From fcbc0dafa4118cd4f170e4e2613d446bc4962dc5 Mon Sep 17 00:00:00 2001 From: Andy Green Date: Wed, 23 Feb 2022 08:19:14 +0000 Subject: [PATCH] lws_ota --- CMakeLists-implied-options.txt | 6 + CMakeLists.txt | 8 + READMEs/README.lws_ota.md | 302 ++++++++++ READMEs/README.lws_system.md | 23 + cmake/lws_config.h.in | 3 + contrib/lws_ota-manifest.sh | 28 + doc-assets/lws_ota.png | Bin 0 -> 68028 bytes doc-assets/lws_system_states.png | Bin 0 -> 90227 bytes include/libwebsockets.h | 1 + include/libwebsockets/lws-ota.h | 122 ++++ include/libwebsockets/lws-system.h | 15 +- lib/core-net/private-lib-core-net.h | 63 ++ lib/core/context.c | 22 +- lib/core/private-lib-core.h | 10 +- lib/plat/freertos/CMakeLists.txt | 5 + lib/plat/freertos/esp32/esp32-lws_ota.c | 201 +++++++ lib/system/CMakeLists.txt | 6 + lib/system/ota/ota.c | 735 ++++++++++++++++++++++++ 18 files changed, 1547 insertions(+), 3 deletions(-) create mode 100644 READMEs/README.lws_ota.md create mode 100755 contrib/lws_ota-manifest.sh create mode 100644 doc-assets/lws_ota.png create mode 100644 doc-assets/lws_system_states.png create mode 100644 include/libwebsockets/lws-ota.h create mode 100644 lib/plat/freertos/esp32/esp32-lws_ota.c create mode 100644 lib/system/ota/ota.c diff --git a/CMakeLists-implied-options.txt b/CMakeLists-implied-options.txt index 5a5d426ff..3ebbe62b0 100644 --- a/CMakeLists-implied-options.txt +++ b/CMakeLists-implied-options.txt @@ -375,6 +375,12 @@ if (LWS_WITH_UPNG) set(LWS_WITH_GZINFLATE 1) endif() +if (LWS_WITH_OTA) + set(LWS_WITH_JOSE 1) + set(LWS_WITH_GENCRYPTO 1) + set(LWS_WITH_GZINFATE 1) +endif() + # using any abstract protocol enables LWS_WITH_ABSTRACT #if (LWS_WITH_SMTP) diff --git a/CMakeLists.txt b/CMakeLists.txt index bdda6ddb4..4283a2ccd 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -93,6 +93,8 @@ if (ESP_PLATFORM) $ENV{IDF_PATH}/components/soc/include/ $ENV{IDF_PATH}/components/esp_hw_support/include $ENV{IDF_PATH}/components/hal/${CONFIG_IDF_TARGET}/include/ + $ENV{IDF_PATH}/components/app_update/include/ + $ENV{IDF_PATH}/components/bootloader_support/include ) if (CONFIG_IDF_TARGET_ARCH_RISCV) @@ -342,6 +344,12 @@ set(LWS_COMPRESSED_BACKTRACES_SNIP_PRE 2 CACHE STRING "Amount of callstack to sn set(LWS_COMPRESSED_BACKTRACES_SNIP_POST 1 CACHE STRING "Amount of callstack to snip from bottom") option(LWS_WITH_ALLOC_METADATA_LWS "Build lws_*alloc() with compressed backtraces (requires WITH_COMPRESSED_BACKTRACES)" OFF) +# +# Over The Air updates +# +option(LWS_WITH_OTA "Build with support for Over The Air update download and validation" OFF) +set(LWS_OTA_VARIANT "set-LWS_OTA_VARIANT" CACHE STRING "Build Variant ID for OTA filtering") +set(LWS_OTA_PUBLIC_JWK "set-LWS_OTA_PUBLIC_JWK" CACHE STRING "Filepath to public JWK used for OTA validation") if (${CMAKE_SYSTEM_NAME} MATCHES "SunOS") diff --git a/READMEs/README.lws_ota.md b/READMEs/README.lws_ota.md new file mode 100644 index 000000000..40541a322 --- /dev/null +++ b/READMEs/README.lws_ota.md @@ -0,0 +1,302 @@ +# lws_ota Over The Air updates + +|Area|Definition| +|---|---| +|Cmake|`LWS_WITH_OTA` off by default| +|API|`./include/libwebsockets/lws-ota.h`| +|README|./READMEs/README.lws_ota.md| + +![overview](../doc-assets/lws_ota.png) + +`lws_ota` apis provide a standardized way to securely distribute gzipped +firmware update blobs over the internet, using a detached signed manifest that +describes the latest update for a particular variant and the corresponding +compressed firmware update blob. + +Generic client infrastructure to fetch and check the related manifest on an +http update server to discover new firmware at boot and periodically, download +the related firemare via Secure Streams, decompress on-the-fly, validate the +manifest signature against your issuer public key, and validate the decompressed +download against the manifests's signed hash, then if valid, interact with +platform-specific firmware update procedures such as erase and flash as +implemented in user code via lws_system, asynchronously. + +This gives you a way to have standardized production, identification, discovery +and security on firmware updates leveraging the lws arrangements for all the +generic work no matter the SoC involved, while still remaining compatible with +SoC-specific OTA procedures flexibly. + +`lws_ota` signing is an extra layer on top ensuring that only the firmware +issuer with the approriate key can sign the update manifest for the firmware +blobs that will be accepted by the client as valid. SoC-specific firmware +signing (eg, with bootloader key) is done separately before the `lws_ota` layer; +SoC-specific signatures should already have been applied on the blob before +`lws_ota` hashes it and signs the hash in the manifest. + +## Separation of generic OTA and platform operations + +lws_ota handles generic OTA steps such as checking for new firmware, starting +a new OTA action, downloading the image, checking its integrity and deciding if +it should be finalized. + +For all platform-specific steps such as selection of OTA slot or the actual +flashing, there is an lws_system ops struct `lws_ota_ops_t` that lets the user +code define how the operations are actually done, outside of lws itself. +lws_ota calls these user-defined ops struct members to get platform-specific +stuff done without needing to understand the details. + +These operation apis are given a completion callback and opaque completion +context pointer to call when their async operation completes; if the platform +implementation is synchronous, it's also possible to block and call the +completion callback before returning. + +## Structure of firmware repo + +The lws_ota network code uses "ota" streamtype from the policy, this sets the +endpoint address of the firmware repo and the first part of the URL path to use +statically, reflecting where the generic firmware update infrastructure lives. + +In top of that, at build-time, cmake var `LWS_OTA_VARIANT` can be set to a +URL-compatible string identifying the build variant, this is appended to the +URL path using metadata so a given variant can only see firmware related to +its specific kind of device. + +For example, the ota streamtype sets the endpoint (server address) and the first +part of the repo path, like this for lws examples + +``` + "}},{\"ota\": {" + "\"endpoint\":" "\"libwebsockets.org\"," + "\"port\":" "443," + "\"protocol\":" "\"h2\"," + "\"http_method\":" "\"GET\"," + "\"http_url\":" "\"firmware/examples/${ota_variant}/${file}\"," + "\"metadata\": [{\n" + "\"ota_variant\":" "\"\",\n" + "\"file\":" "\"\"\n" + "}],\n" + ... +``` + +`ota_variant` metadata is set to the application's unique variant name, and +`file` metadata is set first to "manifest.jws" to find out if anything newer is +available, and if there is, to whatever filepath is told in the manifest as the +latest. + +## Update discovery approach + +lws_ota autonomously checks for update at boot, 30 + a random jitter of up to +15 seconds after reaching OPERATIONAL, and thereafter at intervals set in the +lws_ota_ops_t struct, by default every 24h. + +To minimize network load from potentially large fleets checking for updates, +each variant has at least two files in its directory in the repo. + + - a signed detached JWS containing JSON manifest information about the latest + update for the variant it relates to, with the fixed name "manifest.txt", an + example looks like this + +``` +eyJhbGciOiJFUzUxMiJ9.ewoJInZhcmlhbnQiOgkieHl6LXYxIiwKCSJwYXRoIjoJCSJ4eXotdjEtM +jAyMi0wMi0yMi0wMS5sd3NvdGEiLAoJInNpemUiOgkJMTIzNDU2NywKCSJ1bml4dGltZSI6CTE2NDU +3NjgxMDEsCgkic2hhNTEyIjoJIjk5MjYwMzNkY2UwZDE4NmM0ZTNkMzViMDM4MjU2NTYwMzFlZTQzN +jA4NDFhNGI5ZGM2ZGY5YzdkNDZhZGRlMDM3NmJhZWQ0ODk5NDhkYjEwMmQ3ZjFmMWJkODVmYTJkNDc +zOTNhZjg0YTMzZGQyNmZlZDQ5ZDZmNDBjNTJlMGQ2IiwKCSJyZXNldCI6CXRydWUKfQoK.AKbYKDcG +cV5LwKSs9_c8T3qusD_PMrC2zCQjbNvxmcvstAE6DDs6NwP6PaaW9aLO7uQ2uZtXPC_01VRFiasteX +55AXp7-flJdWOOS-_K0BJMwbb-qO62QWDV3-7rr60JUr8IQ8FTmXjJkFOzYXG1iAVevOeo4kyCNcF2 +CKsJgVnrqwFn +``` + +... the protected part above decodes to... + +```json +{ + "variant": "xyz-v1", + "path": "xyz-v1-2022-02-22-01.lwsota", + "size": 1234567, + "unixtime": 1645768101, + "sha512": "9926033dce0d186c4e3d35b03825656031ee4360841a4b9dc6df9c7d46adde0376baed489948db102d7f1f1bd85fa2d47393af84a33dd26fed49d6f40c52e0d6", + "reset": true +} +``` + +... this describes the valid update image including its sha512 hash and +expected size, and the filename on the server to fetch it from. + + - the matching, unmodified update image specified in the manifest, with + whatever signatures the SoC update or boot process requires to see applied. In + this example the update image is at the same url but file "xyz-v1-2022-02-22-01.lwsota" + +there is a separate signed, detached JWS manifest in each variant directory +(named `mainfest`) that describes the latest available update available in the +same server directory. + +By using JSON and standardized, agile signing and validation, using currently +secure crypto like SHA512 and EC P521, the information in the JWS is easily and +safely extensible. + +## Discovery of potential update vs updating + +If the downloaded manifest JWS describes an update that we want, lws tries to +advance the system state to `LWS_SYSTATE_MODAL_UPDATING`. User code can +register a notifier for system state changes that can either hook the transition +to this to indicate that the device is attempting to update, or countermand the +transition and defeat the update. If it is not allowed to reach the required +state, the update is ignored and will be retried at the next periodic check. + +## Using variant names as update epochs + +In the case that updates change data stored on devices and must be applied in +some order, for example because on-device state formats have changed and must be +upgraded, updates after the change can use a different variant name (and so a +different directory path on the update repo and variant name stored in the +firmware). + +Older devices can then update at any time, and will only see the older update +with the old variant name that brings their data to the new format, and has the +new variant name in itself, after rebooting into that and doing the local data +uplevel, it will have the new variant name and be able to see the latest updates +for that. + +One-time updates in user code should be written to occur at +`LWS_SYSTATE_ONE_TIME_UPDATES` lws_system notification state, before +OPERATIONAL, which triggers the boot update check that might otherwise occur +first. + +This method allows older devices to connect much later and still rejoin the +current updates cleanly, without needing all future updates to carry around the +code handling the data upgrade. + +## Interface to platform flash operations + +An ops struct for lws_ota operations is defined by lws, along with an enum for +the async operations it is requested to do + +typedef enum { + LWS_OTA_ASYNC_START = 1, + LWS_OTA_ASYNC_WRITE, + LWS_OTA_ASYNC_ABORT, + LWS_OTA_ASYNC_FINALIZE +} lws_ota_async_t; + +```C +typedef struct { + + /* asynchronous (completions via lws_cancel_service) */ + + int (*ota_start)(struct lws_ota *g); + /**< Creates the ota task and queues LWS_OTA_ASYNC_START on it. */ + + void (*ota_queue)(struct lws_ota *g, lws_ota_async_t a); + /**< Queue next command to OTA task (args are in g) */ + + /* synchronous */ + + int (*ota_report_current)(struct lws_ota *g, int bad); + /**< Report information to the platform code about how we feel about the + * current boot... if we can check the OTA then we report it seems in + * good shape (bad = 0), if we can identify it's brain-damaged then + * (bad = 1). What action the platform takes about these reports is up + * to the platform code */ + + int (*ota_progress)(lws_ota_ret_t state, int percent); + /**< Gets called so the platform can represent OTA progress, give + * platform a chance to choose what to do about an available update */ + + int (*ota_get_last_fw_unixtime)(uint64_t *fw_unixtime); + /**< tries to recover the newest firmware unixtime that had been + * OTA'd into fw_unixtime, updates from same or earlier unixtime are + * ignored for update purposes. */ + + int ota_periodic_check_secs; + /**< Check after this many seconds for a new update */ +} lws_ota_ops_t; +``` + +If the platform being built has a specified OTA methodology, for example as with +esp-idf, lws may provide platform implementations for + + - `lws_plat_ota_start()` + - `lws_plat_ota_queue()` + - `lws_plat_ota_report_current()` + - `lws_plat_ota_get_last_fw_unixtime()` + +that are suitable for use in the first four `lws_opta_ops_t` callbacks, either +directly or by being called through to by user implementations. + +This means platform implementations for the flashing and OTA management part +only need to be done once per platform and can be reused easily by applications. + +OTA operations on the platform are typically done in their own thread, created +at `lws_plat_ota_start()` and terminated when the `ABORT` or `FINALIZE` operations +are queued. Such an implementation can be found for esp32 in +`./lib/plat/freertos/esp32/esp32-lws_ota.c`. + +The generic lws_ota code queues async operations on the thread using the +`(*ota_queue)` op and on completion, the thread calls `lws_cancel_service()` to +synchronize the result back with the generic lws_ota code in the lws event loop +thread. So there is a clean separation between generic OTA check, download and +validation flow, and platform-specific OTA actual flashing and slot selection +etc. + +## Storing firmware state + +The firmware itself contains a public `const char *lws_ota_variant`, which is +set via cmake symbol `LWS_OTA_VARIANT`. By convention (used for the signing +and upload script) the leaf directory of the cwd is the variant string used for +the build. + +This information is used as part of the url path when checking for updates, so +only updates appropriate for the currently installed build variant can be seen. + +Part of the information signed in the manifest is the unixtime of the firmware +blob file, the last installed firmware is stored by the platform-specific OTA +op in whatever manner suits the platform, for esp32 it used `lws_settings` apis +to store them in an esp-idf key-value store in a SPI flash partition. + +Subsequently when checking for updates, the new manifest's unixtime is compared +to the last installed update's unixtime, and ignored if older or same. + +## Creation of Signing and Verification keys + +The manifest needs some unique crypto keys to be signed with, and verified by. +The JWS lws uses needs Json Web Keys or JWKs. + +Build lws with `-DLWS_WITH_JOSE=1`, make and make install, this creates some +`lws-crypo-*` examples for working with JOSE / JWK / JWS on your path. + +Produce a new 512-bit EC JWK in both private and public-only forms like this: + +```bash +$ lws-crypto-jwk -t EC --curve P-521 \ + --kid="my.org lws_ota firmware signing key v1" \ + --use="sig" \ + --key-ops='sign verify' \ + --public my-lws-ota-v1.public.jwk >my-lws-ota-v1.private.jwk +``` + +You should place both your public and private JWKs in your build user's home +directory `~/.lws_ota/`, so they are available but secure to your build user. + +You should point cmake option `-DLWS_OTA_PUBLIC_JWK_FILE="$ENV{HOME}/.lws_ota/name-of-public.jwk"` to +the public JWK, so it can be imported into your build and made available to +lws_ota so it can validate the manifest JWS with it. + +## Creating the signed manifest and uploading to the repo + +Lws includes a script to process and upload your firmware image in one step, +`./contrib/lws_ota-manifest.sh`. + +The script takes the variant name from the last part of the cwd it is executed +from. + +The script takes three arguments, the firmware image, the path to the private +JWK for signing, and the host:path to ssh the files to. Eg + +``` + $ ../../../../../contrib/lws_ota-manifest.sh \ + build/myapp.bin \ + ~/.lws_ota/my-lws-ota-v1.private.jwk \ + "libwebsockets.org:/var/www/libwebsockets.org/firmware/examples/" +``` + diff --git a/READMEs/README.lws_system.md b/READMEs/README.lws_system.md index e1a91eea4..4b0035663 100644 --- a/READMEs/README.lws_system.md +++ b/READMEs/README.lws_system.md @@ -18,6 +18,10 @@ typedef struct lws_system_ops { int (*attach)(struct lws_context *context, int tsi, lws_attach_cb_t cb, lws_system_states_t state, void *opaque, struct lws_attach_item **get); + int (*jit_trust_query)(struct lws_context *cx, const uint8_t *skid, + size_t skid_len, void *got_opaque); + lws_ota_ops_t ota_ops; + uint32_t wake_latency_us; } lws_system_ops_t; ``` @@ -26,6 +30,8 @@ typedef struct lws_system_ops { |`(*reboot)()`|Reboot the system| |`(*set_clock)()`|Set the system clock| |`(*attach)()`|Request an event loop callback from another thread context| +|`(*jit_trust_query)()`|Method for providing a trusted X.509 cert by ID (see JIT_TRUST)` +|`ota_ops`|Set of OTA-related operation implementations for platform| ### `reboot` @@ -42,6 +48,18 @@ example, for foreign threads to set up their event loop activity in their callback, and eg, exit once it is done, with their event loop activity able to continue wholly from the lws event loop thread and stack context. +### `jit_trust_query` + +JIT_TRUST handles most of the generic work in lws, but how the platform stores +and retrieves its trusted CA certs is platform-specific, and handled by the +user code for this. + +### `ota_ops` + +Device-specific operations to perform OTA flashing. + +See README.lws_ota.md / include/libwebsockets/lws_ota.h + ## Foreign thread `attach` architecture When lws is started, it should define an `lws_system_ops_t` at context creation @@ -188,6 +206,8 @@ for various steps leading up to normal operation. By default it acts in a backwards-compatible way and directly reaches the OPERATIONAL state just after the context is created. +![overview](../doc-assets/lws_system_states.png) + However other pieces of lws, and user, code may define notification handlers that get called back when the state changes incrementally, and may veto or delay the changes until work necessary for the new state has completed asynchronously. @@ -205,9 +225,12 @@ The generic states defined are: |`LWS_SYSTATE_REGISTERED`|The device has a registered identity| |`LWS_SYSTATE_AUTH1`|The device identity has produced a time-limited access token| |`LWS_SYSTATE_AUTH2`|Optional second access token for different services| +|`LWS_SYSTATE_ONE_TIME_UPDATES`|If firmware updates need to do one-time operations on data, they should do it at this point before OPERATIONAL| |`LWS_SYSTATE_OPERATIONAL`|The system is ready for user code to work normally| |`LWS_SYSTATE_POLICY_INVALID`|All connections are being dropped because policy information is changing. It will transition back to `LWS_SYSTATE_INITIALIZED` and onward to `OPERATIONAL` again afterwards with the new policy| |`LWS_SYSTATE_CONTEXT_DESTROYING`|Context is going down and smd with it| +|`LWS_SYSTATE_AWAITING_MODAL_UPDATING`|We are trying to get agreement to enter MODAL_UPDATING state| +|`LWS_SYSTATE_MODAL_UPDATING`|We are in modal update state| ### Inserting a notifier diff --git a/cmake/lws_config.h.in b/cmake/lws_config.h.in index 2bfe405aa..20992de2d 100644 --- a/cmake/lws_config.h.in +++ b/cmake/lws_config.h.in @@ -123,6 +123,8 @@ #cmakedefine LWS_ONLY_SSPC #cmakedefine LWS_OPENSSL_CLIENT_CERTS "${LWS_OPENSSL_CLIENT_CERTS}" #cmakedefine LWS_OPENSSL_SUPPORT +#cmakedefine LWS_OTA_PUBLIC_JWK "${LWS_OTA_PUBLIC_JWK}" +#cmakedefine LWS_OTA_VARIANT "${LWS_OTA_VARIANT}" #cmakedefine LWS_PLAT_OPTEE #cmakedefine LWS_PLAT_UNIX #cmakedefine LWS_PLAT_FREERTOS @@ -197,6 +199,7 @@ #cmakedefine LWS_WITH_NETLINK #cmakedefine LWS_WITH_NETWORK #cmakedefine LWS_WITH_NO_LOGS +#cmakedefine LWS_WITH_OTA #cmakedefine LWS_WITH_CACHE_NSCOOKIEJAR #cmakedefine LWS_WITH_CLIENT #cmakedefine LWS_WITHOUT_EXTENSIONS diff --git a/contrib/lws_ota-manifest.sh b/contrib/lws_ota-manifest.sh new file mode 100755 index 000000000..acca444e3 --- /dev/null +++ b/contrib/lws_ota-manifest.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +# Usage: +# +# lws-ota-manifest.sh +# +# We take various measurements of the binary update into a JSON manifest, sign the +# manifest, then gzip the image and upload both to an http server. + +# repo server base address for ssh +REPO=$3 +JWK_PRIVKEY_PATH=$2 + +# the leaf part of the build dir path is the variant name +VAR=`pwd | sed "s/.*\///g" | sed "s/\\///g"` +UT=`date +%s` +size=`stat -c %s $1` +unixtime=`stat -c %Y $1` +gzimg=$VAR-$UT.img.gz + +echo -n "{ \"variant\": \"$VAR\", \"path\": \"$gzimg\", \"size\": $size, \"unixtime\": $unixtime, \"sha512\": \"`sha512sum $1 | cut -d' ' -f1`\", \"reset\": true }" | lws-crypto-jws -s "ES512" -k $2 2>/dev/null > .manifest.jws.1 + +cp $1 .image +rm -f .image.gz +gzip .image +scp .image.gz root@$REPO$VAR/$gzimg +scp .manifest.jws.1 root@$REPO$VAR/manifest.jws + diff --git a/doc-assets/lws_ota.png b/doc-assets/lws_ota.png new file mode 100644 index 0000000000000000000000000000000000000000..aa9517b1cbcab40b3813cceb872777ecadf2d7d3 GIT binary patch literal 68028 zcmY(r1z45a8ZC?nh@f-{2nZ6=A>BwwNQ;zocS?7-NJXTSP!JFaX{5VL8bLz3OQhqz z>zsT3=l<(CdmlI87jwQb#(2jhLRDGrE*3c!3JS_y`KQwAC@84f@aGjw4EXnL!Sg-j z|2aL?aYaG7MTh+71~H|W7JTuZn~b)bhNFd>hp~$}iid{>yS0O@tEsV*IlH5a<;NWn zaugIA6nSY$P0!S=G!Jc}iR0IE=!p#WaSSqBCQoFtOk(QgV#pOotxPf_>KVvQIZN6; z%}L{Dozf>JTX7!En&Of-2cr{963KjcpUq~zdfZt|G5#_#(xk6$kO#NcW9N4@k8q#w zN~-H%!VNP^%SQV6?go^)8yXM)_el?@oR6fzG)(#UaW~Q2((*X5+pM;y_65QJ{d~Xe z*sIArhW<(3>sVUqzn=x(Kfy}b>UnQ}2mkNK%w=Nn-~D*^_P-w{MWvXY+FSqo=68yB zP5Y=G;{Uy7W^^1{V(5QA()Z|Yv)=yiCxTm+K>L3eGLL>({J#h9 zA(Jz|?DKjM1tf6VcI{U3OvoEJMp|Gk12OcnF1Q99dWb~-z> zuB)pPc(s*WX*W^y@<(m$Nd5~B5;k4UmGi#tZsX1ILV7IfC#m8A>1}Oo>Ju59#;6(o zXVxX|3yX{U2L}rmr+>2@jtA0&J-xh~R|nG69sd@DhKDb#u6FMIXvGgC`Z z&M=U|^V+;OQPjf_xrsff@drB+*41w71kdxeWU|$r*N5p{TwK2DlrdD;PK@UzWn>Iy zD<=I2xEAB%<9lp7-e=?!5fPzZ;}+4^r<9tSx_5BUGBAJ>cng;bkCar-#Dvz`+8P!H z^=Gm1ljxY38;Gc=#hwHfGc&XK`T4*%Z*UV66J?IX#lIy9tac@B5Fx;l4!7a#BJ_LV5<4ZRuCz?l(BG%TdOiWCyetx=PY-~I^IjNc@dl!Y9oBN07 zKJEVg{^Zou@F&Te@Dhiyk62lwg*|qR92}Grn4f=r@jd;OpOqC8ybH?j20sctJv~ZF z%CGv>E^(`QtX*AQ^AHbTzI>U7doFgwR5a?Tg}#1GNK70?g9)*Pe67B|zQc`~IP$gU%#rA&U`P=+(}rqn=CW@!ZR{5281N>lKJe(GyIP3-Mob}TFciHzqYoP zRMQA)6MJ7cT(@vs&jWTvL`1~ECg9=K$BWa|4Bw0WPW?Jhd~EEfgPj2uIdye{Lfs0J z?Wu~Bv$Im$33iKt)b8EJYvn9iC;~nlF#$16HggT4@B@nwu1rK&kV^9M^2S|n9~9`6 zVbIahL1?c1Dq~FIFw9ZUR#;kDp^fj}J3RaX|1njGeBex(C?_YUrr*CQv(@Ewb;)ns zxDib$_%1LIrQv)>*xt|3&=93?GFi}-0lt%*l49)WsN(A@0^5CYviRn3dwRm?IzfTH zp`qc!BH=snqA)G0N)O;cmDcgF-iVl(_UY-5e&BY%D8V1I}@m#=2mK-h$yJ17$2VUDB ze&>~1WJl{Ga+|uixVWqN-y2N+w1gGtSHFW$GqJHz$k!?)GR2{MRdlOh*2>2Yaz9`cFbF@8u=e`h;tE=mHfle!Iuz>5zotHIkf07LS z{|sfxX?|4=f-=QpGs+Yl9m%)A$jDe`GsX;6_q9TH%kST*@O0c3ePniac5eQ)+tXEq z6ckYtA!=_pTT#EkHzhflY++$xvf7pLBcHv=T!SA9tNxF-km$5@bk#n`?6_1SG@P8O zoniRY)PqoAPOr{)kza?>23?8M=g4klFax)Vf6g}qq7~lQZF}lDi?*G;y`b9~9@Nv- zsyTl;dit=guBU~?6vD4qnG?QEnm$!lW?*KHguA!2w0NHEJ>an%Sn5mR`P~?h0XNsJ zw96w_M&YsOGlFs;;<+bbYmH0~7OjGx5%xl_w#Zms6fHqIv~_m6p6nT4oo#aXUtfCE z`$v;;p(ZGVL858oC_#3Xc9++1;%wPp7WH0<_eT_mX;DnN(@ULY?AEK7kupt$Ci_`JW zOIReYixcO#eRC)<&}I|fzQu!{P_a7D+ZzStV}10Qy!;=?ZK&8EzkGSvaB-k$(f{E& zLkJhNfv>t1%quG^7!xn@)Wi1noTe)6v74YRTaD!01w@bqy{FuMIx#x>4#pj_PokaB ziDG7MzQ6L(k${Lu8gg%avV`v6#uyz9O(2!1Hw~s# z$!gQ!;F~PDH^b03$@%QMAbgQOBq%7DoSghgm8qQHN?2H!2n#(YCr4XXH&c~~lZ&gl zukQ|oUSS~{jV>jmx}0n*Wkh|wXqvD`$Iwt*cRVAH<7^%6IV~nCz!DS4&bs{$io>;` zkQ(<*0zAB?uWDK4{}MS22ZVR)o){QVK?TkB`nv+VGF;hGWnBN5S8}f1ed&H>hJmflVd7L#3jxpNfL1S7|r&$Z?`5jni|_D2+QH zAfUOm^@(bprqrufm3U-iOn?J6M_@pWt9jhmrR2NPX&hI!)^|KWE17Tr3Xu-s+un$ll*GJ`5R7e4{ zgr@LVVlgKukcs*JFmiO{fI7A|n*TgMk<)U3a$Asxiwhq>bC$*`bahmki+>Y_GE{F8 z5)yt^IU1&M_j_^pZbKSAM+q%2e_YQejJis-%qYC{;D7Y33(-kXCJ;yQ~@~0zC1rBg+S!= z*wJr>`iXh>uHTNWs;)w#RZ(l_8)|HT{dlQqY3@bcH*R8JVueYq&h8&^9Vf^2d+Z5bFeq>@S(&S^vPz zgQY(IEUK!gAci+CHtQxpJ{=bqSIgT6Ps%shSXo1-Dr`4rIMVfpM@GUPY2;v1QBeg$ zEknVCAZdZ8Uab;dgJ?V?1dB%h>FhLg#}urWKK!sZo*p@ zJI;xHHffKPQdNDcnyH3j`{9nA8Kn?pQ9>`l?Js$fv9< zF>b~9?0O%*go86FD?8qLCZRu(GWq`&3L`RyKULKprGJje7YV34pd09qQ76X6-5MXW|p7r0=Wy<%f^_53*o>ffT zYoc(hQ?t96fcJCu@R&Hi1O(9&jE=3~h7WvC?Ry3T1A_|hyHPx>uwXz*8}HpWMk7xD zt^$)Z+e>C;WrYGmDf}uL00Kpr)Qu)R$NF~o2OZ(e01M)M36ev()sWQcZ(ggP602uw zOhkY!5&&ZH*iCYxR65QnLvZZ>`$rGN4T#duJPpSBh6?x_mJgkvpShb*(;KiuePd*2 zSKf>yLJdL?n4uuUtDa3THW2#V=`549q4&o<9E&neZ>rl94sg?Kwspei}?vb z)%ug0;qRT8ah}J-9|WRMB=2dSCUbq0*^{6iC_=jX?~{^VM?_pb0NiM`sbBjl2J(NT z#8ghV+$spVFzoo@##mIIMsDKdZfYuJh%*I{Eu{>x`=q2v1k;}6?-l5wV7K)5#{kB# znxR!zR=z_ipqlI8y#Fwpo{{lZijsxX3<967-1#{?W826`eB;$w)cNtQD_~@YxrYAM z*SNQ_u!cKsCy>a=$qBiwebTV7w~wi+sxt6$COf-acJYdv&~&D#;*8_pDjpTho*lv%3S2OyId$XSZ0Pi6BF*73T0Ro2QeFdhu??c7 zF)J_6x}+0Sgx4V+KHMWRwq0%*-@1ZA%_P(VOKh#8(1jiGiLN6@`rq z006G@@hW1?Q&Z$1@7augZBFJgU4!%)ub%)A6LQYRx^XA1Rx$*G%lps@76qz?-CRQ& zeBnWSHLK6E+G7-<>SAKwM;4*B_Q{SoQEkPr@IOydN8VrK%ay?vAJKC91d_yI=1{x6n zS`@d<@n@^(AEAK;&x|8{L3#VpTVSfQ?eil0`nNeF~5YATF!(%^}$e z$7MiEW&^JMAXy67Y=^(x_Sl^@hpsMUUtmzLd;V^Fdpkxw&upbH1!c-9Sk&j}lO}UT z$tRk0Q-IuQKgI!w03(EoN`F+s3Ng1lKd-ul`2~T%tRJ#~CmhaCdjI}Q{V&Y|ZME|z zPZ!~sEnZO#dy@$rOX`7bO%@)TMIa0&|B2SE3U-_nL%Adf*UyN!)K zQsQqN?AJ@)|MkcB#w%SFPtes2e0(9Wa$jvvl{?NE3xXUcMB? z(J(*bF~>WZ{(#F0Gv=$H*TI)rCbjuI*{3=>I>e9oI1C%2KYsiudE+P(5Xl6~2g#(5(q(Zm zr+um;;Qe1U?kscu=WI~;KDjLS{HU&8$BbQgs-z@csI`e{e;11Oqp`on>%-ZjK0 zqQ`&uprEXb15NBpb~Z7^_rv+-n;{dm9i^J&ps5DJ*JJ5P+DKa&cmJs9THdFmRAo*8 zFl`cp1)IbuCYBCWa`@YGmO}S>P)f`bP0JqkuyxhjP80#?3>3e<&~SXIs)}bhkou>e ze{S^AT%A|hz+Dk`_E^`|0qcN3U@m1q>eAxwAMea8!e$Qp55hY!GRip~zLqs2_SZ}7 zUG~N`bjC}`YDnaUh8BlB*5B#u^Ia&q-bXLWn9UC z{4vRk6s4SracJl1%n@Iqc)%--2qyswhR&C%6n{iwKE|z?o}B#E@_rq#Q(0MAnHmw5 zQ~^ndQy>W)P)Lyigw;}KDZAuC#PtQxHvjOtmiX-Y6AFmv>R)-1*FSPJ?P<%p1IZY^=kzDb-^yDG1 zFLPK%kjc0}Xh7C_;!^WC%Ie4OKcd@ijOHP$p~Fm#8f@dY=lS7rarp50UE>}l=6ANY z-$}h`7oVIAU=A004lM`An~+<$>Urw)g(>ck7NB7VLFNvZTWcWux#!*|<)TcW>VF~X zem3~|0Oyl+a9}6pFc|Gv`;wb$YnnOhxp>$AY@HD>zY<`N6fRQ?xTFRA@v+shjW8%Xj^Xu!~0Q|dv z-ykVHVB@9bW#@w>c~F$f^XPy*cf%?oH6DmKK#2rYR0F`}-9r%-6}*s~#;^x=vvv0% z+#607qSXIoJI*zzr1A8&w}-(n;b);9KWLIr|V_R~;yLqG%oJp}|MJRY7h+L<~P^%4`A509-| zepkC9(F?E5s02g2^VNlyR)Kc&gkiwT4O1&%>3}#n8ZX{~BDpX>F9DGI>guX%*`;3K ztED7iCrkm@Ar>UUu!zgYslud?lLb&9`Jhfuy$;kZv;dLv^CAX3=i%nWu9tF_^gZM{ zzDrH*gU5y3v4C*xGUJAz%IWW(fS4;h=iuRq2c%?U>h<^F06ES8#6J%yfNZVpJ1UC{ zd}h`?eSM=*|NPzo)zJEG&=2jq;@IsjefBBD6sHw&1I(8?WAB>+V{CW8HMzDNOz-#E zt$$%MV@c1#5(Ujc`$84+w;DhNkImG*jl{rx3nWs4&!;>#dnOa*K~Sh;{` zSL3l;_Z!p4}r3>zqi-a z(GiYum;7x~QYR?y*P7=BjsErHJxh=r?UBUm(^VXheJsz53&Wwilz9KM;j^2RfSLy) zdM*%@Er4&(dy~3*U(1SsVnYe-Doqm`S;U>4osmq1l$5lPw-^cx5L=Bhi)SF2z;Hma zP>Z6x$>ys@E)HlLW&i;+L8!zcW}aVIXaOZj=ZDh+&;n4~PVlg?u|bZH0VD>=6rZeC>uWM_C?+dv#wYLL1mjuGNcXY(=tiTkJ6qTRP0*k%` zAqq|G83oTMNZqjWf_`U@0e_B+Q$M!CE3@by_UGr~`V8+`4wYYXM-)f^)Hh_6)*~e# z2nJwvRNE1wHCeW|HbjRe`BQP!@A}Fw#F#G(7Lrq-wFAmDpj-C{zgx~uA3j$*Ho~Z= zUMvCQ3D*o#IWo8?Dl6lG7D>m#qR1iB6D5(Oo|n!Md`SOUmFZ+XH^VJ>^5H`RIgsZ- z!+5~Pb{Evn+FGADN8QuY)3)~ZxYX3>`1ttPUKS1x(D@_M($ZpO^1r(D`vZ6Y{w^fB zdhgyn%-~O}VowznpRgxw>I6R~ESR2}TG-goHDS1X|DFie?4LeWcehNhqRs!j0NpT( zko+$4;6V^bLVp$(GF|%s?233FBH%ATb;;`2$xWG|0p&1E>hoU|=7=9Z1VGv^E-h^t z85x-`0ksD3nFO>n(DQ^=A3=S9*$ZtU7F1iP=(KV=D@#jw6cmbDS|mk9MM7DzWo2c+ zYKABxSock!<={d*uL302%^w9q@vGK@1K1~sXDFFtK2SXX4VHi|Sl9(z5MMEo)fh%s z$WaGqw7@TQ>O8qXNMhjREN&CKLoJpHKrbFNriJx&dAMP&a+(QDEh&ZEo>J7MzkMqK zBhNL6YhVmtWMjzTIw~w{FyFcf*$hf1T;?rIkqODjx&S5L-SGgF00L1EbhM$bYIIPI zF>!G_=jJj%ZeCnnm4k5^tUMB5LR`8+b47M=nB>EIB8d@5$+1ushT*S5*F}I)Vt=6> zITivf6^BwlB16m%$kdn@*Ib1yDU3uPLTIp1t@eMElaN3G)(m=U2=c=JHlEkGt+#-J z4HA9~-=h;;@e2ufJBUu!itKBh(}^$Edw>73#A}n@j(Bk&nD_R38G2(oyXgG<{DE?L z^2gnRih2gW{iDc#X^w`>3=Qq);R8|$3MpC!b|W?th-PWIN{}lJ z!VFS{z?evQtorGpM{HhRoDF9VQzyU(m=FozJU%$Qu zQ%#{|psG!yqwnFZirqK0K%#?^@TdNGmPg=Y$O9;G?NBs-H3ofu@mc+*s6dKyrNctboN?oGc?ra({i`LIf8SD@Ijst-E%IV5L??-~e zz5V?^g;le|@{^vc1NUdWR__Dkw*FO050ryJR5T4XaDH=B5r);G-iOGk84A)70WEF# zi##E~4rFhwkdMYjMn6(Gtle#h0%Qy|3&|uw6aBNj4U28BUE}sBn8s;$R&>_y_+^et zhBD+Oa&!VIJyb~yvmzK;SOfe6D#*b{qbntq>HD8|YO|Hs)+U2ty#?@pQ07BmxCdh# z97MG*G?sSAb?rLOk^zwjc;FnMa~c}Whi_{`2z(Ec^jDjAfrVoO(@|WkA)LRA;6m^%dH8arutd0YQfu>{U-qSr?^c! z?to;T2Vn;fwm6!HbVt2SPVVZ8qpNT=w<%DgQSJt5k_L*b=fw$^g@pwaLnCu@8Gtoh ze0<}|x)Zn%+`#-<1p(`0nrErDlZQ(l;-~ayD+{3x@z_NM@h5Tmz#8yfld}%EwEl_Gbo^PKEMptG6UXd1Y=Cl8WpnD za|QS76NonQqK|UdRs>a!M%Ik zrRKd>6Giu7r3HkA{{~zi2f+3^fvbhjehLlYiUmV-hu=RWp?ZVk0NI-W8re>lgTMp0 zdFr-3G{;{MHy|v~Ldym75Dt}y_5#;q$JtZ}a2JRyAW+Cw0&GOT(f>Xk`Z(A=z?wD> z;QHch^E-013#;G)J}@xVzi87!V-ucK_HA9`YW5B&fS!x#2c$K|>iYdf5y08}JS&1kHglrZIQBqS=fit291qDgV$!Wm64VmSDSF3@F0WW>P$Cn8F!^qOI6Gmdz z)0J!}09{3qb6R$G9Ef`uJQUKgB4d}@`dcb0JOH@%epbgR)RBQn%h|0X8I zGfzq0E0Py`Jocp>9Kp4b`xHf#c2 zIXm0D8mkaeaH!N=5gw|y5O+`kG$ha~VV~>jYH1%l*pI$gMH>f_mki=R5J;BYqNgH~ zAfG0S2QN8W)PCYXS2cI>Wum9nSR_n)BR8%}HHBf`{3RV%OU5BSn>xh(;l!_}W{U32DQIm^L9EheCV3V}_RT>7vN_9uZq+VoJ+{C!^37SvW z@&W0jVnnIzXVtnrpCMbeV(?<>fue&wboa*%&tvp0Gj=D+6N2Phnv&%$N^(S4yg?a( z5fYfiB$(*Ifn-g0oKVhgwi-%Y-*Lv&M!AE+fYNv~Kk)Iq@TVD`axX#wTsN6$a~}ic z8)<=*WMBt^mctw(Yv>0?273DC>X#v%1JsLM33N+KqSvh>ZIhu|6}m&UFLzfRdVl}c z_udQ$V`2$%M@ltlCxle~Y0Z}+>%WFla$;C$`5&F#NX+1H+TSoef?nKFc*>8@=0JxE08(Ofb32ks!6K9tacUP6?cO^*vF- zVj}Sm89ceG4e4mncRh<5y3M%j1&_)F6fAnUD;(NVz@5{p4e9ZTh}uB=>IdzuxBMjt0)U@E5Rgx)Ja?4CLj&KS zqMPR9?rx8+K3^pV2eH#rBig~%wx=->BDmGoRNN`#?hW|N3HMHI=nhKrOA)>sBsD$^tb#@BGG zIN{^NT=h5lpTwN7&yKbg!B%|l@tMuvIxa47AG!&RMEu}#z9yQLDgP#mI)JVyC#`6K zk@>as$;Gn-#DtQaWWDwEW7CR}$d{G1d*8PI^058wRsoV;E9FZ0?9( z(#C<$yK9aV01BmoIfL?myr))d^B5bB<*KxueL`|dzQS0duDx_kDXP5utF{iI{rMoC z<4jT2ygtb6oXQv2ja$tJ*>cEQwyMpe9MOz&osmv zAvlyQHxs0-S&F?$jNK3rSo8x`jci83_hd}Umxh5BE8QO9F!)s3V-fF@Q07nFAf_cM z)MLEGlv4bW2N!qhG=4f@WYRBEX1=x2D!#-;v^+C)pANMe6T%dcDpy@5+VT+miL0jF zP80cb)l%5cyDNwz@DCDn1D!HBkF)v^;h&M9=iz`qw-@oHx*EZOx{p8=!T%b$_D-2q zdskKUML5%_#?X1A{INXaiNu~Ob^+7^d85lHe6%1(62JZkaStaeR|*>~mfCCilsmF_ zzA3!s8@NMV70hBx3JR}$%EPEq$92Gs^h2^ux4PU({PDz|2yW~x9#)Ge;K(R^y2TJ$I1$=F{CN%entW<6HZ%0g#n*lRWN^QS849yI=sSUiXkiGhxR z_hkwuJd0y##LA~0r2nA{Bp*6k!nnYQmL{SXL=-jOMvT)v@eL;1M9;)L&-#=``H3Pk zp96hp!!65bjvsr&LyE}r;|-Oz*OtZ&GSMmDPz&UUcx@!mf6EbBpxj2dh};&4TEno9 zV!Fdfe0a0%_0gaVWoOw>QclubZjh~2@9|yO9MqM(@H+Lv>Ivh>r`6iOs+A>%g|%@V&zc>mt- zqVkXMdxd31!P$47Z0O^_2itIY@nxRr?BgYetznFQ@`~VkLd2tmz-4naLd)c3q#WY@ zS!XmYk3hAiFyTB_XnSp-c75J)@mH}s{p9?Kx{x8ds$U;3zI2dw=f=@|l%rp?dFj5UuhEW|rOhxmT6(uFc^G!ji zg0A8Bg8eOR8?`ga)mmWT$jywc|px$`z+{%l$sB!e5<{aau5B`krECTl%IUR+i^j}Y)@{HvA zxMDY^MXGeppcy`$FN^qRt*sJ}7=Ga!v{|Lz)pfDDVs6K3x_yxIyV^a`kiQ@x$A1ux zmH^|pr_XQFh6&RP@PsDK3V{o}eskt+?RS+7F|gBc`(Jp5oWtawO|QzqFFd_bALhob zAX2Ho&LQUmkQtreq6fk~0%JykLaAKko%xVAeCnU2a%P1H3CRRh^{1-%>n>Hqo9n#r z2vCQH-hO21SgNjuy)XVWZ!RW!pM--X$rZ!I&rdI0z1|y*@k(T`Joi(d7h75@93xnG ztziDUn9xKhydOb#(-j|mjgXY;6&cShl!FS~;5I9<83jF-bXjsqVW+y+4; z`Mf=s@}&OmxRwg3cv9+zCsmSio3*QTDYUS*E=zu}M10ZMg&%i&)S_~_<*|K0_gIID{unEydb^eK8-iy;BS zS8$(klsbSE3-d%H@X2~}C?e0UfSC=*ZDP$XM-5UB@aU zL{_r4#OIiedqDjXq|!9j9Hso!=) zmvLgCy-lk8!~5G$OS-FjGbaz9V39l-mAJDOfKP;&D5X-r6oPe=`dDZ`xmlZ3*NmPR z*m64e4)1!?9=m}Q$1I?1?NtmF`JZ!f!w*Uc;ThMY`{yns@nQv%+vFJbzrQ%1KZ4L+! zyaxLqdu+Vlh3P09TXY$WONfhW2AdvIJ_Nmle*F00AQLHLjK}x(Bcfc5rpF!JHvK6T z6}d2aepBX%8NVmv#WFE{z)et4*xW5o^s=F0!Cn1xFw?h04$_&x4=A3vxMci08Lwu2 zHS7#qV<>n9iW~2z)uu0OrI5zyT&#Pt{WWsmoqd@~waU|mmP~N%;Ey32#c-C1`rPo= zs7=MI*)mcYnB%~-cNr8jrUV5vNtmO<96<>rp!KN=795;2+^SNLBhmEqrr)tB)Hx}{ z-`dQ=mHSzx!O)5!rnfM-tM$@y{6bYisg-j*OX#HEF0?wODD1(8fspX=TyFK7n+=Wv zG&$z?MQ)|%x8-K`N3TQ=Q?x)cUr6Q z3j!P*j-&L%49C8){0afm-^p0S-0NeTWHyo=)E{$)&I^ZR92l3I;oK+_AxK8ZstwbX zB{*yNNoz(Z6}M4V%bzNTo9@F{-kSt-bg(Haz!?HUM&-8F)~vc(HnjnyXW`FoOR@PDGv2_u5Gf>xi5k;m8uwN67cg<8ToachIq#hK7m*ebu(6tKPtAG?+%~ zo6Nv*6&`t>_q&hcxQa+nSk4Du4XdV3B?7+gxjfx(Hw8V3O1Wj=|6$ z0=IT%TVw0CIdD>{8!|teEOZ}^&iPaa;|GIU*jb^nB(TQ$? zcP;BCcjFuWVqIzwHbQbY2hpkDrQiDo@rd!U)@nGyt8ydZ%!=Ls1-8+2w$2NrcU(mu z^vx>~iO>-AY6lz|LdP4zbisKf`Cl5}aNO4`M~;f&+(r1+Wk#Pr%f6ur98Rd48M&!( zTGqHe&C(}OQA-gbE+XGWJe29m!4PuHn6{js{UVvGh-&xlx1b35?j6gNJK+u614r8d zoTeQGw43%L(K8&Oxw(v{ow0r^i=5KVChI^R{y>|CV{rilrYp&24hBXPH6tqA=0e?4gm#yVq47th2KuODkFnYIg2B zGx_c9s&ppQSenJ^CYDLz74AZnl?qD-B1-)(ob2zTHM6s?cP9JUKcsGBU<4}+c)Ft@FnH^}zcCWH#~IB=OroOiAbY$hTE zB8v%3hE=fJhFa zn@epe{hI{E&<_{o8DKFyHD;#r(DPr9`Nq1x|5wD(V;1diPXp= z1RVqay|uQjD3wf_XvET z7`&jguQL?uu2Mz(-`>tj4>)>-TZKhAGaGh2?etNmx5YD+RXNV(*g$AeOtiC<+OgQv zfw0DdRq(~L*d*QizE*Uc}L@bc<*3_Wa?4uUq9Co{VX{RES%9aRD)QzjQ< zkHjRMiAOsB%_EaL+N9D!@4}h<#UzP14QV2A38mv6lc{z2g$r1_phx12zM#$V{rTm^ z37XnuLgHP7#^R_<-)8n{z@QwFWi5WLV#$-ffg=2X97NuubjnZ8)LcUwx6tS8@mEb* znK$d(uo>ZKBMhCnaDV>Gw?ot@DD*G5CYjYtm7N<;3-Or!&kI2C9B0eCDewmJY!a{u zIGHk+G-@010$mah^LD*bZ$h>Qu7%l3+@W?@Z9cuMYz;q$D~~Bd^pVNZ{6>LpK$N-o zEDe{uuVSq`V~qdqWw)^3x4n=6Y-VkeODh{~70J<=csLyfI``+QD;W7=Fe(LrWk=DE zvK@KU@)oskQ+pICjD-VA+~L?yA!9M}K%{OV`}2!I=nzO#5Au*1$b3@=FlrbEYd&(C z_<_&<8(RRJ_5)81QU{HWUZBS0PPs!(O$}P9j)}N}oLYpac^JtJRa4^!M#gcGiu8W` z4myCQ!QOdI?uo2<54Qqm5hkB;OdKBJUf~mTASU|hrSpH@Z!4?8;<{F)mX4ZujnK*{ zL?q^@;Asd@N)QRI;h$S6AHE; z@%xj{N~y*EyvY%FciHnOSAKQwEjO0$1yo9-jw>enfWGwUo$U!W>C*VW_(-Hv6@5u(oU~aLs zz3r~v2Ot4d5LLVAEI6hK^D&5=q4~aBptpg!2^2_a$jE)bd2kqG5yVI~7c(O;5S=W= ztAG{wAun$N*k(qcx2aQkbz^oRBJ$wK;4yZBnBYIeUfY3*C(-7Kf*Jl>G%aiGD65p3 zz%^QtH_3WmoeUl+O5^`!&%~<^W-^c{$8u*q*^069tBF{XWl4>c;mI(Pk#i zbHic1>x$QIL}fxdlCDCT(WXcT=O@6Bla)mWh6TnRsk&*+N{>&mQNrB!%$AqtbG~9? zCZ}{&$M0d{`rP6(6j1yU#hW{TKJwX}LN=PL8G;o|lpH zCBcBQt7FVqyKN~R>Q*|{H>rqaeJj*O@x7LDS+|kr#gC19CTpT8)kCaZIf|WaAEK;2 zA-sJSa5NxX*L`5$YWa@g*^3%IS;bprVTo!-Z|Qw7Q6mwkIA~_Kafog)$KtB}w$l$3 zzoGUEQ}?|ZlMfMAxw+d={l_%l01^97Zm9N>U0#%;Qw@t=8DFej>W}@zCoZSy)4dCP zpA3ax#V%tN03=PABB7-8?IfWC+s+;G#|UVE{^#5L?|XW%^MF7>W&)#rCsPhXdiEDa z%PT9$lgm(BwN|b^B7NWiSErWQF$-XdA2fXA)J7?~k)8PU`Uq32Ku01Y) zA;Z={e|bfy)LoI|edX9h=*6oNtb(2&p?H*x)dmG=5l+t=ozZu2F}c1-eHmhSKr7w; z+m~l0)Jdz+IZobGI&`b!Iv%x0YhebD?Ue(OC_ZL0x|GPX2IDyueNyd4TC_jEGv_K0 zx<&kW4qKuQ0xIf<$)&x?tufLx(o-A~NeZzQ>Wde<0oP?j`BWnA!IT{P7G>fLpH~gbk@*~nX^R!dZ660SvsZt-S}7qw-!2-!(()Th3BsJWu7bS z!Y@*RV?a6;S=Uzfhdcrwjp;lC(eY=!NyUia(%Y3HmABO&ocBg{khJ)4Ef}vUsCW;(vjQD5nNNR1^+ZanCy!#l#^pB^cf z_(Br3FY$%fBgy$C?D})CeJLh~jUOKdFA+Hr4&_Rv#TEqnKE@F37S!p==H|xw+oeWo z@|bkYCt2yM-S>blI2jiV;8_QK{AMWFC&D%&U)a&VB&4PcZQXrBcO%5rLPlTKE6q$D~UZ z)cE{}=DMX(DpAk6q2WK+^vm3Cv;Ut^F_rn&^+9-sc)`*X4XqtNcj;Ph&r3#n`s~oA z4T5o;H^k>pJqYm&eGAF!hXT9pr1B@ScsJq{m(57bOddznDolsEdAr}Yxz`G3{cR_9 z{QqjQRJ;c7sLn59j(x{*?e^}ktfS;~Gp~2%2A=8NUVZI;}oI#%ouIHWU9%-fm|4umk%xu@`(Qv_U= zFxAx5kjK{nT$O=si~9w~Y!}!rbSmxc!MPD6!iS?x4Q>8%a-Hg{a4fpKO`%!%GoZ9O z_~kxm=+Etb>!z*UU7@9B-LGxYQYo`=4y20j#&tI~#Trv5Al!6Wckw8quaGG0ZfzGN z4J*XSR*%v&>CnoP$**WPd-rK8^I9!J6o8#||!lYooY`r+4K ztddy`=LXtZLC;^h8Zq;SBU`Tg4}@||1Ry@v#pb_oJg%==n`i#zk7 z-FC8$kDcgwVzORHe|BC}Vk?xAVl@TJkf!dc@$yv*`1mG!vo}*5mS!e&xlCH9qGfq( zV&d{#aY_zfW7nPQvS1t*IdTPVjbu^zd5^NVM%(7uXcaUdq#i8q6*ZrXvIuj#({Uvo zBonE=iivsiMkUW4Ot@$mvj+JYFd&k8^2BQ?PL2#bhv1_#gBlLM7$w0cHYVmSoVym0 zNV%Kd%j_iXS?nz)f&6VPa89M+^wWE(FT)>4{4F*s1T9sQP^sJL*?EYBLb0eJ+mkcoA zz5Lc;HcqJGe43m6F#HVvqZT(o_WRx;io1zx3Fqx*40p-3Ovaw;>Q1r!ADYfPoXh@y z|60i2LI_b=*?VNW&B#u+Y_d1W-eeQ9LiQe!8Oh#c&x-7w^?P2Q@A3QN{^LG6j^zEm zuGi~1&hv53oxMEUSpn8h*3V}yr8uPO(@#EKHE&e8J3sAGoKeI3Yd<03Q7i&SwN|%mH|^ccJnd z0S6+e6#dfDUIzXGWizahG>y_CBNbB)3QE!KwTCNywnjt*1T=D)zj5^6qR=ErEN-c+ zU|-xw^k*W*JbStJce*Qi=Z5=>s&t&|B3+b$*=m+sOB%L$));ttIvU#o85tQMPD_|t z|26Y=8W%U~s*uTm(LJefc#~!M2d6;nuXjI3Dx9@Kje*X=^!M`h+EuQ^dF@}pWSu4U z=Em{0!xjm5Z)w@PgT*=d9Bxite7M-t1F>;rrWscG@hX#FE}YWZ3>av%#l6Bv_bmED zzm5cmb`XLrM5V!53hG9tQh#Z2CPSF-I?fb z3M^3n_xICQnaYUElC9D0*W-()6!>>8>)Msot}gzH5$(S$R59Tog9&P0m^HQKLTp*L zV%AI`R#VP04L2qRcT7g)OoQ9c^#9i5+H%OoTdEyT;GO>i79|_u+e|0u!XC$Fy`^Dy zNZy9S8(vnu+TOO*#LrYM*}1tJiq(icKafUE)osFfF2OB0`F&0DWvOma@A%<_Za?`m zuX!!i!?MMNe}d#SXYtY{>x&B)QtK=cpFE>|Orvhmz9S^p5uiPWNvOsWzGf7Ve?Zg- zZs7zFQ^h5_Id-lKm>x;~9m%t%PFr5~Y|tHm2`Rttl@Kg%xvaImQfq0?mdIAAVHkH= z8+8QvT{IlfRFmJKXCb$oK$9=gs5JI;^*OJhmY|xBEXHVNu}b|yEm3rXnTnpchL%w> z+2J*f#u2w<*hW&KC;qz=SvW2RmvK-IQ@A+)m zP(Zoucd6p0IFf!tzBj~%35$1}n91vy70}U6)1(a8Q(CnH3@x~_WAyY7r`|Pe|H_l* z@))=yK=+S;N*ulTW-In^pN@`G^K7Q=# zEOl?XPQ|N=@#lL~-BTOz8OPV@+iEX=2vF0UyGHz{E*;ortcL$IHDOrSYr&h znY@4@P=YGbqsco27VGbTop55*kVq@Q`--E+2BSi1e<)0L#5;kR%+%kXnm z18t4x38c-6Qumx2>2xRcC8h{3?sn4L_D|U~x*H&)F4T@=_)z>|0iO3Qb#&0`F}?+MT4=q}jsJqT;#D{&@c# z;fb4xi1QtZC#MVC9QDI}dx@+F^0H+H^}J3T@4sM(-`38bxTk$?bsq=EK^l8cf`L%w7BA_Yg9Y>c z&iu69!!hssLbUS{qA$G?wd2xOe!scQ={6r)Uf!@h6BZKs0OuFLT)=e(YO z*;y>{cfwZ4SvfE8grrcKY#s%gS z4Xu{{+a&yULu&CDE=f02zuknN!FXE1Z(H!Cb3%1V*(k#XsQvIXxA2>>?5aiX1&3gy z;EU&-G7L~GjXKj&p;tVVkc|CAM=mfZCAl$zmqC0-H7sHyY;t~Ia5Af?%m*A9>(6Esb_Zxc;3%QcMLX#xlKgs@OsX6SZMIu%6DzT*~ zfsx(&pA&+6((^ep1?bH8A3xenIKZ~^PLftEe^h(E&&I|kR`wy#)ZQm1zMiH6sW?0W z2=WQ)bdbj*=ms{2RasC=I`dLzB{zaiH#R$83=tYPy1WEnqd8yi-{q!$^VML&9T=_v9-?*r)IH9;}kIyspH z3`6LVqQImHn4S9i`j3;FaJf8!!QJPfxPBlnfaSje^q&MXurNpPcA$)8{nhvKSIwjz zB0PrU&hhsU4LO&2D~wH`GLrz9_6VPybf!s}kqA zA5WX@=nOtzQ6!@a?Nn&~R|wi3Y@&~oXfc^(3@nO0(*-2D&C4Pw@q}AcN9c$DS zR_=;I9tq|jW5j&_`<#@tg|n}S$emw2$qEh;Sg%;bS;`ZtwFEcB5Q z;jy$4N*!TQ>@=N*7__t+7qdLi(3#zbYhx&)p4$1vaME&r77MA^*Ng1_#w#k?;($}G z3dY=OMD>YyWq)OO4$wY-@!|zM4gaHt6aun??|EZI zj&ng`McnV>b!90<>7Yvhr7##8C1G9xAklXCE%PjeORq;cnFVQ2#Rx)#q4r-mdwSP$9&s;N<52pqmH4f z5EowFD&pZ)4^eSE?_f8t+ITOVa26S!2O}ZDVWoTA*#n=Gm#^b`Tgf{QmS1pPb#jzu zzRNpO2K7ME;ZU)z8JvYMRTa59HP-XmlLC$aK;a|{)r{=yqI*ol%O+QT|CWU3|dX)g&_qQNq0Soo7SRI(j>Yds+Io~|?n<_5b%?zri(&-xMX{3q8kTPG~XJm0cS z9}U7x+x9P+A0%z*)}|lH=i`O{*T|sL(dR{TFJbg(S@kKdAO^-^HTu3dYZ6!vCBUp8 z=<>H*G7ucNp=oIp;L1geIAD;82Y{#CufM>F0UwLJ)Z0T3VFUpKL*KPeo3_C;5J~c`avXp@N4ktlCmZVTu|W6K+YhrAZe{xO%}cghRf@!bpEgG+ak@)rJc;@T^ai? z*JK~Q{`;3p>b%#M#;GVbw_fv~?j-7o>G&H1gT*7(P0GQkA!KLRbRQ$ z(yI32{prrcAO3(6kjzP=XBUi5yNN>Ee)OcATub-RQK~FD4CAy&99PospC&r{3BI_A zAD(nReu>+&+)Is{3n)c+!wr5R9yPr9w4eDXHv&UYS((T^xtA;aL$bd;keuW0EZULj zT)D(kx$nzabR(|dPDQOngD|K~kxeafn2BEO-U16#KD>qSU>^)g;0{B(0~L=9Gz52X zam`@U39n-&4DU6kNTB-(1mn)i=4LP0a;3l}$RfhXR1-LD{TgOWhrg$jQtUFyPhZ_= z5}^xlL<_QKci_tjN~AOtapnon6V)@gAdGZ#bm@6hD|xd`@zrUIav~V{l>kQix{3_c z`e2+b(kzoMRLj;VVoy;Zq0t}z>H+@{rWcZV`T3&_j%GY|^Sa~tS*llOzo@}vC~j%_ zM?DGVIY`l`PTmd2HLUH_8u%Tdl!K|`xeZ032C1K)Sn;_jXkB?fJ+@l-lvVz`r|}v) z&$M@6Gj)QbvTokPYJM(5Qt{)s<#dfzlDUu&s!GT!1#ih4rxucwYWKt+KgP?>63!bn z{S$(&WF_hJ`Lu>wvzi5kM)G0n0eZ!o+}};CA!8pu{hsZ{cYb*la;W(ryID~PPn~Ok z>xW%A^NNQ@c^_JIJ^o|c4nlvt1ZTWLG2-mnqEr45sWIbzCJ!8Oyg$7Mt!$E!YPZFS zoF&j(y77gvqiM4hgz=tqn1!vAhT^5X!h2Wpl-4vgNNf6DK!I!cV~^QaVO^B1&W0(s zgczuL1MU)9Hc?#6by@S|44X5G?()2`w?_yJZfp&=oN^%@LDZ-5H} z{`F*Vm$B4Lfwe9Rq+iIZ0^L6zIk}D@ev=xbRAKQzOhv+sRQ{+TSK@-*E`n{{`$mem z^zt)2FhbSZW)6H;DzZeTeulMF6jj}n2_6v_YH4j9*p;l^mNVFv&r(sTrmI*Pc?sFAqub%?-de5TKRG4F-iYAgNuN+;kxy{ch$ zDL@a^C~6igHQ|ns&Y^kuFaVzCF!SEm+dfUKq!k;x%(OpNg7BVT*4x?}tO-25xqzXc z24&9NNfEjt10i?-YCIHkhP6tVZkE0J(gixZ-vC}{;AS;y@SgTwEgoY9J&7p~{lw-G z!tPC0V90P^Pa!CamC9r>ILT}&|I^Lt<`Mri9&;S^?-nB|F&ga)_g`@bSQPw-+Ewk( z(LF-K4tRxGK=}_%DgtDZ3oSMR6J?5^D=SQSyzcIS58kXo{}dd-@>BHYT;zaO=>ng7 zFZcbUy*)#yfa}H#8kynj1o1e`Etb~TgOZXoOSs>BRnN{=a(L*#%fsW*=+gU1D&$sF zluw9GjGN>QdwXmR3o(zP)pY@fe`=gK($!*RbvcS!qT=FA`fq_!p|dg}dQ#GQ^Ax^d zw|{@K*WTJautqPw;MKY-^vDMp=mCUb;8nVk%^Tj^8j2NwzW}e5_ z<|c3ltf$Hm19ZZS&ia=fjdG)D(u-Yn!Jl<|j}MYR@1M+@OxP+I{4O~8117uBNqN|P zSk|NhqzksPI?GK^tPPIrlraJ<@&FKUFSN9L(xZW74P*ghaFaT1&yvOUn1rsg0v@)_ z9}O|^!jaSmdtavey)d5x2b7+^(-DdxPg-br_}Xe{^Xl5C#axGvHZMH^A=EkiD13DYPX79tiN{5zE!_Rr=O-`$7(Kv!? z1M&j6%wAdidk7ly6i$YNQ#xmNp&zm*%u)4Qk zeDX0f7i|K0Y!6m}+8G~TK`hhZVt7Z%(-flV-4tTak}so z>Fyob1o;}!0pE`)vr|zEes=@5du}j{oND&0n_|OIDYo&RTku?^ySB|JMS@<$eBLd>(YJXh00?;a<4GV5YzZe%e}$V$TpGKVo>;;af@(a^Gjks{(_I z_O9>2*}-5*pW9b_!VGh*cFAhS-`ETqC81f`o7#tz&vn>R`d^poHUK}A2M|s4!orl1 z(*AHoft~#g8J&g#Sm1!funZqh)0!g_(hEQVxVKSMHcwbIwe4K3!vacZIE6m4GD{YX zXN_CNJdmQjkur-4?ol-*#=n$*ftvofDtcwhfLLohKq=oCcs$61Zsd<)XnA(OJ$?4a z96hGtG#hpJiDrw>CBj{xD!^SnS2yrGjRE2f9T+wctQ<9U<`-dlre|=G0@sBBnDW54 zoIU1)4d?o1nTRP|hKE}!nPT2Tf988ATsf%jCT#y_nwl3BOe8* zVESRgcGX&AT*&How3(r=?QBn6xUZ(LE_if+;#nxHh?!RTrcYe=!>eucVt7?SBq0G? z0Jr7PN84_;8n&4L5^?~0JcH5)Et{+V;0{12a=yoZAJ8u2B}d*ytzX`@3?I=5Q?g?a zmgrbJypTbZG;vLRU)|dyzBCf^U&ef%5Yo03z(o1 zv|4&4XY}GKb~7?U&Y-coyl#8BbU#_Y(b>}K(0YhRGmk%9^o`bVwtY_oQN zJkz!zx5Q}H8-&>^6y%uja3Nmr)YP!HHz(($b2~%}2mM}YVKs=j_)B3= z2^!f2uIH#{)uZ+ruaast#_cSH2OYiM$rV zGN3Y2>z&e&BY-0X(2~d#hcGQnzo-^U!Zn@h`LZEOm$kdUzeGbMq-2b>#+mcF6@!^c zg9?2FZw?g$f4PThSbdSBz5kkkwlYubFz!$ynQ0Tx+2LDkF?lZFZV@OooKhT)>k4}A zYsB(&mQ1ceZ3YIQ9Zc?j4Q>k>6Zb2AQUsuj*B4|s#-iE6eWv`N~dAfNMl(VAEIW6lKs7zJ)75r zM?9c`j#gVF#FnHsu@nIH=(1(EBwGV9b5vcgdo7XQPn*q+fmM#F2 z+`%MKJG&*tm>_}|^c8k+B)HbG=gn}~B5@1Q1O>w=0gsGK+gQ=}hL^WDR0Y9ny&L~I z**&L}+CGokT5<0=SUp_}`5i|^3?XjPW1Cx9$%B5^vgYSL+|Qb(%1NMNJb(fa zuqF58jbAX;C_A4Su*{an=#RI&AEv!kbun<=oM0h$QweqVEM)NRA$HTsp6z&#FyLpocj~Rb{fUA5^%$?7;vOa!5>ijoYDZt;mH9)m;(BeBDl|i&u$zUcoHd% zkY^vjFC!6*V-F86$7Umps^Q;+Xul>3G+0zdOB_J5tp$k+AQl3O*)lM!Ko$UR6X2I3 z!R8135x{D_YWO{qzNH`1a^1s1@*F^&2_3`PGfy*OilAeFaDc~u7Wq1j))e01Z(|=x*jG)@u3-&c6A|qH^gRL-^>dXKEv144tSW z^)RUy`RvM?_T>VZVvA?_LHGjYHqfUY0xS)gV=Ns1T_3BtJ%X)+#c}sox}eNyd3XR< zWpd6REWE>@GtBVVD74JPoK0zEWZ>sdfee{p(B47g|5B0j+|Ga}4bkxW3ty?cwdP|Yp^M!Ppwq?x+DEhAvfG3MA7&&-@f;prmHQ8F zpI%{^tmi;ovHFiG2=Mekb6_MZGBq(Ncl@OU=NB$)E#?2l$>l{*38zBswCiVM`eJk} zpcSZYt6*I>gSdp>eGDT1oU!f2j#|Gut#*shq$}Own9n>WxV|{R1pyjTm%IL*_2C?+ zDG!^jwV{Bw1i|gp)M`l-jT>@>)hPzHqf(^(ta=Yx3}fJ1AU_OjsFsv7=3GWx?jeu8x%TFTd6&{1cU^D@8tQMH`GG6KzZ17I3nM4{L|_&QJ7#xTEeDUUF(Qt zO%vSK2xjH)g^=ErJNRQ*v@!bZo)`KfEXjh|D z3ybl0n49NYQ#h0OoEf760@NHFN}tNc%H@rfY$`o}ehUWT5lNHj+#RgZ6xb4vlrwZo zqK8d5RGvS7BTvGnQGB5ZbX1`GO@z^hf>4JLnjAQZDxu{kAi)F(0HVnJKW3ZW_8Fq3 z0Fwet#7COjbkjd(JgWclHaPtBmF=xshvz@vDd7s-`h67h5`~O^nTh_^d(Oq6>P$)6 zEO^+!=@$W~uEyte;BmIW*V_u!gS<8F-MdS@Pg`=Kx2@Y{)-DX$AkngG+Cv31WLPaQ}NSP*f67-wM>w-nXQ zNggRF`2jX~QL4{BwgE_8I&x!WbrmJq-o>SJc$g|hLC!EMXlhDwe;>nQnD*_^&@-a2 zjnE5tOGV&O;)0Q_PFGVbpbv`bEBBwNyx0-rh4Xj36$n}G`#q1~&dN4TQ)4uRp9o)D zO?zVj3gxWU?kZuD|=9^Sw;n}4=y-s zO1Q|Kp)(XYTP1{=i)9AZjBrvLTwR=vXGnYC6)O2TulJE5jU(U^r>NaylA^C8UrFdU z^58HOJ;=0nzJbX1{QYjGqZUdArRzrNls#f#Ng>IPJH0w`NAcQiLqqo~qdSvDjFlqbJk3Ef*Fg9DI>{&nY6MfuB+2J(~t+WEK$S z;r53p3t+}@`}A)>9Rv|OCFysz>C_n2BYkb57pJTQ`W~DE8nhc@z|hh2+~NjpNw4q@ ztjC$P%HP5RmoLPs)D#VWedu1QtQL3LxkrEFE>OpRJD&{quv6B z)h{IO!0-rkdYMOi;YBp?i%{!e6~V=IfZhWPJc}@NC{1h_@0v4)ZV#^L z4!H5)jMMz@LvlaRT6E7tGoJF~k|!l}YAv zE^ckfd3fLi29l#<{RR?;$kI~xe~SIIP)4u!U)nnr>zscE{u`iVNPsD&m*Y+5EI(HdqCAG8JolxMUdoK5H}sYU>R zmMX!+4q!GUET!J-j00jm5-$Pc33#O;V7S2vAq608bWF@DjI!$oa71xmrB-1S&miDq zc;2fFJDkm|@>CH>B^lt|8_r<3(hVc0Q((rH1+RHGXT7vC*R3H^s)>ocb*|J}7;ZrH zq?7ekbVBEK{sfg{79UScF7!LI+K{fM48#!SaSz?Q4lt! zs}OHN^R7@UEQqxL#o92h%@CJDCzCy0_3QSZKm3VX85yitVR<1dtf8YqnRnDyC zviS*P`4_UvgRo$P=AiIJH?e4oK(fN?T-CcgJRFe20w28#%IYc+Tu?N$bc0JPE1|)` zoH#gg@SdXj1G(^Bc9|CjX3f1w)Ob05i24E^m6f%P)i&!Ffjbj$zG*isTPdXreR~_c zIa(D?Ve_(K<=0Axg2p~5LpdF2c#`~OMy8v2!*9h-{sunSQ-xF?d8W@rx1c1160jdp z#X`msj4|t+zSh<8(n&`wrkG_^H2%5{hVsiZ9z@LS0JVZ}9OfB-W}ZQ%cNdF!;g0}Z zhifAQn-T5z9FC5L?<=W(BV-I>Nqz&)=K?j=_ za5%dCN_Vxa$y&b@cfMN;c?EIr-y4O>4qPo0UOgeuI>va}$c@q7--chP_O1uZp%5!l zFIa(b?N`S+N=#RNWmE5S9TF)+c%;Bw`T~fRUsuk?KefKwoY#hPp=tjI6Uj^ezCPWn zla>~XiN0tY%6I=M4FEO$6%kPZOex!-j&Q+3rK6$225Aw?7gy?~u|h2vyFGgzLk+KQ z!MKjW-JJr zp7Z_fBv7jRRl!J=V0t>#oZI3amVg2Sopdu1Cqsnv6ONR-eFV8YuOAXT0mr3kAteq@ zhMNa>Yj-!A@>6AN8#~caxNJ@yz;z2_hx!2dW2gt+FOMcGs+dGCTK>hm?419FujvyAe|8R}FkH3wMCX~FS1Mc#}Cr{D~3gqh>1@Nge!{Bv+xt!_Q ze*fQ{0XD6ssim*Q(O(M7^?K zE71#PGZT@_UXS8wF1KeHB<$Gs#`iJ38fX)F*S~grkBy$&OEyJZIq+@4>mvHu+Zu2J zfcNW#|IynrzMf=*+CfH!&~b@PTl>ia_QkDqzi4GxKc(>T6Mu9V=$O~@hg3ugidzm1 zH*!=ExuSV|w#G~>NHdh82&c6f2?#eFwo*w2N^VjF-hVpS6;NyG+IuVp!`5izx#55n zp@V}Yqgd8+B!C7^VYMZ9gff@ueVp3Ovhzp%BZOdS)47`%&qrvC-%F~aIAy$-rmW{1T0dnLM>nDp>!@cWQvW| zOcrpy?e1Bww*b_O)LRlUgk56~`2%Lku9iEDSuSlYx8wZRf`t zJmY*A6zCSW3GV9t$H4z21(F(o7^sq^QV7i>Kn>|dMCOg2djKcucxPd-+^~b{J8$w# zn>9~T`Dy(tU>!yR>NGDYH!1&7cl$Mc+Z)k%(DUWc6B?40E!Idwotc=#$-@jF>+NN4~SbBHo^i-|ZMzAX<+U1d` ze#gI~rLm%4VsFYt;bI#|{}NGFMhcf3gQ8bxv@*~P`A{;vDshjG<=(&NkcATE!ADj| zCFuM{k58JUkgwDa(WB)2{AZAYINDef@&Fn+91hMv{$2R%WlARYH_JTXvAhKrDjeG1 z2L>KNiL<(jRav?J`0;a4CQIx0}wUfzfiev~YWU_w4CzBpwvz zCxi~p8oOi0J{Mol?zLE-#)wA%C`xohE@o$E5mYDuDT{WSVAfRbvZb>p{{|(3 z@-eN}2?xR5Lv;VFIWfjHn1Ufo$pqFl$Ynr^_XtYCiAoz7qC!?*wvMEK!si#DIa9T} zILOEpU#yTf;D{|@eLy3aZq+c|nU`07G^SE&@+r1#{K4S&yv)9YjP%BMK2ezGz-7t_ zO(@W8fpJKx_0@|XK}7uTKY+d?fdZg*qE+?8%^u$Xl_D>^hCfUX$2^1Hz$LQc{+X%H(UH1OCo$^ zWIpwrh#!^@GBEXZcMsHUeE8$8wY7ST7NBsH4*{P~c@ir<5aU$H8RrJ!Ad#latnw>SIKP9SL8Bbkl(*7YMZh886 zRrTw6CFR!)3kC1J20@n;AkRI3M$4&Ty&r;ekaaI$F)N^?hD<@E;+3Q1eY5yX zfr>(x4GFrY(aG;E%8=!^owBbOVq!xj6u{e&!#Lc+M8gTWe54%aty-A!@#DQuiq{!Y zuUuemqALICkF62Q`@#T(C=d5RwUqB308bg!gG?-q1sHE@X znVXwC+xRx!_v#<9*`{Fjfdh;C`{96JXOgHBHs8lWSL7ny*M1NKNDV|)P#4ETOO`lQ zHu|R?Vuc~0#QJA-4*@Y?;d9`xhu$~Y*lC)ZV^Ww_tE+e!BVe^zen-Z7g1l|fmX_mCKc|oy zYv(S-6)hx%@;k2YLhP01Pa~vZXfxrcfTTGTB=Zw`ngOT@Ur*!$EKGie!bfqReEiF7eTt1K*2O}_BVJRUg z$qZi)ps^t5rA?5tcXrN$>^BexO@{fV>Xex7%)j8WScU{R26*Y4{%zcgmwO3K)JV1z z3K`k*oS1qc+3CKcoDYm)sqcuSlz&l(>^{PItwA` zgDM^#JlN#AcHyQxY11{E=(kXvKB~}BM@ZAn)KSxNtB=jOyYc0WZ}jxDAYl26i}ywk z1O=~4F^WO;@G-+ogj2uXIq4!#RM((uR#wmJ6Pd)n1aC)=2OJ57j*0*WK+K000T1FJXQI_A>d*6 znX3a&02P~{?Ew*coi$w8PfTjy(mE$GzYhOb9E2f$%O=KOy=zH#_L& zuG5x3C$IZ`oM=yMMizdEY7KrhIb|r8enIAr2`JoA5X%$*U-zL&oH&dqL4kRk82~L{ z1b~Kz{}?9dFd-GY^26GmLj#=y{%z1@r7I!f;RqU%CL6YE-ZLc*0KJ85MHa)xm%1mw z%I}3b^9+tSmM26o(1(dRXs#jMQy?L#42;;W+Z-^shFO%Uy_zN?ae*2Rm!(>!%T_Az zdhd)`vVgjBZFk8W#udmhF+8jZ_Xa&dXgpLCD6D!4lC-hQzs=3|nr}kD#s}!^K|?H2 z)V!Sl1KC(P`mwT|o&=^zW>S6$k^ip+n2D4oba9bWWAt=z{I)Us>I)9!i9CAaPzfss z>Sn#%=6Ja~{i$a#n^1zV*)W|Fc;_+csjTe9F6I{D5`|f4P|lb0+5Lt)fvEErzxhyX zUMA@K3T$rCeQ16lhrizB8=t;es^8nAGVpn@!_DI-^VL7kYnJg{Z;1fUkI!jA(j1Ta%7GbmacFG zB*S`4r;^Kb7=}f1zif(});lZKxhxzC`!1~}6C(^v&B7lOy{+QBxTun))@wpX!wvJ+ z_kxKFP`Wz8pNdNkH%6QGN~u_v=-9o8sipi48vO{A8XxWkB_40J<~gJPgW(D4H^bGZpo|;^m&>4p|KFj6L(PyY0$ zN`D2mML1bn)bgw#U7#G2LsVyMtgVruSDthA+ck!~&oD4ZhE~O`K=g}M6||&LDmey=&uH3F^gOYz&d@-~_j-WHsQ5p^dm{Iv?%&AI-nKtJ294sqxc|gE z{n!R%(6ZI$ZQM<3EFQ-}B-Y-r4D}78Z=>+Kxc|-yW)$8*RCFMv7FQGIRRF)VKHELR zaq5`(D0u!szt`GRxK9=8(VPL_vi)kv>08JlSscoeI6a;9=OK1Y*|0tS5EIi1u|3@& zEe#wtuO4e9i$nx~LzXo#b^+RVY>$cT!)&VWAa8vB_BMU(U`=< zE|7=;Y@C*tH~QU8nL`hLxPl_?4g0_DCo4y@)H{)`khiw3^!?Wy~F-9`Vwl(0~3 zcfVH|LO^kWClS}5cEV}g^>}2|k?+kS7tE^o;rxO#A8d(Tf2VU)9$SY*Dw?eQU?Cz& zZ0c}zs5IMOH8kfEAi|)4-Uk+mMW)w%Dbes2C~0XCf=~&9no>+fYDrjb!fu%ufLV@5 zmW*OzKGw6RxTya4XlNi_9; z8Del%^y202aW9K}!x#OC-nEiwr3Xp!r*CX2yf%|~G!+$Ca}PegIo^t{zSpJE2@2=` zh3#zVLlPrcXPei$9hi^-k{4)a^J*c4Vh0gXN|(K&0>KRPt47c>{wr)JjsXEJP@-=6 zx4o65MZiL3V}$Jc&-t#dsAJMLzYo)a2+kp1qhv7q`Ir}-eU8eHhN{T3lZ9h0^BBnm zA5ZPCP8|NheUd6lox_%+Z%9ue7&e*1G;D2P1xgk}SoS4kxI)nN=C#75VEDhh^Sgya zH#a)=4hjwqREow;OUoO`QWT`&BAu=lhK$(ULiU^21 zKoYhftdfAB@{NlN@bZ?xB%E=1t~}c0j$&x2co$=zj;)+^rj|1I<1?El_g$T;>A0%# z(QrP%zGOW&&lK`G;840@J?{nM<}!AJXOED{^2cYuX%~UV#@_J-Y+NCnjw3>vu(VVO zV&MDYl#j)7hL<)sBQ=VCec7qa8V&v8lBe316D`siMHy^9$r=LS+}}>9&{DJAi;#-$ ziMnx1V5G{7!pMkV*z(BDy`j=#)CXp$&Kva*-f0DGz4-MNrQDdKI;nbv1;o3%3$c$S z@?_ObR{tD*)id$xuC6?>#o}dbq4hOWY|xd`ZLWH%1V`5z)79sqRFtd1j{LD432`3^ zehWEZ{)OO#!rexoyFpo3lxG=+czj{SY1y=Rkrhm}40SY9jU_uA&S1ct{9R+$1@$L{ zR3oJ)=z>^WBuv5C1B)k$dl0XN2eQNufz0JjR&|Gi>d8T5xdpF-8sc!c3gv zPGrDgfRcFdkeGxWi6q}m+GC7NqZKXOY&7DdDNM%4jA2|)Xh$U8KBpI^X+E*$nZCMA zHi?T-y6J|~P!=9;!XYSFWxAeTCj?TYp4?CWDjd5Xa&QU{ZJ10=6~y)mzLppxPbI$- zdiUzSC{OZSOQgiZpqF&Ggd{F^Lpxgw<2vr*kVWO*c@nfqGdlE&*7_MpETE*~ioO*b z9PD^~c~W=ACpLVFP4oD`!H=eS#;eblKB|_D=e|!gf-ncZdn8=k)t78CGJ4)e>Qo-T zX`p6Bw$;cg`0C&0q+z}tWQMo9fn3@hu1*9v4vk?q%$BmVX+enq$XXzBJy% z=_(n}!-fr;14Du=XBb{ESfS`NSXViMp5yg3 z6&~JOkSMCFt3!bUDE!i&2D%Rk2ncIk5)@Lsg6+r9w@u+F&sOVVA_7-wcw~A4P_BsjIs|!IgT-JQ7lSb%>0=aJCL${xh zT%IUl)g~=nE_%^+y;B8!i@qq!^#76*L2S2v1POgMFu-u`P+j9Cgzy?9IoA-hEXaHV zNvD8_6<`=u)Yg8guTM@*C6Bt#{|6FIa!-+Fi~JITpsA?KujC&KYzS z?CbN&&Sqt|)}m%)8ZS^A=i{3~p~XUl5$#>r2@U5U^CE^co~@knax7QZM~sZ0p-eXJ zico1f7>I^lJPx&pvXT-zr&&~ccfLIyh;ot6?u(05if0qbLjv}d?%>#%nEw4Hag?+^RY0^K~8*4(4 zRwL0dm%0_Yfqo@y!`DRjesZCqwVQ&VpcLQM2$yp3*U;Vq8E1RsWCpgex!VktPfjq* zmk1Q4r0&$#*0Pk=!L*g37q;_YYpDNstKlX{H^3|gs6*@H9q7o`fQk5kg{8l#&w#BQ zG~jx;)uDB`qSSRLKnu&(c5(f6$57UMvO<)a zdU{Sd3I^s{ZZ2Q8s&Qg^Izj1kzrMw`i`zkzE zR%cR*lUy)AZGzYdO{?bb+!sXUm+A|n%cL3S;H=R$(O{ci+CH^ zVh^%_fec}J2&DW%)o4A<0V}|e(9kw>uKi9zE zDuth)u#`Ys9o60rYV^uKqur#Qo>rL%JslER5}FhEuu}GK|3#o%mc$0mkPYP`saH^x3LztG*NS^tCI$vDD9tOqKubv}l9&j#4-=TMf#k6Io&h8kAR;G_70j8R!5ZNwr2!;F z?#pYede6eJE%w<32KC=3-V6+uXgXpkU75Hr2>==}%ThvGTI23+Jb2@2-eHI1n0 zrAy}wmix*NE8Bnm#If3BhR)1yN=ewv>fYhpjfsVukzlYG8VF_472L#>8nae|E+CPg5}tZFIY>APlx zZ4d}YPo#Ic)Ky;49b%4~IuQ_Z+B*R)<-Ap6r03wM>^HW+MFy#`p$30b^3j!!5sXn4Zx#oAEn$g;20{L5b0=&UQZKfk zaY4AG$T}UF+r#JwLO7_sc5l3_wYIQ-V+dOOw;#XnfU*H1hjp-U1j96nateO`5NTfj z%>N1Xx|Fi8Py~z0!*~w2@fI@@4h~c38{(W>#?dwUm*XFFwkS}PSQaj$vCx;OJGyyw zNYc`zEDfn{HG8{n)v-`6>{0amW}9k?hE5j-=I9ufnKnUi7C{BF3d*V5i$GOHGVHfT zgf>1=prKLh@5_B3AmPxqwT-e~@FDVV`+j!N10^Aw#fSkM2zTz}X=!U`Pg0auy`Uu! zQ&HiER@el%le$gGat;nWbkc`yChtxbu2W|0sDtIy6+Jwtlb_k+b&NAjk=?Z0|M{R#L9+5 z+z%=$x}~l@ZeoV{)dnB`)>PvWTTjol!iRhF%Z~c;tollihRTlK>u5x!@}FFU=J8aa7>^$;V4g9*_D1%kF3x5Byhiv$?VkG6%~clNZ#GPU;C=6*7Qm8B8rvI z^rXWv9oV*dDq-AIXSLtJ0wbnxV7+x)^g}}=wm)@!VMng@@+GgO%hM-MvT}28%XF`! zp&`L%-Y0XDpXS0r_6rRoVpf#R8_{@lOIS$A4XUlOl-*B}k;IR3&6@QKh!u zAL_sE>)V<6OI(9okoALYb*a`vX@DyoL2E^xS#6^UEtlBmd$uB$=g0 zGF1NJ>1X|+>=V%3T7zgSZp>N@HMQ!^hvSO8DBk~0Z;C&CVPwRRl_hexwK;gQu=8sq zkIUl_FCw+75+hbNU)0d3j_JQB{`v5CI zhy3Ye22yT4tI_Fb^%GP0z<2Mh_qh_gp*Y|4bReAWa9q4`sYNP~T5JCAP1RBcOdA=&_;CN_*9S?O8_9fj)V|-6_P>3}NyRS3LM3dLxeRmM#pSyL z_KYff?V9{L?le(~juw3?YrW&{*a^-+Rwa`71n#GvH`?7VLDLgds01nrd0Kg_mT?`zfb zy)~N=OPMeD9#!hO(3*w^(V$Jw?>x z?pFq0vZ5vgPdr)EO&9X2iZgwm%748=@ipVsOZK1$jx%yUiB50g*koOHtP1`5;d@oA zqkUy9O!n=Wx&55aYxnv}9Cw}Gbao8*HSKfg{oK1XC_V6Pa2lH}RyDr6#pgU_-_rR2 zjqc_@w6?Z;km%kE%)*K7FLxjj8uotfz#KyndvY;tmYHWZc+GARZrk{wyxbt_e#0{# zpC>QtsMcd;);Vl`qJL7N^cyypq{W9=`Txc?$eWsUzYjj87j3x>Cruz`p+XABeF_Rl zEj#|crYcEGmLq)xQl50Z<_oQceb%q%wxS@NO<(Fb$GbP>pGuBRPY-$b{zlY<*+NK1Kj2~q!RBI!79`siF`mQ9*$+we1#$)oDhKt>jg=6dt_Z#G()-pEGHe*~VVW-})ojO*A4`iH8?I_maZ~ zHT7}^NUr@amH_Txn{z5*Y1ji7A7`92EUNAERu%#;t; zUrZCvPDcMIj!uzQj-H+D%sehDHF7As(q)CmGowU^kM;eP9*mZ|pOXFF>aGmw@pAu* ztCmWBQ+IaP)n&y<3Dt+yHUtlU@o(2e)gyE#=U>qQ;nw`#_XXwYGcQ+YzE%pLpf}17 zURB1vXCx++I5%wXthBrGmt%Rzs4Wj>B_>=fV4ZzJl+&_?q zB@thD)GHYLrr)^r?jG9%JTo&vBjZt6YjOZb3(lYA-v!SezJrcY^T&^kr>R$08O$$v zZZ+saY#!870D21;Hh)%F{V_W`?C)Q3Di3p1#2l%^ZLuw9!XeDV z!?^x*N=ZdU`F-5$m=9wV%1`+-s4%Rp^S-Y+JK$(i8(3Hpt*$r3q%KQ1ynjj_`C(Vg zcdykyt-P8@Pm^?Vg41KtA09vt5MB0DnS;)K%hnprP&KEx*yVmro$nVaV~&*XMFq;| z8e?MyX46wwM!pw!9C|m$n+W$E9~YI|N9RMlJ5?Fmszltx0N5fJH;ZjdhNk_JIaQaS`K(jXuu0@4lA-Q6G!64D{10&kt~ zd+*&b9QTd^cX-Y}_Fj9fIe#Y|cA_%1NRsyt$fvMtu69bx`u^>OKw*22vwE z9GF2;Xfjj6*xnJSQ@+N!wm!k{Oz$t`rIb0g4U?1gJ-aA)V1Q*nK>X_Ml@lwe;`Oeb z36k64-Hdblyu#QOB(OGz&F!0O?N5it*u(4O4pM$Ae2vW3;qpWoCUE zU$S32I#s}SYIAdV`}o&MSbI(ULd(+8qaB;~5$f+*mCoq$t}ZAx1FJi}+bX?g{w$nz z-uU;&L*Z-sm>3BIoiq2-eF7bRn;XHDo@jq1!3(oni<$iFM)4UN5lv_RZ{k^^`2-bq z6y>{^5Dq;y7E@8dF`OZy3@YS?+&A+~JyZKHB|w_KaByvNKUtw0p&MNdCVu;_SvYPV z3_k%V44*&m3=X_}`%XBpPeU?+DW1udjjrpRndL>!*G}Z(Y5cf+hMF3tqM}Jg0^Lqi z8qDA$gMyNp);k)7&s6i{H8ixtd0n|XH>)m#)~wBg+%xv|UsA5U2i_F#&EcU)d3-)nCiFs1KjuoXFKXlbqfG>d?P6R25W zlK&vEO;$~fCraoYkP!Zb=(Bdr&nJwIrZ4z3q<40L<_fcKn3bBh_QT{Psfz$yR_q54 z7#0>OFwl>v1qEjp^3cR`zlWq3qYxabh3@n-= zqxYy6s1XwG#*VU;^GLGI`hBr7Q5AM34+~%6SUIAUf2>j<6l&BX;%>gy`0&HI<%c7HH5U89c?J5~sy8d6V7!BbS72Wz_?>N!b77#4bD{LRC{YOHD`B z&^}O!K`Jkfiij*m78{;PSTU7`b1v_h8NbeMA1fy>|GxiA6x8myt0Bjru1GyxK#XU> z{6H3E^&fxck!=cIOM2(l2Agy1!>@Q4{2Mu6i8k1IzVi0OqTMF}m2^bpGpd91JKw+8 z&eCQ?XAHd0X5gTz0{NT&FVv8uxz+cy#5GHH;Ta6%EeMZxLP7#X`ZyvB9^n^x(#Y_< z`I35ins<2eyd|x@U7Yp2ZkF%6044#_Uq3O?yARRr&`xkU&d&XO_m{u;^BGgKVMZgV zebB?}IaqH<=Cxir6Zrg&Drq2kz}(EjBK3akh7*RA)CN>jY(CzIozm>~W&)e!Apla5 z$@!g-t91jRgi1_wf~2j!k>@!@3ZIam+~LZ2UlYiX(HIC*5YBgdqJPfMdKMSMdVBv6 z&zNycDbZMDY3RZwlgudqK1WQPdQd_Fnvzn$UGSzOLm&IyemEFT6MditLO&8O<%ObX zuH}}?>p~iJv@(wjmQv_E4?PYk4wEuuMnMhypvYp&-imp@Vm+2l*$yeoxDigbobop=FC-;m(vaFEd z*n?lgnrl1q?y$K*Zlf5@MhvaV&$^^gVvh14hmW^?W6Y!{sa<+}KG2d^Q^Q+br66OV zgaM4OurOd5G9keTq!|d}QfSSXq7cl-G~BsmlWdWVo{($1boED}NTIiV!X8Bu$i!1Y z!OSH8_EOSaT;8X@dj6^qx;=pg4ewMnG=hqYBlwZ+%*})4>AagmarTE^9HQrdN9M1( zK`|X|XDXZt%YARH_x6eqV*s$F0A?htvn$7W;F&~uMa4>z5su@EAS6QzP6nn7FB26y77g4XyElt?aA}D&p&(^@TbqeF*s1GiwTb`T9<`BoIToB2 zyx$8&_kI2RBFPK~Cs=LuAv7z&%tR}odujh;R{wTzHM0$uT%<0{V?ysBEJbiSPW^B0 z@y|pEZS^Hi+LC;t+yS8H@ zC!m8NT&Lx&Y{V`P0~tOsv5cpuXI_XkoRJQj|FR<9T|lTHa^wB{{In>YAxhAhS)StH z;6RZ>yZ8$A-JR^Q54y$82VdH1&Zo(Rxv+UJ#J#0Bv zN9K@`*W3?`PfsiROU1Lc%SLt0&0!0yrfDDEe>vB)WsaYbv}ks9Rm3%HnS*>ZmL(K< zbAH`Nvzei+uf%n$ucBjbSSy`p`}_N+-x{XlyXs?g8#&%ScD`|2L(Qh0b3tJpa!Guj zUGfcjUU!S*@W_ADh)YjjT16_fZ_iOGascJ?BC^)2ShSxgTe!mxcY`tqP^tXJpO}6B z>@S)5d?o0ina-2XsHMZ}7b%WcC+3h}Ded9G59wkHjy)6riU3ZkBr0> z6hI7v^Oy}9Gnt6U12EQr{-51mp9KEpd~Qb#LuoQ*tw9DJp8L$qXpWB7mw!Cp{&5k6 zMFP=2h>!1DY0LU|^YNZXXm9(a=6E7 zx8s!)4hR>`ri;d)*BJZxvlNtX*47@89~D`M%HOUQlVAsYX{f9eGB;27APM_o$t@W> z*r#ufe+f*F)qki+3XP3gCWY^JX1ec1d}S>oa984eX7ztSsAL zZCcZxy(Bd^C>;Q!$(YkSEOIQ3;eP{tpFpsDA5T z(fl^OUuYn6cXqO5<|K34m5zZS6fiG<7zl>UApm^1#XTl@k81nhzkhg}!xS%dbaHfX z4OobhIrVFo1hA780$N%aEJx_UA@r2k?`^PpGU!Y zlkw*IkW!_P`_5g@)iqOP^PChILBP4N%M4Et&2o^WYv8$WU%l%xVk-*4+3%`zmSfR( z$0{$kmXx}d(n@4&{G!r}fpgH-85Vea?6}_QPx9vs%Xos`M2(;E+r65anPvC+nHgec z+j~lB%oe?(c|0?Rgmyh452)R5@^6ZCZi!QC4ZE$lfD-AxYGf&=kiRnFs<=UqS0VFy zefELveEJ=<=~@FQ13?rA=<5SR)a|0O-yUN{*peBWn|r+F@C1=%xR-w)(HK)HQ=9YORs>d&S5&52Z2t%h z4ZR245UAr_RY79)=-*eO8%**e^q4;wYmJr~-447W@T+ScuS@G?US5k01>JF?vqyb?MR#I8$4@V zydh+fpvM9~T2CatTlh!b}q6W05;H_XmJiW!+^CPn1xhveMhIepc$^_8wmr#uvK+Rc|4L2$y{z(S`%u$| zHVIZX%L7B0WYfo?%k(4$Ta^;?8u+=w0stQm39xW=1s0-}AJWXXG#u$n*%LYVnG~BI zheNCSX_9)*RMqZBsUURbV3caDh%uKy?<5hT$}4|(m)O8xnLERi>ndOzi2FN_{mdVkcwZ~0>yAyo#z6Ygv)Q7XmI>CuAEWq{VOR8LQcDUb42}}A?PgJFOX!Pnw zVf9JIRsqNQ=%yZ#)tVPMK_MZg9LXS*m4b&Bz$|UXE3gQFJQT;$(vn&_YIP;604-C|gi1#-+5;3m`1ssifu7U|XbeoBBfKax``;w=aI&F$^*mjT744fkf zVuViRouN*Ia%-_Ip}P9){+n{f=apT}S{!ZT6(Pd!^Pyz8(Q*%U@|h(p7?Wu3+4ihL?)ZTl>4!(!2RLuUuo^x>om$tBJW*voSjD&7x6L z|8e}KMv6te)ZRmR8{TG2%g!Fx**Pd3l`xPaOKa-+`)$|Q7^qCMhv-L;^7HxKJ@{$x z!oC$0w9Ia75}oc8Elhxqq-AGs%KxW|p!!ict?wB-#-sdgkD3C`< zoixBkf<2TXa1ZUw_weyUmmcfbLvA8Qxkci$hm^HB$HRpZ zDcZY?Kk*FT^9+(3KYd1~jCr#);GW15iSQjkLNXL?A9Hf(fWrc^{PlwaB`CzCq@*-7 zHM3M0%PMRd^ml&#>@;v&>;l=_l+_iqwsjyO5^z3tp+*sjpJ1R2pI`y53}j?HhS;&k zUVH5FFJF=sGvI}}U#^DgEewM+Gnw0#2!IZ3;01tP64csb?+$y^m4&A43u{ZHv&U4k ztxNJmgA^=UmzwcZ);G_IQ9De>cH^Eh7iLzBV`}CQdN$ojQvxTY6brklwN7Ag@ZEe{ zcAja?**Q(qH|kTYVRw| zS$UZx3to)6p-ppPwU+jp>Fbx}1r>d-KNs1J{yH;DB%&b-tgL?K_JB+=zaG<|CY{5T z&?$_-P0!0k8Wk;JgGAs|Ov6REwW7M34&Z2)m+m0c0%#0^GVrQJnU}pbsv#|m4xj(s zDv6ZlvwMs5aTuDxn8Cp)bze3tm|y18;l8J?Z+ymWIxxH#5)zyhQb!WsqLb4cadorrnVK z-|g9%E%0O?6D)sMJ^1%;;P7YCxiL(*5pNjqd4WBkmJe`TD;R-8@e1CsNblccGS3R8 zjQT*F*bhgY$xZ=Fn7ct-A?~9`b0zy#p+J$Gfap7@h}xj#Po`MFtDpBwxf8~tF|o1Z z+qzRrTcwpK^|)590`lRd-bSQ6-z7S3nDaG^n58}6$a_dh;TTYRjXkn2Kq^!UBM$mi z{ZXlL%A^@xf1UTRtvm+WDKv4i(J$$KCM17tQp#}tZ?l@uAJ;aLPsg@hduj0|b)PZU+F8xHl|8dD z3K{0n!g<8e$>IwYaoYh>AwF&aC;6qk;}h-onbGpVI~_h?2dXsLr)(Qj!88;GR*oj)!`fj+*~lE?8AD# z&=H28B&#s^wV>cG^yEUYF}kd{R#%LNV2H~=PoLHIE-tRJ?y&h03~Yrrhsa>)At?QN z;_&up_5CMdgSSB-(E z^9Br)hN)v@-ERX&zT4iA-~H{_T3Vyw-os*K_r{Et_7$7&$I?13Pr6-^$PRI;)d@H0 zwO>ox_Tu^RU(^z)h$7_V?W1gP*R($UHW= zy~)L28FGY?`)NB|owCh$NR)?9a2}I~l{yeTPIu*fa{prMPajuj_uZ_q+1J({*Pha; z>$#X^;CVHBJbxb()8@ipG~rW1QT3~W>32fbaNp18iS`n-ylb|_Pz(e=O+WwqW=r{G zKP)ilyT?hlzSxQ^Rl@P`O`2p5{mT0GV1pY=j(oQHu#D}M$rYyIe06Zd+%G{sp4d2R zxyDN0duruD4-T87-onnNu$?I>L7}@!JwAs8>XyKvbR%dX?M>FyTPr}+1dN}BfgWo* z`Dx5f$lK4ZIvlG@r&p3%pCC~Z=TUHK6Dk5G_x{gsldBVeL#K_T!$|@b90_r86j(?A zRhp-`pIO+|E6dHEeirP9mIH{b=zZS$E* z8nUyCmz2h#;cy~BP@jW?r9kwJjr8)RR3XP*-q@8DW3Ag$Zj0-6I-GxkM3xLDtqe{9 z#4-3O#0wglzdSDDwACh<`9Yy~)07(iv7S$N<*?WUAe11ua0Y1QIz&G}!U8NG9Y21M zx?OZD9>aHEg?Wt`;5?wt0Sn1&i?0Z1FKnwC3kt%)w^|97My(?4v8ALeDVVV!5OYH* z+(Q;hK>C{4iI$cC)&CX1eGy7cNzvj_CCJ_(i@!Uo z!-R2hOyixuf@<|t-T3tw2ChWpk$}szI2{YipkOS(IF(IIR`2gJTpF1|2LKHH9~d&c zW6#KVj~suX$p;FFODze(H8J#4p|#d&#-XOAHFY2y+2o}RqkP%5 zweb%ho6Uwf`fT;kVq+_2oBrMbY9Xz#aN6vwXM)YW(9OK1gT_-OkQxr8aF-r0IFDSv z2`m(Vt1n?gBFvw;lag%^8+9tyqUR~ros#R1k*JHn+u>aFlSByy)X3rp|J*D=`{ye zAA&GRI2GNqH2re9h4#QzlB+Z$@n5K8+DLtKq%B_iD!(vWbe z_D+*XC7Eia&;QF99){1zLGbk zrp~{2x1u5=V-K6>mwT-qW#&rH+evunef?_2X{CY==849}&-q0fr*oDspz8_)DYm!9 z4=XLBvMSVux+DJ%QruBeddDYF^KTJoAlYzliVT}l05V5FnbD$bUB;jItbr0M7!7~3 zYz{w`Fg7;E+O>KZCTa1EWqbC1T45nG;9x17 zHwUf9-Ejg)wo42e5SvJp;E61aVj-9rp*w&C{Es63Rt^$uNhzsg(8E@MKbt7y1pxbI z484jM|NbC{OnNwES2wNQmj;cS)sgI<2PEQyzZh$7yfN9v3Tso4QBNIRt7Wo~%D+1! zCn_;ODs}QezHnz3nu`A32XrjYv&a3JZ8QzEr%Qwj8pv8{o-er0{CChTZu3c>eJg1D zv$NAEhsIA!ym~Ac8PTw$Fd4( zZ0w5%CR5W6rGL&cwaYHI!|AsH0hF?w2l4cX5=0*;mhkP55jVVJ_zigtu}PV&gvKj+ zx{?;&()Z_7x1Qc~U~xf!o)OlsXTqIOlLL<#yh4ExOa&_@khL-+qH@q*$Hcc7 zpY72ahUW(Q`hW|#@6dcj55&Yja0Vu3t-qI%?z8ajkVdevGfCzUOPan(U=CI09-4ek zypiu>`0%#fc`!F=Bz!3tJixgJ4k)~s!Y_0!06&FjpCIU8F#MzUo!LD@7?BWvfb$gx zyhAo1cT00T0HrNr?hA9OPP?&5QUqZc2Ec#k^^Z!40dBQQ)6M4HNdkrHak=B(tj|Xq zR}SfHyc`Z}uX_$f#Sw3vn7X>Pf~&N?h*9HK4ByYg92j`R_`DWI)9GKR?_uA4B(63{ z`n)t9yQoR7E=I^|hzgWFyfs5N0$Eyx2!5^=7d24?KO_udc1``#&Y!Y@1_JXPo(N07 z(jLvjBuN(2Xl0~>8XSoB91q9(FhF>an4ZQF^)H;GVjvthqVuzyGF?jrc8qK%Tg#J$ zH~V2jL*4UZVcV0mU-8(pQ6yrX(6c_rGGci3MGaroy5P9V&8$or$sC*#3CrV|~>^v4XI?!5_4h@}9@*Ab#7KJikc=vdz$vfzdPA zg((p=2WD`9RB4Oo0up7&pS!A%Ut>E;gB$j=RO>Yr3_-)j9{t|5)@+!?Zf^c7CMYNf z2R=%KhZ7e!asx$8U45>}ix)-@|B>;21T@;aw3V-Fzg$n{2KxIEr2NgBzm%dm0hN~c zef><5#r7%hi6W!`3$(JeC8n+Yu(|mFdcJU5OQZw7B7qkwVSHR35067u zw%3a5FT%`%ue|V4f9b|+?miihimGZG2-n_C^(-1z=@!rZzOm^AHPl8@It>+Ti0_RN zBd5ceefd}u_tF&~(W?<$miI@fryLOa1!EEj-P}Z?12iT`8Nf^ffg;UJS=#_N1(f2F zWKb0|ZbX+L08GIA{AJ*G%}tU@;ndH~pDOzL0rdspJ1I^s0^Ibk!BRt%-4`T@LZ6LN zt{tv#ADA?uWo-u}xu};GCnRV#aGt&zP>gGnmzU?b(EZ-fVC4E1P2A=O zWMjZS#mKU+;b+d4!k3)5u(!N+TESSv=wMoJ$C1nzqkE|M>61}uX7jFi(_2$Dv8F&T zB^``;vdafGKO<*NCb?B?pN>DmpAsOo&o=2UPyOf!5JAW+2oTSD!cQ0MvRluQhT)Y% z2s5)U1@a+RXjI~megNa>?>}Z$4Gk2-N|{?8U#8tVytxNk>Hjz%sHwpaF$7UI2tXX< zjkD-fe4S`=n+b=h9+<;15E-z}*4Cp>+FD8)^`%r*gZck5C%trZbF;xif0{tVVk8{6 zKOY5c+3PKK-rDb~7KQwv=>yk@bZ7vxA9NM~mDN=_B0K`Dt!gomCqRxn01Q} zIaKVpC`$cU4(P4N-bZ3crs}aOFEH`b875-OD+y4(oY-(nB@k*%YQUSLI&mcanu>wJ z2)!3lq=7v0Z`bG+#TWuo7Cg4nW{#}{LI70N@j&D&?4bw;-B8JEOUptN2VWCh*=!Hq=hox5rq@?Voci=k}=~jnBG}YSv{^EI{{Szpr z*Z&Ub0mN}->zN3fWgjcZ&qxGEgN=Q$1Q!WrwO@|yDr#u`>g}Dz%lJya=`HNjEUb_w z9F^Y@ata0V6W}+zeJcuSJfKs9Eg9V8-Tm_4*`Wda%f%?;fAb6xeIQ_BguoBq>Bf(P zIqlwKcRz4#yY1Xk$DTW9?K2-lmSv@SqABT#5iFGK>Kg9tT%bKerM!k%;~u7hua7 ziX`T{p6@mF*-K( z&xq&EPpGK;0cv&(y~&!nS5psTWF=v&g?PyzpX}efg>yq4`vMoTR)=t4{c{&f5&;*h z{g5dY4NTUw7x_PQ86B%C4i>nUBUdU^EXaY9m}FOym8hktcwZpxAVeYSnpa&_b?jTu z)314y;gg(Jd%+{`)qHSta-=kDUG)e1Tg^DW@IH$9(4{e1N3i{yPiHF09d=PZpMRIG zz~O|l2?r!x%in0-pMey+WA5tD@93ulm0r`cX^YVfeTc-teEFACkU-K`_T^jt0pLe^zY_GSvb%SAbWuXUoLjcZ-aS zgf~?2T=ghG6#@xbHf~C^CKDkJjzJvmcO6D1CeY#dxHP+2F$($QQ{~kBv9UD?&TA3^ z3SqHfXq#E5T5hJSrb&%qg%Y#zbdm3;S`%|~=y`U*_dowKW(8Jx3ixCQ#1gNkTL}hK zN}F)LKu`(cohleWkWxM61+J4YxX=dd;;2m<8kjQ8(K`)b} zR&DBPuj^zb%(?G+(cUwboYgG$ALd?gu!fSu0|)7Q=k0yEy-Xh-j`d8WhBf`+To56# zmAdAV{E*79F7bzh{@VkwlE(|2;v`-*l^Pu1EuUngdW}t#W8K+dr9~EhnhjEvv}MC* z_batud46!6;DJW$CK6##Tp!7@acA{8JCh>!72!s8jwmip;inRR4Sz?7C z-U)-Q>q@hOu!VdJo5cfiX>UWGk6Ky_{O$zGH90iPp_HCc$?+A_PZw7~w>V-m+^7dJL3|R$a7{Oyc0+d^) ziTD^HAt8_b>KR0hiWrlC$ti6q7o?xV!#KrSwl%~%xv95Oou=%V!E5!u%on+k6Lk$7 z%oa3%KpvDoWCXlC3Jb3vHAg0DjrpoAEOhch{Z9zzbMHG*_Rv<(;WqlWPW8F?joh=r zt)ZqCwW5O7k-5k`hqTCGjgJk*6mn>F-o)=oz&`Rvt<`IdXeV@HnI z$M+lmAnleCeETNOLS&RcqzJlKzXnci3K{yitSKHXrX=~C#_LHYt>Rl=c2-QT1I2-o zHF<6^439?dk?ZdU>?pp_Hfaf7euUoSfsmWP)4k6za&07$rE&zf{uoLzkV$lcjp;>` zVvOvh(ABgeufd=qzA-m;K}qAKO9=4m5GQ*vanhejetM@hxD-;FdTaS(*7;*LY;exC z4K}Ba2?No1@(+>E;{{BolS$ev?cL*eUN4!olv_|?k@Iwwt^@_BS~aw260}Y@e?V{yUSt%GLYk!0Md1ko}~*$LR=1%M~mAA z@NC-K{K6>{2-9Y<0E~De*ef5VVp`Xwsl9V}{uIq)ftWq4SJ;Ga>Tzn0zEXKXY}FT( z@t2t8HDzWBDwKCU{~oWl39*n0e~db8&IsSJ@f6@c?OT0M;cJ@q_#6Y}8w{s|LTdIa zr&URtMGUC&9XZz^zXe>$5N-in7F9JhaTsAkY_5!q45&4LrqMP%od|OckUD@X9bP#a zq6iFZY%bf__W;X6xY>F4w4wU&fVMXj0c;SD*JASb*sW_|AOfaL2@n^+2JjY7jAZ-z zUz;K06vnQ|29kTe$mL}7%%00r z==uJoe|x|D(o##{(qp0M4_zR#Twh;NNXWfwX{#ssfo(EelF3ZXMbi^p4UZT9J-Qh_ z&}L@oWqC$j`;W={5GNzJ0wE6tx~_W<zW>~htxvKN7_X9(yKq=|e2X&?$QF)=h1 zfldPpBVdfms;i|Sqi}aOqR$LYe!yB#<|2)(Tc`rA0ho%(`h@kB0pWcGVUrL_mDfPTS>+>};^C6WM+x2Y3)6E(elm!t6U1aKJu{i{SC6``%ooTGUsh+TVO!;Ib?Zq1iOZr&5=J ziE`cb`FyYuP8WJk`>n%aV@CnYGT#k<;QLuJNy#pux2bxA3!AJ%38zWPIa(jdb#zm5 z5gVcl!Noc792}Dpgx3c z2V<=u9+Bq){t0$a9Hik^`1y(E9Q7~MrQ1o8L;4Hr3@}PCt8J#nJtX)4Js?Qla7vRm zS(cMk=<4nL0O>?OjJ1fB@kvPwZkx4=bvK+MU){I0wT1r-h9DFp?_;zFj|E%d6@rum zb-?z(X($v>pg^cZ+|!nuKTt$o20-46=A}MFm}*1xBD@{hAg&_xxlRgRke)$sd!IbX ztjMEzawLD!&w`u#_3O4XAH0uwN@+~QmODpBZ>9eu$tnzTb_-H%YP&>xFhPkm`5qaP zxg6{0NgW{f3_KCY!2FW*fg`IDc?fCU49_nIGcA0YrR@LP{~?6l35r9@W}))M5LYRk*VE^r{PLQ)!rM!&3& zb~TE16M*x?3Bfg7F~?=s53%A|BG9;&W62*GEO|$uysOlxy6M9{yl^s zX=BNBrH`(COYRPO`~y(an*yN-;#btIb__m3q<}w@X2B8gBcRtzPEJ92L9NM1;KAgE zcE?Z)f=^Da{v|Lxx6;nB6Z|y?X@$j3P1EoUCbOBeXGa9LC;Ez7^WD30+WJX2>qX9` zyE9Wdf1!fQ6~3|rZUf@UXcaZk z(9PGtT$5i(5G$Pe@;_js{OH{#HI!Wl7@qJo!VSxSAla3`2g0LL@5QrCIt*nMo?Yw; z<1=ypdyjY1fTU|R_61D@@>heait2o>1(K8N+x_5sku;)3wVsN>1&4gATzK*o00q`g zT8g>-4=IU7ryXt)0&4gBu=a!+xZ?1FIiK(8KxQiN)LwyVg)l`POM^)#N_Q-Qw{#LO ztF*NA<}VqqJ>c-el9P4n3=u?Xn4F$~Q8_bQF(AWD?C^ZF%%aY)R)IEmr-;N94|#i` zjx&PjSwY!jOXct-hFdL^=MP?$=$k>;qYex@s*syPpM?8Lmi}8&KTX@c;g%Vw6shZUY``IZ8RZ|NvPCqUk+|h zMqztMbo4_6Jqd0TcfeJ`)S98u070rt^9qX09QxeDcj`gd=?x;o345usu6 zMoJIt|IH_VK`}6V?I`%)pxN*3C!S!$wi|BxL3k=fi zfI{_z`^q}?s}!>?hOS&&zvSstI_?)fT88}oXE0khfs7xhI8VjmD`XD}+#+~$JOE_5x-L^!10AFUw6fQC>Y zw7**gg&BBEaw5uWHVK7a`MwICx>HNecF&G8Wf3yd7cshK14@Gy7O8uPKu(yUGVN{B zs|dm%3~mK!p&!|PI38@lDUfUe_1sV`86l!#3+e~qkmY|~) zex9v!&RcrW4HXYyy(`5_OUJAb8S(J$(ZE@`KJuN`==42r8_myY67K(%l&)Nd`q|HA z!cvFe{U%hnAYh~K|57_RI6!!#>Z zzVj8eMie_5X%_jTD90$Ndpst?{WuQu5dz`ICyrrTP6rG82xB{-_h#3os(9-Wb zE`sJ6yrP|RbICAWAo5CwwP$EYv&g6=CAe~jv&xq{aFBtIEA4?ugS^E@A)i8@r!zNk zkPU-Kdji}@;MNyzyV+6=BJ^ht`v^sR z6r%)7lz8RwC<$M%l7=;MhD?v}m(y2ibAJw|O}7xQWW6ghQ$je%qPON4(2KT0_5BkD zV8o1$iHR6JFms_~YcP5Ej`L~gJeV!}!jE$v^4#Oru|p`a7-KUp!#4-u)ORUGKpO-d zD8&047?l=LUd|54Lgv~U(-CHfkd9+G$Hk|RUi5Uc8a?7MG{lw7DOgixMeA3`h={o7O8G9HHzjblx92t24IhEeNdC>5c#->!DDCOeuUPi%+sMzYW;`$-ZEUU*=o@Y(N z-2HDP>d$>|Y+Y4yQqq1{3t(6CjOnR^#xis*phO?>7Po_W*QeCfQz#$AnW?92xIxWD z1-lrmcujay75@H~{O^7$|EQkt@)NsNX}J-q`ay88F!qq*{#cam?~vfOiQ3C}g6|&q zKRf(%0`8@7W>;&UL-yY1M(bx4)HF3h4PK?5);c3R09aWGZF&X4BuAk zjQJZ}z%2bdo3?W>HB{YyEgy&0A64iZSGhk4Y6$dyvoVAb-t_@D>^~$r<{> zvqw^yJ!+c)!*iG_vV*ZiyjUm*efqRx0=GyXD4fh%MaH9hT8 z_s7ajO`eC$w%t@xSgZ- z_4#sociR6KN$Dkg^N-W}hJUiO^smQ?=;bCEK)w&JGQ3fieIMx6v_?~vIWu_wW9PEH zi;P@<{piudM;Odn+r#;W6gStzPI~wAa{9Dy2j=-2s&du0+LP*;;U>u^zJRte8em5u zj!;ff5vcbQh^kj@>*vA2Fsz)P1U(Q#5prSgPtd*utQi%v4DlRh1na~s%#;w9A9P2M zZ1#5{f#7ht#pw3>#bKj*7^eqDOg8>YdQn9e)uNenfm{=+EsJbDY8GTzNg<&VI86Nr zs%lLgrXVjUSApBZ$z#6&Fd}pSdl|2`U-8Y+R=6ugs71MLyA#kbq^)&?oskGty^Tmw z$RXvN=y@5ZNcy9E^{>T$lp?XdIONdODp4rC=VIyvZLZ+(LU7*zxMN(yn&-{p6=^$3UZ~Bi)G)qm>B3+&zBa&v4h=Bot59NsVtNA!6c5$o zXj-fw-+@l$c!l{(Bv3;@`9lkeOgP&>KosQ5%CIJFy_o6jyaVbnNCpHdb|-ANP@Jj3 zw!YQ>dQ%ROHaL{Zi@c~FJQ{H@$KHXx=66rDWbq|YJ)?H0}8UJ-im{Z>N9SE zzb4P>gWP6hdUPSPOFv$OiI9>Kkzojv75s$@BkKR_@UogE^XIyU zJ*{IsMI-iOLCZXchUh_`Pjc-HbPvs#rb&y+`Uu7|!d|1o(nce#6L?)ePr zI?&6Osr(HF4rv9H&yg9g9fR zit#_PJU!Bda#U7>fSNaL9jNUct4Ah_;BKJT);2RXi4k+R;^PqxXe}UsblhHOv#I85 z=r?;O!$2VECC5gknucZ+j2D@ivGO&-73jU}r8HCpuQa&KdZPt}#_#k?bH-VGRu+o- zAy+(5t(F;KoRb}4B_v5)&2djROHbG?tmF$DSue6=)NrNyZz1DVre_w=u_O7red0V=Egv?mxY+9WKyurh<9?O)pyf z`TFO(fXK})*LBm6yE&u$0XL8>LPCr6`F#f?oS%feQpqHaZ6SZ!@= zu1xW3R4#d2GLd#I2iGgIOa-#^F+1q%cR5quvR87Y+v>4xHf z@%Ri0sAw;tvkHgw;YuNP_83^Vx8@CFXzA%IK&@9}Hzy7anDQPs=oZaZ!50X~e$A8W zOCfqFe5*R~LZhYB(^W-CRn*EFV}E|vsS-)x9lXnz$1-J=fmp;VQ6ereC1_a2H{Ofq zT@h5&;z@ThUXG+kzu+z=Vl}dX9KL7y%PT%|z7!k%%*j8~2cUUzbbLHEPpgq=-ci^O zecwSiJ0X#<86&ma8rB@$4g_SSEksbmfNs9l0iS{*Qn$DpVsD|yhG!#Oh!?2&h~6al zY~VzowPTAVcQEoGn67T?iw2YRd@g^_h09l)gbJZSZr}G{o885BDD={;a8>k5;TlYR znKQNXMVr?lkImCck#vgr`=rn4Y^BTYH5KYT9H!&5t)bK&(7VPu{DrPuZ}@_WEI$;K z9qU12Nt^hEiq3^Y8QBl!%*Igo*U*`Z;5rlaYWhN3Z)w}OAl$rSivap~+WS$a+ zbfa>IwWPEYB5m04_UCI6iNDZQh1FV;g$Od&KnDi@fCNAhj<%0@?e+aN{XpHn20C%X zQOLZck?_v+se~g6Tn+g{68fLzYm2;h zyvZwxWh%EyeP6nGgUS>(fDua>)k3Xjh?CU8)H+0JxqErR=EfTbE{ zgR*oq{Cz3+9uzno8gf(9=zmk^{ghZ-van`!>5l*O(nZHT$ah<02a!25Q1toX5;#!8E#Q&<98+p zxRu?ot1H*qFK!=s65sG0Q{HosjI*)7qgyuIn_JNNAFhz6@oW1wSdV`}6dfG7P+VRH zK(hy|{RrZ^=1C#$H^z4dvx73PGm6cpKA9}h(p#1r|I!3BKT|?tb?RZo#)xtE{R_m( zOh=^qMo$2jm{?X@n*<<)U5{Jf7NQvZXaT(gX89)A6o5JQ^eXX=+rdH~Sa`6iIoJt+ zHT@ifeDIBlzAuBm06sKGtRMoo2O6gE%|%XKg@m$?e>X^S}EJxK4}s_Yl*HExfy zv$G*Z&|);R$7C1EV(<`s(<~$s6BC2hR9t*Kuue1qdRYsaTT@v6{(&;tlg^;jPzbVS zI=oSsAwLNoOn?V{h={-f-VqUqM1b~zuzRuUfA@pw3ql4^L3aqEvC|#%UbU1@d5SEROaaWObWu`}GC-wi#k;X(v zlYO`C_gVpOcnN;wIi4bfP5MV>mxs(|ag)+hm^E~|~&$!|JKf)7y)VSUPb;uM( z&K3u2%%AxRE9H7M3Usap-uTQpMPbm`9?wlmYwHj_^OU6Cp6W_KoI7kLznPYTu;jpd zUbo7s%?}y1|J)Q)v~UW@l#!{adj5Yc;q8I$gRC5kytsfi0B-1s+QZ6gd#rU(xPta` z_3+Th%KQm*ADC|cF5eyvbH{q#B?!;EeMe1;_tv=*I68qmZwiqd83|@&m9%0WmOkOu zlvenUMn|Xn+Z4c+U0;7nv7jQdX6II?jx%4`{vFm$N#@$kf9!TL3sj}HxA*o8wu*o=s! zVqswcMHD|Y5g=+^&_o_?Ck$Gmyw{(D+!66R=KTaVGbKZi0fD@D&+>oyv|r%|0P!S7 zbQ$3!h6?qWEDRvD%Z!ncz|i*;T9}(~U-DpRFqp!P^c zakU){wqvjr-h)-b61tGsl)|53QOCto3upPoAgico4ua7?88AaA;N>7-6U zXQ^4s$qlf+H7d0DczHXQ@LsQBGKo;x5I_+UPOd^|Ab7p{?PcrRd%% za0&zldy2!~+nWoKz#J1ZOG{38GN|WQXJ==R;7q?c?*r~K)1H=h`=sy=AgBV9B?e>= znhlReHyG9-@>#EWrv*F;!hg1DK>n=qbsuGWj~+s=VjZq3if9>xD1r&Ho{LT2vH%2I zK7r}cC0CtdkJ8rm+%Dtwy?+ClZMSTDX)Pq@!$#O7?$JJ|H#uHW>s7YCG2Oyq8mHlm zG2i=}G}N4qG5&1~F;ljo09Ae+hBl*K?-5#U$oE#Mv{(&sR|Yx7AWV1oeg5%njbwl& z;Um-?hyX57)qFE-su#9?3x`~YMaE8$*R;wn)n}cNafd@^ASi4F1| zkqkB#;j2MUryG`HI5x({#2~u$xw*Npc^X6HJFKxzb>y#KzlNR->h^z%8Hi975;8Iv zFf9tsmm0MU1FYzqS`KC=zK!`CPDBImI!=G8Kr@-&*&?|cmoYsk=ngd6I>BOE=X$|< zb3&p~f+k`vBKNV0@UKJYI4?^)EWh};xNT>W-n}7a3wVf$C@V`_sD=1|Ch>%snHW6)W?FpX)Mr^>K+yzb^M?7a5$BcHAXOZ~0MH z^31KdPJjDGALJSt%EoX2Lg`Y{fsGAPEJ$+Hbd105$$|T<15Q3Emh;f(!W05#zCYMt zk0FhFTm7k1*vF6bFyZs{^=-aB*CS%l7KJeajL~1i{N`&;4k6zrnM0!(H0mK*1kwP; zY8{LOT((u(U+D?r;<8#*f60seA*KA@I^&W_Mn^{rz6^qEYYMLnqE7LU5AQN%XG-`#<$d=*)_vH1iHJKZo9t0S zWkptI_D)hMqeO+wNOe<)NLE$|U6l|DWsj^-_9_`!QQ0F2&+)mR=lfTDub=MM>+V(8 z^%>{;JdfizkAvFG%Mdc}QQv}LI?EZ}$7v@8qCiKiW=v~oOL9B-GmJ!qt_z{hB zqIxGmf{KHMG_(ophsfmQWFw~70!lkT3)~SIunUZt+SN8Rq!Mv?9i^^WiE`w`1de=% zpMCkL>9>^f;$jk=3$iWt9N|<57`4lniHl6gxk1+Rq^_weMx&TZ(~G5=L!5JK@I7m^ ziY;_>1TK%~sG=)JnS6nf!#6^BP_t5{v%{TDaz-wVZv64@ECs^{6e`z~i`jw$i(~4S zc}~)KT^VhOJnND-c}y3D{QBRx39*_p8~6lUyjl1eD~%u`DbiqO!2_njk;FTB^q8+=%)HXBkka zGw)ngZ-2u45)u|x`|)Eq2rns+zZe7R@j?(^o$zUZIrKoqP0lu<`$Oe7SdVRW*WxQKjnEWo0dR`>HOv+nxejLP4P<;vdPtBTzs$k{XSPg_j~VRm7pCh$)x zB`w#bhxWSu0qDE=1O(K1JpJMmX!)~_f2;HGdE{e05q=?tJpuyKR=cN~#2BT< z?8jdm6XVxUyD!bb$=QiWDgM-V6xPZegbGz$t|_H?Zq?B3r^i2Uo=J8g4t>R!AO$DeR-dBp;B+}43mr-+N6N?@9vs+cJ9Wey$g|H zu)XiC3lG|f14Z`T5JzKR2Q}sjRWAhE^?iNu;Gk`AS+NkdybiW?Y4kRBPKjOzfkRNP zBI}-F<=T(7v>oWFYq3)nsHTd;Z(A}AQ6$0uVxeTrk2U~yWK;H&gArwQQxkRZ8N;p3 z4G6x`K}7-5NA*NjnQq8GE87O)us?x;4TQPBE~%!vI?epV?f(A$mK3Gal|ARs8Y}u( zk_9zjhY^BlvJ%d`Go%}C4-5_JzgmdQb;c&V=;B};bG%gWq~nElYYVSIW>!g)5@l6y zZyYF~(S%S=a%(Y3DXCBoXS$N4fUU!4KgHa+d26xl%%;LxpZnD6Sw6qY7Z)n*2F|o3 zNLJADv~=t`l;G3OW56;|zmF-Dzm$@xz?=m-283=r)E2}dAg7QsZw}Or`L+~jJnZnx z2t3aZN)(}^M`UGL0@X~;kNx~m>-{fkC-dh|&$B&#_C?~=d30l`zgvcSNMg(Fzzg9@ zXD;pXKhLCBB1eaLeY>nP{rD{%Gar%flpSu0_3g^N9kD8Wb)sf%!k+apwPhL=*^mA8 z;hYU2dqnym4cG>XJq;&Moy95QZLoPCgj$B+_>Y}M7ZJ3F7uxz@nOo+mH^PWIps~tf zDYQEKLSdc&C9ze&&dwg6kT5m0k1^!#h2}@&oNo~#2Kn9n>})Z8eeR*(7z&T$zAjuH zDsYV6Tn8Bbz4G?!g5OXMsgg{w4E9i4ch!Clkj)Q)tLTPt9G{p|6(w5gDqy(V&b~@n z3Q5XJ=whSP(;K+@Gek$P`h8D|eIQr9WmsV3uHKBA?S~juHWi?aiECUwH9THjTgyax zJ*REz+Bo{+L(tG{=hxo7A%a`M?~>lI(`9(joh-b}vRM(Q?XlV-E1vw~bk_HE^=FdL z`+D>#gj`Y;eWG9!OLjEr@xYnhZ^TX`Lg6USg98v^If>W*34Y+(!VBueQM7Oi2~o;4 z=<*SIoPbS?6OA1e+S$!MFHg@Zdrk+@GtBSwo-M1-;WZlg8h*{S;FzdPU6*;7hN-MS zsXJ6#_chUyJ4)Oe&x-GdtUK=Xf_&K+DldOf+9 z%*M(Jtc>mLS(7SHb(OR2GwBUDgAe_EEJbr*r~w@>2W#E~moypH~FN+-Sz8Se`z$N;lEVd!tufCqrx0s_l2P^}N%g z$_QKC*Cb`}=aLNM7TW>b7dd~`1)YvbRRpsg*u6K-Uy(#b<2+)_E{%1i*UyawF@+K4 z?|)K*|6#8|eAUSiDPPa|YpY|g6)AG`MG{MTSNUYcDJb<02=X897iE?-le$&vO1AA< zV!%aip994}pq&a!x)}8RS)*U343YsGXx@g3FgD zs&|%Xr%4Q!;#LK`P&5E&Co(WWW4uQj6e@FIFBT5~;sBu_`1thnh0n&8r<7JMqdhSX znKWaS+6lZ;>L?QWp zt+6p}lT44O+5ttg$v~kV-slVGFC@dTf-AGYKGy${h1<+mgZ-OTZd&w~fr!0RM^2s& zh$=$V1%C@5=nnzdQN_9l4MV~06H0#6>!;;;l|%laHb0-dmCL`byqYwn(HW_5q_NS$ z_OitLu12;!nK4V*4La`!y+_&B`p5i6slH8jSAY4Eq$11uD{^VQb#J`nI$2T?#g2!O zncsfQ=8nFdk==8=$M(&1UmZIp$`+j~o-a;TpVWHt zjSvn^?yzgSM18JEQYLb4(K|Qa!OVf9E5F^vC~k7@SHzLb_0QZD8}q{b@)QSq`}z}& zvw}`UeiM~9Ft}bIPd8e2?_Tt^zgNh_tvtoNHf5Z~SZ%)e7xnu!^ndv>d5Xd3bJ6o`#jDCzCh-aHQ@{A8bt{X%6zzF7GTmKLTYvPto!MHJ zK|qygQ1u zeN1NXFCSD)bM;?%j^hTRoc*n`seg7`{^==|e#aCfEwL3GX5zuP`(SXs-TsZV(h-3Y<8bzjnjN` zY|M4I%HOtCoE8)X{7&!Z3ZxmQRt+zd~$*XQSNK?aTvnw86Qy)Hj zAjDN|g#y^}AOrB`o0`^<4xK}u%?{Rs*07>8d2YBDDrya+&f|6!T$9v_pHTq7 z068Ug+E6`0Ah096sWBlwefF#)`;-)-36wfIJBu-;!(0;620bK@1emNZJc=4o)7cpf zgM>V{aa|CL=mVfFb^=dtpA{VSn&3ckt#gdJmX?;rFym(y9Qm82kEUjAq4}U=zod(f zUvlDLcIu+gW<$iazkh@}c!Y{i>x9i+UEnxd@44^LTOyd(1F)Oggv8w6w%jda+1Wnb z9}^GixDO!pr7cTz}{TfwIe5Y`NmMXFB($+y1_HtwaMM};?a>KqJl*X6Dv1e zb4SC!?9pq(ISC;GAtt?=Jv!1&r5PlA?rlhbtGD-aM3Jstp~Kr%4J;&7sZuU1JiNc+ zCTuny)S=nCLrFJ%`jt|MR>uCesSU?-qIeYn05=ft-lTri^QcbwpH;cMN~s5i-ShK0u)7THqG}QdAhqAyMdK;L`-CAf@{`ARSO3i& zv~CObr`^btf>?vWp}_+Ezuh;h9OPR4XKCuUwji0%i-_WDTbnlt87ee%(3ZiEVF#fB z9w^>Xh4$UC_tjn^j{d*_Jr`*Xdip9%L-UJ^>Y}ldH~)CNI#)^iy_VeZPqlJ}&nbO$>i1U;?XEAQ)18Kkn@oK0CxE21H;H<14 zQsLspvRE~F_`zP$?>9Xi9UXdlDp*W|j43|z!04-Q!R7WSOvF&*afI)T)g^gX78MrO zwVSM_B_=0-1Ol;K za1D=L3DUB=6A~iN!otfEXKha+O(m)~XecnSOdFngtaKtvYot@~p6Z>g_Q~5m*EJS~ z<*96Uk!3MKuSrCvLiDQ&<_O~?vQC1aH9G7z)@bSz-q+vHz{S-9G9BxDY4|N5K#*Ma zOr;*EIup~tfL2Zua`fpfbxOmAYW@|w7zhs3WbbQm-djxXZ(2xV8Jgo zHa1o@HhxcFjKkQ3j5sfDhgCdV#CoKSPG(dBB+{T$Yyk~!gHO}HxS5Q5_RKFVK#ZM; z&H~pMe*-+Ph)rr&S6L=lQc>{MLB zU4e(3poj<{HFd13;Q}Eqogn#MO5ek|@y2buNpXb|(Md#VHb%yn`L|K5Sj$F-QAO;J zKvD1;s)(gmzW{UpiH#5;fL#d*pBu6hE7VJiiy0VDEv>8=kt$bNc{^m%w7vU|QF=?u zy1cDj^n>t^SC6S08hXBdU8b!oJvx*8`EF1N!=A4!QtlLzr|Jcgg04I@m0=7?%oelj zatitMjPEO%W)M3^A-UcGc?pU6cO~`h%i+;-rM0Z_m2ollj`Yp<9W?1JNl&p(N#up8 z-r0%#J){#~#M;Q2%3I0!IdBP8a}`IEC}grE!vh^LE7zHFrWzLJuy{$lPtF3 z>8i@N@K<};H@sxZUMjCtz(}d(z4qDa2!8dt{LaHZqm-wRE<+b8CKl?VaW+G1H-Pzi z+}_12Dz3xZO1)>F0Sdpc7CWX6i`B2*LpDgBK+g_gN$ucZ3X%duTh-kq(7iRig%RwV zOYQt{R}@b?;_?94K9UZQXhINU$wxhXd*Vzlc9^DSvve=m(>{tcq1Do2Z?vb&oc4*9 zz3Q^V+gLPQTdz>?xR8*-7pg*Ckq!-h@n;u{Wp`8COKOH>>2JSs)vVZCWbjyS_D?FE znF~*VArbZ^ILm*$#atVPdg8w3Hh*?-J0aZ!ajXWZ7rXQ&Y|U5T#!SlBfBN(Qd!`Ji z)TsKFkT)yy#CAOVaj5dH+-Q0q&w!y5ilW(wT#znT7nZtO?Y#dJ=g?whq zTBi0})7zLxA~Mi0?OOYw$d3L9GqN+Zejf>({S8vB+8uNkN%~&XPC!17u%M z@ajVU-&T0}j=SFnQ%0Qwkyz1~uZ5!!q(wu=M9TzmJT z^|%pOXn*|_f=A%*&fzzJ24w^aHqc2JkFkh>{5=Kusepbs3ZD(En4th8Eg74x`M%3e zN4;l=fzNJk4d-C>>rwf%r&~jK^TM{$_K<(2&2U#Z+f*Eqf0sf1WoJo(z`2&W>Nla; zRqnTk_SXCvnt5}{%Pfe__j4Ib&z4t2jI@k(cR69w52FrgmqEgha7PK{N9;lqg&F%- zC{B}j#C*72@52s01QZ0GzbJ=N(@cBF{vpAmR8S~o3_rmLQsjLg4eL_z8zWnL`&x*+ zsP%(dNx+u~sXjrZH@cKwtkIObm9-TXbdK*ox$RN!GWmC!)gsm>4~! z;I@!)$+&p7<14>@=)QH{ppgk+h60t5iXKq{CpOi_X+E91y-^3ZgazrDf`S5jFlA-S zJ*O`?ABIkgpIhc? z*}?+LOL_%m0>+zy!jJx{OW--&zHwuIaGyv$-NC`{QUYdmJf-UL*Mx&s8+y_-qyMJ! zA2|K7kFNF5)_tB!!<}(BwA)HNFCz(54c`K0Z4^ai35V^pG8e+prcYs@^be2u_3IbW zyQ0Dfap&$MzT73EW?iz(PjI7;i1 zm^02jtR@CvVr$(-RO8c|MQ}GQJkCUr1=ET8_o&w{L2I znc-P+aP{(OOG~Qe#@1bcJf0kIVwcXNi*7I1he z+o+~=G*r!Btb`pT3o&%FseR!Hu&GpIu@6wBvf4RQbjXIlCaJ?d>yS(*T2oOPJE_ZB zo5tNBwF$)&jT3W?u}jrE_py|NVam#RqmE275s0Krr`JgqS>s5m1DE#@tD%@yLCy5A zDk>T68>6P>9?-IK;#!_2En0mMd;It%FJtiz+A(I!)qmU#0_Eclc25ozKYL-0B`sR1Vo^kVDB2WC1U7j$L74MQ(6l=XqW?ml{u)HPqKy+;9Lz0PG1DQ% z?x<`*$%u+H@wgGix)=L4tlyO8M2)TdDd>54TJMeAaU80N&z+R5>HFT#od@XdUniNw z&Kp%{oVuGXyJodty7%BgeN7F2#988*_9Sf?8XD1^6oi<^7R`iD3729B6e_q1cHl~U zxXG}4qYjF0JAoTRP0&88r=vso-{GvvHa@uu31l8B1=+elMHo6a_ss!@Z?<wBMS~d{ zb$ZK#hrlwy)Z{MwDkf?6l$MrCL494~J!?I7)bGNR_De8uAgppB;F#3QTbiG@sS9Op zHPHTZLGbP2pUt5f{QF~bBaW?^viMV!+!%P=sx0)qp8eL}`rwP4eD9e8QnB6A#31mWVo6ZUs$fP66x zJp}i$Jr66TsJgXyAAUofAqUJT(!>F?Bf@t6Hhu2FPX8W{(VZsk-XB`-i5$=i*C4xi zajLKHncaohpg_%?rkNaOWD%+vH{2JF{IQ~2cn1$|N1-PCJ%A5KB_{T6X<{k`>IQ;L6UWv88P&srf_KrWVB4w! zQwJx$A|Yl&2@h;kr!Y2Yz8mYGr}*2?!~$y(Y3iFTsYmV?iD$2QxQRRUirv)9zO4G; zr}D$9lg*!)ef4ok(9IDI96P&?tt~(3Rk6G@cO5zRiGK+FhPL*;irsB*+Hy`G!K&5W z$M2s5^@X@FD(bPmukX=QO;=)?^xfRd?I-O4{loHtjh*v{yDZ$+p?auk`utME7WhT9Q)=IY(v#Q9F6DC|LuZ~ZqT6{ZI7iP2ZAH{uQAoSLymPYeyE4GTI zn;|w^Y1*HXD+3^$!w*EMgz=50zWzU;hcPULg@xh!)z;LIWt!`Ps!o}zmX?)$6rub_ z`&`Z??Ut67c(~~T7ho36N>wNKUuKNr?12FA09tGD0;?8;mjI771uldAm{6GQLtI5+ z(aCfia-g)dG&F}0pVZ)JExx%f%VALc^%t%PJ2c<3Ws9_U^(B^<$^TJD1ueFeHD}?E zq|(!CR%?DnfyDu;>@(6FyRlt4GFz@7=d(cWU`jarMmDTp`E+D%POtq;Gj5(Iu4!&4D(a%hOoySPN)5`qHoDNFV-#j5Qs@iy?dz zJ)MGrg04V6Hg4`yP~fDYq2c1?Ib-`WCG2@ zzQ3oZXdrjLF~Xe0-HQJPvYrZf=X(pY=l=ZDzq8aJ*}&IDdY3!4>|rzV=%7dk&M>_9 zZ3T{IpNp>Qq2mvv>|~`vvO6`y0{+QQcmd9odWAz^gwnW|;LE?3di(sIvq@|A)r7x1 zp+OrQ9E2h!30zqx>deWa^l?qXDhJQiWV(-|BPbNyBxQHCm&eu+prXe#ek&G&L?|WT z2udhSYHHF=??;iR?1o`QVWDRr)0JH~P*mZZ#KonLHwm`@^eQw~Q&Uq2ZHJ&~=^So0 z9O{ipy3BlZ!$PVV?GJIG(tFrr4V*a%Nd#Z@D#frS^Bfr&2{pye#>V8C-^6QPDzWYU ztW@Dz>X4{`qrW7bIBDy19R8Ush{YEC<8;uUl_p%v?8Vx%f2*4Rg^7Y_ti^ZrRNg#v z$p3x*32W0ZJodkzswyfnz5lQN`=0;Lrj)x#lp#J;K$p^}oc z{-3Aw`*&UEoa@N@yw7uw@AtFrC&uu|A$nR4S`vvwuX9+_m_#CX!#^xERQSoAS+5xU zXS3Jg<31!3gEa9E88_{hF8q+)SIffJ#M9B&&*rQH$!7)c?lP%>aM>*PKrq_h#tJj2t^oqb|>+N5eNnNuL>A96_V2C+yvP~I=W?Q^Sz&TG15?yhvuAI@2UHAGc@0gVwN(6WcSKPg~<&+SLLlZEueK=gMaxZ zv-hW1>jy_e$~b)jQC|1Ly1GH_*|!Dzw5(4UK|O^?}E zhRoZdE5wgD=js0{saWjSyfMr1?{*kjG&IzU6Q}UQZ!!B<2^WEtC*)V>}M6YlqAv~bla9a5fKr| z{CiUak55Ui);##?mD#JIA@f&*gQ@0bX4|i&rR`wZv18u;%$YNFK|f?>=6bS(_Z+$5 zf6ByUm&CKSzw&eZ!gJ|$o~oj2HID_G&2Je#IC|SV;?no!u`_bEZP9#%g@rFhM@Q?Q zob=ekD6LI=k9rn-`*_O>3%fVa306t^ZqJ#ka=C$B$Kc zzD*pi_BpeD^Ppcj$@Guky=^~5-zTJet<%vnX3X=ND%{fCAuyC)sf-zHZEZdEb8Wd+ zTSFuNR*U#Q-!hHxi>|4u89kK5t@UZVdUd?oXWp1B zRfBiDi;vMwooUbe0J~8Uv&c*jNwrZT)TE{`*^Ki38klN zjqZ8PNe2?0UD>)|JETa9-Q4Rg<&^}gJxQTnQuzQ(?DTkDl8 zS6VwdI`k~WuGdxB|Mwt_AGAzNOziq^>rlkU$FJw+<{r=SNQh12p;!ou@5~qU=@VSs zTo5p1O7ePmy8eTr|L4hF*vPChr_=r|S@PWW@h9FhQ(xZ?{C(Eb(?emnC5J|J^MuDW z+U`)Alx?>iuF_uZWW6W0$?~GDft;Y=+;1$7U(apJ{AEt2{C5ep!rQlR+v}%GO<5Ql z_jA%vTCQB$k?X~Lor3A5z%{{9d;Vej$GeZ0Sm^2Ne=RF7KhS1dHfUeL{l76d+57tS z>ugzP~c9z%gTEF)dZR6)5Rz)>uts5#!{{HFh%fki+#gsl74BmZ$)!Rjm#A#XTX_?|vLSBeE#3e9rLr_Db^_{r%k>qF34!gZ= zxG6I?GZTLNkz?ms_W!mhCDXfi@5~17997xL!Lh-jN*2=cSE6NIe&vb$N}&6>D@OX9 zcXl(7o@;sUzjyB*Pxpx;GF5YP)|QqQAv*~PiSpBz|2KG)Nl$0ERf2;)U>c6Jx3$$p zsIEr0rm}Yl^k&`+;jOl|yDG-LhsE{&%F4<>&-3T!F*XAu-Do_@`d$Y#1yHDTvum8}vlZ%Rq<~KDpt&qNc z9_lWn3r#bi3!$RSmd{N~pqOJlX7HurvAv$Dz|hH)C;ewS5)M9heDpYLKhJ-&rJiNI z(3^W|pZlmRBY9sT^~R78Lw}X_yN2B&k0YM`Se>u(t{(r>BdvNJ9cNo;XlQB~`j_p8 z!Fv^Uo^NU*Fa74Nsp=jE$wed+(l_h6V+y&O(0y-O}>%)Q1nW;^M`H%Hx7Y$Bso|QH2<;X_P?qlP9?xo}+(CcYp88KeUc6boI)WkmTfTscC8XIXR>tWgb+?$+Oi` z`}RfQQdIOD5y}@gLfZ2hsFRbE8Ch5aYA$}7P#QfjH8pkj{{6fJNsCevK2ougp3bIu z=+I1O%ARMPoodIAvv+lMCC1x!xEj|GO$|N2YZ5^G>{)*fv zVB|n_@jDN)y2;1r6P+-i%&~`K{@Jr?;U+A=R!XrjL(6vHX zB&m{~R`na6oV&8JvQf_ap`-WO((&i%(%~|dHmy`aKi;L0LY9`?EG#TSUS9e+EG{mN z@lnlM%uiAdYiv}RIq<-|xFvDtK_R+MLOx9I<@oo@#BUj%(7m0@7`?! z4q2H=Qjr&y*EKMpk7E^Yxh`(0>C>5f?|$yAN#V_bxrj1>S}9i6a%MHRAr?+z)6f`!+MyY zKvbfg2ji?7cX8Y_{?pI zPe|Z&mn8N`W(RPQ-i@0#UlO>B{29fSpKq;f-ZR*UiWZ*bq2E4M&^vrC8e&Y>+8o42Bd$Ci;K&TmLsuAS(CJ^#j%tCC|u9- zUT|>Oz4qyC(z|Yl)0;P;#iYwP=%%!D@ZP{ z=Hen!S66pCR!-G$$Z@p7`SZ7L#m9=s$UlwcX~kvQ|M%3|SgVf{x%SJDdsb;iUV8lb zysN2Vw!srQk?j4WLiDdvm6*L5vS>-$@fDuKZj~O)b5{;(T;7s9KDYWqmdyP0=_4yO zIvzWvFG}xqzZ3I1BrY+r<5T0`39+om8w%d!SU=*K8p*^A&C$EkdQQ|edp7>oX18n% zR_d|yU7a()=F+aX~{L*lj&6$5v?-P1&)4iw)g zY^6AlryU)}4Iwvg++gJ4Nt&LvC8>INNStm6iouY_CE9$ciHU2a+ab~W(a*~(c-B`D=lTjlBU_bnW=a)Nls2KIwmHxw$?3s=+4nw{L0GNGKIy(^gKK~ z!=s~N-S5-^{IT_fgoV{mE7aB1KYx91(zQSNwCKTu2lcb$>F*r5nHP^T{9VC&nzASH z$rA-lZEfR@CnqJYOPtbWXHMEjL8%_N@%8<}z#WE)$B(rt%}q^t_wCyOsHA0T%JPoO zyYJb%v$-WDk~OD}ACD<7m+4wj}g2@criqU9X19Mk3QO(!Z)=)|hA3mJZt{-dX<`$13%P%V0vU&673JXQ$TS?f4 zzDvVp&F2Vc)f-glHX<{*H1g;@=Ia%s+XY(5>9L&YGWV8Z!@`E!@v?I7L+C@4T!+NO zIXSaDGrbY>yYQG=rhr@_{KEoDZf^3N;Z*e7-W<`>%O8LF z?kp24E7hq}@3%fn*>iNdl|kipymUjO(1y*9o8SqL4ye>4zqVn08ERv#_ujCT1vIIA0&>j>r9L`S?AdK>>_kp}bP~0xARBmi)3Ia6x_o@FxbHos`!N~L z;I;nQ#>vHnoY8;F4lxT=<_=P+>uU+IQ#Gcu?}NU5*sh(x5xGP1v|(aO(5Y<%DO^j> z%5wD>DKGeR-|T_MOtImEHp^zgI+{q!os^mP`=s6IH_LZwQpl5D?0XxuS{)m!n#9XvQP@@p$kV$u2gJR4IjCS6{6t(nOCbcBR#!0@lj=E z$McN6!ZDm!uInpLd4zwTMz!<)GON>7Eyfy`>_iIj?luxS`N0k-1bA}$o9pKsXIJN6 z3Rmst+S;>MDCW_ly@9CJ*nH6)<>lo-3TUQJ{kO)ow_s-pCuMZMv;Fqrm29))nKOst z{3=RIo6z-FULCVC>c}{a(if_FMTzIqud+9o17kdIq^*I_aKsM5qghgRrqQM=Llz8K zP6xl@L*`UeRB>4wsw|su@hf~9pI=*Dis?9A9~g;lXw<=#Vx7WrY}%?4JGEk2Q0Hj& zlPVgLuAW|Bm8aE{Cr_H5J)^mN`LdLhR0w`!p(Zz%&+%pUo19WtiDY@QraQNSV^#jF zQ=o@k#$UCw=3dOs&Q1{7Tki4Z0AOV-e`O-K60M4g%GJ*_G&DJGKgpZYrR^psCso-Y z4MbhOOy$u11y@mba}#rOb7OOtlad4IleH|I)ilC(I^Stc27?K>t!NI}d3*SF3t2jPS531YlHoXHVzF4}>^aHb- ze!?5G%UgGD1h{^3oSdFkXL1W^>Xt{#L8Y1ow8`_{8WoBFlBeYqM@fk~dU=g*&)+PgR3p8NW>YXCF1 zn|%)YeT+xXw_BNRH?}LO@%xkrv~OffwYs`G_32a6QRN?$q|c3ieFDZ82ONhItNS@XTl=z5cDzn0{muiaXDQymGM73$TA ziHTn4&Nts>sA)s-{BmVAbj4yp(SFoC}{4*k~`Ok1$yFFid15P^FbCy{~Cd+ z_Yq@x$oeJFdm0O7Y!rru~KD&F%mMxhMekV?F6kB`hWk}mmkyB9g0ZTgGv;zK? za~(STZR@$^(e2>Oh4H)h?3w8=(2L(pkzD3F{q^G;P8%B=w*6=A!%s2a_MU7aJK^Z2 z$0*q{ZX9h5DI&t}7K+AsHd&`DoA25hFnj6+MbpXKWF%27mdnY%52-)%l6&u|Q>Q+$ zDsPR>MOD1_+@2T92^|{|NPpI4_wX25H2@bAAdJDH{Bk$qeA@=$OJe?p6?l_&B@#< z%*@QA=P%ev%gJ4f)FEnYH!10*F>9Qbq{S;;Z*T8hn#%b2Ep-8_+V`XAb7J?Y@_qz}*6g;nA3a;|HAP+^ z5EU9qCU`XaWJ$u0A3w0L3j8BZ*ZGHj_~6o!^Q{m#Tvb$0+Iw14;lKf1rKp$lL z<8*m-{mjd3o$YQYR2`^_!YeNN=N19p1?9{|_w0!hj6iJ=Irr1_8DOR~IAUgTxw_1c zyvj<}-y7dtKi7e!orq!8VUQq@@`OQ05|3y9oufSYQ4BoSXNseWmm1>?EAFXZiO317 zT5&VJ5U;yhYE-FFUtcfx?dw;2&K~hI>6)*W$Euh(IrZ3?J-oXE&c z4tjMUgOQPu--cdOgkbF(o<0Z-M@U4(rQ+1TxvRz84ehxV)bHMxr&Z19KP1byAbg)J z)X5~gsax2j!LOyI995S&qN=iyy%c-d>u_1Q+($Y+zg@y6=9z4*nw5*+2<%sjYc8Ra? z@1KL>t423kTGTtl8#gq$Nd&({?MMmy`;_O>NzZ$Xo%0Ng73TMk8k&J!N=cRWRmuc> zN0*5OcAY}mJ*=anrmIV9YiFmW6|~##uZxSz?heV)dGLd3+5%AdQUCD2G#bOrSNFor-8p;Dn zvFe8oMVZ%`mfwh6KQBZws=QlzSmM^pr(i4w`#aj(Bc=W8{60;vFB zC1V}K!|97tQ#Kp;rfVT0!x1smEr0U3XcXPu22BnhJFz9pN$+cKuEtHEpPRFvEoKwr z;^?52(=zEaQ_)mvwbydU3I@}Y1PwAHut53(53{nc^lsbvLF4+lwgc#lsDQnJq2|Yq z?UI%*>s$T$;Z>Z`FCAM)$IJVD=6cID&OA@=yBqRT*rae0Uz1t}wOISrBj&u^+|U^2 zJu(yXv$K@)Sq49OUPYy(FkfcinXndrvSDas)J(9ti^~5dQgE;1^M!RhLj7gcyE?J* z-pzv9!lMh~M!MzAz!QS`o8Qb@GWWM#W9&?qbGDm4+|Bs7s_H2!Gp8pP#lwdWE$S>P z4Fno~emvN*+|iK-0%{ffqoD8Up542RJRVtyo#5QFMc% zV~5N*{`~o~Fj0Tuk(=$Kk>N*Yj)s?r{@2~=pdekw6SZ)-O^@Ze_%AxlgdDFhV%*_2 zO&z^$E4&58*;T38Bw6p>nwe1s9QgCi(ZXZ2Vl(Pj`(2}aj#tzs(SWY!KTRY|PFiOO za7GU_Ub-~iaFLUaRV+u&p@e~gf+A>rD(cClzsmW31~MTH<>lK@VpRS86&!+~&?ZQf z0lQG2Yz*EBCEuxkNGj=RYs6+|uiqQz^lvHGPuRgniF#A(*V@%}-^hm|>@3&!k8fHl z-N$+fCFh$cyc(jD6{ob2iBRd*3(4q#gm&D-hn#OVgh=bc=~pT$rw)FKqxFUPw&LUNO7JabNmQq1%Op z+NP^wDk`_Oy)FPx+!}?)qOdq|LO$@w@hj*^_Zjy5QGjEVlbcJ1&k|(geOgk4cmz3>q35 zU@JsN{Wc0sUf=)&qd$L!Vy=G4A&Io^_3)hX@?_S5JGr@PuC@QXsCFh6meilk)I6FL z&&aOO^D?UrU3%?9#zGPb<-Jfr9_BB9VoXG^xsW{6dS(K%tNt=u>8Q{&8Pg~$gi}0I z@pqu;4qga3YOGBE+?kDMFJG3tA1<@AcXxM}pi~#9^VG7G2nix-`CH~2SbWH5wFQLI zGo5wbD<@a5qnckR0?TK-=G=pk`AZw`?^LWEj|CLn0sL$>xo|=+o>p#fHI2#X|QM}^snuk5KF!Jb5dCx!NF89>{Fr)zu zCC5O4GD8+kVL7)LX=&@u16Pi``ZoZKG~#W~pX-5pPxxA`RZj(Op-*53!K--dA zvASs~6({HYiNoE}R7Tri;gpGync1>{-{QYPLK`9jhBa#)TRsZsqp_!Aw@8@uW%r&; zxehT_y}+L&VsZ%FpI=s5YS=n9N12>wa6*Rx^`b6H$h9eitnI&LMjpz$3zCe`61#}R zsHuR2{_#AqkdHPLr0ZyNSI5PPf=|G;JqwGAKD@oBrpXP?il!PBkr~?#S5#DNnRS)_ z-#7hKJ9_kJf0p2To0Lp1(qSgIlM=^{HaIf>`#f(259F2+H+jniE#~icW30{;HB%Y7 zUX1<&$5-x0*8d*9SK0c}h@puI^A5*k%Upe1gRg1A?@1ucqL&8#|G^0{Cb`Td`89hx zN7J}yYP)Tj={sks|J}uf8I@+iiMt{15Ac@l1W=A4lmg=KU{0$(s9MWhKc~%*HU3=S zf6w(cLgsqf|7QUVUEU7)h=3od1rN@%qy+LD+IpFhMc>(37;u7Uxc&Xc&`ea}q4`RK zFQbW+_uy9CuRw*zD)6elt+*$YS0l4-w=Sh6=PqSsZfJFfK*P2%GhaScf zAUq*~-p$<|3LFC%xHaZ;((9RCh^o`e+js5|Ubz3pSK)2jwh;muurd{pI*Ei`k202v zQXew;=(b*(L}^)BC@vJZwzL^?F0>bsRhzm;01mvncW;93j$*5cd%u7GeokQ_6+JyY zwpGlZJphAU@@c)k94s#C&#KOe-hry6rltlJulcd-YZTs*q5zm1ULX;`(T8LU3ko9n zG%iopf1hZra2`M#q&}YU`-l-LDX;FnO+07%jC=qg{7q>WH%;s&G`BGcklS{^*TB_(CL~$)};_iusD9)X7<_D z&tJbrN+LjXb|Ffhoel#n2?p&mkq&mPh6}XHJx{r%)GBYuSz776KKmXz; za|}g5%aoUt<8!w4_4TIi?gwu?E)irI-~1%__W|g-j5~HjL7K$1o8S;&sDK+;+@+71 zn&wngumHIq*3;9#K%q0)K?&+bYpxP2rT4+g0YT?Dqt5>hm@$OJ%4bdlg{`r|j&Mh+6$N4ifMB;DN=R=mA=ewAt4 zwlH7-V?~?TLJY|I(xaE9{wvexSEx!JJYe2D+npu}NJH!4;Q{8TbxZl8wY7Ec?H||z zSHK29@ggE4`DA3a4Gj%_UR&!Jyk~+nu;LSiWHBg|m6h3K>}gER9A2}R z=jD+@C4!jNgd~A97Lpju6$RhnufO{Kg(_@Q}`MJUSTs|#Fl?O`!7n+fj%&=J!c(&KU3?0Q|D zB2jL?Exz{uy&(rE`9W!7VuJha#qT=_&QbL31n2wr?}uysBwyUv9}Zj1W~wEU_NPoq zQBfO2gfgG`BN%ww<T60hNUOSnBy!c>yqNe5)4WXk$8O)>mdM>ine%U7|pV zb;|q|09(_{%I7zJZ<{+hw1q35g`@rzS(K3@*Dze^p4HzT3}c&E(fGLCL|uTzW0&n{ zMX4?+itF$1+$x1iw*KP>F@imRjP^)E##kZ9?%ML$`nxo%-V!Snhb#d<^qo?ORfNqB zH?bABam_tB8U~a#{8P4r=f&hbC&nFB#>TdZGr1Knz8OCP6i+Y}dADI+v!aa5%$7HA zcJc&$Cc_TgRh1fmqK-N{iOg11Rn%XvKbQA?{q)xA-paY2cd+sTvHtu?0I*5=px%9DUqL9}CP1_lPV@h3*6y1B*1r%ojlTUObEW_?~+X~ycg zCNV@(lmCPgurk?9VQ+8W)Y-ZD^}|ypmB(cWV;+l&X6sgMUtd{P@e_j|+BkS=9uW`i z1+5VhEQQMNuPNmQ$)fm3Yf~tNjlF#YM5juTGAa^K95Og$SWs~D2L|WS z&l*?i#Ivxn+M=)0(9vn2Isvs_b2m;2fKd~4@uH2LT{xVnst>cVNPNHwp*AVhZ@x^= zIqLiSKCm*vT6WkIFsWUysVBq$K|jxwqeCZC2>iNm@Y-bC{OZbb)!S(-c!hv30&tvh z@o=CCY7{!6@NRrt9DBZaw^&Wl%{?L~hu7cVUn*7(BoFLi3m#gxB#M9?OuMwLVFAZ~ zD@L-Q3=Uh-$?9$RE#1;mZ^ernrn7IV16Ca$Y^ z7v!igVke(4!UT4GWlK-O&3J$RcuEmIGaj=W6wT3?Jzy6sI%HC*%1w{y2+4NAcB{A}jJ(;^jQuUpbDsKAu zan56;@ub>N(w7?``7|RCp%nPlFwCJ}T1F-eOBR5l$+nM9nn%%}5yaj}%2|z_VC=Z7 zR=9NV)28H^OJoDTI>7~iA0`=q)b$?qE)>bPfeN9y8+ z?~|IEX+#jZP(UT+58i7Hsxo=b3!avN?gi1rq!Qjx4afg|ysg&=6AqrB>D@XmZ z5x1|4uNmMQ#(VpsQ4qeya+z=nv2mNjHqp@1w%pc9!M&!uAH2tmR1=zwxY=wK>)O&t zI3em`JrsYWK4f=lA&0^(Ij8E1FZbybk^W@XW#suWpPZPmLjW>mRf#s>Uy{c|e=A#P)(35{`)M_Z?eLWXaF zSgXz~gSczDlnpr=XR7`2RW!lRpFf8{@m+2}Kiveoz`V}L_7~z5M9Ts&q|(#VD;VXc zgJAJ_;HXM2xN$nn-UnZ7Q5$vuZ(&{n&y0G|v&&Et=nbs^p}`zCA2uC*{fML_2Dm6T zXU^Pl^Ra)?5=n<=CG+(BWX|r=tci$F;gOrM7&JRfVVC@&LKwX)Gf$JA0#fPdTZ)Fz z$nR(3;bFj}j7BA9XLG}{(5x34DkT{-BR7&IS06*PhbG( z8yH-(4X+~}0a6(OH5{_YNdy?e4)uQDzq|TcmJut^WmA&MpJ@CH(Bss|oS~4YXe$cU z3as(Ef#OK?i7mkILEl~->yj@}L-rD7O*&}Z3l+q8WbRpHNy7#$P~fNd`BHHW$}BD- z{DVCPmZ!`9dT_7}>uW4%<3Lu=^-Sla@fx)tcl+TFdl_wjZzIIe&H zd{?Op{6-7>Uu^7NjY5DZKp1dGXFX3rIh#tbBCx>Z@^S(k42P^;L=Xsz@+s7~RQK5N z{k{u~5~u5;G5&`}3J1Fp0yabkN0LrxjHUYQ=Sel9P$7?VtWtQH1BO-bfCna`(s&znd2}8W% zn6NyGf6MFFI}Rmssi7`n!1L1gd2*u(te`K6jIoeZt*v>dXJ%HgnncG~B6IHDi!r%# z#0Gxnv#u`V%Kh;~q77SeZz7M%i*&8O63tUy1a@{CDUV!xqix8gS=yOS1V@4+OD)7u zCOF_y>z3;(BX~x%XyC)t6$CsY-OmL5`7!V1?cI#o+g_e6)A#x{0hi}q-b%W0gDbM+ zZ|9y{)@U|taxSSYug$5Tb2j0N!x6|T7&S693_%BOefyRNpjP*>)>Vkjbl6Zf`lH73 zpv~!f&ul$%L!ocZ_G*?M@+Dpiy?oDasWkSq?PzdiY!=i&(ycV`o6D#_Y~bw(7WRQh z%g9Trcuj_kUy3AX8R}lXpM+XTVA0gHeaVb8Mlei-?Qh(k;Mg z*D@bJ0Wg1l^WgWJ;~zbvA&O3}%sd5Ct0_0gEd^pkr?Y-`g|ACqE4S|NpPvh_9_&C! z{jQtI=xz+z6-+!YTs9d;7nfMnThXVyo8V4{0_2)>0HK!Jw$oN$+aLxJp$TGFKhDT| zQcgq(2yW-^|3rNVAn#*{-%UP^TLz0EJ)K~@>1X; zu%|_tt=5Ci<=V<7dFUHo~Tz<9Zf9Z#PU(hb(T*+Nb6)dbFc z(~BjI=7A3?0m}$~6w2&n<7Gp6A|41Rc;&{8BFx`*%wGtQ^{=%t&s1r8`UJl`2Yr*$ z(o$8(0>XBn-{4Pm`maYCFR37~LxQH9@nURf9XZo7QS-Nb;LC8CSb$*G+pHGCrI4v0(C~@koI_qc&W=P5v~Kihn*Mq2nzB`NNh#8`B)}> zaZHl(22Glzm0+10Z3ImvtFe(0*`-UDy3%WE0<+vB-WWp=a%L}+mX-#!x!(B;LwdQS z#Itt9#UmQHCMMReD-&5*YqXVRdGkZt&_D>>iZy%IY7v>&r_?+_y%Lwc>a;>+Kw=Wq z?XmHY%K0TW>`fYQ;ew*KqeO26?NLIE%5;1N#u_%p3}>uHIjK%mr0d zTsZ&UcwGQ9cDntN-Dvj8w{O=17+wQs!$NJr8JWV>%5y9$o37os5s!Q|Z0@deH!Gh( zbV=nOMk=2c=Md82jsz_aVJPXL;(Go4bI~EIUxK%#q;M&H=R{pZ9{I; z3z6TxWuyzBUDzP7)|0)8p4+zA)Pz<&H9sHq<;&TOYnK3DDxPOAg4GexV6?C3`1sqq zb#VL9$z~{$UPyYuAnB{L?e6X-Tw_ZW{xE>zw3Ik1tmO$#Nav*r2oEm;1&Lqpn!57U5k zPQ7~O({@zvxyNS#*S2|yUNPSnzsm4Yf)~$`CS@dia7tST|{sVo_`PoJTG70+p-J~ zphuVdE?#I6JCGk0$Xi0E!B}dT|-LYe+^0 zyN>*oFo=u951E?*Sg1hJtL6Ov{+Pc-c$OVM(XK-Y4FX|++ccHnAvSMn&aJP{Bx%_} zNNLAv>P0RCo29Gx@FM|8eZ!?T;U{YtplA>}RpXzH2hZn&k3o}ZN6BOn9PS?&z-05M zt%bodZUX2e(FAtTUJ4o;8L@%lw7!s^y21 zYhcIq1zV$gT6kp4hU82*LBBzaKL?e#>KqLQpQiKAc|e?0apF)H8#_B6Qt{5t&d87g zxUgu)vxP!FB$R8Qd<{4P9usvjK!gyGS_TG~abr35=5Wm8Ceo*|*kdQ+0ZzTnpYK57 z15zg=@y~ucRFe+C@3S7Y%UalcBXr;eV=s`2{B8HLd#xtBA`RKYLX3s1d;fH+H;GS(S&uQLQz|D0TJ@bjiFK!C0%{7 zt;|9Ur>H0ak|Yr{yHk2@Y?o%KTng$=+ta5e9nX7uoU8WA$at+xYxP;cd%!PIb0_Vg zwf>C&za}{y2^*EjLFi8Y!5~U|j4L4PmDO)r|KthVK96w{um6m~!GpWx<*z$h9yyY@ zpr8|RIu`kZyi0%opkl0JcN3>KkXenc3#6O>GY z(sHkku5O;3eA@UN4mUk}{`_|QZZvQR^du>-NmY{XQ8RCEX_6tOCB%BFty~1f+V|iN zu~EvP6Lt*~db>Wf#7Cpn6gR$%6yksejwm z-K}Lcj7&}iB`^H>YNgA>@Cpm-NQ5QW&kZp^=!S?5+Zf)y$oFqJ8d&9%S@joeSAb>uhOJs6itEoTA3Y z@$i;5$L*qz8gJX1xog2M_FUMx)kd1Vuz>ku_8Z zS}%2qZ=ISXbWkGV@4FC!T7u1D>HC*R!J^vw2Ly!nIEu{|X*wKZF@D&i@K;TmtK3td!aNa}zI~jsP2y&2v^Pv{?fpSE6 z7GI~k#K(L1{+DmxhzN}RnnJ|O#ym<(SEfDy1ez^d+MvQRv9U!XX3Hlln|d}LDLSoE zM9aG0NCedL(3nPBy9(+{9_f6Nf>MwA8`^FgQ%3>pOPsmz#+fCfpkq;6cWQduwv3V9 zte%IvNw89AjR;$~C)Y#iSGceyHgoajfpdg9hxN<2b7ukqOHH7w5Mf;UIrLGjjWrMX zObntFEQ~%DomqQ|6+q|@6g0l zNHh^)NGl*6zKKL!gYaMoF#=jF1@F2_pufMWl@$-zLSBI6shSAHMv=O>;+R%jdl10q zN@}XW3B6}v9Zimp2)P-t3U+Al72HKcXc;vSrq3>2`_7jy51{}X@wpWuwC(8PNzpeUduh=qLTUJ${1RCGoq zD=agQie(~i15I74>eJiCB(OjDB*$ed3E9$H2#~#?E%Fzf4vQ*}o%z;yKu#E%nZJI; zg6#6GZkPj9?RX^!(k8Tgk(?$X)-Y&u#({GpVd3FM@H8N!*dc^O*gj~_y#;zZh^d4X zs2v=vjEq4HWG~|vJb;SO*2D&$^0xtL#Kgpi2R_UoV#ElDI2^bm0HBeY-H4-SAiggad@_?*fT3#N8a*fBt78e(}XM_|cw5F?35`27Q z$aO{*6znd}wuGStuHv+F6aI}$_F+i6{2d(yi3NzmPQNg9{3WNLRb3Z5PLA{pL5C~O zBNvgPbRqer9##PSvjM>#G7`AF>!A16ty^*SsTs)Ee$8PS#{{4(;FJ_M-h1GbY|Xq! zT$~=jq637!7sTJOX9`CWD>g#PlTpz;>wgGm7rtR9l zpB?fc$PC-7@L#3#KjFgeOQsyZ`EzY%F?x8I;4=ORFivsV z$n&zJ2Y(^db3#f#`6N<>K7-|0jX44$IL6~XKkTj($A=?CMSg{iCab?OJLA_@m0-U=_d~oD|sQsemMNN?5Eh|0} zgibA-Dn^kSEll0ZOR7*mqkmyP(1*0ooc_J-%~c59q2M0%wUk-ZONO@4v33TYLIuO( z9PbEqrT9SqwmtnI%4eDAkl7ll(L;ujg*YAr3V|44fxsnF6OMn8(PSUhd8y31;K-+c zS!Un9I|AGwV|g%TWFA-DzOBh;OK&)SrgqlV3>l=aGwLS=@Mwm?O|ftHEPo3|-#roC z0|n7uWcb9u&`K>W9#8Yj>&JQFik5WroBqfsNg~i=fKKvj^(70_FdHU00Y_nX;oyzV zd<5#~qk}`tXp9b`IMyyMT|#-B zdWaG9%;@Ie0?jik_S{ZNK6B5h=#0BFL5Yy0AoxcrN0L4bvoRpc78DOs*po`AG||Ca z((R?4nFxO^!8ZZeNnJbuYL~8Zso~^nL&|CIiZ5Y^wElQhe~;_nd3}kU+M~1pl*~E| zQT9iT!bqL-k?pp*pg0Dx2XXE=&w(V5&D8>yB!ycLj8o!+#7vIu=Knr6F0SvM$sR~; z6pS=NE7|v8-KGY5LnP}!HY1eS?$Z}w){)U9n+W`TNZWlZ`t31PFC5RdL82ypjdjNk zC@*)k-igB*=Ge{lXJb+FWbJu+>~=H`>bVy;MMrhT#l+eG>mgO_h0&CQ{SIHKQpnB+ zb&8N9owM5@-A^LzzWvP*GVKT>!&Ak%&q(kMRJrK0i8u-d9&;I?bY2`y!O{1M;;Nz| zG2%S~1OjyU1>gu0mB-%<`Fb7JqLGCK4T{i{+SekAf{I10k6#{7t^oPBGKM$>o& zi7VB~Vgz}gqODIX6o1CpHz6AXWDp6M59vb+l=B~`wMmh~nnc3v>ILC6TtaZS-{Ug~ z#b^B*nJ~3~bNqI(8i>x-cvq*xrFfAGamEMx8C;6cje>&egy?*b6{!f^kHeb&zt*J@ zI{>RXq{l&`Jgz^jWN^@Tfp;7Ev4zYNM#*4a(&~$I)Erz)9qJkqBzVC z1cAe{!r#30lqC^KGYHneuj~EZwio)35}}A2cPS9gDC8mNM@Yv$RZ@ao;Swkie zdO##^3epOZmgu>@TkrZLME`~1vR$|%p~iJW+yk>R>bVC5gC{41a@n!)@bJD`KTlxF zT?z{6XRRPABJB_k8y)#AGR9w?hoCkwEBw6vr{J=?+|O9MFt!$btjiPs0f>PI-v2Gx|n6b7Xj1p>ffMmF&tHblK- zAoM9D1qgi>0m9t2W3+Lv3H@AAkqc6kZ1eS$6vE)`qa1@)N++L14>ukwhz3x+C3d^0 zHO>S;nhZh~gqR0AD)1udnMz+hxIms~ZI7CyD_^X+87^{oPIKzn)T*mwo>t=io$&gAWxqk2$^)og6|KsF{O*U@Dm z+-ST%lbMkb10ZmM>LP?P948@8oY^BCj;G1{3C~wdOlGW5Wm|N# z6w(BI#N@ROO3LFt$Z8SE6uTSd5Fv(2tdh`Tq-!4Iz^HK8GD4HgyUB6QnBbMQg+2|J z_t8Mr`6!bvd*AIjnvJN4j>}rkXK5+EA9b?xdJh{Idf)-ZDxOH*bdb!Yr5#PpS?gSe zZ5IS_3R0@1ymwpUmD`VPnTE7S!M$gGtAFUWcV9TEW6#I$>+9>p-aAdC4Y7qfpmb?k zvA~)pc0Tcz0#HceAOjWv%gw!TnGvC2*&%VV39lgdaOy2sDS|VX)?OSeiYaoR@w?lf z#eY{QTK4r;5n8=RY1Ms#Ip=Q5R2FwLkya#6Xg3R!scM0r^IM*} z*}Z~7$vT3eKTaK!=n>dIpUsyMFn42qJV|`!N2;(%4niHMRb);@*(<*nRqbvbKXT~2 zqN1V~Ugdx$B2($?;$r*f*AF*}O5E&2{omlf{NmyXpU-Cz+$p$5y&9`YN>0vUgh_dUP2?={5xN73Ahr$;-an@~kI<7h zPDzszOk4qkq~zrtYaX2S_O=nZ`$vh;OBDUl9%P8HE)M*5L@q&`h%fk#Y)HuU>#V2} z)Hy5s35h%oAT9ewhd(=u!)n32ahzM^ytVU>mc_SgqPgNhtMZU!yE3AdPGN70E zxT)cy9qAHwhp-1wrz}2x&`?*;$;k-;i70fTH28|`Wmeb#yaZ={>}Ys8m|WtU@kiz5 z7TW1iTiE;EjvUk0rW#}NJOTy4k=?z(x)7%_pdPqUXnWv*Mkr1@wLI8KC?GHk5Gt~x ztcHq0fXV^-!@$UhUct7`H#g(U0EYv!YxDo}eqayr0f?Wx&s|W^BR%h{RXE%YDZb|9 z>bh5{q@?5!f(B!?9}B1Ep_@pVTfCc{<>loKadt4k^bXJ#6`sud)1Pr`Ig}5}1(1Q<Zv_bK`ws5g81{Q~qWBL0lIFICDoW^P{oc)wGogrtaw zZS4snafraF%QZnPoDM%ZtXgN<18|AqNfDt&(B1L-Ygxez2D^l?C!=Fy$$J%QF3de= zzy1<$MDhwM8p$m#?ztXzT3=|Tmu2Xkkq8k(5G6Jz$kM?Ia(p3dBusk;;vlO-Y{!R=x$yq8FaQ?TG z)6e|BCtwF=&{lw$BafMSZ)g@ONrp0DH78J)3W?*?Y~#hBmkBmdSH}fin@u@r-Sb*6 zJKTnpcFl_ymB4xWmwrO@;l-(Yl)&rP9)S~ysoA&&4?=EYWM$PxDVJON!;JqsVRmNi z5D22$oq>!(>Z~hQuiE_Jrci}-j34p|3wN$*;{;9ltIgAJYap2r>=|RtR-Fz#8b`0g ztE+z;72nh#N&j65G(M-#3DMJTznc8CF z;xw$RZaK_OA}MT>>FDNSiF7&ciXeZefoy)a@H!zR0zJx9UZeY_7lsCZ+Yd(wWVKw5 z$stX#7_X4v->HHZ*oEUQ6P0R|TDt&=BgWsY0mzhCH9B4>!Z^X-A`T4~Zp0$*5DLd1 zb$?_orQUxfZ-lG!7C~yUDSa1*=)vv?rD?3L^%g;5gVsNX?xxYz(Xko7LHu>e>3Vgv zc(4~T3@#j?yb+FMs4`;vj%xCXh!6*wiAfd|6pW~P%Sxz?V~Phor2RizUw_r9nG63N zI_M0VF5z?lm`4Dn?mhke%a<^?NJuVFgA!x8^TR!u`J|0bn|m1&XkYxe741j0O>V`S zc+(EC9o0G!Qb`xvndy|tx`dZH5U(M@28DEB2SW_XtPQ0b5Qx4RJ;7-pq!bzz;JrfS zY`o+N`L3!nPMRjYP_78N0(qu#I7<|-Pk~b6*>~ap7<=!4p4h-DI=>;3K>a6 zR7RAdWtGuFQMRmvWMx*$-YI1?RI(CEB^f1DNRoLaDx}c&@pRvx-{<@L>-W3eQ{!(Otp!bPcL~sBY{=9D?=_1dD~mrY3E)Qh-Zya&kcKDc1V6Zxl-}x1Qf8 z)E7Vk;pPEPLf3TpAkHHol+C;9okWB^hE_&3X3!|chgku$7U&@YzISx^q4{UkQC12u zbZ=^LOf)<4oT!T+VLLB@Se_MC_k`j621@$G%V$+mNAf28%}xQ~ zH)PN>+mp08yY|%myLU%Un9vf=ne@v9N{*Jv=+XX>jjMO-Yu2taesK}JFw`bmSU5DS z6x7eIuNi#%u7p{r8hA=9-rgY5BR4$u+^u2DKdO|}QDW|>8$4q)v&3hK-&|9kz+IgD z^r8O1fwwt)5TpwxuT4JRMp^k*T>ZoZA>)_c4cVb{yK6r64iD10OP5_7g4Z0oRJb)A z%Gbh>6)+L$;z(Rzh*t6luCpn@nr(jy+E~reP8v!IC6T&=X9~Z|7I*=i#AKo3D zmdNBAVqw;knWwJj>f7Gksn|7}sMdrko5s=^Lq-2f3%$H{f`4k@RzuT2#}i<13k{Q9 z_CvPtNxUF-=Yg_mE2*p#*Kd+iSuRaJbP+F!nW`F!%KKY?U4$gw-(s$SKzPq|Z% z8LwqMM-Ed(Ma9&~AM>6*6+#3c@3DVPBVUjh#Dp%yW8ne8`UH14LQ_1*5D8ov9W+JXmt zG-PbW8#k!E!m2UEJG6E!2de$RIhGfr$$QtveCxZ-=*hqMEwl!A`||n4FeJ>2&UZCU zEh?(J6t$zZl*CG%I^7FdZ^gS1LLTwvK*bhnrfEj)u6mat^BfQ8dJ>iv3}sh`A>zuw z3Dff%K-grIG2mr)WJ3Tb&u^?d7E|dCRxBj_hw^wp68z`!6IuBiz0yi}2$rkk-s@TH-33=VWoiC-45`rfQbI641 zh2zNwaF8328Tw3~@*Idh*kkCmq@?|>h{U~pzpr{Z~ zZ*PM$4ZpN7(OqBjeVRhBIlohy=geRp7oI zZiuO!U2u$33-^0xzgARq3)}DGNWfNRw@h#GL?Pwo&3cp>kH6OKs;*v1r}xze@-wmC zgaU2iQKRBjMZfNWFAtzYKiY7<%FgcdRXT}CDEu9~x>}FO@b45fiX(h~WyE{YdRxvu z<**SSO-!JYX3n>H$ix8WA8%kC0iGEv?|&~|XG7e`>wPlQvoD{z)DHRFRI^6D%{?7A`ujH&_aPAS z#m^@@o(KzTNcAJXzSwKn(4kAR@0+ytuy}^J>aF=YVDs9t3OBD14ks;g|5bax9wd4d zQ;VNBSifMtC`M=mWDt>WThM}|sKFZbX_9fwc-@>1&hz@&|CPN5dK}_-rRSco63vQO zcX-z`TT=qF7>!nmg~k%_B_}OulRcJT0U)uzFG_ZgVBfG#}+SNz6p+< zYhJ$&I3747VY7Vuw(I~iEvBhIBf|6k2JMDI?GN=j-1bykd-={ylNlSur;Tv9AyEaE z$$}>qVZ%kON89^nS)OK3a`COq%x!w9qg}7(aCX`_^uMa<`7EX$+#AoQmpzva?aWDk z8({ObJP!UXvW?h5iVG)RTUXbG1DeW+HZwHm!tweB^+gxQ$mmXd86Tr-aNMgmnTLJ9 z!Q&7ky{w#N6Y^u68*msl*3_&XS*WTn)&vaVcQs3{+wmWty7ml~OB}lTr7*Y@!O_Te z-tqoG;3H|KAsUo;-1wEsoJ0(L&J0{PAHrt}rE1~tk1rs1yatPIo1}Wsucc~?Qp2k@ ziO5*I6I`kQxB8r#4?S-rp}KL|T#8~Q%5!@a=e$G~ej6f9430w=zIWHr*=BXfK&i{J zX3F$3;;9%5ebctacy*OF<)5j0*;vzJgdI}4(NAQC-f}{u+Ze#z(z1EJ?YLqpA7aIA zKgDJlp*f#f6F)h@+v^-S7qoQaY*QWS`lgvVQ$###6gOJP6f)zUmF!b&QTyvYb_B(5 z-uRR5mt2o#U!4M8VQl|u^{ihR;3F}uM4vymM1Kfpy)tZ~Z!u5H_@qIkx3Wn| zz#}N#-UFki&ziMcfEXyKk|y()OchF!5GrB2#-0AM7Yh<6j=YeJI5C<$le&y$;W6(| z#0yIBLt3OBk+1tweX_K(^NsNVxX?2UZJ9EOe!&!juGDBkP-dK&nX5bl_P3MD*oFOQ zZC$Ai#N_bl$IXc zGCYdv@rirAo3VxNu?qMG^$Yhx;K!qQ1)En0IRX52eOCBNS6A(;(e{Ok8JV$k-KR z$!g68YRa4G>HombFFhOiuxnsw=p9k`A)PSz{X;=*e2by*RA_tc=ZAckoxX!UwXoke z__OF>3&KO+VObHI&`-GJ5ALRmffY4Y%%w{RzziqW^w>^bVV<#hzCo88BdHlVR<{A4 zTX*PS9?)oJEYnOtJ|&lG%N{a9CNYU}4TgA-?v_RLUqX+b4iB0_!!7Hlrcm!$rUAac zR#Kq^>Tc=%rnJm^S-pBF#gm0!x7RQlIy1(b znmF;u(2#dOM<7|1o&hQJw8@c)s#L1gE|0~36g@JKjoG0i2bV5hY>E~Zj3^`YRw%QU z+eq}FjluWt?%2{<*zq9pqphu5XZ2AuE_wgHF(W86JIUFnllMZ0N5nPt$}%12x9?QW zlOmE*nHd7RTZWd=;Xpxc`#vy{64+>U)z;ZvYkrjPhNu^OG7}Xn(2d9?4jo$UOUomU z1x#{AnVN3!G?dxXgkvLiiu_>Uz+g{9|0QtWMZCkPlW}-Y#|anV7Tt#F2MX%ta=MB_ z5m8kGxM9f7j(Hm1AdJlKPYd-dKVJrXe1tVhLH3Kw>(p(+-pgO2ZKCKoJ&nmcU$;*o zd2~B=a*f{veHpy)r8-$$QyZ~gIzvSD?%hWP^i|urnUH{@x;cSQIm0z;7g7`#vPRPC zZ@rM>WrW^N;eimXOV}Q-qi321vjG-HntVj>-s2Mw&*D(F6^bIV;NuP6!F3hssp!&B zGx1{QiRmd@=N5hEtKpSPmM#U|ugB~kZ25qvp-SCGR(LBRF6FapP z9xJp8-s{n_s-)w1k*t^L0Dliko|L-zK@RtLvqE0jfAC0UKM0LwvP9=Ik2T9&#YS3+` z&7>_F!)7C>n_E9w!n|fNG`b#~ziZ)CnXGt))%|VM>SQ`tskObsl{n3-62g%zL2@J47~ZUX0WG)>_9jWAp~2>cYV`m zE7wz+AW7TAZi~By9seeHpfvhT0qlC5nSYdA4frBXkDl8*GtcM_>2z&Pm4@kz%7^ay zq8f+E1{G71OQB$k%$`8A8WvD2I`J%T;lH%{XVZ`TbG)PHGuXOq zo5pFsdXG4VLcAler2LnOm}4~tRu4Rq?NFIyA)u)rHqq@{Jwxgvszjkmlgy-1J&b>D zyLRcpe_-VOWgBwlIQ3hO9O*3Z5T$Kp*g9V^EMi@;=S~L+cV4(~H;svHyreM5zF6}$ z6-^zrM$=z@yT8|0jS2L}?u)@q{dVozA;5`SI}u1#{vC)%^jFJ<9_fGT9#y^uv{5zz zT@;k^aTiM`x$CQmr1N85Z;bXg?D>=FMBOH&CSsTr;NrGRY4!H_m(pamq^^0oe?;14Q$~? z0lO7Y^ED$hY%NmJ4R*Nma&%#=v_&ZYDZe&>>0P^iU8JOpj*a4I6aQVv0Frf~&EU{m-|%43%o8UDxVNdVUf-no`q2&!1zLj! zC8&n=nm-o4i}VL~cp8T)UznA0zUV5bV_>Fj+`HHQV$W0%EsEPyP=Yz*;=0I$)Y0u_ zA;k-$>WecsDH0e7 zxFN6PVP4)Cs#hs0s2 z<*1=V(IVZ&b6=QC1QL;hj2=DOiMnVJmd=Eoltv!FjAEl%vWoo$c4Tt$WYO3eGlmc9 z*|TR?lM(A5C{!rC`BPrhPob%TN(1eGted>*xZXkG8_n-n&RR-do+^V0k4c&hd5LtF zID|K67$Cm*3~bNF>z5|Se`_{_Z9^T{6gH0NUu3929m0rJD#cwBJZYfCAVi)~h_4@?ryErP`+1}E-hu#-&og`Wr12Ix>wlA&!SW}GISY2CcJny2OVEe z-<}1nfsC848#DBXuuQ2~O<8(SS1>R?LM!0JW-{)bowNSKj>KqTld$f{95Rk$r7~V> zZU|!t0zxJUkF23V?L`SO3MmTonTL-aZQz3lM+X-4YQ~@m3oDM6-XC9P&V-i@G-$wF z9dcv*+CGb+KsvL2XZcEW_COg@I~;ZB!MIFHMTYz0c%b;b@3{myE<=Z^fywiSqrANh z5W}KzZw90&3P&OyLlhah@q}X9KncV?E}_ia5j=-_naT>@OH%~P!hBxl>g+2-JfJ%H zI8Hf8fjViO*TX`ag77lYAfIdoAS{`RF;6i$hO`OVD>n>mZrptm8&vf48Ba22lgifR`^2w~|96V8CIA)EQI-^BtIQZL>K))dTRS^B1iXwB_*@KUQhRa^dPxCI>jCIBfoKz4XBVWj_04}*OpWo|=@dh_1B9UW~A z{esu;v>4L5H5^k(ftwpFpE08|uebf}QZ_DpmAP*Y=zlNfq|T_3aVW@b905o#Fqx+^>P@9*>T>nHXk zXNUiy$ic7UiNX9ac?LfM{_}?;U%}r^1Hw6YUZH9r3nj(`eb2mZ^}j#9P|7tBcHgY6 z)7Y%^Rqck%N-WyY^x5B))7GvQtIyxwr8|JHmzuX&M_KpZNAual<{=BTXwqcctYon` zrc>Aqd$ZNvz<*R@z=!0YFP%|r>2{f2o9s5pkwy5Qj}?^|mD9TjgRZ3R{RUnRSI;~f z^}ipU3ATh*sJ`0HJKvWR%n(){O^?d>zaC7At;0sEg33Nl$PkIh~>;4AIPS5=MWBz-HIrmWYXzEW=4*(gRiH_dFd=&VBqrZva zw+VGL5t--i=6J<~U-9*OnIka1--HMbaRZ4Kef!Swi8$1Ef>pZ1`0>poe3N1+y7Ql? zg}Ha2NRU_zP)d5JKlDgTvWZMc<-0@V=PNOJl=Dk4VL!f-a9g<@cLPz(BC8sOzxKZ~ zl!wsjePNVNg)cP^Km(7F)XfGnY8 z&YVVk$+#6e{nXE_w=y|{eGhq+O~o*BGv8avng669c`uX+B1vaYinfsjVhSpkxgY|d ztCh(%SlB?{dvrA(KVBLXi2#~LT^^CnkL3B^xGW474gf15^&lObtQxjal+Coki;&Xr zq{uf?9zNW&_%K}8jF*FwWmI|d=1s{h^!U6{nFD~urW6#YvBr{X<;6my@7C>Bk_HmF zv7|Is^$RbkVWUREf~Lci!VjQck*Q_eiokLP=^|vu?07fzK9k)Psv=>-5CKTHj*st? zh!9`Pg&4QN&m<7gL26m4w!1<30HC{b@xIbOX|IRC`|5s&s%7g>jWrR;-3K6@x=xZJi!BSP(Ji(c^#7-h+=8L2Oh=@J0qN?{a}uZKR&5kQRd9Z>&j9ptVwOG?ca4Qb`As0hYYYMK zq?B`7xUdz5${?#tPDc|V#CH#IHc3?UMfm(FR)qb$3ZMzH)<(c$_|;V9TWwC6E&ld) z{e%eFJTNqcr6Uj#e1}EnjeXzI!Qp45{pDBo96>g6&B`0^G4aQw?G@ZOSc(Lfs zo{tIDPWJu%*Poh>hY`)xJ%o~2xx_XYZVAS49+otaBT* zT`&wpf~OF!@sVTrUK91dG(Z}IWlaiqQ~>(>)5vr(T;e~MZwah~n;>k~_6!-NqnC?n zz>|)89Dmgu1g?Q#EKE+&b(zxU)A6Pe%~l=l14b)=nw$lCy4%po(PM5PS{(iOsx9@m z5Hm5TZ3OF-X`48D8FeisL5Xbx?sHoh#kGV3Hd?S0;uQ83?TN9hJ2=2UOtgaJurjz zh<08A00XoL2Y7m>YjtN5P>ffh0h8|6jC}g*>!*^p#^t3pVRj)rMK*q{`=f3WqVQq! zoF*4FiCrHRhZ93n!Iz)3o{3u$NQ!ZA5Uv%-}TLgxw+9c(!4%?smDGgU(sZW5@w1 zG;Y?jW=%{yS44KdO=94WrK^IKZkE`it;~DbV3Z!6iMK+R1gVtBNQEx(?KLpn^dl|{ zbV+LRB9NbK`Ojdr11P9lR<|8M;1ZST7CG-eM=s4}G5ADYo(wy@dMTFhj`r(&D3e}A zk3@Li0~*LS6OTX0*{}t}u@p|UnXuO+ZSHEFupbl3e06@rzfJT24cr`OLbpSCJ2I?(H zYOPgNM%U~xAOC@o9-Yw+e6>;iK?XeRX|7@{D61CAAxJ1&qcZnX-vngG@uM_15aw=54;9(xPYS8VyTMTUPN_#@V+3sL1I)%Lh+KvW`erDnKw9rTve_dsCK`0DeBq&Ap8U zPjz2+^f&?>IdQ8MU#Q8oV~3&QQ2mQ}N%A!%kCqZH@tgy<6s$Xc$q+LnsbU?(h@rKT zl4;`MwwQ>t!4IUEgChuN{*uPdjA8{vlBK1tk1Ms7S;H;bOtIya;TSUmO~;lR;_)Xl zCG6{@N{%a4P=GzP9U?xNJARwrW9BkUEQn~LJSno=jRqx!sUMpPtI3Z1D)^OMsj)Wm z#{d}_p_Sut_fo>Lh2wB3X~$l5;hBSgJ0be3UwmjE*2^NdM`Y-8`Qhd^;uHfU2mXB8 zO835!J&kGBwKYFl0!4}jcvkeYc`b;Nsmy@{Tmwi9iki(6W3iMorc97h!{(;z}xv+3OyjUNCtmRlLw z`8cSW21r1bu^MIL!r)E+dg!bD`Tb*-R90-Muz7~us>aA}F^7aRWSg*PJJTsA(g{G| ztMO|#GU;~BkDHye?1OUA&(%uX*cAAeG^VslKG!IRGDhZNIDpkZa`A}_Wa-z0KNNR5 zem*O>UEDxnOx|Lg22WxVRZf4r3puKl*UCAJ=Vn}OOKbzSDqdB0P0lUO(XZ;oVr7ZDO;5+B4LB=z zs#dNkrnY1V^XBZl-qao9dPzDh_;+08ZeY-x$e19im1HSB_^zNDvv>nx#hH$cA5dvr zY0(Y9WD^d7GGk^mceLsQ$(5qu=KcG-dj9^}0J^4(@9;QH$@N`PR-lN*7xhwQ{46~I z!&oxRbQ#6TnuQ0-p5d6PQW?y+2d30Pg2diQzJO=2`yQVR2Q zxIBGjULQl&I)@t}r55A}9rUImN}A}mjdyn#e`kX5^z!Y0#l`5F?hGv4NQMN+y=Zm5 zv6qe<7gj)wtl~}!VN*`(hfTLLsXbJv(8NnJ-}Y5`c`G_p0NM~woiMpcR2Tx$?KZ|w z;te@bKLQOXK54(tPOiM<^Wmi}PB?~is3Vir%|w+cwZ#HC%P?4YcRjneT`-&4_X-;F4F)BRDPLwTqJAAOxl5vP4}o{SRpJ)_o1(#;ClOX6ii%=b!45R<{b18O2Lnqx9^KUYo=IR|*XC zS%Ggi5-?brIDvcLp%L2c=Qq11ZP@>C0qPS+5Hq*neL1aOG_ZUb0gqES8ePoOn&VEJ zn?7rNGBP|Im0qSr^+vYL$>ijtUrtxc2BNeq`2F6Y%^?G?Ta=HNa}x1n;82=${!}OA zEJkwsBHEpSI0(|=M6+r1DY$6yk|nojtX9qZb~`Jp84LE-qL5u9#6Ff$sPQ7G>n>BSdGqJO@~siLz`8<_I)2S8}BipZ=&YmGs*9PkFBi*n9n$6J&ZY;(}Wp69Zui3e27)&A3!74i95p@@9o-RfB~lstTR`qf#1 z87)cbe3{_6xhGNW`e7mSw19cZ7~0aT@63VP7G39FqxEK|V*8j#&&ZSJZY)&%Kr$vc zaI){^`D&|q9DCWOA^hYclXqTF1(;wvSr*FGNthSvnHfNq;k#~RCy}T{mWjYtVLdfC zy>?9J@EhyuMnEDEyib7(i8W=I1Ivw{mHSWlBI#ligFpfRaKMP#vckbqeZe=Q7ffAP z{`80CQKJsvb)BBt{jMl&2A%`CKgDL46iRqr>@JMm4nmV5_U zCdv<>L9G8cL6<6*;JO7=*o9(kdRcFNzr&YD&Ds0ng2R8?NUOIbAsQt5?~C>RL}L#B zyEzryokaW=c}<(VbcR5vr-KTNsnqBxP$3x?BPF--9+lSJJsZMxYtp7oaM2%V*yUnf zc<0Mx+r-J zlLvA2Li!<`I?k~`JGpbgyYQ(QH_lov!p8Y!S7DP@t$OOO6Pp03cJQXlScw95Yph!x zNXtsD9mxG;mH8I?A0eecd4HHNe~Pp_P;{NweWf)vJDLj>bP*X#uxJ)WRCO%c*k``_ zWK+}q(-zZZ&|4KIynFgU{o}CTy+JSvCh5c!ZOSPB^#GRJ9rz2EYt~55FDnX_$eBze z@F5zdZIqK2zg0b^KcIFK{=%I^RvTv8fZ?by(gtN)0laA7AQjc`Zi6#Q1}#w|iEpgq z47&?t$3CSYOmT%-!fOYK8kpzRn;`;xQ>e)Y+a`$Z5$6h$LhyijgXuANPfBe5H0lVE zbb~?Prb^&LhaeDPTIP^oYIJSKpbcf4{&yF_%78kUbn9SyHAQuWy zFx1EtGY!*C~bh(g{@nfAh}rN2e~xpNdp@DY&oQ$)FnL`vU-XPvm~+biPY39-^tT*u3%};vNCRXe@U` zWX+{Qhw+(vQq`6h;5nrgeX)49?0B@FLR;9gw5s#JCF_gH68SIx;{%LTM)Kmme2AbJ zyG3X;DN%V$Se2L}^eB^4Hd zV1=rDz^=hZCcJy5cU))ds~%3hd-d|;><@~oY<6(hH`e%aj;~|OXY>$_FQzkC8VLoM zH!*758e^vM8)0%KZmUzN+sy+~^Jj!U`g;@z0LAZ93qZ|(VHn{#>l3%hfo4xjBnY!l z62@#=fv9xG|hMtfXIN@zP__u{3TL?P;a_2G6>-KgtN ziKuwcNpjpFoM=Gvsb-^9RaArrgeXoyK_-=q2zepsbAn^7H*9UTpNFGC91>+{9+3+z zBrP`dtq8+-r^0+1u&ar}ov1hEyGMbJ@}-100(T&>3`D#bB@E;zw<~9!JbhY1nYUxo z3QBGX+w1Qr6@`a9IsaeEU#EnxSQzRF5%@wp&F)V6RgO{U;%mpK*{HcMK9BK2vJP+J zzZYGszhkoon9i)FJ!{GwZh!Nc8_as|U_(peC)e|!MWCM)egMv_;`l1JsgIqxj?W-# zmpG)DrEdN9fQh(!V&5oWE~u<0=%g{DWLukX9%t(hpt3-uB*a=0(o~;*9{LX3ZHEs* zBh&^<<>_S`{ZQM4Gs@0u*3x$qG&k89U>eN)WO_)AFMtGS$5%AoOl-w9+45MeZ@^@b z8^+S&8A|pOCJktx+@)c(bm9~no8pX=0a)yO`C#o0;Z5MiuSO6aPdBHPRTb_RWP=mj zI?v9M@hK>}F4|MSgs%^parpwp#Q@)lGO(fZX1Xrsy1X2T)HHBYW1LLS{us;d z)->ME8d*%WwbX zM{1i}%)Gd<=N8hW14gD$O(-~TC#+Rao7?%>&kUQ^;}11`#^h^N!7PgWu@`D7JB&NG zz?LJO)FU{n#5+c8qWO^PNRG$0j>8^~%Nrh48DfSdv}68Qs33qdLXbU&Ll4PaXjO%` z{>1>n|9qz!CAFPU;*L$;*#rKa(&r7#b<^}tKR@pXsPdK_@)dxP0snyOa{=AKQ-vTP z^j6}XDK856Qm&&?P$2S+A?(#tV8P`+7<9YhIKxnY@$!;1V{?)!3tRer#TS6f3#ARn zwi>J&u~i@^yOi$(amdbYzv(3&+{BmS*RLxa*KQ98c+Kcj^IUtmwV1Dy3kE zyFQk`{`9FCy+HH!{S|mE(+}nRRw8~%3A)%VdQCI8vMO~b zG&yx-Z0@{DBC!i1fb7-f+&QnVt-V#psaf;pZqv+tSlpve<3n+UlCCuRCVT7MyxLzA z4mEj(wTKKHE3Xx4UETadd>05cbydTWBWM5lYZrrYabonKX?6-bH)OEm)`pEx8RJ;G^v6J&3GPtJh_|w_33QIF=zUg!o@vg;vhqs| zahK}*eHlgpBN}kQFV7sIyJ!=(^#EH(IB*<+VIj2geQ) zmB--0`vP;DDG1(6w>9xoRNN@gell*@^o@mWytJH3CT$Dq>XDV1&qmYwx8>pB5`z7m zkVl&nH}lps-X5jFX?VstjhQe8M;nRK)Q^jq^|2!Z_9W7UWmR=9`To~3 zuk89H=N`w1n03tc$HMp5Xg3W`kV|g~2K~z~L`H6)_Xob;NCP4OA2Q#KEh;(8y zb?W}J;pd-6b*;Hd7vzL7lVGY8U|U4%3r-32=G62Ve>K&9t_VwGit-=4niOEQCOo^L zr<>_obH_#z8yYS@ylN~Qn_@23lm$Mb|silqx#PncmL?{EPZ9N&+Yi*{_bqs z%YTmi8gVSBF{}RNYspx|ll9&21=rSm>n*{PUl=nZa3=TY#t#WIr1Q#}w~7YBEKO7q z8yHGa{>y~~&XXDtSlahaysT(kIw$|xGck#l_J(FZKU|eMb3o~UrQO?Aj3o}AS*qX4 z{bD^whCtk!bw5w8UN%e~<=Kzcm3CEs*y>8|*9NRpL*41Jstf}S%iaz;&+I@|moBYr zYqf6hSf~dauEzG?>dI(1LOjMSgC0UzDk((*DcMb$!IEzjq8A#?IBbpaIIA#lT4L)= zBrA=7->1Hp83+z8qp5Ed^cx-FD~(|@-X8m@Ry7~}nB3Zs7PwC~pK+h^E@F#I_7&d?KS`+IJ$ffbQdFp>A-x)}PB z?e+y)1W|MK>r6HW*iygtf=o{6iR&?L3ltk>Wr%WIJPQf-lytY^bs>51 z1caTA#8*rGMWNf?w$C*Q4M=ftcipQ&~GE#)6>0nJ28M%)Fj0-lzeC<)Qd59(r9 zJY8&4v`!&?){6M`-5MpHIn_KSR?~Cwy~9pf_wx1T-YeRhy@NrK}{tPQZ@d5&N04EQ&Mua%GY1`DNwK_Ut?cEhcYxhOm zdgZ|a-bV4DXH|(la>&Fc&NRsh^YU!-ADnq=y|d9b{v5<~3u5hfAnTAPX8rr+ zJQ*2PGyGCg@3?_SWKp2^p>|;oqnQh&`9muf5%je}xjL95OB7il`?jDrU@8wB6+e~FSM4sB z&rw_hfWANQ@ZsheYd#=WpR=m7 zhD>2u^sL+gBf_~9Ct&%?s5wqfdm=x=Nmo+d){rt~Oq1h$m4RLb`e_sDsxEbC-(GuO ztMDJrnVn{@`Bfe3GWXi?q1~LbPT?or>w4fNcz6<6iRV5)UaVOEs|68Zmd!QgH`|l` zY2Mz1D2{&a-r@uP`UuPJ$835IB;K)OM>r89$qONs+3L|{A^YA%%*%_ic%gWj+e6>a zcL=xaK++9~d=R;9n|b2(i6n+&#RhZdzH5HUw(F+@2md6}JA8Sa){N5;zSm#({F*T{ zvEJASC)g-GXlA7CX|a3_|Mcl`KHL8#(xM1OZlOdDy_KspH0u?P*uPHd5*PIq#4;gO+0qb9$Uf&b;k9j@H(DEDFs& zeEQTqa2%9-+x#DUw7jm*TJ3RTJKXnxR_cVW`_>E2&^QLPGVn+{VZ01Ys%2W%`E%#? zPF}=>I?4J{d9OaBZ-tKanDh%2@518}s<&f^!g?tiK<(mtg;k%@2+ovIjtD>iPBZPd z>RJ$DTumO!fHsCY5%0;Ev<%)zn<(&u^B|<{_*nlMzdjaM2(! zTu542Guc%=y8h7_r@yjiE<#;7or)`zC3C5YWjpW-tOV;itsmI$F2&o@NiVe`7)wmb z(Yl}=nCT{#0383QDkHjGfcC+KZ$EA_J)k#RZ*7Y8+nR@*wGi)dN^kytolO6@Hi?A4 zFC-o=7wSp^z6~(Bc*Tk-&wU}mi3kSYN}_-`YQU*^7umN{hVhKvYYq;MzHyIY%4p>m zg#(tM3x@@Aamaq>gR&DoMfiMRKC17|G%tPA=M zp6zot#Nu>-hx()&N^P-RHpOYies((D#Dk?z15Wk@#%ikC>&&%(H=~c@O0$V4COnI> zk35;v))CSD{UuHOj!&089Y1T%>|l%203*9mI`+r&n*qJbCsUK;t&Y7ydIe0vfGLPS zd2{)_hrRt?+lUpWf3iG1JPv$HpO1$cVjQZWiqm6MQy>WH_1QCVAq{wk@V79)QrW61 zs#zC5wKx<4$?9~x!FZ(2l$93K#@a^D9FA)+%eWI5BV=OQ>FZkLrIR_6oj2t}f!jN@ z&7RJby;L4&VDTRU;=n^$YLcZ@F$=U7x|Nnn;(z z6x!am3)5R)Zb0u;R7bhY$k90WK^efO1~?fAonU_k zu1Uv^G{z%pelw1-Jv&)9WZB!+ddjR(-h~;5aQ_3Aj;vbJ9)=@nZa=&)8B3;pqgOi) zL`!R7vRD=vd5+9a_SAKYC?7zTmxW4XV5d5Qc0et|P>5_}xzoq^XR{i^nKyi`n4cdV z+r1#sD+{hsrLHsSu`{SvhYML3QvH*YeK&u|tID4wMS)dT|tf zXZVt+p>zIw(Dm!T=k8Q)JD42vGe|q$t1y&5*ygX>k^dm~L-jJAxT&eC1h9w7A6>~T zSzr(Ye?Nx@BjpzDjhJccdp@%sVAX*c_m(aH;6)(7GPDYTN;BG|F!1Zo#VD{xqnnox z!kqE3rq1HoL5xWq8U>H*5$~BFgv?R<{88?4ntc8>;XvObXY}G3q#)JO z);Z%&+sdu8qr06TksT;_8&=lP@#35o>Rmfn&gyc4`~=rUXKjG#v~8oAz*2ZzQSNp( zBR}8J?#OApJ7!M{$F==fd2(&v+`WsL!>O)QXO|rOaCu^(Hl5<36SITBh!JuhNUV6b z`Pi{p;ZH{|$cvh^okQPiww0UBGRPmzKbcQTV<5*ju<=yL6c1kpKlbOQ4w!ZSDan)i zy(+WI?PIPFkDKZ*cs_M8w_mYX@ad}!?a;KgkywIl~$i;XS z6}CM*KMX#m3qK0;DQyGm7nhfAq12c=)F7j7@>8CLl&*8(tX)J)YRNzDx4gM44VuT2 zugx1D8{fmz;vtW~=sY6GU-zt5DTAQ<70DmQk8-;-r_XsMu+>$`p11$HGCDY1wz)9f z@b12T4`>w!{tC=Gd#@$~2XD*v@+9E{d(~h|LjazA-UN&~JFbbGLM9#XA zoU<#Rzer_%e&y2EZ>VLHmVXMpd-cqEqZ4(nxA%iOUHAS|)R2nr-@|F>e|jf_W9nf> za9Yc=YtExbKi$_kK$!x%P~CU^`t_e|D-L6;7HaxVP*+yfe3^1$q#|{K+?D3?JBk3s zm?(e5TPARL0BGl~*?U~=wd)~e5iNi&=p^W^vSFm21&!RerdgdKXkJ9Ta{Dovu}{ zW=8#hGa!m-xgIrcj7|M$AeCtY&ISOxMJs(;aXMDqGJK-sY z6Sf{-n9-3bh9s!6Sju)L7Te=Aiv*>i+Fpyj5zBGQ zSoGaP!`m6Kk?m@RMnE^>maPZ8&%LXk-DM|W z=a?MU&Q4J z34<^NXq}LIh{;%w-t!mZ%h)Qg;4-QD*`&N^$UC0C*#s?Zx-wEK7` z7k{g5j8zZdX?5kcc57gVY?930qxSh+8bP7cDf+4Q-33L-+2CqcwCeUtXc5+OIlA7z zYP~P;pr){FDC0AJES(Z*s|fkbX1|KuAWaSkDDcjnfSwuc>)fg1LqpiIuV1}NA(l&b z#&k-su7K~>6b1PP=lj{5Y)B$c2k4}lC2$D~m^{c0>|cqC+;LcF`NHnb?yeI7J2rnp zkhm2B;OjWr53;FUr(tEEC`$MCn{||zq|9|w#L8)jo*fweVN%d7w{k7Vix?MO)zbJ@ zy7``-Ubb&ec@?am>F)l%isafhs?3>v67a-Sz2AxB=dRcrh8#R-!R|!k(D$*IWyMFV z38Vle+P)p)+>9$uq0!SquB%8UzY3j~@t(>jn?%}FHDVen%#(3TA?Da%e97E6cIk05Wq7<6-^zEM8Pm*dEp<+0FLFrxq>q%Dc zb;w({Irbqboc708lCD6|#)M!Gw9GTQjh0(Xm>|bME{i;$sh06cAAQY!K*5ANC;C!z z;gev~WBxpKWdqHnOO~8u;-BVSBNwmB#^m*%tum53KPhLJty-LZr?V9cx(+zYKyI|N zc=Tdo2b9K8eqOOsy^N=rwgI0dkly%JvAtmXQ(wA8v2$bdpBdD0`Be6jB&i?Mg3kdf z_`%*82>;j8ZqJw*O!}c($?TkJcdBxeLrvx0+g7c1H^2TmU?bSG-olqgu-(s9EX_MN zEm&jJX6=GYDm}q|P7>+RvTDt`-!sHw8gdz#l!6HSTyo#fg=L2YWF9$Y+tTqAz}fS{A%(iZ?Sfsyh8h@7EB&k#av!!?HN&;XVt?~6u)<2 z_(JqIi9MiZWo~`~+Ou5o`7`l}2cs~Fnsh8ahO6L6rE;k_RHmhEBA44C`&_;y_$DyKGlpv6o%fB&12l|HNSKs$ zr=#fv9zqY&C#)X8%A;3CWwxWQFQ-oUzjz{#3`|5 zc6BZBF|H$6tVG}xdnUVWmoE2tU-`*vujVv0?wv*12bA8gVtLoudL1Yh1onwvSTyrR zv6~C@72=Z+C_q>zuNcyc2k*-rqv}!WXAX>eX7A2k;c8k%hC<7?oU{e?7e4R2Ro$bf zUDV=~g$bkMikc6cHh7Li&C>B*v(8ZzvPR-zz=qiC;F8e_ng@i|fm{>kxuzm2n1KhN z4GD0caosPw7sY4p$?aHJKKy)iaPG$^$4wjf{`xu=Ue7&_bzbLP7BHGb&?UGdzvs$r zohM}Lk?=c7(f>l2f664Kegptm*$UWPr{v(O&O+(P8^)V$IJBFuG&vLiWGS{@ zq8M)3l6AIFRa3K&n&Qgxvjt7>ukX1{V)Fl6^81MVDw4FdLpBJexERg%uXcl3u{0uI0Z5oH< zR8V!kg&{ZNZg8w_S@ATU`4$;c`|&6JqHC*0LBxrid0l|eDQm7LJjjC~?OXSI1->kq z@^U**xX`0#&w;d9u+z6g(IbXTUNP?SYp5-}UiaMa7W5#z%gbW^L?V91{j^k^wkw8= z9J=XKKRb=5iC&Jv147=|w5;nBYE<#b_pL1(OaUA5d6C{DTvKqTq$WjHm%-7@>zp%p z4a78>c1i-)ghh`N;F8o}K#i={{;tJ(twROd=n5w%sMPf3O*O36ym<>P@%#-s3*0 z44gCEUtAf)h-=DF!or4Ty)^bqero1OCNukegxYDGv>J3)8cvnD1>p8KDN{u z%K;VXB8=JYG%>ml?ZTLENJSx1v(nNu0EA|#jW!c+tVV=Xm z0l;fx*$?16j_UJ$N<(p?!Jhc9L}BPqy*1xGxg9*O^JLTrMmO{FLRjiJ0s2~Yj{3Z3 z?*-s8Y9v3ZAh7R^`}R%Q&~bxr?RQ;J6S>Bc8@P`FCcPbhb(qEqBA^x`VJ;lr4+fQs z{T^p}%BzAuR5}%9mx@FyffgVOUPIFt{Vt+PVAO5O;1P6%ZF&0h9z8>pa}~H`p4I#g)nFGVX>&j@2FH`=#hKK@FN#4V_jz zJTOL8LDOQd+~!O_xq~kbE%H8VSb6>EL?j@jUak@IL#iXHia$SY)SZZk*cZL{OaPBe zU~{E!g6ExkW%+!PRcQG_C&t5JB>tqNB#|}1Mc`(l?5FMRt-1w@)(gIqIj_mRFi{t! zdoiW%&$e=nwp?q*^G(09Y#XfkIFjGpP~Afd2dFdzPkbw{kch-xlp%z)fz)vHgOhwe z^Sp9tFXQ6NE6Tf2lp|sZg^L;W>$zeep`3?FeevQ5H~ltYP$!#|lwj{Y;eh2Gsz%AS z44k^r=5i2)Ee6*xJg&0o-6=*RUaBZ#jOoU)hyHjGn^nMWXq;|jr}+6#CunxBFC@d7 zn%8Az=g(X(DKDSp*6xT!59Py$5A&8~(kDVUHhjs)k9Ud8c;Z-RuEO|}dTAJ)J!Vtu zsm&h(7L2^wdq4zikPgTS#TBTq&~d=GB6wVsou{e>i*Gh}q$`mH@Bgh9msc)d5Sd7_&*f*Dcf00t zRf4z)@$Tc?Z#7b_k368p*_#En`mn=y+8K4NZ0__exFmy~wr z&JvDwTIH{b((yIl%eEtFy&H7vmhhy>%1gn>m!4`k|v>mMymcQ}tkLt6F*laSKAdt6j-yUk^ zv10CBP1XdehVugN*^=d?!4nQTc!Uer7E#G=|2=Ox^?Rq)kjj>f;e)J zt-+o-?mCmA#2p=ymU!1gqM*A6HMRe`v~km>-C&SY?TW7P)G61%-wHF^|9`fGO&m3Z zphJ?7@4)(siVHgfn6u)C0J_3x&V>saxW9z3BFr|#9?a83QwafG6cbb(F39WQkkQWf zZG9~1@qw7r?b@~tuRbNLODr=`xuGcyQX4c6#ram+NjR#M=4nfLOIG+>2%#T6IUE}b z4AloqsX+5;)~ed043YQ!-(D1=AzmM8WKg}?cg4*9#0d>{Aow{bd?p)w6?1f6gZs7n(!NVqi ziF8`yQDFLK91^0&-EU~BZC?=-vu%*)roBv8(RFiW;Mrk&yJaIyLXYw=%)AW%qbIXv z)vY$OOk4Z=g}FzsY}<4vGcMQ)H>vd>cMec*?5D0W1Y}6NwKO8AYE*{n&zL^_ap$1F zf7HI4bDO5k$+%;38f^`;YTeMZ^`Gv_1}99E%n!+5aMR*nQvT;(ddQzx9E&&aq0D(a z`*{z4y`ibs=v!JUQ^~n9pkq+35E$RYPrY$k=(uP8_0Ka8=;qOezZgJDYNB{_Tmk>z z|26&U$P?;827JJYA@n!a?kb^Sy7;|QOxVS`j9~(Q;qxN-tKCfE!Q-Pe_+G?w)m zw7iEGrPOQ;K*YwLQAo(KiF|%*`S{g8L*j?8s_>@>UW&?&wvjPUFT>rknm*(B)`7?G zhUv1q1Zn^kUUTG|)HDzX$BJ>?@hM2#yDIDil;mv`W&^dMbU(EmAQjCGiHZx5lX zRlR@IP*HK)@_BrBzXEyiC5(q3Ajm`d{+1_)`1P(j7Hs$z_i4+6;)69k+K!2%6Zst# z^P7)fyY`xLp%Vw@HeW*L?=NZEj@LBC7NAL7g;8ES`07e{<0rb~%(-oJP=uADZRB2J zhy0!CUAteGtL!O)S{eUJ8C>MEF+99FPnE@-z=#an6Un5Rs8*|s+3jzTkY*Vr6p8N zCJ17Lt~29`KJ|_DimCeU4@I~xi+N{P=kauo=#K1GOqD$`f)!JD<9dueGLU1+jVo#- z>-~1pHgF5Kn5|Pa%-b&e%(^p6II^WVf%5$ma*;<~l&Z|oPJgT&1P-e#DmI`| z9EnLaX_PB@ZDo5LS7USePlx293Bdgd^xucIAZ46c{%#JBH)L&%KK-1oz$90$RPbdI z(z>&&wD*mB)-d7fGV_s@Zyh=$U-8a+^QCzA4Wq6`d-^X4GcrFoc;d$Mj+J$#NRifp ze`K@sglmS7SjOF5Tkxnx%hh=Ox-*qMUGQdP8Uy+`p zCD7hYDj@x{?bsfvveO$oI9Ok)s*RqL?e_SBZg+kAk=A<}wrgjlX7Kprq~5x3A3S|^ z`+3P@9i71oGJ-F49~%}wKVnQ-fy1-H`HQP#_9hK^|IjqJdgagGxqW+I-Mxm<7A7?v z#47*g%bAz|sk5XAbYbfX_(6T26K>U!>q-ts4;Vf6wsGCKmESFcis!afRSXQgYdmXZ zQjLKh>v<+f0+)_Pz0XDatYf?R{5aBRmhXYPrCH{kMjTGf3|58#RGqW7qG7jgud+L~ zA3R~>taVmzznArR5Qj_a7QOepQYB zr?5VniUo-_-(gJV}MZK~HH>GJ6q*Db#^Z!A2v*Y~$=Wm&D=U~W%O z{`s~eH4KE~2!c0AknQaGWixM3^5`dd>u!5-HQ3O*PltZdZbn9WS{|{n6*jSt>wH!8 zI$T?O=ToyXfHdQRhzcYub64j9jnO-oAe z>ijm+(K#N`bJW;(zn3Q_>V@`QTQ_jTO6!2=Xcf>m4Gra%oh`ywFYmBZ%|l7;U|7u!ko%?O1pt@6E4OO>W*a4+}H7zS`k=@{!T(-N%vLM@?+?`FUV} zck5oc5!-9L*>W6V|N0tUEgUD`-5a?3xcwRRu7lQmG4VS+`$@C+XYDtv`Jtz^v_;2x z#h(t1&X4QA$f?&UGmnRn!9J-Ml7Kq84E=CXN3-{o3CT)fzH4>QopZB~>~_km#rwQZ zYlEhr+T48M!d3MzEjit&@Y48;Ry(SyUhOsx`cN<_`0`S_nApJG*Ir)jS^Vo~j~>cH z*3G=NzFtMwk3pJhoeYC^Y})i|xt{N}Mz!C~V=wJn{O8)7C{rw!r@BZgL?)$)XU9Z=3JRaxc994b^KC!u{4B7X%H2>_>V$s)M$Xf5|$?n+F z>^?E58kQhiny^Pyxa-9F5v!_w_@8Fp^TscSUNfKl6m56XQlq`akKCB)NxJlO+R z_*3K!2OO=-o^E1cSy*FWXez1G!s_F~j(VJ&>n5_t<6NK_<)S?%zLLu|kxuBda?~T3b)fFX83>T!!sw^4!A_7n7lfNBd`2gi{q&*&zN8_{WWt zx!Xk!RciF)p42^3yFbh%UCw7=a>c9o^dsZy3b;lby?RI1&22$(PdIhJs=|6-U&BqC z-V_Y6r3S84lEkWHJsD~d;QoLB2X)tPmdAzADK zfTVaR_l`d?a|LJrc4W~=D9QrNLLXhYDEe`I+C3rERs`T}k}x5)ovfKzS0(sZ{_Cr# zY$!T{Pp_?TQdZG?rYcn15kA~k7BlBOcalc(FI8}cd2DkRW#CIJP<-wyj zx|5k-i9u$ed^{;8X~RzH$+ZD3okzhmDc3BI2p9f?e8UG1gob{u-s7`$xJF)_?|{bA ztjyv3Ljqz3FRyP&Oi~uUc>X&PMUd`JPVPYQzCHz$VBnX;@`#Cq}Y_w!y{?f!k zM?+(rm$Y0H9zLm&%S@*nC{fpN;A-BVrPq7{&D`nP!jjxLkV3NzNA{FQM-T7zr=gL# zd24E1_|0B4Ue;CKcK}yy!EZv#i>eT^!w0DLfr|tIKg6E^@0$0H&SO+$q?JSS2t_Xd z-NzPB;wx(7s3rg#k>MnGSpb1h1v*9UjNuADpn=YV_{>4P4!lAyRw%7C3b*kA`ZkWT zX;hW3p}6v_qNE(|N()?>VFN!((M1?D+-VgncGg6unMX`EDpIWRBdS`|XRmu>M`=)J*=sRunDoYg7`xw>d5^ zJc^}bkt-;P<&A5;6d~^_G}LDsbF|Fh%JIq!zkgv>G)Ib0$@D%IURKgUROu^VGzusn z!8Idw$S||mzuqj|moJ!>$#1LF z_xR2>qX#-NakRpl2)Q2|1cJ^1zQ7N-hQ*Ef`>knN`Wt9v0hJ#_o#-@JQ~hlb5*4(K znD|Ixsi%QqLiDjpN|g@JhZF%uV7U2hbhHU(5=B+Fvshhk)_tTEyY=EBYwWu)(+{cn zbQK&-cd4XxnUbkHKC2t^QP+kkxqmstmyzWw{0ipv;P;bR5bz2V^bUxp6B$3kORG_5 zBE%vOa|mL-hY=Hcwv?(`;Qp%1e>L|X5Eu@hGS zl_isih6CR7fCNluFFjSnX+{uD^iU)djZCnBgvA9sz{yOkL!izw1b+iSJE0U3f;a4& z!hkPqyRjt&?GIdB>HwU>t)}%tW!#nvxiqtJsfJooZ<|-1+caKTGut;qy;&txTYAFX z7kPo`HVL)LAW<$HIR>fs1Gs{CXtfTd_46;LVG8lX`%VeE5D*y6&L7Y?6elifyEp!G zk^;w58}Y#UjwOOa1; ztoX5vo9yXu>od(c9QW_nR`VwU>GqmFV;Ng^%lXXY*cnYgt6k{*&jAAiGHwL$=eIOo z-k+yyRtgZQ0G>f4`3LyGC{juRUs>pjiq6DW9Px_s=M(BmLFmKnO=6MG`+u2dERgCtIzB&cjv|c<5fq8 zWZ)HMYV{HN5s7!xB$}wW*fZXxA4CiszzpE^m}s61smRPwdvci6{`Cz94myiiKi`$< zHD(^LEUoqFtA9MSwS^~}nBiz+{6#g07{Go1eh@<%FkXaXOB*mTy$9YC=0%6C1>;_v z6TR0(eRJbm#kIfN@15HcP`kFOm~Gw+9Df0&Lqy{T4Rs;0$s+xdw}P$|m=@IIJ9g#0 z!$ih&ZPnj|sbsspZtxd7pRP;d;-Koh*(<}k4U`AJskXhuAOTRP8JL=0*J4iqsll|J z8fv(vGySaE^6Lp(~6p#^tIGc?W*7wDoVq$gJ@y8hoAz zEtj0zM^V~k8QlT=fq9Z9pG#xXRT{MV^>w_EVmpS39KCV#W&`{-AgLJ|8$0$mdQTAK znMJ;HXTb`4gPCm__y@x{7r+SQ)hz1GRivI4d*8(I!ZM5LJ&RSAZvyeL!pQWWy#Lx> zbtd}EU3Ut4paKEZ?fC4FNSq8_@g6NcTAwL6i+m_|H-e2eK!T%b$-PCTr6VND6uy=) zQ}enuWdh_N16S5E=o1lR${h8M z7qGsOvBvr;|8TLLPQwN`d?G4WSrGOh70UT@Zn70)Hq;Qsc)=)gbN`$xn#Mo_42pw5 z&?z{Wj|^DVJgc>v;A}V0r>`vwUN9WAW!t_T+-lDUi&7gyQf;&Z?3bhzJTG26Y{nN7 z<%{cqB#mKsPFi)s=0KJ8k|Z)Q-lnpY1Sf?CgcV3RD1EMl9FLTG7`6A{Ld||Lm(|rt z+rX7ZNV9Zwg{?WyQmaRa%Fqp5!&>d;0z4TH;Q`nvXE1)p^#mG%o+Vx%5f+yZ2DISy z_i%0Ik-V-%H1jsq^l!Ag0^HVBJLl|`a7-{}3~-%Zoy5b5Xn35X+%4>arLDKHcX zl?$YjY$aAQtlo^GEHiLzb-e>`6~I88G^W-zcA^sk#<8u=eEDp5UxCnoNnws8k2;fw z7N2W~F$JO10s1Y(NxEy$;1guyfH`G$`gWvz2kleex?mno^ORR2}}v*Pjxt46Gdn~CU`kfap(2Vn);I5t%M zUo*mc*Av7R3ac_#%nh8&Sz1oYprQ~)FMwUXGQBQz7x_)8r?8Y7z&ZpQ&wsI9E7V-X z5&wdm`{x~acLoNNCtlgF{BwqtIIx~}alm0k~M$48!>OZzst z#-Tpmxp47vsk7x#n{>Aou7we>dEP?(4&7ik=RJBbzJJDyzw;Q_Z-``543C6XQ$FMH zdVHjC7be7}H(!qQfG)ZKPPt4E*Vc#)z!*akG1CEyupS4&4Y#pWGC(b`*Tj5FAH0vL zktBQ#e)xt&2|BZkjkKKEc+mE}Zr?P$0y-i2VFJXOD`7N0GQ*Pw}kd5m^$a&Hq2JJUN{32q)XA)#KO6!Ae z1H-@w;a*_s5cIIxa?e(^X9EK@D|NQO_VS$ZPWvl*Dli8p2m!iLPh`h?tg^H20Ld=buBz10q6;RkSUcCu1R+}Lvye0 zx65B48lrt640oB6*DLBxE8vV_R5p}jl1`JU-*V{z3|#3+(k^sEm;js^tWm+cK@hPC z*c%|L%)UF38JF#|vbYEB{6oDs5$H7p`~KMi*e5b0&=LOoYP(%SqB5Ql+j zRZFY`@W|0jkun-5E+{UE6S`g45z_MVr`{LXFI=`s`?BS~&m^b_)C-MPv5e3p1>tqW zUPmsI%~J(#rMRuAhrRl0WGsGt-I%NXU206^O%R6OITu3Bj(eE))_+t!p;`n=k1Xg~ zc(D4=#SoWO)Fe%Fj7K4XW5ns}@Vzww%E9kr&%;8r@&2PaP!htfDjX#8bLjQ8ut%Q5 z7#t)n^IwHs`NzjBST>c!UY^%@QbAdgLvcE#Nt<_WeBd?Sbq`m(=}6hr*LaF#A_B@c zg}1l2kWz_})w6TF=)S;@Q5@_LXH|C4GiRDK!5|#X2ayAPN@LZ*A>7c>VKn;MP<5oI zGOLr(_VJ9~oZsVb&n1zVU4^KoEK~jkhu5T_8(VqJ*4iWaMDZj3UmGA)JtPrb%7($fwuHoD*qsXp?R6!|MOak*(B z{M5hiaBoaC<$C;s`fHzhK5J~70H;4I#ihv8J~5gVZERr42}(= z^!k1*Y(ga`d?z$GAWs$gEqLHuQmxQ5Pk?G86e0%vnU1?tbn8=ExXv6=askG*Ip}-3xPCocVq1-zc z7fsRyMp926e*VVNGtF~b<=X0p&G#2I8IIlaqc7Qixvl>ycFX^5^I?FV@Q^yG(e#?NqKxTp9n`HxmBk?_lcL(?^^cnHjeKVi<9*Gn%Pu zWchWmY4P8q!;be0dZgp$*!^b@*~EwqY-Yi#IbI__4WD9ot0cD?)V4E-3m3Cw3G~Hb|6Ko9W*MK19;~RoTAgZ{oiwiu2HDe^f|bVR#p>i zCm}*6gcl%6h~ogVnS-r61Of|sDNpkbVI23UfzJPE=K`U89VQAh!~hlL_WSqmrM!Nb z6N3SuJSZ8ETpB~94U0?fAfs$DOY*`Syf+5PgoG^WvC-rj!e|G-bqsCJWiF5|$}x)!M;YkQoQ z=dAwHMhgZ%I6iVWhUHDD`txz@8+YwqW%T zHWvk^;Bc}aloFCOie7!KX$ajj#<7GK0-k4kx6AYiNOMCD>>{a2&sX<{KK$=IyN%nC zaJ2gWA?NH6iavO4o{9faSWrL`N)!}(!QaJmI?U&C24kOsrfy*?p|s9-~$1Lum0a+XWgy&8ngqMZcE25**VKD*Y;}H z+;~yJIc-gARdH^LDQSSGR-E_y%8FxlRP?5a&wk5I3r5Ko^fUH9{hMNj+XLvOG~PO~ zMZ(HFGr0f0@E1S1Q?1)k&F{a=4g8gCFL)(F?m#hoT)K1rCV*XJe^*zlpqj$|m)OpE zddA_h(XnHk;N6hNR9cz|x-6~(w454f9gF=xqOigZuo0F8sQ`ph7CzByfe=g0n?eE# z@3<3WFH<{18V`^y-mqnMKd8vs{gdl-Quk zrZM*Qt>+dor_}|@f!lWiGxuiS1V(RohdXdOU|}Y(b!Bb#?1zu z1k28ydCy!QSiIaecX&1b`v#ZqPd_x(9?FXvd}O|DD%+}J^1z|^v&p7@C4N?2j&Xi^ zGoHzVw3hqlSGx{=EtyVTvR-gXiQhSWgjWBz%mY=nPQjvPy?Ai&NErYKgz%mT8`wp> z5HgCX7_QCxaT)UwWmY&de^He`n0Q14bEF=HNVV&2Br&w0m;{sRKXWGR60^2)M%>4@ z(AYs^c3AT8e{3F};TRBPM)n$@Sl`-1kG{f}szUfki|Wl$RtRgv)P%PWhe4(~1rkGsn6sPbK>`)~62L&e1? zCQ)u_7g=VGS?bz2riJZdzf+ypEznRzP0;RfqjxX9=di!hrbgn=ljl4ut){vt7hYj_vc@W7KVF&a&Fmj=h2DGyYSK=87uSXB#8Gn3TKOE ziBTirqeU5=-08Ww$!9jW9g;s9D|S@o^}k_(vuWOhWHKCsy4H`=9$RSShGb1DpyLwf z9(pi-p%>FJHH~&Seg}d*7$UImyjyeN8cr$jHZS~se+M;!8R+-0LA!G6mSNtd;P0V$ zG9U=1)STFyp&Ds_vC+d(=2_J`tIc8jk|O|NZmIV%?X6%g_wH?pctV%^9 zB7A$pKUfK#UHSF6r^3oDv&X8$t2@U+{aEfmuZf^ur!DzD*tO!+!bYM>2ff!T2so z%-k4VE{^dF>W(5-?DCI0z7iEXrc(i#PH^hwC|!`VwnA^;&ra4bVfPh1y)JL7U7 zEdvx*5eW(GU{w-bAQlX%;GMf4tAjmU`uU}hD!T1n=j9K$4~ttH(C@ zETY!_wdEI3T-n$iFx4T2n_fO4Bf(@RNyRrFgCPhe4Z-t~{XGZGqe%5RpUfBQIfEwl z(JF3?hPBt_S3uC}42QDfMjNpker1b`evE8d)sFh|6v-;a$7!&6ce5ZvXBP;_@ zqKvm4+yj0t3IigyLc7fR{QEC76&$CX;!oj<0mj4tC1Llk3SFNYEs~!PC4cV zC$T>ezj(nlij`6LZi@mE2B17AaHmz143?nC!@G~wT$KIhqa1eC;o+x8B^E5Cimqjx{pFpMK^MPQ?U0hJuZI3%Q+Y5k<( zMZXg(oU}Bql!i^+Mxdt;5!g860t2rT>o1%uR`($nMV`;h>&;?FpC%#OpD3D z%15F~j49SU)Q)91acysnXW zfS`*81npc?&&ntYSc{0^HwTP)*8e%Bn=kodH2HVqd#P-n#eWmL3R`IMsVfaQf(Dn4 zIdhG?HxThV_W7vD1x^+bez_fUS49jnp0*p9yttYs<$Uaw{ySdNs{Ss~)YBAPS-KY! z@5U5ar)y^BZ3uLyx|U_Sl#?oJs`AWyF+lwIk{f;1v&qNwrcdH<~7*}1P&0E+673;@^xr+rNR z(kD2Gz?U&jZwwuK>r@5s+bW;kD`EbC9k6^6z48~hJyo<*1WbPc3cz6E9w@9+2+0dldE(;2AjnwhSeEAOUDb6Dr}{#ee;>~K*xJ7tDO)#2H{-vszx=^stG ze9%lzNt@yl)6Md;-(3Op?`Rlp8bwk9z(NWimdmJkkm-{11*AOIbO5;4YaBd{X zd~e=mm!Heovsdic|BnmMEkDLpNW;V$H(Pq;ie~%Z&mFMS34u5VPWyHct0wd^w=w`p z6c846vCP4BfMS&ttX6IBx6#s5@xG_#NH-Qj?wKR*Rx9zmqi-?f`S;m(LK<*<&HT5G zxoh9B^}nOx{DDi_nEr`5rd&kMd_*4 zA~z5+tqklP$W<(a-+SmoQobFgnm|#Sl-DaaUaBPk>3A~befS3Bd+HM3B8uW%^5$wn|M#B4C{_bZFPO3*w~g|!p9dSl>D|NikX8)? zx9t11nDBLcJo!v`3JwV%tu4?D5hW11%AOC`u7nUMirhjt0H7O}`0#)(Vh^gJZVw30 z0EHs~<-h~nq`@={FWMNa%BWADeteWg&P$$Ou>Q&hrtP$As~ZK4G}P2SANUCI(@*3@ z5gjjivw5oj1o`>#;cY~D>-Rd9XbLaSIE$D+et|I#f@}jzMBY=7iU-D8=&v)HpF!P0 zPHU9sBmoh<_>&#Cp=_>&IS4`GDLx0T`4cebbX^9dF;C`9CGHZ&wsT)Q-$Ajv8Mb37 z#`o^EeH7C@6dP(La`lwymAUDLs*nLeJ1=*qz3R-?GZnh$Pf=`Os|yZG9Pe{2nAXvH zK;`mz+Z|b{JCVwR{KAx*47whqSc!9u^p4T*jm+3e*&e!a^g>cu#Szl!$29%y&E-Tp z+A+rzI*n1y4(Qem^6?Ni;&dfCQuqj2J*B>%dSN&9eI9)n5hN&Gk^r#V>}85R?83xm z&8s>Zxvu>m2htyH*yF4NJk;*1M$@_7{Bl9(A$RV0y0M^}O)EfmDQ@D12 zg6@FPEh*u3(xZ#_4=RUs$b`=n72RFDwfg+PuMmppy=P~AoK&nl>n@&QOtKO8cXMXY z1QMua>Y#pscDrMzduIc^P1e#*^EY2xFAE2Zw^oRiN9f0gx{5&Z)7$z=454!x5_e@W zBqeqRd`j#HI=BVDgD{9+PCXO2+wvTP6Wk#DGBV7-2#|E`Gf_QPw8>FtC6(kA;P^y} z9kFSW128=>F#K+@w(fp@%9tDtFHC(D;S_E`rIx(BJk_C4GY5FvCo;|VE)W#E zlP3?r0@=tRgJS7d|4d)}s7~-&_7Nquo;h>QqA||wcFOCwqh&NykI?rq)~zl?Z5QP- z<4Dw{qfKO9J>sQW-qg88RPCqA<97!qU#uUz6M8gvvz`6jUIG240YwyUY!(>RTK>0k65M_f2vedEl!<*+ZmO!SY zYZfmF$Mu5?ANDh7;TWu;t~=;sp0X2KBjoM9!4V8y)(AQ#cpO+bwnL|$3mykbJVx|jC#D0I zUfc=j65!kyi}KM*D~N<{o9Ejc*Gl5xesj*aKSs=PINj@ z>H#bL(QGyaL!y7^;=a$<{Kg7@h|U0dG>)KpBRkWJf}NLXq{g`#*8~p!+L##e-0hVD zqvVUu@8`xDh1FASDpZT;pLgfWmGd3Al4h`Y~Q$m&9ZNN<$JMi2snF5en_d9d)Skfd-pF^Fc9E8xno{C%=d>NmU^BTDVL{ ze%4r(ep#AG^Zel_BX-xilBO%GZs3mv2jHhVLSR^?ga@|+U>kNlGMj}3&Px;uJ*V8o zk5|OPViyhyElKP%@la61zYko}Vf?!0gX5!a-SCW2IE?W*pS=7w=qepuk78HRhwah~ zA-O*s8lB~>@5fM+!5x_*H_wg_2vB5zsG`arN`PQ#!@i0pWZZIo=rcJ zQ@0W%H*vq_&V^9+RqBv+UEe?St=Z9qICqW}3HfpFVGnajA zAz;C&;|PizwEC*`Duk1Q6ODK$!9P9D1)VI5?uN!4@AS=6w}RV9xLO{upH4eaO?|Hu zOwsx0taWQ~=Ii|V_cdJLW)~UmL98|LZ1zN1fg6i*RFgzd$}BU(6XqnoAmmqPN@j6O zVG_O@4hhW`8?&aV#*P=#oD>?T?38Y)thOkoZ$8BRC?;;+;FBiYAY4Y)qX0vOY)Wq< zM-V0+_)@zup9o?SKGv-;bWD(r(<|dumgDQGvCiE}HY!m&M|Jg#Rp{HCtDp6mW<6Hi zWvg>rY~QSy;nSm5R>YxW#^scT36slc)9)XOvez z#`su22%Ki#CeXO27yF~j_wwxTaM-g(uqj#m_Md*Io$z_+=T99lSTKqDf^oXl=sd3w zJ8hi+#TPI?vHn%G9da#1|Nf)Ye!X0*f6Uukr->2CQCa@EEX>R>b5kXkA5a%|hayPd zAai@!(juyDlSxQQNUu&wN$DLbjgSTWxjfxvv`|zAL>*VnNW(G9vEIspXGd#XEuOyj z5F8)FjdoJ_+YL_89-61?jj;^~B!fc=qxfvTjL@rB;nEP}wtNbHsw7Ygts#iWqV*iO zjbGrPgp@A}cWZO#eOzeo@@-Y)_JD_hP9MjMa7!d}cC8U^S~Q|UTS5%g0QM6_0PIj# zPG-C>X^OG$mw9U%JV{mek}6=jziZ70q)V=u(bUUd-)WiZ>&< zz0eFWxw;dcFzDVQ(pn$LI9ji+Y<64gS?W`bKbI^Alp}(ZM;*pWk1pjEz?;WB{@WBf z3pfQ3@;6pbY-2L4j|??5LJm3_0+b<&Y7{mkc@$;)*4qiFGYMU(zdr#Fhs1AWvdJhb z?|5!~2otUDKQM@T)YP&ymO0c;bmYy52Mi75B(A&IQ`WB1PwUN@9(PTN8xYEb8?yz@RC8;QChrPvr-!vVLGOgz~?rI3}gC zHf?|B^_UD_^-AwqoZ!K%CF1lM7r)_Qh=Va?L0^Uw4rGd>1$Mz7_L$Z)V;zuL06loeJG3SB?#TdpjA^U2z4_Su=1d zS)0f-Jx0Q&@FAHP1KfYVCzfcy8Hu4uoT4$lPJE5E~t$kw(lW@OK`m zQP%?`iTkG|`R#@Nl^s{2-#n$z@jm98i$f3$!t`?tB6gw-hNJ7;pm1%u1l|e%anGp(*{x{4>Klrr6DR zx|!HalV~7wmR~m0Z`h#w)bS3j#Z!pgBF4+y^ZS>HqsP|}nxi2cBytU`C>+6JrL{rj zi2jU>Jd~%WJ4|C{W)}Cd(dKTZMnz`0S%>|x3gaNi!*^NsH#a79Gj13icmok5iN_?j zpF!YG1VnUz?w@U(hE~|rQ2BK^yCn{emJ2CpdnZB2i95>(xd0Uzf3SaeA8fu6>t=`y zLTr@u^|O-D%IpmMIVniwIO-Kh)DiBK{`)eIP(N+mVR{7^>3|(= zqSVp4X?0%HxznbzupsK&lvOE}*Pbg73YpUvevd=Bj>~HUq{E({wmse_gF^|2My&ea z`Y^rB%UuKTug)nFUtYMOvy8}`Rc>+b#Kc4=|0E<}Q=TdkkI6O0V>_rU(!xm!U zi5zwP%(x^lDX?Db;Tdvshl0$NPlRSj`V^aLtN!QpO-;JAWu_rNFBmt&c#Q!#2FLU6 za@XK;t|NL3efcmNGBsQHEhR7i9WM(`pcbM_e-O!wZ2+2H!lw0S^>?A$BIO?(e;&TI znRs@7=zYl<777~0b7gzwT6}639qJ!kdpqHjcxfEWBXa>eS{bmiwBSqtx+FpPd zh*h_NfdLZfx`kqt0S$uEk5UX(&AWN;MNIohpt`ejjw`jK(Bg1rm-;BZH4}lco%niR z-4ynBU`Vx5IZ~*xQZ+yCon`Ru^XWwJo=nTn9?$g|kB}kvU6+xnBX&iY$RU*Kc~38- z2wkgt%`2DowzbLf&w-b3%+5IE;vIn;mM&!|GD&PRz&pLw$e|PFh4-h2f$biNC0MvX zz_t~RcWowOpbhcjY~A9J%gRfAOn4VuC}4>CB-s+3qc2;Kx>juAiOhD|U+`jjJb6Te zlgJi`mf{jqUAu=NMRMsTB@lrD)*25w9^N_mBI8uRbX;%i83`{Mr`|FsrLe z?z!W~&{p6Cu18y|;A48_`{%|`48UPEqY0n`R8Bwp`{^%XJVwY}lMC-2y{)G9{_t{8 ztxxmZ9_!0_>FM=Y>7Jhs8S*f(q9;G|;-2*7P3+OL_x9-Dg`@dlY99G*azerJl-%50 z%PXEWbCCS2AttcQ)74GAUa=xGWXo=~n5sDU+LgmkmJUBTd<&*F$+%QvX^kKa-%j{l zjg4BFd>SUicagNE3(N0ifBxN2C6XoW#+d$f#s8c{Zj>rfx#P-~R8FU+Qh&e{Vz_Se zj<>j4Sx>d<*h53``!~SgDvJZ`Dpt2We|Sh#LH_%1ShxL;zJb9>6pzk7+EOHa;;ETs z*u8zSQ!arzj_G2LQ7a`{lphEI@SE*Fjl|_cPh8meaJ6Kicq5kILwOuwjo51m5C={! zsPcZP;67U|aUk8JuK#ZIk&S*X<$zM*MvFw(t$FrT!8}H^by>W(I7OX04+P)15h846 zN=qMoAVz}{qJ(-pJ#X)yU@=xSywaPqt`QrGF}lDmr*oT*Wg5_M#pzBy6$zWzLWeMk z8{0;6TDkTa-`0(peim>%k&~P82HV)TuW7FzrTm&)^lI1ojG7UHk+zG67AB)~`%_Gf zroO`!de##sGgfZb;%6KS76QEg>q5Sb{2{Ryu-W>Gy(hlSK^-JThemqPV;p(uKr7Gi{DSVQ#v7d{M)ZzR zxZ@PHH8JVi0u(d)zQWjf*e679h~p7>g65d7)BV_3R^m_xVcGjq7d8|FBCatW4Y-qz zR9`MF8rJcXxjA!%(MUsQRzWH3)rycX%Y_evQPZ;nZ$ZV!WJT7Y;rh!xhj^Hr*7LrX zJK0EoJYGCzr_!ZgUxxWC-twkmlO&<-F0lnmFJ-}#Roy#_7=rZq1NA?vW%GBO^r zZ&?E^`7NlsuvUO&(<6Avg}IsLZ3i(5rRXbMBnsa>*^&Zds*VUpxSo|ziyn?vVFpbJDQOcX zE^#hL4$dd5hxhIYyO28;+tApA-=D=A+7dt7S(J&bbUmC>wz$MgOx$z!t^;cA1o`cU zI)W(wmfbDn*(j$V(SG~HyXk3w#rR<23x*ad!hG8qoB>4rg`R@w%}|**oH}**{izXX zBNNYo`4)HhKt2n<IW0d%;Lwy4ZwQpK~y4%yIPjUZmAZ8)(pHK);*tEE|ekSl* z+a(?eHuk~iyx$m}R&DMH43iG%G;tC^^Ysmf5v~##IvKbr+QnxC%Fw9Pg~v$|TY>oK(7|~?q^eV+`W`_!R`#*r^@?X#{34$3rJUnD%e#1^Pw55!J9$1jp|MY{|O}wmo{Z~M1rUH|_6#rRvu++5BH2QLGqz>5?=Cqnexnc9q zs8#cKoy=AxQ8AalP5n)~S$x`&Pf#;ik^Zx<5wl}>___Il&62hu)hcitu-vKg>UDkH z6~(Fmh7+&e=o*A#wR^8xPqurFMwbPs1>v|nxlb{qx|&K>R`+lA5DxzmV-~+X{)%G9 z;=3*#@cj1e#T%VTy=|8QmKbOl+XLE(%?Q1&Liet`4AO{c}2r5@>PsRTqCx_L?KbU@e|G7G0VhacT z6U+LL_3ZgzN~x|;M@Cxt>QaP;1|=t(H}i|a1U}W|@Yw*^Shc|9pZJo(nQ<@BlSh~l z!LTq2^KMfRaBfAmkY9sV1X%&wu#89<4;uYfSe!yabN=E*i6Bd}5?El`!&aY6x&dLk z{`kP5X{cWyODU@&)wRLQ|GHkRqDTXuZstC!-I*skenWx1joW{E%L&w%UJgfjg#HX` z6@>48$J~nLSX`a=XhZHXmrEUe`Dv$(bPKo?s7{@Ve)gf9@$%f&W96wHj!jeYe$ULG z?u~nYB)bcSzR^E#+zQi;`4YI+^6Yk=1Rvjvr3pj=<+vCmQl|un_%xJ+=Zbef*#N*! z*~5&Bq!*)XL?MmBjs;aU^m-t4 zfSqI`{1+672Iz`WREu@@9qtAx%n=Kf%V&}#%%H=!Kth?)X`Ji3L&ZbHlQ>MVhc6!I= z7v0&wl<7MlWa5^sV)wd)RVc6z!dj$)_o$9I~& zk;w&Cwg6a?z+j=$x`H1AcGdq()WRM-nD0py1{4pgA=m=uC@bzq<_j*H@2C+G*Kj>H z)}URkm_%>jcXnbx2xt*haR1;2EqdyZhqvZ)tu=^X9CLvFb`boRmTJ5y88}Y`v^CK^ z*x$BnCGzi|&uyPd?=8+f%_}SYX@6AAgk+z{bNwF|fEDMCBa^Nc9oUhrT3mPiP{Wu2 z%_b&SSVWYhWdbTb1Y{G^CJg)jpRL~ig#2JovtxpthQ$YgJDy~y$W{O&Q}75LjMg}^y%6@es+*S*hW0gGT-jI zf$kfx-}f%&=SjE@KB(-A-DyaDzl^hPBQ;g98V~g`x)C4%&Oe5)U2FTmv1^x1?d&AK z+}WhrkM-+n7Dbk3U?3A|TKuwC{)Ff33$-S!bIxbabWVH_5jD-aS#o;Op=n|g`onQo zFj%Om>W-1G3;O!wt~vo}5;m%e#a9c-PhuLT0RjQyM}1C4jsf;1vWT|{Bn+?ulw(}xS2Un58!gL zcp!*M|f0zDZ75t zG3UYW`HTLuH*C(4q)Bc`;HcXa<_t0)7 zYna3a@(YBH#%^akhTaq^zobbY5b~sTZ3~{zo`VA|FpUEVzb}iQ3CHF+wNK!XkzduY zV^>exB{RJp_{~3ekx!-~-~B$=Cq_LpDk3L=WhCrz+4g5tf9eMdnIiyJJZfVp#P`+S zF>Xoafl5q~p{ThI=ZzaNzj7V5o_lnDE-cKM3pN)S8qv>|I@^xeo4sUv;#3m!ac;yzY@bPCR?gUOJC~)ccA( zZtV@>omQ$V8P3`oA#yu8aujRqugKM$vp+a6)_3jxUeCFT5s#S_c`a%h@4JW6(fmiY)qs(Y-)fGOUzO#ez zi@`AYy~(w4RLOPbCuK@t-iLM((K6RNzv_?#_lf$3piy_9_Y?Ri&dRgm*#=W!eIYTy zi8Ya}uFUa9w^eh!=AvSGlHz)=UuqMdbB4GSVMS_wZZ9;+{ObEIot<@|q0!rQe!=5y zmzkSXilv-SN77XKkGog`w0huZ#2KSJyjEK3Rpxniu>I4A+dFmJdNwdbQx9+lB7^i# z@8tz%9Ba!~Fx(mX8ZUl@OX*8WV3CdI*x@G5(~kW8_g09r^-sRb2e|jUXzfqhY?3OzbRGXYUY=2)yD?-qh?fDKr zKfAwnqtCBx_}#y|^mQlA>T193UMZ;;b#>}W_fhQ!tNq=EUoQpDN!#q=%2LAIs5t`Z zO&^6U&1Gs=UVJ|1z|N`9e^6$(wDgo%Z?+jftGOk{F*LQa@E?_ocI8DDJUObu>a9~?aLqk<#f2PMu1s_c@h;w@; zIRE#>H{(IuK@HN~u5elIw9DCkD*vUI)xJ55d&@ui^nd*L<)eak`ON6}fT@PYeffmJ zzQXhiZmY{Bh0pfAFV$CkVCa6oRy9dscaLq$#=w=#fJ4w4O_qg|mq?vJPSRJX(%p6p ztgfV<$)DWo&L=(m_0GS zy?vk>ll;7vvBJUv-@Sg*cNR;TS@?rv`?CjA)nV!(_xg|DEx$YE!+LqJK4Q=BX`Nxcgqd! z;Yx1(VVNhU(s|;WF9mKO#87sX+w)J>cm8p(p_=3kp(U`wDIs zkrrP+IJp&NfiLwRd6A}djN(=7~>|+*5ur-(gJ+;0tB|$T)TCDXTp4@QZLU? z$>iLNiskdNG}bnm%2PqiA^MH;NUkGPEx`Afy}bg!yKZ{5Es#%;~ch2!^Rt(3zYb``kS_?QY(@|$`|JP+pj~L0# zMDR#5Av_N0(R=&UEzYcWIwEa1ba19IOk7M1-IZeobc;S=U0ZIzU4ZuIXzfP(A{GXJ-Y=^YlHyp)E z4Om94X>txzp4e0C!!q($Xi=Uq<>U9&@s-wv{-hTL2dp`I)Ads*H|>zS=P_FBfde62 z8&CQrhCu9cPR3=P@@GTerKkB!;aOj2*(u?})$?_96vJA_RnFM;&>0U`PShZbiV41+ z#CiiwVo6aMCJ(@7)4+M9KpjOQgiv6G!iIfqX>jdl((y7KVdBEQTok|{Xq1#;xc;Xz zOWTjLcF{Kmi)a*$>rF4K$uOxu+>sZW{A2iPi{I1;6~|uZH?M~tk)W^(vii4hcJb4* zn|=%49PKSjaTAk-@8)^dK6+_ZhpC868P4sPXtK?JrVpb6i5-ggJLAf1Z2KTH@7$ir zU}R(*V|N3COt?WivnZ9^Lc<4u2H9`$7(2dy>9;IcmRBPW)eUbE#@qo}A27xss5^@P zERd-%|Do!yeav&WrN8`=q^;!Qj`VrU>Eat1np#q=KT=Xy*C+YY`Py2YldQX!;JHoe zcRi!@n;hwUR2s~vWPP0ubzYF)R=jBZ0CFEGnLS5|rg zPzL#|5r&WOL{jPd>~_>7guscnocrv?t&L877(7w$d*{NF=rsohHA@;d(H9Y~O#CeO z-czkj(MtXmIq&)j!@xIz>#!bzcLSYwK+L0gAI}rJUa@CB#T1)F9v;xDE3p4nDZibQ zbE-)&h4rS18b(4GF=gWM5DXK5*tYP)M<59$5D6v&SBT>SrZ5h2ZYd_4d={sL*ImAJ z`p>+**wfiqZtI6m=4F3>XP>3C-FwsCa7ZfP=rY~-u|1Y!x@@%6jf}Vgw_sWWsO3pA z8|TJ#8}zCb^mh-v)-;Y<^dWBrL-qxCCZta50Ky=xg=L<#3Fqx2+o#6|?qU#+oEsRp zmdx(%e?2DQa@rTr;69``B4VQA-ZazFO;R%fr78 zay|LkUA9%SXX_ReKaC(o>+wQv*Y%j^mt^gWX#NFvBa^Qks`kIk+rGmLb%&;AyDC)P655}b50V+F=w&cA=#b1`b9a0Oruqi3&X}}+t zkW5y`66QLH8bnPtg2AX(#SM+a2y^j77$^KoNOlxXDnOl)&;1r;l0TF>I5eI%@HnJa ze*JP!k;AzjzW82-)5iIE%U;tu_V;%)(M|?2xn{;fK-2|NN$C_T{r0_^FOG{)q|=AH z^rdPu3STth0s|cR^CGt6__yr=MiR>oj0hm_obsw&Za_na4MJ#8FM`+Ih;y2nni{(D zCwZah;y$k5H{8EF))$$&4m51hocF4v`LTkxtV7fs6TKtn# z8PA?&+LjfNmzKs09mj$dpCul(&*VvXWxNL&6g-QCGE4O|jQnwCkSQd#qQth>=^(g$ z8LC_Pdv-Z7i$4{$*Lqi{o%IhB%-+|!+y3`cJ%aI5x5IW1R2(_x^}@o@kKAT|Q%OAy z!sODkkmk$Ch!&phWKR~%BuE}58DXV*_0Wgl^@0dsZP&!{d<5;Y_w-m}AH&1Pju!8G zofwr^j(ieJ9A!C3hKw)ewec#WqG#CDqfR95b#Iq3this>*s}2|W8d%jg2%h=*7wIxdy>Oh z1IRN;;i&nrm6f#t{s{;nxOR}es&Oln8pOto7`q8u_<0I7+BRKas$G)0cw=T_5|L<(CSaFe1fjhUHEA6$- zX9A1>U-x4-T)zDL=a*bw%*SDG@MV155Oc&Sx0Ht(m{cAGg#=Bgq$$^ysv4`C-}=3j zbGD^4T>sda7ZNgeGbBOY-qrs8E+$$z3|WGsfvFN+&#fP?|G&PzJDkhD4_icuQnC^% zAw)JQBMn<=kdeJtWfT#jBs+UWMpjmc2uYDm$X=z8jHI&1dtTko``3FM?{geI$9*4l z=l8p=@A!Pq&pB$VUs`?4+4tmRbjZW8&}}qH78kyEZcCJH>#Kx|q&e`jWoGV8m}0ae zlLPa!@EdM)V%Vap2t5@$CJ;UXo~rCxp*g34SYUFD#%#S<`NM(VTQ-Um?a z*f9$C9}^|3=jv-wQ1aMAt#VqH$T%|^{T{OX^0w%Btt`(~lRr*|_Uo21>!v%vVf3*J zK6Oz2KAtE&$brj{0yy#=q}#z$l6%{(A^z`(=dx)M#e)ZL-}%7DGvZp3m9ZQzHeK7t zE9*Gy#w!-xDgtPTA*y^l9b#B z>AzII#dpz}KQc;|BT3K#bt7#nyK93vx`)iLKus|EfC|Z? z)ZD_N4ot{CjOXBh_XP(I3D_S6wtd3T2{vDlU4IY|pc1@*2nPn7QC?pJ9Zh~>iCgpMpD?V}&XShEh)ds%f5_WQ=aKkS^gO;9&&2)I!>?LF?fbTvmS`Ql7DxL`!) z4N|I5s{}c$Ax1}CGy4Lp{ek2XVL^>kU?;-xU2hrbDNTGZJ%>X3d5$Nteu59k24fQu z=qSWywj*y6@Pm1t!l&xZ%8#RHZ;0-TNSs3I8?U_uy1g$|uQ1+b;3wF?kmn`5Ghg05xV_VhhIMqw{MWmG*r+LPEYcw4 zA;AB`ix33C``ol}?Wo7@y=3_Y69e-kL=+a`l?F$Wz#y@cG$>J7pqezr`$1W7v<}=g zA_!D1P85TN3o`_B3`61jP^V@mloP%Xf2R~srXhd#o;^udCY>C3C4k#*0yDWW=xJK#Z@n%n+k>!DFc-Ss9O*xmtp4IlMi;exy^*{! zWqSUZ9SXY+aPdl1KgFsU0bTR)VYo8(!fg@+-W04JAG`CxAh!^lVZwlp7zJFlA=uhr zN||wcI)Jx|KBxwrPZ9t2si~+J&5FD$z%Pe8A5YL;C$FUDLaQi)a^tQf!J6OJvzcBkD zBD81Xz&po6k!~xo0uj(6(=aBmQpwBqDxcsdAMx8e7N&WgY~791L>g)V2cP)({fK8G z-kD_Z2ro53qXa1(y%NTP>}_nPK?(OjI3prSlfojB)w!3z@dxqs3pQ@-a5-RIoNwv3 zL-5{_52N&Zyk!#RFtBX`!H+adVH%PFe3zr-y0``?!SKa=hLDi;g%H$2h}Wr*IZv1e z;{5p?!MEiza%%A#L@aKj3uZK!aWqa43=Lu=+PLqvjOV}$OlAk6gFD!Rzy#zv5y>K8^+@1W@Gy#x@Pd)hulF>vyHSOJ zgdix?o~M!qEP-$!hV@uVYWTv}Kd8T;%TI(z73xQ9GF?fOmcmT#0)F(TkR7?FM zKDG^39{)&I2(RXRe;y+4sVNlr5;4p2!)i%uRX}dA^J@)c`oO5;;_kO31Hs0kFY7i4D=aa1JbzvH*F)qZ38AWGM$L%vDHn0LG_X;IliZ|3H%7M z5Fre*3A_j0<#7zS0Hw6`STCR`tA#foR!}D#fA7*;YPUnjfmBn1QLGKdPT}EqkV#I0 zDvsOf42EFXDbMw$(8Bcg_dhrFNPqT>ps)crkOM^%blshJS{mkg%*@QjR#pwDjft9Q zOK+Lu5o~u8u(ld+!Cx#0AO|dJ?|8IGyZ$l6@4(#BVA6;c;n+A;EYPa}%$Y;5Cp>q( zVBXjN7Y7@0gkUY-Dd9hQK0!+EazHQ3h()^tiFl@$ym z9G7oDk0P+16=%XcIn3zr<|7pxp(A>S88H-gM8+NJ79u0gq4+k+Jt8#=oQM?Yg5VfS z?Je(=mbUhnv9VhGR7+It4=ZJtK9gaDnJz4DKYAAUBJ!7b z@lr3B!I@s!V`cKln9xtc*Ay!R0w`J{c&@uU3S`+1@NtUs2N1ysolj;$G~;=;6K@sF z9NFGySQrHqgwy3)wXc!A+lVlp=hOLfHFzp^Ajw9D!uL+yM+deYE2G~SMX z&fZHsZDaiHqhQa^bLOJ2e4d^+W%G=s2Si|sTN-W2HyetwQ|fV{hgbuC{6A(9oV$^a z1i=YH?cI#xFL6Bb^ZSBJlo;%SMhr~?OwYi4jAH|o8WS691Sr+VhkRjSf!H=gT4~`} z94yivym}>py5JJUGLqZ^3Ms7-kOyc~c4Xt}(Sg3X3|&$AAK^|KFJ`4eccgk8{PIie zTfrVFt&a>O8TqY;MFc-&D!V76Ls5W!(M zZ&1^OD0>Hwh8H@&0Q-lZlaQa(?iLyf$M)%@ezY*k4-}0 z2)z8;_j(<5;oVBxNabV**%)C+18EN?NBp*q{!&@q{Ic62aeuBcER*p;U(%mllJa+Y z_gUOV2DoyeH-IEGBsj3P*Q3CUU0`|@u zTtZ7Sns&0M)8ni5?G65*RJJ0k&P_*vFi`X1GOt7Gv*V{N&tDHM{$DP@SzW@Zh>%6O z01$Xcs5S8h@de-EKBXEgsYp`ijsXYyyWBP9J#6A$NhBXTJ5zsc4xIcsm)^KRGjc>} zG5w|b!+YDeb5HqF%S9FPp4mdaXY8Du_@jFVdEZ|puO;U;q`!D-_r=GYr~6bM7rOUl z=R}n_N!Z2Ndw4!OqSo=uiN$F8Ex zlKQ4!%Ix&vkLjfgH|k!UJ8&g$_F3W*RrqvhOT$K4p=~_8V zOS_wa;R7<7;xhX0pF0OCGghwS>rDs-)6pdnPY5dMks`5#Q|b)pIS+ClLdqEBjvc&z zq`1QUAYk3i%xoQgZU@0!M~dwSJj*S(TgXP-7g^D~GX=@Bd9K+LYZ;5R43aB>iaGDG zYcL!}Tv#(6xgB#2S@RRga2(2n8=H#nLqIzsK(#a>)%@;O_@S=O7xg{;7>0j3 z<|2K4^>@e665|p$~215tp z9@<}RE*#qnpOLrn&>q5!7fvzlQ-2A=iSMZ)9bkF`!Q`*QMG=frLAP-N7u7HD2DKMxSWnP-dTz4( zrkWK%m9<^@5t7;1vo0KI5=Q-Dfj+td_G?>D|!{*fY&ANY%H-ffxk{K##*#1~lblh_0IBCGr(9 z^QJhrrWH*BFO;#eiNwR~?C-uv((_(1#H1psYRf&GqjS?mZ4P)Ez7xd51~k+Gtg5Nx zwY~S9iS9{ni&+FsvI0k*o zTU5WOwY5sB7W!@QO+Nyngvp;826TeVL4!y@MW>160$YOU20jwMrvwD~U!go8sGm?@ zC!ij3o8zoz-7qsb&s{h;Th4ETh4o^XMRE0tIDAt?6g=@$ zi1}68sauHNLyI3(<#_M$=Nx0>qka;)niXxNP833ROi#rDghr}jnx~)oKI3nO9o>o5* zT(-A1mArX(*GQ$`#;jVC&6ER+ydABTrr$P_m0rbo(o*r&(Y(}<^4T@xLe>6B)?LnK z@_HO1KiKbGewAUdp0WMzf?B-YzN;bOPJ%aPZJfn8YU&u9+D<8*Uc#xcG#-BgCy)>p zqCkfYSXVc(hgk-8Qjh^$G{T?+2Nm3Eq~ZQV0+FUEo)v-2;S2Vz<-&Ou!7uTcf}a7A z8UyN*nr~Qb#Pu`wJyI8z{V3=N`+Xvl8_+a7nYZL>5(4V~h19<)m_r0^Cz3;jg@s*U z<3N}q;gl5*YbY<@+CAQn8$mS3Pw8Kv?-bV3czFu&t_8)EMsEeVn>T=pm-XG zOi@j|Hu8`Ct3MC&e;*q&>x01|(M0{zHqXs{jLKb08%oM1VEA55{am6(ywx4Rr>JN@}YW}oVzWu|#)UDiZy3^s-- zE>l9x^pRl@FKnPDkOwKS4jXI8x$S!oKQ^n6NnV`sS0)b<7TEw1W^d}BJEdKxg>Msu z0v@-sGB6=R8A&j1@qP(QTp&;JlC-qV1zz}w=ks9Jq6#JK2)F=Q5s}kHTMQdMQe86SqvF@tkmWi|Rce}y?ZT|pXA<^2% zT1xZkbf<^h)~5Ty9QWAr(j4GW@)63`i}3F6q|p{PQobNJGr29yj#4F6oYK@W|61Cg zhhph}OijauCdfG>@5nTd$<#aCQ95=#v#?OXargn{WqDp4T&C_6T<#Rs7m9r9BC?7< zxrJY`zQXnrNuTuJF)MITx2wvt#5z^5FTY#faHN zasJj>E?-4INCCK5j|M~K4! z=fb??NgbP8U~{u7AmJL^tf*&jB6&e1r&8-wsozGxVW4Q><`@I(fjAjKs^~4%#1-=% zTaSPUh?4uFy*qkcpC2=>%kyRgeh*!a-e<`tNSKznzWJB`b7_oC%i_ECE18Wxp(XSy z2V$KQn+GP!PNYhQG@lIlkRR6K(f3%X!%JgO=lBEO!_l7?O+5$J<)vRwZ8|t^G=0Br zR$jK&Pn`t9-j>pZk=Cf=rT2pK_Xs;BzZd&qlD}u!o;&33ork5jiu`mpDMOBl>H1y@ zzW#0HNF~Y5> zIdtaHAl`m+^?-(-uMJ_&1Za_!l?C|S0iYysl4`*Jkmynq=@0Mev9K2{aj9RBt^>jhql; z_z3UX-^mySxSi|9wTB|rQCEdc^1^m+uwZL0fwFWQZ)%rGf2nff3t6JY#Ao%O-t3rcB*Jl;5_(qj7wHQOu53zSeA*@?fXYgwu4Y{kh0pHz62{s69EZ8VqnYSG zS_pmx!>@5$HxE~}@kn$hC$HVOs1A*29w&p$Beet038jCZYUxj1e>#z@Ffht|rL&O# z`g#U~1kXL);)kWOPu4xkG@l1ueILv*y|N|9fb;HCmtDmd4t|IzH@zl({)2|&?h2c+ zeix|@@1+(4?Q6x?H5@4>GFY@ja3^Q}X}p%FYGYN@hAJwo-)E`n4cB#(+tpox*>#lD zGOZmuR1RI5y2K|-1{xBI_E_kB2xFF1o=Q)-M#eqi4QnEoXxW~0T_$tfGJx$Z2sH+V z<5ll4_a-uDIUANB&#vEp!Ok<&bX)fUFyQ#C26av z#w)8a=`1npFRoE#yYnrSG{2TvDeR`Ra|WEJ2pr%E z4D_Kci+rwi-?lnEVjtnP12ohOXCYL}{p{c9(B=S3m$_G~XON~$5AH!Pg4NJA)!PTb z3Wfm8NSH+h8L#Hya0M1eWK9z$XW##p7#xIK)Dj#swm3x0KIZU)y(w<%gzV3I2cN>7 zV|Tx6(ij75yhMBr}*;yblwjVMpDaf1%Hl~IqgtzY@gBXmPW3k zOMhLSac*g=kTd*#oVQYHTS)%}t>B7WF$*R}aS!EO&94YwA|P`N`k@8;f}V}PQ0IZq zIeQx}&e+^2>*6?6ys4M6Tp;wub&!mj2zX^Mqz1n*MsUQ44N`GCrGq!^?V(nk#IT|h zZjAUk@-Vh>LDgZ2uZhiK4yDw~>qBuUN1KXaqY#3Y^G4-g1~^fr|A&DFqXt)ps1U|x z%D~z95_aWGe#+WQao-Dt$;E6jSKQ4mykkws4fphnIBn zd%|O5{a{RnjuEcKypfIRSCicrGB7cH?-}M=nTQCAcpIx?9jDh%D#baKfZvT2iYJ`+ z)y%GKYir{&JSisDMXR`LJf{N_8ACxPfIv?DmoFLt=i1dIM90ZmzQ|!bc2S3XqT<5k zbcV?CXh|y3rUV|VYy8@gJNAWUJkl2zT9vY+-4}W!bZ2XkuAaBGp{gI5_J?vS?znrr zBvMkV2bzSgcO7`2dS0bNfbH1F$_9BdXU#Y7&xH3}OrElAx?LOjJWHMa9uA4!uQvAH z)m=zlsTtvqO(XIBd8+PwNu|>7`?MGOQWa|g_NmA5&Ic{+XX_3NUN-QuvLB+%x_FYDe==FSa{^~Q@F98&vVo^h~0vaWpF zQ^`cwO3Uu-@fQ>17?K+s_qmb%=3tXJ<+eRpZ>XoCna!UX zAAiW9RDn(vSsbwtT+l7C?NG*`f#9(v1}BJE1izmld>BxHEx*2wE}al6y=l$D356Zm z*du9pjOGs<-z7#SC>v$LIu~Tu`co~><7|)r;1%`>&Bf*4Ct`JjO<^rNjlUR zlYg9aLOx^&STTe^?=6evI{ugl9Mq!(46g67MT^Bo{4y*d<FqIdxY#NYj6g#>8SsHVT)Gu62w z5yP5|g)O|!0(avU-<4mqFxCF>cz5j(|8KwbmbD8V&(z*U%vK~ODn&mO;@>i&+2<3e zwlC`$%kur+uFm!)@~;;&==*f_W)iN28j;iYWLghjeZqw2&$N)M&0J;R#|3$G#;KGx|Uwr;Rg zF}NH~?VB3J*ZM;?{wl%YgGCI+fV>4AETq-H?M(=pZTx83okOsGz&uR^ zwjc5GpA3(+Ttwp*phZ@sdka(0YgMzQzT?2mm|(G4PE4<+r2ICgLM zrwDaY_pbQcty?kQc+_cjFcyVwGrWLG3XM=6kvJ7=-|e3S25RA3hXV8u|8a1#Y!=<|HL0QXaT0w27Y7_`wydwfOOB82i#h3|<@ZaS()f^Jfln7UQa zrdX#t-{1xh>s*J50JuJdQgs_zn9jZf5=S&{n`_~$Qu&(Mb~|Qa0~-Tx3e*ym)YPUZ z=EZ-*Z-oTps|@43Orq#$aB<-0^ov{kXh*ZdisHDF!gvPh8XH(tqXfhJbMC8QQX=B4 zmbd@S+NG8UlqEC9$MnLEyJ@Cav{mRjVki%F@3q%edQm zw1ETNCs%q_#qZUyYXH13h@3Rcw*$tQJ2SE!ZBM#s8h1TkTkma4jO=~!Wq2ZxDf!E% ztip>XSvj5fqc3&%ab7hQlWTprZusZ-z`3SdG+dRxJ*)(vY&=5I+MkE%+IsxPA^R(Sm?d0m~(f zftUmt*PO0ARXTL=;M+@S!;ZsrUNV$1^mM3zs0U*~`(aDNb+xYkY?b zup%oR{G7VTAB}7WiBa2|^@Ra;Mmrgqyl2mP8RiE|FV@0(Ml(zbIRqQR&0 zj7#*>Sv*x~w>Zn;K_4$NH3V!retT3SyP4TrRy60%f@~q}bg+m556D8Ty%MqDpzMRa zOvJ~4g!A|eOB6w~7PV53=Dfghsq&`JdJ{j7>-SeZzO36q)NzD#=m(#=X>b{rWdPzB zoW06VQQzG5sMR%)eAJ8M;7-MD!du7;X&Fj{-`4nz`%k7BS;b2az=6*^yT7jp|5tsV zcJC49eS&YN!&J^kAzY<7ueHELO=>mgj$1g_T*DFGPu5H)KGmeF@w)yM{#CPA81m2d zB(LUy8}TOJR~CF8?$qGmI;~mRvkkrG5=y4;=&E3l!Q*r^Y5pP5?6sv|@Yaa**CKPI zN{>Cz^5tt^xb~k1zx%BhMW~Ls%>9^pPn>a$$Jrm|1`1-*4@6r3n~>c?B;~Y$F5_XE zT~TFjjF4mHxZQvVO1E{W@Z7nn?qg0r^Njvj?sTpE8dJRF;&;ZEbA{omur3d>{qK-hor(uw$WC^uC=F7?GvQ6--ZaT9O=b83S=sZ2W$@IS0&4dnGwaJVbhd zDSSAgdcdIdTX|GgCL4*#z_duB)6~hw$Mnjhh}|g12C*A;%A*pn8jzx+|Jn2N&kB=o zen)^shbk%y>-OLNDUQ~vB+_QiaBue2?76vn2A*QOS@?c8iwMWYzOYYy@JizDLTu$futJcJ!5()@G((<;j|&vX)kF(9<7n z%rUr;6jQz{az9-Gcu|;~NRwcV@Dd~*9OvR{{XdWVag`<}Nf-biC+7LfXp{H#?IwMd z?)#0R7X(wzw|wn#qqs#~w1Nl@VkU~&t`CG5zyq-3wm04);u*xT+4lllwR-#9^FA{da7_{lzRw_8p z(i!JIYf#JC0$lb8#6uzwv0l>B`z4IJ7pEt}IB{Rp@_<}x+gIRwu7|A8b7Dhen}Mpg z^X6ZZmK9kaY((WPsqORU)LWTb^(WpY8;URoQ78!iTl^eNxqX>t6k`Qg|d(-kz0?oa%E_iQfB z{atLrA3S3vpm5N|kQl`>nhM`}St9xJ#pK_W`PBoXGPOD{hu*lCD^9S<>f2ow$aQnx zDZBQ$;;ez|2^=zq4wEg+gfFd3b?~_A=+}p6UA}qi))+d5XBa{fp4?y_8ta?2!yZ!s zL$N|WoW*ethr8*BQAxMnYOHgmaFv1cwKwTfFC=t~=apnN*9&5=51mnQlO(Ms3#c}H z43kItL*t4OV?St%7uD)X(5q6OE0U7CXlyW_>VKC^mtlb!DF#+c~Q?~`@8%hdFq zJXzJobF5zW$Py~_PsJ}PjA+p&xJ#gf8+?f1D zKQSM$5FBA7f>0y^Uce0Rn70N4KMHMv_>4Ie@tcV*qkbLwmqNcF6UM^8y~UTx!_eh{ zY{0S7 zZ=j+aM|*#yOH^>Oa9YvTR62^9#naJ^h^e{>;#BMPTn;F76xyo2EIWH= z9&bV0@YGt6iB^m`D6>Q3A&+wVLc(t%<=$tJ;96eW8oXxW5SC5{^=6s!3a^U4ME=KwHp5wc9^hya`u zZ3_Uz`^tYmm(^pjw9Zx??nUnWfwq_r@7yQ8U*?RQ?NZ%ZO8>LClX|y@%4mqCf$DH% zjQFAnk?eE*P4D)tH0*d&?Iu$cVq4@Lc1ZZ9v|NnJq^^hRg0Zrqf|>s3Joz~}d%uzr zJF{U=gEJZDxkkSl4T#f|QADWj4FnmG@SVr96=G`iV4Vn~v*}h0JNqBD!bq^Zp?-lQ zxfeQYB60=<^|KgS!|Yc`uf&P1__C`Uoj$1-7jh>m}`3dj5^(2nBWr( z?_~x%gl7Y*Oph2K@pX)UVp*-3uEyzUuz}L6PYKHmt%wX`7 z*z>>rxqg(UUFzIsy>#l4#q4ZnFLh}gb7$sp)_19rAU9Ic2Gf--0{Fg)^V8>`M0M0y;ts0Y47~(xjOS| z7iLJ;vc!!RZ>wo%+DW$ z(Gf|&z26ANNcLq*0rBip_SF!em(lZ$O|odni~+K({rp7Py6F~%=EFhc#IDD`?47GS z&-v(ZhDKR&@aWMfZq=Ae)lX2!T+}jQbI(Dz@yjov3T!+xx~O)@zhR=fg4k6A!M|o+#;9(GtXA+NRJ_w!2N6sThp3W~WR(U%9`FYu2WKS};Ur5LVrqC0RfN+V3 z6kQWL!Dy_eP6s)!{|PJHyl)|GO^~~t6IWe*li|I&pM*n{lObs!rfE+w?5{xBm8mf6gvzgtOjzj2j}hl2+cw)iAc(uKQLm z9pAf|1m|JNUr1q3&+4+yH?BG?S0IQQF6j@y9ei5NG5kaZ>VVM`oja!<6|e2tbI5-5 zf!#6FTK|uE34Z*#S1Q&V8X_LyMR|9a5~SB&oeqb+cHP%6lJ9#w)F%tEI1kJ)c9J!J&-i?G!LagorBoz9UyWjmN@+{s1n=NCr!xmiE2*;uF1 zPu7EhiD4n^ghiW;RYN30-@0m*pJOdM``MA|V)j zUW_lBjq_CnnuLihiX#e?MyC^cUK3ypts&IrTsk_HYPey3U6lDwJ0tQ2K>m~V$#wx1sVW96rrYg%$68rGM2dTP^yS)+~gmYwqH za%8bV`!!x#nWUU1cT9MD^eTtGOSRO<>s!2ucRoCjC-dCMV&{@iF+LYNJEZ2~_I|jM zmsc}F^0sP<(%#>9-4>r8_hgfjPIk12Z8Uo(kqMRmCU^v$pkmF6+U8odo{dkfA)`8f zlGQZ9@CiIRTOszLj#M7gw{_;=-ZSjJsD~*W@=f5bbQJp%gpbFep-~j*jEkrM4YNKb?V871g`TX>sp;Ib9b-lP^_2ptL?_ApUEw=R} z&oOEAL69Jijzz19TCt1Rr^ID)`|V;?Ju9#L(k^@asplV1llp&#ojO>0fN<>8j54#4 z$ZWMX9qr|eJCh^VI{s7n!o@TVZzCj|G+?KcXJ5(c$nBj~R5vEP0YJ8m?ERZ}t?V86 zUd!kcx9l*rx}4pWbB)LPc(lTJ%jI890)5?sZ`{?WnN9bXFMRQpcU^29URa)x_r7ly zCmwlc(_Ku&B97lF`k2xa8UFS+m6$kkuKc}^hSc?sp#56u0}i?0OCXiYc?P!Vs3tLL<(0C;eQF~a)DtrDd88a%5}Ny=-44{rW+MT#!GXy z(V6k_eecZG43lOUl`dTPZNtb|6n{xBHB=}z$=xmXf~>|~dNX#8v*{W~u{tjr37+!Z zHSQ>&7iQVhO784jbPs{#Z_I1`$Lj*A9|eSe?-N-y5j-RZBkYt?N9?F1f@-}E>Pkn$ z?fX9j8Eab9UhK2)Q2BK6V7MCfenS=@@J6|s`?XmlI9vn~UNT;_xh{aR4LNsIumf+W z`nBcldol!rDr|B4IIx?J<8af9TiHZG$*QCO=KfCv`UH_b4 zMeX7?;nY-KCa3ra_%%h7R>8ZsmoNA+iT`_S`TBOO<>}jBQfC{nz8}xrQn7QvyJdK* z#a8Or*w_{5@^ZN!uI`aC#K}4j8l3~AM+iwcg%A~e{S@oKgPt$#Y>bDc#Q1gUKjrW^ z{(WBKLq!`R&GmJXC$;NcfeCF-zRKF%eg8~u%2j#hu&p6d>_s<|;~XbAf?2~s6y4e0 zp5}M~%BKws$*NyEO?H^F1Qa{j^4oT6r|c?cxmV_yDHb-QZpNCr3+i7MA>*?*g5ulhTYg)Zl5%e8tCshgi3w-_tLS#iw}y`eV>vJiy6fRkcy^{=_|PG98@;;~HQD*h z_Kx@eIQ_QABQ7mJ(-QZ>DJ!mON z-I90@Q<`$$;_E}Mr-g=|e%?Z0F{)2x5-{&f>6{ddZT1>5D_$=DXQs4(@}?eB@Jf1E zVh3tJsU<^-Ma9ve;YjnJN-^XK3`MnS_95f-47YFtUhco2(^!G==DJ2kXDwsh&K+BE z>l>llz{J1@_0Z?p**o*Nln2Y3&|QO%ed8YpPILmo zo*QcrKF@Neour$J>%Pvt8u@^1)q!o7Jy);8%gn~OE1Sf2Stg(f^`!yY?ep@W6{)yU zdb7hpd)T!}rj1hkhGv25tqq+tyWyPCHrb!<=N*LU3fmvzd47XaMc%%N=Gbt>5;L_u zmR8zl3SMYaiBH88-z_^^U7-8P*oe#t*wNr^U`d|-pEqFRN9L`0w7^ccHRK5uBge*~ z?CM&^VA;*;YahPqOD#X6^7C7c(}5M$jv6Fbhhc5zsyJ%}h`CjdXKut5Yn5BDirY+w z(?py&6nk$LQpU9oQ(-fPdHl^@Z{IEbVrCG~{5|N%{BURI3+H_82s86{Pb95Z{(4Pc%pT+&@E%0eZ+x?;1d$)z_uUggT2mrhdkaauIrfp$48 zV^W<>W$y_mE5r8}WV0Rx+$X0Bq-L=kmECNA9J-&FK95r_uib|q1M9Ox;4JiXXpGE+Tyz5#`G&QE#HUA7il0{ouIl&e5S`_ zjEpX;c89yN0nA$BW{=%mZyUUgO8Riu^H{3SZ|1zq&kj+T?rTj5S5)=}?kgpg zq%GpOXGlIs_0x0CBDYsHB5g6-sYN9o(CiemUvt?oo*-U9BG}R#23UtX2LeA{c@iMT z8eG2roAUK@c{vv}b8LB=VUhkF*xRLHP;F@NwB~am$ohT{Z~RHhrO;Gqx|rH4!NnG!-=B&t-F}myC5<*EyEA47&*>nCwk3{)>ufs2O{BWrxcbS*Vt^N_B z9}UL(y5D-hb1n22h9O*!Szo1VbzLfa$ljmxwI^aDB{*#7{0yE;`YUct%@PzS*Yto+ zt*s5EoI2?8G4q->myG`Ctlq#(U9eKrf<{&rZ9zfbDt!E4mQD%W-TkE7YO#%ZJN=$R z?XQcQy~!zLR_YZuHzdhp!Z?}fI66^o-gqN~%mIow8~yj9qZJR)qdWMD$p{p zz01){;_2NXUi;46z^!GNKJMru@8KIa%)$$gCDjeS<|Vs%2R6^IKnc&Z!Z7;v#8?WB zgzERTGn?7*bqI?VS7ucGVEldav+V0I+56ePZT2uEX7vSn*7;PvU-$=}w8aWOJl< zA+)(B#LhlCm6Vj^``f+^A9u@FEbp&%oG*1U^>lIb@8g*Y&%ABN`0oAA=@EfFOxsyc z#?Ac^{dv;)JUjboc8;yq-4Uo4&a=h_Ft!L?XWl9GHv$H_w0h-n2Ti3F`?Qah2@6^NXJfZ}dm{%xxYuCu z3=1&_DL2O%>#4kC_P11N?Z2Vd`d+(GF7d3c9C`eig7gX*k2RM<`P8yLbf)6Gk;-%@ z{@pOA)UTry_51@db8z>hld^bbu~~};w{gn}^Oo1@*WcvYJeIAdko1XLzdcs=5~L2T z&#o{|)XnVr;bxXf9EHTUkt7Ck%Y%+>Lzu{2)KTRzRx8Nkd~BzE`C78_ZOiMi$?B@d zF5XOh_F1uB3CDjxP)JDCCr}NKT)TGdENLbF4qQ#mvPpUnG(mg{?u#BvU$)Iaca-|qwX$;m zm4+P}57~z!`fZd4<8FmsQy4qx-^Ka-b8`om#Y~a@11HeVUt+ZJ6lwQ%-)3fJbl=+i z@B7dlE#$)x^$E_=BO{?^+LKg2>UUZv?1@voeU+@X(46&^x!yan9foF2Hmu?n6FM}v zx^Hf|Ce&m3njV4K~UMBB!ut%rS@M}tcx>+juGXB zSJEFzbhR>~qN3KQ(fwk4qTLh36eubD&01dH^{q6^RX?qk{KA_@q9=1bb!-{$>jpSr zKWy>nr(E6KR_Ppe{(Esak4{IK;p7cFVfgl5CMH(3xml0IEN*p2Y$f9~Z_$>w^eQ?% z!xO0T$z#{lf=2LQDqD=+vtj)5kdu@1l0}v!6}(Dpvo*8NRiYv$-Xo{Hsp&JLcMm9? zVN3Glk@ig`(TT$!mSY-+8wFLUpR&P-iqDN_)O8A=Vl_RK&2QwF9Mk)Trzq!IIhp~1liH~(97 z>XsWoQJO(LuG<9Lhcd<|YLv9Nm7>_$hqqg_cHQbHDgW)JxYHL=2TA6hi)SAcjrrO? zSorYPB#l7M16^b|*P@}4?t)cP6r>`vwJ*;9_YfB)LE>z8N21R!{7kjSW|HBy66x%p zA_CRV<)mpzUoAQ6N8TNq)cPZbzD(=>=pNhd-zRA8x*N9pTmG(R?ta&@e+~}amwW(% zOZCAr`v`m#r2?!f|9kJVdrh^+Q5#Ppe6wK)Q*};bhO7P>EwN@T?JpRt7s%~ZRCDBh zQHoEM zQtfipN|H8!aoZ3)R7ikGKtn$s)Cz;$5zT+k#q2R6&LCUef0^i5UjS_2(2m+^TF#eS ztK-`Jg2BdWSK>)p>u%$gP>o!zT4uT`!=ftr>&GtHd>OwkCRI>eaYyGyHn_p3syx=& zh~)Yp9Eh4bsHy3$U;g(aW-n7y++V}c$b1?$N%$_gN(k0FFU~~mAJbuSv|IQ^kap*| zFrD0lYG$8qSB~5L(?b4Y-21A{J^3w;U2>Di3RAPbaqIHKj3FE6x0L{a=wCZcUYfxI z&IjBvbPuTi3I#d2-!t-mKd*5gmf<{zFSme3smOw(w1V>B@*)8DCt+bJ5$);^BG~GT z)f7s$U*4+w`u@Z|%{txaA9zcgKS+x+p6U4o18SK+;GccP??zE8uf{{)q15@o6_=}T zy9NdZh!3!VZ}FFM*RF*egxBhxI(07|k$C~~sTY;PIF^@|O1T3f%(P3j{#`2E^7#5s z;^M4H6;)J3;0VEl3XK}VtQCkyhM-L7fKA!0LO$J|>tZ@VgEevPgK@KY$p*u;EH)6x1x@ib3QR1TZ{9QS|6 z*?0R-_Xqp`epk)uE0>!gk1w|D?33oL(+Lo@Ngl6X*ET+;?xw8r==ff{GD-=B(UxJ- z34h0ebZVRG^n%xk#g;{E3sWeru(s7-9=8D(aVqX`yScz{&a0EORtu+FhS#;Njdv;= zJo=_k+NV2|^L2=YQgX^2tEATYSaFxwG{0?djgD27!N1)xc;Ps$T(_~>otL-Oc;7Xi zXn(8ovM)eFI(R6-wR|~8?`g1c*L06=N(B9u(Ry+#{={jY_`^-{m5+-Uty%|@yN_LT zql*6`4tsy zBpr0yJMwU zD7mr7E!bPzH{80^j~3ycsi34?{o5aqGx+eZeH3G|=J4?0{}%S))@!MasYPE@BP3}p zgLCeTdC&8~uv=oRJ@ir2O!4~Nv1NDQu(-}D!ga63|NZS&*=qO3p>~~J^@*Rv)Wo8z zlW54l59;0VRbNv=A!MPAwepzrU_NPWyZabd^K8$e+`r0U)oXBT%wZwTS@Jk(nlSZ- r8T|v#{`Xt+^4CeH-|V#rUh*_U&5q4)m*sas&z literal 0 HcmV?d00001 diff --git a/include/libwebsockets.h b/include/libwebsockets.h index 8923035bb..49721cab2 100644 --- a/include/libwebsockets.h +++ b/include/libwebsockets.h @@ -687,6 +687,7 @@ lws_fx_string(const lws_fx_t *a, char *buf, size_t size); #include #endif +#include #include #if defined(LWS_WITH_NETWORK) #include diff --git a/include/libwebsockets/lws-ota.h b/include/libwebsockets/lws-ota.h new file mode 100644 index 000000000..1dd6e9654 --- /dev/null +++ b/include/libwebsockets/lws-ota.h @@ -0,0 +1,122 @@ +/* + * lws OTA updates + * + * Copyright (C) 2019 - 2022 Andy Green + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + * + * This is the platform interface that lws_ota uses to flash new firmware. + * The platform implementation for these ops is set via lws_system and consists + * of user code. + * + * All the update-related calls have async interfaces with a callback and opaque + * callback context that is called on completion. This allows us to, eg, + * download the next buffer while flashing the previous one. + * + * If the platform implementation is actually synchronous, then just call the + * callback before returning. + * + * If it is async, because eg, erase is slow, in the platform ota op + * implementation spawn a thread to do the platform operation, return + * immediately with LWSOTARET_ONGOING, and call the callback from the spawned + * thread context with the real return before terminating the thread. + */ + +typedef void * lws_ota_process_t; + +typedef enum { + LWSOTARET_OK, + LWSOTARET_ONGOING, /* result not ready to read yet */ + LWSOTARET_REJECTED, + LWSOTARET_NOSLOT, + + LWSOTARET_UPDATE_AVAILABLE, + LWSOTARET_PROGRESS, + LWSOTARET_FAILED, + LWSOTARET_COMPLETED +} lws_ota_ret_t; + +typedef enum { + LWS_OTA_ASYNC_START = 1, + LWS_OTA_ASYNC_WRITE, + LWS_OTA_ASYNC_ABORT, + LWS_OTA_ASYNC_FINALIZE +} lws_ota_async_t; + +struct lws_ota; + +typedef void (*lws_ota_cb_t)(void *ctx, lws_ota_ret_t r); + +typedef struct { + + /* asynchronous (completions via lws_cancel_service) */ + + int (*ota_start)(struct lws_ota *g); + /**< Creates the ota task and queues LWS_OTA_ASYNC_START on it. */ + + void (*ota_queue)(struct lws_ota *g, lws_ota_async_t a); + /**< Queue next command to OTA task (args are in g) */ + + /* synchronous */ + + int (*ota_report_current)(struct lws_ota *g, int bad); + /**< Report information to the platform code about how we feel about the + * current boot... if we can check the OTA then we report it seems in + * good shape (bad = 0), if we can identify it's brain-damaged then + * (bad = 1). What action the platform takes about these reports is up + * to the platform code */ + + int (*ota_progress)(lws_ota_ret_t state, int percent); + /**< Gets called so the platform can represent OTA progress, give + * platform a chance to choose what to do about an available update */ + + int (*ota_get_last_fw_unixtime)(uint64_t *fw_unixtime); + /**< tries to recover the newest firmware unixtime that had been + * OTA'd into fw_unixtime, updates from same or earlier unixtime are + * ignored for update purposes. */ + + int ota_periodic_check_secs; + /**< Check after this many seconds for a new update */ +} lws_ota_ops_t; + +/** + * lws_ota_variant_name() - returns the build variant name + * + * Returns a string that uniquely identifies the kind of firmware build this + * device is running. + */ + +LWS_VISIBLE LWS_EXTERN const char * +lws_ota_variant_name(void); + +LWS_VISIBLE LWS_EXTERN int +lws_plat_ota_start(struct lws_ota *g); + + +#define LWSOTAFIN_OK 0 +#define LWSOTAFIN_BAD 1 + +LWS_VISIBLE LWS_EXTERN void +lws_plat_ota_queue(struct lws_ota *g, lws_ota_async_t a); + +LWS_VISIBLE LWS_EXTERN int +lws_plat_ota_report_current(struct lws_ota *g, int bad); + +LWS_VISIBLE LWS_EXTERN int +lws_plat_ota_get_last_fw_unixtime(uint64_t *fw_unixtime); diff --git a/include/libwebsockets/lws-system.h b/include/libwebsockets/lws-system.h index ec9432311..5739b7da3 100644 --- a/include/libwebsockets/lws-system.h +++ b/include/libwebsockets/lws-system.h @@ -133,6 +133,11 @@ typedef enum { /* keep system_state_names[] in sync in context.c */ LWS_SYSTATE_AUTH1, /* identity used for main auth token */ LWS_SYSTATE_AUTH2, /* identity used for optional auth */ + LWS_SYSTATE_ONE_TIME_UPDATES, /* pre-OPERATIONAL one-time updates, + * when a firmware needs to perform + * one-time upgrades to state before + * OPERATIONAL */ + LWS_SYSTATE_OPERATIONAL, /* user code can operate normally */ LWS_SYSTATE_POLICY_INVALID, /* user code is changing its policies @@ -140,6 +145,9 @@ typedef enum { /* keep system_state_names[] in sync in context.c */ * policy, switch to new then enter * LWS_SYSTATE_POLICY_VALID */ LWS_SYSTATE_CONTEXT_DESTROYING, /* Context is being destroyed */ + LWS_SYSTATE_AWAITING_MODAL_UPDATING, /* We're negotiating with the + * user code for update mode */ + LWS_SYSTATE_MODAL_UPDATING, /* We're updating the firmware */ } lws_system_states_t; /* Captive Portal Detect -related */ @@ -202,7 +210,12 @@ typedef struct lws_system_ops { * returning. The DER should be destroyed if in heap before returning. */ - uint32_t wake_latency_us; +#if defined(LWS_WITH_OTA) + lws_ota_ops_t ota_ops; + /**< Platform OTA interface to lws_ota, see lws-ota.h */ +#endif + + uint32_t wake_latency_us; /**< time taken for this device to wake from suspend, in us */ } lws_system_ops_t; diff --git a/lib/core-net/private-lib-core-net.h b/lib/core-net/private-lib-core-net.h index f6b3b73e0..fa0a503df 100644 --- a/lib/core-net/private-lib-core-net.h +++ b/lib/core-net/private-lib-core-net.h @@ -949,6 +949,69 @@ lws_spawn_reap(struct lws_spawn_piped *lsp); #endif +#if defined(LWS_WITH_OTA) + +typedef enum { + LWSOS_IDLE, + LWSOS_CHECKING, /* we are looking at the manifest, if any */ + LWSOS_AWAITING_MODAL, /* we would like to fetch the update, but we have + * to wait for the user code to agree it's entered + * an update "mode" where it's not using the heap + * for anything else */ + LWSOS_FETCHING, /* if we did enter the lws_system MODAL state, we + * can proceed with fetching the update we like */ + LWSOS_FETCHING_INITED_GZ, + LWSOS_FETCHING_INITED_GZ_HASH, + LWSOS_STARTED, + LWSOS_WRITING, + LWSOS_FINALIZING, + LWSOS_REPORTED, + LWSOS_FAILED +} lws_ota_state_t; + +typedef struct lws_ota { + char buf[2048]; + struct lws_ss_handle *ss; + void *opaque_data; + char file[128]; + uint8_t sha512[64]; + + lws_flow_t flow; + + lws_sorted_usec_list_t sul_drain; + + lws_ota_state_t state; + lws_ota_process_t op; + + struct lws_genhash_ctx ctx; + struct inflator_ctx *inflate; + const uint8_t *outring; + struct lws_context *cx; + + uint64_t unixtime; + + lws_ota_async_t async_last; + lws_ota_ret_t async_r; + + size_t pos; + size_t expected_size; + size_t seen; + size_t written; + size_t buf_len; + + size_t outringlen; + size_t *opl; + size_t old_op; + size_t *cl; + + uint8_t last_pc; + uint8_t ota_start_done; + + + uint8_t async_completed; +} lws_ota_t; +#endif + void lws_service_do_ripe_rxflow(struct lws_context_per_thread *pt); diff --git a/lib/core/context.c b/lib/core/context.c index 202a57ac6..c140be305 100644 --- a/lib/core/context.c +++ b/lib/core/context.c @@ -74,9 +74,12 @@ static const char * system_state_names[] = { "REGISTERED", "AUTH1", "AUTH2", + "ONE_TIME_UPDATES", "OPERATIONAL", "POLICY_INVALID", - "DESTROYING" + "DESTROYING", + "AWAITING_MODAL_UPDATING", + "MODAL_UPDATING" }; @@ -126,6 +129,23 @@ lws_state_notify_protocol_init(struct lws_state_manager *mgr, } #endif +#if defined(LWS_WITH_OTA) + if (target == LWS_SYSTATE_OPERATIONAL) { + uint16_t b; + + /* + * We add jitter, so possibly large numbers of devices don't + * all wake up and check for updates at the same moment after a + * power outage + */ + + lws_get_random(context, &b, 2); + lws_sul_schedule(context, 0, &context->sul_ota_periodic, + lws_ota_periodic_cb, (/* 30 + */ (b % 1000) * + LWS_US_PER_MS)); + } +#endif + #if defined(LWS_WITH_NETLINK) /* * If we're going to use netlink routing data for DNS, we have to diff --git a/lib/core/private-lib-core.h b/lib/core/private-lib-core.h index 45edd4959..6c59d7d9c 100644 --- a/lib/core/private-lib-core.h +++ b/lib/core/private-lib-core.h @@ -626,6 +626,11 @@ struct lws_context { #endif +#if defined(LWS_WITH_OTA) + lws_sorted_usec_list_t sul_ota_periodic; + lws_ss_handle_t * ota_ss; /* opaque to platform */ +#endif + /* * <====== LWS_WITH_NETWORK end */ @@ -938,6 +943,7 @@ typedef struct inflator_ctx { size_t bp; size_t inpos; size_t inlen; + size_t archive_pos; size_t outpos; size_t outpos_linear; size_t consumed_linear; @@ -1039,6 +1045,9 @@ void lwsl_emit_stderr(int level, const char *line); #define lws_pt_stats_unlock(_a) (void)(_a) #endif +void +lws_ota_periodic_cb(lws_sorted_usec_list_t *sul); + int LWS_WARN_UNUSED_RESULT lws_ssl_capable_read_no_ssl(struct lws *wsi, unsigned char *buf, size_t len); @@ -1166,7 +1175,6 @@ lws_transport_mux_get_channel(lws_transport_mux_t *tm, lws_mux_ch_idx_t i); int lws_transport_mux_next_free(lws_transport_mux_t *tm, lws_mux_ch_idx_t *result); - void sul_ping_cb(lws_sorted_usec_list_t *sul); diff --git a/lib/plat/freertos/CMakeLists.txt b/lib/plat/freertos/CMakeLists.txt index c0d92e941..508c03432 100644 --- a/lib/plat/freertos/CMakeLists.txt +++ b/lib/plat/freertos/CMakeLists.txt @@ -53,6 +53,11 @@ if (LWS_WITH_SYS_ASYNC_DNS OR LWS_WITH_SYS_NTPCLIENT) list(APPEND SOURCES plat/freertos/freertos-resolv.c) endif() +if (LWS_ESP_PLATFORM AND LWS_WITH_OTA) + list(APPEND SOURCES plat/freertos/esp32/esp32-lws_ota.c) +endif() + + # # Keep explicit parent scope exports at end # diff --git a/lib/plat/freertos/esp32/esp32-lws_ota.c b/lib/plat/freertos/esp32/esp32-lws_ota.c new file mode 100644 index 000000000..3152c8267 --- /dev/null +++ b/lib/plat/freertos/esp32/esp32-lws_ota.c @@ -0,0 +1,201 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010 - 2022 Andy Green + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + * + * lws_ota platform implementation for esp-idf + * + * The whole platform OTA implementation runs in its own task context, which + * is created in ota_start() and taken down in ota_finalize(). Async + * completions are passed back to the main code by lws_cancel_service(). + */ + +#include "private-lib-core.h" +#include "esp_ota_ops.h" + +extern lws_settings_instance_t *si; + +/* + * Our platform-specific single OTA process object, it knows the esp-idf OTA + * handle too after ota_start succeeds. + */ + +typedef struct { + lws_ota_t *g; + + esp_ota_handle_t ota; /* opaque platform ota handle */ + TaskHandle_t th; + SemaphoreHandle_t sem; + const esp_partition_t *ep; +} _lws_ota_process_t; + +static _lws_ota_process_t pop; + +static void +ota_task(void *_g) +{ + lws_ota_t *g = (lws_ota_t *)_g; + esp_err_t e; + uint32_t no; + + while (1) { + + xTaskNotifyWaitIndexed(0, 0, ULONG_MAX, &no, portMAX_DELAY); + + /* something to do */ + + g->async_r = LWSOTARET_ONGOING; + + switch (no) { + + case LWS_OTA_ASYNC_START: + pop.ep = esp_ota_get_next_update_partition(NULL); + + g->async_r = LWSOTARET_NOSLOT; + + if (pop.ep) { + e = esp_ota_begin(pop.ep, g->expected_size, + &pop.ota); + if (e == ESP_OK) + g->async_r = LWSOTARET_OK; + else + printf("esp_ota_begin: %d\n", (int)e); + } else + lwsl_err("%s: no next update part\n", __func__); + + g->async_completed = 1; + lws_cancel_service(g->cx); + break; + + case LWS_OTA_ASYNC_WRITE: + /* + * g->flow has compressed data we can use when we + * need it + */ + + g->async_r = LWSOTARET_FAILED; + e = esp_ota_write(pop.ota, g->buf, g->buf_len); + if (e == ESP_OK) + g->async_r = LWSOTARET_OK; + else + lwsl_cx_err(g->cx, "esp_ota_write: %d", (int)e); + + g->async_completed = 1; + lws_cancel_service(g->cx); + break; + + case LWS_OTA_ASYNC_ABORT: + case LWS_OTA_ASYNC_FINALIZE: + + g->async_r = LWSOTARET_FAILED; + if (no == LWS_OTA_ASYNC_ABORT) + e = esp_ota_abort(pop.ota); + else { + e = esp_ota_end(pop.ota); + if (e == ESP_OK) { + struct timeval tv; + + /* + * Mark that we want to boot into the + * updated firmware that we just + * installed + */ + + e = esp_ota_set_boot_partition(pop.ep); + + /* + * Set the latest fw unixtime to the new + * guy. Set the time we updated. + */ + + lws_settings_plat_printf(si, + "ota.fw_unixtime", "%llu", + (unsigned long long)g->unixtime); + + if (!gettimeofday(&tv, NULL)) + lws_settings_plat_printf(si, + "ota.upd_unixtime", "%llu", + (unsigned long long)tv.tv_sec); + } + } + if (e == ESP_OK) + g->async_r = LWSOTARET_OK; + else + lwsl_cx_err(g->cx, "esp_ota_end: %d", (int)e); + + g->async_completed = 1; + lws_cancel_service(g->cx); + + pop.th = NULL; + vTaskDelete(0); + + return; + } + } +} + +void +lws_plat_ota_queue(lws_ota_t *g, lws_ota_async_t a) +{ + g->async_last = a; + xTaskNotify(pop.th, a, eSetValueWithOverwrite); +} + +int +lws_plat_ota_start(lws_ota_t *g) +{ + g->op = (lws_ota_process_t)&pop; + + xTaskCreate(ota_task, "ota", 3072, g, tskIDLE_PRIORITY, &pop.th); + if (!pop.th) + return 1; + + lws_plat_ota_queue(g, LWS_OTA_ASYNC_START); + + return 0; +} + +int +lws_plat_ota_report_current(lws_ota_t *g, int bad) +{ + if (bad) + esp_ota_mark_app_invalid_rollback_and_reboot(); + else + esp_ota_mark_app_valid_cancel_rollback(); + + return LWSOTARET_OK; +} + +int +lws_plat_ota_get_last_fw_unixtime(uint64_t *fw_unixtime) +{ + uint8_t buf[20]; + size_t l = sizeof(buf); + + if (lws_settings_plat_get(si, "ota.fw_unixtime", buf, &l)) { + lwsl_notice("%s: not in settings\n", __func__); + return 1; + } + + *fw_unixtime = atoll((const char *)buf); + + return 0; +} diff --git a/lib/system/CMakeLists.txt b/lib/system/CMakeLists.txt index 0a1d93837..ce480f41c 100644 --- a/lib/system/CMakeLists.txt +++ b/lib/system/CMakeLists.txt @@ -55,6 +55,12 @@ if (LWS_WITH_NETWORK) system/dhcpclient/dhcpc4.c) endif() + if (LWS_WITH_OTA) + list(APPEND SOURCES + system/ota/ota.c) + endif() + + if (LWS_WITH_SYS_SMD) add_subdir_include_dirs(smd) endif() diff --git a/lib/system/ota/ota.c b/lib/system/ota/ota.c new file mode 100644 index 000000000..9353150d2 --- /dev/null +++ b/lib/system/ota/ota.c @@ -0,0 +1,735 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010 - 2022 Andy Green + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + * + * Secure Streams / OTA + * + * In the interests of minimizing heap usage, OTA SS is only existing during + * update checks, update bulk data download, and OTA storage. Checks are + * initiated by cx->sul_ota_periodic which is triggered at OPERATIONAL and then + * periodically as set in system_ops->ota_ops->ota_periodic_check_secs. + */ + +#include "private-lib-core.h" + +static const char * const ota_pub_jwk = LWS_OTA_PUBLIC_JWK; +/* This is a string that is unique to the build type / application... we use + * it to make sure that we are updating to the same kind of build... */ +const char *lws_ota_variant = LWS_OTA_VARIANT; + +static void +ota_write_sul_cb(lws_sorted_usec_list_t *sul) +{ + lws_ota_t *g = lws_container_of(sul, lws_ota_t, sul_drain); + + /* we use this to retry entering modal */ + + if (g->state == LWSOS_AWAITING_MODAL) { + const lws_ota_ops_t *ota_ops = &g->cx->system_ops->ota_ops; + + /* + * Ask the user code to move to AWAITING_MODAL_UPDATING which it + * should agree to... and then MODAL_UPDATING whereit may choose + * to indicate it can't stop what it's doing right now. + */ + + lws_state_transition(&g->cx->mgr_system, + LWS_SYSTATE_AWAITING_MODAL_UPDATING); + lws_state_transition(&g->cx->mgr_system, + LWS_SYSTATE_MODAL_UPDATING); + + if (g->cx->mgr_system.state != LWS_SYSTATE_MODAL_UPDATING) { + + /* + * Something decided we can't do the update right now, eg, + * he's busy rendering something that would exhause the heap + * if we also tried to get on with the update. + * + * Let's try again in 1s, up to a timeout. + */ + + lwsl_ss_warn(g->ss, "Scheduling update mode retry"); + + lws_sul_schedule(g->cx, 0, &g->sul_drain, + ota_write_sul_cb, LWS_US_PER_SEC); + return; + } + + /* we can go ahead now, the system is in the update mode */ + + g->state = LWSOS_FETCHING; + + /* prep the gzip stream decompression */ + + g->inflate = lws_upng_inflator_create(&g->outring, + &g->outringlen, &g->opl, &g->cl); + if (!g->inflate) { + lwsl_err("%s: zlib init failed\n", __func__); + goto update_impossible; + } + + g->state = LWSOS_FETCHING_INITED_GZ; + + /* prep the hash computation of the decompressed data */ + + if (lws_genhash_init(&g->ctx, LWS_GENHASH_TYPE_SHA512)) { + lwsl_err("%s: hash init failed\n", __func__); + goto update_impossible; + } + + g->state = LWSOS_FETCHING_INITED_GZ_HASH; + + /* we don't want to create a dupe of ourselves while + * we're busy doing the OTA */ + lws_sul_cancel(&g->cx->sul_ota_periodic); + + lwsl_warn("%s: platform ota start\n", __func__); + /* continues asynchronously */ + if (ota_ops->ota_start(g)) { + lwsl_err("%s: ota_start failed\n", __func__); + goto update_impossible; + } + + return; + +update_impossible: + g->state = LWSOS_FAILED; + lws_ss_start_timeout(g->ss, 1); + + return; + } + + if (*((volatile lws_ota_async_t *)&g->async_last)) { + /* + * The task is busy, we can't start anything atm. When it + * is finished, the write completion will come back here. + */ + // lwsl_notice("%s: async_last busy\n", __func__); + return; + } + + /* + * We have a chance to write the next chunk... let's stage g->buf with + * as much inflated data as we can with what we have to hand, and set it + * writing + */ + + g->buf_len = 0; + while (g->buf_len < sizeof(g->buf) - 8 && + g->seen + g->buf_len < g->expected_size) { + lws_stateful_ret_t sr = 0; + size_t os, part; + + /* inflator pauses for WANT_OUTPUT after this many bytes out */ + g->inflate->bypl = sizeof(g->buf) - g->buf_len - 1; + + if (*g->opl == *g->cl) { + + /* No output pending.. do we have unused input left? */ + + if (g->flow.len) { + + /* + * There's some input already available, + * let's process that and see if it helped + */ + + sr = lws_upng_inflate_data(g->inflate, NULL, 0); + if (sr & LWS_SRET_FATAL) { + lwsl_ss_err(g->ss, "inflate error 1"); + + goto fail; + } + g->flow.len = g->inflate->inlen - (g->inflate->bp >> 3); + } + + if (*g->opl == *g->cl) { + + /* + * Still no output available... let's + * attempt to move to the next + */ + + lws_flow_req(&g->flow); + if (!g->flow.len) + break; + + sr = lws_upng_inflate_data(g->inflate, + g->flow.data, g->flow.len); + + g->flow.len = g->inflate->inlen - + (g->inflate->bp >> 3); + } + } /* there is already output pending */ + + if (sr & LWS_SRET_FATAL) { + lwsl_ss_err(g->ss, "inflate error %d", sr & 0xff); + + goto fail; + } + + os = ((*g->opl - g->old_op) % g->outringlen); + if (os > sizeof(g->buf) - g->buf_len) + os = sizeof(g->buf) - g->buf_len; + + if (!os) { + lwsl_err("%s: Nothing to compose in\n", __func__); + break; + } + + part = os; + if (*g->opl % g->outringlen < g->old_op) + part = g->outringlen - g->old_op; + + memcpy(g->buf + g->buf_len, g->outring + g->old_op, part); + g->buf_len += part; + if (part != os) { + memcpy(g->buf + g->buf_len, g->outring, os - part); + g->buf_len += os - part; + } + + g->old_op = *g->opl % g->outringlen; + *g->cl += os; + + } /* while try to fill the staging buffer */ + + if (!g->buf_len) + /* no ammo to work with... we will come back next time we + * get some rx */ + return; + + g->seen += g->buf_len; + if (g->seen > g->expected_size) { + lwsl_ss_err(g->ss, "oversize payload"); + + goto fail; + } + + /* let's track the hash as we get it */ + + if (lws_genhash_update(&g->ctx, g->buf, g->buf_len)) { + lwsl_ss_err(g->ss, "hash update failed"); + + goto fail; + } + + if (g->seen == g->expected_size) { + char temp[64]; + + lws_upng_inflator_destroy(&g->inflate); + lws_genhash_destroy(&g->ctx, temp); + + if (memcmp(temp, g->sha512, sizeof(temp))) { + lwsl_err("%s: payload hash differs\n", __func__); + + goto fail; + } + } + + g->cx->system_ops->ota_ops.ota_queue(g, LWS_OTA_ASYNC_WRITE); + + return; + +fail: + g->flow.state = LWSDLOFLOW_STATE_READ_FAILED; + lws_ss_cx_from_user(g)->system_ops->ota_ops.ota_queue(g, + LWS_OTA_ASYNC_ABORT); +} + +static void +ota_completion_start(lws_ota_t *g) +{ + if (g->async_r != LWSOTARET_OK) { + lwsl_ss_err(g->ss, "OTA START FAILED r %d", g->async_r); + + g->flow.state = LWSDLOFLOW_STATE_READ_FAILED; + lws_ss_cx_from_user(g)->system_ops->ota_ops.ota_queue(g, + LWS_OTA_ASYNC_ABORT); + return; + } + + /* we can start writing now */ + g->ota_start_done = 1; + g->state = LWSOS_STARTED; + + if (lws_ss_client_connect(lws_ss_from_user(g))) + lwsl_ss_warn(g->ss, "reconn failed"); + + lws_sul_schedule(g->cx, 0, &g->sul_drain, ota_write_sul_cb, 1); +} + +static void +ota_completion_write(lws_ota_t *g) +{ + const lws_ota_ops_t *ota_ops = &g->cx->system_ops->ota_ops; + uint8_t pc; + + if (g->async_r != LWSOTARET_OK) { + lwsl_ss_err(g->ss, "r %d", g->async_r); + + g->flow.state = LWSDLOFLOW_STATE_READ_FAILED; + lws_ss_cx_from_user(g)->system_ops->ota_ops.ota_queue(g, + LWS_OTA_ASYNC_ABORT); + return; + } + + g->written += g->buf_len; + + pc = (uint8_t)((g->written * 100) / g->expected_size); + if (pc != g->last_pc) { + g->last_pc = pc; + lwsl_notice("%s: %u%%\n", __func__, pc); + if (ota_ops->ota_progress) + g->cx->system_ops->ota_ops.ota_progress(LWSOTARET_PROGRESS, pc); + } + + if (g->written != g->expected_size) { + lws_sul_schedule(g->cx, 0, &g->sul_drain, ota_write_sul_cb, 1); + + return; + } + + /* We have completed writing the last part */ + + lwsl_warn("%s: finalizing good ota\n", __func__); + + g->cx->system_ops->ota_ops.ota_queue(g, LWS_OTA_ASYNC_FINALIZE); +} + +static void +ota_completion_finalize(lws_ota_t *g) +{ + lwsl_notice("%s: %d\n", __func__, g->async_r); + + if (g->async_r) + return; + + g->cx->system_ops->reboot(); +} + +static void +ota_completion_abort(lws_ota_t *g) +{ + int secs = 0; + + if (g->cx->system_ops && g->cx->system_ops->ota_ops.ota_periodic_check_secs) + secs = g->cx->system_ops->ota_ops.ota_periodic_check_secs; + + /* return from modal update state */ + lws_state_transition(&g->cx->mgr_system, LWS_SYSTATE_OPERATIONAL); + + /* we've had it */ + lws_ss_start_timeout(g->ss, 1); + + lws_sul_schedule(g->cx, 0, &g->cx->sul_ota_periodic, lws_ota_periodic_cb, + secs ? secs * LWS_US_PER_SEC : 24 * 3600 * LWS_US_PER_SEC); +} + + +static lws_ss_state_return_t +ota_rx(void *userobj, const uint8_t *in, size_t len, int flags) +{ + lws_ss_state_return_t r = LWSSSSRET_DISCONNECT_ME; + lws_ota_t *g = (lws_ota_t *)userobj; + const lws_ota_ops_t *ota_ops = &lws_ss_cx_from_user(g)->system_ops->ota_ops; + struct lws_jws_map map; + struct lws_jwk jwk; + uint64_t fw_last; + char temp[1024]; + int temp_len = sizeof(temp); + const char *p; + size_t alen; + int n; + + if (g->state >= LWSOS_FETCHING) { + + lwsl_info("%s: fetching %u, fl 0x%02X\n", __func__, (unsigned int)len, flags); + + /* + * We are decompressing, checking and flashing the image. + * + * g->flow and its buflist is managing COMPRESSED data from the + * network according to g->flow.window limit. Rx events are + * tiggered by tx credit manipulation from, and coming to + * service g->flow / buflist state ONLY and do not know or care + * about direct inflator state (it makes itself felt by using + * g->flow data in the write completion). + * + * The inflator may not need any g->flow data to produce output, + * or it may need all of it and more before it can produce + * output, or somewhere in the middle. At the output side, we + * have a fixed-size staging buffer so we may need to come back + * to issue more inflated data without any network event + * triggering it. + */ + + if (flags & LWSSS_FLAG_SOM) { + g->state = LWSOS_WRITING; + g->flow.state = LWSDLOFLOW_STATE_READ; + g->flow.h = g->ss; + g->flow.window = 4096; + if (ota_ops->ota_progress) + ota_ops->ota_progress(LWSOTARET_PROGRESS, 0); + } + + if (len && + lws_buflist_append_segment(&g->flow.bl, in, len) < 0) { + lwsl_ss_err(g->ss, "OOM"); + + goto fetch_fail; + } + + lws_sul_schedule(g->cx, 0, &g->sul_drain, ota_write_sul_cb, 1); + + if (flags & LWSSS_FLAG_EOM) + /* + * This was the last part, so there is no more new data + * in flight + */ + g->flow.state = (uint8_t)LWSDLOFLOW_STATE_READ_COMPLETED; + + return LWSSSSRET_OK; + +fetch_fail: + g->flow.state = LWSDLOFLOW_STATE_READ_FAILED; + + return LWSSSSRET_DISCONNECT_ME; + } + + /* we are collecting the manifest... */ + + if (g->pos + len > sizeof(g->buf)) + return LWSSSSRET_DISCONNECT_ME; + + memcpy(g->buf + g->pos, in, len); + g->pos += len; + + if ((flags & LWSSS_FLAG_EOM) != LWSSS_FLAG_EOM) + return LWSSSSRET_OK; + + /* we want to validate the JWS manifest against our public JWK */ + + if (lws_jwk_import(&jwk, NULL, NULL, ota_pub_jwk, strlen(ota_pub_jwk))) { + lwsl_err("%s: unable to import jwk\n", __func__); + return LWSSSSRET_DISCONNECT_ME; + } + + /* Step 1... is the JWS signed by the required key? */ + + if (lws_jws_sig_confirm_compact_b64(g->buf, g->pos, &map, &jwk, + lws_ss_cx_from_user(g), temp, + &temp_len)) { + lwsl_err("%s: manifest failed sig check\n", __func__); + goto bail; + } + + /* finished with the jwk */ + lws_jwk_destroy(&jwk); + + /* Step 2... the JOSE and payload sections are there, right? */ + + if (!map.buf[LJWS_JOSE] || !map.buf[LJWS_PYLD]) { + lwsl_err("%s: no JOSE block\n", __func__); + goto bail1; + } + + /* Step 3... do we agree the signing alg is secure enough? */ + + p = lws_json_simple_find(map.buf[LJWS_JOSE], map.len[LJWS_JOSE], + "\"alg\":", &alen); + if (!p) { + lwsl_err("%s: no alg\n", __func__); + goto bail1; + } + + if (strncmp("ES512", p, alen)) { + lwsl_err("%s: bad alg %.*s %d\n", __func__, (int)alen, p, (int)alen); + goto bail1; + } + + /* + * We trust that the manifest was robustly signed by the key we like, + * let's parse out the pieces we care about and validate the firmware is + * the same variant build as we're currently running, and, eg, we're not + * being given a validly-signed real firmware from the wrong variant, + * that will brick us. + */ + + lwsl_hexdump_notice(map.buf[LJWS_PYLD], map.len[LJWS_PYLD]); + + lwsl_notice("%s: JWS validated okay\n", __func__); + + p = lws_json_simple_find(map.buf[LJWS_PYLD], map.len[LJWS_PYLD], + "\"variant\":", &alen); + if (!p || strncmp(lws_ota_variant, p, alen)) { + lwsl_err("%s: wrong variant %.*s\n", __func__, (int)alen, p); + goto bail1; + } + + /* + * We liked the manifest, prepare to go again targeting the payload + * that the manifest described to us. + */ + + p = lws_json_simple_find(map.buf[LJWS_PYLD], map.len[LJWS_PYLD], + "\"path\":", &alen); + if (!p) { + lwsl_err("%s: no path\n", __func__); + goto bail1; + } + + lws_strnncpy(g->file, p, alen, sizeof(g->file)); + if (lws_ss_set_metadata(lws_ss_from_user(g), "file", g->file, alen)) { + lwsl_err("%s: failed to set firmware file %s\n", __func__, + LWS_OTA_VARIANT); + return LWSSSSRET_DISCONNECT_ME; + } + + p = lws_json_simple_find(map.buf[LJWS_PYLD], map.len[LJWS_PYLD], + "\"size\":", &alen); + if (!p) { + lwsl_err("%s: no size\n", __func__); + goto bail1; + } + g->expected_size = (size_t)atoll(p); + + p = lws_json_simple_find(map.buf[LJWS_PYLD], map.len[LJWS_PYLD], + "\"unixtime\":", &alen); + if (!p) { + lwsl_err("%s: no unxitime\n", __func__); + goto bail1; + } + g->unixtime = (uint64_t)atoll(p); + + p = lws_json_simple_find(map.buf[LJWS_PYLD], map.len[LJWS_PYLD], + "\"sha512\":", &alen); + if (!p) { + lwsl_err("%s: no hash\n", __func__); + goto bail1; + } + n = lws_hex_len_to_byte_array(p, alen, g->sha512, sizeof(g->sha512)); + if (n != sizeof(g->sha512)) { + lwsl_err("%s: bad hash %d %u %s\n", __func__, n, (unsigned int)alen, p); + goto bail1; + } + + /* + * So... is it newer? + */ + + if (!ota_ops->ota_get_last_fw_unixtime(&fw_last) && + g->unixtime <= fw_last) { + + /* + * We don't actually want this... + */ + + lwsl_ss_warn(g->ss, "Latest update is not newer"); + + return LWSSSSRET_DISCONNECT_ME; + } + + /* ... this is something that we like the look of... schedule trying + * to enter LWS_SYSTATE_MODAL_UPDATING state after this, and retry if + * we don't get there immediately */ + + g->state = LWSOS_AWAITING_MODAL; + lws_sul_schedule(g->cx, 0, &g->sul_drain, ota_write_sul_cb, 1); + /* on the other hand, don't let it keep trying forever */ + lws_ss_start_timeout(g->ss, 30000); + + /* + * We will DISCONNECT shortly, we won't proceed to the update image + * download unless we can agree with the user code to enter MODAL_ + * UPDATING within a timeout. Otherwise we will give up and retry + * after 24h or whatever. + */ + + return LWSSSSRET_OK; + +bail: + lws_jwk_destroy(&jwk); + +bail1: + return r; +} + +static lws_ss_state_return_t +ota_state(void *userobj, void *h_src, lws_ss_constate_t state, + lws_ss_tx_ordinal_t ack) +{ + lws_ota_t *g = (lws_ota_t *)userobj; + int n; + + switch ((int)state) { + case LWSSSCS_CREATING: /* start the transaction as soon as we exist */ + + g->cx = lws_ss_cx_from_user(g); + g->cx->ota_ss = g->ss; + g->state = LWSOS_CHECKING; + + if (lws_ss_set_metadata(lws_ss_from_user(g), + "ota_variant", LWS_OTA_VARIANT, + strlen(LWS_OTA_VARIANT))) { + lwsl_err("%s: failed to set ota_variant %s\n", __func__, + LWS_OTA_VARIANT); + return LWSSSSRET_DISCONNECT_ME; + } + + if (lws_ss_set_metadata(lws_ss_from_user(g), + "file", "manifest.jws", 12)) { + lwsl_err("%s: failed to set ota_variant %s\n", __func__, + LWS_OTA_VARIANT); + return LWSSSSRET_DISCONNECT_ME; + } + + return lws_ss_client_connect(lws_ss_from_user(g)); + + case LWSSSCS_DISCONNECTED: + + /* + * We have two kinds of connection that may disconnect, the + * manifest fetch, and the firmware fetch. + */ + + switch (g->state) { + case LWSOS_FETCHING_INITED_GZ_HASH: + case LWSOS_FETCHING: + return LWSSSSRET_OK; + + case LWSOS_WRITING: + /* + * The network part of fetching the update image is + * over. If it didn't fail, we need to stick around and + * let it either finish / writing and finalizing, or + * timeout. + */ + lwsl_notice("%s: draining\n", __func__); + + lws_ss_start_timeout(g->ss, 45000); + + return LWSSSSRET_OK; + + case LWSOS_AWAITING_MODAL: + /* + * We might have to wait a bit to find a good moment to + * enter the update mode. If we disconnect + * inbetweentimes, it's OK. + */ + return LWSSSSRET_OK; + + default: + lwsl_notice("%s: state %d, DESTROYING\n", __func__, g->state); + + return LWSSSSRET_DESTROY_ME; + } + + case LWSSSCS_DESTROYING: + + /* we only live for one ota check / fetch */ + lws_ss_cx_from_user(g)->ota_ss = NULL; + lws_buflist_destroy_all_segments(&g->flow.bl); + lws_sul_cancel(&g->sul_drain); + if (g->state == LWSOS_FETCHING_INITED_GZ_HASH) + lws_genhash_destroy(&g->ctx, NULL); + if (g->state >= LWSOS_FETCHING_INITED_GZ && + g->state < LWSOS_FINALIZING) + lws_upng_inflator_destroy(&g->inflate); + + return LWSSSSRET_OK; + + case LWSSSCS_TIMEOUT: + lwsl_err("%s: timeout\n", __func__); + + return LWSSSSRET_DESTROY_ME; + + case LWSSSCS_EVENT_WAIT_CANCELLED: + /* We may have a completion */ + if (g->async_completed) { + g->async_completed = 0; + n = g->async_last; + *((volatile lws_ota_async_t *)&g->async_last) = 0; + + switch (n) { + case LWS_OTA_ASYNC_START: + ota_completion_start(g); + break; + case LWS_OTA_ASYNC_WRITE: + ota_completion_write(g); + break; + + /* EVENT_WAIT_CANCELLED doesn't deal with returns */ + + case LWS_OTA_ASYNC_ABORT: + /* let's forget about it then */ + lws_ss_start_timeout(g->ss, 1); + ota_completion_abort(g); + break; + + case LWS_OTA_ASYNC_FINALIZE: + lws_ss_start_timeout(g->ss, 5000); + ota_completion_finalize(g); + break; + } + } + break; + } + + return LWSSSSRET_OK; +} + +static LWS_SS_INFO("ota", lws_ota_t) + .rx = ota_rx, + .state = ota_state, + .manual_initial_tx_credit = sizeof(((lws_ota_t *)NULL)->buf), +}; + +/* + * Creates the SS and kicks off the manifest check + */ + +void +lws_ota_periodic_cb(lws_sorted_usec_list_t *sul) +{ + struct lws_context *cx = lws_container_of(sul, struct lws_context, + sul_ota_periodic); + int secs = 0; + + if (cx->system_ops && cx->system_ops->ota_ops.ota_periodic_check_secs) + secs = cx->system_ops->ota_ops.ota_periodic_check_secs; + + lwsl_notice("%s\n", __func__); + + if (lws_ss_create(cx, 0, &ssi_lws_ota_t, NULL, NULL, NULL, NULL)) + lwsl_cx_warn(cx, "failed to create ota SS"); + + /* set up coming back again at (usually long) periods */ + + lws_sul_schedule(cx, 0, sul, lws_ota_periodic_cb, + secs ? secs * LWS_US_PER_SEC : 24 * 3600 * LWS_US_PER_SEC); +} + +const char * +lws_ota_variant_name(void) +{ + return lws_ota_variant; +}