From 6d2f26ca351fac4cd6aa690271f7b9bee0eeca02 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Wed, 28 Aug 2024 15:11:45 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .../layout/empty_line_after_magic_comment.yml | 1 - .rubocop_todo/style/if_unless_modifier.yml | 1 - .../components/multiline_comment_form.vue | 3 +- app/models/integrations/matrix.rb | 9 +- .../packages/maven/cached_response.rb | 5 + .../npm/process_package_file_service.rb | 11 +- .../dont_ignore_alternate_directories.yml | 9 + .../ai_custom_models_prompts_migration.yml | 2 +- .../wip/merge_request_dashboard.yml | 2 +- config/initializers/seed_fu.rb | 23 +- ..._cached_responses_relative_path_trigram.rb | 17 ++ ...rk_item_widget_definitions_namespace_id.rb | 25 +- ...item_widget_definitions_namespace_index.rb | 19 ++ ...get_definitions_default_namespace_index.rb | 20 ++ ...item_widget_definitions_namespace_id_fk.rb | 27 ++ ...idget_definitions_namespace_id_attempt2.rb | 13 + ...34926_add_fk_referencing_p_ci_pipelines.rb | 138 +++++++++ db/schema_migrations/20240816161451 | 1 + db/schema_migrations/20240826195103 | 1 + db/schema_migrations/20240826200011 | 1 + db/schema_migrations/20240826200752 | 1 + db/schema_migrations/20240826201748 | 1 + db/schema_migrations/20240827234926 | 1 + db/structure.sql | 47 +++ doc/development/fe_guide/index.md | 2 +- doc/development/fe_guide/state_management.md | 6 +- .../advanced_search/elasticsearch.md | 145 ++++++--- doc/user/project/import/index.md | 2 +- doc/user/project/index.md | 285 +++++++++--------- doc/user/workspace/set_up_workspaces_proxy.md | 4 +- .../maven/cached_response_endpoints.rb | 90 ++++++ .../packages/maven/upstream_endpoints.rb | 4 + .../packages/maven/cached_response.rb | 20 ++ lib/api/virtual_registries/packages/maven.rb | 27 +- lib/container_registry/path.rb | 8 +- ...k_environment_aware_any_oversized_blobs.rb | 2 + lib/gitlab/kas/client.rb | 13 + .../components/deploy_freeze_table_spec.js | 6 +- .../packages/maven/cached_response_spec.rb | 14 + spec/lib/container_registry/path_spec.rb | 11 + ...ironment_aware_any_oversized_blobs_spec.rb | 4 + spec/lib/gitlab/kas/client_spec.rb | 24 ++ spec/models/integrations/matrix_spec.rb | 43 ++- .../packages/maven/cached_response_spec.rb | 15 + .../virtual_registries/packages/maven_spec.rb | 211 +++++++++++++ .../npm/process_package_file_service_spec.rb | 10 + vendor/project_templates/laravel.tar.gz | Bin 73958 -> 73604 bytes 47 files changed, 1079 insertions(+), 245 deletions(-) create mode 100644 config/feature_flags/beta/dont_ignore_alternate_directories.yml create mode 100644 db/migrate/20240816161451_add_idx_virtual_registries_packages_maven_cached_responses_relative_path_trigram.rb create mode 100644 db/post_migrate/20240826195103_drop_work_item_widget_definitions_namespace_index.rb create mode 100644 db/post_migrate/20240826200011_drop_work_item_widget_definitions_default_namespace_index.rb create mode 100644 db/post_migrate/20240826200752_drop_work_item_widget_definitions_namespace_id_fk.rb create mode 100644 db/post_migrate/20240826201748_drop_work_item_widget_definitions_namespace_id_attempt2.rb create mode 100644 db/post_migrate/20240827234926_add_fk_referencing_p_ci_pipelines.rb create mode 100644 db/schema_migrations/20240816161451 create mode 100644 db/schema_migrations/20240826195103 create mode 100644 db/schema_migrations/20240826200011 create mode 100644 db/schema_migrations/20240826200752 create mode 100644 db/schema_migrations/20240826201748 create mode 100644 db/schema_migrations/20240827234926 create mode 100644 lib/api/concerns/virtual_registries/packages/maven/cached_response_endpoints.rb create mode 100644 lib/api/entities/virtual_registries/packages/maven/cached_response.rb create mode 100644 spec/lib/api/entities/virtual_registries/packages/maven/cached_response_spec.rb diff --git a/.rubocop_todo/layout/empty_line_after_magic_comment.yml b/.rubocop_todo/layout/empty_line_after_magic_comment.yml index 6c9a51113e6..ff5e5556df6 100644 --- a/.rubocop_todo/layout/empty_line_after_magic_comment.yml +++ b/.rubocop_todo/layout/empty_line_after_magic_comment.yml @@ -106,7 +106,6 @@ Layout/EmptyLineAfterMagicComment: - 'config/initializers/fog_core_patch.rb' - 'config/initializers/rubyzip.rb' - 'config/initializers/sawyer_patch.rb' - - 'config/initializers/seed_fu.rb' - 'config/initializers/sidekiq.rb' - 'config/routes/merge_requests.rb' - 'danger/ce_ee_vue_templates/Dangerfile' diff --git a/.rubocop_todo/style/if_unless_modifier.yml b/.rubocop_todo/style/if_unless_modifier.yml index 751851f8cd5..e549230ee25 100644 --- a/.rubocop_todo/style/if_unless_modifier.yml +++ b/.rubocop_todo/style/if_unless_modifier.yml @@ -261,7 +261,6 @@ Style/IfUnlessModifier: - 'config/initializers/jira.rb' - 'config/initializers/kaminari_active_record_relation_methods_with_limit.rb' - 'config/initializers/remove_active_job_execute_callback.rb' - - 'config/initializers/seed_fu.rb' - 'config/initializers/stackprof.rb' - 'config/initializers/validate_database_config.rb' - 'config/initializers_before_autoloader/002_sidekiq.rb' diff --git a/app/assets/javascripts/notes/components/multiline_comment_form.vue b/app/assets/javascripts/notes/components/multiline_comment_form.vue index a269756652b..8dbce435dc9 100644 --- a/app/assets/javascripts/notes/components/multiline_comment_form.vue +++ b/app/assets/javascripts/notes/components/multiline_comment_form.vue @@ -74,7 +74,7 @@ export default { diff --git a/app/models/integrations/matrix.rb b/app/models/integrations/matrix.rb index af5cce88722..73aeaf04c5d 100644 --- a/app/models/integrations/matrix.rb +++ b/app/models/integrations/matrix.rb @@ -88,10 +88,13 @@ module Integrations end def notify(message, _opts) + context = project_level? ? { project: project } : { skip_project_check: true } + body = { body: message.summary, msgtype: 'm.text', - format: 'org.matrix.custom.html' + format: 'org.matrix.custom.html', + formatted_body: Banzai.render_and_post_process(message.summary, context) }.compact_blank header = { 'Content-Type' => 'application/json' } @@ -101,5 +104,9 @@ module Integrations response if response.success? end + + def custom_data(data) + super(data).merge(markdown: true) + end end end diff --git a/app/models/virtual_registries/packages/maven/cached_response.rb b/app/models/virtual_registries/packages/maven/cached_response.rb index 9a1dc029f24..b25731b68fd 100644 --- a/app/models/virtual_registries/packages/maven/cached_response.rb +++ b/app/models/virtual_registries/packages/maven/cached_response.rb @@ -5,6 +5,7 @@ module VirtualRegistries module Maven class CachedResponse < ApplicationRecord include FileStoreMounter + include Gitlab::SQL::Pattern belongs_to :group belongs_to :upstream, class_name: 'VirtualRegistries::Packages::Maven::Upstream', inverse_of: :cached_responses @@ -31,6 +32,10 @@ module VirtualRegistries if: -> { object_storage_key.blank? && relative_path && upstream && upstream.registry } attr_readonly :object_storage_key + scope :search_by_relative_path, ->(query) do + fuzzy_search(query, [:relative_path], use_minimum_char_limit: false) + end + private def set_object_storage_key diff --git a/app/services/packages/npm/process_package_file_service.rb b/app/services/packages/npm/process_package_file_service.rb index 2f93653d4a6..7b6a2ff0d2d 100644 --- a/app/services/packages/npm/process_package_file_service.rb +++ b/app/services/packages/npm/process_package_file_service.rb @@ -47,7 +47,7 @@ module Packages yield unless entry_path.is_a?(String) tar_reader.rewind - entry = tar_reader.find { |e| e.full_name == entry_path } + entry = tar_reader.find { |e| path_for(e) == entry_path } yield entry end @@ -60,9 +60,16 @@ module Packages # We cannot get the entry directly when using #reverse_each because # TarReader closes the stream after iterating over all entries tar_reader.reverse_each do |entry| - break entry.full_name if entry.full_name.match?(PACKAGE_JSON_ENTRY_REGEX) + entry_path = path_for(entry) + break entry_path if entry_path.match?(PACKAGE_JSON_ENTRY_REGEX) end end + + def path_for(entry) + entry.full_name + rescue ::Gem::Package::TarInvalidError + entry.header.name + end end end end diff --git a/config/feature_flags/beta/dont_ignore_alternate_directories.yml b/config/feature_flags/beta/dont_ignore_alternate_directories.yml new file mode 100644 index 00000000000..6c65bf1b110 --- /dev/null +++ b/config/feature_flags/beta/dont_ignore_alternate_directories.yml @@ -0,0 +1,9 @@ +--- +name: dont_ignore_alternate_directories +feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/438245 +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164082 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/480875 +milestone: '17.4' +group: group::source code +type: beta +default_enabled: false diff --git a/config/feature_flags/development/ai_custom_models_prompts_migration.yml b/config/feature_flags/development/ai_custom_models_prompts_migration.yml index 01ba89c7199..ce5569632b5 100644 --- a/config/feature_flags/development/ai_custom_models_prompts_migration.yml +++ b/config/feature_flags/development/ai_custom_models_prompts_migration.yml @@ -6,4 +6,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/473358 milestone: '17.3' group: group::custom models type: development -default_enabled: false +default_enabled: true diff --git a/config/feature_flags/wip/merge_request_dashboard.yml b/config/feature_flags/wip/merge_request_dashboard.yml index cea0775417e..bcb88e4faf4 100644 --- a/config/feature_flags/wip/merge_request_dashboard.yml +++ b/config/feature_flags/wip/merge_request_dashboard.yml @@ -2,7 +2,7 @@ name: merge_request_dashboard feature_issue_url: https://gitlab.com/groups/gitlab-org/-/epics/13448 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150661 -rollout_issue_url: +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/480854 milestone: '17.0' group: group::code review type: wip diff --git a/config/initializers/seed_fu.rb b/config/initializers/seed_fu.rb index 2e48e41a311..a9ca417825f 100644 --- a/config/initializers/seed_fu.rb +++ b/config/initializers/seed_fu.rb @@ -1,4 +1,23 @@ # frozen_string_literal: true -if Gitlab.ee? - SeedFu.fixture_paths += %W[ee/db/fixtures ee/db/fixtures/#{Rails.env}] + +SeedFu.fixture_paths += %W[ee/db/fixtures ee/db/fixtures/#{Rails.env}] if Gitlab.ee? + +require 'benchmark' + +seed_timer = Module.new do + def run + duration = Benchmark.realtime { super } + + printf "== Seeding took %.2f seconds\n", duration + end + + private + + def run_file(filename) + duration = Benchmark.realtime { super } + + printf "== %s took %.2f seconds\n", filename, duration + end end + +SeedFu::Runner.prepend seed_timer diff --git a/db/migrate/20240816161451_add_idx_virtual_registries_packages_maven_cached_responses_relative_path_trigram.rb b/db/migrate/20240816161451_add_idx_virtual_registries_packages_maven_cached_responses_relative_path_trigram.rb new file mode 100644 index 00000000000..b1f86bfbe84 --- /dev/null +++ b/db/migrate/20240816161451_add_idx_virtual_registries_packages_maven_cached_responses_relative_path_trigram.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +class AddIdxVirtualRegistriesPackagesMavenCachedResponsesRelativePathTrigram < Gitlab::Database::Migration[2.2] + disable_ddl_transaction! + milestone '17.4' + + INDEX_NAME = 'idx_vreg_pkgs_maven_cached_responses_on_relative_path_trigram' + + def up + add_concurrent_index :virtual_registries_packages_maven_cached_responses, :relative_path, + using: :gin, opclass: :gin_trgm_ops, name: INDEX_NAME + end + + def down + remove_concurrent_index_by_name :virtual_registries_packages_maven_cached_responses, INDEX_NAME + end +end diff --git a/db/post_migrate/20240814162640_drop_work_item_widget_definitions_namespace_id.rb b/db/post_migrate/20240814162640_drop_work_item_widget_definitions_namespace_id.rb index 1bc6375ce46..d22b43d19a2 100644 --- a/db/post_migrate/20240814162640_drop_work_item_widget_definitions_namespace_id.rb +++ b/db/post_migrate/20240814162640_drop_work_item_widget_definitions_namespace_id.rb @@ -1,31 +1,16 @@ # frozen_string_literal: true class DropWorkItemWidgetDefinitionsNamespaceId < Gitlab::Database::Migration[2.2] - UNIQUE_INDEX_NAME = 'index_work_item_widget_definitions_on_namespace_type_and_name' - UNIQUE_DEFAULT_NAMESPACE_INDEX_NAME = 'index_work_item_widget_definitions_on_default_witype_and_name' - - disable_ddl_transaction! - milestone '17.4' def up - remove_column :work_item_widget_definitions, :namespace_id + # no-op + # Rescheduling migration as described in + # https://gitlab.com/gitlab-org/gitlab/-/issues/480503 + # Making it safer to execute due to the locks that are required to acquire end def down - add_column :work_item_widget_definitions, :namespace_id, :bigint - - add_concurrent_index :work_item_widget_definitions, - [:namespace_id, :work_item_type_id, :name], - unique: true, - name: UNIQUE_INDEX_NAME - - add_concurrent_index :work_item_widget_definitions, - [:work_item_type_id, :name], - where: "namespace_id is NULL", - unique: true, - name: UNIQUE_DEFAULT_NAMESPACE_INDEX_NAME - - add_concurrent_foreign_key :work_item_widget_definitions, :namespaces, column: :namespace_id, on_delete: :cascade + # no-op end end diff --git a/db/post_migrate/20240826195103_drop_work_item_widget_definitions_namespace_index.rb b/db/post_migrate/20240826195103_drop_work_item_widget_definitions_namespace_index.rb new file mode 100644 index 00000000000..699a9867770 --- /dev/null +++ b/db/post_migrate/20240826195103_drop_work_item_widget_definitions_namespace_index.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +class DropWorkItemWidgetDefinitionsNamespaceIndex < Gitlab::Database::Migration[2.2] + UNIQUE_INDEX_NAME = 'index_work_item_widget_definitions_on_namespace_type_and_name' + + milestone '17.4' + disable_ddl_transaction! + + def up + remove_concurrent_index_by_name :work_item_widget_definitions, name: UNIQUE_INDEX_NAME + end + + def down + add_concurrent_index :work_item_widget_definitions, + [:namespace_id, :work_item_type_id, :name], + unique: true, + name: UNIQUE_INDEX_NAME + end +end diff --git a/db/post_migrate/20240826200011_drop_work_item_widget_definitions_default_namespace_index.rb b/db/post_migrate/20240826200011_drop_work_item_widget_definitions_default_namespace_index.rb new file mode 100644 index 00000000000..7a1e15cbee7 --- /dev/null +++ b/db/post_migrate/20240826200011_drop_work_item_widget_definitions_default_namespace_index.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +class DropWorkItemWidgetDefinitionsDefaultNamespaceIndex < Gitlab::Database::Migration[2.2] + UNIQUE_DEFAULT_NAMESPACE_INDEX_NAME = 'index_work_item_widget_definitions_on_default_witype_and_name' + + milestone '17.4' + disable_ddl_transaction! + + def up + remove_concurrent_index_by_name :work_item_widget_definitions, name: UNIQUE_DEFAULT_NAMESPACE_INDEX_NAME + end + + def down + add_concurrent_index :work_item_widget_definitions, + [:work_item_type_id, :name], + where: "namespace_id is NULL", + unique: true, + name: UNIQUE_DEFAULT_NAMESPACE_INDEX_NAME + end +end diff --git a/db/post_migrate/20240826200752_drop_work_item_widget_definitions_namespace_id_fk.rb b/db/post_migrate/20240826200752_drop_work_item_widget_definitions_namespace_id_fk.rb new file mode 100644 index 00000000000..5aa5f271d44 --- /dev/null +++ b/db/post_migrate/20240826200752_drop_work_item_widget_definitions_namespace_id_fk.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +class DropWorkItemWidgetDefinitionsNamespaceIdFk < Gitlab::Database::Migration[2.2] + FK_NAME = 'fk_ecf57512f7' + + milestone '17.4' + disable_ddl_transaction! + + def up + with_lock_retries do + remove_foreign_key_if_exists( + :work_item_widget_definitions, + :namespaces, + name: FK_NAME, + reverse_lock_order: true + ) + end + end + + def down + add_concurrent_foreign_key :work_item_widget_definitions, + :namespaces, + column: :namespace_id, + on_delete: :cascade, + name: FK_NAME + end +end diff --git a/db/post_migrate/20240826201748_drop_work_item_widget_definitions_namespace_id_attempt2.rb b/db/post_migrate/20240826201748_drop_work_item_widget_definitions_namespace_id_attempt2.rb new file mode 100644 index 00000000000..7ad02664ea9 --- /dev/null +++ b/db/post_migrate/20240826201748_drop_work_item_widget_definitions_namespace_id_attempt2.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class DropWorkItemWidgetDefinitionsNamespaceIdAttempt2 < Gitlab::Database::Migration[2.2] + milestone '17.4' + + def up + remove_column :work_item_widget_definitions, :namespace_id, if_exists: true + end + + def down + add_column :work_item_widget_definitions, :namespace_id, :bigint, if_not_exists: true + end +end diff --git a/db/post_migrate/20240827234926_add_fk_referencing_p_ci_pipelines.rb b/db/post_migrate/20240827234926_add_fk_referencing_p_ci_pipelines.rb new file mode 100644 index 00000000000..a035bd0c47f --- /dev/null +++ b/db/post_migrate/20240827234926_add_fk_referencing_p_ci_pipelines.rb @@ -0,0 +1,138 @@ +# frozen_string_literal: true + +class AddFkReferencingPCiPipelines < Gitlab::Database::Migration[2.2] + include Gitlab::Database::PartitioningMigrationHelpers + + milestone '17.4' + disable_ddl_transaction! + + FOREIGN_KEYS = [ + { + source_table: :ci_pipeline_chat_data, + name: :fk_64ebfab6b3_p_tmp, + column: [:partition_id, :pipeline_id] + }, + { + source_table: :ci_sources_pipelines, + name: :fk_d4e29af7d7_p_tmp, + column: [:source_partition_id, :source_pipeline_id] + }, + { + source_table: :ci_sources_pipelines, + name: :fk_e1bad85861_p_tmp, + column: [:partition_id, :pipeline_id] + }, + { + source_table: :ci_sources_projects, + name: :fk_rails_10a1eb379a_p_tmp, + column: [:partition_id, :pipeline_id] + }, + { + source_table: :ci_pipeline_metadata, + name: :fk_rails_50c1e9ea10_p_tmp, + column: [:partition_id, :pipeline_id] + }, + { + source_table: :ci_pipeline_messages, + name: :fk_rails_8d3b04e3e1_p_tmp, + column: [:partition_id, :pipeline_id] + }, + { + source_table: :ci_pipelines_config, + name: :fk_rails_906c9a2533_p_tmp, + column: [:partition_id, :pipeline_id] + }, + { + source_table: :ci_pipeline_artifacts, + name: :fk_rails_a9e811a466_p_tmp, + column: [:partition_id, :pipeline_id] + }, + { + source_table: :ci_daily_build_group_report_results, + name: :fk_rails_ee072d13b3_p_tmp, + column: [:partition_id, :last_pipeline_id] + } + ] + + P_FOREIGN_KEYS = [ + { + source_table: :p_ci_pipelines, + name: :fk_262d4c2d19_p_tmp, + column: [:auto_canceled_by_partition_id, :auto_canceled_by_id], + on_delete: :nullify + }, + { + source_table: :p_ci_builds, + name: :fk_87f4cefcda_p_tmp, + column: [:upstream_pipeline_partition_id, :upstream_pipeline_id] + }, + { + source_table: :p_ci_builds, + name: :fk_a2141b1522_p_tmp, + column: [:auto_canceled_by_partition_id, :auto_canceled_by_id], + on_delete: :nullify + }, + { + source_table: :p_ci_builds, + name: :fk_d3130c9a7f_p_tmp, + column: [:partition_id, :commit_id] + }, + { + source_table: :p_ci_pipeline_variables, + name: :fk_f29c5f4380_p_tmp, + column: [:partition_id, :pipeline_id] + }, + { + source_table: :p_ci_stages, + name: :fk_fb57e6cc56_p_tmp, + column: [:partition_id, :pipeline_id] + }, + { + source_table: :p_ci_builds_execution_configs, + name: :fk_rails_c26408d02c_p_tmp, + column: [:partition_id, :pipeline_id] + } + ] + + def up + FOREIGN_KEYS.each do |fk| + add_concurrent_foreign_key(fk[:source_table], :p_ci_pipelines, **with_defaults(fk)) + prepare_async_foreign_key_validation(fk[:source_table], name: fk[:name]) + end + + P_FOREIGN_KEYS.each do |fk| + add_concurrent_partitioned_foreign_key(fk[:source_table], :p_ci_pipelines, **with_defaults(fk)) + prepare_partitioned_async_foreign_key_validation(fk[:source_table], name: fk[:name]) + end + end + + def down + FOREIGN_KEYS.each do |fk| + unprepare_async_foreign_key_validation(fk[:source_table], name: fk[:name]) + with_lock_retries do + remove_foreign_key_if_exists(fk[:source_table], name: fk[:name], reverse_lock_order: true) + end + end + + P_FOREIGN_KEYS.each do |fk| + unprepare_partitioned_async_foreign_key_validation(fk[:source_table], name: fk[:name]) + Gitlab::Database::PostgresPartitionedTable.each_partition(fk[:source_table]) do |partition| + with_lock_retries do + remove_foreign_key_if_exists partition.identifier, name: fk[:name], reverse_lock_order: true + end + end + end + end + + private + + def with_defaults(options) + options.except(:source_table).with_defaults( + target_column: [:partition_id, :id], + on_update: :cascade, + on_delete: :cascade, + reverse_lock_order: true, + validate: false + ) + end +end diff --git a/db/schema_migrations/20240816161451 b/db/schema_migrations/20240816161451 new file mode 100644 index 00000000000..c9449a716d8 --- /dev/null +++ b/db/schema_migrations/20240816161451 @@ -0,0 +1 @@ +a7b97be0ae36d65520be47e553a9338849681a9dc8ef069881d9790037eea41b \ No newline at end of file diff --git a/db/schema_migrations/20240826195103 b/db/schema_migrations/20240826195103 new file mode 100644 index 00000000000..cdb6067363f --- /dev/null +++ b/db/schema_migrations/20240826195103 @@ -0,0 +1 @@ +3cdc16dc3367ab1c1b1bca009de8c0f84ca160d2c5fdd432e533bf6d6b70d168 \ No newline at end of file diff --git a/db/schema_migrations/20240826200011 b/db/schema_migrations/20240826200011 new file mode 100644 index 00000000000..aafbb42f1ef --- /dev/null +++ b/db/schema_migrations/20240826200011 @@ -0,0 +1 @@ +035ef8e722d17497e3c0ae660b6800e74d2168af38cd8186dc052c1db73c8a59 \ No newline at end of file diff --git a/db/schema_migrations/20240826200752 b/db/schema_migrations/20240826200752 new file mode 100644 index 00000000000..d03d826c90d --- /dev/null +++ b/db/schema_migrations/20240826200752 @@ -0,0 +1 @@ +a56e39bc76ddcc40261911dd95793037c541a4823089945a88d2be4fe680e382 \ No newline at end of file diff --git a/db/schema_migrations/20240826201748 b/db/schema_migrations/20240826201748 new file mode 100644 index 00000000000..410624e98d3 --- /dev/null +++ b/db/schema_migrations/20240826201748 @@ -0,0 +1 @@ +6ff0f6143ab1ea96f909e02de70043caa4a1e3194a4ff058963971af1c66985d \ No newline at end of file diff --git a/db/schema_migrations/20240827234926 b/db/schema_migrations/20240827234926 new file mode 100644 index 00000000000..e426733188c --- /dev/null +++ b/db/schema_migrations/20240827234926 @@ -0,0 +1 @@ +aa8f4b316e7bcbb92a8df81c757204efbdb8330b49c44b97053fb7d6c0c72f4a \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 656181c4f7d..09e52509e11 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -26665,6 +26665,8 @@ CREATE INDEX idx_user_credit_card_validations_on_similar_to_meta_data ON user_cr CREATE INDEX idx_user_details_on_provisioned_by_group_id_user_id ON user_details USING btree (provisioned_by_group_id, user_id); +CREATE INDEX idx_vreg_pkgs_maven_cached_responses_on_relative_path_trigram ON virtual_registries_packages_maven_cached_responses USING gin (relative_path gin_trgm_ops); + CREATE UNIQUE INDEX idx_vregs_pkgs_mvn_cached_resp_on_uniq_upstrm_id_and_rel_path ON virtual_registries_packages_maven_cached_responses USING btree (upstream_id, relative_path); CREATE INDEX idx_vuln_reads_for_filtering ON vulnerability_reads USING btree (project_id, state, dismissal_reason, severity DESC, vulnerability_id DESC NULLS LAST); @@ -33082,6 +33084,9 @@ ALTER TABLE ONLY zoekt_repositories ALTER TABLE ONLY ci_pipelines ADD CONSTRAINT fk_262d4c2d19_p FOREIGN KEY (auto_canceled_by_partition_id, auto_canceled_by_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE SET NULL; +ALTER TABLE ONLY ci_pipelines + ADD CONSTRAINT fk_262d4c2d19_p_tmp FOREIGN KEY (auto_canceled_by_partition_id, auto_canceled_by_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE SET NULL NOT VALID; + ALTER TABLE ONLY user_namespace_callouts ADD CONSTRAINT fk_27a69fd1bd FOREIGN KEY (namespace_id) REFERENCES namespaces(id) ON DELETE CASCADE; @@ -33427,6 +33432,9 @@ ALTER TABLE ONLY approval_group_rules ALTER TABLE ONLY ci_pipeline_chat_data ADD CONSTRAINT fk_64ebfab6b3_p FOREIGN KEY (partition_id, pipeline_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; +ALTER TABLE ONLY ci_pipeline_chat_data + ADD CONSTRAINT fk_64ebfab6b3_p_tmp FOREIGN KEY (partition_id, pipeline_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ALTER TABLE ONLY cluster_agent_tokens ADD CONSTRAINT fk_64f741f626 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE; @@ -33616,6 +33624,9 @@ ALTER TABLE ONLY packages_package_files ALTER TABLE p_ci_builds ADD CONSTRAINT fk_87f4cefcda_p FOREIGN KEY (upstream_pipeline_partition_id, upstream_pipeline_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; +ALTER TABLE ONLY ci_builds + ADD CONSTRAINT fk_87f4cefcda_p_tmp FOREIGN KEY (upstream_pipeline_partition_id, upstream_pipeline_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ALTER TABLE ONLY approval_group_rules_users ADD CONSTRAINT fk_888a0df3b7 FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE; @@ -33766,6 +33777,9 @@ ALTER TABLE ONLY subscription_add_on_purchases ALTER TABLE p_ci_builds ADD CONSTRAINT fk_a2141b1522_p FOREIGN KEY (auto_canceled_by_partition_id, auto_canceled_by_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE SET NULL; +ALTER TABLE ONLY ci_builds + ADD CONSTRAINT fk_a2141b1522_p_tmp FOREIGN KEY (auto_canceled_by_partition_id, auto_canceled_by_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE SET NULL NOT VALID; + ALTER TABLE ONLY protected_environment_approval_rules ADD CONSTRAINT fk_a3cc825836 FOREIGN KEY (protected_environment_project_id) REFERENCES projects(id) ON DELETE CASCADE; @@ -34093,6 +34107,9 @@ ALTER TABLE ONLY dast_pre_scan_verifications ALTER TABLE p_ci_builds ADD CONSTRAINT fk_d3130c9a7f_p FOREIGN KEY (partition_id, commit_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; +ALTER TABLE ONLY ci_builds + ADD CONSTRAINT fk_d3130c9a7f_p_tmp FOREIGN KEY (partition_id, commit_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ALTER TABLE ONLY boards_epic_user_preferences ADD CONSTRAINT fk_d32c3d693c FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE; @@ -34102,6 +34119,9 @@ ALTER TABLE ONLY vulnerability_state_transitions ALTER TABLE ONLY ci_sources_pipelines ADD CONSTRAINT fk_d4e29af7d7_p FOREIGN KEY (source_partition_id, source_pipeline_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; +ALTER TABLE ONLY ci_sources_pipelines + ADD CONSTRAINT fk_d4e29af7d7_p_tmp FOREIGN KEY (source_partition_id, source_pipeline_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ALTER TABLE ONLY operations_strategies_user_lists ADD CONSTRAINT fk_d4f7076369 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE; @@ -34186,6 +34206,9 @@ ALTER TABLE ONLY ci_resources ALTER TABLE ONLY ci_sources_pipelines ADD CONSTRAINT fk_e1bad85861_p FOREIGN KEY (partition_id, pipeline_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; +ALTER TABLE ONLY ci_sources_pipelines + ADD CONSTRAINT fk_e1bad85861_p_tmp FOREIGN KEY (partition_id, pipeline_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ALTER TABLE p_ci_builds_metadata ADD CONSTRAINT fk_e20479742e_p FOREIGN KEY (partition_id, build_id) REFERENCES p_ci_builds(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; @@ -34309,6 +34332,9 @@ ALTER TABLE ONLY observability_metrics_issues_connections ALTER TABLE p_ci_pipeline_variables ADD CONSTRAINT fk_f29c5f4380_p FOREIGN KEY (partition_id, pipeline_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; +ALTER TABLE ONLY ci_pipeline_variables + ADD CONSTRAINT fk_f29c5f4380_p_tmp FOREIGN KEY (partition_id, pipeline_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ALTER TABLE ONLY zoekt_indices ADD CONSTRAINT fk_f34800a202 FOREIGN KEY (zoekt_node_id) REFERENCES zoekt_nodes(id) ON DELETE CASCADE; @@ -34351,6 +34377,9 @@ ALTER TABLE ONLY application_settings ALTER TABLE p_ci_stages ADD CONSTRAINT fk_fb57e6cc56_p FOREIGN KEY (partition_id, pipeline_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; +ALTER TABLE ONLY ci_stages + ADD CONSTRAINT fk_fb57e6cc56_p_tmp FOREIGN KEY (partition_id, pipeline_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ALTER TABLE ONLY agent_group_authorizations ADD CONSTRAINT fk_fb70782616 FOREIGN KEY (agent_id) REFERENCES cluster_agents(id) ON DELETE CASCADE; @@ -34525,6 +34554,9 @@ ALTER TABLE ONLY audit_events_streaming_headers ALTER TABLE ONLY ci_sources_projects ADD CONSTRAINT fk_rails_10a1eb379a_p FOREIGN KEY (partition_id, pipeline_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; +ALTER TABLE ONLY ci_sources_projects + ADD CONSTRAINT fk_rails_10a1eb379a_p_tmp FOREIGN KEY (partition_id, pipeline_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ALTER TABLE ONLY virtual_registries_packages_maven_cached_responses ADD CONSTRAINT fk_rails_1167f21441 FOREIGN KEY (upstream_id) REFERENCES virtual_registries_packages_maven_upstreams(id) ON DELETE SET NULL; @@ -34990,6 +35022,9 @@ ALTER TABLE ONLY status_page_settings ALTER TABLE ONLY ci_pipeline_metadata ADD CONSTRAINT fk_rails_50c1e9ea10_p FOREIGN KEY (partition_id, pipeline_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; +ALTER TABLE ONLY ci_pipeline_metadata + ADD CONSTRAINT fk_rails_50c1e9ea10_p_tmp FOREIGN KEY (partition_id, pipeline_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ALTER TABLE ONLY project_repository_storage_moves ADD CONSTRAINT fk_rails_5106dbd44a FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE; @@ -35443,6 +35478,9 @@ ALTER TABLE ONLY vulnerability_feedback ALTER TABLE ONLY ci_pipeline_messages ADD CONSTRAINT fk_rails_8d3b04e3e1_p FOREIGN KEY (partition_id, pipeline_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; +ALTER TABLE ONLY ci_pipeline_messages + ADD CONSTRAINT fk_rails_8d3b04e3e1_p_tmp FOREIGN KEY (partition_id, pipeline_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ALTER TABLE incident_management_pending_alert_escalations ADD CONSTRAINT fk_rails_8d8de95da9 FOREIGN KEY (alert_id) REFERENCES alert_management_alerts(id) ON DELETE CASCADE; @@ -35473,6 +35511,9 @@ ALTER TABLE ONLY organization_details ALTER TABLE ONLY ci_pipelines_config ADD CONSTRAINT fk_rails_906c9a2533_p FOREIGN KEY (partition_id, pipeline_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; +ALTER TABLE ONLY ci_pipelines_config + ADD CONSTRAINT fk_rails_906c9a2533_p_tmp FOREIGN KEY (partition_id, pipeline_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ALTER TABLE ONLY approval_project_rules_groups ADD CONSTRAINT fk_rails_9071e863d1 FOREIGN KEY (approval_project_rule_id) REFERENCES approval_project_rules(id) ON DELETE CASCADE; @@ -35659,6 +35700,9 @@ ALTER TABLE ONLY saved_replies ALTER TABLE ONLY ci_pipeline_artifacts ADD CONSTRAINT fk_rails_a9e811a466_p FOREIGN KEY (partition_id, pipeline_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; +ALTER TABLE ONLY ci_pipeline_artifacts + ADD CONSTRAINT fk_rails_a9e811a466_p_tmp FOREIGN KEY (partition_id, pipeline_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ALTER TABLE ONLY merge_request_user_mentions ADD CONSTRAINT fk_rails_aa1b2961b1 FOREIGN KEY (merge_request_id) REFERENCES merge_requests(id) ON DELETE CASCADE; @@ -36175,6 +36219,9 @@ ALTER TABLE ONLY packages_debian_group_distributions ALTER TABLE ONLY ci_daily_build_group_report_results ADD CONSTRAINT fk_rails_ee072d13b3_p FOREIGN KEY (partition_id, last_pipeline_id) REFERENCES ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; +ALTER TABLE ONLY ci_daily_build_group_report_results + ADD CONSTRAINT fk_rails_ee072d13b3_p_tmp FOREIGN KEY (partition_id, last_pipeline_id) REFERENCES p_ci_pipelines(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ALTER TABLE ONLY import_source_users ADD CONSTRAINT fk_rails_ee30e569be FOREIGN KEY (namespace_id) REFERENCES namespaces(id) ON DELETE CASCADE; diff --git a/doc/development/fe_guide/index.md b/doc/development/fe_guide/index.md index da861278e11..6dcb053511b 100644 --- a/doc/development/fe_guide/index.md +++ b/doc/development/fe_guide/index.md @@ -30,7 +30,7 @@ There are still instances where the GitLab REST API is used, such as when creati For [client-side state management](state_management.md) in Vue, depending on the specific needs of the feature, we use: -- [Apollo](https://www.apollographql.com/) (our primary [GraphQL client](graphql.md)) +- [Apollo](https://www.apollographql.com/) (default choice for applications relying on [GraphQL](graphql.md)) - [Pinia](pinia.md) (in [pilot phase](https://gitlab.com/gitlab-org/gitlab/-/issues/479279)) - Stateful components. diff --git a/doc/development/fe_guide/state_management.md b/doc/development/fe_guide/state_management.md index db251b49f8e..0f5b0b214e5 100644 --- a/doc/development/fe_guide/state_management.md +++ b/doc/development/fe_guide/state_management.md @@ -56,7 +56,7 @@ If you're still uncertain, prefer using Apollo before Pinia. ### Pick Apollo when -- You rely on the GraphQL server state +- You rely on the GraphQL API - You need specific Apollo features, for example: - [Parametrized cache, cache invalidation](graphql.md#immutability-and-cache-updates) - [Polling](graphql.md#polling-and-performance) @@ -83,14 +83,14 @@ If you're considering using Pinia please drop a message in the `#frontend` inter ### Weaknesses -- Can't do any advanced GraphQL request handling out of the box (data normalization, polling, caching, etc.) +- Can't do any advanced request handling out of the box (data normalization, polling, caching, etc.) - Can lead to same pitfalls as Vuex without guidance (overblown stores) ### Pick Pinia when you have any of these - Significant percentage of Vue application state is client-side state - Migrating from Vuex is a high priority -- You're not considering using Apollo for client state management +- Your application does not rely primarily on GraphQL API, and you don't plan the migration to GraphQL API in the near future ## Combining Pinia and Apollo diff --git a/doc/integration/advanced_search/elasticsearch.md b/doc/integration/advanced_search/elasticsearch.md index f4080fd7657..13cd9d1264d 100644 --- a/doc/integration/advanced_search/elasticsearch.md +++ b/doc/integration/advanced_search/elasticsearch.md @@ -70,10 +70,23 @@ NOTE: Before you use a new Elasticsearch cluster in production, see the [Elasticsearch documentation on important settings](https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html). -### Elasticsearch access control configuration +### Service-linked role for AWS OpenSearch -Elasticsearch offers role based access control to secure the cluster. To access and perform operations in the -Elasticsearch cluster, the `Username` configured in the Admin UI must have role(s) assigned that grant the following +You must have a [service-linked role](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html) in your AWS account named `AWSServiceRoleForAmazonOpenSearchService` when you create OpenSearch domains. +This role is account wide and is used by **all** OpenSearch domains. + +In most cases, this role is created automatically when you use the AWS Management Console to create the first OpenSearch domain. +To create a service-linked role manually, see the [AWS documentation](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr-aos.html#create-slr). + +### Access requirements + +GitLab supports both [HTTP and role-based authentication methods](#advanced-search-configuration) +depending on your requirements and the backend service you use. + +#### Role-based access control for Elasticsearch + +Elasticsearch can offer role-based access control to further secure a cluster. To access and perform operations in the +Elasticsearch cluster, the `Username` configured in the **Admin** area must have roles that grant the following privileges. The `Username` makes requests from GitLab to the search cluster. For more information, @@ -99,25 +112,41 @@ and [Elasticsearch security privileges](https://www.elastic.co/guide/en/elastics } ``` -### AWS OpenSearch service configuration +#### Access control for AWS OpenSearch -AWS OpenSearch offers multiple methods of access control which are supported by GitLab: +Prerequisites: -- [Domain level access policy](#domain-level-access-policy-configuration) -- Fine-grained access control - - [With IAM ARN as master user](#connecting-with-an-iam-user) - - [With master user](#connecting-with-a-master-user-in-the-internal-database) +- The domain access policy for AWS OpenSearch must allow `es:ESHttp*` actions. -For more details on fine-grained access control see -[recommended configurations](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-recommendations) +GitLab supports the following methods of access control for AWS OpenSearch: -#### Domain level access policy configuration +- [**VPC domain access policy**](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html#vpc-security): where the AWS OpenSearch domain is deployed and accessible in a VPC internally +- [**Resource-based (domain) access policy**](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html#ac-types-resource): where the AWS OpenSearch domain is configured with an IAM policy +- [**Identity-based policy**](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html#ac-types-identity): where clients use IAM principals with policies to configure access -Configure the AWS OpenSearch domain access policy to allow `es:ESHttp*` actions. You can customize -the following example configuration to limit principals or resources: +Advanced options such as [fine-grained access control](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html) are also available. -NOTE: -All `es:ESHttp` actions are required by GitLab. +##### Resource-based policy examples + +Here's an example of a resource-based (domain) access policy where `es:ESHttp*` actions are allowed: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": "*", + "Action": [ + "es:ESHttp*" + ], + "Resource": "arn:aws:es:us-west-1:987654321098:domain/test-domain/*" + } + ] +} +``` + +Here's an example of a resource-based (domain) access policy where `es:ESHttp*` actions are allowed only for a specific IAM principal: ```json { @@ -127,42 +156,41 @@ All `es:ESHttp` actions are required by GitLab. "Effect": "Allow", "Principal": { "AWS": [ - "*" + "arn:aws:iam::123456789012:user/test-user" ] }, "Action": [ "es:ESHttp*" ], - "Resource": "arn:aws:es:REGION:AWS_ACCOUNT_ID:domain/DOMAIN_NAME/*" + "Resource": "arn:aws:es:us-west-1:987654321098:domain/test-domain/*" } ] } ``` -For more information, -see [Identity and Access Management in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html). +#### Identity-based policy examples -##### Service linked role configuration +Here's an example of an identity-based access policy attached to an IAM principal where `es:ESHttp*` actions are allowed: -The GitLab Rails and Sidekiq nodes require permissions to communicate with the search cluster. +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "es:ESHttp*", + ], + "Effect": "Allow", + "Resource": "*" + } + ] +} +``` -Create an IAM role with the following options and attach the role to the GitLab Rails and Sidekiq nodes: +##### Fine-grained access control examples -- Trusted entity type: `AWS Service` for `EC2` service -- Permission policy: `AmazonOpenSearchServiceFullAccess` - -##### Connecting with a domain level access policy only - -When using a domain level access policy, you must check the box **Use AWS OpenSearch Service with IAM credentials** and -fill in **AWS region** while leaving **AWS Access Key** and **AWS Secret Access Key** blank in the advanced search settings. - -NOTE: -Domain level access policy can be used standalone or in addition to fine-grained access control policies. - -#### Fine-grained access control configuration - -To access and perform operations in the AWS OpenSearch cluster, the user in **Username** must have role(s) assigned that -grant the following privileges. This user makes requests from GitLab to the search cluster. +To access and perform operations in the AWS OpenSearch cluster with fine-grained access control, +your GitLab user must have the following privileges. For more information, see [OpenSearch access control permissions](https://opensearch.org/docs/latest/security/access-control/permissions/) @@ -204,19 +232,38 @@ The index pattern `*` requires a few permissions for Advanced search to work. } ``` -##### Connecting with a master user in the internal database +#### Connecting to AWS OpenSearch Service -When using fine-grained access control with a user in the internal database, you should use HTTP basic -authentication to connect to AWS OpenSearch. You can provide the master username and password as part of the -AWS OpenSearch URL or in the **Username** and **Password** text boxes in the advanced search settings. See -[Tutorial: Internal user database and HTTP basic authentication](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac-walkthrough-basic.html) -for details. +Depending on your access requirements, your GitLab user can have: -##### Connecting with an IAM user +- HTTP basic authentication +- Role-based authentication -When using fine-grained access control with IAM credentials, you must check the box **Use AWS OpenSearch Service with -IAM credentials** in the **AWS OpenSearch IAM credentials** section in the advanced search settings. -Provide the **AWS region**, **AWS Access Key**, and **AWS Secret Access Key**. +##### HTTP basic authentication + +By default, GitLab attempts to connect to the configured backend directly without authentication. + +If you created a user for AWS OpenSearch (for example, with fine-grained access control), +you can enter the username and password in the AWS OpenSearch URL or the advanced search settings. +For more information, see the +[AWS documentation](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac-http-auth.html). + +##### Role-based authentication + +To use role-based authentication: + +1. On the left sidebar, at the bottom, select **Admin**. +1. Select **Settings > Search**. +1. Expand **Advanced Search**. +1. In the **AWS OpenSearch IAM credentials** section, + select the **Use AWS OpenSearch Service with IAM credentials** checkbox. +1. Select **Save changes**. + +For an IAM role, you can use: + +- [**The instance profile**](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html): + set **AWS region** only for GitLab to use the IAM role attached to the instance or pod (EKS IRSA). +- **A specific role:** set **AWS region**, **AWS access key ID**, and **AWS Secret access key** for GitLab to use the keys to authenticate directly. ## Upgrade to a new Elasticsearch major version @@ -419,7 +466,7 @@ The following Elasticsearch settings are available: | `Password` | The password of your Elasticsearch instance. | | `Number of Elasticsearch shards and replicas per index` | Elasticsearch indices are split into multiple shards for performance reasons. In general, you should use at least five shards. Indices with tens of millions of documents should have more shards ([see the guidance](#guidance-on-choosing-optimal-cluster-configuration)). Changes to this value do not take effect until you re-create the index. For more information about scalability and resilience, see the [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/scalability.html). Each Elasticsearch shard can have a number of replicas. These replicas are a complete copy of the shard and can provide increased query performance or resilience against hardware failure. Increasing this value increases the total disk space required by the index. You can set the number of shards and replicas for each of the indices. | | `Limit the amount of namespace and project data to index` | When you enable this setting, you can specify namespaces and projects to index. All other namespaces and projects use database search instead. If you enable this setting but do not specify any namespace or project, [only project records are indexed](#all-project-records-are-indexed). For more information, see [Limit the amount of namespace and project data to index](#limit-the-amount-of-namespace-and-project-data-to-index). | -| `Using AWS OpenSearch Service with IAM credentials` | Sign your OpenSearch requests using [AWS IAM authorization](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html), [AWS EC2 Instance Profile Credentials](https://docs.aws.amazon.com/codedeploy/latest/userguide/getting-started-create-iam-instance-profile.html#getting-started-create-iam-instance-profile-cli), or [AWS ECS Tasks Credentials](https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-iam-roles.html). Refer to [Identity and Access Management in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html) for details of AWS hosted OpenSearch domain access policy configuration. | +| `Use AWS OpenSearch Service with IAM credentials` | Sign your OpenSearch requests using [AWS IAM authorization](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html), [AWS EC2 Instance Profile Credentials](https://docs.aws.amazon.com/codedeploy/latest/userguide/getting-started-create-iam-instance-profile.html#getting-started-create-iam-instance-profile-cli), or [AWS ECS Tasks Credentials](https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-iam-roles.html). Refer to [Identity and Access Management in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html) for details of AWS hosted OpenSearch domain access policy configuration. | | `AWS Region` | The AWS region in which your OpenSearch Service is located. | | `AWS Access Key` | The AWS access key. | | `AWS Secret Access Key` | The AWS secret access key. | diff --git a/doc/user/project/import/index.md b/doc/user/project/import/index.md index 634064a9fa0..7069e7fa0f1 100644 --- a/doc/user/project/import/index.md +++ b/doc/user/project/import/index.md @@ -411,7 +411,7 @@ To view project import history: 1. If there are any errors for a particular import, select **Details** to see them. The history also includes projects created from [built-in](../index.md#create-a-project-from-a-built-in-template) -or [custom](../index.md#create-a-project-from-a-built-in-template) +or [custom](../index.md#create-a-project-from-a-custom-template) templates. GitLab uses [import repository by URL](repo_by_url.md) to create a new project from a template. diff --git a/doc/user/project/index.md b/doc/user/project/index.md index f422adc7084..0058ab396a1 100644 --- a/doc/user/project/index.md +++ b/doc/user/project/index.md @@ -10,7 +10,8 @@ DETAILS: **Tier:** Free, Premium, Ultimate **Offering:** GitLab.com, Self-managed, GitLab Dedicated -You can create a project in many ways in GitLab. +You have different options to create a project. You can create a blank project, create a project +from built-in or custom templates, or create a project with `git push`. ## Create a blank project @@ -19,29 +20,25 @@ To create a blank project: 1. On the left sidebar, at the top, select **Create new** (**{plus}**) and **New project/repository**. 1. Select **Create blank project**. 1. Enter the project details: - - In the **Project name** field, enter the name of your project. See the [limitations on project names](../../user/reserved_names.md). - - In the **Project slug** field, enter the path to your project. The GitLab instance uses the - slug as the URL path to the project. To change the slug, first enter the project name, - then change the slug. - - In the **Project deployment target (optional)** field, select your project's deployment target. - This information helps GitLab better understand its users and their deployment requirements. - - To modify the project's [viewing and access rights](../public_access.md) for - users, change the **Visibility Level**. - - To create README file so that the Git repository is initialized, has a default branch, and - can be cloned, select **Initialize repository with a README**. - - To analyze the source code in the project for known security vulnerabilities, - select **Enable Static Application Security Testing (SAST)**. + 1. **Project name**: Enter the name of your project. + See the [limitations on project names](../../user/reserved_names.md#limitations-on-usernames-project-and-group-names-and-slugs). + 1. **Project slug**: Enter the path to your project. GitLab uses the slug as the URL path. + 1. **Project deployment target (optional)**: If you want to deploy your project to specific environment, + select the relevant deployment target. + 1. **Visibility Level**: Select the appropriate visibility level. + See the [viewing and access rights](../public_access.md) for users. + 1. **Initialize repository with a README**: Select this option to initialize the Git repository, + create a default branch, and enable cloning of this project's repository. + 1. **Enable Static Application Security Testing (SAST)**: Select this option to analyze the + source code for known security vulnerabilities. 1. Select **Create project**. ## Create a project from a built-in template -A built-in project template populates a new project with files to get you started. -Built-in templates are sourced from the following groups: - -- [`project-templates`](https://gitlab.com/gitlab-org/project-templates) -- [`pages`](https://gitlab.com/pages) - -Anyone can [contribute a built-in template](../../development/project_templates.md). +Built-in templates populate a new project with files to help you get started. +These templates are sourced from the [`project-templates`](https://gitlab.com/gitlab-org/project-templates) +and [`pages`](https://gitlab.com/pages) groups. +Anyone can [contribute to built-in project templates](../../development/project_templates.md). To create a project from a built-in template: @@ -49,56 +46,26 @@ To create a project from a built-in template: 1. Select **Create from template**. 1. Select the **Built-in** tab. 1. From the list of templates: - - To view a preview of the template, select **Preview**. - - To use a template for the project, select **Use template**. + - To preview a template, select **Preview**. + - To use a template, select **Use template**. 1. Enter the project details: - - In the **Project name** field, enter the name of your project. The name must start with a lowercase or uppercase letter (`a-zA-Z`), digit (`0-9`), emoji, or underscore (`_`). It can also contain dots (`.`), pluses (`+`), dashes (`-`), or spaces. - - In the **Project slug** field, enter the path to your project. The GitLab instance uses the - slug as the URL path to the project. To change the slug, first enter the project name, - then change the slug. - - In the **Project description (optional)** field, enter the description of your project's dashboard. The description is limited to 500 characters. - - To modify the project's [viewing and access rights](../public_access.md) for users, - change the **Visibility Level**. + - **Project name**: Enter the name of your project. + - **Project slug**: Enter the path to your project. GitLab uses the slug as the URL path. + - **Project description (optional)** Enter a description for your project. + The character limit is 500. + - **Visibility Level**: Select the appropriate visibility level. + See the [viewing and access rights](../public_access.md) for users. 1. Select **Create project**. -Users who create projects [from a template](#create-a-project-from-a-built-in-template) or [by importing them](settings/import_export.md#import-a-project-and-its-data) are -displayed as the author of the imported items, which keep the original timestamp from the template or import. For this reason, the creation date of imported items can be -older than the creation date of the user's account. This can make items appear to have been created by a user before they even had an account. +NOTE: +If a user creates a project from a template, or [imports a project](settings/import_export.md#import-a-project-and-its-data), +they are shown as the author of the imported items, which retain the original timestamp from the template or import. +This can make items appear as if they were created before the user's account existed. -Imported objects are labeled as `By on `. Before GitLab 17.1, the label was suffixed with `(imported from GitLab)`. +Imported objects are labeled as `By on `. +Before GitLab 17.1, the label was suffixed with `(imported from GitLab)`. -## Create a project from a custom template - -DETAILS: -**Tier:** Premium, Ultimate -**Offering:** GitLab.com, Self-managed, GitLab Dedicated - -Custom project templates are available at: - -- The [instance-level](../../administration/custom_project_templates.md) -- The [group-level](../../user/group/custom_project_templates.md) - -1. On the left sidebar, at the top, select **Create new** (**{plus}**) and **New project/repository**. -1. Select **Create from template**. -1. Select the **Instance** or **Group** tab. -1. From the list of templates: - - To view a preview of the template, select **Preview**. - - To use a template for the project, select **Use template**. -1. Enter the project details: - - In the **Project name** field, enter the name of your project. The name must start with a lowercase or uppercase letter (`a-zA-Z`), digit (`0-9`), emoji, or underscore (`_`). It can also contain dots (`.`), pluses (`+`), dashes (`-`), or spaces. - - In the **Project slug** field, enter the path to your project. The GitLab instance uses the - slug as the URL path to the project. To change the slug, first enter the project name, - then change the slug. - - The description of your project's dashboard in the **Project description (optional)** field. The description is limited to 500 characters. - - To modify the project's [viewing and access rights](../public_access.md) for users, - change the **Visibility Level**. -1. Select **Create project**. - -## Create a project from the HIPAA Audit Protocol template - -DETAILS: -**Tier:** Ultimate -**Offering:** GitLab.com, Self-managed, GitLab Dedicated +### Create a project from the HIPAA Audit Protocol template The HIPAA Audit Protocol template contains issues for audit inquiries in the HIPAA Audit Protocol published by the U.S Department of Health and Human Services. @@ -109,31 +76,95 @@ To create a project from the HIPAA Audit Protocol template: 1. Select **Create from template**. 1. Select the **Built-in** tab. 1. Locate the **HIPAA Audit Protocol** template: - - To view a preview of the template, select **Preview**. - - To use the template for the project, select **Use template**. + - To preview the template, select **Preview**. + - To use the template, select **Use template**. 1. Enter the project details: - - In the **Project name** field, enter the name of your project. The name must start with a lowercase or uppercase letter (`a-zA-Z`), digit (`0-9`), emoji, or underscore (`_`). It can also contain dots (`.`), pluses (`+`), dashes (`-`), or spaces. - - In the **Project slug** field, enter the path to your project. The GitLab instance uses the - slug as the URL path to the project. To change the slug, first enter the project name, - then change the slug. - - In the **Project description (optional)** field, enter the description of your project's dashboard. The description is limited to 500 characters. - - To modify the project's [viewing and access rights](../public_access.md) for users, - change the **Visibility Level**. + - **Project name**: Enter the name of your project. + - **Project slug**: Enter the path to your project. GitLab uses the slug as the URL path. + - **Project description (optional)** Enter a description for your project. + The character limit is 500. + - **Visibility Level**: Select the appropriate visibility level. + See the [viewing and access rights](../public_access.md) for users. 1. Select **Create project**. -## Create a new project with Git push +## Create a project from a custom template -Use `git push` to push a local project repository to GitLab. After you push a repository, +Custom project templates are available for your [instance](../../administration/custom_project_templates.md) +and [group](../../user/group/custom_project_templates.md). + +To create a project from a custom template: + +1. On the left sidebar, at the top, select **Create new** (**{plus}**) and **New project/repository**. +1. Select **Create from template**. +1. Select the **Instance** or **Group** tab. +1. From the list of templates: + - To preview the template, select **Preview**. + - To use a template, select **Use template**. +1. Enter the project details: + - **Project name**: Enter the name of your project. + - **Project slug**: Enter the path to your project. GitLab uses the slug as the URL path. + - **Project description (optional)** Enter a description for your project. The character limit is 500. + - **Visibility Level**: Select the appropriate visibility level. + See the [viewing and access rights](../public_access.md) for users. +1. Select **Create project**. + +## Create a project that uses SHA-256 hashing + +DETAILS: +**Status:** Experiment + +> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/794) in GitLab 16.9 [with a flag](../../administration/feature_flags.md) +> - named `support_sha256_repositories`. Disabled by default. This feature is an [experiment](../../policy/experiment-beta-support.md#experiment). + +FLAG: +The availability of this feature is controlled by a feature flag. +For more information, see the history. +This feature is available for testing, but not ready for production use. + +You can select SHA-256 hashing for a project only when you create the project. +Git does not support migrating to SHA-256 later, or migrating back to SHA-1. + +To create a project that uses SHA-256 hashing: + +1. On the left sidebar, at the top, select **Create new** (**{plus}**) and **New project/repository**. +1. Enter the project details: + - **Project name**: Enter the name of your project. + - **Project slug**: Enter the path to your project. GitLab uses the slug as the URL path. + - **Project description (optional)** Enter a description for your project. The character limit is 500. + - **Visibility Level**: Select the appropriate visibility level. + See the [viewing and access rights](../public_access.md) for users. +1. In the **Project Configuration** area, expand the **Experimental settings**. +1. Select **Use SHA-256 as the repository hashing algorithm**. +1. Select **Create project**. + +### Why SHA-256? + +By default, Git uses the SHA-1 [hashing algorithm](https://handbook.gitlab.com/handbook/security/cryptographic-standard/#algorithmic-standards) +to generate a 40-character +ID for objects such as commits, blobs, trees, and tags. The SHA-1 algorithm was proven to be insecure when +[Google was able to produce a hash collision](https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html). +The Git project is not yet impacted by these +kinds of attacks because of the way Git stores objects. + +In SHA-256 repositories, the algorithm generates a 64-character ID instead of a 40-character ID. +The Git project determined that the SHA-256 feature is safe to use when they +[removed the experimental label](https://github.com/git/git/blob/master/Documentation/RelNotes/2.42.0.txt#L41-L45). + +Federal regulations, such as NIST and CISA [guidelines](https://csrc.nist.gov/projects/hash-functions/nist-policy-on-hash-functions), +which [FedRamp](https://www.fedramp.gov/) enforces, have set a due date in 2030 to stop using SHA-1 and +encourage agencies to move away from SHA-1 earlier, if possible. + +## Create a project with `git push` + +Use `git push` to add a local project repository to GitLab. After you add a repository, GitLab creates your project in your chosen namespace. -You cannot use `git push` to create projects with project paths that: +You cannot use `git push` to create projects with paths that have been used previously +or [renamed](working_with_projects.md#rename-a-repository). -- Have previously been used. -- Have been [renamed](working_with_projects.md#rename-a-repository). - -Previously used project paths have a redirect. The redirect causes push attempts to redirect requests -to the renamed project location, instead of creating a new project. To create a new project for a previously -used or renamed project, use the UI or the [Projects API](../../api/projects.md#create-project). +Previously used project paths have a redirect. Instead of creating a new project, the redirect causes +push attempts to redirect requests to the renamed project location. +To create a new project for a previously used or renamed project, use the UI or the [Projects API](../../api/projects.md#create-project). Prerequisites: @@ -143,84 +174,52 @@ Prerequisites: 1. On the left sidebar, select **Search or go to** and find your group. 1. In the upper-right corner, confirm that **New project** is visible. - Contact your GitLab administrator if you require permission. -To push your repository and create a project: +If you do not have the necessary permission, contact your GitLab administrator. -1. Push with SSH or HTTPS: - - To push with SSH: +To create a project with `git push`: - ```shell - # Use this version if your project uses the standard port 22 - $ git push --set-upstream git@gitlab.example.com:namespace/myproject.git main +1. In your local repository, push either: - # Use this version if your project requires a non-standard port number - $ git push --set-upstream ssh://git@gitlab.example.com:00/namespace/myproject.git main - ``` + - With SSH, by running: - - To push with HTTPS: + ```shell + # Use this version if your project uses the standard port 22 + $ git push --set-upstream git@gitlab.example.com:namespace/myproject.git main - ```shell - git push --set-upstream https://gitlab.example.com/namespace/myproject.git master - ``` + # Use this version if your project requires a non-standard port number + $ git push --set-upstream ssh://git@gitlab.example.com:00/namespace/myproject.git main + ``` - - For `gitlab.example.com`, use the domain name of the machine that hosts your Git repository. - - For `namespace`, use the name of your [namespace](../namespace/index.md). - - For `myproject`, use the name of your project. - - If specifying a port, change `00` to your project's required port number. - - Optional. To export existing repository tags, append the `--tags` flag to your `git push` command. -1. Optional. To configure the remote: + - With HTTP, by running: + + ```shell + git push --set-upstream https://gitlab.example.com/namespace/myproject.git master + ``` + + In the commands above: + + - Replace `gitlab.example.com` with the machine domain name hosts your Git repository. + - Replace `namespace` with your [namespace](../namespace/index.md) name. + - Replace `myproject` with your project name. + - If specifying a port, change `00` to your project's required port number. + - Optional. To export existing repository tags, append the `--tags` flag to your `git push` command. + +1. Optional. Configure the remote: ```shell git remote add origin https://gitlab.example.com/namespace/myproject.git ``` -When the push completes, GitLab displays the message: +When the push completes, GitLab displays the following message: ```shell remote: The private project namespace/myproject was created. ``` To view your new project, go to `https://gitlab.example.com/namespace/myproject`. -Your project's visibility is set to **Private** by default. To change project visibility, adjust your -[project's settings](../public_access.md#change-project-visibility). - -## Create a project that uses SHA-256 hashing - -DETAILS: -**Status:** Experiment - -> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/794) in GitLab 16.9. This feature is an [experiment](../../policy/experiment-beta-support.md#experiment). - -FLAG: -On self-managed GitLab, by default this feature is not available. -To make it available, an administrator can enable the [feature flag](../../administration/feature_flags.md) named `support_sha256_repositories`. - -You can select SHA-256 hashing for a project only when you create the project. - -To create a project that uses SHA-256 hashing: - -1. On the left sidebar, at the top, select **Create new** (**{plus}**) and **New project/repository**. -1. Select **Create blank project** and fill out the project's details as usual. For more information on project details, see [Create a blank project](#create-a-blank-project). -1. In the **Project Configuration** area, click on **Experimental settings** to - expand the accordion. -1. Select **Use SHA-256 as the repository hashing algorithm**. -1. Select **Create project**. - -WARNING: -Git does not support migrating to SHA-256 later, or migrating back to SHA-1. - -### Why SHA-256? - -By default, Git uses the SHA-1 [hashing algorithm](https://handbook.gitlab.com/handbook/security/cryptographic-standard/#algorithmic-standards) to generate a 40-character -ID for objects such as commits, blobs, trees, and tags. The SHA-1 algorithm was proven to be insecure when -[Google was able to produce a hash collision](https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html). The Git project is not yet impacted by these -kinds of attacks because of the way Git stores objects. However, it is only a matter of time until new attacks on SHA-1 are found that impact Git. - -In SHA-256 repositories, the algorithm generates a 64-character ID instead of a 40-character ID. The Git project determined that the SHA-256 feature is safe to use when they [removed the experimental label](https://github.com/git/git/blob/master/Documentation/RelNotes/2.42.0.txt#L41-L45). - -Federal regulations, such as NIST and CISA [guidelines](https://csrc.nist.gov/projects/hash-functions/nist-policy-on-hash-functions) (which -[FedRamp](https://www.fedramp.gov/) enforces), have set a due date in 2030 to stop using SHA-1 and encourage agencies using SHA-1 to move away from it sooner, if possible. +By default, your project's visibility is set to **Private**, +but you can [change the project's visibility](../public_access.md#change-project-visibility). ## Related topics diff --git a/doc/user/workspace/set_up_workspaces_proxy.md b/doc/user/workspace/set_up_workspaces_proxy.md index f80f42d2061..11e826eb621 100644 --- a/doc/user/workspace/set_up_workspaces_proxy.md +++ b/doc/user/workspace/set_up_workspaces_proxy.md @@ -144,7 +144,7 @@ To create a configuration secret for the proxy: ```shell helm repo add gitlab-workspaces-proxy \ - https://gitlab.com/api/v4/projects/gitlab-org%2fremote-development%2fgitlab-workspaces-proxy/packages/helm/devel + https://gitlab.com/api/v4/projects/gitlab-org%2fworkspaces%2fgitlab-workspaces-proxy/packages/helm/devel ``` 1. Modify the `ingress.className` parameter if you're using a different Ingress class: @@ -154,7 +154,7 @@ To create a configuration secret for the proxy: helm upgrade --install gitlab-workspaces-proxy \ gitlab-workspaces-proxy/gitlab-workspaces-proxy \ - --version 0.1.13 \ + --version 0.1.14 \ --namespace=gitlab-workspaces \ --create-namespace \ --set="auth.client_id=${CLIENT_ID}" \ diff --git a/lib/api/concerns/virtual_registries/packages/maven/cached_response_endpoints.rb b/lib/api/concerns/virtual_registries/packages/maven/cached_response_endpoints.rb new file mode 100644 index 00000000000..db2a170a5cf --- /dev/null +++ b/lib/api/concerns/virtual_registries/packages/maven/cached_response_endpoints.rb @@ -0,0 +1,90 @@ +# frozen_string_literal: true + +module API + module Concerns + module VirtualRegistries + module Packages + module Maven + module CachedResponseEndpoints + extend ActiveSupport::Concern + + included do + include ::API::PaginationParams + + helpers do + def cached_responses + upstream.cached_responses.search_by_relative_path(params[:search]) + end + + def cached_response + upstream.cached_responses.find_by_relative_path!(declared_params[:cached_response_id]) + end + end + + desc 'List maven virtual registry upstream cached responses' do + detail 'This feature was introduced in GitLab 17.4. \ + This feature is currently in an experimental state. \ + This feature is behind the `virtual_registry_maven` feature flag.' + success Entities::VirtualRegistries::Packages::Maven::CachedResponse + failure [ + { code: 400, message: 'Bad Request' }, + { code: 401, message: 'Unauthorized' }, + { code: 403, message: 'Forbidden' }, + { code: 404, message: 'Not found' } + ] + tags %w[maven_virtual_registries] + is_array true + hidden true + end + params do + optional :search, type: String, desc: 'Search query', documentation: { example: 'foo/bar/mypkg' } + use :pagination + end + get do + authorize! :read_virtual_registry, registry + + # TODO: refactor this when we support multiple upstreams. + # https://gitlab.com/gitlab-org/gitlab/-/issues/480461 + not_found! if upstream&.id != params[:upstream_id] + + present paginate(cached_responses), with: Entities::VirtualRegistries::Packages::Maven::CachedResponse + end + + desc 'Delete a maven virtual registry upstream cached response' do + detail 'This feature was introduced in GitLab 17.4. \ + This feature is currently in an experimental state. \ + This feature is behind the `virtual_registry_maven` feature flag.' + success code: 204 + failure [ + { code: 400, message: 'Bad Request' }, + { code: 401, message: 'Unauthorized' }, + { code: 403, message: 'Forbidden' }, + { code: 404, message: 'Not found' } + ] + tags %w[maven_virtual_registries] + hidden true + end + params do + requires :cached_response_id, type: String, coerce_with: Base64.method(:urlsafe_decode64), + desc: 'The base64 encoded relative path of the cached response', + documentation: { example: 'Zm9vL2Jhci9teXBrZy5wb20=' } + end + + delete '*cached_response_id' do + authorize! :destroy_virtual_registry, registry + + # TODO: refactor this when we support multiple upstreams. + # https://gitlab.com/gitlab-org/gitlab/-/issues/480461 + not_found! if upstream&.id != params[:upstream_id] + + destroy_conditionally!(cached_response) do |cached_response| + render_validation_error!(cached_response) unless cached_response.update(upstream: nil) + end + end + end + end + end + end + end + end +end diff --git a/lib/api/concerns/virtual_registries/packages/maven/upstream_endpoints.rb b/lib/api/concerns/virtual_registries/packages/maven/upstream_endpoints.rb index 647179ff669..4ee9c693cd4 100644 --- a/lib/api/concerns/virtual_registries/packages/maven/upstream_endpoints.rb +++ b/lib/api/concerns/virtual_registries/packages/maven/upstream_endpoints.rb @@ -84,6 +84,8 @@ module API get do authorize! :read_virtual_registry, registry + # TODO: refactor this when we support multiple upstreams. + # https://gitlab.com/gitlab-org/gitlab/-/issues/480461 not_found! if upstream&.id != params[:upstream_id] present upstream, with: Entities::VirtualRegistries::Packages::Maven::Upstream @@ -137,6 +139,8 @@ module API delete do authorize! :destroy_virtual_registry, registry + # TODO: refactor this when we support multiple upstreams. + # https://gitlab.com/gitlab-org/gitlab/-/issues/480461 not_found! if upstream&.id != params[:upstream_id] destroy_conditionally!(upstream) diff --git a/lib/api/entities/virtual_registries/packages/maven/cached_response.rb b/lib/api/entities/virtual_registries/packages/maven/cached_response.rb new file mode 100644 index 00000000000..a3c239b4e3f --- /dev/null +++ b/lib/api/entities/virtual_registries/packages/maven/cached_response.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +module API + module Entities + module VirtualRegistries + module Packages + module Maven + class CachedResponse < Grape::Entity + expose :cached_response_id do |cached_response, _options| + Base64.urlsafe_encode64(cached_response.relative_path) + end + + expose :group_id, :upstream_id, :upstream_checked_at, :file, :size, :downloaded_at, + :downloads_count, :relative_path, :upstream_etag, :content_type, :created_at, :updated_at + end + end + end + end + end +end diff --git a/lib/api/virtual_registries/packages/maven.rb b/lib/api/virtual_registries/packages/maven.rb index d03ab77f6d0..2fd27eac5e9 100644 --- a/lib/api/virtual_registries/packages/maven.rb +++ b/lib/api/virtual_registries/packages/maven.rb @@ -5,7 +5,6 @@ module API module Packages class Maven < ::API::Base include ::API::Helpers::Authentication - include ::API::Concerns::VirtualRegistries::Packages::Endpoint feature_category :virtual_registry urgency :low @@ -52,6 +51,12 @@ module API route_param :id, type: Integer, desc: 'The ID of the maven virtual registry' do namespace :upstreams do include ::API::Concerns::VirtualRegistries::Packages::Maven::UpstreamEndpoints + + route_param :upstream_id, type: Integer, desc: 'The ID of the maven virtual registry upstream' do + namespace :cached_responses do + include ::API::Concerns::VirtualRegistries::Packages::Maven::CachedResponseEndpoints + end + end end end end @@ -82,15 +87,19 @@ module API desc: 'Package path', documentation: { example: 'foo/bar/mypkg/1.0-SNAPSHOT/mypkg-1.0-SNAPSHOT.jar' } end - get ':id/*path', format: false do - service_response = ::VirtualRegistries::Packages::Maven::HandleFileRequestService.new( - registry: registry, - current_user: current_user, - params: { path: declared_params[:path] } - ).execute + namespace ':id/*path' do + include ::API::Concerns::VirtualRegistries::Packages::Endpoint - send_error_response_from!(service_response: service_response) if service_response.error? - send_successful_response_from(service_response: service_response) + get format: false do + service_response = ::VirtualRegistries::Packages::Maven::HandleFileRequestService.new( + registry: registry, + current_user: current_user, + params: { path: params[:path] } + ).execute + + send_error_response_from!(service_response: service_response) if service_response.error? + send_successful_response_from(service_response: service_response) + end end end end diff --git a/lib/container_registry/path.rb b/lib/container_registry/path.rb index 9e5d8347b53..73f728668cf 100644 --- a/lib/container_registry/path.rb +++ b/lib/container_registry/path.rb @@ -16,8 +16,14 @@ module ContainerRegistry LEVELS_SUPPORTED = 3 - def initialize(path) + attr_reader :project + + # The 'project' argument is optional. + # If provided during initialization, it will limit the path to the specified project, + # potentially reducing the need for a database query. + def initialize(path, project: nil) @path = path.to_s.downcase + @project = project end def valid? diff --git a/lib/gitlab/checks/file_size_check/hook_environment_aware_any_oversized_blobs.rb b/lib/gitlab/checks/file_size_check/hook_environment_aware_any_oversized_blobs.rb index 952def83658..0e0f3d09ee1 100644 --- a/lib/gitlab/checks/file_size_check/hook_environment_aware_any_oversized_blobs.rb +++ b/lib/gitlab/checks/file_size_check/hook_environment_aware_any_oversized_blobs.rb @@ -39,6 +39,8 @@ module Gitlab end def ignore_alternate_directories? + return false if Feature.enabled?(:dont_ignore_alternate_directories, project) + git_env = ::Gitlab::Git::HookEnv.all(repository.gl_repository) git_env['GIT_OBJECT_DIRECTORY_RELATIVE'].present? diff --git a/lib/gitlab/kas/client.rb b/lib/gitlab/kas/client.rb index 3aa9655f44e..8fba8e7382e 100644 --- a/lib/gitlab/kas/client.rb +++ b/lib/gitlab/kas/client.rb @@ -7,6 +7,7 @@ module Gitlab JWT_AUDIENCE = 'gitlab-kas' STUB_CLASSES = { + server_info: Gitlab::Agent::ServerInfo::Rpc::ServerInfo::Stub, agent_tracker: Gitlab::Agent::AgentTracker::Rpc::AgentTracker::Stub, configuration_project: Gitlab::Agent::ConfigurationProject::Rpc::ConfigurationProject::Stub, autoflow: Gitlab::Agent::AutoFlow::Rpc::AutoFlow::Stub, @@ -20,6 +21,18 @@ module Gitlab raise ConfigurationError, 'KAS internal URL is not configured' unless Gitlab::Kas.internal_url.present? end + # Return GitLab KAS server info + # This method only returns information about a single KAS server instance without taking into account + # that there are potentially multiple KAS replicas running, which may not have the same server info. + # This is particularly the case during a rollout. + def get_server_info + request = Gitlab::Agent::ServerInfo::Rpc::GetServerInfoRequest.new + + stub_for(:server_info) + .get_server_info(request, metadata: metadata) + .current_server_info + end + def get_connected_agents_by_agent_ids(agent_ids:) request = Gitlab::Agent::AgentTracker::Rpc::GetConnectedAgentsByAgentIDsRequest.new(agent_ids: agent_ids) diff --git a/spec/frontend/deploy_freeze/components/deploy_freeze_table_spec.js b/spec/frontend/deploy_freeze/components/deploy_freeze_table_spec.js index de92d96f977..e7d96502711 100644 --- a/spec/frontend/deploy_freeze/components/deploy_freeze_table_spec.js +++ b/spec/frontend/deploy_freeze/components/deploy_freeze_table_spec.js @@ -46,10 +46,8 @@ describe('Deploy freeze table', () => { describe('Renders correct data', () => { it('displays empty', () => { expect(findEmptyFreezePeriods().exists()).toBe(true); - expect(findEmptyFreezePeriods().text()).toBe( - `No deploy freezes exist for this project. To add one, select - Add deploy freeze - above.`, + expect(findEmptyFreezePeriods().text()).toMatchInterpolatedText( + 'No deploy freezes exist for this project. To add one, select Add deploy freeze above.', ); }); diff --git a/spec/lib/api/entities/virtual_registries/packages/maven/cached_response_spec.rb b/spec/lib/api/entities/virtual_registries/packages/maven/cached_response_spec.rb new file mode 100644 index 00000000000..807ac8c33ff --- /dev/null +++ b/spec/lib/api/entities/virtual_registries/packages/maven/cached_response_spec.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe API::Entities::VirtualRegistries::Packages::Maven::CachedResponse, feature_category: :virtual_registry do + let(:cached_response) { build_stubbed(:virtual_registries_packages_maven_cached_response) } + + subject { described_class.new(cached_response).as_json } + + it do + is_expected.to include(:cached_response_id, :group_id, :upstream_id, :upstream_checked_at, :created_at, :updated_at, + :file, :size, :downloaded_at, :downloads_count, :relative_path, :upstream_etag, :content_type) + end +end diff --git a/spec/lib/container_registry/path_spec.rb b/spec/lib/container_registry/path_spec.rb index c9fa3ec690b..e6b46907dd1 100644 --- a/spec/lib/container_registry/path_spec.rb +++ b/spec/lib/container_registry/path_spec.rb @@ -160,6 +160,17 @@ RSpec.describe ContainerRegistry::Path do end end + context 'when initialized with a project' do + subject { described_class.new(path, project: project) } + + let(:project) { create(:project) } + let(:path) { 'any_path' } + + it 'returns initialized project' do + expect(subject.repository_project).to eq project + end + end + context 'when matching multi-level path' do let(:project) do create(:project, group: group, path: 'some_project') diff --git a/spec/lib/gitlab/checks/file_size_check/hook_environment_aware_any_oversized_blobs_spec.rb b/spec/lib/gitlab/checks/file_size_check/hook_environment_aware_any_oversized_blobs_spec.rb index 376b339b36a..a2bbcb724e3 100644 --- a/spec/lib/gitlab/checks/file_size_check/hook_environment_aware_any_oversized_blobs_spec.rb +++ b/spec/lib/gitlab/checks/file_size_check/hook_environment_aware_any_oversized_blobs_spec.rb @@ -15,6 +15,10 @@ RSpec.describe Gitlab::Checks::FileSizeCheck::HookEnvironmentAwareAnyOversizedBl let(:changes) { [{ newrev: 'master' }] } + before do + stub_feature_flags(dont_ignore_alternate_directories: false) + end + describe '#find' do subject { any_quarantined_blobs.find } diff --git a/spec/lib/gitlab/kas/client_spec.rb b/spec/lib/gitlab/kas/client_spec.rb index 0e0a80903bf..ef88a159a99 100644 --- a/spec/lib/gitlab/kas/client_spec.rb +++ b/spec/lib/gitlab/kas/client_spec.rb @@ -45,6 +45,30 @@ RSpec.describe Gitlab::Kas::Client do allow(token).to receive(:audience=).with(described_class::JWT_AUDIENCE) end + describe '#get_server_info' do + let(:stub) { instance_double(Gitlab::Agent::ServerInfo::Rpc::ServerInfo::Stub) } + let(:request) { instance_double(Gitlab::Agent::ServerInfo::Rpc::GetServerInfoRequest) } + let(:server_info) { double } + let(:response) { double(Gitlab::Agent::ServerInfo::Rpc::GetServerInfoResponse, current_server_info: server_info) } + + subject { described_class.new.get_server_info } + + before do + expect(Gitlab::Agent::ServerInfo::Rpc::ServerInfo::Stub).to receive(:new) + .with('example.kas.internal', :this_channel_is_insecure, timeout: described_class::TIMEOUT) + .and_return(stub) + + expect(Gitlab::Agent::ServerInfo::Rpc::GetServerInfoRequest).to receive(:new) + .and_return(request) + + expect(stub).to receive(:get_server_info) + .with(request, metadata: { 'authorization' => 'bearer test-token' }) + .and_return(response) + end + + it { is_expected.to eq(server_info) } + end + describe '#get_connected_agents_by_agent_ids' do let(:stub) { instance_double(Gitlab::Agent::AgentTracker::Rpc::AgentTracker::Stub) } let(:request) { instance_double(Gitlab::Agent::AgentTracker::Rpc::GetConnectedAgentsByAgentIDsRequest) } diff --git a/spec/models/integrations/matrix_spec.rb b/spec/models/integrations/matrix_spec.rb index 59b0c06860f..ec3c3bf61b1 100644 --- a/spec/models/integrations/matrix_spec.rb +++ b/spec/models/integrations/matrix_spec.rb @@ -8,7 +8,8 @@ RSpec.describe Integrations::Matrix, feature_category: :integrations do { body: be_present, msgtype: 'm.text', - format: 'org.matrix.custom.html' + format: 'org.matrix.custom.html', + formatted_body: be_present } end end @@ -54,4 +55,44 @@ RSpec.describe Integrations::Matrix, feature_category: :integrations do end end end + + describe '#notify' do + let(:message) { instance_double(Integrations::ChatMessage::PushMessage, summary: '_Test message') } + let(:header) { { 'Content-Type' => 'application/json' } } + let(:response) { instance_double(HTTParty::Response, success?: true) } + let(:body) do + { + body: '_Test message', + msgtype: 'm.text', + format: 'org.matrix.custom.html', + formatted_body: Banzai.render_and_post_process('_Test message', context) + }.compact_blank + end + + before do + allow(Gitlab::HTTP).to receive(:put).and_return(response) + end + + context 'with project-level integration' do + let(:subject) { create(:matrix_integration) } + let(:context) { { project: subject.project } } + + it 'sends PUT request with `project` context' do + expect(Gitlab::HTTP).to receive(:put).with(anything, headers: header, body: Gitlab::Json.dump(body)) + + subject.send(:notify, message, {}) + end + end + + context 'without project-level integration' do + let(:subject) { create(:matrix_integration, :instance) } + let(:context) { { skip_project_check: true } } + + it 'sends PUT request with `skip_project_check` context' do + expect(Gitlab::HTTP).to receive(:put).with(anything, headers: header, body: Gitlab::Json.dump(body)) + + subject.send(:notify, message, {}) + end + end + end end diff --git a/spec/models/virtual_registries/packages/maven/cached_response_spec.rb b/spec/models/virtual_registries/packages/maven/cached_response_spec.rb index 2c137016410..b4cd3e176e9 100644 --- a/spec/models/virtual_registries/packages/maven/cached_response_spec.rb +++ b/spec/models/virtual_registries/packages/maven/cached_response_spec.rb @@ -99,4 +99,19 @@ RSpec.describe VirtualRegistries::Packages::Maven::CachedResponse, type: :model, end end end + + describe '.search_by_relative_path' do + let_it_be(:cached_response) { create(:virtual_registries_packages_maven_cached_response) } + let_it_be(:other_cached_response) do + create(:virtual_registries_packages_maven_cached_response, relative_path: 'other/path') + end + + subject { described_class.search_by_relative_path(relative_path) } + + context 'with a matching relative path' do + let(:relative_path) { cached_response.relative_path.slice(3, 8) } + + it { is_expected.to contain_exactly(cached_response) } + end + end end diff --git a/spec/requests/api/virtual_registries/packages/maven_spec.rb b/spec/requests/api/virtual_registries/packages/maven_spec.rb index 14a00c31b65..244db3879df 100644 --- a/spec/requests/api/virtual_registries/packages/maven_spec.rb +++ b/spec/requests/api/virtual_registries/packages/maven_spec.rb @@ -10,6 +10,10 @@ RSpec.describe API::VirtualRegistries::Packages::Maven, feature_category: :virtu let_it_be(:group) { create(:group) } let_it_be_with_reload(:registry) { create(:virtual_registries_packages_maven_registry, group: group) } let_it_be(:upstream) { create(:virtual_registries_packages_maven_upstream, registry: registry) } + let_it_be_with_reload(:cached_response) do + create(:virtual_registries_packages_maven_cached_response, upstream: upstream) + end + let_it_be(:project) { create(:project, namespace: group) } let_it_be(:user) { create(:user, owner_of: project) } let_it_be(:job) { create(:ci_build, :running, user: user, project: project) } @@ -967,6 +971,213 @@ RSpec.describe API::VirtualRegistries::Packages::Maven, feature_category: :virtu end end + describe 'GET /api/v4/virtual_registries/packages/maven/registries/:id/upstreams/:upstream_id/cached_responses' do + let(:upstream_id) { upstream.id } + let(:url) do + "/virtual_registries/packages/maven/registries/#{registry.id}/upstreams/#{upstream_id}/cached_responses" + end + + subject(:api_request) { get api(url), headers: headers } + + shared_examples 'successful response' do + it 'returns a successful response' do + api_request + + expect(response).to have_gitlab_http_status(:ok) + expect(Gitlab::Json.parse(response.body)).to contain_exactly( + cached_response + .as_json + .merge('cached_response_id' => Base64.urlsafe_encode64(cached_response.relative_path)) + .except('id', 'object_storage_key', 'file_store') + ) + end + end + + it { is_expected.to have_request_urgency(:low) } + + it_behaves_like 'disabled feature flag' + it_behaves_like 'disabled dependency proxy' + it_behaves_like 'not authenticated user' + + context 'with invalid upstream' do + where(:upstream_id, :status) do + non_existing_record_id | :not_found + 'foo' | :bad_request + '' | :bad_request + end + + with_them do + it_behaves_like 'returning response status', params[:status] + end + end + + context 'with a non-member user' do + let_it_be(:user) { create(:user) } + + where(:group_access_level, :status) do + 'PUBLIC' | :forbidden + 'INTERNAL' | :forbidden + 'PRIVATE' | :forbidden + end + + with_them do + before do + group.update!(visibility_level: Gitlab::VisibilityLevel.const_get(group_access_level, false)) + end + + it_behaves_like 'returning response status', params[:status] + end + end + + context 'for authentication' do + where(:token, :sent_as, :status) do + :personal_access_token | :header | :ok + :personal_access_token | :basic_auth | :ok + :deploy_token | :header | :ok + :deploy_token | :basic_auth | :ok + :job_token | :header | :ok + :job_token | :basic_auth | :ok + end + + with_them do + let(:headers) do + case sent_as + when :header + token_header(token) + when :basic_auth + token_basic_auth(token) + end + end + + it_behaves_like 'returning response status', params[:status] + end + end + + context 'for search param' do + let(:url) { "#{super()}?search=#{search}" } + let(:valid_search) { cached_response.relative_path.slice(0, 5) } + + where(:search, :status) do + ref(:valid_search) | :ok + 'foo' | :empty + '' | :ok + nil | :ok + end + + with_them do + if params[:status] == :ok + it_behaves_like 'successful response' + else + it 'returns an empty array' do + api_request + + expect(json_response).to eq([]) + end + end + end + end + end + + describe 'DELETE /api/v4/virtual_registries/packages/maven/registries/:id/upstreams/' \ + ':upstream_id/cached_responses/:cached_response_id' do + let(:cached_response_id) { Base64.urlsafe_encode64(cached_response.relative_path) } + let(:url) do + "/virtual_registries/packages/maven/registries/#{registry.id}/upstreams/#{upstream.id}/" \ + "cached_responses/#{cached_response_id}" + end + + subject(:api_request) { delete api(url), headers: headers } + + shared_examples 'successful response' do + it 'returns a successful response' do + expect { api_request }.to change { upstream.cached_responses.count }.by(-1) + expect(response).to have_gitlab_http_status(:no_content) + end + end + + it { is_expected.to have_request_urgency(:low) } + + it_behaves_like 'disabled feature flag' + it_behaves_like 'disabled dependency proxy' + it_behaves_like 'not authenticated user' + + context 'for different user roles' do + where(:user_role, :status) do + :owner | :no_content + :maintainer | :no_content + :developer | :forbidden + :reporter | :forbidden + :guest | :forbidden + end + + with_them do + before do + group.send(:"add_#{user_role}", user) + end + + if params[:status] == :no_content + it_behaves_like 'successful response' + else + it_behaves_like 'returning response status', params[:status] + end + end + end + + context 'for authentication' do + before_all do + group.add_maintainer(user) + end + + where(:token, :sent_as, :status) do + :personal_access_token | :header | :no_content + :personal_access_token | :basic_auth | :no_content + :deploy_token | :header | :forbidden + :deploy_token | :basic_auth | :forbidden + :job_token | :header | :no_content + :job_token | :basic_auth | :no_content + end + + with_them do + let(:headers) do + case sent_as + when :header + token_header(token) + when :basic_auth + token_basic_auth(token) + end + end + + if params[:status] == :no_content + it_behaves_like 'successful response' + else + it_behaves_like 'returning response status', params[:status] + end + end + end + + context 'when error occurs' do + before_all do + group.add_maintainer(user) + end + + before do + allow_next_found_instance_of(cached_response.class) do |instance| + allow(instance).to receive(:save).and_return(false) + + errors = ActiveModel::Errors.new(instance).tap { |e| e.add(:cached_response, 'error message') } + allow(instance).to receive(:errors).and_return(errors) + end + end + + it 'returns an error' do + api_request + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response).to eq({ 'message' => { 'cached_response' => ['error message'] } }) + end + end + end + describe 'GET /api/v4/virtual_registries/packages/maven/:id/*path' do let(:path) { 'com/test/package/1.2.3/package-1.2.3.pom' } let(:url) { "/virtual_registries/packages/maven/#{registry.id}/#{path}" } diff --git a/spec/services/packages/npm/process_package_file_service_spec.rb b/spec/services/packages/npm/process_package_file_service_spec.rb index eb19dfe4c83..baceb92ef46 100644 --- a/spec/services/packages/npm/process_package_file_service_spec.rb +++ b/spec/services/packages/npm/process_package_file_service_spec.rb @@ -112,5 +112,15 @@ RSpec.describe ::Packages::Npm::ProcessPackageFileService, feature_category: :pa ) end end + + context 'with TarInvalidError' do + before do + allow_next_instance_of(Gem::Package::TarReader::Entry) do |instance| + allow(instance).to receive(:full_name).and_raise(::Gem::Package::TarInvalidError) + end + end + + it_behaves_like 'processing the package file' + end end end diff --git a/vendor/project_templates/laravel.tar.gz b/vendor/project_templates/laravel.tar.gz index 163b76cb4280bd5fb333dff2e4b05c4e50a3965e..89a665303f61d1fc42fc93ed4561452d161ba06e 100644 GIT binary patch literal 73604 zcmV(xK6w{j`;ZhS`$ZG0~?e7<9`3=-~WH9(b9=Y zC`$_n>Zyt-DoM!6{?8cWKMrPPX8u3+KLg|c@INctKmRka{Kx}Fzc#V|$Nn!FEuFoiou!G9Gp(VEt+Dn06cqfQ#y=wi3q2dl|A>E222L5|BQo?g@u*n-^YyfY(@+$ zEG8_>Muvu__>Lx~PITrb2F6ZwHU>`4CXW9%FSRl;v8OR`wEH(K-T&1q|8EXqZ((m@ zZDDKTM909)$j(6juP^=o^`8(I5fFxilot?^`nOC#|K7G4DDK%d@iVeR^zgyAzL7l+ zlo2|I!zv+>l=o#jdmw-LETCms9Z})Ad1!*M+Au7hVockI!8JWPUUJU0(KNR$$aIVl zwCHLQZ0@X9)~J{j_OM=+_h|0{ajc;bZW%qMd1ky}8WlPdN?A}HHR9vL97jm%BItm@DQO7Uf7}eg}B(D5a`;!pnw++1QEg2`gFLvzeIb>6sW5=A~pNs3+(oXXm7* zq|M-|xH}$8SD|cmri?aI-y=PpaJX_T!Ije0O4BqG(zW7~Ch3!;Qk;hLc3NB>dzgQ8 zJMjiw_Z9z0>v)<<7)nSem?~OGSTYFV-%bz5X-~gQr7}RwY~GFAPXB89~uY6NQaWlm$9}|v(NDj&AB%n^NS!{LXIXrggkEFCmn7;;V_F>8bT>A&2hp_o#Wr zO{tq>*dTf!#`jVg-%zU|{lS+PrzY1|XYtLCntLos38^ju?Pj05}b-$4WeS!D0>Kl_y_XenAAnWVM zD)jf;LQ^#1Z%iu`Ds#>1rpvVQV+zu+syXvR4_%)2@uIVJkznZNtBcz!SvGAtxI%oQ zdSZIAdiJEe+9TuGfwHO(kAzfTn7EdUj5FE~EqUP=mkoY)xX}YwDdu zG1*4sFz9zxSj7}M`OFmcLKOgL+iFr)3fgY=)^(>P->;i%2H0G69e3cGx_oAGQpR+@ z_rQh`s8Xc#=7sljdER50bj#NZPGLTI3wvKPIYzpw>8VPEh0pGD-`ip$bDJ$utX~CB zQi0{eK*Yoz-jqiT+hif5TB-(nvd!H+xz+}>3pBm`r2qaOXQZI)sn}M&>rU#1ok@_c zMygBG735ceXbR9$=lnTzRomy}bkuAOpHq3`9MwaqPZyxmQ~_lG8wv{3yR1Vb%_@>t zI-1hWe%DKfR4oam7lCUEIT@gkI9*#)5PE;~=HwgjhMG^4m%}F2(2|2-iq%zZc5ncZ zD!Hgec=v3d*e=*XdT0?hKM^xwu6$T(Z-~lja))veT$O`LON3up&3Jws^*NrG9tzP4 z+LYo1fZ8xv=Q_pGlo-QHCV6^v8ctZ{^rn6SCB$aztaD;+m zjFS$erIVs>9WGRpjd}eKd!_+0d*Zp|f~NJO9gsi_R7M!*F00Dcs!203D45AEtodw< z?_>&rP0OA-`xAK+Y5UR`6iVGd!AGn?jJQ2uUERybX(I^F5*Xq<&bH!P5M+A}=g<3A zQq1O2efj-iV{R~{L+t@)L2;l6JJM0o2q1(@hU@+H;N63Sj+m`E++IT&RH;kdwN9JP zSKK#AnfFMymh%WcMCnpDA9vmKx(zDO81BI2DwUfW-@%Sa#HnEUGlyuOi7Gn3^?SQd zHxY2J#Z-q_%h#}Vb@@1Edyo^tB_lv5RdFK}YVA!SFP#({H=H+P^*b^89(bI+ani<( zYT~_e!nuRx`Lsq`D!~UqvHWVRVV7=jpQ@;KJY)ZM>bn;d8_w=5;vWOCv4#Ek{JDfH zWkYfv#pGYG*#y|ab_nM^dGQHpsiqn7i5b91 zQZzK7H-6A~C`6HjIhg=^C#0xGrH83Ue?fa9e`s1-pPr}b#OOuhkmbn0uR_G_>8I|m zLS_21JeDSLc`E%L=*LGU zzXXj29KyKKy*u#@S79Q#cWf#{X+v(6)Dmu9EgcL@n(@zi6e3X^mU|oRlc4tO;^T_C zf|vDGHJ5;{w!f{cVgh6;;L22xS>#i4@P9x` ziy>Of#b1OE0BIpfm~Jii>=NdseWhGSsCE7`o_)Sewz#(fS!`jio2Gh0^c{MQ7s z5^-LFqn@55URnhYtbqB#j9E*eJiW$Q3_siS) z)n*Q600>D;#CZW%gBFH8z^2McSjo~#8r%i7S_eHiDRdZ*g+IuW#irWPG)th2T+9|a zrr%VvAf7@d_mQxog~fF+X`s?6%WRrGj{|Vm3&83s@Sc{In$pe0PE3(40wGsQI#HWY zJJOb@cecic2$Z^oL?n5Dl=`C+0>wb=M=JtxQWs#IF3s8dtI=Xdf;*@7%mzI!5OOPA zi#jRsgwu8|a;b6))s@03tazU130mh?G;VI8n#VXrAq!7W_hQT!JzvOpJu>eMtF0H~ zUCl_P{-sA(0gQy3P|CVtg>n=eF_J(icXUdGlw9-!4a-Yis^ZJ6OtLB!czdN}Yxh8j zxOpTj86%*%Ee>ctQiv6r@@%{<{$ghDK#dJGU(%C{vZDJEvm@b$8-Gf5G4}bQyo?R= zx?wju3c#h>VW)(@@1+SIeZSk1{5w|eYkLtdToN*CjraFp%;V!!-z-`(R$VBuW|IqbRi?^HGC|+j^qXv7elsxmN{&H!L=|4k z`SS6%*&6@FOGu0iY%o4_$ZK{XTKseH6ne6(Z~-$7JFcI;wCUx8&utu=E2uvRN>$L& zNM1T8hXOOIsZ!NTusfEVBF!a0+L_oO{&*`iY6hA)i9> z&%IDr=U4z7?bYhgiTk?FOyxzsq|hUX12o5VPb{E&c8=P9A_0%u@8g*QkttI4e&C#|?uGV^} zMxV07p313_gM&cd8xOu=@!UN0n1Vo zIRejl26xgnkxC~2Bx6ZLKWUYYrG@fNb7v0MQckzXw3;0lUL1m{Euggdv;e8a=X@Ed zA}sD|E!y*3l9=*b^n@5ExxJXBZF!#AIPrJYPxzVkK$Lc0Aj|CvoT#~Rg2lGEU0J}e z>0=#1DK@<`N!x|kBY@>8K|5vO)|;WkSW15beIF3=H&Q~W&XI-L034gP*ld}O+`zT@ zp=yZvCcFz`2wSV~!fv-qwb@7wZIQlPKfUibp{bF=%E}Ssm%eJYafG8{qNqIY2yD%r zi{ch{=XUpY2w>5@YQ!bW6kv^(Ei5)w5}hz_EhMbw#~XB1c&zzC&RiGl5r0e*i544D zNJb#B01;M1uCaA$@I1op)u;3!WA9Z`_AOf#rrMBS*qBwH>a&FvMfwW%64VD40Y?Rl zq}oBpC3|p4%r+k}wZitAFnWxPa(MPolS#;EabfBv8|E;^A}*+O0m-y+z+S-;KkUhQ zlI37SPDUd{Q*D2C**KXp-B;7Y!ZRMbb+nq$$f&_i!S(#dBvDx1V@q+U_K+O0TBTvE zRiOp2_N=TG4T#jFbuu%$BILqm?0B@JJacuC5K;QPL{!B_o@Be(?y;OK2hiQT+o>t! zgIJn)QRD_58X?bvhT>ao=F0U)>71>g2L-ScXx6UtJFZQPbyA!>K_9#;tOwa!$J%|K zQ;#$@ee~+<0Rw&|&$+qFkB*?$o#Gtg`MNJ`HRq!(`(kogrWJ|D+=ZFqx$>aJa`B`Z zA=|m^C~Dyp8Enk~`|+3|u?iTlYq_2Yg`Q_SaKw8Ml2Ck1 zZ*xOY9IQzRo6>|$q zKRoTZ6s;CrOnXA`{(wj*qgYfy{?l*_06-w8U)={^*~*}~i9&j{-Q!jkybb0sezw2A zakge((*2a$REbJZl8gZt=(O*4@Ym#8?(?sA2_C;>+soP>dwVG1gmH<9K%u8s6qA-t zeIM+&^^Q63qN;1=b2%~a7Q0``%h`sZt8`XPr*%6z7amXD?;%=Cy*A=+2`~!q^2vIs z8Ht+8)AXnNucyyZH(uPbXS^QXjxk$+X@`>lQckiir9l5(ZQjY!OiIlx{3Ad5?G0k8 zk3$vmhd!IY4|*tFz1EmbN5W1(Mbtn4G&`kc53m?Tz{8Ff z%W5GwSZC*&L{Vbc&>c2_$<@cvYLFDVw$A6$t25(+J07c^-6n{_3)~!f30INgzf9!o zJsUDy)%)}0wupq&1m5kKb7+r36kl>0pvbqjPDUrZ?TNtS^q<>J0GJjjDuAOa)!&^o zPquij`Pd_v2!os&AGhTl6jFMM*z(%j4usl2%h`2IFi_Ugc;Lj(rDgps(dVsv_uSK7 zcP16#f_cmQ zkiH`X$D%XTy5Cb2t~|abQT^^aA~{X*0SrP~c`p0kEw}iz)Pw}h;(ylrtZJ9)`yn4% zFKH>V)#uTcsq9)l6A%F03QnM%>0b_1oU$GK4?m-N@gEkF=LL|QDk$$M+>s24ZX!^P zv8iF>4t{&(lm*A9yof5=&bXhp9i^jnlQ0|x?Lk5`xY#1J5Y=91)MKt^G7aSyG7RLQLN-zC@*nwxA7tgAU-mBxo6eaO$%2&|c}#JnZR z|D_W-{w+Aycpr^9ZKV#MzgrAJxS}q({waAaZ%zJd9Lc(10`o@nj=f6Y5$@Ji-MwXN z52a|{gZMBuwnZY&UX~Kw=oSIdf&WLVYH>4tgwh_LDmwZ>xo_iq^rfL;_dxr7p!kDf zlEe*DwoHS&x!!A}L(|4Xc3a_#m!#|n?fdoBq5$lFL~vr^S9bPtp<$?<-~v`A`wNKV zV?`IK`1YpTKy&o^e1HG+uZ8rt$44H- z8ujjUa&q?a!*HQ;Xk3_W@{JCQldsts?#}uQ(2{N5-#kbF+;eM1-c%2YcU^Mq0OG(1}xX`|Ovt^XnDa z78OE>mvThl{GpH;J9*M3*o;Ht!e|7$zMLyE0=;HqYzBZzp+LUVT~%NWc46zy1^<{; zONvz720i@Ptv4hdB|#0j*Y1t&lwxc3Mh&^})BM%I@E>({*9$OaAMe-Lq+w5sT6AHgV%f# za6y>+xML(wl0ZzM%Cx(gKx3Dvzj3GobH^hh42e*PGy(I}NZb^AHbSU^Gv)Y0r#kzkC=SCo5KmNqp&FrCl{6K zrH@yRYre%RY_NcFUf1n1XOIWIi=?=U5xzgS9(M_&$`V|(OeQ<1=U&C>f8v!%=Zmoy zL}R#00uQOs_j$>_y!?@NDCNjR8vpF)wb|=QRQKQ%XUtG37xQuwxcbYHuO|gAPp;!6 z(AbkQi4`kBmN-d@n~|UEG%UyFZeXRiOw8EWT<8;mF)nzReoEE|R<6&PS*U?Mp?@Cr z16IK&U>+(I6kDh|;;{l6d7D@^N0e-+J_`8lQjH<-n5B^`>*27ARvMLJvvL_w-@E0r zxQ_Lxo-0U`S1HYV=f1||idlk`t>P8=*Y9u{}G8)%fho!ZPctObVaM=%qMSwHg}Y_G_bIAkZ6#yP%zc)v@(zWth^i{?%h!I)key3{VUYh8sG!IYshA+iwHUXR2DH*zHXk`**lj0Jq8^g# z^y>RqUXjuhY6(F$IRQ=czY1)xKU~gH$;0eJrt8z!()=c-Qu~{4%cE^!;SeFlJMW;M z5@Hj}Tagl*fQM$)1dAu!SxR3tr$|53I&=X*`!!Z)bq7bcAFzs!hEsv(q*rSm z4A=43x~Rb5pyWm*P~0VM8jRxt8D1tTyb%H`a>@@C_rs1+?-cpQkLcqF(ZW`KN<0(x zJ~NKPmZKGfF5^ArkTcq2jarxjA0Sf`g4w|Nv0^aQ{1ti~xIZ(^vmV-5U*9jIqP0Bs z$7y;gc_p_!(Q=D(e#n5|Eo>6ep!N5WfenzZj5Rc(%MNK!d(j1oe7M1OLyM@NF=yG0HvJ)v zK}R|t7a3<%C48=`T)y4u=-*BDFqPIqwxNN= zyus(C5Ob5t#0$D9Rav2;^k$Cs#a@Kn;Bkev5{g_bW@R5Pelxz4pSy98{!QWbQvf}d zKJAG6@Go2+`*v(D>yeb5Y=tr!B%3N!*JpxX75USglcDDXDC%th)B7)xg~(3H{$YUr zM|ZsUngyT!XzC&gKFLF<*c)=RXCXu+%LraIi-h};`QW3_zU?&}|KmHgO;e-7xC9ws z^ER{JL6$dYI~)EmXwoqiK$&6kVt5)0yJeU(RdV-qZGP11L>Gv+D20w{QE_%qFA4}8 ztzgtoQ=Z_|g1?jXHc31ynQ}rkq&jV47iSXzxoJ)WF4e@eEBY27lzRjBl>V%*B}y4XFw)OLTh!=?7)G?ucH&S=+G?zz{EXeAiPsdEgt@Tqhbrve(L-0*v3 zXVTt5<(1tWFn0J1h{l3jO zVT8$OFNvWqg=+!LRr(lM=pA*@-+q_ z6l&wsgjS2>&}J-TBznLX=x|}z5JKrn3UkoP0BF^fC2aYfp$S3mM=`~bsQ?ohfPkQ} z9)tFuAgAR9&^|0QR0R&JO6RGM;q|sOcZbDwtd%=vWY!7*!V1i5>XnM$f0WFt5q+S( z+nSOv+sc~hK+NJb2B7PJk7`;1+Qzz=9#*$ucsSFktz9~~EC);WA?uS*nC|G)2bG#u zn1*qccDv0?QUoU*@9gt83I_jNle&WnJn|m2({Ks8JIpv5*9o{s+YM%vW+MsgR>dB^ z4?WOke-YeH+@f(PTIGOu3&pmRc|E{P=wdYVp#9@Y@qPb+*yt;F2w1UXStKw2R3FH| ze8o1qa!16Jh-CJ-gE_*%c0{ZYGHAE@%j+ZAW>prqu@O2^N_6TT?dgvI%d6F`c0Lg# zO-x0|9z!rDPm!Wu9wnD@-W%Pf-N;x>KSkfGo9n}1bPnEYz}$2*Vei1V(;iIC z|0b#v-yl204;}jI1qlajqr3rTuA*Ov1OJB}0hH`CF$w$B`2_<0XZfnF zY*TxLl#^^NQM4Mu){xrGw4obnhpES)u*FFO;$^x6CQ$Sj=GbV`vP)J55alPHrHC>c z<7`{}t7FQC^Q?t3vOy5A%~&5sUQwOXFciJF=_^$<8c>i z(AjsvZx1hgSbf=W)BC}2clFrIS?mp#!@IM72l>CCikFib;)fr({iHbAqX_S5dzK?k z0GE`+EDz&XZz|GQv;Dgrp<2DWEtAEc0-iB-wg0{2)ih3kGJHIfsg$9)6d!p>r# z2mLi2xK~f$-z}OCD+pM6s*4GwETz|vPC_NyxPZn(Z_jqS1=N=6M_W?rWN%#J+p~f9 zs@o>{ytr=QWj9zU#c^rmeVRba;u!Gv-CK6=qErPa7vbv~s2ngLXKLQLIl1mp??KoE(!0<(#WblzBeM*tW#3e16s`^GWyTjk zJZ|)*9{E2RqU#^(;YGasMrg`a!@c=&{Ru^i^CyBrWf<0)szX*=uN?3Nzr0wp@C8ac zMzXz}$zB^`Bt0(J#TKK-&@agn)cLfGu>BMd8Wc&GQfE_UJrQfs3fzSZgZfM_(PUdW zrkyNV_k(!I5A!6rCNWl#{UE#^(NuOJzhf#b#g*5ZqpvM92xuT2u_Bq=4|}V07_8@u z=M8#wY3ljTYj9C_bUykr!+1#KC7sjN>DtB*$rL$Rc z3bxh1%Zcc>Oe%~2hg<@uk^Nugbhhc=7tMtN)vxWzlIupCitjv^7Qh`Xn6U;9_v{j- z0a+{t_?}y}=>o-Ka!NdS@d)y8NfU9YBi{^G#?#mUV3 zZnj&GzhikDoivbPFcMKH1I;#58EnQT+Qk*u;pnj5Q^H zwo=q|PnLp{c{fmeNBpfCk6Ah;jgmm5wR-RQ#!bpnL=et27wkyPU_Vg&AjPSiu8qX% zn-~MXYjxfi?ANa8gR?RLRQ}KvCi?#^_YcUQ$XObrN(;dI`~X`!$4vT$w|APB6~m7h zs3HBnS7>V+pi+?p<)vQVkp4qv-&P}G6@SWwer-7UXH%|OqMr^=I`8v`^Ih@N9EKX) zk~I{Y+Q;8HEIReJOQ3s6M(%TXim5_}R$gc(a8UbEe#f#l{3i>w|=-iypb4O~)iNQ+I6^Gqe%Y@oT%i^mP zWD^^3<2dP0=mo?i9gW0D>Db2uM2F1g%_FWl!}qnaYF{eoeuX!H{koY{3(Y@@q97yp zk8Ab3s!b0BAtrO_O#&h!8AYSh(S|L;&KtMcY@CY=dN*TD zrJsO!PJs*#Z(Pk}C`vf{_N(84&w1cNmT(xbLNrg5l2|^hbJeDhIg^8_P3cl9i)C2H zYRW>@KFB#+mH?BPJXIA8eGBTF2Bxwk&jhuME;v*!`^DBO18q{h?y-A`l#Nw^olGPR6Luilm z@h#JLf&C@aL38jkt1{mNT-|I=Y7VS{xS7LYFWzHL7M<9=8Dw|#APfn5dFW3rQjvC`c_~FF#eVS;XxiL7o7St4g6pMF!PHCnO9T9g}LC) zYL>bZrjCXZroOp>y+GpledJA$gLMA|Pnulqp(C;y#l!@SYAdzm%v=raL`~o(QK6+w zs|Nv61OSzNMaLrueF>5+Y2 z)wCrE94#_=t_ijmV{A);Qe#}}(T3u$vxM=bGKtAxw0?ZlT8+9Iv|bpE>f`HTXE|QQ zZ)>MFgcA-xIER>m<3@>ht9Qb&Yr3Kf7YV!*8mWU1aFeWZYZyH8_jAaD(JWJxgQgA# zv2-f4y$Vzw)G>={ZuOJEbUeLMlIM7SNH3AP7t+Ps4h-6iZN*{XoLN3_+ay~$f(-x8Yxm#G-~zv}l< zv)h*IO)XV@WHJz8#+w~+ZToioLSN}KKt_=ojf62&JgZ8IV>;)7RRk`m3Vq>S=uvSf z*l&xLdymBbZd#TE)x@W0>fGh4PT~}!qtcBaX*8k?Z0Rdb?V)t|DN`IX%`{;cSjhDv ztXY%=CWk$(Qb^TmMcNKW$_u=(@ZIvsMIOd@I+PVx$F!&VREO_j!%`Sr=Wh8C62(H>KcqJHJ~Ps@YLTacjV1k z6|DzjF+}8{1eR0_6tqdhu6&wy;}su%%qLzb%U2^9`yh4raZu5X6~@?X4x@GYA*bxAzUY!WhW7X%$)TOcS|HiC8-w|u6KYFRm+lgVRdG1; z1sfdl-W2s6t^r%L{s)K2a(0*u|Be5VQX&!qz2vf1$ZJ-VizkRLYsbg0=a}epzx?&X zSAM_qY2r`P^&|uzsJ-^cz5n#!)jpzl^DeQOb(ON&HqGOmvQu>|p@I8on(%%&ytID5 zW6$7w30poJ>?+5?70!EmcrZ#mR$HGsv(CE;IqCjO&{#H>X^~i1l%YiO`DhyybECb~ z=^vwc+uC`=9|>vJX3et6P8`yMh2l~Wy}p!5ESq$WT_R@qQJ#f zN>-XjA>0@ZkQ`sg`oWeIiPxnU?H+*5GZ8KcZ(8VFq>&Q-dY;DWBI zh1!zy=qqP=te8v=F3!49JE2m1rTar%LaVgALY`F|&LCsNH^0GTTyVHve#!uQNIBQ2 zBsg`PcJAGQ{pyr0eC|zqivMAhzYuoFqb$i*29!FBY8RwBI|AQh=|s&Hl8u*W4Cnn; z9@NO}!SmJR^q|~?g2erT9M>;yAG(Xl%PmcOD*(GaQ>wnaw=A_`;ogH7^_CGu{AHf7 zu&)9(MZD!?&H#KUVq6j#<6aEzR(B< z6#f_XM+*F`ot<-gv%bxGuRxun(`GpoOvxzG8p*@qlp31aFrG}p;l2l|z4yjHQEL}U zVFX$D0H3w9Mj>opK=kdYIpxT<|2G!*MdtX*cVYXV@co&THCZt{Slzs_SR47_JL;wS zeDZXk+9`qKS*A#}bvwGkdGAbvat7*94Vd?GDHnhYZ@RM~e{#WBaTL%|!SNiS5OB9O z@?Wel5{D`W#yCgD(*EUv7e;E3uJS?q4Aqeiz)j^5Mqtb-uNE|-W(Oz{+egvE00vrg zDc%H_!<1~t9eW|+2@t~mh1xiK3AaBQ2#6-Y0Yp4~(-<4L{KUh?`_?J~{_mVfoSJ<8 zKO{)M7O8Kpo1n4Hv+hI7$fy7yxGJ(yC-?ua+4oEb|)tV3=CbIhT^9Gn!Ury@$dX7puorM9!F zQE7b0&D5le)};WXtTVCXK4YCDZ#K)f$-MFEg4?TueJ!P@pFTelTn;K&U`f45g?R_3 z6`~E{I|BllfHpd72-3i$I%G14V164O61#R!7of)4LA6w*@xpC3b;0XwP2oVCg z0e5g=tJNKt36H;_oO`j?wp$1d;>)^d{m(I_?Kq=i(kH=cM|t#6{11)XIhROv0dsAl zgh)Kf(TpOy zZ^m@#$jyN<1qKZ67`a~lKDZPJ*%fz9WVd%Cg=`ZuwmSWHnmlMnUAes+(Q%z&dL_*B zy;{CKr>lrn*oMHfCB*>m82#4onby9oj}|X1wehG^D@{q$;%0J5z==%~NtYSvd?}v# zPU&)=k-d4vu!!aQaEIw&cFa4isA2tL)977Vi>AGGFFZ7hSd>(VjD4Tp%hwSuLxLy= zqx0BDAzU7E91G6ah74cvByBybs&LPW^nkTTT95D71Me}Ye!lZtpYJ%Dn|kZhrG=(Z zQB|fB5q0RkmJQUq2tNuB98Wxk)`9P^enWb3uq9zoQB7BcCb|^P6V^WB`4iI#VbMNV z%ozg0qnhV&s0B@qlcXl$Lb=MxziY@Gm+kA|lG-HHN`5$6CIrp1*U2}sB;AOv`y+Y~ zW%&E7HJwHN{Ps!T0A<4mNB_I$!}C&e)DzNkQ*@Fh?XBNE3lOigaYIZ#a@!VGwQjV@ zcOU==FmNNh?%7KRip&4K?=cVn4lJ;0gUx@AneEDL(!=|n)`dR|lCnT-^YfQU2nmUc zZz6Rgq(?hh^l-MiwQ@lo`{iA;lbpjf_pdvN zYPM-q?x~Xd{b9-J0Fp_d7%INo*~B2`+vq=n#5vT9ca*y&VOZ%iF*oj!9QRpY%V9U-wWi_g*$7n&<*=+ib5Tl zX(cED0+I#!*M(R3wS;Ts%u^{i&L92sv}?tD&|TR2%!b%yVTv#p!8sf6RbUWuJ$|x~ zy8I~nytX*Wo7=pRYOFId${lpt16Tgf_AurINd+sdrjaW*J;-B-qRDwhxS|N1mc1^b z5NjWlxN*LgJqk`O&%%%F6%0Q}J4S_;RYL8Mu3P0=Z!eFetw2`#@Y`I^^mWn_ zRBH1KwXG123p-`z_ zSDSP*Xps@C+cF|WcM?hovj#P*ks#LKd+rwosfi{NY~Nl)N7b8sdXPG{ue54auw;w% z@9CW|=E%N%vhZ&jqfZ$?(S!48u8;q z2(aRmBfU@XbVwEn!+GGd#nh?s&R8R_3CX79L~_3BEH44Q{F!4A3GrBTOcdk9$r4S} zTE$BfN1?{-xpW7~#E0x18SV_Zot$g6${_&NuSEZ!fT@kO)}I<>Wcrav(}@cVq3dmnBS(Z^RQp9e_n{ zmm3&WS)q!Zvl*CMet=%6z0~W|wt&|~Szg>Tg72C!FYvQywi$44CP-BdQ&ABQl7eGd zyrN1FhFWZ<80#yHqD@x+`m83~%s8{G55=CAgI}IaXmb5_Ea1_JH{I-fp;7~T2B8kL z|1AohXIVa54Q@SNjK~9D;$6eH$CNx5)S4|wxgn4o-%S-*WIT;p2hw~qk6EF^yKb2F zSs2=iD++^%UKx)|OAuq@?;Yp8(Bs9_(UvT!@X+i9b4zyPEKFN7| zSlCw--29*swuLP58)*<*B)>anuGidHJ1Z^GmN3{OCHGj{Qao}>#pg|E_6{~9LIx#2 zPSr0l#}ji(Hs#=P-fYxmoBS~&OR%R8VR+CKrIHc#iJ$OdK; zASNN^D(R!j^8Q@wuarM&P@U_Aq@n3HhtE5u*W0A^#jPW zx2)gQ@Y+U7qD6~hx8SG>khcCa$21iSnxXlF5DDU!43760k?nu^S!T1=xu zJUsJy)acYZJ18cacssqIdm(kHZiQboo-;D4MhDS(FB=lWc5|K@NfL<^WHsd6hP%+^ z_N2Rc!%kg(e)j4t?KM4VA8^hkv5g;4k3oeP0L3vdewETr5M_4(=wSAL|CYD(8i_tIAQ~a%|Cr ziq1REE^;FHK<-mgZ-5cCJjI)nc*>nT=pHa-v5JmR-M`8(?bnVGmDNalmaoR zx@NXGZiNAwdTAALWUA0lFFOW!uSHHuSQ(`X8SZh_@Wr9eMnG+y&ZLp)j6cA6NpjwdwN6qA^;t!&K4uTm% z5dI3F7hthgP6j2x6j@0KLyYSY-FI}B1WwLG&hwaPppkc04uhA8L2Z+ioETas*9d)I zm%6k$IB(SbQ&OEDK>#4bdtv0l_dK9Ge`Ladw7P0Hg_13V{Lv`!Zm-Dm`N2Phi})=! zg`b^ZEL(g^5NW?fwYHm#qOIDi)QxtcMZ$u2z!6z|+DzyEcb1My6OsG}Sy_b$Z(y0H zpB_#C++;m(o;$o)jaEVs@hQ;}OAMoPCbyHgj{apF-uWv6sM}g}>}Xd&Z$WIhjJ>n$ zI5a1TZ{+D4L83&8I|~dWuB1jO;pCWiq-nsJ56zCY*s(}*MHHm!Pog5E(U9b?5ExYw zJx)D{#20&pl>MX#8=?;RfFVYsOs3>(@|XlfN5L4wngTg1$pmrqtwf-Lq$3GpjmQ*P zl1O`TU^Z|J0}-^)ixEQ3;`jG=`w>vlp!Lvfz=4W4DhmH7Zg zPZ<2Mg#F#&r;qHNy}n>p(L}>Xb7WWd8nOGyzoSR#VqiP#lgX&$66a!nn!AKGONW!n z_gqluMCr~sKLtMc?-Cs=xCncSVUoy`Xw{z!_}yniTEX_5^$)4h$lb-jeJY@8wY33e z_eZV-c?u&iLFt^(-o&>{?L{aYgw_S0D%ZB`karxu|{ zNMRRnj1{lS2xZ(og& zEVY6kqk-t{r){WR23kLRFwlod^Ozt{0ANsi`$OpR8(|pHC^#!YEt(m`2g`L$k?uky zV918f=@9!*HI8DZ#wZx6Ub$HtYGZ5bw7X7`K49~x+6DuaO^;df0Prr2<(c`sDHkCpaIWzLA z&d`HIleU#RvmR5Ox@X=29;lo5D1N@E+%i}Uq4ROxl8t6P1w4O#7_D1MpL zDjbd~$y-Yor(4j8zlq4mRk`2>kUgF(ii*D$?KHH54@XdxTx(6>?e<-0*If8>|5kSE zYEH?A#qO2GQ*M)GrL%@<*T*^`)6e)ykr#UZ1LmS0^a2IWRqFh{>b4oM@#( z(b--;W#)Q6Bab==x=3r1OCj(^oZKEl#b&%SOu)>01Nd1Ev(b4MKeLu1_n5QQx_wyG z9%<>-*!VNG7Gr~A0i(~2Wh6--4iqa=sGw;SrG=u)crkE}{76&LUsz-rLc32Ee)a*= z-=){PS&KIKZ)J^aajzr_YV(J1yRNd@G(nC^XTw>9uU3z5^+ht!&gEe+-ek6F;=Lc5@!&H;pvC!_$3t_}9P+YTrT;6r^KTlorI&9 z!<@*1a1!C$Enh4I43=>!Ww#w9l4?7nuPOlenvwHA| z;o4$j_Z|m!n=Z{LKWRz;Mehk_R@96){`C5wv)gbsO-;&c{0i^$&riCOjR@YRp>|)3 zD)p5SIWfh-3c!8ksPg)L?~6>JsX6bUd9OVLh$e(YngOdJvTMJt$rkfHHt5UGFu1qE z;wwSfZ6qrhuup=`dakYhh=TL>vdhX-eUaC=a=j3;920`V%u=TArkDDF-o7q0E4EmD zm+FnTP3vGf&Q;QdRzdaUJ@Ph1VtCcg;m=L0I5C?zr&tH_@I?pq8*n8~&FKQk*-cnzm5sEu+H?c8Ey5FR(pV%+ zWVk~!(-`J=Nruu;4i(osrY?=27cKGpxuh>EuuedtMTdSFS;>2XU^8tYQA$N+AqD7^ zvrId}nFkZRiBM5$8PU??icqh~a!0G2O8jX0{h*ls0(@z^_{hBy7s+OYD_{z@EQu+^CeLs&7hU z7Rc2O!tM({w)V7{MZ}P#Ce_mkSi(gj?cETSS?}IHRMRxHs2*AXg$P-diJsw)iAO~s zo>R^8_>iA{3`ghH@npZ8(vWW2c90t>h8E+7O$%0Cv|L{W%#uMUcO!Xx-ASh84}yuw zmWizhR580&FxKh==XG=$xk4WqxD$(Rc6vWwK5AVpv~?_9!CV#7x<9nN6=IQ_VD)Yk z){iB?ROL8LLl2NaXQ-xpQmMruM2a626}a1~j~qA}nrmVPlEUuqvXMrU1lIeDU@$ z2nl#F)76~q+$ev~GiTk~dX;Hl9Mz%*liq`#Xv4YLtjR1;t^p^JnBnGkzSUV+gvERb zowt$BzX@XxRD-@R2zRnmHoM?NxP+YdC|w7rPENx#uwUkcMkV8jR6TEPk?C*@wZ0Df z61C1B@P1v8qJL1nMSm}LF~~b`%AT$|MfwViZ~qM{(Dg@lnj}}DM_h_07P6x=>*RHmfwip}i2358m;F!A${*Gk!mMVzz zl;ElB+O6VSr{599x0v!H*veiGK+e&(EQz$FBj!yWvcTosQ4D9^lSukH3F><{`fr(s zHIHJCQru3dz$yI(Y1XzSb7>}%N=;9*ObTee&Tg^)mYcMXl0;Ja=){7~N-E79tFz7{ zj+BG-W+M&?kmh*ig*&7I%xN-ebBt|`vut5894jaoYu2&v$LF~yW!jH61cPHz|J3`5 zm`^oRO5g$(<5&5Q+~lohbkDfjwMH(_R8yR2?zfM)LLXj2(UEmm1cu1|C!b%y&TXrcte#UXGL$uLq`KwnN)>jDgL?>0a6`pUv!OlUMNGOgeQH(4K?e# z;${ zxJ4-s+v=44dXxsJ*6Nz30_etY&4fI!Jv2)utr=KSz+E{4_jXgLS%whq?e4r%;0GsM zTBKWE?)@ro)u4a{W^yRt%nHGl^KqFsSJgjjn%@h`M9k&b)EWK|m2lwAm3DO>=DHJh zYQ9_RMp{@^V-vl9@ujJYLu$!$4~e7(BB?%eO9*6$DlOk4ZOJRG&WDFv9Vex0Vq$9w zHNp}3*2u9X(FP~Z(x47L(&A?N$vskL!}~&DgYukPXgqh4Im(*Mjk`5{em>;&Z%*E= zIiW_ND78wiXZMez%ZMS=kLcKliLgh{8PAo^f`PZG2?oLFO+e=#1~IXOf7Fp(zU~No z^6M>imG>+8%&U}pdoqyoM%*1FBE&C7*MW1$x=tYJ+Gv@`(-`rY2f^n&ku4vSxusL5@aOaj;b^VjIaN64^0OB=Hj!q^1Vbmlett>=*YpqHxhvr?HRY;ywo+~_!H5Vgo z1Fgb~MKB%Y+pU<}5)(os@^(u1v9u31UZY!al%qW&B9R-Wn{@`HRd#A6`i)x4=|qty zd&!%fx(WTF-I6*gz1Q<}M;m!>V{B7H#~aOlgc?aVKk_W0O$;dTV4>#@e~`!FE|fYL5#= zzk1VlWM!AdRxBtsb9_;KZkaQ*&$byNM&Ge}T%EToYui}|RAAkju*tEWf?{5|F+N{9 zY1a?|?T+I*1!Segw%b8-&FUb0SZ#pOpuXX$u1BT%vdwv5?lC}mvbT`K7gB=F@XUn; z;fdYMJaNxh-6jb)_NLo8z5edpscw3u7Ck|j1n&cIqKdi}lq--^Wz!&SMx1ek=T9$c zPuJ{2pjRKr4X%WnqvwCzG&ARC^v7*Q@6Y8Z^^3UgenhKvGtFR%ZVPSk>Shsr;ADr& zn>xER5)k7g&iB2+&8UGt$q7E$11^139fw@)jd6sX|KFy|Tt|pB+U3ka%rzrbOiau= z@>~{u?B?AFqc|^`Xx9Zh3-wi3Z~S-03tg! zpFgh77?zzb&Uy1zv?P<_s{JLxZDpgd6IYZ@Y&=~}CPq)IOU2}(LRHS{eu;sU1a^or z_d13jtpVT(HW-(=m{zBov zI>nA64AY7Qqks_44+k2x;p5-T#b#)BOQ6FS5_UkjXgHgJV_1;R_WHys4%EH1;V8viUisv?OZs5NitINMV4}*{kRf|1wgkH^-onaR?v+GXska8j8o~?- zHJ`E34Hb)Hae%rGAL<4)`@Ybu_+f*ZFlp1@^dNIq%SU9`rTjqDI8lSkV4hkbb|s}F zi_i^Ucy}7ftylSELa&R<_0RIs{Q+jI{jJ|`za4v(fpJj`F+(T3+d52+Gc zQUbzLxIi+?sKLtB;h4?g#DR-p*i7)yb2kfr&LXCa62(U_Cayx!>}Xquk-T}wa9so< zF;~FGP`E?u>BjdOK4{>>l<;A<(=olYK`5h(b1bng$I*$(B*0bNd+RuAEhvXoY2Xl& z#$zj~DsRtOCdNN2j9aUFYn2fyx>1Kq z4pkx1PjMHuuL1~tmNyK)1mA7-?>8M{g3+VXG6qnWbIg&MxV}& zIKP)PnT_)2^)$4K(?*CW#6XE(_cqeY$4vCNYjn>daWIZgiT*;S1m_wY-KPkm-SbF% znUMRqyWGc~yEkUy%-FRQxdbtqN4te<-`@dwEe5PS96t8r*X-4K4K^00FdEp{VLrLY zmo^AjUnn=Zb>(fh|JjJ0+PhFEa^Duv$Iy{YHeohL8Z@i4qG}C5nHh;SSkJT|7<$Ih zXs{Uxf|?4w^lUuLh0kkot^=|h)IqnVhPBYX>^bZP5|Kn%t$j?{MngVV0AW)sPfnLM z>@MD<*6aTJ2InP+FRk6qn!E)hMGgRu*1vMn-0I2K@FH__EGPw3>qXG}Kr@)9jN^))#a zl8lEl{psuBSRAVde4&v}`3~3pTm&05;c1Gm2RT3r9dZnprc*1rcvo&cqI6b_bZP>CQkH4xIB0kbDi_V*1n2O6tm4qWBYI`xSA-eqZQZHj@## zO_NEn6F;3|-`CJ=;>;!d#_(>f8uRm}Z1uJe?LM_KC(z}jt>;ylO5Q;3J5cZ@;LM4L z6{W#jGcUSxqZ(Fvhsid^`|TB=R5w~_AmO-!#P!c6tNvoFeUkHLE25xZ5H&ve;Z3yd z{MO<{L68c|>r-$DSd`XKYsx8?Zt1$Orxz>*)KfkGzWeOWE!aY!0*k^?!}MWkSVB(!kWvt{e zqE<;`L_sIIRpdTW##*XbXXrjwYzboBn7=1CLe0hY~inr_qcZlt=wOzLkAr0?Al6FDIdoZ9PTh^FmMn)bE< zwQn+aphb|q6s&TIQzAjVdcBpw7y8`HYP~+)v~8C!NA-H1n#sg!RUo0AIC+vZng=?u zY!lw(n0~FEC!&>3`F^vDfF7$_vojh#1S{cyGCiv0Z*Dtor&WgbL9h2qS`BG(?j3mn zlG7?9{4bR{_f%fm;}lOOnzCUn8`SFe_8U{*OxpVpE$5Q4FVW(GuIiYpqGIfAvGSQ@rOjtdX0q)r(z<2w)=$=y3;3p z?D*d|cOkO|&MIQy4a4F35oOP~LNE)LgAzV*hhgmSHfEaVY>jt@0WZa((9gHrP2AAc z`{%)^Fw~Iwq=(?W3KpRDrz|*u&Bqt88t#17`mM1q_Dw3$fsxin_Cq}VFDz~vItsbL z?PuZx&sdbs-G%toMa=|>Xb594Rk`8byhLkh`NWw$SzYJL1Ua40cJ5W9yS-gD{^n}E ziCJZavJF@cD=y(ES%x+XG>*XZsRBjuy=Nb#6`Me7D30F3^x?*c(~QPy#2JFn!VU2k z=iB6orjHMeh~7aT3~PB=%8$Rn>I?|2YO~WryTuK2*o$US2(lCyc~F;0e=j6P+VV2K z`VDLbEetp|Z%McC{V#cRjMScZ=%!F!+-;QO;M{6t-yDXexSL_#JoRi{D>kmARo%Bs z?XbgdA7C>G*y-!G6VYBrfpD4YMp(1onlbNLw;h9~4Ui8$#2fmPv=z!4J9$jkps9CZ zk(V8oMqcRI_Y;G03EN0y4A+U3HQH>Hlp6NOD{VSkuQwPORDzl19-)NlbQNXdx69!LWja3j8U@d>&^7e!O`e{Pv5AV@+N<{0^ixSozF7en4BkfX*piLU6my z>*KG+Dn160q^HJH*>w*xPI)P|5_1Qw+%eDK4{{EZ{c&v?U({lY9kE-o)RcgFtJyA& zLW6x*LR5d9e1|onZVQ_;bjk3rZM&S=wuW=LD0ra=H{#d8XMS7rssT zgu`X5*-2nPzjmD2UfbeH(B+>^orci*hVg7a28w&C)G1ti39RCMB6on1C(}bMuDg== z*CKc>G`;?+t|Rvrg)Q?*jTD^Od{C&^90tPu{j)fL^*2ke^iK3H-t+V0;^IOkm-IMn z>yf9o0|M`_Z)Y*gS2FO`&v0 z=>%E+PT<qiSWBpwtK)+ zHtrB$>`BQpJcCXoVH3p%R$GXewQ^xy)3GA$EwVA2Bc{(Xq=zb9vxew>hhH;* zE+K)2_!KhPV1(}m3{`m;7zjVb!4t~7}zSdRx>+Q4qTIG zEYL=QCazY;-NH&bRZaflI3|{n3T@qSj7n2I-C*5ThpG2y7_)$9R8V*FTbAN>Y?*B@=bwHPU{l7FuS%Vj=-%( zg{50GQ6oni4ls`F7UfuVaw{b1tBi!!T)>nR->G%4+L~edo<;0XYmX#^nllg`F6Dzp z4ve*sD9mX!OG6&;8#R!eXocp%^w|%h$x$SbK1Ei6wF{F{3(ABM7zwc$q=Iu3a7(y+ z@yC}ocH1m}T)S9^T&)n^*K9uLDaNOdn@63)m_rj7l4{`NfviMAn5{TI`!G#ap6SZkSn(66DZ^@;U~2thqhtOF|dSa6p!KwwMd?orwYqk zdd82ka#^7d@iNDlc4B zlq(EMRc;gyTHXTl?)AD9z7q25Aecdd;{)nm66zPxJbUOL)KAC^fxy!Bz+tI5Wijm7|351E3UvK1R|g-$Rmf1!qXMJH`e%$4@V-0laY>*MTv z4}W}X8i~n}jRJt<2C3LmceWP~?Z04IH*XeLt4h?YlV4zV(_QQ5bk6U3dVZS>PrF6L z>ZOY$lJplVyfYg64v-;M``s_`EK-cLhrx}S43uk^74{NV+&Lo}U>KVXzlM)TlZ4TP z6D0P}n^qAizc`TxX9lpde^wU1a^I2V?^(yyl^Q-HCJzlWN!X*u1hz(>JRLunE%tE) zaSA@BJhztGajW_+J@o#7bp>^fPPhj1TG`OAB^5zA%o9-&tpr|XVUF-{6(baaX=#_M zPTJwDfgz6Kjg99XtY;tW%iTv$7;=~x-hVgje?|%_ONqrJhz+FHzL!Se9BDL0M-X_` z2FYUZrEYepr28$vLbD=OFlQnjCEVq zQRjw9y(KMiPpZJuctd;)DEciCYBUnla8JY~c_q6SsZ6VqQxC$qL7zJy<_ytAwP2Mb zU6hT1rR37!2hWRdYp(}&ip{3C2zv6R(mpm7;Wa9oP1`EScbMJ7w_lb4&&+Fk2An{t z5oc2YlgH-mcn^wzNG`gsUl^_~rF+athz69qr z@bKlr2D`jLTZzpN*;TjiZ&JCzT83|`!;ZD~M|9Y{2sMM22zA&7227@7PAapw`KMY8 zB0lBgUo^`$z*C666qT3trUVQ;cn!x8-k z`!_B$KuSX*{ijlnF5T$W>qS}iB1C2Zl&~HZ@FVKNo?qkl{ZeMrP9No!U8nT7iYLPk z_f)%*RL~PkVf;cUc<8pjQm`V4mXO`iXLliFVAgZI`$R389my?T&!f^Gb>lLrrpWRpvL6IF@ zOS^cUn}h5Z+-#-rr4=}?(WA&~63Vg(qIK+w*%WJ86|YKkFMAHoFpVv4X4$zD$id*Z z>_S4y5PiAU@cqfu601zRw@N8+o^=*ujmXQaNz>@arTdOTJCq`%Qos5D_CV{u$ybkv zX1J?!hdZZ6PNt6ChGS-q9nfHz;#8+DBO56XG1$z1W}P3Ye+shPYD02Tx=f^0NBdp{ z@|uTJ-Zl||o*nQSw5&hVh5xB>58j)8ECHb9jDnbB0JWC{fOn%GaCakt^fev&rF^p9 zx{X``v9bAxn@M1;WHR>9+O=_#(o=KOxTLLnccX>26(4$q4=}9ophr=oEiBU4>DyMK zqv>1DFe|fyT4?t6IOSEx=o^B+*Q3yQEK^i*Jv!>S9EmoR2)Yy>%1))BjaXBcvDk2- z!!zuhVaLve3Wq$~3>D6YlS4pv+(&P#jy z+B|bt0u~vG-L)RQ_r_Z$ISnnUhUSVr$86)danXBQ-YatqfORgcrai=rqtrzG8Qg7N zq(udlPJSK~Gf=Q5Z^vxhP%j^2Z@i@03{evhsh+bqHLMF#u(!KIeTZiiE~RE1z{p0Z zQN1$)lc&Y%5SEzGmQ4o<*`;}ott1&K=OMgFu}G|rcWD%JJPYJocecVt^jmrgk-7)v zB}y^n7eL1|3~g`KO13C#CP}PL0EKO0&D9ebkCoctN~`Wou>?xRQ%Ed_cA535Q*wVWl5d93)T4w!>WDhl zYn2KPKCT3yCwzpd#4F*(rPc1VK@1T!wT7)4QW|B5&pEU8&jg;Xj(w6@3U%;fxhM@D zF7pjL+^KR8M6@f+aMyw~?q^MZO(7>P>L<(<#Hg~%KWa|;1RQej$N)8d6v_|(i@`HN z@Z-tV8cP2;2JvTAFe|?(<0`Xp|9#j6dnwhXnxeKsEA?W0T+vyMN!qZAXZklEysN~E zMUQEK7Mc}RO#bbOIR9$IiP}L_I*kaYK-)m|d*m*A1F{`UK|Y!gHrt_}ss*Uq-N)wf z{r)!1%a?!Oko5Z!+604b6PHSxVGdX_&hBwBM`5AW&`&WVA(Wx#8NwplnTsj5^}Cno zkA+n%17fG2I67VM3L|WnoTc6b>rvIBD?KW)c`jo7=OE*pbXrS(M(&$DwQ&$7!AZcm zU#e`l0P{-fxj_YbDQ#CM;ZjiITJA|_X@rTh;z`3oL!=G(f6Hj;Hr~yV(9=1Xi7my7 zk`$Y->{HK;Skb8V5?BvAvX;9}KMVc>)sbTI;)rpqQ5by{$B>vRn&HpM5)W$!UHVB! zq3sC4lT=iq4vcd}pT}FVRR}K&G!pnT$e)VQAZ*_+&@&E#i`I(18YXI|D8IplS;1Sw z5*ecw&8bISA`vWM-SHDc#c$MS2$MLxl}uMJ=5^Z;6`hnUiwYK7v3AIKD_w(?5yWhI zm(W!sug~TX>#1W_hnt|1Deeo6TZNF&6FS^t7&@}>4ra-yZu(Fm_`3y-WcMg-hi=JD z!^yITGBYxQ1Ru-~*%O3U~y(CG@!_^nxLDcY#!bl(=hhmg`uhYy(PpfPhUW15n?wJ>wvuQS#rM)9Wr9(fS6eL~=dE zQSKfiHlZ2r4K@Rh_IPr`Cj79X&_}t|kEwQ~Y3{u;?Oki*;_I&m;iI7R-S98v)~ertRAgMW_zHu&%g%0HT?z>tQ4E$ z_Dp{KL-QA4yqw!6BOE34{#(;eG6I8q?iU0uK1~E?0#5u)f}V>k1NcB`K^|kAt<4xV6-C5>_O(AT>^WjxjSf{C2yO zS+J|E4~@G@M=UI8U&C2GZ^L0D+0Gp`hif!SWuw_f?zDn7bQ;JU1!~|Ev_*9234b>1 z)QhZ7lC5P^aHY2TOo4VlO9$9}{l*g{ekftfv&5MM#DJ zLJzGXPceHXdxVXYTy9t1mDB$>vT%2%i3wEe*@FEC&Kn9+6#AWmpGM;yMQN*(MfIzT zoVtWrQ#0VtJJEtg)PWu}ZDlcWN70>rkr?EY`1QFm%rmC^&J|ZwmmOH@Le!eIb8q@A za0GW}FfKXocQfP7ce&fH;}ZZIeZ-zv5S>Xf3D$%huqGUok&Ir4V4n`kHFl#&?d~;p z145S@PZ@GiwPRsQ-;?Re*=w2J%($33oK8<*2aN4SVOVxuIL?VeH^>fm#44?sbhoI@ z%`laXcCAibTbH|PR?e#Qv7Rm+4XhO^Sy-Lg6((;2AQE=rQpdB-$*{lPuD5^yq;RHR z0-RLsDk>95{2aTsr|}Wlz4!2y++N2D<-JVpnQ;lW&-<4egj2ASaX^magr)1$194mZT8q;QQ`xr>+;!|UK zHBII35KRgwqQyb#pCCnwANjw<)TIq z6BrH3p7!qKNhN9!r}f`%06eA#jGL0;X*(A_VKxBQO1x$kfE6Uocj)}kg1vhn@^MiU z9g36X`mzhy_3}=X5*+bJ#$h6z_ZwmbX$!lqJ(2)rEUH|i4$y>#LdsNIuhQH0(36SO zfEip@A7tT?>m$h!y8k+?KVL~F@q*wZdtQk8$}wX~-g#}FZuE6vTU8ktUs7pacsh-~ zOi}ox@qMCA;0sGHB2e+9BxtK}*{mXNdCxq=gxYxP7M+=U?As1li~W`%3%%9aPnG&3 z0f_8_QQlCpVL>_|xu(a_%9nhQSI<#8nX!SP$U^a!il4%mxI(p_fw`fa<`$+*EOB5w zj2P$Ub(GtGY!Jgr0BvFp`+}m=qNBB{BJ;Oi!g@+L_xJ;}QTxay) zYlNhvkfV*39Kw%2Fq^$}pPi;unNc>IN+{9Duf=SwnjdYQjU*dk1E7abrBgof>nHrS ztoRoOT`?=l)H)(%T^44aJv&)3vQ9c2ZJ4d5P(xgSFViCt-U6$}N7t3ACmjmmg;^w; zeZs4|{JFQ>rB@&}a&Nk{Yxf7Zq`q1O#Y;`icCxMT^|)!PgH&tObX7f$srs{s(-y?( z7?Z@n1uFPmvV;XAgw%%{dyXB90$`^(`E!x}w7~lr$Y##Zk~cxhxu5tC^s@0#LIgS_ z#D+h64D9)=N12CF0$KDHBoNPAcAQXxL-Kd-AOzwfR{pyIw$dzS>;h*EoOsPk6sWU{ z0n+Zdc7$@Q*qij!Gxyp{W3;L~GtSsTEi8H5kk=koa%u{+B3?{u_1UT^vpo&VOlpGq zGW_uDTw+HkvM1OCuo_XTQ9^%r>8iQCWSQ@ePhHKrAfw27`8p zDwP%-4a!}F7IXLAJHWLNaocu+HF;vthzkOR$MZ7COx9*_r8e&1U#}1xLAyM@h1`SR z1dbru1F>Iy6=jp*BU`McL`u)GP(^#=l*Jel3@&r4@QvRiBe|_JdcV8$ z33aw1`8rtZ*b(N^!e-k`2U-4#yVM$6Rca_1!D%;HNL>D5AA5G$&X*>@GO&IHZMH|=^qMJ2!-1l#QuU_X2JAQ);UN8)1U4~727Sb@ za@;Ey!q}FwtTjw^02~|xkdCiJrd*ssJh&u{gW~TiXu9j<vQ>=#wDT)!E zYKS(Qi{O6-{*+JPi4P(53XpX+v$7Hb{BBfbV(*CFGhsWoGhoKeqvHWaB`sHOrDOtE zteNiFq!VkmBQ6!7QGlcw#&n#M}CBZjJy#j~PFpy&>9j#hhn@IB#TcLYhD zV&d>W3o+^joqdJO!Y%h_w7z&-)(ogt@7f!XLRr-Ys^K>exGQ55M)-BYhUQJuN=qE@ zSXm=eoue;vx)TwateI;+h+C>%)?s61Der2bLUWiIO`<2` zZaDGDrW1%luEcfI7gNg&>~X2%jdqfFp zDTXpIE|ph_rcJe{w@c&Jlk8zD;{XzZmFOT;k=K=>C!Lu$=(#oUWBjBG;H(Xn8KjQZ z#D};)zQ`)jPZf&;;7dGf0AI3K>3>K@xoZy!iB`^bTUx0LpPqH2)9@umA#|jC(~Y>s zBX3kGe3>~fv}^u)x}eU4P0~5ItBIdNZm$#?`o%>W@enS=y?fjr>-~r`e8KTC9-956 z0r^oJ`oK(VM`#(yI3L?y<0-|1_sS~>n--4CCZ4fcc%vfwb4SDPBrhZ1PYN83ZK`a8 z6RJqB??z30kkiYIq2li>9X?WXW{ZRofdGe4El>!%L83~{Gs#2je{a6l5z9L$BEn|D zh6RmR?rP|_3hm+>sF#phJ?)h>RWm??#A*JGuc2Dcot#wO9;$F0dRQiKAvapFysICQ z#JL=f0D*VWv97{=0DpmRkXd(;*=CfUTgDFb2}GGnfx+MbdN=BEs{$`9odF3SX8F{&{l%EERK}*+p~^Vz9_7!{3d0J^JoIY;rfQ)R}`oBFu&>?ICVtU%8y`* zv{AgHDNr{dwo;4aWr?n^hV?i6Lyym+iaZsLB-jvZIT3kc1#U1zkF6yHYD^}K>u6ob z-gvy;Y01fhT6S2d{6BTuwE!=PpApm%v zYRk(Y%Gky0su@0YtYiHT0r(WpSJ3-HzRm2{?EDL~4IG%wz`U=}`)IUtS6DXk!QTjE zr8P>(L>p==bqDE;an?qgnbn3{qhKBt2kohPmO}>i=sT|t#jVH}<9Y%Po}+8AO6T%f z{%2_Abt7E)lFP%7k1|8L9E3}ZhE@Vqc8MQ~lu4u4RX%RiV=E{*)48?#*OkBx7FIXV zHZyxKb$ck?;y8>|#gAb8nhK7_8l;(Im>I#yL#|-+&`PUJtIPDY%mb_33m!_m;Km@7 zOq82p{UQfs<|!`-H)=wF3aT(^gE`aoxSHC^?1e|u879xr-%#N>yPlVF$v(ZkFIXC+ zaG!VV5{vo?_R2*Rd)UVVIUQB+Y3^n)|2Z{?j-sqbA@AE!XA?WaDN-DaDtg&TNIA5} z`)uzh@m$9&y{0#{GX5*_75?5ANGo*%n;y_ z@W+xD33R$U;;S1z<`U)Lf$3#Ss8a{ua*3}L1~O%4i&`VW2sVNSLJy*GJCu); za~6u2i9MHRaRIDAX7itj^Od=R76te#TtQ3B;z&z_Q74=|s$vdvqx0@+Npau*#iQSy>g?sVtap8LBWmc#e zQB--UBsc?J(5~S^jS92he>-fnR0JPKji^|!;2KSoT>>3l9zW>2l;B!(BMTndJ6sms zX5!j|J_I7fD1dN$M-FEqi1m}e+U-GN9fNAls-HIM$2^*&yo8%HUZnI)4_PP&oR)nm z<}=-At+(vO|5#5+#>gVQ-=;#x*ZQ1D*d~F#dt}nQy z*56||e9#|FE}FUrO%NfBM-*8MVD@0N`4qie`Kwmj)F1$jQiU+x6?=E^;!;`4EK)Viz+`0H0c1G{AvzJ&{oW*riP}dXkA5J>P181 z?DwwdYfg>C`nZTA2{fOLtJ;y3C#bDG2$FoYzzDGcuYBr%MJJHbUqveLe8j>dCI25~ zKte8pOCcRsHLj$yt`jIJ;V2e2gPDFEUqa4~%SH%;t(}uU33LN4IwQ-QMQn~Em?P+v6l53PJvAnQRF7g- zxuLYO3C#T_hSdw`atM{c6h>-+83$>M%_hoxSh%;uv-ZZKHWFJW$QmS9sC&#mY4vat zQi*pBK6~dyejU!9qt;Jtv{gRld3w!5roq@ITiR~W<+8ydgi2);L92eTsDy%LqYs1Bm}rAhY>FfFa@HuYHfodKDXEViWy+Lz*v~~ zPttK>SDbibTH52JR(s?OUw5CA41w=D4#sOW9N!f9&^S1nhq8Ss^xTYO5qkiSoJg=4 znw^03xZD)CP>7g(y5wszj^vGy=ptS*pI#5{I$|sjA&sFY_381XkWOI~V~JM=2LM6D z%LbhJ)N6SI4;Tt7ClePHD;tZpm%N@N%TwGZ`JZYdI$C%VTN$FC0}wrw}1_Zqsqgcf_Wx825)RgV?3oJ#8{}6|(1Jjyl{m;454=?lVtL3$2V={070?jHytu%^37X z78ywpecb;kjw1-J+)jZkmK>vz(GvR<*AunW3KZHkJ{O*-J>~;3WfKw zq?(ANZ^&nAE%IutI182YbL9a$UsI%65fN9FDb}A^NT_`#Z-@mFQsdDY$w4Ubtv6ur zi7}Sv5+fVfK7rgoyxWtw*C_vdwq+9DHf;Fiv2I5fAdmo#%li^guA!|JpcRy~QL(^q z4^h;zpn+0FG^M1F(ZXEHc#RRWyLq;xt~G2Q6_+cNjwC0W=3$YvgN2lQ!0U}ds;Hm| zi_8}uB_~l_q5MX=>6D@c>}h)aPG6-{?UY|uLR{4FmMfTt*(wTtOsXh7H=zCoWverw zf|AuJxC)J$wx0_irnA^a^YF*8=gdHUFWknjl#NiBl$7L9zr;l{8mu;a$TxmLm5AmEQ8Ra0TaK z^eV{Di}|`qUpGR~M!ez?8yI##-nKP(&WSB4AwQAV3B5=k!G?-_%93JLtbjwd^+_erZ^7Xg1N4ahc|+U;%(z=1*qx&AZZNAo>Z*FgNM;-nWx zYON`t7mUp*AhC=ehU6;~;sDhTMZqz+(Gwz8wX@RGv7wYfZcB=mXnd&@DZ1@%u7pCG z8>;KTY_2K>u*&Ck$)%*aS#h~qB&&+e$M2?5N|$|v0wh>DSgo+zHsx9=+=W5?1gVOl zEx4;qgv(%a<0d_-slNX@hj%{))Kuo}?2wd? zkr_vyNvAE?l^gGjVOr$q%tvX|vF|ZRnOZ-LNo7<66+a)yzy(aU(pG5FfYs728r9iT z#9g(5a}Zi3WSa6aB=leZ0uaAXC@aC}7-ZfIp2jA?0mPX{pUxsF4=Au9Z}7)T1EBZ_ zQpv(Gq+;18oA+1b(SDy8B)Z7cYA7RG4!z6|0s#5Hu6dLRgk(6t#ihV+n-xuoLf!tMek}k5DHl1Pi zg5dp9mfUfHxW=fvM_0^C{ix+bn%eD-kdcz>DV_5*!a2@e?N05Mz35jZ9O0QF|=djk>U^i;#*-4!nq1ZK%u4NT*FUqXJ2pRZ2I$^pF0b zJ+K|jJN!p~AKGMJADZTLAD5R7QPt-0uk^r~)<@3zlA~LPzaX7|QQzNR;$0uQ6tO2> zau+&%&?*a%skIGH=e4W&)_pf}iIP_a6R4wBov^kDar3#G+uO0nM%>HoUet9%DXBSH zy>1^Wlq8y%Vh{=M@KIoWsNugJcUUQ&y+;2FTmKj=Ow)u7g2%RP+qP}nwr$(CZRR zJ;ek$rHo_)#OaDa*|N(D56o0er4&@t2+9()yXugmtGKhuo_L0p#pol7IJ+&L(5BsV zGR}FDCM7nmmSwSM7@iF(d|5)BYDX@(omGvx*XiubYsd2-ZM5V)q|85MEQ(95^YW6r z%l~kKNR;sEBA%-Oy8yWFdAn(SLI|!(tCT!o%+Yq&g?dU{UG>+y^R>P{zp?c%qBSjC zWOPmvX-45tGTo!C1bCs!y~f4IPAkR73z)yPL*6bp@(I$Qfh}6PmM`%%6hw}IS4jKLlzFU15GYKjg12shEDxe#cKDQu(n zj@|BEK*-XY%368Fis9)`?dmt#Co{Q)BT9{UcksM=*j^AM+yu?RsHVpGtL);EVLDGb z6Jscy_u9A!BkC$6t$eai97TNzkx^E+4F%P@t+=CnT6XYeJL)3Z&7dKXqd^NYX2gg_ zmq(c}4$vunGCJd$RmY#t4C?JrZG9kbDY+dwy~9PsJoypY8$A?>>Q0);15aqvbDcR39+mNfE!Acm6bCvLSs$M^FD>t!*&sAAP?3W&A%{m3ur=jx@Ro zkX%!q8+vLT!XONC3p|=7EQ0mHQ}tE4_-cY(^|4nOsk3K+FF~l_Y)v=$eSOQ!6T@B& zkpd?@NyNr<(6vx&_yBr}oE6*PP)GG zt83G=8TK1hUVt(&1pA>CFAs{I!81~BBQ!r_P`icrV*jIAbw^?1Tu|s;8r2(I8RGUz zH>0qjocXaTU#g2Q{L3pik2L~!4A>N~0#z{g@yfPf@sfCk$MIo!L{VT-7cl|k+$f3< ziKq&+!;tyPDhocP#tQ_|RNWXCnFY+nh*~81M%LW-ta|D?Um=&x#a^g z*Igggng_Fv_u!(6B#Op!J_v6VT#mL#l_1DQ+#;kUvAlRzOv*SjFDR#4<;z#Lu2!fU zVyRC9V+RFgJw}vTs#bZ+z5*@iWqNA|=vLf}PP&-`<4ie`HNWc8unRTwon$!z_ITpS z5PPx_b5Qy&+Ux+tFT49X(dj#yuE2G<(51osxa}o3@{{x;miBv|(RPx;ca}ez(@^gL za=H5$0hE48F@CkKwYmmTnNH3L`>mMsML~B_1;5g{sI3b}jTRBe!hNW*Xe6yS3z0Zq z%g&ogCi}&zMoY`?afOAVj+&^{^*h_f6Sci4lv&Yh=ooc&3J%Kmo2~w91;Ev85?F>LIX8S4kkHK2;xV=v(XLy23 zzypCfHHPkO>mE!nB6sjTy_mHEcH+P|7>m1ujVR>BLh3nT3BIJ^U8Hs?B*&!U5UB$X ze3R#diLp8lQ3Pks$^aGx!{VQk0IS!o_WZ8K~6p>z2 z0C!mKsvwl>P6=imC<h zt>D!5K`_2xY#q)qPPuTy>1@O)XE}<=+LOmFl9Sa{xiwN>5mFhByY+N9G+*)1A!AH< zePCL2d%DN}#Kp!Vt?)ouD9nr!Z*E1InMK{1Mcb{BX0uDK!4#M2;oOT}?Rq1{Nigid z!A9dE<_n3e#6X4RUT-a)<5xSMH*bShYt3Qc$EVp;F^m6-=W$%1b)}MhNueFHIc!E@B|+ z&&KN_>Y(ApLG3uZZU{onC6kq=hElGyB5tUktz{e8R#{oL9%ZnF3RlZiIK7nXflq%6 z3kXLyoJ5UYYs>aZnUa(QahS80L8iP&Svm=8M=R^t1M4(KpD`=U(X|5a!kA-icph_f zb@-Os6iRF{X;+)J5%OK&vIl*)!~`1e1T+*}6QqFE1fMW(yXWU59U!dRZ=T=5`cmu2@aD2=aPDJCU@sI3bEuI)6_$K|;7Ey9Jg|A~Zgr*W z?7(TeTscS58J~ZkyK=_y1cYP0Z*BY;YIUPD?khtpSrkB6%IxgqKXQlx!9>D#=V}1!B3uj`61aH8*3F-QyjL_rD{a|~ zyktgEx~r>JS?be5?!%L7fJ2Qa)vnkB*qo-Xz$L83ko!Rs6)|gS)-c`Ae|{NSM$1Uy z{B+Z$F!7zA$qA{<ANVrsk_B6a}rN+7VLxL zSivkf>Sy>a+>h>l#-?fpoooAg>`fDB?`gt$q~=u_Th6nKJVWiU$p%}lG#hOwsTO=`7wY)L=@e0RSmiQ>DtF2w_@NhgHUMxV_||aiu7Bp( z9HmR%@b)_fWEz#X=R2yV+~PT_%h?GI$v2613f{+G=Hw0-bl>dt_4F4O$A3|tQ25HK zje;hXjqhbDsOsm0B|*RR8@&?G-!Z9vS~W?4MT)&9o6?kXP9Rv}CYYiHz5+?nivUkJ zf$eZ$@!B*LCr11TSQ^|j?jV5HG3qIM%{ro0GuNalN^0$AZ`qS4ZfW%~+30cbL-*_! zNQWQ8io7wlGt3Ev>kbdw>^?&dDDujU)m>4NEK92skew=kDs1&4^UIZUwI|0|gh0ZH7Kf;s_g-xAYArL1EG}KS@or z)LCRNF9-vudF|LU(Tj2l>E@RETiJH$S>f)MLSX94J8;D)&@AqN62NujQt%{6KM6i? z1RcB-WCt(wgIW^)!Xto**>)GKo5wt5=Gd zG@X3evM9?B-N!@IXj3pee1@z6GT~jsPFpr*4smSlb6bqK2bCJ`ssl=hZZsh? zeYuYzqs~~r+9KbmMZR?coXt@}oSSBBmlYx3Q%jI20zQ5rGKgE%Qmxnz9{o=KDr3

VieCrfwl%l7Gu^Qb@mmP5j-u;hITV7O|>(u_ezN^LfUIM z%6;Y5nbb=hs82{*_!I4rS~75Bp6u}QyPI}r+(L|D6oT3G|39LUEud z+Qg9;n4-?cwaFN{QG;8!r{{AWc|-Sx(_^w}f}xAFlqw@`dr4IAIDV8;We<{y;V<+K ze7TP;pwJ4{dMA$^mNz?fz&rC}Fofb@e`KJGoVhkbK^uoa4#YLhPc$Wt)#Almc2_r= z9fkGgoD0uh^FvRcpCTUM+S(jX%eckK)zxH@DzC54YFnC|PqG?22K4_v&HlmAyeS(< z>hFO7?(3%KekK!Lb&+Vvt8V8Sx_>tDmuw<9A*UWDcvofl=%sMgFOtl>nT4$BJQ0d*Mmm)$a^KB61ND)!!KJU|3!>73S z#M>no6zg*OJ0{lD&T~+Vjc;$4Gw`svGyXte+xGi2<_r0<@`-=zcbY?jO3DkT=puz& zV;PlFcYs?sl;3H3&%mC_UP0(QY;CoCP3mx|6~G8%H<@^e(kf@8o#HQr&L56W$cZ~V z`%eV3U&foZim^y|c`x>$Hic18B1SfCXU7usOCjMf9ucHX4rxIVrTOQKG(0AI=nbQJ zh@I^1$4Ttz_ISP?e1Z9IV=}U3jKo|*F{;hLv_yKzqg z6i+$!EU{T231N2Gf8?23ld<{AD(kAdvdl2x8fB0r@giTXljgZfMW6nMbP0t22kAV5 zPZ?l-rX}WLQiN|Z6YVA>_D~JozPpmDIKo!f$$iyIU_=C$S@Lh^Sf-loWin=-F2eZ*&cD0mK*IU`mVF{d?pzkj zPK)>1`fVi8DI}xsnZ3Mk89m_ePHowS;;g5&vVCjyV2gGZ{7<71bm*j-an`KVYGWX^ zVQE?ng$#s~6fwryr$Rk^(O$^L@g}i$P9$B>NgP4wn&q8>%NO6E6lTkd*UhQhSuR?K zL8_=AEj5}jB_TtgqU|M7zSTt6uVt^=lIi{G;r+}(h{^(sw%WWGyoPnrC>`(;t0M63 z%taL+?kV11B>-qhT%5uN^k{|+4U6SUQ^}9v?}^DQr5HEhVFDE8juOpyZu0bwvmUj}%A;i`ZW20DR5Uc`!x!z71B461k zw>CakIjOG@Lyr@!0>yL8WLk4s6m0(DDzCb0&~2$5$L zd~uDJm=Z{l9zGoaGYOE85O&hT~Tcdwjs5 zUS)J3eDJU>&h-xeGNmcxv1awGyDBQG!$5*aDKjeH(rLbY>39}_(0u~HZu zsMy|LH!6oY=(uXyZ7rvGy7dgw!-Qm&hX~?)1%Cutaa6Yhif_ZLI6<}kqG3ih><4`o z1;Q{x5?74z1w;iIO%zE%!dIF|!h6WHz6ZKF6x17Bgf%~6dqNY=?D37)C^!;qW#RKgS|ZZ)up2cd1)0=-~b;| z*c+aAn_la}zK=3RIGt)if*2%#BPQfDCIpQ^px^+@5Dy^N5#o=8L_2;Z*y{;bA{}3a zG%tS83DB>)rd6i>DC((`LxswMma?^q_un$(pCTNY2sc-ES7mr>eN*9BYaL>`6TFH$ zN!I;%qO&b%o0+#=3`PCA)EnodT$mb9O%v~_xy5?hQLBkCV_#n5vu0;Ow|ZN1$Ii$$ zr&8>7-Kah>)a0_D4z#NPp||IV&1}WSiy2++s_=QsUZJYyPAW|~Y2^jomJL1hZU3%g z)KfWS>Fc`ugs*Oe(qw*dJgWzMi&r9(<3PUn6~y`4HQp98iC|vBPO~6=+|b(8-_aVj zrM>plTk(chd8RW#BVT}{=dkA;E9<|rJ7sX{pbgJp*6(smVL7besFNQsY`^Sz%s%@5Qf*yu=B5 zGOvj}uJPU66xkTfYE=W9uMC(Z)bI^^{FW# zv-xpgBT#Poe0EI7C1)Y6jvkGaY_;M(uh&JctoMK4)#f)-ZYboudR4ehy2Tl$GLJbc znA2(Ldn?%MmghPnwS*cx;v@aXMi#!F+pLD3Q9l* zD+&q0ng9vl?LHg>yB{2p8XjEzUs@i#T^x~p=iP4+`uXcp0iMS?=bu~AM=e=5&A3r< z*$k^y6Wl(QL?Qyrqj3qmwNc!mY)^5V!fj2_Nn7}Dd|kn>CZo0(AA@YllR9oD`tihG z#JT$#)uG-i%LP0Go&^yTX`(cSgfjsG5wj}B`d~^*0SDS6zsvK`c?Ptq&xV;F0+z>T zN6qUa!eelVtLxvbZt;7`N0aKOH1XwSHSt57XdAW7mJ2Zh0N={gtX_bN0?5r#VFcWl zH=3Xf^ZQnK137$xXrrEVp8=oTHuvWT2P*$G%@*bYvZ(UMi~&Fa*D~lU=?4+WAYp(& zj0x^1lLXL&U=%Wh2_--ZT;*y{>9>oHDGnZsKc!J8iCHiKV{ z91W)YgQo2Dk4Dvh&bn_Y=-v_fF1tPFIli{R_S3BAi;8`l@v}A*MSI-ks}v{`GdY+9 zdm&l`-67eP_i5a-8yV9RUT6FFNNaNFIHxvsBSd0ic%cV004~xf=Jjm*ZM6FKnw;Lb;w}E2puYO zxRpd!;X@Ny)QUd~cH9|Z6n*SbjIor$H94I%z87fNF8(`83wYo%@GfX#T3Di+EY#QV3J@X$ zoM(vXk;e={e8?d0lKn{(`-Fx-$o!p@*K50}74|oQ&4nFDq6K72&B>+zs8H6KsuFW` zR-5rSPJFfUI0gS5^~~|FVjuh{&z#lP%>VWMRM=&fe$Wn~*Y_zho{4~ZF*sTPCEWIi z4&k2OeXWMMY%GwZ6Fta$SzN#%cjqEvENN#Bdf-AyX-N;{gFhf#I(1yNMU^0R+6i^rfkVKFSqhowD3Iu^LE{Ec)EIOyXv!(`iCk1IrCp`Jmok;h;=3?X^SwLr$XIz-}!w!Q0I1WL}2w!K)(>><>l?J zhiyKskJo2X2`n*5TBm2GM$5w=DaH*^T*Y|exMf9i2BOOe>`#j`^LyMSdm_yIK*P0L zQD~pf=I5yC#EtSfJ<&v48}3Jgh%Kg*q-BWklqG})iKZMe6d*xQkK3LoK*7UDSybVWe#71IK`PhR z-T~=iSi4|P zSw3Tt!zj~m8azS>MIb~JLK2eUj1rbK#9{K(CZY}3ON&|FL^c<8@)gUvf}?tRaa-4M zLwH3E*K1YuWbuc^`u{J0YXeVcF$GVc{Xe6aFB&c&_@r)=k#l+{%(Pjw=GDbUJZO`tLw-{HYaMTC6$cL zT2kK&z)`u?!sBcNp-v;Kcem6;w;>Yk^zVy_RWpT#z+1NQ`x>cO&cs0yChjPY+00?v zw$kZo(Y+No0eYQ~13Z|;;!5ashuUtf>aB9a(%lP-T&RMR#~|UIB?4gCAp#K0v4-qT z5=FWs9;uTuO2N66OLS%x*Zhddl*h_#k83Ui?WAh7`w(-8WB3b}6^dRv-j40LIqTj2 z)u(;$oWDepF73>BeSU0Ym1gSrK-7b($-~rzq7J9;rV?*7FIj&%|1`#Ux!W%kb;JP= zMro-!^uaC5ab{>sex}6;6GjpRaR7;IDBy8^3{rvFo=zZTSds*kNGD&zEt;nIxrGFC zb(aG>O;KVrdhEyY%6a8I%HeOvs?~4P>%%<<`uNmB-o1M!>BimY3*A2RaYe5<@pDh; z9QY4O7)I#@DrOh@ZPgN%o<8h{sxBtrb7e>;*l*>Dnmb(Am@jL{0pfIx+^{`UyJEw# z{W~Fni};g@fk7^TC`Pj$$z zH=Da+z*YOt3+~Bs4>47|Q{L!hW6Bje?n+)a#q7B#Te?U&erq;EuJ=kkV>jY-pa3em z%-DBpLT<_M-%(<2R;in7F%lt)1DZkt!no*laz+9Kc+3~197Aj}2!fY3l>_Xo+DUO6 z94B^WHz^NqHQ5nTo&gche~5sb7d@|s57e-O%4KWwPv^#Ls)Ypb!&6`boW95P5>>FD zs@)Lqt2c3%_I`~xL-@Sj-L9YC1C$lzgfIXC9>s@M%(c+hx6_NJWleV@7pxzM(r2*o z855Q8=(D3c02+xx1G!HE0tyj&M0TM2wuKA4e-+qV*sXZ##j$=(`Yryldd1r zQ0zc_c5AlRVA}jOQgHPB5lmP#+?3>tw7NV!`3hiWF*Fp|io6wdi^j-ju|&GR3seB$ zh>aZeaz1#ZwVI|?xiSa{A!B&gEv%4G0|>_{2N;o&h6skTSRH3+9j6;Xww+~9v!Vyx z@eMNN{LRW-?N!wtzM6cOL)A|e&dDG43DCtu|MCY&bNb+Qw=7l9zdDOgMH{PqWj)seCxNR9Z%(aM;gL`Z%{z*{w({Z+kMoS|hwBUoGrtl>MQf*G z&blclf5-WO^sw%1_xt=qdH5-pj|TtwOK=;@*|cnIq%LoaoK8D9a7Nnq|EL;%Je}n8qH1I`Zcx>8D4#QNQ{RDi z2J-d4@wM%l912MOe|{RP;piBe_a>CRJ`G=bhg8P!oX&Ib%oajLNjm{h-RXF}{S@qs zqsh~L>vGdKX7zG-wF|1iDk=IANjVWYLYnD$VbIzo$c!=zQW3H{rILBrcE0nIIz2X7 zXqAkd%&asJwK)?uioipf0y{0e~YK!YMIGdIg&a;TG@#} zJoWB}=8A4+7xj%c@wPDb^<}$PEMFkSj1tM1)z#z9|}# zQ~RC!!|Zuh zF@S)L3yZF45RaT*Owvm7|if9O0 zE6IsU@UJ6pI!WJQqXI;?8-PaBtGp@dJa2mVi+_LB(^JXF#8sOp*L&pTF#c!t+gtwn ze|x_@{BDYAQe-_zT?Y6cVmM|Q4C}shv|CQ9&|%S3=r#QbGUhhr)(bO4z~KR_H#NT@)sbVD5y( zY(8tArk#F7>@_Szz@Fm)BIubqYhnaI#ICl%#MIMjWQ1|Q1+Jv2-#}m+xfKrR#srEw zHs$6KZz-lqkre+rzH)X)#_}U~7SCJcbS`mI_uGwB>o>r2@!F#N3z=dP!#$;SA+SRj z$g?=g=u8JOQl`W-q)P|$Oj6lvR4VY*F!MU@QjMqwXf#9vQDtmGH$YudpQ0{6J`Qj} z;<7$(+~e+;)1;=W-bmth?bWoZ?YYzT=;-)+ zf#)#Q)o@bx<=ffA>vdoj-L~i76;#xW;VOr)bfJpf{P;Xc$9F$hb+l8g97G$Sl>@_p z?q|Z#DV0^4P|2QRexiy-w%4dcO~aak-Gwk~2VBs;VIHTg@}Zl&`si44i!fUbUm17P ztc&x~Y4ZXm+3KqvXFfP<0jSp6tfJjVX@kDMaopY8JK)EQ)GjML9q8E)qv_zZPwzmp zC|K34I@?epr+wH;h>lu;ED52~3JYF6vw~4GSzLEh-1sZg?$T*WL5h|OqSuZSOkEGO z$gv*jE$%hQHoAOOMx6(g!_UiMqjXTziVnB-g=A#bQe^D&?cF zAHx=98>$=ZI_cqcj_1$?PJq|7tFk>|+;t~jG+}0e($DupRSN}vq@;6=sFe+U8l6d$ z%|fmSXB^bShD6?eg}6m9ton zMm}sjmWTDKOR#%Kx}bn*=f`908{L+$E-#Al5{`Q`yj^cra+9_Dx0H$rw1K>-1AvOk zO4*j6Dh+(`6zM{)0chB}^v;HG1!Cq-3Hk9e*R6jcJUvm!82DjbIPMJq7Uo(DuEbRxUwYC)+7${H%f6V+{(j@G5Qj7itAQ=g{h+-{ zYN?mBJ>`N$n=v0plu?oY@d(G#rxq+rw9bX30)#IMOO?8(s3NHJZhkAr$nl&yYrY&E zuE`0JHi_8eokoxBT;2UXuC1x3i)&b2Nm0*KE^UW?=!S((;PsH-(T7slT1Lj@w5TfE z;SehI7Qhu$3paH6FA9Pq4yvU94h1J!6RLE#6hZVt+7@>4*4ueAjh~DbWGnj;XHq=} zAaRBgVxNRc)w?w|9y)dTa){e;)L%MY{^~V491qlODQ5%Xo12^S4tsjbM=50?&XP|T4FXpSpzwMyk|Ln}D zzu5(Nl}5-L!*_wdN2&Sy^?`q0;{D;Yts9ZEz&cf5U5@0qXY9ezI@DP(xD}Fcy%eI# zQsXs9yTea(;J2?ZiPcCRWZbS{4Z1`w*)rLVSd#mX?p~2|o#!^!(3@b1KXXrqy{3AU zKjBnt;jH!Ynjr(-P|2hIHF4Xrq;OM(yvw;VR%2{(t{avz*!e4wJm^X~w9}iJ5$yV| z*%SH6`gNQ_jyiAfj;C*gGSVM7P@CP&(u(oMJ3viZ;kj#2#V~ zMZ|B$6ekELp(a6xO0lo zri`MMV1#T%jg0OG`uQm#f^R{1`J0%t3@4%B1SicPeB4r(UFf=GNxa1pPLKuFR4vE} zvI!r<)1UsqC${`M7_m4^k_D+83*-tS*5w8x$tG-~w;JPlwhhn28el&yZN&C+;Btkz zjR{-VUf&&$tr?D%?R}VMj(rcjWF^9+jTogX^UO(Jh`Wd}0_;Ezb!=gdKDd})i<>nz zMt=}kv_z2;6TZgv`Ur~;>{SK1Vf~}n&KA8-Wt(3p_OM4A`j^4e!P-)ek10MHG=YH5 zhVI3psy!3|Z^JBh(101WyZ7t%2%dOz{@Hi}=#jIdE*p<6iqQL|p5oJp;<+{jS{NF@ z1_=Zw05SoXNMSXX!dp8nbkS#2<`#usxTcWl-l1i{pedd?VT|ky2me|BwYz>ysEA7EpnDr_p zaer=qzrgaH_RGM~ki%pGn-#e=TYK_5-sUSy!luNq`N0SsgS8ju1kpz*u@ydzX^jLZ zQeb@QQ;{wB{0e5I%SwrWdaGn-Whk;WpdT?!=vP@sULY47RYF@cU~}0E05t>mBqb** zhdrqT9%JxBXzctFg#Vis^-)J(x##TicM_7(&#Vi=IKOX-39@qvN`jy`mL%5%C3m`H z+GH`sscXgV)b*rm>Enm;MY#ow=#pTYQhQEN5Hf90gl)SSOw=M{R6{&EQ(9;#lzLJe z>=gq^fhyWNbI?51K$u9Vp@JRAdcp}zi&&gMzwJ44gvc{+p*f~wBmagmKxg}Rvxbz_ znRJ%39VvRMGL;uup2(+vqI@9Viu|-7&tt($cD}LJ9thXoo;od2p2fwzZ)=wg+T0vX zI)HfERAa{b)Z|Fw7}A}+p}j-X-r^LKOMTUTQ?SNN>NbpcTzY0cd*(z-6UkVULK(xh zphwAPqYxYr;l>yuYnma3HlR5@0WbsSK5AnFT7%oEgdBWXDa4@~BugiKwT;KTO*u_? zUIAh(Z&c28hKbg-*Iun7U~Oq~uRG3v_GjE=uJSEo(mPVFovx1%ldS>&)x9Xy_0~F# z+P(zaBA65Z`7cj%Df^;a(=dkizFsIMf4ddTSpj=;J$VY*y6=U8m4wyX--GJ z)Cc9vME8sS@cVh6D^+~JAD!97jj5Cq@8|IrrIc~9^Y#12_@cTZDi2&Jo9^Kr^)U|7 zS+(>BL#-pZmg%xkxi5YR_FK^x_f>$#-*Je3R*l#k+Ihbz*17T8FY%KAJZi%-T`c$j z`+0*PGOUyn=(YqSc9)T7W6}V=x71u%Q#BoNw-g5vt5N!Ip&(;A<8a-ce`3h}!;0n; z-CcjD@V2>Kf9@BIz!zlypOr^WtBP#=CIdq66SY`piLT=7uKWY(O_hXbNNosJNREjG zO^oe^oI=U(`(|7^g27bj`yq$l-HgZSM*hDEp;s>`*-DP@%a{JRF>wB$kNZ8bVsPZ` zq$ErXO2Nk%i{MMXM4=v2K~@OMiv0vgyA%T~nZSf_kwrGduY3#+g;4@g3f9wvRXCiM zwy5g|f@L^3P$vSM1|hou;!`yhj#WiF0BXg-yyb!g4a7?X!H9dT;ni|O=fjN7=N9Qm zC+rlbf2g_Fq5>&RT9izV7%p-dDN0bL41W-bG_HYEm%<`SYTcTKa;;wmhwa%O6B;gq z{vI}1c;Q~d_b1c@^}8d*Bk>0&JTht76NevXE{Jc0ZrAU=f3tX;UcjTaptqMvye)SLX@37>= zv#7O$v(#04qSp;}GtB;yd1cWv4t#q)`E@y_TpF>NzV>y4$rm1sx_S%|DcD*1raba= z^E07q>TruG0jalr`l{G-dP$|OUzsIm8)Wq6k>!}GM(B-p=~us!vOBUps*3R+>b&8_ z8<#yvxfH*7dr(UOvxhBy76SF~1K5Gr+)mUn!94@7@Z+#uV>*vJJ-^Fe(2aMsKV8%R z(M7Mi^nY#ltT({Ta+pRkgj zNZOIK@`*uY&d2G*LHgXkv#Fj13Y1X9vymuMktKY?#518w{KB++ELcfbLgx4G1ppr| z{F}Ld>3;+C)4V+t1OXyiBoBhZd4XkxGGc(cCgYED^-|LR7Pm>8e?=S2H8=r&N&*1ES zJTPMZpMh&Y_Hl(C_*!>5hrx?g?zK0tsVHnk0jL`pUQIDT2ROsqYU`?Pl{Lh&8PJv? zqzT){x$9Jkwt{(-R7hJ`GD1|0S4yo1eIn&$5T%i*rx_30~O`BP66a}C( zB@|Bc**GH$++`P1oG&OEr`t_jRX~od|B>^7D<{RHTyl9YdUlqTiPcv4O8c`onYYcXWOmZ zY9*~(eipb^*#xtf+J&pufTEV^J^6TrTXE~XM<(NRNZSJ*B zvw^(^E6~?UWh^r;(~Cb8SYO86v0)F>@PmpNAITJWu<*E!uB1_G>umC%XKc^GlK$7~ zgjOQvKMXzDVB)KIRHHk*g>vh6E(SfZU2EC1MIH>fGT(wI;>C^py|FQyFDol6TVf5) zGm?CU#~ve8w4sZx6Fr$>iJ8|sSNfak?`ySFVWJGqC2crM{RA%EYdg1;JLZ#U(&am~ zVd}_-Ly@OV#b-LkoQ3Uk8b5+H+-BX}56cb|;rkm04XM@ZK1JESN?-1V+xRfw3^D&c z-dcBLk&iX&S%v%&-WLK76VpnfZF#tB3;$aEzj&j7|Kb;1jI;_A(o-mWJ(q#Nk*BNR z?;h4=!u5^B;fsFL@A?28Bx|XbXl6jCTw?q9F=xw)C0(4dI;>B0?4&D=W5WN!D}9Qw zGbDSq^mkKhw=vDaYvAZ<$F75ZF{VS4xyS&jB+|lyp3Q*;q#CnXX@}?>{7vBuAzvj1 z7$XlorbKY%QX^)8{;tmHZCJnKi`SHUG;})r@@9;MFBl4HXHdTckN<)nhcTC zwQFqreXvk3HVEnRjc_nN+B*BR@`eJ1uQKyop3r!}OozGzM7)Y{IsSmmNjOBXffS|` z0a+Nc{j$Vt_-!U9c{5G7Cj0%8pwuTIG-RhUU?`hhIeK1-!}WZaR>$x%c@EB#FIqc; zp%zq=%6)UOWy~5g5ebmZ-%CN(8QD+BAQBL*ALwuVz z3{~;?K3iAOZ3>ttd}-5(h^~>?F0IO1 zd+uKCE3okMGhu~KjL75~*fYZLV^{9em5%^T*T2$t=mEfo>Ar3tkDMFz8+$BvjK5j^ z1N(Fp7TK(tokd$zz)ca^07nt+6)|#Wa}MbIn+?8k$*-fgb@P2Vp(I(+%@$oG#M_6b z-^0D9Bk#;fG2%54UB)!?6l3AOu+9{r%=$vbJ1kgHnL3WoMGFECyx(`TYnfI=PVvkW5p76<;~{d+ zrp$*eHN( z3B!}~9OfFes?m|?$mKyonM!rADLfufFLxbG5D1{gqaYxuSfeITt78~gK=@n$6v{m!;1W!vXjm+(J^Zruo0y@umXwbe!}eMv-nh+WEs{=Amoo(raN zj4;Se9tql!?U^4n&%g`^F|vnQl@raQMTdwm?wEMg)JbWHcnaN0YRa|QvB?Q`F05Y{ zA;JA;zmv6;?s2 zGM8hAhZ$^~80Z7K$2*vX5b#xH`6am4hJGe6{qfz~z(s2CZ*9DGm!)(apa;>Ah=>ns z8E&wUX<(D}$R@~{W~}jpJnr$}9HRkGu%iic!yJ`?rkAE-EQh=%!x&)A12V&hmgwG6 zVOpm^R!6}ZFH1;pRZG>d5N=w@1G)$eZDX|{7WiQ&i3aRVKDKDpT2}>}W@~smAH1c3 z%ne$!gxZ4hXUL!A>H^(276W{%KO1Y<>VztOeNk;c3(Ju)o$%1WT~)1UWUMt#3nsSG zKD6bygsUA-?a_5EA7sODUR7?)olw3mdL1m?_xlf zuJVuPtC!|jAb2p0CJ~H|eIVB|SUZFMmrv88R7QG5LKCJy*eQWAjC%&)W+9CflR@50 z(8NM!Gl6;&A~XhZ2^Ko33eN)!s~V_Yso}nqvRI00v-Zq? z9!q$dU$kq~ljCW_Gw zqcwx)*=KK`zH3k4)NiZ!aCo``#san<^Fz*G$nIK>KF6gFl8>CvSRLrS8y1)H+ww!% zSK@R}BpPeLzBw=T+ZV|3Qf?o`t1%2(!%5<-B5z&{eVBUq1IwapzP3z(zm9jAXP-yA z&x>zm?Zoczt6>R{vEnH1Z;QIKQ*6$XNP&p)zw+@@*b8x?4Kz`6)>9Y2MfK6oLpF2k zbrtA|j*)KqYW#l0a#E|j(h3R+cmZ~c`j0`RCp<2GcCE5mK0aEc|r9@mWS9Ba7V>4z`=mm-*olpaS=f+{2Zk!T;Or2=Ls&frAv9*8&c%hBg2oVJ z%m@(H+^tB8{&3M3dTobT?9^E`;0vu`De1fv>8VBUh!V_3722Yd1lOU9^9V*XTiIHy z$_X3K^;mK^smV{`!g=tkSdSY1L7G*Z)dpl0tX@A4dMnM~>27aG=S;DBgXzW;OFK=Q zP2gyjwB{I!q)OO(cmD@n>eBI8 zoCtkS)KWU*Vl)(sdEupJ%vpW& zwrfvcRgAz=JbMdbr-VTx0YEaO~sRJWnl97j&Jfi;5uh^+YdS@M-GXno zM+6uIkdE_Q%?X990vV+ZTLmGxr)g6(T2l)cX`IND+Jv@C#P|?NClF=*A@!UWPLf~Z zb7sX-i9)kBO_60OA_~^_q@V1J{S~qEd^RnFicT}lO3e0gmNT!t$vpb6z_z&=YT$lf zxC(aqE@Vsp($J3%R#q$)FNDT4(!RGoD!-0t(6Ny5Ydq1aAnB`98Nk!3aKyRPFe1p9 za>wH=B~`L5D z{)Y5Odk@ka2h@NLl$_Nufi19|=o@xI-K4U;-;6+5Tm2u5dv{_lVdb$~)i$98x#1&u zDe_ZBtG2P-i;H(u!oV|pA^mJ{U5*+m>B72RHr{h7mTRF@Xx)TnbF;Hh=1LYjhUp>E z#_%+l4eu#Dk)wG59e=pO&7|{2WL5m8Zq;#WCyqJ1C+P}@8&pfz% z+rJs|w;{u`)Vhl~GW{SIPr&rAJO2DW~9|d*y2`P}=DJ3#G(mR7tD{9HCW=Zk9 z@BcjP$%y38>XrZP!h%H_jIvnMxbvV%vrZEfPfwT{vE{^`Mt|Jjlt6wbbS}<7HDCBB zu61UwRgB_wukGxp8+`k92n6%$!ZJFMWI+7%^t;IX)rGj&{R(F3kAP--*NY zAv4IoZ;(MN#k1wZnNM*3Yj=u2-OxAotKpHG;QOF<4ZpN1#TmRG6P>suVyscY?nXscE)L1mf{tYUJv z;!>#oz0Y#MK@&>wq)0>)=Ed*%%>90A=bhB1iRx>>>TA;$l>ZUp{O$hO|L4lWI*>vi z8PJppdt;L-E;*CoWNu3r5-@IR72$ls62xG#0|NCR;YGAKWCpMuDwGkt;KxA}*THg; ztzCSs3_HVnDQO~j)R_=#iok(S7OXxSM<_NII>SkklIb5QBom$sq&VgyD9i8(nYp)% zZjjI}sC2k1QJBGv7BLLp;$pt%>4#P#-ErSf)CGEd*D&Gn^3lE-vs}C89kKJ>ciruA zwwWp%?4PCTps~LX?XZr(TgD3^;^d0-Km_xcs}ZiLkW$gF9D{XG5s88x|L*hbUu@9usrLF$cBn@ zFDi4N7WriSgV@e&x~0hrO~rm^&${MMtk-VE+KS6_vCr5C{fx0pSA8I?NAmvFMC>G( zZ_2Ww41{8RZdM(qmO6jZ_3(Fa>!g|NC?~}fEK5Baa{1RmHKEsDV0ND#@*MC=_#OQ) zZcm^dzoMr3#g!jh?wgWmK606 zR7f>Yli*6wW2u(Cs-}r9Hha9+phbUJFvSRZ`t5hTL7RWsQM&$10&>T@J$7u6b5PvT z0gSA)vPhD#h^+!UxBT>U{A0+F5tBz(4a4dcvXpcelu+GMALmS1rLnjLvPa~me+nLx z)Bl%ez!T=x{PCrkN$R@sN^Z?&i%~*3lejgzm(JnkzG!O5a(_%~K6#=_8CUAiOH^UM zgpT7%gogpsgI?zS#;{vGK_UQ7m8+Jr0)-A5>e&w0r|`wB5}0PbJR)0X$-yxDX%ew% zJ@ISFhD#4NbYR1h@BCm|k@CTN3)>qqjFT!*UibnASontYR&iYIVV5Ule5poxN7gg7 zu&R8^&puN)rfNIFVW0sOXQDA=sXtGt)pg5u?JW)sX{sm#=j1B)1r3_%O=4?9m`#B? z9oO1`A~js%uxoS7kMYOq;8a^&(IE)-lM<`!of4f?Bov-L!7k;O4?1Zj9lh1@Rp&WF zQCn@U450T~W|hsK$z>xftX>2|a)hkIFwi}#b~yXeeoSNhWvJI0({DVYC&BD3!B1wpp+K@)_R7&{+A`z9I|YgEz_?}b9xq(N&+i2$ z4q4=~B<=%n@1E=1ZGIb)_e_EZ1I=nuxIZ%h_?F4*T-z(Qe_i%q7}H3p44gue4#`x5 z5+-g9f=)cJv|&q|6D4%Z@B(q4eSO|Rs+e}x#Q-W4KzJ|@n+%9EBp%#Ctcoxo2ZbQ0 zY_mKnP{kcoyY+yj(iN&$flF#&>&FfhHL0XcW@=jotQ=(}ntzVD1QwCFVY+^p>)7`X9gn*vqi-uYXkUR`B z1j(KhLL+$ONi9^y9%|8sHZL2M1{nZLbuu9M(wk1~}ddg|ME0x5{a)P_=iq~I(vx^i(HqR9J=j2)B{CcqL)g57g%TAjX;1tq=5DG7BEH~L$t*L^ zx6btS8gG>q2DF=VmFk7a9gEH(wkuD=Z2Mv#iu(=rjyG&^8WP6TleIRz3*J@m-^x7( zE42L116k5i1SMjNEk&R62C}1ua7~-|TplJO{SJ3{#q^^oh%=cpD5_*TF6Bb0{Q7w{ zw8i*l+rM?*`lGh6D-qY;zpY?t*SL|i`26C^m^J(L!u`Jd2cPCV#Rq;ELOAA9(fDdk z{a01&QId)-6OaFHlPd}qU zj_a`wi3B8<`|@_C2bRo;-1Gfjm#nV0s-9P-IN|bURZm=E>tVGZ)Cb%MM)@4&7I}jB zDlp~44JFXnh`ngrWxKX{QqiVsYpMl>|Zi zic#OR>-q+KSjFFW)CwC?){f-d-@t6YJKK}_;gM7BSzWroMSD=U0^|kv_Oo^u{P(Kj z!O%8sbO@4D72{~>hFk{c7R--}WlgX^1)NPpA_dWU>;&hCiVsJqS~`&g4Twd23=Oi> zfD=P!MRPi?uZ73>pYWEb6pt%|P9`e<3!xZf3LxB5;Y0*ZPjp}uD$D^Z94`S(Vm#Iw zp?eg7jW?YvM$teiWK2aK2?I6nm-<{J`iK<|z8!^qgRiy%h1~<-^9A#n42^2U4H1N( zK)*5I>EO!ThATgsFmQT3d3Eyg;>FR?iM`l9&XUe<;f)*HWcDV5So_EO#w31lS^L+v zb`>gazw7G#%&GP7WiK84=XU`tz?=aiwyd2!T@XAj(8JZa3|1}|?dEKZFlP4W>iOG? z=RyEKsGr!CE7xId(S)gqF1SAK!lQjKr(_#oDGQZ^#IhGa%F`~=<~DO4vN@H{96~W_ zfq1k8Jw?6c)Hx@o za_($Gj%%#(3bB+t4?~Gt6fy05Yz7Usuqo*TR-BiTz3#VYtaqN?zWV@@`M^-!i^FS* zvo5O9cxm%HRF($A!MwE)wW6g^mrYn#jk;PRfOsSlU+O4Fl2Gck76B`kAO>D>nK8{> zU?Y96E_fmOMF<3;xNV9_5hfqr?7Tr$VM!CKSUXXt3R8nY`Zyl1@BnfP&r_CE2it4F z<`$X(L~N6}9u0Y2)0OpQWsg!YyeAH{PLhth*8E+`x%nX3%-29)CUMre3TJlRcp|6? z3p&Z?B-@G0sM6YZ(MwTNnWrSejHue}a;#sv0`yW6<<-TR;O4mzE4bgXV^PWkr`-^w z9nDBSp{=yRXtyU~ugYYr{z~4}PNTp~vJn<$u1s%D&j7*P-CXU=-CAhJ-zly9xP#K> z%U7bos7(!FN+O*TcP;uIf8Z=tck<*lrW_|D9$(8Zz>lcsNgMZnETtrEeZ=s;s`2zp z_lV@i(`%q)4`E58@O1-CDTblE5u!LT$p+~>zWxW|A&a#9jgAS+o)3KN9iAy6u6SW( zN`Uzopmsa^%>&zK)8#t>Wyhr9ND8M=Ow}poAdCjtIfPq}(cz zmYa>Mbs2~1CyF_SCyz%(_LkklZQ<0};7{-mW&u4r`PR9e;xhksDZhV~?Vt3AzGGCkfpzFx=n;RaSW9Rp1l}{#)DVAk!NRy`H`1Yxev3#ylQ) znz~{R&Cd&wY>_B}UZce_KIE$hPy7~b`L7Amuwxg*Z|T!Tc_Fq7x(9;`W1)k2x*I1W z?C*PaIf*WKvnLAM1~sox+06Oc{N0rO8LmCfA7f(&ut&~_=AQi)8-m}QzTms4?E#rB z{?d;?T1Q1Y3uKYa&^#I#ts)v?)UpIsUBK@{H@8xgO*JUkbRIquDbk(X_wCnh-0#6z zSB<uKsefqi$pd=9s%SRNrbor4t1LB#w9c*LCJRh; z+GbE%cKhL`*2T_-(PAU5aVx7l6F7r`TZb-Jq{JCS{N~9*RE(KTl4jGzCDl3JeaCTi zp1HDRjw}1jl_IGRH7J~XCZcq>wKlBvGJPeftB-C>4qt~fCelbiGVAgDjD`7mq!%=@ zXYK6K)n6a@&0i*yNHLV2e7p{Bu9~j2&wE^4N=mS`5c(tn7%uQ7Q zTm|h`M@I?W$BvdWn}QmdOmdeiC_?vy4gIl8j0URPnDZ!g*ExJ{Dx zoeW-qeuG^>)Z}rXKQiWRrRZE)6$o~52!J3U?nA{%AWB)cBUf%_)=jiys+y3SMiAwaGZl>ISRdZk^o z%8!UitLstK3nUSE@$o0z2(WIpOnwd=e>9-C(Dy_P92Rcys1w)|J!k>2=2T!Ks}v*L zHe$8TB~Ssf@VfeTQn&kH@4`Sp;~~(?pbXhlMF8Gi)rh^>vlyhQBHk$h8NpZqqZI^n zEMc?V9@`W-D0qR9jSs0B%iHO5NrR74HL<=tS84e24fRHWM(JYKiMZHzvVkTIp^cw6 z{dZ+wq}*Clp9R1>>^^0ufFgy5SZr9noq$|`!}l)slR<-P3ZIUc_*r3I0ziu+QEyP4 zRyGoe1Y$=C_BGegA1606GuMxRbb^zv#mf(Z{`=Cd>smjyJ?@-*YV*9K;MaR;)=3M5 zEx-o$&;sR+1gQaq$eWTa^OOND3rc(QqL?02Qs)4l92^qThM=7jQgsusCNK~Z2HzCx zD6|JT&mw$iCF$#eO(?8){T@ZrpaQXIx<}j68iyFH&46k<#XZLx#q*t42DdJ1Tq%1E zAt>G{;}MG#q4^zFUDp*@4WO(X)P;OsP8fLg)}+Bj#sP_a1{@rD3Fhn@x7YLqBqqDL zW3#^9r1+MbV@g3Vcgp;}9liOu*)JDb5m=7hY`f4~cr5Zt$~S3_YlJ1(R!KOc!S@nd zsKc^5pog_0>an%ch?2mV3kUF+=2dnZmKcy7uvP&vGhL_pVS!9qRD{R`)Q#>Y)Kc>t z>UQy|EYPP3wHA-C%=5$ne{1!6v2T}#{E(;d_GRzeXT=YBVzO>S@tn>tNfEHxE6p@9 zy}lQqzAJfEFLK#rtxpjMZ4*z_CQdC&?wTy-;dIzd1R5f)VO0Rkiu%8;8gHCvxxr*6 zY7SP%Teg-&sE}$xLVm?Y#kqM+&+=W3lw0lpW&(SDa+kNBoXfLTm=E7ac6JU=gHD@8 zLJ0vjIn!v8&dMi52& zIgCV^>Eng~SX*7PpX%qsw0W#jM^-!0Z~5cv+cU$%DDNR+1Y=2jG_W$jAxv`>Io=ixBX-`%aDl!NFY6C6;l{bjjVBHqBcGi{9%dH5++)1qarV9@NwbK?hcsUq zM#!T4126Q9g3pdLG2_3lSu^u~U(qQojG~M)Q!~e?VR7<72=Pcc2%7rWU|BKKj8%WX zUyt$q+U=`*1^<&L$y0V)3<#ocpHUl>kSbrmpF-JS5& zpAWbTPFJGotn7zRv!rt?;d2YaMFvv5-tU?y1-8D){Qq`;+TE6e(WQxft^dbn)!gJn+uWn{FFi(SjZNdSZ_{8s+qbe>#KWywRAI{ZO@Bb zFS&^G74=h|S2Y3=l40?%7T+#w)SHSkJ&T+_7Os-Z>*27up!+Rc$F?HlE%@dbjbdh3 zIjrjqxJ7Tc*;T13S#Nx_y!q48qO=3Z^(UXy^(pFuAdS z@mHmJ>YgBFB_BTf-eJ{aaDodV|F2%edFeTt37NSmdMVQk+Ri1jzI#{KIp$UC$qtqn zpbZ6|tEOPXz);=3v zXCweF37!ZpkDR4NYP#tO8p)MIAOOT0VEk&J|0_@kS~*%LX&Jf+`l{vs(>(dD<++*y zQXe-2AJ-|(OU3oLPHe*uph|}1(8}YHld7a>zr^sL8msRJmy)b%y@2vwhXRd6Rgq;F zU;!+u=psoUS#AvWHLITg<&Ko>cCAV7K+l)o+u7KA>-A7gcSWG68DGsn%po$4N<*_} zG`0oVkVN2+W=LOD6(U?Riq4e$SxP+Qc1W)!hxew_(X}3mhGv`Tmnmv>u$*x5D8MF5 z)jq!+xC6+N`1JJ`!k4Q=hzgJnk~$+1hUP>)CkZ|=8)^WyyRV0BWQLl@&~YCb&To}2 z9WQX8GA>l*7Nb}wQ@jTBcW+;qd2gd_L2R=Ly?27*r3=NCf!0aHl-Y7Z!M`@D6e7e2 zO ze@f*1^GK=Ni#|~Is+)U;$@g6xQ|glp`=k=YgV&YJ-y=Pg3IR_bX~=Bv9#Ifgl`@;~ z5}mxWI_BYItZ>p54KMbd`{aALu)S9p>zou_Jzt@S>>)1yqch0EwwgASzA=HL3{=L3 zdbR9%=Xd722E%v<*mzPG&x zH>boZDn$OjR-S>0fhCfiC4!wLiX9;M{kUj(IBEHP@o>55@I7g`BuAw;Cu_awFDMY%R9mM{!6jKU0s1Pwj?483$1y%eoHjUapU&A>6u|En;c2ut@1 z9xHsyjI`QDJi`pr-T)DvNKr;wdU{$?HgaxKUWkp-dc*ZBeXQkq_a8Gq$AZ^o605%Y z2~jqPQwroTiEu}EfZo)c^mL@WjGP=TSXNqoZdSNWMf3Sk&1&d3db;f{Zq@r`EKKmo zP&)v_l6_Y2w`9*OWTwh{T6M~ksSQiwGT46p~+pGP<<&{H==wZM_vH8 z{SfMm*zNBB$fhX~x&$K=LJ>n6aPF6SQ7rXFU&evV#yJ%+4=i0n#i zfDB~v$kCqRinkp!Nt^#~*(0IN8d88RChTI&YBDLYvR0FqFikg}keroQ25eYg7kj1$ z7gb^>xG_>al$?>7oe!s!qM4SM$oI@sa&`JCiqsP{bae9cQ-GHHO9Mbuq>z%Glw5D3 zl$@2Fla-={9-Eb)1WqX!(ByynI|L9+92sTQY1L`b0g(F`Le60V;5>4&$K2BYi{>EU zza0GT8O9kqK3+aNO!&TD?ulG7k3bU$JwhHhd>|!=oEVJ(1nT?{1;re}x->}qFI^{m zW1^C~F;zwSfiAhA%*e93+)6z&LrW{MlF1pOrcz4OQYzc)QLDrY4qyWQ z%eC&Qw$T3~m1`fK&RIsO|1OD~GIJ;m?&hT2SQkOT5$pdsH_z% zsr$dd-9eH@QbvkK4pvT9R+4t{fA|iuXNUVA-qQ}T?gxTr3msxRJ|$rQXvM?lbRl}= z=*oA)4Kl!NKcVhgPzxH;MuZO!_J^!DWei71Sz?Vq0u}yplhVR?aDMo}d$u~VlZT9i ztrrrl8}~yqO&}+d%}EmyA>+hE%Gxp}d@DZ#nI?Rk;aC)i6I5e{srG<8E2D`DQ6Rw| zhy~1MY8h5&a~sYZPueW|o@mPxdO^RntrDw~xjZax9bnadiUh>7O)Z&L$h4A<=Q=;G zTQSkh$@Ep#RR~?>Zy4ptuT3idX{XUAmm}wT056)T%5>uXH-H3Ls38J`&^OM|j=G}K zXZWrwPADTVDw4PgN$67ddMrw^L$kg&9P{0B;tPednHr*b>PWw!9iZUX(UFAx@&F+3 z4CI2<*kSp!5+pDe;&lmk>NR}wH;dicPbEcuYI5mD)yyG74NVB+3p%1Mi}^64E=fX> zuir?=FNWgL1D@9#q|Q7SyG~bCtu4mY2BYuQip4&62Ltbh&3-bb7q$#UUx>c+8}#5u zD$o%pK23h7fp}`*SE`f>Ja9UB9X&NEW`riMg$K;lMyk=E_N+sn?HNP91HJ z_%mTc+)5Q02Yen5V*^Dwk=gfI@GBcLf57KrbO9w9?1Gv{XsvN_HOER5euQp%UdjI<4&x7F>q9 zeb;}h$1+Mqp*11u7X;N9R}47tvK{ou#S4Dsx1Yu$n1 z^Gi&fdF8_UY3;v!Qivm|u%iU#?HxT+qD59ukq-o~lmxq^N;KBB` za4m~o&*|-MT}K_?<#;YBe=kzeG~JW34D~RvVaM!nTR3Y=;^o1fPKl>iMSvXmb5F+fs zOw`)ex=5e_gS}tk?pp3(k~5RT@?}UtwwEFeU+qwk;+5GGVF9v1#M>LDyExwDJ&=sG$e~hKY0R2_U z4U2>~64M8gGn#xm5%B>SR+xZ>4%abLlH>)doO)tC9Y|+rgag9BGFgl$Bsbr9PYGGh zgS)860XcdAH>-6BuRnMWM>jE}`gOR5uUEJcxN)BLa(BnYAE5jU2(t%0tqZr^KaX|O zf5v5<@=4#&W$y_jo0d(M{W6L?i~XYO54;@N1<&A-0}Sxr1=#n$hBZ}P`%MNE-~V)S zbpixx!ke3^&`wE_>*nzKs}f}9v5*c9cQdX<`|ZEGbwH^vnWwb(U1$DT&e<<`S50!s zqYN@B*3{*}r=8Y?-Kg#EZtT0O?l~LQ>Zvuw2b;-%*lxc}l2Ce5GnQ{|Jh*?~F5G{7 z*z)E(e5y?Cqf=4J_Sm;C2wA!0^1;cx6Ue&hIrWxJC7Kf~b=IWL2c-)vj?cpAHW$$e zo6TrkXG^PMuFEeK)Nz+m;!4UdIw?$49ZV{jL6*d#(;U>(YWa$GRZ{0b653_8Dp4tj zphN*pDNz%cJrMFj{7SZ-2AtEwpiIDh!7sx|E`MTfPG zSA4e8nd#&9C<-D5Xb9g4&bXiWMs-g#lE+Dl^8-2fB~NrWIPxx{Pak6wE`0cI%?Aw5 zyBdv$*9s)uPdWDYn_@N6P!tENgTgle@n<}l2 z6e`-yiJ;s_fw{2OkU^g$3f)0$PKC?FwHnQ#;SJuTInh4E?w0c!Q(uW0Vb9SQeU5o7 z#K6ofdQ>0blArDzS3(SOYOD@#(W!h@{n--TQ?)g`sR=R(NFr(&JHBDT?^)|=DY=$5 zTd3W=Fs}{t@1qu>jhYxV$D(0-gIh~t|Jq(AHomZ)V|r7JhU$B_;lT$CNO`I@jVli} z_Nlh?{Fga;L~r$u-EeoN&GsyC?dJ_Mibta9+}91J8?LR24+cWV*8oRah{jbB;04fD zZ3yYcB`BMBHaejkYwl)@kFPZtxp%qV!Lo19v$GjapyAL*J;JN|W)V8g84Ds&aGWOq02PNUrTAx)w;+0&Nv7O`Un-!1Pt_YFXb z+y2sA^0&){aYcT?lYIbiI{-a$p#O7*i?TBEGt`Yr^M_6oG;-4u6ZGx>SxB>a@S7^| z|3K@1CieKyC@er%I^S#?p7!5Fv5W1OZfO8;GY^t%f0O12jMuacx7~-aP&xc8-Iq1z8@`*Be-ocC;a%~cj}XE|)AaJAQ5bv~TVA++vmgJ! z&wfazqD$qhM0c{`s`1dzq?bg?s-aNDsHn3i5ozG6J?yS z|IG}w6fMmRjns<5+LHYL=NTG>wU$#L0NZQ`+*US^9N$F2|5aQ=@4llH>Ewzxw=10@ zh^UH?CV+|*L{YJ}gnLbUuWqjo3#$Hlo7;eMCMT|YKFm&g z#$6vTrc9W6yR-Xodz6Y;EuvB1vjFx|O*L%TI4x8;T*%L@R96GEw&DmGJfK5ro*_}3 z3-IKwITuUJf`du9c#^_^ri7)+CJmIS`H&eswhGis1>_ZqD_IyDAW}at*CHy$UM{Qe z;Y_i(~|rCQ7h#FzmXWiv7=LI@C;1 zZx}7+HW-qc7ujN2?I+lDVcV5b`>6EE`9sod^3$R3wi;7(YI4(CHC}eL(yr!*<;ABj zCGHdW2X?vk6&x;97WQllQRrbVD(Z%5F-=O4G!#B+xa>&o-_B40hc^MUHbjJcUOi@yw% zW46ep9XX7dX7u*kynRf6G3wjoJ^r}e`u@_?zGP7NE%w*xt6_gy=@dtzux!?u>+cqL zc&Wesfv@Hv2(AVE|7?e4o-h{pwVQMwy?>N^BbEcU#n;r2UO`*{iF8m-g;4*GT%?`& zKc`hmW(lr|Q#e)E98tJJ?89_`9g8`qv znQZ8%@@571eD!ZaC)u62Se~#XI39SAlVjN+fg!3Xm|AJ;8M#?Lh&NK+)O2{b zicI}DkqItlylfV7_6onUGe%ODJtNU zvxcWu=)KqDV1mH)%XW5V&40;7PaSW`w41yJ+;Zb%U zB}xV%zhH~80n8zN-*lC8(X`{7hMS^ezjp}U~Ldz z62FFgwHg15-#h$dLCC3Hbu(HD?!&sWfuR6dSc2Td6av!4U68734@zo6+Z_LFsW2UX zI)8@GUXwJk_XD0|LmO#EI2pB*uuJhC{T5*kCxmU3n2F4r4-pc>zaGy|X$C?sn?SdQ z3Iq{@*-?-_&pEAIxAVK{++Cfs&Y2IjeTLoU7ieC5$Gd@xTf3Gmh4BrM!dZk>Q)*CA zt>=D$HE~bw?4bK^hDQ%y)81Ylw=U|cfgSL0yVX#~HD@0$o!`yM&j!(qaC{UVg%U8>F1GQs1EU;K ze@C2LcPxTOwJ*VrwCmN4vZDck0iXpH1G|qLxGkI(9E4NM2x51msG!j~lC_-4!9S$U z-PRqx_u^1S=m7Rheahn?<1*!O;-s;NSS)GFKt}Xp7u*jx817=$C=C&u2^+5a78xq) zdqT5oC$Ew(>=3i0&^%`^24yzfwV*$n%tUAnEwe(^4lm6W9a*$hmq&e{K=B-F^&P1o|0``z*=@6-?0iu}*u#J{HbXXL^dXec zW)WFNlUqPQU_|mJo4T#JXjrU?DZ}tJ$pH&;A3)8p*Np72ch|iIBO8$BLlh z9AxqWClTjUa|j7oeBaGFXPTv=s>01S)2Et-{lE-JRslpHj_d^Yk`5TvoZ6YD0tRKz zee-#o2EU6MWkdl>qJG?YJD%+Oj>9Tm?_+V}+f3k1*gQYIw8TekbU{tnHYXUDJFG!5 z%(|W@Cv`c8=?<EVz3Z!b-~h*##F@620#%IVcRK z!H^7Z(8FhVBr0AKQMxxy7RG@|y5M7zs+g4{_K*_EyxT#C9yL%-Oi&_ur$~beBQAKc z1m@_oib<2E^vZG1B$%xTye1sEsBvs=$9Z4n=b_X=opb4V4NwIhbo6zJ-!}HqRG`Vj zEecA~jmvAo+dO$LBy*#oJbJRnE+J@-nfh61adbAp8aQkSq?@f6{Jb2tll{)Y35CoI z>^b;U;Z~A@Qvrcg2IH|bvsAetN>ZxZ5-^x7l{rD?Qu(>`79<+D0{q1{rxmV5fj~y3 zXna$0jkqLN6VK>RQb5QCGk-FSy?lNg{XJSzsGk^$ymqF^D10XpO#98|dU;zlIpfzR zi?9vOQh(UA2+>k{*t8QIK~5_(Fh(G8{x~XxwTC@dz{$vTznI-Z_+u0h+X>>Ul@s&f zgjfp>*1>G;JZ26)aSNOW;=;$}1CQg&przd}2-tiHm}ppgi8kDU27zds@{hQNd6=_3yLJL~{ZoiMu~0j?Rz zn{ukBJ3ltn+C+RWTSQ%F8Q6VgpB$br@(5q#0d8i-)9Bio`g4(eeyT{#Y_|)f2l&zrYq;5uI!vVFBmzB6&uJsj zG#w<9DKm>Pc8BRYdNrf7I{dNZTD$>O(`*iIYruRxeu_nXcet0-IjGoT{?0C+(ff_~ zCXuclC0qa*rQ=CnnY*mbmvy9!qzPh&u4gK5oH9aDam_w)Cxb$D*v!~pFP|2{?dk1vOjay!LX(MR3A%&sj zjK@jj1ypV1W?F`E70oWT;ij!Zw8a?_Ao;tnUA@!&K9*jzz0H0X?XBn=FRX*xP*E=r zO1V}3)i6mn_Xv1^^)ysoGR??VL}lT_;@L1SW$+(ty^dD%QQH{s`#L|+w~xw-*Z$u& zi9&uxa&}I3MS4}Hdby65GEg{R-}?H2%rVEwZlkY`gIilWyA~xpNW_dnQB-M>$L;qk4@@F* z*#fV#ep&V~g#~2Zf~5<)9Gf5|-T(8HzTW@+F5X^abvjx-zqf?HMgpyQX<-JoI{UI* ziawfTWiJ2c*=9P=(T8;E&&Z}rrKDT`dxuNF6AU^VfGE9eK``)>#S8h5$5 zf>o-yXF}~vY&}$Nil{O^{HKqD40_LCG|QYT{F!_Z@fW&p;SAk#2-|n#9&4E=^Sh^N z;j-(`&09~d&hAu_bqbyQ*4D{6uLQlhN{5yVCpcwAQkgW`D^sOm^XAXw!=woP&wHur z&_t2$xfV06WwI7X{<6Aj!MSg8301rmdgs`3kncPd&tG)_e-wXykWVniF_vEMiYh%{o(^i=*6ZT-(-dG&|q zhSSBuKMbqMe?LY(Nix{FvGTJoEj7 zWhGqI^*)J$eW#&{Zy;$^No4fsx<9tPd9iCBBI(+sdFZBI4@R}rS?&Xd3mb3#gS zd{-r2yXLMgCZidu6R2b7@)%?}WJ}L|i7F9_IzGn-i8XmM7K?Fa)?UP$QEn`}nUj_r zH7&%R7?Kl=vFmXx`^(t1ofmkMrsZcRC$-G9&nK%=Djlw7s(c%2iU+HW)n_t|!Ra zeXeOd9hzjwi+qBq2c12GI-8R>DEcm_0!w8%?N8czx1a4#Y%*=js^CFsIm-)YHsp*m z^e@L|nya0FEXqBu2;hJY*1gu}R{Js<^0%;#0rgpo3N6NkMYBngosAUMc!8A)Bv1E_ znVQ458NbfM3+rqX+_H8K%UrhINz=_E^LB`tRd^*Ck8lcM5|0ES&)#^rFPz@+j%inEu1vlk!3Yr?a2>}f#wm3SxD{QaDc$hmMF(fzp53bCRz_$N3#{hTO? z*x88mGN_UAp`%jNq=`SaIu#)yjr`qPh7V}~CaB}P# z6Kzs$roanrlR}K5j8HkO2pc@aa)e2&SybvzqOqX8%aTtzF@ZV(Y&5)#wG4CgXI@F< z*PMV^Cm0m&o}Mm8%TM_7GS_R!P-M0qwFrD_uHo|{#!C5yL?+mHvH2p)pfg>PRi|TkxR<9ml!E*u)aNdwxp?POYb!_$3(-Vjb7sln}_G@(p}6}ZL?{1dnK1%5mCPk6f@%c~hX zFxBV!f5~QZ*M`H*j9a$8`Y>HM7%OOQ<*f8G5|)X}FBcW)%Ae(|$v!)ZE+5#$Af{-M zfJinSriMQ`X)kUOF)2IxAT@dL_c@BEQmG++#f5Tx)8*G6Zzoj?FZ?^(#uVUMAF%}uPHjKrjHnH`<^!0ATfHqpy}yj6TCzhMXT~il|-?&sW0tNFLgPMK8C|x?$6v| zRnIi_hC9M-ULx1JYkkKp>c;-D?|bdnw=2~vH%3YFcZy#|PV<<0ctdBe-z!a+%P+jn z-Q*@Wx9jh`A0~{7?N zkHj@uMI5*bjUy4dv(ciq@lx_}@$A{L%?~+ES-8eW$9TbGt6VM>{Wff!<~R^So=dzz z7=~v1N%S8~mQ72DwB>V^*LbdjKEJ2hch(;>z%($}mvdz0#cxWYaaWRMDaav!k*5^| z8o)6)7p7D$JsP#03UG&BVYOMvQ|Hr2`v2Z~<{ga(islOyrb~%+26)GmgTCUhJ>TPi z^Tp+AjPMpEA+?B?A;{e-$)16qqku+29fAn#pwDq6P9N7HjmTd?(9hABFG3oRp@Ihh z2vCNXRAo4&LI4!Vk%B_^g@roo#(Bi60JeEhoBAV-;c;~=@Pj4k!%zexDuW}yUUvdS z%E=PT}YOlUMPQ zH-^{3a3`TW4kaWj?};MvCxRN{7|symBDq8!U?1_mY4@n>I7J?KV;)IbqSM`K^g*$( z;Okq(SQ_xf5cyUXD8v$1+IXF;m!b3zIKjK)R+|=V!&AhDCO8}7=RjTVwa|kd$3uQ1 zO6{=-^DnmM6e3Vc_9WvywBDHQ%8g_JOhR@p171o@S&|0kK>Q9rZeca-+VjJHAkxB^ zega(vyt0goWlftTKTu*-3N_{TX$dw$yJt&Sfn@8eR!CQqZyC8Tm^w_wQLh^^>A@Ku zL#-XfLXTSfNoW(qy8R0;C<1QuaDqP#kRi&(%n9U z{U!%}K&Xw_E_4{)4hs~?36wBxaFr60yIcg4D=*&orcPK}Iu3va{g02JDM&4(cG6-| z&;{v&0#c+%#}LAa1VRES^d^X?h#(zA=?I84mEOAr zQ9-(Zh$|pP1r((C3$}ILd+$Dbf4lB;AM^R=B+r?1=AC!uJM+$*Gf5O3?G{<8lBDdx z>|uj3%Zi){{)6T$^hR58tOo^Xf>m|*H*4;!(Xx62j*jur(%yBmOGZn$##MTnjh2>c z@4--DDwdjpm5*fiYj$BvEp`qH`v$Wqr=WP&1*%mY>yjyQ7YpmUKK^ry2G%nmT9-Uw zTGeodO5vhSJ>bD%uG3-}Ob2>5 z{$xk=q&uz4PP)|N6giCgrs`|VBg_We)S~!w`XUk0_b+RY%XvQUnUHlXw9m6Jout z4Gag)3$s_<<>J?uCE=3{$DJk1pY%B@r4u^d3{nK6(n&xbVx=+QEDPG5D7}|5imsjx zVXo(@!*j_!m@m)QJlEQt$w(T3L5RL-+#^rkTP1H^rQ>o+a9N(r`;FhS0EbTg*?T%8 zzAbkh2I=Gw%z|(0<>&8Ve`Q&)I^o#eiT@FR=B=NV#Qe>WugX=hEuSE*izGZf3 zshWrp&8gxtyPHB0+HpKI+4-?!IK?KqZEmsD)t)@*`0i1+74M_2?5s!I1VKRu4{=h6 zdY%hs;+CgmkGI!#%rvZ-j0j>O({PFwdmyTjOQV+s4LzgVM8aX-e@aa7raqa5Dr-w< znF+UoDOmPB`^}2vOHSZ&wpY47IRgBW!)Gr_RFU3$+S`_42zfAda?O$f)m{Y?7b>Nl z-Ab)&m@_Rs&yYst9X0Y28p@-mD$9Oj{BkYz)WR7D`F#d`VA$Y55nBtr7Acb_Sy$Au z_R)SW9O$$o8Lg<;1tULw2j+3DDM5-OcTGP1Xos6&tyQR{LW|x)t$~1 z5}poJ)vk&@qkUnABCD7JD~WHOp|v>jfZY7O3OU!tE4??Xsk429w49o*>^(HMbdb=v zkw>#$%`?mH8Ef9UEbnzwP8X44wS3Ac5HTQ-TYA*aMBJGV%-*7$&30~Dpn6PKr$>^z zEJ#{U7jcQ@aojssN8Z?lu+XB==$?@Xl7_|PT>>VFk5+faQ*iDfY0HTLTIb_mn>xGc z)=stdEi)fd^`Yu#N%rAmF=O7xp*sbJSNmk@Y4Shl+`n^wGCN420Yt;)sBPQXrk{0< zXMVPTj&GJ$PW5?`m~V^&csehi{#4T=ws>4ds^#8Hx^9DTN&qSEzL9HlxI;!vC<~D6 zx1ihf&bd9f*UOaoicJ*!kof@CM``17QS=6@aT{$x%vnJ(nw(%NuG0aOft}VC7Q0L* zL#E=rf}t(}`$P7nuI_pjlBaTB@eM;p#Hsb5edRAF{BRphPlsR6T@lh$X*}RD?82nL zuNt1SE>l$NqNq9^ZJ#vn0D-<$q~@hq7$Y6`1`Y9qj|r8JjkqYLFOSQq<1z-Hl}|Op zUYuTkacwh+EqYmDb4K!3u&b@oG2cv+!!w0hZn3{yfLh(1F;p>1yegC(skPDrGz^wh zzH>T^kypL0+ZW^NzglxrSvG*`@ICxa}8}#~;d$8eFGW^3VpLFnp+Dd8ebGt^yJYiwi zyeHDsT(8GaoLbd-hi+zJpu!Tx*m6mIb$59V{8FsEyaNZU-&uGgn5ty{WoRyi z7?`|w)xSN~ub}sIg82hC#p|)vWATr}Tel>7^9u%#RXgeD4r!yg>SLzO%gS5w-MSMK zj=y+b2!D^EUGTf;T5-F~$#$p%nQfB`HKCDhj(bg!$gZpO=4cn<*!`jEE6*b-A42VM zSiXVfxTp=iCG)2-cuuv!vH9Vhw!}U08%8$HA z>KeSrsd7;b69d8D)P!(4CYe%|0*)%UWn^hz^)PjsV@SC6j#6=M$73C8+Vm@Kq>T27LQ18LEAL-wM)WsPm#*?o7%Lr1 z9FT;@Gd&c(DWOiZsxS#+3OhJCl$9Wm}2Tj)jCk4$WXcZPMS$MIL9VT{;p>?&r`k$ z=A1L`#k#@kQjg9id{CE_25-uZziy1Z;5*=ULyVKj^cRMzTbtq6^cvJJD5Ek&(XqwZ zS<{9(elR8MMB;sOCH6@(;e%jy1sZp8P*&Ccy_~~v zzpfWS9Tl|;UVZe|?IK}}>&a6IMgrZ8em1Ckr>`U&QTcEXJ$Jp*wu8+_-7f?az-SR# z!q2*bH#W2->*{x#W@qjW*hdgw<*0pcYLp0hRfyPcN$71a{h zDo7AFRHo_Ek-g^13N*QRx-j0!m4gFS*kWIsnP8`kO-dsZXzZV$4MJM-l zyNrFi9o_|n_)Od>N2A+O!F@|@adQyvCyQt2g2%an_S?A#S2Ugncou}3){!K$CbaDJ zVLPSc!ovg*Y?DwqGf}?!6<*-Z;;W{BCF|t7_Bc|SaWQYQp3F$~meF@KPh!;H&RnN? zk*xQKGAOA4^r{wQHGs|8TkghDm(H0Vq!Zj$X;c+Fykm7U*Y`?~nNFeF&8y&%#<8t@ zZVll18x{fnnjy4k(8}J2d$od1)Z=n!<=GssxndML~%-R9A3B#gZuXIVQs-e6Y!;e}Uz`J2AI zrLj>|iS4rLH!ggLeZX+Un)}8>{i#fT5)}7=j2a=IwCkqbs1`6o!wWH0`2s0!59+p? zts+$dgJnq%QajA`%iBmZ%e>R=9*E4J&(%wuU+jFnF~n11agOF%g%NdmYMH(4IwmZg zR;Xu7sq(fzXH`INLa|IDPZHM&1EbTkvNd-3^mRp658^u4S?O0;$;ov0r+}1eDH1A} zOEbH;{GLCMXdMeL=GXKeH_J^)<87^NKGTBbd8GYFWi5)^>x5&N)wmtQ;X)7I(TlE` zYAihE8JR3;oSuc}W6m(~3Mp7l@Oova?U>NSKbb7ZUg+$6<*G5d%j@iLDiVtqHs*KE zeyUS&9HX+?`aH!LnP)n3u2(?fP$ZRdj|iqGMy*+0-=X5FQ-| zSY$QT4$w=QghZ#L^ss5DhAWC5V{MMO1#~jXU2ia;QUB#JkE?vVrS!w>hskfW3x=$D zuX^*~Px0(NZil;otXU+pd2M{raglz`gXyATnyjv-TeDJ(9oc)~BQy-Vkg@VOR{l}F;$XryDc{aZA0=d6WPpGJN5Rh!a}uXP?UX$3Qfcz-y@ z6BE0~;2k?hrgpBeUQ_b(S^F;ivpuVsg;^WkpxpVUQ9H?@^hSR*)%RmOaYD^-t~Xtb zYzl6-i`&~KQ==lUkk|IK2T!Z{OA9Et-5fMSUeTUBgM!}M=-&;uqQ{0LREd%|Uz*Z+ zU4wZXyu3RTW|Z-w_^M`U5`)k}X6^-EQbuw;r6*L@J6LZB+MVwU-IOqrvg}}S;8}c1 z=^or{QGL0CR-dGYxipgYvRW!|^%GI`%I)HMVN*)!fs9|R;S#5E=-(dh^!ZW^wZT$LXi0_k|-D+u( zN_bmq^n~3>3K(b(DwsCVef~a8{?P8e=px7!(-_riLXYEM26Y<&GjA3{Uhg!xeCqKQ zDI$?7@sT#vCKbis!F(>TSQof`K;Nr%FgShAjBDMi#(#0FHlkR`p_kTFGKuVns;H&f zE_-O?<`cfkB3tg=jT8Mc4ZXB>jKdNy+5Gm7;tB&ydro=J_F2ft(=zRTJd`tegsY3o zK4QifHkRQ#Gi*W&q48v~fkk!YWj#73&w2K|aoN6<)Ft}0ssjNdyg|+pPX?|&d1k84 zyKp0&|8QJEK+O95Yt+eZDjSiV*Kj5$VcBY~?lgC}lzeoeCp6vV#hEK^`yNc`EW#%^ zb6ZoVW?raZ7`6d$`?KK#g7WeU2Xx(A5-QBW2hX*zy=z;$bhNX0fWucb{{CBMg`p6w z%ZIx))pMHtbr31DD%nRA#Gwzwu5&%eKR$B8<>f();W4Ls$?++h*;I?OU{MkIws?96 zn0oj-X#F8e=c>9iRN``B;47?{#yEe@y&GAPS96k|3;C5bEs8<&n1`|~J9-T^SVCv4 z`V1cp#lF(0eo&D$pc4z1d!LOWXZ8uH z6=m$+5Bbke^%x=V6f&<(_DxRS+o*Fojkwb9$lxqGqhMwY8t@8pecUwdX@;ewC< z_UK~~59B4nlt@Xub#&iXQv0MCozr3r*~8qnpxUmprITnnFf9osZ7h-DtGk70zn?{o zk+h?Avd0C=jI@W4Dn^6OZY0Wy@g$4-)Z3z8X>6gBc2x5xU!BN5_dXlQuqUU6vA+GTG`3nN$C zfC}YkdXj>CUani8JZY#eso(dVAJsjm46gkeuy}wBj3o7?yd*`tZW|hJZzk>ixDQB- z;eEv;pJ&a|Y1|c$-|;Wdb>q9XccoG)WxRisWkI!`JkccKCZD)@%WawMLyg2VEdCd! zgJ)6%2wuB?w!OeHPClww^3o-4%tBXvLeOb*!*Qdm2g(IP;;XB=KMxLEVn#lKVfD{E7TJJs$R>Ck*k#KhWOBLw%K}I*Sjax zrN2X83iNQ>{jdBo0xj$ht~M!Nl#dK&BSf9)BR;!H_Ny@W-Qe&^17ft?2>uCQ+~QDS zPo)};cc{cmjL_Ah4p5y=&5vsKG~65AGEL}fbFR)fp4_N^v5yeEfViHO?PDBd4q%}l zpw>Ps^n`~kW#UQopk1`~3iM2aZdq6f8)CD1E2CF$v_5Ns#YRD2b|_~_xX18W%&sxe zAoXDcBaY>bRO=4eMyi{I<@b0E2E(|AshnGG;N&1<$uBO-7eu5tS1c9XQESUKpBH;C z(%vmHenY?PPS>(yVK|DJs-&48DscJv%7USpH%Wo!C)Q zKW$EWYNujuo6iZX8%d!IV{V@?y>fKrtviNStadR8-hDQAg-oc`ZP~jsMPw-|7AEd| zS|b*6U-rYZS5)VBHv~QNu(@iBQ2}<$y&}CXq}=i!Dn`%Ga~1jYO&||Pyn14fnUUPf z#?@{L5^E_|!50*vyL{4W?=44rhE^H69EYD(;Iu+`7HWqaCOO0T%rZXtlI;~pyqb*H zEp7cn@UmhDCr?jTQ++*CMByRYm3|gLgL<6`a>B@XbN|$?TsNh)muy)YsTaBEhGQ{D=8%a& z)*2d)FN6*a?>aHcH@B~aeuvf!6T{FTOPZ*MKtfAg4~xl*8O?CVD9hVjGzUg6(;WgX zC9VqQ>pcjf>)46%+c%1?XBD>9*EsE#jf6^i zd42j1IVmTKEHI7Io3?qKRh-fq%(}Hi#p>`XZDB24YiUSetpzhyZ)tV5q2#X88eQXK zaQbya_{j*@lX7Mc=W8#JM7-QN6!hp636cMGK+=}FX6E`P#(!fTU;>Kr^4mulB?a)e z$ImE`$jB=y%E`*eDJUwDfMsMAWaLQpfd59DzJkZ%pqM>-2uA>eg1Q6$KHYyl|33;C zBny)Nr;Q-;j{%a#VE{n-Z_Q&{;Ywief6zbpSN$u=Z0lc62~4s_;cvC-Ge5chKi9tp z2JH&Ka3EJK8ugdw@dy3CteosO^{+rkCnK*!nC=k!{~v(ApfiAlVGtfT1R5o%g2E$_ zl7e0cEW!zaMBscONWcp~3aWr51)&(23&IO<7F2;lkyt=d&>g^>03aB^6Axf{PrXc;SQkjI6)OTMKHly54;l+0fT%zhy9Y$13)<=P$wYH020{F`m;$$ zC>BRB+yjk8;LsRf2+Re5xk2Di#77H0+4r$5pA7g^Py`&}f$#v32owOp;$biV*v{wk z9bKS=BKY98n6z+FPp?Dk`0)wJp z021=WpI;n7aDd>KQ}XV+sFv_!MY(lJP3)tRQ6Zpdg7s2 z7YO=umqn;QI24b>LC|oxVBkO9pZ>4$+wuSJi39&!{3o|P{)6R-@!t>OyZZmw**XJW zXb&t1<@^^#gMU2#m;WyQQ&N-x6XU-h!FHGWPuoD`pW{3I6OK5-kud6h8tQ?+q8s>Q z{mXsPzdTrm(ErQI$Pl^&qW*sX{(*G=v=$)1^83?msKR_ ze|t@ssQ(`UQU5MKgD-!qr{1Axa|If|u^bf;hw%_~ztF*t( zpBw+T-~RzC5}*J77>MKl&&~JoKOXA>!Qhd9QRM%LKRy1-D9I`+67~NhAdde(Hz4W5 z`WA*-+7L5cOZ~s;cL4rS|1xsl?f;iklvg0?|3{!G2gu6G?T0(>hyK&15cvlHNh9G{ zDYVn}=#Tw-wtxSb`2WlPZv}bc`+q+KV*LMe1Cqv~wzt{huz%lgfNU%L&+Y$|lLHg? ze-a@=ga{ELM2HX}LWBqrB1DJ~Awq-*5h6s05FtW@2oWMgh!7$2hx{Ltq%Mg7kO2S= C4Z7C= literal 73958 zcmV(pK=8jGiwFP!000001MK``uxwG+H3%Ntwrv~t*tTukwr$(CZR;M}wpI6e->Ukm zx+ALpRCPs1*Nn{A5t%!3t-aj4Z57 z4D76o%&biRK4)iRV+0^z{l9){001sd&IXPI1ONu^7S{hq=ly^B{{KgVj^5hTiPp~0 z(!|KwiO$l=&i4QOG5(WaHa3?3gZwl7@AJ>d#LmtPK)~>S{#5?o%)*)A zzta!J%x=VJYQVx_%3{j+FF72H?Ccy2hRjABjLe*-tV|q+9L%h2My$*PjwYr~^yVf8 z#!mD$22Rc4+cp!`J=-RJN_L0=LFDx(a@{3B(wf}jpj@yf-d$XW zU;tkF%E8F~VjMG9PcDFn?P~VmLVJ5E1EQY9%-BTp`a@BwT2gLjbCGqCkm^$;<)NkD z3{NrivY-3PAV=vyMjGuf-n18>g{h`uQk0q_Nm9~ai37}Zvc5$qJi$J+iy;Jf1jAJQ zP%AvkXD|Hwo$)hHU<(fjJbFI}=Pg@Q{fglbTBLoFW6^3-4m#b@lVqx&MHVq5*qsB> zICBw)PoOv4`bHw-bNBbzc!!TF28= z!cam&!Bo*g!je&l;C6aAPJ8-gDwPp(X7g^`E^k4Iog^jW+~ZxO0;UeL8WUYt6aD$h zKC7U}c;%ZqiibH~`Iv<4oXqS(<>Z86y6f80dIM`@-S3U7?)%Ew$I++5o=@7uLBd3q zN?FHi+i`SL&)SqS2ljV%GdHc{t$7Ktypupp3|&vHXA32C=TDECSKO4kIi?Mg2U2`5 zweby&8Zt0}yf_VozB;>y-p9vVWl)}8#)U=bF;o8R$I7NiY}qKdZhm+4OIKItH@7j%-4Izb!OH6aL1u zLZh+NtZuqYD?g?n538E9JoM1#X&)~-TNeq2Zoay>y^?3sr9&vhC#ol=C#z>q%Bwvx zjZF@;eXZriF4-J_L*G>5#|CJs#;0fJq~}68pbRzmJI~f67QUw5NfeWBL=J;}SA|tf zQBcfG(JWK}fVHhAWu>6+W^Y}0TJrz8xn_XRRoC$ZuBppsCMRV~_j?a)7=bB8N^f3x zKbPk{mPxmKz2Fw+Q?zjOHB(@wtD2swR9N`zKKH#XCbG2I636;g@Fo>lJ`6-m?BP#& z)UZz$GO49%a3tH@-BW07z_`FL*iZWJ13M!JWlzPn@?Uq-H0(@*b~RF8ny#R{3Pe+a zl{)9oVW`?ZC#R!jYxtbX8|SDVN`1NjouK3bfn%-p{B5PKWzS7f{ZuYxgI;3hz zD7^?=Q_9Hzg~aLFnu0R;V>BnGC8ry^P{!*K!Ax5wFQo&*`46 zlW1p`#egun`)Q=?waG?eStauTZKMZO`OdsqJVhN3QqrPT%&9=e_Hy zYw)nHV(eWEb{)w#9ccrNE|TPo4dV zyot1ZX$&frZlK^J_8?~59*C~)W#qIGq-O~%Ngh{Q@hvEdJ*V^MeJdGO^QgZ3{;)9* zIP#(PfU}@DP=p=XC|Lv$;w9tt{(A84K|)8&)*N21p$wYTrS4j%P3J4#o21Npq+82* z1V55=shf|xZhGAYHCPN!U~-kpO^xqh$0X8Ju>6@rw9iBpz2Ex1-KU!fgx6xKL#*X% z*t)uW9E&~Z3DJ@fpp&Y&5h{)LrjVCTij5oYo3Z+x7()*N?%p_A<3=^fUOCa+!SZ}s zqb;@IgP>S`HTJMeH-t}BR6D-0e>=_H3#tuQcNWQyf!Nr>etiC1!j-Zi1+QZAFZgT% zTwyz;d-jqdg+vWSgA5Jr#OcA}qST~>w8RSaIEB3UgtS!C48_C@U?dqjy3pGnuy|-B zk%T#!0DC9os79rSsYic7dt!eWIy#@8r|HD#MUs%^$iS~cr0waa?yo{+Ix~1Nem6CI zKeu?uazy}q0cL_e824-$ISHtLwXJJT2@2D%sE;C+HgS0>{T}GYM<%}nofZPpxY4~k z@eNO5BDr^LDnn^QZk5aueqJpd99)_Scs&Y?G8(0WbVwAZPVeYEDz-5xFWO{|ZF?|6{`OnyUs{d9g&Dge@Kg_aGv#uDeK zF5NcZ1Ra!+$7-o+sk>y3pJwx7yr{whOlHTcBjK?+n(!uliZWHLLCnhIw{7z|39NC=v6d{*O#sf_q#S*+7KA}iCLBm}X zE$*g5RX40#4w?~!Bml|-lLD2JOC_vjd8tcXd{~tYUZp}{pOS3s?ymrEUu?+|gUI7l z#_)wfqRd|8=q(S7TC$Hkz1aJJtWw*{jiuKq3P*DNQXc3W49xphp@@B)aYo2CtBlO%C@DaHBS_?eCQO90`UiRm&LJRDkb*7@tqeSr z1g9Ag_F({upH6kDGuC7%Lvgvv(pR&xANQu7k7o)zi5)x*9U=Ve=@l)^4-aK~9xY z^s#d;8h(x(+`(+shk=)I0*E;QR#+R=D_W`ANBO{XP99ftRz_n?M&6erN4P2Wa zs)n3z!oMJaw6*#!>~_0Un~l`a7U{e7)BBDSni?srtQ8oZRM?5Mfj>_|nz|q{f zC~k3gZg+2o1QFeyum<2z@9JU%5}jR@y9ZeXt5!K zVgeEi5Me{&9$Tk@$RpZbeM%oP_Fg69*s@h&t_}Hxi&^!lK3iB(WT@aML3>~oa8$rd zsvUG(vWI}eYV#3OD{QX`W5CQPN8kuGnS_cK7p7^lVF_a@;)YHakW3o~>=i8W!9 zh^37eMQPxr74kf2D8AKZsa$`Q&e;ljPykPXVe2}-4LuPDwaDmaN^5;Xwryf~V z%Ocfmd+3oLm?@15j&z}}!$JI9&Kx11(bgQWAD;yZyMPg=miw7V=y|pSSG)%?3Dw8+ zHa8U2!J3SyDNWc!n%B{iv2GcO-AfFgUjqLqnl7tYAS;H?JD7L4WCPBnwpjnGOSZ3DC=!Kl12_}v+um5+BMa*cO1Q!`mpSOqI32#QfnAW0uZuLs z!_%Hi(Q47fv?nCr52%DPsznvlKRd?=00esa)qU`ltqhi%D5O{0J#J;e*I*9oXZ!mb zXKVH)-A|=Wou~vY$rNybLHBNla804*KL2``;PFeoy{zrAw}%=|6qlF?6nc6^Ice$C z_rZZz@0jy0s=8)AmlK0vvHO+0oNXAoN^jM4TDPNf;qlb{9-_6>Ya{-a0IPr?pRAXf zk*KLW&2YN^dior7Sf7_$YKb~p(jYs8@9Iyl?MCkcMb%JPzB>4oSv=9;`d`i^? zj#`mWwO`@V)Rg?`*^IF=@UrNkV7}$u#qQ~PtudR9gqwhlsDJ)xc1q12U^R+BfEz8A z)k1Wz&dxQ7qQbPHKWqS(tB<48AT4xlozG=ZXCZ)aJXSrsO%O#8xHS|v%lccQ&sX{Gxu?DE zOeWTC9*GfJVGJ191ii%gojJje6w|q~{7ciCnTmZFT$yR=$H6uex!MJD+H(m6`d}mzo#f%d3;T(`rUU#dYa+`7=*m?T=u_NZt-cU2?^T8|E%{})h_k-Lq3dN z(o$rr&!a7K*|mHoAOM6Fyg)nizZ$4GWjn}#(0xk%;y)}T&j%nmRZ!kjxFZ=7-9)Gw zV^hP<6a4ndB@017brDsxopC>HJ4#RICSf=X)`N^>aItk@L%-0_I2xB&dao za%gA@ofO&V0jkvvon%RZfR|~hgDny=mwhE$%>pJ;5%OwZx|h39{Mvn#{)b~omwsnH zh|>HR(;6(>Xm7=RFGvXAGEe{^umL7`7Rl&C*=Y``P76^QDPl++^G2wd=}vmGdMsva zqIeYk@OqqSG9RpF87o)J#yzwSN+q+}f0uAeXl}ASu&(BSO_~6j>>)o_Bd}(^66=;U z|Ce6m__yF(<9#&dw3Q}&{%$b@@rtJ8`lsZzyfyi+aU|P<3G5s3JI*ShN4Q&8b@!I7 zJ+z{E57NWf*cPccM_EdAqgw=I2LZ5F)#7IQ2$eknb#(NDa^J@J=u1Px?t%9EK=B9T zB&i#gY?%g6bG_F{ho+5(?6$%eA8FYU`uFRrMFIH#U~ppLS9bPtp<$?<-~x6g#|xZ8rt$44II z8qMx>a&q?a!*HQ;Xk3_W@{JCwldsts-p=|A(2{N5-#jP)ymwmJ%Krfo``I~a%E`I^ z1tseB<|Br6BqQW*x>YoB-qa6@cU^KE0OBBsbX)3I+0=?y3TBunSvnF8HUc zT2iFqHW(1bZoQ%KsR(N*ymoJFrxaVOH)<$^pXRRyhJn>NTra>`e7s*{lj>oIc{D4; z^$(`Mcyiz4e7?D~Olwk$Dbu6L{&;Gj!Pm^_wrI`*cpwaxXe&bB_c$ghOr_Ak9K7a} zLI}d%#~mYkk_KW4Ri@p|1RA?U{f$E#m^&U3VN8TZq79g*LFS>{vk^iQoGB+5qQFW> zW+u}YVnr~rXuMFhWwnE8GCl6wkQmH9aTL&pa1AJNGJ12aZ=Jn=i&$ z5RKt32|T36*ykhv^72RCp^_sPX$0QSYqQsrsP4fn&X}QAF6QGRboG~`SWgOEo?ORG zptUDs7AsbQDshq&H={V$X;_ZU-M~(7nV7M$xzHy9XIk(u{gkW`tX!Wnvrq$n!uUMu z2dqL!z&cbYD7H{_#AgFE@;0$-jwsnseH8H9r5;1%HA|yV*2Coxtu!jdVdFNSxp&KF zbsg(bJy(#Xs8X8u&V7x^6|)2_Tg5N(uixP&Y|m)eDy+Y0Hx?-1chU5-lx4;%?~q#s zuRO;R<{4mXp@S9g=YVaO+nu!D+~b8+hkG6WLtQYefeZ8-Aj$YTltkatSAX9`{#QT+Aa`p+3=Lr zVDm2*IJ!#fX0OfS-yep9fV~%X4Lp#bWXF5`(v;O7o42ZGY(PDk>;jDcL3A403Go@~ z329lH|LQ~NQ`nzr|I{^$w!4-_I$O*MZ=XcKpJE9vcb<@M{+t zCN8n7^=dvRL{$~{#pX!?rn#nS9raNV<2zg~ePhv? ziO`ydULV8fhYq#L**^>fiznP!N?$amNI%m#bOFHlHCAVJ2S>Lbu!)X_Q$ysWS8E;& z*Zrw=QGvxp&5cN)yi43P7{>!Lyi8PhBLY$6k{>GWha02WDe{dU(Z>~{gRA_McqZz7 zW*UbpM=uCn#(&D8V6w*^wJ-%aK%pT5w}JO#!(^`cEA%>We`cCzJ+!gDzF$U7XL;<8 z+w@ZMN@07VKZ2rMM!^HX4=I?CNTkCRYiLBD9nzroq6-xHaD(H99#KDI&bk|I`a=?f zfqXtLGR~w*^juZBe7n=pznkn~Dy@ZKN7yWeFVUe}=6vTJv`oKn(sZVeB0tdA4XX@w zL%>HV<|dViA9PcyvO-Pe%@Xa4vk14r>k4Bf6uDT;#xY#{W_%|TLkq`>&9N$WF-uGs66n zJKlTEf=|Gjx=4ag@{lU_hMetLh!M#$f>+HV;eO;k1gLaxdkx3`^iFNl)Tl5XVFviT z&FpuONS2}TN<90P6wYMsTYfQBhIf*#qK zw0AIhWp~jYHuvlpMH!{R|7yNn1qe;)cc7zUih;vL!{O9~rQ2GJvcRo)LqsOp+5s%+&EDM?Z>fvr`r z;S|ctX>Q*vTx>O9<&P??Cq-Y@FY6p+kJ`vaSyi2s%s9$r$}E&M{d?r1rz&4#5JIUo zK22n`NC9KUN=~W=a)ALKb`2?%uB0#rqYQvvU0K4O-x-<^`wPGjxT$!$4UvJX|Ce8POkkUpr?w8A`$ zr?lH`W|AT}>3Cg;2n{)n8s8$v3OAc#MrOh*P3d_vlW41Xy3KZng7?p=e_& zLiQMgv3QFV{qm@|mGj={H|<8oVj@q|fYkTWqF~jbvXPw?4c%fh+<pWm6jmQF(k2X-!)r5iaT4sADCztbdBWS2x#(!RZ~m*FbpaXTsh=Zl^t%oBv&? zPJDyx&>xu4S1%}d7#rmcaB~&?LROOX-Lg&X z5i&0FwM5ZsNLxc1H`9i0=pE)BgTfXk4ak@24%k4^U)W=#Ny{!-89>yZc-A7SY|OK5 z@vn|4AFi_&s>lXGz&2xjSb-&EgoWrtbAAC}o6c!GDj;m833~Fgv>sVwPDp*pw+2W< zXn83C-98d#JMvA-YDP62OAg}-T4$!6rFHMEZyw8els9iIn9h2#vtzUje8=N1w4k%^ zg5MrKgs}Ru;imV4;qL0Om$TR#Y=?Je{SJzMq>7i58v27Ua{EbnvPT)-)AlS!k^mto ziB%r?W6k#Oc7$s6?zT+UpA?9UsjL0(9j~S-D<$kvmfb?;Zb66`N+cpB9!WwJ zU;8NNQOz*>I_0jEOynO_lnxu*8tbN{GkA<~uLjP{jd^kbC(o+s&124P5N-54uBk$7$I#$Pkzwh3%dl#iDK)Hxt*Ffcf0Xb9i&dtenk9rUKz8)xV z=f8G*at92NO%D~_QcW`HA`Z(v`uq|Z#h2cN&MBrzB^sG!$SwP(I-~Gy&@VH-0OE0@ zFZC$@sSsWNP>&$uwe`w@K=8|pEsH>)v|}XO z%bEPOAx6^Ufk(aL7wS8v(o$S`tvUMIGJ}v7(h)n7+5ND$N{7*UzIfiC zSC_V)|GWkdZAa&$FEfmnR9@0KU7fydJh9p@PiLoy&{o-Da;#I5+wb7=wG(SjXo;B?O}Q5ulN zW<=<@RhuqQET*8sM-Y#o2$zIKr$BFwB)gPwRj%uKj$R6_{MGepivLp_*uOZLdEd=` z>+yFiZ=;hIDhyU43U#2_W-5c-*hCve0istO8{4&9IoG2MkUGT?tA)-?;VBh}p8XWI z5tpC-H#!m;g=((m7jweGBcY#i-*W$e{E3{UG3vAc{Lc^YwR5bbZv=a%X<0FXh=Cfi z?|X%|wgGAtNiaT|^$lrYa{IO#39I;1Zj5WgN#ISnW{G}!eCfQ;AFg-BPjgrr2urq5 z92y^g=dkG1+b)6bB^kNT;VI?{9XffTnZQBqNBJGgLcxV!h#gBG1t-&lvc#^-+`30C z116_sz-(##_#a0_-)!l{&$c)4kZUZL5`_Pa{-uDBrKOsZmW8F5q@R-hpAE13YLoL^ z%xz2LBWsYUjC3po6YquR3PNR3GYN1OTFJGG$6u#ktI3%xliGu3O7qjU62E-S?8paX zr9|W?srvJ#Xvix*McxwSG=s66%GDMs!_m1pq34d&k`sfKqAO0jv6cz7kCw$(DX1oP zkj8PcpU?})NqSm|k&W!1h^u>A^e0Q+?_sTSIQ5=B8q?w{7` zc~zSp2trEc)|&)GLNNy2EIJ|K+lc6Z#?Axz?2QlY?2UWspzy{eoQA%q0u+CkZLheift~RAhr7V_V9jhq| zUHc&CY*_+AZt_%BF!U{`ZyK1&nmiNKGP>YUx$GBPs|>VBV-Igu0llDVF$$Wtb|xH0 zbh3o6Ab=M%!FA4ZC%7(I~S+a_!ItnPl)B8AjCp2VrE=L-N zmVLNsz&q1Jj^43NR>tD8kAe}0ZCb}y!yFtaKPY1fPy8l{${35ka!X!UbPuUL(#OBd z&;|aNNC(})&#cOP6L592IjK3Y2J&VOm!o)(C0TT0_hyjEQ6IIr+`XP9)b`fW+%3H< z&GOZH&KH1v=CberAwbqWyKC|z*(7ja7_*TkwuBTD*^LvrlRULp)5(GKlmrc(+8=}* znqi|6_2|@?Oieb{)VT_L>I^OIpAjk9bfEP2PvuLe`-dC}89E6W1$n@#IcZwedX@0d zazG#-A5fREz(9=uZk9rn)aqM-Bf|Py280KBq+D?6&oul24}hItJjlG7A}P#;a8|R_ zl`wTQlrZ(p4eSLHC+MSSf*Pd%Z+Oz?Y7ZTe*C-|?XjEINC1>VpXeVldG>Hl=Wm-K5 zkRbx7>?=ARLHaAXXM0UDWq1SzINDnX2>2>UNZVT~XqY-${!#GNFqO1SU`1DRlr?l{ z2s9EH7%oX26sS1Q7$L0?fr{`*frhXdI(dueWf|Zc$#a++;xUc~#Sv zBy_aM@`UW~CV2}+G|tw$eht>M=QEN5oYS4ONGOCZSi=E|s6~C>W z-VjbW0OcBD4vrfo*{$9Q$EoRxE?gw^PH3bFKEO+|%B^Aa$luSQ2u8O|Q4X3q9K_bC z%=Ri!c~HkHs=3uq0@v~M7VbjC#4`=x=E%hI-|@6d1piVg#J+J~I|()85nD~b0mNDc z6D(#++Tz4036sN9;oHObj`h!7U)OjJVSeisW!S14u)1U6)3^kZ>j#rpw}j@_Nz^nd z9;XVT%S^%bxBo-$FiW^SfZOIBgyb$^KgnJN)IFlDKJ87>0{52K9Jox)*#A|(kCxrG zTyJWr>LZhZ1UugBh-cfk;}`nMkO4Z1+-M|>sp45xQXJDc527M)L0#yJ;KG20OUZFt zwA_0n{&&-|B&a4nMN{W4Uv(0<7z2%d1X-gIbzn!%vy=n0clN)4)Qm7jey^ zEHF9jX_Zo{Rx8qWI8ts{#9(_;Q=q`j1VlR`LGYRfT-ezm!_(e%;Pu-a2(8AhsOC~yC$UP8u2^bFmZU*@1U6K{zx ziMI4N0kWV?8gAv&v>U(p@MAvlLRr2V(bxyM!;h1ieylLYW^)+5(+?$OM~5R1IjGa& z6c@(IR)wSGd5;4dwgf7eDDXv>!ZEbR2U!mNJk|o)zTFty|C~r$lBRT*D6ERpnLpUz zkng6b?{E#oqV+#GOqR35V*D@tM@EH20`!v0Rw1uhQ7)b!zN{S|zn){F)BW<-k3jkT z&Zp^5lCCEa#6az}NACTn2cPy4<(qej&8(}G&9-SC-;|xIV+k$%N7ID&!{Md%`yEFH z|4Z2N*WHlA?a+rxuV>ap7T)R}eORme&AU&6++u}q7^!lDc%($7cRpqLx&rB44C z&D++_qd$>QW^LB2n;aw|J=mx&1<~tEnY3Q09mRv?2;(?Og_9nR6G@g@K`jd0+@<8D zd6dG9(E!Qug=`<}NwMhZm)JtNex%nXAXpoQGQvFtcbzfH%%*`b72@2biwQ0ms#<6* zIgh?_mdA?86cFNU8?_TE#aFsNBqel8%PSOF#o>%HM*Q;|%*F+W>*c46aEDZLjY@)3 z$7$!@9XPK}*}~`Ebf*L#M)?b2hrG&?>}5cyvuJifsKWO{mB`FDP;S;`X7tSbRLvB)0-^+cTx=%X`aG8y4<8NKtPYQ6yjH2@Crw z;8P@9PUegtha$!$kumPY5N-tvs+i^gte^<~;9oJcSM(lL4nIHz=6fkIR_kGmKFHyJ z;eMnb&e}P+wm0kBtoI7kIXi8ZL&24d60MOv98PIqXbj`YB^>U1pxb+I{1dfyp%q3@ zgbxVVI%^cd_60=Wo|;pRZ2Ny>@m^$(uY4D_{~6z(Nm-K>!-Lh$8;iA(AO53W>dz-n z_oWV`USUM0obqZxBN`5X60v<$JxmawMVI1D zfH^G5cD%6{Qr-X|oL}gTvzKuDqk({ELR>(k(>IN=fy+;P9Q<#sB9Q-86N%GM%>PFO z>DMCn&27sKf04?iGEV<8E=ggbU@@+D2yt?4=>fl&Q>FH<4kA#qe4i;EaFH&LI!EJ?X zL;TKwL?NV$&KiO;FsTli3?iK0Mu5Vp-O~ka5r)1v<kQ3=3V<(MZvK@oh`@@?l zT{?1eU`&A#lP5;5_fH>u3Z(3cyC#a;yOBb+i5YvH{yS|RjH9mHUXJLv&M<=#*7;s7 z|DMxT#421v;MtO5fOm|3>-S7+-_}Qq7q;4X)Tx!Gq-k+8g(Tp_CaI*$jC8&fZ+)k9 zxzEVnykc0ya(%eNbT9|jomSMaez9rvE}ccw-nth)xf)2XGMCz+9RFE_v?Z87<51X`K`})9PLfL_36?=)2OH_ z^NEN$Okc|e+FgVnr3bDjK4a^^cUZq6gE;t-Fqo*Ot3nff3fBo+AIbcQ>4dOo9~{;U zA<cQr6wb@`bqGmqQW_;cTrCsA=Gp7y8(GqBB-i~BJ;*YG zeYTp;BL6@3N#6iv!v{zIo9DyxQgbvD(sNVvk|yn~-#rVEuXJ%k%sz747FM-xbjf$1 z0En>gBYf`JO9zU}|LeKOKmfRKAgT>E|LnQ)uG}UAg70Zv_`@I>E9CZ{KV=d^LgM0^ z$lZwP(M}dUT&-@c+)&4UdDk4I=kU$F96g^mU7xe3UYz1v^r*!F&WXj@1R4PJ2N|)N zZ5ow(suX^}tT`P(G6|GJ#dkZKm?Zog{YOx^hk6l@-N17O=Ray2gtv>GPGv1tx;lcMwp(LQVbwPnUwHe95eiNc(V^h5OBR%w9LuV1xiT@5nTQJun9_^ zU(*Jr(Nr6A;~vRzpY^qzb|YSE8or*5&?OQ1qil@3?&L`ZhHw~!*yuEkTzMEkA43#P&MU$dMd-Ecb&-Vd zB0?LxiI&BU^R?_zacg-Oeq^s;|A4k*R%lrz)DG#oRj&2+@=DqYWTg+k&Gk%QCoN$Y zD`s8Mmf3tYwPTyMpKP&7BOGEA)!1up>7*RHt+(6vXQjF`-5aAPTrMivJe_294F=~M z*bXC$oMlTJC^E_%12If65wUnx{rEO3l&a7%8#h<9TH(mk|4~LFpXBRo$mBE>D%I<1 zlWqnpGGcREMxyLaLM>s@pkXr-#2$Rl{lX+O(PW0}+l%O^db3XtQpfR?R;>z_Y_a}5 zy%WY7*|$#?{!L@@DFcYyGZ{nuz<<~t%$61a=&Zl4g);@pg-P5Oc9wFnnx~?a{=1z@ zzwbMjuRv+ZhTACFc7^={bEyH10!I6EOtkC|p;9+jF=hU7`A157H!Kz>=*d=D!zgQ- zk%wtkdX4{wRm3lgw0&q04x|qJ7a+oDoxZgp7|=cYs^>j(Q#_IU?Ux6XZ)Voj)FpA) z=Wgm^B}cI(8M7w5GB+niHFanoLJ$y$1|VAgsQgmrqs}AVv%$p)2Luv)k3@he+0Zp@ zoL~$0r0o03zUlXSm*itNNe?-&o700S<%j*&<;$4`Q~MCN>t;dTIc@Rr{YXtUKlIMb2vjr(Pgp%XCsRD~kr%~%bns4SYEA;r+4bwgg zLtAl0VUW=)<8f&TV(fo<$N4Vw_^|Z&GJ95RC6E&AYa$^Qoc(rMkb0v7trfjba^4;m z_7w#;KWK$*p-TKl8pIYU?#@~2H8={BBA2da&Wkfx>LFe=f^z`%wCHs28s1`xwT1g2b zoBGShiD_aNMt>&ZIXg9?jNbWx43{QO^g{v36gp@BREFK|>eehh;m-)94^)g-Z7)7Q z82g|l&V@S$1~>Vu3owZRUMl*Z7`Za>^aSMXb)R8Z$Z(wl4NKHhxGhAH$Sx^lgRl#b zkdp8hk#_bWPZky%u1h3yMdXMq^4xXDZxsbw!|l@KCV`re1%f}DK5ISLIcrjE_3b3>i#CJ+xdF*4D}HTY<>_)M15 zOgXBIG&huSL>^4y5muI3g=fc`)p;sASQ%7;U;Y%dvzo9L$yxM@|MYuJMdna1rqLrE zo_RfLbn2ZQ6cbOponFwtkhxU1A}kuu85vb$fa<)L4T<5nIZurwi9`yr8FFpIU+D69 z(%-z{q%J={dv%ufnx3=|IOmeu#t*2+pg|4*X7eJMaI9O)mb(+Tz! z{t93aV6|3G1|!81SxE>(it7>GcXXBnNzO#c^O$I$m3LMSLy(C6f+YG@B2Yonkrb&$WQsgV zq`f#W8zhF27)I#D2r*~z`}@272&ib#dT2J_z)N!os>!;yW5;VaywEo4X&x+gZK$%$ zo2Cz|g6%xxl^L6i&W}zsu?{t8eP7U%jnYQ=wz7pdIn6wBr<&Axo=A7_$-a9Cs=MbZMFW|Wm!I+B#9Z}?}I)xVlW zE&vV^xRej#DH(Jrky00U2a4i+?8=ZX3KE!AVvA+9NhGC8Dl%DXtrzFHmmaMGEJCd@71wQ`VB|27c6ZI6sCQ&5OsXrI|ai0xo1>bYlKcqpYa2JE{serE4)&`i} zAGs3XW3Z|JoOfqG)&4Zx?nVuDa*}o!?a(8gwb3fJa)t|ZFmWl~P>WQP4Md*o8$T5hRE)K;nfa8%wt}6y3Sh89k1(wDZ;edYPiJ$qS!HydT7(%P zgImBgR=g@Bl5tZp&O-unb8$RIr`Sjs5Iuqr4N~pv_d1w8+?7w1k(Z2nQ54#R&Os-% z)Czu#24b+EwxMwuX#MQL#26;aV}?2bfJN)=524R*gk?gf#EX0$S+-Uh27~FLuArQvzs~Zl^dWfXr6z#Aj|ans5*EmYZFv}o-^PXZ zC&2H$Xh5wr#SI6|;cXAxKzv_V^!HveJpZarteD)^U+L*j`mNK59-n2hsT7LHnUPm@ zh8`5Uw5{Bk^_X(*QM>y|(b9UHvxk$=1{%40&0u>n7V_P$V{acJr!Vcp+P}_jK zV6maLBeH3xQ`wXV&L_Po$Zp_D69;ynjKITD8vAHooUhNJO0P>@-Ri4t$Z9WT@yn!E z;c!$*-degi{en*XO+-en$^{RA?D1q#RQ$DQr=cA}IHIEDT5AGdx9>u`<^u5jTiLCv zITb%PhgTMFxlMX5k@u9R+qcRJus|!?OEa;ml|@axK6MYDPEcTTV0zFHvqy0`@k)oH zv%P%E%=Lao9!(HTk=7))Lg0-!g*~K-&3I>+fSLCO$g><)qw_97W-VpzF;}Z~`>?1z z^3toZ@n>o+<_6^gW}h4DNRmE07;sm+ zORsmc7G3b)${N|?UP)B6<`3a^U1hat!W@;(hO-D?tsdX%i)5gk%fn!(5z6ZWk|KOM zKJp}=DfS4kII1=W}LDBF~ck-Ti9l{%fMu`9@)FtzkymzUnW{f=*<12TLBikw6} z^@gI*BXV|pDP~yPmWL))4&`EYEqvIY2T9_d+L7acfmAe6W?rwb%!H{oDZHqzE=(+$+Nh)%T0Vv(^> z;1A7AV_4oL8B0SsRb20wyEJ}Yw8Zo0lD@3KI{}Fo9r|TtCGQD?&9sF?sT7rk6kt-$ zGVO?F9!&5jLPcq0L`#n=LcJ!-9j$UI38ESHgJSv%2&C=eGdDD~NbY&WtE4uxr;K~t zGu25a4fKU^omdkND5zu}-kdpLD3&N^a&$^{27A_KL?}n_*diVCBo~ETk^Uwk)M9iv8^bCJYJSqb9 zoNAUQfcorXJUXwAC;#P=hH}%kgW5wN@WEucOb%75d1)n^<(S)BE}IQR`}z}r@R zW<-{wh}3V(TG9)G2$PD7##STP>-*i4^D46+o}FZO2F?vB5Tk&xsbTiT-@_y#iyBON4|<{t=V1UlK*YbdCbvMn2Ao7@fuG;`R%c}u7V{-? z-bOzECW<{!4f?(y+R0AY?1C5J7INOBavh*PIStdmd6^R$m5d`+^}Mx3p~p4U`a0}O z)H;8_|8+r*{z3f~{k_=5r0Bpcd%Efr=_@e4{WqvU7qIL!X|6)YecO*eg?*hrV`JI+ zVvN|U1Cl2~hDqB^|7M3;W2?gM(KI={4v?>}U2QF0F%I|*nruD5F;5r59qH^Xbr9Dn z;ZxVOTgA6dzay$|G1W(~mAxE*oTG195?M({%$qz^fy=q081B3$vGjEk^!IM`-!czt zUd0}zxSdjgQ-%$)tZhq{(oANRnx1Bv6tH}q-D3YOH)$UwiKO(=i3OdNRN6T$CqM#rT7srM5x zpK9imzy)lkuks(c$y?3no^iEnja=TTrZ~~uZy#}mKKz8DBkQgROp$9~;)lr3o3M#0 z(?|-EQH9&2T!r`6@@~*wHVRy%v`eKRK_?@AZMf1_SLxc=XX21$>Q&wnF^IS*#65?N5~wKXBwqDj_~?-~hF-LUfzIkWm32;u zrND~j6d8F8dh{m$KU{yfT0@wfOgyfxGSh8Z^V>%_sQ>&PGF>uF_A6%%M?J&UTDLy5 zU#mv@&$Kq_<$$dr7^)OGD|#~>IvTjjq$(s!{i!<ZD4b~F>XS%7df^V%tj7oL0RHiBH$n_8}(8FO#lVwa~L0t0ZOvL-zL%U?snt?3^(v>4{Z#RXOWeDls?#?F#ad5(| zMYiST-md~*4F*_XCWi{aq7ZC3AD4M^RsFN3`Msb_%u0J3N7-XAyFST zzur<;dB2k1yh^#ZCj%vK#N9z6Li}QM9i(WO)>H@=8>?^K9kDpc^R-!YP*l~ngkee3 z=sNHR!WKK9-~v*m>ja9vjgFZjjfsF|5Ms^~#qu$kM>=(iU{0?fPOI^!^z{iNY(&ib zuxiybM;1V-aS5P=10u4;{G~%y#QsgNi685qy?)jo)y1`ML2gq5Sbg2Jh1!dqUvEhl%`Y{SWJCHmL~64) zuT*hJ!tikZI~md}vtrU|5_8eNUMkBMMngK%%1X??)~eKUXx^n+h3q-yxx(96b1~93 z&?>xG1lvKe-HNp>F(E`MZ>Mx0OZQ;oHM$i?HQFO061iczS!Y02Wv5o6->9{mP8@l% zm%Q1jo6s-XEvci@dp%EIj(}c(OXi741HlkMTlH-tk-GU;0s>X0wWi51No!eBt=}t4 zv#Q)tYZ=IB^95xwiCA(-hpZZH(P=6Yu)|InF(GloChd$bXZ|-v@zzxt$S|@h2QA8k zRNX__kOmY77J#K@Sd8^aTtoWC%%Pj&K5FsFK%X>Ac7@ZwWDQX8sb!dGE1AQQ?=~hr z3{8XGJZ~(WNE{08aZXY6=rsr(0%1%-qIeP>@Qe^@9Kvv&E;2n}Q)f^mn|?ZTstxZ{{2ER5ZFgV zsA2Nmxm{T?Ht;w*cM@{)K|s9-M3IGon0MGbNDzfAq*QAU>Dn4`l zj*9|H2F1^00iu+we9a98Pkv2EYHubQz^{#0kJ)>#TwAw?<}VY@JIV?3X2E_IS_? zt2b>&R(4tJ#e!lp#~0P-mN`TF?3*EC3>~}2)p@(Jww-lA1=g(zo1E(@sOFU$KmTwdeo{f+gu0c9s^`2dkZ=IAtgAB&)nFM zo;b}c6ZcHjZIbX~Z@Qh+>+jB;>ZVs}(Gx^T2tEKOs%UFLxdJ&=HVx8dBpFBe{tTk_ z^vynmdi8-k5K4GCdj7{vGjo1Mz-}vgz?Y*mFXF!Y5v|tEw1X+SEp)}Jn?($PlN~B= z>KxL@KunXk-}eSLqXzz@Cj{gVcnnc>oN~1{#u0Y@f156I9U;@`mNN&j){IoKu(0YV za#{6pns+0N;=E|5`Gm=k0;~+EVOTvH6gOl{Nwoi%YW-QF1>29=s7pUEcbTz{s;r|% z{eipfnO3{joDm(twQX4$AWh0$)!P)+>CqIxs@g@&_AWYpEjg&T#_g7T?!YFCe^Ua$Gp&AF0s&ZEMOAMqUv_q1) z*D?HP4S-0n!Mwy%^%+ZHh0n@0b7vwT*Z7Fh3LfNkLmI#)>w}x?-dZKVZeLtaw zg3h7GwlHq17q!vrvDMq?ebMAYE0~N?9{Hp!eD74h$>PjhQ*7!4oESl^sm|lYK3_Xm z*|0YT*IQ%nksP?BIGA{KdOp4{QMX9c4D7PI2%L%lRD_I;lu++*Bqjq<+<(vY7YYZ_ zDRvZLoK`Ft1%!NlIMApKAOB`4Hbb{t0vo=Numj3P$K4DZ!-jIU*C$bV7~yq5N!yS` zA-yDC?^R?8M=j>|%BRR((g!bAQ>sg$pn?Nepf3{PopA4X3NMP5&_Bb8;f&@MucR%ktG7ZFtW6kSehy zB_KS72PCtM7OY$yj@2Aa61W(K!;Ankce4O|7BOX%C_aKYaTSVgN7p)x?9DfZ=OPe^ zwE{kd$`e{oKfc%SL5mQkL;$y)j^(8dN)=t4V~Kq^jzL@|0iojFTgO>zK{c#O3y+vI z9$QIWd8=M(v6gFBl^bO**WF!|AK9&j8jDcsT~Ek?5^Jt9G5%R$+*;jRtBhFDjW%3z zs0xK~inpkJO&EuYNyoM@mm0-JOCgMJC11Ck4pZ0v&K)A}f7D+;8zN>SYsa=U`gCr@ z^}VFYVw69xr=eAxHbP7(21fF_w~<~xW}?Saqk9&Ki+OxX{1+-EIM?9lK1C4yo>$__ zgu=(&&ZpF zv_ZJ~Lb=JUD{s3Ucq4Xd??Ro}eOo{uQ%5%0gvA_r(5%vmx-|fGW+c{NJ=214=owd| z!Db`~dMfnNv+*z&A+N=`4#;v)2g8~M&O-aL=dc?{L=tti_AzA}9pzjBlwGkrIbGVY zyLgjEulw&Cyq6$>w01jN@)nR31poqi|H?^ot0#ZMqcC2T>=f^#aYiDyy@Z^^F7`*$ z!0`gH?U%>1;ty^Fz?}FQurRibbBvdaA>LLZCXobMBNZjcvgU|}(JQrZizUi@rIFZL zxS5Ipd<+p7o*wB~&QB|idv@2f=PqD&Soxtn!$-bvqN`(`(8+_(m~86hC3TMtTeQIS+pvy^H&#N-Eyn)AJ6{7aS$@Q~jTP_t~3U@P$AHR)wR6>BG{nk}@{V zD#VMT17XDGkK!D#oS|TNHBqRPh3X1JIaC`nOdC|EGAZH1U}CPoXw?O>lh<;~Sjl4~ zt&+xwf=&#p$bICDwN$gt(0%OK5~R8@e@`C7nv3npZ-r*?AlMN?QkHff1YzGTDruBM z00CF^8y6}flMZCBfSOI3b83@UghZW7okskMWEQs9xX=Ahf0+X>^e`lCP@U zFL;vI8!}sF_T*G4cn2mP0${eo$88ytS#vgl2DJJZZ5dJlu9|gtm0zaxEf;(*yxY=? zO@4jJbb3Ek&g3Yf*58JQXf;mgx=qi!k?ICBslPc;zIRK^6hyr6YOj+anzlP>+S>*+ zzR5g+7D4t>aLOf4iG=m)^;QO77;`hL_4@SFwq3rQ)$4g`CKIbwfkbxV6iL$P9vCFD zP56^z`n7tVNLD)K`^_!_dTeUV&gcY?Y(xXf3}}|Wx$StJRvFp{z1}ZrHDt-TcN7K4 zPOD4^ztrkHQ+a8RQ@okz%7(S<(5v6uZ_Ir&Y41aHTua8j*o$dwS=QSL*fotK;Dz~w z1tUb&g=@~as$;H-im|uF%4d?5HlHz>$+}DLoh4!^Ph}hjbONfKiirT)?iWfJPM-|1 zu9)kBOSb^G~vfu?aA78+0c=Flmx5mCWHmOAiMp_>^4)OKBuz6_dDdh&Y zpGgipV^KSI7vfhJH4`MFA&tRR<%WCn60N1>6KD2hb)7F0v}fW;9kK%@BqbZiv4) z-zHBqeSBy{^bY!9TFc8)ef$kpXGCmOo1GroEpC{@Su~46l%>SXgT74qdm%B>mY4C> zZ(uWMVZgb0OSVPef61$3r1r#1KZW|@ZlfFr?^YxG<}fV9(+vCOsb}k2v2i7>>b_lS zhZBDL0GC0?!BDrIi2gbXgvU}h!j}EkjCIep?HDv|fO7C5-q4?L$eEq zvh1)l^1{HepBRis)J7^}xK5(1(PpEh)UZEZY17$yy}`t&63im^2qPqr8ylTV>LssU zzfhw>2dS_KjvXXa;7>K?^EfN;V%161Cm^*0Yj&+7`kaL*qk7v{Pq83~1h|`j#rUcYm&3jh>3zh)q!*^#B z9%mN2*U8w@rDkK&CI8l|)lJcSOt)uy#{r|0EFC$wD4MKhaqH0dG(%hP zV1QvyIB>M2LK;<$K3C?SB@mpZT}ZLr0pA6D$@WUHv@J<#z@u4s*(F_(8c2t3jcaie z4xh1RCxHp`+Hq!kZHq5KpMN%W8baqA#=HF(DDJ6Jr*QElu!{eQ(g9A9%mBT(?n=>L zi|Dz~^!ls1j?!Bcw#+XzQgCMTL8)SM7zqCtcyR#xZ=jX@8#f3~R*>Tv` zBX4g9B>rFD&SKcFWRRVYIKmN~U)e1UoLw~d;z5s}$lzc++s9J}RUQlCwj0?jc<>VR zt?PZD<3N&qAzPv%Z0s>zO!WAu3Js?!;%d8$?y$lYri9+0_o>6DmROq^Bub|4w6ra3 zfO$oz)!2t9O&@1nzT!KhoN4~P?lYp4Db)|%N8}n|Gu`VoHXOc&DFSpuj;Dr?5l<-O@!~2WoACgP={iYFjgDD^&`=UJC~^f6{8)$thSCqXlaglyMx98aCdwZ?QKex=IRG7jR2f}{ z!Qf_*@g7 zM1&gRQz+z*g*`cv>BI3oGf=HTjFgpL|mQ+fh?GDZEbRqK}% z>dQWlbo_^19#e?LfHu=xU(JFT=KG0p1ZP6NfAsWL51p@3ZVG&IT9+_{IkY`-1#UGe zEZw4s8#&u>L2zZasK%<3TcOBaWhAub0;Z(+Ppx~^)(q44EMkXRdn6&%oPp@^s2((O zV6BBjVNa`B8}dNjXn^EID>M(L&wh|hjv|5dDYFW!U6_?xP$!JQNlC<@6r7ttTEgXv zKfbha+GhX6wTp$w)e7N%&E|8RVt)F#dDJ~(z&TJRzL>fBi#c>;$anJtxQ*>p`DyqLQ5#y)_uPNuE?Hcg-O zoh1E?r4s$Jqhuh{tIz(93nzkvT(L)=K%;C4KdBu#v<+*HfhR|dEu#| zUSU$H@}PRq@fDbNuh*sUmrz^>!4480AJFuY(!7Y~*~9#xeL`gj1fHHTYx{(neEBob z9T8^Gb3c$^G$D9ZJ5Y{}hrlce>6FnZ+Egt?5mOTi;d6_z%V|%ey?f3PGOJfq=HcO* z^GVVq=A8?~6P^?44)-W6gb}R!)G`%{2{u4PMEbXH8t~A8kLOvFony&5>~bKw4I9R| zK8Ra_&Ru9LWO+oOJWDdFQ?%gLo{vQlJfC{nN?|zAAm13eh3~tn9q*}YIu$Qpn$r;fA$J}iAHGDjpB#I`Q zAhmzqw2Dai#f>~TGk}`~URnIgeMgbMXB$^nYWR$pJT%NC<%k{=*cyHEbo^kk*vA#b zE%=!7+*)eKtLnS-&;thV3hEr4a1G|OvSC zw8LEkM;gT+8_zvh&pz0fyN{kQ$a?; z$qkcwOIqTYRDq-QhWr>%^jjj*Xe6QKnTSjBN_H<&nO3Es8H9I(Id?$H8KRGB!7fR< zC>sM$$)zO-o)_QNUJvRNn@w*K^yE*adu%GgZ&Ws$wpEbtFuO-+zbpfpnb-CVIDu9p z$)*OOh|Sya9uxtUTy$T*FkD?q`8rmRylaiYrgd2a>-M=?{3C?Ta z<aYzAm`ul-RAzPaPqi3C zdderbXqIh2pcVs6>9|~;iKHU@W06&9nVw3=-AGi`dZ8JPkakvUbr~s#v&m`=Py8F~ z-?-2KB@KoApH4Z3bfZ_V7ggDd5V-|V!g^G|kEjbrevRMvOPNhOLzGu`ozmYb-V8gu zQ|(GJK~HRj@e85gq1*mS!HOh0I{s)B5sH3~Rmuijr8&Jxm5^qZ_8)tcWL!iFG^aS2 z&OrDOkWBKKSc?4hd8(b%`X8ZyFV055h749Gs@w5mb^BRF-h6b5p(Z?CQhW(O#n?GA z2SYA|w71;C%v3?^;xiDfUc)Jjj#e@&vim(q-VQm;^uiiHYSwUbd@$_jI)5ivym}?R zffTV(0gddvtdl+wCPA)DA!_}LvSG;C_c4IjOMRs&8 z?c#ZF4zgeHvX#P@R^Yiuk0P&0smdmZ*KsOlQ>^Zr@G`4tHWamzx27}+S z3yG*g^yON^_a{?JtTOH1Dy1NJ*IA7YaD{ptfa03YvZJ)r{<<{Nn7{sMhk5#J`4&U;Mn0okD^9f*krHMx2?oS z)3;nNt4bkuV>6K$vvbtylTok~L+v8OI$ao|IT zXE?aRj-3k?4tcj3E1VC<;r?n*Dchv|%-w4Xwc!-&tNfMGxKA0&KdKgsMkn*C|M83R zmf=Lz^HLinDDjgy!#9gnrFP}ijDN2RJ@_B&rb|jNwJ;M>rc)NqSmcdBuBiPT1$9t56QTX znLg+9o;X(}#^V#W_zL5vqu1m}cZvT&3-(iNq1MR2`m4N481|RQCw>06qzTT|nOtbJ zdFHMJJTeleYdw1Jjjv2{8b(wN-4$n!#l~~vqW8AESLPT1`&?K}dx!;Bsfp$@xZAu) ziyAte;yfs3pkPhjj>Wj4UOvX&cuBJvvL+x>J!f%hSQoTlZ+D005Z@?VO3gTciJeHJ zdS?VSPm9eVEHR-in;r_POYZL00JNt8FR7}j8IgH0H|SciOtLB0{nbjY1T zGV#q<*rS96nn36!2&JHFFLXZ{UmYjR8EtoHZNP1#N53K1eD^7=u}fs+p08mBWA*GP zeoVS^(0%#ds0*MLhp!h}XMLB#`g@6~1X{&YNGykLneC}la(^(Ae}>=Gql8iFh$hx+ zl^Px)t^}Ybe1y5gE8)ha)$X)G3<)i@hP@g}8g+=@IkOdb0$*3hKFKVFCit;jlolV4 z<%R?PRJjK-+7))VYe5?Cv!=hMkP8p(6ZQ&nRN3X9G$(rk3AuMp>!-gg%|MoLJn;~*-XMvPmaZJ_!+a+kdU)sC$oA58?8?a)u%0@Us9WApfa zf1Bpz`)A*f?E4bN1e1Lek6N2?4n#7}?r||kVWHK~Pcb7Ql(FX-(jwcLn>n`iyO$W) z!YY;#snbs!gFbkL39d`dQg4FosA|!b0gc2w7b*U8kZDdjttCGr_f4M0IEaeyB;edH zRW@9JWhM38paP?mt}B#iDJXF*_oTBl!o*qeq+y{U(gxzcDq6aYcXK4nbPiTxOR=IP z<>o8L)N><*w7ug1!Z91i=i-r(!fH`}YgXjDz5!wW6QR?S1Z!A#{KQc48_gNwBrabi^VN%a-8N)JCl%|Wg2h&>9SZ(R*I;D?3A^4U zOx4KivpM8?>X_BxCYWT3`$FSZAr#Dn4v!e7jx2(MSu&cNK6D7dZb2jYJ!;#bTXNHI zG6~8ow2OJ(_J_ZN6kmN2l3-f0*)e-%g}W>fC4RJS{&C_N<+t9fNo!1gtFD8dH5jAJ zq8T%`!fg}6Rj)fkcekvUXcy-W991_BPhH8YuUTd2 z1eaSG6W1MciIVL&`iV%M#*SsVi^mJ?!%B6@*<)1;CmV!wsAA|MDaHjo)SqKJ&e3B~ z=vcM|F*3#+l1Ctr!qYB0G3ygjwDUo>hZX*u(ZzMU^A-A+=tKh5kaqhj`cgumQS%@n z7xiNUhVlllO|BQ;OPRTuLPzd1Kr2o5I@?qQJObVl`CJou!4kQn&<^(on?Xc-Jh|ZzeOOWIqu%PrR6Ei(_g)~bz0+pk)%=v zz-c4k{ABQjewFbjP|V5B7$-eUfV=dsBMM-9FI*7TE%z@(V_1%;1K6TzK;7eA9=pyu7d7<($6Z<7%2nMK#q zEDMU3@JQ#ifM(z21c;kgF!HhO)8!Sf%iSZ}wJu2o@Gjcp-eh`m2Co-6eFp4RD$p+E zrU~R5Fu2>!`~7+``S?zS3eGCM8}`*}nMTFU|7!s1N9K4%{?J60UY|GRZ)VU(cjYvE z0u~Y!{@%!}7(=a+MfIS(N$6thDMtx_i!VXea;uZOOx9K80F%)d!qFgqJbnkWuE-m0 zt=HzF^unm%qqBg5Z?w$_F;H5N#}sEP^{NUuCDO&Prj8?t{>L`8zl~fvi>I?ldJA}7 zX~Vwv$z8-Pn8Xs|2r#y&t0vet^6iXYw}NtSYA8n2i5>LHNvX$@A2WwO*fl9}iiDUQ zvYQAkiSKXUpTQAc(t!Lsy`Kz(y77M1_8TVlu5d;VGIcMcEJa8UUBP{B6Y@BKpA@&Y z=>|_{J6eGPkz}vkY~Z;l4W#15C=LhwLZ3Ig^&P7tFp@;NgXml{@9E)5wNk1) z6?e_6BtU7|w5p+Z@QJc?u?NV>RA+v2z+A@c39~F7E%ls)6^Sh~iBRLn*3uEKKQpGF>@)Ez_GB7gLAV=?UzBwY?||%dQK@JyGZe-QkH?r8AT67PYw< zrnb?p)v0Uia#zjDS(QH4)1{|{vqB>et5dte;!6NT#wlFtc-A=?_Sf6>77&0E&h$%w zm#SSwV+M_%>sX<>m#IB7F2V76zf~XRjuvliF;Z=*s;L$LYg+e0QY4wP6Lmr!>G?xUCT5ibFP_; zNXY1@wtyH0xLf8R0`=>0xh*C6!V^Bv_e$M0G62hy85ICJ%U_S9u188!Y`jISwQrJn z-PYTus?i)A{(g#hg-;cQYouE-sjOBy$`@#o8LJ4yXA}czE15PHVKquDbJdt=xDjc> z-D}M;-U6ePin=b3s??^8jJU~$f{Hlf1w&+7V^{SlS@;CchESHqycyg+23orK)RcIf~@%tlOI~JcMn7{E^4Af zd9qwzb^*6u-ica*D;~)-Osw;ML!uyUVb`@s8la3#oomzqme5d0m1^r%dfOg)GLafE zgXijlB0O?^BpE{g-<$R4E9oU(5Pf9N3(;OVXG|$Nug%kqz7A}wDg)z7D$NT|r!kf( z3!gN;PqYbr;TS{&DxQ=CZ51w?Rm3gtS%#R=8gJdAGjor9+W~8F-ZEriwp#nCQ-34? zQG77V8%j1T$Oa_W^f+7jlMnLhIZG!qHZT=gDc@2FQkW7~sMj;FHk8xc!jwrQ4vdG9 z;@rHBa{G@BV%P{_Ow8e4P<2{#v{qGQ{?D=6oq|TEI|Lm|8{i&V2u zcy;$r?k!L06{wBen=akj{Q(}CuU0|vQd6^?Y%4-NUfSv)^%@O*RgYt;{w&h81xY&Q zBne1?3PG1FQNaii&EdwLV+WG}_-Ri5T%tx%=)N5L!rhZ9Bo5yfNq`1%bljc^Tv;YcqIK8+Qn=SBQ>aT^`>;?!j*Y zN09A-IIq5nvdIXME!I*ZrRUgaqP=m-VvGp}m$_90#_y4lJk}Y#-x$hY9(7d1RMPMI zLU%6IFMW}p(sk=Nd8mPAA$tx0IMr>+hO>*(MrmUcaY_C^KIjA=*xEpPU^J(-_;lw) zI@?hE9c*w@I z$0KXod#x-oEvh>A-9s;t!ph-pBC@&F=2lb8axdV8x_j|dFWUqshK4e}Y z3#7~v{ZNdZHH#Pv2QQNhtY5*J?NK(pW=hgxtRcf{zKu$|i(FyrCX@c^fmmMgbXGJ!90 z&*A11q{&etOCMcWu8(0Y9M3#Iue7aV8jUR?%pn+ArkQ%F52zUnEPAY6S>%NJPlqV` z?>sFQhckWNKCd>PhwGb;4sT2YTkA(q*iDL-V;@9+P8013*frTbZ?R(cOw#VRxpUEl zWNbcY7ijFHmU=!3G!F+V#PjA!({^G_W2M>=V^zuGSy3cVbcZ-+tGzwMo^Y`{qNGkS zNjUIAjJiQ*Um=Td%l#RhFaDM_BbwE__6C$tR<(g@_{{^}%GiVvL7lLnd6Tr#5+?$7 zmWVh~ZO2R$j&RF1f$vofC_9ei`059Bka=4E=b_gLy6fUKE7ZH}_6Vh48Nq@?_w=Os z#Q{4w*VgaIoPQ3LEi;1^Hr`t2=*yh$M1&?==GqU^mTH%E*jQQ0yIQEw99Bk?=*hSn zZhW%o1d@;|N!|3t)G{MST-C^~Vz1hgL2BVVFboon) zp$x1`4qwg$@#GDmBY zL%bhf6cw1Kip2qlCEhiFFWIYfVA4^Z+Ji#km9yQJR+_@6XWi&D0*O&b9Vy>*Bku9Y z8&yhQ7Oo5Jn!lbdXft7x^bYQ7;-^sCD}{!Bagj#6L<@269{0z3KjMsE@cc}NWW3t8 zFNY&Q5nObvtFRs*UJx2&)?H+_nWX2IaRPk;QKwR1F?oUBje6XwAPNh4F{~+K2_l|2 z0^Bwn2-dw#(7%W9BKKQD2^b5ZH%KGb`enoPmtO$YgLVQ#XI$H@=8q?>xGRR;P85iT zyBx9yToy&7!rgnj0uX9@C_aP`>7*ao-P1nEsoKTy66oe-$ozTomVUY;yQu?nclz!6 z%&s&RmFYgTm0&N6BW3;etfQ4L3acu=$(Z9jn!s_nzajr9iZghaUv&jsYUX!MpszF`5OW=5b&y^Ooby0HpE&^M4nhd7z{DsXbFKClMCZHS{HIO z9-9Tuwp?SdMCdeyHlc!QF+?&Sji)1V?`hT<>ALinIU}+;w5H7E1@cf#1Cc4q|xgtKM&fm6||h`+}i!?O5g@7n;Tf0 znZ1{~J+y9d9OkOxM=(K61!rRo@=P-9j9}y;cd&VArB$ZYW%^p?fmQAWFBN`pV-RX4 z>dmlzkpl|LlozBM4G};Eb(plloN0SpO>JfN!lUU7vuEgUsPLR!&r7*vpWfaV94&IV z&pS?uMg0Uvf9`THQEG z*Wp=vuAno%SLh{0q~S;8&3b65!BC-ns(YigdgP{)-YLkN@5$@6$up+w zFP;AD+=}hS36}QnOdC82|Hm2KY$_diz;~=&e@@H(roq_?R`S}QAxG!*%ab~TGqk!b zDEQU+DsYLF_H%UkT=<86cxPnBop^z>L>@wDYeE@Cr(I{Jkn+{qxT{HFM=r5eYN?@0 zYyAb*Mv>zu1-E*D*}g0c8&(j>66n9816GfjBv zz-EUwdECf;M@UYSnI7m{&DuWZbFRYefV`cpoL_N#8X|e9n~azet{P$N^;x9^A|4Ye zd`Im$MJU;l7+Pb)BZeYM^{XwYtB4oFntV3iRW9ODn?C`)eoo&0Atv9$UXhd;A_6kO zSn?vFPIpIqb;HM8q8tJUgKP;+>fl>0$(6!Drfjv-Hx+>KtlsR|eKa0?Bp&I_ytYa}?~M$ka$K{Q^6@^Ny` zLJQGI!9Tz@G|Nuo5$QPkDJuc7ju4ppsS^5J_6&kKPmN*!}j} zYJvl!tBcZ5W4)1F(O7kx5L{ zI#iA-OF1CP6lMxskYuWV*8x^C6tu`g>Vb}BV)2IM{#m>~T& z`R|3p@O;5MFcnQivT=hWqDuvukW9C&;9z`}^Xvk^popW}vQ^D%c7YiJBQ$U*LfFWu zSVKLMjrF3;>MBO~uf}@bcr}5xO=!SH2|`s42YwojsVIm291)-+i?taSu6JH$g_;pZ zm6u9FFyaU88ZOkRu=xGgW}~Gdgg6=`#d-zTXyWV=nCSBOLEohW*P0tyh|u2QvgkGw z*B*=^P$4D(#N#^(coRYFp9HpU4^rzGG;=onv{65n(H!L^yrl6WrDq1HLOGDM>{BtH z={{?{Wv@Sv^;G0ctkU~!D)juV&xu5B5*WKjCcWOuUSy`M82IP<-tXpY&S!$e4+$?% z&^7`$HUZwHRTLq_mMDd1rW*A|_h9;cv0v$U=jNYnY0OOuMNY9?hX^cVh(w4qO7ds@ zJ%+;v{m~Snse3Sl5yJSyk;MRJ4@R3$(aV+JDu5QTOgvT{bX$z}Rju*Lg5B`W5`qLF zYa#EbnA6XAzkPE%ebipB|=75B4#q4To=!%NgRWzkuw4}~{ z?~1O0fszuAVsSHA>DTck6dZW$M6fu@$(HftB+BQtwV4nG+Yiz@Eexvh z2NQfLBnYj_+sd@N_R`4wKn0Zx1CrfH|8-~Px`zVbjs_^C=$j;KNW*CjlLs|up%5s+ zdHyFg%HaTFry}4^qT;71F{%L04)442o18e>qFRwlE9d>Nsx!|xx!Rn%5yloqF6-*( zAJ=)pggLrc=1=^Hp4Oo1g9&z!Cy6Ij8BHnIdgKDPx(M}H!$8|yh}^}@SNV!@hwdE_ zTmS446xOec&EQq%jzTBqyVgap2q`~-ZNNuoWO=iS&2a{E2Az_D?jpFS#w3vGQO+ti zlvXx@yWhmHc>!Gxp%I$GN-eP9B9F1#M41l@_m+6p-dNN|;^+ifgXRi#kNGF99!^3j z@vR|b@4U#b!`pM#`l*e!%EvrUuX)Hc7~5n^+YP#0HdusEtBfLQ7Rk*l#2ikQp1AT z2}qC2P4NhYh{>l*z9!>J-Ux{<;urJl_28`|#qtu-8hX;49#0DC6h<+Xcx7+`5JtRg zz?)CKmN)Q%qq1=^b5paivubq)Xc#eGsdifQYDcih3zNiP?@+apu}}MMmvQW)XIU z+UOtg0T~qjZILWQAoHtt;OG%%3};{RrQml9*nm8$JnUKi!ci;7OCy6BvmYn(Fsq{! z`h(W~pN>Jo!Mcw%_&h!C+QqsYa2Tr>9BP_I7))Ncl$c;={*HuO1Qo zW6=1f5XaG^`+RWgN+y!0O~$T5_I%7yhr0$sh3m$B=E-THl~Ie|Ah??`H5!f?qu$6O z6Dg99J8-0TG+Ia^_MU48d^fWLE)K^3;1CoMQVaJ zv(Csp&w76@y;kF4M`?k^lig;?VEVZSnF4Pcx!z7giBhaqy1f_}b^`H4Mb{7;qsP&e zX^Prg=2o?E{r)X_U(O7L%--Kq%asB-UM~$?q{Lj_n%Om$I=}F!oxR#U+S8~|1TRbK ziAaWqeCF07uf~eAP&q$WUhwlZMcNe+aaEaO{h5V?+GmP}SRf%aUagTF#1h|n1CE{; zV|i{d@`3FWs12mMJ&Ajb^3P{mX5nqahF@Omb_@YR36QwFF9GEmx>^A`K}j1G3rzPA zMJ)?jXjLRrDoPnGtfh?C7%{t>XG@w|!}d{exkBkk3i4@QR!KWJD9H!>-YDdX3fi#9 zeBn_FQpFXjZ{(X!DLTNOrq}QEReIG<`DG=fMGbGcf_d1jqTt7*iqdlfnr|@nIs43zi6ZGuYK2!%;WNlx`kJoU5)0UY@jMP8@On^7jQ zzu|KJ^+A;*zkzG@Nk`Qv{Lm_6i=lInxdjyBr<77qesP1FJjDV?^me8+rofV01VOZ^ zV+S-hR`|+)AHutiBqgt;x$DD~f&|P;J~iqwCC_s~^AsnSZ4bebWb89z8`B>i7{bRX zX7D%w5iA{JCkLv-5*+`Qdnc5t-D`;+k`gOi(Y2OtiVHPbU`5twins8LxyF~dM~Y4v zEV;OhsmNmPRd%ISL9Z9`Vp@yCk$wZ%KOJ~bM~9uFi2KayAhwG@0Y)C!3Vl3?e3-|W zyjZ-xZO*6UCdTXAr;abQk6c)Y`1HK7M9%4k#ro10mhK7f8pg2}xhJUfmY;Am5rH-07mwJ$ascwRts!ttY)J|EiM&qeMfwOfT%3qb1XyP7*+g)0?0JQz{|mFh26HP)=J?o4C*JyR19qa z#)-s5`2ONnBN}?Pl4eEP5vVLdm`r5uPkBU@HxP;v*;} z3&)U(WuI)mzZLKCubCPCQrjiiO1cpQrP>(odpX>E7{OCv&dJnlTJ}IN%)ApB^kS(r z63{`fhevp%JLM2(Iw)v}6>frwqE+;h`}RjtuC*%m2}OQiXm{( z_e)uF#|7dVqwXGEF)#I_mJexaw>v^cO0K8$&ew?NxOcTXwOaz~WmkHmR~%FV3$aIA zj&cZJaH$ZWoo)h1VtXvDkwTOKR5~A*>3m<*ICOqJg!S%ypFef{;(p(KzCO>7dOwpl z`-`_}b$nmPE8rjG+t^N>V2mak@UTxCMHfea)!uiSesmE#LdYAC&e;COV&h-iTP4z|XvEVoA!m2JpDlRz)B4V|nE;A#YHrY%Hq-9nq-2~D<`iJ%) zcChaVAN_sklYM>Yn$vyUUOL28o5#P>17}(vIqOS~ZXN!D^!`PCe}74Kedtrfp7EI_B$HawlzuHsww-6$kVUKvfGk6LxY+9Jfw=WcFq#~vH;F1LHp)(xek=IHdg zeW+2BXk&^&CA`B&LG+=A|9aeEr+D@nasPe}o(flPp{!LFLHlUoX7)?$9O6w?4C3h{ zOl*+63ISrw{!eWEW3Vty6E+AQ+qP}nwr$(CZQHi3``ET^+t}y*c4KBXcKdgCL{?SS zh0e}u!cOY21C|j3nb{e*7$bvB+W8@%&?C;w=`XZPMwlT60`W10hoGi14iIJ~2XPGC z+~`(8M3(!js!%}5sqzTANDd^t{G#s%L9;tL`vk5SP>`uhCF*1w3>v~ZEp zIZ31$g+s}7kG2xvg(~+N7au#V6dx~O{?-n8yWq$tNP`BpXz5zM#M6-1$>bo5#%Zz# zregfg70#ky(#DRQ7MZLdMK5Vvob=uXat|>Edzicw6I`e%HuxjlM4RS9pfRSfjov$U zyLSO0OK&P`*DB<06cxtBkbr$v$xu^(90`S=}}iRO`0lj`C^Q!JF-r})X}jB8dMe?Bv)w?nn{fxM;UcIfmD7ZLO1M`&;KP$aS|WOOFSe((%m(5Sde zjKW&mJjjlgzqC<(z=S77{A%9$(}c-}^bs9B{eQK#!Ki=q`SO?X|7cb2@klw+=qf;R zO?htUsdWg0Fvu>wi5JXdTV_akwFc%|gk>nd$bKkS-sq1`&Ts9Ybq4J^J4I3IcQ21!Q zu(lO&Rv`Sh+(3CDhE8}Q&J+1GL7;*9hG1kcje~U)eu30k`&>Fi(-JybWz>C&iF4w<_n9f{D_D%AQjAB0 zySDk}h1m#9Cls*?MY*Dz5vx?NMzZl%Xpy@H!_+%owp+nWc!>#fPY#OW`pmx0KR;P< zFzMGLA3W}=o)2GOQM@J9>4r*VmPS;JYx1?Vd_Xz1*tbdY88sb*=o`a7ush^Ao}0iO z_Q`4Rp91GCvFSGu^V?X}tyaBq)xlg{rr>jPW1F=LD7{Iz)uWhHTPqh-0Hca3ljdA^ zeN<~6%sSqKiz<>R8qfJ4yissD+9FkgARBRuke0;q;#n~%Bw! zJ`Ic=6qNNCQEI7LAPsN0}#LL?(0OS?`XOL*X2T&2KVE(m)yut(u-Ky?|DYsNebUt{%B4^y$8tU z?qdW{`X$Bq)woOlB z#{DIsWhVXK{Mo=SuZDN3?f&!x-k2vyT{?g}I&-u$0JWIyr`$gVYsKUCKB1i92`&K- z1m@Hjy0@)+Fu{o2!T0oH)(Y5(1LI&U?hZDhkQWQ7=Y%Erl7@GY+NF>jlZr#64m|Kp zo)ad<>O4ddoH;84SQHG4e@X(ZUc2J=VYRuAN!!Y+I9c7srMKbeyHJv4=N(Z*dQAb` zVY#bAn025iX!S?e-x@C#{87djbw<=?ly|r7ZVW=3Lb(~&EpT?->U=T#9d=`{ zZz)=s-_e^rr8vxG65-MP?X@yk6Ug6yCA~K?*f~vTpFh;6sNN(sk`bJ!e?Uc%Kus30 zlT3gTReUO*S=8NPIxnC!Jn^P#8;jelgvYcyV}?k5(yN973&YxJYy7wi=Kc2HvLd&F zQ`-l@_=2%@ILA2U!VRah5vQExC?;!99=k|RR#)ZLNPR^}WjOBE)8Wv3#Y2aTG2!)r zY0>TJ9{&>;8;`WY17)EwGfKR<6=h}?b!QfBw?>-HF1ZF%T&9O}FM74>jT9%rumcAh zjf-PUzHYxpp)ZgxhL~i5p`@6! zN?uxBLmgktENuH=ngN_Tr2S`?vh8;lMfM%sI@VdV%gK$dPtVzDqcEuq>>U;SjnC0V z|K9l>6QusCd7$4wvTYEa0{jdJ>Fg1k8~jFy!Xe08QjQB@8c#kE=-Xp8gF0sO6w)bDTi$-GA9t}uAk+y_Njbl|XjqWHf?Fbkl(38J3ap=2j~{d($eCDC{pSCJ>3Ke;hyw%dE(@4saxXw*OFn^pn{J5{f#k5 zAc8>?^+xT4f=XWG#PhYH@G8cXDi(+f83tx591xfcaEDZ5I8y9@<l2j*v$*+`M!iDu>W*K|Q{m0nSbGE_UsPC_e_XO!IjrUd>PbMWFWRJA6 zYq+?cZT6pa(h=80;w!2vY&ieOAqE5!3EQ2k0j!H~F>FZS;t^Xne**Ge(Fm=yWi#@U z8Aa)?u3BZOPYbyZPp$zDHKJ6zVh><*n!W;;uogq^2TfGOtf^VUbU*+3WoQ{KBZc$R zO_##NcYY=(q%w~?a&pnmBE8COGYSa z1L%M_~IDUaZXUf|gPz>VNr!>zminPYR5 zE_uV-?--D2RNkKNsG4$%=d3PgCpaYEB-$x>AAgyXJ7Ca#v)9+tUsxRfMR`KuE2}mN znp8Hvm#LttpA(h@{nBsrN<4qZr21*qBmovF_L^);Q_eYoV1=7tiWc|^Btlk@grbqaL>4d09wbWr|dQBh*r&9ld34GwV%CZPoB7?)yHI`$H5QXvs)k? zehe$}#@NmqhmMM<(OtxiCC{))9zwb9G`j}9r?=G427%>v8( zLRAZM8l`N94^!XnuLF%F*_4Lv?vl2UP@7tcc*rJDaXjHt;1uo34}K>7R9&7P825`! znmXUd{5>IyXzo0NdRCvit5Y^3Qt`SKyuJ(+Tr9R3`Y?$jY*^mXH<$#4NzeQwHPKRM zk-fYi44~$;A5oWm7Cc6VRBG5f1;Jd>?nDQ41i z@@31SEI)J~4^5*@!SL`IvIfY6cM&^n*_1iNv9-@_G2)VIsYf!bE>(632N%Bq!^dUG z@d%?41+q?`1Vn)DQ^hK2kt@rd&3xXR)qO1Iwx znl82O7o1Gt;Sz1XRy{?B2mr`nutdUX2`F7~Rsb!^`h(+MRI=F?PDU!y`m%ZH%W^uf-?OBen>|fud*= zM_yoxIvdv}W8_8+ZsDGu&voPx86cLO_8nwJ%|zH^vq3e6p9(YoqH78%#Xnkii7=;fi809+6)D490EBI*EB!TlsHz47jxNN-Dq|c z)|+!KJbTR#J$-(Pcz|nbb385M7AIF%lS!()zCNpMX>vZvYU~)$|NAui2Sf9wY#^z> z2LiaSo1XibOmx*nq9w1ooond+*~DM6iQt5sdYF*E)9~iz`|M+3+H?7mZ~KC98?U3B zN726$7LFLx28omel_QPT z8iaV}kp=XTRlCi~sOB>3#8@-cc1UQQRqjHiccWg42%*fkL69RwM4|h4hbqLFPx%_6mpGa zR7%|eZsAaVr|CTddn$Vcq4Th{)$%o|!=+XLBaGc-;w4I}oQ-yhzZ5!uI65IG?(pnC z5zKxWZ`vxxBH`t|*n`>>MnQ=f*|ePj)L6*dee6>!R=PDI_`XACI5dI&e^9Vj= zfccr0n2SjfzR66qn~>N;HFW##N~+=rTU{sjRV#rJ5nN`;znx>5YPOfp(_|acFq_Q~ z(Ii8iSxKzYnV3{rEpKXsp3>1B4>{L-#+QPBFKT6$2e;UEapiz{t3k`srkNotG~yGg zy7SaE#kwB-AjJ{{~^1fyCfWterWgCjKp4Q6tt<{4q+F9^FjYiO+lWN9Uvr?;#fz*bj zX)zQs5KdCW7;B#j_3%Y|Asfe=#M(KLbU`O^1fgq|cM2|Fe1lS$EiYa-r*3DtXdMQr zqJp&4Xu_0)41tQamqhti6J5WSy=qIQ_p68ZGY26m3oP1d^Iq^8)(Syyk6qN$n08Z0A3o>B0{ zHC|#$AgzXKYq210M7(MCls>b=32Y`)>-e3_fQQ{3oGlS>v8*t)^ zuqgW2wtj)sT>`!+Q%7jTFlsKkNVE)4n&g3G5nqxZ2l~EWE{*SWVv}nob9}x5m&AaC zf8KPqbLykim{A-Q|MCk1#kZPGw`}~VNQ{Yx?@d80YPtZkQfYU0ZrePFC+LFiZqC0@ zA>ofBjp3gJ4HbGH7Koy`Kr1gc&K~>suh;s@al38s?gLdQ?rR&Cp(Bb! ztHdLFB28Joc-%|Bx~?ap3f7Fy9v{J59e8F;-OJJ{PJGU8*Up?&c0f%~( z(Sh*6!?rlr`y4fT=_Q@9b1X5}4ThvpBP{V4BpiVxNrJUr9B2uHlrWaEM5oHrU*78) z3g&oxB`SQq>&QmuHXwXka1>Y$Grq}@2z-pZz)VPFr2IDWd58(s&Ix@?@R-L+VQ`>g zdw<=i9Oj_os%f{ioZ{)$Ge{2;l2slei1QWv5oElA=COE=;lyRZ*URT{D|=(aA{0;5d3}^d~!4r9_Jx2 z-(6bS!Em>XvRfhFr`PR3NXVdQEK{T(upD^Cc=z;d5zDSodwqb>+%!6x)n;3`Ni?99`G$*iA;_I`Qld)=WEw^Tg)Vac?mnsg7k4iYg2zmYuJ|d z+EZ`E8(!s^&IFBo0gj%-o_DOQ|IY4|!KstWjsL9?f#;_ULGtTzN6ojRyS{G*I;Z`0 zuzU%n`u5>RwsH3ieBq}i@4RioS?$=6GK(4Q#Vgnm{)jFOne+B#7m}FMudtoCd~t6ft-_eA~R8)v?y6ri9Gq z$AOJNx#{!SF&&qjg|s?)G*YtFiu=4?7rCx|SAYVe4YD43vUI?aXny;X!(>g#%#hJ>6+WSg7;%8$B!IX3a188za71c&aP@y_dGK~|ME0F`zeVWhuS*4Z9_yTcZbcupWZg95M#W__ ztX55M`&bf*2r!SvCGgfpafh-!#c>L^HAN?F;lJ^91;3h%+G2bRvMEpMxS8n36MGTo z?rT(sdao=O@CE9k7pI6Y+!Z(#&)dX(D?el>D5 znDP&rve!QvRsT8bzNMghN9eok_MGSV+6LQCvz{+1_HD+`+E5hjahI=BpiIo-ISFIG{6p3fnKRS`r2 zqBxK<0xW4%Cz_Lc)w#=#zf4gEriCa$tb7+};PgApTisLbJ3 z5?O^0O=M9k{w&yWXM|Dou}3k+QVQ4Pbk_J@pkcfC?Anwbi91D`RC*s2m-q zKCjgf@EQ*Ryoa2pz^-{F!)4`ew=pGhUK#3X5*o|zgg4}YW>H$-t2+!a>P)81U)@&d!hgZ4Ewgg8hLERkoD1SnboLH#)k)(l}N=jKni?&MXs`rU?CjkG8!_;}rhNM3Z0H))01w zg|)jnu?+1ec1#p{-Bny98gGh4Lw@!5SF@t>c%i!+SX3muVV>BuqmF0&CF8s>Qq5-h zj71KkOv7pL2q6@K5K#z8NQN^?Ske%O$y1w%He4?)W_c6YT-eE1Eb9u6>gmO8UB?aK z6*Z8bJpN{p(>JeW+wbRn4A$&~j7o=PmlKsQ{PR0yaqPyZmpN6$`oc7D(pn@&+R0uQ zVtK|Yjs`RK9}cLMInHUtniAH}$Pi1eVS$lIUOVT*52$+uJ-)Ca1 zTlnx*^E_lE1uOuRBu)fLoN?AWBQS<2Unr2!z=tejCNX<8@S&})BOBSAsHv7zGB#^T zeJ=n<VNVL8~tR^SBabwUpCU>1ujq1PR1yS1vf$_-0*FD!DQ3Qit_gm;z*fMtgWKrqJ|vNuT- z>5_P)PRb|+=T2Rs<1 zrRvZJw=Bn*p)L8D79&g;Nfg8ZB(kA^$N4cx1!j9Xfs|oM5>O(Yd=0l~n&Rgc63o?I z4(v2ViP7k>AImG}mG>xzza6VqzfG?X_Z;ZsQww?b?wO<;ccU+K`^?7`z2d~rJ)v{p zKO|uor5C7}UFf$}OIUjPupg?rn1IifA)R2ql_zTMa9v}*tRV-8(=~F#_Dt=H4a@fL zgandPrhSfAMIwa&fN-t@yphCb$V7}U!U((SgrZZcRuIFhxMs&pgTH6TC6_i z?ur3d?LRNLC(Av=RPj!EqnC{-SLnDadEFGV=b~)sBIWq4*$lbfEA@=sh|_@rsOU0d z->nI`CBuJ5iMd&&Zmz{hgeVSZ3JD0~qSwh82@v2hUyyPPvB@9^UfNU+u(N6>#cgn$ z*qPm=JiOIpM@V@FL_Gf?0&-sTydFMK!wxE!t<6838?&hv62K2nfemo_9@k4$!G5ZC zL%^@z#9i9^HR256^Llr?etr*7R+JOM00?*#A67BfLSNrbFPfG$-HlwZejrMp!NzAy zRKlarj_v?xBnl1WJ_!gYMCcLOf$rNDF7W%@&I_;d z-;2H4$~2ldfMx&tw)_?P8^il9G35kz$Y-)NPGPqtZMc($_nFvy5|tG5x`16GQI|I?O^ zzB2h{OSE%2^KV?;NHB|Z!HaQI0e~Ym za@5QD;E~p9npWk?ARvT{;a#_|LP8B79H$&$L`E7S7|LRGoTYV~ZUotOmOagi9(2by z$dvOpD|5A1ReShq@?8#9KUFv6KX{?5$V`$!+Q1<#XeCZuh8N+ir&%rZW2o)vm1VDACSaOdP%bcCVz_-ZnlYe>bt|Fx)g`IOQZg6Ii9NCj#-* zyC0e>x|vJ8!r0fB?Ow5bffO@RG_!%;y0d3~{Ag9wKk$>_wi%l1f9L<+@1!c4 za=xEkGMeD>vZYYN_2yJLyExjt&GtLz_r#A2C!LU)o%^l)PLG!}#P|{sW*z&cXh=@& zdm3QM${JW&Q4WDu)D>fsgYmvE^_)3==;ls0LbJGj6+}lOJts&@I}J>evE(o9#bX8n8-np}k{?MEEFw%`CrFTQv={=UK%7 z0yZuzx~4%qa(Xp&?T^^deCO)-Pe*S0lL2(E`KJ8{CpegGnSt3SS}52?0@5g=A!w~6 zCn~|ej=bq4eTR(-5Z!J78cnbArl|A0>ESQ_{Z&s-B_k78ZK7Q7k(0ytpVe<~`Ro7f z{r2#?DW*x0^(1u};D3nWm}M}m`_j>FIjKU2MN^^I^e4!e+mu@md7w{iqsoUkZ$Gg%`(bD@%tGl-)OZ@$22tx>XMjyJln(LQWg`An zmJak+@ASzFWY*A7dp?e@4d%V%J*{+}*@zX-uJiv+h&29~xi#we{dznYGG;e#z_R;L zFJEtcAYSOAXj{58B8s}wq$w*xHYbMO+vG>lg)9M{4Ld7g2WMNM`($=em^6a96B4ue zta+Mt`Vq0$un+-zjt7XKXX>np5daap+6EI-Ppgp;#{Cw!lBRwGfo2Z;{iv#7*6AH&U(N0MEs1i}EjIib)Ljl-7m74q+hA z;wYmt9mGhP64Q__9n3RHWv@}Gz*ob}>$pobq8^~p5Di3?u?gJ(bxD1Sx&Zk&zy*oR z`n++EyJJq1no`H`ii>J@Ql=VMEkY0@8_ddy4sqDjL~dqY^a@YYKK3!mJ%|LHmYzoVLn`Zu07*W63STY&m>o+)cAC z&P%7w3z%f9uX>#M;H(9pT5Ge4b|0k;`u@gocW>{2A1_k7tnhT8XFrUlgVR2}1I?mf zRk!MFLy4UBVJjgzY6Y?+gi0$cc=gN*M$Ke#-A!@huS~m3rzr&~S}urQJ5DflJLmi9#9THFNclNK~XC@+}anCky%TTvFlI$<;{YhaprI`&%doV8#{gs zTa<06Zm{d5hu1ltLl-y!Ue~V5_JncQop{lNnFUHe-w#zS6!?*n&NZS|HuPz9CQ&vE zxgw->l_Oz+74}9w?R*^4$`{$0R7fvnQ&mY6t$eZLX)NNPs$bKoM6I>U+YeUGVm%u9 zu<=+P)~hbT?j7lZ0;ZiGkFjrbTf(}$D8@@T?$Pjey;;dk*6!a@Dkjhd@}>>|Dk>{w zTY{=I@WoT43%LfMVeisA8^RTcnL8!q$Io21{)O=LL?L7R3#`^ydJa^$QgJfnI8H2P zq8V-ZHEn>HomcT(%eh#J3igriE@gI$#XfYGJG8i+de{gkaHbs;8xRLcjj0bsGL_T) zSHVuLz!e@LtQ)+-B1)A2HJp&$5GkZ*(-Jvl9<_YU`0=r{Gccip61kB|*M~oHd+)** zwbNJdsaJ{BDp{R>zYwre=Ge6|V@-VNNegLLC|oT2VmABxjk`h|(k!e7wmkQP_A05R zUeflI3l?q0d>m0mMgGSl97~^Cuq@F!7m^APzAP+N>Yk#CpwheftsEoAbLy=5a&)*R zCq&vLVv~0oJ+gCk_xrfErk*aYVRa=%JyW@~9r~dg7CM2~Lw-jeN?~gm8JE+ds%(ct zsMK2kS5Ph7(B;1<2#z?YmI62woMcU?(%n)7(F`R3I38*XVFOP`9O=4Tx`UZq7UG>Aj;m1$;ieBMrd5 z&Tfwcn#vb%NC#WSa*(!Z{AL&xyt()XGK?z!c+UmsT6;z0%KS4wJ28~H=e^^3!AuHP zi*NeG2KdHSgM2drVzZ{@ovv&qAoP5rK$N|E^2Zgtla9>Od&XAoQ}_ni0Iwi>YYKE~ zd?&HU_r)?WkyL*%$m{9N2}&<5`1SN^1oT?2wS3?Tbg5Rd__+p2u?CRV5sj9#`Fe>q zwUct#5v)|$33Z2@@V28??$0|gG-uI3DA_$l=|P#dJtdui&UL?-uNwchgMR1RDE?hlH;DS2S@8rXTjiBNW%3}h$>5s z*C6c?mxPFMb34e+gw9$f+haUJstL%>QVlL zQ?Z4!*2`;#40J;!kNVfdZOf9vO%?Jk=gL@(vB|k^Sju4MuSD{oE9uZqZ)QfY>$_%8 zb$ zzZq9#%{|PS$r|P&hFHVxh7HPHjgi%|!jV-&WU(k-Y`}zNR5&9xMw$)r=!D|VDMFhv zidKRVvK2Klx*zE0r-TT;1>xmyV$L$0gn|>CG=uPQOI>!M>yjn$7E3rm7F1KUAScKs zd<;*2`Ujub^6y~8;xI`Tq;f2fD~MQ^8;m5Iu!-JkjOW=lJP&Jt{j{_Z+slE=73MZ3 zY+ZYOcRaRcI9j&%VV*hmJ@As12$MEql&;J(CwU?6BE|@?13A>Og*p1*Vty@d*4P;R zL157mMNUlk8rSP1EIzPT737BXk77Gp^gfksexcaI9&PAf22TfTOF2HK_-N1s0y-PI z7mKR)Pz1aUv)DlcX4LN9uiGPd;?4PI;|ZWg&W^flJhmu8@0WUtPa}%w+7xJEXaE}| z5S#$W1YjbC)m#d1?X-;h=a5;+w}+np26G!E&OM%yW$SL{t-Ai5>Wbe}uHCbZ*}CV_ zQhqb$L9-WxA;(|e`m$`~Hq@6-; zO>zbo>zan@K8F8wDEL^RsqJ;-fiY za3nmsw;p}k7&~d3i|GL^cJ|&sT|PQ^KL|O!bkKkI`gWL;sL{bT6M2#DHepMjV==mP zcB7xJz(k(Lo{>Seu+Z-NNDys_+V)5)!9w+!Up99ES&mp@6K}CKSVFI~2V-H@tCYn3 zx&8eD%Xiu@14Ba&lL>5AI$ku><#5AE_WgU5eTyRtgZOwqqWiJ5K4BV5HoTwc3 zq!M_H!4ILa^Ggu^Z(7tx9ew4Vv&-K}NJc-iE(qiNz9}Zi&M7Dfg5p?`ToaVs>5^%a z#T2Km6}wZ{ldh$YAIcZy7A&Gmf^ACeIYB|lv_TQJ?Pf4hi;PhX@#suxp`}pjNpY}O z3?v1rXz$EH^Hc+2BB6!~b|C8sConByaRU9e=g1Kv&%lM|n2wG78^!>g?cdEBQdVcu zS_7V@(QW4BLVp zC7+E#a6p6`V~DJ2h8Ws_=JW)>44nI@jSXlGZl@A*@MWbChiZ^4o%Gc<9`iQkG~sy# zh_Sp;IoBB`TGw8CwT^(brOCbSIRDw7ag({qw~R^eNV#^pK0-{k2K-m|qEy#g>ojWn z5^RfLPW|$6J(A#>vjt?;GQb>WZj5aG`9vhkMk=I7DaF z(jN@9j^tXV%R=S8_$AnHMPJ-k0UCeDA^KT0VsmKc{iayw#%sUCPXh3$4a;<~-~;UE z4T8w9Qcj@T5{%egMxKpH1Nh!jb74)@bj00K97L=}>A!`7jOmQSb$kAaA@>g}noo3h z{hh+w=63zLUoZk+ko|vF9yzTlvhkY?2)$3#Vx1+rim$u!52QC$5~3lsAygqbCKfa? zwi|K^CBN^Rap?#KQ>E{R9Da8*9;X}m|0aZ9y`W?(IleDn`s2pH`F}p{_r!|9k++kQ zFfk|vA7d2yhyN>;i~S)l@iE73~116$kT{3l=mGFA)SI?y-hf%MG0mGdiDJq$8cM zQ=I;x=3a{mq%>(!GC5+n$YrD`L76iAK_t?+22x!LizumeYZ}V6eidkx>8P!rVejuel?ADHmSq-9SWew?`=z7e`zzx)2p;&FNbkJ^IXUM7*NK)9Z( zFM$!Pf)z@RmAP%Y9;6YR#yF68gnKwcRF?>>ty+3pOM(_PT>+PAnQ*gs0YGj@hq>8f zrzDtwCPXQiZABVbMbeeBL0&1*9|6LcrfbfF+`+bXX%^r$kWZw zgs!Q>Ev5vd-uCIMV$bO%mAZaqmYi*n(VIt>W2zdVH`=9N{YuL2$o8lz#(${uh8J&K z_9W#}{O0XJEd|UTw)j~H)WZ*82VQeKQO5-L47|dR!*-47Jnr=TE`LEc-qrqeP5(z1 zz3S5cxkZG&FLf9nMYn@>M>^1+Ei^stEsSnI0i`Uk9RUN9O){ZqAW2Tg1^j=)N`4|~ zN7BkC29Y@*rxOS1bN|k!dKM^9LJ`kKqD)1W@C_5sgf8(5)AF%kC0z-b-@6w8e7Nv$ z=KiJsZ5-VjNSu}IV}X%qDnYa+Jp0n5z7~-x6FAL?fJKhCpy&jOEm>Yj7~u}o#*nE= z(MN`Xu0S#9Q}WPb((4X`rqL<@5XNSG>|ZM)by{)@gEQEa%QF*X3S=XpOOt$qeI_}l zG0dQ88XAwI1||l$Sx2Mxvf(oa6)vxAj-30Z}$>X1P%mfYOvu zIL&9{j4W`MT}W}hplFT2FEM-)hw)$EcHQz!CexhGmAX@=D7_h_!^&}nRGpTsmwoy&HDfybY1w{okM zv~KxX;96x9%wB32u37_%k`m|q2-i;MIEc!xub-afWajFOAk{gQUvJQ;y}g<5LS=%e zk#tDp9kP$;aoWgVV4By;jL676FWzP;C4$Dz42H6&uP4q4@wwJ~;Ubq~0=2fe*E-Dx z_8P1}Un`Zd%(zT1{!n0j8FR;mJxs$7Dq?&jQ{chE<2t&MMy;*0$%CG;JqJtrU#k;Z ziJ1Q|^kjpHui{aS?(i1Mt>3vA^u%_pWzQCQFyzX73!;b@H}dz!#%#Wqnq)lP+pGB}sC;VktNxOA`W+*0nCPohbe@6?8= zBOeY$o;DSq=@@esw$Ew&2-a|$b#p%~J5Yr0ZyYqFRLsEi0CEamwnjKGCt0t~8Db{|m45DaOu_ z?Ag-aO|9L=Gz+hRqo*Ca4*JEI4o&7F1E`Wn3k!NS2NsZO%x0w>qI2*!g)@YFl^9^0 z1ZFCRn}_||U`}KUDGEgy6OKEoI0ci4Y$59@NGn!=?UV)f3fW7OB%~ie6R#suz#T|n ztOb=$Ja?K+Vbq!u!Ievmm<9T~I;Xc`{f;kQQ|{5w>F~>&G2)(Rgyc*#k>zYd@o0Q2 zycy|kv*Gcv`UY8mpf~Pg`HxGI2JE&NV8ZVFpo-Az1&wdEZEpzEcez+FqY5d2M2l!` z+b9wqlhAzMDchE6XA0BR&>@%S^6@Esdt>O(K#eas`*jrs^sLxyJkv~D#GRX12QM!5Wxmgm{J5} zVa)c+60_mAnVjU!G~Jr)_e+9OpMcPioz8%vY;xu3c_|Lp^I=*Y!^`A3I8VN4?F@!m zP)#cL&Bc~6Ys^F>KsJ9bNd=uK-r-fCK}4e4ycUk53Pf}9+lfb=9VkUP)h7?}ZQd|c z#pC;IT}8JkV4m=$O(!C{Mq<0PYWu2vmH#+rm)|8PE0U9u`gHqsD~r{eA7P{x21@#r z#X9n^i}vuQzM3h8+i7hV>bPa%t_j`UXfVp3+YE9sA5-8bi8F<5pFrY$9ndB9p!4jx zd$q5?!q3ly6+ST{lWSnl2*ZzExldO<0yJI!O5dRe03W9Nx`8}$Zq#q=vDh*GX7vy3 z(^Xhxvubu0ZBYR?MPvgUMYLDM$eqnOp!07w_{Jr_j^5VI_u+(+WJNbybdeBmAD(^> z_nwZtGbhD}*Fba`)67$hh5N!fQ-m_>3l;CMU`1u>I6fCG2t4$99q|2ozRlz*;a$f; z&ZZ0C*gRqe3flH_hQpxZyf}!z6t7bCkwg^;ol*{fEG3P&DCdbv9ixUpGE)jnEY*6L zq>C91jSk+?RLb?z5XVQ6t)&$x9{g%Q=0zw%Ftw+2AXvGDejsrsQ(x=qt{WGbrlYg0 zY!dbv0f|nO%@3#?V&YKMMifVe(Ca6!L3gtNex8|$eEbkx=!)F_tzET=tN-ZDiwLTn z?`b-$Z@YK3FV(!|8^QR4@F%Lmg3{|I=>RpR#Eh;l`bey0S`j(LGfzacAqkF$$T^!b zAGXvCONYTiObbww#Cgdl(qYGvSm+d3*WBkY6cFV`fxfMPo}?ULW=I84n22==zMrqtLxdAZ(d6N6%!&ZFcax56b1 zPtJ3gYt*VnN1`K_2MJ{=)xoClctE|}bud97fEtg2fTUuLnn10p;rKR$P**ycUV|qW z3tlJ*e_N|~1}$2MYvx(4${$CmZWggx>9!2oxp4Qi%_yXw^wzj8BmsL_NXC<}T?|~l zC$4#SP|8y=6~2|)W~*)N&r`;ml|=MA+oF_hpJ!dd{}{eq8qRjyu&>8?p2y5$z#%DHr;Y?BEq<1;!#s4r6uAibStST*Jj5iC)l~LeqDqF z_oEe-d=_J?5UTS=(a9cS{f@;Lh@6B2!i1Rk&uZQ~V+sm=A%sbIS+JMs1{nDA`}@@S zeadwiD>h6KLr?r>m8wNMW#)btx5)YV#7H?$szCJ{5dmsrM-e5#w)S+cL-M-PULQ?nID_-DdFt@^`uX{knutJxfMr|rB>;lP) z3n4s{h=Vd=a)+)-kNwgBedlurC`G~UpxS#+1iF7}9f&n!HFLyaO4hOya0OLZ1*yth zjvXFmuyJCb59l86U=~8aSC!?L;948{nZWeNcW(n1slmUs@!DOM(sh6yL_;DXKCET9 z!9u2iP1YluAZMDf#t-ti$Afc>20X!zCd>_UR0f(}nu@U;@|p}|fHe=u3?EvedrO6B zodQ`M1!uf0A;DEGRl`EKX(bQnA~dv()q+^yhn*xEus8YGqE%~M6>yrZ;q83zmIg96 zXwedC3(lV*f0C;Ubl+GE@U8xAtYNDYs`&Lqwf!tCN5*u*Lj!kJwW5)+);KMg*h>4* zmg5qxc09F5*SUO<4a1FJ=LbxuQ1R?6>tqR7+!hvW!HK1biG%$U- z+WI35xOJ+eP?8y7{n!5=%gw<4=||O25MEV;AAW}P?!vgGP&CWE!T?>+{_Y~Mixv6gdsv? z@EkA9|i)ZGtT1|~AOYG0wtJJa-j?jEtnDUPRx`%=ncDXPudGyi!k z;c0%+u2D~_w=`5EO&b|RDS}!E&rKRn$|llFm97MkLG}whps1RYTf0lx5%eOT)kQNN$L#mTNV{X-4%?^>w555uRktb?%cVMs=?WMN*nZ3pIe#I$YdQKHmpVv3az0~qp!aTAT*`0D4`pA8 z(>;-BtO5Jxywq=BAjeC&eH5?8FlY@YiL;8lc`@{1>fsM8i?aFJG6nuR-esPB9_>Ca zzLm8TyTh-BB|yfCqqx5<>dsEFIZGl1BF6v9$4_A|#DzA{M9o=GT>ux=M?VkQ%&pf| zpeH&;y6LO+ce-|l=P~IpZ#}YMZ^3q!?S=>n<&A)kr4%)k==J`gNmESquUhXmxz*Mf z7!_VqnGy{|mG2xw!6-|!fZN^{s-6I}eo{>~(tPPcw*Qt9YY=YtT7H9Faw)&I7lWqY91NkTtFhw~fLnmi&5LH*SDVCf)?< zAjOW|`S95D`L`~jffnLR44Enlc)YrOyu95+^Gd>}tw$6-IS}Q9kXCA!+^9^x(3LnD z)ToOMOF3XKZy(H!LMRHYWN3fR&iDvkX5jH{XFQcG=rzRy&;`5#p(^F8&fRpG;KD4 zqgm3H^Q3N3{UVbbm%bPQnLDPsMJ+(bT7ermc@EHF_DeFmyles$i~PX*BbpR54u0&X z*l9XHfV}Z^#>0|!&Bin))1X3_b3dvsWD9yTzR(5<{X`AqmmhLD@k5f5PlfP%P$+^9|1?kV0W12)n^gKxEz)Ij-8a+pveI`uR-4gLRdgkBc#9_08L^ zJ$+S8p04pn$u3x>f*tfGNmX1gWlX3P{JN+@A@1q3L+NP8()eqb*q=WMYi&!lvTQ0z zzpq;X^8Td%o?Xqwzk+x>L|UssK_jOQjD$%>9$NB<`bWdE7eGy=hM=tJ6ajV%zTF-X zU=Tn$&T};<6tW6rls0S?gyf#4P0?sgEnuW^B2Q`)+Aa~}LnNI*l=X+yb6z+}eu>YS z6-y-w&Du0YmZgX&Slg3+vNQHq#Ln~Cv=Ayf%`_`9+s9eXy!IyZ=)VHn=4PmY`+eam z*y+2FE&WSFKRQ@hu~@ti8q-Mo-ukHgI;KI#LdLK0M5}_NuTEtEPpiTa=TgInAY;lM zkF%6i$+nO)9(9p|7Lgtg6EQ!+RG13br=EGnTOF^koks`sG#9GK4eX`LRirAlh(=>+ zC_>-~5E|8#+LRL3B%yNGb9&9>Yp;kEkF^T^E|O6s%fVr3_6_Nj`Z%#*!`FpDw=Y*; zEB}_p!jqT(gFHHwq{J^4i+7uSZRZVgU5o|qniYgED<#b+rYvt(((ht0%(AUis$dcN z7(Te@EZ>_>ME!_wG53i+m0)F9XPQ~K#f=W#EYwRM6mNliS{2wE5qawGg0D(lbQ<^@ z(j)CXNOK%e13FN0R>uUkz;>c<*a>x$%JzOU0%2|Se=zRdiM@oC$8J^Igcjt6kL0Du zPZ_P+#&$0*-cbny&+vuxv%z&aYN(_O>w4LE&!t$dg;Jq)6PnG<&O(_hS?n05heR90 z(_l8dr|?9M<`qGK$%UqrSm{BXw)^G-EV@9@=n6&0bq9GCt;odl?YONvhb+mpa+eeH z4|kJsR8?c4TJQ>*1H}%>BVNTg;_LstO#fm)-%|!HDuj~KjXv>W>hWm*Hh(_z;PP$% zX2{=$49`;QF6PkSZDE=z?y{X;F~=(bqb_|E)ZHhfKys&)$mmG#3_`7_C9|3(#q+-Z z^ROo)l0&Ok{BlgfKhW4ePlu<3E2V4%3Is zApgEW2CWp&mJeq>!TGPmaKQky2KuK}yCOumM(~0k2T@!H%SEP_`fMDb*j(rgCq+u8f25F1crK9Qn2(?=!zX0s-Y&X9 zLc5^S;jTns1~*#7Fno)P`JSgAT8VVWeLqnb==EL0gvZNA`)15??V5MQ&UfE+x5wFL zs&KG>ma2os{ywzBIs$JQFNBDbE7AiI%ww)bxTZo%MZaRmw_p$?uxk8En@0clG)MuOt!)DtS=%PD$c#A z%zawqlkpE?JG1GQCNDG<`<*@Onm@5#yA^9IF3-h2V;}T0#xh;?fv_IQ`&SdOlVH9n z%Zf4(iuJi!b(~u2{7Kit-@&buX0oH46jQJ)^=QcDUkBBMUVDMreR{}qz$@W*^uv_P zc=yKtt3WQ6yY74L!kV^l?DzV3^5Mv3SgO~_%$tI<+`^_|{B6vaB@1@6z)5$oJ-gl# zXUmZP$C(Q|ciy{QKq;l{QmAsHg~F$8BNGJ+Qs1bbYS`~(f>kV_f({~Lu1{D})I(4q z)j&;xD?yK?TK1}%Cc4<{@m_-#{b9irBk1Y3-|+@*{$)q$`Y#E{9q;zou|dv3aYqL* zveL>TNyZ|!3hdnS)6?;fAwxz?9$hsIt5?WU(p^wObx(bqGhvm+;ugprk(>T0cuY?J zU!DO^m{;@1mu4oZ>&7d&HJdF)3FS=U*6dz7hnM@JsUge#F|GOJi7I7WsY5SOh5Zsb zjw=x!222lnnfDvRZuJC-060~yTFMF(I%ue8J6xZ_7qd!Wn)&jGY@HxPJ=L|({ zwYf5Y-fNjvHh(6Ujj*tK5e&%@vJS&Q_pI9C>`VJGjq#VEUXT5?a6P{EA7ENel}1N);U`Y;kQn|@ra%Tv$q64neB!G$!ggvN26)Wj0^7+B)S9Rmce_xa0x%Z7nnF? zk;{^}55T>9u5Y*bZAjiT2_6hIt4ZPh%mCn9Ca-gCuh{-|*@IzBBc(EM3Q0O7Qw>U( zxHSkm@xaoCEp1Me&@ICY#C`Vlc?YRt+F2I^s89gm!8~j-AkL6@a0{_2!hjqUf}pa^ z@~A)+cTnxt1C~lxsA2^!wWW#(CJ`bA48?G9P{0zfp9EqV3`&KPm`|t%x*rz})gsi` zBN&uxT}B1LkOs90STVVyL3X19dAC_om%SeGX@4a?!0K(dyXUq3$Kdt#a4=t&c2Cbk z_4(TdX_I5YAHbSFvt)j zdr}CE;E^Y_P#JruMH||@Y*ZR#04$N4GK#?}L5tXyT!H8*r}3^-5--aM=5E7z;CB?X z=mu{zKn9(I55h@L;x$EYFq8IR17ViPa99js^9~kDRIH>u@u!%(sUC>ZQ^rzn27W{+~F0|kES5bWX_`~?;8+FPUm=@#W6DFK`qfqFOBKD=e%joQ;kvUwV=v!7D7D`?SpD`{ z{0o0oLR?fHwMnfCb2E9wzs=NMliKf(N9e_u)Lt9UYksqX(`90NLX*j5J^4QUj0QQb z$2ueukX-J|+nF9%G9z-&_j_Hky56dKUYX*A%bQg_afz*m)q+qTa3dJybCg@;3F523 zln*zQKw~5JqHU97L{TyJQ5shFG4kxuQ7hh!Z5g?cO|Fk=SPs=2SQ#u2?tgcrr1`y@ z%K^Q=H?MYQea#tkb3dL8`n3K}>UAGj%Ee77h_2rE4q}`!A6L7fl-1{Syb6~vWt;T{ z%=tF?J3jpHAj_&Z7LD=$tBI+~+HVT{@14OZ5++f2!s~pLp9qCywgjPIU`tgJ1nnzE zebcV%8}MNjf8S9nY)Dx9pv;FRDPv(b5PPu1w=>iw+LEQ?F7u?&=+FkJ9tBMCh z+qBUkNKRFZqoo^i8Jt@%KQ5Lv!2%UA1cY9^-$)TcT1tt_(VvsQfR4Vvs3-a8HF35jZ{3fl;V12dr?s1Tcy5SZjpt zQ2;jHbg~#l1Er8L6?r5K)VyEnbCKvHRy_E26!s0i+6okQ4}i}X%x5w*su4Ft5P|~z z#(<}TD{~vJ{Aj|!>GkB*$;*ouM@J|2V*5BtI=h88Zfuj;n+#&@AMYEJ_`zlEU)$PM zsJQ*EtM@af*1wm%bnu_w1+V~f28`IUcJ_2Z@VGz^SLZTVxm>iHvoXS$*`KTDZ!ew; z0sNqTVppzQhqXl$rY5@J`nU^^_Q9NzZGfdLR1y-)UH~aiyGWbc%z4P>R6cVE#i#}1 z(Gv6&?P18J%OaF^)og_j>B-mH`Os*Pk|YSK$``J^4mwAoqs;z)2vTmWVjWQDoSe$J zvk5t_vBoRJQt~_uC2mo~wDYkUG}ywXq!UuPM&D zs7B+Z&F@fI8Vm>X)ZmO@=NVO=%qYK;Kmkw|>0qZ~;>sn=QrtXP5=c*SMLG7sc)Y>`$SpiiSyCNruK}A| zXa*3mP3C$u&TIpe8Kn zB%hOPCoZE(Yu`mLMNMU%k_a=RYPZX=e(4I(OG%Vh7iWT-=SHmHe#?$UDHEJ_Ly&ef zBl(23(gvg5o`}6FldbwIc~?7)0yD`*SeUsoy)``p1ao(DwKI2Xp&fsxwDRK)N}DfV zi3X!KHH0aNbWYs0=y&{qvsB&5lh>GXoQ!yUEx!OiqMj#h-2btZlC<>^!~d$r(=**8 zk{eI2fs#FhC5^(@4K$?~hVn*;;>08yr1SXtABcx6((*StCMyJoX|IEGV9 z!o13on9MoDlB+>+NP%trp}kx!vhW(3i`GYKO*V6Gu;_vVRy>$NF(Nx61Ot4MT@b&ePZ#Bd*e>WE3@(g?4(91@oQ$x) z@7d)fy5P;8C~O#~ozYpEqN=-J^pkUK^_(-HkcXHpiU$=3;2WMS1 z@^V<@>pGQXNm|N8pA=lBNjx{*NbQ_L$J z8E)Ev?}w~m`EFx6?B zL223Thnrd#I~zuejkLzCtny6Y3@!!2q(0Q3aPpam(&5(Hu-41;m87mdx-mI?9nzRcBLT^*$MZ85=I4=K(8!*( zvqx8dec(5LnM@+ZPF* zbtUCRa-z$624{|@GFc0t|27pJDlunL1G+;2=arZrO4HT`Y-ghnV6EZRs$w%YRRM4n zv|Ak=C3GJVdV9@1d!X*vyD$!OsAG9a+U=^ zEJXVRaB(={)jcV@0lJC&1@($-lu489dMF3(o9s85PNnHOPvwUIxlT~_$6V=^cF`(7 zA||b_M^!J7MBv58pKv3f1@(?t{Gx0|AYPKre$bWKR_Vcz0DJ_GZswkfw@wrvzjKV+D*>5YVxN z&31ciQ{K6dq!+Vfl6fasdwCyVy?#4X!DCI%48yg?R}8EsjLJL3LW$ zNF)-79VOV;Ttk1H+|0~eKLXMTPP!H^KM4BoOS`UX{n+-nbMmRp^NxaF@1>%V z9^^cW@S&BYuM0Mzu-^516itH)#G>gQZA)t$Vz4#?s_hi_9B&lQcU~FXx~Orb>@|d- zc&Cgi-&2y;R z#iz1BpC;5=Ji;>169@dQ)$7H+T^jO3p2pjky>FitKjewYx(&s1I=>`Ez-q5F)5P@p zUV!?p`4_IXn$IZ59b7 z1lZ(Eqe(g|pCAg$p1&+sIQi2{)i<64vc>L! zXuq*YD+pJ(n2S?C975B@>jCPBDjHzVoc#)hsVcynn{GZu5ORbxSi)P z5@n{38vKY-Tqh zS9yuK8a8I&Wb=|UnV+w8YzxaKwq3t|eEZTYKNlCw&^4)`4tX-fZXoPfCUaj8~)wO&xu=#%y4S=&Us<>M`aJ+!oxZKeW0U!?2*K9MzBru?!N zk0=~~TiPQdC(Q3-c1_(~gMOBIS9-+LN+>M!$dsaw6Iwn9JS&JB?7=#&Cq7q7nYRY< zGFjz#TQrQ=c_YIG`bNC0Kg5I^=PEazIB<-7b{ct@S^RR3@rK9Q`*sr?fDNGR{oR9HWNC$p<0CBjq4y>R*Fp#Y{6+{r!GD z#`kNtukIE6Po5-C*=;c(h`xPBZBRn0d;xz7WrIlsfG{c$>!JiQCW?_6Mv<6NKmvU} z;4U~_iKer%A3n{J&aH&cEesbKNb!2VYoZj``X=-L+x=;GTMkB-CiamJbd+xxFga!l zO>>eLL?XE?8Z!C8GeN?I>=TWDgvIUT8H>ZYu(?)lZy&3LvwFLJ%) zBFByR1=fD$evQa{gGjN-nR5!{&nSw{RWXij245n`1PJnO)_u zt~cNoz2Rn8rK)7T@zL_;Q%^8%K`$I-TH#{0tQ(X7b_AVdZ?1QmRM=^ixg@plnZMFc zR0Vh8{Xu@dfXih4IJktreLOk19lL$~uzb4rc(ZN)XzHb}Ze}Q$;?$s_E40Am#sbD) zmFB5?f|Qkf`0RU!Rgb|5E`8;2!uAx~k-O;ZQ0cQ8SAIR-Lx#-s^>xE5CT3*lrD!Im=cvs% z?)MA_S%%6ibh&@4H_-Qfdf8$HQHm-!SXoJ1D>4R3I2ptz-sh{2ekQQU(WhGbYpva0n0%6lCOG!j)smSKPe zu&APoBzgd8L`s1>7jSE*UU@Gg8Zaz7Pm5Q-9z}^_8#1v z604{X`TtsZ1||lUNOqP8c9tl1fZ+GzqUGVF<@d$I<)Xv)q~VermENEjpfD23)U}aa z)AH?JcN^c6)Rq_J+N4;*Fw8ItGZYdu^z<|I(qZ&cwDL59?9n#^$29-1!h9ku-7k2o z@GUdaY8&wkGfaB}M0g@a8ENV1X-V10xk-5;HcIOa*R%Aomgn7n%={b+UYAL%`syb{ z*&t3Ski#Ux9o+$XQ*+YOk@7NfayZ(Y3f_|KLwV*F+SW;QxJ$%H^OMC= zaz)9>*0z|j^?3Vd{Y2ccQF`03qVG2UwQ_q`Z>Iukc5byETvjIC`vx)o5FAx|_U8gJ zkjW!Qdxk6CcF-hk{=a39gf?qP0lJv5i!rOoq{PZvO8B`CPtefO$ml|LyM(KrnG+lu@Tur$q-q?qdi!hY5i5$jKgaOaCvLgMj~X z@VjRiXYBZR`S38|`+B)2a>+abO(66LdEoGYlpu0qGzJi;^FtIAa|G+sAo0I+o$!r` zO76x~73l}MmOhk@CjV!;oRc%%A_ZB^9U!LRObH5LGwd0IT#a|%-`U6pO$t;MsaPqm3n51h9=i$ zii9*lOR=ahFDE}eJxeDkGryc~BTq62n?^$;ODhZNFdF*g_^dQM02CUD+W8S#xqpxd z;$S)Ico`_ekJPbZCX&>kJ4!iMIyy?}Ns4UFOp74SLA9}~j5QqyVcBWL2@s&NRc~zWG7`34 zNVIO;56v`zoJck&O-O`{6B8+G%b4)3{0wB8@NtG?Q6NrGjTxre1M;klCMraM1b-kF zFq^4mSfR~rIBz^@v+R4KEl=nL{noZhtWM_gu()-ARr@It5YINXWLhE9N;;nF{J3t# zL^CJTS5;Rbbd|qhlqbJ7sr;v%MxR`coa+I+Xre09iTmFG5@ex<2oOTwI72(?ib|j1 zyRJB)jKHW!;wmJeOWo_SD9H}Z`rdHNcgu+{6wYR9h~}vy{epIYf?r2R686gjfV?x1 z3sz%?<+2``jH2yc;(A$(UZ)G7xEw0v)R2uLxM*tUbeudZlwJ33!Jn0Uj+&%Ba&l8<;<6b~ zLf<^0E_peY+!P7NBLa%Wj3lteD|AKc9Fe4l%i1R9w&H~Y11*^=CxND3KW;g7v_0a_ zgbi^kRb(9Sc{q#>6y-!_-)F(EY|Q)tOS|Z82HZZ#5b5uUqMKA>_-Goj;Eu zI)m}Yj=6wkwnJEO8S3_3 z|E(U&C>4eFXjE<5ZES#N7Ftb30$)MhPkJ^ezv38}Kg8X{80kuW^3TG4+Mo7@mO0~;dviDp}{`ioV|#g`7J13nG3 z?FB5jAk!s*gl_mGx|DpXX2fAHH{E!9pqLD>NGO7LgL^ULI{)>9A1gD&v#+gn2ZE2c zvuYLp8|`&)!j@Ld!g~4n&zixEP{5)~o5;~+j8a_o)6${X3c|0R-M0D%Oq_!j+?(~4 z|375o6ousf7>~}Z!3(+k_t`D@dvYuaTum)^mr340=pUhoqLz`SnUh~0UV?!K+uOpm zEP6esx4U&6b$plOxupEPNJZ0hPs%dX|HvC`V|p%{OVb?hgNpy-AjBu#`qz=0wIC|$ zG5JwC>P3o53PZ0s%kmhT1&=!+iEviuAK&neqXaF09WEbRH|hTvRo{A$0cB+G2gTiH z@E4QZ8yR)7f~CMM`T~!v4#jyzAgzOCr18LA-^x*i%zM)pik$rHd+=uAWIaNNum>|y zYg_9gfd&lreu=wlxr0g0Ob*MJAqCl9iZpz+LqU#Ddi#@k1&E)aUTHHtL(rJMp^9{w zx)RYyxAF|ZRO`L2z`@%1pXc}bmvm3k^l;t1MEPl86E^b0seCqx&mKFo_S1C6v z65dEmA4tw<^6f;#2VhuX0vbA8$4p6*7pQXTiS=|KouLs92m{MxF`|&%eB(VOWH}G+ zq9O<6=mFfU)*-z9;5i)K#Ek0K;TpbP;YQ%bdD_d}9T$Iq@-raJ9`v*>+;;yw)=mEz zmvzb~eM6VMCy;DfHd*$|DDo`!i>^QLa%2}ggGUZ9z<(ED-~SrcRCVn)8Bl!x)5+Bd z5U2@nZl*#zB}J~A!|Sg~keSCqIyl_TxEAfV|L)cSrM_gI(%yHS`DZz2zu;Xp$t906 z$fQ_Pmj|DAS{HVsw!6Er@2{(ZY}|M6kV zoA2C-Y7q>!#<_TQ-$wPO#KjlR6)iF0eR03!~dyL?>)E zqj8-rt%|uWzf@4iT}p{7DZl8XFi~|dsbmIO5{piAP*1DnE80~_odZc|m({97r67V5 z1vI5ZObSZEQ{f#4aGxa9>Jq#gG(=v}JTw6_!;);3=8 z*-B@okK3ath!~(Dd?z^Le&QR|J<&)WCoRqo3*ac$4Nt`w+WZ&TCA4C1!*@M_=?g=CKe1 zGqdPXeS}MXx^r9!G03U0I=n@v@>TU`OLR}w*6^k#$Rr?%sA25*h6TT8t*fQvTH0)( zcK5=(HqgJ1T7))gV$d9mhV2b*Es6bWdzsky!g`MBO)(m(@7;z6A21;0soFHIJlNQ$ z+S2o1=I9Z<)jM{>-I+Gqv%s~VH_Rv=iKcU3H<)g?wkkdt2pwMo9BCmMS4DsqKwGsT zq#Ku@Y~I=EgmSF8n=wAV)?nn`<$4FpzCF**W;lU{Lm%}BukM>g=rnIwa*G~L;Kxuk znz8(X@92n_gmCvbn`b%Pj2WoVRm76r-MBlAa^r_IiQZ&SThd#^jv0KnyzAUI04Z+! zOLNKJE*HiX`2|n*0l@75^vHq!&lxVt%E-@9H!95^I!(~XO;1eFxBq7$&E~;xs=)sP zt^b+W<3ppc0A1;Pvu$|Ve-p(nwqLrX0l>{XNV5G+njC08A6grc*SYF=RK+fT zA;}|%5hij*dR#;0@UwJZ)|_wnZdU$He7=Nt#eY6R2p3J$%a2B3@MUay;rh*f`~yGx zA(@IUm9vg}#sDT)jP}Jq|6fP`NYl}o{r`tTfX5>Qges8#ue+zH%p5qd^1UdgPbR}V z*+zDwnp@JcZCMyYDkLW7=qc$ar9i5uRG{dyKWYB%PQkk8DUqqT%`zlz00B;vamM~P zGt^SFG&3|(D++5%^8cS_XcX33PJsYyvmtO>**tQ569xZQaSgruj#8wPE8g6$bc!IN zDngn7DpC+d#o7|?HSN8+y*@0c`s;0O1J0S8xbFEdJMERroOIiOyB%1#E5O+y+f*BO zeY}`5Ve0M9?#Jy>Dq^*WMt#o$*h@9luwmo0P~~tTKetj{4ba+(BV_P^4yk#DL~$;_ zle^|zEHMiXCgtKu3Im!FmMWVxP^RWXX7t!9P%jmbS17JzVQhd%{lHv{s2F>>tiFdc z0l-AC8jQ*z$fRm0+k1`BLTmW?otshPvKviX+zc*~5m=fi!Op?3>vk&kKcDGPGeNy! zw3ypqNNQeWi)FQ+VAF+dS4!=p(kJH+NwdjMhrZitOwp;yO>fnB+0{zBnje-IpT3m1 zPv9Te<=R(pxKLTxvn@oShqYoHDM8Xylo4mr`>tOA<_a2=v?6T^KYTXyWRr>g z>HQ|c5;Tr0$4Dl(sXL?zT14g01`*^E%Jo`7a8Utht4-_ZX$lipE>~8Nwa&#SyUn#F zSQtX1oKU_SMiH}q>Tex(Kk?i8SMo0mgl-bg9X_lp&*zJL_3+LIsuMHjX5uXVGEk1$ zBA0gLFlL(3+i&ysG5y7;ZLnuj2`7V!VG9hP~*Sm4)g(tY&)QSyyg4%il7Q$KnIaRDUKK{*vd{XcS%cH;k> zRwa@9a4sO!sA#n|OPxjE$Jp?R4t zfvn|Blk_0`-3dE&lzJ>6WG2tMpRjGd>7#9y!A^-`>!tqHl~WBqx<8xT?|Y5MamKH> zCV518lyD*7qY3fVzX_dWcj97s!jj;4;6YA~WrGBUsHR|QrLAY=X89oANO@D!;o&MW z_2Wb)xR~*>S;*Nd9E(cv=8CeW5oxNi2)ztzbE(<4DJ#>t6n{WhT_knI>yMcAIJnefZd|9*2Z_?@Fk{sarL6adR9fZYwVhZy-GvZNa1Ew+>XbS@C zjXt&D2)V}9%Z;8LmVD{m5%V^}|IM1T955qH*ndVt9k(**72w1%u<9}hR)~g2*?p8K z8HD_TAz~&ga(0%TzcauZVsNEdfOs;WIGsR?a!{IjLPbo}Z3 z89sYW(#YNqc#aKiq#5C4)K0=K#e4KyggKlLwozgxGH*UaNDTjaJU^uw2)%3q-5M$o zL=0v}LHa!Bv~Jzb@1}EibMN?Q#vAnbghEZM*i<^w;w2hs>ZrYLn~h!{(YB*w7BK|bH(O2#d@ z?N}KeJ$y}jdwJZtsH+Bcz{BlULmk(geY|vjH!D9IL^HziQFs(ez+k)B#?uarazyPB9~h-HoDxM(0S@awZ4=kT!Q) zclh3mLm8n1*e~@dkAsZMl*fsa#v)>|q%8v((TiPhKj2`vi&>*IL~tf-xb9nIsHpD= z&90riUM5V|9y~x^vhRg&K~31o7o{P(zZC5gcOw2u1#u$JQ{I83<3CSJo#2pDUF~Or zYQ1Yy^CH4nXvB~}Kt>LUa_P&aq?Gr&Zw~K0lGaU+bs*QrqcGW$Y2(eWz{EOAQOWrm zFw{(q9G?KDA`Nt8(N+d6WmKWU{rHzXPOEals)&& z=W!bRE^3q!1uTjBap&!LvhO<%t9ZSS#f@(>fj43E{PfZiAGOg1HDTMFU|jC72E{Pz zdY+urs#R*u+1N+k1c2OWCUKshl%iR7Ik4JwSd;KdS{ zqt7ZPO`6gx$32r^wj%JFaO9%KvAG@ReU+bwQU`U;rROz36?o9m*Cl@2*hf==CJ(nL zC`mUiuL*DS*#v9gupy9cwqo$}a@bDxI|nBeGBdE} z;8TTLNeWH{1X3A{$I{GF<$@?lscuWaV6s%^1er_a=h9n{Xy6L)7vG##xDo{d8I_{( zP02Oll3YzZqd!RjAsfv6$uRcv`Em63Xi1@dVkq+3nI@y~ok%e4H=FC_ZPnzAUz;q# zHaJWDVbdZ+OX*?LPH+S{t<1m}fyDXas1Vj3_FMrcBh&q2b_?N;Q9x`bh_6;o%!dIrzjaa2|*YXVYLX^yi>@@X;VC1=PH8CZ$iDu-r!S{2M2Sv`{k0Yflb9 zq^Q{2%!~^v3&A>YQomku^JK0L$}zohia6M5k|#CM0qcN~?8NkwS)fWbjS zEBr{OR}-3A&2sCCUuUhMo|Yt9`#>*t#LzdtdbELMX)NehSO z^7iU!gx+2PF&T4}{s`&{dY|mRmgBRiDV!x^j>iR)k<~NE!Q3T|Dkg7LrhmR4Rw|Gk zHe8$>Zdt``zeoy~3T@#p&zS>-VF9bVIuhIeJZuWuALvydgnNz-}u!MQ^ zdWL64DkiR+I@iR?%BE6f7N1>fKF@ns1@x5#jb)98k_mzEec*4jde31vZnHf)`YisUb>Pio`xzobytJPj{J>d+B zmBOx?UL1&L<~lhymu1JZbBC#u>m&H7A~mz!E|4DJOE;|HWF>^Y!>C7WLiXUQ*|vVvG4ZyL?9PH{zQ_ zx_Xpw0c4bpCwXP=vNm7Vkus7dh#k6~sl0K@2t~y;`^23L3e{mVV}HGTS_G3Xkm|^B zRc~fL_6;*iHpVJ&!wkwo-Ye1^QJo7@+tbjIuW=u`Di?u+0kJq z`5DRCIoTEINl6*WmH(;Ej_eb!ZW`sC?bU_Z1tNLhKli1YY5-Lk1c#;{2#=f_9qZ(+ zwxpjt{lMzwI$p{^;edVX>jyH&94EVtzB&$WZSCw@l<*)CGYUmfr9~dM->*C{iO6LO zyw3V%*~1hTka-K1F6?q_f|PXs&r|w(|M$CidyUoUX!ZQw68;(qwC1IS8QALV%W^6D zXp)t={GVr=={!dt(y5at;$N$>Y%qx_K%VYIdZSu@~rH^jFae|iR7R)mgh=< zX54l%d#ImFT_sX$-5#E{5xuW`4)eVr&l!$8NX6r5=rmO?FRsZfGtGP)eEG=9%+!;b z`3a`_+?E{ta#z|v9r$b9<>m@j zspg&uwKK8xP`N3h%J}e~J`OVIJ%iCKbFT1b@{ zMY`u&%(RxtS|It$>aGRnzR58hI8_Tf>QVh<)?M-oa%B?hSpEym$_;-%_TN4p`fR6f zHFWEpW6MFl^He;4)dBob{P{sX!5GI_dc7;E{J4Kav)8N>B4Ym?@on|eJM)lz4<4;U_N9Gbw%qJOR` z%_d8Ci^a_7wJ?!am-V>Ln)@W5#P%KF#Gf!pKAm2Q^mG`H&y_D->}*=OmTyyUUK$tbrg{astznYrybq1825feJ3SLw^2cF{U?8|H&SBGagJm2ITUJ-=ww^4pqI82zSxkw)d_=@)!B&Wh)#QH;>HQA!b(Lm1I1^DTGNp5`;W^4f^V!KLGoP66t2bwcx}U^19+{gYfDiitS#T z18${hlWQt8Ws|d_siqfeF6XA3CNC)6CHCw;J!Yl9obbU)+9RE6n+IFWhtIAUS@G{mi%+a5DC6Qlq z0%o0HP`G<~x*RP(;mgZhuOUN`*?QC>@Ts|m&x;r<yl(PH9^RVbG8tCj8aMDy+}aoT?c6`%?S3q;X6(RJ zpX>i6o6TJt4mUGy+4}0kbm3sEpt+T^($7d(CN95RRG=$=ma``N>?pc?U=xFwqD2BC z*>sp1{^X>+xJAUI?C68kktEB{Nn2U?M zFE6LBmrYEYluVQ4*37VB20pq8ARD}jZO6q}WZ>E`7L(pkF3!MetByRGk7;tQ%}rlu zkc)O#8wHz;SQ+no+GK;o==Fl8r;knW5?vIn$|F@0#oDI6v_rkr^WFfte32C%<=Ws`Qa-&=T#*??Wl@m^U@HS5h`;12oe>gC1h*c1WjGn70M z*JKrO;4U9a9eaio^DNj|0vZ zm#ZBCvx#$B{UFT!%Cwe+5B5M`OMSX*`As9snRf z8D3JA;gkviP#{MN3f&hL>aZK<5w8N+=0R=hk2HqI)v>@2mZT3u5sat|jsSbz2@sW| z=y}C7_QF^O6~v$-e?*DK#cZ&xel#{KAw#2MblSl<8e25qas3&Wj+ z@;H=`th^_R$e##mh+{ZIjEm$Fd4PSy`=;HauHzJW;Ee$qAm!hABx#9GcdO9{#lnKG zZxv%{z!yX0TUnqGOI&H=b+TTD(m&t??~Yq-TCfdI5gVG|Y>1x&b-C9<4|W_6`H3jC z$0E$X*qT#_Kq=XijQ7xbW40?dk_9jc*|`jODKTY98khs|JN&qX)v#;N5Bq^g3uF2T zbQ$oOEnx+ct*=@kT}{4ab>TOLmPh^BIOQGiI@7iKLw(TgomZp|WOQ(jpbvL()xUX`#r{Z-#VB-Ea5% zecjvr{$5}2f5zwYInVQ)bDndabDpi%mFwEP1xH5Vb@kR?Yli4bmb)vC@UpN7Zr%|J z44+xUz#~Gl;SHapwJsk&gJYG&uuD)3&p6YxzU`G^dN(WE8||XUCU)Dt0I|4bNwR2$ zvzJKb%^L#ucL^SrNuhtmNsx{laaPO^**2W`n*GIfN&62>^Cw8=FS#T%rJw4<@5CHz ziX8G}aa+flxSt_|!^m8FhKuHeyyvq)Lq7hHXO%|=gLE7CbQ3cYcBcqVhAG-7(jBDb zW+3x$=12NJiLeUa!nuw~pLHu@`^iau%k*6^v11PzIgK>?j=W?D6yu}u26_i&+T5$y zx1EsWE4?EqYNSLXA|FmVN|!z4yH`O!bf6Xl1!I$GKzNygC~%q;%Q~##D+tux%PGwL zSXp=`J)Z0QSot&E4XGTo5d^gK+v-g!^lhaomZkb`hr}mU=zQM#Pm1yDXCJ+*-|JU* z$Ek}|nO%l`{aP}so}xi?1gCF?ms^Ky2k-e%%sQF?TOvd1(P)&ubNbA2$%^+}PIaY& zQPLTuf);lY7($!&hsGlxIfpaM;~GXM3fvv((0lsw?P~fv}30LgS6MN za84l=M!pzF1LsuZ@}Y1guQg%+9# zshWe8KJr~Fjz8xDF5-P{;F}>PD&KSTv|K6e-6w4gDaNq-!v|-q*|CkK2w8~&mX`~O zB~_#51t-{(n0!w5zJiAe8)_=?T^%@Iv1WMuh?B~e-R)pRS7#n?9h)vKrx#uG$w|Gv z9fBm#VP`rPX_-?d{zgt*1G>ZF414H@`0V+NIg7O=-HwS*O=%uUferf~(F?k9I8{P& zBv4bYH1devskKlZ8C4z{zbs>0SskyLu=jgi~6ywJ1 zO?y4YrL?KPcHz8=_cdh$bb`&~A(udOr&wmeUI#N-qzIU=PCcFX*oatJzkz5AMzz&y0tK=7mPK_D0ZDO~kJkGmCvVy)K49U=vM4Mifv#7W2j&>0wYY zT;D#)wNulVse?P-SA^SwYYV@@Fc?+ln`*dS^#0AQ>$b-8fmEwN%!1B(_BR`h(k=;) zz06@1dC8)z`7BPxFUko#l9kPNsOBMW3@IhidUGmk%kFSS0HfkLmua`F2_hqr2FQ0< zvCjKs-0IrwZO(PU?j&lbWhc>BZSH(t3K7HL1Mc`^)`Hu8>gzM zW_ZRdB(K5^syPtp7&qnwgTIHa*~l>7PdnfP>J|>~mniD*b%Q2P4k&ArQo5cN4c8)` zAD(@FX+DlOa#D5vh5YqkcYC#ceyL`=UgV~EocZk(+~&>;V-1toixTO_b*EZ^s;(;~ zA6#}3R5ULev`4uIOqU;2S31D7YcSoWg5G@dJVR2yy)SWdXTL{J>bc9O>!31FVP86y z;ck;uBkJQXiA@#{)vz7j7CLa% zQ8Yfu*X_lI(KdW{v{vbClR;{3pz1q@{>dwqWi3S+sB>pjRGjz`9Z1Q!V5Tc$uR=2! zWWe-o(*ccV{Bzn4pS8U20lj>ttUu;ac>RK0TXs&@zA_i1%x*oLU}e;ZWnocWwnt0s z+5OL-<)S_kSjPQNyBFUobg}Pl!lc_}!p)eKYNOvU#PS)az1`c4-gmFN?839-j1SuyD;F*B2W;`IG9hd6DgY?BOkJ~zsbazq&llo#!J z9@pG;T0rBp79k2ozP24E;2dYpQ~)?@kS6oY%x3BCN8k)_TctWHcsec~c=h3!1XjX`L7nX)$CC=bLMoyif1@Jy5*wB ze|JtkMD#Z%26>{F!q@~9;^tdV`z-j&)d+GK0@JohO+Nad9Dblzz z`RQpR#`^T}?~JeVg*0tO6`EXPI6vOQ^R|2>Im%Y+u&wKipTY4_laiF6*{G>J)IPr| zx+XpqKa4P~ZrhDq;VNU<8XL>la7KR3m-rn3U2Iy#3G3RlpIGFCE0w zj)1G~IG?9^A%ei~)c*jsjd?X(xFEV6QPFl|yx{(EvR|g$7DY~S5W*ox=MD+ZquH@p zpaUY0vtOoP6vF~XLNX|q&UWzHnChHV_0+R<4`%=fc<5$uvO&uC(%UZ+hu9UCO!|D51I z;o>>#kg{ci(}$oC-@)5OI9ww(xcyy2^e9Z|@x;;5-~qv)tqyLI#nmSO;c5eH=kbOQ8H3_-K(8x6Hl4(b%|#ykH?Q1IE*VaF9U2PiOYk7fo=|wA)8Xm=X;+lL9q45dUG^560%Mjw*<;nUVe%C> z&yOrL-2~5>8$JeV&Fc2O3lNoka79@(-le3?aiFhY;+TtSt3X%k!nA^4wtB~>(+fAn z{oI4|0|@Vbn>8Dle@0(X3AE}|&AXL9nJ}yPSYPe!x79*x?<2V?&8z{>%8#SZ3g>mE z=X46M8x3c&e6?@iym(K-_k4B6uBoiRsSkrrM>XP3RR_P5?eFDE+pI1DQB+jDD3}N8 z*k>B#bdzQMz1+;g)&=F(BK3mTU}LAC{a!()vbNn}zR7kEUmi#Bb&#wp`Ua{j%04~! z&Mtb}zPaGcNv7CFCGD%HKApMGzQI0+UR8bnN(6*Fv3E!m4<}KJdFniT=8BLWO z1tI*JhHLdwrD9!$arYCOERBj9Xj2P)k{#|#jh)Cej2)Y}`DU(L_=?pr=1avUYl;#J z9hGJYVaY5KtqW=;w*mx8544@lhr|lU3A*k!Is8(o+##FoMxM?6=$o@VY*Re+bOu`! zKNb8Le+Y3qj!qd+QIGQ$3r>k<2P@fd~IcVAQQtSeGQLTic=0 ztyA0E>WwV*yKdAO<_NT0s_eUWQhh8n-)yhlYp)2aKHa$U=Q~&d#sMZ3>=~$zgQ|Vbf1$pOkm^hf|dLN>pq+$7b+w`^gy<0yS*lz+gdracXw--;Vec<*J51ZH^^-?aj zNRm^C>BVvJEeJ-J(ALBQ_Chv8`)dsYC-C`wnciz~aHe``Q5u;Owz^@%!-J;SYo2HA zV`k?={2pIx(Mme5Mz*)b4LTfTK!8T!;z^w?C+;z4cW-Eq%!6GpkJ2ooj5tmfaF1Rv z*L*(g&AQ#^4?S9-MaMG5KGcKTC1ORJxQ+$p8vwVq8F|-t1t*VM2+n$!2Tb%=MC7YE zwXvAX$I&_Nif_EIN6m-(k*eJxy61PbY}d}H4bVp?ywphFqbdu(FLPP&e)j%eSGQL?2*&$d?#9O? z%%?L=yaY>2sWil}IU%&eKfo(@S|dwuBw=GGa|2%!WpoBaGwxnZJAN@E{+Wb-Va

=_Z)ZV3!8T1huvph>y+IuPV3YRjK@eW(1}iz?n-6)eB7)dl#c1#6;7$^ zMqP?Z3$A`LK4Wt%AJ;^-DAV4_;+Om_EB3hnpe!AZ>(86(o(+1Epnk9I4o@U(s^iYV z>|3|Y6jAY67*7JqMz>?`-Zr^hDOCmS-lUt1H0NeyEH5(r=sx4f2WM?A)M>lkx4WOR z_97*!pU$1-HD(Xlo|>W}vqd=po>+AKR)Q0w-MeiQdD)5W*QPN<5dj+CN@4F3THmC$ zAq#nFliRn9JDyv#f2s8u9nIdTHHw#5f7GJ0))45*#<^W{Z*!vK6dBL%Oek-?0$DtK z+Aw^=iYa}I9aJFQRbfhGy;M587=aZ=~QY zFWr30*pzyiv~BSokPQ3B;)lLZYZa4(iXVLt9cOJJH&bt=GODF~e3)j%G#fuyBj=$K zJAd6{lJ`@&+z2A(H_jbL62vH4yLYrP$2nT%WWM~lb3%mi=E}1{hb@g88Q*8!3ybGV zjI*oT#0QdlbMr}~@uRD^9gfF3wO-SH5y(rU?XT5zLx7^;s9Mu{>c7EHjm;g__JjfF zki$_@*dvHcS+)!7PD_cInz~J#I)~j0!*mZ^8F)XB(A*_l8J zcf#*uz;VN=u<7c0D3@G|7-u0Kr6=`(>2i3D#yclDOqQ7ukQw$tr}eI zSNVODfGAxLihjZ;7Wg&z5}A5poJz=Yy{r}3ZA^y~vrpD~8E=lP8=;J~85dtTADpXv zzJ-#!fCQfwZsF+SI>61=xkm4(#A9LJgu%yUT@I0YQ}82I28Cf)c+vA^3n^`eeU)j0 z+;*x)O5GXnBwLN2My>A$b**rAcfOV#Gxn%NdNjjI$--*>W>HEcV({>03&xd^>Nz1o1t{X;@M z;i^p0;d*Zdgu~Zq#K8yGUa1_hq&>6_n%Us%O7x(~g>YoHOR}j)mR!GWe8FZtr}&+x zqZjBT>OCfXZYD^*J9!2ni#)7z26j*B)6>^XCpJ_CJ;mEyv?pi)Ye!$xUY1a=`xhN! z=X<0+0A}hS2rCNfmb|BfUaPjotR6j;adSpuKYS zLUz#{5qN4H6MxSB0xU)g;(cAuXeX*L-^sWq+lO^i@wcjjgLhbYIK{N?H zg1*(%6!lE4DZLoi;fYzkPoBM5j{|9*ruskZYRFi_*+hTGRPHPzGNq>>!Y2ii^Wh#a z*g7{*6Y~BPFGWTN{f~F09_C$_&6Vgr+dMXxh5l#|mi*|Eo^zMsO;u${OpIkfVsoa4 z+RQ87G@ZoLf~-Af2zy2`u|c*vI?m4}cJ{1y?GqW@QpdJd_XQ_=cNce(G+yj%U34qA z+4C3M!<|oB-)d&w)_0zDCvYxyT0GnEeh_QZI;{VeK3oYuLVln10}$6cfv3=Pk0f$Kwi7RazeLHr#sK-i;bM~>BH+Ua~4(oQMU4O^Kr zT|JnEfwhsPk(ue=&<2@Tll%V(|5sY! z{}44Oc-8-Z1t3rm6a-el6M%o3lU4i^04b6P0HFA{wn24qH8A*({h#vfTmJ_`DdA|7 z>fg%MXZ(-*|L6Y46L9VTf&_9W;;?^t8$TKUm6VlMj{nLKHI>!z|5qSD90?E+1T>z6 z#$m-Zuw)EIUfdf^M7y9dXp$cc19$@%aSgD%IGliRLwf^AaSaq4Lj>f-JpqC%03!fi zWPnH_!bpH89s?%<%ayG7OaNTqL;wb0;Vzi3DuLrErsqxh8|DI_a0CFhSZuLD0zd>v zu-^%ASQws6bo-06j2Mh&AFLJQN-=Zu_3@izXM#1oCJb*!C0T_|In6neV zG~))Rh~P^C2v|42hEB2;2DrT6d@u6%F= zic#a1_45^tC*=`F#E}UU&ASjN{p1FNqe#oj`??nq7#xwx0tz4ilnc^3_Cz4$$ zA}%Rnkt<3KL?Ybvi&K7WXcQu%2O5v3)Us?0Uwqe#3@5t5aGwV)O3$OuK8Y*DWRwWgCYE^jTpQ2l?&&6-KVKmko zO^x!Nlx%4^9(;aBl?1o-}?H}3#nJSFB4zj}i~!tr0?-RD%{_W(#0TU;YR{4)d8 zM=acvsu}_gN7c*c9PcZZ0s~q9>5l!ASmFOf06`{D^L|R|P0il^k^$gn{;#aGa{XTo zq6As>|6hRs@#P_(YTlHY_@D4$sG91Z^5M^Pi|IWI?Mun|up~GojU&K_lx!bMF|TiC z08|nroSKENdPts;HT^VV3n2ruLfCN|M?}L zMyr3ChgJM@SmFN&Gz@`UcKp96{r{=|Q=EQf{;#5@w(9@C0s-Q#1RNRvN9&-=D=XAB zP)Zmkxru8iQI}>HsbM6X2Y`hw=F>|P0W_9G2_W$0Ecl-mZWTYp%K1N;=ti*x4Dc7Z z{v!VU_^+x8S@r*4g4Ou{zl|0Czc`;l0^T_MUlsgm{uBR)f>l=M|GxyQ{{O#?mHGdd zC7Q3YIy?@8M)>{bqdY<=vyznu z0)DR#MkQOFl>7jHu>Xgmm;jmZ7tI2G;{Ook@8|z&;MMd0zXU(<|CPs0zS$q7&i+52 zsQUf`_2AGCUK6p@V;n!MYUy0m4?g^fO$enwxe2jI_tj~u?;Be>dGqai>VSg65j+-; z41HI^6Ce@L2qJaA!p#K-Cm?@N`t#u$PXPNv(Q$ZSDZc*bBOD9I_>rhB{6L+{dvtIt zl6sB?k3mz{D9!| zKmtQy;I2Os2Eclw2{`N@DTx4J066i7#^#Ab0vKwV0uazYF1|X{{~RmE|HZ>|OGgK( zhX2>>0R7wZKZ+kiSLc7f1grDE|80O2m!tFFcL(I(KmP|&Ra!m&_e%g${2MR+ea6qn s|CRYaSWRX1{@*VF7^DPJ`KOs!#VS^@idC#)6~7e!2YE|rqyT6E08EA@MgRZ+