ*a8qtlImsK3rY#C;RGPQggc>jeTS40`=Zzt8FS`4_mmhdGo%p93Mv z%hm}$pcj>LgmPwO2O;rOB(_{bn^<=H~Vi- z-k^_Va?Ya$k3VD!l&iS?iV2>0u_ay`4q zUP6TZyCrFti}fNn-WT>g=taE`uj_4qUdfxGP@}wnI_yn zkr{m6Dfy zN?oYk`TF~^^Ecm8o_u(J9o_6kv=}pWW+j~52mezSvU^<)tJ&l>F@+kOL+3WRPYOB& zQtHr$B;fJDzwQ^@OFp%ANr6tEBPQLF@hZO(34xdkq6c*bMt}U?O?%r;;On)>ywMG?qBN5*rDx{{Xo{h0GnjQvZqCWLNJ} zztnZS0B+CZ{J#pgy5%v*Ly$-C;MNgvmlH;D2BV-sOqq0NjPP(kMDpAQ1nP5F z<5k0u$H0g3rV)_G5BDyQ08T&lguN$v^G5;==au#U?&u2dJsGGuzR&itk2y#4{i$8? z$?n9#e1BrtgMbMpc)dRe}j}W z?lA_x=jV8x!d;pk;}@k~2)U@4QL&whN}*Mmb>^n?UZ;yM+A^ru7_eepr<2P9`fde- zk!AO!PPL@v@CB(1*mMLRK8yO&E%TL^He)x^qLsNOf22H1Odhp++vK5gco(#>MB=yH zwMx#s{u=wRIbZAa&EF9ox=~6DR1wqSJkoRE`e$uy-re0@w@=ob9liYl&5hH!iF!b9 zwy4GpVX1df=9goj)eE3iQTUs4LJsl)QZ7d_uZE!pNp=TG0}p6H8s1(zz@<3h${y-< zFF~|ad%#swX#vLABv^v{iia%m(MIIJ&cc+_?mk%SJTe#y)ko9r zN-=F@b3Zer@`ZGf#cX-A>0x!=<8kJ9yKHBih~)rF0)S-ig`2}pNXCuWg;WJkhLPlbxVZ~G zG;$7GWMpm>a}l^ihLMb1kTPF$CQ80&e>t%4Sb3NGXKc3jctOg$Vtso{#z?@f7DrTu z+e2xuS*;-PFo?8)x(Pc(KNQM=;xM4>a`)GIV*^yG4?%mz|Knb3=eKLw_g6}~39 z)1;}SNsZ%}bjV8@C<48>Mu+3;L@Y`uAoPOD#5_eb!;^0iw1^`jk%*0XDX^Z>O{8uP zKSb%#8*oKfCazp`p*NY&m5(gOX;BGrrj6$U882h@$WnaVXw+<`8xRMBl`T^bJd9&O zbcFjFWW72{)d4BQksna41^sYIMba6fDh(nh=6@$z7|4f9F^@WDiWR!!H{2Ks?LCWF zQ;~(%&noT7THtMLG%97gs%ED{-EZ={Oh*o;ClXRedLlHL+cDe|;IzwvpHc0Ol<)}& zeIIC$o-FZw10S$n!j=N!!Z9GAUmT&tk>hXt2wDN5OYMnIOjDbP~k)e+9dwM4) zjpaJIzOjz_fPX!O{gn_tbxw$5Oz`t?Tnj4&$BUGcN9WwrLoaYgtYaG6%|YRwuoHMs zGqM-xT7C{Lh9f|GT8F`)?X-{zg-?53F0Iy=be;`|%^~l@{wV}U$QBXLXpm8RuE}gm zkQAlgAWaXrgKQZkHi)4i=$bus$F05wdb3(o!A#lHJ39Ba5|YiP*xSCXcT{Hv;vXJ6 zq}FK_lM1a)oi0?;js1nu(RW&tw3X0yJ6uC>%Lnh)8c9N=p&nY!1jJgjF;>8GL`V?GAMQA&bKX^@kWOupX|fv!#jQbk>xama>Oy zhu$@OFmzr2Z41mev;&cGk6Dskd%JerHq~%0h;s%XtR>0|{ubnLO#Bk^f^XvIOE_P~ zd6#h0rv=1M-9+wFtd9grcYIP^oO$n5zZ4EYwd^71#?Pv3u%ZP4ek zcy@z6PfD&TY5i4Nf+bpvCEDMy=9a~gYyRZ&CXJs$DR^_FCQ(%ib_~m-NzjLy1l>x{ zGj0`=l;Q&l!98U$oH6g=%Ec?^{Vx+m+o)+h|0ZHKKu4L3ElrhWI6dDoIX`(kJT@8* z=mO!O{*KS0+egT7^KY(y@EYV4jkC$FuH@f(_Z&T5n(WTrG=C^K@jtFbPOLW-_~m8b z_bTj&w9q5`+A~q^y5@>K2!wHx(DHWgPwFjQN}%4FKDe_0c>nA|p9E*LcLwDo0@oe7&OUi3I)T2|Rg*e3lh znQYeVSmXE+jd+jw^7UG4Vq~^!a=yoF*O#`C7Hd+3tP$AXLl2=+O*zRWs1~$NlYPPB zP+LdrOO|nAnH%~TF$Km^Ip)g%Xj5+BMT8u|k4e$y9Q!VQOMw~(vxxurRm>Mv3+j*p7M;!&T!2tBZj!afLP5!YUY4^Bkb>^ zLF%>~j9%_jsm2vb;CkO!?>%}1_je2K?{Tar1Nc`)=#qjiizR>}J~@N>6yi#ZiK)nn zclVZxGOasA-5$8Q=?*=cwPYN>;5J_#>z<){G7r$5dSkJV;7;{)r|FpkSJjkx?OJ!- zK7Vx2y;4X}X?<>+-RZF!fp5FV9U~s=2$<+H9Fnl@iKrAT2%>_YzJx#PD^&R-Mfvmc zeDdjZppJ+wpm z#NMTag{RZUu;1W({0(UUPg0R+Nd2D6ltCn^ZJDDDuQK zT4VanCdEHQYs29wWOnRa|3A&~QD9};>d>?n2YbAIw6vCKytI~GSjjbEFOMjZa%d*J zC*t!JQz^r#&uhP|6}81vm4@S#P!GCGQ@NG+ZoO-dwHfwEyo9gsOIYHsAW(or8dgw& zhd;K($xwLyn@7h3X87=u(cxee$)daUR+mv5(CudTZCU?8eIc{^0Q+-;(Uh9#S^qm0 z&Xl|w1Wlg2YP@Z`f%Fny^H4D;ra70;FlZ;je-o^zH7IxjO3SpU3+^uz5bcd?Nr!(@ z`~zG&4vwPc*V2`$T4&HPEn2$hN?ga|@A-EYab4SYGKAD9#c8IqZG2}JzVmDJoy;hI z=gWfNIEP@_@1kqHpBbi^7~mJLP?huT0Q6nh(~fKxAUGx+s?>95pr;^GPrlMY$h!tv-lgXK){8+PdS4@ zC;q-bFXfBq!ecc_D%UjJZa7%3I$ z;R;(?zrW*9UlcTy>GC|*1*ePn+gL+k$%V##%$o;g6uRnuQ5WCObZ*cRYotS7PcrR? z@HwKr8X3Q>&k4meXs=M`_lxTAex@eMZhlVwy`OLV-tTUF?w9+$KiK%35G?cG>&EY; z@q7Mle(#4HzxR6^pKJYI<1LNv$&Jqm(fXG0(H^_@_ObFJUohMth~C0g@{G4aF7 zM&5J?AYC5?qUuNi)kO(;5Utd`lSRR=89{#u&1rYaY*r)#rJQHa*i4%)pq3;2@ZE?@ZgVIR9F=J%kN)$Gw==dwHNCGmWHng!)duDU!s(&? zt8B0lD#aWM!+Y;l*)=lZCXiP)G*?Xr53kMhhL$MzAm*3NKYFl~h#TTE%o~ zBoc+%fgGyl-l9wnpa48it(od@zUAGpeqByUdH>g~+|PkDwO8=wFWz@7li;Zkyyh#p zLDK1MHXSqMe~>+7%h$TXw}(0_s0Hh(d%x_dZoBpV^YO<=KmLhN?%MUqPkek-vcUeExfxjl5@I30 zv4sclFku0qbQ-m;l3KKvL!sz0=5a|>i%R_GnLyY*7do<(fz^orDX4^k?=ekiC$hD+ z3HVit5QGMg)oC|#!lE2mVn!!+x$p^_+p*&yI?qgZbRHgxrKRg?(Q4eS4!HWFiN3tY zmF-Xa0-Dc_962)bDUGWzv$S{L$(aJ&L&^!eCpkLbD`(k~E}VrQ_cidiIOHn2hE_ok zj1WJPbU-cQx2P}yL4I`2xz;UiL@~#v7qP=bn1+ba2OxJKm9>@LPOCsj>c}M~&&|z>qzhaR(dlj@tv>hx;0b zhY~jJ=Li4bu488Xl)>CL@}f=1eb(=h`U+8OH^7>_+>AVg( z{N}>O`X#!`y3HM5E7vtx=|+H?!^M&+K_KIQ%oF*uoktQ}01qI{^I;?^d;^;xhBs77xI-RPp6byKd`Fz%9_FxDp z2F|H~NAi0g@CD5lq!FsravEWyWt+o|0{;m);p%n5ht4;g&utfVX$5U)*hx4>;cuf$Ah~Pr<1@kA!n&F5)&z>0u zR%GVO)a0eBw6v17gdibN1m|i+0zKhUg+*6AwTOnE)}1HP6y@DP%vePGL4mR_W?*4F6<3;H)ze3TaXD@Fi)X=`3 z<+@8oXb8_r#yZcZsT0+z;AuQK6;JpkFScI5lh-8&F3A(Fh7=q;5C#nHhgRe=JLEyk z@ZX`t7tmrV|Ny~Z=xO2z?cT`5%cQ>2HFbWlQ0V)$tH&O0M!ufyyz$<%$MnUw=Rz}F_pF%g(9 zmtz|?UahWo!gAxgo9h&O9!QRfW4IP_46B=4gB_hl_q1qh*?2szf%t%EY2yR95&;MK zfOVQ_HhD`CnD*z%ZW4c!zO!XFGGne3u;a>dleg?Z{nKCNw&1*c9e^wP#y+Rl0IQM7 z(pJGS=g z2tbR4w+1}}uOMvxwGFx~OC~f7p~wdQNR)XBE`M^z!tYAYvWpeZJs#0hmWl9CiwJ^_ z!F9ET5NB*tI@KAi3@x`4g8V{FNVJ_4Z=DXWZ3Q^5i5#l~jTtLAW=y#sCV{$L zyziNSmE6$qH*<&`$5yR3WG7-xq$~N#L$S0ohGed)kZ0O_CKk&?g;N&oX>Y7@rZ$yN zpULe}oDEGI&N>c23bim|A_U^sF1>X5D;yi%BnI3P#9SS}1RDG&Zyg0@C*L~$yP*e= zoz3+C;St!|XZgZ$pr@(*CV_%qf6q(Ca1*6~z!8QtkLF6TOjqWHbYCSvu& zo_g>b{<<4+(mwjjec17^cz43n`_Z*WhaP`?Xm#x)J%+F&T`azD_|cng{I&nf;yXiEzQ-=`b?`;L4jutA&G)gwTP+L5X@yqa zophftEh$G3-}$$E4LstJzcWy)D6G>8W3~C6G8RDh31Q1LBAn6qPHq(oVJ`q+g)Rhe zi$pJmCa*^s2d3|qX+WQm?dYC5x1#~0ag~BTfqRjEBfIe%PvH6{#+=(8WB%mEchj|` zf2hW`V$5^6+vhngDC4Jf-~KO%2nhKH2?bUJ{j|vJ`x!IKx6WzuuZV}G``$@3;bZ0Z zE#?vq5k`7;Kb&RFk>Yy!H|W0Q-*^JE%I}-8uod5rTE;}hrrt!~P4_K-_Y+O~$=Q*{ zSECLfU5W2Jh+qD7e%~A$7e9UFC!n`{-#?-I20kw8aNoMk`>t?|9QQ3_82IR^nOtpm+z)YcX=(&$aMb+-T%fXfX6G$_=LIn2~JNL>!Wf9b%y%V&zw$Wbx9lCeTNL)k_a@iV%CGJZz%G`A}4k30Eq z(EZE5@dTI$>AlLR9pBGH2fmxu&Q`n}YyQd`8*Aqc$rK9!Qx?@x;MW{a?x4@eSUIhE z8Jpj{|9_^n19YA|JWSWVcI4lo`zKspBW}>13B~PwB6RQa_cv+J7;4vT`b4nkAcOx- zJc-%-GR5}t0$3dP0!Tx-JG?Mus;RZ($fYsxuh;n-NSJt4x*p+hevo9ZpJJF` zdpi#}1D;z3>W2ptgT3Q>hTm~^mp-P4OZTWHGukNi#m(ckSR>v)h8|;PkGs07qjuEm zyj|LPtluZ@W{hGoLCY^7m!T&7iIj{JxF07H@FEiaYKtr`8oi4W$|!G$laXhXfE=U> za|0RL4M!kJ%OP_KsU}=U#*s&o;V9R4!45%r;6rwxrr#AYkiwc#_7h+so} zZ?TwJ5eO!uAiK9jN(T?pkt^RLPbD*i{x^s`Omw!WDo1JlO<{L;q`TNRICkellG-;s zGE@!a2gguUajYXU-0LZ(0&0skny;{z?CF6*Zin5puR1hSb51ao!4WBjV_BDaLhsFl z3Kb+iD0V8e8W=a&8zro686P8*>MB2_2KboJJc69Loh6@POp9(mJ%#I^3+% zhp;;yj@Jse!x8nu5%_94Wefqqavy_t0%hU_rWJy=74@{=E%`hTc#+4w*VL@Tv;k_h z^hpkBHO^zTw<(s5%|dR7;%Ww|$spE_gU-6Qb4T7jQyucx40m(?Cl1H;Q#;MkCGH zYwx}Gdi>Xa<&^VY9qf38a;{?tb|a!lsO$kWUO@nyELPA&q5t!BLEhcIU7ucFNrlb4 zXJIcz7I#ye6ERj#6IepM=nivs)t(OmRBr`SLPTbcglo@XPp**#w;jp=0^w3zbtO7d zokQ-)>IwEvU(|*COf6 zVhnaxwK|+jkEDmu?iZKb@OPZ?YHF;{8Ly>NRZyf;Y&Qe@i}=_Stj}N90_~JIZ6}$v z)9z>|<_$_XJVaq7JOD`zgh0rpMZIkmP=|rMIWiYrzBCKTPl6KaGFv{f&KU@UH2e<$+{sV7W1U zS5V#8D9#qsqv^Tv@i|%F_Fm_a<0FiT9K_6<|=# z#J0YWT3lMn>$PQi3~d)@h}t)H{{FL#8M@DT+~*$vn{M3ahJK&tC>*wZpXW34bf4$L zJOuW0?-PZ!FLR%I>DcJ(OzcG)NHuYrs8N@*p{@TN7@Hao^9r)S;<3BhXLgmQ`wWC6 z#EJ7t_oKRCYvpmj=iTTWzF!lm?DB7qu%$arQgEZ|3~ zoTE8wpz9-AJ-U%);2|AscwX4gtIHl~Jl*|x6-X8H4MhgMJtY`SO|-Vx>4)(h)q)HR z-nKw48Y(MxWb4uet68=FHaoWUpU*wVQtva{GLB>dt?!&xbHilz`xVidL+caJZ+~kB zHDUOV@(4Gfzv8zL$rup6c^ONP=V8ix-vR%C2fR2XM{yp%kzqwC0-p2o3;sGbHNWEM zMy8b;NVsyGF0TBPq34>4H>OArq(~3w((54U)w%TIU7LmW_QKFWaWg&$k=0dsuy|o$ zAXBSVE{5s{dM;*K)JmN9lp1J4l%z8aZUj8t79qCxuK!*^psn-`7@;$~;Rc;cR-R;l zF~wpx%GczybT4#8ila-F6Q{NwG9TVcXbsm)``*z;qBHB4ULtWN;j&c5mODpp9ZtUC zjfuHMmpmi8MV20#4(2<;m;*Cx{U5V$NFxSzqZ2dnH_wiewI6=pen>P6t#w)l66L^A?@jb5!Y{r(eJoQ^co&rb_Flsi5CUkw>7j)Dc*O z<3Vsj6^H7paY~QH2OI0v866MOT+dJ~q>i%U)(lUP(IgM=IdTx$QcP$$|04Cy8cHixUW`z_XZn z`c*F{0rc{Zk!XWq-f-o0P`L8tK(C`P6B&F&kJU`ZrK;JX)!KO9YL=!ks|~Do%_KAa zM8dB`%`TUDWW7X_iP~iM6@Xr8{;r==Wa*xQZMVw?**&*7VCZP!IeDWt45ZVPq$Bvr zD^DzYo8%5AJ?^Aa^(tz}QkK+U-0Ml8ldGbJEnolVe}2s?&GSDg(V*KdTdfhNSBav6 zRhBJb=b?dDm~3pVmznSXftU4YU1ypHQZ!68CDe@An;u8WVtw#93O@&o*ju)YSdD0+ zb+Hq}dPJl%gRiCSGegLhc^pN5=g!(u1QkfLcHxVcg_=HV$jJUgBjyKWo+ufMM`bdP z%Jc|!JfB)zf5O*MhA)W>EeSA1@O4Ct5k!f^uXvq`3;FKHgJ-pNyyD}(JSTsWy-lVd+K@hA~rBYF5!=+}$) z-b!bGD~HQiCYufbr<&t4F5+;!nSDn5G-Cfn;kM7Z!Zvt)aAHw|hX+)Es1@i@-davX zHq>AU&51)L)Yk9ys;~tFF`99JRhR(WaE;s$b+^HZz=J4wg-Cv=JvoHje5pIsOBF~& zZn|ymKVPWD076yM-MNP5nXDdXcRoBFN~!sDI-Sy@*ZDWHQx&?Nga^oh0&IZ?9y-3uHW&o94f`O#Z~5AWzut`3^X&zHsTgYS z$rKBP%%b_CYrh>9A328l5RJl8G}C+rqoW4nPZ<8MkMkYwc7Jc^Zw4Q*r-<&GoCUCj zr?_hM#C&Sfd@wjyZ);|pFZKP{ySAM_soG3CWN~YaeHpzT>a(3s-Qe_@+&;I-xg!!0 zoKG~zwF?!KPuDGiAA8fG?N!jv zR{^Ja8VQ9|U^B1~ZWuIH0=plDf)7q_y=Q0WJRko5pzh^i^fK=hG~u@|3qw#Q6hY`E zEraj@u3%z?Hy5V52Edkw7q3qix=+}F|5v*=IsIc8r z3PCdLnp`WltYhpRUvQl}}|M8hOtvPKr=jIu`j%e$=+2U=RtoKcoTmjV?a+Rj~>XU6=D{*BJ z*5DZX2JCEIw!eHC&E|B>4a_sWcs>YGX}u7UjYtG6JO^*V8MW6H*EWPyO77qEPn0(0 z@#JCyrB@@DJo~ekl>N0!5_fmuP~eMK zBd(|%K|!Tl5F%4Puh(f7nPn}XOJ-AkkI9)x$WfOQ4C7NKiMS{Y;H@__z~fX@L`kpe z0L5L|Ro7P@FcS=J8_*2rx>a057+iFZ*RjiJqOLQyOO#zj-~b)w+4~AN&yGzj=MC7h z*=8w?jQR4Jr1RfGec|On#j7O-KKkF@AAWS=gCG6v1$W&2fcu%DwKu%BF6PEQe)FT5 zo-f@6u|P+6KrY{aTyjEHc!pLE-;6LBIWB{)95Yv;7=9Vr3B&_LQsW_ zN|lTY0LFx^RQ3ntKq!%{qk6U06tAC@M2B)6~KgE)y68JaH7-Z3P*W$&m5to`A5 z`g|;&(6U>Pj4+F+DrP{YLvg&(s@l=xi^+hgg z>Z$x?v4Hj0E_|6dzn|57&~-ZHH#MX}vuDosc~!duuk&tII>mXJf>=@=;upye6G_wv zR?#EaUW(V3O54-faz(afY<7Dz>gr5qGKEc{BLkDY9EqSodp4Cg;8j(yRoiVgMTRci zB}Y8uqNT;E#|aIQ8lrS_$=)bXoo2Y3)+ZMtNs)^Yj&3fi3mR@$$cNTe<;vV`eHMo` zjOy*U+viEDuXaRSnbDjhw@}L@gZ%+*;ZR%tRAHhk{)4ewhZAfOOg9$utQlwQ!=h+) zOgk0JjBg_H+QZFRKO6B^G#FGo`a&@iC-q(uRK@04v6v(mT8P=OU&ftAX(QKJ7#VM- z?4}C5K!!{nLbISn1bbxbx8~=U-}SDU8J3x3)~%mTeoNmU-WQ){|AFkZ1NQY1t!gq$ zF1u54Vh^my78Fj)lH_qaEoQ50%`Qj|lS5JL<7Sgdq<9SNe6U0zdX1G!T^y*y0ZpDC zxpt*nf0?j~3^!se`S3jhNj7uLvwXJqlfTa{6#Bl0-oUY~?|ty|S>|DZnZfM8y$@q1 z9vR{<9TWbXDogkw2qXPj;$py+!z^*-B^}{iI139kKbtQqu(l+NBOZ~?SRJz_;rh~z;O5YI_eP7v5wMrbab#2 zoPPA!$>M>8OHSk~zI*u#$4|R`N;5p!CkGW7g@*Y?DHrgjQ)yqkZ8{xlOZ#3QNryw( z?sEU4Vp}lTtfrwrA{@c{`o5*HrYLp^#Wvl1@Xu>;bU4L zL7Aom?Z5;XDG4%Ccz_<;7S;*p?BoG@$PsW>9ugt+5(VyI!(SykhhOm*aD5JDFCLV# zB_7`t%s!t`E0;OTN>wPGugqu77czU)i$PwOsUzHW=pPKI-!`cpS9BDd1sxCP%V_aT zLVn2P@oIcfX8A^D=aQhD3Ce0Roe!9TiVXrwR`Y4EJyEPDyn(UF@$mP+Ise|k{H=F) znLK{jEa|A5iBpoKhVeFJz$h4cFfolyf__8z_9fI&B>7SehQ0d_tgKD8v{`A*)8 z466#)tHeM<&$SY?mzR>JUQQaZ8p*AA1ko+xzd}CA&|S>Rg3}Cp3CMEVLOPAYqt}RR zprzOwNV|b7#-Nk2Y_rKA$_CK%&z4>BYBF1&?de+b#qGt;zSya|sjWpQ6I4Ez?1;ipRMlvrh|E9ZD1hHXezzdJN8f9-0%!=BQofh;J;mF7@#k0) zxN>d~T%XkXWx_fWFIIpC8ldoGfb_SY7L$E5R@m?vLoOB53mCf80tfV*;szu)pc6Sq3a&hmi>uBx16L3XV0dSwf7S1=t;Q$1v+3N5 z4IFxr)LM7WvSv%$zR=COZQZug$hu06-+6`$@op4@=yV%y-an8ldR_Hgm+KLsF0n3cR@lalNW}NcthptP9#2@+j-jKU+M_{eW5QF5?1N5wQhJGtE3d+>_~dwZ8p2J;c;7oCxu z^S)P~8u@ShH*)Hi&dfSK(cDLyCQD?3b73fCbubVl4P{T4z1bTs8xaO=vy<7JN;`WRKE(u8EhDl zV>poL{3S;QmN_}f$eI|r5}58+&>;`)8OaFu;7pdVD1anq4Lrra|Hx{IBP<^nd)2`H z`M=ou&aY^ni_PElYR}E$=@HM?V@QCoyZ>S|2cO@y&(q zxf!XVcf(MUr)00$yx`lLx_5?h6#w(BELf;VibI~)jqS^?Kt7b0)Yo}T7zf#TSV0&l z8V;?PAr^o+s+qdqRiM4tl8+3`S>}2;9y&#VIAJhK5A>~I4bc3Oa%h$el zaOi+H;~g!J4!`-$ATfrWceJ)Nkjc6yUFoR<%aZ_oQcs5?h}nG@Ig^sG1k{Km6>}RN z)mzEu9gbMpo4cS2MR!q@i$xcx9505KEjX=RL?lNcPJVZ=@{H^$g}=M6&}r&4+P_pa&Bjr~0Z0^FV% zho>_14`aXr@cJiFz{)vZrdHoY5b$05X%4Fdcpd={igR4#uoTeixO+j7W z!U<{zS9p8KsB>cmKP70kR>3>;=1cV6Xm!blhJeu{uJ zl-5B9)ZJ=?baHjO;nEF#27C4R0#Dzx5MGI7?_zt$Vqa1Xn*C;3jw`upSXL(6+ZTJ2 zhX#g0hN6y)4iD^fVcPm!r7DW!qB+nuRvAgRp(7J|2!T9pigyvxYo7iMvC1^|DSA|N zK+i%ZJcR<0A&_!a8^;R@SF~VH#-VQJSr;?$TbU`WVkTd#lHLe=x-y$G)ho$$|E1Vs zJ4zNS#ft*PQm`l}mh!T4xS>+<204_B`b{2Ev9NhpZ@MOBWy{;0)ok>#XP z=!n@L0d680?{+G=bpNc^?xWW2{YS^L9(k+2OAJ5AkF-ZYL0d3cfKa6~2OILA_*vgB zy#HZd!viyp`|r5^giaK0)?uu;KFb@La5^t|_s?lPux_?ncgW~#C-`I;;FQjsZzUWQ z{D8%Gz$#e-8@E5T9!K{M8x`|V7eZYVV>@r3G~_Yh)mB8L#o_sqHXi&G=R{y73SPIO zOYBdFyVXK5uO4@0G8xqpmU@>pEj5$A@65MCVSAqU@+eR*kDJ2b(dqeYc4oZa&;I@2 zr&yb8y}p|V!wD>~Kg8My2%TC8Id6}D11Cz*&n|dC*Xz1y-7oOCbn8Ib@iO)Hl)8&U zp)lMb^wXUa6Q_PDHI!4+U5U}rkAM76#=ev@%P8vcykqQ7Fb@HI-nVh~$MDIo*81a~ zxZQKs8})m=QFIrMuCO?Goly~Pvw_^##z1H4@s6icA(P+bWYM@}wW1arRyh$nck)2g z6*NUb5Q;>KbR49LGE9`v!wsb;yBMCKD~WwP7$T0~1_Dl;IXEB@Kp^-J$-eMnPbP9) ziMc-zt0rwRzt54u%PB{vLj=E~bTPje3eUS$=wFJzQGoI|@j>H%5K>Z%Xqzh81J*L5 z1RfC$ifXh9;%#f&=!ntGgMD_lAy6BH?(m zJ?43r5^@}Jgk8h?{3t%TWdSVGKXe3?S2^Q15lM8<%J6W` zfdw|~R%Yz(@xfdz0#psgy(wnc>%`x{J_!7Y+2U~virItM>Qh&M0i+ZbfmN;Ou*gl8 z9Ed`H7O7>ttdCh-5uY!tTJX@DsfoYgNp}!N#o_RU?1>Jv!V!hLL<@Tmc?e0c3VBTh ztDGQdi0GOH)BPaU>ui9g4J_zSak@4hoe5b>CH!NRyQ{x^692@9-<^JQH~!&XCE*h= zE%!?8c%)*#?z=3gP>fW@MEzax-Nx&7;OsxCh3L7-9n^&TVfF_F;$(69B31$UD{Mrn zz@gn4y%KFD>Z%MTXo#mDj0&4wpfa}iUA_k*-I-jSifPKNDjMa$LrHZG^&juR{Y^QH3m*SBQPyxjd$wbxZ`lBzPXic7bjX42=M%0a}1f|Eljn@mgOO zP?GficZy$Pzl8S#6sft)>~@5r%_fOdi;0xj)6pwLixDAxMgqp-w3dFx5$MwB;c~NC zzV2^iG^g1l+>YPXI2R~BJIWa=@fV220e^u{#XGs^ckt?PNX7TC-{JR7`md(>xLS+& ztj?g_#5J9pZm7Z48cjR^L2$llH}RW#g_-~EO!-jN*hSCKt^&A78aAg5bftN1Ul_H04g=^! zy=S&Kjx{f=X{iu}IYVT(gvhV-QmFtZu=l3%)I=MyohZn2IsdA;2=dL8Q*=5J9Y`@b zl`iB{YZ>&M6GRccDW*K@_DMptQwIseYhECi;b~$U={&CE+PB?G9~s>@L;`j|A!Nwp zF1J^2z7zgn)frPHv+C?>c#@T{uM}85%wF{usO!Gxcxk#P$wVXwW_kcucUmo5SE%(7 z)K!34|;#}S`rrIEwlfM=$wI^G^J{jcv?Z$IoS=h3>>8mshW25z4&=BG}G zYY9a|gO%n|=gi$_t%}1kVRpJ~)#bBG#6kp}wcS@ycv4epq}gkPXDb;3!IcYy9CpHp z;QAQ(tvPy*^~OWfI8wQwAz&UU)vr9HkLNnU3I759I;dct)kg6^aZ?UfNz+;tDV)z} zB?ki1YO&GL5nmOYZYzZvG00@ev>Io@wD&a_S+7)zcL5mhpnPPvj z+}W)!yzz}}Tr6y5kXQXS-#7g4O3)|bWka7({V`CJIPhF)UT_O#VrwZAe%4Wp@ON-8 zK4C!%xp~sTPBU-kXS$uTa4@j1Y6uR4`d~$Z|E!=Yo-^<7gbWP`#tVkXDOh-YpwP3y z3ck*L!^6wIjBl(>8>0Z>t-Hd5>g=jQi@>d`54Y^cxXkD>n%ds22=a;ZYr>5$#* zop+tQ?X|Kj#y|4Nn+9F;mT>2uH~#L*cNp9H%!=1d+jm2O~ly zQzqD-S@8gb6kU}HZpVr^2qT)i~fvzQ5AR&l)_dtj| zB0wx+YU!@WPxYoIxQm+)@9W}L;(X|@RXhfwxtP!rJmsg{{@ zPlzZw$5}jy{DOYwpq&)(!;Bfk6L_!f#hgZM~;8*EFnRk{>_PnDu^ zL_v;S$aDV{-|saoXj!q@>}a~^WGi-u1c6xCnw>U$<5A9KY{0-E4j%z1Jm{?qYLK^H zJ@`9IzfJ7ZV&U5RKlU;4G~EY{k#pAP`I!5_i}PiA4*UX*Nq>F@u6KdYCqGwlA2y+& zc_jtqKP!UGZWciNW7^)!SY?lsg9;o+6J;y3tTMgtW+TsE*!sH}+O^O(Sl3>{#o=$c zu{vI*`8~8dBfN!j#2zuZSDZ0qB=zE3o}wfhh3gR<6d^?RR-~wB%|0G-nATLva*ti< zMi`$*Z=t#yIQUxomevNX4us2k8wiv%c_N}04O~D$Uzm{U3~@U3j~;CsqlwFNrt}CQB4&E9jAoJoXwZ{zdLBhijF5hM6bO1f48>$TL7o*u^BNHF8d6UghtJ7m^@5&^#-t1&weIE+eZ||=m_0jB$brplzv77s{LtS}$Byeb8?nt_C zzS72CV+&W(l}11rSA)LNNTs^RV~v*k^4-%lKlS;VP!heP`Oc^vvgA4iYYU+%t+OJ} z%c5OoW>3K*${vU3tR$lepX^w%`6T4)+_b4A&y+HSJh3=V0cM@t{5WZZ*6N^!Wuz6b zHlP}4nKT!Z^~Ol$&|f|i-pbFv_SN?-g3A0yy{}$<;NZ4yBYnkno1w3Wc|iyy zxNf8RP`x&S>rK8tpf@oFC(dK4Z43xUA9m3E153@#U|hMiOV2r(CpQz~n0R4D@G#lq zvH4egAzRQtB@n%s-l_-ZGWG!9+K7d=biNO8G7N=E<H;4#mSBu5aqnSr9MR`=VT zR*6-X#loqF4wPqlQsSI-d^&&Pp4Fji???KV@9Q*f_8<9uqYX92%xm8HbJV=!Ij;{9 zK?6$lAsCnOb3`iBnp;@0+N2eeEFz^1n_(NY4NxwGuXAlo1d=We^^5-S|9Q|VP94i5z$K2g$L$&MS^aI z0hMknm#PtghYt>g+9a=ms}yJvL!Xcj!9&ew!udo*U(qC_9iJQ?nn@y_Wk{5KS`=CDQ&UDa7!T1o>`hm<Io)!!$4QFu%+cS5e&bY$J-aZjb9>lO(S5vs=+qi^I596$3y74B7)6fXSQ z?rlhy52eDem-LEF^t|cqK=+$q2+}q8lstWHC-=|qI~nO5FU^<7J0r{O-QDfXa^eKr zv%0P9tQ-i-57LCW6n&VSnI_`UREb^!+WakgX~X>1Jsz44PSfzb7os=aJlgrTIa33 zr3f8b$g(0yigm@_8m%%VS_b($7>>N4yVo>vcIr>Lt!hDMQo$p~m$TqpZo13;stpgw@C)zcFCTkkI{7eH&_ zy?FnjSbeGtnhCWS&x~}$ar5Y%cE@+byG|7wh{A1MgQ!y^YOHBGHy-CPtdD7j3KaUF zChDl?B9|&j@sMO1YB9;H144vj4-%nYkn$J7e*DBqZ$u>~zNPU~6lfrvVkK3|d)i~U zJ*TBG_E>n;T+Zhs5w#Rqi$(>vJFsq_$>q{74M?@vfm%AjSb6+HIYK@B*U@SpN6n}x zX~+$(e;mARvQV17eIV0YiCY7J5|@34Pg=kKJyW!OyxKM633v~SYnA1-ef!rARBSG% zdBWm=j<{#0bE%mM+cX9EBtEC8uZCR0sB*jTS+LN+y5vw`jFv-zF<_Vxir}7@vCJz$XM&g6;k_6$=G!ZZI?+oJy{{X3Fa(3MS!;RN`^k zdC1mPyGa}GM3Q{S-M3(k+>+$1jk>}l1Py^1UE;5dm>0(KeMO(Y*vw{o@_shFwDbOU;33JH@#^opPhT%0nX(3x6R{I#p2ZQ=D>-Ge175t$pKjm z_BX(e#D%KxtCxio%1ZCRY})u5=RM$ToYvP$**Pmkf-U_RzNL=gTl%rYO|)E0NRjT1 zn+5aPP~0Dihk!R*@jz8)S9wqMTFC5ME0-1TRAOBjkCPEZa2irVTytU%!*xO060nAs zHh(3@%%CbviXrHwToyr3$x7u3ocf!3To0)Ed`|5de%))`6|oyu38em*S={%#=j}_Zo2z=yDtfnRE}MY?k!(b^pY+J4W@>!KB!Q8 z*8spwU{i{3(={}o#@24zi)J3hc__zs{N5%JP0I* zD_lw)xmC5tIt!V4QgtM|i}^7x`%p0arh7Y&Oq4qJpB`R1e`?ZULiS3ULsu5Fq}=i^ zZF`2m(KV7y4z0*3aKpaU-=>@E*>p63b zas=HwGXl1xSprC9!Z0)TUyD!c*X%vfXlE|qOV=VNkJQHkxmqw#b{+0J5{(||%g^*> zvWa3xW^idtl&s!lD46tGM-r7l#08wuTerS%x3I6Ezc7TC>vXvq^|tf|#TcK*y>7DrU`3e|q&ZY8xLPxfB zwwoOO2QgJ{#5&!YozrENZyTnI0?Jqs4Ifgj?&3U^g> z)7EfUcsK;aQ@Y#2ofi4c+eLh>=M26tgA8`XL0}qV&$J>XaBI-yD(Q&FqV|LCTt4p( z05;=VwkI<=b>5xJB<;(tVp}!fCOx!lkH+JUdFBi>db$JAfx%|bKQu9uiVhC+_#c0Q z8hA%jGZRDpU=x5E9$Wn?#D=vo2RVKL`=utlLsL?8UZ;S6(GyBW0*SYGQZxJ zc(`%Lt&Q&f;rM)%eMNCPK_2BzN4+LjZ+&v!E6PENfl|&x7cVG?X-E z447O!hJ^>u0^|S{C~Q!KV}nOH76jrAKTovzWI$|3I9ht&M{@$r&I24`507v>FIgRS z|MDJ3t)V)d7Un(3-jSS~9FGqygK4HKm)vvcPyu6n2W}7d7sI!2;QsQ$y0&=K{TjDe zbq}G1tmIBbQ*U#+{Z4l@beEki+gXo&$}Z;Y%$^p~Z*$uHXm#Y2LYtmoQIIxmrb5&` zFWBc(&U89tq8<|nw;I98C*U&!P!0EJ*F<<44}|H!XB2y)NDXZ_f-zDE0b36B*>ut) zEcr&6Nuas6DVDvyo^qwvzsI83EFheftj>Ths4lyLz5qLN?2}8))w8R;^#|{|>%n?2 z9yXUAI+W_|A8TtH>+jXaOY=kXp`a6B+Qv2nr)=5~%*^bt&r9c3IR#Q?8M(80^8%w~ zM1~615cwSXnF7N#12cpNu#p#GpG2(${=b5Pv(JAXpMf>NIc2y$T;?)veWq0?YJPmA zjenwSmL;g>*5{C6s4rIf06jFs|2R9v-m&!t+%o^$v+z?NVc&$VJ;F$UK(K?iAG$T_C`9|}aMO(nxf@YT!y>;uam;KvPn$F%-g zoCkx}GVx&GJdfhDzX@B&g38U3@IkT|dB_f-+Mj4qXetMJ2@YQPDwoMolF4<2xx?|u zxau^Tp?PIN#^Lxf zaTuRY7lIfS1Y_j-doK=j=j*2Gh_IEcZxHWbCGZtN3p6F((>0WFr$U({pYu)4wXC(pY?`+2if7bHHaVRTx0;qg`s zh8Y1aU7)y=6BK~?gT=jzOZ2IRT=Chkt-R<+d9EO1Fb7X6Q z^+UH_iT*>2;+62Gqm;(bSut_RYLx<)JO_mHl5T9#kTLq}f-F8BR@vp};T$!x1!RUM zrF)Nk(lr>#YxQ`nd$w9#F8yA;&mAuWLY*G7KODuz{3FTg$q$y>hKe4WQm=Fb(*e6= z{!K>3QhblLV=Q08SR6dQa`3Vc#@)kVCrgpy!nj`5GI+thsfL&wN^K-_s%ayUO)UtQ zP{?S#6g`lpE(1C!n=3w2-rK>JYLo7jBduw3=`j~h+)H)=NK6|Kxf2dK>&#R-erri7 z_~VUI=%(r1ScZLYY3cj8Sy8HVw3mNq4CT~0K&xJ%FCrG5u{}>4;HeL%oMATHX|92VkY}*B(k!%fWzD#>0+VnX_e*K_ZOO)sOQY*K2-c%dh7P~01U)?nf+8;yE$J9eG z54)uvqAv6<{*3}HE-FCwdp3n4fMi~|5RXSLro9(@zVv>Z&2iC8$2>qMSUJesVMX5% zD``dN3_s?&&8~{(3hD^c4d8bWma}(M*;GnIiP-`#7jaQY9G*74@6FJbfY-&IaHvd8wkq2XlO7t zB{!KZ5Czk9$B<=vI-QO@Sj{!16QfA&PzIl(?}{jip1>g` zo=m#BbBUhWwxRv;gZ65&F{(8VJj7V_WLvZeE?)0su{2on+vTmkhrTUJZSCz@!$#S~ zoopk&vM^Rd^fO!@a>pIc&pRkOH=cGobw+%Tf#Q+JOiBL7V4dW zh!T959PP;*MUN;)%VQ*X!1WQ=s@S#^Hr1LWPBoH>h>=J+z2RxMT1@4QDibQKQmZT^ zE(I5@Z6?N~{6%sn(~2a6vtQ!8K#(JaMXpd#iPn$aO-?^_U|1S)k%mr`)Y{@VqKG&| zpF>0Z6U!g{sIM#7HHmii$z61)?afe^eR)E>W7>6a^jM1xdKV)qlXPZiF;8{@_w$MO zUi?0n+q-dilfRG!0|g-stvoYI7!LIB<@)00%R&foB4`Y*;Gi!^!I6Il89k{b@B=t? zMUQ_|DEKaTy=JaH4sgwJy)&n4Is}OH;p>zi*FpWRqZ;VSPu$wyJrnjNdP~{CTHN&Y z$EA43NWM7lclZu829A&Ce%L%Znsv&virts(N=|0_3VsKah?*HYhOtgy41dgR&?DR? z)q4_u7nM}g&;Q*kbDxIW_gv`d8i^cXEp7MGmd3{>T|3=TV2 z>0T#rU zZqpONXmiwGXrw~j(cg-s6~FAVW^jyW4{o05x6W9r`&XCe|IoTTT^&L@GWi|FcJpsB zR?_vbKHd-_k9QNRcx%^O<(4yTAFW1-OM7y|8VX6_O*L;3H{24Faid;V`w=)y{`q$ZG zpZnaWw|Bu^Yuv&diD4D@-@!amofGl+2*?M*R4gZ8+N+_ z|HvtB2nv%Ghs`RUR~AgjzEgm@@u;q&x2;zrYsz6$vvBy{x%5umG~cS9JExzWC16}A zR_p=C;Ab9gQiW}UwlJ>k6rzEt0(xs6@~x2CYaoIgq=0ge+@v7oRf1*g_aKD^g8a&aw&w73am>*nA{Rq%Sl^2Oc*nTuhlNJI{R zVa1UF`v;L7qFq7<&Vg+*FkM5^cR1lZrcPu41ZFh?@7-|7Ijf5va_4YX7w2aM*7Zeg z%7v_1x}H*lx$2Q@+tHvolDNq#l}DpW0D!-R#F5Ud&U_`%b^nifmaxu?}pP;4*?>rY5-fg@8Z2>`8R))yqB@g z_^F%VyWGOWdf#vxd>0G(E|2|_>w8o8>h25K{OE=LhvWxrdoNN8O9RYs9@&;304q+3 zmKrgb5vdvP_ldH09&^C;CzSFg$cNUBw?!xk8zB@(gc_Kj1uAA=&n>&L0YS8hZ?xG! z{=->raOLoFWc>IR<n zE~@*Zx;v!TnP2H9X>K1`H;7XAi}Z9C?LG63z$ldpH}5)mvPaO!qoaLqf2!3abn9Py zNmWX2xK&96{dnQI<}F$-r`^&tnuQMfontc#6J8ez44n3{ zxrK4Xg~#y!U>>t;;_DGtozqIeP|z1Tt2h9&as++8vtFm)>-5H*isbW-2OU6TD;6U~ zPC*Prgs7P9i3h0Eo3aynk+)u^!K*YR0%wS&^x5bkPZ>1OC{@#z?@%F7By@mZw5{+j`m!h8#zWs0bI}zcK)+vB5 z{#-=xMaO#qvW^W_M^Af?mT%c z&%EJMOa*z69FLODZ-S5hyHXDFtNvA5{Z z$MA|>lL6&dsx1Iyn-rV!xb179sjxg=Oy}YvfI`na{V1e9_QF$_U+V!HWVt_;<=Ka{qX%S3WvpyqkT#u zmrHmWNYN7q?LF+D#b4txSk=Z+*s+1b88TqLff%dCSPZM`TrlPj24l_*Mq_7UHHgdz zlYMQ@*gTCmFdy_HVaCooC_JZ+*$@GS&f}1~$IeHN%57uh022q1XW%2IpuCk z_GcxruQF)y`8?)qY-G5faw`2p!|~T#H*#1_Zy0-hF=q*+HrUg=N|2LE8B|K^eO*)!P#>Dk%kH}$3Z%ArtYFh7X)MBh6_NBW&7 zai)Juo0-wJj%}am661Ca#l4;b4x?Roj|K$mS8Nw zet&dy@Bjn3{!S2+o!a`F?SNVqEK)rge@=lbdJgN4U`%wp;fmhIw7%>qn=NBa%jp#I zL8)jCMUGK*MQ}6OU9j6g8<|Nb3Fb5vTqndK59>4@X^2NDMp4X@pf{ujw*xdw!08$svHxD*rC&vb-JZazDvbS2TgrarFl-(m& z`x{;2nRsKSy54m<^G3=11Mv=%#l&Wr_%m@Kdo;NZ)t88;@>~)2PDOY~ODFmHm*H_lY`?N{yzx`xHv;TP&AN`VG!wg9Xe1rLJs0$ zkJL&%{XMRvyU_1C7(3kTULH(;s@Lz?GmYww97CLM7SkM%5aw$y}H_SHch9FzcO9t%YQHpy~nuG&C z_@6q>#6@5~UVjjoIxTnH@SH*NWhIH;wXamsv>(o?@R%sL!M)At1 zmxBYH(2HTn%z?eb4Q{~qcb7_0s+N~aec6+YhwT6Y<%&KRsP&!8;jZX>qA$Me%H(pY zCxc?D@={odrLtbu5uQcCRQvHGdy~nT#l88x7Y3-~_Q3h2+~VR~Dl$4XmwoVA-f-?lQ{gvvp{Z2Wao)3FlJv}91KkM;yYUi8)s8HW@0KN*{kud7Ymp0) z5tIXRByK80WG{!T3WTuAoatP_n;i{T_StPQbRn8o)2Wypm1rOzS995A;6&g)1*L!e|O^VQRsEwK0daL3q1q;fc#gV(<*Y1kC|?4^5gTqG7-T&J0ZR$7cr*bkG(}92t)E z6EZ9@f0#CX{=jsAS4P`52L{IVY3rqFo8r@kS&L>i$7j2`3I(ptXY`qysn^>t_KX%T zpv}qtSn}c&buPrjQA+rRdD{l-(agQl#J$2y!8LEq)b;qi?RkQC%b|WC&v==M>Y8=G z1lH%h4*GZUkoBcA6nBd14N$-N>#=~Nb7lqeqTw8&8sIQ0fCnVW5)OpV3KC*dk|J58 zvpR}Y5UAEE8gQ=&UM71ZLU=sjmL#ul+&g8ntSP{mzwju*Ul97{-o0UQewEYbA!5;j zeV_swUw8Gk?#JH-174H8{5Ux^AFCoKd}G#k9FLWGF>I#&XY`*@H(a6Dr&0nsatggMNR=WD4Upto?AMW;i zn?3fI_1hYad-U~?3a~n9CGvRCF6o{) zP6X!=FvW!E7~ldXn;FL|dqRm7x-#{{?Z<0N#qsL$a&CD*F-um!|?|aRA z3YQ+(0`xZGCew+fvm|+r+i>mc$>C}bdQi0Bvc6|EsEuwS@4_9;BE*f&LstZ zQb;DvVI}Y>*B6iqba~8qnv+~IG4FILDq^1KXkko^Sx?iy!T|a3u26H3>qf{F)ipYN-^Achylhi*aH`_#DQ;%QKC=5Rb%-yP>k&y^@T)if`OCWwCBg;R#?xXf*onIIfd#qxaA&?hkJ95LB=g z5Wwk6=b`yPco{;$dRXxn3Y2Jwy*B6>g- zn4{t7xtQRO#egg{3+JdT)gmadm^q__gZ>a`e7Q@Rjz#A~F26?!`@{LL81`tga}M2< zyv_w<;?Q`wvpRrMcMstKbYFbexZJ{*9xzj|a%XYw%-im9k0xO;!-Q{w7*8Jme;*3p3@dINB1R|qpsqz6Bv0<{ebk$`nJ&xiu6j%OM zEi%~O8#wOo?CDP|pZN69O*!%O-F@rQkO!IzqznHt_x1@sCkPAk{S+4N z(6G160dL?O_67FF?l}nt%~8d>q0dJo7?}4eP8TrB+cQ8uNb9!2pUjhuzewr;WsrVj zzHqa@8v^g>ZiJVQeX{3B?qu6dFZxDi7E-B+;fDHc;NSkTak8WL6y&^9uQ`m~xYiXB zHJcuneMNEG)>K!DcDf=s#+50vxJGN9)NKRHgBM_Nrx0uuke?0{@(P1m%IsVb;Rae)WEbjC zojB$UpHQ}qn{;AcK18Ty9#g=Pg0+KDLM3ev(ZjxbV)--6%b$UliV|33fD8(g)-UDe zzYD$U1jaODc5d*`L%6~XT(nC(@0=$L7vlgflZ^3^j{u?am<}JEE>`-$ZB59&du;hb z2M>OTql;TZ!)Nswae$m~5jYSYj`F+7{sqEPx3G9D4_O=0b22<;*hQ6G8g~Uoy zbum}cmCS}#Q&wi3v&~xznH6_7ovml3Y(BDXGG)_ix$$In%De8M$N+-%3JCJg85TwYWc8_aeGEf>U*inXH4X3=;c{pbC%k$#t z?=ZG`;lP>Mv^dRJYWPV1=TQCn7kX*GE?+)oes0}E+>soUiGEC+_=@^6ag&o?(Awbt z`yCrjHOsQjtkYxJjON`NZiKFL(xud*d@&UAsOP=&P7j|3J~Cq(U`gCCGW5IUWg77J z>3pIuqguAbx5jc9Ojl~&9FQ@T|7DL@^g)`P<`azFdhh}ExQ;`ASY&tKJAP~+3dkw( zmfy;2DQm)@@GlQ{6U>ovwd7vm%9$K+<*{r29AQKHx#q$g8Yx>O1Cc0vk~=(h`W;L- zuDlQoS8jaM>l&3^THIulTf$_b!`|i}MAwIi%n5Omt6B%#F?Ze9z8aEzW;1%%Dn4I6 zuM7*T@uB{8xm+le*E7>~Y26)~@vZy$x`2sIUePmr*O1b}6Nr!+*^?w&t3wZn8)0!^ z%&FhH0hA&823%@r+tLE;8O&-SybpjO?g+hhu;JZ1(Ld+S50w04?aK7YMCZPNOl9tl z{=$?$5bX|CXS!qmLzW}Cpgj;xq*>qTHShe9jo01%OO*q&z0OLvIBh;KDV6uVaX*o( zxs*voK{e<5+xF&cmAk)3TW#_ir{e+ocpx4(g@h{UPa6rRPA$rA{8aA}?px6znWum|Ft_ zn1`3l0rmZA^^f5RUV^7!P7K5(VKCsv;Bd6UE^ECS46&%qQtJ&RlZj3_<4yHdLLGfp z^vY@Evt4P`m+#5gv$+iVXE%E~+_#-6j2@^(JLHdLn?ZR`U!~dngk%lW#%ps&UEyZB zG*OR7YJ-{FSWm%*et;G>!d&rM+WeN4!K1?|8RtCkNgePrb^eZz^5ik4mZeHyXx=+Eu^(oXrBZ zbBpTtpCjiD5vvWGU|}*qMldYqRrJO~TeEpHFY9QzX*9qS$FE#_`o0poD|AP~s{^Jwh-{7g_{IQdF*67}hdxbxFMCef70YRIjml2m1^R0vZD5FlUx38WxW5KSnifGyZGGAbevZRti( zE=Z(ph8F2of;1|k0)j0xiUGe~`NnO5Nsj+K{0);*Y2ki1o7~AZgT(xaoeyc9nUxX-!1f zt6>ePhdcm3GHYP^#GSm>LlSYROE{E8XmsogK8wjsEvH{Pd&%jo8rAqF7<1X_lAZF!L6b4igvB}; zoR?%^F|JNXtq9IsRm`gXU&q^SpOD(z zbH|q5m!I(YrseVG0|%m$Q&Wkdzg@BVz8RK%`|Z+C#xGy~7Undj%HvV^-nH9&cHd=w zo6m3a``O+|%p<$y%fcSmJWxi~hOiIJtb5vKUmd=Z{0Fs;c2ZB(UWT|TSzU9{Pf`-2 zpE>HM&>^q|hb5ZKc#yv-VcneC+Hqj(rE|yMnjCLvzU(qz7a2qJ^mchi_YS{w*Ihqo z-O}+iUw|)MpT}&J6y7TUhkYR>gF+-2x><7s9i#d(C->a zATAcmjNn53%(3|k6y4>e&73k28=_JN$SLaFi1zlPy}jl3_VV_w)H|n*x+^VK%*KDa zy*sGA*Eh58tSJ2xyn4vb=301@30{xzCJMZ91u2qDAc-?3K>kboA{Gn-KHn`g;P^JX z=B&;+TTGe@H|Y2HkV!T&;Xo8aK?jMA7Y8+YPHC)LRd5+j7OMixn8NMZ(YC5x)5##Z4EGF3^7DW)FD2i%j>mU!ifBc+dArCFD2gLq6n~= zUlbk^Q|QIv37rhE87PGKJVbB7%^*Nerh9p))jB&H?pxkF(dfYBEt|4jFejT79-+si zpPSRAhu3#KsP>g?Y$-Po;@E(lFnV=RcUm2L?J?}T2BTiL-{?8*uDV6t8c>;>8ql zaYvJ_u;o-3jI$_3KUg(xd1Q z&QX%LxNWoqEf%*0`7JEzDeiEm^w>cuB{*DS#mL$bpTcvJzYsjydpvXmZcM;~CCC9M zfkZc|D<)ko@~9KoUEKN=b>Ne`V*+vBD|C=kB<+;+HwGD3n~h9xnr zDoq&qk{fe0Vc^r=*7Yt=cNzo6DU!(XJodfCF_rSEx7la z+YKWwOQe0{&Si=_(Vek}5g@{q%(82)`RvUmzkcNzA8K4OjnI{1K6z{cKA-akk)Gq- zf}dup(S)m*#t_}ZG?IZ0tVg&GpJ9dzdAbD3Ehsjd(%q?FNJ~DKPxd7i!d*W7Rp|!A z35Ec?-?_1MKPC4fa{$tPmZ#+K8KJ9J5n!1n0A@sW(=o0D)p=k&Q|n&U_4h=YELKZj zvTa#MNTx6pG#AO3K9TP|xhd|9;NGA8c+dH)^vxy zIkp@rtSONM*$i*tc-4YP9IqdQ$vl^w5Nes@6+Q)C;ek7P;qza47P>UYt2BroB2odb zoMdd}G(kjjlE;^mN0W0jLnLsh$R;Frj&*noEaUO$IJWgc+OW*o?Vi@%O-5r=Uyrmq zDS2F;Bq=CkyMw(RX+9b0=~3GEWH`pzt%P%jfNMv`I?ViGm`4~`!9GFB{(Jam=*q0m z4P{&(h=4$}+wL&;tv_SQ2OuHM{a%WX0c-6p>4t+)UAVL z*8N&aX1ECeJ)L_!9)I(KP3h^&UgNR)X ze;=^y_?^d3<*{(-8n-4E?qb2*J#1{6VeSqQUXtLU1BafR;xqglPl(R|tmnQW{bLE& z4Ab|hJ|G>~2e`A5^3v6XKt>oXllKKImnjk!o?!mO?aH{P8jziT0`p;B|7xKX2SeFN z!Dcijce~peoYv-A+Zy*Uo2@lJ(TYGvu$6=*4(?IKWr;X2I)y2U%0Fu9vGQIXbQ6rE za80KGN80TiMSX&iQ^vgyg8hj9%<$0Y(nQzncqY=fu1}4CKf1nUd}V_zVxPqY$?Neo z>!xC<6{}Vxbn%fb%Z5%_*-Yjsr=C_=(`1D%>J1DXU&1DZd~I{mMFn>Pq#kyLbQVO( z6pWk5(;-3(Ssq(Iw&0NTB4~?MZ!kDopcl^UZEUt87GTNQS}s%e0xfYJu7*`)N|7FaUU@80I?9vBFn^r3LqRHs!n zOqn=tqdjTZw22w~{e%6!V0U*{K!4#``Sl~hI%VzDvFjC?T)O#K?U1)ghnga934_W% zRjC%=BX@5wpYIjYK!R{2F-JzDZgX&uwak+63@DT0m8o9GCne=wkh2#AQI-zPm0 zq7ZNcVNQ3zreHO3mx|a+;KQqIg%6KD+E8sJ96M4Z(rWWy9+Z?~iohNigG)%qKBR>a z;R-~eAB8l?NiY=K>*J9`;(NWmlo@H1y;sKT!igMx42Q=RsaXHk#}`RdjDE96iZoJX z>-%xy#o!-GabLqyf1x34anH%okZ;Z(@y>cJ}uaPqo@Zvr|*%6aJsTeZj)gSRoxW!CNpI@Q}r{ zH{!n18At?VQy}0C`KGF0(edAbCn*S_a{}`o3hRufk8xfpkN4^l2INcq^d7S zj3wfQ@Hr9q8I)EP8ck-$oDy`-$x1i??la_`=ewy|#Et}r;l<~nHPMNr|C4yjSqGOfhND7kP zD#=j`P1?F4cckE?2j04?9G(>GNV21leO44&Lc|`0NX8A3j0+62Af$zb%RsvQe!tZO z`R7WTkgkv1v+774yknXasYdI_Z^#`XUdLrmf4C}Q2hsYZO8=UqZyba{)Vri$Zz6tI zC3{5|xL^{#RqJR@OE|*@l`nE;ko-%j(F-dfMp$j`IYYQfYPvKM_C+G$5G?914Tg}k zEF?u>=P)Oe=fA8sG=q*dCUcRdiI9X?Udc(DRX^{U43Y_L+3P~Y2m+>%5b?tIiF1Yu zQ0QCuEiLyfA>vw&ubcOJ$pfZ>-%#%=83iPl2M~H^^E!{)P>tvzh7fh~hE*Gxf^hCL z@Ev!W*Rny@w@~`+4OPw;10TEU+KJK|EHZJ;)gK#Jd*>auK{%uNi>matO}ej;35DZ( z{jLy2!gNu_1y_=$$AyIOB3e>9!S5_^isJJ{?z6^UV9x19p#zg{X_lJH5tI^p-9CQ@ zX-9SK;gIjj#OgE;q?EHaH}g13Y8WN$%n`wqzF!qhiB6qzG$lMENhCjw;LlkTREhLx znimJOl{8~D!IgYnv1EsTozCBkSw}_{MO@D=_<5349X`ORMHU|Ymhq62lBk^+-hq1!X z$-2JL2JejQ>?TOSi8?9Q5w8=uj?~;F$Tbnpqf*73*&r(BuI1D(Q8&dj;C1sd$Y!F* z`rZ|&Tyc(V5DicXz*CGY@DJckKgY+FfWP}I+~55P{yQT7Ag>UOi=s#nuS)rrcz&k$ zke?~Y^E25hysC()Kx5-E6#&n9RatIq=dl+koC1w4jQFiDQrvIYN>D%A(Jo?(Acr%8 zS!sW#ye#y0hCEM;@1Whtmlf>YUl;5xBVqT9V(Z-?+j6K8gVE}scn(wte6KHmk9_f| z#P19CrXkrsqqw>@$gZp?!Q0UR^4C273+Kfvb1XBdYZ*9k*}Y_g;Ks{yEckJ1hx6mw z97D(6w-OAwtRLSXm~wTFd42%i#<$e5yvN5PLm>Y{!9F;hYrv{cY+%m*@>r%YACK{| z{Gw_sRN|e2y>lV}jFN{DSD?LWEFsJ(?6Wb4PChm@UnhRQoBxi8>d4n&K)=7u`$3VH zJ}x8)=n87{bqN3TO9A^9Z=Ybf%;E9Y_@|3HDSwWrvy7vdKVK6nm029gxG02NdHzJ* zG=HLQDkC!P_?l3;ETIGsI;YMbk3&!MM{(#07kIxpR!iwVw4vzQHpseUbsOBzlgIYJ zr6J*hXahSZjVtyU#eouza*1mH+z5E-{ST%1y`U=KQ(`O%UV+ay3qBA=KmFBD{_AdT z983PTT)5?2YAXrA2=j&0oAd?=IM!z3A=R-q9h!&DmJcqq(JGf(VknN}OIz_D_v)*wS4~Z`O_R%(f&PIe zlyOJ7xE6PGh}S&;+|lVeHYmDslou*f#vNt88h3aJ;Ev9L5)Q2d;CU=+zQ11;ZK$-0 zcI%r&tDHI@buW;*LaTTzCBjby%Ru<~jutoMjew@y`}YOj z&b2rp#Qrrl<#+;}W{Zv-c*{$jmQvWxlY=@qRz{CoqRVM zo0p(c+1j%~WacUFUr{&uuGW1y>gFYIvx>@Pb2~C-QD6#n|B8N(Yi+RYIM1#TCDP5U zyp25CP$viTQSLwDV~94`b||`e8y%TO-bNGJs9FPlkHFX9M`8_7jh4qNf;1!ORTd>E z{6={kROUWTWB(-90A+X^rbwF~luJShp6`g45PbSG;L}Au0=s#Rk^xz5lnlsH&ITm% z5xo39qW6(k61ks%GoiKRD`ls0MN;cLb);obS z`g@qaQ3=6(x@cy)C~{g?hysrx_<+crjfYps6s3`74T1?ixh@;}I{rJ?+d*}T&-X~; zq4$Mj$cQWv3Z>$apbj$C(5S5I(e3uPw))4Vfq~5K9^_N(arGp76jRSwWOQB*%BlYO zq4*F5A(Wj%i6L1Yl80O^Elqpc4^JXQ=47xxg>1=x;GUZd^j}(vk1){HB9?(S!Bvq)G1{18?=8ZS`I>!9&rj?C- z(``O;=SKfJIU z>@c`JdcEGvj0VLr=X1O4_HfAKFzICfd{B?@qh62G;W8ynGMVz~Odf~BgRrEwAo7Jk zX^0u=#21`~NR>nXFoVF2PHxbEobU+p+4Ibyp3aY6trI!mp?s_Pog2jX2ZKibo#{vV zUH*+*@aG@+Q1o*A-}s@(0{%ZBpEI?;duaTu?xC@NxTbq}^sKI-v3sY;W(ouSHpXbg z&P4`Ai$Q0GDGqvRmkskq3yg6ngW}TnaYxCmW!`_53|x83q=o8lghM6!_7^vPk={pg(S5vw@Y9m~_P)25K#51rXSG?7t=qx%& z3!R9@pyi4$dngjV|EVT=fE=xg5I|=$DtwE}W|03tQYbgwlkx?)D{qm8q)Q4LFYRGx z_ptd6b~gSuUD70RsWG^$zCm+U;^>cZZg= zM(13J3_R?Q!j&q~kMsqJJxJh3>R(bMA!fE}&?_9Kw$^+F>5dPoec||o8&2*}qwvU? zVh%GoZ8k~E|BSP_x!LK=wd7nKGb1TSDDLViT=bOOl1L1D`~Gg*w`fB|)L zAt}^Yr>dz@KVT0<%6(WEky0krp_qg19lh~Wq658cu3wo`xx9}BeJ$De37`4Y4eM9l zec&?%ITPNp=a$WzZ`pGa`pM;KzNXlbz!&N_>5SddU?HXlu~EBbFi2kHr1v1UgKNU9 z7j|-FMkvgS%AO3^q0|xVPV_6)pJI9=m|FZKRB&-+2}}@!eq); z1ql-DSA4glF|=D(u)3ynSz^e|(LLUksXfFG09omRg3C^@t`K&?<-myA`9q&xI`Db4 zNntz5gXdH+1oz)^%MHmT8+*EEm!wilW)XX6N%ELwD^}ub#WJ>KReIAU8*;e~muymF z3~jn(Vc`;d^SP|i1)0Cdbp!Rhv)g={SBpe7s&DAFt%fRV!0K1N2?nHvwsNA?LE_Ef-r|2=N0m z0=;x`zzwGfH~gmqA!|?yOuF?hGJqqUr*O47%AUbK;Tk!0>#!Sqo%xK(oNep$9TRM8 z?}?uo8R*WtwtwaN?V<2lpZxM^mEA*qO5?|O`F!45$S}I3XGy|LMz_l>38f=**d3Qj z40{?8sVS%~As9*PMH}Go@M<9sFlR)He9Q%{K9JRKnv;zUF8^FO5Ou)>OL98>fk~5b z(k_&^G$gK_1a^@Ew>rc-5Q=n?g7GBuf>EiL$8{I_S~AYf40r~6|FmU`0p_mC2AR~f zn`e*12ist9IJS_EcI1Z7-MeXE;o473lzz+_Cq8lQ!ocTP=k0tQNU!qGoGz>{bVV>M zL}E5GxJ8>~GnV3G4zmx$V$SW=&$)~Uxyg(k=Y-xoVVraj5$geq%tMA!+@JS_#Uzn% z#9v1j=~f9S173uk8i6?=aCaj2R{@xF9T`ITN2#3xFIFCKSq=ZM9NFt@YAKU*sZ0L z*}bJ>yV&Z|!*X`j`!B6xJEn;)sdNZ*3A&zYIwe1kd8x!sp&VOR7yMCjNRATi;n~~+ zWUQf6ISYL9Ok()tF3==;5Hrn15pW>%$=zY`fILVbJ>lI-!i$&~W@a+Sjq_e8#U`DV zFesH)}ErBsBA=4oD*>jzIFDlOU|weZ;~3w1#rm87o2|DIa}V4x9N-uLIcWw zvcY35sQD`s4`|{o9+r5$)3A!_C8o_ zQcm8Lw7z!KQMR?l@2&V9c@S}q|A6m<0DdQ%2EVkq(C)OEO)fJ`oJ~GAl4bfOhu?9r zT|%}7$sdHzP{8e)aM&lzrb)lp1XTvP&(@pcx*Xqtc{6PXx=O%2lnrv(N3HQR#KRTw z6H_Pj+_mMB%TBnb>%>gO6n6t_Bvah=e}4?`BTi8EZ|GxG+Rgo5xFPi}*xzQy{F4y94QX>a8g5L>&&JcP0=MEw!%qY+qG!azV2Rb86V0C4T=(kk+^h##8Slt0+dBO3&u%~F z4}Umj`?LQ(ymc8ZqXZQW?g8edymSj$<{{rRPIjJIlFoCk+oXfLu+agvpOJPQ1SLAQ z!4}|j!Vmh@z0<$ff4~1RzYf_rcRS#i+0IUFIltx3mIn|-rzN{vCrP@t7B=5H>4!_; zWI{W}E1V6?p|~sgs0~0V6?OI zoToxfVTUW#o5}P-r5SDtJ-u@5Q>zEhT-(vH_RPW6pBh^^8kt--+uXW#IGr9|+uA(4 zZZa|oI@67qygy(+!d-rzV$`-`@i0=z;jgNnaMi*Lg-F;5k(Sp(li(o>69g!QnMrc5 z&Wu~H+=9O?vfs7Qyx+1B5uSxfozUnAp}De(l$$*0MkcEuIok+JI&!!{EGq2La)fLI zL$`Mw7gWp?T`uePO|*Bd?v5meXVb|(yCNG~Lrd4#W9{rmUQ_9N0YoX)tu%N7?s&Fv zeE-miOVgz@f>wLf`D?|rWg{Y~BN83aRUS_XaW|vL%lhSm7(OSJ-9#C^z}`HCgve7! z2wo0k*U_+ZSxM?1HbqA&QH4 zW@3HL=Brv-jEVi>ja~bV>listsK*J3BdU)($s=0yXF-1PGnjFgnL8~GLk6+oH6OQ{ zPyqhhHpRLpvYFBLNLNQ=f6AE|T9qB^^mT_JgZNjiHyGQ;+MC+?4#+omPj`m`ZH0Wx z8m}eSy(BiYp*z^H#_e<^d(ta5O!g1-_AMo1NcQ+!*!Q5v^V9igQzYjCE*1?7#voFD z1Ym6GGWe%mWp@w^N8QH6w1RuU^(82f8c&2+x%uowXn2`>){^R8)@riIGy0Z+;Q)K? zq<`LW#*-WJJ1<>W+B(yCT=Dat?BnZKiO;)4`a;3FgshW?Nwd^U3jx%`Cr}n^7oaU0 zAWj~!cyYb!9U|)j59J|qg(%!TZhf&{gw7V))8wB>6_8O8H^z=e?F${F9ubmvXvEX9 zpC&*;Sl-@^scXt%dEq%pk)$XtuP_d)+R9?#aEE)On7nW{qqK+)?((D=j!_8ABL(E` zo`!P9pJ)nDK;F*g|3*08@sO#Ym@P)d>i2{i8xD)c%cK>!dwU+SGx}ju-QO1?@4G%S zc4(nVZJ{ThPoEj=a4hupQd}@*$`5q-uk!h%*#4%CR&AG)Xrdx6pMz)1c*_tTO$<^@ z0E81hT#}iq)nMFCk)?tixwz4;k2bb?`zJlItmlLigRM#5<FWnrmyc z1ibe1*h@O2Nm(VEjD~o|A3@L%qbKH{Hd?H@mFBQDG1!(Jcj;W=lz;g$TDGN&$Aj0n zAC`%qI4I>o>8)UxbE+9NKDpsAJ~{czkh+mnG=vI6Ko~f-lCcU$9ZZX>8H$`p5)hGi zTxVWTq>jb~Z#3#{Z@$LiXpcv(jIC4nwuTCknZ@nx&q#v0w7nWe#i z!5@y=oIZyY0V294JK8pHST)w|Svle99iQHCOzXsm73oQc<>EB(0nmJ}H2biP-|N9( zo*&})K)$Vlbg3x#}O|0#R_4IW6xu4J#<(RnJ$=71jAHW6Z`_ZW`wlG3lm*$ zD%241$b|%6HHH`T`D|pt=}aJ)Mr-8CY*zB&OiS#Czp_TAvE79ic-5gMwmN=_n1EVv zZ93L~?3uVi=`M{(g!-qRwLRf5erTWZe1k)Ni#cL#aXdQZw`6BSUVfVE%#7$`$b;zU3pyP(Z+^1-KUS1p&vryC78`h0 zn9@*u0oXDit{2*k;m7x|W?AW4%302xe6c3a71q%n5jHj4UDZKT?0~2BWo8Hb2^|S6 z_+{CI4{@)QB({>Gn6pj6pt(`Xu1?&kJfJ)dD<6l$drf4W$&9-pm>OXtZ7n;UafOwZ zz`U%n64to5F4kmlqON6CJT_C1eIziNiL^Jx%(M2E-r=}29FF_#ZoN&P48+^hQEO_n zFYns&%`Kg0ZQq*h*}Z4aU~Wm1SCN;=dQY+~y6)D$+dqP#(_G*jgq;}VH&}k)cZ$Ue z-%0!qEeYnP0D43CyhM8bAdFQwd0C?3?*Ne<;2J((Bz(r_d*sC1PqsyLbj66*Arcu{;2|nT zf<0GucPFH4oX(LDWv?Fdri?9XOtBk_!CP{9-kWV_y!W2PmFYoPB{j8%NP;~o2*Skt2=v6n9K!M zm~5x6?-)+GvEI$d=Rmm;eYnGYN?1-}FgQ}Ud_zY|dDJ7?s6|jmT6&iW<8=}yz^4kT zTzaz7A1t&(E#e6v;2HTnCh?B6v-$6Mk8_mc7e80=o*PO8(N1JR@%faN%!0jHiX#Ao zf4`a_lCzRREIb?=_!+}!^Hq))>@bm;ped(qI(BI$6&qO7-n4o+(=>5R=hLs_XmK?* zdi=d@ac>Gv;Q5o=yEcucW5dUdEZe#yx}x-8xOFhmb!yh$v|_M%G$-y0mx4ch5_1=j z1_~5@2~4zouL-h^WD9ZKQP6I>(lYJcFN;HlboNL<0QC#8gy?>wf%MP)IB8%VAXs38 z8+vkNY3tG!|7mRJqn1EpB+(IcM%=AagD=e*lcIV#<9#_Ns%~u;%GdMA3RkerU5jS&iU&6h>bY= zp2gaf^+04IMf#rt*&4e!0mMRaj*`pAV&V8TD7`NvFljbvuQM9;>Gm39!M(l)M2hlH zv&ep%bEAWck90j%P6=422V%I>R5d^3=>+1zRYE~Gi+8ur`tr*=raPDAeY0&nYbY} zxm?|mOlQn)M~ar!zL?+Q4F_YZW5KZ30#D1;-W1e@u`YAEu`!+KUzN*kTDL3|iB3+h zPIfJwSbE%X_|cVIJv|wXgqE$_l*_H^Plz=a_apPLOCq(IQTf5*IR0QK-{lR(a1chh zFu+<|T>K~emEvLyDnBUw3J?amfyaB2m7m7@Cg_!T`O?=!c~<&%(P1+(wfw{Q>+Kv4 zK4a8Q=}ispkATz30#4W=bK6J`CzWj@aeL-S0!)U@6El;Au4ebN_=swIOMUwV?^_S= z+sDw-n`)mQ;O`Ot0(j1Kw7d=cUTuGgHoT2G+l;J>A@z#8x((_-^og)<`}@QD-_a&{ z)c$iloBSx?z6dyj@&Xt}vYK{vz}5pMSY+Qyc4}NE=WzE4I7}bevjv6*S~JL(G^oN6 z|M>uiyI;UTflP321j|SMCE2gSi9BA^?w17|7M9?YP{4xxOIB{Jjdleb+39gO>GGE~ zJG~!MelNhvR^<1x2DHJWOcR|C@7&^lFy zr}1)ltzHBs3jmxMwDF31sqX^rMa)aQ;78|Ka~hC}0UbA>OTrZ4Q? zE?<9L`W93uJ%XEzKGUF&i zjU27a%^-ciHARlJjq?Ias~R~%8~1orcvA&?$l;PJ*aQNkbA5}Ya z1o#8hW2h=pJq81i=q>pYjc)6%UR<~MgrM8&ib3+w5On*$>foMO9M#}Pi_u&ejskzY zCGRQMcT?$gz&Xj=p!9k%*vbLLo?bk@4)*TSJ7w5+is9yJSh7;CuJ`6ehX%XoC?XjF zbyThQv^v;(7UeRmTnvlOs<2<;u*GtJZ&}PQeopjvF<%^LtFHH+I@kk?sWNP;7FMOp zgxj1h>#l||7|~Jlzyznus|Z=KW`cfK;8eV3aDXr`S;;{Ki73Moj*2>O68I)F&%iVw zWob3+a;ajPi6g)ZoK}4$hF0++Qz$|WXgFPWp6G7oIHZ;tnBrxotC~4dJ1Sm-d=1eE zAVgO+g0r4ZjAuB`;p}Hd-PNV{us+}wSm~9bja+90&OKBI_eAM08r)Bdu7)xkEXhzG z;hd=NrqUPqdZX8+>x#An2UOP^{; zz6Cri^PKzZ;GQUbM}zwg@KA#*{gA^E9*X*ID$SR1YaV#W0R;{ae~Gp$uy>a(E5lv} zJgkQOWgYCzrG+x=LeUnlhOO_zJvDuBh|a2ef$;ljnP{Kr?=7X9IX$C&b8|7Ds;YOf z9`?Y|VO8FcaF+9ix~st(a?iLQ7tDbaXCuj{f#bK}BP*~^fG6azKP#9K4~1Ax;?}BQ ziT;UtZvw2qi=P2sTR6|zTJ10aT&m+|b$3^n3FUYh?28&cwZ6>F?`iG8UoOzh%d~tz zJNLY!m3bTdFbzb8BgYZi;dm~_b4zvK`VoTxW#BRbmbkM2c;BkZ95_lDnlyFKE<$F3 z%tUz3Wg+1CA2j^^1MpmvnHGz6a8H!}tik;mcwUAxa5%zUQQu9a&zJG>^T2ZssNz_t z4)*TS{bktuf#=n*M4NBtdqUKEa}BI5UJYB{hkI)J;1Hcv`!L1pB|I1P-cow1jOR}Q z&#UXLhdpp~SXCwg?h2WN({a#dSxV-)OrrU#3fZLsr_ylQl+j+4a2x$=^_TfoPntTe0Jh>Q zh;#ieEb<9QPr2TE zifPeV(FaxbBwEI0L=7L96i9Jdk`q0CzCl;X&wl}@o#`NW9F7ybG91x60Y`ES)(eti zpap=k0mRNgm8$q4WYh}0iVuJfd~#)9cIB@O=HNcp1nMf3=-5uDAzj5Hf%(jc8-x zYcJ-fhUYtGH7~LjMOM_0rK(H~&sSBZYAlPN#hU$;a7O6ga2CFy;mjMwwn0t*ws=Jy z+!Lj5YjEE#c8zLqrSEe%;Fen7O{I&<_;OLPZ7By-@#R13VDBz{tPK0HV#in&>|(GE z_U6)kW!U?QZR6FjavkhFrMt?ocNIHCXGI?tkL9qyS+&2nl)hWW+3yzDOjOrPSp8Gt z4^`L$rGsVIgSD`#eg=N2sxIdtovNStQ^DNX4sC@jiO5}8YoW`jz&@_(HoZsGZ4#W2 zchx%C;%^G(;Xz225HPhpBjnZ!tXe0t9Z?TTa6-1AI!T_AgMP>rOs>#g(wA1?wE7y3 zs4pcr!NWZSeoW(E!$Gic%*s>S)4mpbWd-(e@Rb}E`mSpAD#41g9k42Iq4rZ&GASIr zGIz7C@C+3=Z7yR+)QeKvf);Dz)cN82)>kVeD07i(cbAFE(3 zU8EeVg{3o5)QdAzg>`=gIY|)$1DjO9bJ{EFuE2vn*28mcAnHFNJam96yt80N140$Z zp;etH^}SL*=wc1LPzBb(a~dc54;^4FJlE?T9Ue5XzW*VoRSAQ+c+(uY-Gn>*_e%FN*EM8XPn^R3GS}THj5jTR1J!DUXzHEVhht zK$R9*>tOFz=@!A>QOqx?hRxT(-duX3T<_P5EhE*ifjZcGN)MM|zf#PL&Z>PlmBWI@ zsr|jB^fIS$)Q2Ayr^c)6J+2P+KuPgAsDt42` z=VDR!#^;QNNp565fKf1LNV^}kkJMw*_Q`m5koysp$= z3%__dU#m;xK~<|`&;bFIOFt~*4B)U2G~Er!1g94x?S4CTg|AiV7j>|j z?uKB`DK_M*VSiZ%tLbhC_S_=kDOA;4-v>>1Bl^(LS_Qip;q?;UivDW48-l&8INbTy zU^U&%5n#bn9?PERcni8-!CPprZC{m{w|@<&JD&*PR6VSUvnp(Gn7FoDSi(P1uZpjL zRq=JP$T?PRy+z#>coko(;W@W@Gbt3QE~kM4m&P}8Koy@~se`>+^-Gh%YFD{u^>9D(&0%COZY7Mdkg5hdJj{2q_}lcRlSR?b+8AZYu8}!sD)K| z&CiJQpBdOTU^RFye#h8Fw{+shO+Cxu+ah18!AjRw!L}X7!_qlU{Es-7!T%8b0>8rV zx)%Rbm_f6TFgIC-FdnJLVN~eu?^89+ysy zVg-u8xq`HoB8^m zgB$D^ZhZD57htw2*Bm!HBlipi%arntg00S+U16f&@dLNO&U z9oyqt>2yq*CnPqX&196gX+lr8|=}9((tm}W4X%CyHbvB=? z^oZVScU#W4xb3#P?pk)+U3afuefM3rEi)^=R7ad`E* z|AWx#EWtg#TMB_*+1!!=Rs(L>3%rcW|7UwBzCSGMxsk01yAEUWgPsP9(;E*2ldeeC zD<_=|ZUgcKMjN8ebS7yBqB7}0;OW%jcO{49eONES8w7Umu2)_`r7u6z-KB?hQLi6X zdK5cmu$Sq*DQD2zF~-=;l31+E&^4^H>Nzf}{gVw`)4`+#ImLF#pOO5C|DZRxU6R${ zLT{X^rYJ4&$yEvF-y>Evw4G- zSO;wU6zP1~#;#Cw@WBn@CZoCFjwPBJ&3>n14y6-~9)k^$CVF1(d8J2f&GkLeWR>kg zZ`E@ST|wk_ZdhtWbpLVrPJcA&$MV)wT^}3eu zDS^ayCcAeYk%=9F3AcaJFm2b&ui;d{Bg%HZa`M*qUx8Z(`Ey}sRBd=fPU8O%(uV!K zvd#azdiDJD^nBg6mOBtCNlnOy{+)__eIx9E+}J67g`ltC-RJSs_Ev0OBrx)OJmr0k zctS9@M*^T;gi&$5awzh0gf>$Bu19>F+^OCOERdr?e*zv(o-d!)d4BEgPp9l(yCr=c z+CLlZU#qr1Pzd=8o_%OnbO337+{of_}%9Bukg04;Lt2BzVnAZ3S;2l!(V&l3unVt8N@*9e*G?hw;;frqQEqPDJVm9(S#& z*~t%P9acv$?2mdH(yosBZJdmFO+K3|8i}|Q(V&@m91ShnE^fgt#(oew9NG_D-@~@O ztm<%Zw;7?U!Ncw=iJ#!G(zR8vfjZq#oo$@%LBLjQ;~F|pbHz4}M{C1&R(T82Cz3UJ zJIagDE2(AQ{vf-$y7B0$``8@eP+<+4P)%W3PehLs5%x_)QK;BIieHUN_(!h?VWtbQQOsfuA|_ST!>|YZRgOdn+|>* zbckx3?ht%7vE@W4EON#uk2!ew@yVK9=>|`OFC4_?%dV>5b<7-$Cft!o)MfLTypiA5 zZaRJj(R~^1xvygt1rJX;TNa^fDskmRx=^9Jr2WR>INor$z>##Ev|l)!jw~ZpTh4|K z)L60QtlDVh`pe~%|E>)v*`_?hW$J^}f9>u^hLyNEnb%uqWD{rC3HR$^AyW%^<&On( zwu{5^>tX?0GcR;Db6qxTj_`Tm8&~T$-?w7CAFqs;8^tOHY}$%ptk|?D2ab@v$@eV3 z->TlT{tPa+glV(bvjUd(EQhV$vu+QE^_KVSnN%;|vjTQ`>0h+H_*l_L&_W(qros(M z*K;kRf$GLyz6bBQ-H!4(JQ;EC_m(IxmtHQWJIve$9DLz4Y+Z5Bs@l5ZGzBLq7uY^Y zQH=J0rQp&boZ~*2+HyPBDr;AMkl{?hX^Q=8tl|x;`NVf;I=7AxM+lSGw^g%O`QWV$ z*PW$VxoV$B>WkfIR0`Dk2Uy-#`a;IPN432zRNLPE!W)Zu(W9f;-h$7+1zwq3;BN@8 zm4Zcr!b5Zh;TegIz^Te52#o&e8#8yx4_(%A0gwhbA@nk;-XHv+%ELmhLHZ%x&{)0B zhx4ybV4c9f0?P6*i;WL+psM=HdLHG4um(x>`3Gz3gYN~W1ERiazI7GV$y`gcvr6=n zXa-=>Pqd95Pzk}eE*6ia3sQ|IUOb=Q^Uni+xvc^C%(6|wzZEkn%_d>-(<&U{^{d3MCW*Qn(9_W0$^SMstbDfZMTX&me*)%Xcw!dp*;~x78gbE2N^AR322Hq%c z5{OA8?uC0giNw8}3x1Y|yX@)AZ>pagXJ+``)CDG~Vw-Qh zo86hATy8MqwzvZJiK}dWr`d?Sdw~YG(d_iw*oHDcy)rPdc4Kb%%(d<9Yqt;QX4g&x zR*w1$Yi61{XGb%c(b>+XnKcFfidrce(_f4G+}6GzjNYqppPSlm`E2$^`6Cx}Tn4wqfFU0l-7lA3#bfen4loA=uE2?l9=cH zb@1Fqv<7}p(WO~bE-vD}f$FDqfn3Yi1-7Cpys8n;7Hv(U0kJN)cc?AH?;UE(v=<%O znlitvE5q*}YRh!gw^QFYeh*PwCR^7I?jxvgv@T*i{63<#%!*>Zzq)USmErdiA5iAA zXs2wy!Pf=$8)_M`E>{=ZmZ??@SeGm6;JF<~4g4j=F3suz>+*dLuiA6)b%8xcZJ*M` zww0m*bzT0mt_-*9s4bH(c1%{6Sq#>d;r1Q1WtP{q11|;|d!=vO&ZD->aD6++@-kQ# zvf;pZxV=YhnbV7FHrMoRw5|-d`=~8*Y+V`XWQmTQBlac1f__22?N3JeR^(@WJ76fb zrm!~_dkOqN+>c0o#PSh6^zgQE4s)B63QT_&?;@weOF@h&uWYk)VWD7!3UFN}mX2NA zobfd`XVPhddAC1=K=}xS*6MT`jm<3~4;U04F*A9D4m#d4@KiQtkYdG{sYIJxIuRc1YBc@oU0pEM zigeSr+4khjBld1X%gE|ncywgIw=KM61VM|&P2N~ z+MstL^2jrYIZgVfPW8c!fXe86wIeu=Wj(ph3qR2&gxw7W0)qns2+)v&c9+7x!E@Xg z2ttcIh!9-($Qcld91i!!;6N~)Gos|+z~BIdXae+L0MGcd!DtAuN8|k~o10hm#p8YS z*&i=`-HPnc`2I(;L2vL`%zFI12C1anA-%(4&G?+2HSt!ZQT8~TE*Gq}UZwzSXe zbz5_hq&0C$bBy^L9eSh1rGrua&BlaH=du{}jz&L=HGhFJl>5;+lhrFZ7Pmk+zEv)Q zPo@};B$-ou_XJ|W=CB@}hzd4nyuXm>rLY@46!IWXnOIxtM~>b#(GQ9X^dLUr0RCRV zfrk{mO%hO?ULC|kj9xWR4Tfk_bRfDidS>*hsA0?)WoAR9DKZdQ896g@RRnJ$c;gLt zo4jXwbqHbRX~La?Zp^G_W*r+hvoJ#_%&;U+7@L@}kr~s>m}2GxGdEmpo;C+}1ZA^t zhfg**1{`NP6oY-hex_Y9TZgT(*)(jD$8PJsw_D!PJ>Pvzx6)m(IHoM!th;kx-^f(w z-sbC@<&&GwYnInFv+-uu{0Q4uSl^tVx~=)%W_d^ReDgKUN;8#de!x84oTWm0v)5r1UK1NFr%DtfDQEb&~G-o zcPiME>ly4(dh(Byq=L7-d#XFnl6l7R?!5f#Jd^Sopevuucjc9Q4uB5=4xfbwo7?b- znif%$E0@f5<&<25Ey>JEGTrIF-Y=W|Y~*_XXZ?$QAZcz7H@Yg~4D?zp?$b7-cp!`sf?GAoEC>w*pplk_B&MxPvPGxML z^8x3pPQ~qIm*h&ivT9`%B4Zoo<#o!7j#M-QwN~GKRhx%zLM!H9)w)L|@|4cuE z=6CnYu71Y)*=zm3?w7yP|78F3{mS3<-`y`S^t03Z=lbPi`q}b+Cfz_#RGY`)nd=Ue^0^8*6)n6$-Xw)6|-_Ep75Be<2kb zf(=vmwtcPbTWv}klyy@lwy|ma3Bd)X+7ge*(pP)X;qLCHK0H6zH8R!r2z&g&wodxo zSLn^;r}p&yO`m*DA3Ld!t?6TZybgR4M)pNB`OHX0$vp0hOl6L1VJ-PB?T?i9J($f+ z;q&na;~9J|N)JY2^jUb&9j4EH1-sofWo!?&=h_uZdz@zKOXx=2lx5Cr(+SCNAv_a4 zHM}o;XV?%7GbzkQ9uL17mcJZk;;q8M?r|!H(+sM`! z*}X<)GBTU-Ogl5$S+Cu>g~BZ)-KV;BWBc5nMBs&2-8$x;aLcc`f9;mpZ zm+^JKiJ2@XzzKU-&na6^x!{xwF4%=Hq=Z1GgA4FQ&r1*C7xAL}Hwr_{|4ab5V%pjZ z81d$0@r+;cqOPrV<#}BKx?IIp-bzm%&A|LSpI>@tYft`yp8VE4^#U*GmOI~@-@28* z%3pxL;~Aaaddk*3bzOW>i@Wm7^-|AEJ^5GgV;7Pz0J7XS8b|FfR1kx3ReDKtpboh_ z2`I;la%lRi>(D89)kEFIk5i}&J-7~`SLozcK9P8pr#@4!FgSYO-6ioZ;H~&%_|X2J zj3;#lXcp*;fiqI@%@AgWf8*It&+7Z5{Y~Bzi^WR!v%bxXZQPAf9c!! z{!&c*IES^CUMLmmr##=#@cxHlF~;8|P{DWUHCy|EAmINLiTqFAWv}2VCLxb^ArM3` zeO-e)my;!*Lzj&^@Q)#_$}dKH z{)ikk*w3Bl4Emx+IB=GpnYmYa6FnFGrg{kuP=KROpwEOmzavN*AmG&cjIebu%6jB$ zz$npU8e*@gm-1{--OoQib1!>lhCQQ|qxz|wLDn-_Z`4sa1b{$caPQQ0;}`p?Vhp~}_sz9AZpDCefeFilh{jkfqS0ffd)^Gf9uJ(G;;%+ly7lq{cHnl0)k zpItFuG(IY4#jT0WXf{B7Y(?4>11Zu`Pz;k-z=ug$nNSJpz<;d+R1@7hX>}RFTQ?P4 zCZk1fN18s11J_>YlGOPWD#Q;4EhSa{I88SnPD~cF!K`vBx(i!ySorDm-;*+tDT-%SU{EdAyx@9$2+dBv5I3% zC*h_6U8RvDN{2f|%S5ZocD?^IT3gWLd{!2^0WbNO3fvE~RPl-sNLc`%|t%&vXVPF#r{(CBysx$3@H^GWhxR-+ju_hW zv|==DcoS(?y?c%`mi21F8MvLD~>UOl&bS)ggdkLPC= zN;dout9mE(n~2X9cM2>9RWA46EOx&IIi;)^fns-9^k&?xpee#(w2U9rHdY92;2S^v zyfw@(4hzwoGX9s4d~VfFQTQAYUc+iov|%+m3{FfH;`!PYgGo>8MnmG$&Iikw zTcTuWeCBAzFs3_c7}Sv1@6-mZwYuLeMxYGL^Oz3iFk+VIR)#M+tpsL=c72L!OwW|A zQ+Jl!@cxaWzJ>DsQt6S7SwTN!lOSY#KGgcunc(%&rdTLlhv`u1hkP!b(PAxWkCo?H zn*#)Bc9^W3l55nqJO^}eiWyFcwIs9=II{~gKo}!%MbOV(eBbf@N}S+<-tnWAD&*^j z2acD($$p}rpeze?P-?sH{Tt;5b^PT$$m@gp$AArp@YmSSG>t0G(I(>iuvgT_5gR0w z?c)1z=KY_^=b}PE^ThaRFJc?&kRF|%3FsKms=KQngGE$z&=rtOOykU*f?rU_hP5RP z6VWFNPASC#4#3PeGw%y0Q|0ri*9)BC2#HF>(e#%PxD-JXs_3{0qzUJORYLM86$^ob zM9%q6;wQ6$xd)N}yHS~X%nMRc#aoD3GV2XkV7=AIahejrfN~0~BYY;rqkjUIv1zc1 zdWUu`wH!1xdF#0M*?w%6Tc;9-Grng60*|hfUKAzUXeOB!c!u1 z^p7xrDgxD^?TK%({zS_-KfwEBH0W{WDRgReKEO&q{YoUy%Mmx?g%w`YK#JfM-E`52~MZ6a2sXcdDDRS!wlFxA8xDruuTZ_1gbm zXb*VvKY0FhE{FeATQd2-`ta#wQW?+Xau?y7zN$Z)>wd5PyYd|WBY|JU3tg1kUG-df zFG;Yn{Xc*Qk4le8{~|pteOvmD^j+x((vPK|NdF=Ir}UQej`UmU57M8dMW#Sjv@$32 zvLK7H1k11-%d<|_i^NbPY$;pLR<|Hj`qjsi)5sYm-+x_p%|Z2UtNy+InYNbp zrIn%ItDlvHnqO=GnB%)stD^pI)z#GhO_HX|JpEs}r~1E5$Nwk$cLe5(kPd?QHmaY4 zAMm^W1O8rL{{QdrUNEZ}m_{Ap8*0AF5v1;f!`>WW_Z<%U|3#ox$qKeZpZRXpZqd-4 zKDBQGu7AH92~_EQ^`|)G=;rd}UpGlG`gg&3c>B zVt3j+W?Anwk%CZd1592o>=k&^XiqfPkIf|bazs?;Dh;8CBdL%SWoVeI%}6SWv-7A$ z{soGnJ~Qyg)9SMf8RZ!DS&@?91O+_#UTH9T$p(&4yf;W5@P*>pC>5kz)n^lA@gJ(s zB$sQ?R^$fdvy9elRnKr2E7$L?>Vt>BhY6n!X429P6g8JWBjgghQGKTD)Ay>+i2KSO zQJ-~HFnTG(-c#Qjq^yi6xV#>tv`_9+pG{Jn+W}Bp=Bj6_)F(f$!q}>wT~+nFtNP%f z_se&lKfi0oSs%JE+0)hCom{@{yq)LmIDOl>$+Z`r(UDB9-EsQ%^X9gnk-X@vo>Eb9Vb#7oEFpSJj)O`YL(s_FZ#3 zcAl5)>KN*(eipD)xV^UYw)4)Y>eRMf+mpMtpS5G|!tJ}zsS9^)J7fEYx9vJ-F1ho} zDlqE%Qc1q_<^U^M9 z2V{v4Nf!d2dSIT@jekk}b(?e^AkM>IPsj7Qc()cXXFz62@@IO#9erNkE^An#73K;kRw5U0WAg!3(jXOJEh#38|3& zb)c0>8ETD6bYRwZN*@Lk=}qtj?;PA7sq}!q5kK@Uyp#cjdoXCe4A}W5>^%#1y$#+8 z$W04ZFgIw77v=p@0J_W&EMFq9&}qPZSsZpcNhu|zVXc!zw$>)t>@?#RtreC#ZOHW8 zfgTXP^}vd!4_VCyq(Q9FFh(!}ORF(y9CB|#nvj-ZjwhuRz@Jsp6zI@uNWyE8-f2DL z;Tfcnn1xh)3^3zZ$i~ORd+9{b#gnA1(#epMPnEXecJ3R}=cT704=+ehN-s*^lzt}t zv-E)UFl6JR^bjcIS0E?Tc-@=}PJAxHWrIx=OkZvh`=AFG}|? zy>u;)YW{c9Zy+;$0@C(=M4o>|`n7b2bg%SZ((k0-OLs~4N&f~p>r24?(~)oJ3`ktt zrGJ&a1-a`P>5%lS^mDBBcctf~e}{yAmh`Ulx6%vJ_oVM**SsaYEnOp>4V*a#D|9Y! z_fD+U1z6Wzz>| zInIXsyzfgT=72=!Vs6NH67xW|^D#dQK*9^bSSbQIuYtu_9MWErrKI_oPOoy4|64*d%| z8QHc^W!u~wYp+s@8pXR!~l9qeq}n|(xjL;6p4 zF`H+XuuIt<_EGjR={2?&QtnIA%hIdTPuM?(G(^iOO*yM|rMKF4f`!_RQ`+op8bKn$NtFv#Qx0w!ro^kwuo&GUl>`Db+R5= zZjCaGrDTh2m2I+JcF0bcSh!^m?v{PBUk=DYIV6YWh#Zw0WUL`F^EPS^s zo+J<(vBTGgTanhJ4QWdfNjuV>bbv2LbRwNe66r#cNmtU1bSJNo6!JQGgY+OhNiWiy zI7lCoO45jvq>~JiNnE5atai;J*(8U!VR6U+l1n_qOY&gv(;zY!z5+26yiE)zZ;}yY zBpF3UlYH_Pd7F$O1!OE4N5+#06WDQwM){*sO1KCIl$tGB%y@hNg+sJm< zk+u^&QSBys$X>FK>?a4vL2`&3CP&Co@)7x%d_sUy&>1D!E3!CfCU~LQ+I;y7uv=|Mf25O{1G?*5rC1^=n zik7A!vFrIlzHtxT)H8l-SqjaH{MXiZv+)~0o6UHS^GN9)rDv>}b4 zji^LT)J!c@rjay?M$;H-rHyG5+LSh<&FQPO1&yU~G@d3<8@1Dxv=wbl+t9W&k+!4l zX$RVocA}kW6752hX;<2fcBik=6#6=>bm~ES(q6PTbI)aX*qv&XwPv4?%(=oJwj-})1cshZ; zLnqQnbTWOHPN7rjH2NN$PG``WbQYaW=g_(IeL9cMrwd@|)k3<6E~ZQ9Qo4*Trz_}6 z`XOCKSJO3gEnP>~!&mY)(n8G#bQ9f7x6rM08{JNK(4BM_-A(tuUZMel&-eR_}{ zqKD}bdX#=dKc=71WAr#ZK|iG@=_z`een!vGv-BK2PcP7m^b-A?UZ!8rFX>nG3cX6N z(XZ)s`VIY--k>+>ck~v$P4Cd}=@0ZSy+`lUAL&o@0sWc&LVu+X=_C4>{zjkB-{~Lp zPx_QTV;ZJqgi*%e?TMbjt9lm549v)a7`%*RC0I#Tij`&|tPCs5%CYjS0;|YEStS<6 zDzhrADhp@TSanu|)nv6;ZB~cXWv{S$tUhbN8nOu1h)K-E%*?`M7RjPmG>c(Y)|fS6 zO<6P6oW06guviwy;#mT-F*|F?TCvuw4QtC1Sv%IAbzmJ?C)SxIu`Vo`b!FXHclH`f zVXw0{SP#~d^^4LH&hz({# z*ibf%4QFq%5o{zI#YVGy_7;1ajbR0BEE~thvkB}SHjzzYli9m$3Y*HNvG>??HiOM% zv)F7lhs|a0vw3VjTfjbG3)v#Jm@Q#T*)q1AtzawJhinyF&DOBBY#m$AHn5GXkZod{ zVc*_XwvBCPJJ?RPi|uB6*j~1e?PmwrL3W58W=Ggj_7VG-eZr2h33z%H^&>~nUReZjtDU$HCfD!azMX4ly_>|1t&-DKafTkJNwqpPS3)m74k z=_>20=&I_%b=7p$*{|%Ot_FL|eq&GA@9YouCwt1C=`=d6j=%~Zrqk*4x&U1pSSJ3Y%e z*qB-rH^is8y^d6+QbVd5)hDDn08yVNf&_qfctKNw02|`M#7SwE-X?IJJTTbQN(@dl z8eqfLI7O(piHe;(Ft#jek1?YtZfL1iV8~FTK`mj@1(Pq{=AaBe#n`H-tTD4F&RX?x z}q;z2-bw8Vv$v=)}QL=U#cHoHVrTS&$I-NOLFg10hMx;7C&LIC3eWD{Z&+F7@@gOMCuVhe`pQ29` zotVV~mI%#bSs?W7Mfn_2zP(?Opd3F%-(Hl@;X%n9M}N1+o9phM>EvxP`Xx|XP6l=6 zWCV1;9&=-lbr3z~=0R|W%)FcoM{ZtrmLty_?Dp66okgQ^MWZ_VwIe9kPtkW4jmi~4 zk|^cjfibD5ca5H+IKNL!QDzJ+`Yxidmj|qia`wH-*-sW{KTn+fWV9s@ZAlikgVAQ`WcJP{hZ6}8Ja$S)3`s#Nd4Aw_Y0im-4f4-6^lHD(y9 zMs->4oD5G;l3zCkdHfV^x7ienVO%jNndS6&`WlK(smP1B>bqs+I$)F-B!X@NeGm@< zyQR6{v53dz2^{2$>0c8E4&g!2P-m{&lg9_5+@N%KUT%@%8tC*XMvrT-FCOfHK`BSo zoXVpjpB9wk%25mPx?MTx${?3(gt1GFdk49F@nCNz+&Vsux1dOY7WfpU1-`gwfvWKq z_%z-EpAzUuce$cW<``?B)8mCf!Rt&b1`Y9Mx^mM3p%pyh34|nGNoEjljfi`U>41;% zAZ|1&N)_p@bZ@3o1&?@)yr761lx`GJ79|lAbgU2|AavaA{jzbJ3iWtg)0z--M;UfYb_8I+dw&L(3>!+4b4~p<)x^umO z9pMpUPL?y>Yv3{dXjI>72#l&Zx}+?JCzHf_jd3sx_H)8bn(hsZgQ!Qz2*OleBv4VD zydECoiNP)NTv;9%k+PHweH;)5r&n*wNrTdQTecDuR}bMO47S0kS&r;9_n;hJILn!> zj1B2tejL~MaY3E(luO>7qa4Y{3R8^WAEp=+>Nvi}SWuTSZX;t`%{uh-*b$E86>+VIYqje- zz!}WZxfLne5Q{d)B6cid$0BwtV#gwOEMmtZb}VAYB6cid$0ByDO_$6u^NKLz(B3%2 zjzjD?#EwJkIK+-a>^Q`ZL+m)jjzjD?#EwJkIJ7$s`#T={J09`l5kDUB;}Jg|@#7Ic z9`WN5KOXVp5kDUB;}Jg|@#7Ic9`O?pKLPO*5I+I&6A(WE@e>d~0r3+MKLPO*5I+I& z6A(WE@e>d~0r72!Z$o?=;@c44hWNHfeM`YFGI$`a6dR)35Z#98Hbl1}x((57h;Bo4 zJEGeW-HzyXM7JZl9j&*c^>(!0j`((~Ay(lmf=)QpXh5uuCj~g1JT!LTV~&Wsi{jiG zvm{yrZ*))>tuafYHD*b)#w>}}m?hB~vm{z$mPBjJlIRVyBznUviQX_vqBqQv=nbo;NjCam9#^_#JNGuCg$`psCs z8SN84c9PkQ^_$T?GumfH`^;#c8S%}CZ$^AG;#&~kg7_B1w;;X+@hymNLHjI-Ye8HK z;#v^bg18pMwIHqqab?7n5m!cB8F6LAl@V7)Tp8__5no1p8S!Prml0n^d>Qd&#J8G@ zb9UX!l{3(p3-l@|&7IdL%h`*wOM`N?_Trah2_OILCCIq}C@n^dt698Ik;)4esT?SX zQ++HM$d8C{cv6cO5pYHI{nC3{H0C|6d~BGp)w8jDtAF>1`}i$$quQQ~~cQi7W2!!pTgy(YCblUkcet<9{~W>#Bl z_SGVp)pnZI`pjxO&1%hNwPv$gvqi1hqSkCtYqqF;VNo$GDuzYHu&5Xo6~m%p$SQ`c zV#q3ntYXM2Mp3`WDu%3L$SQ`cVnnH}ic(8NsU@P+5>aZ2Xth<*YFnb!wnVFKiB@Zl zR%?z{YmQcHj#g`qQEQG-?Tt|}VpNP66(dH)h*2?ORE!uE17<(UJP58~tBPS&F{~Q z_!}fg`tA*rNyV~SilePjQT&mPxQ+2q0=NPcdbAiO$BS|-4jo8!Wu&??Qe7FTu8dSyMye|#)s>Oz%1Cu(q`ERvT^Xsa9E*Jr zi}-Qkr$|P+DNk?zV!cV(ozGSXcc>8^})S4O%kBi)se?#f7aWu&_@(p?$pu8ee7 zM!G8_-IbB<%1C!*q`NZGT^Z@FjC5BN zk?zV!cV(ozGSXcc>8^})S4O%kBi)se?#f7aWu&_@(p?$pu8ee7M!G8_-IbB<%1C!* z8(!l!K?P)+paL=yUKt6mjD%N4!Yd=;m67nuNO)x=yfPAA840h9gjYtwDR0??{UF1Hylg<*$&#pkr$9Gs-hh;T{Is4cl5Y)4vyPL!Oc)`b!q&u ziW5>(8SDyh3uu~~>DGG`T$7Fm)C=(N5Js_t z_6O)x_z$Yio$btU7`XAUz{%|iLUXxN%;t6QNT6b^$X8-MUKE6uiX60#DfJQTFaFZXr1ryAk=wgnZIQ6L<6^-M|E5V za;XrwU|%gfMd@RcT}*=@I^> zgq$uz$bTmwmVmv?Is_rwFQ!AF zqy1t!1UlL)raz#gy<++UI@&9yKPG!5|BZtX?Tf_vBhkJ{tUnU%i^TqoMEfGqu1K^e z677h@_D5m;g8rNAg1113^+#d-QCNQz)*prSN1;7Yh!chOL?K=j+7pGiQF#8M5I-96 zqtQOWlT3EOlORNV!IMBo{Ak3FM*L{Rk4F4x#E(Y&Xv7zfBu#elND@NqPw_|+bi|86 zd&MJ3NJqRF#EU^Z!P_7o@dR%J-G_(v#-P38k)+8k9!Wxo_=2;6j`)JJfsXbH&IUT- zi${~7qrHN&fsXbH&IUT-3(jV;3(f{1_P5|{pyT-#oDFoeUvM_i(SE_%Ku7xpX9FGW z7n}`rv|n&G(9wRu*-Uo9*&syw1!n^t?H61Pbi@^04Rpj6Tn%)@6s%w20Gd&xESb&E4Ucwh%2}l=!h%0 z80dIi2`&aYURQ#Pne2jlL5SCp;9j63j^JFNBaR*W(~dZH>`y!5*wIeA&B%X8V`BJQ z6cM-j#bf>Aaenc5zj%UQ+~yaz7sai9^;`YwxBAs@^{e0NSHIP-eyd;oR=@gV{pyeP zt3TGS{#d{IWBuxn^{YSDul`uS`s4hLkN1n)d0gQlz-4)#+ax=`W`LUTvDa=FeQkp< zCBQaGG)j4xv5FiMK=V4lNk_F-9k z5VBg258dKxnCz>ESECfS_?jX6>M^S+YAIjM@CaL&6Uoc#`oMybegRotPbTa*&~X`% z){lo!wdg1%;xj{>Nk|cAQHl6!6lV`oc!JV0cv2(4Bwx!UU&|z4gCw7Y;yj3D>F}W( zSd*>=#h~>Dl+)1EA-P$aGO#?QpJqyy!L;hI)So#Vn`HMZj6 zRN1Lwg!SrGVeNTySV`U$*2F962BCH$HI#A*I>0b?5F3sMu?Sw74bD-b$e4-#oij$tEa$9@ah^} zY>F*h(;~iemvBu=yAFx4W1@41cHx={T{^c7hZWySdxBuaeMwkNUlUfwH-Xjg@v!c_ zBdlx(@BO^BdRTcM3ajcH!n*kcSOxzEtRxpX0k9&!60Ek5fc5k?SRLO3)|D$cir>{R zSc4w}E9sM9b-W8x17WRxU08SD5?0aog0<(O76Yv6uL7&}8^L<~R^m{a-`>` zk_lW+=W+p;E4eJ>ayOSpxjfC~WiG$v@}9DAh&)y#)o@vi%aUAH;4+-cx?D)@WnC^|4ILaWbJ^IP zo0h{`c;Nj#vvUb^@0@g&!ewtR)45b$si!m8R|Ik}mm|1*o68AYPT_K<$0M28JT8}m zG_ws{?&R_?mnXTr#N~A^f8g?=B6S)r4P2J-3STXET* z%Pw4|D61@Vy}3;1GK))PS&m1itikc6pbThSfH z>`d4>G#GXUje~tiv*DLzCHyvS*X)PgNT*>Z)HOg-(6(c^6~oOK7Gk&o!*v+0!SD%& ze~3`q2E*AH-V`B``ER0@Lf?s z^kP&6dmAO{7OxdAj z*OhNk!BF8`#Vl~*-8b|!)Yut#SRY_Ixv+~aAHJ0|4fbm-hW&emnw_vi@ECZ%y9~S6 z?!X?uCt3nK=}N;cx$3YB&J6q9;$R~iDf0gac39dEom?0e(o zwRxgETy-2@I|R!Q#qz_j{BSJ)CYB$84Le zzYEL5{yN1z*xx4FzZc8z!}9yF`~hI&^?+G729Dh3zdkqGw|I}0(~jq11?{^$4Asuy zVHoC57WvR~JRf?D=fgfhULN)c^761xP~^Xf`6DrZBj#_y{4JQj4fA(l{vOQVhxz{v zOJFa)xJD+RB~#FnF+8j!^5Gib`Ctjp2TOQ9_;cmu;rbK#!!Z9%%pZaIg_yqy^S5CB zR?Odx`Fk*bALj1|ZWRu9%HRDp(Y}N2o{H_B$-^*_4(;XX&|aPnJ>QGfd>eUB&aEr92<*DxME5=H+20 zsmOm5^G9I*NX*}i`CBl5E9P&*{JogJ5A*k9{sG`vL2%`V!3?i~_C0JP51}n0d=tYh z814gRQ4VHh%G@prX0LWldzioWguSfFwNyzf#-T8wgC$%COL)F^1nMJE--`M+)c2$Q ze9Odj8m1N3TONiZG2DjXf9Jfsyodi&_wdVKI`K>Szvq|k<*52{R8_|Ne|A)Tc?bV* zyMteH)e3?uYC;89glEly8@%MIg4@32s>-bIe=}EoIjX)KRbM^<5To|XCjc*>0Q}E9 z0eCs8z8qCwj;b$5RWZYVIja88jH-mp#X1EY&R2EZ3~i ztkis{S*2O6S)*C2S*KaA*`V2|*`(R5*`nF1*{0d9*#U3wz5w5jS2bV5cMNX8mke%m z|C#r}8|Tm9i}R7@H}EC-CwRTo!gmdH@MVKQ@QGO*JYkjw518e^`(-G2zO14Rhj)85 zwY9<1Wj*k6837(H&EVTI3jA6&2A`JA!JlOu__4Hu56d>-zp_2}uIvncE4zZn%Gbd! zWhT4_%z{1`p$YsO-(8m>eITU&)rZ#?ke&nSfA!_{CA?Yw5mvP+UM&Ce{uthTYhg_q zNTPhJL|N;gd~9SOc(^pcJ7MMdyRuRv0p6bxc(cHBmG|E8#$Y=91%bcJJWVhj`S*?( z2}f*)x~lx$I+P>UX}7@<3R-FHLXZJ~T?wup1+5rIGr)T*uf_;AjL?(>znELWzw-|5 zet4s#xS3Sm?248vbx>YT!^;ugO1L6n9i9>1j+BJ8HZ|Zq$E&cSp(m_n$l_j5y|AKT zICy29shJCYLwmr{BmX7;u!F#Z>MqT0@bbDB{J!poH3SFY`xuA8Q|wXj-uf~4a6JZ| zTTgJ0t*5xR*0bD8>jn6B#wG9Y!Kv`nkl7K8W5!Qh9r6!>2)3%*w?g5TB3;B&Q_wuZKrwhnk%t*>ne{#8xjSv3;8 zs#?LLYBTVr8Vldtuz?5F*5Ez09e7Ud1YT2ge|TzDhw7q zDt{f|Rl5hA*k-}fN5u_tbLCH}=2saj(|d4O%-JTN1fR&?@>5pbh5$*z$tocI9y_1IPq+qpiS{*cF^eNsfn#}YeBss}cQYx+orC3M+IFuOb&T*JRq*6*s zK!^ccQF*-{@Pq9%)sku`iH4A{B(DSf7&)`j!n-(AGjrTo?hKdH(;&QcPHKdyu@s{m zW(+Z*Bkfe!|L;n7rGk?sPlU%;)C(oKQ|(+Qcq4Op-MK>=nW7|FDN92d7C|IAa|eQJ zaZh+>x7!;YUsPFmY@QdKskppDq$=fuVXbT=EO_OsVN*bj@>8YJ2mXIrY>`aD;(C4- z|07cyNezXmwO?Rr7gsho>2YND_p>oyTiyRef>&jluPvdG^0fw%uhnWEY?``k=fw-H zgCD+m;b6llCx5@)J0&!=Y{hw-rG@XG8+=C}-{kK68gP(fy3a<1pQzX9?7p9NtZvh@*{q>?#TJ#FLwfbRdtyb43!{^J+_KfVx9i#b z#}y8a`gPk6-VG-YzS`XK=>CB)b0x^}>~sH@?Al z6WWFcS6|&?aHr#h!ri$fUu%aRiIak$b1R2vwa*xlH2nImTtd+pCHnnRIVHE2q6bL^ zeKEKxbvp3gDpgj}i-ViaGRJBx3E#Z2U+xDx-E-e+Zv5oZ#!D-ts!DbZRzWH^s?6r2 zBSYg)yr0*j(c!ia-kDwU_D`KkN{xMWX|*guY9Q6~>5{gf3SJ!UR8RjG+y;_Wsk|yv z7Li9RY_PCiL0#X~l$-T}<2~t~T(}`3QggGUB&BFLOO)D3t@Os;1+BCNf97ZdDiByM z9_?!a(Uz;P)aU`<_R1~!4=zyuYYhesxYo3q3P~fpYgPpCylw&PCnTg@BW+D;FhnO5$?t=`|PkDSz{ zR^scAFGPRNR&S5G)@J!O%B&9w-%2eYQ3=EhRU{`T?OLusJBQ0%6cuUxu+#d%^lhg>#9SoLr)$Dli z5atOt`;BzUR}h{X>tM@3l-X*E1}VWArC#Y+tz zepr56)!eA|%gev&oIUM}dO1B7KOJ|?cxB{`NoBwO{&?f_*Gn%BX?SV!`d+1*Ei9%h zw)Kr=&KPE!Q)Nl--rggz%X0fv>T{&3yH{x3Ued|Aa$SuIeg7CtKWsO0)S)MVM2z>y z<7Zo3Q{H{sduLXq^+ZdTjNUJe-s3lMyIg#D!_=KF zK5??o7t?K?E&FVr)ZB7DpRBDh#5HOA)^;aPB_6ZXxD_^T)%MM8hCp_E)9R$DSXG{z-}#DpgR1BST23 zmTo>+DGUvVsu!{xmDgps)0DyOFN_ZMEk!65(vUjp_?F~M&4X{V6cM@ShBs3wsf1Dj zJ`*HGTcfPzm}nSO{%huQxZ(M-6X(@V{J|XgeXs4WX;YRvM!(jif9mRQzHIhUz3rb^ z&JOvu@!h6UjkhOnlFDo?9DAtQj4o`!)j3}oYgMUs#revJ$dw;<`TpS}v-Mo<=FEQh#a2 zp?USY*KbzL+vdUEP8;@(J)Kymd%rD_N9M0DZ+dKe_ukskQM&QPW}j-jzSh|Nt?#V( zGvkqM@~jhOtk* z;rhKXz2@%xZs45E6W=|@VO})aNTrnli8H5Sk{$*D_-edl@sSANHFYFqB7mF;cujeK zUgLKeNOq;7s_a#%nbc&VbzyWtq>s=Pad=OJUx`M3Q-O>$mEE*e>Ir8FQk>L6&mgLS zt!`1i767gBr``YHf_$C{YW07)c{$5DQ?UPsJ-;p5nsG1PxLDtqb(~x_cTF4bjHKhy z#}iuL517)=^7+gkr*~ZzBI%lrF;^S*$w!8jHJ47gVn17}Mj4uMu;c}Ii5|m-p7`KM z_j(5oFQ~RM<>xg^?LRO0HuZR;DNA2@Mf-VfgIBIbYwPUpa4++0wRiV#`u5kryJt$S zO4_{l#}ls^FEp7MHlt?it0#Z>b49DEWo*S8N4YQCHrW=(esb<&Li^@ByaUfK4oPls zbnKEXbJpnJ9y>Bm|Hr;EiN#Ok9KPCYTj>G6-1@0gi|Tb-U#r}9>`M8Be(_hOQ$8z* zN~4i(aQgZEgE1Xv_gqbr)=sUFTD9D~Pj?jRQX7B$OJ=3=y2u$x_hA0m97eg?VuaHh z@BgyTHS8}P^?z%CQASg%WHrksi!7Th%JdN&8mg+)&u=ho8D}a1odH8su@HTt;zl*c zmk^*Pgh`>w5r&YE=e{lF%65S#JQL>97v}!M(QYy8b@S2}XBI8~dBhR#HAz(?f10kHw`B5^ImPVPbS3If-Majlu~N{^`u3bYH^;9q#{OF7 z=KeeVl52Tt78xB zb?%D;y%s+j_wBe5Prk{&)+nw|C;P6W(tu%wCnj13-o3VE&e}tjgTEO!Xt1eim(FFg zu6%i-|E#e0$NUoWNY}D$oee#fG)=F*tnMts!08zWcD?&S=#Tp0qo#Hb%?l6LPfsxp zxL^D3gP!?k=NfOmw=JMt?43U6&z+h0-m1q3F-Xmvb6!_UpUFaIo3ZIjT%X#NBPDv7+Jkiu2j>f!^m3U?~JUCq&DhNq@cO4 z>HpNI3jP@3n*!O+G#5OM0lU1<{UE&X7o%uWoS80_%t&6eY0>TIqj{yqTfP}{G2|}; z10O;6bZs8EIpobJch5exZM}N6VynkXCY~?V<=u1B5<(6Pa4k6`=|@$*9KG&X%goO= z)e4LXy3Lwg|Dsb#@6(b!Ke^JRL`}MJfpzAgg(VU@ANwvYy;MqGX6wccYxL`>KOFzl z0`0~|#%1$LS83j?LQcwt8QxbT+I}r%dk!sdum7e*%O_ve?47paja1E7A8zX?J3p$c zYyC83XoWjr`|Vrj*86<4vvBIMpbNvs{dlMO?Fz}#*i-ALuB=j{SU=m8Ir=ZBMhEXZ z_f>kYWX&%>eRH?BJfr!n#Rre|o#bdCO+CC!tAG7;@9Yk8)e-XpO-VOy51x7Yt;4JK z+~~8)99F$X`_d7^i*5bj>Kip?n)2CG7(t)F13+o?`TtX6CGq_p6g}2lIJ!V8>GvEn z$fP`SDWea>XPtGmrT_|05a3a%R8f5r8Awe*eubD6=BF7=#bG8=^suxnFb?1I)j(!~ z=QFK$4|^^A=UY`uo_q9px!Cf?Pu;Eh`d^ALBV{n3NjVT&=VqVb;d#-cA2fdb)tT|5 z>Noi;b?4GnJU*CyBpionCh4<5fpr`OISPJpD@5 zI_rKrs=sNxdialqv3Dk1*|K`uw!MEYxb_9Bn|1N?s@vxkt~IUvY9q~+wms;%cvh{< z`wt!8=YD-?c0!-r_ijH3EkC|zT-656>YQu)dVFnZ?z|Q|58B>;_msxcFLOtWGbNto z|LC}WaP-yAv*q6&ObTptf95;uSi1R*OS)CROiQ|X@|)eKcCVUTx$N#L@6xWxV-j-~ z)nA*2AkJ!_~8plU|wzNm9OAW2^3$DA5f1P^m!4%Vpw+jk8rjIYX zVxTT@akI{&tY`Xn9cQULKK}4`1rvu=I+(C&z`g{-#GM;6K0Wy5t=cPHbK>Id@3nHw z59&H_(R%6A#E?H_Z}zhFuQwe!=<&?q%^#mUHNJDlK273IE*kjr!m<@=uF=jKUy%6C zor6zp=f^WLic9~!oWkX~=r&pHuQP(0?q z!>YEgx0i1`_p$rzy{_}$J8xXBy*FXnTYqXSC)9#it20Z9aF4>=r++)(z*jO>mRqfWvojJ<}OzY=39Ts%sWM*`k_OE@W G(fmJpf?fdt literal 0 HcmV?d00001 diff --git a/docs/tools/.sphinx/fonts/UbuntuMono-RI.ttf b/docs/tools/.sphinx/fonts/UbuntuMono-RI.ttf new file mode 100644 index 0000000000000000000000000000000000000000..18f81a29258d13e1d6f1ce98cdd167091ea9bd4a GIT binary patch literal 210216 zcmb@v3wV^p6*qq7-TVET>?YaEyV-0u_secb0)%AAbqNUsl0d>m!W{%PXw;~nXi*Tc zqGF|%Dk>_q*oJ~_XsuF9EwyNAMN8|2)KW`Zs8mr?E7|Wivk4b#|Ihz>o-fPq%)Ia1 zXU?2Cb7poSMnpCcC0Xm+r!-yt!o=H2kugk^R?^hoSzB<^)vuHE(RQNTE2g&>M>hTJ z{3ApR&(t%kzO`%hqkUl_V-}HWXz^7Gdp~QRp(C;@iPU#3zM)S}vs$}}V}`zA0l#ZL3nWa!s~hy2~r^ct;kQieDzJshLoS%h{g?&ba&Q@r3;sQvc`8FX*~!p zUx63u0_8?Lci=f|#Z`U%Py4<-6VIrxzF_q=ix+C@?_EI@=pu4-u)Sxxz%!&k>J!o_PVqOt`pb*I=I*OcPyZm1otP!pR(VWeQ^*j7>zNiRs7k#0-UW$#jiKF3>w zN~cgudPzA%QlgFIxnp_PPi~#eb5ER?o=?oBQbjdAD-%673-2VY^gQCpJa^=i{Ckex zr5tKRS>ss&JwTPTnP$;S8ldkbKBNwsM-5a(C3xRM_t11|rtcwi8r9(Klhly-ma{4h%VmkUKeT%+MPtg*T zc8sn^4o^}A$|ky>7El+>MLWKU($1pneY6U#9Dwg1bb`^8^^et?yPPWu6Q_k+j{YA*7pkyTPZgfVW>q-M7-M;N4s4I$A;N=`lQi z9b;32F?9pUkB7V%;gEm@ZBK#k%O8wCW@<3;1!hPp{RypVAp?~nr%Vdc!o;rRhu#P0 z{0e+`gnmbV2QU5|^;kx|;QKi=n`Y8-x|gn|E5T)J*hCf+vu*&htzmR#KoWrKo}#PJ zdr#8y;Lio9c@r%~AMn}IgxTATHc!TzY3RXh%;{#DnfNK*t)dKi5i$7qUWNDNiEqN! zf=?Ufa5+-g5!Q;j+fl+Qx><}z4Q5j~DL4Rsymsl*4!hjTff6_Zd3_(;^W9C?nV8FM+$6roHH;+7=-E&8?_BRvfg z<}P{!z1EDh>T8K|Z;%}JOpCMijK81*5M}2v}lq2qT#O#Kg%c9!>EFKkCVS)4_v5d{!V`oa&KNQUbLhgoDeU6r{}- zDLas=1Lg8}9Z0nZHQ+734bn6RZ`zOpm-2RmWPn33o{7&;hYXa($Ck^>32=K5&fCGq z!Yk@ihg_RPs~$w|H^8sM`%dI|J8H$bo)At~^I2>Xyu@T*TsKUzCQNPk0YE zBX{6JU9vDnyuQggC;5%HBZB(#o*4r#Hv_$3M=g0@Pr{nehqj*)W0WCyhxb00nT2@b z9GZ?NUL!kN^Pm``WsnVR~YVB)-6>IdM(mmc-qO-zJjn;C1A+;^p!7h;|~~m)pqG z&PK}H689$FNc@)1(@Q`9)t1XjMi0M}_#7~?MR#Dj@nCia4(UZR(v z>s+W+Vi0-mNxYvp$6T!b%Om*Z)_l3=z%jJTTSN`*gz+=>4{o^a}=G*BOX9 zzD8GrZlG&G?*#oD=KLDaje>5XYvI3}t^?gneW3S%o}w*uJ?Oo31L)W3M$r2N-3qPh z6!slAC;kdekJAU~7SL_97FxQ!oQtv1N|ng2Yp1)Z_(G_-vRm;`ZnDO z`lz6f(OvNG6!dZ02>%nb2^!p!bT{ZOL7$?{@INi+Gqfe~XK2QpeuwS_eU`os`dzvY zbPsI>eU9!=ybs-()9*umy^o#IgNZ*ui{1wM19}K_A3Y4ZU(n}iJN!Qs^hfkf_y_3` z&;#_X#1OPtPJcq*27N)$pVFi7zbNQSv@>yn4$|YGKNIw2dIJ8RgT66f4%(qYiEg8qwMh5sW#Kc-*9e@@U(=t$x%tUs@TekSNJy$=7s=_u&u^gC!2|DiWP zzYz319fN;F&;-2+Kg<=Q@NmlkY$I!h4T2zXmC7ExcptkaHRd)!>YE^eZ)K&dg2mYk z*3K5Nh3rOl8@r!9Ai1Orsa&d%rb`dNUhzxmSJJx*o8m6TX2ll8R>k9r?P%0gA4)uBzH2Scw8B|bcVR{F#??ER0FI1g(S|I>;#%CwV3 zu*00fX0i^}!xpiAww^t}9+cdY2W_krZF~i7JdQSQP;5dQzpl7n@ucEe#a_j$N>VOT zUaQ>fTkreGPky&w_Q(BgqitN^U+@2+{}umR{&)Q!`9GB%vRn4ZvS{OY(Z)V`{a3WH zeYA}>v@z{M8<+f#HnyRS_m8%bK2ZoS`PZB4gx4aF#=v~Yr!aN{wFH!f% z?;w{aLuO}Vm9ULGK{WC(!noyx>uKCl2yVfeOe6b7emJswWZU~6ynpk_cTc{3@((9} zfAYeHd-69YUqAWU$zPv*_2l7`zeGCmHxwJ1K=h})p~TP^L!X}b;roAn z|DBULLsz}uf1+ckf2f`4#P$;powyh7JtsDuxbwtKC+44MJW+SzA16+oc=yDgPaHe( zn-g!GIDFz~Cw_clKVoe>aogJ`f`4}Y4OYlax?QN=sU#1Nl{o4ig*%2X1wn4W%m=_K zco{{%{9pY27&7f;$SMApq+gx*d!w&k{OaH@z1?xi^Q*$2q*q~mTZQ%RW^iXa__LGE zVzXHntrYWd5nIfb(DiJo;*W}V6t5_bC|*|_Q@pBpP4OGWQN?c+zf&AnyrFnY@uuSU zia)?A(x%0xRum>SuSbudz++Znl}-!?v({*#>qeyNhjP-)4`g z)XFcE|52G$D&^-YlS-)^RvA>1@-vlQ#gw0@w916?oJyk{QT|(HR4J67s&pz+IaLnj zdF4s=EZf7r%bp|HFnOyWc7)`)q_qrI(d6Hldr9DB-egLJ*dMB4O@)36z0?4G)C4`$ z0{znlz0(1GGX;943;Jamc5WGvZeHk-ev+X(a{Emdbj57wh&j*=^Pm$JVAoj$9k2wt zUj#Z|8FamJ=y;XT?Iu8{tAZ|9jX4p6?p6z(tsc5sBld7{=w{8($y%U`O%r?T8PL1h zp>K6U&zcSWsvCOMT);fP;9SB-as_mo#o(PQp`knlUFB(LA-kbvJPW(w_n=7- zG>hk|FQ+kjsWlPusqF7B=XGiVn)!uZOH@^QsQg#|g;p{!u0-|e(nEhd9rr`4!cN`=Izpdr}UBM)Tv3@EdM@pvJB z4lcxtg_peO8IbX+@$xtWGEcVLN^Uy z+()~NP&d>N?F$5WUG5o-(IPwyte?@9e3ofZ#t$e~oZmel_3)5`V<9P>JY@Y?$c5xR zLG)}xu%T!4-wi9=1M3&bg#{Q{@h>!>3?W<|P-OQkTD*e03zu#V)}w{!OX}zvh}FXr zTR7U84SP$95r1J18nKdh!;G$h;$ZK9GgzDKZM;Axp@x<1T_Q>HZNq@GZh(3gkER+Z zZa`YFNW*46Fua01ui%WX1K1A^?Jbit_HhZ*&Fe9cT8BZ&ZrI$lWZ8hfCu0ftbD7+g z5g3Sdqx-spT}!+9CQUypS6~g0)o$ zunwq`k9QqvdEclrkEF`!34|4~kG-9Esr~XUv7NFGf29RnYR`jPo`W7D({R z2-XfrXs39^N6{@0P@CKpTpH{Sf`?*lU3_qOUyJdb+8&%bV@{VC?NKi2xa=tzUU?yG z)Hfj2fdL!y#h~&r70*rL`NCuTOTkmdg5}NH;MDfbyyW0$h9qyEGC*M27^Z8by)0QE zYlNf>HZBaxR=IKW!okG)MVt4=Vw-y#dR9!pJlGtZvSf3xy{ig?DJK59jGKA!cACnj zcGMOYK={<|4YEx$_Qu$z_BmY#tVHsrj;_5DtL;Wi2sU&8q+o-*gm=!`?iHJRx;bl8 zDmoJX*Z>Pw(|{DL-peGlaX=qjT039}*7El?{C!RGy_&z*1ZxLaDl4Rz@rL?5e_uS$ ze{DSOA50vKy|Kn{rBT9#eWl5#Nz&7VXe<9JaeZZPv5D@Q+KjFs08;}@00IS+&gzmr*5vcQ!!WSM7y5fqBS&jv=1`c zm&#OZkZqkhsQBy5sRP=!xdUv|K&YM5*o-*?>P-XGIcILyUdF!OedoRRQmuFDfVaJC zV5hfx>OdTx827A)hrD}JskS>mpYri{9Vc-5uEW2+(I>oM2<4N``D4&2uA9iB=FRV`)+^>*we1EDe^;kN5|+(9bwP zCs0J1&HF^cj!FDgfnEaUM9M=5KaG7#3^xF9pFo3Wtq~Z+<{B;0%fJTUB#{B{4R~kR zhTY9DkqPh3`-v>reOZy#b`Ezf;CIX;N%ZUFIJD8q$k_j;mqVv(0?hbAq$@=J z#Yj_vyi1Ws!~^sLco#*SXb*s}DB4+uHjRT@zK5vdIMI0IHDNW;M7*m)nn^80)k@$f zHk*CW2zL@qt|zLkBC11O>JeU#d>f8nSW$;2gvUFGrfec=M*OLWJM|z@3-W6<5>0ah zyNIR_0cVNYhKXiu1C!(chl$z|)_xjnf_I(!iDqeuW~0ut@jUw+Q5W*>jsx2P27%+iFwxC!0Quaq7T5v20K5ZyLA2Hb#DM)o zw^{+z?bbG+7eGF@;{9!?<5kk=ZNld z0%b%S*8@9&gTN5svIrmpF#vHlqb-}402_c^z#-ry(LKmx3-Z{4JhpTIeZV%Nd$$sO z9r@gceC|U&_aUGAdVux7PT(LgM7RooDD{`)5I2%aCo^CK<5YG4bn2RK6XE!1Vl z3&1->-(C-(LXX0I3}rsH9T)_T0;h;}BF^J@_c-1?u@*qNPavNs&=*f2?1^(kPZ|M? z$u7L#h5UD&CVENrL(E!r#Mflz&zy@F!a0oa_^aCZ31H=L3 z|AQ?=`_LErPZK?F1PXu_U^TD>*aI8^P80pm2owKphUPCi(@^yfTmImq&1OtcB>;GK@{g>-8R@ z-|Qj!E&Abi{X}n^BzhC^-x?zN{UM^`i1SCJeY=b39pwF90jym}Gjtf{*b<^Y?<6{T zmgob7{q;1_sr3NdzilA;JN$p&10d}0$mbt1qSFPy5HL)1W;-wdAg_O-><dG-|Ak9Gmah(1PJ zK3)Q#?2mT?g8<6^_&9J17$!QW1>8UmPzl6=E?@=F4{QQZk8`NUIn?9aQKC;#?q?f_ zhEd+Xw-9}fIR8PpU-S{3$MeW;U=X^=5m=b^;2aaKq6IiiOgT(U4Zr#ioBai`@P1-B{ls$XiRD!i%LfWp z6T>>oigpnz9w1hNI+X4N;4g(gvI*D@1*MBvxtmzU9%7a7V|`^4;7;rzR<)hjq$2>@ zP;CSXfEHjium#uy93d9V0a}1w0CkNG0;v0B0O5omv3(?L@hqD}XJ)9^eRYn%FEWPy)08XwNLvW7dA)7;ui*Y&TE| zbOHUq4&VgV8chu{EgYwS&a2L)i5QyI~u# z8`1U~k@rn#+s$ahEmg#@CbM;@)2#=Aqr`4|f!OUi#O^>{?m*fNDCbVJ^{(B-HlqHU z;>7M=L2NTztefl}^yxha+mZvUC3bHNI85y8Jpj_*mj$c<5N9juv=!ytk38@12X+v9 z0Pi0_{B2sm4dehQXWKkt4 zh&{8K*lxJr0iHcd?7OFdFNi%?M(le?_x)YO2F?=Oi+q3Z0+{*fepldyocCN;C}&eUNizI=b)R|&y>Irv7c8#<>#0O ztR?n~0RUyaf-+ut2RKdamq_?q#< z7Ik|A^*q*3?9G$J-r7#=_c3C}*Ax2#%6{8Q>>b2^x0l#^2Z^011GW(xg8L_=fBywy ze?CI&FL7cY3==!GpV;3Ei2Xw*b{gfK0saYmh<9f>5a(a0<3~G)ecXlX%}QVou}{#B z&pL1o`wL>9Zv}P&1H}H*LhK8Ke}Qt&uO>EvauY`23zC=;I7E{44oQk3l9XpjQfo=l zWC3`mIZYDev7|pnlCg{=(+j{60PoF4k}OL|vf`e&4S6|QNOHP?b0no8Ug`#tT$@O8 zZzm~j7fI=d0OXU7@C+wV33LG~fPMh+G6sReBzcBO@_K+O0Ofnv1IWXRJiN%mdy*ud z637DL0P^r{0rrsOKTT2q`3EY2E?_ON19$;=honpbWS|~c0&D_ylN7|etUh2nFi281 z^3N_HDZGuOoDC%9;yJG#z;oU%U_WpOI0l>q&XJU_B&lE?uo_rPQlSy>0LZ6s2e1ct z0XRZZQ9ppPi%?z>$}d8h#mKW5d6o>56zL)XBbP;$zK_ux3d0=SXUB z0|;w~1FL}zz%BrB8cvebs06YAgf}AZ#!bL(;0SPn#hDmC61C>A*&*0)qhZnm$ZYn;WPEx`2LQJ1__w z1(44S0^C3)&;|4Z+krvgI514oOgB&h#DN~5AJ_`)1`Yy`hn&ISL@MVz^D0Q^073$O<`1Yi!#cLNBY zkNoE&%@yGFD~^-20A(*g*aGCepa<9l>;wjZqrfSWdXAB_Fb*KyBE(s=9zdK$$a@jO z7i)n6paobBYyftUv;_5DvX-Q!9-s=C2O#azT>#Q9JxS6sC6EKeffWG4mu&|INLpS7 zpdQN+Zw1O&Ap`Zm5?~X6I;=qW3erGotlF4XPsnsrSjJF!?an~A~EhAm+yxx3=v7c&c&cDuV z_VLAM@}tGC;otny5*U%iA2Ta7!D>ZCMO2ZQJ+7=g8c9uYs@V-Xo86%wuhi&_x}5GG zrU!Dp>A^zw^H6nVh0j+}SsmJa{%)TyE648(<`DiQdY65V{abnl=l%{_6q{^wJE#?> z!**)1xy{^**4W%eYSr)%jTP@SGTv$UJJRV?dWXYoQL0oaPK(N+yOV07uSG<)-+hl) z+6G*#cRtgo)tX>=Ick2v$2tv$EN7m|X3+mjZ^&}wDXj*B^h{yFn&RR$g#}}7vc9M` z?ho;AYWV4u*p+E%DJdClmlIz^v3dLwv)dWFfgDb>#=#sGY+M5-y-tm*77Cx&YEddJ zmK)3}r`fC`Gt-(428~7~+a3L0k4t~83FqRb427h=R_FJ*btZgN7IVK+bsNKd$C^k@ zv?gjFKfbuw7L7)&XCjfv1y4PCXnl0dK`r~xXX0#QvAofFjrIS>+M1yh@@X=-kaSz8)bS#NHb+HiH_)W*ryX$`Bb zH>F%O4JSBjLH@eKB!SXfZ;)~ zFdniwYhoHi8($nfgZ?W9 zgTr$Pi-5r^BGuBkvLY#5qyTesUP(=LX|l6}nPw@)ndQk-T5O8Kh>hsd4c#5W3bF8&pI#E>2YPC^InU>QMD>|wWeaFQ^F7I2Xa8Jebb_ca&%XsY_l?HH!V-5^W z3R1SFXyLQ*el`y#hIn#4;_U}7x4?5M)`T}2p1h`aXOIQ+B-G;uCOH|C6pD)8yu3Ph z@AnPNAonVjwQNFPNe;`2^cCOX=&P|ZYet{$c1h8XT`y)RK4;#Ue?|}nZZ76e+=&*0 zc{i>*1dhd<%Lj!Eo@kIoRb|yuG{OfUn3?SoBQ-WKj{hCh8ka2b5sf8tTzHl%9P#88 z_BhgQ8mrBe<}_Nb{2%Y7RR?|XNqNg7t>Zl9ELa?|qz7C%q*TMoYy6uTnPk8dbe&wN6perffCNZ0#l4Doe6l z+UuIpHo;qB(J3lQDr8lON>ZuH;(ejp%lhn_j2NaG3=n3={PE+tnBid7w=hKW&sbl# zxyDC|&sfjE<>U6{kz$xHL`#x#>BrO}q>GP@14wECRRd~b24!{jZ^a$4-ZXkAunj?ZSzs>(O) z$jtIg@TQig>e6Mq=DxIWy2)xwDHsmhTrRV((C-YULawm_wu22|y)u#G zhh#FTH5wBZa4g?qondH0a$#fx29?$6)I}wY-k{cFIY}KqX`;(Dangj;0?5Y)65WzP z`YGAys^_hI=3#8l@-f!%F~<jv(2iVi`RD`s})Tfsw*eQ2=e$fk?ZSc#+R1x#*b=t zSnI;oiVr-V{Omx`9c`=7+QLDPRvE@JRUGujCgf`-GrcVh`47elPlC={X&_@>(#Q3FU6*G0|JES>da7t5X; zv&(DD4CECAgAQLRdW|JMOw5&XrJtanV9a*ul7v+W)e+O6cyv`ko>)KXI@n*^pHlRo z8c5ZFHPr}N?Z7S4V)|n&D^m+*&D3HBW?G?+1UT;o`23P{@J{BcOFEyDcz`>+AA{GD z#^)yDxw)K10Nmqzt~wAgmce6K+?Wg&t4>cXX1>_!-2AO-RGz~y^;fH5a686f3CaVppprqg5`MJhQYV&fOW2mUxGpmlrSh1#(%r<|w3GEUZ-N z4N8M*rQYDw>kUK(gI=rEtJQkF-KNqn)hew^$)GSoOLz~hORDmm%kd8c>VcJhwowHI z7d(Yo8C66zfr_XDa`*YltD_S)^w~!C+wNLs4CdrJ**~0kP!#=i{+l?3XgdNTqO%)ydUQn+#U4a#?0|8%-EaAee47F*9FV}F7^JSXrQ!xj!)0^@jmHg?;?IDwXsY%HPay;}@ zo6t`&U=U8PV|~3;G~z9WP~r%vmW=O$lHC8ICeknJih%+xTGZRBB1R?laq*XGH;BTGmkKL?nPpuZ2tb*ylwHi_(&?fVS-Pcqy{D{*(B=^;*tf8W{|uv7*1!Tu$h7(5-r>#ko?YcdAtS6oq85NYYAXaN;|i(6$XG z6LYCj4Mtp|Uz%c6Ii1X+H*y<&a<_=(0^6HN4K_ZUr6SgK*b=(Oc8D9{u~Fq`mOyqmNeRt-fYO&d81RY-vW_ z)HboF=la6OQW$Lw(*v=Pmyf-dk9`_f4cxrVZtkgD+=_i`5mC&VV79(+xRM1;nEX%9HmYAAr0ObD)wV{yjT7Fy1jT8@?CkWQBq z4VJ?mQYu$(sOfuhiBYetS>86@>aF$VOvtunOqf$Mt(|$i6Wx{7zLF|`exYIG6;H37 z(iEtel4G{IbI17#XE)}<7RsP;z{oB5KOA$Y7VC6YGo+;2qEju^7|jHBjc{qtjTmAj zgDs2?2L=S=b&s=k!SbS!KU&!aTlSL0o$jVbzj1qRV?1#EgU_^cIi$GC9Y$X^Zix!Utt}__iST_tZkAsmrwci5SD25VI zg#wS*T!H7S1l*&%rm*Rqij|=jRO+`X?d6L-o}$IFqC_Dn>SK$^&a`%W)?%xPnIL=o z+KJ1lwA5wFU9J`S0JdWoeH-7Z&4*OH0-H7AIb(N0r%TGkucT0elY45uPlF14ag(OT z5TrPL*s^h}NVZsbim>?>wh;EPFW)z@dtzaA*gmzc+*>(4k~cBi-gv-W7;x%RvNC*S z;nXTsYA$wVjzC&^VZc$yDpMwwgyZFMS~!w6d5N4~pA)Z;-Pw_}>Uj}^94>O({BE;d zF3czxS7-2M6=aw^F0(yQm=S^)m9U*2!S@yWNyb<|c>rJKJ}Y+DScQ_?Y`!eTEa<@; zHy>M%8@-LK^ieV0jEKb-eYj`2y$LQBe+&>j$74l&!U=$D3ws%ymd1ARrr?V&wQqAJ2<#z96gIpuq@=N%v%>NjM2+XgByq=jo zPv6qSnwY<$InQivFjy)ll~#F+C;D;am+;LU)8OYRuhfB>wYcG3c`wEYsJPR6sichR4VrP z$a6OKglgowEVW`+)2`+_Zs&7Tf)!+gWMOw>mTJfoGccyoC}8|nXq4C;yvMWQ+cIS2 zfM&x#x3c?fBiDEZWp_8-*u?W;R7Dl|Z7p7}aLj^AVN*0#v5jA<7!;`2FbWQpMimZ) z9%t>gktS^9NiAeX9$kL`KU#2>&%YGTMqD9*XNYqOf5AD0KgXPq z-%7qRYkOTTUoTnEbx<1*#+)#q=d8)hEWj@kT<^cbY&P`SZ%-~sm)OzKQY=yz6uXLw zYLys!=p`3~uTpcVKK{N!6)cM8c|v*K3R&lF4tvV;(!7P`r6E;odLYjO1N$2eZ%KYQ zw;;olWwgXhcB7{_Gc>+9C$GeJ;-a-(!tV#%A{9$FLzkrlgJH_RhnbcU_t4;6CYp9>xM+!wl#rVE*tI3qoS9+&E z1TNuAJ6B{dy+9${&c6pM6!e)fV>h~!3eA{RitmV0oY;|% z3N;?c-f)+>edBW785OgtG#0HoTv9%-E@Tf)$hC!1G=JG->C|Ni>IwuwQNy3SZIZDm#YwO1}^%$-#q3`NwQ zqDh%~h1jc-#P8v=H?c-qD3xWztf|&CFr5{@U6#T-&xU@E>Clx{{+^31zB<7j=3@l+ zY|M$CHMrCH;)5u9cUt!7;rWFdAmg}Bcu9m|% z3c|Gyn?q9Q6jnuxQs-0x4C;*Doq;0YX|X^*)muyOXys*F-7bs8tt5+9FEJ_ZbU2h& zoup7|FKDD^A~iU#5PLfN`275hNfnfzRgCJR)9@|@be0;q52dq1&lV) z>}-6C{huxEfwtN6ix(LzdbQM>J+J7nWPaj_+DD#vvbp)mCmyNA7gL_@n)3{oB?|oV z$A4fqT7z$u25~O;?U=2Ab7=urGJRr?B4#~$0Sm`jv8OTdX@bsxE5riaf(^;m&uI!6V0GAXzK86AA;n7XOP%OgFEHzrboD2D(=DQ|| zizA7z?gm3fz}cvfjYdneR*|0WYQ}+LaytM+8FXN-SAM1XqY@?&h=WTHc=-HxnH9{{ zwXA6N+G$l&a40)DIALy0W^7VPvt6h5=U1Bg7Ek}y%~NG_t;Jon=$2T#J+GLekzo{F(%5?NQS(wO;^aZ-ur4NExT^yCauRm)NQ$L zWQwFHnSJw=mYLkZhNT(5sIUq)%h~(YYDvPV9gO8^4RO6mrPV=L=voM0o?(n2Dr8b< z$*7I1R61pxNxHb03u9Zhx2~9P6@(93RA>d*p+GZe`Uab08yPM-Wjj^I zd^TxS)czHAbZ>ZqVyB zI<2JEXcZVX$RTlfD9*u?iok!#&gj@NH`b4+BIpPLFcPv4XFfEu;bh~CZ8NJ+N~_L4 z#N?47Y1PPoMtR38>eUm;U*^QBC5FPGNnRq^ja z?}|Bx!bc60u%>9(Lw)_Wk(X>YUU#F7O}0s)kpOIxCmOkl0Oi+#fAUbii)O}399*(F zaDsycTaQ&5Q>Vq5;&eJwK+;liG@KGA7kbTUG}@ZgNihe#2=iX-p84i4xtt^yP=*0a zS~`4KK*}o|!3rsFiNO<{UgeMGdNlc(R9{wVRh?tz@2u#LdHJmqGL1H;cCyB9F*HqM zvv?&L|H7Emf;y%$T`Vg#UI0#R%Ln0#LrMuAQ(|~bDZ!(;k`rzmg=B+!JO-0stGR@) zo!s!F<*&FRqvBUOupJi51MD5UV-DouNX?&Vv8T3>%1JQqAcM29EW|cI>Lra}I%1f@ zZifZ;04yz5o6~BuSzX9T9FoF4%u9wl5VNB^mE9&;tXllq1x(F+J5m!JpH>`ob5>%- z5Q^5fM&*uK$ejyUC|J_g?9SKbTMzMXR(@#(;ie?0AVC}#2_}O%T58E^YMxe@Qd&~v z=+2%~)--e5%*h=a$4jfSM+ZNJzEx3vEQK_< z%+ew$oH$jN)cAD-RUDj;T_&H$qf*^%eI2_lO#qC|p0bWS{?N<~jg4UHx0C#2$5<61 zKbfwIRh4<`y&YbK*(A%%Lq?6JMa^(khp98Y4!64{&Erh-c+vu1Nj90yX%3I%PQ%YK zXpNX_qN|b<4&pHyg%NSA1`%8-8Ldo2OoAwG2eBwRgezu>V38us{pI$GD2~zCpIX(a z839|H(d+XWAB{^YjYeV1$_kjLsE-qfL8I5Uk^8;E7Sz0*C3GW}SJIBdj*7&4J5JP#T;X zOk=wl$D$Uiq*DoLBIF3ahae8MFLdjuG>Ep*Z==Hm|+WY8Kuz!+=Z!v=`zNvq8<%mvNHTBw6*G^@BIsXtUEQxi&i*>;Q9dlpIn<=ajnS6d{ za(l1G%1sO&H#a`;6C)x0;W;JD5m1kWodT|~Q@|aHrSZ5HH)ex{s|`A?tLyjz0Sl?P zvH@4z7~n=Et~|j#8%yOguQ7%TNg-9EH%r@`uA^qFf-{w{5?YUa)m;miN|Pp@Q4Jx? zwa*J@NNi1MYni7czqF++qgam5G5d;ZXO&NxYxb4Y&XyumuKC*drb(PORyQqJ7Fw{R zXKK-y%ligAFL|MVTk%USx5o?_{6rvwACh6(itQxKVP}QGM%c%=qQ?XHGRQk345crv zQK9gs==4s#)7fG)Kpq;52A?jTl0tfe)@f_ToxbEkh+9)hoA4!i_GO9@6K#`%*jGT$ zc0rBSKvwcAKy2yEWjW2us^gV2?lGN5wX~9%zfPC!dqJ7*RSwz2x8H#xOa=0m6+;_r*jON5bc;OXn;T3G);qoz+Uu{d} zhmWb^B@_ZNws3_>6YkN`t)I9tz~!l688P_CfOj3&ta*>c{CtOEHtQQxQrrcNiju5G zcd@zI5^he>>-^2w331VKCTT9V9ut=1uU3_leWcWg>jStLHBMY1P`WN-5_U^`jxi%| z;M>a47WGJj;E;D~}txJ9~Y!Ls0-1@ottX*6=KwpQcF9G9mu&!3s(lBP>}N6aI> z_E^CyX_QUdW43I*Q_JSMa{w|+oW7nF?Z+|f@mLI;q0pJ3Mkt_0D9mPC7GJ@%R;{GX z@mZ{1{PVWhZBD!0X19eE=D5#i^QJf3UC^(zIxW|t`R7c8GtDKtGaA29l~hdU!-9iA zFcZ#BlB+B~oZ|;dE-v|!Tm0nG>!9Dvv)hMc4b5+HkXc@T9NBKCoSTevl#|S`p^`dSXcsk9@gS==nDbx);Rjr z4@=!9Y%B`+h@)5Fis>(0%o*XLLtvp2;vmdja0XlAgFy zPxGbp%YVtUI_z`Bl{XxA$?-YXT$ff7_G!bG+Coop z&}nuDQ__n9j$ln!c|(^i+ZLZ_%qYZ9&1JZZhV)=*aK>`2(WI(1IgDvJ87|rFG?+6& zkzi?aX_{=rju-vA9sJgcbw)#zV*zaAu@bi^Rj_=ha3urV2ByWnMvH}6GiKHRpP-Sj zwqI1T$J9U#S3se2wc5V3q5aP9@IA}$J}UTW0=N`J#wg)}N=usCnU>~urzz7|n#Qlw>&1G<7d(y6<(5#( zv{b#uHo6_gjZx0psM?s0$g4dc56Kh3FtaGS%pvI?wsI4(-s{`rGhaVB>{*sfhL za{+ds0e410mdChg<`QGDqRr$fuEsChv3p1QGQBAwkJXe}Rm>h9S%3>8Ue33h(639- zUi=nGEZ3-3U~x7=%f^8^ewo{D!i+R2>>3SR2iYZsNo&-qHA3Ydtu@!Q?c$m+38fm9**yBWD-h&I}LBcYXKZoH+--dzUQc z(L~gz3-!rl2M^%qWyQ=1aA6B3hb!zGa1ZkxINY)8sl%}#HgyXxQo5NtOVXOOEgA`d6J(KRp?i8{>kOmU?>AY(d3nwz z>?hR7Ai*=*Eica zVE;sO*#=X{b#xK4uADQiXjb+W(OV{(z3Hji*zK{A1Z!r2KUJ=&Y<{>QtG%-$#OLCJ zXwTJRF1`}O?g{2%Tv39wFVqXOEt>IMJlxSa6DEnIU4q+=Y!r)SnfVf@!bT#w0mT`$ zqr}227Hn9}aU1pzajqgHxBuL#IG-Ow2opA!o_tG)11x@j0%zA!LEcr@UKwU3){$$i z#miT&EE)N$jrHRjf;WBbj`GI(Nw=-NA)4G@FM_@p#630*?*65t3vVC|jz%=xZl+OT zyQEcKt5IBwFN<(h4Px-(eW;{C2lg=-9Ki1XvOcl*N!wZJCzH=-PKKC6``%8>W!H&2 za=9@lzm#`_FuL#!Uh?Pn2!=LsTNK|d7;TCp>IlBw-q0cagaW9N(v1CUtv+@Wrs1kQrlb8I&1#5mf!qs(g#tdWL*f$t_66?o4 z*x6JvZA#9Jn`apD6Su~C71V~`WlwZ6m9j$R(MH>=WUV8h(&OkoctyPG+BrBC)~QEM zrG!#aa?{G>R7vBqcOhi{A?H*da&t2DSCCv;D^ zLpW#0uEf`_)n-wu%kHw6R!j1cYm)u_oJ1QK|zZIhv?jmV8rQ8=DA994-ZkmzN=zeroT1L5Riqjo! zpCD^fg6u_;H7&m?Slu_L++>j+GLH<|Z6m)`@%A}G$@am{jI;CvdxrwpwORvwc@2o2 z2p?8)7J@f$kBc)9EdJtNlTZTq5|3wb2Lwi~Q?X1WQ3#u^gx+Y?YCS<)J7s2Mq|Wvm zbUNc~71}+jL~|Q17c^tiPKU>z7^_%VHTBMt^t7xrAd7edL~?6|yr zf$?1x75rEb#!f7dmooj2wc071@9Uz|nseIvr@LH{&RbQQm&cgi3#OmQnSLG^T#xH{ z_Taqcs_VKd6i3bHKTQc$el^c?p7@Ntjk|qC^uYlfEsB${LcUFht`1k62!!|w3hsa_ zw(;T_od#E&i{Z|shzD1k9N;8PbT!;l`}w6)ezeAq4&WY-Ind`W&VDYwAF%Q50_*}8 zZnTWq2V%Jxk>veKRlCnuP(s0WXK`@01&4SrD^j+8b{aNg*|RO^c)@F88S7zB_%hpw? zr^QkV!#=gfG3y-Dx$^^ByH%f2IALVSTT+u*b8TnT;m>o`GzRrj&3KK@plsB;z?;y; z5?#_P@MbnW8}p~~_NQ_cH@VIsn`T4HKC9*J>BZS z%}V@ALNLf!x5eqSSRjMo;LeRDoa3AAG6$VbvUX-U@GCMF<7}KOp_7EIJ%ZIKc~>24 z-6abi&aU`DHdo;gaLIH{+Tr>Bb<_$U1$SO@>jr1{oU#^1AS5F=ag z9%iiS_n&(svzBgwrFaJ8|R*TmjC=GpR6W>PWK-N#WNd^4)1LszOlzYJ0iYy zPwlD`K6%0J4W{d{DnXn9W;rT_u})=#A>r#JldRwf@c<@!*s`oGiw|HlXxmMZ43RtH zr)kX50mwlBsz{hkz~ERd8QWrbDah1qW9;qa@;XmYAVo3KT=gWAo?&~7j+Dv~`!Ve; znxtug>`~mIuoiRHjs{4t0i=j5H>B-aqf=*@3zcQ5xMrsy0sd^p2@Fa`ZJFaK$zX{M z77(D|K|9=A-Sj7y5Bu$*`OLlpVTEZz3z zN`|Pu^%JEW+kG@9vunpWc*SLFeEiBzWYDNg7J{;~b7a)%uZ%VF$D~gwKa$;gc|4;H zMt}5o=2$e}R5l)9y8Mv~uZf?PejB>HEL__iQwh7HR`A%l$)8UqbrTeMnvMqu^$Z}O z+pTGpY9^*%fnF|xbIp${C#C!{>?!zb+eMx&!7#G$ya2di;8McYSl}8wHdue<%?blW z5{DeFWHp#k9Ij%nIFd%{ukncbY$28#h{y7N%{(6|1QSJveNl2na)WVg!1&UhrBpIs z$s~g@Ah5W6i$B3Vg&^Svpye2ZJfZ7&Shn?G2=f^6yX8RV&q|oJw_f|7siJbL@heC6Pi8#vRLVa(p^0C)0WcOisT5xF)b@|-rG%jvSM`&<#9F8N$O z-Q@~KZMvjyktj-g8KIy@^Z8sbmKD7xP*yr?n`y*ySy14Jm<%6a7FB1k6V6Bm5PL zTEcR4&3)p^8>Sx|Ice_NyE}$5g0gQtb7gA+lC^Ps;KX2TvNIZvOzvLFExon$65Y#_ z7k(=KHwnD3!j;|O@C0UjxJ3ck&=T~6&2C@U1+4fi_phTWOOG0MUHAJvYeBDYg-u~f z0H!U#su#%=k3@-(9B#sr&cuSkmiV^Vc_jGky$)xh6dP8Y%3N(>$}hcXal;=es!70A z7G+dPS4Y`ek;Zs?p$D_VSHBRDk#A%{6t-xs#-gSp7BfwM7885j?~9;(-k;B;)9V7LWAF{xoM|RAS&!oP_yU2@QI}}M zV(H{jASamtODhLoKA3;IIs2(V+sZ+)kw8rs6}d#IV4IHwDMNUiQ|OKQlL)sQZVSM$vG(FWZ069WkJj?1lYBw=Wrr9$yx}ZeUJ?3gd;1FM`sm zWO`%Dhkqkqac|sd$)@;YjFpKz^ne-&tSkPA;zwFgjFWz#T3=M9iJ~mV0*c2}{rZ{& z8x=)q%@ZS!7GVb1dL&}g_~cI^aVqHE>~&FT8Ukz1ec#K1C2A2D`vh#FiOVwC%?5 zc*80=B4Khw5PZYi5LpY9Tqc{0veXvl=*4c4GA2$I4UsbRUR(8MldDgl1BztJMAu|d zT_eAYXU_nz{_aIa602RCB~%evMCD%f2}4Z3yu6y6zj2AZPFA`DMy17Gy;rV`-f?`E zzb-cx*Q$+?#$LRFHbO$bt*hC6M}RUp+toAd^5QJ;$fJ)~r;!NyDv2;9ga~`$vf_t8 z554ph8RZN{M22~C)lt^`N>M2m*VRA-l}&iuB_-h0qR{o;Vs1?(T}2=ga=f-ijLEo( zZog&Gs^!J(EVBfftp_XOkTmgdy<3eGFT3ZkC+jX9`L$4Eu<>zs(lc_nlX6FE8GX<% ze$R5f+79Vs(n*&O-6w9AY~=;=y^=v0SP`C6Qy`xq z1RD)FW1As#49Mmj#WZ#7G*ig??i(j?z4LW#GzkZU9PeyC?fuPrVq^NUPlxj{nQ?^+ zpM1(2fZG9o+vb#=ul>dgdQfa}Kb!akpw{qgh}_15u~3DfZq(@v1*ly!2U-PTsfsoc z5KU%oP!6k?wkKzqj0;8*k&^ zcMv|#PcZMA!XsT@og5DoNg#>`2av<(vzB+l_#2=#VJ89}i8l%xV=vho9vbs-*s)p| zO04?*!hk3bwB)LhRvQgrt?G?Lj5U>v!|j`)B1;Bk1O#D)EE}t9%SlQV;slFk7W&V%UCz}o#OV(7(?@@g5!Mxrw z|7_1YmG|%Y%WxrBGGXUIwk`)7xD7nv72MmBjiOez7Uqq_(oqtHvakxSC*qMrJf2G@ zYA8%zCp;nn5-I2}S95u9EG~H50=YOF*npI>+XLZcscd7}!G#wUgjy*>f9Zr{fpTjLh zc6*HSSjreQUjClePN+%4pVgIgNK9>fPb@3Ix1y6ScnkFq)s;6+^6C@n9Q)!K+eJ| z?)up)@^FA(F86X4u*bfp=WLgYPLIzO?~D&9mq(`e9w=V(>O%u>c*8Zt+%?zVSf6^^ z{kIM9d3gxeyuhB-fBS;g#Z!XW@=|vU7pj>lb3Ljdt)oTqsr*&s-$p#>gL)MKwgVnF z0>SGX(4ES7d7=?OTik1aq6q>yfdXMp0|>7MQnskwUIXh&A&}3TQ6Uupen9YeY<8H` zc%IfjqTG)~egD5+UtYQ5 z`nlR1{E))<*c9ZO@KGs@nJN7GIkc?=2MR=5qPV|EfjEHzddQbO+nvE1BZ$Pe88lT4 zW)OoJbjfbbso8Bh>VceyYB^xz0%)YhqftGEk@Un<4E;X(5Y) z7y(|s0TYkyLDGkI^fTik-8j4>gv*#^o^O{ItY$+*{@$x^+NbtlJ-wNPIF-0^?D z^BS>cv>HXfoF5n(D0(_~EDRlK{K5bFKItj+9X~1&=YLMPq1!PllwdZac)YQckXld1 zBFSXT3uc*hrx$>Alw&)cg=9V)&U=MeER__Xj{#$6w*r_596$DWd*ZzPv9g(4WS4G3 z$(W^n$#UoNEyi>0TGF}ZDU5WBiO&4NA+zR9%IWavVlF%ExEu@u`u_1dZ$28&-Eivu zc5S(x_Q|_tcWvm+Kfb?m{KlI|H%;Q@HQY~7nCfOIO|#B$f|RB~DGtp-W8vE1T# z`Pi|`6Nsr0{{3oc8aa>=;kNE*I+ZkZ#5EN~(@LextuAK^Eso?yOO_EMXf(z~8|Vrr z+#!le>5j6D2*@1@vNuqGtW2L75DYXxvnAAlf`>%d5#EG(MFD^O9^VH!8EQcfQj7x^ z+^f}uTI7`gm=WZ2Bl$yqYMU36t*g~YHWsv(JjvGXq057ZqNRAmnN{k=FnrCdvsk%2 zxHiAXRkA1ZKkNp~wED3sA`0`)a6WN*YC%=2hMEeTjw#9Td}G{9e9Z4RnU4HT*r8v- z7}ywA5li6RTmi!1usQ6gW3f0Fuy9c_sRxk(5?8$WvS%*i=_LG;fY12{e9o9~Yj?CY zGz^4qQyy+MW!*@o(g+xr%b5(u_ErQbWw||`X*SDuR77OJDw-^BjwLWUsG;C4B-N4a z96D$t3~qmHA)^>4l)93D!n zF+qb_D~45vJuBIZ)ysoN=l9qF6HMgA`skO_)26n|kg%su-H*pF@yEV~ zcc|6N`?q_h0UwXCF+4jwPP}5KY}Ry;VTAcI;(9)u88E98y3H9c)U@kP9tkW-9_OCG z{?O>&t0wY8Mph~0^POhV|2MI}mfg}<&2Ouvp@dKI?zOpP=ZOVtZh>MSj86-kG8O3!sOPK``q7TyX*4zRyhx*o)=S9Dri;gP-4ox)%iix@gM zsgZzC0K3-3@#so9{!0SVEV|HFDbOGN&?1XSlkMNLp#P78(G_>t$p7+SG?GV`3`R@n z<@^Bp$lM2=ofihXx|Rw>Z%^5Lw+l|-y7R%f`;=yT5A&~{!=uI{fBLn~cVBxtL?kr5 zxoNr5E=*BAS$jLuxe0$Fk;x@%T79neKk-vM+52hPrRSxJVOGln=6I{%n%wa-v{)2= z&C|kh*rx`r4)|;LZ8lpxaGO@l-WD%}oT*bjA^J{S9K1ieG?Y^_jN~?c8t2Gnh|rnc z^8V#WJZnS}g%4WWjgMMyd{HBrF{AO!&MnE!=?iZcUt@TLW8Ie9N1*wDA}U}Ol>M-> z{VFOWWuU}m52#bZA;En|07Q-oQfk;s1VMQA3_yXU4|*6+ohH@ANeWVim=%l;5i^Fd z{)xv>Az)NpT4>@i^|8UdgO91=^*`AE)|r{N?*GA_KmYSRxW2>I^%=sM?p}mkLjlF> zaXAA{K?8%K2oTZT&H&7bK)~tqfxif$K!jg`w7WwIDuU|{kLJPs$cjht*ww(jKyJW_ zWS4F68BgpjVw*2=`N^ds=Gp zclYi)H8pi=-|kP-ZGCz-*MF}<6aRzsdEm*5s4=#SQWrP^gr02gKoF0?0&pEbB@jS> zK?J}UWw^w#+Vlv%$&C_bJZ9F8cVbOS^`;cqp>O5^>_e0q1M z*vzMPcS;+7nr`%uhgy7Riw+fAuX_Z~8#YU8O2!zCUQ>fowyJ_(f3!8&C9 zE5d~M3GwTYhoN&IU}O;{2Py3UrDSb(NCohrD2*3PaKN1xp<|yvuRhPxAw@15SG8~c z!sxFaiGBO4>CfUzC3JuPxwOu(?=>{Z(M(ESnuL`yC$Qdz$-xFl;+5_+)`eWLlr5p; zOHdJFRs~hn1NmkiNcD8OJm6W>>&2y9E~ToaCGZwymr{~#IWGB^gM?9{zr89j4)ka1 z=e1N6)}KerYKMy^GE>6dOW*X9y1Ie2lh#kRhKl!rwkbVU&*2%S zT0nUa)9JaF#pVkycVKQ{aJF-yi8lcHTI6JCu3!P5K4g75V?*PgPS5(cU@cE0-xEge zZKNAD%|y=OPz3pQC6c&3Cq%+!hk44IhH80jn5}-erx)n9DD*?$3{Pd-t-)~JzC)T0 zX5yN2bJhF1V4D4$%_i%5ty`1sx4RTABvqnjwPG!V7ww^IeN6l!>V}?T*V^prrkT4v zl0ey%a=Rd>y{AkRWR=6X((|}dDCQ<;;+pCU^a@1+S8CfJk#Dta$78rG-I+*c*;3uD z(PiRiYw7OR#D4{MAo6##UR#$rbS(5UfN2yWzs{4 zw0;4MJn76Z`Ln~BG%^rkDmhvsIgPxEy0b) z#bLs07la>4mDl;bQSm3i4L|?A?*hr^lzt8Ig-jO=kzp)_h6kb;Jf{dhF64_h@0Ur^?-u6;4{YW0{TAGF$EFF#%f;)E6Zg&yj4%M!-P7t9W zUhxlLT?paR&qHnCp$A8v8>R>VTlTcPmLJQHIZ)=MG3c#9p&BDkthp|+H9y%EN6QkR za+5ZsdmQ5ftuY6>{n{o){HaT~41f2#!(Y2AGTj-l4=+!T#NYFt_~`WVkbR&t9k~m7 z8S!Q*Bs~eed?g;aQ#=-ji~ppkjzBAu417YEL|5y-fL=~?Jxm8vBjHUgeExa-g;-*7 zF1LT!e$y96epURvo(jg3ZsYT7h-X)YQLte=_r)omP=VT|+yRwiSzA_%&VELG2wR5D z!S)%-HPHTU8FqXminBli1iRkHGEF{4A|SI@7uy4OiQ#*&WuL*^rzYh~!F#f5o0)Of zR!y_KIJWBElRDaJ6&h>0815cbMB4FAn5^YT zjNyY5qNpd*RXNgL2`a{zl5HmZ8=nsc)M7@D(5vQa<|@^r%M*89H-)smH(MMYPtT2& zoOZ9bHDGiDA@Mdddf=d_rHX%@F6S3-+LJ2h_uPc%&+y5%7@q$$9=A()7K?3$;j@2a&}!sg6Zphy0YX z{wM&*oCduM1{Y3&?f?ZkKDBuf19~5AjA11ON9l89yjZk=4e}m;$xyA{%6sJUGl&T3>G7r~@Ei2){mSO%WsYfD8 z9weo|fX8`}I3!uoR}C(ECVLp=;bx%#l+$5dgPBovteTZ#QCLf5!IJ7()5BT-F)~Jv zJ;#W$nS=8*7bTd95HQHpHj&~rfhp)$T4rH#Gt4z*R}NP6%g_3%>b*ujqHp$8Urx1^)mW_NU zgwie{7&L6IC6xWb7GgI8--u#FlzYbw_N^dz$Vfsk^9Z*qlDUI>gZ_uR$-If};RG@A z8TB)g7ik1raN`NH5wNeSt0A>Mxo>cAG*Z-nW2xs89`V2~SL0-3Z}-8jf7kM^wc&8k zyUXhf-21b$&y~57026^g^^vc*shU)r${8IPl6Ob-P@D`7nn){zO6eF5JJ ziZ#8c&4us=DAp8kc)bpk*dl*nt~i7UyfCPF2SU@tiJM7>!jcITz8;X1;*vdP56Eex zo$RvR=ao{N&S8Y2Nj)c$9yleONSc`sxt#-%0e?`DV)4+>;BrQqo?{6l8uuvSRZ=7y zLJp~*!i%0|{0-v+fe&c!58Rg-)Yp`TG5Y4lb)CC+-LIb2-ye9tacu7D?x7DH-uKw_ z?ECi|`p{+FtLMOpCkdOeRF?qe0n|s_ZFix}%moH0;Cp(ZRph=AdUDY)Ail~tx3C8D z`{4r2ZlR9{2WEyS5Ar{}>^UVnHp6S zMcpq2Qh<~si<-lIpF5nYXIlr&ShLV6Ya!3P9LiN*w5I$)TOMxjs04o@OjiRM1r}x%xOL%S@UL3s32;4Pa zxhw0qs||S|&cl zDCn2OKaDp!$yBEi$2OIkXvB{M0S2ol6(uo{3gknYSM#LfnKbGzHhxr^xvWyTY^F%t z>VcW!KehHYqtWKxLB3t=%BTluM5BWR-64-VY!x$8v^yqeu9-=tX0D!|xq2p@p1zvR zrzgcSxc=`&^sow>djbhPR1eYMN%T&l1-%-L-tF~8yr@nO27UF6046QTR*S~H@qAROu-l++6f=_}$342#0|Q`y$k@SGc+B^-vzbO*lH_nZMjs$Uvc8HueH-(9K|%L_ay~g4ctz zj@yZ(kR*5=F3~BtZJa_7BFxq=ij}+oOC1ptD`>*RfymYk7k|CwV}th(kG+|ny1b5^)2g{+0;vanYm7iV^XP zNDb0+{h>4keDD1i`{Y=2fBy5p&!zjj_&rJZd+|?DmqziGG$cTXcwzw~iHHCO1Q|1? zBP|utiwZF6b4!ni|1*+rm}Uboe``BkipR?3SiB^4l7pFGFf*9!Z8L>J2LI{$B;@MQ z&`_#jRs@8(F4PQ4u6;g<@Q`*Adl&L#qQ{P?xPn$1&%f~eFyxW1+2ldv4>LvZ0vTn7 z1SjqfBP%UFUi*0P;{*Hap9p@Uejk`HgXkN$_!RzaB=>@Fi^k{6qA5O&bv!G)l~9l` zQJWW_AbAxUb5pScTjnE>o63S}c=JrR2Avck?Zjwn<%|YNtw02QCQzPPDIAt^2%={N3B|~Ni+dat{^*=g!sH^0 zf+~*4M8TGE=EL-O@hLruYBD;2d%^Y@8Vzi5)987_cHo|AM|YC^s!WtL7QI9byvRB+ zzNgcUVzDj|`FP#!uIErppBNYrRJ5^qudat#fE~EBYcU=)`8rg+i8W zk*G(#K-5eC<+UD2c-%-Dpm=l16A*K;(T4e#i`cY`Y z!Z--}Ku*|qcC33vENRp6zTtRp0f&j8%2+tEfT&h7Tx|H~k0x4vyT_#;`E`a3 z3nq>H*c*+8Df%{k6v?Yb%CSp~>cdgZ=)|v)PH}LU=0l~Aa2>{C1o8Q(u-F;-4?+x2zJ#j+3k@?%xmItIvu)A2&)fZ%|q0T<~N)TVqPQM7sb_jYBP~wbKcw z`#=6&I#2Ept!3YXHn>$hEE&kKHiU1mxpVJ@HL(VyQ(So993JkAG$U993KN|oP;6zR z5EPmBh#5RfzkuyCv~bbS>=$T9*TiqAHdBbY!{I~{Y!k@mhZBCMGa-=d<4##}jw!eA zj66U5w=DU=*6})c`*~QNkeGZ`A)0kKPog~(nrOxH-iT}j17XAOP*ug=k@cL%(8@L0 zIb?Ub{Q<@1jv8TyH^uaUDSl461Cg28ZW4Yo;Ad`!!)AB8T)^Hb*uDcTd4NfK0K!I> z2HnL~F4tP$9<0Y!$WH?S`;@=y#US6?)=T|e}f zW=nci`QfNQiMu&ktO(x0M~z;4ltet`X6xw?1|b(88lTacD{b}~Of=GJB9k1zt90M= zc;V2(0Ds;1L3(I1o-FWJhz0KFn6Ov;zW866J-5)!x(`tZX#y`;v>?5tE8H;J9A3oS zke3C5lbIEkxduz^h3B_gYn0+Dw_WU2{64eMPBMG#!Zu6Iju;2=$K3%;q=DE#PWW*5 zKsuYr-jhp5a_L;I5K2XZQB+zaBaz@~Ux1LZ$a1S{0YuS)3!G@Do%u{QcW*j#U({>7 zE#gZBz?^xX^FauK%eDE$=OBQ1)(nscr@x7G{V;#*Y$n2uqy`8KVntw7{!`!QC((dx zKr$c~o69oxQQBq1f%Y+{OYKx;W~yf7BjT}Q!B_B3c^~qW4i5)`ya{{eH=bP)|KT!e zNJ$t!|2?nb-1vWgW4P6-4jwGb`?QGWKZ)Q7tQx?$!DU9{QN#N7QK}?o5$7^V4ju)>tziNs1BEeP)!tVagxgM%&obUyE`9ZDWgO35S)&aZasfzXowcEnRR2dX*H7`(SW zaG!Z5^Jwji{}O{lsX^$e9mDf77&osaYm(fvKBWN_o@^NtTJf3dOx~E4tH6?vkj0L{ z+2{QeyC;+Y3^g7C36tLlO(aqSTDp)ir2p74MuWq8DjM-AK_jSm6>mAHrAk^Zp{suT zFpXDFe(uBiG%8G?is}hs+I*&ac`zxgOwZ2D-ZM8HnVX)Qn;#t;t29mz4%Q}zhHABW zfY{=3=jlvY(>$JXcV>3(-sze9#ww$48>&tXG#i8Wr95Z6UZ9_BXNr$N_|8P%y#;^{ zir$MPiX5{hDj>*(WkN+*3npb-hb`RGcMN6*b9(D=AtJ#&*RrE;`)w7nn>`tz&C%|J98BL~zF<=~^_i|s)6v7RvQlGVfEnpms_O=8Nq{sWO;;p%-kwaDnq{vs^!nc<8rX z&_k5#m)z#TIzKM?w;Vs)KOXHLx7#L>li=sye2L=~Te5%rRR4Ike}10jH2C=sv*Yqp zHpy-9oQ92E5$+(n$QFa#rrt$`$JaUZssT0a{r0Z<2FQ$3b#I z|3CimnGb&SqkDbXNDY(LsQdQ()<@nyY4LUc9*XD;{O9Wz;Gn=x5Lb&1^wEB=67YCH z`6z_oGK9jKWOLa<7zY+c74?t+WdA6ZJ;6>$BsFSRmb@4WO-DS)s|7+H&fyiXn24!9 z&+4#>pt1Tg6ePF!*0~n5GOg&Q1!tQY&?Eixo_pr75~@z zYkh3Q>hQ7BjUWH`=ft63WmpJl{OISF>D~xmyvF#o$AvqIae*;ES7?&WKmb6eMK44E zY4BIp*5VLwx8s5i)6C3fhbC%^W*gR7+wW{Qmi2LWaXDo%`~gHtmKx9SFc;=Kuv4GA zwr_M?%2b0+qNi*Hoftxd8lY032@ngH7~NsRIm7P7!$cH(F=ckVGMw0H+IbU-?=43! zL8I;SxhW0++ZOJw)Mj(CV$In(j?WPlno}1YKZ{He!|#axEyroj^7C&7&gbIelxO6} zA7BC%Ica@Il3fFeE|}gZ@XzpUUc=VoXHh}IzQeP54N0aq`1vSproczf!;PqOu$+HGcqFB7HJjY zuqWzF$`vx28kRJ~$=JR`NkeQ|<2hKTKkK6S^gwJ;5Q-=i3Z+A#6`&4%ZV-TFvt(V% zg>-T`kasVEZ5=!*A#DrwI7_h+XpcoNu^jSLi&eM8(iEG@pL7ZS^a;ty93Mw?Q>2yC z%0Ck;LSFKekGy>?IU8Hp8{9iRGjY|88y|J*?%^xv3X`+CI(R5}ut!iXMt5y&qbUFS zE-puSy3#JDn}^slJSCL)GjJ!EoDhdMe}*WxWY4(Dj!SCklE=>q8S8j)%W;x3e*Vpn zCwj(`x_P|GzMmgIg?KSPKG;9M#$M^O9l$A~%2b`um<6+9Ap z=Xv0WO5oVG*+d{M&=QP6@X3#+>ULCY@IVDzAFA9Rf&as;cFGR|x|sV|_2VZdPJFEP ziIWq5`|$X~4>jJwUP&j}gzAOAmxiP>u;0tLGw|fqc-W;z_Nf~(#WDpbv;7w@?e zy-`XcAP)LUcQ4+k*>uKX589=nW-A;DG7TM!V23@q=yHvQLXAazBqX=8+5EB+h98KE zeYai83=LJ50k13cI3Z zer%b2hORd(LyA!UE8YDBK(SHNhjCC{5xi$*YI+&|%k=uP5LsRpLaReiN4uA^+2#Fv z*XEtm%gZTwJcPoi+R(Vokpml8$~&)Sc>!;c;9>($zaAC z0Gou55cc&=ZMbn(@DbH7EaM5R=a!r(DcnIjt@Yeh>9ecQV*h!6ra3>jcfo7qqX9kO zillO>NM>v|LJP5Uq!dD$nCG7Pt`Mqu}1Lwww#0v4s#L!4_YJF*A&nCqUZlBg+R&z_3u-$k} zPGJ{pK4@5Fh%jN7IDXbT-r9Ej^ZoO0zQpmo^lSa&r@&fDpHE2O-sh*Jv;E@_<2Y$( zrHR?p|Nbxcj*D;T9UrFIW)lW+{aNH&+qnM2!mC|Bxa*NsnqseciV)F{c=IeH3Bwx( zGNT(R{W8vk%)ByD12xi)N?QwgV8U zD|J-VT|xhXnT}A#3{ZpgJekW3ibjFnEwX2+-y*A8A|Y#!k1~K66?8DR-%U&!GcbDu zGQ^$GCUMmXc?5JC&JsP|bfFZ=kHp4~Oo)Yay6Vsev=9Odc5PoiKVps_>Gb#JQu-af zWFqP+4yXM=vAFsEpq4Xy0Hn=N6eX8WZZ?cPiqE6v%zBgdwqcS1q_)WRIU?oBvJ^=b zRA7&;q8~&poe##4F(FR4HO2|o5uQ2+K>1hcA&t|+gWkaQTckG{q#>~%TZXK__Gi|9 z=2VlN&z?F0K&S|U&Wux`mBC&Z4Y*3Cey3;Zk4-_HOv2Qk^gAaSd0w8ORr43cZ=ITZW&bbYoU>nK{-+e>nq9BQL)V-0;8tTe&?P?S zH8v;B%{jmQ_*tBWIcsjtc{)yWo}Yg+!p1v}gJXy0G(Y|@KA+~aY0YWQodlgD0(n6? z=LI@nG+{L|oj}L`imuN(e%3l3-*Wt`^!?WHn=f(v@9F!k;}7FFS^j2>bOv!=`~>(n z;yN1@K6_3W#p(hn8nvW|rKVYf=^BcJKp{*D#1n<|crt*`QLo7tyHiAWk}af!d_I*j zVo8wHBnKj^XuLMO>KjAHs(dzv8Um9@e51`Z0W6FXfM2Qdnu{iU6I4}HKyocb`8%ES zz~_*~MGFp3Vs<*T`VeAgbHc-@hk-SSwS@bQNGcQjjHSDn1*TI(8#_3pLwwbx6{jwr z%uZB|%Ghuju>v@l)3E+UEI^%w&-t ze;A=}l0`BHY5h1V6u<%V&&Yqok&S3|HLRj?A|c4Blq_d6W;mUqL`m}n2CCT1d{CMa zZhnz3_q>oHy!8izlFmz>FmmVdYT7U-J)szSxz$pJc~5ZTHuYD0G0mThBpOMv?Wea| zvYz+^+Sl072JA&7r(Qv>47Gj2_q*{jL2t`s{+Fp-w8Y4EN~FeeJr##H%yt502ycms zH?II&0*0C}TMJ=4v6YS)QA_07CgTakAN6}1^#Sxf2Dm!9F8Cq>=45r%Zf~JFc~xyD z2jUHTA-$$~6%k7Ti0C!Z?Zejw><=bcj`DC;q%!*`i*LBRLO9KlonW%pDR64bV0KMB?>1_PA_=?u3 z%s0$y=tcb3sQ6dA)RIBmKgG%NLT-S++xVQr?f5qh3_$N8E+G8yY8W!ixH*`N9_2Fn z3e!jKx+Oz9kDs-U_hgJ8CmH4E-~8|V{O!k~kF4Vl<9vp?t}+{k^9iu;zlMGP+5g4P zPqH}#eZ_c+ps$Fh=)ZKc8De705JjWKRYVFZ#>m=Yq^7{e#f=^2A?)xNx(&DtNm$Nh zp{SwF52zW}!y%C7hQgr|1UMKXz9Q96d_{edSS)-!&V@d@_mUn1w>x?^Fp|mb9kfM1 z%S?l~xEQV+y!)Uh1LC4@U-4mg%F{YDnRUZT&^vMQPb2OgWvnFqj%`JG?J*(?k10nauWxCfURNq%$*%xljeHWU4I2Kr5m+7w zoxbqG`KPfg;4y&p0zDmj!Bb+oU}c8mF#dq9hQmfV;gk(I0D%6i0Hcc_1gy8?qr>Hl z?hd%@J9<2N4Zjy@KshYC^f}(|@l$Ct+6c*B$H%ucesl%Baxw%0QEAL0{r6rINaAu{ zN0{&L1VTT)>zpuap=aRYz1UrZ?iwXkrnT@AAxk<)g?YgYgtS@hOiZjN6JXCs*s9fh zKDl>(HME!*5cYPak0uOpBAFaMns*baD(_lKzz04kjK`N0GM7$5o%ff`%|XFRxxHiq zV}WtmF+i8#b-snh%CE~d$EE0&6>+|AMldgqHL*<27Ez4d*^^`jQFcRsF=Uq5<=lK;uR zUp&VAN6~=@AG?0m^O4oo*4|5(*|TN<5*@A zxoOh99?3GIFXEjp_p;j=nrvp9nLuIb&HFG%iE7#TRDL7~rk-(|=4>pFB%DfAe0JY> zlkqKwlA(O8-cHWkd+nqs?OI{j(L5$pF^?oAMjCRwnlLu>NJn5Z2D+;Ky9{0vGcJ;^>Q#sZ&>rn$JQuzzIehq zpRG}JoSjeenxB92;`8C-(Y)s8pWJ#r^Uv2=kJ3DNN(ZvGIQR}>5k`uEP#CLRc*TR7 zX0O)+52+AZ3IxK)5lZ1DjjD!55Zs{bKI!f)AxKs$#9#o=orn6~)Z5uD%}Tc~X5#hM zDz@=Y+nbpB;!0m9_m?lLv#Ap+SISzsAm)&BtXYg}ybT@nm*>#Zn{^Z2%?xOg=qYAf zfn|h68?a?jOJW@%4TJbRt3kw;)gV%|@+lwUL#$c%B3a-eiXnw$SZsbuD*4GuL!TGn zzzo8duJY1EYBjKT%+{<73wu*X0~6^9NuHR_nKw%(WEFdn@u&Q3&`?~bvPG~Q= zKg3_#%1O@08!_nDV;r~p1FEb42*lso%2UpCK9^03pL5wf)|bsdU$#ZIW^ma&X2l;6 z6103q^p0h@!5W)e{rsc{7CmI2@p!ZN#WGtnZ%#4$Pi=2IpX@(&{^s2B@VphBud}(u z&KFPc^8?$zpXL@nzdyIOoF8U$i=WTeOliycSE6S8K7PL71XBY3^soCI_Ve?;0a7g3 zt^M<`^h)#WzA+BaDgE4q7{r~SP6>OTv&{krkr5v1?%K+ z9#5w-$y6ed+QPk!@FbNQoQHg}HSl5 zyGNsMl|HKc!zH-6rN1vsc4~0LXkJrn;xO_oVc_F_zk4mZ3%Pubh@k*x>G!V?Ewm3H zM>NYa13Jj(RFzui1|yP)=B7bFwj~PNWP&z12)aLSXi1b&FQx>RbOZTRQK#N^e%4M4 zJ(2lB#q4#URIN1H2xZfV;)dF5V6oa>Bu9`r%-(H_7+b-Bm}A5-06rj73lJ;&p9NdQ zgI)cI{s-C-ts9uX?Z}?b?>YRId2!+MvCm7Pb^MvzXiy7Y@o(OY`$rFDy!;sJcSd+` zcb^V>rbj8ClVt}QL!>j#jMKS}azL05loJFe3-MuRbR6ncG_|hahH6ZCZ1GENpn_BD?Cl8W30eDbZtBIt_5Wwc%_Ew zKRr^__s?65?D=LTcb!z2rG@rt*?nYw2PeC=rqx(JnCJXY^>TY|oy~iSEB=&XMOIw! z6!){uUaX4r4tUBjzxes5`*}OQCe!&ppf%Y#|Fm^}FK$WaC)t|J&hPt;qMNVDbpAh) z-r(npC#>@kmSoS1d?)IeTo8_fqsW%i6A2%9i9kiOLd@8Hp91D+ADR?rZVG!73d=Tg$EU%+W*3gb7RX2+ z#{CAMX9vKUFjc74GQb6{tC@(J$*6;VH24FqgmJy20vW7;MEBlEXN35g<}7=%VA&8r zH^fQbDFZ$7!ti;@0aCF85j9)dle>|dwDtrbghs{1mp2928Rjg8Z9p$@8`};&xq90X zRB2RDomgA%_}Wi~7aO34WF1ldtiPLV5!PRw z*&1Y3kgZ|G6@+BZ#sbD4aRu>O9Cr#ghgeKg1nQH?P2<9q)cYK=KM1*jjRRfC@(I|F zUJlrQ8Q+grTFdb*i1>X9ar%OAsyh=dWD8bA&FS(B0@`dZMoZa5GLy_?R??|RI-N?V zirGXM0epPEGn1B*DcOw51!Z%sCh#mK2*L5O6mRbvLe$u-1`sP3Z%GSXf`2?*ihgg|G0qk_?71(eMp zDLzE4JZ`7QVfWxK8jJduBu3`J7#=`s*y*qr27}o&TYG>*7F;bNyM;l6r~vTh5 zT4>Gm+OKf+`k&wyny63e-3cv!5Cca4g;~v3!;4XrJpu%h24*hMt@YPQ%zG9#YX7*a z9H(X}3wr`L7PiZaIFy=g{Ah9G-!ikU4{w(ldj9ZcftMt|mg6Niv1g#)!EwxY*y|Jv z<+;?e7&+v{9lgAF1-fw;lLwr?U1w5{5q{p5{X4!7u~Q2pD{KAl<2V5JeJr+0-vN1$@bBi1}((Bt=9M#(4q2b&F&wkrCCpic;X8x5Y+1AYYtuj22bO=vXY zF=S1b;G6{gsst<>TjT*@J5P%}Et0HxA$7Jz8{8<>DKi#)+5z@kP>onwk|FAVCDyTr zDB#M_+35H(M*3UVU8si?3r-`R4vfYM&JT&wjf;=(x6Afpi;qiRNQ@8F0+HHk{k8qa z|K^U3tEF46f99z8tFJxI)-3kiXw9N=bcxqpc#HMqXe33HA+6JMgMIMEZre120l1Y1 zsK-@6b)#tP0O@nLl9Ry-e!wM1P$}lhCYSYqD#>8mSA-yn$8gIdBfJEwhuovvi>l9Y zVinvXEmKU{AuT-!+GN}o(m%MZoC90=i6fMz)R-9JGA1o8r_g<+%tTb z%?dkboZ}JUFw$g1`6FXYV!k6qu6W;@t4c@q$Kp@XJ~uVfDZ{ z*wvcmtA~!b=Iu%>A9+z9HbNN#q99dbOuX=c|* zTks68N=4=avh(2s_Rfcw$v*$5z?@U=kex4{u+B#|h3S0y{>zz;;OF1K>?(#?MoMJV z`kkLj6{aWnXWRfDH->3IN{BFXWGkucGk`S3J)A|&D#Jw^6?P5lIPPKRUxDNOoRKYL zT?5%>s&qT95$A8}lM6q>e)LDdew>GO>gyNoXV>liXlYga6apk!p>*BbvVxSqT0hN5#MN**`l<y15$5A7aMLp_@@WMG^nWJm>P?Q(Sh@!wxkv{@(DklOMw&K9pKHI$&K1_qcxivNo zYE&suqR4KMmbfB;dePnh6C_H-1yOQzqU7jAX~kpcvlWg$%PsC59o>7`%;La+c>oYJ z-S0fG&`g%~v9XEeCP=K3%PYE@JHce?0EP|@_8u4wUJio^0)NqI?x;cOMTD_6E>SrQ zCCDK}ygp!1>UDofNd~edJ@OcXNPiGKer0EMO3*#AtdxRFoj6L!g2}R>RZ`*G?=)NG zlw1xhG!o4`tkt|08_b5&?aNvh0oG!Ed&0ZhoAkvSSv?y!eBM}oD1Z2k=o9EzK;4;H zi5nRZ9V_wTaDH&_P#nIL2$@)8y>oU8pFbxoAo7mYWdTp*DJtecw)v&*wb)Z90<1a_ zV3i3iQ=n{fv_%hvrK+M--Ju=_25`6a6jtY3t@*{ys!$WpYA9#6x)f4m?iR&v!n6kh{4MM6aE}U)Yo9_`!zA~8OOn;G>x$I6LBs|EhZQ7_oYlUL+3M8EJdIqG<2WfazI#Ka^U z^AdGB+yd>-&tCu%wHWetbRVLym5A!0Z8iQ*%~Nh&svVJ(n9gk*5fuJ=(~3Mceo=>_ zy&k`aA%d>`4e06vZ0%^1F5R>l1uxUZ)T1fMe3dmEcZz>;g6ZNg!|P#;+4+!@fN*1X z6!A)r$8Wd$nJdDa5bz3e!gT?(0U^(BG4g^2bIB)p|Lj5HL55twpN30*F1YdD3QI8QfmzDJlqaX7dg90T_a)`_t91GC%cIPM6F8sWLE zK{@h9te82~LiT+U@r(U#RMLsSiPXv9Npz%oGWcZjj{<*WyQnLbYxb?IFV$OT1O3ia z^vrop4At09&@&hMadVm53xsdu7|)~h%yFDOb2sCS?VnF^bAEmgZ`G^0;rKYRnfUqe zE6A_uInE}yaAuVFn9ypW}?sFz8SxU8(7YfeFlIgo1dXGJA{A64RBl7XTZ!Egpe+gQGe-!ZU1#e*VZ|Q7FxgTeiI=-Wa+v|p}H zmP7KfBgfEZEDP%GLc(|Q$n{F4Yz+Aw0lyn4FvR}!p!O~_RWoj}87-Mod#)SHw%?cmvu4@$S)iN-GkUPT* z*+dc>C#iy!S!!X89v!UYa*54mXrLmtTA`s6+FX5TjyFNebvl=7ghne04cqID7ret4 zp60P2vWtFcN3`vE0yc8vZDuk3l0Io$QDGRtjBW-AKK4sHr)|Z9r3rTj$VAACifhb+ zDd^^-%+95bO<#TH(S1m=;5{a99K!_ zb6n-k{~w!Y4rl>(KINCE+1fC}zP}&82=e#^UDa!Be(;#DWvA28E$36dgPo7Kl@*T& z!t=oW@$(6D!p;{@GT#Vmz_#Hw>_g9R4Lp0mfy6aXL)F|luP{QExpQd zs~AhfCdsG4SivVEAMSa+{~%(M=sAh~@P#&gJK+d^ANC#gW8J6y-{-%78vC(UVn5b< z+7BVXVwibrhiNP_R^5DB^95BunrylZO zw5o~t+^qOB>7&4EYhOZJX-CNA0};yt{Sm`6-R0LjAr-_=NFPA0vj0i9&56$?iX#l+mh6vslNQe#kz`3K zm}rL+GvZmCEQw*Da=$Ho8Rr^8=bYe$KnGD!u;QYs;uQyb6-mrthQSf`IYaJ%Mnlo( z{3CrSTJ0c6P`7dZeVdpl=zpWfKOtRP9~!DN?g?;BL^;=lC_I4J(IB3fA>_J><_^d< zn~BL5mE|ZgU-c8aY)$KBsTnbF-|BHW|CTG%Bi>Z7k3r%|SZK@0CZHBE%=55Z{EWBF zMb#Z3JwlClSCl|ICK4s^CW{-MIQ>OsH`>rp+XxIS9y)vQ_dJ?^@ay<5-FIi@-P5<1 z-p!sp*T0dYN4V z$LB&1=(xs3*gQ7OqY&f_2v0QcMCAa1H$}?YQ{Jh^d^7?+qmwJ*56F|W34Z}D!WS(b zusU(%QRiu}4FXBWxEHbQA?$tznlRKyt2i1$*A~1$Er*EE9bsbz$3xF?R^Ni{D_!(~ zg*i{w2BVD4luBCCrg?4oYE_NO52?a?89^9xM}ZiiOu=>*Mv`@!RjksA0w3G^O}EKD zFCp+q)CwabQ<3^YV`MT?Tc{_hai11XR^qhr|3LK01t+d zi(mH-L}ntN^e98qyV8>*)45=|nD>dlJ-oVFjZRH>wC}!8LB|}d#iaK?hiCTx;QErn zo1Sz5c1*!AEST87#KL4KitV$rJ;TT)vFBUeBrLnQ5Y;p{@_HdLWOHk90OQdI;2%2a zVPL)Fg_U?5pfH9i!2MXL#%smxaVy4SLCPJ@5Y*@RzR9aBHb)~;hzDj51(N=+DerOk z#aG^v(q6r))(!%0L1X<*CVzJ!16dKi+07QCM0pt_SVD{fbukLm#VTH4 z#7(kPHIgvgE4GZ-8{0m85S5)G%fSGk*gpFdd6JAG1QLra;|gRyg9;E^CaSc*o5$DL zR3ar~48Pti`oTCHVIdXwDvF~JeXr92>OHX8K}0bmViOz`DxvKzf_##K4wJ+ZuNsLa z$9s~XA~fDppJSuntnGi}tTQz^Qt^e$3dpuSkeEe6#RmEnHr9j*8w$3$kxp5JN zyHVK{Ftg!UtEkW3E<3%NoX<5=l(QFw=OL>bOjc7}zr*cBMZMGQkRK38An8((pyH=q-q#xwaB=mcVF>IlDgPB1Wb z7(;+*nNA4PpyOw3H-E;MvY%nJVf$itnYw8E33}p;;&+`HXbi9^V~lNN*x4v7%URVk z#3oQlI%4g*Z1)aoqh4>$A=hJA%ZAj4iko_Z4Lw2l5#&Lg+jd?-8hPjoj-u(2`&ejO z5?!bdM(_iOTiNOCvpE^#I)yN9ouZ9QzoZ zE4=T*-|%B%@7UY$x&MV7d#ra}g+7(eyA$Vqh(1%ijeV#4Nl~!TiCBK=_)R$X33mMU z3t!=%>+GHT4jlW4crDJogB_!DsV`#h+~2`xf0dnk=Y>D#=c3~y|6aP+|H|(5E_Q6^ zy*>t8^mFX^sSD5JT>5PG#dKYeiK7=@6`z6aoCS8_GhJVv*2=ibDmO?jX#JFFia`%z z%Subx&(MF^KHJ4_VoG_S8$qSOaPg=>eX%=;nU!We&5K@L_bRztvuQy<-Zhu4WtFru zlX1RZdqR_tu{YmYL(4JZ69wNdVTMuij2G@NoquhZ={cN9Q;SV7ytIQ%glK9xT^4}N zu!L(2#u{%wz;YH(Myun=QZweh;qvNWvJ}Yb-TJ_EL7mKguG6*qw4f3VdH+$AW)2UA z6OHlMv5zj6=Q_G~He$pYQ|J!TdgthUE7XO+lNuwZK|ly^xMyN4 zGBGwWF$prqYS!X*%w{JChZ-Pz92#n#ZnZk&?TLHG#^2t0ur@k6G}L&26Fl0^l->h! z$499X3}riB2C*Yn?(@JJk=2K{FVoKmUlB4BfGPxa@mOJL_Y6X@Ui>ATjuxq7schp5 zK6Hr-jgLpfqB|Qgi}{?_ThKY5qdE*eN8LbL9fXcrRek3st>`e3W47&=U~xp(FQRco z#0_g9rx$(gKVY6>+@ct_CFx$+I(yMi`0;bX#D#A?6#_XX7Ncjo`{~`%^1kJJ_Af>D zFYVudU}U6H**iDgINj+KPS4F9@SX9q3Qf=!&1ch;TGrN)Ki<*T(yP;lO)nv;}zL zJvmLn9vc<9sLuU^FD5I*MjD_2KSA%%<`+;?Tht`=gH>#P*TSxQcF#w4&+p#77@in# z*yX9y=;%0hT9%uqh3aX2Fv6{C{RG`vbATh+3SP{tqB3ux#v{Me>2|Nor534A11buV01z3*LJ z)m^>s`>t-OTf17CQA?xItQw6*<5|6fV~nw3#ybRWNQBiS53_|m3wb~=PAtqqrgnZyHF9s*T!vse2{^wSy)tb!^%ydVi%j^@Cl+P9u0-K9_qw8{+O(fvuyX{V+MX{J& z@)s}#oAkd6>wOlPEXTRi+@H{ze;R4LpnPv8p6;C5nu!yqPM$h*`hpHJJ+2%Ge0ZO z&(6;;B**KrUYS~p#WEx4fZSYjRn{^K2K266LrOHat2;M;cDDOKa$K&D*Tb##;-fR` z;YTcnb=Yu_NpRSzGO2&Iu>A<4s(JOP0xRq@`u>~K^IlgllJ?*1_@p&jj0auQzuK(u zXOn}KQm|17m20ic#-IM`vq3sQ_`**$jP)$4`M!9Lb3-YHVF`((;;aBL9Jv12H8^>? z<05;~L?LAq?yzEquXOg}guRt3@MCI@vpQN;+1e(epg4RHb3_jJOi1838T#FnwwS5uEq4o)`?tAEmU< zJmCZl5rtvMfaC$}%)*u!9UmJ%GchVpj805UjYQX40|U84yIoyNOsU!xDOZzY;}d5` z#~v71k48%)>#h4s>*+@?QLPyBVR|Wp_j`&ID-aE&f=arLRLtDCx?*(&KEwq0l{Kj= zQt@f>iC#s4`q>q!y0u0L$9)Gh)!!kU;};oS0Vw)3qbun7bZ0;Dj-B1v?wPrr^4!k3 zxm`Q*Yn`#NfztH!@LFltc3AiM+3wugowE;&t>^PYJJvh*53N@p-BkNC4@2!olZBpW z#>sa2f=l#7^c6__a{8$zgD;aMqj7zr_RFHWk6(4=UKQE>*(*|A&t$I~E*SZwMT}LYRW=efU7={mxF};@c+6nOh50)}(k` z8rovjo0F4Rce{%=))>NnSw7uAA6u3LlceA7=g~bshwAU>W7IsXUJ5p-dqTA@Oyt!? zNiVq+U_V^MvH9!Ev&b|F=e>!79Ir=*4>VtG3pjYM(-U`Z{N+V#`zgU6b|zD3G~_B4 z6ElN}H={cyDx^ID#UY+y2HMt|521d6tg}ya?BisJmGVxIm>@NupcBLbz;$Fev}xV% zrn7BUT5Nc&Jh_I9yL5M(8o6nmHP#b}vGDr9BV+4@N3X0z_O0=L4f0Af^#3EjmQHIAJIB z0@8Ww-0P?>*)yFfa<5cs)!LbQMXp!s^+s=Sjo?}?=PJKiOeDmCYOQ{@QhgvEkF2NP zP+k}B+crG#LV_jOG#piTiu-b->mM7#&bq8mg^hJ+bF7vajrH^uJtqUZ`G48dKlH1J z_`|A>q|)Lp(1N1MkmUu?;s%o3dPk5cIWyXpN86*L z<2_Q1SE6ghqIa#OHP`z4$4 zVo97;*I^iYl6p%yVf9qGZ&3Bua|}zD1=^s?uxKZOYdEsjfOP$Yh}MAg2Ky#Xp6MLN zS2b@P$zh$JS*k>6qWiW!Og%!^i>@`KV*B&?*qX<$bzXWPx$bg>i|e_2!|UFMFJ7`& z5C&IXu$PeZioS)*k@k15;5fMT67pV_^Pm4S5P5T5-UAwY;PGs8U+wtdisAMo^X_}N z#Uy2(C80kGvzk+FEL8EtJoP zQp4`Ty5HZB*7FZF*5eP0p0h6Z1KWs;)w-!sQvEPRWeB7CvOJU#ReR}Mt_f^)!^rOJ?vmx!7h|IWl~2;R`59Ir)&4-AqXBlw(RLhR?Q!Y#?G$jx$c1j4oQv!7c5tY0p3@uee}q zR^T;pIM3Sb4_s=cUqru6Kk}wvWr^RLL}elUKCMq(dI+CtDZ85rV7q~y#Hz~}>R(^? zv;w2pH%nbPsPt=oxA}vr;^*lK%uAhIgJiY>m#51rtVEKkOWrfEcf1X z+yJyX)Z2551xBj}Lp+Oz%#*;*Osq9_tQFhsVxuvKdfoV$L{v_okYcVc7}AXmujg`| zB>aS(_1Yux#Mx-<0ko&+4~D2xyKm(&y^d`5D^ZTBI$uU`!=AZ1DX$U*d0En4UAAAH z)P|moL-wSC+=nsh&zgfr_9Rg{#wZKs0b=A7>~`<~hGS?W1187p8A@sDpct83OpUG8 zr`Pgmf>*E4hNF?_nOInkg=4YVZT8E~2#B1SjIR$Nm{fTr8ao?~Ja7g3P2EZT3Cpf!MQ=Z{Cd=KmpyA+}-M+YH;J5KlXxi5Ck^4sF&q+! zS7+S1D@1v2W^-V_eB|J%E6d48FA4PsxBQ9DgA6FM*L_KJb>lr(k)!;?rO_Ssx*~KeaDcA0S+9Bpv=eG-n%-ZFY3hM%gYe+KjTzXtM?FfQ#Y`s5$_Koy}|% z>?pR8I8+lpNd_0PV*6pxwDgHhglwG?fD5gv;7IIWIbOTg=Aw3rj(oLQE4q;4s5jeY z9{e@t9$G>&=>l?h}-gt|%^5BtZA>`IO`P;;eADM%Z z7;iiD_LTxCAQtvk}$M1Oc=~adS*H^TdImF<+vd=xP0qKVx$~UiWAxE z#3${UnSt<7HaCxCEuZ~M-QCw8f7^9~N_D={HxgYKXZS@-^pLcdW<)@ zZ?HMuhdRXDg+J!pT&*M9ZKy~=p`gdbbI2j*^>*xXj2Ic-*tOsId$woU1XBaHNU=_A0Bs0tDC4d!Wq`^90K7~2Za+C24 zU>7|efdmQ)y>Di^DR5VlYlvlUQx51RxPb4Q`K&cC6&4c#w~}jy3t5|gG%hC4IV0En zmRJgzyg@N6*#iGZDh5s7fEbpoe*U3CB$2TN^5J+p@5@JG+0FBjNIp_<1!As2T_kKX3{B-CyKW3qTPVWqzEd# zT)vE}SHFcUSE{yT-M|!6Hc2UnCLU1wwH-A_!YW$*2HH)=+pMwLPWFyDXowXlWC_)2z9?u(WE|(3Eikzr(I#4}nvg#f8Lts-kZ*&r9up?z@6Lu@j zBL1;Bk=o{u)eDfLiT>p%ft&qP_}{rneCWVA@gELMO}#>V=nl z$f|z*Wb-r_0m#qkE_?*Ie><_3C@Y}Fy}z^KqjYm0;TKj12aAP#el=H=5$MkiXEJg) zOaIzbt;MI#>k=gyqnK0HW+uRw%!@QnQpah#8hHLJ|DYep|FW zRZ`o{<;%AHEmzBC&s2w_az;rwLyl6`X1h-uJNW8@PH#Bv^M*70`o<%DHHml64z#;@ zm&H6|GK@6_W;b5TKYeJcCJlW&G#Y{*{vK#5uwl_WiHo^B3s* z{Hxjb|CYZGxI%P&JG=fjTH5YCr}#H;Ulu5z|AQNQ*)zZT!cF{5+@C>aK6c@p_TII4?<{=}x%}G%s_(t! z!iTl@R@nD&FLL!isl9g)-&>>K<8Qz45$(O3*x&tgy!V>k-~A2T`#;(D?zr$N?R&3c z_tNv-dEvLU_g;D7M*JSV_geM&pb8G~Kjc4&bq((PIqE3eQxm{%SxHu#|KxnDCVUoc z7)VatjvC#>g|EXe9P9whk>}kmbPaQH)cl3Xp=ZAepcEvLn@GCm(3rE;{+s z;>V2L;XpiP72;F-Yvim=KVT1pea3|K_z3?r6n61@YxJQ7K_V4)4!!$O;f>(Tm{!2m)vwblgR18jztn$26VAv{DR&R=%Q@ zoIOne0bHx)ca)7rW$idV_XM>bpf@^60zg`F#q_*h?{Zai=q(=;V(7-fD==343a-*ioumtTs<5V?tQ8<@0t#}2DgghY9x+r@x*M}#Aem$! zQ(RyOQUV#|5q&opY;@xz12`FKoBSc`dR^G8y2j6m8h; ze7@Kkt!L5f>|nXEgKzF$POhGAjTh3noyS|japkcgebgKs%K5}l%ER9<)2gD-ir3eM z&3dyi(M^~;i-U(0$5eLmP}6I&@X9~&f|wr8`=TDyqSBgeu|DdzVCTlT$2#r^`6nVo zBR^3G1-Yy%Cl%(>TE+4C&p`J^BRW<_iR1Hx-bL4)B35dsYX(4aLLZZK5)k=053G6* z=ZVMWQOzRx7Ca8KZXSPDmDfZ*T7Er*AgF{4eXDQ9p@9gr*v;&js*r=Jq!}Wq)R*|3 z?*Gh>-*A1dd&7iOEalxNOnD`{qZyeWo&k8!$96A`u8f2Mk#86kF!HhD5CHFJ+*8=A zapBXfFWcjtV2o<0VpKUAqYWEnF9blwMvf7p9~;A*=TUJyF#iYm z8TSv1y*)M(Gs$WGPaI<3_WD5g8_3~AiO#?9Uo|9SA0(s*j} z&ZERvQahx$b>lhWEr$FKYDyQ@#{P5QN!*Twn&95oNkrv{UI<&9 zPTPV9?jU5O&_AZEV_;^pNB zmdf483CT5a?Y*6S3l4eOEBjlAClCDAYv&}eBA)eRd!z7qNRjtk#POw01cOEwJYbs_Owv=V?vp?i!?;2cbl%5W`lWY2x|uBAOF*8 zrFM8ner6~*kus!r71GlKk)dnO?m)&+Gi6Pf!!B1aDtMxUNAH%kXYpvqU8gRUTlkAv(pc~gj?d5#BQ#W8>!$(vuZat6 z!Rl;!ouX)n1eZ-8Rrs52A)_)`@J7u+qhymqvdiqq$IIP;pfym8yVEhh!6eRCfc2nc z=57Xvjxdxp8^&}7Pc-K>T5_GGic*Y8FfH{vZQfvgIyZ6KVImE5zl(dT-2j;x2EPCf z3io@RY$8uXP0*50P`88#Q7=M~u?X;3_Jr9+LT)OnJ)j&_VjeiY$b6{4z<81N6~n@S z9AQw(Ijo-;ioMeQWO9*HuyPeZ#waOW*W?c_D6$#SG`V0`RS~9%KnY=boXR|y&-mi~ z1gG&ft%IthsAs~aH04dCV+2|&leb-;+k598WgvLU;cPB80?l!us3{d$c>G^`+v3}9 zpEa7tbUSZ&O?5xPlyG}N6Y`~#9&ztEE{3cZO64Vprp^wK!sAAIug6bC${xa41#}n$ zisCc*fGS80$E@ggn}~Edpa@bch`2IuG+KSqg3WC<&08&A(_`Hi2r_>+%`g+k7C;<~>Mr7hz#+1bJP^y4GTqmhqw z&%Yln?)U?C9siO$JyvR$XnY5NJGc}2LJ)b5@1*EHTlqO{R_WN;11=!Z+-M={VwpI-f{HLq{xjn~^$AGtUv! zN)iuKq$_Bn)&S&GOc0G%66zq*Nx&4C*H-hNqeEUh!Gi!08(S`0{>uiF$+F90l)Lr4 z3;6?g9gvjNzl;3j#^*9)GOshV&5C94&{#b8`&v&tchr+SwlIFjYFqbM_xz&?uQMTk zht%_xS{*<(M4v1$rGCbL3w(8y`{p@ranK|lo6Jy0#HpGgbpp}G^XXqyABVQq&46HBK&W)AB zrEy=`P*9+u3@mZncws3PbB+aVtrbJLoQ8`|K4R0*z7YLHAcDyu3QLggzO8%rCXs=m z1lRCZC_k!Gb$SN7OS*hiFkliWRzX2G^l|tZ8WuObp=(aocgYch63@z&;k1$hXheAY zc&9L)lQ#aO7OhO>JXT-ApB>Fgd?DVQ8J5Iye5@Xj9>>Rp2TTzo>H_T&q>Cp?z zqUqomwW@(5v_zVB|8~-03o)m0qAg_KweePwj}1OAK40B<39y{!-_`wA_wy7R!Q3xE zZ}3BJpdKo}PZcarlXSooGiib2^BtL3WSX?6cpS4ECsb|}7Q39w#Z~n4*{m(G5M_!50E|@eN@;~`N&)6e z##pIewy+sRB33)G6(A+IYR{ylw$<$f+f)lqCx4C68LcG-7eu2mQfft;yQ;p-!mD@B zANxdhyqd6Y{K#M$_*`HqpNOX>s==^zrygGWOlP^?eaG3wQ}AOh6g&m*$WEFJ;I;i2 zdEu{vto>3aRb!fV%}wJkxE&~70NgRwb`Al-Jvm~P0B2yU8pl7QRgU9xRII|@2SLy+ z9NC*1vnBZqRqZ930VYz^Bdg59_ISRNp>KN7d?(&4*}IiWpqp=$qV=58AWv6z z9*~n|e^+dWcTHDzjZ7@d7IU&Okv#c|dFT-|oG~VT{dLWlEq1Cb}V^DHzHH;qLAiW@+9DAO3FWo;B_R=ePfnDjQS4AVN0ylcaSa07+VBpR%xB_i6*+4kANsKhOhz>1ks$yKK6h!iVqk zXKcd~>a`?*l)%<-#%HCd_39wOM~~4lchJJ2I%@AxuXmRy}zuU~R~; zL#h;x&yxsY*N`xD%~UH=(L1BqM%k{_I%LQsGc3)(z;Q!LBpF!@D+ul=N*S0Qzr)q z;J!4MNkO*6*-`I~Wj&jl!^e7I4aLe%P z@4r1C85zjggY~RWj-_0sTNXy&aL=u|!inpytM2*oP3Q0M4OD7fk1OmzIThnGA^14p z)J1goABihJ-vLlEGEf*Rrq#wglAtN{cBaqcxT(*x*27Tqxv& zc|Ko=1cOISdf8;sqsySXP?MZ4%2n<;KB~Dq7c`liwiU?-&o_`gtc5~08`0|%y}%7Q z9!bw36^Cg$#ISop2;QJCZNW`qD;}p_AlR5aWe;qeHA`i2X^Ms+0uBS2j0UohS$!4w zIP0UqPY)GE8Tc6Hkn6`bOz-*s45R*P3m+U?M{V5 zh9|y;o?(!~iVJXY0Y4IYm<4PxaPtCF;fdK|_!J*t><2F=j`wX&;<#vk1m}-VtA?j8 zcr1;l%~x)7!{_scW9E1yv z(HZl2h%q{CR+p8PE*cDrRu@!pmms)Y=u>Dlo1r&YtzMaP&5L^5JnwXhg275^1fH2V z3WNe&$PDV6vLH7fzc+{d!A**ns4?k;7LTSe@$af$T z+kK8;uGGr=cPyP6eC69~8{a_pu>Z)lstn%_<}v08z0?qocni>KJSZj8rKL35YFRjR z5z|{_y&fRXo>hwzVQ8mb@64tVJ5`&6Mj}8W%6QUVZ{kSMDalq32X)Zpv?7;@nH6dP z9)2fGBB5q7%W*Twin(C5`NMW|^Iv#Gk3F|Z0+!;wHFV%NYzs$!ef+-WwSgUTJA=wV zC1+oaqtn>I`>j3_lPR;$;B}2wOal=(jhY$aykI9}?W|G%4~ScPJjx z;hwZTp0J|TtKkT`Rja85w2V&xe(@>n!I6=tkXQv~>i!xrP?}l@F0GRi(`oSLK>c`0 z$}zjpXo87Io)$o+`aDVsi5HmS6r@%z^>x#=wphf09$k(Ye$@FY)6LPK;Q+5QS}m#R zk-Fzl{qds~p8x)EEbP}Ab{KSxN@_Uyo{b;gkv(wil~a{dr%zYze(_axMhoiqvJ?EL z$ery>A=6@!E5f@`EOPN!Y)>>IN0Fi(iMY5j{Krgn1A{6RiUOK4qTfI~67jfP8D$~Q z31(7knhhp6nCw7q6{@rPxA8XN(UTn+;+)J(W^ld)v(5xXoAuFb0>_J$vTUwF6HM=C}&k|N@IQ_$>1kr#up;2xhS1M6oCV4iT-HuYAht#Rn9abM6J zFausbCPLn5iYwz^R0g`4@u10!9>~1bSPF2y7b~z@dnuafJI(Uu?vxzqlns^UKl_a3)a~(9<+vB3I+Q=PcBey*3*b4g@ zdNZiT%)>tFF|`j=WBN3#40cUcM<+^FNf$8bZbvs1svEkQTEGp+l!da+ynxs=c+U%8 zW9#o5%*;lP>?MwTm6-gdNywBnhGI*}U48Tg1LAL}?`j6ix%xsQSUTwOA{BVaI9zu) zBh}9G(CiA1(}#vqBSK@>ZEqZzo1oY3q~eUHlCJSn(QJD=i3yljfZg>IVL=#x@2<%G zE>$SA)dz3(i%$?(K!#QimL-nQleI<1P6G=r%ECV^78oJhBSMad2zm1YvyI#t z-aKt)A{*YOczy?gr9Gx4b9~7rILrAZUn#UA*=&N4S}{SmO?{29^~k3OGwd6U27s_G zXH>I{P@+*kbO0^FtyEZkshjn9Z3f|>v0XP9B9qs4XZPVXl$|L0GNtTz(U<1GRdFVW zJ}0Bjs5JPRQ2>4!N_VADX;$X&+5nw~;g_gj-&UY~{B_4S$~<+W6ciny;g66v zyFsJG5gG0;vdzd+-2-G(l<7-lT5M(Vg_o&K7UC()8H6Kq22p&4XpQ5Goff`2*^OD_ z$$GMr)FqRW&+A>3C3I|&lEMD2{lcey1Lx(;s)ddszCK&Y?)7OaDYpQ`5 z;&C8pTtZH`h4m!hG~0k#3Y*YvDuJ=fs{;15o}s(zhX#l3{#Dk*@8AfN1t^|-b~2-J#Q`8i=)?CTifPn*|hE^PW z)M_oSn6M^)HKJaLo@9h+dzw)bHkcM)Xqi2c;&8^Bb9qLCt*q5}u%9gC~k)7Pe^mK%*>zH)d^Fy*!I!ue-;4+@{@dEP4djhvR`kco(>KcMwdK^=x0Gz&l*f2<>BNw%`W?F5sJP%T(YpJZca z0$a+0%-=<|$)__fE9tJ$nCBuMf+5`jV;k~6G)pAsOrhl4Tq7LS7~OuI^<33c(bmNfXCLoU=HZY z<-!7|#mT7=3k%L@;V(3dy{v|zIf9^AsMXb`95YPG4+K+P)9H~|&YMoJW~cTS(j$3q zrQTZb+3mS%Lpi)ZI=HKp>p=Nn0M55!kf9BQ|!EQ5?9!$M1|C#?bX!<>-7bC|5J$-J0Ui>k(_CAXJ`oFODa;O>G z)5)fq%@AgFH5ihE!B8m_3Ob#^V7p}s1|2INV<>9O*O5m$^{m=ao-Fk(2a%@f6VG`H zehJc3A=6Zw6($Ud7|6J3wZVJT(@BA0cO%@vy!1YP=ggqNaGSvrE9E^XJctivWs~uG zIqwc-6stEsX7D8?qizrZ3gNSpO?OJ%sK^;Hn4RNo;enit4CePbY+^X$jkOE@FG!-~ zGYkx%S0sjtwRH>Z9k*}_oavRFVY7IEOQ+E%7*-pcua|AsH<-{m^PyK??TBo(A7Q^-e4f0)8PP5HsXH1u@UiW$A)%Hp{d@Mh}h=7Dj1s2EJYRISN5Ac7gx5X#ht`zg$ zdt;JSa7A2^!MxvWtllZ!iFRyX6Ten7nCx=MEy47hFD}oPkPt5zJdulxf=J8b6gZ#7J`AcZs!Pgr$n;CL%OVy$qr+jN~VpZxUrP{tj(QpXIE`**=BdS zZElCd?Y7wl>Zufm;59c8Kwg{I>E<)`<)n*4Q9)U2qNfF|F?r~rM0H+x(T1kAR)k}T z`@$mzHOhi9Y6cg=*xTl;&$ona%)Ey^zYPETtb<VfwQ1*l^Hcb=pH!b-Id`ZY^LpcXT!}Rt^?szufDnhaQMnx76VT)yth6{4lT} z7S$>vh(xL~;zS;mMghO#nU@7r8W|Ssh#`?Ks`)`_HL@_$wn>CHm^2}zZ_x0jJybuZs;Xoi~wPaS+ zf9Zaf0v$a!J5P~NguhHIpF-m*@R_J?67sI|FZrXQnP1Y0$)W6Fdwg)Qm2IazIs^LC z84Rg%AfE_WuM=*O!bw+nuoy9Hyr;Rp9r2e(Q({J@u5_NXm~W{~=`haSh+ABPT%;!V zKxa=lPd00~PBGCCSzI9!DIpRw%|>HY8}gEo#ypftr&kk6Igv~z25p8Wmr8Q!M51B0 zm(gS1BeA3knk&_GxOm{?2IwC-gz@IsRc|20ID3vGijT3kiJPz#3yJ@-9B>)=1A;qN zOAH%~X7etCS?8ImryDVc*)V!=$lx$K1DJUa(kyoJPfJmiBF2C7X1(5gz-kRRJ!vI3 z6jiFq3*Yj#!|sUUNceyW#-o23Xft!+KZWbDK6Bj7otZefO=6_s#o!Iw1B6e!P{=r! z;{lP~)$0qCdx)y%x_7@<@AU?|_I$?c<;D4|EJPM8%zg)RCD}rb5VDL$&LS(bi>z^4 z7o^BCGZZJR(E(|=NWz4w;mX7^wT#Z3iNXa`L{Z(MTa?|%O)YptL2|nT3ua3Sp#bK> zU<+bv8<1E%|Fsk7X{+%iQp~n;keOiZ+X8C32l-I>wduLS{xf^>?S#{6S~+;g?1+`C z2Pe`tU&80`m~3(3RR>NU{Ky**D*1LiJRav?x$)bvnMkTW_KLSGB};xYdh{7Ui@P8{ z?iTKZ2km61VRbkbLs2;tiiY6RhbvUe>@Z-4DX^4?ha7&SR7R2G4~JunYNrw0ptuIO zk`|uXTHQ=&YBC0nL3n_3T8wg&-I5gt$Ajtj+Noj3lFljnY_;7Hq;bc^V9r^U6$G-P zCkNZ#yY5e~OC4A`n3=o163O~3erYfiP1V;9ei!q3;a^c_H_3k+{)Bg&1L!8p5roys zas=tvp@~J*7e1J$J`HAR*Dzr@N@AUnbd*h=He>XSlye%~yeAdHv`FF{)#j(O- zxZ6rCmB!MO$}Ag08hnOwMbe=CaFQ&*B-OSj$&a$t>m3j!@vfM4qA`*&kV(&TPA4?; z$b!#eG0dBKaa$zFG}SyK@J#SftTv5nP$?@2P3x=2K#^_<-4seV3LJkB9v^N<8$WXM zud{mwC#GZj=BkU=w`)uJoH#vr?7F$bB7Z#4Zq+^A0eNtAEM%V>A6sq(C11y;%+9qM zG#}^%BT(PkGIv|Y&7`72Qb2J-3LxKynQoL8*C~R3=AxZTu_T8$UIL<4Gr9P;!Hj@}SXbH|#VxY^G4PlTLJy zr5hR}njnG2dA#B}QdCzaaj=6iOsrZ?VNk zDwVoyLniW4cW_@Ts&Br!TA%d{4iEb<{s?j{X%Ciw;_A(it0zh=c%$T*j?(P2j2I|L z%$sr1*vb2f_gNCM0W@J*m^gW^W5exv2$Lmag{_zb?$l*63i|FXDP=CdT*{;m>uiU^ zVVzDcp|l5NVIHv&LY3QEE5vY1z?j?G391k!UZidWRed1-OC?aM#ZJi?LX6A!8Kh;oQjR zG^X84m{4mT!1SIvuI?(vGZzC!QhQZXL>(QMzIeDkJ z@tdYZeLQi>{jusqwi$qH!W_0|YpqCW5*QpWj2?_lS5MTsm4(Sc|8#1hnXcG9vU$R; z$Z%#89tPPLRi<0MucIW$n~&6XNNDC6lk%_=)r?!vfK@|)1UNp&NQjfKkXwj8=&+sD zwQ`)b0HbX&nURxFN0ZqsC%a|AEa!#Hd@ea}GUd=eDY$?%UxiMUE>`wWq|H{lepZK+7ql-+OgDw;UmKyklU3v){0w^yIw@s+vqZBTEf;JS z99iKHj(^s1Vy#HDR$Nr<$<_+U!6K0rd=!a@OI#6LW>pEIOI1)&LLtt~o6QB~Fr3e^ z;NdXDzkS8PO4_L|M$2DSrDKm4w5_&QNrtsLp(K9h@nCu=MeUhs2^s+v=1b{`rCN1f z4!DP#p@EDd7G~-hPtdW`#UF6}h2CPd=!bV#q{l0hd5^=k)9f^R(;*Kc8I3)qnHgIo z8nO!B^nfaBe$4*_KAj5pwvH{F$NC77l7`}bR>6SdbL0_3X#-0iV}Y)L`QPsA6?cr8k{oda9pT=47tl>bN0 zflA=JJFy@+RDfhoE>O^j`9ZxDz?R8!1#f=t2~^W9Qkb=q0lkzZj*ED7dLRMmR}DrP zt^z|?bgrO8%d?`>q3bOrI#4Delg5o+nQ4E(feaMFD@tkJ_8cX{sfp{woS#Z1)f%kr)J{;2U<;Tl^YP#GV!8aDoiZ*+ElMM{S~X4FZ#7~onD19$s6nmsfkPuO5DLexX8dR+o@YWwR>^lQ|?a%KP`T0adDBI@elE> zjlY_C#mvTE@Dnqyz&QT^e%tqxpB9*R;N|F#{d3{BbtQCF@*zqv%u5}2lpHM)n!hle zLAhWda(0BBilfQ~QL@caDOn9Si54b`u@oS3S+YBhO!VT&cnOY_s(@s7!j+o21*@iF_I>zQ&tz51$s${c!D5Qsf(nxM-zTLr->-g6ThPF^I z&)3XKa6xjLvzZ0i2u&3WhyBChJ5K>Q07MO{oOUw>7@3w(U(v`f0K?y3E5U$b0OG1g zWSiln3G+7P3K@F&5jm_o9W{)cMC7!J+z4pF`&i`uKa5$?2)U-Qu4+k|V>Tsq4f~=v?8wyJELz4$p;-z2cUY zw%#CIXVjnnTfVq+<>;ZfI~jE9%XdBaP`lgOb@v^w-AOiz9w}BoM>YS$m_I*sqzT^A zi7`(}oa{}Qu;eo#eJPK9$|jcCn>MmToh-KkLhMBbgG?usVvHk8Fd^wioF7NV`RTfI z7<+hNbZGQwc|b0g2Zn|ksjkZwLsQJL4ho4*aa?(93@w-%Q>8#)(d(1F(1Iq*qs!wR z1B$iv!s~Tt;5;<2JZKGs7rY*GDZk*m+_X`Ss5)<2AW1dkwRr=Y!&5adSbVgj9TVEX)PB`TPm3}8Me>dg~jyH-r&X?qQ$TSb2qlH$>uJ1kHLhw%fu9i z&L(?wCOv;`v|cRuZx_!w67^y}aGm)30`mXb!wI`m7)@Pv0s$1{=HU!n*i-MeW{xiG zEX}h0_haE9_^b`^!WL2O|NV1Z9rJ+MqGSV7;%hW7P)+FA$zVbv2+UsZv3;gweqUrP!d`k$v6jImZ2LO5Yf06 z8JR3zV7J+{pt%E`A~?b6Gob27C&)S-a8kU$TsAI9X1hbs>jc9*Vn1r8BJFi}vN`zr}mv zl@R}ljaqgjN0@qE_?_m3-(vhb$=!dBvtYMk)zB{POn`?6<8j2xmb{5kM3JMGZW1%VWs2RB~i!W6}b1=qkuYf=xxc ztxd*15({$_0cc@D5w+v};(tDN@Qr-a9xY9l+*zCC%@j)ZTMoLFSRtUq06|BC9Bgze zUbA`DG1=t*bZ8Sz!d zN){go(8F1}K^=6)hNM$%(9t{%dgEWm$||^$S@L@>JNEP6vF@n%At@@C91+n>G+{o*6%dkG@nS!LHcni2O)&`}2)P9)PY62Ma(U^knDbaes?blvRP31(1Os%KH7SS^-rssg(#2zO7E1 zO_5gwsB}EU2gt*W9GvvgsE;RNYmwQr2{oz-5G^d%RP}r{>QCod&VzJi8eO~VmdH$S zvSKpsT-af>1S4j@Y2!+y;{Vj{8Yy`z%EotjKV1Gn(Wu{8yAsKO0rewnJO^SIE%I#h zCjKOJ=XK8b8Nm|VSAvc`hd8uN_zXVZiO-GvNpK>3>TK*oE((2)`y=dr6hN^1L+pOu z;$rtdeBnIsV{t!kSMUE0-OmRi+Wk~pr`}I)QTqF7_3yiL?0)2cB3Fw3{z3JA%rySK zIi=lyfc&WJ?+k zBvGx_4?Jr$5mo$e9?VyhK!$vCz-KjyTDlA})25mL5rpZCN&sx7O`*y+kSKz;(AFBZ z6ih3XYi}tZC57cmFy6z8I5kG()JbGi^$DzI-}wuL(VWM8^dNDJgg;bHhwaA?p0uah z``zDld{^)U60#?l`jE#Tr=ufWn@mQN{9PN5CL`VqOsV8}jeq0D9TX1MEsWf!NWrKg z`(v9&kQQr0rTteicZ~MJ$3c7RXMx3Lsq8DEJv@D9`}`S&Pm}kFeJ9!bj`}-4@BPm2 zslS6njzaG{7yr&5s=tHpM0?*+f9LzX-}(Jt;&(m;FCm`iGQYF+Jiq(H&F^T>1D%9$ zIXL8mI?-L}H#&t{oV;*ZR*#p}FnVYqg-QQqrfE1%mGP*lW?pX`nW0KPnN9&q%t1Dg zo!!Z$mSnk6ts0i111V58Z#@#QRVw)vAl5Q}9BX~1`v0NNUIb@VLbA=~I??s&rYSuD z0t|r6tVR^(D*w^(Q#;ZoF`{6u6W7$|>q-vphum;loW9|{ah)eU6!%tgQKLyZ{B7Rq zFDA^A+Zw8j@v(4yDmnF$O@Y=Ciu> zcsd^G0Lj~> zOQbwfK#EI?gkvQK#B?_9j%VHRAPSQgV?i07ZHrD9kIS*V?2d_^`E)83KrkR447^#A zT}X#{ijp2lMW$>f$|bm%cpN@q(Y+oSDc+}25hUzmFgcJ@x(wMKlmZDf(oUWJuJgMq zmnWC-h$07LemM~P+{iC}aTzi(xdXW*_0j2ffYf7tLMJ$DAQR{al~TAJzQPvwL6QsH z8k*}exn>G5xlqOZ3E>`m{sodK+#2>dzR31%81aT8_u@GOY?woo;pM=a0BE|Gs9XhZ z2j(ook?HH?hM@2aj?a;GOP_acqwtoE5+%Qt0LW8$MjqhTv zh}le}Gx1D3zQ|=EYP0!#HcNT-LNbX`|1xmeO4&>?F`rAP9Z}??A-z5xMPUqF@t85% z{@Ua{#Ug-el;SuX5L%fa3|A`c?2{jwivbo-zsb4@46tdkk~awXBbZhGy{Y+RZgwbI zIdpb+q#RewIdL%6UKx*%jUWMh-aY3%=&iUbPP^0BI5@uVJ$LW6INhchS703APP-4- zZk|4Tc$)Nm(sL#FU(=Age|?S{1oa?M2Z^fSia0VK4jntUf?9DF$%xlMJ%=Ao1qUnh zu=q(-Tk`k<0|pd`v^1EC+n>p|RG)Bl-k^D-1=@HIqG7Am7WYK4fm zm9fw!InAiLiH_v^-MKvuoj4xdIiKBo=U#g(5w(>kol|9dVq|q^svC&Q6R&b7!irg5 zbsmkH6?1jZa4dW6bVsyG^V8$6Ioc8o7SpFD{%0L!&a!*fC7**4Z#*(_A245L4wdR; zc4BXk&edW%Q&H2Irc|BD3i*Z4Xv`A4VTd-%j<3SyTN(<}bFgf}@i?!TlERu@c< zjuat|sSa$F)zKA^b@5ckHcCOrQ3^4k2!}BaR*ZvdfJnSVZc6GQp&c1E8M}tOr}76a zSNm!DoUq%70pZ93SvWr5nWUsCk^Y8Ae?ugFRV2n@qcbbF%Z3U}(459>GllcJd!B5O}4{4S40GMjui4lE9Z>P333eLNQMSKyQs z%qNd;R)od&E-&vMN5X9|;Bwdfn4ZScwzsa7jTx`rVj$d}6_8A;khh(K`P4QB_J+gz=*Ts1@g zaoNq8YK}5)fEh=6dY(Y5sQW{FXLQLf+|E*Zc?Y~kKMP0i;7WTp~EMiX$aGzjE zIuu1IlDNQHEYK0W2FDjW2f%*(RBPyGshG*kKx!bBT1|W8blQ{lSPV{!^QhXT2kDl8 z-9lPiv%C~+q|(kz?npAm57dsJ6qR!>i=4%2=3OUL2fs`4in ztSs;k9_#r>z(T);O8_bIIx9(6s~`TJMJv@3TUqX!0}*nU6ChPiC*a=$92W>MCnE5= zg@`K^LX{W#)va!VBP4^N`2<=f$D%?wVz#?n=s;pRBHLgm@ND&xM-hrT{!dn{YJzR? z0w|hVz-0@sTJ^~GGX6_E`JdI467mNzpJEm=f#T|jvGYgw-U5g@m)$PQ9$RN$*A~hR zWwJ$=#o@VecJDj)P2C7j^i;AOwAy0r5^vvlwl-T+A|uP~-5by0qo0E`cvRFc3Q6pB zvfdx|Su0L;eLcCjn{5CZz?rofH@4P(U@&08Lok*j6#wbq7A<$X06JBd0sJz3Y%PbnB7f z;lX&(_EF&lr2m@sAH3$VI}U~RNjp#7wa^?u`x&eqB-05y*xI4=856f-bM07UCYzw& z@;_i}=K#qbe9mN#A6G>h~0I9|j|sgrnpDrGB` zgh&WRc~G~gBE#@Nl0v!rA`JL|9MlII`a~KInS7NO<^ivv3(A%%7clGes^T@;Tv{oK^;Dwaaht(+h1X;c4}8VoIP*5wo2vnjCqVx`^r6n1 z-|@~lUkqG3t0b-6x4q>}6M}2vZO4winI9;Zr~byPC|)nsA#K|6yso19J2<28F)Rgo zpX~QlHU}SMbMRK~glfN={cH|Y`iyrNIn;UU>ix{eBCz|RSnwv{qgVrPWgZ3#90;oKl6>R5@JaRA zc_Y4~`5*?E4}yM!|AnrM&(+`f2)s3KB`t{jmKdXY|NDCPe?;X$&S`B7cP(o5qQ(Y6OF}|I2zil! zMhuJ1CSky1dyI{@c?`BC;I%OpV}oHlNYfqzZW|=T8ygE_8QI1lFe<%szlf}*Tf)rz z8L7J>v$l@-miyg%?z!jU>-6(~Lib?&{I9dQ;KK}~$JejP5#SzTY#dC2uP_(~Jx@U6 zu%?d#HX-3bBEiVJzk}|f&BpTA!G>dV;TvW5p#MCLgZ}fzIEaHh2gSTTHWwqtTyVxc zgb4IyYjzvo<6v`fYTsN4yeXjHgZ?|{9`xTa7zaTaXZN80Jl%u-^ZI%~hdN_D9K^Wy z)}+9T>A^kd7&narLQz@|Y#cCKRsA0H-$C~s@YfS{a``8Xn? zgntKH_*{?<5M4;rO9zUVP7oV?k15Qs9lY}QQmHJYOxpE2Y8Z!5(wKGjkpShED&era z6xZc1sW~0BcYv>=|DnFwz`YC*&M|YqAU})jq(%Gpp1*bV#BhD~H6PfLY7W_+IIFaek7sHzXD?KpDK*gSV%`&3Ij+4r zEg!EPyKNENxgOR3;B=D_=b-i&ejXH9sT(DH;Guzgj2G5_hUWLFfCRQD% zw{fb0K*s_gi#{4DL@*2-Kw!cm78anW2xm=!b!%!J)7hz1A`xf1T+VGaO_5X4Xp?v8 znz}^g1uNXpcGrtLh}(PZ&=Fm#xCZGLNfJ?I%LFWlHw7A^1(YID?}&gI}-Bpnhzd$N(O%$D7qs ziP-sc+7yX`{h=w^cuv8`NZSEln#0%`vIpxk`4fq zZ4{>~${J=cfli6KavL7Zccv5#o-BSUXq^h-VpJ5vza+xZwIU+lzRC0y}IXgitG> z{kT0S3--j|wC?&{QLjgGyCb0`!D1r#joeU{>qa7AKkMi5Hmd>ND>bENvIc*Zm9y_l zY~Q{1?)uG@`fMp6THdnuMyso-MMov!jN8K=tgbx&KZI0dSW%m3B8s@Zg&GOcT+6{m z9_A-#PcRGyTY$wpEqaU`b=gTX_%}@kBuzzzX{x126B?7&unib?hBvq}mNP^#8CZ`i z!*JMp3q6w$`VEsH0jN3yEgS-14%QEe*)%3cb3CZ5KYlP~%6n*t+{!_TEr zM@7=}PclS~UVfPpdb=56DiC9_!1dd5A5vG{*Sxn4Vl@b8gM~=^>LUERB2k(e;5RYA zjww~_76)UMel3+6(lXPh$HDM*3+;_x2$s?GOmT#YW7+e;Q~5j7u9)W-?{d5N!Wfw8 zPb$zI;Q44&N`%~sT{?Pn=C!B0XlrxD^ZeUADD}t(NpWEHc;%K87Li{-n8dgGrwT)D z733YO)1oBYO3KfK2n25Gg&$&bUPL}*l>4$KkCLSuB}+F%6Fx)}-k_Por*UPl9m3i$1~w0a!e(Rk1cK!#%M8 zZmKAb#pP5l77o{X{;oxqi%XeItiW;c7$j#&VFt5?31a7tUXqJ>Gqw&Zj=0u<(o9jT zJUCzU@@$=Dg(hRV_)gb!08163ycn+LQsv~#Pb@a(s=?!n!9Z3%7Dyk?4W)dh52O#( z<5MklvKE;ZE~+Pw&jEC-*Vbn8N~x1rzE$xw;)R#B>gS4!x!KcWJD&~|CyIrlzc5xT zm0?bSTYm?2Bp*Yq%{cc((t>BH=y79sk%wW37_Ngn4Ganfu1@DsjV7o@0CbIroHa^U zXG@r+EWOIm=cp5j1_mZVLcH@3{L0QK_yV}%cM*}dU{cqM$mF6h{7^Kp9zg^4?z(TH zPz0YL(B6cAa>P^FM9C8kIh|G%E$g{%mZ-rwuMho;j`(gR(?G0X--uI~L$yp8ekvc| z16zfJtJ_W%6Vo@%=O-)5T3?Q)Wz-#H3dla7?eVH$-T9xD>0+Q>XCH-Z=akFIQN@%evM#}4P}jQc;L38zenyB``sk&q12qgmrpy$WM>=UO%v3dKeNh#oPGDq@hq^`( zyIB=!<<{4{s)!0wJ0w1Ng-`$}an+ag-mb9W*S!egVO;{65Io&T8;YH(~Pi44>dFXvAvPjt4Ebn7tUq-Wpou`q93(_ zJX$<=?qqyX=R5IVGR5KFvY3p&fS63@J1NZn)nl@E6jQ$K&Z(KP;sCS%nT( zqhmX!4yK(9{a$qlW27<;*%#1t`H3^&CRoT!5W){4D$OI-CKwuBbs%SsX;%4=U+T7^ zsuQwnk}nW(+7#!b5AiohJI^(~DSdO8PfD-LIuyBB5v@aJtKIE!TimJ#)l`3kmH>D* z>Vvn5dYG?Z_xE}CWxQqC?89Vcv4?xKeI3}WQw;rLsTJ&bO05tm$=>6u$Z4_j6<4N1 zR3x*3&*RE|U5?BNOgOH34I^IYZS(Nrs&)$YH$~=}@%{CZ9I`4=I%p$UKdTWk(KG9X z!Y~{DE~nT@1AJ+sx*k8m1%q9;^+_raCIMeTBeh>u} z8>2^{3)-67^u7qwM@SyN<-W1GG5R<= ze)xu)a%V1_JyIWBuU=31VHm`}3KHY2=orIqg5bfpJz@^QIWPq95%N9!W~ov+G~DQRi;cllVPdeks5#id`T8n2_oQ}3JL%wm z2em~H&X;cL^kz|oB5P7%1m-l8KXS&7J7f^k?RkH-;Dv(FzBk8cE`Rjg-D+`0++j8A z5C<<_Hjb$==Fh)x{{A1#AH$fCl-$FZ=xkva6V8@V{cQ1Je)XRRmzB;IHvjwu{5;MU z0&jNbz6f3y?a?OoC^TgMukFwb=6ztAd|Uj(!tWv$uR?>hT1bbG5e}oH!%BfVXi0=_NhOl$l3Ezr zJ(dP44xfHF3^o&4Rj60t%HSLNJTtqBF{hwHVl$r_dY{+th@Wj<@<6t$4W8Hi}|2_%@F1b4;||EI8JKn_EK>G`i- zzfl7yWwo}kwFo*eJ>95|0dUFz@8$^kB*@T}L^~eywPZE)#@T%VP?>Z0< z-U@|mVeR?fzb*`9xuz}t8F0j!+$^8ge3K=aTb)EX%<5zq!^$E&FPs7o8(I(f2Nb>0 zfa3b>BOwJTJL9~o6r=u$oT#1bI5RGT05df7a=jR2Il(!F3?N@RYWI zlMtwqf4$q~B49XiHLR!_0B&_goX?_TSWZO-R#oS6kygm zKJ?Suoe?%CyMPNx`|B7IrsT`;R|dRqMzw?^GteqIXioDlGD~}@FeCx#>%`a*Y}bYR zykMOXmUHVD)62=p2^2M(qyy85h;CnKPgD6BS0O%~!bNQu0&^^SN@ee@eZ2sz zP0G23tesJt%!U`A1m>b|11x>Laq^G10e;?pA-So3%KwK)gT(`2$z4`qd-?!CV$`Yc zeC)dMcq$!i&4lOBF|Z`ZD-<5GErjW67kMa?)>Z{#8`#9c7^r;bK9_+m>Y*5!=BJfYiX0P z@5GBML`I{lHid6(q`-F*>S;dB^V{46w!;J`O-zJ~>vsF($a?rtqqUVv@DpQO0cSe9 z<#E<4TLSu*@GwnAj(5O2*yEx>5NelY@FFzJ-Sy7{Xx*nUOosPuq4bI>**;DwnHHr`Oh9KVL33kxSDt&C`OP|0~4F zm^<$4A8V63T9J&79v88a*n(lD@-&|`jr4U)9}p|{o*`HIdj^QYEe8P!Gfkxe+Hw3w zH%+vgP*AZ%U$7BCnQ2UL6GAQ8A6fh>B)9xyJ6Jz_vQpp$h?wgBn zBS4cum9T+mIOwIxs7mogeJYf&qE=u$xCqOqtg>h*;qo`~BPwXKM5aOJQq zC?)R+Mm*@{P=Q?$k%PAgytQA-rBf-lt(eIKgKp?dMoBEeCYnt!oXoZpI)(oTy=DIs zkV`lfmHY7E)1dai$kz|*5*WNoDq#3SIeT3^fe$~SzZhzvxgWq=qacBhU4`ZCiFgC@ zUjT|lHvSU7^|NDluC1U>uClVt&e;yr<-b~oQHpcF_@Nuxa>ga5)>`u0t*PqR+hX6Gx@lf@+c%=8 z_AG9f{cjdZ{AVXG{1o;$@lPKSM4)J(| zyGENDKynqESqoyI%9Qzp)HjgMGD(Y+X!F{!txF`*51YVp6#Hz$Rn3kssD!RUvHA04 z8F0NqmI2qRtSma^mz<8YLoAoF8G8m5XKr`2nMV29I@icxu(PRDqD1tJ;AX-pc|7G! zi^Fbril}I$)oBbiwmD6J{y$}WNE6K%dt=Pme&5IT+O@u{d274PhJJVCbtFX3H53Y6 zG}xp$I9@(>=d#UZEw(dpIgR!f|HZF_D!G`==3g7n#By!5HMA}#ezS9;oBWNb+c!G= zvZUF>p2cq7`3QQ~I4nJ9$l8+@LMNt^9WUQ6X(xe2B6rSz61be3`UpB4oY(H6CVK7_ z!G@}El=-6HnVCbTT=2L|eRN9{ZGwAH+Rmz7km6#RJqML)7|#tVC3#zhq)CWI1sH+< zq_p#JZ^^ebvo`Z{zMmWE_4v#@Z`=9){8z9Rd@np9{5)6+E<|$oXp;_)+iG#55SMeA zT`rrK=h;ocPM{=EK;=3*-1|_HZ#P*vw^{Id&^OmEpdw$d$;JHWX*h*C0x>OVG8{Bd zMokCvTF5-`;lV_qzQd$;ZABP0z`cs4tMY5}>-k@6{Nw!ZNc@{Sjh(N*@hl(R`NsP{ zndNn09Kj_Bc; zRvIO|!`;mm@7#i5 z)l9I~3>D+jD{g8mdr}?^<~J3nRwLzv_eQhH;tcyd0T+}#=PagdAySB;8K&R_u;7gb zr!ZP^{JQ6Uc`5oZv74BxEn<7Rx#5_47u%oXc z;5iE>2k1Mu%B9hdD#rzLknDEWG8rz$i?M1heM$vgW($gzn_isiGwucn$YXFy4YOwf;XtIl`8b+n$=AhqxO(=L0aHlJI)i&Np1IA~ovf&tKDc`KN8g1seiW8Bx0}fJqYYOfk46wnLXKAk zxopyEBVB7cgAr30@f8sX&pfjWPIcJBk^mEFsUDD`w_RN;+e10@ek&)WpX?qDxtt`7 zxP3|~jb#!=Ozy+^k!ntMDKRyCB<`HGK~QOBsxVpsvmlbJWawExh!5Yw{!+QSE^`rV zCp-juR>~ejiR&sfI`GOz`^7hg{ldD6Qas72@TgTz^?Fq`pR=wjN*=!vF(t$wx6p%{ zb_L5q67fYBB;S3?-EuEVa2Xr~1c3)1&!#@?nFgj^8VXfZDBRn#m8NoRSyDThP&(u> zN7i1`)f9+AN8?amz@$3umZ|YLmYB~e$(XUn){fhj4_Nk$F%5j zlx$VWVZhnN4n|;M7`FUP9~?PR~(igC?6Jw#bL8qW~L7< zd6infm9X~hb$hcl)B0%Z(U!SoZ`slOFquJLSomFx2ToE{x)PO-QCf(>&}<(x?y#6N z{TMC;i0xhLK^4{Tuwd@=hsE-j-h3hFPK|g+Zt?-J z^cJ*wWMWPoe(#4RXEc$T?PR1>HL@DK)jKf}AFsuMlb|sL97&Va{J=E-pcy(^o>VJy z2%B}fa`PPztq6iE)2&et-Sz1&ITLVz<9?AxP^I~&CVHpWuGj-u6OCd0doZ;}#mzaL`bJRl>E2Lca)>AWwQ@}|6c>kPNU4)VCu z>9h0poIfBW6P%+Tl)xMDdW4kS9_M*w2{MXUc?NBHzjy1Sh7Z>axPF=%pEP3b-L(mm z&FhIjy)F*bhOFYyLOB&UyhLs0|2E=Gw~q{;or{FJ-tOeu)TgJ`rnUGbV2rj*fY8O0i5K9Qkn@O zY4rCCa}({Ahxm!Yq05J)jko@_^uOMG_hWYk-}b6kMve;?ry@I7k=)~7@kcwEuaK=Z zqlfiJ1x~19)zpA6k8^);8IS**hQ7S3ZAPe(XqmwH;L2DPgiC6x=vIh$5=+U|8Vbr; z)v4M`#qKDNL)qbU*4Mq>#G%~qx>?1)flyOb)7{|k#t^Dh?W3}?mF3gUR%y%bbU0jg z=5;cs6GMWr7>o&dH@d*)V;CMf(wPIQ$31$iiLux#T~!9PPR!wFsFsawPd#T)w3*uN zZr5Y#B3lX;mc^=ct=aptwOp}(^IUd3)2e32S1aTGu-vL(B6_t+O5m{yzn7&vff>jqPAaf zHt$_ z=nXUuJw9{y&m|LTDV>m_K>~5~nob*hlstH8f2Ng(h@ILZAGgI`kyp|pZ?{DdG*}hT zIHQ;i@g4J&DWcP21hC~;c2%YLImyzk$uxcf+?XqjyMz~?*MQz2*NqQUA4MKGt}Nw> z>r+|^-yiA7J+T9Ue2>_z_EMvbr3l0bm;432MQ2lS7EZa*>TkW;?6;%k z0&50Hof9WkcmAU754ubOdSX->o{BP*jSm_r9zIaU$!a(S53qh8@ZdLT@*Yb#L@q;! z_*o3g$5(RAC9bmq&F#XcUA_!i2t=Qo?dLNZWsdT(4p z1$Wm3lxC+>sBS!Idr7m zULLOn`0sp&@9uTVLi~hrb6`D%feBP>wkTW|wA7HdLy$F9sMa6R z?o9%u*~-{gfJN2*x&hjsCKzfVH=sw3h><82My5#Zs{NJbt1hNmYRVf4Dc;m7vliPCGqeju@f|at_ypONv-ofu&WJcp1^FDH3@)EZTfJymX7ao2Xs_#chGfCv6yx}%R3Fc#iaJT)k3M7Ud}Yy( z;d1C@@XVO9R!q-ezCc~UW8fp61PB_OV0`R^lnw$1s+C7i5#cs8kvi(VHNR3CTkHB$ zp0nN=(Pde)N`D-#1^y=73P0e0N^^EDGut}TdiopfGp*UoTy}OroloujL2@>eoh4sH z&~vJYZ_B7ActGo=E2>$opmfoU#F@EN%HmW+XgkD6bLfsUtg>A7BCNz;9&gFneT#0Qm>ZPSre zragbJ6r@*+z9(AeYL%sK%7vicUKtv_V{)>7W21PcGjTqVJ~uY`9`#6}aD>K(=U5Fi z#;3sDqD5KP(g>Y1Xz7Zy4LM^$vWoyx25n)V(lXfpDh_9*CzdQdvLm3><*}melG_#AjFE^!m<< zFYcdcr6%g}a2ZeKj*N}8{Qn3Lfd7Cz+#L%$mS$dchwPklNZ!n7F;$es(a^~7P+$?y z_l%I?pAdeDlR5bl7KcB;xov)w`+@k}L^T^0Ba6Mz&f4H&Qe$iWb+KaDWg6z=u|Q06 zn7ZN-;g_h3Gk|w7nsf&h$DvtlfzR_l|KSv}S_MFXChmR& zQq7L8s>}Qh)W(gEx10EYe_DaVjlaBYt9r{9PZlo1aQ9tLh`ol3~C+%L@#L)xdpQ4Jr$4HVA z|F%Bf-)1A_w+HU@xzMm6L7V32>k}d=lC5XzpkB(NC zD6aXM;NqVbzJOO$saeo`&{(o*{Qc;*&Y4I#3D5sTn}%Dj3)Baltk|CWWZkbC#z#S) zFx5)*^!~`ZB0?l`yL`X= zF4-jC=Y6O5SG*?g?e_ca?}FmLc01^sY;vp+r)#z!LzPezqj4ts#F;10JcfQ?XY_ld z$n+(Kq)3Y-U<}Fc7}xu|l~vsOHKJ(WeoKUM1%r7RJVQ+j#KK5$+hwm^GsW&l73IO( ziDF*Jc0YzPoR_){wmclWx1r0nSuW;JUw<2q-j=*yA4`3G{2d$11lQHVv3MkWKB3== zDIShRqBvOgZU%}gBngGvVWKP8IzQ@`m}IeyzxJm7Sg&olZgf6j$fscMK8ba+gLM;u zDj)VPdVAP{pH3tKPym4sruZCzfXM;1DuZr@dRDApOr7rw48-9XNA@L&W3SuK2fLme z1||P%=wG*vb3CsJpX0xYdLk1S_&9ezVjlsO$!!19&gE%$e)EIg_X#`QI`$sVXM|7k z|BUaqa48K4Fn3-+#tS(^Z2is?kNF;J^Q2Gn78-h9v4R7e_=VTh`=YK~)j4QX?z{W-DENb{mX~`I`#M$H@-DF0@Jp!g#SZok)y@2Z z=G&uBGpffRcw$$C1xOt{O}#%@3ZaXTHJ1zbY$Yz4Dil%>;LAXOk6Q9&ynqA+uQy#R zWcq3{hURO6DnN2Cu*7;=!P#U{!2r}cC^tq7rf2r0W_TQJgsD;)(mwwJVV2d#^#6&> zZY`8hoDz%-pPX<<9g@ZG&JJaKwN{`cEv;QTEAh8Uf5hM8j#S6f<@NchSR*Iu7Slg=8O0aBMI0}pTQFV? zUND|Iu1uqei2?zS$CV-1AS$r~2Uo_w0g}z$6K{`-IKim-yw;RhcTf>Y)NG~at7|>1NpU(LO{%EX3Z1r90i;>kbe0p8>ag;10ueAG((AbUl%obMj`PgKt|I_JjN>7^vSA3|@>7jMn zx;rSg&BKt@$%YA_@Rz+{t*{)pxry)rd0^vp^v7;@5e8X}Wv9U$)tW$jd)< zqA=4+nHR*Fx!n2N?m6`Q7ft!``9v$NWBw7;#L?J9krDjQA4`$g#(p*y((zOwUY!o_cY zo5rd;9Yy~ZwDKi8uX6(ao{iUC+B6CiS0V~%vWmx}D3Q1*`Ru^#SCHRzIvr@g>f{`} z=!o$Oy8J}Idt8zN0f*1ocMEn0EgNJx^fjYXRCE9Y3+EtyzxxTqlB1(KYkgqVh@ln= zQE1J-#RB9rA8Z7d*Djru_~X)VS6cPaamDH=t^KAv(oEYeJCBnY`!Am2%<zsu44euA(=8GHJF|E5Mr{+%>$)YW7oHPdXHsDgzf4~@J&1kDG;w57 z7|`p9XE9z*?u^#5S$m@0?y#5yVTGi`k@9f!XsWA^7e|0ng*CW^0-YNMi60Mg)5FsvlN+b@0N(%OT+QaW1v#rKk4zL0Z- zCvKZjPo&<(Z}@ipJhwQOU0j}-iX?^nuS)1$K7Zpx)M^)Q>g~k5g{fwz@&gkOJ4nyw z6z+g6C6Pv6KfCa(c5X~dVDOF3p_l*ma{!954ER1{-Z=21ndr-4J{eMv4}X*P-6i1j51I5Mgdl z`iPx>ls>d|0_Zc=?Z7g3GnD!0^5;YDSfP`@eCN(POGn4l#-VajitzHK()iJ$kU!Bl z{}Znm;lK9$S3dl$>Dw;euAP1UE8qI?;QZ>cvk5y3+85u$BD@vjRfliotdNRpg@y+z z7gs2;3RSbGwOKc)U9ny~UZ{nYx>B#Na%ddGb0M@qv=w`WLet-qBx?^mR52D8YMHPM z;d`KwXl`q@iFKC0rmX~n8zHVBo}J#H$2gr)_)A7;zme5Vuf9M#(2-|K#o)MfFfG_- zIHafvG^Bl0eA4v!egyD~d?GY4qs1K58GF?kk+dT-we9A5VsxYvL!V<8zbe=~0Z*TA zh7X_EELG3na6FdP=9g-#4~#<=>bv7_Ua74fUdYB)HgBw!Hcs@yJCM;~>lQp^w{SO3 z?_bw^dQmV{ZP!Q?3c4UyS&{?U|EHNE9A2NW0a-!7vnR_0b(8o6SSc5^W!se7Xz>mJzG>V=@iYsFb`=GCypo7#{-r z&TgFN?3CY?w%G5U68!bqMsnd$akM$S8gpjOjjf(pSS*g#m(F!Ywpyk1a!s8bN=9na zxibG&?=SyC`m3m=!;M@G7T0WTZ5E?)6L1AAs;k>U?aG1 zG|8r8)4{OQA}l?${JQ4q(d|PgA6mY*bo|uWQKS-MM_zNwoy+KR@x75-UjMdr+GF~e zMQ0MuERN2kA@1#D4>2w)*n3tE8nYND7tSs^n*!XgXwCrTK3wzx?hbokT$xxf3_lYO z#+5PCaMi15sO<0&%3@O;A|tc0Lc}umFL=8vdgBm`Ymf8tB7iDMwg)jXbVPUsJ6cYY znZ@bF4mVaddX^eC4Qws*bM!Su5IP2cyhHrSU^w_2BE#iCr9GJ!t8>}>bd)bYxPD2< z-}>}h#Aqix7E;V$fhvm0$dKt-^DI?@L}VW1xNQYSSi#>_>_nD`qm{q3a_5Atut zo#AA@`20ic--ovk-4QygI_$j>N8x>ey?;NxzRK>m%kGc)9hkc;cgtl?0o!04p1g-> zfnGT*ub{D0FzDrw1Yb#V!DNyPhw(8N6xBo$>Y(AUMGguM(e7HZFs{iAIqx_VbUyiw-ShK$OouLexFBTVWSj$cQiCIw<|RqOFtBvy$1g zf)IvSkv=fzhP9j!NDe5VX5o%Gg27d+RuK|}vfVDrrc@6c-%!s~il|FmASjF3C|cb( z?68Z#duiI~BL$Iko(!D!J-2-y$6}wYG}spCYXetDXIrQyBK3Mqc`z)n_y2NoE;e~~ z-haezyjY4RGFuP_3GfNL$d45QM;&KxXuRU|oOtAj^Xv`voAGLu50A|{`P=P7b1Ms@ zbIzT2;ngawb4X7K=h-?sq_1M&u5ZBzzdGr+n|trtrK^|LbhknGRLN1`xi{cG$u`B2 z#fpYnFiW8^%vPv{ISol5fc@bV zmwbVM2jU`L4|U;UuJs^dB`Av071x>NeX|xI1(77u)W~1M97*QZZnK|dd(RYe=hk%|hGQ|AFI$O7VBQ=3GAkc#zzC zmoJ@MSzbALY55`6KWt*>Pbpkr_h+mPFM6D=La=6Kp!S4yvP$a&9alv2IWG?dRCEbj z;dpS~cusVv!}ZxdYEWE-j%Mm_85?lwn8w{s>kN0*Q<^*mDM| zL8fug#}{zMD0*myYy;sK8*C)hSXKV!*!bpTbTabpW22&9)Rw-K>!iKaoaCKyO8h;? z9y<2j_UXm4%__X?>%!^_srFQ|UN`^HWD=^ht|{jI0slibCK>JxT6%9pf)t4bSr(WU z1I7j?3dVtzxYD?2WjHM>Gzh9QnR2A|jR7qL{pnNJJ^kL|zJ3WDcwTariJHk$!&n0J z#6PT_xT{|{o_WvOm_O@(&BdLk3P;A(NPVW@Ogg5$g=eNuPbLxlUigN*vNNTaU17_b-Cb2q)bzVTB>lbuq`Qjlh<)gy;0u78mDbFz||Y{sIF zMcMb$cdxwrjzy=}XVyFsb@D_Lb3}6;L+sQ99-V~W_pBDHi8%ag^zaqN_^Gg$I6~l$=a|B}3do77?Ob{73K|hzE@k^vBhEI$UkV-#-FH)pHKf-(wd<(tT z#)v&s=-EHYJ&N1nEKS5)ZGb#BGlG1p1q~J<=|5D021E)2X#x;o!3s9BZN$zgR2dMp zY7ji^t|XXv(EIiU4SW7YcX%LEJRn_r%rwxb88S0DET{}#^^7k-rWlb;VPv5q=VLx} zKp*W@>D4#nViw)6^KyYM@0?lF6^n;|Vx{TH9jcdKdFv}rv^}{={?E&cH=I9LTBVpIehyg^b6bvg-Ucw{J;&o@?nvg<3B^4|BZ9qKt{OQ6X7qbrM*`hZqf#A5^&U@{n{W~-5|KAL0)i!$mb2_=+jzurOBtIQAl z`%Wp;^$d z3wKMNLbW(qmaPG3zG?h_i&Q7F)3={$-*j~HzUlEB=gT(q`Zfv6*b|miYbqxNUOT#; zoamP4PL%v=T!Mc`9P{t;PoeH3jFB7W-hUa!j&0!~+HWWagoYu;FHLD76!Zce(JOm_ zf}l16L_S9U#Pw;d35E6*Q*E8&vg_8-NMRTyno%Zhi9>$G6xkT|77B?bNZ!YWlgxm_Pe0-acVZtSqDc!2;7hz)6gX2e#g9{8PysI|e zE2^EWwDV=vT}{VFO5w)P)?$1pCudZ&i;mm)i=9!gqnU2c06ISZ(z zbZkjRbVvRx!ywzm69os&e9+?A^%omIWyg{cWWL>le#z)H|`LNUK2_}Mx zunnPIkCaizuxSbrwof-PcHhH3P2(*2L#jvB)dEn6%1#P)#rUzp)L9Hej-4xnX{uOX ztJxOzYnJwKipDxcW1S+l8S1Xd*}&UCn%Z9kN;r6-)xdI}v`)1QK2eCTI~?uCItnF% zLxu8YJQA^GHYKOY#BJJ0iG<4d$luq!PHf}rPu{_XhHJ5V^x{Mqv^P;2CKGud1AcCZ zH>a}zp@#~$-D3^rCQcpdACFF)T~L~S!I7Dnu50B0dY@LOih-Q)YKIAhcyE7aYUAvg zBaIvS!?)cq?h@l#H~;*9*UsKjx4A3xYo!*Y)R_&$Sn^+i4Fu2#9Qb+kli$Xa3XO- zvIoec*Gmqqr)OuAM{Miia57msc8oIbO;DEB(av5R!xGn2N$!u0mAI`HKAzg>FD@nz z_qfrmNxrs~cP5e!7t|HVR#JP?-83f-V;IZo*)zV!QItai4>*|&=&n->bFf#;e}={$ z+DtfjSrplU-PH9Izov};f-#p-q#nyT0eLNugC{Z5PE@JnV;%`F&c zRTj;{aC^4hcEk(qj3+3%kr2z)V=mqvK+g)QmrWI9n@JdJYN%K5kNLb-Wd1&osE?0# ze8F5?;wJ?mTpmq%ioQSp^XBo1j7gXh`0?W#@nAmT=cjo-TQViOcK8t zHf09=ME?mkrN!M#*=4qD32mkmAJ>7f+0&1Zm1W7)niHs@yRuDqdOQCa|d6bOni0I0Q ztWc!)NZ~}WK9%=5Lb*sfu8f~MTsf*{JV!?lFAjIMd^dJyTBDw9PWAGiak~9rSV{#o zVVBBkbgYqZd3u(>P%f^{)sm5v+3K)jJu{7O{tDJJG`_ZIOpB2_>k#==oP$Yp?)Y@2!Y zdLubIGZwla&mZYW!<}ZybyIw!HO620RA^|ZB`Xt$MgsE0d_UX2x9~KZf6EKs6YO{< zh5JKoSfZ$sDZql;K#(NW<-6&no6Z#%9my_oXAFf1LM7#4)E z3JrWGuDYdVNwP8>NEk1pN43nYa{*pNURjPf!XX*$Fi!;o=-92hH$N7u92{;g9uE;mAyfkLXxgR@7k18ER6>rp4{jre?$cbxoz0rePz9yp zI3T)ImO+1YH-(&E$YEBgo2TImSKkt5J~0i$KCl;vm)@ZhNiQSgrD9+(M96wQny7@1 zd(?a>up$Os<7ZMQto~rgbsQ5R+5Bm>6kZ2A*v4<1{>ahp-S^x*()!@(^AEK~@UmMx zwY61=4NuHfDzjrF`o19io7Rw%dnK?ifp_o@$F`FLj{u)?n*eozV7zUy2EjG9xG=YZ z>6G0orbIzxkrHRNIH+=Nm!{8Zo(2z1OCR71$$;)cF@WS@b*Zm7(I)s0tPMRnwD#(? z`lI#r#~#CK{}kKDtcL+Rr`Fhe)~AH|?&wp3eU82@=#fU}7@SArTzi54D&8Xi#rqVV z%gMg~IK3b6^YL|Pp23Hm0mdf5rx1b8RJrd_O*)gXsgV7|2FYVDXl<+)m7Iw*%T2{- zi^V8+7bC>lkpIV9Cg>RrW6i(=V^ZbJGs9Orw9X*zh3gfH4{*Jz_3^_tDvGvI#37J^ zPFAgk6}tkYP7c{aj?gxQKoteiJ#|~FD@tiSQB%cDXO`otn=*<+6-dbIT0?p!N5{Z* z_RpXy0HQX7Qp0^XkG|>jk9l(OfOmJ1Q)QGO9EgSvs7)`GQuus+qA05s%WAhYn(?S} zXD5nFrP2sq&Yn3W(HC>&dA=~YoU6}^eAM&*iJ7)m82O3S=7&DC`?6P@T*}o@zr*GZ zbCYB?`!us-$6mOP|0dR8nfoy7!=PQDR0C*b^pOHE^q|8BGFd_ivmvx7^v|L*luql* zr1R)jy&a1Ni6)e;0w&$oVN#CjT`Li&-rKn>dPB#YqL>aK7K2+sI4CRi{Q`nlwqT*Z zpm#b4(PNOYCv^JS88Ys zi)#zmNRe3cSlZ{XDVeH6fuF84lxMyocjG2+e17==9|H>%tHn~Xcx&P@l0*Kc2|iqW*{D@+$% zP8_!XVYF(qJh9Vym;^w4g_*`%_2*DY{|ob7<^Djsvsi*qU@;7d!J-d(c*S%8GHJyY z&3&qu3i3dk^9vdj;Mn;oppw@uCEcu09k6wh9nZvJ5Fu zage%6u7{jV_Mw2Z#hbj&v?t~gT$N=ssLD!FJ8!WpEcG0MG;6jB?oxCt?5#%^O7i0J z!`islRce3y_qFkq0;xr;g}*K>x9wImq>8H^`KBBA49+_Bh5OhTwzyAyyvAB_x(?J_jA3MF-o6nexc%|!iw)s5gZa|KxVMuIjHIaUj-;p#MsnWRR9Uy( z;tj>6A32=H)_S)H4v*h87*b$oHv`uoJ4BqUcWAB{i_c@kS|G53KuKJgcg^0zW1^Hi zVfQQ_R>v+(tXr)aE~NPVqc}AQ^C} zndBiM8RTQX;B5wv9Lr6esMk-W&z+V&;tiHPC08~vy;SGZChO!}d!ZHpNb$3a-!z+l zRWOf?qC>C=Eup_FP#yET!g=}bMsWSloByIxF3P*GmPsB@;7nrogb4Kbp_+WqF#}F(hHr9wSW;AWssI$SZ3q9C$MiRa0N?9T(~BpEC!2Y`yt@wm zW zXHg-yk2z8*sp~X@MRe8@Jwzf%1CnO0IPZGSFq(})0HV|_Mv_TKg==1dS z1jpgZG*j7od^@gBX{bVk_5p=iR6OrySsgb4?D=&^6NAfHYZ#}N9T^1+4rZdWpl`Ib zS=@{{(-vDDk|i9Va76BEhV|jD^P2On$K`EQhx_6Rdzqmc3j=@m&J8Hx`NCW>DOxvWF6;}Z!&=xZhIy~g(@3QdM__HSV04DXXK;L}_=19TN^Ko1 za?xW37PJ9Y8@ND}!vR7JA~>sH)yrE9L0Q-!gKdaFeh>cX@;`5}tIbmO?AoO{@0@Q# zevj|npMkegZXtj(Mj?Q65tEUG+HkuAt+ z3Dq*)0p!T>*vnK^gAda`YJd~4_xL7fYGra3q~Jg1Z6Bwfh)7y zxIV`seH)>{rZAM4O+K7ZD<%SlO;piB#Vq-9FuHCjg*IfF6|-zQfRv>+DTWvrIgI5? z6|(&30v26Ykk53Fb;9LiuU*a^il%&xQvWAof9v~Ov_{N~6l9=ZR-6BrE8fy_Gk0u2 zadlC&FV4(60#2n6_fju0B*l!e`3{STH`w~4UWC6R{4!$RmEHGWqxHz6L=@}wO;6H# z6!-{Q-IH!O`pEL%Vc);XY^Mch;CJ93c2!fZS}lv6A-flL+NxlMOlV3P~RoGDzMx1w`3A^MDK1EvAX zr!%JopTw1=hH<@0fCqh^X(7`mSWXi!n16@s=V_J+CVT|p(+a6>(JV3C5VjuIr?gc} zr#GZ{6g~@B8L_!X38FZ~M26+|9g<~Kqz^!H35M5I6u zCBH)r?|H{K4zI1%Igs;Xeh~{Y3^9v6*nf9&Sjp4AX&Ic9-N62N;Xhc7`*)|Kbw}sO ztB=&~XgK#x1%KuD9fK+O+!y&PpZw&`&HG0m_8hy4?0K5|Me36KoVE_9VLxP=1!R_T zI&9W-+G^c~MiPX#P*n?sBs3Y~xeTGG!C)$}>2dHIz}>9qWbN~$J(|ZXdU%V~lO7;# zu;RM?MvV$e3D~*FtoT83A;Wjvh2Q9a>`?sB?J|XrJ-fZHo!{|GbDlYALw>h+&sbAC zKW53Vwa&Y({9r$T(Lp1MZ1Xd^ZH5(rZRTNKnElcFaZ;aKVDofdKFhvN?L6u0MqdKL z?t#(qI(Cnrx3Hd}SlcIo*_mLEOsMsFm$qSR!L(S(^|DfO&q_YJm36K|)ViHcq2e=@ zO7q-0IC8E+x&h+Yw#yv^p^kI$qN`rOQJ>;GZZ45dgT<(9nn96+QGb#oy9`|5dSnO^ zPVC^kmO*6!?9&AxLYex5z>t9qkr=0r4Dg}+(VS8o&JaAbKBB`zg~@^6FBH zn`pdEC46%=KtWERPgs`n+iYK7!e;1d>I6u-cg_v@aZO z#agrXM=P1QOX^I{r{q#9kRR8vWI9Lx7xl|9&ds;!K1YQ0$kxwIA;7R^l*_Yq`dy&~ z?h~!kw`wQQ8Ie{eWlODTDx$TP2*2E0q&%NW?OUHNx5;#HjdG^_tCaa2#`=8nF@1$n zYHrV2BfNd@t>G0@gRQ`iw?O}tf0cLVeZ_x&g$l2qe*Tj`-V(*Q5bih5#-&L}FU4XT zSfB&!HWsChi!lTQ+in-KF6hSSswZPZ=4NxdQ4cm6b(5*l@YVTx3tZy{XKFS$bG?qO zYul_i0q*)Y^TZAW+{+>oNg| zt-Ad|NV)qVS>pG*bBgDb6qM2%VG0ujQ3^}pfZvmeY`H0M$I^CG9gFlj^66AktTSm3 zXhs>w3OPw^OYb8pF?0&{kCayoN-dQW^0WDwX3QYe-h144!oTMKW#6x);~OW2M~5as zslCsW87=9QTK?a9M~?K~yz^<0YV+SGMlH0}fmNBHe?>j$KYy7^!2`j=Qq2`}TF7V- zHbtK>imX|KM+(s&Aux-@>@Zlk4r2J-s;sA>YmH`airkPJjqRKe%n1T?hfC`~M-e)0 zJ6%C15Sw~+OOYcHZzI2z%Q)?Vb<5@D9Zo%L$1%(>WvnHPAs7mJCgC~{We}n=|6~wM zF|hzTiwOp?9>BDq+os1`G>E7*Pa-+wJb(1ol$HpWl9JgRix16(>hq2KeBvFgW;QBE zi=y&R>bRU#Oy-^2`Okv(?R~qsdC&^?@ z(t+Bd0VKc#FP_!F@!+T9!cUciE~X6#pp?zSe&CdK z0wS#J5mJmKuuRL~2S)Rd0Gx?5dhY3JDLy)`W+IS_9D-70P!|H!SvFs7Kh`Em4U!F@ z1-Os!wdeEk2fC$^>L2sXi2%~2@ic*mvrC^dN(%V9kFZ{8o1=a7N^8z-)-q!a73h{P zRn8UT9=E6Ys5{~`n_HFSNKJK#K6|RH7D*W}f9@yFFE<9)!`TT4;@jnjY}3Yi(>pJC z97-c}cq-YMFPH^r^{^rL&aD@H0#6iP@L;*~jy)m=uIikK`}7g;FctEGDDHR=ibAI6UcKAP(gzZ_+8a zHdlsUbACqu_$5*F_&ouqQ?b`am15@s`ZyeSdb|=8tDP8Yp1ThQmGft~OE6#t%ND+?9_?)kO2=TWSW2zQcnp`OyJh^HgS=oxV?)c#`J3A^2V!W6Z` z4J4&fc?)nNxIwT;@CtxUuzP2d#>#E!lrxkJnGzoAXc;S#{8E}I)2|^GI|)%9(e`$C zBvnrMGTyiwG6TLxZ~T`x)LwSsbe<0a{ql(7lp_`0`A@LRCG-$2nR2+#0{6$df)%U= zVWpbQ-=YRxYDW8L% z#P6?zDn>*{00j^tY;-acMLiBY2EEjiMM6(L!3v@i`%l-IM+Jlc+<(?=|JEY8QXGlwSHLqqm!GTzhC7&kG|?lzG2E^i>$ z151j8USKm%pw$d`=Z%zYN1BCPYQC3k)s?a z8#rC17oYxeu8jsWRz2iFX|_5V&?6q3l6EeQw&bxO@aLJ6G>p8}qXZIF_oTdfU5b1+ z1`4D+{-|a4j%3L@KIBmRIRPiC&#OrGTq4*ZY76Y_51`9OIwM6WxI5ECy8xR5+zVrg zGSU;yFkD${SX}p*+$}86Br1@~aHw+RP~`*p{K^4`s-&OXz)&2kVyj zuP)5ZEu21Bx+EYM^j-cc|4$6l{~tQ55c?Sr5Tmi+$|$$EvNMK#9&44ohk?Rj&Ptc* zP#>J`S2T!ka4RXKz|g|Omk-H)DI#GRJAFZ<|9noj+vjr@WY>n*@6BhoAOlZ4QK7|Y z97<-rNEk-qyZNyu8^$xb8vc*%pz5B1?iK9jPz^8jK>iHMEsYb~MM|KZ$ZqyMeeat0 zjh;7#q~>egDV9i!orzdXM&88u#i8V(H4>iT`sS4bG`go3UhiGINs)iTL zb)_NF=4oW?5T~`JASIiy;eSsSZcxb;R@`nyS)l}p*W>jR6Ua)$<6*1aZbRN4m?jP? zCAfqFK*nTYc_Zvm#4q$e)Z@r+-^DHU3?iCFG!cbMvDzU0XC(<+90)A8 zOs6wc?+ER02>eg3y?kjd2c}THKX&5X?ozF4Q7X=!b?hV5ThGvAVK+TjJ)( ztL=X$TridM7Rs}HVw$|hGbg~U!7AX{-ozJZZ$82n69!RR0Q{2@?a4&knSh)){tsjk{L~c5U#a;0+t9bCKUIIg znm{5Y9#^899?|Laz^9iy&Ps6;Ws}C}0iR&wrgMUHK+T{4?IvKa8$PbOiw5hPR3An# zKS1cD28E^&3hDNSk_ zYNR%)u02@0F?kM!r^2ra7refmpA@{OQYW)79}ni^l4!#16X$VT_&V(RtOnX}54Ec> zvDV$HVNP_oY#gL*tbK^oaWjvDNlkv-XZHuahL#OXIQE1tv+`4yz8yc-*wb0L`wyAW z3iC}a;NP?g3#ic_)nYonhV-Uo8`6d-owJJOQ~Yi|^Kr_H?A9U=M040bqXzh2j329i z_T2jI{FS>d@4Ob!9{c?<{QgDQY>7LswQz_~`y(_!B2oGOpS3rEldP)l$KQLk@B6-Q zU0YXIbyx3ebW%^a!``)Yf&OP_sbIxs7%V83GBGwjJ}OE6-rn+B1FRiSr5Z9`#|E=!qWRFB&Hfk;OO_*GMX!)DDA&E*RZ0)HrU(_HwD1Wp- znQeJc7i)Q*RvawnII>R<$1~)s*IZCZ^tYyoo=&n{0v4OhnUFNWpnV~eDMq{u^1m#i zngcqWzsKtW0DasaUS#AjYy=2q82Yp@xRYG%LRc4)wF?rkTE#}F$WaWGP9PL(s&1cC zx1h8;`h+`d^BFw0;e&(GdL!L%F0R}uPk8>L;v7m=rpmtT?l*o!r|eXe!TlH1cJ2az z*54~vEPm2pOAqfZP2O<%9MfZFPw*+;roA+CZY6PfBb0nnsasPpMaG?hXsRxA#*YABDkSS}J=OG{ELbvTaFf>!66 z22cHK)1^CZWrR0`DtRC)1$pG!zNOUEd6Vw2$zyevrYphXpnt&Gzj~z{@%(kdIV8u| zcQr3x9YPI2U14&$*f(i3d{aI%e?8JQfoTN)0AU){rDt0=AcsGdG$zevOFSOKy4qK- zFZb3kXKJ-x)L-3eO88BQgvnHO!uPUVE%~dZYPFYgu5%@Su9VC5_V$;M>$8k1#MoR> z`8AO#0Df_1b4n={HyeCDtlCN>tY9_n!`w8Pd#j6e6`6r!;>bKpi*uxde?-|UT4K72 zS{~-9iRx7_J2FG5pBQCKYwd)giYx*ut7v{WgZ-uesi6>Y+I%8x4w|?cH;yli8ud0= zHo2UOyZ=|fB!ARU8{J>59ax&rwEzBpgG{R3x(A>U#EZxydYeLdM9b1sr;up*vsM&_ ziAkDrlN=H=ZYK6jQK$`}PO?b}AHLfv(CmrEBxM&i0&hb%0eUe{{rboD<`DI#j645WqBqAlUKu!umlP5P1)TQ4neF&}%q#*_6f3gQ1 z1N-vD^#7N{A+tz93QXw@U%$n=H1umH4T*fCBD7PiVKMC63EOH(`VXp&Cm^imNjhMJ zW}sei@)tgw;l*r{dLSNf##-6!S&9z_b?5fw!dnafB+4 zydI7b;mLM@4X-L}hhiLK}(9>W(GUF)T!Pi-ABzirUfPR^dob z&#;VvIJy`Tj)Gq{5QN2Z&T%mO68dZFC0n|Q`oiQ5qb){9!zhIPn^sPfEUV-Xm_UBN z3*`4&%lotE%p%*8ZszS>96kr}9cSm2?cSPv78afKM2PQd*eT99RjQc))u74 zz~Hv*r{D&E06>7t0YKyhfN7#P*_Kgf$nJsbAP_YJZ2-VNY937_=&>t0kB5*3z?29L z4EPtrTbB)9GQu-5c5K>41VwbovsY)}Kr`jm7_ES$9tyefOJ zzH8;qmDxkLj$M}DwY0C6-jk^V!sRu8SZ_Z8lhuFidB;r8;^LlC>82IN1Db(ccR|O9 z!mE4?%00}c2vwz=peW$%Ls0^tStkG*LZGpGydirCK^`H$7rQX86c1Uj;aVq?9!!^# zMK)VvUde>a7Pw8|g9WCJ6g@1GrU*lTMYZB93S*w6xz8s7pP2z7ruTYCDv)_cG1a+rn`I$ zpkOlg@shG1;~oVL;86rOFZ)9fQ4m_Fh3eAl_ZpmjgVSj+Al(dTJfSE8=A+TL-Go=i zu7y%D@b#VMY7I!Q;uqHtD6rKcWdKGwBEXyd|m0|>vhy4KwR#CZn-v1DvL z8UWr?z?!tA(s&P(IgS78-0o=BfCNgN-jCYJx(v`l-~dmjlahSI7_b^qFV<+(0SI0J z{C(%$u^y9s4DZjcuD!Wnd)O`Nz(<4eg3TAgn9XKfGnMD*1ooVjTbcW2t+|Q;uSF(9 z;lW0a^%c(Hsd29>la58n+>S14PDZl4hDT*7a%9?k#NB8 zfG1nk94Ro~nF_lW1Kx<;;Kl!uQA(;K;GB|d$f36;Hh{WFIw6>VHtSoVjMVTOa^U*hrO~;CUCF>e ze--(*hld8`tH`AHs^;rTiK&UXbO4jVYG4d_tTvc5A^%l3lN!z8M~xSq-2tFpn;q;AKt?j&@t9*1MLPsA`j$uz zGE}hOJ8P81eBK;m-SCLAI(Fm1;-2(+Vn=b;>O0PNe`@x&yuWFwN-0@w#n!5 zf>|=0Mmi7dfXM81bZSw#&6Y(NTT@O2*%Y_qZ= zZ}9XMqibi+2K+4Ah~d?ES#HYzDX{k{^WU34_@0&N?-6F&4?ZHN1=0^*1!FXfwbz6( za!I$ecHte?#j`6i)*UBSoOPFkxrT1p)1CK+#fFNq8%>AB@*-iCg#%5N4kK5WRcLi- z5e5yKU|Uw0U-k|KeuGUhE1xW3IjsylG(hRQ5B05J2~{(A1&-%c7zc-RRcqQ{cj)z? zw4(DXKxKvLPUiyHp4HTap+HUL1+y+p(BvdO$je zRT1+AvmYkR4xxR@RqoYytSo$W;ozMs(_fiUuGsnVKWb!_A+AAZSeKM>(3zhV1x_4z z*7fdZHA0f1X0Mu5YIZ6|9LU!=EFP6sdHC5(W~*LZ%J^AD9`vU5Q=7`?c-9U{m2ubM z3s?H@=X~h<`{Xmz?bmBL(Rj`T$7d7v=;;=KeaLu71HH_+j6pa2F9G&71SoG3;8)ML ztP~i)xYsD*z#BLmc>{+dN>S4W&Xma-joIv8O^NeC-O)z?yP1b-r@)dT za|d`etAan#tPrfkLGWG1UJjw|?6Jk*2v-dMg^;G%K=Cdj|ECB50L{v%I|X>krMtdA z<_iQ%DQ|Y}!WnmAsv0)Cf=;8;yjP&O{y^`{Pd9e`{u}0X^SZI~uAPZzeI`X|f0f47 z3;Wnhh#4A^{`s?Iisr{|RP1YcTS{m|2nXU60UXbKhN2?zfy1G3WGpcp*^|xRu>t1q zFreZ1d~2TQ2NTO+ATT(%KBV}Eh7@HepC1~s^{yroBVEBm!_EFRXoar9A!~6hYYZrg zWqbS(0u4GKC!HxN?28m~+D%6%v3VCIe_0?AD65uwzz$dJYRQIc0&2f?ODs_cFybZy zGAnDt(cuHbC?;sPSBBFLlf!3s1qb$@9Z(b~`%H%U#m4K-n>5bo2KOA!hT?96^$gau zT^p|ew*7VN)Bag2RNzP;z(K(PBs@K2e~l1v zO$Co!TtiJE+oet}~#nzs1gl)Ew-K)h~yl3|n7^fY`yZ<3_OJG zrS>7_NEi<&*ods_IUG4E2_HBW4o9{W;rJw{j3&9@G7<;bDo?OqbR9BmIB1D8Z^WQ! z;d#%K@Bsn>#slN>e5-=)ieYsq78|v$7Fw-ByG-Q0a3sqX>geKd2mVyy2v+|xUwGdoSS^OyVK z7>VSU=NcxY?;GU_*_o)N&1 z1+kt;`V(+=B@&JTFbO$Cm}0n!dE}Z%1#H6#QlSSq@A-n2GOitmkxUXxChc~gFBilj6>k_E#-32* zRM1CV?)I6%c-7Hg4;290FwyZ z=Y~~;BLsp$HqQXqMF!YY$nB;;bhP7pP{LHAKyijJ0!fG$F#ejy0fj0ABhZfOIF%?b zHZe<7b=`DlHIOnKl8taM$HsJ8Ps^HZ`OjJU{kJvfE@7_&fd^q!4)^(zX5_$2#JWPYa$p1^5%yar6G$^e(r?(IKN6FzaUKX-WOz5o zbCTW#|7|)bFfD2Axm63{tA^-ZwvGwC;+>^yofmr(2;|!w8BhPjZ2AJ{TT37L$kfqC zuG$=(f!DnH;_8&};ULEPJY^qbOGx@a>u4}!57>PUztik;ApALi{gXYQbNkV{?C`^= z0W+tbhD=BwgWjXS=wo)7mvNHLt;PSh`#;^pU@dv>w%^C3e23zQYhnC<6AXK*3prCDUb(guZ%_EFU{IQ#;&q zym_5GKX&WP4?fbmvDMy?m*mX%M&B^H^gf{4H%l zRUH=*wU5p}epn?DFUN!%*z}J+!I$m&#d5%XAz=W{h zYC?3=1OT;=W28Ce1QS&aKpzHLFy2&r!|PJqvT3?Se;Li~ac(rV&<`3j~-0ujt=BuCGE2)23XgDb9FC&_tA;rYXQ z%!v*V9I07qt|n_7n>)MBa$;e3m)WRGxnRw!1GEIRDc-|@L^}3lRH~+UHt)<$79FGqq5C$I)neTO9Iaaov&5GEpoX~PsImar4f zoduOPP_=z;5Q)Nb9HbyC3A7NziFKES(n#VH0mj0m0p6f$5ZKGIJ04U)J%~^) zIv0!9>|7ASQH{pu;`5_gMTlg@eAOEjvyN**=#BEV*P0fGxhjM#T?V>XAVZ?kms?kb zMnQs50~863f+9h-sst&RAxPkfL7FtEw&3*|jmHc=1f}_X2E>9y>=q|1ifYCX5MJzY zg5Qcn{g5}281kO|a)ja-^rkg94DI+a=;mO#E(-DFQRPcFeL7%Vyh?6TNQ-CFNK~y7 zNLPqRM0}!As1FsyzMrv2dVJG?Mw+3zY`tOsls_|+u`pIwqiQ&GNM~laF0*cRMe!9U zssz}@_A&Vf;F&1m@qjZ4EgkuHY&OLz5eM2)G^$DrEO#-$G?Q>J7*L;A35CrLE>tP} z8nj==%XMB%7{yemaC!xik3dOK7*^p1=H#g6((cz;Bpch!>7UuKJ8uD7qrRD{}1xOnXtlYh7-CtdJ8LeB>Hc}&Cb4Det%Ej;BU&% zW}p58f8^M|>(^##;_2UJo^HZ!hHA^xf~N^6n|XSKc$%dO77QE_7YrjkHMIO->KX<7 zrpZW|E>WB?^Dsz`Biqc_T8Zyut>hsH1y@m=(ia~imYy3luU6vmQf4+~SR1Si=JSJt zj>)5Snf!9Z)e&NA5c(WL@Psx56aq|w<}BmoIXGM!jo*yNog;<#{^aQJZ^+~pul_C9 zJJ-j44K|0ZjB1Q`)o2zqEx9J_-$3$H{k=YkYr=Z^sOGr9Iwx#sxumJ^5|b95woFkU!*mn>d5o}q{= z{w{K2czxmV9LEW{QYu?oE=&HhR4SvknZZ!c#SwU_mMPC<9O*u{R92`sxs=Xks5-f4 z$tt3dNtJ{~DZ+w;t3};7!#vPrylM8YZt4T9URPxeP9Y0VK$j~(tgc+_5T)eCGUL@~ zVfSkn98oi(6C8cZgNbyl>9eKHb69P6mJaQk3tkqV+r3{tq(mCK`bMu>A60hAGBRfB zjp3M4mfNUO-2T_}zJ0sG$@$%Q0~p;ljww;-Rwe11t$cJ8w2HPMTB58_QNVK0jIRM& zD+8p4vP}?_1BIEAIDUiRgb>WE0T6z-H4D;*SIwoI0r$;uh(Rh#{yYG_=8{ZKZQtj1 zr^|+9Yz-T^Y(`3@t-dt}Jl4pPq_}QDQH0ra$8{sritL~;x0u}>6mJ*?yJQy8RfJjy zoC*pe>m+sQ&(;!GQA> zJ8I|eX;64`dT3{UdRkGwC7(GR9vQ9!WSVHHhkdvQJerce*J>mv*fK%e8Aks`ESlNSUgCUW)U4gfe znJF}KN~=W9V8IF!1`cPfxwDYfNl76>Zl~jBmgW{hZbev!RfWh1f+7RwTuAHf3rf0h z4**ddiAcauedW19*WZ+#9jm)bmPi7mznyq9zp>7H%ZT*G){HR{Hkl9)DL{J79*-p^ zA$tc!?3Z;4LNXMc5)CXlQ9vysEgD^hlmRG6ie9ILEf$p6!x{z~3r|k=`a@mVw9sq5 z^sYRN{)SIPR$yDW1%uA_1@`=Ze`e(_Yaln$>&Tgd2A?CBvhLmt19f?1sQ65$~qGn~IiBK@D4CFre^n29gL_UQi((v8&tig7S4=MuNmD;iq4T zx(cIJ?G4jb5j)UsbiJGyr=zINbp>jDUe}uQcmoT7L$XMCS}ufWMbJRVr09$=Np;Ez z2E86+pf`K^gjb)?uPCg!%f!BgES;u|xmD9frA64Yk(;{4-0 zSdY)F+*0dI<*s4sp20LmV*ZBk9R%GSjI_1xKD~W+_dZ zU;_-7Q6ZBhxl@`W+9pUCU^WYK_7?Y#m5RT#DCb9>yLYoJC+sh<(~QzA@xBW#@tr?LEmi6mhnNrXWGG6G=Gh~69WE}QglIq1VEN3kyy z##jUXGZaDsQZlzt%qL4q7|y0#-V9TXY0--kH6a~a;$~>=U`8iL1aHZnIK5evg3Q(A zj1dRCICHs-HMePm4MCl$lx(CUtP6b44SPqBbtISa`^tN514(ra&W+oshELM|u0J_JiZw+0Ag+T~;2JqQ(T{yl ziS|K?6R@;&zYV%Rq>F0TOE<&Ad^?arb$o+C@teR^jx)9`-$S|?o?1GCZbDe1fYn4^ zGWn`M%;)#v{0w80ezo(=U?Kblew?3iSnSngyZVeTpgsp-0WOMXgo7W?NYJ@_{Ss_> zVTzMLJTiWY@$W3KGdaN}_q8VLv`+UmuwwU6R#FdbH43zfrzuP>#fou?t>1A}%7q=9 z)V(-Y0qX|8ezw&|AzltLlh~;eg`L7N5r+ALGxQ9+W2lURLP|Po|ma(D7J=0tp1~s9SKj!b?FlC3%i0l83f8#db^08e& z_A{>uTuR{kskoH4{fzAb8ZISqD6Xex6xZJjt&nI1H;-3)MsW{3qk4~i@rZYGj z$7fpwieXfdp|E5ElM6e*Uk8+ntf$!0Fq|*%R4^ZSrvlE$kuBdiKG}+4)s2)9{$492 z7973NMWA*2vE55|fpjtN!_I$B)>qSj)$(_GDttGRVaE>2qbjD1FjH>_;{vEwU(VKk zQLk%!FgpfZF4?Bjqrj{Nx}_ao{%U@De{ZN3*fk~pEI+xg5~%tYC^Vcgw_c>0LGW|O z;4A+4XN%+|X3S#DY#e#-3o*J|qwg(0sNmy`wT~)*dJzmkI9t4*!;$?4uv&0z z8$~j;svswjwm^J^WCxeI4-|m3RnA0Kb-Y{b!lOJ1bBrabOQK-Lo8yR zwOa`C;+k7V_mvh9)7Q?h1D)!YzK!da4oQDWl{Yz5m!m=k5)~p<6b)hx<@d zEwvWtLA@Ml4JaTclY`9LSXS{4NI+$X3m67~U4^%WmQGPN+l+LSwTC7!e*;idaJ#A%N2jQT&b1H zrG5FDKcBCatHnaTu(zk^M}%2VK3}bsdzDJnT+Elug&rlB4ohwT(9Asg)T7TlN>)_- zhdZ1twdg?g-k~{Ob_@BH5IgkXJ3PA#YC9!9b_L@2}@5tXw z#ca`9E)}=MYA&14WicU334cHOVb_N*Szmnbl>6Aiozrrz(HmY}nQZii4y{be(fr74 zBIp)>+wYoxgM7`)cgb&T-+}!VhzqIkf0dHlj}^l4X&L(|2|4BUM`2L{`s<+lg1c>( z`{!}q6y#zQG@p_FtmSPo6E_LCrOCCRwHRj{fqexA$A>3dd$3%7-YREPv9LZ+7@e3w z*%iY=AdpT+BDLAV!qC_lW~(&Rip?xSm}N&7CsGriRKBbzE__gw31z}vTxwWMOKwmb z&^DX}xgGxs)m51P$!vuGKj#SnLM8-o7wNc~Cg2<4g_ZDIhO{Cf91@953L+zU0p9A= z1irxt719{F*eS;x?n9-ipfg{{+8a|@yUj7`I&2HMuYAVY{&$D}yhyc>^;qibmC96) z*Wny>9(Bf}=gF5%I*NX5J{OEglnxc@;b1X1Y4%uJleTPVkHO+F%?BNUe1FW{=bd!; zT(tgx&XA(Y3dV-w5cgUv1_Po?9KeqcAOI0rLpBBJLCf|4ARGbj7(kSw&jk=*pl}2h zLk_Fc;x@U=MvoT}hkiX}Vj^(QX%A7-9Yn_rvMZ5O4J<&y!Fn2hp20uj^V6+IaYOrA|JFOrN*BOw$2%Z-?d0941n+=#N`{Z#sm&Uc63==j6(!OS&|cZcz> z^eHd!TYk5Hbo%oC(WyUuXaCsb<&Dv)k1pbU73muMp_pzHqPiC$-K~g1L%5L|S&5iQ z1XEBLw}LQk>!M8!;ih~9^?~`Bx+3e;2c#^hk%B2RqLe%jzVhHJ5w-mdPy2ii08;?A zbo=}Xf-}PJgNlq-7Kc{(#g@BF7l4tiWFU%#@^Dpe(cg1v1@Ge`_-S$v;BORbMz0z{DkfeNKtVF9XBTA%$B==Z0Cqsz<6}{b@``2$E+YN+9Ck9)f>p zn4$*ciwWXT7c3+h;82MHwJ?zrn1y2hEq|N$&QK(vKh&^Z*pxS5FJ0j8Dn1tWH-Amv zX}>Pcmrrm%`9(+gdhA?qJ?f5Iy#6ySep<$K7l)I;8+ z9>S#R2}6h#$b*!ouW2&8Q7RRAGbodaA~5(nI{7>L8IT!QAdQDzN1Vw!cFvQoz@Eqp(ZdDJqps;REOK}I=>YtO-eK!!O- z=D^Y8^^0sSt5G>D>&-TUZ(-$7dhYJ~{&;EEefQrpxAMpDesdvp{RjSJHy#IkLRfNr z{Co}m4(?HQ@b`Y^lPJEoAg6RJshX{b#iG+0fMEhq4wG%sY*zFL@s>sGFQYYcscsAf zh0_d>)Xa=zWWu4xKc(J&lSjVo<`#6)17bP7jJZdmulT8KJ}A@nF$_7e)%B z7>U!r7&2R(kf&Kk^y$Sfx}B+Q=3g~=e|5o;$tq=VD*yEB1u zHeztdf8c3RpDy=@x$boR*jWR+w1B6Op_637Ta*ZjAZq&mAye`$e zR{i7f+d{9yf3(uTY^*Mmoh3&Nat06uRbUaWa}I!J6FKVrW&s`p2LVN};xD8i{z4m< zt$T~Lk*MA|usjg<4Ug}g=${D>>>Y6Chn5CEl%G33_N~V*J@nI`9=i0gZ;c%X2m#Sz z;}>{$$Sc&p{16%lPl75UH7cu;OE$ae*}_`LFK3Wcvu3v$)=;a3 z)H9Cpr9}&Hy3YZIvp%3MTucd;KK!S^P`SwdL$o)??s1M_2;~b$C@&2J(h}8@iu`3; zDB(lppy2NQeY;Bsf9qhl6>9%HF&vOhhCxHX)LfZJnSHr0RuZA4VNMSE-Ra{?lUE-b zLE*AD`8@`U!B+`BqUcIHj@JD>Nx~iQV?SwDJ_AcuKcZbcW!{1%X`hzlm@py|IEv*l z#4wIOqckpfxjFw2M^*;-J7|XEldb(!XC6r)hVeutdq~&JC zrS(?BXK>rB24u$)=B>@^6{F!G_DO&wLX^q!#c!M_ zUvSa+rP7tZealquf!y%bljCoE)v+vif@;VVQNM_4$ozTBF~wH$PWc#KpQ(HdO{ylX z*O)tqY7=PmedM7lbEYrK$-pP4>IXQobqvSvw)(*amaqkZvEULIDyyqhKBm<$7$RVc zp;c+7ant~`!SSO#HeiaZp^^+(08z0VGbjw|&p`%p`pj9o{O(dRfHd!e15TviYN1cR zqLR!Gf7TF86@0&0C7I=jy`_f((Eu>(U!#-^@daos|2MEh`=uLOsXE0{m&q+rB4w*U z)2~1~$^z?IWOhX#ER!s-aQu8L4-$GjijrzpY^$|ec(piC@gDJb;PQ$y|^~Pzg?5C`H=Vo3&KokkBeA%Gazm)1K*c7*%#0;f!y|y&UPw z2ZtsnmYpX5p_%mTaCT_e6VFZ_l%JAAJCN||O@_Pyn|>B0ctY7k*o+ufTda}q-Rrg# z;^m2g7f*V@#u4bIpM;J56D^z2Hc7pVs`3X%HZkGIn-2aCqG_8F99d5B<{PA;%{R#@ z9G`9VgF$s>wCX5$Poem-IAU$W28$&YuDDkv6rC&w*7EssJZ7>O4#PkN!p+bk2df#S zXgvp-iDZ_uWDIj#4vK)&K%N}Hcu~|kqG||Lu1|Nt&R5?sh6<$%?(E8;{Zj>dyq;@~ z6niGkK98-|sEuVEAD_Ga4Hs7y=EBp9`wy=4gtHOYmHYaV%c+dXA4z%w0L@C4p!yKs zpk6(4wZ8*-{jQdcBh0w~xS8G;T!Z5o!u7=Q$!=3VsSB@L)rJ+#ODSsJw0>xo?twQbB$u~xt;ar`npV2<#qKzLbUdSI8G7U=7 zwNz15GsQDB04h{H+d?HIgbHG|cuC^$`Xu%Z-)$Aps-xMYBcER&51CR)hgYR?@Nhb9 za36KpVq#TMbyGO#&T>-Fu&VYzEXyHbXWwFG?^7=7JMfyx#hrcoufX5C;El*weqc|0 zJTu&zvHb_2z1-1HT=}Kj_g}VtUvfMg>&yB{=i~Z} zGW=9jSBl0M$_!!hgr&E%TKA(oo*4yt)-6tya(806SSS3^u;TPtEWW4?X;%tXP)aSO zywZ>k0Kk491v4PcSu30>)VGL07TO+QM4^oaQg2mA9_cuY!q^(AOA75Ipq`j!u3V`l zXJsAzGE><0BU%TG+ySbTnF!HtL_cPg6jb< zvPHeRbS$kFfi=WpQXp%yNmTRB3w%e(yoM^-aLfY`2?6<(lgwd6ywTB2ik+{~e4=kiSDKS7p`^-ft2J<~=3y z1(is^lt}5xa4nW}XR{n*+aT4oWE@Q{Y)MIGG;tXO6(1O+0>@`ba^c7;D~AsgFOz0f z13!B_!Bxk^1S()TrgI~!P?lDcQ@P2*6BE@bIG`g__4>fks?*~(k=9OzafmTe)SuH< z0Lp5heb_lwCV^LRwjg73`6eg=G*)euXqx1A7x%ZyB-&=iRMA$i*TyrBSiRMgESGm4 zsSS@h6V66HG1?oQ9o^}X_xp=erEm&pHQPm9ywFILb_^Bl&Y{xK{-K!5xYOYDWSZG( z30o!_7x+iXe}{2d;c=k-AH@urq=i-i&<1K2u1T^GSdxmhXjXKGO-4$_l?8W!u~H#4QyzygvbuRB*8!zB## zBUm<`lFHI&TDB4`*~Ku{Wte@~i^}F7%nAC=j8C^VmMBy#UchF#fxyCCS7%>Cb zz=&&U(vXfxj@B0K$#krc>Nv?NyNa5Fk*a4^ssz^xg-Rk0Y$E$nEMBbpsB8EWw19)( z&)OiUVm{Pi=d&4qt!Ljg`;wEW$J?75IyizdP>sx}#^#k`ZMxvOf9$IDVJ^p8ojX{F zrGqYuv(~kM`z+RI0k#zA*1Mov4}w>{@YdY%Sx5=iad>%yPQ!aEAmE77PXvwA;+-fh zW=>kntmG`S5``Jj8_hVLAx)g(jayMLQxL%2&;xb4LVVShmx71Esz*`Hop+_A1Jd3d zrkL&FC}0XTfSrMAnkEwz7;TPY{ga=tn9{9Rw)U+Qc3r;XAKbrhvXyJQ2BMYz@)Qa! z-i|T`! z-Iny&4?88V&6Y?+kLu`gA)*Khi4DJa=8lnp!tsGdqQx6xi%ja5$fFi9iSk2<-MPeI zDQq_OUE`7O^gLEKnC$+TJH0as$ACT7mkTx`U!I@;x-akXg`Gx3eKIeyM#Te6ZZoLgBYpCeRDe*z(-+i9N+Ay| zl0$K}!Ny7yufVeq{DmWL+*pF)JC0vzO@QHSYFGoVi}WPJN#uW;&CpK5Nq-nIc43QQ z)#EAURxQO)7)9NYkYqI{A;E|iBzjq)BxdBiJGK%*e4Smnw;)t$LzhB^Ej)6<)Lori zD2x{axk~$y+TKe>4_}^}JAb^mR4NT+oIjwRe0hi5Gr1>U+hP9Z{Hu2rF1&Q;lD+l& z?lWfwS}ztSm-4;y@T}0f;>83_^7?)r8e}ANou^d64=L$WExRx5Kq#({vJRnaGP)6t zPqq$%6ne6CBt7nw8?Of-J|M58{O(i=h-*P?$=50N9e4W#TDW>f89K{5;mdCdC6Zg$RPBjp>5pvn>=`+*=S}P^1q5hVEyyi3R(h z?kr6r2MIMhMfjTB^qugii7N>qyfs8|&kCI()1TfdN&&7yJ+zco>veRxysMVMYOjpU z2$xe195vc?#jvL#d{mDWm2@qQ?O+sR?|drkpHxC3Fz$lGX;yl zS3Zr3CK1_F9YPcM6#rwpCt@c5O_FeK`z31M_%YgN`5xrYq4sC_eBsxld-sa=4Vad2 zAMy_+DE@%jIlf24q9Ixh!IvWDE(Bk9fbThgs2qAO2mjW$aqT7CK8YWv-}*bgC)=<2 zo|D_|Df!fUcI>vpY`3L*V&lhp9qhNtLx?x}IIcD7zJtd?tf#-B#_^C{%EvTQsv*`XmYKq^% z^@#5{rSNBjNeyNdToxV!_k`^E6NQvJN z{X_%q*L?><3Ge7YxChgS`ZM$lYX4IhQGN!#fp`XuC!ya6{hyFM53Bmd!zWc=P}?nmlz{?+x1 zlxoNqO@^`ZXva%#kKNtjDWVtil>QF5u!yH-RC=<{faxjvPh-ubel5P3`rXPGI@jL~ z-vh;B`debW#Pyr~Ctpz%pS^ub9-#P#8_OslM z`M#z7Wc#1F{Yh@Wp>zI;_6yt&!G!ZS+aGBE54Vfo{Y>Zldo~gqAMQNQX8VI1K57?s zQiaBk=e+)oQRZc7P8~nCqjvS5#`;MzVPLag3Gw)e>+i-CpgAq=5cCt*)A))0lP|0N zxB-n1$($)3AJKn8yMEVZf2OPdf#BBbL3HG468%ev1P1-v|4np&j=8n{bo)C@pUb(O z=r7K{yZs?+ ziQd#7?&^O4%MHg+c3p4c`5>;p2S_{IKfQTqXuplyuiDoBK>Hosev;dX@5TA| zwBOJ3VSD?7qFvYuX?(;QrN2X6!?f{ZTVhxL>4$jyXbI!-qy9%|{M763{;r^3L>)hI z{bv8kPpSPX{i*-QG(PI}C$#I;@uU7Hy80jZyR)zVYZ^cG`g^{q_N(JZ*LU|nsP(JA z9{{})JWjo0{5EVvM_{>ZZ9m=q0n_&_+)m>s&cD0;NpAn(w)T_lliW@=z68rHasG++ zecXQMw)O|w4|4n8ayyNmIRBpZ7kK=(w?8P_h3$&QN9YIY{8P-Dj>ERCuKv>q`!s%< zL;qDB=|#m(55#z(#Wgmyg?6tNz?2zj~L z|A2k#^%m9#X`Zk?2zj^2^GBS2 zqJ1y7zk6Hz17f^jeKwdet^?Q5&Y0!iEp>B2bDI?1>asAzX!H*7g zeHPb)p6dNi{;S&GrLXl6z102_+VvEl3%bztwyypMz_lc=w&;5-&&2QFqf`6U^@)GK ztN%f*U;TX}`0w>RAE0kTo@sQyncIo)Mf=J29ZbjL+)nfr?GLoC=Jp%8o%mR^KZy1Z zEYb{?pHi{=u&P|6%%y>+g1n_jAq*`iSd^zM}u+_tbve zfar&Q=#WHT(SJg_9?GoNZ|>@U;N`Qfmw(Fi6W8CP(%-q(xn6#$tN%f)cQigu@%!pt z1^h1dD&Y5*m|njCy;u&Z?WfzPxP6J+L3g$N?)Ht`e&x3IlkMxc{jJ=N@lek{A=c@Q zcW!HcK-B}j#qAg;_56D<&oE9KU)t9GAmkj4pU_V~5BdrH_7oHnBlKH{3ss)bo{Pp; z^gj#%OZ}QW68aHcFZ7>NkOvrlNgLno`q#s7CQ^Ubo=pCsLf4D+`jo=`hPe9sLSLZY z7yS?WM1S|5?4xwOx?Y^ZdV>2$wCicT_;Y%Gwg2I#M89^ukcYTlm3OCP>Q~I!&ilic z&?Rpl=Ka?8{Te;Ln4hO!RC z_h>$XA8;P_Gu`LWuA*~ZXJ3Q!u&?Pp58`3-yw3gx=V5=-ecqP)b@nkh5Br?%^Jurz z`Q7gGu;1xEPrKj7FE;)gd85Cjj9|y3YTjd#yV_a9>$D%`^RLJGcemfwb^cpB z?I%fN>zw~KZodKNpJ<=xYQLk?{s3tXo%8>m+dqTz?`c20@!?MUw>s?)(oELcrN+iO z=8ZZpKo98YvPu7Y8;}>o{~djO`+3mUx16WxeK>DZZ^!+hw|CBC{aMxj#QkXeF&}Xr z^!Kgjsd^aQucOD~Jm~RT&!dq5-_dy;eIDmQpWk|3*Zn$rJI;e%zx6y-KcxG0p9lSZ z>v`gS8$V{c^7zvZ7Iggp^N+pLu8lvpZye%wG5*l-wevTw>$J0m-)X;?+r{`p!|$|T z)oEu9ztet_+r{`p!#_tmYxr6_*1dJPBNspqth+Miv>1I_eL>sp=V0yaItLP3J*Tt& z;yze^)pK~2qg9ycBJQQG!#EG?aQAt%8fxcluE#hJ>v8vav?_Pb>#WN-59@OGdENKh zT%U0s*5~f?XqDFPx4BN^Jgn2*=V|xbc#7#P#{F>~m%pOxH@?$pKiz(BS9=e)i*Y~R z)xM|GezJYIt9^~z#kgP7)qYv0{ekvdyV^g_?PA`_L_brkEhber10xt^2!ru9b1Z>$uclUVh2eppS^wLm9-M?FWZ6vF(GK^ue zNxqQtF|nRm7?*(i!<6qS`lZ`C{Sm%i*pRNHezs|y+HkTiC2Z)lH-QZuy70pr0~iUN zD)R~FCWpx2KW(i6(Rpt$hqS(2F4!mK^A==L7JCYLmnCo6YXyRY)m7`QR>~!$4#8BE z&r3TIMQsI;Rj^^r=6){|45A*08C8l(#iC0JnDan4w^&7(G<PBbOxfC3kYNZeBjf#95Vm*U?Z?(^3w$CoMf8-g>y;_!KSGBL|Djh6y z`2Qsj-gWET*9!efx4xy1H<$Wl^Wl+?TgGmaFLuHABE0 zwhkytwrWPy7Vf9rANTWo)+QM(IydrVaJR?EqKxPsia3ECSd{#<2D3J&HRtaS=c_&? z?Mk>!0cR-Q@9W8>pqJ9~Z6I>$N6H5=)`8C%tUj;gF!`ihS9oDRhtO*;G`>%=VV*+0b28#Tm`r;!C8^|k!H zJ!yjtXgtxhbDV0qGR!5vU3W^NWmot2O+#O@9QC z3ePPC=Y%O0Kw!d)SRFNE0{ns8R;?-=JdvA|T)u4gUAq_Fys&uZ?&&u_uw_!CSlnG2 zD%Sm5W-;Dbk^Tm+@qd*sNFL0Fo|fD1^9Jma(eCwHbd&`HPDTFXqm-NW^kd*r_PcCO zIrex`USsiZ{Ar3n@`fUzT*>q3)F1-+Y3>D`p;$EJE9O$Rzx<=v`}sG&4{$KA@8JRc_g>(>Y85Sq^ml`thfqd8%4fT}Y*OK z&RcWuyJy=Y;O7zY=t49S_WQ_S%hNlf+@I5#LUMr(b@Jk&JP8*J0L{(E#N?!ziC5h^ zFX!}^{B+bsGKjaN&OJ1E1p$2xHDHy>tti)aaWer*F z!2p6O{JCVz0dt0nuqE>_jCWK z`5sC25jqn62JdCXIl8CdoDu#>?8dv!`OM~XDEI$^_#JJY(mfv2={vvk``B-bdyqp! z{LU^AI>GCAFXsB@`ps@*ysPM^^_%-U>$hxi^7>74obq?LV00{f*A!TgQXuG5WFm_YX?S`i{26|%VV)pCgh0( z{AREFeBxv|GK*@ofq*Aw48+_Y()joX;A7bB_&4({mmApr_)VV=KZxL}t{;39Km#n_ zxBnWsL+kNUHt2}}MBnRv=(lTc+V*R&1sgNZ%FMHF@NA+ia+$lXAaw8{3%VEjE$@uOY%l0;jX;vmWd4 z6#YimIl8BC58>Ay?VN*LCBfgihiHw_-vQAMt>|!zV}?u@c)m0fBQ51a{oT`M}Tc2#{Bbm8rNrJo%D7^1TxTK zLeqWfmeQTd=kF-Lg=DbU@cW zoC`em!q!Lggl&1s{la(Z#GSkDq4rBX)DJGEU%+glv!J(pp8Xso8-@SlRQuCH|KWDh zXGFWE|9p)31Lv#u;8Us}>t8g!QQIGG{~hT+8!xc_a~<%}hNX|4lKMqvMS~&%5od)X zr(N@R#9~o4H^=7U1IMURS~pM|5S&$ANF;#Hg3!%%$?2CQr_+fvn$c{J7a_&~ws7|? zMRh&H!&&cQfy#eKcD&}ANezXhI7pFJ@*LHELab-=u>rvULXdZdxphIfV6TI%1qJG& zI1Iuek-A48J6Rf3){Eg>w7B$;e8yx7M7(2t9&CTE_+3CJS}HpZSE@si@=$!%bE_*c zR1Swc;o(}sX#85Df>KU~mZ4s&&dKI>V<9vafBi?_I61#qd-I!LlUbO|z2U9bmI{Tz z%ini#asW$!EQb&+`UK`6@gC~Jyj=~VQ56~ai9brePkHkj`fs9hcVZ3uIL`G*zy@#{ zY#xtImFo2VShK*eTO>J(w7<(43)pjEUo;pr2i%HmPoy*M&9#bnYU8KS+c)DoiXy&) z`1WVaw`cWpoJUvxpYiqNC!)P{5!O#(Ez_?5_O^bG`{=sFO8HPktxy`y3DQEBZMuq^tkOus3Y_?eYFwpI@?X>({J)+WQ^ietLh}C(!!~>z~$t z-L`(s3aIs8%>DHK;(GS?cRk-#+xj)DpmzO9?x*(`*R%h>>-z2enw3zy{uj7@(+@@O z5C2rx_1pW|Pu11G#Mf*7DtdqTtGfEH+}6*2tFHdHazEam$tFjYw!1^ZT;-mqU&J&c`u`eu2cTz1sP9E$^E<}xA1hMKUG1KYv`wiv=U(lC{rDMxI86YEN04|(P zm+f|=v8NO?E}DF%SkGcHU2GH;6JpjJnY7t$M`3Fb{4CH-5P`22cp=1jVI?9cbb*;f z;9LldQ}YddoPb6mFUP^|*d9XOA>o&@vj~XbW2x3ypZx{bk950d4!Gp|q8|(<5mH`}X|tVa$^@6j7vQvH$8m`s1_b-aTILAD~@ zqz@P?B%M(M1$B-omX<6Z*xDjR64_csB#WNa0t6HoIVo7XLK83-clmTp@mXuVKA8-q~lPs{Y4bMv?6QxW2iM~^joaR z!}Gt>>+*ZT*Z~@_Cv$oCBrCeS3_u{aTXuM2L9Y`S5XevSIAp>{_R4u(C1~}dKogL? zaToc8?q9$!I$bvLE7uzQWFjyGELQyyf6A7&XZ;o=cKS2+v@P|@QbI;GLW9Zb*4tC2 z_nA_5z1xcN%7uWOD4jIo_5nPe+2#Z5f(Of3;|CFAxdV0D?2{BzKEW~eNVXQMa1$Rs zN5T1{eR2_>Te}cs9VR4GPJ(n$8nJ^wTBK=Xy56WO^|~>g)*I)2<%M8yc)`6hlgTfk zc-&%r+PJ8%TN=7Y7 zPhU7tPWfz+a>C%YS8`W^bGa+SH^_1S!~Z!EU&wISzZtiGe-*PCp{ z9Vnp{>WO)hLC0LUI-VJ=C;DfyHn-OV+B!GR!~FgLa1I1!3GE~)CY3PLis11&wCfQJ z0r*#kfAUZ!!2j?$K%dq2U)HBwpGYLypOgpNkKo@Y6a42yJRV2eQ2X!j?-L2}=L)&f zexm&u`m0Mlb^w-I4ok*twhkGkH^zJvaZL{ zXu>5p0bq6H3Fv3#k^@ zKq$nM7FlALz@?X7e9;$iBoaNy>6DYMK)~e+2A_TDr5FD!m`S9A_85vw z+50?kcQ}>~Szir^73{A)oaqena2;bpOLSYA9?xvbpGQw{{{7Y#efobIG>=~7`qMU z2XOx5?Pqk;?ZE?l{>Bmc1^H^ezoL^2*pBl3ABC{>Wdb=*4tIR~fPD3VHVhuPKhCG; zAzU~hEP|Q@=LBna4ykw90|!2;d$#l3bYD6TXW=}02s|^f&`COut;&}m!@xl51k$qmUb z;C=b&aVcG=(uc1zD6-DL&jyfdah->L3}m9KviL0~6HcM`Cc4sfIs;0as+6U-C$J44 zT}0HP$7JdXdhv7OI-8Vi*-aLsq*H8q3yi|B`QbwGntTI(P4yhz8zG`^(=(xHZ+_EFxF!CGQ3B=o!Npi* zRUVV|l0qYVn%?|09xy}0M58NT{qpx|Y{jz(o)=WJ0%=UL*o+crj*HZ5#pU#RnE>B} zCj#B*Yj`{Qart^dH*M?;Vias9EAD4Pfll!txDh=I{tvdv@aPk@GV%-UXT&hj^lIPo zJg6m}53@}00zV&0!s5ZKHZj>~48;8eyQ}oi41x9lP3(}K`5*5}GZtfNkStQPWi^70 zWpIi1rZSJIHq`@oQ}LFV^5QKIfL@QQ&qMc!wQMFPmr*&!uQ#JTjrMW|+(f(@Zju$U zqkYT0+Vk+d`WpCLdpC$2!3#ut3_a6|-c6liQwq&!yd6(#<|wd1XB_3PY42t+WANeC zA`y04B@*$GU;)U546^|}QkDkqd44zbc~trUO;6SvEi&8_JY=8`SRNUWJYofYwZ}1W z#H&3{BSvqgNH^g=SA)*9=D{1L2f7}XUuJ8%2RISz3|7VjrvE{V{UR)(Cb%|#iFZ6$ zCx=^MliTXB*}aCK?9*EUrl8da)k%+K_#c2e{n51(!tp*EV&HKQ5s$w)b7-w5e&6yNPMc)aSqx^_0my-eaaC`v z{ss+=9LNl@Aj@U=m%zSurW{cW?{qJ{2K|tj@AMlq*6Mt>n!qv={RMuPpc2^`c+ly& zK^>a)8MJ*J>#aO<8dC{S>Mgx<>;56GjKzL@G>S1Mv;dQ!$>qDu3;XwNO6+sxQh{$xgnAGneb@hUV?*ZrVIYXjYt;+_k!2( zjvalF*B7(J0Ikg|Mvlc4N#g&vz3+gJs`&Q5b7ywb2_cja0xTUV;qK<9EJ#UPItU?v zC}l}D$wHFF-3?tzq)V3~g7hZ6SLuif2uK&Dh=>9Lii(H||8r-~ZWhH~@%Ntp_uhxV z&dix|zH{czoqJ~P%();RzpuCw$9wH1?Jkz1;4#WOfp~^%`W%-n$e;N^bprhvbXKSi zXXL35TsCc()Bb5aKw|`>j&^&(Ph5X(EaUnBuah5qt(F8(?WqOrBs!B;C+*G*t5OYI zyv>D%0R6~w?TUDSTyT36ty)_D<{c8{0?9P#JiQUB^GMZNM-vR?;$t4@v!I;8V+C3k z8U&t7+NIHkNv_huE(hsxK8{^l?|b^ZsR3B5Nrtz6En%e~P3k1QBz2cEU`3_3x=PM z!WzFCHQIRo-}D3^<}ZZj)TjafHEssOzZ;liFwjOdYSbuzpZ4eL!~UcvXy0^tf+uR( z3wWl28hw4jMe&l9{{=lFmt=N|&WCq_3n~(p~9$=_lzI=`o=& zR}3PdB%G8X?q$O!f(nPP)u99|jHQ)35Gg{}9$CFp{ z|GVS0UioJj{|Nv8M;h;=&`F@D{+at|py0o{vWM>{ioyjU%7u9z_*NH zc2EX>e(1;l6I%CA(tlt6e|!FLP*$sydg?C>x&z(-e;#<#1krzG$cKot^K#Xx^^dX|^CuIy1LQD+9d z@^^SrShyS-pbPd33<(V`5g_Zr{j~)`!~i7^%;%dpG~fxiSh$(QdReI|VoBp9Ux?FY zh1x*;yfpzuo0ogSK~f~>0iq7UKH=g%bqMpRLkW&cCBopqlr)uqSu7qV zQfaaX!?F}iw0HPg9x62=?_ropRbl=i;&oDlTm!>;sj}P{!+x;g#EM~mse=4Dh68-U zL6Ryz#`s{LaB-hHg!$B=goc~!=rh1+&(3ihOp4KHNVeuX^6eScTth2&W;A?J!Jc8u zciA!x1^Jmar@@_LGo<${$afbQERKA)NY1bsjL`~4w|3+^n!ByJ_6(m0gNQM7v^iaN zN4`OcPVmi-$$w1MnALrPn>9bvr;b*q&ET|U+g)y(6YA)8S~G2VR%dUQ!I9;YO%o-> zn(GGS)>dn_CR&c$-KT!Ndj0zKi_YXJd5{pD;mE586AXvc2Re~cvcuFO2R@czkWBEA zKO_7zK&n;BhaCBkngQWlh-(FTGGPj1;9)J^2I($vGa;q`!kG|uLf8%bY~ZI$J$bwv zT!Uoc{4|_aoU2w^<6!{AXh424cWa*80k?vi<7;?N&tZ5Xk3s6lYvBS6t^Nk!94#gM zDgP%+|0`uZHLLps?vr)XT2E`0r?sOM+DMaHbF-nAE|5@bH_?u62w8bc=7H~oNuLYy zI^aWAPv_>jDk;2`+$eKvpsc{%bJeu#>xS!HA70JXgDIr;FB(v^D=W%qXj+MAXlDn! zp01}2OWIlqZ0CABQi2^xI8JEs_@^rckuv0>u*#`}al#L5qG?|N4T3Q#1olLQYUdDO z%m|0_rC^_b8L*&Q7RH%!@RqGS*zBkX6|4li|Eow<;Ts&);oV_PuzXkx-XPY2uR26S zCA1D{g13pP6bn17;^9J?L5K#h8?Yf*({2o7T%wc&&72~oLI-OKU$ty5wSbv(D|l(! z2IkK%NbRKdFpKU0ou?zrr8~nH0J^}8`emuB)D7mbEOs1kJ1m)eQBYzTKW*?WozK}$N*cYnJ`1M zNgqguVV-tW`bat^-GIw|N;)BZ3^V#{>04=vbXGbooq^lxmULShEA@hI(;F^QE_Ac` zaJgQAOY4M=QUDjTFI?K2Qh#Y6+}wktSEa$yHfaH@7z~kyNyDXYq&w0M;!gs=0#OhN zCLz*q(j!s~W`M;>7|aJHQUd0JB}pk#8fJtMq%4Vqd0`YOPb$Fd&_F6l52T-AJ*Wz) zN~)3SFk7rio+Gtj&RB=kCDAZ*RN$C}Nje8JNR`BrIG9H!5HqO{v&rX4L(&N5lubw? zNg~P8Rp|?oLQ;tZ=9tY$bJ7B4nypA{(gx<6FOYVmJxL=SNIL0AI+4!gMbd@5L|!Ic zVcz;H=|;Mf9>hv|k_?hbY$S_hlN@3vz2Nn4F3BVL#6kLyS743EMckx-^d(W=G zKN&yd4o(N)5#1nle|f0k+;ZfGKaiP=8}12K3PB(l0{@OSwfbQWn?*dhpZqg z$ttp%tRZX3I*ugEsSu`f=z(Rzd><`~C4TL@2!Eg??m>ddL zox{FBmn->wV=Ot1u2Vb)-FISK&$_6;+SXr(jSA~7a)xjQqP5C*wmRwt| zBiDtmqtufX*$9?2VqnKcELeDomlI^OTpzyE^*q=MY9u$7o4~%bB=~Mh3VffVa$ETYxgC7nDoySnr^_AXPI71XPHq?ZCHZB!E9^w-F87eFa!)w} ztgPAOEIC`wk?nFX*y)rj=fO^4hujCgc;b{@vRf{Y`^x>~{;;cQAeKY;$TWGnJVTxd-`Jfcza`I> z=fLTJx$-=DzPvzQC@+#1%S+^?@-lh3{EoarUMa7VSIcYUwemW7y}SXwcDPC2EN_vw z!kNSE@(wsT{w`P^+YKKs+bi#r_sa+5gYtXwA^Cmz1NlSwuzW;5Dt{y&laI?M`5XDR zd`G@3e=C0{-;=+We~^Ea@5?{Q59FWahw?A-ukvs5Bl$6?ZUjDV2j{h@4!&XUNBwC4 z4WvOdn1;||G?W&nVHD18(2}$iEltbN2wIj#(sDG4mZueHMQWgxXk}W3R;ATwby|bg zq|eb>v^K3n>(Xcn=Rv5EnrIAFX)KL{&tNA|Gp$b>(C2AG+K4u$O=u!bqRBLcrcw)S zN}JK_&}2kk>&p-$?eZdyS5(tfl*9Y6=tL3A*El@6gp=`cE+7Sh+~ z2s)CEqNC{;I+l*3uha2#0-Z=F(aCfQol4)J)97?MgU+OH(pmH^I-Aa+Z_~MS9-U7Y z(1mmnT}+qIrF0oxPT!#`=t{bZuBL0~TDp#|ryJ--x`}S4Tcmk(E8Rx7(;ajteV6W{ zyXhXfm+qtc=>d8W_CwF6hv@tC1NtF7Opnl`^dowV9;YYh$MhsUMNiW+^ejC`&(lxn z1^Oxdj9#Rd=w*6^eon8_FX%P;CB06+qF>V+^d`MUzoED39eS63OTVM{==byo`Xjwh zf1(fQ&-5Yvh5kx^qmSrgCNaWfMj3;*Eqdn1{8<1CWI-$#K2KJRg|gx-jFn*FtRySN zO0zO7f|X^FtQ?DCkKGtIg`Lx-1%YPbtjEOe}_} zESANwc$UD-tUhbNo@WhNBi0xWRVK0|mdsLEDzmVrtQl+0TCkR^6>H7fu(s?4){eDj zX{-ZFXB}B5)|tJ?y0Dkn%d9Kw#=5f}%*uMQ43^1kEQ@8c9A;;|SZ|ig@>o7|us-Y+ z=43ABW(BM->&N=D0c;=}#0Ilh*$_6A4P(PuA$yIDU?bTmHkyrLW7#u!(FE zo6M%Lsq76ljZJ4W*i7~&o5kK@v)LT>Hk-@lvH5HPTgVo%#cT;%%9gR^>>aj(tz@g% zYPN>0W$V~_wt;PAo7iTyg>7Zq;H2>mwv)ZfcCp=T58KQ3vHk1-JILN+huHh<1NI?1 z%#N_5>?3xJ9cL%l$Lu6K#ZI#`>?}LS&a+S01@?XU#zG1i79d=h&L03^{&{fh^)>Y9})m76~*VSMT*)O`9>^Js^J=RG&qLX1q z5YxdvJDs1-A3lK-s0-2s>q2zJbfNGmmM~ojUAV5Ku9U8{u8b~1S5_CPE2oRnmDfe* z7v$!$)B>l&uOQ#9D2WRCDf&EXhSQN>tdGrUcVxm$jL&oY5=FG1RrvbEo=#g|o8HPj zzeGp2Bj48B&no<&7m^JHZb+R0A^v&J&+)SI^&ON{8D2W{S!Z_0v(70+c0P$Wp*PUAohrpRFs<+>mr%NkR&IDZg~=B?ZC{>Qq#( zpng8#7k$D5io*IXLc)RE3+&?UV}S#`L0zsRKid_Y=F?2UE+2x+Z89dJpX3iEb8RkH zufU>9D$v$+$gCYWI;32dcc*3FvUW(ViL-87ThyZJr-5zH&C71(jE;kGcZd;~5RK%TQ zcV-4aEqK5c08yMtPB5>H2)lx^03XA_TxcXT7FqTzcaFw_2V6nCpa=(Q%_xFePN=v$ zCs5s^6?soAg_SP2-Of75d*HAz|aC50|Fil2qFd#aSSaV$I$X2h89E&Eu+BDLVWm$ zhIPRppPQ{1JY;>yP;aJaSB}H!4tN1pBlB}@S?)j{;)|;KW&>bU&DW*nT3tDEqB|%F zhQZ!8xJk3z0Z9;aX$ip?%ZmhPgpKpzAs!jhw7{P0f)OcKOVB5Q!eDdjQ}Z*Sv_3UY z^NM-1@DhQk{WEf{d6|xW`MhwhEl(R8vfMl$r+B{Lb_H6OcjRk1`B-605c-EP!H6`D zuL&_otLXC%pcoT)hX6kw;}g&~qc6rMV?q+r$>^t`pNhUk_-4d6Bfc4N&4_D8Tr=XD z5!Z~kX2dlkt{HL7h-*e%Gvb;py0&ly^K}l*6?I5NnG+E^5wQ~yI}x!H5jzpF6A?QR zu@ezH5wQ~yJ26$4&M^y$Fq2T;B*aca>?FiaLhK~OPD1P?#7;u&B*aca>?FiaLhK}z zI|Jr&VY5j_>rQxQEC(NhuKg6I}Rw;;L&(JhE>LFp|hy#=MWAil*Mn5gM2 zLY=UBgMNvrJj%~%<9<+EKIVw9qbSU!F)5-p@Gb~xQ5%yYYGYDFZA^-&jY$!;F)5-p zCPmc7q=?oqDWWw@if9d!B3i?wh}JMEqBTs4XbpHhDR7O5Z$x|};u{fPJbVRF99ADDrex?}2k3swxlrIKxV-Pn6abplS261B$HwJNI5LZQ96>(L>RS{Q3 zTorLu#8pvl74cQXR}o)Dd=>Fk#8(ktMSQcV7}u`5+w=R{oSXF3Xc=GwY*?J`j7 zt=)N-4E5-r-Gy=<2r4ZGi+PiHp(2tOEFw8jFjw`lWB|_*ZFOZ7D^kEU((|NuWt4c5 zIZTB56h(>RPegGLEf>FTs-kcm(x|{C^n_xK-jK-~DoRzoak1V|oHrEj4JCL(W=|;2 zixwxYr>dlQ(>z#4)yvoDcxoj)+)|hBF{PNbq7Lcrg;Z7zthsnEhz;An3zpFNWERVfJE}y%=UMhS`f@_F|x3rp9`? z#TRk&U;!GU8Wm5fQSo5G_aVKh9xT|v?v3+c!O22zoJSrbK7-U)&%I$Zda=wg#ZcC` zIKHG)!b2u-GTQF8dZWyLh)OX2F-rADi6H@(CBS5kpyS1mtHQUEw4q*&7elTZFNRz- zK@6!Xs>y1C7*f>)F{G*qVn|gJEGVi{)Uc@fs%FGMm03lVSw)puMU`3gTpDjVF|4bo zGOMUEtEe)os4}alGOK1WtgEa3#btfK0yqUx-o>a3#btfK0yqUx-o z>a3#btfK0yqUx-o>a3#btfK0yqUx-o>a3#btfK0yqUx-o>a3#btfK0yqUx-o>a3#b ztfK0yqUx-o>a3#btfK0yqUx-o>a3#btfK0yqUx-o>a3#btfK0yqUx-o>a3#btfK0y zqUx-o>a3#btfK0yqUx-o>a3<>A5Rr(g_v02T={(pnry1h z4J)BGy_0J$`rb~fySG)BnA<1E%93nutFEaPmZ$m69RoLBY9E&!*6&ysNTR8b+#v@- ztU0W@>sng-^s&NnZ(h$#tK7OkZc`w4w!<2$U0YX|U$E2mISyT#Jv+}zJ6H?+(giE} zLXMp#!|w%`U1#OEJvH2H4Of@RmuPH=I#5H^5@E|0pxQOm-W(NH1prl4GbvflFOd7& z{Tu?CI&&O)mxgQ9agVwI9u{;oNoXH{&VV0~I!B%@+ZxD)hkaEJS1^jp3I9~Ll?MVe zX+^pg^5|H>D5*$6={OOJgePZUTMdUN1#*c+5tNb>{vaO@1ZYBvbS>mz5#~#XWR#W@ zp(vdvdoa>GvE=U(d1N4$odb%Nu_#9@);|vUi>ZXsBJ>vUk$)WWk3;@($UhGG$DurN zh!cnM#35cB$`gmUad`dW5I-LA<551LCmAh5PXZtDg`Na7;>RO?JmSYAemvsGBYr&M z$0NR2-ZWao@+SD$o?>|uXv9lEdByT3#3Nn;;w2!S(Ayv#@r2$6vv$}e;_pizFIvjL6r3!M#UlwascAdUs)w4?^{=V(F#eB;ge^s3vk!l> z4}Y@{f3pvNvk!l>4}Y@{f3pw&L?8Z%KKv7X_$T`CPxRrR=)*tJhkv3E|0JLM$v$BV z4{N#z=(4=cQx%IP#F_^$b6v0#AzBfd2`DOjB(_*Y%cp`LoCfL%#4B1RjerH>A_C^_ zUIOOUK7it#|GUOpc57*EAi4RIQF39u3u(v?gMMlP+GtvhPaXtBd($r z@Ng7Y4`O(PRx?-w5@3p_W{Rg~il;)b0D*b9U}En(0sE&i-w_{3+>r2Nq^9i+QgrKT*aL5b-R-Sl$GRvH2xuX|u@dZ!H^Hv=*07U31Itj@XUW3z?Se}noE)eCCj#ohp8saBgTDvtde60HIWy#O+?~eVx!hgO-3{D*m%E3!dxEM2@@Nz8TDaSayY0E#nY-P%o5|f? z-0j2NzT6$01@F9RA$P}dcPe+^;_gE3uHfzl?(X33e(oOT?n!N17QMjTE8M-#-EX*i zkGl`@3-X-wk>)bS-9YXZ=Wc24Msc??cWZJNcIQEUmAmyF&dhw)#05J8n1#DA6VK0L zUAWtWyII`TUe;$ZIPC;(f9?+9?g;LVMHsfv^?snjA7j6HBt_OFs zxSPveZNraCr|s@>>4tE31b4@AcQSWpaCZ*eVA`D*3U|og6O#E^8tqh07~EZd-6wDl zN-)y=br;U~!Dyt_;J?-S*<&+yw{1GIt4g;Tw$*^Pjky4MU2jl6*tj*-MT0 zUw5Cz_3!N^1fC+A4F8F%J)gi_+Fx|bz*8*&o>9%>N0q)E`bCje)aHZ^Dyh zIXoM;NqgbM(+N0jbp?<#v~B2bL4Ona8_?f@z9-*aL6c(W!-vZ>KBOD^tI&Tae7TwE zTXG9Qm$#tbO!TDkGmxH-{s+RZa1i~|=wCzs2Z>bFOZ&i;G`GS-aAk0HMQ0!&_5nP* zTr zh&KChhbRe8*lp)wC8;Hu%InE#Fh(fNLY*`n0o7+S#Y=km7s( z>1p|%5(g&!wHAI#3O`Zx*SUgOayVHAr?$&)0Bxls`C8sU2g7NHOR(#`ziySjuU`}Y zlL5T~)xey5^AUl`J)|)S5C)A_5~$ zm(7igi|iG70ywq@-K-~QKTbHkR|wxamGGq+*BglB} zmn9RqA4x`VzZ{vy{U|Iy0n1Mm<)O#&@^HG2mj^Un9!}cv@^IdcmnQ|HJoGw_PX=K5 zfmnVJmLH7eU&Zo6u>4RgzYfc<$MPGn{6;Ll3CnNB@>{U{RxG~*%kRYUaIR0256;zz z`tQc_d$9aoEWZyl^je^8*9X11#Xr6_2N-gmxr^7ygZyw6zQ*G`cO>7PoFU4b*%RktT%jF1LTMj@lanL5B25o(DFP#w77_W72}6u{6>u5jPYAB zeiz2?!T5ipg~73r^H`VdSX zis_p$eKV$S!St<|z8ll`VESH6-v`=PF!cN=nDx~mZ(tp{4|Ng#tLSe=e-CIIrD3L~ z&G+J9Mr)DUz?`-loT1g)z8n$bP?VrS5>A68Je>?ddMMIcklu>)UZkI_ndqlcMD(`; z^oOFq75#tbx;(pw|E_!Z*^^E@DgWm@>7I?M&qh^ky#H56)n|9`|Fk>!nXdXwR~0(! zGhJ1i-TiOWRiBNj&qmc}D*$3f_iP2=*$Tja%?iM?QT5rV`fOBvHmZsl{*I}`m!ufhId*2lI=rSg{}+vCxYF}s(-<< zsAgMpHrQl*8?1KDgE!U-q=nKVX|c3KS}HA*mP_wQE2NduDrvQ}Mp`Salh#WcrA^Xi zX^XT~+9qv>w|Ad{P07pB=kUFSFX4*|H@Mx-yI=+Md$0lelk_v#u>1|IZ4&tYf)2jG z5CFC~i-85s5@30=G+5n?1dE#$hymX1RVCHI!e%Y7t{DxMHBDesGY;%&)(2afjlhm( z64=kQfbGl{U^lZ3*vxDX_A)zyrOcPW9%c@_2h4>w7%v6+ z{Mp~x4!Z(xmLExhPkVn1Z^H@fQ-eJlU|H}w*cH4d|ER^u+80)|-4NO*Qu>0O%|LiV ztgXgtdpT0zZJG@48F;Gp798FmOoM;HV70SA3c;LzmSZU7*ao~R{3#DD#~QK~a%gBJ z$b4}90J|LYB@NA=qXoiSEVmQ{@5zTq#o-P17I@pWo$Q78OPaAu?LDukxyFO?auP2m z^IAgxgq?ap@UEmd?8d2r)@ZxIeurFci`5N#9tMML*csAWV7;^}SP7j_x!hp&1Z1belIz=rGxU`h5c*pEHR?ZzJGHe*k5Td`;1iy!B~YV8HE zZ+Z!KSzHCHw%5U0?M-e2_FH&|tl6S{AU%|R1q-ln!3ZOI;ty|?L%#Vu;1Da zY`3O^-PSH(u{9g)vi2rvXMY*c8KAxYzd{XY%zU6tx?TJ{S-p{6W5VLS*pKTT<;)bWXlT3BIN6l{#t{!=j6M)N7Rl4{T?A>PUn9aLlZab7K& z&h+7OdYZAgQcMqof4Co*vl!^ew;IEhFfGO}JP-_Fx!o=>*ljabQ>ti@f#FeUZYx+( zvgKwPI@mID@*TO3Y`e`>$Iv`KBidMBNzk$dg&Wc0cLrD=uxHsbz{Ha)+T|(ghLYU+ zx6=l;(Clu9b3i>~oT6%FX?Wcth%}qCFPKDk8QMD>ZbNbrGecs58%(*_-2;>gWkO&- zZ7gg~<~wG)02${)D#Q2vcS;(tdR)O1{u%9JOcOchl;ql1+|y+7QPIvrS%RmyAe#lT!>$-`9^88)r&?VPv6 z@z!gNf<8RI{`@kfqLy5RMJT0*mE3e_Xk_xy*#%we9c+2;^*4*(_^w@XrM`z3AuL*{ zqtx=y3K>-aJBK5~)#oXf6^~(15;1q=>X3 z?p4bME~^|6&pkEn;Kegqw$QhZX&wkzGi?y*6I#g@*(u1?{pRkqN;;yt9`%9qRakSItH$SVqVe@;5 z70zYcn47t3!-4mAU+8zG^V@M`)|ydevJ%Sg%DjK5eYfKEdYm|XH`Q3_b>X4nA*W`5QZwPMxM(YhN$-RAJnoj>H_hj1gR^LW68XvRh z;JD+*TvMA@o^*TX2Xh8ztb|b&?l<{sF|rcrcWtC(JUPl#;vEJC%m_G#Y-s8*q*yaE z2N;^dY34pSSQ?djaP45Qtm#co2K!_#gUM&4)4t#E#8?N%3gS#=V?4MDjCC=-C43mUc@`hLFyjry;Qq?--B>-DO={=G3n z4(_b5Zr}OT8jcn5oqrl#{oMJw_unbAwW2ew&C)WBZEsHfv{ruCg^$Ku3A!}&%L%1E zzjdVknX4rhhSxnmac%b!4d?so{I|Tk#FoHPXH{6#qlf#w#3jz2<$AtX(a}9JX}8?Y zwtP*Mh+e<;r|+~LI_$v1m0f;a&}8x9vZWtw_~33gSIC`yyWYA#;LUf}`(-aI6>@QY z=R+xj0vq+L*?mW%Us~tmVM7w!?>%_D**vKQO_maAF_Jz9*LOs7y79eppc zXACg4{C>mXMpJ$*acF_x_=)}I$LLGGJh?)|PyS0A2A2JK^sume`?VQml*j6n3}?cf zqfum0`Dry58}AQ1*x}s$FO8k)!lTD}emX7HwRunKhgCP9DU?@N8DO8VZA#Og)R(tw`iBm^7&9@9UU%UOF&N-@VnQ`W9F1Yp3qFdQ|6#a`TUZfJC4M&0DVND%;u+lU%9IBqG<#_eFY)7UxxcyF}gR@Q18bcah z!#lpE*)j^?BQiyb+!Mo_F-!^7O2Frhlz4NT*_03ugUUbFd=AzL2>aD&p#op?^ z4Zh8=)H?jd27NMCe(_nu_iJtYFy_>NYxQqGuT&W^aidal%ZAYh8cy%P=3bt4F{oOF zN|$WU4T)X;PKR6fe=?a*S5Ke5`tC1}I*&Rx_Xlah_*%iclGw3jjoJM>!|tuP+kSyP z>%#8H)m<;t$+{WYd*_#t?OI6nn!W#K!TIgaeQ@VNR$kzojo<&;fAGQwi|%bc@cs6I zQ}!*pUM+gg^4leB`MvI!NJ;CXOg}KEcIVm+{oO6@?QXYj&*&4aYIN?sIrhD`*OoCp z2%2Iog@X`_u&LK~2{=H##F zVGw|?-77I3B?9!C8j3a%K%EKnnliq6jZZgFEE=PVtg+HiX)xbBKYmoKN1-Xw;a$-_ zCF=Q11+p`}+D%K1kAbBqNlFtvgP;V*;o>|s0JX+f?fxen@<~mQ=zn+faxLfNsJ-9p z`gy^Y>^oUO3-$Hc3lmE@SG90YPdgHSB&GRXzsbF0KAG|Dw2n){72WeAO_c_H_ zs*5LIvYe_`r6kSXU;L~iwCkXON9VoQxz@geb1N8q;k#XSIV~>y<9!2UwE-ZmybuqWztv&m>j)zZ{!Pac3Vl)R!^ytQL*%#kG5~n zWz_%thn#X{bg|RZ?!f%95sY%x#R#Vly8FW(`=H-7)c>skMjK7dirJ(ZV^q}?qfH;d zoT8UhdixBfO_PkF&=@d8`G@OUX+~W0JrRE1h$tme%MlnJ{=`SH?0I&u!)L@)`qb2a zI@&E{-LIej^yGqt-w%0D{mOZM%`elBf3x^zvGS7N)K5#_UzJud_Pc3h&Z3EvXZc&M z=t65x*|PL;P`Th8wJrHQua8|8l=x%G>w9nZPIrcNop}7S&M{*je>u6}vja!#_GomL z-gxIwhep%h{bt;hxPiCRe>>l>cMVHG_tT&5>%Q=(G1tZndH6-)m3m1%+gWxVQeGLf z;pq67zPGPzp0)Zw`H(Nh^y_bYzC-&`xtBgW+Gl3e?2$ht{G@Bzvc|fui=NM_yrkyL zz`oP6_wAfCFY;Uc;9*lbM-~_i`e|K)Ub$QS_PuU}r``&>{>E0n(up^Fo;iJT{2MDC z>{HK;`(;9Et9-}!!E4EctRIZG)|B^*cB7!B3i-oAj8;ikSS=tf_y%im_0x96-H(cQ`|whO(5iI(T=R?r z^Fv#;Km1ivR#=yUoaXiGR_WbMe=zyGxnzC4pe1ukRA|&NBEQSJ>F&nSEk9TCTnFYl z)_xJ%^x?&-Ju;WQoFQF&XX^{9?fsg%=8w7zjJO%K*RtiUTAvKJZJ2U6`0SuD-`;F= zBO+ZHeSGbdeuPFJ^U5mwx!}i`zZa>5XPC+<&;&1Zxvz%E2W> z|I&#bd2Q8-L*5QBrhR#%|BMr_9bB>N%bqJtQI)H-DG@!`f6KhfFISmiEM$*h1bqk# zfXeVQ|EI=E+4DRoTGpIDe3Vk$XB{)xs4cma)Cb^NXH8=Cqp*SiOQlL#?@D9 zVoH<`6=W<1Gm)aj(o&#tc-B_~m=V@z8b6-u9T<0U#w=D>o&@z01HO#jw!iaNQZtd~9abSZ@@~G~%tOEy5 z-PuUeYTdq-_sXrxxsxt5zcc!L#l`cdpL@08?yV#Bey=`1<4S65-_N$CTeD-T)Qw%3 z)97qQ`P_BEAM6ReYIrr^>pn{o3d;`Zza%oHW3La~wdWe&4}bAM>F-l^&6;*Gsr2{T z+77ug;Pq*>)8=h%F?806GoO64qucOs>k%E@{)Y3;b!oZ_1NCO zJnl7rC}E3W-V%Z@XWdeg|Zt~Ecz6+p59m}TOq0|@0@4DLP{)Ur08az|_7P6BEgPYZW z_!co|-`wBu;OCD&n6JP3`S;rTLYx$J1NP7KKed`LIW=>KzNREsp{(uFcrKtRP3%_3IOrXUx79 z)nq{UygG{uFOIr$YJa1EEx)Z(UYj?zb;Xs}C+M zd8ptM-PR#DOJxT=?p*t{-_}b#8&`R$-sPp4t8)v&z)?#{Qn6BFO)wg%;y{o$WhOUk}4dp>f z2!d!(8Y=n_#KaFlWD4YD;G6cL=Uw1H;i_@Y9fAbW@E^kanuj(7u|p^oMFXFd=?+mE zh@Fn4z;|DB#EYX36ZH^B`ZP?aa!)N&fKz8nC5;Y{fH(gt4~|xV&l?-l?FbqOqJEh^ zzOHKdMuF(U-hcgU>%(h9@HP1Hhd}s?m+4Dq*v3d>o-qEe-wqoR6MhSTA>gpd4gwAY z9Cq6Y0v`x`An;)~0t7znMuT7<2z(&$VK)K^v4An;)~0t7znMuT7<2z(&$ zVK)K^v4An;)~0t7znMuT7<2z(&$VK)K^v4_`eY!ezeYg-QEj; z7i-wiW`Y)8?`I)vNn2(=7NvsSE$;UF*}Q|`En!Wcuui|l2!dVP1cHDA0f#M>z#j;F zAn<{}husJe_^=xdf_)(Hfxw5|2oU(N8x4YeAn<{}husJe_^=xdf_)(Hfxw5|2oU(N z8x4YeAn<{}husJe_^=xdf_)(Hfxw5|2oU(N8x4Ye_kxAy`NuGJ^phX7A} zg8u)%M*j&qPtbXS&Tpza0S5vOyAarXOPC7@IP4|`fe!>e5cseg0RkU(qd~9_1U?Y> zup0paA9kZbunz=25cseg0RkU(qd~9_1U?Y>up0paA9kZbunz=25cseg0RkU(qw#;i zKGcaX?%&=E@PBf@e!~3%{x9JCe}XOHSqLzn3HTE1+W(L28bRL(&tM_kw}xO-cg)HE zzvq^AMfmAT#Pt?IblmKSjYoGz1NYob%9;!aho8^%SE<%F6lfaKDw^?LU|e)Z(Sjeq zH(3&;$5+xoK|4EhCoE`Q)86Z73Pzlt^sfpa$SUW1rE;gYR^`1_gP1J`qMia0At%N; zpIu1HCigd2_`yDwhWPY9pTLCaJ{;q9v2sq(ODksUu}z8;kSIi4@7W%!OYtW^@9=NE zy{Ul;!}N6O|MT8ZtKnIer8?u?;hslyUA8))2LxawQqV5qpGvz(UB);=OG3Pun+cv) z^;f~1ANb*|c5QB@D7Zf6@YeZ-;CyQ0g2jj98&hZwQ#n2cmTKSf|9$@Hqmwcm-BSJ^4P}cxO#?bfGS%*a8$kKRDF&TK@JE1v$9@xfzl|^+!^Qx~}VixE$?uFLk zs>jLjzcFpx=fDBxK?V&@gj!W`gQ60>pneW}$b(otn&|BrAKr6eWaFp*vZns=W5XPs zGiJO-F*$#792^aAvx>3~tu3>`)w+h=2eA48bP7qrzxFr)r7KkC>6Dz zhW9VUyfyFxmB&5tK|k*IOG)qQgt7(d1lo^yGdfz%4L^Mk7POE87PP)jPpwG(9c7ZP z+9;=;#^-U`E~=*iO8>Rlvo8g7WMj?tT<-hWS@?M2nyiV5VR;>1E7Fc`cU_T5K^Ic# zI6&&C7Hp}yk4dGV(BtrlWM8go=(0W)+@W2i)~TvwDE2U_Cyf_-dYn7+d%sszcsBkA zGcji12+ODk1_x5EKZ}S7V?4}G!>vtOk4WRHIMZ%`+xK5nfZ026#N|SaK+|IV1=E;0 zn(VTg!5>u4cp1;$8{4ugiZmDnIvg&Kfjd|1YXQ&e`|R3Jka7?`(EaapXymk_^+deM_vhYy7tCE2 zR7?X3_P{ks3pIfwTvI&-+%=qSjF&iTY34oI5b|MdI;CN^{}LZ}xwIxWhx;Yvk>1J7 z@2d)UghsVdlAt!Y9#I;ME+a|3A7vB~gIf^x*o}h-ZtiBjzE9uW|ElU(OY=GNZhORD z-%|VWMcsX{M6+ezfIqfb6AnnEn0%fk6rI6n!U*+?8GK_U(j2z@3#1Xp74D=5@&iA6 z%D*pum4oXUE!!TnLO>&c(JIPQ*@&@z__fmPr67gnzcd%w=C!pW#Dz;@o~Em^;e71x!*O=y(iD%>2dhp*p^c&N{<8PS&<@;MyOe- zUiVCB;IlMyGO2H0{sOviKn`U=Wmz1PQs%3Hf5hml=C5thLG#qaqRFTOA@WrgG9GVH zbkl2p`BlbGzhBkUp7EFR!goA$#|+_}3F3MKL}x*e1oy*-X+=|`JR8z~0iB&}d#?Od zUbc7v-rBA2SRL3khlmT$(o2&zJ+TUGsJC2@{qNbMGA`aR=lh?X9b9t7TmRLgP5+<= z!h^z|19u8S49sRn8TOo5>;22Gv~;YBaegM}MkWCh1V@e9_QqiG!Rcq|nWHhbX0y`& z`}FsRZ^;!8{5Wj_8ilONxItNgxO)0;o{L&YxcioL zql)AP@SPVo?A|g2JLqYs$p+t$dz%-mwf;B7$qh>_CEh20KN~aGZx53vk$2mYz|j#v zuZ5zuAjm_`fjzKzF zHG8BFtBKv^O{-+P3>zPeKWbak=^+I`diR^53zi+DfmeA73)T+)m-VjoXWYzNMDX@z zQ7>le)GgS15Dd{l9?q`Hoaa~a|C%7woWP(7$bDReXBG&0jlQxq=6V#MVbc0uTtshO zD0!Il`A09-^Zy$2-j=KqgVh&8qIF(pT(rjG56{0$oTp2@ z;WuCSJV+YZ1YY6c#t#Lsv!rs~uMTPmP*3 zEqV|4)m_5E#HL`5!UP!hjfSbbn78~Z-i++>;yu^n+qs0F<)FyeF`ysYeTCHuP&+8# z`2W%ATAqRnIYVA+M_^h(YN+i2g3Tca6O;}G82lf}+>JES#;dY%%#PjNJWK3Qz}f#V zXSHm?7QfTet;XWzCp(OfCM&J8{Fj0vk8>%;0}jG6;$pbBCQbw#1c44BKt_P!&~&_p z590D)G*ID5+^BMCn+KP5LXe1B%+|R;Yar^7f>?=-Z;yhrN^xv|QTL`!DM>1PQo8lv zrnMd@1T!@qX*-oPhD-Wp<_RS=R}!fR62Y(*im;8P$>mHylNYBlU9 zgjmsdmbBAp+X7Sr)OXIm%!Cl+E#zCX1p<3iuw3+fX5Jb*LdlU!uMc z`n~`vF_Z&eR4AVV``5gig4mzX<&4dY!D3-^%H4K{xKRhc)5Ol_{eB_Er=Hv!b)-pu z5d7G5W=;6cPDG3IWv*g-(Ou{Pw>)}_(|QYp4hjrAqk`TD_i-hzk`0MVR&>nt{+ z&+n_m9o1nxo2E38=HOeHjP(>ac4`H^;y^Bs4de$w)q>HCc1pZ_sdU6}PKz;Py=se{(gGhbZaJ`<>iw3UjyN*qpIFp65_!M8pZ^vWLJ7y!uJlx7u>r7I`|Fd zu4)6g={VlfP`(gh#C)`Ecj_9VdS2Q%GoUz;qUaj^Vjnt8mq?hFe`L=&r8iOKVemYK zxhwPF*w8atPx&JYCGn;U&2zGcKs~eG_xUEfLQs2R$8Wo_<>w;aV{ar}65zbqxbr0Q z(ZMe%r`N0TO0`!5Sp$TC`Nu&^Bub~y;b_G~!4Uc+Ptm#palsItGTdej=&0P|Kha|b)xS-dgZ#k|9Iu*#N9W* z@xhs8#nEPpJmo{487OsMt?nm!w8m#~t;`dT1N>soQ{Gky%Y%`*6(I$VoALz1XmE;X zM)5VD+@JWFF(p{w2Xo(z3iCiLm9|5l7>b=^cq?cUs zs>=GL|7FqfPWrsET-p&EpSlM~6WKjl35l>k!{aUM@_L=EbkZ8-{s94>unR1iZ9}jm zaKZJPY2yPUD;tiG?YL5u@`VDUY6s$I9!@7B*O)5a@k13>JKpM^nyI4NFO-U)GC6%) zVB_zAWdUG|W+#}Zv{g{I) zKCHri!^?@`Q)2m(Kj+rKkh{EX_M?cg2thqi_I%EQLkD zrJ-Ny{oenK#bEHO_M>xY6^TM=XD)fUotXYSAnE3q{5VBSF`QY18 zPu--Zd_LV>1x#RvP%4TBYmGlyg_wk4C;FfAMnUCdUxf`92E$IB=}Uj0g--K{LaB#> zYC@9u{!VD7W!f1LunrHzbuDq>4jm_nm(Bxwjt-avVZZ#UP?sw^VFvJDRYpI}*Xw+` z-uins`&oznW>#aT6^wjD1Tc9p^q}(!Kqe)RUSu=%uiSs*=6oLrx!N zH*Uk8U#pY}^F8>e3vOTQ&BR;y z2yMh~MN+UFR&=DJ3;P*dDSUlBiCmmND7>+cL>^WM;U3u|h5Pw@ zKJ}qKggKHOpR85x$uoCv(Lcu|M}DqyD#MHiP6R#jx!=>geEc%_xDtXpyJNp!p(d zxrg(YHuEo+c@KZH{2xUxgClz-_PmUWZ4%6W6+cQ9}fE8zgIZ_E{!Y^ zKP)9#f4!#Rd%?3FEUtu6=~v!|;9=*d>A%B&Ok}>$Pw!by_KTr|Hk4$LB`+j7d$7;D zW@TVW;4*tVPCx0WnM}3)8<~{__?r?Pv?D#edy{|b2|Z$!hOJ1MgZ702n3ei@p72N? zez-@`m6A3vdzAk}@FCauYm6i{wy2-!4&^gRg|SUvVSggv_l>B$*XNY7w5#se7n_?! z6_IFOZZsd8@FN=3QeTRmZ*P-TGfid?^h-HCQy`3sBfm$aTNS4-6^8P4(|^)RN1wnT z%p|m<<+b+R3Kk@41)hhtD(wv5gZihHdJD%Ic<3}+2xz24!*k0Uq4qO^F* z&r4S9Wq$Tbu(9a*H}8tdbJ3(mx6;U$&Ww-0zZL_)@gT9Ug>(jP zMchgKc;U<9tVmj1=Q^{HIiqUf>=+CrTyRt;K3~86rw(WpD3)BDt>6HQnn6RP2;)gY zN~B0^T#3u<;FeGjuqyDGmB1)k^L?R9KZ;@j~IW>G(ZYrXz%Hd&qzC} zp&PxZ0*-F1@~fBNr&U;@#VnUWQ{<~V-`M%_&Rl6k1c=PHB*a^mm7pM!8`+TH8H3Do z>6P)K1%fZh(sdW}FkHt&;t`ZjuTIJ|nUD5Lr2+fCnobpU$vY^E>mpmP@GlLvYV)4Q ziMfH8L^EAtJ(F`U2_9+MgCU z{y+V}CaYJ(F*jCSXeQ~~yPNMt=ZiZ|uTAcInxrcEK)q%#fA}*Jt0pk;-tNHgDM22$ zVHX;}^~-1^&1JXFz!uE@BbnG_(-IFu#?a3@F4E#lB`shV=Biz{1Z5lx-wh zfv-gO9I|2|)(f`7T+2Q|DK3GWe-ms%O?Kbk@(S^Xnz5(v;L&`TB``te9E?&iL}g_hNJ?kSc<>dU zhOYWGx);#?7ub=6u7w(jd+-$f3YFO;pk~r7`sACWE6K>ppOieK(EAkK(Bx;VmEz2Sv5=FXVIq%cs0pR9sIroymHaA8!2 ziuc@qR1sf`H{M@wNBC@o$tU2U#e8)C+<{_z#7U3s$Jq4+SvZkid?nEpuVgL2&srL3 zR!I6YamKX1VxntdKR@Z{OzF)IarD50xDFxrM2~M@*}UpfK9^Za&9BKs4VqqhXh>aW zb#NGarq#OO#4FFLiym=cob=Ia5ysU-*w3$zk@!45toYz@Tz15p!p`hGr!;&70LwXA z$NFJmiZ!_w{s1i^>3@O)Ky#>y2E+sk9SbI$aZJXPJ>;a3N{aWi>MgFDa%mPQ#kI-Y z9yBg9Gw!(!FuXOlH@1hxmh~0;s#oRD$}Eh#M%s^Pk7}|gUn=W(kpHvd&(CkY zhbBlNt5h-fgb^@A-jg$4Cp@rGliKAa*KWvi@^*dmptm zCrht_1sKL-yzg0Bq+Vo&It1OG8T>QTI#m6>|L5W0iyeVOvreDC%Y}7|Sv*$0{$TII zUPvL|ZoHBv?uXXFuNcE(vEn-smAB)EX?B9?YhON%SU-k+3kXs`aee|K!W1k7paCOS z%-Er39aPfZE=uGsLMlX+m2OYM@6Z=<^FG4?8S4mX|I@#q9+XjPEx^u@U$3)!T_kj) z^1MyNy~SF~pB3i!SG=X1Gv&=yJq{Upbzi%#Q`pIDQv*SQmgvdFy>UMx4<%;EakhTJ z#vM6oa^Kx+b;nV8=enOi^;kLHh0;xmSlo7;FB0j|k&SL}oDXJqjujq7=nEiSO0;j9 zv4?92-164Ae8J{3O*J}?ouV&y8u`hlZiZxToXtY&Gb~`@$y1NdUHUcq>%M&vd|_5RU> z*OKrhD#3n+7yCOhqT;K`MCTt6hXbExTBQMK7Ch8={UB|h;3sD+3%t)yRRG1(-5_N_ z^hKOoELFRUOmV$4Hr!KlV`?F(EzJ8g6njS0tc77&XxVH;%5Sko-kt4 z=y<>P&Rzd%z0iLxcIgrw@{7QX@#N(FK{tW3l#s$cH1ZwyN}FIcWqYAvj3(0VrsU~f zpVuZ+L*a1O;ez40t%Pmyk){JlKL`roZ`w2uz@~ysn}XtFRco@dcEm+{so3?zsSVyR z2p#?8EfpC1+@BuUda+MgIdd$7Vt(sK#Psh+H+7cmO$;l4yG9Szk47&MVWG!j#ZdI$<0;D_EWhU$co=pW~UqLj)Z6+^F>~x2mKHb?u0?NSd(i&oPa*% zY@(>KtU-5eHuLz76}HSE6>B^DQ!jOII&4Ko!;e;Mc6g|Y0x!vi^&_ivXM1&K4&xgY z6;CUcysX%m3v-@cc}2;5J$E8bq~3N8p1^{&?;Adva)}RjXI`17=Vfxvsx+_q{n$`hA#R^V-1YSD{5m)DIxj z=B%Ko$JqGM{b9R?h6=VI)WnYV%vbI<2Fg&O-waeNflS;br}G@*Vt8XFRwSQqq<@>9@69!o>-RUsRc_@DHP_)#-n((*5($dV6T-bXW$PvRI&sIyn41**EDoN&D z^Gg9;Sy5pH8+5_%xFkb++GY^oZx;D8O4$8#8x56tQ*&&!V0#n<4RCQD0S8#T8k)fK zP-w?Wm9*CNBC4ZkyqaNbQ4UEvqac9MWkJ*Z);_?yv$qZQz=4I32t@yyMe#u~XD#yGP4PVoi- ziMSrR;J&~o`DS`gEHa)`EY;HM=&XS)St1S+mUfk=?0PK4EOIP6PO@B)pVmK8UN_`W z)PF0k(_qc?HjoEbevv!>^{*JSSV0Jx^UY(ag zGTTS|oS;qFcWeJj)%QPaDoqaExLbW>!N;OC;KbSYM?MhC>se#JtO1&ri@6(dUR4&{ zi&+MPmzZ?axUx_lMguMeUt&LA%Tqp#Uk+obiuk%k@xt3giqxd-mnl-uN+=>ETn{Ag zyF$v&A4vNoI0SetoNpq?$vYlMrXxs*gl0TPXWZsJ!E-v##KS2{+xnqY}HjV*9+N!u4Pbt9EBi}q?35Sw`6$hga_*v_WwJ9%8Z zjn3reuv9BK*u)*1ug!6M1_4TcSxDwBs3O^hC<#)}0h)cauzh9r5hz zk!NS_NTnq&<44&cHNt0eUi$Ei9%S=K+szdkUvWHq8pbe7->%Nb>3DKG+s*ps366U(Yx&j zhH8K7p9>epJ1V#FvhsQy;lnZ~_(=clb6hR_tyK-@ClJrTV71U75Oieim-8fh6p7L8 zk+NSKTJ)%NelRdSQ7!7dH>5(UQ842vQrCDO9F5=^zv|(3_4%WI=QG6>%%gUG-lx6g z*3CJeIW}Gu<-H!8!PZ#oYyvjkSs55kWmj_d^PYP{iECr=ns@B`XjrPh<3cP(*3N{h z&px268xd;yF%kspBc@677dXH|;mJK zSSb1dv}x@uIti?w(7WA^@En0*c{~%#4Fp{z#ujnXhE5B$Ml!|sjQbyz-J6u0-5 z82EG*Y5M_FCEsJuNnSl1JY$fq=fKGO((o8^ze1G6`fAN5`kuZ<=W2z+Ye_lG% zKdt(Xf4s4@QqB8w3!C-6co~;tXR5=3abSr>!TtfK^|=?aSBVY22CRhQixTVDjYqs0pbgn;qKomqicU2n6$ysGX5p=2wJ-+)= zoO?Gy&L_Q?BUpy7>^=ShnUBHaN}@EyiwGde=27BVs39}Gd?cWiniU#KftTCV5PN6Z(xC@ojp*$cJxE}iAWZdlu)f|@!NpAS0&gX1v;6D z+SgNL$wVPMAXTzej%62iGK`vipVi31C$QFeupXP%AD>PGjY*M|#}oB*(vY2GQb6)$ z(UXQ6%4P@{&3!T`5>1(-H z>sA93aNYxJWhclWt5r1e8MjolKBnnJuL+y|wxfkP-)*uNRW`%N%eKH>qk&IfttN3F z17hM;faZlRHA#E%SBLZr8*;Vu3sgM86mQ6KR8SWfZ_qgSzwq5>ET{QHM-Pcp;^VWE zn3=eC6D<{PQE@VswXqi7!+j+6TRKf6`i zZ)8`Vw!5SCabWsw`_ zMH+0J9r8=cSiCKVB&Oqe#6f(c;AP;9lOOHT)FIsg8J-1h)6DZDvPYPaZ!^n&H7chrNm4=W1Oq@!~y$x6}WXQP?K6BS}wGEiP3 zK|%D+>FD0fM1{p8!`?wFDeiLzA`s~`Yqs$nUTHsnIAp~=I@R_#4f*vH<%iRcXv~O4 z{;W@Zydq=>VZuDk%TZTE!IYcu!_d?46le=yN^-N07?z@oG_I_4RMMix)$rT#Fn6~J zJ0wb@qzG(w#Z4k54P6ZJLGDrFNUK0vCPs}#k~1EfI;4#gr%02VEy|P57*NjIxm2`% zyWTWE|MrtBaKiywMD}s+sMQ(D#1{9AC%?k+FE=#I#4F3FdSf z)JKA?i5aeBO)EHjtf3HII3}|IrrPTr9>wpj2Q=H3G7)FaR*(F8p5o7$<9*|^tt19D zD!#n(V}lxkUUo=mCy%Ar3Nd5qde&C9rxD01GCTWO_NzBkntM_4hTUhoJ)t=~YRa)= z!0E-)haN=Br0px}>~sf{4rEePsO-7I>Yzx);HPnvAxQ-p^6)~f#-81yhMkz9?h%;TlO-aFP~wBFf&f~?Gu1JJhYfPubk|a zI?ElAe)p@NpDbG2*A=XH1T~KuH!OXcZMtXEmGdx+0ST8aoIu)-q`jYnks^bZIz~(( z0|^DDQwu&IqU%K%?V~KW-FFdF_0G3xxh_ERoRs)SXjMnxmg$4Mr2O)-R=%3FyC{-! z>6ASpq^oMaGx>wB$`H_cR$LMK%ITt51T-SQJ#bJW#>6Qt>ln7Av(qoeCZXl^uocOxx1~DXY z7A@0-nHZi%ycw;-?SuoXX;&YFM|^ef?(EECP8hFs^7-h*{CGUZ5D#Z9GyUaFxHc0n zKr;2HBH~OD1vE3}z?1$U*`#152QkWrnPNq@S-%xXI(%cCOh<%s1HhD6>s&gdS|zV) zQvPr}|5RRrs+rY$R{v2(k$nAlKY2DREhLf&7SAF^-W|r=P-MZg2D}tFmzH?=tnJSZ zo_Xvvm%*`!jVqZx-gBi>bmICPyix^W%2gZo;Rg{8%;8Louc9J-1B2u+nO6CpmhZ37 zf{pDBYK&aL^mfz|BBnpxbmTyB<-4q8U(48T8PeJ3=@NI-oGi!ddN1MJj>vQV8uf+#&+L* z*V9%{tT5gqsy>HQa$Yc(49|2}IyC3r++`WCE^Q~3>{S(n8eMt27Lalp?EG3xU$*)k zW6OI1viL9+zMZOqF#1-q+y^c)NZr7T`7GLY({6(yQ^4;qI2fvOo~88dm3WcR1A zHs!$7Ztew0GNRDqM~yAj()`HV$iG5^ndn+$87hg0(@&|+RgLrrIruTZRrm7yN_hyU zsgHj7C)Xm25p$wAcMFiML)w1&6DPbKz&;mM#P4;35=W)l?4aYbhFUoG;{}=rNP{nA z%D#Z4$wO1b>wTq+ES0g)<#y_-uDPRsBpx3qdL*LAxw&c8TFbM(Z6waW{8 zCW)cz3P?Nj6;1swR5+?IyxHAp81rX4z5oe)V1LO*1M0J0C4W6NeYSp|&(W%I5fd7( zyHI8X>) z=Ot_JpZ!cu8TyoznwHz>BWKDDuDC;8=jo*{DX?>B4`eBF@(IlxO^!4cEsiZsOV`Kj zr75=4nhysHkPo6Pe9c;aR-2zVWxZq>-v4QjY@ip7{TxevncIxwq6nlgsE@XTtc6LU z<=rkuCP{t!BotEeRfz?}tmdJKJw@NTylz)kpIEyV`@5w>?O$?Ybat&y(&KkY-J`yc zM{H7W6G-F$p|e8HIONeZTXQ}PW)EDj_j)K6tBn9VFVgEhYF~L&F3YaJm=g7GclCYl zF-!UNrF{S+$k;9F-Z(t`ifRerq;m4v4Sp3_6^{~Cdtsr4Y}}+7(IdUqiVz)dOY=yJ z+$7{bt|%V1NRDl9ANZg6%`jD26nyqiNJEt}jWMLN&VgzoM9&HkTq49Ip*|rbiU+my zgw|@umfls3je#Y=b|u3$>!Klb!_$6;f`2Xsr+;)P{Dxy}r}_Lv_EMvH+)B3^@cpBb zk|U%e;ySrN*i5S4mZsOK|MnHbpd*P+T^O%;vA?=z^5q|wsN*;N&>eoYv+b+|ZmpjB z3RrU%?mM_BrZ;ybD+XR}hVA8@^X7?Z1Dk&Yjig ziHBJ}7w`Kct0c=dC1$U___)$Tn7wxPhv-jKbtq3TaQeO0n3>6&(z)};{3x^{MwFc7 zsnU#o?xAP>XpSv4IJ|~+M4$e7M6v=u?)|-Zkc>r6Q`n2y_pc7mEcBXh! zz9-5m+uq{#$~-$=G9C3D$#yF~#DFw9gPZ%8hyf;(n1Mm5$eKyxQpEy)Vk+vae+FRx zuXVbsz31pN|2%(??0@ZTabjK>aUx0B7uJyng7H7AN6g5;w$HfEY7)|3uUC7`I6oPX zqI}gCPk$-%V-*qFIL#_N6pgU_$Vd-%+ZkiU3sn6Q ztRP7!Sn)8jBI+g?Dz9QjQ&{He)rH@HULrQ7L$8)U_$gh|E$;Q~&*&U)XP%|xJLB&B zx!)43k>U2rFi5L$E{r#@eYo=E${W4T`u3@K{mKcy#UC%YEv~)2P<{DgnqkI~_p|u@ z-(oB*l2Fh zoYE^PsZ&?Zd*K4#4rW)ud8ssjRVY{rcvB!8?mjUlx3;+ueb)CU$^3)YFO9Ee9aegl z!l6R+lf0f}B-k;0C@|?4705cowMbU2a6NnfN`oCWSp8lyzyHp|k;y+xvLN`A5PD|A zyz(+<;V@(+sDwUn!%APR!_z!9YkgiAYoKi9Xem`bec?gCGVEFWQ>f#_EPi)*KJOE)EG86eHgsaGx46*)wlIf0nb2|_smWgleUIsS#xpl0*X?1? zs(UgoA>Tr^##v2-G;+|ku(kM91p~NvDm%LjMeFrq&j-!8--23iquyGcn9pctu>6sU zJ=Dn3kULd5zjqiPX6%TxdVkx)-(HAySB}=8KV*v$#8Fc#q|va1(u?W$g|)sRCBGpV zP3?bLwxYCc4J@$Vk6-3kes{cb?!z+w=)3%I^xpSRgG?2M&`(x4U=`!he@pfwU;3#A zN9h}xe0sg{czs!a70q`t%TLS&0~UF9M1bF9{^R=KMG`rUIs)Fn zV^mLrIL{c`ae|pS)>s$eMDw*?jmkiQRTAAELgb;a_w2PO-h)vQEn4F#l zm9>f(_#<5WSv8BX*5?#k&Dw+05zifYS$!xxMtmxY7$6ZJ?e{6F=%o%`ol0%7+-z;b zR2B4OW_G0^Sf&|AF{5ZvKVGlC>)r{>@G?Qy1e&&$Y11NJuzr}6%W^Kr#evD5`TWI_ z+ylwvK}nJ1#8hNOVN)q*>L=D#Den1Ei=gx^=D)KK*K@^_;(5CryGrNzd6Ts(mmmV-MRWLR;BesLULi!*DaIq&13-N1Ct=objV`$gumlk}X3g?nk-=tBAve+*7TgmXjy|S@bv5>`Is_nSWk#mPoUCrUb2`TDR;)1DL(kHlC0-Mg z7{=&{I+ff1_AT5se{IEkV0H979asQTQKdVf`>ZdzoMOtyWa`YMGcH2qAzf%|n~Xr> zhsnC={X}&+$*skGY^vyw%Dr<>`%|rV^{{{p;@HWDgUDOBu&|_zJs^- zScvo8Va~_Ai9=_J|M<7eM<%bGCqi01=y7R347IazVQ)#&az2Qi&i-a>SdL{QS;uA{ z`OL=Sh|)nlV2yW6RRF}>RWLJ0m%ztuFu*#W9-WE^eY2p_i2`z}LQg z(F9^mk>~h@kEEgB;Ig;-=ilp{Sx#TBPkT(kHAFJBU5wa zbgxYYN1$3!l~4DQgmE?rGzm4;X44vaZmjk9)U5bkb=V~f@HY4iy1~r9DNV30$iz^Y zWEGWo-ixGjMffJTLgDVAIdmFp$~cOK@hKUu>UULNT#iz7e2_`~QRU0Z)AqLw;fnn{;{AqWn6!W{H3*_aWB=h_JIZ*%x!N-9a8lGe$j_=5coAF{_=_C0+nb+s;f- zND~ABEj%qEDw*z79Q#TB#Rns{(Dh$O3_h#^Su0rvs)l zuDG|8a^$3v7ll*5LKt&#{becYxEJ+DlVT%Lay9GA>udR)%Kvl~yu%e5bZ=)KC_;1r z>4Eksnu?TB=7&4IvKDM?CKGJv(h&TF3#c`!FM8)JeG?sME%9Dzt(s3inC-+u?i(f} zmjw(m-T9A5B|D_ceH5GT%EuSFP%-B}A=kv)w2UKNRR4FI0smZUM-MWNDjlr$4xbUc zi#I4Q>NhBHgA16X`>2VYq-(tJrMz@$1xz&4FGO?>ysj$5+-)VgHCq}x3Wn6OSYz^h z4KcQy8$jDQAU9|cYZfDTXsIFdyA!eZzgh(Ow-}}^A_KP>QtepC)zXk)^rC)AOPhYi zSbPs_av{;a>q@qynKABaKKXU9Z53!a+S{Ax9^lOgUGJOhNn(K(PhjJOES6?JaA^Cc zd(aV+{GyF-E$z7w<8_zinB`%$lL!9Qtn>qJ0r17P{(wt1h>4%N`e0L^I(C14E@m(G5vws#^-fp>OsNR%S#6gM~<}Z(?WPU$%4I7 z>B5}YgyZTeX`)Jj`lD&9GzUam6Mr5NG^e%bdK@Pv^KVAE%FzGZ$}en9>{SQQ1(1Ff zMt?elKT_zm5_R)*y`3<-WR;>%e#p=&*uPNK6%?GXQcV51Td}=kVQzh}!t?{ku}R-G znc~#HCM_f(&6^Zc-6}^mJIE}k-5G=}zf<2C?)$H zmW;eA%*#t?b8(ly@VI5!5%XKuD0)Dx8W%k5!$}8?@-nK5-ioLwleIZSZ+GO->H<4v z0UP(r=j*R|^|1xp<$7sN!+&`kP%7ij_FV!|!AAS!R2aZx)!uZn)UzQBQ*SyU|e{q4fPMM-9&Keo*gnh+773_r0N zT}mjU&U-2X8n(YN(fdAW3UbU@P!!kO1HasdI$D1?=aq(ONC~NiY1HqN^Cz_42FSg4 z2B}6CGo&5rm-_^VGpe?<=g)U#$j^g1e)&Hd|9t22cX*u;xO!cj&l5~->FaMFR^HPt zGcCl4C@iCJxPCdLY8|j4zx_3bgr5gl_ldGEv{6T<1l7Q*;A}e+vPJJ*t9_c(c)KOq zabtx};VNkmHg@peEVvj-r?cI=t;=ORpK^2Ag$r8E@C$!bdsOHZjtM0{edM`<0z>2k zF4S~n5Zt5$H%|N5z4H8Taxbjhc=eC+lk%dSW#s@ks|tPe2&X$IR{k>jN=~W8#u^=N zxt39|CPEOfd{?Q89|H~!ta%wUFX2uO@(Fl_fIGpUs}vki#(D*T0-B2F?{S{<96t2% z4p6#u0kF?Zug3^|E4sEfj+uAOxfVF3&vEofKc1xNrSf@h_uM~jU=-JN>N}Sj$>%?T zFlbk?azNFBk8q3NLKrKc>nrT3bgscAviG>8gSe!_ocby-J#J+6N<_RA^T?LAIb40W z_ZnDq9=+R}X0Pwz z&?D^L_;~&0*{?sPZ0b8N*n@y%mmFaEl6hx;auo%*DT-=Gzd?bTQvtDN0ZFpBm?*QY zim22+`3an4!Lh_?aCZ4VV#Dpfmt7_R&GKR6PU#OAe<>Ykp59oe zz`5IvAEqC=dO7b>s}=fREsoA{T5lT}8jufA>F9s!@I^MAG=aR-nA4nl3>Wx0mbT8Q z-hpxv46XquHYZ(v_uK?$hPRCR1%a7N&lvLr&5`*v#xQE{)~qEW-au z{H@k;TW-M&7CdyRRXZk7V6{W+pw^2c9$nN5$zeAsq7)u2S(C&?xtkc3t-t_BY9KY| z?_a)Z(KaHD#4*>fc?ax)m@~5HQ98AS=*Ay%&THg2S*LQqW#;>V+F0%W{cWZ`JeNMeuDtj8Smol0@Qdhr#jM(*8)utB; z2QQSF$w+6m=OuVY{q|aIK+R0Vp2yTJ%u*pR^iQ&do9dZk-}CmD^f>R)8lHVunSCuZ zpP6mCV-%n8ih~tr1I;uZx`Z za?kqhdQiWrrf})W#P>=S6kCELMI5MP);v4=v>4B1%J}1yUX4k=DP?E_TMCxKWc0sn z?kd^o_+ZrbQrrpn9xE#Ko*~Dx*bxXH9O<881$D(M6rALB2Pmr6z-Bz*qxx@$TBRoe zhsKer-KVM@ z8A0GqaA=KnaB<7*0k8p=QwNxxf(O|LQNq1KpHWx57f$-&_j~XuL}jDG6kepr6fUt-CH> znc{AFZD-fmX16ewH{omUHa!Ro820)VCI?66i}dkU_Sr(@)|@Hq@w4=xRmr|ta1DUr zjksSSHV^WoC*^)e4_1M&vnBL^yc<=0@(g-FQCz4&QJgB98m!G zEt-0BHWw$X)vP6i>ti7Ks7NPKNJ4t`0{Zzo5cc{2b-FD3F5d5;{<3hR*dW*pkWT9o z^Ex3-YB;*{&&KWvh=q#qSUtuOr0So^b6R13D zY^xXb6d+gu?eqqfW=RN$Nq*!xnstaNG{@p*ga$5&K?l(Yg7)LyR_@sx z(Vl~Z4OaN2AlDl`16)mKzSos;AIQE~>HD8nFoPP~BQHu5f**O>D34CvE0lZ=U!yVP zc?g6lUD1A51q|Gw(>QRKMxB0MY$*!aYdm2&_Tx~+<>p_~&Z4EE?|U2>>7nQ5=%+U$ z&Q7Wi@?g{S-_FkOY(U%Mbv^@q0C+vk()$a2AsX5zTarqH3WMPD!jP;0L&*4BF)8E-awAtG1nVp;0Q~@#ogW|`kcmG78 z1BQ~^9COQUoSHjgw32Lto7)~OT^}|D*p?itU#s^n<&T_w4Nd=py+TV*O?VVPDpzTf zLF+mHAGW?SAgZ-%dk+lVjdTiwNJ~i!4MRGBAWBGsq)6A$9U?8Mj#3Ipi8Kg^AgPE_ zgGzTv!?&@XbI$wiKMtsK@4HrB>smFV-1SQV#({>W{r@SK1~4B|&QreU3)e>QvvOUY zC_`~c9lQ2%!jn`Bg3n`NByVc87uxxQqM74`*uFFQkThbw(1Yo%`miV?ifeHY({-B- z0WliGU3Sggh4Q|1K@~ErF4#ae41JG6*mvL6RAl@09+*!4*W)F~asBtWg+I^x5YIK! z!qN(Cq7U9_u{y0#WKDB)=#-uSK)2t;ddC3iX|6hxQmPyO8V~?dxXzREzl6lEGnxB2Cf%CZ5)>2G zPA&m%ZSI$dXbVC)B=y@bVL)!DhOE@P$`?|DUW+#?l{3~I2&%@pjk@MlV*>*Bk&YaX zuJ5_Ods6*QD#?`$6sZ4vS}*>coiNC_Mvc?9ch#B=hXP+|^g?T&X&8`AL=a-B+D-^k zrdhmuxq1<;CCodkdE#`~q117H1QiUQYmhnzcmKkX{qL($4d=u}KPLe$8vv%K1PAZo z@K*^FUKPTQRL~nsgtHZ7!`X^r#c4>mazxwxPeIeg-1+`+H7`l0TCYskgn|DP>i!)+ zulv^ZWEi}g)_z&IAe!P#Pwh>|%Zy=``@^Se|CLP}|C>%BI2}-}-cS<7=bybc>p-ZG zOrHV4<@oQVYHf&q^+)d!w4X2C-pw#eaSyZ; zhMp2%GITAaUz!}+);`PzH9r;@t8m{1vm4UhPe6pg@YTI+D^utyeRgoWKUNFS+Kou*De4$AxwAd}???fN zvkdv?u{ihCj(9pn6`gMY;|XrWgTf`!c$^h@gmJ}e?DSeBj~;3FUzll@IRbSd>(Xgf z@2)L9>9UNCuk02J-s26rA4M)7s}pf}R?fhBfXnDq|CIg$d8Pkz6u1BK<(=ao=p%;C zF0=ipj%|lN8Xa%Lx=2wzNS>gq_J~c&F8t=i78rXIh%KSr`&K3Tb)zGBst1CZ*X3QiNZoq5up(^ zii8n+s{3xMQlK)i89^7_RFFJ=s+;cq_D3$xj3<*|yJsmF^*VRU0k&cdSqgdhqbq(OX0J3h&ZezGtF!xjl=2 zo!`>Iavq;LGkHJv*XdVuUv=wqtAFYlxJ!)=%u8x~D!hL5+>h`y8p2s7x`P7*S?k=T z^zhb9@i^z)_}Alf|2NbU^en@Ef@BJb*!1{2R80%pya>1&gz!q9K6?7dHym>bp1jfQ z8h*C6G6@ZT`7uej8pp8ytsiHsOl^>6}C_|-m!70f;u>~ z|K68zeDcvdM)_5;1`HL*y>af2MG(l?>8EYQ;{2_3qqAyVE*J}R!C*G|-}zcwME{R$ zapm&;Ey8|prIGqrJGEZ|0sR}|i^3@OR9c~EWp=)yWp(N^Db9epmaNp|r;pYi72RCs zS&(}=-p$_csUeF)@G8k?yF~bkj3k(j12E6!I1n_!HB$d)H$^Gje~Yq08n^|0#LPOK zavblY3uPR=xXFFDu`i9OP>FQ|vEP_xg7YZWR$Xsvztz1_cWw8rhv2 zNQAa>D#x+G>i>~upH$v}+38=_0oHlxQ1FapWw_?$-mwo@{H;5OLd}HAR+>U0GUPhR zG;M@X;jumGOxMhN(uRf1aqs0!TV8Ie%D8^g>JU%rt=y#+bCF9Z-s^c_yYDmI5x_DF zE+rCiol<-(bR|5yzBY5&NDg9dEm5Mx?D!trt`{Tp0d3p^?qm*O6mB~}dY zloaE{`j23Cf$xQ74ZO>vb)xP99%X@6PpDbCMKmBu{*B(#-@$$$44jXU>k>)`hrS)J z|Ew$sI{a%yQ2ey{>O}1w;rcktPvY^3Lj@jLWfkHvXlAmz$0-z0D6B{^AMc&e@I~OR zkan*Ogc(T`H0NbS%5D456ov`*ezPUrH;(X!pjgw8IvUbPC-0j^{T%+!ptZ?=LQUs^ zA5dG|VIFMC;jyMK?VEvS_j71GY}Zj=XT`7e3WXkn>dDu4{7w<|=|qW%-N;H#J+L>E zSwA)RWmQub!kU+{eWX@!FUg_rxqNCKh`cr{owU@^h(CAR|M_g()Gz~o{&|FcPc*Ds zh21_vWPx1;4xwi#2(cJSg;GH4`wFh%XZGZcw6#pjE1`uvdQX#8>bB;x{E53KyvFzF zIX6CU`(2Nm)6UReCIC=^X~-WMqlYJ*nb!Junk0PA<@i6JmefB1fpglKpUR{ScB`GD zOeEwv6&UBTCUwWUbkuj-hBG|e7}`njMwK0`i(6xETq90v55HV$O1qpur8`#T>LKqm z!n|Cs24N-1(C->I)ax5PvXjZK0w-#I30;=5!o5fL3oiYS;rDa@cb0yI6I;|_uR?1? zCF4E$=*V-pZd&85I`vUsSEL;LS|2(F-Rl303ECU|^cZPeY+E-l=TkdHb3|MxGp;n1 zbY~TYvGbUYQK@;_ta-s4jGOOwbN5`YSII%Z_6XJyt1L>fVRaYrGmSU4R z6j6L7nKDa>!ppk#Rrno}6d~;SdmGaOUAb`8b!zmB5u_!+-MmuOafhkl)fHeP z15YeT6fO2q@?2^D^SPk%=2ry)h*$xw1klbh;u5gx#1|VB!g9xrya%zmL?nbNWGgF( z5k8)G+E`nbFGNaa^}1<}cun~!jxT3e@^nngJ3BLG@#soZ^&3E3(ZT+&# z9zj}rtkaJur-msFqXkc?c`s?(*QC$Ov4XDWf8)7M_&hT>`V0aDl%~GaeB{;K*v$lc zUNd!*k?Eh4Juln%duz`lIG|K?PcKt6Wm;%Aq$;^aH1qlq4h6-L8Q%852^C*Ne$f(j zF>}*))Tl$W=aObVgvB!gv0Zr~jbo*%nI3S{q@ze!H2XB0lhOWvCVA-}!IgGB06KVN zu}tca3tD;{&tE)hT1&n?OaOzjCj<#8cVAWX{dFu+`8}pE7^gg+uBgTp z_OOJtOgO+o9tw4;5Y|IT3nlA@Vn?r|G6^zY9RXH*Mxsop+ycA zJ1e%sh71=R6Hzl*9~W34QJn^bLfR@l;xqU(jIRUNakrDeGO*j<66fz2?6xry2~W9h z*5`!JvOOqXw+xbfukGHvJ_C9#fN|j!6EAJVVrA9C|1&BDsO^6)a{~nko5mRo3{i$L zkf$swk}(X1(O+gb5Je=@=X*$xH8d<58W0Lz_X?yobdF%H)K*&A-ru9gcpZIR-_P5A zk!FSs7@AzMp#vW{3f3tKiD5_Aepo6QLAL(FE0n z21SM5*i@99CJUt0MLrVk!F!!o`65_rzBpA0Aa*aeE{lJEJw0n?bjE@c@aFMV8>ggp zJK?+&DJu^>UO*_KqtDkgh5oJn3%*OV9$&_w+_k7dr|(5=i_e84F^%Sw4iuCDav z^W77*z5lAW)jzBa6FlM0IOv{!eC5Az97y-ad4NcLCve24i)uZ5d!}<`Nu%np z<3eYKt)oVCA!6KvoD`5O0~O2Nz50>HlzVjbH2;_%_!0HxuhbPj55YwaT}{5XfQoo= z1qJ0Qz$Q?)cSeB)ceVXa$!bDF8yF^>y}4;n*1vsQIfC^f4duvXXdUKj?bM z=H9TptQCRRwYnp%qk-pTK|w5lWTgSpk8Xo~F4|te?Of>o^SMh)!3h5R>&~`=n*3V6 zGB$n;g?$x{65HHceBQVUKuJhtiTYlu7_SQ z^pnp&Jt5Xho!>>;9N#~jNHmp+Y%Xc)5?TyscsSRIC}RfXxX{%>QHX;?rG8(xJO6wM z@N#AG}~y_Cf_l%}9OU>fRu(3yKk zlh*!jwcn6wolKYpp#e+1lXd9hnE<`<+}B>h*J^9}0TDu;bocU)jOFrfEY#(9+-RPj zpw3LB-)URke_kS0;4gAtnDnP8`JDI$E}0UA0e<)pI<6Jez1$^K)+AI^v?@zzc)0hj z_~Q1n(^v$%$E4>e@A4xi1fnoteVlrEn_c5&)!FQ_oZ$s650+-zRY^5z&*0B^fMY6h zDd`b1$TcQ94%CtVdi27h$G~6w-3lB%O$riNQPCJ1kq}fCk$ZujO|ycPQJFAwbYZEQ zm$2I(-LPGEZxTEWjI}MqmCOAchYH{uu#AkUHRn^>h`y8U-@Ez!&I^H5B=QTBZk%sc zjghG%u%R+*C2PFE*VPwr+;;Up3ZqCt`7d4>OqZVHJs%;s-ryHsh#(jiA-Gh*KyroA z8uBEL!vvV3jnE9w$RMHS$`eR-^@R7_ZPv z-gloOGb&QxHI98Uo77b4uq8uE zU%^E}(4&bMG4@HK(5AF(ndb85udnj&1goHh6t^eYX^#+MRF9ufzx#2xzBYx(YFT9c zwBVv$2`O9J?#}vb%h>yEk>?12#~=~Q-q&E$-aS(ClmA@-jhOR--t!fZM_?;ZcW+MX z$FV7o7~fbR>7)2TI!9Z}0xxrZ-h_&ZMw{~8X=-CgrKZ)zy^cT7!^O_k^?na~WJTU~ znwqF3un%$x*C~JPBXjB2K!paZf>DmerN-OmiH>JatkvUYv%D+KEiTSOS3km!c%BiN zJ`@+rC1#z?|5h_V1fXaU4^vsHD(>uETzopa4yKtZw)@K7eZVwckP6gj!dXtwbFZ~b z$e+t8=k9#J8_evnHxv7-J`&&+smd&VGl5R6f6_Q>8AI4&CvxB6@kP!9itUv94WA;8 zejhlt-abpR8-0rY+WDXPd*=#A=5`-&m%op;bU~P30GtNn^JbCeTeZ9V^UZ>rthZLz z(7`^Ss1#H`1TA%Ng(jb$^P5G^c(h)O=E!_5?y91^{8@ zURz=OP=C2pI^1S+0-tW{RjhfrfV`-FZ(A?HqI07N04TqcPR^@54w~CaR7z^8Z5Czi zvAfu(@$>Hh6!cYG=JD}}-Ov|;oNxGo(OaKI%yqg|^ner^>+}abY3owPDV=Vv?H>5g~LiH}o$qSd6MXZxvXNkjP)iZ$(q(KZpNQ+} zOqlO=yRymzNVgZ(q!h~Om${!>I+<1z;JuCHCn_&*SoY{gg9MvtV`Q4Q!r6vZ7JBFl zUR4oz4!)LEFDAu8bx=5Frxc!Qn!CUn~fIPEA)=NBTM7}+qq&)8)WdV`Kbwrwsk{F$@D)?sn+(#v}a_%JMXc5D3g z6J1cwu&a6RIjrxrb2@}4BloAn(~vj!n$=zFJ~>DQPkr`p@=HqO8A;tEtCjPX3f3r> z$S{0CWWrrUP5;0nNKAWEEhn=JAJEg~JzT3BlPt+BXVw+Y{3iOg&)NgXreq-To88n? zk5H{~7skI5Y5N8>a^sVyO)D;-cLRT2nvCRNRDAlAgie2Z3*|C1u>U9oA_V>ip!iDP zD-rw}GQ8L`$1)=T7}JoNFSXlGJFPtP4 zQO8qM4S}J_ey>iUPKO>?Ni@PnPQ}HgkMBdcL+uJEY~flAqPkGZGi|yf5^(KpT&S=b zQbh4VuQnepbM^8bx2A2nQ{AKYrUT}M$c5<0;L(=T(N%jvo|PepDnqnVj=I~O)~y7Rr|BG*Bj>P3}nIm&OEa7^k;OG*Sj z9ZO&VWw$6#vR@UuCchKwyFEsOYDrePoITaRvY74{&6Z#tK>GLs0vk1b@LIe?=?Rr^ zdGIy7_PmtaJ@ceNx`4elrD_ttPb<7A$l|(A(k^GpJ|?+1KH0aqF=fQ0WJ(K#$!msP0!uq?TV=6ci)^NthE=1 z!~!q+X#$d8HB{@ll|qqH(VZoR+24=4lG&Nw-dzg@HA4lbj!QoEX zg%zWD_j{gnvzS5kvDnJg)V18a&duG9^3zw+0{mACrp4xI;$KqRXt0+xV1EdL32 z{ZbStVIFE^XnVBkRwQ}m>1PJ;;p4YHMZi4w90iz6W%XsGovQBLFK~yE0CJyJ?H$oi znl>}vX^x+$i~a}!Dvpq!mCpYiQRm~Z49&2qJ+XdYFr*|{oLa5pd*$lj%tLfz)|M1~ zJz3T);sVS(`37!~*0sew7~g8hA1%=$5&n{1$t9d1WF#T!{1#o{SrUQgna?)DZsCCNai__YCevV@;9y37(Sr@)&y{Z zx9)eVIPo^c)_unIA(Mq%;ZDCmXu6Q$SwSx*DpXG8G^pZZ_ynaV!<*xgvQ+-3}>2)U)^v)az4K5CC>;Rb=1G>nKRv724~z7VNRJKFla3d7IJ-lzxd{i`2>-0%ATobaOICkV<{>>x-BNZ5p z*H^tc9HGkqpi$GVIX=fgj9+$!EtA)c9>M)RY z>zC*}Z+(D^iPs^`d&BvG5no`cP4m_AZRvWy^gK9u4vlaGLu^5jcF*4BNqs~|Z|@m2 zt-bZ>!@x{~OXchydmFDtyqI5Pcr0o{8rjNHb<=+2XRVT&pXh|gbc7Wk*=U}@SuXbt zTn=Z00O&=BjfV}%2wO1-Ry^EJcL>+aU~};+P;Z}tL3+Z0m$Z9Ez5Sg5yV);mcJE7% zs)YwY1~2`fM|W5ft6rqj?O1~1LV#3FAz1JzmlAajO$U63UleOHZ}v+TQ>v!k;t@10 z5sp9edyD14+s)LvIn8*Fye&_OPJ&r<`6~(ax}F3$LCN}hNgt?xI1_u=0}SRn2L*SC z8gB96m*%TB^P*F+JPs1mbY84k-Z^`V z63(bpL3ry3TJ3%Ho7oF&$?fXi{?@)u#0}!oB9Vwa3U?QabjQ(J=bE;BG619I4c`?S zU$6^fMLXc$CdD&`oL)n~$nO6bBB~@p7?Oo9OkDzui`Pt-%Nm&a<|VYnCAO@e0A1YZ z4+A|r!PFz=M=J+>dIi!+8L=Sr!s&(6Y1PZFK8B(ypWzT^R=~I5QcIeSk~j3j|z* zZHm$OH??ZXufKfPA2dzk_0(5%`$upnVum$A(3OKkt#VR~?Bdl-7BvQzFU{%B66>3O z?zH&>x+=ju6~T`W42f-@T~B8XoS5z!|Jo=Kx5NDXYJHGBI+B8)G!zkH`f&i~Qt$9< z&iC8^+@Zuo#C2l?qaBleF#~(W{PKn(8!V9h6*Wpe11a6pt`QNp$++xP)SJtITfhWE z%Y@%sdLEVMQ#?5k7%>4_*}r%Jd_d!Kp=e1<)ZzCy)?0jc&` zBvkiYad4;%zT^}PlSW4i{#avqcAFmTN%y>+x|mUm+4%Eas2A?VO#iT#ZV(-ShqtUk z$n&WhhC{3RPKilO1z-AgWyh5H`!7{r%D&kgI3nPS$fM8IZeIvUVR)dZ73c1!qhGKn znRDwF!xDCY{4F9F4(auY$*8YhPq7b1{DjHmx4RWQb;cphrF-)ge*TWDCvGdyG^~31 zZ$BQ}i+p+Usifp-pbHz=T1vQU&Mp7lH{y@tw^mf_VXZ++Qp#C457Gr<6t>cE9tAH^ z0;fuWQZ4nF!8TJWMCmu|i+3qdiEm>E(r(PqAIWSm-a0I-AO>1DOV6CMYX%sVRJ$)% zVUS0i6;|_oFJ%QI-)7k?2rHnEz~z9jho4tuof}b=h&Mt2F6NDbvgE7Ip3cd(kMH~Y zn^EfprP1q{vWIbTt{BbJu>!P`chbk12o(o$9*aQ83lz9h z#aPvr2u%EopczZ%z@W+HoDW|EP9L0c0 zJUZ=e)U7k0pmtQcY?#L>nk*a{iZ{8utOcq~>s)e<5 zpUJ#y;A@k9$6KpKJBjkME$00^-EYf5WBbdk>>%H$_&cQsNw~vB*V1i1T|Nx};Bf|d za&m5O$sB!4m8F;fsI*clHAC98h0vvP!HIC(*6SK6#C##hP2nH!gP;~<${K~&dhg0V zPz$wHCBaw!z{3VvLF7=!o^fu!3lmtq<-mL!IrdreU|dL8QPS*(*6wFf=8)+9U%7bD z&c;@tM-2rNQiMiJ3~D~nwR)T(l#t;0g$d5z7%QQE$HD439lmPCOFdlM+x+~r54e{b z@ox9Fie0^W^#~+0*(hZaeDB^AcGsD^g2xSaMUnIh%k)I&%+AEV_|o=)@RUpWx8-k5 z^$^KyL94sMtSe`ualLbv737L&I5&ESlHysHwcS>6t(|xT034M#Ev&Ua5oLYRp6~n) zuk_%}R@w~o^nv3P8-lRI|M?vKBQ%h3sdB$`t17*t*^k$QPC*cL83D^RSQdTsM5s*L zvnXDQR15)sBo84dNZRTf>C|XSip3CZkE6Hc13Mg_J7Ft zd`b}=?fU0TxSZ=wi^rsC@U++WmYLsu;M~DgagtT6hb)p{sMT!>j27R#BhkaFMHCa; zE~XMI3!lots%D?5SFX&U75!RvaBvj|dl%ff8h<`aUz6w?wS_HC9hkBO@7k zfKADP*@u*e#)K?`3cHgQmfA5ugerRy2eB%o8`MXrSULSWe+S02Yb*S<^`H~({Lm6wjPC?25&F-ZSH``7t9l;IV)_` zOwenJu3TX>CDrfq*ZspL!XLWb9azWb!#OPzr4NcqXCYOqF@HNyXTvYht%wMD-n%!j z_TH3fN0;BLBd}4Xd+Uev6sz6y#?zGrNxzY(CYj~(2XUh>uC9XqShOMgRryReTjAP^ z^2u@=9%R5+-G{e+X4#4Y*2G@xQ*Z7Tlmy{7Z8QP9!n$qdz7N_S9N`Yi+(^%T>V_ma z6br%CK$$<;3#wP;d<9ujfRk5812OLjl0mxi4$*Sxr?!?0PvGb$Cr$VlKUU#37&X#e z?59+yDHe6s$t}kH!-GC4tJ5Jwk89zNWw^s%A(RmlLQqU(b@x7pdx}{BwuHT!z#xsw zU?CBux`IMv;Z5|ZXMh=zSk`s z)&OxFY?0`G&wp!5`@MIeTt-|)Zi@jkD)3`}`$C~?Z%xanYs<7(Q4A-slpFRXUy+|PB22*d=&^{b>OjQr# z(rcps_FgBj%ZxNtLFg*A4(iP*R2^urjMpv+)*&WknlNAeNCpCF?9$n9mR7UYiK!&B zdOkfV79{}yCR)-hF|G2WUM|m4AzPn0*F~fjnM{Fl!7Gl;LbW z?o1lU-r3B;2%_SjeCZeX=v$1*{c9NHHL#LR#*p4m3r zIhA_wh38oH;g1Byqpo;`0TFAJ0THca=@GXjtqb_r~BgI}`$o?f5&KC`A=<v_#G9)-OlR$q zVkB&4+res843^>CCjyXt^j232Qcp?bh-|qyS4}hT18(X4cJItZ8Gd*GEzUIqStIkn z8Yld#H@GH2BcJWaEk6BdqJ_7QzJA>0PryO2%D+dzgOj6d0ZZoS%L?kw>49);{dO_R zDbE`|Y1ao7jk?#Ag6Rgtr?um6-N&v~Py*x{*BMe4wYk!JMH5h)p_%gz z<}b!QKd5acGY@cIdvVD)=BjAl#G036M0JkP%@wa*?E2j)eIB6Ra4(ZQo z?v~OAqTl{bMg7#JxP!s19FBLRKIAFr-CVYCHYpWLpK7Cm4uA0nTrnyfT@b5@SU)v77SA0MSE)xsE< zE}db*deE}#NKyL9o!>m~y-97LSHqre0=?$)#CJ z^lij~F5<0p_>)$rV#Q3tl2PB-kHSZNd*{2>nm0-tUl?_cjCx9H5o#8)NsX+1*Sbvp zCocus6HsA#+(9S~&TWde{`OJqG1r;|G~EXN_zJ9SRTdSRaN>h?^$yNeg%6HI+#=r! z!X{hSR{G|esH{_x3FLd|6ws}R&fIHb(s>4jwhyD!a>Zvoy(r~aS+#(I4DlaiC9T7& zo5hf&VqbStoYbHunfWQ2mUnDhP21yn)pG;go&0@qrOje^>8g6L@0Yra%~D=T;H1yV zqN^L8PU8Y)dhwOSyiNCJXkN~2uv!arNuJVaEw##5*n_kt(jQ(ukvE(U8C_cn)GS;^ z34FA3%HF+@goPbvn~#mn34bIDp{zLlAa{Esk0Hsl`GQXSz?Y!w14PTx-wTiFwDb`Y zU5u|E_kYNf9s$D1n}6Mwi53AI1yGY_;a}4X<;`nl=n&=AgEA^Zp6_o z++3%n=Io$eaIyR}k-P36`dR8>Zck4h80{@!(0q9Hwr}GnP2TC=PWMc+JeZtb)3I}3 z2s(~&Jk~H~?`V7gHC)&5aJ24g6q8)@-Mcij*FW)@e9RCFBqhUZU~iK9Si!UqUx2hX ziWiQWSnn|cRJ4E)`#Nr2*R-Ob>JrJ0x&;g#MZDON zPx&3^-qW1VH(UI~`dtbH*QA7apz3`(C@8T}yu0l5?Y@hx7BcA;@AN~^sRhH^a}roz z9;@NV4%=nt%8fALv;WOe5wybr_z)3osKxEuJPWv9qt|u5V~MN0E=vl6kegj+YIFLo9->`G+m)3`HdRA_)yqi-8_y58&7)H(x>Xgw2^7@!b)C%pn2UHUHj-+X>+jANJg&W z*KPxq-f5mXSn!LRn|_5b@aX187m1rSUN~u!na}BF4s-=tv!bKXV;A&91>2CDLXw3h znLG28Gi>WRL;ndG2Xm|eOurd-P5%*JM11&`j9anOHx+$V_b6VYJ6MUjWTEFOZU|BUCTG+n$JjiX)L84 z{>U0{3|i4vUrg$mG}Lk_oi!%z%PK(f>LQAp)Pu@)h^m&`8G#CW1_~5xiRrrZOQ{Wc zB;qQCFtrvT^_&!5dLj)A#)wq8^q8t0S-kBJdrNeEEWb@yDTDydPMjLTUEuooDui-S z*H==XyMQ{@Yeek5#^OUgk-b3_%xvo*HP0p!dtPf&%5DktjX@C6ukZ=>Ij7?djui2T z+=A!$qv^%^IMsBl?Q*V`E5lDJv}taR?6ZX8hh`!)#^AB!Qj$vjC(UzTnqX^@P4&Sz zX;=v#rKQbq(`y@yZo1y4klXY6L?weq{cYn|VLiCD*tIE{x80~S16zHlxg3D-yz_S5AGY0&^e z>25)vd##C~tB>c8@PU;O5&R(6%P7Id^fvimzNpLg*-z=30s7Q(DX^c=)C{ESsq)Hp z6h{UvYssd8qS@5EV#K?~-Uvy_)`I2e1sryaD}lO`4jgLHBC71Qf$xyZU8a#j{X!9url8;^ z?r6!LoNx*vTV7vHPTbRJp)w%k?@~I*iJiO?tL=UPdD5)A+jhYZoDpr$D0j0rh{|w8Y!<5<2hcK5UigF+IAK7_x$z!n z!Ejc#`&lv8C>tKS22YFivSi=zP12in-XRxaq8}$Sp-P+Y2CDL2orwAA-?UcO=Md~i zomopp83$()6m-k&VRCLnhJ471)VIq9Gpv7vxGdrgm_r=$cds7&@=oz)O=Zp%V{MyD zFW?y%%3GmC6>fMYI#LN^{j@94h_@t_p5#nIuKgkWY;;@Qn$23`fdKsKR6gq=Fgew! zy^?3%IlpE2gxW&Sypr8)o!$ zt&wrje?xxfKn+~XUh5cs+dDsJtJ}p9-5bE@m+!ci&NB*);a;`0l^;)h)XK z&!JOoQQKI6AHS$8)Cyp}g+Gm&?$NS)0(@ymh<@OAP2)YP@NM5J!%kJBF%EHWpt9Bp z2Ip`f4$Q49IlUgwApNSG9kxilm3Ps(rPQ%N zwmu>?a>~Nsqvwrs=?yVpaI7!2#`eC0DFCl?z7m5?()TTW>(%pH+mgWGqp`<CZJd%KFDpb_ zIV9NHvPV;rCFv=JxAsp`GCplKc{zLuIwJ&ux|oNnme=!@K6!UAn3%L{>Idsh8=WXT zc{tpBR--fFJi1wVrejVV5_48hdSm<1v0rAFHY%! zjdH1KY^FOCp&d`9=8c;0fSk9^$})AKVa1`?7$$V8>g9r+A)sBwhi{wq&P4#;ohsG; z)sn`>rU^<6;g- za~#6378HpP1y~Kt_HFOA4GN%_7p$$Vxxaqpp;(dA6~XC~@W^WM2E$UoMk*zx$(KOX zV$-S5;a!D@S*ivrWqyzTJJ>|PBn?H_#R7x3 zOdI?P=n3g!+>OY)r(P8jID-l>G??lCrE$+Wx^M;?Xy1^=x8e$6(OAYik&8#ur=?$f zn=+!OLP&9KYYLiZI=gZN8X5p9pYre(sgkofAzo1i2GYF1X$f%#Nd!Lj&8VZ`eWApu|rDL2LS@sbtoeksw zzgokmw|(p!E(k=31PN|e=2sI8k$`L!|5a!O^bcLw4L@n?{q`ojaaZ8E->AZ9j1VqJO3j&y6t$squ z;<;{lZ#4kpc%?&VijQPMMNC13{5F)*@dKWhvd`w%Nhn~iPArq}VT=tnRR|a`7Aa%G z7%9R&Z(pOqJaJ4WZB>S|Cl2#{hvA%9?47Akwp?obqU0i(x+o zVH!Z|`!w}MD|%N(7zs%HwY2f_S&Og4;Vl4e%5;d`KN=Sa0qA-x>03WumtV5$!1LmD z2m9)NzbOn1#@hL+QCi`l4lmz-2IG)khLRpKurUVVV&|0Ix_2yWfWrM#g7~`?V4Dx8 zcqoZ+!ZnLWY;>^2iZ}Bv&}Rx(-rxUoM+D-DA~fR71{P{C(#1CVZjq%n_@I^rdr%jFyCd(>jiWbdu# zjLxZLkBfKRsFBi@UzlyHXo1Yw=s;(Vr%exJaez5C(UV(bJ1;4~*9zzhL%ODFs9fm*3s^seyL&dUadoM&wP_RvnD|)F+4CH~()OFY68j8;~DNznudm*(t6n zYN6rRYhBS_uyLmZ=%WK|rzV_%f}kwlnCRuBK&%2mxqt>J3u+iQB}rnauPfHk#6kabC|J&qN&4={JiaXZ z`gCDzdf{;7>nIcmMU>X3A@dT}NPvB9+%r_R_y{Jy0tr}EyxcZq{EIc(gI)L^Nqp+VEo85}dr{bMk04ghpRWZx)}U&zRAHa~{G z@~ZQHa0eTc&GB_{$mWUwSP}DlGfYPP zAc zwSM0}7E4rvsgTnHgAbo20wnlgze>C1D-XoaJS_=;>%j&?C3=Atfj|Ac{%q?JGZwq*ZJehCw%GPXS)9y_HfUbP zaE^cEzFgp_IN!89{(;F=6&V2xFk zWdB~M-)+6J*vPeG6>m$bT;}DE^}t9HN0#pJGNB!?(y7~qU8b(K%_WUldwKDnzZ1e{ zq-)MAY3{D!SHZH{24nAMojG(UKbyHByuSQOa4|DEm4e|KxMv_(YN{8phs2ZX>Dwfk zXXmm|CAC_=PKE;%q3YOy{Rf{;#?{{3AVFdIv5U6ptHTuzk$@%*#W}eDr^o;6k}{Kv z>0cTg`_AD(wN2DlL#-(+RztP=hE$bQ3y0#?8VHCtp5y6V5xN7m=mp{jt(#!I+cjEs z{+p*3wO5JP`ha-krO_52>!)A1#ZbQbx_@rvwOSzF&V6-DJn(y5 zEzbujubM6Ct-%%ocXmWF@f8fPp!Y^Y87_qd8=b!Q%{(2fHy!_oDSw}iP7 zB$D^yNZSB|CBpbt_4v@_k|_$uQss5+aOmjXVKv? z@WJ`U+m$qTs&d?QC{X?Fd3r0v4}81U#PBq%(!R#anpLNrD3b}%?cyXXKn!jS1DqDd z<)foNGh$z@66_G{{Fxw2*1_Tis6OSx zPf^#Q;IX>`yM(i(cA}{~F)snJ(Cq)g3&43&!BV33rDhBI$WM*(fbqyxQ5(I3&XH=A zs-x|J?LNRr{)b<0vWcKW2;5OB81jh_6zQ83pFCpSGojYyZYv~+h12nf;*k^<5(G}2O%k^>0R-9w6WDlMRZA{~;#d-0>c@B61~ z;ad0JdCqyx*=L`~2$@6}nI5jvL^P6$))vjs&^B zX!#Xr!_UQ4*wj6%}V8P)9 z%i?Cy=mZ$+QdJAOlT7vf))B*`13^f+zlx1n;U3; z3Y~L&@D?#N@Z3*4Snxn?1wk=q|FcIgjZ`4|^$Sa8me+POXS78aC^FIJyvGbWm=BaD ztBD!Zw>)OZM{il|f0rMON<7OcuUve1k8bgOuct8H)$A7@8(&U0OhBy3*M*E+vM_7l zp3$%QJ?h@05+N~QN%>1CXMdl97m&9-HBdziMe(k#KXA#k&glOMAjJJ+QhWRc8Q@PO zcaTlgq7z0eVv*fh0R#~dJ1UH#kL=2aR0KbhMyr|1z&L z$dE-_^--49?!EsU!^ZkSjH8S|I zohMn4uPaacyo6F};YZg^Sdv7?$@7Qyk8bzPrro+k!_xw}?v)%?n_zIE!bDTXDV7fn zcWvVpkHpA|fBRp4w+2=l(Y6Cf_8%G%0TUXgNTM*b^c{YC#Z76| z7NlNx56+m&0)dI@g{P8Q8#p^M0@vztv2LbPEwD_Vul@Z;%l>kXs7}Z@+^?b@=P!cJ zQ`#bb!CFvk{O;wN(9vb;S1Tccs5|l)1xPrh!MOE#D2g~N-O3pBuZ`IW?$OoQTyzc_ zF}rXk`|#aD*~0IUq+b%0u9Np(W1}xF!|8%!vM&36gI))}e3@n; z3Hn~?-d0K$x!?egtqcSbqTt|E>A)nyi^L20Lm9gN{4R1%Fdr+dPp?w?LR z<9(Q%47@)Qu1%}+bU?N?vJzZ`rOK&hg`dnF#?3a%-w`Bjd{}=XB;gDUy68SnUV!hc@OwALUW z_^1~aGmV}tUKSw%frBQKG>K8$fzRv|Pyq=$B1`O^j@2M2E9$dBA2i_nZ^YDP+uP(RII~y{(I&?k;^+)cGD}1uf)$%*)<)A zHC9r>IE|{@(Wtk* z@Xx=0QFExTO3ug}4KN=4Jm%2anWlQ!HVgY&TxO!N2 zi6?x|H`>9{T`Ssece}L`n`)tgCHmu6F*+P%#Fl@Kf+GCO^i>MCTkGa2SN8Rz7InE z%3p>jrzU-A21-=PI0W+rGtzu@fYN8Usl^|b6AekPWG6j=z)Azn%$6Tjq9rNLsR2ZQ zW=%>G`24RLc?McO0>DF&%UhW9^Rx)u0d#y)pO1#%_y1m<%8dfFg9PmGqs^4ZM$6Qi zc{zfzKsc06?C(SstQEOIb|MX`IR=(1K5-zq`oR)t6LhH0LD-Aa3@8Sp7}ugk(lN$9 z^xKCz$!7_ehO7K2G7*S&Y%3$2vFT&L39^3SRj98Tc9eAXY;77s^ z5B%K%c7T#k$<}iZz9Rv4g;@s34fL^};eQ3~T7=%>OR?(&L!#v&*Pqo1+7@+IKtdw$C ziW4}L-2}1a&_ee&}AVUbh%*@TW;=Ooyc#b+T(z8J&nJ_b=ZuO;?U3eyK z)qGe_+M8|{r;r!Su2#7{6~2DQjz9IoQStJkzFwe;`}%v0v-tCy!^7*7{S_i$o4%y# zxO!^-+PY38G}*hYOY0@@$-1;Q)m@YWn9!-qn_^fl?|4I!U)zPFlj-jlC`li9guHrV z@$gt&D|K3XNZv*S#K#;}s#4riGq%`pPal9Y2Y6NWl(~&Y3TPLS-qF8eYx)(iONJ*- zy&XV)^q@3_O)T?e-0BFglZT#4%c$Bh?rN1>-#@&d<6Vy?2%7qbv&=OIcci8^dLd)2 zHCC=dkk@1#vJl&@Ts*YKF!X10Pk4jv>@j`^*yux%8=L#A%_Yrn@9JD*?` z^-QgdU;F>w6~I)58ya(%D>;O&(617p{3NEPd-@UQ1kE=TU%3K%q=%c3&ivNmE&7z>BQ;OH z;hiimlGGzEV{pvl-=eK4Qczoc;s8z-u9o}9P=OP=ii&sdJ${{A1)_Td+~SWq?yaD~ zBsfN%bAgtEz!qD0+uHy?W}or3j)d!1^c+njBXNV$6~4}a%HbFna|PaCeK65huqB@} zG36ltq-VhdxWhgd+pjE5_tvwpTGQtCn<#wi$gTVodMRAdfp=L9<_#fR6DDLtzY^+l zbX|I)`lA%iGo@SYwBcDJny){L_|ZV= ztOXJsnd(fTZ1N@FAn-!9RfS*xOJxI!_#$RUScCQq6PbXb6 z-tz9B&V4d`R~7MMyGJ>X;JZPkr@-0Phqqqq2WsO-(;ez^{sE2#dp`{JO2VUx%6z|H zfyJ@MSj(M~)1PYD8ANfz*D}aiA2LIYpD-I@NBxa>&iza3* zctts%WKDpQ^y<^ETV-O$rnacl1-|ji7lOQ%Vk#w}Szi)4Ls~C){cbsP>uf_n1;W9> z@OnI^1f!{-lLnJP^UH~mivr5ti*mO%m>X!MI@7U1YIAB~b4HQ_W-zXrn{xl=F^LY2|``tBgt3n%7QQ-)lG+~ zeeL0e>DSzO_|?=j%qY+nr)8J8Q^OgA(-;f=pr?$)oY6==N98cScOUPBLn6=?WK5TfFp77cBIHyYcmJQq~Y@)C3xZq`e|9hbE zYvt?lv!a36ZH7`}=o^PkQ@-$ff`kMbAkGMMtCSiDx@T46(UE9{d9Ha^O+URy@!_jn z9$JXBCaakB-mXZW40`-j;_Am|i%%f;aheoZOxmPzP;_|+UbEIgmeA?o=e=~aI}aPB zv`w9Nr-g-Q!qJpd=)$O!>A=!8t&+6v30+aEUh;Ixo+6dVw3b6ET9<0}tC!dXp#HHW z5+gpJjLM7RxP{v^591SZl|4)Ev1-e%oW913OQuRu3v~8Nd?n&V&Rr~7qXsO`^)>f-Q*I;>-f~@RpjSMm$O3W zQe!RPc~$%JQPP_>2Op|sd{EmN!Nvb&^6aC&K)Geai*S(+2A}fC{%aFJ%FQvpsN04I zJh^R@p;gqzn*AveJMHsptA>6SL}u3NFiP*y4<^$(Br?q$0klB93N~HbX(5@EO0&F- z^WIs7^A_$K-96a-V^j`aP2Eq#AbYW48CDbNQ|scVUa`ea5wn?L{Qf)V%U6$*rtqe| zPQNO{q%#FDiGT9dwZ?+G=&VyU3!f8Cxpd?1jhrK1_I#>Q;!9}R;(Y-~adK!zBx-Yf zl~s1&Y*usmC}I=%yVi8VdSRsZ@Ut5>Tfo8X{0Yj&=FmSbZZ>IGU&shU-^_Y=GYC!ZqVwU8Tuift80VoZS-LmUNl*hQjb}*oud&#o>Z>Ym9FUhI7>1GH<951USN}I zE=G?@o&l{NAEtE$+y&B2@cJazzb~gBgO4kP-(0=^x}6R?|F(C=oBHsL93#$e3KlLl zzqA*Gerch-zQigqFN=?B#)@D(o1mD(pG^B-6Lp69YDk*DaayE@i8HUn6~z}raKb^Z z&xR(8u8Id=NC1o-G0T)PX-)p>3GLcEqVI#i9ZKsnHWt z5E_@5A|ET7|5@ivB7!5bW30&zQrEoSmGv7k-#Tq)XBBmT6)ml2*`*M6L;Q|4Wr%Fx z(p*B5D=>l087s9*!1icsod&vyt~JFsX?5k#$b}VRGNLyL$;DJ`g_4Vw&8Nt>&l_Iv`ZGq(+MeVCKwfQ@^JC|GF4#*n3*wKh zb2}m~OlD}L;jqV_4yvs#D=Ww0;6Yn8PGa8{d$0@6)^`$Qs} zQ<}P_1$ao?F?rfepGZAk8_@m`&eqZGD#XJMoV&?~9@97T7mIRILAr)NEyNz=b4U9= z9+Kt19o`P@mskEJ^g`2Ax{yF;TkoPf-Hn!YOGb!&))vYc=TK1gcoH2VK|rfT1tGK} z^vnAZs*K}g9JXX|OR+Tp;a{bR_$^pDWO@N z#Q5)=iDQB{dc>MOH00b1*@3;n@eB=9 z0KJ|TTaW$9v9*WZtEk;0^v>;<6Ax*9TkHeqQtp)~BTIYLxsuSk`K zf_V;@uA*wD3-cwDC9bYn&I4n~2x!+50E{A;%ZGj|y0v}R6rh!?xrGp=J7S@~>f`%< z19NjcjdcE>)ZK$4wKyD9S{ruUTqrNU^Ia5<6GJRV{?799!J8R8ZyEJSvt?!E{KWxb z5=bHFLgDWKU1P`c=UQSiJ}8XwJKi@G6j_(ui#CDdW|6+H&+q-^T)_NQB z1GaJX^a}sUs#KsU%dZuVPpaKEi$Sb zuVI742z!aE_NA^+`3Vl08}6I9*BKoOTu9e>;~pZHYWMM9gVdb=GTPma`oN(TNw!#& zFS7V6&&dW81oHRwZ{RwrD65e0e7^xYGqa-fD`IUH4b0hg#@jDAnNloV`vG9RU_l~n zIBHeqQTUNbe%q&`bkVVhy2Nrv6#@!?KO3f^+Yj={N|+7kir@63qX2_6xBioS=##A7 za$Sqqk4Tr)0D#XEiQLxWbY#ebjmNr^s5F25Aur0&cnnubPV*g+&w~RC*;P~{h8cG6 zfRKb>U;B!ft2D?kdA1v^{fON_nn{(bZG9-S?q5(r}IJFVu0uu8jz|%If2x zfX9hU1L^WRF+dkS?V&glEQTe<7!(S>s{-egXxb}>{rkB*rcxW;07VcV~`IG#cZKCstcVD(?K{4q<>!h z61^trlB4^`-j86FCPc-->jJZ#mIL3UjwZP!@|O5T^SkZ5U3s9);!B$VF+ZCq!TeFM zZMNg;)1iaktu1*-%yN<&jz}W_S>)3xPg)SWa276L_$sa^HzvszLBy z|Lf=f&~l_EMPK1!NJ~Ff?ZtIOpjAU+@dXCaG^cnWd{$vII?z|2SdtjRuQS(a?tR4n zG%5Usrx@X))6m-IZb6o;d8v9K{6;LY7kwTt3`p)qH%}y%flG^%U-5ze@vUj^PE^E$ z;8QF$I@(EU2!?)fSxeMTMjxYbKz0g@!S|~qt*+$o$zkQiT6Pw1?{}3C4qpr6lL?a| z5LG!m19h$7c<>b8Y1Rz@N2A0JFS-|w3Kkvb3!fz$1^xQGQ>C1FV z=(GOdpV;})5&MGFR{QOH;0zs^C=%6#aaoDHU!JFN-*Noi1I@Pgtm_l&`csTQqrdcN ztNr5wpyD+?OYot^M`Wt79*Sr41xRG<%LdbV_tCpDUff6 z#xBQ_4x(ieH?lNyK$v`Ekw5gS@x zv0pI_w4~X)2X(Ta*ycGHpKvs>iw}c6h*o*(+YP2KPA6Dz$dRRc)s2=K1~g0Z$IwO+ameV1q!jYZ0RcLOqWni9Kkm0kLzA$6U0ex7afx))eYpZv zib4}*RGvULK5mSJ98^qawQa9!frHHJZ(mP8@`)7GEna=R)&p=gG=Hqww*!Dmor~-W zXM|pxW{oxfK<8D7X0+XnYA<8VNZiWx*b+Wl?22Jk#CN1I(=ZdwT7G<@m;JifkDMQ# zvtS&BNS6I+PByoZOkTc1a7Df6zqoMX6Cs)e0`oBie}aus0#QYbmgKM`=W@RG5)%`Kf+G8d#-L-8Z;); zE0Z;&W);6T#d5?u0>T%O07=8fn0m)A6=O8Q&CQkT;t;Yvxb?D#G>DjK%yUC`7(&pC zwPFL9bz;dqj0F>9_WdX%$eB`P=QqdjXV^j}u8Iekka+k>Q#KS5?_Ix5oLa9yQepmm z_F^}t+iQ|rc(`W{H7)IjLFfaWcO;uqqqT{-_SrtHA70(c0kQI)XUZ2Q*v|`4UNB#! zho?C^C>7^vqs`(;Ev{aaXKs|Y+std!{4B6((W(<;8;b;Fm016MlD0e3XsJnq5maP8 zY0+xbU4#Vo3}LMLdns-{{u+GMYK-aBU;}()gZ?kgTOO-{QfY#qdhwAikM_db$|V$P z!otR!4Gj<)+Y_P@;2e+aOY|*Ybm((IU41#FXM-+o`tzF^8gNjuP1!1Hf^&&u;VqRC zQXH*SbIw_G7P7y6PoBpM4;VDSw1B2<+UDR=BcE2tLS;X*iz2~i^!n#eRqGlb*P#Iu zEUeeugdC$|BSH6oz%W$xi^YLCOM^6`FVY{?qtok@8%N{ja z8sU&65)R+VFt}k2h>3%&(1yAGE!(?sLco>k2{%`AE^6`CSIrm&nwm z9-hfO!s?R_oO4+s78+BMRNng!;MXz+tU$Y$Fm=zVKQH_>N7_%0N+Osv#wzaP?@%DU z{HgVh@dQ^y_0y2R1N_f2M)x$>Zn096xPeV6b9=XSybqYu`6a(#!4*Ca-_9O~LRR{)T%r$roxoSF2ABqgn8hv&>ZvGZ3>vE!MI7ft79erJfn zlwh6FFh{R(8>v8N+wX8TP#_JPGtBj`ro!JLK>N@D)eOdtuix5-KMKJdj8AgW_9Au`{8jN)^0g zUiR7N5$)>bww1cKK$mvV=Mj$H$man~4L${W>O1lfD?Q@=f3K;I%mZpAbVY<9)u7{e zq|ES-BxW)(FpA4FLD|DXAak_r)hHFO;h&iZ2V1|b?=K?uHAH?~Uo{nIGkG0f>Q(06 zLwkI0NCmQ5ojYFfL+#u4-ixT0NE4|AQ#UAF08F)En07lfkLKE#v}wuKE^S(0p|4^d z*;RR=yGC1uz1zsI+SZBh5?D>=I9|R##Zlku_){+}=L_xk;@=LAa6E&PQ|sEg1407M z2#A@tf&R8k#&J{aV-&;;eZhv@3QnM>1aS&)=Cx$oNXJ%xaO|R2#moH-Gy1C$X%^=2 zpwfoM-)GDj8_Cab+C5=6Dy&_9Yu7(_DC$H9_G`_Me8Mpv3__|2d^hw7$gI>hA#D@C zT^|aRPF4Sd+pmtNJt%&D3td4ZsZ+BTqXD86``9_kAXNmGyW7a+)D-Y22iHxq;5{+S zv{j&5xkD7xveM8+Q{#(bv%`!mm+~@^@!=f^dNKLzSVkCNW~N`Er|;c;s?uS@uG&5T z$AkRxuKX=>oOWCL=5#bz@`=1@VL?^lp;<06klQK7Qpb~I@NA>dQ2LW$uT|Bka%-UWCpwhyO!# z;y}0@b>f8^ecrv=m{(EK1;85wiEH;ufJzg9JZMIJBX!S8p*#!!6~K+w^*Q)fC2eE* zqP#R^MQ!tE`ll|WE!I0a%*(A!+KjjU0bB})*}xK)i``}o`JEkMlZWwB+_%4>+Yhkw zkPd2Ui94{#-lzEDBw0u{7nGGb$&Fa?**W2EeYTeJ*)gA>kvDbONZ()wxP1+_>psfl zdhYmOPYifr0pbg`S^~XZY*!A}xfMnQmL036CTzM};TdiIRgeRPBhy)4`kVKQszU52 z2Q2?ALjE!2it@w6OJx*4K&z1+p}v<=?`5gRDA&}YuKgAQ9b!yBSV8mBV+7MZ2AefL zYmrB*sJ%eP-I#5kIz$DXFN5p0NE;BLEv@%!sv!a4lM@E|F`2&3o-j8+fs39~c;@Hx zhM3w~yx_)bwVejI{*QoDGJ?3_3;$u&iO(_!G2Aeq7}Yy$TSVlf+KQ2oi3Xf6?LugGDWeW(pvaSi#*8@QhPzw_9#P73obx2q*me4!MPZf{!1JMSa`B0 zfk$7ta)ry^RemZCGC^)1sk>{iR$MF2v>1Fn3rc37K>y!(J`15!$O5gnRXpOaqi{r+j?fG#VU9zw5xGk&jzlu3Z~d&pz?6g!CKyJQh}9ST-llXBK)ZHbsf?~ zvv#Zm`*7Nl=?(6MD_(u&&(^IJZIck+=i)J#8}Rz^sP7ExbG~FVCBy-vBmuhYZvrcx z;X#0#OWoE^5{*YxSb z4evedO?g<5OMzGgo4w&`YdOb`QzrdL#D%2(V7@SX#y2CQtp;6sQ6*UJ;bm>3{j}mk zYw)cGN7PySwNWO+&MJRi)}tD44Xtzz<$ISDtz)RI4zhdg(_Vo6{;;GH#8BIbVJvEYUwb zKdaJY%^94hPx~CH#7gsMIpD*!|1lwuH=y!k#p<{95YV2QK|%C<`8Zb`8~{xe65^Lr z-1ezl)p!9Uup0Z!;xGuF1sP4#kQzEZS;dH$d|&@PZlN>622RLe4PHoB;mx9B1sr>f zm%dK|SPdudck@~1ZdOBs>CHCW7QVyPe&tG~BGkDz4gts-$k`hdW@+AR0@r$S|Aq*E z+Dt%7HD8L@<6T}JJQSz&odGOUm&FYE`+a%_Zd~KU2TeK{8VE0n^M?<(7H_MxSWS5( zb9${BNR7}07ioGuys8NR;{91M6+CHD-43X32ZtFP@L07d3>ptI1kD>0-`K$CS*1|( zgq#)ye)#Km@^JV->6n^YdTz zA^k{ZQY{i@G6Rauu}IBO*vjf(PsmHQ(#sSK{c!u<)fButaCFur3qRTOT3+9}9+(=fGI@3bh_$3*|DOqjeX!=4K~dlRSJ)&d9g zicdG1MSuXFE6QA6=7p3Ntup~MaM0qJhCZu9%r13Hzy238&#wR>I&gP4ly2=AVj93z z@kUcGg_#|Az=|>XaetRd7epk|YT62|_5_-ui?%(lJq95Vkw@ujmd*O?Y#q~%cv=w* z_mHJ#D{o5{R1XM{!7idctNd{ZXM_;g(N>a>lrpPwlS60N z=&~cv0vNtYLq86KZr3ABinQ+7gwN~sU8bG~2~Yr;zuJuryHMmg!c`#N<8Hg{av<9l zW?*p5K7g?S@IR!Fx5N%T@|C2Wh_3wUCUju7s_R{p(rAf|aibx(#6bVWowL|5+$0;+ zgO7>o7R=8*YDYp?tpw=(ASMuvd=veuV*`x+yre{V&#?{%CTG!lS~7Uq!^z zO%*W_zq6a8WyG4`QDak}Q!Ogaw?LhcOf}7Lr-D##OEm4IVX&y&P$ZhH1J@f&l<`H=1wgqJHhnfJl{H7T&FM0VdRs z3Ly+xefpAYAo6V?5!hKoS7hyl??-ua!u1g!mO(3^u$r?05xzIFTu8t*d~dpgXnVlV z=Gir_)DxTB-&&_y$G*y7xpQkJ@sfzoodp&_zy7yn1&xxq@xdseC)ojBvcND^Kn^_$ zsgwoE989?M`#ZA8A(kWuMhOgXISsAT0eqLSJncY>=K1gfBTS|W!G*nEGi?=OkciW4 z%-99#_n5ulLppffQvEv{F9!gm9*SK%gn?)2#DrR}Y}0OKZk4l@bHE#$ZiMl2UxO9? z(j*Gfk@zz!{IZy2%qJf-;+5$nDnlb#>VNlQFB4m(<}$sp65P5tg9 zv@s`3Uo(}4`&WcX2xNuI9Pusu7M7p(JtBi} zrz7e}(jWlR6tmUXR~LD?AFQ~3B~8P^KOgBR&wX~}P}R2w!9mzlk6f(xqg;ie3nY+( z_$ZdMb7uK0)Lif=ov>{AKNPijL={V`4|`mc0>ZTaU5&WlZwZ@BBD;rPi73m;%2J&8 zc;!vZwK1~(jfDS^x`+^HcXkAp^D0VqA0stcO_ggt5C?<>)!KbBe|faa3>=@>Rjv7S z8T<}@DA-o8g`C$k0KcjrvoxF%126rPKC&kxYmWA4?i?PRz<0U#9>iCa?qLPr5HT#v z%~N&$SznmV8&@n$?|F5Xf-uH>5SV47QsWCqUjcaxe$LaY%<3R~HE26B_9;S3ln?nk zUD(0j@BJ5yRF&-}#Fm0EX!4;t_JDFAP!A3SKd}OHO92EWjSe*GnbS_0J511IrTI8# zsX(*#Wu)mU{UK@}kY2oaYOzT%Z2K+t5*ZQN0J$hTj;aJ<;d66%imY7rh!zoUB_Q=c zZy_8X%`#=53yW`29W74a^et}ko0=-^p|Rkhz4%8~IDi-(_%|K&fC(?QY-K=YtlrbW zDHLErf7#I8xfbUO2Be*xe(zrZ5uW3<$^v6ZBgFobFYeqmEU`3>JX-Eo^`Cv(7 zY1)c42~oZgFChq8*15`4-~Q}t`Sj$d@4X(NTE%@j_<{7Z(t2<1948vR)|qt(?Ndy4 zC#qytn|lN@^uRgW=uwr4z4q_xW3w9!Kr?K9Mkqf13Ih79{|_d=s}fgX`WVj)ghR0O zMZy~jTS6*Q8=fpdLumEIg`>>8-g*nSUv=UfO@*B$fogph3r2$sLC&>C@cFTl7$A21 ztDDM;uKA02_0L(-Rd_JZBfv7>QF0>*ocn011*Wum9aa%VGysUy8G+|hGA~gT! zI8S7X$%kiv9U%d_ZMMlQ9vA95G9r?`pltknQ>Op>I4~i%UuRnNIJ1oB9=Pm~BIdQi z=FJSw6&I9P#s6XhGUZ=U{7~cEqbP(ho3x%ADe%>PxqAOm z^89F*47?p4FN(W`)%$fTPH>SwUF{(uY^B9SBkjhT0bKFhdpP>_tN(Yf38`n>@+Y0W z#(a$pc+-BHW!nB@~< z9pnN0_Xu7pmGZWZ&79?`p5+3-E}PdAQOjGQd~HxlP~|T{_HX~BsaQ}z%K)}bw2soF zxZD6LJ2%opl6pruYvPZnAwxaNDc?G9#+c>rsopS`rZ}pXe)Vs2ca0se2%1s@n6^&a z?R|%B%1=vwBGYE&P4!sBo@w2+QP?t=GtJw2TEk^!*Mi81H~d~k*{VOcPX_O!v5!up zQ|-tfD}50};q^xe#9-ewp^_2OsIUVUk~57tl7B=9qrzzH*9PW4o(%kE2BZ=!Vn;cy zCqfGZNH+ni|0{&RHwd{SZnpKL+o@&uLh2i8i`{Va!O;pQyP_+$sH__*JYAIFyc1`o zEdsa=idOmI6yPjlN}`+jz1{G@V87Jv3j&9twTEfaEoKWQ_E0Mwe^frvf~T zr~4_cS4OWM1F$a5i{iALpfrdCiH!H(+CVx!7)<69+i^o9RBXjw?K$S#>y&gY$o;^EU`q|&JE8e`?@=QBf zd(@-yMFsH)5M$+QBB=S?q=&P758}H2YjQyQ$%;izMo$(XSGb~~9+XBk|I08= z;5~#oabMaBNr_Upx)iviWk!1{gXOVG7)2%QweA^3N@ws1m66$5SO_#^;-5k*oCm|z z-nv%ciAB0XmCIr6<%BWtcIa?RwU?b@99&*L7)Rf7{*C*N3>-xqf}6$+7F92EGHi-L zVt#Yp;hI#`Q{yxSAE6B4n5dkw<)vR-MbPG?>ZuhD-f2-ZVAqK<`Q4a58jLAY;PS=W zpg;-BH2^p(OL23RD|xb?(L$*y4xGyUwZB{jZNRy~vh0nlG`<2{r;)CJqATiW z_n7!K^^kS-(!>G6E|<_vW0kCH0ygW~*+b&x8?$aZJ&-efIsk*5Q=DaK{#a@?DJ6zA z<-l1~z@-*IKZMeQOuc{%4Bzurl0(Ah>7QFRA`1;Js?R@pm$!-(;aR^*y%~7`|JI`m zoQDism65d<0{G*qnMabZyDfB>LCe)@qfXUS>s)*UF~Q-#k9}9XplX_8$yDE`I_5@- zMQG2=(-D#+X~{h&#`utU4#uP>D8dikm)*v;BDTYy zho#>1;d=zwS33je;F^rCzA0=#zR#SJQq>q_C<8a?Z#ULYpb)j!+P;6&;GY{4RZ~%u zmMv3XP84N%k|QGnNGJu!zY5%EWH>1bK*ef8D0v@(FMsH^CG zUXA4j4HhQE{cNEkz!c^`#YixXgwc}0v`Sr|p!<-XEAo~bN>ejWB_HDnIdbV*2SJ#^ z;VnMfM#?x#sfOf^7vOvJMenC^21rBqNso5JUISzM@mE+4<^BZVy2HMzs~-Kb#Xt5# z3=gNh-GIs?25ro^sMHmiFchFt*;ZC^yfV7G-xK&fl%MyJ)b9D6r?EH5EytU$6vT+v z_&uN)BG`TZajgf#E!bNLS(r5{rwIL_5;$aNtAXsNCALM9nD0x^8OQomg^n;+tJRun zvDRIJ$F=$qi(Vm3!X%DpFmg3!)d%B=R43eM6$tcA=5XfC4|5O%+E8T`XIQ5nqQ5>t z2l(8AKhI~Ey`Wwz+2A$4m#_e`mE$(*;?F8`0yq(9Kxd+M<_>-tuOaNTb*S^*_|5bP z1R!M$Qf>SA9xBQL6DGJbNd5yB{HeAPUefa2nDc;u87iBvz@S~Ml!6(0sWy)ku@!3o zW)g6?jCPao(7@-`L1(CR*FcSGrBTB?z6;(pF)-jxFokui;~=0VfPR`v%cRV zDY!1K^_}C_sBr*>2*tuUp;4JNvM$d3+Z>LE>w9Xj{qI*dM|20BR+fE`)9Z4}r#@A1TY8WxAmc4*$4_=T0s zxk1nI-wg91n9fBdYoDr7{X;HjoaF;)0s6f}-e(&*e-j^qO5LiQ+rCi3G-p z5y_%{=GHvz1tIjphoLk@dU@@AsGauSrvXV|)Ekp6XX$yJu{RdP+p;QD0o3jVM=5X# zsjvAWlI}n70112ouVC%u8fx>(kqZ$O=!q6+IA+`6u+f2>xW~}0ItMVlY$LSXt`%(_*1A}z28vh|ZKD}_THb@5ZW)elZO4z)C-sjwUQ1PCMN?pGb`bJ@OUk$)&>4Dv z`eVoS`?Dp-Wn`e0J1&7c?s0#mUBf*c%n4BU9gB|)>CIZ_M-RbBFHHmT4_kvw0bt|- z`nEAiyO1oDLqV>6oD7{RW9b2&8w4vEng5cqw7Y)E0fN9g3hcM!-Dt^$yf#r>|HlO= zHIj1-khPumE5ZQsR6-l$H*>9FF4`)f8NeJ=nhX=+sv@FT?TO7?Z4NwjMOJ))Vmy#3 z-RwtgqQWXfgx7oK1lYq8Z^2orme7}eJNB#;X& z&-jUsy=_2w+c#U#J8{ANczojXjx^GU^8dh+Kc9A@S(ZN*0p&&#m!;*A26yxYl$BMx zsb}~j>BDi!2^n_Uo4PN^hed9QbcPILa`Lpj4fYbokYL;5&iB;EO7SGo%^I;kY7CRw zf^-IAB&q=ecuL~~@aO9yCh(GuNM0;T;b8bmQ!lY?>qVl0Z5|KmJ=yblg2Knx?9frnVLj zl6XOp1+IWO$s9~8FMo_yDU!Y=Gbp=?xRRKy78|D}jObsF00 z2~+gCQv5`y7Zn}D%N)*CUX!8&+z|Q{CZ*~9MOq&e6Qm1p0xPk@`7{g3rS4kL)j#(D49OB~~1|u=4fs;sl=ON(1ypGq*ABDnF(WV)-Ip zt%s9=>h~hS^T0vYp>e-t!G#Bpf;0heTC+8>KU?&1-VcCzo>M;>&HvVoZ1q13>Awe_ za7RVz=HNf!ca$2(j7`#=3*(=`4zUVLL2C^oBL*dLKIRzpdES7(f4{$1RJ}ecW_yOy z+3Pe1YY-zoThtB3x_j1KcLVT&)06fnHs9O#!c&Z{kzqI2OQM|8WY^IRMtWK960_GK znr+#~59r^2t&KN!6#yno8FT`4e%S(S7E04k$-obLVB1<(r}qWj4|jN8?PMM@^ePIR zs{Ab_{)lp@5(`4891zeEj4T9W6i%KZuS_c%3aXLJnx6|Yvm1fpU4~6IuWO(^=&t@m z1I&1eVzBMn*BH${#Dz75z2o=d)C2Q2H=gK~*sHonfIllA9>I%x=TT_S>i)n7F6!+w z_t`~FSsRH>PQS(Z)Ky22WM^YCP_4b-YKo#6Q)go;VUGl)a~+r3kK_R+@_ir=^6nP+ z2Q13GmwwiV%s3VRe-_6GUi9I)Kar?MW!Ysp`y#;!nmF7+xZ*SB+FdP(J0XljVtjW#e!t3)D6lKo-2aH~rsYfR)J?S=BSV%N# zO;<|C@C`_webcZ3j6L(c;OH0*tVt}EDh;m?tjF}J5g7WmjRk>XbkwfD_Fl;y9KFhAm{fP(B;uOb{=;u5qK8ok#BQ zp+Pxd`#P zjU_P_hn-bLrr6=ei-GG^ZFgpS|1aael#_W#PMqyTQ%=s8*8K{guJZgs`(vVPzh5+-2=g-*;Q**dRNovub$5#GkC=$^T=vp-&%x^x_J*?R z?1e^)Wfc~>9Xvb{l&eS@R>yiQ);u+voSt*kW+JH8J)6;YJ44P^BPQxGD%V9Ilk16fV}Uo!y80nvfq zP0@TGEq;~FIgg~a_79cH6sjbM@zC2a}VM|lqV=A_Q^bDpe)IdIj5W(U94^4xpfb=M}0qw)A z#MHSctvQB%I(a!2A`F8X;t@ZJ?5f(aJD@InRsQ^~nJM5ah{fi#$s3!ahlap4%mssE z&Q~Pvd0H?aC7z2H|KevpbnFMwrRV3jOw<`aIMHrxr;csHasjFE5r2#)l6{ZpM`D4% z@o&Zfd}(0(R)5HD*Ov2UK&fVfxBqSbhcRTNLFgI9h&52f)#*{11(v57Miq)-4N7;a zd{ow!o)v${S7EAeHusqBN2{`f0hb;qwab2gi0y{*711+MlD6#PlQ)J@kB z-lgi*`z~pV8Ilk&xqqqpPspN9WQ5wPP7reR<1T5xpQ`(19x`vWuRw}B=tq*c#*1hp2uYY#0;jc~>z*#LQCo{vwoJC`d%t7y#FGFs&NK2{3a-uaKlp5YBUDYF-2CDr8@i!Khqjaz~;E1VN{xeWHP~0&_eLuncjSS9Jznn1OJJj0m+S zAE0VbY}+}<)VZ}53E2ii8%1z{(qNgTkI^`5{wANcZSVRu zqEEjNS64a<7|WU^_>5Cl$w0VvL`77eoDs1-LT0P@ky?_k-rMqyFa$6uQs{M(zwrZM z^dHJMG}Pd65%s?4G$!5{_JSa1&@m(PM~2yC(-T6kd(u|w^DSO55x%$oBM}@ABZeN} z*2!lQ0W9F_l^FP}IPN0thq5IcKt$`M#f$wa9@6NpaDkPSXMS4MZsZJQvP0sV6yr$H zAR3ruRsJBj2oXfw8S_CF&&_0!S$35!thk$IAO4d5U;MC2Odi#jOMoSs%5q7^{_cg3 z$3#S!&^pOzzc`b%HYyJV)67r`5!>L=&{_Q-@A?A&)$K<14b6fML~&1*C%hGC zWUex#n)a8egDZh=JDsDXax!SP)4npvd?)bcB|#8Rc6Q z5Na`(kq5BCR@3Xp0}#8iJ{+)2ctcENVAJEJ46Q|xjX#;^hK0d*SfgxEolMxeank(6 z+cuJYE*=dEso(dVlp`krt%>`uD{kYf*C3hoVed%K4&T+6Wdgw1o$6P?tyi$1jAEu4 zj5IkSv?G)$fMp5zl0=eUE8{VIoV()VrBTG5Z}g~qAiY){op8eH6$|CYUVrv5^5PY@ zU%c@BdRhtIm^n3#a`kaC{U|A3M}XE^BiSbg3at36QO((W=;pUr zcVf)(ytC!0Jd|#QC0?4|ld@GbHp(FbNt|v26BIx?%3v8!NmT_~cc0HrSsVC9KxO!a zjdQX(Cy2`&`D5~fIU^8HipYfQ_6=N@Z9x6`?f@%n*g3sr9ao!{n*+3;cjOyYXf@-Z z&DYy_h;NjAp>ho|R1+4$z81Ur^UE`NxWW)p#EEhn#&M!aHOg0~^sfkviqAaA++3;= z;wjitm`T5S=ej64co=|82|Ll8u)~Tue42M!(VGosTyDBFjnu_3;bzPX)c?pbYx9o8S(#$z4%D&ibzj}=$S#m?DWPav!-V6MeTCY+kyK}b-^on5*VBH zU3^CJOpxFObxL4KD9H=E{5daC$hS5LOk71aL*CRS@=+$9cJew-CciDd)8zkz%U&Y9M`QRIp)NH`+%2Oe2IV*FA@2M8k>3I*pnxz?5dfUj23|Jwvm=dM;aMZZ4 z0@QNzn$$wJAe18bk+X}wJIDh&Qr?2U%l3yY41G4B_4n7SenE;yPCqeqF6 zP*P0a5sWXC`H@yUl1kNkZCxD07hE@jhLInQvo;%AH~OD-Hv@Y#dFGwJGt_`$7_=@UryE2Y0#;p58l-)??|w2Wgx73?K#>0l ztn5N5OBO>Lj?4;JQMA48jgYHP13z6J?K`xq`zb=s5BtFk1b;v8^1*Q!)Sf8MJR$e% zlGJJBrH!WrTg_er%FG53+h*>o7=tk_6&TIku1VNu#Zc{rI!Nc}=Tr`!1Ax@;?HiFf zYIoxJEVJwIRO7Fq-XqfrT4h}CUM#g4K}|W*x{R>OzUgP?g$?q}+fOGDnS^O?#BG?z9@n3t}aYDC#f@o`x`E|+H7 z4R-O{rv3%XcJ5E@iNUjs!SA;Q!AjDB?D&WbG--SpVPboJ+P8k!ev#;&I1~3}#GFdb`;$tg*e%@|f9@L?(+`0)J z=Q?;SKTy`3>jC4YmKeYuZA@KinUh?1pD>@Z?Xtleo{gt${wwiD7YSTJv8nK@aOXnD zFmJ*Q$L*k3uQ-~62G-#@DB4uVS4-EIp|WmF$%8VXoN6k!7{VErsK~IaOEuXDJfdJkb zB3yy=TfCKPBbRM~m}+SMJRRKgD`r|(RHqjXlA?(*(T}+&bZMC-?>#jR)NPwExSHQd zgpeUs8xY802Q!QOxnTu^Aao-1ckokc*BkLH?D%b&8!BsphHBh%h@SfYPwIld@QA52 zhiI(``!Rkky(c<)u4X9FIP{MY_McOhi*I4@6lZVe`w%k78H-i94ZagqZk0F5B5HZ1 z1hO?mp;^!=u;D^~6fKD7ulmlS!LoAA{GN#>QKXdn#<%LyOAnP?WFcr%Nv2G28po$u zQrwPMO?-W8w7~@>_+W>Qs~X}D@8-?W4>e?tQ2bji2tW)0PfJ~hK1flONgL?sXXSZd zfnLQWOpZ+^DGU@mWRws)G`ILr>(%&_3lUn)uER^<<2t!1XOG`J%(~U(3;h9p@brdi zniPcJ86<6WPq)Y!Hx(hJ)kpY=?Qnt7mfn>oYKtqYq__r#tgc)`;pMZ`gaA7m%%XpS zVh{7IJTu_$O7-F?hX}plRx0qmwA?aXd?K=hfbbKIi-`U0Ns3?y!=qTTOtK8Q1HKsq zf4}X$_aPF2n?J{FVT2-%b4b2d?fK-MTP7L7dA(Qm`Tgf)6=X;tDxccb)WOSui|?>n z#EIVU)D~oeYBE)!e#ddMnxy~0Q2yER9BAFx&RvR0?jlXrl1J;gUUePOF^#X`S!|

>{fx}4`PgBlvMki?Td%v_Rq&lq#%lvXjqiNaZYOfDq=wWUbEZodVuv# z2_e>L zt=VOak_G|HtHke06)fQhUsB%;vT8{UT!rKFvA(eEznVi!9HKh%Xsb7#2P@!r=2*Oq zOL&ha!0D)EupVbZY>?DE_0}?SzUa`s&ks={a%WmhmRJI_BX<(xss2!_1{DTPiNu~m z(4pBzYGe4-SiY2V@b(Eces5ax#3OzFX|1n6T`Z)5Dx)E)t8w)KjZ5Nm&Ll@*0uMHW zfp5o3);ydLoY>6uHFWN|0v4`T-AkK;``PE0=bt-8_Vdxd2nYNIplP)`vP6A8CEE#g zoM>h@Bk&=YLNHoTglUppt>&&~@gB53PyPvTcyE6?;6E z9M+7nhl%kDuq!-QgAdLFh)m>Faym(Mq)Hi+9gytr!Q#R&p^$m*x&X`-k$Mm9Ban?# zMOf3Qe9-1HfT}f7l%Ev81^}- zkX6TS7U(vzgFUeyYztoW#n~ojsJ&r~w#C(YN^D@wQ>c^U*SdqM6aTQX8oF-`Snrix zE|j==^7;a^W814I|}y*S@fK}P~QTaZ5!zkIJP9V54$P^KQqjF7Hf8f)+L^?kHRmb z#mGG!BuI14YjONtcnzu;d=%e3Ix!r$%Y(YhgP_P?Vby$bjmD5zuRDbNLxlHp-E#QV zGs`>t_%8v>a=#2Q;98*l*ebD%vvH>NWZcidej^G2O2G_fy7Z`3b|#3;$uS?0R6Cdu zuQoRY$b`$Q9L+o^0QMBak6)GDa$@MS<(Yqv+~2LgF7L~D{u%?k&K0l}Q?YV>!QL_4 z)aCjYlAwG8nBqN|@jMg^olIw;M@eK7qD$o|-DxkSe~5Y57JG_E_@VWK=XA9_!n<-z zL4??x3wCe6yMW)9OkJsUA>4u_jK;4agm zswPF8_kUqp_*I}qqLu5eUD%wPq!Yt_4z&WGDUT_b6Wrdgv^TY|et)&_-EI89n5Rwt zaP2I7^W{J-$X!vK&kW71n^)v}aR=G=EFYcNKX)2@`NW^=y9t%8ZuP4|!q7J^s9pZ6 z;2Pq@(=j{P2cG*6ADubux#oJmJ8D{Utnmm^pzu@7J3-A`;ymWRS3Qe z?mwjZ1sV0sF&Mw3jPm`<ieDDFDHp=bHb2ln((3q<)b^6M&>V@!|*TAk) z+L*7(3qD{^gBt#wY?pqrSLsq8a2>UtRQaj@iiw?1(@_YLNeM@S_L@c;A022yN^| z|8wCSMS0C4t8bznlRc;-XOA&8dkg3UI7;st)Fx=*pbIe~#dhkv#olW#UG4IrPvLEE zAQ51gQN#L>;bRO)I@(@wbAap;(lWc}W6^IV`0i}Y#y_6O$%PQ_-u1G#(oC)pf-S1Y z_ZRvRwFNaE`Kz*9Pd4G<-C!SBAjRG_>w)`-r@uPX5y^kSj#S&3lk-X`m@WAFgf|c@ z5aJ{iwadG=1Dv@Ll*_A9s_>cDGVj8lScMfFkculE@%??gX?22xR!d*FmM_qp(pvzi z9xq}&UWCXg9&@Wqf>smghTW_Te5TIH#1r{(1)dxpps%H2VI(~7ut@DiOByMJ2^Xo& z67Mkc?50)?8cAZRWeq`(HTH&Z_8IA6u*}d#wH;j4Ml|FZW{EdX;K!HZ`UQ(&V(;87 z;z@4Wty1rrC)Eb8&CWI)JMZ}G!@Z{gGr?3~gZ}Kc!RFYi#F`6u_EA;g23~@CU-@bZ zBP{Sw!_%OOg>^YPYNFSX4=l0W=Q~(AcrYdsQ@rKK^Z~v1C!gv=j8gUnW5;EFj6?nq zo^QcsGU$*E@1ay$W+zpHD;5Sz%qZLCt5x;`N=X8Q7vD`9F}{!oK80JRtdQ>vZkWCe z>qJ2yQ;g(KnD<`E=kUjNG4+S#4#`A%74H|>MCMa8CLcd9^_~zHLeG$g9=UtbWNDC0 zBsO5@TJy<21M?)sGJs;{v&ZwQ3CE164fm8%S*a05z3f??MPy)|Ea^&pvZWk)&_Fmu z%Omf5?gU;^lFE(`f-gt>7IlR5?#}lfll(@+LsM5DmWyaIm!Jn-+8oanBE?RqFh1SSBUUit~v+4^m{m*Jvh^KB4q}nvsM{IHnW%kieiTt%hH3RsM7%6b1=K{!Jz!t>d9>g!dm{9@I;RI(<25-? zJ;5#ms-3;#7TrYpMQCl=v2od^L*L$~-Gu7PpLUSWLwUu~G-B#b?i!c~)5g!D(1b(Q$>@|Q+cgU1u;v%yTtGW*{ivCs$ z)s+lExsT9%4ka2CP7vCQj~d!B{5T0{cX*qioV(QV!(QfULcHsDWjXsbaFW*IL)Tv1 zDY*3p!fX25D=y%J%=w~vb9f-z`}asFh5004A4dy~e?TNU4f~r>w3dissFQe9PR9tu z=pp?TG(Jh1&DT_AzONXj#lidF@3^OPT~(A|2^TB6SIud6^8M77#)l6-(qW%FE!16h zrrmO!F$RrZ(xPDIvZ?tA7~2P~^oyW?vG&WqR>UJFMuc^y-)blvn zl(AP^?_Jw}dH{KjT4ypB=E8rqTc$Lquuyy&GRTQww8X_n=6;l+h?cNwZmTRtYrZ`N zA;^&uFG_={&qId$r-fSWG+#)KI+5XMs{ZJ#I@l2XUG4Iv2>7Jk^anG};k|ER0w2J@ zf**fwsHs0@(INV~JLC_|oe0-2Hv283l6h^>UF@V}$yzh{xW-wI^P$@1TEFjnn^Z`` zX!e95ekwfL6~Brf5#u6+Bm~#%3`=`lu(|g#&6>CFtUSscQMYGNTHM#M78o-crUIEt zEBAV2aDAX{bIWV-5YiAx{=a>crbgpaAt%m#qMSNpNG%>wiOO~mDAjq4dKsedzR;l= zIs`oyG=fkMtz!%jKXWbK>A>B9i@UsXNeJM$G|PRAFV{?EUR`VdO^ORd>hw&M0H4$A zMIgw);9g367f4LrABHzs5dZ64pvZ(0gP$6Pf& zwvojY$8of4mixa*l3EYAh#w5Lb3QpRO-hH9fAPb&p}Psy?-G6?R5kD>EuSGh#c?AL=i>#F#0t_7V`NWi$G>= zUfC~2ZD^{T^ZciGf!_l%1mCSjA5H2=f}AtXGm&eRWs+CZ2++FDq{@;H7@#0)2ICsgvtGL`Abxh<~X#Y~8J0>P7en+r2ob7e`s)?{VwbY9`Pp)z# zn1Xpc8b^a3iroVsjTW_+uBo)x-ul#dQ`(r@FlzW*7X?}|DD`+ zFZqxaLoVGl$Hn=*w&%UiD$FP6&6NeW|Fb#Z6&$=vrs{M-2bE37FlWcW*oy&1xjO0W zW9TxtuWx=uMSl_%nJ>qnMg}~o#_RIw!07~ANuNIxz{rdHNy;2-^nK3ntIkVT#|=6! zon73}^ z_a3n8dMBLzs{0;`Ot+l2fN0z-BUBnH3lG=rW;# zPlOMtyXg74w_mHZU-HFrv@5)zL8jxM)uHHkBsSX7^ys_z!N5V6+o;d&+*4Y~rNR@| z?g5lTDzW_65}zY*g_C3$$;NTF16YO#V18@Aggb*D=jfym4JD6KH6IeJp5XTfG$)zK zqnfH(6(SEX20V3DnKVf(A20T*Slf-juNEH{fZPn-!LJG}?Y{*bDSg(@q%4c=5C-5R z9&A+*po@O@_@%w1&2MyLLc<~(+N0c8a0)O^1 z`p7>swN09PGIlXw$+|ft%}d*6>Y6Kkj9~aIncYk@n(H&OMNju4?@d(d*m(7EFlBaI zC;IuDXR7(CN45)iK$06wo%I>V`n&~yi7dcLkndRK+5u|lQc%2pgJsUdb{HIXsMHid zw=5KUp8pF{pH?A<785Ykq`w9czIf!%{fH{eLK5)4dH%;_9pl(xd zAH!p7|L-&27-sK}obHIMUh#P0?a5275xX%%dVXGWlPt>*!cE`*;UrH4aEzXeB19Mx zRfeNW{pamso`Ta0!%l{u%G9LT7R!w_6@gDL7ZLXSic4X7Bc26=E|atPJ^!D@bhqgu zvat>vN$;cQkR%JfiSEY=1dTRMsw1+G6LZX-Z@!>{a>l>v8Y`3#9?;3-> z^3!uABZ|Bn;EU*jtQOSDRo3fS4v+3PRWk#czYkafHx5b*f_)grLn}0&JvAL2GCrN{ z@@Yb{)e!!vT=!SZA_AhZ26J`nbp1_Z!Ueroz5%(K<+w53jXZyM{M2DPz&h)1&?*Wa zUmzKEdp5xb7xgB}kwJtACpzQebN~+o0NbRzQ}6{(Egg8>m1u~GWGG`xvGi(VEW2V7 zuBlW(l6+O;{`zTJx;Nr58>=bn**2wU?DL6=;XcIAwh9=E4sxASj&yk(Ka>NP+{E&9 zqnWbwg_TB0+Izx9`AOlv;hf-|W@_$Et(~3dj^D>da^97{14~o?DOOpm`*nNijmd%? zg7+GxgEXO>Fp=jJbhRT%cX)8M1zUUQH;h>yQi@Z_Vw>oJ2d zyc-kWVwFY*QJ+XG7SeiUUEq0WKd~Hg#gg*D<1qL(+%m1HK-IdC;U8G(})e_#q7j{S773jkQw7&=_kJ{bt| zUH&k5DvYP))C*gNPp}-pt1s$WF`R_Og|hW&Eo|_UZ^|?M;8g#Im^>Etlrbk;qH!9r z@$3u+k}wx4oL4;d7;)CfDz`=6xUf{u^$$!t?aKDRzIo@0<`Fx94uM|2hu7tnXnKrN z_R!b9PO$`v1F2{QV)S$EbEgiDRJo`BQ<60r$_FMFJ7n&CdCWpDb!x9KlS)QYOUqO1 zwuq*(sePM5$5Kme{(ho?lGwOF`=FJ5=2KO{PM9Iuxhj#GvC?n?l!qlB-DDWe(1)?{ zro^^(%;73nQ?Cj&a$kUZ-Vh2D4c$-IU9IeU@&K+c#+uLJ?}I|=1b258({8oH5 zw{wgbJl&0l(hKaEeZo7gtjLLDo$y7kQpj>oZUaDj)@UJqk0jlTFT{U@_Kd;OpBn{= zfAG2{8qyaJ$_mnv{G?GmLS!}>aw9%g{zHY4jaGeoVAMR#iUgr7Q`TmEQ%Ki$HzHm6 z8x^Tep`t<{w2`q~5n$@2{*3G+M)+*6 zfnov1bA@=C*rflb&_GTMom}YQ`j`#f4`(RT=#W*6Lvep#-JQv~2qSoT z&grt?86;Y?7X>Yu$tdSem%9(vh0hINjW6#Kx*%%5yjJyd$1v zpT^*2+H!RjQT>?);pTABp7WI=kdo{r!K4%*TPy>r@cN37nN}!#IbtJ6zQv)dx16d* z>MV&%>=TVLB*ahJ(%z%XB?Bl5ZQk{ijYor~7b9EA-DA<1rk1b# zb4>s%tkeWuTov&-e`W#+;K=5Ap_HP>DES4gD{J&Gxcv!xe1=bue9?TLcC630KN#5j zl`&>k79*Bb`+94;BK06^SM3T5Xua8D=Nc}=wFLuoVRu-yJBIuhvR5QTUEanSGL&JV zOV$#Gek;NV8EF-Q{`h#|#p;iYJr`WGNMRMm_E$zU8+S|=m7Og?vG8v(Li8y!13Wi6 zA`9}PNT>0Vpp*e+3NPb3eIfC;eZ~zHcSy-UedeLo6dI=1cKxz*x_?hujw~WVyPPsW zeWlc{+Tqz0i=cMnYQwiHgLX_H)I{NG*)H!s)UTnb{r-J}&cM@^Z>n0tt3EPVZ43+^VQ~waAOdXYnw{QE|0$g2c>4dV`4 z`yXt~hMvpLb_UlE;p8U`vv@mXcp43b+cq2g0r>hfG5*$xg)_lB>M%oe{D%+5`Gb(i zuQ!c;w^%^qw?YKycch^J2U?~K(e52rEE08k`!l+|di8`<_*a zs>zEKWKOkTJ0&u;*Dw$gYWT8VvMi5NX*|AB>uT2rN8aO zRkK2;nuBRZvS%}v4-9Rdl~pJJz-?+EdnnZPrKq&%Yd$m0(5;UZ04=h{3hqi}yt6xi z0-k=Am2t&%>)C$%%rzmJ(9yA~fzA_{d3gtYiRGhQBFZvKi6xRXCtBdv3NAe3>X=XUzK(drfhPe4fxHqp%DrlF7zFQ3?@9kF;8&jd^ zy|`rPzb^yH=!8qtw<&Xlcf+t#kVoezR?^;_X;J&g^MMFuQ1$TyX==jAFj}ekg11x5 zQ~+bT+Ze*ekQLr_m03zRJP%&OXv1d#%bw#p>+CQkM#H%YVstjtT+XK1hB5qad$$U2 zL1I}Y=fz*6e>m9@<^#Wny=M8T#>h#<I3?6S*4o{PgN4He%O~ClKmF1;84%zNrrwi!o^akQzXlbs z;$!+fr}UESi`eQT?nh!bA1sIx8XtwuBf9M?=S)!%DjbV;fmsp75=b$Xw3ZCgEq-h^W5+Hc61E>Y{Cr3nb)u=cdaV(ymmDs|kN!|bjcRPS{J~F?nU>+goM|nr#Uge+6N%i2% zPL~klTf$oNA-%~FrY{ZO(5&p)5%z|MyjP->CC-v*c_y;YPbumo?0GFUBAr5Q5LE54s13BFuI^ID{we5O00JnE@W(^E9NCqokBS9o;H@ zzmo#2w;Ls>IH%{&5FrbW=?%){Duqkfzk?Kdm+#XbE8t&57<-9JGGuw(F0 zUu)*P)oN=Vs3alA@)O9pV-c_&RbziwfZS%+1{Dw1RJ&nOaEd+ z;OU3-`g!C5w5~FLVd3oHwJDFjMo4q#I>U8OEj^7YlOgMo%`hAYKF%w7C|Q;HNPkDe zQn)2o(;&{!9SdqZO4L|qQ@I*`dk+$0`BvW)&BJ4brO7*SQz5v6Ea>dX{9YFd47?Lq zr_O*{=o(3qX5)esT3$a`eN0uu+`F=kXVzFqF^25*ISMmX4 z3|>Xo^56`j^b-&_`Q`QnLqN--c%0huw~sfGewTnOjE7aqtTp?=12I9Ked~U1?5At{ zD`aH`-~e$X0(kLtSqePA>GG90DVYk+1bZT=$nv!b{YF5F%E)AB`XReu0`Ij zTt*1-@)2vOId~HQ$zHGQL4_V}Sm!1aZ_xg8IpR^kO!A|gEHSC3_Vv~1S0YcAgoSRJ zMN;!>#9qPi91Hf2QVCR>ICOS1;^w+kz8LW6cWce$2?*^{oWARDFY}^Bv$+j53}ddi zoB1j3bMraJW=en^nkN1wb2TG(GG0+fiyq}p;R_wgb~A0cLP>i?u5qD3VDH*RMG|m_ zOq;NnDU2Cx?AY~*QNU1_pRw_cf7DOt?(O7ZK${A+Ud-+$nCZACxItax1nXvkzp((f zKFC@Mn_2Q@?OU?!b}F%N*ikT-m{Hev89aA=f|SpXbNShNJ(>_x=&xCRR{ZULS0y1_ za%+@hXyX@n32Z17`Pdf4?GgD6XqKaw&6Wv;jrRtv>;nqESg6jzZ2(>%=R9{}d`4|P{ z#1Lk#Kpb)>m{QtLf_kL%YjXogX`g*}ay@HWj1U-Uq^rQc!Ofe(i(~M3-R|R)GQWvE z-AJ6CMEfvali!2|***IB7M&RBxi{pqw@07p;4Z!3BlIV;&MEmvAr-4yPDGL z6*emh&}wH-rrp0|HB9q$pt7it9Y_X;W{%77;iJ$)HOLbpVlpb~Y8T*`2lukNo_k)r zG7XfPX1ScL{l39BiG0@Bx-KHX8*IK4jO$B^hdk;JX~8T%S|aQ;R_kY04h!3d$P@45 z%Ppf5nrw5dql<3^@m1M}?tFZiOYNo5WFHLE#HJh98hoD@I9hu1RYt$sm=916C-6jI zo(a~+CZzUp!>X1_YHq#K902>q?)2xuQ_r)k@Y@M2P!`rMT&R|d;qYdP>$Ax=qaH(` z4a*svP6HEO+1ZbGd-xIHIwOka@64pBqwvnzdmaf2-z>&#BF8c;eMk+LJa8OcFJI~* z5@PF09N%=c21XaU1|E`UnPrZb|I#Y>(Qj3q`N;Rnr*P%2@1ZQ@;MjYztcsAGadmZG zK;cDj=D{W@8Q_U5dIQfE2KfoENduE-(Z2w=u-8;?qpRfvd4FtDJk)RTN3VwJg$V;@ zI7EMgGRB_L`3qfPB-IAXxh13!!)a0ieN9ZF0Re;c^#SDi>zSRl1eH>6uac4GoY}cd zpPA}UmJ-_V0G={088Nn{-dCUD1flQxAfRZdv9pBCRZdh(yb$~Vl=&>E6YAa=rG1}; z)yp@2PBFkq?e%#4ST;Uo3)Ag1W$Rl#`^Azn2>_*rmd*ch1w2ElmpLWEa)XKmp?ss{ z65(}XJwqLP23o!v)4PS?$|dKsjN&$4Yol|1VOvot`(dSh_Oq|*#b0{RKbwP-YSM=i$SYtxGaDSr-1j<=vx^%YX$cl3j2DL254 zx2yM_PLC~uB(Hw^^PlT(ssz8IL_<6IxQS>Y5xtG%DBVu-!eYW&1iQ)kPKFqJTI8v` zQj=qu6|RF5xaaQejZL|ftj)UDl6#$52e>qoT zu8+EDc_Y9VZSx<7!mG1$JmoLA;aoyJ*DTbfAvnzaX*|tEj_?xz<*i|>nO!KQC8M=k z;b-uq#!C*5B817M?WF%k&eaj}{?!T@<)aYt^*NN0b5b{t5R>+~mk!cGdpPk~l1Z1v zN1aBxsZTW2xaVqfbWYsS_LfPr*q%R^Ga1fY>BPyL)C$v1Y?BNQ*P5ppexCv}-Aa$l z4fY5Ddd}|QE%g~R+)}VncPksQK}cN??)`r31)QGHjKNE=aoL#_6x*YGA^XL%uo6bd z!fp&RM_#^hoe3L|CGmo?5VLpvee!!Bx-^38noWT*FIB%4ovF$!O7|XTdaP=ETd`n3 z&HMOfSi)=N1|D%xTgWENh&g=7<`_5!u#0yyyUY?VF~d0LF31i5`gqJP2pY!`!3jXZ zzYHxS8zldPzkeIHPeh!J<*!vF#?s5t^L)*XYQq+{AP5XM^;HP;_4Dt@z6e`L$ak;G z?B0Dc*!r+ijApSqm3hvZevB%x&HJ>v8Z=zYI@D+EVVh?eF%u!jCI%q*Ik-{2g4Z;X z^=r1*ctD$cw;lfQCF=`2t@1!LV}FRF>U^vl+M)3aQHMfYf|9arf`#mDGA)9$@vr=> zhcLu1`2?KxXmvq<*EA!H#&hs*y*e|mJAn{G#{QgAP91hO}6LaI~Fa&PAaG!=W5)IVn zbOA=Ar>_Rj!4V1Zc+>dN=1{!=kPYmUrN*$4AUn3J4-I(=uC#8J8uL0EXJo@6WlKhO7w9LWJANzk%%Fu>}*HdPAHg{8F?k_PH1hJt-Di3qD#} zgWYy2iS^Gdfj10t3n%9fSh`eK>Zho!{MmUUA|uT}&a(~d9Og6M}-?>PJULc*5sO?W0W-#I#Rdsk6S9$4?MQdQcHzo^|)RI-m2N>ValCaOOYsL}@w%9;$Lp@2ent zg3~~q?k5gv-mHWI%~H1{tsw(OL;~_v&^ocKdcmDp=slaMsr4TZ^tF^IO^qI!MMEY2 zAa(e%U=59;=Xie+3bS~>hjwInmxU6@Ny@&?4W7_xPl&(w5?;rWB~_UbBl>t531D>3 zJ`EHGPd+KvtERQ_dBH)Z5V$lNzY8-(4sGJK5J$#-gGaXfR38DO$aHWIXD4opA8I!EVY;c(k$rw*6{F$Sh z@Mmu<#jTqQ)j| zN(Fffm0A7jR)Z-fncUqO1sMfKc!JM?hzXduB*@43uRe$WhaPPx3U6c|!z)+#SwT|{ zegku3keZB^9KXEg5{R!xb(b%EtTm;S_}=ZOZaPb$#& zt#-cB&dm!}Ook;pZp5qK@ z;|Jak3RcQ0a+Tck7Dmbn;bqd($Hy0ds>@XWZ)$@o@uZlDjNAwD@Ar-<>wn@&j`oms z=oD=$lhHQY`%!92F>Lz7W2eN?`Au4?l$2Vu)Y02*mp>Ki69@c^GWZxhJ~U$Uuyo0w zuZ6Dv*-MYMdllC@S7mNwP>*j}A~4G00VEl}5c>?k8yYNT=AsWQCd*)2?5*7W#g2>a zEC1#M7i?5!iv`sN??2GagbMt-Sa`bFTXS?-Ea`%XwvQFj*;N@T2F z@;P}vJ}xzyDT197=Q$pk2)9tyN=R~nx2z#$JR`fPIW)DD}_S!d(5$dN1*0tCT;g1@Bn z7Yk=+gR=Px?(1FMAEb7j6#lE97Wg!e4;z$4E8e%f@|;FfhA6$El^0rl$hogmNqFA5 z;9pXnF;Uv*baHj zn)#cM){{>;2b}Da;2Sf5>>N<$oH;m}9gKy`ZAyr*fzS~kRNx;f6Z95CSV_$ALDH$% z>$J?ex`E7txRgShlTkwcrd48h z2Np@uA~m>q=}Hfi>1-foC=Hn(;xaL>s`-ns0~ISe7)n;7Z6GW8@F2<@=G}y}cs5&S z1nCg~HOX#4c>BR7^~CY}pXUoQ-mfz-!z+4UAd2z-3;~lM17EQvqdUo;utuI`ja90m zr4zT+LQQ+xN4Uc>KrqZ>>WLTM@9uIqhIi$(e*>jF4UoFIgIf<)o1H%z20s)Of6kq~ zn$E9ZZv#NH!QXI?KS4C;;k)$6^S(rZjng%r)ixR$UPMaTsXOwdu4XZk_{dDoUf;w^ z!siYmm*3A#jjb&randCtKcLeabFruIdgZ9zlE2ZkY-88)HZBY|`@*a17yVW)FkdC`xq!003M1SxgZD@x z#?Nndl?m5W^S**-y4UlFJyRl`HP-{2lu>zuz9-3&p$#C>`l3%lNdvzl0UDF z=W1o?9DheBfhqU2NbDe*LJ`TN?e4F|{RC6OX+z10y{z|s7596kKLo#4DPM0$@424y z<{hs){3Y`@nCtTw zFXNAz4{_)0RH8^{kesC>QDNTEpD(H>z$t?b^S7<>&u+D>e6v}kttT)kx14Q|d8^Paak7LP2*@d%pWH$KJ$e*eyrWIP zX9Q?#yw%oQc}dHflb7ht@VF zf?No8?B_m#&#?7(wjRrAI8~Ek^OW)yJ!Vnnt?APKzzhLQJaXBaOi7c;bMk zl}f%(|8+9Gfoj(A%k^ zjv1JA9qDvOz2Yoye??T;<9l7_!v~Q4n=~cRXemYaC?;b=S(AuHTv9E>P<+Th_V->j z%=n$7>27-&P+;6VbYorh0~H zp96_j7FJU`mx2L?+-ZRpRp$A3WdJ6BpPd$b&CJcnfPCscE$TS@3w|_d6kHx8cHL3X ztro@ciiFNbOE((%M(Xl-$FHaAcwz(8e&y8zG*7L=GZ-#3eV<#4YMjKP{V(jCbS9SpJexz51}Zc|A1zluNa?K-1#iAND6p0pbdP)Xf8q0jPY;WnQ zG)rr%wY@lc`PQ#3zxc52Ccqrw0z*0h3_(^Z^qi0KnidF;Xg}<~j>yqHyPX@H5?^yh zxu{R|+`I9XY7$@>*9XDPDp&2bAC@hUbVlIXhgnJ<-G7xYaCzak_P5xvt=CGER9)N= zsweStw9KP;dNkM8?|ovTW<7b7Nr|blJ^zoYuYihj``&(s2I&@%mX6zB$SepasZ{J)1g5cLApc)0SW2;&ZxipU*EV~clkPA_Sx?_`|No3vrGCtjSTb^ zRUD3_BpbT|%~DsE9eKbe)Bj(g?;lD_SDho6MuM#e%}Iz~o*!*lXEXzW^NOuT18v*j z86Jl4&h2oNMa5_cQK{|zf^cz6?dr?mhQbCYr)=>Ru!_h_^(<$fVy^Eu`0neo6 zaUOIeHYWlYus{0-?@tlhcFRsGW_8CgQ}U6|Z@lKP*i1b<5(RwmcX)?)dU(<_r9)6g z(j8V?;}wG)cog?3zykUZK*Lp1di&TPLO$)J{-ir{UqeArKlbDYY{);tTZJ=5dcVd% z%J`-GUir>f5=^kiGV*$_4FAXlg`y1z%Iui#e@Go=?9HOa}zk})41j377Kaxhf$A3x7a)GIAb^Oa}Ri35gq;myil zsUWXFdyU!;{Wy>8PsDAL2kIRTZS3pK&8L5QKxvf!CCQrsB`7LzH={N3r*(8&BGmeh zLuk2#6T65LYw5&k4dRGSnfZ1v#$ZqR7w$5oM8I4ikumny%#Llkf1Q?ny#~fHJyhEL z=wa_e^8rFO3VK~9@p}3_Y{q?|1!HI}=SRh)req@b3e1!LGNrh{jS!zKQruuuq- z`<(_A(|uMJT_)m)rir>kgXHsz5|n)iF?KRlL}2^LoPC-Rf@V@b3*T{_>%7GWJZwWw zgg419{~fL}DI3E2*w4FVHk|n4!J+XmB$%D+^-p;~*+Qu%E$JK-sVmn2Mv15PUQ)_u z9&~qelHI?iWKI@rH*lhD%{cs6$|h;oN@g3@N{tE`!;Cw4XSg2CH_F-@GG#HKkm)3WjEl(g;`tytv{{%;Hs3E*^$=NhE-tOape8Ib zc7o^gBO_hY<9#5?%RqhL_hRPIcb=!2Y~c$Cr`pYbRyRsrxmgPiDRNg&O$dAgWo!OI z>4v?OyYT>x`t>IQoYbu>NE{cqssly?GwG{%VhoZ`>~>JrO|i=pL)5-|>>{%1vd~}p zXkk16cAS>imm5b*Swjyl#_Q|#RBy`$nz&c-eaG>S{U2qpmsG1O&;gzSpGV^%wG}%4X3#-<2;d>b97ehz z?LTnNHmH}^eDtAcz?a0u@IWfyi?}R012VA4oT_qErV&Kg}0Q4+T!i! z@~!n!?R;JVK-%Y#12oFPH865Z(FRmFo=2U8uh^QVix_sk z!~3PW%Y-q>=az8dq5+^ClQ~~UVaKnEP%Ufk;`3mkNs1kc6^r@3JPDFneRXLoT&|)~w)vN!y zxsAbQxbz#lzxL?o$3+`57sO!SX|&b8`739rbVI4xB`>KhC85DVhHa|tOzg}Cj}Vq> z%cXbngu#KKfx{A@fiVC@x<4lb;PX)9b}}s;p{L?%*%)eY9pYds@t9n675BTLjOwwB z#BbEa+vZy)TF>h;gSb&U5l`s;!%iu_feBbOetO>8iof#%9ZuQ}5O(^l(C%=xv@s|9a?YF=iwrmk_ zX)@Gh%a}UuQ)VaQE}3=dIsox(<#t5B!M;ZZ?I>1%t>dE`6Gk{+Jr8=Zn7H)L_J9=1 zIBfyGDD~5vAc$yC0Z2zZWU3AGQy${kCg(=<@G#i)*f>8-Heo9&==W?gc?jP2u?pu3 z&^gM!{L8}CTgE%+;AE4%$R;+;CR4i|my6DUE@GQ-!00M}=vNjoMZz6&37DFo(AeU* z0^^4@Z#S{c0bUU5*V1*OMa6I0rEFuF4$TTJWhp%u2$Po|hwRGw5EoH(WA5C**bVuZ z6NRQqg;L!3@jom8J_ww%aRETa(S`b%u6@1w(QA{zegUB&#P{6=>^4u^A9scNuv6`z z7E%(o!!1heFlrohM`wQV(lA+1eDc*r9KXSjXq7avZ4@dh?l%*PBWy7TE}MPBwbIi< zGDix@sgoRAYU-<;s^?~?p=0Y{Db7At`r9sR+RVw0|S zvo@Yy8t$UcGwP%F?yEhQT(_(QQ3rXDIC^N<2?R8z6N66(jj>ls-J0O7Y>MvxJsREG z)Oi*S;ET=g5|ugykH^8-_qg!PCMqVcQ9y=eJsVCr?;t&}e9lo~F|EK}&RvM;sb z5{|fxFEJ$f`!g1Q+l5AgoH5E0IfVc!PpB*FECS3)59%E_R(Bz9$h1 zx$$-n=Nnst5;R0k9(ck+5F-rAffX;bTB5(YoZM|P+>Xh;oiR-S&CW(QpR|0jV(2ab zb``IZl{bp84yC*<}WjjOpk z%kCyH^kx4`rvm|HWvQQzoJBsnbV*{WBgG};5Zn5%hbI8Y|3#d?<-h`#HL4ANQE z^Y*_o^$sedg6Lz~hi`@?8A5$Cfcp(T=V>1vyyl_1=T;py+J&kYQ?b_n)!Li@-k<3p z8VJUyl#1Glnq9^~W^K!#uy60HqHTAfXlk*#?E@y;(Wku(vIwMhG100(ws*CR)_f^e z>eoj@L61}+9#fYZ8y(I)zgb=`BDfGDk&XoKJhJL7ZZjpt9A$7C zmThRD{=P*cpev>Qa&$N?iEiWx!RHyobfr|HUK8k9)d0+j|J;~A=n`o7s~n{`o)|Jm zckMwDUEFVL>gE$J-bTF~NJY>5Wv-+d$7R+%qBGV70_4yQ0`}le9%h~vw9t<6 zl-`N=tHb;=Q5;1dBoOpq^FdXU3R%E(0=YRO(;&asc2mKzPMoP-;uBX%V(+m*J>_Fm z-9Od-vy%eGg?QRbIC%9mIJX%2#f6`d7B1nWWXIySl6msnn>>J1N=WG))XN7RlP91Dg>(#)eFtpuA%;9+FR7Z7{C-dgL&E=8ke>r5Sr;_u%Dm#h z0Y}WZHCvW9=^YtLD&{PWuJPR@)!!3Fk7YZa|C4Yef3KEj&~S zrTPw1@9%_-(7tQ+$=Zs{w1y3HmAwU;JdKkYWRC`ZPV&8cXMvcg{yagb%IHMsjYb?i_V-jm|!i!}X2G!k-*xeVamjQG%q z4V}xIB-irv4U!1x?@SvIT{J$+1QsbXtM`j!3+*L-BJgs-^xqZW$pT92F_m&Ch`%v$ zo{3pB0Hie^kpEvh#vk8pxH1$ABR3~kb%6Y5C3KS?r?`uw&GnCbJ(%8pY~L6xKwz3x_S0XIQU@3MUc1Swc+p<%e?SEL37t>h z*KwjOv66wtIGIgTdf8W)Z==M~X?*yL;8^c!0yX*wf()Xf5{Nfcr+@-`ZX$%i6V&A` zpoT6>4&FRgH4a9)@h{w}DXxGgRX%U!hFScep~V|KE}NUI26}$sck_v&B9f4~)f>Ex zeJw^8zlZQO1kO(^^7M|wM}(t$2jn-UzgEl?FK=A@V&6*7+v^j5V=o{v5V9OACNC+~ z7_~elB~8V5qX!F0t8}B6ZfU7(zcno_L+ArCV)hG#`(FdhZ|0%)bE}I;~n5r=bB1Y$xyhSayQ0!!6SH%b&|R`GOW5 za+FgD0!#jHd02~LZ{!q4XdQoX9uit-ar?nqX~8JuC)Lvd&yq0kTiMB2zK+!O*?%fC z$*1<)OAE95VIhkse@dfrD&V$UUVobAeUZTMF(CN)y{d{J08`0gS$*gxn=cYnbxO!` zXEKPLDn&O|OQOudD7K(>gMMNj4cYR62_ZjU7RgKHwtLAzeIs;mpz3@w5doNWc_` zY)O*czmdwEz=Jj&I^@z--iyWW-@cDl^ZsIfi&RW8&$(mX%jAjCEE^a>m}|!Rtz8zc zCMoL2S+WK$pT9im?_0h;TyZhbfKi)Vc=jA_6TF&bhnDvR+ zrz2|D-KW~FxZG*MK?Z-=UcER;pK8w4G>OVZAFewcis3|nT4&=a)e#p6GD=tyr<%4; z>x({c!9u_qEcp<^g`dLeY2eY#Z_Xc|G%ZztrMZJS5-=R+ct@M>i&xP>3JY_0TJ z6q3(-PnG5M#MN5auX-fB?gCX1>o%PmgY(opZOoruqC4m288Kc|6JjKAf%o zPQiw<-zJWVGY5Q~ES$Tew>~5Y!O57vf$-|jCL{UNFWGqaJyMR95k~S#mV`-IB?^3C z#qU%qaI&r6%nB^s!Tof3cEs#BxwR)~ZeS+#a+MGa|MdQ~{j8t+Y|zbS4I2BdvnMv4 zQCXn}i4$e@_5~;@6#UJ@mV1(+u%X!b+vw1l)OVvXa+2mjAcHI?0?7GSeScy@3&k)? zOeN4Uc(-3xsRvD?gSZ&Uqmm=6rl_sJ?76M!UQ@qZ_6Wh9QVHGICSxi6@ve_IM!E_Kb(?Db{bFn6nV>hA_?Kq9Hvoh&sBv z!Y3I$;H~zSAB4YtmX~Lh?%LmNOb+eHqnpa`l2r8cKf>(<(X>vLJYdTh)-W*8AE~xB z5eFu^ThNPr*|6yX_Br37o?-j#iiy3e8V4n`2&PS4`}-D~!PGV|{}Dsonfuy}PJ+#j zLEYI77$F92ppgd}_Xsa(9j=sI?DsQKKPeR)e;KT#wygQ^`Mzn&qDRK`O$#tbdHRS; z35NC~kE9Vb=_BMxL6d-ba+=na(GL*lC4;}ATnuI8ap`2R0Wr7U*(bZ0LR!^*a4{UIR ztCl|u#b^dLxI&}7JgY|oJbWM&gd`|Q7{J&6ZbQ^ireQx=2VgVj*lgwMM`Bb7-!&2< zkVBKT!-&F+ie>TL)?A!?oo)=+bM6B0@AMJ2{l>tU836dsHq3Ds?_Yo0>jr>8uTv^r z(fRB8H#Ks^ie9w<--b+Wo{tHY$tRcumj=_xQcxxl#kn=3qv+C(*Dss$ilY$xdc|B8Z;9LuB%Aa_ z3|(O)wV~Y}Ucad0UW$8o7+H0L=LXF3zNhiey&zJ<)0<@*i06T5Ix)IMFVoph3*}in>iuu;oZ}C(~98HNiC}UZ+SD{|jB*ZfY|= z?@3NxcBF2Xe#ubX9%Z41$OMC?EY<6*qJ|Hm_!W*_D+6GaPT=)@`kB-a1$t(jrZ#*jKobP?jEnhS ztd1(~Gm>M%qYyDMnO-K6Pr^;=!i2M?z2*@Q)2K{0|tP+|12MabU(_eV%ZKDWPLD7*DbHMP;rn?zt+=};>o zoSMLFtmrG1ll!SFssK~FnD-wA1YlVE^9obBagC8}YH&2U_$L%nchT6ytt|OiZEv|W zzVlwtAJ)=-7y^(0j+UH+>3!`SlJSu?8Lmgoaj;NXPVR>rdm)|o0EBe7$BzF4{mj<;jwsnLo3rh{|8Tek~#W4p@bA&>}1`F9Y*o7Ah0$ORwtz zC@pUu=9a$)Z#L)e^(e%F5j+efa}B=>uZkzsQ@)!f&xaLmyY>3^Vl$rWVLC-E7*9+7 zF=$@NUp&0allEeabp-~$Qg1(oh^{K*^5TFlhVXJsEp6MFCCD;3n}wFm6d^sTpe zd7+p4(zASPo4)GEAJc$QLEc$;pM35({CKBL1U7nTzG&968mDKm+vIpFj7FT&oJ9?V zpT3+(ZyPvO<6Q19Zjg|HWPaG!->*&e|55;A%YD$e|Idn)xVGs~hc0c?%D#%ft`p@% z?n)|CIoI9azlBz@vB<^tikjE5mkzf#*|H|$HR&dP;?tTT8!fxQ*!3ZQ?z?yt(}N2U zYGo={{*>txku}=r!^~3~%15qrV&S^p&+^vjy7hd6ET$9^!@B2A_uS7bP3gK8#+iL) z+``r#vl<4_ztV#qe7j$`Z%r?>SHpovn*n9#3wkko>%Qk>&;>Fgv!taW#WMlX$2Co! zQC_51IC&uyrOmjZvQp4l2~dX#&`1l9&zU771I z_@B4AP`soL#m) z(mY4a*+qWB%NaEdDkPev%^3}7DgwEII^H3x1AL;5OIY1~7O(Uqkv@R0AR$2+nm?=4 z0s&a)k{Fr_KVzLD<_Faqc;P><2cXA7Vo*DUN&v=PMNHXhG>h;LUBXOp_!xxcQ=)Uf zj&7!p@3EOwq+Wob38sg)gQNBu9c<>v3d9m7o0>a*TpSE5!@OsAEy>?ienksPbZ9t`WcQyJn4{GWM+Gf*to^TW$)7yv*C~9?Wo~IdRE~{AD{Cdw z(AvYYrEfk-wZp~zU|XOgU!__1>+IfKwdU4q=Q99*^ya~yl$N;+R@ln8cc;12N1B8c z{e`FQ+zQ9fmG))TV$Sf5bn3A$)L*{@olD+3Z4MAqu1&N-3{_G$^LD6R4F~=50=auU z;NJfl5Jz}#!^EJ()$(V`9VKQH&ovdAGLZgYjqt3mrLNpyg@ey;mu24X4F`7=N8-hh z&j&Dh6Y0T;m>zmBQR$S{B?(^T&F4}7oS(Uz7&O$Yq;jWv61un+M!7?+#%SCx;!eSX z_EagW4UQ=sDyxr%rTo!$kgS83%KoGU&wie@@xi6jZT`ZA17EujZmgIy4bdwFaj+iv zi`V(v29JZI%qyY?Hw!A3HpqE3M@F}DqgsDZH(N7UB=}chw~HCyf9tyX#iCgFsklFn zqS{jrSWo}gu;#Ji)7W!lf2SUEu&zY|sQ|+mFcF5GgsY@Wh6+3Z<8cjz zJ_8;sDG`y}>AH4IC_eqafzfvWvJVO!Ay-hw_VA@}XdUUK{i#b%7f9BrXe8@fwpb|7 z+8iohw7=R+_HKY!Ee*7v?x2^=+-};YDyvb#+A|alqlNhyU5!D}Ok|J}}W z6%Rr8bm-C%D;_zcu{G>LGNXJsTvR22(k?={7f1*mUxHG{5Gb#Tzz|X*QlaVOEO3$*j_DjYOyFo|UchAa5SxqCoNc zVg-eBBc?^8CY`i-qx3TdgIA-!{T!D*LyJb=bSH!cH9%BX$CPTK&@uZ~r0q5;Id_Rf z)Sn7|xv7=S9ih5T(hbc0v4fq-DOJ%>`%TD~L#TlMyK{#$v-#E{$b~hqGq?Qp*5>XI z!eoK9SM|nY&hcbP;x0T05W$RT!zG`U&B@No_CETvBASf z52`cmqJ(@D3@Om}1j)WKfvDWI_{bP=J7*HN{WAri4-O8NARkYRgH>Y*KiPRqvxpm=#JU^TUA{oc?0^I+6$JU!^rYt z`E*66DFa-mwf0g^OA3w(?V4-GrfEDsVF2sORZQX58*oc{l)t!oLzog zs8l|*^7~G5w+t-Q=cB{ztUD+>b&Ux)kAFiBRHO^+R5`IO4;|b&W%ve$vvPU)Bm5g} zA{j`64B2u+PfG`;XXsub3mEk&TPl}0NpgK#>~WIkxl8s8%~R(K-B8sc1xF^`(1=AT zGl5dq>}$Hm1FfTMSdH^|$t}Be3*USuMREooC$k{@DIuNPIio%g8_zwUVG2%!iGs#M zM-sjS)OG25FPpov5ZE6E(wm%K@Ba|;B{fbXnFp(2-WqD0SKBvcCYT3-LpcUG%fY%( zSLUBM7_Muf8AcuZmf%eo0d?5x*8sPv5tTY;oxZ5%AimWrcwcyg&^qekm z_Tv9RpH@x1l;!d5$ZOB$ZppYjC3H#<1MVt87n_O2Rar!3bz2OAGVlU+4ftgULm z)n(3BR=X>RN~Cn&WUQu zLrIBh#sOMRz`+Mu7#<`uMx6CEG_0raoGGl=cw?`~aCrC<`{s@`hg;Ylj<%dra6Ki# z$CmLg)Ww|{5IvjkhA@&iet1_?a+Dw?jU^V|ezC3C45njvTdPhJ+xQ~ZQR=2%TBI^x z!8Q1qR_U%b0PevrcrH3m96?41S|H(yA>+a{U6rO{>A8rCe_(6L~bdH#V6nLnk{@+2>cUMba5 zmF%*X=I_-tUC#)VymWc;<#95fi2s1qc}SBRC|74QK2bYzHa0N$^c@YB4M}^g`UBD4 zqL9syI}a+;*mNCE*?1${xY5jOCZZCAihwJsRQqDc`U+QvQWoL=*5}9o3=%X^DE_DX z#y>cwMXw4H-KLmK$+{=<;-N__leo1$7~GO(%4CW&DjD!P>8<56wjT7?#ILV#xSlff zE?Ele6H?Rh8rfs}nGt^KXL_@I!24pP11WNskmpvBzD8{%b^niGhS-$85VD^h&T#b* zmaI>s7t@iYXu}|>Scz?EVf3i!F*IzdsGCSq!5>~tXEuw1BRisD!q<0o8P)`y?*$*4 z0F!g22hXMVMTc(W@Q*7WXJJCam?XO(DTLZOe6GNez+QBcdopQ@$qrv0DS2PEPQp(; z2%|$(udQ&fmdK4;^{}Y#aI>i&4IO1J4$vO3B`kn}jM|=euHLC1l+4{QDD`y`w0PM} z01r>eZHhGix|H$=hwXy@eoMjBW&Dewfi<^c!e8ezr4l--XQitP-tSwUg=j!ss&#i8 zrRkX*A^6d8Pv$B)i9r_d!vU<@vSx5^dKJ{=nw)grMiED$?%z-ScK$p|Sk#2u&Hk|@ zRss|dlK5SsEBHEU8K5{L3p&-sZs`)&>TPslX2_Q0cwpsBsFU+9vVO!Pm@0XckTka& z%>E|z!Ec9oz)-jp`C(afekhV)+M!LqxhPWxDRz@7*V!de$ZB-%>B z-v`wst)h}z5JWC_nW}n;tAp?FMqlX$=p&+{hys0I%EO7D!u&`jXh<{VHppFbd@!iu z*8tYKDxgG5Q9W1RN#V)MVlC&7#dF(|t^Mh?g8u#|$~v4uBg@|SDJ%DSuW?7x+CW(moz~AdwgxQ37DQ|D6k~ArS_GHD9-Dcd^ zS4_AJzdtDM)!ko&fp>hoA%?E3++%9ThSv9tw+=;>P)@;-j&xnD+u!xPih6~ z7;2_kRMV7-q4@erj8EfIUBor`gO#>M%`KQA?_w%~YZP~llTsDSo zplpyGm|#t}pRWYPV~4+Q*jpul7}=R3fE$XEdluwhQ8s8wL+ZR$ji+^1rySBJV@at$;l*<0F$5;gEFChW~|&R8b&p_E){H zv4cS*zntjbPkjiK|8izmr&p}kuJOf&tNs%;Xt9WgvIVdZK#3}9 z?`cVH`2H5nx(dVLKrQMrn9#`f!U;no6QfZ(?`=j54uFrdf02-{?;WmF9yNudMm zBb3%}Y01kHLyJ@IR8vs*vo-o*wC+o>^`%go-;;pu2sE_B z?9P1|3Y~5_X-NojnaKQn`fIlZrVAmh?CdE>Xzip6O*lK1oFPX-&Bq6hpfMX58U6Qm zw;T|OPSMNQ$1$H)(geN6*HM}0hIZ!X0e~&JD(mgarx}O*x8UyLeICX4Zx4YkdlW}f z=%lf6l%eY)8sQRUjVPt7N6BOWxA7WAthECR*Muqtd;B%)t*tXQKh;GFqIm#U*kK>i zi!$7LR`iX`7{|NYvI0Nv8+Aa!d!y|)moD^Ojb7|$m%)v=6#=$7stxN^L?Dy;vl|L^ zOLARb{d!A=0TO1VxSh2NDroaeoJK7?gwTNaD z?UdE3GU{D1PWl!dOwhf18pthXiVhdu?7g`EOu`+A(32Q``V-?K)VhPZ@mR%1F=5gS z9E9IXw6`(=^>6!+JM*CV34%NQ{{jP;9J}r?lkRW@77M>-a+ISLmZKBrG$w~G0i)r=PE;pI>-xmpN8)z72Y|0;JD7284pupSC0B_+3>c#?xrij7ytw)P}} z9FA@*EF6XvCgBw+M|Yj{$?dQy0;`nZvL{(5y>C*3^&jFa1TzA=5G(|G>nDe6pR({an4}K{`oPV0WLd} zII4XMIGQ`gI7@$vb$~wQPnz^A2`OpYb8!spMRGbQTFz3(ub)OLvXx0}QAPF63%2rK zfaFw*{klME5ZKiY7f!UJl@rgx`k0>W4R~xWK$@vMMphM#5#pInJPa#SS>YeNvVT!G zZPo6GZx-z! zrt_1PTtVet=%#(U8OT=lYV7^~{R0#Xmip*d_3s&a*{HyaX5yOOTmsujG97O9y|aVg ze}lqM;xemzbkCFWXn6^n>ty!fr{^24nP6n5PUO?ludd&XoS|bbS;UI}J~)cdL3yD? zrlK~Zze(}|bFR(nBp0$$fMU&l-*o%K-~~H8ZIdu*^&FH^75;N$1_;_1AuOGyH(hJ2 z&HHN=l69dhemm2*)^jBw&CG00CfMmb#yJKKhBQW!9P9x;rsN0LARO+epG$0xPcyt( z(ldE$9~=Ly|HP0x5|ZT$LriW-P8gU&J#ZbTkd5|_MjJ^Op-%`T9K=#kHk*+saLb#1 z9sL%63ZgO}C^fNLS@UPcbx^R(T*uFz~lIa$6po?_DWU==SC z^CGddER9<^IjF-v$98;fqbHT5xy8XM5I2j#bw#}O9oRYll)jbMzMsIQ6SH=Ud^2sl zd^CM(xw;nCa93V!gZ|m44_1if6J{mfqpKF*$l6Ci&BZi@-yP0Y^npbytT}nk&Y?oc{rceI7Z;(uylzyoH~SH)!BYF0NY6vgP8;oPUpeJxWFf$igW0Xs zOZoOgum<4@7k2-xa(fV=vM|T~TgqR`z~Lf&q`8wIx`^5ED8H;ACW|g2W-Xrhn$CA^ zht+1>!5Z5>_LItNJ(b*dI{eIOhn`X85{1v>^}f0{%o9~yX}8~!rML?2GHS{S{y_?} z)F!HIuHWM;uKF#21~;S+7+QAl1V3*wx$(&JR2u$Mg1hd`9st5JUS|*~QMw|_mU^PL zO5#Zf=@k91bn`#x`JU3t*Sc?*Xv<-D2;>oYXrvN}IGnc#*j{BeiM6V-n|utuq`ZrV zc@ps?rmP_Ot~H<4qjF3+wUdH7#aG*ARP8Hw;Wrl!RzW!tM$}kw(J^*mc+or#O`j=lZ+eC*lM zvm2Tv`GdnFL4DL6Rc7k^zf1LR%^3_eCMryQ^2+$>lVnUi2S~{hgH=KeZ*Sdww#tH3gBX+R z-v{a^XQk)o(bF!lKoPpmcM7|hk0P8w!aVe4>4%!MBL>FIllD`?6+^NBZ~}-EWi>5q zhH>HaPt;OI_%Ic=1k7S5Wpzv6r9Q zlS-|RvFVJKT#hsAe-sQ8)*&}q~LLafnb3`2*=OK#>E)KuMVIT8PP zQK&Zx*EREIR8WlUz;lu7q!Tu|c?X>z<0Zx`;!Kk3Oq8u!^XbSG{SOKYatNJ5hna}| z_2L3SYsAju1z-0^5;GWi&-)%RaNl?FO$b`so~b5^NX~XnXC8z>2sO_8ayUfSPU~Yh zc%YYEzrMFey#q2L#WBAA{sj`D(~*$9vMuXE^C6HEvPa6OoWxdxZeNxbBLct*1@YT4 zMG%3%`C|(~xD3i-ja^DQNA9q0cl26!YHsJ&8$9=scNF{>MPD3>k}jyzFNn3?WV)yK zJuX|XaICUX(Kp_IgxLzgpV8}iFcm&r>udZos4+TYQ0exONQUZGfsGXJYU>7I(yf_`h&WQS$EzM(0FKe2mX)yqsd*+e2Tru2Yfpkq2$rkmce&V|BX)8l3*e`hJr0 zGY8OYuK&NAZx%Hzkr)#$$+*O>#>mFRiXc-U>bMKjj30p^;J6tIO)61Xu?d6J_B1=C z77YO)@a+?c%#7kf6qBDOD1R|hb)wfgmrx|2EE1mIdMp^x{r=vniPtQ`Pq=d)J2Xw9 zLj>VXY04*hd-Z@}6BoL9`}C~8x+@2zRJ|8p!7Sm7)oMQ2Il&6^+#HMC6v(+EQvw$d z3*X051HD2e`oE8vE8KgKejUt>*HhE}Zxj4+`l&XHU5a^TySuL6Yn!HUxxbWw{A`Hr zj#g4iNq)QB15JCm^Q;9EZCh53aT{!ewYq%i?rKwK{hWv-Ir_X6Hmv3655C~GPkrM% zx&**q&EVdat!3}1Gmn(u`w++MHfh(H!}t+s8%y!uKYBJ14}LlnAGy>xM0}2&XkDsb za$6FtMAiPtRu%vLSNr1v_i*Q?}xXNyR?#56+<{& zti*bhQ8=wiD4WE6&OXNpZWa{pw)hQ21CCC$rAD^sM=v*04cNH97?94g=728gM2ipQo6WmUPONZi+a|j8F$>r%|=x#gKvH{ zqf}{KUL6Z5ff$ujv`bWfXkmv7H)0I3n2yYCB0?KyhMEuWQ{o_b3Knuh9GW?|+ zhRzS&1iuyW^5OWeZaJpHFoadIRrqB?kb{BflfUm<)z=L@QDb7Rl_z<-nvkrxNo$xE zv)7V>_MmT~F+PS3uh)XMpVCU)f^GbrvOj*=S@rmx4+nf_nni&ST$`L`F7=lKKLH?s z!}kMs5&TF^#I1uXObGhRz>yiH=RF5@V0h4bfU$w%0e>&;U(NnY1Uuur zU?djDpb57nlcM!T8@)Lh=0S}X8OEmK`F)2&?dOe!+SbN`w7v_F3GT1L9x0tg82>E3 z{UWIin{7tor4g;N3T1v{F!cacClB}hj8XA^x?aYG$L*_tyAX#gUedhFN2;H)rhC|4 zXi&RvH4E4PYep}3ziZ`_ZG89uNcdohsv7TTzlnmsIN7~5K_K%0jhf>~A0%d!aF+hT zO8*7^RCQ{)bghQmVilg(S`}UHAu(Neym6@Nrb%4JDo-mXO>}0b~MWl~y$KuRnppvJ&)Y6guuY&@4598@?y5@t#o77{*TH=FmZg zCmld8yG2Ezu4B};{g-2$lDnyU`{^~u%(k1tc-Za{w>p^a$>t3^xgZSIydxCkaHh~X zp4r-e+6FwA+Xh0Z=PZTfq~0cpODzi~_rJ|sA?8j_$r^Bi%7i|1@4T{iJUGp{L+9{i zW7!XsU? zLfu-K4%-TsADiY!Ub`Y*FYhSpz(PHrS@|h+bgF!^PuE*l{%8bHR?l;R(vWVm{moGZ zYEE-V>Cl>}sKljGpya|7F;%-`d{pV6P+8%Bg(9X8a;OBZ5TG!8gezt?`y|?LOOC(( zTDVgB+|4&GMCM;z1Wb7FUU(`}SvF`l&2O6_k>}W0`RB^IoQY$P8lNv)KM1l|)HR%@ z8OWVKdmli)qjzgVAy0;!6mj6UogThBfxq+dGG->kXwrZ6lU>GT&N*mGOp9JBVdF&j zJlz780DO{CR!^9i4Go5J81Z0Xaj*0~Gv_)pKh*)p4AL>b^zJPGJI5mKf0b*%Q1GXH zN+-fs8jA5XIMtJQO9FqTt6W@c|`>WXq$yUiCI@J%N{9&7;V5+h` z)oa`%RWpv$0ce|yGk*0x1^e@k5=C5ZPE*NwOzCUuwhTEPV35rGv>qX)%@ycMNQaI8 z6*I{A>ySWM4o)`BwGs`05}@NQ1jfQLzGZLi`_2SvA^Yj-bs*7C{I3joj&@|}w-tD_R(`I=7c6Y1EO^t>&d z-e)sRxiDMVw`lX^?BtE7R$QXAtNv#b2&vqbx=?*EBZB&w(D{v=Q960&0h{1Oqe~kZ4H65;%Fh0F#>!WRiadMzPAR99qmAhosWj$d@wE+lZTV zjIXt9mxSi=4p&_Bi7t}UI~as@2zBr zRsRC+jF2MWTl*7E0nRJb-n~vt!V?f)VqH$t945;jh!K}fB|uy3!)GIC(!tE~MpJ^P zv2tO8z5lG8pYQyIS`HMqx3vA5KMi4|+2;2c|KjI8LGO9@<_mI3IaRD^1A(VwLw!G2 zE6ZjKmL#AtXNURfv`*>)R2ddr{)!}K^nKJe25pL=hBHxo(Sd5cplb{o4!QI>nY;}N z_W@QQ(1VGy1RS!z#!D6?jfYjeNuMjNDv%HEP&{~QIu_78c;jxBRx1fH>G)^uM6MHA zAJBF)*iV`6V&4U9ZHJvmwD%`22c`AamvfzL)9oHV-)CEvn9EFuf2Lqm&wTJ!(KxRC za9OO!|Mqk5M&S@PXt6m_uemdT?~aAYxWeDvs%XOPYa_gYF0*&KdgDEu#piklSb|Pd z;-~<#7GgDr=^&R)9!2#VdPVuaE*2E~Dk?ARup~miO1}z8#5N1zVAl`=egJE`U&P6B ztj#gRQmQR(Prl#5`QCa4#sc5;>@gxd%ay*kq;6lLiyqHz6fP)Z?IDpiiJe&!ZRC28 z(606gP^y1Bs2d9Qh8#!UZOByD#G{}_5cErhbBGFXFyxGPdniL0{m*TG z(A}}#@=Z`>ORdLBl2a;;yr1#)+N}W{2l3c>7mAY0?0pW7o-3&P@JOYv*VI>VD7Q(y z+TZbF!GmFSVdcvqpxQQ?ctk;BM$$Z{t>$E^gQ}wfHRig@S|GQ_QJ0K z^7ceZntL_zp(K_z`;X>`$yE+iI~M2Qa%A_&$gyUw-IaN&6i*-KC8bH6fgbtO;DPf8 z{y1Wthsm3mINy>Y=C;3ZA7&+`rwSC3<9W?LY~Magakw??en@F9mSwdsUDix~*ZO=Z z>*;R-wl6!QJXz8X^vRdL$MqX74H2-8HGkDFy0-#eQHh9Pen)*@jY95!9Ni@ZawwjNXh@dP zEv_3ifvp|O7|Swzl^PZ!FGRqKb63^8oHgoq!Xe%Lk;61mr%#}18qa&GKZS_d^|+N@A;wb+OC7u#F>L-z!YR2C`~Lmm0R|J+1g^{52gXi zHswTw51mf&h=ikuzzZ&dB0vEZBzo@iF~p<+0Yk6;qkBei-l5KatqVy4PWnD?+JMh4 zAwAMn&<}6Gu!w30OEjG^iZRM^qMYaW@a%U)>f^Q@>Uj__k_MO$dd%_MduTn^D|K2F zoH$;*a%;>^^hX*62dRs*;;qQJ36a`g67&T&EP%wc#q>p?$F`DbCrWVuj2>=( zae6#~MzeQ4R_e9i!=^~^@TBlyU5NWdZpsQj_!C_4zY(EKv45^AQe=Qu=>4zg>~Jqu z!q7?DMGt4CY(l~iHa|| z%L@*EwmU>4Hq4din*9w=EAJ5oDMC(kDpu*E$?p77rltL5K!_qDzM|WMYG^~TLb*}4hVuyZhyHYqTJ@IKwk22G!{ zH<^3__e9t<%Lsl%Q;Rsuf9H#-rHD}5UXVx3g?vBYX`zP}Yik~Y*$#WDFJ|5)Dp-S~ zj=GmZ%#-7~PvN-T+H|Q>08#?-Z!7&NLxPC!mt>*RX=yZo-0Q!#7*vBY&?cvX>KKqTJe9B?qa2W{NRmUqK=1j|aFv9}+27^Im!IU?7?IvN!78kKUTr3st%%xB+*7=x&bH(B5ES zAR__0fO%=2@k5rF{9rfi$N2%3;hwH8`_tL?&Vx_NHddC;#a&ICiJ+bPgY~BxGLHJ( zhnzQOe?6LTL-{DjYFui-&c5-a8DosQk61 zQJvb)S4d9tt;IyiL&DKlzN-7nTB+~I+x|3jya(?RWZ^798x&t>)(@QTcYmvUoE6u1 z+qFn>

5zTfeWQX^)CuCxqUK>gfUjj=9Z#sn}bZFdQ>^?Rl5lnc)3Ds=hiP%I*nw z>29POLAnJbm+lrM1nICqx>*`&r5h9w>6T_eRJuiw?kj)C}o?YskykE zS>xihr(O~*r!i`c9y1jI2TYKKgm-M3L{&eEa#BAe+EPy7L41d_5s0^i3QUf&WCodB zXZ8XCOzZrbB%+64i18S=?N5_DR+m}tphA}$L1~74Q-mjYA0ZT+_yFUCHvA)=A^t8~ zGE8Qv$QI4eT|3YYi2^s9+k6rOeE|Q={_R_0u5zs1-!y_3t>Vtkz&UVL)+ckH=2DpB z5B|atHm&#jUQKyL5PHd;oud#L(L;p-ujVM#CqL9APPd1!AhoJQLH-$a;oTJ-jA6 zsznNUVUOvCEb8}VGY3uLf{8d7g@c1U z&fxzzMHJ*rpmG97Ha9I|9teLN9uV;#9^h}%RE3c9Q6Ar8%lnZ&PN=9(B&ebeRMEI!`|EGVmREPu)$K-J5{&G{R=|`gOvbPVLp?M; z)hePuq*HX86uOMpmBwyit;MwnoD|UX6He$Z0*j>*6Bup6A#}X10-TF8;Pc}u^8S)` zJt^Lg3@~XY;rzHWLqbR{;BErmD?$|WfJH(GTPz7eqCgD|Wh9LLjLG)fB#@Q@l@%Iq z9v3g6KzLV3$m_Zdue?m`5TNG8+^6@M=smP@^(rvumONw6ZKp4Fh9{r1JjBjHB(S)x z0YBZN@cI6{#OfW_{|zp+x?|U%jt(Ul(oQH@zMYts!j1=iA9OI5+ODaAoV`CBlL05m z^gkNlznR;#jR=K2y@uDE4INvwvg15U6ff_-Dask%0^P_?{X|mRGh5Dc-su(@HqI}3 zYa1BX&;Sc5$MTiLH~Yq7Nqq14gf;zioEE($9LR6`dslP)*>T4LE@qoo5csLE02l#4 zdZ;#@ah1Eo9tXzRtW8MOxkMsvP7dqSbCMUfDE&-Ty1=AoQi)cDVO7@g&`_tVA1b#0vBD5?vmyr?74Db0`dji#__1({ zyG=yZb=EdUOJ16MUUtRj0{ejRhK}db?QtB21);)&$Qw(N&)<0>ow*3-SlxU^()!VG zwb;P$e!g{SO9?vvo^RT>6-Wbtnxec0zX(75xW;Q@GFJ4_3;O_><=X&gA_F|gZ^g|+ zHG;#UXqAv0m$z;+R5Wx)HT`o}3biy*rNr@<%mqb}fYqsJH?GOl?C~E z&P8hXsjNV-t@bO^_cgb@X5ujNhS@$uZ8*B?3?|Fw>3^|j()N_&cQ=5*Uan*g5mgZf zeDEgHDM-ZKLppn8l5`vK3318#e#~^4-JdMcDnVyw5#(MdSfBasHzK9h047lcjLbLk z+gHs4J87bQ_7fbz^#G-FT3gklecqH_&Dde#ngJBxep8&b`duj4p)LQzEXW}94rC!i zpvHgFl`o`%>IchNPoolK}FMg_s$M?kioln!gp+o zt;{=IIDLEppuLZvsU88y*(I%}i0a3Q&gUSjovS223BN@3b#L%;M1l?It5!C44hujI z(DD#*jY`MscMS$HWNzbQ$a5;}$Dccr9m-414ekjlS$FipN6m#cfb1GyGetrCqSLli|#w34+$I|L8)!OHj-ygANAf(%@7 zP^8GWC7ikRlODCJ$m>(=>fyV}#2(v7RSRNAU>m{9X($h$#Gy=s^9b3uE{p>8tF4&k-xeh`=WUCy-H}LSE-Z=T^E| z-iM6`22O`2Eq5J1`w#|>$mlK_KY~7^O5{nH^#!A&00sIPl=-U zOE7{nEv}>|-#D0TPd)i_nA(m9ydhN8JG;y(2QJ(t|tmI&BYJS>~ z03QO4((MJ)LP#e9APc%vJ{gW;ip@1Mg{x$Kz9VM*=wRi$Oo*~hm!AG}#%>?xyM*=$ zpkf0}YV?b0MM_P_Qdy60+Ly&M++=qhRnPmg*gTz|Y@1v8Q6Ntj&Gl#vRE$A^Pj0vz zV!yQ;byYJ~th3QS)qg-+p<|ylBv53oN4Tr>^D)Z~bhi=^iumv}|D~5CpknYJzxF@0 z3}+G2Ycz@|S_6)IN!+r0*zOkm&F5cIMBpYD(q(B#4QS3 zC(x5$^87H|8v=*f_&Er>Vc7xNyx>G#5~6zp6rsYUu9By+5I(OuGV-cFX}8;s;A;yS z-!pW1`K0yY-`mNb>k((@LyODH{bv*oR zdkluX)0Q>&aZ{n74$r>(z~aPGE}g*u8{%6{ybM+jb^@rV_IbWXz&q*t`u*fx2cdWN z5C`=u;aKU1zW%YtT_xv|oT0N!qOK z00Pzj{0n1rlI`r_)T>2?Bozsrw&DWmpa~Fho8#_nigSh0t?2)Pj_Q zBABSC$S9DmhmG01lJqU2-hbt*#~%iuRyq%h0$-b^>2K8!zHNEFHuBT%N1_}c=Qnc< zGehqdm_qoIP0R(ZF%b#Lu3?~x{i1*Pi4?&J80i81&(P}+W_K)%=)*p?KH_ZUeYd%o z1|G0|vm;-9xP^1zBEm9YivW+u{o7qINCbU@wo(xG>o9IZ*ju7pORV&rR|ER}ave}U z8A4@TsP-_?+%!W~X73G1b3XJ6P3pY2wynVxCs(SOVo38#ug78wP^?dqe7rc6pLjx4rFY8uvVhc)1B`8-Vjx4LPJ?|l zb_nC(#Ul~30YHlf1>*x2Btr2ZvVEYz&G{x~Qkil?U~9Blg?3}8{Fetbok*Equ;i;l zC%U_TUbj*AXE?7($`wHCe;95q`w}udp*A=Yn%f!MaaJ3f9ieyfY zu}>-#YIfr+vn&P4r%%xlN%CMQ3%qPQDWJAoa-=1JYLx3+5#qw5ceu%TQeXghmbUP7 z2o_TIMhELBY>*)vx&JXz{RJbbDYMZA1+f^y1jOOcJXXi0B)2 zPsfmeP}9uzJ4wh2+1Cn2?7=-Oz8cMHCCl901nc9qK8u?D&jEX_YQKmHXd|HiI-*6? z{eDt08<0m`rgtJEO#TS&1Q`8+e`N*ar9>8i=>qS{+tE;+xTVERfKXXb%UV$Ms20cP zi)f~Zngou!)as3PbK)q7|NlP%83n^mwm@i%8%q z=kvxhG7dC<#nQx|!k1P;vn=(W1=II9CPn0Ifime!OcRkdy=4KnNwRE_Yg0XFuZh52 zrpEc>cItdCYJ3m%%7acr%cfd{!Pb+TkXd{>;0Z?NK5 zKl&OK)8&8yOUHk0{t(*o57n)!{5yz_4jjD{sx^Sj1;@mNCPeBKy-5vG35u_Vhy}ex zaNT-%oB&uK{0A6h3TvPK!*D&W^0?F|FZpNbnM=~>e#f@~Gq9m9s)jD{QpJ!RB4@Wz z5sheR3!zB7ZU^3i>~hQmBjxsWPed2q-|%u9BDU zBcy}{MZ=XXNLl%+Nk`sy5psG^ceO`Yn+(YoK=~~TuEs7rv8T6pNw{Y-c`fRsQ?az` zXspp8MbPEC?Wx|X(YZWnNFC)84R0_tAR7aN*&3Z9VBg#8M=b{BpyJG2#ndP32(>`W zUJ&lHCO!6*A|uq76K<`m+WMVl;1&bM;*);!BSdwbE93y2i2qI(=uIiF5@-%;xXtg7 z$*5{2aJXpe1S4c2s2U=V{;lOx$2mvepR2PpBuO`jvDVc~^lM@Bw+mOV&}5!^@mBDw z-R6%U{wjK0Zeg_l^pFfjDR3qd^G6m^-yF6Ue6QIV1OQDx4iS(?b0Ryt8(zq#ZYvwBWeGb>e? zQAT+Tr6B`F;!3I?Uq>XoAuyokypxD#u1+7H5cs_i)o`wVfoD)5|3@jb zH|@mxj=V`_nhA7i#@0i^8kc!WoY_p-jNC`t5UilA`3AZ%{K~r`c#8hHz{UF_(grM> zf@qyF=|Vp*wNL&-S4a0|ZBtI%(h8q+KZDqu@HGN!12*=wtmN)|wta1El$}qg4P@pG zuZ8JAJ7V}A`4bl@)+{w0k}10NBsoN^p!a6tid=f|z=u^6ZzP+1%%T>dSNA?su!*1v(g3>U&BvBgRC> z>|+Nbbx$6n-Qhyv)71*Toi40ir%j1C0~7k6Aj{|g0dZkx3z7fDv8G+ZWe(Aq?m(tu zrjRN4ghV~L643==lGy)p`ohU2!(`@&K2JB-z_OrL;ZwSNKwI>pE&2CFs^wXB^z9eF zZKE~}^iDCa)RiPCA@*@rh4it}Uta)2WA z`z&C7D&PcPJ7eFs#t^MiR=ztQEGza$tNe9BTv zx?uOx<(S93Oe8-n%HiC4z#F_@A0V9*GYcg4?rg`y)KI*29|n@cR> zgk1O3hUB%bY_);!Jkgx1;1R;Q_5HHz8L|D8wKOqDzt4MwLgQWCq`XH>+;gAUL2vSb zO@Xb?ug0s}mcT+v+QR2IcA9hc&6P{N)?_YPZHqQ^zowOmr z-OIw0V$1iI7B&p2c9M<{M%{huJiQ`Ur@4~%YYZi%{jtQ$FJdu62PrlGh(`>$ur$iUta(+XGA5+A?+GT^Kzk>?2QkB60AI2nF@`xQHZ8;L*seV(#TGqo08G9}*k|MfF5w)XJpTZ{qKj5K~pV*UWo_ zIGFviT?2)mQ05heugjK9rHPt8VJRny%P9hYLfKV3hpwX_WtYR$J)=AYM~oAL5(QE_ zQ`*E;Y&4JmIZ>CcvfHA7rxSS?wE+FM)(YC~JE|M7$)Fm}=-BwT(H4JP#OOPz@q0`c zvZ~J>i6W3;@SHnAs<(=U>~NoRz|JZ4gj&9<-vk8pba(kG?tHY+RrUDaO#bo4;Sl4M z3~Pg?)`~E^(Mk;5PJC-*gIuL|g)%b9x{Ms8i>U1)GR{AyZUPK0Ah1Jan}Sn6+PI@0 zg9Qza0}X}3C~xwk)t{cZ=0h2PmfZa31#Ijq)jgI_2(P~W{Q?4Hn2yt?L}noYaCkwt zg^~Fh(TdwL(((D^-=E{7-i~q^FCwZ#owu9zsECxJy1!Dg!R_WiGvNh5!Hnj>eaTsZ z<$rV=^$#~bTSe5#2Ym4J*z7w+4u*mHlYvN+5UP`IHX}4L!gXOPi9HFJY{yc^y%nxFkji(If8S&n|03B#LUR-|Sz8Bz1;k zvS+Dhq>=4{Sry6Jn$e7>&a@?tUU}g`=md^vh*~3~ZBqre>CbT>Eu$X?O;D32*#4=^ zS5L7&{KEqLi@Y46M#Hh6cVR~(`|zPsTcZm@6l7h)l~aVPooGN2&M5EWGelGKO5^=$ zHxAB$A8g=Wf=m`BC|&aGGFu)z6Nca!WtR6jJpdoOvI@4V;gL69XIASLsjD~$Y8Ctd zAD3#_W-~AGq!z{ktHrjT>&I#=(gM9ieoJ?GqVvYV%rqd%JlUH>x1fkX-k6n-hA`*n zTZJO(y^y(S?>ys!Xpr{2dnZd4TL#z+D{8M1!GVnWExN$6#2M_Xp>GihD8R zALJF)miyUiGQYrtw0TnW4&i5&`#dJ90`DL;7oh5)xait;B*J-ibm-=ZV0@KGcWNJL z>+s3M>*Tw-Ua>T`dyR1#lBV4If-*$`r!0C+Y=aMsIKdOz5 zu+#?qoO}Bda*rye?`zZ)m$HJNDf&ssXLsH$irC+f#MrIWwB4X>Fl_Tqftmnb(T$Of z3(8j(1@I-CHUCY!1C+8$G+3_@#ktgN;s@6MYq9&mN9z35Te&n4(N zFd_ZA4s7CvvroC1mlAbH0dK9e!xgoG)DYSj!u$|mp<%C;#{aCEcTY}L$*voLs@3~+ z`sVoVN^=HJL9Ih8A@r!_3!WMv1gJ6iHTt_INhdq?zY<8mtSJK+QCB!76KFk;ZP}k< zOb4M&2D5nndX5pq;7Q1YBb*!2B);z!-}A!u7w`-zqMOW?T8z71w2uj;Cnq>;D?tXD za$?g7AkhZ;ZlEX2qKt`R7o(tE89nN7?9HK|U~_+M)!`*-lE2w)ZabX`0(mkFk-KbX zE+sYljayHsdm)}tELLkQ0UmtT*8dQ(QM=9i+rruBG#9#jWpvZxWoulF22VZzb|fX} zeS7!61nl2%pd+B$R7Sb~scS$^Lq%=~`-d*7f^!VvDEk=*Vl}Al_<~q;uhE(n*OAI% zZtnVZ@pB*u;;lWtF0uu?%u8?c{Df1GGLn!AB!{aAu!M&yAgo;r)jK{_OVuzLyp!{ADW3mYcMX)yRXE3BZTH)D0 z1C@%oN#)IMiBT%~eMU$ksa>oFiNIqH}XFG(WcAsGbcOyLoHtOYv zBqAgeP%$U++{NTH?l~%gfehN5pO_rhas9oNEmHsMcKD}kS=GzAiFx(yfNjJ!q}M!0 z$qo#Eido-m19jiZ3%qcee{_sv(8dXI9apiC7Ot1JkN*c-|EsCAb0`>SxtaN}xoO{5 zB1gkPK`0CDop&}U7ntm9x<&E1(7UgG&7s$`sGUp!s#@eJ4&D#0Pk6_c-RmNv2d&fX zv>n*3i9nu2)^IZyAfrH+Fg9FB<0YZ?g|2)^<><-oH{pe3(x!IA_>+Bq?oV(q#Xe;^ z;9=Uj-sH-!)tfFZo&l^zkocrEfR29JT3s}sd|$%>@>TwG(`{;o2?SkLd(-i1WIO7= zsAmV>A0S(rrfV)LOT$(WaW=kdE+I>U=mWjLcv0oMT6g#1Ju-9?{!cKP1FFMk(~N>u z1K*i?Op6L7G?YFH3PG-2Pe@(B3%f>!)Y(tFlMo38-o|WRTYP~?=gOx&0GXcOZ(R0{ za5;8|_yq6VfP)E@X*x}6>~DKIet(mIV-Cf0bhe6jxA)O5^Sh6p*I@Azcg^(t6Bo58 z-A{9+hLE4Wvu%`K?tgr>y#y&r*19|YzWwUazaCUGc{+f<1AW0HP>UXv2Dk=&M!vJK zTm(ZVq!eSkLm1o%g9>C!rG*c{a1k0m&Y3*e08idC7^bZ!lZ58`T%{^oNEc&2z z!};SK9^9+`AJZkhND#T6e(bMJ-;bw?%-h}MJu`7!EwI_jS~qOsV55#fssvnu^Cr)< zMLw2!t$9Co&o=!7V$(bd1ZAM5r4*!v%3#OE8$Rdr}IS(_Mz9K zhZIFA0Cu?R*J>yM$ra`QDnwLcaITWJ{;hF)lpL9&&^5wH|2scMB2W8OcbeR=S*rG2 zSy>b!9mXei^6OeH?)T6IXb}^xC&YcRbM=JQYFr7S_{V?Eo#aObCtgU$bZ9^sPq1e{ zlEPY34{njP<7u1+9cLOTgZ?E^{_#|$bp>lrJCT}*i3W)<%)qHP9@yKzPKv4eLPDX; zCUp0i@FFVl!L0{C&F`s;q@9C_Xq@|-e*57}_F*>s>u7Cr&ox{7qgV`!&I2XseG@<& z+w@S?$dK!qrsSZh?V4sTJs;_PJ_f;gCQA|`0&ShRokMh68H;A(TT3kuUVaLbB0;ru{i(MAdscfx?m?!e!W zh~MR_iMAbwEax2c?7KPrY{qdf&_akGjmW%>v_wkIar4q>S@^dpYx*+(_wd{6y?O&Y zNQ2$|-@AR(!&wS=sL>I1fk=E|7yGXx7@6?z^DU@{7osJZ8QIbq8?vVy+b$z~Rdpp> zd|OTtt0`MXtsBbTG17Z5AXf~$W*_XpKDJWJ_E_$-LnH5aQ9ih}CQ!WO7n)Io?~^AMY%zpT^FX_3dnH&otd7wPNEjP+E=u%P+pYM%49*gN>SA~S%^i+2?GW}Hva8?L-77S zXfhJ%ZaVbYMi}?>NF|qDb?5l@MD$azP1FH)6aanvG%_#_Rhdp*A(@7uqls-5(1P_)a8UiRNN3G8z)7eH_U>ZS+`5WPb6-Shya<`}zzHC}_sl zAg&|C8$7ESbt-!M@=iu!OG}%6V^-gy4{8al>2a(y2Rg*bXZUvev#P@*VG=GuWo=9< zCxWTWaW_-pkZYwbJ9%|Fr%J&u)Lm;>rxJ;EK8W+QrLAhD(3RpGquLg{<2U>P?Eyn6 z0ecq5Mv?FDU?{>2dvFb7ZB=vY4*cca8A!HiPIr^KYD&w z`j)GR)G*}Y0eFlI!?CBJ6D$7AARX^RQ&?d;L7GS^vM1I?O#_p%E>9qvu{}uSbCJcKA(GNnTdVwGV|}1 zaM^?1nU{v?Fik!#NkK+*VYSZ7w_kG-BwcKpFAbz7SQ3BY7-D(4;#(B@wL-iHLw& z#nd7Z5x@02*_zv4cvM3<#2U8=l7kxhcoGn_^Xci7JlO*NI zJ=S@&dotBHY*UwQlV`PTjQ6?nga9d5E=)c9TkFCv&estDIQD0*pvw~!)TN=$$N_`D z@{==)k~YpWJ16AX&z(p!3YDZ$-5s2$FHmo1yg{e#a(%i7PgO15Qr6n^I5pvQ_pcu~As*u<& z3NN;TQ_Ih~zarQE8CSBkdDSx8&dVoPvtdLx-bMr=RnXqNEX^{#2rP7X`M>GSRB50h z4&oI4#)7J$DiafH9z>Uz$+>8u990z-L8`hyD6bqGjgIwtC1l~Cci*j&PK|SF9sxzl z_nrDWcK+%)uNL!@oEOMs4m}D5s^k_Pjs&Olx7>gnw6Fh!aPQ|Ru7U;ou&i77F28H& z*2EpLtzDhpT&Q&c`VEJoKRrCm%NKGMq`_!hxdgSCmIkAnYKt%9-1ofrE-Z(0no^p} zEKM(5AEJS8gz!c8MrEa)E!7?kyRCL4^}`8jqkjo$l(E&=eB^B-P4qYJ;lC~GZ+UBU zLtfMQ3_`Z{74H9CvD|iuX^Hl)E=9~2bdJ-35E0Ript?e3k*1OFIH3`0Bhx;1XE#A2 zrj%61qT2q0zyBkVf(in9J~| zbR)?J?_ZkM_a)IidyjK}yCm(&?y3P_0{xVm?Oe^+$j4%35_mPF|df|U2HzSOuB8)U9In=GQg_?)gH51>cU=W=KDA-jQKLknFn#WhKYC zFp>#2{I-&HoBm$=;*o!_laCf;qwkH-HsHTEirj;GEOaTp?6oJxV~V!2@(m?O)p6f>yt z5aP+Q0fLul20H~E>)G2NRV1^ng|2B^BD&)dLpIqSnSvM0zC=Rl$D2Wuq zE}I1f!vY47Erg^>plQ74Co$|zEMWTBfbmMpMz@dtEB`4zo~1~j9ao2#pEzm?N<6bn z!8M_QSO{U~|Dd`53vQz?Oot>@BeCFE2aY?;a)AUd z3cA}fD4)zy^r9*b>BCKW#+&i_oH)Q1Jj4{*~g(v)4|e zO3btM9~Sd9I8(BunTu+<^g|qW?#CefI!Y=Jj;lBYx~mlnsTZ#;0#Y#j?6()iXT`_e zT5ATu?jDSf!V2e%M7G{N{rOvVk305a=fVEI1ff(|a@|1MIsWm_YOZ&7Q+`ws7XFZG zas3wBll|$?#L>TMw@TwP6yP?0XxpJZrJ4+R4iOp_K)(M_ozN!uc{~vX8XD@Z!ad2m zB8teXaPok8^mXy`9gm@Qv?OHT_r5J(_6~*JwLEmB=1nj&Buabsr2=>h#y=%eXtytFYIE?o zET%YaI7>!!laU3Vq$VC<8rp@n4UZEVn+;r}{G zRK+0dU2R9GIwNX6s&XO}OG#Z3t=5Saict$C&qqxO4C$6pRBR(eLgqF*X~k|iQOrIB z1`~up*&_0C^MHy9qhRwldW>Yk(H?JReFm}t@+#2^4&;E!qF`oZNH3h=0h@*#Q;SNv zSY|NnHedIx_FUta<^g#XTm&DtYmoahthO#<_30c zrKP9`rc+=N*-il(+r4QGTfs{NX&}-GX~t=F_Du5eXVcfa;ngECB}f=ag}c5J9s1A! zsTA-AB({#kph;W(CSJxttITM3L<>{&aoKUxeV=mYEhijgDH{^g{Sd|+l}obJ*k5bm z|5ISDOiV9v1E@=Le7NvekD_3sQEwOvN~#bg-H;O^B0ZFJ9<#leIlK9%WydV1@ULcs z7sFteMW)twzn=vV9oo)rrURPN!Qw1O?-No@rf`#%`kL5@E2|`3pkn^aSy~lzcfnYg z>J&SzRB>SLI+{#n?xHrzV4Cp8tRt80eW-;#$8?vS82R!WzzFVe^>y~QAXt-~@~$tR zT}jM+yRj;B#qAu}oh^D2!lx*je4C03`V}sCPr-Q$Bq+{Y!i?~^2N=5^(aK|Thm!ot z^=XEtFt!s_eeBD2ITmx65Q?cBy;#X^{1j7VN879i5g{F)m)k0Wr!zE8PHuo3=M+RmclscJi@wI;+&@51mS=D6r2G?a z-bup3lgZOMe;pz~s1Ox_VNpP1kx0)Jk}O-SmNA8saq-^gSzx)&`zJ&Xy&1jSetX3e z%xj&N@!|C$G6}EL1+;|!)cdo zB{(GG;4F3V6eF`exn}Z10F~y?LJTotA`|hx)>obo?HoXg9nRkTV?`&b>^hAkN!R_~ zwEw5b)`PO~C>VW)LHqMzK8z^_6YYFeN*xx3tq3&xcqW#CyoA9~ov-nt_3e%!c2mhi zx7VPF`~rbyGazP^`nu?65&e7XC0wB(FOkS!C467hp9>ESvVfeJG^%52{4=|{%qf1P z&mu!u;)jq%Z{C12Z~xdIP0Tz6gP5asW$Phy05!44_n@kEH-^suBTDxSeEU$9Cxd!!RFu~*boYieFvpM?x zzCs^CP4riKUOEnm0ypK40v1%vJ*6XkkPtnW*zJCrPWi_yedThB&K=3>&}|O39K~GY z;lLXDZn-44ws6&L`oY1B_qsc`!Gj0P>9OJbsgCQJ`QUr!jLSJ5g6b*#Soxj4^g^%5 zccEwgHXo$LUcsIvhay0}@Ylbf30IT1?uN!xKDrni4^(%?1=}ZgS4%$J(Qtg1f9ma= zvz?{)!2lqvI6e7SWa^9zn;vTW=j-+Y3+In+L!5Ka^|e!#FPk~0z@u`c#L$rX0M!iY zjKaM`5@&9ek;%XiX^hFK#afN&-pt>84vzayXYlR7AV>xcza3iDE9KE#a`V1(JRMbC zt>d%2Ty#RESd(8F}@n?_ z?JHJCZ&MVyZ19cE4YT`NgBT0Io5QjF5<^J|{iCXy-X<4zE*PBjm_(2yw)W4`cVk9YV5qq?I=N)Ira?$(O#t0zN_|8qgwzm0_W7n}y;lX3kOy4`gfd*FV5}yu1^-DPtie%Dd1eX>6DCa< zHIK_#_M`Mu^ovEt8{2Kk==Rriw*@!;$G!2R3fq4!ea6+yb?@w}h1?&Uriv3MhV8Yq zBLR{-O)t$ZR$J+Iba1&!J2bcFy^sa^+$Q&Jk}D8>>B};YMxjSB0#T<)+s%NhY+qM3 z2dwcQvBB;H)b5K@y;duj1{3b}KaJ6-O(cWrg}qUHWPU zPu+^kP!J>cOpAcJE*MI^Z;#8TL`%Vxq2uXs#k`2VU;;WnR-{2}U z&NoqI=M3evx>kAh{l#=+Sc>g)!(g>K-O(+l#_zhLt>|mAb8ECsT@-S|6>{E1KGeIA zi;vi^?Y^cikwaD_qvAKO`p8k@0=k(F$A|}Oo$6sYTZFLeOsPc^wx|l*$bdIhh zjxV#wk&^ts`;s5@V*(3eI)bLdSj5(kCkjz0a$qCG$juL;4q+bF9vfT1lz9x#gw>K_ zItR%xOR5z{)T+RZDsHu^-;NshnfbW8v-&?aNFJDiK=TyWe^{Ju33rXqrBK{{jau@b z%RKRhdEm!(-Yh>uw?lTV2=SqSyVFXwEAb#fN|mBMYoWO{D@dPx-825C{^bZ}&EaXp z&Tn3NOUgJfADlMA=o6Kwt>@BCIwV4(e*fEGxD-XV9%qMR={!lc#UWfnakAWoxv=D8v1*WQmkml?G>=eq0W>^buf3-H0$$4#y(AnwlNB6hm4 z^}+th)G$l0V6ALNPA`5z?AMU9FVvI87Tlv%*&ziHUgfc=_f(<%B-DmNjq_qp1ut!( zM-!3F!Viq)T2JG8KI|l~WjydnimbPv7_H6znhE3jIBBLZ`0Hx~|Dx6g?PAo(4%$%0 zVe7io5W$hDSjfTWx$E~rglMm5ayn3--%Uyym~gPP+nj@Tfa`jW;n4v)mV?6ZSAXu^ zQeDnTBcq~FEKZaf>q^oZ$6H_N1LfxD-EA$W{(|E6@cR(xy5HQ;YDvSJ;7#?DBb+v; zovyjXH@MYRr8$qvT01g6Jvuj&>~-=Tg_R&}9lz43rvR&vRL!+70XHRtKx0^?b~K*3 z!>#EF^1L=l2GoeCQf>0s9TY|Dzn3;-Di&ZFLDcm>kiK-AOC#_}9@R$aIrm=n=#Hxc zSsMt<;NUvZWxm;#dyMzH(bt0Fw(zA(Gjj8*d%W2FpK}>1=aYrl!Nmv?Jg2@xf**|7 zZ_HPC7evdbOiQ-Z`U8B>Gq1fW_v*A2tRVz~I=9+gN5`RW2(1$a`WimDz z)Gwfm!{h<&8KZ?)!cSE1wh@+Nl1#*y0)%SrOv?8L4TiaQNl zVQ;=YO&u3PUaivTf^27>#*0(-f{U<`u_ZbAt!@67!u$}V(JuL4WQ1=*9j#vv8vT?$ zP9S7Rf0!yfcX^uMp=_vrPsxT!RFv2%N|B=egU@mTJ2atrjt5t( zmr17e)@R0OCv?a5>XF1=38Un~=pRYm+`*H5YE-ht_wE?E0r{D5hxwqls8*-ZxWxAR zwbzM;6TwItm^LrY9dnSRwUu5ds+@Q$YnHtISRBi2Xy;t?+Rfk!Eiwbx_J{MUaFTxeW2FJy}UU0hy7hdN+YLy=?ev!TvFLJNzj0--19lE{x1Xfly$ z8mJChJD8qEGOF1od@IBYlAd*MX;7i$e5rK%&- zN;-OrLQk&6`nYh-I4|Hf<;_9rN+T9l#((eUq2#ljz5u8b!@(jxI zdcODAEg^)H1y4R@d@gNC(YvOOYDKXpssWwuv`N1n9#M8-qT*7;rO7iK)OZr##SZ4xf-^G^VbTR2qUPJW zD==UNq7pRbuLw6LR@LSW{G7Yx{g}3;xnIAN=`!^FXrz1_?gxP;*0wpk@98-$7(tJM z#CVG5OezU)yYc-vIeEd^xChUI>|XkMRsR@6VZvLOcYnE-34{{w@ZQcE%1Z2OcJB>8 zo#pg%WHN$U$_|woG9kFpFa&x?-zxl$es6{$)oSVLKF^oGKltFOCk0JA<5u9ksK~wR!b>g+^K?9R z&koj(&$+g6ZQX}SYtO=I?piWB^m7cLx*6q8tG(YHlvvvA3i`F5W8C^$$GR z4?brS-|Pj?>r))Ga*T>T#z;yn=lv?$a*wU!^uo_V3S4waD>l96VV%gU(w8|3mv4f9 zbapvkzqRADstNH9oKp|1V@KR`u&{?V1r`3}n*9fq+xCs@);}UuIw8+ zm&f)0pZ2~oF3K+G`=Yx$l$7p}mXIz11!)$L7D?$?8cCIq21O7732CWC!XO2uOC=?x z7NnlD+}=L-`|17md~!dyKQ7Pi&Y3f3&di*d|Lk}WiS*vA?57S3)vEbM`(2B>e5w3P z%t^6}mW6g+#bW=ZA5#P@;F|kFf~z%w0)c;};FFe=X_8#~#wz({kE%<54k1ypwa9!g zJU$+DwYoo)#E);#6sGlni(kB9={SAp6?;_VY|1%)8am~I?Fo5hMEv+Q>BN~`mkxvU z*L4j{tr4AmOhgjDFbDFOY<~GM$Z(#bw-J@UlYLJBDNGE<*B6QCx+9{_DrDdS!AXB2^1nNM9cwjf;ZRNCl}b z%_EGXU&#Q{#q)XzwoFPIE;bhSBSfeV(6w*4!^E z{qcf`u(MBO=o#pns{65XVP7uzakti*ASR09UYvUhr_s-k6-{pm^?{ zN%b18^BS(^j;;Qks8(gN9OiDFK(L#L`C3mQ+*o}_ieZIdPjT88<^7^*VkN%&!g@K+ z(&nJPh4O|HP4e#8xZ5?gQ2SLn$}|zf7jyZN3v;vJvH|z`#^dhj^-6hs1~g#g-x_wn z^{0)49|bCxZ=LcT`r6S}y;LuxCr;2*5OV&CC>4<%Z@Bt(p_tT4!x(H**t66$bnjx& zpa$fk_sQRYeWR~Q*n5$2<5yKeB7G*ohx`a6?=lrvk0I2u{p!Aa~x|$QRmF(Sbj(+FF#1XH9 zlZTykUw$t%5gj^7VT7f}<*KP@LG-WtSjN2-5~}+GTfbd%eR*b^g$h&cg~uO5b$Ay7 zf7yKrkI>{tnvQj*rDvc`Li2RZ`aN>jj8zltm7L**48c;gV(x8_v#%8@_@|6Zm^ch% zSq(jXq;9TOr1$cY;wxVg{3oOmLqi&$i3{`|ptGniJo!RE{)h>*m)q5;%g)Vw_5)g& z^N>xr-%LFf!YNQz6!%l_srdtgx}Ow^8#puXiJKX7FlU#=7`pwhrEvjNaSb9{lk}oN zNUjcJo+wMHFV{$!?@SKVh(qw(MLnmnRf+WT*RG=!<9xi|E@p_ag@+f*DcjshATEU1 zILpM=)m84Ox%S47nY99Z2plK>a=y9nPHGhz!;lazn=;?qyX6lfC%GQSi#>X;#-22g zi3sqqoACu1yOhe-+&6P7kk|WogR_R(@?<3O$_oW&H(Hz^__Lza%Tj(Eln{cvf%f|Z zCX!7smH?H_2KB)_m|&@(T{TeGdS|;W?^DolZZ-{V0Hpyzt&^08pN=ad@L7U>3&S5o zrX1*<__p{ojzAaxHnT_B5H928>*{zPup@xI=89~k5DVqWvflw@-BP#azOGHvo6)zV zb7#M0x8eI!cnShpF{Lvt=%9fP-KwyX)jB`?j8(u*-G`szwaIEDe!vLGfv!CT#RG{K zq?H)A-$)0tO{5WR5}mUvz&dI>hz9w!5*$2(!AEXfkNX46{QH8exzIMP9D%D&_?RvO z;!vnv&4^CF#463srnaf57?-d+i#ggpARWrfgLP;NfFSPF$cUwU@&i~B_=o*#9wdWb z*;OF8YHD}QN%nfbHd@Aq*H%%QPka0~P-)mupZ=!N!R1X1t_zW*2DQ=jHHpGL(WWt} z1|i-d7J@_39nKlFD7!bl8>diHsctdzbF@0xmVzcf8in;!2iqFl z{ikq=piyb*6-9H1v)N%Ty{Fbz%)Tryy?{t0Buu`pgn)nUVxEitr~e>yom z==@2kGgZXhB{sd`>QjcjF^aGNl?FUTdt@HsLD-0xAC(JlH5=CKw^4S(ybNGe=sL@V zQra;I%ySU6Q$VMQZ@lCpIFU;a>Fp0-wg{iqD*T%d4&ZtK$S3@hnM~B~3Z~CD!ok@q zj0l~(7Kll_1#1_NE2KlJdIWg>%i5%mc|t*RD}@-%s=YTBU5#elr$Mi~C?w48y~%=4 zg*d_}w{ywI`JV#nex+x=i_I8Ic7V3IpAM^ji3xRia)MgQcK-)yzZyxjyIDjptd@eC znf@M2c-{&nwV>z}QjkUFd=qOioU=K-p)3o=qxK~V4gf^D8pza!G)gQGhN<^hlja#2 zq8NsnAaPDT4P{D^XX8rM`tP%j+9>+^=K5QXz(%;U9y0#UPB@S%eYW03pQcnkQ`JqV z&we*~M7UzV6oWVHfN~ujN@XL$d7kV*R!u1b@pJQRRHbxE~5h< z1KuM3apCGS?6c1$rKQ!|Zx&CBmy+lpb(Ny!Z#Tkj_{htr#rplb($yCTf34LDy!51w zN&-}$!ZOF;#1G??1BT$n7|)h9FkLFhaQjGSe5K}YcSt$Z$Zng_=>D+3o8K&^XeZ2qXD&v+>|VpN?{ZW+)ECH4)s? z!^Dv%C3eR1C#MR9qlh|tQ`E~llqf^-$a#l;up7a!@Wty3hRg`5(qeV<9$LLrX33Xw zz!CL*?6fqae+ysl;gko{lP`R_-_L3!w|rz{+etT^X~t4&W5-|m%~xE*3M_9C)&y+Ck2|0 z{kPgpd>TON+mD@{L{UWi7EPLJ*YDd-Vf>5iwwH1#iFGfA-oE{)L;`bZNB&d_$1YE^ zC?+LiQ1nSb>ORz_5Mf6FBZ;ke2wr!ewUbF6z7)+Y_d~+0qHNNZsm1KgDXtNE{=VXy zu@O~}twoRASsi5qiC|>6q|q*4DDM*i`Aw!Y@)86;EA@m7>bjmj4MW>#f)~obS1e*n zcZmNAnu6Bn26DI!gbJ$vZ@I9ml0GP>X_qFqiAZ=T1R3(+8Y7#l^Ka;O1jrWK>N)v4$$g$9 zjyG8^F2ruZ9B_@ve*tp@ZEEIN!gQ5`xN#wxmUM$zs^TNU3%bn(Mau#_nC2~CCB>g) z9tp-P0MZp|KF4TZi+m6HF1$(|9<5p`O+L>w!G?3DWzLc5ugZt=xmhOsZ$axn)x#cf z$|M44o^dQ3K3GE#X4eot-5quxEK)@%7B>=mW|h&{Gdfaovz7czouO~D&-50)!fO3g zm(wq*V@1J%UHxevvyPU`WTR$tqhI$1YOKvejdTPB1&bxs1n0Eu(4hI`K63~A>d1Sn zbkNx+8cjLBiz4{#MrZeS7k8$Tr{BCj>Ux})p;8+Wm8G}0P4wJgJs$_i4TAm`1xyCiX~fZm`GL1vO^hqF98z0M zcDMlY*sxeX&j-E_8V?~qeLU4r$A2Vx*2_Kgt~=ApBMT|riBSjzf;Z$^WUuFp6VMCK z%lK8YIRXHeLMuHnGuSs64Rm(E0F+zHi|Sp6JwN)`9lH_jHhKi-S8Pc}8#y&aPqc80 zhWej7U1;!g7?Gs?$ue50~S zfZCNoX@R(+hUoOVdQMsyKse4m<~s(wD9$SwCVl(c3I7ees;@PzBIto7T~Y82I|+f+ zg~d+adb7krp+uR5Zen5I@|oY|Ip2uf31{CO&`AQC+1xFpgVG);)yDs$o(By>ITmy6p5`EE zctV>%!oL&BDc8FV;5?qW=`tSLT<>=x5$y%dYel@6$XssESBg{IqW{xnsFe&r%wU6S z1JMAzShzhV>jRF3tVbV6$w+w>l%ipYxvul}gua{p(&PE-fk+FLBIxsug20Vi504mNE&bE3l1qx7M=qa?p0)$~E%^)l7NPNco>_aKrzc_2v ziQqy5Yse!(nP?16%w3MupwsR)ns_7Tx8}8uE2L!C6}*)mGLylnU)564;!UgvQu#UX z$z&b@uK;f8Njq0}oH*i4_pWlV@ub${T%K!5eW763UL?4;W)ZnFc}g^|QKCZ3-9Pts z>R#D0F#ppHq@RR^wFEWa)_^^w zzKV+^G7eLH)c~!re8R(en)1ksGT__&!HJI6k%1tkB1m@Q^-PzOaH2&!-LZ$vK<^R% z^gCqf7lsDo)pqGVRhy!gevfNpz$l!zyPV|4{|qg)%=Vz2Tl59lC*D&O-=Vy;%rYM0 zmG|U_1=jc1EuxeOQAW65R3D?V^6gvLha&tKM{-Ex)vCQv2tGWGbehghb2zQ0QR|}m zXD?QhT~xf}>PKi3MU&qOSI44%7}rh73^Ew?Vq(eOkIH&o^6LzoMc%Jsn3>)@1=*-@ zQ$y?E6xL9?i3B)1`hSPbF zvd+*@ux)lU&9=Wg*FTTBvfH~RiPJFVKX40&*foU#B@ysYWn1$ zU!aY}bLBRay$J>EzOibzex#)Jj$6>k$zN8ywP)w7m8pSD7LT9Y03TAA)9hqs{m48y zfo2XjnOM$|(7a|LUS7L@%7g*$QTGRqX3DZ`&&ouryExSot!}LQw^Fp zD33xj8+wZ^0X^1#eiz=@-XfuBL-Xj_VLTuj8=!w=jn1$bWp6w~j$7UM=`Y7wMV_vV z3j1FF*cYE)gO*h@w&PzGu`Yv#NHQW^XaFn@kdlqk&(#2fmJmxp5FwPHq=v^Jgl2#R1;cr?sT z1RFYP7GrC%?};8?oOcyojP`{&2!^cCNjnN?Sl}K?U!0gPtB;sSzy-7Km|Qj56RZ6? zcGNzG2AxG!4KJMf#K^K*{^ohB6G+y_9zwJGNc9qTP5R-t_~|eY*zE$2=gL&L;!i{F zR25=$S~sp6d)ZvSf^#Ni1d_aEIxw4eQQ$NjFWqJfWta+QT9tSANH@;*>4hdFnD7q> z?BnhF)|S5w+y{!aM|0+O&^;HF@MsTIVeyiDy~p}ZCkl$Qm3$+_U34?#WUK*2bBKcG zDk)i-H32NrI@TdA0_D>{99IOL=+krLP2-48s_O^@)y`_nSFb?sOp$5S8#|RT@v&~d zCnEe$?gjUHOV?!a4irGxA^Myw{xi93L~zAJBL)}Oa)ZDyQru!(TsDgOI)Yz*!1dy* zA!uIDMm0%?`g>=t9=Hw0z(4Ho@r;hF9h%DaoSiO`GQao8nVasO5R!V}JX%v5oF(pl zrMBYjBMFj*pQlZpl|W?}*|*u-yAI~LutFgAKk2i1HhkPatQs%qSipqV3-szp2 ziR^mHa-tpTHz9h1!vgUjFxZd(=mOpxKOyl7=<(V=ZSu%{q+ zy8%+elv)5TcuQ;CAydj575`A+zSf^v$7b`?9U)I~Yf@p~%yY9-9+D(}tI4ohrC3B( z4RkGP-v~P^p?tTo@kRnO1}&OL(y;7uW|>$mp($M4QKR$@9-Z`usss<1GZg$pzS7j& zC@%#L;74b^jP^$Y|Fa-Kp2@8`Ft=;TpR(*YZ+=+R`&Z}6tejEv+09_V$%OHU_gpe1)upu9f~5auv#**yDMU3Pg$x(g@#w66)Z-k)eqc{&}91t2B9W| z!sZ3bBuALoPsrCnE>;JvH7f8{Vei&(+wzhI!Pv|B%59#1cz`@?!%x4Iu49kFb5U5{ zuX^P1Z!SO(zCdC_e0Zp^dAhX_J?Nov{|(c@*G5a+`o%?4*SG%77e`xJkz#YpzPCUX zWkGcwT2TtEZISkA>RVAy41mT3h=FGEZS^2}RxG2tg_p zVXuyvw7~S6+xrz;zG#pIlG^CUoLj@qipBFt(#zncsseb`IP;%0jpN3{P3^E&#N(Rd z$GB?C6^=gpJpH0YiLbA|w8(DhS*S;ruw~ZKy1Sfr$8!@jS3uWm32M zbQ9h{Ca;FXOx>v*Ri3?BiBb=j3w>TriP0m8c!Lthw<5;Re_j&W0M8XPSnmidPv76f zlYLMy{MI5cUCkq@A_?3YINuMoFO@gK>~A;HTm=>#YJK>1uY<_Ukc+di%6%e9?b}c` zGcEZoth)u&80b1f%nG*7*}t3#OP^~ns5A4^i3k=BDSYjh;?3y0!O@g?jM90fH6b}Y zphZyn6Ha0InfQqg9}3;W057twl$gT|Im32t>DHO?N%<2Dwj&F{+nvTam&C);KHG_3 zdbjJ*j&~KLC|&)i=qE*b1ICR|wE*?o(~NSjDT53Tx|7sUs|3w)7I|MLn=#18nB>pj zJ<%A?y^j*XN$nYmLzZw&Ui}{{N0*x_g9V_14Fk=H;oE)ZHAiQiv4_C(Kuz&?ImZ*` zvNa(&B{_`kj+Ty`2p1)BDv;V_{)Q=1`kcpNgB6AS%) zsJiW;0Qtpgd``ZxGOqNL!>ohIC#qeYhjP-%Gx9=@19Gojt7d8`tZN66_HpQ8*ExEmIdidM-LtQt{eN{HZvtlsP_0=_CwTblg!7X6o zLd24kmcM*Nncix(UmmqX)?Nzdt2t)e*uGyA@9Ezx6()ETdW?L+()b$NSY+w^#Pr%` zMT|di&~BzIwB47dGREJQaQ?I<^1;x;DOPV@3+yuZ z_^$zUk@o~4TIa=>qjCcW=;*YAu>-}mKpkwu+nARlmF;RjQB~k6`N*>6 zF6^w=c<*ckG|(X!A(+@}Kc}QN&+1tJ=A>eack9mg8}s;Yd(^jFK7Bhd*5DCxPHS~M zhSs-qZim*pHJEHH+p0V=tG#h>!<3p~V88!a7bv4LoH!L@tuIO~pKX8neV71k+vVuG zH;40v^EP$T@Kjli*J`%zKA0dBTDbPcLeA?0?T3hW_=S6UKl=lcP!T;Le~Yn8JAInm zX8vChWUsfYWmg`&blAwYJkcHyfpQAoEYE$}>Tz(9y&K^;PEUq9=)wAeVlz-2i47Zh z980A>h~D=w4*SOxGq=)%F7ovb+$uD&&rT%|ho9^0v8vsOWhIgh%b7;%z|7u!TSuP9 zX`&UpF!lB;LDWt@c{0j6Qnt3GG*Yu0U&zzS=u2|k>YC0(RK9fnCAf0)g`KyAVByrn zP<^Opy;Z*5X|3d8D`@+w$IXYevLUX;o{#nHh=8oRPZ6HYc-HJagqrH96< zq5c(Ye|oJZGxtah$Z);mCFD8)hfd-Ymd>n&J7MdLbWGIBAx($&+=U9I-UK^W4LpORg^i zT4eWy3HG5UOzTM(qH6KYiB3fdz}o>^7kTv{%E23iKr32A=5Yibe7pH-zbRFOrWG50 z&f9*h$-Qh*zBgQg<3PJi#r6l>OtTY4iL?EL`YG4O(q{@kg5>$34&m0Y>&rh_yvJPp zFy!Ez?rY4{jL#_-T&ym2Q8Q{Pot`qYUyqJt$GkRsjH+W9dbqfLzm6(@FuCmXU9uK8 zOR*ZA&EyBz$b06Ife*0Y0S`QBxv4cB?;A0nDqjeN%70FgMto5$sCO?zUtLM>9 z-=G$}A>5uD6bj5l#J%jdwS2l|yT&&K5R=#OxW3@(+@ySnvZB}3Dvr_=g>N@)+NcxO zb_QO3mu-NG&TOkm#kN+I{!neDtBQgfgcJdwO=7FFEkV!5tya@aBkqVN*)(KUU?ggB zg`F=-8%)-1@;|<1SiqHn-xqjDutFyrrluZ1uy#v>M*Wft1Fww!P=Rt@A2yy=ta0NC zvcsoSq>q^Jw;lR<9O;?Yc5N>C2kblZP%ULgu?q3k(;LSheHvb!23}41`Q=9Dmo=eR z@|MFo%fjMJZ^T!~4C`y0Ol9{&!{KNU{ChWli9YOoSdoViazF_E_6k3ZnOYM>;DB_& z@b4Q8v_iQ%^WJ3986@ThJKssMbJQ?XRV7yu?f&3D;3K$vSUj@J@L_=dDTw2uPG{^4 z@MFv~8mAk$;(RREu(-cmmlGgY=SH2qs7Wj0hbz#+KV@1BS-%PQ#g&dxTfxm^HdTwi z`f3e-=BY)m`efu&?Rf!A#ZO2CK_4#h;W6lZ3{mX*PiL3Ca#>G3{}H>srWc7^q)pG3 z<$GOc$nc;v=xX52JYO#>piNeEc#X5@_#pdlqj4$p2;17>(@cNRqy>b1I913RgnN{# zD6#cJnez#Nxe6X?RZ-e+AtOp!j~w5Wmi}-CD^|?gnm=fp@WR{Pd}32E@q5c2OI zGRWzi4iG~!FBgcKX>b3GT)TehsulH4WC($#eDtK;94hew{=mD6StACY`a7H%AwFUB zMbEH|y_elh$!DHPy#{@iQaA+V;B{v$8!ZzMRvc z1{j+1R(VJ}N#IWBsLmnlDCSFfL|ww}eW{a#hn4j->nN9(DQX($6#BUNW|}l-7_l8G z4I$ot7W#=as>}n91A?>`Esi9!>F%6)sX!D)sOO;#8*j{@1WapK1u(C0lsym)^8;nr3@5cG4v<{!tmfybb!3OOHocTW21r0+$s*kTY6Vm7nm| zIz2|!mzF*^k{TD*V&|?R2sG%)gyDJF+FJ( z?U3;OSa$mw2HvD$f3RU;KAaplAa-?%3Fa_v+42({E*H+^I>SM=riK)&8L ziD*S<7DutP>$mTij3z1C+sDBvXAbyiW_24Y>&Jchs`mJYGmCKl6np)Ko#n;s_(*p5 z5`yaPT}H(mX3@r23fv^vDmpP~RZShKB55a{8a{!(pfG58r|uE9y%`EZsgRYo%%x8M z*3!3Grys-!?R$q95?gm9%zd(XbOYqp&5-NhJiDSn>Plb4ryUZ_yERlbZ2T_p)Xh@zJH#{owzB37|>}tKKADpp+p@inq-lS=E z4tsGGsf?n*2b#|3361kT7Q3@}*Fxj0&-(_tdbSZ=_J$P%Pr!l}OG7J0OQUfZI9LaEV|v-DW1=+LCX&r@NXcxaUO&=! zwcn_=j5W%<){?yW<`D(KJ(KQi2d`OK>l&3Vp}>Klsg60JoK(w?zb0;93x{26s~bGgIBR{;8E~o| z^_VscbzxrjEWoRV=b$Ydb1*-Jo6n+vgrNd8yK?XP$;hLCHF0IToIMZe$YT$tys=*9 zJUkd7XhujI;m77&SJ1pY3|HQfRA<)3ztmXGsLr0;8GJv(TfI}5G*Yvfln0BRZ==D% ziK&>k_qCm@n}-JB&ARyIgK#|soswE{07$D?QcLmFpv`k>B2V-NbBnE*VeRKWx|4KC z?$AyohC2Is?Bl$CzU$}fSFYR#O)pOz=%fE!3w3~LflG^-c$~zmHW)rESM(ki8OL35 z#Pfy;c?mId#Am@X>nvrch z^s2D&^H&T#%@yL1`Iicy_=sDmU^Vi%f?6h%K&7Y~)NRP6AM~0`;_%s42{mNQ7OpTi}}WLz;L18d=hi+QD2u;3ma@`g%FOLxQ9 zIpy?L?mnSgHO)_}eji1CU*PnnJd|li8yinA-}~!cwVTAL=^HAt(BI-HjDK<2R98j5 zhd=66yDNRUpKXPo&$V`xEf)4viQO7KURmqGPq_??yT#*oj%0*U0vU1d*wrGf!_k~X z;F6Iz|8SM@iFxnGwJUN-F#$TryRP87H57>awx$U=66bTjKHpZEIOBtGPkjd>g2^`5 zK;wC!SH|p?`2}o;a9+^9ZT8V1Ma|;9UqxwL--L+s0g?n~(v`JxF(Ive^mXWazU%F+ z_UXQMCYyVVzc^<-vYCzt*w}7v{G`}8D>0kH<}Tv=J)hsWaRky4X;F0}l5vHS;a=lK zb#XeTq7g6_e9gC)FcZc8Gr_2KQ``Hp!i+-W_$3|BpC`@-T4TJAfS40>C#EDVyW#mFsFh*bp^cDF zr%u?I{)#fNwl(^mJ(n4(ZPak$zUljeD#etQ2;)w=wfDyi!+YR;(x$CIjw1RQ*VWe0 zmYlxkme;iZX%|S`p$Bqc;`N7LQILGsmt}QB*o%*A7<;D}v(q<8T#9^*+u4o0qBC+& zC#LyiSsrX0sBOrpPJOJ-QcAn1sJf+gL~yuuN>E9nO%R9a^u1Rd!Tma-{htpt)d!DV z1Ckb>R~v&nuXzgzGz>KHL)TsVstHy1_vTuVJ3BKpVOmf5SQ?ywkjRKgg7DS58qvl5 z;nffFQ4>S(-lLY_&i$T$H!H}S?@BJWeZ-h7H~*y%eAj)_Z$~}Y zXBr^bTvW{xiHdgqYw&`JO?W2}4`G@5EJ$mrkxte*UkcOiL)=WDevohwJm1sJhZ!t% zcA+T7W5-SpuJvFQ>+=g_49k_lKyPUy~6Qpuz(G6b_7(rJMb*qFL3 zP>C@kXfq`;Oup$NkOMXs!gt@6a7)Rt>&nTUzH6w8S?4V_?58+UCeV(}fYiaIsSa|GXZtd@}yxh;&*|&6HQc-qC%T_HnEG)jg1wRO%+o%X07l7(HPD=vC#EGc4 zuBE2nvm$<}C_fo+Na?j^tdwzBEw)~62^Ia* zN6v*tj*+TP=n-5yq>3@`f5>fL_9I>2JqCGGfI&E*n;m=+M>$t+RGf+`Pu!lOBQOx{ zygu*K6gg{*7rq9N1IasZ28oQ&D7q-wddBZ$)_fe$gIn`nvDp0-EvFcEC;cmV zrrkVMh<*L~v$Mq^~-1%0Sye#Mq%OfX!Qor3m^S-FEL^26?<- zTm~GxHF{A|y=jiqh}wd4D#7(~o4sf@fz-{HEy1&sf3@gmc@E!2g=nD!fh0-(IIUI3 zc!OcaCdVd$LtxXFXx>Sy0V@~r0C_AueVk(;{qOJpgTEVyZV$sq9KZ*_2=B42(MPy^ zOC2AFXCPJG3v2j-0pcZCD?D7ljxD~mx2t({<@LB6SV#5QAIh&J zc#GB$o}|nMrvAE2Gt1O=K5g;5?f@_swK00};6kLBL#Z}+2cfSq%`~vctTE#Kh9V9F zD<3FizjTvOiQI&l^EYxX!%2ZN1If5@T?XXcP}ML zh_LhI#zxU|VX>tGlsf?*jFnwo9pNZkR7jrogrubCgHkui;C#%6Cc(t{H%h>k7JP~HNPeM#(&X#Y#y^wAp0_!Y; zpv@;)q+Vs~foOrQ>wMWv=G_A#hzC7%R?&1;vW^2|Qp;b7j`_HYz$8$7>cG3`i^qNC z(zueQCNK8~;=A4WS8;2qVxL4J-T+9h$~d8_kaHl?sHH?n_W6fz!v`@IPtom*QYmRo z?+I6C_c2A>m0Gks$ccDVBb3GeT`3sMK$~~aFfXKvabPxQRb~ta#WO(*$`Qt~_+`mj z@m))Cir|H|`UhJyEAy!)SLF{?_*oL;`(C?+K$pb5+R~pKa0v%LF|ce1B>96<53C{~ zVC?yzPax=Kx*q*dl~x2-TsunNbkIk)WIS2-6qrM;i2flJlrTfb^!lc=RlHpDPg*>K zBv_;EvBFGTZ4g(m!fwZ(NqF|rkj;q_U7@<*rRpnjw{o$TJ-?r!h28QYF{OZD2yso7 zx9u)*zh$L`?9NTUglxx`7+$2}?vni?OxO>d)6qCY0-#!XtE*<(1Z++FOXDUC_J;j6Fkb)x*}k z&Was_(hRg1xmQX=kOqFL)hngN`*LcIm5C11gnNt3bG)nvX(;q_sFa~5m474Z?!onY zzS4L5?xOS*^g}W=qrUcI&dm2*5m?Q<>t$V6BYZwBdw-L;JLze5819epb(({6<8_+P zuDSQk%Cg#okbL=MdJH~#AqyyKF%_ODoEsKlt}w5{NjP8ev8qs$P}o~4V5BEa)m`Y7 zLkw^{!ie=Pvz}TIV4AN|STEx9wL6@WVYy3q)cD7D!%vpdcZHj@Eq~SU&ZQ-xbYj;V z*cth`YM;))e$DAVu29y-#nIP4A$80XKWq8Z+)Mw88=~;kJ>)%G;>0uaTF{CKPWGzq zcb1|e{zdvPV}IckgCAw`e9xmf(s)+j7T`R6=*^T7WG{BH=omwQn@dz*!?Yr?F|o&A z%MMojqzZvDv_Y#8;nkMCM)SrF&ivY9+1W_nu7;plE0Jg5RlCuC%p{F%t^Kqta_h#$8iNt=`adm9 zJMbVDQVc}!c&M9?4Nf34e*8RgTX;liRwK*%;@jp!Go=KQ^G0}9MnyIS*6BrpZwOYt z+V8l(yjBDZ7VwI*T^U(H*?SkS7S?~E{6QBxphBZR$x}2c9aJ)QQ%$quk|n`xId?4m zNhQ^TK`!&fCxY~(hGz2XU0&_82S3Q1t?8RsaA1YTX=8)N}a`D`H zpVyWhBR_JU(1aAfQ*J(8ZR>(v%=2O>>YsTeD=X?E4~%tg?UjV4 z?5}GQC|N;i@Vb{y=Jt8EnG-KwP?VL{pP`=q?`s~73|xa=e2*{@1mR*-9ZAT^l9J~c zfxP95VF=TynmyF^{m;uU73DyHA0I*kA0q55SUOX&dar=K{O{uZXDoPIzHbd@WVVB!A* DJ!q!2 literal 0 HcmV?d00001 diff --git a/docs/tools/.sphinx/images/front-page-light.pdf b/docs/tools/.sphinx/images/front-page-light.pdf new file mode 100644 index 0000000000000000000000000000000000000000..bb68cdf8f5c2b6749fa5490253a1695c148ba197 GIT binary patch literal 9676 zcmb_?1yod9)ITL6NH+ow4I)gDBVE!pAdL<%z)*w3&|MM|l7b*Dp-8uMNr|9HsVFH3 zf;0-qH{kO<-+N#E*Z-TfX3d>*_Wj*`cb~HlkFJu65Lj58lxJc7c367=1UI4&R6#jmkr<$g69S7=LRzD3kU(t!6sV7Iu|t}H0AL)^&##4y45=Fy zgG4x!dQCq}^)xV;V2F6x;^~w70`!X6CrKC-v?B~)Bhq8CC1x7H>$<4r6j>~%L`{va zd@m;mKR;KsG}4NLzxWoVDwVDkD7v`VMrB;x&)a)radH27%ZF*Z4Y&O%-|SjpJZ_!K z!oYK>1b}qDkLP_PUK@p9AE`XXBlZfyFT?|xtdz9MuXo6C1H~DAn))sr-JQ9JuX@yq zTwc*B3O&(zRcg?Rhu3$rd&x-~rqTV4Q+t4}Ao>fGv#^&tnpq_(9jLC`jj@U|TX>Z1 z&oHGov}VI@);*UApXzr4??-z1-nqwR)qTDD9J9H0VI=ylF;p#Wh)9;ev@Q!`VR2h8aKdc`MA2jV>IUpQMx z58go|$M++?lppDT#=A8X?NGf+X*Lvq2dg6hc%D#ZEOFp*EBiaPZT5KE&v{2NlIT0f z#6qFa*ap_rgod29)j-%0x&Nj#*QQ6?{fPB}C?shT5%%_bV*xb*1sQ4Sl>WI9@)N1< z6N#_o+r}(?QHx(CrSz1F?FSl~CG?(oJCy}xbmqHxpOi$MfYx+OGaVE7ceC+C2S`-k z=MXG>k_pPA!l&`peYgAJa4D4X+*}4@A*@njKl|MAVVP^xLBeqCA?qg^CQZ8w-kn>ebHcVt{Z}N&Sc#fQ2d$L&hv$nBd8OF*+nK|Ds+Uzm5S(bhx^rvmAZ?6}{_v zUy9ksgvR(Ch<7h&sR-thkBHd=cdlSrVYC)O!q>%f-j3WK@f?|77H7J6=gw${F+vJF zn?^JQ(*!T!71F!0LxY&RhO8=$y-V@ODOMwpR_7)O)&kbRYm#dK57tA5>)j=DL$2!$ zB&?M8BLts|&JNEJ-==NwZl<#&Lx=8nRc}rm(D+HWk_8gV#%1%V(qc(G!fq)LAfUM+ zBMJ>lUaDTo+%#{Z#=G%2?>9sl%S&lDE3opka`oTaQ4=muO}tl=gbl-HVdHnAHF+JA z*!rn$@V)sO6Z{g6(vEI~a3Z*8c{)-j`So~4g~9xr3N*kHo)zxK8<6W&=34~|vfvOo^q4m|-K zgr4GxxqjM>f-BQks_4k*b@*qDLQ-~82vWuc*lv7=KQO$Zx2LOZI8*MY=WQBZI9HsQ zqhE-*fmBb)b0{A$6oN|^eUA~=@XX^I6qr%b1S<8uk7a zLNPHn32_HeJzGruqVGBX%i^x(@XEs5VVf@Vmh(Ei47_T*yS$W|NKK=(rF4(<9}b1+ zUdR*3GiPlvPw@}-GpHY!^bW{yRp{WlsqR%jp*j<+nO{v!)q+`_v9<}yRN2hXj2v2g zF;E3OA1yjPJ>`?Xi(2&*OBEx?pcQMIWSQoj7Ms!*o-i3Uv261j(taO@GIA8R(y5QH zleLkZ%UNp27Q1=P70>p0IJsuJzH(D{g)QxLPIaemyjzm`WHnzkv)C*+_j%TId3u9) zo?-6B%HE{Kd+FhpDgWNCPV0xyy>)7e>OZ->L;#V%RHOWfA<`%Gt42FsNzI|nf-Ttx z%ZFe6oBR+T=v#gLE|-m&_M1)3oW_-sR3h!heS(7oNQ7yAMZXXix3QR>$=8OL7huYPF?-v z{f!L^X?7H~36*4xik;T@gC~yk>F+UTwqbNd%7pJSG#wr=Sx&Zv}YtRK6|OjRj?6AD@E%-vqW=D6VENo z9nMqBJD-@Jq_b(`71f+Ymy%qX9BdFe7BZF~l2Oxwg8HEY6k*A&ye)7!`eV)A3+~}& z;rYya%!bTps3KIyR?Tj+>U-60wWp2FLc=G&7K+-q+Olg#LY{8x%RWWBwU=_p!IzrE z9h`A|_Kw@&qMoUS{6 za@qKRXth3x(+OYebX4Y5UR1suZPGK*3ORl}_ayvb<+VeNs~QyRoojPnSf;;J9NL#) zQQ9k$>>s4RAa|-dt0sK&_bi2O-mt8Wuh3~g7jzcoxwS3*usD=8=rx)t!IU{Xz43TP zPuerc|JK)>`HobU#Rqv0_9Gf1*2jIu>LySVDVKX$hb4|`WNKRX9eXEY$w|qT$uGx$ zjf-I=mzsWU|7LQsV9emvMRBr>qBv#tXWwF1#UBdY5vqM!GoCm9vEl1MH9EhI4L0ka zcgQ_&Gw5mh!LVL$n)Ge%-r8Pz+(BHz@YmsBxS+PX=afgSKYHgl;k852li|KB0Z9#s zj6jcB^Wny+?UGMLz-|ks)ws_AuD9Rxyp_h6KEB@!v}jxl_-0iO-)I!{Fw(wR+vxL| zW#06;`{3#qe+GYNS>vOTarD%OfUeIfpR`spEC>hB4^zM{S~e{DtZq4%zn$19ZH9vA zAXrZcjMswj;rc>LfiG~w?p=0Z#R|uF#4K0I^~LxU_KD--ee2c8#lCdCiP2U*c^&qc z%HFJ#T zCZfI3zWZfJLmHPQ_L{#oEED4=nZr{%9c z@Hz(V?ux5`;Xnfn!o|%MfkC=hdjl2WKqaIH${MMET>+>Dz+&8yGPuuQ<*tRPM%E=2w-uIP4mUV-2G1@XOmPBX7 z_{4h#Oh43(i<pHZ(J?7(caV!r%kYq#uHT?Ip?V2S^W!g)l5>1|^0!yI`l zzD)l&gB``|j<*iqm)S;q-`pZlIUJ#Ad>UdZ74f#=#@Ce;$BwqpFeT$?AgMqbt10?k zoI%U?1$}#~1YzBvXBJ3xVuaj}g53f{`Ma(EZ`|7z&c%?YPsaiGRV@OwRaBSnv7M1x|E;cR)Gr6`A zTdlbN4SP`Qns~-jC-o&ed zm@uJ31r=kPX~RmY>%bpbvFaTP#gBxP?>P}4&fPDgZ0>*IOJtr><{FttzI<3Q-)tJu zV$XRQeXeY~{&M+A>ksc;&Z0Xn17`R0j+vkF#@!YENJbD;enjerNEDrsrXWcmo8bV- ze{^!&ZZLcxmjh}h>+wuuf1bX&QxB|B-0uGSy|8C zUJ7eWJ!gg_I!w)H@?%+_?uZ>728Aq-GfSu)d$~6?y+=Dzs(a_vV|Jq-RfcYch(V^o&l&ZE!TUd`p$c~umt>=urFuILh7Ajw0+>5g#T0GXYSh<)@` zHOxOEjqQ0smia4dEkfxsQkA}h;rb-feD_AAuB^>$fNI2ism_yBNkK5O9Xq0#|xd$%E|E@~Ujf;~$ib}q{1{x3V zEIocLaF>;wFKC|Q6?qf;PK~xBV0zhJGk=7I+d=;%`Mb$2Z;})W{f8{N>FT78TIoB@ z$~#k3TuY@b^!}4d)XL)T1i6EJRju#%;M?uJQ8a$}{laBVGwiuY{_oslQF7x z3Y6vomv|0H67lq}-+YcAVJ>=9t|5J6F)$bIaQK=g{c64brP3z*j2z><9Nyx@^Nw5c zPOy8oFOf|y%@BqMrAN!-*%GEYX}R1q7G&||*6$M_w4k#P=PwN(O!010?$Fh}H!7D| z%W;9F%NHP0JW$MK{Uih$l6zcfO>0Z%vn4l*48hh)5%%9#t^&KWs!F zoCR;P>B@MLe0*or59;+&nb;1%Ckj$Ns^{F^USiAA|956OjO8MmXX zil++{v@@>w7+;FW+3z6rmf^7}jqTzKuibgzvm73ob?Dca7x2N4(d?zWhsE0Nbb@_{ z_fe`x8@vT!)fo;RciLVn@7=94w+wx>0j zsmC=iT4k9?j`J=#G>l^kcXHv6`}Fx#0dQ-)$qW{0etPyc%~*~r_FYDXJjwK?nD&Og z2vxsjQhrcNvg96b9C4zJ@7A~x^<3@c)TPh(4UK!yR3N)~9@7JDBBudVS3{W32nUl$ zY-z(?*>j3?iZaBpLlQSY^K*@Ht8n>2c@ zB-Y@N@kAqJzp?7bvl$-ic|7Or#7eDQsk@zb9;UPE^iM`oIPRN;Yk!^6%-=0xx^xE- z5*J;m$Jvq^GM-OAZu)1LR!W{cg;RL!_Ia2H)+rk$p{KsB!LN$V27RNu z8@ukk1HU?+Ringk_gwb(VtV407tbv2M&J@_Re}q z%K2aw&f#x{hH~Vr;NVf&KI*M^lq0Xx8=g;S`XA5EsO;EOUMuvkd*fQbl~H~DnKENf zk0IBgHN#3tR`@_pCYE_C8JaAM0tX2aKiWu{{ca z!?+Bt@B0w!+@lt1vz!iU-2uWLnxrl?8>z&M^wy0}u2lEj$RB(()^$U*{q8fh5qgtu zh2egg0HP(m1Gt1zJe0gY>{V@XF8|#tj)xoxRAH~*QR;5rpCMCq<1wjR+LWL=x4}%$ zhH+&Pf)yd?FNqFFY?+2Q-o^|At4eF_ z`ARZH>=R{e#y;`LC$i0p)7L#|jV)LqExDXe3D_t!!|J0-H;<3tK`6=u!)2`xO3}*s_cS;c5&}AlZ1}0ei+na*o^2l<0F>O z7^APK5;qq-EqmcLg7H@Shv7?v$=etYoxxsGU5B_q zkyr%>B4W+?o%kqbYE^S=Hc4q=uAZExBva}X1FOH>)e%gFT%~U8oe;P1){hB~W+YOn zWwQi>ufj!!l&UD)b4nFAw#AmR@v6Ix-|{>_5?!NL9i_OWsm@3#H5i#hoYh^cWVv!X z*q(XRQfNBZiDPV>5EZ=c@a?7JgEy4L=kyh~V;vA=NjdnA!8^}xb59hvL^-l;eKZw+ z+Nk^iLqdLw%;xSCSAvifz>>X>foL==YlK0Sk>z%UQ2$fr8={0oH0Bw2scS!iUHW&b zrOT)4hY4Mo5iXnRVS`tj4#FA={9_Y38x}a$Df`Y@e{qxr+-In;xv)qey0IW?4JF>| zXtZfv>rXR{>faAV&H^lshk~12M+DHa8`4MI?ZPE#Q;Rtk6-gJe$QsBNB4@poc>uN* zm)pr~+mcczIif07FZ8YQQZBi(vyPC}s2jCgeq4WdO)550xipx>isvZGZIi zOI0z;fT4iUn~3$4n#z3s)US+8;^aHQfx+fRI!7A9OM>_n*q4MsY-njbrWEgwz;OIn zI=r+o%ih?a;If2JQ_Y83`&Xhc%)U=-DM@&rlpQzQ(biI4v~|)OCk*Yd#&S?eF!3|C zGRUQE4lEIpKrPdYo5(ICt*)o&PUccDcr4>}EfnLD_#HM`Y1gy@;|me}YKqTaofNr4 zwzr0fUoK}kSeem2UTC_fFgMN?{k+3;SF}kVB>E!>B3o zR3w$7vZn+%lg(kJDncW)Fz{ldW9U1l3l@!Eyep(GMHJY{@zPBj_NCcgijF5^jSP8_ zp4EED3#;Yfkt1w!qI;DRIk>ngdUczkiYi zuEhp=xlgkjW|uRriIG}}v0v4?ycP@V2+Dcqrc0T~NX$gK4%Aw_`pwj`0rqh0x%Wuk zvmu=%m|xP6)&@{954|;@<;rAQw(_`|zX~Drn%;J%Q!M?WzdABYwaPd(CP!=k+9>G3 z(t@@k&qhH73k7noS>?loj10xr?8BWYn5;~Qf6^gquZXkG?6aFdhJ=p782VRX>l_QX5}C@qm%eqo#X0sOypNa5vW9YHV%L_*0u3< zrk9cE&4OA<6BO&lQtN+QiP1lzi!yLua~e63~l~K?7i_I zn?1cX%I|8U`)Zv8jbDq`;l`-n^X_8WjwbXTz4AAZLC;E(^*urNH_J1M(V-VI~^{wAP1WSh7Gz zzMb7bLjBt2f3K8Jm%yj1W2l(8_^*|+*dJqmb#Fw^7PSBF-u%97jn(gP=mK4A`6P&C z*G#$EU$-7wHNVVvv5t+Qx9%jOAE|9x6ilO=XScGl(i1Ts_3_vf#;WsfCd~2{x$Fkq zO7jM*reKp%ni2OUn9)IIX8t6Uh~+v%-}9Zlir`OCjX7x{k{rInHwb>iw|Kg&f zgk!5sD{?*cG1ojxD4V|-7dQFmEWv!yn~z`)qEzHUnb$^1UM3~S@VIC>oYyyf!lS9o zL0`(A{Om^D)9u)j{IVC&kMpi>2$sW7mc5r@)y4tY;XNM z8-El20pqFhCgF*6YiOpXxuCAE56!Tx=eIWYayP-S2Gpm=43|@iXCv%Fipp1bvSb4* zCfon5om07=X$SJxHpXw-!D0}uu1FgIzb(Sa4JkkhRK#`6uxJc`ACAPJYytANwkQ`A z)*GONbVJ#>ATa>2Fc>5(hNCn1XtdJ|h4k_e>va`qj!a$*2lyE&d0KXCp z0)pW7D?v~&NK`^ZQV_sRCXK|uY!57cW_)K`GFnJ1!Ulmw{JAG%tfl#v4NA#+xgx9` zkywBg(hlV!&AIWcjT3;fk>)fK)dFd`DkAMssy-Mb+(+BM+Q-pa(uPx3h7^GNNO{4$ zoL!x9=m0NgCl@!Emoz5=w`+ui;jT}Ift)`HaikapEy=US%g*_G0 z*`yNM+T9uHg8dU1BC05+2$B#|fQl&!fpLZ+Bq1g*FQlTR0#XqXg@BbMA-{lsyZ29E zDd6dQ|0ak3X9@lH^7&2TKi>g%<|W8eLiJ%Qya4EdAj}XS9C;{eNo0 z^*2}eo2B9=aFz=FhneC=VZQ=|%zqLeeuf7DDd67-{|}kP`S>4>`%iAY{&RM{V1EQ$ znX`C%#@SzE|5u#ZSpUhFt2@T&ES%U_1CdV1Q?GNwu?GH!ByFr=*wb+Sm*bqd>#1AG zJ7NDm`bXGtLY)Q}m=o^cg*2y^kPXrn;qHXxl=){q_-PVOsK0~!9Q_Bj6!71C{FfH> za{?Dee*)vI`&R&#A^j_i!e_?}Ux5y_Z`PCACTHFi`5v>ZcLx%lZM#)HMaWiCQ*--YDamlQ^N?;oE{6;t~M$62qn zRNa>}eUzx2DbIO3*I?W1UBXAY?r(0MSkYoLl@B+J{5k%u&ofD%>JuXIXQ=}@RoLkm zPM!a*J%4K0SRZK%G%^F@4j4f!fN+!#5&(e!_0ec70Q|GPqvm3Z27phiCVilql9`l< z0$2$I7Keb8mBF~or2+zriONI3P!%y{5vYnhSmuAGu)uY2P7g2XA~4QwIOY`5PVUYw zZU9lBE(U3XvOX=rzz`XkUx%N-V9~P-3IP0W9y~)}iV$5orP0Il1Yw=gy_1zxH0s8L z*DC7AcPHOAP+c>nxps*LymbH+sh3EP!GlIA^4l!NmZz2H1SRxqv)wfY3d1!XH}Lhv zc?QgFdt|@V^Vlz|`aUbO$GwU82;7n)9UROMwUll#sK6&$xK#9SspCon4Au*Sv?Y~< Og21FaJjyyMr2heHrkTzF literal 0 HcmV?d00001 diff --git a/docs/tools/.sphinx/images/front-page.png b/docs/tools/.sphinx/images/front-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c80e8430393b328d2eaf7640dbd7dc3bf3e6d3d3 GIT binary patch literal 75868 zcmeFZcTiMW*Eh?3xSM$F2IR=9E@7ea_iu@3mL>t>0RwgC3~J5nZ6TKtMo1 zq#!T-kbvOVBKTPH%g^wQ3e`C?0)n%(RvJ1;9c3jEQwO`-kIfuR%x}BfIl_4Y0x?N< z$H%5N=14jdb4x3Gar))zdU`r5GjV!teq}CYM=5iJmAt33xw@x{hN-8GsjwNnq{Ia= zcM%xC&K&ue&fU(|-bKV+oc?575%`Sznv5FGpHg{BJJDo%wH$A2y0zdYh!r~liHAin?k7Wc=F|I@|F%K!J5 z+u8k>Ww;<^+&~bgLj5mu`uhPc8Xk`3oDa=i99*4E&1Kxo?U4*8lEBGD! z{}}JzXOztCEpey*HP*=~+zf49aa*iuZv|`OIeE;26reci^yBK zARU}NPQJn`yt=s){xAHWwpJ&aPDgjL-y)AqabgmucXW0zb2T+LJ9#(^hd=A$V1YzE zb~e9j30o~rf7imo3Iysw2S#LNX>aaK$9$bpuy$OXd$8G-qc6pqqljFph-`}$n z3@h_ibZV!&g89WZX5(jv-pZ>6do%wG&LO{Us z%Jo&X;+ea@2iD)T{)_NZ$-8&ITyCU)mGyf`(R0L=UV2$B>j(p*do<04f1K6-DDakU zXy?`jXSdcnva>Rm{t_ughX%NG{&I=?eS2qlJ@&eripU^V%D)BrGzcCxE8W8ySytz!G_cH28Ot?kUOp6s=B>Vb`#|WA% z&C|f--bO_TpUnGXzx^C$*?`=>;e+lS+iQhBkH!M-w{S^>{g&$dTN!gjd;gkCAlDv~ zXLd#<@rR;cr?vSxsxFf2cOPcSmV7QZBQ0mTyyARe@$pQ})95JcF5fL-k0;#$-hKQF zi&FIos65}F>Xi}1$$`dV5IcT#l-G43Ah^wd`~Q=Bx}+Nc0Ud#Y^j!`2gas_hyKfRJ zdBj^RCI95nSE=9cI%!-fan;E8D!G^F>X83_NZ-@XaNEvFe|VG{-Pf;K+K+kY#EB@S zfAL)C&bhNsf4}#c{?``a>1{dodUxVK7d|vkuNVICkw~8R^m|RRwK~H#;Ob8rB>l@t z93!B6OOM6kKN8$wejS7he{kGoB0Y!y^oJ4?E=a<0Hdg5h{?ji!u`Kvcznk%>;Xl!R zHbdh--Fev}{nN?ECv*}23<#3=M}{Zr@Q>P@h~Xbg`G4sgic6O4>2`cKQfWE#%krwL zXQU`*97(B+`+DD%TQ#OIkMS^T&J6nu#81`^2;tl`-NrIMbg$jCf{%3|Do z^Y1C|#bUA2nHK`@YsVDi5us4DCpX<8Ft<1_iWsE-DoTFx1;IbcdLoDaLzMNbx)7C$ zqGDTTXP9g%7JKnz?pW6RYD$79VH!F*LXSWFnTQ(o=*?2|+1r@y%N@|vHr#BYbU>nv zPp(B$#$8FXiZQoC8%?lSH9?`dtW+k|q>&Pn#FM!9K`=q-3LV{r z3m1IXfUVNdOAO}ja5~Y5Kte3(1;%?p-BtC6zK4XzqmIf` zJ5tW7HS~5LoU+t)>x6N`qAUL8m%BoFwlb?%W^`ncMubd5~h?hyVF`9N=Pph><> zp0Z5pV<}1D{(kRV{gE-+&5)dbjAz`@{m185%t`Lwotmj*l9K9nDdRr3w^MP0$SyGu zi*Izlc=4i{*6$#QIcaC%eV0hKW|=pyWvAG3%{m%`=rK`N?$CFr?K9*!+4B!%_n2Cv znW=()Y|lEib`@{!`m)rtFgWDWR*GK<7xYbZ=^Yf7OQ@XvsX=&5Qu0cWmbjy7py05@ z;NYO-Zi}jl_-5}GN#A?RuJ@fH^Lg((tEQ8@?CTG=wn#qr&tOqwK5H$^;o@6giK3+G zS7%bg3v`Oml+`CvdBX8jDUw4G8UN8^T18>Zx7<<7o;QZkI%l4|ZeYi?$$qTk@Z)Yg zweY?dbAQc_ylo>o%&NqvDV)}?jidaxYg}(l1F^kJ+1^qk-s>If(_NB_B|Ya!XbyI# zlgGT4Yr77k>|x#Z7&_p!)XZ!JW%r-NowMSHDlT#c+aOPfJTHE-uc=xy8%- z{_R^jN!;Q0?ZeYy`)a#n37=2nj$cB%#J3G%#Lntx<>chZ(Rlm-)doE;(#fkHK9T+t z4u6oqy_@y#1~_`qK6|ArdqdY%eKs}q^oGhz_1(2gRF7u_o|(2uI!Fal(_aoUaOvR3 z?Y*pIes;D8h}Lhn%~(rA!`3ZpydluocXyJI%JDrvyB}{ImD~`**}#c?XMDB z`s{zMS-1bqa{Fs9BbXP_#p(Xqed`7^i3uBdvlb@_zwR0G7EW8N_bdnT1JR*0g$SGi z_j0%#uZH`LI5rU33>4TcJ_(Zk9?V&{(?EN)^3^n)+IMH1)@MVF&=n8#e`n!Qt5P3& zp19`gy`SOSDlO%MrR>reJzkfVnaz-WPR?o7=p7`DF32cVc6;tL(S(J86&iKe-8TEQ zC3k;BEK=1J7q5X=w3((maUTSC8A;QJ)0VkXzU6ocTz%eOw-%GrycANXJ9t1x#75T4 z)-Ub3W#1AKVVWB{z`%@@doN^S$|5&%rW>|MFk1+{&~qn zecztgpdr_M3XZz6wC{qF9rX*^9nA@vB%>RebQBjRY1Sw9RHyU&j*au#yVE;}a7TspomnM%?48qmb)!f|N$!T?MvW@h3m)|uhFE7s!g>_x|_OaG;v$drq z8*Gk^ZU11sOY&f)LB(@UcHFTdD=W*gD~Xaul9@TPs;Vj{$9i$7G?<*zsNUCSx?@xT z+$Ibly6{d4Y;$dWo#BX)lg^@mn9Cd!me zxnAqBYY))P3ddJDC=&Lpz;(3}X5=LwI!}~aH8lN5a+hhCUT>AydyKAgVaR&LAV=eO zu&U4qwvC2EeHxp!u&`iPj&<9Z!Hn&8qUzQYm#z4<~;gNk={ zya5g4pFVy1_>7Q*R>B)@Xb2>6X#ar5%w*VS=j9zhq%!haEFArW^$QJQ%y|`j4XKmMQE1<=n(9N zvSGdN;U0L`gZ%Q*y=lo~VTVz$pyK|{iniO;3-!lG%4|Iu%KH#~hPu7S>U`=q^Bt(2 zKi?QT+A8g#l_YN2nV^}g#m{Tu>wEP16+?3vb@g)Hei)_T zZBfzc*x>p3`Qyz(zuJSfHeQQ%oyua$u%FK3HiJ(7li|CY^OQ^Ahm4BN6ma<3o^te^ zrBQXXn8o7ZA&sR$wZ$4{^)=@(uZj={!*X-E`J$^13)Qdw4Jp#}kX>^$5#7sUb&z-%3nD(*(@MxOMgYg^zNQzsokK>c1FB?oRE`A&wWtMqy6PEj*H)x zYPUz>Uv(*p@p6z=PsZW4-!aO^$ER(XLfmr$BL_|jBexA0rj*zI9Rh>C$XVlvLCY*2 zcWJ;v!C!cP_=&LOAlfq7XDiO80Jh3@(ZJu|KakdUXS@FRkQz1Ol-gpWsG*@@;M%8& z^S`fgKGodz-7M?^KkBI9kfgqcbRGzXg^Wz?sEae)O(*Uaw1XW zKUpTSU<S)OrH#YwF$XCo3gWMus^N`4DtO-*w_~AhiHsF`RCM`yH6( z+QZ<4U?Rg>*w;B={UEaCG53kk_Vd7)Q(#x$FJrQM2q)6WDx8(~?SosVFG4{09A-3$s??nFhtQy=te?9y_9E(f^ zcpOMf9j9?HP+#@^_ny!=K?kGwWoiJ|xX_B|eoMTN$yogUy{hElM)L8&G}J=uDr(=o zTj>;C7CSyz*Qb0gFo&(){?QV#Trm+=h8^|A8PPJ>7+C!6H*8eI$u6D3eg_k@fkc%3 zWp|LfYm*%{rVud!D_glZL@+7u^&}rf#>WqrT{>CZiN7zn95j{W=&^*E_D3Hd>yxt? z6>sfDnB>NwJ|19x8qOdZl*oP~y4pZkq$dW zDAVPjCTiUncHLsf@lT~T1As)}_>D%)9TFGtFRktEO5$rS0Hkp^rEVX)TwpxbB&9=o zTr@rmm)a+nX~>|LU{&_Q?ANVo}?Y zh^FK_R#vm$8-wM-sA7|o$J`aIsoVio5mWHZM5?P;tv?fd(LAA?>~pxc$;imKySod9 zh)6)DHs^(1ZX)&0&CLaI^MK7>=e1xrs;MX` zDapuS+AMYy8mad?KHM5!MhD-%ub1*QQ#Cn=lo@AF`H7yO6*xct$GMAI`FfhVy1M(c zq53JZ^sm63kBp4il?_?|+!F;bw7)SM!S^W~*bBi?_leB`V~6n&ajz|$smX=YB<^AI zbl)#k%@@c7lSM^E@gJQ9psS*y0uJqKk!hFca!rwGGZVHLtp8{&roLw7(?$LLZz&J5 zGBTzhL0TWFbkWY!DRNsJii?YbKs_`xw70j{6mx@@mse0wkdxD48;g=0|C7`W(!E|w zVaQtSs~5`z+DGqMCc5@RQu9X7xYWAu42c+**VaN~FnLT&jDye!9~H6SQLD3yOF7_g zP?m*v4aCC>6f?T-EjSD+93h8xsNL+3G4`#r=!gq#YJVkfHf&ce{{1;ar_e+Q#M%s6 z2!d9HHEXS~z@fdjC${1(4K`c9Eh>v*>z?uuffOh z(dNN^KO+{IdBIj7kKJ~k>&>p;>njxSN}B}OHoPH*fgnunIg`@Y*B5W+)vzFWyxSGw zHXqtN(M;pDKuGJ|eXt1L_>1d+;XsM=$8+Q$EVhoZQt-#404)_Rn%P)eA00vHn$xbo z#bJjr{>{wNvUy^)s;VR50u^!jcRys=nD0I~@M`0FU*%xf60N!FS3myOa75O5LWp!X z{zo{P7E=?^7UHP=7DpIQA}y8jpuar)K5d<;rJ(xu)P{85fFNC{G_TuWChyc-Po`?m z11^Z!}MTrr3v&24GVE4D|iZt{Oon54I4n>7{eyEPfa#>OfT(iiBL+vn;> z8yXt=^e785mI4IvLVfJ@13y325kF9JnK-Zz_C9(fzN%$$VeowyD7bs@wxv;>_b#kD zx+F_bT>LOv-(KNGm1qN4Y(&Wj@0AOSb^A+++yhbCMzK}&Ti`@I7fT03Oso1mj}NzL z!T!^}Ly9!a(Q#rK?=~TutSsKLosIh>e|Kzy+Y4#Un*!<3fy_gWs*bmvZ*st0D8wS{ z?CjcjD><5hbBHQ2afY~H$mQVUb4VmO(%rpMx){l<^yXzu%)mh?F3gC_Za~&!Q0Z)* zOQBO_(#Stx5P|$Q3HIy=ZobSqq0D14O8d3%0yua|uD9p>jJhd?ZQpkQ7cx-tTK;B+ zO5)yH8z*W(dT|v%A=4oXvCy|C2)-dhJP-AbA2;nUWz@qjf(cQcU;E#!)TZ4}dldg5 zZQ}UG#^SJGcCkISDxaIwu-a`A$CH%sJo@mYKp|}uoGT!<_g0Kl#NkxJ#j*MjwgHk2 zrF}O(-W%9mpDs^%3dm(2P_xP{8rNPmyK6b6_Z1a!ekUUe;!QhuGjf5Qlu1cmq+$by z-+^TtD0*L_4vEN6sZG2VIH{hEG@}#wer1nkNn}Zg0-R;txS3dkvS+#SLOUk2og!>w zp=X>l-2z=&TB?s7tqe8tUTsXfKWCqtXtp#`sSwr6|5iDaT2#QwVVJZ2V9oD%+i!T} z187Nnq}eiTA%|FhNn(=cTsAn~j40ZJZ-fejer0le6tx>)6eC{X^vK%AM%4NRu^J?7 z$k{I$Q4q%G@ij8URouMPv`MXX>UZY_42;zWJvzMk8>>QJ)8|3) zyX%iO3)5P`s;VsJ&RrzCsp&T2)ND~O2CPs-8G907Q&8e~N}U>ar!TU_5ORUH@{T98 zt%Shv`t|FKC;$gWwVtlMJE@>dV(yMTt#SM|Kz{^fvUaLsO7Z#5C8+azVJgVj4Jt5 z+SVWB3sj0i6l690E{8V)sa|V%%%;Z-4K_fSd8r``p17JWLh#fYRwTsVNaE z{i*^$R3VDkV0@tQ`>OjF-<)jGGpN_;iZM*ei7_$d*};TF6p>f@wY0Un5`^C;inBwq zS94&ae|sCO`t94EZ4Z?WY2aPqp>m;;7VU4+S|N4#s`d<(_vOo%j4^Qc5ZjlmPjaOv z`LC2BJ2lroHLMnE#@FBOf8a6T*W4x|5wCQ4QBur&PRG{nqKIvJuM(fAsHm0x0LOhH zs?OF{NFo$fRaFo9$buOSNB9jJO^VXQc!26sCwBnsqY#BNij0hmL~$TJ8S~ZKTU+Pi zly1)siVBc&u(K=WumpL$~o zWZ)R!9#9k_-CnRFh|+5i9uL-&kG+p}r-y0T%H#m4si|QC8~`s=X0yqKTzjQ4`|@RB zU7ZALJYdfSz}K%C6YKh1zUcQB#UkcDO#-Yy^?u{H6eR5io*ZCQ*md3vzvH7?$X-|E z&VU*yMg!+5QouMfyvcs-ELpOd&-o{l;w(L zzZ^4)sDSovyOD`a`(^+$>U3%a15O1R0cE5e9~Bvxo^H2Rua~_)$do8GXptR@ zAWvYX82T!LA@=rvO_KuVpOWHod>f*bn-E|@CY6K=%wen`BOC6>U9UP}8NbEfVY*Kq zl&@E{mBB0ZN`9}K8>s$9wgEoxqq{Z5c{X3VWn(8uE?D~c80yihZ7;PYa%)>zS+SGZ zP<(S;_CQMo{IncWn> zCzqd%jRb`40LV%I(?hG1U9Woz!8_l*#usz2C$nDdJLM>AvGl7p(^b+<*Hz6n2%x~n z<2-FF!q?aL@#FDg^F$uQbvHnt#s}ZYJIrU@-Z^h?ZE1KiMcn3M*@62`NV-(0(=$kFzEGoDviu>G-CX zujGF`X9#;E;%aTFG!O#YrJ5+h?`miYl*c}#ob9|_>^korfi`9;Px=r7}RfE<2nGctgZDxmka+_Htb3JFK!i4qts75~vy^=@s zc(7UnX;`&wf&35>zXCXv(Hy6+*P+e>d{Mtg1k-MRc^$v+!A{!uNLFMTrV8}?JaeZ1Vq&P#G7!+MrS3;vFi^%D*)ZK@zb%9|8(1GO9S*5dnbY14^l`nH@>t*(puFfae1zjxp^ zB@lj_y=EC}G;k;kRTX-VV_l|e;o2jI$0ks(@Kj$6$rNGo$Nm{(~7b!V|WAgP}CdZ4u6r%IoWoD}~m#w>= z*=hkig*-Ll1&(^kREfLk+B4v_RGG;}IdebR@5tk!`Iyf(QDDO&l>nryR<%~j%F1&R zwfc#@N=RT|sU_NQiG(j@aHH>LuCeP5`-%Q`i^Z}Sa;O=q`L+qCMC$MjRcC!03S>Cv zqtCA=#PEI~|M>IJ_M7e|bfLU&vXOeyXNhkWg&75fxjw61P~(hzu085vXU#V}o}nBc ztuYATBTVvWr!xul3?4gJY;GvvMGlo2wJ%$h=gytW)+a3Qhx+B~PR4v7TC%bb)9hKwvvhMA2Ka2CRZ0AF}n=I{XxW14r@bkkBD7`Pjl*+~+Tq+M{hwjNSQk z-x4*b4<*GM3)mrCf`>opR(echuTih`{hBeKam;F@Tjo1TId572b*OCk5#ZSDKm#1Y zgo>^qmlq2oDO9Tz7MZyyC@65uU)p!TSYJ9HheNp+uzATEuw7>#CC(%WyS%;yX_NMT zOrHQh;BJV{8Bsu7ygSoOc%qnO0N<%8=Gq*@1+}VpHX{(nk8Ax_@9oWC^?8)`I=w8z zL?5jW$e=we4aauO(HS{=!Vh~VRi>qQ&G+Lg4}H=?camnkBN-Dc{Ln%6|(fKix#SJRasdqmw#QW--E=z zZ@_OceF(N)1-L>168F8?OlFSDhbs*vpp94ol8VVJ;Q9ggBxuyk<>UgjCSv^pvJCp{ zhZ-8aYR}5=zca>rQh~N(Wu@}$V|Ta4L~`c-feha(DqWuw9Oajd>*GXc(Is}x0lYkd z&dOT$dtsz{5{6Bk`@ohB3^cixK`=``_`y6sP^g-ND+-b_m7tHybW5!@dmJDnJo)L2 zh}ReU5+GS{H6~oLbi80GNeS4UQkD`3PpiztXbo@h_?Hd$FSsTFN6yE3k4D%TR~j8u zo6y$KxJg}8)uSTndRI)>&@fSB7RnZuswb7c57A0Y_fa{(NAE6@|M{KLxb(V;Vwd>% zi&4SD{FORkag{wQp-j0R)l{E7|9kmD`&@co{np7{!+-<=4$(!SF(Dyg>~IMM%p~}E z^_Z-sI_xku!XFTf{d<#qf2_p_}M~b{l1{SHb65}|nG?Q=|@g(3H6gg|5`654YLM{~p zm9)%$at^&n4Pgk2ygWQZ!q{kbn(#45OBEU!!i2sL)E~K4n2T}*-b(>Uc|1D0-EIuWPj0yf~gP4Oda5_Qxsm(0x~lkQ;<7h0lygcOWK%JiRJmmEsJQeLbT=k0AK)wR z(WZF?pdzdTG^xM}%H0a`KSSL>(xyM}#9^%Ax=?1iQ#!^di30(}uLc_*m_UVH>B2e7 zjyQhk${=1Ut@ha(w9IBRzIfq6LH*GlsftjFcA*gm6|=aw&%)OtfYAz@+D0CX+0HX5 zfw;`s&V5+l9{6k`A|hqBKq_bX;Vo5sap{^F+V+x3qj99+VS{VW5_TcVN=nvmQ}b}I zN|&?5`$bi`v8}!XwK?1j_kDhGmF=M<1;2GKK$?9h&EXb^L6k72PEJj!#PL}{(}=3X z?hhPVgM{U$Gv^mddQ=o*fSp`%@Y~ma=mZ38JoJ_Ta}=GFG+Jgk_z6tT7z#f?wP)82 z7VTw@I?bq4gx(w zb_!4P9Vexwrze72#+CMsfu3ERXlC{i0hp2&RSMV-$N2y$9xgofhIm%8Z>}$Q3~20( zC`cl4c3LWaq6>95hN?}Ok#F4d=AKg8SV|=BKU?SB77@EL>i#HMz+FSAT5iIqdOqXu z#{95c06N|;bU=K!+Ff_;dW2zNRn;Egton&C(WWr!_zg8kF}u3zzrSGfg$jn>?qm$q zhFMryp%j*vmG!*Q1n7H!D{??ELy`-XM8e;$J=snm5t8|Oz?Hz6-ezUhEi#b-)XzuJaTE@egMbQ-0_ffJ)2{&QRgL4DEvR0a8z?mH z@#LcrhsG&lv6T-%RsaiZ(FgTm7~|G0Ywvb2aVBcIp{$CEo#M9JibT54Zjc4z`jOy4 z%ium@Hq^ju3xE<;yj}UDjkBJeld}-qHzy}28(SOX(E#n++9-t_p+)43Ap2ed*W*t% zg|+?2KY);-COgl?1j=*O6Y zHBn9#zo~Fxxx^?5Pw%w1T(d76wN#dzVsPy}EUyqceD!-lV?SuTS~7m_m0jg$8#tUG zNgQ-zgOUTT;iCdd0Cj-q)2Sgy)Z2jW)GP^z4Yvw67P#&HXGSW7j;>T@Hy*Mm zd<*!u_=eF++n_n}8vUc-;QO3AD!cj9{eC-IEUTq1vhTOVnG$w2D;^#W7!TBLdh<#( zwrLmc4w8J2GEe+!&!!3WSD+mMC#!r(LNAs>k=qs--{XIg+{p3cIR(OCU()tOQPlUp zf}jV?)un|yC2Fp&n-KE0hR2QsULm%0#w_gSD*AC9JVQ2xcI)r#9;m5t zJAMBP9A>C5G`eXO8eyaGRAqN9_@C^{LDCI-;Az;am;UUtTsGP|W{Mi~z1w$2uwZ{* z+|@xmS;FEVpsm%fknK~e8uB~TIvjsTrZ zXkjZLtHSB|7e!7x1Y#y_w2Ti*`sMY9i@3HkNEA!Pw?MBU1>(aNlx0J4oEo~Hp!kc} z_e+8nk9g0n_?&_QiP^LWBhT6N-f(CGIPBOhJxT0;FGk(g_jhlMb8pO$s?d>wZk{~f z?Y=x8-{SJ%U$nM7%745XX!zA47j{S~Uce53Cn(9-UqPfeHwi8_ExmNc z*c>S63E{U6b-Poh;o@ab=Ia=J`0ybQC>Tyrp>8+`fs&Az>MJBm@@bWlAqWHl*RhqC z$Iiy4U+Fvv$-s1H;y&0`Z*MQ314mr*MUP>IFPmZvR5mpc>;2GKZvkl zP=AM*Yyz|4WM>~iAjyLpfeI$SZLrg;u6j5@dyE)<(SifERx1WtTK!X3tJ2fc6}mZyFPn!> zM$XC~ua|w6y+Z4^p(@A(Tp$%O1k!nqO6n6I^5K_q%Xn$M@4&7TZ#Bi26FGe4bx<6N zzg5Xh(4);l@gd9IS`3YL)U_*eJDK2&fvIJT^b)X0< zB_$}0`> zdix=v4A9bn0vrOA+5&KoYHDi0Vw?V~2V4WVYmj;tJhEYaAZg4?h{`^JTU68w5F*s~ zK&^2id^dSb1UUoEAl;`8-!0PRZidl88PJmh95{%=?xMtLdtkCs$wg@KE;9&aTdAtX zw+TPV*LRWo72jw_V7vJL%WEu(^GoNy&T-`Zn(6ul-R zB|LqR!QziCO1ve$dvdFM#@~w6!uR(ZT(N(@>2^z=Qt}@W8E8n&j_ZfPb*sKky3t=|Ax5A9w|7@DIEq_y=D79}KS+Hu?l# zE*I7x4VBp$4w&ms$-!daaEBK_=JY>j2909jb?a4V7w^@x$QKl-$ zqvFViHjDFF+GIyJZf1IL?92O^x@A~q$4Yhpo`wA2 zmja_F|72*?EVVyW=|Z*$W%WgweMRI0{LmFwl{a`dN?n>SRIQ6t9lj+A>9qM#7b|1; zH-jUo2+J>Go{85jNw&@3EOn{&c!aF0Gd?i)yNn-VCx8!AP1%sh5KNOa7Y(Wyz&Z37!>2xMV&)U~6Lg4}{I)&*4UiXDFW}=NC{D+T5ANT&r($!E`c`}&~ zcCa6)nYRpogtZS|e88HXJW^&iw%tFp>n)L}k{+pNGiF&r^17^lN-$x}Ew9Js!^XE( ztWM#9;`{RXTElh01yQO18(*q|<3`tpu|IuPaL;{02$RCbdpIAl?7kG(7pa1cny*_f z?Qh_3o2SD*POv|#X6i;j6~ag;5phg&GF6g$q&^1wxe}CBN~!4%8QmWVyYbTELZHJD zAzoYN&I7KC7w5K$Fj8wJVQl!5-giiS9*95hG!6@uA(28GJE8F3uh_v|HtY%2HB4V5 z1Vr4fiQDps7;Q45@VqlYxB{ta6nej|a9+=dL!E3_+{N_kNz(M70~cjZ_deDN zO=4EkHCY-!<95|>pj7pbtt&&c`&;O?`CHX(8V~D#sN%0AAdw;Up^H(R3M=qHq#wR@ zU>~9l><1s=!-^FSHmd7$mJ#rFc=ZYeo-Me;+C&$!t#^{56H#r=m*p8LO*90lWGKP2vnu$Y`o&^ z$utP=&?s-jd$_zB-aX)gmtabhR5H1lJ%u-RN3YGi;XAdFWku2s?f~f+bF2K)e(U_U z`LfjYp~{IpS|-&~fj?PRAw9I1itVh_qOlOyw~4vZ>hfSw+_L$gXO9BQC)XeH0a|S@RQ}V zBr)WED*=a|si)fKtsXZc=u-J@QRw(%3`1C_!xwVQ;(97AXVa;6kHs+U9oEFi#IX9) z6wEf8S|EqZB)Ilg*DC)w<&=No!#G&o?DF`_W#Pu&)aFD*3}_GQByw+6@B^WG8h%wP zJ8)ITbjv6!$z5cfZHRlAr-)GnyCV2>$>gp!8>L0wRMS8;DKxxww_l|PITIWP3OGS( zcwGOJ_=d~b&NiF9325wrA3@u1LL0K08$Cd6^zJI()}HiP_Wky)EdMYLwQlz-%6T&U zeezx00N*Yl&|L`cmsq{w?b`mK`h`W8ByPha@ke{3`?&K21Rol{NGA`~L@reo43}+2 zq(^RQO0G8?SY5`yg7l<0El8rY?W=H;tQVQ#QEmB*7u)3DmMg}typbI$j9E1&L7QH} zs>w=zM#s#aS{+Rw)82wC8P=Hk_M3)juj!6cqJHHapV|>;aNVHvbgc}hG0Stj?&0K< zDbWAfFykr4)v(-do;>oQHE7tw)_Bh2_R|s)E?h~JUgDo-7x@E0dwDSmX|QWVSo-&` zxPc>@d?UQ=gbj{m zQ1~B=Adtk3UTNN`p0r;Vp4snu2$kG2yWGOPUBUNRYNzD|noy>_-l-Mg%j3&r*1DxV+qvQHiU_oc{5*9ys+Js;%3z64cBX{Jlx%MqwR*H z!HPoDk^7@)hF20T7plq+&lu5074A;o?l7k;R8x^Q7cX@?fZ%(PF+QgdF^J7a^o*hRVAIA-WVO!i|;DwZ)!pt zqipaeR?aI&(uyuz_56$$e_n<&|B^dPlg`!2$ZGrrTo~!f)&!aTkM0HorG=@(f~1Rt z>5)e{ZAsSAc*S_ql@_$dHg#o)a=NMj7q2Z!`aMMwt@9@aCtbTRoVBNqN_xfA${9B; z-5hH-ya)IoYo@~1OzmH0OQ9TTL#_3Zx~au(SkFe>uaguVeB*SB>cW^>J2ujhF#|U+ zmW8ij{Q{SuB=;EiIln7FBci0_SwUtDG2F*_{?Hj@V zhVkqvY@cdKTQLG{U~2U9_OmQu$v$T3=B$|mXUgEy2gJey7FuEV2ag;k{^-}Ey~dFq zvc7(_B?8vsyaM{EAU{@l7m`l?8PucMc`{0)u#xXy9j4;bTPm>KTNhUF zA1he9?uiv!pb^pPp`M=!+f`$m!EcNsTO5lZ?+c4#XDWm9nB74qu`+Uwh^|VPZ+;8d z;pic;vL|Y~-DJ&Pvg41y<`+ zpjx`{xOL$TQ!6&_`=Istjqj_C=Uh{Rj^LG(qrE+A5RAT!)641U2eaSEcS$D|?7ag$+tKS{<^9BgQo^AxjN-`-7kxa{ zDWA};2%h-yg=b8yvNE#^%bC-AuS2SiJSQ%{)&l{c9 zmk)RZRGIgs3fw<-_pB?-)w*E}58Iw)u z-C6g=?TEKbrvQy5jwL>-AyN2O3Mur2aAjBl_bL1@z(@~fX)cJ33GziZiBl05-LbE% zlPxg8>*NZQpagDd*L4VEM!kqbq94vFBvtCMYhS=?%v%In_4oC#dU53s)iWm7Int@Z zn>9%dqc8`aQ&0bfZ4wbotzOSvouqyX*&0m^YAT)fLB?fJar}+@B%)!)<`{!$b1H&R zRj*|aO`H6F3fit^>C-atj!qm4WvQN$(9pEIrneYPI5!tqh7E`IEt)QTiuEnR3T@lF zEAcj07*nz0F4puC;Z4ytUDkj0)EoW5RCN_)FycxpyfQ>?W*}GoTM%f55F)?vLRC=< z!aF2XzP{d)X0fU8AlmPVgSV}3(>EvI{rye3!W+K&I0O48g+Pmz?3 zu1usN4*Uh3Us@r+tX%sm@k*Gz$7bCj=Uu;(pZ)tV-7W3mK)#Ro{0jv*R^j?u{Lcdt zfV!A#H&Mi?rxd-l&wHz1z@Ce6$NS|+g?wsT3?`P#;*xgxGW4N0FixCb*i&<*b3*V| zv=GA7S`ebk$0Ti&-^16KfVh5PCMSgKZ;vdR9<(;vR8mQC7?RzsBUfH3kocFTN4Hm3 zyv?Z%@23V83ku&7nd&MmEPQhvJgd)!H!J>KBmy^CQuDy3A`I2xLM={@8-#A^1t_SW zLdr)md}?ki=kGKtPI(whv)+S&Pxx$%Ao&jI zWNp5)MW?65vO(eqPHYL$U-C;;>ODIfPI`F>zFEPdtwK^g#*5i2pW7>imGw9A?4b$q zV}CefgI81SNN^bttsem}DR3|#)Xm2Z8dMn?f37?KM&YdgO^zbO5 zKG-lasKNto_p8dta(e}yWuqjmIu8+3i#B$>`@*0{!W6+XG{k}ZdMc4q%}y_ogpKz5 zOV_R#Z+28ocJ(Qbm)d*#xVIF}MblE^tgD7WIa1Z>sL9EmJuVqSa;|>EQ?5nzoGQlhJ<>^av&N8LG3$%>Cf2f2+6qAdc8N|Q+r>B*+8bXiezXgHR&8#I z4W2CcjxeCSI30INVz_g{1&`a4$D}(}|J)JkT6h0c%wFVOV1+k8{PT-Vk~n?6oF0`V zWXQC=l!-Bqov!T1{a8^+f6_)b{z*HcFwnSnPq%a2*$!7^p`8%yQS@W^lG48`7d01Q zp)d8HhE>04(wrU+F1TzZY>wFxQdXy$7MDC6Tp=v0Ik&Le%X6~ym0#j!N5o;&eflISw~~s9B(_MT9O^^?akE!brRU{Sfq0DC-?YxN%Mp&WnIgx zxTo7DFkSFtM_uEHp_q18ND>&`8v0wHXO*uU=?Gw~;-)-0+cJ$O4Xj3Qm9ujMyufc* zk_@T8WLZK;bJ0_TO@8F%;o#17u_aSIU&Bv==GAOV46*f|b~Lw4oXvDoJL3BHEa6jy$izsGGdE=kt9VR(nBh|f zd*J2*r7u!rNWo8E6*mX{=*gkC(-m<`tL`CIkT64R4G9c8lbUf#2_(T9C8L#*rD_PH z_-WWmCl&X`34Czc0qN9R9=Am)#gFlI?x1DJ#A(7OH55$wv3=qOYhc!)_{@(E*F6A~kcG4;7`07!D@%5dv zf=9Am+_>=bB&J(>T&)Qi*T>r^k?N$U5*B8fI?Cm-}3VgJh5srowiQ2K91F`}LX!ySan)%rBkX{*BWLy~2{4aNPwx zK~Y)cZO?~s9`fT;>9pVb(fr%VCGRBTSj6tDcoab7@JX5$yYUAiPUXd<3*MrZ?vnb; zT~|lE_L=|L6%GGY`D5EHT zB<5KtofzdfJ9!36^j-Sv?1r?%)w;W!RrVDm5;xiF%V&y9W zH!Q{1>7IcZToP4e-TdKQWI%fAmdRoBJzohlGdi}h28T_g6g^)Wcf7{g9?|wv120$k zIF_1Gp_%K8?-PEuq@fLOMxf1SGGb*it#V2!uHsEWC^P6&aAIIPw|_zBbycHi!0i^8 znj82DDval`@@nqO;Z3f{=J;gh z)7=8;73r*$9f(kP)y3Ht1dDbCbgm~bZ;#sK2R5Yi@3lAMNtky|u*$F2-7c<+)*I^w zKSsTT7r7{~8m9>HWP-v36v<5=g_z@PeuPnmg-v&@k9dWX!aMfKsMMtnT4G z@K;*g14j5t65=4_SBRC9Q)kK>$IPXC`nwlkRUWTGNz$bL)Gyixy}Fp<3Lf z%E~^S#~5xNeH+s{QtPk#hlH3#UgPh2a)^HJWMFYK2+-Q*XYQJ+R?Mrc86F z%sIT-o-86obC&8o!n-PtG}Kh|6vtMl1${~~$F{Rm+%4%BN&IWlDK7x;Lja(D8f9<0 zY~`|$I63euW@7bP%s|9yyNSl>sxHB*CTq+Kc%~~d?0a!psCkr3$KT_o1br$n`%G2- zi+J);!gS^Ks9rE#m7W~_hqxc9@?iu`Jsld!e^{Da!mhqH*VVJhbwz6Xm+Bahf4j^X zgxgrqwVD0O39d1T(T2@)*9{M>6C?{KUr#_dczy*o-@LB2be13Hjif zF_EA|8KrUhveyZ@^Nux+#T)IUj2+#d8|v4q;iYjZF`ytZTvWj)Rqu3h=MCt}Ba7J; z&HgWlMjiVIm5`Oqc~>a=B$Qnz zhY|-zM#S&+x{uHI*FQa+bD!6`*7JH^*L~lVUW4kwieBNIf+L$b7bgg>I&8{a{hb06 z`i7z}zquS6O@^ptfP< z4u}`I45>|W5Scbn6Rl>e+aaEZwQ&c@BF@Tv`ey?3aK|R#vZ*htx%Acj*oK`f&)#Zw zoyf_hF*8uSM32rl_9ngTm7fYSyeSh6*(D{IqCCFp^1hdwq6ZN4?tvs~2AhtbRyj*g zrnDHZCEDw-ae0OCCc6W#xPabC8B!{@u@aDvbzPv;ef;JVElylw+{$Mvv(GlLThsFP z-uY^rx!`9jKMM-SU~IfLX_G2`?F0cK{bj!LZbvE0or@>!D}e;6Gbg_&bjAL>s>kRV z2?g8?aUx;gY;tzS%$UgbF-5PH)eo^^P&qX0(@@m32Kao%qRnb&~m4|rGJ2V1n&e$9eDKrm%G*7 z5#DPf8`UN4nNgfK7@F{ydZdriQLpQF?(^OnxM38T0d`?taJ`!$u9U&arN=%E!sCH^ z+M*|^7@I#o@{x;BSutB9X<^`=4cBDKRb~024#Umdd+a3IbWFL@d#jQ&MTL8by?0X| z0BX8f(6EQ}RgKZ^LCQ@W2^Dq9n81*#iC+5?n3}Fa0BcLqEwdrc+c;4e?nuIr_J#v! z-excPY#2Nmv~firwzm81d&-C0r@CDS9IVj$^IY8uRT=*=x4#`QcOP$Rt$#>v^eUlw zDzb(*-!0&%37IWu3#DVv823bOtd3S)k0a2$a-LeftJ?8%g{ru58?`vGs=1~zp?H9{ z*7avE1Y2ZKH4&OgB{LL?LoyfQyZpxsg9RnChOYOO>oAwH?(>JTuJ8u=*S_KSIFHqTwERc|@byI4w;^--s|o-R3ap!4alYlBuxU(}JjQFx5&Y=flL^1f`XyY3 zUnK(6-vvLOpAsbLF_Ai6ofNaR%MW{W=&FwVcTAz|E)7R3wBfJd$JiJq`+%o|#W8Li zv_0H05_+TacMjk;j@6i+ml|Puu`y0~CW=Eitd&3izc_*}qg^^yIGnkJs)yiIx>nLA zas26kVL0U49+PY@&uMFtvBIp=<3YSEH7zjJnsL8vKN6-wQMPukF2N`WvHWwkpv--J zdJ2I$_yhSdGd+gKx`+7&8JSIeXTNC=&$X@IE*@Mlo}X)H)QKDZJ~IIB%j#l;De(U~ z&y%Oictaigsc^1lZvjeZvf1J%pS{Fp9GK-No_Z~z_--IH!SH)epOtf`ij2Bl+^bQR zM@&&=YP0Wn<3!B6s!*ADD2IeyK?0~8kAOSIuD0f}gTWp|8&2f{b?JNmt7^P_ua`I} z)%{yDa65xXtUhmsXkdGThaP7=)e5EepvTKGkiTrXVijSW-QV|_3E|X$DS23!ME6-u z;OuOdm&(Yg=<6Hc)^9swsAR`1QH2Q`b9_l2I#!-m7|oZW&rUFGKBAP@Qzx|9p8#yV z<6|2Do31mz%jKWNn)09B2L?EEvh$!BC-;Uf>#d05^tXKK2P&zhCo8r#Zz2 z;6>l?VPC7W@cb0rOR5JKg>6ff4_Sp6swsp;jvRBWBt>26`GqBwrHByr}6 zt`w~|Y*u+$4`s9Ps4>gCx^i&iZxy{Bx?TwXuUSXT=7kO2un`U#x?WzfSXR4ZEZes` z^7ax;E6JT;f7VuovC8qGiz8Hp1HJ;o?joUl$PIg_KyW9_NbeT~ivn755BZ|x1M3S{ zV#oiN%Up8-o>PM0mzjehnJQ85I9a+CjwhP5@ad^e*C!Ni;vpVje1_HDHp!j6&Hyb+ zmZVN3EWLioEP0aG!SuDQvpl8Y@y3AhlumimXCO+wj42EVP)C%Dxjjv zHG~dampA1Dsg)^(-$}xI>vEqz;p(rmErbz*%0g-@eNV=?dlK`k+`TlJ=J`7TTvmb| z?XEkMK)q&jF^EG%ho31YxXVC{(KAbp7GB@7Ps~{d++00EA4cN!OUTJ&!eP8K(nbe1+)1&cAPh0AjUgfVy|DEKv=?Xepzt}=J zFlbOm4*fbms#B@{rgtL-3KtL3nyo=$jlOO4ZzD4+-eX>CQ-M^j8@-~9ir?1Kr2V2s zLIFbJoSM|*><9rIuc;B$bBSL?fbL_NY&A7~fpd)VW{nuR)DqYx@GB3Vw$M5D9m}J8 zYp`j#GJs6$I+u;rD(VKN?ya{8s<}StY-ueO2Z13Icv>p4MscT=q(s*#CSgE!b|s-2 zUxg{#J&7F$^$(S78=eEh^9D(XC}#mLgWr&)Byk^>$kpL2tXLe0ipps*nbaOK*0+7gXF_SZxgJ40d71i(X2C$^fgpS%08WQm*d`EO$1?FYXc*f z64%=mlG)8S&n(0Rxb7Qu? zl5r92VyJlW5}U0Hy#!_QN}2lQaStrZkkxj)-N`b9ULXt(aw2?TjoEmD?+53xKI*nI z1d{TU9?5J=ZBUr;{C$QwuSYWY?J!`$Ih&x{KZa?h%ugMwp)%i@g0jwvc`Nd0CgKQj zvQ)gHZ~0eYDJI#}`aa@)$$1!3UFE8CenRV=ptVoaV^e``7LLTck=422R~3L29)DKB z$roEh#5hwJtOnj2+FKTh64&wP zm1W4eL8c6E-K2uy*XNYTeg7O|le#Sju>O7BjDH3a_DuHXLQc%qA-4*RnW}n_b^G4W zd8pDdTWw`*!OXt#ppLM`>#$>1{gRDleIRJTd=ajDqqu> zl2o|~q_L}L2Sp)T*B^wLj;Q2IMw^OTfFYqGugMPa^kh<5Frv9jf>V=rwb^sb2o?;& z$Jl{azBI8gS_OD%V+Omi|M=WyVga`w*l=^Q$({OAIyM=QQZP69+-)_rqKd2yl>h?Z zkeDy+%UR$Bn)lQ%?FM^r0x0Zzd2|kTIyQr;Enx=%>oZfOl@~UTk&nm^JATEkbmwow zhJB;$Q6N89`N^$wJP`<9;dw>GhKr>o*Yb8LoOI;6{ZeJ)v(P!1cn5OOI(`%75;&pG0yx1Pkq1CPqBucsgj6b@Qnb=4cT{w^jZ0Rm${AE z|0rH^=6|q^JPPitoS_f&HCDgFKxmc>w68u7yp4;lFnnQyW__{My2!B;nv1uM?!`V^2+ zC}S>vTKivCFbk?d_!i!6F8uFL_MrcafVLfmjfu4EBJexB%z`q$7Km;}s$gQ-)lOMZ zpS|NsNQQ0_lNneBB_r~`UMuR6paY;P-AtKFE~+UbVuJYVOF2w|RGvg6 z4L(dZV-?spsi6M%mI(4asu)y0Jgi>jr1q9oBpd$hvyuUYq++bm4CoHb5>P#CRYT?%6nhCQb9@RuBo1*GrDc^*OiC5ezLYqa0Z(}wtCpU zX~$()q};L5lrQes3Vi!!x{R!@M%rz0#Bm2ePgmq=Iw1EetYFbZmtpol$w+w2^rj*} z)^eV*P)+7z5N0S3vh# zbY-reiXp8oJaRo#I8OL|&2Dx^-Mcc(*zS*ZM&wMzE}oJyz=#WQ^~074i^^8QIjNEB zS9)vJw&5=XQKx@zEcF~Mhe6pafxukGez1+u2amJZlqYcT9TwK^IFlO`8~dQNy&X3x(s^o( zIp%)BdQr-z?$h-x%_P7NPwTe5NHyt6+_B)W9LJuq_?j7iC}7*xp6Z;m<8k7=LKC>o zt-Ovo1s7{-9)F2mh)G};E(L)CE^n*+U9~cwRh9Ps2gZ(DIfiETVLY(qDTRf!$c#e} zt>IOpPx|FxihP}I%nf1^uv&$(Z@4b$bADgQJHJU0?7~_%TAlsTYUJA#3otKs*)X z$fuRz3LckO9OB`)y`xaOt5_m`KW~1oRf_$%QVnXTZKZ8K0T+YF9rOl;hODRhrxrS> z{3ii^^LI}*o&Hv$%ORk%=|~Ol(dqgNJ)bW$3lCVuUI~eqn24QQ?=ai8%wJh|?N>US z69(b12k!JYEy6hrl@!Ar3*QSj6TA^nSDCf+ouI6hr|F$@v?}i-<|i3yE`0y8385ei z(rixhZVB)=6lK$CJHw}BZ1!7%I3MAw|H(xi(FN49AJ9#g>Nf{x6cmY?=w`i~IJKqg z%wrn{-NBW-MK#TxVdS1yoQ<}uaguFkyZq3gi!$R%gn&%=uj6o^D10MuyI~LL8>>xK z@vthV$gIkp_;ifP(anM;B7E1U&<)SdIKU!l4l8Vg3D|C%fj>so?ErC}D&FQR9UET) z%7@SML0~#bRjP?%CS<{&Mno3j-KFtP%x`goK@BeGvx>Xle2Ga!y$**P;2Ct0j0hFf z_Y*_+Q>H#eMk^X#R*>zDkdn$T@;DzpQ>E4|N8a{rD@UF%+lQI17 zjhk(C2`>@<2DuZIdZID<5=QWSGDtYfLEg%v)8=Y|p3rn+VhB+D-7$8rSr=<4O40O_ z9j@~kx=_y2Hl1vCOoFo$vG=iuXi7q|?A9?ULI7~#QHwmgdWu`m$owxXTqI8B*XC+Z z=8<*Vvey2Fl!~{hbb+j^qK})Kb;5GN=>oDEd_BNg%h~*UBrMi%>)P=dqZfHP9(OQ# zYvxk>L%Ya|Ah~&$qjMCI6=w#<7Sd`AuA@LW@1;2MDYXMXmN9Lrs!#FNx$O1 znl;$#)7bBRe=afv0W(nLlQB`{mINv&=el;C_j@=}$9Zj^7cME{eLFTEL8hdjZU9e6T_ z;OQ%^9hRS9f)fX%W;u-29QGYg52|JQ&RH37QV|T^(5>U0eRHEvOt>xwpq9UoRP&Yx=hKr48{%DD@lw-IVuR z@{+e^INI!%w|n0luALKS2S}DbX9J|unO@7=l|hFIC*mM=c#{ z+;54ND!QdSBdFBHc$txW$syAeA5=bYWkrhqOL9qOB-`mDIBEPa=!EsV(OB?2Uq^tr zJhVE)i<(ut@^wS$6P1M(&1yO4nGoj)aHbx*+bIljtEelywf7fCT8#DlLMdOYKPxcX zOOFG`RrnzphkY+oxt}m=X%KUk*BH$X>fuY0Ob7S?Xp7wSih*hQ)1x#pMw|o~v!j$W zNm&U5`H%qvbj{C~ZFmh`d_P>}RHT@rryhZf8xZ!yR|o+X;fl4WEFBV@~w_qiXDW@Z&Fbfb4T6 zf)1`m@ScbHsr8%!Mq93Q&)l85E0=c2jW=`U^4YiB&wH~J7l4t;pnnqes_@NX*vDz@#M0N>j&E=^bXcnCC&uT;||)U|C|nmi-1h}*4Nt7XLvQyhv*e}VoGM_MY#v} z5Yq>)=@d%&bEvvt0^o?PY%Kv^lZpH{L5@!1f6y`2)3^a*M!1-+uXNj>Mi#Cbo; zq)xgW^8e$y7DZ%AA{ca7p_Dlw=`q)1HC0tI8T{ZQ!-3gsHdY8$``b*8GX8A;vB09z z=S&_1b|Iox6WvDuk?kSHyYH7X=Vq?^8d+7Mu1r3#bC*}>=p}XSjYd$<@mRZTxAc%a)w~-3sM|FIo@E`7Q z&$(^ap2-Xmo8K~y5L1>$%AUZ!erihaQ0n&HJ?M(QPI(@}SpYl1Ow^m>R1KhlqSkN0FRZ6o zctc=4WRX-|GU=v*PLK*@rYLe+ppCly+J9aiikuNLe7uG~0qHefUV!;vdrtqMsnB{f zQ_FHVmwfi{cQ5gto_h-w^J(0RJYp(<{<=X1qDr zZ#7{k-2H)2K!)fxm!i9&5n4rAd@1k!LA_gLBIW>6Il%*6_G*%#=i7%i3fdX6eh=3@ z_%GtoMA`vTZCe3vYUCPj&-BkTdqG>?`XJLM0akgo zAcCGMY!xAJps<40QguVtY7+;lz^BVJ26+l~SECZ!MFhvE!5_L6pJ1F^$P;i_A#T}n`Lg=^x(4A?~ zLr4n9TqYx01PWS=UzX{w z!O3o!sXJ605FRAT)g+P9&{RV7>Wpa)#-#OxCJfSoG4TZEA@D;3R*+eE)a^Tp%ac&= z5vW>CS@P@4ucyn@kB`i(+J0G13EEYPg)t>_QURu@?h;)#$>X43zXH5Zu?vPO^HUw6 zR|S6j%iQ3$v1#NQyAa;l*x?nn*A8~O!4C8>G5Vecws$WMRQw%?U=)=6N_3R$aNw;* zPZ)I3eTGW?ldiR3dwu=z2=}$@19qrl&diT^_f0qd=kJUC>*rB0!Npv)Du5KSUTMES z*Ds2sf(qjzr+`KGzaDy3=0QZWM#28=^g8|;!Ixna0t#^7k9hZKyS4wSu6F<1jfi9j z+~_OwhGlzj5GW|G1egvD-B<{d`t& z?~eZ6-foyR!k8@cN)V;Oj!k)Lg{&99LmQV60GLFwD5n^Rk$Tf6b={D}jw}H*D)^-< zkrbl07t}p6;|Ma$JO$xQXD_oUJFW~xXH_S972UOV2avxmjNi3`k9QSu2g?#br86Y> zTxJdf26X&0xQ$eifB*QUg90C!Fbh^|>e?kl+oB%Ua_lHi`^WNQ7Kk~@YU-+9OWdZ( ztU=C!S3d7m+VLCmpsZrAuge&y6T5_Ik890D)KDGJmSnRgZcHaW*{~-wHxZX%?arpt z*eG9!0N*i?#;8qSd+o97!p*~@X6G!W8%2rrOTce}&LdCDWO#p3U&wS3Dxx_O0eFDN z{L9i6nfmi2-E&wqXnIWa_593e4c=(-n-v%}=pFcEODp;#V3F!z9-V#duQ+IxWg3D-gjqUCmaN98~k-|h~prvNZ znAgnU@#EKu9VUDaWv+vFAXW6a`YbWg+3XBZoG&CSDM&mWkS^5cnCM=Ai=dMa5nF(T zB0Qn>diNT)CR!hWlj-Fk?~|+?c-H!{n(=!|@1>gDMD9JHqq?FGltDe~ z>Ygyc8EjTS&2suWqvIGk6rGm+Zs!nbgC^0fWW8~Z$(8Yy5@1VRY@e*$i(V;9=DI&e z8pz;buBm^$78!N{XFu1&CnQyrUOR9Dy~qj9wKE~WKj%?=Wz8ZVo5*rFVt0Y(*@yG_ zQjF^8p`+Gz`E!ddZUs&Ms>ee^mc0A!tsNPz(wHJ#xZc*aVBU=DHVrHEJ%p}g11koc zlM-my&#njr6{0(HCiAqF{J2qr(cNPtK6`$<`Qq+XHMy}0uNA`L6e!WH;b949DLlb> zS5A?<+Fb#ao{8Avt3@e%DGMWpqJXQ*4(hX#TE7u5`gt%GMRs55KLQeEP%uN)m7L3X zs-^8E3R*yV{jJ@lO_bvA#ZPe2wYHKsN`iu{?~AqZYTUGPY}{DQkW}ERj!Q~EqARNP zs2yjj&31UDhc*=rAXJv^SyNP1-Q_*Jy(F9gF+q3W-*AGw)FIn;1LPzIj8hYzQFGp?dD*WoMZ z-ko{o`^i6NRhj27v*oAoQOs6v>w`d7bPP6}EWV3dYpg z%8%U@`Ed&P@$;tmn?vEeWZLP%Xx-Saq(f+e1o7D=3flGs;wrnvzFMZ&Vd`VxWE-|KEo=LO?w(5Twb}&(t zIt*_q5u!QeNHf-YKM}%qjw0oIjg#PE!sNzgtkI4fiu;mf#bn(Bbk~*KY`7H-bL7iB z*T0O33kKS?`Zqn;e2U83CC(wWG`ztFaLz8h@hNr1=r^EExxcKhilV3BT~NCmvmJ5z z8meFfpXaUmA_6TXtD#lh*SY6QbREknl2bX>3})vkI4>V}zBV53M=QoXXk)Ycy6?`g zfEzb{>Z!$H+zM7bI(}q}!sU>wZ;;kJ47WTGjPcpS%Kwrz?2h4+yq~M9%HugNlDq_C z0~22RjSp%v;oWC#;Z|X--OueiT3kEY^d#SWUU;C#O%SYJVab;`iHs)&M2+A0QNQIF z>-7459R`k+SqGGLbPjDEx*>0X?onw-NknXn_6W zmnDc|28_-c>BeJ-VrCrz_Bf{g(23TYIedII?rb+lv>yBLpA^K8Dx?^3m~a*fpT5i} z{V&(^{N4-df9LPED}T?su>g)hOs7X>YULF9=NiJjR>?e_Z0Q)>(?DG?{890B>2057 zLC~n`jkf$R>+zBTG=6;lrRkOHtGCii+nT<2jH>?9&xc~}LXO_HKbOx`h1gX$&z5Fa zl|)dklOkSF9=`#*3_ojtEw5Sq72>8UG*5HHE*@A(n~)HO`_$+M2byJ)atcTr+Zq-g z&I%-{4W5Q`hNB|@aVee0*zfj53*mKZ4>%B=1zWKEEe&+DblBovM=1-stcW0Uej_-= zX~N+eEbY_*f=J%WZjOhYsgr>TXmn)ClhTP6I2&p?6^N*4dO<^auik3I#`=1E%!>rC znpDoS|BNXw+>kRJJ9E}lY}{9oY_4-k+1RXA$Lt8aGwcT_u$uMrAl)DekBkyS((P8Z zABBj^PS)$bu2~1>?{3C^W~E@)V^Gn|ts)$^b&9l()1}Tpx1w|J zdbH1Fo&Q_->^|$#G{YZP1722(&vUFg->WUIBuRON{QG&-cx`>%#1!)@uYg&3Qn+ix zLG(>}dp1j&Et->kV{PT}eVra{;5Y99D@m}u1a~U;OZa zt;s-dY*F>Y@W6x;-P$6)7VP>^m$S&_h~$Z&P6bYAaPa=GOD%34#c(C)^TK<(Z<*aUb1#Z6#C>&pqZ)D5zFr!S@rbS?0czueL2Z#? z31-fpg5|XBqkW9iZGqRnYUq5G5W_X5{%0H*iD*z$qcj(BIN? z@{T)bt{4uy9uMZeu45EObY3G|FG>oiX?I@uJ`MLb-q>FaQ#Y_Gl(6XTCZ0>;ys80o zvv6ehVbNgD)k~_cd$9$Kv!IGi>IL;dUW?bofyatx+3arGt#H&LaZy^enzl z!&rXCe7C={>dE0gO$1&AKQ$`nRJOZ4QcwH2T$5&<aXF->M79z zuTgo`agQ?Uw}X2|6TEBsmAxYWyYOnzKKu*GY^LrG`tWVqKVJr$Ue7|E)xy_-qLsCs z%75ojuhw>5|39@E$l7V8DL2bDrq3rero=zs*D7brU(FDZs8TnkitixDI?=eP#w zUg7;V876(-?J}k}d0Tf0JdX$9JW%&SB+@$!&&6)h53)v@8?sEHSQY3xPjo5PcXAvM zcX2Hp3W7b~_T0l5y&hXuEkxM@0N_aHc{{B&Q&!>@9}!vMv9ie9GWV5?#5k1V(^KU2 z_cE_)rv=Y$j15{eeZNLxc-7D)j=T8vgY^OQI2#IQ2oNx=y0M!TYS;5%Tqsj{>8(85O{igAjxs@8CkxP^**d z;{!IUJFAlA-+czRdR!>A;WhivPw3K5Lx*5U#GZ?eq=%E4zn`Sw(t>yHrF^5^6$`*O zIZ0mabyd#W5dx$85D-Ln)@~i}1Q?)f+HA2!+cW=)K^8~D5R4f%R4B&rLdO8jmD6!q zvF4M5e90&@ISrW`puN5I*%|4Hb{QE4> zUCJ$35af?bPJ7tHU0{Ghp$0@4`+(2>c{K8a6&w+P%wrh7vPy!d?Md9-tKJM*_5%cJ zm4db!HoTk}xU}FlSLc^yYG`>!0SKkBBf3}s#7CC+ZJidfCsqi+I>L5zmu3^9h~0v4 zgYij6wHWtEm(d+(5_FxIUp)Hudk1Ry$cvpr7o{^MRmRc;IlYA%kZv(@%M12#%&PO{ zRl7R1lj?r|{`I^ky{hdJES>WxqwmErdhLS$*6o;a7{{ntFDjpSaQ$B?H-?!_C5GH zISE{jj~qTTdwMHnWwU5wF%T+)jeugkH4Wrx>)>%#Hy zAuwtvhxDCY`nm=@YX{~%X)AKtRolVQY4raS@F`+BOBB4%2QSz72ShM55KnM9d87Z) z*3K{kyMIrQb*;>j0NPZ`?P=hKSG|M|IXvx>!YM*%iwdXlr@SYvMZmexy~JRJ$Mnv zuqeVI{T~|dZjgj3>E|5ZmQ_=WrRWWZd6#$lJPSYYH2lE5orj8Fs%e!3EZV*yo$+67 zpG$POLka6#-jJM=*E>4wI)_Nd9=_3|uHe*8LM_&s39dz8Y^Xa~%wtSDp2UkowqkMu zR3!V}U;Yg`WjT9*>AAQ-+rl%zp=asMm+gC+=gQwwC+N=|<@Le}`3VF-sCZ#P_Y0q6 z@(9ZD)H5tA=SUBqWYng?qxHD}4gnw3@vf8Op`N%HE7Tx7JF5#QnrR%*YgdSWczZ9> z;W1|O3;e&xu?NF@1I_y@a6lN&Og?{uq+z?r$};f0W1z}pVEJ`-R1?*dS=Mm@%If2; z+tQ52$$llFHDT-%;}zCi#F*&vovF&Q1O0X zSE!LkZW_l|jo7)i&7-?Y3=wJj|2jO@&s&u?OxFMM{N{xL@SnxD)6ZxL7a66!9>hGC zlW$GM1_Fi^;(O4!ji;G6V+H1$lpFI&xz+NnmQo#W56kz3KT0sui+zRr<7N3qPVJ|t zo83`aDeG7|oY(u86gmcjM1puhT8~#Y6WRN^Y^P*3 zh?iMfFV3NLUQ9NB&fjgY1Mvp0)0M!fYL6dJh^H!S*zaDMe73@kcu2B4PIlBABkkT7o9@s1@{_$2yUC<2L7{Dj?B&IRX+#qpL_lly*PY9v? zr6vFLBBo4-QR?#1To5exzsq96YaJ_GnjgA%nQ~K1<22ADdPH{npm0%Lv-F4{AaKb{u6pT)8#umynh7!n?Pv);7pLnn^d>I92u8g z^?DV~_k3nOPkH8qOJSwi@7iEKdt)mGac7_PHlgb|;TLYRMN0}g%-OA^=G~%%U8a23 zlQ+DiUNU=8F%&jyz6O3y<)myQr>O8{uQrN&f+FKY07x}E!)Td@#e zOE^$e{;WxFPdWq-Tm#r<0Iu)SBij$>#z-`g=Fb;_Z`&UTzCwKfap_l8;s);&>i}m7 zCXt{guC!6RjD+|q@PcR*S(c*&BlgPv0AfUV=xr~i;+!TN3SCCjj}sK#UGB zL8#}paTRHMwW)#a54;M%-$2uJp|tmX$mwn}Lhm49k(1dCKMNVJ_c_iITRBguaP3l4AXH(zM%Nd4Yv zO{JA!+K(_V8}eD)idt(LUri_t$&Tn+r@sxcANs5u#NQ%XHtzA|6e+a8L?%u3QnhoCX6p!|Ks~?)#Gnj{HvxVTNbqmKLDOgGJqT6^&Qs{w)q|9FLg>@k*XfwXtA21qhiwFjj2;MDw|t`tlGl)xY4ih!G#Z?+Y}v_gh(O*#5Oi zG@ob|kqp%>6IspIWW30D-oxAb-*u}dgk9nrS&+B0QG;^V=m0Jaa0zcay*Tq|FI?K$ z*`1KxeTKUuM;_ZN&>}tX4S1CHWUr}*Ff$^bgoi$PKU;%wrG_n*v+M;Dc*ew#k(_e> zmH|#exF&rOd8)}}<~Z{jAbq{g{e8xv(Z&?tS61j1+KQZPc?n+BtQ%ooGA&!v#vjdp$iv=cJmLaaw3jKRV>mK;qneZ~gX5V$+FnyztR2_pUVGG^QPDvo1XB(7vuqj0$Xhhfo!8aPL zK-M-N8*a1l4jf!ObaOK70j0A9>NNQ)_$F*f6dTR5bAR#y4y((towq;v4`LBJl7=es z`?%0m^e}fzN!R`1=e06^FfT~{ zK?lGm5q2-k`18yJ#hOc2zkVa;Eg4k?ay7hl8{e;tdU3eM^7H9HL?TZFIc{$Sf6lr> zb?tn}6_s~`NuH5K;EomaZ;(Xy3Pf#01w23sLXb@7*nSaoG=y!Ft{QU93WuAr_|*p<`@D-#*E?QZYA9D%)k`< z7j7S;XbHLL6;FUdzI-AC417f~RI zh0emJ=6Iic8_uCh>){5WY??_((YLqWo{FSFg;Ep6px&^zuPiI33g;caRmN6UWiZ?* zXuysBd)K_1x7j4Y6K0O=T4@VLR}~Rgbvc4|>fAw`d9a>521JGR8#g`I?C5 zr^Ft8R(>UKA-S#G8aPqjMEsouMOiuQ9|(7b#y3vrkrd`LOB1*pm%1er9g(R1FR`^nkN!Y2q& z9^{S4xLaU)U<(Q@{!({>CbMdbIOcp4aOUo!4xJo#ZMB#a=adlBVcdhD z4TU-gC1nE=eNI!%kU-SYOr#)wgXHiex z6_(S+L6z;$Rg-%^>ZF=8fSP|D>1AF&$%g$ZW%Q@eT9(luOrlr~EI%g%hh;LV_UV9a>+%DLk~3N^!)avy1X z_R<1=Qsed|4y*F6j^m#=q5)X4yDTONH4_s96kF2BV_R$n;e?WLkIKpE(o%}c1t@^A zPvCSeisD4-@;=BiYIT3Di0=(pfYytKMGcL%`44{5LcOApbAjXvzHqVLp-A;OSwuX; zwr5Y>IlUI_Zy}|MZ16qG82aSyTR7etK|h)<>D?I*9OB!!5WUf4_{$jcv`FXa^bY~A z|A<0*j`+Bp$d)?FH2ksGC{Kw(NZ5&4(S5b^?@aP7RTA2qp&^Z30USGrtR!ld_+1%2Y^;Fs> zst|dc1*V&*%VJKMxIL~WPX*wI=Fi#h<~_IBf?qm(6cbjTckr`?1ak2Q9rc;7Pt134 z^?!*a9!3Gzq)W9nM`DT(;_*(6&rP6>-<{FX`PC={58EalhzMn%dmb}n9PZx)6c&Z* zKL)G~?<5^J85V4cxG?fvcvROq!nim8uK1wiUNT1A`47C0~cj0-W~t1;^v6wNHZDH&Po{fZcBV^LfGruYHi3M)=; z$8>$)BVuecL8jB`GtyVIu7=2TUK0jx5W3{KYpqR;sW*fS`f5}FPaAE7Oc$+PTNRHcuYdbF$EpY zc7C}fT_i^g2|Xqd@8ByzT})4E$p82{D4>Noi;9BF$@#!rE{ngb*c$Y}x8sAt>b;r# zo@;6^5nm6-8Ve|*Zjq zAZ~Rhy~{w$k>mqSYD^n=w@W@6450b~ma^T~4?S;fJuhlS&8rnXX#5To>zZQQGv}$b zaQxSIjmj;R?Udb*Y#&%=b88s;Lca24SafhIQGU4ePuD=GyPDgK<7lBz>z*Fb_$jgY zyACd$x4XQO6QYi-8ky0Y^5)$3!=^!`R8T%%aj_WGM>}PYNb8U7j{D%L!bZ6Y7?r8NM z56IMKYITQsY+Btu7*J-hQ<}~hQO#@rw3ni_Dn3C44TjZXlv=@VolM=-7ods}yBpXm z3S|euI-c5|(?L4tpWB3}Z7~S5v&Xn5w?w#)w?93=p_HKOc;62?88R4Oh$}~9+9CYJ z%L8ARJ`IWrWpBy1K@B&Qyb&Lf%@^!%?(ronXXV-9%$mAf}pPbRr zQR&whwGWuNS1RUz{+PzNMc((Qbej9^4Mv7cYFz=%@Y<@Rbw?)0xp@QSs^=^H#sdXC zqYd3RWABGxiaox!Zk`kpl% z6Xi1Bl4T{zX{?Ab5}(-$E_(p|+}O)Y*D-9d8C4JsA%y^tloh7j*{cuF^cI{@^7q#- zq!uX{q%|rKu!&l}dyH=MbTU!V6-mr~!O(+`jk${6N||AcrOCswVC?|qa~?O#Q#pZr za3*82X(2rFPn$Js*mgTJMxMIUSGk54TfTX<d(y zP}o`F(rOsCM9H&{;KkkC%)t}19@qH-6cX0?-SVEq3GfYB|7SY*6(P0qUAka1sOw7) z{3=q1F{msa=u$B@rZZ1# zXq;x8hW~SHRRBCyX0>h!zSs9qLx$EEO=|M0k&e%K3=aboJ|LTm#Twe)S_47_yD{7Cq@WTJJRjk$sntHKZU5byPM}Va!Kw!MN zGpUOqioAFW8F&O9p?rdhbu;vkcgPeuD1-v_!y9t5KB zgKtI1an!|>rtN@_K&yJ^@@1$Z!rTdkiN9pG#Ph=Cs1%DiTsaCMK~UmP4v6wrI&xDa z4fPNJqET^!RPkl$uW1LNjd%IkQuUY0aKJ;0$kLN5OX(;KO9tqK{CBDp5SST+M5 z5va;es4C!ZyF8pY@22A+|F;0|&|8!?HXBippV0#P7m=g8_zodHoy zP%Ojz&I`Hl(6DKsHLsQH{eU|3sPNeV;?_E2{U-824J%llLzz4XY6wq8vhUwo(2Rwq!P|ImV0wyxXJqqzS`jE?x zEZyBos$pSlP!v;-W8Qq+AnrnCMd0=mUD8%Y)9j(QCc7_mdiKS0#jVjpK^zrn-X*b< z$Ce-c`5c%9iHmTu48qQuLxD6#EW}gH{)FyZ;k7UC52;De<5RtB!#Y}WaED!)S$+fp zg!#q3w;!X$=}+8!hLxumhrTZb+eaBgG6;2#m~xME%S4Fy0HPtN2v??wD;xX=SUY8g z5@oHq>~~qDf`cWTFcuh`kNv9M`5;@tYx=k&HG=VQthIA=n}|1b^L3(>bNVBf&vja3 z*R13Jo4yxU_xQN%>wC*;V(8b#@=8uUUAuOrOBqoF09g%#ZnXZy;3@Dfu+LlP1-ypFeFnXNB5Zl;B`176v2$$;A_CUgL+!qM#9qs z_UjNXk1IFy2 zgC`b?t|#VUKWBm%^0+M|SotX8 znyVEuFe8>rmXWaeWK0d2twN$1^lxSt{lE6UJf7;V>w6<@3q%n!*{K{_TE_W5l#o9U57QQgT*%6wdO50BH=cpymXURdhfVs#*yfsH=QX3f15){mcCYEJ?++e) zHgBwH=f3_601;K!&)L{7#jh3G)S{exH}|58&$V8hTZL+hG@EncGsdm%yYBZ7brX1$ zDefQnZtGzWtX) ztXfWTe)eXey)R<1A3$-oYpVAidN{2~>mCQ9i^h(gUZUX|wD`C)xIko&-w!! zS~^l8*X#@%{vRI2_}nRE{r0${7c$x6w37oiWQ3mm9(xYAFLErNR%Y>b8Zpb{8>fcc zf}ut%GjS%Qh{#@0-A%5!s)+Hn@UKeQY@<7VD8F6R;ZkYU zRy=q=z{`6();9k|Mxl>t`y)ezPU?SJ$)7lV_;Sd4`=QTm`;QFmxaB``dBpRZpEne) z%9%}+FYa#by=fG(M9F&j+2?Je9uNT7sNuK@O+~2GT(nTs&RcddNNE>4_9UdcM-vhu z+Ob2`CJ8g(BY}AAq-oBPNrkPTnWb(Ko9)HD@>ne9u@hIoR5g=LfijYxDHAD#))Uj6KS`Hv3GGuzB&Kv`0r^w$F z=3aD!Z%{Jn#6!Q?ZrZteeXMRX2DGL)ghiu!td>KeiIrC5i|!k3!7p*nh99G2q`!T! zkfmGD0Z4zf)wN~k<1#_!YRqdQpkOIuP7ctEGN3px=IHR!Z+Hp+oDo*JGj}`*Zr* z!&G)UuYY6E<}aP!UMLB*$%=feJl?d9Z&#TIj0GzNu$IgFP8hfHUdesiH)BrG5f)fR zZ!_m@>BQJnZ0^b8SVVl_%W}%Uk~HUe=7J!RTr7NaUvlKRuZ#IF#_bx$3{)nqd%?la zvsK=m*Qs-wG(Ku7itP$c!TDW?1V*WuE!yTjX&id(`#n7Wx>Tx{NZTvbA0_g;$B3s} zgIySg18Q$0Ne^L z-fMj;&Q%_y%S~1i=1DbSuT$Xk_?4ol#(hDn`!}!%j7pM&od;Rd1mA>P4Xe4Ljj*%V z)b0Ib{x-Es`_St2GI?kE#=;z@&)*G2xcNXb&6HeXZ#v#FFOq2Cjmm?kKdyl56lM0D z-pX;k_NZO-)$Q*J4lVBXT^%)~x44#vZaFTp=X$^fQ(vJJzsE<#2BQ6r_C|)tua6z; z>XMH2o?LjeK_OM+DA3cViJ<|ixWA_4jwBwb2PuxKb-ypYO%}`427SgZyRD43$~)VF z+ysE*c3`UF;YDQe8ZKu9k=#FE1|W1{5E-^H{fi)HR^wNC7i!RL?ARDrmhnWdiSEY& zZKKt>>6Wr`@*ZWmdjDEjguVqu^?_%KEUg=%qdr_fhiH5|o>;Wpg7*}5K?mkrx+!CX zO$cLmhz#G4_$!r^+f~b!=~h~3!h?CL)JT*>We4~0T9TP$#zAsEcO|rkr;!I*e}+7? zP1;M>xrpE{4e;6q6&@Q?MZ04Jf{Sq2L^E9Rs&e>o>aram_xq=HX7vX*-^^v6oy)h% zBf(GZVq|q;FRt4?BP@L8mhYSmk&~70U){L|Kn)* zRz*pizIxCE? zUco;UM;71att6@B+*G?Lu%?yGv3iY)NMw@Kk=giBvaSGd!om&*k#iNZH||^=nbfwY zV?!Bc2A?1a?2(l~N9$nKdD1kxkp3urf1>@7YU`0b*`JgwkHE8di86j= z?tL|kPEO)kn2S{-5$o|j=4Y$(UzGA*9of^WSZfR4P{u26L(pN@K%5LA%<*h7t{)2i zEk?rj)2383AQ<5nEs0=i*Y>}6Q&gA}Ogi}0)?oebsDX=*WZm+loTJ}MGG=5n2` zWBP>>*ovZm6^k=Wu@lFa~j*- zoSG_5b``0;e*JfcT}uUg0?Z6#UX`wzf92^G!}-T$;MQA1sqZDvs@+YE@PMC|Y*K6T z>AvKZg$P^K%#M;Z6`y9Qnp(eC=PwUXn7A${M+2dY^DnCCt~{|aA*w*tyfmoA1jTWh zERYjD>F>Oj|ACmy^$CM8IVT}y6}b@2*vf?`D~{XmRy^!68)ziX#({sXOYhe1UNcp{Sb6>Un(p6lT z6o{bUU%O%*_cNyq0$VgMERIjBmV%!vk>LU(=3U87Tl~{Yh8UiSqd;MUM;DD%1Z%m;B{GL8dWBZ+q<^0DAXX@NgkU!-vsTt+8wS{4wjf`8p2Q)V*@MOP_QlCL3@Zdi>~MG60A0zt_KO72|3FX;U?AaAe&&tk0&FyluV8^AG7^@! zFA5S;ghvQ|)-wimjzY?w(zE#RHbCRkcp4?_ul=kAfMxF+b7ODfoF5I!tKo-*SCen) zeXlk*vj2$RR@i*SQGVf?*=q)tC|yh%H*3CKHo6l7NnFR|Q9x+3M>Qx=v4+ zUp#N8Lsj<9>rW0A@Wl3es+nX5SjFmkdi*%cG_S8OTX}!z^PaM^^lTZovF0)Hx6i~* zIgfstI5Nfy%`(jQ$6FlmNaFA+eKfs-8U6D5tK8hHHO23@X1@u0_(Y;@ao=hlgC}{P zN(?kHec|NbEo>M08F~&pYu_l1iQ&CLs$H2PDLB|-4e*0hspg2|a+v^}C%XYP z<&k=spgS?&`dvkX#N2r8+JFSQYJ?hn`ix8^f7erUZ5r=w1m& zwO;Dkq)??NSbOn?Gw^6%T9~=cn$`Cwlych#gPeI9u9@;eJ8T*UGvI5aE)q1aec?IT zUg)0jh@6tVEmnM%b5)a%w0A1So7>@Y$r)SMY!^~iYh?TCX2^pC^@QX`vee9aCdH}_ zO=2N}jW7C-=Bay&StTAcY<{{ZwIJJ13c2{{KgL!6ym#I+PI=SrEEnW}Hcy^I8ya|W1v~Yd0WWfvn%0@4ao$q=9 z+s?jq4Q3TG>wmbftHeZ%4BmYVV?}*u_PmbhDY7oJhc|iaG%yk0Gq1ZFhP2(Qs#*5< zPy>A66hX?hu-77b>+FPQ`1k50_nh=2jqa=0Sja}Kzn#PdQ4RAJP65(x7M@oe(9_}G zD-4gW$IBHcZnIp|>w8u1-#0(U(s5Z(ZNy#d)YY_`{-#KwHw*F1anPV z7)3cRuIJ?BwiLyNy$(>iX)-uw@noUb*r7BR*~MBgMS^&~=j!n?l}8UD;W{BT&#u&y zVRE;@$1zFhj?O4|T{ZM{oOuUpvW-_OroqO~X8;KDOu|GmN_MCy73G=CynX}d2{s^Q z-S(wma)IJh@5UMM1YMD|A!qmkG=4K1%=W9fkAt2cYsj;h0&jw)X|$9ri1a7Dd_L8v z%-x*Lx%_1_vEce7ll^4wZhBoHlb=6vpV1)=7@T23NnUh;Or)nyV>GVWCS=>OPS6Fs z-$XPX*Nh!&(uV<}K+-9}A4rF4KGWf1<-M48cXRBBY<8`w-hGN^o2i?Tl@HQn-qoPp zdUk^DSloQ35=JW+yzRai*YTFHtf7`bH>F1PcV7;t!wn(|GVTnb38)xv%EqK^PEiKB;?meIsC(7`)G? z%xUfYNS}(L220Hu@W{@=O}DsZVy&FLL2{ThsmWcq*t0z-M$-LuOMBM-hN!jdDDJ32 zQAdeK{*}gP{#qaUa2Jg5z7C!NH0k($TC`=YqYp?TVc3DWB6p|os8Nbcq{yDn{&#SF z?;wqQ^!>fzP35a#qN;>Rx+WYW0#}5r=C>5Kzz$_C>D-th>eDQLbX17%fZ&msPJU+7 z;7B^edt;`)KpgB@F3VIrby_C|F3$C+tZ(AknrKc{( z$OL>`7@cJOu+n25*uC%=NygLU_`RB0Euqq9oxH`lh@ix#G*9mPOK|9B0o&Q2t5|ab z702hD70sJ*&?^g^CKey-jn#e+vZAoBJT_~JV;Y%>w43(mC>v1u-3~CP!^#o zYtKYPkD(53oG39iFH_P#QX%v}qV6Tx_p-tfo^ZxuvzI%MNz2Rd7XB<*d&4TK(_ zdm>V=d-Sc*T)ZMpR{$&${dDcEPg(u@?`7^Rc_kLvaM{m6`FDoQi-WI(7Z%#j3sCb) zJKoyxLE8HG+O+n8hsPtneT(gT3I3S5bxpPT!QtSw$Zth?Rgru_5`94m0A=)9p_S1$36ScmJ7g%mYz7n!kC!qwVU{tsp{~cqbx4hfCe6luEJ97NwdI_O4x5w&CDi z5D`Y^>y@u;Egk~W9cg~V*!D$qe~#I4mHi@|Zb3dc=`q}K-Zi1?$=OFfLPW%>m8bnh zqF)`HWhv>M_W6L->&i*FoZ|<-zdgz_fbPxvT!t?p7g!>K<7q^PUq8>mG4FsV=)M0=8#~bD*c(UqP4@YG-*s(-G|+3 zt?-M_wvN(}6a^9Qp>#F6^me(_(6&0qR~wQSk2MG##5U=aV>cgkiq@Xy8E$%AXS7pw zeVM+aC#cVn%|@Yx!oG>w*&K-RLScGe;#HO7U(%EMQuYOx*}4wIw7=KN&lmClsLHS* z>0@qr$MLdYL1f0ZAwG!j?rbJmdFHnz2A;{+@*9@{DT0BdkM8r5#20ony}|yDcw|J-!4M?dv00MV)ObW9dVw(va|QL$wDIf{=|!<(rv~$|o)af1ZQmkuHpu*C)xt|T z1>c|nQAN`0xo4=Cy|$}%_w@!cY?hPaFMslxnUax4vJXJ6GQ0-$yo&1l#yi>r*y~8# zq~0ss(}^jIX@9O15A?KC@ju^-aP8*DdRL7&yU?ZO4I&ETa z*m!K;he2j&NReQ`@#DW|qt}p5oEI(RnLn`S(!+9shJ_Oqg=mlUs(W z3Rb3K=s!rV3!=OAi!@C!?sq3Knudaz1pTr7VWkEDP3Y(tkTn@ z+U~M>NfoL3TNNlvriXwPVD2IXgmJ||ygl+7d~nAQ1eb{SxTN?I-Q6p5rZrY5`_Wj_ zhr43X7M9=5Q4govlpR-a?@ARit%rezSM#2J6=e;~n11_|n>z@ z^YQ7ep995CP2_&FE_F$ZfObT&oiN@oV}lMSoj2{ggO70$m{ALInF(1q>Th)X((dlr zkrCoP?^wVvB9SP%wjCnxugc#&BxkAbHNCYM{Cie2cl(_|_`j}{3g*Y|(0 zvy;VW#*>oS@l^lfnbZ2mJz9q2fRnjpXpTCXllN? zs4zT<7huxCxe9KW@zfi}e`KFWyEL|aRum+!QZVI$Igq2q)nF!bzLldhNjKeE1@vYQ zDT*|eeXUpQW8cngYKJG&NTWkDaya2+HPb)~K7rj$Y@Lz?#E;spPrYvMCj2L1D_xJn zN?eCgyH9gFaiBR`kz)eDG5w-5d-Y&ranqF^O}rJDagyXpRqP&fcMnjPrIgsYJJ<0W z1aE+*n@NjD$R;v(nge%gNtA%{vrG^VXc-Ru@SkgZP$n z2m2;mgN-t-M{SZ8jlZ|QbZ>I^UQJ6U9`#|9I-kQ~7NxR6pVwTByJ@5v`Q-epMq}st zBV%)CAQXxt&m~Q@iuQ)G9LP_6a%i-DRDU6e;B!h+?(%{bP*D|P$RwoRQCJ7+dxYxT zvN_Aic1y02iXc z580e97*L!%f~%AdL;Tuc_+UGiD+I%9DdR?$8;`qi>yP*8#RK8M%S?~O?19{ak&^J_LNd@0ozIV{$jVf(PI zHUsK+FpeQc=Fna1oDIG|@JTxEOpHh|l=nGwT{-(>70_Ztx?*PkXu0Ow769fG9(!L8 znc$cN53l_^Z$C0!GXM+<-hiK6FV4@IM_YBi^>Fn>GPl}(c!Wwu(mm5U95hSYJ6)up zNP;FuNsD=Xif@u;`+L9mG#QZiIAxGxhHumm2RbufyH-fRvu*wm`11BkAbfqI-Yenw zYnRRl2flLA?GSbmg(aJea(&7>t_IMF@ zB0(!E+jiD~T{ujl7MML&xQpn)_O_;Oz_z`3mmff924tip+VLyyucQSKWn56IN?gI99~xKjl$gmAS<{ zi}a}nSb-rCbc#oxpSQtZu1HY(#^m_u_(~Z+03HMf)nvt*ts9dcVL+aDgGEYMatsEH zL?=0cXkKRH`QRFyj%H~(vYIqF-yReI8s8AApxw}3PtZ|yYyjBt*@T{92rDsi?h}&?g+mpU?wqK zukyqHckS*Wc0_32FdFQcr!LlVQxI8v{cclQtfA{XEP0>)vOs{j{IpAY*N9kn_Y#LG zA0@blg=eUWy_ z2iv;2*WrkFh9;SNMJmS*(QCEmMEt%Z5F8z>H$rQuD)%10bMSUm_?tUIlIy@1A2aw= z((@1;^7#D*d-eO>05H=XHMd`K|GIiLq<>N^*jtzY!rSb%1%d0MzgE^NYK8E7Q#8&PusAip4mAs9?6!_|1Jwhg2PEXs2s)E=dkp12=) z*hcqtjTKgj$QVh!8y>(x&86R_X@&)q%@f<^>F9gCBfYl?oC+CV8Sk`xBbA5>LtU#T zbUt!Egd{DIMa92N**Bd0fYyijWg*Oggczy&{fQBqOx=tJz#PcK5(EsA@fatL=qh9y z5Ki>)dsC&(1xqmZGWUYZ(8M!A%$u=_c;4a`wBnd4z$L@@m9O5tGHMxJ0UqSxRXbUQL+J!oGtC**3cYP<8lfk-mG9udKudRYh`Wd6yNp zxNSi$Qhsj2$IYz1otoZ!D&MNmXyXipqS)Bji7Ry%b0=kbePFpAXHRLI#Yr~|A3oD7 zc*s2S`?IEU?w8wq zr%?24 z#YleIrMJ3sd=)V2^zakyq^s>;L53_gk~WrbOMFrDE*C~iRzM)8O~2`63HboI#{=B^ zux_E{MQzU`V9sGxn9`fzHi+*-=|wNe2cAYt5DnbeS4XUBZw9SH!f_YAQo zS3Zlsf+)bRcMq9NMa(DCC~2{j=)H%ApdH%Os3UiG-Qw18hH&CGsW>!$Zw>e1rSLO7 z>Va1|owvr8-{ymbA7VQt*iJR8MepUUfSB2UR56-CS*F{u5(`YXD76L$^vkcI#-V)L z+I;ri_gGe=vfNGt?ON1S^1%TWxiNK9x%Jz%%K}e-yhslXuir64tY~y#;F{K&M_Ciq z=2O!Uvcs7uhJis__`wWL6uS5LA%j?ZiST)&H5{-gLYdSm1zX?>KHU#GZNCXwK>}8w zu}Z~l9b-J~$N_v#NKk_ABf$pZi%)0);klG(c3)m}u2_PH6qIgIvmWQtl66OEA*`8E zDR$b(?zdHY*jGWEK@~dybgt_RJj0VDYS8Z(ynP& z4XG+s)9hqtKW;8qMc0({pYd!orQaT)znXuV5uHcw|XqVnX zSR0}&*r)2<`%>X*9(g$Mh$dWYLg;SL6Op>X__qPr4hk#a++CGI z+if;glM7mQ!DDAHJ%xhu?^I-ue82g$f87AfIdLmz(H!-^(<%&r04{y&jSkn&3vCiW zaRR`iIVDoy7Sr1#-FKO19D1c|89EbHVb5upTsISxM|DuR@|$wG_0t;O>*qL-5~O;F z6{>;I5(p%aUUjr5Gk%`jy%-`MEbavRA?#x>(WpTIeam$xkQ%kk9w8k1z_6pfW{kWCm z|2QS_XDz_w5szVp2G%Tc> zl;>JH#KH!9Vt_Tt?;JLyKwgBE6hric@aN5i$~ZIMh|Ld}crA(fmR|~PZ)7@ z2SoggD!c;adwJsRVRH**ewgNBr^21HmcVHrR0;|C_1ydY>uP=j&u|qW;xeH8xa}r7 z%iSh9<2GG~!6dXIupy{`|gB@b-Kt^)vjIF^usL zRNp^W61ScVxx3=_^NC&#w2NFC21h-%ny0~g2_hDdde>WB!^TvUfbtQsm$8~)jad06 zbgv3ZYe;tX#Xjq*icW%nlcRiIW^#_xaSm7jp|U(Q^Bww~KAV0n*C6JsFQ%o>@Z7RO zw7AW94sNpsu^oT2aUu=YzG(roxW@Bicy-X})UT!8iEKH;r{p}#6pDDXC%fJX7N|XX z-=SMBlFtE!a^QY~?WXSXK)ip@JI?&7r=e}{X&0 z!PbOQwuY#W@qSPr>Wqzl$EF&o?kJ_%8ZKr-@vB(rvc`l6yB;qB$dM<{hw43^F&(;M1PbsgDG%!9v0|Adev| z?7N~w>Nugz)pLCI$m7#f@fz!@Za?$?P+4j8agkwoa`SkRdwmSlO57x)OT^?)Vk*9j zU4NT()(ikfD~B)8ejiS9_1(ML)fMdmtH2k21e%;p0o#Geuy{(AD&OmQYDck$td0z>@2r_bAm@ItRehIyapoJ-7Ma|3fg{7 z%>>L0xsDDLlywf2^AN%X~$dlAcpQK?^0&Q(hUa{J!+-u}vN(c5P^c;c9J z>}*ELo5|GuE(5M@YcqaWiD z&68pmF_O258y4tEu!6iWuxUSsquh_KUsDph&aQDgFo$VoGClFW;@QQk{F>xE_22eA zOnXxJfNN`0PvOH$c&j+@n4WM?aUXz^1Ky*iYwGVb>A*e?)|d^mB7Gn%B)TZ;MPzTG zvHi5YC@(Y)rj+IQ|Ace&W%rCx9J!MNA~ac8uQ!IXim`I3zB#~-gUVIkS-D7}I$@g9 zDS2P{fN6*+L|PTZ*b_End>T%>^P!l_+yR=;+{b!z0Kd^^z1j4;5sJ$XAeRy$FJlp` za4OSJzQJk|Y&8u(GjDf`U)VP`8Xs5BKzFIFS6S}Z8p-nBr21iQK+RO%)=xWSwrbTv zzYAJy#5Ky;5W8WEHlaub9q5kDlOwWA;84te4jfTU_=Q{jrVT@Yp2(seG+8TJz5rmQ z8WpX!zKEys?Nm|fKDjU0Ll-f`So5Z{2u@2?Jw+j=s>@K^3qm!IWo7?}OMzj*uPNk6 zb9*x*AB%V)m7A_viK}5MFd%2lxTJ9{1}^llNU1ZcX=C4YWq77U@6&L#%N=@=4VB(%jo_+3)-o&ZmP#v5JD(D9}rq#)*1JzuP*ii?bq+4c!+nQWbug2)U2*)Ntibx|c>C{D6o> zlmV8`rR)U5EiPM{)v38|49>`1ro40oCL_`&hrI^$CgA=A<8ta4arNBnDD!#<^` z5J=6Ty1(gJq0IaKb6%cPul)M21&s9P%6*sSK(=2=hmOMCa((n~q09PY_7bIUVdEsa z=-nhlCbUlNK;cb=%l`%&(x zQ0s0)#AcISGcv3pfr%c%WexBm#NMZ{*=%QZ;Tzjx1eZ_jhT9bIm!HIf*lBa%J`Z>? z3nxDmXBb6rA+Jl+r1i-EQW)M?xebi-sWIKnM)|*)ol`PYKz29M?_*BFoNh3 zQcvlgvlP*l8-DbwB<5OQ@B^^Co5fD%<4R5b)~0YkYJ_N{G!|XnKuyVL zC`c?@4te;`cv@;;Z23cNVr$(9O>y4@tts=RY~ha$ojs{SV|#?WQ?Hz5Lt3_Y#%fPw zd!d4we$kN=E^~{9{6(iDbzQ2(8#)PG1P7}tL|a47+pt33@63EULcL~uoP;UGJK)1| z)?a+Kw^u|qvv3o& z#U(Q}O)qdD*&dIvPu5c_-rTIa&BhvmhoTp35?$T-RSZ=wQWq2saH{{YSy;M~*`v}G z zxI~GPmz9ZS^X7FiFg?CUwMgm8GwN;L0@M8{U<9tNxXseBsFN>^k=J}yV~$75;&X?p zLaf=4h&`oSHf%Xt*qF|&0Sf_>e##tu{Wl;IZn?uEsVWX4GE4~|)7wPZ_mt7P^D`NX zqK3`Zb=8{J%;n`YuJbHB~m_&JHQEaB+7vYE{$iW2|Kgq}ik8eA6Y#S$Zgt~yg{J3AYW1jl##;0D9` z>t4FTz2u{CZy0``dA0IeGVmxCE@r{+`Nf0S85>!Y43)$pdDa}5U4^FtDM8<#x++tp}@WP3K|%8ICV9f$f6^tjh$ zUav!1YHrndkI8iFnv7-WZUvS%cwPM=tohCWrR!0gIX85a7cOUKp0psdh_GLO5YAe9 zMhQ19RI%|6A4+1$%H`Is)jsCjCPr*|Gg#Aj&G{PY+c8XyDMoDnpWIdQkwFvXtWFWJ zpY@FFtw&RnA5wiru0OgP#m>WEbyOHK=C=IYC9OHAVjD%+pL`v&U>6{y-LPyCoZHr& z@6h%}JTO1Z-&m3bI|L|3LQILT)gfQY;bJ`U4`P2kc{U74&V!!GVFi<8jOD10WvPdHorczRytnWVx2><|iFhnG-cas0;c>Hq>#!Kv0 z;AP_thRYf*CnB5dQwW-shzdyM%FCA$_{xbcRX4nnL_MUL+qkEuV;9WFX4a3Fo~o2* zqlZ(nLIa;egs>!F_pw~!RXi$S*?~-X&V_`_;cO_eL4=aYgAY5`mCi=uM|5A;Zy#+k zMR{vTX36jG3r^+DK=f6bHq#h#)MsW2(c3wR&Bt=NW!NmDsD$I65=xu#;TU4de!!VY zW@nL6j7UJ8#)lzJBIBW?EE50k&iSF68kiBVp0(REME!26mBvi8lV$z>RHc8ER~C-> z>sk0GX>JS2r)2%3(A%wr)*!;*hBbl9eFh^vXztBvZbu0x3RsT0g!9Vp6UH|Wu zZ#0&~frt@9SxuDe_Hp&chHPC#R5w*Sha@9`|AgNDcGNZj4H~}F0Nzugh){&iZ%!t{ z@-zPszW;NMW(HG4XU4EJp1W2d$YaFH2*e>O;-7`(ukFVlb8cb!bIxh<|2E~7O{M01 zi7h2s3?%^4J)iqG7st*ef&|r-Mqh9O3>k z-?uH)XT6t^8kBKG{)IHSQL%}G&_kPyt}Zy*l$V+a)kjh)aDC{~Gpye*FFjTEkF{W{ zsH7b2-{}!38Ow>mv2kgD>)$qTZG-&Vs=pPfPb7zki0Qq2>s{-s{jKK{8;YM?<4}J^ z_4wiU1a&w{@lTxn&ussfIr_KW_b;qj-CAE561e@nAR=FM^L>YBAnwK9y*|DHlf#xD z>zDRPQX|W}@$RN9!*RM@a_$BuD=7L8jCx4!2LkiA?1;duuND6qEB}TfL}=yvHrtvE zb?Onz|JH7@dcNz}r{fct+roiL9R4+lWVum@l5hMJKbx8VN>?w03a)%+9v%aT%EIM; zYRF$t)z7ZB?KWxDOnSt9W15Y1V6UaPOCaM7%Z)Yi&OyX67Eb<0C)9eJ3T7`qEo;k% z>MQ!%zoqdnTKJRAEbEUB;+T|@-9Dbbk=^jt{6?P2A0&bx!~)B0nsaVvmxwSNbv}z$ zOiWJqV+HB|K@|R$f`0>w{LjN#l91}*m(!y;xtVKj#dIV<#fz_SXW~4}v*b&$_a1Q{e|gho%5i1ITBqXP54=XlCbdL=W*`v5 zsC?B6@eJQqpC4V*nhZn{6a5=J!%r$u)Gia@i3<%Hqa|1Biel&fp(uGxqf6KKyv}A@ z$;xm1wG^}XWp-6fU+3dUedpO}UfEQV0}<04FBv(;bkC_6ZUd+A=+CUczs6)%*!*Ad z^H*bkgwp?LBL38ff2(@^YV3a;sQ;U6*8k7yR2@G4V|;|%Oo)+<47$PoztcR11ip9PXk`2LyI`0GIR zzl+@eDv9^cP=N@j&E~+{2#F1o??*=U#Zg5Rxncq^z4d46PmxM;LrA@jMJV$%wa5W0 zW%wi>{8DwJ^0$Z)@iX=Kt0~NwU%bLx_$5~)7k&xDFJbs)MX?P0aucK`{1S#=!te`U zVHx-ZATbw+U&8Q97=A@wSO$KDmY55_!f?!mU&26g;g>M{5{6${H7o-^6Dc(n!cp>b zrfuMP5w~#dlxpv>3(xL4r7pV>0K2#Be`Y(4|5*L{_0iA7?JrLJ;sj|-(J$@zWhclj zEC0_~%;7`a?KdObDyS{CaFV%`L(a;tS%93xN%d-e$v1>Do3Y{}+;nIv4-| literal 0 HcmV?d00001 diff --git a/docs/tools/.sphinx/images/normal-page-footer.pdf b/docs/tools/.sphinx/images/normal-page-footer.pdf new file mode 100644 index 0000000000000000000000000000000000000000..dfd73cbc7e2f28fffa73fbc5e27317f5dc1f1148 GIT binary patch literal 5532 zcmb_g2{@E%`$s8FC~K*XCLz+yJBu+(M%h(%vQ4TnGZ`SW?RC!go$LC4b6qp@%=6ywZ|>(_fA6hfYhngN!m$vIuFi*# zA!sN9%J%Sq=<5TPG?o|N8;SyV>;W@6gHPiEW(+c)WdI2`)he7ohI3zpZ2RY_Yh zqH;Ey$jOPD9!U!o&q%kp80E1>D`)o-i>0<6h?txls#)XKpuoW4?(X+@%3rp64fEc& z>`lD_7gM)c4F@EXC7>tQy;>;5J#mgOufIGawm=Xno+XBG?aQq&9J;Yt9l$OVUc0+! z`cRv+xW#k@?RB3`cKEE#${fk-C0Q4OVWks~x1OlBzpSJG9(mAm2v`_8vU4)}z|IT2f_)bygJnkPCXtiCU#m z(jEpX@}#U-jC%26+(m(0O4Nz!C9-_EQLY##vjo8PELP?e%j9w;X&x}2cMxzgxtV&KONvj+PAxz5zj}q68`d1#09IA!_ER)vun#ja(XYS#dYIdjzje4y>~cQ2=U!k0*Pq%6xKT*kdmm7JN%<3vv;)E%B$ z)hoZ;(reKNl|#NAzKiNZ#ni=>?#@$66X)+=gP7;^r!r0gn=diBfA><^MhWGph4(_2 zpbX*7(vZz^&5{#gTW#m{8?N;hU$=Q7P6i%&{}rKR(NO5Z-ScC^dv`A=6CYbTpS%WT zvcGH1c8kTR&|2sM>XK4J16!z~tf}#yrAy?EO6!$#q}E5QPj}0a`%9T1=^mPAG_RiM zt#~SIUqoA#lx0|MKI)>($|~vRMH2_Z+cBI~rx*18`C-JmL?SOd{>GaT$w@-cLe>4L zRfSTUqoic)jHTrkbc9W=k+axv(_9Z4VS%@gEP}dQ0NlkYhFJ*#TGBCL=Q5=2inVMU zrD7ts8Z$R5WvsU|w|kSL+5l_N@>%e1k(HTFx=g*EH!!}QzlxyX9tt(2rK;BBvP8%z%wn5 z9w|!XAK;(m$B)NYYWgPrc2ABf9=NVFAt+(`#I#eG8d<$v<3@6`mYv2UI8tlWNFK=5 z=utDaL1$u?ObxMD?O$twA2(8an^-(#_k1q;jB}vGeb;btg10!Hyqk#73}iTXw%Nht+NNk z8N2C!VsN_=`HJNYLTxtv#bdJZ(ey;}L2_Yxj@*O0ceEbnRK1S4oVDk`D64a4r;Vnv z<`&I&noBHcmd+=7PWqqx=#$01jkR_w|r z1r-$)bdic(tX=7Drljp88FY?xh#9go2GiQwBFuP49|+J(){{t4(5q}-(W=?1*J2HC za;;gE4o}dL(|*^V!8y%&%-hN#^o-wZsXjUU zyhp#+qqCr`yG*B}zuoP1>#%00a)(pjM6>$~VqJMl@a?Lblrwh%ZHlt5_Oc$50UD6( zoY7PZxu7)QJT6Eq3op|tPn~={H4=O+i2PEiVsFsuyau;>q?Y!D(`C~Wlf<`8qc&r+ z24V`YR@*9#=+^5Zu=&_1c}1lL#c|DMe2My`VH7J0k-5FVb1Jj4ZkE;P-f$7A_i~znrfPMo34&=z138KnmONbA>z#C zjZ@n;Y?B?jIoR=LMeCdVDeqi9-MX(?^(FBQZM@)SLDSxhiJh=rPCEhx=(F#yzShU%gyuo!|8mR9Wfv@c=t$J=Z)kQ-KWl-dLLO5In*d@C~l%RC9S@_ zstz|@WKdM`-uHIXVHt>wsm$v5k+|4ZGWxAgyq`8VXEr!Kmc}kl$&NEsz5e0w0QL;* zAneK?MUCe=UzLnZ7P2!celbaAjN&& z{e^Y11nHe6-NJ#l%uCOjhA)<(5sD~&0FEo@f=>-~m1ph+hP|GrhUE9H`HS4XHrKp6 zK1sD{Cg(k6AgcTBNxP;;73&ObRAVpSK0ABtFloTZiVv-hZ8*$v$LOPvkXWx zjOoDsu@8M=slSKh?Mt8PxV~#uNMDL82L18qEVsR>!};x{xU!uS*Y-AsOpK;TA2P0$Rg{!X{1cnGpj+Et(tbBi9YzjhSQ9qMKa3$iMBDOjA zjlt`Ru8P)rzi?8_KXB6Tx#wZqjj~lx=@M=Kuj1qv=If#Ttjs+! z`f@(w+@sh0SKHACWl4oE2Kw)t&Fj|)IWo^>`LD+p9ZYm&q#owW>5(E{E!qPqIiE}B zaA;JhmM59PqiI6`V~}X`*<7fW1C2}fgc^E!(phwVAk>7$qkFMvTqqKbM8NexNk=-L zL4#_s*jy%=0ppOpXfRJU8|3s~Q0Q!y2}tgtS|$V(0tFU21R9CJ;4r#6NW?k>VjU=F z#isr@5nC>s>PG?pSPOivV9-5uY)!U6@o+R838O=IXgSkaXw(jEZ3yV8&)!A;`pAL& z^vvNH$e{sNG(MS1=92*jKM%fW!^O(-o167F2{>emFO3iNpn1_*M781Tm10AhdR*2z@Dds@f(42o!wj3kU)xhY6xX1xyBuM-ULz$Y8k92;f?@ z4XAw*1Vy=2PlCOP*=IrU7g5cd&*u;TARr(B9)O0kxn2MgkH-TD6o5j(KnWNxki{np zU@YF+uQ;EPK;KZfbPgXhI8=m8_F((*iE3(J^k8zVtiJvMiwB?63Ql1&0RfoTJtU`%j^FjEu)2}7dMNEp^s*A%9Q#^KNi zw4t7{E?yr1t?=W$bLJ7jii|XO(S%L$W71gsFTlDeU1Kvn914a)toczyN zUvlGLsq{II=48JD{Xady`7RZHh*aw(@PFL>oKy_DsK5{y;KYWgCV)|Co@74;U(Mjxj_@fc81x@uKJEU5 zt`GdG$v?)_rwd>q{R9lg_m>iE0QpwP!L~qD1{{iU zd3-1e`>h`dTAA^Nhr$s{BZfaH4KHKFX6Z$A7+$q-eI7GpC6w}WtBH|QNS_+UCK$Ok zmop z0IoJ(&G%gKTea{KB4do2kk@XO4kgFH$vgf%#5(6rdWgj zF5wP*8dlnpxlA5Npp4lJKPHO@`p%Y1qtYoN?u0}c7QLe->se!WU{b}Q~ x6$PF)XDEL6TZ!1KuiX#BVL{0&6oP-XD%iQXd;yo{3Be$7c!-9Esf`)r{{SuG!Z-i` literal 0 HcmV?d00001 diff --git a/docs/tools/.sphinx/latex_elements_template.txt b/docs/tools/.sphinx/latex_elements_template.txt new file mode 100644 index 000000000..2b13b514a --- /dev/null +++ b/docs/tools/.sphinx/latex_elements_template.txt @@ -0,0 +1,119 @@ +{ + 'papersize': 'a4paper', + 'pointsize': '11pt', + 'fncychap': '', + 'preamble': r''' +%\usepackage{charter} +%\usepackage[defaultsans]{lato} +%\usepackage{inconsolata} +\setmainfont[UprightFont = *-R, BoldFont = *-B, ItalicFont=*-RI, Extension = .ttf]{Ubuntu} +\setmonofont[UprightFont = *-R, BoldFont = *-B, ItalicFont=*-RI, Extension = .ttf]{UbuntuMono} +\usepackage[most]{tcolorbox} +\tcbuselibrary{breakable} +\usepackage{lastpage} +\usepackage{tabto} +\usepackage{ifthen} +\usepackage{etoolbox} +\usepackage{fancyhdr} +\usepackage{graphicx} +\usepackage{titlesec} +\usepackage{fontspec} +\usepackage{tikz} +\usepackage{changepage} +\usepackage{array} +\usepackage{tabularx} +\definecolor{yellowgreen}{RGB}{154, 205, 50} +\definecolor{title}{RGB}{76, 17, 48} +\definecolor{subtitle}{RGB}{116, 27, 71} +\definecolor{label}{RGB}{119, 41, 100} +\definecolor{copyright}{RGB}{174, 167, 159} +\makeatletter +\def\tcb@finalize@environment{% + \color{.}% hack for xelatex + \tcb@layer@dec% +} +\makeatother +\newenvironment{sphinxclassprompt}{\color{yellowgreen}\setmonofont[Color = 9ACD32, UprightFont = *-R, Extension = .ttf]{UbuntuMono}}{} +\tcbset{enhanced jigsaw, colback=black, fontupper=\color{white}} +\newtcolorbox{termbox}{use color stack, breakable, colupper=white, halign=flush left} +\newenvironment{sphinxclassterminal}{\setmonofont[Color = white, UprightFont = *-R, Extension = .ttf]{UbuntuMono}\sphinxsetup{VerbatimColor={black}}\begin{termbox}}{\end{termbox}} +\newcommand{\dimtorightedge}{% + \dimexpr\paperwidth-1in-\hoffset-\oddsidemargin\relax} +\newcommand{\dimtotop}{% + \dimexpr\height-1in-\voffset-\topmargin-\headheight-\headsep\relax} +\newtoggle{tpage} +\AtBeginEnvironment{titlepage}{\global\toggletrue{tpage}} +\fancypagestyle{plain}{ + \fancyhf{} + \fancyfoot[R]{\thepage\ of \pageref*{LastPage}} + \renewcommand{\headrulewidth}{0pt} + \renewcommand{\footrulewidth}{0pt} +} +\fancypagestyle{normal}{ + \fancyhf{} + \fancyfoot[R]{\thepage\ of \pageref*{LastPage}} + \renewcommand{\headrulewidth}{0pt} + \renewcommand{\footrulewidth}{0pt} +} +\fancypagestyle{titlepage}{% + \fancyhf{} + \fancyfoot[L]{\footnotesize \textcolor{copyright}{© 2024 Canonical Ltd. All rights reserved.}} +} +\newcommand\sphinxbackoftitlepage{\thispagestyle{titlepage}} +\titleformat{\chapter}[block]{\Huge \color{title} \bfseries\filright}{\thechapter .}{1.5ex}{} +\titlespacing{\chapter}{0pt}{0pt}{0pt} +\titleformat{\section}[block]{\huge \bfseries\filright}{\thesection .}{1.5ex}{} +\titlespacing{\section}{0pt}{0pt}{0pt} +\titleformat{\subsection}[block]{\Large \bfseries\filright}{\thesubsection .}{1.5ex}{} +\titlespacing{\subsection}{0pt}{0pt}{0pt} +\setcounter{tocdepth}{1} +\renewcommand\pagenumbering[1]{} +''', + 'sphinxsetup': 'verbatimwithframe=false, pre_border-radius=0pt, verbatimvisiblespace=\\phantom{}, verbatimcontinued=\\phantom{}', + 'extraclassoptions': 'openany,oneside', + 'maketitle': r''' +\begin{titlepage} +\begin{flushleft} + \begin{tikzpicture}[remember picture,overlay] + \node[anchor=south east, inner sep=0] at (current page.south east) { + \includegraphics[width=\paperwidth, height=\paperheight]{front-page-light} + }; + \end{tikzpicture} +\end{flushleft} + +\vspace*{3cm} + +\begin{adjustwidth}{8cm}{0pt} +\begin{flushleft} + \huge \textcolor{black}{\textbf{}{\raggedright{$PROJECT}}} +\end{flushleft} +\end{adjustwidth} + +\vfill + +\begin{adjustwidth}{8cm}{0pt} +\begin{tabularx}{0.5\textwidth}{ l l } + \textcolor{lightgray}{© 2024 Canonical Ltd.} & \hspace{3cm} \\ + \textcolor{lightgray}{All rights reserved.} & \hspace{3cm} \\ + & \hspace{3cm} \\ + & \hspace{3cm} \\ + +\end{tabularx} +\end{adjustwidth} + +\end{titlepage} +\RemoveFromHook{shipout/background} +\AddToHook{shipout/background}{ + \begin{tikzpicture}[remember picture,overlay] + \node[anchor=south west, align=left, inner sep=0] at (current page.south west) { + \includegraphics[width=\paperwidth]{normal-page-footer} + }; + \end{tikzpicture} + \begin{tikzpicture}[remember picture,overlay] + \node[anchor=north east, opacity=0.5, inner sep=35] at (current page.north east) { + \includegraphics[width=4cm]{Canonical-logo-4x} + }; + \end{tikzpicture} + } +''', +} \ No newline at end of file diff --git a/docs/tools/.sphinx/pa11y.json b/docs/tools/.sphinx/pa11y.json new file mode 100644 index 000000000..8df0cb9cb --- /dev/null +++ b/docs/tools/.sphinx/pa11y.json @@ -0,0 +1,9 @@ +{ + "chromeLaunchConfig": { + "args": [ + "--no-sandbox" + ] + }, + "reporter": "cli", + "standard": "WCAG2AA" +} \ No newline at end of file diff --git a/docs/tools/.sphinx/requirements.txt b/docs/tools/.sphinx/requirements.txt index 977f93134..4ebefde3c 100644 --- a/docs/tools/.sphinx/requirements.txt +++ b/docs/tools/.sphinx/requirements.txt @@ -1,7 +1,13 @@ +# DO NOT MODIFY THIS FILE DIRECTLY! Unless you want to +# +# This file is generated automatically. +# Add custom requirements to the custom_required_modules +# array in the custom_conf.py file and run: +# make clean && make install +GitPython canonical-sphinx-extensions furo linkify-it-py -matplotlib myst-parser pyspelling sphinx @@ -9,9 +15,8 @@ sphinx-autobuild sphinx-copybutton sphinx-design sphinx-notfound-page -sphinx-reredirects sphinx-tabs sphinxcontrib-jquery +sphinxcontrib-svg2pdfconverter[CairoSVG] sphinxext-opengraph -sphinxcontrib-plantuml -sphinxcontrib-kroki +watchfiles \ No newline at end of file diff --git a/docs/tools/Makefile b/docs/tools/Makefile index dbbf1057b..72fe7c602 100644 --- a/docs/tools/Makefile +++ b/docs/tools/Makefile @@ -1,101 +1,31 @@ -# Minimal makefile for Sphinx documentation +# This Makefile stub allows you to customize starter pack (SP) targets. +# Consider this file as a bridge between your project +# and the starter pack's predefined targets that reside in Makefile.sp. # - -# You can set these variables from the command line, and also -# from the environment for the first two. -SPHINXOPTS ?= -c . -d .sphinx/.doctrees -SPHINXBUILD ?= sphinx-build -SPHINXDIR = .sphinx -SOURCEDIR = ../src/ -BUILDDIR = ../_build -VENVDIR = $(SPHINXDIR)/venv -PA11Y = $(SPHINXDIR)/node_modules/pa11y/bin/pa11y.js -VENV = $(VENVDIR)/bin/activate - -.PHONY: help woke-install pa11y-install install run html epub serve clean \ - clean-doc spelling linkcheck woke pa11y Makefile +# You can add your own, non-SP targets here or override SP targets +# to fit your project's needs. For example, you can define and use targets +# named "install" or "run", but continue to use SP targets like "sp-install" +# or "sp-run" when working on the documentation. # Put it first so that "make" without argument is like "make help". -help: $(VENVDIR) - @. $(VENV); $(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) - -# Explicit target avoids fall-through to the "Makefile" target. -$(SPHINXDIR)/requirements.txt: - test -f $(SPHINXDIR)/requirements.txt - -# If requirements are updated, venv should be rebuilt and timestamped. -$(VENVDIR): $(SPHINXDIR)/requirements.txt - @echo "... setting up virtualenv" - python3 -m venv $(VENVDIR) - . $(VENV); pip install --require-virtualenv \ - --upgrade -r $(SPHINXDIR)/requirements.txt \ - --log $(VENVDIR)/pip_install.log - @test ! -f $(VENVDIR)/pip_list.txt || \ - mv $(VENVDIR)/pip_list.txt $(VENVDIR)/pip_list.txt.bak - @. $(VENV); pip list --local --format=freeze > $(VENVDIR)/pip_list.txt +help: @echo "\n" \ - "--------------------------------------------------------------- \n" \ - "* watch, build and serve the documentation: make run \n" \ - "* only build: make html \n" \ - "* only serve: make serve \n" \ - "* clean built doc files: make clean-doc \n" \ - "* clean full environment: make clean \n" \ - "* check links: make linkcheck \n" \ - "* check spelling: make spelling \n" \ - "* check inclusive language: make woke \n" \ - "* check accessibility: make pa11y \n" \ - "* other possible targets: make \n" \ - "--------------------------------------------------------------- \n" - @touch $(VENVDIR) - -woke-install: - @type woke >/dev/null 2>&1 || \ - { echo "Installing \"woke\" snap... \n"; sudo snap install woke; } - -pa11y-install: - @type $(PA11Y) >/dev/null 2>&1 || { \ - echo "Installing \"pa11y\" from npm... \n"; \ - mkdir -p $(SPHINXDIR)/node_modules/ ; \ - npm install --prefix $(SPHINXDIR) pa11y; \ - } - -install: $(VENVDIR) woke-install - -run: install - . $(VENV); sphinx-autobuild -b dirhtml "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) - -# Doesn't depend on $(BUILDDIR) to rebuild properly at every run. -html: install - . $(VENV); $(SPHINXBUILD) -b dirhtml "$(SOURCEDIR)" "$(BUILDDIR)" -w .sphinx/warnings.txt $(SPHINXOPTS) - -epub: install - . $(VENV); $(SPHINXBUILD) -b epub "$(SOURCEDIR)" "$(BUILDDIR)" -w .sphinx/warnings.txt $(SPHINXOPTS) - -serve: html - cd "$(BUILDDIR)"; python3 -m http.server 8000 - -clean: clean-doc - @test ! -e "$(VENVDIR)" -o -d "$(VENVDIR)" -a "$(abspath $(VENVDIR))" != "$(VENVDIR)" - rm -rf $(VENVDIR) - -clean-doc: - git clean -fx "$(BUILDDIR)" - rm -rf .sphinx/.doctrees - -spelling: html - . $(VENV) ; python3 -m pyspelling -c .sphinx/spellingcheck.yaml - -linkcheck: install - . $(VENV) ; $(SPHINXBUILD) -b linkcheck "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) - -woke: woke-install - woke *.rst **/*.rst --exit-1-on-failure \ - -c https://github.com/canonical/Inclusive-naming/raw/main/config.yml - -pa11y: pa11y-install html - find $(BUILDDIR) -name *.html -print0 | xargs -n 1 -0 $(PA11Y) - -# Catch-all target: route all unknown targets to Sphinx using the new -# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). -%: Makefile - . $(VENV); $(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) + "------------------------------------------------------------- \n" \ + "* watch, build and serve the documentation: make run \n" \ + "* only build: make html \n" \ + "* only serve: make serve \n" \ + "* clean built doc files: make clean-doc \n" \ + "* clean full environment: make clean \n" \ + "* check links: make linkcheck \n" \ + "* check spelling: make spelling \n" \ + "* check spelling (without building again): make spellcheck \n" \ + "* check inclusive language: make woke \n" \ + "* check accessibility: make pa11y \n" \ + "* check style guide compliance: make vale \n" \ + "* check style guide compliance on target: make vale TARGET=* \n" \ + "* check metrics for documentation: make allmetrics \n" \ + "* other possible targets: make \n" \ + "------------------------------------------------------------- \n" + +%: + $(MAKE) -f Makefile.sp sp-$@ diff --git a/docs/tools/Makefile.sp b/docs/tools/Makefile.sp new file mode 100644 index 000000000..0ad2c8b62 --- /dev/null +++ b/docs/tools/Makefile.sp @@ -0,0 +1,156 @@ +# Minimal makefile for Sphinx documentation +# +# `Makefile.sp` is from the Sphinx starter pack and should not be +# modified. +# Add your customisation to `Makefile` instead. + +# You can set these variables from the command line, and also +# from the environment for the first two. +SPHINXDIR = .sphinx +SPHINXOPTS ?= -c . -d $(SPHINXDIR)/.doctrees -j auto +SPHINXBUILD ?= sphinx-build +SOURCEDIR = ../src +METRICSDIR = $(SOURCEDIR)/metrics +BUILDDIR = ../_build +VENVDIR = $(SPHINXDIR)/venv +PA11Y = $(SPHINXDIR)/node_modules/pa11y/bin/pa11y.js --config $(SPHINXDIR)/pa11y.json +VENV = $(VENVDIR)/bin/activate +TARGET = * +ALLFILES = *.rst **/*.rst +ADDPREREQS ?= +REQPDFPACKS = latexmk fonts-freefont-otf texlive-latex-recommended texlive-latex-extra texlive-fonts-recommended texlive-font-utils texlive-lang-cjk texlive-xetex plantuml xindy tex-gyre dvipng + +.PHONY: sp-full-help sp-woke-install sp-pa11y-install sp-install sp-run sp-html \ + sp-epub sp-serve sp-clean sp-clean-doc sp-spelling sp-spellcheck sp-linkcheck sp-woke \ + sp-allmetrics sp-pa11y sp-pdf-prep-force sp-pdf-prep sp-pdf Makefile.sp sp-vale sp-bash + +sp-full-help: $(VENVDIR) + @. $(VENV); $(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) + @echo "\n\033[1;31mNOTE: This help texts shows unsupported targets!\033[0m" + @echo "Run 'make help' to see supported targets." + +# Shouldn't assume that venv is available on Ubuntu by default; discussion here: +# https://bugs.launchpad.net/ubuntu/+source/python3.4/+bug/1290847 +$(SPHINXDIR)/requirements.txt: + @python3 -c "import venv" || \ + (echo "You must install python3-venv before you can build the documentation."; exit 1) + python3 -m venv $(VENVDIR) + @if [ ! -z "$(ADDPREREQS)" ]; then \ + . $(VENV); pip install \ + $(PIPOPTS) --require-virtualenv $(ADDPREREQS); \ + fi + . $(VENV); python3 $(SPHINXDIR)/build_requirements.py + +# If requirements are updated, venv should be rebuilt and timestamped. +$(VENVDIR): $(SPHINXDIR)/requirements.txt + @echo "... setting up virtualenv" + python3 -m venv $(VENVDIR) + . $(VENV); pip install $(PIPOPTS) --require-virtualenv \ + --upgrade -r $(SPHINXDIR)/requirements.txt \ + --log $(VENVDIR)/pip_install.log + @test ! -f $(VENVDIR)/pip_list.txt || \ + mv $(VENVDIR)/pip_list.txt $(VENVDIR)/pip_list.txt.bak + @. $(VENV); pip list --local --format=freeze > $(VENVDIR)/pip_list.txt + @touch $(VENVDIR) + +sp-woke-install: + @type woke >/dev/null 2>&1 || \ + { echo "Installing \"woke\" snap... \n"; sudo snap install woke; } + +sp-pa11y-install: + @type $(PA11Y) >/dev/null 2>&1 || { \ + echo "Installing \"pa11y\" from npm... \n"; \ + mkdir -p $(SPHINXDIR)/node_modules/ ; \ + npm install --prefix $(SPHINXDIR) pa11y; \ + } + +sp-install: $(VENVDIR) + +sp-run: sp-install + . $(VENV); sphinx-autobuild -b dirhtml "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) + +# Doesn't depend on $(BUILDDIR) to rebuild properly at every run. +sp-html: sp-install + . $(VENV); $(SPHINXBUILD) -W --keep-going -b dirhtml "$(SOURCEDIR)" "$(BUILDDIR)" -w $(SPHINXDIR)/warnings.txt $(SPHINXOPTS) + +sp-epub: sp-install + . $(VENV); $(SPHINXBUILD) -b epub "$(SOURCEDIR)" "$(BUILDDIR)" -w $(SPHINXDIR)/warnings.txt $(SPHINXOPTS) + +sp-serve: sp-html + cd "$(BUILDDIR)"; python3 -m http.server --bind 127.0.0.1 8000 + +sp-clean: sp-clean-doc + @test ! -e "$(VENVDIR)" -o -d "$(VENVDIR)" -a "$(abspath $(VENVDIR))" != "$(VENVDIR)" + rm -rf $(VENVDIR) + rm -f $(SPHINXDIR)/requirements.txt + rm -rf $(SPHINXDIR)/node_modules/ + rm -rf $(SPHINXDIR)/styles + rm -rf $(SPHINXDIR)/vale.ini + +sp-clean-doc: + git clean -fx "$(BUILDDIR)" + rm -rf $(SPHINXDIR)/.doctrees + +sp-spellcheck: + . $(VENV) ; python3 -m pyspelling -c $(SPHINXDIR)/spellingcheck.yaml -j $(shell nproc) + +sp-spelling: sp-html sp-spellcheck + +sp-linkcheck: sp-install + . $(VENV) ; $(SPHINXBUILD) -b linkcheck "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) || { grep --color -F "[broken]" "$(BUILDDIR)/output.txt"; exit 1; } + exit 0 + +sp-woke: sp-woke-install + woke $(ALLFILES) --exit-1-on-failure \ + -c https://github.com/canonical/Inclusive-naming/raw/main/config.yml + +sp-pa11y: sp-pa11y-install sp-html + find $(BUILDDIR) -name *.html -print0 | xargs -n 1 -0 $(PA11Y) + +sp-vale: sp-install + @. $(VENV); test -d $(SPHINXDIR)/venv/lib/python*/site-packages/vale || pip install vale + @. $(VENV); test -f $(SPHINXDIR)/vale.ini || python3 $(SPHINXDIR)/get_vale_conf.py + @. $(VENV); find $(SPHINXDIR)/venv/lib/python*/site-packages/vale/vale_bin -size 195c -exec vale --config "$(SPHINXDIR)/vale.ini" $(TARGET) > /dev/null \; + @cat $(SPHINXDIR)/styles/config/vocabularies/Canonical/accept.txt > $(SPHINXDIR)/styles/config/vocabularies/Canonical/accept_backup.txt + @cat $(SOURCEDIR)/.wordlist.txt $(SOURCEDIR)/.custom_wordlist.txt >> $(SPHINXDIR)/styles/config/vocabularies/Canonical/accept.txt + @echo "" + @echo "Running Vale against $(TARGET). To change target set TARGET= with make command" + @echo "" + @. $(VENV); vale --config "$(SPHINXDIR)/vale.ini" --glob='*.{md,txt,rst}' $(TARGET) || true + @cat $(SPHINXDIR)/styles/config/vocabularies/Canonical/accept_backup.txt > $(SPHINXDIR)/styles/config/vocabularies/Canonical/accept.txt && rm $(SPHINXDIR)/styles/config/vocabularies/Canonical/accept_backup.txt + +sp-pdf-prep: sp-install + @for packageName in $(REQPDFPACKS); do (dpkg-query -W -f='$${Status}' $$packageName 2>/dev/null | \ + grep -c "ok installed" >/dev/null && echo "Package $$packageName is installed") && continue || \ + (echo "\nPDF generation requires the installation of the following packages: $(REQPDFPACKS)" && \ + echo "" && echo "Run sudo make pdf-prep-force to install these packages" && echo "" && echo \ + "Please be aware these packages will be installed to your system") && exit 1 ; done + +sp-pdf-prep-force: + apt-get update + apt-get upgrade -y + apt-get install --no-install-recommends -y $(REQPDFPACKS) \ + +sp-pdf: sp-pdf-prep + @. $(VENV); sphinx-build -M latexpdf "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) + @rm ./$(BUILDDIR)/latex/front-page-light.pdf || true + @rm ./$(BUILDDIR)/latex/normal-page-footer.pdf || true + @find ./$(BUILDDIR)/latex -name "*.pdf" -exec mv -t ./$(BUILDDIR) {} + + @rm -r $(BUILDDIR)/latex + @echo "\nOutput can be found in ./$(BUILDDIR)\n" + +sp-allmetrics: sp-html + @echo "Recording documentation metrics..." + @echo "Checking for existence of vale..." + . $(VENV) + @. $(VENV); test -d $(SPHINXDIR)/venv/lib/python*/site-packages/vale || pip install vale + @. $(VENV); test -f $(SPHINXDIR)/vale.ini || python3 $(SPHINXDIR)/get_vale_conf.py + @. $(VENV); find $(SPHINXDIR)/venv/lib/python*/site-packages/vale/vale_bin -size 195c -exec vale --config "$(SPHINXDIR)/vale.ini" $(TARGET) > /dev/null \; + @eval '$(METRICSDIR)/scripts/source_metrics.sh $(PWD)' + @eval '$(METRICSDIR)/scripts/build_metrics.sh $(PWD) $(METRICSDIR)' + + +# Catch-all target: route all unknown targets to Sphinx using the new +# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). +%: Makefile.sp + . $(VENV); $(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) diff --git a/docs/tools/conf.py b/docs/tools/conf.py index f4346485e..bd99aa2d7 100644 --- a/docs/tools/conf.py +++ b/docs/tools/conf.py @@ -1,9 +1,16 @@ import sys import os +import requests +from urllib.parse import urlparse +from git import Repo, InvalidGitRepositoryError +import time +import ast import yaml sys.path.append('./') from custom_conf import * +sys.path.append('.sphinx/') +from build_requirements import * # Configuration file for the Sphinx documentation builder. # You should not do any modifications to this file. Put your custom @@ -19,42 +26,65 @@ extensions = [ 'sphinx_design', - 'sphinx_tabs.tabs', - 'sphinx_reredirects', - 'canonical.youtube-links', - 'canonical.related-links', - 'canonical.custom-rst-roles', - 'canonical.terminal-output', 'sphinx_copybutton', - 'sphinxext.opengraph', - 'myst_parser', 'sphinxcontrib.jquery', - 'notfound.extension' ] + +# Only add redirects extension if any redirects are specified. +if AreRedirectsDefined(): + extensions.append('sphinx_reredirects') + +# Only add myst extensions if any configuration is present. +if IsMyStParserUsed(): + extensions.append('myst_parser') + + # Additional MyST syntax + myst_enable_extensions = [ + 'substitution', + 'deflist', + 'linkify' + ] + myst_enable_extensions.extend(custom_myst_extensions) + +# Only add Open Graph extension if any configuration is present. +if IsOpenGraphConfigured(): + extensions.append('sphinxext.opengraph') + extensions.extend(custom_extensions) +extensions = DeduplicateExtensions(extensions) ### Configuration for extensions -# Additional MyST syntax -myst_enable_extensions = [ - 'substitution', - 'deflist', - 'linkify' -] -myst_enable_extensions.extend(custom_myst_extensions) - # Used for related links if not 'discourse_prefix' in html_context and 'discourse' in html_context: html_context['discourse_prefix'] = html_context['discourse'] + '/t/' -# The default for notfound_urls_prefix usually works, but not for -# documentation on documentation.ubuntu.com +# The URL prefix for the notfound extension depends on whether the documentation uses versions. +# For documentation on documentation.ubuntu.com, we also must add the slug. +url_version = '' +url_lang = '' + +# Determine if the URL uses versions and language +if 'READTHEDOCS_CANONICAL_URL' in os.environ and os.environ['READTHEDOCS_CANONICAL_URL']: + url_parts = os.environ['READTHEDOCS_CANONICAL_URL'].split('/') + + if len(url_parts) >= 2 and 'READTHEDOCS_VERSION' in os.environ and os.environ['READTHEDOCS_VERSION'] == url_parts[-2]: + url_version = url_parts[-2] + '/' + + if len(url_parts) >= 3 and 'READTHEDOCS_LANGUAGE' in os.environ and os.environ['READTHEDOCS_LANGUAGE'] == url_parts[-3]: + url_lang = url_parts[-3] + '/' + +# Set notfound_urls_prefix to the slug (if defined) and the version/language affix if slug: - notfound_urls_prefix = '/' + slug + '/en/latest/' + notfound_urls_prefix = '/' + slug + '/' + url_lang + url_version +elif len(url_lang + url_version) > 0: + notfound_urls_prefix = '/' + url_lang + url_version +else: + notfound_urls_prefix = '' notfound_context = { 'title': 'Page not found', - 'body': '

Page not found

\n\n

Sorry, but the documentation page that you are looking for was not found.

\n

Documentation changes over time, and pages are moved around. We try to redirect you to the updated content where possible, but unfortunately, that didn\'t work this time (maybe because the content you were looking for does not exist in this version of the documentation).

\n

You can try to use the navigation to locate the content you\'re looking for, or search for a similar page.

\n', + 'body': '

Sorry, but the documentation page that you are looking for was not found.

\n\n

Documentation changes over time, and pages are moved around. We try to redirect you to the updated content where possible, but unfortunately, that didn\'t work this time (maybe because the content you were looking for does not exist in this version of the documentation).

\n

You can try to use the navigation to locate the content you\'re looking for, or search for a similar page.

\n', } # Default image for OGP (to prevent font errors, see @@ -99,6 +129,10 @@ for tag in custom_tags: tags.add(tag) +# html_context['get_contribs'] is a function and cannot be +# cached (see https://github.com/sphinx-doc/sphinx/issues/12300) +suppress_warnings = ["config.cache"] + ############################################################ ### Styling ############################################################ @@ -111,6 +145,7 @@ # Setting templates_path for epub makes the build fail if builder == 'dirhtml' or builder == 'html': templates_path = ['.sphinx/_templates'] + notfound_template = '404.html' # Theme configuration html_theme = 'furo' @@ -132,15 +167,52 @@ 'custom.css', 'header.css', 'github_issue_links.css', - 'furo_colors.css' + 'furo_colors.css', + 'footer.css' ] html_css_files.extend(custom_html_css_files) -html_js_files = ['header-nav.js'] +html_js_files = ['header-nav.js', 'footer.js'] if 'github_issues' in html_context and html_context['github_issues'] and not disable_feedback_button: html_js_files.append('github_issue_links.js') html_js_files.extend(custom_html_js_files) +############################################################# +# Display the contributors + +def get_contributors_for_file(github_url, github_folder, pagename, page_source_suffix, display_contributors_since=None): + filename = f"{pagename}{page_source_suffix}" + paths=html_context['github_folder'][1:] + filename + + try: + repo = Repo(".") + except InvalidGitRepositoryError: + cwd = os.getcwd() + ghfolder = html_context['github_folder'][:-1] + if ghfolder and cwd.endswith(ghfolder): + repo = Repo(cwd.rpartition(ghfolder)[0]) + else: + print("The local Git repository could not be found.") + return + + since = display_contributors_since if display_contributors_since and display_contributors_since.strip() else None + + commits = repo.iter_commits(paths=paths, since=since) + + contributors_dict = {} + for commit in commits: + contributor = commit.author.name + if contributor not in contributors_dict or commit.committed_date > contributors_dict[contributor]['date']: + contributors_dict[contributor] = { + 'date': commit.committed_date, + 'sha': commit.hexsha + } + # The github_page contains the link to the contributor's latest commit. + contributors_list = [{'name': name, 'github_page': f"{github_url}/commit/{data['sha']}"} for name, data in contributors_dict.items()] + sorted_contributors_list = sorted(contributors_list, key=lambda x: x['name']) + return sorted_contributors_list + +html_context['get_contribs'] = get_contributors_for_file ############################################################ ### Myst configuration @@ -148,3 +220,30 @@ if os.path.exists('./reuse/substitutions.yaml'): with open('./reuse/substitutions.yaml', 'r') as fd: myst_substitutions = yaml.safe_load(fd.read()) + + + +############################################################ +### PDF configuration +############################################################ + +latex_additional_files = [ + "./.sphinx/fonts/Ubuntu-B.ttf", + "./.sphinx/fonts/Ubuntu-R.ttf", + "./.sphinx/fonts/Ubuntu-RI.ttf", + "./.sphinx/fonts/UbuntuMono-R.ttf", + "./.sphinx/fonts/UbuntuMono-RI.ttf", + "./.sphinx/fonts/UbuntuMono-B.ttf", + "./.sphinx/images/Canonical-logo-4x.png", + "./.sphinx/images/front-page-light.pdf", + "./.sphinx/images/normal-page-footer.pdf", +] + +latex_engine = 'xelatex' +latex_show_pagerefs = True +latex_show_urls = 'footnote' + +with open(".sphinx/latex_elements_template.txt", "rt") as file: + latex_config = file.read() + +latex_elements = ast.literal_eval(latex_config.replace("$PROJECT", project)) \ No newline at end of file diff --git a/docs/tools/conf.py-old b/docs/tools/conf.py-old new file mode 100644 index 000000000..f4346485e --- /dev/null +++ b/docs/tools/conf.py-old @@ -0,0 +1,150 @@ +import sys +import os +import yaml + +sys.path.append('./') +from custom_conf import * + +# Configuration file for the Sphinx documentation builder. +# You should not do any modifications to this file. Put your custom +# configuration into the custom_conf.py file. +# If you need to change this file, contribute the changes upstream. +# +# For the full list of built-in configuration values, see the documentation: +# https://www.sphinx-doc.org/en/master/usage/configuration.html + +############################################################ +### Extensions +############################################################ + +extensions = [ + 'sphinx_design', + 'sphinx_tabs.tabs', + 'sphinx_reredirects', + 'canonical.youtube-links', + 'canonical.related-links', + 'canonical.custom-rst-roles', + 'canonical.terminal-output', + 'sphinx_copybutton', + 'sphinxext.opengraph', + 'myst_parser', + 'sphinxcontrib.jquery', + 'notfound.extension' +] +extensions.extend(custom_extensions) + +### Configuration for extensions + +# Additional MyST syntax +myst_enable_extensions = [ + 'substitution', + 'deflist', + 'linkify' +] +myst_enable_extensions.extend(custom_myst_extensions) + +# Used for related links +if not 'discourse_prefix' in html_context and 'discourse' in html_context: + html_context['discourse_prefix'] = html_context['discourse'] + '/t/' + +# The default for notfound_urls_prefix usually works, but not for +# documentation on documentation.ubuntu.com +if slug: + notfound_urls_prefix = '/' + slug + '/en/latest/' + +notfound_context = { + 'title': 'Page not found', + 'body': '

Page not found

\n\n

Sorry, but the documentation page that you are looking for was not found.

\n

Documentation changes over time, and pages are moved around. We try to redirect you to the updated content where possible, but unfortunately, that didn\'t work this time (maybe because the content you were looking for does not exist in this version of the documentation).

\n

You can try to use the navigation to locate the content you\'re looking for, or search for a similar page.

\n', +} + +# Default image for OGP (to prevent font errors, see +# https://github.com/canonical/sphinx-docs-starter-pack/pull/54 ) +if not 'ogp_image' in locals(): + ogp_image = 'https://assets.ubuntu.com/v1/253da317-image-document-ubuntudocs.svg' + +############################################################ +### General configuration +############################################################ + +exclude_patterns = [ + '_build', + 'Thumbs.db', + '.DS_Store', + '.sphinx', + '_parts' +] +exclude_patterns.extend(custom_excludes) + +rst_epilog = ''' +.. include:: /reuse/links.txt +''' +if 'custom_rst_epilog' in locals(): + rst_epilog = custom_rst_epilog + +source_suffix = { + '.rst': 'restructuredtext', + '.md': 'markdown', +} + +if not 'conf_py_path' in html_context and 'github_folder' in html_context: + html_context['conf_py_path'] = html_context['github_folder'] + +# For ignoring specific links +linkcheck_anchors_ignore_for_url = [ + r'https://github\.com/.*' +] +linkcheck_anchors_ignore_for_url.extend(custom_linkcheck_anchors_ignore_for_url) + +# Tags cannot be added directly in custom_conf.py, so add them here +for tag in custom_tags: + tags.add(tag) + +############################################################ +### Styling +############################################################ + +# Find the current builder +builder = 'dirhtml' +if '-b' in sys.argv: + builder = sys.argv[sys.argv.index('-b')+1] + +# Setting templates_path for epub makes the build fail +if builder == 'dirhtml' or builder == 'html': + templates_path = ['.sphinx/_templates'] + +# Theme configuration +html_theme = 'furo' +html_last_updated_fmt = '' +html_permalinks_icon = '¶' + +if html_title == '': + html_theme_options = { + 'sidebar_hide_name': True + } + +############################################################ +### Additional files +############################################################ + +html_static_path = ['.sphinx/_static'] + +html_css_files = [ + 'custom.css', + 'header.css', + 'github_issue_links.css', + 'furo_colors.css' +] +html_css_files.extend(custom_html_css_files) + +html_js_files = ['header-nav.js'] +if 'github_issues' in html_context and html_context['github_issues'] and not disable_feedback_button: + html_js_files.append('github_issue_links.js') +html_js_files.extend(custom_html_js_files) + + +############################################################ +### Myst configuration +############################################################ +if os.path.exists('./reuse/substitutions.yaml'): + with open('./reuse/substitutions.yaml', 'r') as fd: + myst_substitutions = yaml.safe_load(fd.read()) diff --git a/docs/tools/custom_conf.py b/docs/tools/custom_conf.py index 53dafffbe..42ad59591 100644 --- a/docs/tools/custom_conf.py +++ b/docs/tools/custom_conf.py @@ -41,7 +41,7 @@ # -H 'Accept: application/vnd.github.v3.raw' \ # https://api.github.com/repos/canonical/ | jq '.created_at' -copyright = '%s, %s' % (datetime.date.today().year, author) +copyright = '%s CC-BY-SA, %s' % (datetime.date.today().year, author) ## Open Graph configuration - defines what is displayed as a link preview ## when linking to the documentation from another website (see https://ogp.me/) @@ -89,7 +89,7 @@ # Change to the folder that contains the documentation # (usually "/" or "/docs/") - 'github_folder': '/docs/', + 'github_folder': '/docs/src/', # Change to an empty value if your GitHub repo doesn't have issues enabled. # This will disable the feedback button and the issue link in the footer. @@ -100,7 +100,12 @@ # You can override the default setting on a page-by-page basis by specifying # it as file-wide metadata at the top of the file, see # https://www.sphinx-doc.org/en/master/usage/restructuredtext/field-lists.html - 'sequential_nav': "none" + 'sequential_nav': "none", + # Controls if to display the contributors of a file or not + "display_contributors": True, + + # Controls time frame for showing the contributors + "display_contributors_since": "" } # If your project is on documentation.ubuntu.com, specify the project @@ -144,7 +149,31 @@ # Add MyST extensions custom_myst_extensions = [] +# Add custom Sphinx extensions as needed. +# This array contains recommended extensions that should be used. +# NOTE: The following extensions are handled automatically and do +# not need to be added here: myst_parser, sphinx_copybutton, sphinx_design, +# sphinx_reredirects, sphinxcontrib.jquery, sphinxext.opengraph +custom_extensions = [ + 'sphinx_tabs.tabs', + 'canonical.youtube-links', + 'canonical.related-links', + 'canonical.custom-rst-roles', + 'canonical.terminal-output', + 'notfound.extension', + 'sphinxcontrib.cairosvgconverter', + ] +# Add custom required Python modules that must be added to the +# .sphinx/requirements.txt file. +# NOTE: The following modules are handled automatically and do not need to be +# added here: canonical-sphinx-extensions, furo, linkify-it-py, myst-parser, +# pyspelling, sphinx, sphinx-autobuild, sphinx-copybutton, sphinx-design, +# sphinx-notfound-page, sphinx-reredirects, sphinx-tabs, sphinxcontrib-jquery, +# sphinxext-opengraph +custom_required_modules = [ + 'sphinxcontrib-svg2pdfconverter[CairoSVG]' +] # Add files or directories that should be excluded from processing. custom_excludes = [ 'doc-cheat-sheet*', @@ -186,4 +215,6 @@ rst_prolog = ''' .. role:: center :class: align-center +.. role:: h2 + :class: hclass2 ''' diff --git a/docs/tools/make.bat b/docs/tools/make.bat new file mode 100644 index 000000000..32bb24529 --- /dev/null +++ b/docs/tools/make.bat @@ -0,0 +1,35 @@ +@ECHO OFF + +pushd %~dp0 + +REM Command file for Sphinx documentation + +if "%SPHINXBUILD%" == "" ( + set SPHINXBUILD=sphinx-build +) +set SOURCEDIR=. +set BUILDDIR=_build + +%SPHINXBUILD% >NUL 2>NUL +if errorlevel 9009 ( + echo. + echo.The 'sphinx-build' command was not found. Make sure you have Sphinx + echo.installed, then set the SPHINXBUILD environment variable to point + echo.to the full path of the 'sphinx-build' executable. Alternatively you + echo.may add the Sphinx directory to PATH. + echo. + echo.If you don't have Sphinx installed, grab it from + echo.https://www.sphinx-doc.org/ + exit /b 1 +) + +if "%1" == "" goto help + +%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% +goto end + +:help +%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% + +:end +popd diff --git a/docs/tools/metrics/scripts/build_metrics.sh b/docs/tools/metrics/scripts/build_metrics.sh new file mode 100755 index 000000000..b7140a1a9 --- /dev/null +++ b/docs/tools/metrics/scripts/build_metrics.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +links=0 +images=0 + +# count number of links +links=$(find . -type d -path './.sphinx' -prune -o -name '*.html' -exec cat {} + | grep -o " Date: Wed, 16 Oct 2024 11:39:50 -0500 Subject: [PATCH 049/122] Update proxy.md (#742) Remove references to Juju in the note and reword the requirement to include the pod range and local networks in the `no_proxy` lists. --- docs/src/snap/howto/proxy.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/src/snap/howto/proxy.md b/docs/src/snap/howto/proxy.md index ad4186625..29a138b72 100644 --- a/docs/src/snap/howto/proxy.md +++ b/docs/src/snap/howto/proxy.md @@ -5,7 +5,7 @@ to fetch resources they expect to find on the internet. In a constrained network environment, such access is usually controlled through proxies. To set up a proxy using squid follow the -[how-to-install-a-squid-server][squid] tutorial. +[How to install a Squid server][squid] tutorial. ## Adding proxy configuration for the k8s snap @@ -37,19 +37,21 @@ Environment="no_proxy=10.0.0.0/8,10.152.183.1,192.168.0.0/16,127.0.0.1,172.16.0. Note that you may need to restart for these settings to take effect. -```{note} The **10.152.183.0/24** CIDR needs to be covered in the juju-no-proxy - list as it is the Kubernetes service CIDR. Without this any pods will not be - able to reach the cluster's kubernetes-api. You should also exclude the range - used by pods (which defaults to **10.1.0.0/16**) and any required - local networks. + +```{note} Include the CIDR **10.152.183.0/24** in both the +`no_proxy` and `NO_PROXY` environment variables, as it's the default Kubernetes +service CIDR. If you are using a different service CIDR, update this setting +accordingly. This ensures pods can access the cluster's Kubernetes API Server. +Also, include the default pod range (**10.1.0.0/16**) and any local networks +needed. ``` ## Adding proxy configuration for the k8s charms Proxy configuration is handled by Juju when deploying the `k8s` charms. Please -see the [documentation for adding proxy configuration via Juju]. +see the [documentation for adding proxy configuration via Juju][juju-proxy]. -[documentation for adding proxy configuration via Juju]: /charm/howto/proxy +[juju-proxy]: /charm/howto/proxy [squid]: https://ubuntu.com/server/docs/how-to-install-a-squid-server From b6ee33b6f549a69eb26a054a86980539f8ad5692 Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Wed, 16 Oct 2024 12:57:07 -0400 Subject: [PATCH 050/122] Fix TiCS action's permission error (#694) --- .github/workflows/cron-jobs.yaml | 11 +++++++---- .github/workflows/integration.yaml | 7 +++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cron-jobs.yaml b/.github/workflows/cron-jobs.yaml index fc658da51..907452165 100644 --- a/.github/workflows/cron-jobs.yaml +++ b/.github/workflows/cron-jobs.yaml @@ -6,7 +6,7 @@ on: permissions: contents: read - + jobs: TICS: permissions: @@ -27,6 +27,9 @@ jobs: uses: actions/checkout@v4 with: ref: ${{matrix.branch}} + - uses: actions/setup-python@v5 + with: + python-version: '3.12' - name: Install Go uses: actions/setup-go@v5 with: @@ -47,14 +50,14 @@ jobs: # TICS requires us to have the test results in cobertura xml format under the # directory use below - make go.unit + sudo make go.unit go install github.com/boumenot/gocover-cobertura@latest gocover-cobertura < coverage.txt > coverage.xml mkdir .coverage mv ./coverage.xml ./.coverage/ # Install the TICS and staticcheck - go install honnef.co/go/tools/cmd/staticcheck@v0.4.7 + go install honnef.co/go/tools/cmd/staticcheck@v0.5.1 . <(curl --silent --show-error 'https://canonical.tiobe.com/tiobeweb/TICS/api/public/v1/fapi/installtics/Script?cfg=default&platform=linux&url=https://canonical.tiobe.com/tiobeweb/TICS/') # We need to have our project built @@ -62,7 +65,7 @@ jobs: # will try to build parts of the project itself sudo add-apt-repository -y ppa:dqlite/dev sudo apt install dqlite-tools libdqlite-dev -y - make clean + sudo make clean go build -a ./... TICSQServer -project k8s-snap -tmpdir /tmp/tics -branchdir $HOME/work/k8s-snap/k8s-snap/ diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index d2589b8ca..c6c032fbe 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -128,6 +128,13 @@ jobs: uses: step-security/harden-runner@v2 with: egress-policy: audit + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + # We run into rate limiting issues if we don't authenticate + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Checking out repo uses: actions/checkout@v4 - name: Fetch snap From 8369545acf3e1e40229a63b20063e2029b336443 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Thu, 17 Oct 2024 13:28:24 +0200 Subject: [PATCH 051/122] Remove context lints (false-positives), Add copyloopvar (#731) --- .golangci.yml | 21 +++++--------------- src/k8s/pkg/k8sd/api/certificates_refresh.go | 1 - src/k8s/pkg/k8sd/features/contour/chart.go | 2 +- 3 files changed, 6 insertions(+), 18 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 9a99ac6e3..b4f5ec7eb 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -15,17 +15,12 @@ linters: - bidichk - bodyclose - canonicalheader + - copyloopvar + - decorder + - dogsled + - dupword # TODO(ben): Enable those linters step by step and fix existing issues. -# - containedctx -# - contextcheck -# - copyloopvar -# - cyclop -# - decorder -# - depguard -# - dogsled -# - dupl -# - dupword # - durationcheck # - err113 # - errcheck @@ -331,10 +326,4 @@ issues: linters: [ gocritic ] - path: "_test\\.go" linters: - - bodyclose - - dupl - - funlen - - goconst - - gosec - - noctx - - wrapcheck + - dupword diff --git a/src/k8s/pkg/k8sd/api/certificates_refresh.go b/src/k8s/pkg/k8sd/api/certificates_refresh.go index 1be0f436f..0c6a6749c 100644 --- a/src/k8s/pkg/k8sd/api/certificates_refresh.go +++ b/src/k8s/pkg/k8sd/api/certificates_refresh.go @@ -253,7 +253,6 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo key: &certificates.KubeProxyClientKey, }, } { - csr := csr g.Go(func() error { csrPEM, keyPEM, err := pkiutil.GenerateCSR( pkix.Name{ diff --git a/src/k8s/pkg/k8sd/features/contour/chart.go b/src/k8s/pkg/k8sd/features/contour/chart.go index 3eece9317..1291dbe85 100644 --- a/src/k8s/pkg/k8sd/features/contour/chart.go +++ b/src/k8s/pkg/k8sd/features/contour/chart.go @@ -39,7 +39,7 @@ var ( // NOTE: The image version is v1.29.2 instead of 1.28.2 // to follow the upstream configuration for the contour gateway provisioner. - // ContourGatewayProvisionerEnvoyImageTag is the tag to use for for envoy in the gateway. + // ContourGatewayProvisionerEnvoyImageTag is the tag to use for envoy in the gateway. ContourGatewayProvisionerEnvoyImageTag = "v1.29.2" // ContourIngressEnvoyImageRepo represents the image to use for the Contour Envoy proxy. From dc4483845f74c5bba2d1d192d427f8e8f91c2b92 Mon Sep 17 00:00:00 2001 From: Mateo Florido <32885896+mateoflorido@users.noreply.github.com> Date: Thu, 17 Oct 2024 07:37:53 -0500 Subject: [PATCH 052/122] Add Configure Custom Registries How-To (#744) This commit adds a new How-To Configure Custom Registries --- docs/src/charm/howto/custom-registry.md | 76 +++++++++++++++++++++++++ docs/src/charm/howto/index.md | 1 + 2 files changed, 77 insertions(+) create mode 100644 docs/src/charm/howto/custom-registry.md diff --git a/docs/src/charm/howto/custom-registry.md b/docs/src/charm/howto/custom-registry.md new file mode 100644 index 000000000..2db2dcc39 --- /dev/null +++ b/docs/src/charm/howto/custom-registry.md @@ -0,0 +1,76 @@ +# Configure a Custom Registry + +The `k8s` charm can be configured to use a custom container registry for its +container images. This is particularly useful if you have a private registry or +operate in an air-gapped environment where you need to pull images from a +different registry. This guide will walk you through the steps to set up `k8s` +charm to pull images from a custom registry. + +## Prerequisites + +- A running `k8s` charm cluster. +- Access to a custom container registry from the cluster (e.g., docker registry + or Harbor). + +## Configure the Charm + +To configure the charm to use a custom registry, you need to set the +`containerd_custom_registries` configuration option. This options allows +the charm to configure `containerd` to pull images from registries that require +authentication. This configuration option should be a JSON-formatted array of +credential objects. For more details on the `containerd_custom_registries` +option, refer to the [charm configurations] documentation. + +For example, to configure the charm to use a custom registry at +`myregistry.example.com:5000` with the username `myuser` and password +`mypassword`, set the `containerd_custom_registries` configuration option as +follows: + +``` +juju config k8s containerd_custom_registries='[{ + "url": "http://myregistry.example.com:5000", + "host": "myregistry.example.com:5000", + "username": "myuser", + "password": "mypassword" +}]' +``` + +Allow the charm to apply the configuration changes and wait for Juju to +indicate that the changes have been successfully applied. You can monitor the +progress by running: + +``` +juju status --watch 2s +``` + +## Verify the Configuration + +Once the charm is configured and active, verify that the custom registry is +configured correctly by creating a new workload and ensuring that the images +are being pulled from the custom registry. + +For example, to create a new workload using the `nginx:latest` image that you +have previously pushed to the `myregistry.example.com:5000` registry, run the +following command: + +``` +kubectl run nginx --image=myregistry.example.com:5000/nginx:latest +``` + +To confirm that the image has been pulled from the custom registry and that the +workload is running, use the following command: + +``` +kubectl get pod nginx -o jsonpath='{.spec.containers[*].image}{"->"}{.status.containerStatuses[*].ready}' +``` + +The output should indicate that the image was pulled from the custom registry +and that the workload is running. + +``` +myregistry.example.com:5000/nginx:latest->true +``` + + + +[charm configurations]: https://charmhub.io/k8s/configurations diff --git a/docs/src/charm/howto/index.md b/docs/src/charm/howto/index.md index 0f885b73e..d76e3913f 100644 --- a/docs/src/charm/howto/index.md +++ b/docs/src/charm/howto/index.md @@ -20,6 +20,7 @@ etcd proxy cos-lite contribute +custom-registry ``` From 82985e301082c848dfb253b1e0f68b9cb0596d5b Mon Sep 17 00:00:00 2001 From: Niamh Hennigan Date: Thu, 17 Oct 2024 14:13:43 -0700 Subject: [PATCH 053/122] Ku 1442 cis hardening (#725) * CIS hardening how-to guide --------- Co-authored-by: Nick Veitch --- docs/src/snap/howto/cis-hardening.md | 292 +++++++++++++++++++++++++++ docs/src/snap/howto/index.md | 1 + 2 files changed, 293 insertions(+) create mode 100644 docs/src/snap/howto/cis-hardening.md diff --git a/docs/src/snap/howto/cis-hardening.md b/docs/src/snap/howto/cis-hardening.md new file mode 100644 index 000000000..3e1039cb6 --- /dev/null +++ b/docs/src/snap/howto/cis-hardening.md @@ -0,0 +1,292 @@ +# CIS compliance + +CIS Hardening refers to the process of implementing security configurations that +align with the benchmarks set by the [Center for Internet Security (CIS)][]. The +open source tool [kube-bench][] is designed to automatically check whether +your Kubernetes clusters are configured according to the +[CIS Kubernetes Benchmark][]. This guide covers how to setup your {{product}} +cluster with kube-bench. + +## What you'll need + +This guide assumes the following: + +- You have a bootstrapped {{product}} cluster (see the [Getting Started] +[getting-started-guide] guide) +- You have root or sudo access to the machine + +## Install kube-bench + +Download the latest [kube-bench release][] on your Kubernetes nodes. Make sure +to select the appropriate binary version. + +For example, to download the Linux binary, use the following command. Replace +`KB` by the version listed in the releases page. + +``` +KB=8.0 +mkdir kube-bench +cd kube-bench +curl -L https://github.com/aquasecurity/kube-bench/releases/download/v0.$KB/kube-bench_0.$KB\_linux_amd64.tar.gz -o kube-bench_0.$KB\_linux_amd64.tar.gz +``` + +Extract the downloaded tarball and move the binary to a directory in your PATH: + +``` +tar -xvf kube-bench_0.$KB\_linux_amd64.tar.gz +sudo mv kube-bench /usr/local/bin/ +``` + +Verify kube-bench installation. + +``` +kube-bench version +``` + +The output should list the version installed. + +Install `kubectl` and configure it to interact with the cluster. + +```{warning} +This will override your ~/.kube/config if you already have kubectl installed in your cluster. +``` + +``` +sudo snap install kubectl --classic +mkdir ~/.kube/ +sudo k8s kubectl config view --raw > ~/.kube/config +export KUBECONFIG=~/.kube/config +``` + +Get CIS hardening checks applicable for {{product}}: + +``` +git clone -b ck8s https://github.com/canonical/kube-bench.git kube-bench-ck8s-cfg +``` + +Test-run kube-bench against {{product}}: + +``` +sudo -E kube-bench --version ck8s-dqlite-cis-1.24 --config-dir ./kube-bench-ck8s-cfg/cfg/ --config ./kube-bench-ck8s-cfg/cfg/config.yaml +``` + +## Harden your deployments + +Before running a CIS Kubernetes audit, it is essential to first harden your +{{product}} deployment to minimize vulnerabilities and ensure +compliance with industry best practices, as defined by the CIS Kubernetes +Benchmark. + +### Control plane nodes + +Run the following commands on your control plane nodes. + +#### Configure auditing + +Create an audit-policy.yaml file under `/var/snap/k8s/common/etc/` and specify +the level of auditing you desire based on the [upstream instructions][]. Here is +a minimal example of such a policy file. + +``` +sudo sh -c 'cat >/var/snap/k8s/common/etc/audit-policy.yaml <>/var/snap/k8s/common/args/kube-apiserver </var/snap/k8s/common/etc/eventconfig.yaml </var/snap/k8s/common/etc/admission-control-config-file.yaml <>/var/snap/k8s/common/args/kube-apiserver <>/var/snap/k8s/common/args/kubelet < +[Center for Internet Security (CIS)]:https://www.cisecurity.org/ +[kube-bench]:https://aquasecurity.github.io/kube-bench/v0.6.15/ +[CIS Kubernetes Benchmark]:https://www.cisecurity.org/benchmark/kubernetes +[getting-started-guide]: /snap/tutorial/getting-started +[kube-bench release]: https://github.com/aquasecurity/kube-bench/releases +[upstream instructions]:https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/ +[rate limits]:https://kubernetes.io/docs/reference/config-api/apiserver-eventratelimit.v1alpha1 diff --git a/docs/src/snap/howto/index.md b/docs/src/snap/howto/index.md index 817b5a247..0ad1890b6 100644 --- a/docs/src/snap/howto/index.md +++ b/docs/src/snap/howto/index.md @@ -24,6 +24,7 @@ refresh-certs restore-quorum two-node-ha epa +cis-hardening contribute support ``` From db9fdd621975611f6a6545f96fc819a89528b3f5 Mon Sep 17 00:00:00 2001 From: Mateo Florido <32885896+mateoflorido@users.noreply.github.com> Date: Thu, 17 Oct 2024 21:32:30 -0500 Subject: [PATCH 054/122] Add Approve Worker Nodes CSRs (#713) This commit adds an endpoint to approve CSRs from worker nodes via the CAPI provider --- src/k8s/go.mod | 2 +- src/k8s/go.sum | 4 +- .../pkg/k8sd/api/capi_certificate_refresh.go | 87 +++++++++++++++++++ src/k8s/pkg/k8sd/api/certificates_refresh.go | 68 ++++++++++++--- src/k8s/pkg/k8sd/api/endpoints.go | 5 ++ 5 files changed, 152 insertions(+), 14 deletions(-) create mode 100644 src/k8s/pkg/k8sd/api/capi_certificate_refresh.go diff --git a/src/k8s/go.mod b/src/k8s/go.mod index 1b3a893fb..00d2f0681 100644 --- a/src/k8s/go.mod +++ b/src/k8s/go.mod @@ -5,7 +5,7 @@ go 1.22.6 require ( dario.cat/mergo v1.0.0 github.com/canonical/go-dqlite v1.22.0 - github.com/canonical/k8s-snap-api v1.0.9 + github.com/canonical/k8s-snap-api v1.0.10 github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 github.com/go-logr/logr v1.4.2 diff --git a/src/k8s/go.sum b/src/k8s/go.sum index 9620b105b..0ce367e78 100644 --- a/src/k8s/go.sum +++ b/src/k8s/go.sum @@ -99,8 +99,8 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXe github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/canonical/go-dqlite v1.22.0 h1:DuJmfcREl4gkQJyvZzjl2GHFZROhbPyfdjDRQXpkOyw= github.com/canonical/go-dqlite v1.22.0/go.mod h1:Uvy943N8R4CFUAs59A1NVaziWY9nJ686lScY7ywurfg= -github.com/canonical/k8s-snap-api v1.0.9 h1:WhbyVtnR0GIAdY1UYBIzkspfgodxrHjlpT9FbG4NIu4= -github.com/canonical/k8s-snap-api v1.0.9/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= +github.com/canonical/k8s-snap-api v1.0.10 h1:BoAw4Vr8mR8MWTKeZZxH5LmrF3JYGSZHDv+KEo5ifoU= +github.com/canonical/k8s-snap-api v1.0.10/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 h1:YOqZ+/14OPZ+/TOXpRHIX3KLT0C+wZVpewKIwlGUmW0= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230/go.mod h1:YVGI7HStOKsV+cMyXWnJ7RaMPaeWtrkxyIPvGWbgACc= github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 h1:UrnpglbXELlxtufdk6DGDytu2JzyzuS3WTsOwPrkQLI= diff --git a/src/k8s/pkg/k8sd/api/capi_certificate_refresh.go b/src/k8s/pkg/k8sd/api/capi_certificate_refresh.go new file mode 100644 index 000000000..51ed19c75 --- /dev/null +++ b/src/k8s/pkg/k8sd/api/capi_certificate_refresh.go @@ -0,0 +1,87 @@ +package api + +import ( + "fmt" + "net/http" + + apiv1 "github.com/canonical/k8s-snap-api/api/v1" + "github.com/canonical/k8s/pkg/utils" + "github.com/canonical/lxd/lxd/response" + "github.com/canonical/microcluster/v3/state" + "golang.org/x/sync/errgroup" + certv1 "k8s.io/api/certificates/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// postApproveWorkerCSR approves the worker node CSR for the specified seed. +// The certificate approval process follows these steps: +// 1. The CAPI provider calls the /x/capi/refresh-certs/plan endpoint from a +// worker node, which generates a CSR and creates a CertificateSigningRequest +// object in the cluster. +// 2. The CAPI provider then calls the /k8sd/refresh-certs/run endpoint with +// the seed. This endpoint waits until the CSR is approved and the certificate +// is signed. Note that this is a blocking call. +// 3. The CAPI provider calls the /x/capi/refresh-certs/approve endpoint from +// any control plane node to approve the CSR. +// 4. The /x/capi/refresh-certs/run endpoint completes and returns once the +// certificate is approved and signed. +func (e *Endpoints) postApproveWorkerCSR(s state.State, r *http.Request) response.Response { + snap := e.provider.Snap() + + req := apiv1.ClusterAPIApproveWorkerCSRRequest{} + + if err := utils.NewStrictJSONDecoder(r.Body).Decode(&req); err != nil { + return response.BadRequest(fmt.Errorf("failed to parse request: %w", err)) + } + + if err := r.Body.Close(); err != nil { + return response.InternalError(fmt.Errorf("failed to close request body: %w", err)) + } + + client, err := snap.KubernetesClient("") + if err != nil { + return response.InternalError(fmt.Errorf("failed to get Kubernetes client: %w", err)) + } + + g, ctx := errgroup.WithContext(r.Context()) + + // CSR names + csrNames := []string{ + fmt.Sprintf("k8sd-%d-worker-kubelet-serving", req.Seed), + fmt.Sprintf("k8sd-%d-worker-kubelet-client", req.Seed), + fmt.Sprintf("k8sd-%d-worker-kube-proxy-client", req.Seed), + } + + for _, csrName := range csrNames { + g.Go(func() error { + if err := client.WatchCertificateSigningRequest( + ctx, + csrName, + func(request *certv1.CertificateSigningRequest) (bool, error) { + request.Status.Conditions = append(request.Status.Conditions, certv1.CertificateSigningRequestCondition{ + Type: certv1.CertificateApproved, + Status: corev1.ConditionTrue, + Reason: "ApprovedByCK8sCAPI", + Message: "This CSR was approved by the Canonical Kubernetes CAPI Provider", + LastUpdateTime: metav1.Now(), + }) + _, err := client.CertificatesV1().CertificateSigningRequests().UpdateApproval(ctx, csrName, request, metav1.UpdateOptions{}) + if err != nil { + return false, fmt.Errorf("failed to update CSR %s: %w", csrName, err) + } + return true, nil + }, + ); err != nil { + return fmt.Errorf("certificate signing request failed: %w", err) + } + return nil + }) + } + + if err := g.Wait(); err != nil { + return response.InternalError(fmt.Errorf("failed to approve worker node CSR: %w", err)) + } + + return response.SyncResponse(true, apiv1.ClusterAPIApproveWorkerCSRResponse{}) +} diff --git a/src/k8s/pkg/k8sd/api/certificates_refresh.go b/src/k8s/pkg/k8sd/api/certificates_refresh.go index 0c6a6749c..804c5bf81 100644 --- a/src/k8s/pkg/k8sd/api/certificates_refresh.go +++ b/src/k8s/pkg/k8sd/api/certificates_refresh.go @@ -143,10 +143,17 @@ func refreshCertsRunControlPlane(s state.State, r *http.Request, snap snap.Snap) ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() - if err := <-readyCh; err != nil { - log.Error(err, "Failed to refresh certificates") + select { + case err := <-readyCh: + if err != nil { + log.Error(err, "Failed to refresh certificates") + return + } + case <-ctx.Done(): + log.Error(ctx.Err(), "Timeout waiting for certificates to be refreshed") return } + if err := snaputil.RestartControlPlaneServices(ctx, snap); err != nil { log.Error(err, "Failed to restart control plane services") } @@ -325,13 +332,34 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo return response.InternalError(fmt.Errorf("failed to generate kube-proxy kubeconfig: %w", err)) } - // Restart the services - if err := snap.RestartService(r.Context(), "kubelet"); err != nil { - return response.InternalError(fmt.Errorf("failed to restart kubelet: %w", err)) - } - if err := snap.RestartService(r.Context(), "kube-proxy"); err != nil { - return response.InternalError(fmt.Errorf("failed to restart kube-proxy: %w", err)) - } + // NOTE: Restart the worker services in a separate goroutine to avoid + // restarting the kube-proxy and kubelet, which would break the + // proxy connection and cause missed responses in the proxy side. + readyCh := make(chan error, 1) + go func() { + // NOTE: Create a new context independent of the request context to ensure + // the restart process is not cancelled by the client. + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) + defer cancel() + + select { + case err := <-readyCh: + if err != nil { + log.Error(err, "Failed to refresh certificates") + return + } + case <-ctx.Done(): + log.Error(ctx.Err(), "Timeout waiting for certificates to be refreshed") + return + } + + if err := snap.RestartService(ctx, "kubelet"); err != nil { + log.Error(err, "Failed to restart kubelet") + } + if err := snap.RestartService(ctx, "kube-proxy"); err != nil { + log.Error(err, "Failed to restart kube-proxy") + } + }() cert, _, err := pkiutil.LoadCertificate(certificates.KubeletCert, "") if err != nil { @@ -339,8 +367,26 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo } expirationTimeUNIX := cert.NotAfter.Unix() - return response.SyncResponse(true, apiv1.RefreshCertificatesRunResponse{ - ExpirationSeconds: int(expirationTimeUNIX), + + return response.ManualResponse(func(w http.ResponseWriter) (rerr error) { + defer func() { + readyCh <- rerr + close(readyCh) + }() + err := response.SyncResponse(true, apiv1.RefreshCertificatesRunResponse{ + ExpirationSeconds: int(expirationTimeUNIX), + }).Render(w) + if err != nil { + return fmt.Errorf("failed to render response: %w", err) + } + + f, ok := w.(http.Flusher) + if !ok { + return fmt.Errorf("ResponseWriter is not type http.Flusher") + } + + f.Flush() + return nil }) } diff --git a/src/k8s/pkg/k8sd/api/endpoints.go b/src/k8s/pkg/k8sd/api/endpoints.go index 69a9753a4..4ae9946e3 100644 --- a/src/k8s/pkg/k8sd/api/endpoints.go +++ b/src/k8s/pkg/k8sd/api/endpoints.go @@ -155,6 +155,11 @@ func (e *Endpoints) Endpoints() []rest.Endpoint { Path: apiv1.ClusterAPICertificatesRunRPC, Post: rest.EndpointAction{Handler: e.postRefreshCertsRun, AccessHandler: e.ValidateNodeTokenAccessHandler("node-token"), AllowUntrusted: true}, }, + { + Name: "ClusterAPI/RefreshCerts/Approve", + Path: apiv1.ClusterAPIApproveWorkerCSRRPC, + Post: rest.EndpointAction{Handler: e.postApproveWorkerCSR, AccessHandler: ValidateCAPIAuthTokenAccessHandler("capi-auth-token"), AllowUntrusted: true}, + }, // Snap refreshes { Name: "Snap/Refresh", From 2ee8e7098697cdfc266a7b22c1207ad3287e2bf0 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Fri, 18 Oct 2024 09:52:22 +0200 Subject: [PATCH 055/122] Enable error linting (#733) --- .golangci.yml | 14 ++++++++------ src/k8s/pkg/client/helm/client.go | 3 ++- src/k8s/pkg/client/kubernetes/status.go | 2 +- src/k8s/pkg/client/snapd/refresh_status.go | 4 ++-- src/k8s/pkg/docgen/godoc.go | 2 +- src/k8s/pkg/docgen/gomod.go | 15 ++++++++------- src/k8s/pkg/docgen/json_struct.go | 5 ++--- src/k8s/pkg/k8sd/database/schema.go | 4 ++-- src/k8s/pkg/k8sd/features/calico/network.go | 2 +- src/k8s/pkg/k8sd/features/cilium/network.go | 2 +- src/k8s/pkg/k8sd/setup/templates.go | 2 +- src/k8s/pkg/snap/util/arguments.go | 2 +- src/k8s/pkg/utils/control/retry_test.go | 2 +- src/k8s/pkg/utils/control/wait_test.go | 8 ++++---- 14 files changed, 35 insertions(+), 32 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index b4f5ec7eb..ec2758023 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -19,14 +19,15 @@ linters: - decorder - dogsled - dupword + - durationcheck + # - err113 - TODO(ben): maybe consider later + # - errcheck + # - errchkjson + - errname + - errorlint + # TODO(ben): Enable those linters step by step and fix existing issues. -# - durationcheck -# - err113 -# - errcheck -# - errchkjson -# - errname -# - errorlint # - exhaustive # - exhaustruct # - fatcontext @@ -327,3 +328,4 @@ issues: - path: "_test\\.go" linters: - dupword + - err113 diff --git a/src/k8s/pkg/client/helm/client.go b/src/k8s/pkg/client/helm/client.go index abe6c5da6..15a5b5b69 100644 --- a/src/k8s/pkg/client/helm/client.go +++ b/src/k8s/pkg/client/helm/client.go @@ -4,6 +4,7 @@ import ( "bytes" "context" "encoding/json" + "errors" "fmt" "path/filepath" @@ -57,7 +58,7 @@ func (h *client) Apply(ctx context.Context, c InstallableChart, desired State, v get := action.NewGet(cfg) release, err := get.Run(c.Name) if err != nil { - if err != driver.ErrReleaseNotFound { + if !errors.Is(err, driver.ErrReleaseNotFound) { return false, fmt.Errorf("failed to get status of release %s: %w", c.Name, err) } isInstalled = false diff --git a/src/k8s/pkg/client/kubernetes/status.go b/src/k8s/pkg/client/kubernetes/status.go index e98f87778..9046c4ca3 100644 --- a/src/k8s/pkg/client/kubernetes/status.go +++ b/src/k8s/pkg/client/kubernetes/status.go @@ -36,7 +36,7 @@ func (c *Client) HasReadyNodes(ctx context.Context) (bool, error) { nodes, err := c.CoreV1().Nodes().List(ctx, metav1.ListOptions{}) if err != nil { - return false, fmt.Errorf("failed to list nodes: %v", err) + return false, fmt.Errorf("failed to list nodes: %w", err) } for _, node := range nodes.Items { diff --git a/src/k8s/pkg/client/snapd/refresh_status.go b/src/k8s/pkg/client/snapd/refresh_status.go index b78b287a3..c6fa55581 100644 --- a/src/k8s/pkg/client/snapd/refresh_status.go +++ b/src/k8s/pkg/client/snapd/refresh_status.go @@ -21,12 +21,12 @@ func (c *Client) GetRefreshStatus(changeID string) (*types.RefreshStatus, error) resBody, err := io.ReadAll(resp.Body) if err != nil { - return nil, fmt.Errorf("client: could not read response body: %s", err) + return nil, fmt.Errorf("client: could not read response body: %w", err) } var changeResponse snapdChangeResponse if err := json.Unmarshal(resBody, &changeResponse); err != nil { - return nil, fmt.Errorf("client: could not unmarshal response body: %s", err) + return nil, fmt.Errorf("client: could not unmarshal response body: %w", err) } return &changeResponse.Result, nil diff --git a/src/k8s/pkg/docgen/godoc.go b/src/k8s/pkg/docgen/godoc.go index 3b414ea8d..68734f29e 100755 --- a/src/k8s/pkg/docgen/godoc.go +++ b/src/k8s/pkg/docgen/godoc.go @@ -79,7 +79,7 @@ func getPackageDoc(packagePath string, projectDir string) (*doc.Package, error) packageDir, err := getGoPackageDir(packagePath, projectDir) if err != nil { - return nil, fmt.Errorf("couldn't retrieve package dir, error: %v", err) + return nil, fmt.Errorf("couldn't retrieve package dir, error: %w", err) } pkg, err := parsePackageDir(packageDir) diff --git a/src/k8s/pkg/docgen/gomod.go b/src/k8s/pkg/docgen/gomod.go index a7f446f6d..f51ec2e52 100755 --- a/src/k8s/pkg/docgen/gomod.go +++ b/src/k8s/pkg/docgen/gomod.go @@ -2,11 +2,12 @@ package docgen import ( "fmt" - "golang.org/x/mod/modfile" - "golang.org/x/mod/module" "os" "path" "strings" + + "golang.org/x/mod/modfile" + "golang.org/x/mod/module" ) func getGoDepModulePath(name string, version string) (string, error) { @@ -22,13 +23,13 @@ func getGoDepModulePath(name string, version string) (string, error) { escapedPath, err := module.EscapePath(name) if err != nil { return "", fmt.Errorf( - "couldn't escape module path: %s %v", name, err) + "couldn't escape module path %s: %w", name, err) } escapedVersion, err := module.EscapeVersion(version) if err != nil { return "", fmt.Errorf( - "couldn't escape module version: %s %v", version, err) + "couldn't escape module version %s: %w", version, err) } path := path.Join(cachePath, escapedPath+"@"+escapedVersion) @@ -36,7 +37,7 @@ func getGoDepModulePath(name string, version string) (string, error) { // Validate the path. if _, err := os.Stat(path); err != nil { return "", fmt.Errorf( - "Go module path not accessible: %s %s %s, error: %v.", + "go module path not accessible %s %s %s: %w", name, version, path, err) } @@ -46,11 +47,11 @@ func getGoDepModulePath(name string, version string) (string, error) { func getDependencyVersionFromGoMod(goModPath string, packageName string, directOnly bool) (string, string, error) { goModContents, err := os.ReadFile(goModPath) if err != nil { - return "", "", fmt.Errorf("could not read go.mod file %s, error: %v", goModPath, err) + return "", "", fmt.Errorf("could not read go.mod file %s: %w", goModPath, err) } goModFile, err := modfile.ParseLax(goModPath, goModContents, nil) if err != nil { - return "", "", fmt.Errorf("could not parse go.mod file %s, error: %v", goModPath, err) + return "", "", fmt.Errorf("could not parse go.mod file %s: %w", goModPath, err) } for _, dep := range goModFile.Require { diff --git a/src/k8s/pkg/docgen/json_struct.go b/src/k8s/pkg/docgen/json_struct.go index d6463131e..097a886d0 100755 --- a/src/k8s/pkg/docgen/json_struct.go +++ b/src/k8s/pkg/docgen/json_struct.go @@ -57,8 +57,7 @@ func MarkdownFromJsonStructToFile(i any, outFilePath string, projectDir string) err = os.WriteFile(outFilePath, []byte(content), 0644) if err != nil { - return fmt.Errorf("failed to write markdown documentation to %s, error: %v.", - outFilePath, err) + return fmt.Errorf("failed to write markdown documentation to %s: %w", outFilePath, err) } return nil } @@ -105,7 +104,7 @@ func ParseStruct(i any, projectDir string) ([]Field, error) { fieldIface := reflect.ValueOf(i).FieldByName(field.Name).Interface() nestedFields, err := ParseStruct(fieldIface, projectDir) if err != nil { - return nil, fmt.Errorf("couldn't parse %s.%s, error: %v", inType, field.Name, err) + return nil, fmt.Errorf("couldn't parse %s.%s: %w", inType, field.Name, err) } outField := Field{ diff --git a/src/k8s/pkg/k8sd/database/schema.go b/src/k8s/pkg/k8sd/database/schema.go index 44d665629..b96a5559f 100644 --- a/src/k8s/pkg/k8sd/database/schema.go +++ b/src/k8s/pkg/k8sd/database/schema.go @@ -36,7 +36,7 @@ func schemaApplyMigration(migrationPath ...string) schema.Update { path := filepath.Join(append([]string{"sql", "migrations"}, migrationPath...)...) b, err := sqlMigrations.ReadFile(path) if err != nil { - panic(fmt.Errorf("invalid migration file %s: %s", path, err)) + panic(fmt.Errorf("invalid migration file %s: %w", path, err)) } return func(ctx context.Context, tx *sql.Tx) error { if _, err := tx.ExecContext(ctx, string(b)); err != nil { @@ -51,7 +51,7 @@ func MustPrepareStatement(queryPath ...string) int { path := filepath.Join(append([]string{"sql", "queries"}, queryPath...)...) b, err := sqlQueries.ReadFile(path) if err != nil { - panic(fmt.Errorf("invalid query file %s: %s", path, err)) + panic(fmt.Errorf("invalid query file %s: %w", path, err)) } return cluster.RegisterStmt(string(b)) } diff --git a/src/k8s/pkg/k8sd/features/calico/network.go b/src/k8s/pkg/k8sd/features/calico/network.go index 414ea2938..732e8f6c6 100644 --- a/src/k8s/pkg/k8sd/features/calico/network.go +++ b/src/k8s/pkg/k8sd/features/calico/network.go @@ -81,7 +81,7 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer serviceCIDRs := []string{} ipv4ServiceCIDR, ipv6ServiceCIDR, err := utils.SplitCIDRStrings(network.GetServiceCIDR()) if err != nil { - err = fmt.Errorf("invalid service cidr: %v", err) + err = fmt.Errorf("invalid service cidr: %w", err) return types.FeatureStatus{ Enabled: false, Version: CalicoTag, diff --git a/src/k8s/pkg/k8sd/features/cilium/network.go b/src/k8s/pkg/k8sd/features/cilium/network.go index 2d5fa78a0..1f3725041 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network.go +++ b/src/k8s/pkg/k8sd/features/cilium/network.go @@ -52,7 +52,7 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer ipv4CIDR, ipv6CIDR, err := utils.SplitCIDRStrings(network.GetPodCIDR()) if err != nil { - err = fmt.Errorf("invalid kube-proxy --cluster-cidr value: %v", err) + err = fmt.Errorf("invalid kube-proxy --cluster-cidr value: %w", err) return types.FeatureStatus{ Enabled: false, Version: CiliumAgentImageTag, diff --git a/src/k8s/pkg/k8sd/setup/templates.go b/src/k8s/pkg/k8sd/setup/templates.go index 8725c8f6a..f2e7a965f 100644 --- a/src/k8s/pkg/k8sd/setup/templates.go +++ b/src/k8s/pkg/k8sd/setup/templates.go @@ -16,7 +16,7 @@ func mustTemplate(parts ...string) *template.Template { path := filepath.Join(append([]string{"embed"}, parts...)...) b, err := templates.ReadFile(path) if err != nil { - panic(fmt.Errorf("invalid template %s: %s", path, err)) + panic(fmt.Errorf("invalid template %s: %w", path, err)) } return template.Must(template.New(path).Parse(string(b))) } diff --git a/src/k8s/pkg/snap/util/arguments.go b/src/k8s/pkg/snap/util/arguments.go index 63a5ae1c8..74c52697c 100644 --- a/src/k8s/pkg/snap/util/arguments.go +++ b/src/k8s/pkg/snap/util/arguments.go @@ -104,7 +104,7 @@ func UpdateServiceArguments(snap snap.Snap, serviceName string, updateMap map[st sort.Strings(newArguments) if err := os.WriteFile(argumentsFile, []byte(strings.Join(newArguments, "\n")+"\n"), 0600); err != nil { - return false, fmt.Errorf("failed to write arguments for service %s: %q", serviceName, err) + return false, fmt.Errorf("failed to write arguments for service %s: %w", serviceName, err) } return changed, nil } diff --git a/src/k8s/pkg/utils/control/retry_test.go b/src/k8s/pkg/utils/control/retry_test.go index 88ee21e31..ce1d078e3 100644 --- a/src/k8s/pkg/utils/control/retry_test.go +++ b/src/k8s/pkg/utils/control/retry_test.go @@ -42,7 +42,7 @@ func TestRetryFor(t *testing.T) { return errors.New("failed") }) - if err != context.Canceled { + if !errors.Is(err, context.Canceled) { t.Errorf("Expected context.Canceled error, got: %v", err) } }) diff --git a/src/k8s/pkg/utils/control/wait_test.go b/src/k8s/pkg/utils/control/wait_test.go index 9fb3cd2dc..2b18758e8 100644 --- a/src/k8s/pkg/utils/control/wait_test.go +++ b/src/k8s/pkg/utils/control/wait_test.go @@ -12,11 +12,11 @@ func mockCheckFunc() (bool, error) { return true, nil } -var testError = errors.New("test error") +var errTest = errors.New("test error") // Mock check function that returns an error. func mockErrorCheckFunc() (bool, error) { - return false, testError + return false, errTest } func TestWaitUntilReady(t *testing.T) { @@ -34,7 +34,7 @@ func TestWaitUntilReady(t *testing.T) { cancel2() // Cancel the context immediately err2 := WaitUntilReady(ctx2, mockCheckFunc) - if err2 == nil || err2 != context.Canceled { + if err2 == nil || !errors.Is(err2, context.Canceled) { t.Errorf("Expected context.Canceled error, got: %v", err2) } @@ -52,7 +52,7 @@ func TestWaitUntilReady(t *testing.T) { defer cancel4() err4 := WaitUntilReady(ctx4, mockErrorCheckFunc) - if err4 == nil || !errors.Is(err4, testError) { + if err4 == nil || !errors.Is(err4, errTest) { t.Errorf("Expected test error, got: %v", err4) } } From 95fe5331de079d87e78a4f400263d86a402b75f2 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Fri, 18 Oct 2024 16:44:14 +0200 Subject: [PATCH 056/122] Enable forbidigo linter (#734) --- .golangci.yml | 7 +++---- src/k8s/cmd/k8sd/k8sd_cluster_recover.go | 20 +++++++++---------- src/k8s/pkg/k8sd/api/cluster_tokens.go | 7 +++++-- .../pkg/k8sd/setup/auth-token-webhook.conf | 17 ++++++++++++++++ .../pkg/k8sd/setup/k8s-apiserver-proxy.json | 1 + 5 files changed, 36 insertions(+), 16 deletions(-) create mode 100644 src/k8s/pkg/k8sd/setup/auth-token-webhook.conf create mode 100644 src/k8s/pkg/k8sd/setup/k8s-apiserver-proxy.json diff --git a/.golangci.yml b/.golangci.yml index ec2758023..69d28050c 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -25,13 +25,12 @@ linters: # - errchkjson - errname - errorlint + - exhaustive + - fatcontext + - forbidigo # TODO(ben): Enable those linters step by step and fix existing issues. -# - exhaustive -# - exhaustruct -# - fatcontext -# - forbidigo # - forcetypeassert # - funlen # - gci diff --git a/src/k8s/cmd/k8sd/k8sd_cluster_recover.go b/src/k8s/cmd/k8sd/k8sd_cluster_recover.go index 661e0a646..0aba351d3 100755 --- a/src/k8s/cmd/k8sd/k8sd_cluster_recover.go +++ b/src/k8s/cmd/k8sd/k8sd_cluster_recover.go @@ -111,7 +111,7 @@ func newClusterRecoverCmd(env cmdutil.ExecutionEnvironment) *cobra.Command { AddDirHeader: true, }) - if err := recoveryCmdPrechecks(cmd.Context()); err != nil { + if err := recoveryCmdPrechecks(cmd); err != nil { cmd.PrintErrf("Recovery precheck failed: %v\n", err) env.Exit(1) } @@ -179,8 +179,8 @@ func removeEmptyLines(content []byte) []byte { return out } -func recoveryCmdPrechecks(ctx context.Context) error { - log := log.FromContext(ctx) +func recoveryCmdPrechecks(cmd *cobra.Command) error { + log := log.FromContext(cmd.Context()) log.V(1).Info("Running prechecks.") @@ -195,15 +195,15 @@ func recoveryCmdPrechecks(ctx context.Context) error { return fmt.Errorf("k8sd state dir not specified") } - fmt.Print(preRecoveryMessage) - fmt.Print("\n") + cmd.Print(preRecoveryMessage) + cmd.Print("\n") if clusterRecoverOpts.NonInteractive { - fmt.Print(nonInteractiveMessage) - fmt.Print("\n") + cmd.Print(nonInteractiveMessage) + cmd.Print("\n") } else { reader := bufio.NewReader(os.Stdin) - fmt.Print(recoveryConfirmation) + cmd.Print(recoveryConfirmation) input, err := reader.ReadString('\n') if err != nil { @@ -215,11 +215,11 @@ func recoveryCmdPrechecks(ctx context.Context) error { return fmt.Errorf("cluster edit aborted; no changes made") } - fmt.Print("\n") + cmd.Print("\n") } if !clusterRecoverOpts.SkipK8sDqlite { - if err := ensureK8sDqliteMembersStopped(ctx); err != nil { + if err := ensureK8sDqliteMembersStopped(cmd.Context()); err != nil { return err } } diff --git a/src/k8s/pkg/k8sd/api/cluster_tokens.go b/src/k8s/pkg/k8sd/api/cluster_tokens.go index d685ce1b9..1562f4b23 100644 --- a/src/k8s/pkg/k8sd/api/cluster_tokens.go +++ b/src/k8s/pkg/k8sd/api/cluster_tokens.go @@ -10,6 +10,7 @@ import ( apiv1 "github.com/canonical/k8s-snap-api/api/v1" "github.com/canonical/k8s/pkg/k8sd/database" "github.com/canonical/k8s/pkg/k8sd/types" + "github.com/canonical/k8s/pkg/log" "github.com/canonical/k8s/pkg/utils" "github.com/canonical/lxd/lxd/response" "github.com/canonical/microcluster/v3/microcluster" @@ -48,17 +49,19 @@ func (e *Endpoints) postClusterJoinTokens(s state.State, r *http.Request) respon } func getOrCreateJoinToken(ctx context.Context, m *microcluster.MicroCluster, tokenName string, ttl time.Duration) (string, error) { + log := log.FromContext(ctx) + // grab token if it exists and return it records, err := m.ListJoinTokens(ctx) if err != nil { - fmt.Println("Failed to get existing tokens. Trying to create a new token.") + log.V(1).Info("Failed to get existing tokens. Trying to create a new token.") } else { for _, record := range records { if record.Name == tokenName { return record.Token, nil } } - fmt.Println("No token exists yet. Creating a new token.") + log.V(1).Info("No token exists yet. Creating a new token.") } token, err := m.NewJoinToken(ctx, tokenName, ttl) diff --git a/src/k8s/pkg/k8sd/setup/auth-token-webhook.conf b/src/k8s/pkg/k8sd/setup/auth-token-webhook.conf new file mode 100644 index 000000000..39273db4a --- /dev/null +++ b/src/k8s/pkg/k8sd/setup/auth-token-webhook.conf @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Config +clusters: + - name: k8s-token-auth-service + cluster: + certificate-authority: "cluster.crt" + tls-server-name: 127.0.0.1 + server: "https://auth-webhook.url" +current-context: webhook +contexts: +- context: + cluster: k8s-token-auth-service + user: k8s-apiserver + name: webhook +users: + - name: k8s-apiserver + user: {} diff --git a/src/k8s/pkg/k8sd/setup/k8s-apiserver-proxy.json b/src/k8s/pkg/k8sd/setup/k8s-apiserver-proxy.json new file mode 100644 index 000000000..5a1c21735 --- /dev/null +++ b/src/k8s/pkg/k8sd/setup/k8s-apiserver-proxy.json @@ -0,0 +1 @@ +{"endpoints":null} \ No newline at end of file From 18e1a24528c1f804be6feeea1001441de7df4d0e Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Fri, 18 Oct 2024 17:22:56 +0200 Subject: [PATCH 057/122] IPv6-only address CIDR and Scope (#741) --- src/k8s/pkg/utils/cidr.go | 77 ++++++++++++++++-- src/k8s/pkg/utils/cidr_test.go | 67 +++++++++++++--- tests/integration/lxd-ipv6-profile.yaml | 7 ++ tests/integration/tests/conftest.py | 14 ++-- tests/integration/tests/test_networking.py | 80 ++++++++++++++++--- tests/integration/tests/test_util/config.py | 14 ++++ .../tests/test_util/harness/base.py | 2 +- .../tests/test_util/harness/juju.py | 6 +- .../tests/test_util/harness/local.py | 6 +- .../tests/test_util/harness/lxd.py | 27 ++++++- .../tests/test_util/harness/multipass.py | 8 +- 11 files changed, 265 insertions(+), 43 deletions(-) create mode 100644 tests/integration/lxd-ipv6-profile.yaml diff --git a/src/k8s/pkg/utils/cidr.go b/src/k8s/pkg/utils/cidr.go index 9b129b68f..32600325c 100644 --- a/src/k8s/pkg/utils/cidr.go +++ b/src/k8s/pkg/utils/cidr.go @@ -4,6 +4,7 @@ import ( "fmt" "math/big" "net" + "regexp" "strconv" "strings" @@ -11,6 +12,8 @@ import ( ) // findMatchingNodeAddress returns the IP address of a network interface that belongs to the given CIDR. +// It prefers the address with the fewest subnet bits. +// Loopback addresses are ignored. func findMatchingNodeAddress(cidr *net.IPNet) (net.IP, error) { addrs, err := net.InterfaceAddrs() if err != nil { @@ -25,7 +28,7 @@ func findMatchingNodeAddress(cidr *net.IPNet) (net.IP, error) { if !ok { continue } - if cidr.Contains(ipNet.IP) { + if cidr.Contains(ipNet.IP) && !ipNet.IP.IsLoopback() { _, subnetBits := cidr.Mask.Size() if selectedSubnetBits == -1 || subnetBits < selectedSubnetBits { // Prefer the address with the fewest subnet bits @@ -75,6 +78,21 @@ func GetKubernetesServiceIPsFromServiceCIDRs(serviceCIDR string) ([]net.IP, erro // ParseAddressString parses an address string and returns a canonical network address. func ParseAddressString(address string, port int64) (string, error) { + // Matches a CIDR block at the beginning of the address string + // e.g. [2001:db8::/32]:8080 + re := regexp.MustCompile(`^\[?([a-z0-9:.]+\/[0-9]+)\]?`) + cidrMatches := re.FindStringSubmatch(address) + if len(cidrMatches) != 0 { + // Resolve CIDR + if _, ipNet, err := net.ParseCIDR(cidrMatches[1]); err == nil { + matchingIP, err := findMatchingNodeAddress(ipNet) + if err != nil { + return "", fmt.Errorf("failed to find a matching node address for %q: %w", address, err) + } + address = strings.ReplaceAll(address, cidrMatches[1], matchingIP.String()) + } + } + host, hostPort, err := net.SplitHostPort(address) if err == nil { address = host @@ -90,15 +108,62 @@ func ParseAddressString(address string, port int64) (string, error) { if address == "" { address = util.NetworkInterfaceAddress() - } else if _, ipNet, err := net.ParseCIDR(address); err == nil { - matchingIP, err := findMatchingNodeAddress(ipNet) + } + + return net.JoinHostPort(address, fmt.Sprintf("%d", port)), nil +} + +// GetDefaultAddress returns the default IPv4 and IPv6 addresses of the host. +func GetDefaultAddress() (ipv4, ipv6 string, err error) { + // Get a list of network interfaces. + interfaces, err := net.Interfaces() + if err != nil { + return "", "", fmt.Errorf("failed to get network interfaces: %w", err) + } + + // Loop through each network interface + for _, iface := range interfaces { + // Skip interfaces that are down or loopback interfaces + if iface.Flags&net.FlagUp == 0 || iface.Flags&net.FlagLoopback != 0 { + continue + } + + // Get a list of addresses for the current interface. + addrs, err := iface.Addrs() if err != nil { - return "", fmt.Errorf("failed to find a matching node address for %q: %w", address, err) + return "", "", fmt.Errorf("failed to get addresses for interface %q: %w", iface.Name, err) + } + + // Loop through each address + for _, addr := range addrs { + // Parse the address to get the IP + var ip net.IP + switch v := addr.(type) { + case *net.IPNet: + ip = v.IP + case *net.IPAddr: + ip = v.IP + } + + // Check if it's an IPv4 or IPv6 address and not a loopback + if ip.IsLoopback() { + continue + } + + if ip.To4() != nil && ipv4 == "" { + ipv4 = ip.String() + } else if ip.To4() == nil && ipv6 == "" { + ipv6 = ip.String() + } + + // Break early if both IPv4 and IPv6 addresses are found + if ipv4 != "" && ipv6 != "" { + return ipv4, ipv6, nil + } } - address = matchingIP.String() } - return util.CanonicalNetworkAddress(address, port), nil + return ipv4, ipv6, nil } // SplitCIDRStrings parses the given CIDR string and returns the respective IPv4 and IPv6 CIDRs. diff --git a/src/k8s/pkg/utils/cidr_test.go b/src/k8s/pkg/utils/cidr_test.go index 5bb1aef23..cd052165d 100644 --- a/src/k8s/pkg/utils/cidr_test.go +++ b/src/k8s/pkg/utils/cidr_test.go @@ -1,12 +1,12 @@ package utils_test import ( + "errors" "fmt" "net" "testing" "github.com/canonical/k8s/pkg/utils" - "github.com/canonical/lxd/lxd/util" . "github.com/onsi/gomega" ) @@ -76,12 +76,20 @@ func TestParseAddressString(t *testing.T) { g := NewWithT(t) // Seed the default address - defaultAddress := util.NetworkInterfaceAddress() - ip := net.ParseIP(defaultAddress) - subnetMask := net.CIDRMask(24, 32) - networkAddress := ip.Mask(subnetMask) + defaultIPv4, defaultIPv6, err := utils.GetDefaultAddress() + g.Expect(err).ToNot(HaveOccurred()) + + ip4 := net.ParseIP(defaultIPv4) + subnetMask4 := net.CIDRMask(24, 32) + networkAddress4 := ip4.Mask(subnetMask4) + // Infer the CIDR notation + networkAddressCIDR := fmt.Sprintf("%s/24", networkAddress4.String()) + + ip6 := net.ParseIP(defaultIPv6) + subnetMask6 := net.CIDRMask(64, 128) + networkAddress6 := ip6.Mask(subnetMask6) // Infer the CIDR notation - networkAddressCIDR := fmt.Sprintf("%s/24", networkAddress.String()) + networkAddressCIDR6 := fmt.Sprintf("%s/64", networkAddress6.String()) for _, tc := range []struct { name string @@ -90,18 +98,28 @@ func TestParseAddressString(t *testing.T) { want string wantErr bool }{ - {name: "EmptyAddress", address: "", port: 8080, want: fmt.Sprintf("%s:8080", defaultAddress), wantErr: false}, - {name: "CIDR", address: networkAddressCIDR, port: 8080, want: fmt.Sprintf("%s:8080", defaultAddress), wantErr: false}, - {name: "CIDRAndPort", address: fmt.Sprintf("%s:9090", networkAddressCIDR), port: 8080, want: fmt.Sprintf("%s:9090", defaultAddress), wantErr: false}, + {name: "CIDR6LinkLocalPort", address: "[::/0%eth0]:9090", port: 8080, want: fmt.Sprintf("[%s%%eth0]:9090", defaultIPv6), wantErr: false}, + {name: "CIDRAndPort", address: fmt.Sprintf("%s:9090", networkAddressCIDR), port: 8080, want: fmt.Sprintf("%s:9090", defaultIPv4), wantErr: false}, + {name: "CIDR", address: networkAddressCIDR, port: 8080, want: fmt.Sprintf("%s:8080", defaultIPv4), wantErr: false}, + {name: "EmptyAddress", address: "", port: 8080, want: fmt.Sprintf("%s:8080", defaultIPv4), wantErr: false}, + {name: "CIDR6LinkLocalDefault", address: "::/0%eth0", port: 8080, want: fmt.Sprintf("[%s%%eth0]:8080", defaultIPv6), wantErr: false}, + {name: "CIDR6Default", address: "::/0", port: 8080, want: fmt.Sprintf("[%s]:8080", defaultIPv6), wantErr: false}, + {name: "CIDR6DefaultPort", address: "[::/0]:9090", port: 8080, want: fmt.Sprintf("[%s]:9090", defaultIPv6), wantErr: false}, + {name: "CIDR6DefaultPort", address: "[::/0]:9090", port: 8080, want: fmt.Sprintf("[%s]:9090", defaultIPv6), wantErr: false}, + {name: "CIDR6", address: networkAddressCIDR6, port: 8080, want: fmt.Sprintf("[%s]:8080", defaultIPv6), wantErr: false}, + {name: "CIDR6AndPort", address: fmt.Sprintf("[%s]:9090", networkAddressCIDR6), port: 8080, want: fmt.Sprintf("[%s]:9090", defaultIPv6), wantErr: false}, {name: "IPv4", address: "10.0.0.10", port: 8080, want: "10.0.0.10:8080", wantErr: false}, {name: "IPv4AndPort", address: "10.0.0.10:9090", port: 8080, want: "10.0.0.10:9090", wantErr: false}, {name: "NonMatchingCIDR", address: "10.10.5.0/24", port: 8080, want: "", wantErr: true}, {name: "IPv6", address: "fe80::1:234", port: 8080, want: "[fe80::1:234]:8080", wantErr: false}, + {name: "IPv6Zone", address: "fe80::1:234%eth0", port: 8080, want: "[fe80::1:234%eth0]:8080", wantErr: false}, + {name: "IPv6ZoneAndPort", address: "[fe80::1:234%eth0]:9090", port: 8080, want: "[fe80::1:234%eth0]:9090", wantErr: false}, {name: "IPv6AndPort", address: "[fe80::1:234]:9090", port: 8080, want: "[fe80::1:234]:9090", wantErr: false}, {name: "InvalidPort", address: "127.0.0.1:invalid-port", port: 0, want: "", wantErr: true}, {name: "PortOutOfBounds", address: "10.0.0.10:70799", port: 8080, want: "", wantErr: true}, } { t.Run(tc.name, func(t *testing.T) { + g := NewWithT(t) got, err := utils.ParseAddressString(tc.address, tc.port) if tc.wantErr { g.Expect(err).To(HaveOccurred()) @@ -205,3 +223,34 @@ func TestToIPString(t *testing.T) { }) } } + +// getInterfaceNameForIP returns the network interface name associated with the given IP. +func getInterfaceNameForIP(ip net.IP) (string, error) { + interfaces, err := net.Interfaces() + if err != nil { + return "", err + } + + for _, iface := range interfaces { + addrs, err := iface.Addrs() + if err != nil { + return "", err + } + + for _, addr := range addrs { + var ipAddr net.IP + switch v := addr.(type) { + case *net.IPNet: + ipAddr = v.IP + case *net.IPAddr: + ipAddr = v.IP + } + + if ipAddr.Equal(ip) { + return iface.Name, nil + } + } + } + + return "", errors.New("no interface found for the given IP") +} diff --git a/tests/integration/lxd-ipv6-profile.yaml b/tests/integration/lxd-ipv6-profile.yaml new file mode 100644 index 000000000..900edd7d2 --- /dev/null +++ b/tests/integration/lxd-ipv6-profile.yaml @@ -0,0 +1,7 @@ +description: "LXD profile for Canonical Kubernetes with IPv6-only networking" +devices: + eth0: + name: eth0 + nictype: bridged + parent: LXD_IPV6_NETWORK + type: nic diff --git a/tests/integration/tests/conftest.py b/tests/integration/tests/conftest.py index bb62acaa4..14057a0eb 100644 --- a/tests/integration/tests/conftest.py +++ b/tests/integration/tests/conftest.py @@ -85,7 +85,7 @@ def pytest_configure(config): "bootstrap_config: Provide a custom bootstrap config to the bootstrapping node.\n" "disable_k8s_bootstrapping: By default, the first k8s node is bootstrapped. This marker disables that.\n" "no_setup: No setup steps (pushing snap, bootstrapping etc.) are performed on any node for this test.\n" - "dualstack: Support dualstack on the instances.\n" + "network_type: Specify network type to use for the infrastructure (IPv4, Dualstack or IPv6).\n" "etcd_count: Mark a test to specify how many etcd instance nodes need to be created (None by default)\n" "node_count: Mark a test to specify how many instance nodes need to be created\n" "snap_versions: Mark a test to specify snap_versions for each node\n", @@ -130,8 +130,12 @@ def bootstrap_config(request) -> Union[str, None]: @pytest.fixture(scope="function") -def dualstack(request) -> bool: - return bool(request.node.get_closest_marker("dualstack")) +def network_type(request) -> Union[str, None]: + bootstrap_config_marker = request.node.get_closest_marker("network_type") + if not bootstrap_config_marker: + return "IPv4" + network_type, *_ = bootstrap_config_marker.args + return network_type @pytest.fixture(scope="function") @@ -142,8 +146,8 @@ def instances( disable_k8s_bootstrapping: bool, no_setup: bool, bootstrap_config: Union[str, None], - dualstack: bool, request, + network_type: str, ) -> Generator[List[harness.Instance], None, None]: """Construct instances for a cluster. @@ -157,7 +161,7 @@ def instances( for _, snap in zip(range(node_count), snap_versions(request)): # Create instances and setup the k8s snap in each. - instance = h.new_instance(dualstack=dualstack) + instance = h.new_instance(network_type=network_type) instances.append(instance) if not no_setup: util.setup_k8s_snap(instance, tmp_path, snap) diff --git a/tests/integration/tests/test_networking.py b/tests/integration/tests/test_networking.py index c1e30ea95..f7715a82e 100644 --- a/tests/integration/tests/test_networking.py +++ b/tests/integration/tests/test_networking.py @@ -61,12 +61,12 @@ def test_dualstack(instances: List[harness.Instance]): @pytest.mark.node_count(3) @pytest.mark.disable_k8s_bootstrapping() -@pytest.mark.dualstack() +@pytest.mark.network_type("dualstack") @pytest.mark.skipif( os.getenv("TEST_IPV6_ONLY") in ["false", None], reason="IPv6 is currently only supported for moonray/calico", ) -def test_ipv6_only(instances: List[harness.Instance]): +def test_ipv6_only_on_dualstack_infra(instances: List[harness.Instance]): main = instances[0] joining_cp = instances[1] joining_worker = instances[2] @@ -75,22 +75,84 @@ def test_ipv6_only(instances: List[harness.Instance]): config.MANIFESTS_DIR / "bootstrap-ipv6-only.yaml" ).read_text() - ipv6_address = util.get_global_unicast_ipv6(main) main.exec( - ["k8s", "bootstrap", "--file", "-", "--address", ipv6_address], + ["k8s", "bootstrap", "--file", "-", "--address", "::/0"], input=str.encode(ipv6_bootstrap_config), ) join_token = util.get_join_token(main, joining_cp) - ipv6_address = util.get_global_unicast_ipv6(joining_cp) - joining_cp.exec(["k8s", "join-cluster", join_token, "--address", ipv6_address]) + joining_cp.exec(["k8s", "join-cluster", join_token, "--address", "::/0"]) join_token_worker = util.get_join_token(main, joining_worker, "--worker") - ipv6_address = util.get_global_unicast_ipv6(joining_worker) - joining_worker.exec( - ["k8s", "join-cluster", join_token_worker, "--address", ipv6_address] + joining_worker.exec(["k8s", "join-cluster", join_token_worker, "--address", "::/0"]) + + # Deploy nginx with ipv6 service + ipv6_config = (config.MANIFESTS_DIR / "nginx-ipv6-only.yaml").read_text() + main.exec(["k8s", "kubectl", "apply", "-f", "-"], input=str.encode(ipv6_config)) + addresses = ( + util.stubbornly(retries=5, delay_s=3) + .on(main) + .exec( + [ + "k8s", + "kubectl", + "get", + "svc", + "nginx-ipv6", + "-o", + "jsonpath='{.spec.clusterIPs[*]}'", + ], + text=True, + capture_output=True, + ) + .stdout + ) + + for ip in addresses.split(): + addr = ip_address(ip.strip("'")) + if isinstance(addr, IPv6Address): + address = f"http://[{str(addr)}]" + elif isinstance(addr, IPv4Address): + assert False, "IPv4 address found in IPv6-only cluster" + else: + pytest.fail(f"Unknown IP address type: {addr}") + + # need to shell out otherwise this runs into permission errors + util.stubbornly(retries=3, delay_s=1).on(main).exec( + ["curl", address], shell=True + ) + + # This might take a while + util.stubbornly(retries=30, delay_s=20).until(util.ready_nodes(main) == 3) + + +@pytest.mark.node_count(3) +@pytest.mark.disable_k8s_bootstrapping() +@pytest.mark.network_type("ipv6") +@pytest.mark.skipif( + os.getenv("TEST_IPV6_ONLY") in ["false", None], + reason="IPv6 is currently only supported for moonray/calico", +) +def test_ipv6_only_on_ipv6_infra(instances: List[harness.Instance]): + main = instances[0] + joining_cp = instances[1] + joining_worker = instances[2] + + ipv6_bootstrap_config = ( + config.MANIFESTS_DIR / "bootstrap-ipv6-only.yaml" + ).read_text() + + main.exec( + ["k8s", "bootstrap", "--file", "-"], + input=str.encode(ipv6_bootstrap_config), ) + join_token = util.get_join_token(main, joining_cp) + joining_cp.exec(["k8s", "join-cluster", join_token]) + + join_token_worker = util.get_join_token(main, joining_worker, "--worker") + joining_worker.exec(["k8s", "join-cluster", join_token_worker]) + # Deploy nginx with ipv6 service ipv6_config = (config.MANIFESTS_DIR / "nginx-ipv6-only.yaml").read_text() main.exec(["k8s", "kubectl", "apply", "-f", "-"], input=str.encode(ipv6_config)) diff --git a/tests/integration/tests/test_util/config.py b/tests/integration/tests/test_util/config.py index 45c9ea5e6..f2ed98434 100644 --- a/tests/integration/tests/test_util/config.py +++ b/tests/integration/tests/test_util/config.py @@ -61,6 +61,20 @@ or (DIR / ".." / ".." / "lxd-dualstack-profile.yaml").read_text() ) +# LXD_IPV6_NETWORK is the network to use for LXD containers with ipv6-only configured. +LXD_IPV6_NETWORK = os.getenv("TEST_LXD_IPV6_NETWORK") or "ipv6-br0" + +# LXD_IPV6_PROFILE_NAME is the profile name to use for LXD containers with ipv6-only configured. +LXD_IPV6_PROFILE_NAME = ( + os.getenv("TEST_LXD_IPV6_PROFILE_NAME") or "k8s-integration-ipv6" +) + +# LXD_IPV6_PROFILE is the profile to use for LXD containers with ipv6-only configured. +LXD_IPV6_PROFILE = ( + os.getenv("TEST_LXD_IPV6_PROFILE") + or (DIR / ".." / ".." / "lxd-ipv6-profile.yaml").read_text() +) + # LXD_IMAGE is the image to use for LXD containers. LXD_IMAGE = os.getenv("TEST_LXD_IMAGE") or "ubuntu:22.04" diff --git a/tests/integration/tests/test_util/harness/base.py b/tests/integration/tests/test_util/harness/base.py index de12508c6..7e01ea04f 100644 --- a/tests/integration/tests/test_util/harness/base.py +++ b/tests/integration/tests/test_util/harness/base.py @@ -49,7 +49,7 @@ class Harness: name: str - def new_instance(self, dualstack: bool = False) -> Instance: + def new_instance(self, network_type: str = "IPv4") -> Instance: """Creates a new instance on the infrastructure and returns an object which can be used to interact with it. diff --git a/tests/integration/tests/test_util/harness/juju.py b/tests/integration/tests/test_util/harness/juju.py index d8e3a694c..ad89e956e 100644 --- a/tests/integration/tests/test_util/harness/juju.py +++ b/tests/integration/tests/test_util/harness/juju.py @@ -53,9 +53,9 @@ def __init__(self): self.constraints, ) - def new_instance(self, dualstack: bool = False) -> Instance: - if dualstack: - raise HarnessError("Dualstack is currently not supported by Juju harness") + def new_instance(self, network_type: str = "IPv4") -> Instance: + if network_type: + raise HarnessError("Currently only IPv4 is supported by Juju harness") for instance_id in self.existing_machines: if not self.existing_machines[instance_id]: diff --git a/tests/integration/tests/test_util/harness/local.py b/tests/integration/tests/test_util/harness/local.py index 2b790c6cf..7c71b2970 100644 --- a/tests/integration/tests/test_util/harness/local.py +++ b/tests/integration/tests/test_util/harness/local.py @@ -27,12 +27,12 @@ def __init__(self): LOG.debug("Configured local substrate") - def new_instance(self, dualstack: bool = False) -> Instance: + def new_instance(self, network_type: str = "IPv4") -> Instance: if self.initialized: raise HarnessError("local substrate only supports up to one instance") - if dualstack: - raise HarnessError("Dualstack is currently not supported by Local harness") + if network_type != "IPv4": + raise HarnessError("Currently only IPv4 is supported by Local harness") self.initialized = True LOG.debug("Initializing instance") diff --git a/tests/integration/tests/test_util/harness/lxd.py b/tests/integration/tests/test_util/harness/lxd.py index bc2c3909e..9081aaed2 100644 --- a/tests/integration/tests/test_util/harness/lxd.py +++ b/tests/integration/tests/test_util/harness/lxd.py @@ -52,11 +52,26 @@ def __init__(self): ), ) + self._configure_network( + config.LXD_IPV6_NETWORK, + "ipv4.address=none", + "ipv6.address=auto", + "ipv4.nat=false", + "ipv6.nat=true", + ) + self.ipv6_profile = config.LXD_IPV6_PROFILE_NAME + self._configure_profile( + self.ipv6_profile, + config.LXD_IPV6_PROFILE.replace( + "LXD_IPV6_NETWORK", config.LXD_IPV6_NETWORK + ), + ) + LOG.debug( "Configured LXD substrate (profile %s, image %s)", self.profile, self.image ) - def new_instance(self, dualstack: bool = False) -> Instance: + def new_instance(self, network_type: str = "IPv4") -> Instance: instance_id = f"k8s-integration-{os.urandom(3).hex()}-{self.next_id()}" LOG.debug("Creating instance %s with image %s", instance_id, self.image) @@ -71,9 +86,17 @@ def new_instance(self, dualstack: bool = False) -> Instance: self.profile, ] - if dualstack: + if network_type.lower() not in ["ipv4", "dualstack", "ipv6"]: + raise HarnessError( + f"unknown network type {network_type}, need to be one of 'IPv4', 'IPv6', 'dualstack'" + ) + + if network_type.lower() == "dualstack": launch_lxd_command.extend(["-p", self.dualstack_profile]) + if network_type.lower() == "ipv6": + launch_lxd_command.extend(["-p", self.ipv6_profile]) + try: stubbornly(retries=3, delay_s=1).exec(launch_lxd_command) self.instances.add(instance_id) diff --git a/tests/integration/tests/test_util/harness/multipass.py b/tests/integration/tests/test_util/harness/multipass.py index 4cea3a194..218b3eb17 100644 --- a/tests/integration/tests/test_util/harness/multipass.py +++ b/tests/integration/tests/test_util/harness/multipass.py @@ -36,11 +36,9 @@ def __init__(self): LOG.debug("Configured Multipass substrate (image %s)", self.image) - def new_instance(self, dualstack: bool = False) -> Instance: - if dualstack: - raise HarnessError( - "Dualstack is currently not supported by Multipass harness" - ) + def new_instance(self, network_type: str = "IPv4") -> Instance: + if network_type: + raise HarnessError("Currently only IPv4 is supported by Multipass harness") instance_id = f"k8s-integration-{os.urandom(3).hex()}-{self.next_id()}" From cabc95867a3ad048a408f8c26cb585297263a722 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berkay=20Tekin=20=C3=96z?= Date: Fri, 18 Oct 2024 18:23:36 +0300 Subject: [PATCH 058/122] Add annotations for configuring which devices cilium use for routing (#728) This commit adds annotations for configuring which devices cilium use for routing --- src/k8s/cmd/k8s/k8s_bootstrap_test.go | 5 +- src/k8s/go.mod | 2 +- src/k8s/go.sum | 4 +- src/k8s/pkg/k8sd/api/cluster_remove.go | 3 +- src/k8s/pkg/k8sd/app/hooks_remove.go | 3 +- src/k8s/pkg/k8sd/features/calico/internal.go | 49 ++++++----------- .../pkg/k8sd/features/calico/internal_test.go | 17 +++--- src/k8s/pkg/k8sd/features/cilium/internal.go | 25 +++++++++ .../pkg/k8sd/features/cilium/internal_test.go | 55 +++++++++++++++++++ src/k8s/pkg/k8sd/features/cilium/network.go | 34 ++++++++++-- .../pkg/k8sd/features/cilium/network_test.go | 21 ++++++- .../k8sd/features/metrics-server/internal.go | 12 ++-- 12 files changed, 167 insertions(+), 63 deletions(-) create mode 100644 src/k8s/pkg/k8sd/features/cilium/internal.go create mode 100644 src/k8s/pkg/k8sd/features/cilium/internal_test.go diff --git a/src/k8s/cmd/k8s/k8s_bootstrap_test.go b/src/k8s/cmd/k8s/k8s_bootstrap_test.go index b486beb18..c4b852f7d 100644 --- a/src/k8s/cmd/k8s/k8s_bootstrap_test.go +++ b/src/k8s/cmd/k8s/k8s_bootstrap_test.go @@ -8,6 +8,7 @@ import ( "testing" apiv1 "github.com/canonical/k8s-snap-api/api/v1" + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations" cmdutil "github.com/canonical/k8s/cmd/util" "github.com/canonical/k8s/pkg/utils" . "github.com/onsi/gomega" @@ -63,8 +64,8 @@ var testCases = []testCase{ }, CloudProvider: utils.Pointer("external"), Annotations: map[string]string{ - apiv1.AnnotationSkipCleanupKubernetesNodeOnRemove: "true", - apiv1.AnnotationSkipStopServicesOnRemove: "true", + apiv1_annotations.AnnotationSkipCleanupKubernetesNodeOnRemove: "true", + apiv1_annotations.AnnotationSkipStopServicesOnRemove: "true", }, }, ControlPlaneTaints: []string{"node-role.kubernetes.io/control-plane:NoSchedule"}, diff --git a/src/k8s/go.mod b/src/k8s/go.mod index 00d2f0681..00d8b9633 100644 --- a/src/k8s/go.mod +++ b/src/k8s/go.mod @@ -5,7 +5,7 @@ go 1.22.6 require ( dario.cat/mergo v1.0.0 github.com/canonical/go-dqlite v1.22.0 - github.com/canonical/k8s-snap-api v1.0.10 + github.com/canonical/k8s-snap-api v1.0.11 github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 github.com/go-logr/logr v1.4.2 diff --git a/src/k8s/go.sum b/src/k8s/go.sum index 0ce367e78..e2bf4dcf9 100644 --- a/src/k8s/go.sum +++ b/src/k8s/go.sum @@ -99,8 +99,8 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXe github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/canonical/go-dqlite v1.22.0 h1:DuJmfcREl4gkQJyvZzjl2GHFZROhbPyfdjDRQXpkOyw= github.com/canonical/go-dqlite v1.22.0/go.mod h1:Uvy943N8R4CFUAs59A1NVaziWY9nJ686lScY7ywurfg= -github.com/canonical/k8s-snap-api v1.0.10 h1:BoAw4Vr8mR8MWTKeZZxH5LmrF3JYGSZHDv+KEo5ifoU= -github.com/canonical/k8s-snap-api v1.0.10/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= +github.com/canonical/k8s-snap-api v1.0.11 h1:nGtwrUQBLiaL3HUXFx2gb4kq6qVpl2yNwMwHVX0dEok= +github.com/canonical/k8s-snap-api v1.0.11/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 h1:YOqZ+/14OPZ+/TOXpRHIX3KLT0C+wZVpewKIwlGUmW0= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230/go.mod h1:YVGI7HStOKsV+cMyXWnJ7RaMPaeWtrkxyIPvGWbgACc= github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 h1:UrnpglbXELlxtufdk6DGDytu2JzyzuS3WTsOwPrkQLI= diff --git a/src/k8s/pkg/k8sd/api/cluster_remove.go b/src/k8s/pkg/k8sd/api/cluster_remove.go index 6cbc22e62..731389683 100644 --- a/src/k8s/pkg/k8sd/api/cluster_remove.go +++ b/src/k8s/pkg/k8sd/api/cluster_remove.go @@ -8,6 +8,7 @@ import ( "time" apiv1 "github.com/canonical/k8s-snap-api/api/v1" + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations" databaseutil "github.com/canonical/k8s/pkg/k8sd/database/util" "github.com/canonical/k8s/pkg/log" "github.com/canonical/k8s/pkg/utils" @@ -87,7 +88,7 @@ func (e *Endpoints) postClusterRemove(s state.State, r *http.Request) response.R return response.InternalError(fmt.Errorf("failed to get cluster config: %w", err)) } - if _, ok := cfg.Annotations[apiv1.AnnotationSkipCleanupKubernetesNodeOnRemove]; ok { + if _, ok := cfg.Annotations[apiv1_annotations.AnnotationSkipCleanupKubernetesNodeOnRemove]; ok { // Explicitly skip removing the node from Kubernetes. log.Info("Skipping Kubernetes worker node removal") return response.SyncResponse(true, nil) diff --git a/src/k8s/pkg/k8sd/app/hooks_remove.go b/src/k8s/pkg/k8sd/app/hooks_remove.go index 2aaa66e75..86b4d6c87 100644 --- a/src/k8s/pkg/k8sd/app/hooks_remove.go +++ b/src/k8s/pkg/k8sd/app/hooks_remove.go @@ -8,6 +8,7 @@ import ( "os" apiv1 "github.com/canonical/k8s-snap-api/api/v1" + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations" databaseutil "github.com/canonical/k8s/pkg/k8sd/database/util" "github.com/canonical/k8s/pkg/k8sd/pki" "github.com/canonical/k8s/pkg/k8sd/setup" @@ -61,7 +62,7 @@ func (a *App) onPreRemove(ctx context.Context, s state.State, force bool) (rerr cfg, err := databaseutil.GetClusterConfig(ctx, s) if err == nil { - if _, ok := cfg.Annotations.Get(apiv1.AnnotationSkipCleanupKubernetesNodeOnRemove); !ok { + if _, ok := cfg.Annotations.Get(apiv1_annotations.AnnotationSkipCleanupKubernetesNodeOnRemove); !ok { c, err := snap.KubernetesClient("") if err != nil { log.Error(err, "Failed to create Kubernetes client", err) diff --git a/src/k8s/pkg/k8sd/features/calico/internal.go b/src/k8s/pkg/k8sd/features/calico/internal.go index 930bc674a..10a7a2d75 100644 --- a/src/k8s/pkg/k8sd/features/calico/internal.go +++ b/src/k8s/pkg/k8sd/features/calico/internal.go @@ -4,27 +4,10 @@ import ( "fmt" "strings" + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations/calico" "github.com/canonical/k8s/pkg/k8sd/types" ) -const ( - annotationAPIServerEnabled = "k8sd/v1alpha1/calico/apiserver-enabled" - annotationEncapsulationV4 = "k8sd/v1alpha1/calico/encapsulation-v4" - annotationEncapsulationV6 = "k8sd/v1alpha1/calico/encapsulation-v6" - annotationAutodetectionV4FirstFound = "k8sd/v1alpha1/calico/autodetection-v4/firstFound" - annotationAutodetectionV4Kubernetes = "k8sd/v1alpha1/calico/autodetection-v4/kubernetes" - annotationAutodetectionV4Interface = "k8sd/v1alpha1/calico/autodetection-v4/interface" - annotationAutodetectionV4SkipInterface = "k8sd/v1alpha1/calico/autodetection-v4/skipInterface" - annotationAutodetectionV4CanReach = "k8sd/v1alpha1/calico/autodetection-v4/canReach" - annotationAutodetectionV4CIDRs = "k8sd/v1alpha1/calico/autodetection-v4/cidrs" - annotationAutodetectionV6FirstFound = "k8sd/v1alpha1/calico/autodetection-v6/firstFound" - annotationAutodetectionV6Kubernetes = "k8sd/v1alpha1/calico/autodetection-v6/kubernetes" - annotationAutodetectionV6Interface = "k8sd/v1alpha1/calico/autodetection-v6/interface" - annotationAutodetectionV6SkipInterface = "k8sd/v1alpha1/calico/autodetection-v6/skipInterface" - annotationAutodetectionV6CanReach = "k8sd/v1alpha1/calico/autodetection-v6/canReach" - annotationAutodetectionV6CIDRs = "k8sd/v1alpha1/calico/autodetection-v6/cidrs" -) - type config struct { encapsulationV4 string encapsulationV6 string @@ -82,18 +65,18 @@ func internalConfig(annotations types.Annotations) (config, error) { apiServerEnabled: defaultAPIServerEnabled, } - if v, ok := annotations.Get(annotationAPIServerEnabled); ok { + if v, ok := annotations.Get(apiv1_annotations.AnnotationAPIServerEnabled); ok { c.apiServerEnabled = v == "true" } - if v, ok := annotations.Get(annotationEncapsulationV4); ok { + if v, ok := annotations.Get(apiv1_annotations.AnnotationEncapsulationV4); ok { if err := checkEncapsulation(v); err != nil { return config{}, fmt.Errorf("invalid encapsulation-v4 annotation: %w", err) } c.encapsulationV4 = v } - if v, ok := annotations.Get(annotationEncapsulationV6); ok { + if v, ok := annotations.Get(apiv1_annotations.AnnotationEncapsulationV6); ok { if err := checkEncapsulation(v); err != nil { return config{}, fmt.Errorf("invalid encapsulation-v6 annotation: %w", err) } @@ -101,12 +84,12 @@ func internalConfig(annotations types.Annotations) (config, error) { } v4Map := map[string]string{ - annotationAutodetectionV4FirstFound: "firstFound", - annotationAutodetectionV4Kubernetes: "kubernetes", - annotationAutodetectionV4Interface: "interface", - annotationAutodetectionV4SkipInterface: "skipInterface", - annotationAutodetectionV4CanReach: "canReach", - annotationAutodetectionV4CIDRs: "cidrs", + apiv1_annotations.AnnotationAutodetectionV4FirstFound: "firstFound", + apiv1_annotations.AnnotationAutodetectionV4Kubernetes: "kubernetes", + apiv1_annotations.AnnotationAutodetectionV4Interface: "interface", + apiv1_annotations.AnnotationAutodetectionV4SkipInterface: "skipInterface", + apiv1_annotations.AnnotationAutodetectionV4CanReach: "canReach", + apiv1_annotations.AnnotationAutodetectionV4CIDRs: "cidrs", } autodetectionV4, err := parseAutodetectionAnnotations(annotations, v4Map) @@ -119,12 +102,12 @@ func internalConfig(annotations types.Annotations) (config, error) { } v6Map := map[string]string{ - annotationAutodetectionV6FirstFound: "firstFound", - annotationAutodetectionV6Kubernetes: "kubernetes", - annotationAutodetectionV6Interface: "interface", - annotationAutodetectionV6SkipInterface: "skipInterface", - annotationAutodetectionV6CanReach: "canReach", - annotationAutodetectionV6CIDRs: "cidrs", + apiv1_annotations.AnnotationAutodetectionV6FirstFound: "firstFound", + apiv1_annotations.AnnotationAutodetectionV6Kubernetes: "kubernetes", + apiv1_annotations.AnnotationAutodetectionV6Interface: "interface", + apiv1_annotations.AnnotationAutodetectionV6SkipInterface: "skipInterface", + apiv1_annotations.AnnotationAutodetectionV6CanReach: "canReach", + apiv1_annotations.AnnotationAutodetectionV6CIDRs: "cidrs", } autodetectionV6, err := parseAutodetectionAnnotations(annotations, v6Map) diff --git a/src/k8s/pkg/k8sd/features/calico/internal_test.go b/src/k8s/pkg/k8sd/features/calico/internal_test.go index dd4c630fb..208198315 100644 --- a/src/k8s/pkg/k8sd/features/calico/internal_test.go +++ b/src/k8s/pkg/k8sd/features/calico/internal_test.go @@ -3,6 +3,7 @@ package calico import ( "testing" + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations/calico" . "github.com/onsi/gomega" ) @@ -26,8 +27,8 @@ func TestInternalConfig(t *testing.T) { { name: "Valid", annotations: map[string]string{ - annotationAPIServerEnabled: "true", - annotationEncapsulationV4: "IPIP", + apiv1_annotations.AnnotationAPIServerEnabled: "true", + apiv1_annotations.AnnotationEncapsulationV4: "IPIP", }, expectedConfig: config{ apiServerEnabled: true, @@ -39,15 +40,15 @@ func TestInternalConfig(t *testing.T) { { name: "InvalidEncapsulation", annotations: map[string]string{ - annotationEncapsulationV4: "Invalid", + apiv1_annotations.AnnotationEncapsulationV4: "Invalid", }, expectError: true, }, { name: "InvalidAPIServerEnabled", annotations: map[string]string{ - annotationAPIServerEnabled: "invalid", - annotationEncapsulationV4: "VXLAN", + apiv1_annotations.AnnotationAPIServerEnabled: "invalid", + apiv1_annotations.AnnotationEncapsulationV4: "VXLAN", }, expectedConfig: config{ apiServerEnabled: false, @@ -59,15 +60,15 @@ func TestInternalConfig(t *testing.T) { { name: "MultipleAutodetectionV4", annotations: map[string]string{ - annotationAutodetectionV4FirstFound: "true", - annotationAutodetectionV4Kubernetes: "true", + apiv1_annotations.AnnotationAutodetectionV4FirstFound: "true", + apiv1_annotations.AnnotationAutodetectionV4Kubernetes: "true", }, expectError: true, }, { name: "ValidAutodetectionCidrs", annotations: map[string]string{ - annotationAutodetectionV4CIDRs: "10.1.0.0/16,2001:0db8::/32", + apiv1_annotations.AnnotationAutodetectionV4CIDRs: "10.1.0.0/16,2001:0db8::/32", }, expectedConfig: config{ apiServerEnabled: false, diff --git a/src/k8s/pkg/k8sd/features/cilium/internal.go b/src/k8s/pkg/k8sd/features/cilium/internal.go new file mode 100644 index 000000000..e386eb1c5 --- /dev/null +++ b/src/k8s/pkg/k8sd/features/cilium/internal.go @@ -0,0 +1,25 @@ +package cilium + +import ( + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations/cilium" + "github.com/canonical/k8s/pkg/k8sd/types" +) + +type config struct { + devices string + directRoutingDevice string +} + +func internalConfig(annotations types.Annotations) (config, error) { + c := config{} + + if v, ok := annotations.Get(apiv1_annotations.AnnotationDevices); ok { + c.devices = v + } + + if v, ok := annotations.Get(apiv1_annotations.AnnotationDirectRoutingDevice); ok { + c.directRoutingDevice = v + } + + return c, nil +} diff --git a/src/k8s/pkg/k8sd/features/cilium/internal_test.go b/src/k8s/pkg/k8sd/features/cilium/internal_test.go new file mode 100644 index 000000000..e171fbbb3 --- /dev/null +++ b/src/k8s/pkg/k8sd/features/cilium/internal_test.go @@ -0,0 +1,55 @@ +package cilium + +import ( + "testing" + + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations/cilium" + . "github.com/onsi/gomega" +) + +func TestInternalConfig(t *testing.T) { + for _, tc := range []struct { + name string + annotations map[string]string + expectedConfig config + expectError bool + }{ + { + name: "Empty", + annotations: map[string]string{}, + expectedConfig: config{ + devices: "", + directRoutingDevice: "", + }, + expectError: false, + }, + { + name: "Valid", + annotations: map[string]string{ + apiv1_annotations.AnnotationDevices: "eth+ lxdbr+", + apiv1_annotations.AnnotationDirectRoutingDevice: "eth0", + }, + expectedConfig: config{ + devices: "eth+ lxdbr+", + directRoutingDevice: "eth0", + }, + expectError: false, + }, + } { + t.Run(tc.name, func(t *testing.T) { + g := NewWithT(t) + annotations := make(map[string]string) + for k, v := range tc.annotations { + annotations[k] = v + } + + parsed, err := internalConfig(annotations) + if tc.expectError { + g.Expect(err).To(HaveOccurred()) + } else { + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(parsed).To(Equal(tc.expectedConfig)) + } + }) + } +} diff --git a/src/k8s/pkg/k8sd/features/cilium/network.go b/src/k8s/pkg/k8sd/features/cilium/network.go index 1f3725041..425e2dc6e 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network.go +++ b/src/k8s/pkg/k8sd/features/cilium/network.go @@ -31,7 +31,7 @@ var ( // deployment. // ApplyNetwork returns an error if anything fails. The error is also wrapped in the .Message field of the // returned FeatureStatus. -func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer, network types.Network, _ types.Annotations) (types.FeatureStatus, error) { +func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer, network types.Network, annotations types.Annotations) (types.FeatureStatus, error) { m := snap.HelmClient() if !network.GetEnabled() { @@ -50,6 +50,16 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer }, nil } + config, err := internalConfig(annotations) + if err != nil { + err = fmt.Errorf("failed to parse annotations: %w", err) + return types.FeatureStatus{ + Enabled: false, + Version: CiliumAgentImageTag, + Message: fmt.Sprintf(networkDeployFailedMsgTmpl, err), + }, err + } + ipv4CIDR, ipv6CIDR, err := utils.SplitCIDRStrings(network.GetPodCIDR()) if err != nil { err = fmt.Errorf("invalid kube-proxy --cluster-cidr value: %w", err) @@ -60,6 +70,16 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer }, err } + ciliumNodePortValues := map[string]any{ + "enabled": true, + // kube-proxy also binds to the same port for health checks so we need to disable it + "enableHealthCheck": false, + } + + if config.directRoutingDevice != "" { + ciliumNodePortValues["directRoutingDevice"] = config.directRoutingDevice + } + values := map[string]any{ "image": map[string]any{ "repository": ciliumAgentImageRepo, @@ -94,16 +114,18 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer }, }, // https://docs.cilium.io/en/v1.15/network/kubernetes/kubeproxy-free/#kube-proxy-hybrid-modes - "nodePort": map[string]any{ - "enabled": true, - // kube-proxy also binds to the same port for health checks so we need to disable it - "enableHealthCheck": false, - }, + "nodePort": ciliumNodePortValues, "disableEnvoyVersionCheck": true, // socketLB requires an endpoint to the apiserver that's not managed by the kube-proxy // so we point to the localhost:secureport to talk to either the kube-apiserver or the kube-apiserver-proxy "k8sServiceHost": network.GetLocalhostAddress(), "k8sServicePort": apiserver.GetSecurePort(), + // This flag enables the runtime device detection which is set to true by default in Cilium 1.16+ + "enableRuntimeDeviceDetection": true, + } + + if config.devices != "" { + values["devices"] = config.devices } if snap.Strict() { diff --git a/src/k8s/pkg/k8sd/features/cilium/network_test.go b/src/k8s/pkg/k8sd/features/cilium/network_test.go index dc0b1a53e..925139c1e 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/network_test.go @@ -6,6 +6,7 @@ import ( "fmt" "testing" + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations/cilium" "github.com/canonical/k8s/pkg/client/helm" helmmock "github.com/canonical/k8s/pkg/client/helm/mock" "github.com/canonical/k8s/pkg/k8sd/types" @@ -20,6 +21,12 @@ import ( ) // NOTE(hue): status.Message is not checked sometimes to avoid unnecessary complexity + +var annotations = types.Annotations{ + apiv1_annotations.AnnotationDevices: "eth+ lxdbr+", + apiv1_annotations.AnnotationDirectRoutingDevice: "eth0", +} + func TestNetworkDisabled(t *testing.T) { t.Run("HelmApplyFails", func(t *testing.T) { g := NewWithT(t) @@ -130,7 +137,7 @@ func TestNetworkEnabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, annotations) g.Expect(err).ToNot(HaveOccurred()) g.Expect(status.Enabled).To(BeTrue()) @@ -165,7 +172,7 @@ func TestNetworkEnabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, annotations) g.Expect(err).To(MatchError(applyErr)) g.Expect(status.Enabled).To(BeFalse()) @@ -390,4 +397,14 @@ func validateNetworkValues(g Gomega, values map[string]any, network types.Networ g.Expect(values["ipam"].(map[string]any)["operator"].(map[string]any)["clusterPoolIPv6PodCIDRList"]).To(Equal(ipv6CIDR)) g.Expect(values["ipv4"].(map[string]any)["enabled"]).To(Equal((ipv4CIDR != ""))) g.Expect(values["ipv6"].(map[string]any)["enabled"]).To(Equal((ipv6CIDR != ""))) + + devices, exists := annotations.Get(apiv1_annotations.AnnotationDevices) + if exists { + g.Expect(values["devices"]).To(Equal(devices)) + } + + directRoutingDevice, exists := annotations.Get(apiv1_annotations.AnnotationDirectRoutingDevice) + if exists { + g.Expect(values["nodePort"].(map[string]any)["directRoutingDevice"]).To(Equal(directRoutingDevice)) + } } diff --git a/src/k8s/pkg/k8sd/features/metrics-server/internal.go b/src/k8s/pkg/k8sd/features/metrics-server/internal.go index 2300b7139..c927e348d 100644 --- a/src/k8s/pkg/k8sd/features/metrics-server/internal.go +++ b/src/k8s/pkg/k8sd/features/metrics-server/internal.go @@ -1,10 +1,8 @@ package metrics_server -import "github.com/canonical/k8s/pkg/k8sd/types" - -const ( - annotationImageRepo = "k8sd/v1alpha1/metrics-server/image-repo" - annotationImageTag = "k8sd/v1alpha1/metrics-server/image-tag" +import ( + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations/metrics-server" + "github.com/canonical/k8s/pkg/k8sd/types" ) type config struct { @@ -18,10 +16,10 @@ func internalConfig(annotations types.Annotations) config { imageTag: imageTag, } - if v, ok := annotations.Get(annotationImageRepo); ok { + if v, ok := annotations.Get(apiv1_annotations.AnnotationImageRepo); ok { config.imageRepo = v } - if v, ok := annotations.Get(annotationImageTag); ok { + if v, ok := annotations.Get(apiv1_annotations.AnnotationImageTag); ok { config.imageTag = v } From 8ae6d48026eb26d188e41c73a29b9acf0b1cab1f Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Fri, 18 Oct 2024 21:24:19 +0200 Subject: [PATCH 059/122] Enable type assertions check (#735) --- .golangci.yml | 3 +- src/k8s/pkg/docgen/godoc.go | 47 +++++++++++++------- src/k8s/pkg/k8sd/features/calico/internal.go | 6 ++- src/k8s/pkg/k8sd/features/contour/ingress.go | 10 ++++- src/k8s/pkg/utils/mapstructure.go | 29 +++++++++--- 5 files changed, 69 insertions(+), 26 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 69d28050c..97f0da4c1 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -28,10 +28,10 @@ linters: - exhaustive - fatcontext - forbidigo + - forcetypeassert # TODO(ben): Enable those linters step by step and fix existing issues. -# - forcetypeassert # - funlen # - gci # - ginkgolinter @@ -328,3 +328,4 @@ issues: linters: - dupword - err113 + - forcetypeassert diff --git a/src/k8s/pkg/docgen/godoc.go b/src/k8s/pkg/docgen/godoc.go index 68734f29e..eaa50c572 100755 --- a/src/k8s/pkg/docgen/godoc.go +++ b/src/k8s/pkg/docgen/godoc.go @@ -11,30 +11,39 @@ import ( var packageDocCache = make(map[string]*doc.Package) -func findTypeSpec(decl *ast.GenDecl, symbol string) *ast.TypeSpec { +func findTypeSpec(decl *ast.GenDecl, symbol string) (*ast.TypeSpec, error) { for _, spec := range decl.Specs { - typeSpec := spec.(*ast.TypeSpec) + typeSpec, ok := spec.(*ast.TypeSpec) + if !ok { + return nil, fmt.Errorf("spec is not *ast.TypeSpec") + } if symbol == typeSpec.Name.Name { - return typeSpec + return typeSpec, nil } } - return nil + return nil, nil } -func getStructTypeFromDoc(packageDoc *doc.Package, structName string) *ast.StructType { +func getStructTypeFromDoc(packageDoc *doc.Package, structName string) (*ast.StructType, error) { for _, docType := range packageDoc.Types { if structName != docType.Name { continue } - typeSpec := findTypeSpec(docType.Decl, docType.Name) + typeSpec, err := findTypeSpec(docType.Decl, docType.Name) + if err != nil { + return nil, fmt.Errorf("failed to find type spec: %w", err) + } + if typeSpec == nil { + continue + } structType, ok := typeSpec.Type.(*ast.StructType) if !ok { // Not a structure. continue } - return structType + return structType, nil } - return nil + return nil, nil } func parsePackageDir(packageDir string) (*ast.Package, error) { @@ -60,15 +69,15 @@ func parsePackageDir(packageDir string) (*ast.Package, error) { return nil, fmt.Errorf("failed to parse go package") } -func getAstStructField(structType *ast.StructType, fieldName string) *ast.Field { +func getAstStructField(structType *ast.StructType, fieldName string) (*ast.Field, error) { for _, field := range structType.Fields.List { for _, fieldIdent := range field.Names { if fieldIdent.Name == fieldName { - return field + return field, nil } } } - return nil + return nil, nil } func getPackageDoc(packagePath string, projectDir string) (*doc.Package, error) { @@ -79,12 +88,12 @@ func getPackageDoc(packagePath string, projectDir string) (*doc.Package, error) packageDir, err := getGoPackageDir(packagePath, projectDir) if err != nil { - return nil, fmt.Errorf("couldn't retrieve package dir, error: %w", err) + return nil, fmt.Errorf("failed to retrieve package dir: %w", err) } pkg, err := parsePackageDir(packageDir) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to parse package dir: %w", err) } packageDoc = doc.New(pkg, packageDir, doc.AllDecls|doc.PreserveAST) @@ -98,15 +107,21 @@ func getFieldDocstring(i any, field reflect.StructField, projectDir string) (str packageDoc, err := getPackageDoc(inType.PkgPath(), projectDir) if err != nil { - return "", err + return "", fmt.Errorf("failed to retrieve package doc: %w", err) } - structType := getStructTypeFromDoc(packageDoc, inType.Name()) + structType, err := getStructTypeFromDoc(packageDoc, inType.Name()) + if err != nil { + return "", fmt.Errorf("failed to retrieve struct type: %w", err) + } if structType == nil { return "", fmt.Errorf("could not find %s structure definition", inType.Name()) } - astField := getAstStructField(structType, field.Name) + astField, err := getAstStructField(structType, field.Name) + if err != nil { + return "", fmt.Errorf("failed to retrieve struct field: %w", err) + } if astField == nil { return "", fmt.Errorf("could not find %s.%s field definition", inType.Name(), field.Name) } diff --git a/src/k8s/pkg/k8sd/features/calico/internal.go b/src/k8s/pkg/k8sd/features/calico/internal.go index 10a7a2d75..e3e48443d 100644 --- a/src/k8s/pkg/k8sd/features/calico/internal.go +++ b/src/k8s/pkg/k8sd/features/calico/internal.go @@ -47,7 +47,11 @@ func parseAutodetectionAnnotations(annotations types.Annotations, autodetectionM case "firstFound": autodetectionValue = autodetectionValue == "true" case "cidrs": - autodetectionValue = strings.Split(autodetectionValue.(string), ",") + if strValue, ok := autodetectionValue.(string); ok { + autodetectionValue = strings.Split(strValue, ",") + } else { + return nil, fmt.Errorf("invalid type for cidrs annotation: %T", autodetectionValue) + } } return map[string]any{ diff --git a/src/k8s/pkg/k8sd/features/contour/ingress.go b/src/k8s/pkg/k8sd/features/contour/ingress.go index cf2f45ebe..062016a0e 100644 --- a/src/k8s/pkg/k8sd/features/contour/ingress.go +++ b/src/k8s/pkg/k8sd/features/contour/ingress.go @@ -90,7 +90,15 @@ func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, _ } if ingress.GetEnableProxyProtocol() { - contour := values["contour"].(map[string]any) + contour, ok := values["contour"].(map[string]any) + if !ok { + err := fmt.Errorf("unexpected type for contour values") + return types.FeatureStatus{ + Enabled: false, + Version: ContourIngressContourImageTag, + Message: fmt.Sprintf(IngressDeployFailedMsgTmpl, err), + }, err + } contour["extraArgs"] = []string{"--use-proxy-protocol"} } diff --git a/src/k8s/pkg/utils/mapstructure.go b/src/k8s/pkg/utils/mapstructure.go index 60e650b45..19fc297b0 100644 --- a/src/k8s/pkg/utils/mapstructure.go +++ b/src/k8s/pkg/utils/mapstructure.go @@ -1,6 +1,7 @@ package utils import ( + "fmt" "reflect" "strings" "unicode" @@ -15,12 +16,16 @@ func YAMLToStringSliceHookFunc(f reflect.Kind, t reflect.Kind, data interface{}) return data, nil } - if data.(string) == "" { + strData, ok := data.(string) + if !ok { + return nil, fmt.Errorf("expected string but got %T", data) + } + if strData == "" { return data, nil } var result []string - if err := yaml.Unmarshal([]byte(data.(string)), &result); err != nil { + if err := yaml.Unmarshal([]byte(strData), &result); err != nil { return data, nil } @@ -34,7 +39,10 @@ func StringToFieldsSliceHookFunc(r rune) mapstructure.DecodeHookFunc { return data, nil } - raw := data.(string) + raw, ok := data.(string) + if !ok { + return nil, fmt.Errorf("expected string but got %T", data) + } if raw == "" { return []string{}, nil } @@ -49,12 +57,16 @@ func YAMLToStringMapHookFunc(f reflect.Kind, t reflect.Kind, data interface{}) ( return data, nil } - if data.(string) == "" { + strData, ok := data.(string) + if !ok { + return nil, fmt.Errorf("expected string but got %T", data) + } + if strData == "" { return map[string]string{}, nil } var result map[string]string - if err := yaml.Unmarshal([]byte(data.(string)), &result); err != nil { + if err := yaml.Unmarshal([]byte(strData), &result); err != nil { return data, nil } @@ -67,14 +79,17 @@ func StringToStringMapHookFunc(f reflect.Kind, t reflect.Kind, data interface{}) return data, nil } - raw := data.(string) + raw, ok := data.(string) + if !ok { + return nil, fmt.Errorf("expected string but got %T", data) + } if raw == "" { return map[string]string{}, nil } fields := strings.FieldsFunc(raw, func(this rune) bool { return this == ',' || unicode.IsSpace(this) }) result := make(map[string]string, len(fields)) - for _, kv := range strings.FieldsFunc(raw, func(this rune) bool { return this == ',' || unicode.IsSpace(this) }) { + for _, kv := range fields { parts := strings.SplitN(kv, "=", 2) if len(parts) < 2 { return data, nil From 499a2db33c90fd223609d42813d807b399d2c25a Mon Sep 17 00:00:00 2001 From: Adam Dyess Date: Fri, 18 Oct 2024 16:11:41 -0500 Subject: [PATCH 060/122] Allow tests to override how long wait for slower clouds providers to pull images (#751) --- tests/integration/tests/test_networking.py | 8 ++++++-- tests/integration/tests/test_util/config.py | 4 ++++ tests/integration/tests/test_util/util.py | 4 ++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/tests/integration/tests/test_networking.py b/tests/integration/tests/test_networking.py index f7715a82e..af6449471 100644 --- a/tests/integration/tests/test_networking.py +++ b/tests/integration/tests/test_networking.py @@ -123,7 +123,9 @@ def test_ipv6_only_on_dualstack_infra(instances: List[harness.Instance]): ) # This might take a while - util.stubbornly(retries=30, delay_s=20).until(util.ready_nodes(main) == 3) + util.stubbornly(retries=config.DEFAULT_WAIT_RETRIES, delay_s=20).until( + util.ready_nodes(main) == 3 + ) @pytest.mark.node_count(3) @@ -190,4 +192,6 @@ def test_ipv6_only_on_ipv6_infra(instances: List[harness.Instance]): ) # This might take a while - util.stubbornly(retries=30, delay_s=20).until(util.ready_nodes(main) == 3) + util.stubbornly(retries=config.DEFAULT_WAIT_RETRIES, delay_s=20).until( + util.ready_nodes(main) == 3 + ) diff --git a/tests/integration/tests/test_util/config.py b/tests/integration/tests/test_util/config.py index f2ed98434..4f8440955 100644 --- a/tests/integration/tests/test_util/config.py +++ b/tests/integration/tests/test_util/config.py @@ -6,6 +6,10 @@ DIR = Path(__file__).absolute().parent +# The following defaults are used to define how long to wait for a condition to be met. +DEFAULT_WAIT_RETRIES = os.getenv("TEST_DEFAULT_WAIT_RETRIES") or 30 +DEFAULT_WAIT_DELAY_S = os.getenv("TEST_DEFAULT_WAIT_DELAY_S") or 5 + MANIFESTS_DIR = DIR / ".." / ".." / "templates" # ETCD_DIR contains all templates required to setup an etcd database. diff --git a/tests/integration/tests/test_util/util.py b/tests/integration/tests/test_util/util.py index 391d73f6a..66073db73 100644 --- a/tests/integration/tests/test_util/util.py +++ b/tests/integration/tests/test_util/util.py @@ -183,8 +183,8 @@ def setup_k8s_snap( def wait_until_k8s_ready( control_node: harness.Instance, instances: List[harness.Instance], - retries: int = 30, - delay_s: int = 5, + retries: int = config.DEFAULT_WAIT_RETRIES, + delay_s: int = config.DEFAULT_WAIT_DELAY_S, node_names: Mapping[str, str] = {}, ): """ From 84a1769a7276ee2ad7f146349a220319f4c1848b Mon Sep 17 00:00:00 2001 From: Adam Dyess Date: Fri, 18 Oct 2024 22:51:51 -0500 Subject: [PATCH 061/122] retries and delay_s values should be ints (#753) --- tests/integration/tests/test_util/config.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/tests/test_util/config.py b/tests/integration/tests/test_util/config.py index 4f8440955..ce4fc5967 100644 --- a/tests/integration/tests/test_util/config.py +++ b/tests/integration/tests/test_util/config.py @@ -7,8 +7,8 @@ DIR = Path(__file__).absolute().parent # The following defaults are used to define how long to wait for a condition to be met. -DEFAULT_WAIT_RETRIES = os.getenv("TEST_DEFAULT_WAIT_RETRIES") or 30 -DEFAULT_WAIT_DELAY_S = os.getenv("TEST_DEFAULT_WAIT_DELAY_S") or 5 +DEFAULT_WAIT_RETRIES = int(os.getenv("TEST_DEFAULT_WAIT_RETRIES") or 30) +DEFAULT_WAIT_DELAY_S = int(os.getenv("TEST_DEFAULT_WAIT_DELAY_S") or 5) MANIFESTS_DIR = DIR / ".." / ".." / "templates" From f21e2a9cbb339273979e4fae2fee6f599918017f Mon Sep 17 00:00:00 2001 From: Adam Dyess Date: Sat, 19 Oct 2024 01:24:26 -0500 Subject: [PATCH 062/122] Fix conflict using manual trivy and the trivy action (#752) --- .github/workflows/integration.yaml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index c6c032fbe..be291b991 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -144,10 +144,12 @@ jobs: path: build - name: Setup Trivy vulnerability scanner run: | - mkdir -p sarifs + mkdir -p manual-trivy/sarifs + pushd manual-trivy VER=$(curl --silent -qI https://github.com/aquasecurity/trivy/releases/latest | awk -F '/' '/^location/ {print substr($NF, 1, length($NF)-1)}'); wget https://github.com/aquasecurity/trivy/releases/download/${VER}/trivy_${VER#v}_Linux-64bit.tar.gz tar -zxvf ./trivy_${VER#v}_Linux-64bit.tar.gz + popd - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@master with: @@ -158,13 +160,16 @@ jobs: severity: "MEDIUM,HIGH,CRITICAL" - name: Gather Trivy repo scan results run: | - cp trivy-k8s-repo-scan--results.sarif ./sarifs/ + cp trivy-k8s-repo-scan--results.sarif ./manual-trivy/sarifs/ - name: Run Trivy vulnerability scanner on the snap run: | + for var in $(env | grep -o '^TRIVY_[^=]*'); do + unset "$var" + done cp build/k8s.snap . unsquashfs k8s.snap - ./trivy rootfs ./squashfs-root/ --format sarif > sarifs/snap.sarif + ./manual-trivy/trivy rootfs ./squashfs-root/ --format sarif > ./manual-trivy/sarifs/snap.sarif - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: "sarifs" + sarif_file: "./manual-trivy/sarifs" From 4d0d1cc21eaacede44e5d0db7a9c61af95db8324 Mon Sep 17 00:00:00 2001 From: Adam Dyess Date: Sat, 19 Oct 2024 10:29:26 -0500 Subject: [PATCH 063/122] Remove stray TRIVY_* env vars for a manual run of trivy (#754) --- .github/workflows/cron-jobs.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/cron-jobs.yaml b/.github/workflows/cron-jobs.yaml index 907452165..14f302107 100644 --- a/.github/workflows/cron-jobs.yaml +++ b/.github/workflows/cron-jobs.yaml @@ -114,6 +114,9 @@ jobs: snap download k8s --channel ${{ matrix.channel }} mv ./k8s*.snap ./k8s.snap unsquashfs k8s.snap + for var in $(env | grep -o '^TRIVY_[^=]*'); do + unset "$var" + done ./trivy rootfs ./squashfs-root/ --format sarif > sarifs/snap.sarif - name: Get HEAD sha run: | From fea66eebc74a4ac588449a11690d81ad09718d18 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Sun, 20 Oct 2024 19:39:02 +0200 Subject: [PATCH 064/122] Enable gci linter for imports (#736) --- .golangci.yml | 4 ++-- src/k8s/cmd/k8s/hooks.go | 1 - src/k8s/cmd/k8sd/k8sd_cluster_recover.go | 7 +++---- src/k8s/pkg/client/kubernetes/server_groups_test.go | 5 ++--- src/k8s/pkg/k8sd/controllers/csrsigning/controller.go | 1 - .../controllers/csrsigning/reconcile_approve_test.go | 7 +++---- .../pkg/k8sd/controllers/csrsigning/reconcile_test.go | 9 ++++----- src/k8s/pkg/k8sd/database/cluster_config_test.go | 2 +- src/k8s/pkg/k8sd/database/feature_status_test.go | 3 +-- src/k8s/pkg/k8sd/features/calico/network_test.go | 3 +-- src/k8s/pkg/k8sd/features/calico/status.go | 1 - src/k8s/pkg/k8sd/features/cilium/gateway_test.go | 1 - src/k8s/pkg/k8sd/features/cilium/ingress_test.go | 1 - src/k8s/pkg/k8sd/features/cilium/network_test.go | 1 - src/k8s/pkg/k8sd/features/cilium/status.go | 1 - src/k8s/pkg/k8sd/features/contour/gateway_test.go | 1 - src/k8s/pkg/k8sd/features/contour/ingress_test.go | 1 - src/k8s/pkg/k8sd/features/coredns/coredns_test.go | 11 +++++------ src/k8s/pkg/k8sd/features/coredns/status.go | 1 - src/k8s/pkg/k8sd/features/localpv/localpv_test.go | 5 ++--- .../pkg/k8sd/features/metallb/loadbalancer_test.go | 11 +++++------ src/k8s/pkg/snap/pebble_test.go | 1 - src/k8s/pkg/snap/snap_test.go | 1 - src/k8s/pkg/utils/certificate_test.go | 1 - src/k8s/pkg/utils/file.go | 3 +-- 25 files changed, 30 insertions(+), 53 deletions(-) mode change 100755 => 100644 src/k8s/cmd/k8sd/k8sd_cluster_recover.go diff --git a/.golangci.yml b/.golangci.yml index 97f0da4c1..5efceb99b 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -29,11 +29,11 @@ linters: - fatcontext - forbidigo - forcetypeassert + # - funlen - TODO(ben): maybe consider later; needs some refactoring + - gci # TODO(ben): Enable those linters step by step and fix existing issues. -# - funlen -# - gci # - ginkgolinter # - gocheckcompilerdirectives # - gochecknoglobals diff --git a/src/k8s/cmd/k8s/hooks.go b/src/k8s/cmd/k8s/hooks.go index 7ea0798ff..c7dc87272 100644 --- a/src/k8s/cmd/k8s/hooks.go +++ b/src/k8s/cmd/k8s/hooks.go @@ -2,7 +2,6 @@ package k8s import ( cmdutil "github.com/canonical/k8s/cmd/util" - "github.com/spf13/cobra" ) diff --git a/src/k8s/cmd/k8sd/k8sd_cluster_recover.go b/src/k8s/cmd/k8sd/k8sd_cluster_recover.go old mode 100755 new mode 100644 index 0aba351d3..ad8437ca9 --- a/src/k8s/cmd/k8sd/k8sd_cluster_recover.go +++ b/src/k8s/cmd/k8sd/k8sd_cluster_recover.go @@ -16,6 +16,9 @@ import ( "github.com/canonical/go-dqlite" "github.com/canonical/go-dqlite/app" "github.com/canonical/go-dqlite/client" + cmdutil "github.com/canonical/k8s/cmd/util" + "github.com/canonical/k8s/pkg/log" + "github.com/canonical/k8s/pkg/utils" "github.com/canonical/lxd/shared" "github.com/canonical/lxd/shared/termios" "github.com/canonical/microcluster/v3/cluster" @@ -23,10 +26,6 @@ import ( "github.com/spf13/cobra" "golang.org/x/sys/unix" "gopkg.in/yaml.v2" - - cmdutil "github.com/canonical/k8s/cmd/util" - "github.com/canonical/k8s/pkg/log" - "github.com/canonical/k8s/pkg/utils" ) const preRecoveryMessage = `You should only run this command if: diff --git a/src/k8s/pkg/client/kubernetes/server_groups_test.go b/src/k8s/pkg/client/kubernetes/server_groups_test.go index 3126442a5..4928d7347 100644 --- a/src/k8s/pkg/client/kubernetes/server_groups_test.go +++ b/src/k8s/pkg/client/kubernetes/server_groups_test.go @@ -3,12 +3,11 @@ package kubernetes_test import ( "testing" - fakediscovery "k8s.io/client-go/discovery/fake" - fakeclientset "k8s.io/client-go/kubernetes/fake" - "github.com/canonical/k8s/pkg/client/kubernetes" . "github.com/onsi/gomega" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + fakediscovery "k8s.io/client-go/discovery/fake" + fakeclientset "k8s.io/client-go/kubernetes/fake" ) func TestListResourcesForGroupVersion(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/controllers/csrsigning/controller.go b/src/k8s/pkg/k8sd/controllers/csrsigning/controller.go index 3ecdb7877..03371a9d7 100644 --- a/src/k8s/pkg/k8sd/controllers/csrsigning/controller.go +++ b/src/k8s/pkg/k8sd/controllers/csrsigning/controller.go @@ -10,7 +10,6 @@ import ( "github.com/canonical/k8s/pkg/snap" "github.com/canonical/k8s/pkg/utils" "k8s.io/client-go/rest" - "sigs.k8s.io/controller-runtime/pkg/cache" ctrllog "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/manager" diff --git a/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_approve_test.go b/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_approve_test.go index 78cbb819e..9c2a6f574 100644 --- a/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_approve_test.go +++ b/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_approve_test.go @@ -8,15 +8,14 @@ import ( "errors" "testing" + k8smock "github.com/canonical/k8s/pkg/k8sd/controllers/csrsigning/test" + "github.com/canonical/k8s/pkg/log" + pkiutil "github.com/canonical/k8s/pkg/utils/pki" . "github.com/onsi/gomega" certv1 "k8s.io/api/certificates/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ctrl "sigs.k8s.io/controller-runtime" - - k8smock "github.com/canonical/k8s/pkg/k8sd/controllers/csrsigning/test" - "github.com/canonical/k8s/pkg/log" - pkiutil "github.com/canonical/k8s/pkg/utils/pki" ) func TestAutoApprove(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_test.go b/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_test.go index 04493f83d..27a6a8f60 100644 --- a/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_test.go +++ b/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_test.go @@ -8,6 +8,10 @@ import ( "testing" "time" + k8smock "github.com/canonical/k8s/pkg/k8sd/controllers/csrsigning/test" + "github.com/canonical/k8s/pkg/k8sd/types" + "github.com/canonical/k8s/pkg/log" + pkiutil "github.com/canonical/k8s/pkg/utils/pki" . "github.com/onsi/gomega" certv1 "k8s.io/api/certificates/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -16,11 +20,6 @@ import ( "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - - k8smock "github.com/canonical/k8s/pkg/k8sd/controllers/csrsigning/test" - "github.com/canonical/k8s/pkg/k8sd/types" - "github.com/canonical/k8s/pkg/log" - pkiutil "github.com/canonical/k8s/pkg/utils/pki" ) func TestCSRNotFound(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/database/cluster_config_test.go b/src/k8s/pkg/k8sd/database/cluster_config_test.go index aee438f6f..086ffa548 100644 --- a/src/k8s/pkg/k8sd/database/cluster_config_test.go +++ b/src/k8s/pkg/k8sd/database/cluster_config_test.go @@ -3,11 +3,11 @@ package database_test import ( "context" "database/sql" - "github.com/canonical/k8s/pkg/utils" "testing" "github.com/canonical/k8s/pkg/k8sd/database" "github.com/canonical/k8s/pkg/k8sd/types" + "github.com/canonical/k8s/pkg/utils" . "github.com/onsi/gomega" ) diff --git a/src/k8s/pkg/k8sd/database/feature_status_test.go b/src/k8s/pkg/k8sd/database/feature_status_test.go index 61e380f98..8a7acfd3b 100644 --- a/src/k8s/pkg/k8sd/database/feature_status_test.go +++ b/src/k8s/pkg/k8sd/database/feature_status_test.go @@ -6,11 +6,10 @@ import ( "testing" "time" - . "github.com/onsi/gomega" - "github.com/canonical/k8s/pkg/k8sd/database" "github.com/canonical/k8s/pkg/k8sd/features" "github.com/canonical/k8s/pkg/k8sd/types" + . "github.com/onsi/gomega" ) func TestFeatureStatus(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/features/calico/network_test.go b/src/k8s/pkg/k8sd/features/calico/network_test.go index 96d602b37..2e76fbbcc 100644 --- a/src/k8s/pkg/k8sd/features/calico/network_test.go +++ b/src/k8s/pkg/k8sd/features/calico/network_test.go @@ -5,14 +5,13 @@ import ( "errors" "testing" - . "github.com/onsi/gomega" - "github.com/canonical/k8s/pkg/client/helm" helmmock "github.com/canonical/k8s/pkg/client/helm/mock" "github.com/canonical/k8s/pkg/k8sd/features/calico" "github.com/canonical/k8s/pkg/k8sd/types" snapmock "github.com/canonical/k8s/pkg/snap/mock" "github.com/canonical/k8s/pkg/utils" + . "github.com/onsi/gomega" "k8s.io/utils/ptr" ) diff --git a/src/k8s/pkg/k8sd/features/calico/status.go b/src/k8s/pkg/k8sd/features/calico/status.go index 423fe7426..8cafae4d4 100644 --- a/src/k8s/pkg/k8sd/features/calico/status.go +++ b/src/k8s/pkg/k8sd/features/calico/status.go @@ -5,7 +5,6 @@ import ( "fmt" "github.com/canonical/k8s/pkg/snap" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) diff --git a/src/k8s/pkg/k8sd/features/cilium/gateway_test.go b/src/k8s/pkg/k8sd/features/cilium/gateway_test.go index a92e0cbbe..1b69626df 100644 --- a/src/k8s/pkg/k8sd/features/cilium/gateway_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/gateway_test.go @@ -12,7 +12,6 @@ import ( "github.com/canonical/k8s/pkg/k8sd/features/cilium" "github.com/canonical/k8s/pkg/k8sd/types" snapmock "github.com/canonical/k8s/pkg/snap/mock" - . "github.com/onsi/gomega" v1 "k8s.io/api/apps/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/src/k8s/pkg/k8sd/features/cilium/ingress_test.go b/src/k8s/pkg/k8sd/features/cilium/ingress_test.go index a97207072..f45932c9b 100644 --- a/src/k8s/pkg/k8sd/features/cilium/ingress_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/ingress_test.go @@ -11,7 +11,6 @@ import ( "github.com/canonical/k8s/pkg/k8sd/features/cilium" "github.com/canonical/k8s/pkg/k8sd/types" snapmock "github.com/canonical/k8s/pkg/snap/mock" - . "github.com/onsi/gomega" v1 "k8s.io/api/apps/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/src/k8s/pkg/k8sd/features/cilium/network_test.go b/src/k8s/pkg/k8sd/features/cilium/network_test.go index 925139c1e..26618f95f 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/network_test.go @@ -13,7 +13,6 @@ import ( "github.com/canonical/k8s/pkg/snap" snapmock "github.com/canonical/k8s/pkg/snap/mock" "github.com/canonical/k8s/pkg/utils" - . "github.com/onsi/gomega" "k8s.io/klog/v2" "k8s.io/klog/v2/ktesting" diff --git a/src/k8s/pkg/k8sd/features/cilium/status.go b/src/k8s/pkg/k8sd/features/cilium/status.go index 65212848c..37c629abd 100644 --- a/src/k8s/pkg/k8sd/features/cilium/status.go +++ b/src/k8s/pkg/k8sd/features/cilium/status.go @@ -5,7 +5,6 @@ import ( "fmt" "github.com/canonical/k8s/pkg/snap" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) diff --git a/src/k8s/pkg/k8sd/features/contour/gateway_test.go b/src/k8s/pkg/k8sd/features/contour/gateway_test.go index bcf1b26d3..67ba82c9b 100644 --- a/src/k8s/pkg/k8sd/features/contour/gateway_test.go +++ b/src/k8s/pkg/k8sd/features/contour/gateway_test.go @@ -12,7 +12,6 @@ import ( "github.com/canonical/k8s/pkg/k8sd/features/contour" "github.com/canonical/k8s/pkg/k8sd/types" snapmock "github.com/canonical/k8s/pkg/snap/mock" - . "github.com/onsi/gomega" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" fakediscovery "k8s.io/client-go/discovery/fake" diff --git a/src/k8s/pkg/k8sd/features/contour/ingress_test.go b/src/k8s/pkg/k8sd/features/contour/ingress_test.go index 804759d52..1dbbd9b9a 100644 --- a/src/k8s/pkg/k8sd/features/contour/ingress_test.go +++ b/src/k8s/pkg/k8sd/features/contour/ingress_test.go @@ -12,7 +12,6 @@ import ( "github.com/canonical/k8s/pkg/k8sd/features/contour" "github.com/canonical/k8s/pkg/k8sd/types" snapmock "github.com/canonical/k8s/pkg/snap/mock" - . "github.com/onsi/gomega" v1 "k8s.io/api/apps/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/src/k8s/pkg/k8sd/features/coredns/coredns_test.go b/src/k8s/pkg/k8sd/features/coredns/coredns_test.go index b420aa15e..ba69eb0a9 100644 --- a/src/k8s/pkg/k8sd/features/coredns/coredns_test.go +++ b/src/k8s/pkg/k8sd/features/coredns/coredns_test.go @@ -6,18 +6,17 @@ import ( "strings" "testing" - . "github.com/onsi/gomega" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes/fake" - "k8s.io/utils/ptr" - "github.com/canonical/k8s/pkg/client/helm" helmmock "github.com/canonical/k8s/pkg/client/helm/mock" "github.com/canonical/k8s/pkg/client/kubernetes" "github.com/canonical/k8s/pkg/k8sd/features/coredns" "github.com/canonical/k8s/pkg/k8sd/types" snapmock "github.com/canonical/k8s/pkg/snap/mock" + . "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/fake" + "k8s.io/utils/ptr" ) func TestDisabled(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/features/coredns/status.go b/src/k8s/pkg/k8sd/features/coredns/status.go index 629eabe87..94d3fe66a 100644 --- a/src/k8s/pkg/k8sd/features/coredns/status.go +++ b/src/k8s/pkg/k8sd/features/coredns/status.go @@ -5,7 +5,6 @@ import ( "fmt" "github.com/canonical/k8s/pkg/snap" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) diff --git a/src/k8s/pkg/k8sd/features/localpv/localpv_test.go b/src/k8s/pkg/k8sd/features/localpv/localpv_test.go index 783422cbd..2a8da057c 100644 --- a/src/k8s/pkg/k8sd/features/localpv/localpv_test.go +++ b/src/k8s/pkg/k8sd/features/localpv/localpv_test.go @@ -5,14 +5,13 @@ import ( "errors" "testing" - . "github.com/onsi/gomega" - "k8s.io/utils/ptr" - "github.com/canonical/k8s/pkg/client/helm" helmmock "github.com/canonical/k8s/pkg/client/helm/mock" "github.com/canonical/k8s/pkg/k8sd/features/localpv" "github.com/canonical/k8s/pkg/k8sd/types" snapmock "github.com/canonical/k8s/pkg/snap/mock" + . "github.com/onsi/gomega" + "k8s.io/utils/ptr" ) func TestDisabled(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/features/metallb/loadbalancer_test.go b/src/k8s/pkg/k8sd/features/metallb/loadbalancer_test.go index 0bc1fb6f1..7ba673c78 100644 --- a/src/k8s/pkg/k8sd/features/metallb/loadbalancer_test.go +++ b/src/k8s/pkg/k8sd/features/metallb/loadbalancer_test.go @@ -5,18 +5,17 @@ import ( "errors" "testing" - . "github.com/onsi/gomega" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - fakediscovery "k8s.io/client-go/discovery/fake" - "k8s.io/client-go/kubernetes/fake" - "k8s.io/utils/ptr" - "github.com/canonical/k8s/pkg/client/helm" helmmock "github.com/canonical/k8s/pkg/client/helm/mock" "github.com/canonical/k8s/pkg/client/kubernetes" "github.com/canonical/k8s/pkg/k8sd/features/metallb" "github.com/canonical/k8s/pkg/k8sd/types" snapmock "github.com/canonical/k8s/pkg/snap/mock" + . "github.com/onsi/gomega" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + fakediscovery "k8s.io/client-go/discovery/fake" + "k8s.io/client-go/kubernetes/fake" + "k8s.io/utils/ptr" ) func TestDisabled(t *testing.T) { diff --git a/src/k8s/pkg/snap/pebble_test.go b/src/k8s/pkg/snap/pebble_test.go index f85491140..41deb4917 100644 --- a/src/k8s/pkg/snap/pebble_test.go +++ b/src/k8s/pkg/snap/pebble_test.go @@ -7,7 +7,6 @@ import ( "github.com/canonical/k8s/pkg/snap" "github.com/canonical/k8s/pkg/snap/mock" - . "github.com/onsi/gomega" ) diff --git a/src/k8s/pkg/snap/snap_test.go b/src/k8s/pkg/snap/snap_test.go index f694a0ef0..44a9f95b4 100644 --- a/src/k8s/pkg/snap/snap_test.go +++ b/src/k8s/pkg/snap/snap_test.go @@ -7,7 +7,6 @@ import ( "github.com/canonical/k8s/pkg/snap" "github.com/canonical/k8s/pkg/snap/mock" - . "github.com/onsi/gomega" ) diff --git a/src/k8s/pkg/utils/certificate_test.go b/src/k8s/pkg/utils/certificate_test.go index bd37b4797..f9becb155 100644 --- a/src/k8s/pkg/utils/certificate_test.go +++ b/src/k8s/pkg/utils/certificate_test.go @@ -9,7 +9,6 @@ import ( "testing" "github.com/canonical/k8s/pkg/utils" - . "github.com/onsi/gomega" ) diff --git a/src/k8s/pkg/utils/file.go b/src/k8s/pkg/utils/file.go index c4d1dc79f..990471531 100644 --- a/src/k8s/pkg/utils/file.go +++ b/src/k8s/pkg/utils/file.go @@ -15,9 +15,8 @@ import ( "sort" "strings" - "github.com/moby/sys/mountinfo" - "github.com/canonical/k8s/pkg/log" + "github.com/moby/sys/mountinfo" ) // ParseArgumentLine parses a command-line argument from a single line. From 65bb21da17f71f0b610b4221568fcbd20c28214c Mon Sep 17 00:00:00 2001 From: Mateo Florido <32885896+mateoflorido@users.noreply.github.com> Date: Sun, 20 Oct 2024 12:48:00 -0500 Subject: [PATCH 065/122] Add Annotations Support for Cilium (#747) --- src/k8s/go.mod | 2 +- src/k8s/go.sum | 4 +- src/k8s/pkg/k8sd/features/cilium/internal.go | 50 +++++++++ .../pkg/k8sd/features/cilium/internal_test.go | 104 +++++++++++++++++- src/k8s/pkg/k8sd/features/cilium/network.go | 6 + 5 files changed, 157 insertions(+), 9 deletions(-) diff --git a/src/k8s/go.mod b/src/k8s/go.mod index 00d8b9633..48562f653 100644 --- a/src/k8s/go.mod +++ b/src/k8s/go.mod @@ -5,7 +5,7 @@ go 1.22.6 require ( dario.cat/mergo v1.0.0 github.com/canonical/go-dqlite v1.22.0 - github.com/canonical/k8s-snap-api v1.0.11 + github.com/canonical/k8s-snap-api v1.0.12 github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 github.com/go-logr/logr v1.4.2 diff --git a/src/k8s/go.sum b/src/k8s/go.sum index e2bf4dcf9..fb5671c2b 100644 --- a/src/k8s/go.sum +++ b/src/k8s/go.sum @@ -99,8 +99,8 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXe github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/canonical/go-dqlite v1.22.0 h1:DuJmfcREl4gkQJyvZzjl2GHFZROhbPyfdjDRQXpkOyw= github.com/canonical/go-dqlite v1.22.0/go.mod h1:Uvy943N8R4CFUAs59A1NVaziWY9nJ686lScY7ywurfg= -github.com/canonical/k8s-snap-api v1.0.11 h1:nGtwrUQBLiaL3HUXFx2gb4kq6qVpl2yNwMwHVX0dEok= -github.com/canonical/k8s-snap-api v1.0.11/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= +github.com/canonical/k8s-snap-api v1.0.12 h1:ofS2+JRlPMnpWgHLmnE4QEUqWv9Dgrmsv3hrjI0O4zQ= +github.com/canonical/k8s-snap-api v1.0.12/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 h1:YOqZ+/14OPZ+/TOXpRHIX3KLT0C+wZVpewKIwlGUmW0= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230/go.mod h1:YVGI7HStOKsV+cMyXWnJ7RaMPaeWtrkxyIPvGWbgACc= github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 h1:UrnpglbXELlxtufdk6DGDytu2JzyzuS3WTsOwPrkQLI= diff --git a/src/k8s/pkg/k8sd/features/cilium/internal.go b/src/k8s/pkg/k8sd/features/cilium/internal.go index e386eb1c5..88849ade7 100644 --- a/src/k8s/pkg/k8sd/features/cilium/internal.go +++ b/src/k8s/pkg/k8sd/features/cilium/internal.go @@ -1,13 +1,55 @@ package cilium import ( + "fmt" + "slices" + "strconv" + "strings" + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations/cilium" "github.com/canonical/k8s/pkg/k8sd/types" ) +const ( + // minVLANIDValue is the minimum valid 802.1Q VLAN ID value + minVLANIDValue = 0 + // maxVLANIDValue is the maximum valid 802.1Q VLAN ID value + maxVLANIDValue = 4094 +) + type config struct { devices string directRoutingDevice string + vlanBPFBypass []int +} + +func validateVLANBPFBypass(vlanList string) ([]int, error) { + vlanList = strings.TrimSpace(vlanList) + // Maintain compatibility with the Cilium chart definition + vlanList = strings.Trim(vlanList, "{}") + vlans := strings.Split(vlanList, ",") + + vlanTags := make([]int, 0, len(vlans)) + seenTags := make(map[int]struct{}) + + for _, vlan := range vlans { + vlanID, err := strconv.Atoi(strings.TrimSpace(vlan)) + if err != nil { + return []int{}, fmt.Errorf("failed to parse VLAN tag: %w", err) + } + if vlanID < minVLANIDValue || vlanID > maxVLANIDValue { + return []int{}, fmt.Errorf("VLAN tag must be between 0 and %d", maxVLANIDValue) + } + + if _, ok := seenTags[vlanID]; ok { + continue + } + seenTags[vlanID] = struct{}{} + vlanTags = append(vlanTags, vlanID) + } + + slices.Sort(vlanTags) + return vlanTags, nil } func internalConfig(annotations types.Annotations) (config, error) { @@ -21,5 +63,13 @@ func internalConfig(annotations types.Annotations) (config, error) { c.directRoutingDevice = v } + if v, ok := annotations[apiv1_annotations.AnnotationVLANBPFBypass]; ok { + vlanTags, err := validateVLANBPFBypass(v) + if err != nil { + return config{}, fmt.Errorf("failed to parse VLAN BPF bypass list: %w", err) + } + c.vlanBPFBypass = vlanTags + } + return c, nil } diff --git a/src/k8s/pkg/k8sd/features/cilium/internal_test.go b/src/k8s/pkg/k8sd/features/cilium/internal_test.go index e171fbbb3..14af95736 100644 --- a/src/k8s/pkg/k8sd/features/cilium/internal_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/internal_test.go @@ -20,6 +20,7 @@ func TestInternalConfig(t *testing.T) { expectedConfig: config{ devices: "", directRoutingDevice: "", + vlanBPFBypass: nil, }, expectError: false, }, @@ -28,22 +29,113 @@ func TestInternalConfig(t *testing.T) { annotations: map[string]string{ apiv1_annotations.AnnotationDevices: "eth+ lxdbr+", apiv1_annotations.AnnotationDirectRoutingDevice: "eth0", + apiv1_annotations.AnnotationVLANBPFBypass: "1,2,3", }, expectedConfig: config{ devices: "eth+ lxdbr+", directRoutingDevice: "eth0", + vlanBPFBypass: []int{1, 2, 3}, + }, + expectError: false, + }, + { + name: "Single valid VLAN", + annotations: map[string]string{ + apiv1_annotations.AnnotationVLANBPFBypass: "1", + }, + expectedConfig: config{ + vlanBPFBypass: []int{1}, + }, + expectError: false, + }, + { + name: "Multiple valid VLANs", + annotations: map[string]string{ + apiv1_annotations.AnnotationVLANBPFBypass: "1,2,3,4,5", + }, + expectedConfig: config{ + vlanBPFBypass: []int{1, 2, 3, 4, 5}, + }, + expectError: false, + }, + { + name: "Wildcard VLAN", + annotations: map[string]string{ + apiv1_annotations.AnnotationVLANBPFBypass: "0", + }, + expectedConfig: config{ + vlanBPFBypass: []int{0}, + }, + expectError: false, + }, + { + name: "Invalid VLAN tag format", + annotations: map[string]string{ + apiv1_annotations.AnnotationVLANBPFBypass: "abc", + }, + expectError: true, + }, + { + name: "VLAN tag out of range", + annotations: map[string]string{ + apiv1_annotations.AnnotationVLANBPFBypass: "4095", + }, + expectError: true, + }, + { + name: "VLAN tag negative", + annotations: map[string]string{ + apiv1_annotations.AnnotationVLANBPFBypass: "-1", + }, + expectError: true, + }, + { + name: "Duplicate VLAN tags", + annotations: map[string]string{ + apiv1_annotations.AnnotationVLANBPFBypass: "1,2,2,3", + }, + expectedConfig: config{ + vlanBPFBypass: []int{1, 2, 3}, + }, + expectError: false, + }, + { + name: "Mixed spaces and commas", + annotations: map[string]string{ + apiv1_annotations.AnnotationVLANBPFBypass: " 1, 2,3 ,4 , 5 ", + }, + expectedConfig: config{ + vlanBPFBypass: []int{1, 2, 3, 4, 5}, + }, + expectError: false, + }, + { + name: "Invalid mixed with valid", + annotations: map[string]string{ + apiv1_annotations.AnnotationVLANBPFBypass: "1,abc,3", + }, + expectError: true, + }, + { + name: "Nil annotations", + annotations: nil, + expectedConfig: config{}, + expectError: false, + }, + { + name: "VLAN with curly braces", + annotations: map[string]string{ + apiv1_annotations.AnnotationVLANBPFBypass: "{1,2,3}", + }, + expectedConfig: config{ + vlanBPFBypass: []int{1, 2, 3}, }, expectError: false, }, } { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) - annotations := make(map[string]string) - for k, v := range tc.annotations { - annotations[k] = v - } - - parsed, err := internalConfig(annotations) + parsed, err := internalConfig(tc.annotations) if tc.expectError { g.Expect(err).To(HaveOccurred()) } else { diff --git a/src/k8s/pkg/k8sd/features/cilium/network.go b/src/k8s/pkg/k8sd/features/cilium/network.go index 425e2dc6e..e9a8085bb 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network.go +++ b/src/k8s/pkg/k8sd/features/cilium/network.go @@ -80,7 +80,13 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer ciliumNodePortValues["directRoutingDevice"] = config.directRoutingDevice } + bpfValues := map[string]any{} + if config.vlanBPFBypass != nil { + bpfValues["vlanBypass"] = config.vlanBPFBypass + } + values := map[string]any{ + "bpf": bpfValues, "image": map[string]any{ "repository": ciliumAgentImageRepo, "tag": CiliumAgentImageTag, From ed8525e7946c3fbeda60fdc9e0445411346b1071 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Mon, 21 Oct 2024 09:52:17 +0200 Subject: [PATCH 066/122] add ginko linter (#737) --- .golangci.yml | 2 +- src/k8s/cmd/k8s/k8s_set_test.go | 2 +- src/k8s/pkg/client/dqlite/remove_test.go | 14 +++--- .../pkg/client/kubernetes/endpoints_test.go | 2 +- src/k8s/pkg/client/kubernetes/node_test.go | 4 +- src/k8s/pkg/client/kubernetes/pods_test.go | 2 +- .../kubernetes/restart_daemonset_test.go | 4 +- .../kubernetes/restart_deployment_test.go | 4 +- .../client/kubernetes/server_groups_test.go | 2 +- src/k8s/pkg/client/kubernetes/status_test.go | 2 +- .../control_plane_configuration_test.go | 6 +-- .../controllers/csrsigning/reconcile_test.go | 2 +- .../controllers/node_configuration_test.go | 2 +- src/k8s/pkg/k8sd/database/capi_auth_test.go | 12 ++--- .../pkg/k8sd/database/cluster_config_test.go | 20 ++++---- .../pkg/k8sd/database/feature_status_test.go | 20 ++++---- .../database/kubernetes_auth_tokens_test.go | 24 +++++----- src/k8s/pkg/k8sd/database/util_test.go | 4 +- src/k8s/pkg/k8sd/database/worker_test.go | 30 ++++++------ .../pkg/k8sd/features/calico/network_test.go | 10 ++-- .../pkg/k8sd/features/cilium/gateway_test.go | 4 +- .../pkg/k8sd/features/cilium/ingress_test.go | 10 ++-- .../pkg/k8sd/features/cilium/network_test.go | 14 +++--- .../pkg/k8sd/features/coredns/coredns_test.go | 4 +- .../metrics-server/metrics_server_test.go | 2 +- .../k8sd/setup/certificates_internal_test.go | 20 ++++---- src/k8s/pkg/k8sd/setup/certificates_test.go | 22 ++++----- src/k8s/pkg/k8sd/setup/containerd_test.go | 12 ++--- .../k8sd/setup/k8s_apiserver_proxy_test.go | 10 ++-- src/k8s/pkg/k8sd/setup/k8s_dqlite_test.go | 18 ++++---- src/k8s/pkg/k8sd/setup/kube_apiserver_test.go | 22 ++++----- .../setup/kube_controller_manager_test.go | 12 ++--- src/k8s/pkg/k8sd/setup/kube_proxy_test.go | 22 ++++----- src/k8s/pkg/k8sd/setup/kube_scheduler_test.go | 8 ++-- src/k8s/pkg/k8sd/setup/kubelet_test.go | 22 ++++----- .../pkg/k8sd/setup/util_kubeconfig_test.go | 2 +- ...nfig_convert_loadbalancer_internal_test.go | 4 +- .../k8sd/types/cluster_config_convert_test.go | 2 +- .../k8sd/types/cluster_config_kubelet_test.go | 20 ++++---- .../k8sd/types/cluster_config_merge_test.go | 6 +-- .../types/cluster_config_merge_util_test.go | 24 +++++----- .../types/cluster_config_validate_test.go | 6 +-- src/k8s/pkg/k8sd/types/worker_test.go | 4 +- src/k8s/pkg/snap/pebble_test.go | 12 ++--- src/k8s/pkg/snap/snap_test.go | 12 ++--- src/k8s/pkg/snap/util/arguments_test.go | 18 ++++---- src/k8s/pkg/snap/util/node_test.go | 12 ++--- src/k8s/pkg/utils/certificate_test.go | 6 +-- src/k8s/pkg/utils/cidr_test.go | 15 +++--- src/k8s/pkg/utils/errors/errors.go | 16 ------- src/k8s/pkg/utils/errors/errors_test.go | 46 ------------------- src/k8s/pkg/utils/file_test.go | 8 ++-- src/k8s/pkg/utils/hostname_test.go | 4 +- src/k8s/pkg/utils/pki/generate_test.go | 6 +-- 54 files changed, 266 insertions(+), 327 deletions(-) delete mode 100644 src/k8s/pkg/utils/errors/errors.go delete mode 100644 src/k8s/pkg/utils/errors/errors_test.go diff --git a/.golangci.yml b/.golangci.yml index 5efceb99b..57332cbfc 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -31,10 +31,10 @@ linters: - forcetypeassert # - funlen - TODO(ben): maybe consider later; needs some refactoring - gci + - ginkgolinter # TODO(ben): Enable those linters step by step and fix existing issues. -# - ginkgolinter # - gocheckcompilerdirectives # - gochecknoglobals # - gochecknoinits diff --git a/src/k8s/cmd/k8s/k8s_set_test.go b/src/k8s/cmd/k8s/k8s_set_test.go index 8c6bc23d1..7431f1b04 100644 --- a/src/k8s/cmd/k8s/k8s_set_test.go +++ b/src/k8s/cmd/k8s/k8s_set_test.go @@ -192,7 +192,7 @@ func Test_updateConfigMapstructure(t *testing.T) { if tc.expectErr { g.Expect(err).To(HaveOccurred()) } else { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(cfg).To(SatisfyAll(tc.assertions...)) } }) diff --git a/src/k8s/pkg/client/dqlite/remove_test.go b/src/k8s/pkg/client/dqlite/remove_test.go index a2f316a65..8252add83 100644 --- a/src/k8s/pkg/client/dqlite/remove_test.go +++ b/src/k8s/pkg/client/dqlite/remove_test.go @@ -16,21 +16,21 @@ func TestRemoveNodeByAddress(t *testing.T) { client, err := dqlite.NewClient(ctx, dqlite.ClientOpts{ ClusterYAML: filepath.Join(dirs[0], "cluster.yaml"), }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(client).NotTo(BeNil()) members, err := client.ListMembers(ctx) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(members).To(HaveLen(2)) memberToRemove := members[0].Address if members[0].Role == dqlite.Voter { memberToRemove = members[1].Address } - g.Expect(client.RemoveNodeByAddress(ctx, memberToRemove)).To(BeNil()) + g.Expect(client.RemoveNodeByAddress(ctx, memberToRemove)).To(Succeed()) members, err = client.ListMembers(ctx) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(members).To(HaveLen(1)) }) }) @@ -41,11 +41,11 @@ func TestRemoveNodeByAddress(t *testing.T) { client, err := dqlite.NewClient(ctx, dqlite.ClientOpts{ ClusterYAML: filepath.Join(dirs[0], "cluster.yaml"), }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(client).NotTo(BeNil()) members, err := client.ListMembers(ctx) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(members).To(HaveLen(2)) memberToRemove := members[0] @@ -61,7 +61,7 @@ func TestRemoveNodeByAddress(t *testing.T) { g.Expect(client.RemoveNodeByAddress(ctx, memberToRemove.Address)).To(Succeed()) members, err = client.ListMembers(ctx) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(members).To(HaveLen(1)) g.Expect(members[0].Role).To(Equal(dqlite.Voter)) g.Expect(members[0].Address).ToNot(Equal(memberToRemove.Address)) diff --git a/src/k8s/pkg/client/kubernetes/endpoints_test.go b/src/k8s/pkg/client/kubernetes/endpoints_test.go index 238886aa6..d750829a5 100644 --- a/src/k8s/pkg/client/kubernetes/endpoints_test.go +++ b/src/k8s/pkg/client/kubernetes/endpoints_test.go @@ -109,7 +109,7 @@ func TestGetKubeAPIServerEndpoints(t *testing.T) { g.Expect(err).To(HaveOccurred()) g.Expect(servers).To(BeEmpty()) } else { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(servers).To(Equal(tc.expectedAddresses)) } }) diff --git a/src/k8s/pkg/client/kubernetes/node_test.go b/src/k8s/pkg/client/kubernetes/node_test.go index 55165e3c4..22ab79a1b 100644 --- a/src/k8s/pkg/client/kubernetes/node_test.go +++ b/src/k8s/pkg/client/kubernetes/node_test.go @@ -28,7 +28,7 @@ func TestDeleteNode(t *testing.T) { }, metav1.CreateOptions{}) err := client.DeleteNode(context.Background(), nodeName) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) }) t.Run("node does not exist is successful", func(t *testing.T) { @@ -37,7 +37,7 @@ func TestDeleteNode(t *testing.T) { nodeName := "test-node" err := client.DeleteNode(context.Background(), nodeName) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) }) t.Run("node deletion fails", func(t *testing.T) { diff --git a/src/k8s/pkg/client/kubernetes/pods_test.go b/src/k8s/pkg/client/kubernetes/pods_test.go index 5f3922e1f..b10fe76c7 100644 --- a/src/k8s/pkg/client/kubernetes/pods_test.go +++ b/src/k8s/pkg/client/kubernetes/pods_test.go @@ -98,7 +98,7 @@ func TestCheckForReadyPods(t *testing.T) { err := client.CheckForReadyPods(context.Background(), tc.namespace, tc.listOptions) if tc.expectedError == "" { - g.Expect(err).Should(BeNil()) + g.Expect(err).ShouldNot(HaveOccurred()) } else { g.Expect(err).Should(MatchError(tc.expectedError)) } diff --git a/src/k8s/pkg/client/kubernetes/restart_daemonset_test.go b/src/k8s/pkg/client/kubernetes/restart_daemonset_test.go index 55ecc8061..3f88b6b21 100644 --- a/src/k8s/pkg/client/kubernetes/restart_daemonset_test.go +++ b/src/k8s/pkg/client/kubernetes/restart_daemonset_test.go @@ -66,9 +66,9 @@ func TestRestartDaemonset(t *testing.T) { if tc.expectError { g.Expect(err).To(HaveOccurred()) } else { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) ds, err := client.AppsV1().DaemonSets("namespace").Get(context.Background(), "test", metav1.GetOptions{}) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(ds.Spec.Template.Annotations["kubectl.kubernetes.io/restartedAt"]).NotTo(BeEmpty()) } }) diff --git a/src/k8s/pkg/client/kubernetes/restart_deployment_test.go b/src/k8s/pkg/client/kubernetes/restart_deployment_test.go index 2bc7aa9d7..cdb59608d 100644 --- a/src/k8s/pkg/client/kubernetes/restart_deployment_test.go +++ b/src/k8s/pkg/client/kubernetes/restart_deployment_test.go @@ -66,9 +66,9 @@ func TestRestartDeployment(t *testing.T) { if tc.expectError { g.Expect(err).To(HaveOccurred()) } else { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) deploy, err := client.AppsV1().Deployments("namespace").Get(context.Background(), "test", metav1.GetOptions{}) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(deploy.Spec.Template.Annotations["kubectl.kubernetes.io/restartedAt"]).NotTo(BeEmpty()) } }) diff --git a/src/k8s/pkg/client/kubernetes/server_groups_test.go b/src/k8s/pkg/client/kubernetes/server_groups_test.go index 4928d7347..028f311e6 100644 --- a/src/k8s/pkg/client/kubernetes/server_groups_test.go +++ b/src/k8s/pkg/client/kubernetes/server_groups_test.go @@ -58,7 +58,7 @@ func TestListResourcesForGroupVersion(t *testing.T) { if tt.expectedError { g.Expect(err).To(HaveOccurred()) } else { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(resources).To(Equal(tt.expectedList)) } }) diff --git a/src/k8s/pkg/client/kubernetes/status_test.go b/src/k8s/pkg/client/kubernetes/status_test.go index 7dae3e115..64b4bc063 100644 --- a/src/k8s/pkg/client/kubernetes/status_test.go +++ b/src/k8s/pkg/client/kubernetes/status_test.go @@ -93,7 +93,7 @@ func TestClusterHasReadyNodes(t *testing.T) { ready, err := client.HasReadyNodes(context.Background()) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(ready).To(Equal(tt.expectedReady)) }) } diff --git a/src/k8s/pkg/k8sd/controllers/control_plane_configuration_test.go b/src/k8s/pkg/k8sd/controllers/control_plane_configuration_test.go index 33ed9d4b3..88035dbb9 100644 --- a/src/k8s/pkg/k8sd/controllers/control_plane_configuration_test.go +++ b/src/k8s/pkg/k8sd/controllers/control_plane_configuration_test.go @@ -197,7 +197,7 @@ func TestControlPlaneConfigController(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "kube-apiserver", earg) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(Equal(eval)) }) } @@ -209,7 +209,7 @@ func TestControlPlaneConfigController(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "kube-controller-manager", earg) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(Equal(eval)) }) } @@ -222,7 +222,7 @@ func TestControlPlaneConfigController(t *testing.T) { _, err := os.Stat(file) if mustExist { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) } else { g.Expect(err).To(MatchError(os.ErrNotExist)) } diff --git a/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_test.go b/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_test.go index 27a6a8f60..fda98bcd8 100644 --- a/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_test.go +++ b/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_test.go @@ -68,7 +68,7 @@ func TestFailedToGetCSR(t *testing.T) { result, err := reconciler.Reconcile(context.Background(), getDefaultRequest()) g.Expect(result).To(Equal(ctrl.Result{})) - g.Expect(err).To(MatchError(getErr)) + g.Expect(err).To(MatchError(getErr.Error())) } func TestHasSignedCertificate(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/controllers/node_configuration_test.go b/src/k8s/pkg/k8sd/controllers/node_configuration_test.go index 38e6a3bf8..b6936e201 100644 --- a/src/k8s/pkg/k8sd/controllers/node_configuration_test.go +++ b/src/k8s/pkg/k8sd/controllers/node_configuration_test.go @@ -147,7 +147,7 @@ func TestConfigPropagation(t *testing.T) { for ekey, evalue := range tc.expectArgs { val, err := snaputil.GetServiceArgument(s, "kubelet", ekey) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(Equal(evalue)) } diff --git a/src/k8s/pkg/k8sd/database/capi_auth_test.go b/src/k8s/pkg/k8sd/database/capi_auth_test.go index eca571532..2ffbcdf46 100644 --- a/src/k8s/pkg/k8sd/database/capi_auth_test.go +++ b/src/k8s/pkg/k8sd/database/capi_auth_test.go @@ -17,10 +17,10 @@ func TestClusterAPIAuthTokens(t *testing.T) { g := NewWithT(t) err := db.Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error { err := database.SetClusterAPIToken(ctx, tx, token) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) return nil }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) }) t.Run("CheckAuthToken", func(t *testing.T) { @@ -28,22 +28,22 @@ func TestClusterAPIAuthTokens(t *testing.T) { g := NewWithT(t) err := db.Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error { valid, err := database.ValidateClusterAPIToken(ctx, tx, token) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(valid).To(BeTrue()) return nil }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) }) t.Run("InvalidToken", func(t *testing.T) { g := NewWithT(t) err := db.Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error { valid, err := database.ValidateClusterAPIToken(ctx, tx, "invalid-token") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(valid).To(BeFalse()) return nil }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) }) }) }) diff --git a/src/k8s/pkg/k8sd/database/cluster_config_test.go b/src/k8s/pkg/k8sd/database/cluster_config_test.go index 086ffa548..e4b21d220 100644 --- a/src/k8s/pkg/k8sd/database/cluster_config_test.go +++ b/src/k8s/pkg/k8sd/database/cluster_config_test.go @@ -26,19 +26,19 @@ func TestClusterConfig(t *testing.T) { // Write some config to the database err := d.Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error { _, err := database.SetClusterConfig(context.Background(), tx, expectedClusterConfig) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) return nil }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) // Retrieve it and map it to the struct err = d.Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error { clusterConfig, err := database.GetClusterConfig(ctx, tx) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(clusterConfig).To(Equal(expectedClusterConfig)) return nil }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) }) t.Run("CannotUpdateCA", func(t *testing.T) { @@ -65,11 +65,11 @@ func TestClusterConfig(t *testing.T) { err = d.Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error { clusterConfig, err := database.GetClusterConfig(ctx, tx) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(clusterConfig).To(Equal(expectedClusterConfig)) return nil }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) }) t.Run("Update", func(t *testing.T) { @@ -104,18 +104,18 @@ func TestClusterConfig(t *testing.T) { }, }) g.Expect(returnedConfig).To(Equal(expectedClusterConfig)) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) return nil }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) err = d.Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error { clusterConfig, err := database.GetClusterConfig(ctx, tx) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(clusterConfig).To(Equal(expectedClusterConfig)) return nil }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) }) }) } diff --git a/src/k8s/pkg/k8sd/database/feature_status_test.go b/src/k8s/pkg/k8sd/database/feature_status_test.go index 8a7acfd3b..7de15a07d 100644 --- a/src/k8s/pkg/k8sd/database/feature_status_test.go +++ b/src/k8s/pkg/k8sd/database/feature_status_test.go @@ -44,7 +44,7 @@ func TestFeatureStatus(t *testing.T) { t.Run("ReturnNothingInitially", func(t *testing.T) { g := NewWithT(t) ss, err := database.GetFeatureStatuses(ctx, tx) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(ss).To(BeEmpty()) }) @@ -53,12 +53,12 @@ func TestFeatureStatus(t *testing.T) { g := NewWithT(t) err := database.SetFeatureStatus(ctx, tx, features.Network, networkStatus) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) err = database.SetFeatureStatus(ctx, tx, features.DNS, dnsStatus) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) ss, err := database.GetFeatureStatuses(ctx, tx) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(ss).To(HaveLen(2)) g.Expect(ss[features.Network].Enabled).To(Equal(networkStatus.Enabled)) @@ -76,20 +76,20 @@ func TestFeatureStatus(t *testing.T) { g := NewWithT(t) err := database.SetFeatureStatus(ctx, tx, features.Network, networkStatus) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) err = database.SetFeatureStatus(ctx, tx, features.DNS, dnsStatus) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) // set and update err = database.SetFeatureStatus(ctx, tx, features.Network, networkStatus) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) err = database.SetFeatureStatus(ctx, tx, features.DNS, dnsStatus2) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) err = database.SetFeatureStatus(ctx, tx, features.Gateway, gatewayStatus) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) ss, err := database.GetFeatureStatuses(ctx, tx) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(ss).To(HaveLen(3)) // network stayed the same diff --git a/src/k8s/pkg/k8sd/database/kubernetes_auth_tokens_test.go b/src/k8s/pkg/k8sd/database/kubernetes_auth_tokens_test.go index 18d73779b..dd7d8ce9e 100644 --- a/src/k8s/pkg/k8sd/database/kubernetes_auth_tokens_test.go +++ b/src/k8s/pkg/k8sd/database/kubernetes_auth_tokens_test.go @@ -19,27 +19,27 @@ func TestKubernetesAuthTokens(t *testing.T) { var err error token1, err = database.GetOrCreateToken(ctx, tx, "user1", []string{"group1", "group2"}) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(token1).To(Not(BeEmpty())) token2, err = database.GetOrCreateToken(ctx, tx, "user2", []string{"group1", "group2"}) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(token2).To(Not(BeEmpty())) g.Expect(token1).To(Not(Equal(token2))) return nil }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) t.Run("Existing", func(t *testing.T) { g := NewWithT(t) err := db.Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error { token, err := database.GetOrCreateToken(ctx, tx, "user1", []string{"group1", "group2"}) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(token).To(Equal(token1)) return nil }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) }) }) @@ -48,23 +48,23 @@ func TestKubernetesAuthTokens(t *testing.T) { g := NewWithT(t) err := db.Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error { username, groups, err := database.CheckToken(ctx, tx, token1) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(username).To(Equal("user1")) g.Expect(groups).To(ConsistOf("group1", "group2")) return nil }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) }) t.Run("user2", func(t *testing.T) { g := NewWithT(t) err := db.Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error { username, groups, err := database.CheckToken(ctx, tx, token2) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(username).To(Equal("user2")) g.Expect(groups).To(ConsistOf("group1", "group2")) return nil }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) }) }) @@ -72,15 +72,15 @@ func TestKubernetesAuthTokens(t *testing.T) { g := NewWithT(t) err := db.Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error { err := database.DeleteToken(ctx, tx, token2) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) username, groups, err := database.CheckToken(ctx, tx, token2) - g.Expect(err).ToNot(BeNil()) + g.Expect(err).To(HaveOccurred()) g.Expect(username).To(BeEmpty()) g.Expect(groups).To(BeEmpty()) return nil }) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) }) }) } diff --git a/src/k8s/pkg/k8sd/database/util_test.go b/src/k8s/pkg/k8sd/database/util_test.go index 265302bfe..d1cf02d63 100644 --- a/src/k8s/pkg/k8sd/database/util_test.go +++ b/src/k8s/pkg/k8sd/database/util_test.go @@ -38,13 +38,13 @@ type DB interface { // WithDB(t, func(ctx context.Context, db DB) { // err := db.Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error { // token, err := database.GetOrCreateToken(ctx, tx, "user1", []string{"group1", "group2"}) -// if !g.Expect(err).To(BeNil()) { +// if !g.Expect(err).To(Not(HaveOccurred())) { // return err // } // g.Expect(token).To(Not(BeEmpty())) // return nil // }) -// g.Expect(err).To(BeNil()) +// g.Expect(err).To(Not(HaveOccurred())) // }) // }) // } diff --git a/src/k8s/pkg/k8sd/database/worker_test.go b/src/k8s/pkg/k8sd/database/worker_test.go index 61de6e499..ce154fcdb 100644 --- a/src/k8s/pkg/k8sd/database/worker_test.go +++ b/src/k8s/pkg/k8sd/database/worker_test.go @@ -17,39 +17,39 @@ func TestWorkerNodeToken(t *testing.T) { t.Run("Default", func(t *testing.T) { g := NewWithT(t) exists, err := database.CheckWorkerNodeToken(ctx, tx, "somenode", "sometoken") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(exists).To(BeFalse()) token, err := database.GetOrCreateWorkerNodeToken(ctx, tx, "somenode", tokenExpiry) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(token).To(HaveLen(48)) othertoken, err := database.GetOrCreateWorkerNodeToken(ctx, tx, "someothernode", tokenExpiry) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(othertoken).To(HaveLen(48)) g.Expect(othertoken).NotTo(Equal(token)) valid, err := database.CheckWorkerNodeToken(ctx, tx, "somenode", token) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(valid).To(BeTrue()) valid, err = database.CheckWorkerNodeToken(ctx, tx, "someothernode", token) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(valid).To(BeFalse()) valid, err = database.CheckWorkerNodeToken(ctx, tx, "someothernode", othertoken) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(valid).To(BeTrue()) err = database.DeleteWorkerNodeToken(ctx, tx, token) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) valid, err = database.CheckWorkerNodeToken(ctx, tx, "somenode", token) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(valid).To(BeFalse()) newToken, err := database.GetOrCreateWorkerNodeToken(ctx, tx, "somenode", tokenExpiry) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(newToken).To(HaveLen(48)) g.Expect(newToken).ToNot(Equal(token)) }) @@ -58,22 +58,22 @@ func TestWorkerNodeToken(t *testing.T) { t.Run("Valid", func(t *testing.T) { g := NewWithT(t) token, err := database.GetOrCreateWorkerNodeToken(ctx, tx, "nodeExpiry1", time.Now().Add(time.Hour)) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(token).To(HaveLen(48)) valid, err := database.CheckWorkerNodeToken(ctx, tx, "nodeExpiry1", token) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(valid).To(BeTrue()) }) t.Run("Expired", func(t *testing.T) { g := NewWithT(t) token, err := database.GetOrCreateWorkerNodeToken(ctx, tx, "nodeExpiry2", time.Now().Add(-time.Hour)) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(token).To(HaveLen(48)) valid, err := database.CheckWorkerNodeToken(ctx, tx, "nodeExpiry2", token) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(valid).To(BeFalse()) }) }) @@ -81,7 +81,7 @@ func TestWorkerNodeToken(t *testing.T) { t.Run("AnyNodeName", func(t *testing.T) { g := NewWithT(t) token, err := database.GetOrCreateWorkerNodeToken(ctx, tx, "", tokenExpiry) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(token).To(HaveLen(48)) for _, name := range []string{"", "test", "other"} { @@ -89,7 +89,7 @@ func TestWorkerNodeToken(t *testing.T) { g := NewWithT(t) valid, err := database.CheckWorkerNodeToken(ctx, tx, name, token) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(valid).To(BeTrue()) }) } diff --git a/src/k8s/pkg/k8sd/features/calico/network_test.go b/src/k8s/pkg/k8sd/features/calico/network_test.go index 2e76fbbcc..39142decd 100644 --- a/src/k8s/pkg/k8sd/features/calico/network_test.go +++ b/src/k8s/pkg/k8sd/features/calico/network_test.go @@ -112,7 +112,7 @@ func TestEnabled(t *testing.T) { g.Expect(err).To(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) g.Expect(status.Version).To(Equal(calico.CalicoTag)) - g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) + g.Expect(helmM.ApplyCalledWith).To(BeEmpty()) }) t.Run("InvalidServiceCIDR", func(t *testing.T) { g := NewWithT(t) @@ -137,7 +137,7 @@ func TestEnabled(t *testing.T) { g.Expect(err).To(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) g.Expect(status.Version).To(Equal(calico.CalicoTag)) - g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) + g.Expect(helmM.ApplyCalledWith).To(BeEmpty()) }) t.Run("HelmApplyFails", func(t *testing.T) { g := NewWithT(t) @@ -228,10 +228,10 @@ func validateValues(t *testing.T, values map[string]any, network types.Network) "encapsulation": "VXLAN", })) g.Expect(calicoNetwork["ipPools"].([]map[string]any)).To(HaveLen(2)) - g.Expect(calicoNetwork["nodeAddressAutodetectionV4"].(map[string]any)["firstFound"]).To(Equal(true)) - g.Expect(calicoNetwork["nodeAddressAutodetectionV6"].(map[string]any)["firstFound"]).To(Equal(true)) + g.Expect(calicoNetwork["nodeAddressAutodetectionV4"].(map[string]any)["firstFound"]).To(BeTrue()) + g.Expect(calicoNetwork["nodeAddressAutodetectionV6"].(map[string]any)["firstFound"]).To(BeTrue()) - g.Expect(values["apiServer"].(map[string]any)["enabled"]).To(Equal(true)) + g.Expect(values["apiServer"].(map[string]any)["enabled"]).To(BeTrue()) // service CIDRs g.Expect(values["serviceCIDRs"].([]string)).To(ContainElements(svcIPv4CIDR, svcIPv6CIDR)) diff --git a/src/k8s/pkg/k8sd/features/cilium/gateway_test.go b/src/k8s/pkg/k8sd/features/cilium/gateway_test.go index 1b69626df..d7037b947 100644 --- a/src/k8s/pkg/k8sd/features/cilium/gateway_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/gateway_test.go @@ -73,7 +73,7 @@ func TestGatewayEnabled(t *testing.T) { helmCiliumArgs := helmM.ApplyCalledWith[2] g.Expect(helmCiliumArgs.Chart).To(Equal(cilium.ChartCilium)) g.Expect(helmCiliumArgs.State).To(Equal(helm.StateUpgradeOnly)) - g.Expect(helmCiliumArgs.Values["gatewayAPI"].(map[string]any)["enabled"]).To(Equal(true)) + g.Expect(helmCiliumArgs.Values["gatewayAPI"].(map[string]any)["enabled"]).To(BeTrue()) }) t.Run("RolloutFail", func(t *testing.T) { @@ -199,7 +199,7 @@ func TestGatewayDisabled(t *testing.T) { helmCiliumArgs := helmM.ApplyCalledWith[1] g.Expect(helmCiliumArgs.Chart).To(Equal(cilium.ChartCilium)) g.Expect(helmCiliumArgs.State).To(Equal(helm.StateDeleted)) - g.Expect(helmCiliumArgs.Values["gatewayAPI"].(map[string]any)["enabled"]).To(Equal(false)) + g.Expect(helmCiliumArgs.Values["gatewayAPI"].(map[string]any)["enabled"]).To(BeFalse()) }) diff --git a/src/k8s/pkg/k8sd/features/cilium/ingress_test.go b/src/k8s/pkg/k8sd/features/cilium/ingress_test.go index f45932c9b..af74b4920 100644 --- a/src/k8s/pkg/k8sd/features/cilium/ingress_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/ingress_test.go @@ -87,7 +87,7 @@ func TestIngress(t *testing.T) { status, err := cilium.ApplyIngress(context.Background(), snapM, ingress, network, nil) if tc.helmErr == nil { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) } else { g.Expect(err).To(MatchError(applyErr)) } @@ -179,7 +179,7 @@ func TestIngressRollout(t *testing.T) { status, err := cilium.ApplyIngress(context.Background(), snapM, ingress, network, nil) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(status.Enabled).To(BeTrue()) g.Expect(status.Message).To(Equal(cilium.EnabledMsg)) g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) @@ -195,15 +195,15 @@ func validateIngressValues(g Gomega, values map[string]any, ingress types.Ingres ingressController, ok := values["ingressController"].(map[string]any) g.Expect(ok).To(BeTrue()) if ingress.GetEnabled() { - g.Expect(ingressController["enabled"]).To(Equal(true)) + g.Expect(ingressController["enabled"]).To(BeTrue()) g.Expect(ingressController["loadbalancerMode"]).To(Equal("shared")) g.Expect(ingressController["defaultSecretNamespace"]).To(Equal("kube-system")) g.Expect(ingressController["defaultTLSSecret"]).To(Equal(ingress.GetDefaultTLSSecret())) g.Expect(ingressController["enableProxyProtocol"]).To(Equal(ingress.GetEnableProxyProtocol())) } else { - g.Expect(ingressController["enabled"]).To(Equal(false)) + g.Expect(ingressController["enabled"]).To(BeFalse()) g.Expect(ingressController["defaultSecretNamespace"]).To(Equal("")) g.Expect(ingressController["defaultSecretName"]).To(Equal("")) - g.Expect(ingressController["enableProxyProtocol"]).To(Equal(false)) + g.Expect(ingressController["enableProxyProtocol"]).To(BeFalse()) } } diff --git a/src/k8s/pkg/k8sd/features/cilium/network_test.go b/src/k8s/pkg/k8sd/features/cilium/network_test.go index 26618f95f..3462e5f1e 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/network_test.go @@ -114,7 +114,7 @@ func TestNetworkEnabled(t *testing.T) { g.Expect(err).To(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) - g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) + g.Expect(helmM.ApplyCalledWith).To(BeEmpty()) }) t.Run("Strict", func(t *testing.T) { @@ -226,7 +226,7 @@ func TestNetworkMountPath(t *testing.T) { g.Expect(status.Enabled).To(BeFalse()) g.Expect(status.Message).To(Equal(fmt.Sprintf(networkDeployFailedMsgTmpl, err))) g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) - g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) + g.Expect(helmM.ApplyCalledWith).To(BeEmpty()) }) } @@ -264,7 +264,7 @@ func TestNetworkMountPropagationType(t *testing.T) { g.Expect(status.Message).To(Equal(fmt.Sprintf(networkDeployFailedMsgTmpl, err))) g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) - g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) + g.Expect(helmM.ApplyCalledWith).To(BeEmpty()) }) @@ -300,7 +300,7 @@ func TestNetworkMountPropagationType(t *testing.T) { g.Expect(status.Message).To(Equal(fmt.Sprintf(networkDeployFailedMsgTmpl, err))) g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) - g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) + g.Expect(helmM.ApplyCalledWith).To(BeEmpty()) testingLogger, ok := logger.GetSink().(ktesting.Underlier) if !ok { panic("Should have had a ktesting LogSink!?") @@ -338,13 +338,13 @@ func TestNetworkMountPropagationType(t *testing.T) { g.Expect(status.Message).To(Equal(fmt.Sprintf(networkDeployFailedMsgTmpl, err))) g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) - g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) + g.Expect(helmM.ApplyCalledWith).To(BeEmpty()) }) t.Run("MountPropagationPrivate", func(t *testing.T) { g := NewWithT(t) - getMountPropagationType = func(path string) (utils.MountPropagationType, error) { + getMountPropagationType = func(_ string) (utils.MountPropagationType, error) { return utils.MountPropagationPrivate, nil } helmM := &helmmock.Mock{} @@ -370,7 +370,7 @@ func TestNetworkMountPropagationType(t *testing.T) { g.Expect(status.Message).To(Equal(fmt.Sprintf(networkDeployFailedMsgTmpl, err))) g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) - g.Expect(helmM.ApplyCalledWith).To(HaveLen(0)) + g.Expect(helmM.ApplyCalledWith).To(BeEmpty()) }) } diff --git a/src/k8s/pkg/k8sd/features/coredns/coredns_test.go b/src/k8s/pkg/k8sd/features/coredns/coredns_test.go index ba69eb0a9..b80328c14 100644 --- a/src/k8s/pkg/k8sd/features/coredns/coredns_test.go +++ b/src/k8s/pkg/k8sd/features/coredns/coredns_test.go @@ -68,7 +68,7 @@ func TestDisabled(t *testing.T) { status, str, err := coredns.ApplyDNS(context.Background(), snapM, dns, kubelet, nil) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(str).To(BeEmpty()) g.Expect(status.Message).To(Equal("disabled")) g.Expect(status.Enabled).To(BeFalse()) @@ -172,7 +172,7 @@ func TestEnabled(t *testing.T) { status, str, err := coredns.ApplyDNS(context.Background(), snapM, dns, kubelet, nil) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(str).To(Equal(clusterIp)) g.Expect(status.Message).To(ContainSubstring("enabled at " + clusterIp)) g.Expect(status.Enabled).To(BeTrue()) diff --git a/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go b/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go index 38c93fc34..4410e5bd4 100644 --- a/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go +++ b/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go @@ -107,7 +107,7 @@ func TestApplyMetricsServer(t *testing.T) { } status, err := metrics_server.ApplyMetricsServer(context.Background(), s, cfg, annotations) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(h.ApplyCalledWith).To(ConsistOf(HaveField("Values", HaveKeyWithValue("image", SatisfyAll( HaveKeyWithValue("repository", "custom-image"), HaveKeyWithValue("tag", "custom-tag"), diff --git a/src/k8s/pkg/k8sd/setup/certificates_internal_test.go b/src/k8s/pkg/k8sd/setup/certificates_internal_test.go index 665574dda..941392140 100644 --- a/src/k8s/pkg/k8sd/setup/certificates_internal_test.go +++ b/src/k8s/pkg/k8sd/setup/certificates_internal_test.go @@ -15,11 +15,11 @@ func TestEnsureFile(t *testing.T) { tempDir := t.TempDir() fname := filepath.Join(tempDir, "test") updated, err := ensureFile(fname, "test", os.Getuid(), os.Getgid(), 0777) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeTrue()) createdFile, _ := os.ReadFile(fname) - g.Expect(string(createdFile) == "test").To(BeTrue()) + g.Expect(string(createdFile)).To(Equal("test")) }) t.Run("DeleteFile", func(t *testing.T) { @@ -29,12 +29,12 @@ func TestEnsureFile(t *testing.T) { // Create a file with some content. updated, err := ensureFile(fname, "test", os.Getuid(), os.Getgid(), 0777) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeTrue()) // Delete the file. updated, err = ensureFile(fname, "", os.Getuid(), os.Getgid(), 0777) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeTrue()) _, err = os.Stat(fname) @@ -48,25 +48,25 @@ func TestEnsureFile(t *testing.T) { // Create a file with some content. updated, err := ensureFile(fname, "test", os.Getuid(), os.Getgid(), 0777) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeTrue()) // ensureFile with same content should return that the file was not updated. updated, err = ensureFile(fname, "test", os.Getuid(), os.Getgid(), 0777) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeFalse()) // Change the content and ensureFile should return that the file was updated. updated, err = ensureFile(fname, "new content", os.Getuid(), os.Getgid(), 0777) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeTrue()) createdFile, _ := os.ReadFile(fname) - g.Expect(string(createdFile) == "new content").To(BeTrue()) + g.Expect(string(createdFile)).To(Equal("new content")) // Change permissions and ensureFile should return that the file was not updated. updated, err = ensureFile(fname, "new content", os.Getuid(), os.Getgid(), 0666) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeFalse()) }) @@ -77,7 +77,7 @@ func TestEnsureFile(t *testing.T) { // ensureFile on inexistent file with empty content should return that the file was not updated. updated, err := ensureFile(fname, "", os.Getuid(), os.Getgid(), 0777) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeFalse()) }) } diff --git a/src/k8s/pkg/k8sd/setup/certificates_test.go b/src/k8s/pkg/k8sd/setup/certificates_test.go index 32526faec..8ea74313e 100644 --- a/src/k8s/pkg/k8sd/setup/certificates_test.go +++ b/src/k8s/pkg/k8sd/setup/certificates_test.go @@ -28,7 +28,7 @@ func TestEnsureK8sDqlitePKI(t *testing.T) { } _, err := setup.EnsureK8sDqlitePKI(mock, certificates) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) expectedFiles := []string{ filepath.Join(tempDir, "cluster.crt"), @@ -37,7 +37,7 @@ func TestEnsureK8sDqlitePKI(t *testing.T) { for _, file := range expectedFiles { _, err := os.Stat(file) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) } } @@ -71,7 +71,7 @@ func TestEnsureControlPlanePKI(t *testing.T) { } _, err := setup.EnsureControlPlanePKI(mock, certificates) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) expectedFiles := []string{ filepath.Join(tempDir, "apiserver-kubelet-client.crt"), @@ -92,7 +92,7 @@ func TestEnsureControlPlanePKI(t *testing.T) { for _, file := range expectedFiles { _, err := os.Stat(file) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) } } @@ -115,7 +115,7 @@ func TestEnsureWorkerPKI(t *testing.T) { } _, err := setup.EnsureWorkerPKI(mock, certificates) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) expectedFiles := []string{ filepath.Join(tempDir, "ca.crt"), @@ -126,7 +126,7 @@ func TestEnsureWorkerPKI(t *testing.T) { for _, file := range expectedFiles { _, err := os.Stat(file) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) } } @@ -147,7 +147,7 @@ func TestExtDatastorePKI(t *testing.T) { } _, err := setup.EnsureExtDatastorePKI(mock, certificates) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) expectedFiles := []string{ filepath.Join(tempDir, "ca.crt"), @@ -157,7 +157,7 @@ func TestExtDatastorePKI(t *testing.T) { for _, file := range expectedFiles { _, err := os.Stat(file) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) } } @@ -186,7 +186,7 @@ func TestEmptyCert(t *testing.T) { // Should create files _, err := setup.EnsureK8sDqlitePKI(mock, certificates) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) certificates = &pki.K8sDqlitePKI{ K8sDqliteCert: "", @@ -195,10 +195,10 @@ func TestEmptyCert(t *testing.T) { // Should delete files _, err = setup.EnsureK8sDqlitePKI(mock, certificates) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) for _, file := range expectedFiles { _, err := os.Stat(file) - g.Expect(err).NotTo(BeNil()) + g.Expect(err).To(HaveOccurred()) } } diff --git a/src/k8s/pkg/k8sd/setup/containerd_test.go b/src/k8s/pkg/k8sd/setup/containerd_test.go index 4327499e4..bf895d263 100644 --- a/src/k8s/pkg/k8sd/setup/containerd_test.go +++ b/src/k8s/pkg/k8sd/setup/containerd_test.go @@ -53,7 +53,7 @@ func TestContainerd(t *testing.T) { t.Run("Config", func(t *testing.T) { g := NewWithT(t) b, err := os.ReadFile(filepath.Join(dir, "containerd", "config.toml")) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(string(b)).To(SatisfyAll( ContainSubstring(fmt.Sprintf(`imports = ["%s/*.toml", "/custom/imports/*.toml"]`, filepath.Join(dir, "containerd-confd"))), ContainSubstring(fmt.Sprintf(`conf_dir = "%s"`, filepath.Join(dir, "cni-netd"))), @@ -62,7 +62,7 @@ func TestContainerd(t *testing.T) { )) info, err := os.Stat(filepath.Join(dir, "containerd", "config.toml")) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(info.Mode().Perm()).To(Equal(fs.FileMode(0600))) switch stat := info.Sys().(type) { @@ -78,12 +78,12 @@ func TestContainerd(t *testing.T) { g := NewWithT(t) for _, plugin := range []string{"plugin1", "plugin2"} { link, err := os.Readlink(filepath.Join(dir, "opt-cni-bin", plugin)) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(link).To(Equal("cni")) } info, err := os.Stat(filepath.Join(dir, "opt-cni-bin")) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(info.Mode().Perm()).To(Equal(fs.FileMode(0700))) switch stat := info.Sys().(type) { @@ -107,7 +107,7 @@ func TestContainerd(t *testing.T) { t.Run(key, func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "containerd", key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(Equal(expectedVal)) }) } @@ -115,7 +115,7 @@ func TestContainerd(t *testing.T) { t.Run("--address", func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "containerd", "--address") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(BeZero()) }) }) diff --git a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go index 2df5238c8..8a01ea750 100644 --- a/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go +++ b/src/k8s/pkg/k8sd/setup/k8s_apiserver_proxy_test.go @@ -41,14 +41,14 @@ func TestK8sApiServerProxy(t *testing.T) { t.Run(tc.key, func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "k8s-apiserver-proxy", tc.key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(tc.expectedVal).To(Equal(val)) }) } args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "k8s-apiserver-proxy")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) t.Run("WithExtraArgs", func(t *testing.T) { @@ -75,7 +75,7 @@ func TestK8sApiServerProxy(t *testing.T) { t.Run(tc.key, func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "k8s-apiserver-proxy", tc.key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(tc.expectedVal).To(Equal(val)) }) } @@ -83,13 +83,13 @@ func TestK8sApiServerProxy(t *testing.T) { t.Run("--listen", func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "k8s-apiserver-proxy", "--listen") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(BeZero()) }) args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "k8s-apiserver-proxy")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) t.Run("MissingExtraConfigDir", func(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/setup/k8s_dqlite_test.go b/src/k8s/pkg/k8sd/setup/k8s_dqlite_test.go index 8bfcedbab..391b3b616 100644 --- a/src/k8s/pkg/k8sd/setup/k8s_dqlite_test.go +++ b/src/k8s/pkg/k8sd/setup/k8s_dqlite_test.go @@ -28,7 +28,7 @@ func TestK8sDqlite(t *testing.T) { s := mustSetupSnapAndDirectories(t, setK8sDqliteMock) // Call the K8sDqlite setup function with mock arguments - g.Expect(setup.K8sDqlite(s, "192.168.0.1:1234", []string{"192.168.0.1:1234"}, nil)).To(BeNil()) + g.Expect(setup.K8sDqlite(s, "192.168.0.1:1234", []string{"192.168.0.1:1234"}, nil)).To(Succeed()) // Ensure the K8sDqlite arguments file has the expected arguments and values tests := []struct { @@ -42,7 +42,7 @@ func TestK8sDqlite(t *testing.T) { t.Run(tc.key, func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "k8s-dqlite", tc.key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(Equal(tc.expectedVal)) }) } @@ -50,7 +50,7 @@ func TestK8sDqlite(t *testing.T) { // Ensure the K8sDqlite arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "k8s-dqlite")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) t.Run("WithExtraArgs", func(t *testing.T) { @@ -65,7 +65,7 @@ func TestK8sDqlite(t *testing.T) { "--storage-dir": utils.Pointer("overridden-storage-dir"), } // Call the K8sDqlite setup function with mock arguments - g.Expect(setup.K8sDqlite(s, "192.168.0.1:1234", []string{"192.168.0.1:1234"}, extraArgs)).To(BeNil()) + g.Expect(setup.K8sDqlite(s, "192.168.0.1:1234", []string{"192.168.0.1:1234"}, extraArgs)).To(Succeed()) // Ensure the K8sDqlite arguments file has the expected arguments and values tests := []struct { @@ -79,7 +79,7 @@ func TestK8sDqlite(t *testing.T) { t.Run(tc.key, func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "k8s-dqlite", tc.key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(Equal(tc.expectedVal)) }) } @@ -88,14 +88,14 @@ func TestK8sDqlite(t *testing.T) { t.Run("--listen", func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "k8s-dqlite", "--listen") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(BeZero()) }) // Ensure the K8sDqlite arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "k8s-dqlite")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) t.Run("YAMLFileContents", func(t *testing.T) { @@ -112,10 +112,10 @@ func TestK8sDqlite(t *testing.T) { "192.168.0.3:1234", } - g.Expect(setup.K8sDqlite(s, "192.168.0.1:1234", cluster, nil)).To(BeNil()) + g.Expect(setup.K8sDqlite(s, "192.168.0.1:1234", cluster, nil)).To(Succeed()) b, err := os.ReadFile(filepath.Join(s.Mock.K8sDqliteStateDir, "init.yaml")) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(string(b)).To(Equal(expectedYaml)) }) diff --git a/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go b/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go index 1da6c7986..95f84042b 100644 --- a/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go +++ b/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go @@ -37,7 +37,7 @@ func TestKubeAPIServer(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeAPIServerMock) // Call the KubeAPIServer setup function with mock arguments - g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", true, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", nil)).To(BeNil()) + g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", true, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", nil)).To(Succeed()) // Ensure the kube-apiserver arguments file has the expected arguments and values tests := []struct { @@ -78,7 +78,7 @@ func TestKubeAPIServer(t *testing.T) { t.Run(tc.key, func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "kube-apiserver", tc.key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(Equal(tc.expectedVal)) }) } @@ -86,7 +86,7 @@ func TestKubeAPIServer(t *testing.T) { // Ensure the kube-apiserver arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-apiserver")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) t.Run("ArgsNoProxy", func(t *testing.T) { @@ -96,7 +96,7 @@ func TestKubeAPIServer(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeAPIServerMock) // Call the KubeAPIServer setup function with mock arguments - g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", nil)).To(BeNil()) + g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", nil)).To(Succeed()) // Ensure the kube-apiserver arguments file has the expected arguments and values tests := []struct { @@ -130,7 +130,7 @@ func TestKubeAPIServer(t *testing.T) { t.Run(tc.key, func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "kube-apiserver", tc.key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(Equal(tc.expectedVal)) }) } @@ -138,7 +138,7 @@ func TestKubeAPIServer(t *testing.T) { // Ensure the kube-apiserver arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-apiserver")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) t.Run("WithExtraArgs", func(t *testing.T) { @@ -153,7 +153,7 @@ func TestKubeAPIServer(t *testing.T) { "--my-extra-arg": utils.Pointer("my-extra-val"), } // Call the KubeAPIServer setup function with mock arguments - g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", true, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", extraArgs)).To(BeNil()) + g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", true, types.Datastore{Type: utils.Pointer("k8s-dqlite")}, "Node,RBAC", extraArgs)).To(Succeed()) // Ensure the kube-apiserver arguments file has the expected arguments and values tests := []struct { @@ -194,7 +194,7 @@ func TestKubeAPIServer(t *testing.T) { t.Run(tc.key, func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "kube-apiserver", tc.key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(Equal(tc.expectedVal)) }) } @@ -206,7 +206,7 @@ func TestKubeAPIServer(t *testing.T) { // Ensure the kube-apiserver arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-apiserver")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) t.Run("ArgsDualstack", func(t *testing.T) { g := NewWithT(t) @@ -214,7 +214,7 @@ func TestKubeAPIServer(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeAPIServerMock) // Setup without proxy to simplify argument list - g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24,fd01::/64", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("external"), ExternalServers: utils.Pointer([]string{"datastoreurl1", "datastoreurl2"})}, "Node,RBAC", nil)).To(BeNil()) + g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24,fd01::/64", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("external"), ExternalServers: utils.Pointer([]string{"datastoreurl1", "datastoreurl2"})}, "Node,RBAC", nil)).To(Succeed()) g.Expect(snaputil.GetServiceArgument(s, "kube-apiserver", "--service-cluster-ip-range")).To(Equal("10.0.0.0/24,fd01::/64")) _, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-apiserver")) @@ -227,7 +227,7 @@ func TestKubeAPIServer(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeAPIServerMock) // Setup without proxy to simplify argument list - g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("external"), ExternalServers: utils.Pointer([]string{"datastoreurl1", "datastoreurl2"})}, "Node,RBAC", nil)).To(BeNil()) + g.Expect(setup.KubeAPIServer(s, 6443, net.ParseIP("192.168.0.1"), "10.0.0.0/24", "https://auth-webhook.url", false, types.Datastore{Type: utils.Pointer("external"), ExternalServers: utils.Pointer([]string{"datastoreurl1", "datastoreurl2"})}, "Node,RBAC", nil)).To(Succeed()) g.Expect(snaputil.GetServiceArgument(s, "kube-apiserver", "--etcd-servers")).To(Equal("datastoreurl1,datastoreurl2")) _, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-apiserver")) diff --git a/src/k8s/pkg/k8sd/setup/kube_controller_manager_test.go b/src/k8s/pkg/k8sd/setup/kube_controller_manager_test.go index 453703095..45851c014 100644 --- a/src/k8s/pkg/k8sd/setup/kube_controller_manager_test.go +++ b/src/k8s/pkg/k8sd/setup/kube_controller_manager_test.go @@ -31,7 +31,7 @@ func TestKubeControllerManager(t *testing.T) { os.Create(filepath.Join(s.Mock.KubernetesPKIDir, "ca.key")) // Call the kube controller manager setup function - g.Expect(setup.KubeControllerManager(s, nil)).To(BeNil()) + g.Expect(setup.KubeControllerManager(s, nil)).To(Succeed()) // Ensure the kube controller manager arguments file has the expected arguments and values tests := []struct { @@ -63,7 +63,7 @@ func TestKubeControllerManager(t *testing.T) { // Ensure the kube controller manager arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-controller-manager")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) t.Run("MissingArgsDir", func(t *testing.T) { g := NewWithT(t) @@ -79,7 +79,7 @@ func TestKubeControllerManager(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeControllerManagerMock) // Call the kube controller manager setup function - g.Expect(setup.KubeControllerManager(s, nil)).To(BeNil()) + g.Expect(setup.KubeControllerManager(s, nil)).To(Succeed()) // Ensure the kube controller manager arguments file has the expected arguments and values tests := []struct { @@ -109,7 +109,7 @@ func TestKubeControllerManager(t *testing.T) { // Ensure the kube controller manager arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-controller-manager")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) t.Run("MissingArgsDir", func(t *testing.T) { g := NewWithT(t) @@ -133,7 +133,7 @@ func TestKubeControllerManager(t *testing.T) { "--my-extra-arg": utils.Pointer("my-extra-val"), } // Call the kube controller manager setup function - g.Expect(setup.KubeControllerManager(s, extraArgs)).To(BeNil()) + g.Expect(setup.KubeControllerManager(s, extraArgs)).To(Succeed()) // Ensure the kube controller manager arguments file has the expected arguments and values tests := []struct { @@ -170,7 +170,7 @@ func TestKubeControllerManager(t *testing.T) { // Ensure the kube controller manager arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-controller-manager")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) t.Run("MissingArgsDir", func(t *testing.T) { g := NewWithT(t) diff --git a/src/k8s/pkg/k8sd/setup/kube_proxy_test.go b/src/k8s/pkg/k8sd/setup/kube_proxy_test.go index 756f4f2a4..f0eb92cf8 100644 --- a/src/k8s/pkg/k8sd/setup/kube_proxy_test.go +++ b/src/k8s/pkg/k8sd/setup/kube_proxy_test.go @@ -28,10 +28,10 @@ func TestKubeProxy(t *testing.T) { }, } - g.Expect(setup.EnsureAllDirectories(s)).To(BeNil()) + g.Expect(setup.EnsureAllDirectories(s)).To(Succeed()) t.Run("Args", func(t *testing.T) { - g.Expect(setup.KubeProxy(context.Background(), s, "myhostname", "10.1.0.0/16", "127.0.0.1", nil)).To(BeNil()) + g.Expect(setup.KubeProxy(context.Background(), s, "myhostname", "10.1.0.0/16", "127.0.0.1", nil)).To(Succeed()) for key, expectedVal := range map[string]string{ "--cluster-cidr": "10.1.0.0/16", @@ -43,7 +43,7 @@ func TestKubeProxy(t *testing.T) { t.Run(key, func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "kube-proxy", key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(Equal(expectedVal)) }) } @@ -55,7 +55,7 @@ func TestKubeProxy(t *testing.T) { "--healthz-bind-address": nil, "--my-extra-arg": utils.Pointer("my-extra-val"), } - g.Expect(setup.KubeProxy(context.Background(), s, "myhostname", "10.1.0.0/16", "127.0.0.1", extraArgs)).To(BeNil()) + g.Expect(setup.KubeProxy(context.Background(), s, "myhostname", "10.1.0.0/16", "127.0.0.1", extraArgs)).To(Not(HaveOccurred())) for key, expectedVal := range map[string]string{ "--cluster-cidr": "10.1.0.0/16", @@ -68,7 +68,7 @@ func TestKubeProxy(t *testing.T) { t.Run(key, func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "kube-proxy", key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(Equal(expectedVal)) }) } @@ -80,7 +80,7 @@ func TestKubeProxy(t *testing.T) { s.Mock.OnLXD = true t.Run("ArgsOnLXD", func(t *testing.T) { - g.Expect(setup.KubeProxy(context.Background(), s, "myhostname", "10.1.0.0/16", "127.0.0.1", nil)).To(BeNil()) + g.Expect(setup.KubeProxy(context.Background(), s, "myhostname", "10.1.0.0/16", "127.0.0.1", nil)).To(Succeed()) for key, expectedVal := range map[string]string{ "--conntrack-max-per-core": "0", @@ -88,7 +88,7 @@ func TestKubeProxy(t *testing.T) { t.Run(key, func(t *testing.T) { g := NewWithT(t) val, err := snaputil.GetServiceArgument(s, "kube-proxy", key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(Equal(expectedVal)) }) } @@ -102,11 +102,11 @@ func TestKubeProxy(t *testing.T) { s.Mock.Hostname = "dev" s.Mock.ServiceArgumentsDir = filepath.Join(dir, "k8s") - g.Expect(setup.EnsureAllDirectories(s)).To(BeNil()) - g.Expect(setup.KubeProxy(context.Background(), s, "dev", "10.1.0.0/16", "127.0.0.1", nil)).To(BeNil()) + g.Expect(setup.EnsureAllDirectories(s)).To(Succeed()) + g.Expect(setup.KubeProxy(context.Background(), s, "dev", "10.1.0.0/16", "127.0.0.1", nil)).To(Succeed()) val, err := snaputil.GetServiceArgument(s, "kube-proxy", "--hostname-override") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(BeEmpty()) }) @@ -117,7 +117,7 @@ func TestKubeProxy(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeletMock) s.Mock.Hostname = "dev" - g.Expect(setup.KubeProxy(context.Background(), s, "dev", "fd98::/108", "[::1]", nil)).To(BeNil()) + g.Expect(setup.KubeProxy(context.Background(), s, "dev", "fd98::/108", "[::1]", nil)).To(Succeed()) tests := []struct { key string diff --git a/src/k8s/pkg/k8sd/setup/kube_scheduler_test.go b/src/k8s/pkg/k8sd/setup/kube_scheduler_test.go index 20339734a..35ae0583f 100644 --- a/src/k8s/pkg/k8sd/setup/kube_scheduler_test.go +++ b/src/k8s/pkg/k8sd/setup/kube_scheduler_test.go @@ -26,7 +26,7 @@ func TestKubeScheduler(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeSchedulerMock) // Call the kube scheduler setup function - g.Expect(setup.KubeScheduler(s, nil)).To(BeNil()) + g.Expect(setup.KubeScheduler(s, nil)).To(Succeed()) // Ensure the kube scheduler arguments file has the expected arguments and values tests := []struct { @@ -52,7 +52,7 @@ func TestKubeScheduler(t *testing.T) { // Ensure the kube scheduler arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-scheduler")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) @@ -68,7 +68,7 @@ func TestKubeScheduler(t *testing.T) { "--my-extra-arg": utils.Pointer("my-extra-val"), } // Call the kube scheduler setup function - g.Expect(setup.KubeScheduler(s, extraArgs)).To(BeNil()) + g.Expect(setup.KubeScheduler(s, extraArgs)).To(Succeed()) // Ensure the kube scheduler arguments file has the expected arguments and values tests := []struct { @@ -99,7 +99,7 @@ func TestKubeScheduler(t *testing.T) { // Ensure the kube scheduler arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-scheduler")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) diff --git a/src/k8s/pkg/k8sd/setup/kubelet_test.go b/src/k8s/pkg/k8sd/setup/kubelet_test.go index 32e8c0ca0..b2fc952df 100644 --- a/src/k8s/pkg/k8sd/setup/kubelet_test.go +++ b/src/k8s/pkg/k8sd/setup/kubelet_test.go @@ -89,7 +89,7 @@ func TestKubelet(t *testing.T) { // Ensure the kubelet arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kubelet")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) t.Run("ControlPlaneWithExtraArgs", func(t *testing.T) { @@ -153,7 +153,7 @@ func TestKubelet(t *testing.T) { // Ensure the kubelet arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kubelet")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) t.Run("ControlPlaneArgsNoOptional", func(t *testing.T) { @@ -163,7 +163,7 @@ func TestKubelet(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeletMock) // Call the kubelet control plane setup function - g.Expect(setup.KubeletControlPlane(s, "dev", nil, "", "", "", nil, nil)).To(BeNil()) + g.Expect(setup.KubeletControlPlane(s, "dev", nil, "", "", "", nil, nil)).To(Succeed()) tests := []struct { key string @@ -201,7 +201,7 @@ func TestKubelet(t *testing.T) { // Ensure the kubelet arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kubelet")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) t.Run("WorkerArgs", func(t *testing.T) { @@ -211,7 +211,7 @@ func TestKubelet(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeletMock) // Call the kubelet worker setup function - g.Expect(setup.KubeletWorker(s, "dev", net.ParseIP("192.168.0.1"), "10.152.1.1", "test-cluster.local", "provider", nil)).To(BeNil()) + g.Expect(setup.KubeletWorker(s, "dev", net.ParseIP("192.168.0.1"), "10.152.1.1", "test-cluster.local", "provider", nil)).To(Succeed()) // Ensure the kubelet arguments file has the expected arguments and values tests := []struct { @@ -254,7 +254,7 @@ func TestKubelet(t *testing.T) { // Ensure the kubelet arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kubelet")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) t.Run("WorkerWithExtraArgs", func(t *testing.T) { @@ -269,7 +269,7 @@ func TestKubelet(t *testing.T) { } // Call the kubelet worker setup function - g.Expect(setup.KubeletWorker(s, "dev", net.ParseIP("192.168.0.1"), "10.152.1.1", "test-cluster.local", "provider", extraArgs)).To(BeNil()) + g.Expect(setup.KubeletWorker(s, "dev", net.ParseIP("192.168.0.1"), "10.152.1.1", "test-cluster.local", "provider", extraArgs)).To(Succeed()) // Ensure the kubelet arguments file has the expected arguments and values tests := []struct { @@ -316,7 +316,7 @@ func TestKubelet(t *testing.T) { // Ensure the kubelet arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kubelet")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) t.Run("WorkerArgsNoOptional", func(t *testing.T) { @@ -326,7 +326,7 @@ func TestKubelet(t *testing.T) { s := mustSetupSnapAndDirectories(t, setKubeletMock) // Call the kubelet worker setup function - g.Expect(setup.KubeletWorker(s, "dev", nil, "", "", "", nil)).To(BeNil()) + g.Expect(setup.KubeletWorker(s, "dev", nil, "", "", "", nil)).To(Succeed()) // Ensure the kubelet arguments file has the expected arguments and values tests := []struct { @@ -365,7 +365,7 @@ func TestKubelet(t *testing.T) { // Ensure the kubelet arguments file has exactly the expected number of arguments args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kubelet")) g.Expect(err).ToNot(HaveOccurred()) - g.Expect(len(args)).To(Equal(len(tests))) + g.Expect(args).To(HaveLen(len(tests))) }) t.Run("ControlPlaneNoArgsDir", func(t *testing.T) { @@ -397,7 +397,7 @@ func TestKubelet(t *testing.T) { g.Expect(setup.KubeletControlPlane(s, "dev", net.ParseIP("192.168.0.1"), "10.152.1.1", "test-cluster.local", "provider", nil, nil)).To(Succeed()) val, err := snaputil.GetServiceArgument(s, "kubelet", "--hostname-override") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(val).To(BeEmpty()) }) diff --git a/src/k8s/pkg/k8sd/setup/util_kubeconfig_test.go b/src/k8s/pkg/k8sd/setup/util_kubeconfig_test.go index 6a51e0f4e..230f921b6 100644 --- a/src/k8s/pkg/k8sd/setup/util_kubeconfig_test.go +++ b/src/k8s/pkg/k8sd/setup/util_kubeconfig_test.go @@ -34,5 +34,5 @@ users: actual, err := setup.KubeconfigString("server", "ca", "crt", "key") g.Expect(actual).To(Equal(expectedConfig)) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) } diff --git a/src/k8s/pkg/k8sd/types/cluster_config_convert_loadbalancer_internal_test.go b/src/k8s/pkg/k8sd/types/cluster_config_convert_loadbalancer_internal_test.go index debaa6d20..413ac2390 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_convert_loadbalancer_internal_test.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_convert_loadbalancer_internal_test.go @@ -71,7 +71,7 @@ func Test_loadBalancerCIDRsFromAPI(t *testing.T) { t.Run("Nil", func(t *testing.T) { g := NewWithT(t) cidrs, ranges, err := loadBalancerCIDRsFromAPI(nil) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(cidrs).To(BeNil()) g.Expect(ranges).To(BeNil()) }) @@ -84,7 +84,7 @@ func Test_loadBalancerCIDRsFromAPI(t *testing.T) { if tc.expectErr { g.Expect(err).To(HaveOccurred()) } else { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(*cidrs).To(Equal(tc.internalCIDRs)) g.Expect(*ranges).To(Equal(tc.internalRanges)) } diff --git a/src/k8s/pkg/k8sd/types/cluster_config_convert_test.go b/src/k8s/pkg/k8sd/types/cluster_config_convert_test.go index 194eedc80..47ed49deb 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_convert_test.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_convert_test.go @@ -187,7 +187,7 @@ func TestClusterConfigFromBootstrapConfig(t *testing.T) { g := NewWithT(t) config, err := types.ClusterConfigFromBootstrapConfig(tc.bootstrap) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(config).To(Equal(tc.expectConfig)) }) } diff --git a/src/k8s/pkg/k8sd/types/cluster_config_kubelet_test.go b/src/k8s/pkg/k8sd/types/cluster_config_kubelet_test.go index 92c0cd7c9..eb6f6d99a 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_kubelet_test.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_kubelet_test.go @@ -72,7 +72,7 @@ func TestKubelet(t *testing.T) { g := NewWithT(t) cm, err := tc.kubelet.ToConfigMap(nil) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(cm).To(Equal(tc.configmap)) }) @@ -80,7 +80,7 @@ func TestKubelet(t *testing.T) { g := NewWithT(t) k, err := types.KubeletFromConfigMap(tc.configmap, nil) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(k).To(Equal(tc.kubelet)) }) }) @@ -90,7 +90,7 @@ func TestKubelet(t *testing.T) { func TestKubeletSign(t *testing.T) { g := NewWithT(t) key, err := rsa.GenerateKey(rand.Reader, 4096) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) kubelet := types.Kubelet{ CloudProvider: utils.Pointer("external"), @@ -99,14 +99,14 @@ func TestKubeletSign(t *testing.T) { } configmap, err := kubelet.ToConfigMap(key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(configmap).To(HaveKeyWithValue("k8sd-mac", Not(BeEmpty()))) t.Run("NoSign", func(t *testing.T) { g := NewWithT(t) configmap, err := kubelet.ToConfigMap(nil) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(configmap).To(Not(HaveKey("k8sd-mac"))) }) @@ -114,7 +114,7 @@ func TestKubeletSign(t *testing.T) { g := NewWithT(t) fromKubelet, err := types.KubeletFromConfigMap(configmap, &key.PublicKey) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(fromKubelet).To(Equal(kubelet)) }) @@ -122,7 +122,7 @@ func TestKubeletSign(t *testing.T) { g := NewWithT(t) configmap2, err := kubelet.ToConfigMap(key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(configmap2).To(Equal(configmap)) }) @@ -130,7 +130,7 @@ func TestKubeletSign(t *testing.T) { g := NewWithT(t) wrongKey, err := rsa.GenerateKey(rand.Reader, 2048) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) cm, err := types.KubeletFromConfigMap(configmap, &wrongKey.PublicKey) g.Expect(cm).To(BeZero()) @@ -142,10 +142,10 @@ func TestKubeletSign(t *testing.T) { t.Run(editKey, func(t *testing.T) { g := NewWithT(t) key, err := rsa.GenerateKey(rand.Reader, 2048) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) c, err := kubelet.ToConfigMap(key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(c).To(HaveKeyWithValue("k8sd-mac", Not(BeEmpty()))) t.Run("Manipulated", func(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/types/cluster_config_merge_test.go b/src/k8s/pkg/k8sd/types/cluster_config_merge_test.go index e77f44fcb..532ec3f1c 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_merge_test.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_merge_test.go @@ -208,9 +208,9 @@ func TestMergeClusterConfig(t *testing.T) { result, err := types.MergeClusterConfig(tc.old, tc.new) if tc.expectErr { - g.Expect(err).ToNot(BeNil()) + g.Expect(err).To(HaveOccurred()) } else { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(result).To(Equal(tc.expectResult)) } }) @@ -408,7 +408,7 @@ func TestMergeClusterConfig_Scenarios(t *testing.T) { if tc.expectErr { g.Expect(err).To(HaveOccurred()) } else { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(merged).To(Equal(tc.expectMerged)) } }) diff --git a/src/k8s/pkg/k8sd/types/cluster_config_merge_util_test.go b/src/k8s/pkg/k8sd/types/cluster_config_merge_util_test.go index 251826d1c..24032c9b9 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_merge_util_test.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_merge_util_test.go @@ -28,12 +28,12 @@ func Test_mergeField(t *testing.T) { result, err := mergeField(tc.old, tc.new, tc.allowChange) switch { case tc.expectErr: - g.Expect(err).ToNot(BeNil()) + g.Expect(err).To(HaveOccurred()) case tc.expectVal == nil: - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(result).To(BeNil()) case tc.expectVal != nil: - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(*result).To(Equal(*tc.expectVal)) } }) @@ -60,12 +60,12 @@ func Test_mergeField(t *testing.T) { result, err := mergeField(tc.old, tc.new, tc.allowChange) switch { case tc.expectErr: - g.Expect(err).ToNot(BeNil()) + g.Expect(err).To(HaveOccurred()) case tc.expectVal == nil: - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(result).To(BeNil()) case tc.expectVal != nil: - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(*result).To(Equal(*tc.expectVal)) } }) @@ -94,12 +94,12 @@ func Test_mergeField(t *testing.T) { result, err := mergeField(tc.old, tc.new, tc.allowChange) switch { case tc.expectErr: - g.Expect(err).ToNot(BeNil()) + g.Expect(err).To(HaveOccurred()) case tc.expectVal == nil: - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(result).To(BeNil()) case tc.expectVal != nil: - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(*result).To(Equal(*tc.expectVal)) } }) @@ -128,12 +128,12 @@ func Test_mergeSliceField(t *testing.T) { result, err := mergeSliceField(tc.old, tc.new, tc.allowChange) switch { case tc.expectErr: - g.Expect(err).ToNot(BeNil()) + g.Expect(err).To(HaveOccurred()) case tc.expectVal == nil: - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(result).To(BeNil()) case tc.expectVal != nil: - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(*result).To(Equal(*tc.expectVal)) } }) diff --git a/src/k8s/pkg/k8sd/types/cluster_config_validate_test.go b/src/k8s/pkg/k8sd/types/cluster_config_validate_test.go index b2ef53af5..d24ca3fdb 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_validate_test.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_validate_test.go @@ -36,7 +36,7 @@ func TestValidateCIDR(t *testing.T) { if tc.expectPodErr { g.Expect(err).To(HaveOccurred()) } else { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) } }) t.Run("Service", func(t *testing.T) { @@ -51,7 +51,7 @@ func TestValidateCIDR(t *testing.T) { if tc.expectSvcErr { g.Expect(err).To(HaveOccurred()) } else { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) } }) }) @@ -126,7 +126,7 @@ func TestValidateExternalServers(t *testing.T) { if tc.expectErr { g.Expect(err).To(HaveOccurred()) } else { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) } }) } diff --git a/src/k8s/pkg/k8sd/types/worker_test.go b/src/k8s/pkg/k8sd/types/worker_test.go index 586ffa032..cc5692185 100644 --- a/src/k8s/pkg/k8sd/types/worker_test.go +++ b/src/k8s/pkg/k8sd/types/worker_test.go @@ -17,11 +17,11 @@ func TestWorkerTokenEncode(t *testing.T) { g := NewWithT(t) s, err := token.Encode() - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(s).ToNot(BeEmpty()) decoded := &types.InternalWorkerNodeToken{} err = decoded.Decode(s) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(decoded).To(Equal(token)) } diff --git a/src/k8s/pkg/snap/pebble_test.go b/src/k8s/pkg/snap/pebble_test.go index 41deb4917..e90b21e39 100644 --- a/src/k8s/pkg/snap/pebble_test.go +++ b/src/k8s/pkg/snap/pebble_test.go @@ -21,7 +21,7 @@ func TestPebble(t *testing.T) { }) err := snap.StartService(context.Background(), "test-service") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(mockRunner.CalledWithCommand).To(ConsistOf("testdir/bin/pebble start test-service")) t.Run("Fail", func(t *testing.T) { @@ -29,7 +29,7 @@ func TestPebble(t *testing.T) { mockRunner.Err = fmt.Errorf("some error") err := snap.StartService(context.Background(), "test-service") - g.Expect(err).NotTo(BeNil()) + g.Expect(err).To(HaveOccurred()) }) }) @@ -42,7 +42,7 @@ func TestPebble(t *testing.T) { RunCommand: mockRunner.Run, }) err := snap.StopService(context.Background(), "test-service") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(mockRunner.CalledWithCommand).To(ConsistOf("testdir/bin/pebble stop test-service")) t.Run("Fail", func(t *testing.T) { @@ -50,7 +50,7 @@ func TestPebble(t *testing.T) { mockRunner.Err = fmt.Errorf("some error") err := snap.StartService(context.Background(), "test-service") - g.Expect(err).NotTo(BeNil()) + g.Expect(err).To(HaveOccurred()) }) }) @@ -64,7 +64,7 @@ func TestPebble(t *testing.T) { }) err := snap.RestartService(context.Background(), "test-service") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(mockRunner.CalledWithCommand).To(ConsistOf("testdir/bin/pebble restart test-service")) t.Run("Fail", func(t *testing.T) { @@ -72,7 +72,7 @@ func TestPebble(t *testing.T) { mockRunner.Err = fmt.Errorf("some error") err := snap.StartService(context.Background(), "service") - g.Expect(err).NotTo(BeNil()) + g.Expect(err).To(HaveOccurred()) }) }) } diff --git a/src/k8s/pkg/snap/snap_test.go b/src/k8s/pkg/snap/snap_test.go index 44a9f95b4..54bc4ed9d 100644 --- a/src/k8s/pkg/snap/snap_test.go +++ b/src/k8s/pkg/snap/snap_test.go @@ -21,7 +21,7 @@ func TestSnap(t *testing.T) { }) err := snap.StartService(context.Background(), "test-service") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(mockRunner.CalledWithCommand).To(ConsistOf("snapctl start --enable k8s.test-service")) t.Run("Fail", func(t *testing.T) { @@ -29,7 +29,7 @@ func TestSnap(t *testing.T) { mockRunner.Err = fmt.Errorf("some error") err := snap.StartService(context.Background(), "test-service") - g.Expect(err).NotTo(BeNil()) + g.Expect(err).To(HaveOccurred()) }) }) @@ -42,7 +42,7 @@ func TestSnap(t *testing.T) { RunCommand: mockRunner.Run, }) err := snap.StopService(context.Background(), "test-service") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(mockRunner.CalledWithCommand).To(ConsistOf("snapctl stop --disable k8s.test-service")) t.Run("Fail", func(t *testing.T) { @@ -50,7 +50,7 @@ func TestSnap(t *testing.T) { mockRunner.Err = fmt.Errorf("some error") err := snap.StartService(context.Background(), "test-service") - g.Expect(err).NotTo(BeNil()) + g.Expect(err).To(HaveOccurred()) }) }) @@ -64,7 +64,7 @@ func TestSnap(t *testing.T) { }) err := snap.RestartService(context.Background(), "test-service") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(mockRunner.CalledWithCommand).To(ConsistOf("snapctl restart k8s.test-service")) t.Run("Fail", func(t *testing.T) { @@ -72,7 +72,7 @@ func TestSnap(t *testing.T) { mockRunner.Err = fmt.Errorf("some error") err := snap.StartService(context.Background(), "service") - g.Expect(err).NotTo(BeNil()) + g.Expect(err).To(HaveOccurred()) }) }) } diff --git a/src/k8s/pkg/snap/util/arguments_test.go b/src/k8s/pkg/snap/util/arguments_test.go index f2550dd09..132d3f1e1 100644 --- a/src/k8s/pkg/snap/util/arguments_test.go +++ b/src/k8s/pkg/snap/util/arguments_test.go @@ -32,7 +32,7 @@ func TestGetServiceArgument(t *testing.T) { --key=value-of-service-two `, } { - g.Expect(os.WriteFile(filepath.Join(dir, svc), []byte(args), 0600)).To(BeNil()) + g.Expect(os.WriteFile(filepath.Join(dir, svc), []byte(args), 0600)).To(Succeed()) } for _, tc := range []struct { @@ -56,9 +56,9 @@ func TestGetServiceArgument(t *testing.T) { value, err := snaputil.GetServiceArgument(s, tc.service, tc.key) if tc.expectErr { - g.Expect(err).ToNot(BeNil()) + g.Expect(err).To(HaveOccurred()) } else { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(value).To(Equal(tc.expectValue)) } }) @@ -75,14 +75,14 @@ func TestUpdateServiceArguments(t *testing.T) { } _, err := snaputil.GetServiceArgument(s, "service", "--key") - g.Expect(err).ToNot(BeNil()) + g.Expect(err).To(HaveOccurred()) changed, err := snaputil.UpdateServiceArguments(s, "service", map[string]string{"--key": "value"}, nil) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(changed).To(BeTrue()) value, err := snaputil.GetServiceArgument(s, "service", "--key") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(value).To(Equal("value")) }) @@ -183,11 +183,11 @@ func TestUpdateServiceArguments(t *testing.T) { }, } changed, err := snaputil.UpdateServiceArguments(s, "service", initialArguments, nil) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(changed).To(BeTrue()) changed, err = snaputil.UpdateServiceArguments(s, "service", tc.update, tc.delete) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(changed).To(Equal(tc.expectedChange)) for key, expectedValue := range tc.expectedValues { @@ -197,7 +197,7 @@ func TestUpdateServiceArguments(t *testing.T) { t.Run("Reapply", func(t *testing.T) { g := NewWithT(t) changed, err := snaputil.UpdateServiceArguments(s, "service", tc.update, tc.delete) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(changed).To(BeFalse()) }) }) diff --git a/src/k8s/pkg/snap/util/node_test.go b/src/k8s/pkg/snap/util/node_test.go index 88b21fcb4..5529609e9 100644 --- a/src/k8s/pkg/snap/util/node_test.go +++ b/src/k8s/pkg/snap/util/node_test.go @@ -26,7 +26,7 @@ func TestIsWorker(t *testing.T) { lock.Close() exists, err := snaputil.IsWorker(mock) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(exists).To(BeTrue()) }) @@ -34,7 +34,7 @@ func TestIsWorker(t *testing.T) { mock.Mock.LockFilesDir = "/non-existent" g := NewWithT(t) exists, err := snaputil.IsWorker(mock) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(exists).To(BeFalse()) }) } @@ -52,24 +52,24 @@ func TestMarkAsWorkerNode(t *testing.T) { t.Run("MarkWorker", func(t *testing.T) { g := NewWithT(t) err := snaputil.MarkAsWorkerNode(mock, true) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) workerFile := filepath.Join(mock.LockFilesDir(), "worker") g.Expect(workerFile).To(BeAnExistingFile()) // Clean up err = os.Remove(workerFile) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) }) t.Run("UnmarkWorker", func(t *testing.T) { g := NewWithT(t) workerFile := filepath.Join(mock.LockFilesDir(), "worker") _, err := os.Create(workerFile) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) err = snaputil.MarkAsWorkerNode(mock, false) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(workerFile).NotTo(BeAnExistingFile()) }) diff --git a/src/k8s/pkg/utils/certificate_test.go b/src/k8s/pkg/utils/certificate_test.go index f9becb155..c40c3a533 100644 --- a/src/k8s/pkg/utils/certificate_test.go +++ b/src/k8s/pkg/utils/certificate_test.go @@ -40,18 +40,18 @@ func TestTLSClientConfigWithTrustedCertificate(t *testing.T) { tlsConfig, err := utils.TLSClientConfigWithTrustedCertificate(remoteCert, rootCAs) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(tlsConfig.ServerName).To(Equal("bubblegum.com")) g.Expect(tlsConfig.RootCAs.Subjects()).To(ContainElement(remoteCert.RawSubject)) // Test with invalid remote certificate tlsConfig, err = utils.TLSClientConfigWithTrustedCertificate(nil, rootCAs) - g.Expect(err).ToNot(BeNil()) + g.Expect(err).To(HaveOccurred()) g.Expect(tlsConfig).To(BeNil()) // Test with nil root CAs _, err = utils.TLSClientConfigWithTrustedCertificate(remoteCert, nil) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) } func TestCertFingerprint(t *testing.T) { diff --git a/src/k8s/pkg/utils/cidr_test.go b/src/k8s/pkg/utils/cidr_test.go index cd052165d..8a9658995 100644 --- a/src/k8s/pkg/utils/cidr_test.go +++ b/src/k8s/pkg/utils/cidr_test.go @@ -24,7 +24,7 @@ func TestGetFirstIP(t *testing.T) { t.Run(tc.cidr, func(t *testing.T) { g := NewWithT(t) ip, err := utils.GetFirstIP(tc.cidr) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(ip.String()).To(Equal(tc.ip)) }) } @@ -49,7 +49,7 @@ func TestGetKubernetesServiceIPsFromServiceCIDRs(t *testing.T) { ips[idx] = v.String() } - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(ips).To(Equal(tc.ips)) }) } @@ -66,7 +66,7 @@ func TestGetKubernetesServiceIPsFromServiceCIDRs(t *testing.T) { g := NewWithT(t) _, err := utils.GetKubernetesServiceIPsFromServiceCIDRs(tc.cidr) - g.Expect(err).ToNot(BeNil()) + g.Expect(err).To(HaveOccurred()) }) } }) @@ -171,13 +171,14 @@ func TestParseCIDRs(t *testing.T) { for _, tc := range testCases { t.Run(tc.input, func(t *testing.T) { + g := NewWithT(t) ipv4CIDR, ipv6CIDR, err := utils.SplitCIDRStrings(tc.input) if tc.expectedErr { - Expect(err).To(HaveOccurred()) + g.Expect(err).To(HaveOccurred()) } else { - Expect(err).To(BeNil()) - Expect(ipv4CIDR).To(Equal(tc.expectedIPv4)) - Expect(ipv6CIDR).To(Equal(tc.expectedIPv6)) + g.Expect(err).To(Not(HaveOccurred())) + g.Expect(ipv4CIDR).To(Equal(tc.expectedIPv4)) + g.Expect(ipv6CIDR).To(Equal(tc.expectedIPv6)) } }) } diff --git a/src/k8s/pkg/utils/errors/errors.go b/src/k8s/pkg/utils/errors/errors.go deleted file mode 100644 index a363850cb..000000000 --- a/src/k8s/pkg/utils/errors/errors.go +++ /dev/null @@ -1,16 +0,0 @@ -package errors - -import "errors" - -// DeeplyUnwrapError unwraps an wrapped error. -// DeeplyUnwrapError will return the innermost error for deeply nested errors. -// DeeplyUnwrapError will return the existing error if the error is not wrapped. -func DeeplyUnwrapError(err error) error { - for { - cause := errors.Unwrap(err) - if cause == nil { - return err - } - err = cause - } -} diff --git a/src/k8s/pkg/utils/errors/errors_test.go b/src/k8s/pkg/utils/errors/errors_test.go deleted file mode 100644 index 3562695c5..000000000 --- a/src/k8s/pkg/utils/errors/errors_test.go +++ /dev/null @@ -1,46 +0,0 @@ -package errors - -import ( - "errors" - "fmt" - "testing" - - "github.com/onsi/gomega" -) - -func TestDeeplyUnwrapError(t *testing.T) { - g := gomega.NewWithT(t) - - t.Run("when error is not wrapped", func(t *testing.T) { - err := errors.New("test error") - unwrapped := DeeplyUnwrapError(err) - - g.Expect(unwrapped).To(gomega.Equal(err)) - }) - - t.Run("when error is wrapped once", func(t *testing.T) { - innerErr := errors.New("inner error") - err := fmt.Errorf("outer wrapper: %w", innerErr) - - unwrapped := DeeplyUnwrapError(err) - - g.Expect(unwrapped).To(gomega.Equal(innerErr)) - }) - - t.Run("when error is deeply nested", func(t *testing.T) { - innermostErr := errors.New("innermost error") - innerErr := fmt.Errorf("middle wrapper: %w", innermostErr) - err := fmt.Errorf("outer wrapper: %w", innerErr) - - unwrapped := DeeplyUnwrapError(err) - - g.Expect(unwrapped).To(gomega.Equal(innermostErr)) - }) - - t.Run("when error is nil", func(t *testing.T) { - var err error - unwrapped := DeeplyUnwrapError(err) - - g.Expect(unwrapped).To(gomega.BeNil()) - }) -} diff --git a/src/k8s/pkg/utils/file_test.go b/src/k8s/pkg/utils/file_test.go index 85af2f79c..056056651 100644 --- a/src/k8s/pkg/utils/file_test.go +++ b/src/k8s/pkg/utils/file_test.go @@ -157,17 +157,17 @@ func TestFileExists(t *testing.T) { testFilePath := fmt.Sprintf("%s/myfile", t.TempDir()) _, err := os.Create(testFilePath) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) fileExists, err := utils.FileExists(testFilePath) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(fileExists).To(BeTrue()) err = os.Remove(testFilePath) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) fileExists, err = utils.FileExists(testFilePath) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(fileExists).To(BeFalse()) } diff --git a/src/k8s/pkg/utils/hostname_test.go b/src/k8s/pkg/utils/hostname_test.go index 752fb5125..694c15ec1 100644 --- a/src/k8s/pkg/utils/hostname_test.go +++ b/src/k8s/pkg/utils/hostname_test.go @@ -28,10 +28,10 @@ func TestCleanHostname(t *testing.T) { g := NewWithT(t) hostname, err := utils.CleanHostname(tc.hostname) if tc.expectValid { - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(hostname).To(Equal(tc.expectHostname)) } else { - g.Expect(err).To(Not(BeNil())) + g.Expect(err).To(HaveOccurred()) } }) } diff --git a/src/k8s/pkg/utils/pki/generate_test.go b/src/k8s/pkg/utils/pki/generate_test.go index e2fe9976c..1ab80c819 100644 --- a/src/k8s/pkg/utils/pki/generate_test.go +++ b/src/k8s/pkg/utils/pki/generate_test.go @@ -14,20 +14,20 @@ func TestGenerateSelfSignedCA(t *testing.T) { cert, key, err := pkiutil.GenerateSelfSignedCA(pkix.Name{CommonName: "test-cert"}, notBefore, notBefore.AddDate(10, 0, 0), 2048) g := NewWithT(t) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(cert).ToNot(BeEmpty()) g.Expect(key).ToNot(BeEmpty()) t.Run("Load", func(t *testing.T) { c, k, err := pkiutil.LoadCertificate(cert, key) - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(c).ToNot(BeNil()) g.Expect(k).ToNot(BeNil()) }) t.Run("LoadCertOnly", func(t *testing.T) { cert, key, err := pkiutil.LoadCertificate(cert, "") - g.Expect(err).To(BeNil()) + g.Expect(err).To(Not(HaveOccurred())) g.Expect(cert).ToNot(BeNil()) g.Expect(key).To(BeNil()) }) From 0b2daa502617cbbcc88c5d7bec0693b153263fab Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Mon, 21 Oct 2024 14:59:28 +0200 Subject: [PATCH 067/122] Enable gocritic linter (#738) --- .golangci.yml | 13 ++++++------- src/k8s/cmd/util/hooks.go | 10 +++++----- src/k8s/pkg/docgen/json_struct.go | 2 +- .../k8sd/controllers/control_plane_configuration.go | 3 +-- src/k8s/pkg/k8sd/features/cilium/chart.go | 2 +- src/k8s/pkg/k8sd/features/cilium/ingress_test.go | 2 +- src/k8s/pkg/k8sd/features/cilium/loadbalancer.go | 9 +++++---- src/k8s/pkg/k8sd/features/metallb/loadbalancer.go | 7 ++++--- .../features/metrics-server/metrics_server_test.go | 7 ++++--- src/k8s/pkg/snap/mock/mock.go | 2 +- src/k8s/pkg/utils/cidr.go | 4 ++-- src/k8s/pkg/utils/pki/load.go | 6 ++---- 12 files changed, 33 insertions(+), 34 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 57332cbfc..b12dd5f13 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -32,16 +32,14 @@ linters: # - funlen - TODO(ben): maybe consider later; needs some refactoring - gci - ginkgolinter + - gocheckcompilerdirectives + # - gochecknoglobals - TODO(ben): We have some global vars, maybe refactor later as this sounds like a useful linter + - gochecksumtype + # - goconst - TODO(ben): Consider moving consts into separate package + - gocritic # TODO(ben): Enable those linters step by step and fix existing issues. -# - gocheckcompilerdirectives -# - gochecknoglobals -# - gochecknoinits -# - gochecksumtype -# - gocognit -# - goconst -# - gocritic # - gocyclo # - godot # - godox @@ -329,3 +327,4 @@ issues: - dupword - err113 - forcetypeassert + - goconst diff --git a/src/k8s/cmd/util/hooks.go b/src/k8s/cmd/util/hooks.go index a02dc64c3..6069a8f12 100644 --- a/src/k8s/cmd/util/hooks.go +++ b/src/k8s/cmd/util/hooks.go @@ -25,15 +25,15 @@ func getFileOwnerAndGroup(filePath string) (uid, gid uint32, err error) { // ValidateRootOwnership checks if the specified path is owned by the root user and root group. func ValidateRootOwnership(path string) (err error) { - UID, GID, err := getFileOwnerAndGroup(path) + uid, gid, err := getFileOwnerAndGroup(path) if err != nil { return err } - if UID != 0 { - return fmt.Errorf("owner of %s is user with UID %d expected 0", path, UID) + if uid != 0 { + return fmt.Errorf("owner of %s is user with UID %d expected 0", path, uid) } - if GID != 0 { - return fmt.Errorf("owner of %s is group with GID %d expected 0", path, GID) + if gid != 0 { + return fmt.Errorf("owner of %s is group with GID %d expected 0", path, gid) } return nil } diff --git a/src/k8s/pkg/docgen/json_struct.go b/src/k8s/pkg/docgen/json_struct.go index 097a886d0..d102fbced 100755 --- a/src/k8s/pkg/docgen/json_struct.go +++ b/src/k8s/pkg/docgen/json_struct.go @@ -36,7 +36,7 @@ func MarkdownFromJsonStruct(i any, projectDir string) (string, error) { var out strings.Builder for _, field := range fields { - outFieldType := strings.Replace(field.TypeName, "*", "", -1) + outFieldType := strings.ReplaceAll(field.TypeName, "*", "") entry := fmt.Sprintf(entryTemplate, field.FullJsonPath, outFieldType, field.Docstring) out.WriteString(entry) } diff --git a/src/k8s/pkg/k8sd/controllers/control_plane_configuration.go b/src/k8s/pkg/k8sd/controllers/control_plane_configuration.go index 8e29eae83..c70713060 100644 --- a/src/k8s/pkg/k8sd/controllers/control_plane_configuration.go +++ b/src/k8s/pkg/k8sd/controllers/control_plane_configuration.go @@ -71,8 +71,7 @@ func (c *ControlPlaneConfigurationController) Run(ctx context.Context, getCluste func (c *ControlPlaneConfigurationController) reconcile(ctx context.Context, config types.ClusterConfig) error { // kube-apiserver: external datastore - switch config.Datastore.GetType() { - case "external": + if config.Datastore.GetType() == "external" { // certificates certificatesChanged, err := setup.EnsureExtDatastorePKI(c.snap, &pki.ExternalDatastorePKI{ DatastoreCACert: config.Datastore.GetExternalCACert(), diff --git a/src/k8s/pkg/k8sd/features/cilium/chart.go b/src/k8s/pkg/k8sd/features/cilium/chart.go index bcae2b11b..2452087d4 100644 --- a/src/k8s/pkg/k8sd/features/cilium/chart.go +++ b/src/k8s/pkg/k8sd/features/cilium/chart.go @@ -28,7 +28,7 @@ var ( ManifestPath: filepath.Join("charts", "gateway-api-1.0.0.tgz"), } - //chartGatewayClass represents a manifest to deploy a GatewayClass called ck-gateway. + // chartGatewayClass represents a manifest to deploy a GatewayClass called ck-gateway. chartGatewayClass = helm.InstallableChart{ Name: "ck-gateway-class", Namespace: "default", diff --git a/src/k8s/pkg/k8sd/features/cilium/ingress_test.go b/src/k8s/pkg/k8sd/features/cilium/ingress_test.go index af74b4920..6a8e4977c 100644 --- a/src/k8s/pkg/k8sd/features/cilium/ingress_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/ingress_test.go @@ -27,7 +27,7 @@ func TestIngress(t *testing.T) { applyChanged bool ingressEnabled bool helmErr error - //then + // then statusMsg string statusEnabled bool }{ diff --git a/src/k8s/pkg/k8sd/features/cilium/loadbalancer.go b/src/k8s/pkg/k8sd/features/cilium/loadbalancer.go index 276ffaa68..b642be977 100644 --- a/src/k8s/pkg/k8sd/features/cilium/loadbalancer.go +++ b/src/k8s/pkg/k8sd/features/cilium/loadbalancer.go @@ -50,19 +50,20 @@ func ApplyLoadBalancer(ctx context.Context, snap snap.Snap, loadbalancer types.L }, err } - if loadbalancer.GetBGPMode() { + switch { + case loadbalancer.GetBGPMode(): return types.FeatureStatus{ Enabled: true, Version: CiliumAgentImageTag, Message: fmt.Sprintf(lbEnabledMsgTmpl, "BGP"), }, nil - } else if loadbalancer.GetL2Mode() { + case loadbalancer.GetL2Mode(): return types.FeatureStatus{ Enabled: true, Version: CiliumAgentImageTag, Message: fmt.Sprintf(lbEnabledMsgTmpl, "L2"), }, nil - } else { + default: return types.FeatureStatus{ Enabled: true, Version: CiliumAgentImageTag, @@ -198,7 +199,7 @@ func waitForRequiredLoadBalancerCRDs(ctx context.Context, snap snap.Snap, bgpMod requiredCount := len(requiredCRDs) for _, resource := range resources.APIResources { if _, ok := requiredCRDs[resource.Name]; ok { - requiredCount = requiredCount - 1 + requiredCount-- } } return requiredCount == 0, nil diff --git a/src/k8s/pkg/k8sd/features/metallb/loadbalancer.go b/src/k8s/pkg/k8sd/features/metallb/loadbalancer.go index 63df51e3b..1953420f6 100644 --- a/src/k8s/pkg/k8sd/features/metallb/loadbalancer.go +++ b/src/k8s/pkg/k8sd/features/metallb/loadbalancer.go @@ -47,19 +47,20 @@ func ApplyLoadBalancer(ctx context.Context, snap snap.Snap, loadbalancer types.L }, err } - if loadbalancer.GetBGPMode() { + switch { + case loadbalancer.GetBGPMode(): return types.FeatureStatus{ Enabled: true, Version: ControllerImageTag, Message: fmt.Sprintf(enabledMsgTmpl, "BGP"), }, nil - } else if loadbalancer.GetL2Mode() { + case loadbalancer.GetL2Mode(): return types.FeatureStatus{ Enabled: true, Version: ControllerImageTag, Message: fmt.Sprintf(enabledMsgTmpl, "L2"), }, nil - } else { + default: return types.FeatureStatus{ Enabled: true, Version: ControllerImageTag, diff --git a/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go b/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go index 4410e5bd4..c6bdb78f0 100644 --- a/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go +++ b/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go @@ -79,11 +79,12 @@ func TestApplyMetricsServer(t *testing.T) { HaveField("Chart.Namespace", Equal("kube-system")), HaveField("State", Equal(tc.expectState)), ))) - if errors.Is(tc.helmError, helmErr) { + switch { + case errors.Is(tc.helmError, helmErr): g.Expect(status.Message).To(ContainSubstring(helmErr.Error())) - } else if tc.config.GetEnabled() { + case tc.config.GetEnabled(): g.Expect(status.Message).To(Equal("enabled")) - } else { + default: g.Expect(status.Message).To(Equal("disabled")) } }) diff --git a/src/k8s/pkg/snap/mock/mock.go b/src/k8s/pkg/snap/mock/mock.go index fc9261720..4120303ca 100644 --- a/src/k8s/pkg/snap/mock/mock.go +++ b/src/k8s/pkg/snap/mock/mock.go @@ -200,7 +200,7 @@ func (s *Snap) SnapctlGet(ctx context.Context, args ...string) ([]byte, error) { return s.Mock.SnapctlGet[strings.Join(args, " ")], s.SnapctlGetErr } func (s *Snap) SnapctlSet(ctx context.Context, args ...string) error { - s.SnapctlSetCalledWith = append(s.SnapctlGetCalledWith, args) + s.SnapctlSetCalledWith = append(s.SnapctlSetCalledWith, args) return s.SnapctlSetErr } func (s *Snap) PreInitChecks(ctx context.Context, config types.ClusterConfig) error { diff --git a/src/k8s/pkg/utils/cidr.go b/src/k8s/pkg/utils/cidr.go index 32600325c..015eea3af 100644 --- a/src/k8s/pkg/utils/cidr.go +++ b/src/k8s/pkg/utils/cidr.go @@ -167,8 +167,8 @@ func GetDefaultAddress() (ipv4, ipv6 string, err error) { } // SplitCIDRStrings parses the given CIDR string and returns the respective IPv4 and IPv6 CIDRs. -func SplitCIDRStrings(CIDRstring string) (string, string, error) { - clusterCIDRs := strings.Split(CIDRstring, ",") +func SplitCIDRStrings(cidrString string) (string, string, error) { + clusterCIDRs := strings.Split(cidrString, ",") if v := len(clusterCIDRs); v != 1 && v != 2 { return "", "", fmt.Errorf("invalid CIDR list: %v", clusterCIDRs) } diff --git a/src/k8s/pkg/utils/pki/load.go b/src/k8s/pkg/utils/pki/load.go index 705efc8ba..46c0d23fe 100644 --- a/src/k8s/pkg/utils/pki/load.go +++ b/src/k8s/pkg/utils/pki/load.go @@ -64,8 +64,7 @@ func LoadRSAPublicKey(keyPEM string) (*rsa.PublicKey, error) { if pb == nil { return nil, fmt.Errorf("failed to parse PEM block") } - switch pb.Type { - case "PUBLIC KEY": + if pb.Type == "PUBLIC KEY" { parsed, err := x509.ParsePKIXPublicKey(pb.Bytes) if err != nil { return nil, fmt.Errorf("failed to parse public key: %w", err) @@ -86,8 +85,7 @@ func LoadCertificateRequest(csrPEM string) (*x509.CertificateRequest, error) { if pb == nil { return nil, fmt.Errorf("failed to parse certificate request PEM") } - switch pb.Type { - case "CERTIFICATE REQUEST": + if pb.Type == "CERTIFICATE REQUEST" { parsed, err := x509.ParseCertificateRequest(pb.Bytes) if err != nil { return nil, fmt.Errorf("failed to parse certificate request: %w", err) From 6e585f1e8dded527d8ad1814038c760e99480d09 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Mon, 21 Oct 2024 18:34:05 +0200 Subject: [PATCH 068/122] Enable godot (#739) --- .golangci.yml | 3 +-- src/k8s/pkg/client/dqlite/util_test.go | 2 +- src/k8s/pkg/client/helm/mock/mock.go | 4 ++-- src/k8s/pkg/client/kubernetes/server_groups.go | 2 +- src/k8s/pkg/k8sd/api/certificates_refresh.go | 2 +- src/k8s/pkg/k8sd/api/response.go | 4 ++-- src/k8s/pkg/k8sd/app/app.go | 2 +- src/k8s/pkg/k8sd/app/provider.go | 2 +- src/k8s/pkg/k8sd/controllers/control_plane_configuration.go | 4 ++-- .../k8sd/controllers/control_plane_configuration_test.go | 2 +- src/k8s/pkg/k8sd/controllers/csrsigning/const.go | 4 ++-- src/k8s/pkg/k8sd/database/util_test.go | 6 +++--- src/k8s/pkg/k8sd/features/cilium/internal.go | 4 ++-- src/k8s/pkg/k8sd/features/cilium/network.go | 2 +- src/k8s/pkg/k8sd/features/contour/gateway.go | 2 +- src/k8s/pkg/k8sd/features/contour/ingress.go | 2 +- src/k8s/pkg/k8sd/types/cluster_config_certificates.go | 2 +- src/k8s/pkg/k8sd/types/cluster_config_datastore.go | 2 +- src/k8s/pkg/utils/certificate.go | 6 +++--- src/k8s/pkg/utils/time.go | 2 +- 20 files changed, 29 insertions(+), 30 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index b12dd5f13..c260a8e92 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -37,11 +37,10 @@ linters: - gochecksumtype # - goconst - TODO(ben): Consider moving consts into separate package - gocritic + - godot # TODO(ben): Enable those linters step by step and fix existing issues. -# - gocyclo -# - godot # - godox # - gofmt # - gofumpt diff --git a/src/k8s/pkg/client/dqlite/util_test.go b/src/k8s/pkg/client/dqlite/util_test.go index b1d8084f1..83cea9d63 100644 --- a/src/k8s/pkg/client/dqlite/util_test.go +++ b/src/k8s/pkg/client/dqlite/util_test.go @@ -26,7 +26,7 @@ var nextDqlitePort = 37312 // }) // } // -// ``` +// ```. func withDqliteCluster(t *testing.T, size int, f func(ctx context.Context, dirs []string)) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() diff --git a/src/k8s/pkg/client/helm/mock/mock.go b/src/k8s/pkg/client/helm/mock/mock.go index 6eea2d797..52a0f2f45 100644 --- a/src/k8s/pkg/client/helm/mock/mock.go +++ b/src/k8s/pkg/client/helm/mock/mock.go @@ -13,14 +13,14 @@ type MockApplyArguments struct { Values map[string]any } -// Mock is a mock implementation of helm.Client +// Mock is a mock implementation of helm.Client. type Mock struct { ApplyCalledWith []MockApplyArguments ApplyChanged bool ApplyErr error } -// Apply implements helm.Client +// Apply implements helm.Client. func (m *Mock) Apply(ctx context.Context, c helm.InstallableChart, desired helm.State, values map[string]any) (bool, error) { m.ApplyCalledWith = append(m.ApplyCalledWith, MockApplyArguments{Context: ctx, Chart: c, State: desired, Values: values}) return m.ApplyChanged, m.ApplyErr diff --git a/src/k8s/pkg/client/kubernetes/server_groups.go b/src/k8s/pkg/client/kubernetes/server_groups.go index cb58b9d0c..a3581d7a8 100644 --- a/src/k8s/pkg/client/kubernetes/server_groups.go +++ b/src/k8s/pkg/client/kubernetes/server_groups.go @@ -6,7 +6,7 @@ import ( v1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -// ListResourcesForGroupVersion lists the resources for a given group version (e.g. "cilium.io/v2alpha1") +// ListResourcesForGroupVersion lists the resources for a given group version (e.g. "cilium.io/v2alpha1"). func (c *Client) ListResourcesForGroupVersion(groupVersion string) (*v1.APIResourceList, error) { resources, err := c.Discovery().ServerResourcesForGroupVersion(groupVersion) if err != nil { diff --git a/src/k8s/pkg/k8sd/api/certificates_refresh.go b/src/k8s/pkg/k8sd/api/certificates_refresh.go index 804c5bf81..540f87a40 100644 --- a/src/k8s/pkg/k8sd/api/certificates_refresh.go +++ b/src/k8s/pkg/k8sd/api/certificates_refresh.go @@ -190,7 +190,7 @@ func refreshCertsRunControlPlane(s state.State, r *http.Request, snap snap.Snap) } -// refreshCertsRunWorker refreshes the certificates for a worker node +// refreshCertsRunWorker refreshes the certificates for a worker node. func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) response.Response { log := log.FromContext(r.Context()) diff --git a/src/k8s/pkg/k8sd/api/response.go b/src/k8s/pkg/k8sd/api/response.go index 626aadfa8..01c94e373 100644 --- a/src/k8s/pkg/k8sd/api/response.go +++ b/src/k8s/pkg/k8sd/api/response.go @@ -5,9 +5,9 @@ import ( ) const ( - // StatusNodeUnavailable is the Http status code that the API returns if the node isn't in the cluster + // StatusNodeUnavailable is the Http status code that the API returns if the node isn't in the cluster. StatusNodeUnavailable = 520 - // StatusNodeInUse is the Http status code that the API returns if the node is already in the cluster + // StatusNodeInUse is the Http status code that the API returns if the node is already in the cluster. StatusNodeInUse = 521 ) diff --git a/src/k8s/pkg/k8sd/app/app.go b/src/k8s/pkg/k8sd/app/app.go index d6172d124..720401e3f 100644 --- a/src/k8s/pkg/k8sd/app/app.go +++ b/src/k8s/pkg/k8sd/app/app.go @@ -236,7 +236,7 @@ func (a *App) Run(ctx context.Context, customHooks *state.Hooks) error { // markNodeReady will decrement the readyWg counter to signal that the node is ready. // The node is ready if: // - the microcluster database is accessible -// - the kubernetes endpoint is reachable +// - the kubernetes endpoint is reachable. func (a *App) markNodeReady(ctx context.Context, s state.State) error { log := log.FromContext(ctx).WithValues("startup", "waitForReady") diff --git a/src/k8s/pkg/k8sd/app/provider.go b/src/k8s/pkg/k8sd/app/provider.go index 0125633aa..5cae366a1 100644 --- a/src/k8s/pkg/k8sd/app/provider.go +++ b/src/k8s/pkg/k8sd/app/provider.go @@ -43,5 +43,5 @@ func (a *App) NotifyFeatureController(network, gateway, ingress, loadBalancer, l } } -// Ensure App implements api.Provider +// Ensure App implements api.Provider. var _ api.Provider = &App{} diff --git a/src/k8s/pkg/k8sd/controllers/control_plane_configuration.go b/src/k8s/pkg/k8sd/controllers/control_plane_configuration.go index c70713060..326267e0d 100644 --- a/src/k8s/pkg/k8sd/controllers/control_plane_configuration.go +++ b/src/k8s/pkg/k8sd/controllers/control_plane_configuration.go @@ -23,7 +23,7 @@ type ControlPlaneConfigurationController struct { } // NewControlPlaneConfigurationController creates a new controller. -// triggerCh is typically a `time.NewTicker().C` +// triggerCh is typically a `time.NewTicker().C`. func NewControlPlaneConfigurationController(snap snap.Snap, waitReady func(), triggerCh <-chan time.Time) *ControlPlaneConfigurationController { return &ControlPlaneConfigurationController{ snap: snap, @@ -35,7 +35,7 @@ func NewControlPlaneConfigurationController(snap snap.Snap, waitReady func(), tr // Run starts the controller. // Run accepts a context to manage the lifecycle of the controller. // Run accepts a function that retrieves the current cluster configuration. -// Run will loop every time the trigger channel is +// Run will loop every time the trigger channel is. func (c *ControlPlaneConfigurationController) Run(ctx context.Context, getClusterConfig func(context.Context) (types.ClusterConfig, error)) { c.waitReady() diff --git a/src/k8s/pkg/k8sd/controllers/control_plane_configuration_test.go b/src/k8s/pkg/k8sd/controllers/control_plane_configuration_test.go index 88035dbb9..89bda62a8 100644 --- a/src/k8s/pkg/k8sd/controllers/control_plane_configuration_test.go +++ b/src/k8s/pkg/k8sd/controllers/control_plane_configuration_test.go @@ -16,7 +16,7 @@ import ( . "github.com/onsi/gomega" ) -// channelSendTimeout is the timeout for pushing to channels for TestControlPlaneConfigController +// channelSendTimeout is the timeout for pushing to channels for TestControlPlaneConfigController. const channelSendTimeout = 100 * time.Millisecond type configProvider struct { diff --git a/src/k8s/pkg/k8sd/controllers/csrsigning/const.go b/src/k8s/pkg/k8sd/controllers/csrsigning/const.go index 074066396..a6729df73 100644 --- a/src/k8s/pkg/k8sd/controllers/csrsigning/const.go +++ b/src/k8s/pkg/k8sd/controllers/csrsigning/const.go @@ -3,9 +3,9 @@ package csrsigning import "time" const ( - // requeueAfterSigningFailure is the time to requeue requests when any step of the signing process failed + // requeueAfterSigningFailure is the time to requeue requests when any step of the signing process failed. requeueAfterSigningFailure = 3 * time.Second - // requeueAfterWaitingForApproved is the amount of time to requeue requests if waiting for CSR to be approved + // requeueAfterWaitingForApproved is the amount of time to requeue requests if waiting for CSR to be approved. requeueAfterWaitingForApproved = 10 * time.Second ) diff --git a/src/k8s/pkg/k8sd/database/util_test.go b/src/k8s/pkg/k8sd/database/util_test.go index d1cf02d63..e9c9b7da2 100644 --- a/src/k8s/pkg/k8sd/database/util_test.go +++ b/src/k8s/pkg/k8sd/database/util_test.go @@ -12,14 +12,14 @@ import ( ) const ( - // microclusterDatabaseInitTimeout is the timeout for microcluster database initialization operations + // microclusterDatabaseInitTimeout is the timeout for microcluster database initialization operations. microclusterDatabaseInitTimeout = 3 * time.Second - // microclusterDatabaseShutdownTimeout is the timeout for microcluster database shutdown operations + // microclusterDatabaseShutdownTimeout is the timeout for microcluster database shutdown operations. microclusterDatabaseShutdownTimeout = 3 * time.Second ) var ( - // nextIdx is used to pick different listen ports for each microcluster instance + // nextIdx is used to pick different listen ports for each microcluster instance. nextIdx int ) diff --git a/src/k8s/pkg/k8sd/features/cilium/internal.go b/src/k8s/pkg/k8sd/features/cilium/internal.go index 88849ade7..72758019b 100644 --- a/src/k8s/pkg/k8sd/features/cilium/internal.go +++ b/src/k8s/pkg/k8sd/features/cilium/internal.go @@ -11,9 +11,9 @@ import ( ) const ( - // minVLANIDValue is the minimum valid 802.1Q VLAN ID value + // minVLANIDValue is the minimum valid 802.1Q VLAN ID value. minVLANIDValue = 0 - // maxVLANIDValue is the maximum valid 802.1Q VLAN ID value + // maxVLANIDValue is the maximum valid 802.1Q VLAN ID value. maxVLANIDValue = 4094 ) diff --git a/src/k8s/pkg/k8sd/features/cilium/network.go b/src/k8s/pkg/k8sd/features/cilium/network.go index e9a8085bb..e9eb72011 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network.go +++ b/src/k8s/pkg/k8sd/features/cilium/network.go @@ -17,7 +17,7 @@ const ( networkDeployFailedMsgTmpl = "Failed to deploy Cilium Network, the error was: %v" ) -// required for unittests +// required for unittests. var ( getMountPath = utils.GetMountPath getMountPropagationType = utils.GetMountPropagationType diff --git a/src/k8s/pkg/k8sd/features/contour/gateway.go b/src/k8s/pkg/k8sd/features/contour/gateway.go index 320140d3b..dd52e9bff 100644 --- a/src/k8s/pkg/k8sd/features/contour/gateway.go +++ b/src/k8s/pkg/k8sd/features/contour/gateway.go @@ -94,7 +94,7 @@ func ApplyGateway(ctx context.Context, snap snap.Snap, gateway types.Gateway, ne } // waitForRequiredContourCommonCRDs waits for the required contour CRDs to be available -// by checking the API resources by group version +// by checking the API resources by group version. func waitForRequiredContourCommonCRDs(ctx context.Context, snap snap.Snap) error { client, err := snap.KubernetesClient("") if err != nil { diff --git a/src/k8s/pkg/k8sd/features/contour/ingress.go b/src/k8s/pkg/k8sd/features/contour/ingress.go index 062016a0e..ea5a6e030 100644 --- a/src/k8s/pkg/k8sd/features/contour/ingress.go +++ b/src/k8s/pkg/k8sd/features/contour/ingress.go @@ -24,7 +24,7 @@ const ( // deployment. // ApplyIngress returns an error if anything fails. The error is also wrapped in the .Message field of the // returned FeatureStatus. -// Contour CRDS are applied through a ck-contour common chart (Overlap with gateway) +// Contour CRDS are applied through a ck-contour common chart (Overlap with gateway). func ApplyIngress(ctx context.Context, snap snap.Snap, ingress types.Ingress, _ types.Network, _ types.Annotations) (types.FeatureStatus, error) { m := snap.HelmClient() diff --git a/src/k8s/pkg/k8sd/types/cluster_config_certificates.go b/src/k8s/pkg/k8sd/types/cluster_config_certificates.go index 9d2b7d066..ce61a612a 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_certificates.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_certificates.go @@ -46,5 +46,5 @@ func (c Certificates) GetAdminClientKey() string { return getField(c.AdminClien func (c Certificates) GetK8sdPublicKey() string { return getField(c.K8sdPublicKey) } func (c Certificates) GetK8sdPrivateKey() string { return getField(c.K8sdPrivateKey) } -// Empty returns true if all Certificates fields are unset +// Empty returns true if all Certificates fields are unset. func (c Certificates) Empty() bool { return c == Certificates{} } diff --git a/src/k8s/pkg/k8sd/types/cluster_config_datastore.go b/src/k8s/pkg/k8sd/types/cluster_config_datastore.go index 6f0d4dbd0..1f354904b 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_datastore.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_datastore.go @@ -29,7 +29,7 @@ func (c Datastore) GetExternalClientCert() string { return getField(c.ExternalCl func (c Datastore) GetExternalClientKey() string { return getField(c.ExternalClientKey) } func (c Datastore) Empty() bool { return c == Datastore{} } -// DatastorePathsProvider is to avoid circular dependency for snap.Snap in Datastore.ToKubeAPIServerArguments() +// DatastorePathsProvider is to avoid circular dependency for snap.Snap in Datastore.ToKubeAPIServerArguments(). type DatastorePathsProvider interface { K8sDqliteStateDir() string EtcdPKIDir() string diff --git a/src/k8s/pkg/utils/certificate.go b/src/k8s/pkg/utils/certificate.go index 2cf5fd93a..b817083d8 100644 --- a/src/k8s/pkg/utils/certificate.go +++ b/src/k8s/pkg/utils/certificate.go @@ -10,7 +10,7 @@ import ( ) // SplitIPAndDNSSANs splits a list of SANs into IP and DNS SANs -// Returns a list of IP addresses and a list of DNS names +// Returns a list of IP addresses and a list of DNS names. func SplitIPAndDNSSANs(extraSANs []string) ([]net.IP, []string) { var ipSANs []net.IP var dnsSANs []string @@ -57,7 +57,7 @@ func TLSClientConfigWithTrustedCertificate(remoteCert *x509.Certificate, rootCAs // GetRemoteCertificate retrieves the remote certificate from a given address // The address should be in the format of "hostname:port" -// Returns the remote certificate or an error +// Returns the remote certificate or an error. func GetRemoteCertificate(address string) (*x509.Certificate, error) { // validate address _, _, err := net.SplitHostPort(address) @@ -95,7 +95,7 @@ func GetRemoteCertificate(address string) (*x509.Certificate, error) { return resp.TLS.PeerCertificates[0], nil } -// CertFingerprint returns the SHA256 fingerprint of a certificate +// CertFingerprint returns the SHA256 fingerprint of a certificate. func CertFingerprint(cert *x509.Certificate) string { return fmt.Sprintf("%x", sha256.Sum256(cert.Raw)) } diff --git a/src/k8s/pkg/utils/time.go b/src/k8s/pkg/utils/time.go index 19102c1c5..d414e7232 100644 --- a/src/k8s/pkg/utils/time.go +++ b/src/k8s/pkg/utils/time.go @@ -39,7 +39,7 @@ func SecondsToExpirationDate(now time.Time, seconds int) time.Time { // - y: years // - mo: months // - d: days -// - any other unit supported by time.ParseDuration +// - any other unit supported by time.ParseDuration. func TTLToSeconds(ttl string) (int, error) { if len(ttl) < 2 { return 0, fmt.Errorf("invalid TTL length: %s", ttl) From 6e343fc563e07fee475acf12a32d85fba981278f Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Tue, 22 Oct 2024 12:08:25 +0200 Subject: [PATCH 069/122] Enable gofmt and gofumpt linter (#740) --- .golangci.yml | 5 +-- src/k8s/cmd/k8s/hooks.go | 2 +- src/k8s/cmd/k8s/k8s.go | 12 +++--- src/k8s/cmd/k8s/k8s_bootstrap_test.go | 2 +- src/k8s/cmd/k8s/k8s_x_capi.go | 2 +- src/k8s/cmd/k8sd/k8sd_cluster_recover.go | 3 +- src/k8s/pkg/client/k8sd/mock/mock.go | 5 +++ .../pkg/client/kubernetes/configmap_test.go | 1 - src/k8s/pkg/client/kubernetes/status.go | 1 - src/k8s/pkg/docgen/json_struct.go | 2 +- src/k8s/pkg/k8sd/api/certificates_refresh.go | 6 --- src/k8s/pkg/k8sd/api/impl/k8sd.go | 1 - .../csrsigning/reconcile_approve.go | 3 +- src/k8s/pkg/k8sd/database/capi_auth.go | 10 ++--- src/k8s/pkg/k8sd/database/cluster_config.go | 10 ++--- .../pkg/k8sd/database/feature_status_test.go | 2 - .../k8sd/database/kubernetes_auth_tokens.go | 16 ++++---- src/k8s/pkg/k8sd/database/util_test.go | 6 +-- src/k8s/pkg/k8sd/database/worker.go | 12 +++--- .../pkg/k8sd/features/cilium/gateway_test.go | 2 - .../pkg/k8sd/features/cilium/network_test.go | 3 -- .../pkg/k8sd/features/cilium/status_test.go | 1 - .../pkg/k8sd/features/contour/gateway_test.go | 8 ++-- .../pkg/k8sd/features/contour/ingress_test.go | 16 +++++--- .../pkg/k8sd/features/coredns/coredns_test.go | 1 - .../metrics-server/metrics_server_test.go | 1 - src/k8s/pkg/k8sd/pki/worker_test.go | 1 - src/k8s/pkg/k8sd/setup/certificates.go | 8 ++-- .../k8sd/setup/certificates_internal_test.go | 16 ++++---- src/k8s/pkg/k8sd/setup/containerd.go | 4 +- src/k8s/pkg/k8sd/setup/containerd_test.go | 6 +-- src/k8s/pkg/k8sd/setup/directories.go | 2 +- src/k8s/pkg/k8sd/setup/k8s_dqlite.go | 4 +- src/k8s/pkg/k8sd/setup/kube_apiserver.go | 2 +- src/k8s/pkg/k8sd/setup/kube_scheduler_test.go | 2 - src/k8s/pkg/k8sd/setup/kubelet_test.go | 6 ++- src/k8s/pkg/k8sd/setup/templates.go | 6 +-- src/k8s/pkg/k8sd/setup/util_extra_files.go | 2 +- .../pkg/k8sd/setup/util_extra_files_test.go | 2 +- src/k8s/pkg/k8sd/setup/util_kubeconfig.go | 1 - .../k8sd/types/cluster_config_certificates.go | 2 + .../k8sd/types/cluster_config_convert_test.go | 1 - src/k8s/pkg/k8sd/types/refresh.go | 2 +- src/k8s/pkg/proxy/config.go | 2 +- src/k8s/pkg/snap/mock/mock.go | 37 +++++++++++++++++++ src/k8s/pkg/snap/util/arguments.go | 2 +- src/k8s/pkg/snap/util/arguments_test.go | 2 +- src/k8s/pkg/snap/util/node.go | 2 +- src/k8s/pkg/utils/control/retry_test.go | 1 - src/k8s/pkg/utils/file.go | 1 + src/k8s/pkg/utils/file_test.go | 2 +- src/k8s/pkg/utils/time_test.go | 2 - 52 files changed, 130 insertions(+), 121 deletions(-) mode change 100755 => 100644 src/k8s/pkg/docgen/json_struct.go diff --git a/.golangci.yml b/.golangci.yml index c260a8e92..ece0c60a6 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -38,12 +38,11 @@ linters: # - goconst - TODO(ben): Consider moving consts into separate package - gocritic - godot + - gofmt + - gofumpt # TODO(ben): Enable those linters step by step and fix existing issues. -# - godox -# - gofmt -# - gofumpt # - goheader # - goimports # - gomoddirectives diff --git a/src/k8s/cmd/k8s/hooks.go b/src/k8s/cmd/k8s/hooks.go index c7dc87272..77a945580 100644 --- a/src/k8s/cmd/k8s/hooks.go +++ b/src/k8s/cmd/k8s/hooks.go @@ -40,7 +40,7 @@ func hookInitializeFormatter(env cmdutil.ExecutionEnvironment, format *string) f func hookCheckLXD() func(*cobra.Command, []string) { return func(cmd *cobra.Command, args []string) { // pathsOwnershipCheck paths to validate root is the owner - var pathsOwnershipCheck = []string{"/sys", "/proc", "/dev/kmsg"} + pathsOwnershipCheck := []string{"/sys", "/proc", "/dev/kmsg"} inLXD, err := cmdutil.InLXDContainer() if err != nil { cmd.PrintErrf("Failed to check if running inside LXD container: %s", err.Error()) diff --git a/src/k8s/cmd/k8s/k8s.go b/src/k8s/cmd/k8s/k8s.go index 45e26d0c8..815faff7e 100644 --- a/src/k8s/cmd/k8s/k8s.go +++ b/src/k8s/cmd/k8s/k8s.go @@ -35,13 +35,11 @@ func addCommands(root *cobra.Command, group *cobra.Group, commands ...*cobra.Com } func NewRootCmd(env cmdutil.ExecutionEnvironment) *cobra.Command { - var ( - opts struct { - logDebug bool - logVerbose bool - stateDir string - } - ) + var opts struct { + logDebug bool + logVerbose bool + stateDir string + } cmd := &cobra.Command{ Use: "k8s", Short: "Canonical Kubernetes CLI", diff --git a/src/k8s/cmd/k8s/k8s_bootstrap_test.go b/src/k8s/cmd/k8s/k8s_bootstrap_test.go index c4b852f7d..1ab92aa34 100644 --- a/src/k8s/cmd/k8s/k8s_bootstrap_test.go +++ b/src/k8s/cmd/k8s/k8s_bootstrap_test.go @@ -109,7 +109,7 @@ var testCases = []testCase{ func mustAddConfigToTestDir(t *testing.T, configPath string, data string) { t.Helper() // Create the cluster bootstrap config file - err := os.WriteFile(configPath, []byte(data), 0644) + err := os.WriteFile(configPath, []byte(data), 0o644) if err != nil { t.Fatal(err) } diff --git a/src/k8s/cmd/k8s/k8s_x_capi.go b/src/k8s/cmd/k8s/k8s_x_capi.go index 2da816bcb..232132dd9 100644 --- a/src/k8s/cmd/k8s/k8s_x_capi.go +++ b/src/k8s/cmd/k8s/k8s_x_capi.go @@ -48,7 +48,7 @@ func newXCAPICmd(env cmdutil.ExecutionEnvironment) *cobra.Command { return } - if err := os.WriteFile(env.Snap.NodeTokenFile(), []byte(token), 0600); err != nil { + if err := os.WriteFile(env.Snap.NodeTokenFile(), []byte(token), 0o600); err != nil { cmd.PrintErrf("Error: Failed to write the node token to file.\n\nThe error was: %v\n", err) env.Exit(1) return diff --git a/src/k8s/cmd/k8sd/k8sd_cluster_recover.go b/src/k8s/cmd/k8sd/k8sd_cluster_recover.go index ad8437ca9..7c1f74838 100644 --- a/src/k8s/cmd/k8sd/k8sd_cluster_recover.go +++ b/src/k8s/cmd/k8sd/k8sd_cluster_recover.go @@ -97,7 +97,6 @@ func logDebugf(format string, args ...interface{}) { msg := fmt.Sprintf(format, args...) log.L().Info(msg) } - } func newClusterRecoverCmd(env cmdutil.ExecutionEnvironment) *cobra.Command { @@ -294,7 +293,7 @@ func ensureK8sDqliteMembersStopped(ctx context.Context) error { }(ctx, dial, member.Address) } - for _, _ = range members { + for range members { addr, ok := <-c if !ok { return fmt.Errorf("channel closed unexpectedly") diff --git a/src/k8s/pkg/client/k8sd/mock/mock.go b/src/k8s/pkg/client/k8sd/mock/mock.go index d306e1a95..62915eb5b 100644 --- a/src/k8s/pkg/client/k8sd/mock/mock.go +++ b/src/k8s/pkg/client/k8sd/mock/mock.go @@ -56,14 +56,17 @@ func (m *Mock) BootstrapCluster(_ context.Context, request apiv1.BootstrapCluste m.BootstrapClusterCalledWith = request return m.BootstrapClusterResponse, m.BootstrapClusterErr } + func (m *Mock) GetJoinToken(_ context.Context, request apiv1.GetJoinTokenRequest) (apiv1.GetJoinTokenResponse, error) { m.GetJoinTokenCalledWith = request return m.GetJoinTokenResponse, m.GetJoinTokenErr } + func (m *Mock) JoinCluster(_ context.Context, request apiv1.JoinClusterRequest) error { m.JoinClusterCalledWith = request return m.JoinClusterErr } + func (m *Mock) RemoveNode(_ context.Context, request apiv1.RemoveNodeRequest) error { m.RemoveNodeCalledWith = request return m.RemoveNodeErr @@ -72,6 +75,7 @@ func (m *Mock) RemoveNode(_ context.Context, request apiv1.RemoveNodeRequest) er func (m *Mock) NodeStatus(_ context.Context) (apiv1.NodeStatusResponse, bool, error) { return m.NodeStatusResponse, m.NodeStatusInitialized, m.NodeStatusErr } + func (m *Mock) ClusterStatus(_ context.Context, waitReady bool) (apiv1.ClusterStatusResponse, error) { return m.ClusterStatusResponse, m.ClusterStatusErr } @@ -87,6 +91,7 @@ func (m *Mock) RefreshCertificatesRun(_ context.Context, request apiv1.RefreshCe func (m *Mock) GetClusterConfig(_ context.Context) (apiv1.GetClusterConfigResponse, error) { return m.GetClusterConfigResponse, m.GetClusterConfigErr } + func (m *Mock) SetClusterConfig(_ context.Context, request apiv1.SetClusterConfigRequest) error { m.SetClusterConfigCalledWith = request return m.SetClusterConfigErr diff --git a/src/k8s/pkg/client/kubernetes/configmap_test.go b/src/k8s/pkg/client/kubernetes/configmap_test.go index ea11d6aba..55b8ce713 100644 --- a/src/k8s/pkg/client/kubernetes/configmap_test.go +++ b/src/k8s/pkg/client/kubernetes/configmap_test.go @@ -79,7 +79,6 @@ func TestWatchConfigMap(t *testing.T) { case <-time.After(time.Second): t.Fatal("Timed out waiting for watch to complete") } - }) } } diff --git a/src/k8s/pkg/client/kubernetes/status.go b/src/k8s/pkg/client/kubernetes/status.go index 9046c4ca3..c89646c43 100644 --- a/src/k8s/pkg/client/kubernetes/status.go +++ b/src/k8s/pkg/client/kubernetes/status.go @@ -34,7 +34,6 @@ func (c *Client) CheckKubernetesEndpoint(ctx context.Context) error { // HasReadyNodes returns true if there is at least one Ready node in the cluster, false otherwise. func (c *Client) HasReadyNodes(ctx context.Context) (bool, error) { nodes, err := c.CoreV1().Nodes().List(ctx, metav1.ListOptions{}) - if err != nil { return false, fmt.Errorf("failed to list nodes: %w", err) } diff --git a/src/k8s/pkg/docgen/json_struct.go b/src/k8s/pkg/docgen/json_struct.go old mode 100755 new mode 100644 index d102fbced..7a65365fe --- a/src/k8s/pkg/docgen/json_struct.go +++ b/src/k8s/pkg/docgen/json_struct.go @@ -55,7 +55,7 @@ func MarkdownFromJsonStructToFile(i any, outFilePath string, projectDir string) return err } - err = os.WriteFile(outFilePath, []byte(content), 0644) + err = os.WriteFile(outFilePath, []byte(content), 0o644) if err != nil { return fmt.Errorf("failed to write markdown documentation to %s: %w", outFilePath, err) } diff --git a/src/k8s/pkg/k8sd/api/certificates_refresh.go b/src/k8s/pkg/k8sd/api/certificates_refresh.go index 540f87a40..beb519752 100644 --- a/src/k8s/pkg/k8sd/api/certificates_refresh.go +++ b/src/k8s/pkg/k8sd/api/certificates_refresh.go @@ -50,7 +50,6 @@ func (e *Endpoints) postRefreshCertsPlan(s state.State, r *http.Request) respons return response.SyncResponse(true, apiv1.RefreshCertificatesPlanResponse{ Seed: seed, }) - } func (e *Endpoints) postRefreshCertsRun(s state.State, r *http.Request) response.Response { @@ -187,7 +186,6 @@ func refreshCertsRunControlPlane(s state.State, r *http.Request, snap snap.Snap) f.Flush() return nil }) - } // refreshCertsRunWorker refreshes the certificates for a worker node. @@ -299,9 +297,7 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo } return nil - }) - } if err := g.Wait(); err != nil { @@ -388,7 +384,6 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo f.Flush() return nil }) - } // isCertificateSigningRequestApprovedAndIssued checks if the certificate @@ -399,7 +394,6 @@ func isCertificateSigningRequestApprovedAndIssued(csr *certv1.CertificateSigning for _, condition := range csr.Status.Conditions { if condition.Type == certv1.CertificateApproved && condition.Status == corev1.ConditionTrue { return len(csr.Status.Certificate) > 0, nil - } if condition.Type == certv1.CertificateDenied && condition.Status == corev1.ConditionTrue { return false, fmt.Errorf("CSR %s was denied: %s", csr.Name, condition.Reason) diff --git a/src/k8s/pkg/k8sd/api/impl/k8sd.go b/src/k8s/pkg/k8sd/api/impl/k8sd.go index bc8eabdb5..e062a12f5 100644 --- a/src/k8s/pkg/k8sd/api/impl/k8sd.go +++ b/src/k8s/pkg/k8sd/api/impl/k8sd.go @@ -59,5 +59,4 @@ func GetLocalNodeStatus(ctx context.Context, s state.State, snap snap.Snap) (api Address: s.Address().Hostname(), ClusterRole: clusterRole, }, nil - } diff --git a/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_approve.go b/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_approve.go index c767ce9ed..3c1bcc6a4 100644 --- a/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_approve.go +++ b/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_approve.go @@ -13,7 +13,8 @@ import ( ) func reconcileAutoApprove(ctx context.Context, log log.Logger, csr *certv1.CertificateSigningRequest, - priv *rsa.PrivateKey, client client.Client) (ctrl.Result, error) { + priv *rsa.PrivateKey, client client.Client, +) (ctrl.Result, error) { var result certv1.RequestConditionType if err := validateCSR(csr, priv); err != nil { diff --git a/src/k8s/pkg/k8sd/database/capi_auth.go b/src/k8s/pkg/k8sd/database/capi_auth.go index f8a4f54fc..498c2eaa7 100644 --- a/src/k8s/pkg/k8sd/database/capi_auth.go +++ b/src/k8s/pkg/k8sd/database/capi_auth.go @@ -8,12 +8,10 @@ import ( "github.com/canonical/microcluster/v3/cluster" ) -var ( - clusterAPIConfigsStmts = map[string]int{ - "insert-capi-token": MustPrepareStatement("cluster-configs", "insert-capi-token.sql"), - "select-capi-token": MustPrepareStatement("cluster-configs", "select-capi-token.sql"), - } -) +var clusterAPIConfigsStmts = map[string]int{ + "insert-capi-token": MustPrepareStatement("cluster-configs", "insert-capi-token.sql"), + "select-capi-token": MustPrepareStatement("cluster-configs", "select-capi-token.sql"), +} // SetClusterAPIToken stores the ClusterAPI token in the cluster config. func SetClusterAPIToken(ctx context.Context, tx *sql.Tx, token string) error { diff --git a/src/k8s/pkg/k8sd/database/cluster_config.go b/src/k8s/pkg/k8sd/database/cluster_config.go index 23e945a48..aab8f5c4b 100644 --- a/src/k8s/pkg/k8sd/database/cluster_config.go +++ b/src/k8s/pkg/k8sd/database/cluster_config.go @@ -10,12 +10,10 @@ import ( "github.com/canonical/microcluster/v3/cluster" ) -var ( - clusterConfigsStmts = map[string]int{ - "insert-v1alpha2": MustPrepareStatement("cluster-configs", "insert-v1alpha2.sql"), - "select-v1alpha2": MustPrepareStatement("cluster-configs", "select-v1alpha2.sql"), - } -) +var clusterConfigsStmts = map[string]int{ + "insert-v1alpha2": MustPrepareStatement("cluster-configs", "insert-v1alpha2.sql"), + "select-v1alpha2": MustPrepareStatement("cluster-configs", "select-v1alpha2.sql"), +} // SetClusterConfig updates the cluster configuration with any non-empty values that are set. // SetClusterConfig will attempt to merge the existing and new configs, and return an error if any protected fields have changed. diff --git a/src/k8s/pkg/k8sd/database/feature_status_test.go b/src/k8s/pkg/k8sd/database/feature_status_test.go index 7de15a07d..200e57f3b 100644 --- a/src/k8s/pkg/k8sd/database/feature_status_test.go +++ b/src/k8s/pkg/k8sd/database/feature_status_test.go @@ -46,7 +46,6 @@ func TestFeatureStatus(t *testing.T) { ss, err := database.GetFeatureStatuses(ctx, tx) g.Expect(err).To(Not(HaveOccurred())) g.Expect(ss).To(BeEmpty()) - }) t.Run("SettingNewStatus", func(t *testing.T) { @@ -70,7 +69,6 @@ func TestFeatureStatus(t *testing.T) { g.Expect(ss[features.DNS].Message).To(Equal(dnsStatus.Message)) g.Expect(ss[features.DNS].Version).To(Equal(dnsStatus.Version)) g.Expect(ss[features.DNS].UpdatedAt).To(Equal(dnsStatus.UpdatedAt)) - }) t.Run("UpdatingStatus", func(t *testing.T) { g := NewWithT(t) diff --git a/src/k8s/pkg/k8sd/database/kubernetes_auth_tokens.go b/src/k8s/pkg/k8sd/database/kubernetes_auth_tokens.go index 22c7b7a2b..73e708ef7 100644 --- a/src/k8s/pkg/k8sd/database/kubernetes_auth_tokens.go +++ b/src/k8s/pkg/k8sd/database/kubernetes_auth_tokens.go @@ -13,15 +13,13 @@ import ( "github.com/canonical/microcluster/v3/cluster" ) -var ( - k8sdTokensStmts = map[string]int{ - "insert-token": MustPrepareStatement("kubernetes-auth-tokens", "insert-token.sql"), - "select-by-token": MustPrepareStatement("kubernetes-auth-tokens", "select-by-token.sql"), - "select-by-username": MustPrepareStatement("kubernetes-auth-tokens", "select-by-username.sql"), - "delete-by-token": MustPrepareStatement("kubernetes-auth-tokens", "delete-by-token.sql"), - "delete-by-username": MustPrepareStatement("kubernetes-auth-tokens", "delete-by-username.sql"), - } -) +var k8sdTokensStmts = map[string]int{ + "insert-token": MustPrepareStatement("kubernetes-auth-tokens", "insert-token.sql"), + "select-by-token": MustPrepareStatement("kubernetes-auth-tokens", "select-by-token.sql"), + "select-by-username": MustPrepareStatement("kubernetes-auth-tokens", "select-by-username.sql"), + "delete-by-token": MustPrepareStatement("kubernetes-auth-tokens", "delete-by-token.sql"), + "delete-by-username": MustPrepareStatement("kubernetes-auth-tokens", "delete-by-username.sql"), +} func groupsToString(inGroups []string) (string, error) { groupMap := make(map[string]struct{}, len(inGroups)) diff --git a/src/k8s/pkg/k8sd/database/util_test.go b/src/k8s/pkg/k8sd/database/util_test.go index e9c9b7da2..e39712b59 100644 --- a/src/k8s/pkg/k8sd/database/util_test.go +++ b/src/k8s/pkg/k8sd/database/util_test.go @@ -18,10 +18,8 @@ const ( microclusterDatabaseShutdownTimeout = 3 * time.Second ) -var ( - // nextIdx is used to pick different listen ports for each microcluster instance. - nextIdx int -) +// nextIdx is used to pick different listen ports for each microcluster instance. +var nextIdx int // DB is an interface for the internal microcluster DB type. type DB interface { diff --git a/src/k8s/pkg/k8sd/database/worker.go b/src/k8s/pkg/k8sd/database/worker.go index c97da8267..043231a1a 100644 --- a/src/k8s/pkg/k8sd/database/worker.go +++ b/src/k8s/pkg/k8sd/database/worker.go @@ -12,13 +12,11 @@ import ( "github.com/canonical/microcluster/v3/cluster" ) -var ( - workerStmts = map[string]int{ - "insert-token": MustPrepareStatement("worker-tokens", "insert.sql"), - "select-token": MustPrepareStatement("worker-tokens", "select.sql"), - "delete-token": MustPrepareStatement("worker-tokens", "delete-by-token.sql"), - } -) +var workerStmts = map[string]int{ + "insert-token": MustPrepareStatement("worker-tokens", "insert.sql"), + "select-token": MustPrepareStatement("worker-tokens", "select.sql"), + "delete-token": MustPrepareStatement("worker-tokens", "delete-by-token.sql"), +} // CheckWorkerNodeToken returns true if the specified token can be used to join the specified node on the cluster. // CheckWorkerNodeToken will return true if the token is empty or if the token is associated with the specified node diff --git a/src/k8s/pkg/k8sd/features/cilium/gateway_test.go b/src/k8s/pkg/k8sd/features/cilium/gateway_test.go index d7037b947..2bcab0b11 100644 --- a/src/k8s/pkg/k8sd/features/cilium/gateway_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/gateway_test.go @@ -144,7 +144,6 @@ func TestGatewayEnabled(t *testing.T) { g.Expect(status.Version).To(Equal(cilium.CiliumAgentImageTag)) g.Expect(status.Message).To(Equal(cilium.EnabledMsg)) }) - } func TestGatewayDisabled(t *testing.T) { @@ -200,7 +199,6 @@ func TestGatewayDisabled(t *testing.T) { g.Expect(helmCiliumArgs.Chart).To(Equal(cilium.ChartCilium)) g.Expect(helmCiliumArgs.State).To(Equal(helm.StateDeleted)) g.Expect(helmCiliumArgs.Values["gatewayAPI"].(map[string]any)["enabled"]).To(BeFalse()) - }) t.Run("RolloutFail", func(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/features/cilium/network_test.go b/src/k8s/pkg/k8sd/features/cilium/network_test.go index 3462e5f1e..72551caa0 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/network_test.go @@ -227,7 +227,6 @@ func TestNetworkMountPath(t *testing.T) { g.Expect(status.Message).To(Equal(fmt.Sprintf(networkDeployFailedMsgTmpl, err))) g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) g.Expect(helmM.ApplyCalledWith).To(BeEmpty()) - }) } } @@ -265,7 +264,6 @@ func TestNetworkMountPropagationType(t *testing.T) { g.Expect(status.Version).To(Equal(CiliumAgentImageTag)) g.Expect(helmM.ApplyCalledWith).To(BeEmpty()) - }) t.Run("MountPropagationPrivateOnLXDError", func(t *testing.T) { @@ -375,7 +373,6 @@ func TestNetworkMountPropagationType(t *testing.T) { } func validateNetworkValues(g Gomega, values map[string]any, network types.Network, snap snap.Snap) { - ipv4CIDR, ipv6CIDR, err := utils.SplitCIDRStrings(network.GetPodCIDR()) g.Expect(err).ToNot(HaveOccurred()) diff --git a/src/k8s/pkg/k8sd/features/cilium/status_test.go b/src/k8s/pkg/k8sd/features/cilium/status_test.go index d591441b8..083844e5d 100644 --- a/src/k8s/pkg/k8sd/features/cilium/status_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/status_test.go @@ -71,7 +71,6 @@ func TestCheckNetwork(t *testing.T) { err := cilium.CheckNetwork(context.Background(), snapM) g.Expect(err).To(HaveOccurred()) - }) t.Run("allPodsPresent", func(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/features/contour/gateway_test.go b/src/k8s/pkg/k8sd/features/contour/gateway_test.go index 67ba82c9b..b4ac8e0b4 100644 --- a/src/k8s/pkg/k8sd/features/contour/gateway_test.go +++ b/src/k8s/pkg/k8sd/features/contour/gateway_test.go @@ -44,7 +44,6 @@ func TestGatewayDisabled(t *testing.T) { g.Expect(status.Enabled).To(BeFalse()) g.Expect(status.Version).To(Equal(contour.ContourGatewayProvisionerContourImageTag)) g.Expect(status.Message).To(Equal(fmt.Sprintf(contour.GatewayDeleteFailedMsgTmpl, err))) - }) t.Run("Success", func(t *testing.T) { @@ -68,7 +67,6 @@ func TestGatewayDisabled(t *testing.T) { g.Expect(status.Version).To(Equal(contour.ContourGatewayProvisionerContourImageTag)) g.Expect(status.Message).To(Equal(contour.DisabledMsg)) g.Expect(helmM.ApplyCalledWith).To(HaveLen(1)) - }) } @@ -124,7 +122,8 @@ func TestGatewayEnabled(t *testing.T) { {Name: "tlscertificatedelegations"}, {Name: "httpproxies"}, }, - }} + }, + } snapM := &snapmock.Snap{ Mock: snapmock.Mock{ HelmClient: helmM, @@ -182,7 +181,8 @@ func TestGatewayEnabled(t *testing.T) { { GroupVersion: "projectcontour.io/v1", APIResources: []v1.APIResource{}, - }} + }, + } snapM := &snapmock.Snap{ Mock: snapmock.Mock{ HelmClient: helmM, diff --git a/src/k8s/pkg/k8sd/features/contour/ingress_test.go b/src/k8s/pkg/k8sd/features/contour/ingress_test.go index 1dbbd9b9a..9547d2032 100644 --- a/src/k8s/pkg/k8sd/features/contour/ingress_test.go +++ b/src/k8s/pkg/k8sd/features/contour/ingress_test.go @@ -130,7 +130,8 @@ func TestIngressEnabled(t *testing.T) { {Name: "tlscertificatedelegations"}, {Name: "httpproxies"}, }, - }} + }, + } snapM := &snapmock.Snap{ Mock: snapmock.Mock{ HelmClient: helmM, @@ -186,7 +187,8 @@ func TestIngressEnabled(t *testing.T) { {Name: "tlscertificatedelegations"}, {Name: "httpproxies"}, }, - }} + }, + } snapM := &snapmock.Snap{ Mock: snapmock.Mock{ HelmClient: helmM, @@ -230,7 +232,6 @@ func TestIngressEnabled(t *testing.T) { fakeDiscovery, ok := clientset.Discovery().(*fakediscovery.FakeDiscovery) g.Expect(ok).To(BeTrue()) fakeDiscovery.Resources = []*metav1.APIResourceList{ - { GroupVersion: "projectcontour.io/v1alpha1", APIResources: []metav1.APIResource{ @@ -245,7 +246,8 @@ func TestIngressEnabled(t *testing.T) { {Name: "tlscertificatedelegations"}, {Name: "httpproxies"}, }, - }} + }, + } snapM := &snapmock.Snap{ Mock: snapmock.Mock{ HelmClient: helmM, @@ -294,7 +296,8 @@ func TestIngressEnabled(t *testing.T) { { GroupVersion: "projectcontour.io/metav1", APIResources: []metav1.APIResource{}, - }} + }, + } snapM := &snapmock.Snap{ Mock: snapmock.Mock{ HelmClient: helmM, @@ -349,7 +352,8 @@ func TestIngressEnabled(t *testing.T) { {Name: "tlscertificatedelegations"}, {Name: "httpproxies"}, }, - }} + }, + } snapM := &snapmock.Snap{ Mock: snapmock.Mock{ HelmClient: helmM, diff --git a/src/k8s/pkg/k8sd/features/coredns/coredns_test.go b/src/k8s/pkg/k8sd/features/coredns/coredns_test.go index b80328c14..0d10e2bd3 100644 --- a/src/k8s/pkg/k8sd/features/coredns/coredns_test.go +++ b/src/k8s/pkg/k8sd/features/coredns/coredns_test.go @@ -50,7 +50,6 @@ func TestDisabled(t *testing.T) { g.Expect(callArgs.Chart).To(Equal(coredns.Chart)) g.Expect(callArgs.State).To(Equal(helm.StateDeleted)) g.Expect(callArgs.Values).To(BeNil()) - }) t.Run("Success", func(t *testing.T) { g := NewWithT(t) diff --git a/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go b/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go index c6bdb78f0..006294d3c 100644 --- a/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go +++ b/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go @@ -15,7 +15,6 @@ import ( ) func TestApplyMetricsServer(t *testing.T) { - helmErr := errors.New("failed to apply") for _, tc := range []struct { name string diff --git a/src/k8s/pkg/k8sd/pki/worker_test.go b/src/k8s/pkg/k8sd/pki/worker_test.go index 4c9fac5cc..65d85215e 100644 --- a/src/k8s/pkg/k8sd/pki/worker_test.go +++ b/src/k8s/pkg/k8sd/pki/worker_test.go @@ -13,7 +13,6 @@ import ( ) func TestControlPlanePKI_CompleteWorkerNodePKI(t *testing.T) { - g := NewWithT(t) notBefore := time.Now() serverCACert, serverCAKey, err := pkiutil.GenerateSelfSignedCA(pkix.Name{CommonName: "kubernetes-ca"}, notBefore, notBefore.AddDate(1, 0, 0), 2048) diff --git a/src/k8s/pkg/k8sd/setup/certificates.go b/src/k8s/pkg/k8sd/setup/certificates.go index 283101e53..8508d9fc5 100644 --- a/src/k8s/pkg/k8sd/setup/certificates.go +++ b/src/k8s/pkg/k8sd/setup/certificates.go @@ -73,7 +73,7 @@ func ensureFiles(uid, gid int, mode fs.FileMode, files map[string]string) (bool, // and have the correct content, permissions and ownership. // It returns true if one or more files were updated and any error that occurred. func EnsureExtDatastorePKI(snap snap.Snap, certificates *pki.ExternalDatastorePKI) (bool, error) { - return ensureFiles(snap.UID(), snap.GID(), 0600, map[string]string{ + return ensureFiles(snap.UID(), snap.GID(), 0o600, map[string]string{ filepath.Join(snap.EtcdPKIDir(), "ca.crt"): certificates.DatastoreCACert, filepath.Join(snap.EtcdPKIDir(), "client.key"): certificates.DatastoreClientKey, filepath.Join(snap.EtcdPKIDir(), "client.crt"): certificates.DatastoreClientCert, @@ -84,7 +84,7 @@ func EnsureExtDatastorePKI(snap snap.Snap, certificates *pki.ExternalDatastorePK // and have the correct content, permissions and ownership. // It returns true if one or more files were updated and any error that occurred. func EnsureK8sDqlitePKI(snap snap.Snap, certificates *pki.K8sDqlitePKI) (bool, error) { - return ensureFiles(snap.UID(), snap.GID(), 0600, map[string]string{ + return ensureFiles(snap.UID(), snap.GID(), 0o600, map[string]string{ filepath.Join(snap.K8sDqliteStateDir(), "cluster.crt"): certificates.K8sDqliteCert, filepath.Join(snap.K8sDqliteStateDir(), "cluster.key"): certificates.K8sDqliteKey, }) @@ -94,7 +94,7 @@ func EnsureK8sDqlitePKI(snap snap.Snap, certificates *pki.K8sDqlitePKI) (bool, e // and have the correct content, permissions and ownership. // It returns true if one or more files were updated and any error that occurred. func EnsureControlPlanePKI(snap snap.Snap, certificates *pki.ControlPlanePKI) (bool, error) { - return ensureFiles(snap.UID(), snap.GID(), 0600, map[string]string{ + return ensureFiles(snap.UID(), snap.GID(), 0o600, map[string]string{ filepath.Join(snap.KubernetesPKIDir(), "apiserver-kubelet-client.crt"): certificates.APIServerKubeletClientCert, filepath.Join(snap.KubernetesPKIDir(), "apiserver-kubelet-client.key"): certificates.APIServerKubeletClientKey, filepath.Join(snap.KubernetesPKIDir(), "apiserver.crt"): certificates.APIServerCert, @@ -116,7 +116,7 @@ func EnsureControlPlanePKI(snap snap.Snap, certificates *pki.ControlPlanePKI) (b // and have the correct content, permissions and ownership. // It returns true if one or more files were updated and any error that occurred. func EnsureWorkerPKI(snap snap.Snap, certificates *pki.WorkerNodePKI) (bool, error) { - return ensureFiles(snap.UID(), snap.GID(), 0600, map[string]string{ + return ensureFiles(snap.UID(), snap.GID(), 0o600, map[string]string{ filepath.Join(snap.KubernetesPKIDir(), "ca.crt"): certificates.CACert, filepath.Join(snap.KubernetesPKIDir(), "client-ca.crt"): certificates.ClientCACert, filepath.Join(snap.KubernetesPKIDir(), "kubelet.crt"): certificates.KubeletCert, diff --git a/src/k8s/pkg/k8sd/setup/certificates_internal_test.go b/src/k8s/pkg/k8sd/setup/certificates_internal_test.go index 941392140..9454458d3 100644 --- a/src/k8s/pkg/k8sd/setup/certificates_internal_test.go +++ b/src/k8s/pkg/k8sd/setup/certificates_internal_test.go @@ -14,7 +14,7 @@ func TestEnsureFile(t *testing.T) { tempDir := t.TempDir() fname := filepath.Join(tempDir, "test") - updated, err := ensureFile(fname, "test", os.Getuid(), os.Getgid(), 0777) + updated, err := ensureFile(fname, "test", os.Getuid(), os.Getgid(), 0o777) g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeTrue()) @@ -28,12 +28,12 @@ func TestEnsureFile(t *testing.T) { fname := filepath.Join(tempDir, "test") // Create a file with some content. - updated, err := ensureFile(fname, "test", os.Getuid(), os.Getgid(), 0777) + updated, err := ensureFile(fname, "test", os.Getuid(), os.Getgid(), 0o777) g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeTrue()) // Delete the file. - updated, err = ensureFile(fname, "", os.Getuid(), os.Getgid(), 0777) + updated, err = ensureFile(fname, "", os.Getuid(), os.Getgid(), 0o777) g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeTrue()) @@ -47,17 +47,17 @@ func TestEnsureFile(t *testing.T) { fname := filepath.Join(tempDir, "test") // Create a file with some content. - updated, err := ensureFile(fname, "test", os.Getuid(), os.Getgid(), 0777) + updated, err := ensureFile(fname, "test", os.Getuid(), os.Getgid(), 0o777) g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeTrue()) // ensureFile with same content should return that the file was not updated. - updated, err = ensureFile(fname, "test", os.Getuid(), os.Getgid(), 0777) + updated, err = ensureFile(fname, "test", os.Getuid(), os.Getgid(), 0o777) g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeFalse()) // Change the content and ensureFile should return that the file was updated. - updated, err = ensureFile(fname, "new content", os.Getuid(), os.Getgid(), 0777) + updated, err = ensureFile(fname, "new content", os.Getuid(), os.Getgid(), 0o777) g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeTrue()) @@ -65,7 +65,7 @@ func TestEnsureFile(t *testing.T) { g.Expect(string(createdFile)).To(Equal("new content")) // Change permissions and ensureFile should return that the file was not updated. - updated, err = ensureFile(fname, "new content", os.Getuid(), os.Getgid(), 0666) + updated, err = ensureFile(fname, "new content", os.Getuid(), os.Getgid(), 0o666) g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeFalse()) }) @@ -76,7 +76,7 @@ func TestEnsureFile(t *testing.T) { fname := filepath.Join(tempDir, "test") // ensureFile on inexistent file with empty content should return that the file was not updated. - updated, err := ensureFile(fname, "", os.Getuid(), os.Getgid(), 0777) + updated, err := ensureFile(fname, "", os.Getuid(), os.Getgid(), 0o777) g.Expect(err).To(Not(HaveOccurred())) g.Expect(updated).To(BeFalse()) }) diff --git a/src/k8s/pkg/k8sd/setup/containerd.go b/src/k8s/pkg/k8sd/setup/containerd.go index dbf1545ec..15227e6cb 100644 --- a/src/k8s/pkg/k8sd/setup/containerd.go +++ b/src/k8s/pkg/k8sd/setup/containerd.go @@ -108,7 +108,7 @@ func Containerd(snap snap.Snap, extraContainerdConfig map[string]any, extraArgs return fmt.Errorf("failed to render containerd config.toml: %w", err) } - if err := os.WriteFile(filepath.Join(snap.ContainerdConfigDir(), "config.toml"), b, 0600); err != nil { + if err := os.WriteFile(filepath.Join(snap.ContainerdConfigDir(), "config.toml"), b, 0o600); err != nil { return fmt.Errorf("failed to write config.toml: %w", err) } @@ -131,7 +131,7 @@ func Containerd(snap snap.Snap, extraContainerdConfig map[string]any, extraArgs if err := utils.CopyFile(snap.CNIPluginsBinary(), cniBinary); err != nil { return fmt.Errorf("failed to copy cni plugin binary: %w", err) } - if err := os.Chmod(cniBinary, 0700); err != nil { + if err := os.Chmod(cniBinary, 0o700); err != nil { return fmt.Errorf("failed to chmod cni plugin binary: %w", err) } if err := os.Chown(cniBinary, snap.UID(), snap.GID()); err != nil { diff --git a/src/k8s/pkg/k8sd/setup/containerd_test.go b/src/k8s/pkg/k8sd/setup/containerd_test.go index bf895d263..66bfd2714 100644 --- a/src/k8s/pkg/k8sd/setup/containerd_test.go +++ b/src/k8s/pkg/k8sd/setup/containerd_test.go @@ -20,7 +20,7 @@ func TestContainerd(t *testing.T) { dir := t.TempDir() - g.Expect(os.WriteFile(filepath.Join(dir, "mockcni"), []byte("echo hi"), 0600)).To(Succeed()) + g.Expect(os.WriteFile(filepath.Join(dir, "mockcni"), []byte("echo hi"), 0o600)).To(Succeed()) s := &mock.Snap{ Mock: mock.Mock{ @@ -63,7 +63,7 @@ func TestContainerd(t *testing.T) { info, err := os.Stat(filepath.Join(dir, "containerd", "config.toml")) g.Expect(err).To(Not(HaveOccurred())) - g.Expect(info.Mode().Perm()).To(Equal(fs.FileMode(0600))) + g.Expect(info.Mode().Perm()).To(Equal(fs.FileMode(0o600))) switch stat := info.Sys().(type) { case *syscall.Stat_t: @@ -84,7 +84,7 @@ func TestContainerd(t *testing.T) { info, err := os.Stat(filepath.Join(dir, "opt-cni-bin")) g.Expect(err).To(Not(HaveOccurred())) - g.Expect(info.Mode().Perm()).To(Equal(fs.FileMode(0700))) + g.Expect(info.Mode().Perm()).To(Equal(fs.FileMode(0o700))) switch stat := info.Sys().(type) { case *syscall.Stat_t: diff --git a/src/k8s/pkg/k8sd/setup/directories.go b/src/k8s/pkg/k8sd/setup/directories.go index f4b8c4779..7b0a2afc9 100644 --- a/src/k8s/pkg/k8sd/setup/directories.go +++ b/src/k8s/pkg/k8sd/setup/directories.go @@ -33,7 +33,7 @@ func EnsureAllDirectories(snap snap.Snap) error { if dir == "" { continue } - if err := os.MkdirAll(dir, 0700); err != nil { + if err := os.MkdirAll(dir, 0o700); err != nil { return fmt.Errorf("failed to create required directory: %w", err) } } diff --git a/src/k8s/pkg/k8sd/setup/k8s_dqlite.go b/src/k8s/pkg/k8sd/setup/k8s_dqlite.go index ab4b8fbcd..92fc4812d 100644 --- a/src/k8s/pkg/k8sd/setup/k8s_dqlite.go +++ b/src/k8s/pkg/k8sd/setup/k8s_dqlite.go @@ -22,7 +22,7 @@ func K8sDqlite(snap snap.Snap, address string, cluster []string, extraArgs map[s if err := os.RemoveAll(snap.K8sDqliteStateDir()); err != nil { return fmt.Errorf("failed to cleanup not-empty k8s-dqlite directory: %w", err) } - if err := os.MkdirAll(snap.K8sDqliteStateDir(), 0700); err != nil { + if err := os.MkdirAll(snap.K8sDqliteStateDir(), 0o700); err != nil { return fmt.Errorf("failed to create k8s-dqlite state directory: %w", err) } } @@ -32,7 +32,7 @@ func K8sDqlite(snap snap.Snap, address string, cluster []string, extraArgs map[s return fmt.Errorf("failed to create init.yaml file for address=%s cluster=%v: %w", address, cluster, err) } - if err := os.WriteFile(filepath.Join(snap.K8sDqliteStateDir(), "init.yaml"), b, 0600); err != nil { + if err := os.WriteFile(filepath.Join(snap.K8sDqliteStateDir(), "init.yaml"), b, 0o600); err != nil { return fmt.Errorf("failed to write init.yaml: %w", err) } diff --git a/src/k8s/pkg/k8sd/setup/kube_apiserver.go b/src/k8s/pkg/k8sd/setup/kube_apiserver.go index 457ba1b96..09d38a660 100644 --- a/src/k8s/pkg/k8sd/setup/kube_apiserver.go +++ b/src/k8s/pkg/k8sd/setup/kube_apiserver.go @@ -52,7 +52,7 @@ var ( // KubeAPIServer configures kube-apiserver on the local node. func KubeAPIServer(snap snap.Snap, securePort int, nodeIP net.IP, serviceCIDR string, authWebhookURL string, enableFrontProxy bool, datastore types.Datastore, authorizationMode string, extraArgs map[string]*string) error { authTokenWebhookConfigFile := filepath.Join(snap.ServiceExtraConfigDir(), "auth-token-webhook.conf") - authTokenWebhookFile, err := os.OpenFile(authTokenWebhookConfigFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) + authTokenWebhookFile, err := os.OpenFile(authTokenWebhookConfigFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600) if err != nil { return fmt.Errorf("failed to open auth-token-webhook.conf: %w", err) } diff --git a/src/k8s/pkg/k8sd/setup/kube_scheduler_test.go b/src/k8s/pkg/k8sd/setup/kube_scheduler_test.go index 35ae0583f..cf406778d 100644 --- a/src/k8s/pkg/k8sd/setup/kube_scheduler_test.go +++ b/src/k8s/pkg/k8sd/setup/kube_scheduler_test.go @@ -53,7 +53,6 @@ func TestKubeScheduler(t *testing.T) { args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-scheduler")) g.Expect(err).ToNot(HaveOccurred()) g.Expect(args).To(HaveLen(len(tests))) - }) t.Run("WithExtraArgs", func(t *testing.T) { @@ -100,7 +99,6 @@ func TestKubeScheduler(t *testing.T) { args, err := utils.ParseArgumentFile(filepath.Join(s.Mock.ServiceArgumentsDir, "kube-scheduler")) g.Expect(err).ToNot(HaveOccurred()) g.Expect(args).To(HaveLen(len(tests))) - }) t.Run("MissingArgsDir", func(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/setup/kubelet_test.go b/src/k8s/pkg/k8sd/setup/kubelet_test.go index b2fc952df..2381b1acd 100644 --- a/src/k8s/pkg/k8sd/setup/kubelet_test.go +++ b/src/k8s/pkg/k8sd/setup/kubelet_test.go @@ -14,8 +14,10 @@ import ( // These values are hard-coded and need to be updated if the // implementation changes. -var expectedControlPlaneLabels = "node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/worker=,k8sd.io/role=control-plane" -var expectedWorkerLabels = "node-role.kubernetes.io/worker=,k8sd.io/role=worker" +var ( + expectedControlPlaneLabels = "node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/worker=,k8sd.io/role=control-plane" + expectedWorkerLabels = "node-role.kubernetes.io/worker=,k8sd.io/role=worker" +) var kubeletTLSCipherSuites = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384" diff --git a/src/k8s/pkg/k8sd/setup/templates.go b/src/k8s/pkg/k8sd/setup/templates.go index f2e7a965f..4fac815b4 100644 --- a/src/k8s/pkg/k8sd/setup/templates.go +++ b/src/k8s/pkg/k8sd/setup/templates.go @@ -7,10 +7,8 @@ import ( "text/template" ) -var ( - //go:embed embed - templates embed.FS -) +//go:embed embed +var templates embed.FS func mustTemplate(parts ...string) *template.Template { path := filepath.Join(append([]string{"embed"}, parts...)...) diff --git a/src/k8s/pkg/k8sd/setup/util_extra_files.go b/src/k8s/pkg/k8sd/setup/util_extra_files.go index 31f3cfb57..2376b5645 100644 --- a/src/k8s/pkg/k8sd/setup/util_extra_files.go +++ b/src/k8s/pkg/k8sd/setup/util_extra_files.go @@ -20,7 +20,7 @@ func ExtraNodeConfigFiles(snap snap.Snap, files map[string]string) error { filePath := filepath.Join(snap.ServiceExtraConfigDir(), filename) // Write the content to the file - if err := os.WriteFile(filePath, []byte(content), 0400); err != nil { + if err := os.WriteFile(filePath, []byte(content), 0o400); err != nil { return fmt.Errorf("failed to write to file %s: %w", filePath, err) } diff --git a/src/k8s/pkg/k8sd/setup/util_extra_files_test.go b/src/k8s/pkg/k8sd/setup/util_extra_files_test.go index ad4fa38bb..378810513 100644 --- a/src/k8s/pkg/k8sd/setup/util_extra_files_test.go +++ b/src/k8s/pkg/k8sd/setup/util_extra_files_test.go @@ -60,7 +60,7 @@ func TestExtraNodeConfigFiles(t *testing.T) { // Verify the file exists info, err := os.Stat(filePath) g.Expect(err).ToNot(gomega.HaveOccurred()) - g.Expect(info.Mode().Perm()).To(gomega.Equal(os.FileMode(0400))) + g.Expect(info.Mode().Perm()).To(gomega.Equal(os.FileMode(0o400))) // Verify the file content actualContent, err := os.ReadFile(filePath) diff --git a/src/k8s/pkg/k8sd/setup/util_kubeconfig.go b/src/k8s/pkg/k8sd/setup/util_kubeconfig.go index 413fa04a5..7b1157df1 100644 --- a/src/k8s/pkg/k8sd/setup/util_kubeconfig.go +++ b/src/k8s/pkg/k8sd/setup/util_kubeconfig.go @@ -74,5 +74,4 @@ func SetupControlPlaneKubeconfigs(kubeConfigDir string, localhostAddress string, } } return nil - } diff --git a/src/k8s/pkg/k8sd/types/cluster_config_certificates.go b/src/k8s/pkg/k8sd/types/cluster_config_certificates.go index ce61a612a..e7aa1120c 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_certificates.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_certificates.go @@ -25,6 +25,7 @@ func (c Certificates) GetClientCACert() string { } return c.GetCACert() } + func (c Certificates) GetClientCAKey() string { // versions before 1.30.2 were using the same CA for server and client certificates if v := getField(c.ClientCAKey); v != "" { @@ -38,6 +39,7 @@ func (c Certificates) GetServiceAccountKey() string { return getField(c.ServiceA func (c Certificates) GetAPIServerKubeletClientCert() string { return getField(c.APIServerKubeletClientCert) } + func (c Certificates) GetAPIServerKubeletClientKey() string { return getField(c.APIServerKubeletClientKey) } diff --git a/src/k8s/pkg/k8sd/types/cluster_config_convert_test.go b/src/k8s/pkg/k8sd/types/cluster_config_convert_test.go index 47ed49deb..ad58cb846 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_convert_test.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_convert_test.go @@ -254,6 +254,5 @@ func TestClusterConfigFromBootstrapConfig(t *testing.T) { g.Expect(err).To(HaveOccurred()) }) } - }) } diff --git a/src/k8s/pkg/k8sd/types/refresh.go b/src/k8s/pkg/k8sd/types/refresh.go index 365c9cb30..286826230 100644 --- a/src/k8s/pkg/k8sd/types/refresh.go +++ b/src/k8s/pkg/k8sd/types/refresh.go @@ -17,7 +17,7 @@ type RefreshOpts struct { } func RefreshOptsFromAPI(req apiv1.SnapRefreshRequest) (RefreshOpts, error) { - var optsMap = map[string]string{ + optsMap := map[string]string{ "localPath": req.LocalPath, "channel": req.Channel, "revision": req.Revision, diff --git a/src/k8s/pkg/proxy/config.go b/src/k8s/pkg/proxy/config.go index 08c2d6a86..3417016ec 100644 --- a/src/k8s/pkg/proxy/config.go +++ b/src/k8s/pkg/proxy/config.go @@ -33,7 +33,7 @@ func WriteEndpointsConfig(endpoints []string, file string) error { return fmt.Errorf("failed to marshal configuration: %w", err) } - if err := os.WriteFile(file, b, 0600); err != nil { + if err := os.WriteFile(file, b, 0o600); err != nil { return fmt.Errorf("failed to write configuration file %s: %w", file, err) } return nil diff --git a/src/k8s/pkg/snap/mock/mock.go b/src/k8s/pkg/snap/mock/mock.go index 4120303ca..17ecf9af2 100644 --- a/src/k8s/pkg/snap/mock/mock.go +++ b/src/k8s/pkg/snap/mock/mock.go @@ -78,6 +78,7 @@ func (s *Snap) StartService(ctx context.Context, name string) error { } return s.StartServiceErr } + func (s *Snap) StopService(ctx context.Context, name string) error { if len(s.StopServiceCalledWith) == 0 { s.StopServiceCalledWith = []string{name} @@ -86,6 +87,7 @@ func (s *Snap) StopService(ctx context.Context, name string) error { } return s.StopServiceErr } + func (s *Snap) RestartService(ctx context.Context, name string) error { if len(s.RestartServiceCalledWith) == 0 { s.RestartServiceCalledWith = []string{name} @@ -94,6 +96,7 @@ func (s *Snap) RestartService(ctx context.Context, name string) error { } return s.RestartServiceErr } + func (s *Snap) Refresh(ctx context.Context, opts types.RefreshOpts) (string, error) { if len(s.RefreshCalledWith) == 0 { s.RefreshCalledWith = []types.RefreshOpts{opts} @@ -102,107 +105,141 @@ func (s *Snap) Refresh(ctx context.Context, opts types.RefreshOpts) (string, err } return "", s.RefreshErr } + func (s *Snap) RefreshStatus(ctx context.Context, changeID string) (*types.RefreshStatus, error) { return nil, nil } + func (s *Snap) Strict() bool { return s.Mock.Strict } + func (s *Snap) OnLXD(context.Context) (bool, error) { return s.Mock.OnLXD, s.Mock.OnLXDErr } + func (s *Snap) UID() int { return s.Mock.UID } + func (s *Snap) GID() int { return s.Mock.GID } + func (s *Snap) Hostname() string { return s.Mock.Hostname } + func (s *Snap) ContainerdConfigDir() string { return s.Mock.ContainerdConfigDir } + func (s *Snap) ContainerdRootDir() string { return s.Mock.ContainerdRootDir } + func (s *Snap) ContainerdStateDir() string { return s.Mock.ContainerdStateDir } + func (s *Snap) ContainerdSocketDir() string { return s.Mock.ContainerdSocketDir } + func (s *Snap) ContainerdExtraConfigDir() string { return s.Mock.ContainerdExtraConfigDir } + func (s *Snap) ContainerdRegistryConfigDir() string { return s.Mock.ContainerdRegistryConfigDir } + func (s *Snap) KubernetesConfigDir() string { return s.Mock.KubernetesConfigDir } + func (s *Snap) KubernetesPKIDir() string { return s.Mock.KubernetesPKIDir } + func (s *Snap) EtcdPKIDir() string { return s.Mock.EtcdPKIDir } + func (s *Snap) KubeletRootDir() string { return s.Mock.KubeletRootDir } + func (s *Snap) CNIConfDir() string { return s.Mock.CNIConfDir } + func (s *Snap) CNIBinDir() string { return s.Mock.CNIBinDir } + func (s *Snap) CNIPluginsBinary() string { return s.Mock.CNIPluginsBinary } + func (s *Snap) CNIPlugins() []string { return s.Mock.CNIPlugins } + func (s *Snap) K8sdStateDir() string { return s.Mock.K8sdStateDir } + func (s *Snap) K8sDqliteStateDir() string { return s.Mock.K8sDqliteStateDir } + func (s *Snap) ServiceArgumentsDir() string { return s.Mock.ServiceArgumentsDir } + func (s *Snap) ServiceExtraConfigDir() string { return s.Mock.ServiceExtraConfigDir } + func (s *Snap) LockFilesDir() string { return s.Mock.LockFilesDir } + func (s *Snap) NodeTokenFile() string { return s.Mock.NodeTokenFile } + func (s *Snap) KubernetesClient(namespace string) (*kubernetes.Client, error) { return s.Mock.KubernetesClient, nil } + func (s *Snap) KubernetesNodeClient(namespace string) (*kubernetes.Client, error) { return s.Mock.KubernetesNodeClient, nil } + func (s *Snap) HelmClient() helm.Client { return s.Mock.HelmClient } + func (s *Snap) K8sDqliteClient(context.Context) (*dqlite.Client, error) { return s.Mock.K8sDqliteClient, nil } + func (s *Snap) K8sdClient(address string) (k8sd.Client, error) { return s.Mock.K8sdClient, nil } + func (s *Snap) SnapctlGet(ctx context.Context, args ...string) ([]byte, error) { s.SnapctlGetCalledWith = append(s.SnapctlGetCalledWith, args) return s.Mock.SnapctlGet[strings.Join(args, " ")], s.SnapctlGetErr } + func (s *Snap) SnapctlSet(ctx context.Context, args ...string) error { s.SnapctlSetCalledWith = append(s.SnapctlSetCalledWith, args) return s.SnapctlSetErr } + func (s *Snap) PreInitChecks(ctx context.Context, config types.ClusterConfig) error { s.PreInitChecksCalledWith = append(s.PreInitChecksCalledWith, config) return s.PreInitChecksErr diff --git a/src/k8s/pkg/snap/util/arguments.go b/src/k8s/pkg/snap/util/arguments.go index 74c52697c..12d3011be 100644 --- a/src/k8s/pkg/snap/util/arguments.go +++ b/src/k8s/pkg/snap/util/arguments.go @@ -103,7 +103,7 @@ func UpdateServiceArguments(snap snap.Snap, serviceName string, updateMap map[st // sort arguments so that output is consistent sort.Strings(newArguments) - if err := os.WriteFile(argumentsFile, []byte(strings.Join(newArguments, "\n")+"\n"), 0600); err != nil { + if err := os.WriteFile(argumentsFile, []byte(strings.Join(newArguments, "\n")+"\n"), 0o600); err != nil { return false, fmt.Errorf("failed to write arguments for service %s: %w", serviceName, err) } return changed, nil diff --git a/src/k8s/pkg/snap/util/arguments_test.go b/src/k8s/pkg/snap/util/arguments_test.go index 132d3f1e1..52fe4a1b3 100644 --- a/src/k8s/pkg/snap/util/arguments_test.go +++ b/src/k8s/pkg/snap/util/arguments_test.go @@ -32,7 +32,7 @@ func TestGetServiceArgument(t *testing.T) { --key=value-of-service-two `, } { - g.Expect(os.WriteFile(filepath.Join(dir, svc), []byte(args), 0600)).To(Succeed()) + g.Expect(os.WriteFile(filepath.Join(dir, svc), []byte(args), 0o600)).To(Succeed()) } for _, tc := range []struct { diff --git a/src/k8s/pkg/snap/util/node.go b/src/k8s/pkg/snap/util/node.go index 09dfe8289..d121970bc 100644 --- a/src/k8s/pkg/snap/util/node.go +++ b/src/k8s/pkg/snap/util/node.go @@ -25,7 +25,7 @@ func MarkAsWorkerNode(snap snap.Snap, mark bool) error { if err := os.Chown(fname, snap.UID(), snap.GID()); err != nil { return fmt.Errorf("failed to chown %s: %w", fname, err) } - if err := os.Chmod(fname, 0600); err != nil { + if err := os.Chmod(fname, 0o600); err != nil { return fmt.Errorf("failed to chmod %s: %w", fname, err) } } else { diff --git a/src/k8s/pkg/utils/control/retry_test.go b/src/k8s/pkg/utils/control/retry_test.go index ce1d078e3..1de78cb16 100644 --- a/src/k8s/pkg/utils/control/retry_test.go +++ b/src/k8s/pkg/utils/control/retry_test.go @@ -22,7 +22,6 @@ func TestRetryFor(t *testing.T) { } return nil }) - if err != nil { t.Errorf("Expected nil error, got: %v", err) } diff --git a/src/k8s/pkg/utils/file.go b/src/k8s/pkg/utils/file.go index 990471531..1b6728334 100644 --- a/src/k8s/pkg/utils/file.go +++ b/src/k8s/pkg/utils/file.go @@ -119,6 +119,7 @@ func CopyFile(srcFile, dstFile string) error { return nil } + func FileExists(path ...string) (bool, error) { if _, err := os.Stat(filepath.Join(path...)); err != nil { if !os.IsNotExist(err) { diff --git a/src/k8s/pkg/utils/file_test.go b/src/k8s/pkg/utils/file_test.go index 056056651..3efa8da76 100644 --- a/src/k8s/pkg/utils/file_test.go +++ b/src/k8s/pkg/utils/file_test.go @@ -88,7 +88,7 @@ func TestParseArgumentFile(t *testing.T) { g := NewWithT(t) filePath := filepath.Join(t.TempDir(), tc.name) - err := os.WriteFile(filePath, []byte(tc.content), 0755) + err := os.WriteFile(filePath, []byte(tc.content), 0o755) if err != nil { t.Fatalf("Failed to setup testfile: %v", err) } diff --git a/src/k8s/pkg/utils/time_test.go b/src/k8s/pkg/utils/time_test.go index dce809058..5b816ebfc 100644 --- a/src/k8s/pkg/utils/time_test.go +++ b/src/k8s/pkg/utils/time_test.go @@ -44,9 +44,7 @@ func TestSecondsToExpirationDate(t *testing.T) { got := utils.SecondsToExpirationDate(now, tt.seconds) g.Expect(got).To(Equal(tt.want)) }) - } - } func TestTTLToSeconds(t *testing.T) { From e30d4ada8b296e0795ffd9752f2d962d57a1b3a6 Mon Sep 17 00:00:00 2001 From: "Louise K. Schmidtgen" Date: Tue, 22 Oct 2024 16:02:14 +0200 Subject: [PATCH 070/122] Strict interfaces test (#748) --- .github/workflows/nightly-test.yaml | 3 +- .../tests/test_strict_interfaces.py | 75 +++++++++++++++ tests/integration/tests/test_util/config.py | 5 + tests/integration/tests/test_util/snap.py | 94 +++++++++++-------- tests/integration/tests/test_util/util.py | 10 +- .../tests/test_version_upgrades.py | 2 +- 6 files changed, 146 insertions(+), 43 deletions(-) create mode 100644 tests/integration/tests/test_strict_interfaces.py diff --git a/.github/workflows/nightly-test.yaml b/.github/workflows/nightly-test.yaml index b4a57a9de..8a542622b 100644 --- a/.github/workflows/nightly-test.yaml +++ b/.github/workflows/nightly-test.yaml @@ -2,7 +2,7 @@ name: Nightly Latest/Edge Tests on: schedule: - - cron: '0 0 * * *' # Runs every midnight + - cron: "0 0 * * *" # Runs every midnight permissions: contents: read @@ -45,6 +45,7 @@ jobs: # Test the latest (up to) 6 releases for the flavour # TODO(ben): upgrade nightly to run all flavours TEST_VERSION_UPGRADE_CHANNELS: "recent 6 classic" + TEST_STRICT_INTERFACE_CHANNELS: "recent 6 strict" run: | export PATH="/home/runner/.local/bin:$PATH" cd tests/integration && sg lxd -c 'tox -vve integration' diff --git a/tests/integration/tests/test_strict_interfaces.py b/tests/integration/tests/test_strict_interfaces.py new file mode 100644 index 000000000..58d5df75e --- /dev/null +++ b/tests/integration/tests/test_strict_interfaces.py @@ -0,0 +1,75 @@ +# +# Copyright 2024 Canonical, Ltd. +# +import logging +from typing import List + +import pytest +from test_util import config, harness, snap, util + +LOG = logging.getLogger(__name__) + + +@pytest.mark.node_count(1) +@pytest.mark.no_setup() +@pytest.mark.skipif( + not config.STRICT_INTERFACE_CHANNELS, reason="No strict channels configured" +) +def test_strict_interfaces(instances: List[harness.Instance], tmp_path): + channels = config.STRICT_INTERFACE_CHANNELS + cp = instances[0] + current_channel = channels[0] + + if current_channel.lower() == "recent": + if len(channels) != 3: + pytest.fail( + "'recent' requires the number of releases as second argument and the flavour as third argument" + ) + _, num_channels, flavour = channels + channels = snap.get_channels(int(num_channels), flavour, cp.arch, "edge", True) + + for channel in channels: + util.setup_k8s_snap(cp, tmp_path, channel, connect_interfaces=False) + + # Log the current snap version on the node. + out = cp.exec(["snap", "list", config.SNAP_NAME], capture_output=True) + LOG.info(f"Current snap version: {out.stdout.decode().strip()}") + + check_snap_interfaces(cp, config.SNAP_NAME) + + cp.exec(["snap", "remove", config.SNAP_NAME, "--purge"]) + + +def check_snap_interfaces(cp, snap_name): + """Check the strict snap interfaces.""" + interfaces = [ + "docker-privileged", + "kubernetes-support", + "network", + "network-bind", + "network-control", + "network-observe", + "firewall-control", + "process-control", + "kernel-module-observe", + "cilium-module-load", + "mount-observe", + "hardware-observe", + "system-observe", + "home", + "opengl", + "home-read-all", + "login-session-observe", + "log-observe", + ] + for interface in interfaces: + cp.exec( + [ + "snap", + "run", + "--shell", + snap_name, + "-c", + f"snapctl is-connected {interface}", + ], + ) diff --git a/tests/integration/tests/test_util/config.py b/tests/integration/tests/test_util/config.py index ce4fc5967..11cb12576 100644 --- a/tests/integration/tests/test_util/config.py +++ b/tests/integration/tests/test_util/config.py @@ -119,3 +119,8 @@ VERSION_UPGRADE_CHANNELS = ( os.environ.get("TEST_VERSION_UPGRADE_CHANNELS", "").strip().split() ) +# A list of space-separated channels for which the strict interface tests should be run in sequential order. +# Alternatively, use 'recent strict' to get the latest channels for strict. +STRICT_INTERFACE_CHANNELS = ( + os.environ.get("TEST_STRICT_INTERFACE_CHANNELS", "").strip().split() +) diff --git a/tests/integration/tests/test_util/snap.py b/tests/integration/tests/test_util/snap.py index 9ad77ab49..fe0219fe2 100644 --- a/tests/integration/tests/test_util/snap.py +++ b/tests/integration/tests/test_util/snap.py @@ -37,27 +37,9 @@ def get_snap_info(snap_name=SNAP_NAME): raise -def get_latest_channels( - num_of_channels: int, flavor: str, arch: str, include_latest=True -) -> List[str]: - """Get an ascending list of latest channels based on the number of channels and flavour. - - e.g. get_latest_release_channels(3, "classic") -> ['1.31-classic/candidate', '1.30-classic/candidate'] - if there are less than num_of_channels available, return all available channels. - Only the most stable risk level is returned for each major.minor version. - By default, the `latest/edge/` channel is included in the list. - """ - snap_info = get_snap_info() - - # Extract channel information - channels = snap_info.get("channel-map", []) - available_channels = [ - ch["channel"]["name"] - for ch in channels - if ch["channel"]["architecture"] == arch - ] - - # Define regex pattern to match channels in the format 'major.minor-flavour' +def filter_arch_and_flavor(channels: List[dict], arch: str, flavor: str) -> List[tuple]: + """Filter available channels by architecture and match them with a given regex pattern + for a flavor.""" if flavor == "strict": pattern = re.compile(r"(\d+)\.(\d+)\/(" + "|".join(RISK_LEVELS) + ")") else: @@ -65,29 +47,65 @@ def get_latest_channels( r"(\d+)\.(\d+)-" + re.escape(flavor) + r"\/(" + "|".join(RISK_LEVELS) + ")" ) - # Dictionary to store the highest risk level for each major.minor + matched_channels = [] + for ch in channels: + if ch["channel"]["architecture"] == arch: + channel_name = ch["channel"]["name"] + match = pattern.match(channel_name) + if match: + major, minor, risk = match.groups() + matched_channels.append((channel_name, int(major), int(minor), risk)) + + return matched_channels + + +def get_most_stable_channels( + num_of_channels: int, flavor: str, arch: str, include_latest=True +) -> List[str]: + """Get an ascending list of latest channels based on the number of channels + flavour and architecture.""" + snap_info = get_snap_info() + + # Extract channel information and filter by architecture and flavor + arch_flavor_channels = filter_arch_and_flavor( + snap_info.get("channel-map", []), arch, flavor + ) + + # Dictionary to store the most stable channels for each version channel_map = {} + for channel, major, minor, risk in arch_flavor_channels: + version_key = (int(major), int(minor)) + + if version_key not in channel_map or RISK_LEVELS.index( + risk + ) < RISK_LEVELS.index(channel_map[version_key][1]): + channel_map[version_key] = (channel, risk) + + # Sort channels by major and minor version (ascending order) + sorted_versions = sorted(channel_map.keys(), key=lambda v: (v[0], v[1])) + + # Extract only the channel names + final_channels = [channel_map[v][0] for v in sorted_versions[:num_of_channels]] - for channel in available_channels: - match = pattern.match(channel) - if match: - major, minor, risk = match.groups() - major_minor = (int(major), int(minor)) + if include_latest: + final_channels.append(f"latest/edge/{flavor}") - # Store only the highest risk level channel for each major.minor - if major_minor not in channel_map or RISK_LEVELS.index( - risk - ) < RISK_LEVELS.index(channel_map[major_minor][1]): - channel_map[major_minor] = (channel, risk) + return final_channels - # Sort channels by major and minor version in descending order - sorted_channels = sorted(channel_map.keys(), reverse=False) - # Prepare final channel list - final_channels = [channel_map[mm][0] for mm in sorted_channels[:num_of_channels]] +def get_channels( + num_of_channels: int, flavor: str, arch: str, risk_level: str, include_latest=True +) -> List[str]: + """Get channels based on the risk level, architecture and flavour.""" + snap_info = get_snap_info() + arch_flavor_channels = filter_arch_and_flavor( + snap_info.get("channel-map", []), arch, flavor + ) + matching_channels = [ch[0] for ch in arch_flavor_channels if ch[3] == risk_level] + matching_channels = matching_channels[:num_of_channels] if include_latest: latest_channel = f"latest/edge/{flavor}" - final_channels.append(latest_channel) + matching_channels.append(latest_channel) - return final_channels + return matching_channels diff --git a/tests/integration/tests/test_util/util.py b/tests/integration/tests/test_util/util.py index 66073db73..69751098f 100644 --- a/tests/integration/tests/test_util/util.py +++ b/tests/integration/tests/test_util/util.py @@ -141,7 +141,10 @@ def _as_int(value: Optional[str]) -> Optional[int]: def setup_k8s_snap( - instance: harness.Instance, tmp_path: Path, snap: Optional[str] = None + instance: harness.Instance, + tmp_path: Path, + snap: Optional[str] = None, + connect_interfaces=True, ): """Installs and sets up the snap on the given instance and connects the interfaces. @@ -176,8 +179,9 @@ def setup_k8s_snap( cmd += [config.SNAP_NAME, "--channel", channel] instance.exec(cmd) - LOG.info("Ensure k8s interfaces and network requirements") - instance.exec(["/snap/k8s/current/k8s/hack/init.sh"], stdout=subprocess.DEVNULL) + if connect_interfaces: + LOG.info("Ensure k8s interfaces and network requirements") + instance.exec(["/snap/k8s/current/k8s/hack/init.sh"], stdout=subprocess.DEVNULL) def wait_until_k8s_ready( diff --git a/tests/integration/tests/test_version_upgrades.py b/tests/integration/tests/test_version_upgrades.py index 3d9207759..6df9171ae 100644 --- a/tests/integration/tests/test_version_upgrades.py +++ b/tests/integration/tests/test_version_upgrades.py @@ -26,7 +26,7 @@ def test_version_upgrades(instances: List[harness.Instance], tmp_path): "'recent' requires the number of releases as second argument and the flavour as third argument" ) _, num_channels, flavour = channels - channels = snap.get_latest_channels(int(num_channels), flavour, cp.arch) + channels = snap.get_most_stable_channels(int(num_channels), flavour, cp.arch) current_channel = channels[0] LOG.info( From 446997303e1e11ff58461c9aa8e38a47bb0321d3 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Thu, 24 Oct 2024 13:39:55 +0200 Subject: [PATCH 071/122] Add docs page for IPv6-only (#756) --------- Co-authored-by: Louise K. Schmidtgen --- docs/src/snap/howto/networking/index.md | 1 + docs/src/snap/howto/networking/ipv6.md | 142 ++++++++++++++++++++++++ 2 files changed, 143 insertions(+) create mode 100644 docs/src/snap/howto/networking/ipv6.md diff --git a/docs/src/snap/howto/networking/index.md b/docs/src/snap/howto/networking/index.md index 98d42bd55..64f64ce49 100644 --- a/docs/src/snap/howto/networking/index.md +++ b/docs/src/snap/howto/networking/index.md @@ -16,4 +16,5 @@ how to configure and use key capabilities of {{product}}. /snap/howto/networking/default-ingress.md /snap/howto/networking/default-loadbalancer.md /snap/howto/networking/dualstack.md +/snap/howto/networking/ipv6.md ``` diff --git a/docs/src/snap/howto/networking/ipv6.md b/docs/src/snap/howto/networking/ipv6.md new file mode 100644 index 000000000..143379ab7 --- /dev/null +++ b/docs/src/snap/howto/networking/ipv6.md @@ -0,0 +1,142 @@ +# How to Setup an IPv6-Only Cluster + +An IPv6-only Kubernetes cluster operates exclusively using IPv6 addresses, +without support for IPv4. This configuration is ideal for environments that +are transitioning away from IPv4 or want to take full advantage of IPv6's +expanded address space. This document, explains how to set up +an IPv6-only cluster, including key configurations and necessary checks +to ensure proper setup. + +## Prerequisites + +Before setting up an IPv6-only cluster, ensure that: + +- Your environment supports IPv6. +- Network infrastructure, such as routers, firewalls, and DNS, are configured +to handle IPv6 traffic. +- Any underlying infrastructure (e.g. cloud providers, bare metal setups) +must be IPv6-compatible. + +## Setting Up an IPv6-Only Cluster + +The process of creating an IPv6-only cluster involves specifying only IPv6 +CIDRs for pods and services during the bootstrap process. Unlike dual-stack, +only IPv6 CIDRs are used. + +1. **Bootstrap Kubernetes with IPv6 CIDRs** + +Start by bootstrapping the Kubernetes cluster and providing only IPv6 +CIDRs for pods and services: + +```bash +sudo k8s bootstrap --timeout 10m --interactive +``` + +When prompted, set the pod and service CIDRs to IPv6 ranges. For example: + +``` +Please set the Pod CIDR: [fd01::/108] +Please set the Service CIDR: [fd98::/108] +``` + +Alternatively, these values can be configured in a bootstrap configuration file +named `bootstrap-config.yaml` in this example: + +```yaml +pod-cidr: fd01::/108 +service-cidr: fd98::/108 +``` + +Specify the configuration file during the bootstrapping process: + +```bash +sudo k8s bootstrap --file bootstrap-config.yaml +``` + +2. **Verify Pod and Service Creation** + +Once the cluster is up, verify that all pods are running: + +```sh +sudo k8s kubectl get pods -A +``` + +Deploy a pod with an nginx web-server and expose it via a service to verify +connectivity of the IPv6-only cluster. Create a manifest file +`nginx-ipv6.yaml` with the following content: + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-ipv6 +spec: + selector: + matchLabels: + run: nginx-ipv6 + replicas: 1 + template: + metadata: + labels: + run: nginx-ipv6 + spec: + containers: + - name: nginx-ipv6 + image: rocks.canonical.com/cdk/diverdane/nginxipv6:1.0.0 + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx-ipv6 + labels: + run: nginx-ipv6 +spec: + type: NodePort + ipFamilies: + - IPv6 + ports: + - port: 80 + protocol: TCP + selector: + run: nginx-ipv6 +``` + +Deploy the web-server and its service by running: + +```sh +sudo k8s kubectl apply -f nginx-ipv6.yaml +``` + +3. **Verify IPv6 Connectivity** + +Retrieve the service details to confirm an IPv6 address is assigned: + +```sh +sudo k8s kubectl get service nginx-ipv6 -n default +``` + +Obtain the service’s IPv6 address from the output: + +``` +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +nginx-ipv6 NodePort fd98::7534 80:32248/TCP 2m +``` + +Use the assigned IPv6 address to test connectivity: + +```bash +curl http://[fd98::7534]/ +``` + +A welcome message from the nginx web-server is displayed when IPv6 +connectivity is set up correctly. + +## IPv6-Only Cluster Considerations + +**Service and Pod CIDR Sizing** + +Use `/108` as the maximum size for Service CIDRs. Larger ranges (e.g., `/64`) +may lead to allocation errors or Kubernetes failing to initialize the IPv6 +address allocator. From abb6f7f35e5dfe2461e0a8739ae45b6a1b4f03f1 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Thu, 24 Oct 2024 13:42:00 +0200 Subject: [PATCH 072/122] Add timeout to integration tests LXD container removal (#757) --- tests/integration/tests/test_util/harness/lxd.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/integration/tests/test_util/harness/lxd.py b/tests/integration/tests/test_util/harness/lxd.py index 9081aaed2..757c17cb6 100644 --- a/tests/integration/tests/test_util/harness/lxd.py +++ b/tests/integration/tests/test_util/harness/lxd.py @@ -228,9 +228,17 @@ def delete_instance(self, instance_id: str): raise HarnessError(f"unknown instance {instance_id}") try: - run(["lxc", "rm", instance_id, "--force"]) + # There are cases where the instance is not deleted properly and this command is stuck. + # A timeout prevents this. + # TODO(ben): This is a workaround for an issue that arises because of our use of + # privileged containers. We eventually move away from this (not supported >24.10) + # which should also fix this issue and make this timeout unnecessary. + run(["lxc", "rm", instance_id, "--force"], timeout=60 * 5) except subprocess.CalledProcessError as e: raise HarnessError(f"failed to delete instance {instance_id}") from e + except subprocess.TimeoutExpired: + LOG.warning("LXC container removal timed out.") + pass self.instances.discard(instance_id) From 577a5ffea262171718c4077323d0058004f8d5d4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 24 Oct 2024 09:04:33 -0500 Subject: [PATCH 073/122] [main] Update component versions (#760) Co-authored-by: neoaggelos <1888650+neoaggelos@users.noreply.github.com> --- build-scripts/components/kubernetes/version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-scripts/components/kubernetes/version b/build-scripts/components/kubernetes/version index 085dad940..2aa75271e 100644 --- a/build-scripts/components/kubernetes/version +++ b/build-scripts/components/kubernetes/version @@ -1 +1 @@ -v1.31.1 +v1.31.2 From 687df33b6aa71c151000366eaac549413d93e323 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Thu, 24 Oct 2024 19:12:57 +0200 Subject: [PATCH 074/122] Replace Cilium LoadBalancer with MetalLB (#755) --- .../k8sd/features/implementation_default.go | 6 ++- tests/integration/tests/conftest.py | 12 +++++ tests/integration/tests/test_gateway.py | 39 ++++++++++++++- tests/integration/tests/test_ingress.py | 50 +++++++++++++++++++ tests/integration/tests/test_loadbalancer.py | 35 ++----------- tests/integration/tests/test_util/util.py | 29 ++++++++++- 6 files changed, 135 insertions(+), 36 deletions(-) diff --git a/src/k8s/pkg/k8sd/features/implementation_default.go b/src/k8s/pkg/k8sd/features/implementation_default.go index b78a67fae..3cad3e3b6 100644 --- a/src/k8s/pkg/k8sd/features/implementation_default.go +++ b/src/k8s/pkg/k8sd/features/implementation_default.go @@ -4,18 +4,20 @@ import ( "github.com/canonical/k8s/pkg/k8sd/features/cilium" "github.com/canonical/k8s/pkg/k8sd/features/coredns" "github.com/canonical/k8s/pkg/k8sd/features/localpv" + "github.com/canonical/k8s/pkg/k8sd/features/metallb" metrics_server "github.com/canonical/k8s/pkg/k8sd/features/metrics-server" ) // Default implements the Canonical Kubernetes built-in features. -// Cilium is used for networking (network + load-balancer + ingress + gateway). +// Cilium is used for networking (network + ingress + gateway). +// MetalLB is used for LoadBalancer. // CoreDNS is used for DNS. // MetricsServer is used for metrics-server. // LocalPV Rawfile CSI is used for local-storage. var Implementation Interface = &implementation{ applyDNS: coredns.ApplyDNS, applyNetwork: cilium.ApplyNetwork, - applyLoadBalancer: cilium.ApplyLoadBalancer, + applyLoadBalancer: metallb.ApplyLoadBalancer, applyIngress: cilium.ApplyIngress, applyGateway: cilium.ApplyGateway, applyMetricsServer: metrics_server.ApplyMetricsServer, diff --git a/tests/integration/tests/conftest.py b/tests/integration/tests/conftest.py index 14057a0eb..20164d3b9 100644 --- a/tests/integration/tests/conftest.py +++ b/tests/integration/tests/conftest.py @@ -216,7 +216,19 @@ def session_instance( bootstrap_config_path, ) + instance_default_ip = util.get_default_ip(instance) + instance.exec(["k8s", "bootstrap", "--file", bootstrap_config_path]) + instance_default_cidr = util.get_default_cidr(instance, instance_default_ip) + + lb_cidr = util.find_suitable_cidr( + parent_cidr=instance_default_cidr, + excluded_ips=[instance_default_ip], + ) + + instance.exec( + ["k8s", "set", f"load-balancer.cidrs={lb_cidr}", "load-balancer.l2-mode=true"] + ) util.wait_until_k8s_ready(instance, [instance]) util.wait_for_network(instance) util.wait_for_dns(instance) diff --git a/tests/integration/tests/test_gateway.py b/tests/integration/tests/test_gateway.py index 9770af46f..dd5f33ba0 100644 --- a/tests/integration/tests/test_gateway.py +++ b/tests/integration/tests/test_gateway.py @@ -3,6 +3,8 @@ # import json import logging +import subprocess +import time from pathlib import Path from test_util import harness, util @@ -36,6 +38,34 @@ def get_gateway_service_node_port(p): return None +def get_external_service_ip(instance: harness.Instance) -> str: + try_count = 0 + gateway_ip = None + while gateway_ip is None and try_count < 5: + try_count += 1 + try: + gateway_ip = ( + instance.exec( + [ + "k8s", + "kubectl", + "get", + "gateway", + "my-gateway", + "-o=jsonpath='{.status.addresses[0].value}'", + ], + capture_output=True, + ) + .stdout.decode() + .replace("'", "") + ) + except subprocess.CalledProcessError: + gateway_ip = None + pass + time.sleep(3) + return gateway_ip + + def test_gateway(session_instance: harness.Instance): manifest = MANIFESTS_DIR / "gateway-test.yaml" session_instance.exec( @@ -73,8 +103,15 @@ def test_gateway(session_instance: harness.Instance): ) gateway_http_port = get_gateway_service_node_port(result) - assert gateway_http_port is not None, "No ingress nodePort found." + assert gateway_http_port is not None, "No Gateway nodePort found." + # Test the Gateway service via loadbalancer IP. util.stubbornly(retries=5, delay_s=5).on(session_instance).until( lambda p: "Welcome to nginx!" in p.stdout.decode() ).exec(["curl", f"localhost:{gateway_http_port}"]) + + gateway_ip = get_external_service_ip(session_instance) + assert gateway_ip is not None, "No Gateway IP found." + util.stubbornly(retries=5, delay_s=5).on(session_instance).until( + lambda p: "Welcome to nginx!" in p.stdout.decode() + ).exec(["curl", f"{gateway_ip}", "-H", "Host: foo.bar.com"]) diff --git a/tests/integration/tests/test_ingress.py b/tests/integration/tests/test_ingress.py index f2cccc61c..ad8a9541e 100644 --- a/tests/integration/tests/test_ingress.py +++ b/tests/integration/tests/test_ingress.py @@ -3,6 +3,8 @@ # import json import logging +import subprocess +import time from pathlib import Path from typing import List @@ -35,6 +37,41 @@ def get_ingress_service_node_port(p): return None +def get_external_service_ip(instance: harness.Instance, service_namespace) -> str: + try_count = 0 + ingress_ip = None + while ingress_ip is None and try_count < 5: + try_count += 1 + for svcns in service_namespace: + svc = svcns["service"] + namespace = svcns["namespace"] + try: + ingress_ip = ( + instance.exec( + [ + "k8s", + "kubectl", + "--namespace", + namespace, + "get", + "service", + svc, + "-o=jsonpath='{.status.loadBalancer.ingress[0].ip}'", + ], + capture_output=True, + ) + .stdout.decode() + .replace("'", "") + ) + if ingress_ip is not None: + return ingress_ip + except subprocess.CalledProcessError: + ingress_ip = None + pass + time.sleep(3) + return ingress_ip + + def test_ingress(session_instance: List[harness.Instance]): result = ( @@ -77,3 +114,16 @@ def test_ingress(session_instance: List[harness.Instance]): util.stubbornly(retries=5, delay_s=5).on(session_instance).until( lambda p: "Welcome to nginx!" in p.stdout.decode() ).exec(["curl", f"localhost:{ingress_http_port}", "-H", "Host: foo.bar.com"]) + + # Test the ingress service via loadbalancer IP + ingress_ip = get_external_service_ip( + session_instance, + [ + {"service": "ck-ingress-contour-envoy", "namespace": "projectcontour"}, + {"service": "cilium-ingress", "namespace": "kube-system"}, + ], + ) + assert ingress_ip is not None, "No ingress IP found." + util.stubbornly(retries=5, delay_s=5).on(session_instance).until( + lambda p: "Welcome to nginx!" in p.stdout.decode() + ).exec(["curl", f"{ingress_ip}", "-H", "Host: foo.bar.com"]) diff --git a/tests/integration/tests/test_loadbalancer.py b/tests/integration/tests/test_loadbalancer.py index 9f882d7ed..97fb69e88 100644 --- a/tests/integration/tests/test_loadbalancer.py +++ b/tests/integration/tests/test_loadbalancer.py @@ -1,7 +1,6 @@ # # Copyright 2024 Canonical, Ltd. # -import ipaddress import logging from pathlib import Path from typing import List @@ -13,29 +12,6 @@ LOG = logging.getLogger(__name__) -def find_suitable_cidr(parent_cidr: str, excluded_ips: List[str]): - net = ipaddress.IPv4Network(parent_cidr, False) - - # Starting from the first IP address from the parent cidr, - # we search for a /30 cidr block(4 total ips, 2 available) - # that doesn't contain the excluded ips to avoid collisions - # /30 because this is the smallest CIDR cilium hands out IPs from - for i in range(4, 255, 4): - lb_net = ipaddress.IPv4Network(f"{str(net[0]+i)}/30", False) - - contains_excluded = False - for excluded in excluded_ips: - if ipaddress.ip_address(excluded) in lb_net: - contains_excluded = True - break - - if contains_excluded: - continue - - return str(lb_net) - raise RuntimeError("Could not find a suitable CIDR for LoadBalancer services") - - @pytest.mark.node_count(2) def test_loadbalancer(instances: List[harness.Instance]): instance = instances[0] @@ -47,7 +23,7 @@ def test_loadbalancer(instances: List[harness.Instance]): instance_default_cidr = util.get_default_cidr(instance, instance_default_ip) - lb_cidr = find_suitable_cidr( + lb_cidr = util.find_suitable_cidr( parent_cidr=instance_default_cidr, excluded_ips=[instance_default_ip, tester_instance_default_ip], ) @@ -107,9 +83,6 @@ def test_loadbalancer(instances: List[harness.Instance]): ) service_ip = p.stdout.decode().replace("'", "") - p = tester_instance.exec( - ["curl", service_ip], - capture_output=True, - ) - - assert "Welcome to nginx!" in p.stdout.decode() + util.stubbornly(retries=5, delay_s=3).on(tester_instance).until( + lambda p: "Welcome to nginx!" in p.stdout.decode() + ).exec(["curl", service_ip]) diff --git a/tests/integration/tests/test_util/util.py b/tests/integration/tests/test_util/util.py index 69751098f..cb09b8c6e 100644 --- a/tests/integration/tests/test_util/util.py +++ b/tests/integration/tests/test_util/util.py @@ -1,6 +1,7 @@ # # Copyright 2024 Canonical, Ltd. # +import ipaddress import json import logging import re @@ -216,12 +217,12 @@ def wait_until_k8s_ready( def wait_for_dns(instance: harness.Instance): LOG.info("Waiting for DNS to be ready") - instance.exec(["k8s", "x-wait-for", "dns"]) + instance.exec(["k8s", "x-wait-for", "dns", "--timeout", "20m"]) def wait_for_network(instance: harness.Instance): LOG.info("Waiting for network to be ready") - instance.exec(["k8s", "x-wait-for", "network"]) + instance.exec(["k8s", "x-wait-for", "network", "--timeout", "20m"]) def hostname(instance: harness.Instance) -> str: @@ -432,3 +433,27 @@ def _maj_min(version: str): track = f"{maj_min[0]}.{maj_min[1]}" + (flavor_track and f"-{flavor_track}") LOG.info("Previous track for %s is from track: %s", snap_version, track) return track + + +def find_suitable_cidr(parent_cidr: str, excluded_ips: List[str]): + """Find a suitable CIDR for LoadBalancer services""" + net = ipaddress.IPv4Network(parent_cidr, False) + + # Starting from the first IP address from the parent cidr, + # we search for a /30 cidr block(4 total ips, 2 available) + # that doesn't contain the excluded ips to avoid collisions + # /30 because this is the smallest CIDR cilium hands out IPs from + for i in range(4, 255, 4): + lb_net = ipaddress.IPv4Network(f"{str(net[0]+i)}/30", False) + + contains_excluded = False + for excluded in excluded_ips: + if ipaddress.ip_address(excluded) in lb_net: + contains_excluded = True + break + + if contains_excluded: + continue + + return str(lb_net) + raise RuntimeError("Could not find a suitable CIDR for LoadBalancer services") From 13875acedd8a8f32de964926b208b6eb644dc770 Mon Sep 17 00:00:00 2001 From: Lucian Petrut Date: Wed, 6 Nov 2024 13:55:12 +0200 Subject: [PATCH 075/122] Fix certificate refresh and add e2e tests (#766) --- src/k8s/pkg/k8sd/api/certificates_refresh.go | 54 ++++++++++-- .../k8sd/controllers/csrsigning/reconcile.go | 22 +++-- .../k8sd/controllers/csrsigning/validate.go | 8 +- .../controllers/csrsigning/validate_test.go | 5 +- tests/integration/requirements-test.txt | 1 + .../templates/bootstrap-csr-auto-approve.yaml | 9 ++ tests/integration/tests/test_clustering.py | 88 +++++++++++++++++++ tests/integration/tox.ini | 2 +- 8 files changed, 172 insertions(+), 17 deletions(-) create mode 100644 tests/integration/templates/bootstrap-csr-auto-approve.yaml diff --git a/src/k8s/pkg/k8sd/api/certificates_refresh.go b/src/k8s/pkg/k8sd/api/certificates_refresh.go index beb519752..c94f33433 100644 --- a/src/k8s/pkg/k8sd/api/certificates_refresh.go +++ b/src/k8s/pkg/k8sd/api/certificates_refresh.go @@ -2,10 +2,14 @@ package api import ( "context" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" "crypto/x509/pkix" + "encoding/base64" "fmt" "math" - "math/rand" + "math/big" "net" "net/http" "path/filepath" @@ -29,7 +33,11 @@ import ( ) func (e *Endpoints) postRefreshCertsPlan(s state.State, r *http.Request) response.Response { - seed := rand.Intn(math.MaxInt) + seedBigInt, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt)) + if err != nil { + return response.InternalError(fmt.Errorf("failed to generate seed: %w", err)) + } + seed := int(seedBigInt.Int64()) snap := e.provider.Snap() isWorker, err := snaputil.IsWorker(snap) @@ -216,6 +224,18 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo certificates.CACert = clusterConfig.Certificates.GetCACert() certificates.ClientCACert = clusterConfig.Certificates.GetClientCACert() + k8sdPublicKey, err := pkiutil.LoadRSAPublicKey(clusterConfig.Certificates.GetK8sdPublicKey()) + if err != nil { + return response.InternalError(fmt.Errorf("failed to load k8sd public key, error: %w", err)) + } + + hostnames := []string{snap.Hostname()} + ips := []net.IP{net.ParseIP(s.Address().Hostname())} + + extraIPs, extraNames := utils.SplitIPAndDNSSANs(req.ExtraSANs) + hostnames = append(hostnames, extraNames...) + ips = append(ips, extraIPs...) + g, ctx := errgroup.WithContext(r.Context()) for _, csr := range []struct { @@ -234,8 +254,8 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo commonName: fmt.Sprintf("system:node:%s", snap.Hostname()), organization: []string{"system:nodes"}, usages: []certv1.KeyUsage{certv1.UsageDigitalSignature, certv1.UsageKeyEncipherment, certv1.UsageServerAuth}, - hostnames: []string{snap.Hostname()}, - ips: []net.IP{net.ParseIP(s.Address().Hostname())}, + hostnames: hostnames, + ips: ips, signerName: "k8sd.io/kubelet-serving", certificate: &certificates.KubeletCert, key: &certificates.KubeletKey, @@ -272,14 +292,34 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo return fmt.Errorf("failed to generate CSR for %s: %w", csr.name, err) } + // Obtain the SHA256 sum of the CSR request. + hash := sha256.New() + _, err = hash.Write([]byte(csrPEM)) + if err != nil { + return fmt.Errorf("failed to checksum CSR %s, err: %w", csr.name, err) + } + + signature, err := rsa.EncryptPKCS1v15(rand.Reader, k8sdPublicKey, hash.Sum(nil)) + if err != nil { + return fmt.Errorf("failed to sign CSR %s, err: %w", csr.name, err) + } + signatureB64 := base64.StdEncoding.EncodeToString(signature) + + expirationSeconds := int32(req.ExpirationSeconds) + if _, err = client.CertificatesV1().CertificateSigningRequests().Create(ctx, &certv1.CertificateSigningRequest{ ObjectMeta: metav1.ObjectMeta{ Name: csr.name, + Annotations: map[string]string{ + "k8sd.io/signature": signatureB64, + "k8sd.io/node": snap.Hostname(), + }, }, Spec: certv1.CertificateSigningRequestSpec{ - Request: []byte(csrPEM), - Usages: csr.usages, - SignerName: csr.signerName, + Request: []byte(csrPEM), + ExpirationSeconds: &expirationSeconds, + Usages: csr.usages, + SignerName: csr.signerName, }, }, metav1.CreateOptions{}); err != nil { return fmt.Errorf("failed to create CSR for %s: %w", csr.name, err) diff --git a/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile.go b/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile.go index 95ccbbb95..779f10777 100644 --- a/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile.go +++ b/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile.go @@ -9,6 +9,7 @@ import ( "fmt" "time" + "github.com/canonical/k8s/pkg/utils" pkiutil "github.com/canonical/k8s/pkg/utils/pki" certv1 "k8s.io/api/certificates/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -96,6 +97,15 @@ func (r *csrSigningReconciler) Reconcile(ctx context.Context, req ctrl.Request) return ctrl.Result{}, err } + notBefore := time.Now() + var notAfter time.Time + + if obj.Spec.ExpirationSeconds != nil { + notAfter = utils.SecondsToExpirationDate(notBefore, int(*obj.Spec.ExpirationSeconds)) + } else { + notAfter = time.Now().AddDate(10, 0, 0) + } + var crtPEM []byte switch obj.Spec.SignerName { case "k8sd.io/kubelet-serving": @@ -114,8 +124,8 @@ func (r *csrSigningReconciler) Reconcile(ctx context.Context, req ctrl.Request) CommonName: obj.Spec.Username, Organization: obj.Spec.Groups, }, - NotBefore: time.Now(), - NotAfter: time.Now().AddDate(10, 0, 0), // TODO: expiration date from obj, or config + NotBefore: notBefore, + NotAfter: notAfter, IPAddresses: certRequest.IPAddresses, DNSNames: certRequest.DNSNames, BasicConstraintsValid: true, @@ -149,8 +159,8 @@ func (r *csrSigningReconciler) Reconcile(ctx context.Context, req ctrl.Request) CommonName: obj.Spec.Username, Organization: obj.Spec.Groups, }, - NotBefore: time.Now(), - NotAfter: time.Now().AddDate(10, 0, 0), // TODO: expiration date from obj, or config + NotBefore: notBefore, + NotAfter: notAfter, BasicConstraintsValid: true, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, @@ -181,8 +191,8 @@ func (r *csrSigningReconciler) Reconcile(ctx context.Context, req ctrl.Request) Subject: pkix.Name{ CommonName: "system:kube-proxy", }, - NotBefore: time.Now(), - NotAfter: time.Now().AddDate(10, 0, 0), // TODO: expiration date from obj, or config + NotBefore: notBefore, + NotAfter: notAfter, BasicConstraintsValid: true, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, diff --git a/src/k8s/pkg/k8sd/controllers/csrsigning/validate.go b/src/k8s/pkg/k8sd/controllers/csrsigning/validate.go index d3d9df0a9..4e0c9b414 100644 --- a/src/k8s/pkg/k8sd/controllers/csrsigning/validate.go +++ b/src/k8s/pkg/k8sd/controllers/csrsigning/validate.go @@ -4,6 +4,7 @@ import ( "crypto/rsa" "crypto/sha256" "crypto/subtle" + "encoding/base64" "fmt" "github.com/canonical/k8s/pkg/utils" @@ -21,7 +22,12 @@ func validateCSR(obj *certv1.CertificateSigningRequest, priv *rsa.PrivateKey) er return fmt.Errorf("failed to parse x509 certificate request: %w", err) } - encryptedSignature := obj.Annotations["k8sd.io/signature"] + encryptedSignatureB64 := obj.Annotations["k8sd.io/signature"] + encryptedSignature, err := base64.StdEncoding.DecodeString(encryptedSignatureB64) + if err != nil { + return fmt.Errorf("failed to decode b64 signature: %w", err) + } + signature, err := rsa.DecryptPKCS1v15(nil, priv, []byte(encryptedSignature)) if err != nil { return fmt.Errorf("failed to decrypt signature: %w", err) diff --git a/src/k8s/pkg/k8sd/controllers/csrsigning/validate_test.go b/src/k8s/pkg/k8sd/controllers/csrsigning/validate_test.go index 7c806a484..7e9a919a8 100644 --- a/src/k8s/pkg/k8sd/controllers/csrsigning/validate_test.go +++ b/src/k8s/pkg/k8sd/controllers/csrsigning/validate_test.go @@ -5,6 +5,7 @@ import ( "crypto/rsa" "crypto/sha256" "crypto/x509/pkix" + "encoding/base64" "testing" pkiutil "github.com/canonical/k8s/pkg/utils/pki" @@ -93,7 +94,7 @@ func TestValidateCSREncryption(t *testing.T) { }, }, expectErr: true, - expectErrMessage: "failed to decrypt signature", + expectErrMessage: "failed to decode b64 signature", }, { name: "Missing Signature", @@ -219,5 +220,5 @@ func mustCreateEncryptedSignature(g Gomega, pub *rsa.PublicKey, csrPEM string) s signature, err := rsa.EncryptPKCS1v15(rand.Reader, pub, hash.Sum(nil)) g.Expect(err).NotTo(HaveOccurred()) - return string(signature) + return base64.StdEncoding.EncodeToString(signature) } diff --git a/tests/integration/requirements-test.txt b/tests/integration/requirements-test.txt index 91282e09c..0fcd9c093 100644 --- a/tests/integration/requirements-test.txt +++ b/tests/integration/requirements-test.txt @@ -3,3 +3,4 @@ pytest==7.3.1 PyYAML==6.0.1 tenacity==8.2.3 pylint==3.2.5 +cryptography==43.0.3 diff --git a/tests/integration/templates/bootstrap-csr-auto-approve.yaml b/tests/integration/templates/bootstrap-csr-auto-approve.yaml new file mode 100644 index 000000000..43fe77c98 --- /dev/null +++ b/tests/integration/templates/bootstrap-csr-auto-approve.yaml @@ -0,0 +1,9 @@ +cluster-config: + network: + enabled: true + dns: + enabled: true + metrics-server: + enabled: true + annotations: + k8sd/v1alpha1/csrsigning/auto-approve: true diff --git a/tests/integration/tests/test_clustering.py b/tests/integration/tests/test_clustering.py index a77e3f9c5..8235e56cf 100644 --- a/tests/integration/tests/test_clustering.py +++ b/tests/integration/tests/test_clustering.py @@ -1,10 +1,16 @@ # # Copyright 2024 Canonical, Ltd. # +import datetime import logging +import os +import subprocess +import tempfile from typing import List import pytest +from cryptography import x509 +from cryptography.hazmat.backends import default_backend from test_util import config, harness, util LOG = logging.getLogger(__name__) @@ -228,3 +234,85 @@ def test_join_with_custom_token_name(instances: List[harness.Instance]): cluster_node.exec(["k8s", "remove-node", joining_cp_with_hostname.id]) nodes = util.ready_nodes(cluster_node) assert len(nodes) == 1, "cp node with hostname should be removed from the cluster" + + +@pytest.mark.node_count(2) +@pytest.mark.bootstrap_config( + (config.MANIFESTS_DIR / "bootstrap-csr-auto-approve.yaml").read_text() +) +def test_cert_refresh(instances: List[harness.Instance]): + cluster_node = instances[0] + joining_worker = instances[1] + + join_token_worker = util.get_join_token(cluster_node, joining_worker, "--worker") + util.join_cluster(joining_worker, join_token_worker) + + util.wait_until_k8s_ready(cluster_node, instances) + nodes = util.ready_nodes(cluster_node) + assert len(nodes) == 2, "nodes should have joined cluster" + + assert "control-plane" in util.get_local_node_status(cluster_node) + assert "worker" in util.get_local_node_status(joining_worker) + + extra_san = "test_san.local" + + def _check_cert(instance, cert_fname): + # Ensure that the certificate was refreshed, having the right expiry date + # and extra SAN. + cert_dir = _get_k8s_cert_dir(instance) + cert_path = os.path.join(cert_dir, cert_fname) + + cert = _get_instance_cert(instance, cert_path) + date = datetime.datetime.now() + assert (cert.not_valid_after - date).days in (364, 365) + + san = cert.extensions.get_extension_for_class(x509.SubjectAlternativeName) + san_dns_names = san.value.get_values_for_type(x509.DNSName) + assert extra_san in san_dns_names + + joining_worker.exec( + ["k8s", "refresh-certs", "--expires-in", "1y", "--extra-sans", extra_san] + ) + + _check_cert(joining_worker, "kubelet.crt") + + cluster_node.exec( + ["k8s", "refresh-certs", "--expires-in", "1y", "--extra-sans", extra_san] + ) + + _check_cert(cluster_node, "kubelet.crt") + _check_cert(cluster_node, "apiserver.crt") + + # Ensure that the services come back online after refreshing the certificates. + util.wait_until_k8s_ready(cluster_node, instances) + + +def _get_k8s_cert_dir(instance: harness.Instance): + tested_paths = [ + "/etc/kubernetes/pki/", + "/var/snap/k8s/common/etc/kubernetes/pki/", + ] + for path in tested_paths: + if _instance_path_exists(instance, path): + return path + + raise Exception("Could not find k8s certificates dir.") + + +def _instance_path_exists(instance: harness.Instance, remote_path: str): + try: + instance.exec(["ls", remote_path]) + return True + except subprocess.CalledProcessError: + return False + + +def _get_instance_cert( + instance: harness.Instance, remote_path: str +) -> x509.Certificate: + with tempfile.NamedTemporaryFile() as fp: + instance.pull_file(remote_path, fp.name) + + pem = fp.read() + cert = x509.load_pem_x509_certificate(pem, default_backend()) + return cert diff --git a/tests/integration/tox.ini b/tests/integration/tox.ini index b59d696d7..1b33bcda9 100644 --- a/tests/integration/tox.ini +++ b/tests/integration/tox.ini @@ -46,6 +46,6 @@ passenv = [flake8] max-line-length = 120 select = E,W,F,C,N -ignore = W503 +ignore = W503,E231,E226 exclude = venv,.git,.tox,.tox_env,.venv,build,dist,*.egg_info show-source = true From c871eb9e7f46832e156ff5c8c11b4cadb644b0f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berkay=20Tekin=20=C3=96z?= Date: Wed, 6 Nov 2024 15:20:54 +0300 Subject: [PATCH 076/122] Add feature annotations to the reference page (#759) --------- Co-authored-by: Louise K. Schmidtgen --- docs/src/snap/reference/annotations.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/docs/src/snap/reference/annotations.md b/docs/src/snap/reference/annotations.md index 854fe278c..a825c0f4d 100644 --- a/docs/src/snap/reference/annotations.md +++ b/docs/src/snap/reference/annotations.md @@ -8,6 +8,28 @@ the bootstrap configuration. |---------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------| | `k8sd/v1alpha/lifecycle/skip-cleanup-kubernetes-node-on-remove` | If set, only microcluster and file cleanup are performed. This is helpful when an external controller (e.g., CAPI) manages the Kubernetes node lifecycle. By default, k8sd will remove the Kubernetes node when it is removed from the cluster. | "true"\|"false" | | `k8sd/v1alpha/lifecycle/skip-stop-services-on-remove` | If set, the k8s services will not be stopped on the leaving node when removing the node. This is helpful when an external controller (e.g., CAPI) manages the Kubernetes node lifecycle. By default, all services are stopped on leaving nodes. | "true"\|"false" | +| `k8sd/v1alpha1/csrsigning/auto-approve` | If set, certificate signing requests created by worker nodes are auto approved. | "true"\|"false" | +| `k8sd/v1alpha1/calico/apiserver-enabled` | Enable the installation of the Calico API server to enable management of Calico APIs using kubectl. | "true"\|"false" | +| `k8sd/v1alpha1/calico/encapsulation-v4` | The type of encapsulation to use on the IPv4 pool. | "IPIP"\|"VXLAN"\|"IPIPCrossSubnet"\|"VXLANCrossSubnet"\|"None" | +| `k8sd/v1alpha1/calico/encapsulation-v6` | The type of encapsulation to use on the IPv6 pool. | "IPIP"\|"VXLAN"\|"IPIPCrossSubnet"\|"VXLANCrossSubnet"\|"None" | +| `k8sd/v1alpha1/calico/autodetection-v4/firstFound` | Use default interface matching parameters to select an interface, performing best-effort filtering based on well-known interface names. | "true"\|"false" | +| `k8sd/v1alpha1/calico/autodetection-v4/kubernetes` | Configure Calico to detect node addresses based on the Kubernetes API. | "NodeInternalIP" | +| `k8sd/v1alpha1/calico/autodetection-v4/interface` | Enable IP auto-detection based on interfaces that match the given regex. | string | +| `k8sd/v1alpha1/calico/autodetection-v4/skipInterface` | Enable IP auto-detection based on interfaces that do not match the given regex. | string | +| `k8sd/v1alpha1/calico/autodetection-v4/canReach` | Enable IP auto-detection based on which source address on the node is used to reach the specified IP or domain. | string | +| `k8sd/v1alpha1/calico/autodetection-v4/cidrs` | Enable IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs. | []string (comma separated) | +| `k8sd/v1alpha1/calico/autodetection-v6/firstFound` | Use default interface matching parameters to select an interface, performing best-effort filtering based on well-known interface names. | "true"\|"false" | +| `k8sd/v1alpha1/calico/autodetection-v6/kubernetes` | Configure Calico to detect node addresses based on the Kubernetes API. | "NodeInternalIP" | +| `k8sd/v1alpha1/calico/autodetection-v6/interface` | Enable IP auto-detection based on interfaces that match the given regex. | string | +| `k8sd/v1alpha1/calico/autodetection-v6/skipInterface` | Enable IP auto-detection based on interfaces that do not match the given regex. | string | +| `k8sd/v1alpha1/calico/autodetection-v6/canReach` | Enable IP auto-detection based on which source address on the node is used to reach the specified IP or domain. | string | +| `k8sd/v1alpha1/calico/autodetection-v6/cidrs` | Enable IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs. | []string (comma separated) | +| `k8sd/v1alpha1/cilium/devices` | List of devices facing cluster/external network (used for BPF NodePort, BPF masquerading and host firewall); supports `+` as wildcard in device name, e.g. `eth+,ens+` | string | +| `k8sd/v1alpha1/cilium/direct-routing-device` | Device name used to connect nodes in direct routing mode (used by BPF NodePort, BPF host routing); if empty, automatically set to a device with k8s InternalIP/ExternalIP or with a default route. Bridge type devices are ignored in automatic selection | string | +| `k8sd/v1alpha1/cilium/vlan-bpf-bypass` | Comma separated list of VLAN tags to bypass eBPF filtering on native devices. Cilium enables firewalling on native devices and filters all unknown traffic, including VLAN 802.1q packets, which pass through the main device with the associated tag (e.g., VLAN device eth0.4000 and its main interface eth0). Supports `0` as wildcard for bypassing all VLANs. e.g. `4001,4002` | []string | +| `k8sd/v1alpha1/metrics-server/image-repo` | Override the default image repository for the metrics-server. | string | +| `k8sd/v1alpha1/metrics-server/image-tag` | Override the default image tag for the metrics-server. | string | + From 7cce595d0b4325077ef8585e04a7696802d94466 Mon Sep 17 00:00:00 2001 From: Adam Dyess Date: Thu, 7 Nov 2024 08:31:42 -0600 Subject: [PATCH 077/122] Update the snap version of via upstream .go-version (#762) --- .../hack/update-component-versions.py | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/build-scripts/hack/update-component-versions.py b/build-scripts/hack/update-component-versions.py index 71f7b71d7..88eee17d8 100755 --- a/build-scripts/hack/update-component-versions.py +++ b/build-scripts/hack/update-component-versions.py @@ -15,13 +15,17 @@ import sys import yaml from pathlib import Path +import re import util +import urllib.request + logging.basicConfig(level=logging.INFO) LOG = logging.getLogger(__name__) DIR = Path(__file__).absolute().parent +SNAPCRAFT = DIR.parent.parent / "snap/snapcraft.yaml" COMPONENTS = DIR.parent / "components" CHARTS = DIR.parent.parent / "k8s" / "manifests" / "charts" @@ -125,6 +129,8 @@ def update_component_versions(dry_run: bool): if not dry_run: Path(path).write_text(version.strip() + "\n") + update_go_version(dry_run) + for component, pull_helm_chart in [ ("bitnami/contour", pull_contour_chart), ("metallb", pull_metallb_chart), @@ -134,6 +140,25 @@ def update_component_versions(dry_run: bool): pull_helm_chart() +def update_go_version(dry_run: bool): + k8s_version = (COMPONENTS / "kubernetes/version").read_text().strip() + url = f"https://raw.githubusercontent.com/kubernetes/kubernetes/refs/tags/{k8s_version}/.go-version" + with urllib.request.urlopen(url) as response: + go_version = response.read().decode("utf-8").strip() + + LOG.info("Upstream go version is %s", go_version) + go_snap = f'go/{".".join(go_version.split(".")[:2])}/stable' + snapcraft_yaml = SNAPCRAFT.read_text() + if f"- {go_snap}" in snapcraft_yaml: + LOG.info("snapcraft.yaml already contains go version %s", go_snap) + return + + LOG.info("Update go snap version to %s in %s", go_snap, SNAPCRAFT) + if not dry_run: + updated = re.sub(r"- go/\d+\.\d+/stable", f"- {go_snap}", snapcraft_yaml) + SNAPCRAFT.write_text(updated) + + def main(): parser = argparse.ArgumentParser( "update-component-versions.py", usage=USAGE, description=DESCRIPTION From 851387c2823e630c9d9c7b4029b54391f12fd761 Mon Sep 17 00:00:00 2001 From: Mateo Florido <32885896+mateoflorido@users.noreply.github.com> Date: Thu, 7 Nov 2024 09:35:08 -0500 Subject: [PATCH 078/122] Add How-To Refresh Certificates (CAPI) (#765) Add How-To Refresh Certificates for Control Plane and Worker nodes in CAPI --- docs/src/capi/howto/index.md | 1 + docs/src/capi/howto/refresh-certs.md | 107 +++++++++++++++++++++++++++ 2 files changed, 108 insertions(+) create mode 100644 docs/src/capi/howto/refresh-certs.md diff --git a/docs/src/capi/howto/index.md b/docs/src/capi/howto/index.md index b05a55fa4..49fec0c83 100644 --- a/docs/src/capi/howto/index.md +++ b/docs/src/capi/howto/index.md @@ -20,6 +20,7 @@ in-place-upgrades upgrade-providers migrate-management custom-ck8s +refresh-certs ``` --- diff --git a/docs/src/capi/howto/refresh-certs.md b/docs/src/capi/howto/refresh-certs.md new file mode 100644 index 000000000..9f8d3347d --- /dev/null +++ b/docs/src/capi/howto/refresh-certs.md @@ -0,0 +1,107 @@ +# Refreshing Workload Cluster Certificates + +This how-to will walk you through the steps to refresh the certificates for +both control plane and worker nodes in your {{product}} Cluster API cluster. + +## Prerequisites + +- A Kubernetes management cluster with Cluster API and Canonical K8s providers + installed and configured. +- A target workload cluster managed by Cluster API. +- `kubectl` installed and configured to access your management cluster. + +Please refer to the [getting-started guide][getting-started] for further +details on the required setup. +This guide refers to the workload cluster as `c1`. + +```{note} To refresh the certificates in your cluster, make sure it was +initially set up with self-signed certificates. You can verify this by +checking the `CK8sConfigTemplate` resource for the cluster to see if a +`BootstrapConfig` value was provided with the necessary certificates. +``` + +### Refresh Control Plane Node Certificates + +To refresh the certificates on control plane nodes, follow these steps for each +control plane node in your workload cluster: + +1. First, check the names of the control plane machines in your cluster: + +``` +clusterctl describe cluster c1 +``` + +2. For each control plane machine, annotate the machine resource with the +`v1beta2.k8sd.io/refresh-certificates` annotation. The value of the annotation +should specify the duration for which the certificates will be valid. For +example, to refresh the certificates for a control plane machine named +`c1-control-plane-nwlss` to expire in 10 years, run the following command: + +``` +kubectl annotate machine c1-control-plane-nwlss v1beta2.k8sd.io/refresh-certificates=10y +``` + +```{note} The value of the annotation can be specified in years (y), months +(mo), (d) days, or any unit accepted by the [ParseDuration] function in +Go. +``` + +The Cluster API provider will automatically refresh the certificates on the +control plane node and restart the necessary services. To track the progress of +the certificate refresh, check the events for the machine resource: + +``` +kubectl get events --field-selector involvedObject.name=c1-control-plane-nwlss +``` + +The machine will be ready once the event `CertificatesRefreshDone` is +displayed. + +3. After the certificate refresh is complete, the new expiration date will be +displayed in the `machine.cluster.x-k8s.io/certificates-expiry` annotation of +the machine resource: + +``` +"machine.cluster.x-k8s.io/certificates-expiry": "2034-10-25T14:25:23-05:00" +``` + +### Refresh Worker Node Certificates + +To refresh the certificates on worker nodes, follow these steps for each worker +node in your workload cluster: + +1. Check the names of the worker machines in your cluster: + +``` +clusterctl describe cluster c1 +``` + +2. Add the `v1beta2.k8sd.io/refresh-certificates` annotation to each worker +machine, specifying the desired certificate validity duration. For example, to +set the certificates for `c1-worker-md-0-4lxb7-msq44` to expire in 10 years: + +``` +kubectl annotate machine c1-worker-md-0-4lxb7-msq44 v1beta2.k8sd.io/refresh-certificates=10y +``` + +The ClusterAPI provider will handle the certificate refresh and restart +necessary services. Track the progress by checking the machine's events: + +``` +kubectl get events --field-selector involvedObject.name=c1-worker-md-0-4lxb7-msq44 +``` + +The machine will be ready once the event `CertificatesRefreshDone` is +displayed. + +3. After the certificate refresh is complete, the new expiration date will be +displayed in the `machine.cluster.x-k8s.io/certificates-expiry` annotation of +the machine resource: + +``` +"machine.cluster.x-k8s.io/certificates-expiry": "2034-10-25T14:33:04-05:00" +``` + + +[getting-started]: ../tutorial/getting-started.md +[ParseDuration]: https://pkg.go.dev/time#ParseDuration From 03149aa4925b8b91962ec961f9dc309789d7ae28 Mon Sep 17 00:00:00 2001 From: Nick Veitch Date: Thu, 7 Nov 2024 18:49:21 +0000 Subject: [PATCH 079/122] Doc build fix (#773) * fix docs building --- docs/canonicalk8s/.gitignore | 1 - docs/canonicalk8s/.readthedocs.yaml | 11 +- docs/canonicalk8s/.sphinx/requirements.txt | 23 ++ docs/canonicalk8s/Makefile.sp | 2 +- docs/canonicalk8s/conf-rtd.py | 254 +++++++++++++++++++++ docs/canonicalk8s/conf.py | 5 +- docs/canonicalk8s/custom_conf.py | 10 +- docs/{src => canonicalk8s}/index.md | 52 ++--- docs/src/capi/explanation/security.md | 2 +- docs/src/capi/index.md | 12 +- docs/src/capi/reference/configs.md | 2 +- docs/src/charm/explanation/index.md | 2 +- docs/src/charm/explanation/security.md | 2 +- docs/src/charm/reference/architecture.md | 2 +- docs/src/charm/reference/proxy.md | 2 +- docs/src/snap/explanation/index.md | 2 +- docs/src/snap/explanation/security.md | 2 +- docs/src/snap/howto/networking/index.md | 12 +- docs/src/snap/reference/community.md | 4 +- docs/src/snap/reference/proxy.md | 4 +- docs/src/snap/reference/releases.md | 8 +- 21 files changed, 352 insertions(+), 62 deletions(-) create mode 100644 docs/canonicalk8s/.sphinx/requirements.txt create mode 100644 docs/canonicalk8s/conf-rtd.py rename docs/{src => canonicalk8s}/index.md (67%) diff --git a/docs/canonicalk8s/.gitignore b/docs/canonicalk8s/.gitignore index 25a54f038..da6f688f1 100644 --- a/docs/canonicalk8s/.gitignore +++ b/docs/canonicalk8s/.gitignore @@ -1,6 +1,5 @@ /*env*/ .sphinx/venv/ -.sphinx/requirements.txt .sphinx/warnings.txt .sphinx/.wordlist.dic .sphinx/.doctrees/ diff --git a/docs/canonicalk8s/.readthedocs.yaml b/docs/canonicalk8s/.readthedocs.yaml index c6319b57f..6f30701e6 100644 --- a/docs/canonicalk8s/.readthedocs.yaml +++ b/docs/canonicalk8s/.readthedocs.yaml @@ -18,23 +18,26 @@ build: # If there are no changes (git diff exits with 0) we force the command to return with 183. # This is a special exit code on Read the Docs that will cancel the build immediately. - | + git fetch --unshallow || true if [ "$READTHEDOCS_VERSION_TYPE" = "external" ] && git diff --quiet origin/main -- docs/ .readthedocs.yaml; then exit 183; fi - + ls # Build documentation in the docs/ directory with Sphinx sphinx: builder: dirhtml - configuration: docs/canonicalk8s/conf.py + configuration: docs/canonicalk8s/conf-rtd.py # If using Sphinx, optionally build your docs in additional formats such as PDF -formats: - - pdf +# formats: +# - pdf # Optionally declare the Python requirements required to build your docs python: install: - requirements: docs/canonicalk8s/.sphinx/requirements.txt + + diff --git a/docs/canonicalk8s/.sphinx/requirements.txt b/docs/canonicalk8s/.sphinx/requirements.txt new file mode 100644 index 000000000..f7ac84204 --- /dev/null +++ b/docs/canonicalk8s/.sphinx/requirements.txt @@ -0,0 +1,23 @@ +# DO NOT MODIFY THIS FILE DIRECTLY! +# +# This file is generated automatically. +# Add custom requirements to the custom_required_modules +# array in the custom_conf.py file and run: +# make clean && make install +GitPython +canonical-sphinx-extensions +furo +linkify-it-py +myst-parser +pyspelling +sphinx +sphinx-autobuild +sphinx-copybutton +sphinx-design +sphinx-notfound-page +sphinx-tabs +sphinxcontrib-jquery +sphinxcontrib-svg2pdfconverter[CairoSVG] +sphinxcontrib.kroki +sphinxext-opengraph +watchfiles diff --git a/docs/canonicalk8s/Makefile.sp b/docs/canonicalk8s/Makefile.sp index 4dbfba2bd..6b98451f5 100644 --- a/docs/canonicalk8s/Makefile.sp +++ b/docs/canonicalk8s/Makefile.sp @@ -9,7 +9,7 @@ SPHINXDIR = .sphinx SPHINXOPTS ?= -c . -d $(SPHINXDIR)/.doctrees -j auto SPHINXBUILD ?= sphinx-build -SOURCEDIR = src +SOURCEDIR = . METRICSDIR = ./metrics BUILDDIR = ../_build VENVDIR = $(SPHINXDIR)/venv diff --git a/docs/canonicalk8s/conf-rtd.py b/docs/canonicalk8s/conf-rtd.py new file mode 100644 index 000000000..05d127f0d --- /dev/null +++ b/docs/canonicalk8s/conf-rtd.py @@ -0,0 +1,254 @@ +import sys +import os +import requests +from urllib.parse import urlparse +from git import Repo, InvalidGitRepositoryError +import time +import ast +import yaml + +sys.path.append('./') +from custom_conf import * +sys.path.append('.sphinx/') +from build_requirements import * + +# Configuration file for the Sphinx documentation builder. +# You should not do any modifications to this file. Put your custom +# configuration into the custom_conf.py file. +# If you need to change this file, contribute the changes upstream. +# +# For the full list of built-in configuration values, see the documentation: +# https://www.sphinx-doc.org/en/master/usage/configuration.html + +############################################################ +### Extensions +############################################################ + +extensions = [ + 'sphinx_design', + 'sphinx_copybutton', + 'sphinxcontrib.jquery', +] + +# Only add redirects extension if any redirects are specified. +if AreRedirectsDefined(): + extensions.append('sphinx_reredirects') + +# Only add myst extensions if any configuration is present. +if IsMyStParserUsed(): + extensions.append('myst_parser') + + # Additional MyST syntax + myst_enable_extensions = [ + 'substitution', + 'deflist', + 'linkify' + ] + myst_enable_extensions.extend(custom_myst_extensions) + +# Only add Open Graph extension if any configuration is present. +if IsOpenGraphConfigured(): + extensions.append('sphinxext.opengraph') + +extensions.extend(custom_extensions) +extensions = DeduplicateExtensions(extensions) + +### Configuration for extensions + +# Used for related links +if not 'discourse_prefix' in html_context and 'discourse' in html_context: + html_context['discourse_prefix'] = html_context['discourse'] + '/t/' + +# The URL prefix for the notfound extension depends on whether the documentation uses versions. +# For documentation on documentation.ubuntu.com, we also must add the slug. +url_version = '' +url_lang = '' + +# Determine if the URL uses versions and language +if 'READTHEDOCS_CANONICAL_URL' in os.environ and os.environ['READTHEDOCS_CANONICAL_URL']: + url_parts = os.environ['READTHEDOCS_CANONICAL_URL'].split('/') + + if len(url_parts) >= 2 and 'READTHEDOCS_VERSION' in os.environ and os.environ['READTHEDOCS_VERSION'] == url_parts[-2]: + url_version = url_parts[-2] + '/' + + if len(url_parts) >= 3 and 'READTHEDOCS_LANGUAGE' in os.environ and os.environ['READTHEDOCS_LANGUAGE'] == url_parts[-3]: + url_lang = url_parts[-3] + '/' + +# Set notfound_urls_prefix to the slug (if defined) and the version/language affix +if slug: + notfound_urls_prefix = '/' + slug + '/' + url_lang + url_version +elif len(url_lang + url_version) > 0: + notfound_urls_prefix = '/' + url_lang + url_version +else: + notfound_urls_prefix = '' + +notfound_context = { + 'title': 'Page not found', + 'body': '

Sorry, but the documentation page that you are looking for was not found.

\n\n

Documentation changes over time, and pages are moved around. We try to redirect you to the updated content where possible, but unfortunately, that didn\'t work this time (maybe because the content you were looking for does not exist in this version of the documentation).

\n

You can try to use the navigation to locate the content you\'re looking for, or search for a similar page.

\n', +} + +# Default image for OGP (to prevent font errors, see +# https://github.com/canonical/sphinx-docs-starter-pack/pull/54 ) +if not 'ogp_image' in locals(): + ogp_image = 'https://assets.ubuntu.com/v1/253da317-image-document-ubuntudocs.svg' + +############################################################ +### General configuration +############################################################ + +exclude_patterns = [ + '_build', + 'Thumbs.db', + '.DS_Store', + '.sphinx', +] +exclude_patterns.extend(custom_excludes) + +rst_epilog = ''' +.. include:: /reuse/links.txt +''' +if 'custom_rst_epilog' in locals(): + rst_epilog = custom_rst_epilog + +source_suffix = { + '.rst': 'restructuredtext', + '.md': 'markdown', +} + +if not 'conf_py_path' in html_context and 'github_folder' in html_context: + html_context['conf_py_path'] = html_context['github_folder'] + +# For ignoring specific links +linkcheck_anchors_ignore_for_url = [ + r'https://github\.com/.*' +] +linkcheck_anchors_ignore_for_url.extend(custom_linkcheck_anchors_ignore_for_url) + +# Tags cannot be added directly in custom_conf.py, so add them here +for tag in custom_tags: + tags.add(tag) + +# html_context['get_contribs'] is a function and cannot be +# cached (see https://github.com/sphinx-doc/sphinx/issues/12300) +suppress_warnings = ["config.cache"] + +############################################################ +### Styling +############################################################ + +# Find the current builder +builder = 'dirhtml' +if '-b' in sys.argv: + builder = sys.argv[sys.argv.index('-b')+1] + +# Setting templates_path for epub makes the build fail +if builder == 'dirhtml' or builder == 'html': + templates_path = ['.sphinx/_templates'] + notfound_template = '404.html' + +# Theme configuration +html_theme = 'furo' +html_last_updated_fmt = '' +html_permalinks_icon = '¶' + +if html_title == '': + html_theme_options = { + 'sidebar_hide_name': True + } + +############################################################ +### Additional files +############################################################ + +html_static_path = ['.sphinx/_static'] + +html_css_files = [ + 'custom.css', + 'header.css', + 'github_issue_links.css', + 'furo_colors.css', + 'footer.css' +] +html_css_files.extend(custom_html_css_files) + +html_js_files = ['header-nav.js', 'footer.js'] +if 'github_issues' in html_context and html_context['github_issues'] and not disable_feedback_button: + html_js_files.append('github_issue_links.js') +html_js_files.extend(custom_html_js_files) + +############################################################# +# Display the contributors + + +############################################################# +# DISABLED AS IT DOESN'T WORK FOR source not in same dir + +#def get_contributors_for_file(github_url, github_folder, github_source, pagename, page_source_suffix, display_contributors_since=None): +# filename = f"{pagename}{page_source_suffix}" +# paths=html_context['github_source'][1:] + filename +# +# try: +# repo = Repo(".") +# except InvalidGitRepositoryError: +# cwd = os.getcwd() +# ghfolder = html_context['github_source'][:-1] +# +# if ghfolder and cwd.endswith(ghfolder): +# repo = Repo(cwd.rpartition(ghfolder)[0]) +# else: +# print("The local Git repository could not be found.") +# return +# +# since = display_contributors_since if display_contributors_since and display_contributors_since.strip() else None +# +# commits = repo.iter_commits(paths=paths, since=since) +# +# contributors_dict = {} +# for commit in commits: +# contributor = commit.author.name +# if contributor not in contributors_dict or commit.committed_date > contributors_dict[contributor]['date']: +# contributors_dict[contributor] = { +# 'date': commit.committed_date, +# 'sha': commit.hexsha +# } +# # The github_page contains the link to the contributor's latest commit. +# contributors_list = [{'name': name, 'github_page': f"{github_url}/commit/{data['sha']}"} for name, data in contributors_dict.items()] +# sorted_contributors_list = sorted(contributors_list, key=lambda x: x['name']) +# return sorted_contributors_list +# +# html_context['get_contribs'] = get_contributors_for_file + +############################################################ +### Myst configuration +############################################################ +if os.path.exists('./reuse/substitutions.yaml'): + with open('./reuse/substitutions.yaml', 'r') as fd: + myst_substitutions = yaml.safe_load(fd.read()) + + +############################################################ +### PDF configuration +############################################################ + +latex_additional_files = [ + "./.sphinx/fonts/Ubuntu-B.ttf", + "./.sphinx/fonts/Ubuntu-R.ttf", + "./.sphinx/fonts/Ubuntu-RI.ttf", + "./.sphinx/fonts/UbuntuMono-R.ttf", + "./.sphinx/fonts/UbuntuMono-RI.ttf", + "./.sphinx/fonts/UbuntuMono-B.ttf", + "./.sphinx/images/Canonical-logo-4x.png", + "./.sphinx/images/front-page-light.pdf", + "./.sphinx/images/normal-page-footer.pdf", +] + +latex_engine = 'xelatex' +latex_show_pagerefs = True +latex_show_urls = 'footnote' + +with open(".sphinx/latex_elements_template.txt", "rt") as file: + latex_config = file.read() + +latex_elements = ast.literal_eval(latex_config.replace("$PROJECT", project)) + +master_doc = 'index' \ No newline at end of file diff --git a/docs/canonicalk8s/conf.py b/docs/canonicalk8s/conf.py index c3b447cb8..c804e78c1 100644 --- a/docs/canonicalk8s/conf.py +++ b/docs/canonicalk8s/conf.py @@ -225,6 +225,7 @@ with open('./reuse/substitutions.yaml', 'r') as fd: myst_substitutions = yaml.safe_load(fd.read()) +suppress_warnings = ["myst.xref_missing", "myst.iref_ambiguous"] ############################################################ ### PDF configuration @@ -249,4 +250,6 @@ with open(".sphinx/latex_elements_template.txt", "rt") as file: latex_config = file.read() -latex_elements = ast.literal_eval(latex_config.replace("$PROJECT", project)) \ No newline at end of file +latex_elements = ast.literal_eval(latex_config.replace("$PROJECT", project)) + +master_doc = 'index' \ No newline at end of file diff --git a/docs/canonicalk8s/custom_conf.py b/docs/canonicalk8s/custom_conf.py index 83795a3ee..87d919a81 100644 --- a/docs/canonicalk8s/custom_conf.py +++ b/docs/canonicalk8s/custom_conf.py @@ -167,6 +167,7 @@ 'canonical.terminal-output', 'notfound.extension', 'sphinxcontrib.cairosvgconverter', + 'sphinxcontrib.kroki', ] # Add custom required Python modules that must be added to the @@ -184,7 +185,8 @@ # Add files or directories that should be excluded from processing. custom_excludes = [ 'doc-cheat-sheet*', - '_parts' + '_parts/*', + 'src/_parts' ] # Add CSS files (located in .sphinx/_static/) @@ -218,6 +220,12 @@ ## Add any configuration that is not covered by the common conf.py file. +# Change the default code highlighting to 'none' + +highlight_language = 'none' + + + # Define a :center: role that can be used to center the content of table cells. rst_prolog = ''' .. role:: center diff --git a/docs/src/index.md b/docs/canonicalk8s/index.md similarity index 67% rename from docs/src/index.md rename to docs/canonicalk8s/index.md index 1635cc3f5..f7f8f5a8e 100644 --- a/docs/src/index.md +++ b/docs/canonicalk8s/index.md @@ -20,11 +20,11 @@ Home :titlesonly: :maxdepth: 6 :caption: Deploy from Snap package -Overview -snap/tutorial/index -snap/howto/index -snap/explanation/index -snap/reference/index +Overview +src/snap/tutorial/index +src/snap/howto/index +src/snap/explanation/index +src/snap/reference/index ``` ```{toctree} @@ -32,11 +32,11 @@ snap/reference/index :caption: Deploy with Juju :titlesonly: :glob: -Overview -charm/tutorial/index -charm/howto/index -charm/explanation/index -charm/reference/index +Overview +src/charm/tutorial/index +src/charm/howto/index +src/charm/explanation/index +src/charm/reference/index ``` ```{toctree} @@ -44,11 +44,11 @@ charm/reference/index :caption: Deploy with Cluster API (WIP) :titlesonly: :glob: -Overview -capi/tutorial/index -capi/howto/index -capi/explanation/index -capi/reference/index +Overview +src/capi/tutorial/index +src/capi/howto/index +src/capi/explanation/index +src/capi/reference/index ``` --- @@ -56,16 +56,16 @@ capi/reference/index ````{grid} 1 1 2 2 ```{grid-item-card} -:link: snap/ -### [Install K8s from a snap ›](snap/index) +:link: src/snap/ +### [Install K8s from a snap ›](src/snap/index) ^^^ Our tutorials, How To guides and other pages will explain how to install, configure and use the {{product}} 'k8s' snap. ``` ```{grid-item-card} -:link: charm/ -### [Deploy K8s using Juju ›](charm/index) +:link: src/charm/ +### [Deploy K8s using Juju ›](src/charm/index) ^^^ Our tutorials, How To guides and other pages will explain how to install, configure and use the {{product}} 'k8s' charm. @@ -73,8 +73,8 @@ Our tutorials, How To guides and other pages will explain how to install, ```{grid-item-card} -:link: capi/ -### [Deploy K8s using Cluster API ›](capi/index) +:link: src/capi/ +### [Deploy K8s using Cluster API ›](src/capi/index) ^^^ Our tutorials, guides and explanation pages will explain how to install, configure and use {{product}} through CAPI. @@ -101,8 +101,8 @@ and constructive feedback. [Code of Conduct]: https://ubuntu.com/community/ethos/code-of-conduct -[community]: snap/reference/community -[contribute]: snap/howto/contribute -[roadmap]: snap/reference/roadmap -[overview page]: snap/explanation/about -[architecture documentation]: snap/reference/architecture +[community]: src/snap/reference/community +[contribute]: src/snap/howto/contribute +[roadmap]: src/snap/reference/roadmap +[overview page]: src/snap/explanation/about +[architecture documentation]: src/snap/reference/architecture diff --git a/docs/src/capi/explanation/security.md b/docs/src/capi/explanation/security.md index 6c1048a19..002e071d1 100644 --- a/docs/src/capi/explanation/security.md +++ b/docs/src/capi/explanation/security.md @@ -1,2 +1,2 @@ -```{include} /snap/explanation/security.md +```{include} ../../snap/explanation/security.md ``` diff --git a/docs/src/capi/index.md b/docs/src/capi/index.md index df4102a01..fa1369fdb 100644 --- a/docs/src/capi/index.md +++ b/docs/src/capi/index.md @@ -55,10 +55,10 @@ and constructive feedback. [Code of Conduct]: https://ubuntu.com/community/ethos/code-of-conduct -[community]: /charm/reference/community -[contribute]: /snap/howto/contribute -[roadmap]: /snap/reference/roadmap -[overview page]: /charm/explanation/about -[arch]: /charm/reference/architecture +[community]: ../charm/reference/community +[contribute]: ../snap/howto/contribute +[roadmap]: ../snap/reference/roadmap +[overview page]: ../charm/explanation/about +[arch]: ../charm/reference/architecture [Juju]: https://juju.is -[k8s snap package]: /snap/index \ No newline at end of file +[k8s snap package]: ../snap/index \ No newline at end of file diff --git a/docs/src/capi/reference/configs.md b/docs/src/capi/reference/configs.md index 7297d4f24..a304f68c1 100644 --- a/docs/src/capi/reference/configs.md +++ b/docs/src/capi/reference/configs.md @@ -218,7 +218,7 @@ spec: ``` -[Install custom {{product}} on machines]: /capi/howto/custom-ck8s.md +[Install custom {{product}} on machines]: ../howto/custom-ck8s.md [etcd best practices]: https://etcd.io/docs/v3.5/faq/#why-an-odd-number-of-cluster-members diff --git a/docs/src/charm/explanation/index.md b/docs/src/charm/explanation/index.md index 58409c598..e73fa9827 100644 --- a/docs/src/charm/explanation/index.md +++ b/docs/src/charm/explanation/index.md @@ -39,4 +39,4 @@ details or information such as the command reference or release notes. [Tutorials section]: ../tutorial/index [How-to guides]: ../howto/index [Reference section]: ../reference/index -[explanation topic]: /snap/explanation/index.md +[explanation topic]: ../explanation/index.md diff --git a/docs/src/charm/explanation/security.md b/docs/src/charm/explanation/security.md index 6c1048a19..002e071d1 100644 --- a/docs/src/charm/explanation/security.md +++ b/docs/src/charm/explanation/security.md @@ -1,2 +1,2 @@ -```{include} /snap/explanation/security.md +```{include} ../../snap/explanation/security.md ``` diff --git a/docs/src/charm/reference/architecture.md b/docs/src/charm/reference/architecture.md index 28a51c753..2e2696ba5 100644 --- a/docs/src/charm/reference/architecture.md +++ b/docs/src/charm/reference/architecture.md @@ -1,5 +1,5 @@ # K8s charm architecture -```{include} /snap/reference/architecture.md +```{include} ../../snap/reference/architecture.md :start-after: '## Canonical K8s charms' ``` diff --git a/docs/src/charm/reference/proxy.md b/docs/src/charm/reference/proxy.md index e4dfd0e16..1ebabb32b 100644 --- a/docs/src/charm/reference/proxy.md +++ b/docs/src/charm/reference/proxy.md @@ -1,2 +1,2 @@ -```{include} /snap/reference/proxy.md +```{include} ../../snap/reference/proxy.md ``` \ No newline at end of file diff --git a/docs/src/snap/explanation/index.md b/docs/src/snap/explanation/index.md index 2f8380ea1..194f7aff7 100644 --- a/docs/src/snap/explanation/index.md +++ b/docs/src/snap/explanation/index.md @@ -17,7 +17,7 @@ channels clustering ingress epa -/snap/explanation/security +security ``` --- diff --git a/docs/src/snap/explanation/security.md b/docs/src/snap/explanation/security.md index 53f5ea727..c0a7b1dcc 100644 --- a/docs/src/snap/explanation/security.md +++ b/docs/src/snap/explanation/security.md @@ -62,4 +62,4 @@ check the [roadmap][] for current areas of work. [Kubernetes Security documentation]: https://kubernetes.io/docs/concepts/security/overview/ [snap documentation]: https://snapcraft.io/docs/security-sandboxing [rocks-security]: https://canonical-rockcraft.readthedocs-hosted.com/en/latest/explanation/rockcraft/ -[roadmap]: /snap/reference/roadmap +[roadmap]: ../reference/roadmap diff --git a/docs/src/snap/howto/networking/index.md b/docs/src/snap/howto/networking/index.md index 64f64ce49..4973f6f82 100644 --- a/docs/src/snap/howto/networking/index.md +++ b/docs/src/snap/howto/networking/index.md @@ -11,10 +11,10 @@ how to configure and use key capabilities of {{product}}. ```{toctree} :titlesonly: -/snap/howto/networking/default-dns.md -/snap/howto/networking/default-network.md -/snap/howto/networking/default-ingress.md -/snap/howto/networking/default-loadbalancer.md -/snap/howto/networking/dualstack.md -/snap/howto/networking/ipv6.md +default-dns.md +default-network.md +default-ingress.md +default-loadbalancer.md +dualstack.md +ipv6.md ``` diff --git a/docs/src/snap/reference/community.md b/docs/src/snap/reference/community.md index 080b89348..182ee8688 100644 --- a/docs/src/snap/reference/community.md +++ b/docs/src/snap/reference/community.md @@ -68,6 +68,6 @@ the guidelines for participation. [matrix]: https://matrix.to/#/#k8s:ubuntu.com [Discourse]: https://discourse.ubuntu.com/c/kubernetes/180 [bugs]: https://github.com/canonical/k8s-snap/issues -[Contributing guide]: /snap/howto/contribute -[Developer guide]: /snap/howto/contribute +[Contributing guide]: ../howto/contribute +[Developer guide]: ../howto/contribute [support]: https://ubuntu.com/support diff --git a/docs/src/snap/reference/proxy.md b/docs/src/snap/reference/proxy.md index 1fa29f765..cc8d17465 100644 --- a/docs/src/snap/reference/proxy.md +++ b/docs/src/snap/reference/proxy.md @@ -37,5 +37,5 @@ how to set these. -[How to guide for configuring proxies for the k8s snap]: /snap/howto/proxy -[How to guide for configuring proxies for k8s charms]: /charm/howto/proxy +[How to guide for configuring proxies for the k8s snap]: ../howto/proxy +[How to guide for configuring proxies for k8s charms]: ../../charm/howto/proxy diff --git a/docs/src/snap/reference/releases.md b/docs/src/snap/reference/releases.md index 319f16737..2e73630c9 100644 --- a/docs/src/snap/reference/releases.md +++ b/docs/src/snap/reference/releases.md @@ -32,8 +32,8 @@ Follow along with the [tutorial] to get started! -[tutorial]: /snap/tutorial/getting-started -[nodes]: /snap/tutorial/add-remove-nodes +[tutorial]: ../tutorial/getting-started +[nodes]: ../tutorial/add-remove-nodes [COS Lite]: https://charmhub.io/cos-lite -[networking]: /snap/howto/networking/index -[observability documentation]: /charm/howto/cos-lite \ No newline at end of file +[networking]: ../howto/networking/index +[observability documentation]: ../../charm/howto/cos-lite \ No newline at end of file From d6de2815db3f06c07809ad891ef137ec71d1bc9d Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Fri, 8 Nov 2024 13:19:30 +0100 Subject: [PATCH 080/122] Add min-tls-version flag (#776) DISA requires a TLS version of 1.2 as a minimum. --- src/k8s/pkg/k8sd/setup/kube_apiserver.go | 1 + src/k8s/pkg/k8sd/setup/kube_apiserver_test.go | 3 +++ src/k8s/pkg/k8sd/setup/kube_controller_manager.go | 1 + src/k8s/pkg/k8sd/setup/kube_controller_manager_test.go | 3 +++ src/k8s/pkg/k8sd/setup/kube_scheduler.go | 1 + src/k8s/pkg/k8sd/setup/kube_scheduler_test.go | 2 ++ 6 files changed, 11 insertions(+) diff --git a/src/k8s/pkg/k8sd/setup/kube_apiserver.go b/src/k8s/pkg/k8sd/setup/kube_apiserver.go index 09d38a660..cfac02e8e 100644 --- a/src/k8s/pkg/k8sd/setup/kube_apiserver.go +++ b/src/k8s/pkg/k8sd/setup/kube_apiserver.go @@ -85,6 +85,7 @@ func KubeAPIServer(snap snap.Snap, securePort int, nodeIP net.IP, serviceCIDR st "--service-cluster-ip-range": serviceCIDR, "--tls-cert-file": filepath.Join(snap.KubernetesPKIDir(), "apiserver.crt"), "--tls-cipher-suites": strings.Join(apiserverTLSCipherSuites, ","), + "--tls-min-version": "VersionTLS12", "--tls-private-key-file": filepath.Join(snap.KubernetesPKIDir(), "apiserver.key"), } diff --git a/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go b/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go index 95f84042b..44677aa73 100644 --- a/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go +++ b/src/k8s/pkg/k8sd/setup/kube_apiserver_test.go @@ -63,6 +63,7 @@ func TestKubeAPIServer(t *testing.T) { {key: "--service-cluster-ip-range", expectedVal: "10.0.0.0/24"}, {key: "--tls-cert-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "apiserver.crt")}, {key: "--tls-cipher-suites", expectedVal: apiserverTLSCipherSuites}, + {key: "--tls-min-version", expectedVal: "VersionTLS12"}, {key: "--tls-private-key-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "apiserver.key")}, {key: "--etcd-servers", expectedVal: fmt.Sprintf("unix://%s", filepath.Join(s.Mock.K8sDqliteStateDir, "k8s-dqlite.sock"))}, {key: "--request-timeout", expectedVal: "300s"}, @@ -123,6 +124,7 @@ func TestKubeAPIServer(t *testing.T) { {key: "--service-cluster-ip-range", expectedVal: "10.0.0.0/24"}, {key: "--tls-cert-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "apiserver.crt")}, {key: "--tls-cipher-suites", expectedVal: apiserverTLSCipherSuites}, + {key: "--tls-min-version", expectedVal: "VersionTLS12"}, {key: "--tls-private-key-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "apiserver.key")}, {key: "--etcd-servers", expectedVal: fmt.Sprintf("unix://%s", filepath.Join(s.Mock.K8sDqliteStateDir, "k8s-dqlite.sock"))}, } @@ -178,6 +180,7 @@ func TestKubeAPIServer(t *testing.T) { {key: "--service-cluster-ip-range", expectedVal: "10.0.0.0/24"}, {key: "--tls-cert-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "apiserver.crt")}, {key: "--tls-cipher-suites", expectedVal: apiserverTLSCipherSuites}, + {key: "--tls-min-version", expectedVal: "VersionTLS12"}, {key: "--tls-private-key-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "apiserver.key")}, {key: "--etcd-servers", expectedVal: fmt.Sprintf("unix://%s", filepath.Join(s.Mock.K8sDqliteStateDir, "k8s-dqlite.sock"))}, {key: "--request-timeout", expectedVal: "300s"}, diff --git a/src/k8s/pkg/k8sd/setup/kube_controller_manager.go b/src/k8s/pkg/k8sd/setup/kube_controller_manager.go index 95eb941eb..18a3c435f 100644 --- a/src/k8s/pkg/k8sd/setup/kube_controller_manager.go +++ b/src/k8s/pkg/k8sd/setup/kube_controller_manager.go @@ -22,6 +22,7 @@ func KubeControllerManager(snap snap.Snap, extraArgs map[string]*string) error { "--root-ca-file": filepath.Join(snap.KubernetesPKIDir(), "ca.crt"), "--service-account-private-key-file": filepath.Join(snap.KubernetesPKIDir(), "serviceaccount.key"), "--terminated-pod-gc-threshold": "12500", + "--tls-min-version": "VersionTLS12", "--use-service-account-credentials": "true", } // enable cluster-signing if certificates are available diff --git a/src/k8s/pkg/k8sd/setup/kube_controller_manager_test.go b/src/k8s/pkg/k8sd/setup/kube_controller_manager_test.go index 45851c014..7c274a6b7 100644 --- a/src/k8s/pkg/k8sd/setup/kube_controller_manager_test.go +++ b/src/k8s/pkg/k8sd/setup/kube_controller_manager_test.go @@ -47,6 +47,7 @@ func TestKubeControllerManager(t *testing.T) { {key: "--root-ca-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "ca.crt")}, {key: "--service-account-private-key-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "serviceaccount.key")}, {key: "--terminated-pod-gc-threshold", expectedVal: "12500"}, + {key: "--tls-min-version", expectedVal: "VersionTLS12"}, {key: "--use-service-account-credentials", expectedVal: "true"}, {key: "--cluster-signing-cert-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "ca.crt")}, {key: "--cluster-signing-key-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "ca.key")}, @@ -95,6 +96,7 @@ func TestKubeControllerManager(t *testing.T) { {key: "--root-ca-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "ca.crt")}, {key: "--service-account-private-key-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "serviceaccount.key")}, {key: "--terminated-pod-gc-threshold", expectedVal: "12500"}, + {key: "--tls-min-version", expectedVal: "VersionTLS12"}, {key: "--use-service-account-credentials", expectedVal: "true"}, } for _, tc := range tests { @@ -148,6 +150,7 @@ func TestKubeControllerManager(t *testing.T) { {key: "--root-ca-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "ca.crt")}, {key: "--service-account-private-key-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "serviceaccount.key")}, {key: "--terminated-pod-gc-threshold", expectedVal: "12500"}, + {key: "--tls-min-version", expectedVal: "VersionTLS12"}, {key: "--use-service-account-credentials", expectedVal: "true"}, {key: "--cluster-signing-cert-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "ca.crt")}, {key: "--cluster-signing-key-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "ca.key")}, diff --git a/src/k8s/pkg/k8sd/setup/kube_scheduler.go b/src/k8s/pkg/k8sd/setup/kube_scheduler.go index 8a68b1689..ab64bfd29 100644 --- a/src/k8s/pkg/k8sd/setup/kube_scheduler.go +++ b/src/k8s/pkg/k8sd/setup/kube_scheduler.go @@ -18,6 +18,7 @@ func KubeScheduler(snap snap.Snap, extraArgs map[string]*string) error { "--leader-elect-lease-duration": "30s", "--leader-elect-renew-deadline": "15s", "--profiling": "false", + "--tls-min-version": "VersionTLS12", }, nil); err != nil { return fmt.Errorf("failed to render arguments file: %w", err) } diff --git a/src/k8s/pkg/k8sd/setup/kube_scheduler_test.go b/src/k8s/pkg/k8sd/setup/kube_scheduler_test.go index cf406778d..ae84ba87f 100644 --- a/src/k8s/pkg/k8sd/setup/kube_scheduler_test.go +++ b/src/k8s/pkg/k8sd/setup/kube_scheduler_test.go @@ -39,6 +39,7 @@ func TestKubeScheduler(t *testing.T) { {key: "--leader-elect-lease-duration", expectedVal: "30s"}, {key: "--leader-elect-renew-deadline", expectedVal: "15s"}, {key: "--profiling", expectedVal: "false"}, + {key: "--tls-min-version", expectedVal: "VersionTLS12"}, } for _, tc := range tests { t.Run(tc.key, func(t *testing.T) { @@ -79,6 +80,7 @@ func TestKubeScheduler(t *testing.T) { {key: "--kubeconfig", expectedVal: filepath.Join(s.Mock.KubernetesConfigDir, "scheduler.conf")}, {key: "--leader-elect-renew-deadline", expectedVal: "15s"}, {key: "--profiling", expectedVal: "true"}, + {key: "--tls-min-version", expectedVal: "VersionTLS12"}, {key: "--my-extra-arg", expectedVal: "my-extra-val"}, } for _, tc := range tests { From 953f4dd8019e5ebf99d9f69f00485f391b260b64 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Fri, 8 Nov 2024 13:57:31 +0100 Subject: [PATCH 081/122] Add minimum release for upgrade tests (#769) --------- Co-authored-by: Homayoon Alimohammadi --- .github/workflows/nightly-test.yaml | 2 ++ tests/integration/tests/test_util/config.py | 5 ++++ tests/integration/tests/test_util/snap.py | 15 +++++++++-- tests/integration/tests/test_util/util.py | 27 ++++++++++++------- .../tests/test_version_upgrades.py | 11 +++++++- 5 files changed, 48 insertions(+), 12 deletions(-) diff --git a/.github/workflows/nightly-test.yaml b/.github/workflows/nightly-test.yaml index 8a542622b..e8dab660c 100644 --- a/.github/workflows/nightly-test.yaml +++ b/.github/workflows/nightly-test.yaml @@ -45,6 +45,8 @@ jobs: # Test the latest (up to) 6 releases for the flavour # TODO(ben): upgrade nightly to run all flavours TEST_VERSION_UPGRADE_CHANNELS: "recent 6 classic" + # Upgrading from 1.30 is not supported. + TEST_VERSION_UPGRADE_MIN_RELEASE: "1.31" TEST_STRICT_INTERFACE_CHANNELS: "recent 6 strict" run: | export PATH="/home/runner/.local/bin:$PATH" diff --git a/tests/integration/tests/test_util/config.py b/tests/integration/tests/test_util/config.py index 11cb12576..f85021573 100644 --- a/tests/integration/tests/test_util/config.py +++ b/tests/integration/tests/test_util/config.py @@ -119,6 +119,11 @@ VERSION_UPGRADE_CHANNELS = ( os.environ.get("TEST_VERSION_UPGRADE_CHANNELS", "").strip().split() ) + +# The minimum Kubernetes release to upgrade from (e.g. "1.31") +# Only relevant when using 'recent' in VERSION_UPGRADE_CHANNELS. +VERSION_UPGRADE_MIN_RELEASE = os.environ.get("TEST_VERSION_UPGRADE_MIN_RELEASE") + # A list of space-separated channels for which the strict interface tests should be run in sequential order. # Alternatively, use 'recent strict' to get the latest channels for strict. STRICT_INTERFACE_CHANNELS = ( diff --git a/tests/integration/tests/test_util/snap.py b/tests/integration/tests/test_util/snap.py index fe0219fe2..f64c64cb9 100644 --- a/tests/integration/tests/test_util/snap.py +++ b/tests/integration/tests/test_util/snap.py @@ -6,7 +6,9 @@ import re import urllib.error import urllib.request -from typing import List +from typing import List, Optional + +from test_util.util import major_minor LOG = logging.getLogger(__name__) @@ -60,7 +62,11 @@ def filter_arch_and_flavor(channels: List[dict], arch: str, flavor: str) -> List def get_most_stable_channels( - num_of_channels: int, flavor: str, arch: str, include_latest=True + num_of_channels: int, + flavor: str, + arch: str, + include_latest: bool = True, + min_release: Optional[str] = None, ) -> List[str]: """Get an ascending list of latest channels based on the number of channels flavour and architecture.""" @@ -76,6 +82,11 @@ def get_most_stable_channels( for channel, major, minor, risk in arch_flavor_channels: version_key = (int(major), int(minor)) + if min_release is not None: + _min_release = major_minor(min_release) + if _min_release is not None and version_key < _min_release: + continue + if version_key not in channel_map or RISK_LEVELS.index( risk ) < RISK_LEVELS.index(channel_map[version_key][1]): diff --git a/tests/integration/tests/test_util/util.py b/tests/integration/tests/test_util/util.py index cb09b8c6e..352589c48 100644 --- a/tests/integration/tests/test_util/util.py +++ b/tests/integration/tests/test_util/util.py @@ -381,6 +381,21 @@ def tracks_least_risk(track: str, arch: str) -> str: return channel +def major_minor(version: str) -> Optional[tuple]: + """Determine the major and minor version of a Kubernetes version string. + + Args: + version: the version string to determine the major and minor version for + + Returns: + a tuple containing the major and minor version or None if the version string is invalid + """ + if match := TRACK_RE.match(version): + maj, min, _ = match.groups() + return int(maj), int(min) + return None + + def previous_track(snap_version: str) -> str: """Determine the snap track preceding the provided version. @@ -392,12 +407,6 @@ def previous_track(snap_version: str) -> str: """ LOG.debug("Determining previous track for %s", snap_version) - def _maj_min(version: str): - if match := TRACK_RE.match(version): - maj, min, _ = match.groups() - return int(maj), int(min) - return None - if not snap_version: assumed = "latest" LOG.info( @@ -414,20 +423,20 @@ def _maj_min(version: str): ) return assumed - if maj_min := _maj_min(snap_version): + if maj_min := major_minor(snap_version): maj, min = maj_min if min == 0: with urllib.request.urlopen( f"https://dl.k8s.io/release/stable-{maj - 1}.txt" ) as r: stable = r.read().decode().strip() - maj_min = _maj_min(stable) + maj_min = major_minor(stable) else: maj_min = (maj, min - 1) elif snap_version.startswith("latest") or "/" not in snap_version: with urllib.request.urlopen("https://dl.k8s.io/release/stable.txt") as r: stable = r.read().decode().strip() - maj_min = _maj_min(stable) + maj_min = major_minor(stable) flavor_track = {"": "classic", "strict": ""}.get(config.FLAVOR, config.FLAVOR) track = f"{maj_min[0]}.{maj_min[1]}" + (flavor_track and f"-{flavor_track}") diff --git a/tests/integration/tests/test_version_upgrades.py b/tests/integration/tests/test_version_upgrades.py index 6df9171ae..d8798c874 100644 --- a/tests/integration/tests/test_version_upgrades.py +++ b/tests/integration/tests/test_version_upgrades.py @@ -26,7 +26,16 @@ def test_version_upgrades(instances: List[harness.Instance], tmp_path): "'recent' requires the number of releases as second argument and the flavour as third argument" ) _, num_channels, flavour = channels - channels = snap.get_most_stable_channels(int(num_channels), flavour, cp.arch) + channels = snap.get_most_stable_channels( + int(num_channels), + flavour, + cp.arch, + min_release=config.VERSION_UPGRADE_MIN_RELEASE, + ) + if len(channels) < 2: + pytest.fail( + f"Need at least 2 channels to upgrade, got {len(channels)} for flavour {flavour}" + ) current_channel = channels[0] LOG.info( From ca54963409580bf5edba66f6f6354ca0439000b6 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Fri, 8 Nov 2024 13:58:16 +0100 Subject: [PATCH 082/122] Fix SBOM generation (#780) --- build-scripts/hack/generate-sbom.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/build-scripts/hack/generate-sbom.py b/build-scripts/hack/generate-sbom.py index e5fc93a8c..b2bf1cc12 100755 --- a/build-scripts/hack/generate-sbom.py +++ b/build-scripts/hack/generate-sbom.py @@ -190,9 +190,10 @@ def rock_coredns(manifest, extra_files): with util.git_repo(COREDNS_ROCK_REPO, COREDNS_ROCK_TAG) as d: rock_repo_commit = util.parse_output(["git", "rev-parse", "HEAD"], cwd=d) - rockcraft = (d / "rockcraft.yaml").read_text() + # TODO(ben): This should not be hard coded. + rockcraft = (d / "1.11.1/rockcraft.yaml").read_text() - extra_files["coredns/rockcraft.yaml"] = rockcraft + extra_files["coredns/1.11.1/rockcraft.yaml"] = rockcraft rockcraft_yaml = yaml.safe_load(rockcraft) repo_url = rockcraft_yaml["parts"]["coredns"]["source"] @@ -211,7 +212,7 @@ def rock_coredns(manifest, extra_files): "revision": rock_repo_commit, }, "language": "go", - "details": ["coredns/rockcraft.yaml", "coredns/go.mod", "coredns/go.sum"], + "details": ["coredns/1.11.1/rockcraft.yaml", "coredns/go.mod", "coredns/go.sum"], "source": { "type": "git", "repo": repo_url, From 297bed54194a5158f8d1b1710d333367f2027844 Mon Sep 17 00:00:00 2001 From: Nick Veitch Date: Fri, 8 Nov 2024 14:10:47 +0000 Subject: [PATCH 083/122] remove kroki and replace with SVGS for now (#781) --- docs/canonicalk8s/.sphinx/requirements.txt | 1 - docs/canonicalk8s/custom_conf.py | 2 -- docs/src/_parts/template-explanation | 5 ----- docs/src/snap/explanation/clustering.md | 7 +++++-- docs/src/snap/explanation/ingress.md | 7 +++++-- docs/src/snap/reference/architecture.md | 18 ++++++++++-------- docs/tools/custom_conf.py | 2 +- 7 files changed, 21 insertions(+), 21 deletions(-) diff --git a/docs/canonicalk8s/.sphinx/requirements.txt b/docs/canonicalk8s/.sphinx/requirements.txt index f7ac84204..539fce3c8 100644 --- a/docs/canonicalk8s/.sphinx/requirements.txt +++ b/docs/canonicalk8s/.sphinx/requirements.txt @@ -18,6 +18,5 @@ sphinx-notfound-page sphinx-tabs sphinxcontrib-jquery sphinxcontrib-svg2pdfconverter[CairoSVG] -sphinxcontrib.kroki sphinxext-opengraph watchfiles diff --git a/docs/canonicalk8s/custom_conf.py b/docs/canonicalk8s/custom_conf.py index 87d919a81..e2532892b 100644 --- a/docs/canonicalk8s/custom_conf.py +++ b/docs/canonicalk8s/custom_conf.py @@ -167,7 +167,6 @@ 'canonical.terminal-output', 'notfound.extension', 'sphinxcontrib.cairosvgconverter', - 'sphinxcontrib.kroki', ] # Add custom required Python modules that must be added to the @@ -179,7 +178,6 @@ # sphinxext-opengraph custom_required_modules = [ 'sphinxcontrib-svg2pdfconverter[CairoSVG]', - 'sphinxcontrib.kroki' ] # Add files or directories that should be excluded from processing. diff --git a/docs/src/_parts/template-explanation b/docs/src/_parts/template-explanation index 905a30f07..3ec1911ae 100644 --- a/docs/src/_parts/template-explanation +++ b/docs/src/_parts/template-explanation @@ -15,11 +15,6 @@ The documentation also supports various diagrams-as-code options. We prefer to use UML-style diagrams, but you can also use Mermaid or many other types. -Diagrams like this are processed using the 'kroki' directive: - -```{kroki} ../../assets/ck-cluster.puml -``` - ## Links Explanations frequently include links to other documents. In particular, please diff --git a/docs/src/snap/explanation/clustering.md b/docs/src/snap/explanation/clustering.md index a185a6f8c..caa2539e8 100644 --- a/docs/src/snap/explanation/clustering.md +++ b/docs/src/snap/explanation/clustering.md @@ -18,8 +18,7 @@ and scheduling of workloads. This is the overview of a {{product}} cluster: -```{kroki} ../../assets/ck-cluster.puml -``` +![cluster6][] ## The Role of `k8sd` in Kubernetes Clustering @@ -69,6 +68,10 @@ entire life-cycle. Their components include: - **Container Runtime**: The software responsible for running containers. In {{product}} the runtime is `containerd`. + + +[cluster6]: https://assets.ubuntu.com/v1/e6d02e9c-cluster6.svg + [Kubernetes Components]: https://kubernetes.io/docs/concepts/overview/components/ diff --git a/docs/src/snap/explanation/ingress.md b/docs/src/snap/explanation/ingress.md index 6e7c73c5d..fde9bc2e9 100644 --- a/docs/src/snap/explanation/ingress.md +++ b/docs/src/snap/explanation/ingress.md @@ -54,8 +54,7 @@ that routes traffic from outside of your cluster to services inside of your clus Please do not confuse this with the Kubernetes Service LoadBalancer type which operates at layer 4 and routes traffic directly to individual pods. -```{kroki} ../../assets/ingress.puml -``` +![cluster6][] With {{product}}, enabling Ingress is easy: See the [default Ingress guide][Ingress]. @@ -73,6 +72,10 @@ the responsibility of implementation falls upon you. You will need to create the Ingress resource, outlining rules that direct traffic to your application's Kubernetes service. + + +[cluster6]: https://assets.ubuntu.com/v1/e6d02e9c-cluster6.svg + [Ingress]: /snap/howto/networking/default-ingress diff --git a/docs/src/snap/reference/architecture.md b/docs/src/snap/reference/architecture.md index b3adad13e..44981a45b 100644 --- a/docs/src/snap/reference/architecture.md +++ b/docs/src/snap/reference/architecture.md @@ -10,8 +10,7 @@ current design of {{product}}, following the [C4 model]. This overview of {{product}} demonstrates the interactions of Kubernetes with users and with other systems. -```{kroki} ../../assets/overview.puml -``` +![cluster2][] Two actors interact with the Kubernetes snap: @@ -52,8 +51,7 @@ distribution. We have identified the following: Looking more closely at what is contained within the K8s snap itself: -```{kroki} ../../assets/k8s-container.puml -``` +![cluster3][] The `k8s` snap distribution includes the following: @@ -74,8 +72,7 @@ The `k8s` snap distribution includes the following: K8sd is the component that implements and exposes the operations functionality needed for managing the Kubernetes cluster. -```{kroki} ../../assets/k8sd-component.puml -``` +![cluster4][] At the core of the `k8sd` functionality we have the cluster manager that is responsible for configuring the services, workload and features we deem @@ -107,8 +104,7 @@ This functionality is exposed via the following interfaces: Canonical `k8s` Charms encompass two primary components: the [`k8s` charm][K8s charm] and the [`k8s-worker` charm][K8s-worker charm]. -```{kroki} ../../assets/charms-architecture.puml -``` +![cluster1][] Charms are instantiated on a machine as a Juju unit, and a collection of units constitutes an application. Both `k8s` and `k8s-worker` units are responsible @@ -140,6 +136,12 @@ and the sharing of observability data with the [`Canonical Observability Stack (COS)`][COS docs]. This modular and integrated approach facilitates a robust and flexible {{product}} deployment managed through Juju. + + +[cluster1]: https://assets.ubuntu.com/v1/dfc43753-cluster1.svg +[cluster2]: https://assets.ubuntu.com/v1/0e486a5d-cluster2.svg +[cluster3]: https://assets.ubuntu.com/v1/24fd1773-cluster3.svg +[cluster4]: https://assets.ubuntu.com/v1/24fd1773-cluster4.svg [C4 model]: https://c4model.com/ diff --git a/docs/tools/custom_conf.py b/docs/tools/custom_conf.py index 42ad59591..aa876861c 100644 --- a/docs/tools/custom_conf.py +++ b/docs/tools/custom_conf.py @@ -145,7 +145,7 @@ ## Use them to extend the default features. # Add extensions -custom_extensions = ['sphinxcontrib.kroki', ] +custom_extensions = [ ] # Add MyST extensions custom_myst_extensions = [] From 528d459afdd1283c38582d423a5d8e506efc38e6 Mon Sep 17 00:00:00 2001 From: Homayoon Alimohammadi Date: Fri, 8 Nov 2024 18:36:25 +0400 Subject: [PATCH 084/122] Refactor file writing logic (#778) --- src/k8s/cmd/k8s/k8s_bootstrap_test.go | 3 +- src/k8s/cmd/k8s/k8s_x_capi.go | 5 +- src/k8s/cmd/k8sd/k8sd_cluster_recover.go | 2 +- src/k8s/pkg/docgen/json_struct.go | 4 +- src/k8s/pkg/k8sd/setup/certificates.go | 3 +- src/k8s/pkg/k8sd/setup/containerd.go | 2 +- src/k8s/pkg/k8sd/setup/containerd_test.go | 2 +- src/k8s/pkg/k8sd/setup/k8s_dqlite.go | 2 +- src/k8s/pkg/k8sd/setup/util_extra_files.go | 3 +- src/k8s/pkg/proxy/config.go | 4 +- src/k8s/pkg/snap/util/arguments.go | 2 +- src/k8s/pkg/snap/util/arguments_test.go | 4 +- src/k8s/pkg/utils/file.go | 32 ++++++++ src/k8s/pkg/utils/file_test.go | 92 +++++++++++++++++++++- 14 files changed, 143 insertions(+), 17 deletions(-) diff --git a/src/k8s/cmd/k8s/k8s_bootstrap_test.go b/src/k8s/cmd/k8s/k8s_bootstrap_test.go index 1ab92aa34..ca24ef624 100644 --- a/src/k8s/cmd/k8s/k8s_bootstrap_test.go +++ b/src/k8s/cmd/k8s/k8s_bootstrap_test.go @@ -3,7 +3,6 @@ package k8s import ( "bytes" _ "embed" - "os" "path/filepath" "testing" @@ -109,7 +108,7 @@ var testCases = []testCase{ func mustAddConfigToTestDir(t *testing.T, configPath string, data string) { t.Helper() // Create the cluster bootstrap config file - err := os.WriteFile(configPath, []byte(data), 0o644) + err := utils.WriteFile(configPath, []byte(data), 0o644) if err != nil { t.Fatal(err) } diff --git a/src/k8s/cmd/k8s/k8s_x_capi.go b/src/k8s/cmd/k8s/k8s_x_capi.go index 232132dd9..2c4658fd8 100644 --- a/src/k8s/cmd/k8s/k8s_x_capi.go +++ b/src/k8s/cmd/k8s/k8s_x_capi.go @@ -1,10 +1,9 @@ package k8s import ( - "os" - apiv1 "github.com/canonical/k8s-snap-api/api/v1" cmdutil "github.com/canonical/k8s/cmd/util" + "github.com/canonical/k8s/pkg/utils" "github.com/spf13/cobra" ) @@ -48,7 +47,7 @@ func newXCAPICmd(env cmdutil.ExecutionEnvironment) *cobra.Command { return } - if err := os.WriteFile(env.Snap.NodeTokenFile(), []byte(token), 0o600); err != nil { + if err := utils.WriteFile(env.Snap.NodeTokenFile(), []byte(token), 0o600); err != nil { cmd.PrintErrf("Error: Failed to write the node token to file.\n\nThe error was: %v\n", err) env.Exit(1) return diff --git a/src/k8s/cmd/k8sd/k8sd_cluster_recover.go b/src/k8s/cmd/k8sd/k8sd_cluster_recover.go index 7c1f74838..983aa52b2 100644 --- a/src/k8s/cmd/k8sd/k8sd_cluster_recover.go +++ b/src/k8s/cmd/k8sd/k8sd_cluster_recover.go @@ -346,7 +346,7 @@ func yamlEditorGuide( newContent = removeEmptyLines(newContent) if applyChanges { - err = os.WriteFile(path, newContent, os.FileMode(0o644)) + err = utils.WriteFile(path, newContent, os.FileMode(0o644)) if err != nil { return nil, fmt.Errorf("could not write file: %s, error: %w", path, err) } diff --git a/src/k8s/pkg/docgen/json_struct.go b/src/k8s/pkg/docgen/json_struct.go index 7a65365fe..5dc5e5a67 100644 --- a/src/k8s/pkg/docgen/json_struct.go +++ b/src/k8s/pkg/docgen/json_struct.go @@ -5,6 +5,8 @@ import ( "os" "reflect" "strings" + + "github.com/canonical/k8s/pkg/utils" ) type JsonTag struct { @@ -55,7 +57,7 @@ func MarkdownFromJsonStructToFile(i any, outFilePath string, projectDir string) return err } - err = os.WriteFile(outFilePath, []byte(content), 0o644) + err = utils.WriteFile(outFilePath, []byte(content), 0o644) if err != nil { return fmt.Errorf("failed to write markdown documentation to %s: %w", outFilePath, err) } diff --git a/src/k8s/pkg/k8sd/setup/certificates.go b/src/k8s/pkg/k8sd/setup/certificates.go index 8508d9fc5..c8e67d227 100644 --- a/src/k8s/pkg/k8sd/setup/certificates.go +++ b/src/k8s/pkg/k8sd/setup/certificates.go @@ -8,6 +8,7 @@ import ( "github.com/canonical/k8s/pkg/k8sd/pki" "github.com/canonical/k8s/pkg/snap" + "github.com/canonical/k8s/pkg/utils" ) // ensureFile creates fname with the specified contents, mode and owner bits. @@ -39,7 +40,7 @@ func ensureFile(fname string, contents string, uid, gid int, mode fs.FileMode) ( var contentChanged bool if contents != string(origContent) { - if err := os.WriteFile(fname, []byte(contents), mode); err != nil { + if err := utils.WriteFile(fname, []byte(contents), mode); err != nil { return false, fmt.Errorf("failed to write: %w", err) } contentChanged = true diff --git a/src/k8s/pkg/k8sd/setup/containerd.go b/src/k8s/pkg/k8sd/setup/containerd.go index 15227e6cb..84da35f6d 100644 --- a/src/k8s/pkg/k8sd/setup/containerd.go +++ b/src/k8s/pkg/k8sd/setup/containerd.go @@ -108,7 +108,7 @@ func Containerd(snap snap.Snap, extraContainerdConfig map[string]any, extraArgs return fmt.Errorf("failed to render containerd config.toml: %w", err) } - if err := os.WriteFile(filepath.Join(snap.ContainerdConfigDir(), "config.toml"), b, 0o600); err != nil { + if err := utils.WriteFile(filepath.Join(snap.ContainerdConfigDir(), "config.toml"), b, 0o600); err != nil { return fmt.Errorf("failed to write config.toml: %w", err) } diff --git a/src/k8s/pkg/k8sd/setup/containerd_test.go b/src/k8s/pkg/k8sd/setup/containerd_test.go index 66bfd2714..30693bfba 100644 --- a/src/k8s/pkg/k8sd/setup/containerd_test.go +++ b/src/k8s/pkg/k8sd/setup/containerd_test.go @@ -20,7 +20,7 @@ func TestContainerd(t *testing.T) { dir := t.TempDir() - g.Expect(os.WriteFile(filepath.Join(dir, "mockcni"), []byte("echo hi"), 0o600)).To(Succeed()) + g.Expect(utils.WriteFile(filepath.Join(dir, "mockcni"), []byte("echo hi"), 0o600)).To(Succeed()) s := &mock.Snap{ Mock: mock.Mock{ diff --git a/src/k8s/pkg/k8sd/setup/k8s_dqlite.go b/src/k8s/pkg/k8sd/setup/k8s_dqlite.go index 92fc4812d..1ee6a5cf9 100644 --- a/src/k8s/pkg/k8sd/setup/k8s_dqlite.go +++ b/src/k8s/pkg/k8sd/setup/k8s_dqlite.go @@ -32,7 +32,7 @@ func K8sDqlite(snap snap.Snap, address string, cluster []string, extraArgs map[s return fmt.Errorf("failed to create init.yaml file for address=%s cluster=%v: %w", address, cluster, err) } - if err := os.WriteFile(filepath.Join(snap.K8sDqliteStateDir(), "init.yaml"), b, 0o600); err != nil { + if err := utils.WriteFile(filepath.Join(snap.K8sDqliteStateDir(), "init.yaml"), b, 0o600); err != nil { return fmt.Errorf("failed to write init.yaml: %w", err) } diff --git a/src/k8s/pkg/k8sd/setup/util_extra_files.go b/src/k8s/pkg/k8sd/setup/util_extra_files.go index 2376b5645..163562ea5 100644 --- a/src/k8s/pkg/k8sd/setup/util_extra_files.go +++ b/src/k8s/pkg/k8sd/setup/util_extra_files.go @@ -7,6 +7,7 @@ import ( "strings" "github.com/canonical/k8s/pkg/snap" + "github.com/canonical/k8s/pkg/utils" ) // ExtraNodeConfigFiles writes the file contents to the specified filenames in the snap.ExtraFilesDir directory. @@ -20,7 +21,7 @@ func ExtraNodeConfigFiles(snap snap.Snap, files map[string]string) error { filePath := filepath.Join(snap.ServiceExtraConfigDir(), filename) // Write the content to the file - if err := os.WriteFile(filePath, []byte(content), 0o400); err != nil { + if err := utils.WriteFile(filePath, []byte(content), 0o400); err != nil { return fmt.Errorf("failed to write to file %s: %w", filePath, err) } diff --git a/src/k8s/pkg/proxy/config.go b/src/k8s/pkg/proxy/config.go index 3417016ec..450f2a689 100644 --- a/src/k8s/pkg/proxy/config.go +++ b/src/k8s/pkg/proxy/config.go @@ -5,6 +5,8 @@ import ( "fmt" "os" "sort" + + "github.com/canonical/k8s/pkg/utils" ) // Configuration is the format of the apiserver proxy endpoints config file. @@ -33,7 +35,7 @@ func WriteEndpointsConfig(endpoints []string, file string) error { return fmt.Errorf("failed to marshal configuration: %w", err) } - if err := os.WriteFile(file, b, 0o600); err != nil { + if err := utils.WriteFile(file, b, 0o600); err != nil { return fmt.Errorf("failed to write configuration file %s: %w", file, err) } return nil diff --git a/src/k8s/pkg/snap/util/arguments.go b/src/k8s/pkg/snap/util/arguments.go index 12d3011be..02aad87fb 100644 --- a/src/k8s/pkg/snap/util/arguments.go +++ b/src/k8s/pkg/snap/util/arguments.go @@ -103,7 +103,7 @@ func UpdateServiceArguments(snap snap.Snap, serviceName string, updateMap map[st // sort arguments so that output is consistent sort.Strings(newArguments) - if err := os.WriteFile(argumentsFile, []byte(strings.Join(newArguments, "\n")+"\n"), 0o600); err != nil { + if err := utils.WriteFile(argumentsFile, []byte(strings.Join(newArguments, "\n")+"\n"), 0o600); err != nil { return false, fmt.Errorf("failed to write arguments for service %s: %w", serviceName, err) } return changed, nil diff --git a/src/k8s/pkg/snap/util/arguments_test.go b/src/k8s/pkg/snap/util/arguments_test.go index 52fe4a1b3..0d23ccd6a 100644 --- a/src/k8s/pkg/snap/util/arguments_test.go +++ b/src/k8s/pkg/snap/util/arguments_test.go @@ -2,12 +2,12 @@ package snaputil_test import ( "fmt" - "os" "path/filepath" "testing" "github.com/canonical/k8s/pkg/snap/mock" snaputil "github.com/canonical/k8s/pkg/snap/util" + "github.com/canonical/k8s/pkg/utils" . "github.com/onsi/gomega" ) @@ -32,7 +32,7 @@ func TestGetServiceArgument(t *testing.T) { --key=value-of-service-two `, } { - g.Expect(os.WriteFile(filepath.Join(dir, svc), []byte(args), 0o600)).To(Succeed()) + g.Expect(utils.WriteFile(filepath.Join(dir, svc), []byte(args), 0o600)).To(Succeed()) } for _, tc := range []struct { diff --git a/src/k8s/pkg/utils/file.go b/src/k8s/pkg/utils/file.go index 1b6728334..63cfad1bf 100644 --- a/src/k8s/pkg/utils/file.go +++ b/src/k8s/pkg/utils/file.go @@ -258,3 +258,35 @@ func CreateTarball(tarballPath string, rootDir string, walkDir string, excludeFi return nil } + +// WriteFile writes data to a file with the given name and permissions. +// The file is written to a temporary file in the same directory as the target file +// and then renamed to the target file to avoid partial writes in case of a crash. +func WriteFile(name string, data []byte, perm fs.FileMode) error { + dir := filepath.Dir(name) + tmpFile, err := os.CreateTemp(dir, "tmp-*") + if err != nil { + return fmt.Errorf("failed to create temp file: %w", err) + } + defer os.Remove(tmpFile.Name()) + + if _, err := tmpFile.Write(data); err != nil { + tmpFile.Close() + return fmt.Errorf("failed to write to temp file: %w", err) + } + + if err := tmpFile.Chmod(perm); err != nil { + tmpFile.Close() + return fmt.Errorf("failed to set permissions on temp file: %w", err) + } + + if err := tmpFile.Close(); err != nil { + return fmt.Errorf("failed to close temp file: %w", err) + } + + if err := os.Rename(tmpFile.Name(), name); err != nil { + return fmt.Errorf("failed to rename temp file to target file: %w", err) + } + + return nil +} diff --git a/src/k8s/pkg/utils/file_test.go b/src/k8s/pkg/utils/file_test.go index 3efa8da76..db6437036 100644 --- a/src/k8s/pkg/utils/file_test.go +++ b/src/k8s/pkg/utils/file_test.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "path/filepath" + "sync" "testing" "github.com/canonical/k8s/pkg/utils" @@ -88,7 +89,7 @@ func TestParseArgumentFile(t *testing.T) { g := NewWithT(t) filePath := filepath.Join(t.TempDir(), tc.name) - err := os.WriteFile(filePath, []byte(tc.content), 0o755) + err := utils.WriteFile(filePath, []byte(tc.content), 0o755) if err != nil { t.Fatalf("Failed to setup testfile: %v", err) } @@ -182,3 +183,92 @@ func TestGetMountPropagationType(t *testing.T) { g.Expect(err).ToNot(HaveOccurred()) g.Expect(mountType).To(Equal(utils.MountPropagationShared)) } + +func TestWriteFile(t *testing.T) { + t.Run("PartialWrites", func(t *testing.T) { + g := NewWithT(t) + + name := filepath.Join(t.TempDir(), "testfile") + + const ( + numWriters = 200 + numIterations = 200 + ) + + var wg sync.WaitGroup + wg.Add(numWriters) + + expContent := "key: value" + expPerm := os.FileMode(0o644) + + for i := 0; i < numWriters; i++ { + go func(writerID int) { + defer wg.Done() + + for j := 0; j < numIterations; j++ { + g.Expect(utils.WriteFile(name, []byte(expContent), expPerm)).To(Succeed()) + + content, err := os.ReadFile(name) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(string(content)).To(Equal(expContent)) + + fileInfo, err := os.Stat(name) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(fileInfo.Mode().Perm()).To(Equal(expPerm)) + } + }(i) + } + + wg.Wait() + }) + + tcs := []struct { + name string + expContent []byte + expPerm os.FileMode + }{ + { + name: "test1", + expContent: []byte("key: value"), + expPerm: os.FileMode(0o644), + }, + { + name: "test2", + expContent: []byte(""), + expPerm: os.FileMode(0o600), + }, + { + name: "test3", + expContent: []byte("key: value"), + expPerm: os.FileMode(0o755), + }, + { + name: "test4", + expContent: []byte("key: value"), + expPerm: os.FileMode(0o777), + }, + { + name: "test5", + expContent: []byte("key: value"), + expPerm: os.FileMode(0o400), + }, + } + + for _, tc := range tcs { + t.Run(tc.name, func(t *testing.T) { + g := NewWithT(t) + + name := filepath.Join(t.TempDir(), tc.name) + + g.Expect(utils.WriteFile(name, tc.expContent, tc.expPerm)).To(Succeed()) + + content, err := os.ReadFile(name) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(string(content)).To(Equal(string(tc.expContent))) + + fileInfo, err := os.Stat(name) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(fileInfo.Mode().Perm()).To(Equal(tc.expPerm)) + }) + } +} From 92828c54b30b5671a582efaa09dfc4180dab14b0 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Fri, 8 Nov 2024 15:51:13 +0100 Subject: [PATCH 085/122] Remove IPv6-only on IPv6 only infra test (#768) --- .github/workflows/integration-informing.yaml | 4 -- .github/workflows/integration.yaml | 5 ++ tests/integration/tests/test_networking.py | 74 -------------------- 3 files changed, 5 insertions(+), 78 deletions(-) diff --git a/.github/workflows/integration-informing.yaml b/.github/workflows/integration-informing.yaml index f0eec21b8..49c0b46ee 100644 --- a/.github/workflows/integration-informing.yaml +++ b/.github/workflows/integration-informing.yaml @@ -92,10 +92,6 @@ jobs: TEST_FLAVOR: ${{ matrix.patch }} TEST_INSPECTION_REPORTS_DIR: ${{ github.workspace }}/inspection-reports run: | - # IPv6-only is only supported on moonray - if [[ "${{ matrix.patch }}" == "moonray" ]]; then - export TEST_IPV6_ONLY="true" - fi cd tests/integration && sg lxd -c 'tox -e integration' - name: Prepare inspection reports if: failure() diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index be291b991..3214f1645 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -102,6 +102,11 @@ jobs: TEST_SUBSTRATE: lxd TEST_LXD_IMAGE: ${{ matrix.os }} TEST_INSPECTION_REPORTS_DIR: ${{ github.workspace }}/inspection-reports + # Test the latest (up to) 6 releases for the flavour + # TODO(ben): upgrade nightly to run all flavours + TEST_VERSION_UPGRADE_CHANNELS: "recent 6 classic" + # Upgrading from 1.30 is not supported. + TEST_VERSION_UPGRADE_MIN_RELEASE: "1.31" run: | cd tests/integration && sg lxd -c 'tox -e integration' - name: Prepare inspection reports diff --git a/tests/integration/tests/test_networking.py b/tests/integration/tests/test_networking.py index af6449471..1804ab1fa 100644 --- a/tests/integration/tests/test_networking.py +++ b/tests/integration/tests/test_networking.py @@ -2,7 +2,6 @@ # Copyright 2024 Canonical, Ltd. # import logging -import os from ipaddress import IPv4Address, IPv6Address, ip_address from typing import List @@ -62,10 +61,6 @@ def test_dualstack(instances: List[harness.Instance]): @pytest.mark.node_count(3) @pytest.mark.disable_k8s_bootstrapping() @pytest.mark.network_type("dualstack") -@pytest.mark.skipif( - os.getenv("TEST_IPV6_ONLY") in ["false", None], - reason="IPv6 is currently only supported for moonray/calico", -) def test_ipv6_only_on_dualstack_infra(instances: List[harness.Instance]): main = instances[0] joining_cp = instances[1] @@ -126,72 +121,3 @@ def test_ipv6_only_on_dualstack_infra(instances: List[harness.Instance]): util.stubbornly(retries=config.DEFAULT_WAIT_RETRIES, delay_s=20).until( util.ready_nodes(main) == 3 ) - - -@pytest.mark.node_count(3) -@pytest.mark.disable_k8s_bootstrapping() -@pytest.mark.network_type("ipv6") -@pytest.mark.skipif( - os.getenv("TEST_IPV6_ONLY") in ["false", None], - reason="IPv6 is currently only supported for moonray/calico", -) -def test_ipv6_only_on_ipv6_infra(instances: List[harness.Instance]): - main = instances[0] - joining_cp = instances[1] - joining_worker = instances[2] - - ipv6_bootstrap_config = ( - config.MANIFESTS_DIR / "bootstrap-ipv6-only.yaml" - ).read_text() - - main.exec( - ["k8s", "bootstrap", "--file", "-"], - input=str.encode(ipv6_bootstrap_config), - ) - - join_token = util.get_join_token(main, joining_cp) - joining_cp.exec(["k8s", "join-cluster", join_token]) - - join_token_worker = util.get_join_token(main, joining_worker, "--worker") - joining_worker.exec(["k8s", "join-cluster", join_token_worker]) - - # Deploy nginx with ipv6 service - ipv6_config = (config.MANIFESTS_DIR / "nginx-ipv6-only.yaml").read_text() - main.exec(["k8s", "kubectl", "apply", "-f", "-"], input=str.encode(ipv6_config)) - addresses = ( - util.stubbornly(retries=5, delay_s=3) - .on(main) - .exec( - [ - "k8s", - "kubectl", - "get", - "svc", - "nginx-ipv6", - "-o", - "jsonpath='{.spec.clusterIPs[*]}'", - ], - text=True, - capture_output=True, - ) - .stdout - ) - - for ip in addresses.split(): - addr = ip_address(ip.strip("'")) - if isinstance(addr, IPv6Address): - address = f"http://[{str(addr)}]" - elif isinstance(addr, IPv4Address): - assert False, "IPv4 address found in IPv6-only cluster" - else: - pytest.fail(f"Unknown IP address type: {addr}") - - # need to shell out otherwise this runs into permission errors - util.stubbornly(retries=3, delay_s=1).on(main).exec( - ["curl", address], shell=True - ) - - # This might take a while - util.stubbornly(retries=config.DEFAULT_WAIT_RETRIES, delay_s=20).until( - util.ready_nodes(main) == 3 - ) From a741eaae058483b7636cc1bbe11adaa9c12a9328 Mon Sep 17 00:00:00 2001 From: Nashwan Azhari Date: Mon, 11 Nov 2024 10:08:03 +0200 Subject: [PATCH 086/122] ci: run Trivy scans on release channels too (#782) Signed-off-by: Nashwan Azhari --- .github/workflows/cron-jobs.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cron-jobs.yaml b/.github/workflows/cron-jobs.yaml index 14f302107..bd9e125e7 100644 --- a/.github/workflows/cron-jobs.yaml +++ b/.github/workflows/cron-jobs.yaml @@ -82,6 +82,8 @@ jobs: - { branch: main, channel: latest/edge } # Stable branches # Add branches to test here + - { branch: release-1.30, channel: 1.30-classic/edge } + - { branch: release-1.31, channel: 1.31-classic/edge } steps: - name: Harden Runner From f6ef54829728a6ad369ad181eafc1ac486875869 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berkay=20Tekin=20=C3=96z?= Date: Mon, 11 Nov 2024 12:16:02 +0300 Subject: [PATCH 087/122] Temporary fix for sbom generation for metrics-server (#787) --- build-scripts/hack/generate-sbom.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/build-scripts/hack/generate-sbom.py b/build-scripts/hack/generate-sbom.py index b2bf1cc12..6ea25c9ea 100755 --- a/build-scripts/hack/generate-sbom.py +++ b/build-scripts/hack/generate-sbom.py @@ -212,7 +212,11 @@ def rock_coredns(manifest, extra_files): "revision": rock_repo_commit, }, "language": "go", - "details": ["coredns/1.11.1/rockcraft.yaml", "coredns/go.mod", "coredns/go.sum"], + "details": [ + "coredns/1.11.1/rockcraft.yaml", + "coredns/go.mod", + "coredns/go.sum", + ], "source": { "type": "git", "repo": repo_url, @@ -227,9 +231,10 @@ def rock_metrics_server(manifest, extra_files): with util.git_repo(METRICS_SERVER_ROCK_REPO, METRICS_SERVER_ROCK_TAG) as d: rock_repo_commit = util.parse_output(["git", "rev-parse", "HEAD"], cwd=d) - rockcraft = (d / "rockcraft.yaml").read_text() + # TODO(ben): This should not be hard coded. + rockcraft = (d / "0.7.0/rockcraft.yaml").read_text() - extra_files["metrics-server/rockcraft.yaml"] = rockcraft + extra_files["metrics-server/0.7.0/rockcraft.yaml"] = rockcraft rockcraft_yaml = yaml.safe_load(rockcraft) repo_url = rockcraft_yaml["parts"]["metrics-server"]["source"] @@ -249,7 +254,7 @@ def rock_metrics_server(manifest, extra_files): }, "language": "go", "details": [ - "metrics-server/rockcraft.yaml", + "metrics-server/0.7.0/rockcraft.yaml", "metrics-server/go.mod", "metrics-server/go.sum", ], From 13689bd4c77a5695f25cb69d1e0b7cb2eb712b88 Mon Sep 17 00:00:00 2001 From: Niamh Hennigan Date: Mon, 11 Nov 2024 02:26:33 -0800 Subject: [PATCH 088/122] KU-1983 Navigation (#783) * navigation rework Co-authored-by: Nick Veitch --- docs/canonicalk8s/about.md | 2 + docs/canonicalk8s/community.md | 2 + docs/canonicalk8s/index.md | 48 +++++++------------ docs/canonicalk8s/release.md | 2 + docs/src/_parts/template-tutorial | 2 +- docs/src/capi/howto/index.md | 2 +- docs/src/capi/index.md | 17 +++++++ docs/src/capi/reference/index.md | 2 +- docs/src/charm/explanation/index.md | 2 +- docs/src/charm/howto/index.md | 2 +- docs/src/charm/index.md | 29 ++++++++--- docs/src/charm/reference/charms.md | 2 +- docs/src/charm/reference/index.md | 2 +- docs/src/charm/tutorial/getting-started.md | 4 +- docs/src/snap/explanation/epa.md | 2 +- docs/src/snap/explanation/ingress.md | 4 +- docs/src/snap/howto/cis-hardening.md | 2 +- docs/src/snap/howto/epa.md | 6 +-- docs/src/snap/howto/index.md | 7 ++- docs/src/snap/howto/install/index.md | 6 +-- docs/src/snap/howto/install/lxd.md | 2 +- docs/src/snap/howto/install/offline.md | 7 ++- docs/src/snap/howto/install/snap.md | 2 +- docs/src/snap/howto/networking/default-dns.md | 2 +- .../snap/howto/networking/default-ingress.md | 4 +- .../howto/networking/default-loadbalancer.md | 2 +- .../snap/howto/networking/default-network.md | 2 +- docs/src/snap/howto/networking/index.md | 13 ++--- docs/src/snap/howto/networking/ipv6.md | 2 +- docs/src/snap/howto/{ => networking}/proxy.md | 2 +- docs/src/snap/howto/storage/ceph.md | 2 +- docs/src/snap/howto/storage/index.md | 4 +- docs/src/snap/howto/storage/storage.md | 2 +- docs/src/snap/index.md | 18 ++++++- docs/src/snap/reference/annotations.md | 2 +- docs/src/snap/reference/index.md | 2 +- docs/src/snap/reference/proxy.md | 3 +- docs/src/snap/tutorial/add-remove-nodes.md | 10 ++-- docs/src/snap/tutorial/getting-started.md | 12 ++--- docs/src/snap/tutorial/index.md | 6 +-- docs/src/snap/tutorial/kubectl.md | 2 +- 41 files changed, 143 insertions(+), 103 deletions(-) create mode 100644 docs/canonicalk8s/about.md create mode 100644 docs/canonicalk8s/community.md create mode 100644 docs/canonicalk8s/release.md rename docs/src/snap/howto/{ => networking}/proxy.md (98%) diff --git a/docs/canonicalk8s/about.md b/docs/canonicalk8s/about.md new file mode 100644 index 000000000..08309665a --- /dev/null +++ b/docs/canonicalk8s/about.md @@ -0,0 +1,2 @@ +```{include} src/snap/explanation/about.md +``` \ No newline at end of file diff --git a/docs/canonicalk8s/community.md b/docs/canonicalk8s/community.md new file mode 100644 index 000000000..66b0a8c9d --- /dev/null +++ b/docs/canonicalk8s/community.md @@ -0,0 +1,2 @@ +```{include} src/snap/reference/community.md +``` \ No newline at end of file diff --git a/docs/canonicalk8s/index.md b/docs/canonicalk8s/index.md index f7f8f5a8e..f84017892 100644 --- a/docs/canonicalk8s/index.md +++ b/docs/canonicalk8s/index.md @@ -19,40 +19,16 @@ Home :hidden: :titlesonly: :maxdepth: 6 -:caption: Deploy from Snap package -Overview -src/snap/tutorial/index -src/snap/howto/index -src/snap/explanation/index -src/snap/reference/index -``` -```{toctree} -:hidden: -:caption: Deploy with Juju -:titlesonly: -:glob: -Overview -src/charm/tutorial/index -src/charm/howto/index -src/charm/explanation/index -src/charm/reference/index -``` +about.md +Deploy from Snap package +Deploy with Juju +Deploy with Cluster API +Community +Release notes -```{toctree} -:hidden: -:caption: Deploy with Cluster API (WIP) -:titlesonly: -:glob: -Overview -src/capi/tutorial/index -src/capi/howto/index -src/capi/explanation/index -src/capi/reference/index ``` ---- - ````{grid} 1 1 2 2 ```{grid-item-card} @@ -60,7 +36,7 @@ src/capi/reference/index ### [Install K8s from a snap ›](src/snap/index) ^^^ Our tutorials, How To guides and other pages will explain how to install, - configure and use the {{product}} 'k8s' snap. + configure and use the {{product}} 'k8s' snap. This is a great option if you are new to Kubernetes. ``` ```{grid-item-card} @@ -79,6 +55,14 @@ Our tutorials, How To guides and other pages will explain how to install, Our tutorials, guides and explanation pages will explain how to install, configure and use {{product}} through CAPI. ``` + +```{grid-item-card} +:link: about +### [Overview of {{product}} ›](about) +^^^ +Find out more about {{product}}, what services are included and get the +answers to some common questions. +``` ```` --- @@ -104,5 +88,5 @@ and constructive feedback. [community]: src/snap/reference/community [contribute]: src/snap/howto/contribute [roadmap]: src/snap/reference/roadmap -[overview page]: src/snap/explanation/about +[overview page]: about [architecture documentation]: src/snap/reference/architecture diff --git a/docs/canonicalk8s/release.md b/docs/canonicalk8s/release.md new file mode 100644 index 000000000..ff4bc2dc1 --- /dev/null +++ b/docs/canonicalk8s/release.md @@ -0,0 +1,2 @@ +```{include} src/snap/reference/releases.md +``` \ No newline at end of file diff --git a/docs/src/_parts/template-tutorial b/docs/src/_parts/template-tutorial index 039f0ee52..d1d46591e 100644 --- a/docs/src/_parts/template-tutorial +++ b/docs/src/_parts/template-tutorial @@ -68,7 +68,7 @@ workload and remove everything again! ## Next Steps -- Keep mastering Canonical Kubernetes with kubectl: [How to use kubectl] +- How to control {{product}} with `kubectl`: [How to use kubectl] - Explore Kubernetes commands with our [Command Reference Guide] - Learn how to set up a multi-node environment [Setting up a K8s cluster] - Configure storage options [Storage] diff --git a/docs/src/capi/howto/index.md b/docs/src/capi/howto/index.md index 49fec0c83..3bf0cca3a 100644 --- a/docs/src/capi/howto/index.md +++ b/docs/src/capi/howto/index.md @@ -14,7 +14,7 @@ Overview :glob: :titlesonly: -external-etcd +Use external etcd rollout-upgrades in-place-upgrades upgrade-providers diff --git a/docs/src/capi/index.md b/docs/src/capi/index.md index fa1369fdb..4190229b6 100644 --- a/docs/src/capi/index.md +++ b/docs/src/capi/index.md @@ -1,5 +1,22 @@ # Installing {{product}} with Cluster API +```{toctree} +:hidden: +Overview +``` + +```{toctree} +:hidden: +:titlesonly: +:glob: +:caption: Deploy with Cluster API +Overview +tutorial/index.md +howto/index.md +explanation/index.md +reference/index.md +``` + Cluster API (CAPI) is a Kubernetes project focused on providing declarative APIs and tooling to simplify provisioning, upgrading, and operating multiple Kubernetes clusters. The supporting infrastructure, like virtual machines, networks, load balancers, and VPCs, as well as the cluster configuration are all defined in the same way that cluster operators are already familiar with. {{product}} supports deploying and operating Kubernetes through CAPI. ![Illustration depicting working on components and clouds][logo] diff --git a/docs/src/capi/reference/index.md b/docs/src/capi/reference/index.md index cd239300c..b37f2385f 100644 --- a/docs/src/capi/reference/index.md +++ b/docs/src/capi/reference/index.md @@ -12,7 +12,7 @@ Overview :titlesonly: releases annotations -community +Community configs ``` diff --git a/docs/src/charm/explanation/index.md b/docs/src/charm/explanation/index.md index e73fa9827..9b4652cf2 100644 --- a/docs/src/charm/explanation/index.md +++ b/docs/src/charm/explanation/index.md @@ -39,4 +39,4 @@ details or information such as the command reference or release notes. [Tutorials section]: ../tutorial/index [How-to guides]: ../howto/index [Reference section]: ../reference/index -[explanation topic]: ../explanation/index.md +[explanation topic]: ../../snap/explanation/index.md diff --git a/docs/src/charm/howto/index.md b/docs/src/charm/howto/index.md index d76e3913f..618ab666a 100644 --- a/docs/src/charm/howto/index.md +++ b/docs/src/charm/howto/index.md @@ -16,7 +16,7 @@ Overview charm install-lxd -etcd +Integrate with etcd proxy cos-lite contribute diff --git a/docs/src/charm/index.md b/docs/src/charm/index.md index 5ebb51296..bca4b8833 100644 --- a/docs/src/charm/index.md +++ b/docs/src/charm/index.md @@ -1,5 +1,22 @@ # {{product}} charm documentation +```{toctree} +:hidden: +Overview +``` + +```{toctree} +:hidden: +:titlesonly: +:caption: Deploy with Juju + +Overview +tutorial/index.md +howto/index.md +explanation/index.md +reference/index.md +``` + The {{product}} charm, `k8s`, is an operator: software which wraps an application and contains all of the instructions necessary for deploying, configuring, scaling, integrating the application on any cloud supported by @@ -66,10 +83,10 @@ and constructive feedback. [Code of Conduct]: https://ubuntu.com/community/ethos/code-of-conduct -[community]: /charm/reference/community -[contribute]: /snap/howto/contribute -[roadmap]: /snap/reference/roadmap -[overview page]: /charm/explanation/about -[arch]: /charm/reference/architecture +[community]: reference/community +[contribute]: ../snap/howto/contribute +[roadmap]: ../snap/reference/roadmap +[overview page]: explanation/about +[arch]: reference/architecture [Juju]: https://juju.is -[k8s snap package]: /snap/index \ No newline at end of file +[k8s snap package]: ../snap/index \ No newline at end of file diff --git a/docs/src/charm/reference/charms.md b/docs/src/charm/reference/charms.md index 29450218a..cac6f1949 100644 --- a/docs/src/charm/reference/charms.md +++ b/docs/src/charm/reference/charms.md @@ -29,7 +29,7 @@ implementation. [Juju]: https://juju.is -[explaining channels]: /charm/explanation/channels +[explaining channels]: ../explanation/channels [cs-k8s]: https://charmhub.io/k8s [cs-k8s-worker]: https://charmhub.io/k8s-worker [readme file]: https://github.com/canonical/k8s-operator#readme diff --git a/docs/src/charm/reference/index.md b/docs/src/charm/reference/index.md index 606de9a9a..d145e1bfd 100644 --- a/docs/src/charm/reference/index.md +++ b/docs/src/charm/reference/index.md @@ -15,7 +15,7 @@ releases charms proxy architecture -community +Community ``` diff --git a/docs/src/charm/tutorial/getting-started.md b/docs/src/charm/tutorial/getting-started.md index c43b189e5..b0859a5d1 100644 --- a/docs/src/charm/tutorial/getting-started.md +++ b/docs/src/charm/tutorial/getting-started.md @@ -239,5 +239,5 @@ informed of updates. [Juju client]: https://juju.is/docs/juju/install-and-manage-the-client [Juju tutorial]: https://juju.is/docs/juju/tutorial [Kubectl]: https://kubernetes.io/docs/reference/kubectl/ -[the channel explanation page]: /snap/explanation/channels -[releases page]: /charm/reference/releases \ No newline at end of file +[the channel explanation page]: ../../snap/explanation/channels +[releases page]: ../reference/releases \ No newline at end of file diff --git a/docs/src/snap/explanation/epa.md b/docs/src/snap/explanation/epa.md index c80df8e09..616da784f 100644 --- a/docs/src/snap/explanation/epa.md +++ b/docs/src/snap/explanation/epa.md @@ -543,5 +543,5 @@ components and their roles: [no_hz]: https://www.kernel.org/doc/Documentation/timers/NO_HZ.txt -[howto-epa]: /snap/howto/epa +[howto-epa]: ../howto/epa diff --git a/docs/src/snap/explanation/ingress.md b/docs/src/snap/explanation/ingress.md index fde9bc2e9..a915d701e 100644 --- a/docs/src/snap/explanation/ingress.md +++ b/docs/src/snap/explanation/ingress.md @@ -78,8 +78,8 @@ outlining rules that direct traffic to your application's Kubernetes service. -[Ingress]: /snap/howto/networking/default-ingress -[Network]: /snap/howto/networking/default-network +[Ingress]: ../howto/networking/default-ingress +[Network]: ../howto/networking/default-network [Cilium]: https://cilium.io/ [network plugin]: https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/ [Service]: https://kubernetes.io/docs/concepts/services-networking/service/ diff --git a/docs/src/snap/howto/cis-hardening.md b/docs/src/snap/howto/cis-hardening.md index 3e1039cb6..dcc476fcd 100644 --- a/docs/src/snap/howto/cis-hardening.md +++ b/docs/src/snap/howto/cis-hardening.md @@ -286,7 +286,7 @@ the sets, including the dqlite specific checks in the output. [Center for Internet Security (CIS)]:https://www.cisecurity.org/ [kube-bench]:https://aquasecurity.github.io/kube-bench/v0.6.15/ [CIS Kubernetes Benchmark]:https://www.cisecurity.org/benchmark/kubernetes -[getting-started-guide]: /snap/tutorial/getting-started +[getting-started-guide]: ../tutorial/getting-started [kube-bench release]: https://github.com/aquasecurity/kube-bench/releases [upstream instructions]:https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/ [rate limits]:https://kubernetes.io/docs/reference/config-api/apiserver-eventratelimit.v1alpha1 diff --git a/docs/src/snap/howto/epa.md b/docs/src/snap/howto/epa.md index 50e6b4783..b030a0585 100644 --- a/docs/src/snap/howto/epa.md +++ b/docs/src/snap/howto/epa.md @@ -1141,8 +1141,8 @@ the correct PCI address: [MAAS]: https://maas.io -[channel]: https://documentation.ubuntu.com/canonical-kubernetes/latest/snap/explanation/channels/ -[install-link]: /snap/howto/install/snap +[channel]: ../explanation/channels/ +[install-link]: install/snap [snap]: https://snapcraft.io/docs [cyclictest]: https://github.com/jlelli/rt-tests -[explain-epa]: /snap/explanation/epa \ No newline at end of file +[explain-epa]: ../explanation/epa \ No newline at end of file diff --git a/docs/src/snap/howto/index.md b/docs/src/snap/howto/index.md index 0ad1890b6..0df54a503 100644 --- a/docs/src/snap/howto/index.md +++ b/docs/src/snap/howto/index.md @@ -17,16 +17,15 @@ Overview install/index networking/index storage/index -external-datastore -proxy +Use an external datastore backup-restore refresh-certs restore-quorum two-node-ha -epa +Set up Enhanced Platform Awareness cis-hardening contribute -support +Get support ``` --- diff --git a/docs/src/snap/howto/install/index.md b/docs/src/snap/howto/install/index.md index 6c7403acc..76e1169c7 100644 --- a/docs/src/snap/howto/install/index.md +++ b/docs/src/snap/howto/install/index.md @@ -12,8 +12,8 @@ the current How-to guides below. :glob: :titlesonly: -snap +Install from a snap multipass -lxd -offline +Install in LXD +Install in air-gapped environments ``` diff --git a/docs/src/snap/howto/install/lxd.md b/docs/src/snap/howto/install/lxd.md index e81a1c11b..f72afaa4f 100644 --- a/docs/src/snap/howto/install/lxd.md +++ b/docs/src/snap/howto/install/lxd.md @@ -239,4 +239,4 @@ need to access for example storage devices (See comment in [^5]). [default-bridged-networking]: https://ubuntu.com/blog/lxd-networking-lxdbr0-explained [Microbot]: https://github.com/dontrebootme/docker-microbot [AppArmor]: https://apparmor.net/ -[channels]: /snap/explanation/channels +[channels]: ../../explanation/channels diff --git a/docs/src/snap/howto/install/offline.md b/docs/src/snap/howto/install/offline.md index 545e37ab4..d44fb1642 100644 --- a/docs/src/snap/howto/install/offline.md +++ b/docs/src/snap/howto/install/offline.md @@ -29,7 +29,7 @@ are necessary to verify the integrity of the packages. ```{note} Update the version of k8s by adjusting the channel parameter. For more information on channels visit the -[channels explanation](/snap/explanation/channels.md). +[channels explanation](../../explanation/channels.md). ``` ```{note} @@ -299,11 +299,10 @@ After a while, confirm that all the cluster nodes show up in the output of the [Core20]: https://canonical.com/blog/ubuntu-core-20-secures-linux-for-iot -[svc-ports]: /snap/explanation/services-and-ports.md -[proxy]: /snap/howto/proxy.md +[proxy]: ../networking/proxy.md [sync-images-yaml]: https://github.com/canonical/k8s-snap/blob/main/build-scripts/hack/sync-images.yaml [regsync]: https://github.com/regclient/regclient/blob/main/docs/regsync.md [regctl]: https://github.com/regclient/regclient/blob/main/docs/regctl.md [regctl.sh]: https://github.com/canonical/k8s-snap/blob/main/src/k8s/tools/regctl.sh -[nodes]: /snap/tutorial/add-remove-nodes.md +[nodes]: ../../tutorial/add-remove-nodes.md [squid]: https://www.squid-cache.org/ diff --git a/docs/src/snap/howto/install/snap.md b/docs/src/snap/howto/install/snap.md index cc16e7cd6..b18afdf1c 100644 --- a/docs/src/snap/howto/install/snap.md +++ b/docs/src/snap/howto/install/snap.md @@ -80,4 +80,4 @@ ready state. [channels page]: ../../explanation/channels [snap]: https://snapcraft.io/docs [snapd support]: https://snapcraft.io/docs/installing-snapd -[bootstrap]: /snap/reference/bootstrap-config-reference \ No newline at end of file +[bootstrap]: ../../reference/bootstrap-config-reference \ No newline at end of file diff --git a/docs/src/snap/howto/networking/default-dns.md b/docs/src/snap/howto/networking/default-dns.md index 34722d3a1..6cc6e4aac 100644 --- a/docs/src/snap/howto/networking/default-dns.md +++ b/docs/src/snap/howto/networking/default-dns.md @@ -94,4 +94,4 @@ sudo k8s help disable -[getting-started-guide]: /snap/tutorial/getting-started +[getting-started-guide]: ../../tutorial/getting-started diff --git a/docs/src/snap/howto/networking/default-ingress.md b/docs/src/snap/howto/networking/default-ingress.md index 90498d910..2340c806d 100644 --- a/docs/src/snap/howto/networking/default-ingress.md +++ b/docs/src/snap/howto/networking/default-ingress.md @@ -107,5 +107,5 @@ sudo k8s help disable [kubectl-create-secret-tls/]: https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_tls/ [proxy-protocol]: https://kubernetes.io/docs/reference/networking/service-protocols/#protocol-proxy-special -[getting-started-guide]: /snap/tutorial/getting-started -[kubectl-guide]: /snap/tutorial/kubectl +[getting-started-guide]: ../../tutorial/getting-started +[kubectl-guide]: ../../tutorial/kubectl diff --git a/docs/src/snap/howto/networking/default-loadbalancer.md b/docs/src/snap/howto/networking/default-loadbalancer.md index 0fd14ced9..4ca55115a 100644 --- a/docs/src/snap/howto/networking/default-loadbalancer.md +++ b/docs/src/snap/howto/networking/default-loadbalancer.md @@ -82,4 +82,4 @@ sudo k8s disable load-balancer [cidr]: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing -[getting-started-guide]: /snap/tutorial/getting-started +[getting-started-guide]: ../../tutorial/getting-started diff --git a/docs/src/snap/howto/networking/default-network.md b/docs/src/snap/howto/networking/default-network.md index bde0aad9e..d39537bc2 100644 --- a/docs/src/snap/howto/networking/default-network.md +++ b/docs/src/snap/howto/networking/default-network.md @@ -91,4 +91,4 @@ sudo k8s disable network --help -[getting-started-guide]: /snap/tutorial/getting-started +[getting-started-guide]: ../../tutorial/getting-started diff --git a/docs/src/snap/howto/networking/index.md b/docs/src/snap/howto/networking/index.md index 4973f6f82..d015577a2 100644 --- a/docs/src/snap/howto/networking/index.md +++ b/docs/src/snap/howto/networking/index.md @@ -11,10 +11,11 @@ how to configure and use key capabilities of {{product}}. ```{toctree} :titlesonly: -default-dns.md -default-network.md -default-ingress.md -default-loadbalancer.md -dualstack.md -ipv6.md +Use default DNS +Use default network +Use default Ingress +Use default load-balancer +Enable Dual-Stack networking +Set up an IPv6-only cluster +Configure proxy settings ``` diff --git a/docs/src/snap/howto/networking/ipv6.md b/docs/src/snap/howto/networking/ipv6.md index 143379ab7..da88ef9a5 100644 --- a/docs/src/snap/howto/networking/ipv6.md +++ b/docs/src/snap/howto/networking/ipv6.md @@ -1,4 +1,4 @@ -# How to Setup an IPv6-Only Cluster +# How to set up an IPv6-Only Cluster An IPv6-only Kubernetes cluster operates exclusively using IPv6 addresses, without support for IPv4. This configuration is ideal for environments that diff --git a/docs/src/snap/howto/proxy.md b/docs/src/snap/howto/networking/proxy.md similarity index 98% rename from docs/src/snap/howto/proxy.md rename to docs/src/snap/howto/networking/proxy.md index 29a138b72..c6f78b674 100644 --- a/docs/src/snap/howto/proxy.md +++ b/docs/src/snap/howto/networking/proxy.md @@ -53,5 +53,5 @@ see the [documentation for adding proxy configuration via Juju][juju-proxy]. -[juju-proxy]: /charm/howto/proxy +[juju-proxy]: ../../../charm/howto/proxy [squid]: https://ubuntu.com/server/docs/how-to-install-a-squid-server diff --git a/docs/src/snap/howto/storage/ceph.md b/docs/src/snap/howto/storage/ceph.md index ff55d10dd..e318ea8f1 100644 --- a/docs/src/snap/howto/storage/ceph.md +++ b/docs/src/snap/howto/storage/ceph.md @@ -331,7 +331,7 @@ Ceph documentation: [Intro to Ceph]. [Ceph]: https://ceph.com/ -[getting-started-guide]: /snap/tutorial/getting-started.md +[getting-started-guide]: ../../tutorial/getting-started.md [block-devices-and-kubernetes]: https://docs.ceph.com/en/latest/rbd/rbd-kubernetes/ [placement groups]: https://docs.ceph.com/en/mimic/rados/operations/placement-groups/ [Intro to Ceph]: https://docs.ceph.com/en/latest/start/intro/ diff --git a/docs/src/snap/howto/storage/index.md b/docs/src/snap/howto/storage/index.md index 4310beac7..43728a9ba 100644 --- a/docs/src/snap/howto/storage/index.md +++ b/docs/src/snap/howto/storage/index.md @@ -12,6 +12,6 @@ default storage built-in to {{product}}. ```{toctree} :titlesonly: -storage -ceph +Use default storage +Use Ceph storage ``` \ No newline at end of file diff --git a/docs/src/snap/howto/storage/storage.md b/docs/src/snap/howto/storage/storage.md index 71e9c3dd1..3b7d0a261 100644 --- a/docs/src/snap/howto/storage/storage.md +++ b/docs/src/snap/howto/storage/storage.md @@ -62,4 +62,4 @@ Disabling storage only removes the CSI driver. The persistent volume claims will still be available and your data will remain on disk. -[getting-started-guide]: /snap/tutorial/getting-started.md +[getting-started-guide]: ../../tutorial/getting-started.md diff --git a/docs/src/snap/index.md b/docs/src/snap/index.md index 7022a799f..10ec043e9 100644 --- a/docs/src/snap/index.md +++ b/docs/src/snap/index.md @@ -1,5 +1,21 @@ # {{product}} snap documentation +```{toctree} +:hidden: +Overview +``` + +```{toctree} +:hidden: +:titlesonly: +:maxdepth: 6 +Overview +tutorial/index.md +howto/index.md +explanation/index.md +reference/index.md +``` + The {{product}} snap is a performant, lightweight, secure and opinionated distribution of **Kubernetes** which includes everything needed to create and manage a scalable cluster suitable for all use cases. @@ -70,4 +86,4 @@ and constructive feedback. [roadmap]: ./reference/roadmap [overview page]: ./explanation/about [architecture documentation]: ./reference/architecture -[Juju charm]: /charm/index +[Juju charm]: ../charm/index diff --git a/docs/src/snap/reference/annotations.md b/docs/src/snap/reference/annotations.md index a825c0f4d..5a8ebf2b1 100644 --- a/docs/src/snap/reference/annotations.md +++ b/docs/src/snap/reference/annotations.md @@ -33,4 +33,4 @@ the bootstrap configuration. -[bootstrap]: /snap/reference/bootstrap-config-reference +[bootstrap]: bootstrap-config-reference diff --git a/docs/src/snap/reference/index.md b/docs/src/snap/reference/index.md index 840b4ab56..bd7a9217f 100644 --- a/docs/src/snap/reference/index.md +++ b/docs/src/snap/reference/index.md @@ -21,7 +21,7 @@ worker-join-config-reference proxy troubleshooting architecture -community +Community roadmap ``` diff --git a/docs/src/snap/reference/proxy.md b/docs/src/snap/reference/proxy.md index cc8d17465..31acde759 100644 --- a/docs/src/snap/reference/proxy.md +++ b/docs/src/snap/reference/proxy.md @@ -37,5 +37,6 @@ how to set these. -[How to guide for configuring proxies for the k8s snap]: ../howto/proxy +[How to guide for configuring proxies for the k8s snap]: ../howto/networking/proxy [How to guide for configuring proxies for k8s charms]: ../../charm/howto/proxy + diff --git a/docs/src/snap/tutorial/add-remove-nodes.md b/docs/src/snap/tutorial/add-remove-nodes.md index b36fd9a55..24b2bb88a 100644 --- a/docs/src/snap/tutorial/add-remove-nodes.md +++ b/docs/src/snap/tutorial/add-remove-nodes.md @@ -142,7 +142,7 @@ multipass purge ## Next Steps - Discover how to enable and configure Ingress resources [Ingress][Ingress] -- Keep mastering {{product}} with kubectl [How to use +- Learn more about {{product}} with kubectl [How to use kubectl][Kubectl] - Explore Kubernetes commands with our [Command Reference Guide][Command Reference] @@ -153,8 +153,8 @@ multipass purge [Getting started]: getting-started [Multipass Installation]: https://multipass.run/install -[Ingress]: /snap/howto/networking/default-ingress +[Ingress]: ../howto/networking/default-ingress [Kubectl]: kubectl -[Command Reference]: /snap/reference/commands -[Storage]: /snap/howto/storage/index -[Networking]: /snap/howto/networking/index.md +[Command Reference]: ../reference/commands +[Storage]: ../howto/storage/index +[Networking]: ../howto/networking/index.md diff --git a/docs/src/snap/tutorial/getting-started.md b/docs/src/snap/tutorial/getting-started.md index a79c8031d..69832a87d 100644 --- a/docs/src/snap/tutorial/getting-started.md +++ b/docs/src/snap/tutorial/getting-started.md @@ -203,18 +203,18 @@ This option ensures complete removal of the snap and its associated data. ## Next Steps -- Keep mastering {{product}} with kubectl: [How to use kubectl] +- Learn more about {{product}} with kubectl: [How to use kubectl] - Explore Kubernetes commands with our [Command Reference Guide] - Learn how to set up a multi-node environment [Setting up a K8s cluster] -- Configure storage options [Storage] +- Configure storage options: [Storage] - Master Kubernetes networking concepts: [Networking] - Discover how to enable and configure Ingress resources [Ingress] [How to use kubectl]: kubectl -[Command Reference Guide]: /snap/reference/commands +[Command Reference Guide]: ../reference/commands [Setting up a K8s cluster]: add-remove-nodes -[Storage]: /snap/howto/storage/index -[Networking]: /snap/howto/networking/index.md -[Ingress]: /snap/howto/networking/default-ingress.md \ No newline at end of file +[Storage]: ../howto/storage/index +[Networking]: ../howto/networking/index.md +[Ingress]: ../howto/networking/default-ingress.md \ No newline at end of file diff --git a/docs/src/snap/tutorial/index.md b/docs/src/snap/tutorial/index.md index 237c89aed..b124db24b 100644 --- a/docs/src/snap/tutorial/index.md +++ b/docs/src/snap/tutorial/index.md @@ -33,6 +33,6 @@ Finally, our [Reference section] is for when you need to check specific details or information such as the command reference or release notes. -[How-to guides]: /snap/howto/index -[Explanation section]: /snap/explanation/index -[Reference section]: /snap/reference/index +[How-to guides]: ../howto/index +[Explanation section]: ../explanation/index +[Reference section]: ../reference/index diff --git a/docs/src/snap/tutorial/kubectl.md b/docs/src/snap/tutorial/kubectl.md index 2f9fed807..02b643c18 100644 --- a/docs/src/snap/tutorial/kubectl.md +++ b/docs/src/snap/tutorial/kubectl.md @@ -123,7 +123,7 @@ pods will have a status of `ContainerCreating`. -[Command Reference Guide]: /snap/reference/commands +[Command Reference Guide]: ../reference/commands [Getting Started]: getting-started [kubernetes-api-server]: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ [kubeconfig-doc]: https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/ From 00ab5b03981ffd9e67fe7ff64c0924e25409aafe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berkay=20Tekin=20=C3=96z?= Date: Tue, 12 Nov 2024 14:46:56 +0300 Subject: [PATCH 089/122] Pass localhost address from the start hook instead of embedding into cluster config (#775) --- src/k8s/pkg/k8sd/app/cluster_util.go | 21 +++ src/k8s/pkg/k8sd/app/cluster_util_test.go | 120 ++++++++++++++++++ src/k8s/pkg/k8sd/app/hooks_bootstrap.go | 2 - src/k8s/pkg/k8sd/app/hooks_start.go | 18 +++ src/k8s/pkg/k8sd/controllers/feature.go | 7 +- src/k8s/pkg/k8sd/features/calico/network.go | 2 +- .../pkg/k8sd/features/calico/network_test.go | 12 +- src/k8s/pkg/k8sd/features/cilium/network.go | 5 +- .../pkg/k8sd/features/cilium/network_test.go | 55 ++++---- src/k8s/pkg/k8sd/features/interface.go | 8 +- .../pkg/k8sd/types/cluster_config_merge.go | 1 - .../pkg/k8sd/types/cluster_config_network.go | 16 +-- 12 files changed, 210 insertions(+), 57 deletions(-) create mode 100644 src/k8s/pkg/k8sd/app/cluster_util_test.go diff --git a/src/k8s/pkg/k8sd/app/cluster_util.go b/src/k8s/pkg/k8sd/app/cluster_util.go index 9255be3e4..46b23d366 100644 --- a/src/k8s/pkg/k8sd/app/cluster_util.go +++ b/src/k8s/pkg/k8sd/app/cluster_util.go @@ -3,10 +3,12 @@ package app import ( "context" "fmt" + "net" "github.com/canonical/k8s/pkg/k8sd/setup" "github.com/canonical/k8s/pkg/snap" snaputil "github.com/canonical/k8s/pkg/snap/util" + mctypes "github.com/canonical/microcluster/v3/rest/types" ) func startControlPlaneServices(ctx context.Context, snap snap.Snap, datastore string) error { @@ -58,3 +60,22 @@ func waitApiServerReady(ctx context.Context, snap snap.Snap) error { return nil } + +func DetermineLocalhostAddress(clusterMembers []mctypes.ClusterMember) (string, error) { + // Check if any of the cluster members have an IPv6 address, if so return "::1" + // if one member has an IPv6 address, other members should also have IPv6 interfaces + for _, clusterMember := range clusterMembers { + memberAddress := clusterMember.Address.Addr().String() + nodeIP := net.ParseIP(memberAddress) + if nodeIP == nil { + return "", fmt.Errorf("failed to parse node IP address %q", memberAddress) + } + + if nodeIP.To4() == nil { + return "[::1]", nil + } + } + + // If no IPv6 addresses are found this means the cluster is IPv4 only + return "127.0.0.1", nil +} diff --git a/src/k8s/pkg/k8sd/app/cluster_util_test.go b/src/k8s/pkg/k8sd/app/cluster_util_test.go new file mode 100644 index 000000000..acd6b5e1e --- /dev/null +++ b/src/k8s/pkg/k8sd/app/cluster_util_test.go @@ -0,0 +1,120 @@ +package app_test + +import ( + "net/netip" + "testing" + + "github.com/canonical/k8s/pkg/k8sd/app" + mctypes "github.com/canonical/microcluster/v3/rest/types" + . "github.com/onsi/gomega" +) + +func TestDetermineLocalhostAddress(t *testing.T) { + t.Run("IPv4Only", func(t *testing.T) { + g := NewWithT(t) + + mockMembers := []mctypes.ClusterMember{ + { + ClusterMemberLocal: mctypes.ClusterMemberLocal{ + Name: "node1", + Address: mctypes.AddrPort{ + AddrPort: netip.MustParseAddrPort("10.1.0.1:1234"), + }, + }, + }, + { + ClusterMemberLocal: mctypes.ClusterMemberLocal{ + Name: "node2", + Address: mctypes.AddrPort{ + AddrPort: netip.MustParseAddrPort("10.1.0.2:1234"), + }, + }, + }, + { + ClusterMemberLocal: mctypes.ClusterMemberLocal{ + Name: "node3", + Address: mctypes.AddrPort{ + AddrPort: netip.MustParseAddrPort("10.1.0.3:1234"), + }, + }, + }, + } + + localhostAddress, err := app.DetermineLocalhostAddress(mockMembers) + + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(localhostAddress).To(Equal("127.0.0.1")) + }) + + t.Run("IPv6Only", func(t *testing.T) { + g := NewWithT(t) + + mockMembers := []mctypes.ClusterMember{ + { + ClusterMemberLocal: mctypes.ClusterMemberLocal{ + Name: "node1", + Address: mctypes.AddrPort{ + AddrPort: netip.MustParseAddrPort("[fda1:8e75:b6ef::]:1234"), + }, + }, + }, + { + ClusterMemberLocal: mctypes.ClusterMemberLocal{ + Name: "node2", + Address: mctypes.AddrPort{ + AddrPort: netip.MustParseAddrPort("[fd51:d664:aca3::]:1234"), + }, + }, + }, + { + ClusterMemberLocal: mctypes.ClusterMemberLocal{ + Name: "node3", + Address: mctypes.AddrPort{ + AddrPort: netip.MustParseAddrPort("[fda3:c11d:3cda::]:1234"), + }, + }, + }, + } + + localhostAddress, err := app.DetermineLocalhostAddress(mockMembers) + + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(localhostAddress).To(Equal("[::1]")) + }) + + t.Run("IPv4_IPv6_Mixed", func(t *testing.T) { + g := NewWithT(t) + + mockMembers := []mctypes.ClusterMember{ + { + ClusterMemberLocal: mctypes.ClusterMemberLocal{ + Name: "node1", + Address: mctypes.AddrPort{ + AddrPort: netip.MustParseAddrPort("10.1.0.1:1234"), + }, + }, + }, + { + ClusterMemberLocal: mctypes.ClusterMemberLocal{ + Name: "node2", + Address: mctypes.AddrPort{ + AddrPort: netip.MustParseAddrPort("[fd51:d664:aca3::]:1234"), + }, + }, + }, + { + ClusterMemberLocal: mctypes.ClusterMemberLocal{ + Name: "node3", + Address: mctypes.AddrPort{ + AddrPort: netip.MustParseAddrPort("10.1.0.3:1234"), + }, + }, + }, + } + + localhostAddress, err := app.DetermineLocalhostAddress(mockMembers) + + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(localhostAddress).To(Equal("[::1]")) + }) +} diff --git a/src/k8s/pkg/k8sd/app/hooks_bootstrap.go b/src/k8s/pkg/k8sd/app/hooks_bootstrap.go index 9e1b05798..1386edca9 100644 --- a/src/k8s/pkg/k8sd/app/hooks_bootstrap.go +++ b/src/k8s/pkg/k8sd/app/hooks_bootstrap.go @@ -307,8 +307,6 @@ func (a *App) onBootstrapControlPlane(ctx context.Context, s state.State, bootst localhostAddress = "127.0.0.1" } - cfg.Network.LocalhostAddress = utils.Pointer(localhostAddress) - // Create directories if err := setup.EnsureAllDirectories(snap); err != nil { return fmt.Errorf("failed to create directories: %w", err) diff --git a/src/k8s/pkg/k8sd/app/hooks_start.go b/src/k8s/pkg/k8sd/app/hooks_start.go index c86515fbb..1f5cecc3e 100644 --- a/src/k8s/pkg/k8sd/app/hooks_start.go +++ b/src/k8s/pkg/k8sd/app/hooks_start.go @@ -61,6 +61,24 @@ func (a *App) onStart(ctx context.Context, s state.State) error { func(ctx context.Context) (types.ClusterConfig, error) { return databaseutil.GetClusterConfig(ctx, s) }, + func() (string, error) { + c, err := s.Leader() + if err != nil { + return "", fmt.Errorf("failed to get leader client: %w", err) + } + + clusterMembers, err := c.GetClusterMembers(ctx) + if err != nil { + return "", fmt.Errorf("failed to get cluster members: %w", err) + } + + localhostAddress, err := DetermineLocalhostAddress(clusterMembers) + if err != nil { + return "", fmt.Errorf("failed to determine localhost address: %w", err) + } + + return localhostAddress, nil + }, func(ctx context.Context, dnsIP string) error { if err := s.Database().Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error { if _, err := database.SetClusterConfig(ctx, tx, types.ClusterConfig{ diff --git a/src/k8s/pkg/k8sd/controllers/feature.go b/src/k8s/pkg/k8sd/controllers/feature.go index 4013e0cbc..33589b88e 100644 --- a/src/k8s/pkg/k8sd/controllers/feature.go +++ b/src/k8s/pkg/k8sd/controllers/feature.go @@ -72,6 +72,7 @@ func NewFeatureController(opts FeatureControllerOpts) *FeatureController { func (c *FeatureController) Run( ctx context.Context, getClusterConfig func(context.Context) (types.ClusterConfig, error), + getLocalhostAddress func() (string, error), notifyDNSChangedIP func(ctx context.Context, dnsIP string) error, setFeatureStatus func(ctx context.Context, name types.FeatureName, featureStatus types.FeatureStatus) error, ) { @@ -79,7 +80,11 @@ func (c *FeatureController) Run( ctx = log.NewContext(ctx, log.FromContext(ctx).WithValues("controller", "feature")) go c.reconcileLoop(ctx, getClusterConfig, setFeatureStatus, features.Network, c.triggerNetworkCh, c.reconciledNetworkCh, func(cfg types.ClusterConfig) (types.FeatureStatus, error) { - return features.Implementation.ApplyNetwork(ctx, c.snap, cfg.APIServer, cfg.Network, cfg.Annotations) + localhostAddress, err := getLocalhostAddress() + if err != nil { + return types.FeatureStatus{Enabled: false, Message: "failed to determine the localhost address"}, fmt.Errorf("failed to get localhost address: %w", err) + } + return features.Implementation.ApplyNetwork(ctx, c.snap, localhostAddress, cfg.APIServer, cfg.Network, cfg.Annotations) }) go c.reconcileLoop(ctx, getClusterConfig, setFeatureStatus, features.Gateway, c.triggerGatewayCh, c.reconciledGatewayCh, func(cfg types.ClusterConfig) (types.FeatureStatus, error) { diff --git a/src/k8s/pkg/k8sd/features/calico/network.go b/src/k8s/pkg/k8sd/features/calico/network.go index 732e8f6c6..8820e6c8f 100644 --- a/src/k8s/pkg/k8sd/features/calico/network.go +++ b/src/k8s/pkg/k8sd/features/calico/network.go @@ -23,7 +23,7 @@ const ( // deployment. // ApplyNetwork returns an error if anything fails. The error is also wrapped in the .Message field of the // returned FeatureStatus. -func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer, network types.Network, annotations types.Annotations) (types.FeatureStatus, error) { +func ApplyNetwork(ctx context.Context, snap snap.Snap, _ string, apiserver types.APIServer, network types.Network, annotations types.Annotations) (types.FeatureStatus, error) { m := snap.HelmClient() if !network.GetEnabled() { diff --git a/src/k8s/pkg/k8sd/features/calico/network_test.go b/src/k8s/pkg/k8sd/features/calico/network_test.go index 39142decd..c74be416c 100644 --- a/src/k8s/pkg/k8sd/features/calico/network_test.go +++ b/src/k8s/pkg/k8sd/features/calico/network_test.go @@ -45,7 +45,7 @@ func TestDisabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := calico.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := calico.ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, nil) g.Expect(err).To(MatchError(applyErr)) g.Expect(status.Enabled).To(BeFalse()) @@ -74,7 +74,7 @@ func TestDisabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := calico.ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := calico.ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, nil) g.Expect(err).ToNot(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) @@ -107,7 +107,7 @@ func TestEnabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := calico.ApplyNetwork(context.Background(), snapM, apiserver, network, defaultAnnotations) + status, err := calico.ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, defaultAnnotations) g.Expect(err).To(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) @@ -132,7 +132,7 @@ func TestEnabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := calico.ApplyNetwork(context.Background(), snapM, apiserver, network, defaultAnnotations) + status, err := calico.ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, defaultAnnotations) g.Expect(err).To(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) @@ -160,7 +160,7 @@ func TestEnabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := calico.ApplyNetwork(context.Background(), snapM, apiserver, network, defaultAnnotations) + status, err := calico.ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, defaultAnnotations) g.Expect(err).To(MatchError(applyErr)) g.Expect(status.Enabled).To(BeFalse()) @@ -191,7 +191,7 @@ func TestEnabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := calico.ApplyNetwork(context.Background(), snapM, apiserver, network, defaultAnnotations) + status, err := calico.ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, defaultAnnotations) g.Expect(err).ToNot(HaveOccurred()) g.Expect(status.Enabled).To(BeTrue()) diff --git a/src/k8s/pkg/k8sd/features/cilium/network.go b/src/k8s/pkg/k8sd/features/cilium/network.go index e9eb72011..5d79a5b43 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network.go +++ b/src/k8s/pkg/k8sd/features/cilium/network.go @@ -3,6 +3,7 @@ package cilium import ( "context" "fmt" + "strings" "github.com/canonical/k8s/pkg/client/helm" "github.com/canonical/k8s/pkg/k8sd/types" @@ -31,7 +32,7 @@ var ( // deployment. // ApplyNetwork returns an error if anything fails. The error is also wrapped in the .Message field of the // returned FeatureStatus. -func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer, network types.Network, annotations types.Annotations) (types.FeatureStatus, error) { +func ApplyNetwork(ctx context.Context, snap snap.Snap, localhostAddress string, apiserver types.APIServer, network types.Network, annotations types.Annotations) (types.FeatureStatus, error) { m := snap.HelmClient() if !network.GetEnabled() { @@ -124,7 +125,7 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer "disableEnvoyVersionCheck": true, // socketLB requires an endpoint to the apiserver that's not managed by the kube-proxy // so we point to the localhost:secureport to talk to either the kube-apiserver or the kube-apiserver-proxy - "k8sServiceHost": network.GetLocalhostAddress(), + "k8sServiceHost": strings.Trim(localhostAddress, "[]"), // Cilium already adds the brackets for ipv6 addresses, so we need to remove them "k8sServicePort": apiserver.GetSecurePort(), // This flag enables the runtime device detection which is set to true by default in Cilium 1.16+ "enableRuntimeDeviceDetection": true, diff --git a/src/k8s/pkg/k8sd/features/cilium/network_test.go b/src/k8s/pkg/k8sd/features/cilium/network_test.go index 72551caa0..eb40caaef 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network_test.go +++ b/src/k8s/pkg/k8sd/features/cilium/network_test.go @@ -46,7 +46,7 @@ func TestNetworkDisabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, nil) g.Expect(err).To(MatchError(applyErr)) g.Expect(status.Enabled).To(BeFalse()) @@ -76,7 +76,7 @@ func TestNetworkDisabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, nil) g.Expect(err).ToNot(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) @@ -109,7 +109,7 @@ func TestNetworkEnabled(t *testing.T) { SecurePort: ptr.To(6443), } - status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, nil) g.Expect(err).To(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) @@ -128,15 +128,14 @@ func TestNetworkEnabled(t *testing.T) { }, } network := types.Network{ - Enabled: ptr.To(true), - LocalhostAddress: ptr.To("127.0.0.1"), - PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + Enabled: ptr.To(true), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), } apiserver := types.APIServer{ SecurePort: ptr.To(6443), } - status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, annotations) + status, err := ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, annotations) g.Expect(err).ToNot(HaveOccurred()) g.Expect(status.Enabled).To(BeTrue()) @@ -163,15 +162,14 @@ func TestNetworkEnabled(t *testing.T) { }, } network := types.Network{ - Enabled: ptr.To(true), - LocalhostAddress: ptr.To("127.0.0.1"), - PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + Enabled: ptr.To(true), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), } apiserver := types.APIServer{ SecurePort: ptr.To(6443), } - status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, annotations) + status, err := ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, annotations) g.Expect(err).To(MatchError(applyErr)) g.Expect(status.Enabled).To(BeFalse()) @@ -205,9 +203,8 @@ func TestNetworkMountPath(t *testing.T) { }, } network := types.Network{ - Enabled: ptr.To(true), - LocalhostAddress: ptr.To("127.0.0.1"), - PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + Enabled: ptr.To(true), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), } apiserver := types.APIServer{ SecurePort: ptr.To(6443), @@ -219,7 +216,7 @@ func TestNetworkMountPath(t *testing.T) { return tc.name, nil } - status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, nil) g.Expect(err).To(HaveOccurred()) g.Expect(err).To(MatchError(mountPathErr)) @@ -247,15 +244,14 @@ func TestNetworkMountPropagationType(t *testing.T) { }, } network := types.Network{ - Enabled: ptr.To(true), - LocalhostAddress: ptr.To("127.0.0.1"), - PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + Enabled: ptr.To(true), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), } apiserver := types.APIServer{ SecurePort: ptr.To(6443), } - status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, nil) g.Expect(err).To(HaveOccurred()) g.Expect(err).To(MatchError(mountErr)) @@ -281,9 +277,8 @@ func TestNetworkMountPropagationType(t *testing.T) { }, } network := types.Network{ - Enabled: ptr.To(true), - LocalhostAddress: ptr.To("127.0.0.1"), - PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + Enabled: ptr.To(true), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), } apiserver := types.APIServer{ SecurePort: ptr.To(6443), @@ -291,7 +286,7 @@ func TestNetworkMountPropagationType(t *testing.T) { logger := ktesting.NewLogger(t, ktesting.NewConfig(ktesting.BufferLogs(true))) ctx := klog.NewContext(context.Background(), logger) - status, err := ApplyNetwork(ctx, snapM, apiserver, network, nil) + status, err := ApplyNetwork(ctx, snapM, "127.0.0.1", apiserver, network, nil) g.Expect(err).To(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) @@ -321,15 +316,14 @@ func TestNetworkMountPropagationType(t *testing.T) { }, } network := types.Network{ - Enabled: ptr.To(true), - LocalhostAddress: ptr.To("127.0.0.1"), - PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + Enabled: ptr.To(true), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), } apiserver := types.APIServer{ SecurePort: ptr.To(6443), } - status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, nil) g.Expect(err).To(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) @@ -353,15 +347,14 @@ func TestNetworkMountPropagationType(t *testing.T) { }, } network := types.Network{ - Enabled: ptr.To(true), - LocalhostAddress: ptr.To("127.0.0.1"), - PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), + Enabled: ptr.To(true), + PodCIDR: ptr.To("192.0.2.0/24,2001:db8::/32"), } apiserver := types.APIServer{ SecurePort: ptr.To(6443), } - status, err := ApplyNetwork(context.Background(), snapM, apiserver, network, nil) + status, err := ApplyNetwork(context.Background(), snapM, "127.0.0.1", apiserver, network, nil) g.Expect(err).To(HaveOccurred()) g.Expect(status.Enabled).To(BeFalse()) diff --git a/src/k8s/pkg/k8sd/features/interface.go b/src/k8s/pkg/k8sd/features/interface.go index ea3651a75..3753af341 100644 --- a/src/k8s/pkg/k8sd/features/interface.go +++ b/src/k8s/pkg/k8sd/features/interface.go @@ -12,7 +12,7 @@ type Interface interface { // ApplyDNS is used to configure the DNS feature on Canonical Kubernetes. ApplyDNS(context.Context, snap.Snap, types.DNS, types.Kubelet, types.Annotations) (types.FeatureStatus, string, error) // ApplyNetwork is used to configure the network feature on Canonical Kubernetes. - ApplyNetwork(context.Context, snap.Snap, types.APIServer, types.Network, types.Annotations) (types.FeatureStatus, error) + ApplyNetwork(context.Context, snap.Snap, string, types.APIServer, types.Network, types.Annotations) (types.FeatureStatus, error) // ApplyLoadBalancer is used to configure the load-balancer feature on Canonical Kubernetes. ApplyLoadBalancer(context.Context, snap.Snap, types.LoadBalancer, types.Network, types.Annotations) (types.FeatureStatus, error) // ApplyIngress is used to configure the ingress controller feature on Canonical Kubernetes. @@ -28,7 +28,7 @@ type Interface interface { // implementation implements Interface. type implementation struct { applyDNS func(context.Context, snap.Snap, types.DNS, types.Kubelet, types.Annotations) (types.FeatureStatus, string, error) - applyNetwork func(context.Context, snap.Snap, types.APIServer, types.Network, types.Annotations) (types.FeatureStatus, error) + applyNetwork func(context.Context, snap.Snap, string, types.APIServer, types.Network, types.Annotations) (types.FeatureStatus, error) applyLoadBalancer func(context.Context, snap.Snap, types.LoadBalancer, types.Network, types.Annotations) (types.FeatureStatus, error) applyIngress func(context.Context, snap.Snap, types.Ingress, types.Network, types.Annotations) (types.FeatureStatus, error) applyGateway func(context.Context, snap.Snap, types.Gateway, types.Network, types.Annotations) (types.FeatureStatus, error) @@ -40,8 +40,8 @@ func (i *implementation) ApplyDNS(ctx context.Context, snap snap.Snap, dns types return i.applyDNS(ctx, snap, dns, kubelet, annotations) } -func (i *implementation) ApplyNetwork(ctx context.Context, snap snap.Snap, apiserver types.APIServer, network types.Network, annotations types.Annotations) (types.FeatureStatus, error) { - return i.applyNetwork(ctx, snap, apiserver, network, annotations) +func (i *implementation) ApplyNetwork(ctx context.Context, snap snap.Snap, localhostAddress string, apiserver types.APIServer, network types.Network, annotations types.Annotations) (types.FeatureStatus, error) { + return i.applyNetwork(ctx, snap, localhostAddress, apiserver, network, annotations) } func (i *implementation) ApplyLoadBalancer(ctx context.Context, snap snap.Snap, loadbalancer types.LoadBalancer, network types.Network, annotations types.Annotations) (types.FeatureStatus, error) { diff --git a/src/k8s/pkg/k8sd/types/cluster_config_merge.go b/src/k8s/pkg/k8sd/types/cluster_config_merge.go index 9f42458ab..fb1840d1a 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_merge.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_merge.go @@ -46,7 +46,6 @@ func MergeClusterConfig(existing ClusterConfig, new ClusterConfig) (ClusterConfi // network {name: "pod CIDR", val: &config.Network.PodCIDR, old: existing.Network.PodCIDR, new: new.Network.PodCIDR}, {name: "service CIDR", val: &config.Network.ServiceCIDR, old: existing.Network.ServiceCIDR, new: new.Network.ServiceCIDR}, - {name: "localhost address", val: &config.Network.LocalhostAddress, old: existing.Network.LocalhostAddress, new: new.Network.LocalhostAddress}, // apiserver {name: "kube-apiserver authorization mode", val: &config.APIServer.AuthorizationMode, old: existing.APIServer.AuthorizationMode, new: new.APIServer.AuthorizationMode, allowChange: true}, // kubelet diff --git a/src/k8s/pkg/k8sd/types/cluster_config_network.go b/src/k8s/pkg/k8sd/types/cluster_config_network.go index 9134c51e8..d429fac7b 100644 --- a/src/k8s/pkg/k8sd/types/cluster_config_network.go +++ b/src/k8s/pkg/k8sd/types/cluster_config_network.go @@ -1,14 +1,12 @@ package types type Network struct { - Enabled *bool `json:"enabled,omitempty"` - PodCIDR *string `json:"pod-cidr,omitempty"` - ServiceCIDR *string `json:"service-cidr,omitempty"` - LocalhostAddress *string `json:"localhost-address,omitempty"` + Enabled *bool `json:"enabled,omitempty"` + PodCIDR *string `json:"pod-cidr,omitempty"` + ServiceCIDR *string `json:"service-cidr,omitempty"` } -func (c Network) GetEnabled() bool { return getField(c.Enabled) } -func (c Network) GetPodCIDR() string { return getField(c.PodCIDR) } -func (c Network) GetServiceCIDR() string { return getField(c.ServiceCIDR) } -func (c Network) GetLocalhostAddress() string { return getField(c.LocalhostAddress) } -func (c Network) Empty() bool { return c == Network{} } +func (c Network) GetEnabled() bool { return getField(c.Enabled) } +func (c Network) GetPodCIDR() string { return getField(c.PodCIDR) } +func (c Network) GetServiceCIDR() string { return getField(c.ServiceCIDR) } +func (c Network) Empty() bool { return c == Network{} } From 5bbb1bd8cd9350abf754227a20ee468a71a52715 Mon Sep 17 00:00:00 2001 From: Niamh Hennigan Date: Tue, 12 Nov 2024 05:56:39 -0800 Subject: [PATCH 090/122] KU-2052 CIS hardening explanation page (#786) * cis hardening explanation adding explanation for CIS hardening * fix typo in header --- docs/src/snap/explanation/cis.md | 28 ++++++++++++++++++++++++++++ docs/src/snap/explanation/index.md | 1 + 2 files changed, 29 insertions(+) create mode 100644 docs/src/snap/explanation/cis.md diff --git a/docs/src/snap/explanation/cis.md b/docs/src/snap/explanation/cis.md new file mode 100644 index 000000000..527342676 --- /dev/null +++ b/docs/src/snap/explanation/cis.md @@ -0,0 +1,28 @@ +# CIS Hardening + +CIS Hardening refers to the process of implementing security configurations that +align with the benchmarks set forth by the [Center for Internet Security] (CIS). +These [benchmarks] are a set of best practices and guidelines designed to secure +various software and hardware systems, including Kubernetes clusters. The +primary goal of CIS hardening is to reduce the attack surface and enhance the +overall security posture of an environment by enforcing configurations that are +known to protect against common vulnerabilities and threats. + +## Why is CIS Hardening Important for Kubernetes? + +Kubernetes, by its nature, is a complex system with many components interacting +in a distributed environment. This complexity can introduce numerous security +risks if not properly managed such as unauthorised access, data breaches and +service disruption. CIS hardening for Kubernetes focuses on configuring various +components of a Kubernetes cluster to meet the security standards specified in +the [CIS Kubernetes Benchmark]. + +## Apply CIS Hardening to {{product}} + +If you would like to apply CIS hardening to your cluster see our [how-to guide]. + + +[benchmarks]: https://www.cisecurity.org/cis-benchmarks +[Center for Internet Security]: https://www.cisecurity.org/ +[CIS Kubernetes Benchmark]: https://www.cisecurity.org/benchmark/kubernetes +[how-to guide]: ../howto/cis-hardening.md \ No newline at end of file diff --git a/docs/src/snap/explanation/index.md b/docs/src/snap/explanation/index.md index 194f7aff7..5c95b7d39 100644 --- a/docs/src/snap/explanation/index.md +++ b/docs/src/snap/explanation/index.md @@ -18,6 +18,7 @@ clustering ingress epa security +cis ``` --- From bf485e7a514dcd4b009a90d456821fd53f62a3e1 Mon Sep 17 00:00:00 2001 From: Claudiu Belu Date: Tue, 12 Nov 2024 17:24:02 +0200 Subject: [PATCH 091/122] Update the containerd-related paths (#772) --- src/k8s/pkg/k8sd/setup/containerd.go | 2 +- src/k8s/pkg/k8sd/setup/containerd_test.go | 1 + src/k8s/pkg/k8sd/setup/kubelet.go | 4 +- src/k8s/pkg/k8sd/setup/kubelet_test.go | 35 ++++---- src/k8s/pkg/snap/interface.go | 13 +-- src/k8s/pkg/snap/mock/mock.go | 5 ++ src/k8s/pkg/snap/snap.go | 55 +++++++++---- src/k8s/pkg/snap/snap_test.go | 97 +++++++++++++++++++++++ 8 files changed, 172 insertions(+), 40 deletions(-) diff --git a/src/k8s/pkg/k8sd/setup/containerd.go b/src/k8s/pkg/k8sd/setup/containerd.go index 84da35f6d..2ec27fcef 100644 --- a/src/k8s/pkg/k8sd/setup/containerd.go +++ b/src/k8s/pkg/k8sd/setup/containerd.go @@ -113,7 +113,7 @@ func Containerd(snap snap.Snap, extraContainerdConfig map[string]any, extraArgs } if _, err := snaputil.UpdateServiceArguments(snap, "containerd", map[string]string{ - "--address": filepath.Join(snap.ContainerdSocketDir(), "containerd.sock"), + "--address": snap.ContainerdSocketPath(), "--config": filepath.Join(snap.ContainerdConfigDir(), "config.toml"), "--root": snap.ContainerdRootDir(), "--state": snap.ContainerdStateDir(), diff --git a/src/k8s/pkg/k8sd/setup/containerd_test.go b/src/k8s/pkg/k8sd/setup/containerd_test.go index 30693bfba..e2f67bd5c 100644 --- a/src/k8s/pkg/k8sd/setup/containerd_test.go +++ b/src/k8s/pkg/k8sd/setup/containerd_test.go @@ -27,6 +27,7 @@ func TestContainerd(t *testing.T) { ContainerdConfigDir: filepath.Join(dir, "containerd"), ContainerdRootDir: filepath.Join(dir, "containerd-root"), ContainerdSocketDir: filepath.Join(dir, "containerd-run"), + ContainerdSocketPath: filepath.Join(dir, "containerd-run", "containerd.sock"), ContainerdRegistryConfigDir: filepath.Join(dir, "containerd-hosts"), ContainerdStateDir: filepath.Join(dir, "containerd-state"), ContainerdExtraConfigDir: filepath.Join(dir, "containerd-confd"), diff --git a/src/k8s/pkg/k8sd/setup/kubelet.go b/src/k8s/pkg/k8sd/setup/kubelet.go index ff4cd9e0f..6b387b3d6 100644 --- a/src/k8s/pkg/k8sd/setup/kubelet.go +++ b/src/k8s/pkg/k8sd/setup/kubelet.go @@ -52,8 +52,8 @@ func kubelet(snap snap.Snap, hostname string, nodeIP net.IP, clusterDNS string, "--anonymous-auth": "false", "--authentication-token-webhook": "true", "--client-ca-file": filepath.Join(snap.KubernetesPKIDir(), "client-ca.crt"), - "--container-runtime-endpoint": filepath.Join(snap.ContainerdSocketDir(), "containerd.sock"), - "--containerd": filepath.Join(snap.ContainerdSocketDir(), "containerd.sock"), + "--container-runtime-endpoint": snap.ContainerdSocketPath(), + "--containerd": snap.ContainerdSocketPath(), "--cgroup-driver": "systemd", "--eviction-hard": "'memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi'", "--fail-swap-on": "false", diff --git a/src/k8s/pkg/k8sd/setup/kubelet_test.go b/src/k8s/pkg/k8sd/setup/kubelet_test.go index 2381b1acd..a0cb91ba3 100644 --- a/src/k8s/pkg/k8sd/setup/kubelet_test.go +++ b/src/k8s/pkg/k8sd/setup/kubelet_test.go @@ -32,11 +32,12 @@ func mustSetupSnapAndDirectories(t *testing.T, createMock func(*mock.Snap, strin func setKubeletMock(s *mock.Snap, dir string) { s.Mock = mock.Mock{ - KubernetesPKIDir: filepath.Join(dir, "pki"), - KubernetesConfigDir: filepath.Join(dir, "k8s-config"), - KubeletRootDir: filepath.Join(dir, "kubelet-root"), - ServiceArgumentsDir: filepath.Join(dir, "args"), - ContainerdSocketDir: filepath.Join(dir, "containerd-run"), + KubernetesPKIDir: filepath.Join(dir, "pki"), + KubernetesConfigDir: filepath.Join(dir, "k8s-config"), + KubeletRootDir: filepath.Join(dir, "kubelet-root"), + ServiceArgumentsDir: filepath.Join(dir, "args"), + ContainerdSocketDir: filepath.Join(dir, "containerd-run"), + ContainerdSocketPath: filepath.Join(dir, "containerd-run", "containerd.sock"), } } @@ -59,8 +60,8 @@ func TestKubelet(t *testing.T) { {key: "--anonymous-auth", expectedVal: "false"}, {key: "--authentication-token-webhook", expectedVal: "true"}, {key: "--client-ca-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "client-ca.crt")}, - {key: "--container-runtime-endpoint", expectedVal: filepath.Join(s.Mock.ContainerdSocketDir, "containerd.sock")}, - {key: "--containerd", expectedVal: filepath.Join(s.Mock.ContainerdSocketDir, "containerd.sock")}, + {key: "--container-runtime-endpoint", expectedVal: s.Mock.ContainerdSocketPath}, + {key: "--containerd", expectedVal: s.Mock.ContainerdSocketPath}, {key: "--cgroup-driver", expectedVal: "systemd"}, {key: "--eviction-hard", expectedVal: "'memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi'"}, {key: "--fail-swap-on", expectedVal: "false"}, @@ -117,8 +118,8 @@ func TestKubelet(t *testing.T) { {key: "--anonymous-auth", expectedVal: "false"}, {key: "--authentication-token-webhook", expectedVal: "true"}, {key: "--client-ca-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "client-ca.crt")}, - {key: "--container-runtime-endpoint", expectedVal: filepath.Join(s.Mock.ContainerdSocketDir, "containerd.sock")}, - {key: "--containerd", expectedVal: filepath.Join(s.Mock.ContainerdSocketDir, "containerd.sock")}, + {key: "--container-runtime-endpoint", expectedVal: s.Mock.ContainerdSocketPath}, + {key: "--containerd", expectedVal: s.Mock.ContainerdSocketPath}, {key: "--cgroup-driver", expectedVal: "systemd"}, {key: "--eviction-hard", expectedVal: "'memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi'"}, {key: "--fail-swap-on", expectedVal: "false"}, @@ -175,8 +176,8 @@ func TestKubelet(t *testing.T) { {key: "--anonymous-auth", expectedVal: "false"}, {key: "--authentication-token-webhook", expectedVal: "true"}, {key: "--client-ca-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "client-ca.crt")}, - {key: "--container-runtime-endpoint", expectedVal: filepath.Join(s.Mock.ContainerdSocketDir, "containerd.sock")}, - {key: "--containerd", expectedVal: filepath.Join(s.Mock.ContainerdSocketDir, "containerd.sock")}, + {key: "--container-runtime-endpoint", expectedVal: s.Mock.ContainerdSocketPath}, + {key: "--containerd", expectedVal: s.Mock.ContainerdSocketPath}, {key: "--cgroup-driver", expectedVal: "systemd"}, {key: "--eviction-hard", expectedVal: "'memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi'"}, {key: "--fail-swap-on", expectedVal: "false"}, @@ -224,8 +225,8 @@ func TestKubelet(t *testing.T) { {key: "--anonymous-auth", expectedVal: "false"}, {key: "--authentication-token-webhook", expectedVal: "true"}, {key: "--client-ca-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "client-ca.crt")}, - {key: "--container-runtime-endpoint", expectedVal: filepath.Join(s.Mock.ContainerdSocketDir, "containerd.sock")}, - {key: "--containerd", expectedVal: filepath.Join(s.Mock.ContainerdSocketDir, "containerd.sock")}, + {key: "--container-runtime-endpoint", expectedVal: s.Mock.ContainerdSocketPath}, + {key: "--containerd", expectedVal: s.Mock.ContainerdSocketPath}, {key: "--cgroup-driver", expectedVal: "systemd"}, {key: "--eviction-hard", expectedVal: "'memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi'"}, {key: "--fail-swap-on", expectedVal: "false"}, @@ -282,8 +283,8 @@ func TestKubelet(t *testing.T) { {key: "--anonymous-auth", expectedVal: "false"}, {key: "--authentication-token-webhook", expectedVal: "true"}, {key: "--client-ca-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "client-ca.crt")}, - {key: "--container-runtime-endpoint", expectedVal: filepath.Join(s.Mock.ContainerdSocketDir, "containerd.sock")}, - {key: "--containerd", expectedVal: filepath.Join(s.Mock.ContainerdSocketDir, "containerd.sock")}, + {key: "--container-runtime-endpoint", expectedVal: s.Mock.ContainerdSocketPath}, + {key: "--containerd", expectedVal: s.Mock.ContainerdSocketPath}, {key: "--cgroup-driver", expectedVal: "systemd"}, {key: "--eviction-hard", expectedVal: "'memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi'"}, {key: "--fail-swap-on", expectedVal: "false"}, @@ -339,8 +340,8 @@ func TestKubelet(t *testing.T) { {key: "--anonymous-auth", expectedVal: "false"}, {key: "--authentication-token-webhook", expectedVal: "true"}, {key: "--client-ca-file", expectedVal: filepath.Join(s.Mock.KubernetesPKIDir, "client-ca.crt")}, - {key: "--container-runtime-endpoint", expectedVal: filepath.Join(s.Mock.ContainerdSocketDir, "containerd.sock")}, - {key: "--containerd", expectedVal: filepath.Join(s.Mock.ContainerdSocketDir, "containerd.sock")}, + {key: "--container-runtime-endpoint", expectedVal: s.Mock.ContainerdSocketPath}, + {key: "--containerd", expectedVal: s.Mock.ContainerdSocketPath}, {key: "--cgroup-driver", expectedVal: "systemd"}, {key: "--eviction-hard", expectedVal: "'memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi'"}, {key: "--fail-swap-on", expectedVal: "false"}, diff --git a/src/k8s/pkg/snap/interface.go b/src/k8s/pkg/snap/interface.go index 03094679e..f2ea533df 100644 --- a/src/k8s/pkg/snap/interface.go +++ b/src/k8s/pkg/snap/interface.go @@ -39,12 +39,13 @@ type Snap interface { EtcdPKIDir() string // /etc/kubernetes/pki/etcd KubeletRootDir() string // /var/lib/kubelet - ContainerdConfigDir() string // /var/snap/k8s/common/etc/containerd - ContainerdExtraConfigDir() string // /var/snap/k8s/common/etc/containerd/conf.d - ContainerdRegistryConfigDir() string // /var/snap/k8s/common/etc/containerd/hosts.d - ContainerdRootDir() string // /var/snap/k8s/common/var/lib/containerd - ContainerdSocketDir() string // /var/snap/k8s/common/run - ContainerdStateDir() string // /run/containerd + ContainerdConfigDir() string // classic confinement: /etc/containerd, strict confinement: /var/snap/k8s/common/etc/containerd + ContainerdExtraConfigDir() string // classic confinement: /etc/containerd/conf.d, strict confinement: /var/snap/k8s/common/etc/containerd/conf.d + ContainerdRegistryConfigDir() string // classic confinement: /etc/containerd/hosts.d, strict confinement: /var/snap/k8s/common/etc/containerd/hosts.d + ContainerdRootDir() string // classic confinement: /var/lib/containerd, strict confinement: /var/snap/k8s/common/var/lib/containerd + ContainerdSocketDir() string // classic confinement: /run/containerd, strict confinement: /var/snap/k8s/common/run/containerd + ContainerdSocketPath() string // classic confinement: /run/containerd/containerd.sock, strict confinement: /var/snap/k8s/common/run/containerd/containerd.sock + ContainerdStateDir() string // classic confinement: /run/containerd, strict confinement: /var/snap/k8s/common/run/containerd K8sdStateDir() string // /var/snap/k8s/common/var/lib/k8sd/state K8sDqliteStateDir() string // /var/snap/k8s/common/var/lib/k8s-dqlite diff --git a/src/k8s/pkg/snap/mock/mock.go b/src/k8s/pkg/snap/mock/mock.go index 17ecf9af2..21846253d 100644 --- a/src/k8s/pkg/snap/mock/mock.go +++ b/src/k8s/pkg/snap/mock/mock.go @@ -32,6 +32,7 @@ type Mock struct { ContainerdRegistryConfigDir string ContainerdRootDir string ContainerdSocketDir string + ContainerdSocketPath string ContainerdStateDir string K8sdStateDir string K8sDqliteStateDir string @@ -146,6 +147,10 @@ func (s *Snap) ContainerdSocketDir() string { return s.Mock.ContainerdSocketDir } +func (s *Snap) ContainerdSocketPath() string { + return s.Mock.ContainerdSocketPath +} + func (s *Snap) ContainerdExtraConfigDir() string { return s.Mock.ContainerdExtraConfigDir } diff --git a/src/k8s/pkg/snap/snap.go b/src/k8s/pkg/snap/snap.go index 032f6c988..8645fe408 100644 --- a/src/k8s/pkg/snap/snap.go +++ b/src/k8s/pkg/snap/snap.go @@ -3,6 +3,7 @@ package snap import ( "bytes" "context" + "errors" "fmt" "os" "os/exec" @@ -23,18 +24,20 @@ import ( ) type SnapOpts struct { - SnapInstanceName string - SnapDir string - SnapCommonDir string - RunCommand func(ctx context.Context, command []string, opts ...func(c *exec.Cmd)) error + SnapInstanceName string + SnapDir string + SnapCommonDir string + RunCommand func(ctx context.Context, command []string, opts ...func(c *exec.Cmd)) error + ContainerdBaseDir string } // snap implements the Snap interface. type snap struct { - snapDir string - snapCommonDir string - snapInstanceName string - runCommand func(ctx context.Context, command []string, opts ...func(c *exec.Cmd)) error + snapDir string + snapCommonDir string + snapInstanceName string + runCommand func(ctx context.Context, command []string, opts ...func(c *exec.Cmd)) error + containerdBaseDir string } // NewSnap creates a new interface with the K8s snap. @@ -51,6 +54,15 @@ func NewSnap(opts SnapOpts) *snap { runCommand: runCommand, } + containerdBaseDir := opts.ContainerdBaseDir + if containerdBaseDir == "" { + containerdBaseDir = "/" + if s.Strict() { + containerdBaseDir = opts.SnapCommonDir + } + } + s.containerdBaseDir = containerdBaseDir + return s } @@ -161,19 +173,23 @@ func (s *snap) Hostname() string { } func (s *snap) ContainerdConfigDir() string { - return filepath.Join(s.snapCommonDir, "etc", "containerd") + return filepath.Join(s.containerdBaseDir, "etc", "containerd") } func (s *snap) ContainerdRootDir() string { - return filepath.Join(s.snapCommonDir, "var", "lib", "containerd") + return filepath.Join(s.containerdBaseDir, "var", "lib", "containerd") } func (s *snap) ContainerdSocketDir() string { - return filepath.Join(s.snapCommonDir, "run") + return filepath.Join(s.containerdBaseDir, "run", "containerd") +} + +func (s *snap) ContainerdSocketPath() string { + return filepath.Join(s.containerdBaseDir, "run", "containerd", "containerd.sock") } func (s *snap) ContainerdStateDir() string { - return "/run/containerd" + return filepath.Join(s.containerdBaseDir, "run", "containerd") } func (s *snap) CNIConfDir() string { @@ -250,11 +266,11 @@ func (s *snap) NodeTokenFile() string { } func (s *snap) ContainerdExtraConfigDir() string { - return filepath.Join(s.snapCommonDir, "etc", "containerd", "conf.d") + return filepath.Join(s.containerdBaseDir, "etc", "containerd", "conf.d") } func (s *snap) ContainerdRegistryConfigDir() string { - return filepath.Join(s.snapCommonDir, "etc", "containerd", "hosts.d") + return filepath.Join(s.containerdBaseDir, "etc", "containerd", "hosts.d") } func (s *snap) restClientGetter(path string, namespace string) genericclioptions.RESTClientGetter { @@ -323,6 +339,17 @@ func (s *snap) PreInitChecks(ctx context.Context, config types.ClusterConfig) er } } + // check if the containerd.sock file already exists, signaling the fact that another containerd instance + // is already running on this node, which will conflict with the snap. + socketPath := s.ContainerdSocketPath() + if _, err := os.Stat(socketPath); err == nil { + return fmt.Errorf("The path '%s' required for the containerd socket already exists. "+ + "This may mean that another service is already using that path, and it conflicts with the k8s snap. "+ + "Please make sure that there is no other service installed that uses the same path, and remove the existing file.", socketPath) + } else if !errors.Is(err, os.ErrNotExist) { + return fmt.Errorf("Encountered an error while checking '%s': %w", socketPath, err) + } + return nil } diff --git a/src/k8s/pkg/snap/snap_test.go b/src/k8s/pkg/snap/snap_test.go index 54bc4ed9d..e99ff0384 100644 --- a/src/k8s/pkg/snap/snap_test.go +++ b/src/k8s/pkg/snap/snap_test.go @@ -3,14 +3,64 @@ package snap_test import ( "context" "fmt" + "os" + "path/filepath" "testing" + "github.com/canonical/k8s/pkg/k8sd/types" "github.com/canonical/k8s/pkg/snap" "github.com/canonical/k8s/pkg/snap/mock" . "github.com/onsi/gomega" ) func TestSnap(t *testing.T) { + t.Run("NewSnap", func(t *testing.T) { + t.Run("containerd path with opt", func(t *testing.T) { + g := NewWithT(t) + mockRunner := &mock.Runner{} + snap := snap.NewSnap(snap.SnapOpts{ + RunCommand: mockRunner.Run, + ContainerdBaseDir: "/foo/lish", + }) + + g.Expect(snap.ContainerdSocketPath()).To(Equal(filepath.Join("/foo/lish", "run", "containerd", "containerd.sock"))) + }) + + t.Run("containerd path classic", func(t *testing.T) { + g := NewWithT(t) + mockRunner := &mock.Runner{} + snap := snap.NewSnap(snap.SnapOpts{ + RunCommand: mockRunner.Run, + }) + + g.Expect(snap.ContainerdSocketPath()).To(Equal(filepath.Join("/", "run", "containerd", "containerd.sock"))) + }) + + t.Run("containerd path strict", func(t *testing.T) { + g := NewWithT(t) + // We're checking if the snap is strict in NewSnap, which checks the snap.yaml file. + tmpDir, err := os.MkdirTemp("", "test-snap-k8s") + g.Expect(err).To(Not(HaveOccurred())) + defer os.RemoveAll(tmpDir) + + err = os.MkdirAll(filepath.Join(tmpDir, "meta"), os.ModeDir) + g.Expect(err).To(Not(HaveOccurred())) + + snapData := []byte("confinement: strict\n") + err = os.WriteFile(filepath.Join(tmpDir, "meta", "snap.yaml"), snapData, 0o644) + g.Expect(err).To(Not(HaveOccurred())) + + mockRunner := &mock.Runner{} + snap := snap.NewSnap(snap.SnapOpts{ + SnapDir: tmpDir, + SnapCommonDir: tmpDir, + RunCommand: mockRunner.Run, + }) + + g.Expect(snap.ContainerdSocketPath()).To(Equal(filepath.Join(tmpDir, "run", "containerd", "containerd.sock"))) + }) + }) + t.Run("Start", func(t *testing.T) { g := NewWithT(t) mockRunner := &mock.Runner{} @@ -75,4 +125,51 @@ func TestSnap(t *testing.T) { g.Expect(err).To(HaveOccurred()) }) }) + + t.Run("PreInitChecks", func(t *testing.T) { + g := NewWithT(t) + // Replace the ContainerdSocketDir to avoid checking against a real containerd.sock that may be running. + containerdDir, err := os.MkdirTemp("", "test-containerd") + g.Expect(err).To(Not(HaveOccurred())) + defer os.RemoveAll(containerdDir) + + mockRunner := &mock.Runner{} + snap := snap.NewSnap(snap.SnapOpts{ + SnapDir: "testdir", + SnapCommonDir: "testdir", + RunCommand: mockRunner.Run, + ContainerdBaseDir: containerdDir, + }) + conf := types.ClusterConfig{} + + err = snap.PreInitChecks(context.Background(), conf) + g.Expect(err).To(Not(HaveOccurred())) + expectedCalls := []string{} + for _, binary := range []string{"kube-apiserver", "kube-controller-manager", "kube-scheduler", "kube-proxy", "kubelet"} { + expectedCalls = append(expectedCalls, fmt.Sprintf("testdir/bin/%s --version", binary)) + } + g.Expect(mockRunner.CalledWithCommand).To(ConsistOf(expectedCalls)) + + t.Run("Fail socket exists", func(t *testing.T) { + g := NewWithT(t) + // Create the containerd.sock file, which should cause the check to fail. + err := os.MkdirAll(snap.ContainerdSocketDir(), os.ModeDir) + g.Expect(err).To(Not(HaveOccurred())) + f, err := os.Create(snap.ContainerdSocketPath()) + g.Expect(err).To(Not(HaveOccurred())) + f.Close() + defer os.Remove(f.Name()) + + err = snap.PreInitChecks(context.Background(), conf) + g.Expect(err).To(HaveOccurred()) + }) + + t.Run("Fail run command", func(t *testing.T) { + g := NewWithT(t) + mockRunner.Err = fmt.Errorf("some error") + + err := snap.PreInitChecks(context.Background(), conf) + g.Expect(err).To(HaveOccurred()) + }) + }) } From 86b5a298d73c47166730077c7f0d73b0f8ffc769 Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Tue, 12 Nov 2024 10:24:44 -0500 Subject: [PATCH 092/122] Remove hardcoded annotations (#763) --- docs/src/_parts/bootstrap_config.md | 2 +- src/k8s/go.mod | 2 +- src/k8s/go.sum | 4 ++-- src/k8s/pkg/k8sd/controllers/csrsigning/config.go | 7 +++++-- .../pkg/k8sd/controllers/csrsigning/reconcile_test.go | 3 ++- src/k8s/pkg/k8sd/features/calico/network_test.go | 11 ++++++----- .../features/metrics-server/metrics_server_test.go | 5 +++-- 7 files changed, 20 insertions(+), 14 deletions(-) diff --git a/docs/src/_parts/bootstrap_config.md b/docs/src/_parts/bootstrap_config.md index d6777ca03..b1ed6f477 100644 --- a/docs/src/_parts/bootstrap_config.md +++ b/docs/src/_parts/bootstrap_config.md @@ -197,7 +197,7 @@ Possible values: `external`. **Type:** `map[string]string`
Annotations is a map of strings that can be used to store arbitrary metadata configuration. -Please refer to the ClusterAPI annotations reference for further details on these options. +Please refer to the annotations reference for further details on these options. ### control-plane-taints **Type:** `[]string`
diff --git a/src/k8s/go.mod b/src/k8s/go.mod index 48562f653..68d3f1cde 100644 --- a/src/k8s/go.mod +++ b/src/k8s/go.mod @@ -5,7 +5,7 @@ go 1.22.6 require ( dario.cat/mergo v1.0.0 github.com/canonical/go-dqlite v1.22.0 - github.com/canonical/k8s-snap-api v1.0.12 + github.com/canonical/k8s-snap-api v1.0.13 github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 github.com/go-logr/logr v1.4.2 diff --git a/src/k8s/go.sum b/src/k8s/go.sum index fb5671c2b..20f296a62 100644 --- a/src/k8s/go.sum +++ b/src/k8s/go.sum @@ -99,8 +99,8 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXe github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/canonical/go-dqlite v1.22.0 h1:DuJmfcREl4gkQJyvZzjl2GHFZROhbPyfdjDRQXpkOyw= github.com/canonical/go-dqlite v1.22.0/go.mod h1:Uvy943N8R4CFUAs59A1NVaziWY9nJ686lScY7ywurfg= -github.com/canonical/k8s-snap-api v1.0.12 h1:ofS2+JRlPMnpWgHLmnE4QEUqWv9Dgrmsv3hrjI0O4zQ= -github.com/canonical/k8s-snap-api v1.0.12/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= +github.com/canonical/k8s-snap-api v1.0.13 h1:Z+IW6Knvycu+DrkmH+9qB1UNyYiHfL+rFvT9DtSO2+g= +github.com/canonical/k8s-snap-api v1.0.13/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230 h1:YOqZ+/14OPZ+/TOXpRHIX3KLT0C+wZVpewKIwlGUmW0= github.com/canonical/lxd v0.0.0-20240822122218-e7b2a7a83230/go.mod h1:YVGI7HStOKsV+cMyXWnJ7RaMPaeWtrkxyIPvGWbgACc= github.com/canonical/microcluster/v3 v3.0.0-20240827143335-f7a4d3984970 h1:UrnpglbXELlxtufdk6DGDytu2JzyzuS3WTsOwPrkQLI= diff --git a/src/k8s/pkg/k8sd/controllers/csrsigning/config.go b/src/k8s/pkg/k8sd/controllers/csrsigning/config.go index fa19d3e0b..08e88bda0 100644 --- a/src/k8s/pkg/k8sd/controllers/csrsigning/config.go +++ b/src/k8s/pkg/k8sd/controllers/csrsigning/config.go @@ -1,6 +1,9 @@ package csrsigning -import "github.com/canonical/k8s/pkg/k8sd/types" +import ( + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations/csrsigning" + "github.com/canonical/k8s/pkg/k8sd/types" +) type internalConfig struct { autoApprove bool @@ -8,7 +11,7 @@ type internalConfig struct { func internalConfigFromAnnotations(annotations types.Annotations) internalConfig { var cfg internalConfig - if v, ok := annotations.Get("k8sd/v1alpha1/csrsigning/auto-approve"); ok && v == "true" { + if v, ok := annotations.Get(apiv1_annotations.AnnotationAutoApprove); ok && v == "true" { cfg.autoApprove = true } return cfg diff --git a/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_test.go b/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_test.go index fda98bcd8..f731c82d8 100644 --- a/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_test.go +++ b/src/k8s/pkg/k8sd/controllers/csrsigning/reconcile_test.go @@ -8,6 +8,7 @@ import ( "testing" "time" + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations/csrsigning" k8smock "github.com/canonical/k8s/pkg/k8sd/controllers/csrsigning/test" "github.com/canonical/k8s/pkg/k8sd/types" "github.com/canonical/k8s/pkg/log" @@ -297,7 +298,7 @@ func TestNotApprovedCSR(t *testing.T) { getClusterConfig: func(context.Context) (types.ClusterConfig, error) { return types.ClusterConfig{ Annotations: map[string]string{ - "k8sd/v1alpha1/csrsigning/auto-approve": "true", + apiv1_annotations.AnnotationAutoApprove: "true", }, Certificates: types.Certificates{ K8sdPrivateKey: ptr.To(priv), diff --git a/src/k8s/pkg/k8sd/features/calico/network_test.go b/src/k8s/pkg/k8sd/features/calico/network_test.go index c74be416c..0a8b4d716 100644 --- a/src/k8s/pkg/k8sd/features/calico/network_test.go +++ b/src/k8s/pkg/k8sd/features/calico/network_test.go @@ -5,6 +5,7 @@ import ( "errors" "testing" + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations/calico" "github.com/canonical/k8s/pkg/client/helm" helmmock "github.com/canonical/k8s/pkg/client/helm/mock" "github.com/canonical/k8s/pkg/k8sd/features/calico" @@ -18,11 +19,11 @@ import ( // NOTE(hue): status.Message is not checked sometimes to avoid unnecessary complexity var defaultAnnotations = types.Annotations{ - "k8sd/v1alpha1/calico/apiserver-enabled": "true", - "k8sd/v1alpha1/calico/encapsulation-v4": "VXLAN", - "k8sd/v1alpha1/calico/encapsulation-v6": "VXLAN", - "k8sd/v1alpha1/calico/autodetection-v4/firstFound": "true", - "k8sd/v1alpha1/calico/autodetection-v6/firstFound": "true", + apiv1_annotations.AnnotationAPIServerEnabled: "true", + apiv1_annotations.AnnotationEncapsulationV4: "VXLAN", + apiv1_annotations.AnnotationEncapsulationV6: "VXLAN", + apiv1_annotations.AnnotationAutodetectionV4FirstFound: "true", + apiv1_annotations.AnnotationAutodetectionV6FirstFound: "true", } func TestDisabled(t *testing.T) { diff --git a/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go b/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go index 006294d3c..d9cdc8370 100644 --- a/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go +++ b/src/k8s/pkg/k8sd/features/metrics-server/metrics_server_test.go @@ -5,6 +5,7 @@ import ( "errors" "testing" + apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations/metrics-server" "github.com/canonical/k8s/pkg/client/helm" helmmock "github.com/canonical/k8s/pkg/client/helm/mock" metrics_server "github.com/canonical/k8s/pkg/k8sd/features/metrics-server" @@ -102,8 +103,8 @@ func TestApplyMetricsServer(t *testing.T) { Enabled: utils.Pointer(true), } annotations := types.Annotations{ - "k8sd/v1alpha1/metrics-server/image-repo": "custom-image", - "k8sd/v1alpha1/metrics-server/image-tag": "custom-tag", + apiv1_annotations.AnnotationImageRepo: "custom-image", + apiv1_annotations.AnnotationImageTag: "custom-tag", } status, err := metrics_server.ApplyMetricsServer(context.Background(), s, cfg, annotations) From 4291ca381ab8b62ab2e20bc0d6494005367b78cf Mon Sep 17 00:00:00 2001 From: Lucian Petrut Date: Wed, 13 Nov 2024 13:31:09 +0200 Subject: [PATCH 093/122] Fix flaky tests (#767) --- .github/workflows/cron-jobs.yaml | 4 +- .github/workflows/integration-informing.yaml | 6 +- .github/workflows/integration.yaml | 10 ++- .github/workflows/nightly-test.yaml | 2 +- .../patches/strict/0001-Strict-patch.patch | 77 ++++++++++++++++--- k8s/lib.sh | 11 +++ ...tstrap-session.yaml => bootstrap-all.yaml} | 0 tests/integration/tests/conftest.py | 48 ++---------- tests/integration/tests/test_cleanup.py | 40 +--------- tests/integration/tests/test_clustering.py | 22 +++++- tests/integration/tests/test_dns.py | 20 +++-- tests/integration/tests/test_gateway.py | 35 ++++++--- tests/integration/tests/test_ingress.py | 33 +++++--- .../integration/tests/test_metrics_server.py | 20 +++-- tests/integration/tests/test_network.py | 20 +++-- tests/integration/tests/test_storage.py | 40 ++++++---- tests/integration/tests/test_util/config.py | 2 +- tests/integration/tests/test_util/util.py | 42 ++++++++++ 18 files changed, 275 insertions(+), 157 deletions(-) rename tests/integration/templates/{bootstrap-session.yaml => bootstrap-all.yaml} (100%) diff --git a/.github/workflows/cron-jobs.yaml b/.github/workflows/cron-jobs.yaml index bd9e125e7..59a1227a1 100644 --- a/.github/workflows/cron-jobs.yaml +++ b/.github/workflows/cron-jobs.yaml @@ -108,6 +108,8 @@ jobs: format: "sarif" output: "trivy-k8s-repo-scan--results.sarif" severity: "MEDIUM,HIGH,CRITICAL" + env: + TRIVY_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db" - name: Gather Trivy repo scan results run: | cp trivy-k8s-repo-scan--results.sarif ./sarifs/ @@ -119,7 +121,7 @@ jobs: for var in $(env | grep -o '^TRIVY_[^=]*'); do unset "$var" done - ./trivy rootfs ./squashfs-root/ --format sarif > sarifs/snap.sarif + ./trivy --db-repository public.ecr.aws/aquasecurity/trivy-db rootfs ./squashfs-root/ --format sarif > sarifs/snap.sarif - name: Get HEAD sha run: | SHA="$(git rev-parse HEAD)" diff --git a/.github/workflows/integration-informing.yaml b/.github/workflows/integration-informing.yaml index 49c0b46ee..d4ca93ae9 100644 --- a/.github/workflows/integration-informing.yaml +++ b/.github/workflows/integration-informing.yaml @@ -60,14 +60,14 @@ jobs: os: ["ubuntu:20.04"] patch: ["strict", "moonray"] fail-fast: false - runs-on: ubuntu-20.04 + runs-on: ["self-hosted", "Linux", "AMD64", "jammy", "large"] steps: - name: Check out code uses: actions/checkout@v4 - name: Setup Python uses: actions/setup-python@v5 with: - python-version: '3.8' + python-version: '3.10' - name: Install tox run: pip install tox - name: Install lxd @@ -76,6 +76,8 @@ jobs: sudo lxd init --auto sudo usermod --append --groups lxd $USER sg lxd -c 'lxc version' + sudo iptables -I DOCKER-USER -i lxdbr0 -j ACCEPT + sudo iptables -I DOCKER-USER -o lxdbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - name: Download snap uses: actions/download-artifact@v4 with: diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 3214f1645..bfcc903a0 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -73,7 +73,7 @@ jobs: fail-fast: false matrix: os: ["ubuntu:20.04", "ubuntu:22.04", "ubuntu:24.04"] - runs-on: ubuntu-20.04 + runs-on: ["self-hosted", "Linux", "AMD64", "jammy", "large"] needs: build steps: @@ -82,7 +82,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v5 with: - python-version: '3.8' + python-version: '3.10' - name: Install tox run: pip install tox - name: Install lxd @@ -91,6 +91,8 @@ jobs: sudo lxd init --auto sudo usermod --append --groups lxd $USER sg lxd -c 'lxc version' + sudo iptables -I DOCKER-USER -i lxdbr0 -j ACCEPT + sudo iptables -I DOCKER-USER -o lxdbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - name: Download snap uses: actions/download-artifact@v4 with: @@ -163,6 +165,8 @@ jobs: format: "sarif" output: "trivy-k8s-repo-scan--results.sarif" severity: "MEDIUM,HIGH,CRITICAL" + env: + TRIVY_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db" - name: Gather Trivy repo scan results run: | cp trivy-k8s-repo-scan--results.sarif ./manual-trivy/sarifs/ @@ -173,7 +177,7 @@ jobs: done cp build/k8s.snap . unsquashfs k8s.snap - ./manual-trivy/trivy rootfs ./squashfs-root/ --format sarif > ./manual-trivy/sarifs/snap.sarif + ./manual-trivy/trivy --db-repository public.ecr.aws/aquasecurity/trivy-db rootfs ./squashfs-root/ --format sarif > ./manual-trivy/sarifs/snap.sarif - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 with: diff --git a/.github/workflows/nightly-test.yaml b/.github/workflows/nightly-test.yaml index e8dab660c..d2fd49972 100644 --- a/.github/workflows/nightly-test.yaml +++ b/.github/workflows/nightly-test.yaml @@ -17,7 +17,7 @@ jobs: release: ["latest/edge"] fail-fast: false # TODO: remove once arm64 works - runs-on: ${{ matrix.arch == 'arm64' && 'Ubuntu_ARM64_4C_16G_01' || 'ubuntu-20.04' }} + runs-on: ${{ matrix.arch == 'arm64' && ["self-hosted", "Linux", "ARM64", "jammy", "large"] || ["self-hosted", "Linux", "AMD64", "jammy", "large"] }} steps: - name: Checking out repo diff --git a/build-scripts/patches/strict/0001-Strict-patch.patch b/build-scripts/patches/strict/0001-Strict-patch.patch index 2ca7c50fa..7bbc5a71b 100644 --- a/build-scripts/patches/strict/0001-Strict-patch.patch +++ b/build-scripts/patches/strict/0001-Strict-patch.patch @@ -1,16 +1,17 @@ -From 3338580f4e22b001615320c40b1c1ad95f8a945e Mon Sep 17 00:00:00 2001 +From 94dadc0e3963e0b01af66e490500c619ec45c019 Mon Sep 17 00:00:00 2001 From: Angelos Kolaitis Date: Fri, 10 May 2024 19:17:55 +0300 Subject: [PATCH] Strict patch --- - k8s/hack/init.sh | 6 +- - k8s/wrappers/services/containerd | 5 - - snap/snapcraft.yaml | 168 ++++++++++++++++++++++++++++++- - 3 files changed, 172 insertions(+), 7 deletions(-) + k8s/hack/init.sh | 6 +- + k8s/wrappers/services/containerd | 5 - + snap/snapcraft.yaml | 171 +++++++++++++++++++++- + tests/integration/tests/test_util/util.py | 38 +++-- + 4 files changed, 198 insertions(+), 22 deletions(-) diff --git a/k8s/hack/init.sh b/k8s/hack/init.sh -index a0b57c7d..d53b528a 100755 +index a0b57c7..d53b528 100755 --- a/k8s/hack/init.sh +++ b/k8s/hack/init.sh @@ -1,3 +1,7 @@ @@ -23,7 +24,7 @@ index a0b57c7d..d53b528a 100755 +"${DIR}/connect-interfaces.sh" +"${DIR}/network-requirements.sh" diff --git a/k8s/wrappers/services/containerd b/k8s/wrappers/services/containerd -index c3f71a01..a82e1c03 100755 +index c3f71a0..a82e1c0 100755 --- a/k8s/wrappers/services/containerd +++ b/k8s/wrappers/services/containerd @@ -21,9 +21,4 @@ You can try to apply the profile manually by running: @@ -37,7 +38,7 @@ index c3f71a01..a82e1c03 100755 - k8s::common::execute_service containerd diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml -index 54b5fc0b..01631684 100644 +index 9d21e55..26f49ad 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -7,7 +7,7 @@ description: |- @@ -49,7 +50,7 @@ index 54b5fc0b..01631684 100644 base: core20 environment: REAL_PATH: $PATH -@@ -216,6 +216,20 @@ parts: +@@ -217,6 +217,20 @@ parts: apps: k8s: command: k8s/wrappers/commands/k8s @@ -70,7 +71,7 @@ index 54b5fc0b..01631684 100644 containerd: command: k8s/wrappers/services/containerd daemon: notify -@@ -226,43 +240,195 @@ apps: +@@ -227,43 +241,198 @@ apps: restart-condition: always start-timeout: 5m before: [kubelet] @@ -263,9 +264,61 @@ index 54b5fc0b..01631684 100644 + plugs: + - network + - network-bind -+ - process-control + - network-control ++ - network-observe ++ - process-control + - firewall-control ++ - system-observe ++ - mount-observe +diff --git a/tests/integration/tests/test_util/util.py b/tests/integration/tests/test_util/util.py +index 3e54d68..295c458 100644 +--- a/tests/integration/tests/test_util/util.py ++++ b/tests/integration/tests/test_util/util.py +@@ -191,21 +191,29 @@ def remove_k8s_snap(instance: harness.Instance): + ["snap", "remove", config.SNAP_NAME, "--purge"] + ) + +- LOG.info("Waiting for shims to go away...") +- stubbornly(retries=20, delay_s=5).on(instance).until( +- lambda p: all( +- x not in p.stdout.decode() +- for x in ["containerd-shim", "cilium", "coredns", "/pause"] +- ) +- ).exec(["ps", "-fea"]) +- +- LOG.info("Waiting for kubelet and containerd mounts to go away...") +- stubbornly(retries=20, delay_s=5).on(instance).until( +- lambda p: all( +- x not in p.stdout.decode() +- for x in ["/var/lib/kubelet/pods", "/run/containerd/io.containerd"] +- ) +- ).exec(["mount"]) ++ # NOTE(lpetrut): on "strict", the snap remove hook is unable to: ++ # * terminate processes ++ # * remove network namespaces ++ # * list mounts ++ # ++ # https://paste.ubuntu.com/p/WscCCfnvGH/plain/ ++ # https://paste.ubuntu.com/p/sSnJVvZkrr/plain/ ++ # ++ # LOG.info("Waiting for shims to go away...") ++ # stubbornly(retries=20, delay_s=5).on(instance).until( ++ # lambda p: all( ++ # x not in p.stdout.decode() ++ # for x in ["containerd-shim", "cilium", "coredns", "/pause"] ++ # ) ++ # ).exec(["ps", "-fea"]) ++ # ++ # LOG.info("Waiting for kubelet and containerd mounts to go away...") ++ # stubbornly(retries=20, delay_s=5).on(instance).until( ++ # lambda p: all( ++ # x not in p.stdout.decode() ++ # for x in ["/var/lib/kubelet/pods", "/run/containerd/io.containerd"] ++ # ) ++ # ).exec(["mount"]) + + # NOTE(neoaggelos): Temporarily disable this as it fails on strict. + # For details, `snap changes` then `snap change $remove_k8s_snap_change`. -- -2.34.1 +2.43.0 diff --git a/k8s/lib.sh b/k8s/lib.sh index 3ef47f516..a30f3a30a 100755 --- a/k8s/lib.sh +++ b/k8s/lib.sh @@ -60,6 +60,10 @@ k8s::remove::containers() { # delete cni network namespaces ip netns list | cut -f1 -d' ' | grep -- "^cni-" | xargs -n1 -r -t ip netns delete || true + # The PVC loopback devices use container paths, making them tricky to identify. + # We'll rely on the volume mount paths (/var/lib/kubelet/*). + local LOOP_DEVICES=`cat /proc/mounts | grep /var/lib/kubelet/pods | grep /dev/loop | cut -d " " -f 1` + # unmount Pod NFS volumes forcefully, as unmounting them normally may hang otherwise. cat /proc/mounts | grep /run/containerd/io.containerd. | grep "nfs[34]" | cut -f2 -d' ' | xargs -r -t umount -f || true cat /proc/mounts | grep /var/lib/kubelet/pods | grep "nfs[34]" | cut -f2 -d' ' | xargs -r -t umount -f || true @@ -79,6 +83,13 @@ k8s::remove::containers() { # so kubelet won't try to access inexistent plugins on reinstallation. find /var/lib/kubelet/plugins/ -name "*.sock" | xargs rm -f || true rm /var/lib/kubelet/plugins_registry/*.sock || true + + cat /proc/mounts | grep /var/snap/k8s/common/var/lib/containerd/ | cut -f2 -d' ' | xargs -r -t umount || true + + # cleanup loopback devices + for dev in $LOOP_DEVICES; do + losetup -d $dev + done } # Run a ctr command against the local containerd socket diff --git a/tests/integration/templates/bootstrap-session.yaml b/tests/integration/templates/bootstrap-all.yaml similarity index 100% rename from tests/integration/templates/bootstrap-session.yaml rename to tests/integration/templates/bootstrap-all.yaml diff --git a/tests/integration/tests/conftest.py b/tests/integration/tests/conftest.py index 20164d3b9..04efacd98 100644 --- a/tests/integration/tests/conftest.py +++ b/tests/integration/tests/conftest.py @@ -185,55 +185,17 @@ def instances( # Cleanup after each test. # We cannot execute _harness_clean() here as this would also - # remove the session_instance. The harness ensures that everything is cleaned up + # remove session scoped instances. The harness ensures that everything is cleaned up # at the end of the test session. for instance in instances: if config.INSPECTION_REPORTS_DIR is not None: LOG.debug("Generating inspection reports for test instances") _generate_inspection_report(h, instance.id) - h.delete_instance(instance.id) - - -@pytest.fixture(scope="session") -def session_instance( - h: harness.Harness, tmp_path_factory: pytest.TempPathFactory, request -) -> Generator[harness.Instance, None, None]: - """Constructs and bootstraps an instance that persists over a test session. - - Bootstraps the instance with all k8sd features enabled to reduce testing time. - """ - LOG.info("Setup node and enable all features") - - tmp_path = tmp_path_factory.mktemp("data") - instance = h.new_instance() - snap = next(snap_versions(request)) - util.setup_k8s_snap(instance, tmp_path, snap) - - bootstrap_config_path = "/home/ubuntu/bootstrap-session.yaml" - instance.send_file( - (config.MANIFESTS_DIR / "bootstrap-session.yaml").as_posix(), - bootstrap_config_path, - ) - - instance_default_ip = util.get_default_ip(instance) - - instance.exec(["k8s", "bootstrap", "--file", bootstrap_config_path]) - instance_default_cidr = util.get_default_cidr(instance, instance_default_ip) - - lb_cidr = util.find_suitable_cidr( - parent_cidr=instance_default_cidr, - excluded_ips=[instance_default_ip], - ) - - instance.exec( - ["k8s", "set", f"load-balancer.cidrs={lb_cidr}", "load-balancer.l2-mode=true"] - ) - util.wait_until_k8s_ready(instance, [instance]) - util.wait_for_network(instance) - util.wait_for_dns(instance) - - yield instance + try: + util.remove_k8s_snap(instance) + finally: + h.delete_instance(instance.id) @pytest.fixture(scope="function") diff --git a/tests/integration/tests/test_cleanup.py b/tests/integration/tests/test_cleanup.py index fb19a1ebf..18ce44400 100644 --- a/tests/integration/tests/test_cleanup.py +++ b/tests/integration/tests/test_cleanup.py @@ -5,7 +5,7 @@ from typing import List import pytest -from test_util import config, harness, util +from test_util import harness, util LOG = logging.getLogger(__name__) @@ -16,40 +16,4 @@ def test_node_cleanup(instances: List[harness.Instance]): util.wait_for_dns(instance) util.wait_for_network(instance) - LOG.info("Uninstall k8s...") - instance.exec(["snap", "remove", config.SNAP_NAME, "--purge"]) - - LOG.info("Waiting for shims to go away...") - util.stubbornly(retries=5, delay_s=5).on(instance).until( - lambda p: all( - x not in p.stdout.decode() - for x in ["containerd-shim", "cilium", "coredns", "/pause"] - ) - ).exec(["ps", "-fea"]) - - LOG.info("Waiting for kubelet and containerd mounts to go away...") - util.stubbornly(retries=5, delay_s=5).on(instance).until( - lambda p: all( - x not in p.stdout.decode() - for x in ["/var/lib/kubelet/pods", "/run/containerd/io.containerd"] - ) - ).exec(["mount"]) - - # NOTE(neoaggelos): Temporarily disable this as it fails on strict. - # For details, `snap changes` then `snap change $remove_k8s_snap_change`. - # Example output follows: - # - # 2024-02-23T14:10:42Z ERROR ignoring failure in hook "remove": - # ----- - # ... - # ip netns delete cni-UUID1 - # Cannot remove namespace file "/run/netns/cni-UUID1": Device or resource busy - # ip netns delete cni-UUID2 - # Cannot remove namespace file "/run/netns/cni-UUID2": Device or resource busy - # ip netns delete cni-UUID3 - # Cannot remove namespace file "/run/netns/cni-UUID3": Device or resource busy - - # LOG.info("Waiting for CNI network namespaces to go away...") - # util.stubbornly(retries=5, delay_s=5).on(instance).until( - # lambda p: "cni-" not in p.stdout.decode() - # ).exec(["ip", "netns", "list"]) + util.remove_k8s_snap(instance) diff --git a/tests/integration/tests/test_clustering.py b/tests/integration/tests/test_clustering.py index 8235e56cf..b5a24df31 100644 --- a/tests/integration/tests/test_clustering.py +++ b/tests/integration/tests/test_clustering.py @@ -119,7 +119,19 @@ def test_no_remove(instances: List[harness.Instance]): assert "control-plane" in util.get_local_node_status(joining_cp) assert "worker" in util.get_local_node_status(joining_worker) - cluster_node.exec(["k8s", "remove-node", joining_cp.id]) + # TODO: k8sd sometimes fails when requested to remove nodes immediately + # after bootstrapping the cluster. It seems that it takes a little + # longer for trust store changes to be propagated to all nodes, which + # should probably be fixed on the microcluster side. + # + # For now, we'll perform some retries. + # + # failed to POST /k8sd/cluster/remove: failed to delete cluster member + # k8s-integration-c1aee0-2: No truststore entry found for node with name + # "k8s-integration-c1aee0-2" + util.stubbornly(retries=3, delay_s=5).on(cluster_node).exec( + ["k8s", "remove-node", joining_cp.id] + ) nodes = util.ready_nodes(cluster_node) assert len(nodes) == 3, "cp node should not have been removed from cluster" cluster_node.exec(["k8s", "remove-node", joining_worker.id]) @@ -142,10 +154,12 @@ def test_skip_services_stop_on_remove(instances: List[harness.Instance]): join_token_worker = util.get_join_token(cluster_node, worker, "--worker") util.join_cluster(worker, join_token_worker) - # We don't care if the node is ready or the CNI is up. - util.stubbornly(retries=5, delay_s=3).until(util.get_nodes(cluster_node) == 3) + util.wait_until_k8s_ready(cluster_node, instances) - cluster_node.exec(["k8s", "remove-node", joining_cp.id]) + # TODO: skip retrying this once the microcluster trust store issue is addressed. + util.stubbornly(retries=3, delay_s=5).on(cluster_node).exec( + ["k8s", "remove-node", joining_cp.id] + ) nodes = util.ready_nodes(cluster_node) assert len(nodes) == 2, "cp node should have been removed from the cluster" services = joining_cp.exec( diff --git a/tests/integration/tests/test_dns.py b/tests/integration/tests/test_dns.py index e51285d4b..72b13b82a 100644 --- a/tests/integration/tests/test_dns.py +++ b/tests/integration/tests/test_dns.py @@ -2,14 +2,22 @@ # Copyright 2024 Canonical, Ltd. # import logging +from typing import List -from test_util import harness, util +import pytest +from test_util import config, harness, util LOG = logging.getLogger(__name__) -def test_dns(session_instance: harness.Instance): - session_instance.exec( +@pytest.mark.bootstrap_config((config.MANIFESTS_DIR / "bootstrap-all.yaml").read_text()) +def test_dns(instances: List[harness.Instance]): + instance = instances[0] + util.wait_until_k8s_ready(instance, [instance]) + util.wait_for_network(instance) + util.wait_for_dns(instance) + + instance.exec( [ "k8s", "kubectl", @@ -23,7 +31,7 @@ def test_dns(session_instance: harness.Instance): ], ) - util.stubbornly(retries=3, delay_s=1).on(session_instance).exec( + util.stubbornly(retries=3, delay_s=1).on(instance).exec( [ "k8s", "kubectl", @@ -37,14 +45,14 @@ def test_dns(session_instance: harness.Instance): ] ) - result = session_instance.exec( + result = instance.exec( ["k8s", "kubectl", "exec", "busybox", "--", "nslookup", "kubernetes.default"], capture_output=True, ) assert "10.152.183.1 kubernetes.default.svc.cluster.local" in result.stdout.decode() - result = session_instance.exec( + result = instance.exec( ["k8s", "kubectl", "exec", "busybox", "--", "nslookup", "canonical.com"], capture_output=True, check=False, diff --git a/tests/integration/tests/test_gateway.py b/tests/integration/tests/test_gateway.py index dd5f33ba0..c2116e7cb 100644 --- a/tests/integration/tests/test_gateway.py +++ b/tests/integration/tests/test_gateway.py @@ -6,8 +6,10 @@ import subprocess import time from pathlib import Path +from typing import List -from test_util import harness, util +import pytest +from test_util import config, harness, util from test_util.config import MANIFESTS_DIR LOG = logging.getLogger(__name__) @@ -66,20 +68,35 @@ def get_external_service_ip(instance: harness.Instance) -> str: return gateway_ip -def test_gateway(session_instance: harness.Instance): +@pytest.mark.bootstrap_config((config.MANIFESTS_DIR / "bootstrap-all.yaml").read_text()) +def test_gateway(instances: List[harness.Instance]): + instance = instances[0] + instance_default_ip = util.get_default_ip(instance) + instance_default_cidr = util.get_default_cidr(instance, instance_default_ip) + lb_cidr = util.find_suitable_cidr( + parent_cidr=instance_default_cidr, + excluded_ips=[instance_default_ip], + ) + instance.exec( + ["k8s", "set", f"load-balancer.cidrs={lb_cidr}", "load-balancer.l2-mode=true"] + ) + util.wait_until_k8s_ready(instance, [instance]) + util.wait_for_network(instance) + util.wait_for_dns(instance) + manifest = MANIFESTS_DIR / "gateway-test.yaml" - session_instance.exec( + instance.exec( ["k8s", "kubectl", "apply", "-f", "-"], input=Path(manifest).read_bytes(), ) LOG.info("Waiting for nginx pod to show up...") - util.stubbornly(retries=5, delay_s=10).on(session_instance).until( + util.stubbornly(retries=5, delay_s=10).on(instance).until( lambda p: "my-nginx" in p.stdout.decode() ).exec(["k8s", "kubectl", "get", "pod", "-o", "json"]) LOG.info("Nginx pod showed up.") - util.stubbornly(retries=3, delay_s=1).on(session_instance).exec( + util.stubbornly(retries=3, delay_s=1).on(instance).exec( [ "k8s", "kubectl", @@ -97,7 +114,7 @@ def test_gateway(session_instance: harness.Instance): gateway_http_port = None result = ( util.stubbornly(retries=7, delay_s=3) - .on(session_instance) + .on(instance) .until(lambda p: get_gateway_service_node_port(p) is not None) .exec(["k8s", "kubectl", "get", "service", "-o", "json"]) ) @@ -106,12 +123,12 @@ def test_gateway(session_instance: harness.Instance): assert gateway_http_port is not None, "No Gateway nodePort found." # Test the Gateway service via loadbalancer IP. - util.stubbornly(retries=5, delay_s=5).on(session_instance).until( + util.stubbornly(retries=5, delay_s=5).on(instance).until( lambda p: "Welcome to nginx!" in p.stdout.decode() ).exec(["curl", f"localhost:{gateway_http_port}"]) - gateway_ip = get_external_service_ip(session_instance) + gateway_ip = get_external_service_ip(instance) assert gateway_ip is not None, "No Gateway IP found." - util.stubbornly(retries=5, delay_s=5).on(session_instance).until( + util.stubbornly(retries=5, delay_s=5).on(instance).until( lambda p: "Welcome to nginx!" in p.stdout.decode() ).exec(["curl", f"{gateway_ip}", "-H", "Host: foo.bar.com"]) diff --git a/tests/integration/tests/test_ingress.py b/tests/integration/tests/test_ingress.py index ad8a9541e..c39115f83 100644 --- a/tests/integration/tests/test_ingress.py +++ b/tests/integration/tests/test_ingress.py @@ -8,7 +8,8 @@ from pathlib import Path from typing import List -from test_util import harness, util +import pytest +from test_util import config, harness, util from test_util.config import MANIFESTS_DIR LOG = logging.getLogger(__name__) @@ -72,11 +73,25 @@ def get_external_service_ip(instance: harness.Instance, service_namespace) -> st return ingress_ip -def test_ingress(session_instance: List[harness.Instance]): +@pytest.mark.bootstrap_config((config.MANIFESTS_DIR / "bootstrap-all.yaml").read_text()) +def test_ingress(instances: List[harness.Instance]): + instance = instances[0] + instance_default_ip = util.get_default_ip(instance) + instance_default_cidr = util.get_default_cidr(instance, instance_default_ip) + lb_cidr = util.find_suitable_cidr( + parent_cidr=instance_default_cidr, + excluded_ips=[instance_default_ip], + ) + instance.exec( + ["k8s", "set", f"load-balancer.cidrs={lb_cidr}", "load-balancer.l2-mode=true"] + ) + util.wait_until_k8s_ready(instance, [instance]) + util.wait_for_network(instance) + util.wait_for_dns(instance) result = ( util.stubbornly(retries=7, delay_s=3) - .on(session_instance) + .on(instance) .until(lambda p: get_ingress_service_node_port(p) is not None) .exec(["k8s", "kubectl", "get", "service", "-A", "-o", "json"]) ) @@ -86,18 +101,18 @@ def test_ingress(session_instance: List[harness.Instance]): assert ingress_http_port is not None, "No ingress nodePort found." manifest = MANIFESTS_DIR / "ingress-test.yaml" - session_instance.exec( + instance.exec( ["k8s", "kubectl", "apply", "-f", "-"], input=Path(manifest).read_bytes(), ) LOG.info("Waiting for nginx pod to show up...") - util.stubbornly(retries=5, delay_s=10).on(session_instance).until( + util.stubbornly(retries=5, delay_s=10).on(instance).until( lambda p: "my-nginx" in p.stdout.decode() ).exec(["k8s", "kubectl", "get", "pod", "-o", "json"]) LOG.info("Nginx pod showed up.") - util.stubbornly(retries=3, delay_s=1).on(session_instance).exec( + util.stubbornly(retries=3, delay_s=1).on(instance).exec( [ "k8s", "kubectl", @@ -111,19 +126,19 @@ def test_ingress(session_instance: List[harness.Instance]): ] ) - util.stubbornly(retries=5, delay_s=5).on(session_instance).until( + util.stubbornly(retries=5, delay_s=5).on(instance).until( lambda p: "Welcome to nginx!" in p.stdout.decode() ).exec(["curl", f"localhost:{ingress_http_port}", "-H", "Host: foo.bar.com"]) # Test the ingress service via loadbalancer IP ingress_ip = get_external_service_ip( - session_instance, + instance, [ {"service": "ck-ingress-contour-envoy", "namespace": "projectcontour"}, {"service": "cilium-ingress", "namespace": "kube-system"}, ], ) assert ingress_ip is not None, "No ingress IP found." - util.stubbornly(retries=5, delay_s=5).on(session_instance).until( + util.stubbornly(retries=5, delay_s=5).on(instance).until( lambda p: "Welcome to nginx!" in p.stdout.decode() ).exec(["curl", f"{ingress_ip}", "-H", "Host: foo.bar.com"]) diff --git a/tests/integration/tests/test_metrics_server.py b/tests/integration/tests/test_metrics_server.py index 1fa0331c9..0759a41e4 100644 --- a/tests/integration/tests/test_metrics_server.py +++ b/tests/integration/tests/test_metrics_server.py @@ -2,20 +2,28 @@ # Copyright 2024 Canonical, Ltd. # import logging +from typing import List -from test_util import harness, util +import pytest +from test_util import config, harness, util LOG = logging.getLogger(__name__) -def test_metrics_server(session_instance: harness.Instance): +@pytest.mark.bootstrap_config((config.MANIFESTS_DIR / "bootstrap-all.yaml").read_text()) +def test_metrics_server(instances: List[harness.Instance]): + instance = instances[0] + util.wait_until_k8s_ready(instance, [instance]) + util.wait_for_network(instance) + util.wait_for_dns(instance) + LOG.info("Waiting for metrics-server pod to show up...") - util.stubbornly(retries=15, delay_s=5).on(session_instance).until( + util.stubbornly(retries=15, delay_s=5).on(instance).until( lambda p: "metrics-server" in p.stdout.decode() ).exec(["k8s", "kubectl", "get", "pod", "-n", "kube-system", "-o", "json"]) LOG.info("Metrics-server pod showed up.") - util.stubbornly(retries=3, delay_s=1).on(session_instance).exec( + util.stubbornly(retries=3, delay_s=1).on(instance).exec( [ "k8s", "kubectl", @@ -31,6 +39,6 @@ def test_metrics_server(session_instance: harness.Instance): ] ) - util.stubbornly(retries=15, delay_s=5).on(session_instance).until( - lambda p: session_instance.id in p.stdout.decode() + util.stubbornly(retries=15, delay_s=5).on(instance).until( + lambda p: instance.id in p.stdout.decode() ).exec(["k8s", "kubectl", "top", "node"]) diff --git a/tests/integration/tests/test_network.py b/tests/integration/tests/test_network.py index e4d483b4a..838a5c249 100644 --- a/tests/integration/tests/test_network.py +++ b/tests/integration/tests/test_network.py @@ -4,21 +4,29 @@ import json import logging from pathlib import Path +from typing import List -from test_util import harness, util +import pytest +from test_util import config, harness, util from test_util.config import MANIFESTS_DIR LOG = logging.getLogger(__name__) -def test_network(session_instance: harness.Instance): +@pytest.mark.bootstrap_config((config.MANIFESTS_DIR / "bootstrap-all.yaml").read_text()) +def test_network(instances: List[harness.Instance]): + instance = instances[0] + util.wait_until_k8s_ready(instance, [instance]) + util.wait_for_network(instance) + util.wait_for_dns(instance) + manifest = MANIFESTS_DIR / "nginx-pod.yaml" - p = session_instance.exec( + p = instance.exec( ["k8s", "kubectl", "apply", "-f", "-"], input=Path(manifest).read_bytes(), ) - util.stubbornly(retries=3, delay_s=1).on(session_instance).exec( + util.stubbornly(retries=3, delay_s=1).on(instance).exec( [ "k8s", "kubectl", @@ -32,7 +40,7 @@ def test_network(session_instance: harness.Instance): ] ) - p = session_instance.exec( + p = instance.exec( [ "k8s", "kubectl", @@ -51,6 +59,6 @@ def test_network(session_instance: harness.Instance): assert len(out["items"]) > 0, "No NGINX pod found" podIP = out["items"][0]["status"]["podIP"] - util.stubbornly(retries=5, delay_s=5).on(session_instance).until( + util.stubbornly(retries=5, delay_s=5).on(instance).until( lambda p: "Welcome to nginx!" in p.stdout.decode() ).exec(["curl", "-s", f"http://{podIP}"]) diff --git a/tests/integration/tests/test_storage.py b/tests/integration/tests/test_storage.py index 2a8ce2c6f..497e401d9 100644 --- a/tests/integration/tests/test_storage.py +++ b/tests/integration/tests/test_storage.py @@ -5,8 +5,10 @@ import logging import subprocess from pathlib import Path +from typing import List -from test_util import harness, util +import pytest +from test_util import config, harness, util from test_util.config import MANIFESTS_DIR LOG = logging.getLogger(__name__) @@ -20,14 +22,20 @@ def check_pvc_bound(p: subprocess.CompletedProcess) -> bool: return False -def test_storage(session_instance: harness.Instance): +@pytest.mark.bootstrap_config((config.MANIFESTS_DIR / "bootstrap-all.yaml").read_text()) +def test_storage(instances: List[harness.Instance]): + instance = instances[0] + util.wait_until_k8s_ready(instance, [instance]) + util.wait_for_network(instance) + util.wait_for_dns(instance) + LOG.info("Waiting for storage provisioner pod to show up...") - util.stubbornly(retries=15, delay_s=5).on(session_instance).until( + util.stubbornly(retries=15, delay_s=5).on(instance).until( lambda p: "ck-storage" in p.stdout.decode() ).exec(["k8s", "kubectl", "get", "pod", "-n", "kube-system", "-o", "json"]) LOG.info("Storage provisioner pod showed up.") - util.stubbornly(retries=3, delay_s=1).on(session_instance).exec( + util.stubbornly(retries=3, delay_s=1).on(instance).exec( [ "k8s", "kubectl", @@ -44,18 +52,18 @@ def test_storage(session_instance: harness.Instance): ) manifest = MANIFESTS_DIR / "storage-setup.yaml" - session_instance.exec( + instance.exec( ["k8s", "kubectl", "apply", "-f", "-"], input=Path(manifest).read_bytes(), ) LOG.info("Waiting for storage writer pod to show up...") - util.stubbornly(retries=3, delay_s=10).on(session_instance).until( + util.stubbornly(retries=3, delay_s=10).on(instance).until( lambda p: "storage-writer-pod" in p.stdout.decode() ).exec(["k8s", "kubectl", "get", "pod", "-o", "json"]) LOG.info("Storage writer pod showed up.") - util.stubbornly(retries=3, delay_s=1).on(session_instance).exec( + util.stubbornly(retries=3, delay_s=1).on(instance).exec( [ "k8s", "kubectl", @@ -70,16 +78,16 @@ def test_storage(session_instance: harness.Instance): ) LOG.info("Waiting for storage to get provisioned...") - util.stubbornly(retries=3, delay_s=1).on(session_instance).until( - check_pvc_bound - ).exec(["k8s", "kubectl", "get", "pvc", "-o", "json"]) + util.stubbornly(retries=3, delay_s=1).on(instance).until(check_pvc_bound).exec( + ["k8s", "kubectl", "get", "pvc", "-o", "json"] + ) LOG.info("Storage got provisioned and pvc is bound.") - util.stubbornly(retries=5, delay_s=10).on(session_instance).until( + util.stubbornly(retries=5, delay_s=10).on(instance).until( lambda p: "LOREM IPSUM" in p.stdout.decode() ).exec(["k8s", "kubectl", "logs", "storage-writer-pod"]) - util.stubbornly(retries=3, delay_s=1).on(session_instance).exec( + util.stubbornly(retries=3, delay_s=1).on(instance).exec( [ "k8s", "kubectl", @@ -92,18 +100,18 @@ def test_storage(session_instance: harness.Instance): ) manifest = MANIFESTS_DIR / "storage-test.yaml" - session_instance.exec( + instance.exec( ["k8s", "kubectl", "apply", "-f", "-"], input=Path(manifest).read_bytes(), ) LOG.info("Waiting for storage reader pod to show up...") - util.stubbornly(retries=3, delay_s=10).on(session_instance).until( + util.stubbornly(retries=3, delay_s=10).on(instance).until( lambda p: "storage-reader-pod" in p.stdout.decode() ).exec(["k8s", "kubectl", "get", "pod", "-o", "json"]) LOG.info("Storage reader pod showed up.") - util.stubbornly(retries=3, delay_s=1).on(session_instance).exec( + util.stubbornly(retries=3, delay_s=1).on(instance).exec( [ "k8s", "kubectl", @@ -117,7 +125,7 @@ def test_storage(session_instance: harness.Instance): ] ) - util.stubbornly(retries=5, delay_s=10).on(session_instance).until( + util.stubbornly(retries=5, delay_s=10).on(instance).until( lambda p: "LOREM IPSUM" in p.stdout.decode() ).exec(["k8s", "kubectl", "logs", "storage-reader-pod"]) diff --git a/tests/integration/tests/test_util/config.py b/tests/integration/tests/test_util/config.py index f85021573..f44ae122e 100644 --- a/tests/integration/tests/test_util/config.py +++ b/tests/integration/tests/test_util/config.py @@ -7,7 +7,7 @@ DIR = Path(__file__).absolute().parent # The following defaults are used to define how long to wait for a condition to be met. -DEFAULT_WAIT_RETRIES = int(os.getenv("TEST_DEFAULT_WAIT_RETRIES") or 30) +DEFAULT_WAIT_RETRIES = int(os.getenv("TEST_DEFAULT_WAIT_RETRIES") or 60) DEFAULT_WAIT_DELAY_S = int(os.getenv("TEST_DEFAULT_WAIT_DELAY_S") or 5) MANIFESTS_DIR = DIR / ".." / ".." / "templates" diff --git a/tests/integration/tests/test_util/util.py b/tests/integration/tests/test_util/util.py index 352589c48..5ae53f2e2 100644 --- a/tests/integration/tests/test_util/util.py +++ b/tests/integration/tests/test_util/util.py @@ -185,6 +185,48 @@ def setup_k8s_snap( instance.exec(["/snap/k8s/current/k8s/hack/init.sh"], stdout=subprocess.DEVNULL) +def remove_k8s_snap(instance: harness.Instance): + LOG.info("Uninstall k8s...") + stubbornly(retries=20, delay_s=5).on(instance).exec( + ["snap", "remove", config.SNAP_NAME, "--purge"] + ) + + LOG.info("Waiting for shims to go away...") + stubbornly(retries=20, delay_s=5).on(instance).until( + lambda p: all( + x not in p.stdout.decode() + for x in ["containerd-shim", "cilium", "coredns", "/pause"] + ) + ).exec(["ps", "-fea"]) + + LOG.info("Waiting for kubelet and containerd mounts to go away...") + stubbornly(retries=20, delay_s=5).on(instance).until( + lambda p: all( + x not in p.stdout.decode() + for x in ["/var/lib/kubelet/pods", "/run/containerd/io.containerd"] + ) + ).exec(["mount"]) + + # NOTE(neoaggelos): Temporarily disable this as it fails on strict. + # For details, `snap changes` then `snap change $remove_k8s_snap_change`. + # Example output follows: + # + # 2024-02-23T14:10:42Z ERROR ignoring failure in hook "remove": + # ----- + # ... + # ip netns delete cni-UUID1 + # Cannot remove namespace file "/run/netns/cni-UUID1": Device or resource busy + # ip netns delete cni-UUID2 + # Cannot remove namespace file "/run/netns/cni-UUID2": Device or resource busy + # ip netns delete cni-UUID3 + # Cannot remove namespace file "/run/netns/cni-UUID3": Device or resource busy + + # LOG.info("Waiting for CNI network namespaces to go away...") + # stubbornly(retries=5, delay_s=5).on(instance).until( + # lambda p: "cni-" not in p.stdout.decode() + # ).exec(["ip", "netns", "list"]) + + def wait_until_k8s_ready( control_node: harness.Instance, instances: List[harness.Instance], From 5b032a933106e7931a1fbe6b3b2998cfbbf56f8a Mon Sep 17 00:00:00 2001 From: Lucian Petrut Date: Wed, 13 Nov 2024 15:03:11 +0200 Subject: [PATCH 094/122] Fix lint and sbom jobs (#791) --- build-scripts/hack/generate-sbom.py | 14 ++++++++------ .../patches/strict/0001-Strict-patch.patch | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/build-scripts/hack/generate-sbom.py b/build-scripts/hack/generate-sbom.py index 6ea25c9ea..c9cd22a27 100755 --- a/build-scripts/hack/generate-sbom.py +++ b/build-scripts/hack/generate-sbom.py @@ -139,13 +139,15 @@ def k8s_snap_c_dqlite_components(manifest, extra_files): def rock_cilium(manifest, extra_files): LOG.info("Generating SBOM info for Cilium rocks") + cilium_version = "1.15.2" + with util.git_repo(CILIUM_ROCK_REPO, CILIUM_ROCK_TAG) as d: rock_repo_commit = util.parse_output(["git", "rev-parse", "HEAD"], cwd=d) - rockcraft = (d / "cilium/rockcraft.yaml").read_text() - operator_rockcraft = (d / "cilium-operator-generic/rockcraft.yaml").read_text() + rockcraft = (d / f"{cilium_version}/cilium/rockcraft.yaml").read_text() + operator_rockcraft = (d / f"{cilium_version}/cilium-operator-generic/rockcraft.yaml").read_text() - extra_files["cilium/rockcraft.yaml"] = rockcraft - extra_files["cilium-operator-generic/rockcraft.yaml"] = operator_rockcraft + extra_files[f"{cilium_version}/cilium/rockcraft.yaml"] = rockcraft + extra_files[f"{cilium_version}/cilium-operator-generic/rockcraft.yaml"] = operator_rockcraft rockcraft_yaml = yaml.safe_load(rockcraft) repo_url = rockcraft_yaml["parts"]["cilium"]["source"] @@ -169,10 +171,10 @@ def rock_cilium(manifest, extra_files): }, "language": "go", "details": [ - "cilium/rockcraft.yaml", + f"{cilium_version}/cilium/rockcraft.yaml", "cilium/go.mod", "cilium/go.sum", - "cilium-operator-generic/rockcraft.yaml", + f"{cilium_version}/cilium-operator-generic/rockcraft.yaml", "cilium-operator-generic/go.mod", "cilium-operator-generic/go.sum", ], diff --git a/build-scripts/patches/strict/0001-Strict-patch.patch b/build-scripts/patches/strict/0001-Strict-patch.patch index 7bbc5a71b..bed2ed6ff 100644 --- a/build-scripts/patches/strict/0001-Strict-patch.patch +++ b/build-scripts/patches/strict/0001-Strict-patch.patch @@ -299,7 +299,7 @@ index 3e54d68..295c458 100644 + # * list mounts + # + # https://paste.ubuntu.com/p/WscCCfnvGH/plain/ -+ # https://paste.ubuntu.com/p/sSnJVvZkrr/plain/ ++ # https://paste.ubuntu.com/p/sSnJVvZkrr/plain/ + # + # LOG.info("Waiting for shims to go away...") + # stubbornly(retries=20, delay_s=5).on(instance).until( From 2e7135300921a97d926eb8a27bdfa9ff2f03706c Mon Sep 17 00:00:00 2001 From: Lucian Petrut Date: Thu, 14 Nov 2024 09:23:47 +0200 Subject: [PATCH 095/122] Increase timeouts and log test timestamps (#792) * Configure pytest to log timestamps We'll configure pytest to use log timestamps, which allows us to correlate test logs with kubernetes logs. * Bump test timeouts again We're waiting about 5 minutes for new nodes to become ready, however sometimes this isn't enough. It can take around one minute just to pull the cilium image. For this reason, we'll double the test timeouts again. --- tests/branch_management/tox.ini | 2 ++ tests/integration/tests/test_util/config.py | 2 +- tests/integration/tox.ini | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/branch_management/tox.ini b/tests/branch_management/tox.ini index 4ee5619c2..a7f2cd8de 100644 --- a/tests/branch_management/tox.ini +++ b/tests/branch_management/tox.ini @@ -38,6 +38,8 @@ commands = --tb native \ --log-cli-level DEBUG \ --disable-warnings \ + --log-format "%(asctime)s %(levelname)s %(message)s" \ + --log-date-format "%Y-%m-%d %H:%M:%S" \ {posargs} \ {tox_root}/tests pass_env = diff --git a/tests/integration/tests/test_util/config.py b/tests/integration/tests/test_util/config.py index f44ae122e..40e375c23 100644 --- a/tests/integration/tests/test_util/config.py +++ b/tests/integration/tests/test_util/config.py @@ -7,7 +7,7 @@ DIR = Path(__file__).absolute().parent # The following defaults are used to define how long to wait for a condition to be met. -DEFAULT_WAIT_RETRIES = int(os.getenv("TEST_DEFAULT_WAIT_RETRIES") or 60) +DEFAULT_WAIT_RETRIES = int(os.getenv("TEST_DEFAULT_WAIT_RETRIES") or 120) DEFAULT_WAIT_DELAY_S = int(os.getenv("TEST_DEFAULT_WAIT_DELAY_S") or 5) MANIFESTS_DIR = DIR / ".." / ".." / "templates" diff --git a/tests/integration/tox.ini b/tests/integration/tox.ini index 1b33bcda9..bdd82d029 100644 --- a/tests/integration/tox.ini +++ b/tests/integration/tox.ini @@ -37,6 +37,8 @@ commands = --maxfail 1 \ --tb native \ --log-cli-level DEBUG \ + --log-format "%(asctime)s %(levelname)s %(message)s" \ + --log-date-format "%Y-%m-%d %H:%M:%S" \ --disable-warnings \ {posargs} \ {toxinidir}/tests From aa8b78fd8010b25b36d7fff8951ba46b2f1d1a6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berkay=20Tekin=20=C3=96z?= Date: Thu, 14 Nov 2024 10:24:29 +0300 Subject: [PATCH 096/122] Remove strict testing from PRs (#793) --- .github/workflows/integration-informing.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration-informing.yaml b/.github/workflows/integration-informing.yaml index d4ca93ae9..9ade424d0 100644 --- a/.github/workflows/integration-informing.yaml +++ b/.github/workflows/integration-informing.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - patch: ["strict", "moonray"] + patch: ["moonray"] fail-fast: false steps: - name: Harden Runner @@ -58,7 +58,7 @@ jobs: strategy: matrix: os: ["ubuntu:20.04"] - patch: ["strict", "moonray"] + patch: ["moonray"] fail-fast: false runs-on: ["self-hosted", "Linux", "AMD64", "jammy", "large"] steps: From e1dd58e65154623962d62f93322add4bb817647a Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Thu, 14 Nov 2024 12:09:16 -0500 Subject: [PATCH 097/122] Verify Microk8s Installation Status (#785) --- src/k8s/cmd/k8s/k8s_bootstrap.go | 19 +++++++++ src/k8s/pkg/client/snapd/snap_info.go | 41 +++++++++++++++++++ .../tests/test_util/test_bootstrap.py | 16 ++++++++ 3 files changed, 76 insertions(+) create mode 100644 src/k8s/pkg/client/snapd/snap_info.go create mode 100644 tests/integration/tests/test_util/test_bootstrap.py diff --git a/src/k8s/cmd/k8s/k8s_bootstrap.go b/src/k8s/cmd/k8s/k8s_bootstrap.go index 5510ed34e..9ba6525d3 100644 --- a/src/k8s/cmd/k8s/k8s_bootstrap.go +++ b/src/k8s/cmd/k8s/k8s_bootstrap.go @@ -13,6 +13,7 @@ import ( apiv1 "github.com/canonical/k8s-snap-api/api/v1" cmdutil "github.com/canonical/k8s/cmd/util" + "github.com/canonical/k8s/pkg/client/snapd" "github.com/canonical/k8s/pkg/config" "github.com/canonical/k8s/pkg/k8sd/features" "github.com/canonical/k8s/pkg/utils" @@ -47,6 +48,24 @@ func newBootstrapCmd(env cmdutil.ExecutionEnvironment) *cobra.Command { Long: "Generate certificates, configure service arguments and start the Kubernetes services.", PreRun: chainPreRunHooks(hookRequireRoot(env), hookInitializeFormatter(env, &opts.outputFormat), hookCheckLXD()), Run: func(cmd *cobra.Command, args []string) { + snapdClient, err := snapd.NewClient() + if err != nil { + cmd.PrintErrln("Error: failed to create snapd client: %w", err) + env.Exit(1) + return + } + microk8sInfo, err := snapdClient.GetSnapInfo("microk8s") + if err != nil { + cmd.PrintErrln("Error: failed to check if microk8s is installed: %w", err) + env.Exit(1) + return + } + if microk8sInfo.StatusCode == 200 && microk8sInfo.HasInstallDate() { + cmd.PrintErrln("Error: microk8s snap is installed. Please remove it using the following command and try again:\n\n sudo snap remove microk8s") + env.Exit(1) + return + } + if opts.interactive && opts.configFile != "" { cmd.PrintErrln("Error: --interactive and --file flags cannot be set at the same time.") env.Exit(1) diff --git a/src/k8s/pkg/client/snapd/snap_info.go b/src/k8s/pkg/client/snapd/snap_info.go new file mode 100644 index 000000000..b09f61ec4 --- /dev/null +++ b/src/k8s/pkg/client/snapd/snap_info.go @@ -0,0 +1,41 @@ +package snapd + +import ( + "encoding/json" + "fmt" + "io" + "time" +) + +type SnapInfoResult struct { + InstallDate time.Time `json:"install-date"` +} + +type SnapInfoResponse struct { + StatusCode int `json:"status-code"` + Result SnapInfoResult `json:"result"` +} + +func (c *Client) GetSnapInfo(snap string) (*SnapInfoResponse, error) { + resp, err := c.client.Get(fmt.Sprintf("http://localhost/v2/snaps/%s", snap)) + if err != nil { + return nil, fmt.Errorf("failed to get snapd snap info: %w", err) + } + defer resp.Body.Close() + + resBody, err := io.ReadAll(resp.Body) + if err != nil { + return nil, fmt.Errorf("client: could not read response body: %w", err) + } + + var snapInfoResponse SnapInfoResponse + if err := json.Unmarshal(resBody, &snapInfoResponse); err != nil { + return nil, fmt.Errorf("client: could not unmarshal response body: %w", err) + } + + return &snapInfoResponse, nil +} + +func (s SnapInfoResponse) HasInstallDate() bool { + return !s.Result.InstallDate.IsZero() +} diff --git a/tests/integration/tests/test_util/test_bootstrap.py b/tests/integration/tests/test_util/test_bootstrap.py new file mode 100644 index 000000000..1bcc688dd --- /dev/null +++ b/tests/integration/tests/test_util/test_bootstrap.py @@ -0,0 +1,16 @@ +# +# Copyright 2024 Canonical, Ltd. +# +from typing import List + +import pytest +from test_util import harness + + +@pytest.mark.node_count(1) +@pytest.mark.disable_k8s_bootstrapping() +def test_microk8s_installed(instances: List[harness.Instance]): + instance = instances[0] + instance.exec("snap install microk8s --classic".split()) + result = instance.exec("k8s bootstrap".split(), capture_output=True, check=False) + assert "Error: microk8s snap is installed" in result.stderr.decode() From a8e140be5569dc4b0e742d99bc27ac130d5a8183 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berkay=20Tekin=20=C3=96z?= Date: Fri, 15 Nov 2024 10:01:14 +0300 Subject: [PATCH 098/122] Cleanup left-over iptables rules from kubeproxy and cilium (#788) --- k8s/lib.sh | 2 ++ snap/snapcraft.yaml | 1 + src/k8s/pkg/k8sd/features/cilium/cleanup.go | 21 +++++++++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/k8s/lib.sh b/k8s/lib.sh index a30f3a30a..ba6d96b1a 100755 --- a/k8s/lib.sh +++ b/k8s/lib.sh @@ -46,6 +46,8 @@ k8s::common::is_strict() { # Cleanup configuration left by the network feature k8s::remove::network() { k8s::common::setup_env + + "${SNAP}/bin/kube-proxy" --cleanup || true k8s::cmd::k8s x-cleanup network || true } diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 9d21e55f1..435f40fb2 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -164,6 +164,7 @@ parts: - ethtool - hostname - iproute2 + - ipset - kmod - libatm1 - libnss-resolve diff --git a/src/k8s/pkg/k8sd/features/cilium/cleanup.go b/src/k8s/pkg/k8sd/features/cilium/cleanup.go index bb97321e8..679e56135 100644 --- a/src/k8s/pkg/k8sd/features/cilium/cleanup.go +++ b/src/k8s/pkg/k8sd/features/cilium/cleanup.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "os/exec" + "strings" "github.com/canonical/k8s/pkg/snap" ) @@ -18,5 +19,25 @@ func CleanupNetwork(ctx context.Context, snap snap.Snap) error { } } + for _, cmd := range []string{"iptables", "ip6tables", "iptables-legacy", "ip6tables-legacy"} { + out, err := exec.Command(fmt.Sprintf("%s-save", cmd)).Output() + if err != nil { + return fmt.Errorf("failed to read iptables rules: %w", err) + } + + lines := strings.Split(string(out), "\n") + for i, line := range lines { + if strings.Contains(strings.ToLower(line), "cilium") { + lines[i] = "" + } + } + + restore := exec.Command(fmt.Sprintf("%s-restore", cmd)) + restore.Stdin = strings.NewReader(strings.Join(lines, "\n")) + if err := restore.Run(); err != nil { + return fmt.Errorf("failed to restore iptables rules: %w", err) + } + } + return nil } From 352819381595cde4bfbdccfb90c7738bb2d23bb5 Mon Sep 17 00:00:00 2001 From: Homayoon Alimohammadi Date: Fri, 15 Nov 2024 18:28:35 +0400 Subject: [PATCH 099/122] Add in-place upgrade explanation (#770) --- .../src/capi/explanation/in-place-upgrades.md | 132 ++++++++++++++++++ docs/src/capi/explanation/index.md | 2 +- 2 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 docs/src/capi/explanation/in-place-upgrades.md diff --git a/docs/src/capi/explanation/in-place-upgrades.md b/docs/src/capi/explanation/in-place-upgrades.md new file mode 100644 index 000000000..5196fd7d1 --- /dev/null +++ b/docs/src/capi/explanation/in-place-upgrades.md @@ -0,0 +1,132 @@ +# In-Place Upgrades + +Regularly upgrading the Kubernetes version of the machines in a cluster +is important. While rolling upgrades are a popular strategy, certain +situations will require in-place upgrades: + +- Resource constraints (i.e. cost of additional machines). +- Expensive manual setup process for nodes. + +## Annotations + +CAPI machines are considered immutable. Consequently, machines are replaced +instead of reconfigured. +While CAPI doesn't support in-place upgrades, {{product}} CAPI does +by leveraging annotations for the implementation. +For a deeper understanding of the CAPI design decisions, consider reading about +[machine immutability in CAPI][1], and Kubernetes objects: [`labels`][2], +[`spec` and `status`][3]. + +## Controllers + +In {{product}} CAPI, there are two main types of controllers that handle the +process of performing in-place upgrades: + +- Single Machine In-Place Upgrade Controller +- Orchestrated In-Place Upgrade Controller + +The core component of performing an in-place upgrade is the `Single Machine +Upgrader`. The controller watches for annotations on machines and reconciles +them to ensure the upgrades happen smoothly. + +The `Orchestrator` watches for certain annotations on +machine owners, reconciles them and upgrades groups of owned machines. +It’s responsible for ensuring that all the machines owned by the +reconciled object get upgraded successfully. + +The main annotations that drive the upgrade process are as follows: + +- `v1beta2.k8sd.io/in-place-upgrade-to` --> `upgrade-to` : Instructs +the controller to perform an upgrade with the specified option/method. +- `v1beta2.k8sd.io/in-place-upgrade-status` --> `status` : As soon as the +controller starts the upgrade process, the object will be marked with the +`status` annotation which can either be `in-progress`, `failed` or `done`. +- `v1beta2.k8sd.io/in-place-upgrade-release` --> `release` : When the +upgrade is performed successfully, this annotation will indicate the current +Kubernetes release/version installed on the machine. + +For a complete list of annotations and their values please +refer to the [annotations reference page][4]. This explanation proceeds +to use abbreviations of the mentioned labels. + +### Single Machine In-Place Upgrade Controller + +The Machine objects can be marked with the `upgrade-to` annotation to +trigger an in-place upgrade for that machine. While watching for changes +on the machines, the single machine upgrade controller notices this annotation +and attempts to upgrade the Kubernetes version of that machine to the +specified version. + +Upgrade methods or options can be specified to upgrade to a snap channel, +revision, or a local snap file already placed on the +machine in air-gapped environments. + +A successfully upgraded machine shows the following annotations: + +```yaml +annotations: + v1beta2.k8sd.io/in-place-upgrade-release: "channel=1.31/stable" + v1beta2.k8sd.io/in-place-upgrade-status: "done" +``` + +If the upgrade fails, the controller will mark the machine and retry +the upgrade immediately: + +```yaml +annotations: + # the `upgrade-to` causes the retry to happen + v1beta2.k8sd.io/in-place-upgrade-to: "channel=1.31/stable" + v1beta2.k8sd.io/in-place-upgrade-status: "failed" + + # orchestrator will notice this annotation and knows that the + # upgrade for this machine failed + v1beta2.k8sd.io/in-place-upgrade-last-failed-attempt-at: "Sat, 7 Nov + 2024 13:30:00 +0400" +``` + +By applying and removing annotations, the single machine +upgrader determines the upgrade status of the machine it’s trying to +reconcile and takes necessary actions to successfully complete an +in-place upgrade. The following diagram shows the flow of the in-place +upgrade of a single machine: + +![Diagram][img-single-machine] + +### Machine Upgrade Process + +The {{product}}'s `k8sd` daemon exposes endpoints that can be used to +interact with the cluster. The single machine upgrader calls the +`/snap/refresh` endpoint on the machine to trigger the upgrade +process while checking `/snap/refresh-status` periodically. + +![Diagram][img-k8sd-call] + +### In-place upgrades on large workload clusters + +While the “Single Machine In-Place Upgrade Controller” is responsible +for upgrading individual machines, the "Orchestrated In-Place Upgrade +Controller" ensures that groups of machines will get upgraded. +By applying the `upgrade-to` annotation on an object that owns machines +(e.g. a `MachineDeployment`), this controller will mark the owned machines +one by one which will cause the "Single Machine Upgrader" to pickup those +annotations and upgrade the machines. To avoid undesirable situations + like quorum loss or severe downtime, these upgrades happen in sequence. + +The failures and successes of individual machine upgrades will be reported back +to the orchestrator by the single machine upgrader via annotations. + +The illustrated flow of orchestrated in-place upgrades: + +![Diagram][img-orchestrated] + + + +[img-single-machine]: https://assets.ubuntu.com/v1/1200f040-single-machine.png +[img-k8sd-call]: https://assets.ubuntu.com/v1/518eb73a-k8sd-call.png +[img-orchestrated]: https://assets.ubuntu.com/v1/8f302a00-orchestrated.png + + +[1]: https://cluster-api.sigs.k8s.io/user/concepts#machine-immutability-in-place-upgrade-vs-replace +[2]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +[3]: https://kubernetes.io/docs/concepts/overview/working-with-objects/#object-spec-and-status +[4]: ../reference/annotations.md diff --git a/docs/src/capi/explanation/index.md b/docs/src/capi/explanation/index.md index f10ada1ac..d4ad076be 100644 --- a/docs/src/capi/explanation/index.md +++ b/docs/src/capi/explanation/index.md @@ -16,7 +16,7 @@ Overview about security capi-ck8s.md - +in-place-upgrades.md ``` From b4055dfb278f1bccfef3b25f9e00ab35aa63b5c0 Mon Sep 17 00:00:00 2001 From: Niamh Hennigan Date: Fri, 15 Nov 2024 06:30:29 -0800 Subject: [PATCH 100/122] Arch diagrams (#801) * fix pic order in a previous PR the order of the arch docs got mixed up. Back in correct places now * clarify k8sd diagram fix typos in diagram and help clarify in text and on diagram difference in deploying with Juju vs snap --- docs/src/assets/k8sd-component.puml | 6 +++--- docs/src/snap/reference/architecture.md | 15 ++++++++------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/docs/src/assets/k8sd-component.puml b/docs/src/assets/k8sd-component.puml index f95cd278c..3e39ce90b 100644 --- a/docs/src/assets/k8sd-component.puml +++ b/docs/src/assets/k8sd-component.puml @@ -16,13 +16,13 @@ Container(K8sSnapDistribution.State, "State", $techn="", $descr="Datastores hold Container(K8sSnapDistribution.KubernetesServices, "Kubernetes Services", $techn="", $descr="API server, kubelet, kube-proxy, scheduler, kube-controller", $tags="", $link="") Container_Boundary("K8sSnapDistribution.K8sd_boundary", "K8sd", $tags="") { - Component(K8sSnapDistribution.K8sd.CLI, "CLI", $techn="CLI", $descr="The CLI the offered", $tags="", $link="") + Component(K8sSnapDistribution.K8sd.CLI, "CLI", $techn="CLI", $descr="The CLI offered", $tags="", $link="") Component(K8sSnapDistribution.K8sd.APIviaHTTP, "API via HTTP", $techn="REST", $descr="The API interface offered", $tags="", $link="") - Component(K8sSnapDistribution.K8sd.CLustermanagement, "CLuster management", $techn="", $descr="Management of the cluster with the help of MicroCluster", $tags="", $link="") + Component(K8sSnapDistribution.K8sd.CLustermanagement, "Cluster management", $techn="", $descr="Management of the cluster with the help of MicroCluster", $tags="", $link="") } Rel(K8sAdmin, K8sSnapDistribution.K8sd.CLI, "Sets up and configured the cluster", $techn="", $tags="", $link="") -Rel(CharmK8s, K8sSnapDistribution.K8sd.APIviaHTTP, "Orchestrates the lifecycle management of K8s", $techn="", $tags="", $link="") +Rel(CharmK8s, K8sSnapDistribution.K8sd.APIviaHTTP, "Orchestrates the lifecycle management of K8s when deployed with Juju", $techn="", $tags="", $link="") Rel(K8sSnapDistribution.K8sd.CLustermanagement, K8sSnapDistribution.KubernetesServices, "Configures", $techn="", $tags="", $link="") Rel(K8sSnapDistribution.KubernetesServices, K8sSnapDistribution.State, "Uses by default", $techn="", $tags="", $link="") Rel(K8sSnapDistribution.K8sd.CLustermanagement, K8sSnapDistribution.State, "Keeps state in", $techn="", $tags="", $link="") diff --git a/docs/src/snap/reference/architecture.md b/docs/src/snap/reference/architecture.md index 44981a45b..a24c5ff6a 100644 --- a/docs/src/snap/reference/architecture.md +++ b/docs/src/snap/reference/architecture.md @@ -10,7 +10,7 @@ current design of {{product}}, following the [C4 model]. This overview of {{product}} demonstrates the interactions of Kubernetes with users and with other systems. -![cluster2][] +![cluster5][] Two actors interact with the Kubernetes snap: @@ -19,7 +19,8 @@ Two actors interact with the Kubernetes snap: access to the cluster. That initial user is able to configure the cluster to match their needs and of course create other users that may or may not have admin privileges. The K8s admin is also able to maintain workloads running - in the cluster. + in the cluster. If you deploy {{product}} from a snap, this is how the cluster + is manually orchestrated. - **K8s user**: A user consuming the workloads hosted in the cluster. Users do not have access to the Kubernetes API server. They need to access the cluster @@ -51,7 +52,7 @@ distribution. We have identified the following: Looking more closely at what is contained within the K8s snap itself: -![cluster3][] +![cluster1][] The `k8s` snap distribution includes the following: @@ -72,7 +73,7 @@ The `k8s` snap distribution includes the following: K8sd is the component that implements and exposes the operations functionality needed for managing the Kubernetes cluster. -![cluster4][] +![cluster2][] At the core of the `k8sd` functionality we have the cluster manager that is responsible for configuring the services, workload and features we deem @@ -104,7 +105,7 @@ This functionality is exposed via the following interfaces: Canonical `k8s` Charms encompass two primary components: the [`k8s` charm][K8s charm] and the [`k8s-worker` charm][K8s-worker charm]. -![cluster1][] +![cluster4][] Charms are instantiated on a machine as a Juju unit, and a collection of units constitutes an application. Both `k8s` and `k8s-worker` units are responsible @@ -139,9 +140,9 @@ and flexible {{product}} deployment managed through Juju. [cluster1]: https://assets.ubuntu.com/v1/dfc43753-cluster1.svg -[cluster2]: https://assets.ubuntu.com/v1/0e486a5d-cluster2.svg -[cluster3]: https://assets.ubuntu.com/v1/24fd1773-cluster3.svg +[cluster2]: https://assets.ubuntu.com/v1/f634743e-k8sd.svg [cluster4]: https://assets.ubuntu.com/v1/24fd1773-cluster4.svg +[cluster5]: https://assets.ubuntu.com/v1/bcfe150f-overview.svg [C4 model]: https://c4model.com/ From 81bb027b3947d9656aacbc092ec6cecbe89b7a58 Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Fri, 15 Nov 2024 10:22:45 -0500 Subject: [PATCH 101/122] [Docs] How to use cloud storage (#794) --- .../assets/how-to-cloud-storage-aws-ccm.yaml | 170 ++++++ docs/src/snap/howto/storage/cloud.md | 496 ++++++++++++++++++ docs/src/snap/howto/storage/index.md | 3 +- 3 files changed, 668 insertions(+), 1 deletion(-) create mode 100644 docs/src/assets/how-to-cloud-storage-aws-ccm.yaml create mode 100644 docs/src/snap/howto/storage/cloud.md diff --git a/docs/src/assets/how-to-cloud-storage-aws-ccm.yaml b/docs/src/assets/how-to-cloud-storage-aws-ccm.yaml new file mode 100644 index 000000000..fa6dc3cb9 --- /dev/null +++ b/docs/src/assets/how-to-cloud-storage-aws-ccm.yaml @@ -0,0 +1,170 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: aws-cloud-controller-manager + namespace: kube-system + labels: + k8s-app: aws-cloud-controller-manager +spec: + selector: + matchLabels: + k8s-app: aws-cloud-controller-manager + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + k8s-app: aws-cloud-controller-manager + spec: + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + effect: NoSchedule + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + serviceAccountName: cloud-controller-manager + containers: + - name: aws-cloud-controller-manager + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.3 + args: + - --v=2 + - --cloud-provider=aws + - --use-service-account-credentials=true + - --configure-cloud-routes=false + resources: + requests: + cpu: 200m + hostNetwork: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-controller-manager + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cloud-controller-manager:apiserver-authentication-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:cloud-controller-manager +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - '*' +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +- apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - watch + - update +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager +subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system diff --git a/docs/src/snap/howto/storage/cloud.md b/docs/src/snap/howto/storage/cloud.md new file mode 100644 index 000000000..920b297dc --- /dev/null +++ b/docs/src/snap/howto/storage/cloud.md @@ -0,0 +1,496 @@ +# How to use cloud storage + +{{product}} simplifies the process of integrating and managing cloud storage +solutions like Amazon EBS. This guide provides steps to configure IAM policies, +deploy the cloud controller manager, and set up the necessary drivers for you +to take advantage of cloud storage solutions in the context of Kubernetes. + +## What you'll need + +This guide is for AWS and assumes the following: + +- You have root or sudo access to an Amazon EC2 instance +- You can create roles and policies in AWS + + +## Set IAM Policies + +Your instance will need a few IAM policies to be able to communciate with the +AWS APIs. The policies provided here are quite open and should be scoped down +based on your security requirements. + +You will most likely want to create a role for your instance. You can call this +role "k8s-control-plane" or "k8s-worker". Then, define and attach the following +policies to the role. Once the role is created with the required policies, +attach the role to the instance. + +For a control plane node: + +```{dropdown} Control Plane Policies +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeTags", + "ec2:DescribeInstances", + "ec2:DescribeRegions", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:DescribeAvailabilityZones", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyVolume", + "ec2:AttachVolume", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateRoute", + "ec2:DeleteRoute", + "ec2:DeleteSecurityGroup", + "ec2:DeleteVolume", + "ec2:DetachVolume", + "ec2:RevokeSecurityGroupIngress", + "ec2:DescribeVpcs", + "ec2:DescribeInstanceTopology", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:AttachLoadBalancerToSubnets", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateLoadBalancerPolicy", + "elasticloadbalancing:CreateLoadBalancerListeners", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteLoadBalancerListeners", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DetachLoadBalancerFromSubnets", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", + "iam:CreateServiceLinkedRole", + "kms:DescribeKey" + ], + "Resource": [ + "*" + ] + } + ] +} +``` + +For a worker node: + +```{dropdown} Worker Policies +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeInstances", + "ec2:DescribeRegions", + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:DescribeRepositories", + "ecr:ListImages", + "ecr:BatchGetImage" + ], + "Resource": "*" + } + ] +} +``` + +## Add a tag to your EC2 Instance + +A cluster using the AWS cloud provider needs to label existing nodes and +resources with a ClusterID or the kube-controller-manager will not start. Add +the following tag to your instance, making sure to replace the placeholder id +with your own (this can simply be "k8s" or "my-k8s-cluster"). + +``` +kubernetes.io/cluster/=owned +``` + +## Set your host name + +The cloud controller manager uses the node name to correctly associate the node +with an EC2 instance. In {{product}}, the node name is derived from the +hostname of the machine. Therefore, before bootstrapping the cluster, you must +first set an appropriate host name. + +```bash +echo "$(sudo cloud-init query ds.meta_data.local-hostname)" | sudo tee /etc/hostname +``` + +Then, reboot the machine. + +```bash +sudo reboot +``` + +When the machine is up, use `hostname -f` to check the host name. It should +look like: + +```bash +ip-172-31-11-86.us-east-2.compute.internal +``` + +This host name format is called IP-based naming and is specific to AWS. + + +## Bootstrap {{product}} + +Now that your machine has an appropriate host name, you are ready to bootstrap +{{product}}. + +First, create a bootstrap configuration file that sets the cloud-provider +configuration to "external". + +```bash +echo "cluster-config: + cloud-provider: external" > bootstrap-config.yaml +``` + +Then, bootstrap the cluster: + +```bash +sudo k8s bootstrap --file ./bootstrap-config.yaml +sudo k8s status --wait-ready +``` + +## Deploy the cloud controller manager + +Now that you have an appropriate host name, policies, and a {{product}} +cluster, you have everything you need to deploy the cloud controller manager. + +Here is a YAML definition file that sets appropriate defaults for you, it +configures the necessary service accounts, roles, and daemonsets: + +```{dropdown} CCM deployment manifest +```yaml +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: aws-cloud-controller-manager + namespace: kube-system + labels: + k8s-app: aws-cloud-controller-manager +spec: + selector: + matchLabels: + k8s-app: aws-cloud-controller-manager + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + k8s-app: aws-cloud-controller-manager + spec: + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + effect: NoSchedule + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + serviceAccountName: cloud-controller-manager + containers: + - name: aws-cloud-controller-manager + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.3 + args: + - --v=2 + - --cloud-provider=aws + - --use-service-account-credentials=true + - --configure-cloud-routes=false + resources: + requests: + cpu: 200m + hostNetwork: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-controller-manager + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cloud-controller-manager:apiserver-authentication-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:cloud-controller-manager +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - '*' +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +- apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - watch + - update +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager +subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system +``` + +You can apply the CCM manifest easily by running the following command: + +```bash +sudo k8s kubectl apply -f https://raw.githubusercontent.com/canonical/k8s-snap/main/docs/src/assets/how-to-cloud-storage-aws-ccm.yaml +``` + +After a moment, you should see the cloud controller manager pod was +successfully deployed. + +```bash +NAME READY STATUS RESTARTS AGE +aws-cloud-controller-manager-ndbtq 1/1 Running 1 (3h51m ago) 9h +``` + +## Deploy the EBS CSI Driver + +Now that the cloud controller manager is deployed and can communicate with AWS, +you are ready to deploy the EBS CSI driver. The easiest way to deploy the +driver is with the Helm chart. Luckily, {{product}} has a built-in Helm +command. + +If you want to create encrypted drives, you need to add the statement to the +policy you are using for the instance. + +```json +{ + "Effect": "Allow", + "Action": [ + "kms:Decrypt", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:CreateGrant" + ], + "Resource": "*" +} +``` + +Then, add the Helm repo for the EBS CSI Driver. + +```bash +sudo k8s helm repo add aws-ebs-csi-driver https://kubernetes-sigs.github.io/aws-ebs-csi-driver +sudo k8s helm repo update +``` + +Finally, install the Helm chart, making sure to set the correct region as an +argument. + +```bash +sudo k8s helm upgrade --install aws-ebs-csi-driver \ + --namespace kube-system \ + aws-ebs-csi-driver/aws-ebs-csi-driver \ + --set controller.region= +``` + +Once the command completes, you can verify the pods are successfully deployed: + +```bash +kubectl get pods -n kube-system -l app.kubernetes.io/name=aws-ebs-csi-driver +``` + +```bash +NAME READY STATUS RESTARTS AGE +ebs-csi-controller-78bcd46cf8-5zk8q 5/5 Running 2 (3h48m ago) 8h +ebs-csi-controller-78bcd46cf8-g7l5h 5/5 Running 1 (3h48m ago) 8h +ebs-csi-node-nx6rg 3/3 Running 0 9h +``` + +The status of all pods should be "Running". + +## Deploy a workload + +Everything is in place for you to deploy a workload that dynamically creates +and uses an EBS volume. + +First, create a StorageClass and a PersistentVolumeClaim: + +``` +sudo k8s kubectl apply -f - < Volumes` page in AWS, you should see a 10Gi gp3 volume. diff --git a/docs/src/snap/howto/storage/index.md b/docs/src/snap/howto/storage/index.md index 43728a9ba..f79732d4d 100644 --- a/docs/src/snap/howto/storage/index.md +++ b/docs/src/snap/howto/storage/index.md @@ -14,4 +14,5 @@ default storage built-in to {{product}}. Use default storage Use Ceph storage -``` \ No newline at end of file +Use cloud storage +``` From 79f3145c038b1b5901264720a1c06daf0969517d Mon Sep 17 00:00:00 2001 From: Niamh Hennigan Date: Fri, 15 Nov 2024 12:02:30 -0800 Subject: [PATCH 102/122] Spellcheck fixes (#749) Corrected typos in docs and created more extensive custom_wordslist change spellcheck to manual launch rather than on every pull request --- .github/workflows/docs-spelling-checks.yml | 28 +- docs/moonray/.custom_wordlist.txt | 266 ++++++++++++++++++ docs/src/.custom_wordlist.txt | 218 +++++++++++++- docs/src/_parts/bootstrap_config.md | 2 +- docs/src/capi/explanation/capi-ck8s.md | 6 +- docs/src/capi/howto/custom-ck8s.md | 4 +- docs/src/capi/howto/external-etcd.md | 6 +- docs/src/capi/howto/migrate-management.md | 2 +- docs/src/capi/index.md | 1 - docs/src/capi/reference/configs.md | 8 +- docs/src/capi/tutorial/getting-started.md | 2 +- docs/src/charm/howto/charm.md | 2 +- docs/src/charm/howto/contribute.md | 2 +- docs/src/charm/howto/cos-lite.md | 14 +- docs/src/charm/howto/install-lxd.md | 2 +- docs/src/charm/howto/proxy.md | 2 +- docs/src/charm/index.md | 2 - docs/src/charm/reference/charms.md | 4 +- docs/src/snap/explanation/certificates.md | 2 +- docs/src/snap/explanation/clustering.md | 4 +- docs/src/snap/explanation/epa.md | 16 +- docs/src/snap/explanation/ingress.md | 2 +- docs/src/snap/explanation/security.md | 16 +- docs/src/snap/howto/backup-restore.md | 4 +- docs/src/snap/howto/cis-hardening.md | 2 +- docs/src/snap/howto/contribute.md | 2 +- docs/src/snap/howto/epa.md | 44 +-- docs/src/snap/howto/external-datastore.md | 2 +- docs/src/snap/howto/install/lxd.md | 2 +- docs/src/snap/howto/install/multipass.md | 23 +- docs/src/snap/howto/install/offline.md | 6 +- .../snap/howto/networking/default-ingress.md | 4 +- .../howto/networking/default-loadbalancer.md | 7 +- docs/src/snap/howto/networking/dualstack.md | 2 +- docs/src/snap/howto/networking/ipv6.md | 2 +- docs/src/snap/howto/networking/proxy.md | 2 +- docs/src/snap/howto/restore-quorum.md | 2 +- docs/src/snap/howto/storage/ceph.md | 26 +- docs/src/snap/howto/two-node-ha.md | 10 +- docs/src/snap/index.md | 1 - docs/src/snap/reference/annotations.md | 4 +- docs/src/snap/reference/architecture.md | 2 +- docs/src/snap/reference/certificates.md | 4 +- .../control-plane-join-config-reference.md | 2 +- docs/src/snap/reference/releases.md | 2 +- docs/src/snap/reference/roadmap.md | 2 +- docs/src/snap/reference/troubleshooting.md | 6 +- .../reference/worker-join-config-reference.md | 2 +- docs/src/snap/tutorial/add-remove-nodes.md | 4 +- docs/tools/.custom_wordlist.txt | 204 +++++++++++++- 50 files changed, 834 insertions(+), 150 deletions(-) diff --git a/.github/workflows/docs-spelling-checks.yml b/.github/workflows/docs-spelling-checks.yml index 96bfa636f..d4f4f9da1 100644 --- a/.github/workflows/docs-spelling-checks.yml +++ b/.github/workflows/docs-spelling-checks.yml @@ -2,9 +2,9 @@ name: Documentation Spelling Check on: workflow_dispatch: - pull_request: - paths: - - 'docs/**' + # pull_request: + # paths: + # - 'docs/**' jobs: spell-check: @@ -16,15 +16,15 @@ jobs: - id: spell-check name: Spell Check run: make spelling - working-directory: docs/tools + working-directory: docs/canonicalk8s continue-on-error: true - - if: ${{ github.event_name == 'pull_request' && steps.spell-check.outcome == 'failure' }} - uses: actions/github-script@v6 - with: - script: | - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: 'Hi, looks like pyspelling job found some issues, you can check it [here](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})' - }) + # - if: ${{ github.event_name == 'pull_request' && steps.spell-check.outcome == 'failure' }} + # uses: actions/github-script@v6 + # with: + # script: | + # github.rest.issues.createComment({ + # issue_number: context.issue.number, + # owner: context.repo.owner, + # repo: context.repo.repo, + # body: 'Hi, looks like pyspelling job found some issues, you can check it [here](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})' + # }) diff --git a/docs/moonray/.custom_wordlist.txt b/docs/moonray/.custom_wordlist.txt index e69de29bb..40495c3f4 100644 --- a/docs/moonray/.custom_wordlist.txt +++ b/docs/moonray/.custom_wordlist.txt @@ -0,0 +1,266 @@ +adapter's +adapters +allocatable +allocator +AlwaysPullImages +api +apiserver +apparmor +AppArmor +args +ARP +asn +ASN +autostart +autosuspend +aws +backend +backported +balancers +benoitblanchon +bgp +BGP +bootloader +CABPCK +CACPCK +capi +CAPI +CAs +Center +ceph +Ceph +cephcsi +cephx +cgroup +cgroups +cidr +CIDR +cidrs +CIDRs +CK8sControlPlane +CLI +CLIs +CloudFormation +ClusterAPI +clusterctl +ClusterRole +ClusterRoleBinding +CMK +CNI +Commenter +config +configMap +ConfigMap +containerd +CoreDNS +Corosync +CPUs +cpuset +crt +csi +CSI +CSRs +cyclictest +daemonset +DaemonSet +datastore +datastores +dbus +de +deallocation +deployable +discoverable +DMA +dns +DNS +DPDK +DRBD +drv +dqlite +EAL +EasyRSA +enp +enum +etcd +EventRateLimit +failover +gapped +GCP +ghcr +Gi +github +GPLv +Graber +Graber's +grafana +haircommander +Harbor +hostname +hostpath +HPC +html +http +https +HugePage +HugePages +iavf +init +initialise +integrations +io +IOMMU +IOV +ip +IPv +IPv4 +IPv6 +IRQs +Jinja +jitter +juju +Juju's +KMS +kube +kube-apiserver +kube-controller-manager +kube-proxy +kube-scheduler +kube-system +kubeconfig +kubectl +kubelet +kubepods +kubernetes +latencies +Latencies +libcontainer +lifecycle +linux +Lite's +LoadBalancer +localhost +Lookaside +lookups +loopback +LPM +lxc +LxcSecurity +LXD +MAAS +macOS +Maskable +MCE +MetalLB +Microbot +MicroCluster +MicroK +MicroK8s +MinIO +modprobe +Moonray +mq +mtu +MTU +multicast +MULTICAST +Multipass +Multus +nameservers +Netplan +NetworkAttachmentDefinition +NFD +NFV +nginx +NGINX +NIC +NMI +nodeport +nohz +NUMA +numactl +OCI +OOM +OpenStack +OSDs +ParseDuration +passthrough +passwordless +pci +PEM +performant +PID +PMD +PMDs +PPA +proc +programmatically +provisioner +PRs +PV +qdisc +qlen +QoS +RADOS +rbac +RBAC +RBD +rc +RCU +README +regctl +regsync +roadmap +Rockcraft +rollout +runtimes +rw +sandboxed +SANs +scalable +SCHED +sControlPlane +sd +SELinux +ServiceAccount +Snapcraft +snapd +SR-IOV +stackexchange +stgraber +STONITH +StorageClass +sudo +sys +systemd +taskset +Telco +throughs +tickless +TLB +tls +TLS +toml +TSC +TTL +ttyS +ubuntu +unix +unschedulable +unsquashed +Velero +vf +VF +vfio +VFIO +VFs +virtualised +VLAN +VMs +VMware +VNFs +VPCs +VSphere +WIP +www +yaml +YAMLs diff --git a/docs/src/.custom_wordlist.txt b/docs/src/.custom_wordlist.txt index 7893c42d2..cde8f16bf 100644 --- a/docs/src/.custom_wordlist.txt +++ b/docs/src/.custom_wordlist.txt @@ -1,66 +1,280 @@ +adapter's +adapters +allocatable +allocator +AlwaysPullImages +api apiserver apparmor AppArmor +args +ARP +asn +ASN autostart +autosuspend aws +backend +backported +balancers +benoitblanchon +bgp +BGP +bootloader +BPF +CABPCK +CACPCK +capi CAPI +CAs +Center +ceph Ceph +cephcsi +cephx cgroup -CIDRS +cgroups +cidr +CIDR +cidrs CIDRs +CIS +CK8sControlPlane +CLI +CLIs +CloudFormation +ClusterAPI +clusterctl +ClusterRole +ClusterRoleBinding +CMK CNI +Commenter config +configMap +ConfigMap containerd CoreDNS +Corosync CPUs cpuset +crt +csi +CSI +CSRs +cyclictest daemonset +DaemonSet datastore +datastores dbus +de +deallocation +deployable +discoverable +DMA +dns DNS +DPDK +DRBD +drv dqlite +EAL EasyRSA +eBPF +enp +enum etcd +eth +EventRateLimit +ExternalIP +failover +gapped GCP ghcr +Gi +github +GPLv +Graber +Graber's grafana +haircommander +Harbor +hostname +hostpath +HPC html http https +HugePage +HugePages +iavf +init initialise +integrations +InternalIP +io +IOMMU +IOV +ip +IPIP +IPIPCrossSubnet +IPv +IPv4 +IPv6 +IRQs +Jinja +jitter juju +Juju's +KMS +kube +kube-apiserver +kube-controller-manager +kube-proxy +kube-scheduler +kube-system kubeconfig kubectl kubelet kubepods kubernetes +latencies +Latencies libcontainer lifecycle linux +Lite's +LoadBalancer localhost +Lookaside +lookups +loopback +LPM lxc +LxcSecurity LXD MAAS +macOS +Maskable +MCE +MetalLB +Microbot +MicroCluster +MicroK +MicroK8s +MinIO +modprobe +Moonray +mq +mtu +MTU +multicast +MULTICAST Multipass +Multus nameservers +Netplan +NetworkAttachmentDefinition +NFD +NFV +nginx NGINX +NIC +NMI +NodeInternalIP +nodeport +nohz +NUMA +numactl OCI +OOM OpenStack +OSDs +ParseDuration +passthrough +passwordless +pci +PEM +performant +PID +PMD +PMDs +PPA proc +programmatically +provisioner +PRs +PV +qdisc +qlen +QoS +RADOS +rbac RBAC +RBD +rc +RCU +README +regctl regsync roadmap Rockcraft +rollout +Runtime +runtimes rw +sandboxed +SANs +scalable +SCHED +sControlPlane +sd +SELinux +ServiceAccount +Snapcraft snapd +SR-IOV +src stackexchange +stgraber +STONITH +StorageClass +sudo sys systemd +taskset +Telco +throughs +tickless +TLB +tls TLS +toml +TSC +TTL +ttyS ubuntu unix +unschedulable +unsquashed +Velero +vf +VF +vfio +VFIO +VFs +virtualised +VLAN +VLANs VMs -VMWare +VMware +VNFs +VPCs VSphere +VXLAN +VXLANCrossSubnet +WIP www yaml +YAMLs diff --git a/docs/src/_parts/bootstrap_config.md b/docs/src/_parts/bootstrap_config.md index b1ed6f477..6594f10ae 100644 --- a/docs/src/_parts/bootstrap_config.md +++ b/docs/src/_parts/bootstrap_config.md @@ -189,7 +189,7 @@ If omitted defaults to `true`. Sets the cloud provider to be used by the cluster. When this is set as `external`, node will wait for an external cloud provider to -do cloud specific setup and finish node initialization. +do cloud specific setup and finish node initialisation. Possible values: `external`. diff --git a/docs/src/capi/explanation/capi-ck8s.md b/docs/src/capi/explanation/capi-ck8s.md index 10b0e0674..5ba3487b3 100644 --- a/docs/src/capi/explanation/capi-ck8s.md +++ b/docs/src/capi/explanation/capi-ck8s.md @@ -3,7 +3,7 @@ ClusterAPI (CAPI) is an open-source Kubernetes project that provides a declarative API for cluster creation, configuration, and management. It is designed to automate the creation and management of Kubernetes clusters in -various environments, including on-premises data centers, public clouds, and +various environments, including on-premises data centres, public clouds, and edge devices. CAPI abstracts away the details of infrastructure provisioning, networking, and @@ -60,8 +60,8 @@ clusters. As a result, the provisioned clusters are referred to as workload clusters. Typically, the management cluster runs in a separate environment from the -clusters it manages, such as a public cloud or an on-premises data center. It -serves as a centralized location for managing the configuration, policies, and +clusters it manages, such as a public cloud or an on-premises data centre. It +serves as a centralised location for managing the configuration, policies, and security of multiple managed clusters. By leveraging the management cluster, users can easily create and manage a fleet of Kubernetes clusters in a consistent and repeatable manner. diff --git a/docs/src/capi/howto/custom-ck8s.md b/docs/src/capi/howto/custom-ck8s.md index d81191980..ba3a1d0fe 100644 --- a/docs/src/capi/howto/custom-ck8s.md +++ b/docs/src/capi/howto/custom-ck8s.md @@ -1,6 +1,6 @@ # Install custom {{product}} on machines -By default, the `version` field in the machine specifications will determine which {{product}} is downloaded from the `stable` rist level. While you can install different versions of the `stable` risk level by changing the `version` field, extra steps should be taken if you're willing to install a specific risk level. +By default, the `version` field in the machine specifications will determine which {{product}} is downloaded from the `stable` risk level. While you can install different versions of the `stable` risk level by changing the `version` field, extra steps should be taken if you're willing to install a specific risk level. This guide walks you through the process of installing custom {{product}} on workload cluster machines. ## Prerequisites @@ -13,7 +13,7 @@ To follow this guide, you will need: Please refer to the [getting-started guide][getting-started] for further details on the required setup. -In this guide we call the generated cluster spec manifrst `cluster.yaml`. +In this guide we call the generated cluster spec manifest `cluster.yaml`. ## Overwrite the existing `install.sh` script diff --git a/docs/src/capi/howto/external-etcd.md b/docs/src/capi/howto/external-etcd.md index f6509fb22..a77600c68 100644 --- a/docs/src/capi/howto/external-etcd.md +++ b/docs/src/capi/howto/external-etcd.md @@ -9,7 +9,7 @@ with an external etcd. To follow this guide, you will need: -- [Clusterctl][clusterctl] installed +- [clusterctl][clusterctl] installed - A CAPI management cluster initialised with the infrastructure, bootstrap and control plane providers of your choice. Please refer to the [getting-started guide][getting-started] for instructions. @@ -78,7 +78,7 @@ kubectl get secrets ## Update etcd cluster template -Please refer to [capi-templates][capi-templates] for the latest templates. +Please refer to [CAPI-templates][CAPI-templates] for the latest templates. Update the control plane resource `CK8sControlPlane` so that it is configured to store the Kubernetes state in etcd. Add the following additional configuration to the cluster template `cluster-template.yaml`: @@ -120,5 +120,5 @@ clusterctl describe cluster peaches ``` [getting-started]: ../tutorial/getting-started.md -[capi-templates]: https://github.com/canonical/cluster-api-k8s/tree/main/templates +[CAPI-templates]: https://github.com/canonical/cluster-api-k8s/tree/main/templates [clusterctl]: https://cluster-api.sigs.k8s.io/clusterctl/overview diff --git a/docs/src/capi/howto/migrate-management.md b/docs/src/capi/howto/migrate-management.md index 11a1474f3..f902a0731 100644 --- a/docs/src/capi/howto/migrate-management.md +++ b/docs/src/capi/howto/migrate-management.md @@ -1,4 +1,4 @@ -# Migrate the managment cluster +# Migrate the management cluster Management cluster migration is a really powerful operation in the cluster’s lifecycle as it allows admins to move the management cluster in a more reliable substrate or perform maintenance tasks without disruptions. diff --git a/docs/src/capi/index.md b/docs/src/capi/index.md index 4190229b6..87b56a3ab 100644 --- a/docs/src/capi/index.md +++ b/docs/src/capi/index.md @@ -10,7 +10,6 @@ Overview :titlesonly: :glob: :caption: Deploy with Cluster API -Overview tutorial/index.md howto/index.md explanation/index.md diff --git a/docs/src/capi/reference/configs.md b/docs/src/capi/reference/configs.md index a304f68c1..870d240f9 100644 --- a/docs/src/capi/reference/configs.md +++ b/docs/src/capi/reference/configs.md @@ -108,7 +108,7 @@ spec: **Required:** no -`airGapped` is used to signal that we are deploying to an airgap environment. In this case, the provider will not attempt to install k8s-snap on the machine. The user is expected to install k8s-snap manually with [`preRunCommands`](#preruncommands), or provide an image with k8s-snap pre-installed. +`airGapped` is used to signal that we are deploying to an air-gapped environment. In this case, the provider will not attempt to install k8s-snap on the machine. The user is expected to install k8s-snap manually with [`preRunCommands`](#preruncommands), or provide an image with k8s-snap pre-installed. **Example Usage:** ```yaml @@ -121,7 +121,7 @@ spec: **Required:** no -`initConfig` is configuration for the initializing the cluster features +`initConfig` is configuration for the initialising the cluster features **Fields:** @@ -193,8 +193,8 @@ spec: | `datastoreType` | `string` | The type of datastore to use for the control plane. | `""` | | `datastoreServersSecretRef` | `struct{name:str, key:str}` | A reference to a secret containing the datastore servers. | `{}` | | `k8sDqlitePort` | `int` | The port to use for k8s-dqlite. If unset, 2379 (etcd) will be used. | `2379` | -| `microclusterAddress` | `string` | The address (or CIDR) to use for microcluster. If unset, the default node interface is chosen. | `""` | -| `microclusterPort` | `int` | The port to use for microcluster. If unset, ":2380" (etcd peer) will be used. | `":2380"` | +| `microclusterAddress` | `string` | The address (or CIDR) to use for MicroCluster. If unset, the default node interface is chosen. | `""` | +| `microclusterPort` | `int` | The port to use for MicroCluster. If unset, ":2380" (etcd peer) will be used. | `":2380"` | | `extraKubeAPIServerArgs` | `map[string]string` | Extra arguments to add to kube-apiserver. | `map[]` | **Example Usage:** diff --git a/docs/src/capi/tutorial/getting-started.md b/docs/src/capi/tutorial/getting-started.md index 8f5554b19..71a8f823a 100644 --- a/docs/src/capi/tutorial/getting-started.md +++ b/docs/src/capi/tutorial/getting-started.md @@ -170,7 +170,7 @@ provision. You can generate a cluster manifest for a selected set of commonly used infrastructures via templates provided by the {{product}} team. -Ensure you have initialized the desired infrastructure provider and fetch +Ensure you have initialised the desired infrastructure provider and fetch the {{product}} provider repository: ``` diff --git a/docs/src/charm/howto/charm.md b/docs/src/charm/howto/charm.md index 5b85f6b62..06c609c9e 100644 --- a/docs/src/charm/howto/charm.md +++ b/docs/src/charm/howto/charm.md @@ -9,7 +9,7 @@ This guide assumes the following: - The rest of this page assumes you already have Juju installed and have added [credentials] for a cloud and bootstrapped a controller. -- If you still need to do this, please take a look at the quickstart +- If you still need to do this, please take a look at the quick-start instructions, or, for custom clouds (OpenStack, MAAS), please consult the [Juju documentation][juju]. - You are not using the Juju 'localhost' cloud (see [localhost diff --git a/docs/src/charm/howto/contribute.md b/docs/src/charm/howto/contribute.md index eda251301..dff142dca 100644 --- a/docs/src/charm/howto/contribute.md +++ b/docs/src/charm/howto/contribute.md @@ -88,7 +88,7 @@ it on the [Diátaxis website]. In essence though, this guides the way we categorise and write our documentation. You can see there are four main categories of documentation: -- **Tutorials** for guided walkthroughs +- **Tutorials** for guided walk-throughs - **How to** pages for specific tasks and goals - **Explanation** pages which give background reasons and, well, explanations - **Reference**, where you will find the commands, the roadmap, etc. diff --git a/docs/src/charm/howto/cos-lite.md b/docs/src/charm/howto/cos-lite.md index 80efeebe3..97838e42a 100644 --- a/docs/src/charm/howto/cos-lite.md +++ b/docs/src/charm/howto/cos-lite.md @@ -28,7 +28,7 @@ juju add-model --config logging-config='=DEBUG' microk8s-ubuntu We also set the logging level to DEBUG so that helpful debug information is shown when you use `juju debug-log` (see [juju debug-log][juju-debug-log]). -Use the Ubuntu charm to deploy an application named “microk8s”: +Use the Ubuntu charm to deploy an application named `microk8s`: ``` juju deploy ubuntu microk8s --series=focal --constraints="mem=8G cores=4 root-disk=30G" @@ -36,13 +36,13 @@ juju deploy ubuntu microk8s --series=focal --constraints="mem=8G cores=4 root-di Deploy MicroK8s on Ubuntu by accessing the unit you created at the last step with `juju ssh microk8s/0` and following the -[Install Microk8s][how-to-install-microk8s] guide for configuration. +[Install MicroK8s][how-to-install-MicroK8s] guide for configuration. ```{note} Make sure to enable the hostpath-storage and MetalLB addons for -Microk8s. +MicroK8s. ``` -Export the Microk8s kubeconfig file to your current directory after +Export the MicroK8s kubeconfig file to your current directory after configuration: ``` @@ -57,9 +57,9 @@ command): KUBECONFIG=microk8s-config.yaml juju add-k8s microk8s-cloud ``` -## Deploying COS Lite on the Microk8s cloud +## Deploying COS Lite on the MicroK8s cloud -On the Microk8s cloud, create a new model and deploy the `cos-lite` bundle: +On the MicroK8s cloud, create a new model and deploy the `cos-lite` bundle: ``` juju add-model cos-lite microk8s-cloud @@ -145,4 +145,4 @@ you can head over to the [COS Lite documentation][cos-lite-docs]. [juju-models]: https://juju.is/docs/juju/model [juju-debug-log]: https://juju.is/docs/juju/juju-debug-log [cross-model-integration]: https://juju.is/docs/juju/relation#heading--cross-model -[how-to-install-microk8s]: https://microk8s.io/docs/getting-started \ No newline at end of file +[how-to-install-MicroK8s]: https://microk8s.io/docs/getting-started \ No newline at end of file diff --git a/docs/src/charm/howto/install-lxd.md b/docs/src/charm/howto/install-lxd.md index 9d3b96605..99a41b7e1 100644 --- a/docs/src/charm/howto/install-lxd.md +++ b/docs/src/charm/howto/install-lxd.md @@ -24,7 +24,7 @@ profiles by running the command: lxc profile list ``` -For example, suppose we have created a model called 'myk8s'. This will +For example, suppose we have created a model called `myk8s`. This will output a table like this: ``` diff --git a/docs/src/charm/howto/proxy.md b/docs/src/charm/howto/proxy.md index 7a514dee9..8a57c4fc7 100644 --- a/docs/src/charm/howto/proxy.md +++ b/docs/src/charm/howto/proxy.md @@ -1,6 +1,6 @@ # Configuring proxy settings for K8s -{{product}} packages a number of utilities (eg curl, helm) which need +{{product}} packages a number of utilities (for example curl, helm) which need to fetch resources they expect to find on the internet. In a constrained network environment, such access is usually controlled through proxies. diff --git a/docs/src/charm/index.md b/docs/src/charm/index.md index bca4b8833..83f34fe72 100644 --- a/docs/src/charm/index.md +++ b/docs/src/charm/index.md @@ -9,8 +9,6 @@ Overview :hidden: :titlesonly: :caption: Deploy with Juju - -Overview tutorial/index.md howto/index.md explanation/index.md diff --git a/docs/src/charm/reference/charms.md b/docs/src/charm/reference/charms.md index cac6f1949..eb889da5e 100644 --- a/docs/src/charm/reference/charms.md +++ b/docs/src/charm/reference/charms.md @@ -24,7 +24,7 @@ The source code for both charms is contained in a single repository: [https://github.com/canonical/k8s-operator][repo] -Please see the [readme file][] there for further specifics of the charm +Please see the [README file][] there for further specifics of the charm implementation. @@ -32,5 +32,5 @@ implementation. [explaining channels]: ../explanation/channels [cs-k8s]: https://charmhub.io/k8s [cs-k8s-worker]: https://charmhub.io/k8s-worker -[readme file]: https://github.com/canonical/k8s-operator#readme +[README file]: https://github.com/canonical/k8s-operator#readme [repo]: https://github.com/canonical/k8s-operator \ No newline at end of file diff --git a/docs/src/snap/explanation/certificates.md b/docs/src/snap/explanation/certificates.md index 5417bb13b..63ee334b6 100644 --- a/docs/src/snap/explanation/certificates.md +++ b/docs/src/snap/explanation/certificates.md @@ -3,7 +3,7 @@ Certificates are a crucial part of Kubernetes' security infrastructure, serving to authenticate and secure communication within the cluster. They play a key role in ensuring that communication between various components (such as the -API server, kubelets, and the datastore) is both encrypted and restricted to +API server, kubelet, and the datastore) is both encrypted and restricted to authorised components only. In Kubernetes, [X.509][] certificates are primarily used for diff --git a/docs/src/snap/explanation/clustering.md b/docs/src/snap/explanation/clustering.md index caa2539e8..374c46d66 100644 --- a/docs/src/snap/explanation/clustering.md +++ b/docs/src/snap/explanation/clustering.md @@ -24,7 +24,7 @@ This is the overview of a {{product}} cluster: `k8sd` plays a vital role in the {{product}} architecture, enhancing the functionality of both the Control Plane and Worker nodes through the use -of [microcluster]. This component simplifies cluster management tasks, such as +of [MicroCluster]. This component simplifies cluster management tasks, such as adding or removing nodes and integrating them into the cluster. It also manages essential features like DNS and networking within the cluster, streamlining the entire process for a more efficient operation. @@ -75,4 +75,4 @@ entire life-cycle. Their components include: [Kubernetes Components]: https://kubernetes.io/docs/concepts/overview/components/ -[microcluster]: https://github.com/canonical/microcluster +[MicroCluster]: https://github.com/canonical/microcluster diff --git a/docs/src/snap/explanation/epa.md b/docs/src/snap/explanation/epa.md index 616da784f..8d3786991 100644 --- a/docs/src/snap/explanation/epa.md +++ b/docs/src/snap/explanation/epa.md @@ -19,7 +19,7 @@ capabilities. This document provides a detailed guide of how EPA applies to - **NUMA topology awareness**: Ensures that CPU and memory allocation are aligned according to the NUMA architecture, reducing memory latency and increasing performance for memory-intensive applications. -- **Single Root I/O Virtualization (SR-IOV)**: Enhances networking by enabling +- **Single Root I/O Virtualisation (SR-IOV)**: Enhances networking by enabling virtualisation of a single physical network device into multiple virtual devices. - **DPDK (Data Plane Development Kit)**: A set of libraries and drivers for @@ -92,19 +92,19 @@ are the key architectural components and their roles: (e.g., Prometheus, Grafana) to monitor and visualise HugePages usage across the cluster. This helps in tracking resource utilisation and performance. Metrics can include HugePages allocation, usage and availability on each - node, aiding in capacity planning and optimization. + node, aiding in capacity planning and optimisation. ## Real-time kernel A real-time kernel ensures that high-priority tasks are run within a -predictable timeframe, crucial for applications requiring low latency and high +predictable time frame, crucial for applications requiring low latency and high determinism. Note that this can also impede applications which were not designed with these considerations. ### Key features - **Predictable task execution**: A real-time kernel ensures that - high-priority tasks are run within a predictable and bounded timeframe, + high-priority tasks are run within a predictable and bounded time frame, reducing the variability in task execution time. - **Low latency**: The kernel is optimised to minimise the time it takes to respond to high-priority tasks, which is crucial for applications that @@ -115,7 +115,7 @@ designed with these considerations. - **Deterministic behaviour**: The kernel guarantees deterministic behaviour, meaning the same task will have the same response time every time it is run, essential for time-sensitive applications. -- **Pre-emption:** The real-time kernel supports preemptive multitasking, +- **Preemption:** The real-time kernel supports preemptive multitasking, allowing high-priority tasks to interrupt lower-priority tasks to ensure critical tasks are run without delay. - **Resource reservation**: System resources (such as CPU and memory) can be @@ -361,7 +361,7 @@ architectural components and their roles: configuring kernel parameters and using tools like `numactl` to bind processes to specific NUMA nodes. -## SR-IOV (Single Root I/O Virtualization) +## SR-IOV (Single Root I/O Virtualisation) SR-IOV enables a single physical network device to appear as multiple separate virtual devices. This can be beneficial for network-intensive applications that @@ -394,7 +394,7 @@ require direct access to the network hardware. - **Kubernetes integration**: Kubernetes supports SR-IOV through the use of network device plugins, enabling the automatic discovery, allocation, and management of virtual functions. -- **Compatibility with Network Functions Virtualization (NFV)**: SR-IOV is +- **Compatibility with Network Functions Virtualisation (NFV)**: SR-IOV is widely used in NFV deployments to meet the high-performance networking requirements of virtual network functions (VNFs), such as firewalls, routers and load balancers. @@ -404,7 +404,7 @@ require direct access to the network hardware. ### Application to Kubernetes -The architecture for SR-IOV (Single Root I/O Virtualization) in Kubernetes +The architecture for SR-IOV (Single Root I/O Virtualisation) in Kubernetes involves several components and configurations to ensure that virtual functions (VFs) from a single physical network device can be managed and allocated efficiently. This setup enhances network performance and provides direct access diff --git a/docs/src/snap/explanation/ingress.md b/docs/src/snap/explanation/ingress.md index a915d701e..09ebf334b 100644 --- a/docs/src/snap/explanation/ingress.md +++ b/docs/src/snap/explanation/ingress.md @@ -19,7 +19,7 @@ CNI (Container Network Interface) called [Cilium][Cilium]. If you wish to use a different network plugin the implementation and configuration falls under your responsibility. -Learn how to use the {{product}} default network in the [networking HowTo guide][Network]. +Learn how to use the {{product}} default network in the [networking how-to guide][Network]. ## Kubernetes Pods and Services diff --git a/docs/src/snap/explanation/security.md b/docs/src/snap/explanation/security.md index c0a7b1dcc..8daeb368f 100644 --- a/docs/src/snap/explanation/security.md +++ b/docs/src/snap/explanation/security.md @@ -44,11 +44,11 @@ have access to your cluster. Describing the security mechanisms of these clouds is out of the scope of this documentation, but you may find the following links useful. -- Amazon Web Services -- Google Cloud Platform -- Metal As A Service(MAAS) -- Microsoft Azure -- VMWare VSphere +- [Amazon Web Services security][] +- [Google Cloud Platform security][] +- [Metal As A Service(MAAS) hardening][] +- [Microsoft Azure security][] +- [VMware VSphere hardening guides][] ## Security Compliance @@ -63,3 +63,9 @@ check the [roadmap][] for current areas of work. [snap documentation]: https://snapcraft.io/docs/security-sandboxing [rocks-security]: https://canonical-rockcraft.readthedocs-hosted.com/en/latest/explanation/rockcraft/ [roadmap]: ../reference/roadmap +[Amazon Web Services security]: https://aws.amazon.com/security/ +[Google Cloud Platform security]:https://cloud.google.com/security/ +[Metal As A Service(MAAS) hardening]:https://maas.io/docs/snap/3.0/ui/hardening-your-maas-installation +[Microsoft Azure security]:https://docs.microsoft.com/en-us/azure/security/azure-security +[VMware VSphere hardening guides]: https://www.vmware.com/security/hardening-guides.html + diff --git a/docs/src/snap/howto/backup-restore.md b/docs/src/snap/howto/backup-restore.md index cb5345ac4..dc54a9cab 100644 --- a/docs/src/snap/howto/backup-restore.md +++ b/docs/src/snap/howto/backup-restore.md @@ -64,7 +64,7 @@ sudo k8s kubectl expose deployment nginx -n workloads --port 80 ## Install Velero Download the Velero binary from the -[releases page on github][releases] and place it in our `PATH`. In this case we +[releases page on GitHub][releases] and place it in our `PATH`. In this case we install the v1.14.1 Linux binary for AMD64 under `/usr/local/bin`: ```bash @@ -100,7 +100,7 @@ EOF ``` We are now ready to install Velero into the cluster, with an aws plugin that -[matches][aws-plugin-matching] the velero release: +[matches][aws-plugin-matching] the Velero release: ```bash SERVICE_URL="http://${SERVICE}.velero.svc:9000" diff --git a/docs/src/snap/howto/cis-hardening.md b/docs/src/snap/howto/cis-hardening.md index dcc476fcd..f44c65cb1 100644 --- a/docs/src/snap/howto/cis-hardening.md +++ b/docs/src/snap/howto/cis-hardening.md @@ -73,7 +73,7 @@ sudo -E kube-bench --version ck8s-dqlite-cis-1.24 --config-dir ./kube-bench-ck8s ## Harden your deployments Before running a CIS Kubernetes audit, it is essential to first harden your -{{product}} deployment to minimize vulnerabilities and ensure +{{product}} deployment to minimise vulnerabilities and ensure compliance with industry best practices, as defined by the CIS Kubernetes Benchmark. diff --git a/docs/src/snap/howto/contribute.md b/docs/src/snap/howto/contribute.md index 05e08f1d2..67f1372b9 100644 --- a/docs/src/snap/howto/contribute.md +++ b/docs/src/snap/howto/contribute.md @@ -88,7 +88,7 @@ it on the [Diátaxis website]. In essence though, this guides the way we categorise and write our documentation. You can see there are four main categories of documentation: -- **Tutorials** for guided walkthroughs +- **Tutorials** for guided walk-throughs - **How to** pages for specific tasks and goals - **Explanation** pages which give background reasons and, well, explanations - **Reference**, where you will find the commands, the roadmap, etc. diff --git a/docs/src/snap/howto/epa.md b/docs/src/snap/howto/epa.md index b030a0585..278cb3420 100644 --- a/docs/src/snap/howto/epa.md +++ b/docs/src/snap/howto/epa.md @@ -7,7 +7,7 @@ page][explain-epa] for details about how EPA applies to {{product}}. The content starts with the setup of the environment (including steps for using [MAAS][MAAS]). Then the setup of {{product}}, including the Multus & SR-IOV/DPDK networking components. Finally, the steps needed to test every EPA feature: -HugePages, Real-time Kernel, CPU Pinning / Numa Topology Awareness and +HugePages, Real-time Kernel, CPU Pinning / NUMA Topology Awareness and SR-IOV/DPDK. ## What you'll need @@ -106,7 +106,7 @@ reboot ```{dropdown} Explanation of boot options -- `intel_iommu=on`: Enables Intel's Input-Output Memory Management Unit (IOMMU), which is used for device virtualization and Direct Memory Access (DMA) remapping. +- `intel_iommu=on`: Enables Intel's Input-Output Memory Management Unit (IOMMU), which is used for device virtualisation and Direct Memory Access (DMA) remapping. - `iommu=pt`: Sets the IOMMU to passthrough mode, allowing devices to directly access physical memory without translation. - `usbcore.autosuspend=-1`: Disables USB autosuspend, preventing USB devices from being automatically suspended to save power. - `selinux=0`: Disables Security-Enhanced Linux (SELinux), a security module that provides mandatory access control. @@ -183,8 +183,8 @@ virtual functions. ``` ```{dropdown} Explanation of steps - * Breakdown of the content of the file /etc/netplan/99-sriov\_vfs.yaml : - * path: /etc/netplan/99-sriov\_vfs.yaml: This specifies the location of the configuration file. The "99" prefix in the filename usually indicates that it will be processed last, potentially overriding other configurations. + * Breakdown of the content of the file `/etc/netplan/99-sriov\_vfs.yaml` : + * path: `/etc/netplan/99-sriov\_vfs.yaml`: This specifies the location of the configuration file. The "99" prefix in the filename usually indicates that it will be processed last, potentially overriding other configurations. * enp152s0f1: This is the name of the physical network interface you want to create VFs on. This name may vary depending on your system. * virtual-function-count: 128: This is the key line that instructs Netplan to create 128 virtual functions on the specified physical interface. Each of these VFs can be assigned to a different virtual machine or container, effectively allowing them to share the physical adapter's bandwidth. * permissions: "0600": This is an optional line that sets the file permissions to 600 (read and write access only for the owner). @@ -212,7 +212,7 @@ virtual functions. ``` -Now enable DPDK, first by cloning the DPDK repo, and then placing the script which +Now enable DPDK, first by cloning the DPDK repository, and then placing the script which will bind the VFs to the VFIO-PCI driver in the location that will run automatically each time the system boots up, so the VFIO (Virtual Function I/O) bindings are applied consistently: @@ -231,9 +231,9 @@ sudo chmod 0755 /var/lib/cloud/scripts/per-boot/dpdk_bind.sh ```{dropdown} Explanation * Load VFIO Module (modprobe vfio-pci): If the DPDK directory exists, the script loads the VFIO-PCI kernel module. This module is necessary for the VFIO driver to function. - * The script uses the dpdk-devbind.py tool (included with DPDK) to list the available network devices and their drivers. + * The script uses the `dpdk-devbind.py` tool (included with DPDK) to list the available network devices and their drivers. * It filters this output using grep drv=iavf to find devices that are currently using the iavf driver (a common driver for Intel network adapters), excluding the physical network interface itself and just focusing on the virtual functions (VFs). - * Bind VFs to VFIO: The script uses dpdk-devbind.py again, this time with the \--bind=vfio-pci option, to bind the identified VFs to the VFIO-PCI driver. This step essentially tells the kernel to relinquish control of these devices to DPDK. + * Bind VFs to VFIO: The script uses `dpdk-devbind.py` again, this time with the \--bind=vfio-pci option, to bind the identified VFs to the VFIO-PCI driver. This step essentially tells the kernel to relinquish control of these devices to DPDK. ``` To test that the VFIO Kernel Module and DPDK are enabled: @@ -276,7 +276,7 @@ With these preparation steps we have enabled the features of EPA: - NUMA and CPU Pinning are available to the first 32 CPUs - Real-Time Kernel is enabled - HugePages are enabled and 1000 1G huge pages are available -- SRIOV is enabled in the enp152s0f1 interface, with 128 virtual +- SR-IOV is enabled in the enp152s0f1 interface, with 128 virtual function interfaces bound to the vfio-pci driver (that could also use the iavf driver) - DPDK is enabled in all the 128 virtual function interfaces @@ -284,8 +284,8 @@ With these preparation steps we have enabled the features of EPA: ````{group-tab} MAAS -To prepare a machine for CPU isolation, Hugepages, real-time kernel, -SRIOV and DPDK we leverage cloud-init through MAAS. +To prepare a machine for CPU isolation, HugePages, real-time kernel, +SR-IOV and DPDK we leverage cloud-init through MAAS. ``` #cloud-config @@ -391,10 +391,10 @@ power_state: ```{note} -In the above file, the realtime kernel 6.8 is installed from a private PPA. +In the above file, the `realtime kernel` 6.8 is installed from a private PPA. It was recently backported from 24.04 to 22.04 and is still going through some validation stages. Once it is officially released, it will be -installable via the Ubuntu Pro cli. +installable via the Ubuntu Pro CLI. ``` -* `datastore-url` expects a comma seperated list of addresses +* `datastore-url` expects a comma separated list of addresses (e.g. `https://10.42.254.192:2379,https://10.42.254.193:2379,https://10.42.254.194:2379`) * `datastore-ca-crt` expects a certificate for the CA in PEM format diff --git a/docs/src/snap/howto/install/lxd.md b/docs/src/snap/howto/install/lxd.md index f72afaa4f..60f8df590 100644 --- a/docs/src/snap/howto/install/lxd.md +++ b/docs/src/snap/howto/install/lxd.md @@ -109,7 +109,7 @@ port assigned by Kubernetes. In this example, we will use [Microbot] as it provides a simple HTTP endpoint to expose. These steps can be applied to any other deployment. -First, initialize the k8s cluster with +First, initialise the k8s cluster with ``` lxc exec k8s -- sudo k8s bootstrap diff --git a/docs/src/snap/howto/install/multipass.md b/docs/src/snap/howto/install/multipass.md index 7c15847c5..d008b9815 100644 --- a/docs/src/snap/howto/install/multipass.md +++ b/docs/src/snap/howto/install/multipass.md @@ -1,6 +1,6 @@ # Install with Multipass (Ubuntu/Mac/Windows) -**Multipass** is a simple way to run Ubuntu in a +[Multipass][]is a simple way to run Ubuntu in a virtual machine, no matter what your underlying OS. It is the recommended way to run {{product}} on Windows and macOS systems, and is equally useful for running multiple instances of the `k8s` snap on Ubuntu too. @@ -26,7 +26,7 @@ Multipass is shipped as a snap for Ubuntu and other OSes which support the Windows users should download and install the Multipass installer from the website. -The latest version is available here , +The [latest Windows version][] is available to download, though you may wish to visit the [Multipass website][] for more details. @@ -37,7 +37,7 @@ though you may wish to visit the [Multipass website][] for more details. Users running macOS should download and install the Multipass installer from the website. -The latest version is available here , +The [latest macOS version] is available to download, though you may wish to visit the [Multipass website][] for more details, including an alternate install method using `brew`. @@ -60,14 +60,14 @@ multipass launch 22.04 --name k8s-node --memory 4G --disk 20G --cpus 2 This command specifies: -- **22.04**: The Ubuntu image used as the basis for the instance -- **--name**: The name by which you will refer to the instance -- **--memory**: The memory to allocate -- **--disk**: The disk space to allocate -- **--cpus**: The number of CPU cores to reserve for this instance +- `22.04`: The Ubuntu image used as the basis for the instance +- `--name`: The name by which you will refer to the instance +- `--memory`: The memory to allocate +- `--disk`: The disk space to allocate +- `--cpus`: The number of CPU cores to reserve for this instance For more details of creating instances with Multipass, please see the -[Multipass documentation][multipass-options] about instance creation. +[Multipass documentation][Multipass-options] about instance creation. ## Access the created instance @@ -111,8 +111,11 @@ multipass purge +[Multipass]:https://multipass.run/ [snap-support]: https://snapcraft.io/docs/installing-snapd -[multipass-options]: https://multipass.run/docs/get-started-with-multipass-linux#heading--create-a-customised-instance +[Multipass-options]: https://multipass.run/docs/get-started-with-multipass-linux#heading--create-a-customised-instance [install instructions]: ./snap [Getting started]: ../../tutorial/getting-started [Multipass website]: https://multipass.run/docs +[latest Window version]:https://multipass.run/download/windows +[latest macOS version]:https://multipass.run/download/macos diff --git a/docs/src/snap/howto/install/offline.md b/docs/src/snap/howto/install/offline.md index d44fb1642..e522efa50 100644 --- a/docs/src/snap/howto/install/offline.md +++ b/docs/src/snap/howto/install/offline.md @@ -91,7 +91,7 @@ All workloads in a Kubernetes cluster are run as an OCI image. Kubernetes needs to be able to fetch these images and load them into the container runtime. For {{product}}, it is also necessary to fetch the images used -by its features (network, dns, etc.) as well as any images that are +by its features (network, DNS, etc.) as well as any images that are needed to run specific workloads. ```{note} @@ -124,8 +124,8 @@ ghcr.io/canonical/metrics-server:0.7.0-ck2 ghcr.io/canonical/rawfile-localpv:0.8.0-ck4 ``` -A list of images can also be found in the `images.txt` file when unsquashing the -downloaded k8s snap. +A list of images can also be found in the `images.txt` file when the +downloaded k8s snap is unsquashed. Please ensure that the images used by workloads are tracked as well. diff --git a/docs/src/snap/howto/networking/default-ingress.md b/docs/src/snap/howto/networking/default-ingress.md index 2340c806d..e70d66157 100644 --- a/docs/src/snap/howto/networking/default-ingress.md +++ b/docs/src/snap/howto/networking/default-ingress.md @@ -55,7 +55,7 @@ You should see three options: ### TLS Secret You can create a TLS secret by following the official -[Kubernetes documentation][kubectl-create-secret-tls/]. +[Kubernetes documentation][kubectl-create-secret-TLS/]. Please remember to use `sudo k8s kubectl` (See the [kubectl-guide]). Tell Ingress to use your new Ingress certificate: @@ -105,7 +105,7 @@ sudo k8s help disable -[kubectl-create-secret-tls/]: https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_tls/ +[kubectl-create-secret-TLS/]: https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_tls/ [proxy-protocol]: https://kubernetes.io/docs/reference/networking/service-protocols/#protocol-proxy-special [getting-started-guide]: ../../tutorial/getting-started [kubectl-guide]: ../../tutorial/kubectl diff --git a/docs/src/snap/howto/networking/default-loadbalancer.md b/docs/src/snap/howto/networking/default-loadbalancer.md index 4ca55115a..6552b87a0 100644 --- a/docs/src/snap/howto/networking/default-loadbalancer.md +++ b/docs/src/snap/howto/networking/default-loadbalancer.md @@ -9,7 +9,7 @@ explains how to configure and enable the load-balancer. This guide assumes the following: - You have root or sudo access to the machine. -- You have a bootstraped {{product}} cluster (see the [Getting +- You have a bootstrapped {{product}} cluster (see the [Getting Started][getting-started-guide] guide). ## Check the status and configuration @@ -32,7 +32,7 @@ sudo k8s get load-balancer This should output a list of values like this: -- `cidrs` - a list containing [cidr] or IP address range definitions of the +- `cidrs` - a list containing [CIDR] or IP address range definitions of the pool of IP addresses to use - `l2-mode` - whether L2 mode (failover) is turned on - `l2-interfaces` - optional list of interfaces to announce services over @@ -80,6 +80,5 @@ sudo k8s disable load-balancer - -[cidr]: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing +[CIDR]: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing [getting-started-guide]: ../../tutorial/getting-started diff --git a/docs/src/snap/howto/networking/dualstack.md b/docs/src/snap/howto/networking/dualstack.md index 406245ff5..efa1b0c19 100644 --- a/docs/src/snap/howto/networking/dualstack.md +++ b/docs/src/snap/howto/networking/dualstack.md @@ -140,7 +140,7 @@ limitations regarding CIDR size: - **/108 is the maximum size for the Service CIDR** Using a smaller value than `/108` for service CIDRs -may cause issues like failure to initialize the IPv6 allocator. This is due +may cause issues like failure to initialise the IPv6 allocator. This is due to the CIDR size being too large for Kubernetes to handle efficiently. See upstream reference: [kube-apiserver validation][kube-apiserver-test] diff --git a/docs/src/snap/howto/networking/ipv6.md b/docs/src/snap/howto/networking/ipv6.md index da88ef9a5..65bd5cc99 100644 --- a/docs/src/snap/howto/networking/ipv6.md +++ b/docs/src/snap/howto/networking/ipv6.md @@ -138,5 +138,5 @@ connectivity is set up correctly. **Service and Pod CIDR Sizing** Use `/108` as the maximum size for Service CIDRs. Larger ranges (e.g., `/64`) -may lead to allocation errors or Kubernetes failing to initialize the IPv6 +may lead to allocation errors or Kubernetes failing to initialise the IPv6 address allocator. diff --git a/docs/src/snap/howto/networking/proxy.md b/docs/src/snap/howto/networking/proxy.md index c6f78b674..d0f64414d 100644 --- a/docs/src/snap/howto/networking/proxy.md +++ b/docs/src/snap/howto/networking/proxy.md @@ -1,6 +1,6 @@ # Configure proxy settings for K8s -{{product}} packages a number of utilities (eg curl, helm) which need +{{product}} packages a number of utilities (for example curl, helm) which need to fetch resources they expect to find on the internet. In a constrained network environment, such access is usually controlled through proxies. diff --git a/docs/src/snap/howto/restore-quorum.md b/docs/src/snap/howto/restore-quorum.md index 99a8c4e8b..9050797c7 100755 --- a/docs/src/snap/howto/restore-quorum.md +++ b/docs/src/snap/howto/restore-quorum.md @@ -144,7 +144,7 @@ sudo tar xf recovery-k8s-dqlite-$timestamp-post-recovery.tar.gz \ -C /var/snap/k8s/common/var/lib/k8s-dqlite ``` -Node specific files need to be copied back to the k8s-dqlite state dir: +Node specific files need to be copied back to the k8s-dqlite state directory: ``` sudo cp /var/snap/k8s/common/var/lib/k8s-dqlite.bkp/cluster.crt \ diff --git a/docs/src/snap/howto/storage/ceph.md b/docs/src/snap/howto/storage/ceph.md index e318ea8f1..b379d2e5f 100644 --- a/docs/src/snap/howto/storage/ceph.md +++ b/docs/src/snap/howto/storage/ceph.md @@ -29,7 +29,7 @@ this demonstration will have less than 5 OSDs. (See [placement groups]) ceph osd pool create kubernetes 128 ``` -Initialize the pool as a Ceph block device pool. +Initialise the pool as a Ceph block device pool. ``` rbd pool init kubernetes @@ -48,8 +48,7 @@ capabilities to administer your Ceph cluster: ceph auth get-or-create client.kubernetes mon 'profile rbd' osd 'profile rbd pool=kubernetes' mgr 'profile rbd pool=kubernetes' ``` -For more information on user capabilities in Ceph, see -[https://docs.ceph.com/en/latest/rados/operations/user-management/#authorization-capabilities] +For more information on user capabilities in Ceph, see the [authorisation capabilities page][] ``` [client.kubernetes] @@ -60,7 +59,7 @@ Note the generated key, you will need it at a later step. ## Generate csi-config-map.yaml -First, get the fsid and the monitor addresses of your cluster. +First, get the `fsid` and the monitor addresses of your cluster. ``` sudo ceph mon dump @@ -79,7 +78,7 @@ election_strategy: 1 dumped monmap epoch 2 ``` -Keep note of the v1 IP (`10.0.0.136:6789`) and the fsid +Keep note of the v1 IP (`10.0.0.136:6789`) and the `fsid` (`6d5c12c9-6dfb-445a-940f-301aa7de0f29`) as you will need to refer to them soon. ``` @@ -131,11 +130,10 @@ Then apply: kubectl apply -f csi-kms-config-map.yaml ``` -If you do need to configure a KMS provider, an example ConfigMap is available in -the Ceph repository: -[https://github.com/ceph/ceph-csi/blob/devel/examples/kms/vault/kms-config.yaml] +If you do need to configure a KMS provider, an [example ConfigMap][] is available +in the Ceph repository. -Create the `ceph-config-map.yaml` which will be stored inside a ceph.conf file +Create the `ceph-config-map.yaml` which will be stored inside a `ceph.conf` file in the CSI containers. This `ceph.conf` file will be used by Ceph daemons on each container to authenticate with the Ceph cluster. @@ -188,7 +186,7 @@ Then apply: kubectl apply -f csi-rbd-secret.yaml ``` -## Create ceph-csi's custom Kubernetes objects +## Create ceph-csi custom Kubernetes objects Create the ServiceAccount and RBAC ClusterRole/ClusterRoleBinding objects: @@ -251,7 +249,7 @@ Then apply: kubectl apply -f csi-rbd-sc.yaml ``` -## Create a Persistant Volume Claim (PVC) for a RBD-backed file-system +## Create a Persistent Volume Claim (PVC) for a RBD-backed file-system This PVC will allow users to request RBD-backed storage. @@ -279,7 +277,7 @@ Then apply: kubectl apply -f pvc.yaml ``` -## Create a pod that binds to the Rados Block Device PVC +## Create a pod that binds to the RADOS Block Device PVC Finally, create a pod configuration that uses the RBD-backed PVC. @@ -313,7 +311,7 @@ kubectl apply -f pod.yaml ## Verify that the pod is using the RBD PV -To verify that the csi-rbd-demo-pod is indeed using a RBD Persistant Volume, run +To verify that the `csi-rbd-demo-pod` is indeed using a RBD Persistent Volume, run the following commands, you should see information related to attached volumes in both of their outputs: @@ -335,3 +333,5 @@ Ceph documentation: [Intro to Ceph]. [block-devices-and-kubernetes]: https://docs.ceph.com/en/latest/rbd/rbd-kubernetes/ [placement groups]: https://docs.ceph.com/en/mimic/rados/operations/placement-groups/ [Intro to Ceph]: https://docs.ceph.com/en/latest/start/intro/ +[authorisation capabilities page]:[https://docs.ceph.com/en/latest/rados/operations/user-management/#authorization-capabilities] +[example ConfigMap]:https://github.com/ceph/ceph-csi/blob/devel/examples/kms/vault/kms-config.yaml diff --git a/docs/src/snap/howto/two-node-ha.md b/docs/src/snap/howto/two-node-ha.md index cdd894a79..e7b1cdc99 100644 --- a/docs/src/snap/howto/two-node-ha.md +++ b/docs/src/snap/howto/two-node-ha.md @@ -134,7 +134,7 @@ DRBD_MOUNT_DIR=/mnt/drbd0 sudo mkdir -p $DRBD_MOUNT_DIR ``` -Run the following *once* to initialize the filesystem. +Run the following *once* to initialise the file system. ``` sudo drbdadm up r0 @@ -145,7 +145,7 @@ sudo mkfs.ext4 /dev/drbd0 sudo drbdadm down r0 ``` -Add the DRBD device to the ``multipathd`` blacklist, ensuring that the multipath +Add the DRBD device to the ``multipathd`` blacklist, ensuring that the `multipath` service will not attempt to manage this device: ``` @@ -304,7 +304,7 @@ WantedBy=multi-user.target The ``two-node-ha.sh start_service`` command used by the service wrapper automatically detects the expected Dqlite role based on the DRBD state. It then takes the necessary steps to bootstrap the Dqlite state directories, -synchronize with the peer node (if available) and recover the database. +synchronise with the peer node (if available) and recover the database. ``` When a DRBD failover occurs, the ``two-node-ha-k8s`` service needs to be @@ -385,8 +385,8 @@ Remove the offending segments and restart the ``two-node-ha-k8s`` service. ### DRBD split brain -The DRBD cluster may enter a [split brain] state and stop synchronizing. The -chances increase if fencing (stonith) is not enabled. +The DRBD cluster may enter a [split brain] state and stop synchronising. The +chances increase if fencing (STONITH) is not enabled. ``` ubuntu@hatwo:~$ sudo drbdadm status diff --git a/docs/src/snap/index.md b/docs/src/snap/index.md index 10ec043e9..d4b1e4f92 100644 --- a/docs/src/snap/index.md +++ b/docs/src/snap/index.md @@ -9,7 +9,6 @@ Overview :hidden: :titlesonly: :maxdepth: 6 -Overview tutorial/index.md howto/index.md explanation/index.md diff --git a/docs/src/snap/reference/annotations.md b/docs/src/snap/reference/annotations.md index 5a8ebf2b1..0868cda20 100644 --- a/docs/src/snap/reference/annotations.md +++ b/docs/src/snap/reference/annotations.md @@ -6,7 +6,7 @@ the bootstrap configuration. | Name | Description | Values | |---------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------| -| `k8sd/v1alpha/lifecycle/skip-cleanup-kubernetes-node-on-remove` | If set, only microcluster and file cleanup are performed. This is helpful when an external controller (e.g., CAPI) manages the Kubernetes node lifecycle. By default, k8sd will remove the Kubernetes node when it is removed from the cluster. | "true"\|"false" | +| `k8sd/v1alpha/lifecycle/skip-cleanup-kubernetes-node-on-remove` | If set, only MicroCluster and file cleanup are performed. This is helpful when an external controller (e.g., CAPI) manages the Kubernetes node lifecycle. By default, k8sd will remove the Kubernetes node when it is removed from the cluster. | "true"\|"false" | | `k8sd/v1alpha/lifecycle/skip-stop-services-on-remove` | If set, the k8s services will not be stopped on the leaving node when removing the node. This is helpful when an external controller (e.g., CAPI) manages the Kubernetes node lifecycle. By default, all services are stopped on leaving nodes. | "true"\|"false" | | `k8sd/v1alpha1/csrsigning/auto-approve` | If set, certificate signing requests created by worker nodes are auto approved. | "true"\|"false" | | `k8sd/v1alpha1/calico/apiserver-enabled` | Enable the installation of the Calico API server to enable management of Calico APIs using kubectl. | "true"\|"false" | @@ -26,7 +26,7 @@ the bootstrap configuration. | `k8sd/v1alpha1/calico/autodetection-v6/cidrs` | Enable IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs. | []string (comma separated) | | `k8sd/v1alpha1/cilium/devices` | List of devices facing cluster/external network (used for BPF NodePort, BPF masquerading and host firewall); supports `+` as wildcard in device name, e.g. `eth+,ens+` | string | | `k8sd/v1alpha1/cilium/direct-routing-device` | Device name used to connect nodes in direct routing mode (used by BPF NodePort, BPF host routing); if empty, automatically set to a device with k8s InternalIP/ExternalIP or with a default route. Bridge type devices are ignored in automatic selection | string | -| `k8sd/v1alpha1/cilium/vlan-bpf-bypass` | Comma separated list of VLAN tags to bypass eBPF filtering on native devices. Cilium enables firewalling on native devices and filters all unknown traffic, including VLAN 802.1q packets, which pass through the main device with the associated tag (e.g., VLAN device eth0.4000 and its main interface eth0). Supports `0` as wildcard for bypassing all VLANs. e.g. `4001,4002` | []string | +| `k8sd/v1alpha1/cilium/vlan-bpf-bypass` | Comma separated list of VLAN tags to bypass eBPF filtering on native devices. Cilium enables a firewall on native devices and filters all unknown traffic, including VLAN 802.1q packets, which pass through the main device with the associated tag (e.g., VLAN device eth0.4000 and its main interface eth0). Supports `0` as wildcard for bypassing all VLANs. e.g. `4001,4002` | []string | | `k8sd/v1alpha1/metrics-server/image-repo` | Override the default image repository for the metrics-server. | string | | `k8sd/v1alpha1/metrics-server/image-tag` | Override the default image tag for the metrics-server. | string | diff --git a/docs/src/snap/reference/architecture.md b/docs/src/snap/reference/architecture.md index a24c5ff6a..02170835e 100644 --- a/docs/src/snap/reference/architecture.md +++ b/docs/src/snap/reference/architecture.md @@ -116,7 +116,7 @@ determines the node's role in the Kubernetes cluster. The `k8s` charm manages directing the `juju` controller to reach the model's eventually consistent state. For more detail on Juju's concepts, see the [Juju docs][]. -The administrator may choose any supported cloud-types (Openstack, MAAS, AWS, +The administrator may choose any supported cloud-types (OpenStack, MAAS, AWS, GCP, Azure...) on which to manage the machines making up the Kubernetes cluster. Juju selects a single leader unit per application to act as a centralised figure with the model. The `k8s` leader oversees Kubernetes diff --git a/docs/src/snap/reference/certificates.md b/docs/src/snap/reference/certificates.md index 29df8bdb0..996d80f6c 100644 --- a/docs/src/snap/reference/certificates.md +++ b/docs/src/snap/reference/certificates.md @@ -26,13 +26,13 @@ their issuance. | **Common Name** | **Purpose** | **File Location** | **Primary Function** | **Signed By** | |--------------------------------------------|-----------|------------------------------------------------------|------------------------------------------------------------------|-----------------------------| | `kube-apiserver` | Server | `/etc/kubernetes/pki/apiserver.crt` | Securing the API server endpoint | `kubernetes-ca` | -| `apiserver-kubelet-client` | Client | `/etc/kubernetes/pki/apiserver-kubelet-client.crt` | API server communication with kubelets | `kubernetes-ca-client` | +| `apiserver-kubelet-client` | Client | `/etc/kubernetes/pki/apiserver-kubelet-client.crt` | API server communication with kubelet | `kubernetes-ca-client` | | `kube-apiserver-etcd-client` | Client | `/etc/kubernetes/pki/apiserver-etcd-client.crt` | API server communication with etcd | `kubernetes-ca-client` | | `front-proxy-client` | Client | `/etc/kubernetes/pki/front-proxy-client.crt` | API server communication with the front-proxy | `kubernetes-front-proxy-ca` | | `system:kube-controller-manager` | Client | `/etc/kubernetes/pki/controller-manager.crt` | Communication between the controller manager and the API server | `kubernetes-ca-client` | | `system:kube-scheduler` | Client | `/etc/kubernetes/pki/scheduler.crt` | Communication between the scheduler and the API server | `kubernetes-ca-client` | | `system:kube-proxy` | Client | `/etc/kubernetes/pki/proxy.crt` | Communication between kube-proxy and the API server | `kubernetes-ca-client` | -| `system:node:$hostname` | Client | `/etc/kubernetes/pki/kubelet-client.crt` | Authentication of kubelets to the API server | `kubernetes-ca-client` | +| `system:node:$hostname` | Client | `/etc/kubernetes/pki/kubelet-client.crt` | Authentication of kubelet to the API server | `kubernetes-ca-client` | | `k8s-dqlite` | Client | `/var/snap/k8s/common/var/lib/k8s-dqlite/cluster.crt`| Communication between k8s-dqlite nodes and API server | `self-signed` | | `root@$hostname` | Client | `/var/snap/k8s/common/var/lib/k8s-dqlite/cluster.crt` | Communication between k8sd nodes | `self-signed` | diff --git a/docs/src/snap/reference/control-plane-join-config-reference.md b/docs/src/snap/reference/control-plane-join-config-reference.md index 855b816a4..06875521a 100755 --- a/docs/src/snap/reference/control-plane-join-config-reference.md +++ b/docs/src/snap/reference/control-plane-join-config-reference.md @@ -1,7 +1,7 @@ # Control plane node join configuration file reference A YAML file can be supplied to the `k8s join-cluster ` command to configure and -customize new nodes. +customise new nodes. This reference section provides all available options for control plane nodes. diff --git a/docs/src/snap/reference/releases.md b/docs/src/snap/reference/releases.md index 2e73630c9..b6035eb58 100644 --- a/docs/src/snap/reference/releases.md +++ b/docs/src/snap/reference/releases.md @@ -18,7 +18,7 @@ Currently {{product}} is working towards general availability, but you can install it now to try: - **Clustering** - need high availability or just an army of worker nodes? - {{product}} is emminently scaleable, see the [tutorial on adding + {{product}} is eminently scalable, see the [tutorial on adding more nodes][nodes]. - **Networking** - Our built-in network component allows cluster administrators to automatically scale and secure network policies across the cluster. Find diff --git a/docs/src/snap/reference/roadmap.md b/docs/src/snap/reference/roadmap.md index 63550f85c..a97ae5657 100644 --- a/docs/src/snap/reference/roadmap.md +++ b/docs/src/snap/reference/roadmap.md @@ -7,7 +7,7 @@ future direction and priorities of the project. Our roadmap matches the cadence of the Ubuntu release cycle, so `24.10` is the same as the release date for Ubuntu 24.10. This does not precisely map to the release cycle of Kubernetes versions, so please consult the [release notes] for -specifics of whatfeatures have been delivered. +specifics of what features have been delivered. ``` {csv-table} {{product}} public roadmap diff --git a/docs/src/snap/reference/troubleshooting.md b/docs/src/snap/reference/troubleshooting.md index f6b44a3f1..a4edf0d94 100644 --- a/docs/src/snap/reference/troubleshooting.md +++ b/docs/src/snap/reference/troubleshooting.md @@ -44,7 +44,7 @@ the kubelet. kubelet needs a feature from cgroup and the kernel may not be set up appropriately to provide the cpuset feature. ``` -E0125 00:20:56.003890 2172 kubelet.go:1466] "Failed to start ContainerManager" err="failed to initialize top level QOS containers: root container [kubepods] doesn't exist" +E0125 00:20:56.003890 2172 kubelet.go:1466] "Failed to start ContainerManager" err="failed to initialise top level QOS containers: root container [kubepods] doesn't exist" ``` ### Explanation @@ -54,7 +54,7 @@ An excellent deep-dive of the issue exists at Commenter [@haircommander][] [states][kubernetes-122955-2020403422] > basically: we've figured out that this issue happens because libcontainer -> doesn't initialize the cpuset cgroup for the kubepods slice when the kubelet +> doesn't initialise the cpuset cgroup for the kubepods slice when the kubelet > initially calls into it to do so. This happens because there isn't a cpuset > defined on the top level of the cgroup. however, we fail to validate all of > the cgroup controllers we need are present. It's possible this is a @@ -68,7 +68,7 @@ Commenter [@haircommander][] [states][kubernetes-122955-2020403422] ### Solution This is in the process of being fixed upstream via -[kubernetes/kuberetes #125923][kubernetes-125923]. +[kubernetes/kubernetes #125923][kubernetes-125923]. In the meantime, the best solution is to create a `Delegate=yes` configuration in systemd. diff --git a/docs/src/snap/reference/worker-join-config-reference.md b/docs/src/snap/reference/worker-join-config-reference.md index 5f170f484..d10ea5ba2 100755 --- a/docs/src/snap/reference/worker-join-config-reference.md +++ b/docs/src/snap/reference/worker-join-config-reference.md @@ -1,7 +1,7 @@ # Worker node join configuration file reference A YAML file can be supplied to the `k8s join-cluster ` command to configure and -customize new worker nodes. +customise new worker nodes. This reference section provides all available options for worker nodes. diff --git a/docs/src/snap/tutorial/add-remove-nodes.md b/docs/src/snap/tutorial/add-remove-nodes.md index 24b2bb88a..72ff32988 100644 --- a/docs/src/snap/tutorial/add-remove-nodes.md +++ b/docs/src/snap/tutorial/add-remove-nodes.md @@ -8,7 +8,7 @@ This tutorial simplifies the concept by creating a cluster within a controlled environment using two Multipass VMs. The approach here allows us to focus on the foundational aspects of clustering using {{product}} without the complexities of a full-scale, production setup. If your nodes are already -installed, you can skip the multipass setup and go to [step 2](step2). +installed, you can skip the Multipass setup and go to [step 2](step2). ## Before starting @@ -76,7 +76,7 @@ A base64 token will be printed to your terminal. Keep it handy as you will need it for the next step. ```{note} It's advisable to name the new node after the hostname of the - worker node (in this case, the VM's hostname is worker). + worker node (in this case, the VM hostname is worker). ``` ### 3. Join the cluster on the worker node diff --git a/docs/tools/.custom_wordlist.txt b/docs/tools/.custom_wordlist.txt index 7893c42d2..40495c3f4 100644 --- a/docs/tools/.custom_wordlist.txt +++ b/docs/tools/.custom_wordlist.txt @@ -1,66 +1,266 @@ +adapter's +adapters +allocatable +allocator +AlwaysPullImages +api apiserver apparmor AppArmor +args +ARP +asn +ASN autostart +autosuspend aws +backend +backported +balancers +benoitblanchon +bgp +BGP +bootloader +CABPCK +CACPCK +capi CAPI +CAs +Center +ceph Ceph +cephcsi +cephx cgroup -CIDRS +cgroups +cidr +CIDR +cidrs CIDRs +CK8sControlPlane +CLI +CLIs +CloudFormation +ClusterAPI +clusterctl +ClusterRole +ClusterRoleBinding +CMK CNI +Commenter config +configMap +ConfigMap containerd CoreDNS +Corosync CPUs cpuset +crt +csi +CSI +CSRs +cyclictest daemonset +DaemonSet datastore +datastores dbus +de +deallocation +deployable +discoverable +DMA +dns DNS +DPDK +DRBD +drv dqlite +EAL EasyRSA +enp +enum etcd +EventRateLimit +failover +gapped GCP ghcr +Gi +github +GPLv +Graber +Graber's grafana +haircommander +Harbor +hostname +hostpath +HPC html http https +HugePage +HugePages +iavf +init initialise +integrations +io +IOMMU +IOV +ip +IPv +IPv4 +IPv6 +IRQs +Jinja +jitter juju +Juju's +KMS +kube +kube-apiserver +kube-controller-manager +kube-proxy +kube-scheduler +kube-system kubeconfig kubectl kubelet kubepods kubernetes +latencies +Latencies libcontainer lifecycle linux +Lite's +LoadBalancer localhost +Lookaside +lookups +loopback +LPM lxc +LxcSecurity LXD MAAS +macOS +Maskable +MCE +MetalLB +Microbot +MicroCluster +MicroK +MicroK8s +MinIO +modprobe +Moonray +mq +mtu +MTU +multicast +MULTICAST Multipass +Multus nameservers +Netplan +NetworkAttachmentDefinition +NFD +NFV +nginx NGINX +NIC +NMI +nodeport +nohz +NUMA +numactl OCI +OOM OpenStack +OSDs +ParseDuration +passthrough +passwordless +pci +PEM +performant +PID +PMD +PMDs +PPA proc +programmatically +provisioner +PRs +PV +qdisc +qlen +QoS +RADOS +rbac RBAC +RBD +rc +RCU +README +regctl regsync roadmap Rockcraft +rollout +runtimes rw +sandboxed +SANs +scalable +SCHED +sControlPlane +sd +SELinux +ServiceAccount +Snapcraft snapd +SR-IOV stackexchange +stgraber +STONITH +StorageClass +sudo sys systemd +taskset +Telco +throughs +tickless +TLB +tls TLS +toml +TSC +TTL +ttyS ubuntu unix +unschedulable +unsquashed +Velero +vf +VF +vfio +VFIO +VFs +virtualised +VLAN VMs -VMWare +VMware +VNFs +VPCs VSphere +WIP www yaml +YAMLs From be1e3a6258ea2675d30cc8fb640da1222d65228d Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Fri, 15 Nov 2024 16:29:47 -0500 Subject: [PATCH 103/122] Fix formatting and update documentation after merge (#807) --- docs/src/_parts/bootstrap_config.md | 2 +- src/k8s/k8s-snap-api | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 160000 src/k8s/k8s-snap-api diff --git a/docs/src/_parts/bootstrap_config.md b/docs/src/_parts/bootstrap_config.md index 6594f10ae..b1ed6f477 100644 --- a/docs/src/_parts/bootstrap_config.md +++ b/docs/src/_parts/bootstrap_config.md @@ -189,7 +189,7 @@ If omitted defaults to `true`. Sets the cloud provider to be used by the cluster. When this is set as `external`, node will wait for an external cloud provider to -do cloud specific setup and finish node initialisation. +do cloud specific setup and finish node initialization. Possible values: `external`. diff --git a/src/k8s/k8s-snap-api b/src/k8s/k8s-snap-api new file mode 160000 index 000000000..1de465af3 --- /dev/null +++ b/src/k8s/k8s-snap-api @@ -0,0 +1 @@ +Subproject commit 1de465af3b958534d8409d0ed22b3a366bc67ec6 From 47810ae155e013dd2d0a530131216f61d668ad89 Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Fri, 15 Nov 2024 17:00:10 -0500 Subject: [PATCH 104/122] Revert "Fix formatting and update documentation after merge" (#808) --- docs/src/_parts/bootstrap_config.md | 2 +- src/k8s/k8s-snap-api | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) delete mode 160000 src/k8s/k8s-snap-api diff --git a/docs/src/_parts/bootstrap_config.md b/docs/src/_parts/bootstrap_config.md index b1ed6f477..6594f10ae 100644 --- a/docs/src/_parts/bootstrap_config.md +++ b/docs/src/_parts/bootstrap_config.md @@ -189,7 +189,7 @@ If omitted defaults to `true`. Sets the cloud provider to be used by the cluster. When this is set as `external`, node will wait for an external cloud provider to -do cloud specific setup and finish node initialization. +do cloud specific setup and finish node initialisation. Possible values: `external`. diff --git a/src/k8s/k8s-snap-api b/src/k8s/k8s-snap-api deleted file mode 160000 index 1de465af3..000000000 --- a/src/k8s/k8s-snap-api +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 1de465af3b958534d8409d0ed22b3a366bc67ec6 From eb633229237cbecaf2b7151d8055f434df4fafdc Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Mon, 18 Nov 2024 09:50:16 -0500 Subject: [PATCH 105/122] revert spelling change (#809) --- docs/src/_parts/bootstrap_config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/src/_parts/bootstrap_config.md b/docs/src/_parts/bootstrap_config.md index 6594f10ae..b1ed6f477 100644 --- a/docs/src/_parts/bootstrap_config.md +++ b/docs/src/_parts/bootstrap_config.md @@ -189,7 +189,7 @@ If omitted defaults to `true`. Sets the cloud provider to be used by the cluster. When this is set as `external`, node will wait for an external cloud provider to -do cloud specific setup and finish node initialisation. +do cloud specific setup and finish node initialization. Possible values: `external`. From 99e7a5e0630f14602a690760588cd53e53379b4c Mon Sep 17 00:00:00 2001 From: Nashwan Azhari Date: Mon, 18 Nov 2024 17:04:31 +0200 Subject: [PATCH 106/122] fix: ensure nf_conntrack module loaded for kube-proxy. (#743) * fix: ensure nf_conntrack module loaded for kube-proxy. This patch ensures that the `nf_conntrack` kernel module is loaded before the `kube-proxy` service is started so it can read some necessary conntrack module-related params from procfs. Previously, although the `kube-proxy` service always crashed if the module wasn't loaded, this wasn't that common of an occurrence in practice as there are quite a few ways `nf_conntrack` gets loaded transparently: * Cilium [automatically loads `iptable_nat`](https://github.com/cilium/cilium/blob/63cd391f93b4e2c865268241d384504348672042/pkg/datapath/iptables/iptables.go#L367-L368) after a small startup delay, whose dependency tree includes `nf_conntrack` * starting firewalld/ufw/most other firewall services * setting iptables/nftables rules which imply session tracking By explicitly loading `nf_conntrack` from the `kube-proxy` service wrapper directly, it should ensure the procfs values kube-proxy reads are always present on startup. Signed-off-by: Nashwan Azhari * ci: install nf_conntrack module in integration test base LXC image. Signed-off-by: Nashwan Azhari --------- Signed-off-by: Nashwan Azhari --- k8s/lib.sh | 8 ++++++++ k8s/wrappers/services/kube-proxy | 12 ++++++++++++ tests/integration/lxd-profile.yaml | 2 +- tests/integration/lxd/setup-image.sh | 6 ++++++ 4 files changed, 27 insertions(+), 1 deletion(-) diff --git a/k8s/lib.sh b/k8s/lib.sh index ba6d96b1a..27cee90e0 100755 --- a/k8s/lib.sh +++ b/k8s/lib.sh @@ -190,3 +190,11 @@ k8s::kubelet::ensure_shared_root_dir() { mount -o remount --make-rshared "$SNAP_COMMON/var/lib/kubelet" /var/lib/kubelet fi } + +# Loads the kernel module names given as arguments +# Example: 'k8s::util::load_kernel_modules mod1 mod2 mod3' +k8s::util::load_kernel_modules() { + k8s::common::setup_env + + modprobe $@ +} diff --git a/k8s/wrappers/services/kube-proxy b/k8s/wrappers/services/kube-proxy index 6cd55a999..ef368665a 100755 --- a/k8s/wrappers/services/kube-proxy +++ b/k8s/wrappers/services/kube-proxy @@ -3,4 +3,16 @@ . "$SNAP/k8s/lib.sh" k8s::util::wait_kube_apiserver + +# NOTE: kube-proxy reads some values related to the `nf_conntrack` +# module from procfs on startup, so we must ensure it's loaded: +# https://github.com/canonical/k8s-snap/issues/626 +if [ -f "/proc/sys/net/netfilter/nf_conntrack_max" ]; then + echo "Kernel module nf_conntrack was already loaded before kube-proxy startup." +else + k8s::util::load_kernel_modules nf_conntrack \ + && echo "Successfully modprobed nf_conntrack before kube-proxy startup." \ + || echo "WARN: Failed to 'modprobe nf_conntrack' before kube-proxy startup." +fi + k8s::common::execute_service kube-proxy diff --git a/tests/integration/lxd-profile.yaml b/tests/integration/lxd-profile.yaml index c6a05f38e..7f5e720dc 100644 --- a/tests/integration/lxd-profile.yaml +++ b/tests/integration/lxd-profile.yaml @@ -1,6 +1,6 @@ description: "LXD profile for Canonical Kubernetes" config: - linux.kernel_modules: ip_vs,ip_vs_rr,ip_vs_wrr,ip_vs_sh,ip_tables,ip6_tables,iptable_raw,netlink_diag,nf_nat,overlay,br_netfilter,xt_socket + linux.kernel_modules: ip_vs,ip_vs_rr,ip_vs_wrr,ip_vs_sh,ip_tables,ip6_tables,iptable_raw,netlink_diag,nf_nat,overlay,br_netfilter,xt_socket,nf_conntrack raw.lxc: | lxc.apparmor.profile=unconfined lxc.mount.auto=proc:rw sys:rw cgroup:rw diff --git a/tests/integration/lxd/setup-image.sh b/tests/integration/lxd/setup-image.sh index 4b587bad1..c5427fc5e 100755 --- a/tests/integration/lxd/setup-image.sh +++ b/tests/integration/lxd/setup-image.sh @@ -69,6 +69,8 @@ case "${BASE_DISTRO}" in # snapd is preinstalled on Ubuntu OSes lxc shell tmp-builder -- bash -c 'snap wait core seed.loaded' lxc shell tmp-builder -- bash -c 'snap install '"${BASE_SNAP}" + # NOTE(aznashwan): 'nf_conntrack' required by kube-proxy: + lxc shell tmp-builder -- bash -c 'apt update && apt install -y "linux-modules-$(uname -r)"}' ;; almalinux) # install snapd and ensure /snap/bin is in the environment @@ -77,6 +79,8 @@ case "${BASE_DISTRO}" in lxc shell tmp-builder -- bash -c 'dnf install tar sudo -y' lxc shell tmp-builder -- bash -c 'dnf install fuse squashfuse -y' lxc shell tmp-builder -- bash -c 'dnf install snapd -y' + # NOTE(aznashwan): 'nf_conntrack' required by kube-proxy: + lxc shell tmp-builder -- bash -c 'dnf install -y kernel-modules-core' lxc shell tmp-builder -- bash -c 'systemctl enable --now snapd.socket' lxc shell tmp-builder -- bash -c 'ln -s /var/lib/snapd/snap /snap' @@ -92,6 +96,8 @@ case "${BASE_DISTRO}" in lxc shell tmp-builder -- bash -c 'snap install snapd '"${BASE_SNAP}" lxc shell tmp-builder -- bash -c 'echo PATH=$PATH:/snap/bin >> /etc/environment' lxc shell tmp-builder -- bash -c 'apt autoremove; apt clean; apt autoclean; rm -rf /var/lib/apt/lists' + # NOTE(aznashwan): 'nf_conntrack' required by kube-proxy: + lxc shell tmp-builder -- bash -c 'apt update && apt install -y "linux-modules-$(uname -r)"}' # NOTE(neoaggelos): disable apparmor in containerd, as it causes trouble in the default setup lxc shell tmp-builder -- bash -c ' From 19b99578262cb834194730bd7787f0d60db629bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berkay=20Tekin=20=C3=96z?= Date: Tue, 19 Nov 2024 12:32:57 +0300 Subject: [PATCH 107/122] Add registry mirrors, preload snapd and core20 (#799) --------- Co-authored-by: Lucian Petrut --- .github/workflows/integration.yaml | 1 + .github/workflows/nightly-test.yaml | 1 + k8s/scripts/inspect.sh | 14 ++ .../integration/templates/registry/hosts.toml | 2 + .../templates/registry/registry-config.yaml | 22 +++ .../templates/registry/registry.service | 15 ++ tests/integration/tests/conftest.py | 57 ++++++ tests/integration/tests/test_util/config.py | 29 +++ tests/integration/tests/test_util/registry.py | 178 ++++++++++++++++++ tests/integration/tests/test_util/util.py | 8 +- 10 files changed, 326 insertions(+), 1 deletion(-) create mode 100644 tests/integration/templates/registry/hosts.toml create mode 100644 tests/integration/templates/registry/registry-config.yaml create mode 100644 tests/integration/templates/registry/registry.service create mode 100644 tests/integration/tests/test_util/registry.py diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index bfcc903a0..2aefbb939 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -109,6 +109,7 @@ jobs: TEST_VERSION_UPGRADE_CHANNELS: "recent 6 classic" # Upgrading from 1.30 is not supported. TEST_VERSION_UPGRADE_MIN_RELEASE: "1.31" + TEST_MIRROR_LIST: '[{"name": "ghcr.io", "port": 5000, "remote": "https://ghcr.io", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}, {"name": "docker.io", "port": 5001, "remote": "https://registry-1.docker.io", "username": "", "password": ""}]' run: | cd tests/integration && sg lxd -c 'tox -e integration' - name: Prepare inspection reports diff --git a/.github/workflows/nightly-test.yaml b/.github/workflows/nightly-test.yaml index d2fd49972..3e7fd8972 100644 --- a/.github/workflows/nightly-test.yaml +++ b/.github/workflows/nightly-test.yaml @@ -48,6 +48,7 @@ jobs: # Upgrading from 1.30 is not supported. TEST_VERSION_UPGRADE_MIN_RELEASE: "1.31" TEST_STRICT_INTERFACE_CHANNELS: "recent 6 strict" + TEST_MIRROR_LIST: '[{"name": "ghcr.io", "port": 5000, "remote": "https://ghcr.io", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}, {"name": "docker.io", "port": 5001, "remote": "https://registry-1.docker.io", "username": "", "password": ""}]' run: | export PATH="/home/runner/.local/bin:$PATH" cd tests/integration && sg lxd -c 'tox -vve integration' diff --git a/k8s/scripts/inspect.sh b/k8s/scripts/inspect.sh index a4ae51cc5..9f559451c 100755 --- a/k8s/scripts/inspect.sh +++ b/k8s/scripts/inspect.sh @@ -111,6 +111,17 @@ function collect_service_diagnostics { journalctl -n 100000 -u "snap.$service" &>"$INSPECT_DUMP/$service/journal.log" } +function collect_registry_mirror_logs { + local mirror_units=`systemctl list-unit-files --state=enabled | grep "registry-" | awk '{print $1}'` + if [ -n "$mirror_units" ]; then + mkdir -p "$INSPECT_DUMP/mirrors" + + for mirror_unit in $mirror_units; do + journalctl -n 100000 -u "$mirror_unit" &>"$INSPECT_DUMP/mirrors/$mirror_unit.log" + done + fi +} + function collect_network_diagnostics { log_info "Copy network diagnostics to the final report tarball" ip a &>"$INSPECT_DUMP/ip-a.log" || true @@ -182,6 +193,9 @@ else check_expected_services "${worker_services[@]}" fi +printf -- 'Collecting registry mirror logs\n' +collect_registry_mirror_logs + printf -- 'Collecting service arguments\n' collect_args diff --git a/tests/integration/templates/registry/hosts.toml b/tests/integration/templates/registry/hosts.toml new file mode 100644 index 000000000..416c9a642 --- /dev/null +++ b/tests/integration/templates/registry/hosts.toml @@ -0,0 +1,2 @@ +[host."http://$IP:$PORT"] +capabilities = ["pull", "resolve"] diff --git a/tests/integration/templates/registry/registry-config.yaml b/tests/integration/templates/registry/registry-config.yaml new file mode 100644 index 000000000..28610ffbb --- /dev/null +++ b/tests/integration/templates/registry/registry-config.yaml @@ -0,0 +1,22 @@ +version: 0.1 +log: + fields: + service: registry +storage: + cache: + blobdescriptor: inmemory + filesystem: + rootdirectory: /var/lib/registry/$NAME +http: + addr: :$PORT + headers: + X-Content-Type-Options: [nosniff] +health: + storagedriver: + enabled: true + interval: 10s + threshold: 3 +proxy: + remoteurl: $REMOTE + username: $USERNAME + password: $PASSWORD diff --git a/tests/integration/templates/registry/registry.service b/tests/integration/templates/registry/registry.service new file mode 100644 index 000000000..83de843a6 --- /dev/null +++ b/tests/integration/templates/registry/registry.service @@ -0,0 +1,15 @@ + [Unit] + Description=registry-$NAME + Documentation=https://github.com/distribution/distribution + + [Service] + Type=simple + Restart=always + RestartSec=5s + LimitNOFILE=40000 + TimeoutStartSec=0 + + ExecStart=/bin/registry serve /etc/distribution/$NAME.yaml + + [Install] + WantedBy=multi-user.target diff --git a/tests/integration/tests/conftest.py b/tests/integration/tests/conftest.py index 04efacd98..7333c2167 100644 --- a/tests/integration/tests/conftest.py +++ b/tests/integration/tests/conftest.py @@ -9,9 +9,14 @@ import pytest from test_util import config, harness, util from test_util.etcd import EtcdCluster +from test_util.registry import Registry LOG = logging.getLogger(__name__) +# The following snaps will be downloaded once per test run and preloaded +# into the harness instances to reduce the number of downloads. +PRELOADED_SNAPS = ["snapd", "core20"] + def _harness_clean(h: harness.Harness): "Clean up created instances within the test harness." @@ -79,6 +84,35 @@ def h() -> harness.Harness: _harness_clean(h) +@pytest.fixture(scope="session") +def registry(h: harness.Harness) -> Optional[Registry]: + if config.USE_LOCAL_MIRROR: + yield Registry(h) + else: + # local image mirror disabled, avoid initializing the + # registry mirror instance. + yield None + + +@pytest.fixture(scope="session", autouse=True) +def snapd_preload() -> None: + if not config.PRELOAD_SNAPS: + LOG.info("Snap preloading disabled, skipping...") + return + + LOG.info(f"Downloading snaps for preloading: {PRELOADED_SNAPS}") + for snap in PRELOADED_SNAPS: + util.run( + [ + "snap", + "download", + snap, + f"--basename={snap}", + "--target-directory=/tmp", + ] + ) + + def pytest_configure(config): config.addinivalue_line( "markers", @@ -141,6 +175,7 @@ def network_type(request) -> Union[str, None]: @pytest.fixture(scope="function") def instances( h: harness.Harness, + registry: Registry, node_count: int, tmp_path: Path, disable_k8s_bootstrapping: bool, @@ -163,9 +198,31 @@ def instances( # Create instances and setup the k8s snap in each. instance = h.new_instance(network_type=network_type) instances.append(instance) + + if config.PRELOAD_SNAPS: + for preloaded_snap in PRELOADED_SNAPS: + ack_file = f"{preloaded_snap}.assert" + remote_path = (tmp_path / ack_file).as_posix() + instance.send_file( + source=f"/tmp/{ack_file}", + destination=remote_path, + ) + instance.exec(["snap", "ack", remote_path]) + + snap_file = f"{preloaded_snap}.snap" + remote_path = (tmp_path / snap_file).as_posix() + instance.send_file( + source=f"/tmp/{snap_file}", + destination=remote_path, + ) + instance.exec(["snap", "install", remote_path]) + if not no_setup: util.setup_k8s_snap(instance, tmp_path, snap) + if config.USE_LOCAL_MIRROR: + registry.apply_configuration(instance) + if not disable_k8s_bootstrapping and not no_setup: first_node, *_ = instances diff --git a/tests/integration/tests/test_util/config.py b/tests/integration/tests/test_util/config.py index 40e375c23..4ba31b337 100644 --- a/tests/integration/tests/test_util/config.py +++ b/tests/integration/tests/test_util/config.py @@ -1,6 +1,7 @@ # # Copyright 2024 Canonical, Ltd. # +import json import os from pathlib import Path @@ -21,6 +22,18 @@ # ETCD_VERSION is the version of etcd to use. ETCD_VERSION = os.getenv("ETCD_VERSION") or "v3.4.34" +# REGISTRY_DIR contains all templates required to setup an registry mirror. +REGISTRY_DIR = MANIFESTS_DIR / "registry" + +# REGISTRY_URL is the url from which the registry binary should be downloaded. +REGISTRY_URL = ( + os.getenv("REGISTRY_URL") + or "https://github.com/distribution/distribution/releases/download" +) + +# REGISTRY_VERSION is the version of registry to use. +REGISTRY_VERSION = os.getenv("REGISTRY_VERSION") or "v2.8.3" + # FLAVOR is the flavor of the snap to use. FLAVOR = os.getenv("TEST_FLAVOR") or "" @@ -129,3 +142,19 @@ STRICT_INTERFACE_CHANNELS = ( os.environ.get("TEST_STRICT_INTERFACE_CHANNELS", "").strip().split() ) + +# Cache and preload certain snaps such as snapd and core20 to avoid fetching them +# for every test instance. Note that k8s-snap is currently based on core20. +PRELOAD_SNAPS = (os.getenv("TEST_PRELOAD_SNAPS") or "1") == "1" + +# Setup a local image mirror to reduce the number of image pulls. The mirror +# will be configured to run in a session scoped harness instance (e.g. LXD container) +USE_LOCAL_MIRROR = (os.getenv("TEST_USE_LOCAL_MIRROR") or "1") == "1" + +DEFAULT_MIRROR_LIST = [ + {"name": "ghcr.io", "port": 5000, "remote": "https://ghcr.io"}, + {"name": "docker.io", "port": 5001, "remote": "https://registry-1.docker.io"}, +] + +# Local mirror configuration. +MIRROR_LIST = json.loads(os.getenv("TEST_MIRROR_LIST", "{}")) or DEFAULT_MIRROR_LIST diff --git a/tests/integration/tests/test_util/registry.py b/tests/integration/tests/test_util/registry.py new file mode 100644 index 000000000..6f2bd0e52 --- /dev/null +++ b/tests/integration/tests/test_util/registry.py @@ -0,0 +1,178 @@ +# +# Copyright 2024 Canonical, Ltd. +# +import logging +from string import Template +from typing import List, Optional + +from test_util import config +from test_util.harness import Harness, Instance +from test_util.util import get_default_ip + +LOG = logging.getLogger(__name__) + + +class Mirror: + def __init__( + self, + name: str, + port: int, + remote: str, + username: Optional[str] = None, + password: Optional[str] = None, + ): + """ + Initialize the Mirror object. + + Args: + name (str): The name of the mirror. + port (int): The port of the mirror. + remote (str): The remote URL of the upstream registry. + username (str, optional): Authentication username. + password (str, optional): Authentication password. + """ + self.name = name + self.port = port + self.remote = remote + self.username = username + self.password = password + + +class Registry: + + def __init__(self, h: Harness): + """ + Initialize the Registry object. + + Args: + h (Harness): The test harness object. + """ + self.registry_url = config.REGISTRY_URL + self.registry_version = config.REGISTRY_VERSION + self.instance: Instance = None + self.harness: Harness = h + self._mirrors: List[Mirror] = self.get_configured_mirrors() + self.instance = self.harness.new_instance() + + arch = self.instance.arch + self.instance.exec( + [ + "curl", + "-L", + f"{self.registry_url}/{self.registry_version}/registry_{self.registry_version[1:]}_linux_{arch}.tar.gz", + "-o", + f"/tmp/registry_{self.registry_version}_linux_{arch}.tar.gz", + ] + ) + + self.instance.exec( + [ + "tar", + "xzvf", + f"/tmp/registry_{self.registry_version}_linux_{arch}.tar.gz", + "-C", + "/bin/", + "registry", + ], + ) + + self._ip = get_default_ip(self.instance) + + self.add_mirrors() + + def get_configured_mirrors(self) -> List[Mirror]: + mirrors: List[Mirror] = [] + for mirror_dict in config.MIRROR_LIST: + for field in ["name", "port", "remote"]: + if field not in mirror_dict: + raise Exception( + f"Invalid 'TEST_MIRROR_LIST' configuration. Missing field: {field}" + ) + + mirror = Mirror( + mirror_dict["name"], + mirror_dict["port"], + mirror_dict["remote"], + mirror_dict.get("username"), + mirror_dict.get("password"), + ) + mirrors.append(mirror) + return mirrors + + def add_mirrors(self): + for mirror in self._mirrors: + self.add_mirror(mirror) + + def add_mirror(self, mirror: Mirror): + substitutes = { + "NAME": mirror.name, + "PORT": mirror.port, + "REMOTE": mirror.remote, + "USERNAME": mirror.username or "", + "PASSWORD": mirror.password or "", + } + + self.instance.exec(["mkdir", "-p", "/etc/distribution"]) + self.instance.exec(["mkdir", "-p", f"/var/lib/registry/{mirror.name}"]) + + with open( + config.REGISTRY_DIR / "registry-config.yaml", "r" + ) as registry_template: + src = Template(registry_template.read()) + self.instance.exec( + ["dd", f"of=/etc/distribution/{mirror.name}.yaml"], + sensitive_kwargs=True, + input=str.encode(src.substitute(substitutes)), + ) + + with open(config.REGISTRY_DIR / "registry.service", "r") as registry_template: + src = Template(registry_template.read()) + self.instance.exec( + ["dd", f"of=/etc/systemd/system/registry-{mirror.name}.service"], + sensitive_kwargs=True, + input=str.encode(src.substitute(substitutes)), + ) + + self.instance.exec(["systemctl", "daemon-reload"]) + self.instance.exec(["systemctl", "enable", f"registry-{mirror.name}.service"]) + self.instance.exec(["systemctl", "start", f"registry-{mirror.name}.service"]) + + @property + def mirrors(self) -> List[Mirror]: + """ + Get the list of mirrors in the registry. + + Returns: + List[Mirror]: The list of mirrors. + """ + return self._mirrors + + @property + def ip(self) -> str: + """ + Get the IP address of the registry. + + Returns: + str: The IP address of the registry. + """ + return self._ip + + # Configure the specified instance to use this registry mirror. + def apply_configuration(self, instance): + for mirror in self.mirrors: + substitutes = { + "IP": self.ip, + "PORT": mirror.port, + } + + instance.exec(["mkdir", "-p", f"/etc/containerd/hosts.d/{mirror.name}"]) + + with open(config.REGISTRY_DIR / "hosts.toml", "r") as registry_template: + src = Template(registry_template.read()) + instance.exec( + [ + "dd", + f"of=/etc/containerd/hosts.d/{mirror.name}/hosts.toml", + ], + input=str.encode(src.substitute(substitutes)), + ) diff --git a/tests/integration/tests/test_util/util.py b/tests/integration/tests/test_util/util.py index 5ae53f2e2..1c3106178 100644 --- a/tests/integration/tests/test_util/util.py +++ b/tests/integration/tests/test_util/util.py @@ -33,7 +33,13 @@ def run(command: list, **kwargs) -> subprocess.CompletedProcess: """Log and run command.""" kwargs.setdefault("check", True) - LOG.debug("Execute command %s (kwargs=%s)", shlex.join(command), kwargs) + sensitive_command = kwargs.pop("sensitive_command", False) + sensitive_kwargs = kwargs.pop("sensitive_kwargs", sensitive_command) + + logged_command = shlex.join(command) if not sensitive_command else "" + logged_kwargs = kwargs if not sensitive_kwargs else "" + + LOG.debug("Execute command %s (kwargs=%s)", logged_command, logged_kwargs) return subprocess.run(command, **kwargs) From 00ea9026d085a380bb83cc333bc45fa4088ba2ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berkay=20Tekin=20=C3=96z?= Date: Tue, 19 Nov 2024 21:02:27 +0300 Subject: [PATCH 108/122] Update Cilium to 1.16.3 (#803) --------- Co-authored-by: Benjamin Schimke --- build-scripts/hack/generate-sbom.py | 2 +- build-scripts/hack/update-gateway-api-chart.sh | 3 +-- k8s/manifests/charts/cilium-1.15.2.tgz | Bin 178800 -> 0 bytes k8s/manifests/charts/cilium-1.16.3.tgz | Bin 0 -> 204585 bytes k8s/manifests/charts/gateway-api-1.0.0.tgz | Bin 95079 -> 0 bytes k8s/manifests/charts/gateway-api-1.1.0.tgz | Bin 0 -> 108417 bytes src/k8s/pkg/client/helm/client.go | 2 +- src/k8s/pkg/k8sd/features/cilium/chart.go | 8 ++++---- src/k8s/pkg/k8sd/features/cilium/cleanup.go | 2 +- src/k8s/pkg/k8sd/features/cilium/network.go | 3 +++ 10 files changed, 11 insertions(+), 9 deletions(-) delete mode 100644 k8s/manifests/charts/cilium-1.15.2.tgz create mode 100644 k8s/manifests/charts/cilium-1.16.3.tgz delete mode 100644 k8s/manifests/charts/gateway-api-1.0.0.tgz create mode 100644 k8s/manifests/charts/gateway-api-1.1.0.tgz diff --git a/build-scripts/hack/generate-sbom.py b/build-scripts/hack/generate-sbom.py index c9cd22a27..f39270361 100755 --- a/build-scripts/hack/generate-sbom.py +++ b/build-scripts/hack/generate-sbom.py @@ -139,7 +139,7 @@ def k8s_snap_c_dqlite_components(manifest, extra_files): def rock_cilium(manifest, extra_files): LOG.info("Generating SBOM info for Cilium rocks") - cilium_version = "1.15.2" + cilium_version = "1.16.3" with util.git_repo(CILIUM_ROCK_REPO, CILIUM_ROCK_TAG) as d: rock_repo_commit = util.parse_output(["git", "rev-parse", "HEAD"], cwd=d) diff --git a/build-scripts/hack/update-gateway-api-chart.sh b/build-scripts/hack/update-gateway-api-chart.sh index eb2b9a91b..40039c7ab 100755 --- a/build-scripts/hack/update-gateway-api-chart.sh +++ b/build-scripts/hack/update-gateway-api-chart.sh @@ -1,6 +1,6 @@ #!/bin/bash -VERSION="v1.0.0" +VERSION="v1.1.0" DIR=`realpath $(dirname "${0}")` CHARTS_PATH="$DIR/../../k8s/components/charts" @@ -16,7 +16,6 @@ rm -rf gateway-api/templates/* rm -rf gateway-api/charts cp gateway-api-src/config/crd/standard/* gateway-api/templates/ cp gateway-api-src/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml gateway-api/templates/ -cp gateway-api-src/config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml gateway-api/templates/ sed -i 's/^\(version: \).*$/\1'"${VERSION:1}"'/' gateway-api/Chart.yaml sed -i 's/^\(appVersion: \).*$/\1'"${VERSION:1}"'/' gateway-api/Chart.yaml sed -i 's/^\(description: \).*$/\1'"A Helm Chart containing Gateway API CRDs"'/' gateway-api/Chart.yaml diff --git a/k8s/manifests/charts/cilium-1.15.2.tgz b/k8s/manifests/charts/cilium-1.15.2.tgz deleted file mode 100644 index 6bf08bd03a9eef36222216546450eadad78ec7a2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 178800 zcmV)DK*7HsiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMcOyA+DCp1p6|9}U@#aQ?(f6@4hDnT{|*oLhDZM}+&?(lA07@42Ydf881C*L4gY}+egjapsR`#;`^lCx;ifO~snCCJ3wwQ`M6@~y;CeL&cEg09#ECl0IX(1ytqZm&T^~g-lXEPbG zDc2%qDrF!3?fhDIn97+^0C6T0BXY(KyW}g8v!mX>r&WTVC51L3f0VJ2;V)qojysItQ3M%aRoURIy+)nTtoBBzldo7f(jyDNnvv`F)~zyaho8b$O&NThP&s z!op!f(gFA?`PTY4n&}F`f_=wkDrXKmf4Ue;RoX50F!OlZE&7v^DZn5)t`X=`MLf9? zvCKte+`1F!XHI=$yXDkv>kS8RVMOMJ+-|Qm_QCUqhZgW*4k4KORCq#)7@<8%vyds{ zxND4ZBxi*dEaF;dmdJZL3n~^}9QXYC)}H2X$ER0o^s~)gx*=7({k=%wp1Tb#?zzZv zp+#ym%?4mDdCKQ_yJ6!V8yian!)2-&M>skYk(|j0-ULep+aOm7d*HcLg+}VQR+S@+ zUAX;bG(zKP%(%TwO`(|6gzZP))y)0{AnhP))Evk5*qfK$9Er`ge{Mp!&ydzN zqn*X1r3*|}Dg-Z6yK6*L??$hcv2qu=P z7|Eb=*cEny^v0I6Bq~}Wt?lyQabO~ysXP)(k>cZnBX$tpcw*UwTxe~Za^MbxS%@4) zqPNL@lJ*6QBBAxHNRky(nZUiz6H9J@+(h!*L`L=NfG6344>uCt_SkkCd$Rg*wpjyc z3{W?&#ynR=2LG~);TOW~!RCc%zH&A!#+D1wa?8H`VpJDmZh?N}Mm+M>_RpDsZgcGR zy5|f>WHjV<&sk$1$DC?+4RFG!4t4{F%xY=Vg?+kus!kd_yz1JjLXV_w`4}cZtfYQ$>XP7AZ0Yr z>f2-cZsiX$vR6x%$#kwgi$4{(EOx>o#_OMkTqtdvB=WRkGPMFl1hPSca6^S#B#A+?4zkbR{eiWQEz%o2WrMzHt+6qz3KF zhOP7hF=({y4r9;(z|!7YBL-gNASX9cg|K}MRqPtPjwF`!ucwC{XDebvtN6dt2_b z5+}FQa=~M!(qvT?>hO4ln+^7w1l~F#ugo%~k}Zj02W4(l%b(-8&6GH|#}7F7#_la*@hynP zClJM4HlBc@CY&$3MfPI-$c5)^TWV}LahsX>U^~$2Jii%Ar0`l#q=pN@@;t$ zS@6um-%JmWMoA8o>}LQ1)g%p18n>;jESR9;*Q~;qEL4e0(fsyb?w+QpDpHg-U%?|L zyFBRlN%_3Ye%a^n@=<6^nPhe^1*jp2_dZDYkf)`9Fuf z;X!Y=Rl!iapM2<|5$M`0FFNd&l!Zv@PgA>uq|k3Il%>GJm`soQeNUr)OGXx={}89W zpL8q|`H=TgVfyn0HKzah-wzg{{<(^*tcb?GzFhLT(EUWsRadJ-_4LEMbuU(rDv$N3 z)n)G|A6i{NyVVViVBG-!R@YCU)vaOQWp}wMrisuCrHpNSUrdFk(VKt$y`|G(Z_pjQ zX@&cuMKYyD!p(6m!6F%{Wp!$;hZ@cQyUnTp$Nfj-gvUq!Mh*ba+W+?sj}G>Rb^HI( z-r?Wv|Nj;L?XV9r5o|6}%flm20ScHT>EHWP-@oGbVkQ&uFYNpiyZ&^?F3!hyz19x9 zTS(397yCeYBXa!n1u=Bb!S zb&(6wP%fM$?}}&kCU5Py_ZQy4R2dd6csds>%B7K3_&^*2NLE0RXSI5*gai9# z;pE~^h0N)}NX4U@Ckf=O9rgi?uzZ;%!rn>}mUL@@Y~C2BrL)scXo;}M(jL<`s0v82L2x>Kbs?Go`I5)FvffzZShyiB3o zEW$yTLTmd(00>VND>EjrPryDJEdZV_rd_?#Ml8KY#9Psu_t^b|HYyh#20F?Pi@D($ zHwy+2uH|Lk;mbEm)FYD`pn)OVqGDIOhKyKBV@JA0@|C{k&P7P%e(yCN-! zTXW(rwJ^Zga0bf7t`-@`{jUw^^$`EIM;Ip1eg{AS@Tuj^BOn-prnQ5q&_8MV^cR4j ze>=GJXXf}kTtG2me`&SyDUa$K0u*6(+0=~PkoL9v9**597(wi20MkHKifl2`p^ccy z3t^93W#a%lz_KE-l0=jXgX?a8u+$&{UgX$Nx8Q#!MUvcN>yZUW>|Gl^c5UA-0&CNF zZ;`m~0)B$<3(a@>#yy<^n3OO>0_JrS70F!=?OQB5o@Qu7@vc}DUH3Zq_xx9VdEKo zU8*7l$&j`*Tut^%fYs?_444Uf!9+sDI=K3ZT*R%NVC2q*VewA1PoBXsa%D^+%7LdV z7K?{YR2fh<{(8fh74k>e#_#B*U7&5SxSBbP!mRhXV7*%^@Ih8uBdvGKe3txU~3 zcDE2r+jm!{BK8n+R0fr(*fXxJgdXEj4)?|ZkoNxAJ`8pu!`|*;j|~U@XJQQPhogUP zG4`iSH()U>a&5N9z;-EVEOMvfvX_@$sN5hx4Vps6*+R}2_M+lOtWP08Hk`xm<~acH zQL9CoZ$BR^Dv|SqH~X_sX|k$5SWZiSCG-L|#j-F3PZ%%E!iv@8@&UNtPR2JE7H2%t zgm#sHpHum#La_1q+SpfxHXvMK3-a6IN#d?&5d$ddfaW7IB# zfLijE9dW?qtU6J8y6qch=Og108_*F3MU`;p{WOZ;7=pzKMv2riQz@vhYgf~m`|?IJ zG&}#P;E9|`5kvo8s|pnM9&$kBOcq|opxOx~AP~$8qu^c$8imf9?9cz%LXD72@q{%% z4W5qJQo@L3rgEOI=up2TUv;BI_NCT^(EZ`w$)SZIEpuZ9NhGKp#OZ-9$1GMtr*Dk2 z*w_`lJw}rZJ4=SpbzDZg_Alazt|P zdU+jo>`oBn)a{FJZ@jz^4((6&PJ5JEz-_q#_YpZyRW9P5r+TVg5`>zr~IOrP7~3EhIPQ@4p@g=$ZfzD@)gL^ zwYwC0ahgeFDxRlI*`do_k5>$c3{wdt61ka+QudIuaEP8CqGuA_vqSWj!Yow$`zTlG z|EH$aIS{nh&!Fq1-mV3qUpt|1fb

!8LgX`9;`so8|q5h^}#}pfAQ}ex7s7#U2+TrDtHt!O~DLJM}&(I%eesK2>xTl+Iqov4-QAunV9a)hJ(HR-Q(T;{e3Quqy3ZPIN~S! zgZ=$@wmUtEPNHLR#G}KbV=Fm^JeGZm3|v7L|j<8ag2{C{(SKyqM~#&>N2A;m8kjZTd^9kQd4B< zXk|9L37{oI6W1+SxJL9NV@qzL#U(h(mOnDfI(K=N)iw|q@0^vaVUqT_4Tq>Ar1Xd- zGA*7$XhtPoEn)%Up45K&mft{=9q`n4TN!P|G%+jH_tkM?6=^H(Mj|u1UxMn22MJn@ zK0xX6H13we_geufqgJxBi6oFw9?`~CSa`#ez;b++~V!9cL**9@0{Rlg{Ul-3Vfuaglipo9aa~`wL7!T z&?4jo@bl|iXAc9Bpnfk{p8aNPN|Rx^TY8rE<5YJu6?f@de+T~P;?JP3iBs**vP0{% zj5zXFiDo>GQD+uhkHH-)o=ncqeDe|e;m37wymmkFd|se~4fa3H=Ues^>4VHw3P#BX zo=eM!Iw%+E!*f9F$((SrVDR?1PT$b4S19b*{yupaNPUL z)bxYzZlDp{^yO}qi4i-8m=2Y%=xZ)`Yz0RDES7`iD&upG_Bf02o$@5#G~EZ46iZK= z@9?kZ=z|@uLgIWE{1kL`Yd({67g4ZM1?W}58)Ov*uT?`VGM@9L0LdAglv+FFRxP|3 z?c_Iv@8836tIgybc!V9smMd!4_58pC&rA>h7E&%?*{+gb5tq$ z5bs4r`yW^Ym32WsUFA8{^e2eUd0V=b7HKSUkXjR78WFJlyH+#1<1CV(2^CLfow>o= zAp<4`no`RE$a6FBFk0{!HsOGe((^s(;R?pAuuG_8((E6-I_fnqM`geC(G9=r>Dn!C zrhd!+>Umonc|>O?%8C)&9}EUdcbLQyxSsuw5`J;`RXPmU+aC;fuO!X2T;hLp6Rqk> zL3%FHY}vnWDwwu(ZS@>q{#grf8qEtl3Yqe*dpq{WQ*B#}*uZtTsWoIG5f5Mt$a480 z6EOz|asNl%{&IV9X;}lZsFXAL8t%HUq~xkji!m*r^QX+m;4(DcjMy7Jctd)Hn<535 zDnL(X(HFzCOe4V_1zYfkQa@qvbtOc>U%}}nK7%1G;;FNTNzjOJ7Rwp<+8Ab5nP6PA zM5S|zYh59H7nrp}Z63Hxz#^fLc4+>=p$uHiZvag@frw}56(9vo5ap8K=S?*8q(UJH zzQH+h3?EDjE=^&WR?)pMR;XD@t(|j~%iCuIR39WtK zZ^xIH)vic-dd8P3MxXdx6$ZFIcuqS^n5ft5c`(-(cVAA=ug2HUz(Ofdvz$NDWSZgJ zoPPf-MyVA{EKjA`a>+B_cRV@!a{1}(+iGW-GMORPJ$q|v8H0IksUGZn6zwxmk5Rks zEEmFqz5V0um#a_bpD!;w;O_-Xg@tWM_xH%Ag<(rMUl`Evgm_w1lI9OA=gr8p19 zZHqT{h?|SsPoHnjF5dL~_i>7ykI_EyMl+sR4q(OJPd>njn_S#neY&pf!3y5hB{@?? z5~JS~;|T=Q8u=hR9=?bF<>qpHHNN|DJ-PXGRsrm=^|0S7v#{uVu=rTiEQ%yLX?Ab# z^2AQ16L4yIks9gcpdA+Fva9TrABMf%-QIwyylfrQhlAcApwO&5tepV=s$SE#?>Y?2 zAKp(scxb0!>xiX}asjMKzG55=k1i$&EvFTAea54EZZDj`T>j1z>-_ZW%ct)yZf?fs z7qx-tT-QvSmsUn$Z%@xI^*ek2@O&x_XtifD5&HEQeE9VJ^~KHl*aBr3dn3$qz9i={ zxI8ucI6i;@&bF$O=uXh#nRJ$(f6KY)5Tv)*s_eEr-70ZngNmo~~4s%DS7;>9@D+{U1M_U5~-(dtQ1G?XYWQyz3p9WSLAO za%oEhN+`C!H|~Q69x%3WTnMg}OmJ9xU7Y?5UP$Fw?Cn=>f9sK%^y@o#=L83G*KDV) z5clvowAb83#Soxi&$rNQD$Ju0DOjFG-r8|N6*KyU{?-e~xZpzZE_Z!$8ZG8aRErlz zq4w!o#o`9Q*DMOC91!5m0f9b62HugT3d3V=c+aUf#J9)V4&Xrp zUDj5tPQYKdSQ{3~E)u%EHSP?%T5d0GwPLjHlUy!&zBi+e@4LW}&A@_V>MBU_K#;)$H{DUT9W z#A`bPzn$4{?4r7EFC3*QPvb`!n*}9u0DeeiMlR*gg58}>;41!nJ_*tafm?=UYg_mN zf!PvNJn*L=NO}A57=991PQo+mqC6D zSq~;N{I-OwTPg?tH>Pd3R_W~30}GIA3sL>4@$pKzh>NH+m1vX8$g)1ET-w(&jaxf@ z6S+Pjjd-RD@0T3$JYO~C;pw#&wRzMjWXCMAE@xs&lsCRVZ$BIX8tgs?hB8X3_}L$JLEkTbRXQ-NpF*$4P5C&+0fr5H%$!ld!VHNBj#D%c+Pp zt?yYF9|66vb*nDQp$q+*pViu=-3&%`FGH8u3KD^()u~!$%=uPVqI$;@m!_=@PaaP~ zx2VbpHITqpS+ZI#4_ar)@l{VJ26G4w*SHqO-(U|i2RB$t7T^(cpCFESp$Ex*P)R-0 z2s^tu*FC#9q@9{1Jgr|Vcui7lH{AA_ZMA_fLK{{t3|PD|`H4gjWi}K%bKwS{LuZf6 zgDAcDa|K#?U4t0v;VHQW^(e=1n}xpgDvnCE#knKwoMHj{1i*|UoI^oKgJ3+D4{*|X zOv;wP0m{Dc6kF12WlK|>OC6~Pk*_^&5T6V{nGsuxz7zNhchTZR6k(hVsw}L9DC2irFtArw&@3;BHuR&B~N_TpiCS&?=T1 zrV?P+VbZ+OOgv@ilMC_$wg%e}p+=CV*=(jm2%+Xx#6+LNSXTneZk$3Zd zW-fjtyALf*YL2$vAz&?h16K}HS z?%5TAn>Lv`x*r}K>>d7lx4gWUs5q$SVJS1Di0=vMwLZtU%{nO^8w zqh^fH=ea0bayg%i z`dHvBtSv6Ibuj={<`mHe_hc=mlrZ>U!H!s)CrLRz+Vfm~KbMW!nUIWfPVnQ2yAbHC zyL`|7``YzBRVsPs_zcplk0)%&^`8on^H>Cu0H$qN+fV=z_mk^XIqNt?NJC72N_mx? zfdqtNy#Q@LFw9;cw~Vp{28@R`Ji2FZ?W6mSDF-E4Vd$C41rxTDWww$PxONk_^cL`Z z$K=fOWTfEtIk2TcEkeSLCG>()u*)UH-unmgHL)94#O%Av(`zQh@tqM)ywi;YrUj>Swm=Bv(^WQ_>^?%u@-nWnHs%h4OciCoXrz`)X?zj@HDgm@_vPfKwew$%U$NtqPnjIC7hCKshanzoqVTs~&^oa8>R6B*EPKe+ttXV+s? z6;&{TtRDbqDlBN{f*50M0%z%joEIH>kiq+qJ7W@>+Kggz#flVF?v7*ht^xIzu)M#b z1;<2lkW)UhORwO;vee6xVlGqNV-uydtfy&UUEpxszxku?MyYgv&Jv!cB5{90^p%Xd z4}zRXA!9>s(6i2Aaiyxy=_#P$tcIW)k!h(00lMO1Agb<3^&Z2J_6(qlnA*57bV&)m zoUeuRnzhimi5AGURuI4t6x%aIsfVfv@T{O0r$|8uAR^9sub$%*6y%e zSgt(<2Y(PeU8HoKWN-?;{u9XxU#9&2Yp~XsrAD(b`=ra{akBofR;v&_sY;81`~R`U-s5hK=r;CVkU(t5CZDtn2V`x)Hc%Zxqd zXnCY}bB*$(k_jD@i1B=>C)i6wK2!M;^Cp%2KB)mI@k*hMT3T{$zRJLD+wvjwT&xdP z-(|pv0(h0qC{U)dF}ECr-jt2tr!pnzDl-6mD$|n06si(J<^lG|>hc)hiSo%ZJU77x zFR4E(5_-1SBgY#J-v#?qzTqWOg#o3YJ?3G~lpxNDmf1(nxLXNxU?i*Z7`U5Kus3!? z`P@=(%FZZ!;8g4->9N%jsLBHN2M1jZsiZuN zo=mgCcZte!=oMBQyIQ<{-AQ>D<@fG`vynZXw%S>nezMGs~>M?euGdzi>B{h5}mEW~A(9 zv%{Rr{Hh*@*L;cG`qclJ^~Z(pIF%nfzoDQ4A<{mTBcmu`7bnDOaY8JJ6B-VDn2=A; zRMKRj9@z{)f!<)w^QpZZB9$bhStdS8MNyG^{CvW#ohBu;Q&iRyPz`kZYsE` zE}qdh4HJ7qsZy%1BIQm2sk@{-_;gqSw#ZnK;>%f7xka^=yMTSBxG0y3{z<|}0CI%CZQf+$C?V6TT@~(r@nkvr85pNY zooh;c_1ZQ+SlVr#$5zt6L%6|G+;M67?<8RhrS55}z|)`(g<=-$sv@VulVr`E!fXv> z-R>HLa%0q_w9>>v|y%kT9$c!t6h>Claig%Rac?YW-_%#A7fSG_m0_1Ra zN$)#S(80@Q)BMpgc(%-<(7X=eN;RXu#Y)*J*o&iKwZN@8 z+MywpZe{fX(+k+1AokR$ASf+Yb+zpOhrh%48#knV&tAJ&R`O}2TdAmavJYiUC#_1E zBpvPe6kA-;Hq-066g<_CWsw`kA)ZSZ22~N^)#TvRfFZg<8<)AqNjqU#FQQXxC$R0r z?5*t!9kRl(SWtHOhkaM|>m8jlQEQVIsV0_$E@n~`+3nyRIXYe^kLG|%9-dej%V{7$ z+E5GrU_o+Fg-}sWRTx3^C~u?!O{^}RkA;lzNbCkQ3hB8v8YOtN+-ohKGLcL0`|=F^Zr&l>UzVJ9{mBMTv_!hwkTYzBMz%0t$c{MaKz= zPU=@Mxd;JKO$DS0*>Shnn6&>N;PZ|B8ms_h{w#x@&;W)m+T|vtEIIzrlyxjxJJk5f zZ)opjxxUa|izHo<&Lz+9VWDxKxk7dpEc9?r_E$W=uOvbufPosJQoqsr5X#hX9~i0A)fz>U)gPxO^XG2XgV!{1jo8(_eswr`iCET*aZ^$5}Qs3{MLVI{cTkYdl(|O1LQ=5+=CfB;NKSjSY~GM4%n2ui@a6m9WK$|km#WKo8f-{b z_B^EZthTi&K%%GTVPKSc7|auF=|Gj{b*8C`p^yTdScuUR?3=s0iNCR3LaD|9U6*Tu zgSl9@9x)j2cDn(q!?BmgO9Em*+RBaa*;}8$AP_c&z1{tPe&^$%Dxh9B`grpE)M{-v z0GB?(DmP(t7YMmQHkumn*JL?u$i3-vZdMK@=t(UiL6imVWeSW4ccNP})Ywpj?CE4& z=d44efUCKFIvGQu?$U4Kx8ShRUZDA*ueyJvM8xeKVdUQy$&3s8Yd7tEBK| zId2$$GG8cD9r`u5cI>lMU=1zETnCaxObKr&RIP5wWS2)Q7ijtggQ0>bd{o(GB2QL5 zb}Iyn!@7S|5Xx|wz{Ny3m8L#No>AaDxiN~NEDO~~-^MRNSiJ7%zR0jL($Y$NK;$r>A3Hi;&c8^wuZuJlpulv=`PEu5gZn}Oh&TYu!~WvJ zior6FV5}UOTy6j%`^bzvIsrvs`;6AFP3O^qCG$%6j7t3}xDm@zCQzxY6krgEd$B@i zxC;3uy%oSK6%8lq5a>WD>_jE1dn{<^L4*DDqy2v%CXw0`lWIVCg z9NvFDP$&*SKB1MtakBL;BR0^1wBP8{5!{<_(t30pHoA3y8T{8hgMZ}(k9fC&lWY&p zt0(SH@3T{X{k`yO%`VLIE=<&~zN_2LGNAmnEBs5YtY2%=;l<}ffBUWbi!8Mby?uhq}BR4rJBJv~E4~p}^X3 zQ-GcF7XC%7?TCESJ2YY^us`SyIJny$w9j60VJmT+bjk&fAOY@w{pUL+z8B_G@g`20Rw>GTh1RfHM@ASEWvo9Yq+_2UXMw? zZ{KJNgGK-sWJ|Cg&;7SL7{tF^X*{x)B+>5aWbBN*uyGvU1fk3d^VqtVJQa`0%KKYh zT#qqNk-UQd<+5It^Rk4sZT3PfQf>^776b=hZ7Ylnbi4L+H~J7VHjgUKoQ|t6D_Iyj z1wV>WFp$T7x}s-@;zoEn2L>J*l_5-q&%I@*HWM=7Rgn90TdH0)Rs@3z;`XR*H%KRJ zfM)z|%9o-&YX85G3;;bvMEtMq|HN6Y5qCyGIOEeRmMaRBajH~T2C^(kZ6G}j*#>{I z5{dU*pi0HCFI_a`qYerZ(er{NI*lReo;N;$3Is>xRMAq-D24*)`;AD5y0=0!1xWHo z-RDdGvr4<-9!uaj+`5lqx=`xgUi^G{qe%WB8hk*D7H~?%G!=%8&vmHNiDd-NnfMd7 zA!E5BPmnT6uqz>%ibuDpci4DoZzrBY9$YcPN6f2HfngRrTA=ev8VT@w<|!OjD$45Z zp@gH`i)HYFbL-G77FnWJA_j?Kr3&&%qQDfF%*jo}t~hK|zrFo-#v-N8e!L-+f_zvs zdkcXlK5VFxND~JepKGLcS!<_4e>i1t?|=XB?(g*fE$DBL|Fa8l`u#23@MA}aZC0e- z32DCl`Z%iBuxmM0rhUumuUPrX-y6gOG$%TAX|(QKe1glP27ZO^YZ<-}WTgnTm%Rp1 zj;Wa6ujOU@2xjN1Q`TIj;uXnEpJO_Etwoh#4f)Hvvk9xX4N@g61aUeU_q_fIZuW&J zo74S`ZQUqnxH>sLI%%vW4ouuk=HihjNv~!9{6K#-=9MG23YQNLy1PgVNA{}wX#=I8 zsFua6MtJx8cAKM`s}yzIm+xEnugmvq%%*R#QHSdyN2zHtrIhGtH&@EARF}ke=K>+I zu{Kh9W|@2!8D%H&<^e1f);xhoY>>;Qe-nLZA1$GFkI zmk6Pa_Fyb`Ip__0C-_UffaUQC9~|!=9Ubf)9v|-S@5h`^V{x*7v_IWH-rFCXoa{~G z;YoBf75wm!?;nc&gX!+c(f;&!cd$R4wVigVQo<56NzYf-M2nkBEw=>PwK5DpQp+q6 zmi_!mO{oeL65BHN$Wa=TQ1?^Y`-4oSUfAtAJRbN$Qq5(*sD`U66q{j^-)aT07cBY2 z>DM4p9&u(ji4|SXe1X}}whzSlNlm?xpY~!nZeux1$fyS?sqtz_8;V)J&d|GcIZGBI zgKyZnB;m;5YxFU;UZwA)Zmv>arEgfP&jF~EM@0~p(5?| z@~%Oj@$xpP*3ZKMx2c?mE#I{oiUiZ3?~Bel`KLk@0*44nvIlOY4rJL7?`#<2-|UaK@@H=az`g79!dbjh z!)8!RF}S56C3Lh9J?A?Hv)CV;IOS+HLx{bWT`jv|hwXLPQHKo=I&5#)VTXGiHrzex zu-$`$4m%hQJ8U@E-Rn^M-NF7*2S9h&@$kfcJ={Cq>#)7uqr;;P=JosbpPQ!Bv6JYSDC<~+I~L83MeaY_0c?NW z{AJxpB%Ul^2YF+w+fJtJQzp_YhrG&{+=Q0k;A@kWC=6z|oMicu(GU#Fv6FkRX3hqc zA)kD5c<{2XTlvm9w4Ea>St8+&dbQ5r(-q!4WtpVXVdl2dq89u<$(7~tM4>H}AY*pV z!>EhL;Nk3=LvSw5!G-3QT`R9@pq(iJ_zc~RzfBW0?Jv1Z`vQ+iQ>$*2$9=kUtr!%k zTqteF`9fr&kGi+w%fwX|ThrM#_%ret7NtfzTqEjH^JQ#a;Vs}ac`_2PpVSmka*zV0 zTq7vgp43_%PDOXBqnu}ztIyl0QSUh%=t}P!0aJzaW^f+Lya~@CllyK#ee*5_Pp;QJ zx8J^eSqj6ylw8=COvPU;-}WV_r;e<8J{N{2n__%~`!5$+!cn3evH$hwVTGjb9>{;$ zq>ySi!PLUb=wr@jJmoCrdNEZzk13v^gs{Wr)W+Vj67*4FbDy3SE?!uB%NxVf-sG7W z94!Lex3_XPTJYTHzR88aV?;ktqa7_{5%C-{+?B(l%;WzYJ$GOdq&)%r;(O6&?@i|j zL_NNvqU^)=hVAcdD5-p6v9ief%BW-p#+#PXilknetpr417qZ;e5-!opWSgud!Olg@ zBX~!&WgozrC{uhjAVU;NW%gNd*(`x$g9v@-J8JSWvOn21t6b3QV}8E5Wbibyw;wO= z-UX$y%d54*H@K&fQT6Z=0sLh>e|Y(&iVyx*bQyoKpe-bh=e$QAx6I|2FrRo$~M7 z6_h&-(v4~I2}9ZK#FSw(47)O?~wyh!g;^_Wr_Y$jv9?ucU7=Bwqc?`8HG+n+&& z%kjBO*^>#8-);;moP>7Bi74X~g9sO|amDZv@}-ApB~BG4A+{K3y}xHEad&weaR2BG zuLvTvJ04&lm~rFKuxQFW9+a3;#@&sGb}-fkUWh;y)T^xan_z4l5ye#;&hCR?z##Po zNjv2HXcUP8b{JZ*3eDKq(8eKfQPT| z^m@1j<{yQwkgO!60=Qq5xp7gYZWQiHOkfK3OgUd9D=d3eM3pAKqK zWD1h@`kK)@fxzbCY^-GFOVVOY5^4$qAscHaV24_Oh`%uF5sN-|ALNE(FLtzsI(+R0^>aPK|A=uR&3hOD zjDW=9;(esvwH^Dw6B$dhDuYmD>ho_q3VcV6f});-lY`3EAm;*a<@5vOBJhBCn~OQm zKdGti?>OI(E{;IJ z-LE6o9l66Eg%UnmMa zEZw5k9iyIijamf2-O`hX6ol>UdP#VPg>Ad&G({il9#s3s`^SU9!QRQ`S2ewT)Yc)t{OR^y zJX&g(w|Qm0?vHBzsQ%BG-`aJtNA`27xsiGXnQTYwTwN>U_>XXRs93m+SnFPC)b6ix zK|^Q|=a8yc^mo9`jaCE(us_t7s5*+$BL>+H>X`pBr@Fs-PMh578XfD{nvY!N%mr06 zeCA=|E8%UpNFVBuUgy6?<81B4hVAkBXfS@hj70POL>1wip*`!`xeh3B?Iaiz6`xC; z7oZt@U&M1r^@{-qu2;Q5MeZd@v;mH9we^-MIZ2CjKlT81zb-wlSpu(Q8q{O$XCjY8 zYN+%YJkJmY;tE6xv_Ctq<(iBRYzHW-mi*~+8kAI}ge=bI%L-~=t8GT$DE8F}Ofo&K zeyJc`DI&WOY03k=b=e4&n==srhoIpSFVyU1n1vgzkfqQSWgYQ=TOF!RdJbjy}VJ~b*0tO3{^7G0 zxx+2^xq>tP9`OvlMx_WikT_Ra$nTt9UT&JB3mRGTT&<2 zDL!L7Ps!O8>ny;lBGdAH3?unz&mt5Hv!3yVkgphQTzkZS|7)K!xC}9a2+q)DoK@Mkmn5+AZKhXP8`%^$7sNtLc>yK#20l)N})l+JRTndP^Ne zT}#odD<@9F?vjSBK_CJMZ>1Qa#tgN(;GRV&Q{wE~&P^Don#VpgncrVkTWgbQwvM3GyX$PNHu`Z{B0= zy@77iRS`>`_}Wx|3C4cUqkA=*m6i{HYw}gYHPnoVOrgB2WjbbDCYI}7A0I$AB5=i@ zNUi_~5PcL@I+{X|4>2*CVl1fcHC9g6RJ#|e;D7=i-_Ez0$X(sMcZAe%Fd&pHEQ}z! z6zLUzs-pG1<76_CcL@ezXFC#FE<|evF*h6yzV;%^DGTO<$eno@%4=c%4Oe{3KCc*R z|5k+s>RhcqNNfbz@*&5)n?rl(=~_sGknO_VJ+S2d$Sha(yW+z1;pk+7q)eX%BCQdiduhFk3%o>1Y^Cu zAmT|pWmu0=v6)Qc09<|N1e-bBL_v^4omF{l&`gb1`Fey&d1L>=5SH2yjiD^?b*?hq z;K~TUH!Fmm@z*GILC~E9J)dHt0Ti9}*hAa7pO+QWQSBT`V$@#v+Ym=>9S`6eL0AuetYV<4G=fyaJJf%I5?QM|tUR zl(+|Kr3&^_5fB&B<&=owt?V=F)bz0))Pv;Ue9{T0_<0;Kma$3&H2VtPtwlD^c`VSE z`*9sunWoNiH{|Q_m3|?XjMl2#E#%kcUFcLgNj)BdO0(Hn1zxD1A&+~xs2wu2B;}(X z$hSHAtV$E=4T52?BFlq}1>>Ywq>$+%^+hPx)gHPkrD;?>R&H=$D01}^BpDl3e)g40 zu>8+pe=w+huT)tsf9_JAu=?-JdtlI+Dr6UthRhPWp}90-xdxxX7$9a^`83K+Ljwje zXCtD@hDHIDQd98^l;%bRCE_ojQZcnt>+R;I<->kWeN zhni={P#hf|9K|OmN6`V_Ki)mqn@*48=wv7&A&w5FhkJwJaXdVn%?`xD(aDiG;IqBM zqrJVuX>@!%*efA7`*ytS-La8SbrVI;3lUW-g*SL^G|B`(pD`>qnU=Q!SuqxEG8b(R zD6|?qYd2ynkq;sjT2FE{70uF=YXW6cMey*11D7sS<+nj^xcko=C6$)jn>>~;VBp*Q zHYgC^PSt(A4gl(*QTA41uiwyEZvrzIxlq3Gi}7a7-KXwELci)= zLchwxXqYbtz*g5bS~4Ujg3vByF7wRAxxYQRW1wsZJ`2&m9Z{^j9^`|MOIuW z)=Yok1QfhaUO7uOfz zVBH#s7RMQgylD&VtTmFFO~JRvve}TcJ&`jJts<9aQA3AkH=RZ5xg2PHN`9NDx$hy8 z_=@ZM8be~_GGHM|X&?L$3vI|9ZYZ8&EArw=9k4f2W}t z@u9g0E-+_L@A&(Ag?zaF$S+lloYYR(igh+Q9M2Ku{`GO7teX%r{K_Q8==i$uvMZGe_PoDDyTjaXkl~Xr;iuqeR@;Uj!Vd1*2)!)p zbPPYai_0E-ix=4@`&9r8Gvj;#R;&7nV(|E+%yMx`m?r_i@oZRj1jSfym2PfUZ(P%JeQ{{&%pAf@I622x=Q26}q z*C>y_TE_D0{ew0t7hm7?TCU}(Z;0mFc9h2s{#$hSf5+~?kxsEkE{%I$v3gW09?L;h zS{4WMKO*PXYpvDa((SJvi!*2xME#)5Lw-VVTd;9vD7{vZU|x59FEf@3Gs7}Ar6Y7% z%|)fatY#{1?f7zn+msS4Yx=lrP^MIix3%M|bnr9=Pek_ZNW=AnW z!3!i42>ry_J0)Yyk{$VmD9_$NMfmpc09?nM%U$4i14*`^Vlw1B&+Rru6)9A~gMZ63 zmJc#6ctQ$=8D!@=y{cqdnkbc6XcHA%c*M1|hl3vcU;mgcfZDK2uJ4hH{i{Z`*Dh8X z*xj!TbNH*y?yxqySv(kwM*ZPnzc#zWUvqYcV$MIW->_tSch(&vP4s`U{QOW5@OMESaKWHoc+uZPf8X&3PX4^vQG`4q&J)5*BSGik3= zK(@rRS}#GopM2;MQ34k@!oZSiB$1T#SN^SE(vH&t0%u``Y0QWcRrf^e z{t2YgthMc|k}nMd9x^XN zuK@?&n-VxEC5p^@gykp%*FvH3qfBQIRzq4i4B8+trrOPIW?=2{FwXc;GJh zgH(k#=GUEj-VS#M+Hwhe#r~P?4cHUg)9+f$A#mr$AK9TCb}mA|M^=LCvcLN(ctX0; zN>YK{)|wyG<~djWp*A44C0=W=YKZL(TI&u{n^CLLvJtnvEm2#CwT@fUw1CS-T&EA$<{auH(GoBmCleOQi$QqgI z&-OBYo!nCD+~J=vsqQQnqTkxFKR}k~o3QE#p-hCqx|u&a&khKd52Fn>lgr|I=Ys$= zrM~p3RNs&|F&Ykb4-VgWYm9wRT03DJYZ{{f`sRnx=*NcUhh<|s=6he~&4ru!$l#_4 zW4-*J-^(<%;v$Oc$?mm~^ToN;k>yL)YPDbPveY)1svNVwLcT%L+998?9##SXK9QqY z+47C{_Z*IVT(Vexzt>8RVD?Ql{DGHX zHv$y{Y~p&@pWUy{sm$NscgiWOtQ=38AWWVGRWf~cva+CdsZJ4gE8t_j1O|8q~jd1pR`IVv(-dR8I_=B43+3CQ9N!X zYJLlUUMjwk3t94cA|AkN0vw(UTX4OQ>AZzsLIwm*%pgX`S>`>ijM!mi%=^W?*- zVP({epuPTAS_DR7hrEU3fQ)K%TRL8q zXa=kvX`@&o_=AhZ0EPqB-6_&^uZ1UqquDNrbBm;1$}#cdWZ5k zEdv;W>{_5)1K@(R;cJE`@&xcaW@*j}U-(p5nVaVz@sj=#)=$?Ufgag09VVCaxyXU- zsLcZke4u&C-hXIAhdVs{0mM>cKc46g zY)!J!v-YqD|Hqj9pWPl5@N&)J(Rsx%Afz|KAM|(kX$1Svb_*3=GwQw_SdERm5k$*NMDqtq3{y}`joK?VrRxnbHF%5WNY+~#m4EQp(N5;5?E01bn$ z0$VjtHhKYAbH3sS4!Mir9 zh+Hrss&UMt1zaQEsmuqhshmw$tsSQqL?*g0s*AXSYi5@~%@RKEfqv>5(78cuP}A|t zcJJZeckkbK?|<>`J$!EWlE;dx-A$D-d#z=eS|k+m%0Te-E-&g_o$z7hBR1s;Pa`WW z*gxOHU!okZ4Ey%VOj2RFpD*_>-xI4DD=H09M%=cXyI_}RlEPh40xFXP)byx4nX6oy z#nQ<=Dfts&_Ms5xpshVlByN#}m5|{bvgPDFjn&dF97=T1#`hl4caOu;$^$e!nrJN~ z_*Kp7NPyKsES2#BA2NL~uui$@uvq6EwpdMbiP)jd*?udh9Yw$=M&yCjjU)gV>p%5<6OFMr8oR+gQOO6g?By#2%ZguS1906f8^K+>)sFD@qm!Eyj|g_4)&sM;q=4*lHquP%8#nLhtyz@bPo7S;Ndy z&UCrpfr+Q|L#9(g)uc)VXfo|4M;(Iis+Y`E{>XE3=`WL!IW-GvF44O?K)h^Ts$IO0 zj{{5+DnAZRrVlh61@wM_&gdS5Ia4Z06tpn3 zf4b0~d>t9r>`^31FBsFEj}be^e>IFdU9m?jyy8ezPP<1Q>X;OuJZ^sXxO$eBV5BPa zF8>(HP(j_P1t^AZsvi9L@mBq`%zq0Nv(SIay#`v)SZ;r88o+WqO&79qD zCClMMJsQ{>VhUY!h=%}KCzm2ES7SYpe#d9L^USq#N36rsz0%$aD)_-*(AnEPIy`E7 zNVh=(Rj}EDXC}(~5nTyWnL6d8!xZ+21#iDia%GSqDMMsY+|PjD_IP=WW%dQGw=cN> z#wq@Sn_bQzv|@o?)goJnrRD$evBege#lrZVZ%+jcZ%4SnsaB96x}%K5lc!6 z6!OY<&ZOgu;ueO<)TrR{0b{3dsyfQ6>pc^}a6w1D!+7$@SEyP|1+c)|TK`;-S|7*h zOM7Sackr)nFe>DR)UAy4g#LGOp(RwDxPi^A402`plPh9(xmPuTX~zqQCQzUZl*;X1t6{`ZtL3w*HD^>K5ogT~SJB{Zkx8uvr!kA#RvFZ4 zfPD6}b?b9Oj>?TGDa&M()kKtQ^YsZRcU#TLCqpteC!YMjE9qoISV}F#zBx5yZ5`L5 z&6;8{w}jLbVh7-UQd2<7!Ls}5C19?P51}LX^B2-oHl?Vx4QHnRFvPP=p%LEu3Pvz_p^g1~ z@dRGeRmRE9Elj@ir#vDe;OJ%rYkF1+s)Er zZ~qx#e3>a#=AJ~YN%^6}y7bqSqr^rsP5JA)*F*=Xsom08sbl4?V~7sGe^Odf49BAj zwyYqD#T+Zih|5(erCtiHfCE%a(Mv)1DkLgj;5F!Qps+PSB$kiVJZi?;JW1NHRobaa zMH~E=yZ}o*MGZK>2nKM;tmg&Kd1`{3bLhn2Or^x0KZsnrH2)<~2#Tj|gom=rz$LgF zrLsGdlnJBD^eT%~;@JZ^aC z?Yyv+<>KTLUfZApYE|e}hEoW{1A^8WwBXevpnZEDyAVRG`z99xUpV@K8tsr)wmVaK zw;Z}v{ zT{pMOl+E~qA_Mk=TJ_2vy^;~%SipK)PXc>_hVip97^R{9uCy9mZ8KOc$skn z3@FZ$sL!PR3mx0gzo1&B5{YVADr`TtKi-JBcp9-bg)jn$F8~6V=#rpx5-vbp<0*<7 zo*HM1ZNPP_no~7&wQUk;6Ez=ILlDp^nSN^(rNQ`>}ZFYZI%20#`AsXuA}-!7am*2pv2bpBa&pR)m9> zOAuPejS6J0N{G5ropZ^boDM{P$wdAo z7~7eEEa_qDU{-GiJ7R-SrGS+B=I+ibqU}H>>@U6?15v>fkqy{edhp)ic;z6jGPR#_ z!;O)mHn2bVEEW7*r9NKoyA3yW!D29N5!k$D#FD zL-KGCC=4u$4TWTbOn>z(f6rz3qc;H#ByL?_Kz8@2x7R&6iH6bfY=1X8j>XYn79GzH zbw_1FJWsEnUQCcK8i`uH zWu8pV&wMwR9;gmj)Ru$i^J3|u?*YbXKHs|c#uS3}^nuNQEUN%_&eEs(gO1t>NJ_lX1@|8ZAuQFG80^Ojw z%J`ftR~Gv_<(Fdf^n+xHO^Fhp>vUBmSW`~Ky8rxhRTINQRozzGluX1c{%lezR!XHH zJDosodHicaY50$heZR`k>xCA7QTDp97<>$~(Zck10J==)UEcM-wwm)g;FpORZ&5tWbH2M2cbicTH?4t0n59v|H=D$(5XGC=M9{ zdS)gioYtmPj5RIMbG@r67=tIu2Yizc?LYdL?{(X-Vnpnt`(@Wtx?A4t{Z>;#(Va>% z(H)lqbl)cu-3bza?thd%ax_dIy0ex#H0*US+{GNd^$;(yk{vDj}JkhM7^Yr6=e zdQetFSXN_#>Q{tjZ4A!Z4#Ng`>p@V>Ijmn3q_rtbYda*H;5CG5ZOFa{BYf6qgU<`9 zy`|8}+wI#jKVLw*n_6Qg67fJWi1I-uVlG^%C;D?;X?%Nu-ghqi%e_lq!|Um5$;?1c zEufPRSHTM&?$8l?qX%W)ryEM90qE&0`eK-tX(ZUAU<>{rz=z~P#H5mUXa;!#EEGF) zbn3w@CQOpcMJ%C2T52%A9@i{U>6}8!S2%(*9fLy+wDLNBQiD)kJ8FfG+8aO?C(=~T z7WszY!*-No%*)8Z16Bzd0{;r^UV`TxI_`&!_UUm-0JFLXtAqI5%>4iDi}BmbRVE6ALm8 zEFW3qamk!K{q+4V;aO2WR4?}YZmBinVxDXlyy?49HEpdgJk6*5==sIVV(+#=ZtXb& z*VP*4R+)dolO&H$N)L&FR(vtfqGWPqFj3DY2{(^V-?IQ>?~3b!5_)ZUQ0$tE zYgHgvRNwMoTEB82okb0%0E(3Y!i78g znNVkK%-Idu=?3J6zEuKqjD5wJEy-vj+z>#HRpl5Uza3VUc{Hh9uH5;` z_U#oOmpfr10K-_l+j#yg^8q2yLqPe~trQ$#7|1`57Cg{NkMFOx*BjLUDq|7`c*<&nbdwQ9SxqLM~(3n`to-qIv| zTfdq_pUZrz=7#EblT@J*(tX8i_hLjHFt2N0z1!59VUSnJ?dZzwCQq34%&W1Z1W1^1X3Vg2QQ!iUcLRO|(u zs8gC*35ND=lxFlj=@)iPK{kg)qDXZV!QM`yT#MWk>}#D~_oj~ISFWYEXYd8@qL6j; z*84_%gBCu3V?U`7--B6juI}MO9)R&(`&(>0sr@#d2)q|HDs#!T@dXBd$iua6BF=lj zEwhiPLCk2P5F~%bw3=}1BR8&`#d2oM6E&NP7&(*MQ{+6=kI@%ArVD1?m_gGv%5&JZ9H>38D{2}-)rMpDGB3+<732tc|g>okfttA@Lg|H)Y>_`qew}vw$!;_+e{-J2; zJMd%D>mKd7F5qxtgR>qP&66;;Do_wiQK+Kj#r~GJtbvoWec^JgZF;MnPY% z3$3OACJxpCWS?Tr*QW@uU8p4@Re;4dBio2Dp}i!ACz$^LunOfylgNGTF7fhc#&DuP zhsM?qiYjtf*H`JB=8V*6DzU;y4d%Kwe(880C&|PHmCrcO>nU$flRR78kGh?4w`2t; zlw5&a1OO985v#wT?rYxwELCao*_g}|Dc>NK?Y7!+MTJ2?i;m)0?b|tm8=K(wGG_e~ zdv%rRL_)>KYj;6y@Knik<$Cci8HCyS=lXP0j+oQP_2i?m>Ui?^{Pc&jb22==ygqw* zHaxjLg{P*B@B8KQr{^!4OFte(6)FONCvt$(jORSyv9=n?P29YM7+2_QDI7v?$^-Ql zpw4QWC2o!Y2_pY-`#y%?eEDxFRc=`gyc~*j-fbY&3&o5TVy@N@2Hko(C>~>)vkI%L z@PvfaANYBVDSX^{x1p+2(I}mo4ur5ZvV(qr<|%>%VMNPhAz0{eaL|X&gfF-8;ePk9 z2M>{m?h80l)k8Gy&{l$Sizk9v&dw0-g@_F>Vn)f-Cm|ZR%JE&($oeF|I z&?Ya`T|!r?p(N&aEHiKJm|U~*NTDfo!i=Y#roQ(GRzo&bUu@x1`O$`A@0=?Y>QXi7 zSbgL~N34T8kk{8gmoa=1)<8v*$=CkI>+7G3?$oiQD4JCwJk&1@`q1$5g}Pm9S|cXToHjv^2^d5;w49>yvuEpM*Xg>_xE@fnCzS%X5%wsOnW({^HW_4R#S&z!{8 z^q^{?v8qFr^M=Mr_uGZddKWgUB))8zk;^k+I`Utxo&9pv+?T~Xu`*ver${Xw=4VcZ zx&DRZ$_{4bhOOXXR{CHi7qf<3kWD=+9^`bkgz9=eXiJDyUDB511a8a-3>+-U2mFZH zfSaN`HY{>K9nY`x zC_@Oj7w1>l_ZzAM6Tr#?j~8{*R@IwTa##{_SguW58W?=A=nE)$Y;JbSMqrID13gl} zA8l&SEp1yx>=p%L`b_r6mT!TCns`LLUWPxOod0m@y*@qe?;adgVJp;`}!?LI7on5H3~dD7{Och=tbqIGzi1P@&3X7Zg)J` z8wYf}ci0>3vC(1g;IKQ|KR96H{eHN2u)o_657=NZ=pS|WXt>+&@6)5M4*9XFroYWI zW>*Xks@3l8ANG%S12zi!2SK+-caP}N?w~j7jrw~Bhio(+4EFl{!*D#6k*8)2O?* zd(@}>!@d0;9d*0ALI3b*z=Ga52zL9u0Ud;6)@S2ze{>M;9n$^%{k?`@rzIy-`C81! zw|xF3S)@8(yR4H$E3gB*>~k*uiHngv{t{oo0!F4wR=A6 zUfAFJkA~fFulpaZZlhLzf5ncY5m%lXJK#QQ8g-AO?pJxr{fZ8_ZT6gRrks14a_T0x z$1?vJI`@t|trGgTjX|w;#Qkik_cWuf8@RZRWvTMXBiNQ6-K_Lj7Nu{-q<=$W(pO?f z>N)L5y?fb_di}%o?MM$aA(cGLO%9U@%|>!K10E|xa@!p7!?4H|)7hIr0x%aj+XvN6 zQNC)Sc6Ae_;F|~}L{9U$P%fVHl+e65d8kNONmJZJ>G1sG3QAw$^P&8vY7QvzY7&FF z8P%^#%=XIM>V&5ya#KdLe8ebj7y9v!`e~8RbhoRC8GOmIjirV#X(`Rkl4W(E$r3py z+GIP)D&Ay?o&lZgRgG2cuII&$*n~p~RjRVPJ|un^2Jb zNg5**>Ms6L^@7NGs_4?hNV*Ep z0JLTWXhrd8hQyVV%l7YqpIhEvyVlKCgL8s|tc%y~MqK+~JzNvy6YC*ScLDy}A zf(fxI(HQXnfV!$ql?GJ4b-jK;LTPkY@F9rVVB2Z!D8Xmqf9FkXtf zwwiTb_Xe~|O`3N5e9;N_w|qOSAcl#1+oKGHHSI5z?^ZUvIE?O^lx=jk#dX!nYxn%u zXx=saf3xeZY1duVYG--gp%yX8V*vFkSNV@TOdQ8NX;A*&D~-eBy6|T9CSHv zoU!5>5^;oHzj^WVtJ5lRkZN)RHDF9`*d!Mg5k4FKc=_hdb>-p3_2tR%)XbU@=egWA z)0a_f^6AAqD8;OeycrbawJtszru* z=ZCdN5PnujE{z8Vi7N$BsjP#!$oVY#t-y=3wg#!3;Kp|ub4<(pm3T0rc zS=p@9dYs^j7EdBI^p;mkHO68zW~1G4ue&?wANB`>0cD55;OH<6=+U4%7=+{g=qNY} z4%q<>_74tOcQn`y4hKi$?r67nFxdZ$F%~G=)WEE!$`-{RRh2Es-dmR~NUW*MRzG}* zHfv}(eMr6v|B(vtSfe6dnmAvhCSEk)kE4o%#tpC)*y2ks=Vjj1uw=a=+Ha`jdGO3Bh{};~FvN(MMk%4DQ;Q5rPn!5K2VDzm#~h?_ z9oaBE9!(=F)vons15T1B7iR!4m{roBUSonHOQ=JFH{HECFS6z*gzB)Y*8uzj17BPq z2cUS!4no5i+%{`WI8AXI7QWPYN<(N9#@HvdXIXA01-=ZODQF9y`~#7^{!aRPd$>+R z7G#i)T`x)9JUKT5imO6Z?qLS_G7!WQa%IxCE1)o%F{nWDzSrydrL0LTRLqNGS?C@< zrxqaCDmtHY)Fo@~GT4P}n&Hr5K(E_+a(aB=hE-aPLbDpAQ$2-=utWZ;q)#r+R6=Qe zV*zt8s$e_H(bs}l`A?}qloM1VhA9fNHqI}58A8v!u2O>P9FA4bW&Q1fgzC5J!+W zyZ}Jkwt?>uea*%yoaa;6=6qA%H6UyQv>M)1Y|4*NPuh}`l+U7EWl#*1pi}^NVoK%o zr9sApFf-IAXG#x{#kb8RhODfE_^h3FCe2YqEesU9W{GC35?88LGr*P=-JQo)cUy3Q z#UqW#XBDDD3sumFOG}Em2e~jKmkh~uQ}PmHvP)KL|1^hn*%A!pZ)|gO-QYYpI1COB zb`N^v-9flNW_$g;-k^Ul9v^js-J@QAZ~q|JKN|H%VQ_d59`tt)4%nbi2mS8eVB8B# zSP>l|WMDjE*(${X25ew*Cum+te5+r9LFBDr~0h*z8Hh`Nnm5%07jF5N! zhV2x1RZ9I>Y~tY5Ey-D#2^CDMX2MLT>M@k4Se)|BtD4{PWZ5t7U-79vUH13(Uq{v( z`#4*oP&m)KNtBwn%pKm@!{x^7j&z-0?YiP<%z{N=9Uip6EYs7szPh+gNV_+!GfHqB zwsff6gXJEsYIn~n&&wC*_Pg?+tw*QaZ0iQZM8iRv@a7?t9r3P6&Qgn;b5nQT=-i_w z>+XkWxMY10A{90Cr+-|@*LXCs{vcq}P{*?bv(?J=oUuHM*exrt^-Vf*1(0r^P>Nkk z%@2{|p;K||fDNs8i_KLj9I>%$+bA?%o4LD>7=J|tbgd>R?AFT8rWaSK`zmX!Y0A4N zynCAJNxDBM&2`sIuZgEJgB3^AKRRqi#2FvBL;LN2r$$*Blv zT=FW`WfSl|3GY?BbF{vowaf@z4y}vvlVhx@AjnV5?NpysL3?|RyH&>Ua5t~ zjsh_P*P+rO1?WNc4Qy_I!USolNsIk2 zSB9MtpwLL|&(AK7%i_th3RMn&Z>0u;&oCdG#lpPhtjP86jEDm&m|p3t~cB7XYQRXcGt|NIflY2{Xz-U+WOtjbC{n>vWC6K zFRyVb;*n!5;p3!mT&qa4c>ju=6pn4U@H&7@2|dQC1{D}GI!-{t$n-4I%`(5BRF?P- zc@LCYuUuB<73eLwy}_)V^&PswmRZ(~9GcN;bXqi|x_-18Nz2j5?P|0hAzL45(MBF{ z?y4NQ8V_6#s6yREw)qPzH;FGN?eHIH^&nVIvFuB*f;T~nKf!7q1&``e&=x297=8th z?pe_2Tkv?^1r7cM>l}WTtfPwkxlt@`6EP2_gbK?VS#hSvhot6ZfIkPSfofst>|?*H zdmfZYHBmC>um|?i25B^4xy)D9!(qeGuzE0b9t#@|g$}n(D|bnmaawWKY`_4!uNUXK zew;0yoGrebwl}A9h>C7m2^Oqzn3uzY;k8u-AdIXJ5k^)92_p@Dt5t8+wZ!m!{8e2Z ztF1n(q|Ix!#6D3+pQ^v=gWJ^Pv0C<7E$bw1Az1elcYBIA1O7EY{bZ&R(}l^Z)ahX7(ZqLgn}JO&DmWM@_!5QNSEh~(56Z6^C-#PU1F zk|sk$5*nKl(Z{i3zWWx@v$19m&SKjpp`LLKvU zgEX@^8}cbfbLu?jo-+%j-?#zca-Xtzc5JO8n8iSLF4sDEf72@K8ghCs438a z`->!sVKqp#m1HcKXW-HMFFrE&0?IM1w4TuWM`hoYEyHGh5?A#erG_w@7TTy|8A5PWZ^{B;>E{5%%E zl=?m{y=NAQvW%#;tb*CLvVUS_f7G_I_TU zXHoKqV*&J59*PICUiW%^An!=<%P?O)pg&?GknjqPP$m#Jdlz+B&yr(4e5~F${Hlah z0JuuMZ-{D2Q9|CNEO}kvh0bVRbBeNbSBDh^-9bv%mq=cV7lbtxq&T7&;LyI7>kj9z z#%9>AF)KBsNeyppO}&=p_E;?%=oZ;twT(@|grpB?gMr_}SQI`cA2J-B-T%A?*g6CAKTCa-gyhI5l3V z!UnRWAbX!eh?P95M@d*xq|5NaR`i)YDJ(3~PN(7o+X7ZgHf!>;7#KH#t+|j}8DZAB z1+-P{#JAP=vFjt;u3di<`YryPVttjacF6cGi$GI%KURk?slK7pAG_O^aM9lN<^5-s zKDT#^FWK2m^?spVZmQnhy_H?gVKY!cD;xUNFZxXtM@vWM!cJYIWBd=uKVA#62?C#t zOzixYD`|O!xd6_*&_iIIDyfb5Qt~8qSnyb?$A-cY2-3xX!2~|(1H6EZbEn))-Wfvg zN}jj%&%o9p3$jofc%G1VSk9kvkzaD2zauHlr}~b;%2qE6fNE~LwxVk4F8e2|M@kK8fY$>xa(1B9Zt{n`pMKF(ak+WaCMZ7Vu~I?oD!~-Zcpuuxqk~wlyNKdX$84D++GrCMT^v zF9ST59v=Xp+IUjBDWb}53gC$b`tw}`emWjh;p>|}+3_NvaSgcY-L@SJ3=06u;nG85 z7S9kXC`ibHNJyP^8zVuCtGuEkhf9(n^VHvfC3?>DOW7iTM+eWC4x(!5nCcxU<{4zL z&c+5nv+(zeV>>Y1X_mp4Pj`;T)&R7~lihTxcsy7Ko~V=!{vKp+^ILj7D>li`O8T$25bxl_^cg zUawD{FQi7V_TroxMoJP*nxjAxf$_JPhSrQ&HdY#3hH1q%0#Z z|MSH;UPHrTqrud$X=mSgP2ZoT7cBcxd2St(y{?^thJ@e)Q>s8nWs1~=v@#fG*`L##nCN-U4}6m8Zwp(_A%*-rLE6c zt|1p(RU=@otlO(|tiUi{urbRr78XprfIA3*ZhGAk;D~Zg%_F(BRlx4&0_ROgbBdZ6 zm*XJ}?v78+Fh4SE>#4{yMrZJeG05ffOipDB=s>$Bh$+wH>bt&vwQVP3;I}LTR3tp* zUthn{zBL--#3xqDucWA{nt`sLI_9Dh{T2kYX0ME8Os{OiZbb-lT6GV?NTsSUgda6oVu^Bv7ng*{z!*oBX{M3cxRKo7a*@Yb$YS`D5U(4AYQw*w|iBbw) z;2g~|+U<*MN{O?h+yHonXiR!)>u~ZSW?d=daCXqn3D+4-L`pN3kG4Q zVzr2Zvmt^!tsWAfw9*TFa{lJ}^q35F^xAgmHKuu&8>@bhF}WsWf2R<%#xsP=nDUv* zT2enjlsSV1yhs^bC|7*sti;8eBbL*xjdFo%Q!1aQ84sk4PbQ!pyVHd|A?F;fg=sD~ z3+<@Bt#ueC$6ZDH!E!|rJBm3#LMi`e_*|I*tKM2r$@6)xL&;_TNS4aX8dBNJsYXc-A=$@R>lUW8DySAoJ&(KUv*+{i7_70s6@W4Tok`Y=z^+{~reY;A^hTpj6%#dAphj}2$MZNwS0%kDrRd`G9F8G4_HYxB1lc0hjS?J{ml={)3%*py z()WIeGB%mhER+lU?Ba?A+cxl4l-M8Q(f~9L*r=eD*2(`uZ76V~1N#UbvfSNKbb@ik zf{%nb*QP9!4N>Q4wD1r5d)=Z&JKdjFOc2-CiUNgb(d*#_5j?n2(KxEGN&UB{{ixMW zkE`|S;_MO;@P$;3T-XCp1ngWB?Mj0JO_|af!*o{02!pCuK?j3^y5goZZKiz~G@WNW zMuV4Xhvg*$u5`8gLZS<~Z&d1ZYL_Z7yy)9QZo@v z@@R_4k&B(tTr5WXy=~=1oTHw+bK3!tVYNr9rnx*)9zZ zyN8FP-GC10UjN{*f57^OyQ9OsUavpyAMGCQjYqwaP1}uRMB34eik`H)%QgE6zN^{C z?eC!PZ8Lbaf17%^(#Ml&06i?yXgp@Pz)?f*ls?kkeCY3$UsU_~=xEU0+uuFd9~>O* zANB`(dig9QeQhd zPH&(z2>3k7t)lA93BD-zC9W$66L>VYx~;8lOJZ8ZnroEq$iV`{X3g znaFttVL~y>) z^F0?V9+ybrHl~b0L)#h+3PL1Q5=E}JVz?WY9Q!3YpDC^he-%W2{aY28U;i4=>}$l9 zAoV{6xjJ(Hx>VOh@?VL39ofH9aRb7?{xu-|H_UY%%-J~6OR48t2-$&rEvp8m=x2^8 z#9t}0(8c_cAbwOO&83hiFSSYlzp~0mrj#P8snZ;tp_x!RB7`&*s)r7nUvDMnRNNG} z?F@Ru(A?3Ld#Y(WPXx=oe9FA)8^}OQ<>&U+@5U#1K>ro!3V-Hatl~$J1|W&zUD=Db zw5n{d$Iqo5m2o!lx3YTFKkV-x_4oG<5BuH0VHk|NV;1iA$82!0zrP!VM~C~p-Glx? zztLG2>+ z098x70IsNOIeV{3lvj|@?7G#Lfc#{9L>#os^A19sbx^=XootH@V5JJ0d#vWzw>Ir% z%BvpAhi|ru($}}!+T5?EV1F@fwz>jKyoNNV^0gNKM z>E+dlPfmvfZW{O`qv>>^Z$S)@cZt>wTU;ZsVJ4_I=pOBNTG+XogY~?;7V%jXLI>0* zP%nSJ>QvtGY(f*24*!^RfPA$KP5}iaqU;`;k5bH0c^6eElMwc2lJ}E0>fEcpGvA+$ zA!mA@kIBe>%IsyFJakzR;*cy{ceM9k@<< z2rJn;KI|U$wo7`eZyW7pTcFH_p6s&7iB4Pb|0=`q^5v=AnnbSik66$#W0nU~a1gd4 zi`Dn=%?p(+1P>vK4aYdc)f4(`6e)}GUC3fK0oMeYM%tn#l*>hdCIUfuS3u{2=2PWn z2o2sr@?r%Rc+i?^84_?BheVqi#C1qAAN`C7vvw9iw_}=0}Zi(UU>*W zHJL{t^Ec!eu~@MBKuzbPQOvASs=UZpOc%v)=+V%FUMW3~3QC^}UCcdpMS8;zA4neM zF(dwPO0(RDEK;97p&sxfkcKE5%*>-6{CwscR-kR4qe82SB$PGSJ?ZYl_6fTd4=W6u z-Q$jTBBx0xl`2*r!v`@~5VpsoIu`e=LJ`6q-}on=XCz~|25yTaksm(j&vfQU`Q^q- zo)MZX$atQC>;II+={C8IM3kH3iaelLZs{!9x&82gYzj7$dTg2Mmj9ami)WH}TbU?< zGCLDIEXi8GmL2?IzuNx)R<>Q9M)Nd&q&nL7|6cc?zhBw^_qzN2Z~On3_8NE1g*wDjZ__MF@-gZBhw%PG zbV~A~A_P9_3>c*IKRcxJwnIM3LrxNq{ayHHG`pIQ$I*Mz@j6DND_H}LxrD5(=(&gv zNEk~Y&wG>TmL=*ew@sKoIo^2p?%jsD{ju+Ms=3tksS0j#ZhL;O>-RQXH!S)_hmL}f zjVDv60;1>MX|Mv_O;B;iY(?bu4WlzP}|gl_rGB1@cS*&DQL>g)TBPE4|&J&7Pgss(c}LRP`(%k z;^%Z?xc008ul`$)K6D$PuxZ4I62dCvHCAm6T*-PjeimvrR7a~sr$aX7`ILM|{#JVa zck(wU*}rdXz=`*G<9qV1^u@blWg%(enE4a(uBK$yaAV&|%Fepq9k(}m8>{GG^r40q z^>o?JyA5Kc+cowaz#6KwMZSEOMDaT*LN-XjcT0NYXL8}d2Np(gVRR!=-YjS;V`8Q` z#8)0aBT*8v_rxdN;#IkGtuno$jI*2UvVD8@S4e{TdMwl`uq?RClmwqE=HebhQT_wQYmbqTuG96?s-goQYv;fWP$v~kXJc1%vf^U6#lt%^Sv3pzy>9@FVmUXFs z`hw;2v_pKX`C5)ck!B$0O-T?-<--vl4D^NQP&a%zuKRrSI?>Y%ESeFnLN!{J=yd^VKT6oqX{WgDG*0)`}v z(Iy=^2|L)c9pX?u?B-jRKD)_EvjWG3j%>3$Kvv7DW>?GJutmM>imh|oAc2CxK$fQ^ z*O*k%kI6?8CHa;`+va7$(RYQfFB(!a{dU=+Ylwg1ek`teF^i1r?stm`evQ5}5%@yptEawoGQz~?SnG^hX z3BQwVlK&}WWy0{qCj9S5K!ASDLwQ2l%=uLg_y#`OMCB)b#UN0#4Jea4E1Cp}>P<6l z)%(zDP#0787qG~7cR*_$ZPbKn4V7nQ)9AOl$sZv{zzcWt>aEjKzAGA9ySn|SX8%)y z2`@y|Nf4a;7j$+{gW!_;zrFr`#s1gt?(TKJ+5f)8&)OwQmwR}%*K#4KCfv^V8$U6Y z0(cQ%X)KZew+1zl%%`=TS0IKMC!;{M84;i1Q@TEs;XR3`#k~ULBqmOJ5a?7%jdWm`cJaCkNf80qWxL!{f ziGbg-Y|&Va!NG~6;J&p0xJQ+JtpN!5Q=Me+50wkisvJMz;ffq+d0HM|_S2z&L{^_Z zt;nOSa7W}cpO@-=Law=VplVe*48843eK*(Xt*mZDoPL|x8VfXy6y7dRL?aIYC|LR-Y=V(?t+&{! zjGu|dE*TWn)`_qmIP0ZgDMXMJ!JRPWQJK>PkeerY6w3pGg7xC_oJ{#0gaY33C?uVU z)KD#yIzzWWxdTcnW_pAn{I@J5QOI;oDeP7?vg}vVxj7V_l7fi3mUynr9IMVn^;v!T zw~djx3Uv$&yoxyub%x|9O*xN+^>#E#Q^usSVM!V5rJV5!o3i|ZhPN!sBY`uyPO<)x z+5+yPkg?>JFIr2~MV~Ijz!o&2IlH3^*ZYz{sXU8~0Maj$l!+s6|f+O}#MJr|X&uuKlMbyYEp|c|I1EEMIQ*vZg;;UM-!r z^>51(#@P?GJ@xn2n*Th%mCt{p2%yjIa|~Q^{_A!3dX@8EZ-4*b+xhQH{O*1J)33@w zpT;i>#Xot_@$NZJxv%Dw$781QHfcHC(&CLu!X`M+R@$fHL*VF$g|AAzZOVW6uxvcQ z2j(OBbvg+>ZpHua;9&4g z{(q6*L+pRb07wiXt4de}0(nG(n>(6?0+5$!9>LY-f+(XO`l8`?KQWfRU}?qznzQgC z<0A&XHh^K~Srt|5nX-iR{6lg_1yP_dkbO{PX0)nuU%Vc6$fkCT>cF46!O8=FXtTa$ z-I}zr{tTVyT-Pcd`A%*k7YOhQj*f8MdHjrQ2AsxB1k5nuEZG6t9b{(1^SsgqOVd;o zd+7^UzE>=7+d@~_2fpM+dvho}nx+z2w^g8xlxLjw z$gshL94l#ZQ^XZ)vR_@DTk^>wTjeX(F^yuhOIDTM)Kx!NB7hLbdTp4*MFOy5E|>QP^S+$!%o$8%m6od* zT&X&i`f9z05aLgtIt|}q{+}A2S7mxQ1~%hy{AQlx6usb~u**InEP+Tch$)jrRSHyC zd^4J=u_0|x!6$#?#>8Xo^S73_lMQ_`uC0KKcT1tX3C zL1I2D>+#E)ZI4wY#n6R+p z1Fkyy1p^L6B&?Zbkql^pd169LHbVu0XmQL~bCd8p1p==sf(X8ailx(eA}o4QVz{%i z&1#qdpQb5=ce=^`h~>13RA+4r$E9Z7n_|pp;^{!}93YRJbSrbRn$4vej&=`LAc2gh z@+3V<<7k@33%OGSdF&M_3tC#}n30Z0C2^SY@T96*6h$5S#9?ax*J(_Ro@)1!9%TiuEteiQcU40y2wK+ zE-+d&8IQC~4-6-=Wqw<{k4u`HZqxW|)(#2p`~tkKWv3G{W9i8_XBlMED#?=Bj3!ow zJ&){+qGV@8#ngJ{1@<3au>i7(u)qCiA&}fnVVlV2?5`x`C1?`hhwOI$YCR3P1ri!Z zw=7{oz(LA}MPcuY>DSN#+0(NHlYQbLKdSWXNgoQ!AJ;M z-bl_%L)ye zu+ADY!?RasKfitpJe|Bgy}CFVegU4eMbdiCSm;hXc9XFpWA zJ0?4~G~0=zkvT&Y`NDT6LxVfLtjRMz@jR z*)e(Ad)jnfy*U)h!Qn?PN&>>nnxCJaUY?&`pI*JaI=%eI+3@u3k8iGOjVMj*3e~lY zr*#@t(bdA)#hc4jIRmPzb5=hHo+h`CehxIo$t3diZB0qFA2ZO19J^=2N?!+48YNLO zdCfycI`mF>K@xQ;;*X0Q^q%tks_&i+`zM^$M^sF!8-YhUUQmDdvGPQ9S{jp0|78?2 z;s3yL(g9nv!iSVBg1Y6gB=VuIt&$O`->q*ebvd80tDL6~Xy#6kMBY46W8zyTn^opZ zk-g0-RdOFKbx7kZ>UCF}MwTY!xJ#;_p3PXEMS*bHzaa@|eIrR(VItkIJ5Sl{E@~-T8On$`M6YeOox zh3^+_;|%WhOD`3%l~uZ|?5ZZdB^}ti&-PVOHHL<%~Uf^{RcFm71@L zoO{iLpcAIAQeM(H9?{_Dn!n-`@g_OVGArfAEsy6j26wP^w+Q3=v_gJR#{#pG0D4v) zSp30tEuITLd>~xX&{Ygupo2Ni!boh=tfmSY9NbmQu{3m2-4Ufa`CSwZrNmyAR}- zC8ActmDJ@T_hboAEQDv5SfA+|mL)8He7=$H64on))bLeCZ|8e5ygc*Xn6$M}DWWw$ zzjz5@*Z$%pt%W z`fvHIohT3d*L>(8;hvt&@@7-O19`BQQY>7~VG;p*L!OLZ zMA>UysBK%ygRpg1%7ai}si!obwzMLSMmtt<=YCXD_UeaO;6{kJ`~VYcH?vnncrRtG zUbKa`<(jb><-#zyA~$u5;>!J1+%deS;#bfR+eR=-y%`n1)-omAT(LaZS!dLi8@G_! zYnnQ{D~Y_O3`ET{TYm8}ikWj-ufwjC8t06u)KMcwAnRGq3FJyqJN}G^^O%Vm?{PHp zs_)93DTlXSqJce4_I(bZX-tzU=ko&L`rGf<= z=a#J`7?fzA+}3zm6~KqSDds%Ao5Hguk+sB@JRh+kOsML&x)tD&Uz_4?=9{TKU{Q=F zY1=9tP0}^Qtdbt1N%|1h>xu<|W{)OTcQJiofg%bAl@Q21(7%Q>;_#>hhYFXu(7 zU)9Bysk=qBP2W7k`o-R-Jj?xXkfry0Rp zmgLuql!?+oS$<18q(eS^@;v$NvkxB>k@ltYxF)lQo+-Y-%5YSo`}Panku6)S(B>kk zb-A3bwV`am#C}VKm8{uSSx}a2e<&GHEFSA2z`a%lvg%Yc4BbRYcqT|E!l=rEXN+}M zXMrmm=&D_)<9Rp*o_+Yx_MIKI*1Sor#t@BTe#b)8@!qIJ8ZOSDpw`Q7*h18qbkllF zZbwqtUxnL{C5v`u-K3T<`_0$L%~Ol7(KjcYFXM!>>Za7bpRRsB`0Tsq{S=0({bgz7 z;}deJ5#Y_82Y%JJ?+dufotT6yix*KcvHhmyYAmwI{(@Pb6Ty-kQgFlOf*m&HB7Z7W z1#s%b8Ve*-olM@ZY?gMw@xXBJiDt zc!OJhgL78L6)Y@DAxoKLF<8i%JI~csI*FqjM#R*bc@STq!>1zwPX9cCY|u2aL#)F{ z@ob@THQzA<+Msfz21!KHcs_{|A~-V2 z-m`$DQZfjk5MVV?npvUTzI`OK&qOKNnTrfgc;+Yy*PN2|>Qg(CP%mdst-)vT1zckG zb`qiPYKVtlR^QH&oOHhXpl9``QZ*g&owai8O0$`pu@$Ac=Al8P*IwI3=@!$Q;^@Ig zyKl}k1!rH(nFa=Oh?DjAbEc`;g&Ly&{{TB(t$XF6_VP<@AkKaEA)DhLbw~QQ--mGS zkE8cBk#F9(_oKBo97C(KWS=nwzwI^O_L|lCEbTQQ)URM7y)h#FkFe`BSw>g%|5`p( zw(JAu>#AE*G$v7w`Hqz16bpTMZUir=lx1U{%~bL;DsBuRbcZ4?S1gmh%RN< zcoHwj9nWr*r|2)O6|41eoOG(G_;v;ZJGD^oC^6{e@Auop+ zA^+bh`Lu1XUgvJ=GswyYq4yBy%P;79*}j9_$02i7&&rkWX6$ZAc*x{zuDK$Z7bgDy zWfZgeW$PV{a&OEtPk!LZFaGTp>{9hNXwcX&_e&0W!i8+BLfY$C$U2@G4?o=Lkj*9I z^^uIIU|U;O@76$#STNw{+nlJDrFv=@cz=L7?Gn^-jJyH^&zfa!+bLe$oV|?be}1V(fJW?TA5iaZ$`TJY&(+%T?QZRlb+`8IaQYP;PC$o$&$GNmE zLhw%>+|=Nl-gG%@H@6g#22nj|x5HEeDG!^Jm4`>WtP>XWb^5G*LG9czPvr^bCC`4+ zxeCape7l*jhD-+?k!MkmcedKf0A|zH7HK&!fsZ_d-2VZz%is6Jw7xaKi7n!hlGUPe z)~Z9M6hNyziN zPOrQl&(5zu!lR4JH~-&1z2V9E$>l${p8i$m=`8>7DE5-ilaSO25uTA6EyEhg=9t0w zX$!MYt1vQzu=i0;x|PS{$khk?UsWeGbNjGf(6K{oLW2cTF15bK-O3GJbzH5gA7wlr zt10V^i&g8r2c&Gf81sx2VimS&%;HvJL)7gVPK(B)*fa`hN1n9Een(7S4Y2Bo&X@v< z$ng9OFCA5SVVaOL+ZCD!PVSg&!qZ$OA%L?WMBjlHgSw7F0=456O)Mi;2Zu*p)gNH5 za!UTrj^-AxQGFXmtM09pL|@K9>)X+*sb|(ck1ap&Jg()j^$xjyi@d|rd?!evo#HyV zwEi8-TNP6Py_(mP_>M00T1&Ht!+6A0h;tnTS6y|bQXR4xMGNn z5>YC@)|C7x752$IN?}&YQr1Q!nF6QzWAa~+;>&!l;*Wj#tc9bH&uEm8PoFyEzuN|+ z{Q>Sw*62SWFL_49lx9-rEg?IQ5zFrwLzS+BuR7%rIT-sUjn9t2V6!w|yoj=6^5K(J z_cezkci^(eOnqwq5@d&{%#)%*+F_EKs$lQZdB18IQ?XRpyyj*|z~AARywKitZ?Ylg z>@RxqEASXtqf6m{GfKzAvU@g~Lz{co?PsvOGur|^SBZkTULO2n0e&@l{k1f#;vHCN zQd3jb9f3Og?zvvE{jN0KD~8}TraQEv*{w8c?BJSe+sx<+&cDmpY-Y49$(s3ff;6qx zxeC|jo;Jj+;;#|zXSI3zBWQ=bXJ1leT%#JB7q zTNTcn;5RL-H6r2YZhINU%porBi#NFf+GOi!KMM5Z!=zyY{NxjIrFLy>500Nw+)w2< zS`LESxKuUCXra=iP_)`uE43ZVvbm2sZQE-Z=Cbo>UD5>e(*_x|(xPs|4{DvCpWQcZ zxxdm%4QzDnk`vvT(d2=Xw*jOM#F5mZiZdgQ7XjrylpH=>dgat-LMw=*^+fCvi+dDf^Quf9ttm8JR_s zX-@8F0$0#;!N~QitMVYO5AW9s?uUQdjm0PD_V_el{r$e93A&7vWjdH1!9SF$eK49x|@gu`|^GaS>7Htf8nX@`9JtNNbBC(uC^T*l$fbLZf=%s$rErcrf(nO2DJ-YCszjX;H2niqtB% z)OuY#&R39cm*d{HjI_gAP$9pJD<|~mGT_k`j*3r~FtBb`0dFaQ{}M}^BPD>_;^wZY zg15g)Wi=fC6)k*@h4UF9SX%&C{|u_2YL-$Pq`pv9njWMuG;g%(GO1o*C3QnzMU@JC zUd7;>GO&U&u#N)ICU;jv%3Td7ceNeDU8TN{)FjSpy}bI_bPb5)Hh|=IJClA}cg>OA ztKVK%09du~wJFrgtTv2IKIaX9p-Z7bt$+UI+wV{P)8OT7mc}$^LI-?e!po3~>4?)T z6l#UfXzDNMEMBXQZnxXr9}M8X-EOz~-+p(0?=QW<-oc=^-`(%-{-xXRclY{#A>Gf` zYU?)_InDmkeQ;gX#(gEf$}Uh0xGnl+q3__j7Mw^_cGQ@Ubb8c=Nwf34|1ZIlj;5i! zNu=o9MuMPVOF4Y}OxK|6Gh|=`IDSSlHev5on8-;Slg{S<^}pZQ+VsEQ`ak~%D*CR2 z#7XD75B*P2t><|g6^zuIC<%|rQ134r8X8qfce4jns{bgrnj|3myUJncYCaxE?@7l~ zS!@kFB!2DaPgBA=$$jTvvY1i9{B!db$i;NTVx=hD914%7>9L(3o~9|>+#tNAAMu^i zF|;@a*9)dJ%RN3WkyEq4#WrxFcZr6k=`zrEtztD6gvX@Q>uB!}F#5F@FNNT5)HcGx zdha4blZ5BWGt9iV9|8^Q!SP0EXI(~f*(N)1^6aYM;Z&_Z^qj8G=1-qsxu~gHBs<2% z^O5BIe+x{%@J%WBlmFWH|BT0M{r$fBTeAP}^$zyS`+sl$V6gvf|Njy{hiM0ca!c;i zX~xEJG@0h5l+4w=H5<_YTt;{n{e~VRH;1t2m|gdh$IP+emTs!e?p5AXo3_fjgY!y~ zy;-7`kFFn%fY*d0{JYp1Tu|dc!%SP(?1T2Cc-08tT z?r0uNH*ER4aqm%E;@_|0y^1K-NydbbN?OL_m}ND4U%iB~eVaithv`S3EvjzI+FqG3 zYw}o9FuvAVRdmMkDfK(ds0q#49bKGUoYkh1_3F#bAyw(pIkc3yf7i+L1?LWU)(y)c z7Or<+ZuX$(pxU*TO`+v1ew#y|eGZK#soDoFVw%+Nud46A++0%kl(K3sm31$jP^ugi$hiz%g*i`EP%4P__Sdce{gc=f5xU`yI}I&v8QinU8@y zW(smpi_Vtb*&xK)Almvu%t!xXL9V1LepHU+-f&*Dt`Q@?N@suhZTryU;FuA_1golfR~*Ace{h?{qMnG z_u$+4|4aNHEKJjk&saWX^P0z)Jk-xO2oWW`tvX{V&-BSlC6Hoy76llVAYYbbsWq0Vl`0_3c+LYJ zACv3h1w6@VHevY%d|!OD;fxw^AU>4g8J4m1eoIZo`BC>3{uRxA)Ee|BL)S^I>|)Zl#ZGP8a;oa(Htgy)=Q{TB_kayv85Tr`riK zy_Dq#`;UK<|NjQRmE`|S9o9aN{NLT*tIPkrZ~ot3+N2Rvh3 z_yM2oR5uPqXzkO^QqEjaTB`(UtsZAplH<*cAaPqpuO-9FJ6v-$f8 z`TRDcc`$utjj-!TXJ*S){actU__x=lkFX?6d6ej*AszwkLt&KUEW4%giZfUjuik%8 zdBQW*pdxTyL4?@#tuYQ6gJ~Ki6EhChqgCu@519qX^ktog+KYQ|^1%g3x{^dIMzMat zcaG&U+K)e?%WC`*TCHh}?e^B%P92|Vp|Gvo2q5nA%e4H->jNS*}|HeT3wP1O!G%U~1 zhUICu4>Vx%tag>V4rEX+wbB;XjBN)DGNptkNdRo^I{Mip=^l$M2T)j~DI_ z5C2_i|J&{ER^xy72EA|V|4aPLSz&{y%&j&A@_U&4@h?2Pi8&4HN4%zlHe1dTMMfLB z0O&mDPSnLEpU7R5hom!Q@vO78l}7=~@~sU|yF`8WmK;B;WdDbBin*IiotI%gRT0T`+?rm01 zA0E0(og@oYs=wdw4F*Li9Go+$MMnAJHO+3IZt&75N{ur*nXx3l&S-EGB@Y-mQrvZ<}b9r#nP8*d++uv*Y!YqSQH`fYU%b=wo%y8!fubIQ5 z^mb4M2VJ@fo{>(kf8clhuHUm3fraSmtwHL)j*ol)T_!E&63*cMlnBog2@D^eCj$ zf)1ashB}I+xYbrFrI}nf?S&+VLEc^l7H?|_oQktlXBMm#Zb`gv#|F zg(wBcrmS_F0OjpsFW3xOnz4Z9EZo{As)?1SJR{hw((^4@N5GRjO6JV(IBsT|MQ45L zq6D7T$~MrjXENjyeD&PDB+Of5W8y-mcvn=AOprvwDUFgSnHcpr;fW;^RC3H%+i2$XCh=ZD{cf-{n)JHf3=tYqRs|adm1Sche}C68w`1pa-cJRZ{d)_Aq~g z=t?l5pTiG8cFfJ8P^%03Mt$S)G(RR!KXj~Qg`H#4*}0_|WT>@L9PZdnj>NzKHA?d!e7?8D;zidnNQ1|ItDL-YN z$uSDOfI{}vWAd~-K~zxfPCc2}Q;cF^i+eEYOxndFbYtMVi1#0-fyynesal zVWEg&Zc8zx864m-jl6NTdjc7q1sQ?zmrEsnisEE}-$5E(ANDCs5rgzPK^Au8%IPTC z+3|szr{2IbVRI2Br10e=RFL823qdx6xybpI%ip= zHnL+?fB@wnkI97Ps%=rI`OyrzdD45ADz%MCIU}J+7b!c*h{gQQ*Qv3Mv17!>a{ui4 z`$WvslxI0uMB)V|!9=o(+K2`>ED3$`v&r3`@tG_rxAr(>nNB`$$criF2UY4aCf-)$ ztP11+27D$JdpU-Dp2J(!)`eG06%VEgG-eyGsGmUYJRJN84gjS=ZK6@eVN!)oOc_uY zVJ#Q}Q%19V#Axp2(TwqVzUqqAd$_6QM@{J(36;J0OojK5S+%O%vWpbR9=HuXs4h*U zsV-Qf52`^@a8q{+IP)dxh?^)Ko?l$$G@pyBoM!nv9mb3%O4P~sUXY}ofD)d-B3>ZN zlry^R}}V2z?-JBTN=-GE>IQyU`tjN zv(Tmw;88*6V9(}>sU#sG8_g%E9$?2|?nX52T-dB6?JY|HsXS5 zHAp`6)U&cIK>F%c)3Q$(*^F$jBSzzVdcm`NiyR#u9O)6bVmO0|{5NN5tJ#Pb z_7n|)GTLI`WM1DtHnLx1X4O`tJdT3JX)@*+S{CKb-?0rG$h1=6(s^E_5y#Uj%A$

WvD3X!)M3?6T2Dl9hU5X6HdOP6VUEpEjv+? zXME=g{^eP9db&=W{T`OU?uz*xvtoc;ZC|hBhG#D>UrSM8b(>--h{DVRF;Xa8|Kd?X zI;2x!p+vE(p7#~2lr2$I%!9e?i}12f8!VJMjEU;E(Sod((^#pOXfBeEOQmtU zf;}RivM4L6dY^K^LccJh;L(E^BQoxxouUPp`qiUhn03@H1YawcJsmHi3?3cJ;3rF+ zzqvleeG-Ht@WoS>6iwj?IeGO;?Q(ZhmYKGsJcJ_=+Tf(bpU23%le=TmIc^1h>D29G zRw3O*YM@@LKY@33R2Z@1Vm2%6_4=e??$eMIkdeEwPd5K2K6*Rm+%h{_54VZx$hRY! z$s&q65Gmfk$xU&3?6BW7wTD>to94)p=FSNW3M{~+y)O6F2?3jvCs;}|&|W|Z;bT&K zM|+DbnN--tE1Fr=}*EahX;p>f;+xuk9Y;0Ucxg+3ZDR8<~S<*n9DZ7o}+ z*IZj`J5taS0(*dLKCDIpCJM7eH<>^2N$2Qjf6&?TD=#q%HOp`zjaV@WqcN;7++!ma zhvxE?fs*&39yxJ;#2*x;@^jBxiuIlEp?ENzrF~sH|J+;jDsiR>ttxQe7|Z=CB6lTm z2+Dh19GY`u%2AbyL|H280^Ta((bZvAudDsptfA#+xAF<}^2IP?Xh5@$vRUW_>Tw%M z+icu|)VdsI+ksY$&iA!r2dCk48q32}*4ZjKz}v6<_`p||Cei`cI$K*hF4nS2YU97b zo2pv*9j#JS^&Op>+Q?Zd%s6HaRx+WcuydtLDOEWf(-m_(Wt)9Gk zequhoP+yXdh4$;LPzh{Vaos>!t4S`IkyftM3Td0DBF1@xifvTYu#t(q73jRjC0=G%nIAJsMAV7Uk1f zD@{{sc^o%r8|e2)&Ms~Tgrdh!luY0{T}_y6IKCFQ$5KVN4Vv&R+C1@l-x9^??Vvo( zZI^A^Mpou!{{g)0H}kSzIkURM};7)`Ennlnr1q(rbR;&VYFA?A$mAed)@glH&M zx}CD@Zx=dzl-yDg-RiqRGNTKr?<+qtFw5thWNgN7p=BgxnSj$lu6$N#&gAhy_W(x!Fv(rQ?#S7N?nEZY zJOy*>6R3k`xiX{CSbm*FlL^ZNfsXPtc6K`UkXtaOS#RL!D!M0p^*kL{``$L*LK$to zeSYy0dq}JKk%EB|67FUV{Qok=m&SpOOIpv9N>^6K`o^__LwG$8# zQYzVdmV$ftkcrxK~WCETfEWpcQH3Py(Wb;(c;!zf{F}eXgA+L-Okl%$Y zi13zE9~3htSPo-o(T6YXI&LG16BfLMRE?H=3DJo$jK*V@>8YmWA06i`Gvi(zOf$@F z16r|s2T4Rac#ka=USs_C|TMFRRS`ar>^j#CLL(j{O`|{>t%6){if$ z?NsGgYorRFYiOWVLH!$dyQ=a=i5Z0s28(7g$(YntNS;wxqhooLmrJLx?nZ*d?3Ts) zLa!6^yUsT0%vc!BXB}|+?ab)=Xf~g9&~;=QO{NTQFyPZ|^-m!*@#3md%L2hzLZZa5 z$LD!EhZU=yc$(WtrQNqXT9r8|idc?$%n-Fm7#txokxNJU>E(+w3TRC7XvU2DjQU#n z&*afKQf@fx77W|6(-;k=u$kYn(2`yt2jRmvNxUFzJeJROe1elLq4!hW!?J_1M;m%$ zZ9f64$DBR_ZQVAG=|qr_;2~)*0lZ1AlMBmTS!N<0un3;Ug)-fyy?)$Rb^V z-K#nx2^^29GNgX~J_PQY=G9AR8r-VX_IW7gh&$AGdn(QZ=NF6w+3fmVujhCF8*aXN zPGf>QH<_^+&lZw%**$V%g-93mr|36u_Zgep!r}EcNqFMvf1jUR!|7AqtZ6MlHd;!N z8BIM!&=b*b%maSvt#&l0L53x4S^QpG5yZdw>7kwyo@q z;``_P75FOI-^N{`EIWS5_PM$1I=0*TY2x_U&fd>?&N(*+A|Z)2MX&&9M@{>`--S04 zAOXI}vXZpoT6;GZfx!R-27|%OXT<6vh-NsYF+cF|50j@6BFVzk4)0>Nkg6xedh0>_ z8*s*f>Xo>}io^-v9+TS_;(H~CftY~_S97@<2h{Dc9FU?a=dxwU+Ld%Zk}zkpcTmJt zsR7~Bga0b#$Q*tug2m*-Rhu11^Z6JNJ_S+ANL)I^@Vb1ishMVys(nYJb^n=H+Mlf; zF)PZ;;5%f&G{Iw-1mAaJ-O#k<*DAakVMs8g_L=nspji?#FkTpt_$|MV(}Ypu)u>->vuuMtXm;$=U}ti;+Pa z$0(l8syy@GR=~BOGv=oWi}eb12lFLQF7_)&?r}EJ{xeck4$QtN_n9SRwH9k~ZAvv^ z4m0pPL!@}Qr8;FdQ}2?=Uyp7jV@H>g@iN`v^pdf*l)SL*Ai@?Rob4Bu8dNq_?~>-N zS9i`-tXYxQWl*lkWE|*Fv_N^F#aV4jbkJyWh`c1oa8_44MlmkpOh!S5NFb#zNFYOL zxKPIof}%VWwppeQr6NWar84|3&w>fT;&xtWqees8Nw2c`i^1i`C)0~fd0+}Ze0k(8 zWUV4BotG62T`Nv0gGnOV`!~G@Dl3z4HbE(k#aW2qqF-V&;M!S)Na5+Pt%*`4Dt8If z-%3XPGlIp4a9)b7VsBXf`=yvnItD+UraIz*8MJtjF_Ip^eCpzSI^$ZMaWt!Nay~JA zRb$$JuhwQwt$CnNF%_LRjGug`?Yo;xf1=uszU*#ZxSSe0dh2ekM@J2>F^me4Kn)Kp zP!Hs0&p%hW%L9f5wVmM}|CP@eqJ}qSvR!d5$0-s)8-^l49a?~NdqesTBT&aG>JW}) zsdro-dtJ}}A$qJ+yMNEJTk@2}7leJYt0_m}FVS%ho~V+277x`Qc`wuo^aCqmDH zV2Vij|%u^Xiu_Gq)?*9Hmx*JDM*W+Ov)hx~O9xa3!%@ZTiO}IGY`8-dxt5|mD;`z77Ge*wBm=mPYFy5n3ApH_bE!z9je_y-&O!$3}1C!MjbenGj4%@ zl0q(;2V2FzfDwr*pcMF}4R^{=JIK-QIGP-Cg{NGJ}T07cJm-5H2U z;T{9CXAZK)%(lm%ZjI3~OKNaJD8jv$kaY?VBMHu4rDLKk+vU5(>#9mcemvbk zHT9lRt{Y*cx?bQnQff8N=htbJ@Bq z5TI~3fU-!C@G`+&3@x`A{|S<}1MjH{=0E$yPyOeYI;+V&4TyXbAn_`QGpA>!o9dZz zibIq5(HNUGY$ihbY`VzC17D0xRx!alooq0P=Ij zH*iY9?||Vec>ljBPOFol(lMHkQ^d|s=?`(j_iH(M#g9Q8(O@Eet~FGx=60=V9#ct! z^Xq7vcdxl|qvG#iiRQ(5B@I!P0sVU;3y#X2hM@Rom78g3LkaLtT#c&rl=rn(Z{h~( zv>J-Ma}ud?4RgpNP#lPJk0w$IY$b9`X*^9)q_GFiPt}^_B?4X|fT~DPL~6!%rh-Ol zz8mYJfgqDOPJwbrk;Xd@P*lgEOyV&d!!W^l^q3>s=FE2}F6|2qUdliU-X6;61)=To zKkC78Tp7QMsY0?V8BY#_y8nS{r)6;3Z-fG-T$j(oy#;^FQX59QG zj!w=`uY@9s^lh7*<{!mvosgIl7z$gCG~%R~DUZ5e^H^Yp{A(5))8vIJr_3_)won2v zs)MR=XIRc4BLGXO#fA^0fPYpCkF)9>gz`9Pcyb2w0)f=^wJz`W42V*vXFew~j;8?& zGY^F~=Re+@T>5GsG}k_8tKHUt19t~{TuhfOIDDKu&D-_5`8pYldi-1<$uxjBmlxPEn3{An-Nv}*D6*IOdo%OECkgt_YKIjQNAfh<|K#WoYO_Z2re z0m#vTCNI{Fpty?;2%2Mtq#j$M({*S_RKF6nFL0z!3^8he3sU3ti3Jki*tZsVssDX* zEy}p&e(8kv+-aHEDt|XjpvJGp&4og=cAq-841-a^mHnUufQ&QYWkLgzC*pW+YX9Zt z+NG)$yC}+E;1gZ?Tou0JWj*LB9&J#!a|P1~&wt31L?84^4#cZq!rxUQx@vWM#tCW) zZ*h35pz^A%i#Q1rkFVOgQP)4MggqpR2@08U9<#@lmpK(h_+%AIHEjo$0)sJ3qx(2w zvv&fA)e3kl&K#98P9aeg3M8Vdy_UTsT*t5RxTW%VOge-tR(dgur?cx2^0QkA!g}iStMI z%EFWd6IH@qRIaMM_JIhA!~uo5?XAKdQok2i?~pMV&cHaE2us@#gXi%)ON66XCZ6Ro%r#54iU=|>;0gjT%un)WL5DOvhtyr%e>~Apc&{el1)ypV4(e3&oAj3I#YPh z#uXSFgN+AwDODn84gC?yW9{Q;26|2NYGp7GZft6X7YzmCSJB)QF@LS)nv~j)QVFEE zEFj{A;-nP{DJI>$b`V*T9XWndPMLW1dTB^>P=Qk~K1JJ?FetgD-RBnPIak9LR7jjT z{n5Jj@T~zUQuv;CYPM6iZSw9xFlU?CTQY)+-O$wvFLYUyah^cLiA&K5T$8y*l-E#1 z`QKN&$TXH|G8Q{Z`{Xr=g2B8*N!7s$RYQ-( z#oUdD+O@d?f5vXJ19(jrdK;OW!)b!tQPM=bzv(7og<@)i$qV;$L@m(k+#z7++2VK}W=)^{8i;@0`GLK4Cu~xo| zGV6h8Q~PFdF=f?MnGy8+Bjs!OLS-6wVc=HN7yOF~OVc*c2?&QGxLkyf&qX#t^>K5G z00asS@xN5Wt|IzhgMqIjik-$WusuFxb#rtT7D2v3JZ+YcV%iQW z5ju{*-Oh05r3w-iS#MO9XS>>w#1s@Br&gO!01#MbMHhnm8A=0@w5HaZ8K#U=JB^9e zq0zqbW(pUkdwGL&axO)mcH__ScA=t8hS9g_qG;dIn7O9@^)EX*I zy!fd`y)4{Ff0^96MeBtxG83=rOU|n4zHI2uhqeY*;DzLeQ5HlOu#lr}BP*tLT%v!g ziJ|sGk*H7n9%PW&hsH{sRyq5;CaDdxOq`aW` zJxY?FQ+%J6ZYuR$4z+Zv+KUS%NpQ<+TOKl1!(f*x_3-Id(O6}n|k78C&F$DR~brV{pPKS^Ybwj2T zO&n+OH6nLNT!Tqx0={D${bTp#-k@^Ek?7fF1_;Bu+exn5L1&ha#|f&Y*HE!5KZ%!M zdUbiCgGi0A0$J6b^ENeWqk0NHT%7-J5aBtDQy?$LMDU4fMf6R;Ys$nZfMMR4B&pr7 zYSK`(C||n-V*NNGtAK$(q5St8<)&fkDR`4lCWrtU|5job%tV}x$*sU^maxehNl~I& z4hzVMYUY*~1y0J?Xre@jiRX3XHPhfSf*Ky4nA2}K)FoR*t z%HS*ggB~H(BZg)ASTQy!(?e2aU6u|)Ma0X$-FP=GM%CA8h$<6XN4}K_d(`)=Wb8RQ z9374ZTf-uCl$xErQ}w8R>%>};OeK9wg=HgiOOcKV)YCC(j*G~jA-F~e{O9Pu#XN;~ zFiv1KBa@W^ZW^;$J|2d6u2PY2OHQ`O2_A3HA!UecpW-l|qg47pZ);lfsMfb5M{cI3 zj{(5v&qGfHilU4&l$zw5>AufUsy|nssX|Z$LuR};9Jj3^1^;FuRUKESR*fRYr?v>& ziUrJu>W_S>qO&7kIH}zx|5(+wm7^6!FXMV2?Sl2b%LoKA2X7Zed*td$Fj$T=tH4jxW!_Eoxglf+E+&Zc)?P5ygfui}}Xd$)BXLJAALw zpdorE6+ek%zew*dpm^tF=Uys`4tddc@DtYu-i__`?4db^;ccEdMXycsjV#!{JXJNy zx0BG`4;(!Bv^|>&FIv_7>f}%o%^|(*LJlR-J4kQ6Ia+MeVtMkV(N0O`_>oP!xb6GYCly90}?{8=UP@dD(u829us@ixvrq{7;9B2t8&pHgkL(g)4kI16%F zCJ1Hr(KvF>5f`ER@SX*95Q?;tQ6uN9G@dCtt$;EXgn@|X z85-&Ri%1t)z!C7{=dd^Ajt3qs&fxs0NcbIO7$>zTB~j$_XYh>wt8<_PoU2^d7dS#6 z1iI5zkzR64GwHF=ofX zgJ;LV60_sr3(Ssco9(mXV9D8W&~J7eEHgU}mY5v}9cD*mi!4RWJWp6`2pTyC&-f1% z9KDwNO7Xiq%Zaxyz%!bmke6{Y33G-;wqPVNg)VV)et9YA8lU+YWQM76hdb6|eQi--B%VnFMKuubII1HAv6ZXR)b! zaTm&79`x#6NqJb(JMn~dY5SzqnHZDPYF3nl}iHA1r&_z1z zAHg4z=wC2q8ZSXAMI;LDVazO)g$^gL3avijxj(<68r1eWi9_2l;`S9S{YPk0jXLvC z=;L%C9b?tSx`_L`fb;Sq`b4>&p(2N?#JLn`_a$oMQ27k$;0_tDTf@q~eO2H)7ftmD z6<3~hFiEKEH;)4Wx8SEs_kRtXsx3&_byCR zoToCN(#PxDU0@Zn;u5Skm8b+a@fwa#149A`+6J?#wi!sUXbaG)8#x!CP-mvDP>SwP z5sZ>p2dLFJBfLxysY30X*)$)>9wQ4Ck>O*Gk%bxh(V3oyvClOOgOXx~qhtR}D`yke zS(|2*myX4gi;xEv&Ox$-hwCl`#?x|_eO`0G0B?T0 z6q$8YgD=21XCTG)A_ez|AYEh#F2z^WNT@hPg{!^&u?Ian+o6k+`|&g@K1h&^tMRc- z^_Tk$O+)Hn$r)SWtlJ3NVbna4ArF@cOx-cdynPiH5oElSfe+2!Q4|uysMxVo2!zd> z)q*Nrz$wVwFD@LHHXhm$TCzFI>(OQ=U0%YBR`X+ln$w@6Fefov@Q$HRY?zVwE>2M4 z%$X4!PWX{ydxk07=6`lcurBh55saA;>&XAK$1|G@`H%e+6?qRL;U})j7S#1ftr7YA zP?zqwO>@@n5}3YOWRTMKOAquZOX4tQ$)ZRg&8ver`i^hj{NDl+cP!}DM!{&R_4>lC zK1%(|uR$scMOBIH4tZYam^UJ6G-Po)J+qH3hO)}aLcUZEescZh0}WZ`3F73hY}ee7 zdCz7o{f|;A4~!pDE-c@t*Rz~O_&zn#IPn+Y^x|6MzKeS+fKxCfFhr9)0aR6b0zi~f zeO%2&%>bu?e$Tls?z(&}ceRqFDQ1vqXJln4Q9l+w%sz~tSH<0I)rxcbik^r!g;{0z ztMI$fj-%Qo_-9?vu}cbi*QVR)iQz}nqFkyg&q3W_q) zre7A@Qdb0pYH%V(5{N8$Zp!cAC+P&vnc!u;#KCKzGQk;NG^iU!`~*}q6aUq^MP%Z& z&vLZ=z3}_xC4nr-TeF8Jrlye7YX}oi<3V{5tJ{>%wWtF3C<#lge4fi#5$^@Mo4}Sq zK|bxnrSv?CSdY#EG(< zqJYq=6b!Q4P}fLQ*SJQU(YndHP-og29E=)!#-*AtAv9bM7G;!pzacQC86+q*<076G z6SK&aIYo?ujGz!jC=HR6w$d1(wgy&`s>f33c8AVp9j7q^Aip^ghn8GolMr2F7#O^$ zh@w;^!MDPUXxC0?p?G?6Ejn@5u@7nFv=0%|3^fb zBB@spdI#4{u$8fvIdYoP6Fk?6CG4L`pvPmr@-tiBWz=f;%Lg>gTkW@fQ zTL}6X>u@*_vD+7zT_G4Pgl_RO(g8~1U65iX!?LAv5ma5aofQ1w&2vO&0nFK~4B)U~ zn`bCxD$%OjVpme|1aDP{{OXF|GRcTU2W2j?7}1WDRmC#K)EO#fHdRdk*WqTS(xy92 zT(t)B{CU{1b>##w zER2zV{4u0=;nAzntDQkrc6vB4wm%nOd{gsfRqJZBHt8b1ul1dDyi)t5qggzea5Xol zEReyvotqGqPGx|vSB%PS!!@Z(JJlUtRA#ExN?bXL4zhFj=}Hy8 zM5NR^e3VUPMy;`cN@m>D4OK>!ckuoMfC5lL)N~{wloTBsN!=RB3nq9v%nB3_j8xyZ|x#jsloa z3^JW6one6Q5Fv4d0QwYDL8okWSo=VnYe}-W-se6-$4+# zEN!mrWv+K&!4Ayge)&1m@LGriJgWIZh z?i+a=!pq+BtlNQ%ph*%>XRJ(z#04Ukg1rTpInh+$Vn;D1H9!HZX7jA>c1k=)&_zT79U~70x z)y^{9s%|b{P^31m{|KTvPAOuKxc+xv9v&Rl*8j`B&H7)*^C;^dW*OZsgutnoMAwM5 z2!XF?^#hQ=F-lam+gCJzSytl~@Qw;7IFcg9RVTciLBaw&(PcfQoSk=$3C&P=ByQ6Z z6f#UCM*~G4sf2_WG%1yXEitj^4DRk9(0p#20NRG2{;k{m zy7Z`ABgPjdIL@+TGRNdQ%0CC++4;$Gkf(yp6h(s}xS1hv#~YC+)0i65*dQ6g6pRs= z<0ziQC<2gz1gBF0#6!VtitoYwEDmS7A(3EyAw4Jxq$q=4oEF>-%ddk|2ICZwA)*F9QCWt0=B!%ZXN|G zdLK9dTC_Wxisx{OF7qV0mcEuHo$8yT9z4`OfxnB__Btx7R2JBSnlC1E(TkwzJBzN{ zrgtr@_?tnc7ve{kJSm3ovW`}5R2^nT5wmuP=X01wWyb@sol~+sj#FD=3MUmr%9%%| z)U5Sg5K6QUlIxn=Qban>5Z_rqAh>WpF za8;?OUdW1IAlMs#=YVEO%tU;(ou1FA1GcPfRWP04X^@~hlmJFxh-}uiH_0RNKS}WY zO4t`g9qjvS#OVZo*Ccd{@)Jzvkhx99>fIlI)V_L?A-d9lc;UB5SBZDq9E9=om`t0* zVnuyy-X4mcQ8d3p-LuyQ5$<0K*dl;cxhJK1S*YGF1OHiHX&iXO{$z z(UIXYH)AaO5wRo7i%tN*+L5~k?8omw+!~Mt80_pG4oAb$aAyDpM@KsYm$>1N0%}rO z8|_!sYfw3!vS{gWP(C!AAuc0-y1BVDUQA$|2U_aH$+4LvKcDIk}ITRfr1;S45bp^D_MX9k||e*EpqS<#}R-j|1b%!d>bbT`2Pd# zlo>9z#|qhY~lqE+h*v_?x^y?DzmhG{aEvO`32Nr(c3LG zuX<)(^qNbNAQ;7)h1Y%IwTQMQr;Ys?9(CSSnp$?^p!CjEdZl{*^Q-HR7w=EcK3*KZ zJ2S|LQ}z!8&+XYHR^=6%993N1E0+%TOHt`kOdEljlHv$mz&WZhb8`On{KLDCf~Vtm zXV;g$9tWo}Zk3{OSGm zO|=u%FcXt%FSARXMs=AraCZ6rsw-!8zsW|WK)HHiy!f1V^%A>3T`8Ik{9NjN#Iqn{4A2qiYmFW7h=w}2o9OC2%+?-rC z4Z7Fp;W>VFvqEwP^zSlVRCRl(94R>?Z{sxoq%zXkvd1$stGw7Gs(YiyinFupDp=dT zOvrVcIT%GtacfePMY?jl*NI~QB7(E35D&od+qcbobrI=_(|3qcI7Ql;^aD(iF$`~S z@LN2k@6$6vaA^g)!%04u*~z@iO?nlY%WbX`R~>mwM)fLu|9&qL;fvThPg7inp1`nQ zW3EbNbJj$*TPyDQJ2%zd!smJfGt3zlBkU4%nxk+DBJ= z<_MI{`s#SbqQ?&YPh-(M_};-Ov9<4?vPavctA2vc8fEhb4JL1OOxCjEIJt)lJq0ro zVC#U zR)n>e^^2bzEI5jHy~cr7CTuaHI{kHz71XsgKC!Nqn?hOG{Pi(fWmsp8H@=7Qqqj}J z+Fxs0ZrQavD)(MJQ-a)7DWvhjbRv+RRYQ`eIvb_6jStMD^&&$@;4~&;3>WW-gm!f@ zQ{R{$#!f+RS%xYbevt&#WT(j=P(M#WiWxeRW=mn1n1bIB!C;PHN~P^C&F5o8q!|<7 zkii5Hlo3RA=A9{ zkaOwxR-BsDCO^Ntw0`SWkM!G{MOIP8WUovL^)k-Bb&+$18st$u(uV)BUpxPe zUhW)j_WyM}j{Uzm8+mgnb+sjreFgf5Ys>D05#r6bUTsg)xF{}q`rsj1`O=TT?_#y_ zAKzlWHhXZvkU;TQtN0thP4caOomUQKaS$eu(nnnXdoM@T^}jpX=>KbZDjq88vmalc z7Yp8m;kP0njxW#EYNo@VAO!F4=~qdaj5xFV&iNT)l05igq6dRe3o>?W1u_165Z}VB_AjT;g?E zab#eh6bry5C%*JoTiw&P{#W4v(z5OZ_La-9P^EkAJMuROHkDxM+>jn5_Z=wnhItJlw6>fA>cl{ckN#Wku=FUcGFsBDuQI zUcJ|445&R9 z_5A6I0b0f8^e>O@OQhE_=`@Z0G&r1fAk6YSR3DQbNSMWFdBHH7;V|v`9z;w4l6Zmy z@K+t(bcYDLLh|A)Cy1Ys5>x|f$_TnyKtmE|43InpIF*^2 zi%7~L;0Ha6hz%vDL~)o?hUf8bD3YLbF;!%_OfUYBfunc$7TM5n5&!V@P-{hH*mwe^1OwAw_^aG}h--@JZFl(`DKy zP(0VPse-5YCxjFC$b)>;I#G5zOcXyW)CXA%nh|_f!q&2IFs+Nt2Yul~lJNuLv@OF1 zt$R&C0!4!lz!K;Y*Y9tC9jF2#NcjBJ0*vqhNvs4Jq|}`HgM(Cd@@lw&>)fc%haiNC?o zYcQCi6p=U_Sk9qER77k!jY%P)D!&E;cu&iEI^~D141ddw6!XsNyhHEU2{#=8>lgd3vAd;{?0pJdivHE3- znD}oJQ~8g3$ikW46YXqwU=YQWe-rHscye_*0Oby9IzZG*8U>#_zjvO_VG5@xy2R1H zI2VWvbylb6DRL+%t{OVlTZ1J34&sy@>}`P&*aFI;{1h-OEwE5nnv(^HP=Xi&{~2O} ze&+-J-%(0s(prjT`Y1?{Oynf8L}4&S@>1<7P+WlV0-R`ngFumd;PJZHELpjI!&b%ODtGp zE;;7Vqjj+hn?A*^)})#gH&`R{ihEurUK*XPcc?S3iabROsCOUI!r4Zu(*UPBPgvRJ zHWehESn|Ob@~k@2wLytu8ghMfp`>5^OBTorNgP%`sYg6?m?2_~Wr$2LnS-})!1<+i zw~lct(0$+hcq!^CxnA_uVnF(j8GY^Aw8#?8%X0FFfDorC3R!#?vqjiI*x!!j~wquThXAh83K&JlqPaa@dQ9{a&al8m2&B!;D2tgAo@SNZp>);y{*x= zr$V1i;-SN)MlIAB%+^O&LbTglFCud4lU%-1J`x#D;xJZymT#1vc^^lpUZ@y~r$8b_ zi_IetCJx9@#7CV9CFVr@OJoGRRQ2WO5bkx~G5IOzcdb1R`S69xwNJ~+(w^nlry6f#%8xWfzSk7)ipo@N>CG{1Z0)5Ymj%Ryf;B{|jiY9iKB#GVnpQpVh9FQQGE?xKdwHz#mg z*~2A;KD|f^6V5dM{O(evw06Gcx^F^IB(hF4cBsqn z2-)O))A$|Yh)l)uakIG#(-h}vC?-)O4;hZ?3!uMDbSx-mBTb8@b^0!&fj4sR;jn1L z5N0bG66Zc7CGu171142-6(D(<#_1HqDfsCa%yEQ1g@*TO85AWEM+6)yNV6}saD-6I0<_!kti!c$t! z8Tqxr049kdG8j5O62>G_F16lWMR@YGZ((XzX^kH>!``a=)DTbV+$e%du`mHjmOa<^ zX;jTn>$IX?>Jy7Fp7O~J^y~)bmqX_c>^HW!kB~Liy`WC@E~ujANEJWHKUhKu&Y5~O zV=OcNoRTaw{uDDCr6HOUsMWIKH`kf6`^Q+iN9JKocg*~)?2%Qn=$QFyF&5p-H7y=m zeeQq8aT@VH_q_&c^Zy(jRQ-Q;_jWh&XcWeIty9cBF zjr?E7QC1WnPWE0iTLM8`=22G9TB;rH8H&xhY{{nvkqhMo;1aWHuHdH0V& zBeYHn1aYPL-vJ|e8iIqDD&Ff_`d|%$flHn~YZ_Zu&VXlKu+J(;@LeD%j19DF#J-vx zja?92mB9hs3X74^zKiWO#CtH<87Mp|G|yP)dRtr7=&xD`gS{rhF9VR}g8UsY{J*Ho5x&PQ_Ud5erh%VVI3mAW)04+v)c0E4qCrKbQXRaEb-t2_|5U2?7yfFiym^ zK0#R$htLLGG@P~MTRCK{s8vnl=pV_a0Hri1sI-bJ`z1~RjniqOT*7W&QEfz~FTi-A zz&Qv`68>LRNlcwN{A9Rzz1|s({>}#}gcOMe@dV%$>COuaNGiL6i#&DK%rTLxm%{dhp5ry8v`~4jK>TvEXYV!^Invpo2 zZgCxKOO&tsf?7ah5-oLbB|nVxHPLti)B+b7 zegybb5U(WotHq-h5eaP-MJ}{8`aqnu&np03b9!9jBzd2+OB_)f|4c1A;b+SWf%_Rs zL2=SobGyv+Ut%t+MO+jOgu@@r=N2@Dj7tK~hBvA+!#9v3kzIdKBOx>lg+xPVaCiTJ z=5rTjl>>pL$&l$tI%lP|a~1TZ0XLd#Nx|8O(UKJ0nSGTm3wTnN>PM<9z!1+4Gb0x91<;eLOvT z^Wn#>4pUiR#~hPs(^U2Y5jh2k1puc%<)*2Vb{naRkJ?sJyTimn2dtfio`ZVPXMCIX6Z#>f71~`HL9NuW*8Zwbkjq9{=n5 zMpKgw-8MPCK0CQOyD_M&hwG+hJ92({ z_QUaqw>KZJ&VD?9f3Y66y=^w|>{rMdW8qyh?CtrR<2T12Pu{-&aQb+2&EUp44xPB@ z@)3Q6V!jLEriI6;+qhKViyTU-;(_Z_chR&Th{53c32{`N`SGpWa{BhQiw6 zD^zpPT%DYK{PF7j zhszE;dFeVBvzt13dw%BZ`9l^x=gGO+Jxw}UTD>gl#8#!*UdLM(4)Ib4Tffc3VKp#M z>^gCWJ+5UXqx;2Ssg|tBYa_6bS_M+*a#ia|lRTr4#CIq~lwJ}%wotrhjAcKf3Schh z$WA+x-R%{_RKn5>c6JYkqv2?{GXR65qn&{pfxO81Jwq^Iv)}AjGB3*R%RPHChBL%R z{HL26bKQ!l5}2H#1TItv`Vlx7nL~m|EKbSt-H!Q=#dCynR=j*!ydwxk@t<~p8pdb8 z)9?T=fpL-(bTcD}&TtZ$HQh+Xf$LBc@QxZ}1;VO4i?y7njJa2g!C4kGGBDomnv=b_F+-CiV{+(7?x@j&Sb4TD@okZw}GeqEzK$mFHX7bRGQi z67}&h*fo_YFSWj0oBBY`W+-K`jC>!?bC$zoNVC|jb7{UsfdEcX$^weRTg1HVM=|Nt znjm&9Xg#!l(tXOkEpio^)30NO2Zo<$nGVeJO^QE#eDXs2FT0HX0+Iy58Jx=NEk}Fh zTeDeTouww}c$zhR>G3q{vEG#c8c#b)o_;Eg5AFQ{x{bRvCvLwJwZGZ0Xrs#aVxa-A zzX7fPf$S`Y)9=G&cNy1A`E6U*_?z;)Xc*X@g7dThvEju;7}yIPDmKq417idPRtdx6 zGbML2cK`I^T1;brCj~M7yP%>jvDAwwrMj=m>->k9Q1-8w&3=;oGkR6UGAzB-G?kKl zgRo0Mb=0VR7=<&W$s8vt_6MvA{N7NPec<=XvA~Ic-vh?J!PCA@sTIb)h1$|E_N7OS z8^+$_ep5>XA*Qa1TYOQAffV=3V*2uhFh)WtjdCuC4WER9l<@I@Dk0W=oFpJjAe~8O z5DaJ1@j|D;YE44%kX#T&pBc_@f~Sk?j7#|woKi*%*difRd_|5NoA$G?crU!DOEQ7* zik0k}rOY0vPPw*QKEy^f=>l8NqMxnd+{yg$&yY2<8SH9i0?jE1z3#AA#rp4o@ z2&trlC@`{MB*STypOS)fB6x2649c@nhl5seEoFXp|D98(BbCjp*pL)!lwl&1F_pa1 z3bWp0SWi}gk}M1z2|f~Wke`Cz5W!%MU`l1!bDGb`h{z;R0EY}FfS`;Zic+T3(+G<- zrZCE^glx*g>m82J5g6@_%ma1I(A-*2fi#A>PmcPiFUHh0=*t`)?N4$0ifa8pdMPNs zI2~?IlrP&oOqq@azj=G@`aspwrTp9Mto-G|{63y@>6iUV&Kr+z0;AHV?njgYZ+QteBPn$T`&2sdff97b#&87E>4dt#Ef6O zq#h+M=`|owQRXxU}ITrW`lB6+(>K&jA;`_)sx4VkPg5y z$E)Tk*i`WG=bmc4b?&utxtVm1N%y6N@E3eK?f=UHzp1BX|9?5!t>yn2ZO(t|c{cmM zl);_h=l+Unz;eiTO^|lAQ7j?u#Px_9?@-K*k1jW+mC>v?>^FBNlsQ?Qy7Qc97-q6hu@8MSpQ;= zd58dLyZ_tW->v2UKisVUwLHt+|J5Vo`a|iIS9VI#sS1+Kt=)>?7Jzm%>Hp8mg0bEUjJg8YBEQ^SAWIT&r^|5~0etN)v#SIw|Eoeo1x5SFsMDv%YCWex}3 zIdo-Z=#rFSwd#AbeD-snSSXjhg{ZypbZGC}+Jbs^=)s$jK7>6IaCR|Ouj}-S%(*JE z&^LvP46X9~Cr^9k`7c(Pp!=>PU9Wl%H^V6=s`q8IjY2pv8(!w?5hNBsoR;vI#!p=i z^(&b~vKv=*W@;~%U`d|0%lQ-7v!`mZ?ZECYc>K0Zp2vH9`d>!S zB#EapW+s4K(g@t5|LyPY*UtaDFAp~Q-#VU(q$oan^#W-7`zJpml*t?uaSDV#f{=;& zLT8H7`eb?X{Wb_5lo!&k>16~3l3ACDx9rJR=*!q4fovrQ`Em(sqnL*H4v~eo89O`s za;>;LGYh?hDo0JRPf(>`MAU9vR>57G0o^vh-_6_n@<=Sc*{NJWrG zT%A=^99^`n3Bldn-Q5Z94hildcpwmh1Z~_B+}$C#yL1Q^Ja`E1?hf5uxBqj_(|zf; z-8DvyT~%w(`K`I=;_);IlAe@ss-K$3pdEWRZBQHtMqEJ#WWSpQ}k3hcNSCcxCa35){7R*Nq4$z(YH$m7TA zkF7pI58~hh9m7r%m(`JkML3wajOgu=Dz4nnH0j9)*b(WqANfUw*?$ts-nbhI{Eb=m z-Mjd!G{ri=U#+|MR1N^4LI>G=eemM=Re(wi9e@%hwE8Pt^>u{Gr_EL_+Mn>A}T zk;ovqI>8&hkmqznk@|zHn*JfbrJZ)ZRL@0$L^;O<&H-PsluBi^(3$NG1TDO=pHmZ5 zE^cj92!ATxvgvnLL8yZ9n*O=jtt@gntfvQ7t19f1fS$AK(>`!AvO7+y9c!8HO~3k= zjNGE|X;%6Dp}HROKSHw8Q2X!iHYY3InRPPh)TUP-ajE8iG7`Cp|1(u+)|V?y{-sAv zhz2QOHCwd8Xg`;P=Htfb%ZIttt1^VE^HlGtZ?Ia4cOhSsLuzcFMJ{I(2}}7oRXMHv zsUJ;0VRBzRB$X&&=>)~S^;7$Uj^%)cg<_urt4&|p21WHO8ujkopUDB-6wCg%7mGed z*eW|tzGaxUD~R66NFmQCq2m2<-8l<7cO$fbeXG6!wq{r8DY({5;m7C8vr4Rle-W`b zSDhcLO#d*NoOv8MQ!;(1NNtUyGE83N$!PN~@e7VSe!mcav@lT1*zU4N>2)w(ElI*} z<=rwn{xLH8x4ANYE^G9x?JMi#O@F?G3M2s{Hr9A#-oc~jSDe42h4q-yilg_)sY7$f z5ff(vcpCbA1zk|GH1V0Qvvl2g13IncKg((8R(z&V7v-~4Ci0!PJwj)BNc^qIjs(qS z97E8K@-8U;Dj*k5q2_}nYOK4O)r0WRbmC0qp3OC8$v(r;oo@FM!SxsRPB~nj+`Sy|J z(l3J4UKv{2Tu(I|tc%X?%(!dMpnG3zT0f?Zvp_4M4Og-zTXX%uYddtyiJ9b0-ZK~| zO7eyG)h>uluG7*hE>1)J zq5t^AuBnE1JmX&5B&A-p#9uBOSv}s^Hx%4Q8Sk}f>=;84?zHG}w#i#%LA)4*|6b58 z?S+Jgo+b{uhg~Nv`J#Z;m~)cojpJ__1zB)i8DCEHFCgPouCO1@nM#s=cW3loYGG`6 zIQY2?>&J=5g77er3bOY*lYWR7vGNM9z2G|8$G-E5HQ3E1(jV8W0#tv4m+AAZ{`Fy4 zbG!rbJ?#O$cPG+J98*yP*8WNn+n6(V#;3j%8x4$Y=jkP z9b((8#+GJ-npHzKHYg2l0NPWxTX@ytwfqAN0pH+S{UVY+FdMuf>MT7CJ`oBLvcYZ} zn=zUYW^?1*ItAd+uib!~_EPG6`h zp1Eg1{%eekvs3B9(E#*qE``vfz^H!j9QJ|_24aAT5#Wl0&kK_me&<%Kc26?2I#S}W zFgJa`5VN4r2MUC0bc(2WlKkY_KfqLMlbO;@rk9W6I^jk7w+O&KaRbxqj-Y1P($%F2 zlXVV0nV3u7uyaWFpUOd18!T9=c)}t_cH-K z*ZVIagXT^dDU>9;NCJWr%cs=wV=T<*N?mbx;S41mMkE187t0Sv9WdHdq+&bh#o~?3 zdEe^VCa7+YU*z9`{oeuBNL7p!(0h*@YqABxz^oIlio?fih^b~8cfHftkI&{@69x!T zT{s+dCOzSdZjApZ4C2D$`gO()Dz6jlqO+gnyj(t&*0WKH zTlYDrU4~Ikf8F?CLUOHZ-4NvdzubyMmZgrxUjpj8&DM=K%2hW|-sb<^{dST4URj@=aA-0lbj^N(h9rQgE&mg&CQpWH2Rz!9Qh>L^# zVOwh>Debg%aKQ{I_6cy03%wlO-|&9pTVWAib{k9%5z; zVM?v&gJ?N|vp4eQh7W-uE?#P(WTpULzoM3hvYtRCVOn^L$nWJM2&$#q_hrpO4ijw7 z_qqZ2WKC2o@XkDUG_N*wpsUy;(FTL(^DW}{FDN$sB02OPv^NXivKFjoNFx`bvp>F5 zHyqIv*cn-Kd_>m$JMFj?Jm?mQwUZ!wB*41(I>Vk>_W3>M9JP>}tCDFS*_y}uIUZ)u zY=-BI*-o0sndOrYVvHkspLg=`&?M+WG7E;*r&c+v)Z{4oBo(7p7i{*2urDS7lyMh=NdUK_R2e!fE zQIF{X3HQIMRSLQ-oqjKEw5bSmMyvf7=e!5*YSA9pdDN&Mg$DeFNOlb}gCdO*YDx$S}NVK{f(mR3!e?Yf$g{Rb|Jy62Hp#!6I7DIWjSWmebKfaq@=B?%C=CAfZzXtePu5~2*+}tZP>_7bUqJ1&$_kpDqzkL@{ z=!mzwv%UNVTRnnn|707@I0ZBKyLF^OE>%cQ%D90J#s@*82xx$mi@K0kDR{r=&B`%Z zft2p16xk&uc7@4+ughLJttfWk1$N@a$tG6}E1P+E4D(bhE$viXe#Kqf-ipz}GkL`K z*@O?I$?AFUdwlO#->`oY#~e=5JB7^ic>1%_RlUw_jP=rx6Ud;*=`s-dnLE__zO_P7 z6{L*0^neg14uRXGL=jj@$3Zzb&M(4{!K3lFU8L)0D@siR+l_*fURS(}q?Y;9N$(UL z3#DBY&|e>RJ2|#19X%sRvV^+`{t*q3+v>H)$pT>Y(tOmSMh{d|X!(pH3gT)0AAY9Y zFRd+zWuTCfyl3lA-F(BTFOew}uU&wBiC-HN;d=0q|5%?~LdHT=^0U702@*4}xRi`k zcZWFmDIsCRZKF>{yiXhiy1H6>nQO%^nX)DL$)vZ~A6$S3ANV|UmDBD(3kvdrUY%~= zUPGUTCPz-%4_H6$=&OaT7@3o)@s7)On0QlON^97c8TLhu(M+SOELdz6ZNEB*i4S{u zjCG9)i^D)CP>xRj5ZCGNCB0VTPAJkL^6-}iK3!gj4;n1Bzan89n8untB0b?rprGzV z0$x;1%1=-(0-uKb7Dm~a3OT%cJ3_~rWF`3QH}d<}HkVLT!PGnS+Z#WJT^kFm?x>>3 zfdkPmOebxxMR~vrx$+Y%eLrIckGJ+cuaR|F$AcPpD=6D*a1!zZ{8??skLP#GiCg^A zmR-(xi=-u6zQ2CEzt`L%5#x;7{b+&G=)&#Lat7_Aki+2v^a zM(5b%&aqaN{fWW2-JSo&5j6)GNHe=57W}l6ZnO6N=^5CWF!>U#-Xow4*-zc+J{Vo$ zFCNmYfnyS8xlQNMg>i#V-cEqYA-<$h$LIF0M76Gqkpsimx^q_DTlMTAb^Kq5jT7mv z3~Gk#o!)*ymb>}Rt^L6RNm{0g{A9WlJg!hQ{+5|`S}A7Dq%k%eQ`&(da4cEuyGaus z8wndh<+T+V`Y}8p@w+;y$LRaGui*mHxDB^5(|8Q}TF1GChY=nYQJT!1xbL;`gC#EX zQm`molJrZS`LI)s?_$0F^7R{=EMG2rkdkPX#{;`H z+4rOgIwa)p_DyUR7}4({k)0}a5mjFyrHILG21T-SY`;?6cCZzL@wAgWB{n{Pnty!1 z(#8P9%<0OE&n$QHNFO~sbU zw+Du@_)a+xtVZ&ExmvZ87^anpooSxApPs?ZOLN_fNuQmI+_OTC+vr4$Sxc}Z8J{mRDOXacH( zS;312c9EZzCw*xg2)IP2CbE8I5kzCEY|8WpgO?T-wkU`l5=S2Q} z7&xdWIVfj@eTxU{B6iZEX;Q)twti#-2YZfydl=9ZA2mJU;H(5rp?%VFX zK_nI18ukGDH3p#Ff%gxjWUQJ4E9uJTD#~b<+snU2)y}G>4fg1 zuxU#WWpDiL#sF8DQk8eQ9);Qi&#Uja-|h90+pnNrUz+>dIe^IWgN|^6Ffj6I0S5N} z+As?Aq*pvV0Z9bG`uvO4u_aSFTN81ek($Ij%=I}wzeInW+@1doGw7Q{xrxXRx(3Dn z2dtSsfk7SbT7f>QvrpIHy1nI9pl%EH5aYj8v-EcSG|$u?oBd@${rmp{(Gpl!0o`36 zIpoL9EYi2S=w1aa!IttSMAuvdsj&%Z)(JRK6))DRz9o&!UAO;0Et zIof5i=88CxAhe+vhl9~&jlV6QbV)-ezEsz9A^7l_1ob;(7=Sj(wfXf1EF}6gWUgFO zBBHdYLIgP zGi~A(`&O|q7F?>Jq!!6|tw-yak;hgR@k||z6vdbIJ_$j3ECvG|1|hfopLj_a&7|@T zK6UWHP0!L-2qDX7qUNE>VhrzxHkfDI81o(&1N*G)Rm&)lA^frdgKhOI!|HcFBSqe& zKsTCfMU!b<75#G@+fm0;&-{Kl3O&U!!MyX~%R<$S;~*Q93%fx7)cAjJ%p3uki}O85 z;>v9&&}9%*^4N}gB3ISRvNwAs`ZDZS0AKUmz?lSecT4hqyax8B{=3lfUyx}#dM)s& zEe2;LT*`P~WQ$8?UL4zfvSH3r8X@c=s#syD{`FIHcin|Q_K}6ySDT{mitMflQoCUl zF!s$_ZDQd0dGE$S?ROV#qs!B0Z?2p9V{P16mxd}h|8QFbN%6grJ1@b;xcx(_c@a?lAa>(_nt1;J*g z{bcVuNM5W|f1`y7@Y&lX8kpfz56Q4`l-VVg ziW_%E7s^=~dXtq8cBT^(6*{3<%DYsGpYCfnOruq>303aSq>1Bv7uEOx)#N9+EFv{# zlB9VQWpPRR91S&@lez1yS5*B;uO0ha+4* zZI4+A-c{?3v>I8OpzH>4_2Gmi%JI)BDgSBX;@#1!aQbV7++oj1h6?3F_7_)U(R4AO z8mPkoT-`umKbXwlO>phOlgJr-R{)p^sCg^JTUbh+gNQeB14mA0Az_k9uHJpZKk}-< zb>G6If2;9O%K0}~;{Pfe?$dY<{`b)2{SU9=y*8TqfKt)~Zc3wS{}U$729Z5Jf2F^Z zTbV(%h>H~%3-lXqhh8wh0ESA}MnajLt9I6R5;p zP{f(*=|l2dJ`cOEjoOXz)(SC!F!uY}mwM4)=?}Uxrxk1Wv5Iy`Dh>~GK2g&szXgj} zlOZ_;qVGEUm@;W$$>u913@f0v|0qvx{oc_Rdgl_+m+ZZ(>}ox4?IJP;-frH7$;8jG zX;-Yx2OGX@tiKlq24GW;{|P3`r$F94AnMTv*exLB((ReoJd8&c`6C7wiQiGMWha2- z=u1>|5H|;b)2QboaO=sn6bwUho8Y?OehBeXD?qJ(272l4&UqfO%egov{`|uFp`8gKg!KeBf_@1r#7aB~&uc(%*K56F^;p+-_- z3jB}Yu&aI=b%nj7G+mRoFL3;BtvEvO(4hsvu*l65bi@hxzmln}FaSU%y}0^8?S#nHja3;M3Xq?ajvre}bp0c5Fn4H^e^;GSNJ z09p)()~Oo_A><<8>&cg$o8Jd$=~z8&U_Poz)xxa&4IojyYhl>12h)6TF?8hhv-MAf z!)t<%BPc0s_oN^Ox5&Lr_M>7Gzbp!O^nwe&ttA8R)Voh_8O~itPYPF z0SBawA^cdsjaRLCfcFW^D(Zi$DaKP^`rU*d$15}JrE5?tCFa2N&+wtj(FYvH2~>qe z81?^OZ&pe%>BKtUdm9e;I!UmT}3 ztnU~L<p(Rg0z9F@Ma@&1-0HX z4#(%gD&(SF*os^(<&p3}JvZn#B37zT!5@RRXplxEQT{!78O!E=%+94(7yql z_S&#DEsWORkI<^v$6$@`sK~8oV5(2I(Qtt5d}fGH;@+g@pwW^{1TbRj3>vT8aQx>n zyL({SuKauX-fyP(DqBJa8<2@*USv8rM@DA)zp^n#Ugc&Dv(fxs;X1^w(l&aUP6jHqU!)CGGkGID)$XFx8psC3x{#C|4=fQ3Qup<8hlqaX9(Z$Y*d4 z3lsaNnAc}vYvlKO>tD>Z2xlc!ikuFq+eYVJ93S?!WOC2f&6OIS-?jX^sd1n>gN&|2 zpNntpX+s^bu{nB6$l_~b$32=&AJL8r)5^}ppIfVz)2eb|K1mhY^=wYvQtX=T!+ba= zX3gdpcM>F-aVfG+X$CC+_Gi7#`qD*M@4&z3>;Td5-yco^$$;tlbAS?3aQ6l`4yc7^ z)tp6WR1>50)|=KoI*Xe3Wds^Xp4nSj+`LNxigmi$0KeZ0xLk!{HbaGW1; zUveNaC%zm9GO(hkFPXn8i6*6rl67_`F6}hkHCZwgNi+kVN>S5R5nka1T=B#`^%2;F z^6d$nsWBS`b5+_s6TWu0a-c_(4JRlSz#~J)Cn5sX+GP$M5-PA0XZc~I?x|PL>Q{n@ z457x~GbTf4TK1J2bw3)}%KvB~DB|k>Ca#`UP&dQ87GD3cjzxgV!10EAQaC6+Y3z`6 zOMLJKtD*-P#Y8)4r+bN2|4IvtHf|?^If5kYSWN;>=l*z8bLqPY+hE64TzPWS9|!yz znwyt_rR$DuuqO4-C{%6??!34Ce+VfAI0HD3e|e1JYg$w`j#vMVp&NEgL4JRuUtqTj zs?4ro0H&uL9rOo4Uwu20;LVYKxj=`rMeOCA4S{j-3Q-=v;ZLO%21aLt#P;958HZ;U zMfvKjNrTBOg9aC}5?&(zG0}-MA$hC_x~YYU?-^ny=`kJL;%3hI*5i789@O($>&Qc} zw9?SOSAlbTZJ6>!OaGt*6FYS&iN<#Be3BWMY2?IKbakghc{GSag)uGu^`hwgBsgKz zWOvPT=PN)pDz1B9y~OuBYo7qoonZnM^TY22-kt!t4U;{eO{dv4^hm+n&7*AzI55d7 zwnxaNoi)SmhX1moq3{An=WydK$Ax}MEWaP^G8v;{5{`(w;&Pd0x3_OC%9LMnHpv#Q zAyq-4AE`Ryf06h-k!BVI_jhA+Mi^yVMjls?GJFafvhj@Q4f%zY|x$strI=#%4 zOm1!Wu|KSa*K%j18g)>-3anwLtt4J96X*dr*cjC%rD5$T>>x`F}A1 z4x+3Tv>R6W7StO(;ODQ`_XBtESb&kahl}`W-tXvMBd9xQSl<~V-@F=An5ev`r1t!% z0x6^HmIh=T)^fVy;q5JyU1C8#-hsXWZ$ECLh92Bwoule zV=@<0e#^MfLC*QO-yr#gc1maIw;7E}TurZJw|F`r0dv2B?To(oz#|Jp4=#A6`}{%2 z*(ykDLp{)a@*P%xFYhnj{lH#fZ?_CZocb^MOM^NWVh>i3U;}H*h~dQrbG;Dg9F7z z^`mZx19uRy@T|2gX=>50D*-gMiETU<0%0QoMLd~jfwi=qT^b(8#>wpa5<5)|FAh?G z*8c*w))vS8J-+~IWc@d&-8;iFz2GzJm--LgwK{|&OWqX@hTtcv=y0ZaqJG3uSFPli z_KgVaV5EX#8od<5Hz%Gp_(&qbanN5uT#luP0t6~93}$v(Rz9a8NX;*reRb*LOoBY> z9{2TWs)AuxMx#B_TfSw(&sU{As}`SX2Hw(t*gtBB)E_B!?wAmZm}_Xn3VNDmxCi@U z{+#LomM2#LoM(SZ0B$B1Y{DFvnGG^J8XVs$wpuru{Y+i@iDazsmeNQu5B=GO(e?0g zKT8Y9_yU=m=6VLXr%nSc?Mo}Wfbn>$)+9%I1_DL(2=_ou)~+o^{#uUSzZ~|G88?{UaJntij_T2Rt?j}Fk-h%(tpWHaSuKsdp`X^=F zup1ec8gKd~5AY=hK_}h-y^yC3$$x`D?LpQKM0DwdRDL7wA57)Pncx)Y_nQO^nka&O zxzo7)I4HE9Y^D7|;fyybLl*qZx9KOibMhvpk#}$m zMPo%`tX2iT^u%UvAGTW%Gri$(A>ouukdmg_-X+*SEra@q|IUgbEL;0tw6%knzcJ$6 z(LMWQ;<>D;T3AdqNI84OIUf;9I}#S6(?vtF^J-w#Ozgz%d7==2!sKAE3Lm(5(UQ-~ z3RJFLXsQlYa!Rn15FJ7ipOIo0z56nNW5{OnE04`31{^Q&8H9ytX3^@S%p{)5PWmy1 zxnd}q-+UlzC6kuu=Cb=W!Dj)6X;G%zMh)#iTJaU2;>Oj-q5I}+3V?0!{aK1XrV_UT zUx3Wt=8F4@C>K7>abE zxpL?FCp)6Q(dr3qQ_I3^9{z@M`C7HIMq-+^L6POmVD6%j*u$IJz)`j$DEH(fFRv#` zErgj}s#LDN4K2}4I!a#PX3owtS-hgL#XfmodX%;xfp#n4xVeZOHRjd{8q9FN5sJ)A zBLtEde#v@c0I@2G=6~WEd)~_O1v2V^ZhueDmP(*Cy+RR~Q)DQZWml2p@-3WF)&He$ zpyIlw_W|2QtH!Nu@<+Bj??=Hg?nZw4T3b5mzPB>-lq7$muLAl*5}VOuhM6LT33*27 z#pSdIKWwK8p_$alYklJTy=Oid99LZFmcvu8^M@F77pDqC!eRe`JKWaj*`pS*Q$Htb zvs5rHa~wkG>En$JR?JLL^~4S&l9+bRMK^S|eI|G`B!=RmZ*kJYv`#@PsJ_p<2EVYO zRs-+kfh*P7WQ=?zMg0TsP}Hb=QPx3uE#QUdnTr^0<*%FbigfWeGE9x zDg(|)Ai#sjoy^j0fZ8qiw#+~fMtFlB2ceYKYosd()iIuux1@8)m{n)`8ZRcj#P|dK z2S?@g%XbR>a#hh|sK6To1NBJ+A?OwprVuvefcc?8h}HnPE-T38>+ycpi_;iDx&t}R z8U_5H9xq`1>-~}cfglr)AOa5G`OsO!6<{V?qUf)F{ z-5AX`tPpX0{9!cY@w)O`1&!!aU_940%I=ur_Fd(mV1bb>A#bHbVX)728LFpS{K7fs zZES}a36jzW4m{%MH-w_`(NPVuWYA$0?psCO=m^=F%pWbs@_q9q_7XSD$u`mi(I^ZI ze-&J!Y1oxHWXZMM|H}DzFrB`fsuddJ@#qfPz9e?&m5YAtF~-B4k^O~FPlJkxUA|9A z@x8EeoTW&I>5%?L!ceEmMe)<;f3Ce8F+!J3>SXQ$8~dqx30T{D(iDt>I4x}VN#hy$ zp%E#sw^IA|m`D_Jp48=MVLY zU=UFGU31dfcb=)iRWT>S8kwE7K`^mw%%K<~{+Asn%!@0i`4&t4zSET5#Q3zn;7`DB zeTetDYik7o8~G zUB*Hi&7QaPRmEoxw0yIQfEnM}m+SvtTc-z58J`Eyd+^;GP!BYrc@w<+vkAKJZrETx zx32AgxMiqSg+XNMZS9;wMND*S=C)(IKPPpgUrISsTQWhlks)j+qFboGwgGjy6k^YJ zQ#XIoQmRyxu*&5bw6DVtANRmcX;k)o>gT1&T)<0K3T!&%UfkDy1_J3t2lzPL9O!Ou|A z3eN>@?5q4&HelHsK~g3PB~AjQf=ao4x<~jxPmb=d*-4zGGo(XbZ)~u>+PqTB(o?Cw zaiF=gKz%yi?h%$ZU=|#;v52(lkoB?DS8_}wbNhw^@&qS*XRUBLh;NDn8Ct`lT|l`;;m@qfUb zf{&Jo{wIWoe-9;r;72jWOU>qfhovX~Auh8v=6PKVZ=oa{iKDr6%7_1Vf0N9pUydMA)waG05GS0EVD{`Y=D^2zC{TpLb{f$4*!ctzhR%3K)FZ@>u zzlK8lz`z0>tl1|q0XV(87k#2#yzT*QK)p{;xqXVdm)bWIt9EFRClDo0US~8NO|GX)Y{aU78+CP1S%vdeqFg;xZH{~=mq5p zt|rwn`NpRje-pzk$r7A957E^4H)?feZyFtJ37+~2qQJ8(meUNpz=|a<7=1rG?5*QHwfxq0 zh9`r^P{SIJ@c?I6@E$Mfx9_S~VhL4Iu0Z*k9<0!zqFqf^W4(5TD{a?u8jVAaQKgPJ zAy?k4*Zips*Vfc!#ob_Rap;^rOCI)(OK=)mX=sp$=EW3_!_E7ct^)}$J_ZSbBg3TK6)S67iOS)LOD;_F=_@70t5eujQ-cXzG2 z*F?Hjfo)PoJ#(mvVUDPOy}IiZv$i#@oM{vcS{Xkg#swtl$GrW1i}Wg!=lo|?kZjmM zAVJ4JLZdM%3E?*`3I-*p0<9EK#d5Ye$AO7!9ffDG=5xXF0{}&YZk)KDg5VAEXwNb# zxziF)gWIEPE+T{;1j$vZ6=Sy|laI+rSGWfn1s{V-v8|ltfsA7KM@|jEd;tU0x{rQ!Edk&+I=X<=ivn& z76aea`Y-?~1}q(7pE#;>x0jtDy~AWrnGB67ka(u`xL1|h=JrSBgD;}lzW^S*aYe2+ z;9_nuu)<7ScB5(C<^>N2bTv(N3wp2dhwFJ`gL4)r8Gx6RBR48@fH=}4xC`BnUAicvS-hY@Ix|Y= za60=Y<~9tw;PG|7@-1joGC1oRbioD!RwP#+;a-hN5fn@=YMhz~7^po`4f=m-l0xlY zPdt`6n1es7zNmcfU>m%DfZlawnALc5&=WwIc@NAQULb!}*F0#XCN`Vi=UR5N=g*Ko z!3LQuy^{md)>jR(?pVbjsZTQZ5ApXmPcrfMqA;0{zWe3CUj7q3J>-6-*M2!u0E*pX z&_BQuO=g$-zwcQkAh96F!~bVhW+2hhQdf!U$l}XN4@s+CPGjD)u&fKy-v~?^yej z4dQjX_wVD=PnTIP$vT8UU%9&inTN;(E{cpHZYq>Tl&mMW*P{w|t)?g8dASOwsyyeL zR86jw10g}2nz``>dW@Ktl4Jt9_8yN}V1x+I-p?zx`xX2=Jd&je?Y6FWaT8IwiUATY z8jk5N`g}C4s8{Z)UsqV={6h<>B@^SUtuBeqSAS;wb(YB4Ziwbh9vLQnq_m<1>k}_Q z=Jn?`8sfi*eAf{M$R$+u8pcj>)AKdi%pO5QevHi|qsAdMX;YrFwngtgPEWl17$Orh zJ7#j!fTEGUo^3AsWmNkJm($0&MBg^w?`eavXu6!RNp-Q}wlV|o!Nu{xe6sQpy#k;3 zre^@Io#atPs&jXFtbYX+{9us5{pX%wl*6negcFMWW`yk1(%f)qug`Hm>`mEZk*{JX z`Rm3Rw|`TEr{)!FLi>XF4d}yGqIaUddy3!|0URcpl^;G!WHtV{E2F|(5&m}JzW?I3 zbC~U$#bInkPY|6+NHj*;gzra@g223pWl=_7i<0&A%3C9~3ms?WJhKCrA>XzM$4#MA zd+4@1S)cQ3>O7cE?`jZ&&qmqq!}IOif?m&{-9lQM2^XD?UHstuuQ6vw#p&fSpL?^%S&CO-D5E{ zrfQ+eqLJdz=Ve)1J${r5SzoY$$5^TL??_LXKBr+@O#>TRd*_iTFKJbE#FVLYB^Rl( zp(@{YQI7BXtqHGMuR=$U%1i}?FS0aEEqgYX#Bs=-LGn`!`vL&cTAl?di>|Svc7w`m zhCyM6*KY^U0NfCYanaI?~ zEYnW3nP6q2mjjQsF3WXviOk+y=|HBO1(%lWsNUsq6X_#RkGcEeJ(sq}X2M~KIvCYI z)L8aUILc>5-NE@NHXNhQA_ar|>rWFgWP%%#a?sP*@bGumyUxA$_A>*1B&b)Nr2QZ6 zDGA;zUN`5~tVY)^3?$79kIxmEcQ&VmyfbhTVR!lTNpTjHBU}CH5y?w!*PBzUpg7;{ zH7J{1{M$aip8fln06lcoH0COC*>BdGUdS69qYj2;mQRY|I*te&KPef)Q{gB*#_7xJ zQ|Z;lB^Rc36w+M5zO>C~i!B4@>-h_LZE`dxX_8`HdeIU2FIui!9iP`M7nanI?-spU z-SaG6o!J%-S{Grc@fIF=%z|m!b6y1tKafnuRf^_a`_#{!Zxgw8xoo8=wcHeZC8mt& z7~-8!3OI9Y`?tl&@NZjldZHwETXNdWrLeo##_}UrZ0uZktdpQ7sGcikt|E=#-#raZ zrZEOeQg_au%P6dj_r%kstZCR0-2l_h191WH#3HZpu0IZ%M_MuG-`I~lhi8G6-36k! zale^H+J9z@cCk&XWB=ribvxKpwOeJ|Jr&(nW-1{LV%9Shp(5N3W8jwu=yQwE`$KfM zt?_hF!WlX6u<^byo-%67Ya^kjVjm*;V(Av7p!+jLD=(takZ=D@Sm#T~EnE+pPES-v zLV3q{$5cTyi8I<#@GIGY#PX$@*pgMFpjWEqu;1Kh;Wp9r?KY^`{K#@B#38F66XSg> ze+S9=7-p>}B*5NE>q>nq23fD1X1sa`U!u1$g$fll5MtbCW@&o-;LLuN`KR-u0%W z>u7(?Z6=S&hK3j)+x)lv);0ombh#moO$g@Giqw=m(>7j>fWk2Icv|)?jk-sfkz>=# zq|oyHNP-z7O(?ptZ^!Aw3zYlCJlVmHz76ZEYeU3Z0{VT)mDB`I5b{WBhV++48G8l^ zwU^nt-m$%3v(ms{%%kTQs~yjhh)rbP5Qk^rV*dtoejhLLUzN(`3rI#S+;iSyh8)A) z9RiylqD5EgCSxuW3OXN-6?VzR@-K9n7lN+)as&f}g$+Sj?Nj@0>fPFw zmIZ~JB&ypb#VAt~7ZKH492U%t50pjcE$+TXF&9BMkqvEf4;iz( zK3BfSc3UnaUMQ^prX`A_K1rRLEMA`TH*52t;58(=lDFODRVGx6+idiWdUr{`Q=Q;R z##kMRXT&q-mmmr3CnVdjj@O{*%+18J@t9bO_<1b6wYp zl|kG-gM&%v-9&$v{g>)l)gS*PCaWo&36<^+{3&JtbWF#=N7iBh8df3?1J?WDja=yt zTK9m-nNV@>Otc}sW%*SiN=f{<*!$w0CNALGYrL%G>6jp5#T7H5!lP7(>|lYYtAq zSZ^7LbLxwrc7soHu}%)ZP4JR_3W`uuNYm_Fv0>Z_n)cN~{n*PzP-wvg>O{^u<}+=mH|X(`hFrh7fqq4GMdd|f zLB&I;;=_kfsbBD(?`H|>j+Pmq#SQI#C1dIEqc#f{!^7X34jR-D|AXa~oRwXjQ{Vl$ zcT3FjEz`z$pZD8!0t=*CH)PA0LUL(&&P@-W&uSqT(>~m{J3~jln0Zz`eI4D7MeR#I z8E*BT@-8TRAn9}X*nir!`rw7pN(E!6cf#{XuVwuxE9qwI3=H2A18tB|ZvI}4FLt;V zA9t-S+MNjV?ji=m*b%4ih^%MC3^zR7^>j{U7M{-J`rBsJqfwH@)hKXDfKG8Pu@vM^ z6-~e8O3*P;(*NUbb+}IB*N?SAbXEr25IR@<&!McxdB{Hn_3>R~l0ve}?g4cNwJ67z zkJ>>AG12E9A6`{cSPfhFJXHAw`bnoU`{7O8~XD}^#tMThQgYoOuy3p8Foa~D91&QG#y#Q zs9i4YuC+CoUd7Upm$y#5Kd&EiwXQp9{+fo*zDD6YCDm41i|8k?nNHj32 z@2UF~Ax@mU&$CPWfp)_dlpRuc9d^;?Ts}*50X8lLFnqaa9+7%a%3aQ>iy0;xC0KF` zCsgnY))k(aZ@nhiAr;?hF3vz8qev2~q9q9|Qu3&!RX?9JnNyGl=C>`hwHKH0zwViN zMM`_qLY=)ikw{9r;>VHFQw2@oNcVq4Pq%X3P(wQII@SIbJiKEBKH@4&L71r#?AHLQ zTiojhAnJwk3Etfuh-@l^XOMYe^A8^%=gnzz@I=a?BuEhd-ATNvgSmmR&j6%G@D;6f zd)SWSgcuZ8H)m>q-~7i?C;4E@us>aS!IYQveXmSHAcJ<>KeVV@)T!-1kDJMdF;}P* z@H1$;hu*4MO5)ReS>o_v(q%}HI0HVUe!hB>R!7WZWau+h#oy1{A!SHk4!iRHr4i7+ z=aV>+$*KT|1$3Ya7uTWgTZzdB(MTREN_zwyjnRJxA!rm_5f)}Hf0$nBe`Y!`tI#X3 zVp(!h22h0(ou^r2fxl~#T#LZQf6*N`;&Xrz#tCfKCHQGK63gz3LW;9}XM}E&76~io zcE8(TTySsdv#HQ!L-bMTIk6QBJ>;9T*DZ*7h}M1%fGeP)yubroB!+*DYNBAgCN}it zt{q9n|E#{YmP&^RcXE$LmZol07(4M1{CXZqn#jHZXYWoo-^kF?oSqXy09?^$ID`Xd zpXAjKn|fyM5LXX8?@wMMBdliWA*R)ms9{sj+12R> zZ3DJxjh#;e3ypv)cD%0krS9au5%EBMk*ZRKVWUad_9(9yDVl`y<6u>q)`b}9qWM{y z!CS+fYBKFFg$HKgCE!aEG2O+oG%V9i1qsU#5;KL1e_mYO-QM3`-2C(6=KlKa&7HMK zk8+q3JSma;P8k;qkL$>s|z8Rhlm#noLp(i{VoB$=%2|EG(8E!e%C!mrGsYcc#d z&f#Wrg~6PfGPYY!AZ8J~N@dLqnc>4_XJzG#`bBRkfV0fK4C2Mu|KcE5h-A519R-mr z*Xaz@SWvQ9nP{;*u}y`NiWIdqN#V@_wpv$YgkR#|eg3kB0rw9OHR`N->rH+h(@o~{ zdMi-nDOfB~ZA|~*oaeCPe?Y?X(%j~m%-#E$(k4}RW;JhZ)vS%kB#fr#l%JsYA9LSj zb*n|GaU)t>$%2b_4pn5b?o&wAEQeF{wq|p3QrVv?WHEH zS}~3QtmpZo`2Vsw;>){0e?Wrx zjcekcEGc|U|3ZAAhW@W6`FjKUf7Hvze;*$09c<|TI-WKAf6tpHeoo?ArN9_ewyEqF zroog>VQCfS58)M6neMGw&YR{QV6ZO2OZ*beWxBb%u`oR$Om zpUnSuAq}N!tuiLbmLn3$pEm5_GkluT|79{j&9wg?7V3W->~HFStmXMa>3_T3{v`RL z{v@m*%_&u#Eo!w>ZIZick*riJ0Ij^tOOuX+KYv=QdiuYb3{W%Z|6Z>o|7&lP|8FhN z8tH%DX{%8NC`(#h-BJGID6^TIB3UYB)CXlg2Z7w=&6e%%J<8Ebi1l$knu=1Iqn_rCa;+LK%)B)M`QG|=^_K{ zx9}w-J1ORI@Fq04U#xHWX)1V^@)Dbsn6S?)KmCzdBKS=*J@( zhy;_am`6^dh=_=Bv8$ZG7xxn7GI`sL`j}Z7{bNPGj%wQmT&H#G949Ze{8F8e6=pq@h#wC&Y^b3u~KdMhGt)?dF+zKp7OD<%{yxXeG3AK3w=geF{0~(zbQqHALQS!aD zmyNSEHJPdG`?4yBQ+*bvxw@~&?SzoaCKDWZ*;v>%>JDho7318mZ8!JBhg>i$tbXXD z?aueqC!+HMiI4+Dw6vh~glW_sGTv5j4zL*Ogq}&5$$ko8F%e+8D`lrP;Zfvwv>i=D z@^-iY-oc{pAV)-;1|z3rM;1INDp^;7FcjmYSBhfx*q;Q+tN|*~tR%w)LYR-l3HsI1 zd19Sb#t@-??53t4=ij*w7o;mS=~!wLvQ!e6Z1%*8$(HBoDPpvmcJ5r+xpwj^lxtd% zXs0-kvhXw-sHADhF>EV?RihqN(|jg{6!szZ#moU~Mta0tji%C(b|dyc0(-bzdd#%{ zH~+f7dV7A6&+Udx8nN#=n-nt#3@PzFeTP)~PQj(>L_vJt<+atcGHX{w609T*mi#dP z1{`Jg`v<$37eh?_n3KCPCt}Qe?*#QT@1Y zGH-RQ*5vh`^|m_6*Q^)SGzuY&Ch&d=B@=RtAR1?asA{fpo2ke`^v+Bl|F1;6-_YC@KNaUcS*_)>KQyTSxnIctaIo?JT+g${^S^E9Zf*48 zGZhgHMoDb$PBjfl+AJ^j{iP^H#raoi|B3=YXX$@O`}=wQZ+~~g|JU+-ruv`uGO1Po z|Ii4~a_ByTxE~V&YAs7X@KeDK)^mi7J8cpN3g$(0Lmnx4LZ{c4g-FocOw^*5g@?ig z6^D*QJ|I->qx`jDw5kTWDqQs|G-O=W_k@249O=0Ml+D9g%L7+e2_%HcE)M0&qiq}0 z|0M!IXVL$?V*KaP#{RdS=S!vkpF!~FXUheeM1N*(cmCM$%~|WXiQoK$&kXv%4*TE! z-r-(e{_kz%|MfgyhW#(0Q(wIO&&*B}Jv#za%a89Di2kaM;B>mtB<$L&*bO;-#1ZM@ zkalF_PZ$qb9>&_0KbOX`US56w*1T}>{R5faLng?%gZ0ev;?4t^-sO@>rUPh}Ci_o3 zA%OkxDSC;1U3gI4Z^!hN4*u^}G7#e<9B3Z9lF>39mJaE%$%F;>z+0DC({y^WyQ^#{ zs2MF;XBGTQy-yMe%R<6&#CWq{*mE4=+lX<39Pzu~B!E=@Fu;NsJe1$jh**_)!9OV= zu7vnrxmcH=JN!rL+N4wHp%Cu6bj+^EV6-AovqE?apCA;=c}qS1UMceTIHdQF*r%RB z+JZ}N5{7ZFy+-aqMZWi`kjLy-XHl~K@#Dz~ukSOi*Xa&q|6Lo)>{0R1WJeyzRFs9K z15(JBo!B?t`9wS{vYv))(D;+)IlaZ=#!5`P9q*%VvI5 z&rJJI?=XM=-|KDU|Ft|{w*BWbv-^MX+DV#2lKBK}r%(x(g~Z!I5kmulpaMt4P#B9b zatV)A9t?sMdlFz7M~U&Ek!3q+U9iH3IC95MOIfyC$dPPilTUI*&usd?Oy)=R%%K1M z!~J6Z_k+C+{a?qkX8TV{wm(06{g+R@Q^S7~d%n3IsJ<8Y!Y%%3lF-i(;o2ed{=!JN zf{diIm-h?D-*pH$_56P|CBSC;e--k79&GYIt>^h1?te^Cu=U>lES&kNtPFauQC zGOQpI)G9!-GZxtylInxQOR_%|DwQn&3|t(*07-o^6COO`p-Mm#X3LP-waL;poJGuK z{t3D}yDns=vJyYd6|&oi{x2B-I*b1Ib_?}?dk35P|7&@^RQumr0zm)t8so-<_E&#q z(EkWWWElI)rGTxc|GT^WqmuZK!wvmk$Mf0bf4$YHR+j{8Y)y*Sq=$6vSF=L3d)YL}>k9I*&Jw_2m@($$ znlqOOah1{q%hP0;by-)=R!xXT5!&`iun45ttgkz$H#;G$4d=20Hk@ZM1FBJmwL@Pf zIqmvV(|+p2v?Xb2%aYROQqtxV(#}jrE5RsDLThF8Y?t%Y3?43+Z`NQ&b;8-j(#_ia z7N}1y+w4klCNuCSKpVUN3d|`<1qgX&w``orrr>KAld5(thx62TFfEvGBSvC!${pE4 zvHYqeuru-lHcb9nk@!_(=mM+kY42aT)i>+=!)lN|aemlkKr77!TbXdSQF7P59h0}<<4P0VLRH+lCMI3*RiO42p7pn6`VL20dH=rqEi!wK#_?d_6U`;i zw_SbSat316suR=l)L!Xp5#hkYJ_`~eypu7zmVCvf)RmXc-@gYr6FEOB_r*MGSit~7!W4}O8esQ9E_cYhCVMd(A*xqz z2HvQps6w5_NVAnaG}=0eCM=*4gZR(0n{$ylK8&Mn8_7b>CL|h@SQHS*dZl}QqdHE{ zP^K#r0bAE+S(`?kLx!Qco=Nb?=4-H;aWmMlK)Wg^@(8xwIm00yP@hJWh|cNtrM|xs zogcA4PP*wGmvO>G$7Pf5z2ZF zucxhF3J^EsF%e|`RkDw4K}D)O!&Q{O0)-^`t9gavh^73H{9f5c&WL%)k)(2>qKTcE zY%%#-ex+lOFNKH+zahgaawmzsY(F9aQlq}K22GJB8siAXf^bl8=#Um^W9|5}h-KA6 zbK+q)>PRH)j0yG#7af&QtwBSN1XDAvp7z_opCZZrSP2)Y7^>BHEEfl8K$0c$oa%XQ zTldN2IU+p3zA0f{L?RuJKOth=i3K^mzPtryy;Ir(ht${>>acFcC-WiUjLsV2q;~j! zL&SI`h`9hv^DuRV4egkkq20Nq;w^->15)x{3q;!LAK?*lK=+EAoyu>9oCQ(EN11)& zWJI2CNa$miocca;{-4gbUpvj9aJ1p+nv)@YM$V)BL6FHK;b&|TVos3r_g?2kr{^>g z&FjWefu!I3Z-%=V(ixG~< z6P})4UzQ$vNnc)J9|tbs9skHIJ90n>%OT1bi=W8Ue2X0a=vt+dw7ev8bU-(;8LeKb zO9i@|%?}DjNPX!hQ;}~jBoyfN5qizAhYX;oD3F_R)PhQhAY$kn$>hIrW;v47FEK2H z$~RS5+=Z4u=S8#)7pLr2rGYWuJ;Vb7GtyW*AwjeQDMX+XM+?88MQ`W#rR-y8XGgcr zq4Gao?sj(f9kiVo4%OcVk~kc3>=9@mQ4njVJ3Bi&1>Dyg+O6143GPL@mSziUXRNoA zJcmAYY2;6norT+~Z{+%AHo1OR=W$o7Vr;o@tJKHa>&u%9M1zQol-<6FvgJL2U^=gJ z-P{W38QAcU5xO%R%AyXcd)4?N@Ipp|=+>8N1VCx8k@b~EQuD#t&AHXwS|d6%aG0h@ zbxuWMaoC;-3e0_{g=kb<;vyt30deM8Dobi;CsIRZ!DdNiSzJmno_cayqv@&dGqt&3 z!gpNm6*$Xw$Y~G_k#je$0?7sMIyf(S@o0ctHW|=BVPNJ)s(kR5|4Vex9YaJ!c;Hhp zM%ct%A}NQpkO!A8{#460F(+WL2{FeL0(qn&rtdl61t$|05%ll~nXFJW<}4nKOV>=7 zz@4=|JJo!@1_SfRx2kn4L9wPL#M$!xDiP;GkAj}eFi6B9q)S>6=B#PwRyL7Ewho9x zN=7XWB`@Slp?q7?v@%qm;O8@y0*-jP6S0H(2M0Tge0Q+BYb~u>r3rp+yQXP7N%A&{ zMPx}x{euI^Ll1U$oyIq1`u?XgCjNwu0>;Ve?-*vpfAtOu_dor^qfP#gwLD*;YaGcV z2&7(N0D2me01aa5!=*ro-3L4(qO^GqT35A3sp9Z9})j7Yths2FrU!gO|I*I;y zb}RXp*y@aE)P?_!F>P-d)_hxkaZ}=jiP1 z)%oS!<=d-U^!?i#^z-dS3*B5?-@HBl`Aq)Yf>!63w|6&}uYQ)lKnJ@WbWXrS4Q_2r zT1`jK$U$O^eIHE-R@ar1I}2d?E(<*M72I{kf=KEXa^}U5?bW25m2EvLB2EV}&^9cP zCx;{+8cflx$_*>fZXz(hKx~L2NlQKE#!@-X!^L<3Fqef>PDkSiv8O;;RFq(bOr{kW z&p4Ttd;#`UD$s~yb!!`?J8Jv0;=7D@0ufz*CdZ=A>2}O;;FabZGa!-5EJGp9|Ji^D~WM& z{TP;F5JzC-@#%!h(IbWg8%9qOy_B;Yl3cl!oIU8s__INSmO1~R6f1!R#DWy`w~$(> z2s#d?>NieA?8EsOayCH|;*N1ZU2G0W#Bm^GOKcDde)096Lxho99_X%>onYeQnwh4{ zCLxsvim9~bYMLVw5RPS&%!F;~<+9*WUu(;L)Y+X7k7Dr7w5Bc9+5%CKx*I?YbVy=a zdIV@-rjZ-~wRCz~6YLR$A2IbItE4*r7F}vdYAO-X#Tu1xLKh5m3s?kZEKS~Y+z053 zlB`6L3*abvatw+6oJ|z1l0(6E$+Pe@rta7x2E>C)cI+cg9w}^P z%MLJYA>!i!>_xB(3SPXat4J7&{q5D`Aa zE-;Cf#UqnNEdV7~hp=I~>u@umd3@=P=g&ZLWUcX%1=I)5@X`bh*;!^!0Eay-i6k!M zYHi>v#w&quS%)H$RG$Ud_YK(=@nAwDO+1X;0oVnQ19?fv)NMhUS?mKIJ#qORn3yJU zpjRKsQ(!MTNf%14QzX*E0_!hYwX7(iUG^9(uwX(HOnv#WPemkJHp@yxAu$yZnFyPN zQz2p^S%?cfQnygsFFBu*RuWmuUi6klMlx7nt+re@j|w*yz~y1Y3D8R|M*ad6FJ(>S z*(^eKt_B}n7Ko6#F^h#iMH9>)BBIqap+D`-6BUso{Oq9gRxndE*$Udtb zr+9>O@^vz8a{_0IJoW-g`Z&oAipE%=0U-h6#3ew<2h+?r=^+&4_m~8cFNbv*51C@u zQsA|YpCUy44*EfgRdU#~Wco(3Lbtl2iN@7ZWyU&YHdQ9r9V2UjkR&04sgmMAF8CLV z5tb5ONTL|~2K}BG_q``7WsQIZZP-*3!)&t-_rl3laTR9ZA?N3w4kh|LLf6{W^xJC9+^>b82VD(WPv|bt1M}k z2F>*`oe165n%rQjI75i4d4mIGsaIgOSl_2sOOVKKR>W2PrRXrWL^S#zOIW z%JUzX2`LR%bK8h%AukJ@9^y%Eh2eD_bUBp!pXfp&qLIYuWK$xl?XGx)dd4)%Gg6h}4)Tb~-7~m?g%Q}4@3%s} zWObb%2WGm6DcGOH`5uuTUSAwVX4NhDd zQX+|#E&4KUnF$LM#lRo(n#6a&M$MQ5YfNRhNkwU?M^Rmwz{Omm5N8t_NIX&6qsTOXAzJc;rQETlvAZS7 zqDQ3M)Ut#LK+z~YZhCIY1W^J{o}^|aH$^>79{`-kK%fl?m(v9I061|xN*Nc@5`2E5 z*+uhqB+*LtUn_octDUR2cb8`u4uU{vx!&^F=`p0pZH;4}E{g<|oRq@K!hTs@8PyX* zcsW*qPzLEp>9U&C2=?-8q6U;fO$4UUYO=0&3~lKOm#!-y8;+1qu#oDMZKc#8vT|wN zpk$SXxsw6{#3SKqv!XHOURzFbn(R%$_(UqqQm`PHcMy1*fahlh4fU#6`whZ_Ql%3k zANDQfRZ1vXaP-*%iZ#vH<`cGoJx~6dOMS=2NUIkEx?Z6sC!wWQUr;ZDI-pPCKn_X* zFP<2&HG?sRuqge{Y-gUP!2%m22KLJjQ{wLdasZF>_@@@8>fWMsiBhcs#8%^m2=B8- zmUJs*Cwd+>$c!V8N~tv?<(5eBscEm|%1Cu%-4(H62{f(r*bG5goK~nJwskH!O3@##K+!=z2R;!3HqCYj zl|5P)B#C`vnwKIiW0qycsx)1tlD-@5{)=fh(FaQ z1T-@8Ok9h^1K~{;gp(2G>Ru_Yd+57>!w$ML0*L4+zYrrwdkiRNq(pA(Mo2EazED%* zi@CNaL_-Y>?JK+)AxZT20mNqY5WD!GeJkncC7=L~Mfj6riC2 z@`!Lb9q6q{lny$gMf%QQIz38;gqQeZ*z zmMT_C24ELKc}cBct#rfm*%v9O;89MnJI<@9c551m?B?zu1~-1r=`Fgvb?`8{p?qM+O+>6zGa) znMuRL^0S(0sm5pYuQVcwNZ$80=kMJ*Hi#y7tE!J znyiSrzGnq%tbNg1RAv?K9e2>{WJ%>muc?YtDC8UBR(B~KnK8$I1?hdw=hFS z2)mJh+wt=Ap{QqueK3v&X3KnPD%r^$hpojEJj&Ye<=4g~AaxFasIb(?MgtezWc5{o z6kwE1mtx;^YACcj#&U@WN0_TSbIHXMUM*rj$}76CnsGv7V)Y9R^k!Og)wURH*WQU6 zsN}SLrVw_-nD<0|+jjVXM8v`nk4Ot-f>;8svwkTr2!9v{sc-{Ku*4I@Ws`|SUVA;% zz(nk{01u^ro;SqlJ`!U(_8uu*k`A@|h7dZ8C2?-h-K!JuqJvId$rI!%7|JV0K1~_5 zbtrxrOVK@hT=SQOwbyM%3U$YfDJv*gIy0B;U~@$n4GGYb7I@f)5e{6UCJ`z#sHT2X zz&kPtXq24C6`wG|5FmaZf_Qu0+-El`R#GWr!2nd=_XK|iu5sR=1nGFdQK zPpji}e&Ep(_||PmB6I6&5isKFpCutp$tb`Jl1_Syl2Y{4Qe>flwh2p}i4GNgmIq#) zcUYTYvNj$WlE716jG6D1n9ebu03|ZQb+U@-agI4pZ_Bjh7z;tTJU-fp+A7+O2U9I< zq!XIT6-d`K5$2yPY_!D21QvzB7gy(!ua>#N!TZze>x--N%l|o%TL{*IF!ZO|eZh9! zlkWhOr{pdPA#~U9gO+xq$XXMOSk0(UI3y6#+FUEuxF) zV_Li!EEAgBO${=s-~*-gS(fFf=P*JV`=+r09G=bG1VCa#*snuS+1tq|GC}o^x%^wl6jTPp?%G^Z0lrZy$pC% zWExaS-b;$zM&O2JyCoz8f>U>3e|meH_@A{rU+KK-TU&qoHL1+8+u1$n^#8qW z(gV@Ss3XR}$2*jD2iO~tu5R5{joTSB_x~-TsZU-GeH^vL?=j|N2mS5W(=eQGi1dS| zqik*IAY>{K3rS$SrxFL?VPgI;ZcN}_5Mr(za8$0{V6+vG=tOh@r7&j3JN9Z-45{~w|`%rCNS#7o= zjuT-~Luuw>G6fs+85oG4h}40F?(9f+6%iNo{w?@M>y$$@VIJYx>6pTE$#l?^_!UN)?h`8f``D`>rE(TwJ^6L6~xjWcgBgcW4 zm?zW{bha*|G|0@G26#eUL<1>&>xR(FU>Xr{i=#ne(Y40L5qeZ%T3dGLK7@xRb2%|f zh%Vo@GSk+HYFh?LT%x|*lKg%W`pTwiR=kzpibt9#ral`{x0B3#Oh;pXxQZBU z8T#az4!~ykw_i0T3<-`v%YKx*NuJWv!ts-icZ&t#+5!pbyEHx5{{#8C&h1OLE~G0F zy1~8ax)TPYovp2}zCzcWfYc*sM8wwCx9F#MAlEY@;sm|>$4hx~4?Def@7>n7=ttsD z)USJ;-aGjI2NHpra~ol)Ds64u@o9qE>T)*iF?$g~11(JK9-s*gVo1%q^#Q%10ey%E z1bsla#2>cbXjjIcjs^OFPAB+3EI=1O-J%cZ2gXJ|K|lO-f#i2CXY%BuQ~7f1!%6$3 z@c&yM(64{{)eJGu5|1&DM0bKkM7UYjiSDN(9!EQAXC8A!$5bI;T@rL5B%gFgYPEz~ ztnS0HXzRqdZJoiRyMqA2?97uDTo&MmV*z`=QdrY1Sr$C}Bv!waDUvJ;-UxbXyFQD( z)x(*=-=$abKQUi1T5fH<HVsiKWYmVrlA7Z#(ksAB_tG&|!LaLo8&X`9e8UA}ouExyd z|B)fTKN3IO+PWJPG$0~EPZ*5EBNE9~3=svh6#OlsSnixk^&uW$FNrXI>Cu>M8Gdx@ zWA_1kp#tKk^U_lq6V4uD9EJeeP6z!Wkw9AxEbl#mFnAZj%8h(BAT4D+1*yQFFcBf_ zKjEoBf=vhu?C_w70sLx(R7wTOA$}rL^a0&XL&+n~HO|R@rS_H&TOZo;QU5jnlld3? zCHc+W&**~`D$ob?uJ;aoKxdisD8Qursk;17!h`%IV!)}NIE@Ixam3mli6CQxeBF@{ zB()OI2NR?90ljh)B6_OdIw$WPV|q9TarD+56EF5@FuH`$b^Y@NT;fs|I48fp zcc6xsDS06KuxgXZKjksTVd$Lbf;i5{k1Z!+A;@Pxk*RY6$)*%zktjN5B9aHn`S|aT zALTk20O8QH+{t`E1IBzgv53b+es-zPEEuj7E~%zT_Im64D;C`l>`m`5 z4I;I%s*aHC(FvGGtV0A}v;!8kp}2=r+^h$Zn1!U+9hq3N#J?{k2my=0^=qmTA4*7c z&@W@DN2nAV7(Gg)LvU89aaek%@(HwI0F&aQEm1(Y*eAS`UDkJi@JTA3)1)1GqP}mE zFr*Mm(MSry#7*M5j5k-5CcXh@YS|5nL%p02VlZWHkY=(@w+1pN$}^be+x~=4;!W{5Hu+A{SBB=>-$3?o+B2C!k}TN&OlV{xU5EEKvr)lJaDu>d4M zaR~A$6o#SyvC_{d?D<9{9ca51Wwyh3hBb-vSBD8N$EW`)KG z&AAev=rVS%JTR0?%0z|lNL^4EHynKcPhpa$*Ov5T+uo?vMj0DnKENY_ zT;}^KUcts}3ZYFfKnsPc02c{{jO)C0a4JP4|2y!R`;b)FF!6~h_gxNT^eT>Y(kv4Q zoC7lHMq6PaGqe5)#?5lwK2h~(x8)hA5;bDr`i3l;4su4m>f&4@9Jvoe}t|!-mMsP?1Cu7b_vr z^;x|M4Q>JIYaETUOJEfd(}spFwC~8jV0Bc|K|O28rK11`2U~dO5uc2J(BhEl$x#7u zg9I%1Ga;0p%mblpul_p^oW>qj0%8Z9>WCdl2btCyG893c-?t{U;mjGWhVDXVO$aVD z+?ffM!EP3mo`*es1l4k-jZFo#nf=dZi^UX{+XE8e*`S*`J!;p><=2lX@M?>bW?4os z=UBCSnHkP*IoBAbu%j)EdvruZ&#rT2#W{NO_GAb@+AFq&46t^h3;2^MD1uy+W9x_ zA>(ZUZfGeg=FT`m%4`3q!t3Y;}Qv<}u*6felocZ}4l(BZ<&vjymcIe}PH0q@T3bnpd z%v&hpAklS+=d>I!dN?NzWK@;CtA5Tnm8=fr{HEW-Kt?>z3< z>z<|PucnC-Nh9rOrc8z43}t_)J)tyriv;n9T9RW=wiv0kXC0*i`UK=k0x3)W6Cj&? zjBEJ_SZdlh@Y*Se-Nx8BQ@u6f8#LFb4lx&?mZ)fV{6LV}^~6!KiOfiaO6c7fR=KG( z7$vp#%cM>PZ(@u`*jI)%_!y|LN`fE9`LsKT#dN@)Es1aMu(Mks^2sS$TuMoOY?zamJyQ^_ z>B9>RU)FE#*zw$8LffFVFp}4bW7$5Ug?)=m@+ zj1@%~MQrAukrO}+x>E9ixfjx~IxPo80YKxQZ{;E2BOGXZsdJ+0DA$KYYNdk< zpa+@LW>8k>eZ~l1fYm_HYK3M4J@>z&-9RtqstgCFe8^wia*(Vl==zJB*9-LCSPvEi zq>{=gZ--Akd{hwL^kx3#wc@wBduV53ELI4>+%_D|ZHi=aQ7ewAw^(jKDRPx+jsFi& zyA@2Qo(CZ^W#URk)Yt7|9lfTd-sDaST@Jxfz-;>Y)vcY)2DH{7o(v>!)xB(!&ZvX_ zt`{Gi*8b7?d!jY{qaz;O?asG5Cx4e;x7FAG(9vf*tpW&O1>i(5|B-;Nh=F-9MLuKT zlpKe)x5(wSa$hq*n=7skLKiwAG8lct3EJ&-uk{gz4{q|o-ef|pg^foXsP z?}>WRSl6S?QSHHiJ0~!kmZN*ne}A;5mvn+mmE4Gdr_My8#@*R9h#EhiUt7^9It-sZ zB_25K!~-YdcsQi4LI}&F=bCvcnERB72%VDQcLs(hiXfHxHhdb?sFiDs~?!{PBIvUy5#G% zkAu7&A-f|jM-Z2jNF>H@xw}U0(oMABW%-{w%6k?J_9m!DkVx0H6X=n0a7L1#0}16u zf;ANBkzzgfS3g`|6CydLvOVa^{v|V+y~4_lC`UCX3GR=|d&|$fLins%1g(8#d!Y)5 z)MBi1-r9SwrJIOT@+cP$dH~AR4APE*t!y36)Em=h3WdQW{ifkS5b2+hXzT?r{+7^6 zb92>2)?ltyz`nf_kdA0XA0eGM_DoGq04f|pRoOQgMY^i=s{0dFSHIOG`Nc@p2 zknWNjod(m)_V*9_yZig|Y`@V{0~WM3qfPwKOj!X4Sh0t_b60?MvO&WU6o4i%Jz7yBqzy*N5Zv=vy$U~CQ0v3q~yANm^>Jh7?jk;8>+(f9wlmu}4 zQ2S+DHPLEJwpDNB=Kkm{S*7t(=h;w?F1|! zE#$MOR+3;`Z)qnF-uFHpWeqA0_I)RRCMA25=Y0sxBTh#nk^@B5AQe)JOcU^M5rIoA z(ivY2wJ5+*;p#3*)+d^V)WyE)*C?)~Yok!eg-uJxws17S(UP>#O!eyYE>HLZLPz5j zbq{?FmK0$;&(kK>qL?8>Ei=_w!nfHAhk-(j%kVtNwbAlIB(H)BJ zARLz9juLa!M9tdfBpB0m6ms@Ft!Gy9b2*>3B29PKH*f#vU&^)v@N%LvBC!C`Fj7mx zV_)xVl9WIKZ<0Nz^-rhx=;Pp(;wE`}Z3>8$kynS5pntwTy+YLcMh!IxhbpUq=1d** zYwzENUrC-KDQ)_Rogh~+FmV0XFrE3#eYoaqP)97~vbqp_qceJhoDB?J&$43_QHaq2 zeF6Jw9GCEDM1s7Io(5cgY&q8LhEnTT@ZW5p-uxcjjmP z3*6Moj`DZW$1ia2c>n0=VDIqwaDRW_!+7A47yC#1gZ<;Z{oacgdjoIxg?lt0`0x<# zACmopLI1_k{@}RZ+ut27a~J)4jHlo*s6&UK zx>4lc5|;&@fI#c-X+XtTYR60hAq10jdxC=)`~Eb8Zgu`k*;rbGp7ys@mu=;k+296FEn?dYrhPn-Tn;JKnx(OU zC}4YmY*>jjO~;Q``%YDNbM%z!B*DbS_kX#GhsIWDdaS#~x>63KX#+?h#2|4m9R(BZ zT&j%PD)9k^3^SkTVk?2U{JdFw`?%NBCKuTXVaR`w)Qwar_K4Iue`5ofkvR<>QNP1* zBhKQ2ZPVz>lDs7*GIj5m1WRdpDRq<^#w7iNkTOGgpx?*7lP3*oJg6d1@->m*>gY zx+QuOi%8XXfEGFdi7KoFikv($<`z&F#)24R94PPUUCBlI2L~PWHh_%qR&fE7$KeeT z;}#?(9T3z*beMT#Tymvc(#g!DXf)Ol5P*|cma#aQPdyOIL{%E!3`?ow9V{3oM2uGz zJ8N~>C}ly~yp2PexL11>Z4^V;DMD|)t&q9apJSzLV#}snDVuQ3Qjo~?!1+@NUZ;Fi zD|KN$f=qF+!|%#>Ms_KCd{=@%RpVX+k9EV6;E{5sB&kQtslJ+86$o`~=2mk*G+jHTwc_|%s7w5;CUy#H|p z7)@}xg1#6`uSKB-xLYxYGK`)%RAV)(bj%W^Yt~Q;k5W586LtN8V9?@92o^_wjzecd$R)b^EI{ft1qe z#2}&)&sKQmpIN-_^!hU6qhGf~504^ZoWQTM{UCn&=dEllS$oI+1G(58>!WQY#!aru zy;L;Q$y5>}N|+W=~b&3yp~fqU@*Ss^pW~xL@tDjeH|~RT}fOVs)`sC zYzmIYS?HYn>YToQ?Pwv%hOWSMs)1Z=A5vo2WFaQ(G{rjp8~Bj~T?d3_s_ z;En#%l%Z%atYp>mj19zKHN#E{5qSeFsH;8Xqx5RhBN3*4DwOD6zSG8vDf)&yM!y+_=z-I%MQ=F(6 zfwER@mwR0eBn?I#mvO>`9Oqt7LBAB8DW3Rsntat-Db=p*ihs8(nVoPs4oPxgwrv`- z=@4FP)qq(CeQBQa-^C(X1yJLRj5uxTX_^Lkis{$LoF*v|sHTwr*c7%l-y34vY` znDrvs>f!&?Xtx@O8^jZSQu4pvU0%h3`PBP57mU?`;W_gv6V8d_(;$9U_l|J6t2e*o zUiT9RiI-0X4Al#o;>#B^z3;9X@SF-BgU{cq*c*|uOVvakQLoT-@vG+Rl>{kuC2Uc8OVjUC56n#kz*S~^9;Dc#Te4?+oOeSMAn4)*tHYX^EeF;k4wC41zSQO!w z&v>xd$ec15*2e(B10JWouH~b6B=p%d zjg71taYyV5$PR>S!S1IcAeD?>Reu2uO472nab0gm z(~z7X2PDM+`wnz^@zZU6r)DMt65(7vKKvxw*&(Rz`vj@z>|VFmV3CZA|DB3<&=F)6 zY2nKoTkiXbi=B0^0-*zS*l9p96KDiVdE-@qBKh)l#ul;H-#dCC2Y(xCldrNvC^Dc! zHgs4ck17UEofszgfgk}U4VHK`5rmOPheN`pq;X|npnfP`enyQZS?g)b&fzLjdKO;}P2as=t5uqQ9fO?9JH9aZ&|_!zWj&I@l6k01e=4VU=C(mQ7v-)bTFQ$+N8vC|M>J4HI&_3`>TRSK2KvE# zM3R#FF5{}kG}QJ>ATgdxoTwNc?X;l58DRGT%0+WB!rb$9>3$P9q^cT-2%yn!erP~^ zCgoo3R;fDDR3$sDCg@j8CSpKO*by{Y7Tx79dKy1)?2>E3DKKL24oq<$d}-<%H)T_G z(D*`S$j|$>5*|4xPLius$>{?CVL+b0EXd(LB7w^!%ecOHV|;zv?#2>rLasu} zAIP+WeuiSuL-Y-fBleAP)6plZc0H9Z^0=6I&W8ZCl7Io*HzwzqGl5z&w@Jc2lYOI& zRBtCx#`ynd@87%IHkNd8c>dO>=s|YI)*g}~DU!PUPG&7xQXHMwvPM#p*{>%{ZURjb zTOb<2MG}+k^V#3kRn?8gg%@3H%L%>LOl%OSuD(BAUG>yK5Lk{%7^hVnaUfe?<|U=s zS^SeFYEhjE_R?>OR)Yj>Vtkr||8feAr$J`%kM@wJ+}($#-;qlGsLnsS$)-NJcJDJZ zr%Z+CgM8JL#;-{&x6v5FqF@oghOqELNspJ9chME>M#Kro@_iJ$W z61tuz)P9?)2dEk_sE+OJ2FH{zqpEN>Ov8!iBd7Ss6Oq8hSK2GSmR%id&Htm5B>@G_ zW~(G{=|G&<5+%VUvGwCpyU@WP^b&WtjMb@m0#A$JoB$JMF!GqwJlHaTCtIGZDeG z?0cODa9_T;D8@SEQ5r3FP!~_3sf|z+{YgXaT6fiuHaE0x;(GgU)G$4kz4;xs|UCJBsLOaMocDtOh8OQncYZDz2C zioS;DQ54H4hW&ytfWl+9%NoWFd{L!Lds4JPMSMEAL5uRItV0n^e8ReDv%;LZfJ4qv zh~yeph}}sb6!QZ_95KCefc{~*t zscPqO*}FZKfvVe2@DBQ=+ooSC*G)k$x)8PXlD^37ADT49+8n~ zuZF0wRGSZ0+F375G*O{mbn4wi6N*(Q;6$ppJh5yX`6L7)1`9l?_37j+k9D1^{<f zvWlxV{gmGw>hPJvy!|x+O~0?r7geeNyEiP#3$FD*Usq@!Ot|WTp%f^wCOjNt$W@$$ zkmpWIYiP>5f}?9es5v!!*T$-qUIp{mS3Cs3#pUjZ7AYo;zy9`7>fT;?9mU^ zE>eKB!D12eDV$9qX>ZshxfS&>s_pND9Il4^`UACt2$L)Z0|_#jQoH256lhtjERD>A zAjM*?D^K2rmH{R7ArM-1*O4F3n?CB5l}B)%;&stDwgRLV&nKNCXmRTJYEf$Yqzwt; zvN6XHl11gw{koJuj@9~6s`m|#3jyI6uT1aP5o*aXNXNDG^h7-vn^f?zP!kDKP@7B2 z9WvY;Q9Qr;2qfq)E$ap>ydz%(aN-ivD4kh!Jb7K_T=F~mULOc-qRiQMI_>tej_)VYSQ5{67~{c{6WxRJu%tI-%esOV!A2<+#)b+US|g zUc`8_c4Lio6WnC(+H?cMhba*D-Uz+4*KT$wWGIwakS{zvqfjZjfN0RBucjsL+jtaJ zM_Ct3=< z<#+Wu)iGQV%q7j-nJKtFLpW_F^E83Db-a|OF`^R4qMgi(N{*?Z(mUhYUg( zYc+1!ROW@T0P5O7D0P}8I(2)o7BvT+eb!`d>`M*XL7CY5h5K_d#8;>c=`BAj(&GZu z6?Z;l@rR%XeNryD@gZX2LD{#h&JJ41ztdhd8C?pzTWp9~~zl%d#!65t|DNA6|i zvL}E80dFQE;%H{awkR}LoYh%(itx5V#j0RDEv04;0#={AaERsbbWzDt>CKU0q3j)Uy+M6VxaK>&;LYy8kw0oG2NUxV6=57Y6KIvJ^q^~l-Y;^fErAMH*(gdJQw5bn((1p0`925EN;rUUmP1hV>1QFKC5lv40rGhv#6T_s&XBIL1 z(dmUQJvaE}=kBD%&R4!RBi`>O86N#`yyb-nM77XwTi?Jxn)o=cbC{gP@^04h!sJ}2 zmEs(nGZS%GahQw6NDV}zd`xdLSG@|^Ye0f}AAiSFZo@)(Hf8mT_i6<>j$`-|WdHi2 zRa6T{{85-3%4rmfB&kn7e_+yyL#u)pE_m_cM@CihjlgcAEnBG)@EEf7OnAupoi2Md zOVyzl_k-i3(~CA~-axk`pe(7VielBtEjknN4@44WaY47M;Vx?QoScDPYOPWj9p(_6 zWZ-j{b=;j8y-Vf#ULX$5cZa#bRv!v)j;2hYShd7j`YJByMu z7JLe?8{dsIi`5jMN#e@b(=L0-M1ho;U0%L1`QsECx{dvm3_zEcZ>*aJx(BV=Ki;hSpMBb z6MYxd&L!jW)B+KDL42!*Z@_2efaCTwamsh70MUxe5hfx;q<{kW0$7)&p}1uyXEyN=RuR*Gz2>R7<+D|C5a9=G zj9(DnIp*t7yZZ%@;ZO1u9WdYm!Eb2T7F_L%rIV3zem*)xh3R4rR* z?1LNNnH?lo$4ipa!xL z`nesxTor8sM$kOU0>UMs2Xyufj{@*;d|jm4;@(Y8t%Xf?a(2^ub@KZ1a6!(tgsHdK ztCQD|EyJY4LN)Rf2edN4%daoqZM{B!XNUBmr5gO%bZ}&@!`r${C1nB{lb?jH=Aa}! z9o0)(E$Q77(3(SH95RM6pwA>C_{e$Rto$ldD&LmO;-`Zb*qRV~pomdGG8cQ7X6;V!*O zK)6n4HI-f#V3dTPz|AzUCW8$v6vDG|FPO%9vtu@PSh6Mfgewdai8z=ks418y-ONN9 zlKCR#evlv>6J#u=W4#V`Um;slZpPR`lf{*l%QM;f21p^ASUugWZal-Np%u*fF%Of7 z$A}rwN5>LS76<{YBg~>$!MOFeJ@(g8BHUcY+$$dwIy<7wf;xzuWC>4C%vRYh1j7@r z+SEA*THewC0uuFbmJAiDRI;e%oKX8!6|5D0EoRj#{R(gPwZO|}+Y7-8VWAw1mPg=? z&*|wYpNjcqpOekg3h$_1V(HVSiR2)yPRF?)y3nF*2mytz+_e(k~tbp>)lSEh0e&U zBzMH3F0uMcyV^-_P62s;Eg229J)e??8m#d~G~7~D%Bvl8>dkviUy?F+@;>PR{sgmo zPKSaE5qxp4)-clMw#R)3$tS3?LM+Gm;F!M~SR)7m8M2t*PAciYPqOSfw|*?f8IL`u zqU*frK=&n3!REaOZDC9;AGi0PYM-FjROQ{2JdrERv*!@+bSgcOC*;qmXMHcGaHK_< zxm8Vm@ni8?bp<<hK(dk|RsW*t8bCB8@TNl*{zKk~IMDfm>no@lvCh#*eXc>`gIjMoGP|GX zDj7q*mRVCDLqc2Z5OJvR;k*W~s1EFf-caFOyfTkLJra1waQ1TdQYgA~D^Ta0Akv1gwy_ZrkT4V}I{fEbuS z;%RJ4jYO~xprb;U=~RjOstm|%n3X$NgnobJwl0!*E&{<5aeSvx<*<0ZT{4aln(*ciAbOm3|$!5_%FBj`yVglT9_&GdICF4wXmoV-oP7uR z1gsY!UV>lx$*J4LJ9K&7(FXZ=ADIc5D zNT~@Z3{}<2=hJgpdq9LVYwF3#!CMwfa_A;Uf0toXT;qMb z)~R_bh7&2T^G2YMd)2|;V*>GVm?S+`%iF;(7chZN=qv21m)GCjY}#2fJ>N|+5?DPd ze}tDxV@b9_9paHn>S8d#6^4A04MUNh9Ic=szRFIHlKBeZJFBa40`5XQOjT!#{R+D_ zPw}c;wNk#%q;GolyaxK7bpZYrQgC1_~GnaP0^ zatplM={6%_FN;w-n|f<&m70IG5wgmFShxTE+8-^($A{emk4LG9-}qBM{n_Vg8><2( zjNOLH)BEP~!)%ze2Vwy?a`tQzqv0xv9#)Uchh~Xt*)@HlRCbp5m2%lx?{8Y_5S}GZ z_X^`$*W3)}-XMi+tsJhxthfrEszNate!{?e-V|2v7)Gvw^`2o^!O!LyhI+1m!9XqW zmw=W@dFb&#hQiJxX$f2C9)(PTI{0>vSj6N6;drzPE@SIe07&+#w%#M zAjOd-^aq)MDQ$ToBa}a(_tCUgmA7hIB$QT7h*S}^vXp`VJnR&mcJ_96c477$p0UDp zADtQx&Q5F*z846Zh1z6anT-QVnw(PS8Gof8E-%l}rOl3TqPP^Awk>ufiRQ{c{feub zCP~v?jJfa7pq<#-u8>G=cV|a%uhaF~yI#+2_xRpuurt~nc-!tk^m|<{hC9R2-j3*q zUc1AE*y(wq*B^{}djsxnx1TbRn!T=D`O~^Pt?lOCp4)MEN4>7Q>xrHA$lVjk z8})dv+jqU~-Qi%cyE`Y*+Hq+jSQ*x^tpfi>gd$1KVmTD85%+^E7MGJ)Boi6fNwJ}K z>35cz7vzX(5iC+N=E{y1(Po;|5r!FSBHU{eS3SQ7Ic}jJRq>?q{@Z^vznwO}_1L$U zt#8Gz@4rodegAFn>-%rRU)lR_$NS%Y^DF!I#$2Y643c17s0AD{P^+P;gIKi-^;D!B zyy@f!+qqRzELwbP!)vPm871`3d>1(gGpeiH@3~mn->0^kN>{kKQX}Z+sh_ zedlj~bUrF=0MBZy{@%H|QftChKG?1z>0PN|c?DSfSGBswW0Ah0pdR&;LFoCt$e|5_ z&hmyL`=cH9lt^=Hl!$!qB*S_k$Y-U_SZ-vtI&PZhPAiV1TFI2Q%vuhiQ*mU*H>*je zC?xC37RA;T_z9AhEv@8Z(~~8Cp8RB`*gT7e61ZzrC1g4&w&@iQy{qD|1?Y!Up+FkA ztmz+|jcPUV56^sb-!b&5avT+=Ra^}Uv>HC2ZmTs;G0BlRvV7uY^uzt~Cq26UvEZJ+ z3V7b0i=B;#3bHK;e++tFRLK04Cs=d+hBlM^N1g#?WeUlHfo}^9^-WWBGdBfn*{aDP zc$cL>>Qi^=C4&G^xmz~Hl!$qes2DVu^2mzFuzRwUiKS(y&TY|5&4;mbdVG0xaP;=% z)M+>u|G1#P!}znk_RYxqV2`yArS!M;8bms=Z|&Z3p5ZnaNeV0xfw+MSAoE?aKzJhF zDDe9(s@V)3FyX0#vO41u^JNmbS1DrUi(~lK+=bq!ju=w3{HWQVJ6}iy4&)Z=wEOIi zbrWRh;-{4kgO`ro91a=!^2gnNOh!=`9=Z7IZs`PcuN37 z0+FB{k_5LjNQ_}l8)bFyViw7mBXm$M5ZS^Fl|H}GwKg>;ed_4*Xi<(&34-zmI+PH* z;o|55ugr9&e!3%0ESkMVini$TtR{v8f6(G`4RULLsTo&jmsU8>i%>U%K0b$*?;kn* z^TLNWRRVI z{xX!Qj^_XXf*up(qwt*?b(?m%tK7iU)qlZ-jFG$QEkv#SnoEh2;D^ez#jRqnZ}*0~ z+ufbf&S-D1JJ{QHyY8^JyFJ|7+iUka!rL9~b;Zct6`kIw%lo5kKHTf~cY1u#7rg7a zpTJ;m*D5#McU$e&&Kz@mZF|@@dDR-%yNULusTs^CG}!z^!5csH7>C$SZAUPyOl01r zd=)H_g@|)cl5IhMrx6rflNJ#)1^A*#0%NO=PA_QLATDW3|0hc-TiaTnH`6Rs=uwGf z=hPu7h<|QrWasMjsk6q;FZgRp602)*-<+^3jg=?J0J}mtkI(m7SBR0n$na46<(IHS zC`F$jN9*#|PLf(a*rKEL<(rGGi;Fj!Ix=_kP9;iVFTr(GFCDp0B;t*{xTiV))z<4v z9S5;mPnu<9;rPAx$@3zM$HLj~H13;Vq)v^x{34pr`{ZmD=l$dS?HoB^axm?RP$|CKsnl z{uXEg`&XjNn8^%0mf?nbrj`ZE15MsgK}yPGb^5B?CmF7d1_*%Gl9Ka{@{R%oEk`Qk_Tn=w$S z(paKCGn`1oOhIo_@)0{vcjo5nxsKMPgAv4|5}S;-Vz9+GH*Fo3IsyHF(qDpUsRFdLlsj_yDcJQe z1{?BhARV;%+gl!;7IvgjAa4UX*1XXThlV_OWI>V|PhfZrWzB;GAa8kct^XMa1st6H zO1ctMaSQTXB#^PB;Sk~~NTe;22Z8hP*9PsMCK(WIl9e!bEcz|Kd&S-BEJ~dHzIk-v z|1RDRo&8Q5qgb&m04=`pla$i`iEx(xtL)PDm};W08TH=?AS(7#P1m(_z=D5C7)dK&I zgST(U6MU6=6^B&KTG?!}OSL}wBL)nO#HuM`ZH6R_OOPH8a~HRM>P}2*XG-H^g6t9z zjB-|Dov=wmfjX^=3z5ZqOk-V){1ABoEn43pyuAh7M8d;_LkooCl2#5DC<@28KL2+Z zmoiJEEX8NUv+Ad8tgtARSyvjamUUz#pJn01I$fX=dS;ZDhVsvT!iF*naf62GANV8T z&RiWrPE|xUT*@z8oay_$ZV%mL4?^31KuJykPtkgwN}|#7&uhTg--?X`-#g5UjeV;L= zJ)P9wo6HN7{ogVX&;CD5%5!jVaDYF=GJ?OPF8&vCSE#@E?i8P>&SC5yGK22bCf+)g zO>{W`fx|Z^ph&Zsh;&Z7eCPa8r&>d))kxi_q10(8RT@f-j}EJA`oQF?=-sb~+^Z{Vv z2h}hipfI4gqb!GbHw3*xe6M^eC~Xerkqm_<0ylY+EPRAT0zk>35*T{bA5~xcjcLvG zKbfvk{-+74Yy}Z~SDqsWzx@~z*ffc|u^wBQ$dfuuRe)5~MFvr+N;q>~s`jIL-{{`R z^=%Y%be4??)k!N43H9=RJ___NU*~AR%GkYokfjqD`@iEfvws18fM)6UFVy==@9&&~ zE{z)f=Jvc^q!t~Z@+Ih}^Eb5JynKCpxoJ6q6i+RycZ4oq|9tOed}KT7^7X6pnu(U~ z1qm1OR#Gp+8r@)`HEuOn#FOL}@^no^s1DM;%XpURJTu;d8;`X5VvR@T&u=`~;aa%8 ztv1AdRA0PEz<1$V%Ymk9^C|C# zn;>)bTVi~Fv#OQn^Pnyxx#myvd0;r7a&9N>tAOyCz`bEA#LFn5(3wKf1&Bs@N4MLF zv)QVuv-~dJws@<0(>c6&0d9HD7R9gN6<28B1uk(_!K-?;6-uZ&x6KoLUzv5{#xh!g zDnz|i9MZKT8ibWBRl9rJMN1XPqRS2Aq_bG=Dq%&v-QI4y-QV8ZZj0UB9{0Ey_By>z zx4$%8e#PBuIU4233^8kd zJToBya059m#sSMAhOm*B6Jo_mT@mvs+pM{n~k;ITK*s3ZZe+K*DcBi}DGclUP zOmcGOR7=&8N?ud*N^I#eEIv0?7CIVU8rKZm-%V0k!`M(v;&w{H7L->_(v{aHFBIOA zBU29M6Uv6O+ z$=0c#Yk9rii101Ht6j4TKDJmDI6Khw3)YAlJ0brna*rJfx~?=fGdJ+nzg|Wn)=Fz7 zJMDIzj-P;Rj20;z{zr?}-?Y4kI#>Y+BM`vx>olBeu$DUHaw+2CuVtVKMy;a|1Kr5u zS3Nq34)hH*J|(dYXPO4NBPb|FkqepMvZr$H*hm2rmv1i0iAu^dqOQs<>ZMZ6EA>@H z40$33Jtjg|s^i+(@mrH5scs)4$x4<#@?D+^%rF@HH|p=#VuqOTTFfHu!$hI`Jv@EJtmZA0?TM%?q{a|X5;`3Ve%Z!x=^dr?{Q9mxIf2&Zhie(pm1-2e=UA0&#tm1Cb zLV?>p8;fvxfmW-{Df8saaua!QvGq(9^GPX6wmlhsJ`ReK;!nv%u^2f&js!a5uKQm3f3WCUJ|vUh#ClP_L(}Z>*$C?oFb8q+C$ZQh=|Mk zAIQW?d}n<#zwC0m*zr?);HUi>YaqO0#ct@s{4nW<%;U49zO4DzbO%`~o77CAPzIT; z>1Y8RR5}!z&p10gfE}x#BP6Oo3%BYR&5BzD9qOwBgfb`u9Q&zs+<_7Eia0Fk*N7Jw-z_Ml zBiUz7@QBF0q5z_iuuN^0KZsz;a6hE>4T6%?CUavM{$DxVpCg0Y3=D_(E@+(#4QH(U zr_g`uOl3Ev&RWcPs^b{TPF(m$9k4*fd*FWPp$>6i z+=hMt!&QL~77I6vLA!s-p>gD+e620W`zg3bzIfn56N+Xsktw`yWnC;Zlb#HwGUaZ; zZYU%Wn)+Vok0+@nnjQIZlB#tB2u$IeJd#-qJUd}J!Q{uuEKK=bgW0y?`x73k=4t*@ z4wJ2Kbgwm0a=B-h`V>qv$X=}$70AzIyFWw7BU;kbc*8KNJd`#8DvDsnJU?+|7DK*R zp4e{Q2WKaG*e7J-Py!;Es*?~g@@SV~O5le!2a^qo&Pn1fl2&jRuu0GdmEpYXD0AOE zeYI0aaS2`V{IT-M@duna}8}6&#q#McmVi$tr8ED^q{)^2sW|2c2ymU5yj zSEHQo;mP!vf0uNwiAs$jS*@lz$uKRwFG$i0>!N~oR`9`EF zI}ty{rCZf408^UKLA}DVIDkkY{|@S<)~tNCL1=8AsPhEr(Dg#+PIx#*YD2iw@<+@k zCbQyt>L>PfKCX3;@+`@QP2^y@jJXfjj~})^6bzIA_#kyO9Qzwg+_l&ToqxAE<oXC><%4A8f2W^rw?@BaULAU`JmSq12NchJDt90w|9p^>ly`1G4imK5=dyNNx2|CyJyPnl3PP z7fL7;qL-8w3b9P0^s->3&Gk>KZTP}5iS4mg!{ zy6BP9U*eII`75~N}IHl?Xi%y1-U@l2RDxC<`E&x?y_Y zfjSe;*n}sVdfU2%i1S;BKxwRgn#qj)Q>|*i!B?2fYMmqNtX>z*r#C(aQ-8y*iW(n= zH^P&lfY&}ikYpB(W9|tI=Dw{8vpCw_z$XJUWnI*MIJEaQo0(r;U#Vdg7wZ~12TylO|IFzMQ+gBN~}wTV54yus-B>bJq$2g6`v3T% zw$|$85!#NDw5*){R|;rdAumh*X*q*{LWWTa*PJeSSeKos<|)6(Za;qrJt|L1ohrcj z|AX47YVVxkXWYneqmW6;Cj17|c@j;J+Uns4Kh%xdVke<1r+{dv%@ndo(PU`&vVh@>XG& zc1+}7<+&Tk%xjGy)kn*fQ_O^VQY{iWI3e$bd4|SHAmxilBc1Yu$HJho5zu%u`%uP1 zZ%fA7(uFuO;$yXO0^5il&Ey{cMskn6;(G@Milr~jAI^V0gv_gZXo;IL{Q)XxGq^OK&}M3WRnt)9#~|& zc7-5(L96gDqd{X%TYOasgqExSz&t``7Oz;!y;2G3ky@WdXob?g`fNgVb*!}kA$S#P zGV8gl4Gt!7xMC>sL$Gj(Q)4i~7i~*@U`YfUp?S&r;p9v|Ee>>2AJ)jaf(Y~5S|j9F zPnyH>qNEPhFgs!S$a4~Lra*NdV2!DMR^GTTt+ArnwAPn>ij749(9jZtHq_2N8sW{nN%y+yZYtaYUbV=mXm9z)$NhH#%k)FoIOalle34m z|J)ryFDAHAq9}ZMp}eOUVAk-ucPK&R@*7${ z?wP_(ygK{7iP;eRs5#}yZ%yn+l*^|CZq;~48`?RdI-B@`%v1V?6&>AEfd5^y?jShN^IroXig0< z>mq!`8l6e+H3*>VH+u(AdfIm*ap?VLS0TvyYkg!_A5@x*XO+M#?vy-I7 z4uV87j0Ys={8V0xkPR~k;d6P!T|b?zqUnF1T@-ZewJJ*fmI<&%M#vQ*_2t`xl_fP} zF@gguPlY~(`T1=V{c63RMcQ&&$LKUtIjX0v+D}jxUaDDco@#TO@X$*P zChEcs!0<#5Iph6v~ z1tX`khB|-cTesC@bn{b#5|mbUG#IsbIlFjGl^c1`7aZx`!j279NpLK4cLIJL#zVkd zN6Ofa!vlDxwjk6Kj&V&AGz$3G4A;R5Hey)j%Hw?SRO5WG9_QmGP{aXDy zi}g>kgv_}s)q&JF#pMAn+?S&lTF^m}A9oX0_*}~*L&6*)V|(6^NdYeBiXT_mi06Hb zRG;c&A)+Ip)^K%BG~TL}4eCcBBDylyFEisbO?J53qK6eNc1K)HWq6_QeTxM`(9_BV zM)>xUa&T=xYy*%r{ZLFX&vj-)VRIgBQkLuHdj8APSp@ zpRgD2_xFFTd3lh(++we0xg!L4w&f`XRRaXwQ{j&%M}FeU8xgNC;NNsvs6H9W7~_&5 z5SwN;`toosLK+?J|+bn=bmbtx(cxIVIl*s zobp){Q>NwxAVDs~f>xzQ^*nUjAkvV$Y6=l>`PC#1wZbjCbNN2eb%k~)boL!Rcb$e4 z>|oNdv5ft6GIjQySZ1Mj70aO?It@oh*A_mC@EY`b*8 z+=Qb?r6-BLJTaa^_WiV#8oLm(t zSEf1=YiBF)=~rF1b(%c<72Lc`EDYXP7xa$>u1Q3qF_bq#_gjk{ggHSkkh9Lty)dUxs^wb8i=KTCUqyFu?YPlX!I_dvdRj0`(H zxaos?t}e=K1%ByWLK|Nq&=XsT?LjZVIx3%gSVhXR%CSh{fqS568xV zPo1^sH-JR=6m`La+o6J6bANbK@|MzMtBV@vw0U8#+AMcg)Z<52q*bSS9gkfEwn^g* zVT`7JbOlrFDi(0K^saD@`y=o+pP>CjL=!O;F%M`30Mf0LCVN4jVsq6IT;_y%=%NZN zmtdTwAfN=!x5V~tn;4Q(S(Ub)58&|t4Zt`b1az7nSuuJBKrAWgP1#Xq-jJkgF#>kpi=bK!pI zrz^8akqG@=NyyVsNg3fQFiDm4*(@qFlrl}ym`C6HWeUEnbQIB|LR#{A4_|{X!T7ii_i<*fW`%!9Qt_I!q-nQF! zyW87>?{#{^5$_Ior#ceZy%I7{=sx1z6%`cFo_&OMD0eg$o~mN>F?mSFoAv=-fa-0JVm^9H#%BrVHq}`eXFWfJI$v+>GXm> z^B_~Bq~l<;4umRMz7DVPLuRQ^*Nh||%sKuPEX>vy=%GwU8jNC86BVx<3v6Nxr;!XHy^)@gWaYQyqIvc8;Yn>8!2Yx@ z51=6=81s0j;HxWx08jH}`3fW-#N&ksxvIA|Bk_2g;q_jP*d?cfveX5KgreLZWCCe2 zmLC(!MNH^RAK5VzQ z-R|yQPq>|t>uz^DJ>K(1qANz;V7TM;clls2=qsSaZduOye-0tjhZ#W!w-JUnx?RB}+ zaDb)TcgvD{p0_(1>=!}?1<5z>-BdA+g)!* z^m@JSUc1k|?QVC#_u9L=Psk8rw)TdTWTTOPhtO~pzL4?|w@$2PgebIgzvYg26u^41 zba+46fw)|k&wDO5^?A&>xTXq8Mf!7NrCg}nrzWLbT=>_-Nom*Qp7xKGhRwqC>MNaA zS19HQ)2lB$Y1}`%`U>JI$<;dxR5k9Riv>U0&a*`PvefE$fo3wRZ$C|D^?%CY8#)<% z(md;xli+Hp)@$156Qo&Rv1is<){9xzS7@R~W>{aL1U-Ojrla|ZI$o9XG(G>|lS?4|Ecdsxd}kA{Qx7v)aU?BE@5hD?>CZ=*SWqD5jFVfEIZ{#&2*oV>(|pCM)fc7UqMQdWpg#Tn&QCoPob+gFM`Q=W%fc0JCA1g72=G1F%n#_ep}y z29t`?h?@^{V}D7ul4i3$9-f-SXmPn(*M4+(dWLO(ftMPGf#6{++vK$$vBT3dobCzs zmkV!ak-`tAujzWEuCVhXU_U6j;FO9`d$FtET8iJE<~pTZ#230%v1;{{9Jvb{Fbj!0 zoh9N!A`&Zt+S9lxZE3c7huse%@&0sRSs!9 zov^o;KUslD;G`CM?Bww685_lXY+R_Cp%5Mf15&`Sw4z9{bsl4Z!O$nO;NSl&UKMbU zgSURA?Am4B594LW;mOhYTQ#&QypaT_>RtnGw}5<`!7gkfuF1rL7A+cYCr9VT*{nrb z0+PfxZs3rC6jm3DOIR#Mfj^$i^C*P->`!}_eZ8AB@fMprsGsBx+f=Mv&8NA=&c&~Oe{H_mEa|j- zIB576izXGDm-ezil1LdJDn+btMVQxV!R25{hc2Q3PCR zxjf3PdkVOgcsML2rcN_pUUGEClu!Ax!a_p#yRW8w>0Z}PG5 zK&RNe2DLT;BmRa5zWV*}^sLTgYB8PM3cV4~;ZA=_`3Q8HGLWPb0s*+qIcMysm#sDPO|6YKP9nh-^&am&rKrmLo0&!s22>9u0H=3ejSnMoi;BHiIQ`|ll? z|4ldan`)+0PK2g94>kQr=SXMljm6~5ya8&$NVe5D-Qmu{p$@!=r z$61mdo*yMJjdgTsDZI4i27ATZYU|3ZzF!NptB>yB50HXUXS~T%+>BL;h1>W1W;f?G zprb{S4KaK>LCX;6SFkTtB!hP}z75iNpgBS0h&en69M}V$P=><6To9V3fW8t71nbL# zamHgFrdFCdF!LB17t)`I#**?pYnhIje^Y8BR4Zr{iIgZGVJxSGdkho{jZhe&Xx{RZ)R$KvzRcWqqJE;1krgYSLw7UV5oUfYO3t#VkmiWr$QbWt zZe+cLI`Pq*L>#LMH$;;txzZYS943W^!BI7aoMPfGibVn>o+eM7E2j}p;o=Azjf!9( zgy=O1}^g{9I@j&+scIAI(GUb(15Zc7||8OQe_SAnP z=_PQmxP~jD^4TLlkyk(IJ0A-ksm7-D8y1a+bo=b4vp5&eh(*0?!O$2@g>biOboMvGt0-J{o3HX|t92L)FBR=9m85;Dhu{}6|t z`YV10IwWpdj-Rff2)a1DJTvP$E+RkU!9>eg0dIm3LkoZU?(%q_9cFPX!ZesQ3O_SX z3Ouan2eDA6I#p9-0#ch`7Nq_JGI?TqmduDHzI~JV)59xQrJ5< zcvx}`F!%rkG!rPHDNPX{N(qmaYl@>vC+o@eJN)6@FG{x`Pu{#KMeM7;pCA0c#%4u2%IO?-d3a_7ev?|wQzR6iXZ9A3Tq`S|?&4Myql*)-0YL}-hBvYM7ELwrMA?9iNE~yn;ByT9K3JZ7~V1+ow6bJ7>*`BzQ}&^bIDU~pVyzkbE#m=Xc+iw^>`09KP?V$)J{s9k%So%QIGxXD zDw2sS;&d#+Wl`|3(5sI%T&_>Qn#*nS$VcL@CWK4!R5Vpt34!LS20AGXP@iSv>Cy`Lfe(Cz!W{{U_UQ zvpcq(Y*v+>b8hXfaBMATjFNBM3pkztspb-bNwf)BbiQxSc4O0VB09%ZY zMBb6iLU$6&(EnZhxSO1!8)r3EBY&$V2uQN)n&phxwKb;+Anti_0-s|h@Z|7sfarvt(^a4>ZlF@k?-*S1& zjZ>$bjXIVxZJOV*L}0pgJ&7Pmbu7~4l_5F@-`KJl?efhLdx@<&0tM?4D9+mQA^iUhU(K) zGL08(F?phM1PHiR<)Ehk;7;IHD5OMB#&0u}F-pNxw}{gw9`|EAy`L!^>=Bj*b~Cor z4>eYNM8-VOjR2|EG1&+?N2vWdHAL0AQe-Evi&u-cgbEauu(og>TKu<%2dWhPxmVG) z+`0C0xd-dzYyEAp;cw_e=2?Twxq8z^_{9Fm(`%b;L{kbRj1|ssl8scCt08y?`2= zuG5^ncBxGt#|A77psM0E}IQz95=^t*zBfHrb=x5i`_eJuMno!T^OQQ7}a&Y zcsHqtTCQK46zu?gPAo?h?a=e{nPE{Xqjj6bIKNIawiCQ z7Sd&P!3*;(<--BDaRUA$nT7eSpPWwplubpFP!z*Zs1bQ~zSKCk6=gxN)opjW+t?B! z2!0IZZAjO-zE~yYn*}J8fF>pd_j3{KUmO3n{_`jKLnG(>_~7X6ackXBlmfy=9}9I>HtDrv9wre-D<9qIh2ssKGSZb{2&Xu8 z##iqbllo|*q?HGUndmx}WbTCVWW)Z|y17GLTuQ)NU^Es9<0<8@+}`S83=tghH`18r zi7fK0gi1GkBbleep#*2@zd9Kvib@q0CKfqGqPD13~a50iXygK_H+_>@D0(LrcSf_xBjT7UzkT7o+ z@~Q8tbDBCu!4MxJ-*T%3X2eCqDW&vp|l0w`FQR@yC;3wjo9%b-bgvtWhBD6ufV3Z2bFs zef=PKs=7u&$QxhW{`yky_c6b1;hvu*A|`7@&GrwT!AH`~47bG=xW4IV@GC946@}x? zjg4=R0HZasv6%W3j!KnF`!1<4m zfBs;~f0rRU{_%qSi@la|90>OM$72W)bz`ZP1a_c)-1ygibHDO`8~ zWSlUrhCLck$AKK8n?{VRL%~#na|J|kCUPodXb0M)67;WcK{Tlq+vH2b@GtgHIh7b^7b`-{<&~h?F%Y6LBo={B(o< z8TpYIaX--i4rLZ5BHh^d2JgzW1CAfEgI_M#@#zU1B^t=25%|}5fx%Pug5M_K74)d7xKN{^x(2+e8bqzM8J|9izExujc?$-HI`9?d1Do-Zm>k!q1~yP z@Zjf#UR!F}n6{Maf_akpDJ3-K>;)vhQbYX(n@D-h5+D7$`~)aVLW=r~vvA`Zi!Bq= zb59{;8%Z+*;3!~2bvX1xKYc-DmP$&J`au9SzY)yi;TX*SriS3r#u7eKYp~1J$t>p! z4CTf*%oC9aJrTn75Q67)f|p|)uY-An|QRD}gIaIONk@JKD0 z{uI+HV;~2nS@%`FU5vv5o;c^rpsO&{BqG$ z-P%0-;o#)-U+SNS?@mwO9-RM(k6vs#?BBm*PTOI>{`&uIq!STtFvgg0Cz8E55`lnC zsyHghE6dZFG1UM(JUwAQpB=I&$i{y70)))f>}D0s*uQcCke4qO8zX;%G?StD_ZNSP zO{1{>+otNRJZqDFZl1LMnaFVUG8V4?{hj`xZ2#+ad;Q*e{r?<){@7rw=+eyofa&7| zKuy5j!@n3kg{He!Nj(F4AXHK(eGLqv<3U!3%r=>bO<4~k0o`d93_$21h zUR2WXU8;>e#;qhkcd7%8)g_JlQ$w9rxT@fyYO7p zy>5+~KdOCX1>IWOWxi@V=Wl-;U0j`=zk7Rp`NQ!~7ayxCf{PAb@fYROiL}@vj5(Or zQa$}>9)Gk-Hl9Jy?lt8Ffjuwa!RwfNK7?PhygkOT@14m~kEk~5+r6MU(@2ybUOp{??8;fo6^>U-;B%OLEC_LY|SrIepmO@4{M$#6M0*m z=&4M3Q1dn(*7OgRng)IdzuMB^;jQoC2(+JCvjrZ7z@6wLudEtS>VX+&j*N;+BGUu* zjS*E*DB`ZD8~!;lU8O_7(5!|?me}2o&#V0xD=Zibn7E@rrn$Zeboe`agc`jIgB(@_ z^*yct4g0qlzw^~^-F*1d-|}`#=G8JuxqDsFI7x-V>u>z9T6ts@SfH!8i=e7WHhmfM zRJdN;Y^QS{yalEc~mIt>;{@4Nr^zs}zx>HV+s@qK6d>*l5c zk1r$XHNZhI*kpfagLbhYMlzmqHP{^mjjynAi?3*B_3t_I%-Z{*nOWZ(Ie+{Cg?;>3 zloE>(Yz5ANv!Kn5<9=xjE9JhAVad{aiFtl5#x#ISA6!iQQCj^Xg-yyihNflz!RU4` zueFn!4eAejM)O#B)j6F2CqiMpg6Vvv7k5AO{2SlPcu-xr^*gXH<_g@=@GQU)xVkA- zN3B0Jt06sq6(^M5u3wkT`cpI4XZ&u_EXxOwjHbmdr!24~71R%M{E8={GL&$Et-Ova zY~`_4mAXyrIcr%N_p@q;^S~e1?JV&84Mtua;&Oz^XKNEwq}`X}THs&G;*C2DOUSH^Zydn_4S> z!c3Wq7CR-h*zJ|jV%bR6uZ$_cgPlRgf-u^C`fGKnzQ&~OPG#1_^46)X@7(jn!OyR+ zZu~gScyKipQyI^$hO-pLxARTEy*ua?EU^a|z{q~aPuN@d1YREPd3&Qh`{lO>|1)2< z=ySJSn4fR?U7g(iZm+kqHu$nHbMo0;GL#1uC6=Fiy6bb#`rK1H-xnQ&-umIf*B^K) zdZ5_KR`sP0NhLsBx8AORi8ntr{$1A04?P@xCDos^Z$8Pv=qqW0Wz+rH9f*p`vR43I z)<>d89f^j8Mr7*)(PBL-!~gSNKqwF&iv&V$3v0?1*3TgMH9-F&9vNkTzWWpay|);k ztC4k(T#_GAW#D~6{0^CkF3>w`jqSf6w*Rugw+8vuu2G*9_o$a12MT|FU9a{E!07(C z@GESf#d}YEBOTqNk*de1&)-O^HpR*5yr!6Y&vg7ufb==(%}{Taq&&^mPMOG|uQGr2W7pSwc>3NC0+s_rCP%m+@F;1pl#l6TH02Q_vi)-(jVhtg z4?7#}E%7<}6W*PCiqp)hr--xk|c}83dm_yzm+nAdFGrcv=}kn5^Hqw zROqC;JvUOArd}5MPqVE%omQ!=PXtoB+nqH?p|`(mTxe&fGDdN8>{~{rMS-CQXD1I2 z3jL}O*`E&9pbRiE&l1*1-0ol5TSXX9Y`T$NpwaTgg zMm(K-a)*OI{=niseq?|Ap-O!A{C)>#Cy<|s1w0j@J7X_7#Y%?K6Ps)3`baN?FOS~l zK+(T2%3K4l=LNi~Cai}cukA-8uhk7)kAPm~hil}uMqcyppx4OjFN3_M{BDi9)~IWZ zy4I-c3z)mQy$6A=C1hf2bJrSleO;jIp60Hv6&4v)TJ8XzTWn^ZyJ$D$({t?|(s zAK~*gKAMYi|(nHf4q`a*d+a zDC*CMqP}d1;&zo68BoBE6;Qq?LJ`^G?h&Nu$}mMNkVjoFsOjg%X;0X)^MXHny+v3+ zFBelDUwiU4bgFIs>g@Y!gQwyyeOOp%0kf=8`Xf>L?lP2K87B{lP3V0cZgS7@61do$ zYmojBkX~3bK8c}o7>%xyS>o~_xbm`?tJZxqLYI+1NuL3co3fsL;J`PU9(L^!`TJ!Z=z0%Hc-QH**H~$N_4}ou(r56WTZonJ!*{{f z2<(d>FbjX#6l3GHwQ5at@fWpKt)bQz_Op8+*7}Toc5B$QhE1Q$#I%M@Uny)_2YIex z(;7D6!!>MrV%W4>LQQ1@RloZn&~z_0{K^1&1pP(bZ%-SaQ2uS5sP!*{w^A8hzw9?y zow;htqbnIDSJ3gR0HS^=EP+Q?YDcu8(dXd5pkg5e;p+iPQywuHt-YX%3a`DO)(~k8 zkv=s<+I<>`bT5LiHAGrNq^}Ah)tRQ&5b29Rq_zEM4Ug9FXbq1(6Flk+o(3P?E3MB{ z;-gQ_aIuC*e_41`=D1i17RfAiS8yq#Fdd~Fz$XP5DMi10>vVqJ^cJ8$LLQ?rM8Y%Tt_Q@ zUFdX;lb%0Ls(95u5GbvQvDQH8&jggredih|eGZ_sW^`C%q%}rbUv_?RJXE$D4IY#& za`)>X^M8(TXnoK59Pc^jdCJ$IquM~l#b5~`3xTFhw)LQ5Fmmxe1$_osrok992<@4} zGK<_{?TG(KRJM*(e1M*7==E2HUKLZ+!?4%hnoMhrz5a~YtL%cm#$JC`?6vmrU*oPd z?!t#_-1WIROa~9T0o+?c5%Js{_}5PQ3jtL3O97})pW{XY8gV1SG`adM6InS6<@37R zTN%i_dL}^T7+RLa!WI6F@Ycqpg2HQG{68hE`OEm?@ANCe0Rq?z2oG|_$E=nt6zQ#u zubCg>X!2$Fl-~Jkc==`F<<3KBTX#E8iZ0hc@yUSVpUKizj^-T6_?E{Wg2L5lE=q9G z^JDS3prR@3*&DmQ$F>z7JL8DB*0AtVurOM~!siGJ*Kp){!I8=>r?Unme+fWR zzn;OQ22025^W%$);(Df+lFowV<~gC8;Vc#RAn}@uZrI=1?i%6LA)L#Yk4C<`MmUc{ zIKwr<`3ewDF6JQcZv0(>9<=lV}K>W}RwyaC3qJqp&CYBdLnKCTbeq0?FadtIf@A z)N`E@6mnj5+Pi2g$1Rfm(>JA!#3JfPLDWS9-_AVw;kG6OkXk(bBJgywc^Cn8d!iIh z>*4dChoac`e?mUFz9iy34hkY#kH(#$oqMWB-xlvW_Oz~I-wbt?P{N~Jdxe8UC*jN- zLN@HWB;Y*ge(nz3u9B%n?SwMOV*2J2AO98NPx^3#{hK$R94om%~nC z?K#$-W9>QCo@4Dfpz4HlE`v_1Js}5%wdh!jj&{%3o{b49)UBn*T6(OdXSTYmrKfagZ7n@dn5@sl(zDdWTYgK= zQj_m#SbClU37>|gr(-QW*3$E+{VXkj#ant(OU71fcgxLjPiC?4TK!J@NowudO~;R# zPFrd7%{yrGGv7tKJI{S+JKN)R`MX?)HvPqBg@^WDv!|f{kCW_=mB3KJFdTNF=S7Ip z3e;tSP9k5S#80cAf`^7q-@eJFmOfA6zV8zka+J59kkrB^3!7dRZ1Un!*cB^0ibF<0 zs@`QsLkM;@JNXloaUV&jwYAgQY`RYpYCXXNlG*Q=oeNWKTTj>*fsd93?ij32V(*C% zMQr-q&H8Pu5rPRAS_51_F5q?w-i)}$jJGa+c_I+$P|;sAFdfFD5S$D8TeM`+(n~-~ z7QH+&dMO!%=DMl1X;bZ5^rBuo9C|6i{g zf$RN*kn8vN6e@jR^+3<#0O+2=t?#9(SRAO`OI3VyK5?O64>&(gs;(qSmf`$X*zCH{ z_mczM2)PJfA#d)JTv3m}RBJ#Ai&gL=$a&a45U3R`U*3e$8BMlb32~Rj{B}Y-1dasl zEv~&Qt{pu-UbMK@8r`0n(QPh&vzCRVF9MP-q1CN-!w|i9s~h+c>{!d2+46Q7!G0gR z7NOh?q4ccf?Fk^1teSo0P;x@#X6U>^u(z|ZTd=`t@7>mx+uF9~x9PFYqRnsffSuje zc&wApwoqcm2ZTa;$^{FP9uX#)H&xwor*?@v!YJAAOr_?x;>}Q7X}f(a^Hj+)6~v>Z za`wtgg~>RsVxA1C8JBm=6})uEw0}!HUh{f2X6h@goCTW?t>Mu6>pf3k?vj8>jFjbi z&BNeF%@$UPOIrn8+TJYS(vl6XRX!CK$Wy;=zYMFA6*Pj;XOCP5PI-ekBR+O-oYJ~w z=qq!KM6c9_%t`Lc`BP>{axd$1w50kaGFZ*Y(B30hiCbHxeoR)JwycrZYCoo(BPV6% z@(2(c$E0dXqG}mz*rC{xyZ&}pj$+26_J@YPCeqFu$73FLDjk+=EoCskIGT@zt*ZX14(_^2=w`a9mpgxzF9&+yLFV>ouF-zKI@8h1@H+$>1C`mXVjqkED75 zEL|kp8D~EbAsUi^BEUZYEBjZ2Rja_<(Y@sH)dH)&SljAyL;SLBbuNtGYE1z7*0}mS zp!yOTSF6I(W;3qZxU^~F(v)r02Bz7-w3h=?iek)p)!FPdU43_Ogq|qg?Lv2R2RbET zX1YUI4&QmzL0%JCCrmIsC|c-M!L9Z@=gqCA#Y8Ux6PfqV)EHN~?Y|IxHoB**Pxn<1 zycz(xo#kqq!wflsU+<}=tWRU)!DArO5e{;Qltp+jKoLz$Wiszo*M+{{_2LL}W`8I{ z=1grrl3{a7U|izmc@39#Zti_fgz$kDjX$}q*eXS<> z{Egj9ktnXj`_Iu+$NJSgHKY4H3T9`*)uYz2#%iYO=b5;P6j9?#cN3W*tHvaUkUL=a zJ9>rWX|fEiAUJ8PiX*xFn*InuQITiaX6I?^l$nCsjNm}@ngwGN#lbnGvLed9%xi0FzH-C;NFxGqXk9Y!OeFFXl!iIXDP|sRUZO-PG2Crq> z{KS(<;AF3}vypd2@2l15yy~-s1Ub@O-)(+!L<9*ZSm+nX748Qz1|3r9S70 z{X*^;uAIFG^bB8SdL&|fJWcN3BYT-?qJxmhTFL#;L+k=eN)N*hl~UqxS@g5KKlphZ zSRKt?$o--;v?M;b-*$KN?k&j~V#$%aT*e*3U@(i%x7D5=IjDGJ9-r@>t?|0kQh2s3 z!spv6UGuqo=XR7y%F9HRYRQgdCe>ryE1!%8m-7pn@)+Q0p6)E&2=Dz&XX!>b-AT@b z5thBzST|%UY7D?gK3vv zuUc?0?Ocjgt9=hK12&rWC976XEt+th18!;=dTs;EwJiJ~=jzl>{& z9;1(w{8b;%)xW>%?e=#KuKurfnjO?DItA%(s!*3TXD`;AU4~to^Cb?qw=!Drw0xH2 z+40#TjK19w{MwDs6{eU3%jF3EASU4D9q+>!gqL@`Pr%V%ns3h)^(?Nome6Nu33W-p zB=*T}2+IT5-1=BF_N+vdtpcKKZx#?`$w6YXY{wIraeHGNluB062u7bha;B!BO{13lzuj)-}A$&7Bf8w%w(|T&I6iSEsL5g zYI=&OY1g8rCxV)GEo#y`Y*EwmM@?BZeTe;vC@}tNJv}PlZT9oYH)!m-Nh;*c&27|k z4R6!$H~O8OjScJII5j%kxC1(yJ#cJm9{_BruY`(@)R^In>z ztl%3+ZmXLk=quSv#%ztta5uOS#LaLk#YU4#N5&NulQIuLOA;iTk|)my-c&E1CVYGH zNsk{LsXdLL{-x;U5+F4XQ!2Xd+x% zl721@Fufe-wN5!2LOQQ)juUEAIIkU$fJMajQFIsgwXC;qA@;>?Vlpf8mkEL`TNOpJ zHW4)4+TC*PwHwp0*rQksJFPiD==OwbHy+?L_t6ZBHfm=sdt$OZGQz*)do^^69nKpM;xIFgqar853skIJDq$=pYfIOU3o$~qKMu``Kn<<532C4HM$nz z?t+c3bK%|2&I0l75PRro6tbJyuyEm_^=o_#oE)JL!IDguPY=a4Q|gMF;a#wGvftbl zTPGXe^8nY0KuBFMX*`-IE0MT~cNMII*;|}D6OwFm0dAh6q2)Jyr<4YV@r-T)76hA_ zsKTGqah3)EKY9-r2Yz3WvAY~DA|X|C94wf^*!^qVLs5VjqJVFM19g2|Y3%tIseaKMY-l#aF+2QZ{taZ-|borLY{|_M>E&%Sz=5BAnw{N_~rN_N6 z#1utWC<2P=U?sWCEg+taX?h?Gyi{i37w7n4Vc2rPFoVr>J{&ev$hXB|ic}VdEin!& z-u!8C*h|4-Bly)~FpI%nC3IUB&Lp5zGAZq}=fO$a?OAZrJw`%2$f2G^Lu1iU`x&F5)O)mxu28^eH$pDL zSI8TKiO`oA`foltynFobE9hfS``eVpxp3X_8h|1OWC3VNHYCu})5z}pk&|-`d_8!9rX--%)A#s6)MZm(M=Ld_dvFM(SMHUiSNMs?AdSM|^ zxxGh7<+MB3t?|u!$h$hdTlOPg8$UiDz%xQd&&bKTl$WW5jH&^VKoxI3se7JI5W6PP z=QHAC_hzyKwt_+6N6=|55DW1oWkx|ulQzFhO$C80@_7ka^dAlR=-c;lB+_>y1Q`NS z3_7p2n_e$>>xJVXA87?pd(+D&&yPb-uK_jtyWY0VZND5Ct88|f4`j6_T>oxCmIYZ) z9%NZ~bwBXR0xJuw7Tiw@tSqovD6lFTuiDLxd2m(J;wp=)o;$8O!id*hBliNya5J;^$WGH+Yoskkgl<-wDWd zeWRJk8HW+|(8+xlV)wH^f$D2Tv2KE7baCdinwsR_(En&<^32)NesAf2WWC{UG#TF3 zes6h_kAF}4&9Roo6cby~EAHqO>#ejm^*^+fLff9+-=r@&lKnvhoONR6s@*>yxewkW z7GYOXCt0jlEdGso@#qiv^ePo9t=etvyT|&G>u0@>eMHygA9WO5k(+f_D9a-luJ;IG zltnPC%V&*$QxeS3Mzh&$b~ZP~|IKEz@PB)2dvp7{*5=msW~cg}z5d z5C_Sw;`%XVQj5gFAVQSZlSk>Ap$szYo+ByjXdV-x07d$`{`Rd7a38?H0}Z*oHo}N} zy=i2^uz>>D^HEknaIC4o?QIzdBw|N=RL?%DkL0SYC%w}5Vd!~$Y$bF+xT4WDzs-H- zGzBH|8l}+ABi2pe!nbeLW99|HpFr8Gs)sJh-QH@gm@yT~-66z5US$ErQOKgj zLgj*G@;20`jX=iSHinFaU6%v_5_)fU1Oqt8kvgr2%S5m1mTh)gng5#zPX2#mK*+#H zFvPUslF_>C0s6{Nz_(gDZD$%+8;xHW3lGva?<;$$xVsxhsE@zS%2rw}5s4WZKUyv| zaKvKhclqix%}4dTl;$VvVORCAEBavUp88fU{c#P8Vm~^SZ+{Rd4#2$AebRA*Ql(WuRm#%AC z#`qzOd0YMN_lh^>FHEJ4q;tgLt=^gBPZc#Qb}3$GL(GJEm4YevB~^01-AU^N--*s; zcV?oZ>8Ww$Ig~{Rj=I?MQI|to5(|a4X<&t7rTM>qHwv7Rg^Wvg6ig$ShY0#?_%Om) zle0Ly+DzfXpMaq#fYA+C78LYxfU~#Pa=@S9OH3F7x3^PDa5=$p7-!Q7Wdruf^-p`) zDPtTtM4{KC)It9zQl+!dWNFxV-uLFDqDnBMFbmDbV#lP zN%n+(nX}YnTaxP|7{uYRIx?7vjT>9dYz>Kq-xfO2i_Lg9!{32I$LKx?OsPP3=057E)0Vw=41v|HGfbJpMj0#Ud-9WGle!N_%=M%?j|P6yRSyS|3EATbE6k_LYmv{mbKn z2iZ{w^!6#mgJ5KEAXMAk$;6(DZNy8x_48(;(#rIEN0o(5ALQzZW|1I^d=fDI0W3@BBGY z`bk6haR<=vmX2ww&xd9dMPnM{a_Lw-e3x_}w|uh*93S4G2zlpmkoRX7&nFzgNEg$t zDB5l2-1^0vclmsF8F6pN`Inpgze$K9$VjyAK|1Ua7A@R zKqMUCbw-08TxqU>cB{1p+FM&|ptWiU;&k@2;efw@eIG^4XlY7$*r`~r$iuAATW1g; zCPH(QASW4)dYMMSieM?}M86}qwOqis6T$%bhW)!T%XpF;-0k;azh9XgyqHd5{_G2; zu(QWXpwP@cm@R?Ame$%-2^8i@5Y^sH|2Ae%c);`s50U~Q7rt*ZAfz0c_B+SqV$t&N z`Ml*+M9!{1A)j1dim3SVIg)=U5oQyBOxw>A z`!D{kpZEL!|89gR_E5mOBQzq>O}BT$5betGIj_(bberWA6we!<-zCA>M0{S#;W`&U z?~DiNFDSj4#rAj3ZuS5unM1%TWMkZM#-W?l$3rsvAAdIYcM5zn1q6H!BpNS7%w#&8 zflN4f9%MQ`sUlOQ&ULgTX!%_A8_0eG${>qvy1Y9gX2U*W@p5%P7l)T!;`=b9<@{)Q z$eLR#m4L8S0EC%swZdS#RpKZC`8pcVNQ~{jmzV1C+5UT{v|J*YAZzyQ#}?oh=W}Ng zz%R~cr__td_s$|r)NJZt-*zB=rkX29Rgh6P^Igg6LZ z^zDbWTl$Tlcr+U#MG2;Vd867Ytx@^K=2PW2aY4M)cKM-umSP};@^dWijliGkd}>KHm! z@iF1T_PkG2xnF2u(A~i5s{^biLI@|L;l>u~A$y5~La$3iA>}cM8o8f=k;q@jw8Hd> z`atlMAu|z)JWyJgbuEcPVNa3z>-U47!vv>{cC_OlGn0921p6|Z@z>`;VUV(cL{e89 z>Ne9Mh*$1^J}*Q<-2cHnPw3He@#gKb)~yM#XXA|z?2qq{EeK?{^X|d`ir@p~1oO`& zga=3W-+=QMIf)!3L=WtMg#CS2k_i*Ek^mbixDXi{?O)BVQh4-UjY9-QBq7lxLeF{? z-e_$_z2N}lCdBUK38UKOEuG#?2R=!U_m5MK5(*xbj4rp9Jo@+-#T;!t(%JoC;qs1x zYnT}0c-{I|eC%p;4YT0S$nN}~kv;#vBRgtKdm;vlG)mgE>Us*z(*KOGq%W?RiU?U7 zu0$^UR^b*2TdoN|_G-bBqRrzS>l5F``bf}By36O}FYzUuFEK5*KR@?lA!!?alr9r8 zU7uElG#-O^oraxBPsLxMDW6@Jr=PNK@g%DRA`;l*vg+x@QWEecm1NB0bto{9`;9&T zb6s7VucuHik0hqPmW>vMU5b>Sj*e#!z})=T7zK;TJKcBG0$&s?g5&6?yEnA;RUT4hqFb3@9QOVaix8t%J+*be;kg_3B+3 zM|-Kf3SkE~{r=LZqQ?}G&pBfIcl|t<(ns65pEY{G`>$b1K8{X{i_4QT0<4UaJJ4ibE_qtjy9KhufL_RIpUx5jo`t~3EDa=Q>> zJBQnq$co|Z&5zC=SH7Q6=f0JsJB-90|XpF1k zya#;f9mb@>mQkSM}*P!1U&dth9>%`+@o>kRVx9fRQ!><0K#?BAh9@m*Gd zYXdATPV4%#kahY;gz;PQcNmGi3@d%R!JwxRDR~M0Y69r1xdO)^>~*BOXl+J|@lqRL=xdT@A>aYpsZ%?!RGwX70ckI{AHAuO`V71TAq0EMHMgw&L^6C*a2 z?`(qCiqjYD`yCkcdu<(B>tAQlb2ya#eYz~j*!!UVu5nc(dG&i^O!F|s5%=2svb~Qz zS6$3pn=bf0uVcT>b|^?Wq6k4ut?&I&f}@v9lZ60M#|3aMh^^`CY+vu{VlmsImiY~B z9uP8YxynU+PybKihG_b2RmeS9;yLfPlv|6aopPnX7c0(XU&HotL{3TObmm6Ix|bxy z=)T37&~FIXj@u-!a78DUeZtI~Ov93U$@9h%!M)~^XgBLn;)6l@bb)2de0wLBe_w^U zxGhig(rlHBSGhGKXlJvEsDDoa1j#dYD+`Xz<7vXX$7Xv^#ZRQ8fK%qxr%6Wy31E2% z&`3qo&CmJJC3AZYd$C$xjwQXnca}Hs#o&noEqsCJ4%J!p0(Jo|^9x2Ha2K!o`wrYk z&~_Vj;Xt&U^a}>P_H3NV<}Z^J$9p*xWThR@XFKqZw|rIF#}hqTCLFZ1xvNO-_4~=L z>*b)bMNpF@@rSO^OUd|W4UbuOLZE}b!GqpGC*(toWlJ(j9d z&}Dq}*xR>MC{$wn4m3JD*lx%WCcwL(o!07RXBptLRKo$7+wYCc1Bcl#NBVH7g6ohMhye{?FGPWQer>#(EpmTo~N>Ypx6$g|cv?kRBO~v*B)t7i|ErX!#dNDT| zi{p0v-6>)<`Vi5L3PLSS5BCasr540aFtdSz9qb08k#PeW&#H^2de?9hTaC#o$9L|y+ooa&^?5}Q@LtluW4kj# zfvvgzq1wCwhV!;6wJJef%6Z_!b*a5)*LS@i!2b%n)udK*Xbh@?IxB*TeukiO#JWU5 z^m)KD%-NGkwzn=j? z6)Voq2rt!i>0wW5-SIz+IZg8)s<0|cD}_JH(@7s-*M!3U<8@=Ij*HOyJVU1ZUAPT* zPp@O^^{QHAcCM8@O~B7Kz^<;#QX3G-E$!{9dz#@^WLI}m8~GvYtCff??1?V`P@A9k z@89ND0Nq8Z%XkR8ESXM%Ir)vh1A6`3gU!%^DVQf+IAlZq6VpZqH=3qtvWR14%JS~$ zprg|rwP9!$l=6m6dfCdqk>2vN`(a6l#&p9R-Sh}+cIh#clTpHb1FZ5s|)VMS7Naqk9y5;2{2Z@-1fVEdsX%0ppZqI^EguW_$NuE2SY9@ubR`)!nj{9~q zge$z|2@>QDZnr4YCEnt1W2K!!KwsCj(M0!?t6hE!mzhH;mwG~9-)S-gl_496LMzvT z;hD5DL_^xu=~eA^Re+k~co07VlA_(FQTE2@Qci|sq`Cpnv)76UEsby1T36lDbZ_6e zC&Im}QO5-{M}l&BILc0D1po?mv>!Jjj6AK42btXB_gYFnuaw<+*G@!eq6q}Befgu? zhp-V%Fzmr_Y>%JND~-`_7bysn!CoutUaKA48UnhLMY=S&KD-X?BmE07-adYa&uA-T?})N;2ojN?-oP;=DAFrG0Q;!@h>);x9>iSn;- z*E)y7RNojTgE>v~T8>Vh7YTS|sm_D@|C}xSgREiS+L`}-oS5~`0zhCJGdU88hjCTE@r%0#g>t%7PXv=!&;9AP_vyvf+qN3=!T8RTpIUK^> z7~g26nK?($Q~PHqAM$QS<=;+TQtN{(Y)q(VQ{_6Z#~05*58AdQSJn+g_#7Q_f>%B( z2gyjYuF2oyrvj&vLkKiwFJs|85$Ny*5OC}?-w1GIKcoLauCHCwp&i|NGJ|(TnhKrk z{cljUp!<*fwe4IA?&}w!&>5%Y)m$c{kelCgnCME;FK~P}dEg0&L=iR4IzN%AB?fQw zkM7UyuQ>Ud-|!Z;OEy;9d?T@u-ng+#?^K*p)O0$Vb{BV1jl=_&bb0-Z01hh3o*r&C!fGm}f9(&B~aTJ;LK zFYYAe4@;?tC-#SZAb8RMCQ5pXaFj*Cs@IK>Ol#~-`ny?3Nx$?R?GhShon1&3SpL%j z3914P`jkHiVj!3ZGWpxDP-3|c%vvjQP_dZlcp|k3AnGuwe(WV7lvINwnQ?47xVR9MW10cas)~kZ{H$}ZTgIc*OG*&Dr_?UK|5S(R7(kZpj4${kR4vT9B9pS4 zN3)2ShGau_x=?muL1r3o~sItGQoy_Sqh&J=HwsqWXxDh*b#-ZUm-!tt(I6oUb}FO0GN-!}9m=h%W&snV$PLk7p|)IZ&gYmAEZ|a) zOn03i$Pc%p^1jBUMH7 zMYeqN!csXt3Ul#gM`zTIFe5uzwx(0M0QY$`J@^d3Mq*=w9*k?p=^fOIv}iZPZr*<> zkBEOaC>O?hf3pVBn{sfWm}u%F3L=n9UTHSY`H860Xlea*Ym45HX#7c6rnV3Mrp%I3!K%3_Ot`@0WsDNRoblWkuNNx5#(8CIl}m1 z3{^%ibHR@nf8H>FsKfNk8q_O!@gB0tL)Dx6uEEiKumw+y96Hx%nfpYUbzz>EhF9U4 znWm58!or%SEcN#JJKAXZ5Hf@aenMR;eIlZV)(p9N16My5S&w6*n2b``KyhL;=dPvk z&j^+XBp7&rW!`jpYn8)50!{?$u#FK5&!huMFvb48*8tGcMkWmq^=OtCCdVgJyhAf7 zm9tugl;mo8aw5+98p@@zL`|QaF-3O!jH_(JRTLuabosvUm>lGO1>^LzDE=cOoVQy- z1ZZj~cfL%i?K59r3n4Y??s{K);W?L)oun0GCjYOjdn$PFLjY;0zhUGu4M+UC6S2xz zKZ{s+W)xkI@=HFeSJ9O@7TnACAo9Fv)XUKiy+Y}6pCdnoaP}-eg&kLLR_r2r+w~HM zvGAb*T@?MZ%rt+$<*grjOUW*W^Tbs8pnc%6M(#6d>rz2uXq*4CBgRbp-A_>id;CWw z+|_};I>L~Ar%ZzzpTHLYJF-wXDV<^@uRMT?FB`{{Q8mh3TzgDG$vxdpg6lQl`w?)X zKO%La)hSzR@r4)e_J^tkFCOw+5Lk6$jX1$M3%i|DZbz1GZ6F{YoNnj>23jg%Ja{eC z&x)v&bjhhtTKaW3AMIszwBU4;BUza7a8n%GhGc&OfUikwQH^a>sO0f>t8J3N=BEx4 z_TNh#i8Lr~6_7DG$Vh5KK(vk(P#t>QDUzAUUXPYLu^o#o#9s}b;CDF=p#c9V5Gpag zN#?|esc0N|_lHH{*}#gWo}Xav@$>J4kD2&yE0cr3q@mb~oXkZPBo7fo)ym>kb9OCh zQ}Q_$yJW|;ZrZ@VV29|5S_(FTt#u?nZECJRd|~UTF)w(Mt&O^}jpFO(6d3{DP`NVy zpcjym{yM4Tj8iIW3a~yxVVW z>?(QcxFu8@d4Z3WI5;fd!D~@u`I`2qrIwfS?(evaPi%QrjbSk=C_Db=$u$iJ=;3}A zhaKheg7-F}QKh&Qt`K;y=<53h)*zsN$QH%y#@fJ@Mth}+kDFn09><*;4OVf-NGNd6 zU%QW_s_!0X@Asg_EB`i4j{7o2omwmvZZ5xLteB5CX@8w6j_;(JJpcZU@PXb2Xtn(Z zc(?aFzUCn5>u3hKK&}HsmgzSwYv>zi50xFdR5!1&_TTIc9W;VE@C8%#FwoQq>mv2Q zpadxfWU=3LlOx<I;?Kr2%hloD zeA;ZV`H$9pfvwe1Q(cd{ooW)+aXBT+*=^mDtTiuIg>TMZX0^n0h{f0pyF3q;`YXR$ zHI`O}LwDAx!fr*<)IO6D5XVJVFbppq3GcNNy}#~-3O|F?--Uv_iH7h|Z8yjDrkBUQ z%ZAsE1NZK4pEL)&Zw;x07d{JB?q45lI9oGrBm%OFXe{FA9BVfUx zENEYEF4RaqtWwNm5aaZ$ynL&+ubx?B?0s`Ivo~9Rd=vY;fG0+NrL>B{`rj2ZzB;{^ zN2t_t*8ocT?~MkRN4Zbs zaZhzXmq&I_bx3F6B${QZKeKqNIqcsvqy2?Qpi{$u``wdZFNb1*9YajJvDqY|o<$9C zXY>r}aeYzdUDdZNsw0j-Q2v5nqUp!3Tu03GXq&&>gBBP1jVMr3k8SbxBnK$I8`=E!{2i+p~&h72d z(S}`BhMnAxs={hYBdSL(TTW=k;Yvj2p_tGT9OdX&@|m`bqJ_QuZxKx_JgiXTDY=NH zzuWM9uO25~${!T-g%Z0Zw>DI9W60n&iwgWL;&sT|zwCG7k>J5c$sTq{ZugO>rGbDh zDlr*bjMZluE6f$JoCkAY&=7f)pu_&q5FXs8P!SHbt8t!GaFWJGoyjI02TN9;WMhmH zz$8*z5u#a>wGK7Er}}*Vyr6&b`k{dysMNnvc~9-JLz8kY4n*DmB;v`%_p8`>!gP6q zWD461UO=L}Hyo>7U&5X&y+$PwZ`G_A_(YFitvXj9X(9vT`bPa%}0k*g0-yUOakD zQ-1a-^-dOiRUEvOYfvkg>e0UX92&+^2KOj62Y3)1zWCu+5;ZrHZ8?zajOZ#e`0UVB zX6CS+(s!~Dpnia+1^YkPQ(C9S)yF*vL;nBDy=fRK+zfA&UU=WleQ-VgEq1_!XnP)6 zH?}{W#erJ(Ww|dhF0eTc$z)BRSffc^L+tnQ$CPF9%+q5-kGn{ z##WmD3%HP*7w!+}QPKuj<0qI1ryI$Pe@&en+zqvL@@#?WzR zm-|zki?U;p9OFj;jiP*vn1YOgi%h(hzLZ84(MiZbyn+hW2M>d}b+AXU)hu*H_-x%0NkcB$mqT5pwfF(ug;%t=*t{e^e1 zc#KB=ayO`U9gj#}?$OcymWp$?OoY`Zk8A-RwFN#+f+W}_{NwBEo-OgNTY7HU33x`4* zp1H0@?f+Tf9GgUNln+c-y$?*Y@12P5 znMGz^#Q&=khfz>V7U$E*cPp#|_pZoRe;g>MP~~%1JR4;`Cy2Fa+%Emiz4lz@ zq;8gJR_U}-TVMh)_KfSt3L)?>Pl6rw6pA(?6tXkbs%hnh6ertQZG54^WR^&JX~a^>`&jCDyUjg+cv0khilFK(_wT}$F=3!I#eo6%yU^NoR!(}Mj&LkaDU zyw!Rqm_6M=hZCu-?+jarXbbNQeiqU+1;yrKWEhI_PX9r}XDpXI0hb&dX#TLGBa=yM zXf6A6NRjk8*Y>SCUm4o_ddUBL7=P{g^X|>z0~973OYr``TCE|oSl^^|pa+BoZ{3uZ z|Iun;>U4aSPJuhc%u#Otf23M6_5Z-opQlHat2g*5F0&J!r?gp0V?i?eqyZ{A?yn!1 zp`O#bqx=Mq&`u*=N zSJwHi+Jc6Onr>-cB#jz}GwUfD76!k&mz6n!Hkn!Qo(`ePP~y%#%t|$X$h9Bj-t325 zE1=vY9BAN|h)dgTWby9(wX?~NSn__26j@6n)ah86eu0D&=wf!i(+&6{%F#73RlI#> z6Ut%0OgzSxyZrZ*^{Ejw|)r$M7iKNuqLxTs=Ye!A!;cfqA-~IB&PVARJ=ZbI3-JDar#i?_W0^>9EM} z2J`3_72@a7h~dRc4PU6_0)XxwhYq)v1808?1!@nYM0|phD0rk@#!PYYrm*sa=@Wq0 zZq)9I&RtC(s%ciVM^6qtvC3wcfyJi9=JKK(0UEI<#T?TC$_hF>T`a7=;o^{qdKr{C zMu?c8LB09+Lbra^c2irCb<;6{`Nz}B$Jb)eAaLFk36-6+xa|;q?!9(S<%|}mTrQG! zaUoZ*9(F~o;A>SsNQ3R4Dt|*j#{WVaFblb?;`KL?{{{=;|eQNuLz&KADd$Xr_peb3qz5h_#E&O7eN569or`~!ivAVd(Q30EJwvLXYZDC zkf0gJdT2W&i-k(6KoO{@M=0MtuY{*i`Cl1dthq~N5w1l4FV27>8+;*gBQ=G>dPi|t z`z$fM*J4Ui7^LBvp96aFEZ4Mgb+S+6BvgIBITK%sZH=sAp-ba6H&&(#H>x|%k*J&(1`f znow$Ikw2Z`?JaVbDmeH z_T-U2z2@!RUtRbP*PTxI%pUdx#6EjZx$}#YoXB6@8WWt@>&}QS@9wo#J_NIS3dcT& zW?vxj4N^XOT0+WBJlq2YHs*}}*x z*T5#QpM6tA@BW^`8|TinYh4MTa>I_jWvjknUwSpb?iul?}7! z(vOZgX5(os4=%C_y(}TQ(Rc)g;{S4>qOg|8vSrtiXfmpdrz&)j`pl=y`=s;#l4Qzr zlVntxsYVOEYlHSA&o?)iE$e)!t2WQ@C{yAr0!qe!pnwk|6!aK~^Xwm%RLIIE@!3`i zLO!%S7xZJX9rzipN_Xpa-8I<%4d>oJ4e{Z!CB7783frNl@-ijl@|CNn7eF6{Y<3|) z6e}zR3tX`EWcc2Xw!R#Xq81Y>V6+89O+?4(7t9?_xne1sa8!t!<_oizzJ2x9%v&N` z?Ib`O9yxnC_?VA=H!-O8nhuNUBYwp#*Z^C4Cw_++C%w;i}S!=oC*`)8x zgN>e2)Z;WZLePO+CHWUU2OE|cGSb*=h9zt(GUkKwojz-(+G_agL4`DjMd^1g2nj;i za?U<}xhGJSt!G9?_44}Nzq7!ss)}Cx7dwaB-HVHdkGqq&@y_x2zXQFHY`leqL&NV1=QY@+w9lZ(3xd>vw>Fo(^g~pJNRPXy<%SH`TuKtCDfRohCd9 za(>uuL@y2$HHFC7v=}wa5OZl+HkAlis+6{$j4@`JLUI4Vp(0CXtGvm$9XhMr`kJ}s zpK(jAY1#ETK&s;5T$eU{=QxXY2Dk2Oxy7H8j*S{_CjSN(M=66=B7)WlC%=NVH|isWGWQ`)s!#7j8-*@D<32L=R-A3Zz@7X| z;kGk+TDl^~f936H;iWWJ$Z2k)=Pg#c6*jXo*R$$Bs7l4ea<#l+4SluS7t6Ex!LsKLX?SA^+>N$q^C zoWJ@}g?Tad0&Gev>M7UX|9~ZTP4p@l?aB?<51&q(tUeRX-=HgYePCLSH`}Zn*|Pn` zMmBuy96osb9^<9b1EupD^`00uSx$Vnth79*A$y+t{|_nYJ|c3BR^278T4KDE{i3e= zI9_$uZ2F*7IwY*|;Hom6N-`z+Hj`GP$g0}VtNO^nnfzGK`%>e1R-@^>*?YE@aSLk0 zUY1$4>`IgCO7p6?oczdXrF~o1^`X^3kS3kllrwF~vBo2nl5wyHRp+8&wyie<1@LVe zd@H9U9##ihkgbXD7Bi3X#d=H5gM1xaeM5(ZzUa2%i-j>GvwOtBUvCY)ymzN(;AmBS zeCk!nHME*se`^j*S6nZ9a;hJr=u{{U2xR?26+NLb9nB$vS0pgxf8`;x7eK05{8^yk zh`uaHb~DBLxD0~m2iUlGp8l!!dkbJ0>t{s^^_n=VXxHn3pxn6DUgcFh{`>*Ye7);w z`hr-81z`W`pvl!Z-`9j|6$Z}SCOkUhBLspB7Y8B{U|lum?8x)=zZUF7SVD4K-h^zQ zu-)kSi{Jy{`vnD#1TFXp<93PE<=Rb;CY|B^(@|cSD^F}^=TQf~r;A(L0^ak8_zpP& zEg&KI`y34e1;6~>pNr6HoQsF=V$7f07X%+@L7Wnl?#t89QUV{gYp-g-^QS+~A$k?D zg;XCAg7QukXD1*EQDGeotZ*78kf=jQ;0bT%S0%zIWR-7>CnYqZaH705$>sIx*CB&# zCPCNjx9zixNmgNXdu+Ho`V|OngqGtkym+f0_YhGYZH5+8Ug(Ipp;!~KK-dhx>2Io9 z+|nVD9s@=C+keIQph5m<4@DD+d_tHeNU+-uQk+xNW@F|9s{;f5uY0}$3`_=LzJ2S0 z{uJt(KG{r8*;!Um16Ovi-6dJ{P54A=FUSK(Z){igb2m@A{((de{Pzsiv*(chl<>e! z(1b6q%Oufy0^6Z#KRu^DUyr5l=bn5UZ+vEvpc40Ykr=Z61ro4T7kYm&zw1W9`WJN@ME^j zrHA0`3PJ-}MnZnh=SP#Jk?qb%v?`WRg5b?y#!N<}fog7xQUXPdmr{gr_<@QIU3pPs z-zwAT+7655NX0F0tx*0$tC!1L{)7NnD;8O3omDJ z`&#cK@SYUD#VJ3k8tBA57ec3tKm59|$n?$8DDkC8Ji~}O{5vfq` z=@&HRHORNZ_gFuY0~XlKv!Fo0Tl;+Ar|VnqFMXto=elu?$N{7{ic}smBgM0NQTH0E5{XViFOk%PhY~v`J0dVn<%rkt!EZC2rqy z1G%WU1LfPhOq>LvMy{K2@OZ94M8@!XbyDx?_Tci}-##9BwZ88v4*iLCmW}26b*{G) zidGieVk_7QurU5P=TV!j&Z@l`96c7d5iqE935Taw!I_wVc7FDx!!5WIGXBbhe@8O88mXH zN827qa67_RxhDg-7DjZSq%%`BF+cgla_MRi)L9~U6BFw&N@NxG9@~!4FE}$N04FQ7 zeUQ!x$Xo$s+wUDCNU|gu>l8cG9_7-Ycx`+?8xcxbQxQscE5kTyPBrDQv@jJgM!|RJ z>~QiQ;Xv24qChJ^w+FlL5m}q!2*kOhrI6&9nlZ><{4k6wjbx8P36toA;(jF#)*1VS zqbC~Cc%(3BBug;$SHQAN4pg-th*ZlFgWAG#Lm9Pig}*Tp>G)1+pz3zbOlZ7lkEeGG zFsD!m)9vy;TCPPRL1%?z!tf|<>Zudoz!l<4sv}o2FPSOND#G|?V);8OH73I)y!Zgf zO^sg3o6zHHR8XBBQv;mcg!{}hiVaHeL`R6SH_+T`WvDju*diUokr4RT^S6(;)7ul< z3kqXU@tFe_QLZ`&SW{qvQ64`H7a{8VuNsIjHr^8UiYq=|;G%UO|E!v*(|`|}AL{FRul5YeFmoz>VHhj8BkUQqNjQaIMXfrlKj;-b7?I0nls=du?-`9HIz*7h`20J@Mb77b{6J(#Adj&- z@{A%gAdk5}jl>+1OjOJy1ACOEn|HktpTXx!0k(xURpVr>+zVTiq5`_{ZlI%^DwI7| zxOyU^;x&%wDa!({hg){Qk^+74Me6kjzpBG;&KOH_C`v$dkuLl>A>$$`gOQ$Wk<+Lv zg)PXUK}9}#p_YdIDPZ}qL$|mEEOWgTFtirW35uW}_Rm!yK3*wa5^>{;cJ?4UzOM7J zPMw2+EEa*byMg4CYzoV$UIXSeFsc$^u%Vz^Mo`~*37}cyG*=J^CDM}(bw-yaeoY|1EGMTCQ7d4{v~o%RE<-rWk(Xk)I0vu&ea(XkfS zHj-OesRbY}kR!rHN&;^Lr`$cEfalXq4pb%+`Q6qrsCVzE`-kf1cz&-N zQ}{fVH33RBPuQSp8mlxZG1GoTv(i+d*9$_*T)yKyXxkVI=;WMf6^Mqfq|BkdwZ*YS z?nG*|U{zuzf0ct@sZl7|sEWKX?QZa36+m+tuClSqtSP|66fa!t96FK(V7i9&h+gHa zISgkJpiD+*c_6@WN5q)+G(}~WUk(JOmD;IVrEn?v z(BWHVAj6kO^eyoGm$w06IjQ^L>g|A^6cF>qOtxF{NBKl?l{oA)Ge0;GHQT*)_wP4t;{x-z+Ns)u2kDJTyEz?j!7B3|LlsyRVB@zV1 z-R!B>mND`)RmshAz#7meq~J9BR=-S1n^4JF!|cENcs<@nZz|Ko_;ABcr)UWnx~hTs$b{O=zs0942Kr z8BimwMq^;n{`Ir++}^)*NCskIlCeSW+wk+L-XqCO=WvnlP|vc(M*v8uOz8+Do)DMe z;u2T;Cg|ke&V&LSI;G10sHZ!{H7BzZS;InYsa+=((FhtU(h4$=G^ri_!*Li`4v$t$ zL_E&zn;7I^S;f-ulGUWCR&;=*y1+FMLsq6)V`v2kc^TJp+zmZ@OD(etQ6A52SmWx3APM*2J>+dkL^0u zzX}pGWUSGY>DXgclh@0EjGXnoOle88ff$^o03kFgvSdBs1A6CmtIZ-$B>E#VC&Pyu zT~*$0Z}QVQVrTHa0NoG@yCM)@NaCwsM9JS@H5i^=qG4)}6#{F8O35~Ze!b_Zg;R_MKcA#vx2HLtLbLHJ@!CSFfql}poL2Tms18zWvg zjWMPxY^%(PJ=){2$?5}6Bpjx{!2mCZCp*gnOkob}1Ofoft)Hy4e4N^%Tp+am&KO4F zohICz6K=Ib%6$})3xTpM5Qx<<%NhX$I3l$$5(66uGi|!rY4$<_{WGvs;5XF<`jYV2 ziQz>5z3^!yJtE+U<0D#rBKL@Ucg0${(UD~*oxxk5e12{RH@Ul!S%6DR09RQo^okz& z{rtofz90e=O&oK1G$O3|zZ^YbXif@>wj}mKYu>qq;<{9BOsVsTIOdg`=!Oz@LMq4? zT=2aJ9zS4o11cPa1@X)vHWLEqaD}cxSrxU^&C&uGgkV7HU(qM`>7E}i)4P}hE6ubC zpHmX-+qKyDOgb;{jAh(8s6Y;~4!lL+GFH?LlCF^^_PRh;KU7HqC66KPc3 zHho~zf*0B^s=vH;|`Xw7qT)q>a8?%oZZItXV=$Lk(VG^WPF0XW#=M@46+#((is+%mq}O0(&;lkN=D9wC4`yx7^i?v^&J741@%fl#)_>! z*w32QrB67}o=&*ceXXW<4<3(=qHv3znMFW$LWs0< z_d}~Ex}o6y+2LEF89}Vt;6O2pIiFolB}Q(*0c{LB$A96gobWgEXr>S9lj4|(mA2ef zPR?ynT&3ln9@!JD21X%aG1CK1y^&-JG7nl57M5V~P@D}6K>4jIvuJ@IbPS{e3HIe> zkkV6IpKLK+;E#2**nZOk!QVp4D^I}-3$#zDja2`(=bu6K(Ff)Os;kdjK#*?_+Fms> z)T-U2j08w3gn9}@AtuU z&`ZwGUcL2g>u5DT^i6wkjFu~W@IFUfnmEgW0daXGSEBk@-BeeB3lu@b<&}Xh1G@0% z-|1?hQi1{HcAx@oMZ|CCh_Tzh9%3j;9e(*lT}M8=^P3q3nYx2uo~YOmPQ>SV<}X zVnoI^g`|=+hnJfH-KgeS)PN!?8Eh$2Mn(IBjfI1S5nG0VM7@!_)BsNHarPV9TJgG& zc)z(n=HJH!3FB9TtGDaT;+y;Z9Pn`V-LX$g%WSPcMlp}ACx?BxOc7WZ^ZEb4BMryk zN5eo`epCp4a_@P+`*AEPS-vxc*gS#%aY{bNY~kT)XJ_l(ydqN>9B@f-6vkbK=WqI5 zZRQy$XfOnOw&LUAcJqAQba`$&DVZ4ziBXGnmxOr5c!5$`W-7;+#R_F{X4ch4KIx{rF)#zk;|GDsL;6e{ZpS$wlpn3T+yU; z5zp3=X@yxJ!;3}eMF10%A|MT#3H;iEMk`IL)Gw*cC>$mT(JeKa<#{N;A1Od`2iM9C zn(8VaOj-b9soVA#5eM1Di{_hRya=(i(GJwf%J4cmRQKvKH&lHnr>~L|bI9P~_1}Wx zz>&=6W*b#S&NmXdmbtoH(sz555aD?E1KpO=u0z=QdyT;fi5hiNd4?EaX63N7g1`|i z$+%>OvvfYAXY$}#?B4cw0M5-f+d$_dILB0olCN!X!=E3cRCZXjzqb&%sgV(k}pMh*86xv@_irao6$Hr06)-NkL z_%1R0&B#wWU$KUfR4t097{PO|JJ-AXW`;-{@tf5znCV_-AG-R+$&#yR&{+BA_^0)! z{hML0<~o{$c%^gbeg2V-&Enu?t9Mjkf)qyM6iP|jrL14iW;Q;RrpZ_G;sBq&wc>h#z z%1&!2>_uyyz+xK=X(1?*nt~|)OYT5JBO8_>jmrbSHpk$-{Ki+N_DN--2x195 zi~k~Dh5neUWeiz19rr5^z$wlgXz)ofLSd)ZV>1OyT+VQeH_%S!43UJ~p{kFI1PtA` z@(d(ulZZ=v2f@Xmk4B@3@|`u<>0ByTTtnR$4{*?oOL;-78s0G17L5>-t`{xO3c2v6p>T`x3QwsT!>Y!iDnVYM zJH(wRQ-v%E32RbDx?p%G-f2@B&s?(o2!KDx#CBe47oOfzq1Cd~lNAJ~f5KodHQdEX zb%U8FwD1ceLGL?;&`Tset*qu03Solo%B`WNrM+{doE)(zKFT}!W|XC05FhRR1h#mo z#bi`)-zZ6epi>bq-!||_ZFQ9h;qdefPxb*~*)Ls+G%MP#+LEd56#e>-lj`Og0aNv1 zZiF#!ug#i7KMcJjR|iDb=H01c$tqftWxnvhneksn2gM)d_}-$WUVi|3?@v1m)-7Ub}1R?>dQY{~G%kwg2mF`>fc!8y9~Gx*}bgxDE1j?*!7G)>x2)3zBF>K=71r%_#(!_WCnvy(MG z@8PTZ8EI>SZ|0?AyT$_#gp_TGw~2(F{bB=ODs*v3d@L^z>2m_;SRu^B5*vzP(L*@( z6KV8HyHkM6y?F5LsniU0P?_7ZRaC^))K{pNMCqI{-5x7nAJdnTIyLzc;&&uOoXAzd z78e(dm#Tw>T?a;kcqDZW@%?@@nDR>$T;Yg_`)t9Lx)C9%If<2e1e-_;sB8*BuaD1(461bYRwE{E|43Gy@gLM`pU|XMeYuvfF`1-Dyda6ZUku^H6aX5 zeUL(F{Fh2_X>H~}khC08@R!ucG>hcO@yoi5PN}DK%`y+t^;-HgMXa*rJ+*e+Fx~^3 z&1Q3yEG9G(SZ4EQoTiTB{mXsODwp4Cwclek)@+LZk_9Xx?QF+0jR8c zsntQI(M&ojL*!H)AH?yPi13o9Tv*sSAn_62 zUz{_j5F>f0qf*j|jrq0cCLe$cLnzL$Fj51Q+J^SHie@RPr0OHyiFJ|yJ~1q@X(9%s zce02-!IWZ>9G=&~!7r!3o#>xPVXPDuB<&%<9b(^0oWav?e?5NpF8`?{y%OUi;^96P zSt+%|v2+a}<~ACQw3?Hn%kKW+`{R=_bxGZhf(Tx#!If4a7;zPXavLb z+vBr??z_{2U-KX1AkEC(;JYTpo;Wm9xtfULGhy^n-`{|(Myn+SAJ@&&Y7(}1&6_wsx;XuCesJ`y~;9MrC+2^&fgusKfdgq zoSmN@EsFI@}1?2_N!RtI=*Z znjoJ9RleA2G&KtKv&Fim^}ifuDazNA9%c`II(wVewl7XFy#J5AckgZ+N%BPh=cmX^ zO|7LKl6u&ZUEJ+CN0ww4Z%HyolB>FJojP(7NRlXlNHh|V#Om4p?Du3u&&&kR*0OyF4Pv1ITC=7qc$_6oulj1jQ?}`I56+9!PuRa8a zw>A}u;idRm7jmt`xDcqwMf4*tHTpL(gH41FcRtL7uT?l4yPzi~w`_~XaSayeuNy1tV@ zU4UN2jeBsX!|&8&DWfc@I}aUyf6dTPZ;$$}S4@{;#onnU0{NFEGCi+$rlh^SwQ%tog}MlP&-{g(e@{t(1N zWIQXM^$9v_ea0u~?DmY$DkX|z!a*KUyw}F{c6gdh_yjY}H)aODJJIjhSvYP_ETsw0 z;)f(I=LBE|@{r8SWRd(T*v-ipw&IVcV+*W;4mzODBq%a4MuLh54p&0v0tDG4iLP$fGRIWNkp5S=Y{lPtszIHFZEgkJ52DljqAv#4*m?gHwH z(-ICk_SFTpr`}i11}E9H;HoUDNOQrq!961{1f4ygLf6fF`}S&QrQ7XsR6Z|=4vXjVsBeIC+sIJ386B{B#?cwg|cN=jKFq)!`73y?Ns zT~W^WnvTP7-;X2t~Bw>;%pBnmbfnB6|trB=vAXu~Q*sa)KCLO^-;0j@cJ0??w<%jI4; z-~2*?R$kR8`g(YDz%*aDI?QCDH-o_as5Uq^#GO$r;5QzzQWDSpMF?YpXURRRbRLtk z#dB-YCp<-rbUOK>tWFaZ$$L>W4mSwCxVZTU+DRyZ>ccE%qmzpr=V&hPxokkr&V;Y*A#d8hrY*K6Jr8xC z)ZAySLqH=a14j!YL+x?j7&y)GknO6a+MTN1Nj~k=S9xBDzPAC&DHEE?g69?c#5HYlvNO!G^x--8Ra0rYs;eL09{iJV&DbO-Ayy_w68UbKZ4klRf~xzfFBEd z3C{csTmtIx2A>WOULCx7^9kqr{DS8f{1F0;KDRDifaG3^xza)$-~>^own^F&_~0=T zl{e9sv0-tMW!4XQK^BOgmAo7r9qhk)g}fYR%Nj3FabXU=uv1WqkvwMR+|wfhJ8e2K z{eElH?Ld^r>W%S(JQ}|dh6>e1cNeIj!n?MYmmT#;L99Qsw6c?V0Ml2)cfChI( zwyU5^c1fAED<=7LSCidscGBKpZ|~qxchZ9Ar^}2llIS}5Rb1)aWp#g{XN{aPKARO{ z=2E2?vv4NMWJ)nS3Yq?ar%7!67Z6D_6Frv7haOvq7&0W%K@2wn{iY17U ztB*(B(Q^W*PZkhqYm;tbeoU|~DM={1kVGaE5}JS#-k-A z3SQfVkQDUo_+1}&jhpe+hd=!pQ>ViDUWhb-1nbh-kq{Zz1~}U&D&6Y_T7Y zuP#TI?}y-!gsJ9uA^x8Z7-HY%Q?$aaUd)bn1!H-h3l6KQYk`^I3J0^X3y!M3shUmDw43rOi{^D~v_WT! zT}VP*5RW!?Zwk0rHYwv`k(4&HUryOX=y^H5>TEq3wz!*DX}Wu`w}0@mqZxiDi|?z6 z7~|TZUhoZMe(*{&VV2(7CQ0U8QId=lneHY5v8705=pj(|`zCqchNSf~3^V zJkUc^TPfL0vMNKByO9{JYe4-Zbo-ah3<0@?ay|5jxb2|s)qssLfnf-~!1^HJn1AyJ z)sM2o{G6sd%S38^&M-Mr|6Y(2Dc~>^C3@BwE-qwvoE`%k#%c(5Q+1@tW1tc^S=7Y7H2me07NmSQ?-z0z50|#HljSL3lau zD$0|k>zQzsC@Ulw#u^>cRq=+!H$jhZCp@5hyXYZ0!3|%USS_pcU3{p9>Ex5i*a>&|ZvQ@QhtfZ3h z9h6A$eCkWEmtfLsOt|6XeNqDwoC>5L(%rdwD+9M}Er-x?u_i^UQS@m+6v)eLN`W%L z#N4nJI#X7Xr<7+y26)q&`XtF*7gMN;Pub53jG``&@tkl+7CV~}KdRodQ%y*mbMin!-t zTfxSSI!%lRfc#!Do`8BMcLpJzp|uZePCDKANq1>%&rNNX4A6kkQ^&{?ONMfuNUv)h zH=bTPP_Aprde^$};@!$czPoAjYn4B-H#kE9jcPknda~(iPLtxI9*5VyiCmNRUJ;g$ z3Ewd)KRAB`T1#S;f>be4OoL-Q zVb-#SKGz6#f@9!pO_5yWRT<_)w)J+lFs(TU@d1N(agDxcY1j(_KnYJpLPUXEx9fZG z>ChM0DrZ%OC#Q9_u*Or^_;2L9|2(}!;Q;(Fys9twV@tPsQhwc`(^!(C(A{l|or=5= zk#S#}@_Px_7%tI8QUN19|C7s-4)i>Fy*$@Zcu<~oRai&jcO~i z0bBgHs7NIJlP)73$ss;lJ;}&X!e*ZLp$q}(Gns;Mn$)?a(^og9`QbuO^CH$a{Trm~ z4aE&lQb15;b1CnrshCm`bSM;rWIc$jkAWvpWb&BBUCGEe zrmxwyc#K4D6YHYlUS?v)rp}Uj+q7c@T!1hEfdnYwZaFzr-}#i69vp9dlT=1`ji$O! z-!9Ey_u!%jwGhmh*G#?R80)&>2*$LuQe#)I`L4-VO<|f2ypM*#ie;LG_Hpn>s-67} zMoKq9ZyYV7HOlC=`5=o}!D#VpNe7vtj&{mGURyMz(hWw>GrfTA31Ux;3WC74!qL+I z51&K*D<`Br&z?J2`sUNxZ%$Ed?moEv8m)?T=EBp{1R)37W*aTDq#pTMPur7_(I@s(4Jafpo6C$(u9O8Y?qHw^tsYI3Ko%3E zQ^5;f+yy{WM9@b`%Y0y1q?BDvPu%y708v117_ z?1b!5lfKMnwt$ulp-k%=*trZ4AsSV|N@ze5CrjG>$zz~RXxrG6(F(8_gMWQ`{TsP5 zwl=lq)o3)JzlB%hpot(zjCMLn26LT!NYiFy0{Oa8Ipar~ilSx_2sdHp=ZZj%MnL3> zJ%}`2J8tFbI>|q_^rhUV7)#d@L_Y$T#1xIlwjiKHDadh571sGZt?^NFsxroc##Iah zz2Y8=MVz>7yjldG6+Ej_UKl=m%otmyQp*~!3wt;*q&PJk80`lsV&I|Y3*&Y{1oij2M7dxLL9QNX1)7RCsmB?E9wu`ZBF#^w+cfKv_l{0?lgp|QdE@D}oM zssC>&BZ`U9GTO)tD)FNR-j(K7pP0979DZ7l5z$L9FC8o^ijPJaVAlaq855EE93wW) z-}>l4CSKaj1UT~nvW`)pjWXs>UD#mglLLxBgLoG2>J!VN2jv7=MRr!x52U_7*K^!@ z(UX(`T7(9lV`5~;etJO#2NO~9K@dUpqQ~sp#tR588_cAffkJxm;^)TVYiy6;zk=L& z%X*;a$)HTtPd^Xv6M*R@F`X9pwS7UG{F=(XPCdh~d1&dy_O%W!Z?UdCsSL8WnIiR} zSa_r)0GLIu47!}=s4LzA6lN|b#PIoBZ)Fn{rh)1*o(3zx%GOhAV%64~06_F1a2WO^x_- zP)=L0H!bF7uqZ)Ksu}U3EO0JUV1z#t&6uIah9YE-$D_Jr?JET+ZWdB#B$)%*|7|4f zf2c#oYx+h9jo(%Oa)(VLwr|SQbi$)M76o~!luRpYma~TO$MTkt>d>#bv!#!vDupQk z$aQeDhzan9Le=V)Om_a76#`AaU@*kwu&A=jMUgHC>{$1o&yjQ<<`*bbhn{<^57Wxbqx+oN=Xv*(}$a$)_Io$sSpita{`w5K<){{3s8L~a) z-S%63I=p=oR@#7;!%DXfFoS>HHTZ=aJo4S~RY05`-AF% zgS$TRceRiJK1AqPbm3sPq~15vrA0Kpd!sHfj3$H+|($}ADb)|}*-cu1Gl-}3Bogg8aX4Fo8=EL6tJ62`XO3$@C4 zSwenwpo6EjzKratZtdu9^&w0@ zjsbMf8lOM~g0*tWQ<+RDh64KcJCRcFUJKC{Aju!pE?@9pW!4vWm;%S})_)L_xs-Q$ zf?1*RAB-v7Tv|Lf(yb^wllyoMcqWIAG#5vhNKeZKklm|m}O*DG%~!4C&GXGBM~GF5I_~qg9sJk% z+lH`dORUu4n#fTqnobB3J?j@zmMl}Q^Ub0v^lUVZrrV49sKqLwR zixG_SY8uTiX7sEFpp2f%=-DIpXgcDJJ4nZYwRe&!||zaTeSEA+DMBSbk*2tQBXWR4Z?(YSm7qA@UY}grzMv! zRrss=>RxRb56 zyH50Jj5#@$yF_hwi*^(Gjqx-_d8N0+Ld-=5A?~3~m``L?)_4QeE&g-Z;ueCEhlw6C z?E#q_Zs9O@5W_(q*HxPKnB&VxwZ=wc%y?&y5bjPD(nGhV?1MgwGd286C5q+$#*l^M zHc+h+Fhqtmr$=uR@Kf??Kl^4C?&7?pAqe7`+9eA;= z#SyTO+pW(gshsRCc#`c3TqbR$`cV<@(w?jDHIXcYRJxv9>K1yb21~w3O}em#61K%b zk;gD7wZ6kKqAzOBiR~l20i8D2L?ZT!oB&IPlBZ>BC1uK!p32e*l%Xmrcphwh*656i z%>6wTe0?RLseo4o>%jpbtYfCIpLq$(`xFh?Ok}R#-QF%l$#0z$cALxiR?BU-UV?NK z!HbzFsj(RbJea>i;@{3!%RoHl8?6qtRM|+#Ap|`Y%@UGsK`_Y^irP?hEA#fSd11hwo zl2}B%0LVI5J>FmJ&*8cSlVaZ!!CU(ky|(Ugri18gHd1SHF%-d9_ zWY@)=mT*Ecdp!*z9Pkq|#nup%=w#AG8mQKVhYTyR$hO~~-RyX|uie%f$PMObWRwovF@R5+fZ*;; z$PfNiMf#t*{;;?$)FvL-M8NH0LC9es8X&t)GSF3apD3)E9vCjePaN-!jlJ2^mBM^C zvd6?=Ht4aOEA=1?@}`<_l|+adPRf?Q*8nI{jIycx2Oj|9vNiy1ykkU^x7Aa;EXtJN z3{OSqf+!z`_KCiJSrxjMHHSx~h%qi|$UebGm~#44EVAV%*df3aP7(d+MJvmBfSO+> z3(+IcgiIKxP+H*wkKx*gw~h6>(QX@WH{vZFWd5)>T3&#hU+_qvr|7y8VBKF);6&dm z`{di?%6O$eYrZ{mradv&sDB2~8Tw1x?4E02FKCLRO!En>78^`IJ$r_3#+f(&dNU6? zV#TaEuFAPAD52kqG7wtWUs3WObAIV2|FIje+-qruql%M-rq&&w-ti|+_wRL?7YZC9 z?!@vpI8ka`;2+NufPVW2Jy3w>0WukWVHgjMB*&S)3mJVVVSCgRW>!KpdZyAx-0Tit z9lUzgHPDN^pbT$%jEIJo@RvQtl@H=dS$MZRi4!X#SY8n3HEF=_gf}+XBh_gd@gt$l z6D0xz$qO;1Jj|5$iH*khM@$w0kO^i8!%d~AUB8jUD8E0ddEgLQJHUiet*H4#jd+#a zW%41Tyw)sZnb{n(7-WQ+Lhq7| z$q?{^TEvIlFzX?R7K{-3%(px`%PB=qRHY0~h2yG}eQUY&zjepKkC> zRLINHx%cg1Fg3_qz*;$N1%>cj8nz2D<3*h6jRZ}FNuhUz!~o3lQtY@M0xVL3$~HX% zFo!sdU05eslJ*eNDgz5+RR9+GFLGip59Iaf2#?Uus%KEJguV;()m)bFo#zo2bi7%7 zwsE|)B!hI|!9d$0z7cVe#2Mt-CyOZp(#0IG?F3{MoXV;w=WHRfa!z24%dF&&0MBTN zZel;TS(A4?SM*)oi~V2ZMD1=FXOBMCK*Y_{A?xn3J+{yOu=|Srf#RZc-9M4^{Ih+c zdxvr!kCduJaV4g{P&~sl+y2xZB+@Hzmt^tKrY`~#-dhUw<^3dl(+}1X!?!qdK&Q0I zTgH9kPxnRxNI6P1O}G+Aub9XpsW*c0*@bnbC9x&kmVNgg2=*&5N%Nh+eFuvTJqA1@ z!kw1FLzBYUV_9%^dU=hSUT4ShD?(_s@`Zvu+D>7kBL<&^(+tCxy-T`R!D#FWy`Npj zC_gqtj9WyZ54)y76C8yOvVexp+-o4sQ=6LC(Yumq$~;RmQp{znYKJ-Sk8;<7=b&vg zz>mNcv16s!Y#n#rH?*P^wKy))##H`l+zua+HxPS&*=5FdB4^}%DZVif!ytLX?&S{ z?Cx-p`OX=TY)b*eWh*hhnA|p+%MRIKVIL72i@Clrw-a{ zeuQ98yT2kBwfRIZ$B&ufWum44J3C~j@=}&Yw(w_%jD>-(YI>Yexi4}rLuwF|kjYr= zZh;FMjR;hrAJm5^tVOCJ189Oe=bz^=_r+~my)17n@06)?4gF`@n~oMk07cY-KYq--{HKJTV*I)ECG1mJW(ZDTpUh<_$&SM}0no|2Q$?-%{Tlp0UL>;6#}0x^dhxQ24c8O}45k(|1J5N&6bl2>JS%u4ST2f0 z#vWZ1v)F0vZ1lc-uRk2acjTcQav#iNl#G}@0!lGMe(~8gJu>qWVNJ9UmSi)GuQVc$ z|I8g;>w0k2_T#zkwma``^u6=pUE{^u)*E`m2E;BHSWFsd*6TGrKf%YQom2H5?>N@C&Nc}9+`m=pm{ zl_YcLqaSupa~7#+nss;g&nDWS3_tn9x!vHH~jS?FB7dMbp1t-wcx8ZPtr;thY zsXH+0djKu5SGQ@i)K-u$20*Bj~|>Kcf4Jvd1kdX}_I z4I<%D*iOU{wSmx3W#i&-YI|xDByc<)?Kty$tEAD!n2AbLzCom>Z}&MQyfbCk@-6=F zz&wK4hBKMSr6M`Rrf-Ou63)2pb_wy!Iwx;=V@UX{i#!#8ZpRBq{mYg6q^9{T z1dFPo!0cdiUc|U2OUXRie;D`+(#2T#WmZJTx1|q$^Lp>wtvFFprBoub+hYIa>;2c? z9vr?p@~5#Z*!%C#*eNf0p7Knv9}dtE=p`${6@+X-;$%u1tnQ;h-A0LjP?n_9Dp}Dm z|3EoSC=tJ`%9e3JTj|^cIGXTf7bTPn@)I-;pxa_F8?f%nJ=LYHB2IW}6G{EetNSgF z?&NgptQtVKES4?XP&*?@2DxCh&@tsns-^B`{XnvnfeZdf_X?l@kwt!5q6q}>kPxFN zeu9!zW13?{iFPq%4Jg;~?A*>pVUpbK5L5emd&H8ah0#IhBD>&^AzMEhNhTLXpJ)(w z`a@#NgkMb|o`$0_S8rqmK~~<2!kB&`7Z!qLm`q{%c*VH*ZRux|Gl}^Cg$SVS0g&Fb zp}TMU)ivT&SJ~RbV^2Uc$KTx>7hMiJ0PF{i3;BPy&x31(!=pFB9SavNQ`3ZGUWO)s z3PY$|qwd=El^n4nJ8HfD)+nm-V1=2kMK-@w{jz@t9-sNXe#27JKCCGsm0E z{v`4O80w(eN{B0N8FD6nc*q5Dq6!-;O$K2s>Mwap0_K6*7#yLT@ZXu7d?vy z(L##W`kQZGB0G6r$Y~ot@Zw2^8Y)1?5fUJld@sQkdfa&F!6`hKs@#C))6G2EI|3a` zl?;Q!5A*^KyTQAKd>pL?oz)^i%u|^Knh82g;dYb|&L>_Typ&c!4d8Cjvw0&d6kRNG zk;Nj565q9DR8jy0<*Me^TaBlM;PDc!9F*(Eb0#XBGf`>|sHLpfFO}E1fNkR#!(G|J z;MDZ7mehU1!Lg+0H}T`h6D(ty2`KgnJXfoHR`6J$pY}tOn8TFQ(hd1>e4-~LlF?Z8 z`&II(eHI#(PFjz3pgd~2Ri20GM*v-SgW4lQOX?1F?|xgLKWb9?dIPT-OrLU}#Da0s zD^fUgmD!AuO|^##Z)plukHHQO0!1Nz0YtE2@Ytpm!CXCiulDw8?}L=c?s1<$z3R`I z^{${bRV9678c-utOYx)>iw1oLb-*=K-%q2WY$?DXo@_|HvZ9bj#c3+mP-!njR3iQa zD}fE2O1qt-=2FnFlCS7bu(?LfA~Ly~RLc&yndYqKa`;7xGrR=qkwPWQKcE&39*|NX z=xsNmMrGjnaMZjw+Wa_Hd2)Ol-M&3O`Tp$kG<4^14js*c4c`tQ(WY5Ez_wv4@NL*e z9vmw>qi%*6*o#7FiLge^m4+9O=o;g3oB4PXl7T^Jl}TuGLcV2at!;?0G`SaNY>xF0PA{WRPb}(KvTzcw`LZ(_q^uxd#lktCV5j=K@{|{bWcyA29?L^vX9KE_o zu=UeIFM*Z2ih2F@wv~5RA1-e;+E;AJ4L25B{#t`DtWLheJ6HZ%Ej4Ykdr# z>El!-&v0<6k}vmeBEc0E0H5vJRHO2{U(>&sUsIbaZG~$##I<8iS--IZDiQkK`}BA3 z)6E>{Xu>?@J?HkWnlBqAqWSHe*{*8>PkncFhmGA`S2%omE?fJ1d;9)V^4RhoPlIP| z9r8SntS9q;x_0=P8rQ*XZRX_lar6)B;dSU+y~R{tv_Ol)s>0-Ew)tIMuS0TcBOqCm zWC>~!)3MQvD?qdASq4#pP;w!dswRB{#ta&mf+wK1{j~e3kz5n8 z$U!C6W8!hZKA8-e{RPi=KamziiH}7(WZm8N_2uPVuTLj>wbm%P+MpF~IX2fhrYy~7 zN%pw1aG9z;k6=^qaSozjv%qI_=?Sci^%($o^~t;#cttdgakbypKe%4Fe*kjy6MHxFW= zO7g(=p5BWhP9h`Sf*I*N(bw&O_KUxEsbF{bQ}^`h!+3ml+U<4EuC6{@b$|Z9FQ{xR zvSs_{$j)spV@<*H{Mq$Br?MWWYd@fAK)Dpnu(YoKt(IaWhZe%yz>JBEqmo!oX<#YC z9?c~3)>u2RNHn}cdPxVJx*o)x&;iyLlX+T#zYaPmS-YfbhW)yRzL^I; zy5M<`uS+l9RL&@$Z=KDXqJm8yjA_PnR+#$+WoDpMzzdT%l2*w>0!SGa_5mSROi~La z(y2{DOCiXZy`T($kg$#u!+Qhc2-rMpA9Hd^JWaj(dfO6X zaEe4}6$?x~p=vM1RlnRlOD=br0XRqpK_1o%dEnyH-a5~{_n9^Jlvkn>&o zwnjQ^C9Thab%E&in0W?(oO}U~yrmhI^7_6}b5 z_xJjH-`*U&93Fl_e3N2AxL!E7kpE zxj2DBULX(NdC2t#b_+JjOG3k{QiNewcS+7NQBE<9jPq@F*;Hf(!fGz#&X!H*w@E5L zms7`VgGolYa64NzO9szka4uxukFPLKFT0S1koThKp)(=X;?UfT1<vQO2BoqZP<&nu5A~xTjC_6oME{{q`g4hgJ345m!AT=2`>F4*&8Ke%{U#| zf_R_3f{g6l{X_5uGhTF_D-B>`LB?W$C@=IhL=`Dyp@V-XS)AM_am7-Zu7 zMjA_*YHDK{YkDNLbociL@Zatm+5l?RF1WfwDfWwM)!Qy61~_;XRCDxITX$4z-8A0Y z8xD8(_g>Xncl0$|cjQ{Pf3WA*!}J7F7Qu()h$Lf+DlHS3UO?5$p{)xdtU1oAv5ZG! zT~Tw8kb?p-LPX*oa`wft>`lH4BktGGVdf@yOook5eTXV!csdK`HM<#wHbD zEJu{h!4wbn{ewNcd>g{Y;}N8ve5)Bkp8wX)@?R=ZBtk*9PX%$FYgs2EVFOxNC#DNA zP0|#I^=RjDDUzJpFrf%G`l`x}^S#%hYuo>7u%ZM0b9@aRmbTqIPx_jjKD5m{Nc@~; z`lNX%5}5RMMcKS;WHmGOH>2XhzKeK@i^w#vPZYy*FsR&3S$C}Mv zr+Y!q8OVF<=z30sfP08vq2vIkk8zgtU9k1JZVq%3GV1l#5jQ(5dBxd|dkZGqf~DlhDtp*x6!$ z#%Ga&c_B!p-D6#tj-Uo0OLCWOyQ#j@W8It=Wx~_ObA4rv%J8w?jGuRJaXNSSCp4-* zEri(ZZ0QF8>U`xV2_crLV=!;!ug0?j;@|xMg4NxndA+fI{fdw(E%NCLx=sxD_YMw^ zURZ04K2SPaerReI;|27^Ps8EQEya&qVO{52o0iQ)klA40wgzLq`d{BBS*)*%cwJ8q zE=4k%pC&5Oa!Dgs`uPFNbb*O15Uds80ZD6zazZmw1PFW}zcN?yg|hrwntG>B0kKLC zx1RSjb1}09JhAG9mwT!kCOkFCI1KbFroSI_($~=XwjBB(ORy_}iUBq@U+Bl?sc|c_ z`}d7B3M+k&CruFIVL_Hk3pnNyT03=$&{F{q>n&@xL0w5IXCKUBO2L$}loejQv?Qb7 z&p;=Fg$7K_hQVk07b6|#ko}@$7PMATZzho=HD#zoXQ||ICzZ2n_<1h*N-1Q)XQ{Xc zuL*E?D%qT?d6LaK_{JANU{zjIwmjI*^}n}mP7`*qW7m_7l!lR!Q-*#KE?P@uB}98} zIkH15P-q^m1-W`VK;`~}o^>@(b|pL`v0+}*F+_&7ep?t>mHG@sJ<>+8RPcKfUI79J zjJr{!sX+%<1l{sU=53jbt<@ZTMm0yzsfG@C(#Dt*L{=pQvp%nOSM!x7aSc@4vJ+GK zQ0>VxlZh`I*=laR6Udiw3?{msdEWz9#= zsrl$RH6PV#7GN8G&r9*Z>l>pMZEdPYhguZk00&cvde}wTn^OagiY*Fs8E zh*Fp_?y+R*nTEX1LnE9fh1;)hA*$yor`{(aFg6l!OT&Al8Uu88@UD%5D;G3~QWEoM z4%>)zDzkBDvS5>CXUpgXQHZWe*+*W%HM38orYWBdKtFW}>|7x?sOk8;*?aW+?EQWA z{+(y<(Yo179xEo*HYKtgbQTUR#J}XZ*zV>hPwHIFoFv*ynjd5v+Iva&iAPJt|LUvPjDL!rXf@@+U$- zA)jZjtX@uZ-J%;-N``j;z$thZ%Y_~|ywO1!`}L6CTOJnrK0wu@iB?mBr*c|n0<0Ed zAxnGVL!l2URv9mQELKI2&6krRLGIAztlzn2N0BhT+OBE?uw>u5;nVvHc$?lQoc-x^ z41|tzh@J5gr=xXd=mH?NV+n&)DWN~x>6vx1{ioA0dpmvygz`ep3U0g&Xc6kEU)j70 z-i8nt$-O9EC?QXk3W3qRX@}38^IM$LknOZ4vc7ZQK#-^whxFTR{cCx3|}OdGPw^b=Ok5_ApVwW(%H~ zc;Am`OPC~?Q9c?@VUB3>`rWvYB?=@iL>906Imp|VFUxU~-@^8GTL=)G;#-{T$rM5> z=IB)|^0`=O`5zBkETLE|N;~uQs-Wt14OiIIfC=h%v=M>n&4%F^gHdbe+1^Lv%ZdK7 zoisVYkm%4_5nVa_18OuLuuCCGpgOBpMeBzqKpQh5F;5~!729zYCxr9k%gQ&#q+@f~ zRwYZaQhJ*Y7(0bg)e%&#^-KiA1ugj=azWxQx2h&E?br(<`RSufjaww#xr`eDSO_8P zOR2vIe2 zFJ=Vst5pC8Mi@71Cwh%iY z_lukWTZWdNPfrmu-`Eg3azB3pd9n?45>K+Pf;hPW+GHEjB;jpr3IW;Z3?E^#V?0jL z%GXTV)MvN13sLf0=QnW+K^rm_w?RrM%wkL3tY6zVh3`%AZ-3qQ2J`udmW}4LqFK6; zLYV`z6T`^?aY`WRf{F#sKfH*vteM^WeO${F8ezS!poX%jRH@#o)?nhbDpC*Ka(PwIzMSXn$ z_mf=t&(cYM!E@EuGH(Cwjp|#86A#+=1)uVavzV*-MDikTIp}q}u#}eKk_DW$-Up~v zp;H-FA#@&eXk9?_PCX*JtJh;6LWtFFSqOnA96g{yTcnlkPi4_}Rd?J!ThI9vHzOi) zYfE>Szpehwl>9++toM4o&o&@z>d`c+OeCpFjN45IeuC#o9o@QaZcj2c<@b^d*!OZd za9<3ZAigr+^rocrVA-2Cww2D0S(S3gY^!BBP|Iq85_jN5&PxzLv6a;OEYZKvu?_tT z!laVesamAM@+1B5O3cLLkaa195lGwu2@s-Phtf(o19gqY#4?hpi7jO(8gSFQx4V|NDKfPvKdu3H;eu^ zG5h9b@QwKSr*F!ifBGi<`KNEPpV?2}%!c1={mj0(_fGRMFXyQ7Gn+ZJQCF+iIoNl2 zwj2Z*dUs=SzpKhvRus63K%rfC31; zDpIt8sTICIHMSkFL3&83ARdD%A{VFvvA7$S-J?Cdx^z7>9t|ds_B@4wX0avjs|V~? z2lcA~`cXdDv&$bo1Q}mz`CjpT2;jFCb&rMUegT;P*RPK0XO%q;!Ok|&%h}>VHe)Y@ z+rnd6@Dux)!SksT7PbE4#jIMGaCx9{T+BB9dL`yx9q+H5kUraClUP_>KKSrEdhVg} z(WYXclC@B<$jZLnu&fpvs1TNfF0s4F%H5!Zsc^_vzq^6x=~GY+OPg(j*-UT2nPn<1 zWX@+~YSP@_NIMj(oA03;wjmp?`{*L~}%c&18q41vlp>TaTeNN|d`>Kt0K3ecrcEJM92etKg?v!Kdob zQ}!6K=+(4r$!POT0PA-6>a~DS4cNn=mp4E@^vmzG$&IXrtVK9k&DmtqzO*E0^a-tL ziKEk5g`HSa>#X}a#7y+g6dR#UPOtyV9#zkqhJn>@7yTvswx|1UXW#9#A%JcL=$~5# zwDXlk{@n5qJ72v|Y^bM?_qo-;`t-j#+&@4J-Fo!Yx`3TV{1p2wBdAu#P;C|xRF9%+ ziKA)-kbXui)yin9%{XkK*Nj?f$C!RjRMo1us?C^eqt_B!wE`{=YWS$oXkJv5|4O1) zwwbpMP|xeTt6E_uQgKf~gUNl8ikUF!mgr|w%X@u>?s6tx%bZJ}{O#$J6K3E`CEz0) zUxFJv?4d*ULhU)ArYl0f0QOWK-Ih!xStQtlU~_&i!0F>&#H2$vYF+cN zP0HF`?)2%B>MDDlv|Uu0hj9j~iX!Pt&D{O|;NW1e$7JEk$MoWGuotvu>gGw$@n(#f zG;O^v`i4*c(cAGmcXs=zwEi3c`?A5MC4EhNoR!IO@Q_(7#M7!sve~r-F&)h^X&;|G ziU@+`oPIxmn+*?TEzSp;d{Bnfky}xGE2DYSM!?wJ8`bA|J`CDqTMg(gHdMN;=}oBE zH9)bBW*sILB^Zb7syB!>pxECCCe{au?dVRos5A@=1j^pcFy+UcSaz+*;mUT;{!;Pu zzwi@R;GVRT@W1Xcf*TE4_fi@h;Qtzf1D5yTQsR^l+xvqf07csIbVO?rZ0keSf?;b_ z`jF?8EcyD|le#dEI*_Z4JD-%*edi*%8)phYhw0t!7X0YrV_kEHu{cvk_wcut3tpgU z^lWri>8QWBl%*ikja+!1QdVz6&dk25oVE5>iz0Y^PQ_pmu~r>$dlJN_&DQ_Z4AvlXs8o_(tO?YBp-YQg)Ja?!`=9u8r~CT@NMC$Rhd!RuX$Ufrd9f4f^& zi_}N57;a+7cDCB0V{7Oa`-A;Mh|6)}AU!@BbdahRR7OOz4QIeAQ~pxPk`vs0a2lJe zY7~uQgL=)E{|O(q8bGlZaH7t6;Uxe%yd%lz5A49{F%{cBamgC#DuTV8C8gPNbI`AK z_xJ9a(0gGm`-c_~@F9ss*Brec=o{4V0e<>%jrbwVf=e=-$1(!tyK#`{Y&HHmTM7-C zR%8x*5l=B%Ltm~<6LH=H(3pQkjZ(ogf_(glsV%`wqYti9quJA;n8k1zlqoLB>QQ(V!@ESeWGOMY#DCc(x|XrmaqA&RLi7VPA5%-)|2 zI?8?f{Tp=&PMkh%Cx_jfUpK*cEeyz@LsrkQsa5=7faB|MFp~;4BdORz_Ghv{N~pLOMM;72g$Kgt zIDieVmVq?lp5%=BCZ3v>5A-b^VQmNlEOx1GO@k*(vzJ-GKUt5Fv@vIZU@GoK0r(3m zr|`x~T_?a_&=Y77FrbCRZX zZkLEgY@^jfkohftb%k^iMFH)`zt1QFd9@ zXYWUs?Bwj~X7p}!a(r_JPi>jOU=Wr+yF6W8`s-1o*bYD_(F2?pvXqfbjn+sX;`Sv3 zr9x-x%^~j3WkhcQo2+qI;^7Dw9{L~mk10gc>woKAV=5j{SAzSN%#`rFlOa9}Ar@f7tdMDLKqfR>GuJJ| zFCr?tC}(P!3ZgSmC$Gqsu&2dPmdXcF*f$SCui11$@CV(vka>4i-}f0-!?vj}cJQhG zs6*^sN)n;2s7XWms1?qziN?S#Za#*fyNE+T;a~dopmTBa(RHT@{=}`BGS{JeY2kuS zu1*IXaxgOwPp(ewhV>xQ^!rRcWOPAHglY@nqn%%u?jyi)V#~MrIf^oh>vZ%pob%=o zB_Vrd+@HC)mr-nWbYJ2`c5`xi`(b=`b$s*TYMnD#P%d;TYw;NiO0V@DV;kgxeTF{V z@0ND8xaWrH`>VBe>*sozwGw-#v(y?IoBB?*8e>}N{%)Ijo^586q?9XW63PLW2c%HKFq<@0Ti8~c)l4cow(Ecjp}Z?YA68dvqK`Xc|bC#XKp z-Rucsb?>t$^7XFF)(adwk*oJBX6juPN%=Lh^nT?Wy(=>GBD-InpSLy5=xWL0U(l)W zi&t`68hX}r7F*lzO-JId;pKZ>6*Dih*6O)1nxbf$C^ivu0MibDE)XW$Wm_`%5lZ@) zYX}r14XTzwOCeWFh;0eIh^;y2FI7??yxZyJHTHdnIxqtqJ8*6xqgq`=ro^o*matq` z9ciH3!J?;7a%hb>p}yB3zd(;TXrgW7q-E5oh^s;Xqkq)>u`}=hJZ-F?SuZEw9bdjb z>tCD=4_?0hwhk#l*NdC;>)q??b8H30q}=O?SxR7Nz_#H|Wa3woDS@hbT;L=oy-ycV z)pVLXwvO5L$9L~WfAa2!mlk=r5P)2xjMuKYTGwX|Mvap=Yd#vXgXdj2H@u~-BbvXYd>YM#m_09fgsc-fV-aKD@^M#t5z=zwW^_cNuqK7k*DS>qRT7dT_ zE`3V(Z~-~7+Q|7{p6wL%t2NZF?~)w6|A2%ld08oPqO5YpOLz02SW`_?-6i?S<@g#( zU*q!={Z0KA9`I^&WwkSEUI)zXhuoSRpaHqL;6*tR9FGh0_&f8|rTBcgXNXzI#Za}; z0A2Ki=G8mP=Gcn?xmEzi^(5;Mi~&81!?<795v_Obb|>O0XhtAs;TfAzG0g}Ui_wTN zxW5Oy81L&ZjzS5B{A&cF)CjJLMcEv?u|~52;Mlf1JUh7M*+C^Wu8L+r1pC53jam(@ zffr_Nt_N@PD18xvTjTit${22pg(z;VGkgt_TLa6j4b5$h*bS$b-UPr=(4^09b|Rcu zSEnabs(wygLHLJJw!u*dH))IkXgbkr(F7B{423AEwx z(C7jn9?PYIvGOMbeNzYo(8Ya`P`H(mOtz5Wi2%q&`?1qC)aYx9K62&B<;Zw8Q;HJb zg-!7Vgy`2B1R_!CH}G!(Y&fV!BAMZpkC6wzFF2Qyy?_yU;oLb3!IjL=aThrrsgL;! zFH7I*VbJ|CaBNYHD6hEguQIZKjAi^Ir1|s_gs%ihJdkEck0_=$D+F|!$qzSK+Qj0x zr@%LLyg#$i^*l7U9tfBa4U$YT;vT3|bt?YoWDEG;T_L&{gN`dX^d)1w{#Gf=iQ#VD6^ zRH;%fl3yMEns+o5NnWz;+{D*PrB{Q3<9Ekl(ZM+9g}8?D=3=Z%2Ty>BTuYU5H52Cj z=1kBR8!^$z3o%WT*}Nf18d19teJtSR$hU4lFvlore`mF5*`)RPBIf2UIyCy82TN?- zQ0SAd)Qz#YOWGFkQ^R1|eyBqBS3IQ+O@$h1yj!Ie37Kj(A8{_W=}Cx4r# zs0_d@&uVu0iJrw-Eh^M|1HBuS%r^*m`_BF2sp`7f6O1V&XflPpzXf+!{U)AOG#r8WSFD zXgZ~SB;*fl8(}bsn4MgXZHg|uDVRjgq~!L{N*4T1Fl9r*l_>DJxs{{qbRrbFZCm6m zphtllo{hnZ8w;+RX*kp@g?L|&xu#pD23OF_09F&|2c0c8@PUN~-&Ygy1LlZ=0ESF& zf$(LLu}_fF%p4k@Sj5v*^*UQDDRmn}7Gqfc8^zLOQt(1IjxtW+dj1Y_q9HC&p6DLs zGp@TAGg7+n8vrzcyb$0@3G2-(GEeS>nfJi*9dXG?e5@o^E&k6w}P z25*vzQR;V#w8hjs$r-nu>JkHOt>VXCUp+(`dp*W=0E(V6ABiZ~P&z90aI0s8^*uKt4^93J92jYU*ImT|KrP4o2Jj5w|es=SYh%|p0^ zEp~0QkrSL2F9cMec|Y9W9|XyOL`=-9p)T|pexn|2)+RDv>!@qi+RI=Uu9FN;JO<3V zZRT9Z2kqcPn^9OT2AK>-ai;uexjO0N@rd#y8#@Hd!K8+Os7K#y#N-1-gQzE{!PO!P zy5mM;e66V`XtzYF3KJxY3@HX?+LUsP$C$Qm)v{z3($77Ov zGG3qUzdji3zZo1H9u5xnf&rR53Djp=6Qv2{!*(!XJs%zpG0J>Izp9+WF*mUF-2e_X z0Fa^eVOxKMa?%duxnCqDB?gRWqa+wOHRpQz@~DtX*%>-uBa#Dj@t&6%A0U1fvJ~C* zOxmjmEezat?Gi0SEhLjxGk|-!?k-cWyFE}n_sHPZd4>3ihrMUFOK%rzA7rN-4%EX< z1#weFeE#wJ=IrX??E1S~ed?ZF{csil+B~5%_V$Kwi}#htff~8BLSL)=lwSF1%`#&K zG{|hb1Q|3*GF~k8+)1)1t>Oj_ZEL^wFg}}(a!d{hZbf_|@4}g?Ep#U} zcwcLBURFIqEHzBnIa9xDG76drjixk-_4V<5lm1@{}|J+}f$Pnr%L#CeOgb405o!?Xa4x z`TY;q`ZeA^ydMk{7jy^9Fw?4D&xI(9MBEDpGjCIA6IQr?4RJ>k%@0-L&62onLC|b= zi_cXMH@LEE*HKt$8*A@AW*rL&^O+_n9Lc0iGm9(ezS$=x9ZkB+evK}Jxk1|P~Z1fY+;s7PnsRN<82T?R z$VhJg`t11pe8c^5-4M2HlN2@(EG&JJgMWz!81B$|-SrZr;?UXTQpRFz@cD_Hg*679 z0U4f2IRZYRHo#;R?JZ00$K$KZ(dGN0uac8aBM>;!7+&-;7Cf3;;Syj-kltN25tyAi z#OYTKN+uk~Ob@c7Q4q}NIUhqyi=UGfjcNntq6-yR* z3U%Yn7!paD&bM?!b%$-A0D~2#ED5$OPyjUcHNY6QG!1m82TYC|Vgg=2!A%6{K_UvH zvx{Vbh@hlBMVgi~gY{g97=nRG)j{kLE@+PxV#bR&rTgl`TmV?L@9q=}RT^b7%$bQu zWj3=35s@G*fv~w|5@p2HkiE25$odRTJU;r8UI zerh+o@KCfLy^{rd|NU7|7v5o=(uRR~bug21mI{ck&^+`fRJ@O?vJ0-@8BeRPMn#6j z&#$PJ!q7*~ZX&$|FfXlQkOO-$4*dr2W#1#cde3*1!X3Y5zXwWd?J67d3iO^Z(O?40 z<_Wz*VHwIsEt1h@bk;~nP5EdulAbqFyFbzM2>J5J8foMU?p?Jj*UAgm7gRw8$8}Bt zPwTy(Cf(vBu+~lBX^Nr4zy>Y@Yn%o)a~t@ojsxogI=_bVz*l!4Sm{9U^;`&6I1xPO z^7F(xswtUQZi_vps%Xx*@>GsBKX`n|8m3*$Qi@0{o*#Qa!U;zQ$v}geG_atgSWebuSVuufz7vmcYgv3apg>2>ErI%l~}{AsbN46#6>0*!#p3@}N?%nLf^8=Q zG3XJ&odNWhHPZP;IXc!?&~qu8p!So?KN5?{)Edy)f@c*^)8)Y536hyf--JQQ3lS$! zpPuzLWEO>r(Knh9)3@lRq_1RUlBS5VyN)F0P?MQ3nXkOL^TfccAUhGy8yL220_w4Ucl?o} z=E0;q^HpXzCxxArfij$?Be%V>f>kuvVE|c+&9^yM`~Sx{<>+_+;jtS2JvE_M_E4>Y z735pzw?%S>Nt`IQ5Ijq=*|bV2w~dydpID-8CicJ)D(B8k!nuwxm^qjr2uHEgzFAol zIwnr^)3i~SST`K~?XeF!aZTF5yiV#a|>`B>CUWq87Pws56RITZK3;OBFYCLvQ>(REVeo&X0Bsy zzSlDT6MJwM>)G6L*8j)r4KLAjA@c$@LGt>Th*Um!X0Qgj5mpBoS8+C!bBXHIs+9fK zgp7lg2M{jzxkwj7Zxz8T2C|i2>)_()r&@%mSxdF(Z5}vbhAXJ?w#l_(QZ-i!`=V*q zM$eyk)BsVGlxcFT#8s=&QLb;mgGHv0j%26amBxQGZI*2i_}oS_xxNkX6~2 z)BZ&71aYFuBAHZ181Njj$gjD!Qz*}Nq3Pl_zg>tO+wI^An=W<#VQSA{Mso$=GU)=B ztu^Fe23SK@QN}~%4)<83BJ5DVdFWB8FuW}j19oC^9x}DeO8&@Z$-Pi)k;EB>8<{Za zLX~<7LZ*RxQTXe0DystUXR~rX0J{Rx>M(W*5?t%YCh67@j`R_!c28K-%K&z1&`Go`B=@3&$55^SQeOt17vYe1?(~Q zU^SUxqFHy;YAUB0+yH$gMo@_}27XyRqx{&A3H2qPKNvh-B-vLS3!u00P<#>VP1n{h zSzNGw{BLkLgW|UzO4VfTS$+mZ+hWWb8vOvI__7 zx!`5PDaw;wTeK+X4icCzk-XVn5PwuLcSW%Xp9f}NZ*dM=*$m$`W}}9z62sTFrdiAC z_INFNWm@EW)vjy`=H~p8HdvfI3^+r9>6#734 z|8<4Iuwg}A0ol67OQi)1w%z3WIi%ZBVVUpBOAb^XRHgy;Bv>DB7Zi^<#8K(1dXmL~ zARXcWdm(22r0_sPyWN@->>5;Aw%yo2-N3X%&02%p#!#@WN5Hy@TY+eeJ@)xfw9l@8 z6-+JuwQlR1bal%fzvB^D)!kpK!=I>rMW=u5ZhwM{^<5vHKb!Qqe_H%KJ9|~Vf2Uqv zRegK+)=s$=odE@{bj+(C&6_#|mI=Rwle$62`X8_#E)?5_4WCVHfc#Ed{_Yxc5!`v9 zhd?_Oh>iGC^Q2{1@K|aFfWj3B^16V+1U@+c3;`daj@(Q>Swf!z&)eo_pzF{DMQjv2 zTkI2-8_cCDucRzLv7DE4V`K0Vx9b8Rn)|M;=-LaJ%?+dosdX#B>NAn*9+N%1=HYoF z2%{HEWB4F)Xr%LID=3$~qG*)3r3vUJ)-#%)%!{zYS5}8+`eRL_Y=wLwpmS=Gw{_g$ zq+~Yt4m-iga9ouV2XrkG$0|3F)t(%!jvSCM!#sbk3yJx9#jKXHB;jEF1fvNAvj(I) zo+>%CW98<9Ui@a{hHST}G6Lb*#iI8IjTL5noTaf!z>0}QDI!$68NbSG2Kg~WkjF!H zwzSkQix_E`9RYAQrd8^@Wf~BK@875!NA!#+1$Yy!{8bqkKfDZqMWrtz2G&DYr{+}| z%ZIG9dI>|BNB6rH6u4@J>qR+O~$dbuUJZj^_9 z_JT7*F1bs|Qgd!`f%hRmEOI!UC6~kb^BcfD^r)Rb7Z9g2gdsBL`Llx8IWK$YR6h^G zj9=IQ*bcWI5({{STtUrNA}_SnSqGR2;zQ+$j(uI03~TD_47TV@nj1SKz%hr&m~({A za*5Ly&}``8zs}Fj0Dnb(++Bth95EDM3zo~3Ahe8sh#VwTh3XSd{SwDBaKq6S&7w8;@>arwen1#R6FskezW?D~xEs&S*6EwQ4=& zc*zy`R<^uiFJFAaUhk|%PiOM=)od{$ZU^X+6`CTZae-e|dO|~iJA}S!i3mfx)+n{x z-ni`RW3^E1%}-Y|bVI{tnXz4DOZ#6L&cq{u80ErgW z(v+8M6z*%tWJJMms%;G_4%T9@pIJPv@W2mBCe z_va=Ki%>UbIyZIqk^rqqFUZ*J-SYa9O~0pxcAh{Xq%4C#<|{NLrH$F)_CC zj>?PlZxAtOuz`2A0EcoXMlPr@{Op4;{P|hjpgWaL_gcx^e&eeRXvgWgUSF}91h+6Z z_ONh)>I0|42>aeC+Yh!YequkA5^$d={u#QH8L%6z1%te9j7ufA^06$%%z9FEx70y& zHH=I6NHi(SAynm9JKe&!riQdh`gP7pX0My|8mzIOTGW^=uPRYGnKyI-E0GKPP493_ zwOxEtwB6vmWOp3CDF19kBNoLcfzj6g{ivb4BnUMKN4Jbot|Zpx!Z?f7)MGRK)Z->) zujsE3w2uK z2QAeuR71!`_EoQ&vcym&w<+zXOEw0sA^7gW6Hw)9SG!4RiOS0zlBNwGH45~-_k|Lh zhO3p`;M4g+$jZA5K({zpo0)wHCfdGSsZs2|O)cpJ~Y1$}RqQQ&i5k$#A zC|%EA$XuheN2O1v=Tw2$i?KcYRuGD=kA>-cV{z?dFt?1P379RRC+m=Z3;1b$0^qd* z=Il#rgE#`qKEdb0kcWx!67Qjyehq4(i&C^xf#^9>paA&~Vx0z5P6;hLR9CHi1)h2c zh*42`5e$xa5wqr;se}N5FiFT`acSG{iDuNjxLg$20=MfA1Dm!pDIb1#P;3 zMl8T9idzy&QP?nmDvJHEhe3*30fkaXEoz3p^~~O3KM-kX-R_EQpWyb0Zv4abEFrtD z^sreCaA+oLKIeekgU-=DC}UxFsRsrPsbGlA0U z6_n2w^|r95AOWp9LvKigZbY<_jTYrPB8BG;S#Ktx`4~?0LQ{D{>CR4Y=30)kh|VJ= zBH`1)$#>7Oc=_(xgE8MD_5gnVFF~%4r++Hd6Y=$rBHzc`?+m;Lci%mG@b~wub(ej) zccDjR-VP87Gw%-U8d#!_oCJtZlnR(){(-D})cw2{N5@;OlW|XG6w4H8j*dDv7`-es zDRq#8)anW@&;7KWY`DH{(bNS%hGr{<-Cv-#E4SUlV?7Nh@EP)J z;Sj!LDRu#$*dFAE_P03fHriDoI^!>>_oUD-@re~5YImgO6GL1+rs@-fKtGc1)6vnB zFC|j>`tcrkYegy<>w!yMCsRel7`$Lr#%19G}Z17jCfsf!|hc9&68#&O@Tl4mty{5MBFdoBeE99?55GS@ zz|NupQ+B);@o!x`8&ID>b^P<8(vWn`Ac>Vljh<#O?^4)>OQe4$vQ5TbInNOw4`i>r<@ftc z-{;S=-#)*5WqS{?_xF_6@qFM%?r?^dbtSYc?*&96xv6~EK}1JUZCF!>u}IT7I@%ob z&b!dZU8T%PmqpHAAjad1%kM_ty%C-mj(J$0rfSo+Ks)bzq4e4 z-a|~=Hu&!z*4qFe2<4EC+sf?^-mUh#kv{v))ARH^Jx|Zm^M8N-6954J|9$51)d12G E0J;KtbN~PV diff --git a/k8s/manifests/charts/cilium-1.16.3.tgz b/k8s/manifests/charts/cilium-1.16.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..eaca333a4751cd3ce9cb43aa026a62aaf626ada3 GIT binary patch literal 204585 zcmV(~K+nG)iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{cN;l!Fq)tFSKw0jMD~WHNa|sWxtkMNl0E!Jk{L;!**%** zHrNf4ST!3x4YVXq9)J5is4Ae*&89?oJiC)GJGu8;iwzVCg;%{Rl8G#qd#4MYo8F2q zlYjX3|MmO*{?Wk!{BOVCul?`fXn%0@4}*g@{o(%b&G2CVANqsg!O_t_u>P-r%i4d1 zHa!1_{x2S@KDqxP|M4_ch8w9;J!&z=b0cRwGK*r`lWH%@V?AQ+F1wRyJYuJ?S+0b6 zQ2E_NB{Ew5d&=0o$hB1Ih}{qEpDAC85yOp@V%yBNl|uLM*Pc}Wp0*fc?B7`|b(Zke z6?DP@7>&TnA!4DUTxJG_`A_=`Yiulq2Dn+S?qw_(k7H>&@r2EaG{S#Mvtm=RQfbT{ z7Th2-sa>a-O;=1Cp2j?n+4sd%+u6V3E>M z+4YH~V2!H~3>!{;yHyD~udNW%MV6`DAf76n$$62>bj}DxM>GV82-|Kv%9Tc9i`2+m zFq&S6$uvreSf+D;$+Ik30YDWCHj}w{;7Ov_2z&l$M4s~GN0r|tipN_JR8W@(>aqnL z-6$*^CL|qzuaa-AkE5Bc5G>etY^HMNu=A&ju~enqat||)x80(DQ8EP>M8`D(U8smB z*CLj=h>Tlz0{z6PPi(iGx^2DT04|Kk+>qPtwZ=Yp{_xNOKFlEmQ=bY?ND(8n2Wb{E zWgK^nQI6!S(1Jx=3(XRFM`uCBqKo66UESEz{Qdaka*ckr*>g9finqTP3EWe+p~XEH zSuV6lji%WE%q36x9B(&l++$;7sbIKFHRA|JXCjg_8Nr)isbCxADq;6Lm#WZ69oMRI zgs}^^-;73RJdGK*m#HZ<(;{*}J%+IT=)0QPzW}5iWR05R*dBZH+?yk@+4j#(2=@un zx@NSqn6z|($x4ObWombgh>F}cEAe2)KQjc&f`~XA$c2m+)ONOFS{NWi!lxp^-D^8D zo(smcmh)7^%qV)Z(pcWhxZnvBX`Cr(SNxeHeNGLxImaI87MENd>=T4^ZNq(9-3GzL zG8H2kR1UksPLST%a+X9zOQf}39y|_Aq%)OAVkuI5d~n1L!W&O4yO0a5ZBq{1fiMe^ z!$|Zt*-z5GU{NHro)t;5Vk#53_jzK;4Un5iev`tA9b}{@yxINgs5Y1Q4hQ-)&AzE(Pw_l9vLd-4D58Q|czS{md6VPpr z-Cp*b;fRce-0nGR?BkeI?QUGSlhr-#PTLUfi3;nK2!1bgWqpvEc8#5RC9C%A+H0UPkt6$ugPFwP*3C0++>3Sj2e!(~t|Ljgv$kS4^f>porl1@@rvNQ9PQ4 zEBZwgeHj^_B3lz9+DNV!kjgWn&(o`kR(7H~x+^|R1E}?fH zCMWT|$c@zSM28dukWWyJhaI=Lliq!p0LZlgpQK!+wIy7kfj4Hcn8_69O^+N=v4R)l znmvdlvHuGnjmhP-usnHq!TUZj2#CajC~dDYF_VvCU9Ir$!^DbVFWYIBrF!{J195N5 zomS%Hc3LiY%v74JszMzeuW+-$UX!4Ez*8FXbpE9Fg4=#<*n_mhO|)_{CXRx_xE;bW zeS%5L1}<@!Cn@>yUgWv767V|9wgp)gb$?<%wrbZ@KwVajzBQR$7i8J+q`E!ouz8m9 z>na%@zvGF0AoKBLqExayJrc#^DfN|Erc|;eG3=nsjcWOG9JiSgXZH93=ib=8MJ&Dr z(f9xtBGp;s0d-zl-` z-t(joEaNiQ?zr(ROJpGLJNY-35vL=_QB%OQNJNBZaQ*2!9iLr)utMBcmr*3+97Vn@ zFCq(`dH9>@;n66`fs*|UK%knW;Ys7RwUq@ERQ#G%_>zSxaVeVL{)^#BnyMm2Y4Zg< zVlw1G#~1R67ef{fyA`k4glWkbWXL$802d1*@}*3@63H>&_T<3jYo9NIR&F9I4ZlP`-%IY4RH+g9j5nRXiHcu(8D%Pd_6`b9-$cdF-8?m1h!L>T ziS22}@>>i*y8GCQyY{QFBb;2aSF$I1Kqz3My3iB8ELALC_x?R?w|FLhD5u!sS?2#7 z^ae-0{Z<7-@ow_Ii$2s^10A^iJGgfR*CBA`+4h5tR7Sz z>rt!A-c8=Ox`1`78`{9S0s5`3$G_FBA>U=UxhkfK&8B0pLmd|H1Ih!O^g8 z|9`W8@OS(FU*o?W_Fg7}%|&W?c;qQS0h1(qcmCM#UGh6IlZp6ecJ`57eY|DoXXD#m zYlqz~q-OSueW1LNy8!}iwBH3gt!I{5(rdL^JM3R|v=B?)+F@pui4pr#S|mw_X_L!z z{^v@AZkH9=Jm;3TT4vlxvVSf_l7S4EYia-%QpH57i(HUCbK&fMmprrgerw0Q*6?Dc z%CKm`)45<#E{(LJ3St~Uvf_+P3p-V(Z1$8$I52w_PA+~bWKPdZDjpnFNPKVYu=ilH z<;yG)Bepx}z1i*9|9Ol5bG+MXn&^mG+O%RZE#{U<2a24he3}RbKe9y4=csBD@N+z3 zGoEMxjU6HFzZ+>?Z`AF2o>$mceX6u2cOvdZqG4|JQHd4`p1x2p7a^8Qp|yR40E8!` z6-pD>h+u$?764Bd)2?1=BbMIf;+5#ld+hFB8VZiO(7;k|QL!7OhKyKBV@J>A0@|C{k&PCchp4yCgM>+a|=mYGHtL;taHx zT`e+>2Mp;<__sa6FoE`K01ALlEb|`$!4NbpHcW;7Nz?(-3wrPs7k3VMmo9?GkGCewQU3J2Fr@X3Mx@9 z46eHU!P0{C10u(Ux&{9;DU##{TaVbE>?P182C@y`yS955;k8>hwsk;Oc_vP zhy80TX1qv@ZT+SF-+MiKN9|#o_7~t%5bp^$ixF$LHv@M3Ht4RqU^r>>!l*V(&i-r3 zjf_~L)LoIG%o5mQx-y+9B9gt0UfHpEyd*Y}T4_+wyl&mS)g=9Xr?er&)~-#&vIDI8 zT;yvv=Tp-Fmz;8#iONkm|8gyH1`@1xG8WA4YL>{QG-NgsjL$*8md0K+)Y@t7u<;DP zE>)3&AWR1g?pFIHKN2E>HDAtNDT9o*eTF5=csFmh+Zuz0E47vA6)xiTgZ<-pSw zi$%g$_Tt*HK$fgXjkI!t$ni}p;<+%4W=0*EkxQYODooE(>=ejx&5gLQ*o>aOX#LtW z+_bM`YF@M3g<#q;CNdSVA2Ua7S&6*8qqK-r8sk+IZtX)@jJvn?Ewob~^oB=0Ht74G ziFLLg-uzRGv7a*iP4J!;xi;J5Y`c`}C~~JYwAZy>sN5hx4a!%>*+R}2_G;!vtWP?a zUO4OF=2-*qQH#!+zYVSMN$x1#k%E0plU4OmcXp3Up%<|4mW3&JVvqhpq{cbX0O~iB z@%1^PJT`1u0Fl6Z1V))DJ7u~IwaK|m4K2v;d5iVmSi^kimPiZ-L?MPq3<6?^7y&DunG@U$#pm1}m@yIT7+C zaZkC30hGUQ?L^3{AqP%S&Dg;1rs3h?bGx7epe*I4g7xjpDtm-DLpy6b9~qBWAMaOC znhJLppF|PdkzoCVK_a!xR0`&l+9P)AzU*p-E)YKzJdragV(8y%Re{2;LT;QK8^ebi z)Qq7x4oV{Xl-a&PqtJ1f{l|Z`P&+A8y#5-X25d%b31P%CQ#sF9bmKlJ?02I??n$i+ zq4x&+$43^1w5;<|qz36}2XQ*di!qCp(CMym)!RUNw#L^*ZK9NOn7FN8z;qkV85 zq!#d$t-zH@&Qq0(xaX3*)T`+MT*aOh6Xxp~(6S2i>e-^TsH+xXzk@tcF={=sp7FxVd+bN*&F zd}~K3v^XQM!Me?6_TgBq?VDbU(9N2y|^^oS)gEgl14MkQV)2I>UZcG?rcG7xAF2G-tyz+i=9 zF)M9D)nQ^4>AlEu4Vlq5*Y4CdL%X9>dz@X}IHN1D`t?i2GUL}Q|9@31*F{(|2i#52M#iPmjsc-I7Y87bq z@SSc0QG1BvN|#2cymn*qd|seu7=k#-=i7A@>AlQV3dZz%o=eNLIw0ri{Sz?kxu0;e zVDJpOKHt%=mnauim5jDacbS@Q%nfhZEeU;5EeIFM-ZC|N{;L~e#F~G5!(rO2;V=*<$j&XIWZ_~xuSMm zK4R^`aQ~oP{dqcK|JemHG9$DBj>G+X82o$R5wT=~yt^N5dEih~)&)C9mE%#m3n>k?BCZFO!bDX@<|Kuq|OUGcA4`2tULC{ z6Kz|JSl@NHt~F#L5%*xg%5r%x6ETOV3I9jM$Y{6s`Gw_ZzHU!y0i8c)p6Os{a2&B+ z-QOi9;krn{&k)elS@hX3Ez?M_2f-HnzEqSLWCjRPaN==Fl22eSj(F@M} zweS1=_~N446-iHA!cxT;D3Ytf0JjQnb%zNP^?E%I=IZ?R^U2xe`05E*DDG;O^9Pzt zGo0&_AD_f1wNjO30X17LdFK0$C#Rn;KAwJG?JQF!GsL=QuV^h}FbOZ!y`7JueFl0u zYS*3RLU^z@f4up8`SI-2#kmK3B?R4h`azm#;RD`%l#6DsyhqwX@B|FQ7^&Bx$#*Z_ zz3zFCKMIx#i>@KP<^!7+hAriMVL*Ese*Krk9uD#3{QC0aRb^XONKswoQ&l7}`X@4;K+w98_rl}h zd-z|jFUFVS+s{{%>yM`uzz$mv`<*fii_UwCk44R*NV246clLEi>{L1dXPFnNkzOp^ zVNou-%1-%y&>IeWeWvoVbxa=)d;Neyv-13R0{p8wTi?FxFf4y~H+k=&oqz!>mO9D> za8~(>aWufY*gte2s8}L09^G+!hXsx%uRXEOPEJ36{NeoidVF?X8;Guonu-6y3To`t z$?1iDZLc(*Po)8ky=4^i%Q1NW@yDz4>-Dh(3UT(5ndf{-PMUBZYxZG$_VST#&Tl`A z&t5pvr>`986OHu51rA(&Hv+fnFSQ2``a*+K_+H-PU~BUC!7jAfWeDYo!}ZDaNVP~^ zn3ZdK`rY-%kGGYdCb!oobbeq8QR5UKsYX|?bYzmQx)=FFE{)KQvw^lZ(Db8kSkFwq_k){9vz^Ivhk8{XVR@U%-WFNCTzP8FJ=Uf{+yDrb4A z(A^)ToNx$mE#Txzp~2Lg3a1iIJy#Lv?cm|x)xm`|6%jA&BfpU0&($as52i?I^MY7I zS`5!^qK6b*>@$@E3nVeuMS@Yq9uE4*31X=<+H%X8^?p5$;MaJL|NeIVU-fq4Sq?RH zsL^NI`woCr_DfQDE zfgYj~M8tkT&%wI<-{N8Xp>t1>%-`}uzfBblQHAbhL(g|;eT`A*zUBODtWEzqG zXd+Nnvi-fg1Gu~biw&oY;9408hqbrN$}J;jC9UJO0ot;Kwa zwur(gRLxzfSX=}6iq(e@(svR9+h2r?b1v`*!7Y_mgv=(SFkR6#-j_FbGW(R~f=3J7 zN1;gyl`R5XoFJgE$iNF*8p#v+bKr)A=VMp1r7%3^hWDIyN__uT+sQk~u)b?Muf7q! za?@?taCWny^K0V{x4X`riLG`X?cYf*mposcV5*Doqk97(ENz6DP6p29*oW_o&qj>= z`up96|Hu7@7C({l)V!z*x>J5d7j%z(LAOGS{Djg7xqL=jkING|)bg0jT`GpI5nm-1)9Zciuh4t+YC1i8z=-^TLvEqs2#-VGWv z;4CQT9ypE#se~pfCTrRG*)4l@&htbHZP=N}cy5Z^;&m&R;x#ym7V`z1+;&x?h{<5O z9_uy)rj;7rUdw;F#QD@owLW2)&T@`{u=aSp0uP-m7xeIgy~9rP-Mj18&70g_0+EsT z_7Zsa?i$DzDJ#{$xp6Y11v0^eO4DgxS&h>4kEst6l?rxsa(i&JcXe`mbigS8O)KT* z;OOz_fb!GSXLtSn^zCqP*rn+B*seyZljk?WcXGbCiFhK$lZZ!<;}6(4WHpiNVlu;T zOGxaea_|Rb+IDM|E_^*O|GBo1I3zVbBr+Fq5tVi=`vOIl>r3U*at>*1pDEfxu8&9~ zp6S9zCPX~XS52wDdaXrm9(4lQF-xq=nV1sg#y7OGMi)aC2Bzv(HBeR82VHBwX%|^m zj3t6=QHHUk;(-LLKd_jX7WBA|iX2|AL~zTFQ-%P`nv0mlg2x@kA@rqekjdzdJT76F zGXgkbgG24GfaSBI+&xbiHxz#gk*f#@)&($gztR-oU)T1-nc#6EQ!!#yxRzH{h4Jro zE=(@*p$33FVKXih9fC9Y3Vm5dY^WR7BBLuHTn{pWJhde2-8L?Z3%xDX0a~OG;q)Qr zrjSMznw?xv8e#gt-4SaGv*@q+^uPNsX-(%@9YsjeKuHiKtSj*k|IEa4Dq>Bmdm2Vm zK`(6Gs*A7~L9^zYw>D=tfj}`%C{f}(NHmyMXKHye7t2t|8Ze%?G>~QbgYhJErK^lk z0}1?;rK)B2pmm0fU*%|G^q1gpfooy>?R776@Cmn60ZuXZ`6r17x|iHXq16)^vD51_ z-Lq>$O1VkG)B2TyS0ts5fO|f(tv2vOXnM?r0apjitt1gdnQRFUT)6&p;_O+u7iAPr zuE4&bYY;<=2IcOd9_1Kruh5rX#kZ}tHn)VG)2Cpc0GLsPb0`2Jr#+YVaLjp3I;Oy9 z&c5vwS=P#yrZ|&2QuiWXd)6RE>+<#!=wzVJv;2nG@JEurOX$cIT^IT%#EpaA?OLMcW^PRdGlq;dm@i#6qgxG4O0oQ>o93{ zH4~2+I$47hfvv&DMyL^_X*Qeb5P6E}beYNG5Oef!@Y=03u-D-y|Gc~TKQR|SlHG-t zCNV!pUt2hf@rdo|mEN1_y=gY9AMq>~-Qe<5GYHOSOP*19U=Qyg znc5?S`TTas%FGG~Uz`@`n~n?+v&>8yt$OJ6>@t#G@=R|PFZz5qP>l@y5g4qrSWZO_ z6G-XhO(9~2f!jwtrsvDy@L>4%?H4>7i%Xte@<()){A(d+8xTXCx)ioKkM3NwE2tZv z#5^*$(O(&Fx6@LUcB{zas5F6%$PbT(gM$M^{v=%m$m0fwcShX9EnA5mhfp3oJY{g} zW2VTwd|EZf+Ovty(Qqf;J5GtQI9GuwB#3d&RYnb+MzDSeDQWoX2a(4zGEGp(sqY?J zJPXf~OEkfO56^V}%JqJ3r5&$R-Kog7DjqY(>ezDyxFu6}dX5ec_mBSCJMrq|c8jBu za`QJjC_>H`Q~SsBINGMa2+IoK!O{L(IB8AT>#fhZeYhOz_OI$yxy6PGHj;BXaOcE6 zGp{mm!Nd=*dtWtk1m`e=i9Zbov1?xDS)#Z(ItZ8A@)cbzf3`Opcugk>qh~TmPf7+> z5MtEjWWNXtMMItdk(=dM%oja4j&98MNWi9eZWp#@9?aD9H)~s8ueQ zu$`=!l&m0>hXkEhFtOK6&b%~521#EVLmE{5CEVDhTu^Bixr9_2$hlehLI&9>0oZhv zajjV@43%Rcwhu7&Qf9-W;E8QpUWhr5R%EdGwls&LCuI(?+sXCEKl~9ZDF8E{i$vPj z9}+_R^HuX)5~(Ziv3Ru0Az{t!(GxNI z;o{_q$#@svvuQSCiJHrZ)&|m)#zuS=hb8(-l?Jk?Fi)T7UYpozs27 z({}(mxQ&VCXC$M#!);HWG?MP)SEoOmcZdC9zx(#^@Zj|mbR$`}1as-3)YLIF@QE=z zS_Dro`Y35uKpuP(JvvJl6o`Pm#!SQ(O5JHjd_5fn5!2bw4K%Pv?~B(!+@AiSD!uv~ zA(u`yJy9`>1zdcd--zr<^$h;2dtnwGdw%YuasS&*h8>nnyO_Xa4Gr4`2t`0H!2)Q1 zt=Na`(T@@p-MM7GS+1t;eXrgZ%*g1@DXDnUYfZD+sqH$+)wF6dJ+(&<_7I5Cej=EY z)~9Nz1jKk}p3q3Y6UNx=w078!C)Zcws}Cda!3Aqm#B=fgw7^m5T{c56p=Mk#H!g`t zzX%mJUZU=)HY~=RKa1x&l0R~Cg!%r{yYntwKi$)ltCQn_BcByio0p7WV%v4ckYKYWwDUHw6q-Ja? z>@6|5ZtXmqT3|0Ll4Nh#9}M?f7UB0Q|Gt=t30{0igwPEmj9@*z8rKWpq%oVywDgmN zJok{~!)tsX`vXF$9=>bvb=elO{SD&+7lnz{L)t5?OqA?O&e%#7ySXTxrD%WE^AYv@ z)dxm=1189OSEJ|jYK-dq3Puoi0)VE%f_5JFG1jMYZa9#|tV7%#INNh)=|_(Uqu5-r zB1Ma+lVZHv+P6z!7A-g?Cx$vincXM~m>Em$EGgzP)jc**TFZLoE!G9*+Wnh9=x&rs z_vb9(X(|%;C#XbZ)P?JeezO-dI-WZ$@XCAUWqo2^CxCY7MGogd1qL%(Y@C{7&wTg| zq}By&L`-d5))q-gWSyU(i$Sr_xrr7iUsVvmNL1T1M5%`wY49o}W~4|#6)np=wP4mF zc5TYF)Iq%Eu5LIBcIWjlr4)Fa;Oi$$#}34`E|$X2&2y(}R#})HJAu@~WL%E87M*$@ zfNO;^TyEqgE1++AKF3V`)TS4#Fn$cUj7xs!7sc3rtA|wNdLgs2n#&jPevMLTrOjUa zg?MC@uSgN^PfmyB!itwEgyw;=&m};qQw$E-m*0_4`+3Umz648+sSPzt6}m~dGvnl;9< zN?_n`=p|YotG>lRpaJMAol#tCWmj%D2t8LDp-*K>z*S}d_*ABzz7$^?0_FkkDF5&n zU!d|aG(0!K-Y!W$D-wDT*#pPB3|}1kQ@-JiQ-uMmkUijGin<^gnbz2cySn=b^MNI+ z@&vd$Qm|dSnS3tN-Lf-^us9WaJ^H;;KFs|?a!dyRm{&f*kbj~?w;B7H zd!e)w)0#HpWVf0f=1k_7^?>=t3*^REmBI{*E(X?1n)cNVg&)Y0;?sn)O0X?jV9H=y z{M!ZF4*Hj}RW;zCrt0$c6J>#qE$`xVj6e>@4N%q|FF1pj@a65N_bNZV8lO_LiqPam z>5}dX^}uF;FX*@CJfGV8CsIj5wngI6R1_7tCxXxCy3=Habc+9adegpce`(qF(D1`) zpnk3AHElKy5T=y=!hUH$nCf;ug&Br2VJ0;ym+ZY6BDKs4Q>wc`QgY+AcHjixf+T`^z&AtdP~ zf836$N^eE#ez^lB_wWnXQ4WIkLo{gBUgG_U$d>f{!q0gp?emSOWQs;U38g;tbj~ zW~}`U#6a$5<7%>GPU5S*{jN+8T{py32$zJ??zc82pIGv2RLN%139{$WPwgHg{q|Zq zfQLe6hiO6Hp(4qcPYD4MQ6ZDq<;c**G*ZhYcPUhB&iD8X2ZA2xM)+C=>hh_&arpzj zUJxZcZnf@_ZYq0Y$z)&MYPA=lb6h43?Af#XdiVgb5!E1*pi72T~(we0$CUa#HOfy=WHAh_0=7xBuGNJ5m;TGuIL@nv@oR-k=G6->47V&9asRt018POoN|E@X;xR){(ty8 zjK6UML#m?}F0K`98tGs5 z5YRJ08X&tHyrW*n>+#X1Q%TMj3uE7TXLEo#F8I9#$wA3M72PcdM)W8zyaKKKF2|pR zjPOXL1~dxkStc3=T1CkBA4LS>5YsfN9JLw8F)ckKE>-lOLmRG_nbV1QwmOV z)c^ry`4R<7U?Dn-bD5qH{3+W6sO|H~TIeuqtWHSZJ78j^K_RCdR%UyUNgVM!MhSC= z^3{^-J{kzZA`X`SnhL<*-iPpvfb%C-nD45r*CMVMANDgC^32gFObPg2<&h|vz;1<* z9&K?iQoFx=X*@RxUbP_FJ4nPWC?&l%XlP_vK$Ux==+xupApJ6!lZ1ef;sSDt?YPT% zOva7(@cG()4R#9TdoLr7(Kw4CLgitiY<>Q4m&MvzJJk5nA3X2rzrG>8B1^hT^h=)K z!G^^1;HouSu+YPWcwO@Rj+USTFwkaHij;d#c9}YcO;*xsS4{4HxbNTU3YexL8%m=4 z(O#9itHUykLMgP*e^cq?I-GItK*lqJjgFXzEyV?w- zBIr6A^+`iO(;m3L3A16p+I-Njb$C;4KRB$mKdiSuthMjAL|N^-c`pX#z^#A?Z5qD- z1zdJ-^m&0R(q$f>u88fTt@%p=M7$V_NuqAfZhoZ*k;a+Uf<>x1=D%sING}K$ak)Sc z&(au7acZ67FZ&5(m2fpGB@Zq!cr#fQtpE zFi(_`?eC@fVQ{EhGKB}_)L$oSC4T5W$9BQJQ?vV3IkGaO2@|$EVU&s}Ked(2<{{~F zG@(HK9A3$j08yRiJXxJrkZ%ZyV6}i0$T(mP-Lo1RHBV}15WMkjHe?~jBm;4W#e%A{ zLOUz$&vTv@3C|sx9p((Gg=d65A+%h0I!7#&4P; zPuYI|Eq)bw4yi(7;cR|TA4T3{!BRXHDO*4YDDF7G^E+_wsF)U=mw&DvSN8ukDx&ab zE47W?;u1Q#7bsCaTPFH5n^e2j1A^`CkeRXw0}7OM1j^F@P$mRqEv6H&xOf*P)pTir z$_)X0HWvAH6~~CF=tC8PgxRH1o?^)i^XWh&wtt`20I5LpAu3F@oX~uc9W^h__ExOyB)R*^&-}OC6K+TFuYfZst>=eeSmxey}43zuvIO0*Yya zUV9S2KN9B|TpK;R|9U3TfBJI|yFj%M(g@H6a^pYvckP=Y_igYReZyznp80R}v}mg_7{QdKu2OX+x&rry;GE->6Li z616@J1J7$1LH<+*sI_pH^_DfugV$)-TXN!5N-~9P5`ukqdpq&ZjY}lkh^XswMQ~8f z`>SIb;CZthqF;gL=6qV4u}p#`gIxX_v0|@$PP0G-GUyEt{^_+(6;J{7S3!C_d76&Z zwp*bT1Q|Solk}+$aucRm0EJ|b4zq^SODaw@)Iacb4=NWGn9M99LC7fsM|Xj)-^I*FXHj8T`+Bq~Qm73~ zUHd{sJZbl~q$3o+5NYIN&@BBZy+l`LdT+-~txFT``m(RgPx}@>xsnou5Ii2=SzeyX zyZbV{bvF{r@Kc*n(>8L!L6(pp;g(!>prdyI!72>1L8u!ml5IXiuw@%SAwxg+Z+Y$B zcZkum3qM}aZ+KC??Z55Q*r6{P)m`ykGi&n1`b_cJ1f@_IMI1sUKAp4{Upod`s&IgY z8a6v@bMcu?EnLx@5xbLV+@%C}x)W*4Tq`mafYp=e_v*v>q&qks3|_C15(-Xdnd@ARd{X|{JnqTG zWP?;{nD00Xf z>s&?cFF*oRS5Uo2P0mZPz%={LS3%`+ZVv)vhuPI^JaJZ5i|XTSc2z8IZFdoWr!pPX zY50}jxgcL~FnzZVz#<|9g;*zBGhwf8%HK*+-ME zJ7f{pM9#39`iG#Um$#@#=uqT6Tz2gRxJ#01EF$nn;8CP#-!@4YRw72%!yzffcGo983{&dY7Z%dMrDoAD%>^5~Aa+`clA zX2rBh3h%w^9rPc~XDU5|k;ttbD;pIFoMk9Q19p#?(#=!Kw7S1DyLiKLfllb)SF9in zEczB@B2QL5b|VCfRaE%=YXBt{hRXzW0EAQN5$tyQC6-t%rJq+Ib9OPxy zdpkhzE>6<2Il^rC`PA4q*1=gT(!zt9-&lc9I|OT>7{J_6npF1Ff1M0W2ZPr zx|n6AMP%>g2bqg`!E<0pQAYsZYKWABqC z+HcV<;6yUc!HuU>Yhqy+%n8F1rS1v{Le0g}GDSe)Fq^Dn5KyG>iWuC{MVg8v2u&!{ zY51fZ?hEC>!vSC#_7|7d5_}gEOut4>q}PDZm5QAckrY8*IM_L(^_S0u)Ijh~5Frw9 zm-MOyqJ?GBOEU)Ia3@w6iFYSf!OJ+Ih?O!(hQI}5xrkSne=scDC``2Hc6|ftjc6KP z^6A0pu!!}Xded22yiVMX(XHa{liJS63Bgq(C7_rq*`2Lw*4FmgE_RfLSX`0!st-7~ ze3s$4FF;a;ld-AW(5Z-o)*OTKEUet=&ixwvh|ued&Lw%@cy9$7WjwK$O$e$-l~~2S zRE0*2D@ZtxNj@|1+H=EVk?@sA;hG?oiGtgQ%XNC-&?PBxN0aW${rVAqEcda$f!3~x z+KWdbQ=vuPB?i=`Q=!BlrSBS*=Yk}bwrTkYtShsu?54x3MC2N{0`t8P8BgpriuY>| zTq*is4WWg`akBL;Bi7d~mq_G0s3Uf|5D<{F<_QhnKvXZ~9q4B}s|Gv1DtB+>9>GIp+#bQ4mX(_9CxjCej%@sO;1 z@Yea&7*lG?TgduV*5mh1TXt!iL)wazLqZ;cgU8QuEq&dtox#TVEXL+hB{Ix$0Hs37 z*eUo?jDmqY_R|$TWfbAg(>Xl$(5OtcVEEkYPHHnDkDdy0|IwDJSB+}N5a_r)YTFIc z2^*l2plci{11El-!eNE&!%J5# z!qM%;GSu36e`^+tEKw^F1E;Z41%+5p7`@9p?j~Ya95$-o-hMlG0J`&m+YtCouI`$> zf-rfX;h<9O1qU0SX{0uktX`)-oU&JUzrTO|cl!St^tZ?V$ptw1@dj@Au_MGbD^l-- zG~a%G9Mx;s37?K_E#|e%)TaHlK^#D1K@OMl{nmv#yOjSBB;~%Ak)Rc0{=+qpfRuu1?FRn|ucU=ea+DqQLdQ8uTm z8{4`;(8PND_RVp<9EDfq&15bfc#`y5_Rsh9S7Z4D@&$EO8=$)j*mfkZ#?h^l2}<=_ ztZGDezi+iIs+H_>qV=5RmmAHO{o1Mwz`-_FFFWJdNExYgHW;fjECrQ}3}zTR0r|3RSR)Q$_o1B^;``;kB1KO9Kc8T&5JIvb~2E z?s%EbyW(ELf!zZ*U7p6>a`-(ikw{j0y{_SSeg{BKNR@RllQ)h>F?`xy8qN|A zWmK3E%Pg@s#vZnO-D>h*g)!e1vzf@5mOpz{Wwd~NgARWvYmZSzLPFUT%+XDi30$JQ zGT(%cgcb&4jD9LaA#jLNMIT1yIFMySyy#(wf3rW{$e&RN^1If%QCPfE!)A$k(BZWX zwbY`8=sEXyn8iW=_z;0l)-BSMjgbvHY`??ablBjq!}bRqcC_DNgW;PF8y+5Z*x_K% zVT1l~zeDYZ{ew3h0Nr742gmm7(f-^04%;8TIeOE9q6mlOjF9H1JmV4UptkK#^eSr-L1V0bFmO9M|l#%{&!A5CPQ#>^MxZXPFfMUCzd_@=jsx>>THhkdchgY&jFA zJBR*YveHbGKEcnwz;a_$W27k(E8Gf}(RvG_~ssOv84(+?O ziF?J_LL^IedNHm~q1&}5idYu6Ff^~{#Ufs~y1hSJZ#6 zE3n0*Wm2J7Q+2b-lzq%Zdg+i?`I4K^@)dl2!UNN@_~pw-LjX$%dP;2sgtU>W8d?71 zBMgHzp)K3-+Er8u(Cx)dk6Jd^<`~-vGi*Hv0e^8LH<*EL8f`xzk7^%tuyYYF`CZeP zy2SvcPgD@%r7g3X;+ts`@883uNCb%V|~WhJ9v zAxzHCQuLZ3mSb&@(p~SDjWfn(#r#>)C|?tQmh4~fp2(p7@@ zkF)#`^vmjcq1%Qge?{G^z<+PgB_-*%QfdITRurV{Q_nS0%k^gaN?m&{p12MeN+9m= z)IY5q_%hRC?aZH^SSsD~M1lh@q<5UICZVrE( zG{kJtr%PlxD{fZgsCQFoQA-;+$<t(|Ipaxlr1U^O?v(A9ZiVm&xm= z-^Gg1%VSuS8trh6s7EapuX%;HfYTI-N5KA~rht-z6j+BELAmz96~Au8(^1Z|3eU@& z4+R?F27O)WeJxqU{99ngdT`=jc!Dcsc7t<7hn>7kP6hvmZomd3L)&h<)dD zsTbNGY~QsSGx{OtGoEr5bG?`h0T4%G4B%!&j9d5t*5UP z0=#Dhif**vxzT$j7Xq&j`hgnlXc>!$=TK;)93Its{?E}<7e#`5jsSl4y|&wAp`voV zvG;v0cLogigC&DKneB~t20B2b@{z^LPTVQMUFKpGFerzy=T@r0H`s+7z-oEjNg%UL z>PCfJ#5@A&Nn24H92#YcvJ&K>N8P0rrd%;4&~9K}7Tb5!+CXl*+zrJf!!bWyUoa2| z*{cudx3A0W;JQ366=^y26|N$Hzcf{~bYH6Y;D1G){F@!W+T1s45{g~Ms|~_%6~l@^ zjOdo~upP4fOk<05&tX~ZQsTb$7Oqpe&`|DcraDaY=DiNfxYiFUCnw7(*D}KTv}9oU zYb}5l`8b`a-}nL$mbC?F!W{#lbWQGdnbU$;DNVXm^)T|kq{@`ma;N-9L_~}cdn5J* zI(>mV_Dd|%)fc!R!0nq-kz#~|GK)$*XCs%QL)l?d;k?A@gonatZN;0``l;1!TJLhj z8wlk7Luxd90PR-JBZ0o-Pqlzl%NrV;@@OHtun(DwY#C^Z*zay zDgVA*LAlc~jS?zu7TQ{Oe0Im5dELLaZFV*IJl=`bukfPOu)zO#CZQ(9Z}dR{oO_65 zwTDBz;-qkrhQYa{f2-M+Jb&m+GA677)E*rS4-VR{Bn)JhwFuiKA{bV#S#=oKVOc4& z;8=~MAPmOo;quW9Fer=y)^{Wh$c}e9>DoF`$fMY#@688p%;^#Kk$-x1?)Q(J6um z?cVk=FN$&F(6BB&M2RU?0o#aZ2LmbLMF|Why~_634aUY1Q6qrE*^Ltn7-Zum;fP{N zj3Ut?P!CrCV?dn0XvW5db{c`3x)NLwPpXl@^v4+tF!JA^rT4@}&2H#I=nr8lu=0dv z_dqEO`HMp;fU9*`u?x-BM&UNb(n=QCLe3Y-ip5e#s>s2mmkP+yoGDQM-bGGRuDeV@ zDKWb-{GvJm&xPJuNscXr;W0PdWxC!z*t8lgQ!P)9MNfccp&GgLdZHk#!l=qCa#9%8 z^;7N|n{yJS3iFxyo{Br$NRgDD}B!AFRBIl!?@ikA7lsxo#%udWO#u6ug2X z&*M-!egFz?7~k1PGBEOhUr6(UbxU8LW>~z*P0h|C^gpXT^W}e={nDl@AJ1g@QObiJ zvS;hiTsc3Fy2uSW)90f#)Zr_I7UUIb{38a3HSb{rFai>Xi}%49%&Kz&%ZxOuAa8E! zs{%R-{6LM$2(m%{_^`4y$kWfe5BULd5x671%Eg@LabhnLG@HoW-U`yy%Hl@6E-3^x zkEr0EqYTuG!DVd2IZ0(g2~$$=-YIgZr}!5&^}+@Pgp`2CX#ecEeE-7A4qd%a2Koig z;uXTzjM$oS<3WZSpt{h$N$8-nlyM5_PRM$Ml{aDz<|J`%AD@{jawJt<{EoLDP4Ghkxva@?q1r6?G8vFDh2qO4ONgsGuR=;#BM~UHA z+&G|u+T`e3_6c|U+5{>(?c4HsZ14zxnBW}pOIx`Fx>da;zMZc`)lmIX4~dQb5ij#Y z*wQOv8!v>KN5og*vB?i&oAIkY5Z}xLVw3;FxAcD4;QNqUwql)itS}vAB1bwUPU5t$ z|LZDOR&!*!R!PDFcR2)@saV&zCcqvU+$GOI4eV;MSYY--`dFBWir1Z`5Of!264W~f z2XKn=E`7m&p_!%b6aKVU_#(i}Z5nb8AM^%Cz5Q}0g-yHYE>7R-zT-17J?e{D{O0J5 z=!-XRkM{ZT!O`2}*#UnWPY;iHpGVP~Xb=yl`~5eu5JyJ`!=c!Zqv0X%zda80$7|l> z&-jnCFbT`%Vv^xpoTGPGPO@@YhVH9bA|tM$BvT_Sd~ugvYv+25*q{VhaZ~o)GZ&}s z-Id*hReVzWiTNB5XHaQ;C|dK$+5<7$#^>X1W`y zR#P==v!;wR<$rf?b(d$^sLbt0B$xo}jc72PL8*mErP}1+uU@5$BaG{C1MN@C=KexL z-_0d|ytxw(CC$UmsQRKms%ggee#XM?u8TeKpHj_@)HA59HezS$N*Tu|wt_vPVxR73 z-6x;g{UQf^ga)yvsfxwk4mkPKqQC(5hx#f#l^E!kMil(wDQ$`=Xo@OeYY_sKa~D)$ z_LcC6`-f-cJiV_0dYS(|4YRcuKeor0XJa<%=N+bM7nHpTHUWDwrez(@MLpT}M8#)P z=LP6`-xcv3>d0aEr|VR2P+d^joT^>Z&M zy2Hp6a+_cZ$h}PDkw^`nV=@ZM9YAO=X=-zUZV4__tfq?ro(GhYOaAyN^%`2ARn56H zT7mpawap0J=D#?>Sf(e{FTcXnDXq&hQ>S`|P}rs@@pXvSCNZcAA6YI{Zl6G`#S)~! zS-bUJQ^*{M>2<zC-&!=JJDa9Y*X@U1qrsX>yX5*qAi%=}g z>P<5t)GO9R*BtR`9}Eu;gDy|mM3A_6|0LBMlDBoSV%_7suB53sHs6U=#$|4aNnQlV z4^$NmURRG{Ww#eM9ttnaLZnvq_0@;gGS3AXDQ7#A8qPq7O%Q$^==SXryQpX;*Tc92 zfbhb5{R&Xxe@WEN#>M{|#_UvZ`nC}}&3k`K1!Yq}*SaB$m{fZ%8xA9Z2q3(YVua=Z zjB)X?D|nRzbU^?olW{t?7i2J12mUxt+gfb@CBjFBnDRu-$gDPn) zvqV7JVV0M-dd-^`=)jdD(KWIy$Ss^#f%dtgYUpeVa@&v4ssxS>}hkh#ymng<%nJTj( zWP*IWo%8-H(VO>Jd%v&SbXa1^lUp3&Thw}b$D=zno0WEHz{cdOhIgbHeVMX|V+za} zmkHFzUc(wdz69;(%749*sd>#V`D0K51Cus{HI}E48-XMSO+n^UF;lrfIShoi~3d>Au~nnDjC z`}pOQ^Zs7s&R@vxL`uF$dlEQg%(M0ijPe|wQC$|WmMN8cg%Yi9=Iw!B%5v&wcF46w z4df7~F@YSwZ*?^R6Wn!c+P}ZGpIkYKvLKI(xm=cc2x>}KDpgUYipJt(POZKdW|Sxa zJ{jobQxF^l%;S2fX%$&VU>|r{e<)rOPRd^C=G*$-I$X}9{8u0@nKE5Tm? zu{pMsZ5%J=5P}QA#xQqY@;r) zA-J=-{Z~Y~)~KB~g?4^36gtBo&(HFxe>7|{R>)E1 z@x?MOJ}F@!!+aXo{ASDfStcmviApQFOM1&epm%8#P~Ii~H78~I0l-DB<0~io%;vGk zL>h}UlA$~1*iew)tVryG#=VC%PjbQI6-dcceLir2%}WQ^#66HJRj|Jl0cjysYl#@X z3O=i=Z-#aw59(fWaE9!JQ~Wdz*!EbZ0-Ak+=!_zp=R6h|i}bJ#tW1z@Su*lH{6fDF z6G}_f?H2OOQ+u$ITclhdoKz4+@d?WOm227|gK|>x6oE!2$CwLgLd9cv%P8l^$~f5_ zC_7e>8n0(qPt{SCy)~L9Y7YqT5r2XF*7c|-if6!@`Tc`_zxLg^kko$eQi|%PAS(0- zqytsRE+P%-19d}lX~eQINUMtyyh*fA%u#K?AYyt%RN2rdfKuw#o`BNasJoUUq!~!X ztEiq)q~@E|E#$Xz%nCN`*Xop;mGVxNPy5G5(>GIb#P_Fh9E)iR;hX7T79ENB_;6Z6Zg#nQ*6D5|sq6OE zGWlB7`ziZ3V~M;MsnB|otEp&~Ib9R` zAWcPZv4rE6?yu#yes3`Rr)T6j%go4U5b$k&6%0r+!AG-Hlh{kqRX3q~W0!{74XpWe zJ@5LJ*j;nLZ1U>FcL?EEgJYwt7_mXW-(OaKUWz50+(CbMa2b4Y_%;J+hH-RoDdEE` zw|jr%W#vBqW^bz(-%?^Ij`s)qV)`cHv!jD)zkf7{k7M2!vuVuZ!{g{EIyf54jv_vI zb2xl+^!E5*IGu@@_um{JMMvNMmhv?Ime-UA`t9y15Av5@R5d``-&8L+r*4e@YYys$ zRH43XS0&4-$bk|vyD#l7_K(nuXG4H!wc@n*HCMB$xQK*%%Dw!BuC0Z9fnRGOf3Z_5 zaq*}L`C5LTIe~Jh5O^s)(KNRJo=^u&>j=q7b?x5cvgujxfZt(ML?YA0HU*?Cq z@x5Hvmr!r&yg9S#cCNjj#=lX&-ouipXJTeWPtYo{B2Qd(NjnY8%9KR6C((0x-pXyj zWT-^nr#>y3j^W9tIw&tatNtw5*;$| zm2r2T9z2i-$rl8xCG?=uOh!e(+&*{PamgR4JRVhIQH9A0gTImgi!^L5jHVzFo1PqAiE6CK;%ukXJ@UE)NBfV zZB|ZzqHc+tiD(tM)Ylq1Jh|U2QctB=-J?P@iJJQ!B8e}#zN-qG;8GL(iBd`MLoBqR zke%Sydy&U7avVC?1TUmEHQ2lV(WZv&(VyC9*B>X7^RsrReSUrY@w)xz|JtRtu}D|V z-4UJ7nTjohz)5Z|=uT||OrPvP+kk4qyJcxS`a2EHh=0vRaCJF*Cr8hFHKT>4s^GMf z$o1#Rg+-uM2{QA$!de10G}OmFG>&EiH(R=&*$8Vq-nH>;N zwD=mQ7Tl0tq}05Cx2Oy05Vk8g$l42(jtFse&LwTQ44;KuS^k!55)&){mws{PlIPc? z(v8)|KJ!fO-4EdS>|LLqoL!#p?bvDI004`|a$Bnl0b!qOZWvvxt-AUgi&R2YO?2g= z#A;4D^>w`MgG>Qsuf9Zi{KZNdU+(U;QMvf?y4P|oPkcl4vuHh46;3ab_r~Yms2( zJ$)xLmI^b&!pCLAO<4h0r69ay$`Z`vd^VF&uM&h~|CJ^yio%iiqFx2sJ&rPEvCKte zT06eLD^Fu^UuNG=uGvz>qQ@>(F4Vo1xJ@uhnUvUh-vpzyc535rUoky!h73&{cA;&v zXo0TMr&m^FHAU8I(UW_nPF0!$9US4VE#2Iqkr`k5!i=T=*?7Vzx`Sa>D;N%DwqDnA zvIWNC|s7KD)-Ubh+KUu0HP^62B=X(^%fixZnvXwq}q^_T;jX z=5wM{Vxdh`Y~c|L+#d9M@PB)6+kb8vcFFY}ibTI?RQpI{3CZEXH=)YWH>Ju^jViOa z-yenGtZo~U>{ zu>*w$6z}Oa3KYXKyFUp3w%a?-b@eCvE)4p;0d1Dbx8?fcGN#Nzht*a>J8PA20P&!m0WfRdJs_0%j>cE5|I zkYv_fa{W^mWc!xPF1h{*V2zrnQwIN7oKuzB=7q?4EbI-dTRUDo0r@r88h~7~gO|cj z7c#xOP?6=Z-2k-@_PTW+EgM9v%7u#VC>+ZY4U~0|KEm;U?QYldqHVVt#w^@&p_mxu-_e{m{C5tNjop z1Oyxcf!Dx`+s$IPPXIJ<)rN%V*b9#lJjl)?J&d!lr_J$HE!Hq>D zK{@kZbq#}%SPPxw?u6n);ewtw>_x1vs^u{!jgrSFQqN` zZt|YR-0+N>MQevac5Yv3gy(_`OjfLH!**=jd-G+lZfU!Me*!w)SuVt0YsdZoW(*kwqegDYW~q3fduT4D^;N2Xc-RseGV!lY}8`{ zn4Yp5vOs7k7_q--mA1mkY9ghKN>DR~mME4e9=8%Tzkxq56yL-yEcrYU_u#VxK97bi zxL(L~-oh^+MM57qj#emv#83;en7;C54B6#te~^4q4pHJ0Aj(ntWxsK?ic= z4k_1*8$r3J%4#Ux2fNd1@hDmZo)r%19S>quBi7RKkwhrq!$@Pt62b3XC=hT3u-H!5 zsCz9u1EkU*esq2RHI8!h6{8%zU=(_YNnzz~dQ}+8DDbku%Ym;gh#P=f**gviAmF?4 z2X=cpaqOv+_R=U9T%!dX1WsuD;pXGshwG1_moaKfAP1C+bwK8K;}5r|lT8C3y=35{ zmkfMV9XRF2-KW!~?J2{+i)e zHpkCs$fc{(QU=C^xzZj2>#yBNC@ulGptjJO-2_G4&{$$}IiHIhIFj1vKq9mx+glbr zUErArf4M~f_E(DU;u0w4wd`c|Qp!bqL;Z_oG!+RuclL-^Kir;AUc(a3U2&1AF#NSIeF<=IKXje`9eq|6Gd#J&lPvR?Wjr@4 zW&yHT*c(%W{O>lCfuT23{Dfgr11;?3Y#rMP6IX$7TW&yx;EP5$p0T>t5NWOICNCnoV?-d1UUmxE@p|0q)Aql zdVQrz9&RlT79=tcStb#)&y{hgv_)K9J7S%jzzpmsK*MB`fqw~4V|YE&So`yihGqZE z@<8Wqal4Rd@#wiTZS0jtZYnLP>XfX|h_!;N#G;Eue-fM|w|I5jbfIZ&hJ@>qmfK=L z6O6d!xG?75Wt9Q%J{&WcH{xaQHh2@!)a>L}nFEy41;Da{3bF@rd#6XaFv2ZyhsjxB zxC@Af22u+OZ_m(vS5rDT>J!fyJ8rvS;vG_$K}jd@$B!y<8B9pywaudiTqfQF)F!0z3Dhj%^B$C6%}YLJ zl)Q&gnf+dCStg4L1vDwk%lbi!5|WJ##v9JIBEiKIJ( z4+>Dr?LhXkoTsr`+GRuW5!(3PBl_-fSXx1ZhDY{hd&u$UQ ziGcQ+Q5i4wDps&ag%-Bk>yA4mul{g0VecmI0Z^8!dCr|92pvJY@e5yxEw~QiT;7X( zS2Mx$WaW|}A|P%SuRCyHgf?9@FnyH6Q1K!=2? z#g=;3WcvTJ_wLV)+gQH%{H(tM<-WP;-nC>&mY?6aosI7`PZi9wZtrJ;za_0tyLE8k=QDR@9Z&@t-N+v6CV%70nv9WB6vOsuGfD(!Yh z#ga(y6LYue#ied2e87}eGKtNRF-MuE>l?ia8XiUW$^J=P7{WB;fXIj|J=^qQK#{6T zuMbxRn%;LfMD2+}*;EN0wLKepQ;hCqIH~mTGgnN07(~6<;5n7E5`1`{o-4-w@GY;^ zxFk_isy3?kjB1)fPw-Kwu!R-bV&fFlr(-*{lZxLt7by_1!=Fhs!r?aH+k$;oTYFm{ zlES^mI6Bi3c}e54eUm{A<;yJ+1dtM{cg8+e7v(SecN~;qrm^@ z;k+?`?1fETI3`Pti>LVV2!~qptk;X!sJwOj-4%(HZ+F&abTStgo@8v3b%W=h#S!zF zAR)W@pC!Y=V-bxum60fDK1DNr0h98M{DLY+ayd4fGpX8n4cBtPnQc&OUs?l&buMPkdkQ6@--mejYKLs zPhuY{n7hOmMtdI#zaPZ{=P?5~WRb!Bg*6&!g{jJIka+D1BbC|=+W-a+a3QtoAre=R zx>jBt&ATJ(*}?qK*m)!WY8$l*tYzAoD{XD^T=|x(rfgL?VkI0U=Z_`na$a)5CCUqR zKY@u}P}u#F`@D*Tl9wQPsEI4Gb_)@vV-ZnHDNfkGNEs~*5L=y=rN-k{0xJ5(3Mi^> zqy+RP5iJkBwZKEy zfQGigLMu3?x>(7D!7#y`lUN>U4KAi~ZG+FBXNbYisXNVQ5%m`N=yN7nEQ4f%m>OpO zI(b7(C!7EEd+(2G7i9xD+Tx+y95A{t2u`qQQ>gjEk86pdE22lmeMacf#2G8Eo0grn zbKjF3Kt(1cE_k8_Mq$67@MvyXLr&Q~fX7x~*2tGzok95;f@VflwXL|k0F%Z02 z%Bi=)8;uIzA-Q0UlwI23HCg~DtzaGS_TMFq&*Lac@tvh6Eq$>K+Ul9jrhKi8S@sJ=Zk0_`Oj23O_;d4R0fF14E~vf1L+*5nvkK+S^NgjcqE-Vf*`jZ)LM#}R3#RkzZAT1AOK@;gQ3bMkeaTWWqo z8?63+H0hss7y0?ad4K*)d}9boYLd@{c1pX5wWLC;yfLFF3J?sf>_u%KNmV$}Wl_9M zPvt}?65-ZnvXD`F{}pyUlz_D-+Jao9hGe|9kIhL)E} zG>r~J<(qv9x%4P8{{TS~y*u83k72N|V+!edxh&1U#wj8 zpTc`7xCYo`v;%GuHKtbcbU_;o`bUGK{e%9|UPo)MsB|3twk1(x&QFg)moJfMVhF69 zX-MxsBjKf1u>??<3PtuLp`o3C8KM+U1RI7vWRPzm2(H*bCh-`tzoG9jBvjk7*C)L`*yIZqMBMHnu! z9o+HJ{SIY*6f2+u2@{^WUkKMAz5u2FF@R%+h*H}?;ofD$+(O3CY|cdRHRT3Y zQ5S~qw{AFJ;urAoTA>MDAu>!UYRj_}_h;}?tKjJ8IU=8py0!U{kG$x)aOkj;l~b9> z9de+4xV=s6AiScK_U9y@lp2L(3_%yXRY&VPSzlVosVbCo*-~dbr;H#tla*s%o|{Ps zvkHIFwTkkm+OjC@-$q_8A?*t-%p6JOPXf@CG%XKIr=0UDzEA4!Zt$Z@k|_yWV*0_xpqW{@|boyCc-y8w|X0 zueU$$dwbmxlvImg#qvs=;`1g0ZX`c6@^i>p$(*tRs&|+aQ`U|=U6h+nNG9=2Lrn-0 zCuCB$uoKNVhh%K0!-Yn1BFqxVVNvb}^*jSO{3Zd05whkiWNm&nDV4RLpg^Yh`<+?H zc8vGBs$<}Kb1RnYsjxsrBAweC1%}Sgd}Eq)Wh9!zi85vL7T-q6*teWrHn5s4IL&2c zF0x}}fn?4H+>~X$H+NHZ71c<4FOS^eRjRg2HPqnbN@VVle_g2*M+b+xSf=7)uKcC& zbJI%;-SI_VC}KNr1a%xv+OVBGZP}qLT|kyr7)vJ%ZA}2$JbYy$WF(nQ)E-wB<%Y>k ztf@_G3O6?fbY_xjz(AYdzq8y&Kn|Q!L2VXSqE1KXO6{+$KPO}skt-4jTrC|RrWfKD z^9m`oG&sb};HXlOm?e|NG~N0Xit!DRzg1)S($=>e@YOlBX<6Y6Y_)L&Cs-mX`rv;j zqEoYtlW~IBkq+eTWOCc-FzvL8`0H8hbptYepm5i-cAx(l%U16y88fl|v zYo!(BS5)wcN*5x2KNrTDNJ1oPc!?AS*ciI&+{XX~=w3xw<9i&S3DTKI)t^Nh%FUVd z9CooU!4|%xTuYRsNEAu}`y|g2T>BV&OS>t| zR~9PWOal=H$XrWAx+F?P2f)f>%*P_lZ^$H$FQg!d!imD~Pznw0`J#_V!{ntkAu@?{ zhV_0c8Y?^E!MRlDVwBC)I5b{Vj$GQEvwHzT9L19`QhBO#065?9p@I`c`liLU#v*DdPgyxrsy~m-i>?Hpw6>e{_ zu=ir^-73aTbuOvNY-esv-=&?sj2Jow=V=COG#ept6p99_(N9SUk8j@J{CpXQd~vE1 z{id;yeYF9UbS1qHV~S`pM(0;o*B@^`em=k2IluaRdwp_wb9Hikc6pl+Y6Cu3C#M(Z zmj>~FAc>`ll^!#C0Hc_J8Ja727tg!l$Yd7x%ubK=j*eZkDsoG zXWyF8qvxR{aLB(S=v$hkpL~Dyose~|&aN*$US?LL(R@xg-~9IxoAP4c@p7C5CzV*R z@33y2y>etFGicW9ZWtU9EWsv2jzC?pM(sbWF98? zApU90?+G_aGJtcL>Q6pCdqkdycsJp)GkF`bLLR@!W(=>&QjkxAAb%n(y=c}IV{k~@ za6UiI^eySm*W4BHHjI3+}nm4>Pf4hEZGRSIK>9 zpaOChdL9D1SnU0~bv8QLanu)DDv`Eu}nPa|n_G=7-|CYtfPwtf=PW;z=A#pm7!PaG@Q>6U& zmGIv*9$ZFpRiU@N&b~PA-)${pB24T&?sOpeIkqGO`Jbh$KE1rrif3NeFt5OnR)Oo< z)2uAT?KEU%#}BE<_oCkIyb*u2{TfC6hj4|}= zLj_XDt~3WU|4>vg(J^ky%_4`NibHa|T~z>h zf&!yU{#_Kb`dG=%%0)GW#7LUEcc%o+e*^v0yhXuV4Ga+aS`8q2$S(u$l5^0fVq4!8 zvADCf^!5^j@CWRpEqzRWRAr>;Mx@s|$r0b9OPsR+9^AI!JdXWyaMm(cVE(^m6qTsC; z6M{k(EViX?j1R6EvGT6dqW7Kzn-W1gW_*p@K8w(sk|@N#6(BqX2Udv(WVA3MB5*bsGD)eC8!c2qHMwx*E}kJe6?-8HwMT?V7>6kc zmGGKma|w1@{RrJ!v!@Xx6Mdj7#ox6gW*X!JU=N~+DYvg^twlT7Jm%6s)f@R z7{#F<81xkoDE6VwWRqVof?$B|5fOM_&h^`oU^wcq6my{6tZ1T?7dNkQ0=@RF2Rj~N z-zpE?#I{D~D$|JBkZlPgaEFDZ0 zZjz1~&<2LNbc^F#rE`r00z>Cg-#)Tn3OWfH_;2+9h-7B%_h;XqUxMM;_3in0=fjiR zGx0R}rqk(UzdyS?b$`7+it-#5V0e6X=Okj07X?~-#?S8LWYrWa~>yQoT}*Ns))t?vYXFZ4H$qv2IANrFEJl z38_D1@j{#ABgCAa0n{qA8; zJd{NANQgU2ArkaK>MJziY)eX(T#gbk zrPBUImEEq(1y2w}4~Qgh9uVKI!AK!&ZTTdcZ@EUk4P-Uots07V@+mLWQq8-Jl-P8w zx^%1x*+8|6cwgY+_ER?1gG9Pg@$LMzj3>ra#S!}vqT#np8~KGhUqo3#FjbFo(zt^< z0I{hs@u84*Ikj_LTJk0SU3ww?93u9A)IT}lZD9QIf6{NZTW|Cmu?xgX3Ld@B%DFIU z2ko>jZa*cfLEl>CiK5cDOOZIi)f`@*c3R2}UOyaOpK4b7fP&!1FnS2jeI1%@!?{rB z75};|Ql1P{;Yj* zcHG}RILg(px^Vm9X6NSSgPbMhoPV#3_q-}ruUQSAy@6MJpxelFgsN2fW5^nKJn>hGcP-~jf# zgMHLH-1P>Bg^Y+4Dbk!pch23pQ+n;o^OPI*o6m&dtMhEb`Qqh zLHDq~KY+VqZ`3;)p+R@h>kY>Hy`!;zu($8~d;Q*EJn*2u2m6P;!=po&|9@p50*%LG z{Afl!rI92A2~-uT9oaNv$uE2va6FUBdtJ!zK(1v$)YR-Y#I$*Kn_y;pKfPHnZC-wC ziq7aS!BhMuCKGfF`g`B3k7maEe6RaWnPZDF*?$7p796R-@g3n6VsuW~Uj3vQfX?}~ zM5 zreiFp?=-rMn06;@MHdW7OYFli^3l#4p-xq^vo?Q{d@o)- zOP290$%UB}M7N~^!}4U74GhcE`Ada}M z$vWcfu0o2NK_7uQZDq?Q+x1+s?#m7(>sdp|dP{|p_4eLfD3y$ zby>OJPI|1munYyc1kbSOELn7XOh65HU;Q96evm6WCuU}R9sY?qf+a4B^}!BvGz*A_ zHrCM0=W#_ZyT*QsxgL?CpWGT+wY2YFu5}Jyz8VN<8Rf(ZFldDXea%2<0A!)itQ)HY z4sB`Gdkz-O28`y0BDlkI$+3hnU1v8h4n4iY^WpXBP<@p%EL@8KHLcnd=d#clNZ+`k zdl?ttL})Bj02vDtP;egk+F4JgHRZ%FBOl!=by9NqSqigFP|<1<;e(uJ@kzvH5xA&) z2}MIB(^v4_R7*r}WDiG3;H4#nQ#DMEKBs6xOb##4wVx0v!n_H9G)N00AVe`{jz|V> zTqupaC{%H(>dt72`z!+AiV6HS^^hP4QUM?L27D_Ud`>^jzcrFOx~Gi~M<;ESs_}+F z7N^q{hbl?mRpkFeWP>%)gs+isp%nR{_yUl5=?D@-rnCEv7D<|T$?`-Q?EzsXIO<`{PwJ4GTU zf!Fa&Ryu{u(54>2b7tD=yuE>UfP4f;2V)-%e7Jvz_Ku+E@Ai)1s6T+?{-E#ej_trv zhyKB6(DMc!9PAzLcl&#T(XQ7!Lj7*P*B$Kl(fIIaaBwsl?eFgP{QZOdt~WsY-6Ma0 zuQ%!+c}p6OYS?x3WQkE%E4tLOlg`m9Mw7e(D`~>A%EN>}GsRi1SY3^o#aN;#nZ^?1 z(8+7%%`yK9)$vL5U-j_I>f!5ZU6Y}%uWr>vO4O|-)u%h$fMjZ<<+M^LLK~G~LRm?y zjtiBLT_ZMBGC|L*SyQK5svpa1$1=LHZubJ$RgIae-|Wh4MEgR{BL z-S0Qi7clSsI28)Oj$I;zoqzG z#v#YWLGX62V}l~f_W~7C#Jd!$Oz#79BMKyX7XE$ak!Z%8i}I1X8Tx(wW~dT1n=vP7 z9N@{cAi(SU4MA=BLCR!Or#`XB;`xL?Umy!R^2ZcNJu8H4iT9maGKMEuUWniC`+e9w z8jaBSaL|Q={qE5b^akGk(V*Y+j=JN+!MK0ucYBBa;Na+BaMT?fb$h+t{t<)+WlMU>I@TGkAvpO~U6W zBJ#Pu{mY;QjHn8iNWe)1Jr!zg*pCvaV+MIIbqjfuOmv8|$2lj<0*#VnBw@?R^_|um z&@mxyJ3q!F^pnifC8C}}eu#*YI0Ror5;}e4egPf~0=nIL12E%VK%p-K84oE4@Q6Ud z`=+vfNsjb`$YLkq6Xuu?D4ak(x=Ea%N;xA!zr|sQ((dR^XdEe4xTvTE*}O>^{4|2N zv>=S@!qzMvPVN#I7zzaN>^%%U)M?3K8xkzS!LH1^O)}6)fZu(zPy;3t-%7=i3V~13 z^qon}*-ZLw*}m2rK4vE;#GCF9l!i#&S1Ir%+)4sQ0_YUa0Zhg;&6o7X)gFD+8j<_S z6c~vzG^%@<{w$?oGB_y zqV_T@|2ow4CJ@QNy@<#-WtI3^n((JmvB^*x(kTD}=5rFw35E;>i?))Qkq;(8G=f2r zQW~%+5s=o|VV2t^Q~yo2skzmn`g9Qo47U|6?d3wj$4HsR&wna8ue?gmPPMTnGwf$Vh6FPN5Sp1s1slLA?GbZ2u^Tt4ANo- zM0cqwYd}(_2wHr1=u^r_Sg%|PG&+l-AQQ)@N$X`pWh0J(02E2!Y10Plh-8zKjJQOA zNZJrlSSrMm9rQ0PJ139S-vv+)^?|Na!*G zgcu(WA@3yLaN1d%(5g1#c`|zdv_bEn-{~E8`g?nwem65gqe`?V-5W2!0?s{!o7px& zh9uUF2@4gosSpA>Nqx5hb5sD?NE6W86q@xNU!>6tGbUH5rw$SYCZzH{LXSk0CM&c9 z&O;5nuh3GG%C;oe-YRcoa#d9uLmo@X79}Vb<*s(Kz==tRn+3*j7m%4i0sTmP1c&Ko z39~eqn0<~@1${mKcpVgD}_x6P$U%yEeGdT)6vc^Rs)5WS-8S4mVJFf@Q>MH;Q z(n1hDTxmQ08TDY0lT3kPWJQy@*v>?oI`yv&PCk4v`w`$V@)n+PKTUFGX4t$y|b9krIHRxQ#@F zvqou-lvq=~nVUyDIebfv-1|O`XWM|r-V{Ize9^L-n^PciUaQzx77@-c-|}|9+XhLr z!5eUWasl4Tj=YoU;^iM&fg`UV6yO=Z2q0g!UmzWDxkYFV6Jknh3PTS81+wKuQu2rC zT&Xt=CYX%tIw74T8p#!1U{;Z7h*V$0q>}^4N7=ctuFz&+t`mk-SF2^ zgJJvugw|6jaYC8Fnhys-j9_$+QqXO22pJc0Q<0GhZ)%In4BrK`b3+2KAMs|(@&|k2 zXz!V%?1#Ha&w8Xg5B1{KGihZo09?DbjDXVzz_~-EOT0q;RUA;lfXM}8>vEolFLAc^ zTnFR+VAZ3w*X<83S~UhM@3xSPk;Qc(p=A=tAK5SZ^evmf;vuYbU70=4xts9NGw`BQ z#MV?bduTSqHYW4FbHx0#6Ua0=BaLmc%0C?i$|y}GnN@}_x#97fLc5lNYPu~_AvA@duPmx!#;&gUxelJ0RO#y@*29sAI63=zlCK z)zW)iQs}#gfbV}i%V4BSe-GDVWSC7&1&9zdf-P|8eK8C?!8=MG(>^8VW_Z6)^MPsZrkTT)1G8c-B28n~6 zk*1S#K?P4Ig=xFgpTgMz5{DEBf$|~bLbFGZA;`*`p4w+3YE$exEUqsK{8AvMhA6e^ zYe+q1TuHm6^n`|yM;S>v;6$r13DTIF(htpK_==wx>@ofHrIg(_ij+|HK2f|) z2tuXqNVQuk=v8<&?Hby76S2*1$-(?hDM^V?J|Gcz$Qz&0AsQi8w}{O00Zk=gP@p^%3S`2eN@OGbs~exC+{L6 z0+9wb7-`TPNE$SNk_L`Yv3!77BZj$5h?p%%tSn3nlm&`qS`U<-E*~Pca+h2|V%adU zjF@9T3X8Fs_UKGEG`$0yzQ|KSC78UeObSxpTR-ItXEvnhibMs@ZRQGyHQcKTx3jz} z3yj$mg$%1G_bl{4-nrPI2?8{M-r`vNePa4ZE2q1xK3LSHO^h_FQ@5!Lq!SY1ObNWj z9n{%Y1eF~)@l`W@)6}um^$+b6?80Agwy6f7iVKFTOWI**{Sb}A;uL3V_iO$>Oe@zmt_ zzB6Y^bx$nHGt>Aa*Ca|-Wya#ImLp6?#nDvhu_eJQEUu5mwc7p!u5$=x$eY3t)0q^pO;Ff{ zr2#4%Yz|6RD{%Y>Nlhu7&jYdlVVERf6uHZi=}ZVD4WPot_8>D|@@XK5A1xxGdTvjv zRwOj;F_aNYdY$15`cn**qNki-HArJkvI9Fi#fztJeo z9y>)wcGS>N@S9{!mws)h6(Mbq>F_vFX?odGX*t!JigJE!;ufe>e!QRCIp5^8MSLme zT%D=T>k5>?NM0TJSR{dy&gczoL<9OtopPIwLG*mAn}*=k+Kzht&k6wHnd9wvB*ARBW|E28ksq``tQ zgn$2nH-xtRXW94lcqlVJg4 zJw}*WGZt_mZ}WCG!?CU6rk*Yn%$FDPbzUp zLev36ox~T=MabYInBaRv!3_JM#M2lX;psjUXCS&q#N4OjC?>)#8nS6e_+Us{+khf- z5SnQ(y(nb-nurM9;j60sOEjW8Z?vAUE$c7`L%lf$TV2ovJ@9Wk1MqKKroZsN&Ln2L zdB@|Ecp*3SIi)co*Jzw|OrA)cw7LCtK$ZUF4u^i?uOP`}-m6$K*v9#H?F`oe^1YeI z-KG=kuz+?r*YC)!_n!udERQJkEazrfI}$2)K5COjc}9Go#X7+zzU3|cRxfpRz9sIp zMj#N#M-zcuEK$<@vqwgth@TTTAw!FAH0&YKBWIJQr$;TPavF;3x5W!wR&su2#x5>j z&-wgBlgWEdE;|{}pW$$gb0O%}o{E*4UW~6>vF(!J(=xxpoh)~X>)c&=4)QL2RDdG$Wwl(`-njt zq|ri({QsvsIu_ttF64w1-=l9i<5Qt^x^u$gb#i?*1XD~|G$C-7&(;Bin&O!6Htf|J zOQRvR265LoONtp~GQ*kADPsztf3Bo54tsCG2JXlMQ)-kdB$%<=>z5&I_pk+K(3A23 zH*#9&{2L0~)!=~WaV}sS_$?iWeny7QCKoawK+Hv9Mj zQe%ZBTa5ktW_fI^2S{1dtvPPi*77BC-8AljBM*-JS&x-Evu!zJ-Wdd3Gj1D+s@VmK(4a{%;WQGoO@UMzp_bpb;CN_IVr@V&(T0b`qe-5 zn>W7d6W3{Lbxs# z0fNNsROAB|x-3zoFW~n~9C_t`^(7(nB@^6LEGE=Y{6pkx-P;@RMSj zkWIDmO&}=+3qHyG1C{+Cjh>RxV{pQ+hzikEY22l0N#nd3jog+uaCzP%mAy!QE#YNk z3-!&Z*b5a_tQ?tc7v0uMxzIphQIXYJy{X5eq*F>tNzP_4 zl#AgcW|5rGQYcQB1DM-~%j&`<5}4}eO`XSdX~(LLBBq45@&%?AkXSWB`i23Gj+41c z*TXxNuUWdL?vOZ4@La^F_x=0^qYLV>AVu`>5%mZj$te0a{ciW5-)YH@#`w{eXDUab zBX?4=b!5nQ28=<%K#CdUZ@KvIY2B;nqrfInE9Fa4`4X#NkcO{fx$VB1Jn0hLnQuqNN-c3 z8Ue1dd2uMrZl{+w5(0ApNX)Oo8u63YMyE0Jqld8d2KXVBp<|y!xsTzEdZ$@wzAB+n zM~PuqX3E2%FT5c{peAIwoN)v}f1#IOC_HW6WNegBY3xPzg(P#x7cBe_+oFn&w)pdL zrydLt$@#{8*){>M#Qv7w$(16B8EqCYF%`t0jP0qsPT@KI`t=G|AgLt-OwC8t|$Ef)dj! ze=O!!gb`~KM?9yDAUMc=_ew}W z4V)OoG+5|};1TrhII9R{V!g<_L+k?%Cx|4egL~ZsDN{hX(Rmb7UWtzss^~8&@J_y$ zEOXmT@V!hM z;s?sl=o3LErPxjmK0ZD-7i*R7>~v_5)RoGh7CW z9S|dm!&??e2hU_*3&a*VFybV}R0^{)8!10=q+lXNJC%J$COs+QSbr}OQ^m;{g=&#X z$)GI>q`Ox|N=V&jCjsZ|@|q#|c+-~d!zw4YtTB3A$e8`E4SJVPeU3#;qrj&CDn#W3 zl~S=Xg=9^Y^BiUX22nWafa`>tK>42W%MFeAILOK51E$AG`UxA@x*>W1=T{~IPSSi$ z`GT+R080F)88v4_wp=PmwdX5%%Q?=D^2LdWgr?R@TZ5{l$ZhK8CGLpYL+F;kkj^1N zA(I|%shn~%yuHd{-bhT~7WLRXFAa*Xm4MU%mmhD>j=@kPVQgn!r#@%;0YQ9A@Zp{d z0E~!8aLj2mQwezsH$@8=&ti@wbZ^#4n7>o|hcmAsFc#ysQ0!<&?C zY(h$D5U3G9BkEPb=BiUlMkjK~OUmkN^`Y7#MM+zY+531r7DkcZQuNp<3_}#?F^|>x zOOS^+N6)obBpZNBM0hmF-PkxP2jBfC6NXFAFU#n@cG`xMx+Ihni?23%Cm#$9! zd4gg6cYA9xIg@!%x&Qm?v-b^aWYztd6 z()Qs<2O$y2MIoAKFI1Sn(w0aw+n~Q^Mm;FeUwD^g;3W(=838-Pg>fl6i_+@jM1tPa zF)r$qmwWZ*>ik;f5u{u!vf-^mxeD4REH`D7sV63k&hdDRB;%2{hOJB? zJ!?mu{p^bZ=yb2U554_vuYb^ohll%z1Ao*T_;7qM-W!aL;9zgO+Z!Joj7GhEc+}k= z`FrT_;9zebp@Y%UftRK3p14|5XPF0mutQJacp9IoHz)E%c538)w=_bk3yfhatJ~n@ z#%C`71PcM_C1HGFahu2#)3zmW!Wg0~B1s~tdqkwXmf`CF&^tW;QGWB2@kycUg|?Z& zsP;`FB5q7$l-R7PLndP< z5LFVbh(ApQC5@EQY=1LI@6wEcNQ_28b4OR+R$be9LlJAUDQf56w8s%?LtfmJFI-tX zmma?q`{&O*ih0yrV1YR@2Qu&UpV?Jra)z%&1k2_Gk-z#f*b(fGj{2kBql1Ipz1|+` z@1gxeIN0|FU4M6UwA&jUdA-B^?#LSq_Ta&hhem@vc-Y2rGb{ zSk^)2dPOsiRhT6%5!v_+8=)2CIqig8Q=qesp6g`D;YpiyoA`H$6O@H^cHN1^uS1fq zieyU^AhjxRk66LCxH0W230Y6&>Swp2^z|LyX6x%o@lPf)=XYSHtv+N>r;Bj4m49<1 zzp?CxjHb(=s#7#%O4wCX=`b3~@_GcR)O3H3Ejvo0rU)xkBbpN0LYkVc5%m8-Fhd_h zFW=y`9&@t)vNa0lw9z;iB{OhppqYGR0POvlMWf9Lm<4pnKl3m)l`vEGGdyv!8xPt} zU0v!9EyNbfeRA@Tn{1F!OvSFhzB%cDvmp>xn`lDdd|Jd^&d|C;i(83kPbh2;x<@%d zG25J*SXd&mdr>~i!^;V2Oh~JrZnpB5WHNzi*3~URKL3qe0t%E$>1uR4)(6*|J<(O_ zOc4M*T4)W?M|Gvw<&yH}W06H#i%6%JH_|addKd`RzH+zGC?;=FXVL-xp{<4jbf@zl ziPrzWI`rOq+xfS5$N#}gw`J-7QgLaRT*04g-A8SGS9*WC>>{{buvA2d=#LG@DG7= ztW}6q`MsoQKO#K&M$ox}Y^uC^MTd7JdAcLM>F~drH6ej|Db{YFspI>b#aasv6C|k^k>#y5Y9Sr0KM!x2k@Tm{fPWwDq??)lWHY%U#e>3GRQPQMkrB zy4`Mfe=rdL?RLA_{|>sl{e!)~^#%vs{%-%EKiK_Sw>Rh=?EejP*VqQlpm2@CsNyuWGCDRR+qoRVaovM zEuZFkgJ$o9?P>AZ&#j6^Cv6Z>gxMyTsPTX@STiUI^f%h&mk z3R`J&G?T)2bhL=P5ZB>MO0ALSNY>UZ(dz(@;0OvE-wSAsR5YR=59wv(qx!RvDkyDb ztX0kNHDu@mo?+Xpr~Gz{UvIY31((|&KWC|CT&gxQphinl4@y_@{9ZOoOMkB>CtcQ+ z&vufP@sQkZ-{P09G8&mP-9>r^{CEYT;mwl}ypXceipEfVGmgE_5qd*Lh(h zTewrKv(5GuULaXm>18yPW1)*?4bh^&@0TG09Ac*RySjoxnJ`d2|7)#ISYWFvY9PmL zNlR!Qd9R5GS0$opGjD@>ZSr>R%iOu({H~r5nwO2Tzp5UlcHXBR+tgJ4)HO3WdFmUMDdK|yk>CwN}=~=B2!UXubN{S_3#O&w*j2AvZ zrSHpb-t~k+i?yOo^(8i&8q%htbcMPN)Rrin^z$LI8>=aamtBXJu9oJh_UbGXwQFjd z>S>zlXqjs4CHERHy*$^|Dy?PQYHO0#Qd_n5Xf4&$)fhFn~2&hSJbh>b_c6dTJ_$)DVZZloRfAHo^4u-B>$T6^9$R z%sjWs&InIg=MGGxK%RONR!fJ4YS*I8rTDj}XE;XO%2#aqd)5u`Y5^|!^3?+TY5}fO z@mF90&PG<(HW95yKk{ms{tH;9*D62NzJ4|8MMY0Q?FG5^TG=Mc!#u@w;XWZVODPCg) zL;nH$Y^st^*J;sclozk+1v_lGCzE-d#&f|V4hzCeY1BjzL4O1T7m7JU0A|5*l7f&-P9=r9PXaaOj z4~w$8R+O1a1#zbGBc5MfV1_3)14WZ#;CA@`mMbmt9W+@>K8b8W$CdGAD@Q%8CT$fC zjR1R#pAhk})dKgGb%znVMf#<8Vj+j-!iId<*KX_$%jGY-CdDrge)2aI~;HI~HjKH5n)@N}eDRkPd1a&Dr9i-Pt)n>ad zmvvp1&GKt$ZemJo?QR9AOZn;0M*dvdf>K*}qrQ~dwi{8h+o~IpD6>6p@?txWd@H6? zt-@|2!U`*!vEW8#GCdhHM83lzrc<{vXhm(VOdnoTHS&boio#k|>B^p#E$Wo(wGZ`X zV=sUJbsF)TAZtk8h<1=@SRnU;&7Jm+NLb7Lv(k>aHHt}zbBTLNr$4(*E64#It&6Sz zHD8Tx;aTM^`*mbrNA{(UZ07HuD_Ly*v}?vCIX8PhAK$R7ZKC3uz#la&BD6qtSTJsI z9A|U_1;fa?juP4S8KTp=ras5*rq<p>Ru8sa`ZOmF@w5yxja1bgfZapA8nbreRsB`FNDldIs z>bK{7=L!I*c6%%Fr(2`fTb1nCNPUNxXT9=P9dn#*uX45tRoe+E*gUe8RJt?P8hVE> zpJ>8ac>jDYC{q;_=s%xNWq`-XTX=y@mAEv~s=hDj{aMGYz8)@V5JV4G1mEKTP0$(j zU{Dp#SphHP}Rs%Xm#SQ*WVA zymL4}pJICFa)7=-vxr!S%;EsO-jk~2#370OHp;lg)T*|D(3U4z2ENcIj==I zMON~9<34bfA*zz9E9BX#bJ1C)TZ-OPjTJm}Lsge@J5cNX`h)^D^l^wN%{#5Ef%2>9 zo+>a;CJN8Wp@V8|85eCw zUY-K&QcdY*@0#Tj5O^uG^c9R`NfVb7DO6nlh4cwBl%87RHo(ZGG8{2;o?xHP+Tj$4ND> z2CrM8@XhO15WlD03YFMCD^YK?YUImD-9F-ObKwha^9#KhRltc=-fHgR5h5XC zh<0$a6IH4_HiX)ekF1FNlTxv)DYa8fNj&G&-pBp~Jx^@1MU0)n$4?==hdAK0*RPJ( zGWCYE^)novd>xHn_wsc5z%?aQ4bE4&Fvs-!T;zzgL5=QLBo0qDMfNfZEs-1r!i_eP zApD6sA>L~=cfCu5;7Cks04a4KhBpimt5A10Y92xJ0DG`>0oO8WE*}k)BUG&)ugq!zw;eXr`I38oK+y$V#7at-II%NulFS2|?g<{}qXlM{Y z|GmP4E5oLLMrRMRiB`zEXKo+AT&>+0t_r#c51xyG4|n#-7QnGec||)gu3V3(gBLa^h;g?$?S^iSQ=ueQ7>9ODA2YAKYR)CFvCGy1NS4UKfv z&jW}pYt3Lc-7G?HN+L&!N_S(5WG{v{Cs*e;@!aCUR*%jMJ`STWL>@!_&_0pwYlulG zrieGiiuU1dNh?RlI;86DmKS1!vOBi|4zD1~``I{`N@np-Ar5gkDZ%-!0eo3pj1B;E zRog8jMWgQ~>WjkhcQ}x78%qyS6pmLZizgRwUIb#OS3agJnhm2ce?xDwXG9{Bi`!4% zMPzt+K2&qC9KlD<`|!PMt(2FZMwIcsoMN)ljNp(m7&x(q%ORm7Wy@ z{Td@`7u>1@DsLXIQ*kttv9w>|5gmt(r@R@Tjlz%-=-qukv;bRMhsIL$0zNh_P5ggA z%x>`vMKP;gN^%7lWK_D(lnls+XcpB29S(x%0rA_+7*9T`kk=L9mg}AZqagC`o}pgJ z{BP_$WBt{UxS15taF*$G6hY$GT5&6asI3CyDO?tp;qIc~PcVp=IvYY)QlT}?bF;}p zqj<6r&S3QT9+6Q*Uq*jL&NY=DO^opa=e^cwL#Un4q?LW+h6eHzkXG@BFYpRlAOPjWdoI((8GJld7=|g$QxqWPWWeREo8j=5IoU~R(K$gw=uMZJDv|WSV(G41 zbM&~-tL1_ZNdT9+eNcXGvJW_%AW{@jDjL*i2crpJkl#aw9$>9qu@cfV@}khg0Tw6J zEy0rsYM#)fS^q?Hhvlf&r94JaAednf23Mv#V?!F}SNDVW=ilEBua+oyVas?^v+(}1 zweBxn>yL-@R(n;16Fu?`iKMlQo3s?@8q&CqLxyMQ6y0MFogyY#Q$r&E@AgLQ$nRhf zjG%YdptwgC^L&k)*jso`k=NvYteS>=E|?ejRC&$7qVyCFVPi+4uqN8mJG8K93YH;r zt%Ttc4~V8D{{fjdwHid5jn>SehiTj|R z)_a9S^(-y$fu4zWUlBCMT(Yi6#aGIB-~+uz0fH2rJ$i`J^DE~qrTjwX^-r$OEz%8W zb~jw^$VVZ*ElDO=#xEw`DtQDa-m>*#IJ=IPGXe-jbm$>o^>;X6Mcd!<`Hg5i3K2U$ z-4NkTG+BC$oDKUYKAbZ|L@;?#5Ya(wU{=@>-ng0n}hiK>@}pe78N`nWC_nf%ou2^#m)C|B+jXDw34 zQO@>rI`vuV;GKa@a#cKG+wNfyH&0Q~WRV!fnk|>~*Q^?_%Gk+Y{d^dp0{gB&x&GYL za}c#wQuE82sWxhSRXqeXI^L|iubCoN^s_b6^*rB6T+T@E=QnB)8dLN ze-_xU)!=ZSap~ARkAPc^zKVNcBYnNCBFl_8YI0UQ z#UCOntg_aG6RQ$0$z`z~(rcvZ%z#nfyG(I6ZG2ya%h^%}m2x>}s-Q+@$&&Oy_WcJO zdl1++JSd!`1%bIN4N#-Ll&1b^M9H4+r>VWync`=YcJct3SMN9K;0OP6?vZ zC@8h>*FuGvuZA(R+9*VgB!+QBW^m=bG+)NoWupY3&PENO+6|6rDIjfK3f60B-NNNKq2;3Qe11Y^5xFAK*x_JSB?Ma>ZEB5re&oRu z%d1r|oEwl^=OmgTHbrrxu)U@IrwW>;@=S>9M7+}S)JTrb;=vw(3Ugy4x#xF&My&rk3;{) z2}KR+Nkgl#jQq~ixa+ISuoQj3Vf^@U?gTxnT9N^}ck=tCB)YHl{zDlgES~?h8FLey z<9bRAHzuEh;W-(dW${)Dv(+AyHCR}YeHGSe=I@^?r=Zen+ky304rfz=@mI+T){$Z7 z#U`S0u%!(u!XC%t%XoH6V#<*JLo}x!4y2y`Ohi;KwVRwY&%=g9TRGy@j{U zz!_Pr5_%$|9VOnY4fUf`z9Y!7cN(3_7Q}_p=7Z(dTC*w4CO+NB-04WO4RHE$F1<$n zOX;SNtaRRvY$(}t1qG_c{39ZFK?Lhz2W`Ab1>XXTdD=FK84^W4RavXm{a~58v+f4V zP;j~zEJN%(#B6PSbND7KPih4!9_5e-Hw2vNlW2Z+ zk3x1f!^{%r{}iW5i2=W%qadVJIW~$%Qkel`dEJ~%(X>WQUtTTcJ_K#416JbXtI29M z5dKnk*hL6u*m_!3Vqx2|G}J9^P`H3|2S`<+^UGuc@}iKH`!c*pFb09^?jwl~(iDoJ z!gT;tEa2j=lHk@Dqrks_)CSP>;+h&D2f$iM<@KCCs%yvL*EO*Yfw-jNnj=;E{w0Ou zyBLeOa11pMtHZy_lN{DP=bpziu=a^q$1KCQ;01hq552p%a907P_mvWIH~2SnFy)wVn%dK0nS; zcwt?kpz-Cm`V!qBP|wO9C; zMdUwujf!}UibzYBUs&tke#?jcFB27E*^(@v1!oE?%_mClY+d}%f=cqzbDm==@+}D~ z>gH;B&8(g&x{l214$?FG+E3osJijXTLZPXpYO0d2O|`FYZ(Br~ zm;`^1QFRjHMsiY25jhXX(F?IQ+`;i3TuR3=$8MO#jrU?Dc0z0^21_weR)AhDM~1FL zLbZ7f2(F;sUHIuO`pr;Xn^z!8G(~q^t{PFQDatEYMp+<#HF4*wjpLxMK-IMVCWiT% zXtR};`6fuPp!wi`JqG%hBK+o#opKF%BT_zwfj!?VDAnGs6>@N00;2<=6O@Zgr5<;- z8cIMlH&fLHYnc>1y1{cP!JZSEH}BbMLH`7G#>I&O3hMAl+o+Tvf`Za53QD#qaBo#m z+rm^b=3|o`lT*WVAav7>mCIvk0DTT6p8nx zJ}Gw9h^yt*Zd1?LX3Nu;ppPMF9$*iy9&X^mv0S1>j4YmAuj5A61dVk&EduMA-XyJVxY{KpZ|h_e|UK0fiUvaXl?@Oip=In!tF1 z#;4wrewbc>-A>bg5ueF*xCm~PUB7V0)(u}`UL9wjr6tekIJ?qv5w10Bfvk9;7bQ1% zGbmpbO-!2Fd*NnI5cG#pNEtuRH)*Ra1z84l4znt-cmUvD-lfU2y zdUq(aZpumL;w#<+cXuN{^-PYhcyOQ-v!Vs3(R*XBdM7AL!kv6nXMe0sVYJcimSzR~Q})+wHeH%% zwZX9->9xwlBS_IFvNGWAxIVo>$_Y3zk+!Z9v&MjcASY+P?TV zpXu28e4|iW>qqo+8#Y&!OxC)GUZaX$ql#XmimDsG?&Z0rsG@a;g{;r@`epeluN*k_ z#ICb{4iDE2Nm+k($5{qL9|lpl)R=GLlqr#A>be|KsjaDVll>a6BCkHTe-fYD^{$Fn z|GZcKyjTCcR=z~?we?H&b_@F`WSA{Zf*|t5F1m;^+HGt9@}-AU7*3E8W>K3!PTTLy zJZaVH*K+rBXzUyKB^GDa?w07(wAX5WzXjN)O4eC!DWkBzO0!L1P#P4LY}7C@ULox%O>f0TrsW=6zm&y)PoOdMNVQ|G=0# zU2`dc*DU3(wl%#PO(8-42Z5=C$TNUHtF8XweX3r(B4~^s3q$D8qC2(cmf;@6^M=*e)he%G=C~b&I<25zDg^vaoL@a(JJ!MlUdk$Q+;Yo1)0`W%a$lEUAVSQpEv_#Wg(!nT za2XAwFk}RJcjt4)#XNc)2X-lMpA6!6scY}W` zUFNk+Z#lYGkv}{?y>{dtE^+oKb@Xtkih$qVfH>IlvPa0rca`LoBn=vv!2$3@oZGtm`xvP^ZUU|I8N>dmyqFm zbRESEhZDYCYO8Itu9?r*h5e8RjFvraS2X_W)a|WYOVd$Os=~rm@0r%}-62)U-g1EGRf|}a%3U3b!>Y?? z^lX^{{W(h-q4_DA6U49nMNg`7!8u!4M07PM9FLGpxtc?GC?AS=BsJLAX>#Hp5DeJ# zxA!>oPkf)$B^C595uQv>G4-PRY&Njpkcz_tDL^DYx3m*lkZ)b%YPZ>Z`rVUE!V1zKI=n>mRHX4BcKYMT;NfhJ_;E-mVkUL-9?RcjJngUExy zHS#e*9xEQ6NijSg*QAXhWJ6v#i ztR37JLYibUfg z^Q(o&en=SEjk8SlHKk=28X;E5wKYxzAj8 z(Bm3h;wwV}T|QnlyIvds`;#>~otFkvmM#^?u2}cnwsK#WYF{kF-&loGzCHYtkl~XO zDCf%9Q|a*FpT>N6ZX`%M4kzc6FiIYuJt8kI!>!+(6i^d9O#4okp!Y0GSbSX_{Id#q zQ36LD=@PmF=Vd7XbH(Z%-{#MqvM>3(Odzn}Goy!4dR=DE6zZ0Co5de4uM0^jl17SSIR_ znxGI7?5&5`t0BrpiN@nGF3T$WS1@O-#t8nx2C)i&(I>%)sKioQVt2bSm6qE06@a17 z(7;uf&L%CPwW!QVlu!Oweqc(^uT{C!x)$yH=|Mo&VpW`zXolDn#f@%#&pT=bLxG6z zxG4Cw*69kUzQlq$iV&N*U=tXa*nX}Rh&C~6{1S~mIPT0#(_BB2`3y0Fy=x>W!!NqU*K1 z!d0N2w*lkBr|!cy46-6`uGtn=IS*^iIedrb!|PLlQn0KK^Q+a)Qdf!Qq%P{}3d)%{ zoQWLG{#E4v12S(~fCMiU74(5+kEjBTPkVxdHT#J#mCIX4s~~1;px-^-#KfKPtNcjW zbmoLLBz}0Y`4L{CVS7Gf@n*wrn>EL!bf_xj4vBCSaNjZAhW%16+po^2VJT&)yUlqUg)Rrd8y|YBPY&J^-jRQQH zt`xmf<$Ch!cJe21JGncg?N^7BrR#ciII)rciX2W}!~b5x|Nbmi*RR}O`fBZbwRV;? z@zvUC7G8(7b3Flp(8o4_Bv7?>`Q-t_;1mULu`az_8E#SyYAem?N-F;~sO%XcGaL$5 zWMuehj3JfL>yCf*LwZHf5PH+4mdC3q-BQ=r8~|gq^&SS8w|01W)xb8?$`Pv2W4KvV zx$ej2QQ*enPO=q=6s8x#$h(0BTfW!|x2ETyu)d|d%FSwKpMm=J!kWlQ%~Wt1eqG}3 z@wLS&l(=&=x;&J)a5SQ`o-`PBTs4-E8m%gja?!QiC1cGX=e1OT!nr}Aua;`2YHFpN zYOpOS6V=dRR%mn8M^!pq`Kwf{Hc?`hsS@o;EB%$C*pB;`LT$6> zzGUP1^j*p8*O_>w_DbzfL2bi)gr7n3+`M59Ki5}gvN39#o!nUzhio_@Q2{{=yv}Qm z+L~vgxrCfGGTO2D>Rm!g@%Kt4Js0j?GmnZF=z*(L&nKRj_Yhj+MR|={Y8bOf?B132 z)X$j`e5FmGl3vabou14wpTK6}E3dP$q1o^dVG~q{5__EsJCXIz1q$z@MrQ8U;a}(Q zPvg-jK(D(X^YPP9gC*Ar_$$xAx(wS-Ka)#kRsR#u-%N&UM42JMsyy9w7$tMKxlq4W{8~Uva^*M2WjNpA@^9}nqezl`YjEf$^&jwk9Qw_m2-YQ$ zFVop|F!dabn4%lxkwUOljSj6e^i)(z-&=E1JA2S@4_ZSmEEW>0Wh6K6rH(u0;T08@ zia*@Ln*94`XU7dYMbhs$3{jBJ*;~$NWDydv$cuuyC$KX{!^x@2;CD*5-70Z;&l=ul zF`TSvdB^h!fj$~WvpHl~_yE~bn^z-{w9H;>>h}!Qa)|Po!r zJC`4C&u%*Gk*%+eZnxXr9}L8QyWMX7zx~1P?%#TYgKmGff6yQ7{;k^^^!9iE2DTV{ot`9iJ_ZZjQ5XVDX^beC2MAIG2pS{8`@!oNUS5Hp zWK1ZILO_ux{)^>!sB;@kV(g<%i_Z}XC@M~rv`HDWlzSnxi|KUe+0c`o`#Q!cr9V=c z#y)pAqzncD^1<)F1BO|EKxa6Ggmo_Y4E*s2c))B5eh{R=HE#&uZC4LIop+L^h`w#2 zLZgb%=QWrkX&=M#1>2|%H73p+amzc(VCcgj3Q=(mS88BN*qo32Tr63IA|yw=_0K3K zfFQXC?h&D4ol{;|75hm&Ue~AbuUiJ+R#Wy<>#25}Iyw=upv*suH70&<9=#in2 z4-4(Ed9aQ;0D(Y$zpBpvgM+=?`MnlCQOF<;DbULTjDpC! z^`w(LdW7*Aq?{7$QNk`x6q zK6o%>QV@gT1c3)GI;mp%^o$6Xo9_7##+27MCef_rV+uzBAMo1`Hyv<0#T3jC45gHo zEV2+GpQh8TfXi?=*#=zB{3WKW1%3J8VT!#eulZrhCl4EI6;tuKTs)(NUU%Cdz;{x@ zi$X+Oa1`C68q+$)lMV}LGQfB&tT;5LO|Ke;~aXO;LjdRMym%@7f+BtUbm7 zItDxUkn99_v}3kthXr&;(eVf?61YQ)y5;ZCLiebu$ukzvYdC~Bi+)u{)% zhfp-!CYAm1hgvGh$1I@7fRPv#zE75U`OF2FG8CRD)LPJ1#jX97-~JF$2LAZtSd2{Q z1+iaBS}0LLC!yS|VX}0MR`CyO_g&ddJ2Lt`tz$ywo=L%a{&U%fv#~WD{*~u{uXnK9 z&7c3>y}|4G{}exQOo$8+NFA!7xIl+~BCJEodAZM7skk1CuLMemg?lQoTzr%+>^Z?9 z8-uNHX!{$wmANnEE&=}y6x;^b`u8oc^?3{YH{buE2ljWxKk@8FB+LU_ZTp#b%>@$z z_+ck`(FI{rS*V=01(7t z5`zDqz4w2P+eQ+__haj8bG7b-RN%o6hz~|^#8wYA3yc3gz3Vr#1oAj zI(UgTk{WmPv6jxJI2UA7O*P>K=1a6;7w><=(&_e_C~9D;^TTEt4J>&SCY&C=4~USIdJF zp$)~E(G&Eq-uHh){~84QZ<~*9=Y*4kN8g~IycRzlD3N6VW0K6!PaPv$C*Rjk3UaXT zpALqH{7iQdiKUQa5gVuf*w&4HdW5vl20O=Kn`r^CH5OI)Q$h2e6bpHT8oag8a}?_S zrP?^q05v&Ek*La&aY-^nWj~{7tw~MhoG~DBT4dx7C1|@T@+a4+v(wZGPLo@A*QNdz zNHCuSx@sAq)OZ2U5mVHMQQY(uuCQ{$d`}8RPy{6TqeC=h9O=N&M`uiu19X_*;w7wj zOU}juO_`F^#X)Und-6d~lD~0MoCqST(#lDXuI8$_ptAzBEy>VNPd)(c*lhP`LQ<^y zyd_9TW=yj)gKUP5P7o~+MzfqvaE^XT*|1n!q!d(WQkzsQrZ3T?qIq^y3CR{ms+*>=3&}UgsxM$Q%o)3`N)+AfL?|*oAt<@f zwmmq_;n{R=_>NiE9kSU*8I~ADS|f-$b!Uku6aATa6;Ajl3N!yzV zeMGd7n+|Ljml;vC66vjkjt(QIhZZ(P<{IYh_Vl-uAQEk;|4UG0DKS!AZ8m>5#2$HT z&@hR9HUKVoii9#dI#8nv^b6rk^ZjR5Cb3nX866wW0aY)gO=D4ee_3Yqq+qvdOzJ-k z6D^1?*nt24h%zk6sWw(@NOlP~=qS+!a8Q<7(qBgqH1{i{8Pb%JJgbLcb8=?RfVPDm zP085}&72}Ia;VV;#%KX`2C4+3de9&2kUyeDCFJYy@VcY3lG3&q9PJS+ZWPU9w7?}8 zQIMhw91Bun%`>$Z!U4J_%bl07q&v^9$#Pf!d$&8V1um})YR=ILV$Z=#1pl>PIhcf= zTt7okZh%*{>c2#|EEU4~&y7ard#NP8C)eo7&1OKpLw{$qK+&_vGz=2&F&vx-e5$de zspV8`imqRXORWuqUJqITXfZ~{p~aM;BT>afvpR0D`kcJi$uBF|`C@MZVnZPLL1X zKQ!RJhx}Y~k`^Z50Um9l4UenVm_#~Xdt6qNoTgD7i3tct-c8;UZBbCmu2|Q@;i-xm zrUE!4(&@sm;igLDH`RkA+_v0sp?!q;|4+QgH){k$WH!Vb%C#awXLVtueZb)#en%Cj zFj`UORBAsGaj>-&IVfxsyjBV@8Wg~tVYj5l@S={j|8?xYMppq3 zpDjb=oaH20;>A4;!Yl57zuWuvxo`j7-TroO|EvA?OZ);iTCntbLk&2D*&;r{X`*A$ zED3IX^XM%hC7RNlC@ozqi&SfnhPY~Q9Rhpw%@)XYxTMA+e1M<_T**1(^cN7Y6_ZOS z+q&6#q;~uPI?`Y+SWX@-h{Wm$ICzA>@_T@4(`~KE)>67&%j zN*OIA+Ux8+q)phw7Be$SFiV@n zm|hil@R1Vn2%#IoC#G;lB>Y!N%kYm|EYo?npUl2V+S`rwp%yt!@7qfh1<<#K0s()T z%PRdx$ui-0uA8uIBnJIAv^}@88E5734JqXDf=cP%&W;)m+;+E+)B8b>s7A|S($0;m zp*S1LHo9Awk}UzRjk}#cMpw*|u{N4rzYtJclfE`cJQc|9lTlday9#7g=rrhJaFSBS zcxEEodWj2cM*Xv9S69c6_zRtpoJj9NxPt;NspHbpheHaMBKr|U6bf74N2^6)FvW8! zd^5PQ0VpNj?n}k`8pf&Hz|~GcwBwABcnRRDLed=F5~N)(5O}DtThQWf7|l>LBQip? z5Husc$Lup8bvY*mKoWCSn5)sWXqt65 z=+GL~4t#-yfufw@Y=U!Kq=eJ5WGoj>>10-xgm7BS96sn2DvH-aeX9UxH-t+nG$nT- zb{m;P>Xv2%gv7xbUFK{nkr^jK%&;W4co{19SYGQ}Ub9GB5JZI5fgavOra0$ByD|kj z?nl}3UH9+6=xN3w+o0E}$1wu1OO`dO+P~e_r<>p$geEs|su&hD*eP&WCkPqMFrVNV zK`F~~gLg!D1cRyeV4fvsD3{zUS ztp8&%eh1e39RS^}kk%P3xC$ zG{PP&@&4-FD@}&~Fj^kV$px9J>Xr)*jQ9~kU46DSK2bsRBdCtL@};)|b^Tv|UA0Ew z7v&iUYt>9Q?_TZR&&c%k_lNxr^ZyJiwSve8SpQb=|DB!v{oS_z=kw>^J^#x8zr^p} z{NFktZ+(N%Yxi0}Xy!Y?>Gdt2gWwUp@t%gv4X{_}DPYZK*1-BX( z&AW1NQIs;A6OlHDX0T=iu%qU#{E5C(xl}O7&uF7|zUsMaNjBm6Fyj;YD2`+AIL2iu znv=I~K6K!YIW@lIv3&hP#JDUS496VR;acucHB)qNg6fs>$Uwi~XD@4fc=l4$9LWb} zE!s|87Vzx4FHL+KA>TI?>l*b#M>N@c}x~k({)c8LJ>-1^WK& zv0kR9gNQ#hGp?FEbuf6^Py+%7K4D?kq=Y1M4OEk*>N7#d6aqd?c&URCMj4$>30F(s z44XAoHM(&uh(w{4cnMqPX%xIZ^ZpbiNfiwV^Sr*Mr-jlA-#G*pCb6}sVja2&T=;n# z$xpJQEBW7o+X=3nhj*0~3(Pz?EC6;(d%yM&ar3}%L(Bf@QkVO0#RkLCo!V*_GcFHM zH z`(sJ-W<{W3>&X4ro#fl?WIJ-azp~_CGWb#lW;>6SC2y+vz1(x_z#G=R zA?5@Zv4Jb3;tgTAtu2#+fmmt1>{KbC?R*ROKn2pL#v1Ua863QL7wa66F{|Ia8yI0= z!;JgnG4PUQhize~sTz=gUJUk-dq-8@VYP;|6RsQ*paLsDdV#TI7;Q~xu{FVB?tF_=_m8+?KYS+Kwjb+%BXz8*bDLM>FDPS90YZQe`gZ#-&ex0; z%{iOX8&ba!ec;q0cg^PS8G**6#i0CGr#}V6u0vpOHp5)IHEppG4C9RQms@gC)^Vl! z^8%Osd=(N+9P-%^Uu`KB!v_^YZh~uf8s<`#-xKN2%$y176J~j{R|^tN#A>v&`#jlB zwv(L*MF$5vQHbExuf%eGfVSoY=W_mwUj%xE)0eJf!|>gzkfV?spdYTT&V78PEPo(4 zb9S*^2fdf038!S*&MgYEX6N8TsGZ!~H}N|YnY3&A7<>7>`+<1XdCHoP^oDB*F#2PCKkR;tV_32l*6rQ-m3~9?8`%Cs z#OTq<{i$(q*Z6%5ZyQM$gjF&?(fus{D@lJPX$N7SP(Bk)w>r5mQ3r-biW^s!&=dCd z#pQ>y_pgsXoE@GXKWa_c8_pK~JcAlyZp7W6dj)Z`(<+2U=Rg@sCrb*Jku$s?9b}G9 z-ktn-`T=k{JUzZVKRo&ZI9a=BQk%Z}5IcJJ z=+j2`)af~QKzmUdU7LZ%D2mhW$B(TqX41+WZ6t4KPDJuOkthOl>6Ug$P$+_&8k2%1 z(ATD?R_|{6V+!+VPA(-YA27_Vw4iZSm^DcpC3XzG)P9d{EzcR!n~+{A+SwjQMvep$ zxQ%IrL@bEpG!-EetvZ86_Yf#aW3qeXPM)!1oOh0H-IHo}*-2K`k~^4?4{2YTCo2xn z)zNw1_6kf&fVVWYMh&ui6SZnsgDnOJ;@-FENXEWfH|sC385$v!#fAVz4YJeO$f1sC z*FWGek$2}HBa>>D;A}w)4S(zmK$A7b-|1-V1PnJ^YX*i7kkxzJ&VWfJxDFAtfRCJk zm8~8!{9bEp*Je5DN>gEDzt^eWy#6~Hlm8&Ue}r^SgfXv58u5TKI)xU)=r5Kct)&&`wh!HHJ(wyvCxxV`cH&)Bvch>HO3FL=*6 zXAE$wsr8Cqe?=MPqk01datW}&55Su|r4ha_^5uc{OB=y7YM-)R2C4BDVZ=d&;Z$@U6Mn4u#iIW@JhT#F?XshHb-4aW&RS+i&hhkg~EXnje8C(n_3`)8) zL+%`?mL5=N;D*sMA!Ah|7E2MkHP%P^n(%_;pB`@wcLnOLN@n@`&!R~=9rgsUv^FWH z@dB59WTp_Dimgf6wqD(XyKA_dm3U^{<6co6F$dYmS2FwlB}*~f&Jt-Bt!z30SGb;T z9_!aYr~;t#;6d=HhM|^tQclrSXV`|4^22H7|2QrB?YL97Qj?%4C%ft z%rvEfZ$CRyedXniO?D^*c3PROU-fILvrC8!zkDiZO0pJn2ozvZ~+B zZcXbB*s&TQ-C19QHTn#3A+sn2k;TXZFI;uZzUU_nBGWi6s6r!KO?(9f$~$7k^fl$D zw$gxtKxCQ?@nThOZ;wkX=L0j5)5(@oJ$T}K5_AX^A@W`{nt=0_D0Hh1;ILY)sA;0H z%8taQYtCJJUTArW#m^vK53Lj};{_H!w_E{ytcXmv)>)m^*2%O^Q5Kr6g2tZr`6voj zE#AJFe` zvgqSE!=!XwO^D73*KTXkgJ^>e?S`@HhxPz!pUlcZp>)Gn9v>tJHFBkvn7^EKP*W8(rg&%Iy)N7pxrd|#A z_j5b_)ZV1AvrL5hFCKI=)!Af*+SA=^@F#GFJ1ODo6}%yZyjqq-cuJXSiy{=E z-+qf@)%NADzZxLJTj$f7Pd|m0`Mc zpz^5S0o~_pe<&W%Y#!$$yb91}$YxSkq>a`24~%MasTX>)B^g9J|(vBc;pytGg2&vkqv_yhwK;)BZ}ke z7b0#lLW2nZa!8{X?E0(ATo|VTm$|RLWUGD2#-3%v$MATy;vYai|Lk(X{Y0U*p=@Os z>|=CcpFpaw`E;vYNT{sSEYw-oi;VDmNsAeJ+dQ46HhWUT`x}ABn+ib+Nw_^W^@Pot zkWYo_0Q70yW0RxTKJA*c!~i$?_75No1R3qo_ZRPfJpXX<{(X4Qj<~9^pkAGveK1aFJI7`ZzJwNV zZ@;ru2y-urV%@S`x+o-yp8RU5`Zuqe2t9Fjj@v0;gb^Eg;8+}bPMuD%dwVcoN;Mcg zSZV$0GS*=B#azZ}R5c{mu0>l%>uT0|j_$@=Nv zuy10>U-B_Le}`@vzcvn$L08PM4m&BQ@$~EQ+`bcgs;B-VnsHL1$Z@tsaB(y#rxE)2 z(X3D`fg;rZoSILE&gyk8>^=jp>|uJNx6f!Z+kKpv$9f}=zCCisQ?QIE(&{)%)CCj9 zq>vn!Z)i@s67DUgGM+LXs|K-Z@lU^dR?4DjkNBkD{*gpT6bm(0lie|Lvh&3CdL-Fa zgf>>J*GG7nadXp|-A-a8lFk{5{)VYE(rLYvkOQnLk|gouDw|7br#F?-XT2+~M;K3O zPU4L6@OJ8(wqPbzub)n0!#@B`hq$I%qqs?I=ulbM2CDCO4&S}|aCvojHR5ikcI13Z zmVqlC-xt1Z=2yRKvK*XG{bQx(Wj*eZ2JctrZ+=I-73;nS?ti;DxjO!Ebanzs9zOi- zhvTyk7srRM|MN=?0>snUI^D*%b5g{d;H;g@p=TUlui!r272H=X?;l9ZgUzqQnl2^o zW+(bR6ugnKs6in$G}_}&-*-*v-cowuh!9Jr%~1M@iIQb~$Nj@&tkwy-`N#B2 z`-1XqK#5Q~z#GQj+BYgpxK}~YhGdtLE3q>8*2N}@gyb}p(dNkNkacU*jm_#PBKqZc z)$|V_wf(-D$oeX8Fw0GhJk`9V!*rAPG)Y)}j>lT;j!qFRP3TK8m9fA#1jQ09a4`ej z1Q|6a(49*KAm5@|BwHSj}FfcFaC4$>0j*or~Xf? zIB!^0WT*=WF^)R0YSa*~^xM@>2atW*PH2P>xuX(ow?0p4Xb$%Op(ddp+lS494T2&w zoGvwFZ}c7PMh|rCx;kBdlJ)#lLs@TKoL=v}Aihmt$~bD+DjeSW{XP#3(X|rjYi?rrB0K@+X|;{qo*fy{(fdd03uF$QYgz5(fw*!LW#2r;Yvc;Kx9`e$=X8nzzcDYVOxh+n;1P;q6yyoR7V|^(Q|aqiZ@j6HH8v ze~G=(SGf}8@ccwkE8)QkxTFF~lj|EH87J`70(V1H6kQ$W6pMz9I`Mc0rW=wMK-zq2 zu^$71ma4Udl+aSR`YtVjDpf6qy(^@^Rr>(_7d(PiH#hOTiTXBxQN|XS7U;L%BJ|%w z3o`sc^LuCYAEP&nBQeLI*L#T{(1gfaLbRY1>7vLFIfJ$DlcU_w1hOdQ@-^iL=-1zz zzONWO0|?$;r0&l!XMwhmdEHaAKnKh}a}zx6Y0+&fl!;B^RmVdO!BzPIdTkxE-t!|6 zqJ3KbvdMBjN2(l{bnqmjg=DB?87edrc0vil)9vTV>7Vf0_|{IYvwDh$96DEC?yo^l zpfgR%DRK;~y>{1ukp^7??l(*)@o#VJ$q3(8n1ofqD4+;2t{q@e+v~2^yKZ12T3&dq zDd-#ex+~TlQJ7L&M(I(!p=F_7gEzn^`rS8a(a!VND_!>^I>O0z6`K8s`fR@+-(X^^ zag%Fu1l<$oQF(xdvH%TGZYU)XbgFYNHb#_`6=}seDP+FX!WM&fa24qjA&5X5B$*|S zDQ2^USul~%0BXHih3vGwp*aa3RJDA&PU6!MX-@}N`;+8Ay&w1N=0SaoE{#;9hoG0t zJXU!_t@JNOdL!&a&I;?m|rK!oYd09ZS% zxRWsKs`3~WOe%4HPEZan*38f^gfp}txDeW5xTqEr!gW9fVyVPA;-ut6kV2Xp-Hd_b zas6hc(}Q_a>6B&U0B!GWyXJ2y$)aVM0>7DX(n7nSFsrRne@3rg2tBJNYZ}ZaHm=N- zARH~|Y%b9)F5o)65(HhnyBt_VFAL&e4n+O8J1G6-%w30`l!(9YY6QKIR%@N@$#>LS z6v{O?CUs-U+22VjiDwZ1eP<_NLyrTCjXGN{m}s(hzT1O^Edmiht>mweCM`pA!pSov zXpw5_CWVCC6Z=NC#;^li$4=QZvLuio*(?^xo*C62OLWVsJVQDV09(;rL03{H2oa(K z97{xQ2wx(cWmJuE3nm-q33^BHjaoO=E99Zj#sjp#*F+$K)49PI2GaJEdu-E2R+261 z5VD$Bw9>0UYfA{i0%1@m(CwTF0t*94cNLEy%VhjoI<#8bs$w-NN#d07_5=?uZHMcj zhV#i>B-f-pZp-;nwpg%2bB{Eqq>zEi4y3e$*Z?HI@~_=Q?*I|Ms){TR=GFJQPw`s4 z$DR7&OP|;?MY{-9g6M~y-RJJ~nnu>Zb&AUf{q|dUjr#z1Q}R7%h5Nd>Cd+OwYfo6$ zKTNZcTheTAcZVpw8+Jouc8x_zQaYt6L`tfE_>Q-a5hpXuvs~#IB@1T>|$f4x*7 zP8Hv$b-oJ3xI*Ds9p^}GOr{6Y-_a(3sXn${&@*+Oi)tds&z08JOi#}|fJz@=m16Th zR}>TlTo`{h!^9rC`*W7!{0nY=-QOqJ`&~d^aO-zE|GM)BcmCM@~qtMh#itYE;h z*8;!Nm>;`+1T)eaAJ`C| zF<0|Irsn?%x?T76G&Ni13Y*+fA!#wI4<*wzip*>n0YZrmBKm{}%quqCtRIoD{wrIsv+_TUJq!?vX}0Kj=3reA-5vSsuUp@s zAC2W#Zx(cPh>VI$GBjB>MqxTt|6V$VFvJRizS-*MG%FDLl)Pu{vHQg0Kkc`gTE_Q$ zPX@L14LX@>x9>wV0bYlwD4t4p{%!sd-Jhz7MQbfv%Tpf@zr(?_^$mFBq6to~O>QV; z`&6hxmX@aiO$aI6QT7et>j}5U3D^2KQdJrG3dOiLD8?yO;V!Ljq6Kl*nfvkgGiy9Q zGW7V!@SUnH4Kr+8dewT|!0Ib5gl?U2;!9twXOCa`O7C&!pMUzoKl@M(S(G`JMA+0B z`my~Ci}{3Mo(V&73tT2kyvWz;V|#mhdw*{a{=2=s-Tv?H_WpN&+Sz-)z5DI%^WD8~ z|FpfkyZznvpV0Pa8@2PRgv9($+Yj!mJ-C06U)wFdUT~KcsY*}4I}RM2->82j-{)+C zBKX=zG+W;!e;2HXEDYo6thVwq4G?T3iZ2|zv_07VYB0c%4qhToX5`L91|Q}*iZ=dV z^3B%fM)J+(|NXzv(UV96N70jCcYlL!<2ZiQN=koCi|ha$S$_A(=Au{Jrshel?msHl zSEOkFTjR`rSxu+(4n?sMlxr_n-8wLzbqz-Xf0A5~oM1tcv$_<(<#%iEpAkbS8KBH(S zGS2(@B6hgCm(1u;yzh8f=^}h)%GFr?Ypa!nc|MvHux9z{%-)`@I z)&IW4?|0DuUTK2*pR5M5oS5XzmURxy&Lf1J17c_{L^b(4Nu}Ygx{;rX=TY$DZ;d2B zV8q~m`Y4gJ$mb8yQ32}$~smhF+V=#t1|%>W~m*f$wa zY_`LL*m23(g2*|kIzDHPW13UR5alT=sASx26Lj=4+@YV5{!#4=pV{wAlq6LhnIQ9% z^8<9IQ?zSG*(3Y?5kkVtCfh};)aW%&WRIy#3h z67w06=g_`s^vH|<@>6vA`LqVHfGYRHr47C9C1s)j{21U?Z(aghJBZCMMa3N&bugoB zOQakt8qnK3P+{b3_R13f$h7?>Y3sB5-;Fx|v6h?eD+a7M|97_cTK-?VJKH;7{lCA+ z?=ve?E7+M8*@G_FpG9~NCC2T`R_`3__wXA2bUwWSpd(Ozu>bH^hu?pK-zfgSFrxP7 z;s4+6f7j*z-+lG}{UX25p}no8v$f4*hSq2?OH#%O6G_SzTkV6x09sodUWr*KN@q-v z&iFVRkB|2wqJg_SdMzIApK$%%{E-j2aace2oU_V;uLvx#Oy}>M6%OeJHMLxJ+XAuZ zzvCf!gcMoHXkm2>txLGt1uZ1uH#i?j!M1w){&UU>#?645KwgvO$L(*8b>IZZloqpk z9h^^NtRD}d0*&-V7l%&4Juqq6pE?>{KSyg;v8yQt*K!r?Prst8di)aWx(bKSzPj}v zTK#VJdTe+4cq8QB+2malC~5y1xnt|b&iZ~SIlNE)OL44IV>~4A+x%9@f7|f5C($!NOEWZ^Jb}Z=m&B$wMw}@{l7pdC0JRpeJ+4xU0N%5}Uv))vvL{ z5sEVSkIri{oL=O>Jd~_vdT2JF!)bLI@T0@aR;Ji7Jk~t*t#1%|ZLD!OP+9Ae6P#Y(Vx9?b0*}$pLf6A3u7y<(()AFsrujT?(M#K z5w3MuEKRN5{oS3ty{494oD(IfQn@_E{2Kc9J%XN0Ii4*@A+I=2uW2z0)iM3OttJGf z#w2%A&4ROpf2lb6QIK;^7nmW3Axg|i0ohxFm_Ep(%94DW;^(A5JIM=liv>KGOX1CmjFdTBLNZ6!A4`zM4dF*> zTX2G+e|x!;yok_7o%tS?st7H>W$mH+$`riYxcgOBC(wK2Nrj?PSNVGw*{rTRM_Gh2c{=7b=ebRyKY~On%JKO$H)Zb&rvh@u* zBP0{%@hImFt&9pyloO&~xS|p;tlzFF;F+r%Eu{W$OLlTShijCG{Nh4=! z_x>}r+nTA}@iXNWT6(tJt;PuGkM|*KV1lua+;*JMu01~VKpLBA1qTN zz`q?>+O7!g)aod3l3l{b8r*eYt~Omt*&si6AVvRL(EQ)*>lmTFUZTjGXp2&)JAa&Q zNJERd+4d9PC`eBqdN*wj)zIWo4+>2&%~2GryQqY0ab88fk|B)XfqlI#(T3_(X+Hpa zQ&mV=A!$*OBnsTd^fRI^A!vS9b?WxOaOuLlz#k^Cy0o?{F(Hk2gn^>Lqy;^iV_MK+ zR*S0zD}3*Lor&|B7TJkF5iMYL8pZ<8@i;&>y(7Eb!^_@ws3A7vBfUn)S8z?Ys_SS* z3c_g`-w-+P;UZzqy8ApjhAS5yMx@l zlGV0f*d1?^YhQ799u0nsu9_$M+V8mwR0(}(=r)itpG^_28>sUIUf>5%>KmSs1YOOk zFi-KJlCvAC&K^+bae=Hc!2(GhA^T7L?rrmT%u0EHp8gs+@A5_mDB8Ng9Nu4dUh~~@ z>-_fgkr^Bn?vuZ;=`k%t^Ez_voS{axWEHnAI7hTVb16%4ux0FRNluIFE&usp=dT0wG1i_WvHq{;G=jp}*Y$E*{A)={ zJEQoLRqLL9;1OcU)$p@8#qbpN0eb3Bw~5l*>OLIzRQuPH<>-dVHCgIbDdBQ_v%0hJ zC3>6gQ&tp`8VL*l1?)u?U87Qv6nNIaBMIc_>vF(9T046Oyyr1RVkR zMlYR^sbcgy$vzTQSu!p`dCiyZ+pY%M1gF=e$P)CURv84Ea<)(v)wz*pgd6M|@M5kX zfi|)jsst@&2AtD@TELVol*p&nkW~^&%~+RlLn<+l3Jm6%zVmzx?T|2@Y!kJ) zJuYY_DdkxmQ8&Q;?c5*D)p7nk$0<1{oU&Rbt5-OM8u3h3iA!C_JTea7kog9?y0Dh0 z5(~Y-&E{21z+w(H=U5;OIzv>}JY$J&X`Unf4tui`4e*-jE)(>+;`XU^7msJ~#jUEk z0w6f&1ZPYAK9SjKBm-TM!5hz-QPaYG=pW7T4M7-iO*NO14BgJDBsmqb?yV|Qwt)R@ zyJb`JWW64?x6uQWI+o!2S8l!IRl9yiwG7Vc&KXDKPX7~pj7iqyVbtu@u+Vy_L}|G8 z1y4kZSq6iFj{Xs%|M`zRrrF)+sl|<^gGCm9Yx7FTazf@Dc!1JJ@f%1FtHI(hUN8Z{%(Ph-Y7 z%Xnl?A!u#9tm+puje)_j*Qi=&@2`&aISI@W@M0w?nxU`)9lm>KPPyAT;q_QbmVwft zO(=@vSGmSLh}{8-4hAzVMBN(~r;?o_vrwnzPr%&>;}g={Qt{>@%gXZg<$?wUVAN@x zppE}efBGFLPu*SHOFHFY+sESHXs7MzuuJ_B$*{B`tzUn_oB_D zRj8l)CS32G32EpKo=!Cy>y(l_t1q7j$aQUVR$m$p%@{emTgJ}D>YihLnH{1>?MEO3 zp7px17EN%rphY-Wo>!yE9HFs;uf2!`T1G3^s-rO7n{^v@XaS97*w%Ss9LpZXPC@wZ zvQvwh;;UMj5myFIi3_G*eNtbnT8!sYF`X)y@g&bL?=>ADG)RhyQ*tOfNG=5Ds2 z^GVzUEXO4$Q+h{M&9(XR?$u%4^xU*W9~(J6*rAcZRL5OoWv3^#IVWawI)+O-FJL@Z zpiI`uDyQ`v;^P4?{wQCtIX5h7A*7_M3+8PHD%!zmP0&Vr}jBcMeqF8ye=N}BNr@d>< z_i@>O051Fexa_xa*&n)DXiU-s7nc%C;%K)R3BoC>1foJz1hF)&xIme{(lS~k+<{f) zv&Qs5iyJKHjr9{i3%o=VV!aLF0#P!=$%5U$$WTeRfP+#R=O`>mf{yDM0IjxQ;J(O- z_C(OPZs@vTw>imXL>t{O04O;GqMboSEH+qJw zL4gW8t$%^W7cj8`W>!^R;IeTqK=7{oQb@8$(2pf6>|mckTc7Icxdw+c)mkWi>rUD; zG-tQuhG=63E|!QDGp1H1Wko?!?I>a>Aftj;rJ~{qr(~KhwGHE4%>-1tjHFb1JXre{ zCxS>=LkB*zbo;oWSQD%|u56DEf626~YeuJ2!Y!#;{)eZM@Os_bi&-!8(1Nz^=+c6s zNc*%Xg}1(>`B5k;x}7t0O9j|GwP*O!Sb5lOfs8B6(b-AM&rmI%cH|XA4?tIq(}IFA z0DLw8#b^4m_?C*=-lOJ(-4K4usnnPD9&{MC53Y4>RnVjv(b%h(i5trldE$?n*Ho3o z5Xs`_=l4RO+I-$P%#xpbLZ(b0!m7@~jfYR&6;8U7a+*jGPFsc?)xR!ikJHp2H%JpV z*)u?=gKnGfxZ3>2uo;tj4mQnf#)*C7Hv$fDb~$_eH)$WI9#fZCFVVEn&}7JHu*%^^Eq+#@Yr#XU2m5LPOIw z&GAg2j7Y*4v>?XJeRXthO5pEjaOBn(h*QdiL~NpXI6!%ZbU>Kxz@1eaNCqD6*j)L1 z{y7Bf`{?Qo3=QsoJLf!93xtbWF9Z`Fr0EM*0&Q$3+wo4a{omlD!z9j;KDp6?EEr!Z z%+>TL!pbyUEkDs;!1Zrh`!yV0JwpX6V*Bs2!z-{p86N;EC8$9wF0#O7YyifB{z78F zr#tGvaC&%HK~{y$ZYSISXmhb*L=Qejly3Nr%y7EAV3nlBtaYNO@;HYIG1oOZYt(@; zv_kCw5_7X^4~YUPp~gm_fVYTd+1f1)3P^^^yqZziU7U!L6@n^-M=eZMWQ6BSS310* za;Zg6!R*mP)EX$nkr@?Sw`ZUMC`I`htXEDXq7qG&n5)D%Wc*z8gw#zHmMf-gwUDl6 zQfcR>7{cMqgs3k-9}9d}$MOtGMSi4^T$NhyBGp(Cnx!)rSZ5WTzQ@_` zR3lu;xsR~wM}1uzY2$0C+A5q4$}Xr5%1-b7O1i$9^MVn*XhH|?RK~NMO>iE6GYWM_ zHPGZ$yJX{(Ga-B>`xz2tP9>TwofipYS}OE_x)b!iAgIJtpYLp{)v8Kp1O&0J32J@8 z(BL4T2^JT6pC}*}002{bD+FWTh0z>uCsV(+($p3#gWyuwkA>CHwbSRFY^mz?fh%n~ z3N{_3wk7CLAgs1E_=a&(=1Z+`YjLe^z*$)umsQx33}NIc1@m>Ykg8ovEgc?2HnI;put5!cH!br6~ z-N{sM8p+U(&TErcBK9a4h&I?%pBir6!L8BV3O-a^EL%`b-IZ3c5PQS2wc`q0_vCK4 zY!t5mD2k7(<5ev%sTrLI*4HpSM50v~6FQr>aaP|x0oDL#qFA+udJB30`39#D`Yjv5 zq?}sUM9nHAcPz#;@gBU|vNgRowOq5nCE6$nuM0QLp!{ySLvrz3V_5klFr<8PpW!HY z`NW!bp819wFy26<(9)CJny$J-vbe1^oMUsRQ9qXxHG49j)b}H?aqgvM=SU2|==U{O zV71~HD|Q;ZzfeGRokZ0MUtBnV%u?SFp3zjU0;y~NRaagKTSAP$3Xo8#*ED|4i4$66 zj>wu2Kx-DLBs|u~4a%`3MY=SKASYRsg7sV)vjN1qlR`)0R%JZp3_P_!UvN6IB3Vn? z0cuhTuImwPy!jz&N*g8W!^HsBfiMP!ZAA+qah^kef3b(Yu>*qRA}Is~ZB?>*TyXj+ z`8gxJj?1$4UM;jX$D-@ItJ7&n&R|9qF7?^Cmo)$W7Iu$KZb4^-jZc#fELCMfbaaW@ ztE`&MmE7$p&n-+&rf%E=73&Kp*6?gaEpkT%4BjzME74+I@kRTlc0`!_iZ6Bef+NDL z6kqJ@nCW$<(WLq?(}U}DB3imp%hiZANHT!7lkBOliek8#UMh9JU^!t0fe<@K@(}^C zN4roHd&?9X#a9GQgQnK05`Yy4)sBdGL9CixhlPVBhLfD!;6iFc%%q|@$ZQxbh?s+@ zuB!_-cB11uVqsb@nm)6;35SZ5GHp%n1^u}q=;U<=zf+SFqtZ1T%>b5BX$uxPMGfY5 z%a|n!9q+aSbh7*1cMlmZ&4Ljk3C%iYc72JM;!;$(6Y>j@C~UE)3Tt+>cFCfS>NsaY zE8|*ouu-#d?Ll0BxVg)5QK#0~tiR7lL2gLLTjaWxq{s;=vUQBMZDJ(K+0armIVpye68FS1Y#h;TYPTKeu>;4=WA4`~$`f+H9z(x3ybXR%M1IIX>Dw%y20Qe@7Qo z{*~gx^AinRSBOcv8)IE1&Q+cGhGNe-u3wW?{oq?+GSeL2r9_C6bNklNt%$iUi3t?N zvz2;m)0gAJIL!2Q{KdNgDzCeGr8}<55#k|FezFEcNrTs3mTvCg`c( z*IT!XD{LRTG2nwlWag;FyPzX9JNM;kboV+%BQq_o6jToCM zaUG0LeYJWJTHjTF-9cRHOlz_6Xolr!uD#Ji%$ss_b*l=qfMB=iu#7OaGb& z3iR%|4jKbVS^d$Ce^!G04HYJHV}p49JnlMfn0{7F&gyG5;}BS1tC{3q`mW&U?8Mxs z)e7WgeUSm7(?*DoQK8>-hJP#Go)*;pInA*WGVGsjQaJlffdmtwovt64fJd0^#R*KC zR@Id{03JdHN#lz6b44NX(%mWotu0PK>P)sU7E0NSJOmo8 z5afId2U3=RlzvopjPnF3QoaP!V^HmLq7$5&a#<1-(Nd7Kbu6e)t%c~o_iq+@!q4kg z05Vyys*vZ{dz7(N<(e$tC?>3BZuKc{QaFY&YQz5Rx2>UyUJonNQMOw*=ZKjxC~pX7 z7|B-azTR8>rws;0*JSxO$j8J3D+d#HtBZ%xX~49f`do8XuF3Mk1dUoB$My^ZLM#ZyzU51Ap@_obc&W)q+CmXH$X^u|DIP;IKj*S5}TWJ7?5 z(Cz#Y#$1VT$Mv5+Gbq~PK!3Y?#Ns=^gyb}ZBuzcapsg9}nq5I<7?{uF!{8vT(+HTV z+Bkr43mtQ^V3KH2xyd3rq9bU20jJ z?KXnO59fI+$3p9TbuLy+PWrH7yXn}Za-~niO`={}f_KB%{q3ZVJ=<1QoY(E#c$k^gdmFL!$&|m;X@l=(yqU}0u*Now`5Z(?@rr(vI3J!Mmb5Pqw@Lls_MLkDvDUOE#Bt}27tYufut-|!3j?13YAud zV^!DOU|n9*^2es)YJCbt6I^7sG?VjFT;Q1>;#zAJtvW&0Q&)-?x|Xk)^nnQJjg!fW z#*+yj5v1B0#hlLOmnl|CXNuE#n1QNFu~4;QT0%7slU^9>#uTSGzaV<;bR4%YCupMq zH#OowTzCM)NQ)vZZ}!gMYSvH*KwQWs(9cJI#ez?#5{yz7|^cikHVzS%M z#I@z;o4wdpiLLXC*Lmlixgon)r*hCL*3)UgGSr^Q0?WPqyZycIb+mhsh;1F43Bemp zAAn)vah1F|6Y>q^(+2p!Ptii{btu)4T0H*mMaGkGd6il5I-Xsj+&5JnNLKJ)}CvY0| zzroWym<5=HJ2S~(e~Blw$h=FJ+6|;xiBLZ}S?n*bXpzBldIrVtA~nzDbSzL!kugqY zz8|Y9)-z)(_Pc(X>ah;;!;-`$gI7AN2i$5vz23JDo{%HMru=wc)bf~%0;J>+F)NHj z)^yrwy>9pQ=+0So)Ql~F#MpW0fjC}JXmgdhxvYs=f3VX2R(fdaVlvdUhIHKZj@cMa0ux^nnxwH6VQ=g{MCNUPwy zeemH)aLFEy@shJz@CfyyDxKGLf(j(4;Ra3|+EpE(s)Yfn{=NV|Z5-@jMPCvfJjCSDgPiWbd9r480;TmL*P7X9~>W4fyoM)`e?$Tl@5)zr$~ z)0E`IULAM{I3)u(IJF*tMke@cDoQNVxsOFAc$}G%ek`2k4?x1WonEn$1Ry>vI*0vnQumur_4$Mg(D_)N`sku?t zj4tpTS_s6NmaE+}LTB^WRHW>N@MSbWqOGcJ)ySHk1daVcH1@}!u|En8-yOvbcW~&>=LagEd@>Waa2%~!EfbMwyKATc*70d@uy(Z`))33?QC9=Ja?YjlB~|=1z>fa zLfn%F@pH|g_HBlj-&S0ud&Sv1&HJaS3!ka1uy#CaI-c%lh zf1lUI>)vZ$ZwW=+E$6ii--(RJ!}RrZx}y1 zJF(sk9;?$Hp$l2XQ^sR=a=N$-!5l>l*VTmR2Qv)GniC1$xz(?KC~e&5wtkzHXV6CH zyl@O7v}oS>*hCxFaM|kszu8l+T|?S$o0y}^HQ;noa^-@woa)V+e75>C9rWrYCUags zf_FYmcmpI6EXXJndIJDD)^~5V`b|@93h~>Gqla6P=Wh#kTQsgiL8(C1i?3Bh&q1ke zf*aGMI}g6S*(N@Z121Z-3YVt5o722+LdCL3=bRPv7xMOnIAd9D0Cq~W$N?cRp5oYT zyQbo(<(I=Mqq6%>AXcBd#;R7E5kW!b+RwiBbXd|$!fy!N?P;$Ib!Hv>dH37BsHIKV zwEXrNCdbh|2yUE8F|Q_*oV4G#GSNvtKp~o4oFCZ`V<&J#H}z@ThvprXkI|23C;x#m zw!pMN`c@3Wi%c&tHpo1yAKyTdsm?S=>jl^0dZtHR9AbQ3*;Y3}5oD+N_li`m3Ft9; zRZXXaBSC*@GF!|clFG#vQkm<2qTW<-+dSJq)}3TdaLjk>NKrv^wb z{(k4>hFS|{ z=lQf?Ya72U^H!#o795$o!wV&O;E*nnAc=EYFwuJVx2MORMBdR0Vy#GtGbOD?619U-1TdjsQX%`rNugGFF}`t zp#R$bZ{R@q2Gbn3AI$V#=$%nHuO>;#78Y5J=+-1>ldT07lJKq9EUgx#&|wQ(7SCB;RriPmIgjpHLtR#gCei-iik`#6$uEPX4$#5#2awj6ft5W0dzH@J5Vhuku zz!cMhkV^{bbAkeot~45=l>2cTc`9eDwQA{(PGM0VIc@t)mCC52tQHa`jbBdTFnX02p4Nr z)?WB_loxt6mHG_hvJfHde8zxJWi}ow5R>=8f4wFOv~KGg2%^ zjdHEwDX43Xu0dqX;MN@SHJ)DMl_dKXY8{@Rplh;f^8iF8WnYt_y#v(}Tv8=6jdBhe z9FCGgY_cFLBf%#)b>aoS)A`32lc1CYRTEY96yGUH?{wnt=N_07oL*ODkoEd7U+Idg zx2I_))Nzsq&sZ0SJ~`fpqN=uK`Yt$~z!yt@g$^$g1W5;E@EDm}K_Bg;DzR5C z!0hdi-Vp~i^ovsiFEbPZ{?G^9I5=l$EI6#rj16necccLMo z%CEnoC+c6LL#OZ}(OdkCW#mUlRCiH7F{g^XOiLz{9fwEG#(ALhcd;U&2>ICz#UJ)& zVAi~+6y2!j*1-a})bH6_xaW-JUB3biW9u8_HA=#5%rk|MMEPbX+1Yz$A1>6EJxp_f zrvzcnsv?6b&(SwqD0aGn6rK@ax>ldh;AMz0EkG<#6i=|dm-kd|cb>H`MIdf%WH)^h zQ@0N#i*?PCgB>ZEY_*xvp^p6rQ^)>2sAKwA0FlYJx95}dX)R)Mrr7&=}iA!clIyhrRo4a z+Y$UFGB|B+1~z9PHDbxKn3h1xZYbxo$ac4eh)`3pb(=UmKY=v2uPQDiY&Pxw2Wf3V zY``UrC#rN{bc z1pS-kEhz|HI&ZL_eZj3fGAI{vfei&*!=5&|#p;;rUKOLA>&XR=B2H3PD4GPp@Jhds zY*W1YY0T{F>3);gysF%jGS(Z+U}qyU=z0Jb_)a?`9-C)BLin~H$LU2c1Z{+`!Hp!P z?=Ygic>Smkeg2Z&B~rCfWW8DpX!S9iwb=mgCTw0w3%Vo4Z{1Ehf&+BWPOmc(xZ=1j z@Q!T{fG@NeZ++mY4?7KkPS;P~k@D9G3F+aT93>U{QfS8HU6Fy5*-&qe54k4ubHa(fCFDvVugJEeKJ8y>JMIh%33 za9`)QuWKu)zOP`Qw~>JWySOM=Rp_YTK3w1JBCnbk)8du1B3i=0JBh&t5Q60Oe%`%y zpRrDG@8#Yb2QHMMY&23Aq#(Di3C?nAgBv@TaaAYIOr_PB`7j@dp5#jt&C`dRL97LV$YmSO!2gnJmXMfyt~nWj8ub?W)uw zleiJaC+C|3HA}4-H-f#<_FsK}4v%!14xgb(B~iirO^R*_C$>t0&S4d8_GVTP#5h_o zPW)C$wB}$(3{hi0nU(c|#QCHhTRqhNe#BPONKmGYBr-}Nw zp5UP`Fmz6oi>3#2uhHp5e@|@fk<+bEyUB6!YFT0-R^L{TyE3OKmHD!M{a-alG<&KJ zWA$&yUp)bMomp_YT6ymfLe<=39M@S*PN}5sV=(qg#7T$}FX}oSe1_l+W5swg^C04R zB4%gn>%Wh>H9gWcc9FJ3>pckMO6Y-(xz)7IVy2Mh(dy+bX>GWDC=_y4{?zc}2yb7A zE0ZdS7PDhtsdGem*;ML#oTne$db>-cvg`=~R7Jikekyx4*A?T>3Zd2M9}9Jqye}^2 zmCV>};XLZ63efAbOZ$=sT;Cy9pc%(0nN~Rxrja7>qJI9gf|fBWVq31TuCM(1dLFsm z)L|pBw800)%40s(F$;Z(%3jnr_HAR<^$T$XCACc``5C-%tfROM0eEXGItH#fY{&rb zn(qSOq0&$XuS|tbJcoOr*Y-C-AdBb~hW9%?nW?U$uQr-$o93pZ7MzY?CJ{VG8iss| z?{v_ILPFK;1&&@K^W>(pqH))3)DOVKPpYrpWvYbYKD*l1H{j>5Y9d`z_2y3x74DH? z_YmW#gM*10FqcYQE*qXDFj(u~hK>R2^&lGVsBY|(?KcT_8#qOsw?T%VR&7l(MyOrjJGk{DTqnD18$nmYT^~i7<)lea`Mr{>T#J;&QB`x& zUB)1Qg$z?80I!ea0^hwRQ^GlMl4-ssIg$2K$Kt7`Ff&zMd^24+jOrlxdtgh8E19?O zqD3ra-qXKsuzpV^Cr3D)x9F+lB<^Ml?>4$mf9!7QJa}7osF+eG_f4SLJ-f6_;#4hE zj+deCYo?<~p#8MU3V;t#EJBY+BD&A+j*m0kbshY ztIG%mBLM1gK%>iGICTJN!%o+|;S3{Sfc1(bBUeH@#ajpe;LMmX&rp=Wc*tQ9byRGZ5x zT|E0;;G5r4CO{ey)g+0tC^95&~cs z`0m0~J}119o%$fV0-50xvCznbp*!N3sXu@_$f#xx2EeLnW+DcFK0>IrltVk`ec+nu zLBVTG77BzswkFf0od;MopI|}S4?JsxREhtfbJyQP)yvr|DeDwL8fwmF0f=?YUgFoS zuL&vR6qj*9L=NGyxAw-;U6yCS%(6Vn8I7XlqEQW4{luIS?Q z=<@LV#JmaJBGCd%@LUrTOQlGHW163y2g_uE%S%mbb5@A?6S! zx`Fw39LFImdFavAP+3}|gG>5X!nKj&X6Mm0EwY1V0v;`h#2J?O02XmU4v_b5tNH5O zNna4~FG%X!XVr;?pu0Ul9~JWUdTRi`kH}2LUTZ4;^oRc0kVvv9b1aG2sxKCA*m6sc zZGlUOd%bTT+uPgQ`+Ixv-|g+~_J6mZZ}0zUXYcv;?zg+oclW;i)AsK6_V(_d(DtVt zYWPcmlH<}0D*3x$MYNe53d3rX%{I6FG(2W_|7WoFg2>Of z|98Lr?%VCo{@>aEy8pk#@00ESjdd8nrj-j^27t>_Y}H(#?sf$i_ycW!giJa}XmbCwYa1PU8{{iB{1j zOq7`8-S75AweVGvX1q@9oihdQW(%vQZ68Ljxgd)h!jIUZ#GIh$Uw4vkx0CJ23E|6< zf63sBu8NW)SKWPEO^DgWiTUqla*F@X_*xBU!T6@XXqQB)eSi+j@{lhWe=3yrqE1q! z+C)_WvsjQUO3>Aupc^#@S~a4=p&AEdiVHL$Xu&c%r6faGpqv#m$n7Q2b-`}Y?VP4_ z+mTRe)>6CQ)XC=@c(kaoOB&)~g~YTVJi%p&q0FvGG9ePTHnvL`2i~w&Eq>rrVA~pR zagWV44FbIF#b7_V$3liUT@QP*MWb2Vc&<4-3nm}$!zREo*I-w4foJ5r%JWO@+1$Ws zmmI8tLuUz$Q`OrS0^R5hgmQLEIFfT*AiaT6#)_vB31cXcbAlplNcCJ3ccjyHK11JZ zwL!~yCD1L=gbxW{A;_P~q+R(B%t1i9`Jm*QN=dO@g1GegWMG1Z*C0%0ZK!pV7F&K0 z3Di8MrlfdiuL1e_)>?bSsgkH|6jmQYr%+AC=iN6ioTf=xS8-dXY_Y&a)(kvGTb1Bj z6I%G^EI6JK-t2xpTXpo`!zAlq7Ne)JXaCjj-5Cq;(;==4O`m#yraI{quk5h4^r;`z z^ZcgPFs_%XO|!-}{@ZU)+mitt2DnZ~#6GvYtZ+3hDmAF2k>?{7hiDO*iE z@QMcG3oOHT7p5$*>O(gotq!1||7xTSe4Ju{syydxLJl0C z+qsnG_e36eZn%&!-p_#Gq)+;Y;KqtCQM9xBJlRgRlbr}f2M0S*h_|Vq$^U2GuJ()C zz6p8?bk)WSsQHO>P837_;p*z#DVSoKSDakUIT3S~hpxcfIY`>|{cg0+*=6tbo(IaS z?86aNni3%#tahAIT2M)G4$eV!U*FXga(Y7wBED?wIcBh!g$HskejbkM05wcfYee&i2((zBpSDIVV*oD?c)f zMRYfi);LVoeFwo>!#WQ$B&V~o!<7`nyidE5Gs#kxAE2wF^N@`1!_vYlxR3=RN!vBr z-T5;Bb=DaF5ahuL7;e}<1FH>Sy$be7oiS`DRXEx2`hmk1+_n;+5P3(7>dw3s>hrap zozup}2hl$BdMpMzyP=A$Swh}J4nA@?%kG7(r)@)(u^8`-!Wf~9v$B0a#OUzdyY^!E zP3uTuR-6(c@Qhf?#T%UG6P#XOv3G1H-WSK5v&Q0Z!}4mO-_z{n8QRm+LZR>}-&-Eax0ywolX5(TPP4{r zh0^9S3pv|ba$mO?w6YA}AhO1bYNP=gO zmQQ}NX(RdUb#47{I>kQbTFLmAm2Y<}t?7{^)6Dv>_t7dR9-`*Wq4r~8o5kmeT+>q4 z<}NbqLUyh=u&xV8Yl0pRPP#4)Xz0g*k2CVOr=Pc%0XhWlFco9C{6rvLahb$Z2Y5m13law4z+KXqlKY}_JMd7XuUBpv_LuByPNg@93AX+{@VI(gJ7b&Lwu^fb;j?Zi(C)u@l%ocdM)N>NUL;>1u zi{`{b#>8hiGXA(!=t9yIDbo{-}}xs*pt#v@nJ=6&DqD5sg2# zd2LXSoa&pax|;fSO+9Uu_=ifh`2Rv_BlpAq#|QgklmCxKJ01VuM0%w9e+&KC zd`_koE%s*vhfqY=z#)rmQ;MjH8XqWX(wCIdKxK=hi>?Z<`H5JOt9l{bUgn`hW9FX~ zl2wg86>-_5A1e#am7nk>OYbsYgIIa;?|zxW6C;19Q%qnvXNdEZHI`MyXxW1k1288( zp{k4NRgW@u>a8}OABx1X#(wIpto>ByvFGY*M0VgJPf6}W3wq>fFkK$~cySb~VMX#k z8~=PY1c)m9hrRtA{=?2_uap0qNR~^E^4R(1xzx>zJi#SE4mR;z3+^Ewjk}<|xQ?^r z9-;}>OD4MiA^0kGR`lZs679nVRB$As3#c9Y1TbNW_J14=5C*vKc#yGs-2VsTJ#+t$ zJNoqWs*a~IZg&I9e9 z`t`8j8rml=%Dwd|rVIPx^@s?Rl)mTG8`W>ecXxNz)2yx0%Bj&jkF(wwd9Q%%OQ6(Q zt&%XFc(JuxHXecQTNQd#NL{s8%%5wLQ&63awu&G=B}>!uhyywLptTjx42v-sN;B2$ zOlckK8uU0`Z1%Sn!yQ-Dj-(i%`-;Np6g#?CyY*8|0!ym>l7;!TN{AQ|+NKNMi;QT+ z`E|jv78&rgBtSS}0+Xr_RGbE+1OW~XL2vYr@j&}uFDok~oBqc?{_&5;Y2)fraVpaP zBhiX|%+~<{Tdx0)Mx)_@ssHcpcl!TElEIkbX*Vy{O-xoBZfoHcx_HSJ)!H7bHKFU? z;9B)7RGr{8-NmO>*1p&+qNsRq9vwWZoy;}EQCc0VI{?(D1b~_>?-kHbO;pn24PAdz zH`>^>7Ji37+98mdYhtY+q-7OrPsr~Rhcq?iua%S#2cmlRxB>>|1h!+)R}ri>gu! z=oMfDU_lR)l_Bv?_wOve%oA=v63`)aTorX>YSjuxN`n`b;)HnY|Mg5?6p{sGhbA+f z3hm5XJav|h0=2X)8xv2cctKd9$_l{BDi_MQ#zHA3g%xpXP!4Lf7P8tRBvo#Vn%WMo51T3&+kv)WuRD!AX?S}mXm5V&GB*!Np3!R zvY9;Meb)$RCtU&S#o9@iavpA{!Md>H8yLtd1v}xpfjj7ukt*%KYj^@&;r}rj<@`TK zd*kl???#fv|2xMJYje)(ocH*&w}kz!>vgZy3f!jxM-^Ic+2GL0X`#5WIqf^|`Tp2Mlc}8YhAxzdc00rB( zuwae>Bvqtj_y5NJ#tx(ZE9?M80b!UEx{RqU$jHL!6n`%I%HgbhCiQ5ES=Mw{_0`nL*ZF7f8$huEou?puA8hS{2(+2oGC1IdkWqZA6#syPfgrt53 zz%8N^^~(%#@m~)!`Hwruop~%Lv#}6C&&4d7r`XN<_~Km;q*7IPipu8%MgaHR7>51= z`f!HabK?GYL%PO2yaFJpF<8HMKWL@_GeKA6C`gdp94h&m@L)1Suv8b%4c@F zh3?H>XXX-c45occuvPl;Vok8NlPLzz#oLBE5JUqMkuF@ekQR@e6TlGHm#kbY`byAD zRmt#6FPSsqqAQ4f&hj}J;?ZYyS98fB519t~G>7b6DDR3a>Pd_U^Zxi$&FNO{;qr+D z*Vb0LWrb^VvEDA$A+tyo%{8f(>{a5HB(C?l_^5R@-=W&Hs_LUfpuYX?C;oTx004*| zN6Spx+-9PRXBqCL4S8UWbZ$^w%$!JrUMk+4pUDIl$it34rA8l>?yx{?u7pXw`dh#mM*A8#>VCNJcK$(mU~Wftk9 zCHbuqzuCr(QLDQHnhsscLaIm5!fu{}-_!1t52h?UF#4qita(4Ods6-uk<5jMY?j8W zlm*NnoxoY7>%{XC4L=K=dD@J*jaDA>61rHj$54IRS`V5<39>KVa{g6QU5i>vRkipE zFEbrdIgV5iv-je7WmB13_PR_~uCV&NL=wawZpl(A()!PnSr8yZtskI!izvqoEl_qj zPi8?xdRnOMv{}VMuG28U=rc#YL_#XkzNAlR{G%|i;`oGMr>`#ST5J2spcI~rJObT` zdijilfDn%j^m#X?4*Rp14;E!poKwwLS!ESjvMZt}m$o*lv&2SedsdC->kGIluOT0- z*^$t1loC^(Gu~6>U&W3q$WlRi{FXc-I+}iau9RC_KSvt5N0BSS84j*C`7Wre=}09%$v?QqC<(dxH0M0f z{+!Xk(f$-G8~F~JQ5frN$#1p;XZ^`&-6Q=Z7k5nmE$vYzXVNkK*JLc}S(r*Krd z+;VB!Y(1JWtnzeHb5I`oRtDt0xnkzm$i-sQo;Yn|Yji^s`AjmXfSr`9Et&Y+z2&&S@Vf8YLk%@iRt4oOQpf~C%z*)2ic#!jOgb}k z$Ik~&)$$(&9$79>`|!^d@_%PR~4gm1#^t+_Z(az1YF`UKzwnoLo@?EXSuP#J`k{w!Od*@<~7?^pnUOv z2Qwlno)QWcgd*S~4zVYkfhY<*?7%Fdy5{;Szse!2L@g~F$KsKE4v^16iqh*cb+JKw zz_35_l!NWfYZl)wu~%TSR0vm;cwY2hRY)wI1^lcz%)S{7hkuI($$<=s2FVlfimMK-iuwj$2%mo|zgYBv1ju^igh{RT_xI?mZC|ebC zD2!I77R{!l*Y?%9W{_nQUALUgmx;{!VzcR)wsJteEAZXIUOo`&YrkU7i*aAgH{k=@ z4k<%=HC{d2kzR8ct9_Hyei?20i|}M|(pd)dwy#)O-^KLJHeUpa!)>dd7cj`=cF`o9 zy?OES`1Hf+?;o$Ro?M-F)cvtLf%o83GF+qaNzdw7y8u(a{*vS~J& z5-YBH5R>rAzoDgNEN{^A5Qw#Ge8@0_)%C^6`_oTnn<2Zf%@Uf6mB>>37TXH@aQgP>?a}q|hflx1yT7%j zQDYs4T2$1T#G;Di;&=>Q%2Be?Jm0)#>hkWYwE&wTA9cQuFzzi`q4x6Kd96V_j!}l&bQvaFWEMK7D6h|NsBrFHWv6e}5}M zzE3}$Syp~VW2>sUZXY=Eq0h^xx;i;KI=iYzkFB=4l*CSX!pWnUoQspoPrqLrpIpDc z`1JdE4Vnt;Es^fBspAi)C)S>?vSA~dtUI-!Nh?X~=OeYqGMa64oVEoIXmyY-w$WIu z6uN~Vj<=T`*R+t<{p4_#3yxZ7lc+(T2Jj6sXzT(FylqQ4H2Qp)*Mh7bzC}J_?3|KG zCV0o3^WZ(=)mE{>9?3ps!&3&gyUDzyxNE)9_+T&`32`LpXC3&HArbS32(y@9&`Z4ta2?AXW~+{!kxOM6s|8$ZsS48^;So zLY{owNxo48UEB?E;SiUM@LsI}24D)Y7gBUJr-;po=jtWxK@$45V^u%us8+3jiI*qX z3Oj_HQfG4PxSRtCqbTDU5lAWW-n&HAu*3Euo<*1lc{<1hg7z zb}MfYXx%woMGhxOx=9J!y@k>!M}9^%3bmbHT-ypH!jR9A&#^>n87x8`LT|tVY}a*T zxB!3ps z8D)z9%I1k@KvqFX0B5_4yE?dWLA?`Hd7^wLgTEU zQ`%dz205~ZI4UQAuc{70GEA)F>0g#-`0$^_fB^TA!Ks5Xn#W>MbR5 zeN*szaWzMtdOr!)6>LXS-HU?lDCuI2x6?3ePRSz#uu9mR)MdyXHmAV9C>Jj3IXF#T zY`@CA{uUSKi;!^vv^YURe{{o$18GhdNmas$1*(v$ci8iQ<3To;#31O*rDsVTNVPIl z)hZFAl0I`15Rc53mqEndj)~7W)llxlZYs)hXpvSgoaDQ36Hlw@3%6fMzMf0(f$Ee^ z&O}436_Y-``B+=(wmKhf%j&QsQ`LPosJzpzC$kz%%jN=!8CNY0wN_g(DQ2@5HZP0X z2pKv$Kb3B7)(iGO;;mb!>2aea6Q{snr`_qe#y%?7&LyoDl{EFg{)q#pQp**vyg zX`2WcX9OBcz%!w%0iP-$D~bA+{tVIsYmL)ya$BkI@Zzh;TIbv>u~D9wG_f9C>Bbk+ z$_!!)&&CZ&1xki+bSUWXgnecP{z8<11%f`4&>nucm>?>Hf&$`j=mClXiWu^_(!gCJ zxM>noS!+Q#D}E#{It0Vrp>E~C94#`OvoGze_TzkPe-UF^Iq1fTK0D+$ubCWnbqJ1K zIb-M)s@yN{pwDAmldBJxwuvy0(eiJ-Q}UNHeI5#o1rIwL)(fwCjG)HRzU*K>S4U5M z)Pg3beCc}m3--__dK^O)6jIyf6kK)&E+;?!YCr47U$2${vh_)?A)lx5>{!pVRVUgK zzLFNHNkAjBN)4k*>DaHu!XoG4oj?a8bXjMCRi4zV-%HtJWLk%`y;;x@nrS^*0cr}% z5+h(F1a}^PdJ_jClF!z=Mlm)q9 zjwpHs81@}0b&$^~MhZI?Geu#pau)^BT2QCK07aT*`oQ3o(7Xk%?Hvg{7dS8yT`)f7 z3xH(LOAaKa2h4K-IY76FE&+610mHa0#v6JA@BzVFiT8!1PaBXACl~MrF?rmSM2o&G zb5#pGeFKv}SuX(l>UD!u?V@8Xly6Y(=7b?JH*qNR8?+qMpH6MLCaQlw>J>+Q2T^m3 zOJ_Hyv4B)-;T{{@AhX{wJCZ18Qt~?)@pKcgq75k&HN=Ft3lKV--f>HSVAW%Oyxc_B)YuNtziZ;0WbB%YKzjX809j^i% z{>u}4#a{XTJ0Px$84blGOhR{t8b1WD!vESGj&k@fUHtFOq_SsoCjOWH$mm_NCf>?5 zVWPx1WDyV_sVjgQH2?!DOkj8}(}(8g`6Atm^Ho7!;>T=B_tSYBWS`AS`pu`b(TG~Q zX{`?XM@D7ZFNIaz%Y*Z$#-;BsRr3E;0zax$h5xlXH1NMh2fGIy|KCVz!vE{yKUN1+ z%I8pKse~&J*wS~JmW*W6?QYZf<53UV0{UfRY?NF@C;Hz_^n8H~L^PL^gdNoMv#-P?eqApT@AN)uv z$vtcUbND(u_bxp^s?`7F`drBZRH6S355~JD{_Ajb(CL4hNJURq40C=Nc!U*FU0x6t zi;?)n{v)!^OSiF40sJ#W3AnX^YapG}6q;wRXAFwGFg$$+zJkgAF7ll$54M02)TuAI zYt7fW`o&|7{V!z9Dh#0N{%^cDHuwK%zuW&CN$u|c@<@&JRoMK118!D)Tf9y--f;>V8hjfM%21o{xBzt?; zd{8=-^qx~){tx9Dqm>w_;{Q84Is4zBwdesWU z{%qh7iiqUpCPR$9Wl$Sozc-9K#oeK}ySo)B?(XgsDNc(!6pBM}cXuf6UaUZiyIYX# zliv3^XWozRmrOEqWhXnco4tPe*GX#@BwZ?-!%wSGQER=gyxf27$nazT>am>>Z3C|w z|B&|`$zio1EnGbSsjIACa9pEjYK2{=^0mvf)P?f?Ni7%HvsV=d%=2mdPQMzBY$>{WC?CNb;7{VX2*+RF(VB+U?x;bt)1q6o

r=qeVyO0?z>c7I#V24N9=>y6_X6xAT`>=u?e10bBv!c?k!*NltXm*^Vh_h+aT>HTf@w%IlZ zlHNqcc65uo{=rf14HFS%Z_naE56A8LiYI@azNyg^-lLM$WYiY{pfustgn%O;*-Ozi!rlgnfqLYBTj!Jn4>tXM{MqLl(|iO5J4v3#P{ zc$xe}gi8T}P!q&%*}2QAd)(anPpj=a5_j&eAfvt^M8nmNoAx_7c=*uc#kspbrakA# z4{gcZ^gY3jM2(>b;j}IZB8hj++w1V%{x0opXcC{GZ=4T2}bBC#n8Cv^pC}eg!d=D+H-1*g5NRM3liWZpoksblnxHJHt zuqKnq&FSQ6lj@~P?JNWrTb(c=QCIy08A^@C+-6)nI|kvyTkF+FEyqT&*xCzFsLh}` zQ&~!SnN@KzAjTnvCsTO}r$+>pT60ekp}#pxN3Fy~LZ8S6IbpvvaI_oL*kS!(g0U(h zOu}p4J1DvuZ7fm8g{f7ewz16PbzLS#sih?RZSdV5nU$9FuVT?p?S&S@ueIKVT<|Bd z-`}}&y)E9a3CfPnWzx)@9y{a5E|qKDwc(`sEfu!dV`Rlzq^1p@lC52a2NFsi#)xu zRe_M}P*1nqUt6UUwXQ<;+1Km6raqltO{+l5kERoyV*+I&z;)`dZ-RO@rJ-+ot}&~k zoTJt0(}aP%+1gJ>R&C?cvBoTGb_xTX?5Rgwp(7FImNOIu{Y-<1Hav^)TDu$n_SIy5 zBzOtJ$9}kL;jmZVH?Dg0pJs9ecLvb=J9Pq-`VH?{FgU-5*`k&PvXWZaYdVd$mO1%j zD?9RQYLfaiFk2hwo=x0GlvZn*1wE~%EypaJ41j`G5fyna0QEn~`!FqVK=}i(zD;p) zcoi%R)J+%5flZGI_OBBXW@q%nV`iS7KDdEUcGS^T`Mo+VWSnI7Dv^oN0$yKTPmjjU#>Hj{jhYhiWs!y z#Gk!{v3D~=t7Aj$jO-&VguEn#1Qb)PAci>f>`L)Oc7FDa|f0@w7(;a5~Oc>z;0sLmJwl$g@vV0wInqbMLCp59M=d9pU2Ze+SaK3@Z?0x z1&QC(L2BKuY>p5mQ?9J!DFcn0Fj7;Mz4L>k_3PwjY5WnMm{I< zH1fM`C<0+4iDo%LhC5rNZnx5=BODCay7%i%v^Q1wkoshn#F8fS*9|ND@}Gy~cj^n} zLf>U-=%$ojlTm4^R45)2ca|_$G7&PzeL9Pu7%C{&e;xGQQ^hp)X-w~BGwk*#@V#6g zg@1kqrNA}lTZ3<3OmAA?EpElo+&=Y6e0uRq=!R0~`y=T|r`7{_LdG-{y#qeeFdE3h zyyAxDd7Zp)@5xi++>^-&l1TW3zV%Auqwb&{&wZ1a*|Gf?RyC30yVQZcSgsvvk?E=p z4sfl}Xr`Q}uxT>I#?>y`Ebo-m$d%9zr^*k0@3LN8Ev0QN+c}!_y(bB_B_GIo38uw- zig^>?+Tgv;9}zCP0Nc_i;54(hNK-yfVci!zZij98!gYcq#Ghj@{^9-}TqWzOIi8X< z0mas_KxoAEckHccn?F0aZNE-Bf$xo>8Iyc(LnZ!BHUHG-OEz{Utdiwu@w)OjC#QIXw-*Y@KoLdRZ?U z6z+@E`Uce9A=T$VyeA0{o==xWxfic($;D4Vr*E(W={2(M)|x2B^pB>q&@GtR;zK9Z zricJ|&oN>`jaKZ_QCtg*JK_v8e5zfuFHqN5l$w;se(>0hCZTcha&7g^fq(QUoeVmO zx4uO&dhoGO23Z4AU4$AdUvS~cz0Dq^=EOSOe~qvO!jmymTo&tpKIq=V_2AJ2Un##W z`|eGe8sm!-zuK?J7jVF^3=5u7~^(nJ*Zu_i_Uf?Fd6zhpi^veF?UbGxbh)-}WS2!US&Vl=zE*>{W zgwM@Zvfak$Dpg4*s?{2tP=Vv|bgPk{1fLR`>!wySCUp7~{i7O}v}{N*X!21_lf=+? zkGhU%%GBN4F8jf_{zvh6{N5X(u#q=THR@ipvhAZD)-H36m1FS;<*%eh5veI^8U5iL zLZW?}@N-^_7Rnc)$l)^|Kgo5_+(jr9gl9t4`v0Setk`}gQ6U5jA*P2$g6hJqJ*7aC ztRaE+95>%JmTo_k%V&kz38l;?8yQRFEwhVG3Eb?ezpEJCni9lV{rm7>7r;UIF5>I_ zU*E$&6m>iK!2QmCT|QeKHK$LYU+=x^HLs>E_V$W_vlj?YOPA1N!Doy*gc`*upE}|7 z$kbI%Hmfhtlm)YFm2t##X+*{Pqrd&B)xO*m46a}Pc3p|n3xiK+pFtG4`7J0EA6lYIizJ*Jd1*B$*OMbDo2sFa z82%1XZBexgiJ3kcEG;3Wb!5~+`VsWyvra`OcG)pv*Pu|lp^&>5YbLy^UUaI+oA|cE zxG+?cn?7};5qu0X%FXi4J!r`&X{j; zx<!r}2an6}yzTC^cwG&YVS0 zzN00;EKi{E4WKZn7n6!$IIT+4Ns)%#XUo2KP8Jq^gr}k2I2$GCe;b-qqsT{5l|4PE zNP2kqh^N*l5s)B77w#o4)Yn~6H?z*8Pye}ODPJ8MA=&}8XJOu+I{9*bA!qfCJbQqB zUn83iv1>$^xxU@IQ$X17%0deiYmAI ztUS-N1uIedmK|vWW$^QiJu~UNLtWjA81s?A9L95)Q&S;R=1G`mllKpgFNWN-d zbiln0PqUY{vZf@W;ta6;S6^qlvE*>wPf>yqQEygV#dQZd!7G!z7Km!INdq6~u-vy2 z_iU~CFJE+hb3Xs(yy4XuEv-K9;pkUdexT?mNTKafrCj&RM~lhQ{8XIJn*SQZEv(Tl zi}&(DQ7dGjNj3ZJsrj9#5Ge5msu-s|dQeSYZ9yn~5}Gy`X`1a+_%+F#kk#miYcvzG z#BpqC`{27mo46lFOCOWuws?$lQ{1tIm%!T0ewIT?v-s0N%O)kmj*3ed|CmuKe?re1 z(ZOWq4Wo8#tbV_#;nT+W1p`b@rGyG}SnOYxuz5!<~NV)c&Ny(H4p6(VO|` zL9Szmb+s?7d~d>*6gwE6@zV+`PzF^hU3Bg=G(AnvWkELz2gUZNsGOz3jM+7!n_%(y zu|johw|-iPNpnEduC>WxB}V=u*8Gv@A9F-cSH_UfNvH==bS~37qG=G8`nZTx;lCtx zC(VtlY6zya15P+@N8OSo<=DV~X=*E^et{`{4S$I#rISM_kB}i)mZMG>I(tJj-aCXp zuwU95c3ZD7(wK=^{-9exN!r#P;caq&UOoGfGboAt(NLT$Tr=75LIPD}mNi1*lc14G zSEc{Bs1Pce=ta*ReDD{XQ+XODjQM=5E7YJ}*r3*sPM?X?;5IFHxK*fT2<1?ktd3*nE52P)7iO?2(p0bu7aT5h6;&4qX16TFwphSI zhb1K{m1APx6d>2=;c_hx2{1G#ry4Ris0^W)Mfz&HrIFu*6M zV{^;!CR>A!TCV1g#$_Vci{#qm^PW2GwmQisHw^--;* zTUE}}G=^qD=d7T`UW<1hP?YSiy2|%?oPNUS8tgHr2l$hFe^Y=xL#NA}?XK3BGZ$K| zGp=BW7Lm84_GZ|(rJFBbtlJXVmiK^~8OW%KKS0+YnbK=rZUV$@9%%msfbfidWc0b~ zaSvGaeKJHfBIYAqWB69x9UcR%4R)F9`@%%=kzaN8Hc&*=b#0)%@nCeTy)`4*R9zs~LO%Gn&D&DQ zTuSA}BFXNUK2uAOgM_QXGM^uE&0nn4xbUQebgsEO^?nitt=F}{QFA`%7gWY9w){-cNQi`r!zd`;FIi6jfz2{k2&<^r~DVI6HLMMp5zR? zy8!BrrOJ^X2-q4JivwD?Nqrt5!1n?i4EqSoo@sEKDmphMI%FRw=f1qf1!xIly)=bN zGf+GINg8ft*QUuF_XtM9cTG0|)*iV}vVzCYVS zAOd$MYku?ON=RDSfFe-0X}tT|)+W4uIRnu!NFD)=#8m|i^ZV%!8djlCIqg5nYGgnh zb0TEXgi1{E#oM%pg_bgcc@~H_&nhcKPZ6X0V7#jFj0VhkI1goZQ&+2^t-#b>FXELn zSN)5}rcO)R{2qh6ID^=kq(lZS)$lcm<@csDaz$IQqFuj}D)~=LdqYAj@>L}-T`vOK z2^-0MJCI23pY!Ji*$yUsDs?!vHlIUTQdmKKe#1tpP+HeOZqA#l>!n%SKfd65dh)a{ zpm}g+5Ym^>qTBFrW_H{yYQo{(o|GUjp1YI+_z#6{t=|DXUvt3X7f*nk#_*)Cag*uG z$GJruLXS0{o5FvvcUKO(q@u1X*1bZHx*~B+3g5g2ly-AfX@)Tc8dXr{S##2Zwh^#=HI# zr}?yalyp#X6zGNJy6SjkY#XsBAE8isyiOF<1Q|OMfWBI@=>I)b-!o7rUKA5O@3~B3 zC!p*ov2MFBAQ{j4VwBsbLqNd8IEFA*c#|X^17UE$jYC6JP=u7ISOKoxCN;P8{AlR! zkFZu1TmY#e`n7Bb_^RAm2T?78hI|o3%J<<-*Z}#WTry4YB`KOPa2XGovD#r5^VT`> zLSe-fMc0Rj-Hh+-Z|V{1Qqd60+Yr+WW;0^_HMm+vhqVi3WgJtLA55}284~yF3I-+W zg=$yBh`ML85Hw^A>lenT#8MJ9Ms&k#wfbz%V?DpqpNUt%eZK=gz{UEPi}t#Q$EGwU zh|clU9@KcvCHeIzqY@pDx+%SC5NhUQqcBJ2Ti!jhELCj0(F5s?p}0EAHtsQD+VJ)e z4eYso%i>M8WilQq#j!s3-@7|r&w%H@caMoHqx1y2m#Q6$9?xRmAh)3~oN0W1 zsGgf3skgJ}FEyBHE!D3xScMfS@Xy9_s62}~9ES3WOT!B%D4%B6({zsuZ4ByMvgj8p ztJb6Hol1+Vi1wFnj2W9~0}W$694~V#&iGD@#;DmGYqI}lCI)h+&_qeYLhT6)WXShi zId>IcSeZhhbr3znjO8*G7r=S*S=WTG-qh$5#v)Z)+t!XwSAEL6@MJ1Z99%Cg910b- z)N>Vy9hT(nA5<>dEPfH4wuE+U-+s9rL8b9Lb|^*EBluOdL1C+}m90rK>-GzMQrU5? zM%k4udnoASTdMeG#o|Z%)L(@XZQ=C26O^mT8h#PJJWH7jAHwf89aH02&ZLd4;xl;s zKal+r(o_B1a~f5E)22rMMa6^XdjnF-Jbzy`54;>@sVbNq)1Ruwh~VLanq1U6jNb%| zbS88t3i8+}w!^Cbj3^$%vE2mL8~jVgbh2ZMB<|k%+4!_3>Py}8CGmA1L_>X?0jvDu z{EqFn0F51hAoI?lZ8%5JLmHW=W*bM9(&u3PyuP~aVcKoR`?Z}dGW*Bw`q`i55K?62 zuf*FzoHrhxDaq&Wu5*(#_Jk+je-|ylITM5ZgTd9Is0>*A9)hL-*@jMB?vDq z^WBd=*9}paa}>?V&Q7#EG;c+Te&K8X@Q9|ow7OT^1fs}lSy5zt5~nq3lEBmk=MTbi z|0mWq7`*wxZ|AiyG)*3QnwTC+C{#rYl%w{VZl?J)dxd3}+fTCld8SbH0Jr520wjrDPnRSL;zEF_Pfqf(fXW~P4L-tEe z&t>T#+s_YP4*kI4m>~~rkamRzu+6_6eE#lH=(Q}qn0_26N?TRROYCijBw#%1@<|2E zq9P?R&{FED*-6E-TOiXDOoLzXmj$K4w0WR0(S)EV;+qC~@S{gsnX4)E0|=jR>>x2w zX7C_Boo=wu86*m|F)>%SCXM{K+SG3Nj#MC(0!GqNL;#la!F0eXm;jXE!F-!BMbs6G zZ`~=GrF#5_zZou5dAsV#ZUP{I?yJ;-ID~Sf#POEH?)=jpM4E{LPo`IS#krUozWYzCMHD}S2H+6#&Mk?_b5RzheM%~tcA+i6adhvF6G2mhgY<%cM1OW^5 z-38c5V>c6SE9wgRA7Cwx*#<33DKx3!pm8nu*ohpbKJpMY-swur=TnuAK|sF^+6%W@ znHf8~(@Cp8&9M5dx9eOZA{uBpx^ZDC0^q-gF5d%+8jb;BVxQMwnu_^1U~%tkd+;3e ztk*>v&)03tycW|@b;H{3Z_v2n{&-)?_u6+%rbYtpTO1Bv|KQ*O-14jek8T8wVh`-{ zMd&XpimetvWdQ0!{`a%y7q7DauBU}uRhPjJa{ikykVn!C_?B!FqgqvYNY`R|I83K8 zEhDN2IXgDG*@~Xdp)BiF+$yTESNfGPkJYT+=5^Ga4ZHz?1i`;QD1rd)dNyRt<-H<5 zYBO+hJJOv9&)1p8w)^U{kw-n2zC@04vlGQ#0>_8>>zmR!5_f)C*P-6n!B5eq3%{6U zZ52Y21@^*-J4A}UU#@9p`0dbk#O8TTMyc?nyeEkcwxE?+a&6hYI@e$X(s5b>MdeK} zYkIS;#iq6PfwV+G^!McxV6%|^?S_P^RItNyia4VTk#O{eBAk zP%qd$HRyd?l*SqL+pPeo`wgc(iw097CO}LcjT?#)IgsC;8=D+TBeguT4r;LXE7U=M zs8|N&pU6BPq=Ov9GdKTi_oLr3H7cSW{BC0wBrcbIL82mrmpusL&ZD2;aX(%kMln&n z9AV$3`qUrz-1GAtm88m$Iw&E{eAp`yJ-u)3S87Ij!tP!g-@?vvpKl{+{+-gGl25gb zj)d=SgX_b8l1L{d*Qyj02l_FprbSsnf~b6uFe>c}wi0}ikbz2VdN|)G$fKdW!AxE< z)+0#Gb4JJYk;Wh5y;HRRpdZA;5=IcuBZ6<4Ypkm>CZHd(OGCMl&@(I0Es6Hy7*~)K z!l0t`Fw9&OhwcuW3kv1SFk||~K}ED1$>zvScLgFolnG$#{MS2NxRZDCTN^FMz$*H`*%E(j$>=NqM#qYT?b73yka0-;aQzpq~yGG(@zSnrN z^atIV5&+iR6?=O>^qRc2?Ec19VSZk8px6v$q0_U2S|?)EfW6?Zwp781@k)?cjG}eQ zEPMP9pQz(=`9XHPMrYbx1}eO?W12lGwjNb2sTEt?Q%}w21h$))ap4^t{JN zIT;I%kNzF`N^y?C`mj9%xYF1!KlVkW%qilx>M%DyleZXL+rhiMpCnH!KHocu&`bbk z2giq`H`uIhkwcf915eXS6<;p%q5*M{Bgo!eVFaW)12zj47=A}mTqSY1va`oEOpcwX zgV-kn5O+V0!QBnjfq0wW7XM(#y$<=Z5beZ5-GG?&mpQKmZ#v4=mvb{xb{(iy$OFs% z|HUkNG^jMas~DULGY|S;RHV0|Uxat^ecg#v%AUB7?$g?&bx?ZB$ybY^o=}WYuw4wl21#o8U9S{J5f(nJ8n)$(!TS~Eed5t5-Ign9Yn=+& z5#(d#YT7L@v{NsPl>3!)5Xa7O-wBKtyK zMs=dk1vhlX%}b2q(=iMq@Q$fAq2_;x1vEwR)qi#@C>iaFr!e?frGtw1^yiH9@2=ks zEMIp#h5zFhjFytCa;Pu_bJVyW>Wq|CC0+2Y0Vu}&Bkjy!*4M~}abUD-^QA8SJt`2{ z6qSzq;p?w6F$1;p_)qb;C-^}b2fu29)tCr`8#g%RnQaO1T}m&dvWv=yzcXZKg=Boo zKUJ;?f!4uYd{dpMRLHk#Pe!Oq@a*am{&Qb1L7CRH=ApQl)5v$GB)`v$Ql@#9gM%SF zDSZ_xFz1iW@+1jSYIRS|3vj=ry_bLow%0@n5AJ~6e;Y7+>$koJsft*PmhO6S5`i%4 zpF?<|j9OZ>;f=KHI=COR3>@YxxjUByeV6$2metNIEv#T`KE1GaxVi6tT%#W5<=5FP ztEv1fuEVFhHhc@?VGEYb_TOmW)|XEQH5!;*1!XoCeSVe`gndz$M(#8`O3Ss5GmnYQ zD60{?M%E65o##|hv>rQ*G&6Ktp5PUG^S!}f*^KZ)qZwlU439T**R*JOdKS~6`q<4GwcbO6)L4ThN-MJOy?CX># z1LIfpJ0~7?rKU1z2C@Y(GPIKyJgd#w)!q{#J=l($%mq~z;nyjK{=?<+7t)pv69hjb zM=7jssCwd~0Ec?h6qM$-n?RDn*gJ8oD+2Z2f3Q2N0kMt*_-t#p(|4BeuJaZGMjhW& z58uASno|umWzt63eocFONNWbn?0 zMMg{3bM`xXMqxQK#eRLxNcinXh3{@UmLK+BQk(W7Hm{qWqpL#7O2n)t3qY6*M`tP8 z24VJOy5!4ARhvuoj=x+({9!{DDH^xTPz<}Bds04;YN_SD{;jlCu^9SR=JbC^e6mbD za#?gs+dxC&nsx7pzd7|Zx^kar!#tr|xZTQPlZ=Aw3*#Lj_H5=~mgNMZJkV->MW4$Y zHs$uf0O>qDwj>}+cN~r+Ee4R&UJn*`-iR+Sq`&dai#z@X5=f0^!c(D}XN#G^z zMb4$+WWp$17iTR~b`$yR3-mmsdATe!PkXV(!=p>&bdf;bBQ>v6z+nW~$N@V%0T)@< z`92SioloK<3aZh7q4-JG&D%uug_*7xjC#HS0RgedJ(mH6ylF*cpgp&>ob38md0v=A4|!U#x>lN2(^1fdR`o@wHa=|^3a)%H}9!p}&T(;Hb!fS2L5qng4?=npwU(oUugdAAITX4`}!tgdtVswDZDr1z>1;bug5m zh-UULld&Y!dW!i0X!Jk?y2*C52U}{#=4TPyWO7WOAIrE{sbr+Pc4vhO0^DT1Eum+R zvI!=&@0=5@Aaul9mFTH%j1)d1ar0r)_H*>F`_d1`l`LSoydb;TO0_iEU;o2LBnLaz zvUW%(s*2};!Pn1Edpjp@<7@vDfg(XQR5l}BlT`f@nYlsvxV6U7ol%jek>x1l*xNzi zn3HxqWUrD@b2*{c_}NdVSx(KAE~Lsf z)hu>yd+w^H^DCH7c|MEWMDN9O*1zjv5k=U2^MY+{^Ug3bocmrXf^qM$3Bh8d~BS0A}EtFK-MK` z`^Qaj)|r`=oCqhq!+f^2&h4b4r3%(=(#@(3XdHmIU@uNXl{Bm%w)Y67!^N9xGL^!} zQE8xXu4jVTiCgO=zRSC{gNnXvEMkfbH$OM^<}W&3V|dQ5j8>P@|;&Cp~B+aGx`qvf+| zHi>rV&{^MG8H2?KdSl=8ng5k7`FJY>m-83(O_2XruUAMAc}+Zwkdj;jBh*4in@f2X zYOdG{^rQa&I1i#TZ{Aoxnc-GlZLf$PVHzG~ucy8&1_t`d4y5vCU~dbEli%(6r>BT& zgH5p_8Ek}qCDlHThd7l!$2i{7LAE5jJ^=yJ6>-39a+@CVlX1z!%Qo39*r&U1 z;~x>g^4iA(-iVm{Q&dtm0B!trkiTOz?j0$|(BKb5gq`bhWYXrKe&6|@Ofw~gF#7@| zYPdfvUwB zyr6x0EVVO9(6+{n^Qed2xBkyC`z)u7RLmi4U2T6~10Re1+kwF2Z$|E#JWl$a`j=vyyQ}#M39Z^YkGHVKvP?{Hkzb`u z_Vi8e=Y&$oH12F6)+$NYP@+LFS}MWuzM!p_A%990pZzHUtN))D+kT83hid@uGNcL= z%m#^uwD|)q$;~NX)5OJermI#a4OSDjjuzz5%cEb-;YefXj%iT!_~kZ0hlTdkw$2aB zw`>LUr{L4<5JezA0AhuNcmmyNjtfA+#;__KIeNF|e}y}TjTBUtL>Tl?d6IE>F_2qf za&z=pmv;c>Eoj|qAUPV~CdYUbegWhbh%bXTHUcj~!-4XtF6a%Hsd|$7lLQ6vWUW}B z&KJ?B0yx|bj>q`7O=$l77QCt3#YZg_KygrXxexhydgJfx(yYc0Yw_9ExU_F*)4Omu z&o!WdbooEdM2T+DUtb{YjcXg*+}Gk5LN9=gh9%fFI1`UjhTS#SlX}x6j%%k14kJnu zPG)9x4M8~}8qJpCdNwmuZen>a-@j>h+ccEovwoyO&;K{<*FHfjt!W0$9 z91ADd>4=LK4TX6Z?My14sa4zXM#?5PVygqqEAw?zx5+KTcUrFRT}-E-S=$Wd?9siw zHfs+JYE91-wdQCHKylCCD<^L<7o!#BXBP?Fq&wgG0hIm%n^hW(s*`OHX|vDTxyQZ zMrR{4K9W-AhvSA)K4V(L_;~Jp-Q%gc@>nbnjkX0^Wh+eke_T!_dk+4TmAeffQakg! zvcQal`%h$ES`4wL(esn5QnlFsX68d_`}Szg(q?rfe$$Y^80I2bgioi1%e0oe4X583 z*my-feSnmjeVh(6STwk>D@v^@ig>UknsoAll>0@^a3lv@;w6TpugO>||G=UtA4PMR z?f8Adtl~4}=g{ICos(qID?%qGpWk8@%<^Jh0u?04#D^;|MR&&DgQ0e|z8{;Bq z3{;bLr?ULs9Yj$}1aPF8OB0!``XrTOyfn2d)(9bqjJ5Y)m%VDg=i$CD`B){a9TI>& zb5N*crpSN^iy@Hw3xPvYQ)&@`lfv%a+OM;9o)n!sKmY6F6aMfgSt}11%w4w~bH2og z8To`IUTQpZXxBpZj6&gg*tiV!?33iENn$U?MP$CQy%Dhk2xcm5jXfqor$JB*Ab7=f zAGWI93gOf<6W@!1=86xdAS_WWt8`6J6CQvQvB=z_d%g`Sej%0=qwHuad5p0vBzC??U_ho*>T;|NHg$+i=z4_`xb1~@= zY=qhn2M5q4_(#2u#(*&^oV<7o8xtk!k`)>iDV)vw$02Le-PlQNgi-w7at<{geV#v( z+;a-HCJ91SjpAuzHWiy6(oj#8o@+Ssd``yi&Z!!i+zTC4cM&-8&|Is7t&n5`zV(|} z!}!wpC$z4p5p>uw8MeK5OcDN0tpQZ{!_<|&iV%YRrlSomiC&u<=806Uh+b#%y)#({ z7mkNDNL>2tw^nsz?z%&wM5Dm9Ym)~QsI5dO!Tn2h$w}&B@{lnndJa?k3 zr-y1P9TvB+5HI-`=b_wl80QZ$^N&#uZhYqZFM}&zq9D$K6AsF2#ou<*X8Lf zCd#SK*B&nT7wGA^M3%pJ*Q`qD3A3d!sH8KqB0*(vmbVa7?KubQ6VlBCY7`1AG1oCvr;)6@~F}d$gZr@pDC-zk@S;+ zbqVq{EA{_Imo4di$ywJJc1fXCbLegVw-vSjFauiLNIC2mdOb$eU;!cn3WLR1y7#>F zAMA!ZMuQ~7)a6~{e}tttHUZg}zZYt{tt=-}qyy7hPM#OI_a-f0>NuhG^}o3bp6w^@ zbO=sP<#-%V2C5ve`D+`hNe3VsYDn|N4p+$gk@TVm>UJ4U+|wC*)TdtjjNNPweDmY4 z6*_z?KSCx_w4w6GI~hMd4>f7bFZ^4VbD=yOB&V~I-Bj2Kd0gnp*RK1V>7`PeSy@g_I z;KTF?%&B|UFY+OMq6N#p1N@hIfDJW+d7x-OcG&Z38z~G88i^2vGMsccQkSE|DtZ3n zz$U5i?W#?<7-AR|!H-!f0sk#7lJn`i&6=xa?W$*czuY08mI<$iyI0H{EDBLriC$>I zgy7kZ2;AJsl#N++e`BeH#Qgzu!a!=r6jgmb=rcMgll?l4KiCeFKw(sQ%-$M1b6bejJ-?(|x-Jk*4Lt@-SvnfiI!}0EFbozwW z44}LCva9v4h3IQC2<+-pHV9Fu3^oCO_>bLuk2PeE?IC2k*V~0{O4;5)HFsLZMYdZpLKYezOtym6dbij&P)6_25Fz1R; zu$jJ8GdzT70Y7}?jEWnzrsbjQ4ReNdd52ktgLPF~^>362@L$0itRRei*JZ};t5Wz-;wopZ1vLW{tP_&hozoIZq+-q({@pyW&c0l1PXf97sVrPBXIk`vAs4 zz~6DxlA@D)n4sP~OrOuwSEfjDTfnQbh9oJGox7ozroN##dmYiviYJ`0%s^e3`xUkG zD#U-b(kC%@nxFTT0GAa>er3+9!T}LU_h46*AbmW4&TF?&KH)3jDFsfx=FWYhNaF8% z@t6;pXm?xrMm;cx`D{f1@OFatbia4B$$WLOH#ojL&U|(JdUCf2DP2EY#|tj>jR?Hb z%*CeodkCIK3!NW$x_1+(*4&fvJ--Xaqsa92j|iA`6i z1{pQ@GG3n`6#T#t4Tv=fN1N}J;0)fEuuXVQV0mPs3x&8F!IA~DrBM&bmzV@EO}hCn zbM9*WFT9OvLohqsOSU=G?Md4_Fk-P|3va?a$vs+iE{i5RjJ_bL?oG>A19;g$9MyyG zt%M~4dsO!WzU|pMS04>^H!RF)#ox!SqqGTyqP?kzUY(Pm)z2p#^gAQ(RN`GYKej5D z8O2;M93Z`JvzzuSsa)@H<)~aAGPt^bRA*&xgEV*bK(Wi2Nnv$^1m!hmLIt;iJZHY1 z8h%!RDjGPlRmy|n@+M2XGh!v**=U?;h;?wv6$$l4sf?K13XKxLyx(#2_vaBKL_-`L zIJ&yOqL7|s*b~{Pa$Kt=opL?yv=@D0$uUxG7{%(L>;1}AlpO>c34ix%h=vA;65Gso0H2CQ*42{4n*DSoHNRw?_q1 z2fe@^a*I$1b88%h7$?0QPJXS9^CS4yhI;6lOg-nT%8#N=5=LB`4s78zE2LA%Vx|W`b?fMY)`c3dw+h2BWPWtRhpQ0bCuk1aVMW55qB~s4-SlR0;Gt@lE z3X3fnJ8&OjRe2VWHhSe3a*PiCEqO6@dw%B!iorP)t*DNze5t5mye1)tV7RAuU+#n1 znFub=bX6cg<9MD*ruZn#ObYYgg!ga-eyqOZiX99}hHC|cOxMXxG{s)t1#r&fNAvvs z0Pc1EOF;HRJ%oRu6y*g2I<-TWMrfEA#y{*+MGq8cdjb$7Oq36VCx8Cy9g*tRdt-O- zH4bYpnH=7=4HLIx+65eu!5Y&*A#(l5LonO>5LOq7j>dpzRT@U+K^0n6jU}k5~dfhRR}$FV@n1N?Gdw_RRkU8yIBBL8FIDE zRonOHl=azj z%u{(vznM`2oHw#(btzjj{BR2^fhH(_?;Jyp4^J3FmiUuSzNx|IAg|#SzT`I=jIs0jl`WvPOtdC&_A4VJ(OU@Yf@i^TIiz!?n!Qz+iPtEA)!@AtjMqG*bkN^UYHmGGEXte%GwP~7?WC>{XeBenIPbi>WV05Mv$y5(xj!852q(*S7}QP8nVEX z7S{jU$^U6ty^h^z^RH^RK3)$?f=iY1ka*YF#BMo*s2S6%xXFwhw(XU*3+jIiS0Xqo z+-(%M6aVc=E>Ovgz(F~c%&4?tX|&WV)}~sl&TLbqLM^Y z^#NK0eEAO3L-6IBQ7(J7YRipl@!~=eoWBAnVv}V>1wwb!oaDD9lVfOQ-)EG7XmK|P z5nxPN7at%ChHpKg6g{H&A;JTcjYy?9sLP&hMw=Qq_U#(8C~a-q`T@O^O78!$Kck4T zRlR>|;D79m&G)|tyPf~%M$%^eKhrPq;xci8<0n=YSYYh|R^I>y$@#~ppdhERp|!Xc zZ1Bpzl;y>P*8~&90*qkA1ktK5f&ZxOOi|Ypqq+mNu^kF}(5{&;d5n)jg*a~2$=<-K zpR4X~3rgpxDQ%j^%Yl0qkCxJ6dU!@c$2T?>}}9I{fF2q=%CKtHubhR{_=;AfWR({LX>`g!u9E<4va${=XjZ{~G-N zV7Qk%|LyE_{C^W^!~Wk*!vr+s!9^#Ucq!}5_=z29tX)|7O!FWjr3mw1>t$2Ge?fzG z^KNm3jBoGb+ae7+UvupHQWp^4AlA0}ivaD*!SG89uKj3H&Hq;ff3NfYdwgKxzwZn? z``<>=X7&H#_uuz{5#Rc?vQ3!ST-u+QeXODjD+`lOxqf;n$NyP?DcTm`h3i6qs^b6S zQ7-<+=%Ca8Hyh6Pkx8bo^O{r^r@H)q z6$Gd%{=b)x|Gu}=#sAny`i}U2zu&(Xyr}O)6r`9^#b{CM?P?wDsy3)pYaq=Y`lU|A z{`UoIRnGs{g8)^*|96IC)Bb<3cW}`0|4pO~@_*B5s}=&3rkSp9+ddo@jyosWlZ1@= zD$VCY`Hpe3qkPvcrr-_eZPU<~+cJJo=#kmAhi;Jr%v6^jQv| z{N2bUq5{7Gz1PFnqvR8DZVxpG?II7&B902)fPW<(L(z0h zr|58dyG3)~zHLi(E%!t3m8$mN;=c;0J@CRA_F1x$&WMYSI7f^V3VJuM*>%7m@99xa zM2YKY$z^cc!twmtrRyb$?#ne@RAcMqI!$?~7r z3kCc-s$2djNb$mcWQ@ex1wC7!U7pnN$;g+qTz5x8b`j1YRTG;?)MxP6D*UqxIjvhhpfb=aADJ^+6j#_r)kp~pBk~J7oGo<@TNi3ZElMq=j!9p@? zN##KZm1A{G-bFS)ZPck4K=8}$(&QBVQXBA*{A@|ynWdR$7BZJ=n#cuQVs5uc@me!i6rD@AC?4qG;tr4-QS_u1yrfTJcOJGTu&u={ z%fjhuc|gnY-~9dk#oM#^oKKZwMFGqJluf!DY~NVS2I! z*}iHM0-B1_aU+1anO z$(iIJ4B)Q^{mQSlMy&t&dGPDvY-X!g2*#fEme{(4r7PI~cEwDW>XP`|xQn}2`d>2Ar8Iro8Jkvk0d6=EX;HX!oQAe(p3Ef4DV--9$ z8nIX(lM8VjPgqiT23gC%w35NMCTME6A+(LxV9sldSL?GDGY93zoXP5eT8Fb^N6QkKiG(B7YnoqJNz;!WZWH<+FhQ zqg>N{8V9fy{J+0{_`Lr9cewwh{`Y73{5kx;yqNuk=RWag!TI;t`uOY*Yt;YTYvg~} z`{Mukc|M=<{BMToUf1eqv)}sI+^xkt#JBl)vG3oCQ!F_DsD3|D0O%_H@9?l+*Z=mu z`2T#K&mUC(vtA|-3jq3;Mu4_M{0E5paUq}qTIzwH2s>D|33V>EJ`NO2f8>hIIJ+Y! zmxD$mXl*5k)VAQe#|8v;?_MRU+ugm}aoiFyk&+_?m*#A6F`qSJ0-0CcY3nM_StoZ9A zqQ4eLa7NpDns0|#+|DJRQO&k#&U>cuCya+|4`banU$@4x4lcfX>wbvo`&%}D51Akz z9IWTiOMAC$ep5>(Sx#WDFEhUPNPw$G&dImr-J>V9bF~{6s>IX=d-!Cz-7> zVC$5zm`+9Z9`4bPz-hTWGu%Zr6x7Y;@r=R0JozM%up(!YY9ZGPhCQR2UTYy4iPS&R zbplAu7elI;qeIh=YZjFL1wWyT#RlT{=<3`;?(iR@SF>JYghsgQN5|}{3PmG>S{1_E z=t4+g)@^k5_o%eLr#XK=qbW}u(KcLTeHg}j>oxKo)ZzCjSLT?#iyq6ifB*gX37_vP zF3{x;RR6s+mO0_-cAXu$WpmXQmJUQ=e(e3X64_E>(0s%h5&}Mitut?V-#z%CmtB_z zc$3c;-Tb0oR#W~G-TaiFW`4xaD*Mm#{z3iyzu*5N|9_UxpV9tP+Is$AHvT`o zc2eex6e%N{B~&UFIZL*P7G%f>6zb4|Nr4rdc;mrZR&3w8VR6r? zjwewEt=JtBnQP@s?#L(ltmgk8llc)pEBOEJ!Co`}`~H{uPoL%Une9I%+y3L(=KuWM zyEO8zW4m`x0gK-N{^ZvEG9l<6kl?zxNdAq9?g_Gwu14>loPIxtfV2Gmf0`0tEB(J3 z{-1~YJ74nuf0oZ5;r+)I1^c|OKabA*)K-b>-!KDI8ycP<6Vy|H6lN?6GbAk!(r(HA z)TmVU2w>ph04DJD$y}K3Smu}rCa;zu3u}{=ZKTj57U?m$IlXLTrV0{2Jt%Z`E&l(J z0idh+f4}Mf)!*O!!v8CEBK^1&u*>=X&d%P! zUNipV%lpq~`TSw>zg}BXTb2R#52gtGn=1gHCk3qE^N#`bBa^^NmZvX__2FeR*q z-pUXcZPdIxU+j_;uYQCQ_fLbNrF*$r;A3Nci>uhE~bxOE(B&;N-{d}ouKXqc-mbA2O zNoi{-Y3m7TSEi#iV6-No4KjLm+wbxU9X>MOtfP#@31=UdZZ;gZ!S!m{W}lR1DiePK zvI)muKsha`03pxpMo2T&6nx!gQq}Fi(Y^FpEDQCAgyBtHwIkao(!VGP?27z=YbJkP zkoeV7=p(S4Sg&J)YbOj>5-f&Lo5m|)t~FYe?zJ_WWAhL;Qxt}?E{Y#mWB!HNSX(od zF3QB}jiX`Kz~xz3SLa||mVtF~{?*0VSC_4*nR&H!Nh`CiF37q1u{QICNt~CYa9)(a zxxbWye3Z8F2TBiXLHfk`VLt}6)?Ba)6V9%c9JT>pEj{Z}=G&S|b)h)04wGujqMFxo zR)<`xnND?aGSyGO>JeF|Ddp1}XKTZ!ptkxTjmsd^t7vRgoi`#0asRmcKLocNHq7LE z#c1-g}R?CcXxk(w`Tv{+28$Q|NT6lUw_^HhPXW^3Cksmsb&cgIo=*rGLi{R zhKy%pQYe;?Z?=E`ePaW9zO}7_jyxl?o!-tq*pwxkidp&P0rvG)*9}586Fw#p%VIf) zu_6-Pvbj++BNCNL(}{XR^R4#wURqtd2UasMd}Hk{Jkv~$Xx!SvG7FGO!+yPA?OHk> z#!fkR$B+3txnq*GU~vzyIH8IR8Os{z?2+$;Bni`$r;6k$qlyv9MwoKO$fW9cdpi-a z3bL`YY#TanW9+2azwII)OPa9luO=*=cJ1CrHNIEbHbjxlHe>#G%JhU4Dl+Sbi?0Py zM!*o)pq-a!ZXLr&$g438U3+Cmf9D#kHGYI>vOf``9Tg_I;F-RLk{4}Aty5pv{tvk% z1BzxBB4Gm~WpX`Vy{u**az__4o_7g> za7O^$zNbu?%bMog7A7Z=P7QC1sre6U<^2yC;+Cz!Qi73sew?08RWGJJ0|a1lX{%c{ zf834ouh|EO4!kCRc%jZ`EYsi9EDL zKl|gAfy5;Ux_Ny~93&ovxfC;=7!~b7z>I`MW54Mcr<`Rv4Cqw`COu(fNaI_B?p!46 z?8Rz=Sd6_Dbc3i^L^^8|P3_QF4+An48P@`GxSU>{shYYqsAXB~X zsWRHX+p=CPBonF^i|O`kC)#RwIfT@<7!pV{WOo1jo-18!Hut-7&Hwp(F(Z)Z@HI@!HuGNb9wLf)o= zCQTv=Mf^gslgq(1T(w)REvibuLaJNQSs1v)Qr|QyIMukR5G3 zsOyDD*rkv<+S+Q!n`=YiE|wcfM&}+8Oa#Dj*#|A-A3CbU}pg2S#PbgwB(qq!gJW=A&6bwZxtqA`4Ip; z>J#E86idum#MH+PF7qfpR10X?1YcVF+UEP+7DEO{+p_a1%k&mxv&1($tK@+(XtU0s z+BzG&V(S`D|J%1ay`8;?Y&wB_ISC(r8oaxGB+$?v8t3(3 zJBmF~PW!CePrT>|&CcCRWeRMtVU+-bY_nwrg#jb5H0;`*UY&shZv%yVmY2J>-hp3dfTBss2%Eq6^A+)t{!I+!oNkH?>=M!(?V(MnnI>RGNY_yW{h}3C5^Sw z8*Og+LNfBK4Yp_I(8J@Kkc3g0ax}|mHqC{kk{i}=%X6Y9ToK4`OQ}9qsJV+UukMzzRY^S3Qe;G{r_e7ZJPdDRBwAKEUB8S zEn{TUocDS|o@|l+gHUZxPobFim7JL|5n<)H&4Yhu6w9QcY;ER}XL?jwcMYU~WmrDRGZKsGkZ0Bjp%TH?I{CL>s~))# zgegsjDOVFhT{1B8hN(%1B;b*o&aJv%z{zGLr;<(?5Um#02^M}p&k%AugY@b|PoyZu zlUAJJh|wziY%NxWms~dWd*-R|*m9Sw`zE&91oo7Kb8crLcWxS@iX6PIo``Zj)6PBF zLLReqz#K|}DlppB?Ou!68Ibyv-k)M!0+!f8)E3#@-(SoIm-O4;*$GgKSenxNZtR+N zedPhTL`tK5?`HEapZMYrWsz?FkZo)D$EO-hI1v!mx>6oeB##iLVh-sD= zDxxMVP02VFLrjCfvvG$=mQu}U45D#@?`f87d_^)gMn1WjgFTp85%VuwJ>p-Fas-Lw zOp=smthdoSyM7OaTQMq~-rZ=Rw8{hQw)cjjWKHm7||K0eC{6r-eg(8Eq zbG6aSrTA|a>kV@&(QRxl#eZ+~W-1m5+x`P{1bhBp4^Gc7uFpTs94q2K4t93y=YPkr zgfHj+GknOZ&q+?>2_vt0%raH4^;7v+w+yn|>vzcip;`345q>5(%Ak)q%;;>zkoc100U6Pl)E$|$-z89@m3;#gz}_5wet zLNUYLaw(Dmsy(@qQ>Jagm6m*10B-}I!4c0`LWXm4jkTc^+3~u`5g6+YFHJ;TOj)Mu za0%G}EEf4(^6^9)%^2TvtRuY3v<&mPV9%Bw@S4jN8B2;DU%K4c001_oDLJ=(`86Pl z%q$R~XN1Nuii09c2u)KvjL;Ki0p#u>*;;Ko5LDz%xCZEsS&jL&$P%L<0YeT_cSw=q zJptq3gy>}ns$n5>q3ja~VAXH9+oQ;i62Vdw+2mW;RopS@bWQ^V&+y+Jb05akDENBf z=pKIp3`l~HjbVFzIMOvYS+w7}$)EAY=kI>SQ%+tMJlYltC@%<-DmDJ=&d zDajK26+9K`t(jsf67)|rlXQHpnK&%~6~h9}f+?SJGrJZ&; zzDez$BSHzH2ZrlZ7wBWnE6a?W{!3o*wx#S5C;x$qkbmD2*=<)F8Rz*zZ6sCRc0#K zE^`*{COn=5%z!1};zv^=*^I+hcESX69l}yN6w>`Aq}%53H2LW6Tr$Nn4cMpTZX!}R z6vT+Y+?htId*0;7j!%s$$G=1B=(E@})a-KS+`;#N7|EuT`}4_iDuGfAUSJthCRsW+ zioz`*ZpbsB6EvUOP4}Ue=91_Hcce#Z11N(XCPwA1!*i^?<6C#Ueg^!J4d(L*vv?NXO99* z1bn<9R=8b;>u%|75eh1XE5r1L-iK^L(-9G)#lp*aw>^pcnp{;tyzf0*79#@5Ii$#V z+<`JvGzB`klcpb7^QJ{+u}{n?2$9Z8L>WA3RUQ_=zv?W#iahTM=MY%{6PZ$;n$9U# zT6MxJ%Zoy4t~8sfkcD%l3TCd5816{h0=M7Xd@gj(%32}PI{_Q1P(grggSUjMxKMD* z!;DklmsX7Y88}{fHL-h#gz8!yJ;owaIgblbsB})IRNflaCrjzbiCj$aapr<=%pL(^ zTPe{ntLQ>#LP>a5dr|WU*W_!zY zX4+WDT;O$W1m58IAtT!Dkyl2nGSi;=^v`qDUZ{+A=Esj^G^9q&Lm#73cj&|MX0xh zV!r3aAS^d#Y`M;Xx8Mdn4>stM8m9X{V0Sjzeav!g4jANwwjvT&M4>{oMRHtguzOQ_ z%Q|F2XAGn~2N3AdVq^m#6id^N{V$*9LTcO?&j+laY^6eAGj3%D1-M6UR+{IjQ8z`F z&JoLocUjQll=7*vZG*)P=Qv1+UC%c&7Bi*rrJ83W$+NN3Xc%{QUwH60)fT}BE@2hG z@^J|7dM@i7+=5WUwYRMnR>-RYXQ#L`TjB1y9vO_x{(D_WX|4@T`%Tf@+Fj|GnxBEm zS;c*`ys*4%Ern8DK$uwuw(Ic3zI6sKsEXUtxCPO8G&!5mSudyZD9asnI1 zjUn-Q>~aNqVuGw-uSc#}Xc_9k)Kdsxvz)EYg<_F&C)-r`(Gn>Sw#0~yEaAnpgLGsh z8m=e8-^f+98L#jKoUBu-LV%Exw5E*VE{{Z-iaWgD9q&5c@Osr2uC!2^j19a7Jk&QN zi+RqOVOpW+D`a3MY%G+*{ZQ8={sXR2H|H>z6Ad?|C~fp8ZYz_JxQA}jp{xIWH213I&&P%ESaV}>o~bNP~ky4$mWg3g(=D0ge5_A%n2)R$Bw1$ zj$w-lGjdZW5GH^`b$Q(E+Ry~i0#BW#RwXy&o^A{PE)gKm=1iJpf+q%?IH}8vi&zQ1 zzR)Vtk}bou{Qg_T&un#c@%CnLdL9u-NNDhFj-8#uh}^+E;pqxkK+8#KU>5c(7|N-h z6w*9W45D^K$6C?qGIE6Iw@eK<11dEJGOCO^63ILH*BdXPu`3f}IhArtOExyViglAd5QvAz~K2TePC6)G9!1b-v&5d)3HN zZiN}dt|J6lNRn_PwN|9u774yI?X^4^;V{8lkr=f=(q&M2?33a z-Lp7g@xXXJLL?hgiSJ5v-NU{G9Q4SI6F^iC{X(1^oe1EZ8b$8lMaUrDKB%Gi;+`?+ zl&L_XQJpd&1O6!_u{4a09nm_7JEhghs;Sl`A8A4|ss#A!;g%Lkiz$_JfQDxzVJen< zXt%;E9em82_E~qD+`ie{pydicOda;f8CRe>F=<-;Or^og+#doD>Tr$>?;Hr4_7GZkRp$sst5W<`|79brm&i&9$m-?iLa7;uoDa=( z_5rQ1N-i|drN|{W;yEmML<+E#0{xX7H?WtYwNa^J3c8A8*IWT-S0d(KO-80}-&w&L z8$Pr)m06^{7d`UYqttYI%`ub4yhjG+<|S-qXxG4jV`PG)VC>WrCgeOYwYZloEu;=j z1{oWte9W?#ZFT%>cc)^?^_HKN^uCFLf+7h^`49v;0B$UWQvTh-O{ocuwSw32_Va<< zvvPe1NrrCAQVtVaivVmbozijDhHrX1mw?ha0AkWhBOA|R@JO~#2}XcHn=YrR8`N=V zA3Z^+#5Z$ui~GA;6{)T(x`55X^Oyp^;hEjcfUkxYgUzLH;tnda>{KAZj)h3>cpBOc zZ;8?(&*_+TKqe>*;5Pd{dO@V4A}fU(xCC1~L1HnT8sZJ{ffF;e)d4z$c%zyj&W_=Y z=`@*fcqAQJ_YI|NsEK!Ou*2gCIO>s;*xU&Q3y$-enNP}#Iye+RPmJhZJ+Ae~!lln` zP6~}DLZB5CES;6dcCfh;N=6L$Ne6-%a!s?C;UaQ0gIex42fAa^jB9@${p)S&U?*aj zS}PRDE!&3e7|B<;h#+%btbWB+<++FT$oJyTXhNt;dV~Q!gMrKSfk#W02CpGr=C;ow zV8pdw8%A2PQGgdDo$?i>%A0dA>2OiHm;AZ4;lduuX66`S%Y0_dk zr*aCM$O+dTi{)`Hq%2>{tmT+0#lQ{R8c{n0W}6mRs+2Fs9%@%^SAkWjebzcZw_snkq%AJ2pB81$m*`Z_ID5};3 zCsqrdG6@O9tv1&wHTe-|X`%?r;#4SP`a?+}89#}B{XHs`l$6Hqw(|jC80UdnU!Y0% z$mW^Io_T+P;EcM#|FT6uTL(2&O+=9<7`9>Iu-ZXzZ3l0&=B%iBrs=(Z2nD4c0qBvR z8KJ2XL^5n`?WB&2LtCU9r7(C5)GiP+b9WiLr_~`VT~^?Q)Ip*kehtEFSVD5BB1Bc~ z<#l<-ig>C3(>%(Dua;tYoxes&fQP zwIlOYuBO)ixx3rzLzi_V^F=a;^)=fFt&%f^OH?Z6cgIm?{)ly?9gdGm*J zV*>YroJw@S!J1ducq3!_&b~=!EY^JHT-;MZlObf+0mX{xJJ3t;cEGDPh#CcLb|d_? ztVC(8S}`*^P_LRhgDFBac}?d`lIPod=8~~in++|g7Zxp)ZY{22SD6%uDssn+4y^28 zhju8+<;+ZgCF$Sj#>bjoAGGb4Q4 zhA_%-t{J$+@yuIvgSn|DGYr$(2=k>tB(7h}u|pvlyzNw$Z3{+q9FfEfdv2KfewwFf zQ*{{c)VE^By<(b*F^_wG&qx*_k0L8!@s<)lhy(W$wMtaxBmm#LC?ZRw{1w4rfh@vZs=Z~jkh*7zWRz>N(NGo;+m>g#n9kWGj&Wp{Owz^)7#zY^}GEK8{d%cSvtjUpZEG7p#LkTLCv|=)Tl}u8#i+9 zNgE$$%Mq&&5j?ZP#LhmM@~nUoSsTBRH$3CF#gLKT$Tdqx-8a^i@rM_R{6xbfR@_qg%@8^4ive|hJocnFFoRBE+7rAjmD z&^oo_^wey;RSwon^$pn%*!CE)r4U)$w=Y!J7O3jlv=ZA}1R$)g++*-#0ls~qVDFz4 z)^bZe7Cd^Vo*tDYk$fz8V;HF$r=m!n9?lB=el#ZkS;!|Q%Z-hq%CNlN*^j>M7`FwGZaD+r+5fVgtPw{oD7u8q*`M3V2>I z8vDbsz10IoYMm%fMZydl{%cF7=*r^%R$;&2vozn>xS23AWJ;4e3P$2F(*}z<;b4}6 zzm+b`&S6#+bqjmRl=Dm16Sm>*qwAE$x8Mtvv9w&5GGCVq+v<^@&GuWHLEyKi2nD}F zz}YwzL)JmVDaZrqR47eodPnDqC^2Os3j>3+0LT$HnBKwM4L`6s`HkGnb8|bKS!y%? zDlIL)ZT!|XAN;TTpUS`BFLTq}{78N?;sp7PeCU55zXkb?F#0iJGM(eI2Z{}*ixzN4 z-$||+p@kORglR~NVScu+qnI8j5lm&zwDl;1K__P2Za5#O0t53N>k+0WeGK+g{T>;( zzKBNC%A7!ZpJz<}r~RiHwnKtH{B{-uTd_NlT7my`)hRkYvk-DXCOmg#}k$mDbL0Oh_|<2pTo;D7g==t?$;=#LzcRF zsb&nw81UMBtIVH<_s~3#j%_vV==a|{krp`!l|Qg~bPQ<;@isK)$}H7zf#~;Ne*fKU zp#w0$Q-&{vEm^Bc-DjWmfx z$jyjRCK48$eCW~5gziFR;HXJwx6IqJjIN+v0GxM9EV)=FH2AB{?P-Pjvpw?j#3(SMg3yHtTnd=3pUFaATqZ4y^R5!seu*O2L`Kf76&a2D8@i35&{qRCvV1?GkP$#wtxqYF42uP8GPz_b3`9Fj7 zL`Xf)l&?M83nu}qUgfC&9*pl|M2FxUh2~EU|0y4>z=7bqR z#B=S|^Mh?D8#}VFx#-~d-JD)pBf^pyA*q-bIretVOiyc94GDk{aPSI--x8LxF)&)1bGtaMAlQ+?bHhpqO_zs2Xxig{ z9|ET{;GB`v=GSJN*M1AM|&24|nN{7Y8r)lHtx?LPv+A{k`E4-P<2M-x(bq z4u?Aj^r(L@O!nD}!^8ap#tw%^hjG-2%;hP0!lL7>NYhS~7io%l(4*sMFuD->662nu zPGppL#kG*;xA7#FMr2euAB~tT!w;ZGok-JhbR6yUj(P`CCn^*>vyhv+v4JGJ)CZvl zG>TQ&ca0u2vSI5^Rar59rD>I*BpV&$f1Czgm9!HPtL<21G0U~uR$htfvKfaHwoR4d zuDUdB7gDrd%Y~)`op5GH{k?S($rRh;5S^BSO}LE6+uudZa$)M5Ku_ zzd2^*Ms$$?%z0ZwDmMQ};-$6TN|b4;ZUJ$qNCA5MINNT*u3f_RSBmMbp0IBHm+nZ& zE;ZdBh)VUOcr4$E{wH9w1mU4Lg@>$@7(!5MOb=ByWF4Idl>Xx=WH*gt>D`i7t_hkZU8x&fku0SaH4Wtq?^SfUo zHX5+#Ik$GL0B~d2=qepZcLB?G(I*xNHxxsRJk|ZKiZ?kl6?m8>0MaL1;vs2OUztm|b z#Cw&aznps|l56W7hvqr(;0ilh_bq$7X~oi!mE^=-C`MZC*@o7DJ^=}yK*}=z1jtq& zZ_wP5I+#L1Ex{0dddmpzy7%r}M`q*-YdfqBtJzeZ zjW68uK%3Nw@cI`7LQ^!XL1*B?n7P4B%t!F}=^P7715(FkTIskPDMpnm)e1lQ`lsGd z^f$hiw0d9>jZxEIHWQJ=z-`#q4m09qkOC?;alQA0F-YhX+Ty zN3iVQd&QD1!=eZVRN%P6vS+kYT zw*7DzRpHiOkrO}+xVGUiqYg}$u)bM#YmkeSn6PEnp%@(WmnCpMB%U>1JRoN{E25( z{GT-p?7ZSgP3D(RxnMiQDL84jn3=D`-=7+gwUqcH+8-Y64xb+#9zNgS*=M`^?BE66 zJBauC$@AgS^PS;Qyz}CqKaBVG_UYkK%!YgW^hJL^ro$J*y(d@V5%vdY@fJ}JQ{x?m zGOkZcXSqPs{iQiU^?`Su$$b2fp zfh#ZbZ*Dp8SjGC9k2bG2_`S0pJQ9$FTn4=zKK1mvA-vhg{J|yOw|01F=K@2X5P%2U zaO`cJf5ovp8dco@27p@0tJG zIeyW9vC|2iwS0jcs zQJ?}lngLm>Sn-d773>-XWcxzA)8E}QQ@kv|1yKbuvUSXJcrFw^P}=mP^+#g}{0|a? zL6+5&OljU~nULUHk_-};(f|KGC2RpA2)oa@Y{Cf7_!F8XDcoxoL~#c3_!lB!R{}1t z#jlB>AqtXnisW=~c10w1bWi7ZLf%?YOc6e+{tapNA=(hG$Je{waZj=FwDc(peS?lSuohU zNF>Fyt$V1*j7xAvGN1zsl}>_n9BIa>UHi*dmzRv08`Bn2KfOA$OuV*|)fh%QqM6m5 zBzQk+AFaOf1;XbNBv|dMItoW1N{cZj>J9haN;g_^HZzEW5rA{82WbysYs14S{^G_g zp>ULBe_3-PNKa6aXhH-ye@kd(Z*v@?YA{C(gs)c$awv`Y4052;#MNvCpz;yaAAdvh zH}t*~A@+Coc3-?`Iz&(DJ)ag+Cz6Vh^X7wmCDy~Q7Y;4n7}a1cA51Z&n#W`cx`Y^! zmzUpRmRG<4x>A4eLw*SAgriS%tvy#b6iW!zJYA4e;rNu%*wrLoGY??k0ZFQ5 z+ac+&E3$OHRZeTG&)RCXgUdH%qUsj5a%KsuY)__Tht1QU&bzz)-G2AQ{{CJ$37&+T z)BkEYVkej~hPg8PxfEkbr^+Tq)A79%I-y!Q8`F4BbWA2f+$wWY%BLWV=~X38t!_{= zpi7aP%gtYaV2(C2i@9}vVlv^eZfgMXz0Dt-Fay_&ow1Q<*77{RL+m~m*8kl8G!+@w zwz$Oi#jrvfIBL&8zM5H?Ru+!N2$eOi9?H6m&#?WXK>;tT2ZLsfF$`mS4V!9oGbH)u zW#&(u%Q0tbu}Rwp-o5NIJIEPc4KVTrFi)jvd`mVBP+OQ_)m9LPqW0$a_+aaF?h>gP zuDuChY#B8V!)_pO+=rfXjR}8Ks7H#ye-nlYRVw97>~#+U_i&y=(jTTrJk>U5o)7b? zKK~mmr9*e%yg9B_r2w7Ch0VBv-o6gHAZ2eC{2$Iyzi1Ek_n#lE!||MqUE_S<*5qV( zbNL3dO=*6HLHpPIpX|yYiu^`Ksi68`4KLb#@4wQ~aM$FwLBmG=(iPLzjiI z%6Pyjn+iFvS)&(*SXwQ8n+@~Pwi$9efL8sZV3M{+)mQ@0Fxi`7iDmOr%*WV%KO!FY zlkr$G&u#i2!d_;~U}!^2oZ^G9tC zk+AxqwuWFog<4y9GQwMRe7qm(Gwd8ZfAJvs%$yB>{o|E0r8(Kmp*Sf1u+<~~sp1Kn zVzt3z@($jr(PYKsFaB2#n`G89U{J8c=BG$5SvRmExYQvA1~e60mo%OkeM>QA84D>C z9W%(A8B?RbK&_6HYL>{T&Uf0Iy^=hnmO;&o!b%7OCBPpT@)h@6yBIE|p81r8IkqcUt|i zqy!|$;cer&$WO0NE(lMa;Z(zXgn3Zx{n#V#`oFka)7)%^--Tnh{T3$>uoU_@ZV1};uW7hktt69Uno_6FMsQt!HfXF>bkqTwDeQf&}ViEBT;*A|{T zL%kbu*&Ff&dTW;rAnBNZRNs7@O|54)z9?a;6bd=1KGCbPhq?W{1-JW)e&5&*?Z1 zj62(n>Z}3hlPm?Tyy;Af4IXL~EbW2Ve>b?Kd&`Z2%?@>=pasdT^bcSgY=OCH9c+O8 zX^n)9jVohXo9B3taZS9xAUQ>{L%!*(h(eKD4J zITeV&DzK>-<`X{lC@wb;O>H>&xs{l&Q{HNpsmnmt{#5Da9&>sN$CWPkLM^^%SV(ib z@Af+p;4nJg>31M5M@7f|-#fm=&c1JP=o{?xD^1El_I;E6ejmebUYkk9C`iEIwOr)W zmAm@1xd!((lrq^P=M=J-1GzZ!g_!{AwZS2%B(=5~tB;XEACptZ2asV??KonXI=h6l zhyQa7mLpXtED+|14IALC1OzuzN(OPmP)`S3}w z+u~Vv`h80$DWloTd~~fBJxZle2|GCWOX>pLpJ8hMp3m%SsYcWf*im zp;<9ylE>u`ZUj2_Gp+1{JC;y2DFAXnjlcbl@LYOC;(KdZ5)BxhHB&px4bCuyxGPEq zWZkc9)s(5pQ{|TkhFmMHPuaXnbM8Zsk_By$@oY7rcYPPAMs0b>a>+(aJ}eQL8O9EA z!{ih^VAjt~*0$IOq$=w~cZ`oG8n4OL#AR(LS%NI4;{-w|P=h*=yZp_%)q7b6X0E!tFPY<`*7x|OEsa-*z@B$0`HZJ*%+6IzQyWWX z-E3l-V~GQpdpQK%V%OEJw8)DP~1Jw_<~nl-FC?J^%)VebSky6Wt#?` zEht5Eb@GO6z5yHc7Ty{7hs%KG+_U&Jmtw{egctp9%(VvD&}=>^Fb!MPD;6kn2bE|- zOL)f$y)l|}TorM!X=5|1R=JDc?ZVQ7x(;VraE~~CwQ~Fw9B2V0weh8uQ>|_FYMryi z2DWOdN6)f!0!#yXS;4&-=r@ z!{KOm81L>L#mNEf@9eO>{hfHUvv;`vob4ab7yaSzh>iL?w0}hRcaBE;yQAS#n!Z~v zd2a~E5(NvwAx{J0>Ev=y35;BZqT3m;82EOj+3JU%u1#YjQTM_>NKE62y$FH|3f?_2 zDK#RSz|N}{{<+^MQTAF?P^xTgsMk58S63>`Y?j^52?P((+XMIXP1U&AoO_IyRrYmPA z^tKboj*OSvQ!M+_3r`_*4MA!#kdLE)lIO33h^gT?v0BN>z+f#fTX8vq?QNLS+ni-@ z?4PbE+ZxjvvF{;s1IK%sX{U`;4@0VWY(p<~>HL#0O?g_%>2{R=u!i_KdB*NF%M_on zXPBx4YRCEDNS-jP%`)K%a%)W85NpF)%}RQ7bnv|CciphFBmC zJ{XeKFB`r-xb1;nJe5>4xfD~QvK0!#O`HnpJqY2|rKPGu+0Vz^w0<{C#Skm(FbqCz zYt@ZqvTcFn*|--A$%HcVythlRKdRoGPSa)PuSK{*Ye$G8KK1_m?8t=$rz?9Qb0&Fo`Cd9SWTO-}-`Tn_8izZk}k*w4mw`H1O5X7~}Hv@qz8 z1m^P++S9}TsmbnXAYLO;#V2L|pLds^;=p|BeSHv&i!%<@-XDaDj-!-k#Xb7efa8+g z{1%_3Pn>WE?VQP&W!k1%1gwA~fPD|1(u9#B9PD9`@a!aj zqj`LJwhk~Z@P|PX4exYm9k9T)Nihvk4&lP>gRU=;L56ekq1xt{WJPK~S+=YPdJR67 z;FhM+ibm>{6h$5#AMEcx-|a-Q$WGe6x)2$<%~`iP^WBe%N!#ip9#&SZKym@#r&K{; zaaC6EF~qK&t&1L{M0x1N@krZI`!o-*B1s0JU#fPpE_~dBZy<|R(jyY&=y_nB<1ubn*vHuP%+@tc#PApeuN%M8PgCDZO9+_?{3xn~IuJ_|0qBY*Z>o)?Pwdcu0CPTuN~6FVA_tXjv11}-)5gqtNUn}e;HL`DUsu9{~tVnY=+ zM%#uV04}a;*a;(v& z$fZyUas;^?Sfoqb9+FM_?!1MbSPS+KPD8mh);oQQrJHC*b{vj-F!%`+Ym5l~?_#1b zZ7E&mCOiFJ%-{B&K{k(dj%KCShYq4c7@D z#FGLNTEMDDz*#Fq;=>46oG%-pdxOEsHt$JW`aOR=ws#3)aJ|=S@D2{~zv}?xc*Fw$ zYVYz?0Hp!@TbP442oNTX4n2&DRyH+$7)je0+xlC#bEDTU{gQZwo_m3Ah8YpLa`hA| z>4rAF%`spyJH6e#|NquQkpO|;OEF+w@ncf$){cjT%|8_`)>*I7`l|1l&v&069+`!{ z&F!lxTDeg;v?2F48#Mf1ZKncGNEKq=@$SM!^HY}s|s^3A!PMbwRNIvEn))uvi)yg;xix?P( z$}!Wvey5O6p91PZv)PiGg(+-hrOl6WX%&YA@t27j2R2rbM0a9eh zQjv{)-9;S8%52qTtwVmz9H`&BnLGQ;;Ks82cMedjn`Eo zmO+y$EbLd03S?48$B{3wf>xj*RqSAouq+nlYP>vubLoj;7KozCi~Q069`GP22gtkGv75Bk z{j00-44HekdbI&p65=9E)CR5%+fJ7*gaL?7x&Xgx;uhcZBSE|#$6D4m{w{DGQX z7#QQuYEGqgbOd~4HDeJioYAJ@94J*VdBsK;JZ*k~yenMK&#ZkZI^O9Y?RV;Ntr&40 z9Y+(EPU}&tW!|})*Vol3@iM;MXsIoc=q@9(S>T$%=2pTm#6+mB=EBu{y42|9L+IPE z(qdjQ&3sN$Xouj!rmmR6Md_DAtPNRxSHi@^N04pkm8akeqGq-uNnB5!k%Z2d-|%kg z#U3kR4R)Z2a?^oXlv`(L8d80RV3lT;sUZ=U?`CmajZX^YYu9>a0&=7U1r2q`Dw)*I zh#iuObMm5jE=4ZkzOXWYk;m>g6S=|dUpwF=+%68w}jQDu z_q-xcsAkvN;CWmR@RTAoYx@z}U>N58bs@(rI^O9-)mL3eL=YJrK01!BDjiWaX$1_Y zH)^GwzXmAUk?QB!%A0spvCKns9AO8SgD`5(j~?icE_GHlaY^&g;mrKzk6i+BOThlP^HC{kmOBhGwhByS6j?H9wT8w$N z;2|^<88iP&?^HL=xcTQO#hNsvi&s34yECRI=5K@lDa{)Y-hd6f4aO4y!Nu)@^#zOm zl-aZFqXB~H9Gkq~1673L`dDJygw>K`T3BLo#i+?0)$s&PT$RZ!g>qE^$9qf}K0Fdd z2FdH)@GirIeQp_2#qlCXpr0w2p_*E2#8U=(r7Khej#yk9xdviWX}Mpncxi~}9yw9& zk&32pA9ULKxGm#0|4P}!Zb#WBped1!zT+vz+qKZKp5}&*yOkv^p=f-8_F2JTKYay{ z;Kd}!$`yjr0s+%8oTQBDUb4nnsv>{Yk#ey8z-n*2<)T~Wyk&EDJ)0@Z6+%i;n)uLe zmX)F2EtKJ_TmUSE(qd}HYAw2b%X5fIhhx29M0*l!iXxW_WmPXjllEaB%^GFaY-@+{ zm%T591XZNo-2C{Rkf#@eQ%8%7uR=^o{^sUKFV<&FyPU`Xk{iRxKYqe{!*=e?>N!JX0oN>A6yqYF!9~paC zR~(!m8Qby$>}r8Gw`pL1X`jm6*Y*a49B^1n9Fi6VnFQS|sTdoERa^Ir%1ZJ%%uQw6 zx1|slV;CKo_r<_`G3KtUpJe9b8rX90%W-H;ov!?Y=>#LVo`F3OI6b6C1MB28*YhCt zZ@HEQPK%NAQ-ox>c@Z5)JN^DN>O`1B0{(u(ZRMe52~2f;mh>{ecPz3DYL&b?ZO^{muV-JMh&%5K zmCnhS${`(_s~}Bn?Gr1{h&V2!-y)v{Zbgxl0H8PYz8$8vY}!_?wvfehKXD6yWnz*= zkbq|#x^XCP9mO}ASWNRmSDlH=Sq;@pD6mHc-I4o0Yr*p~D=1ZOG;5i!xSXYP%rr-e zoD><}d0tEKHMW34Zp3&0_v`}CH20QPnfy$-zTs0QidsI){YLcx+lpt^LQWtYvU?*n zjxdVS>F2e$0KDUAT6dOjvwqxAZp6JbwS`_l1AzfBcc3d1)2k1?j*9=Fu@lJd*Rv_h z5gl)BwvbkLv;{4>kxEl%fPo*oMt`_vb5+T%Xj73SnD32(FmAM3I`3e1H?PAwdD@zu z9P`^`_c6=88xGc45E*oIEO?r9-H9oNv6xP2mNbg0;t2~haPS$SUBz;W zmVU%V1zoaevxijWvqtq4BZpd6DhrT$Z3@zIa!euSrc#rkpfag*(Q2WAM$yd9iY9sMKm(OU5v;-hN>lePx97m`W%NAEL@&jtz@-Ou*32 zi?(IY8IwbyR+yi#5!Z7})}gGsd^jQ;U7L!{yJ`4`d~7>qO3|^EWHC_yXkRXaIhZ-) ziJ@Ryh0$k;!y4Q+qPRm?HWTwsDQ1BNY6SZ&v~G@4aYw8r2S9)a;VKYp%C$xpco#?1 zalfKdLQuO048LWa?NEN1aSGNP8nebhvT#RbjWh#zwACZzB!_^4&|KF=xVvthq>JrI zw_Iu0X)v&bpwrnRW7oGl|1pz{#uFQRxG;yrEzfgnKv=UFv?1-vcU0O6N2Po5qN32Q z9G^AepI)6UtHOugIyN4%n&H|AVs^+(wfXVmGtI@d!%=C-E7e=oBUfv`FIoeC*RG3a zZtIBB94X2}` zCSm$RFpkl8xhRxTvKp1S&^`gR-&q1!PKCHFa@2XZX~69-K(!$2@OyXv^O z2QwqYlYwjl`ke|CyaBSJB3D{6I)&!m$we2^907YsVj+DtYc(;Vlq5GduRD$-7?};S zf}+lQbMrcQL9p*z*P;CfFLW))KbaKZxoIgq)EOrtv*dkq^IBP;0zbqi;5F3clAY3c z(iTc=`aniQ#E_Hf;9lUM*Q5fXx=Q1XrcxJqV+wIUuLh&Q2ED@fQ;=^&7QEo_%w>i5 zT)@h4n0Kk?-^Tl>alF0mqLYWYUxln6Ef~Tv#5aa~Q#!BbS?NzzRDT-Zs_BhG-IMDPfju{$!j43kRM zmZ*$6reE`H%w%bb@MqDn4DG|02)Q92< zCNVnJ)H=qebFvBRyE(liSJyXN;RxNGB|}j6%#TdYKBNq3d^?t+$gGUd#^%a+MK!yl z^L5IdV+S(E9=5t0)<`vLzJ>yXld>!-oW+#UnLW{!@R;iC5Y=czeAv1hEbiEDe%lH7 zyWarp053r`C{fF)j*pT$uDGpc$ErFetz}HeX2NpGVhTZ@c?ys2hJ$`sQZnU(t2=CC z^ejx0gKO?(n9iUr6J1&C&dT*ra~9>cYL0^*>751v@x334A^V9*<qaw8;S(ZR?K7zU$d^x_YW{{=HtjrjTC>vbP_FfKNnKQP8^i3=B za_|byqOYuvV3Y+LEmMTXudd&2zq)!GCPA=*dX|)FEJ_&Ov{iqtryTS(U#+qLGr8kt zPMX6QM67{H)(e5PMIWrS=!1tW`rx69K6vb+4<57VA6}>%7vPqSy$;iyxLFChRGh&P zGhx~=JuxaH=CZLX=^|txc=L=1ncxTxgJUDP8nO+-?Ls(9q`(_6+QpXbQw2fxVb9w8 zTtWhP8wLsP;dr}3d(jzGgFl0%w<{+>VoWAEgpT?e*5yl#A3%)Y);6T!-;~@HZ%fZx zUlCV`KCsnRYx_XPMJsEW@w~^Gl@s9RjO;Lxj~X^(gQZ$egko+Q$ZqeZghCtW1b@fV zB&M>gHCL(u&Yo=<+k_g$9RPPX0+z-xqF5%nA`kKVUpLnvn|w#p)ZEcaFbhUo*UT_i zsyVRqIZ+}l{Hu_UTDsToQSfmk#it@EQjB!s3cdRcU|r5B)_CEM9=+ z!ALtflPTnvU?dT7;iHAEJxWuaDwJHAwfjZ25LM#b#XF13v|sP{Jf05URce+6m7 zy0|=t)>zIl@^6iI8c8#iQ!tn~Ye_IbeL$Wo7WeEIEO|R)5=G@j;}0$si;3?5S`PGR z8yE5%jA*SKNma%H2^SI&w1Hq@i7Vp z0{5mux@zIV{;#9`n&BJxJ3fZiZ-mG9Wj|_bP8EH z#BGsd)-dqy28@QT!0sW?hiM~6FR~1iNxByX&_6&UlxPI^zc{TJh6W3_l?m|=WQ+N- z1sWu_d19FE?#_BN_EujM4;#9f-=RFT0l{OGX^))Zwa7S#o6ywY(oN~>moE{sr1 zI}$3@UPVS3^?Rr+aXMk(ITed z3Nn6xm8d;WsnR?q7gkssc$sMP{9>?GEx%q4%WvqoEd?KZT~<&P&YGCcy=&9?#X$Ly z#&Nq@$_g))G}P_RUqwc>rt!p%j7QDfJ$)6moHsLN6ZVLUUey&7ee06wIKrU+ph1uo zAv%u!3bD4Rhq2^u7>*XyiqU2=526;heus?V+zJ#uaz?W;aDQk}+UhkOd%35E0_$~b zR>kS`O4P+s#No)g@eWSj5Gkw=smuFx65G;WFohvUE$3K%0t@TnwKexasfJFS_rRSZ zw{@ANXBMx*l!r!Hx3f{4jqnk%2sRk_o~2V%ds;jR=$+c8Q~FPlb=fVxO*)vmcWgKj z;DH!X!r4UN9Gh%>hD@PuWt=egTFm0YX2VKOC4vbBRN( zHE$}iS&dBCa`!{8hW_;^WF3O|g8zr%A8knIr@JQ!%{7xyk^Co4%{A7PHZaB)7H`{o zYpB04?Hz~{%*1?AL0Ka!ht*`A^u2B|SscM-V83B2sBYOmQK=bW40pLM&YMVBYf zocsrjz=ov)qrj|6wxp+IV>Fe3XMDz3;uhlKYR&!ZT*6?EO8%-eg*4bANaX~2C{+8V zbF95@xJ1fh-4gkFO!}lt_I8i4R7s=z`M1d41ES6;oTadGbY9>jfhQ(3gYA4!x~I6c9vr6W?&tZ z-IP2dxfDqehf;SPzIt7${thN_klMMvYz{?{0a>O(WLnsu{m_gBL+@!9;<5YBQ-ODOT8fu}WgSIwVQ>PP@AI6eTG zX__T86&WLE;6r@v<32Eks>~{Cu2APE-8M&v#kC4*BHqf9e6^yQ!APe;UiBr#WXo2b ziIuvuU3sv|+9a#XfLEYhQlT>#^n0PeRJ*zkCyqa{?a^%89Bylq-Vjzq?1hqwdb(?u+Mp2S4H@&afFYmtAzr6c8{pH=)*)QbX*W=@_zxsuIJ@b!qb__d0 z@IaT+Ik+wq+DFDZxArO16nqE82=Uyj0hTvjfGY1klsFG}yG<_a)&&SvC6(=j&9;?J zL{Z_4WlEIbZLWdk+A)RGY2R6<^!|N$>fZa8yYi5Fcf?I=-rB0pe`Sy6C6gs6wYlLw zd$Xvmszm7;h}?01pEDVNSE(F}YbinbxRO=AjMOq&{bLGAl~PD`zz3EGS~Se^@;@}s zPvlg{ODPPA870T&xB4*y6+2@|RI9AwMyeykN>a;a@73n3LDModAg|WRIpVu}>O&Yv z^Z~seGOp`YT`W*b>j_zTaYaF)MO0801zixQie_AM$wtS~(b2(P)QPIq-pmfH49Ie9 z5n|evi^8&v8wKv%og~Ar-Wdhi=b(>{qyP2m&hG{qPz#;P`!0I_-te>c(X-qaEciseHTmH|0u}853gP z3q^93sW4c7R^5f2d}#jM;PoWXO~ra@RJOn##5zI4X>v@juxniI{_guaqmH7V^r?@N4ikdJ#>~J$;T~%F=k;jhSH0n5?q7Yb) z@=Ws7aX_Ll)9R@dw>OVpffmfLr^U|bGnq=Y*U)q4HN;Mhm$7krba}OZ`0@DEs2Lak zybynf^`{3JWH1+$^d*K`4Rmw^j-kK`Iq|U@Y6>0sR!!6I@FMEqXh(c>>toL&KC*o3 z3GRKpey&y>bHy9i37X*E!ROZVDNmpBg>~rt@#*2!#nJgM#|KAWfDU6yxcy0$d7q%r z@Nf{s%}o@kQx$zFF~rw|c&8+MZ@ZS*r9W`g@eYC(xT*$Nbl4cFNF=RYsWIE;7-

iGH8F95`iwEydU~f~KJufCJCG3b}-G zaRlEMN+#)DqBnzw4=z@;bPG>hQH0De+G=*u9cl;M589D@|FHIf7GjETY#RARXX(3E zyBToTTJ#UJ+eCM0H`p#}a=|IyE^&w_+O3seGQm+RQ}9YcjNJCG`sYpASBjL)C*4fT-SQU;{=l`rZ|6Y$iF~ScC+v_Ve;I) zlg1}v)q(XCB3L+O257~m1Y5+9ceV&gJn2ij5^=}W7a84z-VXdQA$?|vwjaAs*Ld4q zt@Q_G$*^TirTT^mc?G|k5LX<4{0B6wdh{b0uQ*AP(iEhd8o%qy{+PGvn0^PXr53;L#w_Y4x$V{`LZ<8CMl550_s`DD!5I#gXv32}` zEG}+AY-&x-dCnwes&k8C7vwNVJ)NrsFNlbRxCx3RS*Iuweo{6As=z#}=iDQqX_Z*v zkWXtS$wO3dNTLiGF{tBgc|IQew14{HsQ&S2uf5wJ8VQztC|mnnmKX%Nq?1YieFIVcnU&iOyR-^o=NZkL!dtufz$Ui0#{WqeB3KJ zfg8y+hc^%Vct*5T47O`Jk)>ro&>7HTVKLdPhuh}UP^yGIK0Rdf?D5N4;(5vWmUzhD zq7%B#Ey+&4S={p=(etuKe%{a=BY#QrzW%-V6t3^$cwV(Zex$xhVg}NBB6e3r%Mx}p z+T%FMuZ*3=uwT_B4IqL0e+zPk{j+1SKldGPUKGRr$=N9!^_?Q`jFVJ+`@4Ngrt6rNgKR;p_>w?C=SpqadHN6xpeFzY72OeyVq$GBL2$rxGUVM zO$VEALk}d=a?X9wK8|(8I@zcq(G@ApIKs4u3ACx$G^sCn8#vt>XKfIzYQ&vuTo0i4 zH?5sSt+tya*ZBkjke5t7!g=V}(7uKFdJ7xiZB3675H?fn+~RxSgmVexYvV)0>d@=0 z0jCp>s+ElE+NkDDZqD}0q1sTo)cBl_IZDZ$M>TR!h?EmUG`9($R%vJ++Bpd8Lf|OH z8me?pLMfxj{H6FkuZ2jfY!4xn_8!?o;5?FfBK^Pj(6#Mab;0qN>e?Cv!kXLE?p;$*v*z_Q#Y&);CUZzh`b82aYR%ce8QoJ3d0@;~sL3AMJt7I= zJT3Uew9rIEp8>fT<32vmgDz^MejD~zQUwJc)Mk9x;E8d8gRwmMj zzqzfq!SbnhbVJ^i2BSN5lgw5g2G%7oOgDH|dpl56fp&nf<4v*R36wdM$AnlA_kzPbho*$% z_YR~q4|aBUhy8A2-pCaA0=0R_dL4b#NMM!u4d}Qb6pP)BkRc|RUyB&ggbH)P(DM2Z zed;0kHRSWLLs28!h$&&9kSXd4dp3i|V~5`EoFDBUemvTF!&=FU*4w_&%kL+?GT*VE zv+6!s%AN4(O9TvXQWeN7#PbKJzkS5sX#$L~mO6AI6Ajc1aa@ASC8XuD2#@X+$z35_ z=OYfTW}#D zJvOf+FEIAH>Zc3)FY<9@?6sOTBVfk>j0NZ{PwXHRS!#)UAO9=8S0B<%?o2A?Zw!i3 zK2JGQ*N_Z2Dg69u=S}Q4(Q7^kx+YD;cx7J@89cz|rR&^i6e7$uTnq*RbP+^Y!JGkC zNrd(B%|+>{p@t6B6<&`Wn?M1W)O)LRD(nJcL&wi+tq)oU+4sPoFVnMf>rc5p0K`c+ z0zAVa5JPj6KdB5H{B!@~i3n3E)34-`$~i0Rb#%$jM|+HbF;)Z$5?{*0Lc9|yF)%4y z+}fcDYEo`W;fc#sjDJ9!aZC^&iWGGcM&`9Tc@SwN^kS`(vF&o6QcYeN!P`5&NK_0d z*5(w>kF<0oQ?hVQD`5Wx>yk#H7lr&cL3wS5Xu`xWQDyL{9wVPT%XaJKPU`-_<2aA=?2K7w36Mh0+Cu zR1oLHQLLgMxun4SAajj~@6U;Y?`sGLdU{ySS3y3IYRvodP3V+KTQPR#EzQ*f%2nyr_ z&SA0 zy+0%3-~TUeM%v%s-{%jQ^vM1an*2{l+Qj~1n=}3kn;eAxNh6rvKv(pqnymDc0B8wgK+WyPHd9o`}0HyFIi zSq<#6?R5}wP09|Rv!joS%TZL80zcveWX0KI?qZYVjr|-jQC~-JNt(CfCZ@j1Hdd#@ zzR2ak)|j=;DBj^mQ8WfOI4IH&5N^B-&1qyV2kAjJ2pg?aHFukc!D_V(D9g$ zjmC4u`N##^nXBzKTNo>)1CO*+vNj#;3-04sBT;+?B`-yf5MP{;4Ph!hr0j}M4YhFN zaloHS8rsFL$l_lJAH$F$K%M$@pAq86;OscmJX1LLjES9OBCeeF@$)}vuI{uu9cT_b zB}CgI6} zsLwMa#fOVM=E3&t^we;gR=-ayY^H5F>8;5i9h2WhjEu5t#Hu;=w{JBg@}2)?Q=`6& z0^%RLW2zMM*LZx5p#aYY9!MeG>%tpv6WHLG)C~y?vc;H^IQR$Ls^CtB*K8W&6eKosb5?g#)Ph#T_2mE*5q-gU*IFoukwWr%onH(62J)Z zKcZu9>xFFQRrin zh&(Wv-+5{${bxuCS(o0KxuT_t@5~b^6B4DEA|+4)pK8HN*?DB|tG3tT_SO<@G#0H1 zHc6$I1bcZeUIp^W%Ulh-Gy3fAN8yzE_FsIP=}*8fxt@CdOta70{ezKcOD(5;g)=V? zsd@UN_z3!Zej=`$cOQ-}x3#E}q|&DRM9BK(}U4H+W@>T zugU!~Lj#q`vEg+-!^r4e&K(#B7m|H%IBj;8i&|&|LFsUx)6I3dh}EIY@{VHs{q1b4 zEE_v<`rj<~uZ&KyJoh+SfU=fu}#3oaYMmZ%{c$W~PFvSsEKH=$k$O1BAkDCCDMkHYxSN#0p)6seR(`tk%Pm7YJ0_!ElZ>r?uTPq!Kj`h^VW&43jyrf@jk-PD z#HQIdTUL9t+w5C}^m?6ko9tR!!Kt{m2!p0PHu#RjuK2-D!ig~Mr7kQT9>FcyRT~50S7MMicnL-}MAS$%i zkmHV8h$n5Iaj&We@PP1gfOnj=Z|4n!w5V35`|uEo(!^R<6r<_l5ADE@;1YfxSranX zFq=;o?%1Z8FwBr%qByPxdH68OY(0$Q>KqAr$ zE7bto-Pfwm8XSZZ?}9c6)rn6)lO!{ISR&Ids9FOO)=;XyGI&H9YSHK(eM!Ev2X@^r zxxHDEpSIi@n$K1{4nFua@{GM+x4YYh%F@NgQ3R$eB2$g$({Tgmxh(-0U=Ybj-T?54 zJR)=-runx3uW2zL;Ki3MFL_<{n!Wa%#+JOV=Ck6)*=mbPaTk@ph#FTY)s$yb@41+9 z!MWtymxb)GNfevU;fh1Fqa4eM$K=t>>x-wOVt36orY{<%^;p#x)$%~Q_wuvg@n zHale;hu+p_)FRt*v$gW~THLP_;(o+;@s!E~I}szu(mu-F$|xOjgn@E%Vg&vkl}iz1-| zB1$c?8~T2aoxeqJ+~vtdIwxj&+vE*RL(FDsgi4KzlnIijU&d#HCx!Qc5Rsbz054vX zdk@>NiG=Ns%Zbt*fcsv=8UMg%o%Iq&;gq=Sg5YlIu9eMVFS^M(sPfqbU^{?N_CRr{ zNFJvVqz^?i>_%|!*kip6b|>it!TjW}H8G$M_Jb=N&6T{CGR=E2K5&_qKhO^>F|I3n zfyJ#7>$GtHY|JTCtG z`F4`!d^<~4yOyo|P=`*@s(kkEVxsSqCZD=bNAsO(IJfm)cs{|_0d<4W$7$BtKe(ZT zO&5O~1@Jms?dtu-O1y_Li?`-7izjMMGmC3239fDLvwQ8*TlWB@wd2De#|n6HZF_Q^ z2-XRhnTUUi%nADz*-3dipyoB<$nU(n7h(l5n z#D+1}NQclxA(goEBV-xzkAom0{y7M2ko2Uy3^yL2f_~_Q0;?q%ujUeMtrET zpu5Pz_d$ML#fJL*D5Q1i{hxBO1_4|s7hr-?Y9aL*MhE+F!6w=mDxz1A7$p5oQnX-S zCFCQG8k61Pymk(<6c$KCu8V>+8A5RWSbDM;?0G)*e48~_Tx28S(A)g+;&Yfheqc?0 z5t%w66DEHtq@2UIU=Xtz&+Fh575hbkASMcn*romxab`#h%Ha8T5~bFW=~MUr(9vE& z8Ca)bJK*m^tK&l5dzAh!F@G)%6GO?q1}{7uCbMIw{|oIIfhNXVU@y}|cv_dcO7HD| z2_}bPmwz=+@_m5hg=4p zL+|PD6#zAIU_%tNa)Xr?n1)4wsx5u_0gzVe^!h6t^jcMcqZMPdv8|X*squ|~R z@m&q+)}rMTi?HFT|BH@-oi}pU>b&Ii%r5jQnnjRnO2*_Q0w939LL_ohG`TS+N&tLx z&ONg1z@(9nCxjtL9ncDX#T!W@OSpyAqakraTTm0rpaDUV%C(Lv=djR*EaX(xI=x7O zUB^8yh0o-{SyJp=qrkZ?QS-@#%m;{N~ISTT*m9ONt%RM!&bl7 z-R*Q*V~bcF(l@P9bJ!d8N2G^$M;4pQE^b>^t2t=3al1cijm;jhhTYNny*?wmE;!&s@S+7rRRFe7r7dx1wviiq>Tdy&8n~t9~8?E*~ik5CF`RL+iq|@T9 ztsTYA0OyizUReU!;V#mY$|LHnDCwvL9= z40Vm=Qtht!e4HM{u@BUE%O1D#vvTKcvXbQwTvgk=6F0At)ygj}y3CC%)Ji;+FybX7DzQ~M z#<`4Uru3K1H}^5Y3m95}8LTdx6$KN(A4%_2u<8Bwhpr80hnQ$bv0qPQzwr2k$X-Wq zLS$#$<9NXv8kSJdxF?E9D60Jh1|;yVtQL(>uxQrh44)C|3Or4di8s_sbR1&@9-+?; z-1O#O&ec+Nc@;m)$X?)NsRA@w&1Ngp#J-6z=(GD}U;O)@oC@fhUHRlWyh=A2Ht zRCX7*R7Q3Qf6BP>6=n65&f)X1sx-fre3#Ac8eKNE%GTqr`T2NxXHC|K5W5z3s5@6q z<6fFz9g+k;oCHPaqNRE*ZVPpt`m9ET!~e;heXxWJ042RlqA zyhl?U$P{v#5y_8@NRDJ9x~CEP7v#RdZkXK6?3@$Ib$KqTPj74tmYSO06}CPU@sCAa z0h;J@pRd|{fF~C5!+?YNoaO#2 zPxHgNrm-}ChQxbuK{eqi;l%V!+Pd*Mr?VXR?c_Dl-lLE2P-I*lZ}0#wlyBahbUZMpbHPQ`VsthGPvUjJa-~H z?Y6@wNF;N*-*=eQ!-n7^n~Wqwnr|5*vPjsqC6JO|!^ti@e&2mDed`OmKfYYw1R?dw zm+fR-2cRO-e9e>9iKOtC;F(X+Ew)4H?j8l~C70aBHB(pR;*NjhN+?ll2?a#2ZMAW8 zI2w`hpwq;iUUN9aX2o$=aeH7jTLY`pAND)LW@p%JwRYP>jQivEV2uh0 zK@?Ih%6~tVtXWe%z+cZI#}QcuGYdBMli?%88XV^mWE(JYWbl?=JcoEf@I6q5+=gWD z%YgzH?DXTenIK<`0%AJkiy#Rwj5W6pe8@7Q zg=8!dt<I)|YbtIuS%(8zbuZgaq&65ppjV%I*uOyjh&NS)%gD_Gl#y7gS?X6Lu$ zHDsNg-@{;vePW%679|DFL37Ydxj@D_;z9h(8CJd*Co21?M1Q;@0G2>$zt#7m(HFm* zypQGRGq4;bEeVD*vOPT0LLRu(pZQTrxFZtcMqyDm z<(hYVwo==U&sH7(!V6iR%p8~SqWH^m%Uj0+ z)0Wr8L)TZBJ$x)212fFkBL)4M3B5aZ1h;kBC#d=)}t!jzPKnkFETqB zAO3K08oJa%~q`w$BEDounL(TR?Jxem*-FXW~cd6M94Z8rPSII%4W~ zDXm_XIS0`?)t68rOP35D*c1xH3CT=U8PbzbuA_{39qOEA)#Ch` zse6<~5FT`4gRXnz(2bK@7Kv zJ#5^VB+xOdJ1<2$&2!&J0GSrGDkMidOn$47vgw5-ISCJOrHR z4W4T6N1nvS+Nhs`Yz{(Tt_u#M3wO*Mn*Wv(Q(4Lry+ZwtO@U@K1DL8>CcOpgDM14Kx z8lV}wet0`U9c_@BAd)D=654ot6H_1I~ZiF6JPO#EWO^e_dzkI zFnG3gy;7~~J!R_-z%7bN9{@5^vk3RM)T#dI1zKYCq`)J*s{+=T7;dD5Shlt$yg}%g z8!R#S)^V?75iuf;2(9V+XU8(Eg4~%rR4Yk_9amZ_su7g*L5O`pH0jeYbhJQ~(LKYI z_+Bjg8H(J{24LfZKsDlS`l3scv@^8XNlBxyQ81(p4uT}MY&Bt2*pA^isnuxr8mJxr zd_(+zt?pK%-T#Mxc)Sc*r!NE^)$|zg0sEjf8q$Ey{Z@l1Cl~btNmqn{G=TWVs&8Fc@>??P9nnZcx5Y1_4TZF3S{Jn}R$c`k5p2H(+S4 z!&%MAlDOJm5%V~dUPoS>6iUj}wmYU;BGPx)(THGcCe#ArEv_=zPBku@Or)rBoT;CE zOo(@=+!~eRK<1eFnGjDnD#@3T3Yif~)!U?ht+>4oF_}^KLVDXID}<2O(iM9A?FIGl zYN8S0gP0}F`hPoMMc?7aKzfLTYYWh1$&$cN=R8h${S(1XIQ{Fr?OOYm<>!p~l)oWQ zAIJ=&r)OY2V^8kWO`@^CcPnki4AqqMlSngM14*w0xT*5e#8o` zOu;@G`y`m=c}DIE0{c(G*Dx;XZJ=7ODrL8o1G&nOC{s}M${xuSt~0_NT1#u`PTDB- zZMM7;$i1K#5p7nkWg@4<7@Ne{Ge|gXrdhyF+T4}6L`~(|T)H&Xvg9m6BfrQz1n^ur z-UP(8*n1y*97c9XqX6xnpA}Wv=dN?bOHib!m68ItSBdFQg#8QN_{%9`Olzuj4ZS@n*Bx04 zD>(6*@H-L8`jEy?<9eBx2u`^SqW;g}8QS+C8ja1iFoAN`@Vz)p@0~?~vWs29|8sb@ zU6aDkJ66E^vmev3Bo!V zkJ1Vt!R-9R|clMJO=$z^rs)FP^ z>UHT(SSRmM{Kci_)SP(0Ev(wM=e`3{LnxTvg-^LfTuHMg*Ma7}#<|_4=}mLD8r7YC zT~)cAT`GG>>qHGX1P9@jfRr^R3R!fPJ0y~BqIhA;1E^oLW7zuT?o@F13*;@u0*Wx8 zVU^*W56cv5(yTTF^G2Yi9Er!&zs0^4J0I|D8nQDSgYb#bJ?PZyvL`a!AZVa7HfG=> z!u{ASDzXm+%HK}++~CnrekN=&Z)y;#^8wn^26OQsuIReVYLgSVhYtDQa%vpiqgzf2 zmtBduyA{%5WrGi7mTUeL;J=E52HfGqn2yqx3iAa$c zoItv^IJpovJ9+hMP^O|8_B8uGSGV}syk@{&$Y78P-Wp}=I?l~XwVTdLCGpUd-Xb~< zi5u4pO3(;$F~BLqN>%lAdUw6f2OJW%Lzh7FanvU|-M{Sgc24&%dmS{9C1p!5F?HuZ z9t_&8Ze4g(gV%!_II-%{r4|7rW2xW)u+xKGdO7nsXk25{xfY|Hzz{JlqVU>`LVD)Y z5H_zLo?~~S+=`hLE1m(^aFO_c0olR_Cn*n2nR;N}6rI*D^!pISuGDg8%APf_ z#^slB1Cqz?!SUfazmCi)wh=_5oO9r20T_8|dSC%ieG)4~0^J2Qous|WkG(ou^uP2zN#PP)+!`TSL-rwp-0kuT92-VW&SFje5JgEvwh>HO&s`HHTKO+Zwfp<{D$h!7dkh^}zIP zFI2JPX18PZiAC_JKekB6!o30M4zX$NwuX4r?%;8|(>8a<1;OR<`qIM6)ex5mMn4Z2v{nbG1>HO2DOYx7h z%k%w%Bgibv1P$9E6V0R)5b&`2 ztJnuW7X}+}vxK%p!fYMMD8s{u9RU}rGsm37iT`|bN6d&T7k>N7!#?Fr%lUs4;Q;%m zO@#(z2Ya5e7f;Z)Z#6?Q68#LB9`YFojBmosl?U0C15mQV>w)a)I?5w=`N?*&T^0_e zBZ_@%Av0{+iVUM{>=_dukFkrdR7r+-_6v3*wn|zC52uA_W6h=O1OE_dO~@NYQ9fvu z?HL%lv@f`&|#Sh}8H$s0}A5*`s zk5*z7-5@XIlbg9tFN7IckIhuwQqLY`!~BZaY1E0;`X357!Hh@fp3F!sh$3~i$`X6jJxeYr{A`AyUn4w+Zqn7KE|UK zX|mZ-+_=~$X7lP3k3%h*+$3aN%qWWHYA ziFmG{!Yf*=2;{|A3770<(r4y7(fl)L5MMoz>uriVaMl%xnws}tAH`|>k)4QMkiOZ%j&7|xI zFCl*o2nk9Hap8dU2MVnzep5Oc4pEwFJ83LvM79G0^$FqI8nlB zV!#g057mjF4xe{=@=i^tjK5P2&;4!W&=D6jMa*8_TXoa7c0?;}chWGaPiVmExe|R) zUAV_HXS?hW+4(>^4{8Lak3Aw6O`~iLaslUTNA*ZdJga3rGhc$9XRRwOvlnykK(TM) z{VBFrth8TGYyA1`IA2fwKAF)Qpv<|HeBNn^?i^l`Dh>dtplRgpimBK@0Rg7?h9E2) z5$@%;3}Fgxl}5T5>5L;O_cQfENWnK-_BGwPINMXYf@0#FbQ#Z}`;XgMGEGV@wpc1z zimGyP_N#{joq&XFjS0oTMTo;FZ>e37kc%lMb-7kT#^32cF{J1%jL2J|I|r9(98ed% zJ$YBiGkps~17KH+iCc{c=qBI;VQs%4WtTtxna7<)#$`~MlWOcn^E z+x-8GxtSo+vyo@g@@8Q)FUBz=H{o!KK3;y-A{@c1(6!Le`FgXLq;ud zS>9_v0_zB$V^Amnh&;!>F^*mL`b!05r}Xk(!@pLq9J-M*poL-4PoaN-}5MAmq7OSa<1tTcI@yv zc5FBF>CPMeuew$vaAb=)Siim`jzC^nN0KfgqZer|p%>8#^U2t;C(|PLQn0H(u1)=V z5Y)LfT?CY@#g?u*mhR?ytm$#_Wo5PA-O{m8NS^k+u5HWa$EMN*i)}Gi=DeF$qx- ziy3>y-@dlKv5vy=CuP3hjH{~|3Gr3DW3D`EU9tUj1(Mw#3<~=b63W)FN5(hyvmXWF z!TDhT+gL_$r$V@MEY~Hi)S9U*e_j&|;18bQFOWW5W=V|GB2HM139EZ-(T!PIBnLt? z;^Y$nSL8tZ66&B#$>3DY--gn#BN>h87#Y}cL_Qany2RjFpd`tP_=?OaSQ-r`5%#eg z5`I06AWDLDRNmmC{ep%uNbj?TnwVk>sSYT$P-0F4Cvs^^zC(GG@nT_ck^@HWJjHtg z`Z5puSSZXe5}CQ){eyphHKr5-;`!uhKh{uP{A+|cQ;mrCjep%PtH7cowpe&9&b?fz zJL!RXG(QSmQB?U(hWR6G7AISjcb&BT(lL_x zhU)JjB4?k|OvprMDf%v`At^N$^C|9rDWX%%6Bo+~qooKH^NZ)*{O^c{I0GWN25|4I zF~z>c{$w&7;IeB_h^L`jEYM^>=^Eb>j(ke4{gYSCWgH#)5|Je%39%cAcIVzD6Rrq+ za=BT!u&6XVWgJ;_o8wYmEP}W`Yw!vq*Cmcl!pEt5>XPanSQy!ch8N{84Rn^UwFw3~ z!+<{o`w#mo{|wp?m|;3S*ZE#tq1+aB&})q4Vj6_yDn! zsJm3KF&N>sa$`#@R8S9~hB{SMd`TH(7q^tJDw%dGZr{OApMGU+`}z3fBo!yk{(ipy zt5GwK&kn9mJ{|llnysR$)15m%y7=_@{D3_=+&{Sb^vlut`SBt9=Z~L$Jv};SuN_@} zI6mZm`FwoH`+kty_oNkinZ7y%yL`7@g#2WWJDiRLU)-5_O=LCIWzt+$*YYz1fo}&~ zB3WtW@ghl>|^P6pP#onF1L<7o3m-vA<7Ih37`03Ah@oxEs!aufM-lSZK!e@ zp%VbP8H2i0YW-mP)crqnl-t8;G#WW%t)1gV=Jw{NL~U9}_%}1=LJr=20K} z_ab{mj%=5(j@C`b-m!xqBEe2;ci4kOGm_?u-PA&xaBy-Ax03rdL;{5ZoZgRF5`bl( zhQevYWzSpcUt^%>ZJ?hR5El9i4EZ6s{4Y55f`~MD`fj#E)c8v$msq_7>2yfk-5}oznN5&-I)H9(98hs__Y1aw!*=+bIqOv=!gPS{KgC$x{(iA7Lf%%REVfJ~n6| zSvXI?$p#)&bJq+PIsy9MKcH@-)vU4K9C}N9_2ibIF?O7hNOojcKJ|<|AXP`a3iM9s zd$xgZ*QXvI0*4T9e;gA37|7AGYxIyx|5=q~3a)sbp-yD&g!3A%DuL)e2V@+9)XmN? zhlIpoD_bbW<9t=f4rP89>dBuuCvS*-m03xwT=vTtn_-|*DXC160X45lc=CQJ_EGo- zv5&M8%4l$sA9Avj#ccN7LitPbrGR+UK&@sM-Jy1%m`h`iMG9+dif?Qh`9<>8yH>jy z@T55CA85CU?$BAT%^{xoQ22)?3Dp}XT|^< zwgzNI*Ju<4WkPW8np2;;_Fv@ZL2$~Q*0L_{@mo2u6BJ$F1R<5gG~8B;4o=U|hXYv) z1IJ_gZe9didTqfsl17~%iv*@`kGN3zrrm7z+o{6K(MhDr6}O5K2g?|ni0UigZGN{A3P(|*+4E&E>d~W^o%U3uMHEYySr3J!BU9>((54Nn$#i| zIy?F(4H^>Q9_%Alm_4>lI9Xjw(%zzLBI(@4oeL-k2ka=HQI~xhQY7({UW@=tqk93E z_}LwUzyzQ@1|x$j(%31lJ(v2t6t0CJepu(~4_{ASs%i)QjMf5u7#r+Cj#8LQ3fPf@ z&_Ksyk$Fc1axlCSD%N({DWNyft7n%Pg$^Vep+Oq9dlbp;!9J@+er{!2o1R?#`WV9f z@j-r@9QYgYA+of^W#Rikw=(N_9~fAR8-fn@6K%OBc?>-Iz$I48CX657+zT@HJY=7L z$z;!CJHZD(EMB)7T#+-%wh~mUi3wwZsV}26^0!O+aJNHs?yEd{z>_b^f6Lqc7L9Gf zafL*vBCosNfErINC-V~?>?2?1v;Z{cQe@Fv7uaO8!(5W!RZ#loj8#sNnKdV-f|nWk z_o^tBoK4(v(z9xD9YwVLiMa<)81~}B>r;y;Z=gO01YsneGiXdO%o>hsjEhX(F*%O- z!i_^uRvLhNn#K&x?^kfR6gecIP`+?4PcG{C7OP-4Jq@4DKp7i6=RWZvkfswzRl=k~ zdBwXEcG*D|N8g^rKW!K2dU-k&_BY5#%DTK3*CpQHXL4KO>gqE+G6DWE==9srx?le1 zWdF3rf9y2}E%=e0?>8iI)WCZ%n&P2QgvV)zMO8ixsYz3I(3?94^E^S9O6~5+H-(Q6 z10o5XJk$mwXw|3G6ibKhS))z{f#&Y6;M6s`EkPrPHj3z{qd(Gm#_5c^A;=QfBdTzFLkVukbdiH;8*Qg$w7XWyRG(rpypazQSe_BgxLR&=7Z}>ckYG!_w}oa2Sf(Y#5Se` zTf{d|1AY6pwUzUN%tLHb_gCyQ3_j;&;Y9f!TNA=x%Xx_bi}`P0&-*1)($-c?20=aI zO5J5Z$05LH?oh%6VX40cJ+6njN>dmx-N}|rjw-Wy-Pj^QQ8LMr)WB+)bdU<1LP2Cs z5e~NWr<$3Px5X5xh7+W@BtSS6nOb*uI$C1-t&pJ|nXn?xzscGr&98An9g)h9{VCJF z@}fcp^ssAf!8hu-VgS=mc1HqI)gAQH<>groP0r5_pw^%9_!>91w)O%1aHB0ZhMsWbd1jxE~@ys?EsA3{Ae-TO<-G{{FX-b3! zK2bO35ur2+wrmZi@Fb10FMBEr?(wHuqTAe%z+`d0NKC@N+zM%I%~K;@OHaj(9Z0b1 z(1~p}RL`gOWa`{+k@1+xZXyt6?2tQ#-5Xn5|M{D=wGbS#sbPTV#wNFaypy+=k8d0N z24fIds2XxEGw>okq-LbZ7Iq*4QwI88$)X#cJK5gadh-UI`2_H6V232w+WNbumES{O za`qv+$HhkEd+^KF-@!JyhraypAJA^2`2`C8AlPp&LhOgc+S{Ayw3cv2bS_K?{>TS0nh)244>XSQKk*Ydj?nZ63Z2)<2Z-B6(=@ zCQwoxD3I6R&cynC@JRj@`D0AtC5okUfSmVgC-oh|Me)FoSEDYZ8Pad3QJ^Tk;~i zaIkp|$`+S6alZrhbKLRm2KtpP5B|{>1njUIfcgQ#Y{7HA=)|ET?v3JeDj8=+!G{E5 z{Q^28)YZc=LJBRiBM5e}vgtYd-v z*Xr~;DfzG0Y3)|>-&6b-kPy`=BEC=V>~Kr`)3ZG?#?b65%NVv82h8x19w~_6l z{a-K8(djXW5;abe;MmvPI)Ov<7T*To0``_2npA=%`%Yz)!8z)prJPt4* za3uRAh@5ci4H#2>>UlhyFhkWf6i_`3IAq%%oZ7gH8aq5@4c2smEQ;((}F0kBcHB0|uQ+^shnqasg}JA?3EPORwo1Y7rL#DqiJwZpf9@Q{@f zgtp^A&u<8_usZ?WzUm=Qi5uWCJA+NkB(s>n&ZS##kVQP=TEqq04+qcTlv}2TwBaf%n+KY0r29aZYmj4$|q{tluW)!Xie31aG^s zWslKszaisq@8pct0}Qs3iBCLKKSFgAz1{!yqRytZe(=-&@#(+WKMy{go_^dv|C#^v zcH2Pz`2#YV2KwWV|FsoPiMxdmLd2X>^!AWA1TLxMst_({mdt?37U03@G5Y1~0C`R{ zvE8>&NMXxv%CrpqJ1ziHzxiZqY;TE{QJ4JZ+gEXQB+h?b@wyWy29m$4UmE`ks9U~{ zx#xek-|e@$$@9P6?sO~t-;@0Jbqk@S|2Fyx+sAMqj2-<3|3czdcruD?Cp>nIJ=Chj zzgjrN9B&$X$f(y6Gzv1M>xApVPwz3C;T>^PPqYuF)?u4SmzYxZ`V z!|t%v?G50mW4qUE!hZV${^?;CB0t5H$q6&CW8(k@F`ivM6~500_RV0}95>tg7~KlR zE_-UWx@N1d21&kUj4+hQ9eTFZG6<$8#GQmw*5+p7carzIwraj+=O~UQ)mscL+7EYn83-Bo?BAJIOl`{|?gjDfoDqki z>-W^Z9Wnt|NxdETW|IC6#s*x0bDqrbUEZ&@oAYZhrMKCQ9?}pyId5~3O+Lu<)UjQ7 zs+R^o-r5#lf%>o7Zh@a%pvAK}Whh%v><6{Z4C*D1L?jpNi7G17AP<`)Z~4cZW0?s7 zMKfC>QJ_yh|2;c@KEr}OfsH$MXc)IQfC>MkuTa(Q#3F|ifqlS&32wgpwDS5x$~f_K{R{k5Aa3#*E;0hMd z*Xu!Wg+1?w--S2X??w%I)cWE7{ciltqt@@nx8GW`Keo3Sczowks|MbG&Nlix>NS%C zF{b_uv&C*OXne&7H~EV6%>NN{3Q_$&R6FZORnFJ1P}#R{$x?hWhO5BXH|C7Fic(0e zVb-`GeK@k@U7~(JClj%NQy*MR?Qxj>B7{rIID(-?|AmBgFYdJwstf9?zN4{Etn8i+ zfCMOUUcq+0l83wPTK0`?McB!n-0~f`7vl!piRGDqBVf8ob%&ilVpl^N{wz*Ny`6t9 zsq-giuixXldAlrLK-8Nhr(7f&O*Mf%pp*AFAep7a57^A>{DjT?taT;t65HffX4d_E zcEYh^Px5XS`2B>3nL>35SSJQxF)ZSjpYg^VkMVe1!JhK4r}>z$C-K9oxMx`5o(lKy zc}rgQw&T1f4!ymk@Z5G&N1+&ReKv~E)VQ9K%4F#dY)iICdf04yJ6*p1qwVo z&8#WFgRNdmgD_Hm`bT!Fe&C6{jm)m`>8+95-$MCf|CbL}H?|)}*twdK8TIe4M)x7C zZ{tn3Ip}o~n%I3Forr$npP-NM3A{WWTEp>BfBED7{}h)^y4Y+c_UA`@msf6g(CPFm zg)e#@$!D-&DfcpsSStJTd5_?aqCDMX6}TVl!9Oa|uZ)K%95pmcYc@ zkBxs94fCqP(F^H*!M(W_!RUny!J_THaRO1YvFJTOmr5jhkVrI23?ixoqWSI2EdQrB zKrj&RlK=up6KBd5@1H{Q6+nL$kBl@xAFKnQcjg0hwzBqvOW{Y9S$L0#-yw_51^3RX zu>CV)`{xC|Imj>fjCxeu!(MtADE#F^ezQveqvdho3ml;NcTfHx9WF6QS@G%V2dV5( z9G?~qMWLPPXhVSXxo9`y?M6X}!>EGN6_ozYpfm>RCo5Kf4@kR$&6@$6TfH^l=HXyI zZmtyDuLJz%A9+fp9PjhQv9!s~%qbW|J>p)Ct&KoF1*5r&!Z-);ZBkEXw!4$?yGV9) z3AJ#Je6&d&#W$0A9etRbvq>GD;k$VqJ=_q0{>dXQPZlkM%ouj5@cD!A`G(-$3ZGZ1 zZj=oleSh|&6vrcQ`V;(>#0_npry?XXWV@ylSv>Kkr056US;?$Ak~~@s<0VT6y_9sY zFwC*l$~0rKc+l!EkPj-o`gbo{Y>Zxg-dBUR)m)S|7i8vQ-IjvaJ{LiV^KO&1&eQQ}&OB|r8RG&lQT^7o z2uj1JN?2M&So+)FrZ|}XOu*5bCxF;%?e>b6^JZH-@;lQn>df~pcD-cb=||gfPz(?e z9rFVLdqE9_cp@aD8TKG+@9P$gGNI6`$wtEkK1Z+6cJdg~Oj)U={feZPBr?15d=dna zPf8%CvVJRR1he6sDdI3fawIBrvMzMe-Ytw27F#cJ?e$#iMyrvk>ybc8d$(1A6!G@+ z#)Y=}nKjBU$F8Pinim+le|EfjQ0R+7WUmoPWtPKW6(H4Z&j(UTC3EVyB_ z+7>yQdEtFNh35YyKFvN^RWF^somN9_+R0LBrC$cV!#9%z+a6E?Ut!NyHh-b$;yfTh zG%L#jva>|7CXL*11x`P9%CSE^98MqI;o$36Ufs8E=<8QjmHx3pUKR2x zwn10O>$^c-GkjN}t_pQksH;L<&!FyVcUA&j3&_MObyo$tUKZ$DQr-1Z(Gl8kc=QHI zfD}|ZsYHVxijJsP;iC#4@!unq}BHA z8+wB=&fsH$Nc@-kJ$ka$z8ZwSZD&XR4Dy{D1ER9rDxX3O0fx@ zm*FP2iALb$a8@9F6_B1dGag0JIr7F=!F^z2$GNg1AG6VYFhZvu;Uzr*B3E^7eBi(v zNe^2&$5p8NS=*V}1<$6t++a{-5!0SwK;-RLjg+$b%+;V$w}MI)RC+~FDeW&;L8WJd zN^5eHYk#LONxRCL1*@#WPjlO;lU8mNfU1nY&+9!=^zBHKi3)-S$eLX(=}R%mR7<{YBoh^~NWppH+!kzZ<+2Qt$d* zw}$f6RWs~eQ7^cHi7x|)x~Z@P>|L=NQHMrP!G9sDg%E_71C(aiL)5Fhppp%)yr3$G zR6(T2hDd|;K%}Jz!YYVVL8KQ2k@8ei6-0U#h*as1DtJ`EqY5595j<-3)`O3hO6#*u zeDvrH7Zp7EZsAdy^nHW6(IP7_{eIe3AyF-BiAm0A_8SVb$oEOc7o zq|L`k8L#>kfl@_`RRN{f1eBD$vjR#_0hB66hYBNA7^yOLK06*t>y3IVWs4lV3^M;s zghQ2`a}({HMV|6G=qNW(aXwh$kVSx|ZM3seH9T^0nTnnOmPs&%6hhl@Sf-IXRF3!$ zL}gW^;tK7opx5^by)vq()v(vFBGam{*K5RHX&3wod%afdReAVVxU0fl{KpD+JvE1E zZzT)hZ~;ZcraACePWp2JRQtIA)Z^#4k${HW5H}32{)|YJ&O*6aw!P9o=KY2MnIjlk za)_ga<`2B9CaDV_h1HwwK_&lp6a!Ghg{cB{qd^OqBU8i?` z1uvf$UiMd^Z5_1MiY_alxHh2pnlx?cXwEV9Z?SK2P*|SkA_W&M+b2&26;)juuk8Af zk1es#8Rm$qf`t!)g<{UShglLO3q~;l#!4JN6Ah z$o6hJ5b@E(-6n47OGtYIxzw#+9-P6OFt5*iY=D67|dL_}$xv%yL zDm>{Ui?}wikWc=MNDvkjb<#&;b!h3Y_Q|N-v-DRvz%kyC=6Gl&M%d!*;iF2dCTZq8 zMSO)DZ#tbm8JR`~3K?&D?IGzVRtsPL>PhAxsSx$EAnLS&Z?FnKTz5eLX@#f13p_0k zk6b|AUU&J0&zj27kHv@fU6qw?TTWRSl<+KR zuWVP!By2HzIGkRY)MabXyuO;4SK?01l}>^Xhf(mu@2vkfg#9wcGuyfU;dg^wo*=;Z zG^8eVe)!$EJUGjWG+dhDpVfGItE*}g_CK_Oh?AMNT*0Pb5$HY-uVzR~4jj89@(1pH z`GK3^yYFt`GKY>DxPzx&apLTHF+-PoU#a0ceCl=gLWeJV?WrL=+7M;V@!3rW9moj* z0khKPJj^$HGxQ{tKBv;>RQjAspHt~`P?3dnC529_y?_Iw(&$tgol2v#Tv?Sy=cZR_ zbYA|Dz7mbj#tz)(Yjiet=w60KXVZu8WoUGIl}1NzaHY|yG&+?=2UQxKN~80-G&&g% zooqIxG76nxrO>GqI+a4FQs_LYTZFhvE2Yj$9M)H&*xBg8+kEBDMi1Z1Q1HBjA$%E1 z9^Gx{RLE(SqNh^yREnNT(NigUDn-w0QuJh9cUIE$>@J{CuQWZCrl->MELT>g>B$(a zD^1S}9@bZ)>DlPP+k8#WMi1Z1(Db~7A$%E{o?fNtsWd&$+Rn@dczR8b(qwd7!>*ZF zJ+a2dYK?pC7b&%CnU0^8PFqOx%?C*HOXs2;u96RJ(4Q~MKO`Mm`NU?aAFI4(FG2pF zce6hifuVq5ws(as%O^olfV%Ra6Yv#s{IvbM``FOw>sMaY#`6^JI}SB5LwWmhNGsS> z!KUvEHd)ckyMi6=M_w2pCEmrRA%c6IUebax?;{Six`S4yX}(CP^#Tnf%jcL~2~+he zPuTAQA8icW$>iTB^{}_kflv^zzK;C8H2pDN}2+qS~#{i+J#O=p~(XH6Z?tZIVEyU0pTb z#FJ-T-Ee4f!N(PS_ADG$nwy7Wkt(@rg+yc%DjSC=jsyV6RM>k6fz`@#>JO?q#@ZYDyw~>|AOsXBc~Q zK&1~gwC>?Pl?8oIubYh>hWRUQI9@cave~A9*CVKN-Di_4+l`>Nabr)oN{5o=N2q&Z9be zXEbW7L7d@k1#!Lyh?9RPDh1ca1tHfT*Ayzfu5z$tF#xotaO<@c6@fu*Ek&{3In=~X z-DT@>QE{1@WE1SSptHNejw21YJ~4@XL#&l8xlj&Zsv6>##WwmoN_f~l5~zimFYi6> zjK=FOgt(icemkWWK}Rt56|Q|KuAMzUUaW9!rF45~O1G8#%~};C{VpKs25Q|#_aO<^ zu609yM}tc9maloc^znFXn-xNN7(y9Unzt8#P~u|tg+s|H<%gm1hTzd)cbL+_Y0u48 z*KGAG^;>zY^VI6MRlv@$H6QCF*%mU3@e!erPPtIQq-TUl`G=~mxf7>E5@BTYcX@BE zuEkrTw9Ik)TaOze{;!66-J2?`!%t{^saBwUtCUaG7f)3k*Bl*hdm$k9ikRLe&xQ1D;mG=6v zL2%w6uNu*_o&iwz%9D+Os`251&-#WzI%z!FD98#oTpG$n9+hzPAmPX-f4&H-#fG#q zv-~T+ithw5XKf8DLFU~B%+3{LejSi`voPu0Xr|-SWgIKIRX9^os5J~3Vq+bkV;5X2 zDtJ-_GrfLr5*PCk-yx6qKo)^KpPD2HYWjz=LZ9H7dS5Ux z*Ah2mk%T2qD*m+bcTJ-5upf{s;``JOemA~t8~J%Y;WflxE2FhcTz(YHG%-LgZf{o49XOE&YE^$b&p!h644If(add|&sM$&DKuZOnsVHUR#&#Bm-v(UpcHR~jf-MCV+#@aB=D#k5X3$}@Ahvd z+m(3pK-ZM#7aA(zrqaA_Htf%8URT2Xt=0nIU#VVS2YlZ^)oW2m+j6ScDyFSWOqo=<3z(;7YhsLAS2_4*g7|TkC~XCW^N6e{;w%Y_Gi!NO6=pRzYo8l- zZ{^R;l97zn+^m1!r0<%I^E2i_Rp^qBIXV>MTS=0yU)jA8By*Xy{~G;xDqowIrgUFL z!0atZTUt5WRFbLq@0B==q*3Gd?l7_hBgZ1wkOyG*wfTo6M`sh9L^j3#lItY$5#Lo# zBHsaSuIw+em=T4$CXWt-@Q@I|&s}Ub6U)kWwWrN~x1IRZr7o#Z@^ho)UJ4{a zIHv3_V9|IO{b1@uS`{Ow59i$DF0d`~tAMqs^RYtDuhiEi39w{Z)GOkSsc(`Qal@-1 z#9>rEqpSAm^7v|+E7HOF8iY7!N2Gk4TMtfC5x0Khvr`<&B({i8AJQ6+_^g!$Zy6bS zL(p4hjjV{@^m*iGnfj%oru&ZIopi4m^{o*e<+#xJlM#M57}ij0w_QX1UJW%H-OhHN zOHF&+?RQD#QnMLguD2F2*J?KBqq)kX=5-*i{3CN?J!&#X=W}_YBvh3?;oi`jmF|CS zo*gfsuWR#^cmaKV0iFk-Lp_(HS7}Zw=I8GXUUTw&>C*%_+3F2;lTPVlu^Wvyy;jE> z?xt{f^7H&xghv(khwt@wo9z@tPZrW0bUOWh`W3y9u}QFrD>Ppo&9~Qx=1Vv*tcd5^ z6`rr~d>K5iPJ=b!`n8tFPs~I~n@Xr$(qDbG48~8Bt+;UZ9??g9lgC3|>+{EC{l3|o zJSI8_SuB;TXFT8(*wFFFIib`@9Bztymh=oikK9T|tI~RZR}z|x6dt$DVbZ-t+7L4? z-Pw1{DRw8zcz;*Y(=&$`@2=wgJ?PGtoi@U=DGZPczC zyW@21q+{E5I<{@wwr$%^$F^0TNSg_DGAc*R3amRjPRYVgOavx_YM8=xSoSyElnYKXPSAH6X;kM5CVDgetjHiP_z8Hx`Y%y0}Fxb|WSa zY-{6-FGkqe_UR2A^QGnONh@00zm)vvLD@p^?|BH$`=I(j0uXCGUk;Y%Z=!J(82Nu( z6vFBDai>O)Zhn~W9rt-jn*vOix|$Cvd{B%6Z=xm_A%`+`f9Wy@%mSCXe=}TRy3CJE zNhv`hppTKRDKAbm8P==KYX@fjEr#=%x|?jYv?+B#oDYvRRrM8J{be26X~`Ngg*C6- z9>G0qTA2o=VhIl;gaaYjH32L^dk8jl?)!Dar7I!wdclFZ1!sL-a`Qaq32|0PXZ8^? zWfw8H-i)gt|E8SeQ;Sfkl6EGdSAwGrpv)^@s*qC*&d?#Uz)~qY3(hOi56*aiP%S%q zEG%hFWB8XHKu-T;CYC-PI%S{WMI0urs6gn->CMRKm{W1>I?~k#usPaQ!^*zm1ZxbSik(sc);+VUch*=_9aO!##@0Q`EoLwV=i)~e+kz3$y`xTdWVR7ZxzR#I zPdcGnwT9S?zs(MlPzTSG__0;q9g_BCnhi|^+0x}aysX8qPe7gTgsIp7DK!3cHmZ@D zoOKboyMZ&#kgXd6IQH3Y{#1}U)P)9UZ?IcXK89OXO-Pr7G*mYtMk<-@Tf#NbR5lj% zl9GEhT3GO_cr=r~{{(W>?}a^9AZ|5UOg6dcfS3O4WsJfnQQk~t^A03cT5rwHfJ70- zRD>eJ=H)x30!f)NMBw4CGI1h4R=`qNg^imKX|2V%a^dN{`KB$qteC-EbuK157A4th zapl+^$`25~2?3V&mcE1kKuaZZG~#)Zpja!F!5UbhGHiZzm?XOtP9l5$j@GYj27$Vw z6Ysc%THZ8OBv+B=qB=u4x{Yf!I6Ruua6|etPPjawXCQfjIrYNbeOGAA93`9i%-UBK z4%27Xr*tF^<}otjMQDYbFTb6!-s*PqG119rtO_%~;{P0pRz!pXWd=Sh`!w z9K1&NaB_N_Tej@(F*KTW_qk>?GiOwa6G|Ds-4_w%%?Wc?X!{B#TAOh-xP1 zMOrD!;=o5G`OCQ>S@f-`@2 z<7&Fr@Pj2UM-6>F*t2+nH;sh~FVE;!&I)WQlEUixmbLc+jA> zNmwr(jvr-ut0sMQIN4_w>{jJ**D#^s`4x7n5C?Tm$1^aY-gN9%A=i{}D*AQTsDa8R z7tVrpeMC?xb3u<>RD^ZKlgn*TR-~1W2|!gzmZrutKJGx5_60GNQ6#>bh*1y2gE1(1 zt^&+LtM)*Dz|myhcpFxf#3i`P;uQXMkBCXC8!tu3l|Sp1J&=r76xYvtI4PqkB?!H1 zlZ01=s^^$-*(0T;uN^Vo7x$bDh?5Z*KKdh${n^FqO&NZ7_r+M7 ze@_?M%M^3f5W+DK$oi$YiTI`HKy=*GS+QH5HeMhnf&o8W&&>n^;r4yxIWq8}X;thh zfTvQnKD63VRH|wq(K#O<6vH6q!ytBX@`G7dAj*HdM}(cOc9ql1Z$?I-+A*!G=NGJm zN2EMUVZo_@h`@3WP{{>R%0280#DfSR$f1PCQduPpi3)1|u(JY5Ri%8QuRKAKwYQuB zNOKXjCcoCa0Fkl)ky?b`%HstrRFRb8N&*Ei$l;J^B;(7^a7r=*$qmD7E4>{W+cfX# z3&S%fpl%|gr)V7Nrf%tsqh%O~z!fihuJI>lNkJ`(J-mf6*4uP0y}#+9K5-v2WW$12 zQ^v&vu!S;nasLAQQy$*))SdES-_6BdPZ7+sc?Spuys(&cp8Yg8Bf1FIM+!Bg`^lUo z6Hdf(ic|SB4)T|3Td&wa4ULy%D*daL10Jr?Ml1N2BO%q%IyDeFEButft8!Yi(dsJv zmJ&fKo9-&MHnqW3S*Wy>_bOImDyK2LDrOfW%+8}U{ujumgnJyPR}$rDCJM8t^|#IY zADnH5=qy>y4Os>wk}M=|^+JiE+*fuDDXM&GGQccceN4GqqTI%&ynEanmayfKn1sD0Mq&%3&6BHrJ<_KZkiZbP;UO5*(nc(9*PZm9m-rbJT?X;Bg*4=bG(<##x}sV^>2U; zeuvxM>&KVifQQrDhSbZjFoH8^k2oTL^EfGx6}qy!c^b1}GeU?HYL~;_&k=+|(g7ft zp1M>t`TFm=6AFQ>kQx;$j{3|?EbimjIWQmLBz>ZDfKA1SSA~lR&{=vGUhIJUzf$g) zKlV@@F^qM4!D;r9jJ&GQ6Em#+7*u_x*JwDe`p9|Nb&|vB$+sTKa^?v^II3PH5<3%w z{FQ1Ubs+%dj;N=J<9PoXTiNag`ssVYyU8wl^e>leEJ?Qa~ z#~vG_n6W6IvlHIvhTqZ!{GZJ^_1yxD|Jd(2t)=d2H+-EK-H)v`dR#C08n(mOQsAzC zjzL65deVJhtBjF`HdQVoS}r55RNAqh@Kq%9PyDxZ7g9HqJ|#%99+3f-fZW(k$ZMq1 zRn`EgSSN-D{VPt!qx~nT@SSz&&92&GpL0_0#=?Yqq=3 z?Z-z!4}a!*rP-p4v#EMV{I3$7g1fS%hNy`_|6?Z`aIey_WaIpW8~+FX3l|wb1UQ`^ z2h(Ra6#C%&BeW1nB#LFKFlik#6z6?JJe(p$jEP)uaXUVjj|~_vAjKepMk1OXV~_wryEgKgaNf7ipd{}lMEWoZ%TA(SxqV5^#~2Sv@eZHVSDfWDxSxcVqB$=Of-VKD5tHnOsla|RY^mU)> z=-%blcs{Gws~fRWhI}3@cD`5(UDiH2$1lVnY&bacVnR0YSEhTE={0Xyw)j8u1bi-( zmrFfb_y>N+Dxq!%^^q9oJ9=)Go(34KCAIt!Ppwvu^Lauv>8$pB)||>br>l@umB}V! zv*j^W;B#(NA1D^irfEZ7>OiF)O?4W}v?r@X2|&TE1ZY|QuFO#ZaL3w5>=wlaB0hr0 zkc4yd{G$@jS2O>*-k}7Sk-#Md`wOXO)p+xMp{sWyv-sJJqI$u^lh80(`-84z5L$ewI9|vPhhKH28 zY1Oay@7|1Rm?zG(J^M+%y$r4aCNaj{ttx{0BE1KEm6olCUm%5fx)`kDc}v;jQQ!gU zQe`Qy{BaEUCTezB#`gz|0E`HI8fVdd-1sL!a>x?6P)pT1_8|4&xj%~fG`yU=Zk~3n z_ccAP4jGQda+lA{*m4rW$B|hCxx&Dps;V6LF?M+lMv@c99SCHl?<1evw{s(bU7uYB zz5(8iNj#G5w-RnjdrwesW9qQEgBEBH^Oi`A9VwQID+bZ1{Asd(P>^ZnvCX|;=c+JU zwy#N1BRncfwO82uQ`0e6bd{F1)E#uTMoweF7^XeKOz>6x%i9}7%#?-epoKgSi4+!W zj_K}ub8MOJg}@3)cxQc}R)`LkO}I7&l(+dQKqsvm{vf1pnAsG1Yh(YNahrPJ>Gw8Q zWDZ6`DQ!b>r=^~+TPs=Dj}5Kz70|~)2Z~t7K-chnrNQfu}n7D>IdQz^5$AthLF9{cCW5PdK!m4`5Rrcs0a7nGzMh>#)RNvnl zkQ2jqH9Ly0m?579tHN3RO-EZ@H}2Kgf8L;q8lQ=fy&LCzzp_n!2b44VI$?&cj%Zna zRXzqN=&w~9*fux1b!}-Bg7{czHmfLpT3;z1Nj#LfSPXpe!M;G1AZ01N_d-?)1Ms5i zJ=_%HCxM1vloAg%4z_KIakj$kf7_jUYqh{aRE~L-LeL# z>3Hc0eTl#I{p5|=51QHCT+;tkZ}5vibfn{-EM;f4NaD7o6W%Pn-lxah6E~(QuTbh@ zQ>a&k3LL{=jUwvT|6*n$cJC+XBjgK%$zQt{x}XXn*tsyjyFk z+w~}lwC|8Fo!2c{?vP>P5D)xKne`ByP|#K+rUOTes)DF}^_Sx~0Na;6Xh8o8oNXvc zk2WwZnf&q%bC9)q`S&=1OCntPR&-RkQZYiu$cNr@0w{HA&v-GA6b18@Ys~0T4Ej!_ z^8|x}KuxW@IIWEFc6dTNajIjrMc`snqaM#&izNx|#LQH-5pCwK8Rka$1RTu8NYYDK zeK$Utcgdn8XC&qyZ*8?BMyA{(#^h>0e1TH$dsO3K9Fi4T9TklTX3I61;?1foA~#-- ze#NHMAtA>SGZ4Dm8`NYBF;0<=Sd!;0n`_XQ-d!kv40!@Y8>3*Yrw(kRo&}<+-cfCc z&UK%Z(eFLF4zHg39q$MXc)7uM6lOxFb$n?K18)}IYs~c^pN_1+DgSp*2?TER%~Tuy zR;2cwjA%el{$Vdb&+cNg_Zg@j+@~r~B>B?fH?zj81HIYF!N&O)El|ww-dI`v2otHi zbMy6%VdlM4bLoXX{VnDtywxXs=tbV;Pl$>gKl@RXRI9fXyN-ZZ_B!pInNZLTUT7hV zMhBNY?(M0oWDWjR3ZQ;z2F=2&Eo%9sATQ0|v-B2UJL8&sC59*QyQP76s}hP$?2ArRix1+nVM2f5CAn?L!K9pyHyh7;2iYM100cDE z%tb_eS`Z935uEt-EF_J`gt4SnYM#?&6T&7CuJM!0wnwoCdrxLi>(hkc9=(yded-!| zHo&>MKnb+l@^fQp9P*At^GJ6?aI*VH1kfKpHiBt~sFZY3_>t0) zhx(u(iSbZHdmY1s&iY(u&al zV+W&WS9A5DJL0tAcH6z|=Uh@D8_5lp#Mc%q;0>}SXo%u*t-8gsqcTIp9HIIbI*j1< zw<7fu)H4OJd*$c&cD(Gb*W_(Y|Gf!j3j8^vyP3&!D$NIX+kn3hea!ZFn5H~{?r`pQ zxN7X%0{bC%L)2^M=a(ixV2UV445@1asZ0Jg0E_{t_uvSrX8|ld2K*=rHH@i;<2OeK zVAJZ-kx0Ir%w1IS!_oBFHt*igTHP*T( z_?Yf}UAZ)8HfCU7d$=yH{-%Dv6Z-I~o_s?96{&3(1F@Z$)vkfrDofhVTCKC6YmOgv zb$di>Z9le20BAuaIEc09Qs|k$$23t1VT5KC)idrWM@qBfit?1&I#73wr@|d&yZl`a z&!s9kDi9=LOD||iX}k5?0SY`rO;5_vu$*e0;kA^+?A-V?jYb7d{4j-&p@eOEf0l4y zsPWUOrS7|^JkFVvb&1oT!Ng)6ogUM#YtlpC?PCCQrL#W7CD26+U>;!s1Da&>0MyrR z#c_^eEpI+4>|RW$Yjn+&O9z%+hb{k!T39U~d9pn0uwCWdgh906+cV~F>oBL4F z?2n}x{M?W1+yiA7i~C}f9+{8r@|Wa*n2Dw8D_4zOX0?|{R5OK*h6XMu@`L(C9=$GG1gp#Q)03lbi^5llB^&XcDmYJlKPnc|oU2bOZ0Ly_nJnEVb0y_sbVZ)+g}b0ABu-QuR}VKb zGF%+i?JqBfPOm{)#ARHLF{1`|uB+zGt=HTPI!L&keBrN6`^2|^Z$e2tjTcLw6qoiJ z3j~I5h_JqbFELOIyd#P)01_zK?V3Yr7tHTq_}roUYhCZVbu<(2+i5`*1Yk0#BUM#P zU8EXzQijtefmk^J^`}ZGZoeJW!5LAM!q){BT4zVW2UX(s5;pH&9C~Vq;LPad^aSm=UkZfD^3t0*`ak}*DzYnTZh z-{R_3wkSui3 zD7vGSDL7gl!jE7VCV^;b_z7=9T7TE61yaU`#|m)ym35$Rgy4|&^usrSjqXX=@eKH; zWL5imaq4QuCUgR;TC_l*LaSh%*^RVgtI(2s9>=&|AM1h|Rrygi3wZkwC!BS#n=d}n zgMT@Bv)isZrz@`*-%`?;;Vr4s1<|E7uetIL;k?sVO=_i{p#Bthc*yD@uz%FhflxQw z86ttt_EUO)o~PL+o!Y4&wxAEqbNF$9D(9`1U)ilWKOU?1YHQ)2tvI6hwW9Y^5>I4u z_$1r`%n>q$X}_g?eXX#D?yDb+z)`2xkFqUp@suN3W?d%08+;vS|B3o=F71OLzRM^_ zYRWXfRG0s5$+DQk70G#$9|W$0S=#r|Cd!W)(A7oz^3XB^e@}E1xE4&^-)aBycud(|A!(Qz+ZD@)zeLU9aMtSVSKzl#?|S0t#}I{t%p1wYgEoPK9|3VJlD1CXD~#Hb|TArG@D zuO#~2LbWQC%$;>SG~rv>cO6!Gi^r>{%jaP#m`_wsl+0xy`1CQgmhl!}Q8-lH$%3wh zpmv&{^0bcF3V7UFiQiJV3U)C0?Zh6$pb_x)8SA34L_R}Ep?IvJ$ z<^2p(3eN=Z_rjU^jQSC5WgQDbW|B(&H05;?41C6>)-&HRH$d^oX0*bV03Cb(Pfox} z2wp|LSS%+PALzQ!!d?XSUIfsq8%Xis>0%t3i0`5R{EVaDfI0kpi>@GNDl=sB{%bMH zj12dV3U}jA`m{7^I!q|LDrEL#ETkLiC37+feHw~BD?_#`{D7_sNQIxJt0a9Wam;Z< z_OOTM8IDRs3QqjOhmK;0pL6JFZi6|8U-~4-S76yP9VL_ReTz7uq5!}zp@p6|8`5<4 zagE9!!sa!u>DVWHq%geb>OgVoUj;n|oSbo*fA&jQl2zN1RqJ*;?Z4#=Jx-*`XmQzJ z4L+ivtqe6jE{jGtxey+>5?24W80%+WECi;PuxX>N3l^+_<@h5=$Hk!xwJi9zSdL!A zkMjLIsUY1=l_?|^sRhmj8k_5zLHD64U_82G>b`rIM`S15OFPMc%#i`Hs&6qOPjzei zZy~Fw(7M*j5Imm4RW5FOczai;OIMReF&K(0ux{!P9x0FxKMpc~TQYxG9oyV;S&)bG zL|1XY&iP6rrRgzaxrB*nq-lv^c5J6s%B zkA~9d_8yTqh82Z>cWZBVGG(m zHp|1Kcu*nAzDyXM3qft-ex{@J!+&2p3Y;L)ZQmKeoc+19TqT_p-Nqx#pBG5O4Bahg z03sF>JM97w07Kl0jc-x!@7y)82h9&p%ARy%_I4)M|M^Eh2RrV)K-6+4+t6SpFsT1` zW+)QOkSz>S#AG=ZA$dyjKOMK`&@^Art^koCcuww&%!2Xhz^gG^Dn6TLG`TpyR5|*t zP%Cf*L=UY3egRQX~ti)NPqEZQtd}4n>7wG z$9&L3&&sHg#?Qa=cqAhl{txd?5mj0p9r&V0VRO-wz`{}tG&{VAT{m6rb{Nb!l>wYV zY5$J=X)EiSw>QRoN9AGj;t$^DU`h4wBv}K2du%t2P04Hizbtuz9{C3_PfmFMHvFE9 zXkqBO#)j6rcClUH{Oi2FjDPWijk6+g;SZcI`Ia}Hup_set9Q6Kz0TN}AP8%#9y2x~ zv~N?i>$fCb2fhXxe(@n(er0qYmR!ps8-wW?t0x#>b&6#f(#eoi}s_ZyLnCfyQcBBb4&Z0_u8h)cLm_GF|)Db{}e6e9Gx3v zFWzIh(_X#5+ns>lmHF#fQqI0M+Y*jNBY004=lTs*G zzZmZIU#J2ef`rC*62)`g9_hQ}gIW)Dva4wfqZCH|Ej%=tjgKEq#{j4E7Im@^Y!s5f zkBTVqCWjB9eTt^y%t3|lFCHY<--{I=PaO!-B5+_@6Ba)GJj*pW9S)C)JIa%=>;{b zX#FOeVP#j6(XeS;NoF7M{Z0LGd{VK9$uJLEuf_nKpU-lOIPWksbgvt6{_#+)RFk{Q zC%>&P)PpvUa-}~^fk)DwAF-E7Q`AA<@@*we>mgdH+xSEsGN+Fmg0{Jlv^&e!=&ah- zLM)k}c2-Vh;+a6pnr+0n`G#luW+h~U_BTUv%ucPs{g)S)u&=2P#E% z36}66G$>L#t@MN_8X|3oFsp+mzr_xrFKgr&l#LN)0+5qy+B`7CRwT4p5e1spVu}el4`};ZA9VdX|I#ThbFa1c! zamQfn&NH1bTj63vG5N0y@IETR|Ab^*cj4YS3jUg6pmcpIHQzI40vXT-_WdG~@PMOQ zFq`8?0!q^=r=2rJ66i7qf}xkj3%KGE$HrkrJnv7rOZpb&n=!?mh&MiWKBvWR70gGy zw#S2UGFxL22>$LqAeKxDat5#UHt8!H zhvvAS6*^i4Og|JF(67J2-WQ<8sJOH|OeX-}Ni4$62B8LojQ3eMYWGyfHTTB|5#G5c z?-bfxDAXi{^d^_!zkAaNkwcD5LB}>0vOE!l?iO8o>!1_2@RN&MXKikZx2e}VIL|q_ zbZ*{#zv{e?zY|IXnDp;LeI|P{LuaC(nK#eB#dvH z1|QENim`)F-qqDcMNW(dcGMmasrZ`&1Vj0~3admg(4#7O=tGIOIQ^ZckXDhDU%^kB z+LK|A0uc|4jWZzZ|E_d8TX__}^(a!FCIGd##;+u1!3a6)Hvdes{iY%qD9G#N`7Gv^ zsb{k@tEe$?YBtiiT=Sm2xSZn>^cD`%2!8~`X*@T)*-AGgdv_wVYwIy~E9@`z9Dxov z^xX&FxO4e%qx0u}cOnY&kwtYQa_d6nLJma|-Lpx$-1)BSKfJmnQ1t4wXID%O^V`4L$xkPq?-6rcV9E=e3RFh=={Ki6fnf9+VRd1_5gXnuhtk zbM}udrv>)*8#@!5_Ul`~2aK3f?7Q^R{K=j!Q4?*xg;mK~-GGgf~c-&re_Og_tk`%1(6TD0^YGc6xy zB_D0+ugS2FbGMIl!Y3EL^9Zy?ROO)c8Mr1o(Zvby>5&EW23QplM)ZR;#fX|{{hApL z^Tbs_4l>I-1y@$aVO4mI>AI;O9%s>3lNy*3x$&^Q;HaYcd13X%^81_P$NC38Ud=!@ z&4@kCgteRjM+KMfI2GI&6-=tQR|Qcq74#_D-x+?>vQAOO0KeYRI#2J$;wv@TA=A}L z%*nzYKdOD44 zI|C@b{U#1)L?o4)Eo(k&8X6`&*Z;v^nW<45Fo-E)z&+@eL4i9IgoUm9wz6b3uyr!7 zS{yrxS@sd_?x<|I#e`=0o%s zMFd2)uKL$&9?1Ss0LXqD3gY=|3k8A6d#Kx~g2t=)(QV1JbCG1tY7OymEMyX8B>|ch zY1^Mw@BZ%ZXENKyN5g2KH`HqHi0*TH6?m$i)ngHN+aw;7sALQ+ZU32E|2#3|Q@#iY zPCMu36du+t@M23@i!4hUniE;%9kD2X!%-x)81co;&dy1%e$^a$khHy*Y*R26nH|`6 zFS^4Uo`o$>Lep!Gnr%niE?ArGp&9g>+nl34o{=8U99P$BTi3Z#Tl*e>y3SUkS3COM zY0lY<_T{~nF2Fr!v+<+V)ZJc_chg;W+5!K>({|}TKc zy;5y79u3r8~1v z_?bHtH+8M+h&+o}(&Dm{Of%qdq-9-ytX&Dbd-UgCx2DzBKeO+Sx8>T*J4SnZ(w)^} zIyOy8E%m!gZsFXm%9ffbDcT#g7})(+YjA6!nCv-LtFz4?ZrG3XY% zm5)T3vGI-wCVqz;K1M5`V`yP&v+}p{m{MGES@3sMU}Nxj=)1S)MBU~qK@+mQsaN$m z!rc#J2k|cp{wt3#?yh%sWC;H&yl~3k>1vVflylfxZ63KB<~NEgl@DgK%?t3Z--|+j zdl}Za#-h>G25hu`B@^8DlVf^W>IANA0Ljjn-&n2#x$Y{tWM;8*p^Wi^RyJl%X!*U9Z zRI3%8oHk?@- z)EUnV{Q>6!R{{J_k`E_h`~^pFki#Tu@>@x8jrawGy3_pmuhn!V?xdFFA{GYh8>VCY z(UDqV4DuukHQVhy>i5l~&x%EUHQ-j)+stZUmCrWc8&}>y_+S*95Xrp4?D8!kfh8-J zG4 zK!xLY=5e}9)pVE^M!KDc`_VXdF1_kKj=gKZC$;$Od?jv$8Xuc&QXiK@G2Id$mvQ%3 z#4$DgMcS8hpg5{{Gq;CGL&Q@`ryU33Tsf`(1uw;s#1XHrmwn0i$95sHXIcc@Y0ML7 zd`_*^IYY>CR~$blP`^vTcrEgI)jA3Q@x#7o$51d?+YL#J=I?D91l)$hBxlk7H= z|8k4qRD<%j^Sf6}c%({`!ZpvwW2gE`$_{w>pSsdyrEBq#frZUq~ru;_TBUFTU!IHRPVt4BK{MTFUNkWbFNJleO?z$SvV?gKr!0 zPqh^n+`AIAolQEca;$q|!pONWje{35=ThCXg!*sIz)Y0PSu$5>&tcr&mkO-{$!7N*j1DZmq9=`r>~p z$<8n}mwmj0C67liE+cTnCs;*6AyxevyO2T zoM31(D^gnjh}g_zu&-P?x|-_=zinGKg1=i>S(n**F08n1T~|70I}*KcfnKuJa-^zKNvDZjeG>+%VTm}#-U9xFLKNFg&(p;{MIF`Ky z^S`^ONS{H1`cHr{_oUloi#E9!2p0N5K*>2xZPZeD9WOd-VzX5yad=A&2=ilZu;(g*>wS_F+^mU2o2;zx?84?SF{;n3 z`yUdc=cSGu_0QF@TJLfZb~ww`DS5*&`=IgaO^c*Hz_o#!7cFAaQ8wo+PYdKVS!TR( zE6EZ!`O3J561biy8XYUk{#bL++?}E2i1BR7UOOkAz=C{MhEIeGjnm=tXPSBYi`_rU zuDhu!a#jY@pGq$1S%j8D3LVEygu%S3s;`3GV)kBz=0TO^!T^z<{DTIq6Sy7q+a>46 z=}qB4Y+DOFALmEfyZy_p|E=NP91c)h_Zd(TXk07?e-1I0UM?LFuJagO0EY9%4!K!V z(MStzstpO_{z$1qT7H!7P6iz#405mDKKGG~-2>A1D@uPM1D(G4=Q6?62bZ9THH8u` zO2jt_QmFo1AEmgLlhWGI`s(!?20#$CWlg4PU%H?yNSWZ~V;=_dnGo3&hM6fwlS9&r zniH6t<91NO>)&R%IPdf6QBsAEF)&B50s$GzK1_`%rtQ&+`T4a9h;d43)m?&90Z#ieWNdudP;n10 zoi0j`m3~B{HPQcC`c7uf2j0cDmE#nn^0M3~%SWZAKtly^A)GN5JAZ!qvzCUl!&Ly! zPu@(%m_H+CU6YR=A`D0#Z zs-dKTFh>oh*HKUfxcpsX@_0Zxn1=EUNC5~n2`&F0MoQCsZUn~`vBL8yZM=V!RsxMO znitlt>kg&Wr7r6YysgLa6K{9+SseipnqsE--B>EvPgjLHZ{)tOW>=4e$>?z@i6xSl z$BAW_dC<2G)v8*uoNWG$&bQ+F9X~?&&T+rOjrJtVvRL_aeIXH6ricTNHv(2JJb?2H~gP1c}La&wNYWwM>$4t0k5 zr}7OVH5kGZ{pv{~MjO zj~+F(aTPOS=Jkq^VG^Tk>Mkd^NeNc452o zJ#IMRL%1^>^H9s!-z?TaTk)s{c64Jv7xg`@7NC=++Mj$yydVD;CF=7T~Z}t@=;?*9??hDmU;}IQ09yRb7 zUyp(yAe1gSqIilo@fnPfo&@z0FS{zhC{CE$9LSDgm=L4_1d&P4f(Lz{i2pAGJ%W+7 zdskssH&)rRD+#?KTg0A?Bqx<8B!>_AhVjeKMJD&em}nUBpWpwIpITZR-xjE@LudBCE3YaVa>_5B43Q&) zLxD!_mT`KA4?#}vH`C~Is;jkTc~FVk3RI8?M9vW3#A~R;FJR=%QWO7re{F)fK@s)$ zF}@W_CxHsGAD|A~4obUiM-WJIA{i-&47~39`tu?8$G-?S1s3opG`(>XpK^1su}gg1 z!gAoS8pnhh-4K9W~<@j$g+|3N4qnm{j@h6hccK`*n@Lg*@fP@folQk{5 zz2EzMpCHse$09t-KFhwfPJYm0V?D+ji z#4*4FM5{`^pJJV`ODj7)o!r_T?OJ_1S9W+fy&P|zl1u+-zpZ6pIYcIgD=kvBvx}aD zQTAgDm<1iGoERFlm>x@-Q(*(qqxv25Lf~n>=gQ8c@YR1Kio9vigsCj^IxmanU>KHb zs=6$oIM8bRp2|KmZq1{QiDwR+$tLF&{rj1nUN`pIk3UInI*!qu|JFhENBm*sfrX9E zU_0ZCG>39$o=TokkUN`+!FZ!s!6%5%-((@y&e5;X#P5vCa^eNa=9k@Kpchp!s^gC-3m3kX8i+H_mO5O@9Iu8@XKm=a-S=zGc*^hXtq--l-HteiqL&MZ1WDbRm& zD@`H0?xUaM!cjosG%@^p&VwtQd!L; zMx88`z3V|e#K=lV#PDSh;CBL!g#k*a_VrP3YzRNx*~r%l6qR8P@;3id*^lCm1C$<4 zK)B$zqi`$R^`AbF9ZaauCG0#AH28QxMlOylGkl<51ZYOw_>|vm$%oL=%17!eznq|t zh$%m8e`_!eDll#W5b#t81Ke$HMJjLlAmRR~CnNgP_N^?-SE?qBJI2S(l}pR`OV5J+ z%QvBqP2l&^v?rMyW=zO@LAXTI6$`Tp6KRY@0egp@@;M7BwAk^d45A!KVC~|>F@)dU zHw{pwx_|!62Sp*C{NGWIb==t%R7m3RL&;qy{tZ&4@!~7lZcxxybJ!v^=Rdr-vo7g{ zTTGjvalkm>tD#yu0!*U(H`1uDWw+8eSc8eAgy0XQe=~$}WaUsq{2$P@63V#;^$p4; zb?CIw6(SO@pJd-X-)&uZJGpqydN|x#YUgzG0hR|dzF#OGbyd^EU)Zx&)7a_H11IAE zEqAKjC8}L#;URD=M3hg%9_}Uol3#64cQ^mEsM|q!2T4E-vVXbgR~j6pq;T; zL;VdRN1GTj4mPMB_%7%!$>X<5KKX{_vrvP9t)0>puSqGNv-L%}&hqQ8eK{p0hA04U+B_#>cT z%9Y!?9DxN1<2#Ru1d(GOs3{MRgb}J6!+sEXV90>yNA~4QL{U8HLyh_oderodU{t7A z5OE2~12MUiC@r7?ohtUHsUx|MY9Wa&AnKC=sy@%5%1pB6-(KjEO-125kr=)FI=-wp(5|l*?L#oYF?LWwt+9c| zj=+o_?pO1e;8IhFlQ&YsnU$Xx#m(=diyjzHXyd((-QruM@fL8^+pys2coW^Ad zXusU4m>>m6xY>#&O%4zz5m6l$^B1V)fae4UAc-R6BgP=b;nc`fsU1oyX&Dglr<@$5B%)zw zIF_}^Y6xR^5Kci_m)>QCWyc|skWBK9ffVoBv6QvSipnGk5R-VLf`UX}#h~Zz2*OL- z0yNPj@&TQI&sX5n-_@+_Ffc)ps9bQf0XavjGc~hPLNNeAh&c}t;1>vrQ=>wIa-WN~ z1?$Zqk5Q$S2DAzo5$Gq015s9hR4qi(d3l2`^J`wODPCf0|5K$We)g%eHmcj`4F#_( zRxJ-0nfQ5TODRuqYALF`zh~e|@CD7nBqfU@gxo$x=7GMkRaopY ziBe4|>%&NZ?`VW5fT6s5YNE596bMC=+wS4Ps(}`Q$DbqhPO=-h>Bod|V}ci;Kmb{q zAaSZl*s53@7zCPY5elgQ^vLv8o;)PP86bnc166Md$+S4o=U6xrLL(+YD}$v?1eQL3 ziav4AkFa%pK)bcx>UgX2P3otpOjYWk@fT4Kn|_47Ptny9_y@?Nm$mk0QyXkVZ{+@I zG}3jm<&MN`L?CfZznCkgTeYcSG@THNGGg72a{Q_!*7E#HX|T)eN_6fSc%6Yi8`_Gh zSLGU>yD3izRwuO(GA_0tAET+_;W0%% z3IwBHkuvxe`$BS?xya4?;q!l9Wk!%|d{efB_z_;z#33em|LBcq(!_JBCH%Q??0_Lf zFqo$H0U-f|6w=zFAy;XJ3AcB1Eyj0(L?*YpC8fN0Ue(3BfKVB(TZq26nw` zP_sJ0PR;^MK{E#RR4ikj=fNBu197v)YuNQ%;Fb_byEs6 zFflbsG4Um%AQq3(beN8Dr#kooy+ptpU zpkOs^Lh2X{-q-K7rpq8PnkdlAN#j|$?Uowxh0!s}64DMT)m(y^sm`e4t4dpOfs7GS z>N(HPyzZB;Y5~3=7qiB35WMowgI-7KBoS1_NoC?T+E@P$ISDg}~I|&2vM%PXe zi%BFM^@~}>pAgM@vd4w9#Pct=8IIkr`cAv4mPw2(#EgTY#b;ma5DCR|YnES-{EUlr z(XdX-$R)O><9I)@A3ZfZ&ph(1k3Dg~oYzMU>`%@5v@_cy7$B(y(n_@nf)UI3`2}P^ zP_j8&SwqUkqf~7ciD|=7S{FrHVIvslKr77tbMGqe--uwbA+) zBYILL6$~hXXDq*bIRPaEVo0Fsv)YZB@YOvNJY$e>gI`qd2pEP58|xD#Cq}VXF&9#$ zsdj^}8Wl8SURb6t7=}cezhx7HsWo|ms*%0Qdxtxxda3mp8VvCz3c&lFU8cmj;3(OI z4@eT_S$19%3;i?1nE?w7sToo1m?9-&k#-Uz2{)#{5#;CsP6fFjg@LBB;ee7jR;wjB z)6yF;U2>7l5MqkfV!}Ap{uKtDN%=0zv|3;}z|1UPG?L<7FOcZp_bW@H0aK#^6>mWA zc;BD{Bdn{-SunyBRK#uLP7ouCNq_~>P63YoCE-SI|MAA>`bQrW7IlRL*fu@%g&CgHi!XQ;X$0|`rD*is!cT{3zq zm~b+IT#q4T3nA3!TeV85e+X0tya|lN_~j@ELSUI{Nu(KDtJPXk{v&ECihM6h0;{6G zfS+*C43@wWXbwBzFK`Lzh=C>*2jZ-j0EKoXoTRI>uwTkKqWrkhJEiFRTyk!n=gOD* z@6@{TIX}LK`N{eJu^3adrV#L*c>bxMIq^T6;`hA&-^S*qi~o6$pJ#xLQ5Y(%pgxSg zI@#^EUu-q%-gVYrYDa)#NRD9Bl8Au5%{H}7dJPqZ@;!*9Syh&5GDOc2&3iVd!6chH zn51#iJ2>9&pX?uh+&}IgA03_cRWQq%Xk_h&<#LTHYm^Y~H5xF)kf~RF_3D-P!{_P> zuhvM+^&S}DXw9zBYn&YI{=9EmuCGGyMEk?FnBsHD(He|#ixK}Ut?A9Xowu*Nrg(<9 z)Peo**=ppm^gdC_73&W{_{oqWy?%-=bkqTQ7s#xgPBvygT^tzJJ&Arfp%Bjns^O zTMzjdg$Od#I;$qg`Cie zrtW*Jrs-_7dI!&8iw$e5W;zOqt>tF-l-*)MF3?o-c(4b4C=gQmz)XZ4^!G*{f!byV zdj)Qinm;Ofq0OSV=tnbBrV(X>EzE>XzPiQb)B)4zZvzyfk@Swnfgl(@70gYXU{`KD zebw8s`23+Kv!+)~rFE*D?&=QDnQueQl~bNNHK|t2q+`TxJ>6y2Q1R*uO?pM&7MS;P zw+mCR5A7$m2$cujRM4UTu*4UrYnX^5D#@(SIBK$KtJ^Kc|7>h+IsE?+Kl5;W1_GrT3;JVacT8b@$qX_>8mr25xQ{sT@9gaz zzw#E8<;AZ(rDg~j%Br&EXX~bT?CPq;&i(Bd?H3)-R%PrS9Uk^i58m$|eK>vPt$U61 z_pP?qX!tM;Q^rB`fRxpeYyQoD3G48ae&>jJIIS14%61(n@>^~16>j{V2~Vk;V+ zaGD@}UXZMN_F#ecgIEs_ct6;aX1hpaJ`TCwn*PWHtZ6~1hL(RRmZ(A-zz@sI!0IY! zf@}<6Wd$@xq9>+t%hqEze~Kq4kQ&*G1*t#lm&{Gk$#v{{8%b5AlP4&S{IL69^M92K zN@l=l@kt!sX&W>7|3-JKy}n-H|Lf1&ZO8u~;-~Qp{HIFA+IS}K1KbAx6dYw$dxia$ zE6{9$Bpy*1pj|SFA;$w83K%^`VJ!W~Dbod{?+VF0J0Lgy!9zTH4`Z=28qbWaNb1tdm16YQqe{&PeJgo)`6(K!m0sj1kio(q-aD|POd^Jn#Pf*6x=hoXvfA_eOW z<@rd6_rxD7ul!`tR6bSm8GsBdqt>Ve&d#L?WEG(3oJ?0i06B~y9|P$q9AbaEqP!Z0 zA-MpUrG^}2++7QuK@-eH>oKBo0TJV?=B=#A*s(~YVj12iA;)ou44G&{r@%Dl7y<~S zIBzl(Ln_CmT`N`py|lw}0N#qMRJpguafp36VXA7q*m5ZPS3P|Fm#jknZtB&4s<~(Y zy?|&N{JTL1&@U2@Ixmq3kRdomDpO+fH5BW&BVoOu1sOG%^F9*2R%a8Pa=cNX8yR8> z;v@_KLq0V|O7S4)W~^gT8}h$i5{4(Lw7jHC3`78=ZQ#lGP4RhC)#vFZm(}#H0Lwp8 zyO7A~cn1E{IFdD+;CJueYpt_nfOG(u_j^P9rTX22d@K{O)mE$(E7B1iGzFRK3rCc# z&=~7LNXS_dXGu7;sj!KoA<>g0*pc*{g~6mbkP~ivt^kR`=}P151v^pg{X`ho9V_uo z<421ljz)-K(zKq<+n74Ks$y#2mX;yJ{<$@{OphU)gqz%hd;~|_X zUlBe=6Ocq4huZ4|GcZVk5#m6POn)eGG82fcC1z|_PRB9i=$+`z_H0g@u1y82UB(e# zk$yHzpaLABAZ=3)7e`s=WoWSUWm3GzChg7C(LRyBkDXR`s|7mk^syD-@%%p;0Q?cN zJL&fzp^PuyXYon4j!3VVj1U2AOej|sG7}O##-p*|&5)z=psnHAqwdy^T2{W@(0eUq zhlg;IM(3u6eHpHplj^(b6?l)>Skj$3)Pej_Pjy`$F;tfiIG7}Il30v5R$%S;>VFXY^ zAd3C08oL%aOW>rK!kfKa{YZa19 zs4&|$_+*oub|3wpAnrZdf#CnQIrWXlDiXONO43R>VN6i&=) z!QoK*O-*$h(yvW+rKMPfAenTM3Q3Ru;?>6#4MRK{*O76q{+ObsDt(O>#0h8i%&1#tnzCTA;%tS=H79tHY7=~o&T6hW zL2SGeV};0O&rJ3~6Phos(V#+`StUNAe1x)dBp%vLw9+P8Jd`?C(wZPXCc!J8lIZ`E zL4FLnw(F0eIYN=3CDasEu}V0?BRVmW7b6PA@j&`d zDq&=sI`<%&kmv;QR>S(}t@x%VKRHqE_S>MN8quj-l$2K7TGd4LiIcS&@`3KH{Afp( z$PS81vgIU|EO$)8P-;?hHOrvky!WK^6ILvG0%PSe5g$T|l>SL;~JJ%Hj+F1SNX80LgdxfV%tj8FKuF%XA?CXC}eF-bSj)U%>IRv{Mc zR`R_fY#W3)N-nL+I0;itmsAo+VzS)lInl1bDimEF1H@4m4YyN-ly4>=K3nqz7Kk}p z%c^Rkb1W5AYqFLmjDlv?{9426is*YY6RcogMhqL&2F}EcduK>rZ14mVjnL&;|g7~W)_>b7DTKWlc1^Jtv!=} zG}U9NiVGr^?p58Zoh$-AbV|DrPf!9paIO9bhum<(hCCc%AP0hL?Xl*am+! zF$UudJET=F;CbXex)+3hlP+VzL zBB&GOCz3mfl|`4ljF%LHi6t(QMRmzk`Lq+qJ9I*5j}jR>rEg0~wX46|)%~v371-KQ zf^)-sB}&*SFyeiP9m}k{=(%Dd+&oj<^k$SbNFjZ`5gKW%pR@ z_qooGp>s{9>JOD%)^t<_j_Nu-NHegEdsNn3EEO)$(kjZRaL8n6osNaqiDdZLD6CYO zbBIG}9n*n#$`aYKcGQyWrWk+^V<_#k80i73bCvbDZqCxFQfEB*PHqzeROPTFgGL-E zpM4pXg&D&nN^$b;Pe;ET+Mg&{ua9O(DQ18_#$jMWB+_qxK6v*o|EZdKjS?m#z(Xu^ zwOZ+v*(yNXZ?#%!HHZ7B{hht{2ZuB2QioUuD7?^vsjlaE=a-p1io{t-KtKj26Bwu8 z9`ttm?~ZnV&VP)fG+%v7uxN$@Y3bD&%!sBlseRMsnnQ|ETJ6cNC;j(FdmrBIrxhO} zqa!#RXF@uJVklO!GN3asr*-%gH;EYXd8gIww%Q<{ZCJh7Y_+W!8fN={ z)#`sao>`V}njU5kUiaRlwe3i=R)CpLkwjK>3ZSy9n{2$wFCb@Mh@pQ51rM|QM^@6w z+S}RfAAQ_EK0esnFEpfCMZt3aP8`(0^3Lu%wjx77=>T)7hgbOouib+;N535IAD7!U zX&GWlMifqz2aZV`{q|t*`YoO8pT0fVyJkxtZrIWX-O>yOE>V5cA5oITzZV3a%4;MF z?8^5U7nc^Klpid~GD|?!GGlXnFkeIrMO-&vithe&d~|f0d(=BU-qHI<4#BS+0*vEu z+GJDa^RP+I5tRusSmkJB*%MjxC@q)1?hE^n$LK5<-HVk*ysYOEE20MmOMZ;i|i z5sY+7y{62LGS>S`y{Z7^EkwgxGSI>3YQ(Ni{3Dj7nHzwFQ=c z&!v$1eZ}NtZk4@BE4$s~2YKvUKN_!;OJ=i-|H?pMOBhns^Xycj5voX|9 z^xteO*aDQfo=61VbyM8U&}gD;5eX+sHFrn?bS$gS*>ZG;OlHh$b;h_1q#aU`P`N{9 zRi{)M7JVVj$r+A6M5!-+-q56!Ehx=30+N_S#k3Up+*%XFVE{R78SNDM`2`b$H#N)k zEm2;P5N=3xH3TP!P5HD|Qn;WxvnLj!JWanniYJgxbu^Cs(#XKK5_kcLtUAV%SY;Q) zBs$pJ2HI7=-K_Y>{3tsfieSXA^@(zlyul~R>Gc|)B@EFWop1d>$CWPJE)4Mi4xk^B zBq$Mvdbcayf&KilRdIyu%K?mn3movVPLn9XAc;Ai;6D*K-R(&^^kJ`;rf*V?S5g(N z6CO${w$zwOWTEr_Np~|1b{W`@Hv?AR< zlaWgB?Bz9zXe4N;nfBU~xt%f%Z>y2MdauS)oT~DGaWtfmahmv|7hqZX-NY1W!7J?@ zVwkUAAFossxnKf5m&qGMDLHLE5vLk%l52|-ov1|2LIZ%ofaX>sGw3sUX?jQ^1P*sj zH@4OecTTr9(hNrttgRRC!!!)CF*?-U)7@lq50>k@&2UIp)dKN@-a!c$HhwKeKBI3FHgZ7vYIO z4pAV)lqMnb4T^jivm^~T@FAsBV3e&^v~a62E{vl%L88s9*V#yT*5yhWnp>lHT}g6D zs`DC!v)apJjk;h#d=RL3IA23^6o3H1 zU==_a(UKLA_t7gqO4-bwu5cT4Hks*#Tt0n0J%C(irxPveisZV;o|&h52=cdM@nR3b zAjA>c2KjnT)Sr>p6zODuLscOR!4Tq*+0}76RURtapvx-OBGxRxUJq>qnYAS4&uW(? zO`@2p0~m^A;L=+Pd4f4fRMN1jI@1)4+rUG7+%9?Qzkb_m3`TLWi?84I088SSP?=*F z2j-5IzXLQGs5=tG671T6Qt~TRx=}pBs=%0%$6aa6W&oCATz5%l&6D?oMfs7++dy=L z!aD+k*D!>Uk0?0kspFK89RvOFpl3VC$D6xYswC0@%4Q2?~6=Nb5Y5D#0F5dOOw zxi)A?Gj})@Y)6JNDeE0G*`te|bjHYbFx26eCKI^TyH$1jL_W*4DlKhnx@)?oK|CBX zyYo6!Q+Xm_6xcmi9uBM7U1OQOPQ6OSyBYtCv7{{tDim{4@Q2p!k`*CPYPF;dCl&Oi zg%dsA25W4})`o0t5D$x6Jf^5=F+VZ{NK`U`v5xxFsc>;5wh%)~ekm(6NMuyvAW1Q|08u%BG!3teg8|a*qZq04`(}5e z`{Kp#YHy6+!}vYCR1T02)j3f>18N=7De$38bEYqv9E24yMpn;#e(FDPztcSMBx>e6 zuUgdusO@}rtJ~SwP@Uh2rdH<_flE1~Z?`gz#A)7P&4ja<)ytS@^YU)q94q#wa(R|K z@!TLKAalxQ%5*DqnUYu+G#bI;CIs4N?<1lC_IXt;+Ntkcm6%(fm@ZURk9;xb^Bb=B zyp=XsCr_ygwh|Zs19il{l6?yYX7_AuZmw@VG$kJHoG!3cBFMkcMp0RB=^}j;MQ_#1 zT*aNO^%rudRrQ`Nyw8Q;GF=ycSZ2=1oEv7d#MGkXfl<@(WGJ4Vv+$BEiFzCsiTgPk1eeWwA{!7;f+$ZzG6ZlmqG*&| za%OmCL^vMmP*JA({1JvYNPVnS4)6%Af{Uhu z?I%4kSN2Ed$PjfvUs|IwdBd!R5A>ma8+e<{E4QgIypUJw1|&}LXoQMQ$%qVwP-hu>x&v=SwcEghVVE|ryaTlI2%t-8QVWeiTF5N*>Y!(Mu4bqEx@h`- zA>gEKAJsH1UalD7q78coJ?oko>p(6MV43=47ZmZCkLEI}1^Q$!5|WwCm3<;L=t@l% z8%yh?Jn5!dG;zWemB}*$gXBP=iOlmR;WptCFowgT`l zJxytYq@EH6uu7dTpsiTSvA($mPh^IS^fqpFakjLEGj%i@Oy%uz5#mEEufWo=S8!I#BO`mnMYTl={6x1=g;T_JQKej}# z@=;84dMltn?+sQl2V(2}o@yXYcmF$odQCHbyf>=p z9tl8zB;!l*hA(z%3ht|5?H?pYn*{1dIqsB4rUZrbv~gMXi9Kxeuo#V=||Z7ISgSGq0sy}Qa5TgB|Fp41Y=f?=cX5m z<;{_-Gsd+eyKQ@s%l$wsgPC4zef5)uXKDBiWCAFURr(-R#^ho#w;mfmLlc7{YKPqa z|JnP~?lzL_P8@!ZPZ0-n4W%{!E)uoiKkYLV$x>m8q-c_=c0YCcPyu8B$YvrlJ0n37 z)nkA5=fquN$pr)@R=aE$YsM{PM&7uw-?+=~&hdT~FhEI>V;!(GK#eqb6_PNrOhFax zC01TiGFDU1Sn61N@s_R0i3bQ21s*4O`av@GQb?_r3uW78rPFL049q|rY5-nCFx@bMBR)p`sT*_S`irS@hlZ@+j$jfjPivkTlL7@dxjVv!J1TPwWM zj~D}Hi>8U$jm%vP)OrtQi;3^lIyHHc&0HFJQv=}y;;brEi7DJ!BauzTTM@|>2{^oU znGb;qe?4BASwYEH0r*5Eh%vax%atdK!j&$YeIF-k=(3GffMwEnkYqD!N4t%4$P38% zP@8sb(#!jvxpaeh>`O40t74iJ3skMTt0|d+2v83aT$Q=S3sa7~61H-j5LFD_OY};1b7go5^G$ zMz_8E)0jPR#y%@{uDF9a%=HerAt5z3CaNNBmW+&57jqt2Ad$@B4kSR_Ra6rflMYyWSmJQ*CZ`!iYbK=by zVZ83ij^_`x77z}x<#-&LI{E>siN)XO|3&tA?=Iu+F^5^m38!)LXwv-H+@G&Q45Y+RT%gYNndwxHzi@ z%r|ZzS7f`@gqz4Qu=b{DPF?@<1K1}V^lFhpFxVC?FfP~@e{-docxmLBBPV#n|jW zlPpQdwn#EsHkm97mkxwsTDO|akgWKxf|l;;?w5`!4+TFSdFt0HT4}R!fH)=i3ruua zV;Ik`wVYun6XK)cI6H5KNw&zBrBipqO^NI6Y{4Edmmr!TCA+!D^*JhvWvCBsJ%> za$_PjN0tb55W^vF~~v zWt>Eek)fAk%39s%e2>SlchSQf*EL{icT`<5e!$mXL`jc}9sG$p4FUnA?PAwW=G3LM zwX{U3pCbnaDxq)7OlZ04VHAaJ94>N}NqB6;3-vHjIf?p;>_J(oUfN8mnc0Qxm;x7Y z_(QlG3Zz?3ZZy|3aJ-qQNP%wMT+qfzHo2`e)qVP5#gn54cQUAja6Y|eitEg}Lor7% z2TCjDb<-?WT|ss=!Y6Rp#x!hJj4~`VkHfc&Y;$ur7+KR~!fvgO?kJ^;_Fs4UAJF%F3c7J#aAEo&^vLpa9aq$_0YQ3`f`eKYR}Lw@zSyI(p*Znu|?iznPH; zt~PiUu)4%L>f+hOU>$*q+D~~7NYt_vk}^6AZDDXF$TA3Jp>)XzeSDem^nTn;oh{E| z7>O6=TlgSfmZbg{ql>%OkPb#^{j$fwO<|d0iMiN2TYOBA2FT0?>!{bWdVI9$1dw}? zD$P01HV0_qT;3Uy5|kXMC+Z_gt#Z+s80FU?zTt^kg^i#bN~ zECva=z;x-rr zBIxNePRQ_hm6%n`zU;BfksrWi2S#^W-H-2dK&GimB-dQq3pc-dBF8wCrM3t-!ACX% zkj8IFXY% zfsL__0#01OW@Z2)4-Xzxnya9)M3q~lBn5Wjt=K$w3WvP|-HB5;K#uJ0 zQOngs`!|;Jwwa2hFOutE9cK^sms5@s+G4hzdORU1dKY zTM(dMwE`4ltgyoFafOYF?=+hLudHJY*@O{RAnJ)oMKPRMP|jTMXN63ci7c4So?sKI z+pIlINVbVE2dv!0aqQA#&l}YbWb0$#yk(**USx&nB6FA~$}fHvmUc4*#AOqd0nd&x7l5QH{nNs8Pf*2W!pSP27oXdrqkJ~-5 z4S64GPl@DUtV%fu;^_UiwHJUeFqmc846IX&?Yd@SQ}qR}?%I(69+B8iZ`&A{`8OyN z{qtW2_z7g~ARPd0AXoN9N8S@X|zw0nC-+gZ*Dm3XRF2X5{09PS15 zsa~ZMUO#BNl($B*Eg+gWXdf)C@yb?imYeyUKpQKq9$;z#8{))} zX}05|(}930!rjcQ%>KBtG6gvBn0?(sm^xjS6gp04;P}w=X>}v?GAIZx1-M=0^b_4S24ZWubYkx~BSoamrp_gClCYl@`6(5*?kBBWZkCNP!uBy zp~HX);3B;Fapmovbamtnw7wS$8;?a9Ud`#zrP!b@2zA}lY$B8HV8ecdbQda}*r+qp ze*`Gek8{1V#ZBu|gZnmrtFXu-V|ExZ58mq8A1k&|1MMuJO` zX#nh;)PFBNo?P_z-tX$7)4R>U*25C9KmTZ_>J+f@y#57X)Sa&c`wSJ4kyuD#3*zw$ZfAq0EP=Xn6;vJ~u@ zo1b+pJ}MRSJoeKU@3>(LkND#s;db<;AyE67kIhF8&5mFkJd_b@cTPVq`bV#%y>QVN zz7LUgYS}hB;5J=VBQ*gR1UZ>x1zQmFLTPkGnKB~-*T})`JLrYGy`7+Lj*+4`A7TL# zi8{w8Zy>i#XK%wOZo@*^4(`t?hA(AuFIQS*g-F$%D*WWBe(gO^tH&2!zWST?c7CI} z3V-L@KwshS%Krm(7QcB(@^@)&BWbQv!A7=_4YHdBRDnIysBex1vz!c@ECR8DPJnLs71ZWHk_1N{J|& zEG_67P>ED2;{?$Eq z?cY<6(ehB~q*&#gqOt-Wlcc#0GeT* zFqS1aEGCG#MxLXWz|eUXvENXvJTN$zIm7zV$8j_evEzk>cmgIJYu@d`$m!0Kfjr!* z6^7s4s+D&%UQn2di;N+1UR@mK%AkXOu0~Z(c6in|u-?dKDV?b9tq#N3fHjR0s{k zxvNo5EfdJoajhOa1LLYpD9mhGXz7D}9% z<&jN=4>iUK7Ci71-sl)u$U$M;kb45HqJ}f{_MIjflrDE`v{pa9(;_I`&;zyX94Cp? zWjwLcu)}VCadJL-S31@_4?Ze5@zPW951i1#E9PLw4aC7@9 zmWLOkD!K%^RE{pt4H|W%mLP<`%6m=4P9DrwF}l#r8YIIT`X`vhOK@UH;Doea=H;<{ zS0#h|yK%2az z+U7X6Whw!Mhv?w)Gg8a0?pD@dV^Ee5vq=yR#u9+jDV3%Pww5x3iY)iz6&+<1)-KZ- z9QIJi;VYDKX4NN^mXK3Vz}(-vaW)7;*)i@p>JGbRg7o|Xs3z!}D?@kK{okICwu=6x z`|sGwTIWs)B4BiQCW?&W_*t=ZIGI3JVba`Xr6>VGnIcKi#g%=UNfQC{l7V3EwRfqZ z!xy{gFoJ{-)_Ddly;!TnT17miFmLGJA5=oUYwi#Y*f8>5@5qJxB}@D27SnSxZ~c2U zo@d#uk%r{rGE0;{%HN|$4v03(ajHr&I@bOzK8hz0?}m@C47nj@q~USdyI7%;s(YT) zTVk{@o0Ci-L6sV!kZ4VtaFQxHnOi*_c<##-7As62>Abm!N1lr=zM37rwTM)nWGfYc zq_N7D6jwp9^9(o64KX7Q6V*;{JDqz#o!#JCqP@wxU5ghG8*gC^f)p=U+2~kfZ$qBy zdjG>JdvW{6yO+QB|F6;iX8ErjfWtps!45y-j@V>GsvlvWZ$3WU>lN;l#bB!ix;l6^ zZMO}Q02;G!FwXlm$2T+1KSW0HTNnQ9p*8v%jzI${I;v;4wSa_=;0YJTYRuwPZJuOj zoxnHf%tK+3lhK>=_UJ+cQBRakA1Q!Qh_9)zsn3-wPFpvYDu^Bb-zozBlUnigRK9n^rGe(2!8 zPCwLSOk1K&{$o5FDw&KaMPb@6vaA%Tb{)^lf$VA{UB;P}kSUl+5c;Oo1Aj`BRkK*f z`Jc_#c^3IVt{?%aL_rWS^~xCSmsE#M9(|ETNA5#^N_kjZsvuNX#Sr4GfkH^|P*ete z^&GLn%R~>1TrxoY*B>WEmj2&t+@kxGt0jn>Q zgpFd|fBO5y=hM@hi%+Mcqd)(9*E8f~sS(QHcJH9bCYiZCo5}OnY)pyevD0Z%b%ZF( zgg!qsUwtq)$ELcW(tZJ`!ba$!%g@WY%Hr`E0LYG6-bXxctdGL*wAlsNx(>-uM5z{e zVzz)CEcvq2b3hGb{vkO%Mh>YMlAj>bHsu#!xI2d$VdI%q ziE%@JTdJkPDxA*UkG5fwt|0E*P{qHRhgb10c&o9q*1AR*zS2@mlk8sm`!r-ko6OaK zUD}})uXo=cAn}X3k(n?R#a>Um>WQ~Kv3JlDul9Q4&8wc++ke{=`v(U-aj>`76MMV+ zuXnKg0tT%$n_;2mDg{)q(2^y`*|Mzg1{mh} z&kYU{i^ja(1ysAB(rjvb0d5wcOMn@NKzT;`0Mf2CESs|inhh5x4}dF1YJ{@DF{Q*(Nz5xsJf_YA{5!)DJgM`!F-XnOjOx<*<( z7^xFdE`^gdPQ|BOrDx21RxD)co3gyOYrHD0%7K>{{|yl zOW!)p!gI(f5xPFT8c@jwW1A3LK2FwS6z~bx++f$aYBc8fLZ>;*!Ei;w;SWu94!jyh zQy;*>kg_x&r!P7(xi8d1tRZ zr|1VmB1f$f=Yscb^^EdECR4A<&G5zb>D8uFZ{aO6;j+B(`EH~hx(jOpodka#HsuiY zvv9o74?~j=q8Ny}ojK^OR>V5LpuU{aKxmqNQp911dg_h&;m{5Wig!=hJb zC~^jlQ{;Mg6_lueKVB4>x!$X#HU}Lf3mtTVx#lTe!Qq>W1CAcGfl>6_r@=+a)B8ID zHaThIvvHD*cNQ{EcN9uGO{MyiBHAHgJ5FbVNmi&#n|f}jTj-@8tmGnjx&B-XF1<2> zL8q!-rM5qRyjQ>WFE-8f}JAJqPDlI zgRd_YG!=3NAh3enQr9t4*w4IewNH-Ip~oG+ySZ7YQr@_W_f4KfH|DB-W1}STuLR6* zYHW%C0{mB~Jdvoe9EyMX`=0AkUrJvm&o`Cr_wC+Zd|iiNk6(J-Vs{!}D)W!5kepjy z=UE9@|0*Smp!oPu}Gw*54W z1N~UYsZ6Daq@Is6Sww_y;99>WW>m&p5Mr?K_{DABFze+B#{kGgo%LG^5#BKuivDCS zi&6l7K!LySl!a2beb56cw58)nO=JP-GFo$r6=Nu8dv0rUA$$ZUYy|DFW zb~6L2`^j{JS()9|Jp(-&()d9{nQ1s{wHbdHFBpVGY^9Yjpawr7kFE+jJ6*_3k*bxT zP?4O#?Ma)fHh3t;Dc+R;O&%QT!9K$&kwCkFSS#k+VW*|L&2TrQg!JqDe0eJ1LMUE* zJh^`9Fut{0F2QZt_x=qTz$Z<)Dfvyv5B@ESvq4YfQtSJyAg{@>)bRwf%#y|AA2k44 z6{B>T{l*7?xU3976Ym(@q$~Gs20!!SpET)Gv-_cal4hkdf3xx*8Bq~N;SI$X_~;Al zv0oyUuD-wq0e;*BD2g!;Sve1~GMDi}^$6oNRqXanE8M?~Rz|#Otk;cp(|EfPZ|ETY z!`^6k0otuXP82$WuPXt7$t?wrKv)BQ(NW?O?3i#3MWd13;dIL44EZ)Y`s+OUp$ zN>Nc*Ac;|a_vX1$%R zqhq=+=1LV;t!P3Qz9-Rza_~f6K%%u~VuTn4%>W_*8p-kAh=cR`mFc=B6M8OT? z2XjbzMjr4BX&$h?^Yv+_C7b-tOe=hcvdS^<{@NYQ#w#13WaLr8GWW%^IyFwpXIWQ8 ziQe(Wu*N#PrC5O?=#Bq{(O%7S7zqrai~Yg-$Of~pO<T4|XWfTv1%>kb3ttp!CW|OB8wr|C;==3-F=xDzrF!Xl2r?H@+CJ_X$ohiA z*oAeH#tDI-q~N`?EFdf5U$e2jY*2)UBRoR;XOB_)mAO0g^*k%#JJ0(&==h2eTMJoQ zlKun;2ig|#9ds6PlmdhaS&uM(MkK+Ur0&e&GtHJoITwp8E$5WGW|fxm0kYLtqMLZ7 znGH6{WCV{0yjSm-UhMxh8|$4d_Pp$44Md!u4n=oY?20|{hn?5r4^9aEnS^bpwltk{ zhBJ1g^->j=YU<0-Am9vxnLUUzufT1bMi%k|NqBDw#zFSu@J&BhN&?^F!~qplo9C+g z#-HuA1_V0oYj-?0cmzO@ZvmLm=3WAyh29d+=PMB!s-Nm1(dr-ZG(Ut5y&^X8La2B| zd=(#Ueh{0~ANoK%n+HUj|HE^7KeYHh6h^G5i;jWN;lLSbmGF(zoc=FEsjTA2beScI z@Z9B)V4g*~A~gZ`DBvz+4r*Y|sA7nj4e8UeyvU-uvlNo1jxVcX8R`y0(H zRVVM7oA(c&KYTbnxw$+!J^Zup>+N}ak4{IQ&nnK|uuXgI=%e>Hy<=DK3VCt|clzLC zTkiAK3BA7J_mB973m-D2J>8?vBs+2Y2_J)v(05JElXxOEBu#3hg{SGlYUKEfq1bZ- z0~cibdCo!Q))kqXoJEI~N5TR&97Ag4E9;Ft!p#pKpFF6^l0iZEuP@3h&ysAm0!2wP zjEh&EOmJ6}O(ry1izfUS_jmhF_hp_B9Tp#T!3Bub$cE54q(+!zsV)ofMGt$1JBB~F zg7QbMxZP~fFLNOuu5Q)6>vR8ORBO?X5Egvr7fij*pP1GBIn}a^^%Sz74aISGo|P;E zcDy-~MHZZ=?r%@!zR9^BsX?GGDWi*3KZy2k|A5{wkq8{l18tB+k8_yOe#~Yq^B1=&3RPXMg-FEGv zNFddZosQ`05~lz}f{=|nxhf_qE#(Z6Bh1MUak!*~Efl&Oa9meK&jRucC>$5^;d5%W zuNDK1-4)Gc`%7462rlto_|hAvhvA!Fq3MLd@<`JuBOxTBSvr21(Mlus!iz;-#93jE zK+K)uVb;`keJ%<>e~5+SqtH4dp=~4e zBCr}`ur~VKg<`b_V>NZCId{Mz3uZ=^mg=G8z2}OaAK_!}s;T~nSM4_k2e0;9=sIz_ zk-Basjrr|ArOE0t%gXQLL?KFBpf47hQ)Qd6Y<;X2f<9Y zMQSx-6bLSNi|D8QGzu=HtV%nzQ2(#?_Fs7h4giJ>YZaaz7rt6au~ z=}htvKzSfkB3L~AePEY`3Fd~Up0X-{u&hL}T` zMO=@$_6WiWZ*?co6aPaZa#{!fKQSIB;OTjzahm7;hRVmLV6D25i-c6OE*lmjk?<(I zh}95P{TRPu<5F-d@%jY`9A1pPPH2fZ`MSUwpTqXBnx_ZVe0@j_1Ps;M_FU`HAN}9Z zYW!_Q#|1q7DzS0u37TQ2wDo#_ZBU$gnp(K6g7#=QX52zpo6aLV5rQ`|OM(}(yLNa> zgEC(&@=@80gd--=>AS!x|;=}ocs>h0d!_xlI0-}rk&R)~*3o`_>v$~=*&5x2V}rfmtiGMDr|ioFAUHyKpDI`9w5($#Dkx3r7JqOZ?%bR5eBERNZ-Y#2NANtrXM z3qwLVq=Q_M|28}3zfgnOKy+X2>MkvoD3-}J*63 ziiZfI6t`G#c#*4uvo61+7VYisQhN+71XVay>6v_Zj-mJyUp8`8^f~`Cw#igSjbW^d zDMm!0caJ&z3PPyAQw941nVCpPi8LocLPk)u7hrIgaExk~Uph`HJu9SC<(7B%>`=O< zADb#`gX-NwSYrZ!z3+60mIQlUP5bws?E~i;;S%U@Jmtb+3{;e^lv%>zI%6_1R;%y$ zXc3O!+8`ziFYv|_9_wMGA+y}UHmI_CP&_46RJ_p5yZdh;LUfJjx^a|fKRioo(W1>t z@F!4gjvEylM|`%$dL^hD5;oF8QYMEz?#2?r%Mt>Da=M zM=Dooq|!<3yIPJ)3gDYA6LX+R>pd-#Ldj?aw`9r|?>V;?&bc+=19Fuu#b1|R*8;Ap zV+>CP3&CoOq20)mx{D<^I`;e~eja&Zdz7ULihY5|i)B75WTY_8=)O+Op_v zAJ3<*;#IeSJoC8KweDTl=3n=Dbo1fx=*N@u*wF(qdGa-94*ZA`^c=T*SF)(bmn6@{k<6F4b*|>#B;yaZptuKmf zteWqYT*MqYW94lge!b3p)xFyt?Ct;aBX>3Ei{ZtzFmu0kL*m!JsU7M2%TMRm8*NFpnafXnm%p^Lfy<;_w(pC>Z*I-I`vph%}o;&MPgYboZZnh z!-z7j)6Gh>Ql2$jm*7Oo{W_V;bfzNfB@s_WOgYelHDoyT?8hhw>1?5dUXJ^mvWG?zW09tPse4)sTWA@dzP0!_<47s*g`cN$kHGuSYh=+#=w zb=xEfH!PwwfNfm=q*InF43>;VS+`osG>7(n8$b0>*N3yUcfp3J}l%tq)K@55<8;>#77W z7;J$mnr6>dtx&AR7+lrNJpq!cCGk{ERue|5*6_jF`DU0}hlsjEd1I1nX1`ELbSCv} zc-aIm8Sf|FO1uY=(j`UVcu((C5ycah(80`i8tbw`d;9NQD%c(V+&#Yhba8QV-0gKw zE-yb_cK`D4+f+7E>8km2WalQ&B16IRd)x6or?MWWYd@fAKsniYSQ?l9Rzoq8Ukl}J zU2MXX=uDqYX<#WUH_asS=2<(iNHn|wdv*_JPytCPjAHP`Ynhbb1cr`w)@tmUVZM)3 zA?$&Ff+b+dUXN*|b^kZHKZp;-_N4`R8es+{b{d zWnrQa(~T2eYL!fdxh$2Evird%03wMGw1{Ebx}pqh zQD&n<`=Cq`?`iWg!@oG4B+E!)a!Or$tsd6Cb_>4y=!)+KUv7Eac1xwp-QE3qiFyr5 zHrpX|tQ|Azee)ofJ4B+nqOb#K`3|fHO}8ib89=DZ1w8UrZdlfT;eWup%3m57sPuC~ z3Et(*E@8MN|6q7cT{9KC3|F~tErNu*;ZmLWRlNiPvn?poP7YMN=1-RUzU&i zOapL^-g))v{aeT$W-0_04ZkJp1zX@ioazNUKsii9nNPv#)$E|OMo6qbLgV|X&7^IPWQr1d@nup(U(8+O%k7;mvqF7&Ip}c7Lt7A? zC%Tg&>LU3Ucx`+suED1^6ZbMMS?)rB|5V+(IPRkS3F!$Az=@QdZ`bC~1HZ^ez19K4^=Nc_iFxD-GkG~f?hKIH zG7+ayd>2PcnUHF03gEAYX8|tfMV2Lo+C>%_dL#sQ_jU*H-_E=4Uz)02NPUZ!qHn6z z9MhQdasTzR^vauO?Ugr`UYSO_yTjqm-tOy4ue^EAUU}nsWp97iuSb{(t1a*(iL-Gk z7R#iJVLAgFn6cZldEWXI1(S@nVH=$VfwV|gPj`O?M{%IaTsQq2k9Wmj3(sCjew!fj})aF7><0JuMJ=$hn zE^#N`#1x26UoCSEiSou{ZTGz%wDjM{dkxc8}dQXeK%oM*QsX7VA4*!5Q0>?;rFCyjxbj zc+>a=w>cOdPog8A(@8iVI=An%t%7a=o`gW;HOS&-vY6@P5%v790l^%}zwwNp(U{;D{>>VF+`17iUZB9aMEJe6hE`tBt@USK^<=t6lLRUg?(|!3c4ZGO|d_sPJ0KI9yQ**&=Z*%C1*}~X{eAQ@G7<;wbsXJ%3vsUTLM&4d+ z$XcCNowtVF9+cd9kv**Z9D_zKr78H~;(HOvQs%OpceVt;Y1`BwvQT7VGS|v3OvkR- zH=lOuI_nku6WHlb3#E2CTjl}eU%B*CAW~JN%9tyel=ENM#|zMa{79+xh8kY4Z3L4h zka(MPV4JQ|!@b@8gE!mOq-i$)&X$jG!1-Obe;yA1(op=3D{Sigu(Ag_1?yTUj;03x zfDQZ*r;)j0gMuU3KUeW=ejMwG5g=C8qvdp8q^7_)D=f~GuG&u`AK?E#5Yxu4b210?*<32+X2u%e;@mHOt9lx=fx-yLl6h3VxnuvQ1oA$XTN9z-tM-9!oKodLE~<4!(g~BzyzQ(OgOZ?P*Rn(-$`Hpg4PJ z7m`KVfKkb&B1=up>_wo`vRD~ukVy`CkxD(kQUoaF(wFq_%}lEVnP}ztRxs0Bmc+2q zSqqjUsiQy+BaNL%l)U5k9*_!Puvyor2OV4kq|zXHv_AhDYkBh(wY+&kEp!l*!isnL zY*`Xaz|$&s6<-<>S3otGJIn-h;D^yiaeZ{b;wj(u(n+DDMjJR>IHB;zt4}*0FF*Ny z#;7d;V5cn7UN?UjeY`%pXsh_mQ!0M*l#1Vk6?alu+D+3TLgO_*@8626^TTVgz@*p= zvV`zXa&qe(k&t>W8k>D@A@i$Jmiim+|yMRuk*T4*vDodDwW}3 zVtNg}UdRVL80@I*y?OQSb?2^Bd9Bxe`nS`=b8)>)QH6g2C5+*W^MQ<2 zDPP)bl|Tn4M4vVA=(n1QQYN>!mg6E4xh%?+Fa$-U%$})11HiMXgsR(n{7@iPfmUXF zHd7^`G=?5YXGc+0ssHqZU=RVPjA54;gKiE!9bg5FDtb@ z4DEkHtcKoySoOqNovi8W5M={UFXl-+iOXaaq}X#xdDyok*pSFTWW+=Sm2=^xG(|WS z9SKi-Wd;Ehs3AtA=VKz%2+q$m(ssS0aoHZU($l&d-cI9m`C#QUU79_QTva-dh$&g2 z8EXYwiD4J>^d#6wY53}KbD?OZg~aQEhTCvJ4V*|Lb73eygT;V{AJ*x$8~HMO8=Q)0 zZRQ(nTmTj424Doj3_yXT+0-Y6DisfLPsCHtbmw&*nn(>P+&z5@UPbM|y-!kS#PW7S z!+WGMgDgzolRpV=X3!vw+qRs{VKcE_pcZE{E5vvO;#X-SKxd)L~c+S@>P@f&F_=<_sRPYp1g0?OkVOcBTODanehjmg~NdIuapikqyEWbx>&yN znA?~b%S5IVb4f8jKfo{Ls&n`lR@F&bE`EIa`t$?Ixlu;x+8h>Mhh2R8GLId6=9Ukp z!a^-oDU(@N#N~X!*R9k8KL~mD%9_PQ_dBEyDo`Ws0H|3Z(AmG) zVXh)nJsQvrC3u=mt4x3;LoKq>-Y`-0gNk)3%btjI(G&C4xQLNE^awETT(c(=#jzQ# zYR2iaZ{6^jT?L%O?_w$b?f3!+9p(_QXQl{29iYW#=whZ`L>UayQY-V>%O0L1+n@iNCbT)4c5S|cZqYLg{ zFp7^Z%oSeddYSML03o(? z_Tk~ZER^^G;)<$O~(D?ZI9@4LcwWP+{=Q(ZyZV` zt94LCim@0TX0$44{`8?d`6mmh#l1?BfmbIlkD)lme>K!QUWt3mg~(mynmwR+ z62vs|R~t_*x}lg3BfX@J&%wB(fOWpnQ{eD8yR+-ZIx(a!kpLvIMc+0)478%Ucz(21 z!1TV4Q`MglcqZj!WQ(?(%wu(jA*JZ!=g*jGH$c5%03D^76sI5Dx#F#lsNpsBi;bM3 z+BB~jVvPV3B9#(kFp;e@M+lxR%c*ZGe%U%n1)vGv6xldVd%`S>@`jdnj}J+3@bQjL z_eE9GIPYHtV4!BYIf285Wi`k)BoJ~Wm!$x>#|xFZ!Dv=Bz(-cDW;f9)IdbcTa-izp z-QDfI+JF1zEjbOh<{ihYh6gBE%RbJ_0d)irur<$c3ghU8IMW`=DIJTfVUdM5MQjU9 zSN3gRVmmz3Oi57Dm~Mh4W=wagmoccgdz5Tlj*}H5*!L(=dm7;-iEU9ne;^i<3W7Xn zpnl+il9LYY1L0Z;E`IO#2YYYck&>m`6W#sY-M!&(=M8$dnUA~={==SKR~|q;nAO2K z8C5P5+L*_2%F1V+FtAb$d*&}>qd^c1q&9Amt%HqI*e(IIv>ll* z8!40D6bWyQ_0W~imk~x6197etiL@uxnrI87McBkkNX%VHP}6z1jADYXv+gkLfCR2T zvJ8FZh|DRr7UKuq;58^?VG~)v-zjL@BRDZUdkRI zbc2)f(}AFCozMyb?F%(u%yEtAxDY}L7aCBc!5NG9&4!h>bGL^(00k#mFFdHBES9=7 zuTLHzlE7`ktzvDvILlq(!}xe{J?N=Ju({^y=R5vlAHd#>g6cImq-k&;!U^l8;$n-} zcqJs7!3N^RKO>EsX_h(MW>lrQ7d_FZUt@{)c)IDjr!Sup(36eLy1`6%E8g=Vpa=hn zLy7Tow28Y+|Cn_@NF?CK(5XU>I2ZAj(91FU$>>4QL+*^PQHMo~rGX-eprrcCrlKp8 zqzezNs6S)ydxxV_NwL8{<|&!v$b5%^COYR0Q$OMFU`RWpdp z6vL}>+bb?VA{-CJGUbU1F}~nEWhSc;{pa!y1=l2=lzJeptR9o~JiDSVUhltu{r=6{ z{r3k0R$poK9o_CAbj;{@D0a;h$!4CwYBmjY0Q3@BvW_K@U@L^INT8yfiG|Wy&R`ps zku0UzZJlUGkTozf1oje*SJY{BG+n z;=4OP3#KgRsB-3WgF4GpYxWedF3NNjHgG3WcRRX_vL&G%ApE!UzX0DLGXc>BS;%Rr z3eww1@bL1&Ze>}jMP5Pxwl)pNeb2n6zzfg)n;AD#{7gPv5~R?DDvlgQHa(-bzmN~C zgVQ&;DsH^G+5TvH9$F3_9nEBMD6QOq9reTYwKas8iX815nc25>Lm7D)S`g~=5ve=JIqW%tdl zIY&%AG#)i3-|RMc(;4weMPi=iMgpA4B4V}hL*JSr`rs*@Mixx~+B8=(QiYQe8D{D9 zZIix&rYzxmLW>`!)AQxx8d>-u%k}A7bOaj_DwFt?Iabfb@JW?l{Mcc)TDV~kYWOR2 zYgM6zE3m>xqtnsnvzwFipFaKB2NY&7;oyA;Bm5}#uZJ-lkO|O*>&U`*adl9-wp+Z^ zgI;zF?7QGB1XSH4`xzM}s&rMQ(`7MRE*KO7NE{ZkO+Ri092bP#`=g^L}TMmOI{iu4*XS-dw}PItD{g2FcX62&UYe z%-%3@Wkr_D8CjeS$Jd$d`%Y_egK?^iBkA(W>0p0_t%(>&w1<+G$3e zY{Q&vM4W6zjNK3`wu&@qMFE>vgw{A2exI0Hq%pBblUl4Dt~nT_4G^3C@-G{14Wfdh zNvN3hnaIfi+Y;-ujpndeWW`010R$EYa`8m`;$QSomlCIO>Fubf?hDC;@T1+&DfDlu zqV5LW=eX~*AWc`4o9jLf5T?C@(t>_an85$C0?yMGPT;GsgMQw9JGgz`Y z4zbtky30yop%QgRq0sSNoT!=Nyr1;5Zt1u>K?mQq?F+VrFK*X@FSUY?Yy=+eS+Hvl z#kSsch>({Arv&Wjd~#C?9j6l|?iDHp3bn}YR77?pX48Xi5t!+yK+i!`M~IjlyP_D9 z?4~6`?n*6^ES(Y12B{s`L4}V<&oIUM3QXY~Y`xpSEH-2!b5y#e1c%@WB)dOh zPp*m5UShv5=O@=UA4ccLH&-W@KaGw~zF4=-2c*S#Wr?$1;0rWm zP+15ApYg%1Qu(kpjnT)86WMd53&`sI3;#o5&F@0FtiINpPu^wtY0ZxVZdu{pn_Ou`{~3 zxxPF+zq&ZQJUPF%g!;ma)#35k=-eazCxx)5F=-pKdof;?ViC{gCFm;rxBv1-aWL51 zV>Nx^r>V24O|JfYb#r-g_388F(aE-t5;{tez&lf}P}|xjfBbOqJ;*v2CzofR&Vw20 zv2O@h+5eE0bMx8v<~u{ekg|5>TO&v$rplgo^DCCA2b>GTU&Q^)Fn6~%*xw)QimY(u zBYJT#*bQ1Ub$de3@y1h}wkYq5KJ)26LQiG8HvmF~H-j3MmsOHg7o%ALN3yaAs$#UC zhQZ$_z`chPF_3p)beNX$Verrbc|^xcb5FRkxcwtcw1+rXel=eK{z3eB-S`T9@J{z-o)3ez+2%Y;Q=Zn4)@HOeqS6F-mu8WAu7U9LKwPV0 zQ88cxUndWFp|tkTX?~A6D6O3_&H9`Gr7{#2vd?UrqqOqYcPIAATflVG3TBaVI516f zww~3ZJ*R~uSdU4feV%Z-Pbthap^N3s*88WOS4yPYlg(Z|Q8=8h0i zs#z0j+7hYpl8jR_TEuBnCTnnpvMC4^%sB9jTpud1rg3VHlxR6| zF5>I*4}!BLg@eDap!i9aWjw2tCY~eZLTeA!W$^~*-{`fTC(5uglXhWusCwun!)Y@~{ zJnoa%?3E{;(=ShK;+ZEJee=XudguAQvn4{w02iw_&~;WCT>92I^*zO{Z=GXbn`_@1 zt$fYBuc_>}xcGfzPd?@sSln&25wuvx$w8If#OT3GxHpdz{KrxV1 z$CnX9RKNh>%Ic{9w#-UNsm=l+MG?{}#bsM?7XI>I;loDHCu}ZGtGO(^^tA`KBx?Ra z>^pOo7B4tnKaKd>4^1?efS2|pj5I9l+d4>gSj*mlh3>wOBh}@D@)Lc7rW(k6byy*O z(CutN^aKSJg2|O#lsa3rzs{D%yMw*41igKXfxE@hy4ul11CU%_^EXM9ObMF(Gm0|c zGGR`cQYEX-mRP3b?c~r6L|me8kuI~GA7db2DGM8WPXN&7$y82C-Py9?_Mk=7iBkFD zv{c0?jmrkGBywx@!VEd@t4wD~ix-n+QK+;`Rz1{(na=g&NL~&)`fh?KP!LMvN4?+z zTBVbDk)`o3HEd1TgDE2b2Jxz5niUIibbcW|9t}F$ef#4(eGb7S9%&~rU7udnGpShQ zxj~1r`jg!5gBxgoQ1SxZC?QfNBMPvGY*e&pu1~M}5(0t=6CMR-kb+~1kA7h`(_|HV z3>Ogv5wPQxGx4S~!?U*+h z`-2Am3!K&9iY3O&G)g@BgwPpBl5@;dCkzlw)SW5-hO2e{4iKY;4oesVc7D=U2@iL# zsYOKFp2)$ZD7VRP*4ol^PANcqMtX=1#=eC|hnQ&&P^ZlalbQqVKJAzBLg6g`0FA9* z=Ll?t>#KCmpwn`PK$VjR{b7?^v3{A&ER7UXKYLe^Wn~{*@3U7HtFI%Dn!F0V&*mB| zu3$q1XI&*RC7L5n2~f4dQeksPQ?X3V#-`HJ3@IM7y22jhUWt>04(k$gg;=bjFf-Ve zzpg?$u_ibp_T^`TLS86MIJ$#N1;7Y{bH0Cs7zdmmO#DB3ARy0J|HH}0(YZJ}xx5~I zKRPw5S4?LKrReA&Z?Z+749 z!9yg%Jps3tT72d`YBF%Y%2KVoAS48~1aK`FE-O}YenN)jF}!sP^;b11yC_*2ISL{@ z(cY!WPPc0WPmyHzs<3bFm07OIn1HXkQIX}{ww~_`tVX<`u6T)0%|{(#?>r;1>5`f> zq>q}=uIn&d;_Ui!n1cZUs3_{(yv8WsSW|RwlqsEVmu%Dr_q|M)mY`FR8q)DV4TLJ^ zVA4~m-Zj)l{59@NrkuNy-lVGhKlD#SxF@_H|HqZ-b+-5otOA%x$;0G^oCz%-deAw$ z{%mIhUt94+p$zLN5?i>-qs!w#hn&;-;nC$WZ?*R-Nq$VT`*aj>z;qM*1f5r=bRTnx z#I}3`=!7aKQI(8&hRc;te!3O3g+()91bk>AYCMEXYvEv>Zc}LpI+@;U7g}6k<0uY8S70=h99kMstW%i+=4g8MVtsNUa-9UvYtDl*~`&Uc|J$S zD&>E;WBI3xlgq>FPnS0z4zEtuIGBg7WM!=uwrpN|95o(KIu{r&S5^L>SHANA7L%jq-!4#V&L4S>z8jhDm|C;(&P6CS8{>ji^^dp5Irgf3Q}_A)EjVOfEsL2N ziv5G{o{whW(7vXC)l8Exnn z{^ANgICAA}_yf9LJY3zXdk$29x#YK)e+9r^f6L9@0yp7BWux zOmLtRyUq5q}QHzzV@NzJZ$~|5a$#;QyMohNn3jexrNa zlN|&rEh_2`YR|ycS3BKRxNC8u+W-zMP)>XUCRpu2e`ZuLAwpcR#)Y*88|M{ZxM4(E- zp;-CodU+PHj~u4?G{n!dNL`aU$zFcG3cw7gu$ly%e_c)+D>g%XAi3}XBe>}kmbGSy zXbW37RsbGmKXz)E3VlP-$6Gu)AF+E*QO7(3v@oe_JpiIu>G#Ng_|Q$DG@4{7g@e+a z(HHm2Ol-pdZac?>LP-r+YFlC(86N4+`L>truzlD}cMKd?RO3}C%cUExWlAaQF0$xP zkR8>B*1c5Vxd_>k%mlzJZH0m^<6L*+l}($DTONGl9rD2*-t%z5dLY(Rg#KK>S?M^yo3S@>GzpC#}##aHFC zO*LK(#tx?B8#}y1qpDT+`~1J4I^DAWyB_^(_2`>wO>I|it}f+I)~HL@RPR=}hg|d| zEoCExIs(u-=%hvx-wvN-$vz{5k{zJ`WX%|zPENm7)oum4t=-+TcvIDuzgg))8}dvu zEX?oVE~X!As2y=C;=IJu&CGvuLBc$HcbEnW+iip^F4vzHN_j@_t3O}eoP9d}e0owP z4m-3~M&|O$*Fip-kTdYv(GQoOK3!KHUR+-u9-Z){8E08(&i?#+v)~BZ1wnzG^EWI; z6zI)Q`wgPWmU5AECc66~E=!vO%G*MGu`j4|D7ri4BIixdz8gffN8rb87c9e6LC#Js zCq~S1Z?C+6wlh( z;P;!eL0@dhMqa3C63^x}0i5qAh3aDgx5+qPIGAM1d{)Q^U~*fMq0~tI!zJ_09o1;o zcz#@wb;hDkp3PZnL($xh(MGblEB&0Zxug2E!nvdHH0iwh-8YEmmQ@tn?-;-K9mDnY=9din%_iWeErMk*N86EFOly-@v$oXpi1yla&i;GN^! zi$WclcfO3cA(pyh`q=vY!=>Y^aMiukt@k#xjj~o!#IT}F5&+tuB5`znVH1DhHG{K& zlU>0Ja$d+=CA5tt)2hJde5c1yf>>z^Vz5XZK#$^%J*$qDIu_Ejk~uUi`A`Wb54j;* zCJY+n#oQf}yCykHXFJdB-ME5#dA}&o6 zR2pGa-#aamcwETBw2cx|;g0kJBw9l(fjl-HDreI4t__-_tSAr%4Tqs}&EZBctWsIK zs8AAT!%_ezRwyGafXN#y!0>Q(YcWx@0MykxnNHN8gWYyi#1I>G;oog+N84z(yKF@r zhPhc$9YpcqHj~^50Qee_ zweiD8trx~_FV?t*{0R5H%wsR_t@ow_H_O9|5uoH0l?(MXX3X&pB}i_@om*y{{tWtA z9N~*Ih^cq6k~r@{X!El&We#VBDfVE|0~)YDfIeX$#%H$Yb>zag<$|I|2jVA0$oLnr ze{g_{G*XiS^3(HriU=xKa5t~s^xzIwVA2F@P4qjHwe=BsEC-?LsO{1 z`sg51tTM~9$8+4}RRRgDCs~0(yOf(54eN7MSC(Eneu$RO^CHWOSe7bT^+{@0k(edf zSSB{>u_)&S;5mogjLRjc|0-m)GFzxkXUn9F`$UU8&lC8OS9C`KgwiaU9Q1-rQJZpw@*o;EEFCiyqic+(=fD~*| zVLZ|>1khYf-+B;@4o}J~4?d>6tmMuf2OHfdg#qNhx1 ziJATYfyb6Hv_ss?$9Rl$J9WJQ@uS#B+?q)e1DLr3U+MXf zJBa+^gCs4>IYzTB7RazK$F4-kos7lN?t!6+?aot@eUU%1UibM?y2nxv~SIlmf z-X_*O#!l}ZXx^)r-nH8Idf}=DzOI8m{d{$Oa(Q-g^}~%hS57W}I=S>!@{cIxy?rG- z9egc)pr>!F&{x|(rnrAZb?-X5mMp6I7zCIsa7ti?AsMws?C9j zhZF%g@Cifk4dXbK#mX#`IGrTRs0LuzIEQ*dXHKkxN9fQe$Jrei0t@Ai9RcwEcxM5? zCYmuK2CNR7tG6e{Y9g1qt-Y}prGoT-bdSL_ex?~LqXTf4t#rJM6NC^Nbexiwu}wMo zq?1V?;=+*gQuh(u9W!C4c&IqxwOKX2d%BQ)XMhj&A^Qh!zzolCoC2mof#X`*NCZuM zEK;Shhr`BmM>bme1wb4m+5H7u;ZO8LCKU-((0)}nh{KXC*igxTeQ|ht>bE0_r)sjA zc=u47zA@mHeG0g^H!kd7_>>6{I)${&g64V9JQJGqVogKIP8n_U;c0ZjW_xBe8=VWu z+1qCW_{q3D71cQ2X5x)D!mp@^t%C~Rvl4}26a7d@eulev&uM8MhA)vkQ+b;W8cfAWOU+_yHBAjQ@eI0SC`?0f6bY4-H6x;O z?fUVjEAtw472Xd4`b|>Tq?k_G^hcq}B35_Gp-tP={B-s9RTfT4qeYJCrfV?Ypmp-O zs~z(`Yt_TOcD(QTq?!+SpI+m!-hQyxm!D58h{A7M!RrXL+WTv()T4FD#thyC5&sJ3 zOjDby`}kL!uX}BWjtoX5R+aj zSoLOu10OpNDA_@kIxWz|Pi2I6lk+T67mNc=D?< zCAa{f2~-NeYV#!AnRv0a|N71Q{g((T#=M~JXD-u-tfw$y7nkPfNT6=iU_q)X?tDu( z)Z5zjDR5lCvIu8xTMF z@oGJBnj3?$DrE&-NZ#vySXE4Q3|+D&u_hF?MW8!1o!nzJ##)gMZn6(p={3$UythAT zPidquWCos@UGAf=XSb2U#_axZ_$f_RJ#h%e*Pb|6caLy=tfnz58!@vlnFayM-#XKI z`6$gUNC0stPd7{c4p2@M%Tx=HDeqGwH%|)X$+CFcqjd&xld$e$xWW+XBS3|w%GvK3 z)Q$`(u1Ta4^b9&=5E+O=)>amZ!6eb=%-`^7Kk>H9Bw>$1A;okFKlLh|U~j?kfwzpb zR5MU*imOWRIc1kLf^D>%;GUSow9M6Aek zmn|b3GwB88H-O>e3(*%{oGM+1@hZ&kw(+NAQaq&Op|{AuC@)j7$73=GD#3Z!rTO^y zhHwdxynpv@Q_GWP2?g4uF+9& z6N{E0NkFemL7ojJ8|9%A_C9h|&6mN0(z;-upuDZPgGk8Fz$d{GdM$9tL+d3l32=LB zpIG#XwFlej2fN?-I(u4(C>CN?CsU<=LRk_oES7|~lJ^Gtum9Pm6{|6~ag6^HJC5+l zCqa#)i}l^t`q{7Dg-zWvx(E{VG@ye9(4dd(=d6upjL)t0C)3$R-tJivqH$er!}ewyGW*;+ni{IU(b+63x_twhR%1 zQ&oILoRirs?-hg&8s-BXq8Cnet%^l8cxg?@lUN`2B!bYVHL?-^Z5oS39z7etH@8;$ z7>u)M0&*5lhjJEA0CN^CVPVx^uqSPpUlR`26cDy9BuuOe3JbUwq^GNfgMD+8+5*DD zkg!0^X+8?;ahT1KnC;;3E%5O5Jykpk=ic;`Bp&qzY(VW^KW*o+nl9 zc2;#~k;`(f(lVwv^$PYO-6p5P2$!Z9{4}E`V@~;c^!B7_)8Fi>rZ&DYaTT)>* zCGjF2s6meik}24_rTK1XbgZ|~bD7?t_M`JZ5{vQFx{Qj2OqViAJPk`MpW&dmR?k}cGq=Ta=xWG>TKFHpqxVOduV z3{V=>3YaS^aH341rqpK1m#NJ>2uZu_a9RSE0Sz{`dra|YhM`dAXn|bfl{HOVSQ>Y+ z#AvuO(S089FD_)Ds!D~ggBy2Mk;g8(nEKZ5Kx%=Y^R0rHCb{f98~HqTa=HI=2TYkZG&4Nsr*bkdlffi$B~)J6|ZK^2~7nV zjPUAc`oacDwgzgj5l!%w+U+(2kLYO1?7@8+(>59&Y`lTj8(va>4w_*vbC@)q$5;)y z7^{PP*|-+Vd4^_Te?nH$w6-1pxY^ECvKV@M80;ZHc4>B6h`95!<-*2L$(HM=O>n{t zTd2vV$<;Ec>id-VrfJqh&!2eI09BNfEO=OJK$uI|@0I_BnO5tGgz*na4572bx&7oU zxE;SQS`*xQHSp~TrBJ_;Lb(kz zQ=&TXUa?~|W5~D7w31SL}&D?7S9#==wgxKc66Kx_`$rgLsCEdZhJI z6_;unIw#LiC+#nPj-BEnw{aR-e+48Hyr-}**^jI5`oXRv@V%eFyh$fEC=)#}yZ!)| z-XA>@;T}L~Y#WZZd8*U-W<6}Zm>*FM91@kVAB zLs>`&m4lm*r^WXeySIAeFk84gY7Ld+6t3S5p5R!?=)w*HKI}-fIFdwQ%p0N=~c*91tM3ae&dTNaz*cU#gHx0h)+MNGc zLDDJ{WlC`>KIJMsb2&Q}vTSxd_b7)dEc9v(%;ZR(cNfeoqJ_Jm*yJ5-F>LU^Z*7I| z-@8#e+J*4;w$v+WZ;jWU*W7hpSX*mDFj4V0x8O>Z2wG|m^+=U6PF%zgk^le5qhlqu zjgXV-_)cw`jgP|XxN+d|I=j3$67yJ>*{qO@YQ78sYKoy*ZSiEIzVsN`s1sj#XGuM$ zOVFLwtS-I)`rj+9ON+g?W&>}@#In{XRZH>GY_IhI}o}<)4;G zrttt-$9iLynP=ntE3(ZzxdknmXz;J`SlMK>8_t-Q9)Y$IZ|aH1`mXJp=NS1%n$a@) z&)kY&dRsFZN4p}0H0W~}RES^wiQiO_rWvaW zB&ix57fSonnHDeLL>6NUCHHbrhn=qQHUV`6^baTw1CbtI8kWrU0$dmCSU_+)g^awQ z%Ysk#0cy`jf+zp0FP6}kAh@gk8K|L5K^3v?ZA*N?a)WuM%gZb)zldCxb2h#KXi~B= zgKP>={sI?0h0$YjX0C{YUP>BwG%Ycvo5y4iZ{T>|E6N{)r4dO6IpmvDy%iK$OpeSd zYG?xbi}qM4mwI3;6kN^fP4161jj|QWg@VqhfG|~a8pWlsS(C*PPKLu}nc;x0h23m( z0BiT*YINa(6r%k6sm^2kb<3>IvXX?i^%IOH5X>5ozGb4bp&ctXA6`<%WOPma|Fd^} zy=~-1ywCa+MEr10A+6=~(q4_=0LOMx;}Y9v>6(Y4Xy{$a+G@4CCAq#R5B=-~XNFvo zOWAUADcT@=zyYzy;osrTa(?rh1KHI?_IrRu@1Dg9rZy_qRnO{C2$jq71_SB$o=vBJ zdX|l_(4zd1%JdXT$WW7<>R`}!K*)fUkFbK~S7ZL?_U;wN2>c|pQ{KDA-?L7a6(CM{ z%>vh?12Y-n~SdU zvFDZ!@uwfuyccTO-X82;SA*N_^kRl|mm4NK^C@iEJxyzB+3BMBwI1!UqE;9>_6yXz ztY`F_BYjJJZLWlK>|(CEvMvA(0fCxaM_JpX;KjynzZ#G>dx4LV(~UjkPjI{Wj>k42qSmFrXezE{?8MS_;0lOkSRYbvlkkl?oa$%DE;;PqktDFz54=D|S7bKlLR{ z4(}1cElFb2scK^*f^T@fGDk&?sqLD4CG?xJz7^6X?>(G4R!m@RQ*Bc#(?}tRLG+&# zc!$5^kvaBLu~2d!E(QDUZ{}n3OiHM^=#(h_{+(&NsMR${x~3LR;6jDUi~{UMIJXd` zvu-7Vy09{Ot{ju2OMF*x2@cLBui5j%XYA$1d|Q+4b#{6&n^JGbh)NNP!eda?Piu8T zO@U9+&rtt%!176aZfmpscv-VnNcQUI(+fo6z_G*grR%1jB>FA?aNb@C`4wlN!~D(^7y zM^T9rC&r7oIbu`w;OM2$mP|3#G$s!+ZBK?hCLYjJf<5=0I0Z+bLMZk$;94bozAlXs z6Xizi6z&^{?gWdwG3%im->}gp#|P?k)l_k};<}S&D|-}%7M-P*jWh?*eEw$ar}{Ln zN+5f|`?mS~jfEFlde@B29C5Gxo9XXIAsfIw;SToLl!-67scGxZ=Wi5s&VvjL2LLl# z)^lAUz|-k9aJJyYz?-;KXv|_hQ1iw?!vsw`%AbP?PKKP-uaO-U-keQMn-ndB2@2@7 zmm($b?lW^doKw>>XP2`H!iOm^WYLTI4I+Hz&>kVR0IXG}Lx$TVl1Iy^X%S;2Y5*gyxdhs^wDD8WC>2oiaO_ zUqz%h$p1T1xo%@?5K5DQl(CD;`PmUWu}m1_;O8E5X8$0CQ3*5MEf8Qd5_vF}&6-l; z4!#rc&7dCwzSi@9lKX{5^Kj05XGX^Qy3s zI%8|h3A5@%90JOU2kcGN02MYxxcG3s7_JJ9yzI2)Ju}l|x)gTSiJ}_><;BlHyA*6r zgCZMU;+99rRGJEsiVQ7nnzNVPVgXK(k3CWBlGnAU?3{P>{*@vZ=0uNrOxcAU`IAv^ zUa>WY^WI;?3OfR zVxrcPn6Gd1^ZuUf`5G_EQX3nG1i@i&9W>F+#NFk0y5m(msel*-9HbeKTJn`8+wQli zCaPky&_H_tSV60i=GZcpuKC!+l?QiRoy$$@Ae{{wE^8D`+8z}0Y`u4-6t6oj3!~lV zS4!k#pKlx@{ar;=4B(`MmlTZByWhE@mkIb(;T?jX(&_2wC&3xyP)WJl3kvh6+Y)rM zegEvaAN4?{KcLG3dI^tC254uDF^;w~)TYADf_`peT<9&2x;nc$zs5{}%9uqdhBYWc zG!%qo!{dyuZ_}}kk0Jhsrgx$IhJv=?Z45DPd>A;dWmDm$CXK^`sR5RC;IU`6P};9K zlrwN`!tx@xj;{ozWO87%=!C_+lfl?BnoVFX_1($$Ihmn9y=M+w$Iv;mXg!L`^RH1d zCTQ}0VZ6f6apZ9V6Vbwi%}@ZoO2!kULIAMgm=b#9{av|s?&e6kPu^H6vuGE69}}+B zm}7HIVV@`#^$|#(Lr15ncJ8wm?|7viM=PZ(4cUy@kkJ@=_>VZ%H$Ili*ees$8M83s zw^uSq_Ki;}J=Fbeb6^Q zdNjTL!6fdJ6P4!eOk6G2&EN~6uQXB&twgm551j_hUA&O=oflwffUQ(mGC@mQ1wGCJ zIbSGv6`w&?L;Fw)L%7on8+A9DLHRyIVV{q1o4|=|s#xlpD?NzX{ydRnB~03i*W!~U zXF!-``Ld!Wx|(u}l^;F0>P}7cxgLFfyr6lT3+cEhnp$1fRXpW>LdhVNBulEdr3~1% z{T*4r18VMvaNna#uyMa|G&w#&OnIvF5Ae63rRqG3DpbITyM-=%OsB}swbHr9U&be)=2?tsZdrnt$e+j%b?puBhCO=2e)K<4f9CUI4}yGOz~B zBZ)N*zI9Z9aw@gMCxpQiDM6oMt64cMY_O_k+5xKM9wogXq5J?Hy;nsqUZR3Nk zhGOrzjo7Jy?K3t2`aW9rL)Ncd%FllFA^8!K)c?o3Y2)J|5fM*KGEDIpc9a_4qYU<72JI{`fgL-g?~R zJoVPKwN_#SDi#$vem4svb~*)Ge?2?S*x3mK7fN$0dAl5vAP2HmVlzj2d8zp1`{|$m z_~f4M%sOxjgt~}-i@Dyw8Usu8m)Vo}16bbjKHcdP5FeMpEkF!WbPr?u@!N4Hhi`OB zSqag|HyeBVb4j1;ww|khzJT=2)DaX#^~@5OtERdWfQ++4x!C}$rmSyS*ZSDF^DFds z+Rj@y&oGk)#gJP*4R$!q%zuYRKTLl(90xXZ=DRY?SfI?vYKkdxY*TdpJ6eWUug=VC zQfZrO)uR(z2%Rqh8b74bfjXy@8CA9AVqwvIiFF2t9HLmzRoK6B3Q>t$0Bi8JwAX`* zKqx)+4#W!2K+YA{OM=+KfDcf-I)E~n`PbvR;CNStt$UO;ZCjP-)`mPD-Zka1^SMM@ z7UVtDX;TLOzoqLQhESs)b7WQ3{^0zZf0(M#@4h|Xo^Q{$=iBr3KK}^-0RR6GfFj`l G<`n=BO_ZQHhO+qP{xnP8H9v2EM7ZEIrNJO95Ii>j^KQ+;!8531hkewrW} z5*6q_>xT-6#z<0`(L_>?UDk_>&6q`<(Nu-aN?V1CT|r%)T~5Q++Q{D2OI68%PtwfR z4(PJ`!((%#nIR|lOG9?ug=CzpJR-YjS*yMMeL|`NZF9aM$#pxtX9W=xpaO!4KPAY# z`22ab%jPo+v$rRtB_%(Lq~2+a)HlNWa(QCGP;Ttu%93y6@7YsOoMCU7<9DC8I{$B- z%;pXT#Qph`@x#Z>#s7Bn`gS5Qn-g&NHjW{Yi;E}VMR?+%KSlvIy-o#%zKYVU)u-e*~P-T3-k0m(! z9q|1beKP&^^L8>C_wlpZ=C7b%2Ug82=J-4=oV4GQ&Hu*NuJ0t(Mw;}w+o-`n0i*O+ zl_~`QHk;_flpy1Uo69 zUZUdizYjfe9hc8VRBmXF*ZuA6A{|A>z|Tu$s%N%dJm%TJMTQZ*Dy)|x+aSzGbo6rc zp`)I{yS%H%1ne4FAmiMM3`kgVjX%5sO-r?KU8E2d@Rb%PSqz_~o~+SSW+qb@S8xbQ zUsvceiKd=x@%JUx@|r|(Pa&Nnvs_=!AoJ}{C-tByQLiFRN;`oZhWM@fn_A|{lZ>n| zs#qcNZIw#NY&dXEt5{SXO~Eq7P791(! zER2#@&69st8>%{o%t!bhr?O>%@*MQ{B1VoSVGi~hrJ=;y41WaU5ux;G?khM>S7evr z@q&w{?#Wz$%-fQAE1MAxh1h7&IMpUMr%X1Z{eJqh`^&W|SwWgyOpSbs;kB1hc^vv# ze;hgCq)O6Ai$;jF$?EVm#s_Dm6PeWHF$Jl(opM>16)8-%t*lOKT>7-S@U2GwF4^=L zRf~SQh_GvpN1VAlQ=9a4S6QmtHj)yO#@>qxnok(8<re zJCzn=&PNL$ z=yADP;9%lOZUB6!PU`7?7xhAnT$a~9`W4JJ!`Wc7;W|}96gm}MHsXw!)3ggY+VpB^ zQCY*(@4VRVIqA>e{2EV=v`Txn0f~tr z^~%@us=;#KAN!Gu0`_`PMOgUvlBvZ~>XlmuAVWDfPOeklu*^)#rIREwj!@N-mq6>m z?n`T*e`ZyCAC6NC8%d39h8O1hbsh|_RGy#n5Y~?cwzcWqGGx?AQVW<-a60%gS(xXTy?u)2#-_M-QT6!ev8pk~IeF1{Pe0+NK~k7eE(Ve3%Nl!y~&y1vm5c z?eVlIiKoqAEl<>xh;5g)le$zGc#uGwl(A_SpJ6_=umhut84WkDRE*&zt2;=1xr;@U zX$oSa+K7rul_e4H-|l3juv$bV1Lgoh`t|g~8T9-1)Ys5_IhP=*6Y@0rvHTrMA#P

^xoKi_BhtdYzQ^X->TMh)35(<#v?G zu2Zp?y;bnk^~D&-T;X54m=9A<1ImM)jxqz<28Cep;Gc8)#zK}tL!S<`N-A}Lvu-n3 zyWf=dTIGhVv@qX|g>=wRruk*XT^^0LzM>Ztg76vjX*GW*wo!_~vuY*O zfN`jYlO9^G!!c-0yVMjdzWhd3afZJq#|5_W%PUcFR*HAYXuQliNBe?N2*kJIng`*r zg%(z7e`EZk?KmhMOZVW`Y%XP2StNU}%wX>0y1XV4tLR&JUP&LwcEc_f^02YEGJvlg z&c|n}r4tPn9)|9U)!^Sci8A?~rWN}<65L4JY#|a#N>)Bb#W2=k3iJI7o~{`f{e=zt zLw?-W^vWMhMSl5~E+@7GX`&IBi>amWcCkyD@Hr5451njs)f!~Ct763xiyMOs$4+Vb zEF!f^(;DgasL^7x)yv3%z+qcgr5J0G>McNEetcFUQJ{PK$IAHoY3bYbcKO?O!|P}7 z?DDp>aopf8VtwD1+3zLy=fdOX`E2LAe^DUj=WBAYHQ=?iIs}s-AOG+$LtJz}7i&3+5ZH7CxY&zV~oa&52 zL5p8PC{!e?lrw$>hAex0GV6iGz@XY~6x|c+fyEyq+i41;-a!1TKRO&XgWJH*_90!b zV{Z~#PA{J`BeKENxjLD0`fE6a6larY#lSMwFVx{KSe0>$Gb8&!*&$0Vk5)W#B?Ho@ zf*%};E|@4!K8|9yoefh*(mZJ-RAF89A`Pa;S8UZJ-ZMJozNI$cT!#| z*5-RtfIr2_zENyp6x(D$(-pExv4mi^{ULYsW5+8izMACN_FiN0;opVmolN&4^mJ(4 zM3*_%FMqI?9~74MdO(6V5wu+O$@euHDcnYwdjz_PQz0`rV5XEObC`STTeYz~5j66W z8?!($(A8)e^(+rR`v-xobv#|yKVI$)nNNOn zMo^Gi-(41keRh;%1>SHGPvcxzJj{fes#aV8&;dGy$5dE&KWEW}NgA ztC4NiVa>gY@YY0YPZ`habvLT#*@pPL9S+{2{**fy2Q}qWn?aVEW_F_@^{3Er4T?0< z70B{aZR((cELr!ympKh;!q(K`Or9~HV zl=Q1|sEVf#Sl+xO*LEM2kY{9smdBOy?bJKd)0z3i91*!;1NrpFW9 zzw&-&H-p;Em(#IZVCwK)!trB!^udqbu3u==oE|G#?N-`|)HM5T&*Q?4b5<*{jJ6ji zJykh;X3M%uNj^Gy2&f*-Nc2DJ<;K}Q^%CGE1qNm?LXx_l#hkWx3md|;jOJC_blI%c z`UZu^bR@#6Sz^k2SN;>VBbt$U_GR6ci9Qc~TI7WM8mUY-)r_KNmCj&h)-pdeP7`>V zEL951ro^}z)B?YSoiy!U!S9Lk4slTQEyDt}H5SgBMicaXVmmgJZZTiiP~luhH-{?gd##@!OfE8c5>I}w!Hto8huz`TWG~e*{~!v(ik<=A z1Sd|YEx_}3@F1|`K^s3>|EL4o9-A>nJlOE1ZFm&%?d9;gz_(cc4I6+Ui=Zl8#OQ5S z*^Eyyz3oMWM%O3bxOPRd<#c8%@<(CB)V_omndo-^%C$3EFX@NXzA0Cxpj4aIu)CnU z&eXFC`$B8AUiw^u#^vjJ6R%4V$%aIqi@{U>xb&#ZrTvt}8!I_FOO(SjcCS!>Brl_# zUM552k$WF8qi3%Qw;@Q83p`kz*4d<+0uBSNWyy?cf!fF{6CN%{$YIE35!@elExL>w z@mWYA{o&~Bp*7ib#*p?;v_=`BM%PCmT#V`uZ$-uM04>eiytS|G4_ zxXC17Ii*7FFZxp$+lXQiSbI2Vn1dzx`dS6G9msGLwZq40XiSYJ9`SfkFX*Bg;(>@ymX7Q3R$@OO}r$Af+6=C*_ z(o$NaVd6unXcrWQoLaGR%8gf66`clzP#S+8|F8k@xKF-JQ$@2mBX z0Ck4dpY)y*t`Bkz2$0Z_!&#q~{cj2FZnwo?zR%~<-@AQ_tqKS|(ARidE_s3xjxX%*{idp=N-cRaPlJ5tJLxG>aW3#uD=%+3?J1#T}jU9tLa%C2A_m^2A zXA&TM3?Ls*?p^+ff4C`Cb4#qoi%joJOC3rHQCCj0_pkIQM?!uWVyQQAs(!eT8s|)QXQc{BtI#K zd@h}N9eQcSX_XdpF>4f}jB#9yjP&h|Tg7o>a@9Yz=kKXI}63D`bk(5$u zZB4~#9QK`5m?(x*sU?i4yV5&`Vbo97aq+Anp*3UWII~nE=qv{knAL7X9tm+tX@f+X#A|a<}avVAN4d zB>_%a7^#^Uj&tt7O>09s_Gdh)i|;Md1aqFW=Fy+8PL!ggE8_;+gG(HWez6zq%JkTUE&gQc{4@qraZs%zo^C{{LL5 zQHlUwKE9Qo2@aH=oHX`bQRBW_@3OEvCG|H&zg_YTW4v85t+Et)Q;ixV*avB9;wW1a zygANRMVCbK_=N@p`c(JYho8+{zHB*!p7*t)z_v_qmegm`e}4k_<6fqr)xxK~RiY=j ziJUc9HrB(k7dKWMVYz1B(sgdaX)@}{t&N`8zPP_9Iv>jL517^s;S^P9>BCQCO_igp zRm#=kAyfWn|1CGb-agK8Xd>pG+p`DM0&8rz~RWiQxdPoccFb z^;DDPt}&9USpbsgaYn0W{Zv+k;~xJDJ=kf4Xm@nAregK4t3GPSXxXjyRJyIPEUaYE zdHOYoj56E84~&aWtG`K?CPSn$f_xQC3w$_OETtDywxZJ32cDKf=Kkh~S9b1h?9NV5 za;#9*tirIie1l9SJE_DJUddEFGr*8AN_l4J0%^)(HwKrFOR>A%S?M%y}oQPIQ`)keoU+=5Y>3tD3o2hSym@3|NhNzh=NsifJ+ zQ;QXek+f{#=7_`Q1W5Gjm!LImJ^+U`W$aO1&&ir6!@w1MaUj^Z_$Hn${ zbR5#1-`zWV7pWTi79^%PaP9tB>>;|!RLd2p%g)7AGvW-eIR9q7Rd78emAS2Ck=FN} zzfHrofH`0hH%Nw!D&Qb1?zOlQsTv^_!J@m5w#t0x;?>*)bXFcVrc1Y#ifhq6_vyQV z$e7$*@3Mp=p{2-UAM9rcQES*}8>WPJbVDG{joq#CAi9X|H@WJ&*ow#LNu+ov8q0C8 zYblA4QzQ1#CoS?Vn|p}d|JzK)^O$S4GWUi^G}jGTWz!Ea7T`1oXSGAX?9g+ z@gye<-YB@vjMzxZaa-4~`-<9x8Y!fKmW0`oqnM*lkhZTOVHEz=?or=F0{tcNfhXb- z^=oz5yvolQwhrs^sxn(xpmT1djFf~-GY8vCe$=0e8f9`ft8*S`>=t z)0rha6R?nfan8A-;dCkAz*4+BH!5VhULPQ9#p_|(b_w!1JJ#NKGO))2P$iR6hdReGL`Uyu#K|F9TfEgK=WCvSz%rN^t!p4soKuN^Hnpc;4gB=D)lxU{Vnn zBNI_;psR!pkCMp^Zak2gM2x1+ZA5m~40YCBeY)7F$+-!Tp+a$^4<8X(5~np<7C;8p7*bu1+LoFWF!HD_nh9lD60o z@Yj`Q=ZvEzw?$q8L;3KnSSI@n87})7!O}mx)7TteiDr7@9QJib=Z#nZd2YaVH2^*+8#kQ zs}bM1Nsf7tZ@(%YpHwtQJ%iYO0H~G*c1%Ri5ORaE~tNDu9wGysgC8peawh7u5 z!pcIyDuvH2P`)F%8L@`Si*77~;^wfRW!&4UCkITNwy`;Spg3be7P<+#iEd$z3w8=s z?iY2P09rxXkoJ~2>;ZBNs);J|HEZi()RyzF1ReU*kW|JQ^V%}?_B?aohfjQBdhV}N zZ)!_RIB&Y8IMzceR;TqF%tO|OLgSW*$)x7qPP3C$-BJ2P`3f{LM=(uXb2Bj0ry(V= z4nP~+K)IN%TLS%GN>4LpL!^^}84KiD3vF1^*A)Mi0v=f$3onr|2~dc5aWPeydzvNI zEw;AKu(>SZp_EXEf5s+o;W;{;4R%H>azbtSLHr7VPCHCxmHyyRQvQ)Ivt1*%AbS`- zfVT(dQG*5knW)rpnWX7_lQ8BzaylM8A2+J8pUcTzO*?v;(*y6CrTK1P)Ik%W{2L(C zs2aSr;B2DOi_ObCVlZnhE}B_%ebN`C%{sDV$}e8r_VsAtQ_opo)>Tn6R9=@6o@}X1?`9+D_3WH z>}6iN4QHCkfW1;(Sqjad=D-uq>b3!l*&akT)wr!9NjKHfw(vL470AP0bcr<-J<21w z7%IBSgyoo<(%+*;IYiYKs`Qb;eIARVr3!s(RPR@kj{Ky8ap+XeD5cF%yv9uq+;QG@ zOIL^o0Y@WGuv;H`q)MUO^>1Hd3}u1@T~ux0ixEEJ=TCXCrZM|XJ8e&N_Wkz#G-kruuItMDeQ0u)dt?L*6C=k)Uu+y*!8->F!P$rIvZ^yG;t z6i=4Sp6;?$^eY?v=iv~&jXg=ZdO-?x*QF2O49kC+PfEdC0YgJM+n-^g&1L}MNP?Sm z%|Qu61D*pedo}ufjMay+k-Gs7%7_d@16Sphgm&v4p`Zj<{y+}}=Y6$lf|2kcFeKwc zy<#NqB~ zJ)Rytp03*#t=|DIP?q8xXzc2)L#x-$Y-SJhmOc5%FkoOG)EGBu6Ak|v!3T8HnnCEG z4|W~;EYRtMF#7H>jH|*2-eM=PzQg8Jmz{X7Wj}6+hU%;l1>OD4=~|FZoTX;Aj81d6 zLAg96S2GP$p`rcc!N0&2n$KLWn*K7+iKx>Zpy)pc&JFRReoo-@8ri8b8K4W>zww5)(mgA=-LH_&(f+@}>Uz@IXl3wGDtmoNPnlGRx-Q0a?LcM5) z>I#HL!=EKuXLZMn1iUAa!{n5s4`Cgo|FZwq7VrZeU1MZEqm8qxhxbf>gZH*vDOP2t z>EphR0BSv4CYXph)5tD0{+j!c7q}KD6chxf#V-2$1&3z}qLR;b*l#xo(>qcvspO&L zu}}pqz~ycK(99g=Q)o64QtUSRMj< zrkyLvk=TGdKz_dD!VMf#yugtTHpOnxsC|`BVJ02oT7GLw$GZeX-XTu-E|t^TZ1Q@~$ByoBs^;zvCai)t0G-fYvxX?22XvDP;z{4k_M4f@f>zr&JJV`}p-n=C z?E}~Aq-HaA{Bw{Z)9zY+xzoLTfuF8FROm zfBT3Vq=xI3dJX97O#>Ij+(g@=_;Osk*BBW7JWn<@zKE<+VAY9_2jYqXa()}D32j33W)e&(# zPvwabSr^nqc-*I@Kd+6FU+{84MFwvi@D?BO0^4{aXM02F-ARkqwbM8~CxH`Ev3asL z`*hk9v4;kWgeA+2sXEs~Y_%+kF|i+qh{zU`>gCvu>_%@OY-zc(55}!Oe{% z$h0nbO@K5rw_}#zbBlw(#?Y%?xQo){Q9JgAVQgCKiFo<23t={T>P7Ts(5v zewRW>k{8|JVR59G-%ZqN#3I!SnkiQX=bLrZlR^cjp?OJX6Rl-ZHks0fWf>iKXZubZ zMec!d1m+r+v*Amv!A%?`1<*uY-_bAxK;UJ{(Jy;p^i{g*8^7xqrN%9R4_{?0UeQPC zzJTDjD)pK>1W`M9KOFRi8vT%&u7Qa4ha_p+9B(-EwVNbdlSCD8hHk0oy*NZmc@c=n z4o^yTmY%U~61weaJ_gUl7FBL7`fD_3jTf4)q|w?yB?M=}Kxk%KCuS`<$|DOZ})N2G4`!Yu+Pblg&}W8 zxX}5b`j{Q!>g#6*pC5b@UT1dTRiiSU3(ejyUqn-RK@<7wC4J&lvpzkT4qGDT?jP{q zg4o&Fk*&uZg!GBay}px;kO-q^={RF;r`66@s5C9uFfv_Y4kfn(Lp6kl8ZzIy_vu!KRLZ?BvGqlkbL!zqu;*cZn0KX@N`NwS? zP#%W?2DEHlzenJhobLDm#2K^!Dy{^`)Q+^Ejeul`+^#MrqUsJB^pJDj7LGi7?tWgc zM71r?yuI5eFO7&G_909voFVBDnZWhuZCxg}Z&Q9x?-2pI@0VnXeyrt1=v@YN)!M~j zyA>Z;+Fa;jOD}++)JqtI- z#NTNLbO<@h=8xu)AVA7_AOS>F;SSc#Z=o&D(kcGa7|z|4{3uYCrm2~Tn~024FZ&J^ zVK6T}f2b`x9tJIx@e5K2ta&*j*9v3)A~!d71pUA`W)~z9CiTeT;jQxsuYQi0tZKnU zotiF6@pw^@H|OeUveE@pS1_e-^D06x5b{XO*S6;Y&S!~waR(8iTIZpjmmXyp*<>>I zyl~h=r2$d7TlZSyfM*p+7FtUgM^lPMyU1B=_omJ!qKzQfy~`*XPndG{f+3s?iY#Qy zzrL>crL!Uisi`gCWC~n-I2EoI{<6eyjyoFM_~xxzpZjJVoKFwH2AMRXQVnXPtW?Ib zEd^My0RB6A_!>xfu9^!J*4cUEru(o#>{`p@yWe*Z)DEgt0qQr028dbNEZmjd)`Zvsy*yur)C_+cqbw z4_Zgd@0>rIZ<2nDP;21t=Vq3~RTtjD;HR@7tR+Jp{KpOONYL6|crbIs0G2gt=}BHx z*13yWr|%G_auL)MtHKud$itGsR4JreF=#xf80;NmO)*c4-1{C*rw`*cK9NN;BnU~Y zTKhq1PmnAvs=QyVw?-b~u`nfOZ9|0V2nI9Aj+5YrvhEuA%9fps`FYHI&NSFME}W0p zkdD1(+Owhjfp+=S2Rl$|YyHfhHB9$Wmgo%3R?WM7l^7w*8|O@Sv-_}lDP`l4$wtzQ ztra`_dGqr;6H4J$52<44Vn z_AVPgpYu4`!kX-e?uguNt?GzXA!puI43h?e4-Lp}8_D+SdVZEM_**;TcBSipsZamH zr%MH9vxb`|u=6nlM{J?u6c@rx6m3N9=1FO}Q*7Ru@P(>V6(bNVu~Qn6~H{4hmi+OMmGeJpe5yCuVXBv;?Ou zW+xZMtrWnI=EMyLx3iTfx`lSS3VoZtr3wf2r_I=Mc7353SOK$)n@T0gB4j|wBbMbG zjZ5hw{SL>J(ye1;+>bel-+`fsl~$X^A?UazmFFlcm~$=aS^6T4=yc?1lE&eu?)l)K zkkMLiqQY>K2-Ea?D6y z(`Q($^S)wDOeX1sKLwd9j9PUBQE-brdb(`}TdX@!q_fz0#j5LGdb~Cigb7C)KngOt zhYwp9u)5p&LHvaFI4`SQ$S+|(P=j;ozbzsi%_pXua@#!o6KdXXiunAiEl*GGgz-DT zTx(_8Sk4U1XT>U*U!lvYvkpAXo+JZGt${Jbd&XU+@3fYO-4tQPygrrdk&%P-)Ad}b zbJT9-flPP(mcY(W9s}MuiuZlufDd<*N3jX`5CvIp9MeD&vXElc&pEORQChqffdxIB z7S^G~DSl$-a#3XAh1_x`ZEi}WC;@h+W6wWeRL?%~+Hsm}2zppXob+csmGPl@;{zNh zaG_HyaE~&;|FKkayk}1*uK1yq46l2zz)Hqul9 z{D@vQ;_+$~%Vy~$58ci}qaoVJ7yK@BSYq-ahw@RlgL zX2oo_q^&)+_OG_#KmVwik|S+IZyHbN8lH^Vw}u02m<;zcsFguknHwuvF?la0r+hW? zzA5`5#%9p8jsH#cufkOF)>LGIOA&DEM8D-PFIox-8W=;vj6kYus>k@Wb_m zSU0CR%o@NaDtl+2{2vX9**d5hMueHnruWITrIX z^}PRE{NsS^>Gpm1XiSx6v!;JVqoGc$AU7U8H2F6Q3o!?eMU~3mSudlDOS^3xU2}y8 znMj+}OJa3PhK+SQrfy|03GpPN6vzna~Z$s%Bj~8HWC;xVgxUQ{_{o!MY zr&-sVtxu7}#jhCuOOKw15bpB>;P5AO?>8qt>*o+(v1hqTJClQl=ePjGAIJtkcehcu zE0JGMrA|=V_5|GXl*grKms&6r4_4x(r?pOMcAo%33l9qGWtToqwSEC?(%?I&8(KW6 z{=`{i&t^u!bB>@W*fZ$&+ga(YjRt0l*M|GvqQW@8>{WfP&KJq2JM!l<8WjFn-lh2A zQq?2){w^C80WPb$_@`r3Wl)UM9gGgHn=mu=ax=(V=U*-! zvcf|FKPOf$?i^e^0|LD4fuHXVx`H;aXN-yd^@`N+T7|ABUT}^qfDAgrp8bEw4Irzw z@49>C?y}x!MK7hr zDK%B(0qU1^S1vME8Z5c|zvg7?LD$cIze=WY_ZJ$A6YUC;Nt@asH(x;ifH;9)jOd22kCw&n9J-5N~pZ$za1i!4(=Qs%1yD86YQFoVEnEeKlG&13hmoVduSapErK9f#Z{`E5D2snHSK9I-v@!V#ckHMG z`#04tcBjP`wVCjb{UirlzlmT$VW4xbHv7I)W&~9I^>hhf*nZbgKWW}AYHq(w&Raez zUSY?ILsa8(SmWN4r$<)TY+o+W7kd~A`6sP)cJ6I5yg$SA@&$kPy5?$&dN*WCABbRA zo2sE)e;L=wwupE~p$al#9@(T`Pa(pS(t?=_0PU^S(^q4**FyYFviV96!jl34OUR3M#V z?g~w30BK_PQS;s(+nS~tvBt>??47u>2NUdA3i+Tzz2lPWf3&}(^OKj1B&QW$1ei+clx?}3GHasSu&@~DvmR|#S&RAw$%~>B2w+-1ErbAcw1jJMwsI0Z`jmm zn1}h8o?xt`-=*pLmBHA*V-dxhhg-g~aq$5h__MHt7JmWBtxH$IoZ>sek$hSjQKcD} zGrmR1ls#4pUgXv^42BJ85NdtgR%Qd{W{YTji1|YU( zH6T@*-;fn63JB(Bt@$)>su^55+y%M{Y$O=>Fa^4&(+gTh7i$1MpFMhPn z-Qug(EI0|;7xES)mbqWs?tfj`7YrPv8bEQjy0o)q#2;dfoqc)f*S)La{xW=NSQO&$ z-9$uy*Ds*%ep|$t=Mp1vVTD6BZq|D336|$UMkNdIfG71OIFz5tsYc;GSGqn)>VuLM~{jy>-FvTfzI>Z`^LYGOAhZ^WGlIjqqtQrnm*3v0|FMya6(126^pF|F+ z+b^6Vy5>sBc-0)`Ve*UvKQ}}lL4UDb&s zvxW!Dk_lifjOMBA_>TFh@?bUnyv?gOK2Glh6MK&Z6sG)yBvqYHqy_ z3+|QN{Tu(|Z6(>3zO)2uy8}$fh(|ITlbFbVfu*x zY>tiDVmV>?aylPXW?uDJx`qo)vZuo2cK??vc>S`KJ(-A-IrPJYxDrFrWg;6;0=UGa zRdGOm6b1iT#Xt6jF$)uNBaNG5#b?2B-cUv_g}55vDW=%fWyiV>nC-)l(KN2fD-Dak zkPMo^qVudz;_t;<%PMzwuwGx;I~@qFydvjssIruT8P>EW8LI-m!r~=6VYOK2O0J6V zSjvN!eNv2zU!QgS6DQBDz6S4!YH8}-c~dQSGg9i13m)J;B=XYGk`^*y&|GZ&N5Oyw zTVrrdJ-&yYhJD0#vwpdM1H57~o{LD4u4@{fm5AiO#LZV6Z1B=4YX~?i3UsKi06#+A z_DDJUaewWx!^1=ijb+@!nV#|G{eF#)AEkL%U6xv_e|t5ZM@359rf?fDATNXF@*{dzP!7cRK&Z_u%AI~;Xhy5i9hjLG#^}fh*yYj33;DQ1= z9DLMc;a}caO+A#=cfZ4rr-@_-LGw62gHj-yfb78Mh*xQWIqP+Tvi{#YXZfD!FuQ>IL)QS1R@kREazCiGA;Qs*UWEyTFuv z0J_R_1|Pb=skkoi6~Z7*kUZkQ>UWcUoW4cfsmZVI;olSqKDjO zSo_a6JZKWUWQssk5X~UOC?G%bLA~(!_pL5LrpV443<=#X3bUCft@1q&m%WzgeUuW4HiYgXb4a9gI)r`bT<2{ zQDc9LsD@SSw^+`cu9GtoF_>%FICj$b{z_x;F3;qS&+zx159cj_p;xTdq}OtvByB)m zg?y-=8{(!JLja8X&tWBIgJNRElqst|#Ed5+)+rAjG_}jgO=2ahS(p#wqILsHx&RU8 z9ZhM_?xb3~#ntw!M5m!&8IGx)u(jBm1ecEWEsyY8t(nm;fdyN;7<1Bqp~Hc9K43i5 z!=7OOUO|X){WzgckGzm`pkARRi8(oEi<|zG(!7vwhJ6u7x*sxLD9^9^Z_qCOk;*wC z_HzeE1Kjum&aIcgRfeOWz6*Z;NPNIUp9JF?&b&zDekJC0;%Pq5m`Tv8VlS9J2nwu^ zFQ(@gat^G_ThJF)iN;_THc#x5BZ7qK9RAv@5w<^qgT$_L%!jbQP;SKAbvG{opD0PN zXzve5Es;KAm$x60=hI}6r`w0vZAY$0kpuWv%J#Cvg26d=u_aWthN_*T5Xsr=G>cgd?VS2=U$sSvLvAd7@ZAWWBv4y&K7lY?hYWdaOP+J7| z7t?dOeJ!j$NJI-yc+RJ`KlWndho_CVCAY!M41Z>i3d!T?j6=OFZ4M17Dsg!hZj7ZA&< z0~+kPYdyf(I6a%iyY!5v78b2|_TjZ2u->uD&xdNV6DIBM9WmaiS4Tzn;bQ>3no3M4 z#769U%AZQ~oMjo%AhQiBX~8=`is7pT%fC44>_ybHS}1utuI~->=pzbw3e>r4V=%W2 z?@?OXkuKTRse(&Uc6AQ5y%7sOF)8qxFyTlr1{@y?TC`9Xfpzpt9)iLUQl{+Ccbg1| z>{zyEj3#*IbkUdo^?lAdr=q}wZXi9l?`qbE%Up!@J>iJ+?0S{rJ#0oQ209_doxaem|gh49#Nt;9P7W}6yu}Le^7c8M4NmX7Np`Q?6a-I?o3c zs0#R!#BC8UpY=l0DmQ^_9`gOd|0;T-W2GSWhWpMFg&KF-(;CUGXjg%zGt0brehJ_Y zDu?aE%{M=8AFJ5%)~7gfP)1Evbts@xMYZea`c99M{=GP89uNx5ZDP3!KNh$MZp zrG@9mv*!$|*k98B^kcF~>&=JPkB8%CYpexE=W&HQxloP8TAb|Ed+rk0a`2i@_&ZtAhbCAG?CE`nulnFtb&M5X^cH1W4O;P!=eUCJG+QhJ@jc zl;9W%#pbSAC!21Z=8_VSN-zrk#jR3j3vP^1N(lfmW3AgvDM} zCC})N^7>J264>mrqTd&}a!@6WL^3iDC|{DOY0_GghYn-grt*dqrtP-8BN({{{Z(@zESC*N+IHWzrid z7Thi)4vjq{Wy0SDXBn1hIBN_3 z5(@pZ@KqwFsWgr|h!nMHL)GGXqWD8Kd0xuXX*Q4RyBOW*NZHODn+SKwz`9UGb@T$^ zG=$XQ9^z^b5mEio9A^IQd07d0uJ#|wZ~K>wKm{+Ku>Supwi=1C%75~ivSKX!1GX+0 zslRqWPRPWEkK&CBTT5~_%F#z%Lg7RJ%jZN&+pHk4+r_1NU1b7T9+1%&tQ}NY8bsjXGJ-(B&FJB}KX7AVYS^*+ z!KHpou(vQCN6Fxl`Th8zM14>Rj%bQ07sOW&^XWSlUO&>~x|Zj%lN!x+Q!COo}as zS|lzWvDm)!!W5cAmWQvVeU=j&lfLL?&Q46m_A9Z8kVT;J?wP%l8>fAbW~a}2QJREQ zWr^>G>8S^`ok7}xQid41Y3cw%rGiq+qKT1Qy4m<&LGm}-6W(-@XQ|qxtqKjLD-cRR z`K&CcIDRIuMhv?78B@m4eNe++?*88c3&-pR?FnVxPjO!CXZj z_5T6Xh!vYYq^lluEZ;bdHNR!4BD3v6yM=!{E{3Crq-+Ws$z&$tuUH=xmsb#h>s2S2Mzf>+$zO^Jf=snUB9nHDVdau*f*DeH^GuSdVnI zQ`C%(Un6gj-MTZjdg`9Gie4wp2OA+o)^E}R1738kBaln{M9;cBvPDekC+pnUt%`@Zz6Pu0W$b}%RfnoS>TH{e zQ&7Dk}`~{`EqySyf$?9URCl8&Ym^Y`TGi-MyC-@fEqlRwi&`djT0#3keN@dekj;;oi};Wx|=!xL_M&)NJ3{5*uNk}{t; z3NPJV?xxCO!;y*iJ#SfI6#|KR;zJe3zL^ghW>Uvz-a7xvn^2p<*SG}^YU-8P z3UXPrZYxO-y;wo!W%`DP+=Tq$svaf1Wy-YGea@vxhoK)3JnjD= z?;c}iivk8sAKSXey2rL{+qQ9!ZQHhO+qP}n)|~I_o^*H8Gu@M!f3yG8-bp2us#JD% z)_T^v#>}%=cP2%mE`!%jNt$6!JxIpdjUXinXyiBR6?(oJ?`WKf><$0qH_X8XGCjsQUIHMGgpG8+))|;%(el@_Arm*#MLwS^j0kC!+KLq6jpDw)J}MY z?SAkYRkIrx8EB7KfhtBYSf2$+B$c9GlM7U_w5f>Gn~^Al??tJX_SB>83~Q()+ButZ zRpn*q$cE$Z3so$GGW5mg+zS-5I7XnnMe5Is?>M>tBR&)VWA$J08FWr0A0zoJ#cZ>f z;0Ya_A`@t7@3&H@0g|O%27Ra`okFDiSnI-OG^PE7@Ug&jR1Dz=3}lz8QiYZrqo12M zJmQ}$Z%48oT#W!7=%>F^uGls_0C{CgP>mY{eZ(MS->sLQ=@+ZUzf(8)Ak_d71C>YQb(2AXBU69iN`#Fw(^TY0wA>r2o^PxrDm(u5d`n z%(MLW0u5711xQ=b z(Xc^0i>py&Pxew|C>rlgvXe&3y@!Xrz2X9BD>eutHR zbR&UV`Fi^0ORUSbS}s1+_#Dv`wh|0ji(PQY%GKnzc#jAXxY#*iRkoIpc&J#MTU;5aL3$*DHY zO{^+!(wY0$e8hDV*YNK-dEsO06qk&vvEl5j2nHaE0wK@5lAq`l4#t*^_jRUn_v4&!C7m4kBlsED=i;9H~R9h{< zM;O6uL}Fp8$?J=0&&3F<>2*F)>)KihN(j_v?!Gu%;s}_A>;|%{5dngGD#pu%;lG<- z#%r-W<*|w!w)|l`WemkL;FgIiJ}w4w=PM57YRv>1XUD@o`aDd;HBw?yX2x{Ul`84v zio1_}iMsN|rGYD76yjs3l@6sgw9;c!d!AP9E0oY-Khc&Wb0U38EHWXAr2bDV94OGc&}}Y^Vd`pQex;a3`nb5zVkF&DOqNv;_I|23qA_q3Ogp`vlB$b-wekM5?A{dp)f%* zMU=LyCojNCkAlgRtJT_dZ>1HL{G8@oCS7@tRCLC=TSdgqwsDf*wFTuE?&D_qzi~62 z5UkTeOW#au8vkpjhA5lBPO(+-dGd9~u4#ZZL6qtsC$dNm4mVQelS#&Z=YJwXv(unR z1l>9l@_(gSfpkWrn@0vS7IJku%QlCU28*_~CK13AdONf@uMy}Q z#A>)qKGERqO-MCV2b}+JGQyIyiZI6q8XuNoH5gKbM2c6^;Sku1;9&P;E^Yv&mCViE_$Dlm_5 zPOMuNu9;p|KJu>igo8I&vHv4y`ggk-i6vW}64Eyiwo&YJkqn{-uckHr6B<5TX$R_vZULp^_;yZ;Nj;a8j}c_giZyJkVPcv4}8a* z9CJg_f~4bg`0*cf46u`@4*!3!V<>9>TXqZsOKZT7$lBWLLhXS7{szNjCu4P+|It~U z!u5CMLtYFEm~zXE^3ZI-2d=*=osbdTn4TQ}hlzG*;l>Kw|Aid0t6WKz0g;npiT@A{ zWTeMS=sHe*cao1Bv&?(+=?;bwP!p#GNvH|(*Y%zw7?#;|@Qv~u4Cog&sM~lEM?muN zOHa>Wp?NC%E5XRqA*HAm+1j`#>k#Q8Am#DUgcBNk#h^$$zAn`i&OoAuhxB7L-fLmj zF@FraQrJZd`~@-g4J~sAF4H?f@~#c(MD#-wb%5Sq`Oi`E)$;G^7*)0HA8cn#1)Xtn z_J%pIzK`W(EKdsr@vZpu5ZDP;#9$Hat?^k941H@O*kVkjNGY)%`>KBSIQt*mjE05gm9d;KQ3wn~QCBjPLxk+f#M7iwv|H_SZk##~}f$h3%C3o+gKmkY1?tP7H4({&yuBz+KY9Kq@ExJeALrq$RNVWc_9IJ8~L;DP_a)V5TQ-&~=FyQ` zS67Ju{qe1s4BPBliAC+GIcX>8?E!F-J z&$GB}pi`+S!&a`Y{<)FT7q0p&5QmWIWJ?}4zR`DU*1+hZY}I!atr4FDeTck35b{lw zr%&t)4C!mk?>Wqic~yl!&qLaO?y3j|iHKPY(jJlFdh(Oq>0slX?WAbSKyLN0z??3I>?NFk-0U7AqbQ)}AI4zbA&Z=}@ZquQ9NY_b= z`&p+c)}y2NGQJ$9Y!gzTxbO)^%9cKEBM&kiFYX99h9raoX7n+tq(m{m9}|}O3S*Y~xhTQ-#82fJJQufMgp2%?_KAG-#>OzGMl~I?3r>eK z`3pBj)j2;`7tK}^P`3jWT<_r^lY2s6 zi&Bd$F2fzycvGj(jBNvH)t2>gr0d09VuWDQSf9M$A8NCo54j=`Ut)r^iKrS_%(Fs` zh|^?ncnoar{%RlilB|u!Zg&o~@@X1ccdF}RTo~H;O8;~LEl|WrLo7e=IktWnmmHs7 zwDH!?+QX^?q_o^UJ8>29p>ZF)UBs_tP!GY&YGT#;A`?(z%lSpm!Wl~W1EXMBfsf)1 zaNjs`cQGK&`poV*qX;m=dxO$5VR+%wgB=TckEbj)mSB2Y!kfI)SmMGyiaLxM4JjZq zKB~z@oZ-ibpplsO{SvT|zKk|yy(R43IeT)sf@OrSxn^(^0R0SqLzF>!aVE*R4nuP+ zc;l3Dg6x(bbNvsN??31>Hj)FuZy^NVO~U#mp1s(ZHXCu><~2XTYk*t9sy?vgwpS** zc`5HQf^CL7dvu$20G{@IY%u)T-uTim27ikUwv*vkQ{j*>h2r6%A?&S6;2?nZsbNFe zqfEv0ddCm@ZCc1GXBU;2z~K3|a+MdCl}eGHP81PK7G`&+xWxyx{k*FHa>k^WVs}F+ zgP$|0wJB}`{mK&mDH&7==m^f6TUqv*YGZq#=x&?Pl~>U+inGK+gY6cQW~K zbSoLsbVsY~Z{69`EdIxw__xWIa0>Oay&Bs7iVAgOCn=wMhl#~G06 zcBHMWw(Tot@Y40QG7`Z|ox;Mmss;*1EPxzTAJ@X%>@Icq#zb7s1og}6FD z8Q5tS#v9D5?-FRuVvor4{Dq%(SHhef z(m=ea3s;?u9?DOO>Q+umg#BZ(9tec>tRx=4AN#yLd|W4wNQ;$Vb>1K8%J03-D8z({ z-|&*`DXgM&ZK{~mL`9&*wzc%31ur%BcCEulI!*hsAD806+u8bA`ki*2mEmJ%-<~rU z^EK__Ehnn2)mytQK+9V#I^`W(Gy1!_&05NH`}+=lACF(9zJ;|ig{E-E#fcK3L9?wd z`z;zLrbU9zgw!w|N7nkH9{Kg8&)L*JIBUhSU`aC3&t5Gjw;CvZP?8;I&P7vkaT__b zv^Tq#m-h?B`wD7+L3RVq^PPMxq>TI7p~5F{N5+4ro3QUMPU4nXW_r>#{$~ftQ9!`( zcqkrRLKR_3)P_2WNJr4u-$=JFXzEyc8gKoG0vR!pqIPF|pA|0C5+ldY6541I(UF9L zgNuR!#n&C(7Gac@-fsbRHqEE`+o!OW?2+AIMfQFu^%*p^H+G_fz;9@3N| zwPdClEU&UN8n7{5rW9gjNN2+@M7gbe<%5l`EI9kFn$=QKzG*fQk2gLoQ4nS+2+p(y zvSB6zkgx;?f0>2|*^YC4Vdl-{YUE*b%&MNeMTyJ8B?Q!tcrs{8 z0!@eu$QL&&i8yDsx@mhG)Bb9?H#^o#H^v9D{Nd-6U`X+PHuua*_oG;SiD)JJs#E^z zm@?fG{t(yYcFjlKcAcR1`V-O9ZOuBqf*V2ZipL8VbQ(!=-ooGvtE79-o_?$a>BT6o zS*YP;mAq~1cC+{UcVm0v)k^rui+Nc5zVikAY#3NGdcWrVS-JVXTIl);DDgr6`A8|j zLtNZxOTW1M5w*004MCs$$<4QGs$=!Q4+Q`wH?~w^JNOIIZ60i9Xi@broYj_8AAS?fk8{&7oLTY!Npc2MI}o>INxoma57|j4Sd&> z85-JAENC=ok_1Q!_2O!J5NpgARH6IZ`YA{`aj>)#w4ZUdvG zGGevz-r*j^{?g{v=AMKB!TaHZG{D12t@``qc5Q@_QB8$XNC=YQ@Adl%rE?EUu`A7!q;_55WB-QL}NgdMx?s`|$>)U(TWnB%%EH z_g%dT{G#j0SZ3uqMAh*M0u1}0q=jAa@!54<**+#VqsP3O1?#OlM!0(ARKwcjuY%>) znH9)YL(j(a@ArSdpcYTo3&>E7SXeXbmY0f-86nn;d7Aqy`Z>39EI9ePoyAv4-{1I& zoV!#cA|xF^(0Be|hQ}sDMd7czHy!asV!NkC?Fy5K8}Lr5#x1M34aS;DB5S*#@Xh6g zJ&v#fX13u9P@6Ltnv(!RMve2ct0uUw;=JuT8j-Sq|pm#EOJJL zj2~AlUlmg9tbsFtKP5mm1-8e(vQj>Zr4dr3^KA79P2EIA)O(}MijYXFmvY9PQc}mi z$VYqS;VbcUz8^ZV4&CiC^y7*y+Nt-~NAJtkU-PC030VBfut1Ab5H68?ks5ht{M@SP z3KGbvTmUDK8F%n%JCoVCjI#Pbuk8|yFpUz zBtaI0U}Ru^EX9*ycUeptOsld9g+gVd8i??emM9XHp>?IA5Wm3sZ8VE zxa}WT(6W{wHD+}L*=zY+o12IV{GAMF?T%};RgR3`*@&c4e=Tzw0{t=Nr`ssZ)fd>M zkLo4rg_p8ofUT9y3q;17XXuEs1Q39?D z`T}>|mepaMy0Pz+g390y51(>Mo%w!BjS7#Cg-+i@-NdaWr_^XX5Rk7$#ut;Y{HKVS zXRfxBJq?<=6kW-Q+0>F64PvoRgIOz4LWorSr=-fa#pr^_1=U!dAdRT#`Mu5~(%L{0m{hM2)N%ux?2 z|1$R!M4vYizh;1xE6U5aO-LIJrqIT#QPG5*8bx+9tOLM@t7T16-#(`{HiP(&yf@Y~ ziVBz2bS+ovJ5T65kX1T9+8hDD8Aj@fWqPR|C034d-7xZQ? zaE@{~yR4z_5bfgEm)xuOD2}r~#GVk)`36Rr3P;Hu1+8OGLd=9>PhWg?nFpc$RcmNL zYP{JIYHWHSbY32!AE$gb>O0=W+#xvO$E&mBaoe|J7*=%|VhyG;7cs2=3DQ98lu7j0&sbY7lo9w#MYUO;QU8Jf7W(O=|Bc!znGu9EsJcW0eP zW)pNLWDVV&@oc5xrB5c-)=U>%ECO+}aJX2#LYxL_7<+vd1n&&HI9*}y?{=SbCl?Hd zokqP+!D}&3KkDFHJbW*atGw|)_$pXOd1m*K`z-<9`F*l}yaB4TJ%xeSyCfO7*NTp% zbjL6#DFcQ|9X7ipb1OWreR9ef-~x^~bqayGWmTJ8GQVevEW+b%`8wox=IxgH8{EV2 zYo$1aA<4RL3R|@?r#uJ7gO!4aErAv@WOSE@`d=X*#gCA&+yK9Yb?GIc?Wz^8kU}-; zV4ts^UgX?k=H>w{`{)ezE=+VeB8c^I5SD}9;lxhy!zM)tygxwuNdl;GOezN|jpMdx z(bR09v%~-jZF*A#dnBwoIlzgQR}cu-i!GN%TS%ww(so+yEHs*5jGy{@Sc|6y2;YHkXt+wEE zu!97eH!r*k76S;~@q}*-?IQ7{9_I`0H6=K<`1u=Wq&d%2XgK5&&qHhv<30pQzW(?L zhdb+ebdvTKs@0O^)|LtF0%i(qF{BELkz?V5q$D{b|)q54MoEVjwm;L?JmYMT~)_#teRr5V@mKoetYIWD7AKo@52S0-iTuKBh;EFc zS&sqNA4MHT`vFo3s?GSUQHA0pu`*F(V&S)vr&?hF*WBdWA<^v!jhKAWK3@MHIqQO^ zVy7_N=?cQB)x%}yi)UANChl`La`n0V-=cNuo+KPl+p)X&SSfR)nD9f>K}c?4f*x<< zL~{Dr#U7t{lOhB)m&@|}lR~1*yVI+pI}_0N*Hy-Z16$!9s~4G<>W{XiH#6D|R+K0N zZL+e+#BT8MOW15lTm@OKaFXW4SB`HWf*yz<`JqFcvfEzz2P=8FWVvyJd6!%hd+|Sz zjHI-d!3s=*lcJ6ERLnU>(?S9JvY_0-jg}E6%^ETh+A*Ucdy5&F|IXO4S_9hrv)-*H zO5Bu(FdA`RpI}Wnsb0($rXK!REq4eQ!J`dscdHgVgL;->>#uOgrz8o=Rp)agRV5@n z#w0ufFDvErK>ikN3IMhj)u|@9koftGT;`FW2LlrqUS*j}^@At9%~<8L{&Edau%#UB zC=E6k%Rb=OD*^A_iN;ic`XRbW8Zu#tDBO(rG7J6m=cj|V#rDfmb7+7dUonw9EvnIk z8*AxNrF@;5G~LR}bPqHZE6i8phy{6SUaBfI1Tp4;LWGwtc@Y)D7@#z%Pn8^9@)sbN z+{tph7g8{g6q%@D$hMBNbmQz*4$Xpk{;}1TH;)XMY>KC+SCpM*})s>|eFrMJprvP48&L5c! zEKa5P0u;B!yvGN$HX*pUD~bR;u2_Ql1{ErMLW}@Si}EJRq%j<^U`c0@>>!X}oGL7Z z*Whbr_jJEBFl6!M0N#HJv!14$F2<2(%-T;*A{s-dM*YYg{hg&>)6F8-i-qt-f-Zmpkf#!r6}dLNCfJVBGa2BQs8b!s?5WR;FjT zy#_Ib9uctTAkg2jeGgWK`Zz3IsVc#sp;irqRW;0MwC{NY;>i^1h5kzdoB9JRtHj(C zz)vJ6bhnau=>h*Q00oe;FdzI^n<9`CmRnuvM6=8wikl9qmNgvURPYQXv4mS{y=F3w zM0e&agSy=il5*0e9Q5=rlmu4&O<>E+>_n_$Hebqb9Jjy2sC{5F*QBq)vCb~1+#Ori zif!b_Z{#f%i^RiU-Ye#U!$9$*-J(Fljr|9ew6oT;O9GSskNmZfT!os{7<=g-{Ju&> zwv$oe-I||YDQVzLq8EV21e#~E=;?}uuuKL?{Q!!a^6xi#Ex=6?^VdTCM~+CIH0FgM zj016t*>_z5Bsw@n>n#4BP{RZ%ke#~0!e4}KNaH$9ho31HDXBKUG{GY^Ql*k^E*_m5 z0Qxz@!T$GQkg8P3SN{+W9es5-?D&rQiLmxF5*VL5J3d14OiLRDIkx!FNMai3);Myt zaR`FY2sWkXKs|kyf%tcJG4gVUD{C8Dk4@+RZCw47EaEq%B~fq1U&^HaS)}xOzW93M zuM;vf+o(eSXYSum`j46eH!Jx+u;fYOgT-?c;GV=(G1R8!b29yK z{z(N`HaSy%`!w7`tf{$y(kv`akv_-1_%Jy~Y3K)FjF5jEvCu$LYBibSWEzz@QL!*O zkl@l(2Gpp;ZEhMLz<()5zyHFbXn^uI5LQf$J)0GW2o zx#sc8&M6?dl$sG-kWz~oYRpb4QIQq)GDZ?CxUaHnIjIu; z&?s9Guj{%Kkf^z7H)>5N9`voOe@ftRyGPYj{r<7o55ooVX}X?-4|;~`qPZ=t-;DK z1A)4&YZ8?qrN#D+9L4|#I=>`G>&BkSi(MAWJuXa@rC6iDxw`q$PQ={^JE%&tJL1Df z)p(9>-&18Qt4U#gSRdoKE#TED;eD`5kMy-+Sg*I*J!=Jj#qubp>|sZ>+-QSV8ON7k z0KatPf2UF}%4(<>ZB`lzB-{AY>|HXkAfE?prYN@>9`4KOKD=%qBk5U#e&zV6+b(*^ zE3>=vlj{D#Kk@w1ZpZmM>J`T2;l91Lzyn#~@&Iz~ z6Y(`MexH3hsk>$(RU%+f>S601xSEh)Jq1oHY^`8r%;zfZ92stf+%M}mplPTg6bUiq zfWeg-y$qZ2$FmgT@wzy5C)cn~2kuD5-+*;(OVTP=c&nH?$tsZ!$LapAq~I?BVaZ?S zyEC&*yucJHn92za9iW18!Y0lAiy8fGcEIfsFr z^@E!!2hUzwPjntF}-mLh$0pudU>ROrtzBSC5B9jFMfVQVbvPWlf zptvDe-G0%;4BtoA$|TC3i7zfF;}jjwkAv&cRSQ5m(W@npmGF> z`JWWoc;>*+$b8M^h=c=;o}x+Wp+c3<595PiS)}pil*1j=B1h^;dthSz!DoV1Jbz5> zQ>)csE!B^(Nw#cmk-U@ea@sA%9MO6z4uZ{wP`!hxfnnga3GlnCzPr+y!_Woo{#c^ zI^cxsm#_(cCi0C$1v(TH*gVHtW!Y~(Z7vVfBgZ1_2Q-(px>>BMEAGETVVsb9T)oO3 zfpK_TFgyHhm9Hp}4^$`bBy>`=do?WKOTip&{(#y>SZsHzVxnY{anS%9jGN8Bj2~F4 zU~TPb=_8}GcM5E}@YDdMLTl_IsWeIFwR4Zv@jLRJV%8!f=owILxJK;3g({sPdl1E|SmtajJ=)G3}i~tpHVK*W8F`oJ7hzIgEYlg?w{63r!$V_@Ef}Pty zG^c}4?wtv9wW%86oUDMCv9i7@00qyjy9~z13NT~cM1`vhw|+4+P3NrOoWoMZtVT=> zLO1Gw6WK?KkDl0m?SYzs?K3-Hmmy$$0uv1kj_;%X6BvDMUgnAhEq@8rrp)uy;95FM zqw!H!8<|&n8QaUnJOrXsJQEE1IlHm=3O1+!?U1S1$6U0anZ2rG|BL_QXK^(<%%52o zzMOpPy`IvgB%|Kh_4jlFi%3w`nxN7$m5P)?jQgJsJ9K(X2bb|sj>|}l0eS=X6csvf z6e!Io-{fcfw@FlZ>*G=cPl{2aB)PZuDAo)Gv4}tZ({*`<nSru&8o z3`d3lm@EdyLmW-9>m)^WZgIt+wu8|(PjVHmUAGovHicDJehfkfQ%f73f11WPKsw_M zs_WtFAiJ5?8*!OjFpid9k0|x|am;#)b=q!|lE=|vNrE-~<-NXQC^@xH3tq~_pufS+ z0u92vTpXptp+1n-+o;*b&$o4mV2CZOSLcj9IhlXgPuqkuO3E!X&Ezn;1e+B2YebXQ zY&UjcydOF#YEg=Y%T%AHlG#^`K~%Fvjym={74RRRNsaP?n=c--Ja#Q!nwvXNAINW4 ztZ$;rAfmg8Wk?zdPH2cny#c*C3$Q1%hA|X&@gQui+>1$&JleC1kttBJw248@GD@MN z;da?`(n~ip$~0Q<7ePFa3sxo&z^`%!>9hs~?H93+vKoJ{NmesilYe|&^Gfmfn}69p z3Y=1?h(#+1VLDS+uMWfLe2+^i2i&PCcQ)ZhtmvXuIKZm3+GuaAi<{w5StdQ0ksk5_ z0#!?tT4hIri8A64uobnk1U=tYFGIa|K7)1MAyz~ja2#UUng6@;isQ8B5cr9~yq!Z= zb&M_4(4!2(3|2@uGvgo(VYy$Ir>gaf;q4^QO;Py#ARqTGK&{ME(Cyj@#@b8RzE&6u zb|$D@Q`LT%!goP7F42{NQ;<%~@lt0OqhA>?bY8|6_e}uJnwDzc%_7=8Xi+efIZNYE z)5wC|tutnKa>ODz$c+s4mCNLQehqoqn=+xUV)r^OJyl;Af$zNc_;=r|)j~s;K&(Au zzE*-ue&S-F?=>M)-iw2bh_c8ZKhSJAiHl8y(S#gQ+0P$dwwyn06)90Bl`&V3051Mc zEvhewaWQAerBQ5Pw$&glhQuIyw^l|#u4+@;k@Vz0#D9%R75<&*?BNA z?|2gTgVdo3H&duDAtHAK8FOk%@~K4|=M*xFj|a>coG0p^0FKUXz1pc$wTmA(i0s-i zq@i7wE^FC0xN3SCyp85GfD>D-k2YGQY|eMYJx=UJUcf#r-lemmRfI}WjN|@*aN7nP zQuq2sz&k%}56THQ0fA9eqn!Csb+-pzlwFW6hAR7sD?)J;U_o3UirM^8iETQ-j2eWr zvNBtZMFib(S4A=1>|z+xRxYjB%P44+?hs=e(kyScXlw}gtd<&eyN6!^21$wbPNA%; z^QlWYoQKWJ&_gDT4=qmw7wRE*P4Ni6rV_Hb=t4RaPeyM(*0Ou_lO;8( zW{YX(4FG^?|92$T%-CK7Dto?X{<>s9TwQhL+~O)+a5C(u&}=AY-9OnFKxqw9oE&*I zbeJ7~Gs44Udptw)JktR)mYR;UjG`*A-OBf3ScJV-14H}Ft_`NwWl7Th8Y4#v;JOfk zJ&lgQmqu~Uh;*VoTh~@IS3g*XMqK$MQfUivPmzPI6Eq=@gWK-ShM)&b+(P+8^C<3# zWA9G2xyn`5e}E6)HB z8QaXOCm1CB)B+Ch#uc>g z&V0{Wq=3V(l-BGr=7Q)R1~T@pGpLt=KMwKdt8I-<)cSAj96H`*EnBGDTDYECt|}@` z!iITiVAVgp#W+gPmlr*1?MDR)!JvUsLei;1iN3i*tfkn2NxrQoy#@dA8p^^@id{$s z2x*a4g5SahT)HbJ!3FQNL=R4CEmKQ@;-7xoGV(f2VkUx9!-SVEnro5k0gt zVAHpbLcqJkDQvs_Y}@mf7QOcsy;g;1ogp!>#T`rO=kfZ^%xtgmuYrkv+I(L_?BB%2 z!Ljn-Fv@=-<;MI<=;J}_Ji56E|6;_B-NK2H^=2ELlMg}M$c9gW+{lI-1K7uiWd6Ax zxn>34==;`p*#`!n%T^xdZ(Knn&)B>8N%nz;LGN~VT=XIzEGI;Duyy2$IL9{eMe3j5 z3XU05@YfRfLKzNgw)U&JxEiv=StMSF)kIgoe4ocNY$D*R^0!;)d6GlJ#f!4uoysQ; zv1btVc2bwJQ)hK)R8O6Ddc{1&IXB{+Mrc+PLO){S}+vZ*NxmkLd%l#So;?YTKm(r22B$E+$X z+=XB0(tgd&XgXZe7rOQRp(3J3OY8gJT?k%xS3H{4zi(TNg<2ewZD)+GYNf#em?_yC zfi5YPM_~UbeQD>AdJPoo<%Mb1es91wq;9wJPyiyI=8WR_Xyhh5U}rRI;$S$w0$=dM z>fQRk&_Mg+jOCakqlSo&(Wmu^Y5lubuTA*NYLY%F>6)|HC?nlAO5QDfYmAI^0V~|b z!Lk;5CVN%PR(e=mVKkRA9;)#F4A3+Axh`+8G~zi`w00U9tbuALDz9#j$kiK6s_(n* z=z=s6hTwkp^)i<53U2VqT~2R)c7?LZOM9GhUCr~EKR)^gz-J=8+H+Hgc&=A;Kpik7hgPvaXD$2EbQ$O;2f&;YdT<@kmoVHHaCw=P|CMmAM0#}N#^>_^ekV4gU11mO zqN#r?>B}ObsM7tUQrSh_Oi*uC45wwqX<>LbqsnDCq#V#pzxDZ2Q-j*90soKM34BG~ zX|QW<-Eit(!tH_xqU(h-&1<@MmFEys5M4cLz2DB z*3^*`s|*eL9Hy*0gSbPPuUgK$|2V@n;l_a6DdAp+gvj!vde>+e9|xJ1Jt`HGpzJvi zGpClDgq(vf@H%gH%0wDgt(&93v`meS1S=Xyg5C_my*JJ0D1A4f;2->1D3V{yPXCC$ zxpMx-521jf#pn1=>8&lAQJr~vGW#mL=Wns3NtWBV&gkL8ZH#0qF29>n2)FQbF8nl` zTfQ90p@Zb|pk046tx9{ln~!hDOrqVLqvdiiNKWorB?3`CJY3#LnO4dW{(-QSidA5@ z={`n2zSG)lqB?I->+_<(f(b81FK&|&{ zWR<93iCe8C-AaB;p#N;NT&9suv7`XdsO9?L-%v175FDp~a3=JC)FrL*Pr8sQ)C|!Z zb~n`&Fld|D>KSmMHnguU`9oej*?FkgUm-^|frEqwU2zRd)dwPH^Q9xXFeA>e_<^7* z9X*+!1xW!!+uC`#;Z|D(p;-6or9dZR>wQ^9jrsJG1?CcFS%VCXhe536^pTDBW!7HMQQ8AHQ)gT(*h1%V| z6!^9hN)d6{*CKy4Q*J}^EV2t7DL=-#$j%Hn#aY|cs0L$>xPKj}gv@m;UYwvAM=I4N z{@0V(nH|UVSn@s%aLPJ1;2Lm|QCCPp-UXk>f(ATdPdm9M$+eYh2Ttu)KY@CU;TD0fA3~G$MkX3?~q2 ztPeGLn*f&Xw`*arp`9#VZfVtH`xy!z_7rR$@lbGel)8fq1N{6&Jv~?Yz6mDGycb>$ z*(7_B@NnqAWz;rnf!N)~QZL6A7wv}${!Nl*Yc31b5~ph}-;394F4<<0Y2e!R>$UQC zu1n2IS_LhQFd+_}F~sx;B{Kd+5q~x*iLRv5P3Q*A*$vojQZS%MdD*|nO| zq2Y0hhk|qh5~a#_tQ?iQRw+hIDp0Pt8~+5j7%L=Q0E^u%AdUu}opOGJU?d~Mi%e?0_{_GID8e(!vojnv5ayxrt@XOs^g zBvefv1hlL??_bm6FBG*30_xH_&_Wr|K&viWcckiOe%Hu0rfb%5kLdK0st>8^h7^f? zdnfDr$|8jEKBD=2cm3Ga-%t3rj8L}oeD_`_*gjGXKk0@D>dc{dNLOBzcW+G#;CA`# zxHo-?=`DJJ0LtM4S$uOksU(ywOA>-ZG(A$xA?q0FcAt?hUwP^+^mg=iIn9f@k5Y4+ z@N2HKIDY#vi)5%TI#kVN`Zzr&Et_?Z&YJ-Rhs|xx@VU*byv^jqVOUT4@S^^FH5j)U zjbg4Q9NH#3Ik4bFSzDf*IX)_u4^d_F9~5)?iPoz$BeeI#x5oc9Hdjb$002w>aD*<` zG=uS8L7{fQYzSVsZkJVk7ZVMz$48fszb1(#Bt2^^yz!03pha&HWc)^ydL7|}@mSF2 z^;qz-ZBOVr>t@~h%e$3v{h!x2(k@?C$mm|`OwwImd?-HK(19enQdxXtatn5HJOs8% zTL?;fh1(P5nHncOYIM1)^%BGY_l_+f&2P=?DtzRL=bKd;NU1QTMEQMGWintWY*_Ol z6r6p}n1EZT#*jGJ%EhiAZu8#%{EXV&Ys@C6NEKgoV-RClm`^e%bo zXHi!B(TXRftyT5LB;QV`?qH0VV89n6lrhDTFHjYGtvlc=&{B&lTGaZg!c*wUbHD24 z>KHeb1@IJ~D$ij@LCm|>Y9xy-f{VuSGxrPGs|Im%=<6$42@Z3v7t$J(b4)olrqR`z zp4_wQEWA=XT_7koS)9}dq-V=^7b2v>nRPo)_0w@*h4V2?$VXza%Fh4aRiJi3fjiwOT29i5i-uU zzI=CPkRc)M?S+xwNM%DI(i)>f#redqRc-$K!ja;oJJRsh;U_~C5h*+IwmMxwNM|Pc zPd3yMnj+`Y6A{9=w#x8Om%D-Jf|+`M>%jnl!rzJ~9VAlNzs!W&!5wZ7HIq!((UHv;pOJ#i!Basm0K6b)o!gw`ZvoF}Vo3trxjYU8MkmBh>*(5}r zTaBjJ!MO0|>6S5)c7Z=`EWaIiFzq`bfIq?G1*0<^fkGO037l~CF^8^rN~NEt2||p! zr<`i~TK34JIi9jD(n$!a5k@Wqz<8WxTa6h`!CHlJGYM<@61NBGi8~_Sf~+8BF-yQ^ zE`(wLT9S|UtN?F}2Njg{I-%-Bo9t22kx$J>;^jPCw6p*q$ahuDvRCN6dS{&}rX1&y z|8r;m9ZY+$lHA5{_q2ON9VUu6HyMXc%6^%vC?@ zhQazT#(igg`(Em|x4FNkMmd_DGt{`Q&uv2=oBLiicRVewIhvK--80m~rn+dIw9wlr zpf?l#zi%a<>85hkMT42ycHGIhzHVUMdMW<+&+}|k+xC#`uCs669mg31LQi&1%=c^W zDX}^|Wy^bgx&&n>3-NSwP2_f+low=sf*PF3jaFB$Fm}X!q%Pe8)GQ%89ffISNy%0= z%;C#JQ>)y897xn%wy?v9cKsQn4h&|@%Vu>xUND$7fdeJwhs10YBlFyaxCE8RC}MnW zBk2>oQzwJaMCoc$xsfBl+U#hO!+c%BOq1!fW`klzTo%XpwxwA^zNU1seDY;J@X7_( z%x36IC-mJqck6uRCG7~foVr8RTh$Vs29l^cfdjpz&TXbgOvzys!L;fdhA+-|F<+*tWe^F^o%)=^ycuzq;kndRZB0d|D!CIWTi0RY~~)MHL4bD_ANTg&2J> zRrh7NSuLh%@1n)tgS?vKnY)ROc$JTMWz1=l^UQ5BM9q(6$8k-z;qWjA^C%R`v7t&R zF|k=80c*D?CaflB;GDV(T@pn(=o!mgun2OvNx{Ll32?Bnhvw-V)Jtfi0{tM(Z*JlY z?wGQybFNZtXI!ROZSPO6pEp$m##+ui1Dm&;cr;@Ax<9>6h+lT2T9CK7ci3;NHmNN~ z+@2N3NgNBc_M@1{wr*c&VzASKbXWHVqYN^Nn>%WaJL06b)p>og>C&}thps!?8opwS zY#&!C_zjlVee1K7ru~ z!Um2~)i&>S7e$dvt=YqAW^QssJ&&dbfm}umCnr4+FD)z}XIabiSlez{*l`>MeOU(Z znGy51riEYzN`jAY_6KoVeCgXYf;lX_c@74$MO0%JYIpTP_g#J1>tNOT zUDp}_g-yVR?#w0V=f`J=zw8UT0DB{XzaRqc+5efaq}1Ysn~@-N#sfDQ6o?EY#Syqi z8;nGizH5V8UO*8O{Q?w#y2SG@AOXJ92uW{XPXM7A=}uK+61y%_Oq+#0aa96OwlLwGeM zfe;#3^cj%A6U-6rP2 z|6SdX*p%1j_^YP2S=Tww+^T86D5EV{+?({mVzXiZ2i2{*B3KNrp+xy2qV zZ2ZGSS021aob^G9V9rC--HAcMyREJo&HKvO6EOA^ARcU&=3sx7g4+U_@uQI$8WWL3 zEa7)z-|%bK#HPSiVc>;xo>RcZWYD67J>oDP@nAz21q2hq?Rx~uFx`vT+CvD`- z>aq+?A!t$dwm1!3MkYTfn&^t-=n;)O^O@)g2CztdlO(J1QZ#k#2D2a<#r35Ton4o_ zRmv-TRdsqjDZK^!bR&DK)DS?>I)1QNK|{Ggdt1IQxCO84)|esHc^b!v7sLN-Ccwxu zE&Gqz7KS4F=7*-VJ_$PC$IgLH1~Uznj9pw|jSgI8%H7Q|{s2q`xs`HaOP(Y5#Fwm^Aixp5ZClYR`FN4S<%4-lV0YJwmedXMSu-LjI9SIR)LQJwrS^D}AKAVm9Nk3o>Eb)KdSZ4OSRA zDx9<_Q?1Mtc@+X!EAkmHV)3Fl4w=XM(e`x+0YdUjjtk8N$28k`@XA7+`{~afMhDEn zSxM)w222lWwC*tsD`CdMkT&K!>Tff_>M*`dEjX41gov z4h@r>=eNRqr;4&?euj_B!L_yn-7&k=0)-I}buUqOQp+MPJPyHY;n{lH_RmL9^2u){ zZCuoOOfLlumMUC8Is3pa0XN_miCABv<5#mXHoS&U>C6EoL|OaJ#w5o_VAPFbMx2_P zY=*H`0U{)z(ev?WlS$5GXjUZ!r4$!8JyWy6ISf+CinL&bZOleKKuY*Xu?8bcE)vAM z<)apw=&V+ARCy@vZPqAFF~}qqo$8*lFJOIJ2-NGYDx*P8-wn9RjE)KOZAI)-RRIgL zze%927~j4&+n4PVqX*tf@tp*v61j;lE7zuQ-RMWuqnS7Sai7UYHpVn6rE~sh+I}$n zUL0}DA8CgM&kH|&+)6sl;#&QC*(egbEFiD7&`2%4u3Y%;ZchCvDIr+n4Y#odH=r3T zoXO7;p|U=hE0c>UQg#W{N*X8KSMszO!ULW;0wyx&;*3)#f4&ALuBoqF>8UtE|# z0>XMiFiQgXVgl&g9g=&BaIrPwXhK9mMsRM1I&@A{wk5p+N~x&4Qm1)o_*e-Z-J{Y@ zt|@-*T2C%?QvXUxU|KPS(N$hfab9{cyk}^eV~YHHkRc)3EHm^tGwdMqEfCpms%A?e zG%<=yJGc9m!Ni;a^&D7zufUaSo|)a0h*&e*G4Zd14>_yMG%QXu>PmZrN+cZt*^n_A;bYSa~$*1sR4Ccu0PUFeqj z073Emq)&>pD2B?x3v)=27DuUNZN}43{dg!BhP7JqY|psr^Hm~j^S5G@Qd9?eA{A}e z*s5)TRjJQqz*TY)R+-IY6$Es7%%vh)Ba3xwE*A>Fh^iJ( zPolw?z4}wQDdx-+1x*C8`=-Yhf(O06tzT>jgJ@?Iji z6-A6)4Jwk^XA5}VImrI~;|;-ZCY4iKdX1vO3F|1cNStiqom#jzb@ivQ#Ym@iPOl3U zzVBa8;Cbpoa>u_0;ltOnlP34gJC)5Y)5&u4bzyNm@b(*vrEbDXKS^ofmW9E*1Co?- z;<#kfm*mNHsyjg^Kt=IGFlN;lp?mTM05${)Q9Uz?AGMs=LA72*whKbxG`gI!LXR*r zp&;!BARk=*F6(dQb$E|M5pEGi3~Dj##YgADFuPMbuf2a787}Po!VO9h6^{B38CSw5 z1mpDpI+l2QO-jm(xYeEaNDQ-uH~btR)8c&NjU3)a&d-qb*EwI886R;=j&P8iQXcY| zEZ&-t6DeGi`)pJgTCzx!4@NW2lTjfMxy;f!kKI!~M9K`w$Xu*B)16ygh{Ig)Y*b2- zbiJk3HLFtkj>N*V#b`Ku+_=4hB6Cpdh6p%YoF|=JBph2k^@A)A%_fgMtUo0{Gs&|S z*Sf&?Az%2+JF36{wZPf`Vwm$T50hjr%J6q@+wc3o8W0&!{zdG#QG={PDH|4d199(m&)!<3SC!5Jb*IfL}^^noLpGXwmaoU2+{t6xYK5;nzJbNSP zoU9(t{8Zs|-aqp1`Qw>Osr>(ZmQd;~vCu_qsfXOicKp8u`-OM;p9=n|*pY8*C)#*{ zo5m>i2`=-v&YzZxaGe&6v*msHoKZ8;p5SM5yB(dbo?(`nNeG^I7IjfU=2a;FgI|LFurq_76$foc+lkS=~>JZj* z_V$9CBe<=G6TAzxNKsw7k+lG`ZD7qpR7@`VO$C{lNF~`*Fc>!tO}4&H zqUK{q1PRt9>Bzs0dIHh2Qqja_-v|j>1>z8Qg0#%H>k9-O0pQ9=oZLO*LswAICTvEq z!aRZtAx}qm5s#Xsp3m^x8hp9)vG?#CgbozYA~l)(wHC8$1hknlCuD_Lki+k};W zYX~O#CMN-9!Cs@Q+NjnQBKRVUJc#AAlV7rt+YxQc*gF0#%q@22gJ}x&{%JT9#^_U0xO5ig#H%^?l-IuMYITy3NaZZ>5%`ibhvtUSRV@ zwg6PF-fIASb9}MB+!OO%>p~g9gY8gW#Sg9t?Ml9~>nY6eJfL~>i3UATaZn54ufoJw z`$T*pNn{h83*{dmFp_v*#jHSaUcm!~7AKC*sFy4Sd9H>d1UtZAFZLXy z0KO0Oty!@80wK)lZeQM$e&^y}ag*)Yp=ukv#)K!xvKOGQ$laAP9Kp;zGJgqiTVQlP z4ReBY=kxbyo?=nDTYT={f`g?VXtK9QNaN*qgRA~%EFwUDMnY$%#U!jD;%{yVLh*PA zR=ktR<#JWStx6!kp&SOyH|?zOJ8HH*KG1yPV;e4+gv-K9%rw4)F5X*+R99C&2=)wF z+MNwDsnmhQAB{$_Qu2MIOB?+z_87-PkaGQv&(_Kl$~I1+F!*lpUYK&8mm>QQYYisf z3{l-huB+4Q`Lo&1aMAx#$L5molu9L-^HEXmV{efSh@Vh5Gl9;@1jGKYi2R7R%9%$? z6F75ado3Q?%zpuG=UW{fxKRy8!^9Nb@H{G zp8X<)<#|dXkge19EcTf=*YQJs9{d%Q#)8ER-r`JV-7Q!5Uj$2>65^;@hEhLMsDD*v zzHLO)3#LMA%l!KSr|NyNxrWjV!$na38W?uJY9Y;!jUctMb;-e*A~ersC#umcN@a<@ zcfE{@4_rI*r)x5Uwb!I%!!FJ(-2+GEt*_24oMhQA$FgxBkXreY8;QhTo8jODr$YMy zxJu8?UaHB_oz|#FWG1z!h20s&9pe%n_j~E!6%Wf<>FAYFIrgX+1%z$)^oJM6Nh&dS ztK!z>>t~%F_vWG|GnYJR`r6?v&o!4Sdunu)SG3gK_`POm6JejPLgL%B!y1R=L$^lm zLnPSD>I^%IDjw;H;t-H?&shrmh(a-u0!9ztLZ;NUCM+n9fq)~w=Nh}d+5LULiBSJx z?ldiSBSHej3}BDV4nt*n#T9EnU*Dw_fP7M+pVjtEK!jTg+83)vHMU*eRd$(pwnEG! zIJQ;9aQ5k_xD(v{>R0WAR+l8VjAm;lRfd5|4t$#HBzB%*;9uy(8*VU8s6`>pATqs<6xBi2dB?>sd2hA>Rj2!7lp;MHX)5s`8p*}8LJsj=K2 z?Pl;LIBMSjGDOr&#!GXPy&@l!^?l5mpCEkppSn}ANgld z<8BNJ1Rj+JJ(B`Gmjpf2t98k!zlMhO?E#q=^91&WOe-Y1VsX?-D&rW#-uzTmwy*ic zb&_zOyFJF={R7P3iEJ01N^?hA7r1{zI1(ERs=m^et7IB=O*(45wpCxS-pQhg{`)|}yQNj`cKka4|r%KOR0*?;!H#b@Dn)%E>V zxW&O{te|H3G7KX1lkXpIHBk+c6KRu7>Z6-e3i~qrYfC(vSV?jGcDTKm`03oH+LykOEaiFjGJ%AyO5Lo?e^m0z?|*%$>#ZS|NeL98#JOo_^pYL)AKHK zB@4A@%?vl@^G=EnJ#cD0Fp%i(^>}vnsr8ek?)wj6c1Gx=IrCWNj5#xB1YTpMNdhBj zm!v6LKB#=i%lqF2K7EkxC(n_ek+{$n)RZM0oEN&6TpZ6(?Q5*RT@X#i4po5aJklm` zM3)cs6wenxt7WA(^|cr{P5xF(KH52VNTn*I@rwlwjGJ*qg+On0Qk5O4oIMXc1Egr<tT%hk=b)ee2y)(}dgIVN2imr; zoc#cU_^651t)8QpLV4>)3!uEwu-}<440WLMJ

oowNwfch#w3E7JF$e}-c4bg?4! zncHmlIoj$MO{VA_tOTpov!B)@k5Xf(E;-JqovNA}LDYp8LL1ywrlYiA>_yOE&|Jmd z4RIVLQ!TqZFQ6d6Re3J!O5ng)beQ72fuC+qVW&*l&yk>nB%k`L)}(2cp!(z?cGvZZ zelMpkp#ZwKfu>C-4drHz6*3=)awkpz)7pOjn^~zLH1fabDPMz@WPieBUTEU+|%5zj_SJU_yG1&{}UG>ZQ zb9;vUvVQ(d9MiuEpSVeVF&|E*)FlA59uoctw*vV0=TFgXUweCNYW^T4lP50E!Y~xz z0>MkjJy;j{2ru@%*O4WqVomn#OfANc6cNk78h)cg_d;u)Y!v*(e=??+<8@$m9MQ0& z^ZhD?T0eEGRL;Tdm;=6UZy8wG4{iQIa{~NyRIwXHX2TS$*?~yI|A?9I2v;MtZ7wt8 zpFpRJ?^+mN70%OGMA!&A_RheaS&!TD1QA@-3%CZFCK;djsoEQ#eGrvdrr`#v8o=o#$KCIi zBaMlJ6iGwYw_?)Eh)cx}X-nUA(Vt{TJikD!1++L@m$t)kaivP)xZYz7A@!v5wkpBV z2Pc)4JBk*$*A#NqJs}AJT3eilJRDrZK8N%dTa$Oqv3xRb^U-*L-z--XA}4a#H^elh z4PBh7szIe<@%kAk7G_nYYc+kh+?#2K%m#^r*!B9UeNovY>sXdmkr7fmZFv=FHj%Bp z-VysPr9@P_!v2+xQ70-KJBm}8Mpy(NZDr`0t@0)3MZLWY<53bDdr9MW>`xB3O))nL z5)DWgL4_K&o;3bYs;-GmqsSDTryfBG=kUQBf0~f?HX&GLJ7dT_1k@_M1UQuLq#lpa z)q+j7{Gy})wzK9=j!lYm1=l4)iEGb39~UKLOTMC9ZX^*4Nx%1}Ox-$v#0=5N1nY32UB{w_Nr&=0+0Jcb_z)7T2 z#=14K58FnB{OVS87A|rVEdEbo&jbGPG?A%>{#3ZC2bGyy^Y$9SFP^aI?}5EaD({ zL@2A8NYP%R7C7IiYIs&}`XQ+uR`+rRf3WDZn#m^wJSMjQnbq3X$YkM1(8(Hn5`mi~ zSDQj_I|LEXPNiT8m-Z)wl0#Y(f>+yolBJLi#q@b(f}``1Z{!_^JS(3fVTa*mINUof z_S<~Cs^o>AO$+&R7Y{Fy~~ zHZ}qpa`Wo%#C+bLtc(w1%@6)@pZJ!-(hT0t6_5KC3;rE*8+U_(?|f%>!v~ye8&sUS zu~WaKDFR=$p-umKodKe3+FBndY!ks~IZoMSQD~%&*4WUf=&*nts!{kPIvY0?B8sXi zN<|OcXa`b|yl4+@`jbDeBtXlAJzaV+40<7Mw2+nOL1`Ztx=uU|Z>29Lo8KRO|NeTO z_PKxU-JMO`j`@DRH|q~3pFKCK>NAk29|Zf^Swdr#T*)_PXkY*z+>ctj{YIenK#CYl z9ol3N;fA!P6M`z1ZAmE-ibQnRBE$O;%AVAV$7RyLr!)2kitfq<{+g`=ff96ncBizM zsCoCXT{HMQ02O%fVehdBXPdw;R*|;ux`Zg*nj6=^TnYYzoLe@lRZzeX?}y={Tf5up ziIEjMn0a!;6~VSAW($zDt+$Oiw)62gfrh7Wkf6-cx0~xqQZu}x{YX@2L(90j!xH0B#ORCA!ck?!?c;x@>@3g0l z`KD|>AH3Cjj7k1RXlGAovaU2`uTouEjg(M7Th%kSX^wuoP^pr6tVa&6|f7(8r*1=ftfl67%NlBPQZa(Sq<~ z7tZprm$D?L+{ldU1ACX!MnrpJQY5PBL#BH%f_GX<@8(4h@CPr>Sjub~j=y19L0uLJ{)M_IQrGOWF-9KQhrg3=I3sCV zOO0W-OX6bkiv18Vn1tHDlES)NX#y)AP)Cizg>5bPdw*>8lZUs|mG=cAR;D8noGuB^ zMJ4YO7?qkz_Krs}#&eaDu0j39bhAhD)JT4-UEOZZ1MhZ|6N@5i>RVX?Hk&VBOqv8w z)Ho@PZVLL$MkRnE^&7b)uUcC@)R(v4*0HrlE(3Gt8!oRE?JnJKg@6%3Mg%Yiy5zOa+_l|>OSsSHQi z@;R3OKVy?%{VM`KLN_)RvztaCJKSIoV~}83Pk)n8N{*G+<=Hk%~2eW3^G@3??*F$`X+y38ph&DuLBg0GN zGN1~W22@_;>R1{tu0BiyiY0X66AWG+x4xr4)Ep7bkC=qBl-^}>)5j&m!UDBRh(Qq% z6PT9?E3584VYawq`A5WrR^P=%ks=&!DwSiI#JZxCDVoJ3t^mZQDIFh|4A}dO!!f!8 ze}Q1MO3hTv+ODszK5YC;^w&fYgA6=rwE>)F{5?F=I3r&G+krcjo5o>#Qmafu+}pF- zj7X(LeHNRbU7cyySM1?`$+7K1`&`%jHZNpcv#$d-^KXN@wMN@=Gm zQR-c9DH_E|{a|$&FM(0l_JBt}0p1^vNm{D?UW>Ot$*q>%V)$uZnN(78Y@mXGlGF8e zH(sI_;==J^xZ#F09=RtPS6pG#^lMR>1Sk%~LO(@-L;n~4(3_^Z$Y6<#a- zX0mNxEM`T9GgHgxC3+U~Pz49*%(%VZ@`7xUcwp3X%qbmZL zx3aXWu$)|#MSWm&x?zI)!?Q&}LtBId2l`y6gd##xng>l%x;P)1*dxd3k}E=TgA&)S zpmZRnm#-lIuB;!xHO}jvn@N$91qkYhJn#=T$8)QX=+K)zMa=0YHPmx&7|m;7{I*{t z*VZ`m{&OuWM}aOSee|IF>$ZkeLL>P`P#dNjTET*`&!(N0 z4W8!EckPm+Tt?%Isw;!$D}aCbY~L5tUD*_%gHA@HRVB5?=);({b@NqhvwQ;jcVk|K zLwLzUR!&Z?`)v>QWqW>J>DYIA%IEn|O)uwjd=*_UoA-0iO)vZV>OoI-`mfL9!-d|6 z1@a>#FZR~lk)ABxNA=agm&ETj+OK^1wbQnl?1~oco5b~hzJr_3AQ@HVYb$mu^`*5p zvS@cbTUF(4jlhj3ZR`-@aav7j>=G{1VPlQ$v}>7@aE_f-mD0M}=h0B>PMs9viT89} zeHXjEG@gv>%8?1UT08fN^P?6AV)xjZDwRPS-hAU^R`(I<>7(7AQEI}KGYZKjb2|zKJ=w5B9@6<1xhqD{dx^w zBtm0dSl|+({Q&G{$=r_$3WA%Wc=#o$~JfJ*VGcb?AUhm&xi_6 zFzHg5YeEFjhiev@dVEkd10eNfm<)KU^f^0wBp0QK)lOC1VRuVO|Uix)$&3Z&_?CE#GBv>wcW zH1mgA4R8T?VJba#92iQD&(Jbxs^aJu=Wn8VpL(6B5HMTwDD*Z}6Y3YXF$@{!$0y*Wc*{%D=4=Gewc8V^aMpY^sF6y-%!4-FS(Y85gn4bNn`6lnis zwAen3du=s5`hIMRYZG=6DU<6m{jx#A!Fg)x2Hlz;nM+g%+~rbo6c;5etyH;;i=|`o z!-UL}<|^&aM_T4OG?R?6zaqSvDdi`Tp+W=_3Z-3C*SISH=WV6NofaAopI2T?T4*%Q z@6FO9u+iYb_$o6^>!<*pHxPdEU5vZCgp{5x#&*3cq54s5WBtyp>eUSnO4uP-`cq|| za)4Huy|t$LFwknl#}a5R(tc%XNQm%RFB98A10&6OAskwgN-XGRvkTKjrhOJFh5+bW5>T`%S5=D6C4*XDO(x>k2 z4|KZFpg4{L$g&hVzZljMnDYTr%4a) zSW>~ksw979#@$1=(kq)3dTiF3+|IU3GNR}<8&RD`B_G_JjUJpqo$qk^D)u^wVl&SRYod{#!fhm2K-w7KKs13u(M}@(O{^J!w@9_prTDEe&a%)u?|iRRHDQZs0RCc# z%kRlfteKx{7QOYxn)H~6@Rnp&=ps~|!;bg5A)X__Cy`Od!gqaFGOaGNlAaS

    7o zGAL>Qm_uvog_Ov4Vaj>yV2a_}f)^i0B3N%@CDh%;a`%(8%3(Adqn)1W^-DOO^WJGt^rta79vmz{~5gnL7GZt2Ud7B^8Qnc+bpj^Iq^ z>CRYf$_~mxbN)OP(c|Jmi`Z}~qWp~+`V?> zM86_fyjb|k6*rV^UfsjDz(*U<_StlkCuP_BPS;uFg`6iX)yK=n8#q~7_w{CJ&MK0Pms9vz(0sS)i}2^`nU&^IC@B9x zN;c&=T&}BvehBmVvqR0a7V3`E_|Y@}L;;OnB0~$y&V}^&I{dLINI(V1wTLlzKY)$E ze@9%c?+#=FSCp$;X1wU2+DP;;7dEKn6^A?l(4vsU>k ztEt+)qIJzU-M>ZC(c#ruM>ogIlrW>IS1;3oh+XTTjU5OdgjGE4u@N)-(3q!Is z2EML#ZnXfk z0jr;BOMW2nzut+x9^||Lzd}PlIbeN&%nc%NDoH?!4Xiq;@d3VDGY}P%qhp*UKtBDm zNFXAeabZm(kk}1OJ_W=wAv&Oygj~ZJJEUjiH)z;JZz!9;lSCpyK#UDMJH&s44X^q} zDFym3gexHCaQ!%e#Lb|Xu&Qu&B{iWvwXTS?O*FL_c|WIMX#bL4X4=Tm$9N*7#~{=r zeoq7id{srh2C8GP1MWi03!5qSVo@9TBpKdSgD-?65*%^oe-QV3%);L}W?sC3L7_+K zs!4p}O?s7oHRJdu^h@M@j|X33<-@+!MPAkcJ3{fF_=^{N@8rDlKD(Vd+IUEe8Y0i1 zch?5E_@J1jO3HlVOqgh;YB{_U%f!OD`pKRPgrd1bcGntdX{@E zJw#=>jp{2;*{~in&h!~kW%q8dcuA!+>JidS!)Q0vUgrZMIj^-kRF?}JoAOn(CT0yx z4iEaDJLeNg3LrjK^ef|pMm0v}mRTM|q!13JAvo*9UPmKj=HF2DKqpJGS4ya7QST-* zm$4&xG`i*PJwJLsddi4Xf{-9rAb_D(IC$)Vs=ZpbXY)6hrS~yV@LTn*0B16)YWi(e zLBN)=^9*zT-EUUv1;KUgan0wB5;-&VUWR0fE_wu~CjohWV#utXKkJt!D!ec8Sqee{ z4UP_l!*`c9LaF11EkY=3lEw7=NWZjjnBPMtH5{m9S5iw#%FRu6>C|iEr?rNhIbzf6 zbj)&qIT|=*xVE9z_Z{Iml@8WgEY#aAC{N4f|Iq8N z&ZsV}3e=&#;9SAbHj!2kX9RPn-fgy7a~{ObPzW-C7th`j11GuD@JLV=%EJhmw$ z<3Zf_O!UD0J|Z-w|B( zbwt?=8XH5+{BQWTdg-olIkq@eN!4dcfR@U&04+NN~kOF77TKoj8Az}0>Kt8){Ht_y!4(71y zX5v+bM*-_^G^6`9G6D_|>#-znBlul9ai34<`}XvBJHMUnYcfNzz-`@y+QDf)e-r*E zy<%rx4T<+{34X~~Poufgm!^LWZ0>Mk)h6(_DEc?drR2p<)eq+G9k(Or zSEzMe=@b;qOJ4IA;SxTT)5ov0^%qUdC}{pki|l8q=z90sj-*<;=KL)7(D_}8zatke z=0DPbsSN45vJYotn23@BJ~dA6Lf3g`;!FiGP4TZUVoLFlT@5AANaP}KGv;DEiVJ3! z5M`x>gw6UnbtZv`pxRh#1WMJqq%|oIx_Oj_PBnW*qnS?VnpW`wthr4c%b-3$I=47% z&#}C@-M?ap4*X4fqq4OB0Puv8bx?&CLFNjrPd|If!CJ9Zh;D8(-`T0Fq@D9F37Nw| zKzFKiSX=NTW#$_fdYg96+aj2036S1&>R&%Qj1#ZK6^HkqN>twxrYP12jIl!4X;McLCIE)#bckzTGN>U z_{3#>88ODv`^-YkW;j9y718l>{E07oxM{*OVk-sH|xC`~l!A*Bd_B&jFLqJ`+TB;O$HtC{{K4e8c2O30)i* zVpl#4Go8IYgxNS7Vw7InplK&k!pJsvF0pL9jI74gJ+vh{mGXSVc1p?~@j0SkDKjP9 zh9MbbtxRE_j&zc3E3$LZv;f#!BM&(cFpU4f-+>_I0Io>&Jc^tdF%I=bE#o}~tiu5Z z<1bA!C|W`n2%s>}VTVP)1sp$WvipD#M&tHaR|fG9%|LwBDz;0eyJ5TS_(T((Km`{^ zRtcVopvtS*_#-AlAHJ#)SpG$Ch;gFnX(oBrLv%eU` z$W4)i$|>3?0YnG|idi6@q=Cn2N!`;$3vR!}%z_lB#1$M2fEovBGUNK2qb$50nyRIE zDb(Au7A7A@W!fp_G7hzCzqgIM#%||FJ@WHReml2V?u!j>sicB9L~qS8F4;GJt0M~$ zLK6C9x%YO0ppO??KnUTmE295nN-Pz9@oG^uZ^4g{tx|bMDzcLey3yVbOg_l z`+sBKv*>@=_u}?%hr8|nkL>%(yti{`gkQ$DZ1$pY`D4NeFi1vO;;hAg!FTY$28$h? zoh{B&BA$bk-~V!HY_K`Md$0;7sn1%M%%{3J-zBY>^^7f;f%^weuFP^fj?X`ir$?e# zkGlUxe1EOhYcm?dUr5}sjkj_9L9L?)42}w**!!WR9aA*dJ@{B@%7AQ zV;Vr0J>G3aKfQ|fHj7BbFYVhG#6IEooa%@87>GlD`h4O|8Tw@;&)fNgE>KR>4*d;; z$rmyDUA$}hiyy-MLgu;iRQBmV=xFSRvt8Tuf8KvM_{V=T`VS_v%#TmN3LhSHNEu!X zE+BdQ(OQ?G+ohfarM(iJsVe>rQ@$GXTaq}|V9;u#-rSos{_x#!1l0bDI-PGCiW0(~ z>B^uQiZzyYTz>v}V@K>fCx`9%)OlsWW1zA6Kx>G!anhpKXpu4swJdV!eQr50>BkhLtf6&Tqs_lsJDH@Qg&; zC^y4Q1o2FSM&s(&0pD~qxh(etRnvhnxLG<+D9bP?BZMq@Ft64kr8}2_GAem@KC)Ih zPB-Oa5(UU~>Y7z%K&;QEFo@#0n( zw1r6+Kch*Jc5>aWsK%Cx+TFAZ2)zpEJ;Yl#VYFNMU&cVIX~bT{fI`NX?)6EWadx+p zSnCHMq?Q)nFfK1P>X8DoS4j6(W1X&%jvRg{C>8*#G~I3<3?L|lRV6cY_`lHi^|Ce@ z(u<0l&1%A7?k~>G1)YXyP#UVT%$1e70-W{F*}2})g2JH0gN7UG1PDCu$OZd)8(Qku zWW|BerYBd~a`w7r2!898sHlWdSpYaTV3zRc?C`57AdkB)4Psu4DJlNj(!2yHyc z-Rz;g)xuzHYf8H+JWe*A28tZ?8d_Z+sV?$Bh1~FT-|{hwW+8QYwA!UsTmV`U-XG*uOIwu>6JtK}8@_r^wb4 z8b}%A3Sq9@FXPR_$0f&R!^e7GSCL9!T;;$fU=Wn7&i~=wrK!i4{>#0G|Cf93tGWc0 zN)U>+$V6)--a+usxYlGzaeBT|K+f^XLU{xDj>sG2PMtW~PTRo9jy&1UiBWJ9tZzZI z0(Xf~2ofN+dNpf@RJEd6%k2D7Tt~AeDnyG@>}Ha2O>g>pgFM?iWthYu6me$2!;RA>z3rEgGi@D8LkTtaPTz;N8&rw$o{ zmLErWA?C1(!MbBoRIY-|{PUtQ8#`$E&r|e&#$HF+-X8{Ek9x{9?XpuFBhkuc!CK8> zoFzu-h|zLJ!rdD;00Kl7-R!%b!}fn9imwE8KBl2S4{)}aJ)OKiU0BS{ba+wA8SsWa zNAZ8si7Y)}pd<{&!NHqieg6l97h7bWW;M8GvsPfX&T$5I2i=b7sTSPEh||5X^{|qa zO_5F;_CHOTj@7}g^i;J*5C7Et($oQtz&hG390qTh#c@GKa=-B{{gri0$z~*do|i^} zzvz9F8k3!Oq}YM%q}tDLlsUA7>@*4!Z9>QJ8iWrPy9HVBZcG(Oz|tM6sq8+o+H=?c3S8zVaM}oM6<6+rOUB%u+P= z!MMu>OFY7pn<@y5Z|j>IR|4o3j>mr`;8)4p?Uz~B87Q}{ej}#Wp9&#A)WcaHR8XN{ z%t$B3-Uq=)1n)0span(wgei5T>gMm0BP;yRv3wGyj^%3EYACb4 z80&NL;@tNh_E%Z~n>;U}-g;aB=D&2NhI8C+*s z=yvxX&*Ub0mO1TV;-$^v_IkMbH<{a)C#(k1!|ZgTp(XW!aj4Z|b}4aJMX=-d9G>SB z1wO%^R>&%Ea5fm<+8U!LS+#0=JYcJF+$&Sba(yyLoBHOffJA;D<}8y|ks*9hNjWIt zuy~VSZy-UT`qLY|hOY7V-?F}W)!wgFP@$rhogkG=l^oWUs*XCv?pv44Ga;4j!&87` zSZ*!9F3YAp1m{yEJui=#!=xR};im(*qz?`)wB^?C=^C`qbNBDJ%@8K`$aq%*DjAPK0kdqSK9iS~%TRxE zu!FV(gpp-TqJ>`_Qw>f59s?%$a54^6Y}`8%LqP50{!tT$t2fNuq#1u(^JaLDn~yZM zqhHP6r#y#ansQ_qvWe^Vhd*DhJwa_*Y(^!f&n`@{Iq$t+WSs$ok-i+Oa@o156SN?5 zNiS@Kq$5z)Z9Z7h3r9;K>Ebjgu&OLE(=uuk1>}Jr{9*(drGWm) z=VxWst4oN;BT@Q4W0jysLFoC95JyqFU-nK17NFa?br#?%IPJ_uO_(n4Y$|mQDh=Tk zI*T2fk}DBaAEEAUq&u_-cv}716;|?W;@0FPc=%SB9-9!EP0)Ts`P5M#@*IBVmN?`L z_O&K`A-qv>sig?3;0n%8qlQAV2DZ>bu#VOU*S2YtvnLN~GNgaB>y zZD3pdzFcp+j(Ms8*9L`m!ZKco(~%5{yDb0zf>j34{sXJ5D(|5OtBR+m+Ho+`9sed)Rd;aYh+H)|D>P}Y7^s+UP<_O4 z?$3_9Hfg|?QWNp8nT>Vdls4g!wn!3CpDVusAc6Rt9QukV^4EkaPv0Oq6%pg=Mjs&m z_4y4Rgp?N-z_p$<6UyZyq~XFRdouxObS;7c`Ia2b2g@3eVy6@b%P8BJ_!nos1E5@} z;xgM9A0Qc=^Es_&ru)m>J1tL~_h=PwVU|T)g#4JGoa*6x&gC(B z%PXo_n=7;zjDk|watO}6hOG{Qwnr|m+S*Jfo!Ml~RPfY^;ol1)1Fp{FQku}(JlN>U z+*@~z#ITYKJvR%VG*9Ic!VVh0T}`Jz8rjS!iGD?oBWkUH2J8{H#s2o_aGG*eK@(kd z_{5|14W}bTsVBy$fm!xnu1Y3Sdmx0rr#jm8fkR%4g>|c)B}ZQ84~V2=w_!|(N$iCy zxkMNPQB?@2h{{jGs-3Lg-Z!ev))f5OboXc{epnA@QZnKsrM;NSj|jW zijudf%$Uv0D1;=b?;bT?O2a~j2g*k&Kju>EQ|?te&VTvjIfN$o+#hobb%><)6jqyu ze*h93<`bQ0UzYsRLU3$((Nt$LP*%S}Hbjx(^cuFW;zahY5p|Ksk&N(ee5uI+RZhcX zlZ>m<#67ZgQtU2LEeIUO;k1G1rW`K;RO?0X2?8Mdn^m!=t31!AnNH7>EdkIqahog3 zW_#$>rr1-6^!0ylaCKfGJkE693DuYU|7M;?o1<*5dw<>jdc5K5``4qBJ3m8u6tLc8 zz=ifZ*Wul)b)*+shj22M*Z`1pJ=vqnnHC)IZ9v`77d z$Q>HG(A%qGV}4M_B&7@|FwM`DQG9CiYBTKR*=613?w{(?eB3mKcWcW>l4t9h6|-bq z!|c25J}Th0e;MRD?K;KJKsU1GnEjqu2S-Ggl4|w;=3*3FthC?L*rSO?sjn+?gp_b6 zkzevXC!dMV@4(^4eFAe2VI*grCB&KYdynV)#{e1ZC z>3z;>_DhDd)rRL%yE|zZ_8$egQ&Bn8Wi`qdd9x_GJ|XFZ7<5|%Lyo- zy)+U6@$Uj$Nv(HKn?VP#h$&GDSzC?xAQeU+#-z|h2@?wxc=yYpqctQtg+EC+{T|rT z_{Ue#u|#3|(j@1znhN8>+NTTyfwFOnah11HzB}pv-U}vk*ywX30N+~jp9=r?evoxiH9Pt1 zXG1huIG=M^RgboeDS6zei%v&g7KX)_ubi6|DX&C&JRJ+?Z)Lbq4|@kq!vQCv`WT~P z3SdedxJV%hKH|^(ad&z9a{97*`;yZAy0@@CL=B(Cv7sQ3Q_YV+mBN|MVfzE46E%=e zy<5E$Iu)mY57_!jMr~(%1|jix6NefXZwj`LZ3SKCXE2qjQ&NJ?I>_ z7;?x%W-_+ID_i6b&oogh)T#w?N=R$~Og8;{6|96grQ&E0fyTGb;SkMAM3Hd&(r2>( z$_AIPhoUCx2EaLgX4uCYsSCn_E7lemW?jC`ooHW|sTS7(@^{ht?H21^ZS6#_ISkY8 zIuqOlEf;c(y-tfvWAIIjEF*#2r>2tF7|p=ZRCHCbZDDyUhDc;~va;REH9IzAiZice z0%T=B#s}#w1oYj)9Wa5ExwIwA6gtmaGR9XWfU)ReUtfTa4h2bajLgYGNKQ zssJ$J&0Srd>8kmy%|j(ducR;~Pa5UDD_i}G7@ zh})6A5jyH~gti}d>mbIFZPQ9zBpIEovjm1LL3@doJiES@) zdAQvwz;GT`qp+hnrnBSa=$qEwe<7kPwrDDVL)GA@9$OQtk(|bh7)+Rxw-_AGp3n18 zLeIsVz^_O@dq_S3Ov2l3LI;8Oq1d()BU5r*s@CUS7#J-TW14j>??6gRl4VCD3fM=o zRlr-XNSU{8pNMiFGU*1X3{Rg%l+P9tRuPV|uE@tj5ve#g^pWVg%px5_O!tjX+hgN~=;V zT3DJXSYxOuzE+5;(UyQ&Hh|DxhyLUMSFm+sHD2&k%Ahc>7A5t2fCqO0y;}?%*jF_( zb&sB@Mu7ocgoZ!Gw{^KxJ>9K(2~)>PyC56o2s~p5KvcPep(&0ZO-WxVgJbRZSg9W+ zM^Bg*sYI2!zj`%g)E35jvYhp^D)mpOLPoc^L4Ffy{7PjQWGvLjId7CWLB!531kDX? z90u7$VKPDY@ulz3M|rBk0}FE0Q^8bTShV3#7}8@#qeoBoY^2dLuAr6<2FY^GRDSgU z52uE(h%$+e5$Arl5%Bt>qCm*6Fs3LTGyR=Zq{qX6n%|xdi$9BUADRnjH-~G6YUT^AJ>ac#oMcK>75p>`4qLXpKhQs zntK8=kF*o$@?h-4Ih1%fUoYDZ;bVjClud)pgQ^_J)C~Bq(_}9P>2=Oc^-u1o->WyR_VC@WvT^F`5 z(C0Eid;$2kL7aG}88(zlQcwd@Km=4cvRGZ*K_X~8nJufrJo77-9qGGfCv1j<<7`bB zw@4|@JEB@vil1Rz`O*NYzsaG88>1icA|ydJ69oJV@+8iT{80byNuqpB+U_KD`oB~-uA{n4JwLD%eqP+IQ-K*lF%86 zZV_+stK%TqwUxAXJ&+nj=5wPIV`Cw(@-oxRc@$H~RIPopxn9o7q#0>f7=iz%TAN8* z){%3b3uu(1vdMW@5;ThG+}|c;A<`^y-&(mgC4iXZ$z6F=r{Yq#HcrKr{MEK?^k;sg znUhY13bouX;fQ$8oIlMG;{lvwR%j{ngjZy?yXa|k-V7}ZAD6(abqwqD1ka`n{R=pC zip{l7y%mfkCEuJ!rCDErg8R13*zf*MEyw>1m>&{ZpV}&momG?w{vtac0`eZ=2F0yt z9tw%ifSdCeC=ROIpmGuq@KN#kskMAK@lek{C{Mylqy&TqcFiaMRgAK}6r=yLC^#OE zN4g-8=dY>!HzoV2!(bECIjace$bq9f*IT*sizqVO+yV*~uYA>I6Sl8oT!gUqG?KNI z+BiW|%BSpKg<}oQ@J4%#{SUS`EvpDafMD`KpKLQ({(U?OkS1HZIR_gaTe1~H8uqVy z_W;f8RahoHtjyDZc-`~C#QfAky9;o-|EFQZRQ`Vqqgm-M!)U=Ty1S#KO0KyqN&`V! zK#nw=piC!}of?Wm6z6Q8aYLE=fe1KDFTt&1KTIdbV6-Dq+LS@?qZy1d`JpHvTqD#b zoxQju7aFXAYH&kBt$NwTGJT>$uGL_B^enQ7NiNv3)DxWLWGA{aX}g9>Dg19*qH@|y z$n!JX!~8-AZNnR6{C@zW5Ml_n(gZRD=S`F@J2gfvHE8x6#%MlOQ}Rhzz&Q9ao{1L8 zIold#V~?GkUK|bm*{gWcOMtH0gPJLDo2s;>{#AeTMhj>8Zwj+S;0@qr=N}f`aA$pk z9R=h=+hKW|_hh=pY?Dn~!yioXfnwmNY#z{1%ua7aR^JGy01mVa`MKKBS-19;h`Vzz zlw=rz)u;MTUI8C!Nrl29ggz(pD_oyYEu!vGP)2&5a$jVEM%@9WPPWOVuqk(&H2tfP zvWP4mQJwVuy<=feJh1=t1xMkhJmpzGI=-}_d|_(RiFDJs?wchBu}oKEO7gR`Q*G!( z3>(XD^kv3$hf@PIDs*SG2%}W-Q}NCb31XXk@o*K$0%S=Q@>LT`3iL*|g@iDRMA=3k zOcRO+6LLZ-)kPj@$HD@{lqpi;xoA7?TQ`R|r`VW3jJ=oBa(79_uXrx6o*F+s1+JG>q$*L$#f&Gb*4T;j7F~b~@Es0FA z?=A9z2YsqLZ5bQFTTipAUDq3Gd` z>0S!gER{A-)Bc54Ahsq*R!y5+8oJ2b*%iU!}R3f`x=|@?a&8 z3IHo@BG&s_7ytfMjrzj9bSnMX=zwONu`Hk{{SR;XJ-9u5nqkCD#?Y3J!wnLIF~Sz( zn@TGt8!yJs9}5~xs^?Yt;@q6}&9wgryqSHA#jEluDDE0Q&_1)xf=#r9LrG1PGB%_Q16<_Q4Fw&8uhW~j zTh|fz3amyD{u41zg*)9Gy6a2iA+&%ENZrr_GgMVywxVN2($-{PQeF4mFRK3QaO6C= zZpLo^&hM5%RNl0v{rEfh$5*KQt4$XAIMr8#$F2DO0{fqJ@wSar(ic!d#umWf@6uxr z4Wfe90G<&EW9g_hatFzx35kJ`3L}c-WnB_WUxnvnaV=aXwMA`iU$>kwNs$jLC!#P9 zVjlAZb64IB_!6HWq^1TP$wl-R&6|kgh7`f}3=gA;4giK#48U-SHXF_DQnaszcr zF(_L%`nJ0`#gBpVBd%_cC0*lHL?qw6N*Qu-D3LjJoW1+ixYAGdJhQU~{84hoiDFKVTpEU#|;IujP*#kFu%~!r`?BpL4LMX*6*%=v5q@zj)4cxB+@kGRzmd7x8 zfSX8{A9b_-!R>X^yXX8`2iMPJl-E7fu_P;iK4`=yp@vlNs^iUHg=oI6UJMc~XER z8hZQ*3w#Jg>pTJa5MwzJB^Dm`R7P)Df_ZJ{OjuGg|4q@gavKCMTgkR|qP#YjC7a-9 z2e>IRAk!H8V_UOA9yv80izC}mGxU~jLS+*U?6(&L*6y<7AI$|?1Mpr)D!>wKu2v#X zk&6}T9Qrr$XWa!880ExKung_&*9f-haf09KHcpyio&m21i=v(6e)I!OX(fnh4FL$r zhR}Skc3Rm=Gsyuz*I8h&ya`2qNBz@0ked6x9lvU^%5lE>yPB`#AO=O8mmBk~AI9I3 z^WeOiM9KM5-CDOz12t$@%t@HPo`eC0l0hq&8S{?Xsz|gby0uEQqxjO43tNTRKv~_u zAPg(=-_ucvn2J-#JjgQL<=(N6qDRW<7qK%}@fP&VZ_lEuIG1Ax5dj$B_V5XH``rGil)AHp9l0LdOZj9u)w_d;OhNmALA%YaphkQSq7tJut)*^*{Rud7@Uo4d1dhBwy31P3O@0jusL zqr-G(<`JQb##Yz6;%2DMcq}u0;=t1Nro*Ob(1q)cId7lEL=}S+bA+pzDV3Lv7Eh~u zVrzbx!#rRe@uh*ysq8Gj)uHZUi4r)3 z3SqKYeSq*81q=V?$=oKt*8SviCnfnpemDicAt)$xposNs=*fK3@_W1=Vbe8+U; zCblP(0Jis~igu^@+h?=NiD|b-k=fDE+5!&j07L+}iJa<&ed%dwe0pr+bY2pX=y1 z>z~Kqcn8ccHHjW3bPV`DHewenF&X?8cg7q8-ekWy+MUaTPy3~jcFJ)M!Cgsyy zLdM?v|0_KLYdSIW~uK(V%e#hy?R-1 zzJn!~?LZxuhtvI#U{HVWU?zl< zzFF&Ncqlm0`9+)$j629kzs{+cxnN{Soc$oqhR+V^OK5tcZD#t`s_8T!|9h!*f~?&? z<|Tj;@;6@V0sifrA1BTtM19Mqo?Uoos1- z`@LfgUuI1N7)fn}UQD}5AYD0KQu927yjlv=!1uZ@Twb7+!+cYUY+(C-47TI~X3g){ zNYu0DHT|t3im+$xYaFJA%jtg)|M#*9LTmk7#pQoz*CT%X@28+xzlOMOAn8Q9&mKxP za=#kWYZ?1PoynR;pp^wP*JYacG^gcKHA6Rx85zeI<#qFMC9jF@iZ`AIq<9}{QhKE^ zibqE)hAi_WOUMSd@TzONB&T*D7*79CdAp@u^S&L1kE=n!3y+jo4;qmq*AKT*e;hBu z<*h?+3nqPWKOjt0F7e!ri<35p%k7bgkH)^Erbe_Pc{5eg|2x&od|{fthRfO@A*?uP z%lX?mTIq>HYLVH&J_0Y6m#ro9t~nYi>F4S^s4@aS@y%)7lqmIletlZwc<91VBaqGO zA41u%fsUNQ-$%8t@<{{Hxv28sPxLIvckw^8RDSlqTaiMCG_f&g1YHv=v5 zc~fa)X^!z;x))U_m9Wz{nBgB1ac|0z%|zB7jBH=BazG^KZ|Yh8MR-Z+h{RSq@ZLF5p^yK&wTF{*1lR zyO5da#Pca6AmB z;hpr8NSZe)Ub+hDUR=}X$qlhe#}ww7=Q@m_$}`~!dcqgt7qo`ztLo~;(l2ltFGn+- z7ByUiKSKw@%b)2Bj8SVUR&Hu-)YXfFr?~72uFq&P_;?Q-G1-J#XJSSa|!bGZZf-S$`TQ zKy|H*#%pr){%d+Y;IvLQE&F*ZFgLqRQb@~HqJ?>GKf2AOo1IJ3{*iBt&_PG=2pL<1 zXa~Nrut;6J7!h+GzNlPRavbAn`V6S~F*>@}0O>bFZ)*3?KT|Zr`AS+JwJcWeh}mc?hi5aXVEt zVpy^%3-}XwN=6)6sOYcu>c**-y@VxKAH+qLq&VWJN2iTWuU-yW@3AQujpgAVXz^-5 zEGL#o_h-yBPDc-u0Vl(%pVWR;gk7hH*GLP(A)H@c9os45b2@|DBG!<*%P z_^boz%45Ve{Au8$cA$PWOIFn!eNlN;8ZO%kqzxVQV~6p28&2O%UgCZnB{qLIq+{L{X7L#_^1r&Bh5URzC4x2l5}-cGd1( zhd7;g6tGOXcY)IR8Zoe)82~6{EVxNICVfHQ{HBe`$;k$7N{nPP1z>MeId<5FvsxF_ zWF_}QGdh_ApRVCU^T0&xpX7kg7D{qQ+-E6oSj=aDW!zDIPv(TAJ&@g9KbeG$ivY?L zSE_$oqOa@{>ye56n5Th9_(3Fq!S`<*cq8N*J=(DO_#zJN--^vMB#Hb@i)(ivs}mvw zl3X)~?{~ii@o3MKSBEvcZE5dgKSOOW-(-#o7DwqgTrKJLzp4~7QHtb#S)VtLi=RXZ z_s2NQu*(W%>a3Hr+#Y?j$p~GgFCB1d7}doGgtFhI2Q94V)Og@2wp~e z4#WmFd05c(Qo7N||C8&!)+0pJ#)Hwq3%L*>@1@`Or>AJNggh6OV+vrw?H8sCj9?4s zr4{q1b%n}9OntN4Nnp4+8`^n*6>>QCX=m%`e`9$@@h$RXFzc?27Y42-(AJq%lF<7zGI6zcddsSFoiJ?j360vW_t*V;nzNPl4lS-5DDt{x-1v@Q;< z$EuNMg_4!@TLWy!4C?m9aC|&93)?X;4o29lWz(q`gB`e@b*=`h4Hc#r!mRLc8UGA$ z-H%gP${P#$=!V}!olkf{sf}(G^TPE3Zy-twqNo^oBdKc*Rswm8aMq~Lk@Umc+1bd0>jX8zsdbBgRZcr(1|DXoNqa}|2aIJ z{l=m4t$6-)`tyFV`kII+XXEqo*;l~(u6x_}-zoRCuLsKuHyAcBn10k1xF72OR;pa%D!PCf!m;Fagxc$cKOHCik)tcCZ!SZaDUN95X~XX ztm^|~&Mgt)e3U|At$6Y4_w*0Le{R=sLbV&uclACK6VEM8zs=;tS9b;rm!`_$$X6#j zEej;fIf3?N&cJ#vIj1JrjMpMm#-yRb5Ek!r##{siG1WEYx+%+E4X{owL3qTX>eKJz z>=oP3RUL-Qu{{W_!cPpziRDM+u&pi! zkftEQ5n7)U!j{oD;!&5gmZo5M2O9CYQ$w2cVS6;9y?0gghZpx2EEI+kXX^)0eP3WimqO)S$v===f8NVTdo1HTr;7Gmd&cQO}`E;?JQ}xaLc}u|P zbL7yF2s+HUYZ6-7la1rb{NPy&A;W9c+CW$&GP- z)?G9^4r+k;nZYwBHL42g;S3M4 zdoKp>(WPL>4S+VQ=y{tw8|=>>%Rl7FD;Q|HEIg*WJLS-AhdtE{Lr-)ZB?cV8@Lofz z2w*Nbm?mT!tj~B8LamJNth#A-z3kuOBB;*z7HS@MWg-p*vNH%ny4lweQS|4KG&lyVDSRqFX5+v=DGA4&Ywr&ztp>-ER(QW(XZYsG$*BOeUddHXd8RR z9Fcvw^6<{tx`(>n8g80p=_LdPz5))L-KEP`Iro-pw&DdYv9Yql$(W}NEsE+}{ znG|Fqb-VGH6Z2IUYiaFJB3Kr;Gd)f!`Nl7i*Y7rsz*|QFpF-GjaN2^B4N-oEiPCH= zNP;&1pbA_@c@eES?VB(xc#;vWE%c5GBT8)ZLj(2h&AGI0%%}D_9=7Q1tpxQ&FQm-j zq3puo*6p|sg%7V;4+wt;;jCt?>NmwmgZ$0taxJaMU{db0W&HJC!CW`k^0E5 z^DSJH=kW^!JcxXSF;=QunE0JC#zUXlIaO`@$f3cA$pNiqwxNQ&h_Hvx}L6kQ;D`)xj7HMV!1A{MJMV2 zvmltQNhbz%gfb?%=m6dr!%}V3wb)D*X^`43YwO!@b+dfS+z%K3K6=9(tOFvBu|S9o zNPmVnN0wKBcal$30v<*aa$?Z6fR7S z9HiZgbdW2ghv<^Sl>_e}JR~bSzFSyHe*CwgR|EKSBm4I#CoY1hZ@LW~WvGN^ zTuy_IXxJwNE*i6#pyN}zm&^2@mHPE(;qSq=Iepd(Ion)VwkwN|r{TU=#4q+Qzz4f_ zGo>#s_TwhK3JbV@^Ktqf&iVJ>uKN3=$lG1_d7T>@fu&vKI9AG|bG?MLhQJ(6JzAv3 zho0iasLjCej(CO64^y=%?g*OtS+DgPk2eS1+J{v8jpBcs^=LiZIoaW0Jil`p&`wC2 zgFDA9H#^E{4aAZL+b2>MR@P46Nybr`KOt|#|A^i(LHcV&7Y=e;XjBRRfGvjx^rNFC zIJSoxFiu7xOchB3lk6qT64X`Xv~_Di^z=0^jyvNWdmb2VL+}w0SxR7Dljap$!;6^o zXt(GndUpH0G9%47{B=m9IFlHC%$^t@OMZTp+`^2THoM@YKK`!nhh`E8BlTd2CJ%V{ z;vXw5-ziQyHgcht?nvu(Bzz6s;ri%Wfu=#9BtrlCuS3DxRWe0wCsf73enIp<{YQ@N z`nGqK<^+{I7ou3b;OeC_TtgRRvaNj4A6Dv|!FfzBlvbB-N9s6C6OC{#3?_)Jl;tHy zEZB!k^##X{-pvm`&3}O2*LSvuvRX}I14mH062sSj948-=S+P>4?uoDHkB1*UU0uX! zXx?~!VBC=kkF-!Z9ontHbf!~KBKYQ3GL515mxotrHjJXj|EaL>(gTNUAv{RNG5`o` z@<}d~5iW{OpWB|1dFdyeQtuvtN~;pXYA4!&ttSd(^I8HR(@aomR@m8iS{4CkHDPgJN&fO14%HVFM<0&sq z`SI^VizfBsyU*Q6*X{HZ&Gg3UAAkDAqxmaAMnii~(?rCmLy1SdMnhv8->Z30K3qq} zA{m$n#fPfv*>+H*fqa*JFh>!JNu`iZ^PpBmux{#FGm8nfBC5}8YB<9b2i=e2vtK#z zJI#&D4J+v0@;mPZ?fX0NjJZz&9L`!~(}FDdRV;2ClW7*OKPT&p@)wsJVqX-Iw0~ce z4N}t#a~hjyC(@ngfM|@ry#J&m6kDhyd1)3NfV{c+#sdn38RGXjoar@1w7TqMqU^B$ zQDuqrOYDF@x#`{13?acXHBLaG1wwQTk%YWVuk<&o*+nb_W1=4VImZo><{ttlzf0Fx#%t&8q$@}H+CuNXW$aLw zD*4ZxR__Q!j|~Dv8vI6%#MrDXdK!C^K8wbBOt2aFr56fm^P4J4xRV?Z$H9Ax5~-uT z_E{ndZA`FEVL1qkc?+O)za{<0mK|i-v(U%>Q9%wR*Wyxc!z${fEuk0_niMhpmm_j& zJ&UGZ&D&r?(LCWli+O_jIiD87F;A}wQyzeH^T|$HZKuR$@ogS0%YHMNYby9bC5e-S z{hjiNlQg1ON8k^QR$x1#l*Sg7I?N9Wqjm+Mw>W#*;}`{jH%8x-zr=kJ8XZ__@FqS( zMKig-6^#wJ@Cg@fg7W;J%5zN~_2~M26~kqKd1@%buDbT|RC$fGFxgRCPEiRptFU4j zPCGPLj(ZcPb4;%-Q}vYAcZ|rTl=ZVV;?WAe%VG6Dv3<2uL#i?)XRfF!FJI1;nm6;9 zD40fq_Aij)PDK) zSSg|3dXDq)Vjrwfw#Sfd{OkUCrj$Vc<6VQ9T0Ia7Zpl{oP?M>6{%RdcA#LLAfM&>o z#t1~D*V@bghdr=jVJFok8b*tBAh78b0=e%WNL?eM!THjUpv;!D<+-0DU0pKm-_E-z z>K4qAB$i{a(?1s}L;HD(8G0&S2$jHaFmp@DGJx^BO$lY3OoQOF6Ie*FO?t_S(E3nw zffkt}9A8;P`F|zjSk@iNQhn)`RFoqNJU$zJre&GwWOt~Xm9<^d4&vk~BR7}&BksOB zv-xp6!^G4EFmnL1*h+PDP2mgK6w>hoQp;bfG8&a&BVs7V&pAc=&@l%(*4+M(`)w`> zTgg7Z+IuB%SNkd5c){p%;lAXP|(^;ptRdW|wicq6qc#a83Y~C>WMZ935rQ z6Wojb!91_!T?)LMi$0f}(-g|6@%@CrH%qRxeRgg>Mt}dXOlZO$QGW7lbUBTsoOQGk z$0CD7d=vQ21~pr=@4a7?=UY0r*%al>3`$NtD>KcYKd<#KWZ|;4J&FRu!2m7pXr(6CjO)SSSzj=m( zSwc(wX3ZS1GwFr6YSyEaO7{$=k*d<{&dJUp5W=m-rvvV#W=mR7Qft%6wYQgFn7Jb92nRypJstwkxGi;ys4PDX_L~a zOZ9k!*73)E9|4zlm;QS#9?qrA@VxzdxRZ>wpmUdwR1opgD-?3D$3=fqfyKG%`T8p) zwe7U|^^er=K^o4_p+yzBxR_^GH%b|;eEyWCaZ17;A2FXKzHkbx%5wMj@Ka&Ord`0% zxmdWD>o&ktp2Tfpj5+;7OeTg4%}3S!a`xW_*wO>KRm1lzo0=_hk0PT`X+Zrk@&@a8Zp5&baOq-CNCITptc6LHz20Rp*jsivOQ zbt_7y#URfv4J%JX_j%(*@wy86OcJ%@jsaN>iUs6FJ#WtN*I=hv&?0DZ{RUj0J zW$d6qg54R@FfBOKFO>vC3#)di%&PkC@Tq0SQ@h&d-__tg3`;_<>sMyz$ucP8E$`vf4 zl-^!F9v)YrmDq-Hs<8x%^UqSXN;8Apx~Vw#Pu)uqUHLx_(`A5AWqmnZWxVN9P2sBg zMPgMw9Aalr?_muBfRu9V-lK<{FrKFa;psv^H$e9b=)ABcozX) zng<+DKdA+&sP7%6sYDx7z39QuBVadA;nu_tpjyWJS@A(@S=2!OB&J;@U))g@4p{sp z^-eLeHhAe&_VeQREg3ziG3(@pCfTtw#EH_Z@r0zIM=V+fsw!wJ3D={mvFjw58VJB8EM{1hb-DjIAOx^`M>5824yr~yJmfxB-?%t-_ z_rkD|X3xz+8ReUJ0^T;^{nr41pnI6BVoi3PDA6O_bD}^8-#a5JC{g6ROX((MXq?S7 zVm6kS_?%d?e|vup;%aqc-Ock#LZ}lV)n{rE-$*O7y=!C=C40ZllQh94-XJ(e-Uw4diP}U(bzx3hf>P5>rkpjt*q<(0u zq*~E_*_Xo!3bj7}3cUVfU;1IxFeQ8^!1n%zxz9~Fgl(py6i4=Ge8glf9Z{fa-^+h- zitlo`fF*9Mn23~~K4DikNJ7@jlVl>AZ zx!T(CB?x##$392J_3?Cv#_o3k<4F#+j}p8>{dEY;8#1bt;p7<34Lp~b6IYh`2q zJilwKD^t4pXmFIA9iGkAokNm&Z67$9M{YedMR zC7{7AR{p#zhaBf|M(XsMDEgtMs$WlEe9rkPkB5EMH?cYetsJ_Tf;pPNx~u>v*Q>z9 z=vRJ`E>iA>_JI9FwVYPA%w4>QRZb8^K-y+Q<1LpNrWZ&rj7ZHPaVA{=Wg znpBJL$RutVppUML48mauht}~!z>YWQmxb;~4kdo?QJOhN=6UhM;6kjD*z__1gU(ti zlN6>DBv8?c<28S@pR0q@p|3qRFHk(3vH|rWHLgl4dU4@D!5C5@K%Cb# zO@)_txN7vKxFR?B51eZvBUQe1E$Vudrtn-$Po{6Sm~ z>LHN6g;b7Q%Upe5{d=%VG@z8}n2=R-75Vo}IFk2cl4}ol9m!BJXwr@r)4-KEQ(%Mo zWk@}81%DZhcqpJ2vlihw0AV<<lTpT_0 zA{vaX_W?PtS)s43 zz{PF~UW`&g%(yj|@Ug?u6(9((D*PQAb|ODeS~-q? zyO$m>oI7IW+LTJU$2B4_>QG|>5~B(nef(o@&S+Iq^!vaxgF&pA9i|vifad7(5l*s< zogRzLY~UG0$jF6+Ie|M$$EUo2*Jl-K6}6P}mk#W#soCI;@a{|^MbtD1@LI*TRg{P$%wHH=YsHE^i)8z)tlM!B6fys z?+KU*DYwo*bTT*cxoMoNOBSukK{SPis5}9Xd=Gt>46!cyDx!16p&jT*Pq8737C!63 zz|)^!NA|HJ++FJQ;^yyn+r8GHK``%df zTp&(&ovOyOq@<5i>5!2#;5pnU3#ywR=XJ|8?^;o!OL>G}+9?J6r|zss{On-o$C}^| zHalhVt7F=e2kPZEcz1{hH&@1;Lq4b2c7DujD*;|<&N7GPw>i>5X(B7>CDKs=tcwuL zI*9_&3$4O)EU_PsS9+L7TORk&4ontvQ{)?22o55?D2jqz&r1%Nh$N8wm|I4v#<2%> z63tUqotqcVKgJ*5an`T2E#yu}M~NbAkSMkquX-iuUGo$2Bdj_J*mF}|jzzU;hDNI- z8miz2_24Z81`AzPrQ6idPL<;ewT5f*flpr0rR~S3In$)OdF~-t1IY20IAbB${mASs z8kFr%qAUEg0iEUGD|!(>^Lm_Ptw6iw06S+`TbtQ(;L4dYn+jC*``ox80cq}vb8fD4 zY*F#dqRIr{#1GdvYiY7_#6L$_vvJU5%Qii**x&P!Itu{dtBqb8uN?mf0lL zB++3X!v(BBq0D^GlT)=iAIgur{j%>relSn?hTE7GCzn~!C>%ZsHvBuKraK_c>%*ImIUk5tPR z;IB}yHy;B}IpiI-k{9${w$vB&9k$R7B`2q@pBo=VV)zpzj|9qr{e#KFq5693ihTg1 z*VD$LNv9L8NSHXgasC_5md5X7#mTH`0*t*XK?3I{EO_uVj&2$P*qwiBHz5^jvR#IE z^2c6}sx=-;IKTFUqv#+lJl>ZZ@AJRnqa_xP0f#AdWJ|RdN#D7wPwGPm$BSlNjFYC7 z)NRf*NuTj;<}HT=C-s-wLFXJkBu5X=uJ3`GRJEia-5iiG7~xYUF^@2#cPq1HvOT@z zk&R3>yInOqEu9`aj;1THXVG?$IroT1Ck3=q{SSZ1!ti41@Y17^^vN=Nn;WCFtr``i z-W%Ib0T+oUNZ`Nv>i2ot z@xRheXQQdP)EQFejmfSBn&+zWI--b?loI^-HH)PVEGc|IHf<$5Ly2=?WUKKY|lQh9^U~@~4o)|MVO?BrGE8gp;QSucYj4mf5Tw#wgQ?{(}3DjVbc$ zRMjo@pdu58rE76qR@28~0zv>nz%3Oar}yRxG%-P=SQWK!2Wx^bl2&sM7U*+fPmrEK zkgUf@P#i%q7=D}#8_QXap0@6Ds!d5(Z(@}6^F3< z2~9b9-HG~wH3eprGsJM>FqgjoM>nSY6*YN0p<`BpvBAX|@!pL&GqY0Tu7GaJ7(w34 z1?`T`V$UhkR9`@2MI!r@EU3T?n#mwo&rDPtkzlNat^QwR-D7klZPzdG*!IM>t%>bS zY}>YN+nCt4?M!StnbJQajRsFI1s(tPMZ*x*c9`IJCa0q&?7`xBH zahx?kge9`^>aLbz&oc!Vm8E#{t4Q&=_x(|mT7o8gg97pUCjBFvo349AF#__vCa78A z!-p>n0(2qD3icQFtu5>2)V+V>+V|!5-EORb))?So`sn`C3CtYAr4{}wAd~IR+X)&h z)c$bfXIN~%PhRVTX^=|!&KW^PAavkfW}}^X!XIifGj&|xN}{t4cS4p~z;^l3@ay3% z0sg0MkYOBo4bR-@zkbOSYq8vV;aRln**yuKZ>4^8Tiv&BjY+l>e{ z^&RAxbuknk*}p_5brUjAV?2X}mcE19VMhRqjhMS7M^YQ(3;5fTaM}AqY z1)!KF|Dc$>tPx4$e<@CjaXzm}w0m;L zd<31IYmJ*Xhh$X}XQ2~UyR$Pprod07tc}e_OaZbY0S9-}h}UTDbjsNzt=^BG2i^f@kNg@U$x8qvDeN~>T1AN zLiX+Rz|t%jy3ia4=x45wI&4U=r#Z zkwa$Tc+>+Lah*S3b$8C^A!_slL*8moVo9e($Gk@79YK^63SpnU?H;|Dic?T29jc}wUj9t2tofW!nUvif)9*Q|BvZ;>_}NUthMIQoU` zeX#fYJ|34&GMRRT9D$rL2MbZ<6_^Dd(Z};@tZRbK&wwN3_Y-KWto<3wTt}GK+n^*K>DS(Go4z8UhJ2xnY#ARSGige_4)8R87oxsgZ-m> zs7OEehgIaQGroE+^t^OoguMLq63R#se;FFM%XY9-*;4m(&!XEWag*RbnF&>8KORhb zO_dx!Qkg>Hwv$bCS+Et(}b-~Gt$RLJ8><3JcR-vq-dJ3hu%J1>9r z#m!q~b_TJvjLu*4I92o9SYcLfTC6 zUcVPFlX-7ElX*^h@^x1~s1dKO>2JW?%>}9Ncc$-WhLLG9p%s6b#JuQ@>A^K~>up#3 zS+Q$jyQz;KU7OAn_TsH6c*%eHC3PYa8W^iJS>$mXKb@u1aDdu-${WOp+V-Caf+Jdf z>RgfF!v6`#SCMSXB2+~3{MtgH2hOqLHQU6my>+t>>Fu1hZ|kT$v3KFu-WuOK_igL& z^7U-%AgK8pR{6enUX!Z>QdHYmLG6YZzCY^~Ft;02jtT{C**x$2BD4%E2rqZqP77PC z@+CcSF1D*rBGD%Ew{ma`W%WiHbpVBOZK*Pk3|(X~SCTEB?6IV&1r!Ub!aQ~%NVjMF z4mVSCjMp9!BL8(4B*OSXw|;d|6UQ0z)?A06V?%aB#1n zb^uxJ@TlVXk1@(!*fI>7J35Taa2QcxtRTtCry;4KhV?Q4hY9DIY-+7+W?|a*IJ#J+U01v+6J$g2Uk+2X zN#&Vv!845eY>hw>jp{r+Gf{iu>!na0uVu|jd1X6&&$PMbtFPZC zGFjynV`6G!?p9HEB1FIuY~_lOQ~yPxAo!sN(Eh{_wM9yrHm^mSe(b#gurOhx_da3! zZGP+9zmA$_Oo3~4QDr%)RyULwSOn9+NL#!$7$+s@7Y;U%YLZ5l&_-Kr>Q{6a^;v=0 zCuI1fkz3nCj&ya%7bSB+Mb+{|b8_o#bhdY-pxPtlq~nb&9ueOmV#~hFgq8l1q}n%Ld3Tkm z;A9g0vm|P8TFMUfAQxcUltV*dAgiWkaSB1{n{7M;a|bWiJ`yMkUxWDjrg~(5zPMet z3MR9+KU5ave<)1ert!QJyBXbH!ksP;SnxR&OXtb)Mk}!iStTUD; z$T)mC{LjCLdi(-)MJNhl`uW=VBwL?bhK7nQU&mo?6;g|6F_h~ltu2VOlCkI|Hp+{M z{ybooJ<@CHHFTX6g6?;|a%D;%?7|@dEn=8Xo_~MY3%R-_ZAelF)>uN^*>z}s~P^-_(cUY!@vQ2o~+YV z?}%HxT6IjBl9idU)dkk$i6)Ab-TvE_ls;-*8Ch2y5JM!`kZ=wjv%KP4^Vk-mgWcHt zpxmsSB(RMInF1yzs0O|Tq?jTUaaCAOL4~zU)TEt}8>u^=`r|ipmklYif!Z(q}{sZ5Az5*f4AZhb zi*_^ugxH0oYZNO=gV9)-;YBw2X6LiX+rK;D*~uwLYzrR z{O;%#Lt_FEQd}KscsZ6s1wm`?uCm>pLy%V1NGk_77?jH2D{&@9<#eVU3MCnaO0zg|HaqP+Z(HU9!4}OxYKT%YxzPrH| zT)0`0rd&G^*_Nu;sz!5(eq5)S+PQx`9Jxlmb9F~NVA}i-5S3cm(Do(owdoISEd>xP zdMsGo_TtLD#TCU&v8G@)wkPU1SpCEQkY}AZ@JL^NOVeGYVe>q&E$4iwk7B@|JtVNx zA=4~aG$<->Osf)7wHQ8<+ZDsL-bWRhuT)u(KAit>&(Nqy3ImDne2)_d{!3;h>p-UH zmN$wGmIp>i{*zBV*$@;I*RMp6!$|11E-31B*g~m z5`RX7x?gNgFA9-SF#DT>rc7)|_FsqU4pj7^=VpZ~`8VOXZSWyc?@`8$6Ts+~IM<#Z z-3Q{8YZ9=t>!KeyO6nU+$=Sc%zvgkvmQc>KN($14?#5w+#tj#&^BD|h%&R|q%uZ^P z@dzvi7Q_a=GC+lkI4hxP*ef}$>a;wJihU0**oVUkyCNFthLHO81G+3b%6}LSEqFpJ zeLJ{Ss80u0hxhPmnbX40!H#)Gxx{E=(-GxYJTO#oPk;y`p89>5382mf{1^!3E zd<)W#)bsmvueb=_;FXmQRmqXYR$Pz zJY1pkoe#v#I>;hRBE!!4s^~YaWq}!7`bg1v5P2VMrEH0ZHMhgG^YSebePfAMzAP)Z zxpP3SSw7tH6>NlbvClFN)VZT}n<$T-DUF`}E#lKa!d%3iO1K>O{pZB@5~I7)sW&T% z7-C(nK61XSEUg`kh^$<--ZP#agO)j9gp(evzP@>x?qfAgG&((GyOKh|lfC$&z*j#W zX0Bu*ukDB;YW_{fFLP2HqqHD|VfugowpBKnVEOL(lbn`-y3bL~1Fd(wWZ^qZYlTeB;k zU*0uQEByHL*Bzg5uOnCQTm##7I}vS0E`#`*evm*` z-GQpU_Br)Y^XsP&)J-6&A3;_*zCMDga`A<+8~yJW(QLu=YQZ!X@4u_yZC?bn=fS1V ze^<$LvwP=%Jpmv1eO7v*p$bnT(H(_pOhk$uSWUo)L|Z{jH&H?B)ZSkuXGa)8I)Kg0 z=ozr1@rx9oB|wzmka1O8i6D-{aB@_`EnBElz27$&%8yASR}asl#p7qG zkW$eEz(GP+7lui>qvsj~%!tut*R6$*J;_^TdgrSJ5dC8B&J@zaYGZ01Txy(8&VJO2 z1)mR*frFmRy~#qQXB`lfRo>KSpq2p|SfkQF7ipcA<6?!C4$u)KHM>gn%ub=6&r~@* zF%bP_OYMoyDYdm3!?=W9GQ0?^{lfS==z_3=Kp+i-$U1w6dLj6py25ITjpk2c+)c{Z zNhtSDJuX*y8gXYQZH3L!)i^vT^{Q z6}b$;q^?OhH7Bc$6M(c;wDa}PQvM{;s(t-@S5f4MhIm?1qJyp11_=gGm?zQb#yTm` zl~#)o{XfEvcd1kBE;Ii_VJ=OW!WDAH_jk3*jPQ&ZMvv*k(e=Vk=|)e9^+d@WZdKk1 zqasoaS&oB!{Yh=ay#K{}VdP8X5EcX&bw2!z35AOF@F=lF;6k>k+>RynVIv?v7}y!i=j?;$r*)EcN)t!%cLe3-?`fU9`#N z2iKmKa$ldEcf1=xn6BiHT_=9jL+8ZI)%-Fma>2ZeO5>qv*Mi;Fb$@og?qW#{l!<5@ zQwm3FY0}oOn9p||+-db#{G;&_@>5RRtTc2fuX&`NV#_$^aiJ8rXpKZqx%Rb3BG|g9 zKZt=d&02wyG$dDjh*1J%jV8*KcNZ<^Gkg}vZy)Sb^<&<{%}a?AStG=!fBvAp97Wbs zFUf`~p)Gh!E3$7_ChxC7$&|#>=Ei{7k>69=GH#NMgY4aVmh&Z*LF|5u^kw?(!s!o4 zOzhB9%)hSiEURCcwl3qI5C$KB|BL>xC~&HJNJ%ak;3p7rDSM6VG~LbTJYwz9u7TA)7aH@RG}nPCHI-#$A^qHGY_I~#!x@8=2_k06Pf@KRAWW_;$#cr zyyZ9uxj+U@jC4xf$RKmjVO2fu5lJdwodf!6`L}Fh1oTO7gjL;f`z+UX8qT@zl^0r^ z;J*^l%eCKoDUCoa;W$(Vc8`i5ek27A2$_;FktgiG!y`14$1qF}y^xIn23@NJf)2I0 zsG_q%W*1=hUP))jnisrR^ZGeGy@9_TPiy_E2P8-p0T8BEqS;Dxa#qRAuRIefSLsAM z%Nl9I`Hqo)Aj}zzDB86{c=F$%>HIlqIC&xQ=*0$06~_-T|3H|VD48o{aLT9Ene^#- z<%JbtabWSFdEbx2hx0+=h!kKm)>1xcZu5#{@j%R&(*kL0phOCqzc`LRa~ zCKbTP!((!)HXb+ST1jsL$Ue^@z-iITP@CMV3X;8UR>iy2rLHy$|MV5=a%X*%{*vAQ zme0Ks<#>f%*E}}`a*(-*^`W}ePZgbN)LkGoZSb#!;Abw4_CvbQT{r}#>1w~}9X!sSTTyRRpA^L(IDL9Pq`nX7%G zCN-wlT-tR^NBO9t`#IT!axMClNX~Ol7K=oa0fJo{?h4O&kkbt0%KDjRqqNTtXfHOn zwla}HJk%$L^g%5BmVChwJ|?9i35;f`O(eDQal|j~cXRsdnM1dRV7pOn6#o(o+}TdT z8@Se@LjG|xV3IC|3Dawc%I`6|kSj%|j2*2s0EO8x<5)xc8NcJ*b4enLo#ciBpfF3V zr;#wElF6!RQjMGW%~CObGQuk_KPHDSq5ex@O1-Sqc=JdIs3P~Pj4Lh;w&}OU{<|Rr zcm@N@UaQ4WCsM_ja5fJDx=k~M*Z70Ij(@M_DWR(p&Hl&Nm+=_%HKs`}Gx9DA)-Qz0 zb33Fk24hss@m$Py6SQUr&1DGZ4k?Gl2uf-Y)SSAj$OIQ$mUjtL@otW{fX!ph`Y;pZ z_$>QP5hHk$%w)bUPG4Q6kfrIpZ%2@y&l^ZSJ=EEcPDc1mX`UA-RPfB~78!9tw6`2! zVJcowB3M>a;bkMyKN#Ko$HJsIJX5+8@EGVP0@=0`+&B^AxTAlq^Ug>G79`bskpQxV zzpe7&m4xF2uKX<=2SJMqSd&b3KX05WHteTvXlLPWWOg6G;J#f2iWgP2#q2SXN`v}p zs5(cPLT5#05x*{PKJ6b$mywl@05!sL4YddH|M9FSwLe}j_ljujVd6ZQTdt9JOoG?p}?uNn;;Y4MMH_Yhkh` zjFn!JXseT{rXf%4hWVMp{ff4ronwaMH~dv|tSz&rex)T=^J&7U0EZC)-J73i$_n0^ z4itYFt%~q>LW_+$l~>Dz6Q#}T)=G_TX03{`O;uH!V{G`L9yqnc=06tZ*g(0oZ(Y;` zRT%l=zZNFF$-fq+ZG`6}jnRt`g&ubkz`}gx5s|>QE1=_47FdOS{^|b4`0z%LzefOHmvc8$DU7%%DXslA6D-Xgk+op4Z)t_GBx?1T$DW_G)NFqmce+kR|_NDGeaAy zy4|??mh97s-*&`*S!G3WTvKkdu)cetFUi6y6e)g{urHo*)6|sMbbDI{=9s#?Cp#&i zw>0pcz;y#KOh#uamfsX3S{qU{69RG*|6rJ{e@T%L)Fw09>So0_N7p2bA`;VgEAD!x z#42ruO|+4xV35&rVxq??^LgmhS#UgRujug8;|u3}yong?1qCOZc1{`@`}B79eoH}Y zqHoP8PRa8!Ae3;=r1+dg9kOkGo6lvJF?slq`x;FuHJmY{@ZH;wud zhN2wNXo61gRUtY1tIuB%FlA=dx?(6nq@k;i44BLsek#pD5MA7lAh0cnYfYa1uAMh1;&-BCmyd&X00!)+vR_^|J*V%myYVO&2;D$X084q_JWq0OAAjX|WxIKDPT7-V zK+KVCsnLEKWnso9f)(2MAFR2;-EFhItNlX#m_p5=Vb-utS*7EV#oC6)>hHTeE{`s$X zG~?7ZgID7ec9DI-rG3&>1i+BsCiFgB=;=v=;#GNq4Z+ycx})^e&FtX%f$-1+%1fDD zWJ!&fWF`X`{q)f`%3K6b;WGG?CZniqG{Kp^QuoeT+cqx2edzw9VM_2EaFICYvNZlj z!;~WVN5i}Ts^o1z)^4NXR0AigZ^hJ!EKKUChbJCq_*w95pqZzzPes{%b z;t+-9u6Vjtji<%|#D;NH;vcyLXoE15Qx$**QkPC_w@|5BF}27X>w@Ld--$Snu9$L) zuqgNZ9}SaXwGbil;VfAp;U5i?_)%%4OQPum=)W2!@jn`-%D))mmZk}H z4YGPFcn!-~U2YlkI$>jOwc#CGxQtygy78yuc0BEXf2%)L z@p{R)(|GTlLu_&%s|ZQ}OmQzkS_hW!{b_l>UDFNL&zL?$VrFQ?!~{8Nv7?r99*|zZi~JJXiP(`$p*af={}_oo6k$Ct zmI4MMIC&;ZUC^88LNK8+sA3Ws4w#3|t#I&i4_qcA==BW1^v<9JGSwcg5}PW=tIFu4 zb%kR!;Bx|SnCz44w}CTdFn58f&ci^aLhh~gU5um%kQg8ob~!*hK!T`eQ@|9)mlZDH3x2)KA^|}m2`gBLcR~hs?u(bgyLkQn>v(LXR-Or<8s;B_gN_qZYqcXKi(n8p zH?bh{I75-X<@s)Y4M36_c}wX4G)!B+ej;)A(P`$GDvTe_ZP%pMQrW#>cDqhS4uX;3 zhS|k6Pll(&1)$9UvS)K(AJLqEW`lY*ki)s1kSnLLD>bwa`%w;1CGQcv^6`|k9GT57 zf%~&5VtJjKRaS1E>ZEw|(4cw3bwya@n9tVE`}_XTG5Y&wH<&ijZCo;4=zP^WA`Hs3 zQwVVxdx>|yc4)w$8mw=oF3h=Tgd`uvIAY`nDiGsD>(6|4Df;Fr9ZOQ`e7p`_evq+b z1fte*C>iFAr?}Ikrpf1K%9BT3;n(tm!VOX0xrvik=OfOO54Msz zn9LK3fC0x5_+(WEb@Ss8_;OCG$Nqj$h{LVUXP3woiCgaGdkNcmK@xaXz9kJs>~{H1 z%0Rv~`|{u%e%jnj29@+BF6~~sPPn`=m*?S!G6^ti>P(D5pxsRILD1XjC-xgfB=Ue{ z5BTUaMP}Ep3vo={_Yic-SCY0D%`Cx+E<~wmHROV=oj`d$Z@gE_3D5Q~X3|6T<%Yhz zot^+WTbrPCG1SYPEqPH$<_N*Xz@3SIhome{CPlAKV+hX z1UJn{hIM=`f^ZJO&YA3Mpy>H!K+Jch`*z@KlAiFsQ^CX(l5g9V$6qpcJFbomv=dDJ zHLiO~4E|i!XxlS0Boao>4e!?(96N<2YzAV$6d4~c5~j$AJD#&0&uFW0MOZ#oXTJ?6 zm(3e>6(U#FwH3hO6ZQvhEJ5&dxzPAegJja}>j^rgll~rVbnfYyGN&Sy^m3J!IHBC_jR@qhxGQi?hoI+$R zAr=OMQXSf55yN*+8!fz4fd z%6ao8044scjTj|BaU^zr1M~DD3h2P7lyiFw3eMr-DXV2%83&7x1?fFb3xR5dV!rUm zfGDR?EPHwh&_i`|&hm^|w6hnABEAm({yBEY;%qQkLvSMvp#Zn)HE;6gtGhLcpLqh4 z%1sr}%=Jp-R?&yJ;T13{s*SIE+T-=n=l38V2*$T505#(#3fv3-(i;t#=_AO z_QkMHa|QI>YbTH_3=4GaWDacK7Y*kQ04$$Q{C{}#Mf2*5b>xDY7P~nE6w9DH%(x#O zfNTDr*Z-{AHut#AzUTM2-Tr-lsQ1o|IY#I=9`<{YL|SA1^v+G=is*ovtl+}s@9-`k z>IC)$_AH>>%?HA7n|}$qs4sVcz2M$BfTL=Yif%-nPCCBEHpxWh0J7IYarhgHtY>iH z3!6AnLo~4gg_A0NmrNm@iQ8gTvQbfF@N_L)BKVO_mT!)Ro!r`!4ZPS~y3)#T=^^8{ z29Ssv86%ng?mn}D|D;+qC5e_#%j=H=A{&z|&pjk3UJkUILDDrjIdI#<60|N%`?u{Xq?!^zD>K)5HD)p#m^uA$M)SD&ec)W$4lfZh#-pPU zQlNbpTWmmedqeD>>UKNbcSRYF*h2l^rvQ(#x?t&Z7rL1rG%r6n3|wN~(R>*o;A^Y? zY0VX*)Qt2my>{t+YxK9~;_HbyE|+RLdUluKZuARv^y+%+OL%38UqP)awat@1*>3+j z%!aPdJ>K3~z0(=c4K~wTbz=~+WFKl7K?2p~1_ zhTpsc;+&d5C6+jCj2k0@;|oae-XIy;#Un1_8C(!rd=l&VMn?BWn9#t z$38rkkTORHHa<&ok{>Lz1sfMF0uluVE|=)s6wkqApzyxS;B{B%hTv&$x9YYok8U zL6i)7VQk?-4FtLIH0p3EnG=4_9_q-$FvG4Z^#!Yh0umZz<0?Vc2ykyL4dbhhbVpMZ zPtnFgTW2F}RF>l0L`;C4GnG^Y*llWHqxq%EneW<2m1U?<_NyGdLnMh{;`w^P(CeFz z3RXpz9>XZzT-I{kn2rB0;oW^hRdg}VTY$^WfC;`*rLl>7yD4~kSC=v~QJUHyW;hxX zu(5d|9w35B;2CR)CVKcbZ*5HE^C_WlB8=p8U&_z^TOF%CH1fo>1UIz;_@d=-xYBK> zyA7+Da=Eab3cei0#TRL8Xow_&&V5|mM{;J{n?-_&Dk>Cl#y^lKEzm%I?6GK)-2}=S z+7*sMVjAWywVv-6OSmruPZ{l4Lsvj1EAJg-d4&|MaYcPKp-6>Q0^ln^&%D)u%Kip# zxi=GvmWw2)R&6i}QT`ZOMCP?Gai~75GA&wIGp9x2NJHbALc;IVHiz%4(P##*;l%5h zgY{C4zpwacJ2IVqCX*fSUC73Ou9Q%*&Gbz;MyF9fQeFj8Elw>SVa|0)Nl{rg?k%&C zKTfW!X#joWr&ZM+R{Mb$BR^CR#>I5u@x~!9*=IrlJ?9&M@UCAmte%{evwErWk>k|3^m^O9UCTm0lKNnRb8X~ zPLM@=Gc1?dR0zG?xzCNU!*Utw^0I zQ3atvL(sfO_Yap+Kh-=G_pkXB0%2oVSO9dpjW1SpJ9IDlN^Z@(BWRAVV+;5zH-vNY>5s!8C`OBMV& ze8*Kjf`*$m$?vG&CWWrN7$%=>4Q7W250aQNlBH2)MOgJIiV3V+YIDV#v>dA?@ZK7b zPD9bEH&sHX#gjq2)hBg<$zC6=%(!c+QO_i6f-ZL!ioKAUPgE$-Buihqcyg$kgT)ou zfV@}7E|j5Cp^w@;FH~<|RmOqvm_*221DQb{#P(O(G>Dvd<_e$D(B0m34+dWeJrB}8 zw-#(D!H~R$uf|p*cOAti(O6*bhReDruzt85g2yVEGMJO`Y6>;k8@G1;1U${rGcbhp z;;WvLitj&oHw*UMV2T~dSix(W6%df*lhmNZbe?BM88sL-jYU@0xAu!o24XrUo}{1D zz+p4lG1_bVoz(#$p5nsPX zNjb=g{Y8(WYExV1rpPr~FbrIQh@$;k6o*zuHm4fF$){D*BT!&=rD{isawX<93y8lP zVVSFU{C+(EE+%)}?A#1nn0XO9=YfP<0C{OFHVBCjjvVR}TK}Df9boH>0(|)q)>`{@ zou19#>n_-4`|Ee4g;@JMs#v}DjqLP^YR-l zkT|kX+@>XAX=w6(9)mx6Z$8)i`g0SUeG`nvh=6&PKM<9Fl*^K+V`@4g2lrz^Nd3@G zMurpn0VC2*17*^8=mwgn9iYYmQ7iru!1KJ3vWIsZ*6;VivZciYYb)BnRfV&XBnJz6 zzA3CGM)zQY0of`|vx+oUW~bMt7)f#1iD@=iPx~?Piilrz0L}G1{~Tkd>;1jI1v{IT z`+ajf9d*L@i$A;9>v1rvHP^1Ylhf<3*Usx&=gAJZHGXZwjnS#Q;l*cgXU^<19yruPfxAEx-ShO50%WatKPV48|j_8&Lk7*3N9 zzxx~9L`Up|hL@uu8wpog*Q!+)$I^wYlpyjg1W&u@oqWMS<$<~Ci-D1iQt8~w=oKjXKmz~zK~M1#fSJZZCqTe zTwLr24qI{H^e&D)+{6eIicqXvj?;7FUt5p+lz!YFU3*opGF=(I2~!!q^nbkzE?;Fn zUZ;zOF~{)v&SwX6()38(bbT@Yew@P|PS^fTWT`@ePWArwrJ6Djtw6XxdvK~h0q~Z1 zjHMywyR7FRtA9E_)#Y&XT@AzZT?sJ-!!$#(U?-_pR^lK6eN{4-Q*< zpK4ilK?Q9W_y-{{*HTB9%vrJ13+y6`=FJKIz*+o0X)5e#N@~&C`##Nc!OIaVq`ogo ztmMtRk-;Yr1sIm8ty}`abeU;{w3mQBrWgJ$aG}1S(H_acmjffyxCP(7HQn} zuPhE7cjdUJQuSo!kyc`(=;|g%hPN7douf z=YvfdCD)|YZNglu5F=#toQai28N+QF3O20Arb^?X6p#$0lgAR4&_o)Hti~@(wcr<0 zK8?q%VG6mjKUtI4(8QLLJ{M=KVUkLPpOW${&7YF$F@-aFonVv+&+m!AsR@quUvS;&iv8k&t}{lz;8r%BV|uKL>RdF(8h>n8J{T%aM?@1kkVby@a2aj}o;jQ-I3`#fYa{Ca{TWY1eYtIb4Nd98#z=DNdk<-&vX{#?I2mBDVJ|~Du=ii-FaxbogbRx_HIyS8}!29i| z5rq)xG?{J`br|M^n#6 zr*(%oIt;od!J68>>3*kT@>#Su-j5R^^o2NeQmQqB&Kn-N97))Os9usrA?Zo^;oAJ`!1T#UxSi1w@Vpy?!V+d^fP43Kmk2ZH^AoSBI%bzCaMXX#5u( z0*%HL2s&^b@to+5R*O!!>|0a`^?kNVAwL`4Y03~=|9H@Oz6FdT0hDyawm3#&AIFr8 z1?p&->NJ=I(;RWie8e>O@8t~84$Q8U<=~oEX0`01H#&*Rs<9ONYqMrcKFj;YCTxLn zaMf6+mqzGm^|V*Er=!x4UX@=|=R|=1y0b6YZq@f}`Gr`D#?;3ZNi*+jv&!knxQkm7QFU~IAEHMX>ly}f zk5z=LbMU0b!{!Ds1BuIl@>L2i0xh?xyC&!)^_(=2MQ>NBGatX(c2Y(X96p|Miz|+; zc6r&KNa?0NV-IcaPNJ4^pn^fqyQky zYVL<;`avkND~vpgc4Ka7<~J6JRu`I$tnpJAFi)MUmLp0u)fmVFyi6Ubkp3p;TrJ2M z-V$jqELK!n%#>s;*oOU2c5;exI5+#HA+4k;6kKH%8TY|@C#qYC^*zLA)i(}Ea}cX& zsUZ^y?~QG$R)MC1i-sfGln0#jQs7+ZVYERfsLmvrs-bA>9qq1FD)Apl081;N&2ZtOYSvbX3p)}*Mw95Bw4V+G zDu(D$xgoFgD|r|!crzu9a2h&Eg1m_^eL@NpD@axv5(YmRWS{;#A;dHmMz>bjHJ;cH zFFr&Yc9XxD>KXL5Bny)osy>;Gb@JB!C{RpMkb9$0t6J3rRXhB^U5Y#j`j~G?w%K8X z(_e?!eo~yci)0S9A=D{MYd3hJ2_dz#CwEn;fVX)jCy_mOL&g}hmsZ+AVxRN-Z@#Ce z6n(LxznKD8t%ghW6^;~!$#_cPIH4Nr9)1z)oFdWJx{`K)|$H`LKM%sqQE#6wA&^<#Usmd*Wc=)?ynU76x8U6ZbVQ+j-+%wf|ZWo9YX4C`ae>` z)1x~MEYTL7mPE>f)FlQA%IFdYY~cZ|N0HOHo^j(h42vTMa>^vG9J zq7V_D=6>pkgD5A|^SPN|Bhh1?i{!hOb<+v~X59^Jd1eZW33LnFb-}SPLJ;XG>!FPFcjIPQ0F=I-aM zJnF6A^HH8$F5Ya(%&h$1djssZqi#i^m-~m$&m^-EGYT&SHlnT4cTAkow2*>}7YO|P zScZH~t{(dh*VV6~5f#<3m%}~|Vy|;>GH-6Pr|S>!z_4ThRy#NDO+VR0G(v6Iz zs-0w2Ir5637HZXo#~DVGAW{j}O>29ct;Ce}k0-k9AT17H=cK}HW3iX`G2?sI8px9` zYwSadE8SX>aSy8&>JyH#v0Z5FvVm8wNI`uHkp)}#f^!QWm)c#~SbQKx)q;7vnlI?t zc_%c*rx3i3Sh(89hYA2rQt2ezTiiiQ|1r64xN}8=@;V=ZWTk3BM!? zLgva8coY{Z>RP%u*~PB?4k+DOt48n5f~Rx%+ivxKCly>v4aX*0#BRi&DwC z$BO;D+zFthfE5ang2Z>(mWpLDC_?C9cNs-I_#8^O$k%ytNFh%umawar&W`3TLg2E$ z(g{=SqFtkAgEz_)t6Y$#9=+%P@?Am2M%~wpuy^#-x{`JwYuOIj8FN{vIcxqr@nk)4 zJcWlu8TdZ|@+l408~OwsVAPRIGwNu+UIUg6Ay14`{XqZWB;m>PJWEn`NS+Y24avbP zCgSD%JOsL6a>)~jrb)ZxJS|1R@{3DNHm-^AEWLG;A<^LnHWxbq$y)B=TaCcha<4v* zZPk``j_QST*87Xvu4lc!m>sMBj+;1IZP})B5$(!ERQ6)4gw>rffR?k`dNROWz1fVQ zhufJJ{GdKJ(fL@rLsY<@aq@%rice@-c|-iTYkz#d8WUHT@CRe+#E1%cD2xCQKTrtI ziTH!ILt|cMQ<_7ugLC;^&wgh^@S=oew;&1*YZ_r00u&3KJBX$!zrmmn!I!LPEOn%$ znMy!{4vmx7EhtmG@4Cp_uxVTC`wV-eVu>8v?st0Jf6i%E=sL#@lYj`M$%H_(5+^JJ z-<3^4);GbVI?GY2W(8nBtkoF)#duusO1?99Qb#C>iVF0x@%R-q zpEG;O_Q^#J3D#aeUE;hrzLzmvBwyvMU{j(tpdqOuh1BLfCEu!ex+qQgQYFcbd9fgu z@{&Ao@7zP!&FX=H9f>sne>rMrcQkyBCKtUdj zl5~Q@bZH{Py;O}J4DH+iqvqAw|0k0L=K^BuOlLf!uE}=sEnp)o3^G|4F9@)#Oj1Vk z^wtz)fPx>}9aamt>fH4;Evg$gWf8Eeq^V`+I)*;MKySrqzEW;cHP=nT0&3=6h&F@y zgpq;`(6|{b%&Qxr*&ui`!!y+#TvI$$Y>6OAQMrB_v{R*P=p%&HJ#r@Ja8fAoL~VzO z8B_ecf{?Y8G6hC4$~(4eMTRcnIazQ~WWXygX5^@8Qjb0T#NoP=Y|z#8iZ%%|3S-#F zcfL4VFC=f{G06BPJ=S)gW;7OoBn_R z#roq%_tUgDhOUx9!IrC(7EBC+Ce3%|mI8Eh(Z8k3wCNqg;c)o;=~MXsa5${}|K#cL z^QVuFo<1L*JpKIn@#n)w!{evVo;`a+hW9k)N-IS{^GCxwzpFmD-$wLk7mxOcFc={E?4G+B8YhXEQH+?lK05@Kvzf9kC9oXF`)&U^V~R3dc>Iyhpkji z67Yq*?Z5GSDV4_x52}p;8Qp^Cg~Pmh@~OF@Es_k1f7O31IoE_szG|#!au%;OAKR0Z z=oGmfO)qm0q|bR;E;I9{p9Ie?0mIz}g|4lGV!pTvXC@{BnYu|#ow8NVC=HV-ron2o1aPqeDaoze+8-t0>6xMU# zSj=@1Pa`C|cdbd2F7i?om>pYHTC57>Cl1e4MGR}fQ+AIPPm>Aeb$v;t&|e*Z4V6;w zR}sw)NlMBr`QK9YQ%*iIq(!polQXmbEM)?uMUA#gaXQsDTftE8S5u$|$7dwTz+CF) zChJgEpFPhQELE*qWrEWAcC}>_Mx;U2J53{|LZ=5w=2lT92PV3MeUvha+UPY>DBkzh z&81dl=qi;g5oFGX0Q9i*>aHd#4K%Ms;lj8m~2~ zwcb*o|4>B-lKS*$v_;&VSKFh4lmB)qbI9GWz85IO$-wa{Ge`!xW_dD8CiS>?)3s9Q zUbyytXTnh)cK46$?26^fq$sNDW<3|)O~I}A81%%~Z>|)jb~_h)2zi4UCvd^w zE&*yP&Ox6_V7fF#o36d7u#Im?&aU|f9cQl75Opd8Jg;34j%&~#yWj{+6+NWFcK0P` zRu_p|9Yb9%l5qgnHmQb&kNGke($Y2$mQ7bY$yBCHnyjbsigLV63ZcuMLsBd`H&raK zyv7v#3pV8Wz83(}B6@Ijw^{;M@UK6-UQ9-bz=8F8yJC~dQJFFU*PY3vsWO$e)nw$F zG?kM1O0HWquu0$VRuF;{f?`dekN{dNU3tg~Kbktog`>_DA9eaD-(ay6Rei%l6$)^8 zENxhymS&DbO`xI?GPbCDRtY-jl9e+Aw$Or;RjJ~?R0<@4yIF?{+FmTjQe^Q^#vH{r z->pNQZe9GNvh4Mx@-CCtMg~i_O?{7Oc-ofHW#Ax)l?z~QIBG2*tP)e!)^gg)YWgXn zuNp0(v8XG57?qqZe<;;iS}b@uU({=d2WMV#bmNDz2g~v5R^7drNfz^*YUdl4pr}S; zkyP^LS_+x*DFsPtE9{qFJ{W!on~il*`xc|xwv z?VsPi)qj5f5Fx^a~zV z%<$0MQt+sV8NROa?Zgf%WO#_)kJwRJoEtgJZ$J`+nnNmfjrwmD3>gx&Lmh}=c#uWx zR6NKczq~A>ZhMq3f@D=i=r%%$6E}Xd18L-6MsR4g$(qBp+o!I;8l$bc>5|9<#il5B0&TOlHjxxs8j)IA$Ee zyK&J(;&1QZqFHmyIAphW(bOF??j%3BXdYZN4=$Pq7tMo<=D|htU>0$w;=wHP%bP_W zTr|#V{KhOT4=$Pq7tMo<=D|hdj`G1pQ*RHl$Ztg!d2rD@xM&_+H2=;n8h?W7Z#O0N zp?$)(Y5s4K3hpZz;nWSzixM&2;TV9fkp%6af`3=pdq{!)PmQ1Q0rLfAWDPM+!U6NfOHbHNtDaZt9 z24+qinyR>PrBe@1*$1a=b@m^evcC$atmb)b-LbkPRwDxY*ZM*8eyXE^-oCz2Mf5S~ z1dm*(BA#ZUvitIvw7^x+-6!X;6~1O^${oBn_-aA3saVhtUforJxgod-Y}&8R$h zngpnKcu?Og)I-wrPu`fu+%UeyDu$AfE=&nLQSZ90Do-oB;I~^>kb!}{LV>w#ZeOXx z#?1At4BS!VakopgLa<;lJF^{zDSj`xy$d$<-nUh8&YZ=<&82&$Hax^cu>?a0d0{8a zM>4y$XAXL}02`zMu$`o1w&AE^(|LwC~wSBFQquOMh_yk@4AhsB;{ zGZIt7&qKNbk-I)|uvP1ma0AQ=wl%!ZNB0fd&(IYjc~Fijo`%pyl3cE3(BMF-2Ql=#bq78X1v8 zo7k}&ra>Q5kV;N{XQg9%?a^{!`rFC~UW!I;XeTA~t2e)wSH=Sm$O zbyhi>Bq9VvZ3+X?%5un#8^B$bFOv+BKc~ECw^ZbS_2+#u>eMg+N1a1?+l@MU;G<4= zy%RyV&f3%}UAaEP@bVfD3qU$ms`FDL{~Zlao?!|3ug>KL>k>+y0QD!hA_|YtOOwxt z+%q{;GbUgQ$;u_vl%FhUPA3Jxo#te}x39EPNm3LP%R76CvP_RU3y|!S*W46&&L%}^ zuzA;mv7Phs ziL_(pX6ra{U>cKYr4Wa`JTXT_NKG0PEc0E zkMjR!rv{Z8c;vmAJ(Z4!pu-T+u|5#D5TTEqs)UE42k+GCWjE z!KPh&)g$;cHX`K$$q<82pxd--CFBJU_(`2>%0W@cDS9~n@O-0&1u2XTYFLZBvX0r zSE*$p`Xp6Cd?!3j=}I6&pjquYZ!|;+xx;EPhCtf--j*z%qdY~6#D7uiE9qN<>`?GI zlMJ{Ygh0U{Vm>2|3%IsgR&FH4LiWbqoyv|6J7dhSkJBm|SwNt0#R%E2Fw&Sd7`u38 zKG~;C1aHjiGf)e!muy3nG2cb4aL0n!Vis3Sv;!8a!HGF57OrLM zPhr>1NoCKONB$F9PnYuOt%lRAR_pcK_H}Ccgl8FY0o}{&)?Fm@0vKtyBFp%8YHXl> z*%U|CLQL;!>!v(W)q2Ewqk>qDCy$rK+6cW?{$#EVDaMOhQ&H4bQ{EVP7;)15+E0=x zL2}9@|1-BM+WG8kLs-3;9tu%7JDe9IKl|E7D#Y z2-S!3P;n*`^r3CSR7=G+=s@Yl4TNFg(JHqS)nq&6#ONkoilDFDMLP*uz(6b5QbY05 z49=SYk9U?_OWKO}`^|qCWdOta6Ivl4VZsDSYa%(D%PTgwomao|QZ?cEPNFe4eev4M z?wC`uB|7$fB4clbiVc}7L6X}bVmE}tZ;XcB42JvfkW|wO^?F;xYsn*nv%3Y_wdIpR zsv99)yAK5^ZffDNJ1aTQv!z0q9QwnU|NRK?i3Z>&N_)4{RrRFPCGwXHfC z8++TKdzH$D(L3NbZB@%K#kk5DRxpDUTPdDiH8XrVH&8!o%4YO@I!frjPK^daVs~6k zgO+NSzBW)!M`UY@1*?bM|$ zwc;wvo0>^G@Wvrvy8(l-{P}@6G{*7;&A?7vgJ!Q`u}8VyZn5W^ap&dr720({valN! zPpa<5waHbtUd%E>RPg^6F#c^I?VG0&J`7G(kg%RY4;Xv^@Lk0hwPOfkt;D6K1E&~B zVVQ;YOh$x(;Rnf#Xg28rzsD~Bb*T0>aO~ktU}4&+ASuu0rZj92dL8OWBs5JUz}pp< z)P?};;lm1}+Xj3+cKzQ2@cKP~uHOUTdbE3Cu=Q5usJ_$|S+5Zu8(2DuQ@Qm$_}$o+ z^kcFtm#5_Uvu7vI!g3Kl6xWO85t|1%x8v_^C*HVRv1S{fnwqLI9Poyyu3_4w6-h3# zT3r{X;7j$T;k&|-m2}{(CRa6Eo!T(-*MTetY`@Soq4#THheL+5*=%ow$UXVTUX7>ujICy#2d?lty)2r zWkr%RhdYF?|H!5diUscVpUkSsQHqB}m`sD1&~Fd|q8eXNIEV`Y&6Wd?a1a*)8l;h+ zaL`5wXd#xl!a;i>AZ+Qc2?rYp0Z}&Y2nRbX0=GMZ$G!Qp;&r70sW&aFM|q^8aDD(G zAA3%P6EHZt#ZsyrQ<=`EuHYk2hSkf)uD#->5)dmH-y|)k0mJ99Bn0&+-1Gx(O|jv` zfHGyLWM8m!)~9KDusZ4z`;X%;SsnG!P5a^nSskmtA3v6#2MTo&^(a_R@JYC$@l*Ko z@ndpuaPYeY6$h)M{=0XESG;@Y7X|+QcT#^)(%awP-#-LuNb9&p3w~GoFw|q91;04( z_DjCT|B}a#{f0YFhu405NWLI;CY-Gin+JCXnOS)8!p?$AN6mp~xL-Z9dDNGC^H9AM z_UVfkWLSL_JQD2dvGcP-tZjC9xWDb`P=VH;^k}S~4E8Y*g?Ps^_FFh0yE`7A{BV%N z!`eh_dp@d@uAGzwHkym0lE~192!BT+U1dsfgmDs^+LbZYe)NV8F$!q7w0(BpJHH z4=@NI=ANJ=<5>@wTt&^OBzHl4PR31%A8{DBImp>1E0)iAzLYAgu5guP^FK*FNPd!} zkn~#7@FPTNp~^4hOq6MX?pI7)7mSP<)ZSuQfdY4#O}rn*TYh9R}8T|`IvNtHsW`ak8==By|&MURqa!(ljIAKQdaAsrBVqXWa^B&Hq{`ih_c!XJmfN4PWGa;k&@e%ic2ZRq7sXk|(=Q84PM zU=3%|R=*CLJ=I2Ze{U?HRT}!)i)GZ~=TfSLVHsyn)!NeNL9!&#Uk=M*`x#Qyg6s`j zh@BX2vfwwyDX3V3I&MLl5Z|nJ6Yv0M`YOI#YYPJ@EF6sDh7Q=Eh+;v#rHU(Mh{CL7 z9j{GC2&+w-I8nViP^v{F25~c@sq>3{LHJF^pqijk`761(VH=p-qG(a7by!=y>=h(+ z{v<^=<$tL_+f&y*cwz zYG}H#IncSINk+c;^0IgG`SEj8Xv>VlotH#p`$fy$UC%uO>#VM=XJiB^lpyV5k@IpM zwjE1m0$UhUWY?XoRr-c*)cWN5u^|4#4TG!n(@oV06e82DS_a2t`DLaEW}P--Qp9(c z6aHamOdSyCx^wJr>XM9|>$NHT{_T~Cc^`GYV}hsG3yajf}*@&f~MGSjyG6Z!fWoz2&_aYY6d_5D!+FqS%gi zVn{Jhx5%lEb{q4uz%b6FfS4A&PDK8w4eM2z$tX{Q4OSF+iCqT3gPArCBp3zWuu#|~ za1(r_lfp#m1mm-t^#^Rxln`ttP`?v?8L5j0ZPGwopFxx|A>lNT&U!kD6l=j5(?Apr zz1yEe8@k&S_^F{}?;EHeX}S@x#jA`(SN@yK&Jyscq*f}6$7)Bz6v61ytu zhzRS=&G7-oQz4&N%>BbYeslk zNM_PNQU|MIst1}Sq%<;FsM-|rYLejHkG=P}=F;M0ZW? zJ238YRksTROELaSDh=*y!r=nz)I+LV?S=An4OA;Vi1Xk!p~dRSW`7&DouuesYss5p z={ndp!^+te6K_3b8;moWq2n2Bi##1AUpAeDwIs}tdhDWpHPEap=`B?828sbiy^T8F zf)jd`^{`6b#ImCbdq6F3pcz-%Te;t{-8*O4H~|4$%d-+sxFhvr0+C*NyO@IJrVs(# zA6dB^M}oUm_Yl6oNygSTDILvgtUoOj8DgV;6uSSqSww{eO6^dGFEvnfMx&X6l3U!b zx^SsO>I9fRS`bC4s}_CLU7yKiGG9n}p=mF(Jh^tmOwCldwtfd5H%hNfNGY~ffu-uv zrtng1%|WKvl;O3VoE?8<^%nRaAY9wwQsd*fuC$?T;O&GrU8tuDJF0FHEW!Zxish<| z1vg@&LXCWIAj&1g$)>6LNEjSa*B_N8qG*%}|T*XM5vhbK9f~x#VB&lSU zaZ?geDh4Xl&fIA`8xWqd6~lVODzOKP*2cAU;q{(Qw$}&W2)K=`92TI;JVN^7@n{1>}uV^~wg4bEw{^;zZ zT%G%xKy;mM?Stj)TTNKdt5PUf0<(_V)*h?>W=4o%ZU-XynH@kB4;YyslxavFKgP%& zFo-~?hoZf|A6GTMfT#)hEyhh?h|_w26Sim_V)aM_s}fr*9`VTF5TeQ+Rrbq8ai31&h@nuP)fz%RZ-#0$_0o|1&Xi&gUflE;=NIjCC%uZRT9)N zGGZ#PB!y`nj)H)B(;~S`9P82xrt4&5N3*H+SR?jRpp*Dkc@wVWGUswe?OTu*&vgkU zxq?eRMcbl>V#N<)7T77{jdjG7F)mmB9dE5j4|QE;?CkOa@({F9k4}xWr_kWny>sff z9;%Ysgk~r+toW)-jeoQg^1WDA}(Q6Tgq? z6*x5t9L#&0y1@5+a;9+5afjH_;kg3c5Ne)S)&LAdGjsMlS8+@1`8vpj13q6pld23{ z7&O8;lQeVBJCfff#LNNk4crM;#$~`i!o#pL9UMq)FqM>pS^;`VXkQR|O_P)&7-Enl zU=2V5K3a;Zq%qz?chn9%hI`%dt&~s+=U* zG?^&As?6~2>BN(%-hdHoKgBcdlyBJ7caY5fW^t=nOE4qG9Y=Uq&DLvbX&#AqzYk`^Wq z9L08VG65*(!HMX2>5@_BGUxN0 z36W&;Q70aQC3((EHqYr4c;{e1{;;COWbumSbM_6peF3jAAHOYfTCn-;3n-u+@A)6( zU3GQ4VlS3-Wj=UCSB9)}dH?mtB`fIlQUAO}4AJ|a1kX;PoRs=~moF2DQobE^NTsKz zqYm^{f3631I_k(iM7S5hK&o*$I~{e#w*?d3qi)VtU3qX{*msXQ@8y0O43ya#192i` z|8ds{nv{y-DyNx%4qPQ0`7YOgtS$KR8&V`o!;l&mLbk%t(sp*p@5NICk|D>!?s(i= zTFH!pV}se9>%`RMani4wyn4JKALLn55{C(?!x5YJNj8N{M7^ZRr>FB{f5G_P42t@H$BW1iJY_yo&4+fzQ4CPcSK{%w= zF7lJ(&!7Ks7c+(2m`(pIpPOgen3yYPjoeT)FJs}cawTW+ zD@bY)1d>%1dCL)8&#D$;6h1Z*m*kBddIB zKvo+@%&P1Q#pmrYZ6JK9N>+jhV`7TzGGoaqdCJjp3FSVb+7UK%ry<}Uqgj&8Ma^fS z^(Lc}wWOHWir~*nn$xUcY%1A1Vof48eB0}YT1Nz~fpox1-^41pu=k(ux~D%rasIih5DA}2yWT3By=s*)d#I}w*{i%{T>|0ZO`Pug z46gI|RI{vH#=F-e9r@C@W2;9nWWDJr)u&xdEj-qKVs&jwhx=yEo`oBP)Zj-4=KCfV zAhoquG`l7Cnn3-de&R5X64AjLXj->IntWiys4#dnjoE~PikFX*BB%MSV<2m~HL#>- zDcGz`F+8-N@hMxs=??M6YBJ+tD>#|53D0I}fkp~*mR(tU{+ZJwQ>%t7lzjyVZlDex}YUsTs zUG+Y&+aO<$j%=MAc40~VU>4Ty)xJ93dF3}QR`Os)i-p=u+D?e3-AEpIEr_@76}-vO z0|3SRd$_2op>OqpDj)MlTGoN~vzDiKIg0g&4 z2#$Exu&HE5L0-Ojb$0QZj5>o+hg_arece?SU-gBQ#^lGq@8b#9PLLsD_8%;YVkJ%o z1G_!?2_H=PL<}Z8gR))&e$Ddhgxw5O!c9-kUr)i<4S>+#Gx%R5a%+?kyFpaSn(-Ps z0WqNR-{c91%xYzWL|ux?Ys)eLFhFvTXz0s=YY|7kF+4?jZzMUXZD_boQ${mT0gY|q zR-v$mokKjEvz%mXBDq`c^ATeE)s@E@4eW(68jO1VcmMqT@BZWQ{=wmsKXm`};`GNq zY+qAcyTe-X7VA87js#lKe5w?{Rw7(e`d>?MCUOUWrnns19^lRe zX^PU^80ant!fo4DfOk=fbs(o*0XC5hazI+zId+yA)@sW(Wrf`bkP~SDb0V8CfR?k` zdNLYQ$F>G|iq3~GZ>$B#Q~bDBAow>1dWzD=0&j$uvCNXwjz;k z04~+Qqg<$;mH<=nj(WkTT7XPNsm1`Pf0Htbjlea9Reag~09NgQs^WL355%eo ztST--hJmc&fK?5GL@U&aDrnUv{Mip^<;ARsl5GiURl}`_AJO)}Ru$}umi=r8Zq*c& zPnr;-xK`W~wi)`S8dH;a zx+wx@)1=-53MaWABu;WaXq@B|2r8f2ZE^45T%?_usVO)uT2Q1R4lE7;R*fq1K4QWj zJm2mfC@fSYLzSV}Ykd1UfnGJrV(nL$sDQ;t@PmTqP)EgnQjX09qzS9gW%9Rw?Aa)0 zo#P9RD|`~%*18VyDlK!Gs((7E>Le=xbWy&VO@Cmya6W$Y(C($_&^NkD2K@y~m&rWi zIos(whQs0T`O~M5uu9Re{{P{#lV^{Po<1L*JpKIn@#n)w!=sbu$H$MzaHqWpv{Do_ ze>A-FyXu4cjkM3mC0+pN|ANKGSh;bTq)%V;a z?ycktd!LbWzFhK*{BZu3Op{#f_2)@3fd69m_xj_X^8x%?Mya!CLH diff --git a/k8s/manifests/charts/gateway-api-1.1.0.tgz b/k8s/manifests/charts/gateway-api-1.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..57ade850aa5bc2d97b15844bc6b96c8fba34e8b6 GIT binary patch literal 108417 zcma%?Q;a6S8m8N}ZA{y?-P5*hyQgj2wrv}K+qP{?d*__pO*VV6*~)uUNL5l7h3|V_ z!YC*-p#PK~Dj*s|NhL;ONjY{|PcAki7Bxl_Wj0GKWiIyLYHI9q>NZw}b|#)GiuQbx zrZ%=fS3MujTkNR}xp~j(23{}XiDg~S^+~eLDOpu@*|Itf_$ehORvZs8b7WdEOi~We z3Qp$Cul7F}GXqgJck`)^RQzjsc66ovn z=j`r$Uh(78@BJ!i?D0oCSs?M$M(R=)S;walP1VEhl*f-OjfNgNEjaOq)92Z#6-`w> z#fVDtA^IFMw~4F>owTj_z$Jl6DwzmYT$-9(2AUz6$XZcdw4r;d+{mfd__F6vQ=Cj$ zv<9mJD<1M|R&*(Zq@x^bADkT^CWNAOmYG&auheLS&O=O7BJJtqa968WUun?kMvtJB zFdig|22GQ~+m5>2B|C@atCTX%tOfwx-5Q8}`;g`E7LL{VAyY!aimoehiEiLmk!j>OgL-X$*Hu4|lOR*HcuUn}h^P_jZ}8jwpww?8T$?5WCY5V@pk!?wMT)-hCbCTdO~v1j|zJ3_#3JU#^nN zQ1fa06?zrkMQ&!Sp`}Scm7a*)RT>Fo+HsdgPq{VVPx~ybU8_brpPIf2xEX`0mc9!lcrNaKxc?sC{V|+@4Qe4V!p^ZJm!w>|5h?QT=%wwE19B{Pm*O5mTS+S0SpK8-F-7G?atCey=4g)47MOo-M_T z6w1^P>HUHHQw7nbYi=uZ8$G$N3cDq*sDt#{%r_PE)Y#tMG+3)No`| zb!wz4!;JB3QF-#GEqC`3t&Dl22>?!O*}cAe3Hq%`|3Hi)(LEs~RJ*;sB7In*&n!%i z2a@Lmv1hA#E?e76IF&WYD~$p><)NiSk7=Uvv~#_=!X9DQE7kN-ECqlqmv86u%jJuP z82w3H1BafNTypfR#*B{@vljba6peYmaMX^Rrr>v}X`dCKlIw;&Q%cCAppFSp zd}Ecc=l5Jtei0ZRSbvbJUO2~6{N~s~f~`)?Qas^iDs7Te?ebXXG4Sj(^K9FJ!6pUX zQ6y$eHel`=P$Z^iPSq&8b$jO91tc;Lf z4dL%uGtG4RtF9RV-o^2CZf^T^+ltDv8jz7{uc|v!PYTKNlH&Yj&u6lIrJp{yh?YxQ ztowc+TV+>OrzLBDowB+)BNm&s|rO<%ML5vv&Z|MXbdagrJu?!j0hpf$Sq65|d2q@+8<;T{aX`W=#He2$-)e?1r zI%}ocf5jwr{aXaWwwbvMsJS#?m;xwMQ1q;5 zn|r|__}Pg}_M1n!_{nxV>Hp+@;Jq0%ED%I*`EEzW^?fg z`7VBZqy7!I1gv|Hz zzkV&SyGB3FZLd+(iMA}#AO$6B7ek$E|EZ^@qv8Nc;QEX%&@*z%tl5yQ)ghH!&B^C? zKeQM%IvdPtaKbjdt(1%rp|Qb1R?wDgo(X82;HFCj0u4tseP1nKje>v7 z$=SPyofGA0h$s=QDHrw}_bv1s(P~5kC-Y7d3TplR3l04FBpL(dval9WOR}t!Wa#M( z{=g+H20H)O!mnJGK~;rY{1i35NULFVI=eaAM#YG7s1zkKyd8Q=G3QbZa_E}$R78=4 zRuuA{fLA3)^|OmLZ+caOKsMtiXED0Vnm9uF9H>e#O=#|x@p6^oLaI7L;voLGi(6iu zI`Vz^0_~`5VaYXEJG5!9pqHzBc8>7u1FN3*?*kN->gF^%vEoLFrG%Gt}W>N19LXBk!B4gxd#7e159`++FbP)wgf66YO zf`sPgd=eY9Q#*>z+5+{g)u`OVGWI=6N&mLQ-JBIlq5Fm?g)!-7z=oBCcJ51skSY}R zz{dG&plBhf5X@?;>eoxF8^_>A{Ib(5*+be!`!rW?;~D6upy5(Vd$Jh!g!(T#f#FCx(@kD(<+*pJ!&a|MEba&DZm&GXc-7KSmpcqXyuhOv!`M|)6*hr z#8Px2rz0~DcNiU3dGKKlm#Yq~R$seKF77l_a!UJg1;#wtywReo@sR$k5CIWv!TMn& zHY$d>r49Mhnv>cxnVe-tFahSN>bo0!eJ%(5a0tC`mu1;&PZ!tyG86JbtOv+TXNa#1Lc@{na&Y=Sa@cSAg`o&JekB1C4V2e`}`smz|;fYw)-QJe_`bz zUI=r&(|Lzt6J;*=K}wRMXxElEB`IFgS#3ewu`HDr512pA!=FKjGYgYQ3k##X>-*X2 z4#$`HRG$#Cfh@7r{vwFYk@gXty2PEG4j+FV=@QRJvDJ@a(8A&4q$&AjJ%^9$D~c9urunG#Lcr}#lUuE|ti^!UV#J%xeaMX0yFtU~ zUTt?8+I~7{-}mHuKa1^foTH=r`tWK8#H_|*P&(mR4f&Cez$!MNMJr~*i%V;go%YZP zRmMgeP#GACi;o$E&I)6?^ge?1c_Qw5*rAiQQwPh-Fp|iaS^XK$QNgNC8|P#b6OrAH z)6HvUB4eS57Ol{ekg{02mn~l5WI(omwq{E=@>pfWo~4U^22)(gtqAWd`Ue|I$`f2m z8PH#-jHIRNVrxt9p_{5wLsHtyMXc|>WYx^LSOxO^dm!7FE|{2nt*`Hr^8Gpp^kI~W zoaabVcv!gcVnqR|fh?IeWGzKbixu(WQ!Ot@qtDg8P;M?VC%y_$(Ndu+S9)aSqz8T1 zb~F<69e_dAk;!Y$fi9=%#dc38e)*{^rP}B{S=dn?)i3}qBby1f4*^B*1^W_PZo=qecXw!y55f*YHC$PUS7rc^A7#;JGFSX zf5V**e@CW49c3}oLQ)m9i&3Fv9ZHm!rxTlIHG0xwk>$ul1;v8?U$r`lRkyY$cqPGp zuq&C0-7ksis4o=s2;^IYT01;voT~Xm$@jflnmfMM*n%`v<*_miq!j*3$AfX#0 z(>T5>V-Y}O&=7khrmC$g!EPpPcY@pbipJJn*PiMP{OqNeYN6p=J6=$R)TL} zui^aUy1Jr-BFzJ{E;0DG@ZpHxo!zH68CD9;t(DGm1oLQ5-8Y&E!h1H3hvlrgYk!IR zOhBs=7uhW8VVAJ78eDzQ>fe9I34A=w5^~E)5^26;MrTA^h_z)kOyhuFBFjd+PPX6Q zV$}sWwCyT}qcc+cbY5i*)`^LE5Tnxx+O|b=4B{Wpt{k0tNMo3#knmI8?#_^k>?i)= zw|!1BZcf+mnoZCE=5rjm+hNC9fX~G;hIhadF%QP1E|eQhd<;Bw^%X|&b`R~nurHh{ zGA6w3z^})c9aE6Au&2%xLBiQbGHgAnhKWOtJh>}4uHSOGl@=k8z^i_gE_N-%7HS~V zqq;ml?=e0hD2MhJ)F>l@*iFvY;&9`PkC&Tzkh*?lxF$kG~jrc|OTXRH7 z7$7G{qxEZ4NsjJgJc!N9b3(4?+1X!-H5tpRT&_#yGs(Xj51-)GrqS0{SR~Kit+>s5 zC;w^j>F7FXFE1xD1UZ5*Yn)*|s_t%0+IZ5@m zQ2I{M81q}%y@np67~yv6|CF4ki?$tJr$pQF|D~71e+_2;dShiLiZ&nqw;E~U>?Z&J zrMt}ANhk1Mg&oh^b~G(Zw3+G?{CD-DAa56KgnyGaGW?tH$S;1gQBIEWtnKQYhi#%9 zXb4-VkWx~L?uF%(Wo}8+zK+Gj$+0gq6h> z`>ga9Bo1${)SWsH!POQC!tWG%v^0@!;hp>S9U4jC602=#L>cuHWRb~mXd(bnggt?|wEr_u^bB9D)tU`(A$|13xbL+Nh&Ux58_C4nL=2RJ5% zGTl4BtY`|#_rGWr?%Lw3*9gX_;3W zBkTC<&Y$+?Sci6GUgQkh!zAtFYkV~xIBLgr+(}$jkIz8RgYahJ*noAJE^oNKv8HdV zNhy@JUB|0&CbP;BH(8xk+s}%>(#G)6&4j&Gy`Bl6cv@%w$XFK(F*?t0X^t-A#7gUc z(+kgDPM;PU?1~*w6K&r33kdf4_Utm}U-~)jn5=Jthg-XYH*1V}+g-Y=4L-C^`Yw9W zl@j&-@S>3%z@Ezdu)@nNDV)B`5uKHDw4=oIcv`}d0Cx}?ie5S;?JR`8#1QZGwbTC; zf=@1eAG$-mz?^iLvuS$&h@pEx4_#IzjGnki7uJ*lzcBDa*tI*k~ zZ5U3hQPkEUubaC!?~^}jQIka4*y2Mtm=b4j$Pq2rAYK{keniLrbh$qtS@r%L`xwg~ zu(QE2Z>7*`7wSGlF^u2T;*Z?WzoC#IDGIT0ly>)6F=z0q^id=Md@0Fmty(vY%_G-< zByclFN3FOQOc05ysld4Iej;zG9po)jujh-X3M2-eI;p=tNxX)B7aDj!ao$7<#p$BA zw#Esp^c|=TAqa9R^Fc?jqCIFlhCFH$9`dYXOab-NUbshWfK<&1;KWaIndW_U?r! zbL2%y%K<#elO;tVNP)-XhWtF+^A~!I0H$G|R8AP|AOw2k%}Sv)@snwoovSd}@0og@ z30AYBBY4W?0`BINR~Fs?k#uSTc(a0Kc!T#dx&qUBl7Iqw&r$ip!;h1P2c6k8U()x% zdAuD@Qmc_t#y-lU*)ZSO-+PWnLx4MDVGsue-C+D>8a{$ zWL;!mDDMvXf#~)1o?H(fOp8!YRis-gMSYqg)i^!v#wW>$H0pm7D~Oq7v>%Sd{0lAI zN5uWIM$yX8!`KH;JQhqK$W~eWGn-;4ytSS2`jt%6!vSAc5J3yU2s99r#78!8ArID) zt{skCQK!dOp>gah>x{wEVpqHm6(GiOlh}!~OE3!Rk5O;FWJY@*^y%tRz=}EH!+@$b z7YWPT@0NRb>CQ@7$6m(4%;fQv?~6_#_tbiOH`|=G;0KNi3((I}kKUdd({`0{k8nIy zhU4o>A5LlUI@Ry(PT%T_`+a(peDv8Dwj7nuP$R4@uT}L_A^LccD#lRAhhJewm7M>9V;okCjnc zkiIXT0lKO+!tN@W7v%K`3<%Ep(QDVPIK=vF!PZ+$Oiq~t0hMV6E4;y?F&H)Ts5;0i zedqUe#i`nuV58Ez~OzD=WMjHo9PT&D<<4`d}%Ac-fxz(Cr#0!34_KK zKRAvq=!l;P1NmjxZu}Z$OQqDX%{xd;5$IbUXdua9=fl}aTlE9jKiOvBH2+GF^KDc zU6rGvQ5kto21!+>e1KX1Tj=e?LQ%4-b$x3D*2Y%$`-Ifo)w%HiLKuS337`OS46$3u zTo6V9VLf6`3ru_QXMh^Y4rM}VJy+ShMjpLSv*XT$!>Md6t9A4K@VqtMRxJoekN2Qi z1F{F6HB{hyy4d?iS;qh@4ZT%Gxe>+vO3ht9a{LB%Lknsd0;4~sI?Y{_r$gUSbSYQ9!CUA_?pr;t$2M9(p3eg%^hdbqDk8{k(I@f} z5MN5~=wLOLQcP=P@;+=#t)ti7%s z41N^tIGRUprk$is$Nw|~nh=as0wEXNLDr~SSd{G~f~(!r#=LLUS_G7D-nzgyANx1u z0N~68t|7@JHWId^wT}k`Y11LrIz}2SlfPdNy45>BzhnaP6Zgy{Y8S6!ifc2S<$GdS z2y{z2s+WxJJ@9r8YKz?Q7wO|l&$iJeG8-6{f*j`O%U1uNoihhN#DXBNQXPqR$7{D^ zGgbCZ=fv>tVrf`>)WNizz;kk1X>{g^tXurqE*B&ujUvilt5F4;Q=Arw*)GS~><3C~ zCrp-{d1twv%^pFm#>;j0IF@~B;~80LrM0n`Gxo#Qo0UW)>d;OyRV~nOQ8i9UwN?N& z6)r6x&^|^48B+yll;G)Be)n+LpvY)=4${-XLhI2Gu>7IPCg-(?T>*jDEFPt59c8j_gS)!?tmkB@P-9 zt4iYg+ZF`~x25w`xO*nN9AQVg;#sq}fd9ZnF;gwJTMbuvmg>Ii+6*v|`m4tbqAf*YN;8ZTO7k@F_^+`N zfkWo;G~3Ql$01<1^pZU{5kDxSN6y<;1V~JdFk1caWERK)SQ^LxXxq(v#THLrEc;i^ z3Xa~a&QXvW14Uq$@uEnxjCNzH3+7OrD(){+JS1at^kI!5`EfBFT#;4>JZ^ZNZHFCk zFsO#+GBjn4>~F|)?CA*b`J$$q&;v+heJclt7h~4T;AB*8WYKD4R!M;0MY9wF{GLY_QOO8OA7Q+6#W=i9o2XlAT8GXH+99o1 zIkGT&lKy2TV$n5da+`Egts`U9E`5;q!qfPJ%g7%~ytEZE*v3uD!Q= z+4G8)SX!u7eAcT&nbJ@bu^I>sT3Uzp+5yQaqGIN~(;4u5`>v-)IE~PpYNn&=*G@cd zTolx}6O~0;ARvh;Qj5t=+U~-6ogahkh=9k?ksH6soMzb_*L_Sm)VXdI@iqIFolPj5 zf#$ndXsoN419xSsxnB$#|IMpU?Y%w7SNk@6`J#;Nc5gofU`-p}`Qh(Tton>`tKoWOcf zWfTpizx)5PnjpI#-kjO}X^`XENU8ISYnTmtGLU+oW>GmpaIH_oEG;xqT{D}^@^kpf zX#gzCbQ=I@_X|j6nQp)m%obtg)HIzrle9LTojuL>N?Yt+CTLZ=>V^0NGZ^oXkuBwE zLHVb~0`wwZeF*+Co(6j3@x<9fORi5JeYr5>r9sjy=ZX2^<@Z)QFMR7^!1KGPjdrfZ z`RVXWP>~SP8jD$&;4dJ_EulPd6<=Ub6xB6hg)ZDWJbASSy0p zN%N`i&r7VIhu4^$5i^NXB9Ihs%%~2>ZbK9Q=fNF2q1@v227F$_^~`k0ChBPXWrk&a z`9X*96bSkFaIe5TNZV`dZK{(k^7Ql_H!qktHpJvDceA6_Gz7Ly1-A6z!n_7KPWs`!#KUlRF`tMF%;3pGprPQ&w>y7pt`$7%oLb9WEu7?z6wwytTtrXamJ zlTP+cV~B=9lx`X#-pkoFTI=#KqvzO47s{$uUL!gK?zrkEEoUkr(&Pwh=;?(R6M0?8 z!p|EF37#PfAEs1COUDYEYfV&*z6xef!_|((AKS^~zFBQn-H69VmNGrW=eN-g3Zj0Z3no zT+lpP(7H}BqNt0Yj&!8^Z}VrxbAXtUreB%Ss(H4X2neD7Ok~a6Dy6fSGmeo-YnD1C zF9fGC_K89$R&{w5YHCcr8s3usD^P*UrKz9jUb zfU&S=GHi?draId(A%~JBbp2jY#PQfQbL}mR>9dW$o!VOs$#Ws?rjNePT6wR)nH`4q z9lpBVz5!n_Cxf%`xcS>YK2zB0IX7<2>h|v~5n`;duvoaeP70Zs`BZlCPUxWiK$5`x z2CZEXSSIe$bqPjcQaw#`o-n#eHi7c5ny=#x#t1}%PcufmYwhEEqd;-Gmmp;CcueJw zVyn){+N_JzW$DzTa|d=t3mK|?|va99YA*WuQdt&R#{<+`&2!}`=b?IZNDG5N|6 zpCp(^X$8c*bAP_|>R})vj=u<|%lD*tA2 zvW*+PKDB%AGevEe<^6ehO1cRdOMBnHdso_CpZwX8S#;a8tVs+r-dou9!8!nGNEmH< z5ki!m?Y4C{h&Cmh9TwX<`H4qLe)Z2%*hg2I`81K1+*^r~TZX7HM*2cmP+KPf0`var*n zuwCfZgVfSeZOi1YnD0c15Gw626K-jv#t^;cJV^@8`^^reNAxw>*$8gyAI8EKFo?~S|(NiDx??(vG*vcHKCzLU^FHIl|lI??h&GrZx(sLqj95o2qfEF z>fM`v90h?@yL;CI0$F_6)M{tSEpCSA`@)$=bhE{KD?PSlF&&RW2HxgDR4nn85Cm3B zAvi>OM=Ym#N@!BYm9(KWe?OD=Ty|j44?-=qJBbgy)tpOCZeM+cyGMcv+mZAh^<6w( zV_IepRIK1&GuKsuvt{CGR%?weI&^k{qLiA8&LdI`*Fb!%2HSYQBqX^l5;!%1&hRvg|#dN^>dId!{8cCyn2juA& zC1ixEny*}ChVv@ZWsbsq(@LGn0`mzaZdx^CZD&2bzXvjR8nO?tCH+oCo6g-9v5b zjJx|N#CTy*VP0b^knP6(pjh*&{Td^*)d$CuQN&TQlf%#mVb@E2@UH$}qwzNdQiq;7 zL;NhB0Akzf$s(g)#nqma@|_H2?84;8p7b#FXqrd07$=M8Z?KcF4A!dZaC4sLHG5xO zQ5e?3kKlb39UDM5&z16V#nad%|M*a*DYD?}mwgljdXo<<*mA)U?WB$RT3-fOeNb<9rCFEq&F80?S$||YcZo#Q9 z@LTCDp>=JH=6HX=BM!FQ)2U*Are5}9)CfP4&wjG-67_wdd)b24!zd~7J3zx4#oWTt zn&<`RGmMo;5WQEM)X&B}4VCficyV*~kpg9$v}RbTB91wu5n5^Z$;(WCx{Oh&E2nHY zg9I-*bQfK}#mP%%ygD^Z*CIf z1SoplKaOMq{RR`F5FmPYwwEQw`#Kys$KaPdF{8EBG-f{NbiD_j{HGt*W`->x;Z~nl zWe3|8xle@zmf%h^T}Y+O+<3{?=eJ(yc|rwVIUrG8uBtP_Ycog?L{CpZ zo=g6c<^G=NT*SAfReY7~X9JZ0@$>y;`rMFXjquq-*gK2^5YS#H=xev_#s%&6k`2)C zv30F;GD&o*-V<)H-QKpjiGLzw*cKDp^2HYEyKkXD!R^`R}O9-tUSD(yu7>tKVPS%Y%{j?eM$(Oa6N2)zRzM_=VK0nvsomE`|h`* z!~f_5SvZf4m4w$z+$Zd#5Bb1ez zKvzVmOsbQ3Z4D_Srvc^03xmncQMb1+lGMF1>SD5vsT6)mf#xD@$Rl3ViHz?Av9(+f zR&KW1?iXpUIGbSPQ_UPz4z!!B)8;oZxp18j}Q$qKH0=54+A z7wnNY!j#BhUbdNM(h)z1`wK47u-;W&S@KT04s&*be~7gHn=aZ1KDKR(DY(~?P4E7f zE-J)KwbdwE=TH>MxxCD5iiWEZHBQp2m8l~dn(ah`K_qlF*6s9j)cqFQeXsZ$106-s z!Pl8S5%}u+c@FdY@Nl>P0pykbe2)P54xqi@M$oGHx_JMJO|`cAoZMeX zqaz&(NC9*~!VTEq)M-yFQyo@I-`>k6%%0`G zaui8l^3r&!LY^bPMfKNew$9BSyzkg=N7(FVIS`#^hPog9@$MM-N)aObqe(ggn#zs` zaUKG9iBhj#n0K!8VS>Q*J0%@L?YjY+g^L|7N+pUbm_hmf4t3_9c{Qq&3l^(A;TUcO(Tl75*jpRVZ;3; zJ)DgM)B3phhtvnvo|EWs{qM5`w)gogcUTPs4i@tGj`OOjZanw+R-a-l!9p9C9}hA zHeVrjJZGf*J%a6x&zSx~82l@R?feb;N6kxp5?SpqdcIs^<^Iq`@^EX@_jiQ@yqGW~7e< zVTvb>FO_~=*&-;nkNF%MCD?5+Im%UuE)1>3m(ve6!<4+DL_-<~Y~pUVWwJy}3IsmK_Ye1Zh*XYAGf zG@-yjia)RQ9Z&+lEdMcehV-t?)ZGT3ITBikWfVHa89D>SpiRuR0$=_e|kEVII9|~K!UY2{UWj%5n9^kGM)uN0y^*$en-}pmhQG
  1. 9dlQ#1>qiiQV zV=>dnLcI=DVjs&w_z@f1URJlN z4hA1R$1Ql}EZfh<%5^l*;RHR^>-NK{Xs6Z$ zv0Zz<{LbPOvX_3o+nuB)P4}!iiw25Zv?8@~pYURkGAG&03uSe)Pkho?ObL)a188u~ z5-kT+%X_ByCMIuPbA2m7s;l@5nX!ppc(Uyd+J^_BLXap}Va4>Gtstam3Hbgus$K)` zORmE)uXYESwe*QAmgQQ6C1QeD7s5@GU4j`A z+Kr}r0;8FI!+x}DRBT)p`*aM#Y{lrT7!j{ChcQ?nZ=j@qj+2uC>@tZ4A7&gdQk@K6 za4af_);VHIAAc7MCbrN-q&QiGt@4^_0h$5}@knlcA~nnO+gZ&gp379%L`JGKw)Flk zl%SU&@O7N2R}3ev{)VTf^X`)fH0+?G-X6Pkx+0$O#26jGIG|m@BMU_FF@~Y*D`$!s zyWOnZN$tAjA8oR+Baez^gQgO|bbw@yLywac*b zK+HOCnfNa8g>Z-iN6xbK!r3{60`aW5Cj1k$CWs2cv!;OS*Zv7!x^F7GWN<3*Qsi-> zX`3v`hy@46FMe;Rf!D;A5)x3^!SG7ap7C@YXkc7sS<&n)kA8w0*c7b(1|ZG4f6)6e za4klCQND7boHUED-c7J89!A(lw7Uk*l23ERnAJ(waxmx+u7Ba1!=$izO0kSPla2ma zMU$x~maXYoMdRc*qk;8Vh2uEPys6_^#lw&dvPI8D?Q;MfipGs`+F4brZ3B^U3@TrW zoo(wGv*J_peH9MF6t|t>AY%>=Ix_c8c7SQu-}&8v=78h8o&EsR>I~4y@$hNjB*@h3 zm3s~*KZ7?Q((v;`PGzXn1ZA!r+CbAT%`YEWGL3I=IC2ewDV;#m=y|Zo{By8L#p+Z{!B(a?LbsSiQCGjo+`C? z%KjMuJ%b}pp3OX$796?`CN4*Q{>ak2k;QGqEQfoMh-dlbk9sj3+1@;@MpxV(l}OJ2 zm|=FerLk|Mafqbn=e}N(!XP6~6J`d{WZ_iU77C?mXotQcymGsK77LA;D&|=JZt?&E zTqlH&XnkD&_?%D7gws7|E!z7uK~lWGt;=jX>0 zf0+>d%-HUVR=%NBhL}|X9KVW~@Ng5w{AD1UmYcGhGXkq5>~&Fw$^mJ1xQbN&f~9tyP)B=FBGbdvZ{qQ~hut7bFw^!*)&uK@spM0JYF zji{cfiEtDDrVw+Kf5y%fIaoz-!Q7L8{_I43;oyXx?o{~YGKcsd+6=MiPeZR6+-Ers zXv;;K_YWl40YfiT(e%si3~n@iYcq24+HU&dUkdahHR{C36Vs+2d8EOM>;(+MT>`rF zLdh(XMkB74C^Bia?A*S;`{!bZr~Gb<5cl9-4wAW1mAb6O7j#3Y?8@l6^qwG|P0W%3 zO8-!`)b&o_m(G8vntdk(b{;V3(%*xvLwAos{Jv~UfS+LaID6r5Ld2TW0U()BC?*J- z#1gZM?5{03|408qF^SYTSf5~O^P9n6(qh!9;aPz{R~M;jKDm~q;)WWkNb&I68`^XQ*{_h+2=<>M~vb-=+?% z>TO`UH#i8T{0g4mKW7$#!Em-Zs#zSKKM!kF*_oBm2x~Qg=+--bz?~xG5R26(@;5*5 zH(U6<*n!)2e|69?BhV};IglP>CEI8+IMtfOgWHLy@qwag`UBBCCu|u6=z~dj?|Re- z-U@iPIlj79r;>|O4spN*d=#5o3NgaQX-tq6>%wB{d1OY`K*%qC6Yd`SeS zt9nING?qA=JcqcE_;JD~%4iR((r_xk=1X4VA~qJ8!vNFp!E zMk)b2-C(s=LgaLafRXu#3nQ!~Osc6Id*F8C#6DWyi-?7zsn?~QF^`JES1}b4Verh< zi;c_dLi^%De?lK~`Q~c~Y7|fe`gD#d@1Om0(c?A=w1)pv`MibUe1+jHsjk7T_OxbQ zq;fAv2q02z#D(Yc$#X>pUb-p1zMxMQUU=@S1!J`^+M8p9m->!X`?Gg#;Lj9aUO#Ga#uFvi#zff)Ia)0NHn z-06zD+X4_`B~=PL4`G(F=7b%nXq19qI4L(1>1Ok3i;S!7EDBxaO!hm`x_0{WCg@-q z7eNhjN+2E9|9#h)OutWWfd|3qB;Ks%DmD449FRIg8JgcC79e= z77~3Yfvf%SJ*}BTLut2QkWpSY$V!UEbeXG=Gv61*MmryT4tl^c{GKdAI+}NZ3vUME z?&_XFWAGVC3&Cvkz*s_O8FLMpb3asm6~SM;98cx99sLd_s%5jr4e;9Ufw!9Itz>G7vZDATz?wut>AvqNIW zr{N$u_0xaksqUcdIv>R=L%JVQsaysUU|0SFkC5VMxhmC80;OD0Ia(YG4#E9} zxP9kyzvVL-Dds?4qBo++edBR8S2AIbd()t4EJi|vHaQ;g^!tjqJX^SW5+VjJA^!(^ z_Y@>+(6tS^ZQHhO+qP}n-fi2qZ5z97yLa2>^!NP}GchwUJe!F3pyGL|qN>g^D_7RF z?tH2`9Vu?}4TDbJPX4A|(*W}=9HAbyJ2|ZBEa@6}rcemeTyT>?^Zxc_>1$OmK(pzH|luKR-_AZY=+q}E)>)T-+((aVV@c6Q?q zaS%NipnI?Boaw-oI@L~r4dxqiisY6y{q@&TQc8<5cL}qmk+ni&)b5Zo?+FqN$?p5Y zIn@m(xR0#}NIS6+3GB~6$8a&*yrM=?jkY(167*&fJ+~HBg@D!%7Ghs>`iPE6M*matHXA;o*G_gb@k`NO- zOd?2c-d zkErX3>GWhj>z2MK#I2QVzKpo+<>`q?YzR!BaZ+d{ccgR_yd!(PJ8WqH-cNa|8`PG=<%H~qO4A(1J_r;GDSZ)+6w zSVap<3%DcPeTJB=BU`ry@Qpkj39{=$E8T<0yaV#%`&_dc57(Qycb^7C0OCSV7ely$ z6~JOqkWxVj^{5a=uD9cLS%ij2v59gX$|W(^j?aS+3E|+;C0UY76e*YE^) z1y7+<&)ab5i+g=T=%O&2d?Art0ijZdt-4-+D@k;pNJZ-+1EKE*Rhm{$p*l`s-|NnE zvmhAY&YW*^HZo^xhQlH$*XbmO?MP|!kj|1VPq3WrIv&)FskxHpO}8XAHtKV7Qc_WM z_~!xpZlje7;#56oYr)Ev$i=v7tGG(b305^0&3%METDTBPB?yG^xn>qu=WjldG4uIk zXT5*}It@vPsBUh~klg3@o2NLI0?nucY*6F>28ji94E)bXOb}e+1eYV}?EG?vtxPUy z*MY7qWSeMFakm<#q9Sy-Zxx8=x%|G9RM-bbyi7p{`pjASa<74*B9+B5fbYr47J{;T z%EHNOvD|a={oNAItO#wvlySZspDR8Bt(d323Q_Q(!ogck}>Yp4L=g5<*%h=l#O5fk87UMS|Lany|X4AF5Z zvDg9n*Ba=L#br+%5UsJH4E3RV(*tT9urf*kl=^GL3d;W%Bi4l3K`HzHf{4vIl0{=9 zM_O9Q>0y>-E6^LlnC3i{$^;@p0_TdR6dvs?y^^DF#D9g9pDs4Z{OLYB|VOdaoTn-KL|ou(sD^1^l)KvtsqNzCYYmZa9UhL3%8O zyA8C5cYp1n3Pz%NDV@NmBa@+3RcOw80zl=|b4)cZdLxc*WkL3I$U-2v3qoKQPr<|+ zF9D#;RsJl$w@6bfrgHFB$Ge92B~^c*FVGS*WZ@{tdzL;fab1RtbaLY1>oc*EP+PI~ z8;#2w>jo#J3rdufak>DWhB4k8V%A4PF8Z&6*9*3Sm@?gBnymy$_?!_ym|#EPh6r{` z4sB@AvJslnloW|%fb)Ut;2u|?D)L=G6{zj}Dj8YYGlOJp99uhTdTfDhw{D84ZBn`yXmBxH9zavfG%IdS zc#)HFq&W=Rz}jny(}Ajl+QMc?|10rwFn^Pu`n2)d&cjYC8*t-+Gs_FNokFJl%3kwx zV1WSf9=$|>0A+}`@x4pCnxr=nD1_36u(B^}PdIr}YYK)DS< zNyM}2!N!T{WSBy#RDpW2|jkm-QZ{uPXE)&B5W!1jeV93U@!`_S;skL zBuVC#jw^>&^R{6$6=TjFleMOPBRvkfkTgw36Vqa+9&k$;U__BhQUuM`+|Q)NYa}%FDpR&r~g~x#pHkL z=?xyscIvn^N%{*A!Pbdhv7|&;`R7p3#V)s|C;yiIj2inJJErwbTs03*z18F4Lt8;*#@|3uE$&+(i(bVQF8|=nYW9 zxkI%5&#a10;fa#V2EJ+8a^0}#0==CSr#kUQnh^Qcwc^_bj%rv35E#~YIoi@iHT zUP&;l(@X13M+6;8*O4^(dEiFk=XJC;QRYsz-fJ{>8d4WRyY=qf?3I7M0cLh<+O_)V zb@~Q`35#Go+Vm)xt)lC$a^uF5e~-MS*`0!jl!r{=vVpzKy;JggH53SpQjH$jn z$mot)Kf*!^JHU2IuF@aIt4a?sC&_30*yFNrw;iG+ISz)X%y+LSi({zPoX&y87XiEo zL&kD?izFz{DaMogj%@DP|l3~{}(?wI|S*q^0QtMmp_xeZd5tzlI7 zR)>MDzZF>az~2PCjK3Wg;Q5ldO=EuC&~3qwSf_Tta&UBXQRj&f2VgyiF~udCj!6vZ z&*{>>1Ud&}HtCZ_uw5piQ7W~kUEX=E2 z20A@uhz-1QUQvlk;Loan^5Yo2lL8!PE&gRX$AqRCFwtu$F@mOZAopmJt(ZIaUp28u z?ue=fp~vm~&~X$q4gn)eP(8!nMT`YEVg0<1VDf)X;=D-PBB~4 z@EnOe4$5}OC1zZ;Z^%9*lO9KLK!KfoJik_mBrs?~Bw7VpdvGw8h4iaWzc?~H>sFVp zCwQV3Rl+r2L_v%EeQZd?MI?CuIFu^uDuzXJhNCz~jGuF!gLOoOFJGz^0iu7hk< zEV+|L`l;L2*!AEO6r4|Y2h|SbGvtln(u>E>Ke9bTQ6yD_>Oks&VMp;jOP8V!AV{Ut zhH*F&TnC%2ZmJ{>p<<+(w5V0zxQ;m4Wt<#v7w}-28UjKVvLI9|wTsFTqdN_}7}x$u ze%fvT6fvZWHF(+p*vQ4gZ5YG5Sl0p5hb*jEOm$)}1n5H{BO|NWe4qeIg=Y#=Ra&46@hV9)QJpczDJg{Mz^(!`rv z38ggjNLBbyV`Nb$Sq3F>inau|)4CGFxq)vm4J12U)03b>wNlMq#G21qGPL`2_v9KshLdzFCxMSwiI zKmMbxukl4EG!iV24A?A#Ri6dXIxk;IkGogiiHsMf0pGPsAKV|*Ay~93yp}cBnG@M1 zR2ezH1r*>yZU7S{9Yh|{NLvzO*FWSKao@gf-dI46WdUp&CMLiPzy^d;SdCazgkqYb zm&r#}aOr##2J#g+f)F`vo%<@dOq}mDKj$vqx23`$nhOk3F2}FCI;$ObjwQpi? z9P4S!3Vt>V@FfDOSXbZLBY)~vJ!7c|(f#CC52>0n8!5RgxlJ8tD=IC?SJ`;&EH_kG zktu%|;+Iw8Ql?-}$c$U6mA-FtrBK}SZING+-`6`pS&#u9PK>!#ZWuOrN#Z5(1?R32 zoje0ILM=w}vrZoF>>K|d=k*`w^&jW;ALsQS=k*`w^&jW;ALsQS=k*`w^&jW;ALsQS z=k@<5=Ow6suaSRO=Cu#Pr`;5@`0>H-)?GSKDhBFe=Yt&EEUTbk<|@kkFxww59f_4_ zeb%b^4h#gak;m^v(vWT%Ee;+Yp5OZ= z=I6`pZT;KsY%CnVr`O~BeA8@fuCLeY*^iuiO%2ei(0URn1i6@rJgDRi`4J*&_cF_lby4)%lg@42t7Z(V4uSR$+LSP@+GcIVM*1HiI@$OZHeX?lXQqctUC+zyuD z@ni8~?=mK?dhOTWvXKYbR&JI%fA4JR;IaqYh%RAc%M=rsV{B<;iWZd17=JmOD>VKt z(GOV?>QqI~n8-xrukGjO>9P3SB2Vn1Y^7^WRB#d(1doWAwBO0j>i`Kt3&X^1gkeCX zjX7W{SBFe8n=8T7dDZ!+T&<$N%G2;OnV}Vda{tHI+0)a{!KQH}tovq_2iOJj@X8#C zxKrockMqd_$wh`xsX=LG;zvBm9p(|@)lK0FH-EK@C!=->K&H`v1F_~2!|x!KWvX}} z+lgQpEzblQ0AauS=iCqeTqlwS*?rF3_?szUVb7DYGFhg%o7++%NyQfGO)#gFxKnA@ z6yR0@#Kf!3O+nk-3X}d(T4$;AJAW`00MCM2K{wcAW741nCA#DmE_ON{M)ymw$2EbG z64G1WjAx%p`vZ^F+z+^*zs>I|)Z=Oyc@-ekQ?}MNQbPpK!V*p<6~5^SNf9MoAK#Zk zG^Por1CdE7ZSNq2kMwq8{&W1*VdtJf@%3!#Vb$3MbbU^jBTlhP^YI819bt2*TkHH6Dgv!0O6|rOAm)hSlsb2^L4yBRJaqwN z%QpPD-$ayY61>}G`S?TUo|P|v0N4LWs7~H)ycD?4!mLR|Ri{yO9f4y>f(53WBWC^O zj3iIttp>tH%@qz8`gm22MWs}SmHTP~TKK=7@dP+)M7b_mQs@}Bx^qQ*maKS{sh0w+ zKM~cEvYk;Z-Gr@C??`8YK=UC~@(hLq*}(VP|9R)9D+YT4{p;%s6~cW52{p0tNb;oC z&BqyKEcaCA@^mfp?>eqIZ8&VA@Al>OnVpmwS(E<#>C=)I_dVLlZ3h6`XnEd-waad@& zDUwO*85-5qCTheWKx;fpY*hB(F0w2%0g+d+D#u43RhWi>9qU9I zP%oGA=vq75g61p%-?)@nb;xY2RnWz7Fw?zg`{|_<yGZ#L zd@ea0$)9)FRI_fFamTQk+yzjG^_~}uK)&JKv<4Klt#s#GvQ!>>A*!xw$!L;V|8p9g ztf5xDP`ieyL9I*Ke1SvwATDC#+PaNt3+-J(1JPDb}wXLO__kDGjJ|<|E zWi+1qdqp!vmg;|)W=|Kl`OajgsDisu-Z304E3Uj5oOWlbd#YG!KGAzr9MrT#g;d9i zL^Hz7yrAmdNO+V$e4KY(d*?aTxufCJYHO%jh!i&9+6D-dE0|qnyv*n1_F5}pYdlJ+ zfPQF+s9qgTS>V3Ti;Uj&zHb;Sz~`92z4>UrLvlCQvM&jRCCov|nbn5kDs-_HvQ*TeAi1nJka)!|4VsU{bgbO+-VTV~Sh z`Ag&+H3Sa&JA2Zj>*gNsAwqT{#G$_lT<1C;)W?I^caVQ0!%=PB!1M(*k?y7_CZUI9 z8dZ2z1Y}S+hOfY%W1uv|tKi1924bU>g_3*(Z!}QlErW0y=41pA`x>HbqIMvPENL92N5tz-c@lIB2y5ymqn7=*d!~6Im7G4HI@{4JlY3 z`1MiJX?krR4JOk)NIwBcl_298uz<7PWXOl3iL%M0r>tXPSa=V&ZNc zLaC-A(ZV}SEQ_-fPyVgEtEM2|lOYp!yiw(-QKLSbX!Pd*bifU#0WR*s-FQw}u0jD^ zOnBu|o5k|2+ra3-gCeH*A!9;2byKOw&x`VGrU-ii_apBGmZmHhCGPj=X`&$;|51C= z`IZGsPG%HH+`J|`c%q?e>C%1BGbmb&zDbqZdNJt}KL{PCXQWlj^~p%Sidu;V>vyDt z;4kjNQiyaLg>`K-Qs3DZwy&X<7!LUfz?Rrbx=EirHU=L)d;GR=gLgvY;1Ey-^?~^O zAf?W-)E!Y9VO}IN<0HZN45)(WwHK|?x*i3I{FWcrerw}LWvSVqVc`Hw^ne1#th3AA zZX!A^>uDgVl7Wnl2Hl1KQ8QI-qeH0AO&7%xl2TgQ5<_}RejUadMCrAZ-X3(`Fv7-+ z*hN&!na-rv=2?Jgk70^Gux~;*w&G#KI3ZkM%K?%yL?d6J@guj29;NfeW13wuv5^WVDWa#Rr!Uzg&~v@oco`(F)?J1P5fVyc6WWp-tJ^%982|RhC*r6% za@PD#FipKCW%TcM`k0|>b-}*c93S_pgoHX=6$OkRZbVe5LhIsgWT7(L6pv=U1F}PE z;3Qz5xNlg(M02$^nXR|>n5yEyaRz=d&c>GPmux-GUxjZut>6DtsntCe-STe*wO6}d z3`Y|^$B{+g!vqx6KJH0m>Awjf`%zyu+hDa=#(FZYY@Wu$(r?kRY$Q#} zEkL9GDK5!tJNW(#tpmOcIIed$z1xYW>*jj^Tsm*1k4lwuT%KFcYCVi?egva}Jr7;? z-=bTI)%-BHs18eyHq-K9bLhqt$EMVjgVt&=u^qk%P#Q^U6na2< z8UvH5+z+OC>x{w%0P$X46irQ;(+eVteQf7$5+*hbFOW-mSuLSyvzUwI=S`sYAM zcZwz_%Hx3LmN%-PMFmQg>_Ii3LIcW-VDB@jk=_a!Ig6KS))RMsR}P7eEsN+Y;6l>o zJ4~kjLYPvas1qI{EaW|OwQ6CBWK|zk?7M_Iq$S=L8K-DzJH9#R6J5~(ZS4H-#H?%} zB3I6MrevMct@KvuApaZLK9(vTagK#v#F;K6a1MBIQ=B6``j;E(ujui)W<67GHMgK3IBZ;A#Qe2}|aBifOUg zfzi{!h*MP^!!~4IVry&7&sS5q&%YHaGAG469OQ2?Ia;{-6tOC2LO9U1o=le2!oB5G z7+iYTVOUjUy2J8*M_Xq2)V5M*56s$uX{UR-i>(`H+>7;`!0IJk}okHD5V~Q2w0d(C~>+r zQb?Dbqm?U6H%{zRK(WT6O?Nk=1Zj_um#B@obv!wrKdtRFhW5xe6WJ)2M4Y#Cr0vxx zR_j)>poQmJKbL6YnHv!=SQ+A}12+Neq4N6g(?8-O&FKEm8PMxWOH&{V(M|Ksl$ajy zKe8X(aJ_QJlqtfqNftn0@o{t)acOZebB>fhw5?*?jYmNU@^i4n^JHcU3;y(UR!>FAZ$$ zRceVd(KsMikR?~yMhYn;fAwTgs>KlyfQ14AuY|DWQAtz z2EF}xv*26{5VZdEI41gH2N#AbKZuu1R85N;>ba3uEGyN{u;OwFuw%^7(y()Vv3a<1>ZU+!VtmRe(!<(k7G zf9BcrTx1M3NXk`u!h*-iSrN((GOl>oC?VB0lNFm)IW%ZjVxH%=nd>=u&_}T!O}z0l zrMW0fCIcp$eDHJ1)=M&j9B^2m9WUv|7!}n98{U^kWr44Q_qnACS_mT{aZ5bC@9;aLqN3^b?EE2d+ZZdnN9%H7o za7(T7G2ogKJgahISvKR8WzJoVc#atnCo`;~x!7JU(#s&6-$k*kMIz2WbK=6EvA6Ie zb7UVf&+qJ`e+PYeJp2CkB}Bt{gRWTqkmfkwsNWA0$WA^!pX))XV{hw6L*ONZd_MKw z!~WkHEdJvc++18-SVFcMtDZ%4ueEn$t$4z^w<8TL`rVk`#PYdox}2$S?EGXygl~}+ ziWt^|q!7+$6pTFnwIc>A#32f9>Ev1<61W^Vcz}qwMDe0>2 zg;N`M2Z45W?!QFQ>~#@*)9iI2e9`T70a~;kZ?pVse-;|B{=$b1o!su>76AYGLEFK4 zMGc@bSj-D}gdPlzbP_QO+JHt_8^2s&7qy>~Rr&LMx3hFgi!W@b|zJZtLEX%w4EULME?$ply`>K%!X>)rBpp>;SK5 z9q={o?ffQRHm~s&j|kiT=lz3Z&rdCzDo9sQPpi#>d+fKLA`t8c>TW8eibA^bqgz4+c6PvnorVGjWhI^t>-QY?K+ny^!(0e8O*d-lrLqiP3QHC_^`q46QTu2qG-P~ltmocB(YWj*cmS13 zKbj<4eeIL?uG%xX_^PJ7nkhlFn6Ijsw|$@}LyYiI0i@HuP9B>gw#>y?pO`2Af_fNM zU3P7sCbm$TeTmXEtu%|Ylma_0c1QUD*nv7=*+%9NK1lo$!%)+faigH5H1$QS97cMn zmpBW^k|{f26=^<*CbY<1PwT z91MlSl*EK1i1c;+E&T?eo3T>2kL*4;0QUeOz2<}I2XL9$h?<$aPt+{q@oM7WD^jSs z4@JNdmE8?vQ^q4LEtcppT6$qQNH(3DPdKHD<)As2TrL8ZLkr0^A6+l+IWW0lVG@pm zFBT#ae9l_th$Khw+StU3nN5kCy%I>*G@j3(4%^X0W>`R7J5S{)m6FbnUpVvXACu&P z`4Bmbs&%^HB>2FQBR_upq-u^#m2^`PK_B-d)*AE~U-L&^O`S}R{}0IsW$7Djmg^6f z&&b35f(5WcXhr0z?S`-xczGnM9$E}iz@#xm*K z?v9|~%n|AYJNIPcp2rO&-eFvdjO*->&gdTa+E|{@6L{?aoauvvcLj9Aa$jhjgSr7B z?_Ievh|{>-)JZ(x;q~MSdF$d&%9=L_5(O zq=(+AP=q*X!cNf{sQ}QN$?hWvo=D-Fxp&C$IQq)Pf7^xdhEy2-lvo4R1E&ZSko@N6 zTgvFpvrHFug9jbq893!4OA_1&_FBc@HKy?QbQ6{}(I{JL0`=N;EW+NQC!BEyzuB4Hkl>A$XS!}GO zG6izan8VNfz?j250e5+9Rch~wBtVd~>1chFO9p_t8U^m@0TTS%z7N~UQm>ntxts-Z zZAx5wQ0a=g^VMFBW*E8vI&Zomce-6mm?$+92E2&|yI%~a zJLrds3)6NZ3NPWuk3^Q+BMEl-&9a>}dZax_C-w)sE+X%1^XB_&Vt(S^%~;aU+wJ#a zn!Nw_E-flJ__- zc+|_X$Tv>u;Kz#~Iu?x_mZ3Ve?Zl2PDG6a`4+!K8yQh~nl zm&%_*tpN)5Iuv$5F5N4ud4`a`(lV4RCRWd6Z%p4=?#Ag}fN;U@goERb6QA6)v|-_D z%~Yq4#MI4S2&T%W!rA_w&n1n7e)tx`pG;}_%-x_*ulJupTZ%su481<1eV>+P?DP%Z z6tX%hpNTT`EAOX*R1R_gM~QmomCITNIVQ4{-L$ftUqVIJ@Lv?BhK# zMt?ttB7^lJ?2_5T_ltIlMqU0&V`9Cyvs>vL^&NZQ-jsO*1Rc^unPp5+Vl_3Q1n?8C zgt^%TSxqCfzvNZagL|xw8drb>WnaR2vJpN(*nlJgh0bFvqxyR#iqAx$0?%Vrq?lW1 zFy^QE7|hb;PnE%;?!JO-MxHW6ny|R2h$94gXlHAp9a_TCqpR306iP@CKr*QFB&F0W zY1Goh0eawsxF%b*c*o(x@gGT9JueO$mHo!+LX^(BX>=RBeJ4Sm0Imw?yM{jKTZ~Lo zY850*tzs+ZN8y0(VddlZTVmh9>yV|ITBw?d5_$}&snq)i<>D0{ZDmE8OvG17e>bTH zJ1e8N4)p25$5o;=GYC_TXmabi8ALP$45*aAv2{xjsS{ZlK$o1CK;%^kvkz*r2Z>x> zL=N2K2BSd=J*J~CE93Rc5UDtjIKel}{&w| zQwF_@?!D;_rV<9PbBqlZWolQ!L_0lK^~6C_KnTnKjYbScxH&ZL7W+*n%)5mABmX`a zJ3${ZO72@%LRju&RLjyaE5vuzw`Bq&z?-eP>0Q$R=mZGXVg>>d@`lzYcn0vOS~dl! z1t0-RxoTt4qqB}mDZ66;C7v)3LP=?UD(HE4a{nZKKb_@{@Tn`p^@J;V@KJwfUR8Od zr46A%W(0Iyl4zio53~+@a7Go#teWeezh(Tx9E_d4W(6b+mAZ99QZjc|& zp#GgFD1X)6{knhr`g!)Y{`wik|M^Xs$Ym-J83Z!r_`9YKE)cc&%DUOiaI_KCd$Lld zNLmP~4d%)lYnZepzArJxD3p25T-k6b>2+jV#sbi>$K9x9Ki$>H3&2{~{nM7zkF}r< z8pii>NirVFb25Cv3ENY0EHi6N9mna_x%f)qMW&60Kk$mQWDvN8Enj} zOMBx`Q6ptmT6uXOW^X&UMGl|XE_#LHux+E~E(!+%?w?U(As@h*s?n%N^)YWP)8 zEgV+kVt%zoQ*e_g7-!A9gYktqwE13^o~~av2^9f}`Y)TLSSc*<=Y#e>5I^ls{u1Lf zd7um6azTC~iCm)L60@5cy8a=O4;L49LS0}Kn)QxOdh|^8cYE(AXfWYPdHNZj^De<& zpK!Q!1;{wO0jlo#9Srg2cKHfH!UuxHE?JnMK@%=;7#ze#oRh!+9%2m`XyxA`Fwk>A z0PlZ2*C@gPihvIszIOV3H+`7ELGAAi9|%&`G5diMCkT>#>hCvD{rBwSK@ma1j5;zUb3+3b)J0iV#<{>AZjk)pCfZw7b zv&T=UMAlOL!vu9|9=u3esZ5rX*;t^)WLP*4q$%jR;*S_}F6cyE@iq{P6{GPx!1`Z= zU9~XFLZ1n2r#%0B6@+hLRaTa><@gsku@Tuatb9w3K!H#TXlR0Ca3U*XVycc~26&f=xnp;uBQL=U7%km2~CF+SqzSCX~hXSI~FwHieKmlZxBINCI?b zYrI%y0wL6h-*TGvsDjajA$`(4GW!E8!`Mt!WrNwd@t4$I^KW~<$#zV2WP1$nM>H}y zk&7q?ZuxtwjsjIy(v5@}LY@66&Z=opSu7kmy@ab*81OMRd`l2)10(@*aj z*krqBO7e|4WK`L>D+0)>rng!asEX`%T!Ep9bR>%Lt^U)V8Ugp505NvMJ_YpgzTO~I zrsd74!k_`ae}BL3?Brr{wJ<+l5B-Qm#g!Lb(dYnbJ1b{AzNBxHXRB#9+eXVy9q#6B zU7M!VNXw-y>Z_hpQ>zzkVdpTHEEsHF;&Cx3ws%y2$T)tB8FwJ}TqF#rlG9d}mGPw};WDYM|QBI~YzE zI);0yC^g7u)e0ib8hbyX*ZOB(?EwQ7p%Q&q8{~I-J-o=^nnOCUpV!? zNQie0auZIU&zh>{La#~=D?c<&nrS-qtc9s`oj%&yrfm{pr;@SaJoo$ac0?BAhj-f1&a3Gp4Mg5$7LC^*3b~oRbw+Y{n(%bExD5)NeA<9eSOTI#T)@oNYNGxRxDB!ZKz5)$~9_tur0(%`2U8qRzJa;2C!iNkgHou||}E9<8<@;>UGB`{lhl0ydpgng4k*m}ODT zqjiSr%9=!L*?Cr`^T&0%tXx-_;zBGL3A~@7S+Oa$exUYYqg^uBGjG1rcFyJ~7ijz~ zHkBsv!YZ=_^+N@6=1X<`IPJ6mU^Z9iPC4*8@2#T$+WiR5CVzF)v7Ol2`%>)NM@%-A zsLTTxGn&U|NLSA=FyAsMr_EC%4H-Iq21uvIGCAr8BC z&YYR8rhg;>b&G6&ax?76$wuC_dh(ziREr<2>NDiv*>bKp#6Hs2!dKHu-a0ga{y)ZNoN_lzK>cko276X zWJU9-K_F#PzhjMID4BJ-DMxgKDqPi5Mbn`NCGp7pRC(q{h&qbCN=7v(nLJ|+Sj%>@ zd)(3b@v|@&jsw_&1Qu}&Ag#wL7DH3XwKATFGRKtWzN2AF6nV=M`tF12$@#h}%mT|r zj(zEkQ{aNF%&sK2UM-d5@J*oGb~afIS{&Xab!{C6$?j;;1yH}C{na$3Y*)ugSaGcp zcSs#TwF)E=>tiP@LS)%#l?)|6<6se(GzWR}`I>|&pkV9}$v{XNE$j}|2wJvQfHpQ& zYIU)fKkr>BbecP0wLooJRYeSd+b24jcTQ}#%MJ6LCWLkZyJp{mi7;} zQ>I7^eRQp0Pr1ZJd1?aBi6wcA7oS)Rlg#iPcG99tQTwbF0^@17HQ5LT;5Ekb?t|>< zjX@?wXX_faP-2xckj#yzlH4!_ISKohiD4ha%l+Dgp<{Y>2+uZ>j;l%OP0QJ4?!)<7Gfm}V=ZfHG;c&K9^d1s zGpcViD}^jMjw~dilpcI~XWiTna3|x7dFC?B+6qk|BkSP5OKB>;LQ`mc~R zR(C4hgq|puC_F{HP`EJy0g<4fG?vt7x`Q(1bdwkat{L>Kr4Szwp3zT}AQ$$FXCl2_ z?fGX4WVp%-K=wrde+c2wM8}9?BGWErX7jyz?s|v@_N~zieF6v?qZd7u;Jr*NL2e~x z-L)iXtHjxe80XfVm~ZiB>O`LfQg5kf&PVSctoz)BbKPgTD254aGfb;cj0&tcs;1gId&U0&zudH2+RTpL~4yd z7_kGD+FsM3gKkYR;PJabFuig8ba<$6V6wD-OD&}Srqvd~@nn?2bx4kn2Dr&u=k(Ge z5hF;sPtJM4oXPx7k_kK!1Yu$l@8W}+OXkCQCEshUvQk$$pY)!T8?)Qg=^c}0R_ato z)dq`v2>wiD>nygoR6OnmN<&5wNMhP5I9b0KMYa1KFKel*)b4np2Mb~F#{oojQ=N|8 zF+^c2M3_u;7z(1bCptsvK0upnDg$ntQL`}B6|`_5H_1*r5HM9@`(5a><St9sq1+EM-QVY8+5d%4cTuRZu3Jndxxd**;Q zA$jgDuVD8-;xsiZnT5GWfVoBYJeu<3B>^{tZhQCdQ2O^%bU2803R~I8TB+g5vC4CQ zf6D_SWMqZp+P_E|qXBIl2xkH&$mtstU_w?teIdhAuJ_)yOD;1f`JvaCqcq)47oN8 z6{csWHsmBx;%zQk1Xbu%^U;%3#G(VB>Qjb=2DQIuyfUfZBWTwC&88zxu`bjxfj5G> z)?^GbDB(~|z9DiCx1T#a*+?Wzfn9`YgaAPG&9=gX(t4Q@V{^X|8K04eQPNiKmJRTW za&(Uy`is^|W!jr0M&_F;g6uTKx=}O33Ot~=ExlT86_EVgVnc_gIkOdECelfyXidxt zWj8+Kcd!(`#)PN_1l2)17BGprmsAwPMs#$J)UQ17S0*k{jhL8USRC8zB;ejS``?yG zpVU<3yv35l(j<MgV80F-=MYiw_E-4?P#GESk;afwvfiRv?BD**vXoq2Za;Iw)LY zuq_vVV>YJWZvMvQYfVQXFHIbr@B;ZPR$cj1o_n6T>=8u6eOML8F^il8&qX(4WT(M& zl*8=Y8BSP1y@pa08JUdA-vf%L(sCyg| zON)XTe<3J&3SJm+(U0XhF)3|8d!D-n1oKau}s_?X7W;WQV^#8xHxlSqwyiXJy`O9 zMt5F`?>o<`x&}6wFuR>=j_UJgMqt6!t0Lx^-chS1RJlZ{WUikKFOr~_1Jyx@oJ9^= zY8l?M#_E6eb@~>)6!(d8=o+|U;6`o^scOVX@@pdh%2m@m_w(&+333yXkTYxL{3Zi8{?mr?cV9wcdo8%FZx_%aOmc&5?no+M7L0Q zEabOt>WCr-bn$`ix^zZfswoU5TgIrLF1~-0eZ}ZxUyc<27?(3O^dDiVT0<$-71klH zh*;SI}iKwP zscH09tG0e0UY>JJ@YPDHCfGG)A<|zADOFaBC(>5U(%a*d)&%4X0PHF|TDtBG_B$5M zMs-B}36W|@h|{Bv`){jv29YY5T}x2l#{D3S+TjHlNKe2XC(UJAh-{520Hab?twv&!++qP|69ot67w(WFmYx4ZxS?|o6wPwxD)J0XD z(%m_A&i;Krd&gv0Rr4F7)1>ZB#3@bg)}TzeR!at!VXOdlXtBl;!x`YbyA>*ZH5vDA zV$!Or{xQ2jUx?Lv&+(X{{X#@8`zxAv2i5i7QzxH;W$fngoq zR*{9g?)!6shb|WKZn9>Q?3rFXxY3f7Hj|cTPDv!R7U0i)_EMilT*;U!B%qT*5^ZYl zcRZ}p@#h2*`r*t63j`@HXI}s3Ql>S;gBty47$WI!YYt+;)Mu+PU`XV&f^Isx31yAs1`mG-_E`ovaY3I?c)$1rV1W%3F0al==K%FqWh-M7f93Y zri$Hu856L9$#~B6;wzv*xWRQX>kH3{WBJE{5PA8Ts)ZJQ2s$xFnwe%^@3qH_e>adNBdc>Mu^@RmH}`w{TIS(rO6+j!IcHMt{g$j| z$FlB_-zDcgiw6jN?#=6CU4*5Q{K7u~4cAs{2LLL>0MEP|S4GMuACOC!X3rj1H>ceQ zEfJe!T7j!&=QTioj_~}*g6I=7z*kc64D-as{H6ed6CZf3lpokNQ31ZQFK*Z$`$8CJ zuNv32Q1ntTi8d=zAoF4$Mq!r!Zz%rbqw$OMsl+SSrwjrfdXyX{C>XcnMhj&UkwvAJ zHiwRoCU5*3&kr4ON51C`7ytWVPyEF%;7TR_Bg+pb_oK#2Cb8G-?pqu;00fo-pgy?JRvu}ES->D}TI%P(v#d6Kg5 zv;v6P;EOJu_l&dLm!uW4hJY=3tq>y|fuo7yH{j#kBNpDUV4 zQj!E18xVPDRD-l>Y72LuB|W8-S@<;7=$&GpvDlDE+}`KL1>>-|)Q<;heB42MSLEz0gKcT#t|MJ~b%_XMfWI$_91vaACo=qwVMYGUj zv$*g!eBk5*WKf9kJ5#dfc=4I4`C3uvQnjoAw9a$mvT!2Cpm5y!`^rz$vw*OE17fuz z+*0FNQ>*MgQczT!yx5B1p>?96{e;>=HBcDvY$zw~kc|6ED5W5Ew{`j?tg-Ea4o;B}P=hFU zV#S;NgW(@F{H@qQQD(txJQTxlt*Wv5U2Th&Ixe~l_fI`r0*RuU z{)l2iJG&9pXc1ysCw-Ishxsp&H!chX3vndHN!iEmZP5-aF(Pck&Y4vt)<4%xY``k^ zSJ2$RT@rcvm}5?Jh$-l>)lem^>(63(MbQOZm{}v8>utHq#nqZnaYHu371p>|r2+Ga zIFh8yg?)k(D_Ek{>FxdeRbtf*h}+`;yz7Nq_Yb}hz<`NLRdz09d{hE2QzYzmoC>sz z3P2P!C)`4y)mtt{TMV^;rCBOx(LwrJ>E)X`eP2x@l=4rJ7~T;73;Ty(Zf;_0W@6Mc zP3M7{j?K$&<_YEzRdN?jx#-OAY*WN?8@O35O^&UEYsfTrM)HeKeUWX%nkZ`oxnk$( z?>?2q_rL7cy0hV;*N`1L;>CF+o8*$RAbMK82x_7PLwUhHv&!BYU3N42ll(oy(kbjmx ze_p`zhvim59T|EDc6RKG$))bpnxfxEyjn)55jQIeJRJnlk*cOVE>Y}FC33Eb3YG*D zGY_5hbQ>tMRIX5S31dN7JYy^UDeGwfkW-W7KHn3ryO1@>GGjqJt1XouI2v#mzjh@K zv!=HcGM++r;77W25m#(VjZi1eo{%B(rKBt?7Eegfbd)&f{X6Jxy%rX?N;U%ZC@E07BSczn3LeVJA~>l-G@rJsRzxwXOEw3mO$UvE6W8(d z&%N2B@}-`rMre`;H~Mi&h|HyPdf^`|FgLJtYaWJVN!_QU(a7)7Lw<$|t|~4(OQ+M?Rnc>zLGvaN*PTGRkAS3E(HN%HIu}8;YYG{=SgG{8!Fp z^L1-lUj5wRCstjM&~>woM#I)$^{gX(z(AF~X{+$g_yy-)WV`s04wo;l(~IJ>9%?Q; z2Hc4jK?VW45nb$_}~>Et*yN_x>a`m(wgV+X|9qB)5HJv5k@ARfveanTLzAs61Enon8oVWK9J{y0p*|kzjcNAH_;6?b7=LNq!)S^@v|2h=8N4+z zSm5#vFe^KNEZzvYamT5?N}D&y9zU7ZwJZOF$-Kzf@EcI(8rJO)> zM7MCfhX}O1OGz~+GHtNFW(%9l6BM~|(_Zz97dni5$NT&3?hGC~8)5YEXsVTT4;#bp zSPbX8k);mC07J}C$3CLv>qA|!^1K)j(YWv{E46fi_K5xZ4$x^fHH?comJ*xR5mRdWq&flP2}^9sv11;a=cJJsFVWsZuO2Q}>v2c)T4d34d4|6K zQYIw6mfwk^B>Z~b;eX#sDmvI3J1P41_MIa*pZCZ=ylcOxUl;4`w7GD%{3r@_g3TLe`;0u9`qv737e&R zjHPi@?yRnwGX4r$rbj$GebZUmHa;U)L~b^`jtzKDO(ik4CAygc^=3%PA?RRW=CB-_ z8R9$o8J%2dOt)$~rY{gH`>k$<0KJ3vq`Q%`_;i2m>wA&vx)z|TN`zUxVu@~clDd4H z_ZmH(b`zs=nv3+=ugPotTi8O>Bw!wkh`rt2_@YpbU*Y;~CjFg05!!>@WyL&=f!wJ==2)tvWDofnV0Q=lglFq(f~xPgREmEdn1 z64aY$tjY?5LX4^@8E;rqOqNC~ah_gcoA4_Zg=&Ww^8&di7t=bEE)D9id{(jNNXc1R z)dEDl1VItfCbJR_(liiCKz^@^B$#_9iPf+>S@RIo>Ac{-z&-RZMMbdJPvCxlga%vr z?{}JelBzy%IvthXB5QeL?G>p$F z!FWl;s;|$ho^i)$8&>oKP1$CqSjBtAV%3_2U(nK?Qo+;PygXcjqmssXZ{Gk>omxxdD?% zRU@>zd}QIYIJ_4$@Fr~_%_#e5M_J2WxsZUMxIcpVQ>#!?jx1@ael<@8W0wNb6q>ai<}bL?50U0%wu2Qlp9EA0*!H z_Zh8Fhbz}G>}0A%eDvEY!jr3?9=K8SNp`dR!Y4TLa&5G^M7~N$`=(zEP13FaCEBa- z+H_ZL{SxU0(fnFs8QwH>YTl!}*h=XxtJJeP$Mq8-qQ6twC9J3dY61OBTgu@QFdhJD z7XP}P`HpKPtnboS(p<7k^owqMsBMyHR|%>cVKOUppE1is=blv|N(@)8VNrEm1| zXdP+F_@l4AMy+>x^tcqPeUPWhIaqB!F94-}%j;OP{n8a+gPW5Qm_n-9Hlh(biF9r#c0Jz@RvgN%(_-%o<4N^KxqH z@w7c;;5P*T{fcf(jE+jgA{dG-bJRKtN=x5^lUQ%zR6JEI(tfcF!vR0DK+9D_79Ue& z0Aw~WYmSVH=|iZLAO$1VAX$0~zVSot(XB|%CQzCIQ8fG4_XjZz3G=R|=TGWnb{u=l zR(2RRHP8Jn@ykoYjI8wnr48~*RfU(QBcb~*6oQCDg9X*)W-8KZSaq5m@frV#NUClxiM?~-;Y6tVtl9w$>( zGuSz`Uaorv=M&aHw3>?x>it7aSckTtZ^(Y|w{e}C-bo8uNIR>EfWJrwl{$pFBYmq8 zIWCC%{@q}Li^URN-9hKPs-(qRO?!gNi8ka4+)T$* zEasP+@R@f9PT&e}T~L@g!8cL(ixouFM%X}{p#ej>GG~A2ZWtKe0*reZ$)BINJ_{c; zz&o?G-)$3O{)T(9CFUCC9`Gf(q*Jk?;j5|aUT}0my16fIe2;D{xe^HPU!_>Y*I9Ys zqI#2Ll&Vv<#S%vY%+8f#I&nlDQ~5}hUVOV%F&=pbFnp%vq&s*`$5;^6uBT!Tm9rp- zGa#ZG24X1kQxeM_lG$YJV;5w;I!*Y8LH)NL3$Msja2T!I2O2wls2I}}hH?nX!YYf9 zUKU6j`gd`ccs*dekpms55^R-pd})ihMvA3UtZ^MPauY(*jZHvXP0V>9_XI|la~SC1 zHiHg3$!*RDR3MTElTc;4q?rz*o;lRZ)sBtYqT*@4=uOqPic3_m+LT47HfJI6xv^MC z^3nE~V)p-%=@iVzXhICu&%8Z7dfh~3W+yXsjrH@q6}4psGp~Pve*ry3RPI0VSeT(Y zy6C|8+mhcRv5hRh25X<04zd{Q)@gi51_n|oSQMjpj-WVtdoj1;%kAn?e2@7i4etyT zgr0`I;FHxzrA{V4+Lk0k^Sq?A z5IeRp5;%!uk44Q zHD~))D*u;9&%#}QX`p}jwa{p+=NJp-O8x!QL!ao_Q&pvidkv|9M92}lrlLe^`Ph2CHVtsOotHh52X#z#QlR-%s-rL6)YYl_dG+f}|lO~PWf+V5bd&yOo*VXwIs>AQ% z1E$cH7-e|v8pCih#QhEH5Ik#`95)=(iF7yZS3OlE$!cp8>w$T)N*1a_?3yuOK(gU6 zFc+31D_8sgL3A`ilX4CBQnD3x>3y(GI3|v5_D40cK9{S1D%pwU%TiQh=}eEn&3h%L zw@VBZIpy!y2+#Ll;PL=HJa8iMs-++yNi}JK0bK7>4Z+x9ad!^k6cf=Xm@i6c(xYSm zf9rB>MRq(p%12`DyhXDjt#B;(=Bxkqt-UQ0X&1i-Kelgkkekzqmj}bPBWYsu0{?w` zvA7tXWDH;CYh6gx4;yFGs};>-=~|(gFq}7DN}&_O_0LSMFKcQHRl4=Wu<9@ey$gtu zW9iYNcGyY!#2_oOkFcn}JDm7qt=F_Xn7sPpaLMTT9~U=%$X-J?f62)Z71~T9wgyJF zas>-QU_(YOYtOgDkqC4p&L^kAl*NT=rOwS@W4b5)y9=o;dgDW5x#Y-B@%zDV97kIKyJ5i-%0Dgo_HQC2Qm1L^bCBXl2kaizQF|iQhB_Q&dF@(x{ zA+-aaNm~o?{(^9`{WE?VSMr&966CRi0i#U7A>CgrM!Jdw#+Fsy|lWDkh(36kw(Bsm-*HZSj((bqeEbzZpQpX9CiSJs??)kX>Z+qDNhGn0TQRYYN zi2nt=Gl+X05gJl$3=N1HhbxTfUPND-DHH^*9L@i~h&Mzd7ns?a zO`5d_q$@ejWy~9s=&mVZOs!@OU@cK{=66(z-~9ZH7O1yh6n-7v)4s_JR|)*7ArW@v znaf6+sB~$Y<-ZHr4F_>ePtX(ymw^j@TTH8wDxW%+WnmdH7CJs$j_v58m}J^g@M`r2 zHvf5QtENRJ$0W(;*2`E#3WdbkE^A4U`5VDh@2w$tpulcRcoRq%6UJ_HaN+pUWjB~Y z8kP!q9D5h7ZpG^g09*e{S?}dd%i|ig01zXnY8uT$JxhTUX+KV5`66gl4AEHvx$=hV zaCIU+xV9b5(SZUgJzHj>Dmb5~?R&Uv&6O~67TN6FLRk|RW*5~1E^d_mMcCEa))goF-znf&J2S`742FRm z;f(+G7>b9_n-VB<*u)*(dYaYnZzijSqc$lch0^8ISo^^rw=>zxL)`jjEU8lbSkPzU>(th=T%~$2{w6O=}N8mb=j0la_a(rYxgHdg4%63PlEYH7T;( ziK*jPy0_YzQCV6`OEWLo895x~lw!Dut90#ygk`bL0`+BxqQ$eb6!#y+b=DZg-Qo4z z5||R%GYU$VS#pp2#H&~ei!3zB&LZ)3PS*J=^8{Dfh$bhlKU+$~yonGN>}V35CH$Ub zk8^Ssajr5ROg@Cg^EN3Omclk_rys2)odQH-2 zg*poum&rYp@ipdY%A&o4|9M)z$XxTVMUhtX^$R{i){ zwq2Ep>LQ+8zYPRdi0i`=wE^Z~nemvlP|_jCPoIoW{%LVC{;XY=vHKG;e$4OBL+Eer zoyX;?UHLt(nBHI(gm0Md*F$JdKE5w&!HI(p>$|<6c_c!UB!cLJsSMGc;GSQcT@Uc9$x)30dOJ(S>f=VYv0{uM*U zb7Y}k+>@wuAb$dJ5aNW?Y6Vi7>2%afmRktxo!Qms-_g=kUWujG>|Vb}qFU+0 zdnQ`xgL{6S`D@a7zD)72_?@c5ABPPXIJw`%&Ia`R!P>!pzzCq%oyrTmf$s^5a+0tJ zUV=ke8@sMGaT9{OC=~d0v9orBC(>DH4k>vfDDdbv4f~XI^(>Fa0J29&jx9KtHAeR% z@uHXzZdnad(Gi=%ozD!dha;~jWC7Fo4H*t}EEhrXj6HrAmtR&oDzX)Y&=0li(96ms zhGD&HpA9dO!($ct<0dls#ocx^`uGFQQ_3F&+eL3S~Ag9+x{)c>q82L!Lfkv>6LN<}ZX<~To>X>DjF%nXl{4Ga!L|z#-Q}Ztl zh1u+AhD$jx1CqFpcEx+ogRi7|M1j#Hwj?;;=$-SpTaSfjJ=+Iy$RbXysI`$_|{B9s4DD2v8}D(FdGxp+&F z%Se`Z$wkA3k#T^%WR2og5%HDJ#492WdQF`v))YQUK1|e4Hs&dfZiZfZIKxmoGV{ap zOvJ;?#FPuxhT3G}D&GD!{S|R|)r-WK8A7B7@bLH5U0Es^SH1=gqSNX{Q)a1ez4AR) zdZv`#R+rSUCWw>>Ru=Mg4i%+~5j`n^x7jz!HnXh7I$WRO3@$*f|mYYYh*6~CaN<>N>0Hff=9h|Fa?q)9BS=V&mHF-4X9NqrYL z=A?k`OgnS}iZNBH%iPbX6HROe>UUXWs10$Dyu$jOvx{6}v3;05L2v^riYeGTGUqob zThmDbIxh&0kRgd3J6d5(@R@dp+`(L}H$ZtsTaAAVoLcwF`~kGeYC;2`8W1(lxVahI zeG3<<>_-SkvRFHp&}rbtmF>JvITBT%&eF>l(;ymL3KkxKg{C?k`hV)#d-S7YIHOXE9-d{~HJCf$77RX(D;~NY7|BQ_nMP99P7NV79tMUO zHXyU~3iquN-ajt>XX&%7x^(cr1wfCIG5|GpXG^Yi+5;wvzDT85>H90u$cRSvP4J;f zZ|buBED~6KvH+;yQz>AosK^17idwC9!&Alj+$8~ZEH)i!?|eLvzBH44v)#x1-Ls{l zfcOw8Z^e_W;u$G&Ut;A))}!#mJ7kbl_&zYZzy31OnZU~1rw=Z-avnyhKIBF0QEIVT zjn3rd?9w(m90zGH05AD`bp+#lj&F!QRdUb`PnkrP1N%$dUNlkDHBAE7Mz9$zHDA}p z#p7yjlF{0EU9G~fHc;|~l)*7tqw63m8OD!zATRoj)R<`D4d;CZtNwu zSO{w5C?3zKguG7(;Yf!`Bo}PI#q47cbYumMilruggb`iF;4~BHLV*1DFKD_6Yn+9e zKL@4?+n|Duh>V;w5oGbtM0%V_)$9{_y4&#!8mZ+?w7@&`D@GT`;29RVQ|0!jUllOhR;1pX3#iPP#t3q|u@eZ@CM*Hw?91B&BDRFTO0E^nf)X4WJ=tDvSNwQkP#ku<%SH_DVaqM%l#bmplPA4$->9eDsse+X z5PvE=n!|jT&`ix1TN(FI*Hg8+Sr^;ID2(04o%AU?!Q3WhXZyQi3O{<5vrXX#(*Eby z{zukEzTOAnf=>`^{qiAL(Hjv>xO`K<$G!EG3DZ04y7R@osg8yS+NDk~u9*IXRo{RT z!Na%`5$v04JC4$*&!?e-3{e{~V2KFCc}aL@DRqdt2}J~qlEYoX^aa8Y(}2kY*1)ez zH@4fN&mjysl&&FEt%eWiI)`mQo-jfgv;0>U{tM!^L1Kh{dvA` zH#R||MT$J3p0z=hQXH<0TSPSVgzb)SRE}|KzG5^{*iTF3`i%fkg;!NEpjqDmO zQ;{axDzu5nGFc0@S#sA;Ei9MilRzVV6tj}Sx};_?UDrFAj$JMk|5`AIR{SBYQzQ|r z59|Nh%Ofu`fXrN@w7_9c4s&7 za_JzYSlmG$I>^;jTEK-3gqLHb`HafRq!_f(y?|AP_M;p=H zRj6eNWh7HL<1fDQ#H!fhCNSU+Ael6*G%c6VJjOJZF9Yp*p3k~=3w{s3fi1>=(Rby5 zEywpzb3C-0Q3|phGEwTzSp1`-GxH?S@|c`k$Qc%&V_9o>ff`QBr?9$UTz7@u=+pXB z3~kx!F|`4&5F>2PonNy?%R6SxCT*UbK-*h34kveQMAO~UO9LNY&0~53n%BJv-u5iJ zLx6XFYUvRsZKJ}>qGE!{?r9Zt%;yn5NM~8IE`cKbZK4((V=Q zhZBHqdV_h?r-e3uSUGj!StMIdfA9)2*&U94+kJYO6bNOhtb=;^0JI??G2+8)w;HL& zhHxIHgUw}K%xyJd3hk2y=c#>uJN$13YkQf0Xz;^RMO8wkjN^oiIE4%DW5+H5@uMx; z&u~Pb6mA<_Kh0Mvmq#$tWM)@K!#_vu;q;%mL=OnFZdrtz2D6;qovhXyCR%J&o@LAT zXhfX%I}CA4GX|D$w2FK43VXPFSgq}kixnnv_>am?{l{a8^ts1@fxQI!2$1Ud@_z0h z!7l!18|UbM*sW{Y&!@e9^sHNoFwre>{3>lPa@sg?ynEx%FR1*lqfZd-kRpODn)uIF z)z2ZxA?3&QuUv~kqmX=Xyoi1})dp-+T}OY96P@yOs|F4jd=?}s5adH4c4aUS)DcgU7r9VXT~^~tOMeN z5WpCqAvp|FS!Z`U=GrL|e%l5LT5v5Drp4f0U+*{sM1WGE|;i7-vG(P`dpPR{M#)1jBFIm zkbeMVntde?&eASDJN_Oz5oD-5wL+reU~TbuIuFX?>?P=}0kADjFsevrDG*9utPc;1uV!#wvq07i(tO9LNPU z{igy;tw({1YuVo7%t7uxEXQs1s5~yt93I4hO5$RvbhW9IaPmhZ95b(vhtza5VnqsG zhNcpxwDW&nX#i!SaQV5YSayH00%@4ceESVgEl(lO8wd7y_?xrkiS-IKpWga6;kR27 z(lRcr@Zt*QV+p}mjeQga zLC}nbN9s$!V`yiVR~uEES8o!&<k+2b&c-;hRv(q1ff#55KNSQqlJ-Jzq2rWy$ktiZ2n}_zLue9nqEnNVN)aATVg2SN z%Z4hz(8w#4k)t$vkqagnE#nPs)wyxyn56Nxrgw;66|BqmRSIuo-ftBTSR_9P(D z;02S|9UprUVfqKLKAb;A0>~qr@`ob}j)EQ}-U9lzWJ9ZOdW8mJSaUJ4f$$rW3DM8~ z%B{M-+-WFT=sat>%mcA{YbRQ?Osb)SN~4eXdTQ6Cc5!Bs?aLPrk~=TfwAV;OVd3m= z{g*zMuNnpO`YU12fC8g&)D-A4!_ZB4Q4Oarj@G zRf1!SwBjvyPK;11&V+l?u^h?iNUHC(Y)Nk@!FCq_5jl+iOj=Tb6Vy>VHC5sh400mId)><4>o+K2FE)mwnm z$5!pKL91{3WIur&+5F9$W+N+~hx%sNjWvVztdd5X_qMYXY!&Q-+Q z|H?dsm6EDC))96u*kU#ku|b9ki;)I%SYotiMOTDO@A#c-n>92lSCKN}Fo14a^2-oVJSs?B%`l=FBuc-fqH()6-z?yK)7%D2q z|7QT%4l3pkXFt+xpgi%VwM7VO0pWgDZ7fwf5_10$n9w?0}eVO?Jj-qu{M+0NX-u((t0 zJa)%skKVSVi5~*}kL_gquIF#_gwjWz}J!MUQ9 zzzQezz6HE8q2xYxR!u2%7U13gzQ-6){h|{D6Ks7t-2e>j+sE~ljOp!#P5PVO(>La* z#6EjGnFCiVw`(GM4{rapPz26yuqsG+zpH%oyg1X|OXy#P<_)3jP)H%Q`Oq;_FU0LP z&HzQw3VoZ{FQfEh2d+GOofA*WWX+q!LHLp4_bMh8xys${e)_4EJDUzKONKY5s#Lh1 zVo4{n^93Q7VTLzbe-bS75BhR`8*0oE{dW2np;W>_Dn1EUR(+m`NGVFHN{9hTA8!gN z%!ZLkFyrjn@L0C~`gfff{2X*1it_9Y{!{$Z^9*tdogLiFTkde86F@5kO6$3QED z%%1XjGkvBTdQK|jOAMg+yQ5^iIQ<1fP6xZ~4QA}+3B4au`t|9d>mA`ZfY|q$aBvlY z@q8QH)>+cOm3K-Y;JpzR*NnJkGm39u1=i{XIO82Uv6+G_zvHDA*X!40pkJ_WZg%oq z&mC;)eY9$4f4oqwIqL1Fc~xb<-lO(yi_{wbp9ec%=eEcn4EV#xUS0Ht26EvNri>xw zLjqfdP9l(e%XOi+Ux|05oSF0CumeYcf(scj#26RDH>;_^Z>T@}<;_)o`VPX673r7m zVqYr!GY11vrv0TasU>-hVk+dKFbq^a;a$!ox+*?uRHa6t?w2J;dABtLE*r*tnjVPa zjtl+^&Y|uX7lws$m$sWP#L{`pH99ncUMJEKC|JTzhw3EHS<;`LMdF@43sROEybZ_^ z0n@2j0nhfnbPbRV!DM!q;0*&7Htwp176G(6>3J8@x{k(UM#vD#iWIPT{?nc3Thj|%cxl(zaPqz1LJe-l zw9vh-uf)cZzdVw^%4Y7?STmAof&VBrSjTBgrRF5bj5T;Q{D@jPF7k=ku~K6XGUyaq zZt|j^o_g$mlpBJ97bOWX=TigD$h0}%IzLY*imRTp2S0&i3{-)49D)E9BDN^=H44FbYdRKW)jKm2V9dZ#^&v6uL86ymlx$E zTa4FW*M3AT$yQ=9;%h4H7apJiEZ(79{zIbO_?G;nfB$><@HHLf!E%v(XN(Qo+IS5) zDTX#6nypYiSI}|Yr#AAeN4*ZMjKtmoFZf`8+3xDr##9o&I0w1x1Woo&@ia^(5>;)LC&rZ1Gs z&pVvBeE);cYaIV)w@LkZaQptD=-)p(4=*?vKdd|DM_17Rd;B-Qp+)f=+9Mg_4PMI0 zn5PguxHn=wXxfU}OQN3ZUbuV6{&DtfgUBD}>_Ag`EEeRfbpJwUlhi(Dh_0y+2}qKx zzC|%6B*lYwax&G5q#diG5+^oDR_7T3ic}KL9N#}qY$VpqdGP@$iq4G0X_D*|RoG7y z_IX_!kx2ydY!OhbNtVu9kVcQ&9sCAk7@c6Dx5hz|bkgEx+{79@9mNYE8r{DmOqEr! zsbJ{aG!an2ox05|lG_u*MjcI#ow3WcQIANxkd*9aB00fmhRO@QG24Z`g9zAHQsK(2 z(@o<=fy(|JC{O&J?QmmjX!oKNauu^oUeDaO0eR4h?)1VlZK+eCy3YYHpEiz&7nL_9o&UweqE)In%p<0R(yBDj@quvh4Gnn0(IYt?Uy3JS*R9I18i}oLmOCzJ{a9ok=sfCuy*eKZ*7Q; zEZPJO!xvpRmM{Kgb24@RB8~_4_5QD;4#5+s9S3l7_qpI*+>Dk_OtS%p^S$ecfl6x} zHdKc#VUEKSt7=h=eWG&V;_J*JDRLKPEsEH`>|qNHgEPrA6J9^BPoaC!gf!=lzB5KH zq{g7eCY%KKehMz}>W)cRNEa*6+vx1B{LBkCSAQE2H3 zUfpuNXUgYGR!55t$~bB~;gkq)ij^`=rFc(tpO`v|_1blYTH79iEHl9#%!;6KnX>{o?XzECPh#&|zyddNhz8H&n?*TL;O zgF`oOWDr)Q|4d5w0XL6~46($cRX-*ba#*n_YqwD);ua5K{rqQn5{!@WR7j*LF8Wq* zipF06n(o+JJi>m;`dIUg@^B~+!x;vlpCbiv-y6&#HJ0#yO*x6Gs$$eG6_<^BQ@8%3 zyHhCSo48uSBYdx54gtjOOD)Aas~rm$8XxTD!D9d*o5nF=vs0N4Nky{TrFyEVt^A zQf4?Y2X9f3Us?K_Uv9tO_rjQfQ5I;>3GzF5%`!OMoOl$j=#21tW4_V+D4rsixZ}W{ z{}N=~cWN}}0v2e?6@90fCCbKN*C*PtyW=Q_G#QLhx_}OHR6)lw!gcg-wA>=v9IRhL{nriU7pq+1$577Pwrjl*W`ly3a|ZyE9x*Zo}j zMf~rt*pzYIVZQO|n9^O%N(UzxE-fYGorEQlGvO8v!M(Ms)MDh?|R$D-k(e zk9g1KB7^+6AU98T3>vta$yK;irx% zuYc>?aFnsxmx6`QU`m{aU_OG*dIp(w2Q>ENul4wA#Ql8+9e-P0HVAvNDx3RF8uK1r z*CStVV)08Z-da0RBSEgP7DwS6>Vki$6UO=Gw~vK(^d|1W&iZX<>_feaFJp>-yu1={ zP(BJ#y#f~5=4{ALqP}l>xu?mg^{e`;^4G~rrTdHT-O|p#mr_Lj{%=_4+Q7q| zkA<5Yqx};aHNb+H`1BFUj$DE)?du0}~cpKLh{^E_6$a z&OGza*b1k#Ck7WcQSCmVZ}K-V=u7d5Fs(Bu{ys<9l$i8LE3q5mR#7e6cj*!46?aS{ z^htMl^>!+bC{FIWyw%7H_hgANAF`|(cs%sI-QNp^8OcY~_N{+2RJDDDL7jBrRv%4r zSwW8$zWV>oX8}kqGruZxDhDW}a@tH_~%T_ zMOn6r+!Z+UM@1Bv4Vc05r7}iYhK}}7I&;3=yMEyBKu@Uxn62bZMBo4uy@FIEtfrc6 zIpz+7G)22eU6BRZJ$&^YRPGjrOp~CrkQ3h=cv_z2kRt1H3cAQ){T|D&RV^*=@yu6= zsah!vNWbmq>wpJU3s4usaxT;rgJ?-96zI`>1u{aXkX<$>Bdi@w%iMXiX1m;@%HWAV zsVQ({-71Prcg{wqs_~$M9dh7`JU!C>!RKf|}!`cy@gCpvysCvw!_sJW=2yMInJuJ_4m^uvUhGaW;) z(auzi8iJPJM8&68UI2k9LyD^5epmg@5*Nb?RHjFCSsBx{%J&FSx_j{=eO8@<)c&fD z44^U3M_G0^R=fhjs0>7)vp+!>qaK4(=W!`wfnUorA;f^~5AMJ8Ydk2}=q1$Ks6qYs*Y11AP zlWAMCBiO-EvFdrny=O-2^Cd(g?L3G#Bgz|uymhezV4Vxn6oUeCNG-V53p&RajVk95 zurp#3on=ARz*MqejBYR?*H;f+7U(3u3cV}(2G%K&8|7P8rEV_D*uB)l{`ONnTlznU z`UV(VnsD3U8QY#YW81cE+vXYDwr$(CZQHi-=D#=Zy~>x=?yl-&r<3kftzKwb<=S2v zerlw#UJ`JnvcXa?-sok6Nlac8!;C`!h1KXDCbJltMETZdwn*~2RVm(c&50g4cp)#u zps6r8dgSueio6Vy*Shttl+Y{BCr>{Wk^*i&ay&m|NC(d(+np7ol?JoxS3q_~JT28(yhQZQyNqa@>Y1 z=y|QVDfd^g>h|tFi)N`C^{Rus$o;mOtC^)~XNR&XInM@A>jE zPS)wfGn0?5C*I+4Yx3sBZ@Sj)#M=eXS}jXw`xVgUCIH(!Dy?lt5c2<=0l{7k&-V92Ccu=xkrol^o z>jB_WvEZg>O?qzv$#c{ulKM+0z!(!%~9td}2Fo9T4E6XSUj zHT!qY33=91xgdWeZprr!O!V)L({=QCBkQLP+wqfos|}}D=X_1mkQ=gc{*7Lph5(Q_ zCjYq0ldYMwJ^5IHkm=mg!a1|!rsrGL{mh9q*m<&Yb)P%9Mcv9W!PR4qC}l z%Jo0~B6j|mCRec+2qV^!TB2i)KNqO?c z`WKU5&4?NE5s3>6AqiCM;xT~cNryU!a=k3OP9D)V>NY$ezvlU;b*^m3>hP^Y5v>ho zpQTPdSy~NQAZBgo#ktKBA;0YVW9}iScKsnJb=nEkW0XiFIxE4f@wP@w`p0S>nyvqSVf8rr_U3+Oyjj9eWtq^*V0sFu;)NG{#6lc7qSQH8ks zL7Ko6v3l&riXHY!`1lI=w8A85DjtcUcwn53f^sDSzT+#B-5^U;J!yA!Kt?_Do8H%@ zxh1?7KYUhU?EL=I@N%tdgC+WH=DppMKSh)-DmE?HoM2Y)lrxd(s+69$&O`C0OE4Ji%yv7r68;pT9>TKwdoO!Yqhq))F! zxM4h#wQIzPfU29FGNGyj#!%SD&GL82 z-DD4W1vJ6z;^G5SW2=6i?MM_UJG3D1w8+K80HAueC`6d7Db8Q_S*EHmbCY z$fUN2W9t{j0Z6N$_;xgF+TCX`3Xy3Tva4`~1Ew-9j{sg&rRtVfe zcFqkIreO|nV-Lab;xGs0d!cdErk&xNAEJN8w+F5`Pgv}T)*ONQ7`)Zx@;J-&DiLpR z8X;VzDHm|eAHi6%g@6`Ab63FE)F>3DHo5y5V5hW80X*QkMs~}XIT2oJM&|L!YYKT= z@qNCR9nW>szpNhS%YtUkva6FFug;rf*fT$Qja(vY{gPT~zqt1(c{NSA?yor@v3}=~1VblE#{lSE3=7J<#;lgZs!#uP7mqs^0tYSo*qsiB3gOnJT9-QpH`KU)MC-?N1oC)jgX z9Q=XxmZ3|6OE_`#@*9mKO0|UP#-B2M=MU_Z1dZBd0!^XdRw(bo6Bu|M)gQGuQj*;m zLq*&JI?B*U>1lh>4tXcf()bz{*LPXU)2)$hH+qh&ONkp1p*GHtwb0f{{2P6Q4Ugwa(yE6>rYpcUQ z5}d*v@HLkKryIW-?XCV@o%pQK91j08OQGX8qH|@o8jW6z^VRnYur;Tvzyt})hoE+j z-S1ZrZ=jO1%sJMNM~_65-T@Y0<$laYquP65|8t*MO0GLb-2PWNo1aSYmxZG|B^?CZ z!UrNGyH{=i{$dbEO}{)5D$HJ2i;Wmai>gJyA}_ef!i+i=S*I z3Q+V04boH;htW++r{+Aetz~yYc~8`>?I6M^5FSa(_ro2F+`%bQB!tU^*={1$CCfR@ zryx@F)kLbE7YyYJ5VJl7x^x|$AfpJK&QQU~!`X;GVGV@5=^iOX;8zHhrBX~cp0LN! zt@t<>sPqH?RHY;LOHd#OK0lS5v`RE#2w9J*O)CTk*Oi(QXCdmWRSP^kO3W0CPg`{} zrD9_b3DjrpqQR+(kr*T6a99bHbN4s7l5ir&r#Sbn%w;1KsT3^=(oPlY)0asNe`7_8 z3LPP?=E$|A1>JTrz`<=197oK0z76zz8$yfe0sr+PG-yHHL4hZzWZPW4yOCHOz6v@2 z*0K`hQoORSDrXLQo8J||d}Fe5xeUeXT9`7OYk4L;AF(O<7?%_HRAh@1QgxfTWy*$AUL;Td*y4)u7Ynp47y# zALC|KP;dA1YH^3Rzdk*8-xL1X=OIu`hsew$bMq6{+a<-yDN)?)g%2kLP=&wu>+(rhk=`DVu zu7o%8+jPCZ**|aY?(DC8WMyP!d3e7LY-MO%rML?dll+<0E-cNXc z5HM|w=L#+;a*V7F^$cQUhevSmh#AvQr~=3~f8RB3Rf}ZLwoIX2Yj>d(SC>I9KRrrM zMC5eI_~>M@nr{iS@msh3LZp$Qf)JttX$o++8C*9%DnDPGSur(1sW?oKLrh?W#3yhH z`NUe`iU%0+i>*udSGtFGryxc6Q`1nhJ~?-l=_e+wKjg07GQZ9X$;jxILlO}Vg}W_L zx~i~K8iFMJhQ|69QQ2v&!dBCVYP&hM^33pKkyB+nwy*w2rYE$&tjzjn$J1|Xu}e0| zMnVwB(mcqDDp!y?TapMg+P_dJJQs}};Tb+%Ozvm!4BR1*ttd*%J}Q-J;{oy0BgM%N z60tSGhbwI3E?-V#>XBOpQ1m1|MPnYxvQ*~`!HsUUK9lIy^#GGwVOV!y>ue4sF0CO~ zI1XXA6_}Ng2GV5=1NUk8+zHZwZET(tH@u}pOty0O?^l84`oMVzwfUVkYKe@%0p|amd|tao7*WCkZ?0SPh~@8uBWtz!Lov1%&*iutY;bhz*b& zKgav*N|Y*SLTcn%$fREt)?P%+1Z?7<_~)Ep6Qoet#}w$~z=fdl+A|9Ztte#aQ#_1( zbl`Fgh_{dPV<4`(O+Ycd;Qj^%Dihox8MHO|tYwB}#^$tWRAtt65J=>k;?Bcq2tIYA z(#IfbU>#%F$R={gpXQzx8_KUZtv;%L`23g?E?iSH&>CHUk1hM!5i-Q2OUk$xGR)L! z+0A>yk#^U+7+?v>3zltea5J#^X???B;!& z48kjt4tM()?Ck7bk(61OeOH<+OVGg~S%_sG<74%3_W~}L9VOIQ1HyowsGA)s{$dlvD(3Y#> zBBQxUa@`l5yDf>!vld(hN1$ySm0yPkd^3Y^c%IAK;s+pI))V3xcYLDma?Co7%PK2$ zm)3RkXL%vH=%Y@|N1mM$mz-`CuA0SvLNYyL6wtk(7}I5g56fjN*7&RLGL!O#iKS6S z+hQtus&cdy@P#4JTp6*O1@}TLix(aPvbV9+z=H-!IuuDqoRX02C8})j;3>aU^h)(2 zCOE`3gET@8E$Ryz_|2~yk~wvk!+7>wl0GjnN*hea8yC5-$`Z$lF*rw2NL0|{`t~?- zJczPW2)r~$2b%E@lAbpdj!dvB7zx;Cx=f=fc8k-OnXhUGx8x4;+rXmy$>;uPu{nBG zDA5u_KG2v^0O%RY4*a`P=fdfFlR^!P$&G#TEK+98*f-eZv`LnLBEHikY4Ro}b>1VS z?3$w9^!S9VpBdiv^z@zxkEB7pw>|H%qNXHg=Q%C^IC7;#qNH z;NthL0>346HCtMqN9_qygg+3(CLPoxqAiN#i@iS8KIkI8^SjS#t`f0XWp<&(p0vf$ zMqrwxm`ENZQm*inBXtlGjhEPuV&;O8DiE&GtK#@v$Mm2r^15*U2v+)MO07h6&3CUz zvC8Mxngyb5FlvGyv^y`PNf{{P+Scw%Mx6_i>JbkOTNutdyMPOw1=z@B1GZFHA@-0F zSrv=MVT0{gg`vr^oCE2$kwoR}@c9Y_t>SYh<**Vf=Kvmsw=Y4K3BqnUh7Bs@-bm&Z zfiYFVE>y$$dfbWcQNYbrlq)VjpD(1JCM$Kv^5SUwQ9MTPRu!O(s+^se#19HdXIC=N zF)()pfYHhA$;tC-0p)$2>*GP4X;1plxFGTfHWQlJ8H2gW7{ULdvIq08@yuGq@YofD zYl2~_okO&!8_3?l=acbxUsm%*r9vk@uZFN;L$I$1$G{_*#PLuU5SeYZ{qz0h-B zg#o-j(C`$}l_7_L9X{>i7y^W&+pdhac!W3)P1iq(XRntas5E>kz)uOol-vGyHZv?u zwLo#tfQMm%yzdZ9L1@&gLZiv)AF5oG&!$xPU9exDy3v(YeH)frwcxSeKs<5FnIB<1 zW@r~E8u-MOG5oC)Jsdl75>pxf6#W|p4SkZ#u{md~W7A#ZZY;v z>TV#nS-a>mH3-kifIV*1K)}id3p;e&$#8ZlJOno7&U`~fvxvXI%ms&c>STmSD=FS#fTSsaHkiy8|xN?0Q`nvRi2UY z2(HswL{4JG_ZKvt-Z1XO6jxEtb%i_U;937EbUmjV!wQ8bc&#u_l8~r;f`D(apT|2+ zvlbwo>F*+vo|?a`<`~GxF*!sRTsGs9=lBY`g7>2FS|a}GZPUO0!Qv+=$wXL@0^7MuaRM^~cN z=tq7md&+_+TSA!~iMn;r?a;VRuV<8aE9De2+IhB8j+RmbthquMUR4JuibIH6l0Ao* zlbL^*P0+aFJSex4gqY8ehrb;fHN zoAMex+`vr*Vs~z+{lTnK7QnJApy8Go2pW%wQljX>dFuUXg}WYMx#elDv~i)x4AnWV zY*XP}npQft%v|i*pF*(vcPQf)~<2QMd?C5}Z9S|sLLq~@)OreZD`EAbMfxQ?1QZ=#=Q zz$fHB@L2_swKx_@Fj}Za(*dV6KiupBB3uxP5GZ^u7MTzWFRo>_Pf z6WN2x7R$ygLr!ob7-OAcQ%2S`&sqTL3-O`zM&6Z{Est6NLKxR;BLse(#dG#KFM!97 zkOdm!v4Y1SK*2*&^b$BVwHX#_(Ow-^@VSu>&>A;9gsB4A&ue7pu@p{9Rnu7+>VT_O z;k+8v*~kyRvymeS%W^s*y-z%C3ST6T`@MX86{((7jRj|cYC|^@I_xWEfj~Voa!&gG zkz75q+~-$u?32>5&57-aQoZm>l4<`+`S~zMSl`q0vlbctH8l3R#Ysr8-Swb3$m>ls zg=XyWUjv)PY<6BZgX*^YTxBu%?N?u-C0!0~4(AAa$VV7=k4Fx7eLaP#$g#7*5&DgB z1cOUtsWCQPkP(DJ+zrHU0~3XZU}2x%9cscUEDg2w6m552^tP0zgPf4>qE9Xr^>(M~ zZfN^Eodqfv zUUi3o&9PIPp2UjH-(!~k$c|ckeXe^w0e#}#YY0f!qU2KS-a^t7DF(#>%kM$tTURo< z_aIYdT@#BM!c&4|EObgCInA(zxiaVC8wNi&UoPHls)B?VaR=-sBpc~U-vVr5LH6`5 z^9p9f0BdlPsrAomw#oOf@hq1$ zL*#&DQKdwtAuDp~v(C&CIpq@hLVo^3mwCsvH^k?zY6=mVK!^Zjb!flOtEHSx&82%O z@J~{XGn{w!mBZ`?FSh`q74&CTqrO%kc#A)Rbc6cDZ@bZNFFRXEo} zJr@liM-h^4?!)^>=4|EUH}y_t%JdSP+Iq`3pl4koA{RIhrl4PmylzqwpubrPV}pnl zfWLnn!Oj1w9Sxv0{;4E6hJ{t9i>H!nZS7lhER|XtU#t#B^rfq$c8s)w{XMAu?gQm* zBLI+j1g69>+4E=>u_s~Cf7G(`bGxjH5*ntLzY*mQX9!uB~4`FrWE(_4amphbP-}iGI5{ z7UUF?8tz$BnPW7yIj3s+qYnToNOpLx7fXuUtUV2>vo$HE0rX*jx>^1iZN1ZId09YF zZ`@Wo!rP`%Gp2k+B8x*mRCpw|C6^@$hB@az+$mk1~&a zYHHU9GGl{r+6L@F;NNTHYlNY;7}p2awy(`H$3-t!bioPIC*MK@9-H6LNH_QXuhm;O z=bm;jx99w;z=Av>a;tvQ&&(K44JcfNLs>$qSqab+hx>HHkYbcM;W7`l4h5f&@sHch zDFq0;{p*dS_Eq~X0I!+9Msa$$paKLcy|*+0G4;c{vKMyspN%~H-38krY)wGeDKjW( zB^?+zA_+8PJpmGB1PMwFCi! zqd+e;WT{1y0>zI*CX!GJvrf6F20Li+f~>ByLIvy8Cz(azZYS6+IdhS(S&8vRg&f6v zDzh;gd`+2e%fuo_GOrq&b&2$F4DG_VsnpD@p3BSq;(UcX{map)2-z!@=Rc%>$0M~W z?YL9b;tI#glG){ew!PjRIz6*Fz4$zhZ0;j7FyoQ{P4py|g`SxBfM6oeOg39zFl-<6 zx&uE-zVWB%^GK?(NMl9-)v>T6FC2puub*D*-oW(K%L<7@VX$bJ%kUC-i-mMs?1sSZ zXK%4^2%v!JQhpe+DjMOz%77=y>a?B2??Of1=_ta;=Wci|>?pz{zset!@H;9jOV&+^ zX9b^k1KpuB!gS}1Kdz9pHAcK}%TK#LgqG%=bE*wquN4m>^tO|GwCP4K6+Ys@aV|TLQCRE-Rk~9JC)cr(JZZgkKHeWQyaJz0R|X@dsCca|BZObV z`dcKLGhNp-`?&CuS(xxts2`(vZ^aO|RjP=X%O3~+vG03n_=IS;k9*o-fai`l%9=Bd z1Sh2nA>h?1^f{zOka;92bi*`63X&&qOH`yiG_^Id3WvPu#c5RfA)jo+eRW&>WwP_;}|oX+>OmU9-Om=}JFd)FRK_ytL2mA_eloKJCX0zwkDp ze^H?vnaQ9PyjWp)1wa4YwD`w%$R5QQi)uA(yV9}t!d6O~i*^H3sFKwyqFJp&{>e=A z8MC%jZYcItGnCaH-vxmga3w^rc;k75x0qAK4$R*Q$;+ORP1ax&0Wdb<8EH> zl^_vwM4Z7~=81TmSQQqLg)zj%$v8e8SE|nfiq(olzqcx2R!haos>OBFz{9 z?QO~{ptwUHogiV^l6SPkE4o{fp!_2RS`X$392;hgs_kO@1|m@7A?Di(zFdIfgX_8IKcE?N)I#%<9KZ1kbvq^dFBes zDHH6usozp9xSCL*B{A49J}BjXG`vx5lB*UWX($`0j*X#w-v^db463PMNa)EdWKd89 zgX7_+jxF`cRCxA>TS52&J*{(erIgEw+^J9*C0%)x9=O1MkV6da*0C$==h4U!s@s)X z5I0t-Ir&6E7d8`HYFD`E)g2o?q|&TDGSkke)5}i8OFO|XoY#LOGq(3kQF&BTuF%gy zSltzGuNpt!K^-{|$12mr{nov&bIyrfB4xjb-4KTkSF zTYBLj$CCO^ZEPPbXlw34q zOaqpZGHH6%FthS8>eXy#2Kst857oqRz`t8ed;-t`B-So+ZM0~UUxsIz)YLr|mJj;N zr7Je(a(Q??pR>QcKM@!Dpdo42#~7Vi_q;unBP&=?`kwfZ%8!I^PG{nrOQOH<% zhfcbLa9K(R(7M5Sul|R=v&I3zY~+Qst%7Jd+Wxn-ro)s{oaK;*bUS^bmZizxILLFx zD?0o7UhvP{n5vhUe)r>feK4G%bBZ^XYd|kk*SodOLo={468<`Bucb;3^PZJTPPd!L z`04v3P=~1FU!2?EqhR!cB;FlCY=jzoxjQk{aFm6h~_qJVUN| zw~be5|Hlf6#86{1xf3R$BzEZiua;25Zrb^rHJ)C+0B1nCx|p#7QE(WXw9X1VJ`@$h z^$kvZUBFPfMxv0)xO!FldhUaZq-ZN`W=#hNomz2?S|SORoq?&cjxc+t{15xT?}IIi z{WR2cbS~=yupL)c2HFn>8__Mc%DnHfvtQ-tuyh|3N7Ep|zUFV7(R$pfbJ}II1O*iN zH?5=^VCa8Bp7P33YYw%lomh|8jdmLkwU+CpUgQpOA=mXTl9^e-0wkVy%hRCj*`PE4+d@Ii$$yWasKzPU-uergQ;J+x{)1Gg!JbED; z;C~?~U{Ph=f{FyHsQ+QQHr34%s06Bx?T<*{s*o4Yu8zs&Sqt zrQ3{+?WOk3CFi@l68-4k=c)D$9iYC04BA2qC3&;^LaA?AAydjOaf~ept@;CM*l#1( zKO0Uxd|3G$KmltL?pvYN7pc=wshd-5h8Y@1MLouxO`rhhBeyvT2#=!Zcqg!q6q*>{#RDnHXhv zBs8A{izeh zTe}X8#~qvhDUz*dV@v|02yNP+a1~C^p0TShz^E*Q+n4*{_C1db6~FS>7*qCeQr@3jVRD=y1gMAsD=>j8`OCZP3$sF+Ajz z^}Bc=tE#*C;8Zsv%?V5>(r;F$X4(j-KfO*A7$3H{VP0k*M)Qx+bVJ1iwUumWGGF?P%xxong}3R9r=Nrk*ubt8d-?ax%Cs@R+ZgLzdXog+hTo7--6s8BwJw zAwO;J`lMj8n(Hv#zr(!f3wuVl6q(PNaZh#dZ#S&Zp!M#6E0K`-01&N?ri-cEP1=(% z*{97=odpQAT6Q+kYN#J)<1ueoZ1_+?cxj$WGrq5q3Jq8+Cl2QGtW`7xpc()kv)ONk z*N3aw&D|MOifurMIyB+5;6pu}k5q+1kbUzou%JwXiv15AW0nKVcN zJK`2^^Hb^guox&-bqRRE4nz*?_8|(p*|t8bQ^uB%T6F6jjYqrW{E%A2AZnqF6i+WI zNkTrnizf%FgU9AyOZNcd}0Pyt3JYHThUn{hW*zC+f;kPYjPZf%B# zkmU2mSWJu|bF6#}%z~=s83t!m#$nz#?VJ0Bx(`G~=(+6{kd&qn)jEp)Z&`44{FSV zm*I3(JinvIYiaT>CW*gm#)r#EGCxyOkvkqvMv2qk)81bui8?}&(!E+IOd)|2PW|`u z{&A<7l2^PZfi$RV4pP&|b_@d0zx&j|Q&t2t<&dy+{0>G65R$zT_W!cXY2sPNR;efQ z5Bx>pnI%k_$gKLBD7xksiBSdoXFEbrMDNbSct4V z8A*UaCFJ0g&?CpxnaqS6@R2}v&CF~{(R?qEaI)wa^daD+$+v9Lnrf})dI1?sg)8^} zzJ(t_)Ihoij8WROST~yTvODI7p>yt~=^guU4xF z_o>Zo`nRpLDLzA!{e=Iib97+vwQ`4JsLUJy&7e3`b|4l$N>Zfz({OFT8nAH)5S*cu zfB4X?b!Gztw?IgE-i(Fd-nvCN5-C{%iCcC~g#WdG>f|-0GsnnpM$rnP8_fw7Kho@xs?0aYfv5_xn_kxfUi|BtaT zp9BC0jY|KFnh=?GSZ%J<*6yqsSh596>75R+Xakm{i`I_MitaSjwJBtj)(auti(^Qz zbp{P{j^+H<&$+vU@3F0PMY|58N>x;+uKcf};99baHR%SWh%;!NY*MuNLx!#***R^{ zZbUIKsag+UGTF`wDv>AJ82XmJk3)iok;f&xa~1**RX&Zd76E8TTR>VBH)rY^&ZN~# zLqOVA-=quA{~TVzny}oj^-XTq#QctJV81u@{0?g!{0_Fp;EKs__e~D}?}e8xFJHft z&wnRh>zQoi;7tBr`>YDcxFNVZ4Easww^Oj=4B9z>3VB#{%We+SacCa7MwZ1<2W{9j zS18hy4W(8$V)_9a;JVIEx1>v$cF1T1E35bmDr;xXr8s$kBq?om9ypj|$~MoiNVSw? z6lb9Qm^pH_sNDL-oO!}jO*nTqH}iLYd!ATdZ%4KutaER%U1graryOv7A`b*IlcQlc z&QttGvvWjQFhJ?9?haZn?lMuR6|+RcjFH?_=I}(JPyIPF7+0^U7n)?T;C{^y2-ipx zXsPW-^#U)%S|bZv=Gv9w%+Sw4eSb8}^_Uy^qh~FZ`v^{}X^hQ@n?qJ7ZEI1_OfXN& zaGgyx%dt>`l}hedP{P_&+XV!unzD?OU~9j1%*uM!T_Qwy{i!2~oqD&h%@{qs8$Pw6 zaf5jr`-P&t{_8oIIoD9HOmo)Y%2P3U%5SqUN-1uFMRTzx)@aXf+2`eCvD; zIWNm_apKgrw%L|b#YuGBI+no+rOKFrN)05Id>UIMOqxmLtVazuQuv*5V2W?)n>R<%si%!d1Dw3~%blh1EigUoyW6h%1yjq=TNka}&>dOfp; zN}I>pdC&3ie9De4QIIwmpr5Ugt6@J;4&a>fSn+2ju=qJtZo}xFQn(v)R z9-uH2S$0KUJaDA;?5pw+ezHfwubkpa`ShwlQ5zi zIwJoRIoW-GeC-rZ0{@rWsBaYi{?ez4g&?t|F3rro@F&nnXt=oWAJdroq#~8sylH)w zz*CdWA~D2w?x}-x!V6VSq-wN~a$F2)<3wCsN7kxheZ-sfF0z=)c_ZNvN+qfd1!Jtc zs!J&jx4c81Vnz?SnGVHGp_O0AAy7d_yG0N8?{jz2#)(8S&NL!yXUUL^P4S=) zt!a^zLgTE2X34x6T8B%+3j|(WfL0cuAK8kOwT2FX!m-m|MNn40ps#tI6Kq#3$VNhK zqgGa~9?Tgxj-DOlzHiVfQQ_v!NV%m@{pUAgqM1>Pzbr6)G87WwlcL*KKc+q?ZV1va z;(L=`JWULgYtxt)_UGSeYu`bH|HP35z0EuTBiWWrNHfRZstX!RnRHf%DFwhbdgU=b z#i2I5s|X8N2rKnsZ$!+J;)16hg9|h(3VhCUfSW(;Gori={uRC|t3aR&^zHsL82V6g zCJO1Op4&xGGpU`{L`9M~QLMl)va9|C1~C#{>c~{$fc`-)=Ic|r8px{#l`Ep^JLKxM zf8%Pl=%UbsVr_76%)-;lyVwVujeaW4L}a34I%48d6s4^8+vaf2N2wiz%*9QVAgM0n zHjyKfHH3L^$Fse6oa^|X3aLsv+eT?HGespQu|D;C7d#@KS!ZZ+mi2U>L~V+q}L#3r(6P`$_PsdA2NgNj?r`3|E2rX z$OONP7QFBciU{YvxVg5wdPtHRs-6-kOIU^M2Ov)T^2C#J)>{UCm8m?@FDI{~zvMNqIO1jyQ{tt>h(k~w?S|$~M06k+M ze^`3yR__5V!oO@`$^i4+4LVNEcOlUz5_N5U^B>S-(g`2P`Vv-ksi2w6Jod8}8u5B+ zp4T*__tcnPTPcHKSDN4afk082AAo+*^nvHXIz%DuUIg-_(JTnX3l;5xz(4Ez0~{r` z7D2b@7Dh<>M&5rEO*|QoenSDkZ14_DY$d{Jzf0-vL6<)cf!&`uv;I5{$D;`Q^9Wh( za6jq;K$SRI&QeqGwMU_uUN71(yK}kJ9i#rWPB03MIl~1so2@RjgP|l?e+D^fak918 zMMp%0q0&>Ns>yxf|3s%IjWsP?B6h8CU|}oFEXlBjZW(i!3S2ZK$17*k6M%ozj?NQN z18=4sCots|HElSdeeg^$2>!`^3jvjsC}g{gbI<1~2>YXIjMwX3z}C^c!X9iKV1`2i&$|R3ujITw2E&{Q#?A zXqxL>+$PAZBle|MV{CbFjkrh)liC6i^KV6PBQ zf{}nFs6P@|Aj&)&8Bicr?=&879A9Ve2;F+^DDt4N{az+Oob+;#D@;43zqS@4Oh6pS z2z)^Giz@u3Ei#ws=I^-;U;LZG6-r)(9R_5tNIJ>MJ}D-XD<0C<&myjo#Q3I=U;S*% zFX@uNKu>h9OSo#33)~m9ttEN(cgl8HK`VsoStAy&O|7a7Jjc6w(Tdm;Ss)o}t66-& zk{XB>)MgJ#3efi2%40XJZ!n1u9UtP4N(j*tKCqz`_GC(sk|=i%yfV$=t7#9m z%nNB#5C3%C74BFJ>POkkGRnR;IM6DH%y84FyCB=MMf%cn>YPypAf(w|OyzAJnqR@S zTmd&>f$@gw)nhrkj^wb*550fnu$lhy;xt?>E0-aGHEJ}elnP4FFDBw=hy0I_ZY5_u z#qn=7$`>GCf*|`6nEvu5oxUqIKT_0MVP8wd00mwwb!!%!>g6~D$Y1hZD;vy`)39|G z^NygPUn*+YAqC=;&pCTzYRl1eC+3#(p)j9U|Mj0M0{jpF;{{=Q2}l9>1P%Y;_FU@; zp?-Y!NCJ*Yf1=)_FDQ3cr0K@A;S0?-3`Y-m{ur-qH>F^#-KzY%xR93eOVCa_XMA&nnNb zc*(j%9B6F8WOLe|RCs_{+Nu&u*zQ*&f4Mxw95GfJ8^aSs+E{4JpYT#yYkC(*dd$W1 zb$=-7i0gyvh0B|H?(N_1QDf_lJk+xEeZ5N zd#LeE*%@!^^l)9h-%-(evZg)sPxWpo#zpmROWE@u3h8eey(@1D!9Jo*pK>Vxx}jF! zZSftv%kp9OtQ!!#@hF`ubiSHYWKcqKD7Y9$ujC-H|6G0Y8o2!2IoYbkV^kBFlM_&x zL52NTu@c)as)S`7$rK#RfvXvtC$5Hq9Bf}J z#=%neMxK7Nk6f-wxq~&!G1d`l3r5@~oW5i9^k|qYi_gU{FIy4uy^#hZt|7LaVzEn| zsmtgsdc2FGVtwG5*xchH8uxF;T`m+jjp;}k)*QA;g&rMpfxR%fkPOYShWyoFuNbeQ zR-O)2z+1boLCO#@W1KP)nnvmF0g45M9!&&mu+o5zJ_jfuH7jvQqzow)PRU80e^@>w zhbTsTa`3wR_j>@e!2QL1?o2%L_$ovh5Fu2ITn%PUf*_8h9r~}DX0S}gc8bBfWS#Y6u_=uhI*j&ASte5YG32nK>3W0m;pT1)h zeQ3}vwOB9ZR1SI8jY!ujbMMwXb2-tjV^ z_5lhBfu7-Y2Xj7J`XkgQjM+5@USMG(CCW3v0h1lwk@UOSxmu$OggT=xfgLz349R!h zj{Uzz;=1UpA9Ea+4c2O`Uyr{37G{q1wjUduTUo!X@Sdf4HA8$BW|H-HA01`c*uJb# zP;H75u6hT~N_2fW)JFmv_xPOWb=ih9zF4svWtKUu-4k44+=Y6l&P=)Ye(-M{DH+ef z1WkwE_3WJ9-PqLHQ4p;mvSoN*e9IPOJs-QhakV0=APh@#vay=6mSuP^u9m=j+bW!! zlv_E!xWF&7ym7(5e^2-Bo{{3hNbqv&-A$6(-@3ks1&s}mZjT_JNu3=rYxFQ(9oH5< zHV{jZe?1N+D;S1L#Wx&(z;IMD9S);vsr;ED>^BdBC7!H1XE|8{>T%+d&TEgTKeZ;@ zu^tv~6Dc=c%zLP^(2OwLO1TdTXp<}B9d3dh9=&1fC({yk%J(Oa#0=u;KCQH(y%U-!+Q^`FMzOEeQ? zCMu?p_lT`2Xa2L8!PGMsfioawYl6uZC|yf$^uFnoe5;ixoRkQIs|p>ARv4O%9lbPJ z`VmlFie40F;mVsseP(@blX$gV?66UKzBTJ8-|2fOY)4X?+=qrFQ**CT;{=O7Ncb8 z@2B z#yHhaDv4oR5HSosJ*9fs>LgEH6c-1Vu_GS9K^aL!!wieHPRoEgAr+5

    %$(<0Nc3 zJcvzAcGY;ycTfMJ)?EuT2Qx)+AD-Aj-wn@#Mh_a7eLkLp(0{%>i4-u|X%FB;>(n*q ztMIIwp9-p?zswp8|Mf)YdgR!@SiYGNPQ0P5Z2Z{X-*AU*ahxtCvkDw}Fk|7{e;r9j zxlEbh@gW4Qw3NDc$CU(kKeX9}+Hp`kmHpm32uRoTJ}d!#sbP1QU%Xo9KfJm;_FrA3 zyuKCsuU=wBejJ%2#=m1whmX{s0d&a|^p;8GU+K`?T)fiTN9N8^yC9nsfgTK<2DvyS zg~=V`Yu+~YpQ&-4DZnlJN0H}-VL)yrOvy)b7=C0=iE8g!vzAye2b7Z4QRna}87nQ# z53i*cfjP^PXZjvdkN@?eY4otA~*7Cs=T#Mo#u3amokh?BB+ zi9yg?7V2J}0_V2E6q_{lL?jMV`d&OZup#IOUS$xR%ZGy1OQOvj-MJ8`%o*?6aLYSM zSaXw~GpOshzO#Qx;|Vu-c}?KuC`U^3$S8vH3)0F-rf(-^ObvT zz<}S<8|kQcy{6cHy8M6ZnGW3@?IE8n)jKgDXHujmPCNoPvaH(9#4KL z${to2gJqMvAP$EbY9fSYK-Gj7MW9x+cKxkWT;jq8$+q$kXbJW5zqhF!@?ZMXv&D+I zIij%w?+rw}LC6_vL_)&dOm!=NNMLN4VA$0W_Voqvn2A02GkAsldyhH@H}7E(zB60wg1F1Pc{h zV6_B+oA_HQhN-hoGqK?5=%$jYkP~s{H|Ntq_gy_2I)05twV>}dPrEcI^gXHFU;Pe8 zQF0hO`~`p5#;~fIKk|!)YO@Bn&Haziskwb?JunFA`g*nKRv)W!rKfNvm z4A}D8-algFC#IH_VTMI4w1i-%1}v$Q=Vk*T5o^D0y0KYZwdz8OTVoVeq3fjuee2eq zK&D#IOj|C28ZW`qs&muV@rc=pw^=&xaST+|bR|52M!GARUb(lw_WpLlioTzE&Y@W% zX@V-IBX0@#N?`S<_%j!c_51Irz8dHHC{}4awA?@NWdBCSKdXLi9w3M4eRp zpc>a^TI9J9_;yja5QsYY0Rv|X8P^IrTFJ-b*oDW5zZSHA*>?*vgMjM*8HeHPzUz73 z+5qaKTYO$Qve|9cMLx95Z_2)GP!^1Z~4U6e$tblyCo_Nok@VpWZOFr=k7 z?Tdc~j;+M!t&UG?*5`FZtcm>e+^q8jHat?-7Y2gLNg;Cl(9ubqGx%aJF7cXboeYq% zkdR9d89qpztT04=&v?(3ip<(a@#}9!$=xU_tW?KG`pP{V6C2QEk*N^y-?6*?5I-wX za#WPgvkwuE+u0fv`jtcqPqlbD>X5?!atPDAn)8#v)-+Qc%c)3A6l%baEW#sBfrC{- zrNYr98VkvCt|R+xqc8YOgPm3Hx%cVJ=6i0KZEHHfuyxHWYy4ddF zOQo{b(DY+^J$i+^w)8m@!^MQ|y4Uhozf|SqQQTmwqy1o3y0PDFfl0-(eox=W@27MF zQFbv81hJj-ARUx+dOKuon3`@aE&4ve@c#bW#F*9q*zA~Xg$U_G;K~r9mI4=Q>3RXY z#5zrqczp0MbjymC1?`n_A}z_z+R!a}O~fB?$Iv8$@i-*+HW!d4Wu3UpkROLuHZN*+ z*uaO*jrTWa(Ky+XpMu-#(wO!OA`}78TNK1$S72)P{)-4EJfQYisW9J`NtoDyO>WY9 zPA-%~wz$H(YAICPN8r(JY~9MhbllknJVdH`+CbFHYlA?fie@phIGINUtZW`SIv)K> zL+QMwMZra{A#|GjMqXT`r|GeCRI2HUP+9G(>q6XQ;o+Zc64iROHlTnpH*}Via`Dtu8SOo4$Q0S%Ys>BUQ7q3X)_Du zjT}@2@7Uj1czX7h+kIl?g_N4OnOMVYPo%k;hqK0MePcbug?xjUuO1Uq+}SdU(H zBW{U21BgWnxo6J1a4$3@EXEB1aa75var=C-y?8qSEeJGy*R4lvn>86uMUhC?5z{J5 zkdk>1KNdkq{LF_L%T_Al7IAgwZ%&NeYADFT(4|7p9P#QGpe^=)#w$g+)5x6TH3Fyd zRI4$k-mc3=Q&a%UEBfQy^xjMKY@t-tB{}(EL33DBp1kN=ycoi}5S5G&bUfdcC~)VF zA(p|+L~fCuB+&>b)4<6A@mmDhE_3!=maBAFu||A=Ji)Y>9;=#<@F)f*VhAmBZiBTK z+OAB5+4C!i{IE}J)xGwS2y1uzv?nf$v2Zwc^Q)o)GB?pw95&OCUDxMlttQug(p6lq zj+KF(L$my6&!@$36j^F-D}0m6DI3EYN}0uV6=YxJmMRwA?*Kq;ub_MpS@gO!UAsHp zdo!4BoHG7`qmd=K3-%YI&mSyJ47f;@Cz2^>2J$~4H|}>F{fb|RB2vt^w#3kJMCj&_ zWZ){$F{jy)iPISQYCa~$tS83(l;l@HFjAQ)nRMn4nJHGnENr2MB|E#lKp7@NC{H^Q zH`m_?5CG;`5YTR&yY(+=8_+>Xo|mMTy3gbAWb`CQ3(@TC(}FHI+hjZ538D6;qsxda z7!nP!1{13ql*4p8vZOiYlW40|N`W*o`B2kD16jVARPoblXl_Fu_@qo}w`zsA zi{^CjOgQ)4-TnTIjpcV{6gW*KvBT)fNuX#&`Pt8r_KOieIv92-6zxpZav+{P?p0h> zdCG~M)^>4n-{RJa*w7!~22xr|0`sxU(=pjo4Xs>B9eBfI#SKuxHiD$?+@bp;N~D6I zj8X3!x?j1Kh2i#!=8P+V@&nIbiqb}Sl}gV!sURVLH*}MmC`Cvusa>qJR*rGSu0&VL zy@CgOJ373x200ghILIg_9twc)^(;l*=_o$#ARN4Fm#2L%ufOY5_w3Vb$xSfG@0#K2 zbwc2$5urIPoZtXOmLTqtt}mk3xp$!(hvu^#`C7~eBvl^A99j7{I$J2(CYxdQIiQlT zJ;v!5Sx+(RVMtPk(&GAIgcdDx6fJ^OTfGwZ_L>ireRGO;Yu)(jYL}nW3t2dn)Cs>d z^K*IDbK0B_t@Bg%tb>|VR)JtT47CU?;X^4-fvZI8sLsZe zl}C`ra3yQ9DLO3Y^VSfn^mp8FK!K-#h>p;rRak`B#SCM;L(unWwIq8;egVHA*+G`= zlgL`7$OA{f)1L}9TWlY-ZH{sd%$-q1NLvG9b zQ4_zsRNCj%=^)}d zfQB-Z=Ew>E7L|)>YD;|u-bG>)oPWGerhV@uWD9h9$`}1%vPwxxmL?;UPrWVQoOPBD z$&iX<;u^h34W5gnNHS4iwJkx)lNn;u%ZsygY+Xz+VfVIe8K(3mh*8&YTkzq;zGxtr zHKSd757K>tY`dV6@kyX(ry+ysWJ37E%w7I4j z!GjH3Cx=b`6Z=ss*NwFqe?q({)ts}EXLP%8x?P-QH;TO1wbIhB@u^S>vHGnlt>zr8 zI-k9A-`-08qy|<)`&LBh7=>&Gbnf`MbU`73*Lm@WNDf9Wshd78l$-xM z^!!olMiJbkT2tv}Z!V0JCO=d7tLKN}!7FKbBlzD%L9$?JJuoeGdW2t#RG=;tc+8wF}?;FN4<|D_Dq`KqlvDv;ArhNB#isPuqMI z5IQ!jgSHQ&TyoK#tr1M|cMtzwVc%da;&!U9f)o87(hUjaD50Z%qgZcQ$E>{x2ewuByH>ZE^$!autxmumP%n-j6;^&km3f$u}d5fM@~kcELUyP2(Lc~4V9%a*D|EL^xH z7>(z^Gd)1wUx;V5o;D}jr2OsKw5+MYs{sF(o4LV42@RHBvxO8Z3s9-1mQhB8wELA? zq*9ilk_b&lrDe*Rwvn~X9T0U!nGfroV@_3);yZc0N+${@;`(URkIbL@lagnsE8mB8-^oD?BI5eGWD;bxS(cx34`FChZQ8V5t+OLkXia&6XcyD*`It z%uV#81m9Dm0<7H~2fFrs_`#z^DWax<=Lln_O?xn2 z9M<9CDsiCE{f#h~Ue&F;Q2$+G4UXPr>XkA7r%rYtgn*Hyply}@?sNtBb&<2mCtT1f z^k{_uVoA|omQr;R>Tk$_pGbaz_uQVcO}Oyz<2+Q_dZ@4)UwyvfG=4P7xL@?w6Xf{z zu!vY2mO#5_8I-Ul@<;h$?9C=m$H~6?B?Jf4h=h(BoWmD(gc5GG^Y0ycRheVW6WJ&IOK^<(xq&u-J;*Qej4?F6-_Ais~aJn6k=s&c^F?F$84 zaXf)e=0o>Y->-J{anL)ojCol`GYVTAvre?RnZQa*fn3sSu0A(CTMGj>u9{mLNLu$9 z{tw^f0VO&+iCZlmiRRYzev4nYq3t(uQ1}HaRHR4RBdDf*_Ubk~mfkG86H*H=b7n*5 zEjhqbdMoL#Z{Oxr>l05%aNF~y5tprWl6@)!Y{aaS(<01zUX60*0n#(z@ATP*BYP2{IQ`T=O%+FYbBsaMJPzgQ zK3_Fr$XVDp)qLm26_v_pU|hg(w&b6~8eK952_$1FdCLo)4b?pno}YR6YlXe>7rb4`{7p4I zvBck|tUA_gc?ENP&jMph`Q{>3ZtPKcy4ODKo^?uXU~uhKMhD2I_#%~bv(2a#^{VxE zDoSQyynR208o5>Qm_$^N>p1mPngmUi&h%VfzSG#8LR}Y0e@_+aR#6NTJHWCWhq1d8{(*JDMVcT-(vVbA6I9}r7#rDYN1J^pi&XCM2lJcMsg2Pm2x(;H*Khg~A~ada zM6@bD_#@YHg)qgna_E90Q&z7ZavNqna$-?gR%Kn!fTBE<3$BQm^Ma!_n6=~sUIO45 z8FJkw>53(BWim9OVfOcJtn&~S)MM*=Q4ZKLf%CaUK30p7kv}w5z7uco_a2M~6RU-*F^5pqmy}yCLgvq1~6RM$2oYTZ?{mflIFq zeqzU9POOo^XAu(n^R|?W=JaxWwc%qa0Oq%V7f)Rg?p^yPf3))}y0iV|O>P(7E|_rM z5}Pxx7f+xNLead+-MRJK!R4;E7Bdqs7P>7{GR{}|<@@EXbfbYK-Y-N1vXq79?8j!9W8AMrXeLkJw^4?T?9ms|MC4-5EW$)gtH)ML5fv2!JeMU)C+w)Q~KVksD4{`uQKkrVfdIbz+r$N>q0aFxS%_l|mPE@~6li!v&B%Ul3q9~6ejL7c3;FlC z0(ib?2*R114PWUg0ryxFLCZ_Mf|#ZCjq5=Z|)m#k-CO$D!stA$|KY*Uvp z&+clVeb|1D4}2s?Q9mIU*<>hnF{00#Xf5kq?W~}uI&WQQ`b*TrpTJE_v+tpG_^uJc zV0`fD{1Ia_Z+tV0rOIXLyC|*3#sX(>62>?#K&50_Yi7SlF(@cX;~6T?p>r2l1DF`% z5qj3Y0b%gE&)yQ3C*$oiy3x_4C~jex>h#rbq|knacY(OYUW7*lNQ28>Jjicp!2#Ap^KJ1l_~1_9q^7l$@LG&}-6_m_%VVM{a0Qb_`k zOm|G5Zw_Hhv!v^9Z#~oWO;xP&uX7<3e<}CcyS$=F06WMV$y<0^w}1UIcVbA3CED_b zkX#)fbY5}|&+-p3^D9WKj*CRV>%ceBs3=#x%eNR(sK=d^(5j|bV&kVlX#W>i8K%N) z!WzDj%OoGjlYDRqREjm@pef{>DjB5FL|xkaQ8s${w?u}(jdkulhtVPa0_pDQ1{IKgh&^MwRc@3_|1O4VBy*n_ zHxzu*d)Kr;c7sP^G8KwhyDDnQ4S2ro(cvzF6t@aWY*N~+n4X5eJ=!^lvQ~J3(FnsB z^46T>L7;&boU9at}{oXqOnfMftYg|4N*$Vrs)9@V?nNb@= zwPu}W-62s z#GVhWb`8t#S=;9DXv~CE?ag1vI3q_<`S{K(SX07f6-AcJOnwmWZAWVS`QU`qyh%H; z7n(VQ!fR|pXZdGw>5yf1>n7BzNPtp@@Hxuh87=5tI%%{DF;Tf@Q*%rS34kvn-W>R_yTp69n&gz2U-|2HhfSXMuE;(y3W#SCf8C~=DM z)W@i{b^mqFmd>a9UKHZCy~?K8sR(BedM zt-NLasXl`loaTxBEdJq!LVrlHW8f+2xD6@un=-%-^%<}D6~M69#fN8H+pSJzQXiK zS7W*>IFF@!*{Rq4%4H_NKGo_>}%yYD% zF5jzEZZum$zoF>3=~FvV@$bJ%1e77-SwxM56SDYwB+JM0Ij>ArAo zZ2MLg5+jY)ZX-;|C)8-~wSDtjRq5G84Ts-&$Xiu=H8c_x_b8-1J%D8{!c%u1rF16J z&C?fK9glH-Z<3+M^FvJ2qYtCA`K2Zh%4m46BrZT>fZbj|^|=&QbFd!XqJpnxeA023 z6FBjohQ$2vS$I5u#jjoOwH~TJpcY`!Dfcov{CNECmf*@Z&I#YE zeWSci{?Or_AXxp=!bGvj$MCJEgd+r15eF2hxKS9Uvh^Ny3*!BSeX$W{=IL6~;tBih z_(*y7cV*+<8kB@H_N(}jCT4M1*6Snx0Ni*a%b>!>W#A-CO_SiY_WKKC4Kl}&6BPh0 zazg$FK#S+J(@3uh{r4`^T+X!NEXyF`3ebPH4>m?>Y5u6#jDb;8fERM7OC-DYl(Bi6 z|MjTjLa~Vn=;3QOCmZ%7PQ=Pm;S=jId|i8;>=o##`ovWhm&5Nh;aXG|lBINYa&se$ zkg^(7(aK-z$Tpf~dQ4MpvcX0my0o%{5xO53zQswxh!Cj9zAXuyfU|GV6K!2=qFfV> z88<+J87!bR@ePM0+=-bJpB~u6qo~+9m&G{U(IQeWI3Jwo)g}I@2&;FD?j64eO`Q>~ zN}u(HlTB+4*0qZ$;U;oZqOd2~0|aem^W2h31+rQ~na&pyBazvNq{J1!`x-Vaz2wuV zW0O_e7k(Q^_z%O10}B0fF-0%4npFMI3PWa&)qbZ=k|bE1x~bg>Zi)}CHXI>~2c)G-z8m3cqs7=9b{)UP8~ zq0&bs!OpetCuZ)JYs_)J0hzy=_Alsq9kEFApf5f0(uE$*FUd|=K%fE7VXJq2Gvw5* zLh92n#>e)F;5KS&i}RoIb0acQfSEQJO4&urrArD4>EMhE;ewt6Wuz|*z(oZ+WhmHn zQfJ^jUsLxnE(aXxSA}KJ!|K(t1^$~`j8sAO0KXnsU@wb@T1T)aZrdq$1zoAp!zsj{ z+oGNFotOwlQ_=r(7*^n2^ZI|ZMeg6^yLrl&L}8NiVGq9m3!-h+^ih{Uk=(n#ap)+U z_7xe_D~6=n*whcCyqeCc3AKQ1&|w<>rj) zf0GYz@2;WV3Dp8bQ*UCA|4lAZYFPIcT?cz{lUual93u1$RC9C2PjsG>{vw??VVfNL zTH1R#GlWA*epB#|Mc-M8gA<44`ffs{&BCTZHvH2U?Y|Dv(+eOMxn*k7EDI7YF((sE zQ3f|eTxonV*-}V!p+Gp#cdxQ`R{7oJe{C@VpEOdL$w-dzz(Qb2Ge5L9m@b%vgE})gagi zymHR6+zvwKHhau-3OQ^z&ztkk{=!#{#i%~*Z%*{ov6b~cA)@qttS!lo*NF66(S8mx zkH<&!pIZJM&=$4ac^E;oa09&u3*!%kxz9_iNowEMhB1fh~{>&r4CU=Jl}$i#-? zqe?gsrqm=}%i-oKsmzX0v2G3u);w(mNiQKebyBl6{=yZ2a$zESb5zfx$S~G-4MoaaSN)_fmydTaU&-^ zZh!t0M8=rsEcGk3N|GvnrgKq@9n_|KWqvo1$Dm<&Bmg3dZfGeFV(5O?#^S6ub zPMhy>>-H0==xju%rnMt{r9!jK+vJmP!DcdLdBJwH3PufZ*hkT?p(m7vWwtDOLim5w z8Bbx^Z&Ln`&KR@l`@eO@vLd5@>5OfBI>|l5F-J?d!dyATdH>ZJt4e+hD5qr>dtLqq zXXI;*rdF7k5HtnDY+HC=*n4zp@ZQ1i!6Wc(1}{~ZU28-?sYwc3vLbo=X(1|)=nDUy zJS@0HZLou9*P*|d&ZQqV_35@560*oAuin+qWrDI7-UW`Y7$)l$?f#LnYBg|ZPX%ap z7_UQg5X63sQ>(Hk_gw33!!7E!8~25&xX&??f3o<)gL1ZBo-hc$h&~O`C3+9t|2Zo* zS^ZQ6Hk5^V_GBPR(1qMwKURKN{$-4|6fB8A5{c-!+InezOG}XL%ZWvJ69)y@;#YIy z_>uiVJAzRgf=ue>(L{`Dzwqm2Fzis-BQsQ6XL>kplyv4|-q9*`G{XPrjDdBxxW$hw zN$k1t58@_h0G;vF*eOb=R1KP{Q=T=>EtSo3&uSZb_V)3rE~KTtI}3=~M!9F<49%9T z+2!EKn&d1COUF8?S=|y&bXGOA>vGCMf1JlSj$d1Mo_aJt*^_Xe0VBAQ{v{HY33em&TQ?)Cm)T?mBN=7 zTVXkx(D~zL;#HUlq9jx!xEXAxZ-X5a(+>@f=ESPLtlN-sS~ZpG1K1DGUq{CdjL`BT zFC|`y86;JWv92#cYj;KOntb^({oLD9z|xXvzE0+ZTo-+CA@SGxSoFTgz?jo zLvr}hESDyve)Oh1vdL8W~W(j25hSIIlcpGc3Ibbg=g@CV9yo8}3x4IjX50j)kDztm7NSshMa=rfVz570N~2mNw55AecP@iApyWoWb6n95F%HwPXDW3uQQ={H&C#nSeKu z&hVElQn+a$CMgrrjMCink073TtbW`9oX8>U$ir4QCh?XK24@4?Uv_&@w&*IP`C)TPk*68u{8H@0j?k;_Hk)uHu)Bw%qcz#2wcA;l}$Id)h+w znry7%Jr7;3Qk##a-g38O?RM&A$6Xq`+M?x}+^^!+x8X9S<0^UL=4j$>apEFj;?|Ge zwbXO8M0VEO{fVtMR(Kd%UnQR&VPKkh#}9oTSY9Qr5kHt~_2Z4TGqJKIkl07zG#-4x z>OCW2r)+L@9pVp+v^vMc!b>}3^cRDrA31WOl58}ET=lS&$+uVGIE<{+#ykder}Stp zBY_RsEnX_$)O68bgp;4Jgal$#whf{B+ac!kAYY;sG=<2@2vE?dgTO zUxu!ye_xKQqX&!>ZHDE0UtK<@fH>L+@Nrp7A^pJ&Q2F0D{dk~VfRq?-pTPr zkDIb{M2Mv(ZSuYZh$@GRY@U~3ZvqTIz42_p%V0RWgyF_jjSd7=J%cTAXkxb+hNVk= z#^*4HVET_(85Y2{SmcTI;VH+`^SkMI#4exE`iZn=2w#fG)-+If1)swP9O^;^>v0^~ zxU9k;sWc&}o)DIy*BpC#Yuoo~TgtJSBhNtKd+23HrM$FyB|dm!qx!vXYRZNXe7e4fvGt|WQm@HGvd(P z@(WDO1vq3c&`{KKW)L3lpJEq?>R3>^72^`~d4I1_9m&8s<_kcVm@zyV2lHZSGf2(k z1i4X1AVB1Cu0GLv$B?{(=K)PLKULApH`&PsLdvws)kiAyXC;c?aM;$q>Y+;NAiwxc zD!IO}-C}weHWAOr52!uckyOZI(hj!sox@6?kcz71)`8D-Zrkm;cl%BY-ba zMHF6y2-wVDte*pCKQGLl+r%;cI{*s*GgKa12uYeiGPGXVGAjom%&CyQP0ALI_$-s* z32e`U3&fG?UWJa#!FI^sPcx{c88|hQ#b`h}(;V;RPk<7DX4Z9iL9safrh93J26jv( zP&{S)o^PZJqbY|@+wuP%^e}+r&bZY*j-p3D250aZaQjl?Rx1w;PB|h~jl;kT@R*K9 zAcy4)*rInTLMKMzZd8GDb<~>o6^@4H8vG-rNxD_TxMpM}|Mm3Y`|uK9YTyp%d3GS& zAtEc*qp_^eV19K1h(9t01`|o@yD^TT{Mewk0I#(-C#4JWV}i9;^B-+-SZ8}uLR)Ll zUEI&rtzJ2(a8D|YOE;c(F0wC^FBD%$VYCv;^k*96V5IBF=|~eiSE+PO9BqTKLU>?l zGYqz9g?rcxQt9nF=%DTt!^8SWpxHJ zmq0@&1C-NdfX+?u*MXr{yH+Hp+m?g8aC^_Tj;bcukgtj08Pf;`n#0{~&xJPe2L~$OU1*zh7#`B!A zXx~%Zj(l#jxBQf3t786AQ7u5*1i_Z)KG?oqk@6E);6R@^6EGJeh zJh=J`2P1dA`T|~FG#RU1bMG%yJ+V}h3Y|+He#862p(hC0gdG7QK}Htueu=oLSs+$= zBAXH)e1agTNe33kmEXt)Z#u)?SGjls`N;Ubli)H0u0TS6)D{_jhs@DH9b9^C4QP9{02yhMUz$8kEj|WyWA6Ql&gD1w7e~fin^kASG6$r zTxe99u%C}wYU+TF|_rrol=+CE=^U49q1y6K&QN6;Fx5hf$qoK7d z7z+3{5{AoF+>}aM!ya;YL1o*BRD5r)addD+xjo0EIaL(!KG}(YFyV!GP9hL|l;|o3 zq$xpVS|G}^;11gRY?5HltLkr0!#8QfvwgC^3`a0~vV;M%({a9PVi3-Eq^{ZqPF|Q+4`8gzT zKJuIDLzlKeV=owL-Rv5`1Gab5%jm-B=xv3)fmN6Sff{hGn-~ti9X5peB_o+=4I9|E zX-sZRUU34(rKZzt|s5z3egZF5p}^pP;poxt~uSy#Y-gFX4dxQ{P_CPlIWr1mDM{ z0z>)&H>ZBk{g5-ckKliHgrcZ}f{4|`3LkZaYi+eWm;?mA?m?@Mv`w#FX8I}KtP2dn zizEDdS3)6j2|t|5FalV6zRQPCEXpY*TsknjEhbM`nlSd%I|qqotg?fe3|;&?x2JkW zh5UfKJsk*}&%oH%ogbz5YKis&{?w@BiBts8T`i_u$jw@Q=(t+67_09i8kri@y$IP% z841g1qqBO=z*GvzdK$Y%EHEhauyPL_^SMPB93i^~x8||+@cIeYSbZ3C8t|tYe042l zrLFTFNcg02W5MNQE$#O!^nRTyF(5y8VN^S2z(h=3LR^zx_8Fjxd$s}E7se02gtW`-JCNY-U%IN}-o&Skb)VuEnfG5Ev+6`SmuM$tI`hH1=;U7H-jvLbQ{Mjp~h73O0fYlcfhWp zJ6qkqV*DqI2}&1S0WV)exSoghLYB`9Lr0PgWr6u1q_jY)Oc-}yEk9K;n zmhL??A`6;s$rvj;lMq~ZVG&SMbG86?Gz$t+mpr_=(p}$|!LO>Jp|P^3!8@*uKZ-pQ zLq@DY9%uYJ$|Hb1H2}IqzjQp#YudlM)&%4XRYYM^ z8l#(jd9+hA);|l%x1o^Ix50ju={2_CcD!R{o?hv7=#aI0ro*>`zw;C~&{()}>Dk%^ zloizdY)T61#9YTWY%yq7L+1!G5I8TS_-L)>QrakuoYgyAlG zHb=LU2>lz(5tj?PSQUmF7+kEled7D#z&dSap_i8+8{nG20hZ@ad;jGgBPb;PhkI0b z1maeU?>R$DRm500oq!axOb}5?l34N@Wfj#cVyAjoQ*9`%uUrS)HNKwps2BO3UY05& zI?uXkNz@csM(fwx;?t38AoAe4UDge2E??4AFFR|WoLkWMA0y;eQzKALXUOTG-5u22 zD&BzDCS;T=^`Bhnx)fYuMYMz6WviUYbY!noSm7o4{3s!AbkQoP0C+(pK=#i(P&{p2c12Y$=g9VXpgy|%N$T?F(-YsrKT_)0f9 zUB$ZOy_Db52qAb5Bq6%P_0_nU+Atuc;@*-Q)Q!Q^%5`7+ot22&&AJBK+Y899XtK|b zI!u*MUrm%+z_yZB`LRg@N6W9{jf{tDW%-8bjU;C!c7{;0cS0;oGYrB_UPL)#ux}?I zn)4`}_$>tw1dde`0|@Os-S?ACSj30?`V3MrbSWJHA#ThAh!~D;oXDo=LM{6u>efwK zqNOI2j*Dxjj!{}`m#p%7_h@nJg_C>k6ElkbmM*kT1{N+R$GvXQo+nFlrE9fi|I%kE zo}bjUmpTmePmgpvOAwKv_SY{G&6#Eo4Qki1vZxcDtB7Ubuzr81vWj6Ft~8si*mia- zPCBl%X4(Zj)OI}~9NX?h@z>L;4Ys{sX}NA0&)McIu*YI5+!jEU#W`p|G4haimi&1*|B4&Bxf=0G3Dp4ZT z`p}d;o$eqbo+T1kd5xBvwgF*T{>>*bStVc^u&x5Fx^pxa@2fV;=#mPEr61~`j|Qy; z*U|0}%Y>RK9UPgC{MZXkrE*=I?mYOOpeEK<;AR~SW)2TVuQm$6!SQ&f;6GpMKF}Z< zd#GUS4bW4!`>!A;O^?Ln&HZlVHfv`4@~5Kq4s>LYyKOWa9MhTqp%?DqNbBV>MQz2vJ~w2xBo|bw7$%9um3&(Xpd?CXpf3K z|Ir?|1>gQoX5qc&VDHoew8u+HrJm&DWStDDLDa#uD%DO`$!TF;S<9-ZF%nEyj#>lE zg46Isso#f+b`0jKn6R^e_g;@n;-R>uf)(`)vn#|xnu#+SQS7b@W-v~rtR!A{{ClmD zSLg_?P-jK$hKSrU!&T?D{`Bloz-OBF;^i=OqXDJc%Zg}k((z|y41%jaauaMI*9n-1 zYC0+PoY6WD_0s6C&V4(##jIlecDBZed0uI=X~`O=tn=3plEpkqQI*-%-}9QL`Fjw3 zHzyirDLr*2rtlK3xnpMAETk8%{+1Jofeg&DE~$q>vYs;b-8mBybjnut^#x18*dI_3PVyx(C3tzokh8;@FAgTp~T^6`+Tr4^-kbBh$# z+R(`l7LxTGxze@GQI0~68>C5P9)w77LI0}Bhj5h)FE>BfS_>Iv>IGMTLmzx3IQHXG zX2EwvI-i&M8N5W>9ANh^?>|rfYrGxwWmWkqa$5+cS6{48Oci`=>{)G=rWidZl9$( zTHzn;@v4ucQyyqTyWb`Ubfp8bIv;G68!GD;iy^=U_sZ>ekAKSw+hp-1^A&?P1a+cb zO-M~o7Z;^KDG5f@9j`Vx(;y#z84b;%C5y<{gU(^!GDhP(*)(K#&Dfx)72jw@znoTX zf~8Sv47Geutc^Ca0y;6t(SI__o>nIzeOJMEPjIE?xbLs8jWE#R%qWIqD>( zUTN38@VNgD+S(-2ZrG6bcf6w#M6fl@hL!!UBr^+PJ*^LCtUl=!h-2zfpC(~p1aU*FFs{XP$d$ACHO7)I9qPh#n3 z|IBT%FbJ_S2pRX|M@gCh+~=&3VZiivH&PA1in;cUL_A~STJ-uA=~SxdNM4t5Kvs$QJ6Py8~^qkG$=}HosIOV|3+D; zS+qAo0+);*8pgN=EwtzFd8#mND{Uqf_d=R(YsVqBS5$qz-3gk%lFFHgBmv4;A$K^b zA-s>Ymg0y)Ddi7`J--Q&SkQE5l5kSx^M&P;HUDKjcKpYBEcz)fg?J3G9+Ncz)+7DS zKh~q-Kh`70f2_xz|7AVmuq%yK9%x5R*pwQ=nQy(?L$r?L!*Ps>jU4N>&u?L)$;QW& zZP1II?72VVve4&HdlpqB1wO=E&pxvGc+G(2mv17=i)HQ#nO3?KS1iZ(sE&Jdc?WMy zoagS25N}IFhj!I>$%>9xuC}txGwy(-Vkk$C#E{)l<1-R{{EzimN^3X=|3B8F&3~-N zj;z3WJIJJMG|oN_OjkkbX2=J<)w-q&0Bf*G&wt0*~#?)Ceq zl+t?aiIyfCo;7)<3YrMN3Rl@=S%G53#T}S_3^_>oI)7+drJhxz53>19FeC zr&W?OZjw#9|5%UV8Faip>1%v{Y~LHhGqwi*wDAAy@B-g_`F?Hi&vtb@;Mx{$M{_UW zvhKc5x>j$zdlBWek@@FuzCVCz?w#-cKUmHmFO1Be850k2x!pA-ofqF(1>UNYdzIFK=o ziz)#ujn+8}X-+$!sLMOl;wFpB1=e~t8Ml7hX4o2gME#ZtPIq3lf+6r#mvK<(&%+oa+R3 z2jcrih#gm}t2Gi@(-HrQ9F)pMt;RP)TIUw;j#+|7f3lm5x{_*#S7z4}gUx`0Jpwk3 zVhL9=Mk!WOH=vCV`)BppqOz-?plvJxi(>OH?J)%-jZUswx^sQq8Vi4G!ZbVL-fn7e z4Ld7yfc5aTK=v-3JSeeVPo@4kg?_h{oE3Y2`*}~qt zK!nkdkDWXpl>H=1CCZq4&RB5IRAc6uk=S@hv6YUyPdJn_4%im~K`RdA)hV1W0T~^; zVdEVJZFgj_xmnr9-8UjxzWyh{zqCg$Y=HJiBGS~fqayMY0qYm`f72ef0ovny$jJZF z9{v8o@4cShf{SQ(t;(Etj$Ebwo|M?B^UjE(X1;_HPKTnhB3jWf!lF1E7mky{+;I+4 zn%smfFwO88e>0~}huZE)fr0b(lI7R$GAfcSg5?BG>L1#UeLwWg`n;tb|6JH#Na{c3 z*x~1`p+$3HwJnQVn(vb5qo)nkR*jdP5su>GS|m8Ll!sHFQ_D*fW{~)bT`}cId;hr| zrN_#4JyswwRWQaATAbeI%>I&vENStx7b~Oa>;0rN7OMEEsw6nO98{Q@*hFQ1Bg+); zhzgzcgn3Op|4p0YEDv*z zPZfe`SE$jV(`2)XOfwe>WvszQMFrgl4J)?zlEy!Dht`52kES|w(VqM+sWkadCocSd+xne zyK4Wss(V-Me;TXT`h1Nt7&6R}Ut4KC-?TS|z?TxKitdgGI>_vCrl>@_egSeN%r@(g z^sUd!G+Ou=nh^;HfhiH*$jn4n^*7uvH;H6BXUsNORT?|<{A}5a1A;SZzGWNz#U9IK z|ARgH5Y)ah^Zs1L30?jMeT?k6ytTEre(abRp`975Kw5_!1d}B9bT3G^z1;1916JI7g-F2TEB8XwC z4}ykcvi%V*3Pu%+nFsoZ!gU4)=^TXsW5kMBR1gzma>m5(Y`Ax!*Z~B6Rb1i7l!*e9 zT_@`k?z_n^=+@v>{NBx6L-%>HXtvSc#yN#j4nBzAJ(ZA#{uNNr6k}I?NZ*)vOfAJ%i8+6c zhT{Q{{b`uYR;VvZEfBP*=}*Om@2d`c(>@<{KsRQyDcVN-YV8Q*XR`bJm^ND6YWbpx z#2^MgS7BwVg9;1@OUR`eNLG;eATj@Hk4p;|-~L;BRA>5^_UMkl_*Z)jE5IAaXl0b> zC(BK5+Gqr5kCBG|(jK81{%Vf~0PWHLf3(Nuf3(M43)SKi%0{>ms~82b@Rblvfm5Gc z;zkoxtV+UpA^s$PyI?&uVlB(}IRVsQOROovi=S37z{m>O{>$jZuuEC!M{PqIA0qOD92In@fI)mPbAqZ9 zuW=B-Y9K)=n$Nen7^f@)%a{OSHm_f6l1VhxknTk;r}|D+gq|rP^$`A118l`G>%S{t zTV3SzlXxKyX+;{xlX_H?M#YjSLzY+7Vi{o@8h;|%W}|Sg3Em$Sxa9_{*e}(!nfqo^ z??VFbAr6$gLNLJ~&Yzy;>1aZUq5cn^1RYau6$mLCKQo7v+A=2w%JK2<{BLpFLVXVs zF=nR)oaJ}K7^qHi5vPq#0uzaJ4tPfE)rv2T?#!9oVB5J?IQ|qy)K&r7;Q4V?;01A4 zaUmVh68Ky7iyMK8V(v}OVq@BZq6Z6%r0TNOv53<1PenbP(N18Ao4KsnPMR>hm2)s2 zN8+w3S3(lkZSTYruw1aAz;q@PlvT!bT=&+Lj%2Lv8mgfiF8=F}fw)3+YtbB?pEFoB z2A^B9zZ&S0q$9^MDuVm{md}r%m(=8=9*so+tU&_&2Lh8i0%T{(S!2I9ATSH>4pNS| zohO;P3ySJIlye~uXwReRdYO!4wP-UJl{1br8O}(`?72o zG}K!vf)a9Rr^uFy&};{jp6bc2HlO2lC+M!N+=uP6@t2F{jV(mc9~ZTQ8c+A0CaCu< z7+-J3p%0D$YiEkxWA*l$NHU_Zt<5g89goAeWwnABqRRlCBW>;J9z0!AuLc?6m-eKc z4#_=k+5AdfE7>K@oq#_d;2PD7+0u6SR`AxdRdNxuT}GvAw&jwL6N_e>v%!?&p9-02Z9tWSET&fSZAHP@~sJ}pK4luVm-z#4JQ0UxV)cgjl&P4y&?Cyz3 zlzpezo-z(=4brqjrT`MbMaAzl=L)J~ZreHG0uEy^LgNCLry?2d7nc+QCBoh%{y^w6 zQyH}iDm8OPvSNN4)r^YBf@%_!VP#B!Wp8jb9k^oKvlJ-=zIC~KkL};+uV`-_^?LvLC4<<*^xAc z^vI-+<1`ZTf6a7}97YCb`c(Fd^dUjMI+Mp5MvGff)X>d)7DVLq=p*hq>NoOFQh+1g zlhcK*iK|m3bNIjV38Nw#T{ypp-=z&oUC{h}833Q4n*^?%LZmz_BZiEo<`!hI^b)kW zQV06{S>f%+wscx$KWVG1A^aUH&z1qVLUp*HNQ)r7@QmesUrU`~jOH}iQwG&HYFa&Mw6h_UrnFW%49 z7+tVoB%5)5N-k4AbZv~P&3~>RqT)-o_qVRaF6-x5544|_fOKa1ut3}w=Tr@JotnPa z+P(qI`nEX6K~e|{R0Ad618NYvJ_0CjHmSXu6Z<|ejfZ*pC>H0b0vL#=bYsE>HUsQxBVQi`vISuBGKBtgoi4UM*-lWWqeWR}OTXE~PAMl0J_!R?g`Uoms1981SI^ z1#qO`Vy9`Kd?Czoe0t~b^*}G>D*D`Qp)n=eW;jOeX(l^J=sE!PIOv3OBV=TbV?_K9 z^+*)^U(};ewuKujfO@n#qe=ctJ!+PpY0v-P)MLsBz1-Xi2P^RZLp{3wLp}0r4j&pc zIX%Lv3{ZD%S@WaZ6q(w>D=q0uM{NIC$6w0O!&9|o+Vf&6HkZu=vF~&tx&aq?oP)A> zX;A;Ca6LotiH;63@B*k?ht$RV1hqjziw&{N2X<&gOL{-q%t|$42X(!wr;}Q}6h_lv zABy{h?8E1+W~o53LsD#r^8QpDa|vei^|x?s{Qh{7@mG2r{qz^lxtg(Y?Eq& zDJ3tYr~&qdK+9OTlMnSS-zwn#lu%w1`uI&AQTOX3zH^@QbMs3JqjhG4e}Na8*NvrS z2Kp()dN;1sb?AD|c1^T)G;ytuI{X=XeELfL z@Dw#zf%RxQjFx+qnPQ1+eYq=pf7wpH}YgR-gR+jcUvwLjdh{iJczQf;);+bluS|^2cYRUjmzOG8 z>D7`uvh_;tRQa9}wAVqSkEx2oM)_}&m}xLF^a zAC{}_$rD?x{jPgPw^B4>Y_MhUf(020S1d0bGHpvS_gXKO5QsPz77Q2?0m%6Q54iTg?T|daU*0 zW=PVXLMTMw^KbgR{ZpjwC7<3vf&qzb%IP*bhP!-@evBcOb0nQ&>M>#u~N8|<3MOpo1 z2%b}>^)c)izhNbb(`w_-jUDL00s7$d{iu(-1KAIo5T;im>g$f@^`g}g+iFmXaheJrpj53jT+OsZ`$#!(;{97uy8GK8aCMMl25cQ4zLTXx#^+IkcEvCY zHAY9RiPcKNoYl~3jL}_#=MSKU;rk{RkrTZIJ_DY^yi_8ES4Fs(jo=FmgNYx)ku+?6 z%H4K&zO+zvHWbf3$IRS0Q`7emDEC{=fW2lO{82mJb3V4^vqm>JsI=vl1V`4vR)r*G zw<1xk&}a>HdvkxUq0*UoKY{(YSt|e-kDiNzZ>F&st)kLepJxAjZx)aw$YL_v>-OsX z=d-Jb5cB>GJbC8Whk6Hif_})i}g59WzSTYC=m?)k?uQ0vpA8DO(frB&%VSG^v2scXpOMC~p--<+z+mtOdR2x+7q@Tk= z{B&n`xwGnd^aoDk9w?xPoPQf^LI1Zr{RiMY zx`QDSdY-CC)^WEQYmS6R7K}rX9oWT9%fr-Hn_$Pz5!Qxjg64?H0YUSx~vH``g;o`UU6fm(YD`gG$6Ekj{vEwnbyp*CR<_74&Q`PXUsq^zb6L$x1 zU3Ma}n(uyAK$8~P9it+KwJdV|)G0zyvyV?f?^2%O^D1o$F zYzo-)IR~u%*~u0zM)mPu`+3@NJ+B4sU;c9t^}%}J{_ET+;W9?OX$93rJ0ps4ep6i*XoR*&asknqf=~ApNrT5JQvQHf+gzoAnQx(H+G3Z$Mpbm++adw`y zSuE+Y{%GoA(Olt6hcjDD6s4Z}yi*mLa@ERF?bIfdYS}9uRZNL`f8|H0Fm-J?&XDq^ z#%MtD@(}Vv)Q-C6t;O-J%fJx%1kly%P1WjT@3;H7%~|wDP9Z8hsyG zj>#Fq%zW<9{PV}&s_#;%EZ?cWt!z_Gpy=fe?CSZ751;pd$%tH&3KiXf|BHGgVz6gB zO*E+!>HgEMZw4cc?4ohW!A@j3e+8}I0=*mt5po|Czc*48uWWfCDp=aFX$1SSkhp$R z(a(gDG%+<@prE_CD-;27x2)1{mx;sis<`0YZ+IdjcX%XvN!QG{o1tHJ6Uz~v2P|e; zvWUVODlj>W&(vAYFm&Fj*Iiw#N|7rZdT&V@R4xh4H^kwI<_CJ0_LHMXo`6Bov8CA= z6-)TXm?Ord(yS78- zaxk@Is^Xf~9%4K-__^W`v2t+n$ham!GII1yQ-^Y#mxQ(C(M!<`z0*CyMf#yluM(WH z6Dea5kzv0jF01(A*K#8jQ4=A3FN~#P^0W>wi0(BK-Dl<#t_tQ{M^tg8mc7t-l^|h@ z@Is-Q)@&u)#q$ckNp#_IMj_K{sPKrgh~ywWMWhjq3zfL-BOZ{Q zSRWRS&pz;r3u8nrVW^G%1~kE}z%Rz|@E3}A8wM~m{+NU|gM}yGBswyDI3-g7Ab-Jn zUG7=@`V|7hh}%^EyleSc98Ol|88AadFJ0pBUQv$YB@lovZSJ>b_XyK%uoe}1iT%|& z-@U$Vk=5?~9{a0ElFHW>v$SO1GP`a>Zf08@&JQv3h+aC!SFP|r*dueB3-voQh*pf$ zU+j^L^gq}m=0Dh@1f;B>iGZ8tYo;EVFXCV9ku3>y1RlB}Fd(T6bl7ZKNaQ%OSh<6V z9>b|l4++r~D40kBG8&bU!$civR!usOexc@BmhVVy*6-62^y{-`81JNksR|T4tp;S(XOoE27j%e}yV$8r$B(_U%wBI^^novR z73q!Dvq>IbFsS3iz?8dGIa0S;YlO%DRtm-AE%ZpWATk5TzYD*5CYu@ct9n$dtGyKO zQj$|fh_=tIr^h$gdnMDAZOBJyjn9ji!GsOQkl1aqMSz+CiP-l@9DF%CKNMpop--j_ zeW1`HNRU$*FrRf7NcqWiN(hN8REC2Z8`F$Oy!|Q|%{t*=jtF7>lz44fr1Pg`dAp|ZEvBZCmAr?|Kh@sp5u;T%Bxyvtz!HckLm(*8 zOi``3|2886Ib=EQzDoSdxH_9LLukzDa5{IDEQa21hfKucjJiu~DPyReCQb=T-SHs{ zH9=z~P64{H_%QOrXEI3s%Rb7ZVfVGQQDH?pV0l|gA0U*qAMC#VuB<||>`?S-!v0_D z(fuFm5xnwfOMURK_2>dxdK6IhN=;!VvZy44IE*DxiBZaGsf(kUU8ZOKf*BMb0Zd?s z@_mW1pXKd$)F(PkuYKqLZ9U=y0}UD6r0jIMo&94y0#ZHbvOqylM9^jR8H*D6u8ZGd}&aDxx>m=%P5wGfcYU>*wS)8~kyls$M)wQH?zlJ1{>p1;afGTP~g z@-;_)J937ae3H(kd+h4Pt1V&#s;90T&XXCcSFcmbf>+&eT|ohA8^xbIDm`yu=94?H zI~>2>aw1|~FCXfaNA+W4q&Nc&%3*4Pl%yQPmE)1$H_ZBSy1n~4O}sC$%|;}5l+rLp zlP@cL8Drpy$JCe(r(-0iCpu2sN?^cHF>=5POPE>&aSCrOhF<&$bCrToKO^!y)r{tL z9oTnPZsP&x8K~_7(*8i~$r?9t1(b?yYz{I1YEtB;&-&)C?r~h@7O3|2O|2SQ=al~S zk&p6NZ*%LQNI5-H(sjAbP$&gL*b(#4%g4#EPr32{jalUf>VY;phXzO8vntkRv44mc zQ01SGkNU&t>zo{JOZUT%lE`M2Xb9BrP@ZNvR0s0WdI9tkxz;)3k`EivUOFEYQ$ z-*Q7|uU8Q~f2qeo0QIP8Tc{-!AE)Y14AP$(~%K-?>ZI%=w zWe9e=nfwpeL>KNL+(1q32tjNb|>>|5M3Vro7f)=`Tfle@fPiMuTywY&Ojn_7op5OQ}JJW)us3838tbCuUn@Fj6|_mk2aZ9B}oOT3B3V ziuuuJU3|uOw}uc>-zUMy;ffIl$bv+Wm~*{3`!WvX-ZwNu@4j$+o?lY^?MDBitYO4s0v=wr%?qqJ znHp$ZIbWKrwT|f0u|?ecAzyyXRAlW>v2_9a<-1|E7I!u{R9}hzHgZfrMPaz!neW?a zT~Tx!aYmOrrJ>V;!e+E`2-_!E#honvWc!o*VAwHLAdCjMc@+(+^UXj(jw~=VCX2oE zrhHe5BN#0Uwg;PM)hRAsGHQl*zLYC7*^bcn_nd&C^(_}znB~l9ws1C0tKMzGpjARV zm%MTQn~>i-Zxo3fBPk*N6q))UQ#=5AWb?f{Bg=*6i1`h4`nzo19HztH30uMndje7ukc;vp!=6v$%W34j zJ`ChajK_WtE=TvziR-i^OH!rf(6YFcBkR$T*i(3yD{UTOMH*i-^dV@ooZGp=TYGmS zgJaz{MTI-$hm;K9UF@9WdQPEfZ`I!Dla9KbQ$Zfk^hsQBmI9RBzwgwFH*GF7V+PtE zc=^GL&ec@@ru`C*i5+!i{x|d(|1an<29DJGU(h4=Qk_)R|3Hrz|3Hro>R<;}S=&ES z7u~+6OeN2A`mn`P4zeuHsVQV|Kx#h3kV+wxWr#5Ef4rTaJ%>W`S^RmkRQN0*aWvyD zwK23+_UjgP-v1MWg`;7jsM1GxcZldfkUmnM^tM1dV!M>Y<5Ou~f94DkGub486MsD# zG#o(AslP>bUKO_Vqc!5`Ui~f`L~CW(}2VIleF3B&JJ8&f{V{cnu1U$l~Q8qLpo zHyMB!Z=a2T#(+!BU`y%Hb4M?4*bCFX+nl0{KNmx;`QjK*6;}K>u_5E4t^cMT6-eB&!KLB`v<{eJQUTOs%&ePEv^`(& zEoH5MPF z>f`%r$vxF(ZZe1*OJ<~O?(n2cKl=WQdJG<>To?BB(n~F=hn{7&0@gEqI9haeA^Ed+a;$7;EE7f&^%VAh&kNv zoJqq0i17n;@)mD=@IIQhNGw2dC{<+N{TtN!6&{aSc4=U+T<{jlJM|G+%gFipXv^x% zuW7(g0$XrEhc;>Liz&uHWMvFi(pGkQMQIr@nY7%7AqazW=S$}vBNJ{dYCdjfdne! zM@zaANpA+G!kEC}RfkQB{p&(msx({jHmruMg}7WZ);K<{E z4IIMXB*e_XqDVIvKC6Wss{~%q3)i)aAvF?=WQ+72w>{t$CA<@%gm7EGsna`+{!2aD zZJ!)d&Dx(det;-_uSx@nN-2)c?ycBH$C0A%IC~sZzUDeyK$lD zXvBQlm_4~hy=#ApC{la^(d3E$m-INQkWqJfH>TBnv{K2nPm>D$WF&)X6L|Nm>Lh

    )3q;gM3q}|oF`}EvSBnuHO|p8^y{TO6w&Nk6;0g!tuh?= zTB3yP@Ce{KschRhnRb%%pxAse0rNHZCb(;RZ?%!X(*Xq6_=61AwcMp6K5aGV8r5-%IVVX-9+S&)fQ zY6O)Vnz-~b7Fq_-e+Z@|*>LqTZ_6A(s@LRMti&Wc_y{ zpU?*cy}kFkq#Tz=-X5$g^C-?)6W1ZQOG!DcX;c~TxX~0hG%chu@vJ?iY+3mO)DsX@ z1xR5h2E_4eXa$|MF~Gfe7<_Fvpac0SbCIP}262epYRGL(J6kF+fR;}%MX%B6Rk65o zhpBSyw53MmQ|6sc*XO@wH0~cC1xVkeVL=U#((T~`n8%p6e>0C5H%17e{KZl^#*f ziwFv4LxX#?WIwiX{xHaWIqQD?-EXP(_FDA$kPiFj{jxZ&7ps@&*9qsbtte(33(ruG zY7GGlEoD~o9t@WtrVjiRNl=F>p>1s9FVS!p*X7Q+y23ow53~Kr_TeZE$JO(Y&UV;t z;1cG}soiZ1V569E7sV$LCfFLIjiqKC2cCotBy2Ffhi|9;9{jzE52C>U=8+pC7{5TK z57D~Y8$)sK1llcz;GO=|d@rlks*o!jWW&RdI8O3^na3F)59g;lX1`>>gNM(KYKs12 zgVOxLOf=eSn$KsT{tu?`cRUeb*@G#~s23PXTLKr(_QTV6vUFIY zA_#!;2+4uw4feH==3&MzQhFw~&VDKfYz5q64hq$*WAQ9mBvCJPKwfb#wO`Nx#8{0? zuvOq(Cu*LaxR(@#4#*!djY8aoB^KxIHJ?l*mlW^+Mt(D|ao8A#`wA2(wPLE!^e^PG;{QV)L!>5@S!puz&wph(Q=S=O|0?FvWg^cY zF_#)cB-dQ@!R-DD+)R$feLpYtO(C2s7DP+A-8TT7b5nwE&BH;uRx7X_;JD!tQ;MzI zs8cuH2tcy)so_Ok$?o(-O6Ab|x}eFUzby;;mf<|e-wT7ARtbi$g$iSV$)nKLDav?o zJDjYKXe5?GhlNR_2<2SLK)t{6@@zXxvYz_uXyg)Ap|+GaI0|;Y25QM)e%IX_KLV@6 zS-waSgwAK6fDRIot=5p`M9=)U^5|RoH82L2^zMr=)HD~`4l~qpaD$B4P!9ffVE!vI zs)%;xapGIQ+j;^%GHrgx&nPyR_Bn~^{opcm)t&r-rr3S)Ik>j;C=+}oWd)}6G#<=%w0o}a=1^f!vWKo9oGPSY zaxO4+9;NMsN5B@DPiYnxVZ-!2LuN>Q$5bFUC`C}n1O&CpCz!ORUMKBWng1X2xP8+0 z$zCL0yq5x&7d;hNLIedVBx~P~U>CLqIFE`!o{^EKdfjK*-_O@Pt#&tT4ir>&$J21W zYGsppAQosqT<(($m1ag2E2f0wyQh;Y;=S0+3y)`vEA`7Uafo+PsSGYXEzH+#HRpVl zYmXLP&(i1zjOyK3tOCIn5dvp|!FCr>rl6FMk!Q?GL6Fl>B{NNYYl1bOmqG|+EIRch z`tIqs?Fiuy7N5!BK%IJ$aUlMqPKugLRfU;Vj?AV>FD$!Xc?kY$h(O1nGWBPqgTa)8 z7<{*yU0%N}j6K}Y&$cZ4zTEGxw1Ft}{5r1sweCM335a%6Vaq8@=FC z1hApSbW8$yGo`yw1b>7WlLt3D!Raf;tok@V@e-xki-$}yKtZ+CC#-uZQ?yjBfBPeZ ziqi^Jk)&JO0ZLzBK9Qb(i$5B*6O$hv4>1jHyOBtnB&+0)28c|mp7##p3KX+G`F7zp zJYg2ukFZ`(?an}~q;%yOh4GUp;AN01-@cOy%f&mk0=n)F7*uP#5EPc7=tpS*EnS0r z#+X+2U~76Iq*-@bMq;I`n*^Xe;tsVm#EwAR#NarqZubBSfu-ZrnV!X4NkF71Vv`v^ z3HcxA@rb)D|0=YcrE?_gv9z()l0;#jPO#YE&y*1NZ+mgkUp%DCdwu2&XMXXpvE8pn zeXLXMAl<9gLoHxJkd&~j&L15J%}(!m?Y!E(7%|ptikJ4%IxG+|h#ZfY3fd zn+F-z9QU1d+(caGUf!#!-}ZvAYk>G^!no2~`PU%xqYr0U+~XkgHX)^Ko~e74;lL5L zF5gsk+uyCiz($~WFW?d=i75>$BFq702~bJ-6a8}> zM=^ztNBK$Y<<5$Nt4Y&c>H!|DgztE$rmB~gL z;#ExQS958!2xNH*AVj7ag1E%vka8GW?RI6j+geQ|cv>0NR-RjnJ0kz3>cYFpANZHZ zvqew8nD%7S2rfhRw_cEg`F+{fRV?~;W8@XlKd&{OEQ7M9WB%00JD|2dPW9C`38ob> zDttNGvWdp_UvQqL`g>}X*m!+!eGlj6(42loGqC6mG8z6QQN2uKhRr1srGBJ3;j}#3 zdwF?%oa_m{?CkIF&jT_njyCpfyV=}dF2@E$M`C4gdES1%JnXT?#`NHgbl~yPFl6}H zdmVR=C%#MJw1**`^O89Iq<3!++?3L~nVTBp-jtDbjK6K0uJ9Ztk^jbdnhm=hI+aGm z<;Z_|LIAjo_rgGj2Ir=afR}j!3PWB$;y1dv( zoexSUGJz|pj$ucB7Og3%a4RCY>{(BYk^fP2>kc&z7{@xkAAEQK+z~rcEJ0=>)z`zG zvGppmG1euxO{aCn#8E4dn4e@by^VyC`WBfJ)C{4y`U>n1MP;Au1z@+Iq|v*tHR~_Y z7lNSWhO`|xH^R%_QH5532+Wp8ZUgcG0wpqO@!sXjXIM!MQ|1smb$2%(O5?8jqNd7t zpkD)s0n<`ncf0vFj)`meOt^`K_?6E)w}F(;f{82~2@jUig*B2lO zoO0(f1EJvDq26&BNd|u$6zw3;Pe?ATi)(Cxf+OFOcEspy5dK7V&-jrhnq^c_Q6Cae z0HG#vxN0o(48w&Z(F&*P*s(l4-5Vr35VOSr?T_}Zy;Tr{f<$^*eFRWA01 zCr!|ojt#ihr`Z@}{%in$qpaBpHs9R1m)Z_X4hH=76oUZC8t{b zr((~2YNBBOtQ2-)q>-xuDkF58OLSS#5wkLBje#S**~XiQ8GlhR*wGRiRgf!I>o2V1jAwBYTUL)86iJE*_&U!x1T==ql{;Y5b77%co z+a(y&kQxAbOl=b}X=@hA@^IVV<&9Fbz4F@}FXzytH&UW#D zb09HBvI^4_g52@Ny0&L842_-`=&lJCJC@8gk$zuxaJ^~8A5=xHk(k=E?7uoSE6@t# zph{$wTW_!B#zeO6f~wTfpi0K;jwjpx1`3{vR3$CC5bt6YQ-4Af zb7;8C&~IuSD7RFV2)$Zf$-FPgEn@97>{Z0vZu46IGaid-UGwo#S%;i6J25>bZwdaZ z#U^k0#eBzm5#Pqc@y^`w;Sy_pU0}^57IE}qyhrS((rak3pS3KUl5oGPqKut4i{0?b zTmy}}_=H29hIug|Mf9D46!OwDREuVnx;S=TqKz?ASwwNisS3I)Q$+xd^4x=MmHLu@ zKMGQHzsJ^i+ZWIqEgoOFo418wJm!2J_0*FF+M1<4@=Q+w%5vp=?r;%h&`YUdbadWY zeS4Ed^!bjk=UUM3`7|8W)T7|)xOEro+O<`EPDBl}U-V=dW(eilajT29>%-A3wU
    %0_4XRx14~;D_a)$@`VjW%dMS8UYrgykAY0sg+L_0R@Pnjjk4dbX_c5Zq+?J zD6)>0MnGDeLb)bmA8d%6hCVu68`-C>u&q5sH@4?gtX!_mDzw(S3aqcqHaORxNV2=a zP5)W)04pwS&o#R?USeBQ&iu3LYgp-j(omafaBciNTAu(M{&<0HeW>EgDY{{C*Zx^_ zVe;Fv+TcZCInyN*D)B0o%7YksmL=Jj zxzhl`TDw0g#kQ!9%xJr|8vo{JZV(=u*PMN^nK|76ldmhcB#IjPzA@}V)J?^IeT+q zCopmX87FHOS|NDP9%hlXMgOLY6BUsfp&|)gc@A9>6=b7%%qh1`dg%`7H(?^)Ck|)m z`yJkgAFU9-7rCU;m@+;^d9?z}*3Wp=bn5^w;1GiYSd zvB+;F!U)9ZkPM^l|L63c53WoJJJ%xNc`Q8(Sng9Jo7l#E!cv;vw5gV%07s3Pgv2TU zy-Pnx80}z`F*JlpeLX8IEb>nKIM_lmvj`(c2_~iF;LT^RgyN|p?fFw%w%uWxt!KRX z@Yj@G5+lfn(yk!1)~SJ&O0!zivUsaNgl6R*N_HF%tc09dFQsF5JiNTO1CORtf!Oa8 zPUi_St8QB+R@?T*5*(Gni4^bYpR<(^vrGprR7*ii-ANH51?K&VC@H(rgyiBstU`LdU{n&l{b%O z0lPV$FJ5jQK6N=p^sS`=-tMQJwUytLfc&hM3>hu5SfXz(G+v~@U|v4Cv_QgCp!n4! zr~0x@V9ZaXHUp%ZE>Src7k%uOIjY7Hi$JEUyXH39umnaFYQ=_~pi^e$d@Y8<$IX4I zvxCkjz3(Dt++J?!mEJjPFFv`Ha?~K4RXT?&8-wc=s2r}tmAtt`nzR`@e7!GG8nEiH zoWQQ&_fTzx^Mgg4CzL_BFRGYnG*`=40u~&CEHYO-evT>7w_Zq=j@(OUt=rr|Ovh5` zPBJtjc}Q?nesbt!rNw}?H3itbhq299?Nn5cC@X7QZ80`8%HZ?LAVVNVTOJV?h; zkQCAY53FOnBKfrvRXUr3RB`Q$jXAoCS~PkfOQj7rRSLGFq1d?C@pr>KvUkTDU>rFV zkfL2qwar!Y-b0(QB&d>+EmaBJ0`Vwwm z7K~%LTYr^L;xX7mfdrzg%w8MADgKTQPHi2;jB8Lobq6F!XQ@y7Iw5rfmGqkLwy1nH z-D3GKqstJX!@SM=OBe-HmL(K2@UGESjbXnT_P|dlT}2*6D-2TpkwOEagQ)^9G(Ula z8P6j_K#PVx8NWRLGUT@hW=&6<&(hS?$~q{_5#Zf~3UpdIS^>Hea6x-Ai4~n_I7%|C zg`!t}xoar#!{e7WS~!(Nz(tlyjUHuL79p!Dwmhw=Ras>8+LG#0XJ~o9Fp&y{7Ev_Y zRr5N_!Dv~ZJ~mp)wEi2sErF6&!1i0?bg}R#S8RhBkUh=y+C0&Abm{?ymh6hR1NFZ+ z-FC1(I5*NVE6+)%W&ELx7^av@&?zIW+DQvWpg6^?*R#?H8q~ITG#Ha0S|mfgv3srB zjDCch<|;r|I{%5_>Y|jfjfj0Q1=#@ZY`L2Ccd{rT&}i&Nh9gOl-S9vu3d~ByOFD|# zRuYNJXaDvJLZ|NXw)q?Og_T_l>Mx%uwwkPRu@yGIhyk7STgtzbZspBLy}`zkl{_OE zIfjO)qU&aS#vETkR>)oqZj0n$FU5!)vl<)&`xYQech}7^hJ|1?pqR<e8RmDOXVT&lI!eP|VZy8VyCsG|9+dJ7@}rM-);u zkk-+eamVOVtrm!!M7!op%EhSXXVkPowPzx@&G>SiNA)Pg65nCck%EsNgrV~<(FOKk z?CBJ~75uJ9TgXN}3|Lq8awToZKb07Bfw%}D$+f9)9MbBOrrsgU++9xzk$_xkfyb1} zyIPYOC@XI}caJT*7=5>KOx>7bxnkAq*=yXkrwbcXcl2J65A|n=+AsWr7>zs>cR-@e zYpm!FSyH)~5FO%rSJ-yy3Z0IJ$DCPkRL;984<(Kt)TzojsY4%KSUo0bqx44sWjt^6 zP(9zU&m%(8(@c6kkh`3=EtGM|%77X4A}&#*g&gGWi?b^2W--Wnjl5SV}viF^B;36NS1^dhfC0CT@Ct`~-0u31IY7-V|zhWV?4XZR$jNP?5C|jR>|nH-@f%+;%a$eQNFa zZ>)(Wq_p6qpuLby-!v6(>X!mafSyPqIdrlIFuvDuG&Yfb9#VG!e6B>k66Y&UoX#;G zh`73$h|&g#6xRM9J+>4M4t`_nV#S2=Nhjg;^8IQZ403x?UW&wMtoC#dQR+pDq`oPo zAlz%AG6t7pfLLn3iRZCj3RFDrUA?U!XQSK%;)$HK4&*K8EE?pt4j9R`mOB){Ie_m2 zbSf5@85rdeZe|$GLnGhUjViW@AF$EoHo*01v+$81ECoM*w}zMGO2^>ZLU`BbD#w!t zkAwRey>C3Gz2uchDs$@t3Yt_R6-VABfm+AZAlE*tMbSkjSNKw4%3eUH2j3lz!OBv$%UMej&$ob~j1JRQ71x^+hEF|5(gc000Z06N`a zKmB`ocUN`&OtN$Hku;sUQ7o~os?zj`sSK~sz1N>KuD7F1h@HiA?iYpoVAZQU^JqPn zU%jr%x?1jP4B&EGvHiv(OCX5?(c{2#WH5JY{grGlltnVw_WA)XkES{yWg{%3*w5l6 zj=9;1E8Nmq4Y_;O+U_EYGs;;`vGx))FurkMGA2>)DjQJ|9=^o-uOC^L4=PLAt-2V*i2qdVO3uxVgERKt~RZ zOx){m6;bH)RJ}ZSdx=ldO}fMebWvmRTdppfmr=h|KNxO>^b@Z? zDAVsI#{&931{M1Cqe(bgv5ZP@4#JB9He&Mq&E^y+O5GWfI^7F7z<9jxg0N6K0#q$V zJkGpaf>yOeMIp|wV3FTD7pm&o8COHajDBOwt{&I&v$Sx#bhD4n$%n(AU&RvqT;9Tt z04g+~oBo*KMcuK|gLode8?Z1RH zXF(85>)R=J+Dx7jlzZZ=uH5_C|Lhdecrmdlh~$9e;ikn!%6{hjyLcE9NF!@pmA)KY zu+Mj+7;2Wb9Gc0zAxT}2BCw)Bpp>$p28xQsn6SK zD_5+HL`eCn+K~#+UZv{lX@>C5AbBT)N-if)BYCMUs5WMMEdw)A!!3z#}tsD$>76*rY5hii5mQ z>GaznFl)HZ2@A5{77=_lc$`m8tPMK>Iz*-TcP+;HG6{pH(Lc_G*&gA6ECu*eon@`p zMeUd`vyaV31Z+nx7cFCeGee4EEKT><=`n5&vlGL9_%xU<)%4$~p!1J@vwVfn;BR71 zQu}X}?8oMYKeP)xr!NsiE$YC$Gdbx4mQ6z$QG0InYQ-HJFauib)ED5xj#Ig@8A9Z3sj5Y*sm8}DZ$7&;-_ zr^Yj`*K)heDB+q-FDm3l5`7;3inYvC9u6ByRM*oXfj>QeP;HL8KI$&GKRi~Q&JM~o zUlm^*WhRf&(NDN8_k8VB^vtj6`b9&do1TpM=-`xFqk>7RM^yIY(~(;F z*U0t1P`kLRZ}vMvRwiDtzJCPLyrn+XIyzxrk&|Ly@nA7hN3rNWlx41_AF=)x0Onye zKwE`HL7V`snt7_-DAjqzJnb65SB;lShQP#GoRyYjAV{&p;bpO$lrE_r?~h2JE?P)hGISF4 z<=;6lQyE>*hlCuM>70@LG2CWc8rDe+ophGg3bmP;z1xT`@*@AWGyAb8ZExE4;tYIn z+_v)3w`y1_nT>5Qehe`FMyFPmB+oE&f@;3Lr{iTich9SU z!*eqB(bDK!z?TzNf}OZ$xpgaskSBaRySb+xh0@RCNi#$`mX`^V=@J<vocSg*Zk8Oq*7WD%IRY{4nw(yC!XA z5nhb8ImAyec3dx{ezmFV%ElsQdE62~ME?7ZB9};}qj(y5u8NrzUPIAD8J-EDkxvaz zu*z>Ozg*Z1}lMsQv>3FTF%?$ACJ;AoZnC9 z%X*uG$z0ec;672Z84N#~9k65!eVJU)GZKwUhtjZ zT`_!rWM7fHG~pMXz?Bnb^n|}(SMd!5t6|gfd}JtdD~?Cj{70v+#L@R-$h*Eab!4R8 z`^bt%xJD2_qG*$db6Vtvrc{LU3y~o*uQ@mS_*h|ke5~le>b;5*W6?g7rJyy&+5W@t zAGoXVwlBDrj6Fn3%H-k1&)KbI2F0Bhg9413E$)7|5{P%)x2S)8{AfW5GA?4MOyQ#| zla1`>%Sq>fpujhL^aL#+jIA1ypgViKIn9tA-)Em{H~n1tVWp3+{;4MgIC4Pl{WvCEFJCi;OCK29JS6 zQHu0qYq6#`ns$U8p5|(6bnEtL3P58DZZmkKe!1%VKVq*7z#Qdy@E@^PX{er*pjfoV zMi-K0&`)S*9#z>JG~6S!GiR9NPghI)a}FJQBVQ$B&YvKPOXo$wT8`aqr8zsbdBY12 z9PWIzsPgFzvFhXXVi^cHs9-SB5CxmdU8{8d{Cthczuv5p*So<3g#7$D|FxIp&ti9n zZm`|E3lZvfGMlRXL;-#=up{Y$B*Tp)ZL^gxv7 zl=lKDbn4YEUlnYLFBd-(FXK!m)>>m^;QIXA=%Vr*;{S}lx(~@ie8Zc`*DD)q8fyfb zxV(PCkgV*@iTC-C5eS2wuv;=3a_BC!r+ z(K8v+jGr9!C>{eKB}}@Pi)zTMfx$MOz3A&xyFA$@)B828zG6|%qvwrs!@JAfp=@}(I1NUA^oOIuyh?l+}hAb7D5|8r~VNV>lH zEWBBsYB<7%Bay|C+Dgw$0tG}?(oi-*^4xEg;vW)@hYXNrjAgXU9)BXdxo4(zN_vm_ z3G4W{D&5{qzXO!1mo|+PCH93n2Y1K5frlI9USCtxWY2-4K!jgHfh6cWo;oD>Me*fI zz&_6Z0_VObeKl*KrkonsbPo94?2!9VW^96CzE8|PnAmgG^}~TTF|WTU#w2+#D@Nj; z?3APTmqP^{wzlc7y5%-!5P*vrG?FwF+kWT)O@vMjC!M^Qv0$W{J`Gh);jU68pLgz^ zVcOd%(aa!Zw+z2f`3k&AQ~Z#U(6c=1iA0N;H(MA8Dh* zoL*aYsdp3SXfBhXIyk!9P_Dxf_dTItJ2o}jKf+YQS)yYlrKEyAlHOF=ZoLi!KR(?Z z8aoTtTHo$$;!!n~FMn#VRo{-o$OhrMy`(f%JDM)+tk(MWcP>zS*`M#aDop>D3?n$Z zotBwsLYcB_z!R~o+c!i$HU^-}RBN=yn@bhbkg^Mhta2Hnor|)tZ-}2=Z_B_jiW#HI z?<^JGwu8gWe$@#+FbqomowANPq+3~DrElrAQo)=h=1 z@okBEMT@cE1-W>P!!fChQTKYmx6m{<(ZMP90w0gdM zc-B%)Rho-V<_UFEn(g9pPuuHc;)t&iY0rEj5~!ElTD#>LoAHUGTC5A%<{r zN6qepiooqk)aL%-cE*VvUU3=`q66wN6jqdVT7(TZ9@=QhZM6g{c*cKi|HGdn8F>La12@YZMae z@}7i#>KPMH^#N3~K#>|zG-qq$=xp(ICawBg6z3kaFxEv;GXOf9rCTQDZjSjhN2k5I zYnR4X|AE4QV-;<#?$GnQrqP;484DW;jNDF(y_hCo!d>_ zE0=`VkWa!7r1Y~bI&&umy;F1TL77vdgwmopK*BW2SW^zfcD^QH$_aCyFs5hAz>VtG z?o~-@OiSQsIL;(!UOEBooDAzT`5={GEL z5H9sf<5GxqO&VM7 z-uxAKAevD_>MXwOThpN|o<73gHDb{6Ec*%=ItTA5drUDTy;8y?Jar56;} zk7>8Ahjs^0h;aW*hr4Jq&Q&75b6=fL$bu$Iy=__}!rjAZp4yxXFUz2-PK#2Ow31~K z_N*ra&nf?iIyz!FTR#f*fisyap_bx0j~p`hk*+mw2wZ4Im4+=O?3E&J?Mn8N;I=HY zWzK)DE}>Rbi)h$_J>iFo!y6F~x(`%T^^R6KP#X+5|J_oV`oYx`MD~hf1S_X8JWd0& zu195TPs!X=q>pJ2L097eheWiZcW}1MM^$`OW4wH?9q-JEsNsD>iqr%41d=QH9!pa* z@MS5n`BcuPt12F*M6>GOyk}C0?9gkA{uMnaJa4YX?z1Owh#Xv(VGj)qdeU|u_$zw! zKB)Dob7=vT5UQoRABv~>xS@8*cA?{$66d05!`w8;U`yAjIol`?sD1t7SB%Z+<@|*; zIQ^=B)FEi^@@oDJaUNAjJ4hOMvRz*%VOGFWfES@)y1TT+cXigh6i*h=t@47rKJ@3{ XH!ha)z!+fV-e8^CDFeCtDb5I literal 0 HcmV?d00001 diff --git a/src/k8s/pkg/client/helm/client.go b/src/k8s/pkg/client/helm/client.go index 15a5b5b69..faf2ad031 100644 --- a/src/k8s/pkg/client/helm/client.go +++ b/src/k8s/pkg/client/helm/client.go @@ -94,7 +94,7 @@ func (h *client) Apply(ctx context.Context, c InstallableChart, desired State, v // there is already a release installed, so we must run an upgrade action upgrade := action.NewUpgrade(cfg) upgrade.Namespace = c.Namespace - upgrade.ReuseValues = true + upgrade.ResetThenReuseValues = true chart, err := loader.Load(filepath.Join(h.manifestsBaseDir, c.ManifestPath)) if err != nil { diff --git a/src/k8s/pkg/k8sd/features/cilium/chart.go b/src/k8s/pkg/k8sd/features/cilium/chart.go index 2452087d4..a6e9bc310 100644 --- a/src/k8s/pkg/k8sd/features/cilium/chart.go +++ b/src/k8s/pkg/k8sd/features/cilium/chart.go @@ -11,7 +11,7 @@ var ( ChartCilium = helm.InstallableChart{ Name: "ck-network", Namespace: "kube-system", - ManifestPath: filepath.Join("charts", "cilium-1.15.2.tgz"), + ManifestPath: filepath.Join("charts", "cilium-1.16.3.tgz"), } // ChartCiliumLoadBalancer represents manifests to deploy Cilium LoadBalancer resources. @@ -25,7 +25,7 @@ var ( chartGateway = helm.InstallableChart{ Name: "ck-gateway", Namespace: "kube-system", - ManifestPath: filepath.Join("charts", "gateway-api-1.0.0.tgz"), + ManifestPath: filepath.Join("charts", "gateway-api-1.1.0.tgz"), } // chartGatewayClass represents a manifest to deploy a GatewayClass called ck-gateway. @@ -39,11 +39,11 @@ var ( ciliumAgentImageRepo = "ghcr.io/canonical/cilium" // CiliumAgentImageTag is the tag to use for the cilium-agent image. - CiliumAgentImageTag = "1.15.2-ck2" + CiliumAgentImageTag = "1.16.3-ck0" // ciliumOperatorImageRepo is the image to use for cilium-operator. ciliumOperatorImageRepo = "ghcr.io/canonical/cilium-operator" // ciliumOperatorImageTag is the tag to use for the cilium-operator image. - ciliumOperatorImageTag = "1.15.2-ck2" + ciliumOperatorImageTag = "1.16.3-ck0" ) diff --git a/src/k8s/pkg/k8sd/features/cilium/cleanup.go b/src/k8s/pkg/k8sd/features/cilium/cleanup.go index 679e56135..78d1fd098 100644 --- a/src/k8s/pkg/k8sd/features/cilium/cleanup.go +++ b/src/k8s/pkg/k8sd/features/cilium/cleanup.go @@ -14,7 +14,7 @@ func CleanupNetwork(ctx context.Context, snap snap.Snap) error { os.Remove("/var/run/cilium/cilium.pid") if _, err := os.Stat("/opt/cni/bin/cilium-dbg"); err == nil { - if err := exec.CommandContext(ctx, "/opt/cni/bin/cilium-dbg", "cleanup", "--all-state", "--force").Run(); err != nil { + if err := exec.CommandContext(ctx, "/opt/cni/bin/cilium-dbg", "post-uninstall-cleanup", "--all-state", "--force").Run(); err != nil { return fmt.Errorf("cilium-dbg cleanup failed: %w", err) } } diff --git a/src/k8s/pkg/k8sd/features/cilium/network.go b/src/k8s/pkg/k8sd/features/cilium/network.go index 5d79a5b43..08e4a62f7 100644 --- a/src/k8s/pkg/k8sd/features/cilium/network.go +++ b/src/k8s/pkg/k8sd/features/cilium/network.go @@ -120,6 +120,9 @@ func ApplyNetwork(ctx context.Context, snap snap.Snap, localhostAddress string, "clusterPoolIPv6PodCIDRList": ipv6CIDR, }, }, + "envoy": map[string]any{ + "enabled": false, // 1.16+ installs envoy as a standalone daemonset by default if not explicitly disabled + }, // https://docs.cilium.io/en/v1.15/network/kubernetes/kubeproxy-free/#kube-proxy-hybrid-modes "nodePort": ciliumNodePortValues, "disableEnvoyVersionCheck": true, From c17d3cfe5a0d549a30e95fbea134d36c33428428 Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Tue, 19 Nov 2024 15:48:36 -0500 Subject: [PATCH 109/122] Update metrics-server to 0.7.2 and chart to 3.12.2 (#804) --- build-scripts/hack/generate-sbom.py | 6 +++--- .../hack/update-metrics-server-chart.sh | 6 +++--- k8s/manifests/charts/metrics-server-3.12.0.tgz | Bin 9885 -> 0 bytes k8s/manifests/charts/metrics-server-3.12.2.tgz | Bin 0 -> 10395 bytes .../pkg/k8sd/features/metrics-server/chart.go | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) delete mode 100644 k8s/manifests/charts/metrics-server-3.12.0.tgz create mode 100644 k8s/manifests/charts/metrics-server-3.12.2.tgz diff --git a/build-scripts/hack/generate-sbom.py b/build-scripts/hack/generate-sbom.py index f39270361..cb8010b25 100755 --- a/build-scripts/hack/generate-sbom.py +++ b/build-scripts/hack/generate-sbom.py @@ -234,9 +234,9 @@ def rock_metrics_server(manifest, extra_files): with util.git_repo(METRICS_SERVER_ROCK_REPO, METRICS_SERVER_ROCK_TAG) as d: rock_repo_commit = util.parse_output(["git", "rev-parse", "HEAD"], cwd=d) # TODO(ben): This should not be hard coded. - rockcraft = (d / "0.7.0/rockcraft.yaml").read_text() + rockcraft = (d / "0.7.2/rockcraft.yaml").read_text() - extra_files["metrics-server/0.7.0/rockcraft.yaml"] = rockcraft + extra_files["metrics-server/0.7.2/rockcraft.yaml"] = rockcraft rockcraft_yaml = yaml.safe_load(rockcraft) repo_url = rockcraft_yaml["parts"]["metrics-server"]["source"] @@ -256,7 +256,7 @@ def rock_metrics_server(manifest, extra_files): }, "language": "go", "details": [ - "metrics-server/0.7.0/rockcraft.yaml", + "metrics-server/0.7.2/rockcraft.yaml", "metrics-server/go.mod", "metrics-server/go.sum", ], diff --git a/build-scripts/hack/update-metrics-server-chart.sh b/build-scripts/hack/update-metrics-server-chart.sh index 7d8dc352b..873257a28 100755 --- a/build-scripts/hack/update-metrics-server-chart.sh +++ b/build-scripts/hack/update-metrics-server-chart.sh @@ -1,9 +1,9 @@ #!/bin/bash -VERSION="3.12.0" -DIR=`realpath $(dirname "${0}")` +VERSION="3.12.2" +DIR=$(realpath $(dirname "${0}")) -CHARTS_PATH="$DIR/../../k8s/components/charts" +CHARTS_PATH="$DIR/../../k8s/manifests/charts" cd "$CHARTS_PATH" diff --git a/k8s/manifests/charts/metrics-server-3.12.0.tgz b/k8s/manifests/charts/metrics-server-3.12.0.tgz deleted file mode 100644 index 22f9f8dc2b1d0efc545bb83157ce93c149f8280e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9885 zcmV;OCSutiiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxbK5xb;Qq}|(QDt{CUYV6@M~80%iejM?2c>laK)MV)z;Kh z1d%NX8i@glZvFq>$E=%yFnaUODZJc zf9l@3t$OFakwW5_Ng^qW#lQg|T+%V|D4<3iDv z<3g>W{DBh@YWuA}iiyHpNSxu6CRZ4S4nWGo#@kp(O>d~ z1u)RHzL>$%*x#Jua-QG-NRouq*HhY=Wn6XO_4;1dS)Bj1i8Ui(iekeGV7dJ7b^HAV z`G45&@8th|lzn)CW0Hmv%+PD;P-P0w*@yR2DvaRy*Xiq5?wIk2NF_qYG(-jP0{xJ1 zgc;#f$t9u0=LjJoLSO(imJH@B2f%Sch2(SZmf@>Jvow|i-K)z4eLAKn;A)C;id;#30|&$af|#;23>2Mxj!LCDVE-C`$4hL}kZD1pR*#YK@` zVe<@#sfY@gV2oTV;Z!Jvqbkm5lk zmx#GUEySqeuYmcY!*PrpV;?&q8DS{g5+PirQl#kYV?1WuM>lWMwMaOSp`%&C;UnU= z4dS~WPS0|!EY=ypL?ka`)m$)uF$o1a%6_;sy{tDw%^1ykBb21)+1X;}5}aO~=j2&v zSrbZE_b--$oF~*LVK|2?q6S$}77ZGIR>M4JDFjq#%9pFvm8of^0H$Q7>?mDnL}E2D zsRWivK?BQAR47x8OD%ZNo4}ND`n$4ULP%Ipu}W-BSB!szD=Mevb8B&VH{<;h&Mkbu zICheO_(&6Y|LPKE$muxKvj8*}=%*YnKhos=tIJ>1+j$8Q#kv#$;#ZnCHG&BXs=rQaJy6ds6-rdj&y=b4Nt)-P_E7ac4B6EM zr!yMj1Yc^~(wLrx-;{tR!P_{Tzhg}PgN7*PLSmHnkEijec*A1#y87^EfqVeHZntYD ziO-_sf-|Ky2HG|^M$5Z2mNY`Ei*)xBGNK`s6oml{I7$+9xF-7X2?S_huGApm|pQm!UCZLs^MwNxyT{a zbt%4743fr*eb7venhu9kRRQ295+!QYAgw~TsF|8eDE&98scX>y7Q@S*E*;2_&jk@j zZET7G^wf_TRT}k2DwHaJMI$N)j+5%u)}>V9elpigxL*uB3)R#%D>D6@m!AyuBY=o} zx=i^52hc5^{2Y@Rp?Vpl+fP{Vf(oAMWz!F7FhQ$Imk54I#7EKLY3!El=8n(eF`c9w z-6R-w7W)kl(fBlP+*v@!aje;K$|stCU2t6=xpV`{pLb-G*k=l*5T%=F4a6~UNf2-p z!d3JU&(CAc8sYiHvzMRpKYwIGD$Q7{Bo*k!EI?OCB2(cej7tk**g-8tS(vImKJOg~ z#~}(mt+PTp!x)9Q;B2IOq=@!ULqULq$msw&3g~z9K+hsgSp8f0Q&jWs$M^3qF10+Q zl9KQRhC~@eEDnSkJAec^)so3P>ZxaALc^5f`zc2;WnnOY1I0}wper#_Q1d&W)V~o< zqENbqeb0=XIlpkS_74va8udw7NNdHCa2ja;gFyR6O=7Js7lqChq=^zWLp9F63?Y+l zG#;~|sjkY}89;_F>?xVN*92+}tk;!R_Z&yNF5Vf>#h_^h|3UGD#KbGR89L{w_7E4ziY_7UmDVV z3vK_jppK&ltVwfNoo=on#6|iFd9~~d}YV-g2==gXy|L>!G{@nS_dHE?JvDpqS zJ9@QW&U3!&{PBnL`LhcFj%mEe@9L91a0?*qZnx7&X?yT~G22RI$2VLnGd%X;_(1-@BTHjB|NZ0y)9kPcaujha0E)1Tp zKduFiIWbHn-aG54)!$}#Rvz9ExrEbLj$!XF!u^ZbtJP&1U7yRE|E%y{X;9UCv3f%d zs2*6$B?d~bGFA_+1};Xn-lH>Yt-3?vBkcXJJ=puOck>CQeahDTuo6)NW-y&% z79EPLi{FD3gIiNYli?TnT!;np3MI^o>LUKtP7yw(b`a)_dAkWnAuWNd{$=@7X{0 z)~cXo_}>@%*XxnT+M0{vW1z){#Y97Sg_jPVjvMs*q&zbS=d7u7w(Q z?ec@n<+rLkWvAnseOvsb+|eaal1y5}Vmzjk*Cff=_YQsVv&vdU{CZ5er#*VEsjgX^ zzhfb80%gv^oa#BU)}i_r;c7(IMY{n{_$NxZSlp@6+gh2pUWITHjJzU-&S0z7WLhRD z)%?UeEBR%;(~ENpE4&|xfW1TqcywmHy{GU*U^GL1#-c?>cyLC!YW-y637Ti1Uip;mz1IT~zL{O>`x z?*BRIA06!0fA>*pdb9{E$#kf(D2i}Zl2E(FqrJP?HqWf*n7G^1i*s9p6QLvlkz|m^ z@id2}6uV>j)M%3~VQwH^LrmiUV+n_lPZ+)P-O!iPcANpOg*}_EGrO(1ZY#vp!f&vm zxh!_Wd|X6weEtlh<3o&nV`^3E1(v)K8I+CM!`t&fv@@X$ikf$fy?vD7WM-w-k>uBADK9Q7S&3 z(klP$7P7JiTr!z(oDhkD%aH`gZ>ADf$^Y(2zbgOx2i@LI{@+Wf$$vf~ew*ai??@_j zfL^okxBJA(6m5|HjrQaMZ!NJc%XZ~PbOtQxRF0S{nM;C*#-%WdwLipw%G-Q5qj;5n z$I}pP6cI`2Kb1ZZMJU{Y!dM73P*4dAME)aY0h(Vk`QJV6b$9arK1ylL+@u2<{U=!j>-{K*n>rjepcqQ>HrCzN z!u02NuS$|K3kPbGqTh(9Txb5@)d8?_{l9Sj_vG+oH~;UYd};gdi%smBA?2DgMhm8s zwUydtduB1MUEdN@4D3lVym6^y}=D!;?{t#(IeGyqxa-IeE?-0`9Gp@K;wz4=Dr(X zs1_;g20nmQ_TS0k`v0VVvXlS!QMM-ke=tn5Tn+q146G)o^42|T1s38v9P5*CRt_%d ztpl*A?6ST!_QnzE=-=o|t9i`VmzCY&_57|)o8dR|z%I(do6P^)E(2HDf4%ztPru(g z*v0?dOIb1h>)S({Uk0uvC%)`zaO2|P^XL4C`-;64)8DUCfb0yb2T*Px|8MOESh@eR zApd*a-tPRzy_7F&|9vSpz!#M0U#Bep(rmaZU#PUp|J?0#*X^Ix_J8l7zW;M@yxaf3 zmvS2ezYzCXbZfJeZKDfU7>rPV;A9su@9K zz7QOGPx8DWB)2gg#ijy)i_}*oiJ3iw@__`#;fbQ@xq!WK$cQ{X+$(*tm^ABY0Z-#K zpmk%7*|(~=Edszb=oT8nkr$|0&EsX`hO?|*H=`jyc5uyn7!m1DUzIpuIS(uz7c3e( zw)s4*AhY$C7+96C($wu6`yMK%KPu$PGxQZOtrV)&lT)d!;stir)=HhFZ`EMN-e5Cm zm2$R}qqfU$mf%`XnOcA@BvZW$jTYC!w_iFpQ@oZ+vD|b+&Z>oOd zr0bGaN+y3Pfnjd(=dk7ch(+40bx_X}2o*3zPNBOHDNp1m$|<%QvuOjA+o_-@+QxI~ zm@YxN*RR&GfOpRHOIfp=Jf!yBMJX|HX)2o2j78Ss>X*dkA1q2G^1^k^kr16K@cCZ? z?T3@4qsyhFnNJrx$VoiGlDf@P9#%nZquv@6sxfC4+q}S-S+%ZPaoM>fydrbq>ZEaQ zLgZ9Duf*=GXu8@Va+jVcidIOUF=>&ZFbCyKGM|M5cz@i-3DHwIqLa&w8k*o3Js}$zK#8b za^jB_6f0j2VOpORK0{M`3ZO-I%coi-szycx=~)zuQ{AkJ2vx zMRH&Azk760m;WdI-cJ7CM_GM5uq^Vcsmcn8p6!kp5A^bw&)XmN+n5N~-eC;R7Ow7a z;jiEQ)d3g_6BMc+@-#G8f1HX_?Yby>&~VpP^Ctpd(K!9o_BKtD5F?Bw3CqVY7XT{@ z&kWfq6Y}ExMUIR5eSUFP`CZ?`(ccsfY8P~Rlb)5^5&1NL;QLTv_vYQfrl4xJklXE#7b? zf_h=TO3JSK#VGPME>(b*Fmp-x1m#8L>ip`y?rk@54|jV8-#}R<|Lt{ccTxi@X+A)=I6|t>)-Q^?auAr&u>|Ww>y1xO|yecI{d1fbz28qOn9iBVl13 zXHN#T1D>k`=xbFApOXaN(+F8Aq4=)y{LZZyqP;`Sv@|XsR9$$r+4BN5M0gVl{LYQ< zoKp8vYWm-sVi?g$%s6hYjaByl(LqiB_YMzs`u~2)K3otfk;eig12gh)HN_Z4DGdV} zPaq-wM>0X-Is5Q_N`($rWLydmQw&3xgluH=2aPAs^wgJhhFZFpo|8Cm_94cJww~ch z!f{MLVPJ&IpPzd0HV)^&V*RB;2@>QG(ilC*dvW>UQZkOtKG=Kfe>uB^fO6q@6Dm9U zUxU8mjeh4H{crYQI_ao?vY%oWcZ!Ne#Q&HkFs302=Q~eaCC+!=hraRYkfQ0|o@hI8(CK_cOo*R7*NX~_J3X)KbvsY>0;Yli38u&mX1`uy zL}E$(?0#_?m+CdQe|wBiI?4d=%=)TIZz`kkspmNV^=H?0_V@SUGzipc2mZl0#CQc` zBr@e%Ebi}HgtPY`La25I9C`hC!{F zclN18gI%@2{X=g`qKDW8pgiU8`&-kHd_@UqJAGqD`-R^-?OdG`%X8zb5L5pmW1-b&q|D-6S@b1V~$KI`IQD>`T z@9?R2^Wp9NZF9rh``c45Cv&$<=0msFZzQud(Ugbin%toCCN2eIs!)%BvbPLd_`ALt8=g?ksq)85TTv z+B`sZDQ-Pnosx4pC&~BTVVNY|hupF_w@$cm$r!t%y;E-MA45dc&{i{o5NvPhOUYuul z-#ad3XWBBNSx05&t5EFV6+EJ~;9PZFA);!_a~^7JyvC0CW=UbjO!-wgZopO(g| zpO00y@AeN`*}>N~pq|}|#0h63V@{0_WXfY@u#Ly6$4Q71!#OxSH3~xD@`SILr4H zLA1q;x$`r3mlk}*5@RmHhYQXklv7LvyiJf3$@m8tRz2y%yK~z{%&=o+hGo<`$*I+I zdp)=J{T*>U+RThND$j`HGLGFG$J&T0i+@;3a5x;ABw7kHvl9YrhMZHa9aV2K^+otZ zFM;kX4vsd%&PQc-KB{)Ud(zl>8dFJ0Xx4^CF4$UO%vq%50QD6B$Ao2TCc9#QSLbhj zy3|XF@-o8u_ixk_C29!A+GBT$VdQG8T(d0kJnzSsr!Smrm2#W5DpXt5pp)6Z+ij_5 zTk3ATrLJk|Z`*F@Z>Ak(qinUE@4Z9E8Y)|E=fJT_cFXPb9jh?6+)mH2N^i^UXg)aE zb~`7go#Sn{b8Ol<+IBlfUiXep=32||UY@>q{c@Ae-j464xvh+(XMoyPz*vG^+OctI;h!(~GP77&&?O8UD@uVxR^{Ll}!jz0q##7>#p*1jaHO zR=YIRR*p8xls!}sMa@i4OgqZD8V-kgbIef>%?GNwYE8LhsL{}~XusjxPVxiOgIS;TsMQQVOVRwmM~RgqfFY$y+_V_?b}zYMm+}FI1Z_h z!eEjCtH%l9BtnT?C_ZSkgU#p||2|Tl+to7@jo>)faFNvlOUgC8K;d($S5?aZA8t`3 zFvQzbh0Zm&YZO=y>>-zplRy)HXtMvSX)mZ`d_HU(_H*mj%b>hXF~GM{t{2>wba9GrrY;l{NfMZujmvLy+^%7`x3`j_ zH>t27esS-`GR{{}HhI~%Ny6KgYZ#u7-!OT>QD7|ZJ`4r%OSku|B)$!4e`M6ZhT*Tj zZJhIC65(4bMA|C9hPP!gqrVwuHkL64H;C3(SrnycxIyY`;%71F%LbrM{Op@YGyvNn ze&g|^VZG(^F$^V7arg}E0VbmT_u0l@cBXA}$bDty+V+2Q6*dsRwAnl?wOqcME?Y#K zt*%Ex{%aV1{$t}Zzeao`O%__dtdiL7)}{gjPtA&$Nxhq`7SnBWiHdyk5WUf@o=h-C zuD7aEk@;1WP%{A8p|P)EMDIoHh$fro8s1Nhn?nit>@c6c;Y52nMspLNxG)PY5#hfU zJwa-T5-?wMIF6BH>|@776}Y8|=Sm$l(b>m%%(#zk-kxhQ`1|Hau@1GiV(*la(zMpy zB=r@SzWd?ytjMtV6>#YG%66oFEhBVe?aeATVL^U*mtB12Bk|w{LRp3+6q}>ICO%1M z7QocX|81Nb zjFmn%jZqeBfGL^jNQH>RYSBj}uv7|V0&AO>3hT`nGY;rYK&Mk;u_U2pl(IixGPq*= zqd6F&KeZcTZCtY*&My(a(bj<#_D-2p54dc{-YF5keA4s%t4nj(b7<_H1bsTDDBx;} za*ABX>wTn&jsl!1NSkyEp1gVc{^cOk!BU6hXQ674aQ10#A`{ijab2Z{LzHgTwktz1 ztZ$BtLo#`~iZ(Z7%!O%Ben{gWY%=zgy>apKHDK(s00THXg^`BU9a$j2!zGp?^Q(LUpBMT`1W%P7<{ zP}$3AtPi)C6?-jJ5S*%y0Y8x_3Go?ZhlDIz6;%Ek$qcjRfyMChr%P{3z7>v1NPV)* z(u8YxlSU)t%A(KURiAnKjfP^}yeQ7!q`u9FKcj-O_(v)v{9v39*Lpwx!-ki*WEs`-mQV8(qK}mR+X){C z=?r5O;)1hL+Zy5;URfxU=-@$+^JZl`oX?R2bOrUV;avvxSgF4q;+HRyXy3}pg2oio znFc7CxD=~E$o((YI*5nn+)R^lHX9&9OMuRU;My;#+UJ|bI0H486(g7THqh}Cd#Q1yw{iD|u{&;4ovJ3|P7&Z{!Tv+cXY10{v z5fKPy7e8k^kP$xI!$=F|8iw6yyGDm0K7Nv%oL&4}+S5?PC;Eg6u(2KiYy2h1A=bOr z54$L_b1%dHIZBP%*;<<+5fzAlGJyX*VUrsrSDGP&Q zp?R7y`3U6|Vhmlk*X??GP;!d@waog2E4%cHQzcqJ#({Fj2MW90XFC8O^x5i5Zw#$>vvubp}vnD=1yLvPf=!>`K!6hzYUVE zU$*L2Z@mE0#4c61+`yD>V|-|oZYbLcB51$#vYh;+Li|TXbzAO*_}NXZ!)nV_`K~Wp zg|YTC#g8NH+jiUw%Wk(VOwA_ZO9S*6NN*QeD}%glQlSZ-Y4jr3T3*kkyyVzUB?ryg z$({G@X2t#Hm}w(IlT*3Zt$2*P-PaWUSWh!+@@rSlFDy(We9h9hG0$Pe-kE7wllEsl z(m#Z<9jRX;{*r_E3&a`d&Ia!j%yzh1tb_-|N{T|Snb6ayjzoy3pCue=>gU$PMS zvQzlRwN^kqTHD6@+x9~J4hmGdcxg}K9I z=`t%jnHI#NdWEgMs?bsy!9*T?P3 zH(u&jtkRB8-BL{VCfZmz{}1c)|LCy0yZ`TA3gHtmZ~$CrPI|hN54*A}yRs_}v;6-6 P00960lE-#*05SmphQ8Pw diff --git a/k8s/manifests/charts/metrics-server-3.12.2.tgz b/k8s/manifests/charts/metrics-server-3.12.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4538e8a10e54c3dcb0d5047b4034cfb23683482e GIT binary patch literal 10395 zcmV;MC}h_kiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhbKEu(;C|+>=#_3SR?g%+^m26Ty;EdwqKYj~Sx&aLQYj6F z?3qDK5)1&2G_i8O{R$60hx3p$BioYj!PbyXpwVb_HyVvbgpyNVxB~eEdFy0Mxb&tZ z3jemg(r&lg2YY+^|8~1w|G&H2-Tzx>@37rz?{~WG!@spVd!4=R-=Mul9Ojl(NW%Zt zzH?jk&V40?#4(dZQWlFN2Y_%%hs2lTbl_3e^2a0|p*VtT2LQl@k2DUBfCK>s`UyaQ z!sj$mH5|d#>#HQBK9%9r0D&AMkR*YGGs%1wf@J!c;y3D}w^gawwAWnq&q+X}t?}Zm zVOu!YY#f$OtCe-NQah>t*HA&~^Y zhPt0WVi?{d0P%i=r72HZg;5c1G?XrlAtS2laY7ReX^g^i#w@}kxG~2#)K|D? z-;oKCgbUAnp9l&y-wHbI-gspenq7w|0X0%QLNbjSgij$?cIZR zUH|VM9z5y)`zYJ+3Wp>OC77YtVzbH=p0f=f##9)I{NLlZZ`>i{5s^yM4QYr9;1&8I z;RqALsS?;isks3{LWIBoXe=2_S;|3Tl!Qbok?UxEsLT$I2@_N@K0N}CBPt}HdLLg1 zWrNf>v?dGyw&C3bIj4bYbBvjiB}$($fe_gKQ2~=rpTILF?s2Y*;IF?NQ1C~vrF3YL zhGCC|)Sn)~>F|un9!G((wCMKIFg!<}qZCK*>u=6BWD+q$+`K&_5jtA>W$5YphiMqj zJanuzbnN>qjpdQ<)p>$G9a0o6cPkABP^><*?%Q-5I+5-zyB~cT0K+vbtEK%RG_C}PlpgQ2?8aMIIy@V(kpD9 z12Gj*0V9l&Yg;K5N)xM!Guq@l;(#Ts9vFj3NQG3G2r~u{DI65X!C(qfv1tuIgV;G@ zu4)SXqWCLdzG!hABFEUrR!9aI3b#ZESLs?QTH6>88TZl6n{+J_4rJ(PmT>rh`11zw z{rATwxw#@%8^JTCe)d>!j(*CioErXwOB#ln-o@vtow#iGSly^--toHoz&I$pF2IWuaODgD#iRElIY)l9fu3_J_f)HX|U{hXJd9O*{@5xF`~`3R4oT|D_YCKE#S%2T(W zu;3LHJk=}J@6%v}R!J{VDUyhfqQ%qLEiF}AK8uHRlyY>FV9=WFH$X(=&0#NE2577XBF3{QL34hu*oChg4D$zQT|wQ;WrcP-6#>Ag5X~ znMWP2j1<)L4k&eRgp(+gu3_I3BWF%~PS*b3-fp8l z2@7ehSQ3r{?SK+!->6Bf)#a?vxr8)PqNcCL*_RK5yO*0^07A#&El=OGiBW9$(GU$zK%;<-@YFb4(Emco*6jYOnYF1Kn z)l`$Bs;a6?SwUe=W<>iVMIrN#{3Jbsy>?`OMi^;&cK6>>{U}u8bVX?GH#DFc(8A%B z=$HrDXKmYt26&s*WgkW~wrqY*|3pnGJKw^vr)SO)?CRyT8Pa0L>^qL-<^~SR zCevFME7ob`F%kq+jWr41l&23>LUBSu+YjM$lHdm#AxpJt7rBG+J?hy-V=Lwq*{e^S z>Z)U92iLY`YNs-+)j`#?@3h-hVt3ny+}oug-L}y7PYdcedO&_*VH)9EwVts!mmb?E zO6;Fwh`u7Fw(}$l)!NO7AO%8(LnQ*I+3SRbY&1Pj)Z{r~v5;J^pbT&jixaH`4fG;Q zI>01k(?~78i$7<~Q6-IoG(>)utrZ;^C8iI0?4v|ZUr~en=k~XJX{F{}$-OhJvv(g} zpL_C3-o1?_`+x0&y~CRSZ~tJw^W^`#kMiw$it}xK`{q{VTW4MP0BAoS#ySX zJ5G`U24KE}@HBHP9%)QJeF7T$VHzN8)fPnBeAxm|eYdXeY;64J&i{)sh6!@v$>gqE z0ZZop{=q?~HvbRy_jaG=|9zBCpIYBKudfmkn_cU&qgQ*+Jm=fiUw=8DKDiL!kjAt8 zu0GiUw*b=ab~}xfP6qE6v#nHie8aUemSZ0dcJ-e$I!}i~dIekV7TCHl4%DBHM)Jh? zl1bjeFb%^g{E?E74k-pY%s{o^IsZXZw}zLh1=SS+1N2EM5Cn^`>?75k9#RYg0feKm zp3s^hRKPRsT1I$vcCKJ)JOYuRzvDTl!^*~Ywj-T+9*wtK8b|E_Ar%Tw0YoEjv0X;r z%q?Efm=1H2*7p-K(#?Ip3fV)E*YiJg7mi-8KCT6hIWbHn-h1m#)!$}#Rvz9ExrEbL z4q@vb!u^NXs?}v0U7gFC|E%y{X;9UC$z1D1n1QuiVxaU|VEN!`;9_L!Jt`Bss=cn& z+BhUW!q)%Vf~||Kn@=e1`L#}hrHC3ZgXtK<$P?q1M*e7#F0|eA3<7h(gk4{}v5j~o zE^5@rBuTugx1mANmp-|MKT;;KMu*v2%vM6+4yLA}jHB$H2+U5vvj5!nQnLS&C|m$B zpV6{~)~cgYC!E{ZE8~e-Kz}1%yk?rvSV$84SfxmL5;x72x-x0rHC&;C<(<*9d19~% z=GlG6no4>$ult3B^>*e}8JGK8l0jMJTlSBwl`5Ds{2z+_>($6(ZOvKnaiqnE#Y97S zg)a@BiKiRY)@0SqX8yx1eMHf`G-4Ip&sir|cSBv2U}VlsmcrN|MnW zu^12O=q*Wd_Ps+N{H(IMB7QZd+|qtG*HqUm&fl{T*MTx;VNUfNS?l)vhj29_tD@b2 zC;WgCdb9f}dh;n0*UJ!2f`L~A7aDBUnoP?CrJA34CnfKxcicO*u)_P12-r&W26}7K z+1i0;0;37?6BZ@P_}lu|OXzsrj@wofqFjrz7;QCPK0!>=W=UuVw_JS*H7zwV@Frlr zv0nKi4sy21{$8{FKX?5{5}L*6-ZdI*$@;Ie+phb64!gVUr}f``l$stb!ap({YAlK( zj+Z3VZp3IGY_=IQ={P3v__%j!Yj7fzBp{L;<#9aC!6U^URz5Z6NtZA;5U(Moae%Re zJ;*1F-k)yhOKH>00N29a&DWXT)?Bw0Vrt=cw4}K#!oqx9#9Ms&1cQS;jD2HjRq6#8 zah4`|sBA$S{k&%b65i67MroAomCOkaQHI(qT8+S_?b7yRHdYJF#gdE%E6?(RVC{`g7cKDe@y{MT!~+b;u_?f>rY)y{u*+xrLm zPxAjhN@>m9qyrlLCs~~7{V0f=Ivm!Z7)tUs*4@^^^yl|)N|G`Q+Lesn*aAwKDYh%*(P?)kaEo#qZ!l5+Dh|gduB1MT;Bpy4D3lVyVZb-5i z+~5W-acjWW=#lE^&Uz=g&3-LV;^?5Zb2N(3#0hm>GS>GCaDZUv$F6e^Z&NXz-9Jdr@sHw?RGj(@qhPHmdyY9_R#v5fh)<0&$}92 zyLkBYDL>-AWN*dv_sbL@PlnY4C^wM*w{`<8-T#@9|Lw!Wr}H28Qa-Q!_qp5vpHZTJ znX>$Iv*AlY5)IT%54n%LfmK3t<6$?p5&SrA#0`A zYN14TRstEiXNtQ|Y+4R`{{PxF2?9!;)|0>>+nRJpn2dE~Ql=YbYtb(UMBqv9=W0Y& zx%*~r`AM2dZa+zT$j?}S%Rb7^+-F~^wz3oUi@!97z_ahnubVXbHvj%fhkWH_uKX_! z+;2Gkx6|z$%5t!(26yrB&YlD;8auG5I<1Vd^_O^4m9Wy(?HhXmm4h7> za^)%V3YfVRs@0QIXuW zDyZjaehQc(^Uqy~l&4!1#j|&;t(owTU9D;9Jw zZ+1Mf)|Qc+FXx&I1~AVz`Es#OEQf1qEn#8knl!LWswuKwHr0bd(uhdLU*c85VvHpv z;S5wYqvnzZtH4c-rUGq#U-7bJ{lQAYwVblRHQ)<`ZR4mf78~~|5-X1;Hb3T!6r9x< zwOlZHV#+cG?YXx3s?v8csdE>5l^}QZ(>Ic4k(ONha=DzEv;eClEM04RS)S9BqVYq{-tDP3=e$>;WZK9#J@_5UZqU|rWhE!+R??$!PO`v*_w zf9|K$6i&lM2XnW97if-pejcqc%(g;9>YuM;f1#ZCV+qB|S2&o~E0;Qym+`B8o{7%N zw!*?HDwjrB9BTJkEW@IqiYgwPb@V@NE#F6(FaJeyU-G{*bN}D|!Qqqqzn4hFx#^7Y;mJS!b`Su$J zU?@yvseZ`Q(A@HIERMDRqv%1ywN}la2z*21^lIMQG)Y2?FqR}NpXHnZtgK!$WXDX% z-s!6x7xnwJcT)LX-w4v*6kcu@bdHpc75)*qI)a1!{oMoS$@2eV%Ut=tj>I3fERFx~ z*5&_UXa6bw^Ipp5IsY|3LBLABD3hY}e$9WII-qt`-X8O>xE%8X{`t{#b4-8cQtDGOZh06OP50E|Skgv0>BL6p?|Et0N-#zF)$^ZK(>plN_6S=N) zq%2MOx>&k@Ob6(iBe-9RK+n@=xi*77a@|#orM&~%cKXYd2KO7@wfCQw?_62&4Aa~yH*k}Lxd6Q3N(A-7 ze3g{F?6XniD_p7obHdCe;Ukp2+6DJY|0TT~JbO{y@V)Ks?%vZrz?V~&$$xuY+nvc|MNMsdHaDN&q|6vdIq zIn{Te`6j^|oAAr#f5c*XqhzlQWy$>ScK2uezfb#r_f$U3=Kr@N|JIIt=H{JuB(E+U zEXUAzLSC|{0!#T*g}N z{P}Dg-fXVzdBoZDX?=`?gcYIUt~FLG=BqgYQaz?A{4v(;Tp7+BATHl&mfe0epLMTQEqqQA{6HgQsRSsUs4qRgb1Q~u?@{wEjmzg%XI`!M*gy>t z-h=|bbK_6Gsm+#}{`bZhMsyT2j_Ye=4Lyt&_JQg4sn30Fe zF~%@RX&BIW1PSp!k`W5e*@h2eDs-eF<5GYaV;I6HWCNo(XgqqZ=e(p7)MCB#oWy~% z4Ka?i^$gDvjzfBdfsrbI-|^sG98Q77`b&ipB*-D8F?x>o>iptdGLFtR*n8`LIXQ=b za^ZL*DqH$rgTCVp{^TwFZ}wn3YN>y+pJEcXii!rr|ClB)q#+9DTTfgj&bQuxe009` zWTgIPoQ|At|DUrBzYtDYD&X|hYvFhaXTPH_9ghY`S_Yi6-yLrvd=_BqYY_B%88|LnD&{J-~8w&AVe0Bx8fhaWMFK;Hwe{*6Z%vXSHb z3x56k*}D&~e{=o?$6*L+5j+SHd<~*yhg71$P6@cAVF&|+fca^JvBUsqY(UgJ```L* z_#xvFkwAq`T^In1;n$xK6Cg#?zdh3i;8Cmf5iuct_FOM2Fm83cw%2a$=mks#0}_mp z8_a$^$B4v|`q};BG%nR^V%t5&M=fQ5w@ zE}ZhPD71doInE3=7geUefOjXSCLe_6mr2_@^t!h}hnq!~Xh||^nQC@y{|;Wd+48x0hpUUw<^&WM+7hbos1c4SwB@;dg>mAWGyWCXmn!2)XwfFAOt@fVo z*6%cmrfwRKkVhm|9m}RuzsN$^&pe50G8MK;zmlP>Z)_Kx-$Dr%j1oCDnC>0!-yYMw z!+pzOYF=CB(vwWFmYHq6^PUzrOqnqQ%pISB5_Fl-gaQ2YLSz?Oiww18L$eUIjz&## z{3t@?7db*Ya_$>Zj>>?`G4;oJTA=_4j0q21Wv>KZyD-i{XJOylMc=z_`|!?vzm8ueDc6p7ad&O!tm_*qg2l7UIB2dO~lmjdtlUS3nBQ#S34&4yk8<>{BSCpc%7 zm`NCuiE4F#7(<$k1cQF3-Q92ZbLxCoCeE(gebGpqjPk0+j8GFwj5S(D^zJOUyB-$Y z-Dw^mYbV=%j8v(H*q8V72nQH)hL zAFFoP?e5NH2VbxB_3Tz8PB3mhNdB zq7X1;DST9`(#tWC>en|MAz(Bfm2vBoach5fXZo$hs5($aRe@u>g5z>tPvcUMui`A< zR|K&u-K_C^H>}_*mKdi1T=Y1LP>wMb@Ge14B;yw|*6-c9Z7pWlfilA~Y8~d(>bRYb z+j((E9QW5VBlgQP;-HLUJIAp$qA^}Vzm&$d-?vLi$-wM)1Dhb{RBK1on@oKXKGKe^ zJBx$;^|14PnVt8mozHCfTIXp@B_*Np02;ZFE%=6=nu@w;^k+(D!bqFW(KHaAF3Y}_6OUD>Su5QvbEjZaCaMLYyoNURp z>6Y3~X2ox|rH*Z>z44aXrls#T-OzWY9c5{4w4E2;o@33e4Y#xFSW{uc?Q|Wh_BY&4 z$FZt=!|iB3INWqQho+r_O}BGk+S%W9JNsVyYuFHdWTiHm?_VFkdi#2vo4-rC(93-AQPIA&t?xLr!BMiC*YylUwg)JI?nwWE}Mh)hDsu;2>eB zA&jl7-so-X7>(PB1af3>-;EaieIO4@m1+){RTzu(uvF^+m@K2X(FYs#f< zjfS2jFJ*OVs(KygcqozU)%66kj@b2uZfR~GXAn!15hnqH>t?Vu3~TMz3~`N(TI^Kr zJ#;?kz5Os`mwF8JvMHoO3WG@otR5$XlL#epk!>~2tdPv;nEidEJYR85Oc8rVZFYbSvwe&5{wqo%!}lJRN3aoA6- z!#9KS*2Mr{OSztLY}Z9=UC1x1upqu9qXpm@@g*5OH~PhTkg(!El4Jw{a;iglIEzY( zi6luDFYtAa+cosJww6-#CKVRMFYdis#Q6%!<{kYyNqGBm4gJ&M8IwJZLPycuxx$?I zrQ7?K65k$adt}tVhW@X=t)25@65%^5MCMg~4e!cgMt{@KY%F68t`V&-vM5T?aE;X0 z#Lv#4EgFD2@w0Cp(Ex0Q_>ISt`}LMjhtQWi#r|`!2bhW8*~zwqvor1ML+%SJ*S7!b ztFVFir7(nkspazhwb>%N67KuZ$$t&~Pk*gl=GTaCq{&Rn=T#Ehef(5l;Hg;=GpXYo z)M9$xT%sbMJVb{;s3#+gk?T#&RAhb?CDaT+7U=o~jOe|H9noa-T*HU4adRjkpB?7c zH=Jot$6#vCC(O)(b42*(tS3k4X}^`~}|aULgZhVx6r zZ?tt_iM>-M)dMb@v3E+uFQ<6;@aEiPdFUH^CqbVMDGIn8qZ}jGk(?iCqT@p+3eqOs zglA{(KD<84bglhXG2@Z=V_-U? z>!VoZZ)VyjELcqWX5uSqCoFiVw4Ny&BmVI`MOU;uU*SEH5!e{<&#O1x&o*&g9NhNp zRr#6DdL*>pn0I9f`V8tY?EX2o915eUcX zW56pCB_TeC?D&{PtAfgZkW4UZ9#{;oe>(Rz zuQU|n=0$P-I`wTv{0SA5#XnLZ8K1tP5uK4fRpJ|XP5qCE$>SjZ+P5(lKw+??Of9qJEm9PW?!Dz=9C)pc}|0p8ygK<7w>;3qPH7{|=BC6*tALl8=A1VDe6Fv~q3C1WykF&wN zHN-W%u}~%j#)BZ|&B|stpCbwA66#;W`wZ%_QhzhVFJB}ze=92s8dFe@kMc(BoEVqd zX>Tpkr$YQ>zGJOKdYme(s*#LuojXT8e?J<_BGg zN#_xN=6Gr|@g*5;s;ggKxrV;UV!p2FKTG^P=Dbe)_cKzH!~ujfqEZx+K{~Y10{v0TBo%y`Qrk z$Os?qVWgRI4gGesS);=cAFm`QC%vCbdm4)PM4wOrHq;|vjlTpr#Cq5IVHYKK?uGbf zj`Yhd=bUfeJwE1Fod1@td!adx^WT<6pw9Vr1RfLfUqiopFT{^%Y<)TB^iO5omk$Z( z6=p=j5QT&|4=zyD7sVm5{PH5b%27+xuY729@Y4E1m*x{cVPV)qPFaxK`HJ%;jqo|p z7$O>mRG`n|Ks?tw8_cGs3NS%)4dg?!c&?$pt24rF&eSx-mt&4%%)+2pXdY)wK0tYi z7(?6bwA-E@l$_$DFis7MA}5ac$J_pF@V7oBBmqDh=Q~2 ze?bFx4gLM~2QSrbKwf?%(&Sd3pCY`UWgqH)LA1Mb*^G;&`F85Mo!@jGwUl7}qJBMq zXKuEP5d+aMz~&sisqyO=qI)5J{m$z?)c3K&+{vr-Da!25hH6&(uY;tkmyNpB=idBm zVwWmhZeU8+Fh4X(H|dVOwA_ZO9S*6NN*QeOM|>_QlSZ-Y4jr3T3*eiyx`bQB?ryQ$(^_DX2t#H zn3+d}CZ}?zUGW&V+ixlSwVGzuCFSBfh z^Mm}Z_4#Q)76nZf-#_RP*pPRpdX4>@mW$g-vnxv<73nvX^C^ghxx-}PGAlco7Q~`@ zxv{;(v#>lL=x}UE=0}OK@)r`{fLKqmUSH`eE0r#=bjK)RobV|OY4`wBeJbK_VU)<} zE6TTyKCQTpT~MLZbpMyWxpTc2fGxiNOO;Oj{;z}f-qZbG_fej%0U=0OXvSyeg5z7?mylCcQ1wTkvMVyTxd>u`XnEo%2RnNPvv2j{~rJV|Nl4!y0rj2 F0RZYxsxJTl literal 0 HcmV?d00001 diff --git a/src/k8s/pkg/k8sd/features/metrics-server/chart.go b/src/k8s/pkg/k8sd/features/metrics-server/chart.go index 4c098dac2..0c01aa6ba 100644 --- a/src/k8s/pkg/k8sd/features/metrics-server/chart.go +++ b/src/k8s/pkg/k8sd/features/metrics-server/chart.go @@ -11,12 +11,12 @@ var ( chart = helm.InstallableChart{ Name: "metrics-server", Namespace: "kube-system", - ManifestPath: filepath.Join("charts", "metrics-server-3.12.0.tgz"), + ManifestPath: filepath.Join("charts", "metrics-server-3.12.2.tgz"), } // imageRepo is the image to use for metrics-server. imageRepo = "ghcr.io/canonical/metrics-server" // imageTag is the image tag to use for metrics-server. - imageTag = "0.7.0-ck2" + imageTag = "0.7.2-ck0" ) From db581acd0f008d37e5a11fa33c3dacbb2748b45b Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Tue, 19 Nov 2024 15:49:44 -0500 Subject: [PATCH 110/122] Update metallb version to 0.14.8 (#805) --- build-scripts/hack/update-component-versions.py | 2 +- build-scripts/hack/update-metallb-chart.sh | 10 ++++++++++ build-scripts/hack/upstream-images.yaml | 8 ++++---- k8s/manifests/charts/metallb-0.14.5.tgz | Bin 39903 -> 0 bytes k8s/manifests/charts/metallb-0.14.8.tgz | Bin 0 -> 40632 bytes src/k8s/pkg/k8sd/features/metallb/chart.go | 10 +++++----- .../pkg/k8sd/features/metallb/loadbalancer.go | 2 ++ 7 files changed, 22 insertions(+), 10 deletions(-) create mode 100755 build-scripts/hack/update-metallb-chart.sh delete mode 100644 k8s/manifests/charts/metallb-0.14.5.tgz create mode 100644 k8s/manifests/charts/metallb-0.14.8.tgz diff --git a/build-scripts/hack/update-component-versions.py b/build-scripts/hack/update-component-versions.py index 88eee17d8..148cd8da9 100755 --- a/build-scripts/hack/update-component-versions.py +++ b/build-scripts/hack/update-component-versions.py @@ -48,7 +48,7 @@ # MetalLB Helm repository and chart version METALLB_REPO = "https://metallb.github.io/metallb" -METALLB_CHART_VERSION = "0.14.5" +METALLB_CHART_VERSION = "0.14.8" def get_kubernetes_version() -> str: diff --git a/build-scripts/hack/update-metallb-chart.sh b/build-scripts/hack/update-metallb-chart.sh new file mode 100755 index 000000000..5f8feab3e --- /dev/null +++ b/build-scripts/hack/update-metallb-chart.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +VERSION="0.14.8" +DIR=$(realpath $(dirname "${0}")) + +CHARTS_PATH="$DIR/../../k8s/manifests/charts" + +cd "$CHARTS_PATH" + +helm pull --repo https://metallb.github.io/metallb metallb --version $VERSION diff --git a/build-scripts/hack/upstream-images.yaml b/build-scripts/hack/upstream-images.yaml index fbc74a75a..2f8b50f3c 100644 --- a/build-scripts/hack/upstream-images.yaml +++ b/build-scripts/hack/upstream-images.yaml @@ -49,11 +49,11 @@ sync: - source: quay.io/tigera/operator:v1.34.0 target: ghcr.io/canonical/k8s-snap/tigera/operator:v1.34.0 type: image - - source: quay.io/metallb/controller:v0.14.5 - target: ghcr.io/canonical/k8s-snap/metallb/controller:v0.14.5 + - source: quay.io/metallb/controller:v0.14.8 + target: ghcr.io/canonical/k8s-snap/metallb/controller:v0.14.8 type: image - - source: quay.io/metallb/speaker:v0.14.5 - target: ghcr.io/canonical/k8s-snap/metallb/speaker:v0.14.5 + - source: quay.io/metallb/speaker:v0.14.8 + target: ghcr.io/canonical/k8s-snap/metallb/speaker:v0.14.8 type: image - source: quay.io/frrouting/frr:9.0.2 target: ghcr.io/canonical/k8s-snap/frrouting/frr:9.0.2 diff --git a/k8s/manifests/charts/metallb-0.14.5.tgz b/k8s/manifests/charts/metallb-0.14.5.tgz deleted file mode 100644 index c3784619149ab9c85d7c480eb93b40ab51f5a9bd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 39903 zcmbTdQ+H-v8@8F;v2ELS#kOtRPQ|v(N>Z_H+pO5O?Yp11`|JJzJvZhUb8C&c#@bld zc^oHE3^Y2({}zx2gw9w>h1pa}o>T5O4~Gex2D6zehqaC>52vDr2B*BHosF@B*>5#v zM}8@DJA06;o^x-!j%4b!fE>l3(n~i6dlmAQwG;b%9BFd%4sw};(h>)Kj7*qhYf?0A z5UD7GlP)CIN0(RW6R^Zj1(|gHvQ$AkS~O^IK#-6aF)}ks1a?9jqGjU41#I@)F5!2@ zvQ0}*9>IG+jYiCmVcj+7Pfc%=X5ID5Mc4CnK-DsyPs?=xSj(6s#ScAp#M7<~k^|jF zN8dP@y=f>lTjVnMlmyI1E6}n=XSd=e-OY?lRx;g!c!gd)P=bDYuQ5`>T|*ob-?TUb zq`n|(X$lnteLWN>cU~PWb&3KcozV!&0eUfX@%@s!8m1)e{gS#J=akdd!JcPYHxJjh z6d7FO!oAfI zY-Kp-;r?Kp6?A4q1_G5JG730GgY{IWzbMl(Y^3$^2W|E6L5P(P(i8LG033=|cr*o+ z%|SDnt=qJ&tO4ca*3y!9lh|&OkNbQ_;U1j;)f#mh!F2SATv`eVOf^-qlh%`YX|htd zweP-RO->tt)#lo~*{STp{>Mu0$Cqy$6+Mt;;Ur;KBL1uHn*Bogz3;Q~g&vrH5C!|{ zF8)>&V{ICZ?FiruiQDce?fvIfa;unRC^>PH=lQ(9@Hr?|1v`Wr<{6Leq#GhJP-v)u zce`BWZD00s(PtB9QKRwG6~*KE!$e|0{Nj$@fAzk*=HJpokOkaq*|z+?mHvZO5Ju?~ z#G`~y>`v%8m~Id_Fm2Rt1QLAt{V!!QR0+)`-i?`s85KfDYABJkK6DAW6AvsmkOjbL z27lgP&kah~SP)3|Z#0oigCVUr+O@a8J%K%%+ctRDKjUI*9aY)pOlmS`0&ut{TUbxP z{jot39y`$nP$hkuh+@%K0#^`6Qb06_E)D81!e_>_9yNoQ?X(x744gyGM2?-vQ`&nY zpy>e-vxxu*{tDM=0`G?_PzL95vB8TB>cTl-6BB1bh=KV9YISZjfP6-9MFi;V{~Oa^ zu@0Wgs8nI5Y7!j{SGva3S&)!OpIZR>fejH5&w}Hq9ExIAzF5A}=JuC?FU|{YTeOfAs!HwTPq?0bmKG;f zCNv;UDLRuO)z=pHDvVbF)dJ(nG`<|7qe0AzB0>(pvJbl@922tx{SZw82g1`7W<;fy z{!LRDf?F6F%1ohcTZ>jZW*vGK1;P_@6a+7p432v= z$^>em^6@fPX$QQ{!+--_$rONnz!cP2g^e7`FrD_9213%AyogN&vb`Bf^MV4AhuOav z7-%|izyu_;DL%zxuZfC=YqO^+qcqYB~N!U zm6BO5__gn2e^?YtTFxPlwCOqBsQogv|Jno08+7bzZzMP zRfv9oG`Q|ddLNcQBOQLBq>u!JLmpYt12R?ec>B!iek&q-O zC7q>S-yxxQ545L3?Gh+qs)?j;qDlZf2ZbECuE>zc(rMUdn%4Os=73s}$Tybz7#!GT z>p9;LtS~!G2k-oT3_RZ>uQ8h$^2JHV!Ku9^B4YR+;Ws za(6CBSvg_i93XHJi5N4c(M>mM7dswB!zP751jK8ESRg4Zd+%QccXfYb9yEEo-rMtT zN`sA#hKmJ7gj;kw{e4iZd6B$Qc&k1_^#bHNs;RyQ$+Not&_N_4$;)tx9v5j$-pyGw zy`JP<2VFtnYwLOI-K`8bAR2wt#y(94w%NWr*+u*u!zh;0M4OY|7&5vxbO3?{CRjp+R+_hYSUtg4x|u*pk2qdStQy37hLLjW$ekjJ!fkqO6IAi zb#v2<7lJH+D5(4BkS!AgHRyC**5})9X}*v>8p}J3wXi?4@=`MBp_Drngr%E>oBP)-ne}MfcpgPxT$#t- za>#l74Nuso%Y$^1nm3BxEj}DeC+jZ-MR_T{20QLG00Nvv0SWf9ik5w($p=7)@#M&{dRRq|4J_QPvi0XS3Z>T2wxi2`U3b-E z7NEt!fOD9+wz^B6;iHu|fy~-XMf5%oLezm2T`UQ2``v!QsDX$i7&Vk4m^0-vvA@kS zAO^zRe!~3{m!Dtzmb|;350p_XaR-<(@X;7^25Knwxp#5nL?o4E>!(OWxCt%}`wSlXKQ zYm?hs0~y@{2%EI>DN? zu-L%+w2_P_2Yt()b6#xU>yc4oCpXxU&NE{RQrB2&PHaUy3p66^^cy?)p7nLOZgg*L zD_38FAqal{lUNb?gJ(8x;(RA?!$Mz=62*Ygia0D^il)wr*i#P$dK^i#*qqE zi640$U~FGf@T;rGW9ZO>l*6XQl4eV?6cc_X74CjFEP7N+2((f(iRGczYCMX6Lk&gj z&Rptwqpk5TK<~@ux7Eh`=7{5&5tw1bwO~CuSjUaqwscruCKr{?A>L?6s<&a7zj1^h zJmFh-8o#zLLy8`y>ie*+AXz9q1-d3Jz7fELe^;;)$5W>m_?W~a$db@!Wibb(!Ix;V z&g@^?Nbm2+#ZEhaKtT9#uW9t0@wyIRAs?ox6l6A}>OMs48iJ&pEjlH5@xqM&#Sa9t zI7KO|{f&mbyRnCI-{v%*x2?WjXFa}`UB6CM`SN8zQUjER3><feM zX4noGc*+jMnA8YD>&D;nQy`fvB-p}LSAL%li*;3Q5zUn-@JC#Rgt-xS_qHsI;F37L z_qz1rI*eTdLdTSEGq<2hKCB8X3;Qe|8mUpWFV;fvF-0_gCxlQ_)8qC+*<<5~#nKAn z0z)~<4v1MJ1VfH^QspR=H2VH^9r{8)7D&kDXpMh(uq`=<7pr?%=vu{-+8S48L9j6P zp_5v5XGRl+bC4VWd8HWc`<{9ui7*=yd4Year6^noaFRrzEYI{Q*k2fSs^(9bn1&L$ zb18!YS1#;OP3T{xla-m8WVGR8LtNze`z%e4FDGqDv3$TtBZpzhN%A2mg4DZN1*WbJ zdD~5bsp6^h2j|p_Yu~zJ(j(K!zM+C(ZUj(Z(~|uoLRH6c9<*{xbE&lTFmt?!jfF~} z4uYz2o!ZTUT)f*UpZQcNBAlYqLT=*aFQ9zMtd~hjoG=JEL&(^ShZoNiw;nU`C~?Bp zki*Kc?wjpE2A@CdMEdF_EzzJ!5){$cJZ0WMw?&NLL^TQcU$Gv|UgV9o-9XbA|0I{lgv&|i zd=19VgvW;m{_Ha;XLTcd#-vS?d6xC^Rc0^kc zC2QO~&>BsJb{$^g-uWkcT(s9ZXQ6AaqxWp0Y337$*BrA|ZW}T5M5#Xuhw*xY1x20W zz=U3j%D1`%M8?^VTGf@oha~G=ya$YyXBwF&J9#itJ0z7uiP!<==;EZdH~-j5N*%qs z{Ug`mG`Hq=ZamcVfSm-0G0u%KO66HIVb$p<8x~nDUT}AVc-rtg%m^n-g-OG-_AfWR zP4IJEs_}olMXmDa93T3`X;Z-cz)yq|p(FOGwoItGFZ_$$-R%6Kfn&ToSCRQIL+Ms1 zkwf(`wITZE3FHv8D4zi2>SC{#F#xscI-Hk+34Ruf+QNRc-?S@wkQtWVdP3D4SPoyD z(2E-F;;l)Kr)&lFXDlhq?Dr9-x$?hycvWvSTkVp)9@R>NsuFbBf?8Ex=UrNeV>#R) zcs3r%Wq9N4HvtG>dO%sAo2 zO~Hm9f|I||{@gbJPh6>l7rpj*JE~UG6aGvN=be4)IF1chwG7NgX|5)WD%>ad66BmU zG}CdteA!B+C_PDnP9Du5TL$*}sP!o_ur1HWR#?NV=nf+md9OfT7}q^(bq&$%M@?)F zMf7MySFy9jvK)(vDdZ?<8%+&5urBe2%ypAtt}MxOCkAVH1Rgc05rwMLZ^+sZSM3-N()}jK| zObdumqKUE*L;hOOiqbNYxCySvg9x;wxnENB{n?#GZbdOycMx1u2jO`Ps9RWzn+9%6 z*uVb%5gd6u|F^>bEZKDGZp>za zMiX?gQsf8510zZMzHjpJM%{fsmf5-|cXXg%_72CXv!1=ajUfQnB7h|e`?Wxi1`GZ8zIy^Ekc>FTysq2 zecEV`>U7JyY7@)+m_nIz(Z4o5o~nPMq%QC+qOd1ZnM71HV(%D6DX2Tdp4Rw#353x( zE=qFhY#WAgMx_s{kjsKFmx%mkrfmdjX>6e=7@%@ZgIdwa_@^+#mef*p=m1UW2de5T zB#o?It!QMO?%gu-98g4K5$ReMhdp7W1Ewx>vtbciNq>xF-ApG;TeYhIAh=tfsfL~e zszV-cK76P~W>Plf>cO64|N5Lo9l;s2NSkRTUtx6(GnQsDs}@yXHv8grRWQiqHmU+u zaPDls-Ik&19brrH&Vcs&NL4y!dvg`$j&|cg6b~CbOS_i=b?F$5`jjEh^06b&uv#$C zKvk~a`XXYXt%x#^AKl`ICmQAD&P#6Rq#QS$ulcGw%ib%)F7a*9`hGtJTx$!nLWD+cx~#t|8(?X)PDgIDpeT&$Wj;Ba{0(+f zWHbmotK~7wJfLByQM@4yTq))_*s3puf9i?h$E3HdKzQ4wPzD7tsr>B*8-3otvk%$q zvPnbRO;=e*l4>69mc}5~26J2?BXZ^)8EL7L?pZid4PqWJ9lSe9q8EL@QOJ(QkwJBup@VtEX!>()hS~ZtASax(+So z6dYfJWq?ziCk~Z*{(dY|H2CQmhCudxSAi+{g}5b*u5PvrAq%Q5kejOGLDsoqGWYil zo_=UCX=DJ=DgCw`^V%MiOPCzADNv!1LwqlSN2do|aNJIM@I$^JCq-&!6;+Jj?l|Tu zMU`y{31Sz;Z(8EvWB}fMU0#5O&PO`V96_PBFpAA~L<+?UA7oX|*(F!Fc1A&@qYn*+ zfNTFt<7G>sR@5cKzFW}&mXR8Z}d;z}59G)OBZHrj1=+c2dBMcz=_6wGGN$*OWUHfZ; z9?ixv@ApT4hmKb-rQ2p++wY?UNZfbg!*fOmqTw6`{6Hnw1vwD^g|(ilk^@m9TP_FZ z(#S9TTcKsB2^5YzJ#R^Ln=`&#^~UsbacFTph=o`)b}a7FsR`)JIbx|OYy@^eoWGBw zT_U`**|aDW&~mpzLl36Qf=Kk-%vIzOs&_mWeh9piD&Si1srj{3T2qG@T#lxgoD;+< zVydi+3I)pb^*L_5#D8gNtjL!XtOypZ&;BOJh(~Uvaw|m}%(PY5|n*7sB%tF;dRX>>uijmki)Slt$mE5%HU%t+g=5 zAaa8xXd~TGU`k6BMZ{Bf>Etk_Bq(AC*yi(xZe`=K6zJg~X z0O0=x3Vj56`BZM(a|n9H+G(@T0}L7`b=n$L4<5r7@U8g@0oYX_x0904=5#`C%= z3H7BIGhG*Skr7^aUeYK_bM)P?`qrr&3!>-6$)n69L+#!cxto%a5lj}1>Y86uonZOo zENBsQEbE?)Vlam}N-WhUk}mF8K{%DD;h6Fi2H<+_3fKmG=D$%Q7j%p>@0*XsjU;UC zyPZPOqA6I^R1Dr6CzMfQi6Tl!g@~qAQM?ic)KC%=hSX6C@aokoInE_gB7RTsQztrZ ztlIL_Q0+jK5N1(-=i%NA6$XC_{&q1kg0yImZwn%##uh6i-sVR9a#3qRH*s?F5Ycps{_Xw;}*(hv{f zj%tAG=tU9cJ~?hi)OcQR8Uz4e9=z^uJo>i#YPbw`2?_q}yzE|cdAu5Ylx#%QqcbmmGgZy#i;pIW7f zsfzuUfnX@0Kd#Dz>D-g3KD@9QVA!%lkyyxw8}<@o=WbiiEX=qG<3w=JkMjo1mZ%PA zW_s_$p<^c$auOw?v6@?IgcGu*({Lt%*3*33^A` za#T$SweANVvODps8VqR#oI-*k0<$Gp2UrWhY=#fC;I$Y zGBpBs%k8;d{=EJV?J$AuM0WX7USTNRxJn&M55Z7SYOPd0U)vyrPEN6jfuPw&QyanQ zS|LikDnPJ=cH^PyBkc~drbn`>9jDY_nZWdhsMT2wHwO=ba~b@;u3|8}bKMjyWdqAf!R!n6Qs%}OLpGE&C~ykQ<9iHThjyh_f8 zFo%J9a^0;IRa^s>FmO7U+FH1a-+vGzQ_RF$G(dr}RM`a+OgFn5+;B_hhvDNsdABj2FZTQVmLAP#udmaluYhc-ZN!I1iqZ+sfRw^YlxXM_O($=a-8mc} zc0-{e-gTBNs-XTw6qYC^5jjS6_;ks^b3H*nN^tMAr^g6>J(xc>1IN(tNTc{tk_u4tLkvi?wZjLk*CSvaC$`WHy<;-zFb0t zXNJ*|D4O!_wF4w71qh&dr(U`>k>(Yjl+Np0X|1m~32JkO0%|fUXM7;KUym7abe!j+ zGNcQq5q5*oad#47(d9wIy&S``Hnc}6%gS544>MdtsbAnkKq>h9wuSa|l8hVF&i z4t!OwxwiufPNXy>hB`>CEkPjz8ngI(>T7k|6E3S7c%Hd5&B+3Z3T8`1X$uw=dLSBA zeETa^oXXRd^c_~u?Di^?tjg`gw^f(H6*dNY4VRW(QWTuBX}2Vafny2z0zpLRUC<2p zzV859MsDP{ld_(l2MA=kw+TvbBS+vA7IO+u7x~U?e0jI}YkmQu+>nmb(;?9x-1r;& zi)-(#S;Hn>1ibNsS&Pq_P#0cG@PH4YQOBwEiNHz2;YMXoBSmQY;La?}DdpIs1-2yV zF`iXeOX;^JWFoPfw28y8A*XxC86?boA&c%6u2Ts00C|gY{#2a5Za@cY(sRl}zS=d# z^2Zu&u#QNOGRb~Q@Q5lD;~dOm{K)^lVydSV(8#qK<84Ol&f`!~_@8%76Tf~_|Sv*$6 zpSK5!*sn6hfG;q5aF^e)pQ_F)+d3hx19N*=N_ETqg2LEM*l2=ba+_kqVNAcK&>Wy7 zPlFbBv#k;1XF*lZLMKTfgsD6=l!G|`Y_uVkZ-#w`+8T!bC=O6Uu)yh2V^`dl7v}{$9~}j3)GW6Zz3+N@T+Y1!RrydR$f0(nA+@!4C4I^tMjUS{?FAP9 z^qG1>=5_D2xxBxs%y+=~yD~vo9%mF>y{~1`m*My9wLPFa-)mdA`NB*tHt7EF6Sayz zQB%Vd38`b%FpQEIiUpQ$c0>mX%bMLw*>ki%z)l~<3vII(gBM%bj5jO)NR8#()e$=f zUx~gpNOfkz{ZS@{R=#Em+MR6Z|DLB{qWNAxk+{$_8&;Dv?0n5Ohd} zn$^TUVTs*Nk_PRU?h&4Y8AuwJJOlmj54N{`y7(8eM0WSL6~0tlar*(w@q_U6nV{V1 zB=LnsA9P^%&qxNMZXwoY zQD?O7M%@|>_g0rn5>;Ym!IVibTuT=e)Mx=2?akj0e9na3cz@DdbR3pZ^$C7 zv-LR_xHK}%IJ?HO5N+Z(3wuzytAC?t*%J{oH(?5LZkG5inoLR0qrYK+I&LV&l_oA+uYAle zh>@dM4N$?@;EW;L+kMP25w6A>BRZX7KIBiFPB23A<<(AR8th9q`<9^_)J!ZkbXFt+cme%G37+-M#eI1)m#jemRr2B(ms$>5JVA!&SV~hCe*UEJef_tgQ*~>l->< zytWOU_7C7(I2=B%U8r-{qOH|Da$ah~ZZ2EJ&$pNde0$FqV4xi3172bLE^Eq9Px1Kf zzYQZaX=fqa5|BauWB^UMvVmnkl`CGoz*FfzPwY+=T;LMsJyZ*1jTHqSPf{NzTphU7 zbox4>{_7-L@B8=@5dtdR*oqt;35C`I%l+@(zwMS(#$VjSuXN|$?ow!hL@ZEJ244wp zm=nO})wSR0K*f8r>sDz2FD=AGf9Ua{*>26;)?UTJ`g)qt4FvmcT2blYA^tQ0OxIfEtf@k?~d#Y!c+t03J2`I&ph~xO$1Ykw~K???w z?Z0rgQ|pCmu(I$_WMjn}$qP_72>x<8BqT6XLAtT4*?IVE?k^LP^FA%>S5GA2wSubk zLl>6uq}fiF3P}@qodmyJf5Ib}UZW3gBVPYx(ag$83qJm<6x)zjs8M0AkybEC*#c+4 zqvOCR!|K4)k&1}MA?L}67jQcUM$7tX$@_2<5Ftq@i~m#C7?f-DnEd08p(uadhM&(R zoS{{Y-q}EMz2s3_swOu8Yq$e*j(-2>PFve#bL2^Gzf9e|W4Dy&w5_vTzp;)7l^`KtCkwWdDcgF|SgV;fKuMlisRU z8s9tct+yMYgWu8m?96^BRxpxw7@!`<-An3cDdXJP|I>-;t-8z|Qjh?CBCWnNKf7tD zeW|a=@^zz1TU*8{zztgTHpCx!+;f+T^?p*9R^%-I@y*ZntMp33&r+L!tN)?O+=Kpw z{0jI>;_a{`aC`^2UBhMLv+zlT+p_WabF0cX!pGcknlAABHIza)FddQ9ofxAjnu&On z&K-!zmVPGqH^c8ZqEn2Sp$8<-0I9%7SBkzLCUbxS;2Vw&ct8dr_B4S_&;*p6gsKS9 z6K4i8UD=#NctK@^b6{}D8EJuhv|&}?CE#dDwNoy{O~A%3z%wFCXa%EjCDU&p1^)_SKr^vZoqxBy%YyXqB|%Cs zf$EUTGPex`4d8o?H@{z$Oji#_39Xez!XyI$4BuGygQjMnegnv9X!503;Kwi}#~C0U zSk8TkVfe8(@UiB>gDfhcYDPx{O(G;U7k`23%$X!cWEV%nMu9WqfJ?+~7C=nf)6MY{ zgP-({Mu?ggvvA-;a@|@r{F+Ek7%x0LB(Vj!7WBDPU9jm*KcdG}(Alfygr@nrczAok zgbD2il_O|=(ukV|L0!GOzPL=}ECi=q2=6mOL%Rt*`N#ZXq;>SMOu7lQ5NH$%55s^8wX=)4UJ`_RB^&vM zduc}^tW1n*3{ALOG+;Z)(){~4X8_~BRKe5Rr8B^N)B1UL#WpTaMd$+V(ohYN8r6j) z5l%%aT|Oy{`sn9_HZ-5?C0AmLVwlL!v0Hr1jom=54Dj1W*nSY%hlZDO3CV&?o;m?J z^_IGMN(dQ_wu15;2|mUde7hxGZpl`X#eLOzyFlvD>lwA+qWL0vm||GfMyqq4v&7fs z30+YyigGu-WRQ)snxV~i-9FaaO9lpxrB_`m+Cey0{~;`=1tkw8nq348q0=2~24XTu zMqH_jwPgNJkPJ_~hgN9zy!`}O0*Pu0sWjC@z7m7tc(QCn>KAK(Gn(%Y69sgtIHP7< z1^#?A{c$lm9cZCNc-5Dr5MCbXEQmI#48pc{t1pK_jfqSP1iE&o-c0UftHepocg=j52mc?a>n5#6C|XdT{u0rQU1DDX&8DA=G*?4^-3<3E> z@8xAr%dtSEKYK(cR?nzk1!g*r_OUwq^nddOCSdobu-5U)bdE~DLciBj3zcvXKJ@Nh z+)6GYb~#d7iBu~s^NimFZpvKNM+ZpywflErDA*TxsXYB(z;YOsZPvtg6C6fDnsYmG zJ|!B$`J_6!lu6bGCFqdx(V(h0StlnpLoBTNIJT^;=(wKM56-jL4}wIZTvS_IM46Ho zZ)-;!3SVI7o+74S2H6A(hi;}7jX2v_I_rmJ+#*R#Merg2B9j`5_>8-K|5PH_sxP!h(MTWcjtCQvWU^ZbQe_>>|`pUpOav~DQy zKWn4URL9bAI#ZqyIUw8b5F7S3)$VG&(&hoOb=ghx9~#08<9cAaKH8SRSQ z#@2)4k@Y)tKXNpe&X4 z4;F7(M9#0VL-}aP=)Y1)-ML|y3`E`AtS#;JEJ)kcpP&uz0DRO4>sIoFP)s3}=!fAF(b&!}osx0N>AlcN48|tv{{qeR zV`(M+T;a*8&(>=#4=RNvmOz^0#wdznKb|Yo<=5|6oj*Z7GzJsg~SP&gypEkp%vfatFN-!5% zTNXQNUu|Wjg--%9-!nf4RswK~hl{?=oOX!l{^4a>DRJulXAO>+k?QNG5EY*KbHNQm z`k`Zm^3UX9S)8=;L6Co26;lgh%)rQ3p}w#tSe;K_*KbmYtHVD!C?hcJG6XKwt)mzn ze*qjEwUV+K?wq}!5JRaVQv0Db5+TPi*MyZ{ST=MBSEeL*qB(d3YJJu_6-D(M#Kg)v zQU;9{(pPU`_|u4pl@5a_j@L@OC`mnsvUW>&%G0qHZY@(M^l$4Tgd!s8{IaH|diCBt zE(3bZr^Yq(<0S(n?(l)82HCg{r>V=+|4C@C|FmqhZGZpsP{M_=`<0q$tjx}Wypq@7 zx#mL=8p?0b63N(!Y{!AKTbwUh!0y zA0K}QKle?m!>ewML35pPo9aSoumLqrOTG0Y5=o2v6LLvWcY5I1#EjS)zud@2M9yEncjtx3SG4-z_aPt;?s6IRx^mq&#=V#q!vwx zpSO!xJBJ1Wx%}xnI2`i8Y16}m5V{U!{3(e!gxR&&(tY>#tnnb}^sUxzfi+0& zC<7k2_CK+E3p`}#vAPxOL(|S@?boi+hLLF${qPzO#o^j=hR_WzBrLf2Nv!K9^~JAE zrzoiSh!&UwTVI&~v(q$&L^FnRgak20H+)Kl(EZ8BM@l6@x$ID#q$FtGcvsNy$p~TR zAu+Rom?2or$aZ zB@41)>)a+7#*HjUKeoW%VqZN0d54ABgl;qm$0aXPGK3Q!PwV73!H!V-x0|A>lqC1MHz-77HOsJOgNeAqL{>shh?Vqwix98 zb^i2B{#8wWQ0&aJ2{~`iPQo-ExtVika+&EsKrpY>IJL^FQZyFUI80z`T)_tH!F*y_ z2D||RJJ}o*_yzX#M-o_?z7|wC#EXrI&NzhuI=a%4NwrDXHnfR*MLRqL;>b6cVDx+Z zJWugOD57h86gZOWgq4(BDZCJ*os_xStuKoN?%0K&c#8SYru*gYhFD)3Niy(BSJusl z7mu*e6NBOD^mKmBjzu{HFCCN?!#xoi&$Pp}98ST>18g85TpaXtyqU)bZ>L93YpZ{+ zZTE;!mR;lV(ef@t7fEeCKX|VX_#+soK-$X?j?yU1|FB~F5RvZ>3-ZCF1SJT>H`reO z?FLK|%?ecM6(NTe(4(=jvk>`$%j^OSCBUqRMr+AAm+|Ec1ZcCZ!B9w<@9(|dCWo{U z#)QEk2uJE^lPQIIiuS8$bFF-;J%4E9sVXw}5>KEI!S6v2qxwcnu9~i?;LL(Yz#961 zB6tX1)PH#Jxry@hjhs76aG|+Synoo~=X_SAee-z8nGn|+U z59DhJYQIp)|M!~z0~AH$cbc@(loyk~st&eVKmG$005m6KHU$*+U0D6{j+Wz@5%k3U zj%JLYQI;yJaDFt%?ZLgs9)kaWj3T`hyV_H!pDOnMpb0u0@vjy48ENYoma5qW+Ngra zhg4YHnbY3wWpTIvtiAT9P**Hvi=GIxpuK=B>LAsxH=2cv3gMu0;~)qV z=6ubdx;|KRUcND!CnUMBsWSZ9*cEBM7(&s0Qg3p_Mz6_zCHcWg`9K6)=X}Q$aL`eP z*|>Nas#dT(^d^7h*O?H7<5I^>*I@I5RMl~AnQwdn5<;&m*Bu@Je|_cLLM2T^g$Rs9 z60r_iH8@aK+EE=I`h(MZJ_Hsp)^ieu?pJLMva zJ9U#*msbuaN95LhJP}rcpUQ!t|M>Sm!##!RzJF+QK<|iAHj$GAr`x8_qb*?fs|}Sm z@bTuQ>hx1E{|Kh!b|Fu62wfgw)Y|3d5@k4?QB}`?R)Ghel1p~{`4IAvJ60WrLexj8 zmoP&;rzAST7l{GE?bK~@Lc6DWD)k<+vE9cQ?9Np-w2n6N?`7FERKwGPbsH&2z^!e? zco;3CUWi)yGs{7}GLE7>-h}(adYMf9D|=;ACD<^r29=f)N9nwW(K`jfR}~|MIqTii z)g=ZpEp<~2R8;vm^*!S|oz~r@ab1s~6>k9iobC+~ihakyUs_Cli?ecu4Cxc{0U%wx zS&zwD{D2)=Fp)W*D004$+9eXfGV&l$#+3K}3n0l;wgo5M5J11_Vx7=W14@KfBCQ!i zwV$YqE`>ko;HzS)gMQK=-S`&1`Kl6_4f&mRrxIH?sIHf?E{s3x*o)im-(0u>k3KkC z)$h2%Jm#UR9V~Q?>M>C7kZ8QojYXDf5U~b@Bl2%2P@APcoh?IfeHgfAiBKoKazgOz=;N z{K9a%Wak6N&)A&0lf^y;ae6h45`gnBYm9S?n*FomXReZ(Hz;D1H7Z;z;-?T7HJy4H zMLYgK7-XNQ>^h(GI?{g$h6Foo8e#KqWVR- zl$q}T9w5Wi53LeHkIn7SqFrI5`T%O(t;XR7-lpa(Bam7tTZ%$p|BbPgee-qO@~T^Q zU0D$j#@TopP(fE?`9 z!yZ%0|I1M3B%WRq+87BmjICq#<{e1XT+4@(TA14t^v4^YLMXI16-|L~#YH}*3pxL5b>w)~GeSJoLjA|0^; zky?8^M9V=0N`vESs@Aw~zU$lOZdu+(r+;7!dGE1Nf{yb;6W>eCF00A&yMz>TEqJZplnhO*1Ck9L` zcue42!7=!9q~S$$II+L;FfB>9Y`*ZFf`;eN6C3fvhUgv6*Zuhvk&qju-cp>@2mENL zk#hV$2pM{uO}BI|WnajEuNNPccP;jB%YJT*s|TDfV;t@tLuTSJ(moIW z<8ke>+)9VmE@UL=2};S&c{-Xom&q?rb*BqG7aDeER_kCv;?aO^@PP3cxnU$_!><6S z3X1=`c>qO>{$-3J8>@#MqZBJD;3@VnhE5`FY&WY8IDM@gSpLl%+7 z+T>cT=_xNTt#F*Axf<6tM>MO&`th|8n>$daptfU3RME4&eVs?jVZOM>*x(&{2iQu~ z@*78HSaM?)_B%qo<0BQPt!i2gLq=R~f?Ztgz$%_x7Qv(5CBw#BaihLPlCGX+;Z5Do z_rv+tF5rn@uQ2}oAzt78=;E|k$CZ2u2{1{{(5!6QdjE6G0l!Zs@a`q%QujV@zJbw~ znUb(I<&!CrytWJ*MG$R?Di5kzJR!7Jptz)UWaNKrlv~AxVQ}4TLypl3=&j}J=Umvf zO)I?F@pDVA_+7j-o9{S*@hHL7k#6kVL6=`CMWOjAG}`EDJV{QKHeHl~n?jiEooy_y z`bN{is$Z7<+SJx>RpcBkTwtAIu&~g9%v+ ze+fb+!=id-Sik6AzuLKlnOJE3i$g}_G9{}dq2mtoB!X`KVQ*hWa|-xY+QQ>$cbui% zmoUlfqX~WY1~BOT=4<(sasY1~&uih?l-T1#>`*J#%D6)VJV#7_Q5TFI47;a?O3nBv z?DrB6Z$#_Zdx0f7otzXQ-Fs1E2yg(y@$Yp%c>*-j+5af|F~!kcSd zBq|0ttdWVuO;mz7ih~3 z&*!*!8qc@El%*jvf<|y%v)4-lxuIo}n(4?T#(e^&j8wWh)28UIXYH}K+pDhx?Pe~^ zOz!}h_>YBU>ucFlPF~N|ul>;W!j+|aRo|*w>+ZZF_3m#{U6dV`Hjz){^N0f%sfHay zu?4$j995g4o(K`^fz|T%*=il1DH1YcjoCL0CM_qQL0JN*3&BS>3srqKza&#`z>;R+ZTt5SLFGbIpgH%Q1it2`;6RUXoRUjf| zYNk+*@MMqfY#w&r2VH+u}`2Aq<;TIC$V>F^fqW}ESRT<6=O@%(mA z6$WIe5v%(b7d=6@AKWB^nQ0?y(#TXvv2NFY+Kj5WLD9({E{y;RcF3dSR~RQTQ$!-o z(6t8zSa1;?8IVjn*d2hyf8u0H{^ZXXd8Xh`$TzfGaHgHwXf?pikxX7rEK9if3-t@L z?(K7~go&gQhJOf7+B2j%E4Jh~yaZs|0&zHu?u`$YNctaJMj$x9oYySKl9?%JeAMNW z9JxjPGp)LhMk`g2*m$Ho62}d^4;U5tQRKQENjP47H2&#ZLQ4WJ8a{X>8}k2t2$}9vnGh!P90p zeov&xh>TZ{f)HgLxxzBkfjmbU6J%tE;1D;QwCSN1F_(PxRYQfUP5ioCSQQq?Y2Wo0 z_+I`K`Sn_JAgKp%ISMF3nF2O8HN9SF|4+H~`VjoDEckJjQvn2B$6WZys@W&2JM*J5q` zL63wuH2r_&P>rkZHcgEHb1 z*m2s|W;pWDw~XsEcljSvFI0n!Lxs=JufA3DlCt%Xs5=*z_q95RSWvlteeS^M4F z&oh!-7$x&xpZv(5WV2b|$Bh9)I?(ub`9H%an<^E!z&Xz^nJ%Y;HudR6&5{1c zbhj-rHa*(H7v4^{QjelnMk$N53O8~twSTCwG(FKF3WDvf9mb?ImHx_t`#7FY?k}!7 zG?AOmsR1N4aoekZoG-U?-C4_hu*g;{xdI>%XT>du1i>HWB~BvL>)xg1?EeCeKykk% z0G5$#KYrZZIh7%ahXgN7E0AWp0zNQesT|r$YqKF^#uA+pJ$U<~BFVY>1|lDopc@l{ z5wtQua|$hH8vNLaj*P({I0ZmL3Dt<`#WavcIo=3G8ZwqBwT+(o{*Weg#F55N7nmD1 zHbS>;Iho*-J|#g{#e+$i#K6vw37f$@&DQ?;@o2jr`2av@S^QiHd;tLt0~Fa5F=TOd zB`QOl%VLJm53Pfd(xw4&S{=Y{f@-1t4QYGvxlTOq&A1!O^)3pc<%U zQ=zLTTtMv4_t5+7{)k7A!8w_yi^-2vha9#?x_z=D#=U~wh32&A{jujumTX5 zDpOdj{3)Rb7}kU|gNlYL553fWYOmZFFF2uWOGitDx0o@lK&lD#MdJ&KwxDfPWM?cX z6RW2F!gHiX8dfZ-VhTc^q%>P|u!Nuk1_RIyQjneX$3(mmWbC#3124mv8aF4_#OK@e z(Grw3tcfu9L`@m7AfO^kSN9Fe8-HaUIlvZU)8NdzCIN5~2Ye{k4=_eRMO^6dBF7du zgeJm=kfA3ZJ26JAA_k=J=ml5Dcm+l5&?k3|OC4@sxb$tLg(jnpm_fy4;gBOS<@~Zy zTBQjH)m&J{#!KXLpm^NO&>nUItPlpK2U^T$@t&GSBaot85j%x@mh$>1M!Skie=Tb2;$)0Qf)b?igp8-bHhY5&UXN)q%m@h*={6! zH{rcuF3cuq?CvIgHZ13J!pG#b(S49MBkqFwNFyb&fmnhD&Y~V7cp?yQ5adE8>C0A( zBU4Bsc_%)WOgV#=u5K5%fN5ZCICq98krlYfU8LmSt(nn@2iBqeo>0xRs9#U|nooYA zlWj`+wv41>fKZ?tO#PNZRM0-eoNWD&zzru6n}&k$1_s`Qwq#stYp_jOWQ83{GS^ zCMYC@Mohtc2c4E{oj5Y)fzx^?ld;z3tAH)ADH%^8oqO7)yeMCSYy#;1^u9{DX%U_X z$GIt9%s_RMeMCkI=8^#Jpur`f!-P$mvp}f}HbNAP(L}D>V&$J2med{b%CM&E^IpUP z*_3hvpRr9imWgDwre#rvDi12eo?dXF$kW#vj2n;W8j0qIif!&!ibH} z9kdkf7ECVk3|V@@ycdI!2rx82@xl1M#v)yzly{gFRViiRkWxv;Oz8WCw8|7D5?(8q zp_{=NCsba%7<{)FC)~E?bP0U=63fT?Jvp(W`SLe+WgVUGM^ayh99ogjako}N=Khd# zD}Ken*K%T*3C-i%i1c&m(UO0t@a!$ANZ* zewXywJ%SVw8VQYlO_x`M2LZ&G+(}{Sv6d7k$L9k_dgFD3ntKnUW;VeBH}^cm?h?yn0F>y+7{#`l1RaF%Sy-ByBA^Ym88C#Qr8cdk zEOpXbdx9isT@Lmh)EnD7P4Ul5m$tFWs-XPV^oq-W0HLygjDS=ND8vSI4H#XR*=emG zdaWGxT1kT=x|T@T3}F`h3@L@H*wj)7{L_X5db04O7H@-q)o{ zCD$dGCHvHKJOLJo=*_~?cC|IvqfV&$iKKn6(|yA;t+*MfZ!^t5;Fe&NdPg0&I>}%GoYd zc_&&{7S3!~-kIX)CUdls0Me9i|H&Ui^~}*KyFi3W0t16NMueb;c;PtL0+HTo5+|#v z;U`C0`j2-l_B!b13~CT=Fd9RS)sM`%uZCD`X4q07xzj&?0MsK7b9qfDu06J1f-d3W zKNTk}hqOfy>k=;CJQ~dunvYE}1ywS=r4}+llAx)?s$xx$4nmi@1{1~yp-$Ix8(SAzS(IA4jys?B?(z@4e3{;SNnku~buTJ-h?!ZaUgQr(_ZNSctO4 zr%zBfkV}RMZ83E|iIqWe-xpv*gUWTC8P*h|&^M*92Ek-DW{XC|P%a@BtCSF67C_js zY$mbw_$9cT5vG=ziGi?mg2Mp5Y=XjdoJ7L z7PznYCrm0Pv?~siabhM;tipI5=<3^|s?OV6@Wux3zhL(6IB0@XuMpKY#Zo9o%;dbYWWp!;ld zJ=l|EGeYL_?VbAVc3ef3sDm9oF*JCvuyl-?;G|#UC;j?iZ>YZ? z7zeH1=>4!iym^07>kNDHTaC9a>~4REk1lbqbx~{IotpZAUc-kMm-_qBaQCQpS-;W- zr`x9^`&a#FPESqTzxX(>Uz+y8sD65Xv#qy>Bm8T>@doxUXN~LH?!j<4I&EFphr?lK zdw6Mg2JQL*tmy}*qfzI=oOLhi`q9ny>}b^P3@=RmY&3s=a9yjnd!zU4(ySkyUcNsb zUh2J5^X~3u)azW=>W5>ee(S<+-E8Z_;atBQkMQ-#>dr4}@7vcOj_>t4zUmG}?|WC% zyUTg+;AVKUefkb};k^BEFzQjg_GUP^!d*1qo%Jm34h`#nUJQEO(UHF0y0Fhj?fUNE z%09au);s;HSqsfOzqghRj(W#%dnUfk1RZW_yO$U9&T=pu-VM!rI38Z#U(aW~n|gb7cGdgPtKHOZM%}}~ zW$)eaO1Exm*d7eqcfDG7pbhmw|MK`_uhZ#V%sai&uyfFD<5ug!ZtJzq_Dw^7->-F+ z{bBcDIPBh!I`;kPlj(HcE3ip&qfE^-PM~N`0@Q6!gv93_v0y^e;n6u zuKVUL>zSuJ*B?f>bzz&ZadUHFT{p&-&a}(=99{07pET^*W#<51n7xaB|8)a)^s`~> zV6Km5P;c|gVXb>O9NMd!kL}gjQTJ-R-Km`(bqC#T`(#`n*{utEsSWG=qIR+DU5yS< zr_;UpFzem4It{HpU5+rG-_&d}8r&T8uHK*AwC!VfWp~bo@A+`voex?EN2izdv(e@5 zZg2j&F|>O8vU4+RUD$>`zh{Hi=o$^QMz7X^7o&rdv(CW|9N`wMb@{lZ-*;;xYjD{$ z&aUvuCDsqGO?-c`J(>@$+Pj0J_a|Lb|F!$Evv)nevHDk|oz?}ZpVaNEUmNc!92_)y z*v6OhH#cXk;r+O7Gi}}(c0ayfp0&-% z-_Y^==3;m>dVe~6b1?p(AB|hM(;IcWy@ozJJLKT>$NWI8anD;ovc`+yRGm3 z`f;|nz{lIeEB(*WpmRL1^il7_!AI2YUFz*SdQvjF4bz%3eKlEnT+qQ{DBc`?S z!P%%o`eujSw6C}O+xmI`-3SXA&>MDX_i9=jH28AVI#^zg?3(_uWAtk8KlF|`?3-zTbYJ7!P<9GV`webcHFFS2myT2Crj`|#)jYe04`Uv;0-VgMT!v?@t?z^*>ZT*HAe6B#o0h>++h9Sa-c6xw>zh2SF=OCeqC!_ z*fTWWsh?eSKcJyq)A8&S4f)wgqq_^|^&V>VPT+@w0%I;umLw_XmU8ZoSv(!g2pKy&R2p#tnY(YwgYZ@khPi+djDKzw2HJ zxpOnnyVteOV06{v<9g?;cct&?qYfF(-^1SJMg8oE|9bslNJq8N<@l)k5nA}FYxM@> zk8OI>*yV%E?w`H-0Xw~%-uD`_(fEUqXLjehhA(^8!SUtQ>F)IjmtlvMf>!YJLhrM^B8Ep6HsI}kd)!!eTwT5-Q_NLQo zjCRKJ8~gO?=K6AYe=@@Oa$FxZPOo~u3b^`6ANK0@T^Hk4fAk*f_~6g+$La3PieC=! z`#v0Xu7`u!d%dQw##ilKt=1!>0seFFVZYY@ppQ=Ky=AY}vAgfu+an9J-cZ|ZT@X5| zkB++Y?g?z`2WasA7`A73BTHKijymM5{{{~~>NlsuoBH*zM=#CU`OQ%s!=w7a*&+W^ zf7iW%=6k4Hz1>r@-oM11+HiRDv2|e&hxO5L_@UPx4||RAXms8i^-R>~cJH13@z+Lg zet9+O4y^Y_Xf(PWHT3zZWglD&cUJlc*N5*qN7oIzr**pLXRXf1(ct}HxZT@sU6A|H z$Nd!=^6Rss_w8%*rlWs2_&6TUwuc|Fabb0E|A_2%+o$!@57XN9mCf|QfeDAYJuvHM z!}jTpHh+K8GiL|q7qwptlbem4#< z^sXSV@k9^i;t9e#=(IrmTS2&JJhf$>f_KD@L6#rDJ7VYb{xMI*IK1Kd@>OYXzfQ6T z*grphK8W&s5XE_(52E}_A4Cz-ApiV{D7DU+6JMStISDgegh7#+>sf6d9G$B(`UX=O z87eXW0p2BU7-XN#pAoDN3^PBSK~FIr(q(Ljyef(tCVB~ML_x1}xYKx5Pfrby((gG! zHpIpfZGeJT_Yv?gSNr{LZu|RvU@gqCa#k-G@|F-8#3H7x@34*~|8k$gr_pyBZ+717 zy=uJ4Oii6I1c$aVxhALVZz%!Er0H^G!UXbX^K6E2QXX_La>7{XrEP&0~&fx`?hQ zg)8BG+`$q067!pYhwq_FW1z^^d6GTwINRm&wsQAn-hMfFc1f)b_t9Najc1qCvrFpP zCH3r*idFavxujx8quh)QGAPcMw@&g2c{a!uQR1_o#nQ`4;mqY=0(6z7fCGk{%mcxy zcf|TpatA{kEbO(lM#lxQf&0jFUP$MW6ClRGjNAcCtf?$>2L*qR5x+yo3MJQ6$v4$$ zAYdV5IvbP36vR1}S12yixvnbRO;G_RVoa(GLG)c2J4PO^b>O5(6d3O9?rta94dS5- zjG91SsC%J)VhB%uu1=AAum4X!gMYpSb?~46nOWw)-)1zDgSC6j83cDTf{|-lk%`-d zH8DR8B#8X!XYdbDuhnYc?b`%}-pR^)dY+lmCa9f-3k0VRkt}RXz#Wn~E|rNQ;e*q2 z$xhNECUdefWJ49( zOq1>mioxVgP!4Q`HS{&KvJ0S`)Ym-COm1eRuzhHJB-srH7MAhnLZ$AJ&Kkd;oB)~P z2g#H;E~c*Ok~X(;g`OXeUKCA*PSAm>-Z(g`Bu4=jkX>{6K=p4!Y;&Z*dNSZS3?aMQ z-!KfpO>+I}O&*rdQ3`*NCy~KYZpjZ&0)8nN$%s}`> zKx`0fydNLRy9}$(-!<;>ORU=EE7M3np6)pQyYX-|_QCa8(=P}NSh*;<=$qV{ErgIXikiL@Q z8xp7FlBCpGtoRBERPKSlm0k4jBg&=J-$t0LTmWl{&XVY8q;(z$dA71pmkDy66YMhI z3c_8s13CFF^YIZc(c@Xn4uzm&+g(Ka7tdmb3g60IOiBRH8TEgdjmL}A^Acxh`4z!u zl>OcszDY1ugkAFGX|qCR^95zjBjt3e*yw4BEPc?dnPLzyFb`)S#w;84S_hX9Yw33_ z{px2e{r+{O-wZ=(mVh(GmrCkrSkkKIx* z)?QAO)&tgQw+{!K?$&O(-?nAg8ZK5IxRwPD6V$G}c(v$p#n2Sr$mJC&c_p1S*=5PC z=!kmuL2T&vSR$2_FXSswV2!A**62(}B8FCyoFyXGdlwreS-#~`_pp%fN}(s5K|4pf z=+J^1vJ{XY+C|);9()*Rb-qp&5*gqmKs>B(RY(Znz?AKPB!OJ|8_dhW<2j}QII&aR zF>gY=n?&i?-)W!~TS<3<@nk+eA2wQ+T-y3$qt-szsFhzfY9C&yrGGYRJ(gB}+Gqt| zZL|#bms@^M>bH%a+IJg$5&vzpoa=u>p=Eu!Q44xar0aHSLZS<#IzUF!XU5OfXvfBI zAII36RHLea`LrPUrhyt&tJN^ijVhbywCaS`Qe@;frCJ)<1^@;ow>m|?$vqOKHj4*S z;4X9Us)XuPd(%BIx?5&SE1S_%oy2L#pk}SNt@XCG-d6dn^|tC~t+!P^YrSo)x2^TI zwcfVY+x~ayZ8go-UA`%E3#$d!!uvAoebL4Pv(^ElqATU2>cVlWQ(OCgfwN|?h3%ZG ztGjEy-O40qg)gbYX6|djWi#Im_?S9v<~~27+a`_dBUg(&6uPn}vIXjCjOLmFpD5M! z&7iV!ZQC<9_Db3)`_vL_Cj3?mcrDCm7C&GIYQumfvJXbk1>b&+=--2Bu>%d!(IZ*8P^d_g6WXuqz5X}-3fLp3YHAL zaY>o}A7qU$)5>o}9^ zIFk<Z_9bTJTjV^aH-8&MLX@kL0WZu)z_-A`Bg;%S5^YwXZ-okLGBRLmc8{PH><| zAA9i(2Po!vG@_oSIM5Xs_J{fCTarHpctQ9Uq~%*XQmh>*^s{!P`0F}SB+U&VsZ?2kfPov+U$xi5g9iGQo2)WI>S(_qiEkOdu{!8sUVSz1@#54fn{6vo zZEj*^z08z~wsTrDnx~g7|F(Yq>W`MYd)@@|SoA#Zi=I0n!IX|e#>s=U(eL;BdpkSu zZ@=Hq|J&c)-u>HPXK&Eo?GJVb+kfj1cDJ^7{)YMw(t5))6EWt0>)*Sr{NVm1&jvcj zv6Ngvo>h~sa^8T3C#ACpdpCG2<y|$?hw{x(wO|17) zAl^VB87nFLxe6jld=*dbn-{K1ugpTIDZ2#8tpgeo*Kv<8uPb~O+|IK^wfAeB8?#cg|KgB%krGSRmyO~93L<1t6m#(;toR{tp-#9Pb zcq)H0PRGv6|8X|Zub5Ld6X^8#L^y8588BU!`ULk>an62s+_~_WPkMg_{#myEFHR1R z-<`Nq|AE?QSpS1T|5a}N?`-exuGjxlJR3+(x#N8EKCvM6-M-uZ?YYrf=ydFg2_=EA zlNI`7($j^zP_`=tNIu2N8uDKvUIgS|6yUfk{+MA-UZ8K@UnwaoiUOTTv7rH3zH1e4 z)5c*G{c72wnn#gV=+4`X#Bof(-lL0S;W#f}{=}vvl9JWSm*^j+HDk@1g;c7i#EnPa zJI=<2$uV}seBwA(g)xmMv!Uy;si|xJ{oZl9OFhovEM{X85)Kw6P=#T2CkmjBwfJ6c z^Ie~L0?h~RAcHQeKOy6{jQPL!lHxs10)hn*Jzej`pMle@pRy;%|3{p6Z(fVuk^IwL z;A!vxZ8XV$d;LLP{@dQ$TJ!&>cux7^IyCE1Loa4KpRc#f9q9V{@dN&8?4v=Q#|>_z2p+6VX{8NC|p4N2d7z2lR?>;B&E4#s|e*CTt|7=Jf-y|wrH)i%Mz+w%RvYtkPL zcl}qdcee0%{_fT*ClOorQD>{awbSj(|E>l*`~BDZJ9}<_Z)fkj?d{h)fA4SY_xqhM zy?XxqPsRGzCsGe10MxJl!Pd@BVg2uIZ?D(?Q#>2!SS5on-XbH$&0d!neBk)*zYpKN z?JDgE^a>gfS>Tv>0poO9X`Zx0JWhr;+upEM4;OVfs7X^-rm z!+;Hqn$_KM2R)y8v#B}4?vamp8U@6zVtLfKi)jGOsU#xVB!t!|JQj}Vc*a%CMs%14 z5m@cgk^eaJeE|v$tmLmMeLUF(M)xF%0jv6 z$lm6F#lZ(!S0=0%T^dWYRSp{i+ z4(Kh+ylg=K`hkYN$uN!vTd!Q$8WpUF@i+@6pduy^I0BX~z_ZbPrvpCJR5fMJ6;8q7wPW2KG0xSM45)9p{RGf&$MizF z*Gf2{@hZ?G)T_^arTVj>m$f-hff1E+R-}vi7S-7efq2+vq*ig%4Bw?G>>kQ zhA7)b)qu?-i?HJ$w}&)?-89*YG%Up?60RWy2|ZHfc@PKU2wE`b(==37E^lb`E8%ps zFk8C<`2Vn>z8xX^qE~W^`IxA~@!#1HkhPCGIEq|r)1<5?Nv~rdU8=g^g)qlK!pMLj z=XM{RP|LJu>d1v;SQ$#*?wc0=FEwm9F_S%3xKww#q9|AZFH##l8j_K6D3S_S5@J~a zxKQ`Mtlsmi4Z$e@lkA`q+5Is0vL=K7E}|q>dliWTHMDChbm|)*z7&Jr14@M60HX* zH>!+Iq+sRKt>@q<+27`Yu(4~kj0z1!0+bRSK%xSr$586X3FJqu>Lm&x)KzvTFfx_x zI~$;Pf)w2LsBlIf6exadeik1ry%>HvfS{KF#U-|+ej`ts=$>KHq+ z>2n8t{@hI=8j{$sD}vq3Sc%hJ6E5y1ZdMz}i)Q<1(C<%^H&Zf&r8DUF-%%%fVORsw zYfvEuc%q5WcNAbD&Qc`e5xDj*Qv4}UCUOyN&8dDq`lK?L+iN``;BtZ%z!YT9fZ^g{>h!7Se#ku9^*ep(q!vtcVex-ebWQDV6 z*`Ad)zpF^&5P57m#b%2nesVF`qdpf>QvwSB4sP*68F&Jw6Eo7#V^g`dIh)1cO0G)% zAWLXs*(l>xuxi1zUQ!X`=$7#tfv`Xk=CR>Jw`4eB>_$?ePlX)k5#jNLCcHF*X=M`; z^W}P!NE1qbk#9|#oQx!jw0|aaM=fPn!90TAcQqC*fna~rjg&y6{pTi5)J*D(ss6JX_mFsE=c_LMcHXS7EDzdS5?()5R z#O0jQa4di6a-b1?=l0z#{UW=EH^|OP|Gu5*e86ywC0F&U8(H5 z$9;I8Uo>+ZP#;kEMlBvaC?x;<>z*^z+yB*77x#C;!h5t)Z~xyK>LQcLOfU6HE%o&;6j4FM8TNdBtyP(a8GKQyz zqJ3qks-yb?b3rBK0XCp}E*{IcRR>Csa7pYXx=sV)N-Nt2r&a1()~TxMaLqD1ZE%aV zT6!wtp?u^8Ls-K`P>#Nwv1=6=#`3lb2D4VRRUl-HYIy+Paw6GRXQOAy<2@xlR*;iz z2U`tXOQA+>b=8a@D|I*;VA-Nqpw4GOpzJ3$9y^xPvFy4ok)9~a4Sq%Ku-=#ZnYL&M)C%kn&nx)KvTs>yT;U`xOAADs3J$ESNgy=|lvGNMSJi@E$p|aAiYn+$V&Frxk)AL&121Q>=)o3J?xZMvn%5FI zfrMp}#tI~F&gdVHaaGy6s+(zt^fs$m)6<`Sa1HWCC9UQ6yv*m{N=1a<3L=8XbEji@ zet2|oT&ahwWN4`prYp4Yql@Fb-Mnri&)~09;Zf4qwl0k#C~mG@L6jr|G8`MPqss1; z9v4&{6m(7@GEz}ylznM4x8*j7f(Te50Jg9wmI!|qrt6fnHy0N-uZ86${V*z-s20ka z7Jt*yuM@|bPt00y<(l22R0ykAma4amrF2S7%7NS!ujI0B@9gKRlS?=L7_Z(&WBi9f{{Hu?{@$y#|JPGIQZbe+60-c>B0dX4IR4OD zM=+DSyX!b->=v%xdN@pWWVkvxrx?*#prZ@nqI0;gj5rx7KYaVXC>xEaM{$6B<_U*| zXu@voJH-;fU)Rs_YkeBm|Mi3f5#hp(qg6veG_3#a-9r4oSFiTg{-00seEQUTiRN^= z4|jS-G$3-bJ(xA4L|AhayA;#kEqk_APtLzzWk{=ccgA2;iQGCQ$g4H z7g4aGd@Ng#Ll9_4JS>@!U{iwrnOqao_lzKPAY4#|n>;GbHrxt$t}o0SpIyqbl6{JZ zcrRS%bcA#a2L&W`*-wr|B@4~mzQF=v=)CT26<*UTNd~ucl%O&nPQ#$A@_QR}2O@#< zEp&bVp#6NNeN2#`fVdY5L#nRnXXfRSor^dP;}Poohv@!?=;UCjM%zR`ssIv3kAqfj6TmR#g}oEYQk84kloTAgyza&9!F}4yXF0c$Ty)!vc0w! zQW?GG8Mtbx5Whl+W;NroPqoh~IZ;_@SKk}WZ3@pVdbjM|=y@I~DerS%yl7}Dw6S4v z3Damt|L80Or@#=t^ftco(`n!X*{P!f!2AnsMj}hDr zj#&~#M-UYe9kJU`?P4R&_eY!~7MeS#uCsxDQb~j337JZ*5hE3^;~kDn*5Vn!oid+} z7HCK&cupA?``~V;16irtcoGgogVMM8Gc9ETl_u%TOk0`!WeGDiR9wb5(C5!xN$t9U zY~YzZJ5_OVtnDOw*BN+Tjzq%G`kxqdQqBUZ(&_^`XwRG{l)Tq6xhmTl+o>gwd|>h$Nc{mg4fLXEwc&XqMA>jslcwIj+!4EJO=A%vOi zCX9I#kvR$F76aF7H9VcqdV-VibIPF|y~Lsa5@KN(GM3P1f^ZPlAp4v;pWTG*LBoS= zEviQ#o$FjsfJgLmIoj9KXt>n8uMZ3B)u!Dcv9N+s*L--(&}_jRh4Mp)-#c zV$wlk=1sB#hUj~NU??QSC%%hL?XV7JSQ=tFo_V}b!IyOOiP>1T&kj&LVYBhXMMo3j z-Kb$ic&bLRiDJgG6DWsui(_vhDNMrqHyLuA&J^qLF_P zvgD7wliz`#RtYCO{e#f4_191?!{jeXvgx;I$kTEoKkexV z4>|RcZ*#6IWe{_!v&*S)NOG0{(-V>>4Wy1FAX4BI$JE18GYuH_g+*<8#^)4kT0q@l zC%v#PbfPnf?<}HACsMAD1)D+4q0l#GHce#TSmS^<*Xmd-89z+%wHlZ>=pfWROz&`` zu0Y@EU9OYNvRyh?JVLr05I_~!jztz$neHLl-`5`{l~lIVv52RlKG0Hq`;x*MnvjIo zPz30)z9B`W*^cIlDAKJhqUgD{h$Qlc?uuAarB$k=FC)JRie5BzP+%cd<3-bRHl9Jm zndE}@(i?GptzRE>Vvdaud#B{H+(bPR!Vz_juc^SMDy#2DI-N~XIGYZ2(DCDEIwzYk z&fqzwfm|hK+5Hlw;)&t}5bOb`8o!d9wHO7_Nx^ia>r=V827%=0zl0u}LS|qS!xT$M zf~iwzl`&E7j0-m7y1F2;UA@d9ZW_pNYBLQm9}{ah5s|zj*}er{pdWrb*CTm%`2SwN zIlep?^tW~#i|d;hAeJBj8v$%c8D5r#`O!m{%ulmD-H6#j(%DbuTMi5^SdJmv(2Pe+ z5V4sYH>ijf3xrYUmgA^{^r2%S*+2wXg3VqF3DGf6GE3@xTqR!%7MqB;W7n|6IS$60 zhQ5?Ffj^nxN`_s@CJ#Cw@C<3#Gvzy`F`o1jI4ll=Yt>5#z8VAuec5Is!bgx(lv@p& zx>j>mIn?b+Yp`LNf7pjun?2O6nmAk8BjL5fIu@}f<5%6)sL=5Wu1)If0EvSHo zM509f!L;ZFo2ry<<+$bBOn#V>+{=+jb1fgkbX<~nCFSHRR7ebDj>9oQ-`H zP$jX#n8!1wooxQq6>U4k7A5?)Jv6?oZOf-|y=#i+=+}ynoR4~KFNj}-|{ykah{3q>=NV#08fj}hasRm#G0 zk+*%dNH)VsMz3Eii{IjqtI(S*2{e7qnMaf~p=Eh%8}$l|G{JNl|M^Sdxm>_fVA41_ zc8x^PF|iY?dQo1zu-BwB?bx%@%S)n|k29i3r`rvgPr4G72j4zF`}z3f`t0!C$%{^| zkeL)&=jP;8 zs{sSn;>*@9jWb?UaW8d-S72-!{W z@--S*P=$FS6Huv)7Ry49|AmM#hk*N2V-DcG$T0`&zVw&_cYlJ+0bGG1%Vdk>s%e%C zlSH>^A1lmNgMLHHHF`4m2%U2}rvVw06XD??7unrj7(a)>;)1dG4GoA`h?q<>;Dt)0=8*8D9S(8Vho4J z?@rGe#-`q0{`X~N=^swdj;}9IE`B|=B!@3$fhp&)DX5jTlqL{OB4;|ASEpyE*O$Ni zaB*^YesYmPsFo2sl7Ks{$*bJJnx(Kg<~=?ObH z_i&297ZSGZOgUv!Q_Q6ECz+Wx_{b6o(uC*DG{yZg{%#`% zuTVU=zvx@1n`k6FHh;HApSSmaDRM0%5p#rL_0yt`tRY+(RgL{x@~IM|YAu_x>*tKc z%k!a`{pz=7|2ds9r9mrR9=o$&X9x zm-FPZwGyy#%tY*y+`M(WDvVrL_y$X)YM@nZ=Pf;GQjA2L&T&k-H)H`$B?qwb42O*a;ogu%872vj zD=K(AuG{oiJqu|dD3oO^ki)Bf^>gyajEMY!x6VmA&2lE4mUK&HB~_2*KK70XAs1wl zE-wg%*t@x6Z`oM<9G-B__&ukriJMnBLlxO-8S6EM#hfXzE${2vO#adMUrUkUE9H&W zZr*}7{x!K(72j_yNL3)Tiu3=)xnp~hT64#z;EtJW)k(2V)|;G(&OQogIQ!Tr)Y|Z} z^V#e)-Ns$p_>|~uJ(gF#$(-%9Z?LpEIzo)++slSct@sK)v8k)JmGs*wC6sd5*2Z;1 z7W*(mUCshhh<+k$Uq3P$5ij0HXYA6O5Pue=lg@OagMD=Jk&1+v8sKXKc{d8MW$|6U znbvb!ip9!l+-sP|R!tVNPo-5#GPHxQR^hh87YQfQ82>|x3M)tcP)|erx1F7>-F*DF zt?j*a{Ew%2a-0NaTSw>Ve*Rpz;RfIFES@k<{|!sb1+Pw)UVA%IF(WTnK*}$^)kO0_ zpFejqp0E0L({dNu_$-k7c^Bb`f|tG6NAFE7P4F&dU^lapgF}&QKny4{CwvH>$0Y7- zqK=ev<-c&Hwe#C*?MP-RV!6Uvw6U4wj@m>Wp9Dnxip)oKqwW4(>B)a)Wlv{)=W)Qm>gS*ah@O^!yg_ALbDA9H8 zq|v-}{Nwu*U+WHlKe{FW$?>~sXS%vK-E8Fb`*lC1ntO2+sS(j|{G}KR3yAiEHCV41 zfP+wxBd*k4O_0FT6v)fW?Y=swHTM9QxnI1(v^~rYu+k;yhuAMl_<~L+*@9u;i{2lU z(4PW-t1XMKY(0GX1k!i+&m7Hf`KM9-*ZAt{u#jQ}U7#uc``+$$F8<$OufM&P|DWPn zGF)e#nhk3^j~dn<=6kt?$&z!KgCmRa?WN$wf*O829Ww*xE|w#3D;xOUY;#zAgf2| zlp2a|>MLRn`M@}>5SixOew)Nakyyyas#&7`9m;n)W43JHv0ApZR2MBs`QDWT`5~bX z?&Erny4t0(V;|TU2l)vLO&pudiA3vB7Sg+>2H3(U+uYuI@Wlpdj|{r`GlS+9cvK3RQo$L0I;zqh5U+cRGteC3Fd@fu^SS;p#i5FSmgoPN1epo zOKW+(?5fv2(o%2_OizX;g*PFRmvuCywnj`G2o=HDI_xp8mRoTtq-4FxsZ%hsG0UxA z<-V|$XiFC6i1YQ@T(8ZBwYgqw8BCb`>n-tWif3h+MDn>T#-&px-Q-NRTrvVEjX~{J zmCd?(5RH0bMiMNjM;2BjHFz9H_C>i>C7MSNVY1TYz0vkyAlgdDMg+@J#Ii92mz9=v zTDjBneRQU7fmyCU#%-lk{3~3xX}8_Sn2$-kl82?`?_J_RRCoDj`TjIl76eXr4vmkB z!C$*dcQ4a^6WOM{Sdvn;kzP(nYNk(^T}Oxi&UbBTmGm z(6lbyWua;q6f9Yx%T-C+#k0W^P$xe0Ss~=S)M+N3MdS_=FFlQUpzf&)>3ic}MXd%T{%>|3p zcJga-HR4|i+>w1Xq6S4xw=f)Ijstgf)0YdlqoVt$aWfylK?@~eY|c0>8qFT`RZkEq z*gmVy6j3T==s}RKqW7-0F?K2I&Idyh<3Trn)5=M9^b+CS-u!Z8Z6R?{4Ssf9~$STIYX%l4k>*<2WW+6(eE6~yu+<5f8<7{l8OOOW85%Y=TSQW-Jp3H{eQ*TzPo-bAJLY+iUNf-;q`DY^B?xPRi zAE1Fd_|ENj`yU+V4qc=c+B*cA*Bvr;*E{E~Ydv?Ff8;Oc4xu|F1u=A|sRP|X50s21 z8~7)Ykma1AJ9MmVyz-Yy1Z}rdY@nNI-%)KPhOav`WGp~;=tInBmD0$ub}Jzbs_Srj zPOYB(F~bW<;3Ll2OllMISE0N4prjUn@7%t-Ra&7WG*zZ%n$NwaHaIlhAsPb8U+uoy zE-Rc`+Uh5$++QjI|J`6`P*SBBGPAxFD{V>w`gQ+x0rax7*={CttG|HU@_8(2PMy)Z zIEu0jRRJzPAgEZ7?JVL6`Uk(wg-ZbID?As+qIb4Ep7c z1Gqm*E*wH01UQX#(L3!*B&B0E+D9L75PaA~A0ThO{2}Yhe{V4l<-de;#y=p&(T9+Q za)#0#WI}7z6Me+|!;B|vZQ+7#uby32oO0CDR+CY`nz&k=R@9J5?a@U0dP~q(eKw-H zdWD$T_4Bqwxtb&NhK;V^b5TzlHCJluJ6V2pxt^wSb;1_iD@!fV&`51S{*-JB6jT#^ zKdH5wuarCDsPCG64sZvquCnC&-}2?Mne*LPiFy{EE?5xIaQur3evww!o?$=F3Fp+W zL~ffh^(o1kM3IV!$+jr6RZ}>Pzu4Tn&@y5-mCZS1S1qNc2(DFIe^U(FOb5pvmjcJl zY)HTaM0hV3@wRRVNw``I;=Jz;w%mScHFdcoyT>#RzFyetmsiQS^)^pQ^R3%bF4Xo$ z$&!_eET#rI<@d8%5J&YDBnw-`QxtIeYyq$A_FW0HX?qWDsjA7HEtiIhd@gUO)cfgZ zQNALDahILU!o7d2bQoH%c4bmm#(=AXeh{{&Bq^`G7aDIAJk7mh8<_(c8s-`(BY z$;W?rwYRfA|9g_B;NK8Y@-ZeMoN*T;G0sHHrWaaYJSJd2&3iNyE*PXSl)7UQx|U=K zz%70=7`WRGQW+m93$N%@s+`kkABD3Zs6Oa-i^uiGU1Y4Tx|N;hhv|iBHM}<$7e_g- z1O#HnKTAKqHFpA|V8(G!(l6z5LBsJZz`Xd~K}dK^GOEOx!dI~cEk_PDWZTUEuD~bv zIaox(!}HT$w=XlV5z6!JOy3a|2&0G+kLW`Sl<8WUz%t@2B0TSyY|%{4oyuzTne3N7 zVo;ahRNhWKK;rA6$R5NKNZ1*1B1jmg=uaOuLO9fdvkUG*k^K-&u#EHko zA^mp(8_u;MtEgmQaSkR(#~}`s&paGbqbXh>PCz`Lg%-TI@;)s7V7{H50x)hew5`R&SK`Vz%78R?g8{-}DJMRX{`%OoCU0g56d%lS`p*DX%Tdg zwkVbi9FEYKO6M=JVD>|`GjlQ`oP=KG{;VDvA{I{whXnk>fU8hbs)kk&*RoH9g`jh? z)Ixjq4)YsBItU8`WM67j>ZkcyJ3iRRv z@_0lDM?*3K(OC-DV;X|K6)b2tt|iNMYfZpTWt)r!)GJi54rmCc*yS} z$xcxVGG=JI-=EfUtFL+=(VRcN*UXelV$TC21p1xEG2t)jv6!FGTO6t_dM1D?2om}w z{IY&-DrYpAwLj;infO9gQ>BbT6(1`U&wK&QIbM`}=WG^RQ75ubhCVJ-$-E|}0ias~ zlMJS%n5A25MYo@W<3Hi(*NZnV?yG^RuBFBbgcI#f_s{NL_0nO63!|9bN6o?_Y`yFb zFV7504=+(Tn+}yKB^Qch?|^ION$ESR-#_(+*`Ow(Ro24J)^|JK?Y-Liu9ebqe{#>A8WE!EGZY0EX#vmEcxb=q(c^|a$7>PfAROJcle*{e`=+7MG> zq)aAD0!Y;g+u+xvj;hBt3Zm1I($7h}Spa^^!e?=l4NX0Q#Ap^hD5Yz@a7F8tO7&#- zb#+cad>CrNU+9!<8o{w%VpPwB-J*a=1^vf!(5VC(lK7S=qi~{iDXmO$i54(Z3FAR= zh0w=t>TT6cFT1p0f?YIK*{An2s4_=pLz0YofV2qRVxT~|d%L^a&C6F^vEE0%*4Cd3 z5{zEBV`99RpT9ugAD{vH&;P6|)2dVdIB40a2CV47YY3y;2@8m3tF5}gMoXZv3N!C4 zh35GS^dD%@@AuKcL8~4#u}N*odw1Su-GM4q3{_QC+}0c!unjs&r0kfPw$ZzDSawn) zY%wM;IF{J zf6~>={>d{O9bDmoowpdFR2DDZ9PMnq8e}#9!RvnO`E136ZwQHSK<8wI0sqskTR!Rp zd>g3&_PWZU?>+FyBP_%%Rk2Nu;5&rxa^?KvZO;%WP8QR+1ZlF~Vgco@gN-KAI5K zvW-R527#Td@AnW3>UCw`I_gYF`AhqVhN_)vLzVrcmnE=TA=(iU`It=Q%wJ7Nf?QN^ zPAMIJ%(&GLO(Y8X4OyU$0oO_Cs*RjiN_i{MReQY`wK#)GpA1m}2~mM&A^l@UKy3x- zrWoO~{)t(7Y=f}Dr|}qS9xPf`?zICCtu|~$P`3AsdZTdAa@@BQ>P>7C0)(1%qpkdP8@yD?z#O%8%n(k%Y45Btos%%NeoOWR zyGdeRXd`JQjOwA88brvgKIq6kS>uSvo^HoKmcuM`qTy6K`=lBl4PwGuQHH5$P0Ty(H3EJ@^0&4~ zO6JfSB1)ZqZ1lP4Uy{X0;Stqb`_-g~1{_CweZ_N&za8TIUiVhs01(u7fxT zq*xRLnFg1DoSd5Zh}jfloZymnTf-#bY}%eCy0U>KN-s@1ONs;t)`3D}`%$zw2)TE! zn$A_L%D3F&5lAgZ#xzql_681 zDVeagykz#bodtT- zZ)Yr5&(fTEMVy1^e+rG&xGgx1?i zzQ!YMD@y>6*@bfSUfR&5>phH_%iK9i?wV%JTwkS`s%*3da{Fxzu1~<=eKUI7Mzyvi z6`r*v39T(jrOy*sl1et(B=jbTZEBoLZB;h^NO|Eh+v+N!ntaAfFah-xZj`8=qkx3t zcp{fI9nrQHaQji22n;H*=aDED2#1R#<-pP)b=M#tf$rZJPO~{;9Fad}tvqS7Ps$G9 z{_(QoTvd`pnX|F2*UMIIb9J!nSxthKPa9v{?DHolEx0>n=&GfIZ}wT!Rf|Vqep%XD zQSU&jD-uf!_~@~Z99kD{x~`_4uDNy5R7%tfcP+cs1~qN=|D`l#%ipzj4CyI-D#B}V zjD{k{4O(&wDWoM8w!zYz*IH*X2>SKnjls=?iCETE-hY`}OvdT9b_99M-1Dk;^PS3S z!n@a%%9_e{Aohk}JZE;y_JBgvB=G8EzOliAAa7kI$59lN%_`tjsRKsIh=?cmN`JE? zT8+^UJQfP-SBT_HrEb#Qxt%aUbT)X)2_k7G*<6hpR(h*lsD7o2AgtVR6jgBuF}ccUxz)c>5dK# zX1>(AS$Wh4TBvVUmtik)w)ol=xd#0+p3@XtjzmZM2meQhTJBLB|bA z4i6Pxg7#G+m z32X;hD--aF{!YV9bjD)&PbSA~1<24x$Bc+G7DMTKBS&?uHEL9GAn8!CW4M%KMZObo zF|JA4PEbq*It`_iu5kd-3soZuyg5P&S=g1_sNv95wVi>l&??)oF=sbbkMc}6R2P&6 zqrRx9iUIbBk9-yE3}OM|n2Z~oL#Kp~AsL@{-)qJXCXF=j;?=CCo1pzMwt2mWsOa$J z-AiN0pEq)}MvN8rA|03>`1uq^lJY-E_6$Vy8AX`N{q_*zkyhSNwQFc=rVU)er9$eg zbdCd}Zg$}ikpMQ63ZQIM*ey4;kRVy_h>`#-A<&+Ti9SLU^i^LwNz63aTzylj&B_wJBJk>cbW-=Y!cISCH7wlR_0L==(G zFO}f*VI2!4jzW<0RMeLMCqY6X;fKH@f)3A5mld&0cAyrb)wwQec4@|aFjU7ATgFQx z*;Y-Y9<3SMki{{Zn)@`#D6;{j&>@=8@ubqqpuz}F2@dsDE_|yYz-*W%1FV#}qCi~% zcSM5v9r)c0B(HvDT`9a&F!xc+XNu*Dm~ps#oW7Y2bLpUy0ijQy zA309_{o}ubMkY~K8vFfk&G{d8UhVAV;=k{`+S^{oe}9VS&l>;TqPho*{SG!32@_st z;=U)J%3{8!eNpS#j`yB?OJlts1v8D^B(b+ybNCgIlq^w18xJDF~L%4u^o~?0X7tcG}mEfmIH&F{u>*JDp4;K;-n-4ik zz5i5cFn3HBxQv)oUCv~;EG(>-4iAP z#y$Bz^QV}Hy%f+8dpENP3^2lZ>5ALPdFc-Ejq}otr}8)BbnLwRA7=yoiaBL7fliN4 zgyTk>!5Vd`PjF8a=j?aKoePior1xh?G1p@KUz{8szdLcK{;F*>tpCBF|0>wQUK>utj;$6OT>$S9E<`S zcf}tw%*hM%&HJl-KE{RyWcjXDyiFU2`Q(*Nqev@s=j}$~IBza4x=8{|=jF?v*px(a zGk*CJ{i7z)<@b)Wv4Jj?Qgy_9;y6}?>P(j3{}r;#uAlX@e%8Dc zVQyr3R8em|NM&qo0POwgdLp^9C=Bnvi>uJ0dhH&z!GP@=INR&{Yy&R4ZEQ1n=+nn7 zG6iIzOl3;~n;On@F64c0?p(?HNXmI4!IZ0dE$5FaoGFDup-?Cy6bhM$LyU*pM-xbS zc>zuQ9~*xvl}hFH?ymg5QmI7$uU7VI|54q2z5C`(t+u;c`;SVs_PVz7AE2^%RN~K! zaY+B8^5nLno%@SC&^88$GJ{xkFs~J$ZTo*#%GKTS+k%d4Wa-G#48-b%63~dH8(bFA zsLsmBfFEz7%&bk9a4cKB{MEw*_3di5zGn`BCw9)H?s_Z4l46e!O#Q( z86~z26OIwv#$-&~@1=){!BN?^#)au@h`b^C@t^ykTCTn;S4x#13yNe;l>#F(s;Lok zTXX275z__i{$Jn=8`S}{ZER?=^M&YeeQQpAdA`OImj9S&)6KWBME+NHtFL47zq2KR=0m0h^|t~wm*Rrn4LEAQU! zz_)MSj7GKUE~>uXLHe8BYUQ=|W=DIs^A5g)aHlXv7NU?Ny$*`CN^Q4Pc~h$G^s0OH zTCKiYDet{~_qta7ugXrnQYro$$~bra&mo>6_H`7%?D=2YdGls3GXHm~mFmmu!UEkH!&D67=YmR;QXvKBGiPOBOQzkj6{J3(lDe5%po;|?#2Ko zV2FSX8ACcSEKb0J%qZZe2=EC4BZ4t` z5DFZBAca?eNbOMIM~6_W7XWw#G>RZcPHh7*@GwDqf~e@FVKG4`04*KN7y_NcgCjs^ zSacCMHS2)W87dTPN=#94#uQwpQD`FoEsH2+lO?wSbsb!Kb;Za~Lz58TjFXZ^Fh-hG zR)e580XETD8FUeng%dPDAEV&UAtu9ZiZFrQ1#!YqRW%n`L9H|7X0g}-ES@(eV^ljPLRcZv%2)^gzxti9lb75arAvDl@*}*Weq)>dF?+2;_aZZtx6L<@e;^Sv9 zpd%ZTg)^?-aSy#-ggYl!>HrT)u_Hc6sXv685+;Hzp2Awx}!A64n85>Cr*3lTQ_e#w$k#0yeXy zs1+SaUQU2hR1e5!0YK>o5Q{}wx~;@-42K9SwaE@40K8%lpUFaX@aan&R$$pq1QJ{> z{Q9S4sG63QoLR{s9V0GFd>}*FXdM)xZI=UUv_ZDTSQlMLT~*hxIHGfiJ@F*hjmToB zJGvqZ*AaZ~3Mk;ct-CG!O^HB2k-}K5tx`*Ywv883t|+|%4ADp|%Z4S)K(X{n7z#i~ z)iP-={otJ{`#^|vQeiS{w|4E0)Bo;&bvzm`WqxozT{jumq?;B^yIc`a|pBhpPA9rML4veMWXe zGKZCgj_%44$N;ne^i@B1>GUVSmOEG7#nW9&%f3Y3>>PJA0|hN{%7!)BmV14Y6I;Dg$oq1Dp*f-kU(~?^ zq?TcgBh4s?ZNkq8)TM0#93J%EZL+xoU8jh#OG0q-aRO(IJ8i;*59>872fYvl+GlW# zvHyV=^r;wxZqRbbzLsL8qj)uRU0p^qiqHI~grD)`D z--WdRooGxTs3DuP?FT}qm_VHcaAw;+^zBzJcm)`h#}4Z5d*@G}0uVX`i#4q;d*OVc z!FO(P08IGUozXF>gWBFdf^Yj4oI?W(n)}~`#SmyQt-Xk!$5nP>o_XlnHcm;vCS-pPa(lzsKJj*5 zWL>pkD|d5~R9UG%8hjz95qfkeKxftgYZI$O2oH6}B157t{4#xpXdS%X+uPZdFGuW{ zl9}zlqR0(PaW&^x02`*knQsSZ_N)%7m5S-TF_9_fNwrcrHwr-N99@KwCiN8wh!c#c z+Y_k|+0-DiCm1r;_Ipid7B@^3eGNw=!;&IR!n28f5F-u_8Wq@>BTK9^lnk9Y9T%M= zXy6$|J$IR@gB?fPHMjwB17W!6B8^x&6Wvp@98rVl(YI`-X^61^B&Ax3zK|LBi%Tj) z-S|#%pJUA*TLXxFE$Q?qjMN&SPoMq@0a9{LPv+~`M+H7QMe=4+|35L3` z8VDoq7Jpg#@-Kbr?JF4}A*89?r;{6j5_E!3hZ7GQ00UDKAWNeQTZtqILIFNp_`VVO zTCGQ)K7pbeg5mb02)=wN`4C-3c@?bqeXOsMg;cPu1SL4g&?fHs3p7zrZECwd;o(B< zQ4;ABN?E91R_3pS8{?4jnY}7ziOuh+Fc7-(%G~O7{LREIFPOw#=jqH6_A!8%SYu}B zNK_EaGNLpM=fHZAykd-~6UZ%oxsCxiu7h{wsd%G^=FqSd!jhQ@6IjVm zdL`2w-Yypu?)AjT9H(DUu!nt?Ff9~$=ym^WLe2(W+0f6EUYS@c)P;^yT z!2ulBW7sq$u9y?a#@vbo3&j*+OQqEeif3tPS;!w*Q~>Ya|HQXp3BVjX;v z;-%=j$EDZM`;ZL7tzsj}4a5Sa0Vq1GA9@)8Gb98fXcfJ0U$*?ZN_R-B8o@w*^X0*1 z2p_)|<3ey0!56>9LZs!Q8w^yegWvof0JSIM6cZgDqHjf+=xUz^#IQITBbp2(L1|eF zPDsO83qn*GS_?>6bIK1QbNDkzzJ!vg1j_1ndUu=;VII_oX%h=s-)@FF&XBaq&TI?K zQDn_bHM1bb#VsL%hO@EwVOS#~{(pef68}r@i}+y?3%TKw_57ZRm9HzWh+OOqh#(Rxkc4~| zlmu4s%J?jEfFIz337$9^wF$pek-FmVHku<^jPxG_Cb;`VC{#%L9TH9$GXw(L;+^c0JT?~ZRQ&3K;0?f2XqU8Eeu_C^xR*}li4?cb<+h@ zx_C;KDj6~*ZR!WrXyq&YJ;<5K%DQV2`+!|_CwSy6gNSYspiLlEKH)gwf}L>Tk7gLR zS8PMnS%5!h5E~-{=>XdH3N0#M#))-iSXr%ku@^xnOuU8QM08t-oyv==iiw!fA=EN3 zk|*l&p|ey0O}@@+l<}?&-F!5o~_@{*eSEHW$JbyG=~Dt z%y4Pfj)|x$5f@{QI^kn2IZ%r0Lz$Xu(erFAFX|moS;7pFqbVtjm^DaQ0|nxiz*61Z z)%UX;4XKKP7gxWe+e^;YY^LJ@b1<6`Kv;%*ScED%t;g!Q@yz*%>xLk&ZBZq0enPQz zOsZHcbCwPr*ET`A#tD{b-%;BpiW>bckXp+B;eh)!=0M~$%eR;ZFZ>+p-@i3Khl9)4 z;OB&(`M;8E4}`|63aN%!XpC<4hY zxS}6dzYJ{hGy>UEDNn!i_1-O|qUZ-(E)(eY2-@A3m}|0)WXALYLcY%DZkIoRMifwgCTBJ|Kv zgN+H5B~vqUZsEHe;+47-IV>5QF;V-!QfIU*d7ke|XuMx7!!JX1B~A`NrBUQ5TJ-*pJ@M*g{y)R>>C^TvU~ZUodES0xU?g;geN&J{o1i-QW&6vQf+$sJKHAXI zW67~)_+z=?lq&&gRU!WbyNbvx`CsLE_p-WhMwql-PUB$UCHM?Domm=qy(51bW_LCk z8IPb?Dgp-d&*h!GP7?|o9o{SAb5 zm4{Its8`2Q`NUx0C+FOHqumu{f`89K>;au6p2(_7thek6_K;4 zVet_t{)3hN!HN-Bs?q%HmHacrbb-+nGsL;mMvP=It$`{fcWpC9RhIIHG}@IQmDO)2 zfe!fWW>y5n|0;sweR1_EL`;)dPA-LX44r*viQ)udv&<&j5^I^c!my+lGS;E8YBK(v zIVUg99I)j8r#M|a@NT6O-{P4`y-S2XeM+eE8T>gT97VbuhoVAZ^wMyl0J&V_#C;`_ z%sn=;lxWdjmJ(60-25LgDyfNHPR86l3?IfjIGvKXHYUhp$!WcW{Yp*CU|K%`T{v#H zohF}BYm}XQFOl`)r@%xA*qY#{7^Qr%SpNCv9PL>_G6jT)+j7zQQCt;Pw#6TSa$@6GF%`~RNhNmt999TBB*`jXS=mc!ENgIb3r(C^D@KYy;{dp3ij(6E za&2-J%Ke>4=(q{zxANNUZq#5+*-L2^V*Czswag&MjHXO*mEdJ#eqS3xu*8O;Tb>2fjx<}(OV zB1QwvPlo8c@vhL0v!+T!2?EnQ(6Ibi_Rj+g4$Laa;TU|5dSAnivJ?Rp1Lddd3D)v> z#m(E8g-tSu6w#E7ixX%REbJ!T4v45y3K|Ku6IzFK9J=VER1zY0KbPqh1e-Ry-9%Nv z@}d}2xW|q z;=nO0nTAzzT)-)4q=Hx#kzi{2Bvdr{y~JdJbY#-NB%p(=c}x`%j2<27)9l^156+u`c_-JwWY=`iIabaB-e_K)UEH2G+r31< ztJw;9$1mu7$U%U^zz)C9ez^+2WMwtS5e*#85e+BE0V4z2Z?rE{QmaG zMY=7QSX$U~Ijyh6`pFhp*x>Pu5l$G_5v7qYiY6tYEF!Dq9LnBLK|Oc=L|6(5e?2o zH)iOid)G}(U3H_LfZypHF(#&-cUc9-L#R!AYk@E(=16 zaA4FzWipi8hyyY1P)ykq3LiKMS4nrOMXM$54#dz3-9qGHUkp2g2`knCHmuoWu2nGz zb3?xGw5HsQxPjdT_hzK0cwMua3?w2B_*4ToH!W*8YdA7D6{1Oq{b~u&UIEozmzw!Nl z9oZCVkR$!x%^Qmi3q2tiVCngv*R}Bef332!`x5{EEKgk4dn4{LlQ2p^vCAQqCk;oG zm|$KhS9i)45GpUv5CKfAF`|IYY@r??-8&V;5b|zFbUl1C%a|j|P??XmUx{`00aCrB z5z~g;kP81I8ms)RDfX}R#OJ?zM<=e8)aX7r3~0&xuU4wj`=4IFd0l&%|IhKPv7-=6 zppq6U_$*;T%OW#NL%QG79&wVasMbp0 zf9XUMH2KB-TN?)c&}XK(@c*0}H24)ih6>LSp9DUVA3Tr{8~z7Av#|fy2t&(4ffv$e zVc2sPK*O|=$}|9p}E&+?=j zJAS^zH2LoDB$PEm5n=KQPEYFlIpa4G8~VJ_o=ZvMr%OHaV#wlwMLFwwK}Nd?5utez ziU#$CVi|Lz7Jw4PDj`bM%}1VQx&|P-MZ;_NcM@;vDIDE6K2qy&*ZX93M7AjUs_gTo zrQ5`CTzaMCZMTGNx?IET=5%*^>HeK#1fo?VK7*xA$5OVtfMOr&g#>?KUZ9cLyDFA6 zjvrkMGnxyhQmOQ;GSN}Ozpg;^8+nn2{~prNAMqDa_#z6|7lr9~g)e}Ls*>Vs8P52G zP~)SzkA3=9o$Yr;XNO?4rqJ}!D9{;34l_dAIHqJ~2X+{WMTbg}Jx0N~x?;^aqQk)Z zG2-5DY%u?i2Qgt{%R|n79vYS|rpME}OEBu7k*M!>Hv@?R00COB*(96ElzR@56})aJ z>|fHzgYD*$1I5Ih;$TH!&KL(n~kM$KC>2%0FObDLB+h>Mpk{bT)9+NHiX{r0%Jz11D`^ z*Dva7xk)EDO%>B4kpJVyPoKaKid}>j4!(Q=B^MkBeDl*@fB6E475roqJ+OiQb!o|NeUs!|# znfY2@pC?rPHJPIFRHlg1|GQy~q??77amPVIoo~$|$VCJ=Jpwi%I9!bgTQx5SL5zt8 zIidFsK*a71>wd=2JtrJu@Xvifte*tbpEE1T(of}|#9{iHOtdx^$-Aeb9ONG;UjvqZ z4_*$2lvO@`0%hkmH1OrirTX=)IdmCc+K_SZ$Coc*{I7-%^A-q5QM1q7r}4E*y)VW zB|jrwmfuDh|gs)aQtDgCSEeQRuUrkfMyx|U z##rs7N1Xk_3(XVByaB7>+s)GD!tra#tgj?%zk-bVdh6L!gkQkSc~WTSrrcwGjAm+t zW(H3A@;NV+)I!p(7oHll8rP)Ww;aSxn5<75!K_Q8zTe?<>Gm~(s=q&@V>6N4EA(p> zmWt~Y%Q)&=4BGQ+j?Xh_fqp${(DDfKPk|e!zV&9+%d_z(zW?iRLdm&+a03SbmgRrh zi{^i-zNzf)yzKuz$CIAxFZG7Vs3iB~bwu*yRE{>JO@5QBp|Wz~Md+6u!oNIhC;8A% zijU&C#%>dOpEro1fXUM+wj1NDl@_&OlV3x)Iyoufa|N8ar-i!Qyjwfrk zP4dCha=>&$K%SQKpyagmeF~NAT;m~9y5eT#<7Ro`tbOb(t%3EApXGp<;}{wWrV;QH z2}GGE`Qqcioir0-xp@*oNs)6?B=z8b;?e(jFz^};WQGry(vmi(w~&w(Ad(kg4YZRp z1T4#AoD1J*u7>4_9+m?56uL!u^$P-q2vS6QWQweofl(b4x95;<)0wsH>_2RWC5D5M zV^VF)=mYl#N2X1Xkc7p+E!Hc|PL7#6^X4Pyy;^T}`Vd3c-znH(^>c|LnsDnEiyX*W5wPR_J8OA^~GP0+KpQd4qzvD88f=}<9) zWXYwoPhI)H;!+=0)1FSpb(FnLw7QCF>Z&(kwpuyK)2gbfruJV>F6*F8EK~?xnl^MU*p=g??aJ} zT=cscT{;nHes%g^RfmqRNZ*+noi4Dyu7qA!na&{ShQK_l${X6N`zvd`t0{)xeG<;q z)W#>L>=b{vN4LBep7J8!{I#-ru1LRs&m5pB`&Zvt9?&(g+-NS)g#BN~q~2T#i0u8} zz1mLv{*PMqCI7>-Jo)@7PdT9Y$-6=>2{^QL5P`J~yy}pOnZ#!hy z!Q5Y;;ul)2gKMNtv}{hqa=NPuuRyEQ0qD^dLKAQTCUA}bpCE>SJeL5-gODP_g}|gf zq7)Dd2+rj*yIgn$-ov?JjYSO;7#4v3m0RjAZU$x&u1R!bv;adifpddUR+kx=&?7W$ zjDSQ*z%dC$K!?Z_dSOM>%m@u-o#*XcmPKjGeLbZ zJivz96pj&im>Al`BO@n@jAd2Zfzefz4tgQ7;?t*t>zEGHu}vvgosPVMa(quXo( zDcaVFwmqVB+Zju?9d75K*K4+WCl~E{==HT&mY~LsxlB_5pwpm>0T>ySae3+f7Jy!I zQv;(dfab^&%x!RBFb5toZNAu&>AyG;2-_4fLGoXqrT-#cc#JHd&lsX|s>(dGa@G~M z0CKO0eHlQKA(AZ@C;VM9~(VheCW!UHI}CACk%VFKPqG^Ehu4oJi+F#$_Wq)V9sF&Ly}t}*Fz*lBFumVc_p4YF>i>a^ap13^ zn17a*_ekz!n2+5hznS z0QI`_QE*9WJH-I=q|}$Zl-<7Iuq90h##>TE@?&;Gic7~z6^>pX|kZmiIh$kho3`h5^zpP2B+SL(tGFievwn??s^mxK8rB;%Q&3&uU-LF<^yM=(%#|Gn~azK%g z3xQmaLb7a(EJPvq*H0a} z);dU#3+3o*V|Sc+~zj9v1Do3#-g0g5z20}Z-$1I-1> zfl^6OyELZIo`6y@uy$C4n$T^@Bab2T=ORfb$)8XyPsox>hm`y>$#xxl{x2m6lv6;i z8e=)2C0WYJgH`}S%?wxhdq5iWAOellDJTs%IU$_&%;wbJ@nhA;4L{---?RR)X$9x%G4q*!780!zTJcG!_7)rG3uW zxQaF8L0Y;U7J@A-v>eenaj|r$Ib~lx^dc!U z^h)d&YA^Rpf68pnJ>wHP?9TiIW^)^(GfS*PM;J0D#9<%|BJw4)S-re^;$Vb^-7w)8 zUCuD>s(64vP($R)6H3-1^7o#KRFa4NLOqF@+ksMARU97iq-OS=~!+E*8`_ z;tzyQvko`-jcPM$@Wm0aIC|tk^g|z#NwEZ2K0?h2o&~}NGNhAg#tHlAopseP1sT!Z z!F41>Nkf#gz;sq2Aoai-_g#$DR%v)yWKDL~s5tU&snsxFlIAHS*MO^%of93^!EUXx zVppWQTSq6tm>WS2vFskHOukMfTnk{Lxqjn%I(oIe*P)NuQ1f;nWkGV0mJVs6O;L!0 zq;Iof&^q{(QpNLOFX`dBuJL%2qJg|9QY7yYqIt^)FJw(EE-cI=_hN{E*n9dq0b}WeS+)5RlKrL?vtj`dwgKDJ`|K#krW3;-1TQZNh+?hD|V2Jnwa$T^F@hWU0=fTv~i*v~~~-(%E?x z`n(#6)nQN{oH37@jeDmeBG<4b}KZ4s>E zY24~l2D-`hQ_Q>sEL=Zaprp$th2V%LAdpZspxU3SOG8u|QZeAek|y2<`;b{F|7biwD;gB7+B9+L0b0I` zb5+2`*di1)l}31W7=f<7x(Z_n4_9a*U--FdM;KxIm}n4-Un?|{5RDRqt3H=Jx8i;% z6wMC_lY1Y|Yq@EuDvI|m=wh@@D;%JmiZQb0^_b{CZ}tw(&JOR}7men9`{2A8l%JxR z7A0m_c#aH&btfV*_FjoiW+Sa^5nZN{O>Oi2MYp$^=43AVvKX?H%Vms~ZOSdLWa2}^ z(hqcU8dpF50b=AmluuA314@ILe3Vi zSm3lo5Ci|@Y1r?fbXD(^!)lt)1{`Q5uGzUTS~fugKx|4l(Fm@C-qB@N+cW(uw%u=B zt}%(RF-I0+?2?jU?2cO?_g(`9g4{9T+&+#vAlFopfa9mGgSd{A(jVD*WlJSlTWZ@V zkqaHSQv+eR@Vw;-)DM#;p;lxh!tVE_07K=&ptxZoGUNGSg)2myPcwPzOwYY?I0v|B zl`y~&H1Ld~RRBh-tY;%o1a%{mS;Hm%t++KpoDHyR1me^9H3IC(3>$&B0gjD8T!Up3 z4R!AXT9{8G$I?LhmSVNCr0ERrvJCRSq{iI9XpEXngIMkt*1-t6(bO(RP`|M7qC*I8 z85pqzVp-XaQ?& zPo;VG)>1x}?B9j_fvf845!_wyybQxN?3-~R{D zNyLn27$F-}BX7MXfB5OA0HFT@Rq*rA;niKG74RQ9lnE#;SBONxrz=IZ^-PF=0drSi z_%XqHND+%E?vxiZ_%CY)I{_J~EFAp)U2^dDrdT-F5QNB;H3E5fHv}w|bz{9xRj*&P zG4%ukG*$?A`3{w@P1sTy&IE@FUwZ)!c0cN{`gS~<#3k9mI^h@$C!)X!1&&5zMaO=7ez_MTWmrQZ!MQ8d@diKHmKl)N{<`nawyw(A*blRegKgo7O2H!*gjn0*zx< z(hPedY{Qws5!>&bb?=);jrYy_PWRyc`lR>%{-D{tuh!n)A0M6Hci$h>_FixKrJ6^L zCFNppjt-Abyhs2P~A(|~JDEf1TSTxL3vuAZst(ajshD<^ibx^CE8{UV&8KHB;n3#9Y zoNGahhftgL$Qc>43#&;fp_>`GWlKQXS)4>qZcJXgI~9?=i3IVuzJE8P?CP?$6kLnG zntaWvLVc&QHz$R`zqGhqVPQ$v(zgH2r0)ux1AGNCQ39u^+$mwDsi9Qq!BjbdOJ7!j zufGc9JI%-`^iQyb%cq=njn+v_4iH1YB6=iqws?x+7*xWFb$|_P_PE?82?C58uWOxM zPizM|Nr(NS?wcnalTMES-~`J&Hs_FWl=?Y*WIyn7$pQ2T^uVeMWTaE z$bv_o&}f7-UI%T`)h0-vVV^gNE#MPc2hB%=ah4ChlcuO-V;Io>cx{J*=^ z-Ix5o&+&wEA?eNuY>LJP<1{&w`2b==m)SzE6{j2p^TZ`2PI6;<9L6ez^2$9a`H{=2 z^+L%EK^>sVGysr{~fyflxu2 zD?Ug>MMjBt!C!rXUynM?gI?45qkq|O|A=V1B^On(U@=2SO}WG|=SqXW;z(9YhV2-; zHX(Q;;~9eZ45M0o>Zpbg{#P2?;n;@y98qpCWFmQW!A7QQ2j7A#F6znyE9@!}eckNO5iRaySC>dl}rU z`5HkvWrSC`|7_VvK36hRH+!Jx7k00d+}+)g;DT3Yy;Cor`y#On!fG@zacs=~LDDP! zTtv;b|6KdOJVDr0NisHWV=l4(D|^b6(TN4hQlbze-z+u|ShPd2x})$%pUB*FXbVe7JeynQ~V~> z7#Du|--TCT0I5M{44gEYtWdTo`G7QDC>uJ0+p0Jv9}49;(}<3?{|YWicm8*p2aWS) z+0?&68`<-}R;$)3k@;V%?!EZ`p5=MvE>DHR-+%KKwMw~CuKfO!+%>IlZyV;g%q9lH zx?C8CP#>dhr*KJ@Ern9D|Nj_YV6;ENkeAq>Gf2_T;P1cnwy~kff=e0@J3WWn;sWiLt@|e=lNs0vw)5cOIQxa}ODEQUWD4hF+7>AY) zsSYTa$@5rlUI$hv{PN3tVj>%kQT>-+z<;}VyDR+6GUkXfROX|977DLkfv(gG!4c6> zp%ADrHuz*VlsCY;)7$x9)$6DPQA&9%_$b!FAOGA3)pGS+xl*e9Q7C){9X~wfGmzUg zpMe`}^11N26nH*|{u93np8@y`geDF?E0z*Dx(3;H5}$z2!2c!hB-sU@CFV-G z7l{3e1V(~Iz-Q2K0%F83b=yS{zc^y05Z;B)Ab7*ByV>~}5P69u_zeE|^yLpAIukDH zMiYGoLqf19$LS0umW*u}%S$~zgFk-zJ*j*wsQxoxoC*Ir&Za^z`ARX1s1hzEpZlcRm)m6S(1Wg5XUICrir6&e^B)xjSS<3F~*AM#EZ z@k7)X|35%#iT@F$g#G~t1%Ft?5+fJJA{3vnoI4`P_;XZ?8GhZ*ONePfeMD zxlODNAv^~+Bv$V;L~}JA%=RC-(tR0`B9+w<>|6+k>RCDI>s+!@=4zo0lsD*YbpydH$;&I%+0yx*&xuz!j88IyYIom)tR>Ty5&6yfs9 z!I)QXYQ5QgQ%fqmlwg6fHqqTnx1sJ{Om&v2$)wa?K7W%dF5{NuT872tE`O?GmR#)v z8OqLuDU+Nza~ZwVm~@cT`wVNG!cWPS=_=K{pPd;-YmHM30u>7xA-MTCfiuRDzDy>p z2u&%&WrpU6Dl;NTZ;U8UCT}X}J`<|=CXiH+xV!AL-zvXnqbn3W!y2!JaJU&8Q4Lwa zDZKYYpw;KWy_$gg+o$4QTY~%gY!YrHhWWc(n6D<#!j*?(yNl$;VuL(b>$7bH&SuD^ zBG1}{pAo1(W#&f#ZHg0DSrQ^OA322wf)FcJfEzNW`yV2B4UreOImq#cbLM%Ahs5lURDG^C~kr z#F9FZ>q=7PQtDke%SgT2et>)9K?<0xoq)(KqD%U{(jGw0>{^947p3jH2a#86#1K-FyEij?{;5j*9qs@4Yj6@qT+jX zhvxkhE#mFx+1l`qyye>0NIxLAgcPgoXyi?ToiU}>+{?(7ZG44_tIVpEw=gpDa4i|X z`~`DvcX%1;Vpr^Df?s`?A*E(MZD)o3h0OGZ%bLl|@#iyboO?17`gzs%VznY?g_mHr zbPvKU7{0Jm~k>jmh6BIMwFO9n?TCF3tpUOVcRRdO;yk;+ji>x{8tEhdwBwntN+x&AOFFA1Uf-XHY#J50eZBNCIqL<{!-imzr`#5{&V3=h-yMF^o}IBLHbO_Qgg#n zfz{fKabgO+n*m4>uql}vI?`96uRt@EnnC6Cw|IV$-z7YmW5g#^kU$~j)}xAh;^4>s z83Xx0-JB&q77H(l82(aEME*y#z?+ zl>vqYj_^z-qFodm{4R_hM{t30NZkYqePZpWVI6 zn-}^29M9(Te~3(CbtEuDIQ%hc_?{FpMV z3R&~t_I~%}eEQYV#lqhl(dtqIS#!VV4%m#lrvcaMcbFG)RRQ zJ+l$02ikmD(ZBNJod=sh%GtI?b+)b2N^dOv-_rB{J8xq7|0=t$U)KNUctWWxY6TcR zKU>``0F^*$zrQW${+Y@;I2ZhKb_k9-4OW;C6V+qqIRocZ3x*~tWt7;K@da!fld%_! zP$$dXBmVtGH0q{h;5?E40i(QVO;pMh;=m8-^A z2})yRl>_m#5_nkFR1(r{v0w%!H$l*tl9^o(r(BYUe^jFi;lozr(#rq_9? zP0co*QHbl2#906^!y3;pq`@!3zR`#fFJ7)5y#T;GlI_Wllf0xdg!G8unP~-5q?f=4 zMl6;8Txo4KWXzbObD{??;Z!8KRNp}4qY`vOLNJ0>253&9#Y}^rIMJ*z_&uipNGPEi z5xp1(Qeej$p-4l<9Hq9=QQx1^gpN4U`1uTT!^TGF(lsZGf6}KU=&E=yDVG@72{K_l zm}A>IxI7u`bR!=C2rY}BOMx#Sz+r$Qn<9oRu5QLjMRYS~oi>IwHy`|~~YKD$5S5oB;qX6j<{ zBh?{??UC-#PIXM)@#}P4Wy2sN04*o*q#Og@MN|L+Y(i#O7gA%6C`}WPy`HXMCw6B!s37F97Ip-)nptvFah z&;f%1=mwR@&iZ2_UI{XGn%$n4VNQ*k6C337ZTe^l${N;4n0un8j4%;Uk)^9^r{%@Z zGLIl&v!Q8l=3Q|CIEe#3lIsT;BA_B<^mvgI3micc;Umbsd zs%a6#!M&{9a!?iR1~BJ_iD;bf08mMTq1lMAErsH@z4NC)mTOawR~HWRwa%uXDYWTi7g%^qKy z9b1Gd@fmvTLyv+|0yL^ui^!EOR=k*-k6`{(kil(KM0sU$-t^!;2~WeO4ruNBPDt!|7HDlg3pzMBmbZpw4I1U`L< zE5z13zg6i+OKOE>k`y z8dyufyF0o|ngL1Wa<=DQWD^E|8F`x%Sa26Q4zw-wyQI(Vk+F!-NNDtHy1XJh2q4Df zK?+NcwWK&Xxnw}8V4?b+^FT!sAU(ngU~Wif*Ou!-lZ9*ZO1U4=WNT$`P3V+K zyY1w1z6+eJQb{vEhlabp#Tz5!;B_V`tF^b!MaydKZ60D)Yi}deeEl?PW)m!MbJJ7o zF0o7oK#7hFQEaP8&_M{FnWd>I0-8{p07DpBYST)}QYXE+CrFakZ2(#d4NGV*z zz9ws^>yF=nA9*=)Xc5ty9wvr10S{7Z7$ffUzAjZNxh}yh*{7b95wJ)^Zx)uetF5^n zbwbroB<+(e#WtboCfc*5YhEgc7$;!8;&9}ll%SPNQ4)w%Ws>E@yFX`$E&!P$D!3SN z!AzbW;_f@J8I~VpoUoJqC`q4Ek1W-E6iR|}UqXt&LA!zUGB~gRGHt$yVkGMzCaI!U zK2`^t*i%>t-Yei&(Ny7L5**bJG-4 zP$kn_Y9SLO37Sf*EY<|+Aato~FkyTU>U4c+Bhorn4XGwfCnu3btdf+EiETI(B{W3P zCp70YC3n%(7iFDes39HbGudfrC_;|LhPJdN6A3lO7NT(3I4>1o4(@r`AzS$fKaV9p z{=Otcbjhj9iJ93;M=r*U?(kC*Gi*r-cU&`yrP_h+G4tX604Eq_%FbQ29>%5GpsR2p>Ik_4uZ*S%odFZ4wyqMRz@K-Er76N zO^sqYz!rFz5T=&4k%6#uyvWliTdCT)dVzU8!Yf$AZsFLvIGo%dqrz1Vqq(0#GnH2r8Vx6eOy%1L_1o>Zik?viSbSn=@Nj177}dd9x5Cf5)uT>dKkXTZjn3e- z-|gR>UR7HCj{H{PjVrs|?c?KX+-Y1@nh)oueyCUQ(bctnI_U2mcdn~9TJL=4d|>~o zA5ZDIiMv-Hr`2oIJ{(lfAMbYbW`BTx?bhDG?)9X0TiHA8_Xp>VEBmP5Z|(H2?N+Z@ zJ%kng@O&_6U73^iRaHN}+nF2>nyvnosb37Hr-!$dYO^yqW!Gl)`270xq<^h<&drC1 zyFsUQTd5umo%)R{yK%Rp_xn@*dN{zh1FJo~s+=}&Kb$=3ReaO#4Nf~Z    {M=kTt7 zw{!j;x8bz;u{Y>Yz4ET#yTNTV-J5hQ?E&?xe_r)E?ZL6W)3~xP2hHkU@5a8k?N?jf zn@IyrTfe&aT@N~k!{f z6>RtV&4*5<-P8JduX}y+vD0d`uBNTdpx-)dH*uqJWjFOoYv-<}pLQ#)dAHv_?DyM` zgO>exetp-`j^530r#eQ~q}i>Ior}TYPJ8ig7k)f_Kp4*;Zht(-(~raI-EG(0V;%E+ z_x8g8H?C|G*6!}EtlQeq(wTN$oucc#%d?t2xo#c8E3^81Q^{i^&{8~Guuyjdg-`!m_ z`j5k^&9rH&-~MWZg4lf-D#7)HQDP_2X?n*cY7c8DZIHG z^csVnpznF@)a*7|x5Mk(>RsdNW3SS_?p=3g{r;fVz8=7fI~ZLPEDU&9JgTixZ3Y@xtPc7>?1z!ntJ2*!=ZI$^2=W3ymD;~ zc8AxK8fnRn|7srjnCQx{Gi=*t_Oo@t@pmO=v=>RAw1~) zTE(n!Wj|b7`ps=^aCQA2zen%S_wM=~*4e@Bfq6yYb#?D{r`_vU`}2WCYUk$T>vQYw zs9USHdpC#ETdX&(t|v3S(qWz6;Lm`ousjVqg=oAy9oa1M`ks7>|Bu&>`}?*}J?eznmz_`G+0`tiJ{Rr^zoUVS*V`mNUc z!Gd4*#P42badFeG4J&tt?e~X=SLWMCy{exzuI$e3htA}7$2QSmz_cblyco1d*KD!7 z=Iu^*N5Aa8A7CK^I{h|n-;6808lMjuhx6-!UC}?bj85hBL+6;ouG!k@_B)6De(Olg zi}QYUXE5j--Zf9H9=<#2_d2bPsdom~?<#%VKIxn9POf{+MW=PQ+o`mV^yb7KR>!qF zbI`iF(NFX$ZVvFt1Du{7-RWVXgu=eIr++*Y_#XCe+Q(P@ z*5y^DWp(_e>+8;k^Iq${UKu=ITa(wFMyuA@Ic#)lcB5SzT=($R4jkN8^_`Q& z@CGl2@Ab=D;~nf@x0cq{N7bUC~j3~qYW0q)+M_Vkbah2GH3tG+!S3=ST;=ALmo zJ)fh&3GG+$pZ(*>ynoX+2JiLRMNg~UVg2yBr_auJTIUxxlOw%)TWMU`6ExkeUfi@l zpuSzv@#Gx!`NdhSy$7e&4r+AH;D^JL^VYaBygq$B{5ZI4_xZ=`YkoWESLPSZ)}?-Z zcdj+{O1IiR9vqKpx7iZ%7Y?ged$-oz`)+Ly>Q?)`Ug5WQtybmQnpEI)0{b5ZfBw4D z-?=;HR~Nn0!(L^t+G(}nu=|!?4+gu#8bAEC^6qr_QSWwk4j;Pj+c!e)-1YSKZKc&4 z+;sS`+Pdi6=&$ubiwvfxuycJ?y*TE--hSxQL1l0~JZ^u47QSg)o!;yCAJa(#2YcY95$ZPPyNewbFz2UqjE50i6v{b=^^ zz=GD{*;PfW4lP{i_W2GnA14>@+gv}!m%3T)x109u@aFKLJ3Xm2uE_4t)ZcdocsBUZ zr~TgT!*%PlcF~-4yT^8QaQyD5^L{Xa%?=$j4r-n1>G4IQU)3w`TAkWpcR0PX&u{K- zultW@1B|bS)j{q2rt_Z7Rr&z~_e-1y6_wE+_x`$7@aL~H#_a>)$ zMPCeWntNKMLk2zkXYa#7rTal2oK-vXPNQYF-#2##7G|Bkw%52KbWj}}x2Nqh*whbE z@AL#VCl3QlTl9`wfyx^|5Jb8zJul|)UD3m zxmoRA<5s2Lzx&v@vitq&px^({X%73H+Hf$q>TNTU?e%v$JB=&yIQV$5Kz)9DaeUgm zHSb#bhr^G<{$!{B5gS)l3wMvnUb}f-J^wJS+}_ws?;V=3uiHJddeLv5?`qT2vyM4A zyu7OX>ga^6-t=mGRT*>#O?)hLhe5M1^}(~N{e54rR@onec7sx7y>wMdAuTxtBjx1j znL7CN36wi3Z)Mp#R0F4J)O9N<_3BggwEgq>0AjP=u#s(w)euWb}2i=V8f9f%sCW< zci3ux__v&J(Qs_bd<^f29fK@CfcL~+()&%G{&9H2-9J#Jy*)z79^l~em3g8hgC5{R;yy!m z4uT26de1PIr)}sc#zVS{N0C>Ual=Ggz(y2wT1UIJH`VkM2r2!ZB4k5s%+VSscy%{` zhq*ZDwwJbl&;{1a94cq^j3I9ck%2Q}+WHRbSdugM$$jd6xAt!L-Rn2CcbO@8R?mX4 zS}0D68~?(>3pcBVT2lFdaLxp}S<2P5oq{qfd1J-hzh5=RW|I*kOE*0?7}~J$ z;DZhC%x``J*fgvY2{iGnT^#7Lt>S0h?Uh!FB;42E68?63yHDL^%-l1Cj6D#VI9y>F zJL40fF{nhyUOg#lDVfRB^T-+zstFyecXSEP8+!oywUC#iGHI|f3E@~*tE~enZB(+T}u2*LitiOs^G!UXbX5u}Dy)A!J&F_35LJjou|%yzlFMc;k7Y`+}5xTIEwyK$FP?ZqYa;*xrCNxitF zVio>EE~(gYEH^WS42tvRt&?O!o=0*;l=$pt>-4g3ICD9e=v`%F;D8|~!$Pp?1F?RT z+`$kBGkayN(Q!en;Xd-57t(p;1c)&(ArAl(Yb?t=K*8Tb#2*l{LP3cDsWOk3JhQG?d>Gl4dS6QjOsw2 zsr#>fVhE3ZE{_rKs_H-e4F0(fs^CBWGqcQp?`Jf!1Z(#?HwYdk1S8k9A|tm8D`I{g zNQC**&)^@RTB%gP{(gc&?_?i7zsyYC6V%Sa1%lIuNES9m-~q{8p2|d#@WJ_|WGCqn zleuRZvLO|7TIDdZbd`Qb+5`YSY7=OUk(0znHyAf8jRz;y8i|fqaxwe83B<=HxSPwM zjgan$g;uAd@;Va>FV;X%=9WIDP(z~`?jV`H_i2f$Bf#8~gr5JL6UlvsrShte2z`K5 z2ST`e=~khT28nGt2FT`SOQ^JWxuw1-^nJ+WM3UMO7QY5thw4iT! z>cfjlH%xQJB_j=y28EesaM!wG5|Zc~8U26ky?uMzHnKRn|6YCyRPNa(S&Nb!zob6v zp6l99>$^$n$9A)KpFI6J5D7`BDS`zkIodeqv;Q6p01|ws-vHg%1@Smp*({NTA}8E7x#H~jgeoLQCw0Iw+pq38NGwp;aC-@H5fRkMCaoW0 zLA|bQM^hQ-)%Br=h3sK+IRIfLG@0DmK8XUhP%)M-A<2QB6e^IiaMZ$9y~e3j*f9V) zWn*oU2H}XVg6uQ%18AoL%|iOeOa;LL6J$Ehm>~$3MIgA8>8Vkds@7H`(@SqzwC$$q zj(sek-snE7aA6h+z|agGsPV1X+XgPM91mDK*VGUDGdkCp5cPZCH}!Jud-Ij}-XJvR ztA{5nJIerrR}x&`90|+>s0}*x*+}xGAqiMGhVHXc@EA>)h-C+t8`IjK=szs{hLz`G zX7j6t%t-|~C(x7L-YIAMy0W(;o`5-_S@+5M-#49JDSP-F;Tc$Y7 zK=@Ta#2ajUf1tO1Qr9~2*P4@A^0@>QYqzB2S-T~z-ID%HZb=D~X?9FXiZ0`w)Q}SB zPWOK5G{FYXCzX`PoOgOvBTJtamM&NoE&Eez2FvF_TIdDmG0usISm-Os3;I5$a}uiH z*plKK(jMhf9MxH@_zLNd?ts6QFP_{*luN0pT$1Z)Kq_6D~d{ z*k!&Igu849a`Ii~;{%3i;+!j~AzBB`*H* zD}v7``@J=MlOC=JyX4CQM|H@t$!xZ-%o(VhPL*XKO>n0Vw>47?0tV*c48)ja&4u!7#zBC@1anehy__hm2dvX>9}YI%t)24Q2$o@MxLA4MS{67=P`mQt)uP8GLsNV$msh0Zm2}o* zmnFBNBkI`)v7z5%iBwYMM@}qJU9HiXj;{@^B-wvNtoJT9N^Y` zbkU&&HDoCuLG;B3gL?2`pw-!SRiJNxlK}CszAGdlfYVgA1Cj)CiKH+u2ao5N2H;Uo zb;rC3@val4Uw@~8R%|8R3C5HC+_YB;JlBWeA{oM_Vp0-HvWY{QCJ`qB7tDnmT|LTk zjZE-d%_{KMv^{UaD4Z25+;bfIY`W^nI?!FMJ2hIumhq+lvBHBEgi-ZJ+KngTDa@8$ zF4c~4kYyR9*BJcgnLe{h7gA8;so3DT*4}RO$bQ-A(R{Pf>i*fNwSRAWKW+4xeYH_r zcgJO&RX>~GHd@(t8!h3#joSHeqX+lnM$0*(w)f{QbiKu-qlfnEMi1uOjh4k@J0EYf zA{HOT*Bd>)zjtku_wMtJmh<~Y?R~$|vgERi4>-DuA2@353yxa(gQNCQ$6ES@qa~2B zG8$U>h@%z!#L+S{zueM)RG)G5*nZ>av-pmqx`Ap zT4!AAjBA~-wA5N>EcSk_Gp=>UJL`-!&DLEyDszXc1=qssH0yQJ#`Cn+@uZ?F<)iAt zF|$)!`#-=*HQ2&-hUC@VR9|gnQZ2)m)KN9}wcx6n?*@EKomF$6AJAQuM)py&MIH)W z*^}r3^)$w2&VWx8`ub*2S-H0DnVX6wZIpd#2{sdItN{59^GRu^6B`a1^y?daK;PLM zDVjKmg_P_WcUa|%!{*e_`OOX&Wl7uT6r)#LYv0+m@2q~-zO#Q`-`N~PY4)DYRanM< zHs$Accc4vSDIq*$v(O_zHA?b*^&>hxOWdhU0qxIbh)WO)P`OmBwfRJNPXc7$5R2z3 zN6sLCvR2=i(lI8i+@$g_{;lQv^y)ZI>}W zkmaNYD$?Bvb}I^26uogtVo;IFGvI+&fk_aYZq2l0d%ce7xsK_%j_J9M>Di{c>zJPF zn4asHp82Bdn4X1a9n*6i)AK8f>6x_|HYy31TI?>^vvWqMa>0KyBh5p&i$~Lnmdh~k z#x8A{*#bJHN=niB1T5tf3lx$MF@mHkMpw#N;#~Ak2p%W*gUv)WQLrX>F1G=op;TeD zp{|vdwbHUyTGmQSo9?cambKEdR$B5!*Gfy_St~7TrRA$qTJGYtlRxijh2xl0qct+ueQ`2!I#u0C-=4BlT+vid`+Ela^D}wDF3r^}{iD>9UQYMjiZvpEECmx|XsF6>(GVf{*d=lwq zmF)}|xG|Vk` zd7or}g7RN0h8|zf`^(q*Xw9zYO)!r|&*Q%6xf2ph={RJZ+)Eq%e!suFy$%2O`~Cd? z{hjAKe;I7=Ztv}FZEbIF{iQ$H+1lCu3+mrX>kZFL#F+o3f9JOHgZoOJ4RnTMsab%& zp(b5r%>o;Ol%6B(UE{ITA2yVQS(lmD1M#XRh#fQHz+o<(Rx10tMfuDFSuXYLSRJI~yBDt|Lh z$Ii3=bvDpj%qg1*bb5Ru95><&Scyx0f_thsXTLk{TzJeUy{~~Ql&$~slf&cJC+^h0 zr#2ea|6tJH%dP+I=X*Qr_5T>p29i_mIN!WWY?OVs@AiLtVzf#+9lK&eN#N^rr~a7q zbm1El{oS-??4`4i&IuR9jYmH?&c=qx zQh3CC;y6}?F^wm)q3f}!scZiK!Ew4vJ_6m%V}^_|@2yFT*- znh)GT23=NvLdI_x^MCIp#e19t1Pda1y57^Tfzz#@vM0y?N1S)BUx?n3{L@|FX>bp1 zG|7Lv{Xt&-+wO0z`Tt`)_Tkig%fWdTI@or65|Pj+p$GPuF7jBY&Q|te?{G;d)ipm& zG0DMZ$VtQmjTv9;qfRG1qEQF(cJ-jp8eX;ujvTw(O(MR)1@|+u!RBzP}u7?f3WgcfNP`p6~5$@4Oi7{;j{Y-|u%m_v-oj zpNjRbPYmxz0H|O8gRSlD!usFcdA?r%kMV4vW0g+E_#=%NH+x-T@PXsie;vMl)m7RN z=oK^|vcNI%0?Y}TV@{OObFyOiW#DzkTeXARWm`*`HzQ3U?zt1HdRwwbDfB@sjR3D z`!oJdFZkSFsH5?qV81b1Dr{HjSw@3Xg>&I-YSAc@-U|DLsP4 zrkpeYGR2D|VZF(7V*&Xk^?%$zW%{GXIANKd8lN~7HFnB4K@qzld^A(tp0ZGGIyygTRVnjRZqCDw!{$ad{2BHGU@$3ngkL z@>7b-5RHA$O@i zMiVPkaZ<>Hz~ZwaTPh1uE_ z!2gd8^_?Ht7rl~W%*R9>`Tov^fUJGg!BON|n4vacSYkiwIEE&EhD< zkh$Zu0B;Wkm6K6w8qBVEIL?T%xE8%B4)K_D6{MbOSO3)&B<=w$2cc|_G%Mdg=EbFI z7Tz5x2~;Ri>YN3Vntz4*64$?k$0Q)JDej~`Dw(3iecW)Uf~JDa-lIzzFXJK6dXRE+ z%jiT3)@4ot%)wEzzs&<-W7ldK6&i{JC?!0AL7$3@D&;Wc=jp^qO?$Jmig zpF8N&r)~<-ki>>v5$tBhN}TSRa2-8y9@;=&G}}jmet(+0nUX0iok73CPgA1!R3)fia!O)!~o;7Fs4(2JXtTBM^uOGiWux$x?moD#Qej; zECtprGaN;!(Hx-(!9hGxddG|Y3&}JCIwv6!;*7JQ<{*iblThXe(_qHQ<%AP4VS&Go zp6kt&#uNv~B*2Rc;<3;dNx095aLWArTQT!IB7_A=ac(&}HjC5ZFoD>oUufST-RUe^ zwr8cy?`+?vDqStpImqMsLzGel)wUjgB!e12A+WF)UGu2*i^1<&So*V`m0hu z$`YDbHp+MvtXjDGAgPFPbi??yKv=V9UT64s?u2lBj z<37C4FPhX@^`%-odQeFI`R6@nsJH*Ct4Qwef`xZzqu&0%HP{~P=IsA_gTdPW>rtMM z4nm!8)jW6hQOAhMa>~1U`WYYhe2zzPx4+j@?>0J;m2_en2Sip=1|j`&5y3mu|9rs^1qV)bd0U7vya{t$EV*YtyWi(NEwpPg}uC}Q3XV2vMUEt zA~CH5CnMgh1R*bptpp@1wzUV*k{AjoZ@^?Fg6hUyJ)BY+^w>0FAqhX*s5 zX4WwYXVVO7;Vlk=PBs=x2Mj0qmoyx){JR^>!~8oiuH;{aEF?Bd_^o_hND*xr&QyU} zq=?Cgc!h7Z+$z&0RThuSK;Urk%cy`)`Q(c>wph|?Bb;y+1SL>%Z+@#CSt`xm;{Yo< zw&d_i2skNIO32CALr};{Ya-M+9lc@knL3@TD)WZSZAO(ozb%XJ@?FqoL>a@=ebK%$ zRMpXafw`a(@&Fsq9T$&f+^PemN4O;R5?!YOaix`QgVQSYE$dWOb+`tboi?~-TrE8n z@lZbUf+4J7BPd5-&e*jI3}bm)1%p|u+A0t-MzuVEZ#j|dtFzIw%AW-%b8;>2!=~#AMmq<^P;{rii|H0v#xz(jJz9Kbi%> znm#7p?rfU$|pd!o8^<$QgG=^ zrOI{9=xmp^ywla{<19E>tt8M}X2R7pxxD#sB`8_HmX!w5PNJ#XQj){?mG(5_1=B!y zIscamqOT)}I-)?2qJh+cXe)YZSCs~IwQ&5oAEcEl#b{~S)p)+#74^oAp>u1tx-ioWGzT-BGvTrSnG{x0b zx@xOr(`-A14|(%K5lamkTdPqNp{DK}_XBUlE2ttzrkDD_Hk~!&bzMog=)UNn%+_dq zZdjMSv;lR~vXoRxjaSuzUdae6w~8w0O=94Ew2_`LHv=zcvFP3wQtqTEeVW%2IDv#^ zlEw-oZ_el+j&W7lx~iLLhx9h9S<}1u_Zv_#-lecElD;36OjHYHO^d&2 z>DP&4%_n9pxN^t-k`s?_Wyc}M=HjWMMA#p8^mW}2*)2<>j-9Y zcXu7<4ZDG>w;m3Y9T~1p&M8JT7U<|)xabTnEF(@v$`9YZFUm$E>QNjZpLxPzA)2ro z`%bY0@aOfj{8FFB^?x-XK}5K4<7m}T5Dn}9`A$Cm-&VihU;BSP%JcDK?-`oY=|0@) z8PR~q&Guj_(c(?WK6=*s^vRK>oRbfc$z5aL6ava|9bK-gtB=qG^)wv^e6A33RRGkXC&OeEQ z4dr9mf*gWCL*ik{j0Bq!^pE74n7(HOp#$N9D%|8z3G3ljz!QC8=J?HpEGyZkh=}*p zbxub}$8b^bOGgPR^WiiM$|}FNL3bb$INw6o z_Yd07XWGXE2?~gNt}vwPnton&QCkPxm!qK<%>2S|T-9LVvq{AGN&|H*D$(OhBXr7d#T(m6K&p=)ORC(WKV~c@ zx$zdEsH>lTceqf148@q#Ic4}Vj#5n+%MY?!+Jn$sIn3ioEpfNJ-w^pG^hmbX_ChM7 z*E|DPEfwNdDABBDT=uERilB`%YWPb-Ms#{1tH{P|cv9^=!U1#8VIUW@xo7yc3Y3P$MM%$_?T#nAM^2ElOUYa(;(b(8Ww@_EdWRsJF zViM?dYI0(9pniSB+aNJ!3W+MJ#)gJ*q41tDt|wt(L^=gJh}MYBLLbpk*Y3>(?}-WK zq~|kFa*Z@3S+0DW}v2HNAR6C+v#Bfh`6GE8DZo-&1 z5t)-vZZUAZR>RX-+9x;(Kc^hp(K8(S&mb0tA!7-BCI|;%4e}eR^Vv<<9yC12rlWcU z(z(vn1&CB&dL;IGG^DZX%kisRooO5?li*FmlhXYGzu6og@J)8$+E`GL5jyjDAtoIp zX5J(_V2HjK2!=vJeB!(4)DG)lhNU5<1JAraoH#qhtlENgsf0H4{34K5Ye042cBgd{j97q1aLMMP@A{zMzAxr+) zP5$CEvVVu;I(F| z-sL*UEZe0s#XITTS3&Gp6k(O=9-{qy{ZSG~LlcT_D(V9n)weH+tDy-=a}7m+6zdyO z1e)z=u85-A+9HaSYl}$wZs@LvB|%!HO8PSLo1p0RQU?XrP&HmODQ80&M4U+mXs@~v z=U4jmK_}+exUY9gKFj^nBO#nl=UAGGX{u62f1uOZ6os?tP{$iT{!XXMGj38TV^c^wZNisg2}v+@0IiZ) z%1v>>W?WYnM7FC}ID||C@lEZc0p??34JRU!Z6rIlzzg)_PiJ~0uMhwKtCzfCS~b&x)9OoSQ;{z|afW+B5r=1I~|y@jj1c)?;55qInwZaBxmnA6agVkYn> z6IaQwE7{~h2V|Wg4SS}1$27*1egbpFL2#vd32|40z@RVNY()47(!Fx4K~vXi&MJqx zU5V}PnB!=Ix*coV2pOMZ(^7&SIZeKA*(h;r(v`|d0jBTD#kP-b|E3s$*8aiw2`01) zrMhZKs<0Z_D&JUw=$OO;F>UM%a}u1|z#@XL2}hiSK5S%qvAY`91w%Mo#1lK}EAbJ8 zrldMAx|HV`$9$nG$$idP+g|8^B=Vis=moME1bmz@5rZCo&So)D%PF8CkqA+LFfDVz zZYsrEIcoVflNhEXt#>5SG~UNB85bm8Nh|pRH4y`u<8VySx7TE`iM~~=Y5yQ^H&M+Q z_#Zz)dGzTMj78VV^k2c&h7^+%w%m-A^@&y0bMe@qX3YMDr$IyQ0yeB}$OWMzZ$S?s zjoB*;(dDQvS~Sx}cFky8Bi#^65?CjbUN^|}X8HcSNc*z{8Qg&sT9ZSLBv39@a5-t@ z9f4C|#Rz6{QMIj|>xg;*&R7OS{<>jWH2)<#S%yf<=cLeX(coInP09?jZVD!rDryLf z>?e*ra+ZwpyC7Cq(X?_&Jylaw4tO|PhG37~6r$Uv){9+!@ z*mSZvLsvBF6kC+=+xE~nv9>Lr2K25eo}*tYG;%)NwY?y6O>{lNGniH`>sg%T!Wk~r zVuAjoV0UB!iCF}&fsR;2lZ?|4e#Ew42(?-u>KYwS;*60*`-p%k$=Af?7RKyFFsmv< zV>&z)z^r67%S{_Ty6KHG$#UvS#(0cw^XHk_k^g)#Y%!#baZhvHX3ID~R6 ze)@^CStP#=GE@(e+dg{N0qIXnI-97|_2j=^gu49I2=(G=1VYKPR6gn0{&@<2ujRVW zW!$Y_a`J&F?`Jrk>?iG1LdY$le0ANoatbj^s&wknki<8{m^`$^CCa_kz3pksn2 zR`sI1dSS0gXWFr6rI(jPF&}3{kxsW8GM{uMDi6MW^5&Q0ldCs}uTP$Ka)r#K$U=v& zPcF_5j|zp%PCKNb-^D7H<-x~~)w`$_^D;XT#iD17%e}UfK|w~UG$OPPYn2rRy4`?{ zyAbXBK(^C>Oj$t%;O#mEzuTE?hAe$-Sl09SWD1~)?^6HnvJCS1!)?Mi_2k!0!nFF{2MV84H$sN-y873KS(>_+1 zs|NjsmTUB6a1J`-bWQ^@CMUwfK`x}by)b?WgT*;x@k<&Iu@EttX2favcsNqg*D1+~ z^FC)$Ucf(m^(ylQ`+mO2o0H3{^TU58Z>#i$T5YU_E@o-gZ4g&I&WbS{9=|?)(=aym z_Tpa`m8E|?eRF(uadQ6l)RG)Nmj$Mr$EKiG)>4{4G>M$)Y+jzeIla30^~dv*!?Tm~ z3_`Vx*pUR>X-!_`2G%Tv%`xxsS(r24)S7PU4L6r?n4KIdzC1twF3omD!k8~2M#C8W z72RM8$F9bKD>+J28J`GNhMX8v6<;rQt!7R~**a8&-^C_n4Wc31?aL(r+*lTrP=Il& z!*z4y4x*(xi_iGTp!C@PhVg66l{cHvE>*VMBOD+GY@A6%aXlLnFAmiEt_NlQZfWW& z!fI>Q@o-c_(oAc0Lvz#D~$ux?^ zLDu{@3u79fckjSZl0V_Ry+z-edZuMlOmqfTcA4GDJ|eK})nA}^aCgzS zPB+m=cxe7^k3Mhj|6Jr+Mk3}2!|JC+9a%%TGO8N;wd7MJM%7w2W!KLciAcc+nUhjSnlzO?=;y`pg8cn30 zFrzUM2bZrdu1=1Qe?GZ7zc{@5=jr9oSBEDTSA(q=S3e!SzPkANaBF9GGc9#;blgy` z0O#n(qgHTA%hf=u+Rj^g(4-iNIGy8|bg#(*oJtO0TGcwD#X zuX+~JKu{>lSRi><{p#oBj~Nm918<#-beiQ%Iv?qlN=K?5%YE!M5kfA=Bu`!t46%28 z$zHLs_$55yobfwOSra#}a)v6h)iTy=42wBaVq4zVwVC{b@xPWL!xzdMt=+r@Z~Sv| zt17&_kHH-?X{wWAovb%G6Pu zq!9K**uH*bG$LNSkKV8gZ$kW8kWM<&84mW*$pxm$ei#Yd>)gyvxz!V+?D^s zz1GfetF?`tWltPXl!kG4m!Y^j6d1fX6nBT>?pn0CyTjmvGlk+(+=@FChvF26DGtjf zo9u_(WH&i~;3oGbH|Ldy_G@|cKAOYquyv}iJ-$}}9uAb1hjMYKrPHU3@hvaouJXqZ z8b_F)XlV2yDO}|R%4Rb6+?@>6j2@qz-6w4wGvKB)opHZsOPpF`mtHnh#>LIj_Pnyqn8~KOr_rYNskVA)u zH|_%Z0k4C0{r*OG^m^m%IRDkW4?GC6ky$#VuxSe5=`~R~#!_$nz&*G>9>lEkIm5evYf-jfj|* zP^NqhsafSfi3w^-$_hf7dC*#2>Ln8%`bsjN;zEzigNjXU)|s%*cuVF<2_o}WXR4k! z-ECi-(X_g*zmE5*2l+0exLGl(O`2e~t>~Df-|_;M;k~8dh9P$M?@wo=5(2@VGwX1i ze?@vMTEDJgac-HWag*r(kY32MZ;e8N;r|CtHl0lv+wG(716?Y5EB9x8q6IU>^EACMQCHNSN`v}T>Y z1-n1${nSmHGpD(prZGK72 zxrZjm;~N3h?NVwYE_&syo7)&|+LCUuXH7u_*eF(ec z=ZIrYU|rJH#UFqSZr8#^G%xV+&)DWG!NA*%q=cZD*D_f@R{|D+`SYY03kz97v}CZ%;3DrJ6a{xq(NV6*_)5~F}Vxl4D*G9Ifm>km|^;sBH$a@ z>HE#g-w1du?A!de`g%vAs!ZU3hv>*n4}m-g>U{Z$qID3SP^nI^7qVR_0zw!x2WHt<< zN12MTR^z+g3dwVKx$u$0TmX8#7pd2eZ+|tAS1Oqm5w=6ePkX{=0K4|7Q=`%N+{_;# ziaz?4WJrjLI!Er>rS0VG@XAXv*6YEu!70NlObJf+wzJQ#_+iQA#6hh3o1#N)1`NL1 z+yUA(DEg+d(SsN=!4D}IZRW=!P zXfUdd%fr3%OEFDQ?0ynULCN;d_gZTN9*;5HqC_-`QS>uTk zZka~p2ZUo5zYBYEi>!w804_T251uyy5Rj!DC+?=`Ir{RK$Oz7}(BmIW7_|O~^pH|H zYvTxaoN6(RqmuqbW@U+m;f8+R_+JVSKVG0m&wH2G(r;IPSAIOuGIDyx1!gTM2D-zo zn;wM~Jhi@Q{|??jMJ@LP@Ti<`%BH>DP2D`dOy_U(3B5g)ijW^+jBxL;5U1t3d8u)O zW_zQWKrE0pR|*O#?FpJM{qjokI7M!~kz>9J16K^d&OuL=Z{&IxZb!o8Omr4jr(f~h zcuFXv>juMJ3OeM+N}?mwG`$s0(31;iz1DZ*YT~lp{x}xVz7s=nxNm32pl?A=1{QT`!rRu6mczEhF zl8>JB0KVf}r>)X^J7kO+sZ(9A3Z``W_!#Vh?fy5|-^Ksz?S*Mt_D|+czzs)=I~D8A zKNr>BMYEpe()k~(4Cx4BzXYXDlN405&a3-3lp+`2aIa{nkV|1kjITy8Jgx}>Z_e?4 z61Wl|KH9rTp*I99vuu_pEabK&9YBUtmX4+j6NlWeQi$twk|c-zIs+4F^2HyY*WC(4 zpK_EH!bdFMR(NlH=DTqjt*P_zIiksvf?Pofn4Yk6Fhb^HZh)Hp?BTQ(oPd+b&x1G8h4bma|EPXhXH9Qlv$Q->jm@ z?3Viu^6E6mJ}o)ZgC)EuoTsZ68^x`CsZj$41@jb~BwtxP1t{|t;4Zs_U7yMbKhtPg z*_SJ9IM|0t&9j$K7X`T3Tzu8vS(wuim)L*RK)t^}UJFZQ8Tyq2h3Ktl;>~bAa-tPw z5_HGF33>OjpDt>1Ni zEv7Ej)@6^AYHCh`x~yk7eE_{L>h3!@bJV?dwQ(j6x-`rbjk98YNnzVB41U<7H~ZN7 zrmw+aUzy$*LAC(^L@bQ+Tdi!@Fx(owt{I1Z%&5U{ zIWp0Y42hJr-@UG|G%PC0rFvF?VboI)h-+Ia9%u+7882-G_cS$)itoV6AL{%a!uez%c=W1#ByZ|`mOl9Df3GQc?u^r^RsOKZ7cH9G%w&Ycie zNBr+`Uz^9dYf^JA;BQMhdUKb0gXKO=T$O~%!%HpEpn4$UXur-C0U}7uu$Q$nP`BT4 zbu-Mc+TPt}ysVg}FwTJm8YE<(Dn^T z=5n#cefo8eY4Li|1@=v<86cgVhZgX!P_do{KdM%Jxl7Ml zqLBQ=zw%ai;k3Uie(ns}6&D*z6CB%ccb)Y+xUYgmzNRb<{)uyR^sEQO=cj+F9B$iJ zQ`MJigbk)uY+Uu>2%Y|5|fCTu2Zff0b9Jr>$`{&JH zDtsi+qDpilEXH}n)O%iikk{5;)?bpkHoTsfN4}!HV&c+Mn&b78`f%gzDh)dNeTNQN z!2O&5DJQiPDnTYyCCpIlppXf({zo9psns+PbU}o@pP>0m&)Ak#xEXuiVb&h!eRq-M z-i?eB9uu4%6lCT6D$^IgTLd;8`w<$stN-omRcBc8WwxbU%y@Vm4T`}znfOEZS{58xT>1~Qa`;U1%^wY|2KA+VH(!32#DnJ37mu6- z4hz_xs<4R`76mezG_kYq{cIcLt`Hi$WI-r+_Hlyb)Bt8)rfVbj6t3=juoqqa$fs zTwG+WyL=sm@+00GQnSQ_Ktu6y1*!*hN2o&Q=I5jAQ*kz+TUY5$u4Fa!hlMS9Hl7^o z#e#Bax4-aeP`r8CQ6t>Q%#%g0GE1U8)|if)w7Bs>b(zWZC4#f?%hJC`QF)Oa0EmG)AKXH$TiNY0xMj|ldhZl0Xl9kYk(D&gI?WG)ko{Bvh zQ?TVTeE6&9Z5Cm&W;WY_qRrF%upfkr%h|XWK(k%I67I7E*scV@7JX)*Dt!Mqpi(bq zQ3ea8NtbC}8L*)|OK7DUKd5KM0poH;LZ6iup)h{j*V90FxrB!4hYwvM{AJ41pR6ot zQRVr|x`!}O6q7|1xv<*?vL$jBaq)x-Fi1JsV4*YFN~}UFO=9zm6cWM<-6AS#arHP8 zrPm(x_u14KH^rrB=}BNajfvzvysx6@=46QJmnW%bQJj=g5LAhA>%HF<3YzYKYth0v zBlDg9PxU^^<^){SM)FRRqv=BkLx3pBCk=)xml;eO%Aaf3>#x})`ih(1T6kUSz^2sl zuY016rDro5zct@W?TdAWWM_pK5brd%+s%X_f$tz zbTBV_VTIMWI8Q&l*g0Ks`uWcbt2`&;>vBknp+@5z`H+o-i$fx`voFX2EbG$6~ zn=^_MkKVp{=J_$|5P{%Hd zItb7b$Y~ybKSJgrz7T+$x^g{{SM+;CwK9i=5M%MV)60i->*GqBDRehuGFfP562|#q zKswu9_AzXT(jrO&p5M; zy^Q}{)@s+jld+j3m*95wLg~b=Q@qNi-T3peU88PQ#YSRT!2-C4ZkXKC14@8-1Z8|?>!%9#olH_tgPLC_kvM9ApuRMEB!zPNoXcvnwdMFnz}iFR`rvf(weTN7ogz9 z7j#&dJ7b7^jST{Rg1=qvS<0|mtm>g`I@N;L@l2KqpPdXxl)jnNG5%6YKcg3svz+Pt zyvO{=`SIxP>1ex18$0*Ds71R+%%So86DwzAL=B5G`@ABOW0*A^aD(435NVvFV4Fcu zLhMTrK3zXx#NDO9B~1JL*0H+=tSv3(iw{VQNnY=o{0yy%wmTXkwW~TSacUT;iozJd z1qr_zVWjKMQIq>HiobeVSJRL^E)4ttto^#Y;GK&FRH>Cea)6k($$z#TQulvFLx3ln z4E6BBJf!|Np4JelMIu$KavqcFus2p#EOZFq4hm~e>J3@ZE34moU^n=QwUV$DfzXlD zt0O`!Z)&KV)CeJ8!P}6c>2aqqACBQ{U8c8^W$8rOxzzZPcArNdbz0BD;H%=K?$dsy3$JCq8~0eVzP^n@442Dd?m()4z8^QJQxz~>iK$Y>+j$)qjax7 ze!VTz!zXUr9Ak=)xASdkRLX3h(i?uiQsL3n=lOJ#*N=v65OcSAi3ZA+l*5ZD%&EkP zK5;+QbScOj!RkYM6V)9RAt*7gFESuepS-5Yh3~oP3Xa#2T9Hw>ZELXc8a(D!Pf^!w zSh@64>X25n<3uG#LRnOHhFck?p{Y#kn&TY|^)p^^m!qh!ao}>DBUR0nAqWo#NcbUR z)p(V>jHe`xYE{c*r84Fom%%XybxX76q7mFWG<>3f|9;ahU(*#G)yfn&{Qk#?q`Ad538BehFcLI(emQjft?hZZKq!!0znh zT^DP}m~LQqL13m_K>(IEerkyw;-)8OlL)iiw~^JI_OpN1vpmRd7RA{jgY;TP6HV50 zADMSb7au@hGo?5}>o=g^4OSTWaAv6(er6D^E*M!k;~3>#;zN<1Ir&UsWee}eS4kYB zSfS6FlDG)}k`hU^ZSbGT8|Ot+W0d;mG7_FJ%2S12F*N=X1Di{25qmZ%@QZBC2cZ1vTkZ3(?2 zblkAZ7SV@UXk1Ap^sq5}QSaVaIW)uebMktoI$KX%QB#Ulrhy>YoUrWU5FU=Y^KFeY zIxBa`evT#dQbm}gmG%zaCNSd3+=2rSd$ZuJLfs^T z8A-!%Mctb3LccqBi_!6D?-}@2Nwx z&ihD25P{}^6me@{{StflupZLI5!N5-F#xV}mtKo~p2M-#w7q#%!0LUkO<`T3!FK3r zu2v>JVZ?*gsFlnM420v7lRdgLivOgQW8HH^Pjo}4V#_#Orpsnb)FjEFQIWH3)}Ua& z*+PE0t+^y+a}-=0?H0zrCaGhq5aCq6;A+O>uYLVo);Ad*LvpSd>SJ*rS>)zYMnz;e>Pz%gGA_}ziM1<<4qmk+;vp`p8~r0(%$w4nreq6_ zhiV+!lt!YeVS`;&dRfs#F$HGHiN@cw`n|HJEMy1Ci3ak7cjdg!y6a1eVBMl(QwD|v zSx?`Kb*fVF@RT${RHT^S0kun-gW=h-1il{6_zm@}`b#AQ-NPStN%tVX)18rS386AW z1X%TQ0edyc`8cOUBbMvig2MCx7^t>gotuX}a{Ba#Xl$e|?pd;>9SM97dif)cx?O59O1& zMA>7JG%Mdgvw~RB9S1Q|(s0eeKh({#HW&J1_U>pu!_{Z{d><`o)c5G@H!07bS2KNM zV(Yf_K!B}+-x4~XBll+~TnsWA7A)A!(?*!}2q@hTO_ohr6#{lk&`x=T(mGaHwB3=& z(A}o({=}8suM^-ir;~@c^K!|RM=u-Iab~G=XRg9sDWrTpyE55-8*5j?;h{jSp93l)JmX@r zXw5KaVvGo|aGe<^`=@&o37JNZxcsDT0Lnag!j=8v0_JPhf+vab7@M5i2v6(WH?(D# zliWn`#|N3C&~jKs9GOrGTd}oGRx|n)5j`k}0?MQ12jiuHp|_Kc+0ttQQZw+9l;SVP zjf3l=Z|Id(?sK0#dY;P!-{w_<9fY&qtbANt>ZjhWNv5;%--b#c{^Kuj2lS};CN|gI zbcJK?-QYm=fPtyI)Br_~E&w8LF%}CY)2!m0{=4l^DZ3^)w)rGM$C+#RHujzkqYRX? zB8l>k;ftL?MW{l77fbg0)Nv6i_2U?ng(!S(O|Dsu@wIzmAL@+d&|(#YCAz|`^%xbM zipfT#&jK}K)zNFmJE!eu;Q3Z3WsI#bglDn6ig6Zp6Ei7;*}V?34iC5X3CelUbxRa{ zJe@DGGToyqai*xBd>qz)58X^f(%;+7NiXCs$RdpPMWM$;O+Eq2Hb<%# zemLR?cRB_IY{q+(z;oqIs=xcq3$zBm&54LaKy+Bf(0uE;ipD=>B7Ls~JQ^J8i{HI8 z&AhGu*TPxHp_KXUV(KOz^tyZ@zGd<^_&?)+gG=7dK oe5$7^srW1ULI&J;)EED2^HNLs^w0wf1M~J43hMQRAwq!p4+Nxe6951J literal 0 HcmV?d00001 diff --git a/src/k8s/pkg/k8sd/features/metallb/chart.go b/src/k8s/pkg/k8sd/features/metallb/chart.go index a7bdffd2a..b3cc9f8f6 100644 --- a/src/k8s/pkg/k8sd/features/metallb/chart.go +++ b/src/k8s/pkg/k8sd/features/metallb/chart.go @@ -11,7 +11,7 @@ var ( ChartMetalLB = helm.InstallableChart{ Name: "metallb", Namespace: "metallb-system", - ManifestPath: filepath.Join("charts", "metallb-0.14.5.tgz"), + ManifestPath: filepath.Join("charts", "metallb-0.14.8.tgz"), } // ChartMetalLBLoadBalancer represents manifests to deploy MetalLB L2 or BGP resources. @@ -22,16 +22,16 @@ var ( } // controllerImageRepo is the image to use for metallb-controller. - controllerImageRepo = "ghcr.io/canonical/k8s-snap/metallb/controller" + controllerImageRepo = "ghcr.io/canonical/metallb-controller" // ControllerImageTag is the tag to use for metallb-controller. - ControllerImageTag = "v0.14.5" + ControllerImageTag = "v0.14.8-ck0" // speakerImageRepo is the image to use for metallb-speaker. - speakerImageRepo = "ghcr.io/canonical/k8s-snap/metallb/speaker" + speakerImageRepo = "ghcr.io/canonical/metallb-speaker" // speakerImageTag is the tag to use for metallb-speaker. - speakerImageTag = "v0.14.5" + speakerImageTag = "v0.14.8-ck0" // frrImageRepo is the image to use for frrouting. frrImageRepo = "ghcr.io/canonical/k8s-snap/frrouting/frr" diff --git a/src/k8s/pkg/k8sd/features/metallb/loadbalancer.go b/src/k8s/pkg/k8sd/features/metallb/loadbalancer.go index 1953420f6..6477def8e 100644 --- a/src/k8s/pkg/k8sd/features/metallb/loadbalancer.go +++ b/src/k8s/pkg/k8sd/features/metallb/loadbalancer.go @@ -91,12 +91,14 @@ func enableLoadBalancer(ctx context.Context, snap snap.Snap, loadbalancer types. "repository": controllerImageRepo, "tag": ControllerImageTag, }, + "command": "/controller", }, "speaker": map[string]any{ "image": map[string]any{ "repository": speakerImageRepo, "tag": speakerImageTag, }, + "command": "/speaker", // TODO(neoaggelos): make frr enable/disable configurable through an annotation // We keep it disabled by default "frr": map[string]any{ From 00236be70308dc70d7d78b4d7e4d7c7811e8afe9 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Tue, 19 Nov 2024 21:55:16 +0100 Subject: [PATCH 111/122] Update cilium version in sync-images.yaml (#812) --- build-scripts/hack/sync-images.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build-scripts/hack/sync-images.yaml b/build-scripts/hack/sync-images.yaml index 55bbba9d9..bcad2c0d7 100644 --- a/build-scripts/hack/sync-images.yaml +++ b/build-scripts/hack/sync-images.yaml @@ -2,11 +2,11 @@ sync: - source: ghcr.io/canonical/k8s-snap/pause:3.10 target: '{{ env "MIRROR" }}/canonical/k8s-snap/pause:3.10' type: image - - source: ghcr.io/canonical/cilium-operator-generic:1.15.2-ck2 - target: '{{ env "MIRROR" }}/canonical/cilium-operator-generic:1.15.2-ck2' + - source: ghcr.io/canonical/cilium-operator-generic:1.16.3-ck0 + target: '{{ env "MIRROR" }}/canonical/cilium-operator-generic:1.16.3-ck0' type: image - - source: ghcr.io/canonical/cilium:1.15.2-ck2 - target: '{{ env "MIRROR" }}/canonical/cilium:1.15.2-ck2' + - source: ghcr.io/canonical/cilium:1.16.3-ck0 + target: '{{ env "MIRROR" }}/canonical/cilium:1.16.3-ck0' type: image - source: ghcr.io/canonical/coredns:1.11.1-ck4 target: '{{ env "MIRROR" }}/canonical/coredns:1.11.1-ck4' From 83c1ffb97d2e8f323de0073d882e15314bb1c8ae Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Wed, 20 Nov 2024 09:42:26 +0100 Subject: [PATCH 112/122] Add containerd path marker file (#813) We need to properly clean up the containerd path on snap removal. For that, the path needs to be stored in a file. This serves two purposes: 1. The existence of the file indicates that the cluster was already bootstrapped and the containerd directory is not created by some other service. 2. The containerd path is configurable, having this information in a file makes it easy to access even after the k8sd service is already stopped. --- k8s/lib.sh | 12 +++++++++++- snap/hooks/remove | 2 ++ src/k8s/pkg/k8sd/setup/containerd.go | 5 +++++ src/k8s/pkg/k8sd/setup/containerd_test.go | 7 +++++++ src/k8s/pkg/snap/snap.go | 11 ++++++----- 5 files changed, 31 insertions(+), 6 deletions(-) diff --git a/k8s/lib.sh b/k8s/lib.sh index 27cee90e0..e31ace822 100755 --- a/k8s/lib.sh +++ b/k8s/lib.sh @@ -46,7 +46,7 @@ k8s::common::is_strict() { # Cleanup configuration left by the network feature k8s::remove::network() { k8s::common::setup_env - + "${SNAP}/bin/kube-proxy" --cleanup || true k8s::cmd::k8s x-cleanup network || true @@ -94,6 +94,16 @@ k8s::remove::containers() { done } +k8s::remove::containerd() { + k8s::common::setup_env + + # only remove containerd if the snap was already bootstrapped. + # this is to prevent removing containerd when it is not installed by the snap. + if [ -f "$SNAP_COMMON/lock/containerd-socket-path" ]; then + rm -f $(cat "$SNAP_COMMON/lock/containerd-socket-path") + fi +} + # Run a ctr command against the local containerd socket # Example: 'k8s::cmd::ctr image ls -q' k8s::cmd::ctr() { diff --git a/snap/hooks/remove b/snap/hooks/remove index 29cf572c3..e84c36dd9 100755 --- a/snap/hooks/remove +++ b/snap/hooks/remove @@ -7,3 +7,5 @@ k8s::common::setup_env k8s::remove::containers k8s::remove::network + +k8s::remove::containerd diff --git a/src/k8s/pkg/k8sd/setup/containerd.go b/src/k8s/pkg/k8sd/setup/containerd.go index 2ec27fcef..e3213e4c2 100644 --- a/src/k8s/pkg/k8sd/setup/containerd.go +++ b/src/k8s/pkg/k8sd/setup/containerd.go @@ -159,6 +159,11 @@ func Containerd(snap snap.Snap, extraContainerdConfig map[string]any, extraArgs } } + // Write the containerd socket path to a file to properly clean-up on removal. + if err := utils.WriteFile(filepath.Join(snap.LockFilesDir(), "containerd-socket-path"), []byte(snap.ContainerdSocketDir()), 0o600); err != nil { + return fmt.Errorf("failed to write containerd-socket-path: %w", err) + } + return nil } diff --git a/src/k8s/pkg/k8sd/setup/containerd_test.go b/src/k8s/pkg/k8sd/setup/containerd_test.go index e2f67bd5c..904bd11ce 100644 --- a/src/k8s/pkg/k8sd/setup/containerd_test.go +++ b/src/k8s/pkg/k8sd/setup/containerd_test.go @@ -120,4 +120,11 @@ func TestContainerd(t *testing.T) { g.Expect(val).To(BeZero()) }) }) + + t.Run("Lockfile", func(t *testing.T) { + g := NewWithT(t) + b, err := os.ReadFile(filepath.Join(s.LockFilesDir(), "containerd-socket-path")) + g.Expect(err).To(Not(HaveOccurred())) + g.Expect(string(b)).To(Equal(s.ContainerdSocketDir())) + }) } diff --git a/src/k8s/pkg/snap/snap.go b/src/k8s/pkg/snap/snap.go index 8645fe408..057d30cde 100644 --- a/src/k8s/pkg/snap/snap.go +++ b/src/k8s/pkg/snap/snap.go @@ -339,15 +339,16 @@ func (s *snap) PreInitChecks(ctx context.Context, config types.ClusterConfig) er } } - // check if the containerd.sock file already exists, signaling the fact that another containerd instance + // check if the containerd path already exists, signaling the fact that another containerd instance // is already running on this node, which will conflict with the snap. - socketPath := s.ContainerdSocketPath() - if _, err := os.Stat(socketPath); err == nil { + // Checks the directories instead of the containerd.sock file, since this file does not exist if + // containerd is not running/stopped. + if _, err := os.Stat(s.ContainerdSocketDir()); err == nil { return fmt.Errorf("The path '%s' required for the containerd socket already exists. "+ "This may mean that another service is already using that path, and it conflicts with the k8s snap. "+ - "Please make sure that there is no other service installed that uses the same path, and remove the existing file.", socketPath) + "Please make sure that there is no other service installed that uses the same path, and remove the existing directory.", s.ContainerdSocketDir()) } else if !errors.Is(err, os.ErrNotExist) { - return fmt.Errorf("Encountered an error while checking '%s': %w", socketPath, err) + return fmt.Errorf("Encountered an error while checking '%s': %w", s.ContainerdSocketDir(), err) } return nil From 8d20f342e4237be9ba261cc11911c5f77bc91c00 Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Wed, 20 Nov 2024 03:48:12 -0500 Subject: [PATCH 113/122] Update coredns to 1.11.3 and coredns chart to 1.36.0 (#806) --------- Co-authored-by: Benjamin Schimke --- build-scripts/hack/generate-sbom.py | 6 +++--- build-scripts/hack/sync-images.yaml | 4 ++-- build-scripts/hack/update-coredns-chart.sh | 10 ++++++++++ k8s/manifests/charts/coredns-1.29.0.tgz | Bin 15271 -> 0 bytes k8s/manifests/charts/coredns-1.36.0.tgz | Bin 0 -> 15787 bytes src/k8s/pkg/k8sd/features/coredns/chart.go | 4 ++-- 6 files changed, 17 insertions(+), 7 deletions(-) create mode 100755 build-scripts/hack/update-coredns-chart.sh delete mode 100644 k8s/manifests/charts/coredns-1.29.0.tgz create mode 100644 k8s/manifests/charts/coredns-1.36.0.tgz diff --git a/build-scripts/hack/generate-sbom.py b/build-scripts/hack/generate-sbom.py index cb8010b25..3303a23d4 100755 --- a/build-scripts/hack/generate-sbom.py +++ b/build-scripts/hack/generate-sbom.py @@ -193,9 +193,9 @@ def rock_coredns(manifest, extra_files): with util.git_repo(COREDNS_ROCK_REPO, COREDNS_ROCK_TAG) as d: rock_repo_commit = util.parse_output(["git", "rev-parse", "HEAD"], cwd=d) # TODO(ben): This should not be hard coded. - rockcraft = (d / "1.11.1/rockcraft.yaml").read_text() + rockcraft = (d / "1.11.3/rockcraft.yaml").read_text() - extra_files["coredns/1.11.1/rockcraft.yaml"] = rockcraft + extra_files["coredns/1.11.3/rockcraft.yaml"] = rockcraft rockcraft_yaml = yaml.safe_load(rockcraft) repo_url = rockcraft_yaml["parts"]["coredns"]["source"] @@ -215,7 +215,7 @@ def rock_coredns(manifest, extra_files): }, "language": "go", "details": [ - "coredns/1.11.1/rockcraft.yaml", + "coredns/1.11.3/rockcraft.yaml", "coredns/go.mod", "coredns/go.sum", ], diff --git a/build-scripts/hack/sync-images.yaml b/build-scripts/hack/sync-images.yaml index bcad2c0d7..d3a5245f8 100644 --- a/build-scripts/hack/sync-images.yaml +++ b/build-scripts/hack/sync-images.yaml @@ -8,8 +8,8 @@ sync: - source: ghcr.io/canonical/cilium:1.16.3-ck0 target: '{{ env "MIRROR" }}/canonical/cilium:1.16.3-ck0' type: image - - source: ghcr.io/canonical/coredns:1.11.1-ck4 - target: '{{ env "MIRROR" }}/canonical/coredns:1.11.1-ck4' + - source: ghcr.io/canonical/coredns:1.11.3 + target: '{{ env "MIRROR" }}/canonical/coredns:1.11.3-ck0' type: image - source: ghcr.io/canonical/k8s-snap/sig-storage/csi-node-driver-registrar:v2.10.1 target: '{{ env "MIRROR" }}/canonical/k8s-snap/sig-storage/csi-node-driver-registrar:v2.10.1' diff --git a/build-scripts/hack/update-coredns-chart.sh b/build-scripts/hack/update-coredns-chart.sh new file mode 100755 index 000000000..04e4550f9 --- /dev/null +++ b/build-scripts/hack/update-coredns-chart.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +VERSION="1.36.0" +DIR=$(realpath $(dirname "${0}")) + +CHARTS_PATH="$DIR/../../k8s/manifests/charts" + +cd "$CHARTS_PATH" + +helm pull --repo https://coredns.github.io/helm coredns --version $VERSION diff --git a/k8s/manifests/charts/coredns-1.29.0.tgz b/k8s/manifests/charts/coredns-1.29.0.tgz deleted file mode 100644 index 47b44f4423c9dae64122ee509c5ff904c8227f07..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 15271 zcmV;YJ6OaYiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYca~n6ZIJ$q&r|3gvPptgJp(t6h!&AOhima@4H&%2ld$;!b zq%3d-B(a(SCIChfWBGpeTX@Z29(;(T;LcX?d|=g|NP+j{$BsZL4WrzyZybxy@S8N?&gQmd~zWX z|I6;$ebs^cgFJ{*CXpnJia`K?xFjPK$w@v83F}1@M8{YR;4T0F=)x7D@c_*0Sib{^ zv4}XyR2u_09aF|J#CevG2uTb=aze)f2n9L8Fv^pJq7=gfCmH4-ahfGa;!67*r|i1D z{deXQ#5m(vbr3@b(=nlV0AnVzqyr<)Qr%Zc(*erJKQI@%iR--pWm)mFANKoUKdAI_ z%s761b^$~H0`-T${9286f~10;PytzzkJbMXjUnUgn#5SZ-}52n6iX~rwE*A(^J@}e z5lmQ$2QZN`6N6sQF1wJhfJCat=7%0h(HM)K9m}UpBX2|}^=V~ofUahw#d#3Ub1P}+^s z=~ZA}x!wfJd4zS#4u~<)1QfBe!`ofCeJw*m`c^p7W}L^KT47*hzv($GzCNfagL_IMyBWUJV`Ea#IY2isbzmb znhU9bP7%#@8xhA^Hd(2sIHt%@gl#>JMlDJkHOyAiS{*I@n%o$2? z5OAzH^)bt-96(>aC>TCKLQ-NH1BkMG0R7$FRR2nGswcI-_wp^#6a8zB#WH0B&XR=C z@rNu%QWHsvZa+|TjYy&hOpQXnyU6(%4`A=$uR$O&PYKlmBC_#AV>;tL!x8jAt! z?*>7};v-MlfzMxpEr2M=g~Ysza>+!563oNudo4AKLvCA; zFcklQ5=0}f6uy<1Q%C^>1V^%fK^%~1Lk#>?4 z=MmWnH4F8gmw@_K>=+)UJZ;#P==3CojMvGf>c37g^=kSLgi zr3GLds1k??T)h-Z@Pt9V2aCj@lrWHS!W70JN|12kGFQS<$zCnUj0A*?#Ug|c?o-L5 zfQ-Cfp=aMcF{2XSsus#Qw(ks8`AyUc z=+U0DSm_5RRG3bX)Ixx89795AehU%G(2yhw6$%MNZKN2NK=X8nISg^aZlJ%r_gpI= zLXa`VF+96GK05z&cJlty52t6ZKV6)>`^V|=$>nw!)P}CtsOy4Y%U)3&J3iZmdMiOt z>O;RVs>$p|jojPUaU8KU#Y(OOTZ@G_ic>;~CL2pWy_kw_lncqyuI9LUZz+0PcG|l} z?x!g0GEFlgutn4!OASkdV*VU}S~W%h9PGOVP;d3mPFmBrLibz+Kl)UxHE`=g}1$)O+R_#nW2H{g?e($Ep-* z>seRVO}=yGC4*mc%%@P!GaQ|t>ULrzkypDcp~smaj#4bu>^c4sCM-e;5ZXm?%tOR8 z1SC7uf6RebaRVS!Q#rQpMkq<-gtL4+nbRJCl!;P;s%T2Fm=%2FDdi7|SX%sML?j zcN7neHextenk86bz_&>K1vf-a040fLhIZAd^q^-ZOZjK!AZix8^)73)D1H$DB7z5h-iWpOfpf7rx?$SY8`lX zGa=Cg@UJ;a1axAms&&-X#G012E8`h477h^)YrUCj_GK>cCmCf%xRoeTGFz$*V=+%^ z2&~*%;oD5@+l<8Fn&4!VDbad^lSKVLkF!DyzCOE9BqmwJ65Da>vjt~NS`nkWzadGY zMc@tNS4vhYzNa>+C=tvILMsf3P$GQHvq+C*fnEYB~%2jhn}hOe;>yGA->W=(TQ<=7}VV)Fnx=TJxn?E;|O1 zX9{EiME;jWxxeN{jKL6b)lWi%)cq8n0gd#G7p>U_YTV3$OGd37<6Fs*T~Iwehp_qNnNoDwQSDu!L%hy8q2r5ag5x|P zbZlHi_Vvjvj&kjEDLK4q?E)t_l8nE{JQd!zE~H3Clat$wVe38oH36Ax_+k_}I~NVU0)?q^Z4d6;dOv zzWw~U*qTGf*_qY14utUK%eM`DcR0aF;85>*{n`$wzbk5RKWc3$_Fhy- z(e1?*zA^m8JU0_eKTv@r5hG#@8kUIh5uM(k>7NBZ)h5(#Pj$E+YGzXveEdZ%o--C> zgE-@J$XIOm_$j6`P{O;bWf=l(On>DXx-8y9~t;iO_#IdvWQy z*@CN=;wa0s%He$H1LzbZ)W$EvY_05-OmBm=3I25f^$wh~c*k1!QuVK4}>%E{vtx=N-Ul#^ccmXrc6wA=;){7tTBWPx?e@|s3G|Goc zr|T_fIVk@$?%We=&(J=@1$7%(&@G%9R~sAY5f@RKwlS@OIXPh?K>{#E&oQ?c8^GSd zVXZZ#fiKybF6y_|H;ug|6a@KATjl&H6f=DTFy4%}=(e>KJabk&HiBK_1XHuTZ6@1Q z|EKl(dPcpR3ZpM8Y*hi#KY9jJ5lW&wvAnBmthCnRA;88oLO*;N?*1QVSFFs2?e2r$ zo7xiz-)(OF?hrF9v_Tss3A+I$kP_^a3N~^kB?ZQa@iYL)l*FU*LYF*O1%EVUoI_eQ z@3F$B@7bdxpP^TVz^GY}%61X*xu3`M8Q28HdmeoY3XT zs0^ThW+4+oq5A$ESZ6(BtXqVOY%9jIy|Q(sYM?E9{asjCss?G z3vsCC1W7!eh9V=BqASc5(yg#knt_dORBOjN2#a=r2>PuAu1zO#BXqH#0;7|NrWeZS zMGJJN6$EL+H`Vmn%<$T14^6{wb70tYi{qxvb+fPEw>ocpH}PCk2tb=LL{*<>4lyip zra{E}++q?5%Kc26lgo=HoKJGzzNjVg@M{ORKRpYd!s6nh^LuAMzdyMM<*nRU9}CX^ z?H%kL*3N%C-`{`nbpGQpp3k4VO5F+nVb1?F0%X5@3B1E_l-&T&DJ67V-`pYLZH;Zj zSQx10aUzy)Ck#%d3#3AtsaE29O-!f@SPSgvEoT(aIkVx5odP016!Oa#&1H_w!I5y=F`SgPHEQ;ebRLNjl_e1R^5e+x!4Bqy&rpF^eEgxcf!arc+d zg;0L!xX3vHt!_ORtZZC++qJQsp4UcZwxX+yk4T*Ap$Um(EFc^Z=p> zgU&a00E2G|EOpAMtRVa+FU)@q(iKw~z^T+RF%n&2Krq5LYA2sdT#6OHIXFGHN_=tl zBMh9y=U+CG^#;kv*kcWBFq{^Y^{tORaUDVTW|@ijHZV$rnF|{k+?)>G;4+i3M3-%u;zg1!m6?Kxc`ehO^)d#dQ=`B3zB` ztAn3zh@4axx)~{rRo~v9-tt#!430~K`-mk8yCHNu2!ehHKcSpP6F_jzY$3&5Bx8vf z1c93=o>S-&wXAun{=tgf%U5UkT4|d`WqL*Ehz%2V+l#3%4HzW~-0vXR3*rCK0l+RW z(KyovLC~`i(thCY*XHWWKTY}n$(+m*lb zS8bII&Eb4)b8#F=m2^%kxKn!(8o}Yd{*$B^`DjFLq0=oJQ#?ccZN_I^F{tQ6F|H~6 znxlk_2#x_|nI3r<{1cnjb$O}!P*4aM;t1se8;hlP=0n3fA~=bKjw9BaeRC{8?^mA< zOU6J^s)Ucy3AX2;rR1s(8cz*#9}8@_GBXP-g)Su*+>dWGOoLa;&xkk9Lb8}v>TyP9 zsFj!V#^(>u{+)3`3s-f*58(JSei0w4Q8`v%zQVEHzTi7M9~<> z-QjdlQ3aeLeFwkhOlkn5yWw!C^1oTQ{JQY9gK>CXqC{fhpUCZ%jEQQPj6eGpEuG-yBuLD4IC^!9Us}s!ei4$GEa#!CVwA z7p)(oOgkF%eoZn!*NnsXE1l?L$rQJb zdV&O`m`ZI%w@0A#c}pzKZkMW+%tkwQ#e&wMm}8F(9G zGUQc+Ug+T$hZGfeG$aI!!jQ>{rjGyC$1d9#lUiTTGdXu-ak39QeC$+MA4PGGD)99&ZXnK?SiXa26!Xudcw3a z0IzeF%i=(;02D=x>mW)y2tr2;B9bTIae^Lu-@XDw& z^%7(Rv*>BINYpL9Qrmn5Yx&9w#Z1r8GlQf%h30MOIDyfD&WG3M9q1T6@|oL!=5eNX zphg@oBRyvhUen}54gURc%iv|S+~8Zpl&TSwqh;UoXL!CH;bFD(!u|iGr$6cGPkQ>3p8lk#Kk4cJ zfqJ^TjcSGdT-DBuR=%p9UhVKlEEStn{QOm}MLIl-PX%$76hZktIYzXV7VO)a@_Trc)f8 zAZzPwUQ4ahS8M)Rlbq)W^E#!?diS(xlS=#bwBA4L?rmu(es9~jl4Gv2jVo(6wsGaB z-`zIO#u3!x914xBdYkJauZq3m^lX-^zgjG`*PWIlEmVSM?tofbVAl4m_NeEPFZ}!>;IZLpA5^s&n0E_a!93Ir-zxHiCf!|_=05QuiX4mj@+IhYyOqo;`ZLPqgmHTe+ntiU?gu8di;XvU#}XW*SfUt7 zeMEbXXTKVMT0K{pxLXAj7FHvprI{Ef3b69f3z>6o*W_5f-KF-s^|I2l^i2pw}?_ZAL zw{UsOGW~U_m#IGCSULRLEe;n6{mY%;(Le0n2i@}Qy!vTYu70mLtNugt)@FY(5fQt_ z#q9xedQZrr)@!0mPe74;L5t^l_nFJl(1nr(H^-pBv{&it8l*lDlf}Z-(uY9Ihh^sQ zbL+W}ue}cbQ=hr~e@JMoZ}wYn8?cc7zo_f~{lop;C;tB!&sWs{e=yYbv<+Bs8^99$ z4v%!!PRr)!%s>Fp6v8XwTjcsyGc8a}qt$ditIwmCfNIt;!zZD!(PtU{zwS0*0sr59 z@%(vB|9|oP#S{O3l;24xQQT%o={PDWNkP zNC`E80F?^pc6J4H+pIA2PSu&s%&g(4?$5s8m?Qr;mJEK8{O|AW*YE#0*n5)ykMh)b zdW-JgV&^F}`a&I8Rgqstm0eZc{{tFz914#a$0L&9Qf!nVT?%D8@QqrhFnCpr!b=EO zicEV~#+NUjKPyz|N`6$Pxt^-!_2vhZJMfK8?4rhMqMnQ4koeXP z!CwARbnAyFbxZ>`#=G`0bYFEJrUlbhXdCO+)E6Cl_vOn#(VP7n>P3TkAYBnPTL~+J zu!7zuW@jMP7WXnE>hg*tD=!Ng?C<#<*Jh_NKgBFn^rh;Q6^U_N0SH}U9EBWTX>-|c zYD=Qh?Vnpp{&}CK{4YhorVIcJM00~v{>~TqDrjzyeouE!8I-tYL#lU zvnJl-LLewgTJ(4n2~ZGD%ekO8tY_-cXHrF;mb+d(bjLEx5e)byd~Z<`{(uBNM{)w4*@p7YwqB=Vg7yv$ zMV`)qc^*AklLY1=O0o&6p}Lah;M~_8eEH?uMTAq~Q@*jMlKQ1ytA$a`n-|Bl^xqAS#|rWR$}?c~+#ddAhZd}6p;qfw zy-=MQwsck$X-OZVwp`5`t(>-@=C>PQT@DbB+>3O~bIq?s#X@AgTxkFvIhMsMxlQK| z!>_*PNc`j^W%)|VlKEq)G;p86XwGl0U1&2krf7^qFVD?(*+4y+&w>#)np$p{Wy%S+ z;#_`-7UpgfOLS(~P4x)Myhv_8J*%WdV}1W%rFB0q#k|U8rX-({ctMMEkyWOCDRkz?=8) z&%F<=*-Y9oSOuY_V)g8PEf>l%ZC0vOTdOBgS*E#aooai{G%L%rSg%!WvzgLmnKtXS z7ARd2OH)K+pB%cdRN63C*t==|)tr5gU!l-XUacfVT{9*ZUX+ns5KRzAwI@^Q}0!TVrIgWU?&x<9&!t~R`;HLi*ETA8_c_YHE*t}g7kK&8Rr zTUp{lR6h(_thO!HTWy4kY&{Zl9bHEl{ToLSK5yTE&Mj79gG)Bp7}wJF$~mFjZD_u) zEpc|mdz%zz6MIaBv(>yd3f;1%x%-(W*Re;sALpO)r_K>w1lo}{@l3D)2+_VJd@`FJ7;O!ysKvc@iq&~8b0S) zI}sm?0epmxHtQ&X(Ze$8x$V1)7wf<;MU`uo)yD=f+a$ z^$;{8h_orgO@=qrZn^bqvG#cFs{+N(YALnUlw`CSiD!#HJ&1pJkh(H8@@bayWKWy+ zvB1E*(5kF2(bF{>JJI@0&S5JlH`ee&TB9G(7`-tI^d`*C8?rTT%)q>sRk=nVYR!4O>zwB>7WSPu6%O~ zsr6$cl)4s|+vuVesN34pyfS4}@TMfX&=soqFz?Rh)B>k4y=8ILPW*g#7eepj669qB z`#jomC1&n@|3d?qoBp3khBkKc$2^Pfe|gcb`+uJAKYxnRX$g;!p<%>#1ifK>({uY-Y`yn zQxYXPXYo<#-F`Z$wApB5h1K^uM!;UJpf6Ww_zKnghQF{PgE!$PObLD0=9y6>?R~R_ z(e3QQA7>fhTLlM|BS^k5j@xV zNrrhm#_I+GEaLyq_nP-V93DLJ|HpVf-|PODjK!}D+W0}!hRupxE_idvU>P28-mLS) zgCF_C$Hrszf9HP9R_9ZLa*H|J`_J6~wDSMT?Vr=NcLR&g|L^zf=l@^qA3UA^f0XBb z{J(j}tUbv*U+XVKf>PD{4XwZWIVewXS4x#P)>cZ|Q`?2CaV}=#LV4s1#vDV=IJqVX z9^-gmG63mIWZvOlbHZ^9l7YQ31+dbetsIaHIAbzY(jZCL&ADskq$uP!cNE7a5!Lb0 z`KPm!_n&?^J$wD>;^f^wPLEGOFp~t(ju|3Ef#(#M&HHz-@4CUUKYK=GbfMm$=~5@p zS4~V|GJt5RZ?}Pu05# z6Y>np8^*6nJgAqa=f~9-=cljB7d)p&;)B3eJQnldZiF{BM~(fQYFW*4sb`{`M-3wA zOXCOd?K{=t5uJXkW$#af=C`ix_a>*LcHbc(w9QFplF^sSAdc-lLPuG4#8bwBBRNsM zPY{KR6W!MAzVa+fuv(cYDerYIioVT-)Wr<~wQa9Z0k+^r#)l*Z6q`&@6Kr4{tA@hD zIhqnWfYPp?qT2x+9vti+1OOvp?#z4CPMs_89b-}(MyEpJ)J^Yyrqtft)0F=UJmE|ULyhlln1{|}$?zdX)!&;4JK_|C;N`EJJ6D}w9>Va22WmI%K}1bD>Kj8RPG zz!`rYGuFEW)on4~^S-SZ55A!1*@4;%D&9L%{C>S}q|1kmgqLVz3A7^f9*Zxe|Vf{ zrSo6Q3HQ|!S3c6AuSb;R4|PQR{WJS3b&Ev%qpVRfiUOg zW|5LtuQ9dD^owsL<`gAG$KDHfQg24re$}=5e$UZpL?S=dy7f~luIDte%oq}e;vZ0= z=(m`!>burn+p1N%n-g_x+i1od@7ZfF&4EP!Zp~vi%Z<#y@244_3n0mUL@7z8K4Plx zS^;dU_7tS`fX__*&!)NF#2t`}{Qv!f-TM8HFZQ48KacXX*nd{f|5euuU7nMtYabsl z2%vu4Zr(LfU%muwXRYdSz>C_bMg-3eNP1$|zx!tq|KEfeU=jb{KdkTn4-a?upZNb{ zJomHzR}V7J$ON{g6j(Fw)#^TgnLBp}?jQHgl{tVcG#j*4y2p0DzWH8NCOrwF2YF`l z|CCW8*_xT(%(F25Yp;?2{c!&&|NEmnEBk*Pea!Ix+RucJbpk6U!ic54x@dT7O068F zHQRIPhDWQip(a6=u2z&j~B%;F*iZZ+jT5cv7W4>!Id96D%k={@p5>cCC-Zy z7tJW=BK5pYK0m9C%Jeh6x;v$Kzb=Las+hwSmP>K09O3MD-n?>uf zS@TJ}Z{l(CKb+tsC1c7s-gqAi}10*c34oWQe; z;}N;Vv5`anwH?CGG?@aUx~3WuWSHypnPCvVzW8(@8OOmE9J4fK6#j910Wsks2**VB z^uK2KK{))4_w>K+#bn%5|G1yxn)b?uhA6tqGZ>Ksi{QIZ++@Lb;SgN~--R;Gg75yn zU<>|%IAOVf)7K{=2yNhU5Rw?9o+-!Kzk{Fud3N&d;t$1x-1>iaa`gJ`NtnhD(8v7s z|6>0|f3LRw_xdlMKdt}Ac((Ml6tB-Ng5ab5>z8K}DKjzXxx1f~RW=| zpjlfqL0rO+F)1WRnF6_q7CRcXp{X^!4dvzu7*)0ZUMN?lfkCfV(YLmXjK$_)fSh3X z_y#9w*`ES76q9Yoi6KQ4jWG|w8}kiG5{LT=>h+{Vh{6!t(cu^fg)~nj$r5buM#;_f za!LwV{tnlc>4^wa^{0S@2#I4D;)LA{f}rb&2av*)14QB6S`l>T2x88%E}{C?TomaO z3@~CG6mohOSJT&L7Zw;|j!QTfbjo7WhUGQmC$iVW?vveYYV$dLZW%DZ2lZB>46gTR`1Yqlf`c6EcMdUn_~=3Fg} z)*c|vxk9>U?Fxeb3%>jAJ;}cNZU8?KAwfaT&2HbNlfTsHQawVqi;|?on=n%4110TK z${=^2dNEG0G>i7qqVm!kO6$xPwP7amIZoNNVk}A0z`EPk3qV4!h#={7Z&?tVnZQI> z&}X%*r9%UD?4vIT?%>?zwuPmhJ9v#n#ECwFy?;w)WlCRUleIupBR^%8oC#`D20dMu%rXj}#R zS&TWk#6(6Lu*gPey!&YPDf`7B-i<`QGvpgMQt~587 zEo0^W*L?1vzgBevy}j`_Oh`(k2%{{YjfFcXZnK0G-I6p<;rRT+I-^+mxr598?rys3 z?6*Uo;&e9GZ-d@cSO<>P9tHj0%eQ15u2({@GN= z*O~oI%)J-!zC<&3zRvAjetL8L_|F|&77_d_U_e7Z`^0x!i+6B=r7?p@2A7iO#x7t3 z#T-7=*8IF^*m)5*0di$5m)ab$&fL#G(Ohr&4t)Q)G}~~=^iImb=uq&`&mCNT_C`-w zPedGLcmN$WE1eyvel`Bw&iDO;{mz%m2K2RPkJabiMtsysz*$;02mL1JepZadrQhRG z@zDl|SPQwa-{bNy$)u8|UWi`O(LSGm(Z zGgg{_-0F8>6d^o23CAIH_IE{RqZ_?VK;Jmzw_ulZdagJf$HFi@A;{SH5gv)x`D1wi z=;vd(0Lc0k&*K%;rQVU8ylN@?~Li37VqH1IV37X z@HL)0`1s2@)!U%2oNaC3;STIAfKfs)m0m=(-32&Z14QfSU={VFjpp>nex|%ad4bYz&g(wKV!! zV_AQX*9>Bq-(wSc<2Nngofn+KI8eq@l)%+X9sIEdRyHyBjeMaC^n4xf&PH%<>w&K5 z>3tcCABXfeBk?L3troO)SI?3KG1i$%m5yV!dyfRWc3}F~Eu%ON8`uBNtL}I{=JWkm zevcLBe638%eCUwHf9k##2oJk2~?sm$OmmtH}-9?0Wy4VCq4uDhOctBWbtQv0NUk4tyK* z^+bwId;VKOweK=wRIz`3tije2nhAQC(cyrqAc>736A>M*H;g{EjY@PDhdo*?g_u5{B@ykPmel#f8WCM-?=6pckOS2=PypOdRghQ z!t;3z?nh<%cW}ACF4vov7`Bb;{keGl+>Ev@cD+9r&tH%|_p;vOpNr=&$U?jn^nYBQ zk4AcrwjfHe?D5E!cgGxr+uGS3Zn{e3;7ZRXteTX?#i9A7;`LaJo$vZBJY>c7D!m zfu{1 zhH3q06B4g+htJZK?>Te73JQ#>Y67M{WHFLBOwsKJimnk!+8tAO@YV*F)8d#xUREfN z9N2SywspvL^Xm<_IhGBWC+g5&tn6Aso2ZT7i?%e{lY zt_;6%MK#m2&UHZ-q}!5Rc-4Wd_G~2BlEure+6MH%XfmyYV?5@w5k(#Ilu$kRzi|}d z^SRa;5Bk`-qX<<}OBFY}Qx=zJv|Z~M#;WmAo+Q&vd86-Oe|Meg3i?Tg7CNB(9&OOo zn+!pDO|w3xjZv&uIA)wMtVjPQe%@KUz{ACDp~<-4X68i461l zGFTVNnZsAw&f$96jt9NY3%oq^CXMh{g}%Q!@D1owLKka0Z(JYqb3afKO>ms+UE7%=?@O=83lmsp?jo_` z%`o{P(zhR(l^~f!Ng)!s(TTlw?YdbH`i*iuoB#cS&~bv#8KLq=<74unx1pvGGc0t- ztXbX+cua)k)9~u0xgt12y`?eV z4*lG#Q)bcJPnhWB_& z_~I8j;2#BUHk~2YidtEYX`iAz22;r@%2qsl97rb**^AJb#HZHh;E*H8Y`a4Y&TC9jsY9 z%y=gBt>MAi&#z3S1jzxweO(CT+wZ@n$V_9F~dC)JoHp2Aij*y#+-wSBT zs2!2^R*4XPmJ`fxh%m^awiTUPfCyQ=$Gy!|!Z^G+Khp6ah>x)hH)7rJhP=eRDRZv} ztWEzzKX-8X`O7-c2NxK_r8|X<(&W-8>y=~Tlu1Rc&Y*`;G=Z$RG``Gta@p+)Ea3`I zU+ES!T$!(xcytbGXwCh0(qsKJ>?Di zCZ4WHa$r`j&?J^3Ng@+?r+{W7dl^WcU=aqvQKD~CQcF0Q?f`;+9liZYN7kDQ0!4AB zghGYEXi37l+X838T_0V!9*nCfMM@%aHIdmh0iT)aFtQ2-9~T$|TJtoOd1ktVM)?p)#uvG;wu9n!PJ5|~B^UkLQM=;f#R_uK z7i#(9Ys{yxcW`JzR(62#pnupJ!J)IAh$6L5G(mLil5@-pl?l|m&xST0x4*q(Qj%1nQtSmcF*C80A)JnEQzBI?L^rh)TsFd4>J@FCEtCj% zv_t@^Ws2Vcdn?a7mf#(e{;7QN1ED%C;fV2|Cgm%+Tx!?VtNpZ2|EE18(k2+PxDq{{(=N*NfE1ziCPiD_jKw9@^|pg@ zSVjDnqAd?NoA(P*8w)|37ws3}5h*4nN2_K)$65YCl7#%GN3jEMwVlm-rI^#Pakpy* zX%=eCGL4x++bYA2tWFvPrz4*q+#n;cy+k*&D;G@J66%g&!-xV>J=^e)vanurHa86* z9Rl%23AFuiFWe1-KuIPeLll`&jEzmrXkR9unD(-mPK$AsU8vGJ)Iv9FE;!0l!>>6@ ztOlEgaDnjvTKJ8UujZdDPm@sDg&fgqR{4d>sg4pCV#IQTi1Uzuei-= z-KeAA2O3z_T{GLSNhKF|htq)u)=2rEX=J$j1YP3-adC+`^|#G2;XMK30!kq8Bx zj)DS$Ay!-vajbUDdYG0kDNr`Q2 z6acHnNd|;oVrSD_(s zMPQLkT#H^Cg<{!_kcd!>UzyIGnqA7)f@##Y#Ab^8a4_r>1Z6tvSE(2c5&N$?;3=ZH z)h&zeyjG8Xe1G!J%)$f-Hxn@+p!lXLYThU^BsSHZvCf-BSLP61tTsPdRC)WqVkv3% z)#O2gAo%CeyR*}?zYX9b9|}oiE;0P;=MV2by*c^m?WcDqKb;(1oP0VvdVBKe&B?oy zGMSg#AM44ScywfEXzRavx!}Dap*>8mm8_Tqfr7bxOW5 z*;Vh1{2z#!PRos>34@Lkq_g0q@QrHL?Fl-%sw10jHHBlrwYyz*jrk2H5}WD;InCsX zujXLuq55p3(3{thkwUY3na8hRX?7hmYImt;Kfga2fZ{&dmb?QQ$JaU`UP-H(*7N{k zx8W)IV@k$cb9u?iq?1yu7^Tq{wcOU!QGzBmB;W=oiKVY)slYbTb8UBm`%H)%Kryn_ t=-^?xY?8s!B+%$&F%>AJf9*`dPtViy^!(AD|33f#|Nm5A(Dc zVQyr3R8em|NM&qo0PMYca~n6ZIJ$q&r|3gvH&%Y)kd!Rj%TvBpimYsOH&%2lJ6n5m zQWiJ^l32|E696NLv3x)KExcwh4?aXva+0G-l_Smo4RoW?-Dot>5#ui>wwka2cRVl3dF`3Q50B^Ih$ z0C0i%HHokYrYyxnm`a(6VXtQ=Lr7RaBGqE^Lyx3rf<@2v<>N6+Sk6Cw&p7!_VV8s% zodj2ScEflqhCvr>-JlER->ZD2f2W98YUpAVsh*@f$CKjM6rtGrF+pU6I8KUJVw#Vp zDD6h+>?$y?Tx){mJi;2XLt;YoutqF(__+TEa+cvCpe##Bq?sYOE(hY^Mc5C%G@m{_ z5A!%qxJF5i#lt9o#q$54zdv|hlm7?(m-|oh|1q8&c!S3%Pn4uq8~|g+oe&9w9e6(_ z!U)`dAHDsdJ7zpZQsNlKB*Ch{8yqEwV^7da1|tj^5(39SsAMo>IR}Z;EI|^BFbK2| zRr-eGj0qwcpB1935J~_$@Z&Y+T+47d#h|N!L=(7~GJzqsT_@&qq-+={wMZC%Dm;Wv zCjiLuBspgZiDpAM9iK6I&auE$s&;nZN3CN}lFYPjBI6k#3W#$w12#4-pXW((fg_Hk z2u&^f3({Ojg>;H&u3?QSxm*?6N$HoEMWQE>xKf0mV=~D( z?q)3R7Rs}yFzMuLBFTid%K{QQe1rvFaAP#WFpo!L7J;h%VB z%ABDT2LZ=gCmge!${`HYi$b*kBqSvU7(kTeLm2e?ss5GXR1fN4|J7Tf2m03>i&e@7 zoFxgNlMh*pq-K&7-F~3x8j(aXnCgXocaif69>V_NUxPqmo)W56*FQLl@Hys$#TPhY zG!{cR=m$Z@;v>)4flr@<9e^mwg~Ysza>+!563oNucnCDcUCFxmnnZF4oiR!T?gW7_ zCd7NKIXlM&%;|Y22r|x6ET=fv$l7uSZ%h>i@eni={i>I}mZC+mJlRoz@~5 zT-0s<#El8kFC0a8ZQ9Gl;VI3|Yue?TLg2wM$GzO{1*)O^PL8YRVxN>f3B z?T(}D>A5cI{Wc7_0|`U%weUEP?<`gAmb@%2yN8>Sx+|<^kN%kE| zNiwUvl&0Vt#pYy`8=LZ+OHqG29Rp<&1eSY%OerE@f+^;D zvgd-(iLN!ylSF@aLN5S2(KOXijSm&@a~2o04CavaD2ntv48RJQauDbC+}2T2ITv+2 zw3%!`X(7sUyk*n^K0?vZHESBM4gO7a2;O~rbPR=1@i0?mTkEMltD5I}g6Et_JI+e% ziR^?LDREEAgbzcS9YdTzF{Q9l!nSV}4Z#9#rfM>CtHH#SmcNsP0E&2S7z6q3sF z0x%9#Y2yU0UJ0f3!l2%QC1OyjH^?|)ieeC{$z^qQt~9k${920|^$Qt`MF=0oj4rV%8y1|l5CkPw>RLWD9jB8eh}A_7tCMaCu2JRM;UBb=}s81(m_YwJe{ zGNCwzXP3uE=O52b-hce|^z6;Yi<5UhogSZD?uJ3F>w1p5CJ45&9mTN|@?EGy34+oX z`;Ae}W;d$m-tv{>h@~l3N-fw~Zb6_pC6s8kvFy`}spv+zkSy(L>8_X1qPJs*y=#n) z6lGnec}4`bh+0ajZfR7^pF>cy#%Q0z1I_K-F5uft8E0x_3tpvwASUB6=9o%dLzlMS z&n*NC<8%z3c2#7cEY^jTB?%Ftg^gBxm|||Hn|-5{e%}I|G9k~)URoc4!NbTd%sJ!6 zrOjF(1JDRB9CM>!d z!d=(0K!Q>n=g}1$)?4Nn#j{$&gI9xE!>SZ%Ygt#7HJlhp zuY2%0yXlRWhYmauSIup_CO=Bb4Q)x5fM2E*T!#vOuTq4fDQ;BJ=(r*YV_9Vcl_6C5j^dHAi;VP3vjj^F_!g`;Uh1!xFj7OMXVwTqg2xhAE&)?XI8J7JZl$FaMkiF(R4D_dI7wJ| z!*~*h8ZfiUro9?~h^AQKBoigPivG;0)`4d?QxZ)9|C*yjKqscET1Ty|tQT&#(w{M7 z;Rx}t)|#niU*-aTlu>3BWJwaG_oZ6#7UQJ4z{<6uC)>2PU=(DODfN7VlSKVLkF!FR zzB#*4EGAjR65DX=vjb;LS~aDczadGY)#wf5S4!V1xu;gyC=twbLK_{4P-eh{XOZrS zlDJ9%8;Px3G{SkXfAIXU+Tx1TK0Ij9*@@3qhI0N_V^mp65aC?4n$H4%<>|>I1I1Zt z2GX9wUfU;Wo=BotU6K^5IbW*wvSAQ;rcf3@p2C?Ic7<-A?ft&{&Un z0nGxaNi&Bo8Mii!ZzV@|LJ2ubu&uwRizG83R$DoS(DMiM{3+hqeyXW{qTxATfHtiS z)6(lYU+}O7wbWgM~WJQH!KxmZYG4>XIwgK(d5qn^GAVo8XSc+lHS!xjb zi6wc8wP?}5jTtu79Ve;gwidGYSSAan^EXC3`qiyX_uep#LZPBm_w*~PjxD_@#<8ZN#p(J!xbtMecJH>)5m&MD&Kxs0P zB=}}RaWCs?OkC*yvaGClZ$AI<2)gBayp@`cztqi&)y@EWuUn!7@bv#)oi9t6z*0cUXO?np9?6P+)E6+vASS z{-C!bS;i7JnTbp>YQ(6J91$wLu~O^qLYRJ!lhiGz37sf0_Fa7}9n1?2^SFRnkf93+ z8sWr^h)*3o7S`!iA(~oGS1~o}>g!LRise0YoTFTQ>p%#fKYzUh3ZX(OBhEky-{Ax! zfkVA+_G>$&{;9aZ{iwlG;=QPlqT7ord}HK`d2XhdexL$LBF4lxMJyBJBRac5vp)-c zsvy*APc^t1Y36ek{QQfWJZCJ%hHz%nBxAAl6Qr2RK&`zNJNa{gd3TbN826OG=o*(F zVYC@Y0#f$*Gmy`61;S0x_xcC06X&`B3{GZx20@Lb!*qdcBq8DuPeQ@s0DzjH%UfCA%D zF$R}5q1>>vL=f!v2QPd5!(RVY&pKjaD!Q0TPO#{X8Sj?3^a2I)I|b3Yy`ifcux<-8 z5MewrG>ch^2rb`7EHxh@MkUtFd*|kWS4J({PS4=t$0HC_gu0&*qSSn&EULfS?+*_9 zul5h058&l~zYhm5`h6Je_y7LF{+Qp$*#*ETB#5G}bu5Jx%W!c8be{@G05JIbemHpX zD*XH3!$E)FmHj5Hlx{B@lxw4M|4&)h5#nV8izw_@7sFwOrwGkpDK59{x`jM4JD=vW z`CIRa%JSp6w@-PL+@P6g?U7k#TpM#-nTN(#9aOCJmOhypWruK@$=Msi?S@#hp;SA` zwSPs}*^D5Ue~DiukVlEpZs+4?&HbXPZ|p=@NcF_TFhM0iyz;f ze7rb0es}V|TKYTAQfGu1V*L}(l#(s9x<^w}pj)v6v|6$suJFvRIIXP-37(*6X181v z-GtrRabahgUDWcdbM;E;$;=oYN_uyUAyDkv>ClM_j2FdTO>vU;MhP4BjMnSv&7UIt zq4)0O=*`=cFpYOmtj3p4y7-m|{fBebm-}WraP>+YWtq0sT-3x6Iz=4gVwui9C%UT2~#-+E61P4SjshZ?nOwB8R&(i;1+ z*l5IniY?fTGbJ*#$n_#eeDOMe{(H7Ip;10k#&B;5c1?4_SrN08pIT~fC}1r6cM z>~pfQ?y+!@N*0*5U7e<|F+c&BqUV@fiVb1^@I?)pTDq(VO&9f{4Ggfign}TyX?La{ ze`JPl2xc4TExK(j1<#!OlZ~Nob`RAk@0!7O)&FI;+&yn-PK8-$C~8#^(LZ{IQV~j` zJh8H?Yuww`RV2X1&B7pj754v+bI4Xk!#4N9Z%r*Gg&(tEgB~DeSm>PqlqBp1ltN0d zv&Pui`Qj8BW5&|}AXBCSl^43?xhnXbDdVC66nIY*HaGq~KJo=>#$utjdmC|7b3^Eq zDz=vDI6)IF>N6X6;InO$Yi*$12Z6_VV$6+j5*B0O*4+u3n7|Dq;lERjl(B8yZdvyA z0w>DrTy!xKvO7Qumm)f`8lUK5?82*8x@MH2rSsN^w8;=UiXje7$kc*J#C2m4*N;Yg z_;^Gck=PcK*b{Q?-Gro&A350xw;xYG=@Y zOUz3@2zGf5k8>McDq?Q}DE}V1NxDF0cjo}n+ms;=)tDfOC$mswgi>^cxgxq%R?0H4 zajk0Z*qzk^4iG`VmcX^oDQ*O<7F=L#64BhgGj`Du+i49&+St@4ovuK+pd?tzrN6i1kmP1(s5J^{76Pb&h;dDpIdxMLAjpM;mKDdbDOZv z`lu7p3-4UahTdAKJ<4@)nCq853-Q14DI8YrbVl#&$M+`}p}dt_Yh%gz&;7&w7q#<0 z&kvp-Je~h}jOWv*t}=SUpUnBMMvU_3&w+RBlCm4%Ii-Y7>PtK%yaloixC;XX9w%aT zIAL%qT^t(HqO}rYZNhS0ykB5@Z{?$a&Y6w=>=YRJk))qLYl*AfeP=(uIr(`0W*TLvs4M^C?sYPN+AmfA0Shx(L+I9T#{g zpmkT&#fzJr(cN0#PS0ySGYisn`bQ*Ab=QPMG8Z9=W3DKx-`O9ZJGukWltJe!+kxR% z1(iDGP*w>3gLhtI0nwFE8N#X5Aw?2hVL&j(H)=hfOI#`v9~_*XTT{L``x6Gv@AGdP z2z-NNWW2HlHyF(d&idM?p16*nd$Yt55!iqbn z6B0U6lL50qfYY8zQIG ziEesIW7W3zr#JnTF@xjM?LKBn!fpti41-`0!Vf5?(G-w2DRdzvTqI+O7zTkGDV|g4 z5;d)Ps{X-B+{@Qz_*&VV#&CK~=$MTXcH4`oFaV4x1@3nc?1%9G==f)-rvDH3_n$xM|HpVfed>J!*CZY4 z*yk}xu$*Q1b*jh`P4N)E>FEjD`zAQK%@B20epu;scC<1wL)*q?6sRr_W` zbK!{gyf}%ZO1iBpxKpbS8o`SL{U=E;^6{A5LZ@2-Q!+#SZTe?7WKhwD5?nL*HAe{< z6C4A|GTrkq_!l_+1|COCfs`PQ%x$kBHaLLbDhs^)M~d)ym67 z{qwtL|IRp}atxinitb-Urv}S3dLIUv_qSynmZpqax7qv=Gv5vHX5d($Jm%(}B)M zMeR zQ+kn>jCNQSeH!@If%kViejhyG_o&GZM|vO4B5A`m%qoK!K^J2>pDQZpucFghqB7P{ zZU3rfe6!GUb#;QQsMq&^V%XCP{&D9O!F~!1zUg@;zvt$>NtKxbcUu&ZaUs)Qt;>D2b7d{2e zs8#x>50z8gj_?!-NHLY#4{r~j>65NlnuRh|LV%5d$Y%HLcGa^f692?AHw5~ByA>Ro zgQUzozdStC!`2}}Mp?)Bg4M4)E`NDM=u}9u+aQ?Z-wGk#VaW-;Hf&5NRSc>c)yJ8p zOj%d@M3p@?q{4~$(Y>(6IKeH_vp{h#9K z%ASLA9a2SRX8Z~$N9Ooh%5;QKWu2-`MH^m*V;Id`DA};6{o&1daWc`pdw+cH&PML( zvwi-@1_A6GF&%Fkax&IDRzyW~IuM#Ok-P9r%My2@vdJ>V$a!1RW_Lgzd#s%9Q|iN= zgRJzj)*1Y3*%!lCp*@YcYeF7cskjVcTSunqSYf;Ib38 zfx_*c3hv(?Eq&RoQ05Qbzc{hBf`&9g(UrM~OCJu; zrIWku>ablscs=WSD!S4EuW^>k;*_)i6h(~d08QHoLdOgumLxb*q7jYQHEz@Wy6wFh zp=`ezI$FK{K~1RPYhxtUOOP?lTsSTd5DtDpdG)M zrz^hk+2e=$_%9?)Io0OMUB885a=fY4ZcwNEWU#uQ>TpEs!e7Pz&<;G4?Ee;wmTfQQ zhQ(fwhh0+?Aq!8dit4K3Pq{RBvj3m#|0nzZ$^L(`|7)0r?&`5M+H+MqbD(@t`@h=Y zcUUShsmc}BLiIG2yDX=;a0`Szg{cps5A}g*a^by4| zuj%OWCZJUTd`#?mgX0Oly~q+Gp)>3>8|n^Lg6Rwgr^wn`TLh_f_-f#vHQ9NAGOu&m zymwEFL8+`?&+4r$XzsfR{BkS3m9bc1h4-k-xKd)Svy3ZiH@(>P18e;#v# z%plA1KfO3Stj7QC_Ye9{@&AwVw1_Hi(A|B5?h_xO$O-+=pM!3tKmp(=;6OtdxW-Na(s*#p-Pf#r&g@4!2pGV60J&NK>8R0KvNccz30 zk?Xt0$K)2r!(a#2xu{`BUtzEUJCB+`eXrR&XSE?Y_$ zN=e-8gF@3Lwa_(4y(1={jH{*30+|o@S$|aj{L<6mf8DcC{*MTa^~IQ*Ed!Ry|Ce?9 zfAHeq>HN>5JYUfM|JHEV(=uSqWdKXCzWopi`MzKT0)VCxUX$J;*LT}#O=^HvGit3r zj$XdGdB;qjw8d7RRpkGs%YY^FzyI>Ze$D=W`TXUR{C||^3)%nol>J*?20XCjZ13%6 zQnPJ;#u8y8q1iJ3iv)1n@%}Eq|K)kz|2ug3vj3F-`B9#l;nQOKSv$|p0nHq5QC7{} zKiGy5=kf7;M&5$0=WQX+v-ez)#YSH%)FQylHonu@|^L)3$iZxVf=R?Cu%P@h+k5 zxa_Mj(+Q=^ys!qENRdv>7Gtqz!n>DMP6)+_7ikbb*?s;-!$W_&w?d#wIkzL&ILQSh7UF+bS{9DP!n2Fseo?hS3tMT3UhDPoeO4e4aaqV z_VvaB{l6ve|8o7mKd9UPhldA)C;k5zPfez`*#4z=gfiJyu)IRD%_me^|ApzWmaVX& zp}X#y;1B2kawI%v9FIwYOBGWF)G3nf!B=Wd!|-*{3orL#sb1~9DxW`p`lLvqEBP_8 z<|?z6*PlMst%SaT{ z(0$cy7zhSdXn}QWrjCw${QP;S_|5(e^`b#NjIoGWt_1Z#SRrqdvU7-Pi+f2(b$P{- zm6rt%4)*To=-;WWC3_`1 zY+Fy=wlarHAJ*CRDsN1z*5i#WueL(NZSc`bPPlgW(HuYAtA(gHyl3jsr+h`8maAUf zbtf{+p%(Zmd~Zn;ev1S?M{)|C`Hu3=uAZl2iuMm*h&)|@^CEt-E(y#-lw?y>BXuR& z#n(T7>RjPjXV^LBM4#I~iepB_k2INe_MqdEu6Bl<6MfvS^ZA#rmoZL7PWjHBN&=vI ztrkJGXk47o(tkJhIM&b)P@bx*XL#}N?XqY!3$=Q;>V@jUu%)r0NJ|nKwTx=kXqB`L z)4kmR>oUQ3>|SIuU+8`|y=+IjC4hQLrzJgXfLg7aW#SPx<6M@J7U6Ewi*)ArO?3~->{xD% zJg=lg6Mg?=1-hS|WKrcZUzRUOylBOR#3~a2l`G`_0+H-htt6Q79b&F(O9mSAOr^~J zf#tAr7BDjzU8fi&a{62K6XS9Sulle0mDk3LF@*2mzd!drwC1#Fr(hL@mWtKe5Na85 zR)JZmQiWDerLzjSYMm;)X0n}CAl7SDVKx){tOB!MYl+bnu{1?A_SvBeDL>cE&AnqHTyxZeGbd3xSrT2YR!k%Ubo6Een}zb;ZYm7lL)@2@aj zy&Qn;YqU9K7sv%~**0gFyqdphX}k6EMcXgFjAv|-|7TkpK#To9gM*ic2lf4*moJ{; zKOW^-Y5!+4|IRjK#Y1lWK`dH}_>t53#*ra-`%tE^RKEY;F7xqk| zGNSRVENLOCABHWCYe%{edT%s<^{6)qwijNspN?#}I_q?KWikQx1 z2|TOyXl{*N_-f5w-rrlhsf%_!zw9=hv735ex9)azv$M0v>$=3%TKZS->WOH)^~$Qg z*F_Fj#3y11KSM`*mXyNiVHx$D2f>A*b>Nqx$~8;!6u(s>$5WsVeWMS%rjY0HNmcoC z<1F=B2%3RO+MD7A!|Q6dTz$4UoILodK=HF$N=-GT8EqQu`RY%1;wKMNSEj~3&2paZ zX*z%W7U;F#H%zaGtqss?59FZVX3;G1n=f^i>)RG}&Bg+|e&u)AIz1Y4;US&u59njx znqz$%-t;ZG(6{C{-^f{B;}10t$wCIHmROZTRIOPXgA85`w!t8^es91bHAw5RNDau^ zJW_+R0h81qt;i*x>K9VZSq(JT18pL+Ufma;Ee`p*)L-WKU)kGldTcb|Jv3$HV(P0L zexIOvkD(<_MHNsNuJCMFM3`5;xrx;Ju@UuM3n6YaQHv>VZD~=NGJttoR)WwKs`N1L z&KA@HXN0|Fan=3(yx)h=`?vyo8Dn7)Z@Ch4*VD_kk(&EI(+q9xcT^ zJU@8;6#x4uPh0$N#oN8qQEvB#9RD7p42?)aB*7v)IzP255D|Wl1auq#LMOfJeVzKZ zvawY8T*(SNzt{*%wC^*z*_QgAaq^oIy~#O?kILQcr_)EPNLRDlP+&Qw~U21uBzY&Pti4T zE)e%?9@wJv!ZF?;PM|6OGZx20@LXqn8RhW=ZyE@&O#UD4*YAIP`QqvRm&bWN-Ru6B zjKyyX-uPDYhRupyPIz;>U>P28-mLQ^gSRV#KQ+(iwv1G5t9I!zk*x>#|L%7pE5p{Z zchunhV$}DyAd0`p(<=Wf*M816UJWce|9>#3$A7&%c#8jeoacV>zj?W=J)OMR>MvA+ zGSvqStH1g=C{JZqN|jgDR!Z8F*oCff`@3fUVr@;co(^#WIpgG-BzS`3p~HXqr^zHAw5L(osx8^|<1@ z>cZEBYwBzFMsLQwA-s5zarPgb@~L=Z{42%JnBCAD#N(s$Q}u4jggnFYhViSC4(jFU z`Em8d`RSYT1<&b`_#m*=bj3Kh8{v&}PE$XpT354N>X9hNQKJa@()b~K{Z2tVqO-5H z8vTLL{MNyKZ?bgiy)z_)cFyP=Gx|~)#Ie0c=qSsMc*;0%B&VwNDWY(3qG8Q%E6=h7 ztC@+C@fGPc)71YqQlx8Fv|I26F4O;qgF*fN z|EKleBR%(A{}rhOT|kk)AJ=;AkG1vJJo;~$@QXx%M=Z@4#Z(TR^XD;Ry<14#7W2L6 z+nVvq(KRnK} z*7>j1l>2(AKp*MQ*CT532T;-f>owy&)Zvp3T&e@-5Z9hhKRq|4il3Fu(m93i1z*$} z5N1-=t5mEfU};F@$BIhFtI>I$Ixk9GGy~RkQ5SN! zz$B;)->O^gu8a5Ea&Odny6J4$-Za|9G|m_)E*9z9&3eE5Dx*uN#QYj1Wp~`0 zWg?fea5Kde zMmb4z&~ApJE2Kl9ZFsZDGri>kVv3UlCJ7rE5k}}_4>(ScB-dCU+V|cg8V5T-@kFZ= zc$RTICbu{?dg#A)L->&mZprtPsbM!6E1>q zLS#?>Yq}qVqu+Q>|La~%Cq4C#`zfwzuLLwg(N&(om?T&P--O~O3%&_Q=qmUolxY@x z^Zx}q@Dt*M|I4G~cyfrM+a>zX4Jd`>9%!$Q~KG|8Ay zDsBb>OR30yS+|id6(uCkaaco>7J(W*q9L48kVPAFx{K%x%F$Pbuj+9wFxQu!k}<(? zwbLaihoT)ye48-yYRL6rCOZJ5nPn#PFDCYg5r#7s>tG0A9DeXZD|8$LuyKjb zTJ+Lqa+VOx@+j8~;1OetV|%}3$qEQWK7t4d-M6pX2>&(QOi46VL==E!6kB1W!MkoK z6_06b0ef@Q@Rw>R#u--2v`CpCaH$}5-G#W9W{&OIrYOd-HkU>iGLE}e-rzXYV&$A; zj(^RGAW{jwE|ekw2H~KuXs=d8+zKIG*-d?YbE6VQ*v@M^+(jFzw_}zh>_!ZKFS1nk z)}%PG#1#eUl}MRlp9V#Sep;F86)|L3|L4lPU!Lt$e(!?7T6Sx(BnokLgJybk*fr){ zO^wzTAkMiWy65c*g8vJ?`Q|;zzWHVdKM)~7Vb0A;TiD5TsmY~Ugl-olNl7RB&?M(o%pUl82Exyx4!D?NAc28)OjeSm(oDi8MDxf_JntRCFKuzQ~e?pxsj zpAGw>vA?WeOMAJ5-il3i9q_KQl?<{xNnp%by52~vGkA3&cF*c1_7Y7Nqg}LEVlUC8 ziuSV@b8?Mi^UK`aJ40!*yC!-|`*OKbpId5{h?f@xFB|q#jkLzro{Iib&mEkO&zL;t zSSZbZ@9I_T?Iz?x^zYz88+9}9lsPHsA?!Zpqda$T`SUMp4!pzOPj9ju)E%7V=?HUW zxw&j9Yq!7Qa|eTssvGR>)yQE&QX)kdW%+z6+(B{eC#2|>q$O)_6tV8 z9s4gc`r8&mM*=+;mN?$IuJ7SZuUwopy4*3rJ{c~xS;gacTZK3~qo-tB6)5cLkuSzK(cKRAL5ABFwr4XvH| zu`cU#zKwUOPXOm<+6ZUAFI(mOc@ZX;ev3!NM;jhv_XmvkDi=5g!RlntKI;*Nn23m7 zV~%4O&3wYFhyAC|>mj}n`@+rBq^cTw%k`4k8Q@%ng>y(tffEyyV-4)N7ovU9!SGJy%+eV__7Y5M*NZkRD0T`F+`Z?3*Wy7XkFK$6px#ZLIIx z5Bknu<;)vJ&4o=)=RD}t?#B&Ef|FTK-HtZ`$ z%NumK1A7B#ln_iMnDwEeM8>fKg&xnxzfJ6`C$Z;qzLWWJj*_mBD7yMm-py@t{(_}V zrN#DD&f`n`?bv!NENv<+{<&5;3(o&9w03NH;4Ihi04}%nW*FV8`x{pGu&sK$ZFK+T)MgX^yMX-RI zDc0dcsCnBqh$+jHSS{%dk>ZWkvh(_~xp$)(ytKH*CiW&?qQrMmP#WVv8Bb9HSFd!? z*9KJC#@IKKG%s1>=`$v54Cl5Un2UHyn?GamS+Wa#yUN;vTu!} zPbH>K$NJj1-^X~A?SbLi9LJfZ$$hIU z>|1lqF3|TzI`(2B^lC>=G5labK&D`9j@GK(cRuAct2eQ4Nl1EGZBc)M5gs#+i!8hr zZz600REgv5V7RdRaQULY;k;jvXSdbT{hr+b8%wNR8X4we##7A!k2~;g4|l8BSF^vi zd9?pE#ni)ARS>}PN3w3KeYrebANe-y>zQVo`*?2&)iDbZqe}ei<4m@e&_d9oj1B`< z1xajN_=xB*-Lb?Rrs!I)j`AqNI9|gZ+CKL6jJ>O2Z)+__-xeI_NtFbKEce7;asH;* zx95+Z@7rmS`R^Qv$DRAzkon8AP+wMBtjK&`!~0Q%{vBK%Y%28@WzKGsdVemNzcA%@ zi%<8@CG(f07r(5x_~(-OOVYHjg#8~^=A*G*qb-R}E?YdZ<=ycn;g)uGg`2JuF}&8Z z4UaZuadBD3N^!a@#x82(OX2PMvN`sWCH5TIDy!T(cwd(P;@EG#lU3x|U-4jqTi;_a zH^9LE%P2Ny;Wy~YI?pz+*E#Wv@Y7{9xPu=v8?%HsM>Bo?k;FJcyo}g?G@tI4u>Z;A z;ag?iH?g-#{Jg-m$9cAl{acpPrDro1VxQ`r972nuwa)8Rp5)lxvo-8jIh0~sY~g%+ z9OVy*J-xn%$Z{ZD{+(y=5!UdM}9Ki;%#W=_X9_Llz^6!xY_qpy(Qrq)jW-*9d6Dt}(<|=p?(fLfd`r z;Bx=)uWRFPw&9uy#TRbB7p&WoQGeZztoLjs#G1vc&e{g{z-Th7gdsiVvz0{(<|(1N z^Z(!|!siP;Qy%uQ+lnJpX>3*8tjt+l-b>-2W0)x5<2*@b+uDi0gMXnu7BCO>Y$NzUVV@HE&I;?Lixh=+YTYxXP;+L< zV;-&DhRoO4qucvo-;n!X2>bo5U~i5?ti<_m?a_%c=s=jmG^3fOjAWo^1LT>xyo235 zP}uD@q+T<#$l~yNC-ssUxNC-sTc*1HocD5tRBZOGJ=>V~9`+IASe#>SXF>acvhw)6 zF7EEjao6W$nAfMlrdZDHzOr^+Y-a6v*y~*Qt7C6c=YLV`2kRr>z&<5yk+roJ-zxP^ ze#7473CE8YTw3kRChES4J-S^1dvyCd!u}b$LO_|)LiatsQpeuj7XE>XXo}-puiDNO zdtZ7jUYMXlbN`Z6Z$`+EkiPNF%mm3KN(z<8jZN&qwew~(?6)fQGLEk?l^29g5`4}G zmEW2DH6ME$W(zUHLWdipBw;robR}@7C&zAUPTxAm_(R+tw2kd|U*>C1#diss%vJq& zaAa;4Q!?MUx0D!}bLckqldKzt(BIk0Ex9AgSMd*iUDO?L zJRw5zS$OrzTuGjx-pZ73$9~~;QS{p0GSQ>orsMv4573E>S!fk2uu1Hfz zKaP##_vLbb{adn@W8b_lYrz$1k4^v`Y`FFGz&vdmxM ze9@onP|;lMTSLu%XNQV54zZq#eQT)s?<~N4;~?X?*tdq7|Jee}=VIR)YW_P5Fh6)O z>{~<4|8xQ7-cHu?nA1O7plLHh=*s(ezSc_-p?)$BL}MUQ0LLQ3k>-%nnA)JvmA-7Q z@jUF8T$y27bjRmSvWo&+GHxfNy-_2CALSJD8zKy`sD+}_sSqKnxhvXSC5*%O=SMmo z1n~)$;a0pGUYA$6FKFSFsI}pL=w}<(<#^bya9_}$?Xn=dEP2NgtXcm@n_;CL>>V7J zEPn4J|VMTG5 ziXw%fXeqvQvjxqByFk_^jf&xBssPn8?C8r_?oXULVY*}R2H4QT%Lw#umh0~1RwBE! zLO*+zetFi@ohg9!ypOvkjSjlTND4p4lfDPHAg$4p*aY!mdy#C$nPd@5v=G&4*eK}S zm1ajcu*Q=uGh?|48PXZiW-RCM8>5OhOh!0)^s;$tiT+ zAD?%$V(xr+bKWsI?TWovF2mr0r5K`w<*^?_FCZaT7&`wrKIte$)H(W1pD`-j9`ghu%YNye9LU+xCQea!YUBg-!Owc~cB!;2Z@B5&06 z#n+h6VE^!i30K+!#)H9&*61Cb-Afdy?4l{66PJu?QJ7Sq#(hyFQD~N!MTRk#v@1~t zknPGd-Au|j4mAATJ(Gf~5|Lytc8ZyaqYdG7Y(a@si4YBHFSu-kGSw^Eypkvp?nspY z9c-)fl z;OFldC%>r~Yl5ziT3D`{wmW8#=t(55M33jRi!$9I#b~{00jry_xa7LtZcuish}~1X zRB0V%qrsYsz4Fw^Yt9n8dPzgL zz<3BP@MeEj z`#>YBnrmj3H>p$O?r1jD$QmvGBaMu7pQ3AA5H2n$r~bA%^*pMT*;fmr#tdbOX2mch z%xLuDa>Q!7y@;h5;uz2bDf^@xofJ_r#zJ!yrdt1~1tHc~##3gcrs&0FJQksV({WH> zFv3a-B96y-V!CPNl44a=!C;0pwhg>;nzGpBB2~pGyMdg>dY?)W&m^}UYnv(zi~(TH zILUy}Yb+$0XiS+Zlv%E>GM__FxaHvYCVQo2a*lO=*{fILD9iNWHn-RaxgYj&NsGF$OPI;?QL8yPJyWOEyv?pnrOC_&D!{Um;BAGad z9*n}U>_$jLD8{c%>Hi^26JY?@oR=Il4Iccy{#m5=UglqhcZ_ciu^ zL(BrTFvQW6LB}c5dH7QJN`ZB2f{w20*rr=eSzJi%Zda|AZ#a?IR4>?Ru2g)zfLagL zW+P?nqK1qXn%~MIdHq_8>zGlyND%h zWWu$Sm#j>(EY*xr7JX66ElnLKXl6qKZg7%V{#um_EQp?i-3jh9Ag%*N&(`CEhiS6O p1}n2bqmkuYpospZGv_}&PtViy^!%}(|33f#|NkH7!Y}}W0RR#@kXHZz literal 0 HcmV?d00001 diff --git a/src/k8s/pkg/k8sd/features/coredns/chart.go b/src/k8s/pkg/k8sd/features/coredns/chart.go index 08d37d60e..eaa940c5e 100644 --- a/src/k8s/pkg/k8sd/features/coredns/chart.go +++ b/src/k8s/pkg/k8sd/features/coredns/chart.go @@ -11,12 +11,12 @@ var ( Chart = helm.InstallableChart{ Name: "ck-dns", Namespace: "kube-system", - ManifestPath: filepath.Join("charts", "coredns-1.29.0.tgz"), + ManifestPath: filepath.Join("charts", "coredns-1.36.0.tgz"), } // imageRepo is the image to use for CoreDNS. imageRepo = "ghcr.io/canonical/coredns" // ImageTag is the tag to use for the CoreDNS image. - ImageTag = "1.11.1-ck4" + ImageTag = "1.11.3-ck0" ) From aa6c32a184d72ce19f3a6466a868efc0b6ae2d67 Mon Sep 17 00:00:00 2001 From: Niamh Hennigan Date: Wed, 20 Nov 2024 01:33:29 -0800 Subject: [PATCH 114/122] KU-2068 reformatted annotations table (#789) * reformatted annotations table due to formatting issues the annotations table was quite unclear. Edited to make it more readable Co-authored-by: Nick Veitch --- docs/src/snap/reference/annotations.md | 207 +++++++++++++++++++++---- 1 file changed, 181 insertions(+), 26 deletions(-) diff --git a/docs/src/snap/reference/annotations.md b/docs/src/snap/reference/annotations.md index 0868cda20..010c3143f 100644 --- a/docs/src/snap/reference/annotations.md +++ b/docs/src/snap/reference/annotations.md @@ -1,36 +1,191 @@ # Annotations This page outlines the annotations that can be configured during cluster -[bootstrap]. To do this, set the cluster-config/annotations parameter in +[bootstrap]. To do this, set the `cluster-config.annotations` parameter in the bootstrap configuration. -| Name | Description | Values | -|---------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------| -| `k8sd/v1alpha/lifecycle/skip-cleanup-kubernetes-node-on-remove` | If set, only MicroCluster and file cleanup are performed. This is helpful when an external controller (e.g., CAPI) manages the Kubernetes node lifecycle. By default, k8sd will remove the Kubernetes node when it is removed from the cluster. | "true"\|"false" | -| `k8sd/v1alpha/lifecycle/skip-stop-services-on-remove` | If set, the k8s services will not be stopped on the leaving node when removing the node. This is helpful when an external controller (e.g., CAPI) manages the Kubernetes node lifecycle. By default, all services are stopped on leaving nodes. | "true"\|"false" | -| `k8sd/v1alpha1/csrsigning/auto-approve` | If set, certificate signing requests created by worker nodes are auto approved. | "true"\|"false" | -| `k8sd/v1alpha1/calico/apiserver-enabled` | Enable the installation of the Calico API server to enable management of Calico APIs using kubectl. | "true"\|"false" | -| `k8sd/v1alpha1/calico/encapsulation-v4` | The type of encapsulation to use on the IPv4 pool. | "IPIP"\|"VXLAN"\|"IPIPCrossSubnet"\|"VXLANCrossSubnet"\|"None" | -| `k8sd/v1alpha1/calico/encapsulation-v6` | The type of encapsulation to use on the IPv6 pool. | "IPIP"\|"VXLAN"\|"IPIPCrossSubnet"\|"VXLANCrossSubnet"\|"None" | -| `k8sd/v1alpha1/calico/autodetection-v4/firstFound` | Use default interface matching parameters to select an interface, performing best-effort filtering based on well-known interface names. | "true"\|"false" | -| `k8sd/v1alpha1/calico/autodetection-v4/kubernetes` | Configure Calico to detect node addresses based on the Kubernetes API. | "NodeInternalIP" | -| `k8sd/v1alpha1/calico/autodetection-v4/interface` | Enable IP auto-detection based on interfaces that match the given regex. | string | -| `k8sd/v1alpha1/calico/autodetection-v4/skipInterface` | Enable IP auto-detection based on interfaces that do not match the given regex. | string | -| `k8sd/v1alpha1/calico/autodetection-v4/canReach` | Enable IP auto-detection based on which source address on the node is used to reach the specified IP or domain. | string | -| `k8sd/v1alpha1/calico/autodetection-v4/cidrs` | Enable IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs. | []string (comma separated) | -| `k8sd/v1alpha1/calico/autodetection-v6/firstFound` | Use default interface matching parameters to select an interface, performing best-effort filtering based on well-known interface names. | "true"\|"false" | -| `k8sd/v1alpha1/calico/autodetection-v6/kubernetes` | Configure Calico to detect node addresses based on the Kubernetes API. | "NodeInternalIP" | -| `k8sd/v1alpha1/calico/autodetection-v6/interface` | Enable IP auto-detection based on interfaces that match the given regex. | string | -| `k8sd/v1alpha1/calico/autodetection-v6/skipInterface` | Enable IP auto-detection based on interfaces that do not match the given regex. | string | -| `k8sd/v1alpha1/calico/autodetection-v6/canReach` | Enable IP auto-detection based on which source address on the node is used to reach the specified IP or domain. | string | -| `k8sd/v1alpha1/calico/autodetection-v6/cidrs` | Enable IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs. | []string (comma separated) | -| `k8sd/v1alpha1/cilium/devices` | List of devices facing cluster/external network (used for BPF NodePort, BPF masquerading and host firewall); supports `+` as wildcard in device name, e.g. `eth+,ens+` | string | -| `k8sd/v1alpha1/cilium/direct-routing-device` | Device name used to connect nodes in direct routing mode (used by BPF NodePort, BPF host routing); if empty, automatically set to a device with k8s InternalIP/ExternalIP or with a default route. Bridge type devices are ignored in automatic selection | string | -| `k8sd/v1alpha1/cilium/vlan-bpf-bypass` | Comma separated list of VLAN tags to bypass eBPF filtering on native devices. Cilium enables a firewall on native devices and filters all unknown traffic, including VLAN 802.1q packets, which pass through the main device with the associated tag (e.g., VLAN device eth0.4000 and its main interface eth0). Supports `0` as wildcard for bypassing all VLANs. e.g. `4001,4002` | []string | -| `k8sd/v1alpha1/metrics-server/image-repo` | Override the default image repository for the metrics-server. | string | -| `k8sd/v1alpha1/metrics-server/image-tag` | Override the default image tag for the metrics-server. | string | +For example: +```yaml +cluster-config: +... + annotations: + k8sd/v1alpha/lifecycle/skip-cleanup-kubernetes-node-on-remove: true + k8sd/v1alpha/lifecycle/skip-stop-services-on-remove: true +``` + +Please refer to the [Kubernetes website] for more information on annnotations. + +## `k8sd/v1alpha/lifecycle/skip-cleanup-kubernetes-node-on-remove` + +| | | +|---|---| +| **Values**| "true"\|"false"| +| **Description**| If set, only MicroCluster and file cleanup are performed. This is helpful when an external controller (e.g., CAPI) manages the Kubernetes node lifecycle. By default, k8sd will remove the Kubernetes node when it is removed from the cluster. | + +## `k8sd/v1alpha/lifecycle/skip-cleanup-kubernetes-node-on-remove` + +| | | +|---|---| +|**Values**| "true"\|"false"| +|**Description**|If set, the k8s services will not be stopped on the leaving node when removing the node. This is helpful when an external controller (e.g., CAPI) manages the Kubernetes node lifecycle. By default, all services are stopped on leaving nodes.| + +## `k8sd/v1alpha1/csrsigning/auto-approve` + +| | | +|---|---| +|**Values**| "true"\|"false"| +|**Description**|If set, certificate signing requests created by worker nodes are auto approved.| + +## `k8sd/v1alpha1/calico/apiserver-enabled` + +| | | +|---|---| +|**Values**| "true"\|"false"| +|**Description**|Enable the installation of the Calico API server to enable management of Calico APIs using kubectl.| + +## `k8sd/v1alpha1/calico/encapsulation-v4` + +| | | +|---|---| +|**Values**| “IPIP”\|”VXLAN”\|”IPIPCrossSubnet”\|”VXLANCrossSubnet”\|”None”| +|**Description**|The type of encapsulation to use on the IPv4 pool.| + +## `k8sd/v1alpha1/calico/encapsulation-v6` + +| | | +|---|---| +|**Values**| “IPIP”\|”VXLAN”\|”IPIPCrossSubnet”\|”VXLANCrossSubnet”\|”None”| +|**Description**|The type of encapsulation to use on the IPv6 pool.| + +## `k8sd/v1alpha1/calico/autodetection-v4/firstFound` + +| | | +|---|---| +|**Values**| "true"\|"false"| +|**Description**|Use default interface matching parameters to select an interface, performing best-effort filtering based on well-known interface names.| + +## `k8sd/v1alpha1/calico/autodetection-v4/kubernetes` + +| | | +|---|---| +|**Values**| “NodeInternalIP”| +|**Description**|Configure Calico to detect node addresses based on the Kubernetes API.| + +## `k8sd/v1alpha1/calico/autodetection-v4/interface` + +| | | +|---|---| +|**Values**| string | +|**Description**|Enable IP auto-detection based on interfaces that match the given regex.| + +## `k8sd/v1alpha1/calico/autodetection-v4/skipInterface` + +| | | +|---|---| +|**Values**| string | +|**Description**|Enable IP auto-detection based on interfaces that do not match the given regex.| + +## `k8sd/v1alpha1/calico/autodetection-v4/canReach` + +| | | +|---|---| +|**Values**| string | +|**Description**|Enable IP auto-detection based on which source address on the node is used to reach the specified IP or domain.| + +## `k8sd/v1alpha1/calico/autodetection-v4/cidrs` + +| | | +|---|---| +|**Values**| \[] (string values comma separated) | +|**Description**|Enable IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs.| + +## `k8sd/v1alpha1/calico/autodetection-v6/firstFound` + +| | | +|---|---| +|**Values**| "true"\|"false" | +|**Description**|Use default interface matching parameters to select an interface, performing best-effort filtering based on well-known interface names.| + +## `k8sd/v1alpha1/calico/autodetection-v6/kubernetes` + +| | | +|---|---| +|**Values**| “NodeInternalIP” | +|**Description**|Configure Calico to detect node addresses based on the Kubernetes API.| + +## `k8sd/v1alpha1/calico/autodetection-v6/interface` + +| | | +|---|---| +|**Values**| string | +|**Description**|Enable IP auto-detection based on interfaces that match the given regex.| + +## `k8sd/v1alpha1/calico/autodetection-v6/skipInterface` + +| | | +|---|---| +|**Values**| string | +|**Description**|Enable IP auto-detection based on interfaces that do not match the given regex.| + +## `k8sd/v1alpha1/calico/autodetection-v6/canReach` + +| | | +|---|---| +|**Values**| string | +|**Description**|Enable IP auto-detection based on which source address on the node is used to reach the specified IP or domain.| + +## `k8sd/v1alpha1/calico/autodetection-v6/cidrs` + +| | | +|---|---| +|**Values**| \[] (string values comma separated) | +|**Description**|Enable IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs.| + +## `k8sd/v1alpha1/cilium/devices` + +| | | +|---|---| +|**Values**| string| +|**Description**|List of devices facing cluster/external network (used for BPF NodePort, BPF masquerading and host firewall); supports `+` as wildcard in device name, e.g. `eth+,ens+` | + +## `k8sd/v1alpha1/cilium/direct-routing-device` + +| | | +|---|---| +|**Values**| string| +|**Description**|Device name used to connect nodes in direct routing mode (used by BPF NodePort, BPF host routing); if empty, automatically set to a device with k8s InternalIP/ExternalIP or with a default route. Bridge type devices are ignored in automatic selection| + +## `k8sd/v1alpha1/cilium/vlan-bpf-bypass` + +| | | +|---|---| +|**Values**| \[] (string values comma separated)| +|**Description**|Comma separated list of VLAN tags to bypass eBPF filtering on native devices. Cilium enables a firewall on native devices and filters all unknown traffic, including VLAN 802.1q packets, which pass through the main device with the associated tag (e.g., VLAN device eth0.4000 and its main interface eth0). Supports `0` as wildcard for bypassing all VLANs. e.g. `4001,4002`| + +## `k8sd/v1alpha1/metrics-server/image-repo` + +| | | +|---|---| +|**Values**| string| +|**Description**|Override the default image repository for the metrics-server.| + +## `k8sd/v1alpha1/metrics-server/image-tag` + +| | | +|---|---| +|**Values**| string| +|**Description**|Override the default image tag for the metrics-server.| + + +[Kubernetes website]:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ [bootstrap]: bootstrap-config-reference From 7314175d25aee820057154912ec39da61b8c245b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciek=20Go=C5=82aszewski?= Date: Wed, 20 Nov 2024 13:24:48 +0100 Subject: [PATCH 115/122] Add permission token at topLevel in workflows (#816) --- .github/workflows/automatic-doc-checks.yml | 10 ++++++---- .github/workflows/docs-spelling-checks.yml | 2 ++ .github/workflows/sync-images.yaml | 3 +++ 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/automatic-doc-checks.yml b/.github/workflows/automatic-doc-checks.yml index 5472b1662..d3bba4576 100644 --- a/.github/workflows/automatic-doc-checks.yml +++ b/.github/workflows/automatic-doc-checks.yml @@ -3,13 +3,15 @@ name: Core Documentation Checks on: - workflow_dispatch +permissions: + contents: read + concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: documentation-checks: - uses: canonical/documentation-workflows/.github/workflows/documentation-checks.yaml@main - with: - working-directory: 'docs/moonray' - + - uses: canonical/documentation-workflows/.github/workflows/documentation-checks.yaml@main + with: + working-directory: 'docs/moonray' diff --git a/.github/workflows/docs-spelling-checks.yml b/.github/workflows/docs-spelling-checks.yml index d4f4f9da1..913ab75a8 100644 --- a/.github/workflows/docs-spelling-checks.yml +++ b/.github/workflows/docs-spelling-checks.yml @@ -5,6 +5,8 @@ on: # pull_request: # paths: # - 'docs/**' +permissions: + contents: read jobs: spell-check: diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 02b143a1b..2b3247844 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -3,6 +3,9 @@ name: Sync upstream images to ghcr.io on: workflow_dispatch: +permissions: + contents: read + jobs: publish: runs-on: ubuntu-latest From dd2cd3b941049248e523896c69e100ea31a47ade Mon Sep 17 00:00:00 2001 From: Niamh Hennigan Date: Wed, 20 Nov 2024 06:50:28 -0800 Subject: [PATCH 116/122] tutorials review (#814) reviewed tutorials and edited them to make them clearer, fix md linter issues and formatting --- docs/src/capi/tutorial/getting-started.md | 22 ++++++------ docs/src/charm/tutorial/getting-started.md | 23 ++++++------- docs/src/snap/tutorial/add-remove-nodes.md | 28 +++++++++------- docs/src/snap/tutorial/getting-started.md | 39 ++++++++++++---------- docs/src/snap/tutorial/kubectl.md | 20 +++++++---- 5 files changed, 72 insertions(+), 60 deletions(-) diff --git a/docs/src/capi/tutorial/getting-started.md b/docs/src/capi/tutorial/getting-started.md index 71a8f823a..fa6aac101 100644 --- a/docs/src/capi/tutorial/getting-started.md +++ b/docs/src/capi/tutorial/getting-started.md @@ -1,4 +1,4 @@ -# Cluster provisioning with CAPI and Canonical K8s +# Cluster provisioning with CAPI and {{product}} This guide covers how to deploy a {{product}} multi-node cluster using Cluster API (CAPI). @@ -16,7 +16,7 @@ curl -L https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.7.3/ sudo install -o root -g root -m 0755 clusterctl /usr/local/bin/clusterctl ``` -### Configure clusterctl +## Configure `clusterctl` `clusterctl` contains a list of default providers. Right now, {{product}} is not yet part of that list. To make `clusterctl` aware of the new @@ -33,10 +33,10 @@ providers: url: "https://github.com/canonical/cluster-api-k8s/releases/latest/control-plane-components.yaml" ``` -### Set up a management cluster +## Set up a management cluster -The management cluster hosts the CAPI providers. You can use Canonical -Kubernetes as a management cluster: +The management cluster hosts the CAPI providers. You can use {{product}} as a +management cluster: ``` sudo snap install k8s --classic --edge @@ -50,7 +50,7 @@ When setting up the management cluster, place its kubeconfig under `~/.kube/config` so other tools such as `clusterctl` can discover and interact with it. -### Prepare the infrastructure provider +## Prepare the infrastructure provider Before generating a cluster, you need to configure the infrastructure provider. Each provider has its own prerequisites. Please follow the instructions @@ -68,7 +68,7 @@ chmod +x clusterawsadm sudo mv clusterawsadm /usr/local/bin ``` -`clusterawsadm` helps you bootstrapping the AWS environment that CAPI will use +`clusterawsadm` helps you bootstrapping the AWS environment that CAPI will use. It will also create the necessary IAM roles for you. Start by setting up environment variables defining the AWS account to use, if @@ -153,7 +153,7 @@ You are now all set to deploy the MAAS CAPI infrastructure provider. ```` ````` -### Initialise the management cluster +## Initialise the management cluster To initialise the management cluster with the latest released version of the providers and the infrastructure of your choice: @@ -162,7 +162,7 @@ providers and the infrastructure of your choice: clusterctl init --bootstrap ck8s --control-plane ck8s -i ``` -### Generate a cluster spec manifest +## Generate a cluster spec manifest Once the bootstrap and control-plane controllers are up and running, you can apply the cluster manifests with the specifications of the cluster you want to @@ -198,7 +198,7 @@ set the cluster’s properties. Review the available options in the respective definitions file and edit the cluster manifest (`cluster.yaml` above) to match your needs. -### Deploy the cluster +## Deploy the cluster To deploy the cluster, run: @@ -237,7 +237,7 @@ You can then see the workload nodes using: KUBECONFIG=./kubeconfig sudo k8s kubectl get node ``` -### Delete the cluster +## Delete the cluster To delete a cluster: diff --git a/docs/src/charm/tutorial/getting-started.md b/docs/src/charm/tutorial/getting-started.md index b0859a5d1..222ba1120 100644 --- a/docs/src/charm/tutorial/getting-started.md +++ b/docs/src/charm/tutorial/getting-started.md @@ -7,7 +7,7 @@ instances and also to integrate other operators to enhance or customise your Kubernetes deployment. This tutorial will take you through installing Kubernetes and some common first steps. -## What you will learn +## What will be covered - How to install {{product}} - Making a cluster @@ -41,7 +41,9 @@ The currently available versions of the charm can be discovered by running: ``` juju info k8s ``` + or + ``` juju info k8s-worker ``` @@ -106,13 +108,14 @@ fetched earlier also includes a list of the relations possible, and from this we can see that the k8s-worker requires "cluster: k8s-cluster". To connect these charms and effectively add the worker to our cluster, we use -the 'integrate' command, adding the interface we wish to connect +the 'integrate' command, adding the interface we wish to connect. ``` juju integrate k8s k8s-worker:cluster ``` -After a short time, the worker node will share information with the control plane and be joined to the cluster. +After a short time, the worker node will share information with the control plane +and be joined to the cluster. ## 4. Scale the cluster (Optional) @@ -168,7 +171,8 @@ config file which will just require a bit of editing: juju run k8s/0 get-kubeconfig >> ~/.kube/config ``` -The output includes the root of the YAML, `kubeconfig: |`, so we can just use an editor to remove that line: +The output includes the root of the YAML, `kubeconfig: |`, so we can just use an +editor to remove that line: ``` nano ~/.kube/config @@ -189,6 +193,7 @@ kubectl config show ``` ...which should output something like this: + ``` apiVersion: v1 clusters: @@ -217,15 +222,7 @@ running a simple command such as : kubectl get pods -A ``` -This should return some pods, confirming the command can reach the cluster: - -``` -NAMESPACE NAME READY STATUS RESTARTS AGE -kube-system cilium-4m5xj 1/1 Running 0 35m -kube-system cilium-operator-5ff9ddcfdb-b6qxm 1/1 Running 0 35m -kube-system coredns-7d4dffcffd-tvs6v 1/1 Running 0 35m -kube-system metrics-server-6f66c6cc48-wdxxk 1/1 Running 0 35m -``` +This should return some pods, confirming the command can reach the cluster. ## Next steps diff --git a/docs/src/snap/tutorial/add-remove-nodes.md b/docs/src/snap/tutorial/add-remove-nodes.md index 72ff32988..9065c1a6c 100644 --- a/docs/src/snap/tutorial/add-remove-nodes.md +++ b/docs/src/snap/tutorial/add-remove-nodes.md @@ -1,4 +1,4 @@ -# Adding and Removing Nodes +# Adding and removing nodes Typical production clusters are hosted across multiple data centres and cloud environments, enabling them to leverage geographical distribution for improved @@ -56,14 +56,15 @@ sudo snap install --classic --edge k8s ### 2. Bootstrap your control plane node -Bootstrap the control plane node: +Bootstrap the control plane node with default configuration: ``` sudo k8s bootstrap ``` {{product}} allows you to create two types of nodes: control plane and -worker nodes. In this example, we're creating a worker node. +worker nodes. In this example, we just initialised a control plane node, now +let's create a worker node. Generate the token required for the worker node to join the cluster by executing the following command on the control-plane node: @@ -72,6 +73,9 @@ the following command on the control-plane node: sudo k8s get-join-token worker --worker ``` +`worker` refers to the name of the node we want to join. `--worker` is the type +of node we want to join. + A base64 token will be printed to your terminal. Keep it handy as you will need it for the next step. @@ -81,36 +85,36 @@ it for the next step. ### 3. Join the cluster on the worker node -To join the worker node to the cluster, run: +To join the worker node to the cluster, run on worker node: ``` sudo k8s join-cluster ``` -After a few seconds, you should see: `Joined the cluster.` +After a few seconds, you should see: `Joined the cluster.` ### 4. View the status of your cluster -To see what we've accomplished in this tutorial: +Let's review what we've accomplished in this tutorial. -If you created a control plane node, check that it joined successfully: +To see the control plane node created: ``` sudo k8s status ``` -If you created a worker node, verify with this command: +Verify the worker node joined successfully with this command +on control-plane node: ``` sudo k8s kubectl get nodes ``` -You should see that you've successfully added a worker or control plane node to -your cluster. +You should see that you've successfully added a worker to your cluster. Congratulations! -### 4. Remove Nodes and delete the VMs (Optional) +### 4. Remove nodes and delete the VMs (Optional) It is important to clean-up your nodes before tearing down the VMs. @@ -139,7 +143,7 @@ multipass delete worker multipass purge ``` -## Next Steps +## Next steps - Discover how to enable and configure Ingress resources [Ingress][Ingress] - Learn more about {{product}} with kubectl [How to use diff --git a/docs/src/snap/tutorial/getting-started.md b/docs/src/snap/tutorial/getting-started.md index 69832a87d..90b66d594 100644 --- a/docs/src/snap/tutorial/getting-started.md +++ b/docs/src/snap/tutorial/getting-started.md @@ -19,22 +19,24 @@ Install the {{product}} snap with: sudo snap install k8s --edge --classic ``` -### 2. Bootstrap a Kubernetes Cluster +### 2. Bootstrap a Kubernetes cluster -Bootstrap a Kubernetes cluster with default configuration using: +The bootstrap command initialises your cluster and configures your host system +as a Kubernetes node. If you would like to bootstrap a Kubernetes cluster with +default configuration run: ``` sudo k8s bootstrap ``` -This command initialises your cluster and configures your host system -as a Kubernetes node. For custom configurations, you can explore additional options using: ``` sudo k8s bootstrap --help ``` +Bootstrapping the cluster can only be done once. + ### 3. Check cluster status To confirm the installation was successful and your node is ready you @@ -44,6 +46,13 @@ should run: sudo k8s status ``` +It may take a few moments for the cluster to be ready. Confirm that {{product}} +has transitioned to the `cluster status ready` state by running: + +``` +sudo k8s status --wait-ready +``` + Run the following command to list all the pods in the `kube-system` namespace: @@ -51,19 +60,13 @@ namespace: sudo k8s kubectl get pods -n kube-system ``` -You will observe at least three pods running: +You will observe at least three pods running. The functions of these three pods +are: - **CoreDNS**: Provides DNS resolution services. - **Network operator**: Manages the life-cycle of the networking solution. - **Network agent**: Facilitates network management. -Confirm that {{product}} has transitioned to the `k8s is ready` state -by running: - -``` -sudo k8s status --wait-ready -``` - ### 5. Access Kubernetes The standard tool for deploying and managing workloads on Kubernetes @@ -124,7 +127,7 @@ running: sudo k8s kubectl get pods ``` -### 8. Enable Local Storage +### 8. Enable local storage In scenarios where you need to preserve application data beyond the life-cycle of the pod, Kubernetes provides persistent volumes. @@ -166,7 +169,7 @@ You can inspect the storage-writer-pod with: sudo k8s kubectl describe pod storage-writer-pod ``` -### 9. Disable Local Storage +### 9. Disable local storage Begin by removing the pod along with the persistent volume claim: @@ -201,20 +204,20 @@ sudo snap remove k8s --purge This option ensures complete removal of the snap and its associated data. -## Next Steps +## Next steps - Learn more about {{product}} with kubectl: [How to use kubectl] - Explore Kubernetes commands with our [Command Reference Guide] -- Learn how to set up a multi-node environment [Setting up a K8s cluster] +- Learn how to set up a multi-node environment by [Adding and Removing Nodes] - Configure storage options: [Storage] - Master Kubernetes networking concepts: [Networking] -- Discover how to enable and configure Ingress resources [Ingress] +- Discover how to enable and configure Ingress resources: [Ingress] [How to use kubectl]: kubectl [Command Reference Guide]: ../reference/commands -[Setting up a K8s cluster]: add-remove-nodes +[Adding and Removing Nodes]: add-remove-nodes [Storage]: ../howto/storage/index [Networking]: ../howto/networking/index.md [Ingress]: ../howto/networking/default-ingress.md \ No newline at end of file diff --git a/docs/src/snap/tutorial/kubectl.md b/docs/src/snap/tutorial/kubectl.md index 02b643c18..5bdf04ef9 100644 --- a/docs/src/snap/tutorial/kubectl.md +++ b/docs/src/snap/tutorial/kubectl.md @@ -13,7 +13,7 @@ Before you begin, make sure you have the following: [Getting Started]) - You are using the built-in `kubectl` command from the snap. -### 1. The Kubectl Command +### 1. The kubectl command The `kubectl` command communicates with the [Kubernetes API server][kubernetes-api-server]. @@ -21,17 +21,25 @@ The `kubectl` command communicates with the The `kubectl` command included with {{product}} is built from the original upstream source into the `k8s` snap you have installed. -### 2. How To Use Kubectl +### 2. How to use kubectl -To access `kubectl`, run the following command: +To access `kubectl`, run the following: ``` -sudo k8s kubectl +sudo k8s kubectl ``` +This will display a list of commands possible with `kubectl`. + > **Note**: Only control plane nodes can use the `kubectl` command. Worker > nodes do not have access to this command. +The format of `kubectl` commands are: + +``` +sudo k8s kubectl +``` + ### 3. Configuration In {{product}}, the `kubeconfig` file that is being read to display @@ -49,7 +57,7 @@ Let's review what was created in the [Getting Started] guide. To see what pods were created when we enabled the `network` and `dns` -components: +components during the cluster bootstrap: ``` sudo k8s kubectl get pods -o wide -n kube-system @@ -68,7 +76,7 @@ The `kubernetes` service in the `default` namespace is where the Kubernetes API server resides, and it's the endpoint with which other nodes in your cluster will communicate. -### 5. Creating and Managing Objects +### 5. Creating and managing objects Let's deploy an NGINX server using this command: From 2f1c02162345bcd17ba7e1ddb1ed0b8ee551635c Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Wed, 20 Nov 2024 22:46:12 +0100 Subject: [PATCH 117/122] Use new annotation path (#821) apiv1 is deprecated for annotations. `apiv1_annotations` is the recommended package now. --- src/k8s/pkg/k8sd/app/hooks_remove.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/k8s/pkg/k8sd/app/hooks_remove.go b/src/k8s/pkg/k8sd/app/hooks_remove.go index 86b4d6c87..04d93faf0 100644 --- a/src/k8s/pkg/k8sd/app/hooks_remove.go +++ b/src/k8s/pkg/k8sd/app/hooks_remove.go @@ -7,7 +7,6 @@ import ( "net" "os" - apiv1 "github.com/canonical/k8s-snap-api/api/v1" apiv1_annotations "github.com/canonical/k8s-snap-api/api/v1/annotations" databaseutil "github.com/canonical/k8s/pkg/k8sd/database/util" "github.com/canonical/k8s/pkg/k8sd/pki" @@ -131,7 +130,7 @@ func (a *App) onPreRemove(ctx context.Context, s state.State, force bool) (rerr log.Error(err, "failed to cleanup control plane certificates") } - if _, ok := cfg.Annotations.Get(apiv1.AnnotationSkipStopServicesOnRemove); !ok { + if _, ok := cfg.Annotations.Get(apiv1_annotations.AnnotationSkipStopServicesOnRemove); !ok { log.Info("Stopping worker services") if err := snaputil.StopWorkerServices(ctx, snap); err != nil { log.Error(err, "Failed to stop worker services") From bd42a491ee53e24a6b106463ce961d7b0423cefc Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Wed, 20 Nov 2024 23:21:17 +0100 Subject: [PATCH 118/122] Only log worker marker file error if exists (#820) --- src/k8s/pkg/k8sd/app/hooks_remove.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/k8s/pkg/k8sd/app/hooks_remove.go b/src/k8s/pkg/k8sd/app/hooks_remove.go index 04d93faf0..bb9cc941e 100644 --- a/src/k8s/pkg/k8sd/app/hooks_remove.go +++ b/src/k8s/pkg/k8sd/app/hooks_remove.go @@ -3,6 +3,7 @@ package app import ( "context" "database/sql" + "errors" "fmt" "net" "os" @@ -122,7 +123,9 @@ func (a *App) onPreRemove(ctx context.Context, s state.State, force bool) (rerr log.Info("Removing worker node mark") if err := snaputil.MarkAsWorkerNode(snap, false); err != nil { - log.Error(err, "Failed to unmark node as worker") + if !errors.Is(err, os.ErrNotExist) { + log.Error(err, "failed to unmark node as worker") + } } log.Info("Cleaning up control plane certificates") From 29feb03907a07cd5c5c6f92e5a770ee3fcc0e9d0 Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Thu, 21 Nov 2024 08:45:06 +0100 Subject: [PATCH 119/122] Remove obsolete sync-images scripts (#818) We now use the our own Rocks everywhere, so syncing is not required anymore. --- .github/workflows/sync-images.yaml | 26 --------------------- build-scripts/hack/sync-images.sh | 11 --------- build-scripts/hack/sync-images.yaml | 31 -------------------------- docs/src/snap/howto/install/offline.md | 29 ++++++++++++++---------- 4 files changed, 17 insertions(+), 80 deletions(-) delete mode 100644 .github/workflows/sync-images.yaml delete mode 100755 build-scripts/hack/sync-images.sh delete mode 100644 build-scripts/hack/sync-images.yaml diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml deleted file mode 100644 index 2b3247844..000000000 --- a/.github/workflows/sync-images.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: Sync upstream images to ghcr.io - -on: - workflow_dispatch: - -permissions: - contents: read - -jobs: - publish: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: "1.22" - - - name: Sync images - env: - USERNAME: ${{ github.actor }} - PASSWORD: ${{ secrets.GITHUB_TOKEN }} - run: | - ./build-scripts/hack/sync-images.sh diff --git a/build-scripts/hack/sync-images.sh b/build-scripts/hack/sync-images.sh deleted file mode 100755 index 5ff80f959..000000000 --- a/build-scripts/hack/sync-images.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -# Description: -# Sync images from upstream repositories under ghcr.io/canonical. -# -# Usage: -# $ USERNAME="$username" PASSWORD="$password" ./sync-images.sh - -DIR="$(realpath "$(dirname "${0}")")" - -"${DIR}/../../src/k8s/tools/regsync.sh" once -c "${DIR}/upstream-images.yaml" diff --git a/build-scripts/hack/sync-images.yaml b/build-scripts/hack/sync-images.yaml deleted file mode 100644 index d3a5245f8..000000000 --- a/build-scripts/hack/sync-images.yaml +++ /dev/null @@ -1,31 +0,0 @@ -sync: - - source: ghcr.io/canonical/k8s-snap/pause:3.10 - target: '{{ env "MIRROR" }}/canonical/k8s-snap/pause:3.10' - type: image - - source: ghcr.io/canonical/cilium-operator-generic:1.16.3-ck0 - target: '{{ env "MIRROR" }}/canonical/cilium-operator-generic:1.16.3-ck0' - type: image - - source: ghcr.io/canonical/cilium:1.16.3-ck0 - target: '{{ env "MIRROR" }}/canonical/cilium:1.16.3-ck0' - type: image - - source: ghcr.io/canonical/coredns:1.11.3 - target: '{{ env "MIRROR" }}/canonical/coredns:1.11.3-ck0' - type: image - - source: ghcr.io/canonical/k8s-snap/sig-storage/csi-node-driver-registrar:v2.10.1 - target: '{{ env "MIRROR" }}/canonical/k8s-snap/sig-storage/csi-node-driver-registrar:v2.10.1' - type: image - - source: ghcr.io/canonical/k8s-snap/sig-storage/csi-provisioner:v5.0.1 - target: '{{ env "MIRROR" }}/canonical/k8s-snap/sig-storage/csi-provisioner:v5.0.1' - type: image - - source: ghcr.io/canonical/k8s-snap/sig-storage/csi-resizer:v1.11.1 - target: '{{ env "MIRROR" }}/canonical/k8s-snap/sig-storage/csi-resizer:v1.11.1' - type: image - - source: ghcr.io/canonical/k8s-snap/sig-storage/csi-snapshotter:v8.0.1 - target: '{{ env "MIRROR" }}/canonical/k8s-snap/sig-storage/csi-snapshotter:v8.0.1' - type: image - - source: ghcr.io/canonical/metrics-server:0.7.0-ck2 - target: '{{ env "MIRROR" }}/canonical/metrics-server:0.7.0-ck2' - type: image - - source: ghcr.io/canonical/rawfile-localpv:0.8.0-ck4 - target: '{{ env "MIRROR" }}/canonical/rawfile-localpv:0.8.0-ck4' - type: image diff --git a/docs/src/snap/howto/install/offline.md b/docs/src/snap/howto/install/offline.md index e522efa50..28776effc 100644 --- a/docs/src/snap/howto/install/offline.md +++ b/docs/src/snap/howto/install/offline.md @@ -61,13 +61,13 @@ add a dummy default route on the `eth0` interface using the following command: ip route add default dev eth0 ``` -```{note} +```{note} Ensure that `eth0` is the name of the default network interface used for pod-to-pod communication. ``` -The dummy gateway will only be used by the Kubernetes services to -know which interface to use, actual connectivity to the internet is not +The dummy gateway will only be used by the Kubernetes services to +know which interface to use, actual connectivity to the internet is not required. Ensure that the dummy gateway rule survives a node reboot. #### Ensure proxy access @@ -94,7 +94,7 @@ For {{product}}, it is also necessary to fetch the images used by its features (network, DNS, etc.) as well as any images that are needed to run specific workloads. -```{note} +```{note} The image options are presented in the order of increasing complexity of implementation. It may be helpful to combine these options for different scenarios. @@ -167,12 +167,18 @@ any upstream registries (e.g. `docker.io`) and the private mirror. ##### Load images with regsync We recommend using [regsync][regsync] to copy images from the upstream registry -to your private registry. Refer to the [sync-images.yaml][sync-images-yaml] -file that contains the configuration for syncing images from the upstream -registry to the private registry. Using the output from `k8s list-images` -update the images in the [sync-images.yaml][sync-images-yaml] file if -necessary. Update the file with the appropriate mirror, and specify a mirror -for ghcr.io that points to the registry. +to your private registry. +For that, create a `sync-images.yaml` file that maps the output from +`k8s list-images` to the private registry mirror and specify a mirror for +ghcr.io that points to the registry. + +``` +sync: + - source: ghcr.io/canonical/k8s-snap/pause:3.10 + target: '{{ env "MIRROR" }}/canonical/k8s-snap/pause:3.10' + type: image + ... +``` After creating the `sync-images.yaml` file, use [regsync][regsync] to sync the images. Assuming your registry mirror is at http://10.10.10.10:5050, run: @@ -264,7 +270,7 @@ capabilities = ["pull", "resolve"] HTTPS requires the additionally specification of the registry CA certificate. Copy the certificate to `/var/snap/k8s/common/etc/containerd/hosts.d/ghcr.io/ca.crt`. -Then add the configuration in +Then add the configuration in `/var/snap/k8s/common/etc/containerd/hosts.d/ghcr.io/hosts.toml`: ``` @@ -300,7 +306,6 @@ After a while, confirm that all the cluster nodes show up in the output of the [Core20]: https://canonical.com/blog/ubuntu-core-20-secures-linux-for-iot [proxy]: ../networking/proxy.md -[sync-images-yaml]: https://github.com/canonical/k8s-snap/blob/main/build-scripts/hack/sync-images.yaml [regsync]: https://github.com/regclient/regclient/blob/main/docs/regsync.md [regctl]: https://github.com/regclient/regclient/blob/main/docs/regctl.md [regctl.sh]: https://github.com/canonical/k8s-snap/blob/main/src/k8s/tools/regctl.sh From c648d828a4d8722e32c7ba3e2fb0cf40215e0072 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciek=20Go=C5=82aszewski?= Date: Thu, 21 Nov 2024 14:27:49 +0100 Subject: [PATCH 120/122] Add security.md with policy (#822) --- SECURITY.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..1a3299a16 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +## Reporting a Vulnerability + +To report a security issue, please follow the steps below: + +Using GitHub, file a [Private Security Report](https://github.com/canonical/k8s-snap/security/advisories/new) with: +- A description of the issue +- Steps to reproduce the issue +- Affected versions of the `k8s-snap` package +- Any known mitigations for the issue + +The [Ubuntu Security disclosure and embargo policy](https://ubuntu.com/security/disclosure-policy) contains more information about what to expect during this process and our requirements for responsible disclosure. + +Thank you for contributing to the security and integrity of `k8s-snap`! From 7f732c9bcabdab4ac9b661c3e95a432a549aad7f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 19:55:31 +0100 Subject: [PATCH 121/122] [main] Update component versions (#825) --- build-scripts/components/kubernetes/version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-scripts/components/kubernetes/version b/build-scripts/components/kubernetes/version index 2aa75271e..c46737494 100644 --- a/build-scripts/components/kubernetes/version +++ b/build-scripts/components/kubernetes/version @@ -1 +1 @@ -v1.31.2 +v1.31.3 From 376da2ba90578a0513e71e88bb10e4fa627557a6 Mon Sep 17 00:00:00 2001 From: Claudiu Belu Date: Fri, 22 Nov 2024 08:38:19 +0000 Subject: [PATCH 122/122] Cleans up all containerd-related resources on snap removal (#827) Currently, when removing the snap, the /var/run/containerd folder is not properly removed, as it is a folder. This fixes this issue. Additionally removes other containerd-related folders: /etc/containerd and /var/lib/containerd. We're also removing /opt/cni/bin on snap removal, which is created when bootstrapping the node. As we're removing the k8s snap, we no longer need this folder either. --- k8s/lib.sh | 8 +++++--- src/k8s/pkg/k8sd/setup/containerd.go | 22 +++++++++++++++++++--- src/k8s/pkg/k8sd/setup/containerd_test.go | 17 +++++++++++++---- tests/integration/tests/test_cleanup.py | 14 ++++++++++++++ 4 files changed, 51 insertions(+), 10 deletions(-) diff --git a/k8s/lib.sh b/k8s/lib.sh index e31ace822..e81b7aefd 100755 --- a/k8s/lib.sh +++ b/k8s/lib.sh @@ -99,9 +99,11 @@ k8s::remove::containerd() { # only remove containerd if the snap was already bootstrapped. # this is to prevent removing containerd when it is not installed by the snap. - if [ -f "$SNAP_COMMON/lock/containerd-socket-path" ]; then - rm -f $(cat "$SNAP_COMMON/lock/containerd-socket-path") - fi + for file in "containerd-socket-path" "containerd-config-dir" "containerd-root-dir" "containerd-cni-bin-dir"; do + if [ -f "$SNAP_COMMON/lock/$file" ]; then + rm -rf $(cat "$SNAP_COMMON/lock/$file") + fi + done } # Run a ctr command against the local containerd socket diff --git a/src/k8s/pkg/k8sd/setup/containerd.go b/src/k8s/pkg/k8sd/setup/containerd.go index e3213e4c2..eb9909124 100644 --- a/src/k8s/pkg/k8sd/setup/containerd.go +++ b/src/k8s/pkg/k8sd/setup/containerd.go @@ -159,14 +159,30 @@ func Containerd(snap snap.Snap, extraContainerdConfig map[string]any, extraArgs } } - // Write the containerd socket path to a file to properly clean-up on removal. - if err := utils.WriteFile(filepath.Join(snap.LockFilesDir(), "containerd-socket-path"), []byte(snap.ContainerdSocketDir()), 0o600); err != nil { - return fmt.Errorf("failed to write containerd-socket-path: %w", err) + if err := saveSnapContainerdPaths(snap); err != nil { + return err } return nil } +func saveSnapContainerdPaths(s snap.Snap) error { + // Write the containerd-related paths to files to properly clean-up on removal. + m := map[string]string{ + "containerd-socket-path": s.ContainerdSocketDir(), + "containerd-config-dir": s.ContainerdConfigDir(), + "containerd-root-dir": s.ContainerdRootDir(), + "containerd-cni-bin-dir": s.CNIBinDir(), + } + + for filename, content := range m { + if err := utils.WriteFile(filepath.Join(s.LockFilesDir(), filename), []byte(content), 0o600); err != nil { + return fmt.Errorf("failed to write %s: %w", filename, err) + } + } + return nil +} + func init() { images.Register(defaultPauseImage) } diff --git a/src/k8s/pkg/k8sd/setup/containerd_test.go b/src/k8s/pkg/k8sd/setup/containerd_test.go index 904bd11ce..8bd56399b 100644 --- a/src/k8s/pkg/k8sd/setup/containerd_test.go +++ b/src/k8s/pkg/k8sd/setup/containerd_test.go @@ -121,10 +121,19 @@ func TestContainerd(t *testing.T) { }) }) - t.Run("Lockfile", func(t *testing.T) { + t.Run("Lockfiles", func(t *testing.T) { g := NewWithT(t) - b, err := os.ReadFile(filepath.Join(s.LockFilesDir(), "containerd-socket-path")) - g.Expect(err).To(Not(HaveOccurred())) - g.Expect(string(b)).To(Equal(s.ContainerdSocketDir())) + m := map[string]string{ + "containerd-socket-path": s.ContainerdSocketDir(), + "containerd-config-dir": s.ContainerdConfigDir(), + "containerd-root-dir": s.ContainerdRootDir(), + "containerd-cni-bin-dir": s.CNIBinDir(), + } + for filename, content := range m { + + b, err := os.ReadFile(filepath.Join(s.LockFilesDir(), filename)) + g.Expect(err).To(Not(HaveOccurred())) + g.Expect(string(b)).To(Equal(content)) + } }) } diff --git a/tests/integration/tests/test_cleanup.py b/tests/integration/tests/test_cleanup.py index 18ce44400..784ac6b4a 100644 --- a/tests/integration/tests/test_cleanup.py +++ b/tests/integration/tests/test_cleanup.py @@ -9,6 +9,13 @@ LOG = logging.getLogger(__name__) +CONTAINERD_PATHS = [ + "/etc/containerd", + "/opt/cni/bin", + "/run/containerd", + "/var/lib/containerd", +] + @pytest.mark.node_count(1) def test_node_cleanup(instances: List[harness.Instance]): @@ -17,3 +24,10 @@ def test_node_cleanup(instances: List[harness.Instance]): util.wait_for_network(instance) util.remove_k8s_snap(instance) + + # Check that the containerd-related folders are removed on snap removal. + process = instance.exec( + ["ls", *CONTAINERD_PATHS], capture_output=True, text=True, check=False + ) + for path in CONTAINERD_PATHS: + assert f"cannot access '{path}': No such file or directory" in process.stderr