From b259c9b349486ed2aae0b03968bae1e87d4f9e58 Mon Sep 17 00:00:00 2001 From: Christian Bell Date: Tue, 14 Feb 2017 16:48:07 -0800 Subject: [PATCH 01/47] First stab at extending the "uid" configmap to store firewall rule information. --- controllers/gce/controller/controller.go | 4 + controllers/gce/controller/controller_test.go | 12 +- controllers/gce/controller/fakes.go | 4 +- controllers/gce/controller/util_test.go | 10 +- controllers/gce/main.go | 113 +++++++++++++----- controllers/gce/storage/configmaps.go | 78 +++++++----- controllers/gce/storage/configmaps_test.go | 46 +++++-- controllers/gce/utils/utils.go | 41 ++++++- 8 files changed, 217 insertions(+), 91 deletions(-) diff --git a/controllers/gce/controller/controller.go b/controllers/gce/controller/controller.go index c4d15e2fd..cb125fbc0 100644 --- a/controllers/gce/controller/controller.go +++ b/controllers/gce/controller/controller.go @@ -46,6 +46,10 @@ var ( // L7 controller created without specifying the --cluster-uid flag. DefaultClusterUID = "" + // DefaultFirewallName is the name to user for firewall rules created + // by an L7 controller when the --fireall-rule is not used. + DefaultFirewallName = "" + // Frequency to poll on local stores to sync. storeSyncPollPeriod = 5 * time.Second ) diff --git a/controllers/gce/controller/controller_test.go b/controllers/gce/controller/controller_test.go index cc58e94b5..f8d905b44 100644 --- a/controllers/gce/controller/controller_test.go +++ b/controllers/gce/controller/controller_test.go @@ -199,7 +199,8 @@ func addIngress(lbc *LoadBalancerController, ing *extensions.Ingress, pm *nodePo } func TestLbCreateDelete(t *testing.T) { - cm := NewFakeClusterManager(DefaultClusterUID) + testFirewallName := "quux" + cm := NewFakeClusterManager(DefaultClusterUID, testFirewallName) lbc := newLoadBalancerController(t, cm, "") inputMap1 := map[string]utils.FakeIngressRuleValueMap{ "foo.example.com": { @@ -240,6 +241,7 @@ func TestLbCreateDelete(t *testing.T) { unexpected := []int{pm.portMap["foo2svc"], pm.portMap["bar2svc"]} expected := []int{pm.portMap["foo1svc"], pm.portMap["bar1svc"]} firewallPorts := sets.NewString() + pm.namer.SetFirewallName(testFirewallName) firewallName := pm.namer.FrName(pm.namer.FrSuffix()) if firewallRule, err := cm.firewallPool.(*firewalls.FirewallRules).GetFirewall(firewallName); err != nil { @@ -290,7 +292,7 @@ func TestLbCreateDelete(t *testing.T) { } func TestLbFaultyUpdate(t *testing.T) { - cm := NewFakeClusterManager(DefaultClusterUID) + cm := NewFakeClusterManager(DefaultClusterUID, DefaultFirewallName) lbc := newLoadBalancerController(t, cm, "") inputMap := map[string]utils.FakeIngressRuleValueMap{ "foo.example.com": { @@ -327,7 +329,7 @@ func TestLbFaultyUpdate(t *testing.T) { } func TestLbDefaulting(t *testing.T) { - cm := NewFakeClusterManager(DefaultClusterUID) + cm := NewFakeClusterManager(DefaultClusterUID, DefaultFirewallName) lbc := newLoadBalancerController(t, cm, "") // Make sure the controller plugs in the default values accepted by GCE. ing := newIngress(map[string]utils.FakeIngressRuleValueMap{"": {"": "foo1svc"}}) @@ -345,7 +347,7 @@ func TestLbDefaulting(t *testing.T) { } func TestLbNoService(t *testing.T) { - cm := NewFakeClusterManager(DefaultClusterUID) + cm := NewFakeClusterManager(DefaultClusterUID, DefaultFirewallName) lbc := newLoadBalancerController(t, cm, "") inputMap := map[string]utils.FakeIngressRuleValueMap{ "foo.example.com": { @@ -389,7 +391,7 @@ func TestLbNoService(t *testing.T) { } func TestLbChangeStaticIP(t *testing.T) { - cm := NewFakeClusterManager(DefaultClusterUID) + cm := NewFakeClusterManager(DefaultClusterUID, DefaultFirewallName) lbc := newLoadBalancerController(t, cm, "") inputMap := map[string]utils.FakeIngressRuleValueMap{ "foo.example.com": { diff --git a/controllers/gce/controller/fakes.go b/controllers/gce/controller/fakes.go index ae97f0d9c..52927bd99 100644 --- a/controllers/gce/controller/fakes.go +++ b/controllers/gce/controller/fakes.go @@ -44,12 +44,12 @@ type fakeClusterManager struct { } // NewFakeClusterManager creates a new fake ClusterManager. -func NewFakeClusterManager(clusterName string) *fakeClusterManager { +func NewFakeClusterManager(clusterName, firewallName string) *fakeClusterManager { fakeLbs := loadbalancers.NewFakeLoadBalancers(clusterName) fakeBackends := backends.NewFakeBackendServices(func(op int, be *compute.BackendService) error { return nil }) fakeIGs := instances.NewFakeInstanceGroups(sets.NewString()) fakeHCs := healthchecks.NewFakeHealthChecks() - namer := utils.NewNamer(clusterName) + namer := utils.NewNamerWithFirewall(clusterName, firewallName) nodePool := instances.NewNodePool(fakeIGs) nodePool.Init(&instances.FakeZoneLister{Zones: []string{"zone-a"}}) diff --git a/controllers/gce/controller/util_test.go b/controllers/gce/controller/util_test.go index a3bbbe120..38f969c63 100644 --- a/controllers/gce/controller/util_test.go +++ b/controllers/gce/controller/util_test.go @@ -32,7 +32,7 @@ import ( var firstPodCreationTime = time.Date(2006, 01, 02, 15, 04, 05, 0, time.UTC) func TestZoneListing(t *testing.T) { - cm := NewFakeClusterManager(DefaultClusterUID) + cm := NewFakeClusterManager(DefaultClusterUID, DefaultFirewallName) lbc := newLoadBalancerController(t, cm, "") zoneToNode := map[string][]string{ "zone-1": {"n1"}, @@ -57,7 +57,7 @@ func TestZoneListing(t *testing.T) { } func TestInstancesAddedToZones(t *testing.T) { - cm := NewFakeClusterManager(DefaultClusterUID) + cm := NewFakeClusterManager(DefaultClusterUID, DefaultFirewallName) lbc := newLoadBalancerController(t, cm, "") zoneToNode := map[string][]string{ "zone-1": {"n1", "n2"}, @@ -92,7 +92,7 @@ func TestInstancesAddedToZones(t *testing.T) { } func TestProbeGetter(t *testing.T) { - cm := NewFakeClusterManager(DefaultClusterUID) + cm := NewFakeClusterManager(DefaultClusterUID, DefaultFirewallName) lbc := newLoadBalancerController(t, cm, "") nodePortToHealthCheck := map[int64]string{ 3001: "/healthz", @@ -110,7 +110,7 @@ func TestProbeGetter(t *testing.T) { } func TestProbeGetterNamedPort(t *testing.T) { - cm := NewFakeClusterManager(DefaultClusterUID) + cm := NewFakeClusterManager(DefaultClusterUID, DefaultFirewallName) lbc := newLoadBalancerController(t, cm, "") nodePortToHealthCheck := map[int64]string{ 3001: "/healthz", @@ -133,7 +133,7 @@ func TestProbeGetterNamedPort(t *testing.T) { } func TestProbeGetterCrossNamespace(t *testing.T) { - cm := NewFakeClusterManager(DefaultClusterUID) + cm := NewFakeClusterManager(DefaultClusterUID, DefaultFirewallName) lbc := newLoadBalancerController(t, cm, "") firstPod := &api.Pod{ diff --git a/controllers/gce/main.go b/controllers/gce/main.go index db2eebfff..ac9bd457d 100644 --- a/controllers/gce/main.go +++ b/controllers/gce/main.go @@ -215,7 +215,7 @@ func main() { if *inCluster || *useRealCloud { // Create cluster manager - namer, err := newNamer(kubeClient, *clusterName) + namer, err := newNamer(kubeClient, *clusterName, controller.DefaultFirewallName) if err != nil { glog.Fatalf("%v", err) } @@ -225,7 +225,7 @@ func main() { } } else { // Create fake cluster manager - clusterManager = controller.NewFakeClusterManager(*clusterName).ClusterManager + clusterManager = controller.NewFakeClusterManager(*clusterName, controller.DefaultFirewallName).ClusterManager } // Start loadbalancer controller @@ -247,32 +247,95 @@ func main() { } } -func newNamer(kubeClient client.Interface, clusterName string) (*utils.Namer, error) { +func newNamer(kubeClient client.Interface, clusterName string, fwName string) (*utils.Namer, error) { name, err := getClusterUID(kubeClient, clusterName) if err != nil { return nil, err } + fw_name, err := getFirewallName(kubeClient, fwName, name) + if err != nil { + return nil, err + } - namer := utils.NewNamer(name) - vault := storage.NewConfigMapVault(kubeClient, api.NamespaceSystem, uidConfigMapName) + namer := utils.NewNamerWithFirewall(name, fw_name) + uidVault := storage.NewConfigMapVault(kubeClient, api.NamespaceSystem, uidConfigMapName) // Start a goroutine to poll the cluster UID config map // We don't watch because we know exactly which configmap we want and this // controller already watches 5 other resources, so it isn't worth the cost // of another connection and complexity. go wait.Forever(func() { - uid, found, err := vault.Get() - existing := namer.GetClusterName() - if found && uid != existing { - glog.Infof("Cluster uid changed from %v -> %v", existing, uid) - namer.SetClusterName(uid) - } else if err != nil { - glog.Errorf("Failed to reconcile cluster uid %v, currently set to %v", err, existing) + for _, key := range [...]string{storage.UidDataKey, storage.ProviderDataKey} { + val, found, err := uidVault.Get(key) + if err != nil { + glog.Errorf("Can't read uidConfigMap %v", uidConfigMapName) + } else if !found { + glog.Errorf("Can't read %v from uidConfigMap %v", key, uidConfigMapName) + continue + } + + switch key { + case storage.UidDataKey: + if uid := namer.GetClusterName(); uid != val { + glog.Infof("Cluster uid changed from %v -> %v", uid, val) + namer.SetClusterName(val) + } + case storage.ProviderDataKey: + if fw_name := namer.GetFirewallName(); fw_name != val { + glog.Infof("Cluster firewall name changed from %v -> %v", fw_name, val) + namer.SetFirewallName(val) + } + } } }, 5*time.Second) return namer, nil } +// getFlagOrLookupVault returns the name to use associated to a flag and configmap. +// The returned value follows this priority: +// If the provided 'name' is not empty, that name is used. +// This is effectively a client override via a command line flag. +// else, check configmap under 'configmap_name' as a key and if found, use the associated value +// else, return an empty 'name' and pass along an error iff the configmap lookup is erroneous. +func getFlagOrLookupVault(cfgVault *storage.ConfigMapVault, cm_key string, name string) (string, error) { + if name != "" { + glog.Infof("Using user provided %v %v", cm_key, name) + // Don't save the uid in the vault, so users can rollback through + // setting the accompany flag to "" + return name, nil + } + val, found, err := cfgVault.Get(cm_key) + if found { + glog.Infof("Using %v = %q saved in ConfigMap", cm_key, val) + return val, nil + } else if err != nil { + // This can fail because of: + // 1. No such config map - found=false, err=nil + // 2. No such key in config map - found=false, err=nil + // 3. Apiserver flake - found=false, err!=nil + // It is not safe to proceed in 3. + return "", fmt.Errorf("Failed to retrieve %v: %v, using %q as name", cm_key, err, name) + } + // Not found but safe to proceed. + return "", nil +} + +// getFirewallName returns the firewall rule name to use for this cluster. For +// backwards compatibility, the firewall name will default to the cluster UID. +// Use getFlagOrLookupVault to obtain a stored or overridden value for the firewall name. +// else, use the cluster UID as a backup (this retains backwards compatibility). +func getFirewallName(kubeClient client.Interface, name string, cluster_uid string) (string, error) { + cfgVault := storage.NewConfigMapVault(kubeClient, api.NamespaceSystem, uidConfigMapName) + if fw_name, err := getFlagOrLookupVault(cfgVault, storage.ProviderDataKey, name); err != nil { + return "", err + } else if fw_name != "" { + return fw_name, cfgVault.Put(storage.ProviderDataKey, fw_name) + } else { + glog.Infof("Using cluster UID %v as firewall name", cluster_uid) + return cluster_uid, cfgVault.Put(storage.ProviderDataKey, cluster_uid) + } +} + // getClusterUID returns the cluster UID. Rules for UID generation: // If the user specifies a --cluster-uid param it overwrites everything // else, check UID config map for a previously recorded uid @@ -281,26 +344,12 @@ func newNamer(kubeClient client.Interface, clusterName string) (*utils.Namer, er // else, allocate a new uid func getClusterUID(kubeClient client.Interface, name string) (string, error) { cfgVault := storage.NewConfigMapVault(kubeClient, api.NamespaceSystem, uidConfigMapName) - if name != "" { - glog.Infof("Using user provided cluster uid %v", name) - // Don't save the uid in the vault, so users can rollback through - // --cluster-uid="" + if name, err := getFlagOrLookupVault(cfgVault, storage.UidDataKey, name); err != nil { + return "", err + } else if name != "" { return name, nil } - existingUID, found, err := cfgVault.Get() - if found { - glog.Infof("Using saved cluster uid %q", existingUID) - return existingUID, nil - } else if err != nil { - // This can fail because of: - // 1. No such config map - found=false, err=nil - // 2. No such key in config map - found=false, err=nil - // 3. Apiserver flake - found=false, err!=nil - // It is not safe to proceed in 3. - return "", fmt.Errorf("Failed to retrieve current uid: %v, using %q as name", err, name) - } - // Check if the cluster has an Ingress with ip ings, err := kubeClient.Extensions().Ingresses(api.NamespaceAll).List(api.ListOptions{LabelSelector: labels.Everything()}) if err != nil { @@ -311,10 +360,10 @@ func getClusterUID(kubeClient client.Interface, name string) (string, error) { if len(ing.Status.LoadBalancer.Ingress) != 0 { c := namer.ParseName(loadbalancers.GCEResourceName(ing.Annotations, "forwarding-rule")) if c.ClusterName != "" { - return c.ClusterName, cfgVault.Put(c.ClusterName) + return c.ClusterName, cfgVault.Put(storage.UidDataKey, c.ClusterName) } glog.Infof("Found a working Ingress, assuming uid is empty string") - return "", cfgVault.Put("") + return "", cfgVault.Put(storage.UidDataKey, "") } } @@ -329,7 +378,7 @@ func getClusterUID(kubeClient client.Interface, name string) (string, error) { return "", err } uid := fmt.Sprintf("%x", b) - return uid, cfgVault.Put(uid) + return uid, cfgVault.Put(storage.UidDataKey, uid) } // getNodePort waits for the Service, and returns it's first node port. diff --git a/controllers/gce/storage/configmaps.go b/controllers/gce/storage/configmaps.go index cfed347fc..7b4f1a42f 100644 --- a/controllers/gce/storage/configmaps.go +++ b/controllers/gce/storage/configmaps.go @@ -19,6 +19,7 @@ package storage import ( "fmt" "strings" + "sync" "github.com/golang/glog" "k8s.io/kubernetes/pkg/api" @@ -27,73 +28,86 @@ import ( client "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset" ) -// UIDVault stores UIDs. -type UIDVault interface { - Get() (string, bool, error) - Put(string) error - Delete() error -} - -// uidDataKey is the key used in config maps to store the UID. -const uidDataKey = "uid" +const ( + // UidDataKey is the key used in config maps to store the UID. + UidDataKey = "uid" + // ProviderDataKey is the key used in config maps to store the Provider + // UID which we use to ensure unique firewalls. + ProviderDataKey = "providerUid" +) // ConfigMapVault stores cluster UIDs in config maps. // It's a layer on top of ConfigMapStore that just implements the utils.uidVault // interface. type ConfigMapVault struct { + storeLock sync.Mutex ConfigMapStore cache.Store namespace string name string } -// Get retrieves the cluster UID from the cluster config map. +// Get retrieves the value associated to the provided 'key' from the cluster config map. // If this method returns an error, it's guaranteed to be apiserver flake. // If the error is a not found error it sets the boolean to false and // returns and error of nil instead. -func (c *ConfigMapVault) Get() (string, bool, error) { - key := fmt.Sprintf("%v/%v", c.namespace, c.name) - item, found, err := c.ConfigMapStore.GetByKey(key) +func (c *ConfigMapVault) Get(key string) (string, bool, error) { + keyStore := fmt.Sprintf("%v/%v", c.namespace, c.name) + item, found, err := c.ConfigMapStore.GetByKey(keyStore) if err != nil || !found { return "", false, err } - cfg := item.(*api.ConfigMap) - if k, ok := cfg.Data[uidDataKey]; ok { + data := item.(*api.ConfigMap).Data + c.storeLock.Lock() + defer c.storeLock.Unlock() + if k, ok := data[key]; ok { return k, true, nil } - return "", false, fmt.Errorf("Found config map %v but it doesn't contain uid key: %+v", key, cfg.Data) + glog.Infof("Found config map %v but it doesn't contain key %v: %+v", keyStore, key, data) + return "", false, nil } -// Put stores the given UID in the cluster config map. -func (c *ConfigMapVault) Put(uid string) error { +// Put inserts a key/value pair in the cluster config map. +// If the key already exists, the value provided is stored. +func (c *ConfigMapVault) Put(key, val string) error { + c.storeLock.Lock() + defer c.storeLock.Unlock() apiObj := &api.ConfigMap{ ObjectMeta: api.ObjectMeta{ Name: c.name, Namespace: c.namespace, }, - Data: map[string]string{uidDataKey: uid}, } cfgMapKey := fmt.Sprintf("%v/%v", c.namespace, c.name) item, exists, err := c.ConfigMapStore.GetByKey(cfgMapKey) if err == nil && exists { data := item.(*api.ConfigMap).Data - if k, ok := data[uidDataKey]; ok && k == uid { + existingVal, ok := data[key] + if ok && existingVal == val { + // duplicate, no need to update. return nil - } else if ok { - glog.Infof("Configmap %v has key %v but wrong value %v, updating", cfgMapKey, k, uid) } - + data[key] = val + apiObj.Data = data + if existingVal != val { + glog.Infof("Configmap %v has key %v but wrong value %v, updating to %v", cfgMapKey, key, existingVal, val) + } else { + glog.Infof("Configmap %v will be updated with %v = %v", cfgMapKey, key, val) + } if err := c.ConfigMapStore.Update(apiObj); err != nil { return fmt.Errorf("Failed to update %v: %v", cfgMapKey, err) } - } else if err := c.ConfigMapStore.Add(apiObj); err != nil { - return fmt.Errorf("Failed to add %v: %v", cfgMapKey, err) + } else { + apiObj.Data = map[string]string{key: val} + if err := c.ConfigMapStore.Add(apiObj); err != nil { + return fmt.Errorf("Failed to add %v: %v", cfgMapKey, err) + } } - glog.Infof("Successfully stored uid %q in config map %v", uid, cfgMapKey) + glog.Infof("Successfully stored key %v = %v in config map %v", key, val, cfgMapKey) return nil } -// Delete deletes the cluster UID storing config map. +// Delete deletes the ConfigMapStore. func (c *ConfigMapVault) Delete() error { cfgMapKey := fmt.Sprintf("%v/%v", c.namespace, c.name) item, _, err := c.ConfigMapStore.GetByKey(cfgMapKey) @@ -108,13 +122,19 @@ func (c *ConfigMapVault) Delete() error { // This client is essentially meant to abstract out the details of // configmaps and the API, and just store/retrieve a single value, the cluster uid. func NewConfigMapVault(c client.Interface, uidNs, uidConfigMapName string) *ConfigMapVault { - return &ConfigMapVault{NewConfigMapStore(c), uidNs, uidConfigMapName} + return &ConfigMapVault{ + ConfigMapStore: NewConfigMapStore(c), + namespace: uidNs, + name: uidConfigMapName} } // NewFakeConfigMapVault is an implementation of the ConfigMapStore that doesn't // persist configmaps. Only used in testing. func NewFakeConfigMapVault(ns, name string) *ConfigMapVault { - return &ConfigMapVault{cache.NewStore(cache.MetaNamespaceKeyFunc), ns, name} + return &ConfigMapVault{ + ConfigMapStore: cache.NewStore(cache.MetaNamespaceKeyFunc), + namespace: ns, + name: name} } // ConfigMapStore wraps the store interface. Implementations usually persist diff --git a/controllers/gce/storage/configmaps_test.go b/controllers/gce/storage/configmaps_test.go index 3b8404b89..8d25d6671 100644 --- a/controllers/gce/storage/configmaps_test.go +++ b/controllers/gce/storage/configmaps_test.go @@ -24,31 +24,51 @@ import ( func TestConfigMapUID(t *testing.T) { vault := NewFakeConfigMapVault(api.NamespaceSystem, "ingress-uid") - uid := "" - k, exists, err := vault.Get() + // Get value from an empty vault. + val, exists, err := vault.Get(UidDataKey) if exists { - t.Errorf("Got a key from an empyt vault") + t.Errorf("Got value from an empty vault") } - vault.Put(uid) - k, exists, err = vault.Get() + + // Store empty value for UidDataKey. + uid := "" + vault.Put(UidDataKey, uid) + val, exists, err = vault.Get(UidDataKey) if !exists || err != nil { - t.Errorf("Failed to retrieve value from vault") + t.Errorf("Failed to retrieve value from vault: %v", err) } - if k != "" { + if val != "" { t.Errorf("Failed to store empty string as a key in the vault") } - vault.Put("newuid") - k, exists, err = vault.Get() + + // Store actual value in key. + storedVal := "newuid" + vault.Put(UidDataKey, storedVal) + val, exists, err = vault.Get(UidDataKey) if !exists || err != nil { t.Errorf("Failed to retrieve value from vault") + } else if val != storedVal { + t.Errorf("Failed to store empty string as a key in the vault") } - if k != "newuid" { - t.Errorf("Failed to modify uid") + + // Store second value which will have the affect of updating to Store + // rather than adding. + secondVal := "bar" + vault.Put("foo", secondVal) + val, exists, err = vault.Get("foo") + if !exists || err != nil || val != secondVal { + t.Errorf("Failed to retrieve second value from vault") } + val, exists, err = vault.Get(UidDataKey) + if !exists || err != nil || val != storedVal { + t.Errorf("Failed to retrieve first value from vault") + } + + // Delete value. if err := vault.Delete(); err != nil { t.Errorf("Failed to delete uid %v", err) } - if uid, exists, _ := vault.Get(); exists { - t.Errorf("Found uid %v, expected none", uid) + if _, exists, _ := vault.Get(UidDataKey); exists { + t.Errorf("Found uid but expected none after deletion") } } diff --git a/controllers/gce/utils/utils.go b/controllers/gce/utils/utils.go index 33525ffa3..63caccdb3 100644 --- a/controllers/gce/utils/utils.go +++ b/controllers/gce/utils/utils.go @@ -92,8 +92,9 @@ const ( // Namer handles centralized naming for the cluster. type Namer struct { - clusterName string - nameLock sync.Mutex + clusterName string + firewallName string + nameLock sync.Mutex } // NewNamer creates a new namer. @@ -103,6 +104,14 @@ func NewNamer(clusterName string) *Namer { return namer } +// NewNamer creates a new namer with a Firewall Name +func NewNamerWithFirewall(clusterName string, firewallName string) *Namer { + namer := &Namer{} + namer.SetClusterName(clusterName) + namer.SetFirewallName(firewallName) + return namer +} + // NameComponents is a struct representing the components of a a GCE resource // name constructed by the namer. The format of such a name is: // k8s-resource---uid @@ -123,6 +132,16 @@ func (n *Namer) SetClusterName(name string) { n.clusterName = name } +// SetFirewallName sets the firewall name of this cluster. +func (n *Namer) SetFirewallName(firewall_name string) { + n.nameLock.Lock() + defer n.nameLock.Unlock() + if n.firewallName != firewall_name { + glog.Infof("Changing firewall name from %v to %v", n.firewallName, firewall_name) + n.firewallName = firewall_name + } +} + // GetClusterName returns the UID/name of this cluster. func (n *Namer) GetClusterName() string { n.nameLock.Lock() @@ -130,6 +149,18 @@ func (n *Namer) GetClusterName() string { return n.clusterName } +// GetFirewallName returns the firewall name of this cluster. +func (n *Namer) GetFirewallName() string { + n.nameLock.Lock() + defer n.nameLock.Unlock() + // Retain backwards compatible behavior where firewallName == clusterName. + if n.firewallName == "" { + return n.clusterName + } else { + return n.firewallName + } +} + // Truncate truncates the given key to a GCE length limit. func (n *Namer) Truncate(key string) string { if len(key) > nameLenLimit { @@ -216,12 +247,12 @@ func (n *Namer) IGName() string { // FrSuffix constructs the glbc specific suffix for the FirewallRule. func (n *Namer) FrSuffix() string { - clusterName := n.GetClusterName() + firewallName := n.GetFirewallName() // The entire cluster only needs a single firewall rule. - if clusterName == "" { + if firewallName == "" { return globalFirewallSuffix } - return n.Truncate(fmt.Sprintf("%v%v%v", globalFirewallSuffix, clusterNameDelimiter, clusterName)) + return n.Truncate(fmt.Sprintf("%v%v%v", globalFirewallSuffix, clusterNameDelimiter, firewallName)) } // FrName constructs the full firewall rule name, this is the name assigned by From 90fdea751bceee672db6dcb93c8578c40542277a Mon Sep 17 00:00:00 2001 From: Giancarlo Rubio Date: Wed, 1 Mar 2017 14:16:33 +0100 Subject: [PATCH 02/47] Disable listen only on ipv6 and fix proxy_protocol - Always listen on ipv4 address for port 443 - Rollback previous PR #227 that broke the proxy_protocol when passthroughBackends is disabled --- controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 4684a497c..881e7bf5f 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -211,8 +211,8 @@ http { server_name {{ $server.Hostname }}; listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $index 0 }} ipv6only=off{{end}}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}}; {{/* Listen on 442 because port 443 is used in the stream section */}} - {{/* This listen cannot contains proxy_protocol directive because port 443 is in charge of decoding the protocol */}} - {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}[::]:443 {{ end }}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }}; + {{/* This listen on port 442 cannot contains proxy_protocol directive because port 443 is in charge of decoding the protocol */}} + {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}[::]:443 {{ if $cfg.UseProxyProtocol }} proxy_protocol {{ end }}{{ end }} {{ if eq $index 0 }} ipv6only=off{{end}} {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }}; {{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}} # PEM sha: {{ $server.SSLPemChecksum }} ssl_certificate {{ $server.SSLCertificate }}; From 2ddba72baa451abffd036de4306a91062e82a146 Mon Sep 17 00:00:00 2001 From: Giancarlo Rubio Date: Thu, 2 Mar 2017 16:50:31 +0100 Subject: [PATCH 03/47] Fix ingress class --- controllers/nginx/pkg/cmd/controller/nginx.go | 14 +++++-- core/pkg/ingress/controller/controller.go | 15 ++++---- core/pkg/ingress/controller/launch.go | 1 + core/pkg/ingress/controller/util.go | 18 ++++++--- core/pkg/ingress/controller/util_test.go | 38 ++++++++++++++++--- core/pkg/ingress/types.go | 2 + 6 files changed, 65 insertions(+), 23 deletions(-) diff --git a/controllers/nginx/pkg/cmd/controller/nginx.go b/controllers/nginx/pkg/cmd/controller/nginx.go index 458f9f6c3..35ebe1823 100644 --- a/controllers/nginx/pkg/cmd/controller/nginx.go +++ b/controllers/nginx/pkg/cmd/controller/nginx.go @@ -48,9 +48,10 @@ const ( ) var ( - tmplPath = "/etc/nginx/template/nginx.tmpl" - cfgPath = "/etc/nginx/nginx.conf" - binary = "/usr/sbin/nginx" + tmplPath = "/etc/nginx/template/nginx.tmpl" + cfgPath = "/etc/nginx/nginx.conf" + binary = "/usr/sbin/nginx" + defIngressClass = "nginx" ) // newNGINXController creates a new NGINX Ingress controller. @@ -256,7 +257,12 @@ func (n NGINXController) Info() *ingress.BackendInfo { // OverrideFlags customize NGINX controller flags func (n NGINXController) OverrideFlags(flags *pflag.FlagSet) { - flags.Set("ingress-class", "nginx") + flags.Set("ingress-class", defIngressClass) +} + +// DefaultIngressClass just return the default ingress class +func (n NGINXController) DefaultIngressClass() string { + return defIngressClass } // testTemplate checks if the NGINX configuration inside the byte array is valid diff --git a/core/pkg/ingress/controller/controller.go b/core/pkg/ingress/controller/controller.go index b0ec1b9fa..04d69e305 100644 --- a/core/pkg/ingress/controller/controller.go +++ b/core/pkg/ingress/controller/controller.go @@ -127,6 +127,7 @@ type Configuration struct { UDPConfigMapName string DefaultSSLCertificate string DefaultHealthzURL string + DefaultIngressClass string // optional PublishService string // Backend is the particular implementation to be used. @@ -166,7 +167,7 @@ func newIngressController(config *Configuration) *GenericController { ingEventHandler := cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { addIng := obj.(*extensions.Ingress) - if !IsValidClass(addIng, config.IngressClass) { + if !IsValidClass(addIng, config) { glog.Infof("ignoring add for ingress %v based on annotation %v", addIng.Name, ingressClassKey) return } @@ -175,7 +176,7 @@ func newIngressController(config *Configuration) *GenericController { }, DeleteFunc: func(obj interface{}) { delIng := obj.(*extensions.Ingress) - if !IsValidClass(delIng, config.IngressClass) { + if !IsValidClass(delIng, config) { glog.Infof("ignoring delete for ingress %v based on annotation %v", delIng.Name, ingressClassKey) return } @@ -185,7 +186,7 @@ func newIngressController(config *Configuration) *GenericController { UpdateFunc: func(old, cur interface{}) { oldIng := old.(*extensions.Ingress) curIng := cur.(*extensions.Ingress) - if !IsValidClass(curIng, config.IngressClass) && !IsValidClass(oldIng, config.IngressClass) { + if !IsValidClass(curIng, config) && !IsValidClass(oldIng, config) { return } @@ -588,7 +589,7 @@ func (ic *GenericController) getBackendServers() ([]*ingress.Backend, []*ingress for _, ingIf := range ings { ing := ingIf.(*extensions.Ingress) - if !IsValidClass(ing, ic.cfg.IngressClass) { + if !IsValidClass(ing, ic.cfg) { continue } @@ -711,7 +712,7 @@ func (ic *GenericController) createUpstreams(data []interface{}) map[string]*ing for _, ingIf := range data { ing := ingIf.(*extensions.Ingress) - if !IsValidClass(ing, ic.cfg.IngressClass) { + if !IsValidClass(ing, ic.cfg) { continue } @@ -872,7 +873,7 @@ func (ic *GenericController) createServers(data []interface{}, // initialize all the servers for _, ingIf := range data { ing := ingIf.(*extensions.Ingress) - if !IsValidClass(ing, ic.cfg.IngressClass) { + if !IsValidClass(ing, ic.cfg) { continue } @@ -912,7 +913,7 @@ func (ic *GenericController) createServers(data []interface{}, // configure default location and SSL for _, ingIf := range data { ing := ingIf.(*extensions.Ingress) - if !IsValidClass(ing, ic.cfg.IngressClass) { + if !IsValidClass(ing, ic.cfg) { continue } diff --git a/core/pkg/ingress/controller/launch.go b/core/pkg/ingress/controller/launch.go index 216682bdd..18d3ab378 100644 --- a/core/pkg/ingress/controller/launch.go +++ b/core/pkg/ingress/controller/launch.go @@ -144,6 +144,7 @@ func NewIngressController(backend ingress.Controller) *GenericController { ResyncPeriod: *resyncPeriod, DefaultService: *defaultSvc, IngressClass: *ingressClass, + DefaultIngressClass: backend.DefaultIngressClass(), Namespace: *watchNamespace, ConfigMapName: *configMap, TCPConfigMapName: *tcpConfigMapName, diff --git a/core/pkg/ingress/controller/util.go b/core/pkg/ingress/controller/util.go index 7ff154d8f..99f92eac0 100644 --- a/core/pkg/ingress/controller/util.go +++ b/core/pkg/ingress/controller/util.go @@ -88,20 +88,26 @@ func matchHostnames(pattern, host string) bool { // IsValidClass returns true if the given Ingress either doesn't specify // the ingress.class annotation, or it's set to the configured in the // ingress controller. -func IsValidClass(ing *extensions.Ingress, class string) bool { - if class == "" { - return true - } +func IsValidClass(ing *extensions.Ingress, config *Configuration) bool { + currentIngClass := config.IngressClass cc, err := parser.GetStringAnnotation(ingressClassKey, ing) if err != nil && !errors.IsMissingAnnotations(err) { glog.Warningf("unexpected error reading ingress annotation: %v", err) } - if cc == "" { + + // we have 2 valid combinations + // 1 - ingress with default class | blank annotation on ingress + // 2 - ingress with specific class | same annotation on ingress + // + // and 2 invalid combinations + // 3 - ingress with default class | fixed annotation on ingress + // 4 - ingress with specific class | different annotation on ingress + if (cc == "" && currentIngClass == "") || (currentIngClass == config.DefaultIngressClass) { return true } - return cc == class + return cc == currentIngClass } func mergeLocationAnnotations(loc *ingress.Location, anns map[string]interface{}) { diff --git a/core/pkg/ingress/controller/util_test.go b/core/pkg/ingress/controller/util_test.go index 96d46000d..f52558cc6 100644 --- a/core/pkg/ingress/controller/util_test.go +++ b/core/pkg/ingress/controller/util_test.go @@ -39,6 +39,13 @@ func (fe *fakeError) Error() string { return "fakeError" } +// just 2 combinations are valid +// 1 - ingress with default class (or no args) | blank annotation on ingress | valid +// 2 - ingress with specified class | same annotation on ingress | valid +// +// this combinations are invalid +// 3 - ingress with default class (or no args) | fixed annotation on ingress | invalid +// 4 - ingress with specified class | different annotation on ingress | invalid func TestIsValidClass(t *testing.T) { ing := &extensions.Ingress{ ObjectMeta: api.ObjectMeta{ @@ -47,27 +54,46 @@ func TestIsValidClass(t *testing.T) { }, } - b := IsValidClass(ing, "") + config := &Configuration{DefaultIngressClass: "nginx", IngressClass: ""} + b := IsValidClass(ing, config) if !b { t.Error("Expected a valid class (missing annotation)") } + config.IngressClass = "custom" + b = IsValidClass(ing, config) + if b { + t.Error("Expected a invalid class (missing annotation)") + } + data := map[string]string{} data[ingressClassKey] = "custom" ing.SetAnnotations(data) - - b = IsValidClass(ing, "custom") + b = IsValidClass(ing, config) if !b { t.Errorf("Expected valid class but %v returned", b) } - b = IsValidClass(ing, "nginx") + + config.IngressClass = "killer" + b = IsValidClass(ing, config) if b { t.Errorf("Expected invalid class but %v returned", b) } - b = IsValidClass(ing, "") - if !b { + + data[ingressClassKey] = "" + ing.SetAnnotations(data) + config.IngressClass = "killer" + b = IsValidClass(ing, config) + if b { t.Errorf("Expected invalid class but %v returned", b) } + + config.IngressClass = "" + b = IsValidClass(ing, config) + if !b { + t.Errorf("Expected valid class but %v returned", b) + } + } func TestIsHostValid(t *testing.T) { diff --git a/core/pkg/ingress/types.go b/core/pkg/ingress/types.go index 82ddcf0d3..8121abe4d 100644 --- a/core/pkg/ingress/types.go +++ b/core/pkg/ingress/types.go @@ -96,6 +96,8 @@ type Controller interface { Info() *BackendInfo // OverrideFlags allow the customization of the flags in the backend OverrideFlags(*pflag.FlagSet) + // DefaultIngressClass just return the default ingress class + DefaultIngressClass() string } // StoreLister returns the configured stores for ingresses, services, From 68097e96dcacdc692d7886934fc69c540eef57b8 Mon Sep 17 00:00:00 2001 From: Christian Bell Date: Mon, 27 Feb 2017 16:08:42 -0800 Subject: [PATCH 04/47] Better logging and address review comments --- controllers/gce/controller/fakes.go | 2 +- .../gce/loadbalancers/loadbalancers_test.go | 5 +- controllers/gce/main.go | 67 ++++++++++--------- controllers/gce/storage/configmaps.go | 2 +- controllers/gce/utils/utils.go | 11 +-- 5 files changed, 43 insertions(+), 44 deletions(-) diff --git a/controllers/gce/controller/fakes.go b/controllers/gce/controller/fakes.go index 52927bd99..a4870593c 100644 --- a/controllers/gce/controller/fakes.go +++ b/controllers/gce/controller/fakes.go @@ -49,7 +49,7 @@ func NewFakeClusterManager(clusterName, firewallName string) *fakeClusterManager fakeBackends := backends.NewFakeBackendServices(func(op int, be *compute.BackendService) error { return nil }) fakeIGs := instances.NewFakeInstanceGroups(sets.NewString()) fakeHCs := healthchecks.NewFakeHealthChecks() - namer := utils.NewNamerWithFirewall(clusterName, firewallName) + namer := utils.NewNamer(clusterName, firewallName) nodePool := instances.NewNodePool(fakeIGs) nodePool.Init(&instances.FakeZoneLister{Zones: []string{"zone-a"}}) diff --git a/controllers/gce/loadbalancers/loadbalancers_test.go b/controllers/gce/loadbalancers/loadbalancers_test.go index f1373a933..581f7010a 100644 --- a/controllers/gce/loadbalancers/loadbalancers_test.go +++ b/controllers/gce/loadbalancers/loadbalancers_test.go @@ -236,7 +236,8 @@ func TestUpdateUrlMapNoChanges(t *testing.T) { func TestNameParsing(t *testing.T) { clusterName := "123" - namer := utils.NewNamer(clusterName) + firewallName := clusterName + namer := utils.NewNamer(clusterName, firewallName) fullName := namer.Truncate(fmt.Sprintf("%v-%v", forwardingRulePrefix, namer.LBName("testlb"))) annotationsMap := map[string]string{ fmt.Sprintf("%v/forwarding-rule", utils.K8sAnnotationPrefix): fullName, @@ -308,7 +309,7 @@ func TestClusterNameChange(t *testing.T) { } func TestInvalidClusterNameChange(t *testing.T) { - namer := utils.NewNamer("test--123") + namer := utils.NewNamer("test--123", "test--123") if got := namer.GetClusterName(); got != "123" { t.Fatalf("Expected name 123, got %v", got) } diff --git a/controllers/gce/main.go b/controllers/gce/main.go index ac9bd457d..d71752ce5 100644 --- a/controllers/gce/main.go +++ b/controllers/gce/main.go @@ -257,7 +257,7 @@ func newNamer(kubeClient client.Interface, clusterName string, fwName string) (* return nil, err } - namer := utils.NewNamerWithFirewall(name, fw_name) + namer := utils.NewNamer(name, fw_name) uidVault := storage.NewConfigMapVault(kubeClient, api.NamespaceSystem, uidConfigMapName) // Start a goroutine to poll the cluster UID config map @@ -270,20 +270,25 @@ func newNamer(kubeClient client.Interface, clusterName string, fwName string) (* if err != nil { glog.Errorf("Can't read uidConfigMap %v", uidConfigMapName) } else if !found { - glog.Errorf("Can't read %v from uidConfigMap %v", key, uidConfigMapName) - continue - } - - switch key { - case storage.UidDataKey: - if uid := namer.GetClusterName(); uid != val { - glog.Infof("Cluster uid changed from %v -> %v", uid, val) - namer.SetClusterName(val) + errmsg := fmt.Sprintf("Can't read %v from uidConfigMap %v", key, uidConfigMapName) + if key == storage.UidDataKey { + glog.Errorf(errmsg) + } else { + glog.V(4).Infof(errmsg) } - case storage.ProviderDataKey: - if fw_name := namer.GetFirewallName(); fw_name != val { - glog.Infof("Cluster firewall name changed from %v -> %v", fw_name, val) - namer.SetFirewallName(val) + } else { + + switch key { + case storage.UidDataKey: + if uid := namer.GetClusterName(); uid != val { + glog.Infof("Cluster uid changed from %v -> %v", uid, val) + namer.SetClusterName(val) + } + case storage.ProviderDataKey: + if fw_name := namer.GetFirewallName(); fw_name != val { + glog.Infof("Cluster firewall name changed from %v -> %v", fw_name, val) + namer.SetFirewallName(val) + } } } } @@ -291,42 +296,42 @@ func newNamer(kubeClient client.Interface, clusterName string, fwName string) (* return namer, nil } -// getFlagOrLookupVault returns the name to use associated to a flag and configmap. +// useDefaultOrLookupVault returns either a 'default_name' or if unset, obtains a name from a ConfigMap. // The returned value follows this priority: -// If the provided 'name' is not empty, that name is used. +// If the provided 'default_name' is not empty, that name is used. // This is effectively a client override via a command line flag. -// else, check configmap under 'configmap_name' as a key and if found, use the associated value +// else, check cfgVault with 'cm_key' as a key and if found, use the associated value // else, return an empty 'name' and pass along an error iff the configmap lookup is erroneous. -func getFlagOrLookupVault(cfgVault *storage.ConfigMapVault, cm_key string, name string) (string, error) { - if name != "" { - glog.Infof("Using user provided %v %v", cm_key, name) +func useDefaultOrLookupVault(cfgVault *storage.ConfigMapVault, cm_key, default_name string) (string, error) { + if default_name != "" { + glog.Infof("Using user provided %v %v", cm_key, default_name) // Don't save the uid in the vault, so users can rollback through // setting the accompany flag to "" - return name, nil + return default_name, nil } val, found, err := cfgVault.Get(cm_key) - if found { - glog.Infof("Using %v = %q saved in ConfigMap", cm_key, val) - return val, nil - } else if err != nil { + if err != nil { // This can fail because of: // 1. No such config map - found=false, err=nil // 2. No such key in config map - found=false, err=nil // 3. Apiserver flake - found=false, err!=nil // It is not safe to proceed in 3. - return "", fmt.Errorf("Failed to retrieve %v: %v, using %q as name", cm_key, err, name) + return "", fmt.Errorf("Failed to retrieve %v: %v, returning empty name", cm_key, err) + } else if !found { + // Not found but safe to proceed. + return "", nil } - // Not found but safe to proceed. - return "", nil + glog.Infof("Using %v = %q saved in ConfigMap", cm_key, val) + return val, nil } // getFirewallName returns the firewall rule name to use for this cluster. For // backwards compatibility, the firewall name will default to the cluster UID. // Use getFlagOrLookupVault to obtain a stored or overridden value for the firewall name. // else, use the cluster UID as a backup (this retains backwards compatibility). -func getFirewallName(kubeClient client.Interface, name string, cluster_uid string) (string, error) { +func getFirewallName(kubeClient client.Interface, name, cluster_uid string) (string, error) { cfgVault := storage.NewConfigMapVault(kubeClient, api.NamespaceSystem, uidConfigMapName) - if fw_name, err := getFlagOrLookupVault(cfgVault, storage.ProviderDataKey, name); err != nil { + if fw_name, err := useDefaultOrLookupVault(cfgVault, storage.ProviderDataKey, name); err != nil { return "", err } else if fw_name != "" { return fw_name, cfgVault.Put(storage.ProviderDataKey, fw_name) @@ -344,7 +349,7 @@ func getFirewallName(kubeClient client.Interface, name string, cluster_uid strin // else, allocate a new uid func getClusterUID(kubeClient client.Interface, name string) (string, error) { cfgVault := storage.NewConfigMapVault(kubeClient, api.NamespaceSystem, uidConfigMapName) - if name, err := getFlagOrLookupVault(cfgVault, storage.UidDataKey, name); err != nil { + if name, err := useDefaultOrLookupVault(cfgVault, storage.UidDataKey, name); err != nil { return "", err } else if name != "" { return name, nil diff --git a/controllers/gce/storage/configmaps.go b/controllers/gce/storage/configmaps.go index 7b4f1a42f..6af08b65d 100644 --- a/controllers/gce/storage/configmaps.go +++ b/controllers/gce/storage/configmaps.go @@ -33,7 +33,7 @@ const ( UidDataKey = "uid" // ProviderDataKey is the key used in config maps to store the Provider // UID which we use to ensure unique firewalls. - ProviderDataKey = "providerUid" + ProviderDataKey = "provider-uid" ) // ConfigMapVault stores cluster UIDs in config maps. diff --git a/controllers/gce/utils/utils.go b/controllers/gce/utils/utils.go index 63caccdb3..9d5dbfad1 100644 --- a/controllers/gce/utils/utils.go +++ b/controllers/gce/utils/utils.go @@ -97,15 +97,8 @@ type Namer struct { nameLock sync.Mutex } -// NewNamer creates a new namer. -func NewNamer(clusterName string) *Namer { - namer := &Namer{} - namer.SetClusterName(clusterName) - return namer -} - -// NewNamer creates a new namer with a Firewall Name -func NewNamerWithFirewall(clusterName string, firewallName string) *Namer { +// NewNamer creates a new namer with a Cluster and Firewall name. +func NewNamer(clusterName, firewallName string) *Namer { namer := &Namer{} namer.SetClusterName(clusterName) namer.SetFirewallName(firewallName) From 336f3cb108a32ffc3a69b45137b08ec5982c89c0 Mon Sep 17 00:00:00 2001 From: Aaron Roydhouse Date: Thu, 2 Mar 2017 16:11:27 -0500 Subject: [PATCH 05/47] Fix error caused by increasing proxy_buffer_size (#363) This fixes the bug raised in #363, by increasing the size of the proxy_buffers (memory allocation) to match the size of the proxy buffer. This leaves the default values (with no ingress setting) unchanged: ``` proxy_buffer_size 4k proxy_buffers 4 4k ``` If 'proxy-buffer-size' is set, then now both the buffer size and the memory allocation size is increased: ``` proxy_buffer_size "{{ $location.Proxy.BufferSize }}"; proxy_buffers 4 "{{ $location.Proxy.BufferSize }}"; ``` I have been using this patch with 0.8.3 and 0.9.0-beta.2. --- controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index ae06cd235..9d29e9a5d 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -331,6 +331,7 @@ http { proxy_redirect off; proxy_buffering off; proxy_buffer_size "{{ $location.Proxy.BufferSize }}"; + proxy_buffers 4 "{{ $location.Proxy.BufferSize }}"; proxy_http_version 1.1; From 248f6ade753387cf26eba47a5cb522ad69e4e4b7 Mon Sep 17 00:00:00 2001 From: caiyixiang Date: Tue, 28 Feb 2017 14:06:50 +0800 Subject: [PATCH 06/47] add judgment --- core/pkg/ingress/controller/launch.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/core/pkg/ingress/controller/launch.go b/core/pkg/ingress/controller/launch.go index 216682bdd..780aaf48f 100644 --- a/core/pkg/ingress/controller/launch.go +++ b/core/pkg/ingress/controller/launch.go @@ -135,7 +135,10 @@ func NewIngressController(backend ingress.Controller) *GenericController { } } - os.MkdirAll(ingress.DefaultSSLDirectory, 0655) + err = os.MkdirAll(ingress.DefaultSSLDirectory, 0655) + if err != nil { + glog.Errorf("Failed to mkdir SSL directory: %v", err) + } config := &Configuration{ UpdateStatus: *updateStatus, From 1a72b3f775988aa388b74183df297d8c27f8290b Mon Sep 17 00:00:00 2001 From: Peter Wilson Date: Fri, 3 Mar 2017 12:44:45 +1100 Subject: [PATCH 07/47] add ForceSSLRedirect ingress annotation --- controllers/nginx/pkg/config/config.go | 1 + .../rootfs/etc/nginx/template/nginx.tmpl | 48 +++++++++---------- core/pkg/ingress/annotations/rewrite/main.go | 20 +++++--- .../ingress/annotations/rewrite/main_test.go | 33 +++++++++++-- core/pkg/ingress/defaults/main.go | 4 ++ 5 files changed, 72 insertions(+), 34 deletions(-) diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go index c23c15867..0a86e1504 100644 --- a/controllers/nginx/pkg/config/config.go +++ b/controllers/nginx/pkg/config/config.go @@ -292,6 +292,7 @@ func NewDefault() Configuration { ProxyCookieDomain: "off", ProxyCookiePath: "off", SSLRedirect: true, + ForceSSLRedirect: false, CustomHTTPErrors: []int{}, WhitelistSourceRange: []string{}, SkipAccessLogURLs: []string{}, diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 9d29e9a5d..3c04b295b 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -14,7 +14,7 @@ worker_rlimit_nofile {{ .MaxOpenFiles }}; events { multi_accept on; worker_connections {{ $cfg.MaxWorkerConnections }}; - use epoll; + use epoll; } http { @@ -26,7 +26,7 @@ http { real_ip_header X-Forwarded-For; set_real_ip_from 0.0.0.0/0; {{ end }} - + real_ip_recursive on; {{/* databases used to determine the country depending on the client IP address */}} @@ -51,7 +51,7 @@ http { aio threads; tcp_nopush on; tcp_nodelay on; - + log_subrequest on; reset_timedout_connection on; @@ -73,7 +73,7 @@ http { gzip_comp_level 5; gzip_http_version 1.1; gzip_min_length 256; - gzip_types {{ $cfg.GzipTypes }}; + gzip_types {{ $cfg.GzipTypes }}; gzip_proxied any; {{ end }} @@ -241,16 +241,16 @@ http { proxy_pass_request_body off; proxy_set_header Content-Length ""; {{ end }} - {{ if not (empty $location.ExternalAuth.Method) }} + {{ if not (empty $location.ExternalAuth.Method) }} proxy_method {{ $location.ExternalAuth.Method }}; {{ end }} - proxy_set_header Host $host; + proxy_set_header Host $host; proxy_pass_request_headers on; set $target {{ $location.ExternalAuth.URL }}; proxy_pass $target; } {{ end }} - + location {{ $path }} { set $proxy_upstream_name "{{ $location.Backend }}"; @@ -260,17 +260,17 @@ http { allow {{ $ip }};{{ end }} deny all; {{ end }} - + port_in_redirect {{ if $location.UsePortInRedirects }}on{{ else }}off{{ end }}; {{ if not (empty $authPath) }} # this location requires authentication auth_request {{ $authPath }}; {{ end }} - - {{ if (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect) }} + + {{ if (or $location.Redirect.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect)) }} # enforce ssl on server side - if ($scheme = http) { + if ($pass_access_scheme = http) { return 301 https://$host$request_uri; } {{ end }} @@ -278,7 +278,7 @@ http { {{ $limits := buildRateLimit $location }} {{ range $limit := $limits }} {{ $limit }}{{ end }} - + {{ if $location.BasicDigestAuth.Secured }} {{ if eq $location.BasicDigestAuth.Type "basic" }} auth_basic "{{ $location.BasicDigestAuth.Realm }}"; @@ -289,7 +289,7 @@ http { {{ end }} proxy_set_header Authorization ""; {{ end }} - + {{ if $location.EnableCORS }} {{ template "CORS" }} {{ end }} @@ -353,7 +353,7 @@ http { {{ end }} } {{ end }} - + {{ if eq $server.Hostname "_" }} # health checks in cloud providers require the use of port 80 location {{ $healthzURI }} { @@ -375,9 +375,9 @@ http { {{ template "CUSTOM_ERRORS" $cfg }} } - + {{ end }} - + # default server, used for NGINX healthcheck and access to nginx stats server { # Use the port 18080 (random value just to avoid known ports) as default port for nginx. @@ -389,7 +389,7 @@ http { access_log off; return 200; } - + location /nginx_status { {{ if $cfg.EnableVtsStatus }} vhost_traffic_status_display; @@ -443,7 +443,7 @@ stream { {{ range $i, $passthrough := .PassthroughBackends }} {{ $passthrough.Hostname }} {{ $passthrough.Backend }}; {{ end }} - # send SSL traffic to this nginx in a different port + # send SSL traffic to this nginx in a different port default nginx-ssl-backend; } @@ -470,15 +470,15 @@ stream { ssl_preread on; } {{ end }} - - # TCP services + + # TCP services {{ range $i, $tcpServer := .TCPBackends }} upstream {{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} { {{ range $j, $endpoint := $tcpServer.Endpoints }} server {{ $endpoint.Address }}:{{ $endpoint.Port }}; {{ end }} } - + server { listen {{ $tcpServer.Port }}; proxy_pass {{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }}; @@ -492,11 +492,11 @@ stream { server {{ $endpoint.Address }}:{{ $endpoint.Port }}; {{ end }} } - + server { listen {{ $udpServer.Port }}; proxy_responses 1; - proxy_pass {{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }}; + proxy_pass {{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }}; } {{ end }} } @@ -509,7 +509,7 @@ stream { content_by_lua_block { openURL(ngx.req.get_headers(0), {{ $errCode }}) } - } + } {{ end }} {{ end }} diff --git a/core/pkg/ingress/annotations/rewrite/main.go b/core/pkg/ingress/annotations/rewrite/main.go index 14dec6616..999ef7844 100644 --- a/core/pkg/ingress/annotations/rewrite/main.go +++ b/core/pkg/ingress/annotations/rewrite/main.go @@ -24,9 +24,10 @@ import ( ) const ( - rewriteTo = "ingress.kubernetes.io/rewrite-target" - addBaseURL = "ingress.kubernetes.io/add-base-url" - sslRedirect = "ingress.kubernetes.io/ssl-redirect" + rewriteTo = "ingress.kubernetes.io/rewrite-target" + addBaseURL = "ingress.kubernetes.io/add-base-url" + sslRedirect = "ingress.kubernetes.io/ssl-redirect" + forceSSLRedirect = "ingress.kubernetes.io/force-ssl-redirect" ) // Redirect describes the per location redirect config @@ -38,6 +39,8 @@ type Redirect struct { AddBaseURL bool `json:"addBaseUrl"` // SSLRedirect indicates if the location section is accessible SSL only SSLRedirect bool `json:"sslRedirect"` + // ForceSSLRedirect indicates if the location section is accessible SSL only + ForceSSLRedirect bool `json:"forceSSLRedirect"` } type rewrite struct { @@ -57,10 +60,15 @@ func (a rewrite) Parse(ing *extensions.Ingress) (interface{}, error) { if err != nil { sslRe = a.backendResolver.GetDefaultBackend().SSLRedirect } + fSslRe, err := parser.GetBoolAnnotation(forceSSLRedirect, ing) + if err != nil { + fSslRe = a.backendResolver.GetDefaultBackend().ForceSSLRedirect + } abu, _ := parser.GetBoolAnnotation(addBaseURL, ing) return &Redirect{ - Target: rt, - AddBaseURL: abu, - SSLRedirect: sslRe, + Target: rt, + AddBaseURL: abu, + SSLRedirect: sslRe, + ForceSSLRedirect: fSslRe, }, nil } diff --git a/core/pkg/ingress/annotations/rewrite/main_test.go b/core/pkg/ingress/annotations/rewrite/main_test.go index f4f0ed973..75daf01bc 100644 --- a/core/pkg/ingress/annotations/rewrite/main_test.go +++ b/core/pkg/ingress/annotations/rewrite/main_test.go @@ -117,10 +117,6 @@ func TestSSLRedirect(t *testing.T) { t.Errorf("Expected true but returned false") } - if !redirect.SSLRedirect { - t.Errorf("Expected true but returned false") - } - data[sslRedirect] = "false" ing.SetAnnotations(data) @@ -133,3 +129,32 @@ func TestSSLRedirect(t *testing.T) { t.Errorf("Expected false but returned true") } } + +func TestForceSSLRedirect(t *testing.T) { + ing := buildIngress() + + data := map[string]string{} + data[rewriteTo] = defRoute + ing.SetAnnotations(data) + + i, _ := NewParser(mockBackend{true}).Parse(ing) + redirect, ok := i.(*Redirect) + if !ok { + t.Errorf("expected a Redirect type") + } + if redirect.ForceSSLRedirect { + t.Errorf("Expected false but returned true") + } + + data[forceSSLRedirect] = "true" + ing.SetAnnotations(data) + + i, _ = NewParser(mockBackend{false}).Parse(ing) + redirect, ok = i.(*Redirect) + if !ok { + t.Errorf("expected a Redirect type") + } + if !redirect.ForceSSLRedirect { + t.Errorf("Expected true but returned false") + } +} diff --git a/core/pkg/ingress/defaults/main.go b/core/pkg/ingress/defaults/main.go index 19b6c110b..d8420da04 100644 --- a/core/pkg/ingress/defaults/main.go +++ b/core/pkg/ingress/defaults/main.go @@ -59,6 +59,10 @@ type Backend struct { // Enables or disables the redirect (301) to the HTTPS port SSLRedirect bool `json:"ssl-redirect"` + // Enables or disables the redirect (301) to the HTTPS port even without TLS cert + // This is useful if doing SSL offloading outside of cluster eg AWS ELB + ForceSSLRedirect bool `json:"force-ssl-redirect"` + // Enables or disables the specification of port in redirects // Default: false UsePortInRedirects bool `json:"use-port-in-redirects"` From 482293b99d58b65ea1bbae96feebd3bb8774583c Mon Sep 17 00:00:00 2001 From: caiyixiang Date: Fri, 3 Mar 2017 15:17:32 +0800 Subject: [PATCH 08/47] add_judgment --- controllers/nginx/pkg/cmd/controller/nginx.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/controllers/nginx/pkg/cmd/controller/nginx.go b/controllers/nginx/pkg/cmd/controller/nginx.go index 458f9f6c3..94d6a2278 100644 --- a/controllers/nginx/pkg/cmd/controller/nginx.go +++ b/controllers/nginx/pkg/cmd/controller/nginx.go @@ -200,7 +200,10 @@ func (n *NGINXController) backendDefaults() defaults.Backend { if err != nil { glog.Warningf("unexpected error merging defaults: %v", err) } - decoder.Decode(n.configmap.Data) + err = decoder.Decode(n.configmap.Data) + if err != nil { + glog.Warningf("unexpected error decoding: %v", err) + } return d.Backend } @@ -267,7 +270,10 @@ func (n NGINXController) testTemplate(cfg []byte) error { return err } defer tmpfile.Close() - ioutil.WriteFile(tmpfile.Name(), cfg, 0644) + err = ioutil.WriteFile(tmpfile.Name(), cfg, 0644) + if err != nil { + return err + } out, err := exec.Command(n.binary, "-t", "-c", tmpfile.Name()).CombinedOutput() if err != nil { // this error is different from the rest because it must be clear why nginx is not working From 1e5081baf2e7c2ac28a324c2df5415f09ddc2b9c Mon Sep 17 00:00:00 2001 From: Giancarlo Rubio Date: Fri, 3 Mar 2017 13:02:36 +0100 Subject: [PATCH 09/47] BuildLogFormatUpstream function was always using the default log-format-upstream, --- controllers/nginx/pkg/config/config.go | 11 +++++++++-- controllers/nginx/pkg/config/config_test.go | 9 ++++++--- controllers/nginx/pkg/template/template.go | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go index c23c15867..b8dbe2185 100644 --- a/controllers/nginx/pkg/config/config.go +++ b/controllers/nginx/pkg/config/config.go @@ -264,7 +264,7 @@ func NewDefault() Configuration { KeepAlive: 75, LargeClientHeaderBuffers: "4 8k", LogFormatStream: logFormatStream, - LogFormatUpstream: BuildLogFormatUpstream(false), + LogFormatUpstream: BuildLogFormatUpstream(false, ""), MaxWorkerConnections: 16384, MapHashBucketSize: 64, ProxyRealIPCIDR: defIPCIDR, @@ -307,7 +307,14 @@ func NewDefault() Configuration { } // BuildLogFormatUpstream format the log_format upstream based on proxy_protocol -func BuildLogFormatUpstream(useProxyProtocol bool) string { +func BuildLogFormatUpstream(useProxyProtocol bool, curLogFormatUpstream string) string { + + // test if log_format comes from configmap + if curLogFormatUpstream != "" && + curLogFormatUpstream != fmt.Sprintf(logFormatUpstream, "$proxy_protocol_addr") && + curLogFormatUpstream != fmt.Sprintf(logFormatUpstream, "$remote_addr") { + return curLogFormatUpstream + } if useProxyProtocol { return fmt.Sprintf(logFormatUpstream, "$proxy_protocol_addr") diff --git a/controllers/nginx/pkg/config/config_test.go b/controllers/nginx/pkg/config/config_test.go index d0fccc69b..b198b8adb 100644 --- a/controllers/nginx/pkg/config/config_test.go +++ b/controllers/nginx/pkg/config/config_test.go @@ -9,15 +9,18 @@ func TestBuildLogFormatUpstream(t *testing.T) { testCases := []struct { useProxyProtocol bool // use proxy protocol + curLogFormat string expected string }{ - {true, fmt.Sprintf(logFormatUpstream, "$proxy_protocol_addr")}, - {false, fmt.Sprintf(logFormatUpstream, "$remote_addr")}, + {true, "", fmt.Sprintf(logFormatUpstream, "$proxy_protocol_addr")}, + {false, "", fmt.Sprintf(logFormatUpstream, "$remote_addr")}, + {true, "my-log-format", "my-log-format"}, + {false, "john-log-format", "john-log-format"}, } for _, testCase := range testCases { - result := BuildLogFormatUpstream(testCase.useProxyProtocol) + result := BuildLogFormatUpstream(testCase.useProxyProtocol, testCase.curLogFormat) if result != testCase.expected { t.Errorf(" expected %v but return %v", testCase.expected, result) diff --git a/controllers/nginx/pkg/template/template.go b/controllers/nginx/pkg/template/template.go index d23a78be2..c36694363 100644 --- a/controllers/nginx/pkg/template/template.go +++ b/controllers/nginx/pkg/template/template.go @@ -235,7 +235,7 @@ func buildLogFormatUpstream(input interface{}) string { glog.Errorf("error an ingress.buildLogFormatUpstream type but %T was returned", input) } - return nginxconfig.BuildLogFormatUpstream(config.UseProxyProtocol) + return nginxconfig.BuildLogFormatUpstream(config.UseProxyProtocol, config.LogFormatUpstream) } From 0b6f4d27703cea7f42a39a2140f7a3ac6fcf62d2 Mon Sep 17 00:00:00 2001 From: Peter Lee Date: Sat, 4 Mar 2017 00:40:07 +0800 Subject: [PATCH 10/47] Minor text fix for "ApiServer" It looks a little weird to apply camel case style for the noun "apiserver", i didn't see somewhere else spelling it in that way. --- controllers/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/README.md b/controllers/README.md index 6df8a3abf..e62cf55b6 100644 --- a/controllers/README.md +++ b/controllers/README.md @@ -8,4 +8,4 @@ Configuring a webserver or loadbalancer is harder than it should be. Most webser ## What is an Ingress Controller? -An Ingress Controller is a daemon, deployed as a Kubernetes Pod, that watches the ApiServer's `/ingresses` endpoint for updates to the [Ingress resource](https://github.com/kubernetes/kubernetes/blob/master/docs/user-guide/ingress.md). Its job is to satisfy requests for ingress. +An Ingress Controller is a daemon, deployed as a Kubernetes Pod, that watches the apiserver's `/ingresses` endpoint for updates to the [Ingress resource](https://github.com/kubernetes/kubernetes/blob/master/docs/user-guide/ingress.md). Its job is to satisfy requests for ingress. From 74d57c950282484885a74c92d3413110e3b95c69 Mon Sep 17 00:00:00 2001 From: Jakob Jarosch Date: Fri, 3 Mar 2017 20:29:43 +0100 Subject: [PATCH 11/47] Add documentation for ingress.kubernetes.io/force-ssl-redirect refs #314 #365 --- controllers/nginx/configuration.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/controllers/nginx/configuration.md b/controllers/nginx/configuration.md index 5885f587b..e7d4c98f6 100644 --- a/controllers/nginx/configuration.md +++ b/controllers/nginx/configuration.md @@ -40,6 +40,7 @@ The following annotations are supported: |Name |type| |---------------------------|------| |[ingress.kubernetes.io/add-base-url](#rewrite)|true or false| +|[ingress.kubernetes.io/affinity](#session-affinity)|true or false| |[ingress.kubernetes.io/auth-realm](#authentication)|string| |[ingress.kubernetes.io/auth-secret](#authentication)|string| |[ingress.kubernetes.io/auth-type](#authentication)|basic or digest| @@ -47,18 +48,18 @@ The following annotations are supported: |[ingress.kubernetes.io/auth-tls-secret](#Certificate Authentication)|string| |[ingress.kubernetes.io/auth-tls-verify-depth](#Certificate Authentication)|number| |[ingress.kubernetes.io/enable-cors](#enable-cors)|true or false| +|[ingress.kubernetes.io/force-ssl-redirect](#server-side-https-enforcement-through-redirect)|true or false| |[ingress.kubernetes.io/limit-connections](#rate-limiting)|number| |[ingress.kubernetes.io/limit-rps](#rate-limiting)|number| |[ingress.kubernetes.io/proxy-body-size](#custom-max-body-size)|string| |[ingress.kubernetes.io/rewrite-target](#rewrite)|URI| |[ingress.kubernetes.io/secure-backends](#secure-backends)|true or false| +|[ingress.kubernetes.io/session-cookie-name](#cookie-affinity)|string| +|[ingress.kubernetes.io/session-cookie-hash](#cookie-affinity)|string| |[ingress.kubernetes.io/ssl-redirect](#server-side-https-enforcement-through-redirect)|true or false| |[ingress.kubernetes.io/upstream-max-fails](#custom-nginx-upstream-checks)|number| |[ingress.kubernetes.io/upstream-fail-timeout](#custom-nginx-upstream-checks)|number| |[ingress.kubernetes.io/whitelist-source-range](#whitelist-source-range)|CIDR| -|[ingress.kubernetes.io/affinity](#session-affinity)|true or false| -|[ingress.kubernetes.io/session-cookie-name](#cookie-affinity)|string| -|[ingress.kubernetes.io/session-cookie-hash](#cookie-affinity)|string| @@ -198,6 +199,8 @@ By default the controller redirects (301) to `HTTPS` if TLS is enabled for that To configure this feature for specific ingress resources, you can use the `ingress.kubernetes.io/ssl-redirect: "false"` annotation in the particular resource. +When using SSL offloading outside of cluster (e.g. AWS ELB) it may be usefull to enforce a redirect to `HTTPS` even when there is not TLS cert available. This can be achieved by using the `ingress.kubernetes.io/force-ssl-redirect: "true"` annotation in the particular resource. + ### Whitelist source range From 2399be867e21dd49958899aa39aec749da024dc3 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Sat, 4 Mar 2017 16:46:45 -0300 Subject: [PATCH 12/47] Cleanup custom log format configuration --- controllers/nginx/pkg/config/config.go | 28 ++++++++----------- controllers/nginx/pkg/config/config_test.go | 16 +++++------ controllers/nginx/pkg/template/template.go | 7 ++--- .../rootfs/etc/nginx/template/nginx.tmpl | 2 +- 4 files changed, 22 insertions(+), 31 deletions(-) diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go index c095adcb1..9bc9f508d 100644 --- a/controllers/nginx/pkg/config/config.go +++ b/controllers/nginx/pkg/config/config.go @@ -17,11 +17,11 @@ limitations under the License. package config import ( + "fmt" "runtime" "github.com/golang/glog" - "fmt" "k8s.io/ingress/core/pkg/ingress" "k8s.io/ingress/core/pkg/ingress/defaults" ) @@ -47,9 +47,9 @@ const ( gzipTypes = "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component" - logFormatUpstream = "'%v - [$proxy_add_x_forwarded_for] - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status'" + logFormatUpstream = `[$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status"` - logFormatStream = "'$remote_addr [$time_local] $protocol [$ssl_preread_server_name] [$stream_upstream] $status $bytes_sent $bytes_received $session_time'" + logFormatStream = `[$time_local] $protocol [$ssl_preread_server_name] [$stream_upstream] $status $bytes_sent $bytes_received $session_time` // http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size // Sets the size of the buffer used for sending data. @@ -264,7 +264,7 @@ func NewDefault() Configuration { KeepAlive: 75, LargeClientHeaderBuffers: "4 8k", LogFormatStream: logFormatStream, - LogFormatUpstream: BuildLogFormatUpstream(false, ""), + LogFormatUpstream: logFormatUpstream, MaxWorkerConnections: 16384, MapHashBucketSize: 64, ProxyRealIPCIDR: defIPCIDR, @@ -307,20 +307,14 @@ func NewDefault() Configuration { return cfg } -// BuildLogFormatUpstream format the log_format upstream based on proxy_protocol -func BuildLogFormatUpstream(useProxyProtocol bool, curLogFormatUpstream string) string { - - // test if log_format comes from configmap - if curLogFormatUpstream != "" && - curLogFormatUpstream != fmt.Sprintf(logFormatUpstream, "$proxy_protocol_addr") && - curLogFormatUpstream != fmt.Sprintf(logFormatUpstream, "$remote_addr") { - return curLogFormatUpstream +// BuildLogFormatUpstream format the log_format upstream using +// proxy_protocol_addr as remote client address if UseProxyProtocol +// is enabled. +func (cfg Configuration) BuildLogFormatUpstream() string { + if cfg.UseProxyProtocol { + return fmt.Sprintf("$proxy_protocol_addr - %s", cfg.LogFormatUpstream) } - - if useProxyProtocol { - return fmt.Sprintf(logFormatUpstream, "$proxy_protocol_addr") - } - return fmt.Sprintf(logFormatUpstream, "$remote_addr") + return fmt.Sprintf("$remote_addr - %s", cfg.LogFormatUpstream) } // TemplateConfig contains the nginx configuration to render the file nginx.conf diff --git a/controllers/nginx/pkg/config/config_test.go b/controllers/nginx/pkg/config/config_test.go index b198b8adb..28bbf271a 100644 --- a/controllers/nginx/pkg/config/config_test.go +++ b/controllers/nginx/pkg/config/config_test.go @@ -12,19 +12,19 @@ func TestBuildLogFormatUpstream(t *testing.T) { curLogFormat string expected string }{ - {true, "", fmt.Sprintf(logFormatUpstream, "$proxy_protocol_addr")}, - {false, "", fmt.Sprintf(logFormatUpstream, "$remote_addr")}, - {true, "my-log-format", "my-log-format"}, - {false, "john-log-format", "john-log-format"}, + {true, logFormatUpstream, fmt.Sprintf("$proxy_protocol_addr - %s", logFormatUpstream)}, + {false, logFormatUpstream, fmt.Sprintf("$remote_addr - %s", logFormatUpstream)}, + {true, "my-log-format", "$proxy_protocol_addr - my-log-format"}, + {false, "john-log-format", "$remote_addr - john-log-format"}, } for _, testCase := range testCases { - - result := BuildLogFormatUpstream(testCase.useProxyProtocol, testCase.curLogFormat) - + cfg := NewDefault() + cfg.UseProxyProtocol = testCase.useProxyProtocol + cfg.LogFormatUpstream = testCase.curLogFormat + result := cfg.BuildLogFormatUpstream() if result != testCase.expected { t.Errorf(" expected %v but return %v", testCase.expected, result) } - } } diff --git a/controllers/nginx/pkg/template/template.go b/controllers/nginx/pkg/template/template.go index c36694363..8262a5873 100644 --- a/controllers/nginx/pkg/template/template.go +++ b/controllers/nginx/pkg/template/template.go @@ -31,7 +31,6 @@ import ( "github.com/golang/glog" "k8s.io/ingress/controllers/nginx/pkg/config" - nginxconfig "k8s.io/ingress/controllers/nginx/pkg/config" "k8s.io/ingress/core/pkg/ingress" ing_net "k8s.io/ingress/core/pkg/net" "k8s.io/ingress/core/pkg/watch" @@ -229,14 +228,12 @@ func buildAuthLocation(input interface{}) string { } func buildLogFormatUpstream(input interface{}) string { - config, ok := input.(config.Configuration) - + cfg, ok := input.(config.Configuration) if !ok { glog.Errorf("error an ingress.buildLogFormatUpstream type but %T was returned", input) } - return nginxconfig.BuildLogFormatUpstream(config.UseProxyProtocol, config.LogFormatUpstream) - + return cfg.BuildLogFormatUpstream() } // buildProxyPass produces the proxy pass string, if the ingress has redirects diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index de140e9ae..e0a119408 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -79,7 +79,7 @@ http { server_tokens {{ if $cfg.ShowServerTokens }}on{{ else }}off{{ end }}; - log_format upstreaminfo {{ buildLogFormatUpstream $cfg }}; + log_format upstreaminfo '{{ buildLogFormatUpstream $cfg }}'; {{/* map urls that should not appear in access.log */}} {{/* http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log */}} From 3c0fb01ba2022ea1f5fed3e2854ce90824406c61 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Sat, 4 Mar 2017 16:50:49 -0300 Subject: [PATCH 13/47] Add warning when the ingress controller uses a custom class --- controllers/nginx/pkg/cmd/controller/nginx.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/controllers/nginx/pkg/cmd/controller/nginx.go b/controllers/nginx/pkg/cmd/controller/nginx.go index f51e01158..3c798bb1b 100644 --- a/controllers/nginx/pkg/cmd/controller/nginx.go +++ b/controllers/nginx/pkg/cmd/controller/nginx.go @@ -260,6 +260,10 @@ func (n NGINXController) Info() *ingress.BackendInfo { // OverrideFlags customize NGINX controller flags func (n NGINXController) OverrideFlags(flags *pflag.FlagSet) { + ig, err := flags.GetString("ingress-class") + if err == nil && ig != "" && ig != defIngressClass { + glog.Warningf("only Ingress with class %v will be processed by this ingress controller", ig) + } flags.Set("ingress-class", defIngressClass) } From 1473f64fb007c43d562328e6c7809f82d3eb931d Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Sat, 4 Mar 2017 17:15:21 -0300 Subject: [PATCH 14/47] Remove SPDY reference --- controllers/nginx/pkg/config/config.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go index 9bc9f508d..518191681 100644 --- a/controllers/nginx/pkg/config/config.go +++ b/controllers/nginx/pkg/config/config.go @@ -97,11 +97,6 @@ type Configuration struct { //http://nginx.org/en/docs/http/ngx_http_log_module.html DisableAccessLog bool `json:"disable-access-log,omitempty"` - // EnableSPDY enables spdy and use ALPN and NPN to advertise the availability of the two protocols - // https://blog.cloudflare.com/open-sourcing-our-nginx-http-2-spdy-code - // By default this is enabled - EnableSPDY bool `json:"enable-spdy"` - // EnableStickySessions enabled sticky sessions using cookies // https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng // By default this is disabled @@ -255,7 +250,6 @@ func NewDefault() Configuration { ClientHeaderBufferSize: "1k", DisableAccessLog: false, EnableDynamicTLSRecords: true, - EnableSPDY: false, ErrorLogLevel: errorLevel, HSTS: true, HSTSIncludeSubdomains: true, From cd924f552270da4efc687deb193052747f3563ab Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Sat, 4 Mar 2017 17:21:19 -0300 Subject: [PATCH 15/47] Avoid duplication of ReadConfig function --- controllers/nginx/pkg/cmd/controller/nginx.go | 22 +------------------ 1 file changed, 1 insertion(+), 21 deletions(-) diff --git a/controllers/nginx/pkg/cmd/controller/nginx.go b/controllers/nginx/pkg/cmd/controller/nginx.go index 3c798bb1b..9d12f3b08 100644 --- a/controllers/nginx/pkg/cmd/controller/nginx.go +++ b/controllers/nginx/pkg/cmd/controller/nginx.go @@ -29,7 +29,6 @@ import ( "time" "github.com/golang/glog" - "github.com/mitchellh/mapstructure" "github.com/spf13/pflag" "k8s.io/kubernetes/pkg/api" @@ -186,26 +185,7 @@ func (n NGINXController) BackendDefaults() defaults.Backend { return d.Backend } - return n.backendDefaults() -} - -func (n *NGINXController) backendDefaults() defaults.Backend { - d := config.NewDefault() - config := &mapstructure.DecoderConfig{ - Metadata: nil, - WeaklyTypedInput: true, - Result: &d, - TagName: "json", - } - decoder, err := mapstructure.NewDecoder(config) - if err != nil { - glog.Warningf("unexpected error merging defaults: %v", err) - } - err = decoder.Decode(n.configmap.Data) - if err != nil { - glog.Warningf("unexpected error decoding: %v", err) - } - return d.Backend + return ngx_template.ReadConfig(n.configmap.Data).Backend } // isReloadRequired check if the new configuration file is different From 73c9197df623fce08db8260bec2d886347e6b80e Mon Sep 17 00:00:00 2001 From: Joao Morais Date: Sun, 5 Mar 2017 21:41:12 -0300 Subject: [PATCH 16/47] HAProxy Auth Basic sample --- examples/auth/basic/haproxy/README.md | 103 ++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 examples/auth/basic/haproxy/README.md diff --git a/examples/auth/basic/haproxy/README.md b/examples/auth/basic/haproxy/README.md new file mode 100644 index 000000000..5c5edc78f --- /dev/null +++ b/examples/auth/basic/haproxy/README.md @@ -0,0 +1,103 @@ +# HAProxy Ingress Basic Authentication + +This example demonstrates how to configure +[Basic Authentication](https://tools.ietf.org/html/rfc2617) on +HAProxy Ingress controller. + +## Prerequisites + +This document has the following prerequisites: + +* Deploy [HAProxy Ingress controller](/examples/deployment/haproxy), you should +end up with controller, a sample web app and an ingress resource to the `foo.bar` +domain +* Feature not on stable version; use `canary` tag + +As mentioned in the deployment instructions, you MUST turn down any existing +ingress controllers before running HAProxy Ingress. + +## Using Basic Authentication + +HAProxy Ingress read user and password from `auth` file stored on secrets, one user +and password per line. Secret name, realm and type are configured with annotations +in the ingress resource: + +* `ingress.kubernetes.io/auth-type`: the only supported type is `basic` +* `ingress.kubernetes.io/auth-realm`: an optional string with authentication realm +* `ingress.kubernetes.io/auth-secret`: name of the secret + +Each line of the `auth` file should have: + +* user and insecure password separated with a pair of colons: `::`; or +* user and an encrypted password separated with colons: `:` + +HAProxy evaluates encrypted passwords with +[crypt](http://man7.org/linux/man-pages/man3/crypt.3.html) function. Use `mkpasswd` or +`makepasswd` to create it. `mkpasswd` can be found on Alpine Linux container. + +## Configure + +Create a secret to our users: + +* `john` and password `admin` using insecure plain text password +* `jane` and password `guest` using encrypted password + +```console +$ mkpasswd -m des ## a short, des encryption, syntax from Busybox on Alpine Linux +Password: (type 'guest' and press Enter) +E5BrlrQ5IXYK2 + +$ cat >auth <

401 Unauthorized

+You need a valid user and password to access this content. + +``` + +Send a valid user: + +```console +$ curl -i -u 'john:admin' 172.17.4.99:30876 -H 'Host: foo.bar' +HTTP/1.1 200 OK +Server: nginx/1.9.11 +Date: Sun, 05 Mar 2017 19:22:33 GMT +Content-Type: text/plain +Transfer-Encoding: chunked + +CLIENT VALUES: +client_address=10.2.18.5 +command=GET +real path=/ +query=nil +request_version=1.1 +request_uri=http://foo.bar:8080/ +``` + +Using `jane:guest` user/passwd should have the same output. + From 6c1b45a663579ed100e4192ed63023b707074656 Mon Sep 17 00:00:00 2001 From: Ricardo Pchevuzinske Katz Date: Tue, 28 Feb 2017 21:11:16 -0300 Subject: [PATCH 17/47] Generates a Self signed certificate for default vhost if the secret doesn't exists Generates a Self signed certificate for default vhost if the secret doesn't exists modified: core/pkg/ingress/controller/backend_ssl.go modified: core/pkg/ingress/controller/controller.go modified: core/pkg/net/ssl/ssl.go --- core/pkg/ingress/controller/backend_ssl.go | 2 +- core/pkg/ingress/controller/controller.go | 22 +++++--- core/pkg/net/ssl/ssl.go | 66 ++++++++++++++++------ 3 files changed, 66 insertions(+), 24 deletions(-) diff --git a/core/pkg/ingress/controller/backend_ssl.go b/core/pkg/ingress/controller/backend_ssl.go index 7a84a3d4f..35e7dd59f 100644 --- a/core/pkg/ingress/controller/backend_ssl.go +++ b/core/pkg/ingress/controller/backend_ssl.go @@ -56,7 +56,7 @@ func (ic *GenericController) syncSecret(k interface{}) error { } } else { defCert, defKey := ssl.GetFakeSSLCert() - cert, err = ssl.AddOrUpdateCertAndKey("system-snake-oil-certificate", defCert, defKey, []byte{}) + cert, err = ssl.AddOrUpdateCertAndKey("default-fake-certificate", defCert, defKey, []byte{}) if err != nil { return nil } diff --git a/core/pkg/ingress/controller/controller.go b/core/pkg/ingress/controller/controller.go index 04d69e305..e7759803f 100644 --- a/core/pkg/ingress/controller/controller.go +++ b/core/pkg/ingress/controller/controller.go @@ -18,6 +18,7 @@ package controller import ( "fmt" + "os" "reflect" "sort" "strconv" @@ -843,13 +844,23 @@ func (ic *GenericController) createServers(data []interface{}, // If no default Certificate was supplied, tries to generate a new dumb one if err != nil { var cert *ingress.SSLCert - defCert, defKey := ssl.GetFakeSSLCert() - cert, err = ssl.AddOrUpdateCertAndKey("system-snake-oil-certificate", defCert, defKey, []byte{}) + + fakeCertificate := "default-fake-certificate" + fakeCertificatePath := fmt.Sprintf("%v/%v.pem", ingress.DefaultSSLDirectory, fakeCertificate) + + // Only generates a new certificate if it doesn't exists physically + _, err := os.Stat(fakeCertificatePath) if err != nil { - glog.Fatalf("Error generating self signed certificate: %v", err) - } else { + defCert, defKey := ssl.GetFakeSSLCert() + cert, err = ssl.AddOrUpdateCertAndKey(fakeCertificate, defCert, defKey, []byte{}) + if err != nil { + glog.Fatalf("Error generating self signed certificate: %v", err) + } defaultPemFileName = cert.PemFileName defaultPemSHA = cert.PemSHA + } else { + defaultPemFileName = fakeCertificatePath + defaultPemSHA = ssl.PemSHA1(fakeCertificatePath) } } else { defaultPemFileName = defaultCertificate.PemFileName @@ -944,9 +955,6 @@ func (ic *GenericController) createServers(data []interface{}, servers[host].SSLCertificate = cert.PemFileName servers[host].SSLPemChecksum = cert.PemSHA } - } else { - servers[host].SSLCertificate = defaultPemFileName - servers[host].SSLPemChecksum = defaultPemSHA } } } diff --git a/core/pkg/net/ssl/ssl.go b/core/pkg/net/ssl/ssl.go index ea492940f..cd5f57beb 100644 --- a/core/pkg/net/ssl/ssl.go +++ b/core/pkg/net/ssl/ssl.go @@ -17,14 +17,19 @@ limitations under the License. package ssl import ( + "crypto/rand" + "crypto/rsa" "crypto/sha1" "crypto/x509" + "crypto/x509/pkix" "encoding/hex" "encoding/pem" "errors" "fmt" "io/ioutil" + "math/big" "os" + "time" "github.com/golang/glog" @@ -120,14 +125,14 @@ func AddOrUpdateCertAndKey(name string, cert, key, ca []byte) (*ingress.SSLCert, return &ingress.SSLCert{ CAFileName: pemFileName, PemFileName: pemFileName, - PemSHA: pemSHA1(pemFileName), + PemSHA: PemSHA1(pemFileName), CN: cn, }, nil } return &ingress.SSLCert{ PemFileName: pemFileName, - PemSHA: pemSHA1(pemFileName), + PemSHA: PemSHA1(pemFileName), CN: cn, }, nil } @@ -162,7 +167,7 @@ func AddCertAuth(name string, ca []byte) (*ingress.SSLCert, error) { return &ingress.SSLCert{ CAFileName: caFileName, PemFileName: caFileName, - PemSHA: pemSHA1(caFileName), + PemSHA: PemSHA1(caFileName), }, nil } @@ -187,9 +192,9 @@ func SearchDHParamFile(baseDir string) string { return "" } -// pemSHA1 returns the SHA1 of a pem file. This is used to +// PemSHA1 returns the SHA1 of a pem file. This is used to // reload NGINX in case a secret with a SSL certificate changed. -func pemSHA1(filename string) string { +func PemSHA1(filename string) string { hasher := sha1.New() s, err := ioutil.ReadFile(filename) if err != nil { @@ -200,23 +205,52 @@ func pemSHA1(filename string) string { return hex.EncodeToString(hasher.Sum(nil)) } -const ( - snakeOilPem = "/etc/ssl/certs/ssl-cert-snakeoil.pem" - snakeOilKey = "/etc/ssl/private/ssl-cert-snakeoil.key" -) - -// GetFakeSSLCert returns the snake oil ssl certificate created by the command -// make-ssl-cert generate-default-snakeoil --force-overwrite +// GetFakeSSLCert creates a Self Signed Certificate +// Based in the code https://golang.org/src/crypto/tls/generate_cert.go func GetFakeSSLCert() ([]byte, []byte) { - cert, err := ioutil.ReadFile(snakeOilPem) + + var priv interface{} + var err error + + priv, err = rsa.GenerateKey(rand.Reader, 2048) + if err != nil { - return nil, nil + glog.Fatalf("failed to generate fake private key: %s", err) } - key, err := ioutil.ReadFile(snakeOilKey) + notBefore := time.Now() + // This certificate is valid for 365 days + notAfter := notBefore.Add(365 * 24 * time.Hour) + + serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) + serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) + if err != nil { - return nil, nil + glog.Fatalf("failed to generate fake serial number: %s", err) } + template := x509.Certificate{ + SerialNumber: serialNumber, + Subject: pkix.Name{ + Organization: []string{"Acme Co"}, + CommonName: "Kubernetes Ingress Controller Fake Certificate", + }, + NotBefore: notBefore, + NotAfter: notAfter, + + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + BasicConstraintsValid: true, + DNSNames: []string{"ingress.local"}, + } + derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.(*rsa.PrivateKey).PublicKey, priv) + if err != nil { + glog.Fatalf("Failed to create fake certificate: %s", err) + } + + cert := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) + + key := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv.(*rsa.PrivateKey))}) + return cert, key } From f0c758eed2a0ba27f3eb3c268cbfc8e97ce6a829 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Mon, 6 Mar 2017 12:06:56 -0300 Subject: [PATCH 18/47] Fix custom log format --- controllers/nginx/pkg/config/config.go | 12 ++++++++---- controllers/nginx/pkg/config/config_test.go | 8 ++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go index 518191681..c4a4d8edb 100644 --- a/controllers/nginx/pkg/config/config.go +++ b/controllers/nginx/pkg/config/config.go @@ -47,7 +47,7 @@ const ( gzipTypes = "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component" - logFormatUpstream = `[$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status"` + logFormatUpstream = `%v - [$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status"` logFormatStream = `[$time_local] $protocol [$ssl_preread_server_name] [$stream_upstream] $status $bytes_sent $bytes_received $session_time` @@ -305,10 +305,14 @@ func NewDefault() Configuration { // proxy_protocol_addr as remote client address if UseProxyProtocol // is enabled. func (cfg Configuration) BuildLogFormatUpstream() string { - if cfg.UseProxyProtocol { - return fmt.Sprintf("$proxy_protocol_addr - %s", cfg.LogFormatUpstream) + if cfg.LogFormatUpstream == logFormatUpstream { + if cfg.UseProxyProtocol { + return fmt.Sprintf(cfg.LogFormatUpstream, "$proxy_protocol_addr") + } + return fmt.Sprintf(cfg.LogFormatUpstream, "$remote_addr") } - return fmt.Sprintf("$remote_addr - %s", cfg.LogFormatUpstream) + + return cfg.LogFormatUpstream } // TemplateConfig contains the nginx configuration to render the file nginx.conf diff --git a/controllers/nginx/pkg/config/config_test.go b/controllers/nginx/pkg/config/config_test.go index 28bbf271a..2af61f336 100644 --- a/controllers/nginx/pkg/config/config_test.go +++ b/controllers/nginx/pkg/config/config_test.go @@ -12,10 +12,10 @@ func TestBuildLogFormatUpstream(t *testing.T) { curLogFormat string expected string }{ - {true, logFormatUpstream, fmt.Sprintf("$proxy_protocol_addr - %s", logFormatUpstream)}, - {false, logFormatUpstream, fmt.Sprintf("$remote_addr - %s", logFormatUpstream)}, - {true, "my-log-format", "$proxy_protocol_addr - my-log-format"}, - {false, "john-log-format", "$remote_addr - john-log-format"}, + {true, logFormatUpstream, fmt.Sprintf(logFormatUpstream, "$proxy_protocol_addr")}, + {false, logFormatUpstream, fmt.Sprintf(logFormatUpstream, "$remote_addr")}, + {true, "my-log-format", "my-log-format"}, + {false, "john-log-format", "john-log-format"}, } for _, testCase := range testCases { From 51235a38e876209954d611c65b4df6a0865a66c6 Mon Sep 17 00:00:00 2001 From: Ricardo Pchevuzinske Katz Date: Mon, 6 Mar 2017 16:29:33 -0300 Subject: [PATCH 19/47] Removes wrong secret enqueing and improve the Fake Cert generation --- core/pkg/ingress/controller/backend_ssl.go | 21 +-------------------- core/pkg/ingress/controller/controller.go | 17 +++++++++-------- core/pkg/net/ssl/ssl.go | 1 + 3 files changed, 11 insertions(+), 28 deletions(-) diff --git a/core/pkg/ingress/controller/backend_ssl.go b/core/pkg/ingress/controller/backend_ssl.go index 35e7dd59f..f67ff4743 100644 --- a/core/pkg/ingress/controller/backend_ssl.go +++ b/core/pkg/ingress/controller/backend_ssl.go @@ -43,28 +43,9 @@ func (ic *GenericController) syncSecret(k interface{}) error { return fmt.Errorf("deferring sync till endpoints controller has synced") } - // check if the default certificate is configured - key := fmt.Sprintf("default/%v", defServerName) - _, exists := ic.sslCertTracker.Get(key) + var key string var cert *ingress.SSLCert var err error - if !exists { - if ic.cfg.DefaultSSLCertificate != "" { - cert, err = ic.getPemCertificate(ic.cfg.DefaultSSLCertificate) - if err != nil { - return err - } - } else { - defCert, defKey := ssl.GetFakeSSLCert() - cert, err = ssl.AddOrUpdateCertAndKey("default-fake-certificate", defCert, defKey, []byte{}) - if err != nil { - return nil - } - } - cert.Name = defServerName - cert.Namespace = api.NamespaceDefault - ic.sslCertTracker.Add(key, cert) - } key = k.(string) diff --git a/core/pkg/ingress/controller/controller.go b/core/pkg/ingress/controller/controller.go index e7759803f..207861e98 100644 --- a/core/pkg/ingress/controller/controller.go +++ b/core/pkg/ingress/controller/controller.go @@ -838,26 +838,27 @@ func (ic *GenericController) createServers(data []interface{}, CookiePath: bdef.ProxyCookiePath, } - // This adds the Default Certificate to Default Backend and also for vhosts missing the secret + // This adds the Default Certificate to Default Backend (or generates a new self signed one) var defaultPemFileName, defaultPemSHA string - defaultCertificate, err := ic.getPemCertificate(ic.cfg.DefaultSSLCertificate) - // If no default Certificate was supplied, tries to generate a new dumb one - if err != nil { - var cert *ingress.SSLCert + // Tries to fetch the default Certificate. If it does not exists, generate a new self signed one. + defaultCertificate, err := ic.getPemCertificate(ic.cfg.DefaultSSLCertificate) + if err != nil { + // This means the Default Secret does not exists, so we will create a new one. fakeCertificate := "default-fake-certificate" fakeCertificatePath := fmt.Sprintf("%v/%v.pem", ingress.DefaultSSLDirectory, fakeCertificate) // Only generates a new certificate if it doesn't exists physically _, err := os.Stat(fakeCertificatePath) if err != nil { + glog.V(3).Infof("No Default SSL Certificate found. Generating a new one") defCert, defKey := ssl.GetFakeSSLCert() - cert, err = ssl.AddOrUpdateCertAndKey(fakeCertificate, defCert, defKey, []byte{}) + defaultCertificate, err = ssl.AddOrUpdateCertAndKey(fakeCertificate, defCert, defKey, []byte{}) if err != nil { glog.Fatalf("Error generating self signed certificate: %v", err) } - defaultPemFileName = cert.PemFileName - defaultPemSHA = cert.PemSHA + defaultPemFileName = defaultCertificate.PemFileName + defaultPemSHA = defaultCertificate.PemSHA } else { defaultPemFileName = fakeCertificatePath defaultPemSHA = ssl.PemSHA1(fakeCertificatePath) diff --git a/core/pkg/net/ssl/ssl.go b/core/pkg/net/ssl/ssl.go index cd5f57beb..b007d8bba 100644 --- a/core/pkg/net/ssl/ssl.go +++ b/core/pkg/net/ssl/ssl.go @@ -78,6 +78,7 @@ func AddOrUpdateCertAndKey(name string, cert, key, ca []byte) (*ingress.SSLCert, // If the file does not start with 'BEGIN CERTIFICATE' it's invalid and must not be used. if pemBlock.Type != "CERTIFICATE" { + _ = os.Remove(tempPemFile.Name()) return nil, fmt.Errorf("Certificate %v contains invalid data, and must be created with 'kubectl create secret tls'", name) } From e107e2b87f61ca537c5b9b1baaad3fcaa571a6c3 Mon Sep 17 00:00:00 2001 From: Ricardo Pchevuzinske Katz Date: Mon, 6 Mar 2017 16:33:44 -0300 Subject: [PATCH 20/47] Temporary PEM Files cleanup --- core/pkg/net/ssl/ssl.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/core/pkg/net/ssl/ssl.go b/core/pkg/net/ssl/ssl.go index b007d8bba..93811ecf3 100644 --- a/core/pkg/net/ssl/ssl.go +++ b/core/pkg/net/ssl/ssl.go @@ -68,11 +68,13 @@ func AddOrUpdateCertAndKey(name string, cert, key, ca []byte) (*ingress.SSLCert, pemCerts, err := ioutil.ReadFile(tempPemFile.Name()) if err != nil { + _ = os.Remove(tempPemFile.Name()) return nil, err } pemBlock, _ := pem.Decode(pemCerts) if pemBlock == nil { + _ = os.Remove(tempPemFile.Name()) return nil, fmt.Errorf("No valid PEM formatted block found") } @@ -84,6 +86,7 @@ func AddOrUpdateCertAndKey(name string, cert, key, ca []byte) (*ingress.SSLCert, pemCert, err := x509.ParseCertificate(pemBlock.Bytes) if err != nil { + _ = os.Remove(tempPemFile.Name()) return nil, err } From 1417a3a818ee0592ab5b25cf5f70a78238819e89 Mon Sep 17 00:00:00 2001 From: chentao1596 Date: Tue, 7 Mar 2017 15:34:31 +0800 Subject: [PATCH 21/47] add copyright --- controllers/nginx/pkg/config/config_test.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/controllers/nginx/pkg/config/config_test.go b/controllers/nginx/pkg/config/config_test.go index 2af61f336..359cb1306 100644 --- a/controllers/nginx/pkg/config/config_test.go +++ b/controllers/nginx/pkg/config/config_test.go @@ -1,3 +1,19 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package config import ( From 6f3139a79edaa9d977e3655538fe30a598965985 Mon Sep 17 00:00:00 2001 From: Itamar Ostricher Date: Tue, 7 Mar 2017 12:09:12 +0200 Subject: [PATCH 22/47] Fix glbc usage string 1. Typo in `glbc` binary name 2. Typo in `running-in-cluster` flag 3. Remove non-existing flag `--default-backend-node-port` --- controllers/gce/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/gce/main.go b/controllers/gce/main.go index d71752ce5..f72b3d4b0 100644 --- a/controllers/gce/main.go +++ b/controllers/gce/main.go @@ -70,7 +70,7 @@ const ( var ( flags = flag.NewFlagSet( - `gclb: gclb --runngin-in-cluster=false --default-backend-node-port=123`, + `glbc: glbc --running-in-cluster=false`, flag.ExitOnError) clusterName = flags.String("cluster-uid", controller.DefaultClusterUID, From 91904de4a1ae8076769daa918bd5b22e2c782515 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Tue, 7 Mar 2017 11:41:05 -0300 Subject: [PATCH 23/47] Fix RateLimit comment --- core/pkg/ingress/annotations/ratelimit/main.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/core/pkg/ingress/annotations/ratelimit/main.go b/core/pkg/ingress/annotations/ratelimit/main.go index f3ca328b7..31850a90b 100644 --- a/core/pkg/ingress/annotations/ratelimit/main.go +++ b/core/pkg/ingress/annotations/ratelimit/main.go @@ -36,10 +36,10 @@ const ( defSharedSize = 5 ) -// RateLimit returns rate limit configuration for an Ingress rule -// Is possible to limit the number of connections per IP address or -// connections per second. -// Note: Is possible to specify both limits +// RateLimit returns rate limit configuration for an Ingress rule limiting the +// number of connections per IP address and/or connections per second. +// If you both annotations are specified in a single Ingress rule, RPS limits +// takes precedence type RateLimit struct { // Connections indicates a limit with the number of connections per IP address Connections Zone `json:"connections"` From dfdcdfde0ba0b4b26677c1748edb155411b0d7c8 Mon Sep 17 00:00:00 2001 From: Victor Unegbu Date: Tue, 7 Mar 2017 08:23:19 -0600 Subject: [PATCH 24/47] remove tmp nginx-diff files --- controllers/nginx/pkg/cmd/controller/nginx.go | 1 + 1 file changed, 1 insertion(+) diff --git a/controllers/nginx/pkg/cmd/controller/nginx.go b/controllers/nginx/pkg/cmd/controller/nginx.go index 9d12f3b08..3f0275652 100644 --- a/controllers/nginx/pkg/cmd/controller/nginx.go +++ b/controllers/nginx/pkg/cmd/controller/nginx.go @@ -223,6 +223,7 @@ func (n NGINXController) isReloadRequired(data []byte) bool { glog.Infof("NGINX configuration diff\n") glog.Infof("%v", string(diffOutput)) } + os.Remove(tmpfile.Name()) return len(diffOutput) > 0 } return false From 484bd4311121cb42112d87b6ec9bfe3bc084d5e5 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Tue, 7 Mar 2017 14:42:59 -0300 Subject: [PATCH 25/47] Fix http2 header size --- controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index e0a119408..295117e70 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -60,6 +60,7 @@ http { client_header_buffer_size {{ $cfg.ClientHeaderBufferSize }}; large_client_header_buffers {{ $cfg.LargeClientHeaderBuffers }}; + http2_max_field_size {{ $cfg.ClientHeaderBufferSize }}; types_hash_max_size 2048; server_names_hash_max_size {{ $cfg.ServerNameHashMaxSize }}; From 6e6aae6c29159c0c616f49029de8ced2ab7dbddf Mon Sep 17 00:00:00 2001 From: craigmonson Date: Tue, 7 Mar 2017 15:09:50 -0500 Subject: [PATCH 26/47] Update README.md fix broken link to config maps --- controllers/nginx/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/nginx/README.md b/controllers/nginx/README.md index 1d46a1fd6..7b4d228fe 100644 --- a/controllers/nginx/README.md +++ b/controllers/nginx/README.md @@ -1,6 +1,6 @@ # Nginx Ingress Controller -This is an nginx Ingress controller that uses [ConfigMap](https://github.com/kubernetes/kubernetes/blob/master/docs/design/configmap.md) to store the nginx configuration. See [Ingress controller documentation](../README.md) for details on how it works. +This is an nginx Ingress controller that uses [ConfigMap](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/configmap.md) to store the nginx configuration. See [Ingress controller documentation](../README.md) for details on how it works. ## Contents * [Conventions](#conventions) From e1d144537019aaa549e15d286a78416f78424f8e Mon Sep 17 00:00:00 2001 From: Tony Li Date: Tue, 7 Mar 2017 16:42:41 -0500 Subject: [PATCH 27/47] GCE/GKE "pre-shared" TLS cert (#291) * add allow-named-tls annotation * works for setting tls * fix logs (mostly) * add ssl cert annotation * return an error when cert not found * use annotation if specified, otherwise use spec * add TODO on naming * use the annotation key from k8s * add unit test for HTTPS LB w/ cert annotation * refactor logic and check for error * move annotation to controller package * remove todo for function naming --- controllers/gce/controller/controller.go | 17 +++++++-- controllers/gce/controller/utils.go | 17 +++++++++ .../gce/loadbalancers/loadbalancers.go | 37 +++++++++++++++++-- .../gce/loadbalancers/loadbalancers_test.go | 34 +++++++++++++++++ 4 files changed, 97 insertions(+), 8 deletions(-) diff --git a/controllers/gce/controller/controller.go b/controllers/gce/controller/controller.go index cb125fbc0..69f6a2533 100644 --- a/controllers/gce/controller/controller.go +++ b/controllers/gce/controller/controller.go @@ -427,14 +427,23 @@ func (lbc *LoadBalancerController) ListRuntimeInfo() (lbs []*loadbalancers.L7Run glog.Warningf("Cannot get key for Ingress %v/%v: %v", ing.Namespace, ing.Name, err) continue } - tls, err := lbc.tlsLoader.load(&ing) - if err != nil { - glog.Warningf("Cannot get certs for Ingress %v/%v: %v", ing.Namespace, ing.Name, err) - } + + var tls *loadbalancers.TLSCerts + annotations := ingAnnotations(ing.ObjectMeta.Annotations) + // Load the TLS cert from the API Spec if it is not specified in the annotation. + // TODO: enforce this with validation. + if annotations.useNamedTLS() == "" { + tls, err = lbc.tlsLoader.load(&ing) + if err != nil { + glog.Warningf("Cannot get certs for Ingress %v/%v: %v", ing.Namespace, ing.Name, err) + } + } + lbs = append(lbs, &loadbalancers.L7RuntimeInfo{ Name: k, TLS: tls, + TLSName: annotations.useNamedTLS(), AllowHTTP: annotations.allowHTTP(), StaticIPName: annotations.staticIPName(), }) diff --git a/controllers/gce/controller/utils.go b/controllers/gce/controller/utils.go index 617ce5fad..b57020cc3 100644 --- a/controllers/gce/controller/utils.go +++ b/controllers/gce/controller/utils.go @@ -52,6 +52,13 @@ const ( // responsibility to create/delete it. staticIPNameKey = "kubernetes.io/ingress.global-static-ip-name" + // preSharedCertKey represents the specific pre-shared SSL + // certicate for the Ingress controller to use. The controller *does not* + // manage this certificate, it is the users responsibility to create/delete it. + // In GCP, the Ingress controller assigns the SSL certificate with this name + // to the target proxies of the Ingress. + preSharedCertKey = "ingress.gcp.kubernetes.io/pre-shared-cert" + // ingressClassKey picks a specific "class" for the Ingress. The controller // only processes Ingresses with this annotation either unset, or set // to either gceIngessClass or the empty string. @@ -79,6 +86,16 @@ func (ing ingAnnotations) allowHTTP() bool { return v } +// useNamedTLS returns the name of the GCE SSL certificate. Empty by default. +func (ing ingAnnotations) useNamedTLS() string { + val, ok := ing[preSharedCertKey] + if !ok { + return "" + } + + return val +} + func (ing ingAnnotations) staticIPName() string { val, ok := ing[staticIPNameKey] if !ok { diff --git a/controllers/gce/loadbalancers/loadbalancers.go b/controllers/gce/loadbalancers/loadbalancers.go index 8e4ba99e4..3d3b2d529 100644 --- a/controllers/gce/loadbalancers/loadbalancers.go +++ b/controllers/gce/loadbalancers/loadbalancers.go @@ -246,6 +246,8 @@ type L7RuntimeInfo struct { IP string // TLS are the tls certs to use in termination. TLS *TLSCerts + // TLSName is the name of/for the tls cert to use. + TLSName string // AllowHTTP will not setup :80, if TLS is nil and AllowHTTP is set, // no loadbalancer is created. AllowHTTP bool @@ -350,6 +352,29 @@ func (l *L7) deleteOldSSLCert() (err error) { } func (l *L7) checkSSLCert() (err error) { + certName := l.runtimeInfo.TLSName + + // Use the named GCE cert when it is specified by the annotation. + if certName != "" { + // Use the targetHTTPSProxy's cert name if it already has one set. + if l.sslCert != nil { + certName = l.sslCert.Name + } + + // Ask GCE for the cert, checking for problems and existence. + cert, err := l.cloud.GetSslCertificate(certName) + if err != nil { + return err + } + if cert == nil { + return fmt.Errorf("Cannot find existing sslCertificate %v for %v", certName, l.Name) + } + + glog.Infof("Using existing sslCertificate %v for %v", certName, l.Name) + l.sslCert = cert + return nil + } + // TODO: Currently, GCE only supports a single certificate per static IP // so we don't need to bother with disambiguation. Naming the cert after // the loadbalancer is a simplification. @@ -363,7 +388,7 @@ func (l *L7) checkSSLCert() (err error) { // TODO: Clean this code up into a ring buffer. primaryCertName := l.namer.Truncate(fmt.Sprintf("%v-%v", sslCertPrefix, l.Name)) secondaryCertName := l.namer.Truncate(fmt.Sprintf("%v-%d-%v", sslCertPrefix, 1, l.Name)) - certName := primaryCertName + certName = primaryCertName if l.sslCert != nil { certName = l.sslCert.Name } @@ -581,12 +606,12 @@ func (l *L7) edgeHop() error { } } // Defer promoting an emphemral to a static IP till it's really needed. - if l.runtimeInfo.AllowHTTP && l.runtimeInfo.TLS != nil { + if l.runtimeInfo.AllowHTTP && (l.runtimeInfo.TLS != nil || l.runtimeInfo.TLSName != "") { if err := l.checkStaticIP(); err != nil { return err } } - if l.runtimeInfo.TLS != nil { + if l.runtimeInfo.TLS != nil || l.runtimeInfo.TLSName != "" { glog.V(3).Infof("validating https for %v", l.Name) if err := l.edgeHopHttps(); err != nil { return err @@ -846,7 +871,8 @@ func (l *L7) Cleanup() error { } l.tps = nil } - if l.sslCert != nil { + // Delete the SSL cert if it is not a pre-created GCE cert. + if l.sslCert != nil && l.sslCert.Name != l.runtimeInfo.TLSName { glog.Infof("Deleting sslcert %v", l.sslCert.Name) if err := l.cloud.DeleteSslCertificate(l.sslCert.Name); err != nil { if !utils.IsHTTPErrorCode(err, http.StatusNotFound) { @@ -936,6 +962,9 @@ func GetLBAnnotations(l7 *L7, existing map[string]string, backendPool backends.B if l7.ip != nil { existing[fmt.Sprintf("%v/static-ip", utils.K8sAnnotationPrefix)] = l7.ip.Name } + if l7.sslCert != nil { + existing[fmt.Sprintf("%v/ssl-cert", utils.K8sAnnotationPrefix)] = l7.sslCert.Name + } // TODO: We really want to know *when* a backend flipped states. existing[fmt.Sprintf("%v/backends", utils.K8sAnnotationPrefix)] = jsonBackendState return existing diff --git a/controllers/gce/loadbalancers/loadbalancers_test.go b/controllers/gce/loadbalancers/loadbalancers_test.go index 581f7010a..6ed940f14 100644 --- a/controllers/gce/loadbalancers/loadbalancers_test.go +++ b/controllers/gce/loadbalancers/loadbalancers_test.go @@ -103,6 +103,40 @@ func TestCreateHTTPSLoadBalancer(t *testing.T) { } } +func TestCreateHTTPSLoadBalancerAnnotationCert(t *testing.T) { + // This should NOT create the forwarding rule and target proxy + // associated with the HTTP branch of this loadbalancer. + tlsName := "external-cert-name" + lbInfo := &L7RuntimeInfo{ + Name: "test", + AllowHTTP: false, + TLSName: tlsName, + } + f := NewFakeLoadBalancers(lbInfo.Name) + f.CreateSslCertificate(&compute.SslCertificate{ + Name: tlsName, + }) + pool := newFakeLoadBalancerPool(f, t) + pool.Sync([]*L7RuntimeInfo{lbInfo}) + l7, err := pool.Get(lbInfo.Name) + if err != nil || l7 == nil { + t.Fatalf("Expected l7 not created") + } + um, err := f.GetUrlMap(f.umName()) + if err != nil || + um.DefaultService != pool.(*L7s).glbcDefaultBackend.SelfLink { + t.Fatalf("%v", err) + } + tps, err := f.GetTargetHttpsProxy(f.tpName(true)) + if err != nil || tps.UrlMap != um.SelfLink { + t.Fatalf("%v", err) + } + fws, err := f.GetGlobalForwardingRule(f.fwName(true)) + if err != nil || fws.Target != tps.SelfLink { + t.Fatalf("%v", err) + } +} + func TestCreateBothLoadBalancers(t *testing.T) { // This should create 2 forwarding rules and target proxies // but they should use the same urlmap, and have the same From 1023056c3b709a5a643010fa8b02a8057b0fbab3 Mon Sep 17 00:00:00 2001 From: "Tim St. Clair" Date: Mon, 6 Mar 2017 14:41:47 -0800 Subject: [PATCH 28/47] Rebase GLBC on busybox --- controllers/gce/Dockerfile | 20 +++---------------- controllers/gce/Makefile | 2 +- controllers/gce/README.md | 4 ++-- controllers/gce/main.go | 2 +- controllers/gce/rc.yaml | 2 +- docs/dev/setup.md | 2 +- examples/deployment/gce/README.md | 2 +- .../gce/gce-ingress-controller.yaml | 2 +- 8 files changed, 11 insertions(+), 25 deletions(-) diff --git a/controllers/gce/Dockerfile b/controllers/gce/Dockerfile index 285b3491b..6ba8be13a 100644 --- a/controllers/gce/Dockerfile +++ b/controllers/gce/Dockerfile @@ -12,23 +12,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -# TODO: use radial/busyboxplus:curl or alping instead -FROM ubuntu:14.04 -MAINTAINER Prashanth B +FROM alpine:3.5 -# so apt-get doesn't complain -ENV DEBIAN_FRONTEND=noninteractive -RUN sed -i 's/^exit 101/exit 0/' /usr/sbin/policy-rc.d +RUN apk add --no-cache ca-certificates -# TODO: Move to using haproxy:1.5 image instead. Honestly, -# that image isn't much smaller and the convenience of having -# an ubuntu container for dev purposes trumps the tiny amounts -# of disk and bandwidth we'd save in doing so. -RUN \ - apt-get update && \ - apt-get install -y ca-certificates && \ - apt-get install -y curl && \ - rm -rf /var/lib/apt/lists/* - -ADD glbc glbc +COPY glbc glbc ENTRYPOINT ["/glbc"] diff --git a/controllers/gce/Makefile b/controllers/gce/Makefile index d908af0cf..927d95fcd 100644 --- a/controllers/gce/Makefile +++ b/controllers/gce/Makefile @@ -1,7 +1,7 @@ all: push # 0.0 shouldn't clobber any released builds -TAG = 0.9.1 +TAG = 0.9.2 PREFIX = gcr.io/google_containers/glbc server: diff --git a/controllers/gce/README.md b/controllers/gce/README.md index 84d1706f0..c68949150 100644 --- a/controllers/gce/README.md +++ b/controllers/gce/README.md @@ -327,7 +327,7 @@ So simply delete the replication controller: $ kubectl get rc glbc CONTROLLER CONTAINER(S) IMAGE(S) SELECTOR REPLICAS AGE glbc default-http-backend gcr.io/google_containers/defaultbackend:1.0 k8s-app=glbc,version=v0.5 1 2m - l7-lb-controller gcr.io/google_containers/glbc:0.9.1 + l7-lb-controller gcr.io/google_containers/glbc:0.9.2 $ kubectl delete rc glbc replicationcontroller "glbc" deleted @@ -340,7 +340,7 @@ glbc-6m6b6 1/1 Terminating 0 13m __The prod way__: If you didn't start the controller with `--delete-all-on-quit`, you can execute a GET on the `/delete-all-and-quit` endpoint. This endpoint is deliberately not exported. ``` -$ kubectl exec -it glbc-6m6b6 -- curl http://localhost:8081/delete-all-and-quit +$ kubectl exec -it glbc-6m6b6 -- wget -q -O- http://localhost:8081/delete-all-and-quit ..Hangs till quit is done.. $ kubectl logs glbc-6m6b6 --follow diff --git a/controllers/gce/main.go b/controllers/gce/main.go index d71752ce5..29321c38a 100644 --- a/controllers/gce/main.go +++ b/controllers/gce/main.go @@ -62,7 +62,7 @@ const ( alphaNumericChar = "0" // Current docker image version. Only used in debug logging. - imageVersion = "glbc:0.9.1" + imageVersion = "glbc:0.9.2" // Key used to persist UIDs to configmaps. uidConfigMapName = "ingress-uid" diff --git a/controllers/gce/rc.yaml b/controllers/gce/rc.yaml index 753733808..ec946831b 100644 --- a/controllers/gce/rc.yaml +++ b/controllers/gce/rc.yaml @@ -61,7 +61,7 @@ spec: requests: cpu: 10m memory: 20Mi - - image: gcr.io/google_containers/glbc:0.9.1 + - image: gcr.io/google_containers/glbc:0.9.2 livenessProbe: httpGet: path: /healthz diff --git a/docs/dev/setup.md b/docs/dev/setup.md index f61695293..76e0397eb 100644 --- a/docs/dev/setup.md +++ b/docs/dev/setup.md @@ -105,7 +105,7 @@ $ glbc --help pod secrets for creating a Kubernetes client. (default true) $ ./glbc --running-in-cluster=false -I1210 17:49:53.202149 27767 main.go:179] Starting GLBC image: glbc:0.8.0, cluster name +I1210 17:49:53.202149 27767 main.go:179] Starting GLBC image: glbc:0.9.2, cluster name ``` Note that this is equivalent to running the ingress controller on your local diff --git a/examples/deployment/gce/README.md b/examples/deployment/gce/README.md index be711de6e..1c8ef12db 100644 --- a/examples/deployment/gce/README.md +++ b/examples/deployment/gce/README.md @@ -43,7 +43,7 @@ $ kubectl create -f gce-tls-ingress.yaml ingress "test" created $ kubectl logs l7-lb-controller-1s22c -c l7-lb-controller -I0201 01:03:17.387548 1 main.go:179] Starting GLBC image: glbc:0.9.0, cluster name +I0201 01:03:17.387548 1 main.go:179] Starting GLBC image: glbc:0.9.2, cluster name I0201 01:03:18.459740 1 main.go:291] Using saved cluster uid "32658fa96c080068" I0201 01:03:18.459771 1 utils.go:122] Changing cluster name from to 32658fa96c080068 I0201 01:03:18.461652 1 gce.go:331] Using existing Token Source &oauth2.reuseTokenSource{new:google.computeSource{account:""}, mu:sync.Mutex{state:0, sema:0x0}, t:(*oauth2.Token)(nil)} diff --git a/examples/deployment/gce/gce-ingress-controller.yaml b/examples/deployment/gce/gce-ingress-controller.yaml index a0a53cd3c..8bbee4bba 100644 --- a/examples/deployment/gce/gce-ingress-controller.yaml +++ b/examples/deployment/gce/gce-ingress-controller.yaml @@ -61,7 +61,7 @@ spec: requests: cpu: 10m memory: 20Mi - - image: gcr.io/google_containers/glbc:0.9.0-beta.1 + - image: gcr.io/google_containers/glbc:0.9.2 livenessProbe: httpGet: path: /healthz From 7f73916715842041f6e78c7e755cc73275c36234 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Tue, 7 Mar 2017 19:45:54 -0300 Subject: [PATCH 29/47] External auth method is optional --- core/pkg/ingress/annotations/authreq/main.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/core/pkg/ingress/annotations/authreq/main.go b/core/pkg/ingress/annotations/authreq/main.go index 31c208507..560a73868 100644 --- a/core/pkg/ingress/annotations/authreq/main.go +++ b/core/pkg/ingress/annotations/authreq/main.go @@ -92,11 +92,7 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) { return nil, ing_errors.NewLocationDenied("invalid url host") } - m, err := parser.GetStringAnnotation(authMethod, ing) - if err != nil { - return nil, err - } - + m, _ := parser.GetStringAnnotation(authMethod, ing) if len(m) != 0 && !validMethod(m) { return nil, ing_errors.NewLocationDenied("invalid HTTP method") } From bebd596b3fef42bef3b950970aa49ee6b4ede0fb Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Tue, 7 Mar 2017 19:50:24 -0300 Subject: [PATCH 30/47] Listen customization must be done just in one place --- controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 295117e70..2c97eb18b 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -208,10 +208,10 @@ http { {{ range $index, $server := .Servers }} server { server_name {{ $server.Hostname }}; - listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $index 0 }} ipv6only=off{{end}}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}}; + listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server ipv6only=off reuseport backlog={{ $backlogSize }}{{end}}; {{/* Listen on 442 because port 443 is used in the stream section */}} {{/* This listen on port 442 cannot contains proxy_protocol directive because port 443 is in charge of decoding the protocol */}} - {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}[::]:443 {{ if $cfg.UseProxyProtocol }} proxy_protocol {{ end }}{{ end }} {{ if eq $index 0 }} ipv6only=off{{end}} {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }}; + {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}[::]:443 {{ if $cfg.UseProxyProtocol }} proxy_protocol {{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server ipv6only=off reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }}; {{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}} # PEM sha: {{ $server.SSLPemChecksum }} ssl_certificate {{ $server.SSLCertificate }}; From 7000924dc5debb74e029db956127498a4710afa3 Mon Sep 17 00:00:00 2001 From: Tony Li Date: Tue, 7 Mar 2017 18:05:21 -0500 Subject: [PATCH 31/47] GCE pre-shared cert fixes (#395) * pick up changes to the external cert referenced by lb * less prone way to check if cert should be deleted --- controllers/gce/loadbalancers/loadbalancers.go | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/controllers/gce/loadbalancers/loadbalancers.go b/controllers/gce/loadbalancers/loadbalancers.go index 3d3b2d529..d867ae658 100644 --- a/controllers/gce/loadbalancers/loadbalancers.go +++ b/controllers/gce/loadbalancers/loadbalancers.go @@ -356,11 +356,6 @@ func (l *L7) checkSSLCert() (err error) { // Use the named GCE cert when it is specified by the annotation. if certName != "" { - // Use the targetHTTPSProxy's cert name if it already has one set. - if l.sslCert != nil { - certName = l.sslCert.Name - } - // Ask GCE for the cert, checking for problems and existence. cert, err := l.cloud.GetSslCertificate(certName) if err != nil { @@ -871,8 +866,8 @@ func (l *L7) Cleanup() error { } l.tps = nil } - // Delete the SSL cert if it is not a pre-created GCE cert. - if l.sslCert != nil && l.sslCert.Name != l.runtimeInfo.TLSName { + // Delete the SSL cert if it is from a secret, not referencing a pre-created GCE cert. + if l.sslCert != nil && l.runtimeInfo.TLSName == "" { glog.Infof("Deleting sslcert %v", l.sslCert.Name) if err := l.cloud.DeleteSslCertificate(l.sslCert.Name); err != nil { if !utils.IsHTTPErrorCode(err, http.StatusNotFound) { From 9ed7bc6ad1aaba708eaa3b9b0c99f0c15e9a93d8 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Tue, 7 Mar 2017 20:07:43 -0300 Subject: [PATCH 32/47] Remove special check in sort server by name --- core/pkg/ingress/sort_ingress.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/core/pkg/ingress/sort_ingress.go b/core/pkg/ingress/sort_ingress.go index 621b95232..cc5f2d76d 100644 --- a/core/pkg/ingress/sort_ingress.go +++ b/core/pkg/ingress/sort_ingress.go @@ -54,10 +54,6 @@ type ServerByName []*Server func (c ServerByName) Len() int { return len(c) } func (c ServerByName) Swap(i, j int) { c[i], c[j] = c[j], c[i] } func (c ServerByName) Less(i, j int) bool { - // special case for catch all server - if c[j].Hostname == "_" { - return false - } return c[i].Hostname < c[j].Hostname } From 63b5f2f1c5cf793f5de8884efda0936dc93d6a7a Mon Sep 17 00:00:00 2001 From: Giancarlo Rubio Date: Fri, 3 Mar 2017 21:58:33 +0100 Subject: [PATCH 33/47] add configuration to disable listening on ipv6 --- controllers/nginx/configuration.md | 3 +++ controllers/nginx/pkg/config/config.go | 4 ++++ .../nginx/rootfs/etc/nginx/template/nginx.tmpl | 12 ++++++------ 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/controllers/nginx/configuration.md b/controllers/nginx/configuration.md index e7d4c98f6..ce235ecf9 100644 --- a/controllers/nginx/configuration.md +++ b/controllers/nginx/configuration.md @@ -242,6 +242,9 @@ Example usage: `custom-http-errors: 404,415` **disable-access-log:** Disables the Access Log from the entire Ingress Controller. This is 'false' by default. +**disable-ipv6:** Disable listening on IPV6. This is 'false' by default. + + **enable-dynamic-tls-records:** Enables dynamically sized TLS records to improve time-to-first-byte. Enabled by default. See [CloudFlare's blog](https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency) for more information. diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go index c4a4d8edb..558e94e8f 100644 --- a/controllers/nginx/pkg/config/config.go +++ b/controllers/nginx/pkg/config/config.go @@ -97,6 +97,9 @@ type Configuration struct { //http://nginx.org/en/docs/http/ngx_http_log_module.html DisableAccessLog bool `json:"disable-access-log,omitempty"` + // DisableIpv6 disable listening on ipv6 address + DisableIpv6 bool `json:"disable-ipv6,omitempty"` + // EnableStickySessions enabled sticky sessions using cookies // https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng // By default this is disabled @@ -249,6 +252,7 @@ func NewDefault() Configuration { cfg := Configuration{ ClientHeaderBufferSize: "1k", DisableAccessLog: false, + DisableIpv6: false, EnableDynamicTLSRecords: true, ErrorLogLevel: errorLevel, HSTS: true, diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 2c97eb18b..3ada5ba40 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -208,10 +208,10 @@ http { {{ range $index, $server := .Servers }} server { server_name {{ $server.Hostname }}; - listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server ipv6only=off reuseport backlog={{ $backlogSize }}{{end}}; + listen {{ if not $cfg.DisableIpv6 }}[::]:{{ end }}80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server {{ if not $cfg.DisableIpv6 }}ipv6only=off{{end}} reuseport backlog={{ $backlogSize }}{{end}}; {{/* Listen on 442 because port 443 is used in the stream section */}} {{/* This listen on port 442 cannot contains proxy_protocol directive because port 443 is in charge of decoding the protocol */}} - {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}[::]:443 {{ if $cfg.UseProxyProtocol }} proxy_protocol {{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server ipv6only=off reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }}; + {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}{{ if not $cfg.DisableIpv6 }}[::]:{{ end }}443 {{ if $cfg.UseProxyProtocol }} proxy_protocol {{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server {{ if not $cfg.DisableIpv6 }}ipv6only=off{{end}} reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }}; {{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}} # PEM sha: {{ $server.SSLPemChecksum }} ssl_certificate {{ $server.SSLCertificate }}; @@ -366,7 +366,7 @@ http { # with an external software (like sysdig) location /nginx_status { allow 127.0.0.1; - allow ::1; + {{ if not $cfg.DisableIpv6 }}allow ::1;{{ end }} deny all; access_log off; @@ -384,7 +384,7 @@ http { # Use the port 18080 (random value just to avoid known ports) as default port for nginx. # Changing this value requires a change in: # https://github.com/kubernetes/contrib/blob/master/ingress/controllers/nginx/nginx/command.go#L104 - listen [::]:18080 ipv6only=off default_server reuseport backlog={{ .BacklogSize }}; + listen {{ if not $cfg.DisableIpv6 }}[::]:{{ end }}18080 {{ if not $cfg.DisableIpv6 }}ipv6only=off{{end}} default_server reuseport backlog={{ .BacklogSize }}; location {{ $healthzURI }} { access_log off; @@ -406,7 +406,7 @@ http { # TODO: enable extraction for vts module. location /internal_nginx_status { allow 127.0.0.1; - allow ::1; + {{ if not $cfg.DisableIpv6 }}allow ::1;{{ end }} deny all; access_log off; @@ -466,7 +466,7 @@ stream { {{ buildSSLPassthroughUpstreams $backends .PassthroughBackends }} server { - listen [::]:443 ipv6only=off{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}; + listen {{ if not $cfg.DisableIpv6 }}[::]:{{ end }}443 {{ if not $cfg.DisableIpv6 }}ipv6only=off{{ end }}{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}; proxy_pass $stream_upstream; ssl_preread on; } From e1c1dfadc724cef6d1a9804ea4b381035c4247ce Mon Sep 17 00:00:00 2001 From: Gorka Lerchundi Osa Date: Wed, 8 Mar 2017 14:41:55 +0100 Subject: [PATCH 34/47] allow specifying custom dh param fixes #162 --- controllers/nginx/configuration.md | 2 +- controllers/nginx/pkg/cmd/controller/nginx.go | 28 +++++++ controllers/nginx/pkg/config/config.go | 2 +- core/pkg/net/ssl/ssl.go | 59 ++++++++++---- .../ssl-dh-param/nginx/README.md | 79 +++++++++++++++++++ .../ssl-dh-param/nginx/default-backend.yaml | 51 ++++++++++++ .../nginx/nginx-ingress-controller.yaml | 53 +++++++++++++ .../nginx/nginx-load-balancer-conf.yaml | 7 ++ .../ssl-dh-param/nginx/ssl-dh-param.yaml | 8 ++ 9 files changed, 271 insertions(+), 18 deletions(-) create mode 100644 examples/customization/ssl-dh-param/nginx/README.md create mode 100644 examples/customization/ssl-dh-param/nginx/default-backend.yaml create mode 100644 examples/customization/ssl-dh-param/nginx/nginx-ingress-controller.yaml create mode 100644 examples/customization/ssl-dh-param/nginx/nginx-load-balancer-conf.yaml create mode 100644 examples/customization/ssl-dh-param/nginx/ssl-dh-param.yaml diff --git a/controllers/nginx/configuration.md b/controllers/nginx/configuration.md index ce235ecf9..33f6abc1b 100644 --- a/controllers/nginx/configuration.md +++ b/controllers/nginx/configuration.md @@ -336,7 +336,7 @@ The recommendation above prioritizes algorithms that provide perfect [forward se Please check the [Mozilla SSL Configuration Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/). -**ssl-dh-param:** sets the Base64 string that contains Diffie-Hellman key to help with "Perfect Forward Secrecy". +**ssl-dh-param:** Sets the name of the secret that contains Diffie-Hellman key to help with "Perfect Forward Secrecy". https://www.openssl.org/docs/manmaster/apps/dhparam.html https://wiki.mozilla.org/Security/Server_Side_TLS#DHE_handshake_and_dhparam http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam diff --git a/controllers/nginx/pkg/cmd/controller/nginx.go b/controllers/nginx/pkg/cmd/controller/nginx.go index 3f0275652..f8e92bac0 100644 --- a/controllers/nginx/pkg/cmd/controller/nginx.go +++ b/controllers/nginx/pkg/cmd/controller/nginx.go @@ -25,6 +25,7 @@ import ( "net/http" "os" "os/exec" + "strings" "syscall" "time" @@ -38,6 +39,7 @@ import ( "k8s.io/ingress/controllers/nginx/pkg/version" "k8s.io/ingress/core/pkg/ingress" "k8s.io/ingress/core/pkg/ingress/defaults" + "k8s.io/ingress/core/pkg/net/ssl" ) const ( @@ -346,6 +348,32 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) ([]byte, er } } + sslDHParam := "" + if cfg.SSLDHParam != "" { + secretName := cfg.SSLDHParam + s, exists, err := n.storeLister.Secret.GetByKey(secretName) + if err != nil { + glog.Warningf("unexpected error reading secret %v: %v", secretName, err) + } + + if exists { + secret := s.(*api.Secret) + nsSecName := strings.Replace(secretName, "/", "-", -1) + + dh, ok := secret.Data["dhparam.pem"] + if ok { + pemFileName, err := ssl.AddOrUpdateDHParam(nsSecName, dh) + if err != nil { + glog.Warningf("unexpected error adding or updating dhparam %v file: %v", nsSecName, err) + } else { + sslDHParam = pemFileName + } + } + } + } + + cfg.SSLDHParam = sslDHParam + content, err := n.t.Write(config.TemplateConfig{ ProxySetHeaders: setHeaders, MaxOpenFiles: maxOpenFiles, diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go index 558e94e8f..9f3ebef69 100644 --- a/controllers/nginx/pkg/config/config.go +++ b/controllers/nginx/pkg/config/config.go @@ -191,7 +191,7 @@ type Configuration struct { // http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers SSLCiphers string `json:"ssl-ciphers,omitempty"` - // Base64 string that contains Diffie-Hellman key to help with "Perfect Forward Secrecy" + // The secret that contains Diffie-Hellman key to help with "Perfect Forward Secrecy" // https://www.openssl.org/docs/manmaster/apps/dhparam.html // https://wiki.mozilla.org/Security/Server_Side_TLS#DHE_handshake_and_dhparam // http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam diff --git a/core/pkg/net/ssl/ssl.go b/core/pkg/net/ssl/ssl.go index 93811ecf3..2088c2a61 100644 --- a/core/pkg/net/ssl/ssl.go +++ b/core/pkg/net/ssl/ssl.go @@ -175,25 +175,52 @@ func AddCertAuth(name string, ca []byte) (*ingress.SSLCert, error) { }, nil } -// SearchDHParamFile iterates all the secrets mounted inside the /etc/nginx-ssl directory -// in order to find a file with the name dhparam.pem. If such file exists it will -// returns the path. If not it just returns an empty string -func SearchDHParamFile(baseDir string) string { - files, _ := ioutil.ReadDir(baseDir) - for _, file := range files { - if !file.IsDir() { - continue - } +// AddOrUpdateDHParam creates a dh parameters file with the specified name +func AddOrUpdateDHParam(name string, dh []byte) (string, error) { + pemName := fmt.Sprintf("%v.pem", name) + pemFileName := fmt.Sprintf("%v/%v", ingress.DefaultSSLDirectory, pemName) - dhPath := fmt.Sprintf("%v/%v/dhparam.pem", baseDir, file.Name()) - if _, err := os.Stat(dhPath); err == nil { - glog.Infof("using file '%v' for parameter ssl_dhparam", dhPath) - return dhPath - } + tempPemFile, err := ioutil.TempFile(ingress.DefaultSSLDirectory, pemName) + + glog.V(3).Infof("Creating temp file %v for DH param: %v", tempPemFile.Name(), pemName) + if err != nil { + return "", fmt.Errorf("could not create temp pem file %v: %v", pemFileName, err) } - glog.Warning("no file dhparam.pem found in secrets") - return "" + _, err = tempPemFile.Write(dh) + if err != nil { + return "", fmt.Errorf("could not write to pem file %v: %v", tempPemFile.Name(), err) + } + + err = tempPemFile.Close() + if err != nil { + return "", fmt.Errorf("could not close temp pem file %v: %v", tempPemFile.Name(), err) + } + + pemCerts, err := ioutil.ReadFile(tempPemFile.Name()) + if err != nil { + _ = os.Remove(tempPemFile.Name()) + return "", err + } + + pemBlock, _ := pem.Decode(pemCerts) + if pemBlock == nil { + _ = os.Remove(tempPemFile.Name()) + return "", fmt.Errorf("No valid PEM formatted block found") + } + + // If the file does not start with 'BEGIN DH PARAMETERS' it's invalid and must not be used. + if pemBlock.Type != "DH PARAMETERS" { + _ = os.Remove(tempPemFile.Name()) + return "", fmt.Errorf("Certificate %v contains invalid data", name) + } + + err = os.Rename(tempPemFile.Name(), pemFileName) + if err != nil { + return "", fmt.Errorf("could not move temp pem file %v to destination %v: %v", tempPemFile.Name(), pemFileName, err) + } + + return pemFileName, nil } // PemSHA1 returns the SHA1 of a pem file. This is used to diff --git a/examples/customization/ssl-dh-param/nginx/README.md b/examples/customization/ssl-dh-param/nginx/README.md new file mode 100644 index 000000000..54f3287fa --- /dev/null +++ b/examples/customization/ssl-dh-param/nginx/README.md @@ -0,0 +1,79 @@ +# Deploying the Nginx Ingress controller + +This example aims to demonstrate the deployment of an nginx ingress controller and +use a ConfigMap to configure custom Diffie-Hellman parameters file to help with +"Perfect Forward Secrecy". + +## Default Backend + +The default backend is a Service capable of handling all url paths and hosts the +nginx controller doesn't understand. This most basic implementation just returns +a 404 page: + +```console +$ kubectl apply -f default-backend.yaml +deployment "default-http-backend" created +service "default-http-backend" created + +$ kubectl -n kube-system get po +NAME READY STATUS RESTARTS AGE +default-http-backend-2657704409-qgwdd 1/1 Running 0 28s +``` + +## Custom configuration + +```console +$ cat nginx-load-balancer-conf.yaml +apiVersion: v1 +data: + ssl-dh-param: "kube-system/lb-dhparam" +kind: ConfigMap +metadata: + name: nginx-load-balancer-conf +``` + +```console +$ kubectl create -f nginx-load-balancer-conf.yaml +``` + +## Custom DH parameters secret + +```console +$> openssl dhparam 1024 2> /dev/null | base64 +LS0tLS1CRUdJTiBESCBQQVJBTUVURVJ... +``` + +```console +$ cat ssl-dh-param.yaml +apiVersion: v1 +data: + dhparam.pem: "LS0tLS1CRUdJTiBESCBQQVJBTUVURVJ..." +kind: Secret +type: Opaque +metadata: + name: lb-dhparam + namespace: kube-system +``` + +```console +$ kubectl create -f ssl-dh-param.yaml +``` + +## Controller + +You can deploy the controller as follows: + +```console +$ kubectl apply -f nginx-ingress-controller.yaml +deployment "nginx-ingress-controller" created + +$ kubectl -n kube-system get po +NAME READY STATUS RESTARTS AGE +default-http-backend-2657704409-qgwdd 1/1 Running 0 2m +nginx-ingress-controller-873061567-4n3k2 1/1 Running 0 42s +``` + +## Test + +Check the contents of the configmap is present in the nginx.conf file using: +`kubectl exec nginx-ingress-controller-873061567-4n3k2 -n kube-system cat /etc/nginx/nginx.conf` diff --git a/examples/customization/ssl-dh-param/nginx/default-backend.yaml b/examples/customization/ssl-dh-param/nginx/default-backend.yaml new file mode 100644 index 000000000..3c40989a3 --- /dev/null +++ b/examples/customization/ssl-dh-param/nginx/default-backend.yaml @@ -0,0 +1,51 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: default-http-backend + labels: + k8s-app: default-http-backend + namespace: kube-system +spec: + replicas: 1 + template: + metadata: + labels: + k8s-app: default-http-backend + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: default-http-backend + # Any image is permissable as long as: + # 1. It serves a 404 page at / + # 2. It serves 200 on a /healthz endpoint + image: gcr.io/google_containers/defaultbackend:1.0 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + ports: + - containerPort: 8080 + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: default-http-backend + namespace: kube-system + labels: + k8s-app: default-http-backend +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + k8s-app: default-http-backend diff --git a/examples/customization/ssl-dh-param/nginx/nginx-ingress-controller.yaml b/examples/customization/ssl-dh-param/nginx/nginx-ingress-controller.yaml new file mode 100644 index 000000000..5786f03d9 --- /dev/null +++ b/examples/customization/ssl-dh-param/nginx/nginx-ingress-controller.yaml @@ -0,0 +1,53 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nginx-ingress-controller + labels: + k8s-app: nginx-ingress-controller + namespace: kube-system +spec: + replicas: 1 + template: + metadata: + labels: + k8s-app: nginx-ingress-controller + spec: + # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration + # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host + # that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used + # like with kubeadm + # hostNetwork: true + terminationGracePeriodSeconds: 60 + containers: + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3 + name: nginx-ingress-controller + readinessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + livenessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 1 + ports: + - containerPort: 80 + hostPort: 80 + - containerPort: 443 + hostPort: 443 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - /nginx-ingress-controller + - --default-backend-service=$(POD_NAMESPACE)/default-http-backend + - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-conf diff --git a/examples/customization/ssl-dh-param/nginx/nginx-load-balancer-conf.yaml b/examples/customization/ssl-dh-param/nginx/nginx-load-balancer-conf.yaml new file mode 100644 index 000000000..6e8858c67 --- /dev/null +++ b/examples/customization/ssl-dh-param/nginx/nginx-load-balancer-conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + ssl-dh-param: "kube-system/lb-dhparam" +kind: ConfigMap +metadata: + name: nginx-load-balancer-conf + namespace: kube-system diff --git a/examples/customization/ssl-dh-param/nginx/ssl-dh-param.yaml b/examples/customization/ssl-dh-param/nginx/ssl-dh-param.yaml new file mode 100644 index 000000000..14fdfb30e --- /dev/null +++ b/examples/customization/ssl-dh-param/nginx/ssl-dh-param.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + dhparam.pem: "...base64 encoded data..." +kind: Secret +type: Opaque +metadata: + name: lb-dhparam + namespace: kube-system From 62fcc400b8907a1799054fbb90588f0e24286eb0 Mon Sep 17 00:00:00 2001 From: Tony Li Date: Tue, 21 Feb 2017 18:19:29 -0500 Subject: [PATCH 35/47] add debug info and fix spelling --- controllers/gce/loadbalancers/loadbalancers.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/controllers/gce/loadbalancers/loadbalancers.go b/controllers/gce/loadbalancers/loadbalancers.go index d867ae658..9688a4cc0 100644 --- a/controllers/gce/loadbalancers/loadbalancers.go +++ b/controllers/gce/loadbalancers/loadbalancers.go @@ -600,8 +600,9 @@ func (l *L7) edgeHop() error { return err } } - // Defer promoting an emphemral to a static IP till it's really needed. + // Defer promoting an ephemeral to a static IP until it's really needed. if l.runtimeInfo.AllowHTTP && (l.runtimeInfo.TLS != nil || l.runtimeInfo.TLSName != "") { + glog.V(3).Infof("checking static ip for %v", l.Name) if err := l.checkStaticIP(); err != nil { return err } From a2edde35fc0cd0d59cceea4cafbe00d4f419c4ff Mon Sep 17 00:00:00 2001 From: Giancarlo Rubio Date: Wed, 8 Mar 2017 13:02:13 +0100 Subject: [PATCH 36/47] fix some broken links upgrade all nginx examples to latest version moved some examples from contrib to this repo --- controllers/nginx/configuration.md | 10 +- docs/troubleshooting.md | 2 +- .../client-certs/nginx/nginx-tls-auth.yaml | 2 +- examples/auth/external-auth/nginx/README.md | 148 ++++++++++++++++++ .../auth/external-auth/nginx/ingress.yaml | 15 ++ .../custom-errors/nginx/README.md | 82 ++++++++++ .../nginx/custom-default-backend.yaml | 31 ++++ .../custom-errors/nginx/rc-custom-errors.yaml | 51 ++++++ .../customization/custom-template/README.md | 8 + .../custom-template/custom-template.yaml | 62 ++++++++ .../custom-upstream-check/README.md | 45 ++++++ .../custom-upstream-check/custom-upstream.png | Bin 0 -> 60592 bytes examples/multi-tls/README.md | 94 +++++++++++ examples/multi-tls/multi-tls.yaml | 102 ++++++++++++ examples/rewrite/README.md | 66 ++++++++ 15 files changed, 711 insertions(+), 7 deletions(-) create mode 100644 examples/auth/external-auth/nginx/README.md create mode 100644 examples/auth/external-auth/nginx/ingress.yaml create mode 100644 examples/customization/custom-errors/nginx/README.md create mode 100644 examples/customization/custom-errors/nginx/custom-default-backend.yaml create mode 100644 examples/customization/custom-errors/nginx/rc-custom-errors.yaml create mode 100644 examples/customization/custom-template/README.md create mode 100644 examples/customization/custom-template/custom-template.yaml create mode 100644 examples/customization/custom-upstream-check/README.md create mode 100644 examples/customization/custom-upstream-check/custom-upstream.png create mode 100644 examples/multi-tls/README.md create mode 100644 examples/multi-tls/multi-tls.yaml create mode 100644 examples/rewrite/README.md diff --git a/controllers/nginx/configuration.md b/controllers/nginx/configuration.md index e7d4c98f6..bc07458e4 100644 --- a/controllers/nginx/configuration.md +++ b/controllers/nginx/configuration.md @@ -127,7 +127,7 @@ The secret must be created in the same namespace as the Ingress rule. ingress.kubernetes.io/auth-realm: "realm string" ``` -Please check the [auth](examples/auth/README.md) example. +Please check the [auth](/examples/auth/nginx/README.md) example. ### Certificate Authentication @@ -147,7 +147,7 @@ ingress.kubernetes.io/auth-tls-verify-depth The validation depth between the provided client certificate and the Certification Authority chain. -Please check the [tls-auth](examples/auth/client-certs/README.md) example. +Please check the [tls-auth](/examples/auth/client-certs/nginx/README.md) example. ### Enable CORS @@ -164,7 +164,7 @@ Additionally it is possible to set `ingress.kubernetes.io/auth-method` to specif ingress.kubernetes.io/auth-url: "URL to the authentication service" ``` -Please check the [external-auth](examples/external-auth/README.md) example. +Please check the [external-auth](/examples/auth/external-auth/nginx/README.md) example. ### Rewrite @@ -210,7 +210,7 @@ To configure this setting globally for all Ingress rules, the `whitelist-source- *Note:* Adding an annotation to an Ingress rule overrides any global restriction. -Please check the [whitelist](examples/affinity/cookie/nginx/README.md) example. +Please check the [whitelist](/examples/affinity/cookie/nginx/README.md) example. ### Session Affinity @@ -224,7 +224,7 @@ If you use the ``cookie`` type you can also specify the name of the cookie that In case of NGINX the annotation `ingress.kubernetes.io/session-cookie-hash` defines which algorithm will be used to 'hash' the used upstream. Default value is `md5` and possible values are `md5`, `sha1` and `index`. The `index` option is not hashed, an in-memory index is used instead, it's quicker and the overhead is shorter Warning: the matching against upstream servers list is inconsistent. So, at reload, if upstreams servers has changed, index values are not guaranted to correspond to the same server as before! USE IT WITH CAUTION and only if you need to! -In NGINX this feature is implemented by the third party module [nginx-sticky-module-ng](https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng). The workflow used to define which upstream server will be used is explained [here]https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/raw/08a395c66e425540982c00482f55034e1fee67b6/docs/sticky.pdf +In NGINX this feature is implemented by the third party module [nginx-sticky-module-ng](https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng). The workflow used to define which upstream server will be used is explained [here](https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/raw/08a395c66e425540982c00482f55034e1fee67b6/docs/sticky.pdf) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 6f474692d..ab12588bd 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -255,7 +255,7 @@ spec: spec: terminationGracePeriodSeconds: 60 containers: - - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0 + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 name: ingress-nginx imagePullPolicy: Always ports: diff --git a/examples/auth/client-certs/nginx/nginx-tls-auth.yaml b/examples/auth/client-certs/nginx/nginx-tls-auth.yaml index d4f18bd0c..23cac7b49 100644 --- a/examples/auth/client-certs/nginx/nginx-tls-auth.yaml +++ b/examples/auth/client-certs/nginx/nginx-tls-auth.yaml @@ -6,7 +6,7 @@ metadata: ingress.kubernetes.io/auth-tls-secret: "default/caingress" ingress.kubernetes.io/auth-tls-verify-depth: "3" kubernetes.io/ingress.class: "nginx" - name: nginx-test + name: nginx-test namespace: default spec: rules: diff --git a/examples/auth/external-auth/nginx/README.md b/examples/auth/external-auth/nginx/README.md new file mode 100644 index 000000000..db522c1d2 --- /dev/null +++ b/examples/auth/external-auth/nginx/README.md @@ -0,0 +1,148 @@ +# External authentication + +### Example 1: + +Use an external service (Basic Auth) located in `https://httpbin.org` + +``` +$ kubectl create -f ingress.yaml +ingress "external-auth" created +$ kubectl get ing external-auth +NAME HOSTS ADDRESS PORTS AGE +external-auth external-auth-01.sample.com 172.17.4.99 80 13s +$ kubectl get ing external-auth -o yaml +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + ingress.kubernetes.io/auth-url: https://httpbin.org/basic-auth/user/passwd + creationTimestamp: 2016-10-03T13:50:35Z + generation: 1 + name: external-auth + namespace: default + resourceVersion: "2068378" + selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/external-auth + uid: 5c388f1d-8970-11e6-9004-080027d2dc94 +spec: + rules: + - host: external-auth-01.sample.com + http: + paths: + - backend: + serviceName: echoheaders + servicePort: 80 + path: / +status: + loadBalancer: + ingress: + - ip: 172.17.4.99 +$ +``` + +Test 1: no username/password (expect code 401) +``` +$ curl -k http://172.17.4.99 -v -H 'Host: external-auth-01.sample.com' +* Rebuilt URL to: http://172.17.4.99/ +* Trying 172.17.4.99... +* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0) +> GET / HTTP/1.1 +> Host: external-auth-01.sample.com +> User-Agent: curl/7.50.1 +> Accept: */* +> +< HTTP/1.1 401 Unauthorized +< Server: nginx/1.11.3 +< Date: Mon, 03 Oct 2016 14:52:08 GMT +< Content-Type: text/html +< Content-Length: 195 +< Connection: keep-alive +< WWW-Authenticate: Basic realm="Fake Realm" +< + +401 Authorization Required + +

401 Authorization Required

+
nginx/1.11.3
+ + +* Connection #0 to host 172.17.4.99 left intact +``` + +Test 2: valid username/password (expect code 200) +``` +$ curl -k http://172.17.4.99 -v -H 'Host: external-auth-01.sample.com' -u 'user:passwd' +* Rebuilt URL to: http://172.17.4.99/ +* Trying 172.17.4.99... +* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0) +* Server auth using Basic with user 'user' +> GET / HTTP/1.1 +> Host: external-auth-01.sample.com +> Authorization: Basic dXNlcjpwYXNzd2Q= +> User-Agent: curl/7.50.1 +> Accept: */* +> +< HTTP/1.1 200 OK +< Server: nginx/1.11.3 +< Date: Mon, 03 Oct 2016 14:52:50 GMT +< Content-Type: text/plain +< Transfer-Encoding: chunked +< Connection: keep-alive +< +CLIENT VALUES: +client_address=10.2.60.2 +command=GET +real path=/ +query=nil +request_version=1.1 +request_uri=http://external-auth-01.sample.com:8080/ + +SERVER VALUES: +server_version=nginx: 1.9.11 - lua: 10001 + +HEADERS RECEIVED: +accept=*/* +authorization=Basic dXNlcjpwYXNzd2Q= +connection=close +host=external-auth-01.sample.com +user-agent=curl/7.50.1 +x-forwarded-for=10.2.60.1 +x-forwarded-host=external-auth-01.sample.com +x-forwarded-port=80 +x-forwarded-proto=http +x-real-ip=10.2.60.1 +BODY: +* Connection #0 to host 172.17.4.99 left intact +-no body in request- +``` + +Test 3: invalid username/password (expect code 401) +``` +curl -k http://172.17.4.99 -v -H 'Host: external-auth-01.sample.com' -u 'user:user' +* Rebuilt URL to: http://172.17.4.99/ +* Trying 172.17.4.99... +* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0) +* Server auth using Basic with user 'user' +> GET / HTTP/1.1 +> Host: external-auth-01.sample.com +> Authorization: Basic dXNlcjp1c2Vy +> User-Agent: curl/7.50.1 +> Accept: */* +> +< HTTP/1.1 401 Unauthorized +< Server: nginx/1.11.3 +< Date: Mon, 03 Oct 2016 14:53:04 GMT +< Content-Type: text/html +< Content-Length: 195 +< Connection: keep-alive +* Authentication problem. Ignoring this. +< WWW-Authenticate: Basic realm="Fake Realm" +< + +401 Authorization Required + +

401 Authorization Required

+
nginx/1.11.3
+ + +* Connection #0 to host 172.17.4.99 left intact +``` diff --git a/examples/auth/external-auth/nginx/ingress.yaml b/examples/auth/external-auth/nginx/ingress.yaml new file mode 100644 index 000000000..1cf779ce2 --- /dev/null +++ b/examples/auth/external-auth/nginx/ingress.yaml @@ -0,0 +1,15 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + ingress.kubernetes.io/auth-url: "https://httpbin.org/basic-auth/user/passwd" + name: external-auth +spec: + rules: + - host: external-auth-01.sample.com + http: + paths: + - backend: + serviceName: echoheaders + servicePort: 80 + path: / \ No newline at end of file diff --git a/examples/customization/custom-errors/nginx/README.md b/examples/customization/custom-errors/nginx/README.md new file mode 100644 index 000000000..2f79388d5 --- /dev/null +++ b/examples/customization/custom-errors/nginx/README.md @@ -0,0 +1,82 @@ +This example shows how is possible to use a custom backend to render custom error pages. The code of this example is located here [nginx-debug-server](https://github.com/aledbf/contrib/tree/nginx-debug-server) + + +The idea is to use the headers `X-Code` and `X-Format` that NGINX pass to the backend in case of an error to find out the best existent representation of the response to be returned. i.e. if the request contains an `Accept` header of type `json` the error should be in that format and not in `html` (the default in NGINX). + +First create the custom backend to use in the Ingress controller + +``` +$ kubectl create -f custom-default-backend.yaml +service "nginx-errors" created +replicationcontroller "nginx-errors" created +``` + +``` +$ kubectl get svc +NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE +echoheaders 10.3.0.7 nodes 80/TCP 23d +kubernetes 10.3.0.1 443/TCP 34d +nginx-errors 10.3.0.102 80/TCP 11s +``` + +``` +$ kubectl get rc +CONTROLLER REPLICAS AGE +echoheaders 1 19d +nginx-errors 1 19s +``` + +Next create the Ingress controller executing +``` +$ kubectl create -f rc-custom-errors.yaml +``` + +Now to check if this is working we use curl: + +``` +$ curl -v http://172.17.4.99/ +* Trying 172.17.4.99... +* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0) +> GET / HTTP/1.1 +> Host: 172.17.4.99 +> User-Agent: curl/7.43.0 +> Accept: */* +> +< HTTP/1.1 404 Not Found +< Server: nginx/1.10.0 +< Date: Wed, 04 May 2016 02:53:45 GMT +< Content-Type: text/html +< Transfer-Encoding: chunked +< Connection: keep-alive +< Vary: Accept-Encoding +< +The page you're looking for could not be found. + +* Connection #0 to host 172.17.4.99 left intact +``` + +Specifying json as expected format: + +``` +$ curl -v http://172.17.4.99/ -H 'Accept: application/json' +* Trying 172.17.4.99... +* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0) +> GET / HTTP/1.1 +> Host: 172.17.4.99 +> User-Agent: curl/7.43.0 +> Accept: application/json +> +< HTTP/1.1 404 Not Found +< Server: nginx/1.10.0 +< Date: Wed, 04 May 2016 02:54:00 GMT +< Content-Type: text/html +< Transfer-Encoding: chunked +< Connection: keep-alive +< Vary: Accept-Encoding +< +{ "message": "The page you're looking for could not be found" } + +* Connection #0 to host 172.17.4.99 left intact +``` + +By default the Ingress controller provides support for `html`, `json` and `XML`. diff --git a/examples/customization/custom-errors/nginx/custom-default-backend.yaml b/examples/customization/custom-errors/nginx/custom-default-backend.yaml new file mode 100644 index 000000000..fce7c0bcb --- /dev/null +++ b/examples/customization/custom-errors/nginx/custom-default-backend.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx-errors + labels: + app: nginx-errors +spec: + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + selector: + app: nginx-errors +--- +apiVersion: v1 +kind: ReplicationController +metadata: + name: nginx-errors +spec: + replicas: 1 + template: + metadata: + labels: + app: nginx-errors + spec: + containers: + - name: nginx-errors + image: aledbf/nginx-error-server:0.1 + ports: + - containerPort: 80 \ No newline at end of file diff --git a/examples/customization/custom-errors/nginx/rc-custom-errors.yaml b/examples/customization/custom-errors/nginx/rc-custom-errors.yaml new file mode 100644 index 000000000..d26dcbd5e --- /dev/null +++ b/examples/customization/custom-errors/nginx/rc-custom-errors.yaml @@ -0,0 +1,51 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: nginx-ingress-controller + labels: + k8s-app: nginx-ingress-lb +spec: + replicas: 1 + selector: + k8s-app: nginx-ingress-lb + template: + metadata: + labels: + k8s-app: nginx-ingress-lb + name: nginx-ingress-lb + spec: + terminationGracePeriodSeconds: 60 + containers: + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 + name: nginx-ingress-lb + imagePullPolicy: Always + readinessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + livenessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 1 + # use downward API + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - containerPort: 80 + hostPort: 80 + - containerPort: 443 + hostPort: 443 + args: + - /nginx-ingress-controller + - --default-backend-service=$(POD_NAMESPACE)/nginx-errors diff --git a/examples/customization/custom-template/README.md b/examples/customization/custom-template/README.md new file mode 100644 index 000000000..d2b223b51 --- /dev/null +++ b/examples/customization/custom-template/README.md @@ -0,0 +1,8 @@ +This example shows how is possible to use a custom template + +First create a configmap with a template inside running: +``` +kubectl create configmap nginx-template --from-file=nginx.tmpl=../../nginx.tmpl +``` + +Next create the rc `kubectl create -f custom-template.yaml` diff --git a/examples/customization/custom-template/custom-template.yaml b/examples/customization/custom-template/custom-template.yaml new file mode 100644 index 000000000..168b56b50 --- /dev/null +++ b/examples/customization/custom-template/custom-template.yaml @@ -0,0 +1,62 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: nginx-ingress-controller + labels: + k8s-app: nginx-ingress-lb +spec: + replicas: 1 + selector: + k8s-app: nginx-ingress-lb + template: + metadata: + labels: + k8s-app: nginx-ingress-lb + name: nginx-ingress-lb + spec: + terminationGracePeriodSeconds: 60 + containers: + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 + name: nginx-ingress-lb + imagePullPolicy: Always + readinessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + livenessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 1 + # use downward API + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - containerPort: 80 + hostPort: 80 + - containerPort: 443 + hostPort: 443 + args: + - /nginx-ingress-controller + - --default-backend-service=$(POD_NAMESPACE)/default-http-backend + volumeMounts: + - mountPath: /etc/nginx/template + name: nginx-template-volume + readOnly: true + volumes: + - name: nginx-template-volume + configMap: + name: nginx-template + items: + - key: nginx.tmpl + path: nginx.tmpl diff --git a/examples/customization/custom-upstream-check/README.md b/examples/customization/custom-upstream-check/README.md new file mode 100644 index 000000000..de81c40ff --- /dev/null +++ b/examples/customization/custom-upstream-check/README.md @@ -0,0 +1,45 @@ +This example shows how is possible to create a custom configuration for a particular upstream associated with an Ingress rule. + +``` +echo " +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: echoheaders + annotations: + ingress.kubernetes.io/upstream-fail-timeout: "30" +spec: + rules: + - host: foo.bar.com + http: + paths: + - path: / + backend: + serviceName: echoheaders + servicePort: 80 +" | kubectl create -f - +``` + +Check the annotation is present in the Ingress rule: +``` +kubectl get ingress echoheaders -o yaml +``` + +Check the NGINX configuration is updated using kubectl or the status page: + +``` +$ kubectl exec nginx-ingress-controller-v1ppm cat /etc/nginx/nginx.conf +``` + +``` +.... + upstream default-echoheaders-x-80 { + least_conn; + server 10.2.92.2:8080 max_fails=5 fail_timeout=30; + + } +.... +``` + + +![nginx-module-vts](custom-upstream.png "screenshot with custom configuration") diff --git a/examples/customization/custom-upstream-check/custom-upstream.png b/examples/customization/custom-upstream-check/custom-upstream.png new file mode 100644 index 0000000000000000000000000000000000000000..30417894bfae8f02b1f10e71a535c19cd51f5573 GIT binary patch literal 60592 zcmZ6x1CS;`vjsY~ZQHhO+x*71ZO`o3p4qW&bH}!^WBcv@-*?}QcqgJeBRVR&x=vPR zp3bN!B?U=%7#tWNARu^YDKQlwAdusKmmw6$zbBf|f}KD>e?6qdgw;HO|LTXO;f@_)ND>^;14 z2snA&SnbJfCT1T@Hr}THQ9=>wx;+m+c$-GK}>XHCDHyKL3a_3!@Lp*r*WG2pwYMweqI;S}S}OZ@uzdfnxco)h&u&8si_ zf5!rT=W4b(tUu0uy%@Y~8eVc1Nd4Lm8sQJtYIDD$=iF^}n@aQZd0|tXQDa?}V^^J7 zDq>@Q^%fN!N{S2r4+c^c`R+=thyR(KF&K2gN@_;_j}JqNkpS&IO8OiB$D;r*z0xt& z3q!FP-Q{nY??W$Hv4nsLJ<&N+9YtZLPsZ&xElXlg{ zAY>(0|Nmzb@)D8KL4)QZrv)L$Ri`M(L>FS9K$fXk;^iU}(M(!cu2t6+YZn=*wI$g; zzMdOR4l^TGmzMC?tH`eERN7QWE>RTQ0F>Npl`bypuC)H1BvV?4G@;U<)KW*DH@}do zUm3Bq=esyL?R--<$x+o{yJY6fB1|}SiyJ*`NLDVt$f+QC4vOxuG#JoANABXDU!Kcp zQ2^lyqe(6Tc^W&c#kI=&OR){jk6O4$&{26(UDh0Wzgv8PMsxj3zC;{Ne*I_4+Tw|V z(3-`0x!cmA^M85#M<;H91k#x`gu1fZ4G2Dai+3)LDG>v+`V~ z?7i)n%njdpt{P3hX?LScq5JJOSjf^Jh1~HJHFlD84>dB1%v_w#{R4$o z$fP7Q8iX!(>Zm^Zt4_l2+mEIuRaNdXi*kSk;NRT>@C#t5ENv+<7VpF0=Xgh|ON)H^b85(A?} zr>2^?RXbW81>I4D6;isT#v48`F%h8RBsCF?(k}*w#!shxJ*%V;eQZ*xgguJGCN{&d zU1(j>nFW)lqAXd6?{33$y3=s?jBDTSzqw*pisoSXUwF!61!BPA3=SDr@6QHCFYgni zur!$$kitS0{|?n;5n;9tU7pkX7y|z-Ce`NO6EkhQ_)u$L({f?VbPQLaFT9ZBdSso^ zi9Hn8K}l1^OIxXKe}dya3_pqH3ZKxEPyfp;I3ZxveSMf8og!Z zIgg#~Kj+F?j830RDXp+!LKE_62s|~1bIJ|v2+PJ<`kSdJ z2G1}8v>&}pzw{Ty`R+^&+HoT5l){yqZ9b@^u>Tz8sYqq+LEnRur5I< zA;6~%uAb&~eG6tUfL*g`Jvr%ViOwj9iB4}>iIbq!sJ1;#{cm~=UyTw*nibM=%36#H z6h=2cLu3W(k}3Rc_S>hH`ebBzxnv!jl)fTrL^*a+U5z%qe>s}Yd%k3CrYL4o2p*?E zk9A4*%ReA174DZf6L})yT;Vz_44i_+?QGZe*HXEF+nqROzWat1rlId$xxmx8&vi$3 zi>X_^|FcWJMck!GX`X@~olw|iL8G$%l3sj?bzX+ zOYhmwTmH{m2nN8HV<{wEp*Aikmod*Eb& zWt`w@;NV4<&qg9{yjQyvd8{V5Pjg(}&&!L$5rJKFm=}vZ=VL(@J1ov9u-So7MA?JP zq$jAHqB6M-=6?}c_I*FyXw>PxbnWVQIeooXz+pgxB3LDN{O*q^`HiC7Fc)qVpm2+F z^6`Add(-`p#-Qsxg06Xnb@$xX_Z33;SpXRMO=sBqH)<-Ns#i(kd-CL?Ba^`!`oaMvMzpPAGYd zD$5k|X+K^wxN&3I+3Htk zcHf?A9bv(`YSX`u971}z-sDV~B1V2GO;@?2%oA#-G_%qYDC?ZJ&gHK<;OA>|hhcZ< zzN3J->FYbjf4za)LtiTRE+(BSv#G&eIS~po|C_elX}W7&ldF7ka`J1L{bk74p<@*1 z>1%v81a_euM=;0fade3GE5VGCXe(wG*|Xpl+{Tncakb(8f%=9qArqhEAb_ zvYrR;oFtv`5;g{wme%1iJt_Vgf;Dxy_yO2y0jRf~%z+pP zQP?@K>a5kN{ob)xZnmfBPEo7t!EjUvBqE3&(+?z}FBIB7J$&;4lyh{lyeee(-qBwj zoCDgvw;6})o)-g8F5g$C+2Z2jzK<)1JBkj@T~AQu%*0Y|j3l|HWwmA2y#%54)NFl)s7qTzP%kz@tN&bp3IbFmj{^^~wsFle zt(_*TRy`gRQNuk8{VxwEmzk!-2wXl4RqAqNPuZS{n<|b}wc%ys{;^*2hrW&rp{)as zYfe9nDrhrJyx-|_%?VMX;Qag?P;9S0vhvF8X@ z9!x?}F$P(Tgg^g{FbmS}^md;b=GF4~+%c$U>{Ll+SO`LUhnVGv1}@P)O3z@a@wlIJ z26U2|n(E+th#QDf0BzcRY`?aqL6RMoj`C-E+USG{pV#{_DT2@)nRP#df-hnZDt2+PSFkI#v1`6Bc^ z%+5}PNZpI(4N%>unNYpGUDz;sb#r%dLj2W;RSPSUP+^XhBK^w+U8FHxvFz0H7iqf` zZuT%~DVu)j(=1aW7c0+!4V!!k(zS29PD)0Wnm3kRb(vKnW@?r0(aUeJU(9r5TT3oa zz6zCXA1t;>gyrqxaSZP>COiUA*y`l$2qOnv$G<&1#s8r2Syo?p$qw=rzIr%uGHO#W zBac;f#%OM!KdNDE_^&KYjg6XiAnq6HAjIA08yZCY$1TX6!m!tSqMXiS7%Y*-+GD<2 z13Qxw=P7X*Mk79$*>bZ5lAaEl1#RXovJw_l6d({p2Ex$sV9asi%a2){nLQV4_w>zN zXHQfLLw0AFPcB*R*ISz|E)MkcRxHd%okA9lFomI*J&EQyj_}pV+O6#^q%9cTDm1CL z-(1auL5#71j^HTT2xEto@%ci(&ITd~iUz=+Fa~*(Y_e6e;KXf!aIhc*L1z{jtZTd7d@ zZ(GL$jr4)OoH=J}ZfHA78Qi>BN8xubs8Y=Ro_ncN2a=`p*xXunlGU`{CZH{tXE3nR zKr)bS{H`(3j~Y{vL4FBP;mfQF%Kwa1V7Xo{W9!L@AAxPTt`T^Eu~cF#Ne*jF8zL*v z>Qp*Mu}O8xrBUOjlp7I3HOCYH9i)lTb^wFZtLAWcy0p6C!H5YO`YZ6cy!0tHT_tC> z%;R0T6d5WpAp&nBHF6-+DENIS_`KbONL>}sr5f<_@^d>$%Lu9ysh(l3d?Z>FW5)_S z-j6N7tu^j!d$n~i&E{8Tp>P6FP&h49R8TwxI6LGDe3c7+o{N~5I`0p5xX8LVLV}WW&IKU2k z&uhgjU+Eda%DnL)lo%vBsIkSP!9Ei_Q?#eZlEBq?+#>ZNU*}>06~g@04(WeDtLoX_ zC-B;Z6t4$h7{*hNo3rGfs=XghW{B!OKTrE!_d*cAZ8DS)X*WV`A>265tBT8SCTVL> zwqF*jL_cs{BCPVkUs2FNcnMTuAw0>4z4|*nP*$pn2_rQ3n3h7PlXaApwbL&?ob$=! zhZ6x^R+p+kDQmyFa*Gzy;=Gq%XJ4cBOWI`>s*J~K45<6F#x?y+`!s-o!Lw{TRUEka*pX`eaFKJ=3r)&=UPT=i{OD1 zg#*D+eGcv@9eb}g*nk;Qoamz0U3so%eXd?Ma%X*BMH=D?;>}QJ@#LWGnYn{R6D`I_ zIYJ#7^t(gFzc%~6bUz*OLP1P?KB3`61`&f{$cTobInp&4QG~dSFlM3W+Y20=CBY-w zbZ{R^y~JdKyYCnCzv1+p9{`-51q3Tf2E<_xllL*-8p=Z1HqEK5DA}7ZPr2B$wEMFY zJ+U>zE3Jb?TvaLcf2Gr7H_ur_0>{o!IGgugYUc1}`v7!0J}p!!v?C{E{-<(p(mnwF^JsAiQK zNT!+L_V08`tGoDVfV&R-{pISkSD$#)Q!e~Hp%-Q6{FQDku=VQ1sw!n3o*lhQC+8?s zN~DqmP;roBnPs75-hs@u+UxCt0@6Is_J|pafab5V#sd*@_`FIN9dcW1iv`={R3)sH z#3szdaN3bD#)RRV-VV&&zN>XW8tD#-XBlS?xlh8p0;diJ2j3nrX)tH=4SNb^8TICO zfkBylnJ58+T{HU_vv(uyR+$B)Q(&V+V;tXNcs^|5R#1y<*ja<&ZgT|#rB3#P5q3Io zpP+wo*3V3wgB0Ml%@<-X4+xDx$GaW66kvD_ za*84oa&b@xo0_Cs82b|trx4Y3KkMM=E!cYmLtYqvsdX>VTy^Mv4$)6M{u&xa%@5QZ z%pGdy^P*%0$P$*`pD?{>BHoODf*;Yec*|?5I(5=;4tbT9PoizR z3Rg9GYfmhQlkCDBrw$yY7NA3cAoQoENwC9wOD)lj(>huIO;C;e=nj6amP#22M>8^Q zx1_b!qe+s(RO>l+5Iu(c6tY*JvM5)XI1&RPg$zg7N4M4A-jS36JdEI2QvKI6qHnYW z&{}d#su?-iXaknEwq`7uV*~+kF91hq6wS>@m1bT}UbH$()ou`S-;HrTaZ262Kv;xi zBr4^K5Lpi<$07uZTFxyD4k?bTnm7mrwJpm%6w~wfRB?G-eQo9C5!z*%?+8Rl$&6nF zgU}?A{#0basFQ4xx`A5Nm!7OJo*=kvfxUVTDdzMqs@+3MNjt&&!{ahS5K z%=t}^C-z^BCBD4kq#f~{BqXX?Z~Ir>(9T&=4IAV~%`_ql62pM>9CJ81vNBfgPIf^jYB`ze+NNMQi`u(N>}_pS24aKyIGGiIN_6tncR%y1Hk4XD7} zF)=T1xDE*<^y2dtxr=td1ex|#0FeG z$GNmDox$O0{Syt3G3kAr9M6AtfBgOI?0l@SQd!%R$-~J_57>CI+R{(BIMV)trvr%+ z5$Jrl!J01#*Ym8_B$n>uzyc)@yM}rUfO{PuryByNH|uczH!P025Au@k5cv}`8X*XICO_W!fKV6f7Rx>zGSGiYE%j6>SQzUEQ8CLLFiW zjly_kH46m!+6TpDfyfC0A@VK6PbV_XFc=>aV8weYalZ;$gSUB%klxoT~W^QQO1|0{bJsHHU>FvrHE*n9xD11ATOV!kQsQf)I#OLl`o4| zYKz>+_6pH!j9J-SVQ+5_;YFV64XqapU;N+Lpsusc<(3nUTi!P99M31ek~BHlqGRK) zsn+o@_=TbhfdhGOCz@L~Ga4>{e|1{t8a%VLuo%kR&}@%Y<-!;*WQvV7C@;@Xm>_Ry zzl%twbZ<4&dgV<{>mm#LWPj$Lm|d#Tkn_7(wI((Pfyyr82J&r!HbjHJpVo*l7F@Me zX}qlBb>3@4HzwF?O^g^?4FNR+bcMQQ!!gfyVsAC-;9 z#0(}ne-al5QA7unwibky*N(g;OU5ij!%`o(Loo#208~pCqY6K3a1v>*6G{*Wn-Bpf z8*j#hzzWn4QB6lje^B#zqvs2G<3jplfCvFm06dok-CPcZFv_N^7{_Fq6>iST=lA&u z`$y1u52*hj&*yqT_pRrl*YBkWB7s@(X=yQIwzgDy1*IA2fRNi}Xw4w29e`LA@ zy12Jc>ef)ItsomkP40hB4a#RrqA|kANB&QTV*yH1EO-#}GA9$F7e0gp5n?C^^{{B) zUM`>SZOt?xmxo3JF)FP#r(03p#&?X4y0%&*1Cs%81 z4{NgVP5cXmMdgW>r)L_TNO;*XM8ZUj)XHxqx^nYIbT8CJP!Cu09#YNzYEDPL*t+4PUl zNN;!YbXDuC0fS%I4->=9dNe(vm9Dc>!&fifo(FWkJ&h9)jS_X6_K^6-fecF@wuLhP zq!LLSR{JqZwIjqvKj+oOTvP}m5II-7(63{OE^O?NjnT{JknZ~}mp_6J(@h?{c>&*Hf1v8b7Jvz$ z$v>~JB8&?>YYUDRc4C|#t`vDJyUGAf9m3{KXa{c#H2={c5=e;q5MhjPoy)bjPn{Ey z>=#tHu`qCecve>O^#b(CGg0vPYYK5~CX>`vhw6TUCA9+L*=B@oyvz;X&oaD`cVJ(4Gw`t~LzTj>(wUP!ME znBvV$wuwGGqQJfza@+GpLbo6Z8VtGJez%`j|7_asu26Qc-#G(E7`fV0Uzq4oad$a$LDr4#06`e z)dvzk*Twc82)rKM;TON#=Yad{+eHd+5+9h7x)8OjCh$T470-Xbu_|bDiAg`vQjr{~ zW+q0rAdc;Jijp2SG{lXu`koRIDiR#}8#(%zB$%fZHkVE%lC#n%OadADcOE9#fF4p` z2?NkMQ^yjPA&$Cny9z@p5En3&BO2F(%0fX25!sxIKu62_hj0X`pyAs?fJj zFy=J+*8G3bAf4_rE|OUZ$13hA=I!jmkJ;f2T|Pv~$t0_G!J=sB98@8)3i`WHl(dD* z@;o}Un~PP?Xj*DUxu#<(*wSneo&EQtHAD3KjISgLy_ne}vRKVh2s79)_^ow>@NNFq z#?{x?zGt;y-@SvF+P|iqmMbrdn@syX-qG4B-REYP^!BQ5QBk*A;6{5A9EW%ke zfJ6>Pd(f+wi^4J+6)_-^9k+TWxd6A&K?@O4mkZa6i>DWYi0y5uDT5`#iNbr8oc)Y~ z_$UWI9<96rVcIX$k;4iFhIkPS$X7M317DiRgYmhE}NE zd~%v~VuA{njt2u)M>$&7sxWhM++0iqAB1KZZWvew8DTKm@_sIvJW4Q2wWB2u4^Iyq*Q*9HxIr}eO(@ji`hxiu5 z!_k~^k&80QpiY_YA1lhBbC%`j#aB^5A}Hk{t3xF+gYl$>>-Q5S+pWwyKO7G+`U{IF zZWI=)5Mo`)0c#twDbq5eDwa@OqUyGhwblOB1}h`MrzyHq?OQurem{_ceE5i6U;b^o z*IbBWhfZCadGTG_QAf?ZcKdzEa z?d28Aw=uT%J=boi2&sxB@=YcEHwddbcmp?`R6}Jw0)qP+1n0N%-H8g+GmU+SF2h?E z)6fxUUHWz%v?FMQ(n54DNgsDxS5`K3bZuYPuDVRd8H8;n=Z)$L6P zl!zVM5aRtxCez4Gbv*_pgVA>R-u(a8)6xmW5soogQcbmwI2BaPCn{ zkS;d3coc|?5>ad>4^R#+nI&n(<#zr5`KqO5223?Y*Gjc1DDA@xHTE9V7Q^Ds>^LSV z1$|WvlwM|9G=gJ~S#63)rx>1HUe$|^EzD}p7$kQ0ul`U2m|PQ(S}`98H69ch<OsJ0oL|eaOJh$&(*~X!)~g{`XyMxcc|7i3Bu# zch(F)^U6!BEvJo}AVHL*Rd>vja5-(fhzs$lJlB{S23vDiT z1rU2~Nu;W4!IF{wF$a!9!BsT5TFn0$^tlOm?0FF!eJVr@cx=l5IM}qig6>`Ne?NIs zB*^daYUkTwMD%b9xP0MsfAQYx&NArZ>hr!kO#c(`da(XtsMq^ar+rzM`15+|7!c-b zQ}cCb82RtrgoZai7qWKG0S7K8`7JBEakjGsGT?Af#V!v)hz5)wht1WWS-DN#4tUx{ zp5Mjh0N>T(-TTIA$MjWf0002T+LSwk$+8K*OaK6ssV)?x@ERtBfI4^CRhBG1RV~(7 zDs69uv7|UFpiCeQaQrM?v4e$zk_aLjxR+U>|Uih*gJMW|66! z4km91tK4BHSHb8*bsbF$!?18c8+urV0i70dM>4+`H*isk5#XrExDXr_b`Y=N!fi0B zYSvaq71lWV@U`%rSc=}@tn`<=)cLV|Ttu+ebqjvocd0V;u$~`eqcU_0e1F<_of^Eo z{FM#J_u8*p{CF8|6!qaCzM}oK6^Yko^FfsapAqOOpJX4tqJ5~a{9{kbZ8j&W4vMn< zg-8|HujJu@PJOnEDNnmLY=#BOq6ZNcmxy?#oiKh30p7e70s&c?9dv-zkxoNqaVsH` zZ0Seopmr z$MsTc#+y;u@fFTPF?!)oLXzn0no1C`a`H%DP!Y*yig(l(g%mF#`bA0J;hNKM^uSik1#4$Rh`c3TBGl9seXA%`gcMy3!3Bq}60Rj7~&>ZX`Or4f8oJ)sTF zo*uT0oSEw&YyYE|I9L>GT$J?8QTSIxIEpYlrbXQIQ+pWy`Qr8oTHE7YUT%5k;{<{i z8&!NWMFJZc!iqTJQs|5N({;@S@2C3CzXlH}cyhC7Of#DYSpfPQ6REy<+W(#NG7i)A&O zV5WBvqjtR@YIZbD>EfqAe6!V#HU=JtejOJftSHN}g0iH?21k{J$R!tt9z?t;Wjt}DJQXpY88sS&XqlxH67NKrA>LRYxm2{x zu|x+S9!Z!y3p|AagBpY`+~?uUcja>Lid zr5*jG|GFUlUg0mePBoa@wclB2vxgnm++SMT{VaGL%jCl;M8sH(%DfA%-pMnfxq|^O z!H;V?*xkRMdvgj>KC7K3MV^;BxT}s{K9U7hU7Smp@na;~a#B91AH~bllOvNoF==r2 zjyZp94w6v@ymq%M&1(CI^S(lx73&0XMrZ{+a-`q%Upg=hzhIs9@NgkkC0;p93^Re} zP*Sl4L5eUe@9v{!`^1H+4hTzK22GDRQ0#M_-}Ha|;cO0vJk%iyAfT{EsI$RTAhr%= ziw5U*3Q;UXPnfnbgw7dX4(o(S5DTF~0RH8r>=bEb=jw4T=D|M=OMN67*+d#lSOaIA z?;=iJRp!Usz!xekMv^&)mm($HP$U!$##I8(4~oqa%ry*tvLwZVnT}rEXutw)+I+jm z#Sj4+hkNJ5jI^=(4GtcZ8z!tDx-#JBFJxzvqN{UUmUc9HvJ_r+)EPd!5x$n?{Z$$u zOrcZFvwCM|c@6X8x_a`klx>KcgaYJl*>KP3>mni=fl-^4##_iY#4d#_3GOPcQM-R* z*TegS;_u;PIwsHd32}I3z9-lw;E8%Q(x)K!GgisZJ4Cvl#h+FEJ;+H8)~x&2??o4P zz192&ob_kyDCa@(p^Bm?zXV#p+l#(TaOy?pk^SN(s4i?11zrm(hQp{okQpmcEjdw& zB(gxM<06OVO=0%xgW|N?J(bS(XjAd=@)5+aMWE94BB$qB$7Z!QyItt zPgeE5y`!sh5mh7Pj2XpAXC;vjWdm-O8`srC7{V1tGss5zEvxT*$s}KU9XCRsC)w*~ z@kky0IId;&rj16>_2gGVGlETvh5t+1{3nLiNBor3O{Nzj8?9nnV91nCO+#O%h{7n$ zWF7PjT>|*carY(rHz+k}oTM-k&Zf#Je>m&J_{!puuuT0pr6(zPZWCQHspbvs_wJlUvgA0uCCILT>M>yRzr zQgKMcm1X{hUFRjuRpIlU#xK68H<(1sqQNxHI1e&u(Xtc4{9E|A75Xi z9h7S2T&JDi+NhGmn4yCWnE9~surf#3 z*haR2v%|0cH)xgy0UXr4VpN4^Z{?|E$O}tky+PjHNARBnH(i>zR#h~)V+CSFlNqOs zp*svh;i{=D7kr#^G-4FCPvQqbpP#-$UBlnseWe#aUnxUBPl}(D0e9ZdVT(Uqj`smS z1vVi8_lW3k>w$ke@khltoWU}a(}Hg%2iu6g$z<6 zN`Mf2ERwir+Z>&OBfj>Cxf<0|r4T(0wcYC_@mrcZKsz#XZ|o9|Y1f)V1kW#lGJXv% zCT|5vxB)j7h*6yf^@~X#aG76+e?W+#S4+o`UZImLa-WFs>fk@jfRqq z!6R3&F^=90eHlScp*9m$e+!ZGnQ3I&}auU$lKv*byH zI=UvN;n1EzQU?U6IDvaHp(4mfdvihV5=lbxuMS);jCvuOGj&^x# z`R^zu*RBtC1M?n$hEm>Qjew; zc1!#fZ^Sy>EW2NPFEi@!*$YE1&;vfh>e7k#F~jJ>I3wl*BOwh*Mw`6YL*_La8GeTc zo@{8y=qB=lT379!Ek#~)G>oI~8*avrYmSA>Q<|l8KG!0Pt0-5p#jN7Rn00QVF7`rO zJ~Snnh_At3#rhIJe{ObGnZNZDwra3t)59hd4w8BHjOLWC4BnMa7|UGoS_zD7bY(h0#U=6QeB=rBk9GHXtA zdqi{4ph-5>paeHGG=ZFRNA)+fTrsO@N{}DeT2z_j`LmnMXU*VV`M4C&}G}n)Cf4 z5>F^tLC=9CkiQQ_v5t%rLkl5b4Q8<4-3vl!MZ#x5t5g`=y?H-&>jL=YEkP%q3q zo`MBinGf}L3*LigeBQ~3X@?h^H0T(*5G(B0D^D-OrM#1X4DS^HS7)l`5rJG(^f$o~ zF2Y5IGL#9lSsNe30s>L>#k&wwqiL_nvi8D$l5JHwD#(`3Alk7LF!GLO!Z9YEkjIc`gjKGX{Qr|z(Ct#m-mzaTnb%NGM$5p_4@l&OeI2{{Yc0@b|t4}G#7-k8)g=C2Q3b32WY3x zB-xvHiB?TzRwX(U-8HmI?8g@~@|-(Gg}StPf@@_~QK#s2t$>TTbJ-*&_#7SCi>_Yo zG>xVg5ec;VfoT)0r`` zN}b37@NFY?WgGx^V`d6!hx;!CS?{V%mufI$cW7AbkaYe{3QcS%I~@(ex1%dr@HE&w zxO;R!+bUOiCDC|Wp&Qt`kLUIr9_#K6tOTilfGa4m%YCt+0DCYdA3HwdP8p6r19ka` zu(MOgNVBxJ7GVur+!V<+R8#UI%L^nEgZ>h`mk&%mh&FhGrd}mLt@gB1C%i!1A13_` z5MAEsB@p2$c0gUXk-KXwz!DA>nMtsg6W<n!5(qtSpYxL-PanU?0 zuRvL@l!L!8Joq=xHI@7ugvt$_Y^V0!{~0X2SR%(#bLQD74#kU7#vH%LS5aJrDHPK|rg!vFXXZy*x6Oj=heNzPpk9!;BUGL0plmVv z2p?fHW%_wRC=e9oWyz`&Slpg^$Ikcz6C6+&54N-D$FwSnS&*IsQmdX zzdXju-E~;OFJu=UWoo2p>L^_9)fBvbrBa?JI?6@rwe!wGQ&Skl>e6qT(6nIAd(!Z; z^9%5tN%mmcY%uKC7$t_4(uQ1%Mzu;(DsEQi9vr2R&Zvm3^&(=KXh$5vj-Dy3w^6Hh z^F{>*sFAHaiu7ZSSAf+xkua31QggOJD?6(tjoR4#3j|>7d0$-`mB~!?%yJ52s*|!v zr|4~C3{%g;hS5#^E@K zW^K`BSTnLIE+IyrDv{qHMW&Mvl{%xbg<-8k31tn@V3sh?wqZrb!c|11tdPIm+tE-U z2KP5X2m3#32RrWnm0#5C;jAoJ6X+Rc+NCcj(c%Z24hTxiW7kOUDKnbPECOlTxNTn3%Z!4zbArPU|0l20|B%CbP`3%a^e^?C zb5AQ{0caXND5VuCO{$E1TuL2?7q}ZI0Y8sjTDZOp76;5nVS$TaY~yeza_v6q)>m2 zEP2!ApL$ycM~T|ckTo`;;9yVZO|EWT<+D`adZ%3u3DzWTf~4f_z%1CiTO3Ip0e|mX z%gdSJ^K$m?jxZvoOlZkkQage;;j}AXw>=9t$Nxx)rn729(Z=g&& z#WUnO-9!}|cs+c}#EQkwq;~sHRzWJ!l;E>m{oka5c?+%EHRW$eWO2J81NKs*YW?d_ zUKVm{|Lymf&J#714x24B!?){0PC*BQf7B-S_8LUhmV4nzVz7fzA^epqf~GoL`N3}|OSYE0x^}g*bKngcIr5Z=B{DDOq{{&t{W%>@qHF$Y ztFXkI3rZwiD;CK+TlPG;eU8__EL3GymFwJDQ#(QG$2j{CcIdtV!daeegOBSeDFNZu zE1K_PHNmS}uj&psf-?nbg4;OTO$M7T2KbbAR>krPvS)cVJL(`EojIf<$TWD;LRMGe zy;RmuuZ`7L)KZQeGd4!E7VNXi2-Z_-JO^QL_aAzgQa1$LJ?KBmdd<uXB5fap8xvE*462}zr8B<9^ z{FVVPl&JX@k9Svq(^uar?$+hVzUnbU4oAL{Ri5|=-HY9~3A31!Q!Q}0nQJE5Id}pHYUSwNbDF{{`XjN`7PSKF$ZSC`_=?smapzehF6zxB3ApeG8`0^ zB+;JLQq@+?G7=^&Eyf!=inBE}j0+H9TBkHu5`Y#Cwm6zdq*32}?Nm^Tp#*1@4BUjU z_r#*%j-ehBqX!SIq4LW)ECc#6bNHVXBo6fRf*SF6pU)ja_Av+1pFPT@`k$cjz7Y8D z{i-rbsm8q>YR#m#2qTxmtf>Kr=alA@j%&QdQ5oua?bQt@LJL@s@V&W2xE*?+*Ss-m^Q z&0hZm*3tNA~LG7#6tSld}mU61aj5aGF}&t>Cd#}9HMUL|tQ(}KTh zBS{RTrh~z57IbtGvwVD<`ZSZi>7^Y(&AL>#MkZC0oS%J&D#^vhNI z1U7D=h?uO@z_qZyVQZi<9V*kDKrnX&8tE}N81!;f@!VNNmy^2;niwmXPO=~$jt)4Q zAJ98@Iia)Mld}m4ORW=B0GGF&0hZo=e&$|Y*g9y47yZ7fE4MD7FK$hM1=K@{6x~te zNL;;I6aOlZl7Xekch)s)I~&pz8?BSAK*rCf0-F}|lHLlgFtK{Xa5rt<;ry=WVln|k1AXm)jwEU|xw3$u z)4~Z9k#C@Cl{1brb}Iuw<}C)RoqhJJkRd5db|CYZbLv$uOH5bcz6z|VQ(ES967}R< z?={!ffF*OdUn=@ovMR{c)-`pRGGl^~Sm&S}#i#(@#L}4;RNNF`yCIG(d|UswwwznO zSpKqH*8YlWF6;5D7tq1fDt)n7ao%-yT92YG7isyc2AE=Y>?V2jQC}Y;v+TO$DH+*R zYYkrsvj3!5rP^T{mOv5psHmQ@fUkb|h{ zv@4c?Gu|-j!ceslnUjP5_xZ-iSBor9p5gZr|8rnp&e&=6RqMQ1_d>qm^rA&6%pXnm~y430Vo zISGB)f$Dh$B6#k-Y`?V$+OT(muTLxE79aZ zALDBWn57H?DQT1CYfTC!*4uvVdN{;*PRdh|=RO8OLIJz~^F1-e1l5WcfQ0Qa)U4Dz z#PWDb-itG8inA)s3R`z>e=AQkmpp@}`;SczOydjOzxDxI(tZSddP|unVFGZO6<;u# zWEw6-Izl?~o0>KNa4uS6qcjIItRhPXDD>F$)}9} z`jVNi!H}t~i+3^P;NxcBK~B=jXjP`yp-8gc^g1HOmGl2F_7zZZHA{me1QML!1b3MP zf;$9vm%%N#yIXMg!JXhT1eXB1<8ku(b-A9nKx_euT+RUTSV^BfQfHsK|5Fw~pCs z(TkI5)ony_JO8Y1nPZ4%dbHAdQvv$uMh|cJr=NvrY->4)mcJrv5m6QL`@&$EJ&|o` zJrG}|&x>~q7tn}M>wG%{QJl6iv7rh%8A&KSgG*OmKmqe6Nd{#zRks!py4FMaX2n5a4Ns4(2(#1#{V#J z1qTY(vbz*o;6EWQ)J)O;4vC{oZq_;?VdQZvu zgDp;(Fu-ALBqd1lSJkk@Ns2P=>O3+8n~@E<$~(*ZiMp!Is4ZCf_kyv{&VkWQ{KM8x z5_+g~*TT77_NV})XPeiWn3b;QsS!pN9bNTj0*XzBX{YTrI|F;8*d_;owHZc<0Fs%B z^L$K3c~)t6ZF@ojl^-op zsz@*yb!IGzofx5Z>I_>H1XgBlP&B;IA_|6)?9tDu?19Xdv8y8y9?6E_eE+ZW?}#Oz zXx%Jnmxv$jE^A>?B)`fA%G_BJ%?JrM_~*)YS5GVPaI?~l(_jdGzXuQnbI7S`H(%a| zc<1LG(+@gXhVRy`!2P4fBuH=8#vNAA^d(e$(9|LH!gQyk(<}`7MU#5Y@dGU+AU9IT zc#D^3x_`Z^hwfLQNiKvte1>O(ZWTr|pBDpiA!^msX)b{|w87QoA{zYZEZF09+02Yo z7p7K7=nNsCGyQjs>@v}#Tv%~a`F0V7Z6U77pe!caY%83*E`iV2n_GbwP7HkQMYpB| z&wT_80*U_qt(x0}W9nA^90u<+@+9U3_FFc756nLLV~KJF_#p{; z=g#H5y>W#vm=JoXJshO==VhQ!q}<$e(G@PwVQ+jh_nVnA^~}g6kUs!lv#xhr)bGJcE1``W`VHD0VQ#EAaDiAvNV_>4KVl z)Xdq1{Y8;rqOb4Uo&jok$wu+l3##38#UN?1y2|iE}!3!U-P52mon|A3kclUdlDB4ZXIC?%&6~^HkDzg~uUdTs|!gQ%%TVz=fN^`W<2|NMy ztdm#J8ypmeMg*0;HWVN+&cv}kEm!y_)xd)Eq|aJV^N<5&QWdXRQZ7Mhr`2SDiG8yQ z@KX;;&io3^yC8!(z5DS5dLMw7Y2njmDswA8!)nL6Pb9>7DYY!G=?yEXeWfr9(aG82 zn3FURmo zX#M!dpOU_I2cK9cV^wPi(hSU+&!@}j!pVQRYOtV4&aPtrEHF!3fUVX2OZJ|oD5ogO zibIyV-@^-G7g}^#_E4XL>*${s&V4FSWQE1b!Emz5X}fjJrLIU9rICG_!b;$GsZo#5 zXs%T$WFFN zxx2k3GNswPxCbayHr!)4ikklJI8r-9k-J=@nVeuY2S2T_>{Mt{wIH`0X;?vJxT=la zGIEuag~KokLVY-^{=Kv`b-CQx^VkzWG3?Q*m^@@TCbK-&HeuOpSbX3t`03*PZ~xp6 zID}d_Umn%k4L|Lu1{gZXcwdh*f0=|)awX0YR?LwLW#~i*Xwo70wzyQ4Si9z%V(y^b z!4!(g)Ho-bWQ?w-9`;GbmZQJQu9Lmd+zRR5#81I~H(!3;#Q4m3)w9;rvO1!q?fzJGe7tTz zlqGb1y~%ha#qqeCcp9edlM4n59va>8_)#aD{dqk}$UGH|ZRw8*92G%ZuvGv%OF-Z& zgg0)HDlk{r%rei~rkUgOiGrge^il+VBF^^@v6%t8o?Y;pxN6a02CTtW-_Dy$X9Zp{ z1i0(Z++((N*i^EWNJ)g4sFCAri>9ElqA1t??CW!#n2cAC^>|S`Z7A z>`Q#B0@@*kyS6`W^q0y&dA}0@G zS3Y=65Szm0P=YXUVbX^;Flq(ABed3QH1B!9?1^!NMDX!;c<^PW4I>Ks<-QssnMBa@n&HuO%QuH_;x4bUg+J6b2+`H7hpM-W zOnoe!2Udn;YhRn{ghA$h-ne;z_V6r@sl~O~5XHx%@#99MC9F9fXI8LG74^kgxs?gM zxnnWw%D$do;4mAGa^(!}q(-f%*1sn1zs%2p?)+`KuM9gW0F(RCY2G zVYw@Q+^P~_y7eBpEV=6vM-&7{r3fO&Z1EF|d`ZRlgQX$PpCv^?FU4xg>|br(W)@NZ z@5>i{L0I6s^HvJ+5qO1rf;99UF#>Hg+5#++?hiB@txzQDaDrykj89>|-+0xX8zpq} zw6$cM;eEB|0wp;wswHLHvo2C0D!Qc2=7dG^n~e+VKB;^4juoTV_4j8z3xO8~t|ly| z>E}&PHCuKTDIs*$Pdun2_;o{@qyi``-f*tAN%rVMeV9z?tr;SGQIqqWbifrdu2zYW zwoSvSncWLUM3`7$HBRIhS#nYiWm!3Y`-Wkjx@fV24}SXud~;^WL}z7xMTSwghUnAD zpqw0NlW~KkabR1ViVB~~Np-L7gII=qC*jt$-enBU_wIQerAL*vK`x!G3-Zj&HX;~O zu!I-_NJ@ANwygLp9+IaaTB_iaZZ=mp-Zhc?TQll4*?omS{M=gcwa`Hn>%SCW0|_}8<@L8_n;JO5#9TE91P*$idqq# zxMLxPb{;UHd;#MSfRg(uqultlP%a}a2He)%eh~~2ia+_dRH(F{t^fM-mKxeFh0T{F zh|*0IOOF5(`@xwf<2q}of(fOpne=^fAHaCkXZsoS^IaLr;LhuuG8b9cmXX4YCy5dR z&Ew}r&P_w+?cT=JNnYlmo_oF?KDRPpM;ku!1tJvjSWHp!E~ssFmFlM#g9>S`$@Tus zb|CMg;{D*}sAnVE_C8E1gnYiM=t9?kl&+>-&^K^k(Lt4`PMpefmA3XLoA-}rZt$Lh z&rm)M3lyK73z@bDD_EpP4)T)3S;4TQR6RXCM6TsMQJ6EmO}43g9XgGBbM=k?Snurc z`Lsmk;^c~rK&eE;_6lS@x}8<)poUp?8pTyG8~OC?5bxR`C#;IiRiP!Z45L3q3)e!u zrCz5g9W6HOUjxt{u|Q(dYlw7Qsn{ZK|8$z^OeXMp47n^2;PK{SsYM~_J)D)SANfTH z(b-izE1hq|E1Hh|GdQksIwWPgqrRKz$iIVEemxR@Ua?tHI`V)%D0y@Jlc6Cw_^5)I z$`qSPCJjRFeZ@YC?%^$F6f1=~;%;lE#(uIX8nG%z#upPmYpY0BB%1KWk@t9dOj(fY zw8EJwLDC?3HabzQz0O)9YKFxkr>GFmR5Uu|?^GQL9VZ?IxHtIM(bb?B!Mtf2YH;|b zaQy;*7-eK_$lk<}WVlc!FEQ?Z<(7=Dr{w!-+=!>)aMsz7gVoe`OaI*=W+8TqOG|ZS z>3;P_D~h*|w{9+D$W+JS4Oh~iAq`w0LwyZJ$MmaeUb`T5?@R{tTydWV4kqy+;L7vu z$7#~-Gf70Q5E;~XQrlYDDhB@MIj=*-veBP$k{X!}F3?y%A6cH3SiBoyWVPFjE|FLh$L;{ z%m_13KC=i0&+cF^Pzc95ejX_g$*8O~6FPV;3xUn|`}6HZ!ou~pkzo@fLx$M?rV5qhVb1`6+S?HL4x(lkU5)Vz@!Z!TC$~P4_ z7-c{!bnl>|*?p`re5L!`cq?oG4J_3(N8_@DRYnsXxgmr&o?&&7^ayx{blU2E+GMW| z5WB2?1hn1{J*PN(m1AT^$sli*N1-rnPe8-Ig}diGZ>&E8wgNVOK&nwHl$9@DL`0$d zG#BX26CV>fH45klM{d-xk7)4?ChuV9mdDT?>qfkw_<85QXDxAFqr~lc9X2HX<6?P^ z%-0^1TYvR?k*b&v%wj4<24}#x2Z|muZ$Klbu9f ziB7=RH|X-zySGMPi!~u1gFab%Awg7(d6$x~ZI{$AxN~?Xjuhz^<}Ht=RnTq%JI1 z8I7Yw8{dvn)(D_tGp?SS4JgSkZe{)kN}u=(u1Fs4#`#T#XC)`wdU}b#K-pF<9wQB1 zFy-OG%`R>~X-!(g4_)JyD4Bev+RG@dL;FJ6vdheCt=+jfn&+h$6RR%(8AE*YX^!jn z=Zg2E0Bai?3gHrGHOc#|?l8F+c^Yt6$!(sI!$Np>GVD-aG)BU*x$=!gvui-NPs=Rz z)y{jqY+(F$CKzSB))ff`>q5##`=|i5;S#ZR>$7utPQF;yD8TUg89hhn1Pv(%j*ss& zamZrCppnHdnfO2nu6c##u8ob`CRCz<>3l|(kqNvoo8W(;;j413bve+uEd*yen&Hf^ zW-L-B=3#L?dhA2abzycxNgmHcKM$6#2urR=n=?q59~@6BEPb{rUSx!0gUXhB@1k+H zv1#x+LNqi;lwPOa!63R9*pq$aPj;gP_l>=Jr2L9T-}L&c zV~_Z4HlNcl>~Gb|+&}Ge7P{_$FpO@e2#bQ`6l`H(wm>E!orcfs69A3P#R}(*YQH(KkDLkI2I<7yiVHa{kcDi|iLMmt#R2=+uR>CNOm*D{VIr_vvy5A+-&;s6 zp7ObOmo3VV-prLWHL5(oz_^Zv^EZH<{ z9-{~7?Ea{!9Dk~ZOz4#b4B9I$G^6Jyytc3EN&2MjZd>U>l?qQ*!duG);{L8JPC%=7 z?dpTDI~DCb2~*Pdxfu;8JG*@g_kG>u@?k86Q1H zp-V8=9&Glqfmwq9XyfF#J~EySnd~(WGNE&AW5+bf2N3`}1p~#Q`<$-K2~Cer*%B>= z&MXkaalCU1qn+B24@#e1p3@*g4g`F0dz0p~$qg3x?xy_%e@Bq6|J>6uhQSDlTW}n) zXC)iBmpq<)jX3VG584U31ycJm(aQ!uM>(2Z*xe|g_BX1d%5c(C0C{$GW(5FQC+T3OkG4m-r8YZAlAh!LxkGx zl}<+ilH;)Pxv}?iqfa6}uUV7z$xtB#qd^Te`jQzf&vCN&qf<%-`ys?t3>;wAPF``< zA7Y+nLbRF!e7NmT8t!f6$=_<}UCg55X%GvPxuhf^^buUh*w_dp$sE;Qzt|ML9Ns46 zAlV>}Ohb)os0f`bscMus$%!?-hSR7_Icj3_(5y_qUeU_m736&hfQRveOg#IkktJYj zKHjBYNNrB~@`{IXw&nmsv1F;mS~iXR*I}ylZ5C&aXZ{3T9g88KB{H%I|^_ z8VPOZ_#H+IW3nb{3lkMmW#U?-59D;oY*|;i&Ei!#-7QIMTVFh$pw(D0eDG#k;hr43DsuNnpTB=~X3?(_ew@+Da@8#WclrI&F1FL~nHRDiy&FT(nA2dd-llZmgFsI|k1aZL zVU$@+;9s8c!-vm$vEgy^MtSV=H@#uXahCK{c_)oDJVE?8LNC0}j&+WsW7;$6z^;q; z{=r>LpKh&MN6|u1bS}C9WHt=lYIm?)fxQ+f+9xSvxwCheBbq13dQE;sj|}{|f~`(| z*t+;=s;@1sMlN&SG=}{#=ki$`;10~!w^nLVCridn>->)qeY*EZtx7 zE#?)8^)neS;$Rk-!W?&Il&H1&^7u3T`&<&}|wRm z=xhxwd?&kUJ;^TZ62kfcU<(h`*C0X#W*lrN@s2lPjtpC0!4GwpTz}Oocewux#sdF7 z_!s<-ng656e}D6TWd6SuMn63ycd8=1wj-vUw=nI{c3wy!y2NLAvwS8n9GrCFWA5P; zc%H3K-ujag@nMEUK%z3u~;uOAKKnYs3;zfaP(m|wKk*%3%Gp6=;Z zsocUFxp_MGtxy|;G`o4^_!P(A4pN+}Yg~oV`PzVIjmH^q^0*tHW6=3;5;Ml7N}N^G zTerfOwVuz#Tj%-MZZ|mUMlP#ga%+F_n^cP~+}`!J=@CoXzkc?7<(zTjox?{u-`D@!j79*O6OW4K>{R z<0Lo2jbyO`Z8P7d60;#9)8~wjhpG>fi=WjaQtGEH0P>q;BunJi zg-vtxE~mRgpL&V#4xbha<( zDmIjwW#11Tpy2P6oo<1+7m+uA<9Ba!N~xs}nYy>}BQh~)g7epYDlJ2lKwoI;Mlz<2 z`u-B1dqI4wk&dDDPchi{dB7BUY zOF+pyXK~O`K)&|kz|ESgzwn?s?x3cz4m(W9TmAjT07AA5!|nuJW)u`VwC&P@QSr`E zi*n6YT?a~XOg)JXPDuEvo**E+YpVI{3a_q7+C_uA*ozfLYOZLxT7xB;Pej(L}$3#CJR=D zU)(DMuhDZbOlP`JIS#3!jq4ADY#NVCjEgt;l7o*hDY6CtN~V8JDt?ddR9yXd0tQ}7 z102_TDA<)3h}m^@I}y)@kto|fx+NUwWo;E8Yj+Y|YG%+J(kp?Q-zQF*GJaNMVez#HyB8Qy;dPh-N1~IjUm!x%9GPy_ zIA=(gf8Xr^A1(GpbKc?wTomZDo8= zO$=sn4l_R;G{-{nZov@dF`Inb0yHw*e?ClohT+*t=6zM~(lYlu-wgmKEUgrl{!Gl3Cq1Z5%3%twQv9-_m(@A zCE+8NV_f50#G(A!m(mOc%0%)xf`vsh3gZD0O7f(kb@yPRC80jYG{>*2QydK^N^9dE zG%OmH1sb#jhJ7T9?LxP4{|2M z;FHlkLFuaM7nF2d&`g5!o>AmItlMBbKCO4dCet{INKb@pn{!YK;py>oq z1_Jl+Wf{6u^5NK2aPt-GK&JK#s%!uVN zO@Cj!R#s$WzQg7@@W7}CaU~46GhQT%Q>!<P7OtK@>mf7Tj=ixPZEX~6++O)b+!e+3f)NYX%_jLWq0BFRijOg}Au8+E8P%3rX zR>rlvT!-!t2s)UKKSk!fMKaG>X?o*&M$huGVm1Y{bjr6&ou0}KcWUz6huw)w;VuGC z(oY<`kH>z)n6FObPnchr^X{bT74y2O<^x*C{D95OPn$7ha}yow=7iw8;#u5pJ)TLt z56(;iF69r0DVXcn|IAH(XT?P<;?8u6DTzCtW%^&C4CnDAg@F>0tgUAQ_XS)5fv{v8 z>AO)60(Qh?8BSc${(>q1*r@f$wxV-?rmFCFYlGMj2P`YqS*=_bNOkrvjPrX2lx=Y1 zq2;+0;=Y3TxuFmN-ThDmm~{yscJ9kuuFr^GH*k*l8<+2X;AyR!$#ve2XLkb|OtKpp z8nK9vt0Osd)n&jdowi5{Vzn}G@|^7>k6zPK5p9~)!_ckyo`mwgyHk2 z9$uLUb3+z127u-tua2l>+ZMvQ>43%*(_Bv$mmf(Cy7rlgmOVJ`o*9;%0Ft&lAcR1I zXRm@S&rq=^mW5|s6K96M*POL+3tU_`Tqjjz4l^Cw&dg5)|ED%%S0P(cRginCIB*EB zh53XqGR#!QoA%!=1k115BrCOi8lO39br-K@#G~n?t=j>Mjl^)=l$2`d4kf2)hw6P& zxfT+cT>80sI?V0OY7%APc|hCOzG0U$K6Zoeg+zV24n@ z?_gH8X>WL0ws!M=Zds~%t%|?+J7BZ)c>Z&5hr9QfIP<^e^pVt*!E#g=ze)?wmlxT- zHXq_5#R6xOWv6kWR4v**R1~x$mQd}!L&IpzV{G(dr-*USg6IeNQ$3QpeYJypB~NRQ zsIwl+S-j<}xVw!u1*QcWGlYVipg<>pj^CHXCGct4!U%B8RtG>>&yie(%_z8%qs*_4Sv0u3pOewB-4JY zZ_hYC>+J^jvMpVW4yNrJLTh23iI;Mwl={KkJuetmSLyn~jpPi4buJwj{~x8K}RNCy7jg`GnqC(9+ko0uSa@g+CbG zGU11t2SDCV+JDS8BW| zn#!H$%n6kC?rVG41civOvdhkWF}&IU5I3dD3*PWRlw8gcr4+B3gs()3FLz+`KTcrj z|0X&AdBqnRcox2V*&QTo7hC{z>xLrXgCbeOzEcGluuH;vX3!xS>(@$7pu&EOmlt%g zyRUEW1^gWlC_4)hllZ&rdLls=HiD$8ce3vj4f@CZE2wHa5Ry+QA0NKxp7-}2mFA6n zI_llyUCK#3V1r9t#`^N{Ki8;QBtto?af3lnD*c$YU+L?xg*yYfhX79O5herc{N z{T!9yO>yAfl=$H4G@Ylba;*kgE@6Xxu^jZ$iP(&KN-BqXw?Ypfi}&(DB|PBrBxIlH z?Apa4z_nQEyp=Ew1jRJt$kXBVM0v!t-g zB}qH#c%GJglNVhMU0!0w_BMoUVEL5MOU+%i;OblxBnF3!<$iBV+DRhmWTW@NUWJqX z^RB(R4Mkg^M7H9O`~k;d__OM3p3-Ae_SparBEqq2zI=9bYZXU^!2w&xyw1hPLOsQS*K~^<{fWU;l5pLs)!3N6J(exu?h{H(*kK7lnc*~lahzlF- zlOlp;)IU!i7Vyyo%S1JG#|fDnsKEQ7*;!kXG51L^BA;vl)4(llhe4aK5*m+1a|DU) zi}Ntt6fmp}X8p{fd?2B)BrP(}Gv?RImDxw-0vkE%-On?98`Z)3jNRtHC(w28qoH(m zW9lP&t%d)%72diKdi;c2=f}Z-G}nej?bm#C(-(FyTzgm@^9N?-jwx&751J~nbyUN_ zKvloxj^6kk($q0&fcPwFAhr<(b0Qzz7MRe_XJn~TmA$6L+cNNF8Ka_VIBTTfxhC;7 z(sI-u2aVx%^otKDmE-w@hmZI^Bvs{68KZf4`DQKvxsbak?==PPWw1eAg#BVx&-pn@ z7AT*2#1N#p_VUS_g|=q0!bUgsP_SGHEDGUTIKOk5gax}{4BvrDn!4@>)jR0|BGMnd z5I^X4*pk!@Ka)HYgBz=Bz9PMd+_#9%!jIu!cLIJ-!CbbMt9(1P+`_3JWJ#uY6lT8; z37|oZ_cHz~Ms!cSk+)z-j>Q_fN#3<;D`v5CNQhE5uGp0>y%zHA1&4eMx2^jPA;+;i zGaN})IhumxVv`?c2O<2qgYWsb+1lNdy?Yu~IdLoe@UZ3g_$L;R* zPvz_6{HETkE{lqa$8~hRn0MdyI7;)W&aTdN@%q1%sltiRtL5W_5@6HTRDgGAsQyfG zBd#(UR81$TChSETIy1p^w>^D5jsR|G=!|0Gvi~l0sbk7+j?fZuIU|Djk6tx4?Rj~X zjeMLLuzXsE?wvB7LV~*L{jKMvOA3E!VTG;E-r%5CyMx>ts@Q6nY7W1>?>8yJgPAX) zS_hp{1p+^Si!=4hN>^;y51F|I-gE>7Dx-o8x65g9m#E&|m47{x3A2*v=6~NIzuH+F z;qI^U?G;b{*ZkmceWhBY0Aq~-Oq=p&@@!O2!A-y)X_#-eEQ{&%-h>J$w)QaW0>N~* z!D;s0ZzJZ8!X`jo-Ns(Bo-0`xF7|D3>M<+QKTB_CyUpCBkJsZm%FM1!gL85S(&I=%-6?XYhGMBVil`u~y1cCcZaBUpuSqg}0zT-y1Bd>ZhU5Bf4;686(P|21yP{4Rw`h1_SL@45_MTiJz2l?tivqJsUjIu z_g?KEi4$@eG?@8A22P+2Lxv0TDjGogX*SauvDpo-vx&4Hamhu#P-iPH{0!?)mh8Ny zf6SHM$kAol`q!#MH@JgV(jVTW2VQoINB}1!nLu&krt;|TxH&m)+rJ>#V7GFi2d;Lq zwvGCnx5LuAKLh&dL}8SP{DFvJn;;GaA{(nus28To4}G8U-t9~2vAHmh8L!ifnZs-ZBkC%qpnZBk-4HQ1t=Jvovni+zG^s zYRKJdf1%)BhMLNFmbdJpGe~?$jeJgV`6%yqi4`yzWy+?totzW#`HM>0R#NgQHDsfJ zAGxzi{B3@10@2J`=^`=W^JcOe-0TV)EVooLR^&6TIuEa0HLn` zrWC!cifu9X(p(q$!3nF+^jpRJ3o(p>{65*He7kf%!k;zF4ZN{U!OOi1p(>~dIJcYF zUKYSlEn7dorW?OWvW*z6UB5BS|4aaPy9?IdKE1JC6NtmV?grGS`no)|xiIpcb4HCc z*gd1IyC;K?wq2V{tl|~{cNPC=+7HB(IJ?ECr2SgDYd?n%c8Ri98~`sPvuWbSbFv?%H40P z4R~e3%0^219`&(?8nr2Jyc^mN9thGaHBXV^E50S9z-@>byUNCpSbHPK)kk-t4HQ<) z4Qcy$waQRCH9oljoU@NVd0EVUdQ?Uw7A65dr4?%q4vN;!Rif$I7Y1Frx?00z##MP% zzYv4JJ)UGyb~wbW%%bCYIwOVnPU2S?)S%M12Yr3?HvdQe?6!YHah#sCa%;AdV2-;^ z2VaN@G1ilswD2KcRVjK=Jt=5xdxXPYEY()2Q*psQyuOpl_Af&nSS+m!`9-EZ0hI;B zwzt74tBRV3NlEY}RwwP5r}f_gP~fxad_F#+;mzJZvvkUPaJ+J&f4Ikz0{a>-0E*iQ z^a%ekeXz!7*Ss=cf9yffXeG6FBXrP+{SkLym1J+;77Chp5iImLD%78R5rmo~K7hw0 zh7_l2pk}vo<&5Ffmv5V_hFYeZlF$CF1%JCS%#P zsEGb0CMGsl8JX0SPx3RUGVTMw8>2g1sfL5z9ak$Z3lo8Y??F$4JNcsNUnxwqJWwxACDi;(JRl7X!v%e{}M#S1%0~9B;c5?ZrLp4$2S~ zOh3=hAE9pt0Rdzd0p$*MSN+Ys&;B*tH?-|jyz1l!6oWXuKTf9XtYd{mU5D|uMIN`G zb&lm}5#4g->4ky^R&mLeyyEnWUA@G)dWd;Bj#w zQvvJjX(Ch42$|DWaP}9_!&p#K51c9eGYiDOzTmi*!iU^YQq%e)OR5&uas2pF7y&4L@~8OK*zgjC-XG2A{&wiQwZ z4Vk0^rRd}WEcw9?TaQ#&H&N838yJR>NQY4s+tQg9MIyW0{JFGiVFf(xeRy^kDpk*c zsc%W$VWS`2gEHIR-#AI46hfWT(z;Dnv(Y3s&ywyIV4%2BKfuO^X-aBb$W>5{SH4a& zTd!$()WRz?_5Mmr=#h$h^#_9Jn^F4Zd(j@hh_aDoJO{ZI4f0ZN?)%?wVu5%4*B~EH zZ_)Pk)x=+UXf9WqYnq}Ws<;@^VS`L_Y)fZzW}0sYOdkooEB1S8SvF~mLg_2qb3oYZy?3e1_Agn9dR%XS~ z{sbGFw(TNqnB^@lGVHKD={i%NB}(~d++sS?#v&Sdr@C?RG+r~NU`IV@FK zyV-hTLTQ?z%Z^Q!Oj<<*gfys-PgVWBGgZHrfcgsZHqWUKU>h489;z+znJ@{r~;! zB8fb49LdrV%^|bb1Shf|3tS<+RvRCHw*M{Zy^h^O?EUo(#7e+e<^J0rFE=kceW5o6 zuse{pxDPOt|Ca&%Z1`e;|e?6z1 z+z*b_RWQGyp2k>UaQI0gkVSPUZES<#6`4o@-$${Je_% z*JmsuZLB-Lp%0qqF{_X{GzM+v?1z=MG=#MlsxH^1**x6&K1?StjgRXjpxt)=Dgsru zcq|LvDrT+ejuTJUEDg1Jju)b8WRX}Yj{`lH;A=QpuVi);u>8yR=_aY}#r}SffZbF@lkFT#*1*4TGQ5eRy3FP z<;3m#j){Ege%Za-=F?fiL@!yM(jVI`P@G%XbQ8jos`bwKzKxHupXgKT56cTDV#Ag1 z0vNuAMDy=wZPUA^sSWG~cpvjImp7BjpFzF9pqYdHYi!gsspkF1dUloS?{UC^a>M4f zGAz(T-=Lxgz4@YZRAGE(GIzsvcZSagCS+^X6E5R>hQGZK<-}Vkh(waaamQq9rsPm= zXl1=f0XngCC+=82r5#N?}(M?rJ?B5o5M6D&~LHe3+8E zm)6~XJ80oDeG_5TW`&EfyPd-+U%?yi*qKy>|i6*|{R!CU?4B}hsxvG4O$ zyYXEUfGV315}*%TH2*;ME~xs)$r4{{E!p6PnVvuva6l*AR7C1%Xt2&Zf6-mNmv9tN z2NhtHlT^by>go!W=GkC=yF&eIghMBJk8ShNUmLO_UZ(x2YQhx{q;#jJ(^OHkLA|}+ zbfUYEezwzva!j$! z?^2gVoJAqq@>37ND#Qe`Xb7ify7R$bCypzadaG+p2GW6TQG*T%t;_t}urOy|pc^87 z(J%1x^ogEefrw`r?c-v$u_g1D?@9MIy@`eZqR0zHNm%g~3rgYjPPj()oM2vtLm^Ge zg<=MjNeO}hc57=C>;*a`7%u`Cx0R$`&2j$ep=v2z63x|_qg{|G%_+6yy87RtBs`{N ze%~uNu6uhg$-rbF0LB`m2$V2PFKiC}a5va)xG$_3XVNvfHb z$CO*KYt~`1q25rL=csPy9iatzO$ntmw%=sv`E^<%s2QK02^NI#q{nK+K+ z&$_&DnurkOg6;#tztTA(^x(wbw1G|e@6-j5_*V)A{yk0cH=%<`|FIWCfvzCb&G|P$ z{QoikLV+9HzmXyQXKW*SBkf-ocYS<%qABum$@2e@Qp5~}0>9dk{&V-_6dCCT*Nf&t zh~N4Fp9mfw|9l`QE^Wz9^j5}T?N0CsDFqh4h=i*6(B!w){n#wqYJyd2TmU4Tn|+&p z(9-24uhd!hgo_)Q`GWDc6ni(bERJM#A3a%!v_du-*i1vNtsr?rd?=1LONN>y4;p>_ z9Cr9eGgP20*^1Rk#0dw znNcNBLt;IR!EICGC;H-qwfKkx|CquvO^v!;$1+tUwz_88l*aV*a+*&hZYrK&zm#er!UmeuK}g$J5jNE*Y@& zo!XZr5|q03RBZQfzg8{}X?lPe)~#Ft%_Qmwgdf_qnSCv=8l9nP#2P@ht`BQoYgE-6 zL0oc9`&H&?R$rv@;gCzIvsfI$Oiw|PT`DO)9zGCZXv^g_go;RCOtIV6$4I%WRNA(6 zxdFoeMKwJn7u)QCLX%|TN6D(QAe0kZXWG_;18?bq?GQ+-c7WPdFd0^0w(N9JI9}l= zTA+o~cO_3qx*)e|2y)5?Cl%SL7sL#(nx$>6^UieUeMWM|{392$F%~ zFvt%b$A}>Q+9S-(bH~~1+44_?jQV_TL}ia2BjmhzX`|2EaIB33UjAw+~Af zDD{Kz2{!jdoLrqa9icmLE-vgbCe-+~ z_mWXKeD14pDoV!Hmwv4+tIJJxnOEw0n~&QC=L-G{1=Xc;)^PMtQGm&&-k@Vb zMDBxQ)4rD2+=88KZ?rz7kCW4|k$Dy_WRuzg|6)kT+yKSlLFa1(etlMf?)VX)I{&C@xcRok@FVSF}M zdpujbD~p1OE||=%iS=LX`?flRYyrDS z8`M1Sa0io*Exa5wQW!9_BQ?4?gg>tnaOS2=3q6Npx5*)206`BwslP#lhI)^OJF__w z4x%+4IbwXjr+1AT#K!G2?~!x0KUXN!Emr5x^wPU=m~m*g#JxUg)%phYdh0VYYI)8d z_ihd6ng{A1rawsyZh#d(S1Za8UAW$3d%Vr8-WjXP-*~S%jm;xj57rlpw0skDvURM`W`f670arNL`y)8u>uMqNY`_Z0eYEite80E2Px16 z<-oxtyI)Jn`nkdJrxoj=ZpK(*Vo8r!ITDUPFyhig zef^l{)2lx6H}`{Si=Qyy8R=fT+R^-*2Hp`#Je7LGOVJ%L2lLfPo7{k9HfCAPqoij$Uf;v^ z?(K~Eh^9URCTVp<&P?rP-9CI(`Z^k}YIwW5(g9eoq_$JJ8O1k-sPV)&~|$|7!d*do;JY5WryoH4Ef&O-w&hg zpY35&`74aAC=smpN6!wA^Kg-{1^14U^UpJEbLVoaP=3++QB*JBLbi#5>FD~LlSkwn zT^|6i_cy82@?FWi-h&2TDn5POTm6+r>IN+aX=?-#!LLZu(zL~6B8b~JVkzb6jGqcK zDP9d6r~=(9@U};@yF9-kWo)H;Hk757N9nuA0ncQ*S--C=oTtp(&YXT2IG7hqQ>eJz z7O|Y)K^gd#h|j7WFmUvo&=3e*y%8I@EQ$J_rYi<@19lBWP8{zVw6W9(O-i~)X=Oz{ z^poo_$`JRA*0aQSF$8_9D?^Jk?KIpK18X0EhaXAjA-b+!{1HW^`~xc=!@lT|pc4B+ z;eP8dV5)rn>$K!x+(eY%s67QC(+i5nS=cy)O$0B0($eGII z!AyhjBdRBsY0^f*Q8fEM-dQ9Hcz8$2Bl3~GPkY$85fWSUlsL!B$GWS7nUpg(GD}ri zU_y|5#KG(P&xc3$_Cp8%4G1>!6LU^&uWQ;J@wi4l4cBtW8iF}RhBU2Pj#8T=Vx?q8 z^KSHg{;ySrbkr)2bRI8aIPd2u-ZrC}KKrCVS^Lv)xsNaG2>-L%=$yekl%88ARX)lv zC^NMj{rtiL^2l3q#}VKh`Fb}S=v$dvxPXBDqqEPCz7}?2!ydobNSdl5{d5tdnRM#h z!N`Ii_RYIWJyAnlo62$03!@LrEFeC8djAX;z3q$DCr2y%Efrqm&q`9w0pKl<*Jt?C zP`T}9TBJILH<&BjMrxZ??<@@3m@K$ z16WCV?GNW@YDF0b1z6av$9{!6M@$iAd`gXHfg2{vS_^{dant$ za@m!?IkxozY8x#)4vlL`roxO9+W+Db&Up##np=Q(@0I1 zvRr7~oqimL%dqh9S|vk3ygh;!)I_5DQhM&x*L!}g@2nl5mE8xkj)N~z z^pBq;KHHDng10`2@miR5|5Va7Ix@dDN!&Afn^=oRWWlZgf@aQ%M7|rLP?}T~F_}Bs z6q4+s({tVl1aL3jPT$H&;v4AAbFgJ%2$*54M;b|ztiYOX{cUn0hn6rWSX0+;I8A-wgbbc_)S5_7FFlp`4{8Oi*ecy$-nKoJ5 zR>^xd`__~BROZw=u!josOH$yK9Z{){kLhI7aZcOmLnm}u(ShCh2`4$Pr6On&SnpW0 z_WOFaXS^aP)w1i)ux6*BdN)9PrFKD2(uxuB-OINOo4I9m`KV&K>P`Qf0fir#4G-SiIfj1u*s&C}et{{K{x*@A-TQhQdBqk^Sy;=C9xxR+P z5Om>?W#^SLsu6ouzmvx`#jwf)JUA}j+lS;R6C=By4eo_3`iP^}2Vqj^26Ud}pfD># z*-th(GDDMlXl_Swh$$?3Fm@o9+KA@}7aX6etDOe|=~$)-6Vem}qBKKp2K$|H)_vwn zB=@Z9bbw2Lr6er%k-x9FnF+ zFiRe9T86A8fF~{DI984s853T*Z7wLvjgjO&0=c|c>bZWA&0!5n>ux_-Ecw|Qr))Uo5J~7hUe6(#>d;U z3axgHDk*qXruhobSD$y2`Vf9)Rg(%Cu{mLMjigcCxHgSWPg%Kd(87#q&A{D#o0R;K z%CoYG#ggHh{>9N(ciYpZY7NPXoGnTi0joMgrPTxzJy+x6!JX)}9Q}@t=E8kcQdw5$ zkG?Z>O$Vs9#$-BQYjY}DCdFV*ALg>v$eLyBzL zw%MkH4?5x3=s=@Qkd}c0D%6!vrxuk|nDNINv%aD>`U>_CsR3?k61qeD%hMFe**&cc zoq0W7GQ^ct9D7JhFa~9=0pVL*vaynqX}5v5{6?N6vx_qriKa-j2M%R#a9TDa4YmYt zGb}?&;4_X@yN`QemuGzk`nTs{EaX?tlQpO=`Ij?1DfaT`XS56scW9v5Ago*n1P z4Ie0B`T}Xuctd>IK#oVQb?&VW1;wU+`(!At3OWHd7}H#GWuLCYXd9`fTP>Fd`{f6^ zW&(9(ZwC2|u6xM~&?d;cySeH2EDTJc2Md5j%t+-ZM)25bACWlmsXJGvhV8KUwcH}jFWy`ck}H#NvlW0 z*q=Q&9EH;WRza@kSq|AkZ^>v&VyA+TVFHvS@!g5OVrf*cFj9;$M>Nvv(AX%^-ies~ z{V126YWuONlgcsp6NLw$wFj^a@IK}7EHZy!^L6Zv=MI|td!mkM5h757SK;x980+yf#;+`J4^t6) z;72*Mis`(iI&tI%x1CaybSR?C;6LPPqd-@S-1`LW8UVAxqwmcrJ zD;ZMkLfF9hJ59}p$LX~fhbx5??D>KdMghsVUe@5lxr2YiE^LSn`lk-TCfb!>aggGDWUUSaMW<^#@*g@s z-F==7yib20rkBcViv~K&s6RT!bvZ-+i{gaOwn9IrE+C$V9dOOj-R#NUnIyc8=+MlR zgs}Hx1@s+b$RxV+?F!MyL;U8>1h%SEKxs>B-#?QLT}${`V1_eHTj!6}FI9hXkVk;& zAg6atYscC3bVN{&`#Vu!`03;107Mj(GqT}K6N9|=eOyF7A7^FD&QaIXVo!$|AJd1j zutI2_rVpwRCq^Uc7*~n*&0*g0kc1z(xE(2!E2=tq~JHP^Sy%-kLp!#-8( z#uX$?$$AW0+XM85JKSEdDX=y!=knFB$Pjv{pA0j{(k`B~SEJ+i)1Rn|6BSGY0=gtF zaAwsB`PQK7wZUE7ZNTsx9I7;aJ5;(kS;vV}4F^RyP5ad}EZ$tN`TA}&@;!)HIO`r+ ze#BTzTd(RHmq^U28JePQWcQc_-FVWqtc|8HLFRTk05jUp60T$1H29?i5Va47vCR@Q zGR(vIWr(M;z!ffp#dK;JIyCyS5F@Iehe?gV1I4ntLY-Kwp4#x;u%l)U+;YH^F7BLDW4K7#5pPEDerro%Z1#(Tz|w6QmDq=@p9eS&$t^Q7#TJn`CBW@64ep) zoE@+`;MeUz7F! zG0)S!=8wCtT>{7zFEiiw?>BEfofcX3$rgFnEw#6NT$O|};OZ^0qQ(abJzg8Q^_@d5 zKUJ3=;%W=fsw^LaE2!fwa;Dbr++o>mi`n-k?n55ph+3yOxt6_YXmtI#PwfJr{)(@a0O$73#4uz0*5d09uoKgPY0~}tx320c1WW z)~q1!qpi>=M4y$lt;>>BKjGFMOOHkGgA!K1JH+Q!3Am>o-{7{)NN>6lb+YzTjArIS5?n6pQRjg;F~H;)D!Uy$R!IX-Fts+rp??qylZ44 zX+X$udgFFldVEY9XfA~3zS9Y#8MhHYVL5ue6Z#}8C=xmMJ4?V`=#WzMD1-qAAJ_aM z-DZoWHSiE~lepPPzkBrkuY({yO6KWsuP-sZhTml;$7Ac(b)SfFu3<@kzl#iLeT!RQ zI=M$?4Icg4)O<=@RF$#LAC}d>sUT+cJ#lK}RV=FREEO0H)oNG{j7^+3jpI0mDFyUT zGE%mJvUl2MJu-h9N*`c+3dr%p$6@{Rh%y22F@!MIR=RA|BXiG>zx5ppV7j)NQJz9F zAmC9?+ppD(aJy`qkUJghA zZ~o0ykLl}O$D3WyZ9+{Av6`>sNXSr)jg%%-V6Fl{V$mg+VSX`OHw)X4dGIj^?n`K+hS#Rnf)FGG%+AfUa zP5q3r3hlEg#)}b1B&7UoY?~f+`{hY+cUS(-FkJ@&$jd86((v{>l)&@{z^~@bZ zmBoj4h`1KMG-*Hq2h!NYG5_05Kg!GGq^{GOcN}zSSUQsy{{6^FbOeJ2(zK2N*4qWe_^p!OmFte|?{hTpeiD zN4*5=|6$13{72#e_&&ARYEwnpuKWq}X^<;qac{^=5r@*t3Ze9?V@EWn`Ov;;n>dQT zQxNk!hWHkXFuz*_rF$8LqKA8oPyiHL_E2=~nw)u1G3dv-pzIb)dk*`(!L@LeQ!+Af zm?z`Rypnf^{fk0^12w&R^pKT8aSRQ!alDOjVmM|>oPrxftv-#mZ)L)Q3UfwG3ab=C zl(|hFcm{<)4Jr&q(hX82ZEQ(GZHW}Imec{X2+AAMUNBXLL^TX_(z{~$M5ZzBl3_si2IAh(a z%rJ??C&Bi|(w{>%&4@;Gqf>Xg&3* zPf$gR>i(MBKmI_(n+M-d?6_CQ8npT6Ah?|~dLb(El)WfonDn%O3T9znVZTHAS;{R3 zej(-`?EjL?r>yw=%OrEg-4CXbo8JjdaO*937)hI8a17U+npomh`!^7Vfy4yj(r^i z``fG+UP3jkth_EjU!{t|h1=G%k&+fBu%{HR1?mUtudQmd(0=*CcvIATt7d?hKm6C2 z_feS0khVYw|NH=V{W{JextI2%CrZ}$0HO9qmY?n23otG$kAqfK_zZ30BOwt9HX)hG z2KCI0ICD@x@D?{mvYpoCSpcTw(_LPr)z-l8yH?V>bmQC-)MI3W-#sgxbat(o_%PNM zP{bRUTlWOqC455VM;XJ*8SSGEE(R}n7a7lBtH_s6zBIobBYi%9YiUXD zN3gk8G4ub59fN#-C%gB{?&Mo8-poMY;AQ`Zqi&fn3Nc8{v?bj`Ka3^^bS^TC{@e-8 zgw&@F7;q9wukqa}7VylOF`omz3XRti(r;{Do4Whoeu47O^Eclu zLJ6arO`!th7$J6;nc;c^>F_Got4jT>U{=0I+#|#+tglf&B!AKvakMj>pjUp5eqAzr z9kMm2^FTjzJx`CLr$X$CcS4to5oy?TBqBgbw; zh5e7OxG~|A4}si$8X_p%Lg19j8!F2;ExX^|+nSU3e+6ko3Kkj!c?qigG>vH^7)RY- zlJ6X=?DjDaa{mSUI|Mqbv%tZA z!aujrU3I1GC6YzJUZJ9qGXj-H|37IkL#1J8DuXR4)4R$1Zuu7&U&hoW%fs}Kij4Tz z1UV|E&4xmLYUgD!-{-#NbmO67eota^DfF&!3f{L8p#~Nf($diX-61dmq-iMn5DV-4 z$Fy>M56jKob>qlQ)gzCFs!PF{`&;X{SAq(WllT9{_VDcLu@xoqvie_tw+FF@V2qh!?1o$Tmiv+7nOo7-cEMF| z!9~l4AMy43(9N-k)=#i(oDZSQJGXKakWDl$k>uB_^Pu7N+F0lDorLaR$0-BlpqH*n zRB_sUFyxV~(cCe{3Rw9myQmR(wGy;bTkGIalt3J6>3WBsmazpc^PGQ(*3hHpR$P&; zu{aPPhHslYBJvViJIandoRV8onz7wRoM5Y!c;4ANmVAzGW+GIn$)`6yw~(Ylj24`sUM)ebfPNNmb6H&i@&6?kt%8{Gaf!m;}}jp zAGl~gWY1Cp-6uJxC};KF1Z3_P7^xOz4FxJ1|JW!lw*E6!B0qT*8ed&sf6+K7J7CHs z6=mxx&kX~!I&>l1qDkiNdu$zpCoFiS7Rj=l#3V-VW$Qe2v(T%@Ks4QDmA;VXSDs7i z+U!_~sg!`IW*SC;rp#sEr=fJLolYugHa=Tt%SxJy7MffdGL^|DlwxlSO`Fuu05;C` zAkIeQP6%%$gf<>cXGbojVTAftd+>yNb=tP~WoT`Wi=7Lpgo;adz8B9v1r7qQSwZa+Q)RVX%2(k&m!p#Mq(y{dsGh zF*AGM0^D%C-*SOy7MbnLMC;=t`QF%tY;`53jL@u?`dRCV zEK7@ZGy8z7MFz5(uuIOfp1eT~Jn`xyZ0LGw39V8m#IJ->aDK6x6E{ENTM@aR?9aZ0 zClj72o*<)eG7w{PpKhm-jRvzBP1Sh$ZG$%#|=v z69=^nmu*k~9SPOM6+aa|T;G8|u}dH_PG@yro%h|}Jo)f=q3LHC_-a9;35nuRJA6gF z)y%+GqMd%gR$0D2#{a@fD1iLmc>8~0tIbeeT01^)&~^s>oe-xNjbE$lHb`XQ;WKs^u0GmnQ%#7r$`TXh&>{Ol!l zGcDAbB)6OfaGbV1gU*HZDxT}ibJ?Va{j1G=sOuU+jrCQPtt}L`vY4*- zw;v&YxAV|Gtp8c?U4FX|0c=6jnxe-AtFr;~JSHC6g>}NxQCgB_LwYQOpBQy z*aBKg2h8tgZlV@ZWQfo?;-oi>lZoufPL_N&=O9HyszHNxolmEuq)v|aPJ^0?c6tNVATya^c_i_E08t^t4 zSY1DcMp+5;CDl=9Hv5nF$B9EB>JnLSUHesGKE)n#B?1~tS9(vkkGsZNje)A}st0^N z`Liqt3!6Gt6Pqu8WeK2bf>?dw&n-vxOkK{PxyCLb7<(_r92@Ww5mD)I<TPw#Pw~Lo2DzgpD)r2L!OaA>6ri!LwEeNqx27`4`A(H=04}@_7}?GC z9!%J83C*z<^>$IpCY>$t<1er_VN*cnjF=h9t|49Mqq&Y|p2+D-)kP6>Gmcq};& zucl}jzFg1}nM@Dcuh^PoRb`~f)0SYsf~UGDWviQG4iW%d2s(mfWD%x$^}ULExrgXa z@>!bfRYY(b7GrmC0Ay&pUT_++7+Q$;bK6a+92z|GRx>l9k2b1Ta`y_cLr$r-lSj$= z6(0zoOCK2^u9~-SVZCq6RAmxyoxg_i=HNosx$sux`64$n${_2Ij_e5O3rr}7`ttd`15@|~X%n=rAC<8Y(#b|S}5$x#2sOD44`9&MU z%Fk2i9keIQT;{f9z2y6>Ho_1`o=erHS(~*h^5f$C)cF09s^&_DGa(OC0Xr?*L%;OP zsw80Nbiui-2ci_AjZpHWY^7vL@zH|>Yp6_9T#?r%40IqL%e1C#Q$ik?P@UvHJfsk% zsTk`=9ICBS&yvS9t;+*l^*z& z3N6l3Uu@S=+CHuMUEm=(r|C8^c8Du3bmukm9yq-@mLsLxcmKtE90Fjdsa|o8%hx7t zSsV^_U9;I&MSnlIeV|}ju6pPFXD}6TV8jOja~)=x;hU2gpDysPJjCDt?7ghixnF{t zcrVWPjQoNJ=Y|M{ANDqEC^Bv-4F9j4!lghY^8)@C|Ijt7;^Kq{U)vu{Xxct&WGuHmdx$c?9 zF>9wQ>eX83#?F^sfWgB32Ymuv&Du>rT!rg;nvK-Rw2RU)Iu^2gA8sAFanh&UIOgnA zm-9|;7F>H9@*tI55a(AG$QV*am7n?raw$%=(mZlMCeU!|zEz5YJ~F@wP0@A-#`(6A z>{SL|6jq=((}fp5*lk_N23USlvFZ-S}Q)Q{8Xz8{i7}LmTO~=M>BHza<*dvhBil zS`^tuBKwS;aQEg8<6=7S%RJe`#uMu3a{YTh>C?R zhxobq7LRj;bxyy<{xXw-!vWnF56aLCXgf1l?gyYIe|0`>`qnHCT7zx_;1@F7&eso+ z=kW;EXZKYY02K6HzZ~lEMI8vbxB7kd_X|XZv(jZOffjY_$fmC{1ysGugnP%9-K+fb zYh`3*@?1#K--;Xn|AP0i`ZiDZM9dF9_x^)FK6yOu2FOe%=&oQedZ_m&QenzD3N=*_ zY1r@9404}0?th_NK0N?#t!AUEmygiw&ikz=E~RIYZRvge5|GI`toIXDLlV zu#QvmLe~z^5}>)KDTr5d8eY71AEd#4Z!X1WY7Q&%Fr5FpP+#Ag!HS-tN3y>W&kHje zBP=uJ{E-reBGyrsZ~!Y2x7o~2k#FCvECq8g*&AOU!##9axe_<~EO=8BUyYfbDhP94 zi}aCZO^JSSleUa-*R+#f2uXlYr`hN%+;xr`~>V{RC^<67X*|$u#y(CeQ=o@wW4Mqm#aMPUg7M9<^{SnG&7cG zX?In2;$_^C)vL;9YI}8*=NABS$JjQUSY zEJR#TWu6T_SiAbP{M17EoTebg$Be-yXZliYpD*|#O0iDOwu(c~^bp43NgE$$b0kgx z^Ko=B;zmK8VNE6WbaLs(nW0P97PuddkN-y0>Z z+yQJaJfdTiXo8wPR_lz`CiEt@s1DaUUfS(Esc+Fn~mxo5kbS<{ti!Dc&ALBKygK3<|c7}o51?ae`!{Ci}Q>cmq%nLfmli5Yr3?^ zAHlZN7ftptV`M(N1lyQA8_zMK{BJ^90Xee|%aFw4a^E_vx6l-csx|$0{bY}|!N7%F zty6rSr~1vFB#LPRd`%5i$M zNbNTsbq*@By&Gi#JqAnINCu&Fl+(oH9!Va1UKg=L2QB$xu3M*kHs58}w)GhA+Kdx# zO~9tfH@=4}8w=opeTM~WhgrVrh*gB{VORd<2^arrkN3aiR~N7G!1;&RL5Ob zXw1t@v`W*Ty`!1jq4QH-@C`S~F?v}R45a?K`R3hWeoK}2rk7n;iz~9ssxTn@)5dpZ^%>le6oXIxV z#tK)gW-J$b$w+;J3X+3>dLMVljr2`<6;1EH)&6y#@<@=L*^=@bqu)k8rgTGZtGqKcEOV+wd?Nzb$~1RCQ%5sB<(RSQ0R& z>&h&t(_5aGyp;7Zp0JG)r^*-$Z*)w2xkT=Swu-P4w~R1}&!-YBDOod6VYrG}Fwr&8 z)%|nw;(~3ITA8jW9mx;GyA_{tyU->}zOZ(szJ2VL=$==Ys_>Z?aB}$W*pBwQ@d95# zJO{Nq7L#ozjb|mf-n0k@Tx>I2=Q~4-_BB*#ZCQXc7aeQRWdYHms}yg;_Nkj+9XNz5 zY9{O#w|TZboTk^><^1!@PDOOx?O@u8jU_3S!0`vsk%F=XI!b1h8_G%QoTG5NI@O%_Tt9nlv6_>tDbvhv%0Di zI+Y~yu<+{|FEFcqA0pMqvwRi$T_tiGkj^VRgZA#Pq|Vp0wsh27ew}_pmQ>0C8}!0I z$4^hvMfs#sZ{{wc1s6VRPicC%O7Jbab57BjeYUh%bT7sj=vg&m?D%sLAqJv)Rc9qb zWt8q~?L^DD;GPwrkWF@v8puh^eK2DEXEW8i!S2-Q;7|Lh_T`?Q2-HsRrVclQG0a3K zRJ2=^4p#vO^1Ch=1C{YZC_qiu{*=zZqZxQ)rgMO3m{7dza}~qf zAhHz~0n+W^$92JkhPyLvc7A6OVeCsL*!oY-2JZ*^wcIupQ`3G^CW#re_3QAS*(wHCL7wVtmrh!fGf|WD%={ft^>ZgD*wjwskiS^sE_-sU1L+S}F;r#s@@k~ai zw^g4W{b~}H!+zw-VxZO{ks?Q;Yk^xrIr6q)vmV?9wmV8$OTVC*3h!1TO5;NQnrzrg zHbk|0T8}o2$6dSRgvDhVWW?(#@;@zzjTA(0KXqalicY9$qxAw#>2wGA z*#ti(IelET<7I9bps*w9zA#0Zoj+~dwU{DKxCb>(c7i$XY%Twca);f2*>yanf}EQ7fKU2Qwroje0Fcd>z!ng)fad;dN~s!rTQw(8c$HEj)m}@#DpQ;S zkR7DxNc9Ig4aT|^P+8y(^NKZRA4rcsF(UeoIoEiJz6~igO$90FsbG){>uPvDMJ5c2 zFIBkViW5)UULUxXR>XH`e`e~cuqGjxu!#ZY;0zy zZ8vpr*Z}S9!u|+OKBvLb#Gd&*0QPj(wKrg0=?(zzRu_MeP8#*62?j7cZr)XzbhKpKajVf&@8~Ibi&xw7y^#t`mAi^BlV!Q-KKqL|pCNpm)L4WaaJ?UX(=-&uf5>mN(9J`yqb5p!SOq=z0^zOqpe2gVgl(1tm z$oObt2K90qd2oK1lN&hFhYT>L%^KMDZwg82eH!bo8!{{We%Muz3->ls(x`Zo-*2au zWTe0%nY;MKbsy=%55orHN4vy-aX$;k()A#N^mn)gzQx4hh3yI|-u*SLtAY@@-8je? zy#Gc+CgJyi@fm=?;%^^*1&C?ZjoR_Mn0ICHu)k#^B6Z8#8q2?LnSs;M!bnIX2RnUO z{nQ3M>N-VY=x$*TU`Y{j&S-SqZMr32PNv~g7+F?tvYGv1mMZYppCFwzZr@<@1D>HH zOg56eIj6!XIx%tzhO0yv4!%Rx8^@eYH{t$)F||~kScyXJz6BHF-bJ3@_qwO9T(FVVY&IdhqT8cbszlxg;#PQ?T6#tAxVpQ z6_eXia9(#_gN4tHh7FUM(op>Uo`^AFt~hR^lv2}oNKsY4$Sz+ImXooD+LBtY)3 zq?X6GTpKS97*DwDNT5yBYCh-fEOUqeataDg$j@_dDvT8xbMqAXJad1J`}s>|<&i=| zY0#g#C)t@^Fb!5l$&$;LaL(?A3t~AFgtOC}KDEJTl)m@kh0O}gBbL&@sS*QD+;4Ovi`|; z9PS59O-3|ODZo4Pg7A8k%}!pQ0auOH+X}o+@dKvIXGGsfQ=Ih4m}=j%tcqpxTjyBb zL$BTR?aLd{7TBKz8W)f>#r?6RxRJMKud8}?EVx+L@NY&XmP`8Z!1=roRs(<@=< zb1#z={RaEg%g2KtQiL*?^7 zK}w5pp&z=fwTexdslT|dL$UvaLnl#d31Qd1DJ~=$*q7&(c%hBn4Osqq#fKkbOPTO< zt5?IiD@U~lnRF^fe`PLiFhB#JNl#(8>KGgrfkvi}`P-Zp9bb93ERrjN0#`KH__I$Lyv`j0z|3-7 zq{F(jTh5=!?Oub^mDJK9Xmk$FkBtB70UaNgEi`+Wmz$nUMY1|}{w8+cRHEQPr|C$iYPv_3K{7v(KjRY)Nm`RMR= zZSrPw?d=)V1r*J^chY_hWZmfw*k6VG2g=SIf8lBHi2TI3ElOCJJfNthUnIk`n~98_ zP1i;m1iW;t|CD*RhN03k_F5spq}(h~%X<(-sT+v5Bt#;^JNBiu?z;sZ*CEUVq1f%z zs~#UkEVYW6q0%!QHqkSC6{i%-(nH#;#3?ean)R$2$ITf)|Iu}KWOZifrM(50iIrST z&Q}N|i`E92snTPh?J4K=m>%8j5L`dw>VE+Ea_+%Nntwar{|3Ty>KC;K#Z8T^lDdxLm z0g9|`Md`xm0hdalx)(}yH|%5O$$lvVooV%1D&iKwc`v*UQA6VuPNLN&&St{w zWB)kOeP3H+tQ~tl56vpspqS(1gIMNyaC1NuYD<>iBl8Qy?5EtxGV_iBmKiC6h-+KGQ%1n#(`W*#inx*Pn=5`t zw)$u{!fr7E=Ck%I)y25utny}p*?hCT{J9Q2Zd-e9+eCNb*$XkYn*QOEpxz3sZ0EC^ zE~zl8zOya9oE|A6&o!|zFHuMA7x=&o2s|Y&a}E}fDT@~yn$a|`Q=&#&x`bfTWK-qG z(MS!$-;xm;B78h>a(>9XYu-D%Skmpkq%hKWJj~V|_A{MzWk8A3d}FC5H6p9*oIP z5uXJlzT6P{#Tzc-H-4_|0HudgUx9AelgVz#-bWv2o7k8r_3fb?OPq@75)r- z{n)@>$yP#FqvG^O$W*U$(!(XvHMc_&VT@7c>;dA|1dU`|+njI$w(_34;0g`;C0ifx zbAIFFoIJ0e11ryN->V_`J^$LOS*7ym;bw;*%bUp|U_9zZd~y>ez57C4S)5znUv}&9 zKFr3}8{3TLSP`v4|7TCAtNubb(GiwURZol%1T}v2jCf$+;?7Y>2qN7VDnP1D)P}qA zE%iht;X*benMPrjtH_N3k{eZTRhH9E{KjvY_`1oEkY(0Z;&f&g5}jpR^-?rOwg^DK zKODhf3iruz1yc|6I5jfiScIKZA)s?w>2v>$r;}1F(wdh zs6g@rcF4vcyN<~^$tMVuIcoV%JAGG+&FsX^_-Ol16Yq9_=h!6q07yPuAAUc#tggmV zXFp)9J#birxrK?n_!Mp(+V|RP-(!eROglg)3+bB2sZAKnSX&h>*U1VXIzTas*l$CX zYh_?4FH_x3L!mo39i7fhiY!X}^Z@s;xccF&HF^GVPt}!t)I01s z=}tKz45{ha!B=wYYzAEbuML-bdMzc7Ecm@yn7Ic{{m>28#d`k!j$Xbb=&Wk*`$CjB z@?6vH1g;thOS>2ICm|MAzTMFOtt-=}q-_4llB2WCBVnvP-pF{?TkooEgvQ=Ce5cp+ z%F}2qUluG;i@P;6imKzJ1sEu5+h~%D`}zVV>WdD!?WR$EsA^3%=+b+q7gD);q!;p^ z#(|0MpZ}k}&N?j0=WF-^(juXBi{uhYNG%N#(zSF+NOvy{(j_G!2nfOw3rKfLmo(C` zbS)t)^)7yY-{19K?|VJZKRdH`&CHoIbLKw#*)ztX<;*(MCf}HF_P2OdQ;v)icRbV- z{y@(-ySc8ws*ZjejD8qp%iK}I8^p+{VJvCZM2LH;;mg*7xaM!2HMAb7q4>3qE(rJBYF9;S~0+%Re9ajTkH z{=6GXxQ(-H+?~&_f;Vpc^4xW5`y2usGSfzs>y>k|JTn9YL#7iDYN@OGY;)_nj+9Tm z&7X>yYR-B#Y=h+#C)x{BrH^HLFxF8yzQJPG+{TJe~|w2R4Hfkcu?9w+hQanK-!9C^}^pLP@kD|5S*l;7UmvP`aVR;^4@%gU2Y!}kIW)BwNpSQ381^n zQ`(%ZFj6D0)xRH%Ye=2~Nkg2|JtTjTwEynA{qKQ)4*&lr|G9937)EfJiR9iM9iKHz z7Lv$|gavnU=~q;yqQv3AMsZzF9MkptSmE+UcV3%#84=C5f~hd?w7 zes_4s@pn$zG8U-s1-Sq0(RiqD9tP>MsY8Jraxu@AHoze$DHt~@@jC(SWFi`fgw`4m z)pp;zLmVyyhuqW`Cf563BU=nt;8O)-YD7juc&62FioL@ekTL5nUtSequ5A%}qe8kx zK{;u(GP+96n}{sSZ__EWyld!tuSgW$CbrgY7K) z6uAu(Y7YNvob*;DzRX(MQvEfiF(5LU>C>z)+Nm_BIKF8C+>SBs}B8crH6t;j}Icoy28Lw1Ix={=pf-LD`6J~2uYcu9Yh z#bCr2({4i6zC0QNPesaL70NwdZS6^yL{TR`7|yuw4sg=9va(;WjaK9w5T|$;{5;5n zc%~7x2xXJN%j&t~CN5&@i+Yhg(FYjUXGBimtCflI#s(lDg|tUKO|@c~*Ebov^#t!e$INPeJRFG|D)>SukB$SwPij%(UVLBwF^49#?N2-_l+jHHcdT%m26;RUk8CM!j?w?EzVo)k z@1ED4`G=t{e=#r$ud+`+{l|oPuMzEcha8fc&6H#f*RLpnTzCnfxIrtcwDZ{FmSI42 zt1u=(5h3W~<;jvx;c9}Rb~)6ggLV|KGr0BVclP;?taB4ex?lg3-XgVg-0w8InG3M* z&3=C5LDs<13DMSkxu+QC=b^H%^c;ddDi?C9yep?I(%|>DAa|#6j8;`DPY2kE#Qbp0 zKFzencdp@uAA_}ZSr%!8d+LU3yuMK{BmD~>>kuLH@wks3wLU+YR_TXiuK#@FV$3k7 zB{-%yt(;U-Tk?nTf>VD(HlCCp`dhisaU%F82|gfh(76AL-O3Nf^Q@}!giW!_Wa!oB z^mmC7i%vs0f;PO&dGum8i8mAKIh?X=?>$?2mr``k*9Kj|G z0*kV6y_B(Gfu#uisS!Y2c^5PSZfFC9c3kmEJ}zB-z)xa*izj6uAW`uB^o8P-XVXSf zaXxs?64rS-)ZNgZH{g8561*oPFT9C13b(3u`La+Fe|MPhBj}>~d&c;8-y+I}tu{YW zKBv`sB&CIn47pix2IG!u9;+Uf`R!3sOI{iL%ThoUeDyp!w3*0y)EZ%V_pqV?^1S zudi#-d9F4jaJX=ft$%_F5j(DEwKQEn&=@_c?81AlVqsqq6&85T^w&-_d}|A=iG9cV6Rc_4a`}BY=)-+al|x*WG=l>Ahv~ z&AO5H1%2@Ijw(NcAKgbZ8HM10L;q2(M__y8z-l3;EXLe|wWik1(1FvIiyG7WVh>J$ z0rdJC_ic4S>HBn!I7>kE#n>Nw1Kv3u13)=pq6SWA|9rM=Y*V;bQ%&%= zf*t48I`FL8H;u_%mzonvV|=lPQ@T_*&ASI$h`x&if zmmo%A_WZhiYH4ai1s;_!FXU1?dc9pes&iCqb;3ES@w5hM72G3Eb3Xl87c$f&u96Ye zRZp0q5sM6VF>?0B7)W0CI%*!}k9X6%1lp8(P3FmYxGIiBSCmMr9bAfNSZ(&74teiZ zy@#_H<+e^Pevcwegus z3Irg&gMY+?X1rsw=ihfQkq%vTjfMcrdn}6%xm8=HV&t9lvNuwGh)yIfEf4GIk9w+g z0i|Q-$BazJ*0kRnC@$%T7SAY9^)&|EPo8jVnSIBcSR4(gXd$UXn?0*pGwj0NGW5_A z_Px7n>GuU4I*shdMi6GHt$qB})%p7L)M=&zv4hkZxWdm4uE90G2uECN$~;CVAi}F- zqgm(VZWjMfe|EWOBbm$Bm-r{S6!d)ZqQ~(n)YsMWmrG2)*)NapvZt%08%nH>an(#C zIu~4!yxc|#DH2WnOGW{xr^1w@K(IMl4FCzKs#5z=1D@-qmp6Zb@x4v|V=|2og2=zT`@fvB4OF3;jwU523O zfB?CntarxsrqEVz`xLdj)yPo#&<(FE>@yK>&l0H;6T_lt+nuHbM1XNurW+IiP3Z3{ zoMbK@&~#Sl2Kf(4gToZxHYWaa#TsC8f!8RZKLV=isQ|XxVCg@n0V~(ONf0d-WFa)B zZB*yM;qwDnMt^G@W&fBB$de``G~fjoOcjC`!z{pcttD@uIgy+k|e zeMj-YJ-*Ik{9^&d)2`3!fCN?=ShV9Z388U&5}}G$wRk0VI9Se(GusM#Lp-XpT7aIM z=UE#Q42Cl3_AdJAZD80q&D?yTATJ&ccu+hrfZ) z%J#!0UTyJGJbS1o6HihEl)zZfql)T}KqehSokp3t00tAG_m(cx*Ilkwbg4vZ!z;-? zg8?9!v>DEmdCZh2H6_JfbQd;|Kn;GqOKrxG6r3~8S{i4aYRuXxC>qfUS|yS4)b@FSOgGy-Xn{u^uCgM6wz@_) zv5PgEmeMo6aG%~6O>c0#X2ToGgxwmE5FeM^)j$zz`9}$+XC5BS8duU*uUcI*Ff*~; zeK^0(<+En`DzSFPwxQPHCk#P$Sc=QD z^q7Z~UqDF=${_oTa1TsX(N5XHzIh|`T*Juqd0=nkmoCuCDi-s|;TPIh%R8E@FH&{&@-YP7&jsTofRa9-0M z@FiT8M!%U#mxsQ^dReGm!-cVvWJD(Y-(E|IfQ}&)JO@w((cDi?DJ%=^sqPOwxhG8P z^~VvM#zFW##1(7=z88rZGiOPlyV^wl>bfNggs>)!G4} z;G5FTTsl*YFX`|}laL8W20xZyEZIM!V2E)Iu+c`uyLw8&BsVKdaQC_6%vuOf>Rv(D zSod-`?L0;AC+Je+XbKTUio2S1RZI{t62d%6-QYiTgGp-H4P!}`SqJ$OdDWF)6I3)D z8O%|pMYPl*TfR++vn0t(6j1*f?^Euub-p+Z6h4O-ux-ub(fFzr@}t;y&nqS@cLsCq zmy2~b-9IYh@t`v3Ft#kZ4nLGEqF;M=AI2W%%(>Fug4l+Yo0xb^9o~Ds($)S=YL8ph z5m3OuS+;&*G8=N^&_{J;cJ7vNCGM7U8SUAV(mVU;8{Q$%aWZK}r1id*(=JYKS#`V3 zMb$QEdZmhs1St9H)70(-*ZzhZHkH>ln>!TKHu84nz5UEmwDerBrk}Nok2kJXt zN<=BDY*}_p-uglS!6xd1p4hGRz>f<9+SMe>$VajHEBeAR65*yVl zkjYa(rE0xb67a%tmeK!B>o1q_xJzoTTgLAUO~FMT21RLN-9sUeFfgNiR*)BAQH*`d zKG!SRIo1#HU;!`GXKV@{-!?uhR33v>Hw^7X)7XgNrD!u`8k%G zaE)<9r~!;`Lc*351#K$)2ZO2TICqVccBH}REnl^$@Gez;FKo9J=E0b^V^abQ2z+?< zg-E%4XkXCDlp2rclHQov|I}sx_bh>lv76e>e6>j~4?y8Q$jIOBoHq+=Bof5&xw~i{ zJ8lzls$uOk4MujWk91pJ&8zVh;GoafmP!U3=@V1mO{+D9URD1#xA+!O(xFMmA)xXr zi{;d~ztc+^!Pz^t&3^eR?bB(rk+gxRl&!Up>jr=FS{qUEa9kvFOb>8?!|Z$dnT<3q z=TzVjZE6IRuH-;00t*N}oN|Kq#ioXwcuSJJB@o)#OocCp7I0y>*81@Wn+V&P7Bx6~ zUJb0{R_^Jtme0>Sg56~9SFq&Nh!8JOiFi#;u;d!( z%i6_<0^okYMb!g=9rui`jl09kr_;dp2z7fBmr@W}er|LfWde~C7FkY|tsU=DxNGhy z)o@aK6Qv4yuZIb|y#A*@8Sl7nT>nxL{%lGKlIqy+J2Xilv*a?A4en>BTp?K#^4X!O zaki0AG+>q}%cz3p(3Y@)?r$V>yZR*6Fzs^*r5EP2;srkVk_F;6h0dep-qMGMxqkd~ zj)v-?#+p!h&`+ms60A%k6?z8I>@v}1vpJY3-S%Li;aqT_ zlnr{%&&VQDOw-7S&|*!s=9AU$+I@$WIgGWjAaQyyznU3nc(ef+qciGNzZ&=*_q?Dc z(6+L2c*XrXu6R*Oi2_?;>iO>1SS_u36-hIdTMmgT8^N#vUeIQd;o1RF+?1%J<;=Rb z4f=54qf)hlu`#XW^Ou{pY?l^w{ZGE{RM>iA#DG&oL1rV~O~PlbZ!IFBUo*+R&f5rk zYFv8EU>>M_Jlb{UiV-0@)M3MseG6nUcBKJsHGjNQ;_B@x4S@-~nOfLiwJ@)a%V-%F zh+v@OG<3RYb-EFlf9xsbdFy0H8~9$#(?Z}~$<(Q2VVS?fIE;aAHN0x7>3jho{5ziI zIf^{#F9j*8sb`tL%def@8T={t=~J+|&8^3XQmtNGIhIkH=9cT0IW?nW|8*juS;m0D zPzK}j;S8MnhC%)0>mZ6!_s?p*+Y|fc&YLo%v~-OH9qQtdz!~7%9G@MM@#s{NH{VK0 z%`b)O)M)=mFI?9<#eoziCTJ) z%;k<9_E~?QaVq2u5TCti5UIaF5iKRb8-4z2E}MA`kleSN>f3c#0<}zY_8ZF{{$SSN z`gtp_gK#KpEuX5n;El$-#Hdx!{f1_p%2b`B)Wk3~P$2!9xV;sx$^tFio@A;;zt``x z@)1Ujolj=|y@JtDUUS~CtT@g`KKDaUeX`0*@y9RyEPo9$9i#M5G zYhLGP^Afn~e=3*%(|9OV4ol~Tc1l?!Ekwh(1Hh0CTWxCim4fZ7RtWZ6VwDmzZjaYK zpIaIFe~I7Y3ssxYAoX0?}tNaAGHos5igwRmxkg*bp+b9GKLos9ug=vspttNKTU*w5GHbKE3VOHcAYvzp&=s_sF5qHCOVs>|F?zCvWaN$d+Aoxy5~~n z0ZIrIl=lhEf+LL~Q0Z<^D+^XP$cZa}%8{BB@-$%T?E~(?RVV=O5PZD>pvIRA$!WdZ zklh`7p8%B(35jhAbTN?I1iV7>9@6f>`1T~_RX_zxS-ftt{zIEOiZB|B2lYZ;u@Rx{ zI~03J2GCN$l~%^GzHb}rrnTyhF@G)F@Nk3A1C8-VHBJb0wK zZXSNJ>eS&KiZ*{{IW++iNZG&F+BqKuJm-JWw2BH;8-M}2I9l^)2?9g%FabKMI_A0M zO@UqK4oQ9;Eo5V>xY*3A)wGX=afwp>mi8q3zTA8ew9%y1Lj6kW^1yst+l<-jI)!I$ z0TMd(DU*x8c=&F;dCnz;SOHzDO<>>GT(9B&8Uh>sNRVzxgqHdH{~fq7OTeQ)CgqXWo#wSA=sLXQ^-+yYV52k zb^IDfjeWx7<=q(C$t`YQwUpAIz;9{Dfmjy&Mq4Wv34UbO?TC62D57dBx`){y=P)yV z<8gef;9o)g8GZ}#skl5tAHT?n_!Rc~PN6Euy0 zO{d7&e4p_dYe${Y8)cN+D|qSux;B3Zxc-5uGB(p)i&a z|Cybij_dyGNNzZEi!>^pwg1b<{SZ9#k$KDmlar2IE-(0vAXk8aVMQ_U>cd-sKRKbt z?SW2mV46$C(5Gx5fy{8zRI?Vin3~EoX2kbp{Jdp+HZD}6^!+j^hqUn{Ouq)gM^tdP zF-(ai@&^W_-I2Xb)oUMbrED#-#`N)JLfM=Kerm$I`$|Ihmg(J?e4?;kBlnWU!p(bZ z@ol^h>FRt?yDsCK1rb3pao`E@8h}wo{6&(C{ECtLfkxAuO<`H@&Y!1k+gJ&d37}{1 zJY|P$W076{Ss@~a7t1II@5V^gnkHJYH6gmRKKpr?->l*!M%&1ggy4rlmYDF)3J-YO z{E#PlZmm!pZ6n`83CFwonINSl>*EdcanwPgILb|%!DJ?&+0*Vb_~FlW{TXuaQmR#$ zugl4!lX;e@@nBiitRd#ssn7_J+Ihx08qm+-)#=MQ!e1E9sMOcclV1YMtS5wm(Z`Dd z9#3(}yY_Td`HlZfWmOVL>cz#NU&lVQCLz3I^{o;WZx&VH!`KD0-W4Gi>z6p`F?Nl@ zgvLl3WB^$WVVL{tR7jq{>MkH5O9*><=cR-g#T8eRg zyh(P;qGp@4I(!~SBV$U5Z=b?Kb*bG{gPqnhI0>v^6kKs7)i2~lMoUeJNo83uSK*|g zGome^z_+YLEG;qxB6W2QK&xcVy$0w8k$6|SdGdJ7T;Kbcx=yF6Q z9(&xzsp_mr<~sQ(1Tp046QuasNjyGWF7J0>$g)O2bT)x!#wRCeZUj40Joix@tv?8~ z+d-ErScX049nk1g;)t&iwwI>fB=)^c^gbzYrrvtSV( zjgI$lUgIU!)j?GltwW-ooMkkXxdknW7^0~+#BZl8JBvxnY91U4gd8in5*brCF39l!v`Hy0`n zy6Xb`Mb%=}mGzLxTm%TxiCCFAD!I(0b*U4|cH^2YJ-E;3OlpgU7K!4SvUbvMKMxJU zIHT$0=AEg2^0`WJ^<>h2d;yh`nBeZp=dS|WwNM;oKX@MCL=PSacV<8K#kHW1xno3< zJX~}uj-hve2Gia)$rW!Jo^ffh9M~Ats~RLC$S)3*E-v(PeyFgqD*vw>e|Pk(Cy={f zf0ppj3FP!M{jXPxcR(fFu!+Zn_jQuf8lX)csXh-LEERAVOqoa-y!k9hoQ?qNF>27| z05irv`85FYEAlAPee`ewnKP#UCkM9Z&&jz`ACA1*KRI!}pn}$Lm8OmIpk$Z29QGdH zxzv1NJ^&|)GnlGUYrOTLD*j2=;FMaM)(l=Q}-8 zIzKJ4)kusibV~X)+}v1h-7jCg0VcNYCRz;AJoYnV-@8;So}cr3G6(+E&n^6{j~8n_ zjAAS(G|A~S3^t110A_3mAcyWg^LkH>Rw=OlI$ZZ2?rm!sklGM#^=#ybGNY5IDB=3^ zQrkx##sGtksX6ltZ~!)#eo5Wm14{vTdOe779I40>XpC#2vY<;fs=V=R=a^zSA{>7r zbzL>BOLLAmt>8;N5Ox?z0DcDboZRb8oOo{R=4>S>jCL2bP?^+hLw?f@qQn-wg+HsM z%rW498pP5o#^C2R(H7q8RilS`QDoftYHBr4xg?!Th{7ycPt?+w@1$ir_Q4YoLu@0C ziCj($lQ#Nt7Hzal3hrdND{J}_s60j!$mHl@rze%!yxmBbP zXE&1v7^F9}7E2Yr;LVP>&WzVw@=7G|d`#V-0?mQ$Rk3UB`@Gm3Nrm%y<`3;&31v!} z^{*MUPR|TJT9d!EsANn3wt38_S+QhICm1SI%!R%!XvLES$ie3ay1ekVM0axWUhLQ# z)P>tLl=}-_YaUzx8(KY}lw)cBqTSXiU&=zQFRFe_{Wxm#I<+E;&fRi}G(2uZ9VH9v zm&Dr^@072O`$at0C-2dFW@gZLY(0NN~tnsDJHW)`@ z&!WT5&M%{cpuKo0&@9DN)={?t^u;-w79U`U$bf|`S=1m$5B5dDD7w7rdX95TN#0l2 z)8=qL2lCOwO*&^6eB|F+>#+F)0#}Df{_O@x4z6e?$kM7JC~s)beX+R}OybzDmAH8k zJE-K3mO3Co(drh$$;e~RmpvZ6=~5e-W%23dU<#F?gww}KfQ5H$E(4BnL!@b})gYy1 z!;&G_IvB}gkFBHVt?Y?YygSHuw|-hE4h{6O)L zTa<0p=`!`0W5)F6~~y2sjrTbHc#o`-+BKUBhsvhR_*Hq2FdpaexkDP}T6H z%mN2GHx-I=pWEYC`M57UJ#>51s*PRx-Th8)hEMg2S5RD8i1n8}L$_^P!A-5d8dTc5 z3V9+;+k?LpE}nA_f*g`LgmiRVSIPB^gP7Daaji5e%W9*ntj>qtA%t|F8NUuXAEpO$ z9NhMHI@*e3&@zRU{Ere%WnkD^cZ?{q{pC{Os-YRI*o9PCuCfYV&97RVRsK$U16L5ICbnwZvsQj=uf$n3&kAAF!xRr5yK& zlRv8LXw*m{(@w74CJ#7Y-)y|IXMxqvNMZz~g@75QZl7o(Yyw3j#MiyUsAS#{8lbH| zZhheeaap6CwUoRA6qtHX2u|L}>|-XsQmY`lc_Wl;E1DNH_usjI&owA&pcm-@ooyjR zwfr1`NZ$>0IZf#q+B}q1lE7xF;sZc)kGW#pP0?6t*{MU%MZ+KKapW$4rp+3PkND~S zplIOSjD|pev2Bg)9)X+g!GphcaO{YhNc#qES7rQN2K(=kR>^;jXPp@M8W>5$sF2K} zmM0xK4Z0xw=N^B8|5(@);=i^O>+%0$U&H=2#yJ1aP2HgXnBxB$2gVv;Qs?qb2-}p literal 0 HcmV?d00001 diff --git a/examples/multi-tls/README.md b/examples/multi-tls/README.md new file mode 100644 index 000000000..ef4cd65bb --- /dev/null +++ b/examples/multi-tls/README.md @@ -0,0 +1,94 @@ +# Multi TLS certificate termination + +This examples uses 2 different certificates to terminate SSL for 2 hostnames. + +1. Deploy the controller by creating the rc in the parent dir +2. Create tls secrets for foo.bar.com and bar.baz.com as indicated in the yaml +3. Create multi-tls.yaml + +This should generate a segment like: +```console +$ kubectl exec -it nginx-ingress-controller-6vwd1 -- cat /etc/nginx/nginx.conf | grep "foo.bar.com" -B 7 -A 35 + server { + listen 80; + listen 443 ssl http2; + ssl_certificate /etc/nginx-ssl/default-foobar.pem; + ssl_certificate_key /etc/nginx-ssl/default-foobar.pem; + + + server_name foo.bar.com; + + + if ($scheme = http) { + return 301 https://$host$request_uri; + } + + + + location / { + proxy_set_header Host $host; + + # Pass Real IP + proxy_set_header X-Real-IP $remote_addr; + + # Allow websocket connections + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $pass_access_scheme; + + proxy_connect_timeout 5s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + + proxy_redirect off; + proxy_buffering off; + + proxy_http_version 1.1; + + proxy_pass http://default-echoheaders-80; + } +``` + +And you should be able to reach your nginx service or echoheaders service using a hostname switch: +```console +$ kubectl get ing +NAME RULE BACKEND ADDRESS AGE +foo-tls - 104.154.30.67 13m + foo.bar.com + / echoheaders:80 + bar.baz.com + / nginx:80 + +$ curl https://104.154.30.67 -H 'Host:foo.bar.com' -k +CLIENT VALUES: +client_address=10.245.0.6 +command=GET +real path=/ +query=nil +request_version=1.1 +request_uri=http://foo.bar.com:8080/ + +SERVER VALUES: +server_version=nginx: 1.9.11 - lua: 10001 + +HEADERS RECEIVED: +accept=*/* +connection=close +host=foo.bar.com +user-agent=curl/7.35.0 +x-forwarded-for=10.245.0.1 +x-forwarded-host=foo.bar.com +x-forwarded-proto=https + +$ curl https://104.154.30.67 -H 'Host:bar.baz.com' -k + + + +Welcome to nginx on Debian! + +$ curl 104.154.30.67 +default backend - 404 +``` \ No newline at end of file diff --git a/examples/multi-tls/multi-tls.yaml b/examples/multi-tls/multi-tls.yaml new file mode 100644 index 000000000..f65feffaf --- /dev/null +++ b/examples/multi-tls/multi-tls.yaml @@ -0,0 +1,102 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx + labels: + app: nginx +spec: + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + selector: + app: nginx +--- +apiVersion: v1 +kind: ReplicationController +metadata: + name: nginx +spec: + replicas: 1 + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: gcr.io/google_containers/nginx + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: echoheaders + labels: + app: echoheaders +spec: + ports: + - port: 80 + targetPort: 8080 + protocol: TCP + name: http + selector: + app: echoheaders +--- +apiVersion: v1 +kind: ReplicationController +metadata: + name: echoheaders +spec: + replicas: 1 + template: + metadata: + labels: + app: echoheaders + spec: + containers: + - name: echoheaders + image: gcr.io/google_containers/echoserver:1.4 + ports: + - containerPort: 8080 +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: foo-tls + namespace: default +spec: + tls: + - hosts: + - foo.bar.com + # This secret must exist beforehand + # The cert must also contain the subj-name foo.bar.com + # You can create it via: + # make keys secret SECRET=/tmp/foobar.json HOST=foo.bar.com NAME=foobar + # https://github.com/kubernetes/contrib/tree/master/ingress/controllers/gce/https_example + secretName: foobar + - hosts: + - bar.baz.com + # This secret must exist beforehand + # The cert must also contain the subj-name bar.baz.com + # You can create it via: + # make keys secret SECRET=/tmp/barbaz.json HOST=bar.baz.com NAME=barbaz + # https://github.com/kubernetes/contrib/tree/master/ingress/controllers/gce/https_example + secretName: barbaz + rules: + - host: foo.bar.com + http: + paths: + - backend: + serviceName: echoheaders + servicePort: 80 + path: / + - host: bar.baz.com + http: + paths: + - backend: + serviceName: nginx + servicePort: 80 + path: / \ No newline at end of file diff --git a/examples/rewrite/README.md b/examples/rewrite/README.md new file mode 100644 index 000000000..a878d52ea --- /dev/null +++ b/examples/rewrite/README.md @@ -0,0 +1,66 @@ +Create an Ingress rule with a rewrite annotation: +``` +$ echo " +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + ingress.kubernetes.io/rewrite-target: / + name: rewrite + namespace: default +spec: + rules: + - host: rewrite.bar.com + http: + paths: + - backend: + serviceName: echoheaders + servicePort: 80 + path: /something +" | kubectl create -f - +``` + +Check the rewrite is working + +``` +$ curl -v http://172.17.4.99/something -H 'Host: rewrite.bar.com' +* Trying 172.17.4.99... +* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0) +> GET /something HTTP/1.1 +> Host: rewrite.bar.com +> User-Agent: curl/7.43.0 +> Accept: */* +> +< HTTP/1.1 200 OK +< Server: nginx/1.11.0 +< Date: Tue, 31 May 2016 16:07:31 GMT +< Content-Type: text/plain +< Transfer-Encoding: chunked +< Connection: keep-alive +< +CLIENT VALUES: +client_address=10.2.56.9 +command=GET +real path=/ +query=nil +request_version=1.1 +request_uri=http://rewrite.bar.com:8080/ + +SERVER VALUES: +server_version=nginx: 1.9.11 - lua: 10001 + +HEADERS RECEIVED: +accept=*/* +connection=close +host=rewrite.bar.com +user-agent=curl/7.43.0 +x-forwarded-for=10.2.56.1 +x-forwarded-host=rewrite.bar.com +x-forwarded-port=80 +x-forwarded-proto=http +x-real-ip=10.2.56.1 +BODY: +* Connection #0 to host 172.17.4.99 left intact +-no body in request- +``` + From c173985af0b3dc8a3e9f39adc29dc92d3b14ebe8 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Wed, 8 Mar 2017 20:00:16 -0300 Subject: [PATCH 37/47] Allow custom http2 header sizes --- controllers/nginx/pkg/config/config.go | 12 +++++++++++- .../nginx/rootfs/etc/nginx/template/nginx.tmpl | 4 +++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go index 9f3ebef69..0001d9502 100644 --- a/controllers/nginx/pkg/config/config.go +++ b/controllers/nginx/pkg/config/config.go @@ -121,6 +121,14 @@ type Configuration struct { // Log levels above are listed in the order of increasing severity ErrorLogLevel string `json:"error-log-level,omitempty"` + // https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_field_size + // HTTP2MaxFieldSize Limits the maximum size of an HPACK-compressed request header field + HTTP2MaxFieldSize string `json:"http2-max-field-size,omitempty"` + + // https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_header_size + // HTTP2MaxHeaderSize Limits the maximum size of the entire request header list after HPACK decompression + HTTP2MaxHeaderSize string `json:"http2-max-header-size,omitempty"` + // Enables or disables the header HSTS in servers running SSL HSTS bool `json:"hsts,omitempty"` @@ -252,9 +260,11 @@ func NewDefault() Configuration { cfg := Configuration{ ClientHeaderBufferSize: "1k", DisableAccessLog: false, - DisableIpv6: false, + DisableIpv6: false, EnableDynamicTLSRecords: true, ErrorLogLevel: errorLevel, + HTTP2MaxFieldSize: "4k", + HTTP2MaxHeaderSize: "16k", HSTS: true, HSTSIncludeSubdomains: true, HSTSMaxAge: hstsMaxAge, diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 3ada5ba40..0f3dafbd8 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -60,7 +60,9 @@ http { client_header_buffer_size {{ $cfg.ClientHeaderBufferSize }}; large_client_header_buffers {{ $cfg.LargeClientHeaderBuffers }}; - http2_max_field_size {{ $cfg.ClientHeaderBufferSize }}; + + http2_max_field_size {{ $cfg.HTTP2MaxFieldSize }}; + http2_max_header_size {{ $cfg.HTTP2MaxHeaderSize }}; types_hash_max_size 2048; server_names_hash_max_size {{ $cfg.ServerNameHashMaxSize }}; From 09e6aabce414a213444c8e77424f635f62b1854f Mon Sep 17 00:00:00 2001 From: Cole Mickens Date: Thu, 2 Feb 2017 02:22:44 -0800 Subject: [PATCH 38/47] Add auth-signin annotation --- controllers/nginx/Makefile | 5 ++- .../rootfs/etc/nginx/template/nginx.tmpl | 8 ++++ core/pkg/ingress/annotations/authreq/main.go | 23 ++++++---- .../ingress/annotations/authreq/main_test.go | 29 +++++++----- examples/README.md | 2 +- examples/external-auth/README.md | 45 +++++++++++++++++++ examples/external-auth/dashboard.ingress.yaml | 27 +++++++++++ examples/external-auth/deployment.yaml | 43 ++++++++++++++++++ 8 files changed, 158 insertions(+), 24 deletions(-) create mode 100644 examples/external-auth/README.md create mode 100644 examples/external-auth/dashboard.ingress.yaml create mode 100644 examples/external-auth/deployment.yaml diff --git a/controllers/nginx/Makefile b/controllers/nginx/Makefile index 8bee35692..8805e2d2a 100644 --- a/controllers/nginx/Makefile +++ b/controllers/nginx/Makefile @@ -6,6 +6,7 @@ BUILDTAGS= RELEASE?=0.9.0-beta.2 PREFIX?=gcr.io/google_containers/nginx-ingress-controller GOOS?=linux +DOCKER?=gcloud docker -- REPO_INFO=$(shell git config --get remote.origin.url) @@ -21,10 +22,10 @@ build: clean -o rootfs/nginx-ingress-controller ${PKG}/pkg/cmd/controller container: build - docker build --pull -t $(PREFIX):$(RELEASE) rootfs + $(DOCKER) build --pull -t $(PREFIX):$(RELEASE) rootfs push: container - gcloud docker -- push $(PREFIX):$(RELEASE) + $(DOCKER) push $(PREFIX):$(RELEASE) fmt: @echo "+ $@" diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 3ada5ba40..8a6a644a9 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -244,6 +244,8 @@ http { {{ end }} {{ if not (empty $location.ExternalAuth.Method) }} proxy_method {{ $location.ExternalAuth.Method }}; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Scheme $pass_access_scheme; {{ end }} proxy_set_header Host $host; proxy_pass_request_headers on; @@ -269,6 +271,10 @@ http { auth_request {{ $authPath }}; {{ end }} + {{ if not (empty $location.ExternalAuth.SigninURL) }} + error_page 401 = {{ $location.ExternalAuth.SigninURL }}; + {{ end }} + {{ if (or $location.Redirect.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect)) }} # enforce ssl on server side if ($pass_access_scheme = http) { @@ -315,6 +321,8 @@ http { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $pass_port; proxy_set_header X-Forwarded-Proto $pass_access_scheme; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Scheme $pass_access_scheme; # mitigate HTTPoxy Vulnerability # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/ diff --git a/core/pkg/ingress/annotations/authreq/main.go b/core/pkg/ingress/annotations/authreq/main.go index 560a73868..91c56b9f6 100644 --- a/core/pkg/ingress/annotations/authreq/main.go +++ b/core/pkg/ingress/annotations/authreq/main.go @@ -28,16 +28,18 @@ import ( const ( // external URL that provides the authentication - authURL = "ingress.kubernetes.io/auth-url" - authMethod = "ingress.kubernetes.io/auth-method" - authBody = "ingress.kubernetes.io/auth-send-body" + authURL = "ingress.kubernetes.io/auth-url" + authSigninURL = "ingress.kubernetes.io/auth-signin" + authMethod = "ingress.kubernetes.io/auth-method" + authBody = "ingress.kubernetes.io/auth-send-body" ) // External returns external authentication configuration for an Ingress rule type External struct { - URL string `json:"url"` - Method string `json:"method"` - SendBody bool `json:"sendBody"` + URL string `json:"url"` + SigninURL string `json:"signinUrl"` + Method string `json:"method"` + SendBody bool `json:"sendBody"` } var ( @@ -77,6 +79,8 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) { return nil, ing_errors.NewLocationDenied("an empty string is not a valid URL") } + signin, _ := parser.GetStringAnnotation(authSigninURL, ing) + ur, err := url.Parse(str) if err != nil { return nil, err @@ -100,8 +104,9 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) { sb, _ := parser.GetBoolAnnotation(authBody, ing) return &External{ - URL: str, - Method: m, - SendBody: sb, + URL: str, + SigninURL: signin, + Method: m, + SendBody: sb, }, nil } diff --git a/core/pkg/ingress/annotations/authreq/main_test.go b/core/pkg/ingress/annotations/authreq/main_test.go index 696d8bdc0..75cd6d2b7 100644 --- a/core/pkg/ingress/annotations/authreq/main_test.go +++ b/core/pkg/ingress/annotations/authreq/main_test.go @@ -67,23 +67,25 @@ func TestAnnotations(t *testing.T) { ing.SetAnnotations(data) tests := []struct { - title string - url string - method string - sendBody bool - expErr bool + title string + url string + signinURL string + method string + sendBody bool + expErr bool }{ - {"empty", "", "", false, true}, - {"no scheme", "bar", "", false, true}, - {"invalid host", "http://", "", false, true}, - {"invalid host (multiple dots)", "http://foo..bar.com", "", false, true}, - {"valid URL", "http://bar.foo.com/external-auth", "", false, false}, - {"valid URL - send body", "http://foo.com/external-auth", "POST", true, false}, - {"valid URL - send body", "http://foo.com/external-auth", "GET", true, false}, + {"empty", "", "", "", false, true}, + {"no scheme", "bar", "bar", "", false, true}, + {"invalid host", "http://", "http://", "", false, true}, + {"invalid host (multiple dots)", "http://foo..bar.com", "http://foo..bar.com", "", false, true}, + {"valid URL", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "", false, false}, + {"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "POST", true, false}, + {"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "GET", true, false}, } for _, test := range tests { data[authURL] = test.url + data[authSigninURL] = test.signinURL data[authBody] = fmt.Sprintf("%v", test.sendBody) data[authMethod] = fmt.Sprintf("%v", test.method) @@ -101,6 +103,9 @@ func TestAnnotations(t *testing.T) { if u.URL != test.url { t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.url, u.URL) } + if u.SigninURL != test.signinURL { + t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.signinURL, u.SigninURL) + } if u.Method != test.method { t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.method, u.Method) } diff --git a/examples/README.md b/examples/README.md index 330e82a0a..3e6a8d19f 100644 --- a/examples/README.md +++ b/examples/README.md @@ -57,7 +57,7 @@ SNI + TCP | TLS routing based on SNI hostname | nginx | Advanced Name | Description | Platform | Complexity Level -----| ----------- | ---------- | ---------------- Basic auth | password protect your website | nginx | Intermediate -External auth plugin | defer to an external auth service | nginx | Intermediate +[External auth plugin](external-auth/README.md) | defer to an external auth service | nginx | Intermediate ## Protocols diff --git a/examples/external-auth/README.md b/examples/external-auth/README.md new file mode 100644 index 000000000..3cd0da91d --- /dev/null +++ b/examples/external-auth/README.md @@ -0,0 +1,45 @@ +## External Authentication + +### Overview + +The `auth-url` and `auth-signin` annotations allow you to use an external +authentication provider to protect your Ingress resources. + +(Note, this annotation requires `nginx-ingress-controller v0.9.0` or greater.) + +### Key Detail + +This functionality is enabled by deploying multiple Ingress objects for a single host. +One Ingress object has no special annotations and handles authentication. + +Other Ingress objects can then be annotated in such a way that require the user to +authenticate against the first Ingress's endpoint, and can redirect `401`s to the +same endpoint. + +Sample: + +``` +... +metadata: + name: application + annotations: + "ingress.kubernetes.io/auth-url": "https://$host/oauth2/auth" + "ingress.kubernetes.io/signin-url": "https://$host/oauth2/sign_in" +... +``` + +### Example: OAuth2 Proxy + Kubernetes-Dashboard + +This example will show you how to deploy [`oauth2_proxy`](https://github.com/bitly/oauth2_proxy) +into a Kubernetes cluster and use it to protect the Kubernetes Dashboard. + +#### Prepare: + +1. `export DOMAIN="somedomain.io"` +2. Install `nginx-ingress`. If you haven't already, consider using `helm`: `$ helm install stable/nginx-ingress` +3. Make sure you have a TLS cert added as a Secret named `ingress-tls` that corresponds to your `$DOMAIN`. + +### Deploy: `oauth2_proxy` + +This is the Deployment object that runs `oauth2_proxy`. + diff --git a/examples/external-auth/dashboard.ingress.yaml b/examples/external-auth/dashboard.ingress.yaml new file mode 100644 index 000000000..60ef4df84 --- /dev/null +++ b/examples/external-auth/dashboard.ingress.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: dashboard + namespace: kube-system + annotations: + "ingress.kubernetes.io/auth-url": "https://$host/oauth2/auth" + "ingress.kubernetes.io/auth-signin": "https://$host/oauth2/sign_in" +spec: + tls: + - secretName: 'foo-secret-966' + hosts: + - 'foo-966.bar.com' + rules: + - host: 'foo-966.bar.com' + http: + paths: + - path: / + backend: + serviceName: kubernetes-dashboard + servicePort: 80 + - parh: /oauth2 + backend: + serviceName: oauth2proxy + servicePort: 4180 + diff --git a/examples/external-auth/deployment.yaml b/examples/external-auth/deployment.yaml new file mode 100644 index 000000000..5329d90eb --- /dev/null +++ b/examples/external-auth/deployment.yaml @@ -0,0 +1,43 @@ + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: oauth2-proxy + labels: + k8s-app: oauth2proxy +spec: + replicas: 1 + template: + metadata: + labels: + k8s-app: oauth2proxy + spec: + volumes: + - name: oauth2proxy-secret + secret: + secretName: oauth2proxy + containers: + - name: oauth2proxy + image: docker.io/colemickens/oauth2_proxy:latest + imagePullPolicy: Always + ports: + - containerPort: 4180 + args: + - --provider=github + - --email-domain=* +--- + +apiVersion: v1 +kind: Service +metadata: + labels: + k8s-app: oauth2proxy + name: oauth2proxy +spec: + ports: + - name: http + port: 4180 + protocol: TCP + targetPort: 4180 + selector: + k8s-app: oauth2proxy From 681af2d8d6194cafbb7c71a4c5961f85a39faad2 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Wed, 8 Mar 2017 20:58:34 -0300 Subject: [PATCH 39/47] Add example using github oauth application --- examples/README.md | 2 +- examples/external-auth/README.md | 45 ------------- examples/external-auth/dashboard.ingress.yaml | 27 -------- examples/external-auth/deployment.yaml | 43 ------------- examples/external-auth/nginx/README.md | 64 +++++++++++++++++++ .../nginx/dashboard-ingress.yaml | 38 +++++++++++ .../external-auth/nginx/oauth2-proxy.yaml | 56 ++++++++++++++++ 7 files changed, 159 insertions(+), 116 deletions(-) delete mode 100644 examples/external-auth/README.md delete mode 100644 examples/external-auth/dashboard.ingress.yaml delete mode 100644 examples/external-auth/deployment.yaml create mode 100644 examples/external-auth/nginx/README.md create mode 100644 examples/external-auth/nginx/dashboard-ingress.yaml create mode 100644 examples/external-auth/nginx/oauth2-proxy.yaml diff --git a/examples/README.md b/examples/README.md index 3e6a8d19f..69288dd45 100644 --- a/examples/README.md +++ b/examples/README.md @@ -57,7 +57,7 @@ SNI + TCP | TLS routing based on SNI hostname | nginx | Advanced Name | Description | Platform | Complexity Level -----| ----------- | ---------- | ---------------- Basic auth | password protect your website | nginx | Intermediate -[External auth plugin](external-auth/README.md) | defer to an external auth service | nginx | Intermediate +[External auth plugin](external-auth/nginx/README.md) | defer to an external auth service | nginx | Intermediate ## Protocols diff --git a/examples/external-auth/README.md b/examples/external-auth/README.md deleted file mode 100644 index 3cd0da91d..000000000 --- a/examples/external-auth/README.md +++ /dev/null @@ -1,45 +0,0 @@ -## External Authentication - -### Overview - -The `auth-url` and `auth-signin` annotations allow you to use an external -authentication provider to protect your Ingress resources. - -(Note, this annotation requires `nginx-ingress-controller v0.9.0` or greater.) - -### Key Detail - -This functionality is enabled by deploying multiple Ingress objects for a single host. -One Ingress object has no special annotations and handles authentication. - -Other Ingress objects can then be annotated in such a way that require the user to -authenticate against the first Ingress's endpoint, and can redirect `401`s to the -same endpoint. - -Sample: - -``` -... -metadata: - name: application - annotations: - "ingress.kubernetes.io/auth-url": "https://$host/oauth2/auth" - "ingress.kubernetes.io/signin-url": "https://$host/oauth2/sign_in" -... -``` - -### Example: OAuth2 Proxy + Kubernetes-Dashboard - -This example will show you how to deploy [`oauth2_proxy`](https://github.com/bitly/oauth2_proxy) -into a Kubernetes cluster and use it to protect the Kubernetes Dashboard. - -#### Prepare: - -1. `export DOMAIN="somedomain.io"` -2. Install `nginx-ingress`. If you haven't already, consider using `helm`: `$ helm install stable/nginx-ingress` -3. Make sure you have a TLS cert added as a Secret named `ingress-tls` that corresponds to your `$DOMAIN`. - -### Deploy: `oauth2_proxy` - -This is the Deployment object that runs `oauth2_proxy`. - diff --git a/examples/external-auth/dashboard.ingress.yaml b/examples/external-auth/dashboard.ingress.yaml deleted file mode 100644 index 60ef4df84..000000000 --- a/examples/external-auth/dashboard.ingress.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: dashboard - namespace: kube-system - annotations: - "ingress.kubernetes.io/auth-url": "https://$host/oauth2/auth" - "ingress.kubernetes.io/auth-signin": "https://$host/oauth2/sign_in" -spec: - tls: - - secretName: 'foo-secret-966' - hosts: - - 'foo-966.bar.com' - rules: - - host: 'foo-966.bar.com' - http: - paths: - - path: / - backend: - serviceName: kubernetes-dashboard - servicePort: 80 - - parh: /oauth2 - backend: - serviceName: oauth2proxy - servicePort: 4180 - diff --git a/examples/external-auth/deployment.yaml b/examples/external-auth/deployment.yaml deleted file mode 100644 index 5329d90eb..000000000 --- a/examples/external-auth/deployment.yaml +++ /dev/null @@ -1,43 +0,0 @@ - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: oauth2-proxy - labels: - k8s-app: oauth2proxy -spec: - replicas: 1 - template: - metadata: - labels: - k8s-app: oauth2proxy - spec: - volumes: - - name: oauth2proxy-secret - secret: - secretName: oauth2proxy - containers: - - name: oauth2proxy - image: docker.io/colemickens/oauth2_proxy:latest - imagePullPolicy: Always - ports: - - containerPort: 4180 - args: - - --provider=github - - --email-domain=* ---- - -apiVersion: v1 -kind: Service -metadata: - labels: - k8s-app: oauth2proxy - name: oauth2proxy -spec: - ports: - - name: http - port: 4180 - protocol: TCP - targetPort: 4180 - selector: - k8s-app: oauth2proxy diff --git a/examples/external-auth/nginx/README.md b/examples/external-auth/nginx/README.md new file mode 100644 index 000000000..d61e395d4 --- /dev/null +++ b/examples/external-auth/nginx/README.md @@ -0,0 +1,64 @@ +## External Authentication + +### Overview + +The `auth-url` and `auth-signin` annotations allow you to use an external +authentication provider to protect your Ingress resources. + +(Note, this annotation requires `nginx-ingress-controller v0.9.0` or greater.) + +### Key Detail + +This functionality is enabled by deploying multiple Ingress objects for a single host. +One Ingress object has no special annotations and handles authentication. + +Other Ingress objects can then be annotated in such a way that require the user to +authenticate against the first Ingress's endpoint, and can redirect `401`s to the +same endpoint. + +Sample: + +``` +... +metadata: + name: application + annotations: + "ingress.kubernetes.io/auth-url": "https://$host/oauth2/auth" + "ingress.kubernetes.io/signin-url": "https://$host/oauth2/sign_in" +... +``` + +### Example: OAuth2 Proxy + Kubernetes-Dashboard + +This example will show you how to deploy [`oauth2_proxy`](https://github.com/bitly/oauth2_proxy) +into a Kubernetes cluster and use it to protect the Kubernetes Dashboard. + +#### Prepare: + +1. Install the kubernetes dashboard + +```console +kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/kubernetes-dashboard/v1.5.0.yaml +``` + +2. Create a custom Github OAuth application https://github.com/settings/applications/new + +- Homepage URL is the FQDN in the Ingress rule, like `https://foo.bar.com` +- Authorization callback URL is the same as the base FQDN plus `/oauth2`, like `https://foo.bar.com/oauth2` + +3. Configure oauth2_proxy values in the file oauth2-proxy.yaml with the values: + +- OAUTH2_PROXY_CLIENT_ID with the github `` +- OAUTH2_PROXY_CLIENT_SECRET with the github `` +- OAUTH2_PROXY_COOKIE_SECRET with value of `python -c 'import os,base64; print base64.b64encode(os.urandom(16))'` + +4. Customize the contents of the file dashboard-ingress.yaml: + +Replace `__INGRESS_HOST__` with a valid FQDN and `__INGRESS_SECRET__` with a Secret with a valid SSL certificate. + +5. Deploy the oauth2 proxy and the ingress rules running: +```console +$ kubectl create -f oauth2-proxy.yaml,dashboard-ingress.yaml +``` + +Test the oauth integration accessing the configured URL, like `https://foo.bar.com` diff --git a/examples/external-auth/nginx/dashboard-ingress.yaml b/examples/external-auth/nginx/dashboard-ingress.yaml new file mode 100644 index 000000000..642e38f5b --- /dev/null +++ b/examples/external-auth/nginx/dashboard-ingress.yaml @@ -0,0 +1,38 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + ingress.kubernetes.io/auth-signin: https://$host/oauth2/sign_in + ingress.kubernetes.io/auth-url: https://$host/oauth2/auth + name: external-auth-oauth2 + namespace: kube-system +spec: + rules: + - host: __INGRESS_HOST__ + http: + paths: + - backend: + serviceName: kubernetes-dashboard + servicePort: 80 + path: / + +--- + +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: oauth2-proxy + namespace: kube-system +spec: + rules: + - host: __INGRESS_HOST__ + http: + paths: + - backend: + serviceName: oauth2-proxy + servicePort: 4180 + path: /oauth2 + tls: + - hosts: + - __INGRESS_HOST__ + secretName: __INGRESS_SECRET__ diff --git a/examples/external-auth/nginx/oauth2-proxy.yaml b/examples/external-auth/nginx/oauth2-proxy.yaml new file mode 100644 index 000000000..1735f4690 --- /dev/null +++ b/examples/external-auth/nginx/oauth2-proxy.yaml @@ -0,0 +1,56 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + k8s-app: oauth2-proxy + name: oauth2-proxy + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: oauth2-proxy + template: + metadata: + labels: + k8s-app: oauth2-proxy + spec: + containers: + - args: + - --provider=github + - --email-domain=* + - --upstream=file:///dev/null + - --http-address=0.0.0.0:4180 + # Register a new application + # https://github.com/settings/applications/new + env: + - name: OAUTH2_PROXY_CLIENT_ID + value: + - name: OAUTH2_PROXY_CLIENT_SECRET + value: + # python -c 'import os,base64; print base64.b64encode(os.urandom(16))' + - name: OAUTH2_PROXY_COOKIE_SECRET + value: SECRET + image: docker.io/colemickens/oauth2_proxy:latest + imagePullPolicy: Always + name: oauth2-proxy + ports: + - containerPort: 4180 + protocol: TCP + +--- + +apiVersion: v1 +kind: Service +metadata: + labels: + k8s-app: oauth2-proxy + name: oauth2-proxy +spec: + ports: + - name: http + port: 4180 + protocol: TCP + targetPort: 4180 + selector: + k8s-app: oauth2-proxy From 468815e98653b476b3e82a58b606aa8c9804d6f4 Mon Sep 17 00:00:00 2001 From: chentao1596 Date: Wed, 8 Mar 2017 16:49:08 +0800 Subject: [PATCH 40/47] add unit test cases for controllers/gce/healthchecks --- .../gce/healthchecks/healthchecks_test.go | 63 +++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 controllers/gce/healthchecks/healthchecks_test.go diff --git a/controllers/gce/healthchecks/healthchecks_test.go b/controllers/gce/healthchecks/healthchecks_test.go new file mode 100644 index 000000000..9db1edd49 --- /dev/null +++ b/controllers/gce/healthchecks/healthchecks_test.go @@ -0,0 +1,63 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package healthchecks + +import ( + "testing" + + "k8s.io/ingress/controllers/gce/utils" +) + +func TestFakeHealthCheckActions(t *testing.T) { + namer := &utils.Namer{} + healthChecks := NewHealthChecker(NewFakeHealthChecks(), "/", namer) + healthChecks.Init(&FakeHealthCheckGetter{DefaultHealthCheck: nil}) + + err := healthChecks.Add(80) + if err != nil { + t.Fatalf("unexpected error") + } + + _, err1 := healthChecks.Get(8080) + if err1 == nil { + t.Errorf("expected error") + } + + hc, err2 := healthChecks.Get(80) + if err2 != nil { + t.Errorf("unexpected error") + } else { + if hc == nil { + t.Errorf("expected a *compute.HttpHealthCheck") + } + } + + err = healthChecks.Delete(8080) + if err == nil { + t.Errorf("expected error") + } + + err = healthChecks.Delete(80) + if err != nil { + t.Errorf("unexpected error") + } + + _, err3 := healthChecks.Get(80) + if err3 == nil { + t.Errorf("expected error") + } +} From 0410b20b4c8bec63152f25f7052704b2f627ce85 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Thu, 9 Mar 2017 11:39:18 -0300 Subject: [PATCH 41/47] Improve external authentication docs --- examples/external-auth/nginx/README.md | 16 +++++++++++++++- .../external-auth/nginx/images/dashboard.png | Bin 0 -> 88491 bytes .../external-auth/nginx/images/github-auth.png | Bin 0 -> 16323 bytes .../external-auth/nginx/images/oauth-login.png | Bin 0 -> 37942 bytes .../nginx/images/regiter-oauth-app-2.png | Bin 0 -> 92269 bytes .../nginx/images/regiter-oauth-app.png | Bin 0 -> 86537 bytes 6 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 examples/external-auth/nginx/images/dashboard.png create mode 100644 examples/external-auth/nginx/images/github-auth.png create mode 100644 examples/external-auth/nginx/images/oauth-login.png create mode 100644 examples/external-auth/nginx/images/regiter-oauth-app-2.png create mode 100644 examples/external-auth/nginx/images/regiter-oauth-app.png diff --git a/examples/external-auth/nginx/README.md b/examples/external-auth/nginx/README.md index d61e395d4..c21bab32d 100644 --- a/examples/external-auth/nginx/README.md +++ b/examples/external-auth/nginx/README.md @@ -31,7 +31,7 @@ metadata: ### Example: OAuth2 Proxy + Kubernetes-Dashboard This example will show you how to deploy [`oauth2_proxy`](https://github.com/bitly/oauth2_proxy) -into a Kubernetes cluster and use it to protect the Kubernetes Dashboard. +into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using github as oAuth2 provider #### Prepare: @@ -43,9 +43,16 @@ kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addon 2. Create a custom Github OAuth application https://github.com/settings/applications/new +![Register OAuth2 Application](images/regiter-oauth-app.png) + + - Homepage URL is the FQDN in the Ingress rule, like `https://foo.bar.com` - Authorization callback URL is the same as the base FQDN plus `/oauth2`, like `https://foo.bar.com/oauth2` + +![Register OAuth2 Application](images/regiter-oauth-app-2.png) + + 3. Configure oauth2_proxy values in the file oauth2-proxy.yaml with the values: - OAUTH2_PROXY_CLIENT_ID with the github `` @@ -62,3 +69,10 @@ $ kubectl create -f oauth2-proxy.yaml,dashboard-ingress.yaml ``` Test the oauth integration accessing the configured URL, like `https://foo.bar.com` + + +![Register OAuth2 Application](images/oauth-login.png) + +![Register OAuth2 Application](images/github-auth.png) + +![Register OAuth2 Application](images/dashboard.png) diff --git a/examples/external-auth/nginx/images/dashboard.png b/examples/external-auth/nginx/images/dashboard.png new file mode 100644 index 0000000000000000000000000000000000000000..3acb7bb11215d66f8b07b238630c2af0bc1b95f6 GIT binary patch literal 88491 zcmZ^~byQo;6EGayf)xu6#XZ4Yi)#zTCAeGh;!e@x6sKsBV#O^KFJ4MYNBm50 z`~+h7MlZ?p=yk2gJ7lwnD11Gs=BQUO(KM$^f2k$vro-c5m5!K^ebbDN79+Q|_BO=z9UHG)Eap4_qqI^;qM3-B0tNlDHzuk zz!LXFEr8-?cwCDlByyPC95Ho_S#=Bx_#*giIKCVQzQUltvIGSAt3Uq|K6vFI?=VzS zIrLdYSt=I(GBhgDrTwInu1)>4t2>n~9MI>TP0FBppi_3t>~w6BT+o94=iwkM#OCBNn@DU)<+nr+vwv zE*&Iq*3~b#OuF8;i?boCU&n23|4R^;?cal5-{A94FNa3|qFk`g~V_&wgN4d~+jTO?rK{}6{= zcIeg12yg#4>-dl;lCg@IkCiDF)-O{?ZUFDE&I1_fp$Cex?>Oipyk7wm zx^yU)g4Rg57T3Q2P&6*Dqdt~gJq`8kPE{r$K$LW@oVmt$o`cxmsl`AY4N{esJH|H$ zBKB+a#e}E~N%{2z&2Z(S=x~`}Qi=P4{2uOzBu5Sw>YPV98=O}D>M+!6wa};;T!e3a z@s;aE6iEx+EuHMAw4SGf95ipMBtRPJ^44?>l+!ExBTEXbI7T1 z>)iO+R=v!Y>gV4qalO25vd$*Ie?@%YpgIi>G6zNYu}>#$b_oG{z|WV5iux`gr@G4O z;vD4SGUei$PA1g*v1NPb!2vl|;D_!_0`Tyopp2PpILQaHdVKIQz4@B`Go)z}$etvu zhLiGBhxe&`l0Aw5*7C@htEG+eLii!a&^($8uxF>UaeLCpSXk4mT@ft0f`+!A5!(ZIiVdY}3dulMoQ?eB4fG-<*6sK+QJ&+jg8)^O9; z9^qYz6Og#Xs?Oi_`MQGfeAupKE z&EFXTjs}IvGDhgZz%iiu@$WQSrn^xdD_Hw=`1RhdIR~xpvsMqME%-kIPL_@z@gyEy z2@?m$PfvOz=yo#t2j$#sj@nJeaqP);=mKwQ4q+A5MQaB;H1i3Dy}9?Y!X=P82+*A1 zOz2FkE#SvrsXt$YNLWtEkW&vU{GQhAUT&%W#Qhg9nUD+Rw;QNzJEau ztpmlb2aULZqmg+dx5nU?m9tN;B6Y2E9M{ZLqKIrSNf*i6!e#<(0m>-uD(2>N(t|r& zjQK$G^f>b0$+&8}St6PXwY5G-{L@kL{9gx9*WmEn!HIzX$QWT4TAGQm&TT<%% z-Ex0YL5cN3cS?txUh=(w1azoSqJz5Z`dQ)MwO6p<>wVbIa;6ON8oNl3zEjX(iFi%n zebSwWCzlwsHL>W^l}kh}P}vjw058R^YgIOqZU%kNrIT*f6%TG&6pNbi`%3b3vm`|+ z98dvj^XfyM@1w|ESXz2ppRYc;T|n$OY8lOX<}*F-Ni_LOR4Xo?^sHm+(!TU!R5dFT zBFf8rZ(C$VsGbY^J&Hl$_fFz)=pQ#VeRZ3`T|0*QJzs-P)kv{c=$pGcqfD1@dkA~R zTS?@MEKGEH55LhFFEY1%<-}{ZFX=M;1xyYD)C@6IC zD+`$H_bL*`hx>hP$NK}S%T9i7easdDW2TP<7kHBCW5i94~n*+SarH>Uq~G|xZ*NVi6^ zzgJ)$AHvFaSsBV6o5^?djgt~0;aF7X?V5bh+NyBkL=47!ThDNcPPNkJHNRS3s@y{` zz_mJU0{TAC6WXjv+UtviWV6Ti=3R82-2l5 z>hcmaw3(mL>j+B3{Jrr9P4}3f|jVzE2?I0Q7_s>m)yOjN^W{J zz8LK9&7Q-USg=*p*t9xWKyf(y-#!_6-lfFsNsv?3R9WEplwzf_qTTF-+p?v}EEi=h zF_%-Ckq!ygat{N2c)3Ob#c%4I_j|v-*oIaFQ(>RVkFQPVk;6CI^Ka;sK#*1=Zz6mv^}uH2zjDdsfk*YVp)ubC(1dWj?qIVJS5zB%Dd zZdox0BxL7>S)n&3PvVK1;U)+Kl?=r1n2$!QcNs?}*U^&|yv=5tc|8?{+}qH)c!KiX zW|)L+B_U-kmxu@bO=E~a^yfu7BF)v}@vT$Z#o37U3txrA?+ML<313I|bv|;>XCv_T z_niFnfJ-ZE4O;0>c^ltS3DEAG55lQsw6pH0N^L~*Le{VMu5~{2;aBn?goZ_n9Jg!U zY~T)?KU)fmdf`03kA8`MKX(dqn0OtW6+c%um2M&S*P6>uwibq8S^hKsrsYMyd|qsi z#lLpO%Bf8>&GLk60NHif&DXQ4WP$Kv`g1OKWsfBc$T`YE-2|A~T?;r5D7f|){W)w0;vai0eg z_zs1zmp(#|YB5bBx+uLdGe)S9?4T~=OIa*y@E7XHB^<#E2NaY^1w6GE1b(h!88h=Q zTSp0ibc_yiru3xm_Kzu@BnTOzaa1e!GYyBimgN;Qz!u^3(wwKuA2jGu`y_mvDrIC0 z41;5SyWZk`U@CZNc|K`$nt+?YNiMY$@oR%zMh)+!63xoTy z{l{yG*k;`+nRCQZ&E<{Q%!uPZz6@6-wBEXQGDGvs+cQJ!Z+_UT~Cx)Wn866D*q1 zn(3w|>0W%#7=QL8nP0f!>s}x9qDh*tj2XPCCFB~w=HCj{X*=Jc2#ZuH6GTMFpVmfl zcC)D#0~Hd+WINve)J77g6c*I@pR;g z1bo4b9~wmaG}B2@2`9(yppbt5MfR*LqD+T`=SQQ;NCn!tk8Adu#gbgycSZ~hDySbsGX9;AoTEDia_aQvQ0KKtrp)E+u|Km3JMHW=O zM5(6Q6gdJzr(v3zy0{dznKEwlnbf8ymoh`bkQcIP9W}49yc82nY5Yy^jnRig_Slx$k$S5+5+Wt} z$NZ$A*HZ1xZv$RqAy*T(cV(JX4on@k0wnc-TG6yT6#qpBdsbpRZTeo&nK5mH;OW|* zK7L@q*rpr!=?BZuR;bhi7pfd%&10==PJnB>)ip}?`}c^{xVUQ^CcC9>JBGtRpcgn| zYtUj#hPP^t7`(W~uX&;_)mgLq3DIg$uDbyXrxbCTIVI!Hwn&=u#|5)VUQZZX2G~e_ z$n2{w&mLET(2{uX8=({jEYO?m*UHT9yxrSL`^t+2o9@1Y+=+OBjGOmC!-Q>9r?_q~t65QoUvLP`p$n#RF^8U!Q_ZotE`H zcB2&An^ncRtqN8fLU6UZi~<&Pk-2##obvPT|QZO?bB7Q}HDWphZs6w34WMvv(g`Vj9rOa-Ft z*nU3g&Okn4=c_WX+eGB+M5FbiX3k|8cP46Bdddaey&)_pC*xI}q9)SMe%Z{A#qjD4 zCa7+RImH4;RyDlb_UtrIR`2JVPSltdh7S=A!r@UX49e21OSscuP97yg)3SH!kz64v zxm%mSmr8wNMF2Bmu)EZ&`H;b^qey|Y#9}stP*t|$^bhYZkIRK}LbcgnQl6*DzL*l@ ztWM@RT*Gw5_&|E5c&1t(CLoEl+2vAgl14;$@q`&DZg)N%8wM&S)G~% zAGF>HcSp{?wvu~)U1&4cIQpo`-r9fK?ToXLbA4gHR_c42XWu{ZOZ+Pq(Nnu!%0$Ah zBK^}cxCD#jxZMjtebZkP@YQfYctcXTn{8P{6u*q?y5%Gy@%7uHEFzi4?qNM*&R0o# zWw*S9m}fasn-)Xpb7qc0Hg?3dL0C9mvv`J)ADif)DQ9)nVIl6up_z)X(sbLR%Qwjx zUT;(e%jYlLEPWJd#OGXiD6iEq(dU1WvUDmS&Z(g8YVkij7d`XsLHfL zv^trHuEFS_TNV_ck4dUkZAo<4NZ1Fuz1WG4Rz7oK-^REnS0@JDUxNFs4r?keYc zEljY|xu?a5_jzHoGn3co@J$alg7GgjEA-TSaL0u)Z3>a{--fWAX>&}nAimqkCd2yPLhErG->QE;U%7i$2qoCeI2nI6H{~3w)d&A$D-TMcNj&0kLJd~F) z^m2Ebk*=;?=0$92X*)Gl9l0xf@*7;iM~$e~X_zPVA3pVqJc zG-xN>kGT8EUNgU$Q?C6UK;%Glz7|tb7Qz1s z!Jl=YMytO!23Snrw7|sxx&B_}$TNOB+ddU=74ES+Xg23@c^Q&0|4h1vs=dq3L;)#^ zrqS83h8>|G`qr5N;t_S|{AMbR=cVz@|&X3n7+Sn+qJXbP-DQUXg=q;)Xu;*iS(s<^B_rMi#_8$B5-e9&FNVHS@nfpH?C_>Dj zq*z`0HNE92MbgCm)Jl)5tODosTa`hkbL~^~P%XPfTTV*a;$6NF0gT6A&!mXfnTplT z9aM&tKjx|tzUMN%Jc@ZgHCA$^_`77FZ?@TK|M+kdkYZ|uam#vJIhTM-HJfnAVKAvD zs;7xyZgT?U=Xbt&P8T9Jd0Jp>-1zp4@F>0_!HM`pM`5Ke&z~qu|Jl^)Z^JV-lomCS z75f#vP?$EJxb~#jHSFi8{C1c1TW&G2_`)bV~K@vkH6prza;kV zPe=&!G&%6RGwb3l;@EhHPvY9BE^$ZGa(=bI3=DqJvLCJTn= zoiXy-IvNu>QaI|^&fUD!F7Os4@uJJ1HbH-9|Lk60}ncF z6g20#*)`v>khsoHsf*{f-~Uu*U|$8ycGzFnEDb-;51NK?GxYpSE8#_K14|E!j>l5d zu~;L~om?eG{mEHdB2l$fl$W#6=iGj&c73R0a^Q!29Z4O)YZrIyuZv`i!pLt9UGC|dGL;8RC0 z3I*W*f*>bXOfDRb526zi*@h&U@q*u<-u;4|jUfd3lwNNorny___FHIwt&~CdmxBCD zJDWK-JEiTdGyQ3r4-Rsg&(*3&`5#AUHtTvO$qOoK49;T*WgR&S!>vtLPP4xZlcaoR znHx7J-Op4{mrvH-v75kcccJND`N8;5V8}|O45hVO9s4YuF zxeiTGFyw{vC+kJ3SZM)p{H`n#ota;+gg=ClpiZM6^)DX)L8$#9DuWq;m~>{bMQGT- zT{onSj02S1I{1x(3X-`-MEhx?e=ur)5&I85!`|uZJ`xl9>h?3GvxE9^#&OYe74?5m zrYX2OZ_LjAq?-^o1iQvngfk&w$NDdWhCTvIo+V7|LzUh!I7QeMoY)EDdAR(7!~*A% z-k{Swk~q}Iytk`Iixg9MPR?aII6E_SVA6)+Nu$$->5iHZwIMK3+ zrMJZGm%Q88nj-PhE)GuQ6E{?Aer|~_a;ArK2#Kt&-sEslY6r~QLx~T3 zkCOZNhy@>5+JCIgdhS&R*Rl!_SMT(1ZCTYdG&~D@<$vgHpo=yQH8Zf2YbdXgYR8P7 zLm+NM*I@lu?AQyPvO6r%DRPh=oQrX(ay+~8&m`<-E6X`4E)ILDDdwmLS7PyWN?qde z;JT)3X31-%k$4p?J(Hpvlbv>Z#DrdbNr9yg5cBhaft;^Y;%*b zis0HUyY*d(SrOcc-?f|xU56dl%La|toms^?nw?bdF*?FX^~-Q*&~37qe+1EjqL|;) zpp)UnB3e=1;e{gQLM5RgQ3zbQ*53NaXLhx#UB9PKWl!4z1TuT){64`Wk!pWTcgQCV z-QF&`F${lkV%@yeB**k|GFG}YAcXo^%LJXu;39*|9{UUc8^gE=TtA@jot>T62y&nZ zgHRB4zzywk;FCW;XK=0m9|$rz6`}D*u21;A-h@H5O-CybebH%5AA+> zO*fJ}2(d07yX(DlsV zTo(iL>MfI2%DD?iH-6? z_u4QzF1uYIiD~pUeXvRJtbx;%=q8{fxMlHpBB1uTX+a|Aj_JL{(jRfk*AW~np`{H4 zLWSjA!Qq~5Mm$Ilia5+-S8g<~gFD|Y(W&xG#PINbyl;c#!5S!fS^h0Ng~|jI>KAUd z)>SlnqmCRd8W>}?XHp0<&>GZiPT3QNL9c*-ey$;Hih@Mh4bE&hM%mJ;A8a7!*CP@Z#`J zJXJ0}&sALx`}w=CIkKMq(#Z-IF^sH3}UpB3pzxbLZ4W-PU5ea;btVhRm9`4 zW{mNguC|`5!*4hzXJ>qS`t6+|t`p^BOLKjbyKF_r$RG~yHI(=(&pDwsUwL#UtV-TI z!|#H#Jva?s-tU41D*R`*XAQ2_E=FL>WAC1pS-R4iB{(Q@P9GHp2s%W2*LG3blS9j$ zhaX4;oL$^pLw>8xE#u(CVinCE%+OQi&zzgqNiNBPv;vz{$vXn>(~g;B5xdM`I83V# zC#~RC1YF*FSAa|tUOhGoYA%XV#ZlYbCD_=5nYxEx#oH7x@GBjz8p}=9d=@YsK?O95 z6v?ha04l=$x<;?bjYtZMnlBAe)zI{XtVY8mK;QY8T~y_3MmZxen(vm*1k*1aDRgVz zBLVL@bDUuq=7eYV=e6($@i?PU+e`59i!jT;9m=y^%JPJ_1|2eLL3#*ZhhULk><=EM zRIwgX={Ao`7u5%y;B%}GhQAgCL#7}Tj1tWckW9P9Yp4yGeb;_CIwc|~>6FJLQ+Nr9 zGGbCHFmq+-sXL=7-fuqgivei62|;cw*E+{~EkipWke2k^er_lco!+zdeGg<{-n?xA zpnig~yhQ;Av?IW79Nz`_qa;bBBE^>Cay6nr&3J(ieI*Eq2d zW=mftdHBKX@1Z{i+sBkt>w_mQB8{Cz=Uy&aSKC2%ZugjgqKy_|z2F3->})FYru(de zlTE?_c-!>K@~B)_e+MV-2=7wR*Q&?g&{mn?W4DVDez=JI7Z!HU&UjjEr_I#v-0<;_ zbUPXo*1kJF{3v;py+TeB0&*mchvu1XLEZCt*xBV0+SGIJQ6q{T?!JYnwXArd=j&y> z(OBl$^&1Y~erE#1Q>jpr>nMLvi$b)Nz!qK(dsbD_3kqC<-G+U0fgkn@lmUm0zk|2i zzzyYxf~B>dI)^PM6nhnGJY7X}O?DOgFVX$qKiQPWZ9b&HS>$JpE~i7sX{AY$KijPo z?efKMcOPkW2c*;Jjn+wL%?RB#yY1#f=!r;9qZK#1rL z@WFi@#Jj%|f?>Xr4^5(B3490l+0Sg=R27AovlD#pjTw#m)tjj5xp^h~i zNHf7t3!9Z_`>qs|<%SBm8hZ&nC9572Gb~*_!%@nIuBsmT(fJ_-dk41b%gNiYH#Gp; z(-I;9{j^Rs>pZA!%aE>RWO)WWh;*%qqR&AcjMKFAhTVoLl>X#__kddgY(E^1A##x@9f=q7eg{{0Y?mBWXZE#rW7RY=*##NM zivw(yuTePeT_aqpWgOk)^Qmz_cu8G(qYo(w${B@p*;}CN5msNu0VQO1M|wU<7H$!x zifv^!`1%ZBg|M-|bYEcrm+<70-(8$i?I}+`vKnE0Oy95ZJBr=eXiYD;Qsi^xTzg;PTiiXanjp$N<&Aw>IqNhJ_fX6`_HLycX zMmVTZJ9KT&A{`+%rH)jeL02#i))#t@WXMI_EV$SmVI^~NFf6}jc@xh(tZFF~_ z+_NMuu#mtulA{QyRgyoU7}FAMxUl>$K+*d3Id$5^n{|n&a|u&DV#fte-bCtaEkFc~ zE<791vo{_TH$Vi!MVejGcbUijC_{tunp+ARwVeQZkXMCrU&_J%XJapL%e&=?AFR9B zUJ2+g#)E2j%27hwyD_AKE%{ON>S_aBq6*EC&^Qoa3bYdx+aZr1H#a_2$C-F{q+Gw< zoXHMYTe0YINItf%nIjCw&k8X`)y(aKkloq`NewuPC!R^VX=;Fct*WTW-n%lQg6ggk zVbc|!?)6v;uBKUktY!Q<(Sts&s9Y%ra2v8lG*m zNplOD+>Ps|2MC{?&iE&wK91*-!8HC)K(#SW#$K$%mdJ|+vdBV+Km@HbXzemSjQ;dY zzw#KuPLqnYHty9FM+u{56F>pqROfSYe|)uYqZNeE{P8V9*pX>GMg0)6BF@ip#)xjs z<#W+4^M@F00Fr963X&FTZ~qM zD=eQ=oE7=_u@JGe4-gcMiTa}RR-ovP`(C0mv6Qu*#6Ca<8MUOwn}!qc%Wd zBn+!7E5oYFVZ_078z=W_HTT<9Z_5xNE z5H?MJy}sP#^I6e*BbZN---N%pWW$Rhl$1R)+gG6JpxA1ebyH@3A#8I86M1DO2A3+$H_o72HZ%km${T%d9TtDfQETJwzw0cT!QNaOs zrhw=D@hzxXP}^@2X!HiiKLc{OF>T(Wa94$jR}~5uq=N4S7c`#CbgR2zL^+42fLxs3 z@NR9yHBT2ZGaOEp?>yh^;9ghQ#$j%dQ(e!#qe)px^co^@&mHe8q3o0W9D;Aq-@?78 z-8gJ@pAa+TONS4u^dn^TEp6HbC0{KVn|!^rJ_hMHZ*HuSQZ%qIpYPYJ0%Ue{a9)

DN~UggKZMUR}LH8q#tWt0IC9K@TR6);TZ73pPZz%}F+PB1N(Id|8dV8@9@QHjfiko8 z_%SvQkomgH`3%BPxZvODk1ITkN#HL~f?oOd$*^d)F6^|6xVU;F)8KU! zhNJr?gM4{(IifL92yR)CF}Wd!hJiqn`0$Dwoj71z6<0*B##ZSEGf zcChMs3ofDDw*`Gcu29&HBTN^_ z;Q@hWM{;hv!ZdJ^p3|#A2pin)%Y8w$g!;TtUTU!Rdl2{t2ttjGcutxEL0)1&5F2Xj z7+UP*gjG6He?5Zv*B_m1+MMZZh0i6_8l36%^@D^!(6|u}D67B&N$wb_zY#%Z^zP}Y znqKkEa{)3al~93?iYb>TEhX=(gh!lmXxM`sXkZ7LU#nXlIVxVX!^`t zU!cXdBbe8r#%@g5W+80wq+}%^$eezl`reIxf? znlEU_ZJHQ#dw0@zL2^(3@TtLQpoX)#LOK|rf9Ya=T#!!Fcp?|x^Xt^V1AxCB3{M?LO&z{TRfeai`lPD0rbf4=#EPUw%@HN&6D8>KcVcY`>EirDxzg#M z+zk~pb8v_y`iw)du(tjuFPpQIYxn#9X2j({-{lOyOn<+1rpqD#K+XhKztg^KwwA?h zP4lQWSM+-1+`BqPS-KIbwwKs)zg(!~4E!|Nr*4_^r2B^5K^)%HEs8dbAc$s%hWuPS z+#fB>$LF!y5J%KRs{^f8WlXLrd9vmCWO1(j5XfKM49bYwovY5~tgiLSS&1i~c}P$Y zFTMV3Z1l-^Cs|#^TG*%nldoBd!6g`LktT-IC77TH#=il^Opt+34AkJd;gR#dL$-I2 z(Px=2G1f7<3vbW3K6-(*v^3BJk7d4h8TX|DhpsKIRJmDu|G_tO=|j5t($$I8A9v01 z;nBoT?wWXfqJA%ho?B_tC;r_``wvJKBlBY(+pp&ul^am&Zb{ZWnE%tYuOxYAgOQ0N z^K)de{YSAuK4w}66B_U!7DLnTPnP4QEj2P6k7IT);4)?)7&RAY%{lDg>$n>;89966 zC*vCvDpvD=Vy-mddss@`D_K?ahDgIw*{02s3o4}A7XsryPx{%WBAdG1!=jdyZ5{%cip2GHN3~p`k0pnK^sE-Fl~LX( zB;VdCHvNX?JJI!iQQqJ>m18Qje~MQK$*`1>-FE{)-~d)niAwJu>XVSTLBbzo_HHNIzjHLdR{ebJpd;P}pWHIAy+ zHeIyY#!cNV&=N6uYq8He4a$$hDr*-uVAAlK;6hkT<=2r;>(-E8*7l#2>{60mNg>=x zqxf29b6!<&)~lLU<-V03W?u*cc;~%N_lYR)BwtTN%gE|wh0ys1M$#OzjIU(Ga6Hd} zLEg2mVr(i2){1_9^}Gy2iE9)M5Ff`Q$qn=ph=e>zXg4a}QGDc5%5^j1pv!Ox6zFCD zWJ=hY+6l2}OBpv2gna(}O+Lo|n6TZQ_~M5w;2e_@CVGmDpZYP+TA~%*jH+ADIRIp> zkGu9&q?6;vL9_07S~<11Y;Vd9_go=V`>+MKcCBUP{7O^A71rrFeuXcO{~cDmuQo2z zX`Tx%vFMlym_G+8)CeF6^ztf#m+J&VX`{ui-O4ROB$i~lf*|g8mI2AIS$go-);-oc z-}PR{%s6|rWfjOrb9=sX6ME1*qh%cSaF2WOh=S>h=IQc9*ekHwWHyW$&xfDg8M(oR zz!xV(FvK2*_>lcoJ#g0>y>Mj!<^s+n5zW;D4p2xPBVO^!7 z#Iqm}ED4un3vnRp<}XiuWi4pD!1BXM57c0fvvCn~)L-$ngM6j+&{ouaQz+YQ2w_n$ z0Q49#)^-7)^0^nX_@lWqAL%+T>%}!s@wpK@BF-CcTV8|vu&3lw2nUd93R-yEIqOo#w`6?uA$U<1irlk$E@dWZjh_kAjZBK0d# z6{yR>A~_L#yW%YyU7NDnsFU}29YHslR)$v(OM`tHWnAhcdM@9@xH@d(ZAJuDtQ5m` zfM{VSSySqsP|%M%zlWnKAI%cC&}NI3%}XwElHN!vlUa!Cv}h>Ihe& zLayq1Oq>mO{{*d`?H1Bo1&lK$H103~PrD+>%+^Q^p4yu`hs{r|^JTchaRu>4*e`uZ zf7QHJ5&J&J?A)99I3g>mvw-nA(Rm7v%><+OoY*}Q1eM6ZjZfp5zPR7>n4nF5_R9_h z!6ANk_B6uwwTQkEm(P`ED@|(58951l8H}gODIRsjM&z!WI;{)tE%T}qA4bpVhgv7n zl~zB6{+JX<7lv}K+hAw0ovV23yl8O=Aq6e)G^fRoCRp~IYo8g?dQ!e}L!oNJ=E}tq ze$|T@H|Hf9R)AYLGvFe}|Aj$t2bNW?pNefR^Ydv}5Gp2t3DWfFDD@D3tGOUUUsH-7_k%(oXQ1Kj~!N6|op|a~HUrkJ+eX zLb2duP8xPh!{|I^mr=ohROp}xL#5C zq!=CE);AEIZgh~hf^LKMS zUR1`Ne0Cf$jb40d&aW8*pme#6gVW_F>e-y>p3}<8sgJquIsH3Aj$`X{M(fE67j~1R z*y}MwE7Zq*dOkK0Our!d&1_%B4`#Maof0&1FH`3%K6Ell7oMA}#|x9mSh8dPG^=Jl zRt5YZ0<_J}Mi%@MT;t-5{X=em9>VCPURF29aXbgWr7)?^wWnKR7KtUYccs+$IMnUI zO>wf<=3G#ioU5vv=z-d04Q)douobx}u>v=qfKb4fAm6c@oA*vzQywc<_~BIV^^cib zR`d~NHq$k%j!xTv zV%_ojivE}w*E;pTMo4ek)cPPf%CoZky{+jSxnHb_<41p9e(KDLz3#+$^U0m;?Tv?g zqYhLeRWw1}|I#P>OK66Ob9(5UZ40hmC7b?w3;Vvo5czsB!t4(b0+h6HHg?tWQ2YF77SU6fUGOA~3u~@D<)_maJ#>skLmG*@Rq#{$+LGGV} z=7qi{xR%#cGYFP3fzN6SFB^)KNwNIfT4#!nXG%RQ+{$i6UGNfKR-G>qXFJMGf3%2M zd3wCw_-)`^WpeBfq+cNK|14sA;YQ}dc!PnMcAKMm#@H)~*&{w6Gi={Au%H%J%XUg3vkZAC>q<=``0TTMH+&LCxy%ZVEPvSyP4Yzw3o` zwdMiH25h~oGMQD@vx|YvSldRYV9H-UeFIc5>n=}ZiTg;e^(z_mwfLT4M|$cl>kX!-hDtvfu8CxEfpaQI}X`g5ND^2jZ~%)P-&PA=Wr266mvt z({QiQMJTJJYeP=zr5{23i;Rm0Zat>o+lpx(U#d%3De&b#k2=EYM|f_HTB~qyi2Q!5 ztB~h5#clIZ4sH~=Vmw>a5FGZx6rTxViiwvIrrjP!&G8?;s(Ge==B%2_c)L>0A4xi= zPd8h>tf4Sv__UHs-;XV@IN{xK4Z&N;Dyr;=d4bH1<{?oU&oilxSHrF&`~#vP?kVV+ zl`t`_i0{Kb`bceFCXPB;YJlXHh1~yaMo~Wyfs_mN(==EIc;7YFhw^lpxZS;L7G~3P zv++R*M$*NZC!-wwY|GWCHG^1Z8N2@NeE_te*t2r3$9F{*F<%f1|xGyi>Rg~Qg{nIS1=V1GXl>zKM zZkn^G$ob8@{T;dSq?0^~T(A$fOcFgblTK9*Y*Wd|=rcqF(r!=5bxLIjnlGtdY>WTMqp-)~`!tpy!|L_U75+!xyAUmYYJ z7OoXnud5vPpN7zED12*C^-lBg^c(5_y*{72WA`2Bv&zvdl1GzE%S}#1N-h9z44iC7cyPZ0e^xu-kwfR2CxlW;qX1z-#8vz>rW{F@Ab%5 z3ntx$wc*xgOCIsbW;{&`!t z$2v6bs~M7}hQW*He=aMH3I%z5iRA%0?2Vh#F<@e$)dy2_|}sDyuy*Nh5tVLle2~vCGZnkhL3-1-Z3%Gy;vy0AI-i*dM_qGCm@SchuNsn^ zC>Td%OpV`JRw6w|eS5$F^)^;8BN0{0rfBGt7`|9(4u#i`hd*@w+MyH9{+t#8yPI|M zC3VCTCu^-ThZo$`-UbRE9K_{cN1rt%BS(l@smk&XFuS){7;StRaBEc3Q$Z**TKSwd zVCcCJM)z15Y`qx<+47R~qQ2)$jj{i1LMeD%mEiPn1~~MWIFG}9%T_ZZsvtFTxbhSM z>b-G|LO^kCz1KzEqjqL51vWU6Zbh=%+<=!L+$a`5yy?D{<8F zxhz3~Lp-?9=#|C=0W$lrr*>@c&g1OS=k2f)v?B6&3F5gY`!t{K(qzbgp3PSy*c6qZ zXqV#r78tB)3IF_Uk=U$Wm;T;6WpUZ&7cc}l+hBjoc$nc+x_0XfRli>Pa%8%R z&&P6bl0h!4Lc(QbeK98TBzIg);i91LDe$2aesZ~v@qWuvhoXqT%a?-*tgSpI0=A7O zie?XX_VhrJv)r*cIH!;m4(@XUjO~eJqR|>@-X3IP0C9GJu~U_hvZ1D{Wf6St)NX1Q z&)Ga8Hq?a=R?N}Bf~5`rEImX2?X@t968f)otA&P60~zNZ*&z^Wg1k5yTSr9mt!qJ_ z$%}m+G4f=e&NmOd`Hm9%=ef!nzUbDZT8Y}{v)8h7wrWrtv>)*w?TuYgT>!2m)>?g=98gab;wPnGR0m z^EfAEY44m8zOzX}1HE4Y!OHkQPYQI?17{;iX-wX==<5htEHQ2BrafvdSHF<tlv~mU}f-d3tuuW%JszFCVzo&xt+lrIA`z^fO;9wjps25e)jC_KJeg zIRS^G6!19z`r!294Kgk+au+Lag|@O!QD9AAP$e$(RV#B^eA!o%Z3kd_mEu-mV+Skn zw>@%tB}#SyrS2|CO?bvcFAbeI-b$a)LBM(oE`|)CSr%O}^PB>T(d7pBgcvDi60-m++6P)-kk7oj3I@~7PT%duC zi;kS#84h_f0Po8&DVZHox))*bAz>Xedo|T9@DS8jzsPX0M@u+cIqd~M-Bh0&UqN+C zIWpcg8Yu0DT-R;izBn=< z2$#F0?`z!`MKA7Qk{;vAdB64Mp#;*BG^?bQ0zZu$wT~u&%>98KyrFR&igpj|g0I5p zEQO@TnAzLRPv4Tl%fpyo_9&7TjJ>O;V4Cr$l0g1>`DGHkEQ}lR2(qA+e)dDZrKyH+b+4i1v|h8-zf0?LS=FMwt2UP+ z^~kTIeOHrOe9M&R`KE57`SvSEX&b83p~^HgRf9Y9y7(in_c^X%>B+|Z>u1uEP8Fv( z<*^vQ{0XbN_Led1ziOAnPiT$LG0>1nAvt-;_w;o05fS?nAE*qYCI;#`s}>DyM-hxU z)<#UVgcN#8wY=m;>Dtr75_@&O)=+Oh2~4z#Bn+q@syRtn4_lA5F|Af>k`Rroxf=O= zT41*39qEfOo|9~I=T&L@LAa!T%e{x=fm%1q=sk`6=<#Q+6$`Uh2EUQ@>b@RTMOh*w z-t%N4^JI;YIFtvw(dXRY9$pi7#(K|n--2T)y%B25rQ4&Sjwbw3BbC*V{*iX;bNBkW z(-PkDVTWC~F`H-%FcZLVH=cN469z!~?As-^y1o%{>1f^QEVwd5_nE^iP0}PA0-&o^ zVcoko_5_&~HP|~rU6Zz78brL7iTmpIa6jw@U7mC_Nc-MB4`=9aq}lUiQ&(B_zq@`~0-f*~~!D3hl%!Qa%O#TT$lE40zCZV!)=7 z_bti!&gk?n(RMF#OQTv}S!{=`PYU7JRL+A}OLa>E-Ij?q!cLVL1m*8kd%j$EPfN~@ zQM7^Sj2>sPtPzG02PxhWasaFz zkQ;w|;1Kl3=Fv-r_+t;@eD==;;J}OoQlNlC&wHVpI4mE>aN(E?h%O&TGT>KO>fZ!1 z%eeomtpCgkB$V;_r)*-Nia$#efP*|5xC8p{1M$s5lAFf?3{n48^iAD=3^q)_;l?ua zpC$j-4d8lA;(wO>as4E*lb7gk+wGS}`rXcs)IU^T3T&>|?=C)#e{?&a7RUrt{_z!8 zI4s%3b$4BO;Wf=DU_buA*GT ztay;>bp`RfHx{%w4{Z3Z#1}ko?=M&Or``f{m$6D{tajSDooH9v%2V9%xn&&IA-5I>;x9ydf(Zza$?1S zp+tL<JyO6nC@BE&{wXT(94R6 zfFiO{vz`%ev6z!VV;l7A z#?;})jXZ-d`|AzjZXH+4#9sgLw82JFB#4Q~LIL$vTAMfOwu4ykc9T)#r(Q1W^@z#= zmbeNGtccPJeq5Uz+`Z)%G90j)4hJI3ngO=?_h$o zU=R_p<4`P=hgQ@U+Ock7<2SLqK-aAX9CN&C{)m6Yxy4avHmLM!QsRL|17PQV;zoF0 z8~@qKE}d{}yz-Ijj|LFl)cKUx3qg6QBodb2*a}!GSb`DuZM&-$SC^-|(>5{){?o?S zlou9L-53$+o8m79qAq%da3WX>l5pVHzMy+OqxxXa-BkUPgLj+Yq{pom+&hLF5{ur8 zGj`h(SM?z2p0joug)ckF?4W=b%n|2ci@b(|MxUoo9^4EeHgJUHOb*|+vMPzs#?L_e zwMSakC5RPMLM4YiLe!ki`LNQ$`xiZd*2A%+jvf&Bw6S+XeZgNU;eW&{a{*y! zuFfj5gPKQ2L#WPqn!sR-+Ld*Kq*UMbGLxzEdbfmAN8TB`twEutM#r_HG%KX2@`7(e zJ#YQYMhw2Lmnh%kR#4ZP3329&LF^Pd>A1S%rpa>Dm{0dj<IaOX30%mY;V2!v@q>3?LzN^N0WZKROJ>bCqv9{QvAvhW3Mzriz<>?7E+&u2HYmDvZkAQp!_AtUIovZEMire{L+!M&`x z@c`olX{YTymPFg*yHChEXk+2`=oX}|fv`4PnOaTuFF)Eb$Yf(g>{TorB#RC~k`}dI zjyNtb%C%j3MeANE<*?#dD_XmEpnw=_T4$}&*i%9V7l-aU<7Q}$}(8J&D4LR zxF*hd^MJJMXwC^#Bv@(gybc0O`4Stn9{tHOE9eJly4tM)(fSo^_s*6{Du8#r&=lLpu<}7~#f*V#^-460C1O;%0lVe1+5VJ;Igvdsp zs;rh^is9RHiVZ?}dO~AB)MSdM#XZPKWalJ&2|<;cp|cDpP_cCjKxu=7&X)Z zJC2GH+fzHoGuutOgwk8V#S1&31omKfN&mcenxPlrnsZAHN#eBlFkj5f&hL#9PynvK zw~t$=yfw|DR@EDNCtA7>1bNAzc1K>)xO@10azO*FCvEWgDVs_ zut8uEI7ANwOc8*t_ekVRlEp^*OD>)CCKM#5$%VMU3mLSs$XNtO?(lSinq_dsi5=pJ zA8!hbY=`|L#jr?Y$pF5p6X04%UGv%ZADz%Xz`m~}o#$@CW{5yVR}%ouQ;$MgMhTl!os<+(lyY7Xy} z{^7i4LUxwuuK4;ln+d+hnmW9!Mnis7(JP9glH{TnVWB6IdyJR!X`Ij+3n6A6K~mya zD5C9i3M|gOE)0L`{asABg5=3>B5@li>xBQPc5lURLd|DhjcOQh&$PtD05U~YFcu=g zD7fEd*pdu)t*Iz?F5Ki#Z)tynB8WA}E2a1>Q#gOHvX;M#Oep|ia5mC~6EM6A0wcmA zt0&L1!%xWPyo}2qTahHk;vw)N=QEeJif?)jinxG`r~5R{V}^sVe+-SKz7WiB(lFeejo9F&Sgi;{ZeIIBf!ihxLbSUaG;mM8rryWF0 zroS&8mPL_BV!)ic2pG%8r6+JqCh7}`kwtH1;sX_fANRawk>WX#7$LQMeQn)CN$Q+>cq_=t=-Y%mq0nHNnK47X2-lQ$ zl+u#Bb6TC0EvM*Z0n4DRsO+u{|o=2y#7INq&El=NUVGV1c4(H z_%A?2LH}~q{{;fgj;3e3u=H(kO%zs$_Z`BK8u zKmY>OZuNYAc{aIEA^4|ZZbSppbgzxtmmE*|0I$f=!+lDMKgiW>{aDeYp>WjdL;s4K z1jC;g3`ZiPGaoKD$7eoX-Z|^zy#cnw2pP1S&m4Eyyk4X4vp<0v{z<^~hbgX$ov>)a z6*b`A@m$QZTq-1Z@lYHn+X09~krYB2sLTe&!BYVpfMQwJH0q0qBCG}|hI{(;y~ZXg z$y6ujt>wIMVKu>S4KpNvd>MD1_?ZfP?ajo2LEEA!;f13QvIdpg7j_qptA5!^o#B{X z2VTB3EF87N`{VB@gB*jsD*bvb3BSouSu(Rt5vlakwsPjk_%0PD1WXXz9Nk~CGP-`4 zVk}1tuOK;N#Q8TP&)GFD42lKG8n@=6BjlzGA5T0e#Dksl<>_!sG7#nBGXI;D2|*0M zDtM#7LUMTSjTs5U&Utt%OPlLcr+Mc7X`bq* zOa+!XkF@?T>(Z%eT`T(&wv`22&i8V3aseLeT5{wf$J4)?*wD`b_47jm-3>%M#)4q@ z@ul}u-~~>-(<8$z*YDjwo3poXVo83OGrE2|rPl+hl>5{1b+w@jX$xEM&t11EBb9HX z>ji1O76rbQlkNpEf;0qAslpXKr`dwM8OXRB#%eI4mnTG{ntdPQkmBH=WaMJrKve^@ zL8>6IxfaMY^PwD#EQSIZ3v-biy9VH)zkcQLd75GuG5C6SNi3Cu0fTYn1KCRNU#9)T z5%X)IgM)(?+aa)1u87jo(s{4*u88jLZc$r78WXGtom`6cl#~>Q4~0KE+E0HqdV71n z^zyo>L6P`2;7}SE7&z4H=eIfV3EZepfMOS-0jJu9g%Hg3^>v32CJArNAz+44%o!$q=%DfPj}iKJ~gjSW3`0 z9(4@qv*pvh{h=YvR~Y}D=jiCjQSi5}udlDZv9X%Ex;jKD zQBq3kvrcY8T6#Je2#pQMWZ=1yQG5adZwUzrhpw)CaD~Ck8H9eY+x{PoD4*ff|&D- z3^RBTPHpV0ia_q!Na= zbiIK8Y1;xHqw78Tv_f5;93eh9_Gs%fz734!w$paEx1Dc}#ou;5t~UI<>a6O|gaiCZ z>mx(Z#D2`c1~IGo<>;CF^X!DxqFleacl|J~5jneH&aZNOekqS)BgHLP#=#0O=T8=; z!VCQECFRSFAPmOPeFPbK$feK-NopSxA6lrsKb z%U=o7L1c!A?PSdN4QAh8_)XlRl=n6J^E8GDXEe5!;5=S^KKH3QVh{= z+ZSZTM+(}Op1OdRThqp@h5Kp@?@F2E>tv%2WN44XX(IR1X6aZK+F5R%#UBSo0%t+6 zv9T#2KdOQ^SDoLJCw5~Jt;gVf?UA8?tZ*gZnM|%9Nu%g`+CNNWTblT`fLL`<{%;S3IIA);-m+S=RSem95Vj zn_8@ehs6ULL8F=e0lp&0I^$AQ(d6du>$?ci_r163Z)bAdMckE23Ujab4m6iacalm_ z9bDLDD&LY}LZ2=4SgU?NjVZDd9+`2fE^zgE#klNJ<{pu@}J;5O~l0A!!v2 zC_9hdYmB@fY43S`rk^u%B*-PD^?lGkHRQ?f1MWs~TaTlV`#t%Gd>}eBcLn2FT z-@B6T%aGH2(P1tFU&Mp)vpYVJ)2$u-rWG6!=?^iRs&eQo&X5ldqDyj8(%qOS=RSSd zABD3-MaSyI?2qmc`La6vg`<7DcE3+MOyRwVU7xOI4k>fE|EU(GX6o^bZ@Sa%bTM`e z*2H&r4BE~qDc~3KX}q)+KXaaRq%2+<6@>sBMBXn0jeyDf$sR$%&pIaU8hV8;nw#du z$OvczKSl%?!>Rpb8N&=Yu}vdLW91+L8(2~F;x2iQ-SH>uEVlG=b@ByE{p%?|2>4!I zXhGYi>pazOKbdoLcX#ht0)pH0co9Ki>64Xq>F0zUGNGBwtcb3zF1fo0B}mw*=0hZ% zm?K-~z3Q{I+-8v(FEUTFn?`XW$l-WEd@6Fdgn;YruS`Y!D2k{gjmHW|CI)zxU}g;Z zBL}7)Jx;9GBL%Sr%l?|GalC#+hZMvFu6 zp9O1kBCZa;NPh}n2UZxc*y&)^xGdiN{L-+qBE1@7w%8GyaZf|%F(Eh*&>4+n-H+}m zeQ_~f_HsCTrtRwT9Ai7k^ZAz0jC-{PQN!EvH&g`J=rI!B=1z|XQ-Ea7XGKe~-aPUte%62IK|VHC(=Hb@I3gp7Y>Tews9HccDG_ zK7%`(}dpps0W2RMO{%QycyWizl_H!EitwyIasb`l#d*grh^pF;~T z;!Bzbm-`67?TjONdSo9tZyNgFWyE00_T!z2UNmHwK*a-Y^8UB5xT%eW{r=xR2gVKY z4I63z)sn*jv4LYVSs}UPI}gZ$;N{+w^iwe!fc0;><1d#?d2ZLu&4=?6$_K$Z>8=lk z)#aOm2>PSk|7S9Z)5W(LK9^^v>m&KV$N)-f2Dpl*pzdgbO<>`CyFtDEMBe`Rmuv8i zkOZQViB>-?G_Gr!11vq=ybW}=RdYcD-(RmI9OhekN`r|Q`vl@VrS^LS1a}^^Tl9UP z{_eWXP|$GY(KZ&#M87b7d45c^IZ=*(xc2kGa;d{Yn{#bW4i_L@#jRVDde(u}n|)K~ zW5s532~Ul2E2llIs(>{-al0nhXQQhpnTp|ZU(`}h7$jKtjfHI{$kTkUPR)&tzB}W- zz4ge^)aRa@-yf>|CGgq7YO{a3CMo5fJEjsKDC9;9jGDtJxSK*qSeu?F8c~iEn)JgR zQ9MzL7kZ@@fw8RjgK`V&?-@Gv3e5px6}G?9Z^^Bspm-LHncQfp&=G%IYfPAAJQk0n z?d)ii_8qSY1B36y?m(Visq@`PS`oFD*589!Z>8Y?y-cds3u=Zu_l=0DoR)i36gpB} zr>X1Dw`vYNDqbzRH=MNcHYM?yHN74+qWY|!o)!W0=N?C_OTwk59o_2(A7uNEhHVb+lS@%6^MFZlgInl(Y(C~xc z%NeizUgfAYeqh*_2=Ir?bxCrXhNdTX1MmAjfs-inmxwmk+3}0U-g7BpfoO?6<$JuD zYN_{dDBDQrYgwTLne10{A`!#vh(BZI&-)2$u+&l=s%VRaMGb>e)0pcI3}?1M7SMhe zAJUak>Qbj{WD$y{P1gsK9tSd__IIDtxnpAaJkU95o(G5Ih5lc#yHsbOCD!K0!VS+07I0PKT^<& z3vrU%DlN&j*ZXp*E5TeOJDrNxxaTtYzOi31@aYtDFMyT3J_jp)UcnU4i}54b?yZhb zZE>J^vxgm#PI60dt4D;lM4t0gD9fjk5`OoQQ4`-@%Vtrd|CA6d^@Kcow1O{U@bDHf zSWxMDEpI6_08C-#CtDagX*jY0-m3nKwUjo`k2$jR~N3yzD)Nyd#S3!PfZ(w`#vnrl<&pB#~wz_t_Wx&xH@Ee`kRV-Uox(*{!a-CN7&OD1b3db+1P%h-YbQ-*Db6zl9^# zFoMAHaW^0xIB7;Pci!k4+3NU_a0CnZ#U<9n4agiDi;*Lpp@8_rzJen|E$T@<)WFuV{>8QXLT@|7UK!brkkIoGJ1Y;CxS zBZ!H0v){}!2VanX)5a?t#n;!*rz8!9_FyOXTG&?`BAPZ`0sxeDak_cvffL-!)aC); z=Wjr9&;Z$ZRrZZzPxy2GWc14ZoF&tx52M-_vfyTL1Cd_gXpTwWiU1BXIs9h7p*0gZ z-ZwuTEUi0^s=OFfe2jn=62Q}t1)?MUI^*jNj__8TxCej0r7wfrYugxZ(= zZ%?Gs0p(z0%F6!jfQnjUmeDo5h+d0;XT_ZI=`?MhL_&ND%O`DK#HPLV;7RQ6pLnnd z@k5c4C8%N^pVQk#wX^akN8}jrP|BCuRm$;qCTiVbA5MNn^{+ z(h=9fx|QKC>Rc%v*MMLibFM5F`7CslBh(Yf>QkzWiJWTiZ79_L?y{+WJvFPxrQMQ`J&w1GT#q)! zr?>|%&HjqAG7wBQBfC>4P8J2sFG8iIF)kJ8Gy zK>>IC@cr(2;`F5&3_@U+TV@NqzZ)EvRG-F?KbRd`0_HQ`vsVYJ!^xn9i_?8c(D}}s zyzBASudUg}0GmDHND$1dhap|sck4G$-Q^f}YGN(Dq(>PM(*x4mM~h|^q$=M*5o2bX z{71`7pn)m2U7P2IexWWKr+rm33gHmAi0#ylT|bW$r2c#RsgCqWf12bvA)}Oa+IyKV z7}$g;SY7n#1u(}#f5zRpL2{@4PGN=BSI_~Bh^@dB5xX<*SyS=r-4zDt`u@2MftDVH zA{c(NzkK=9w+a)9B8Eu&O$wrkH&otFde0$)KNexa{d9&JFt3D)OIIGsVm%QADRB4SsmPyk z-COJ|IJi7_bxE7z=nI7usCpeQbtf8;V_nSn&Ov<|Icy5{F8d4>zBmP{dR(bqS+NPV_*Gw@>FZ9K)-Elv_WNlS;+e$ zIyH}r=z||$p(Kk+foJV6VPyS0Z+TtISS9gOb}aFsq!}JHFnqa8=j`-8{-!=>qY23I z31ynmvf9xt3W_wdd~H!M9CHnL_P(^AbX;p5cifIePQ@mfvOp0xds$go!#D)d!C)#o z?Ti`pgp<2f=Q}i^uPlbA7Xtx}pXTlS4lwuRS$#RTfihcpR|@9Q$Kh>ITczDhtwrEW zSi=*q6^k+#hx|r)39E48^PD`rI)c)`?1bW{ghV?Ur+^Olr_i?Yy8|LngxDrY@;-`@ zg74>v0((wdIz4KN8f5mv?p+oLhA@5}xhZY^GWUK>d3!a*h9DHt^O~vcz$wRj1l(X; zTBn>4RnLis#sPL+IRS7=#G@k>!{MPTY83Mpl361LIQ^@WWEcv%z_= zQtBN!O#08@pz69u{+OGas-;)OcFY=g7VKUUm64&jyQ8ke(VWs4Osb>;g|`DorEO@j zi6QX)N!A=2aNE!+#m~Gk@v>O!=HwEB1~3Ba@|M07+J1YVh`4^y>oWun%#X|$WKrPX z>*?&HP{oNHI^UG$f~?;nf7>}$@9kM>HCjL+QjB~JOjn&u5}oo4D*JNeNJq=cd~uN4 zAl+a`%8wvAwnCo*=-J*7bxH)q8J-L zvO)FB5gle|@++`YY>R<=4b;ZRQ$Z%jAr&(|;!77B|A=+Qvu|w-X!w503wIEPy(aa7 z`zB4F(cablXog3GZ*_hy(w6l^dVP^>A?w(4zs#{a`2|d>@bq_HCcHsrSWFJUlcF>K z@>IS-C4@k=W^(kr1=$`&4~Ab?fBJ-pRQ7?cU?Mucoh?&<>o(cyV-?U+yl7&c33VQl zr^0qWyBmWB*FZtLX|_7}DowA}K?Y(meJ&7b+Ib%e^&a(Y zgi(_F@TX*>$$j#FgrDcp#wvi~cyc6+)`^%jSB{j*nqZ2twQ5)Lwcs<;h95LZO(F@_)WwC}E1F_>{D@HR*? zf|G`Hvc~L-`L}euuv=_>#~Db949xmny*9Z*#J5BSOIj0yteXnX{IC-!WZLrVNC!pO z(hqqIKK=6wYkmb6HRTSaK6x`Xk@r%#^_OzKJCx;Y z+lHHHhaV+C(di9hLI4%A7Hah+afQL?*T~^iR8-HMoy$mJ2|q&6%Io*f?y+(YMNd0n zDFuZ-diXHDuCC6}%j-jS7t1;c6A8ts-6tXTI96Yn*Ej`G9|-iDz)u!Q4DXzqGaVlv zUnPZ;kOAhI@!ap;hS~DjEvKjM)ipKY5z1C7>VB~$-)q&nRe-g+Z_DWzapO$(0Be<( zZB+h*p28o~5)$HM-$5bg(wvVS=dG=+W!~EB~B%`8wSrTKTlMAZ#{l-%5bF_j5lfPK=*E5`4%SE^@nEw%NZPs z<+r=gxe?xz>t-h@q7>v(UzsLGliDmJ{&p?=)uT7)lS`oPKhFmvVg8Hk&Pe`HPC)_l z#^pd8=n-g82r)c>@ZVMv->?T@^1JDO`M=cuQxh`_^d^VQzd3+&(4QVfo5__vz2?!-jL zqZvK1%ayVpDTn-fqsnokr+Op$?I4Qi=;*C(lO)3#puPV#F(T#KPIYrzpZd(~cS@UUF)$|inJI+&HSo?A?KWpS!MJeg{%{fd2*7K91|45C9X1mkM2 z=>BbaNXSXow3z7qAuQ7iX|c(Q{GGht);A9S6*jCc?-F_DHx^Ha?7YRFkf{@fuYJkM za{X=sdv%sLP3=$0&bRmc(!k*m^Qmc(E)Qk6;_Nd(@oj!kI*9?pg2NDFV`FgSzt z+QuC^mX`F@q(F2wRlN%9japkj;m&1Z-|~{rVOL1i*x5D5FO`uSziOxeQR#$g_+I(8 zDo!^KK=ZRrf%u$;Jg#30_~EdzDhF0gEv?S3{;fLiG0jSRk8+fe7c zbqfoax%LCzA_Re48vcKq+W z0~zy5V_i6pW2h{eCD5Gem$Di^&nGn~NmTM_T9U;uyS6UW1l5zE`l zox7x;;EA74LB!|3m6 zx7hspF7%7|HmC)_S>LWDE+@{@MC=&!%U<{a%CBdDmRvCX*@-wKy2|UcM3+?v4;NQ< zp)K-Trrhg?htKj2tK&e5p_3}w8O3Jpgka)VBYC)tjEsO14+lL^U?g5a2VmK-6#T3wS-|<%$NlsIv$Fd6s>*fX zTN`jud!|=EzRK=rzX4)R0JD;eb!_h*7WJQa<-_+TUhgfc07m#MK>g@^C*xA{L`<)T zuiod91`Gx}N0PQT*SK!WaM_-(^rz3w&B<<(rySAKV_-sHG(NOnAT2n_s%^sv&!qHh|AETa1^F&;xCarhzztq zB<$+hRWKcq)EANuOemJ+X{%(0ZuR%(FXSgli>fd96J+orpIZCQMkSnO)xYpk!$ojr z@EUy=Y>S|l4~;>A1T6dBq^GCP>wdPeovFVQ0OI;GUGFV!`|CR<;2ZH><6ULCq^GcP zty`>}FF+`&*=K-Qs&ZZ>Wyj>_2@Ma=qVBTglI0eO4LmO)CO6Assd2NE5-JY>Q-1&vn%A7mC#`$I32S0 z=eiQO-A;CxJq~{R0Sfs{lLjBRvx9FSYM^*6wh8Acz)DMbUF`aFCU!v=j!s{((_Q{G z+8XrSVw(Ps%hun2%PMw5#1?j!UQs!}7@lrub0wp;#O{5I=PBxn+qyjXwGMm)u9HqR za`#3b&-{!Q@mTV_a>@~(i4~LmZvDx8*#_`Y3ZjS~B1-P`=z*Yel!G-xZ@RQJE<}dU z73D25WiLO$fN=VbJKOH9t6s!D6cFnjln6V`kBkah!vJY!J8;4LaoIV5VZ}+0{TS#{!i1 zGY%4ZdZCeCh(SEB7h+btx5OPyTO0G^XP)zMwXDTPSgC14_`6#vX=Aa(SeM`L zSMoO0`wE`6UxmlHP6VxipbP15)?Fpc9OMwU7iUf%nvgCY(J1d;>U-Ke2!7Cw!MSX6 z>@YMg9tS<0^s%|k?O(fhh1~m{+uaRO_9^RaS5eQ8UX1oEXTSdwoy=tC%U=dT6?;Uw zgUN9nwFqzqrp17v+``aRT>zdZmMide=FMbcFr znkTcjZ31D6U<+6md5azy^y|9B>xna%Z!>p4@N6#twwmMH@5mpU0=B8b_-&DHX-0Io z5-4be7rzME=Y2joqqb0`5GpIdiXs6=yo~iZu9?wGTEl&0J84r{uA!#tIqpAp9V_Y3(zP38tI1ZA{ISDOu3LLmnI-V;E^Mad3|btl3F$bf4oOJ0Yx4 zx5aa=(Qe-<>$cp{C%iTN(8l zY+!1y7>)pMhjw~bZLweTDJrqnw^JG~Gx4aFG+vZj(v{3i7I~|OCIx|%9u5XVWnwY; zRMFuh)iFo~B*h13c}vH=$nIgWO4rWiE9P5DS|F?)4}t)(P=S%y?FuDXJWLjCdL!5>2rVf)3YUD4Tw3?UXWhE z_RfTkkF&Ea1|0N!)L~sFzweg2AS`^5duuFNgm#IJ% zhl5lAnN5J;r#KrI%mQJzZ@nQP{S--*9cbNywDWqWF=72Gz8Nr5OMxikS?b?4`c}`C z3v2oWpJf<%^WYyXx6G;go{^>79Dkz650FR+yS71dmiW_C&?G`Qm)ZihD|#g_wzY{5 zH6u@Hu%T^Pnd@RHP#(L8S*j*y$p>(onknf)n@~t~Z~~ae=4J?RzEhH7tns(iXTQGK?{6<^E5I2C zg$3PZgLvz^TE_p&`hGM?&!u#sHgAM^+U`A%OSjKL+QDp{g~C3D^a$%Hx!5y1c-t?$ zaL$*}lpU-+7+1q@bXzl2Ae{Z>6{+m_nsq1Telpc{Y zu0qx3w|YT!)T08b2cBJE92T6<-&@lkUk9~UaHOOSXoNO`7Y8apne&fA?iY`qK8R~K zq5W!dUWh@-p3Xz922SWz+fZIV|L85s9BdR@f7x;fr=Bv`3Gs9I@w0nKq)_6*v7w3z zO<~K{mQ9SV`b0VQ!q_$knJZYgFW)9tm3IN@kJsK0 z-lguaCP;q;YG%M+6uxQ;sv(g1U>ZkeS8U&PZ}48$Ltjwys&t*7)NE<>8mQx&*AtL@ zdKJC41yWSP6l%7iyc~b@IVI^!gzH%h>XUPYHR|E1Gr}XzGVQKK9bc5<0@g-WFa`CM zp?gm%;G-g4Q;_^La>d-8G2i{nyZ|EIf|EI^7oNK~+?}61*DEk0=kZD&gmK=>oHV09 zg@4=}34Q$ByJ9)m<1lq#Rq~70Ee)2Nw;m1>XDqM|$(-4tS9L)_ z9#=3u*tJxS`DQ>Efq^11ZVr3N926)~zy+-H{U$XVV7=)k5GqRN?*x%60RlAdGcj3(*z6A-McdRY1SVQPj&^jGaGz=y|d>UV>dtx{%xTX3w{5(sOd z?P`T0qAipJ_aiUytd#uorq@czS0JoL;XPHYGq7tE1|bg81y}`2Cs6sDEdc~`7(y6R zw~c+(1*N8@b~=+OiO_dffslNP&_VMJ> ze1~kNo+8t+h2X13f^sN90dpm1X2n6dr{qdc{2B0QBPCE;u6FcjcA|YNY+b#Nyy_Fr zw&SoO(tG66<&oWAF9c!lU&Ys+gDvzGtT#zmh$0@Qx_AwhE0ebiQe|e#%qk9|PHE2H zMOfc2CO|V3l+`DFeSua*g?x-ITDFOEe;)*=#`*3}OJ^?U;*9e|7Y4n-V^3c#XCmJ) zhNgeQVEzIb8xdYQbKI?2!&dyqdT3`<0cmOb=mT73Kb3FBQech3n)_MNBx~A_m@WGc zBGfK&W6E%rFL`B;c0m6Z&Is=s3NaE7I^xZ)E-$N2e&tIE^dm9q(c5|VCg4M~@A=OG z4wtylEy%)yw3vZo{3Z5P3y-?v;)5k_R+-?U6LurY{)gM5s>Cx_F;nJ#Es@H31{FSG zQW`;i%aT1lQkl$lFr!=6R;yj<;0J`*X_dKEhy=+_XQ@uu;g%e!lMr#xe=n9@>s#n` z)lhMzi!t}v*L*b)LFbQ=%MDd%2AWxQltxuix0coA{uQ&1W4rLdWWOi~TDglKEsC%D z=2#9vn0Oa2=Pg9Z;9I#a*qKB4B){G03C1p#+n#VKsakb=WkpyK>&$qYz-#b2iZLIr z<^DcP;mlC0zzKx-77r@Kk&n;lOGJ^@LbixO_>SXpueF=p4OUgEWB5KcEuEjzA9v^c z$gxbE(Hv~s)&||!;bl1rOgAY&{K<*0;=&*l-zW~%Ir^gfGSs;UWE)s;C7Oguk+DW! zxLd?%Uvo4}e1^b>C>fQS5<*FtK;5^s@@{`R8LIolX{GIM`e{3$=~LAo!6x}mi^2&M ze6E7&9ZP$|K~YXT4m;J^*3x1jVJLPo-C~j+d7i9Yo!jE`m?PTAV6ZJtCgYPF0h_BDf|EeSOZyC9v4s0tE7N zjGv=(@jMqonLN0bPaRFHNQ+nZR!$Ahc?$f>>+9FOk34?t;rwk@ot5Y;qxjyQ$19a9 zmUO2hHN#HAN+;jSV@NaTW}p8!J*_#yyY3}?x_IjaIB<$L8scVNu>-}3U*ypUAoj2} zpTj;t<;3W}TZvyuSRwf94FVJw05<g7fbkX)c5 z{8PpAWAJZ}54*r30zwo*Be^EUxyQVxd59s(6#&ULsH6F-Ug42O&gsdX7r9-zU$koi zzhLk+xx~h6f0tqq^3jp4k!s0qLyga3g5kf$hYxDobX<6Z`ff?4yeRADz4au~V>&R- z_@SM?+qn=cnovV=8^9U1IUrqV}~>CG}K^P;SGrinVU5;^D@+f(iA^?791n zj*j{zHsqOESsAehBj3!hQ>DBKO>F=ZuflmzJ=L<~ET%}GE7O#XmDNvM8zPTIjDrA- z(T@tHCL^295PlSySm^scU`YDe1CW^d(9rwgo>}p*(cyyy z&RUNh++yo)rMyR_Q=b64#vkCL$Nf3c&RY|k3y*wG_DPPm=XD%D9=~rY8?N;f_R0W# zWe%R(EH$a~3I&jUBNBl&_2WgMjX(LTi4!p9qC}aevmB!g*ciltoOU?~b6! z^H;N3w*EeLR;a92E*~$b-k80o1!dYbL^jvihW1dWJ-$0i#y>&Vn_=794C@@a{+cxC zg_f?zGnQ-j`OQy9*a;9p+{I??Z$$)>%oHvHb&WidpkaGFBJgkxwm+oZQXevU6O>u9 zhu+4p<%fS?a3+9P^#?tQA(psHpZ3XXeoJIG$+jV#RkwWdXsq$^i_|CY446$j|Jcwz zZK*B)gg<)KU-ZO0gOl~=n=58kV=v>jb+98o>EvXB48OV1CSc+o0Fh`@X*mXWeY!+Mnyk_9KziI&Zw7B=)amj)# z2%L%{+1b#H+5-Eug z+<4UP+Nd7v9I(M>;qi7KlTneg2L8AtB6ail2ntF{0_?<}v7c@jmOc#xWQ_3rDeGLr za{CO+AMYe|W5+8TvEKlM{>Jjam*9kig!?}p>YEN1St`;M*INz%Hd%9}*weG)J)2*d zfp81Zt0@HbJ$S{%L$q{4&q9FQ;gBB5ejAnX&)Ciyc%z%hps+RH?2B*Gv&1Q!RC)_H zg{jm1Q0gJUemBM7sY6>CW+J}|j^MxgM!O7;Z%6tav)S>%qL}LUwo&6-kB?*R+xsWAv~4OX;X=5S)Gppg>USc`s(Q{ ziLz?xMG3^8^wew9dw1zA*P_3m_4-j%t?z{o6}u+NkMhS*ee)s!%DdCUNJqR-ZjWgF z1*CQXgna|B$&}7dj~q89B(+=tFAwV;5PY!Tkz~_I?X0Sh4!%1Nqous1-ZWTX>iqeA z+N~+1E7T0%|2i~&k`NgX9Q*^NiWO1w@Z$VTarqn&=ZvAm(C}#1dlWUH=u$vIXVN^~ z{X@yVf42|H%)H!I4@wh3Fh_*zEU!kW+!0il2#4kkwb-LF`I?8lldLDd#ZeEe$vy-74+fm z%orAN{5@rS>g)UxOS8t0#frkxvs+-;^tBp+Jk`cYFsd&aO|paGyidMQ)(U?rN;bHW z>SMipv?%c4hBetR+rw76&4Fkv4mK^ytE_G&IjUrLo*4IQR0jkwp!}$?Ia-}??}Gg^ zi$ppfS&StRNH7IVVJ9A503K#D_Rhh^I<(r)9XO@gWu+eLu6^ zPhfcU()ig;E0#YHW)>Eh+IykEEc|OgZG^Q9G!r!wZ|Dpt=*h$$L*X!HpmkW-aKD=n zMLhoP@7xbl%Z|Fn4DQZ9TxO$Ch9jLrwcO+>8x?cTER&W8ub2A?TRcWPeai z@h2>f%H{S8i09WUH`JUJ!t2I@g8E*E4BeOo{w_#T;@@sDd!p=8DqP(?W(10w4aYWI zF(~uKM0d@XxQc7-xK{T>-g)k&T$pdrBP|cA*io(R(q&RDUVKucA=0BQlb7jxus_MV zII(p~+DWQ(7LTO0Wfd>z<6nERQ06_p^0n5L@s?MYk9GY-|6%t8uh6KLwL5xzZg?S? zZZatj*0LydAle>P6xQ4l`_?@{h&lA@kkxxT7j2}52>dB}%ay?2}R7KXJr$>T?m!5I-0p$e+X zWK@Eod{H&}#}pJkq^b;0{qN6{J;3c?z7IRIZ(V#pxv?wfd^+#IQEt;7n)k+_4i?m{ z_>O^yi*~cYeLap8_OMO)6*P*g!}#-7!(^q#yTb{=)q`L<>3cVNKl4w_{p2GeAZBUg z_1Plg4{|vQdED+_nf=8u=YA8{b2TST{?m20`W?hquEuB2@6l)qhqTgrMnJRFDw=?* zXJvYrYhNE~k>sf;Ap5)U#-0kMAkqs{fgnRg5DkI_@Z}Q39X$L8+S2oda zzV3K_Z_qTJO8epcd&pP{iuO-;V9`Fa`LyZRW=6kDx9k~kaH73?#LawtU+ zkw<&^20tMnHjd4G@KiHm>o?Yc97~f3RGxse`PvQAwe-b5QE4|Z{u%GV}K0FerU{_*k zl}tq&eXC#q_1-Rj^y8iHvF!S6cEURPE&UeE^2+fiX%;DbF3XlFkIjhv7)9sm`E0z5 zG=mOTt0a_Wtj8tT8To#Eu`*#Q@*;?kp?DHhtH5~96)Es5`_AVWD|&80KR+_rW9p&1 zd1&{w(!r5Aw}FRxcHIZi34E77?P|i~kE?&Txnz9b=+o$ZD;?H2t~B~6;arcwlb|u66374T#-2$W%s|v@JOz`<1kGSUJUJz%-5fJ7{uI_M_edn zrIsk5{W!#TBJ1WzIB@1E^0dtwKh4#mv|nK@jOxrDNNt(ewjC{Yyy&ZQmH0D|0mCiw zeSuPm0_gofJ%sARF;JiHZi?aTUs_C5Dx?=!>V zy4RntK6X0nwQTAv41N?w(BiCT>g}S(W1gIYqb_Y~-11$Bv4tJQByT;am# zvaFh|CH)%O-m2UVKL@sU~ za5Y)i6A@_l3o0~g62ExMYQiiN>%`8yRsM$(PDOR@LnV;ahRs4SugrJP3ioqowdcPu6m)5?e|*I%;TnI}bO8cHhkOp1-xpar)7UJ+IBfk!x1VB660R&wJw>I1+8V znSH7ocYgXFcoZJ}?5{7)Y2q#Os9RIt9w$i^G@*nmld|APo00it7;`$M(>_X2zlS{a zeCjJ@SWeDuc$?!G*3z@#HPe4^)_YCE?I|(0!P>!$p?IIh4UJp`yMmRZpVlc88IfY% z)U@f0!@FVZs(?-p<1WVn$vICM;rDt~uObMG{pp*Iv@{(PNCvhG?)(wB_tcdBBda|{ zwd|~wDl658d0SqI^!Ik9q?66}^LlA4-Xt>D2fOgc(eHBeSH?g(U7_+h@TN{K7K9v9 zQ*%jQ_VY$fjLdIXkZlNsiaEE3ZZC3dGFK?zMc3e50L!o^c~HJ|=$C9)Mr;Ea#@R8N zj?YGPfoMoJ&P-p0y29CH=SG)a(g2m~?VO`zz$ntNZ-5>%gug6$&bTtvRMSt zoP4GK>VCb1CMA^@-}RMV-^DGFnM~nF)GZy*%AF#Sw3E+aVquHTQD^Q2b9wc39ORDU zhczlK%_Ym>sT8n3d{(1xfA}|U)G{${9nSOm4tLtax`_BU`uxP?qeY;qbWtvSY-DW;8hUmMcgisrSb?+EC;dDk{Qr{KE6FHPD09spg+dCAV36osE34OM?wHNQ7;2wm= z_j{|%B8MdYo?=*kB&s>W7pYc5U# zUoz$IaV!bkdJAN*1|x;P>*lfnSBu76-QLS>5hu|fJGUr8$>3K0WaN~$`DzA*%IuPm zKe0`p{xAZiBdzAQ9G7r71v3Q0g>U848mrXpaOIUH)i>60X#JBbKRvK1t#jrA#-0hbwx5EN_6?V zLKB8HpV;NtCGV?5{1AzEC>_xKDS0rKl~Z?chr4(A%jm6gw;;LB91*hkz3V9hGX|zc zqd3A=1*IQ*oeCxvMr;c#uRrcA)eaeQd=(1Jrd7WNdTnsvloYZ_AVTUQ*z0+S{EYW;6 z?pbQxtJ`h6hUTeS%B-3&_;Ndp$ZoA;(HZILH4&o>?&7OdPMF zFj+Df=C%c(HFHyof1arBn24msX8+D#{r5L1^5%$D| zvL1e?B0%}}tdG9F`!@8f_-E4D{%FA{E}wbj6$Qe~?DJE9QmG+* zCJS#K=KrS~B%T7?78KVC4h* zo0_+W=@U(p{(iv|01w3wct>64B+{tZ1@Za!AbOfbSiwzt=?8 zMz|7d;Ql&5hC+Ygt*oEyJc7Wl;m3C;#v8E?n+4xU%rm3lA^6Bt{>hlb@H`)#&23Au6%P`6RPuOz=!J=1ta3Gq0FmFz-Y#ti~)z8 zjSOCT=eyXAyHR)#uEdbR)nESTr`vb#k;U7}e9l;M@_4TDXyLt%=H}QEKCvbJeK9>_ zmw`75FP z9I3{=X<|CHm)|i8ycp?PirSgglsHa5-VkK_h7HhV@Bl8`L8!u4N4GX;cDyZ?CR<2?;1{cX+O^8L#mYaRflAQuWn^ej3=H5xX0xi7QZhZ z-8t&JL5p!dLhHcKW^#QF@J)Hk#|eR1)a3!rm;V5*G8z&P(J2eK=f8y}-;V}gJ_C5= zXPEZ^Apa6v$1u|`;eYTi2HM95|6GFc0QCR=`R9GJ03H9Y*ZpIO{@?E7m#}|}fZFVH zk%*JC^9I2GZXc*I+m#Nz1hp}r9@kFEEG$McC}92D$V)O3dY{ZBM#i zIgb)f3vhTC-v;DMi?#E6Nk+9V1;@q!s;Ig~nMv6Sgr|Gg!tyTLNS1l+L8%Q;kzsu1 z0KW6pX};qfo7%N6Iyr9!an9SAKK5r2u^O5#T>^13QM_AMVkLyDY~V`U0e&d@@N-k8PcKmpvEVFfIMTmkizy;Nh#JL8}mI9iO`F8zq-#RwE2 zo4lEr>wc;^kojvV5Od{+A^^yK9-R)nE`9_0wDA=d1klvlsKl_9x~`2>dY9OBCh#qP znp*hM;{*^)yVJw1{iR>b0HjMb%qi>lm!rr89N2vBpLQ8`6p%-{PY3h4u_*2%zZzHn zw(D~Of~Galw2{_93i*TEkG5YiAXsn!*t^c<&V^|ZBz;6jF!$-Nirc_V4?hCXvPDEQ z2t;aKqDfNGJ(>i@y1axA)eBXck@&{H-^+|vyRKccfwuu1*@q}f%KKO!=xzZ-YdcLu zY)Z;Vz{6*5WI_fDYGHiY7-bGJR~S)7F789_Yr;4f7rjEWM%-KY7-x)`>+p$vj)$N1 zfgy!4Aq`iqin!&v92L9+;BU|RbG3Aft<-+RamMeztqI9TZ^ku+XnDvcT*%#eeJ`Ge z5n+xg4*-D$UG`)G9yS<7n`TzsscW!?{k2hfD)_|nD1Zyw9xA6xcpV}X{P;Y!AD8C? zcq;!4;M>gxe$y%uz&oNPwuS+p_$U5r^d=7Gi1@?AERWA3VlH7BShfH#kf;H_@ z^3?F8U49_yFMHfh0VHdQBd#acMV_PWcpv0Oo!pH9lkv%n#?MId&*&bhN52toP$)Lf0I0cT!_8fsgXigc>CQkq?Y(c?ayT;v7{N=7qE_8NvxLCLL zrAxU()r&u0AAZrbze#fU*FI1>RC@@Ne`ApgNk zE;8UQiTUMk@BjNae;eQkFm5;@!D1oXzfN}9Z~kPj(3;iOUC9Jgr9e4u8*Znat!xIO z-8X4bkL_%6deiNdL0&gvaDnCH)o!C88Uc4t2m_7mzZ-`!AmRdYbVh)eOO!nuzH_oQ z8>|6q0b+J8gQCap1Z{P9sKGB~V0hwrJ`1C|Z4QP`Vea<&xVY!$lwWlurp4qK_sPE( z05Wz(z(Pb1Ie6^S!4p{Leah!TdydcN;#~C= zP!3XhWwO5BvOT)FH%G$(K)*$~7^Q|}S^ix-2-;LNLd7U_zcH9}6orMo3Q~N(o-P7Z zc!3o7uQURinW?T5vn>#8FoJV&S6_wJQjk6X>iW7PX0TF}0T{e`aokkP?&G2em(Tg> z6VM@gGxh(z*%5peE&7`F6E&ag@@bpEF}#@&UhO>@^5bVWg`OqgDB?H)_iz@U8SpU> za(H@FYzJ16Yr^)cbB-^1;y;0;z|xNgA!#w!@t2$;C(F)+U*2p_D@-0FN_kh! zx4ms_c}=(2Wz4uW(@b;=2I%;-_oaZ`)~NMQm%LbNSBkhNQ&SpF&|F}hm#y?3;qE<; zLhEjNH!mP(-xqIZdcx;*_`Fu#CBo-6AJDy1O~D zhRMo!b$O}%_z1YgRt^(21i$w|Y+VDFmalggB)0NEQX;>{>*Cxy02VYSs~lJoWXfe) zH#SmcXM02J#W%1*ExXE{&6~GHG5-E$CZ96I%tdld@af$83CPBBv4C*+7>JdKbfd=W zyhj&06D`2<;#`jlQ0_K~2Lda6pR_-O*;a$K!Tt!yaQ1J3$yNfQKPE3`G@WT$0D+uy z?~3YW$l~nSVk}#sF^Eq(GmzzI2`*qRfFDif;juDU1 zJYUs2l+Lcv80C%NQF2#b@rysW!m*J0#Ow?O;Hhey_J@9t8Nrp(>XzhG}az_t#N< zVLXJhhdC;Y0nkrXvJWA#ESi2ZxXK?ODsghR74bR3APUNiG659X$G8N39%n(`&rVXE z7gEIr{?v9i_SSkXtn%~g@!Otz=9LOL&<|YQ@+1j)7awmIQ#Es{wBu-!$sXpTS2%O6 z3rNwUJWYuZGIL-}_!{EwT%XEvpsYE3M*mDREu@Bumz%q?JRJReRi~TO%K@te$o!8V zx^Gtcm>HGZ-xw+ifiQ1oK4egWTz+xU5TVJmi8S?Jf5C`@(*EdGqlrmhlGC)jp_iHc5+X$G!d|Wq6=t0Pdx|#3TA#Bj(UaUjCh}`7UCE+4nJh-~X@V0< zk`a;@&}(n5i!u?KC+TDf-dRFd@;IM}$Fb9l;^`=x)ccG_-jwo6(2*qcr1@iZ`t!Z; z_=XOZ;;#)ncWC@a)Fzh8(z}Ze-Ks2`4CN0s6T> zJ@BjGdQ7M?rKt6v>oF{bV8?1^M~6~~fQ?lg52vOJx!NbX{hQStrC>^q&e^I*OtACL zF;NOV8-k!ZVF(fGh1i_&g+eGd>fZRPJ>av*nVbU^2lKR-Bs7ct=Gb}XDHDIoyuSaf zeMgc}Dwj?r0!(Buc=nBe}t$MLf&x5DcQ#)PvODy zrVn0+T$I~J;v1PPGB*QPmRFeS4c&LZW(OAwckuyL@ReJ-l-?WA+hIVO5A{pzM<-&n z08T^;l(<>2RkG{_M))gG>r+1QbDY|F6YIp?(Ao5`vA!j%i^qikELo z{K7(rKG*q~EDxClLA~rKKM@l2uwoBbqKM_Z-+9KW))edvVv?b+N!cegZDlBE>*?KCVVl66MIbpnlAgQh zP5R=;*i_CVW$*&%>3mMt$E&ZS3l~I!Awe$)M=`=KO0*_fe|YUNnf%P=yGL}rx?%KE zULtV6jI4H$cpg|!=ohY|n&vtQFM9r!vf#&al8CsxJ{g)TE?8HWofNcoc{v3U3ZGOM zAJ|mB$?wCmOfC_ANShnlp*d-j4{0oxvwKsoQ^Bt&fz7Mk#19N*EZ%G~(GWH1+d}+f zaz4Ut^@V#?OQZSHpFrfr#YZ8pKoi6aKw1-8NgtK|6FDk855 zKiiE}yqz5_h#G)k!$f?~Yq}Us=BRT8aFsfV5li6n;8_h2`942AQLEvd+8jb9d#Nu&2j*gq>jBt=1*9dzwQi6l*bB@9TR2gt7Spz|sRvcrw5ltZm;} zp#RCP^C<55ANDY?AZ23x^~2#xYBtA$6EPU8)&Z&P=WFn7(}BK(tWIJ5=V}cazVaE3 z^-Ry@B&l|O^{9r_lc)2;l)t79*Hdfm-1Iy^uPW2Dn4R+H0bt>E;U&f(6r=uVhi_ud zH!c16Y2tABqTb$b`&rz1kL6tzp7`0pyI|Xj<&Tm@BjG_PE%9NL7C(4~0ZE3y2i{wl z|NrM#c{Bhtz_0jl7%>#Mf59Ry!hPc8Js;cn0aeLWjy4y^WCuoul26bqf=0JN~A1og|;2T58IzS@>3H*XYwHA8Yps)$JM^MSV@$G4m+rFqC! z`Ql)x-}uqJ1-+CyW_jZ*tCcL>v)CFzl7uMls}kl;2+Q09otS> zH{yve4;E9{KWfu#g%JmV{;Q}3ZI=P(Cqt;4Z1(z&9i-0Yv<9os_suSPDzsOo?}h{u zLF8#4VmCHDRP^+ev59;U(Km4QZnth@6P~}ktu*Vmo2@G^AMhe=s9Sm4w>Z6-MmdU%Vwt_Ekk{97!*8TP3V%*~rFlvQs*4Bj@*b=u+B;HM0GX+D8!UoO zct^-J&|%{Wam>cmNA(_lH^f)|Tmv@~v=9PSawdVV`fV9SvWH^XyEK=$D0&vzK5L9W z+_&{tXL2hNk|mzLdh8*q9WJz3ySbtH(!W^Cy6*<;L6t7F zHR1JlY@Xw^jc5bv%2W3td;~2&|p)!iCNc-%YQ;Bi-KI<72cDK(cey z2(!~6O#bMQzzs<~T)Q0{tMG#Ni{M3V-7w;_+Wl6WrRrg{gs`wR|oCqs7Xt-tmo@Kh!;gh2~Z>6r0%V*{91oY zmFH!{j$CpmEod3&O}(~Q;NE@~cUQS&I(J>~{;xuMw{{qDGpQs~=0g^qDtBOnZ=2=t z!>yuzpzdlK2`PVM8weSgIPjC~GA{LaiE`Y(czdxEknUvP=tD~*aI4EBZpYZV0+R9Y zsR{XSPP6S6*ru4;BP3 zIqcaoiP2YfdhdsR>8sac|8)*0q)J3(n5zBC;`$N2S#>ho##N{P#Qk`gE9?#o9vG6xu5zEC{)V|4WLe+}zfFnx^!K=t+B&(G;d`%52btOC)70&3 zc#H=mUmNSC|B^gqPBFVQV@aaZ1>xv#AO}7A?~shSl79~-5Twm6WBmU!Kp(~bEywv! z#K+*~sLL?{?vg+1Ee3uA-7-t++J&Yr;w41;3W8^_WMrshAOs9#5G)0|-4z3^9Jr?Vn>pX8#!+{~Rrr%biR&05>@Sl~Hm@i*A3&L|kLkYG> zseWg@eM_!IrKsg2!GU;y%tZqv0w;(t;_Fwg+Z-Ixk&&d1{0IcY(b3V2FUH-50vH5L zY;JEe0m_=mWIZr4icU@C33IEYp`o!-a(A!D&dyfW(TM@I4noR1ySh|?i^Us@k1EzB7;{lI>okeC|&>C-2Hl8<~YjXaVh@fR6fTwKb} zpMN8axG>9iad8n{X_bQKRO-`?37n~(sP79Gf3U0+YyTLv}|;7a^5 zpx_d&ioL)bTFcOo6Zq&lIXZ5AKqK!KRaHF#Ty$1mUJbTex1`S016o8{I=-bvDM>2HF@~;Vuu@1sfW^K|bf&Pl zc(zlr@SeK5ka=cao|=iNX|t1?+bwEpYBqaOQPJLsiLOO2GSd0O!-N<$w)#7F?ljG$ zdM@;LN#+RZ6ZysqhdJQ1OiiVWmiCX0bvifB^>=g-9?9Q#|DBLrSzk~4qoKi%ii#>B zMldceuBf(lZR@(Ksw$Ip$jxpZXHxzBgM$wxCH+mc6%|AMSTw(Xrl!)z6r7$fE#A+WRy-I4#9?wtY$mKns>sLI*6(M|mX_L9k8yEu+J}b|AwT&P+0rIQMxrY# zMZ*-6u)@@47O9f=A5uTY9VBP8wYB|tdx5{>00*~F!ALWgk~GZu+&<6{`8?$$;V5UR z;L8_EA~ime>yC*@Np}KIW@cu1ag+=U63LOl!NI+glf0my%0~~)^ZQ6dYt!u9oI-kO zXq-IZ;t$%vam^&V7xHt{1hF`}q0!ef5>d zX%noQB;UnXS`S=bxA!6SIDB%(oJQVYG<)D77!mU@EE6-n2!SmN7-5IiP;3I(>ATYl zj0pC9o22oLKxT1v!f~j-d7rka=>`uKD2BF+6#hZZwCZZGu()_zAa6>uh89lMQ^x3O z-mYF~hlY^*yzu{ti9&g0m?8(?VZX!)er;!AD^+_2bw zlVWJz=&cc>^lV70tcRVF^nB^FWM0GZY}gIxtml?yg7~$E)l!a5o$|R%$Z==e`J1Ow z4pgRu#N{@Nm7OlIJj1CGkNUbgC9Wt_p)LvQ>+R^<*I)s3sfJCz&rR&@^YwXnc|(hx z(>C2Q$@FNP+`PSwsphQ-{yj7@ptI8Z6XIfFMXyhM&-VsB_i9|VU~z0(Vd+e{$Sigm z%|b@)SPtztCgacA50X$1$ZtcT+S$U>TAz-kVfglt>;~h*BtyjPTJ&s$dIr}{UV**={jihG%zG2lBRG50X6D&&MJ8m^?LYP~;nOP~2n<+F@YhyQMZD<21#&{u4HC%^l zGu1IGuQzk2+_=~!k|A*Veo{K2PE(zT?95$S*v2YlAEAFNrl^~$BpUsJ3kzE~@qSA! z3rcGjf=$lcDQ`kgN<1OA^)W%%SmHr+->U}g3h7~zetr+)XGRAz~RKcpCt>7qFb7kuddUWtb_xh@MLY}Q$_u!6d|UrD@ZBSKUZyz)oVk6=3_J&803ggIQ@ zXHDpNgXcb0M8tzd?3=b#yV#75@TmCSmwGS~g(5>~9j-7QeS>td9&y%ewWMah4w+1^ z84NnXMZG!wNWHl8(WH>wLUFeeEs|9O6B~94h6?MG!(OyGtGIY>!n!j~)Uc`z;L?5!EWOHSE zDz1d!t%Ga>d3?7ZV>tm0E<&G;nc2Ua-+|HC9+&q#Cqb<>i}q5f6sXfix@?j%6DqghvyNm@6-2DE#q;oyP%eA_=eJY3X(!YhGwPj z%>l{5IPia$D49xai6PSuAs1pn@Dd<_MjJ_0-2V6u7BQ~0M6xH!ukADG^C`d7=M)^# zn`jdoR6`@vRugfPKId>a+)%1uA7H-h}QC&czb)rCRh}-Gn)3T@t zWZR8;`I0{2qm;v1qL(R!Qt8-{Z0HA@K6B;KLKlfsK5>|l2fjd^Jd~DPlmBC;=Jy?( z+6!8Pgx&F8JIs)e-`ulp6Z9P?JZ9%`q-yj)W@aj$}#SsF3l&K^D zmOLl&_P?5rF)PP>|K|Ymf1jX0lU;sAwF8p>->0JgJ#Z<}QI~H5)rJ4*gMS_9?=3f~ zEd$^d061?7t4<$BwZjnqdi~!k%L2%iD=<3|@tk{m_bW&smw_h&_UeKEXZ3UtU2dfD zGVXg|%T)+6ShNo>?qEfj^Mihl0pkc1e>O$teKnT;yUiGo@DiJX z5Ziz`tboE8vT>T$)sS2l>1lv&TZ}pV;4TBwNWA--=Wr=6cNl+RCBZwsaCjt_QKao3tQ1J*);+lZXbJqO#;I{s2kYN@l7y=ylAvqEM8GwmB#mqeZ!$^-%+vigaf zek!OIAnZMb#zHCda6+fZA4MW)LH!Sm^OY4y%n|Md#s@io_DwGF&TV0#mnLef9q=L` z?2zl^^2(T$8z{O|e74nkbNvEjZK38hZXi^nw37cv^FZFGLuQ<0NJm@ydW8E{Gi@G7 z3Byx?@CG!*HB0ErhB6>&*Q8Xx?zgfB+!v>kD=UC!*wDU0jDy7^#A{)#(N zQ=<+~P86zSsDSdj3)}GlUOhDse~GK^+_3VyA$SPJ-3x3|i76+0h$;{Z>e!(CtnY$a zEIh*-g0{b@2$6@$H!(SGAnU<)72%z*kY@w2Ks5#ad}ZQ(jiX7p>}4-u3a+C3f???m z7aDhdU}57bJd$QYCm_sTJp}%E=2wU*tfTdqhVUk6H|j6yE^cn%N=UW2H5>=x!ewyl z^CWcHQCq-7Z8mP^Vlly=k?RgX`yYIcO-%fBQiT6{hZA#U1n>S{nhC+23lgO+g6F~T z%HPRJg@u*%ZFUT)c$~=Q8}tqX3^C!cc;lmr4}lFsj-moewn$Ba7Nq+&oE9t$bD_6V@%NvR!~M>g9eJ77BIZ{TLPx~Hbrti${i zpMaskKTJOePrk%*>s_v91~e5OI^gJR!B@o)I_rb&}t_HPl(29bvuX1)0v=at4p z5rBgGlHn$9yD(*aJ?2F$#-UG{0TW<%!ke|1J?m`TZIar+h2p37N%6H8+@3$f6 z>-85tw!PT|M;sLYyt`X!a&3+|Y^2U*MR#M(RWSnAmm=oEQFLAa#T?|nS0NYzGHuZk zL5>d5z_f|wa!@hGU?LwDaWt#j>d-HcG+T+jiA}rEm2%Hezt`fk*jtuLP#&oa@Xo&N zgS>nt%g;G}rlT#eG|-YG$%K@9t)f{cL9M0z4$gvr5jOSYrD)+|QsBG&(di-ki?=RI z1;F*u{w9PBtRPPF1wj311NfuQhNSwWo(&=N9=%uSjNO4bp!dvbRyFukgL0RW9b6I1L;F)V3Bx# zUG-Uv_Qcn2N!rh1I28$EE}wrUi}pPo_-qMy1v$o-5tSqF?|AsTj6;+_$(lx~a(7V( z$Kl04!SePeSv`dv5})2tcR^9PwiX z6qkL=(ybOq6+}k@y?GLerMBenGc$3w> zEZw*%GF^W2jsy>2Vo*Zim`YhhmP5C&BEBg8GiX7mzC0_aZRb*ReQXzyixm!)^~F7S zP_X-hd4{yqA5$AjV1xn-f!KDA`T}yaPv8Du!|gji5Ux{P zTa6*+AG#vJa1r2;bKUiu`kz5A-~)osebvplz~kP z7%ixVskBq__V)JuKRIbt4dQ_9^sCEFWr~;h8gP)KD(KhNg*a`&b1i@HI3SZ@%rqF&p zFS%B}BtDz0OG&;8g~u~v=GA}plXG(mL#L8Ed95Avzmboyt9_RC65dV5b%6+h5u-nc+&R?#G*^f8 zM&ggAGj+^^)R5=10#-HU zBHz7Zy}Fh=T%5+Esu~)R;sJA!(&r4Htg`1J)N|P(Bcv0wpjO$Nlk=$wh&pWX!^e+B zr172`IP%Jy-;k3#hV)2sXEBpmuY1ui)b2(9r`ItY)Mtl5)2_y8D-bHjt3Qgatf&rt z1WV-%E?h4h2clF+w`hoIQw?MXuy9%v>e&9X$Au_BSP3n^avHzy=<4b^a25j*;Ja}C zXU_tlAQLkC9>7^-*Hs>m87x>lfFv5i=e>vh&wf~zU0GIww`Tn0sFqQK__#v5qpK2` z#@q32j#89BzkVssW5ljoJ+-5jtp@RUyH2?#8*tYQpY#B&{xe|V$<`dy@WD8s`E71x zo7DUN+Icfv&FS{gBC{1LNSrrmE4AmW3Uo5>8I0>mbf*1kzT&$YFWtq8Jj)!Eej;k` z863GVG?3ZZd4D`!(I$CPVHxZbW8-U^!0zedKH#HJMkWR9U*)+iEIjCQeq=2S_W(O1 z?gGGHR(ka)US=P&B?g7o-sK{sw!gz-e(rBfPJ*(U_S!FiM!i1Ae{_-FPZnIY9UYMH$OtZfT5YNT1EA!hA2z4s`zyaqk(` zM zxGB8cTVPi_GqYfWuwCvw^~GiOq+ho4Yliehx1YhxchW42Y!*IFH4R9f&A)Jqp}Z&X zz=lr$1po1lw@l&>3wkdmyfWNAy|LC^G$`P-CFwUk@ z%vZtMU6`o>SJZF(;dSYRS@P;+Q3sEf1f28Lq2J^522$2^pvTwC|JU01p3{&*@AugH zxtS=9u*9*+Yh$fkFE73;-fu-r308O#_H8*>67a)kcf6Y1zCrP`46{~&c^4@S*`^SH5;t@x$ z7c3|RZsK2BRUER}a}WQjv)y;`ft+20`qpAsp78=y6xG+FhSQ@fVj;u%^*Jlw@Pzj1 zg#tJ&9GNTLhI3gG;pxN5G9Q1;BNTS|<|xt~zZ(t^&AayhV~tZx`67VTN#ea&Y&wg2 zoZrF{x>>(v=Gr!0q~!Qb^5xf`ky`~zZ?Y>{45?`@&0mch|XDK#EFyO z)Vc3{vb*MRZu`w9r4?I#tBh8)pX&pGvuUBIj%7m!GJp3vfw7oc7PrN+pfFkKvu!>< z$8+T6^@rECWd{6ve{E$fEKjE>PHc{PE}+a27wh-8UquXk&T8miW<;vue{79nJy3+9 zn2M9%PfsWh+tc(`VBKbLLQr+}m#HeoHk>1b%kM!q==)okcOGFe51!#Zf| ztzbJxTn+#=Zk^Cde?h>c#}~%pJ~*DH62I^;f4l}bs4}-{|H*+0Zc~H@>a=d9_;CNx z8ptz-lkaQ5!BA$FKbkXwesP%`t{J9LsXZukUoOkIe}N^|?&rrR1p1OK$d)Lb35UYp zB1=>G;uo*0 z4+Jrb`HY7zSy?#B^eFH@>&=k-Du}2i^RJB_KB3}9YqG01sNb`mn0zse{jQ9g%&7f| z)+Hpn;S7IabXVEf(x;=6?fXzus{R8?(+saB5Qd+9j!u4hAD|n%Vo;dn-PJY`J2D9} z<`C&I<1PIDUjJTKnUxSU=h-Jynl^oxF5H!AKYahL^AG%`yyL5aUG63cwzrh4NfqQF*k00Y=9o8ZE$O4 z7KiX3s-s&#sga+v@I)$bF4<}sH69BT6v3aRVpIP}gSM~3r6{jjK{3f?^g!jQfLhJ5 zuxjE>bQ(=fU`V=XS_zc9>kAR%hL%|zE;P(T?`PDzsZDPESh1fB*re1Ya|tLZ|JA{p zo^QR|=KVDY94C>Oj4A=#8f*nqF^8u;e62)8=h#6uDiy=lblfZ1);xIdZDWa{&J*X+ z&1Ndu^86oejYpz6XN9s5q1u`VbUrPK`pZz49V5Gd&SCxijgg0MQV%fZW7RJ?)utCM zPSI@gT|vmwzK<;X)uYE1b|q|?-mYqOf;xKj(zWDkDIRG{mO+=f%6yiI6WsYRk*c!o z+VP3%2e7T-hsNmlDq|}_Cg6?kbI{+%B{%fo7#D zD9r1*Hmz0<4MAXRJuHLSs^%A!>(^ohK_&*G2tqn6RJsS>yL4Szn4^RBDN>OISs#^a zsr=3RuPEYH*B%yJruVpvM?0;vXWylOntIXa1$5@VMYksWMBX}m2r*yQS-HfC6u2LZ`$0X!wl$`RdEfhp9Zm9w5Un-lp}k%Pm* z!LAKck~)(@UGf%}jfcMaopEQ9v#q`zCORjA4GmUP6%&dIzVWW`@}5s66DCNsEs9o+ z-RZlJz^9mT>V-y07VoY6bC=?4YqUcRgg#}roNH*i9rj=VjsE;s+N6#e@fRZktD6@) zcg(3u*B7Z@7q@#k^%vu2;wzDKqam()oCU0yxa)}bGs?}WpW?qOVhX~i6y#V*nM5g> zC{AX-c#p*KL|vE}q0kRaukC#`w@ZGFSZhULI45bWI5yMQ;%L&B42;fytSb_vI}|!p z#-T#)7=~Xhy`)aEBc2+?8F`P8c1~tmohU!66BB4sKXBCR@`!80yGO8Pc)m4(fS-s;0JMsz+-QIYrfHfML@PtB9 z^gyD_MkE5QrSnLFm43~qvd7{czqON`)!xcG{6?=;6LC?K&81^{s*IJnYx0ck!WJy{ z3S*veDp4gg{=r2-rK@roW?pLcvybayYl*%KDKh&CpUS@oIJ+XpPD3;>;5tL3vEsY> zX@KwkC7M|Kcb&H+_q{eCa2Y{7uX*_t)>WkEY8HpM$$JcQq)5u*@n3Z7L3XQh&Z<)T z4=^zb(DaD~ORR}C9{pg~OxH)8v2^+x5n#4|O*aNDH4}Zpdu!{ObVDcUYu-9t%W%AQ zim^Fkbk@Shi=%g!sve5YPSvbGz7jA}n|S$U@W$oMz;eb>{G32_{Cqs*#aYT{Iy zJ>qq~EouSU4yVuP?;hlhI(8^@pB2^YMxA>ye+re}Zu&q!w$F}(-~$pe(lGdovTa2) zPn>=A4XH@vDb3ImR{C;nw|Q7i=Fe(a5vn!Ve3(mUFde4YkhL^B;-I6Ss4=nCcJ{^@KZGDJfge9&U<;ZLBscsNG($cd<@ z$og}gRomZaqs^TqC0y0wv4v!2?#q&=^Hniur=z7qV2e$r>8msbrARS3e4JX0#oA|* zX?poR2M>OCKja#DO?*4WfmTBPn%WgJ%%D< z_L*iq8f;=nto0Zxv|-(?7Ug5b(t>i}zpWND*I!4^rQ>um4H0_J5PPNR322W3SwGlJ z)T+H%qO89and$3C+*S09*;twwZ*QTDrB{&bNU(9Z)DX>8yTG3jgrMS6_|VQRvoed1 zQkfNJ!gRb?tc3tYzI5Zl=_dSgyrYX%Wg&K;-g~_LAiLvX0;ci(!MeVPdx57dqwqXD z%4IStj2bT&$2;h@Uh`_)4y#%9SM|5b88CA(qm9}rjq9EBD=t|Fu8A)4xYJfP8Y1)# zM?F~889~o2@lc-K@pa^f{ml2el(PiFcSmV?dp$m9mbL%EY(L3QDskx6#0;x3`^% zU(oB&)24%SY`N1}5|l@e^(UJUdW`$K}AgA+YbKWXnvH4XWrIeN}n zg&^tX&l(S=c~;eTol_I^C8e#-G_5YPbh7yJ+m&<$kvW@!Xs$;3^7y96&YJOu)pelG!liCrgD515Nxz7=F`0F=$x* zQ3fdomVRr2rnGeK7>T#+#{NxpCTfRdEvKF(zE-e}vZ1O(OZc{M-+5F5-hP}>VczUp4;-*!sT$@^Vy?nye zgWpc^JreiXs!QGZe0P2;T8;Y0^=&QNS2MIV)`U38Xe5DKq->EXsPu8X+u>pQvGRZ?c_F0#_G~WN<=97cc>5AAOYve>Sc(accOE_NG7qidoyQbr@k5w|4kP zQ}8kV20gJ$MD6nHGwD4GGN7RDZ1NQ4@b?{KKpf<%*3#^){SNg%ZJETU%mYSlbO>~m zDt&ndwFaa6B+UlfJI$}3FM|e*s0WeB(8{<~vFzq5-_s<;IF(h4ry~MZUV`Q@irwkO z`S_|x`PkF0^MsV|yIyGPeG_{^H}^~UbgU~))e7Ble=wzfaxiI5Cdj-mY9eXiJ&D%`QkQJmNxbIG;G?pQ(>{eg?+aU~L~7L3WQ zVhnXL{ehd}UpwF|H`dO-3bIWs4Zr1t()S#F!sMHt4rbp;UVspc>flAu7|x zix6eU)_)7=boc(PLH-ud&*KOzi}kg`!9EF6<0bohk?eT$H_qLR!qK7Eg0Tb!qL9!l zZtr(sgo|-`%VL>xkR*X~r~Ehe|KpSHh+;^rAtID`MEa=tQ4o+q^|_l;g1N&{oDfLr zWwReJ$jXQPdl762XXtU3t`uGL-&!gt*pw(+zxAKbLYw5+KrVlAJYGc6whz(;E;IRc zo-e=!gAFb}=A-P|Tc^0-e>k0E;2lLyPo&($|MW?)1Z2|zWtSc@t21an#c+0%#kNkt~EFS?>chTa2q0f@_?BH~S!xH>I)k>C_j9 zknDp7!4>19?kl%Qno<6m@qQ?3%vW!P;RI^X4|l^%kI3 z^p{U=9FwWA2gm4^^Hx)$_=PgB(Vn1tib?V>jlBcG-xm1qH#d|rdh+ZU$GSr6_zGM; z>Wi_#L9GsrXS8eD{O29mix1HbaEE`N;p{4mUbv`5c?|y{0LNtmBD-Vv&7df#$A5fB z4vvl!fztXEDf~ZwNW|BsaYN@H|NQmK&)}pEcmCvGE6e|am+X)p z0DRnP`1=l2`xisvyCd=@1*SsNF-Vcuv$jv2I(6IS0(4@%1)gI_<$&9!nP)pBX}UwE z?83%{L&yIMF5nATJo#=o=5X4X9MkIa#V!C<9Y4nDgon!g6;$AEH(-LDPs{$29w?|; zQTsp)a6cNuL)YdE`Lqy@TiMwD8OY&WIGQe#&`doH%KbQs@CrnQ*i~-GDR>J6iF*8a zTEJ33@(Idn`ukVjxsK5w@So4Os&IiGJ-1mkC_`UDxG$OC{QFkLpz=LZ_j6sUMi+|m>{5a1IRsMp?#XZU{v;eU^(EQ7%F zlaC{|*2Xikd~|rtS0KUX4M_91kk@luL4ICd>@v9kQPfj+&si11{HxM6c zYi4HVw0#&7GvMi~vagz{Sh1qPfZxu4rPez%;6BL12c0@ez8P1idJn#F_jQGNa*UHA z;^H^k9Q$S}H{2}ysIIEP2q1iEsZy~f^n-U7JGAWi)o|qftCl(WAP^b9K*q8k99LAU zvZjK7yjUDaN-m+^b@RXWUKACB zhY^O#Cf~j5@bl--aubpxz}5^jl>npP&Exg zakwLjk4K9x;iQ*$I2o}~=rLH6BPdes$})hI7WhDZt|(c8=E%oJZh6+FAOyx#q!gs-zYqbN+X&ubIEeYS!>|yYwQER|v~!vTmn`zi z+#4oFDH1qu7xdV=f>Ao){Ft5M<2zis^jD>{&hX~WuNCs!($_9U402Mz3=Hy``nI%CCQqT&-YPnir5;319D=Dv%oY_5Ls=p>xmZ?iGv5W0fZKy` z4>7neER}qhg1a0EHob$(z`K*5gVL0VKsRbh=nYV1`_qB9Adv1VMuj8ORR`vq7Yg+- zZM3~!OZSexJa0Zyk^V+cMV#*eGoLOe3nFZ3%U9wFJZ+NW;nNL63Zr$DWsp_o_hynI z9IP#M#&9)5jp20f?5I)b9y(lHN3gam<;0Iw+iMlLHd^qja{aG;Zqk@J;?jyQuPp1? z`l(=T#+wwIJmo4I6LrkJpC~l8Mrz)z!#zZz-Ot3_W(z*)-i=jP<*x6Ft`m>C{NAk3T^lpD3peCRyy2cH9>Z}Txh~QBVtds^}LiJdGMLu5!=9tpxx`^q48X`#sxEAj}O>BCUu z8yRGCrpk0eI-ItintX9EgCkb zsK)x7SoN~o?s*2lQfWa39FOSrL5a08JU3L-vGT6t4*Q23;z-rAJOXu<^6k2vopNVg zd7Q$KkJ35xC@jvD;jw8MOKI>U^-`44{BwNuok(T<)~ypG#~;AV^1?k|mDbD#Q-*t( zq#nRrm!1Zdd*kKnqin8}M}ja|JN^eg{r##xq-kZ1s&<&xojTTLveQBqWprtAAww;2uAWs zjbe`eMpkGq3a8};ZT|{OQ8m@>>Ce0PPN(TXQ}~fUe%5s}H*Q2Bu$jHVTw#KTeiZnx zdC}z(c`?1a#v}6HH@7NbgHMhg~2{=PbQ)0mY_Sk{$N%x&d=qI-%|EbjHf9SPOcbX{lv2pJtYhR9n~X+#knc#H zh6>;J&g>5ga%p%d`sDto(dQ@_R!B*Z*+PqNE>{eCYL8|c494&^7nq;`^7!`!r;yr$ zbT}d~ym(dF;|GPT`3^y(AA(i(B1}sl=$s}X!)Enq4Xp^;W{wEzJ_`EU>2!>WL~88N z&SU%^IV0MR6nO_DrvelCR@~uP!X{f~1z=}3Q-+3y)Gu^GuGc}5kI?>9W`Z^!(|S*l zV=O}d@?FYD`j2`Dvpo`&4 zb9lY=|C9^j>}vIPl@@+4{Qo-_1jA$h?{h%`e{(?=zy;YI3LN&g?)uNFCMPDIvJWu&_=gSJb0Opp8?*))Gh(}={;rV_m?o8g_S+%mMZRs) zD>`}CE_~RZ#1>ka7uKHk4!8Tlwq4bxXWox)6T&aU7SF!J{)>Ncjr@K75i=V>`@(~D z(X8w6bZITL_&bu$ZwlNfhalM^D;r;(8d45|0rOqNd+-uPzb()oVb`zyzg)wa`(ya1J-VV|cHT#m0l>+PsYXQ0uZ zF!}1uF<#`B@l$+C^Z8eshJ*HQuD!E+dh9J$0Q>jlHI{XS_K5+!l?&dW^5YzgEZxYIG=E_osbKA~K-Imm9E0 zpur!?-abY=>ol%*0}#+!3cG*q>DnFT0djdAAR#>skZtr8#u)1uI^FV}wQidg=2ZQ#mPHCwdflfIbm9TweD;<;;ak8Kc-wDZ|7RBlBV z9pV@3>%Sd<50GETp77hK_Ga9r)+c^9ILLAWeW+&-iLi9EwFCO}x9pl4ys@tau6^06 z!Y^FjSP5$HduR7Cci~<`8$Awrm8(Rh3mJLtCZBiTVX6^w*2+Bv5*>}H%CdgIsaM~l z69t`WUn5dyl+t_z!nYjO@{=82s~3-Ugo|XsI1X)0XSFl9NUh%JS5ANRmB^qUg)K|& z-cQ1j@g3?bJt5TeE}vhVIa?JN@X|CZL>(%TVoHOByj$hkSV8b|qKU>&waWnfpQ8}P z+|eE23^125ls?7A-IKOJHF}s*#sj&1gFXg}J9`iIC}Tzi3DrtD26g08&_sLyyi4Uk zgg0wI)MYUg*8{FIuwT7S5F;@)e1I@cqNobv^#hf^)}4=}$q1YTg`+>S3W7?s(hC;g z-Z+>FscqwjtvkYj$@Kcxzt#gotuhg0s+>rFllrpQFb;$+RFDpSE7R8m!aMI$%G5lc zq@*OOw86b)_VqAf{q|d^p@%%BFP47_rZ29teZR{Oh6#_}z2^JJo1!evr2w=FBD6K= z=grlWC(2N@@XhafnXAB&YnB@1a*v02*&3*v=#u#yWoHHvId|Q(z+aAAnE)tE2y~03ZBYI4xtium$rq5l&4yTs`ug##$Ng_amcmk&Tem zS0-lTK2K-z0|ErIKn@t^C9&?RyWsPpB@8nJ^?*V?i?F^qu=4at=+IvvDe><8lq`9w z-YQ_}jGBg#OC)k!GJge;F2Tph?53@vM@8Ln!I0gvvt(E0{Lj`ALQa7qgPuG>Hl-6e=Lr4rP4!N;dC zv#JTrN^vd(LYa|NkFQVZf^-E9b?cz)My~6K_2_+`mVexJFYT(vMfVp6s_zD`_b~B>8DIarZS2F&3Je?sQRHo&G{as zi3T>M1BM`B+cLA9og)PA5541b<-;TD!b!TRq7m3&A^*>JgGzDs3vYp`2m(F$L>6f1 zd;B4BXo9&Ro0SM?p?7xCfL!4WBzuJmA^1AFi_*1{snU?v(zs&3xnY1e&>9i5sVMFJ z8c31pQJkDz*cWBR+K-PLrTjJm;T}q=D_VImz-L<*!9iy-<(PRcQhyUN^_^UVcm}2i?I68qAB&s$awL z_$^)pXQU105%F(?ulgCKog9oS<qvBz_ zNMHC_V~cn_RIBNuV*)iFT^*gg>6GXyRD7kB2wEc5+3xcuo!i{Cu@)^SFMIlWAXIyl z=yaQuwKZ<>ojTDo7BH^UqBNO!rAge2$JE#H>Vt`yd^^<$OuNr#6LY>;Y>j=57Y_UI z-n3MH?)H?luMA;dSiHvxxPqb=Oy2oc@g15;wkTV`#?_5d3*KyuA66Ayt=151zcBWb zUh44+`4_b3+%R_!%n6;Lj`SWs?ksZheMm`e)MSya5hAo?8+(XO827-ET_kXX8AI8OWsF(_*2qgNj#wFkrks49Q=d^~@^i|wP zSdhB9JgaQYN8~?2dzx%)0rR~Uq5b>!<4yM9`3?JJ##N$CCXqeZO`pLWx8d@>QJ4)Y~4F( z5{fB)S-&dh{;mArNUDslEnm|M-kEj(uM4A=wot_rg74{l49kwxdi4E4pl2=pdM2R9 z=s*&xO!CEBO`W%lnuwz$>=^ohMA2WzZq-xE=5WrBMcRd3DAnkVIc}%Lzq0N^Pg`9a z%!R;ON9;DC_cHI)&uMO)k+%e}qs}MCSci`>0p>!7AVQ}SH)`@tN_Q0qKcKjdy5*O;0@x}O20j8~w=UAfDXv$@7ce17(4GCs*Kf6{j)^;GY zC#NryC|q?hYVwrSeMIfO582t0-Ekf<5F^cb3z`;1Ntwx(d*={X)>|5&$h+Z;sj)-^ zoWpaoqqMJA1#b2GmO(e%9J^rDCG-1VAzrrU;`MLu7X%Tg*zBC~J4VuYqAurZA`RL} zTQiLV=H%QFsaNOvu7MK8M>ue)WkcJRvqZZOf+6m8_)_ zYaeUy*ogkCY}U67gJr=h2JG>V(LJUD`FDve<74&d$&~)S5OS2Z{vV8F*Y{_quY`|l z*}T;A*rIQk{8%>fE=)xf$V1;dzaE zmuK5#xuMJNi#%F~$qVey^Ub>w67ajAU}0A!amw2p^r-dscs#G2x?OpCV)G%EqH%+1@DvQECJKJ_@EvfW zxKg0m5K45je10fG98|9}v%`R{>20;4x&4rY>qeZ@cRQ;YJ8aAE`L5;qwqbqUoKCK9 z?JTs%$!7EzG@mUDN~#n(+nKTNer^u}v$xU)pM}IwnrQH{pSR5YeMT|(gzWiRwPyhE zn@p=N0F)#|#F%=wO$u+3ugQT^W!29jG=`w-`fXv>pFztu8VA-gD3dEl+l*qeaWwkC zyF|*IeXVpeS^Ok((<6hw6rn}HaxPLh`;OU#MZF47Tbj8ra!`Le=j!lMa37ax&C1be zfvuB%sb;uIVL^e)hcY)T`(|(9GCaC!1LUggs2&x#;4egPi7Ol)RMcWX+|=Z^zx`BX z_Xf>m^?Sw@qHU!QbchU;B7}C0L{-1ett~hEnM9Ns2^TapvlNmPA7BdWiF0DVzUA!3 z?51)bgOB{MWlEPK`qG-FgzYd;fHmwWm93j#mg1ct_p~l!PlM@5hn^Udpx5s4F3;@SfyRQ&U3l zIn184qn9OTMp?YK9|M8A?_f*3GJ1x|TIrbBKG61dUV7&e?C32Y%Df%DbXK>yGHJZ6 zOeeURurr?#*vQF{3$&1@VU+%hAl51zmQ6ySdvt!jAeue~vS<-r8X_f#r)JAlpvujW zQIk9W#;JN+-r_k8kS!PlN4}!%Q{av#5+s;7Wl4~5#k?t<$Q@PZU6`n?CIhrG$PKAA>4?esp>$;t_b%E}Es^dJMDd{%|CBb$^Q$WJ9e+j6g6_ zlPRv6rWD%u6Gak7((!vuFYR7HP)f8n4^0i5-8?dDfJm z%_T)t#;-n&mg*DmmEaT0Z@mg@&HQ{t-N zw0z;dyu<2&l|IpInIRuL@$i_6O0dzud#L#>YgQkTsP9ws(lYfGF2#O6!sjot=hK`sXsZ=`~ll> z+p6M5_$XI7n6EvUt=VsF0c_Gw?ogl`F%8K#J0JG`WP5c-qZo#%G{h5~*c_5KLcixb_k{+iVz zDRf9q%1)}6{wUIQMEa5XYUW!UBs6fp?|1v(eip2yjU!xF{&%3p((o@RyvzNl8nvKx zR06?(Ke-6Ke7+_SW1noPKXUHY+ixu=b{&5!xtzL2(T%_6$Q)!W{oTp>Z+$UBmi+IfaOe6OQlIwmDV}byRctSz{MElCLf8ll6F4G>GCPaYznqVYuizueD=1vE z-jn4SC<_1n=lOqfE+bKb9rTpd?C+`#zJ4!TS@Hq@Yph(9c0H-_aLOzGQGTH|-g$la ziGRJt?`#+NgFi_Izgw68{HuT57?gMUkB|GWB$V7zxb-Rj0Vjk0S9%7`pKPK3qE2=M zu|E+lqNe}+O@6=O?@JE_h}ZjKXgvz*gYL@QfQ@Az04`Emn7HKYl-vjW@BfC}%-}*g zI5=3`xKTdc)glX$Wc-2!)y~J<`P|Xq>wmtn_`?S5vI01ceC6{UVF6m_M$Q(b)E7g8 zJ}Q_1Okxj2Ake?z2lXoL^Yc>;FxI&7_-=0iOIrGXt$3_+8z7tW5ZN*LG}VpLb@m+u zDz=q7&23YIk;Xm;(O5%U(knlOxq4rUrIJl$v~xMoDsvPl2QcL^%w*8!+|5u_$v2-= z3gPN@AE=Z*z;#SBkpWQb{!o}61uVuH8qMv}`XU)*q5Z=F&P$n;JQuKuWG<9neGZ~p z3!nw;=e{G-U|+v^`Tpb!YR-iJN~8Gw;A8j)D9SlZgYa)c1b)f2IFS7qUXu|AsT3^5 zgS~&wb9g0k85GEZ0(q}sq4Mdzc>RNnYu1|9Ens>M$= zKRH$ftD_Q3vgp)+hwIiaD4;>7dkxt#VQm}GQ|_`lJ7_!(A=&p})b~)?VDSp9mZfX3 z(Ut%KY!SX|_vCvH>o=g(@9w^qK)L(WWZ*WY++LLX0aCq4R!@v}IiqzI~LPixFqg?3)F=v#}~AXCs^H_j44=G!N6ohUcvj z@{QVaaF29BYJokNVZhrw?c4_b3r(xbAV}#@qdR7EA=ShyM(&VZ9AZ` zZjG>|^+7QoB_7$A0aadog{JQj0|Z}M2DDqQ`%b3L+c(1F>ucReIUxS)QDiR}yjYE> z1nMa)BCcOSibO_N-B`M!#xrXy@SRFk41_WSO%_KO4v*%XEs;Rz7rbr)zMImQNn=hP zWbq4nG(yTev`Z@+E+S>JOi)*g{SyY9fm!PnVIVn|v%=RNtn}V?eQ`pF@*UB|?NFim z=g;?w?pBjJmuGz7Rt_Q*AcuoFi%9k#y>It13rmp%e8rk{zzg73)H!;q6)ikNgg3ow z$>BL=@b!mDZQnXPp4m}Z^}CEk^SGgG0)Gk6rUu>W0i(^G?q8vUh%m{AL;<$ z8D53qWx0093D)xoWG@)i;qyIU#U{(=OTbW+xJ1`p6k;*>TmyXB-`W z4t+Sv{}xudLJg)aX|!(S&tPqHdOn`Tj$fdlcjV>639Ig{CIo>XCTBDG&W`P-t&y98 zwpD<*AMd2EJ9j(9(q5bS_bDiQ(mG7@y zG2FzmKjp7<4CsR_BZ{T<8nnjJ*?NkPeqzXNyks=%Cg0FuwJVaIYP;wJ>t4=6P6zqA z>CPT0^?V0dp{2X4Y=s}BR?c+n`~}HI7U01hnMDfghACk-0|^~o*uUtMtA|4_yJ31u zT)x)SicFX`iLj$;jtDLEoP|zYylM0<+0rsR?vgKIm#E1w6{nhgkqL>5DCh5ccAJ^o zJ4nSRApxVV+OwyjxpFqM`$846koIUzC#oG)3_K>0dOTeGh0R<=i+iL@QQOKd=st^iMl%@Xa(k0Uu20>6 ztb`0eElWw;Jc3cjmLM3WgRc-}1P#Z_1e5@a@t$3i0(G)^%bU^PWtIb$C%*>yv;;N7Pm3!SzHek7|?H-TsP z`IndHWQ^Qs2E%Uh;q}ATF90UJu;>To+s~E~q(sk6@^Y}~BCm;GuF*a`BPL7H6iv{k zHNK44dAENaACOo9bW<8#A$>$Ff`RslaPYH?qbamDf!dA1%10K)+UDW}q|y1{GYv3s zswVlD^6A?;)u_y-H*(-8-TtTJZ@pC4Oog+41Iyw7qOzcB@xtEUC*gk{g%F`(4~!F| z*<$JWuN++xokt=?LY};ZB)1Ml!^F8(+PARxG@pBY>um6?y3Fc??lmNq)gUoQIB(e> z+reDSi;b;b2=RTgKWwKK{l|$e8-za8qw<^i@;dLOYNTgV1Y|yf5Fb!VJ2mnKAr+Uz z)~KCel5k+Skfo6IEZCZo@7vy7;9!cpKHw{!lAY*^G|h?73o%W;{qmvTou5v=F*!J$ zGy4&{WT~M7eAO&2v2@prQnfrSasTcH!uo#c|2|{KC#KphthAQ!?ejAaz05GVp4ENW z?t$-{!f27*RJc`t76SFmE3Io{m|tP{OxvQeQ~mR{9MiUuY`|<~HQ&tN#rgrNZLLa% z`IF@L+Dnqn9yEzpht6nQ6WD6b(4LHX$veZ85N9@j@ciyP@Up^RoQy{#b?)iy8HYR~ z)m1sqA>DTy)9=1r1&EW@R}%Z*pRaJG$LiRFIQ#9tmh%1YIGCR;FTR_eo*voZt((8g zU1MC2XRE-a?#0<^W|nF0;&X96(&!Hm5|pRK8nL?rSPCNEj;hi*J#C|1?GbC2^9|?&8m0I63<~FSX7wnup+x zy6;vxcNV57XJSLbZCD6wjp_f`?XO?*;h1-s33SlAuLK6VH?oCl7^PC2>^*LWTnm#@ zos%DWSKAs`alSSi5AdAsS8Zu(lAH@Lnv)b3uGQFDJayP}C~S8{HU%dgeQy}nNTaLw z_)+IwOh#DqT$x(H`kRX}f8-6ynOV|IVA-9lo-PS=5BLm3ZzH5e&qQAS3ci4BSTkLzRGSm0@MT~WwGyGB% zVCGtHV&RF72HxO&YDd>3@B%(+3f(tOsM|1IGd!>~z&T$RH?9Yp$Rto`Zz;pU07|!f zl0peSz@Fqw-X%}>Lm^oNQxD;QnTrK*NT_%4wRY(*EhLq_FyJ(PFGBQ%_4Ho_#aUYf z#^EFzQbu;YoH+mLQtjB2zQl@CxmG3Y+=}Ag+8wNA^T9CsGIx8JQHXeGF{RDQubC)s zVqNe|)97vJ(bsLxz0J}a9v|s8wuaPtr=3?~DP%*1<}W-g?hVh~OTv{c1r)>Fxi;qO zUl$!23cqD>tc-Rfxh(W_x@J6;z%o zdQ>7po#$ZLe&;~R%*qH@{wj*FgF`!@*s&I{g1>?$=q%+o#;2b4Oh7?$7JBn9yz_aL z1ztm`Sq*5bgU5;7VOA3lAckUj~Y}S8w?eYfD_xp2Tc9S`P z*;6nh(`Hc0WoE!{=2~}3#|5k7_vPPDIhz6!9KP>(0F+SX(8^Ln#srWbzITlG*8$;# zjbuRl_X4aBD_)I&?$-|v^wg9upNB#-9Gt#)rH?7yJM^lW*bQJ&tYjDtU2$!AS|%Gq z&24gF^tLQgCHSMs==t|wwtLcR$J?A+Yp{OMMXg-w_;6kQl*{TSR>x2W@fghYexDLv z6~~Gyjh_NKig&CNF7MY+zx07B1z{--;TOrSn!|*eQ~XcNr^8L((H~v&KN;cL@24~- zS2S=N9otK=_!)tKKtcO~j%T@N$L(pfI(vgM-fn!?w0+ibQP%JlwGgKUWbZrfVCFnu-jZ0l5iyOHYCXQZjmlTbj-J$R;HLEt~ z=|i1~_BwogSe$y?`7*C3-=J?EjEy`Pda~GYBR6!V?X5JfZhuMt5E;qG07-3QmT0t& zN63Qel}{3VF!WTFpY|K=MS6k=+OH;rzz6|#g>Z~R?Ez0_qWT(&5H|e~bhPq`YDZgu z_Lm_xBZ8P(>Na^4Fnit+14F~6?hPBLPZ+iQfv70LeC1TesAJ$JI#@ya ziX%VIX=o&Qs19i@T4~IiLqQti;4JRTP+loZQ*ewy=-WQ|chHjOR_6r33;ugX3h{1V zys0BNI0JT{<=D_}0UD>*sd*$OWgy?H=*52;Z(j4FqDaW*p+ zy={NN3TXsJmF;21bo!)p1`Ar#=!;1I)T@qpuT;Md;TgV-JwE)COdV$81#s`P5 zA1FZF+fG4H3ga&@BdnlgN}EtUgAP3|gJ}mt_ykd%#torC>HN!uwv-6-o3Cr6Lm_*; zpOm(gcLw@z(zOE$7FGBR1qpL-c(;J)R%r>XT4;iBa;grYPMayvO(vl;k1*p9`Vh3* zQ4REUFdLEtv`H=yUAHNs5b;GHxvFy zT5B@{H(4R&*?HPS*MEh)+E~h^q)9=fK+(~1u?to1C+eAGhZ=*cm%kLLv(uVXr`FW6 zQsvTn{mT@)h_jhFUw_gLuvRalc#Cebxj6O@8PmUjOcN!Kv*lTs3Nx3cFI{_% zCA^^^4s1l0c6#ndqVx`g8twtAMalO@dAlTR5mEDKPU6zo<^e0B%6A@4QZxu}@2b53 zX}HY95Hp9F4Yk0u1v1m;;5?cIl7kggkLO(*WcdJ?2}GCA1`b+c^zcjzEaUM%olrPg z^7y((mG48CS*k6bcLsVm(guH$yuw@&vdu}7Z0CMO!OtD)DTFGP{uXl*)Ytbpvh*OJ zPfjM2en32Iw;n4_ScWJV7JV(p==5pCk-t^5Kdb{5A79GMIPtz2WEy56P1psPn%skt*iDwI6-$No?E;(H z5d90m2n-*qF=a?|2+Cy%R9G~dj$TN|?yM!m-T1n~_#)vPc)#Jh)s8QmkP&|esy!7+ zuQ<1~%q*-#G%#iD*a~udr+uhQf;g*#8~CtjS#v05d2JuF=!rSftf4a9TiWo`nR4H) zHAp`+7qZp2n@-Y5+e*r0X5OINNb?sG@8MgK6OOqzY->F?hDf1OKjQS5xNlsDPcrIR z0$yH=E`o72J5WSCI@vTK#TO$K_1CFe(wO*P`wxG4bNLhr)y0zNlz^32ae9g}h6hbo z!f`^6Uz;g9IvT6I8USryJkoPQ$~v-(_JGs4se3)Nd^xl^!kdi_LU2|-l&{eSPW$!g z3v4Xf1YXh$-UqI1_WcnKDn)etZWG!ls5Ab+rVgh!a;NPitnl%X@-I#!vqES> zeO^Q%_;Xl8pvyyhZ1Ic*UXuC1pxW+o6Ac?Hyiputq4oVT#DZO?Q?+Ii`Ien8=-oAp z;UqDtN#y*}UcFV4*8c+$`a+OIGk@6>8U8{r9(i=qZp=a4@CcGUGT=#qq3O(>!_$O@ zp|)pjw`Eg>8@zRz)YY{t%BP}3`F5a)(oARwN|U8ZP-K1C(KnP6B}AEQ-Kp`UlwE-a zllSX1KayuKzWTyCjuDG_ae7a+0%itl^bLcgd9;gqp(mLGp4<0f$iZvc2535|HEFAt zLp-tu835^Kc(Pu>B;w5~sAGj+xFe`J`-_Mxae`%H+Y8BQKGQ5j=h=j&3*li`#I&f1 zoc^ebIJ#}L7VRiGaJYAbnvR?&N@il2BCL~y2^^Cc5eIb?^| z0UJKc8J4_ZT;VuOTsZUIr(eYdupawoG-fAj%5?va_P#U_%J%JhW-tt68S7ZG?^(u@ zeV4HniBMEyE0sc0Lzcmi%-AWFtSzEMMJh42K?&iGvM(XoNkqKorThPX?&p1<=l%G8 zd7tS+Gv=CWIj{3NkMlf^-$F!;3X&Ib_2+E={d6O+8?367dnjv6)c)FizsKSPR!vXd zESwnET?4>}3`H3aSw72pqQkC1|Lp{hG{B2+}~}V^m;}*_|5%J z;3H|mDbA82p+Yi!le7dh)+!HHU~DSK9576TMx#kxf#jD!)K9`6ZS$;a z;oaTSZIlE#q6eel{+4TM8_i1Q*-szsedgX}Uw;H9WFd~U|1@ByVj7 zM@;0=*qTpT{z4wJSfz=l?%f%;;6V{!S|t9}ri)ITOYfHt)J4F3CE+t5({j-->{C^5 zlxH3HGn(cXl<88d&&oW*6gh}Ih4eT>B;!83N<97z{|`8%$<^e!itoSNnd9X%%2mRp zZHR6o-?*%aGARp^#;Lp-w-?*xtR;PeYN~V-C3{_8EJ&2XYbLX?u9{9#wMs^;yf|0gpB2!AIiWujVT(Y>{5=)tT z^>S)p1bJ7*Oz*;t>p09OisTw6jQ{G6=Krq3rupbO7Ha^pOX#V8mnRpQs8j7ohc%ge&h5}Q<+`G zWA0Wt)M>2#Wu+aPw7&;iIJNf#u$F~TjhSJ8D@eEl1qtW0@1cQ_YprzqSaMpZ|5)5X z?zaWSc8Afs8OlG!50Fb*HbzBTne1OKu!SLmpNN6#$D8k^Z{k~}O%M4Bs*Alm*V`_$ zmGATyP&MMN?ttWB?PskmFz*VqvOdvD#X{d|Jh){k{NAc7bA5K@)B1bWTIwgedTaGB zCm&r+zjxhfPX5_8#dY_Xf3l*er$832%@pOStYB;*`xQ`7Vu1qYez+`Dz;&1PDF}-+ zVVm(=nM{;6_qL}WQS4EH)CxdBn-m88>=D@5U6THvL=dDI0)QcO@qiI{GV=!7Qo=LEygVSWuOYT4rd830TpoD>81COKL88~Jbab#8-_Mh8(q<4 zZt9{s;n~lj+^4k+FF_LkGiQU||J2Tl-T`tMF}5RGq^O0E2W}N-o34Zx0eIX8U~J7u zTim%y5i+a)1=^hTHz%S z3Ku|NiRVTTZElboMRzW<=&qb|CO2sbU_8gajywp$izw@)kfVCG5Ohr_)`sr77-HC()-3ecwF2R$rIu7G7iFl z_0{YRSI0o{uKFJJEGSR52EiYT=O2@|6O#IbeR;w_7w{_TpWXNCRQRJf5|#{f+L}1m z;JtO1N8lTBW^*A8oFI6!9*$+~JNUIY{=F=MupZD1$~+nBppSrY1DYYdi;B9&BsO98 zvipYp1p#(v73J>Ve*F5Bu8Ei^98&w@l`i#+w;E` zc5|P*#pXXG$-{8qc*dtqt2zeQr3wEvE}^|WDRbb~Vq(e65F{gUFbg-D;CE+5`Cqr= z4?oI0jddYbV(;f6f&UoY|3Dl5t<>QHeN*~R;rahospG=QyZfDW#K}SE;Mo89w*AYN#n~NU^(gS( z$hraj=rF47zbHtL*D;H|07d=J0NZdk91QepV-!`rlqHZ?U;~6S@UzyGKS)Dx5r3{6 ztdmi9z??t@^1kr{>bCPcAR-+DPyU`B*nzOcI_4YM*&@fb!7g3`cbU(?N#>lr!4es` ziR?oYfYAFO$WfmL>ED0=Z=f9RGD-A-KrIPJ&wDS8HE987iLBhIo*t*c-auzLh23KE zp8=5$R2sg+=pc*_?m)u6Kop<_3fus|DBTEjxR{Dq7_cT3 z@VkCslye%8yUGBsyH6}~%VDc|FEkt-ZtFM$D139TrgA7>+WqTFp4Pm(@`}wIAWQB6 ziOsLw4-Y_hkNeL}qJnE0jzSrzkOYax3_z}HKIZpSZlqq88c@;i)Pt->?p%1?3RHs5 zLCL#0j}v@=Uce4V8|(wLrc-x-fQA2*M{ffLLTRPhU}&^)jsQreXcLqf{Xq0qiR@Zm z8ejS5xa)?3`a2MC<^u8HM&ccOJc}r|gv%IYWV33F?12#g6t#t4$rVN$$=5o|K?RmF z5HjFfwH7dj8S}^fISeq3>AFu@xu<_|A|9l6GZ(_l*v;o)3xKMqvua$+4oc4r!X4oY z{sUENGnG&x8e|;G0CuGLhsK40szbtr-w>1W$dh8{Cuc!_LS#4gbI3PeDELJM1z7fZ`xPJ02!|W@T0=giOV-QQUU>p1j>XNEbh83 zJz`{_0;w*&sxr`ChpvJYGUOb68Mxxy0olV%L)Yi0*w2U693A>y3IJfAAiJS+oq47` z=M5npk}g|SjOTQO{$d}fQL~+&*G9T7gJ8EJY^EdCFKKM)K1ZT}30dE0!?l$Q+IXV( zBgTJ}E6V{*OOz{w##VFOOO*3k{u*d(@)uwi4uX!7#`!NV4uxr|G#d;g32NXOjzQiC znFJD?1)6|F5AR^}V@T&}Hq{Ko!-P*N7KZ3yW|R1nwH^&| zpMdEQS02oY5w2G@4m^nxOAN&*e4eqhY?qeRXN#p*N zRAN}%#F4B7VaonJc#^omwk+20QvoOpa!L#@p#t*Ad zi!djBA>SlON6JzeOmb9d>j2O2D3s4d-??wm3PQa}qy8QaPmGTyF?ajURk2RF*gVb1 zu*-z-YM`=vR{fy59e6s~x9r!&O!U@|b7qvDtgX2N>dCo(7lRdDZ|M8B6|yfF8FO|d z0YM9ySFN=eaFCY8mae}?{eMIh!0D;?DZaX{Cqq3JXxLE=%l_HWP#D46T}b*ctT7z=c-G@@vAqTA8Q`_3p60|w8eOq~@mIgB z2QU@vI?o9+)Zw%X%da@X=^J7=2cYO&9JXF8j)4StRECio@{416?%#nZC+0xcbr+^^ zxE+g29S<(&a<#FQnN4di;+o~N4p2P`T8wGzAzP{s7Fu$eod7~0P^bI{`fnCUTc*iM zf36Mvz4xS-AcW@zK~8RLMdV{i{hf{wjJ>gvE#kvSb+v@#fVSUL@i}Z~e%Wa1W8riE zs`Wy{8QvO+<=gIWdSwp*0r~i7RRN>X?8CSLNH&ussp56?lLu77b#`_JC0v8N_}aJL zLjNMSZ~Za7xB)|YjlZL2GU04EX!3GU3{PMqz$8iBv1*?(OAmq=d^2G)wpbbvuB|}P zxaVI*ou{0xMF$d6~CX!nc}fd<@)iICB`p^gRi5YJA_ zGu@EILH)sp$~P_seRvk6;tE_`%$;YdRlzdnw63nMOpU#Qk&m}`A7GcB1%pOe!Oc~$ z(s^C2bDe90ROIW#`?_l+{gAHFO;9_~Qh;;QiauoNAZb;JXs)kI=s~q>}k>kl!6EU^?vt#)BbGbo{qK( zz~t*QKb~g$Ry)o>Z6f3&;GkUv!C?*nYAR26h`J~|05v3j^NefvqYof{QDv@21p*kL zyrB}9I|UxyrOYb@lqzx~9o10&q5$2a2#3xBKMJSsgn!%~Mj)ubVnF@YWBLCn8vlP% zG~UYr!J3>D#cAu2fCK82 zT%#{~T?pvV`*HO_-{OWKIgJd%-`Coyn!BJM&>k8Y-epSm6{?l)J{A_*R)E66t6Twz zTDd=h4v&3kWK%xCmVa3wX?ddn-Cy<7ug&Y!TLEU#3i$IbcKC_v=9cPQ`=d|VTRBL1 zkj4X0v~RS_eM3m&W!sO-g6R?G`pRQME^rAS1QUB7lT4D4mv!h|MQ`?ZP(@x@0j8}K z5PCnyW26RX6%K{?`D{lU?5J{3|M{1%B7iiN0J4|ZN;WXS(n7^6E`GIn160WdX<6<} z=(umWKU|p??wmVHi+8*5s;Q2_KnS3B+g>4&Ih;mF>Y?~E|ipgzd71oy^tG=j{@EGTobhiC^5_9cUao_-7P$x3_r zvjLcB>>;g#Oxby`R#*cN*M4AkbqSTlc;hhuX;lNu#&#o}BH)dw2LTeJbR^cBcEao+ z2>>Ji`5;}u&4Qz2Q+NevRd2Xp<2zimcn;jQi`@Y@41bGq`QffbEeGj;ip&4+ipwkn z`Rk_x8PN1jA66I+Te$NSq-Ghg+JKBT|Jz^S;X4c4*S-}Hxa+6`j5@#fwea$8IZ%Wq zz6$q`Pe1y~gCPvL;>2b;)qb)pxHhMvE~snn?#DB0R=wWee|~6PhvP+baeYIfmDdoX z3PeYuYc!0{kF)RtLxSqfQ?~^~dH3n>sdJO;JCWzL77#s0b;~|uTCuJ40oiV&-IM2% zp!_-Xi>Gzk<@teDLbP^$h==(L?|k$jV#6Jh(S6s}BXA3}xI+XW_=2fu6GdR^4g*7$ zTFA1uw(EtyGKsnTI<+BK1nzy_XHHKzAKFf^Q9VHRVQYnofn?~~tl&OoXL7G4?#dt8&s*g+>%_ZfR<46*K+^&#URW*Q(*GZTvEttD|Z&uhA2xEi)@Ru2tt*iUW$n632Sk< z>NBl&r(%+Kl%KnM z-!GyUU zoz?#RHv&7BJ$?kkPFUySMm{7fFp`jHm#mvg=nN&jvl{Db`HblS$6I{wNfBY08I$` zaR(SZ@;VP;%f45Swk`(1#J#(-zqA|wiOl~BSg&YX$q4}YN|rYL+c~zb%-u$jOa+Y! zqFAGEvibb^DXf~4o9~&izfb49m@?L#Az3JWW#V;G^~g=PpMYBNRO8Y`_u0KeBCzzl z(=6vRu6%WGl#*F;;l$eEKAeR9m&qEj=40# z32S)ih}V%fP_eo(!$U|L(7@g>O+w{P^N^zC7=9Y%n-cwr!M5w~?ZE?eQm zK<~htq0P7fY}ovAaoEQ4L@i5<5YSNxmXPL=vtz6wPDhhY(W=t8%_MykDIu?)!}yW%PY&p(mGpNe?IQwTQI&w&qdUwD48uzm_$a*X5zVY0RoKY zRRpnfKbhHt+rV-g%) zBpj`xdXx5?ZHjvoMLx|{-@x)z`4I`ME3iz2fp>k!U{Y!zIx30NcU-1EyL2h)w+g#UwI&)l{jzMGN`8@JC=PcWx!*_FIE>Ust>94{}9<|FWLB zY@2V$f+L9nQFwEASj@#Iv?v2SsvFo#52~H_4OQjZoN*cPNB>i>ho(rgHu z;eCHNQ@%nznKP5D|RI(GBxt?1u~&i#lU zkeB+}xBfWrDMM4VjCa(T7d+8p>F*~8ncGoQEFJ9iU5hLpw}ad|ZM4(OtQ47H_zkcu z+0iHmNrmyt?`j!gbVE4F;YWcX@neo{<24gV3O?^`^V*l-@KT2Tyzg9Z8ga{1D=%J( zm#*e+xssY|l^}SKc)ByvL7qjvg;H0;Kc6)&5P(pn=3NZ(vcGw$gR=8(NSF35jqIS) z`bF#X^quoBV|`iKkvl&TnSNW;n>dv{;lA(0{d2M*JK9Hf z^1GjNGmzj-sl&@F8yg$Wec< zq&eie-$#m%5v~`^Y+>jwhey6zGje`Bb-}6RB{<1KEcf@6d_iAh5dBH)IbNE)1I$bK z>=^`Fj0Bfs!6jV^yTnT>H-}Tz5$M|w9GP%=`opyv9;B#q3hcPUK$PUSy>r5g^A;WgU!xmwr+^ls?gxA7>5$nTBn2kr^lJM*~;YjQ0DU0M} zx!!H{rGygID%O~S&M@wNLD8^9({!l<`2;ts2ZP73`vQUPe5@8JU(#tGO=kds<7g2e z!J8Ry9OW>o7cY%PhvOAzcnJdA#7b~_ldhH7Cctp8n-P0fANA{KW6ug=>Tt*t>b=A~ zVPkIYXRB|o`}Fx1+eQLz?aVq!WK0Q9}!Kb9bkZ%s{2tAQb)-F>FGq~r-~ z91xYX4jw!x%gZXkdT31Mtrt{W_%=6}sg@l&^Jo%~>Y9g_MCV;+$8(#OmdHk|q@Uu53JtQouJ3P1$4{FWHSCj=@ex|L}o3kWfoifHJx#0r=%-L9KQrKzPgrUS>P zSvc@o0Nb-ki@ERVCWpBUqxM@C9fQ*&$_&l+F@swtN9)s8fHmaoKRj186!=CX)eF#C zrhY@1bN$)trl4PcmQR3rd3u`FUhv6eFkymkNWmq?;|jW_C4 zWZxanjo*C@P@V^6AF~60ZqaFsDo-|?^gQwVxD7^}xnV zo6Frk6l>-!@nNtw06{;wRcF6N>kUHC_4g98jYl>l8IakI#ku~tiCa`BZ*k!bc{4#p zhs0w&g_sY%7W#T06Gd0^#bU7aIQ)}EwI~`3MuMK9mMG};N&WP#D@xhS6v^G!MJcwa zx@xa>^>eq>9;o>=#&b#HWFK>>C3v7cxPDKYbH4s~{qlbw$SpIb~6 z)BJHG8=rOae@%ukp$87rh;vBvaLPj-+%_@JV9;OsTg!f}$_w73_?3Ol z7-kMp6!#v>$YWt@G1pR0osSS(LKC+G5pn*sZg%Wbe+7cH!3`4JoIi96NY2I^%OD(By3e>PkYqMa7c#5rvGw^Za zt5;rmF()w|B4*tRi8l9`91RevZ_BRU+1ayb^T{FPy|(j(;dW8mVOxMn zb39V_i*9(i;j74UJ>8Lw+L}Y*CB*Sttk_n2>8Df1sf#J6clMx5QwgkIJ0~M1d6CZ6 zlf?>DoTt-X85hcTv|v_?ZxcEcNR2^h``Zc3QJcJ$l(S=q(SoXD?sj8Mkq=cT%k=8M zQF3>l<#r3Wi+!t&jAF=X<&?Hqj-6TN#C{fP-2{p~U(QKq*VBYh4{>8h(q?F<`PABb zF;dxd7BhU{!;1nAG4rY@=n!3RX@l?XzMI3jGdc>y3rv*|9rnynT`YCNqkdrQPQK{1 z{IzhhI`?UE+eKOnXGqd;T|5K*VfYo?@;>eZ9*iZ@@z^D4dWfAD&Kq|M=PQ1;bFlHP z1XOUk_vX5ORKG(R;e}Ow6H_DGffG(klCFE|RxO?xb%pPYb;}db1GQG1L^}xrts8}X zqL0lT<)Am7lcr+bW$Fy6I-VJ4sPdlT-ek4Hs_R9jFL|!S?F!9bkh{QiLDH4{5iu$m zFW@s1y@a@;TBXO`Olj@44A>cazO~&%q!FsK=17>~I^uJA__*rQ9;*GAKK8dGwkkI2 z2=|r^wuT_@SAtPg12Fu^*GA zH>+&w3igGM#+T6}KIN5}Y)mLf^K zW~zfHe%~#JS1dOXH+fwCoUV$T3X@7b(|$@&(`VnYf+T?>RXRyAcb6uZoGt4c?k=q| zC108RE|or9OP~=0wHWB@683mB5-qy274}R4Ewb9Eh?@84!4w+Je$Jt@INK&@poKD5 zGTEXiw!7{zmm~seE~>EdXI0XQt**`>nDxIC9fseI%&>4?u~QFU(oMdiPQaa@iY;dU zCaFEcFT;DS(!6rA>wTZ5HDbo6#63m!H_|kb&bBjIQF#u!Y*S|gb{U15eBd2_JGrhP ziQkoPw1;V|sZRXFmPj*YZHDEcYTEc+cd-ouA$($IFM-!xYE-SGgV^@mFc$MPZA28W z@42V~+M7#bQukKf5gszTUiY`hP?MZ#xn=i|;UQ~jTtJtn=toIbf$A$CsRC73F;A0T zJX9rCuRNb7$|2}(9T#cX<5Hu%^i9Lv8|fuM(PF8n(qb&VM{fxpEI%1!4 zimaghJ)}#ZheYnPV|clcotL=x3om3evaJDegnt(#=2&$ z`r0`uszB?E6>-yZggAAQ{!sPCaaw$&)P^kzYe8(&xK%%*XdT%oUz;x7jjesC#$Z}_ zQ6w;CQt!jAB6VC_upUMy>5zj{o#b_Xi=Y`qZQ><5TWL~bw?OMs`;}tS(y6V@7AFS! z>H-1%I2GsF=!i9#*7azl36wlJLp_;5P%LajGbWB%eU%qs6S)apz49ZksKS7I7qjXL z)}O1LU$Vv69Um#_u^wmQyh85=!x6)GDUE=gX#Zt>tSb8!o;&iu_oG5d(@BAhd&;KwWVVUPiK-bUKXbtU6WHB z9;j^}{$!IdgU1`(au6xnqL!J~%0}#>YY#R(y?zp5?84!+_EJ_kVBFKPLgiUSUvxlu zjmC+`gzD*IdrYgdmY3SsKWwXYtn=fypC~SPG-6_|8NNDPe+FH819vJwy^upFyNkrY zZrs7U8#SWhepiIPE_ik=ouA6@4n1cscw*V}J*vc?k~>=aa%)DG+I_@u^yCnJFyw;4 z-21Ng!EqJ(>zWh{)C)X0XW3_MXLozS!KRwVA)0942Li@|(jHJ=8o1zj@R=6(@Z0I! z8lu-0amtUGI;ueR&h*ytbn3=ZvBNLT@Z1{3tyF|VVIR{Q;kC9uXEh&pyi6mB&jQ77 z{lYhvvLL8h{D?A2Onsb0wLhseOiH!)2*{j3NztdQ8(serRM*J_cNdw6@Q|w1DBtbo zntb{^`erPAOwkrx%DD3%1y!77mc~}(r~>YLS|6(BjFM7CS7uMjd`re=(S0qbms@B~ z`0^;z7>B}Ve3cG9Z*~WZ2Y!X`ocp+&SdkP@!-vXg0T?>lf#a*qlj-Rp*puG~S1&0qOVc#Sv(X*W`24JI~=)>~|pA0;`NwS$;%m9k-~| z1EcSA<8ZZzwxBJ3e2tB|sM;?%_1kKNt}aJUeufDPYeBas?bH`~9D7;Kv(jZpZspgq zD)cdn8a?%Z-A7+Nx1OfhN^HzB@ZRqTW;4dTRH2ICvYH0u?ww6LHtexy%gN)hJXR_C z45hW9iC8@{(=uy+^1u#1omUbcBqYTKra?zLi?(3K$Oxgb3%d$y-yXujC(;5%+Ex76 zz0m^0V6|9c)HljkVH}+^RQ4y1*rSn%t<%KwtIr4vHYE(@)fK^q9ltW~9`(Rx4pyEp zCk+Myer*-dUuJj$cNlTH7EiMz&O!YkC zv#$a9_+XeEw4d7w=XlN`O7@mu!P+$H4CU+*#!<;zudO14QAwARN|V}VSDV(Mi)L6<|kHzU~qL;x5>eD2p9R=!A zJf<{*AQU4JQzG*rt1i!BgWp;6adzjfe?^xQc$X08KYB;rRr({ML=r7f*TdwD$B#EX z%dH{MvMQisk|m^Gr`Ca>g~7A0%P!9Gxb9+OZzuTY(zK(V!pjkLh>w!512M4_zZp;G zF(!kTvk!1NW{o3(_6NLHuc4vGNBXR|pLFWD@oYbHQoj{f+{gPDbFu+XcPEP?O-9-( zR!(bKMi?)uEafYX8^d6EsP&iiPiY?bVeM>6jjc}kn%!!j|A)aN(r&n3TP z8(Lrm`}Y^9ULz_PG=G$=skFLA`9=J=9Xw$th2Oq^k45lv3ANsF^wlCa@yQ|*2BS$= zI}=d`0y(V7v5gfL7?m_tsWA%-PN+IP`$;p4plO@V)!C(D`;{{{AMtjCb6D-00wplq{vO`7Kt|j<7gak{R=wYVL#HX?d)*ZonoYYy>S<_)( z3=jYt>aYjQ22Pi&&T{wiZv;4qsm>tizb&c1&Qa?_r@_X<<6Jt^!ec%hhmIc}bHog*{N);@zKBN+d{J3kwp{|g zC@U^g>ahfU%&bwqjk`-is!W8y1op1nIUNJNmc~S}S-E$#D7>0W4e>l`l0jM4H-ral&d;MM=BstcrQ=<& zW0GK$1=tqW_WX+_g(M?|fBTtz@+G$g_)}vXrtLy!qPXt&+s)K94+ik3Q&QjX9&_e+ z!VPCJJ@A>Zb|<*-8D64rXjT|}B+b7pTqTv?uQ zy06C`=!emCXe$y*C>`3btRM8@kcSyF_@7$6(;wpnwuX^Rw?D=7xj}FL+gBN5kD0j) T594zbw28Ha-TqQDLiGOv!iL^3 literal 0 HcmV?d00001 diff --git a/examples/external-auth/nginx/images/github-auth.png b/examples/external-auth/nginx/images/github-auth.png new file mode 100644 index 0000000000000000000000000000000000000000..3cac4dd675823d67ff5130c2303a8cea0e716641 GIT binary patch literal 16323 zcmch;1z1$y);~TVC>?@;fPe}}h@?ozP|{sPNyj*Vbax{m(j5Xy%uqv@BB8Vh14DyI z4$aW;AH4T_fA@{w@4okWpXblRo_)^RXRo#PT6?eaS^Jz5t)ZqsOh8Kj004*;U&?9$ z0Jm}g0BmJEYz$@7)H(|Qkc?53mDcgX+M4JN#^wP4sw&xIrl06-<4>RpbZP)ylud9;j(B2$Ov)+z!4fSK;N?P>CvtJ#R2Q4(Xcgv=!_ z;MEs@K{4lsc@@M1}ima_1Vm|B#@+bt#<3)k%nVZZqo{o~OFM!dzLd2tz#U_2>&G4x!ZZ z%|7>Bxa0K>vR2Nw`BJ;I)S%S7;*v+=_UHr2)*WY}?POW&D5wpgQFzG-6g?JTc1`=;B`COzq&?Ft=DPur<5Yz*d}TD|4nUVr7CnOa=AiR_)IbF{iu0pC8n zO>co|Z)JG@O%{yGy;EYCITv8@6+k2kVoBe6$Q%w4`v!lTRX^T8&pe#hY ziFCi2**Fwx$FzEh%NJ?V_ueh+u5;H`F@jmCZWc~}=;SnOXWM>1o<3P_Af5B2_FDd> z^GoRtpz(IsB2UaCaHaCJ#VkgaC>`8BGs1k*&K-)bB56jE&IiKu%Go2liyl8I$c}LV zx>Vl+v>x3K4QBorW_MI~#L#jq)njA%7C$6^v~`ZLcs}50#dAKO=-De8d9`k*_KT3% z+3;I{il4x_N1xZMYPI&S*>+ck^iKni5=M58Lz#GbCSR*fC6`v}--X)?g23~~n{gBF z?HpsH3u6hAvQD(dlrp$W$#a`j+`4|n3l>B@$&9$`*hgh9Ym9I=cbsIJPv>?EVf16_$ z85ud1?Qjrjpkv|hf4nnu+S}&qPs(sXxBw`n`KqjXVn~>@HyK;?HS;MY!S^J6cV!?M zjx<@f1vvo$d3Zdn>GyFeVb^iJ1+CbhN?i2!MMvk_eA5hTS}X_>T74T56dY0DH%&xD}8umh9*tYUpiFUy|bB};4z4uZ~oovaR z-zL}alK9$7o#KJa^OL{!)d-NpMTE1WsFNR-WzoN{pw^t@lBH-j~9$70CSc3EFEF| z6?|~ostO-}U+^qVMks!IS$TsdDMx7U<<@GUg1DNe)TrTfSjb(ug3L`1M;jYUe_}l( znP5L11^1WqR3^-9fHH{1;r($LsGMtFhSm9#oI^3y%?uC~6^;GoX5@_`TtBsVWIhi* z{lo?5;>@|1cdz*4-IR-G^qx51-`;z#RC7{mQ6`t)J^SuaOMSsivwQ#QL56~JjI@WE z);B9JzX9V02S;`&o5m0Mhw7@S1RLXK{TRu3kJ9?3|BROdUfCuCgd=j<;m%fDvX*aI zsI*aIk@+d9Z+u~um6fqRmBQ{1+&8c%cW-ke&EFZ+dY?z%zKAxqy(!M1c=333PH;idEAokaaBw+N^CE1n6v z1hoXqx^10xH(JbugTv}eTkDk^s&`|XMyg|XhHzQtSck3Ca{``=@((5|AAlIz(%*$j zGz59^vBJXBlxX>r?yrRmEvZC6MOu5RSYs0nP_JRne+zqSQsu-u?juu=KsYNgh0hUH zH9Tg0<#GEUHWvfh&}U|cKjbm7DG@SJUfFTK4ztXKl)k96PFGPDgJUocgO{3i%&iqcmqp4#U(F(%lFc&3x^H-YnR2h7Zi zF~pnRsa#Z-FC#1jC|gjJs0FQGeKzF+d+y1U{5jI&S>yr+9<% zt43FOSZ33q>Sy|Tb;@Ya2l_o}1Mit&J2_illNklwj@~$G`t5D3Kz%vexGPYD`l@N{ z@371^J5$5ugWVO=QZ{}i&bigtJ96i4`SV*jPN@eqV&iNu+-TX??C$OfjE^zXH_A)Q z@dE#W2myN~q^{DW=HAejROgd85}cbTzuqjtPYpRWGvg?Dr5Uql>=6ht)P84yqUbry zU)xj6=s?Fc<=0Zi=xQ{xEsPES^oO^Xy!Z}oXb^mC9{sFF|2D?*1#AR=*242rK# z*0{FXdFn=g$ATw&wYAj9W{!Eqnxk|u%pvcQgirLrr|c%{fwk*Hu7f^N_*35!O|G>0 zDl4O>RQ!l6X}pJFJFDyK_B0V)=Q!J&@_oPIT^1<+2Y5-3`D?YlbEOh>j4h#kTrI`@ zN#+@t{U2OG+?|w#+K<@%u>mgu$~43B@Xg8jj5!WiTv634M$5c#GT;gCgv0YjS9)mxKUh?U)<&!osTW*g8^Od8#0_6wbg}@0fp~E zyT$Etvg`nPDcQR}?oLjUVU+z1Lb$WwrpOA!FPneU+o>5;NighU4Lgs4Yf`coBT?w9 z&x?!{@4^#{6|s2m@Yfdug)sO!(Tu+L9i=ARt5ZpC zM_>hft%Vz)4Ke%y(&0IcXS&u?JcPU=@74KWJpB>9k_aT#KX@^%n+KO>7j58IIdxT_TTO zP+GRm?<6>360v-yXkHFAAfCT`|B4pAL#4mC9F5t??iO+{jqC?G5aGUh;LXS7Yo&>B zf4hf~vMXruR(0&~J{J`s%SWI<&Z7@zHyt!C-WZqn=BSl2zBf#G`j$8QCpI9cp-_mo z=kWgEsw;~f63+dkex0)51QM3dsH%WBB?QUCK7~oE?_e^tEX_izZ4id%PvJB* z@(4oO9*XIu*f*8ObD(nWrK=63J?V|rM&O1zy2UuUQ6O;JaUg#+ms`Mj>r1`s$}81g zxD0}UBog1`JV65UCn>oO0sy2CSCKVOQ}SgHB@{+1aj;!(-u(< zMkC;I?$fLDorI>Zbjoy@u}6FSwewJf5l48|5$jBCe^-%fX&or^+gLRqa-m&w)2n4U z1<0upggs5mMGb|BZd=?R6*uRW6+C!T`>7Eu#uYRbsNQ`iuT`RbMN?(= zdSTPp6E4R+Zoa4|h)4R=W;`t&9SHYJh?er=usZH}%S^ceUfZcfjH0&LzorzsDKv z7yu@Q<0u$l6y~@DGIYremCi_Wei@_wW{3y3tX^si6)P=esg%==_1>8hp8gF2EV0*L zY!W3-Zk1aW$8yKvn;IEAz@#9&oD84BXJgbwb4a`)7~6Zg{HzZ`{BUnaZu{d(^SgQj zTUDacnj}r0zO?e-pMd9dIc+hmPjBif70Ww6RXQ07MGQd&OgSs0-q?li*Si-KWiC~G zkqy7J&pOnfB>ZC~C_kz6F7iUZcgP2VF6Ncx4LnCRAW+e8TVeckorQlh7L)a*yc8op3erFkl}{w*TrgWgYPJu z9#~FVr<|V&M4hlr7k3aWQ-{(9d{v&t1%_RA^orK%aGvtR3{_CLz=^_qr1`}nxwQ8s1|&hcP!?bu~D9eqq*5UfvawD6VG=y`WT2Wj3qqHMA3N0#-bK3!a@MMOr} zZM}|}F9t^hbVm#g!-J@T-cr3CVv)u{`+N;$CE^1`ej|+U%xTvxH)bK8{~X%|E^lj8vAd z*O_Y*ehz1qk(RtD06(No>~Lt~w@KXfup_{Whb8dX#f zb*pr-&NeE3K_)U>EiWOPlwhEWZ<58mjOV)|ZJR%hw0b{VjHwZw`0mo;`m^=dzaF0X z1lmfJ%sEVq>UgVda*{mb|6rM6UxCmpD~{P;yqHNx2sXAw#D_?T2BPoRB^A({sS47XyeW5sEr(&Mt?MNj~C>1*`(~iMck>MA*ZI4Zl;h=CEynYCNUjk zh<0B52pcoax(sn_N5lj|Y{{pttHp2@BmItNJu^$HwceOe(yjQS)*&ljp}B_=xnm@`ld*OvLrY@$L5((zU1VaW<6*7o^xz(7QK8@^)iaET z?`A|MZo(6P^eg!9JtjBxs`Tok76}njD;;ADIKdi^DMvl;cp<+)u6t6`Hu2&W^X>ci z_dembC7Bs&g}l0JB=Z5R?!tvRTn@(wA#;Pz~#o$)MoQ7(@l&0 zysIwVnA3|3`fi%w)7H!ogH4g1i%Ez6KF%rM*>(OzGk z%@^M&_=R>4-hjW)hDJ(ovP_^22kw7lhLZ(~iPBA^@<)`Co0SzyhVf zK6D(Gia-rRdILUHwZyKtEYkQ@Q{cW0HGi+WmwGkxrTP6M+ZStJ>Y*hcdwiTtdOhf; z>t|O?Ros5V&V;Xg+FagBD0|JmkG7ek<9{mS=Tx!jpNx?I0cQCV8|T;HUo_3UO?~%w zK?X$&aNM70j*kA3%_FvlSWVy9mRQ+$((b}cz8LCk>OA`G@tIV_E};z}M@2%P$%=G2 z`~B#5;l?ya*&C#Pz$@)e}QL9)B}ykQg(JaLh2FBBvHyo2i$l zf|`yB0^e{Kri|`r5znG6-D+#>Xg@B}b~(1>WbfDS5`|x~mA&_naq5fKa7xcT`vJap z+IIWqK70xfoC2HsKS`+K+JHN0OmAMqZx2geXUjrxo!@^zbF`radesT#ej226W1pWK zxq76Tq#8RC&|iQ(zGQhD z;d*UC)aXYxblw)(UY1!AEzA_EHLR3B?1BLV6>YDC1oX~}ZZPWA^h;Q=dVGqr1h!+& zIomC76lUK{6GiMmhyl%1X`sx468rRrh$*$w(50+f13NBkzu|d#ec-VsP2nho)Oy7Y zv5(0Xy}d9zP;mL8s_$nKw_9a`g2ZjUzx|9K88AvT2tRMOUpye2+6CHS@|QHJBICQX35 zv?xZ#0?M~~zA+Wbf$u+f_`>dj5xouQvY?6TI=Lj}v+ZLdCnIAc)}Yjt@(J^%)0jja z#W0@)*wXmjz5)Q6>)%u5aY-9R&5aQSs>NS!Abpd~Um=#N!I*4q4e6V?7z;H?4Tl!r zoc~@&QhnTM5nNS4pi9ea&=^vBM8>C$kI+Hk>uLC^_Ye43H17mRatxDuHbVP-B_Rlg z-aR=)Oy3;tguD9?eDnSl9FsQk)Pl-gp~*F#%#XNRJf`dG>&_?P?8RijVW=E?w=b-W z1ORx&rW?mwFEMj|_Z=BfX}ua8IN5S*023$UmrDskfR68#W%CmY75WtK<}>@Be|_aP zfUOt&8T4uaQi@YNs{@>yP8sgq!3*4n|5hYKwC`Nc!%=}dxmB2fEaaI?^Br-Sw9M~# zw#;^Qb$z6>Eg>GCJ z<6!C$_)U$u^ri`L)8!ANa*T|drhH5-g}??l)8CN)>f~1WhYu#h{adI02=kZh;bbB~ zq^x0yTC@@7VS^*^ry6w+!?Io3izj@9=xu^Xmz{-vf|S{XSII(}tzF%?#5T_*dW2Np zcR&DR0^Ky{?TqH4Zd}8%kfEtNNJ%V-`QO>aTy%xt)4_vKnxc=FbW9M-w+zfx_nJMz z$U;`{C<93E0`VSKqu;%~V=S#mV=BaEp_Zf8aG!={*b60Ow#C zXn>C>gNaArBknn7Z?Rf0HmjkV@+0u7D`<`xPNxeZ1d3}ym=Bh|IT(T89AK}3Fe8<_ zsc#5aZd^A97z5oL08C<`e~#La;ergyld2bW}kS{i2a5^-#+@A)L#Q1pvO z42o&>g%qL??9SD!_p?6zhHi(om;~T zzB4uC5^(SDWZ{l>GejDwHmlbo^`JZ-JPL27GU=Zh&q)MLSLCb=h7->ga-Hz-J^=w5i^^JBirw1& z;YSW)7I^iPL&U_(tXb9K2Z~AWoLEc8?6c-(&bDiOg#(uz)JkoKvO9Njvj^tbe<33k zU%ktr30>c?+B*0CJOCwsVNHvU6zT*KI+L8F~c=iJ7%eyum-W3LI4gl z%9b?_rnE*~M`O;K4H~v9+phb~?fg|e2j6K-U?Ik_#<9SMh(e7%cpp5Mj+$C&$}&1) z!qj+IddErVH|J%iUApMvGjCE#@{)ci+J=GvzXtg+?aD(#c4>={R@8u0nl zOvTp-s(=iqpJ62T)V9_Og^?^8T7zCm-z+$sxeOUQ8Nx@Gx#oPbcS4f8NO7Cy(iaqC zik;?~-q2I=Y4&_z4f26P)I4~I+kN(z__$)gU7?q`p)dNb2S<;(lZ5eCI^UwKstzLOHn7bFAUCw}oIMtPmd}nDPptUx+6$2>B$wjJ|XMZ2=Z}rR)B?^Q`RQWLp38@9?w9NX$_FzQ81Z ziG|g#Cw!}3C?g0aXr+W^$e27Qde$fypb;>jF7-_WI-b(EN@}oa$j z?(!v0OtCsjxk4w8`wSdc?#`K&gR?DIaxM_#?Gg%p@IrhUX{y17^=ljl5MAhI`)*8# z+4D^$fs7M#CBxRM02lmx?!6ngP0p}rD&ggHnqBa_MO~zqfutl@o5DA% z|7Q6Rgd3mN4#6OqjQC=eP#09~ZxGujy(vwTi8ovs+?@e(nhtC_nJA@~?pqZv?U;BS z8Lyfn!M^UF#okfkJxBH)ibGv0_uqTo(-Ra?lM$4w@@=fwYIU30YWG2{-bbAA1+~A~ zzLR+ede3Wftl2rVEW@c`6V+S`oXM?xC_Z#L&Ae=7^8@`B!bc&gJE0q3Ttk zGUGZ-k(RwFk12H;c)bnbKK)gA_rhT@}QGFGf* zFOdL8SBPR>jS!M1g-&tmReiOe(3w;*u2!?;;S;(SzpC_}KhamkRhJd1R-psAghx?F z*@dbUZ=Mz%W*fN%?s~i=7-zxu$Ti~53hqt97Ar?lHgRpOT+l+fzW4VqYenxTg5TX} z4x%JzLi?VRQCSMLDz3Zf>8ItoE`ISDrZCL~9?=3;jEAw3D_VCytkPt0AU2lqIA*cY zeZn5DHUwC(oXJoW?}@bf)8sBqW7?_mJH2SXPD3Garlk&1ArJd+HhNsma{^bCK}$%2 zN2R^lM9f1Wjhm%p3_>3S2pS2t#9z;fEl)@i-rJ>IV??J=Ay502aR2Xu6FOc+RH&UKA|?>7vq zR5c7_a+SY5N{F{{8Wq@*R0AKjDrm>+t#0bQpsJiJ+-vD1Qn-z#K5t%`aa3$M*fec< zyfsL2^}ythHEy_GQa9BHbbiuu)+qNwC^-uj0HDQL;u;gFMaMbF!zQWHg8(QP!?wUd>7mEc;({Gx-{JqI8Yqk2-qdeL{HRE`m(#Be+J2X^X z8Z`399Sy;;cRh)vaT`a}05U%T>Ki$=5oUgm$l=YY4Ws`7gqf6M@XtTM*nb3Je^AyR zF!tYII&|^hu-yopq8Z%`r3<=)a9;zjCU#bm1g<&E8d=6ykJiZrvdBX`{&}A8$FF^e3vyB-59(o z-FHaE{+yc0f!~!O;mMX7q9(E4b%23c1z`DhSxA=5UUTZPWICbAk9-t#-eHHqqkrLTOg;VwxBm^l-+=TJroXWJ4M@j; zNbG-L_x~a24mR>H+=pA{m6T}{X_Sw8e^ETPOh(0YSx*0`VP^|zoK8hMS#h; zyW&=p-rI}?sa}WGg6`$*tkm?Ar?#voJftb5EiX%3@lDBX1^AaQ-LidKx^(uVG^&Po z*sfnfiCZt_bXgaYvLhUOHoy%x%+KNzP5CZX1peCe^S9_v+myU+_^Bg26|t3U&7PDK zThBjy3KngW*Ly^r#;JGIYTDn%KGejvDcNG3a6Gi=ER>B9p^s1d@c|&^dEphcyJV7% zU>bh-n*ZRfpTZYyPB~eR(?C;QhFbu_ z5>sy?yB3{I&mHJVdXKV511z4R*bTgL^*kX|Yb`(2d-9ZEkEoB2!VAi-c$1_0vZ?~^ zY5Ep4kJl;@kTDrL^@OkBX`X{Y#;`zM<#iu#gvz+{oxQWEx z$~xW${Bm*ZHz-ds_#LQR`t!2Xq??)X>*jclE{w-}x4I0P5Ab8Kl7u!W-U7US2NeQv ziPqZe%a(HmPj4whE;wX05At9$62*bNFl z@Odsed5K1m;|6>>mM92Luwl1urF$$qbnW&A5AaZ$u`5jaceqO<-d(ZlM3kMI1HraJ zq*>=u2lf6JEWD%qCqk4qz!Z9>PHRFr!XG{red^=3V)z-q=mJMZmU6T_@WiAp+FA(- zq}CJXtGi!jf`s+-tX7cVI~t!3<_YGDq@@6bda2~NgmL|Pfh9OEFM=7?Z}GH;59YrW znM!Jx51q7Xto&Gxoj_p!-Dy#$aYTN|L^VM5oTf)W=K=sdS&r!)4Xko7>}FSg*fQdF_n%Y&Mi6*lspWT2gGBsl)!gH`Rq&(J|O8$ z>-MhfTJ$34v&J&`$hgAjLKD8-Kaq}Z#5yxAWOqcb2{vT=NRJ-EMi<}%p)W5&DF9!} zvTD@4zox7(1YO10EK@huEK=f8%%2_#zR0OcrJ!>?3bty{OhUTKdQ1sL9X)c(HzJUV zZOO0=t`dH>8o=@-=wN{rJ8Gz=0}l&3xi6JGQ}HeN+s-VWhPOWC$Q2VZruEXEg>EKo z{|}T*b*XPvVyN2XMvZ<^0JzI4DJW9wkLQmm*?NB<`-NsJ#>l1>J0+84B$w5*DY%tK z7!?55B7Uao#~u218^u3Cg~SIN4Nc{zBxe@IquuZJw8iOvXwazRg6#X*9VyTRdTk(x zK&o!mJ;{mK7BYO{>(F2mkT=-q;vG^z46l1|LrAK_@I8Vr=+z|nHlE`J2I_o!Z>?Xx6xj3hE`5i%2{f0<4%kVXg#|M;9=1Rczv zq>Fh<)Wv93t4|2y67oT1Upqg1;u|}px6*(U#K1jB%D6Iis1=o~%u?$2b=KfXNg+Q~ zw^)>B@;wmy$aj@tYwQHSr=mO@mJghm?m}{Kw0Fn?uFhw4{mV~=7)!n@3JaDh-kQ#^ zM{e{c_*jRZN9m&CRc%wn%Jf^wuczJdqQsK?D6z1B_yy+UpDxIjw$CU5>2|AJSqJt> z`LM%CzX`%YWoIG!A#eu=Nu*3G7MZEh>}Vc7;MX+=yHtpaO_`IqGn=y7=Y)F%%D1It z-;?7xxM@pcO|HRFUMj9xOW&acFBW0lVlc=t9g&F|{vJu^o;JQb7C%~B6o7zb)I0;RqmD-Y zlB12=`#TIO8i#^!tCxR}hp)1E1>5>P(U58ZuN4gTdpm=f)pUlR42<9E&qn#Rr+zzP zglayFRN*6dyro0>jO`bjbMOPdlFvM1romWO_W5t2&^?OzgL zvl;mJ(usMY@gFBQ#D7J2001mt1pHOJDlu5(ualelUlWL0F%thOup`ViYc}zn2BLDP}M8-ymT2X?HOK{wl2#7%=tM$xZz)2uREhGDhNGB?#ejW6%FN!58Bv zjKsgnF6fVe|L27Ne_ea|f86@7JW1B#F7*XKbPH>wBc_=BfExcmV^U^8ts4vAg`)c> zhYAw?Ta)X*nSM-N{~H5h0iym5cmLlf1d{guOd`xnzW>^T9k>25QKZuUjR}hl*d6*O z_I-Q*i`k3m%J=_TTK{FO{TD*eUt!{Z5*hv*=lwmHpxSS}z5_5dD!nsF0%%2R|I;E) zT>jq$6P*8hr28+S4@1EEHx}3YSS2V)rig-7w!3 z{gsE!j$v$ZlkTnM{y!hr{HN><<7SZ}Os|_KIYCeeHs&BVJNs93KnDy%P1i-RDo_+F zjt#q^PEVUKj2Ft?A$&(DXj^kLElFgh3Fe))j;5whH*#yh@AL6TC!ng0tY(r^a93AX z>n8vJ)1Gi8^zwAs2&1bR4D96OG{1&iUS5_oIlsKVi;=#AlwHp<@%8jX%)xDKZQ;-( zQ5*okW)hD7lhh6Mil?!)^(SU%euGfe3RXk2Eo4?!mJK2|H}`jRQBhH7XlP|67bd}# zN;ApAQH}bWx;6+_i#&Ifml)I?)!i*u3tnAa?N`IR@wikw1^@OFgkZJ4$ziX72r9X~ z3a~By?6Z3krkWA=pQ^OtO?) zrc^&R3lf^^A{ZDL&^~S9;o&uyw^9>NR6S_=|@3Gktv{H@# zSJCHJBVxj-3TdgSN*E<&m-z9KVuGm{ArtX@0xk8I0y4SNQ&WbfrU8C_7%s2AC*}O% zQ+LGHb>31haRhH^X{oPICB<}4ud%YdVIZ=91VY63E?-y*(5@6se1aMOHZe2XIr3ov z08|WX`1dk!AP-KJYFLfm!_*VvF1L||Y{=4f+V^jX>IDnu}iq5Q}S(bSCKht{1 ze!xjdN#RgPp6uH3xv#G;9UUDfC+GdXLE8W@#)4+attwWm&ndFM4Slt}dziu-hKA;- zu%7lF9l1+j=2OQc{FW*{kSAuD)Zf#yp|V8FexUEACUZy-;2`KlHKH3pwR>s00JwN_ z)r`LG_Bh;c6nYzXAm+PM2?v4MSyr>PVt6CST91dCmW3+d=j~3@_0V!&d2nTNk`}>3 zq1Ct5)`o1wVPtRje1UjvC98+&+l&pIk~f$Lu%PUyzs;DiF5Jc%Hsbq*h62b|{CJnf zGTZfGSh5y-Fbc={Im<_PJ zI$s6{%ErX7$#EnxYnglq-74kHus+xU?6h>YVg>NQptrKCDEu-Lz)pw|-97^2Mb4

k<+Pw0DAhXGmV}{K6N}oApMv}0M)Pf?oaRi=V9kJ)Bc)siYWB0sT}`rZ z^Z7tq6&>EuL^+PlmY_m5s$D?M7iS0JiY`4YYWOoZ`;H~z# zS&clWWGyB3;^bz!?<}{C3TOk|ztC=IRG4!EC)lE_MvfM4rPD` zR6r`LrJ{O4%f;Ma;R!xqIzLoAM=ejKaTKmXUiO|#JIt#Fg~0Pu`CaGl>l<3X?wsXD zh|zMOc<1`zjgsuR4M9&+!)q1m)>Q}{;sWDA66BlIczXu@cm*ODhBWkuC8ULgkvh51 zRLOJT2QGahyZ%MNbwTVG_o;vXC|v8^`kNgK*+vPI%%}RMm_b8z`GTen(hv}nb48^B z-cjR(0^T-=;u*zshIW{&(F7h5#20zCC^$+ri|*`ho1M!-^7vG_fOQrQ%M>W8%T_wHPWQ@9(~M z&U@$dubD3Cs_K$ny=q0NC`n_W5~0Gtz+lMAd{Tpfc~c4l1IK_22c0QlIwypINqUz3 zB&OjFd%Pf7_l6xCUUl^qWLc7uvG{_1*ke5`c#o-a6wC4bi&=-nx6TMsC|&N#S|8;U z`x^b4?%R!uI73$g=p-hHUni@J3Z(g3ZMEeH3j_0oJ(s)kAqe-+{KwnV;zQ3jFfc&? z*D@MUmUVS>9I#`jUva4+baFk|kUl;Iq4FmXH=_fy)-Nm6aFqng&@pKg6Q^h*4n9wl3z=hI_oxM zNxQrU-B>Uv7P`rSPHT_5FAo$dQdQpXe>kgOSD{oOK| zXxUx{(is zeJo*;{iJ7S_GHrh;E|wi;h$bPM>$2xErd}@<6Kc+G3H^Kea z;^u39n%wn`U2%tA=0IMxv%B;DIwscdxZj}yLymL8Y>)K_!!EJsPe>n-{o@(ET|WNw z@Zvi?<#9bct)BYYR%kK zr;hP^qBvV45s?p+q1fWcwVX*wN!Z%^c1pLB94p#v$$%b*bPAHFPk7_{Bjl=N#I639 zh?KOLa#NLZC{T(JNp_0r$$5v{@i_?kEj~vjZ-zp6pNZ~u@-cwq*4E2$6;D#tDjgRi z8oM|$WK6g8?;<^iF3=?^ByaJXQUHr9a#UZD!^G><+5+wLiHP;|Gd+kyO;n=CF|Lp2 zktsv*KFB{jK?0vsB8Rk6-R-5t#h93b9gdXGAD^LIj&`-0a(EIRQNyokn%^c2eeTJp zt|-2LGo}zP(&7ccE&i7o))_=nx6X|^6k83{?fyD}D!A}~3lb*p$A8FNkrTVcM?X@u z|3DCf00*n8CU=Rne`;-KUpnuA8!jg1+1OnBFQqZ)_O;R&9ZK3^#QK+X;V-FL6#z^U zC&kOdGx%xoflnZl(&Bq77Hsw6w z$DK6D^PkZJw>_3O_Qn7tmy!6}OwP$=Lv_RAWhV5`bz{}G;!v|$XCk_UfyGU?^x0Pc z!({&v6Ek9dZZ2H9GQL%uEAZ)}IR;Q;*y4Qsbk7Jwyf7e^-HX7}GS4uPEBISOlULco z!a`C~Qdf7;@2um^k6=TRnFJ2#3ZGmolNtZI3!db^5{EzTW?WJf>9K2zL=6 zrJIWV=HTGy-kzO;v>Ud(;Vwx2j>s6v7ai&|x!9FN1h0&RFa9q}>vfMO5Oe8l^y)yIGAk74~F!-$yT)3auF#4L4NS2;xYx z7c&l)4jFVwEWAK2E>Gi8yy{e^SMt;FCmcr zvm?=sjWJ0-0uNLKNzm|`k7RS4feGQV-&rT?Z@=C>ES{RcAhlVKHH<`Y$8?}(*ukcGUXPvj(w9-=H-$d0J<)rP#178Z?#IkhD=kl$4 zv9Pj5JYFt`Aa}kr)*vi__rqAZ6fZl^{LhkduZpZhE;G)nnpgf@Bm{yca)s^yaM%Q& zB9qbRW$`kjM}0Gle@2@~^N_u-$Uu$PQmBcUELX2aFpOyl2l3D9h_f4RFC|v(ZGu7( zmwg$^mdAQL83@iQ#w3fsasBF{uIJIk(NBBJ|2Vba%TcB;G+~<)MjstD@@x5GYAWo$ zH8+UW;1+Om`feRy;Rqe4LtkqbaJ%vEP$N&qz=5`M#$|wxSb;6@ZReR{3YI;?`KpzmMbLioME$#x$(z@2?8ul)I|9Rq=jGui3sO?Oo>WIj zVpSw{OCvjeA2Z!?t%Hw}S%4)0KWfC%64icWZ>j(p<`!&zd!$#@m?#*A%BbTbgqe7m zZXyrFhR7)6E}L}T>iU#K=deYwO^}(-s(0=QolSYvXNaIkMk1p z0rfGZT)}rt-+wfEd3%4Xdv(1%{juo9S7*C!{Cagua9gRM_UjiSbxqlG3Lk%}@~Dff z+|PHTV+^)rblTjUdUM?^)UvXYz@@qMv}w6ET|Up>(W#?Hva->%+u%(uVs7mNWjSvb z_OHp0G*;{!hR5fLuI-w2+=FV=r_TdmTe>q2joZ;V*i3khSIYk1cTK|su88Ls@3XS|2 zz{_||z@kq_Jr?()MsQ8g0^N-TF&TWSZ_j88C#I&tcdkYsM@M2FB-$ImXJnxh8|61s zYp$2$JFa{TyWPQWkVOeYK6~QG+ctf?N>G@KB;Wkec8AuUmnNx_l{p;jia=LlI-^mG zVX9fLTUDDfcF(-W^+}9NP|rM!S}09(b0Jbc)MT){te6_z)|X)ac=150H2arDZ;><^|bOXWVFP;EKPD_z7PSQRV7Ka`*6pyi8;phjWZF!ClFz zQ~0$fiemkZ4@fl6nii5h+Vr@YDbk>t{74z&0o|%jy5mi!mMOlqjD>`QkzZ>g8V8eN z&D!ga6~GtMvwWA{tlj^FL?h?^O-FGwk{l^u zODHLuiUugMuqpcVHMMe!Q5+IA+;()U$R9l=IVBsgYcIqpIUh}FiW8}?g``O^o(gyE-`)LO*)DGVyZL3q}vr6gO(eKnk zi(TF5&mD0=W+A2A;eC+P!fsx8ZZ>!Q7zb~r4}z-fi~R0OG)(Vl#o=#PW6SBvL+mBP z#0I|rDD^HZZ*v%A$0~u3TQq)2)du1M(UTG z*U?PcOn=w8Ei3{BJsXx7&k-cB2-|z6pW2}HZhX8`cwOFW$0!37#qNoLULPSq9UVHQk69+erl9s)|62h!H#f0{A94sM5NH&rvg-y;+VukVGyd?aq`GPli9M#s<~mV4~Uz+(o0`m1~J=GE&5e%QH=F zT@ALU(vtPhX!YZBU+5mE3YO_NkkpzI0)CsbJgYn)BcU=pLf+gZX-cWY&-#vS-^-Y%;S%}zq}dTzrh(m zBU>lm{wG*f5*S=;bk1=ao0XSG&gvLlBlP{FaD$iAq^i?m-A?#XjmYcMWlh)35^SH2 zBi|zIMGq4Fo#SHN2jhM&eB@#GfA^^oY&LG(qyFk-?_QhpN&@XHD0kT4Xnna+UmNR^_|MNn( z1{$=59Gz2i}Frfd|@f(P4{R+ z5tk)k;z5}NaAm!%ZaGk~1HgxVmm^W}6Z{5rFJ19;IpI};Uw43*sH$+;) z5E2$9V|ovn5o;*e)NNl(Wl**LT>g$PJ}@$(vTeH1n5@duhL5CaZP>IMQoh~N8gKA^2-^-NR9+rm zs!CVEm(7>EB9AR?tYN9RNkChV!CYUnYOC=>G`ya`iJ+EiABWC;%%`Z9`H0*#@vD=!uyeqGe6`EkLc@<%sQnycy zltpcFI1}$x=|5$IB+MHx!pdS$R@y)p;CsH`jORigb&i;XPrf7ngjUbVM@&k1=!v2j z1FL%p69Wrwd0X^sx)%=Pz1bF2l*YoqQm)RjIPu z9aevva~+E#6xg?B4TKpyb~#(EEo>g_!TMU{m1IprgT6Xf15Tvw1t0$&U>r{|j-sMa zf*Aeb#5DRO(C+FKG1qr|J27*Yc{zMjYc4mmJWp0|DnFfh4+%K7T?{^+cBTn4yz4ck zO!gIdD!@XhNZMPHg5@xrIHSppLBl1SPS2Tr43AKndo~I_BjGc_$aqTpSFx{#Oa!pi z-P)q|8hvl{ukaV3Caybs%-zG#x4QoI1h$k(cvT0J;8NE_V3 z61r099%wx6g&*Xyw7Q<^iwKWEJbDpV?!EUXDfxc&t&jChS zWh`HauNq&wQfc56KJv$UuzB(1Qc+Qzo}AFP_@3dL;#-^~FJs9=#^yR1qPgGAA6@_X zrr;5L$RQ%kA1w=$|5-P}otM?~uehIO{ton_4q^5`NdkNJGuM06+^+H6UR^b`Ha@dR zUWwS@n~KBie|d4|@WO!J*OZsz8RWRFJ?5o=Z)_rtr!6t_4vp{!3a27?36~dEqL~q) zcMCB2O!82++F=XI#WkyI1@Bz!)_Oip?`5`WOV&1pdV728Ko(;EgGz_`FKWrv^G4+I z-n!k9(Ox$A^5rGKp>wte@RuFMgxg=7y=-QGNWB*=U35PTUieY3e-vM6-H2neo})dA zib{}xE%G)DU(XLL0saJZJV`#gTX&Uv5uS_!A{(MRl!OuGc}!c#H~$r4@yYf{%!t0{ z2v#U>WMEjuAMQ|RzkR=U&;9V4+kh^J@`&yy7Ru1J>Z(SlI_t2yb`|BnYwgDDS`8Qs zI&YgdDkLD5CzC7Ys_veczJSbJa^(^n-TisT*r}bVw9%c1ASmNx_ULzJ3dod}4LVGC z)g$x3DpG!4UA%{`n_oSA&C4fJTO3p|<>glquKvzYbh*s7YBQ$PCSF@ zN2`7F+YkCMFx`Ynd?5Vl5$!X7zmxp)lS%1_^$#K$hEH!h;$$@*r;ay>^6@HBz6Y}bI#m4an3xdwy_lICa#Q7u1Au*WxfsGLTDnYR| zpvV{aw(*QJ?4OlyhWEm1{>;!koX4MQwlDy5+#rhrU67`#@C;YSz z`(|JyTmZck8ym3Zc2*E?qiU+TXtN6PJA~VQ9&nrJL>CbhyhT-Mq8PhH2GMt?b!!_v zdZHg9{DB_*1U$~U(cdiIhKlSw4T-#5xGGWL)O|5f7VmU3_~Ne&0KGm7Gl_IO3v5t5 z_4I65|3=A{R_3~ny6HRpC8khgFOUYl+pZ56$Oqloo_S1m@myYm$-%5Ga<_3VCr8Vy zKc2sCcb>H)x!j&#ZLc@B@16BQmeY@(EFoy|N7)^hPtR-zIfExw0$H{ak0wJ`TlVj~ zuwIOs+Y3KC{js$;X=`Z@yyKK7Y0!hs2|Ljeh(+7&?W|D8<&;NijTKUCscYbVFm`{g zs;Ecv+&c#(wwyG7+n(grl(nPTYGER&)kq`?a4Dm7j3|1hw#K zF({Av6E84c`XE@{2c;on`PU8ooSeSp~m1U?tXN@}^#nz>5-7f9L~+ zJVCtnayilWF+Hcpa@E*hgtjEmg^eUZr;yBQ}cSrQjda;POEL@k3ZWDl{UIS(e zk6MG~iW%45);xN{nkPUmv4HOow*I=Ng=1*G2IWO0q*`1{8H$*Mzi@KHjvEgl{o=zfniBZKM%?!>Lxo{pF2=H|*fgvqYIy}8Ci;1Z^M zq`Icsg)8cv@H3_&p{P&H4)t|l=?8yD2EQ7%UjvI@Z)(=@pL$@kU+D4#{XowvfIRb8 zN5}STb>4}<)#4ktiv55|46CA)3u&IRsj&iL)VTeP|hH;aOz0T3ArKlKH15t;sOY&BvM1La$&C~C zZb~vs>$PfB^9@u1mKbJ=UFqNJoejozNbwYYBl%ifD8I-cJ}!s2EEQ&uqLLZ|!LAh& z;D$-= z%F=Nju^Nq$<#HWy#h)`OmF7?P_XR}`^A@wwL$6jn)aub(@eaAAI%SFuRb1A>L#L|z zvYfr_1C%diZ)Y=lJ_NQDthUKSr=K)rf3N>EjuM0KIU{#r{^$$`AC(S|WQ7gFmxOgj z03k$cPRv00W--Icg{3fG&|rp-`&{zF1cbY7ayI){YYaFOslhNi@L`u!KF};+FyCiw zXdWSafa>Vi{yOoQ!P90^43?MMKu_*D6{Uyk_wSTnwT9WmjC;BQFuJ_a+g7jg>$&*Y z=>?U0yliYuU2WW}diUgEz{_1!ts689#zp$ zHyJ=ruvtUYk7K(v1@7I=?{;V+Y_(lPs+*t^Fb$$E5biZ5cKzgCwRPia$GLwb_5>J_#basS$^dw zTuwJWZX^Ud4MqI9WHmKC8c4j=3&nwdFT#tV4e@>Ks~viEHFL*rBz^s@DR zIK0FRI=kwh$!?-lxahAKEmLl*Z)O+rND(J8vYni?FSAKp=-pbD)Koh%jVsi}hWUAV8(%E}y#u!6mC$h_ zyAREBsGT)s*H0^>)tscvi&8(J;UltZ79T7{t2lV$T(WM$j%|c99i?ifeH=mN7R7kN zG)l?rp^T;%OO1YLb}+0==EIl8_`Zq+b{Q>2bv;|QwzhH2IHH~-I)TRt#kVHBX6Q1~ zoYQB&_0nP#ETBSmC6jy5R|=6*>_^Su~^e)R(Q_AZ{W}i!^e-K)@-ELZXF-UEMV+U+eR_NRQ?_iiuZLKU8nwW zWm$?*)}dk_Lz98?Qlowfnd}HtK9#Gl)S{c$>AoQPnOwc>8*dc@a@i2Ct@vsi?w~OJ za8W7RerUyvTctXe(Y}iNX0GqMS5xDo#BWJv-SZWlmB{u$VWOH(fCYJRv7xDpVWf;k zs|ppdD;)wwnX>ANSq`)6Ncy9hPaP@nv+$p{_h==!3aF-Mtb=jz8Hbw*{GwqDn>1=e znqv>7C3;1i@kT-@=rC&5<5^tq(;DG{W+M!xbCsI;9PXLN`WBab-=%!x4v=hF#Y9 zkn2&fb#MG>?s~@fvWo)vIO#z;UC{kbcjacj>jl3X|D3xWTm`MgB8Fn??F=<>%AHoR z{x}i^K!lkX*SCkHS^hCSw_Q&OkT(Z6&x)@T5G=+7doKrCte7jCTuS4;#)}lVew3MZ zI$<7u`n%}RcLs1FKPQCpB=Bg!x_SBntbUtATw zK7#Mzx$`>jMJpFyM{?I-2jd7?$gjUf*hVUJo)&UjM%Y2$=`9+VBRKlciz!Q$Y1B(R zNM}4rl#!P%$*>ifSi+fGI@)*~9KxsBm=FuKGZhtFx@x9pS+4W7|7dtf3_erPv-Q9a z_PJS;KV5|C@dLwHkiJ9me22rs!oaGVga9;ft+xrXXRiN#*5u8S{%J54*S zMxj=s$M{&@;TJQrVNULGBP$b{w)bTPeE_ZS-kRqPFp!!S@x6y(3W6tf7D^y-sdGuN zJA49O@3-UkpVo&p6>CP}n%Ur3QTZtNW)ZaFnrUY}6t@-USLx8eU*(VA@=|MwYG_m; zO5e%!shUw$cqmray&rxGbdlG_hjo!On;6J8*N=BMs$rhQ3T%F@9{sdwjb5ucr6 zYne4Ar@4#A1bSnnuNjI*7kfOoV>{o0Mrk9W2BNjibH6=O^8Xnw8bF;!%En@LTI+z_ zb4-l~Km8evL?bbuE+E8v84v>No{zu8A_TGaTcRTX4HgkSg7ynumX;o5MEOEsNM0L? z?cXEg5qBzvEY%hVrN^+!9SiW>?Un&vqleYp)zm;oXI!2bPky^d5iY1;!D-m1w+Z5; z>9_2!UN{sS(xKaAgQJGN9We*1^F*HyhJO8A_w#4nco*dsg)o}woCSf$Hc0eE28(pv z4S&b-QhEboAM|>LyLPC`0Vk;4fpwb=h#l^>31Ga~>bsuYO1Q z#T9U}Ia0up*I1WvfD2BK#Z$VgwGoDG2R>0|oSng9>!t*<9xYTbB?7j*77qr^2|%=I z;=-Rs)p6D3@ebK?DCe7dsb}Wf@O}p!WE>)w)mPYDpN{$^p(~zL%Gygo)b%EC?U6b2 z`+GKe;27Ih>Th7(IFwnvpyziH>62WEo#Bcs|L$?!V1JB;kmGp=cWkYnja!FQzP=B? zNihQ>)pgH{6Mo(~)P7Tw{y~o@Z!{KXU>OS9W~}PYNJ0Sms?i8fs~;E&)MZN6*I?T_Y7}@m{cFYyW6Y z<@;NHfD8P)wvA8?U0l3dwPJ0en2ox(SK|}e7S`n|c8e}dj9L@kMQTQMg=|;x!m%f= z^sE-!l91mYRN-%(2^ZW~zXciB;#lo>QE5olj(oy4UnO>*zVAGg%Fz8CBb4h{bWl4_ zhkKW(7{2;P*4Q?ht`19@S$@Of8xH>9^1E3JsvwrBh~*CSMZiku{mNO_D_I#JIwy<} z2oLPm4(c-@7NEEbN#jR=9H(NcTwZJqK>{96Y=T+w9@D!40!m+d1^{8EDtCMEkY6ue z=%7`v?aU9MLV@#RAx<|f5e0cQ^>GyYX99?Y?}N^A=IM9X><1VMgIKxhWP0$=w6Jwr zd9S9&1^M$3@4iv@pjp}N^lVBR;CsbT5XcquJU>D zgpGJD_sA=GZ-5v^f?wl~(W_jE)??uLT0KNRJXeV3Kd%$_QqoxdR&68FSkKo*2NSc} zv|thZmjB|;yQo<<{+{=oYs*L~wST2$4YQAy&9OzaGnH~P>EorfEK_TCT#q7%G!I;& z@y%VYH}MSwHFa1YKStC1{V!2v?q-lP#a&5)nrdRJj449rHJ>TAuk$eQC6WjWVXmcHJL*uKGX=x9oKp)knjsO2jA~zfv6B3a}mxF%n_i^eB+MCDnAMr zKiv#POCtdv@)Lwtfo7!=P4Cw`BlO9XhxQIOSFkX_@S5-P?0%p02hpF@II@v2!9(7; z%UW&=b?@KztP9AmkEV@#Tu$M<4`!{UfVKPdkbni=Ye7pb;&hi>eH?tVyQhV-GK2tZ zH2*Mu30&|0#1>Vtjn)ILXW6!??1El(B;0p!<5Tg5u`W* z7tj4%xV4N3IXkvR1f{)05jmS|jP6c@1Jx^!VDc~5B@Ao5$r${I305TlT}~!_pIE3; z`@$Gp^Mc#0ot&blXrlH;wMr|SHoUgG*)-yL!WcX=TsnVU*@#K`xjDS$YHnrcqWNI1qXQ=11h4DXS|Jf6HePQ~R3L}~aNYhAZ&IE=NLe3tqio zNjQ}y+#~vCAr@<;lI~yf`0q>!xfYX@%I5AHnGbulW5#mNek;ba<81j`u~+lQZ*9Ur zf(tP5wwAHLc!#0~i_8iN{W?|#HR?F*NJ2hEZ@N@w6-&9_Igt7JW~}s43!+8fH@k?k?{L_T+RJbJ zd`Ep~jK4^IITN)Vt`qQ&v#0`sLPzXvca7en4#xE0iVE>4#~eCSO(9*_Pu80^&?$W` zO*5AnqVJ|CDS?mnA&mUd@*U|UWLb)t3<)oj+pi>pwS4IMXg z+nGgm@BBk_mtcSAtXTyA>I@2hm!$Z@i}ogtQ`^t#^Z5Z#>6>g+sJD6|7%dy4k2`6} z*fwmMpaRBpe5KCYT(Y;{D(_wmocO)+0#+sgZzpD0n_=squT81o`ggs!h|$4|onz5G z&FTIV$DWpfcYWl}0`(!x0UP)m?_q$w2F4{RIXOZQpDXXLc}9Ua(YFuU+fi*Pbewqx~%c*)6c3U~T-9b_^xa_*(S@g~oIeLKJR_2~43 z__DI=lFZ>khD7}r(%rYoO&$|n<7_^35G_s33g@vi+a0RYJ1*8sd`tP|n@hi5CZ|Y> zlwr7;!0HQb+a$qkKr?DC0+!=^7jF*(a24c8d>bmO<<&J28^8SY|u8a);1pDm~tI0!MX3|oA|k8&D%E^(-$NXMb}&i;xWr3i3h$s zyg1CMw)&`N$)^ushx|EP8Q4Z+x@m{|CaPo(_CgjBT#O;7){>t`TyIdnt($H5jw9N& z!qET3G}o!w$twS;`D1wWmy(6b#BA%^{e2HEPlGCMK}gvfy6JqZT2Qd*`w%A=KxVee zcH69Nb0&X70*L{eQH#_MYH>h*{CuURE?OJldky(Vx-UC=Ox2+qI7@O28y#HtSj0ad zPtIE#q{`aYDUyBRIG)ToDdHcNT8-A3wcgq)PPkS2hBX8Bc4-3$N@a))hE*gv0-Cr< zz*9Z*PCo+Z+jfvHCI#AL_E!}W?xR?KYUwkm73;yzISVO9q<1g_w1~58P4B8|B*xbtsJl-Z)qEq2)8)4p5vAL{qQD zyHmCcJDmtbe?7d@Pa~j@xwv@$N~(E$`l^v|cKTsgZerjr1b(oX*v8u9mEIeq+f^hl z#LXha)kes9v?4;(LY(*7?Q!XW0_fU<17+c@XD!yejLd9rZ_kV!rcx?ED*#s*dB+R^ zO}YY{-BJbTa{(qN@yb#T^S0ravPDMDp^kd_QM9Dajt_l9N8Snh%1@IZ@v&hI^%RT65v2Kl$g&)kfuemcpjK@n`1cXvOhbUiMBk+xkK|+ zmVjmpGtgp2*7H8_w3V1X8Mh{6qL7fhx#f{Yi&7c1@2Vt${O96iPVpQ#pw-Okma0z?xe(zv_Hd!8}+oXOo$%!0Y(ENP(#yZkwp51M-KrJwMld zN7Y90Zk9{Yo|8CVhvBG)iJJ5{*^#8>rifiz(~9+Q{H-Y-QR~X{KSbz&MQe{gF=*9& zHP6ytH2IMBT1&*L|-q1^xf+(1(^rR zC{%8Pstv*6@rf4MOzlr)(PWU914Uk<;2ITCV=;9F34@bw0=}ixC7-gGjccx5otpe` zPBG_LLw2$64vhj*$=Y-5q@^l(R)XX*%KN=Ol^rT(-IN#V`|UF)$lKs^^0gs+df+3Z zGs^#=P5#mB;9XC*_AdIb?q)Hp_zQ$L#G)@(-$nc<5HQ&g>V7H3IuU?^@sS*N{9MnO zO(FI7Ndtkx=K+3NG+Ad2lGG8@fek3r7`7TA%zHC1DQOsgMQ?bOx{mktp_luRPzfh__igr4C$VwT_aH3Z;?wIh5(;K9~TT$ z+O~bV5rqGCnw$TOU0CrevpdZ>cE4C?6q+F}XjcN_)?)-R6}hs;1@Ee>s^V}|*@kvz zdTzI8DNHck0o_2b?qXaj5+iA zyz>N3Yn}d=rw>L?!9Bbj6A72?<1JB^83u|x>)Brr?|!Rse#xjnlkX)V`7Pc6Y+T0# zCvum!?#~~y%@ojR%U}7w+RN`}*c+-z*)lw`hd{P@?+K}G4%iAgLt@SYa&l0(S6n2j zZOVHw+2J<}adlV_j|H$JDUXgr`C;mIdjRWASRfllNE8@Ya|b;y-tSKpk|RJM@XanP zUu+v6$N`|Fn?hQBB=V`QH{apGbUpPa1vn5;i}FdI$m77F1Eixk2Il(?Y$NG znN9imlc;DAkBX!!jBn^MCY}5brp2N)ukiKzC?BwiaI792#jrD3C=QFboVfIJFTN=JYG${6tyPuBv7j`nAT4p5`@hBg>6U z2!vw>>P|+6_751Q-3Bb23r*CMf~j2dV>}FV+-_8MSN);r`ZX9nzgpEsroKi#;eqLk zvBf9OCFuwJYRWO8-^z%W6PY!X3qHL4iY+cz_71$Q$h`}%}B^`8**@~%0OR_tsH+F8L**dpnx(Hh4v~0{fDBv3HN`Ph3SR1QiPsizWHys|IYpw zX7;#$*Zc?fzs&w!f@0|ZO4JJoiX-N&X4Kbjs%Cm&gM~t0kW6orl!bkcYlj>=ujhO& zcdu`5er0moN$EaO1rP@k2I7-PCPW!SH9F_5x0xiczk$hYip~k!X}Twg81y^ zxEPb<{#D6?MQTC3U~*9QsUp~Ya4re`^7qo9r`s=eA+1W0Tf)Qr1{nT zRI9&>#$ zkN}hL^VM|pqoBennH5y*Ak*6PFqG*|_Vf~$!oouKP#!L>hQ`JLE@vyNy(wvO|3AaD zc}4_Xk&r?1Cg|;bDw8e;2S?%{1_s9U?X4AVfAL@CjZymv^)8t4X>+|z%QWNy2_%lp z5`=DE9?!lrm|EUKS!CY@r}GIzC1C_FQ{CRS!9v}}6i2*3crSkc2D$}Ww^{~U`h8?o9fMvgIbLfS zu5i%ZUubbL0|J3sl7jsNjhVLQ(1xc(y8+<9cv1FWFZH_}thbmg@yqi)EW;q?DO!qh zY3ayvLU1AWIXOUs(nmhOt7C}gKP=4@aV8)ZVAAnOA8U|G{&d23@g(#_(B85SLyS54W*ZE&O3*48Q$TQZhdFA<;uSL!!c z>wUhty6XRu>H5QTAo~7t&nl&Vyq~!^^RGg^yt&4s416aI)27sl_oa6)P1wBZkLUl8 z8n$~5#=g`2@I5c!VJ5<9MPWq^4!YS2x_5)+pPjm%d3MY;dc$T32=+L({;I*`kDyk?JCZ<-!iGd{uHk368`YA<%P#uG7=0zMkzonS$1-CG+G|h zRW;lmGhYKFXB|j?5+}HW+a?6V;KdBst09qj8^`9^%~i@Sf4~IYu6h;P(duqvpLSgS zf)@>dvMAHAwYMJ|%yAu|he9Em+J=quMt&B7*jU9v7yY1jNUAS@dKROI7=$23JypyD!Z9>{fbX=T~5-Qf??l&SE? zW!qawU?7~aEi@E$Iv&$H2ML(7X&vuaY^K0+)gZAS? zJ=mYv6XJhsZy?y;w2C!0U>aqw=C(T)B}D!fMx7iCW53qnbMU*k%V7W;2Xrw27(ym~ z6tuUyOZ5sZWnjS}z8&0o3p0%mhWYde&8dvU0IcQ#xfL|l4mO&g3258)!alF3-@@1P zxK^W@ihmL)`x&tvnV!CWy`1No&mN&tvjAwT!Nt|B6Q;L09wyf##-GfV80;dhTo26$ zLB1 z=El-OQBl#wJ9Y*Injuy8Ob^7%G@=(F-XqMpPBCe3zcbV0p??1S*=xmRXmV2J-^>mz zR(8>zhTB_#}wnV@i)22{9R(@=2 zV3*8=+U8y|L&O-TIKar5y_tIvs>>oH`qQLHm0p&f?k$OYG$9L02?@J|!Zu6Ph>Hn) z3Y?u-oT=0$w!)a^PHP;;t-*{+8KVQkQ~> zN-O0jNwtye*KNBzIkAs@iE5JRQg%s^uCbvMZKf$HbBtTXH{u91Z{9aeW?&7u)bi_$ z`7v&Bk|ES8O~3bbh(`0lsYbcH%OtU@gvbRGuv;9fu_%j{?B%s5+a(z}z< z)kO--q+j^ABtCkGO`c9RsG7DM%f=^*hBuKgzNgKYmXV?O=%!^ib?H0v>7+=2cs2V#$PL`{pi6DGjloCEegEKl0d*XM;s90dp(s!%sm z+-32w7m2Jk8(+d7&8$?6qW0OIQO|}SP5jtZ!yE^HG*VeY~ii=DL60 z1N;-1Tyo*DVtwR5Gd)#bo%{%*Qcns*mb#*_*1WU@3tOu69R}m+T+h=#_xE20!i~^nEW~ z$19o!dKiR57p>Z~HjJD6Rbi`!M@^y!ADxj^F;RaO5Fe+Hw6(V%ot#34xznoOD@Y`8 z>!$VbD|gJU)0n|hcHTGxGxlt1p`9&vTo!tj0&(7v_+0?s@4`<{s9*I*u4P&~<)-rW zNcIVGkLCsaem-ubTqsw^1^SpheHRFZI3~QhdTcM(zc?xTfCX){uD<@w#>l{bd_#=Q z^Hp}O$XZQ}YbS52kdEsx@a(8K5%-lWM?sDnXTRT1`G_VwVw~cwWzz8QMJ)o_o;I`L z7#*WsP0g7l$HlHCah8RxBSA9$=utU$g;tDw%(B+}56y;~vv6ZIz@Z77Bvv`}_r7}OqgqNK+56xJ_!u+OpcljGz&kqxrhh6-k z$`3MstJZ%uB8Ut>7f~)hBzX7pc-5XwlZoAS{@NO0Y{d& zOk5OGhJcm2W0U&{L%W9HN|-~>3@rL`$pL!llC(;LGTk57#lq5tya{a$ZK}o;ex;;V zMdR55%Qv?Ds%Y_gE*X7vUYi_lX_MdZ+hP-iv+UdP`3_ToCk}zu@_Xv~+!H7LMr)rt z!AO2)5f6 z*Ke(6O~S{Nik&Emtec6~%y0L97<Y##(mHGYq?TA8ji&65~`Sb`MDop86bLo0ix*BGfh z>&LUcTABNl_#KRW{>s)x2YUFCx8cJ$K@Ht>0^EOGtv-1~8;+3S;N#PO+)cj)YTeDe z+ZQK<{TGLhex_`DoB*{wUbHN)`ZnWAk_koUbwzd%cjS?L6WoARh(gQCK2QN;^j=#J z$pzlV4A@UwfOy%!oy%7AKu+*r1uqsf@BP{E5zy)@+*-QSXy7@%e63RZ_<6D;ac~5c%!vA`H>TYtOi2G`b7Ow2i2h+tJR|36FPer=CaaW65Zb3pG{- z_~R%T|1#Z198 zr0knRHob{cN$e`}QN{UUN=kV(Gdboexh_*V6a(907tumO7uW{}~4Xz-Ox3v=z zq#@#o`+zA5m-h>nMS>#?RpfIZS!C|GI8jx8h6BY-Y|ikq-VxtsE#AfK@Ks|e^35{N z5r}u(#Ugu0S$FpdXs~n71G?OQllxIw{DESG)R>zDBKo_D$cG}q3@o@v#G>i#+`^=| zs=~P9VX@+oSXXJMT6t$Oo<=P?p68Xg_*R2YSI5y{B-ddj(O|Gy1Tldz z$wGay#5*IOu!b|yhce=ZLsjEh4cyc%ZE!cbr&Ar?)gElL416xVc)VujyAWshnm6Jy z?7rDp0#(nd;&Oe5dqA!I+RI>%Ye`&+FYo}IM=6>po4Bvu@1Y~OyiQmhmstlH&vu&gxVlpm}#UreC zTRo-PMR<&6FKmx%&+dV0dzx3uI98*7V&g!u99W8l2{*O>*4X=2%|uJ9j@ca4CgY+I|MH%! z-GKN7EawuJCI0FnEu{^kzbW?2DZZ5qC>CoLYSu{AkY#~t7HL;TyYffbRDig(%S*g~ z&!gT35A@E5l|@JXOBdiXhej8Wq)QkC(FfG156E^d_dQFH>&Mph)svJ~1t2R86Kiaj zm%lVO=#J)NmESxqd{NTAE;D|;?UB~u<^M+ajK$8kj#U5Jx*?pD= zCTYP-l6l{Xyn}mbeyr`Od8v8H%R5Wk*+K}4Pg|;SPy-ym@1iUVGB?a{LZ~)0Qy(C^ zzv>6{t_&NuG`SMgE<9p7%+U+wVBF^l0imSz2e|%6L+YH5G4mura;<|&k34h)^TTA0;ya`>X^O|3{t!#L5 zp7mTRZO&KGW-A)e$hq&D_3CGaN#qu=pj|I60nhCFCnw`VYusA^^+=-`dw*=+4piU5 zKjieK=v;)}1op7sQOf|OX&paq0`0e_vOsAoJn$T})}cNkzimw=<%v`%F~%r`8dPof z|Lx!SsQ6V4Y#UBq5I@Y=kN^1SA|q0t{z*$eYuMKK=~HHQiK!X^HtCLhk94J8`*YPs z2mjLpID(Jsu4~PYpQrw+<9PW71Ui`!DQmnk3G1J5->d%x()oFuqq&h^gH=04Tsj|O zQ=;9}Qc=M=PjJI-kt5Q1Qumq4FUn*JR`lo+i2JS~$fsv`x7t1)K3I6^WSPLm=E@eH zS?GZ!Uih*;Qfzk58Mi>OShWf8s^bFG22>(SMKUe2vY`o_b|8j>I1^3#AE6j1bUg@7 z>2YXPV$%9txDK>O3{R)KZS<-9k7vt|CrH-Mt{2m?(Cl8b3vN?3{AQShGv}gPgOBnL z#&qQs=J;L37O=AHYZl$_mIUoRI5ZDRTyQ!7x#)=g8*)0t+l<&Gc$mvr42a!fS4VO! z>ImIUGHFJhMHV#{WzxW%vtB`zDMAK+V&!B7VFP_vi1C6~YI60HcOBirpJVSFftX0B zxc#Rr(6+CbDKp96xtG$OEXg-9q4^wI0j(9c0(W_-^{V4+><0PR+vR3@2N#rf!=~ei z>jEF_r+Jv4)T|L?Q&yiWVi2I(byc}QWGTiS?w*&EA`zZzO*#`cuET5jS%tVb=s2pZN|}3^SB3I265ku z`fXb~=WHrq$0>9>QFrBhGX;(56gkf~ z2=c~?LE(FWxbPlNfzpeb%zY4#nPZ>&{ehyZ| z^avL0NOk|WTlr}XCBCo9br7=Q`^SqyPi4M%`>tY5IL>-H{HcPxL?_2U>CT;vyu4wq zl0wlsc7C1~r)H&(q<%-~CHg8kEQ=7t#hjB1eZQ@lB1JpBh{oCyk;TN{Vt0@lyBj@x zS5CES5b;0v0<|hr#rrPjOXF5kePH$L(a?o0r#VCQ7ZpMq8vsB#B?f&??`5IE&F7_xE)-oBeS$nq00X2vhPA4DNt86O9FI)CJK<`i-bcdNmc_%^h1BNN`3yuK|-9|`(ZR6fhWvAi%xcp z5-WI9jfTLVXm}9y8wVM7YZH%X?%>2O1>EDS{`%e{6IyAtT04V;aj<2(Q6>5`=_K;H zlP}-r==*de*39Sp3gSgAFM~RoQUtqtA9X$LYE!SACMiIved(`Zh=(ASS+U_hjv-)i zpp9UpQFC?>lY?X@-uYqF^iw-lVA2f4h-+UuRrx4HlQki7OHA$e>%yZ(ol~omq+Fb2 z8#U3_s1mc@7dse`O8y%~oZ@ml)(ur%f7BFDrlG6QzTU|B=C#hPJRio(E_*WE0o?04 zYSwel?QlNx))p2jN;^YGcO^<^FUCsfd(O@tPP6Ub?%dp&VKpk-fHJ@+ia~5I*_-`H@B=axMdDJa? zE*IcUGijXt{-oRbE1b7*M+X^Kb|L3r&vwP8WWh-|EAu;ry3EDzon5!1rTo0)FeHh- zFo|Ju6!J}V-dHya3x&)$Im0GMy2M^heI^(Y+AeEt+j(Q4bJN(D&C|RJNtGP+hGnCP zdMmg*X;VhvE0sHar1yF{y^@@fsOKnlaaqvE*9wcIa-SY?x6VyQ%HIj#rjyuHIbKfbE z57c9-{leiXCHBPjAc1X$v%x!si1&Z3i2i;or|o^SHkZfVVknf424AgN3J9hLDjZ-c zxi{ftgia#FCG=r3U@)~6j?`-RHO&${x_X>|fM@r57ulX^F8zW2ol8=O!bRt1B`#5| z>wh;=t-n*u0PS_Pc zAzfWjq|B$luFC`KM?2EGHJ9n1`&5~5cBUwNS;iBHP1Cg<-_AZt$Z2rm(ivs;m9wu_ zFEzH@k38M-yFWc)Xiz6<3eq!RngmY_WO8g^FWjlrQ=Y&3kPM$owMe zphl)a5y@Ry_IK7~^R@XF>bKUvYqo2{7i)9HaW@$8B~{6d&NiC{bL!>4u@+H_2+xy* z&c&d#QdX=Z-s6cxD^si+Ur_oBa0VwQl8ubWZSV9}g$_(eE=oF{O&RS$g!?4rjSP-6 z8p5VoFgXmd1uXxFrjX@DeOW8NJWToPaf<8Bm2ClR%TI6EaE1^<($lx$HGikuR*@yf4IC0B#a({QX|Wx zelLZsk&C6ONtLC6FD1%b@RMA}ahqAJcW9OI)>4@{ZQd%TmWld+(Pkky8~q_ku6f(R z5m;N;7a0kwOwv@Jg0(v43(*)BFoCw6$)r3+tT6=(VJ`4H^Ni~QP`hz3rwX!|lq<0_ zo#DMDPFkA+oT@yVXxsR#Qr!0`>?`*Txg80`Z1(&^q~?(buwSj|;75d%SBzo%Ja^&O z6Y;eRLYgv5!e5BaGgz3U>NFGqPpMZx4qK&Qz(Ei;q(%x8rdKMr$9fN=vP04G<5g`_ zT#AhHc#%5h*8w9dk3)>mQe8zX>B5Ac76zy>vy_NP7{4m*G0mhp9QtQ5b4E{?ZXcC( zdhs<8_e>yzoAg@wx9jR@kAvvt2E%Tg1Gz!T(Cnh1`(fS5^=r^OqQIVm(?%fQ z|1ctc&CO5CUKS>K95``3es}7vb*%YU=0#nG6v@h5o`RyklghXU5Op&4#j_uYbSRT| z4L7cWKq%#TDE{%1$hPqpP)a>k_)wa>5heP{_qUFS1f;-L^W2RMb-8X5L^D^qoZkfs zs#jFOrgMbX#o3t+_G}7LSVgz;B_Ckib}&atxIWjTma%|x+_`nEHwT;&C0wl6*JpIn z8W_%o=Bip#m3xCTwHj^DxtZv1qpSIcvvOWMp$DQIda|<;CMkm4 zwpx-X@i6tk5$(ZF^S*D~*n^D-)aq)(`6UTXO3}5})3H~D*)QQ0bn0fI)<~ojTVyDE zaKz4iYHW}zg>jU^ctmN+HkeRZ#xA2A4a?~bwafG>=kT+fJi(dcxUB9~NEL;w?j_5g zeu?LqJ680 z)q`Ddv1f|YXse`}b*JpfkE=8l!g0$`l=;~+B=R|aScGb7&~&ksU4nc~GCeZZy;-#s zwJ%1nKr=ToG^af@enh7cU~PW4zExzBXF?|PiXgu2g-HOzrSkM_KhhBRb&MF;QLx1; zn{NhcG|#8Y;UF1=rOpy;CIdP6M$)7^D~l2>Sx_7>){nEX#AjK6?~m7s@+XF8w$sFMFP-L79vGktx&*$?8!$n zQ?zXONu*Lv5@qCL>W1klojVOCt{64%#|UctDyKt|$&6b%sF|A5;<~rb9zB6os(rux ziq9Zaejg##7ly67miT?LA8a=Yi^J7$%0~wPWj??p(mIz&WqsLzRT<3>-jkH187DUK z>F%5`gEtQQv^`0R*QnmRjI^L3pfO-VJ%?zP#iXYwI=TnPTt~ zeIL%<8jjUt>s5Ds)j{L9bvM^D$VhCyUKfjpKPED4xiEwl(WArl7>8Y2~pREeuP32@6tq< z-+7NvEck_y%2hm#mhkGM5=6rf%4mj390HXu%BHSVenD-dbTmWV_I*MPyRu}>eKGW@ zm)*)gl@A6FCrS4ExBB4Y>C&Db`N6=~6cLcT6n6Bqt!%?W0m3&g2(qjT>UhiRf<2Nw zGLX#@9MiYKjA70x+MC*yISjaGHAiWt(XD7e5GsS=ltwAy3!=ypaZ@EnD)eXcV=2a1 z5JG@-@@eH5`Yh!jPQeIo6Iu0O>_l`(*$n}O?F}2zPAjt(l;1ZODg+hYO)4#w%FFLI zj17B-Dh^yQKolKp`94G#X~C*es@1^r5|%sJ1;3ICY;@jxjkAVJt!$~bEQUiyxeAt} zg}wOBQnH^w+3pRt!>t&}e(n5+XpFXKSP>9uj7(I6Wt@B6N7CIjR-bvq*;jmfu^xV!~l2U-J$% z(A`Pz?uKkQC9RQyHL3kpK6h%!2|DMgysDvqjX0jHOtbO)D5nT5e@?tv#_g3mFVLJy zi>_}@D%wt7K%&TIb-X*=ee^iCEn>oBeRDUY%9APV=!kSs*LqjTs{MR=!QVHb-U1|N z5~6aU&@QS?+OoGMjk;9#Ba7AQW<2dxpI#S#qQd4tv=AR6GJkIuv1F=34^d-sOKoF&pBb!N*3_be6K93G^Cdh%{)F^Imk~kR}dsBB{QvL6(0`h6leJyGS~|_n;=DqJegHS z@y|$B?FKUSM|@M`22i_wA`NT~Fnm_5ewRd_tkDdLApNtlBzSyOFpoKKcG zygpaBQ`$=!Jnvo2c=YT<(;~b+$U8@JeEV zCBsyk@r&5jw?gJNv_5^H)8z5qJMX-l#CU6R`&y6_dJN^yI3^+c*I6(=SC>cXKp) zjZML5ndp9Wg)QsaDy0Q3%On1irF;2BZ>#>2dv*4&OCGBJ>->ZsC!xsLL|0=#r!sM%Ykx zaEwmZEuNC9y7zO4V{C!6me~Oje-Bzbj+i?-0p5Z%9fCidF)F^TqQ!$DBhH8wG9)E{D|_!t{iHjI>$m_6 z!bE}Vbc8~dH6Eg&(@Dq!0*z97;L1iX9rXG8G*z#!-WTEaKlrrRFDy45obU(P@Y+o| z|47}Wk>rzJ%jkXCtE><&m+yc@5Ab|Cd@b1biK}7q5AMyUx-Rz<_w?T9^iRMJm)72& z$33DEOx!2y8idNV{N2uc3572BC8A?j$ldFYvv)hY^Ld@qSfW=%BXgb9SrnyKA)f?M z-d~WsO(p&v&EblQE4#iHl)}m50oPH_BiX?4m6!eNJx&e4S^!Kd&O78}fKlX{EmqB% z|3qZsq!H6lTDr*07GVh#9X=l0KOPuduF~D%s#MpA`qE zJ{-2EX~O$C{yPir3!TS<=Z7sUZ_cS!5Eqa78~|J017q$Eec_(2`a(dd$;^yUw3dG% zd4w1@t@&~0*Olz?HM6jO;E~w~wZ6)3Zx`v+dl`G{)SDqZ6NnC8H!q~2N4PFd2Yb_H zm5cUZ(kbD>HJlzFRLJcuO5cp1?9;Y!WPQwrLemYw_-1Qyxp%)u0j5WM*9Z|`EqZQo z>8aVZp$@p2EL>B`cpR`Fhgb(+WB>A);<4by=4nmmF7)|2?RkO!I`3J;=#gQu5ubn$ z$)@?dr1jdW3EtBC(yCQOu6|dQnD|V?B+K+B#h3wa+y?g5%I8*{+ zw|-t5dA>Yup82(X_2p(%9kfBf@9?r|&JqA~N&A& zj^7?;);fAi-_n5)7N263(hwlr|IvydYj~)rk~~n(Xh$(v%}8J5SAskV*;b!Le`ht9 z|MV7v7^IC^6p%N`dobAQ9F@EMGL^$aORg!4YAJRLi6uuP_fAXnqNUYg(`p&9`ee&R zCub&nt7ZQ+>g+B^-H%}+1_@$r*wMSH2yW8+5FWJIgZEE*w8O|7GuYTiuz_U7J7dEtJX$F%h~8C z$GFmQ;(=)R^k?AD;Lw6s@?*;Co)z1I5$?;D+mb=jw@GOZ2S)Ttv5CPV4n=`Mv|HNoi8!bKNv&CTS7gEV{ZD@ zVR$x`wPss73{n#9WS{O-=9%%Gsp!nJLVVVlD(=C z-5<{=bd^z|?uPhP z>SkHaeLtJ)k>;}!I0+evq~Lj@s>U6Ke&R4uXS&8(=q+@HfGI8gvo?U41vZzi zZL)0-x2kddClR{=MfxusC^J1NtDiYxH7w=R-I-P5r%u5wZz&lvf3V3!#S<)%y7o{g zSdGnXlR2|oK?htLcpj)K@x>V01T(Y$>h5^0nNLgJkNn~R~k#ZFDl%{-&~{lRGsQmR_u$gd{_r;RajFr2+hyoyVK zk5h<^lygLUu^*(Th4w-_5iiYnm%6$`9M!yHTLKP;f=SzAyPAfphr!tLZ%!Nzm(bNC z`rDqEQB2m$qSKs!I>u|ZZgrh=XW4m`s8&k)CA8e@hN6Xs&Ep|t@AYRB@_%jCIURXH zy76|u=XlM-=02{a+y%AeWv__EeQ@*r;FQM}u9xl2@&cC)4RGfAN#p+1zre$CkH02D z2M2nDWvFL-JR{$>cVIbFge~|OWvWix&W7%jXLW5T<7GuI-}HQPT@B{pkj_tBS+eg!VadU)xahe$IQB{I%!>vO5t~4>W_4)M|S2mLb`rDrL5=y`{&x z)*mNWKTe(v>cU?lRNlOSy466|w~>3F42D>T526pE|J3rS<@=wLKc}xw{+xaXTmL!u z{{JogSHb^R-T$hIA=u^+=wouQh}-j=D4_QSJ^$&gFv>SbNLmVEcq>Lo%LI&xOnHfK znAEv5-Kw++>4hSGW^MgqFwmr}Tbtst5spV}H_Zo+OD8=7$qwf!(M_jrY4?YFZM@iT zKDhu_|QG;KQd`aHaDZ91rR5~#+Rwf3d8CgCQnEhW)t2s0e|)60&a zmwm|}Ryw{9S$i}%o>MqK@X06654nmnmtx=0lcjm3<;f&HiJax$He|W2^l0sx7PR>C>&j&bNcI%OG4 zOsxRCHq>J9fGpDU-Qo>aw#VRSvLl*SVv8bfCD)W`^5KzG53e5xUGHB;{?g8OLJXbX z#VKjAmV=9@?F01IKf)SrItCk0_7i~sQCzI6QAgP_=>@y(IJ=j;VEglGDpA={;E*Nw zWEB{;Ax}8~WqZh6ct`s0f2u>(`9e7ePTaF%z`j-*DsO1o%Q0+X(PilnQTGdhMul9e zUN&(^!hmsPj8h~;sLB3jCQ!icQkQi7i9m86b0h6uwBo$Csf?soBGk&y|DIq>q~{F4 z&-2}3rgZGBexF1`{y6nD-K!~#eOqoxdboL`)8gXUOw5B>V@tS1E&7*ScRacK}>~HZ|=J$lVbD`yZ3B~g6YlhDDl^l zC^v7_A)}c=>C?|DW2CwrP$V1t97f^ia-n3f1A!*&Iq}1I9oelc9vp4XV^4T(r-oe=u= z?SJ{BoJE#dyx`Z-obGUYvAK5CfQrMnL5hOvsG@7KI5~9ImKKO@7Rgd}3aQyRzLqs) z$O)4pHFIL3S_fLLgz_nWpv_f=_HQ^tL=q~ z_ZTUM@Q$P4Hu4I2o7GO)8!LZ+x9P8r+b+-iUli_d#&k%z)j#92yk3jyvrS)7$L)SN z2EIck>MSXA=Kzunq62qg67{?GIgl2Mhi={B!9a&VOOp|26{o zce%fc{7t?8G7JBajsGw|#mi^gViRE)76FW&P3VhVz<+tC*-FAq1jJuP_y0)xk#U6n94z;TGa%KboA=J~&)e3DLk^Ia&z#YU zvXWhn#qC=y?=sJ|gw_DztiHTEivE6Y;%>H=eq(gW zCqo3t_Ip>8c7>CP4a7YFbZV)^QHwG#C$r}^BdzQ`)K`3FqB8PkWhL0WO7>~zsoEhg zswOQ?++AsLz+8L2WlG^}Q=OSUPKpHK^>ketQpv4>&0~oDkcT_UFOC9po8kY+J~ULP z%cK@nk%db8(<81_3(ZkrlhpIyb?Pez^nB1PiV2X&G*vLAAddn2iahRrC;>*fJl z74i4(tNp=(&GYqcdet0DRW3`tdE?bINuaIkL7TxC`Xofs$fjO2VP|qIa!Q^9%@lOs zkvp~Uc}-s2(lW>6K2J4 zaNxV~mcaVGadx{x&a|<&KFrw?yZUzb#F>EIgP&H5AOIQlk0igD1RI-BQ*NkE(%c;< zG#qIQQ#)uyx3pr1*jReja>LxF*w-P%R_uXv6ZC4(?_2W3Pu$GBaU`Cz7FZ;6TY zf~j?uipStg(1DxIMzsmKRQk1`Nvzs(&pZBO9K|F&5(~7QGR*?&9Q&=GRIx`rlGcG? zw;|{bAnq^zQi1(9KFI0-8lh>}EIA z>PiL!+<48v3QqyzsQzwz36uVIs?d{CT$dpF#Achd?n5^&Y*~}(>McV0`_1EmGt%b) zdo3N2Ci+oC1g|s=*b*>VvmR$ujA`j*9Ld>iV1=SJGcuoIO_D?P5WE2b- zgVmLh1jLO|vxFr3Wh2ctA!YS)Qo?u4k(43<=h$blXuo6Lj>{Z7jI(2O-b_Fb@itmVuuo~6^@o#0 z4?1ak_cx`*4!kiHxYQZXGSkx6iF{ly0%!rISTK-32)K0wfVFw(T#?^r=I3g&WWq_=T7%v3Ep{orxSQVXUTSS~q+ z_}kAo3PEL`hrj>)oBqJmUGd{-n=JAW5o)ojinjilN~MAuYG<*D1Pf@JHzoi#I)yo@ z&fzlLjKndf9IK${m225#znT0>noq^*#9<6C_x;FA8nsr<|5>T1Tl+mt02a&E&VwPS?f8jXQ%Gs4-t9oIk{ThA$Vz?Bk z;>&yghoMrqg8*d8q)bCwRc;jQ%LF|L)k9nq9hX9(F81*$qSVMnE*Q1EQlyaG?s8Hx z1%6bW{rykQ0xHmdS%;vLw;Sqti6rqQ;mswq7LWaxeEMe7!Ud+4rP$d&2%(6k(3Zt% zJAOzH2kadeAt1Rn*Z(%-UpnA zbRk~=0)V$?keyhaSRYMd|$MPe9~95s$C${a+#{VOEg- z8+7?Uq9y;=pv<>xAfMC6Cp%yw>@3_rZBl}P9{)+$n z&%M9?M@Z=Fk^LuR^j|TdM5zDIIM7!>{RLzb@jw0fZFqvflf2Wy@ic+}_3qP`D`Xg7 z_{{Wl$Q-c@#KP~GQ|ao8lCb@mUBztO3e;o?g=4xnr*UK7=p?-QcsZ@KEwtxAJtLr= zTe$NSkCQ&m8$R&m=JFvwWXnAeR0FKas&O$9#UP`Gk%509M|@E-7=s!WMBVm z(~0$nLtV}O0544fp@SOy^6H9sA>z}m=E0#UR*zu4)s~z6M-VA4Ra?}SZr?cDFBpLMO9g*bF{AiZQ5|1Dhz$-U>ZYi|K8S(=JP)Yl~?Q+wxL1c+eFzDQP*D z3bbCsu+yNpu+K0jyiY_c{S^dSH?DXIFPEk&zE)rVR;ih3Cgp;gZSA#Ccw-IwN2(QC zCsz25t@AfW`S}q`Jp7pzwwwtiRMF@qGd6+NQ;cM>ySI`)R^DM3a+U1GIEXvLQZ2*E zQafqCZ&r~G1keVZkxZ0|1>q0XJXyvtG%GuEf8aG(03WF5voGU>ct7gTSqtsk zTtxX^d^4qYUL;2WNBtSscp4SNO1ziMH{diQ&KFmFAB!SBTU2VL(C@8x9mgz~bZ=Iw zg!}ri%Po=(#C&OpsY#2WYZnVDdArJJEhd==i}?U?e1uO&AO)xx}?ig4`p zhQZQU4wnHEo2}@#BYem0KRnup`@@iQ87)1}EY&V4YZ~1XVKE60JyCt=gN0V_O+x-m zyE12I!En`=YUCYjE)Tng5g?DfRsK!ldsbmQ>R6Nejg_Xp5_100F)QOpzJ_}aAg`bu z3I!rt-g%8}>N~-jLcKS)V>ltXz6*j6^9jP$fsJTO0XB@jU3~IRbj1%9!|hEX!?28! zWC#(|V-Eel>p``-7q)Q__>k1p8=hRJTD*hB(D?;vH*YsAO-k5hWBPW^gRP^J`L=?D z!ed&2)0uM|To{9rif-}Kmu4O?O?vVlM#?xlMTk#HUnKBZ=-10E1nHb^H;?1c<9%Aq z`Pn6-)>n}qzA&2_IV_UR{gr^9AITNzW5r5IOsJF*Dk|s<_#}Rygq@Vco zvF+uZz<@ximUE~zwtxqix}&EgMYs&e(*EWHkb{r3lub?Y+SJh%2;ZQVx0?YABe01B zEGWQOZ>ThJP*X&58ipLf${V8cAfGXY!sz%@U}RT)gcuP$#x>C76oYi+{HIR4r()$x z&#i1~U@!+*o2j;?rJ-9y^L}^;Qe8oTL{9zZx_7$wuG5nEw(6U0f(RM9a*33OU{p%5 ztmdyVjoAqoTJ3gx=NJ)Z%Y9m{f;?gWDESH@?Th}Z=$3{-iT0>xQE1Q8m&yEapNLE` z?C54ctf38`ds$8vdA!|=YQv(+twh1kIH1sZr&F$yOBW{r?7FbWB^N*Z94foh?q#&N zABoV?m#P360PFmn99fc+7EBy(0)>~!`th=@pE}el1we!SBqnBghtNX&X4UJV?*6<< zv)SWmOk?i4|LnKBijmyVGCbET?kT|b62X%q>~C!Mh=1)OtIjUvr{wlPWAOMd` zc@xy-y3&ye$$V}8K>M~_!o1{Nnt~W&%UOrvkp1rad)p$s z#n9YBC~Se#z84*IbQ%+&sveSy556C7K5!5X@G#I{Li$Kh2oC`@g708_Wr3Q?NAfp; z@GFtLs3X9OTCf`CXCtl<(=nZo%NiB-1+RXR(g^Udn9nDEHCcnU7PMOBui;p_;M<(HUy?_TA&b3}x0q+4TeAb2RGZ%a0UFBLHmTpN zv0GYc_UsKFZi#_|Z`IFvsRi)2A(n+5zQrSq(<=R|U?X(B(x_xq`v+C_k)p(@A<~}b zH-|iu#SSOm54!T-G9VHyHM{*I$bEkVSwQpQNdJaDLdTT*w0Y-jBM++l;)I87vTpsl z>5*veT{ofT%ISl*)B()r)=jkJ@trNZRNdAOBhRxn?}lnKIl?zacUhnCXG=XZb7GK>QL zO3zUCcTR^7E%YZZJ7NECv-|1qEDx_dge9mSCz%VH!`9>zQ(aR`J1GNrOd(QPw=XWh z3Cs^0?VGw2P|3@;U*-}2N*1BiJbX0T^3teH)fX^b;}E!-5O@`s*U{Fu!MVc}_){NG zteY5+q4ZMX1l&-kd~%k2zPC_$;KjLPpZHaTvDW70vH-ZH{}*X-XpFA)Ey8}HW_9})6V|Vm6Cvyt;1TreNmIgGq+p!D#{$5Ltct4J0xu3Tsiir3Ye7_ z8K}l-3AK*K^0Zt5EOK$!4fASmGbr288KAU`62D;LG9aq6vv`fme*>pu8uv1sB2O3o zJoi5@6-#eEEopV@J>W|$r7Ml&+|k^Ql$+GyfYC7p{u%b6%>R`*AF7ZZ{!pqi+yuv-{J;WS6i8B_&Zh%jZejRs=>+; zO$AKFmWb*P93v^4aG8=G zV(5rn45=INWE;tp-rA&VG<=gudT1MC5TM@ z6b4nNmi2sxFhbM7PId?R$Hwjtx7Cs|t0y#}8w;~ubnaI3;4+;@-t~d?C?=Mi3+SGu zTW}0hi`GsPMk14r0BnG4PZx<-JJdG-tZ!$0XZ$BIK(wrYbDF3EXiw453u1}=`io*E zSef|j(d8`6+h|exLehvX8%eSs97Q*S-Mwz1&LJ0WW7;7vz-R!3XI?)mY8$e57QLa} zgE|1kZ5j9zMGCXlJ105CEmPMtM8@@DpOx3hULZMDCC<^gk{GGVtLQ6H&zfbkvB2Eb zh|RA;d{#jUF}a;~Y=AK7|53AQtb}eF7OTb@W%k=5HO4bTkO0+PLWJ<9W4JAhiC~t4 z1=%~PFXi^3e{q;o2uXskbsrXk3ED^!Fn60`xZM230P>v-yBGi(6tka6}wL;wB zhxOaqDTLDcskMJhobBJoGds|DEBT8sLi(hi6``*BW~3)o7jQW@@WB2dYw7z<#4mq? zF#)+H4OW|>>@Gg3H0;|8yH8!6T|1WpJ<5HzefsA?c2aYMo|l`qq3j25%SP>Bu#mM4 za$Pu4G@c?t=!0!86(o0!BUbcI5qMdf1If$uN-=CTSbLO}w;=+K57h z9+->T=sImSBSHN!g&kS8YuF^k!APTPgA&#b)%&e;K=5+SF_r4A_FMzlt8g_+OymqB z-CMNlY+a{J{GZu}QUZ{Fk%FAMWZ^JU?9$N9G#LL`(f~5*cJr{1ay8Lq)iQio`AyM?jjHb3IWj-;{ig0vgF<kJLbZGcz1l>9pdUw2E8eb@u(E+vs#MB!ZA8f+SYE_3{5_` zM|alD1W*tJP3%l=NPZw`A!&Kf*t>4g|Gw3zWPWTt;lpV5Femr$@rkjKF)PMw&6I}c zHVR!E)ydfL^2!wMaQ}UKlz=l4{|&)REniDD`(&C%Ar*#IhxYUAwp1E=H-fU2ya#^> z=OC&M#Yde6T;{{1v%6XEAo}1kn+=+1x;*Fp0t5=d08^Ds9X8xSaB71Rdem z*hXKY1X-?nN+z7G7b(ecT6-r1%G)h3o=A}VBuzLFlU<(r7*e(i`qEO;!AQop@-5=z z(H)>>uB@od=xoon`9a6=8wx#g2J}KDMM}-Hy4a~7_}a6vB$jt9C%r#@HR)?r&iEE< z*$mHcpfgvu_>$!_Mg(RX_jI!*Mc@`^>y$;C8#4{%*C;AFZd(G_K@O*O4iJn?hWA3M zRVY1N-71cbfU&dQg4>(v7zd|aP6ErnSQGURfnGsj8gJ_fMb(xs&qK~v1Sf7Ol@%4F z17%xM(T|!qq{K1wcyGQwH)i_gA`=qfcuSNcP_tKeD0>~9S01e7zqiJrVUJ;OUc7dNCly@qt@xM z3=PIocYb#DViKzSD%~8ZAe&v5=bTiyqFNXIctL^bc7@+ zAx>E@d;$5xS&Pq_^U)-^)KQ2MQ{(keMQZc_guTO0O=$UO`_Ew0 zl>^t0WZA3HulJY^ve?U(_DA_%*!d+X^2xTaruBvM(S>LOIP4w!U1k50^cpHT}bsbT`F&4qh~{pgY2V zGh|ekFmTk}hFTz^$=7yp?O7JqoVCq&Qj2R;@qzuBZ+A-->NJ*IYKkUj7fcZwC1H+l zfgZoR{#dKOs0#~WD(u35^`XEwCqar3<6@^w9<;|UD1WqH+#5l1H7``;9(gjKW;eZI%}{dhZRc!N^613XTK=QrY3GDtneZ>kB8Abn z?Nq5uf?hbl+e84a^V4#NH(~R@-dtC+8!zj_8 z30`S^3gJz6A$$4n-eExMj@kjVWL}ka@&9#o_TfyneH_0d5hWzaW{MOFiNZtarl!JF zij-_AD&b0#VPlqTy;$9Z5u>-~uAaqGH&)ubWhyVdI3#T|^UkIXn=NCWYrQtQ~xK~w&gj)ua7}}Kfn2Q?7Cgg^IM0e z1OlC`^Qzt!nPE8Um$M znj0CaT7KF6)zi0X0$pY(D3v$A!D~2?Ofw~!)rQ}xbH9}NKWno7e;1@K25G3nKT>9b zM23Z_FZVg9?aj`Z`!Ng0Hwdt3v=t~g(;#ZwKxU+#RRr7R&CR8%<+F+ajv_>0_U&KJ zI1ehKnv=Q>N68Nf+M#H7GGNt#AXPO9&EOHcJFI=z&gL$u74EB@#6wu|T zFdftl-QOE3)voC-sM{N=JEJQ(w&%LflwhGKBGnCB{*6Ztd{sTR$xc2 z2NLaY{oPgJbXRlM#NBupD}KIEy*38bHVyu2NB{{{rYP9dQ^|^w(ozc;to$*{57hc- ze}x8k!mnX@Ha%GZe?KHBTKi^vd^}4MyR|4;@hN%>7<}d1-ReQhZEJMxON>(V@cH<~ ze7skW2|hU?;jb4}CE(`sP=Q3Ns;bH|%nEt!UDY-ckVfhDQy`ef4e_SR z7Xtvk43pB>v(+3!RuDY|q%{ZAWV6IwFjjMOGo*-f?}Lr{R%?M?R&zg2;S-7 zM+Xz}s=;1~jrxHMfzoRcp4@yUKXUouB&SOSK3SF^f%A?Cfk1%BO3ScQJ&`5?@Dy}Q zTxn@6M4!aB-eZLHKPGx27XlnF(Lq|J@mqhz&^TxJ3t3cie6gDo=_Tm0a*tdRdWm>i zacE!TrU`4gp0jgNVPTh!}gECjH-x=&tf^q(j^E* z>&>GYyBI@C>Fk$Ud>tz@!ZzDq+sE+6J8=RQilB5xRUeMUteYCAj?N5CPmayZ_DxDf zvjbAmh+;r8k~H6Y4wy$_06g{-<}8*J7Z(e}#FYUtL*^0JP+&dR~OLofb%>AjMY zKibfjGgh71^d?On`@3D<-hYF5<{8&SyN@n{+>zX`xzg38Pc3vVT}(GH0gq}Q7mF>R zP^h`NxrIe(ad9y?hoz;+@bK_s$9P;Wm&Yq?i=uT#KkF_=JZKr5Okt+gdKv3B^-qL3 zgwQ(oIdYg;Sh60=j3sja4LJ=>cf{%=C6U?@BIQovuc*O?Z$TJ&8p2Ih!XPX3~0L>yuD=0t3&5447>_#B0?u`IF=&V76vhsKif=;eS- z1dH+VE+bSXn)O}*7xs-l+P2;OM`d<-sz+37r+c4V1TJH_6LlpAEM_$c`wR?j*_)6W z@3;vQYYfZY4Qp1`qYS#>mf5FWuEyPbvlfs>JqzuLMKO*#P{8t-;XvgPX1G|TD$zn# zVOPmDx{!)U&hYR9qPXi8{Yzp}S~3%F`h}9pkE+qc(_}=WO(#$bTaC`yQ6pik_iD}R z38>E_C`vQUHU{ICN8EBbAnMwG@|_NChtZ6l9sDs3Qb2U@{+R~b4`+G_+g?8qX={vM zUvpsvT9c5z|3$@N{}Yr4$%UgPx>~_W6Aq2X26>1Fn#tN33$V3NdKj={wY88$cGmTH7w41Vz8RgZH*0tfrR`ga0@7d!Xk-0X6>d=2@NKAT z_U?0W4s}}^1e@f7U@jSQK5(CSl~!*JJpOv0X_G1_rXwP6H~5xhC%A~qDgv&pD>kBj zq~^c|f~GYICkC{xrm*x@%Pxn|LIRWP*Dut%d(Jr5J1AW@sIw$PCA{jc#{#F_IOY<) zCvnGnH?x2f(I?6D{aZi5xn#Iz>IUUzT-3rgL%}!43b833e|ne|4JkTaFY(ZUdmNxsk*hp?4wpqlIv@T zkK>rVOQLMjz3SWRyh#V43t*?Nf%JRlXVsjG&ruku!v?XZbdspKQvV?a z_h!v?=!=wEH#wUCJd&$as&sL*bgr+y@e9kp_6^_Qdm?F^nxBdA7jeKumWtOUuS)3} zo9oMNjQ)Cz=MI&W*)mxDVf(O^KFnk; literal 0 HcmV?d00001 diff --git a/examples/external-auth/nginx/images/regiter-oauth-app-2.png b/examples/external-auth/nginx/images/regiter-oauth-app-2.png new file mode 100644 index 0000000000000000000000000000000000000000..ef69149bb1b6cf810b7fa671e90887fee66d6dc4 GIT binary patch literal 92269 zcmZ^KWmKC>w=hsNI0SboB)D5~4NxqlE$&)eS{#Z)a4YViKyjBMElz<_q_`A!cfaX5 z?|r}f=gWH5nq;zl@7Xi6XP!t+btPN?B>)Kt30D~+4@E*k1tTFntHDG^^vqa1^dlkL z2q??TXnP{>e-A|TA$`nyC?zXJ`TO<%_enE+F%U@}5eQUa9_IlpV znY`i)c(3SQP93@?ue`NBuv|%aC>ii(g?Tro}8Ai2h&cCJgEk1c-0v ztZyQSgZ{#1N0MYWnIwBYLqhr^%0bS#|3id9@-M7(la1-bYR@gN8RDTai5+S^5C>-10L8^^8!;mrZ6z{h zLr$Y2K}^Cgdd*b%NqzDsC%&l9zBmpYVE5g+>&5R^TuZD+7FOV(XgbaxaU@6U%_W{| zA}g^(Yf6~QkY8DUH9$h@gz)+II4eap#gL!^!j)I$9YC@nM9NvJ)X?xL{yAcuzg9=m ze&d5uVGYNNl*@`@riPI>tm?>=q%}ydv}R#4e~K;t(P}^N**<25wq~tb-(+;+u?*n_ zB&2<>InL^}Y6&yDp3n9Jt>r38W>^cUBq6ZVX9_pd#4Pawm_ZFjRaaww9vkmQ*NpL> z9v{+>|6=kC*#|U8OkL{E+c|WmNWa@KdOaLaqC@^_cAB_>A+Se=pzUsGW8-`7RnzRE z8r@%%k192Om#3?%-!A79qF@F)Z%MG%7&N2ZBusaSe$Rj@VE1+41v<| zYY)`Rp#>Iz)YGIHb@z;o-+K-JL+Hz%@zYX+#9KxzxDk*YlO!jwYwaxdHeQ-CalpqT zU_t!&Um;V9AEqu1l;ONYY&~md__>-gdCtZfI9Sh99B5D5{*pqP$zd-IAxc{ z7~lkxM6#2m!UB$ooA{&d$#4dB~AK=_8*;(yT^AgAr&S4_a!OPwc~B zyT)3{grJNTP%1=eiTj8*&&NB_Z&4z1H4*)r)&Bna%>ROqC&(8V@NdzuvH7X-1_v_! zEUM+8OFkoTcJoW|ySdStI=U)u&O@%IxZ90l%4}hE!~EAKLy0Q(OI&|N0|soa(18*S zRNt(3yV9cgUpJ;^=TLWc{pECU=j5%i`8NSnOT2vpe;#>)N0Jn9S)&QpdkcIFWb|dw zgg@1I(EfCw)};)0`>CZ%=CY}%WbkX}9Whre;5C)@OxyV&GL<#4khvcpH9dxi=`(8S z^m?^lD9>e?nE?g#00N*i;c7fJtb4!y#`xNC>E%~Z^1yC}mowq>AAVN}q^Vb7{04Q5 z9<`gMs5?zwn^YLzYwn07R<#9%)6T^@`R(1I8cs;Ov-@`QPKk!DJE{U}p!S|i#0DkM z#KHpgg^_2@PorL4ASNnGpfo)J=D?`sBiBv)+c|8K5V!n-ghKF7y;2aMOxlzLY|jYd zs>1}n<*PJHQGaXeTk?tf!TFHB(J25Z^>{LR^6lCD$&9%Mp}X2uNzARlqc7edomhmS zVX4QMGBGBq`{s=3W1TF534)i2l`HvaNwpvEUxtT*!%yvr)tDq9hVp1+;BwhsfZ{6x z+|AJ3Su+T#6vG|_MvE#<7-1zIKJiAsUhprp<2x)2S*q=Gqati+lBExj@c`k;N zi_CyTU~T1RVQgQguU-|z!@Mo#%)*z7{^+%@NnFmK#!B=PpaOLH5u(_#M!InPIa z;ny=N_P68RBJSQ(bIUCUY8tB+kA!o=vnGw!Me?vr!8iP!SMSO+O>=Ke>D06`HOHN`Zh7!y(?9e9u~W*$NZ8H5fsOlS@{sj2QIEUc_2y`urN z!Ui7MG?U@C0MQa3-ioRI8ZT)2SfBL$-su6H6x2VagZtn3G5X>4Y`Z)4WfJxKK!$!Es z8fh|0o0p%YGXJ>xDR}%T{;hTXbn0U>&P0~sJk4YnU(CuYb&SnKB(o+3fAf%&;neT( z7^Uz+K+t@CsQ>(CDQ&yEN!X8alrC4u?@>cM$(R7`R-Np4VuVZR(r!jr$oMsU=G@sb zS?MM{VEWdne`bMU;cAfEWPS~Q=Yzx0m$@`z&x^p(vy!NlgHsZ_1miEDDcr3gh?Ifo#3Wjg^^C+s%G5aMd@g z`U-6O;lc#rwbWV#X>uLq)uVhtbNA3M`wNoKt;LfpTsA@y-3hqf5?CIHagOCYPqxd^ zkl{@=CNN6I5kIFc(moIZobyAh$Gj!4j^@K7C)Su*CR3E(qbz=HwNd*g)1abkF)F;N zcp1v0K#cPohc!Uoj=MG+pECAgP3brTYJ&3Z?Xj;1?JIsu`{_9Y{hXeT1sQhE&9SmI?o$PftCy#PL-PyTIHGweBxbD-@0jZ?tbsX$Xvzr+9 zeN5}%V_eLb;FGw7gxd6E_*HRD)KAXhmEQpbZIDkD>hDXq7<(=9NgVYi*cs9X&5m+D zpo&`rV+Be4-+{#og> z3e4-aV{bpqUVhD;4n2A8#CVP`-nl2TFPOnFBB~_Skot}me)$m3sK!sM7Uyg03<0X0?lMP z9RqkW>Ivz9@_t;+51h_l7i=WNbO}uf@f3eG6q6(_W8_Y;e&RZHaaf^W-HC2gkLrj8 zD!=i|*?39)ooCi6TD4#H*r)yY7R6VRMl?IJPgmCql#jG-=MuH)6TauC>1hTYnp8 zTo=x7D_NLSOme=jyw-5j(i#OUEM%IQ|607cO#JUilZB@ZEm_M84@hu`eec?2eXrzq zNN_Qc{rF=NQ=MP*@wEcXDhl%bj@Q(DECVRD^R0#$4Tz4nGVmQ4Cr15^nxWUL9V^D( zN!bv{icC(QS#A3lNCHjc@*ST%>_uAVSJ=I=PktA|sfCKKX1Lp28$g~JO1LP!G3Dbs z#y0oupe#`%Vu_tak(mG!WsKcmy8ApXk@D6P#r3nB=XZ3Xt|7PMioqSMgH6BE<8b=0yYLpeBQ~j0~Ln-I1G$5r`rxSZSU&Gd|k>ayin`!0@u?8 zDNbEFJFLiOn&fiho*I^pBn&R7czCbMqydat6;t#v$> zQ3CKdgYdF7OoAUwsU%<%fiEK=s4&(`lKK^`MjnMhYUDsk9nAPMgdAL6k;Hat%{e9_ zs5F`y6D2o(bttEpQ(DbS5X;cFiS>C1ms?Xu0qb_!{lL@r(4^C!rDChz*%PThmUNE` zdcShjDR*@U>|1|j@9?i5e-a9UL5u|t?B`cY8VsZO+o9mjcoDq!Sw_=f^Jb~g#%$4- zCB^L24^8U#U62^hhP;c+asp}yPu_dlpK9}p&}!bsP=0Xj_sBo8c6wKD95)hxmyBp- z38qa~mJz^!(fh^U>rYek+Q;?yTMb~!S8$Pel^87`8S#;3o=)LOD&-Tsk&IY}eR6^+ zb56idEf>`-xlir0NSbDb>uq&@6TucDYzwEtfi$%VE$gP<4;YQ z-AiTecU}1?6k{mR(KQyp=``u<*})SidI1vaa7#Me?-Umaoi4`T#(N47PY&esLvb)J z5=w%Y67uJWirmI30N65=9}Gw4wKT1GxINbFxL`fog_qA2V22ZKjXoZLo0j2a!!x{4 zSQJHUA^4G-^jEnmFjOt0-%^NCK`_vazAg@;e3VU|vX+v=fh`y?kU(0DBxs0Aj+d%3!v9Z+?zLCFv?Wy}v%!7DEzWm2 z03+z;!cK!{LmF-p>j^T{N|NPMaI}!6Z4UPS8p=nkCmtUp1M$ZHgjFgg|O~Z-u>I@zeT)NAKErr=pI8 z(kE#AVULk5XiA-tk-$1Md*R>FGv`H4=24P|{t^nfiA&Go3aCS%@Ng5+6MFXTIMBTzAubpob=V)u_BF3=;jyp&(sA31G9( zMN|@Q_XJ-1#Zv1TIHEGsEpTdUFk)8?VVCyG6?7E{(iuFa@#b_-o%GhfSBZxtV}=k! zh7iWe6MSk@Yz3zWzR;ZRk&Bv%5KP2LnG*k@a*iA&VzCe zrKybjDQRTYJBFx2yY{aXUpDa968a>_O7io`fyolM!5pr#buSWRbl>m}qTxsBn9Z7t zlGL|}%C8i}9Mlo)&{B&fxeHY=BEQaGN;>?U9Nmgd(kqMn4C8Kg?q8pwHpmf@bh83L z*&HwSh0Wlx+qOj52S5H`DY-=t{(#M@@36DR0iE{;lvO55x|a?Zq*8Cb?xjC{onzFV z%(*n>%$o%9IGBEJD_`R)CM0)VGtPK0G^Ff~rx=&b@$Z0^-`qID=K12?hvOF{4t19;vxwoo6H{AcF1$@~u)xgmI5(2!SNpeYGH7rF7v zDjj(MZ0VN+j9Dvj2-1&It{#Cfd?-KXuUR<%JBg-QKObH(#%V*i=R<>+d(j8z*w3qN zVU>RqoV2t**Wdk$p*0Cxxh);u@}&!*Ruf9b`}Mz7bR+@tWbiZ0*KaAQ2LY}P<=vtDs5a`2vH^o zC_dpvSWw24Ug;^-eO7&DszU$$7{mN@cyX>jCEd+{lJoVk>5_UCOZ({$_EP+CQET>~ zF9Y!;mK)TnuVqTL$F<%yD*0Ven|`uN(0V`5K5eB1$d3-9_(WRBW$vi(DPMaw>I<9Z zq~2wTtd@;^#U05nilVxA5}kK^?IIGDlZNoLN8`&wMo8>BV68bly=TRi+)8nxR+n~< zb|vYiQ4+gSk}LaDdU`sl#2RfMdbdJ(W~EAi?Y5=`=&QFX?kmA3vJ-tH+q~L>Q?-sN zfY;gmgofa@NH5O9cDX zaqv~9y%5#AHTT7a=?n`-(^#4pR-|NP*}0Egne9H8$&^5h&&9L$ZzkpfjNb2JwQ{th z3$WyJ?^8C|{Wk2JosD(?PHhN;O30*S4>~U+3dS~nd4Et=N%Gid>am5DpxXGiO2aZy0dpoI!9 ztaHKF?Rxo{r3UM@#)qDRb(DR*2D>T4e(v_`An>}IpcAybsv;xR*fYlmQD>KaHse?6 zuA)LDV@{Vd0W_{zA9|1XE4fb?EQ?_!rUo$9`TSxtA-Udtu)&}w#cOp;X&)R>wj@p? z={{iKHX>-{@85AgN=iyPeE#_0Ex2o3RxR_)WcrI?-J#f{{$_~RNvO4&WRva$OKUg4izoaiihI$esk2JrS8jK)6eMLz^To?HG3aG5C9OXXr z-k|6E=EYnN#^G0C*-QZ>{H1_p5@X>kQU6Kto1V2z!t6%R4g>FwgyY2TtG$j6 zgsGf65iC9~ZmBfYLsSx%CV)BiuwP7c3|;(&F~fzJglS-8T_Cb)I#^k??0nz?!6WAt z=F;6!dw(B(1i@FU+%r@iF7Dw>3PE;t>W6BU{i=%PLgXvxx{fr$*i@qGwZ?PPIGF z7zZj1D@+e95d`KV5W3~ot48@`bd7w*#Qb&tE+QcgA`HHFy1=CSUm8Vnw;TNiJ^p*_ zs!un{_FSpv-5B!mhF?G6+HtyRAWj@+SoS5~-WJK}ElvO(g%qxl)SmPu87JT+rzQQ< z5{0xf#h^L(EA(|%>(Ly+=30L1pJ@RPd&c&cA2I9fbnMc7C=t2{nO?Q<(Pxj7x@UCp zpPpR2i}tm@U{Po=lGw!_URXi35_38SWf$0_a#1Ab_E|C^JoArle&o3;`|JpWo_)q= zm39l4lCFbQF~-Owtwy~mm0@_)!VfU{>;@~4Yqf;i?mgmd>GAK$cyaF1IGcobnBaZbD9~)>iB+k917%Us@tKF&0aN!8`W#kcfC0R+PJ+@H_u6S0LbP9F%`;hfdH>2J zqLsfjUpv}~7-v74&%+0bW_AR?9V^(Q(cVd2WEnTvpE*1q{hp`H%kXS`FV+{L2bF07=4S$l2y$kRS$bK^CgIl^ z^KeXr6ij}6AYwimL@)?|K^ee*2#mpz5JAjhp?M2umFEhbfXD9&fSHZd0Kx(jBZV`p zYKignnMx}HV3v(({iA}egQjK2!{#+S1iBjFAKRMgl5rc=Q%=D_q)|nkKQ~-iGDkAf z(6=1N2GwqxM+pnoU1VpOQSy?X?7n@^(5}r3$m%`Cx2bVDzHZ!ZoyDR{L3jCWp~j=j@A# zKSGsuqjr~m%U6B|y-i0)mPN~NNB*dij&$#jn+tj6XG4g8c3JY}iJnkG`N&f%-~ zDvKU_^G!~rp8g_R249T1NE335y8^^gdcJR2d-P7}85u3TFOl9;ZBc~mw5r9gzOui1 z1k8TF^a7VNgo=87e&B`s;6v}nNEv!_?XcklH=yD8)w2U6;EucZGy|GM-K#t^Z*NND zr`u^Ppbpz_Eh=Sy>^N4q1bs}+s zB(iL0BKOMyWJ=K9kvn#eYTqUt_Lcw-wA$Lh1IU39 z6VEU?D*q$^8=`;z-fS-{uQD^#GUa}4u)WtO*+geo{b?gD#OR6RLo3s}Q;u72#rUdK zLNb!QQ#Q8u?nZ2AsOT7kF9&DT2=5BIp~gz$KzWX)FI9G8>%Dp0VW&oVLwNfnO4Ker z36GEd|63mxIAOE3mJ0aRv_}*+scX_ba>pC(sx^u!1ZJ>j$Lkf4SFzWK#f0-<* zytf=vAEczWTc-T*wrIH9(eJgQ08mD2wynG)CosH2tN!C6aSiu}XI-9DM{i{eC?}_c zFk5gHAG{@FH3hIqXbk@AHT@<>!N=IodyB!qu1_L2_vDXj0ryuTUal{jSeN{+49m;Q zwYjdz~5+ry2w8J4|gpCOW#F1e%77mYOM}(9h6Y6?>0Oqh7r| zy*Ntq?L(1(a5>fYToIC<#KQy4?u;zOClEy+mjRc)`xowA#iPN3W6}Xb*R>jR84zih zuZcGKz=wkE`0p`PY#-S0rr%SAeD5{FyW)|9O(j{MV$og32Tf8U#+n1fG~j;Qcn%D&hGg7iX80>k za33m2kCnEB$mWM(gyL%2jH@F7UTBUXL-HvS;^tEv7}&R2S(bYK>tL9|jzpPXNbDA_s!F}mwY1aWR?hu5un_l0xn zmZiQ>oHo$Nz=|e$ZmWh@UCoeke=Rp)^a}!v>`uu=qPh#Y)^u6XohzL&F3r%G^*#bq za4z@$xEpr|{0`9jzLwQBW2|D$r zEwU(f14*MxzN3@%5!)Ut#V}lc(vh6NxPqWG%<(BMEG|@1alNG@{elWMn3}(^p;!IZjiFKvL zcp|=QesUUuC1#`+>x+&3BCB_PbP*$t^z!UB6nb7f0_nQh9V1X5IpAh3~ia0JWApt zPTX|3O)C;f^%B`V9`fMO!86F_+wWax;JmcRZ+j=-)=n77hhWx&w%2f;+8Z3%TXI@R zAP5E%gvU3W_$F|)<8wO^j^%~O_)k0YVbrt%YHN7f?kk}@FxhnPF9Y(vdK9UudY#%> zJQdFe-$_Oy1<=I-W<6Ks#SJ#{_F9`ij+CcdDR{2jnZvQY7=_72n9=UE>bTD)E0F{{M44@nmACQPu6k%ahC(wsr@uYj(Pg#BdG zGPOcdR+DjfCaWr%!6bcktT22rZ17A{&=ez&a9qO=^x<)Jh)aBq!Y*C!WD3&qSLd5{ z-1SQIn|8sE{4~~+ z71f!mA}U@-+gcK#79zQtR%COBiiu=(w`&LwFUtA9yuI7jdz&iIpF>3bQ>#5j*%p(F z2It(QM=Emu^%oB}Ix_g6GR_6LbKX{$!)5ZdjYxl%{1Vw*8V>k6efyB+dvgG$;cYvW z8_d!dbHUq>EUb@}s=C0=f|S|SY=FG#E7@Ao+V+7^-=}fAk2_v+{!+IFh6JOjJX{x) zSBJ{l-=V1&ZRq*?VvF=td{bgTRR$7#s<4{mkS{No<)eL!F;6^!l8b2Ac~VZAp1J}f{lO6NNJzY?q6kLK5qWEfIiye4ca(t! z1$yjhM3|@z{?>0EzBY(nek^aZFUH4UzJL@%701JYxx%#z`fQHrxnm^DOsT-uiI+Cz zDnYf`fVF!>3cu9O<({u-IA{_+BAGw2zZ~*rfg5kJ|9VcxJ0+TCw4qdVekX!Vj#!pi zj1IK>T)8`8oh|hpi!T z!CYz3GS2g-6t|%WarK7ga_Gu>^Vs$BDG+XShjl!WtH<^`K~sNs0_+3(gZ({Ho2_VX zBvbf;C#$HasC{4AGz{2jCbqK1Tbru?5g2f@h7Nv|kBVQd(vyaDveSni4APz__}j6@ z2boH%zEdx`0ZEPG(1?|?{HZx;;VrQdh7)LZ=`}h0!T@y9cXE$1HKaLiQh09SvEmxRZjO`N?!Zvtz}5APhOC{*Wt5Vn#|U=O8{g&}hY`=fCFsm{q|cxFP= zKR9rSfoAX>5T?{%ZJ2Sy1JC1$1z(Do(D)JcSHZow4zA$WJ@Pn$)eEWu8;3e7=f8vr z6sumR|A=3m)aC8>9y{(kA&%hrIB8DI%j+Q;vwdG6sVGVpt^r^i>g*E2VRph<{rw{% zeq}%zwd_WDk^V@qjiq@Xr*$~KUFQXJ@QDLQ?VKb@ubnZ87_gXQzqZk<8dZ9P(>r>WlCX7hkTCT^{tlEW~etXh@_jv3p zH8d_3_%OFgP%vOI%8cLZW+RpAW6-VpkEEbePHM^f*I8okVTV*k&n(g=>TnPIrRj1?CSz4)glC!~5Q`UkK)px(X z1p@aQWLh{83-`Zs!@Kx`R@bSIz+MbBBU}_N&5qD$3TWC9gUL6omnT>ZvZH)J8(e7C zSA97-OqOGEPB{RjPjVkAfoTu}iVyl9lL92{9UeGA<*aI`?#q{PtKWEyu82`GoI5YK z;F@GE(!;&fmF9+hYt%y7r>+NWWh+=o06RaCaw|`7KxxVg{msIN%rh;Ju4fPTs(rPG z=?7d{`og$200%=TN7vfe@2tqxrh;Airi7C#UCzx)hwv z4Zh)`gR|~mg``GMlV2XyX9&6CBvTn-7!kqZ@@ z(}ocH;kQT_XH6T{w~5bvbpTqX*M(e6139=x#soDM=(W(MB{Gf;GrSWU)D=xkncNVW zGhcBnZF+f2o&=6k9B`Wniy7ZfY<+3KsWyRguO1u70ve&%g^3n?tW3MYX@NrfxdCYR zJTW*!I%q`C>EeL%3O3@|c&8vUS=bPh@=@iD@q~6*UNk=6?f@#Lv&A1CfD-lWyccNO zX%UQO)V;nUo9=p`R37im(2npjO%wf{v-24<~uDa3KSKETN9D>SRlON*ltp& z{|AvPWZWkKK28fLpA`SB5(7X3|PN&7ek5=3a|AhOrB zOAs)?RVhA56ttv3aAgmpw$kF{4{E}J5=jWX9X)+GwAIdPd|1nTfd+4W6cOOL;-QY4 z0N#bhs5>DgKu}klbtW(i#xTuxR=Z^Y8g=rcd9Nxeg;~lDLL8IP!w6}H?>W@gi6$2E1_iDN3$#%SgoJ=zRbt; zq_-^S&z{_!s#+~zA$e7*;>1`*yBJw(P*yEC<00#V9&t1l9ktZ{8a1C1ApH&ca}`rU&9 z;LB6>`V#?`XMx#0=|U@%3sZqWi~C%jQ$d4Q!+noHT66B;5qgEZ-U*3vjiV9dyI1+Mm9g)|KJYtGk*j0v)s$6~OBQIg#d{Pzgeo*x0k}&G7*6*^!r2c41!sNqjogVYO)|6^w;G>d_USI88re!d@V^B5;F4{-g%MiZER}d;T`a# zHUPjGT@vySY>Y;x`*NIepQgv+#lnM8CqDZz^f{g;myrFLWxNlOS4Sg%8Q~mfV`M8P z(bLUi8Rd*mJ0Bhd3oGAR#Z=?IP49f5<#8bRW-*Pkxv6No|K0G|cm_wA6OQLsm#BxNE{B7Wc3dVkd`Kek< zSf_A$f|K7>{-HPE+&0|5Id1&tpk{gNJX>(pba_ z-Z{%Y`=^)C@kt@79i~oNxAc=QKr&i|SkAT(U?V1!YLFb47Dd1}B^#2lzV$ ztPZ2-iAhnAFOGAKkmHBbOZW>07nz|bU5iXoNUoUQ?1CN>o)mivkUrE%d9`ybWv}7-U}*@e+)&Y>BXY z8!Yl|&*+_Xvr;cDl%p6ON5tKdbZ7&&toAc%7RIRE-s@o#v#yHetI>+>Ut2t*PkhfS z^pwqYj5|$}ucw_JpX-w+((d^JIX?HKCkxcZRUXiXeprse-Vsl(phpY$(LP(tN*<4E zxkurGNc8a=jKl}Iugg;2gp#v<-Cu1Z2J{)aFBkgAPOf8Tk=NlzhKi4qF}v@qQABc) z^)2?@MQ43q=%Qu`kG{*{A5v4w`P_sB9u`Ia_!?CN%c2n^$F)K5XiBr>fh;{hQm6bjl7K|=oM3-Sv~zXZ85~5o~Gr+<3G-Ssw|C`&G0zD z92Z{lG?W@F?0o7JJmrd4lQv|)&H`$YVEw?b(_zXL|gkQ z6VTst`QLb*IBALX;)zdGLX&~*O;=%y)D%mAQ4!%8Hi-wlzqphJU_cSU{3(8Qx}2eR z356uvN9Y-5LS8NSe63;HsF1IcjNW`y4v;w^QR4X3HQ;$zu(u>?e(rG`L-8b%sU|ig zknd;q;Yy<-S5Q$;lD;h9XZSY;T&3PR#kkdo<$dK9MS9*a4QHwc$p9r!w)hoxb)uRO z;45}2#^j!?B-y>rr|z>BfnVo`N?aoaKOAP+QB)CAJnyIYabJSFkwH0)T!&lBCbrR2 zEXr~mA+Dj3C6b1e@C&$3kLe=2)mau0RP1t{HXvuF)t3XTM^uam!)QB_6>-DLNw|cL zip-UGyN{Syao0GE%Iy>57_EQ4_*OvAa#8TL4BK$g@#W9Y3@wt>hb!*@RfwXBY00l5 zs@ogoruWU^cQ^rCY*rL6x91jvjjog=sP5O8wpWF2{q!7%ouC-t_89Y*)0-?StBr6& zHKi~%NW|98+>4ye79N3`LFF3X&*961$>tx63?Ntp--@j)*85}<1{6! zzEqjkn|+R0H|x!VcPB{KMEwQBsf3+YW@d5FjeT*0xovL?8lW^gPvXMi!}?9}IRRhI zFMoG+1>u1Q3WL6*r5tT!0j(e>c2n^|aSZS26;$I_N1ceF_wBKA03V%dyUgYZ=k=7g zMz)^XI^f^Dc{54z1!vIix%L-2>~>$ox9=w=F*JpwKD-Li)22=9;yg4-Ye$)5+eHWZ zzbO+1W741J(n_27qm9%uOu0vSv>O}sXH<^t8Kn?!=aNs+$413DG=u|bfGd9AO(pA% zV0ytR+U!Eh(?WD;s%m`{ogrz}$AN6&dePkV9vW{*Kq|j03BSOC-Z|(q$!ax{*Xe~q zH)=kBrfxtXCEi5bzgvq{-jkHPcQ;tKr>@baeLqAH_F0)CvVZb+>JEj`7b4jH5rR$; z{^Q72FIZ6>W@aeBM7mjv)X*F(FY0k{(s}g#96()TAIT(7E=keh556yD0&T2Kt3BFJuP^uHL zxoH>j65JPqZ=>e%g!^m80#rT^nglKULd>TnYE%rN?H`b!BG5tdeELwn$3K?OO68II zi~F6$#bJ@XB=xVpcv!pKpMzp^=_cF(L%WA^fU~)Ppg2yy?R?le`jPDqr3Cz>p|$}f z1|n_OW~F7!`*8wfK*GT38rOT>r(UTv&NV{PpBOUB!Vxwcusi{fEV+G;nemJY!|qB? z`V^!EUXP>eH3y7vu1@SHmknkKD)xTDklStA=@gTxeYmE62V8Hi4V1*1UpdMi!l1Guw(w!rl+h#22eutP!q)#I@2&8QNf+3XY z;=MtKSX6@;^{fLTNjeTcuhw?Npw`slVjszEERfc!u!)JDxh7aZydsrxd49vo`nF}9 zu&6Cog(j|fQtJl`;pq+i4YQgYWW!=6YKE*L0{Vj?i9Nq#HcbT!vB5^D{a0tD4{GGl zdNl2Y4!=zQYdAa&xGSwPjW{QBxZ+6jvBR1sbu@jnGMzW)Uh-DDf;V?~4%Ou91q0*i z7Vk3cF`fc050MoU#bejDd;4Y^``j8G<`IvOSytC8_eP2>`{mQl3;m-!%F>L3UH|2E zT&f}U(c<5k#NbaP;EX8XndPPvJ+wSgR}H>x&!~`34E`d;&(BW`CIG(~Dj%1Ir%CbW zLU_I5I@OVoF-~X%(26k>ai{6MGh7k7pF!Edp<*Sln zf^slGhZi9=xdA-~2ZeExu&+J6XstflX$YpemPay#!fm}5b35EA%Cre)QV9hOjJ<&L zly~y53%<-qU^WBSK%q##;o52t4HD89=F0v)iI6pPk?EsSeyIH?-6}=64!AA|!h4xu zruO&p4^o0zj-Wm(LNCAcz~MQ@zqhYw2*6W6aV&1-0slb!`1>!STN9KZ3va&J%zX9F z`?m=Ns|jYIufIb7{Ur-WfFL0t2oP^%BT4_iM*i<>%mm>7HviE44{1d6Up!DRtn7X9 z>#w&;z~!iJ1kOhY12lOzqA*TFL+Z}Jdu#D(Jk{7QyDyH8ZguTi&zBpIIQ*};2oj*F zP5q;IM#=lfyQ9*jUeh&^hdq0p+bZs#=G|&dDpXD#g3|1fL!WtDs8NwH%PQ;C=C*rS zC)BSVC=jGF5RB?I;LR7YUtL$_4Qm+H3n!(=R;A!b$+T=pNUe=hybgX(J%qhi2zd*} z6AFAx7SB&ub3Yf57Lyd~9#_?|UF9Jy6c*GE*&%&QnO94@w#fC zFb;Ugh8bm9Wqkv1vmdx*&|2LA`)P3wAi z{rKyrby#-ZkwQN4`z^zt%|vJ^>MitsmQOoB@8D9|0R?s8cyqF-=;ByYoARj{uK8g)4YU7 zgj@EUGAXz*8uZxW8fFzkkP(sg4S4yJqcLW0cg<;eqN!ojFsJqCu7g-G0W_>)WzDEx ztH%DO?S+LIZ=+3S@_|+e5elYuh|25V9|^FrUe%SqPRQF~coU%&=qC)GR#}^o{f&dr6$$0AXo)VOzJfDMsI0Ac=E@MhT=Nyd9udZSqP8uXUCL$-W#By^AqSA+w#ZwDd zbC$vzg|!oua^XXLI5ZM2-f!1(ye`R$xGc6;CoNSBhksp<5v$M3#fdwPdNKHwZY^oB z{`~bgvqIxgyvp4?+vR5BFD`7b>>eqP0#+=o4-H7(*R~ux7T0iZ-2hcuG)#MZ3L5}@ zDsAmhNit3CkZfZ$C!Y?^U#lyd%N^;v<)gtDx_g+95Yl zr2Mlo{D4({wmeN4G$rk8?m!?4*f#_SvL7s^ZI80Llu1*)x|wR~d`9IP3f%f>3}>I< zZ%mT%l5_|NH-9?scqWVnrG9afwZ%KCk=1aJ-OA@MA1mb&Ba#2G=dmbf{fcb6Ws7xE zkh}|t#{`F7&Bv%CVD?*94!y$dIEl4d0>u4{A=In=20wB42VeRopYEPoF+Q7`PjKfL z7(>OT>WD+3#6qf0jc-XBVtShK3=P+ISB30aSVn*r~Zeww~mTyY1&5# z?h*!fcL`2#cbgC-Sb*Rf+}+&*!3hlR!F2)z2p*i^65JgI`wcngyzlwGweI@eb=SK5 zwTIcer@Fej`l+X?dk4zaCVz}V6d5JsDH#tUrqai%k)}@k;jv5dju4&da^uJ8&GqPPOE0hRAhmKdb%Wu5p+!xVAu#0L> zP2Ezu;nw8bhn*d57ws2>ylOTcmmgjQz}A}zlX`W=KQ>oKg90!t`*TI?;ziC`1K=q` zxH(+tJx4qJ9ow=eMUH$a*XJU6v3*~t2YyUfLL?Kzn+-x59&tvGcabESL(FVBj@}+! z7~4Hb+-PrfkCdi1%37&k|4lSwPQsOk^{sb?xbPPfmPJX>#|E>gBYfbA&+NYDJ0>Aa z(|QD$n04a5`5=QrAB#bGug=X9dtUzn`(gG4=g)5n$Za>h6}YM!jL~feis!}YvAIh$ z_igztk`^%Sqbl|f?_v*+V{JlH>%2qGv^qr0ZIW5Jqxr-rWgJKZF-*$D-^Lj0@eihm z5LtERYM!UR9l5H@*8lFjy}fhB?z3`?y=gPzdFlfv6gbzo$MfZ=&{Dv3^1OUXojRmU zJB^8a8IfWj$T@c-{d;f}V zRF$VnkfiK&@VgVTD?^(9*)K;J)G)q90`j-UBI-+?CyCP>gHs`x~BX#4q zbAqEf(MJ)L}t&tUdLT zm)5bqWF-OC<_?u<^?grz*c;#7K_$ogwS*1PVx@19;XRm?FJJ;5%IlrAb`9MhKOEDCK}iWl6Vz@(*|f-RI5Thdac zdC%FcZeELErnqp9$nBV*Hx^Rx(y6{iClAGY6gk~sm%O=2-9~V?PA=oR4`YynJu#8+ zkRRmO@Cqc{L?{)ZABcaZ8`Ua>dhNb;?MKAwDiim)@GV!gywbc@t@x?qwPA|8)n-;i z{Nnw~O~JvC>%MUzIA-X2;dQdsFCrBswIL^%vA!jRDpK;z{dkxB*~zRL=F%|1i0V`G z-LqsxKEX^`!XRRiTD|ZHbiokVk4RCs)`CHGY(;tx*JOoeteU0r!qG(>2^1lWPc}0H z`sQQppPFIPb^V@T0qaX83Gjs2R%rf(h9efIG~U(;Difj0MF1ne40WP7YHZ_-CH0NO z6J_XY3La583_8X97lImSHUNLMtO_=ZtkIUM4>rn?ecy-^>b5Uo5j-$^@yqL_lQ*O~ z4lRUIro#88-wqbV-Qb?Co6{WsQn)O6WA#ezRlAzI{MsY?{c<%bQ+IZ+uI@eSg_yT> z;s_VpusKZ6MI!GX6__BcM2{A-!vYuYU9cWRDN7Zo61ow{Z}gL4T^TrwpLm&svoE?d z;O7D8s%zpZh;cDH_Hvn+uPNV2;1a#KJgN={2n@hc2E-G{Tp);}1i(_F$=NhZq8hX! z^`IdDYsfk%5#Vs+#3lU6{gY{5qJS)?_B0I~2AM}|r51Wl`5~B0u#rIvu_-N85IqPN^vD;w&D=sH3GZnC`lSvp+uH&J&&~?!~lE!cd5)FV5E9<7$0;`awmtTmm%&W|S|> zR$yKJbhREOPFmamS#?3cafdVOqkh37T$W>T0=;U(H+N`hqk!g4Kt1+wc56Z{xZg;A zezq9bq8V%hulReqQs-T;dL^+BY!T^g_l z`fUqQu1T6}-XvyRN@mt28ZgEMzIJSrK`ndwnFA3WVJ+j0b-+OlWN#;1w#n}GucqET z!xwiVE%QGp5x+($eW*HdE}8s*&C8NHt%=?EDfijy`+^lu)%?0my&iC`f!3=hwrM?n3)c=ldbu^T7A5f@^D-iHcx^dI#kP~)6n zIDh&k3|)9_t7Um=2=ULv2;<98h)s&DuDTbyd_%F|41i5tx@2ChKOdm*@j?pmLucaQ zWxCkU&TbD#!Ds;6sG!p22iuvxU@zGvwM61swULfE*(GP(Dh&k)V>SrfWOTuOcV&fI zp=(Pjf)x2jVVQhAT%h=ikU57^&qr5-SBk0>>eUTDdnzv9og=fIDB!iv@PY{H`?o4a zP5D_!%A61FS*~kaCuo^vzJ*;m?7xM9)vNRjKC~q_EBzLav#2!8G%5-g0y_`6$=OT6 z^sap+`D-F$vQO39&wBWUq-^cRjXKEgtzF7OsbSoe!m-JT`nM#d* zMiK4PLa=%^y!Wuk?>&z<%BL~_zEIa02*9>h%L_2$7hkQ8aBE&`dDS?JWMg6nrb0lA zd+2-!hoN&hY+k85Ozh7M>N)mg19`t^KQ>*Yk;GmLute3rqXl`NaPO4*9VyYilwWHK zVYdVauv<4oG&ir(vm=Z+p=<^#Vp9?+wl6v?h@A&xp zQr~;fFHzFnTT;)8yS8S}yV$sXrW|?T{coIywuz(IL$^CmyyvxDXyw|tY?^i{5bNlM-r{P%KK> zCpRK9SmvZ*sRFtP0|8JaQueN*guXnFMo^5Gd+b>zv*ZEvz996^kyi-C4nqDS7jxkQ zmnw0)&e?p8u160ZiXXuw_}n)3lyyn|hn<*dG6yiD670Gzh`F^HP*mo;ygP%qse>$| zpp3*bSpkjpO~xO8OY4cVI~-+}FuwmlOu$}cFE^~y-YRD!gDMUsJf3L|d}smNy{c+V zxgCYw24QaetWp&5!r`oS-VQl60wr`W3netNe-j${pgt}w^9InfmT1DO9svlDhe8`@ zKtGI!+cy)RFQq3S>tmT=Le8X0!FYCaanL{Z3l36sw)*1F^K!z%u55jxR;%3pW; z6CdMxnOqFRD8wzWcG?Dmk^VGAx_hj!A|?vv&s13uFWT3eoQLhF5dQ3rg^Oo_rmT(( zC2^=jVs@Dk6S`SkULeDGv|3K70DVP5n&-2(u;dUSnXABduadIcNJQqVmsliaj zjKF>k!}fvu-1nYh%@ORX3e}zy3ADBUe}s7Eoc^E4rvKdszUP1Z_xAsgQlGyrP<%b? zw{7hjHrH9wULyKyIK^OPvPM0<+lOt7mU53+mfI?i+!b3Qug_sl$txTNbt~)G#pAl{~8@u{OIRj4g=WQqBC8LhRt{tnKG`g z(_!M5k{+HLX(3VtaCI`(!e7x8%%9GJYtUYFNLw4W+9L~Q1rG)=vh?p^!7;_*L)u#n zWm|t=nKnm5Z1z~Dj3Ul`{&(x_GrvwMDmx0!ETG5ojOiX2gndI8nwMGlbuQPa=N2-H z)B$mML)O`-!$-~kAWj|fnCZK-dni@xfA7jcUEQ*gIy<(FfF|u$$w%IU#FIn_ggHH} zYdrp@^@5=IYv7t&(~=Zg*w(`-KTdS7Ni89e6ZBrbtFJF1sJl@CR!%6|b##4B^#uW& zF<#mJicHI<5aonQT-CQG%9%$OU%=R$HDb5eBOk@IRQ;&|d|8Ub4=g^!rZKj!3|TKJ zUx8pk(uyTlCFx35q|nlxJ^pk~i46)ym6m$ZD;xR>yk4DTua4o@s!07pI)GEQfI!I6mr52rPF8~M*nc#zPwprzS;X`{4K2^y zs@+(#-)tN|Hle#bzDAjph==1HQ1|Ek8AM5&B7=n9sffEs1!C}PmT%{4kazaEvW5NL z3Q5D&mn-#h%fVxm>5kxSQ`Kody1;yiaW*@eSAcA{ngjD?iYd8?ERHCx?InJ8s9l@L zcR@{ChWxaUPC6~s=E`T64m19#N_9g{xb2bRet(6=!@@UoTTkKs$zNy;9NK|~hzB)9 z^(4t6?^#OmGWsDK?cX?-;MmHF`N*Y=Hnwb~(d~mR_U?{la2r0AkCB3qnK-bqR`vRH zb4*97)<+9GbXL1s2&08)+Cdg|F8RqR{e{u65T~%H^fr)3F;AK*xD>Mevx6Gaj&?Tx z^wWhk4}+bCIDwY4lkWD24C$wxp$j4avP?|Cw$MyC4Nev=wF&$zJsTVM-WLma z<|f6Jr+dO3%a-`=a zlV8eLivq8-^{yG$i`3(zTMWJ%m7M#;R08$x?!4R>B6lLJJ1?lb-tRAyM19BrtxG7M z<~UZzx7!`$`mB0~juyYZiyh4K@K3Pq;U^eCWJFTjKaYc2xz4ls`IsiG(+1{}7QZtd zTfYS}fdnYzPwcl+y^W&%>Rz5tH=;6#wt}}7SC0kR<->Ots(Osl@74wH142J+05 z2)b_)y7PAeDQ!r8**Wb-E$4@oj19edIiWup?z?bU?AS!1IIe@tG_OvsW*vZo{(6FL zhYtPXDVS0kM-;DdTnkCWR=HtP2fOP~enU}^zr9v|?3!pPw=ZVPh$)%!EJIKeMB z+|`!ykxN#Cu=uvshIOS*j273U-Rgj~JZ+EyfZ0(?+_rL}sVPYJ( z%#gzWjo>vmW$(Zpts&S)w^q8aB6o3x_p&~&?gqMTW6;-OwJGGqWXovTl!Isfyw-JE z^393Ga>o+|5ozbx?2-FtWx=u1`y8kJJ9@Ywqcr~NvcuK-?8&&}B%&<&gbmKblPZ;o zW9X#t8T3{~q$?^2aRDG0iz91b+{SUBPaoH)iv|;4Y9NggXlS_gRMG^ChF7o<0x8>M zF=tna?GoQ{;e0yc&V0!$z_sA&X2j9sPn3g7Xp{E-`y$^N-3zKkAJVThxV#SuL7lBz zs0hD#lt|Y%s63khO^arM`c4>BrEIe!Ta*aC9hdXtMG);n`WIpAqaU)9+g;Ti?}oUr zOWWwT;-ckqC%(`l0XJ9Cf=DiG4W@$Eg-3V~;}eh~2bJR5AWisGp_+XrNqb_KsSrJs zYA*^ZyZIy6Uk2#)L#l$VU&$>msWOrv9{N#kgfR#)Xv9O*Is$5^gqIe*BkV-~jd00;Tbba!A}l@ zQei=k^#EQ`dhgI})Q6HaHE)W@(3QyC%mbN#6GS98tQ5O?a|y9Aysh)_S@M5i`yTKA zf%97=cat&_m%Mpq#9d=}OhzoGyG|nQ38T|On(gHGnm(KrViaFK&}YTSu#)&kHw*V9 zY~OKBx=~GmC6O|aH_{M>0?7ao9fK@K;EswbQ3+`VC|Z+Xa5EuPjjyQn9tR1*>HajjID!vF^H>Y7_?d0t4-^G1nz$)ujv{$=qdtdoS9*IkTzXq);)ZVb&|t@+THEZZ6T zLaaU2$IybQ%`NQ_X!QzT=S` zdilXKrlSxAi%0ky5)zPhtHXb#cOMkkVRn4;cJ@@P!q6Y%IxVS2_573fiqp_FeRTk! z%m>H4T)YSJV0O9kfLool@l=LTqj6$|osq>t^%xBTt1H9y`5$R zSQ~A(I8X5ob^(HQCpe_Os|m8tdUul)W7E0wj!X|MAPCM}Dr?<+d8pN{;O zrW|?MM-x>{{ganC@6c3jdaMQ_Ap5n@GF>THq>kjd;t($t|CVA1l3*utOm~7aP+G<3 z%a1?|9FXM~_B}cRtEE;SHEKb%QTGYNL3%`DCs}OEJqn6T2y;mD^yhNZ4wyrB(y3x% zjrx$U)xS?UYmCcigytC%pN6Pp9BC0`bW3u7wbCf91`Ntx)AzqaY7Sd;w)8`ggJB#U zmx_9K2aO*!zt)0@dLXjsatJT7qXs;^WYH3WwuEC1TrpFq1ouDcfbn?ne zs9sbTm^R-HA+u-uj_0asj=pLyi6Zf6TxSoyu`>^eYg27O?-e8@GgkP`K{&cqJN<+O)EdMd1R7MefB~y+y z^&1igwS>{wmJ^VXG8B!@Pq)k~E;Q<`4n>6q;qWs8vrx>oMy8w(Wr7Hnm;I zIg9*Kr)Ux>g(4tFNt{xhK9-_ItUi&E4A@qF$LXYAa`Zc)36*i)ZBr+l6vyc(At)|V z3ntkFZIyReHQr>^oI-LbZCt^Wix7ChF2#f9W$A|#Gtu*jo(kd8dE4b>Zb5!+^pA@V zh09Ij8&hqs)k>Btq4oV7it3=F?U^mIf57dH7FDP%zvJ~l`Mgu;W7x**$>b*+Lcb(i z$3YZiQW`IZ@9s+m2V~ngoqOTP6#ITc;{uNqhN9~1NGM@|59U5ZJ)N6)sv;McwDJ{>c3XyIGw5u#ojy=UduRzEQ7{9;9r3=ibr%}R( zRWaK!6auezMlnX3S7cK&z56H|XW5U?kPWRy zZ=5BOpcQ0&>f{>7pL?I2Dgz%4QLF_OC=bEG#-{G;Q-W&1 z=)e?o^d_5q>Fe=XxmSEp`%TmB&{xD_+7UVR9Ll#HJjS-Il#E*a2vYnG@s&jV59|!3 z;7TCdIDP96`p!W5m=owp4NDd3>Vtkh)_#4Bp0m`VrI%DIH^gl{<{>}Y+IK1zjLnaI z*Q4~Ug=^*mZEvw+dfZ2+^~VR!tEpJx7Or4i6%iERqPjS0G5ZrsQc(V@`x;Y+by?p| z43^L~CsAyc~&H zV>qZE`64d@0}E_l+y?X3Lp7Sc2=L|{FzA5G zsxCKJ;`|=FeuA-WYe7XS`^Ot_d00LfL8pj(ttewpt!RjLQ*G|x>JQF@I@C`aWG)mB z9iL21!JsUo45u-FSz3e+hKp6jPx?)8rf4=13@n$ToMn+#@mk@X*ubAaqM&M0g|5Gm z=shPiiLaVfTGNrPXSf`KBAu4@@d<1Q-~AN_nQ8sHT^R2=wT2*mZOz|6{*?80-1)%Z z=gG;yo5kz6hy77hRy!Bi%{amwkEorX%mRrpz#66e$NRF>!>9DkTDQ&gw zn~PtkucSAAL1=Te{rWZv;VZ^M09t2OY?Ap;qsTJKSuZl@LbUr(+T$3oFV8+)h$+0H zTwM|gaw9y6o5W9QecF+Vu>R4(IOK`^V*p(hSQ-d0d$G3IH06=DxFA!n@rc0eAih3) zkyS6c6!y-nnj99o!zS^pN<)IUbz4vz)!I9XUR^207GU=!MB~9ZddK0~u9gwK+ClPj zl&~a;NZr69>=c8H!S7Ib-aa>5BQD@|%W2Tbo;ZDoBdK2NRV7;!%^~s^`)#yPz@9!a zv{u1ba9P=^rk^LNzg*#J*&a=ua;LyxSBJ$c>axsF&(qG2;>mcI6b zKJki|yo7Tn;!2+8yf-ErE;Q2mCmcXZppIOFk(WsAcc^mKuUp$CR7IxbG4#)(yjlIV z#PGX>qH1_GslA|=L+zu-JBn;^ipIwS;YpzW>_R?YcT2Y$2xeAP_-dWS`2w+2Spptf$86O9W zSwh+;fg$s~p((M}5G+Hz+E<_x8RDOq9~t?{49c_7OoZd>?$~Zv>}dnHa|coZA_?zk z`&Aezd6U!G7ke(!w*H z)W=qsf^F*|pHB0>w3B@fQz*({VK||cUvpqV@Gv%&msn6t3T}HFKr{cUyYA-?t_j_` zj7byUKqn6M5ZJ?RNAv99=(+h{y)%35zX3Z`GWKs;{h_fW5`7e1pbua05BUeTNKG|} zuPtw6mTrmj(N0UjoFdT=0_E@g_@#06rc(P*8sxehMKnHZkz#*cF|0})DGR93Fhr&LQuY)C4Y|G^lb(=SA^;tgT);z z_ne6q)!QYne*PUYDzV@^%m;FnRwbz*=wx{_HXmM-!&9bYwO(#0ozSj_F7=P+U%v|n z*b=<=Z%?5X`r&uhC}U0a!| ze72(-(68>a<&8xgD7#C%jed9iy)w>OwI#P5c^HRU7Lom+ZvL5u7^ao`N9Z|4ebrNn zgzxQ!OarQBBm1xgb2Glm02`f{P&YHwqn)&&33!-U7bnH}u(yfoZ+TFdx*=@xo7E4* z1$PO!l})u6Z*Z*g>ab_(s2%qWFCE|u=3Pu5?Yj1H?Wi?3xf>C831xIkmnlXV=rL4| zC4ElYY5s|8pV_*8qVM=Q>!%k!y*cZy)Jpwxgg|xV=H+pgWYd|1wk|$wa;wEY9v*>s z-#5Ne#z!U<+K*9W-QO;Vow{W&iX41>etipYik1$%*b|oYlPh@ODl$A^CKV54gE*BV z&ok4RvA)ORg?3PInxAsI-~+os03w{xZbpGp@E4d zdZ;@(sa*_nntsFqAA}^8e!MwP7;&$&z>EQ6Cs0~#DQr)~=Tt6Lzr-jJH80F$-t=nq zc)N7Zp?gx4*n*^<6oZM#!L2;?a{ zX^@Yp%S?cgJU{=RJ~7J7`OWr|S^we*{$@WrlNi&@2I{y{28$bUd~3sYWD#MR(+Mr- zPiaxsM6{7D-(HPkiGJFnax`=r+MAnA%6o*Q_Ngzsq@ri*uB~U3+`f{2xqQ2c#;BJb zrZhPeaPe@k5TwbtH5J;yFtv@!v&7&M`?wq>XvC6f2<2V>CdUv+pj6DU28$X=6%jB;r#rh_NbV@v^(4mg3h0uHP9$7|@g-bfhm0`yW2Bz%}(*Jf(R zyH!x%gt6q200j88lrmffK+Ga4-sAMiNTUvI!miA%x^670VibO55&>d9cNb6a&n&tm zh_g-zmx+scrO)vJcHr{3@!VrWL$rAfNrbdg`8c|U3RbqoUo z)-PG!t~@}t3#og((Fg`$zhy`M&9cjs{&4VC`}+8c;r3$4;k>t>;^ESnMeK+I>Bb>y zXecXAw&jLKsm0^f;O@@Z%JRmaG|8Xe_zx-nU()`Wp8t;wf06vqg5XGKZsnQpf7(gY z;t$@~ZW80p%;oSZ*8IeX^t&9N}URs+&{~X5uJQ_eJ0L>_@D*UOR{cnT+ZRWpM|83?!S5b7sqkTl= z*+vTjb@yuY+rO6f3QtFliSQL{%9B6M8$)E0(l&TVmUym5vrYcfl1awagO*lVw2j5} z`wV_=&xfVsDXdB6q$SzgrAmdQ0fnQtdM!ffiarJMtPj>d;i0RM&x(!z29nD~UuvvDK82)e-vF z&Y4lghU6Jq=bl`MZim;q_2qeEH!S+}eKNBKw@c5CY{iayg7{NIj!)si!;kd9VXyw% z_GR|m&gPYY(YokG$v+luHtbBUr z?c8U23kEB`*XJuNv4(tnNSoP!%)^Q)FMheG<-GgOcMK%)cb<-TVi|Xni!Y(Fuc}>* z9y642KWz})RUeEjU-YpY$IRL%^RZh2?K-WjCqJpwO;Eg-{DNY+NLUd&0pIo>1F@nu z*>c<<`ipdQCCTCU_ehSUtej}f-GDF(3yrhK9PaH6VT<=g1zMH$)!JtYBHM!7x31<~ zzJ|hM&M+_ufU!)FIIzNoL_23!$huM`gqvQN0e6NsmTByatmE3eS^0Z*=0sIiJ)y=A zGP_X)M76M&hk+nMc4}x9j1@Ax43KExM;R|R-ZTwF1V;Y3J{tyx79j~%L4yoAa(aA9 zNCPx=(^0Z*a4nw2lo?Sog}wc@#1y-djSG|XT(AxUqj2i| z31FK=M7RGzD#b(T20spKzCUG$Lc2d_u~rW@iH(NotA+wj=j{eo*J)0sBKoq%{RfZx z@L;PKlu%=X{v`mQ(#qJ+eCJEX2>mcU$)(vG-#efu=Dl(fNtFyR_NuwvYE*THzPIHo zC3r-IW{?%_{h`vo6m^PzvQ_^%J3008gU(g=z3~5N7y;(Q7kZ>4boK%%nFx9QFW(J* zT$#*vd1tz-;OV8PY&bE>R&8aZt@uJaZe}Om-%Db|*Gh!9Xk&gY?X;gQoX5>*>`%e{ zv&x{oNdR#BwmElGM){+c|QVeW9ne2-@g5E3`A;-rTMXsM8f{ubhAPCyGVZ({&u2ny&P{YOdb(mY5C&2mL-0G73sab>Y`sELO(XOvz zJ#UH7{K!cf&UXZ}A)tv6IY%D_LllLN1vX8&+M%i#o?JXv2FiFOS)8651(RB`0madB z?nth#w@qPn^zDhxUZy>L_qS1Oc=NNLMyDTo()b~+B8Pjgh-Nzv@ou?h9DY?sTWN=r zFzh?~{`3(p%I471eLO9F)Wz#+cu4;IsH>e=-4o7$lwu)Tc_q7_M#!Hd~TOb?D1 z4U1s0gLF-D2g7=`>u#Pn)72w z`YBTMzL2@{dg`9_4WzUuPP%nOhGY17-=Akt{1~hHoH%B?*s!^&*pWy8gV!p+R<7-` z`jiowNonn};a5sT&7K>T#=jM>7W>;vuD_|7%f0h%zU<4nIublFN|R+GIzGL>YVsok(J`q zwxvIHw7YeoMcpODtg2ebV%7uFT1!2=ZCRFQ$l>R*yq7rBiJ|%-B?Z7i@xx)%%5(ma zJjZWGu=0(_N0v!=mBdE=Yn3qH*|)j=nA|gsWPF+HgFcRg(V`6Q@eQVj&z|8wR-U}w zu>8BbH?h7iY;?D`I~~D354@IO{$cLhJmP$p_!8n(8tPSqM-N8DkbIPa5q!$8)d|GA zJL3JzzAMF!o3lPig;&QR-<6@ZcUpkTGRcyHPS1|IzlmpKbKAj}pHIV~J^_K;;P~oj z7w|VW|02>*Ft%$FHq}^D_ZVsCF@1A(9Z zxAL9}rwaO>?Q)5LU9O~VyCWj@>$%Eot|UNyqrupx<|&|j3IUSZq2@Uw(53DLPrGXj}IkS zqaqhh@mt5{OTd)(!9y6At%(Y{WXvwTb@v+7(`N9VZXYe6&FcQlHqOqEy^^{#g>$i%$l@!Z-AgxH>EF;rba=>V9T)J_M!1UH8j z$GK&URA?4*YCo4kX2qvgPiz<;v&^Uh4RMVmJI_+MlIXfjHM918()x#yvO)s>R?N@R zj&LUwMN1EOiTn{f6vvvOo7>BpCf5so*o|u+x?U!vf0^{^3F#l4jmED|)3bK+`H@^; z*=9?m61y*Eljf}_7aK<*_TFqb>=sO7kG)4L!`l7?-KVlvHGUCr6-wRTadmM+=lQ(A zJ^OX2S3V(m=xm|Gy`o1MONO3ul&$h!i9X0h?80O5nulAcoJd>tg`xVR?*p(RE+>cR zxLLN0><+Xg2r(RV}*HsB)(5ydg*6oRc{ z#oO>Ow4o?b6mn1H18qbq7Unay*zgkA(kFWO_eE69gK&R24@mfBI6p2#swZNG{2Fkq zT-M;Oc%lcVfO9`>W$h(f_e*eOgu~L$_~Qry)P5!4!Ny$t&Ms?D^UHi&KfRpS-&y+ z+-Wyf6IN{Iv1dg*QI(u{pISVnFOoO6s{i?V0My7EyR)92!iPXz=p;^2U);dh##fS- zy>c*n7_)=~#!CR4qeZtowdl3F`&T0V)i<-Q7${5|`&%_!9RrJ$VmX&nbqrs`G%;*6 zaDX&?LniWM4EANEd?^?dpN9#>JVlhNRUo@ecHBhc+qU?Q@e1EgYBbs%&scWk6FoioJ0K_}k!JZN>#@9*2J;W7%+GqomXG2^{cEHN z#a;pAL#Pv{JfvYNY>2cq+SP$PMx&20AVPJYcQ{|^@f4M!Mp)=%3iX139+(O*{v(y| zUs8pRSl&n-s+fIsewQ_B{c7K;okRa@d|ZqGHDJ$iMp8BodQe4%TFf^8lD<19o1B)2 zokA~!>oy%Q;`>YfteNkZZEQX_Z_(ttYr>>%XzZ5s+-b@LfDPtf^T+s3hUap$B!S8I z#GDed5A~{4XEp(7auUbxM&Dza410>d@Z+nUa!)Ysp5-9f!T~BSl>=r;fwz9-asP$H z+wRnW#bg(b#R~4`$KmF%hYN#LLqj0wAgeehtR_b1ID{()+K=af4Fu_M|LulIcG{Y3 z1+qK{Cu#~Yaut5*33ksd^5hRYeb|y#TKk%4z|i-}0+O0xWAHBFIQ=nQ9ugv2;ALL1%Qfp=aSM=kBSVo-6DSF9bn zR=p*1J1&C6-iub0h7WJ(_sBk+s_D79Zt=4+y$pZgv!5#Lx2Exx$A(YJ7ybvBz$he= z_-OBxZPUtZmv@3ZN~M0?yGrwo<6Pms45UPcRX7!b|4RZGLiwl|c2cXUT>kciJEg~c zsFYc8Anzs@$fUeiaIUDSm9xU3uWOshEWzS?Z;*C17{Ja#C_0-j_A~$-pU(Kaf2wxa;_rJ^+8or)O`2-zvQg-83k6W-1Tvou2EzeLYKd zr$wOZYrA>3i@UOS>~OpJbQkhSKD_5~8S*u;Q|GDpq!UbW4}7{jlACvvK`Lw98q|N9 zaBH}~%fMxGrimh}X!K^$eAv~79FMV9evb0rP3w4-Hfu!OIaPQbt_>ZYb27+KSgbKg z`8yZaiO3vhm1(~=uLrKC@LdPrgJKTLla=ruH|RTLC#xCtDzJh-E9}*U9s2nm&eL?* zo1;NZ1&U?W~y_^K{-a;ut#YsUQ64=lfALvzk>1#w*gM5H{XT)WznWbxK+j z7v4ZTJ9Vt_wW24C@GtBTOsp9PKh=mv8=%n1d@iO~cyMOWytWp=Uh#g^8uv1MsHfH^ zH!*wc{oW5L!|#m~!KRufz9K&W*N7-zBOTSw8Mld6Tx(Xvk*$5CM7AbzUH#G2;?-;2 zX5G6=SxOu=)IK_NCn&^y;o50F6zEZ z8dJQ}D?5aA$aPLxs4Vn&uW&{FnL>ZZSPzZ^?3Y;=5(KJswfbcz?_&Cof;dMn z3%#$lb9VvH7){uo6ZMa5XKz^@5`903Vf}$mPmo&Beh&s)#@CCd9JJnu z5$l1?Q!h&6I9lz?HOGqA?R;nY;fIf^ZMn}=t&5acLnT)?i3&;BG((`6)j zvfFTfTIlaz3a3I*Ue%~t4Ym&64Nn0aHBaRL+>Yq9&2<&lK1dKwu2^?Wn|@NRY5u8B z$s{?>W$=@ru_9m96(hE#q;ZoLiT%#glO}MdrV!5+!a7sFw)<(FiqW(Ulk^st2CTa8 zu8EZ*Q5M%he`*_r@N((>F0?LJ!k#w%g;cFWPVcJ!&~ul4gIrxJ>gsFx^f=iMsb&$I z4@Zx9UPb-}HaDN3sHeHBRYo>f1RK$iv!^RnMswQA;Y~E=lok}uqk(mRK3B*|`8CS8 z1o2c%`q^2a8}FX}*N!Kq;7UJI+tVjs9Rk^kiWa@s?gurGkJgMFsA(mvmM4p8WzZL? zI!ShoggDj$IdzmT8+5Yuy&v_bchXi~&J>o)uswo>#^M3{)zo%hZ4?!vx|_;%z*J2C zmhSBfabSBMoNxNuA=F2w-|uQJddy!+ry_iB6jCsTTWJ09GO~2YzQzE0eo}HOK+Als zrE}SO_ux;s`f0>WgcnAZsODKyEp%-7GO5;c zmm0Up=ybis1Coia*3)o6PbLbryzYkx$#2H#xO3C*ss1Gqj7JeAldYAU{Wr+378c@| z>oQ0o0hCBf#@;V~?ZT8e6*||CKqA~qhdmu-pt`qriwmh!;+WfC<4`f$vmU&1;8b{Z zDUf7R6a&(!{b;^j`=c+tIyDtA-nk>}uM!;T;QEcP7#%|Gy_6cv<5Sv|hy$)9d-udp zUYAzCNkp;VeTjp?aPPOM4&g0-5_$Tl1D?kOt0ld@wsMsKzqUFJDvS3m@6zOY!jEt5 zR3=i;FmI7-uJ2hc0~R}XISb9=khjrMKCk$wf8%uM>rL8&Twa&LUC~EyHnOBf*kax~ z;NtQ{*x%NVc9>CLGppd@;(Nyls}&BX>}N0)~fd7JR=Bb_`>^4N<|Y&!?XV`Fi=4998ef>Lj$b8xrKiq+&=>f zBOhf0$Ip|QopueTdqhfu!Y7@{zffwI1Ia&u6)$oUH8e^Qi;HCuYQnxBGdR&^d`4P2 z&N%mB2w<}=hj%9nh<|&y_ZUGSP7P?l!NeHdwzGx zUwyQM{eSyiRBt3xYNcbux>B$%Xdu{nu7Eb^V12MKHZbY#Q$z6O0YqT{vw<| z`g_+$5znG}mLF}_I?+k^V71Lb>j%;D6~TZ%$9ep1<7979Ds710ZrRJGM{+JIM->m5 zJaHz$CIG;$?FeirT3opgcGrUw8;w{{x&N%>y+w^Ec>Qn2x~LBKNGH=%zhtS;X=ZA! zA7zD&f$Et)hiV9}7RM7TCZ9|;zNI^xHBvUib5c9y69ePAM=7B?D82$`xwiZwg@feT zX%eYH^~knsK1MJ<+pNcX**5KTW29(tsh<#cIKv_oXJsgJg825_-+!7VcFF16$e7J# z)Cz})nBp14+4tghI&{%lRPRZ%Gk1&~gWTaN1LrnAL&zd8&v7RP?`idu7RH&X1hi6D)5A8EGfU27~AFib;o>>PN(u z7yVe2kJZYH9TYu};$GvdncG8`C3)D23`k(m$u`gmQIOuvj(KxYd(uIA>diKFGsrcE8o|~p zx=;5PLCFArG;<(p=q7`#Hpg|1@D>Au(=D4yob?YdpGapOvYX0aVM{B?cZ zKJZmlzQvZmi)W>Ymn45>=MlMf|Ly7Oa>~~EW~ggtdY1af1HC;eINkSaA>yj z`#IMEB=1OUd7AkvF7e=H@X%Ooo(s>&@%e3qCH*Cit6Rs*PLW+BhmYQi zkS{(DvH7!Mo8|hxr0j4RNriM$3rN;-c&=oAC z|Ja4tRMFI=NKp=VfpHe;kQ>!*Jr&=JJM8u!Ee7m=lK1g5&R>0Wcaxr2 zanRCxSV-Kr0pzlN(vI!C{WyR)Iez}ObqgUWeUKRP(^vDpx=BT^2hNv*@x7 zF#+&SUHc(8@NMinO#d%8(;9+DWo(2O2bSX_6`;+wy0Gmbwu&&tG#7KS7YaigY@pw$+pW(aVb__&lw$$&!<<81qf5lck*F)*us2X#o=#%05-beMq9v}EaIId+bs#t}TZQEJ zr6C`-K*o&hnk;5sUKyN4XX!+!4Na7h>jEn(^jfxgpK{eD>s>GuuMUiAi3I$_njahK zh}rypY55z>Ke?&C^GQbEYXI5MTQ3U&+{Z+A!iR9zKH56etAy48Qq$^xZ+Z#k9yjcs zT^bEENHxq`&niN#J^ETLwLJb4?qFf2M9XqWE3p!kk$K1h9}a<2wmJ%pu84R_zfQx? zOgOtZnR?@ATDx-E8ZUAHL#h62c?%DB zj{YAU!W!E{kj)9^j4IDRcx5OlM%jq*i`T!n(TlZfb!mAo82#y7yO;f9Vd}}RcbQ)o zs3XS^=v2pWwP&lQzq?z=MIt+6Y55EB%jMm}>yAo?qQZsRC9S>lFpU_)NBDnu zd&{u4wy0~gu22faDN>4Sf#Oyu?u6o2C=lE|NDo@9I24BxtUvy?SI%Z4aJa+#W(J$YAZy-dYt4Fdk)E!QG2R0mXEZ94pH{@{bwM#Y?wA@;Tsm$Q4F z_FKVeMgix}i)!eYhA>EiBkTZyxwfjJy0@9)KD;WciQ9KTYPR>p$)Y^C$!c)iqZ_<6 z;ql07Z2(GPrGQ>>VcuEt!u>$^TRVCxBxpoYhcB^YU@{*uC`gM+v6c^wNv@*vLf`jx z$CVQ^dg=qQnbcw$*aV@JC4im6MMt`w*}SnOvhrju8`d0uAXV;?wdPOESa~=n(g(9{ zY-_Q+3(Y6qS{KZ;>hZwTA$m^wSt_t}0Q94Tb`sKLWhJlwZpA=qMWkb^GvoV#Q~3gw zCQ+S&tDEp!Fe0!EYD`btS?O55CBf65%kQC~D5-dAXL)kD+nf4KqU3aOHG44@AQ*l_ z`u7`d$N~P1-084B>ug?DGU*%?s_gM$?x)Zyei~Erm(osJZt{;}RqanvmfEK_CJRJd z=3y4M*%9U}@pVMcCs^;F9r4!Jp_er^mdx$7#9P1DMrK-7YUCx(O4Cm`ikyD9^swlD z9Fj6rBzQU!UN$_!zT6?}h{wP-rh$YNXAL{N_S5&Zs?RnlH92c82;n|TB4(T%D=vf# zPveYMH!RJa(!+$MM)N24q!0sSM-?l>ASfweX+?1vp@mXMTg}$|K<@d)no7bmn#0LZ z942^yV>w5KXB`MXM*ifKNF}9ILeq4p;AI%L5OK#4H4y3Mjq9ePRjIfLG>YI~y{Qny zC-*D1{+CD3HC3mW24dXD#oMm`_5d z;i@|M)HI!9W{9hCUf$AY*51z3H2bO8>bu<#dfy)`CBz$p5y1=f))mc5IbdC&2lnFx z8(S~YfSutt>BJ7;X%EmD(p*vqrNh2%-T63~|J7wm>A9KJ(Q5%US0%HeYi9bYaQ9>Z zdke|aDY!B*&OGFi-5vU&(%wOMdyVDtgO;{G!nSvAPYrGf`I{KKmQy5Ottr1LtpBg+ zslf34d@x`{lF=qpTs`z^hykYOjpN#DR_r(P^&fWYMlGPt0$zX9wEzFoXV*O24~;v( zF8#jm&VTHib!#R#opyxsvL-g_q22nIviT6ZH(*dQZ!DpzxF)DO$wcyR>rwuG ztYDrYpfHIv3CW;dFu6OO*CIAh$+q@T>Hv|a!a{n8=yHRS4zA#^(8KrboOiD(ecd3x z?92PQ6ir#mKW2|;FWrQ@k>CUCNu_GGoRMi-f)0CXJC|Y)L2%D|;RMv&&&kD1Oh!|w zDzCY3dW@?NtvT~E`5Ot33`F+)OCA9xmLO+!s^Eo5I;;yWu_8E|;wiKy81Pu?K(qOq z$5~oQ!>I+?M5yRj5Lmo=ws)reil6_r7Vvz#ZSqt6K$a1=%L|{QK5V#gCMTUW&B3DV zT}1t>-sFe;#HUK!GZAV4XZQy69EpYYS$7bFp0Zg1Z23yNpNGu(*rUp(c;G-2N_u&0 zTO;R?G?EjUG;y+fTTu~ScqY0F(fGI8ucmozmcW$F`gHl)CATZ~*1q`-^;?WG%jb;u zT&CH+NkA2|dD{&ve<@X_W?z?_1A{cc3+6E5f;j9WY%8Jxm_$W~Tu!=)#2N!!d*eem zC3P~EhXCSRgB!;%l>-aTh*dRjhHT7b=ITugGs5V=MNhE91#300>9<3~aDs|iV})^;c;M4S7gb|>Y{z_7$e?)(8z=j$8` z*Z!PrDPuc`2LJuWn;yN(HM0@q?E0)90M=1#=p7LzQ77A~iM(G#>fel^CM#>Ivr31X z;5RCwW6!>b-93r>3yAfgfa>+*A0myg!-Q2XF6l4z>{Dl*qrtFklmog4K@vt&YgkL{!rY3C_Y{)*s~Tirl`}KzG2oaic)lL_ ziZ?foY>_|2-6>lE)YYOKPWnT2HKf`;yRUiW75q?3N3Xh^k{VshJi9N5h~znGA93XU z4dyC7r|Pr#46EY$s!q1*MfMtebtap}$oY)j16LbJh@<(q@d|sTjV^bsWwD(Qq*RlD zN(R;y3vYcEi!HVGcGO8C5PUUtf6X7+3Q9t!eH}|jAt{0r5ei?TL~4ry5^H&W*_j(2 zW1YnQE+t61FCltZFATObH9spVT!{ST!^O7T-nSjF=8@E3%Z4&J*q5d4ol;b7^>4rQ zSxB)x2}RTr5DUfW(9n($%ZMK>7VL9(T8X;C z=qGRRMX1^#p|@HpR~y|*TVJOu(5!!IyUC2xnFWcc%92Rt{fsdWe(@Snfl)OW5jz5i z2M!$g@}E8K;W!2Guz?XPc5IYiU7{lZ-@o%oz~Nts58AV_k6wGYyvt{l z+%T<#9TDEsA|~a$Tqzz=C!wMp8sb!XJ=IPq2+X`mfv?VVx!}8GwA0y$d<-Jerkfj+ zI*PBxYL6A2&wD-K){>tBg1r7JrIrq@_{$@_9wmc(LH)M0Iuj42X4Sg3)>E}+(IWKe z85Og}RQ3Kxxe}6r9w&N~8yy1%(RNm^Z!5D?Mf!whS&Me%2z~9&a`O3DJBnl|G+V}`&?j|y{DW7jt3=h4%%KU}so@=)yX3FXv*^a!&aSue#+|HCQq-rOM)rT5n4#CaJOi zkS|8(qWvjyWkmH@bGI~C1 zm&e7KwKMb%im|z(Z^<0G=7HKD0uX-m01+6s>#6fjq%^DjmEK5cHk{HoBVoR6F2iA= zO8QjKp!9uaYY(g#ac6HTWCkk?R-B-`)BZ-F=EP7{tlky_Q7|Z-RJuTdp&9x$qQO8! zOAMBW!CC#DP0lE2OL7L?=U^xOq-uN^HM>H4wGIE;6ee3De7!HTZxmz@Uz9-naJK3) zk`LErc7)1Wse2Vcd^7;`XA7Eoamtd-_p@G43ua=_dCviR8utz7s@8dz z{9Y>sb$C)~g~3zsAcwW*Yrq-`+y8(%yv^gWA4a$CEbhc(>yD4JHDV@i(AYy?G$1n> zV`}cq$az+uQRS+2-efVmGCQ-Th(^yD%*Z}*q*!whiZJ`CMmi?*G`GltjL>B16rJec zE9si|gZZxZsN{bXV^&AY)fv%f2&zb8l-=fJoWeUbV?;fsAzatXm3>ayI{gb|R%#@o zoe3m;0+5&D_(TUYJJP!<)$Y)WgO4M4j7}qmzyt2JohK)c6Q&6zNjf&U{^NJ z84|4O%^f$8JaLUO%7YKqSWqx?KUrxp&+&M@nN>UpLmnk1uz+0Wu60OPwpKDK)nt57 z-%&1TnxCJ4)7Q|TCc;F+gZxA={p_aX&ic+`jTWEK`axE5bqa!Q&O;5R`uetfGHLG4 zzJpmot4LP+ZR&^Sancp8QT2me27pSpc=Pz^<_|)^J9s@kL~Ve7f3BnunVYm$lOzO% z5WP$=tIQys@k_z@FF>3;-mI2$&>iSP=~D4}EPpmx0)&Z})tUB?nu)6WPygvAfDHcw zTcX7S_rIEqf1}C&7rq0ytN-9tHEA;1fw?jVi=Sc&Bmi3?lsEpsqtgrd`nS1y!wmDk zLMwp6c%Yvzb}h6*O^e+9Eq#$hx&ktzrlK(HdflYVOfbNq3{IYVE#l!my!t`6=r$4V zwc6)z9;FL<<73I8dlBn*yFCrH^OWjK#uZQLqhGiGef3v;#>-2(-=@V4isthM{Y}r! zn9V6_;IdC8gn(GlTi#c-*-P#EkbfUzu&+ zbhh2g$BvsT&F^&6FOIYF34^0N(`N3Xb~2uIXb@fOQeTdR*1dK+v8NE#6U4mY%mS&O z{8Q{^Ev_Gzo#6&6W?23};@`Afop&G#JMY7oromWjym*e)P%C!=?$~~vy7f`{@jSmZ zVs0TD*IC+;^n#Q>TOcqC=;7I3bmCR>iDaU6xMz+=p)*yifE!HIvsC?&r-wtXj@7Z0 z(#slG_r}ML8!D)U;ZSxiJgu`r9jjB2cWm9z8neazAm`%eOQLY1@o;(`g_7aTDOilB zt{oexk(fQZfPO2bk5BjdgU!$k+}Gz@xcQ#1f@bsc@3PVQ^*X8XpI6omXWNZ7a#T=~ zBfo9t2fAqs@WwJArvBlu=+z2XNJvqJEdMmEDJ-W%2l_v zIo1E)Q4qL<0Svx1j<(A=O;UPXUh`HW2ff|e%voI%D`l>+d;w>*lx7$WuZwI7yE0-o z5Vz#{L(!(6;R*tG6j3V=FXK06c5+J@8l_jaD*kdP;gNUG=p}4e%kA~Oy_kEyu^#nT zCuZC$RQ^apn02S1z#%+$q(C*#V96FVzsS|#nHX~PIIiv=*9)VuIZMh-neHd zW#_(<+GWg3|AV90hPm7BRQ7Tf7z-j6(y*?&C6OK#?WBj4&0zSw)|raROk8c6(swOH ziY3uXP80+FCA#XatSPleZLv(KeC8kqcW(3E_TjUl5B{>REXo$xelf7f2iI1tzKy=r zT)J;zdESG+t;2t~MWr{h2B4~mK|LK5XUS&w%_Ja@;qb<*Nc|dgFFTfgO`6BBls3jA z{Qa*-RCY)1xaylM&J@pIIZ-7V0P-gMXh~=6LEZC*RHWkyX2Rg zrZS#Uyri8SW!MJej*J}0{$7NBV=E!k1%r(JJ8^@+1I4_aI_A7J>#hN%$IYi>{Joi0 zs>Qhzr>&=*{Jhum{)g4gYgUaVYox>HVtaAbc%zfX05DGNlp8goijUptWG)2~s_N1^ zf23V&gr4ye0fTKY`UB0)zHpjRbJR=4=j?MQ7HLm^42M|^l{pD#u<)aNQx?@f& zk|YpxVCsC@f0WMkGsY7ep3+S<2FR53bn0b7(EZtQx=bI;3pbY0b1a*;FW8x6+6z{M zu%%l#e*bX1t7^)9T)0ZOx_|U7Uk;=ew}zoZJFL>l`~_#X@Iq6d#+g);U-nf6kL9vL zX#wNrIIt!F>(+?Cbtg7ZydBJD9aJ~m>@hw+Q*?it2(goBOjaoz6V#%i{g(9O#<7DC zXzVBA;iuMUZ2J3sZ1k{%stmi`9l`&Qy9M-f+4{Xa5aTCcx+f+-NgTY5cd3bpD z#*g(nv+M=)tHIl9eT%D;>p^xUrFpZ%tCO~$W4s;cDSg+L2Cy1LI$lDn1ekWT@}`B6$>oK^ z1^*h|{h@w-%2s|#If{~YBfIrg8F~-a91GcW*9KtqGvD?wF*^8h{A0lvCqh5HM;06H zd}_d}BG^x+>XgbUphsLkiJy?51{fX$V`J*_Fz6wdUJ4SIl=51CPIL z>zZj~V3LGM5hHuyISDSX+Q@KA&fG(Inw)}EmEs!ENpw+acz8>#0ahEC`)Ki-|+#0^8<4yJ~|-L&x%R3Vou5 zq7F!H;v*K|u#I~sCg!M>a1JSRm=2HGTCPdW<4^CHo9e$W5!ia;izKEc>&aoa=kx;q-ukrVWdxLmXxVvl^OwY~iO)5C`68p9j(KA2X zO%RJghBlBxP$EE3g_(Sn>%9IJtyy~W&pORV1Ky(MLdL^eF}^2CFM}-g>p9?C&N4BKtM!48A{%F#d{EQMbVs~N1FZ! z`hHI4pS}Ma_Xuh%v7)cbgU1iHoJhugcn~~&c4eNKJeTQYNne!eq~{HPhAZpN7HC`e zQ1T{_5st5$<~#^B>GhqB@?O2pmzX5_xY&mQyJw0~=(*w}RhM5JXi3H^29C;iNdy^E z$VhmS{%uzXs2B;lIbJ-nV8l0h>KoB8wbTJgro7soSF`GKnJiNLbqU#!FxTP5p@sJ+ zt&W-(zoAR&^Iz*YPZV|nf+{%%>MR!v0p`m0m#X$K=98w~g!rz!_=8vM-CZ|-fuE== z<;{Efz;963%GL(1@PSe(#82Bk2wg-2#|*<5S5Z3KcN-)2h+9(L{{c*O=^<>R%ILI? zE>bU&^@lOXUvbTHjGzse-p;XB3aThhkOPgmH&Zk(wsnQfY({aY`ogI#c)~}TOK(Do z9$Z1m-$nktYU#`Vq_weCBL-Wx0}C=8HGeV_fQ7FR*gqn?S6CLeEi1$!Qd{G!kwCy= zGUorhqF@|*it|8d<0FSEhOy>b5I+(OxJG}egZ`0n0dVerBEM!+82V(NxueeXWz5L_ zMtCK0%QY=Pq9fUQpoZworr>!w}dr~eD$z0x#2h-eT2AZk`B z-&G~lash1-x6t2W$Um|F|HSG4MeTp;d9JYQwUO`-V!i&~_0kH6r>(x*Hy59BS=M}?`?9F)vr}HFZ^LMEcM!G8Gm($z9GUK%@_>*Q?>)Xu zwnPsR-_%G}=v}(}zD9aqP3rkxidDWJ-+0~SH-7DOc`XI|noCu|EtJ$+`>X)C_sZn? z9S0*3n2@q{aNpI+Y^}7+yWRjF;WbxhYKFp#AN3NrOt{>7yF;xsJwsR*OxN6VNXwtk ziXFpmU)}-N)a})iC1lS-L5x2>aLv` zc^5f$;{oaN9LjZfH%*sK>ntyhBUM=V(-J%;6!hOo)AdAnUUHtfvnY6i;_|c?P*6mq z?@713obhx}lsk>icMr?=&)Xglsl^b!N`Q_{Jdd4&=^uDHc!QW>W$UN546+#Cnq#@o zdY+hixC$v+Qs1|8k0#MoP|Qn;%abaeYLhdj8HLk!<3+iv#;s&56BxE^nbOAhet#{P zyt~C*UgpeCji<6e>3f9i%3zL`XYOBuSp_eoL_L|XcTgaZ&mF{yiD4WZ?ey*B&l8vd zzjjf5GD<2PnQoXIa-2eEZmSEDy7KiS(C&!BMBNmUar_t-D^9 z@=WE`TAtCKelVHb4{D#!y2>wXktRSpU8AU*1^3>7njFW_f+U7SVmzS`jYor*BVUVE z=b2{^kM@kKsuc|GHF-^(7smhsqJ2u=Z~=|IPZ13;JBx>%+Y~OeCHc$n_(pe)kOOg4 zT@<)d9zH+e!I?LzJ_^?xq7$&(Fg^@DYQ>o~`q)&YH@zV=&7ss}6oEa9Zi)k0ZX5L)93ZU(Q|B{Z|9aOLFF4^(13raU{HNGp5U z>n4eOy|g+vi*lUOaYPj!pc?jLiqa`-@0U2rzJ|ZiXq)KM{*K<^=im+&-=8)r8LlI) zs1@632e}L{Cy>UH7kQf&Z=v*843pDv?MqoSGMhO@bz@cbM>Wr?O0I~c-)%$n1~jw^ zoW30qW52PzIr)Ai9`8w>w~%^czqR0}jGc1A^AFUw9#xF2OM9W*GZwtirx8qoFC|&{ z@uht0N(2L;uQnI&)iH9sDLM4L-QFaxmsAzsC}a-f_nq7vPpNWjV^bf%VW=6;-?tru zYkJqi7{Pt^bs86otK9F#K6|-VflD=GBb-X+aaQ1$#b@pns-sjJ|9nVe{)6% zy0IqHWOOk$8dUZtARG?9*?2ETZweM2j(tMOBiOnt?2+>$qxT38^YLR=nRqqLPAEJI z+bRyKFmmDUkY=6J80r*FefECkt(NwsGlE}fbW~IjKKjJ>QitxTzN4p*XL)Z>fbT8@ z#Bj8hG+;rK$f&=8I{!A@w8p$lKl&tAwY$HzpgSOHR@`jQ9gI@jWm7mMz}*U!zO?pw zDS_c5#y5k6ROoU(tC3?8=mqNj_jceL;Pv&k=b4$6(47S9+GvEm9s6jYWT1t-DOIyh zMy&D=5EMowY3o@*B89d(F|JTB&%xU zqW~5~A!@=K2h1AwSyN_Mk=|b|K2hRI9foLEolZA6mJ`t8S`JRs5C*!H%?>sT-p)wT zv)2u2kTuix9L7aWZx;440hRi_`j*hpP9oU&L<`W-NkO1H-aEwxXp8qOH$v%X&Ba5=_jFFeoSodHkZE^3Lu0gDitWku$ zbiErzXZc9k(siyJzIJAYd;syQR^e_Ih2@GXn@F-;FxTj_-Rj7Qjgy=??TkTatp=ER z02;2zJTGVakr2o<3@+UZEvS)w1b)J&4g?SvED*LBl&vL*hha0p?~2Ctiir**fUwKM z@tQ-Iiwdx@*W%^j+F^&GrX^ML>Vo2QL`)1oApG8pf4W3qTZB^3&ZB>OQMOns3kW=v zPgm<2>YiMtAEf~T8FH=1bz6JomZ4epj&*|Nu4s}k;DULrrBkaFi38{RKG#AF7}FGG z=coa^lqcZl#RT%%Xvw9T*79KY4rTsgR;ow+y$~UUY@kokO^wQiLwi&@ozvuAy3{K| z3ABWM7MjL`wa>WPXEwqsmu{GrB;#YmF&{c_RbE66Y#3-U@{$8bm(P|I#@gB%)xjuH z)o{n$OrU*<>nu)=Oj1%(y5G?z=#<-J5V*gE)Bmx zT3V5XC6#DE?Pm{?7%bg+m?!wM&h|+6%+0er++Z|&EwnWXn;y}3;4$V`6q~|wVk&Kj#W>_3?(DJXv_eO63G`o;?PZ4*h6X@I+rDcNCnOtw(^aop**bL2h~YV!IG9C? z$Dk8;-L1>wP)&GpX#U=LER|uohs79f&f9d00{jB4W882*)LF^!1ld}dlhlT!o>g>q z!2FZ~=}=m!^0c}R$q5s1hh~go|b2}po>)96zoj%4yhjf-$xdk|7}&@a~SE%orAITq`Ht|MG~FqaYlJHMBZ;}ADw zOf@ACemqtq?{(7taEc_Q4@hZEG996NAzUGp(#`bX{+u-BnM2zAZd`^gm#8Og)v5<) z0!3j|U8c-*3c z*imCy21EWjbBxPB(;d)M6hv{wU3Pk|uX-gDO(N(zvKo~>T-ZvNBc)YBd+cc^O4&q|J2Gu=o6 zakF~Qt#Y%)2OS^f!gZ??cGd)N0)lasy{eq-`*&AY5(+M8Wfym4Ys!`~TVn4@JaX2F zBN^fZS2-}AL?$!GM9Frz*+Z_k zB62$yHBV=@LOP8zRt!&BN3FH3Sky4Qjg-YrS^~;bL$Y|5zOok2=z91MUi)Ir)EpM$)<6cnXYJG` zOzdZt(9+Q!2Ggv8_vzN> z_;3D0{eXVqE!Uo&(t$(5#(Rd|Wtq;fk-J`L1F-xH0!bE@m?}qr3ss3&LHB(N=~{+y=JbetN1#n-`cCuu9nR6eNPLSsq$^B9yWzNy{?xFd6c1#QUpAa(o6SdwH73 z1CqITRyNuR4>^!Cj}p-nsGxC0&X~85%WwhiLS*-X85<5L&>_>jv@vXB;Z>H}#_fu5 zka&WoV_}64RP9_K3T;7`T~`Z~?a75rfb3nk+XI^pCc&hpjiJmCYj9M}ic&B282?~9 z`(BEeaRj!Spb`8j;`5s*d_0Uw0+Kmu|MlsFRqnU}BhI&XlEMF$uz# zU!8nzIwJuSW`WS&Y@^NxRz1zmPc@8ghbaN{uYBJ1DISBW#H`oBB1p&TgyW!_ zrq^C$&3wd9(rdXEqx4QXAoB!bg7q$vgSksIAPnZW`?ww6;l(n^mcGcmCqB6w)(|4h zC_{lAjs4a!B;lssJfb9LrqYp}(r!nn@lCBIEYZL@MH|WHDt~j18osp9cmKZsu$_z4 zA7ZHyA1Fkcpm+wQsC6hpsX?uF$sf96L(ja%(UT{eL+yNE>h#nE9eH5D#cek$r>B!l z8n2i;oL&vJo_(p&dK4c4Zv5Ebx0YNQQhpskA$(ceB$4nDpk% zflmHO0lX59?9i~~=Yi`7@2@>dCf_*_`fVbT@BAjwjyjgB_x3vFs`EB-XPN>^r1S3% zv<@B{iv@MEeown&BDGTU#yBw!)W&ZpmK7B+1g_>>@xkJY1!&8w*R?j>83;Uyxm%np zX~xH%aU7>-;VAu-WH){{f;^d#35{cXjdu=JX1^oy-5Miky%$hpC%8WG6#RB1Wtq4l zk%<3&flg9;y)J#H{$cZzi3-2)SwJSxYTz@R<|I6q!yE3XHCjL|p5vijn~q`rwogQb zgQ#hNdoo4E?qF3l{&Py9A#qG75ix&FO@o zS+1_Hyk^Y*cXq5zNM)p)83RA9ynH~r^hCu1`^K6S?az*WLLdU4IlF>6KdZ%Fi}#%M zqI@B&WpgcVCZo5i^dgWiM<6-C$+RX#zL`4qN>RE!dA-BxQ@F1Y0FJs|4N%wqMi07? z_t?=?Uh+Mi%W$m==F%s3#Cb|kzT3yfs}BQWB#Eu^`g`PiI+Z@f@>p!R$_hHW8abnq zVEJ`~q5Z8?kpgaIV%<}6=966N1c!5-NxN51xF4=r zWF^zH8ek)s5lDX9#L5-Kw&z+3)dy}z1>A1B?{<9zC@QX9(&gw%DfAoZhhfWyk4w9< z;7?jziOS4J>Z_mYNb#cfa2%3OE7!tC61toVnKD_J1wYjHen@vD;m=Y^8PlDzYmJ?c z4#VcG1WxBtULFdgCisACepgukFp^V%hd4^lxzgF*NkKK%(~QfkfrvYclf%3#1wIB! zbJt$cni6z#N!J}6gpowrY#?;PnLnUnrYgT2k{8`u{U6!1qVjkB;TSRM@llvD|+U$Z<65-C|9)EIRF?Fneu6+6#-~1VB>MhT-MoL}g*PUXcch`%_FO>cf ziof>cemHNH(&@~yS%s(P7+VhC^c$|X^|Q^4Gwc;(9vaEdo+?WIya#VpYNqs!K9DCm z?`^`UU@aY8ZpJa3mOX;zhC zmbG;C+w1QXzjjgYlM6C-0_=Qi*8>RO&yrv zx>o<;`nnX(VR$>{QCv>nsLDcN^6e4$^}PINlnb&wP8GuwA0Q;+$-VM`k*t8D8$c!K@9$^5;&kEFozEXF z;|YE%V6ADmSsoD7;OZiZsKkn0G7k_!LF08jUI;3Eoi!9JEzh6@Q>*rhxTJ4>lyi>- zNu1Q$oJlkpM#W%nj`Ot7a-0N@)YwBf%9kp?=Os;XyGfM~ZH^ zZ>}-q;lOejPGe{ZhSU6BpkDI%Zm1 z7fUThfv-g1Y5Ds_B<4uJ+kj{bzdK)i=)50OI}vRwK~fuJr=21BGN{td@GP@jjpik- zk*deN$r`{cwvkk<7J%guYp;CmZP>M5dj4m@Sj;>zk=cKw|1z#Q3pxs1AjuM|KF{+d z<_J6N9ltRY<2cET4-mejiIC+5l5S*oWd;p`-c}ml(g1X_a9fqHQ_#bBSSIih=Un<1 zsI@e=mmy9|^vLMsu3swi}>fqAqUN0j+&zMNoo5@_c&#y58U|0tJ z9KU#Gsi0df(|DL*eOoSw*x{g*qA4J_Vc`+n1gtH4F=nJ16^=cSlssi=*IYR@QD~S> zG<47VeL{$WqSKph(uG~86ZIOWdE}U4`r+0971QKj7PYF8FMkjr@fJ_Mr$(hkuzIEyi84rSYC69R zok#Yfi$^G;&Ioe62xLD)uJ9Io6<`*jj6Q$>uArA!{qWDceg31e%nBO;t{<4R4RuBB zr7tHiJFfYU<3PxVhzDw&IC+F-bhu5tb<2W(wzS79OEX*A6Vs?|7I>W9M7`SBgnwE` z^tn|l;V=n8lme;*%UZp_v*fI5$pp6W9<3AC{@DXtY1z*hE_5ww$Z&}o`l0EK*ut-t zf{Dd{xfiOYxSEtCe6hCb=7JIx(IGiSPfMLOfs!n$#H#9@S^`YEL*az=pgO3ET812|Y_TG6J*DbUJ5bZQoWRN@xf5?WS$5iUme$&```|yh@sb7hcC1}m{RXTIw@*WT zJY_E_n4EQX%-dyrVO@`}3h-+%q_zAAlcqMgzcZM5^#2Jcy>CCYDhBkO*^*Wy> z+d{=kDtL1Ar4 z`^6Qe65xAVt1^Qhr_H44JGLe3o}f2&JoqO^n_9wErn~EmO~P?`S;NjeMXf-(t|%T2 zn14g+X(ldXP3r(BCwlHnW;U3a8~0O^9IcC;yj_Zkdu}sfkG23A@?OHj&b`X^aP9~fRQZDM-c{|v+W`hE69t68;tdsUg28z4`72l6&I84|E($T<7 zWIh8%9A$Bih471`hPgw{4mO^6`mz(-($r*PWbea&Y6v9o;+E870JERFYYHB1SFp znHanM-UUigvpQ=3teyT~+*ry3BwDQZK49JMGnSCZEF69YyaXktnWEK{YAU$a%Qmr{*L?!jL0i9?$+>*jc7lAP=L$PFNU+vrHn3PHEg(reDT)Dz!kb`l_O9&+I)FR@#h z_f|Pj_g~WSaH+K#1=jNHN?1@%g;yM=>@X8Q^&OQaibHs__7iT0VXKHaTIxIwx{L&Ja-ghMrU@~;$h@{} zfvSt#g&=?jUXube4YN}OhPEtO5e7@eUk*B;vB0Uh#nfFuQeRH9InGC9w15`X&O1H> zauo1==W;!1!FHn@*N1dfVAasoOYaHW)k|j}NuDj~yK>K=z!JqySK{V3`f%V@;{)uy&bP9h@#e9twS+28 z6Dvm>O0-aU&Hp}3G>{c@rU*_XtOPmA4J+yoh$BUD`t5bDSv%SgTyBvP0_Y?G0nxKI zAm`(|2wEGuOc-~P-ADt!hhlx#7Fb-JQyH#q!w2{Nl;GkLaH$*}6vR5Sw{byHxgV#M zu(_e$2I*UdH(XVa0i*_{`3N*qfy7N45olQ0_Uyd5o9kwD8(HmABOa0?`e_~Ki_~b$ z?bW%%&ayNAR<7xgjhc?rzRBrlwI;^0p0WRJ&=+dZpAYWMhbS9e$aOO=cEpZyymh*? zRzpspBRNWad+RLceTZS_%JXE#@p+KV*yX)tx;5o6NMr`DDc zrj1pn2Bg*`tpFF{7} zXdw0h8hZadzt(Z`-plakb17Q4!^ALu1gyARw3tcQ(t)xCHUb}rH=N79JRlFB)6kdH zRMoBabNl?c_ouiBhRqG(Hhz)YZX+9{-z86arvGZeYi+?lsY@$a8~-BIk~7%P`y>1z zKSn@z$-@BOJ}i0|XX&B-$>gkQHPy6|o%BBEp}ftOSMXdNm@GJ0KIjWuR>eiB{b9>) z?wV#ugje5_ zXSB)>nVX>5fhqhNUWgum3Ayi27`Z6w-UqSzcYFcU58tpr;za|xi*L5Y#-`ABuCkOs z?24ot(z!%C(}$ZL?WZk6poqjeTqET;cvs#i!=T) zpSRuZ?jLQZ@S6(pKGkYFF1lFhz34AImBtc_&icTVR75u$a|*}t-dA@F5n=hcy+f5W-Qo)IKiiHrhgEM9Dh8s66}NtG{hkUY^y8%e0~!tI@xm-CTtg z-<{;m`6{9NP#TMNEFPnMb(P2~3{}lD-DdMKPa;kEeBExy+bw`B@Li|cjuB4*G4LSa)@B5j+GcSu#V`V|P`ZrU7o(lkaP6Z8=4xcdGsoi=%;X&yAb;mko3M*b!e_)(* z-<;d;RTI12^w9K&e|u+J?rMlmOQzwh4w3mBVO(O(;0Q5HR5I^oMWe`XsZoKTy3G>p zg6>{F6)|SD$U#x3;=$n<;T|WA5s(FPAt@D1TC&#XiZ4d*Z(sz=`0V6VWN~e-lls6e zUJxtwu_RDmf_Is7`^yZvGVD}DCqb7b`U(`Fr@a`?_d7)cXI+$qhi2!q+xb7kUOkz< z>w~w51eWT5R`rHgtHAPvX%@j7G5FCS%6twis(JEE#93WWK!Ce5LU|bTWbTvLh+r!b znL!5m-6lrL)Oneoagl>|6aBcZ59!s(^QvzVn&o)%@9B|?-fl%7Af_eHB~P#5*lB)p zo6?qInoe_kY=kA@i*fiRp6ZBlkKzNzh*$R)$VE>Qm7kV1c}k)^s(TXofRnKIbkS0K zD^&!&Mmj)3@ipAlFG)0m-1kmNUcuXQ#;Z-@?|lm`{fQd1kKlZN?M@hD&y-oN;2p&( z`eWBy^8~Y*Q@G@xq*B{fox#Y|U8;GBMHiu28QVt+u~YZwpTF-E7!Bhe&Oif6k=*V0 zE~3_YuZ4PvJU|vDZEv!&+p}0c-p2H2pYLU3bm;!o_U63pSpz0s{x04DCxP8{-SU9tj?al9fNRgq zk*`afe=Bv`Ous!GZ8i~ymSVz0r_Av%r<0E?dkCBM)UTy@P1xN)Yc;Z^3z8V9`rlPw zFPt1g@lhLFD+_!Q-4)^bl({YLv$u7=vMZ*DN`mM}VH&A>8?x*CI~Lt)WEQ#Q1outu zp&|+kXmW>r3eWR|AF*u=p6WZX1v`13Cw+L7BG~E`%v1=ITM`5o)5}4`rm<`0Oc-s2 z9fK?{9+8O{v^Hn)6{R5F3EYl0#;t*~OySfC#*yEJ!@V3M1y(!hw9JkIBZge5|1;niK-F0$B?Pt|v3P2j z%o8neW=RDm)(a*-Pkv3UnBudU3&BZPdY%7wjsQeaubI}u0;vFaxOJnkRbuM0$mu>l z_ANzhzoWVq5$X1y4bcs+{pQZNZiw7Q_2!$PxR66vrcw@ zosx2WF34Rn(3iNsk8=6=>mc;MA98j6`N!*%(Eq#$c*xZmD`X&sU~EnZ_{Vr9o}bNR zXfa&zhd{%|`!^Mj=(9mIeKTKu`x>Hz^oHKw9(-SH@iMM7TqZwPayf1G#K~olVxtna z>G>*|G!&9RvDNc1EX8hG0mLxHo!IUebF*|=n~27QqxSBoSdQ@ z4XuYUzF&mbQ{e|`&{W|4^rm9m`<+$2o!xs`yh1amvGJ!dfv|SC=ThEQICkhrne-zc z_OoRdGM@-9J$$K0z|(-gB4(+j17)T}38mNknNgKT0nlwD<9B{s+?u3q? zw#az+$T{5eegy{F0IdA9#BN`D+VY&(YkX41! zPg=n*XzV+P{(7I5M$q4R`9LmABCsX>mKV2FIDX$0j&N7u5HIQ1O!b*>Pb#Lx+sJr4 zO9ha{3Rsxi70~TT1rjaCn*Er_C?7>*y!4aTt;QyPL-g{Yg!0VTJhpiXEPdrktw)L2 zvc-rw=V0Qvmub+k$3TxMfPj|&-Cw)6Y7#^qtxG&wl7fmL-i`g7#JBBz)6Bf=3-AP( zkEy}#_EdE0k~U^@tP?6<>)wn#@V2}C*nC?7QpY4H_s|!UA-XF~nU9P%N+M8014My% zi>0VkqO@dTziA{MOdXD$)V}%_iH^d-wCY1Bsmt2l5SA2@tOo{-4^RloyOeh!AZ*!5 zQ8fks4WZZpbstn}t5*p4?-RI_7s+9b+_dKc{=6i?N8%H7-br!94 z&gaiRQ}pMem?5Aj%g7xD(g9GT|A!u>1C?^PrK_4|^!bicDTBqwr@PG?u(jS#-$XYPcbwznNT9YR?*$4F+Cy)b_<5%M_KEFJp- zw=mposu4M1+Q00Yqm0RK&>_E!Zqx@~ID&s;T(Uwpky0=1V*@V_`TG-r@9kyxFFoD( zKYYD)R9oBDKHL_E;uIWOUN0w#0r1P(aOnw5{`zNhG~4c zEq5Fb?;KsqSrvvX^8bv>47ZwK&8&B_n6jl_Y4lcBtWqEv%|PMNAmKK(0{KQwF5XV+ zgIk-#f;hX?FaRru0`>ixd2*W#rCWusxhp1_FnT;PC`FfXE*TL?v>V3)2#4*PWK)NmQjV1g%(KZc#NWI+g8Y%ezviet`b}bH zM^x9hz%AfC_UBk1A%=?h`-8l&UAQOiEK~meyn6xvxMzK4c?~ClD}r&~KT2%*?sbq8 zQTx-~SF(6>_p1QSUrEe^^IyF9Q~yagpPNYO1ivrYz>LdbW*9cytZk?Dpw;Q` z(pZ+OOU;iYTQ;QKEpsg&2Ldb69$-?~Z<5I2g z->(v`^MS@C|Gea1^|$_i3umqVUL3Z)`=_v%;4B;j+RVQm@oDq0>@{^etKZ{c!zMuX zIH~o~_VP9ff9r*z%^z?0N&3Y62$^4JC-thsiyTLkS<^}mF2_>6fSrBIdyB_~=4es} z=PZftP5CwCw8a_w)0f|eO14?k7_i@*K9kxAIeqk%z-e8N+ih~jGw3c2?h#eY;e|6- zxVY(mL~V!f7=@sh4|SX@`MO#Ee&`^@yjOBc6SoQOfY$(o99)Y&WuVMlXT6Blt9j~p zfzX=~v`~lh4iWa%XJKh%azJ1{24Z0TwMOfD^ofZbOx1NT1?q%>uh#>1)uP-?GR2e4 z$xUs5aD?^1A<0_1fCSFWBm>c*#R*&YG)svgkacU}4F3my!33*w0a`nJ%_s!EP;NOL z*JS+2_lRrz5y<kW0#?{8Kc_?hc;J~ zL|2Z6b!lI>Qt{;t15*3H#tId#N5taj9SU46@dej4HcW2+xb$`CxR3$MkTRnd#!bzp z6@l@b-*RwtTp=Z`>ATFbgWW3f4sb>A?8j-?PO`WG9KcHwx|T`9i$a!w5i?6FK=L7C z17UZ%tzvsbQ8(i2qc-vfE;7#jOH^YULb`@K6fd;1jzI_W*Z^bmV@}T734G|5O1lrk zZC#%c;>bsgertkbnI7>u0x}DHgj{v!wj^&VKN5GPkdyfZqhu7eA1z5mX}LEFY@hkQ z(b=Cpp7|msSm*1v)F0#jj2Lp- z_pX2kYK{JvG;exvr)RfLzO#LS+%dq|ppouxm407VmRZdY7Gok!Ib{eiD~^V;fw6u&sqpthlEt4Bp4BZpHeytTz8t!2U(f7V5T3U);E>K zbnN+;ci&Hb6DyoBs;X;i>da*DAfB0g=M%h|cmrAHVwW)zvcNSVm?3Ga`T1>y)jom! zv5Ej^ccK(_TrNlg3nj5 z&rM-kxys^(fW*95 zBMQx0MIAczkbEC<1td4&Tzw%0ih7?F8gdhygaw9otaRVv8MWEzKK7c(!f$c z&FOBxf5}3co1V)vMN31BrhLSMqqBt|>t}Y3sWW#;Nl|0G^Amx*w!JmUeSq?2L|hf) z<*LGYSj5j%ll09RBEAY?tML*;Fgs*QOO^WMrUh+3#Uw%n{&xZ*A+K|`E$F5$f>gU= z7}w=`tc6^tY|8j5RXVL6n_}J;ofsRz(^l<`)WnP&oiTOL)Bq_v`C9PIWWKUjouICB z@q$kI$b#r5>#l=iKiYyDA^x|0NZ(b<>#{Yh-XA^}+9O7H5qC|;3*Yv-PNt)9k^a|M zv0Pa=zUA#)lj*|Hs`K%UP;Gi;vwp9k^x`fGYq5KrVZtknzrP2VlyvUdaub;Ug1#8_ zB1(59F^U@B^;O@1swhEvk&;F~JUtzWU1Q56FKBe3_$N|AWv?o_eXKl^XTg~GUQ=*V zUzwt|n5)rp7wjM{rkEx$Va?W&~K12&_ii zDgQ6hEbVA1f_?!zN#*I58MGhVdVGp(YXoMTSVY%nC}UlADNU=5*7{}&KCV?EzixJY zFJUD3zhiB6`uBycM#~mRm-%0ecYmlQW(XHoH7n8D!Xm)Q{s21f zT4)DP$<6Qh`8&1wlx*VVEn2nZ{mfEBl|={J4<=$&8z~LKQUYutFulU*!CQXpL(8=*VsI(^NYZun z*QPmM4SvenhufqkpQ?CqK?7WvOi+PxX$|Zrp}qMyoZLTBRWjXAyFPdq2i9!n?Z*2y z>~ZdOCJLNdL*gud7%mxk)cUXXl0Q2)!;PgcyKfRY@OTZ62bV|giqh}!r}!&l1Kejd zp(mMY%dB{=&pB|I7WoI3BN`4~GAK@MYti&G9x0{UJm`E|P^=wK7eBc-tm7+V0L-Ah z-`O1=X-=jGuz8rckCf2dk`QxmODkYqU{d<#f}rM(HRFDgd>n)Lefl5{a)*SfZMG<{ z#Ho%awFDNfh9w0i$yzh`XM`1u4{qyo$E#xXQaoisKH$WP-q9*mlR*5W>N`m`Jz4uR z!veSU_L5nn35~fzl?n6on}ayCiEGBhzvQ`60o~Hy(gQw5qb;9ElSZ%jZQe=-L%k=o zzkfU^)Vqh zDZ?6DRYUk~GZlS^Sh8nBQ?8ZE|x3vrt^M;IY4B{cWVXlor1-o(mTqHW5S!LHu zA!F|YAj4Ea?$&K^xWHABq|~7U~tnSzTjxzi!$3=|U3QQbgM3HILL2 zr0%$0RM4}oK3X=_7oi7ZGx05uv{MRWnnZgmZl7GjD1I2mkRf2R57ncPDxxoWB{$-; zM_EsjK&)ESfOo6m5M!8t!>`CAlQVtczMDGbCMeNA8D6mfhB}4+I0teJ-#4PFRGtJi zA^0DKN-C)oxynn(SF8r6=}kSk9?m)9w&GY_2rsG(9HmujTFB&!iXpp8Z6AVF)dI0D?MdJ}k5R!EzFVUb z?W|L@uGXN*nKA3FjoBSQRyQCNoG{u54N}3?p>CaS!(^Y*-%R8hJXqR1Wmt(~iB*AIn zz#uxlsQT=CbFrpriA4gua>xE~z={;1cF3nay+6%|1}0tpv1L&RGjd|^jPnp>$f<&2 zaG(fgDow2aZLZN~(bi+Fuhd{Ka_KB-q*Axph=PmS#v1)g_t#+Fvx;rw`ZR%*t}yej z+o6VBQX_*mxDXfdOPwAbiD;3Uj1F(1*~Le6pyit=uct7&YRX;HDUc??Iw9I3yHjqY zKcHTE>8Z*CAr%$oB~c$pYS(7} zbz$=Nw0pt$g;?n~eni~c8KUh2dioRB4%98Xsrv}f_!k8nh(b?NJ8%+&TP>aYRV`10 z_QSaRlS~w$W#S+`nX2KHo8$7yjkMdw=IK`C?qj9Y<%r|}4I~Tupn|(j^x`t9dkcCV zIhiU3AQb0lw^?#@@Ms0nS1p$Bev{UkqM9K1eiva^U+VkbZmI5Go;=0SC+W`zXCErU zc6F3o+3~H3TB{r`MXP>$vP>*Kd~hG+Ko_<9+OhRA8}qMcwp*;biuUeBu1-pR4QZOo z96>)y@trQ3^uZKFtxPT~cId$J^4}|ncS0AGOv80Ix6=8@d9&$Xgt4Ms; z3)BF3QDhb5&safBp=h$dsmwKEQ^Ty;D9F1*A#DO%$yAez3oW-Z2oUt{!r8}>c*FM5 zLH;0fj$U;eCaE!Ckyyj-YBqk+L*k(9Wb6LVmdJI;rQ31)?n)zN1&P(ry*ful3GnLC z%Pqfv^EG8cI5E5bQ+`Q_Nm-R zCuwApE!*`LYa&$@+8n=D8tPldJlOXmTeN^q>ZAjFH5KS3RS}aV?Jagx`fk~C1t>2q zzT7{kVZ%3nUqn+svkkrWOG>_R-w=OSW^S#ahX^=#Q%Bn9-#NTFo5`%XY0GRK$_iI4 z*4wc>;;sZ4b7+B!0_pW;T)3M_h7jQo9WaW<@V6KAT-Zlpp9@e!>rTUgR)^|+?&F{E zp(ppy;r1LO`i3PjZ}=A_4HMUO zu-@zIDa~Beal9IiwOyz7y6~0d(r?`1a=&o{ITtMXU#b0^9%1Vh(Wn| zXU^HNO_Dxs1=X`}jeD!?>4C(V>+?D@hbKzpe>T%U>#ae0N~0atmPc5Gt1YF3S*gOH zW3FlDMhUB6xv8Zl?;#TT9<&1VMrni61PPuhuNn^3&oY|Rr~@@Azc+x(AyDb!*;AJE zm_EQ_)P_6mgi{5FIsU7Zc|qS*pSZ#6=hE8HV7Evmh; z=f_Cr>EMWv*~>(bDA|)$>82Z`y&Zo;hZ${wGuGUu^it1Kf6Hi%r&dRx^>f#X_`%&T z*cU$fq+nL{8cR*qg@t}u)q_kS2r=N?ydh*i8kP&?6o##tnP#;>`5=RkZ)7xk_u;-0%gN{9WjO}Jq7_Tj;}$h2VL)N9-Rc2Q-! zL}0|U;M8trAo>eR!-#0HJu<0=Ppv2+&i<7=RQaOZ&Smlu_w?`pr5oeIA*ANl4qENa zdF~(wiNQS7zuxz3SUQ}>_R?w({Wn&gKdZ5^@)cUFZ$$7whIER-XD zPh207$o`p_-j2OOtDKUn1h@@p|Nj~(WD1GGq6>;AuR@_$&vnKBXiNY!J_UX*S}6=2 zXXv+oRO#>QW3Okr8nhMAx&Du-gI>Q7ba?*vA8P>p`M=lyzUklB|MS#;y#fBo=;$@K zj@1ZWuz~nl>M@xr#sR{ zEr%cYB#@RNSd-EU+8p2+Eq;n#Sp-^Gm}l*Do(&C`UXkJ^8W?=^>&Q>0YxN@0bwCW_ z$hnw6@2Y01<9Z_`Lpc3u?8?o;xe2MI+E2~mOEJB5_`T8y|db&l(X{YzLEN*}K z+Z-Wt?k;}e!xvQ$w7+%~0MkF}3gzY8A7K5Rfe2s#Al}Tc$cB#ri3!sng#{u5&>*&W4JGtju@v^zN`~K=&*V%WMGh! zFr~UJrrMew=pR>%Jjy)BEyO1RxHxIh{>%s3>S`ifs|fyYiU69(xQ@O}vO^ebr1F8E zl-lWkFl|DmZkQXlI4u*LSbjU}DM}lK#BGHTiNYKkakzGBi@?e#5*viwh#c_NeQd^A zJhtbzn=8K=tn94FJN2H<6|`8=!Lr@FRM~;#2{L?e^j+UsK@K)J=VDnx^i5P=tw;EmYD(7P z%!^8ljU4r_wJFteMEtqD*jdQ-ch(#-Ap2aGNpaOp;SRpU9?9VAP-|WzyVx_8|tcfAS>HnI`B58o$2!&ZYn>rwQ~G8kK)) z@n#Rq-b^}^JN29y4-m#$uyWSs-IHT`tMFK$cz~&P&y+6hY>#Dzkm1qRB|=-STCbQ> z$_U?ypWX;V8-uOG)06LKPY?L;^dS?R$l$n2YF8(=f*BoUFoeFtm)C%K%^e!SOp1xn zg3c~eH{qm8Qzb-7_wk*r+HQ#;5hjepx&#i+3GYp7evF444<^Cy9z;1~N-P_{sLg)I z@K2-llm{Iz_mXgql@mHZ%v1nqJ__SG^8)=KQU_IFJ0WDSeiE4v{RAgdzzBFnm6FIi z2FvsLEa~{LXg*yg#z3cu#f!;cZwtrXCW@+XtcL@#3$*{**@L~~cn;e47DzYHT^m$u zj$+iO2rDl)rtOFw?x!qaFW;T{h18rnn^{ST;0=FNvt5clURZpjA82Q;^I*8#*k-v_ zzenDKMav)^zUZUWqpT0HX)7|T0`bUB4HM}lVxP92S55Yql^C~yy{RNhfAt)U5ZhPG zRqqDR3qU&&Qvv^+G@^!s=C8W>+IF);M}K^|bB@fvmu(Bk$Jdd2+-PDk0Jp7f5#+OB~@9CX;hslzcV$Z~i zVriqLezaRG^A)U>ng;Sm3y)Ako&~Am7?g%e+n>pT0D$S_7e^hr(AOWa2%)>l@XR8| zqC`yJM09Mj12$zP(MIpz{z+~AonV7%&p^fc(}zVGYKse4yq4l%< zMBap7XPMN*>ohw1e#VMw5F<*W-3%F1x=_V-N#3$hH$61!s`l(Tk`K^hE+$cz&N)7i z^M<5s|4gW${6BIKt@p6gxA;}c_0T^)L`s)Lb2#z!O;5glS9Hwu*PphljBb~#+9Ik0 z^j`$xCIpGi ztob1ly7Yw|cI<(Pc;C*a>x~#^$&dq6T!i<_c>PJAQ-*(KjG>ueQNIGbDl+-o*cpBA z6*oa=N8@4)S=cyF@KjjAS8nfPaou-`IMs{dq_4G7tnPkedl||hm)KcJwKtBk>57)Ax{0_iij!cn@YfS5M2lPm3qVF6vuX0>BUNXoc^T4Xkz01{R z`so8(LL|8eBv3PPAiXKhj$zeusw`(DCqpp#=|<*~*xQ$y7mz|pDQkY`+cH)y-QI3Q z3EZ6|bbJ33^hRJ~uXjG&^dj1p5=(|WB=eE3D%*A!M)%3`f0dI8JT;4Y>HgxzKkv|L z{VM@d{LiMQGW5gAsEL%!j_lh3e`Az^?Se>K-^79*jYz)ypjVt19l&ocrajE34QLTJav_`8G@gd3VStp8}9SgBAHN?-5gRd1RN%atbU$@7k8$?1Dsy@p@Y@BUGckrfen`h}Ig6m?^5%VKeaWwbY#^!^MWIA@L^C3$G(SBJAmrV@~OC9OyU;(e+w0pM) zhxPN`9iBDk{9u<+9>A>EMLKo@JrUj$qBFb1J&R$^`U=A`1@=geg()^v;s0tXlnk&4 zwN$+?tJ(LiSGIJ?*1o#=I^eE;XY^Xv_2nUD2#t~2~qD+}r;hu-yPeEuRrWKjc5sXITRB1k!w zY^#}#DbyCJvv8Xl+1tZ>$=L*V6IS0Yzi6rr(g(e*N4pN2fiAiE$qW9Zt&*&ev)}D7rnKRq1r0`y4WMwmF-p5Ig^p=AxrdWVYk#=4u~vQ? zVib26_=+fbRY*nPz;O=^5jxbl{(D|coJz{Vd~C-=xT=vj#_E;fDmygT=7n!1-$f{B z4yRx;-msXG$JN)(96RJx4xM@v7rPRikn3f7&;Pno+S+LHiWrG!rHOm$bk$2zT8Ex; z59TeUWH&NtO_?}{?~}?e2Pt5ZG&8nQa@KHb;EOr7MyD$)?XS-jP`pIXrBznism8lSt*F(&S$lF(2 z-!ZvLUNqxvzO!eIa z*?Sg}-^M@U(FbaHEy*}csbo>M?BGy_-0%hMcWXGNbZhBslMhHX33A+ZzFRR;Z`z_` zd=)0il2TDVD| zaN{q5{^PKNQd}YO4wM5gH*=l!B^(3%jiHC8*9^NytuzKzA)x@xsU?I(Vg07c7C@7z zCd3ychDPGBB8{ORyZStxAN&(=D5L^_I5Ol<_O4Mm@o6rsnMs(~BDufQil7XSe-!Q+ z-#EQvQZ)h=in?!YYs8=mbSi2DVBg0%T>VA6mzSIvYm^~3TxeF0=z=7C^Yv)un3l5lOIU@ z+C=Yc^QNb}x%J3XW(?TUZ$!*$wbwPLapt9Ns#!AdhKNyDR5rBK#HdcIUYFAjv)C|S z!XP&yy^SyiXQsF|@QYX9nd)BM?5kBjNmU~I9bPfq>LA|l4iFR1ABcpaGEUYaCr2ab z*B5zTh%K&$pBart6Ba4A@_9wi^eO0P_2VT;fA#nG{ zz-Ru|9c2C64p8?ZE^E#>UV{$yRr?Mj(4l!oPc@LU(!X}Ww|SyYnUF z^E{?4{k4%IS|CgVSK$E&40X^gO8hN&krcr{bMl!|A94Fmje(vH(Ej#s64yY3maU;D zU39x630EF2?i3Nm>6NHV&Lgs0@RP~U=fCXM$O8*ipn~`}#?FCqOrT>g8(#5`a6GRd zo@e9PaQ{UOdnO3|p`1P&!GEwhlu-Bj4@2uOV#>3ld)~$HOey;t`s5SF<1FEt=VHn; zC0*?K8^1-9-C%5N&uZe+p_@#@ZgFBX-5Dp|xOg~OMp>eM z$XS7!XS(ZD`Q8m7Y4WZ#lQmw{=$i}mNZeifsb!6CLk()mg#hHPeTFEBkM4c*lVX#k z>VnATik@y_d!+dsgC;V1_sHpJ0&Y<8Ugsp<{|cssrs~4A&CY#U%YZ4#z@FU4+Y6zAJYFj$Omy%FvQbkGVMHCcoVi4AIGbkx!uPoJ1;*0Z0NOy637Jh9{! z>wkKh1r}ru#5=qW$&_g_`ziI!e148fw@aDY~XsqJ9|zvU|g| z3NS4^3`a!X^Z9VY=#_jgDjfgj96qb@Xk9*?W<7rJ&FxKpS$<!S`C!n>>M`nZ_BJ!6HHxWW2!$E9ii&|q@ZC4ZwJG9O=ks2==O+Hh7o#%OAeM^-kG0Ye9dLV8f0g7Q!IGjSZnd?(rQ({V zj4*GZferiksw2LUN(W{=rf>Tvh!I_eee94|@$(n<0&shno7DwDY*mBuO1Z{KpV=k?^vGs4piN!w%_W$Y@}rcDO6e@$KX zO17zkTY3kJw~E6M%QV*`|Be?d!=`xp!N z`BX!2rnIWG0EK`(f(Gk^3z#J}Sz<8#&IwhHPp^-=#RFLe^J5vsn$_ssuUX(?^VaS} z%hXgfX>{vV!LS`c%jJ>ey2Rb%t@ZC#DX2w`lM6>5lEK7bNUvpm4Hbib!fDQjRK155 z)Ilk>29e;^$OBiB;~9TExzk7@XBr9i29OpoMDq-ALDWVpsvy5nBFZdfp+c8*vMGU# zC%?!hl2r3X(Un9(SrvAa0a1xDH^wJ2CC7%igmaf|wv8pet0X<>ra07(*nl;6O>!Cr zQ1DP6B!A!RF!VXEAx1Z1dGLD>*HDe~!wD2QfJeh4wD8ZgN_Zr#9<(bmW1RJ%1Qe;h znNq{q2LtM$SwZZXxtu;%=SL3YS&6`kOP&OL6Wu*8U(e^Oy(t;Z0*9F<4w4 zdO|s^(=3s4Q;57jbo_QfTMI01mY5Sx$wl-}#Wk&!;{btI^N!`PqxruMkV`c{`yU%= zA)dxPYNIES8KFoZ^uaq!w@5GaT`f%P*s&1VLR~Hf+JFwV(@64%ol$nca54cBZiE)7 zljVOV{F16yQ+k>CGE$(i#b>eN!Zl?cF`k%~>J|1bb^*DYm%pEgPJk0(Ry*xS2!H~t z!ee%Gf@GV;BSE~hwTm7l07XH6Sk}+-7fQy^JsUHxd-*JdfJ6LM^3vP z&BSohmbz}4ezJhUgYkcC&~xB3C*N_Xg0;i;!46#Vv1J2fo9DbP6Q_W zLHkWNjO>Sxj>o_O1up7d;hlNe@CIs1z<>~vY&dk$bA5G3ztER?3(mM@zRE)r+uc*@; zIr5rj$Pq1vr_|(~ZqI@>s!N!0Nh|FKaq~$iU5#7VJva2DcZ;6ACI-sZNSljIi{%=5 zTD=0PL)6T`BtM31c!%1Dq7L5T+h_E>86gQwR8huoe)a6C8)H|u_*KC+j=JbC(e@ev z)6j?lC|1S~;))t>YhxpcSs->M-==Q7E`T#BwdZY2S{IXAKQ`^Hfysl%C~Ni5N*bKH z!LC}4b;ty`oSvIk`zv)G3Arrl3v`hp**ohA!q|^fcJ^C#qtY$TKTh_*EyS@x#cl zFRy(dfr|kq8Z4G4m|t~bbC)hbrKzVgxnDRDv;&A30H*_ou)Puvu8R}wM3Xw~eHwa{ z0C>{L71}hMS?AJxOR_gp3^KtAq*HY>ARn{3&~_S?uCDLJA^&In@6B&YTPyu>hM$Fj z`UAYwyPi1C;O-2p9Nup^ zEozBTRN3&(#_v*-IrGK4zD+wR-p1ezdj!`^dDXyhVjzB6C99y?=NA?S0)1<}m*3-K zP!ax5AS+IVZm6gAWsXZp&pbRdRMY0%8AQ%*N+sHl8#NPHupxQy!*kTKpogbSUh$c9t@-XwlG5f9t zM$B!DE%yKR9jlemg>Lg&7f!t;YF}3d%}-aV&P}-h7xxQx+Q1v@0jkr^1F~uf%4-)g zhG}&02j%JpmZXW2_r^ml%B}M2t~cjC@yHwz=qX$2A5=qUVqk>vZ0Op`4BwSzot@?- z;xuRREXXH(C7!wzW+kdxGap`$=jJL{&ch^h~08r5u4W|-pY6HVV8*f z?F&1ES_|gs)|snmfW=tZ zCFu+huZ46qWT~~4q+rWOGllQC?UTHB;y4EBwFmWngX`57t)M3IzV6(naM7tRPO3=O zlBzmnpbnXJTR%m`@J8J)oB}C0{4$`KWS$3nGH^?Uh}(CZ=yCE6U+%r$9YvcP++UgK z&Vs4<h5Gn!F zHHMN{bdQjyw$!!T#UF_&f#=Uq*|fUV5Tu!Vvfj7Ih>!oLzfWpZL7!24_K2fW@mN@{ zXEPf{KRZ@Z?jQ$qcjk3Qr#4aXUN<>iQw0*%Ah}9Uqn0iyWbYc$Un7M1Wejtcy}}wo zuhcm-wywS0_UrLTZG7trN^J>B;joEliv?b;ziZ1j{X^Pvu7SiANf4E{cYUS;Y4xx3G*_^*-SYD5w zDc1qU8p~{kfB&%quvpXYh@h^U`h4`MH&LLP@rRx+3IF$#y02Mpzeg5U?#v60edq*T ztqqQxFD&1LQ#6?5jCVtjY|F2a>_pb25GBxG&J9SClBJYE#UTbKIG+VN44*rd&RVsq zFnDx(6J7U{;L%c6KV>A!ar4t59l(?M6<&Y6AAJ-U7Le99;tQrP*RB zR*Hv$O31)>&38O*M>&+&lYt)1t{?Kp`2> zG6=M(9AXIoJIk_4O+Op)7^AK;^Sq^BF%Z+6uWG5C)--id`}}m zi9xP%#Hw?Mw7N<_gWwM) z-ycn*D`$c$MaLvkZ!{0LIb>DObth1cikbR@kf%Qj&@lsvM!rnCIto%WqkP+`24{U< zvY05g`z_0dIk$(CQD#C&4But(_2lB?)rNw3nj3FcR*OzQ{WWB{e+_hC)DALY6S(zu*|5bd zVddBa{jQ(F!N`G#-psw#;IeTvNm6w&@s0rOw=tOAtFhsXS31_w9mc1Xk+ihRE0nZr zO4U2aN5SX`1YZ)>XLv|h4dsRofI}}jgiPhQdlgOJq}S*TdM?&PGh9dRh^x@X%^|5P zU*$(WE+*YU8vA}CP{FV)NgfL>FX8q3L#|m)d;uj9ip36*V@*yuAT!^5bW-f_a=*-M z%Y2^Qd0(QW&|_9}auN5*$eOh+Vz-D^g2e!IINS1H5wj+CIax6ATP)o5 z0|y>_!98pa?4=o5ya-5sx)B@QMeHNKfX4MU}3%$l->|N3)%XD+Y(ib^xtIzI;5 z;s|YGy{=pH>}k+cCO304AQyY|T`8KY!4d_5D#}?Xe}Wtma%d$r>u5Wf5mE713s#H9 zu%7+pepe#(@MB8~JnFkJ_ueKkpbnh1CNFr@3GN$XB6EOkRTP>_AkXI>N|piE(fC(< zr6?^HitlfIVPu><^wte56JnAH&!f4CtZNJe?_Tt>huWwyJe+AN@9pd}%<1}SL-CR` zQ~2dKT0ru_cP*p12@wzL*nnGZ+SPr9cd9}Rl@_Md0~srM*RDagsgqbLcq@-v=YGq= za91=smuCLt#$|I@a=2_BZ(>Eg6tT6uvbcg=DDU{DLGwWuZG=NI6WaSD^j|XYxxcSR zxD*Ysew^rSv%_<=u|+5`(wkn5WKJ|0*kd;Az1xVkY4uw=HC8(Qb0`d+bP;UMWsFf5~I{ZOy$Ehf=4X;!FZq&Z9nI?>rc3|Xj(fGVe? zDy;L;yr+`)4D(WG0jvM}R}|Ur_NnG`s(BG3d3RhHncC+E#f%!Jql#>xN03h2zW*40 zwns>zw(b3s$0^j?Ay=VkR9yI;@)2#zdAj=7k6A~D=8L*k}x08`G@l>LbS>5A6ktmwWG;C8OtA5)_T<_V5t(ZE@ zn50n=VMU0a;#q{jQvT6If72ScZaAZ(q}-jcF~1rD{g8>1ODv&+YXjtgmn^T} z8C3t`LFuwOoA(swti*YUCwgUnoH8FHrR`b0uqCHTv-wn+dq!o!*7h)YyuO+`5yy!iBBZ^)CS!5fQiGoutGNosp}WuY zZ~7_R`4PVvDRSeeS4%uO&=PP9+xZC%DE1ON3)5UB)s$6H!F7Ni10VG#VsP?+4zFa$ z(>2~0#NdqTYw`Z*sv_lXMYn-Ss}^loDN>vtL}bwgJ*@TXB_(q@>_Sd_#U=%tf;+ApEKsyS4uH;= zp`qg>I1QZP@bYr1g=M!kOxa^HZ2iL5}Cfm#GG>kn|kG8?@k!+>}buxnt>j-`?`7CgyYd%NwT>X@5T z!|t25vrp>r9=~z;6x8-__LpeG1~hfnH+#-C_KERYNbs-2&bH)A$O~h z`rY)cn?ZCdF*#r~MPIegiPQPi8aPouRd}woC{RE(R99_Dk?wjHm>Ocv#+vP`d0V~N zq*A`2;&Ja_?oLvoYp#yFm|Qludg}7YS^fqZ`W#kz8!PIP<=XuAFN_LBXDlp@yITrQ z?J05Gy9*qaSLl!CH0j@ka}%|1FNrC<--y#81Q!_umqy287<+y0In-apx{#xfFX!U-ZWmsGSmV3^M*!kN^S5A?K9Y?s6+n%}yRMXWIskX;?- zolR$qG(u~|O|?YZeUkThj9|I8*ROP-iM2-Ag`l{UrAOZzatZa?arB9d2~|RURAN ztzrYDRC`XDDzc=Yx-;ToT^@`Jc2eo@I3*=d@)>T&pUW2fsByAaAQNuHM}p6v?t}M9 zRyAT@Id^WLd*~%=?T20-TBRbp426_;!&IXhT8TDhW3f2RUaJVPIH^vF218lIZhmLJ z*8=y#v7!v~=Tt%Fez`U`GedS2ElSUG@gLzoc8S3e=BUG3=c{zot{`&}>bZ=$0%>8) zS7>d(Ti+3WG@Vb{r3AbUMestmzJN!oLBf?`^}XY8F^JbGrUM#Kf737!%*;0&6x}kW zgLj6!jtyD0)tLb8?)kU}EY=l_Nr$(_u%qhL3?rS=F>k6N8 ze$5w7$|RjNu)gFhdzmG!dd(Ih0XS`foS9f{i_m42#o}Mw%ko6be&PZ22?0R}idF?5=ts|2dOZ+pNY5eXJgf7gCK%-YgfH~GNe1o23a^xpn zuJF4rD?_U1RB)}?83oAuaY{vaiYyFsMpP1JuUNC^La`Da4ahWCGK%CJ##OWqUz-~7 zRve-=nZ#twj!?;U21(x{m#V@taL1Io1qF5`D-l5{uLRkRJ39 zEybAh;WPZF1FdPrC1v)4AWbVL2QTK-Cwal^iPxAqa!LeZw>Z1qC# zm@19~GbgfEU52B^=*)vRkgaEX27vm&W`ryW8qCk#dla#v2R?Bt6nH`(5}jJ#HKy|$ zI_%$Q6zq@q9Z?#41iRf|Hb&SCH*K}JC_jd%s_PGhAtvO&a{TX)i0DRAvWbg*Q!7m7HMtOhQ&qD)v_&+OasIP>go0I9T zvoWWZ;~ZhFR7b0G-wp3fo6e-1rp)&H>SJ2HtsAwS^|-e4X#;)9HsXg&$t=JTddQKg zkN51ipy@uVw$I}=oWA#Xq9!I8#1nUgO{8Be#?o?`h;{K4yK^kViK^IIGo|5L^Nmk$Si4UBJWWYV*ZqHty>(nv-4{2i2#RzJp&&@g&>hmP2&&j6ui(82;N4z%k}t!QFWJ_Lk9o#F6-oX>jNCL>h6_fp!=5Y-P5wT|2$(b zcb8>?1=LBp&kec98|kf^;C4h!cgi4#q!FB2H| zfM`#C=yHF>r0}FZu|W+Df5g->Hh%)?@z|sA#O!)Nl^-#RCS-onyvsVgOM;cq*|!mtON`Z%&( zU7c?@O_D196YmCdk%b4T=7=~j03(xwU#)dPWD1Ijf}mLI$}wiQ&z{eoQg07n0U?0& z$ZCauTaLlE($d%w(E=5ahW8^rie0z~XC_a8`A_5nEHeYATM5^WA-&@=Qk05GQmH(9 z`D7XV^Is`(@*<+BTZn!HT{9t)8bkey4Nr0;W#=go`H#N-D^HI%qv5pJ34)p zN5*KdG^fFB(h_QyYwpJkley4e+Pfg2UAEAlfOCS z#Cb)s(m&26PszHYmZkG^Txu50H-15a97<0x26Jj*h!Kf-hxs{cLv+RmONv#yq5t^Q z-V0Pe=l4RI)a=C6MY3pqF_&PyGz3u97*g@q&M4ln(?l7(2R~GKDa>27i9bx z)>rhMbZpN3hqTWnW#IF}^NZ9iRmpbiHaZ>DpaAz#iS^!A3yF(ZV-^lZppUWiZyycQjwk+>lw3voOp!ar&*!sxmeCXq?(> ztz}%y%kU8+#sYkLiuD_B*aH9g#4O$d;a(^5>Ga}{%Xo*Y$Ej!|vj{A&OM6|XViw!@ zVwfc?FU^Bzr46@!BGX0+D3CvOIuRbr9#fIFzpyR9T?~IjIxdLsAV&*~Kc!m02a*R= z3263|TTw3CxI%1~ZWg_y7x+(2G!~xp1bi-xo z1Ch}FLk?rkAQ3TH)*byBwtZHS@RoWtt`>F~W62u)N%j&WVO{lk@^Dpvo z_id(QWE(6xg47-OVoHH8R8`8aDMe!fwD`NUFy7~VAK@P9eP|(Qh;FbLKjl;PkzA~P z8fHRf%QPpUby0#YZJ+ni^I7r{a49|&Q`;&!_N<-)?sMKY*}149JE6!Fd%^7qRySNjM0wr&+x;bpuOAlf23dVByd7h=;UW#M6=3XI5ODRh(Xxa61im5{7A zOJp^D-Qv_N?nQH|YTaYzceH=G37xu~;$TT|M(+)d|k&68)o{Q$)h&bnb#^&Bt1SuyI$iH8MK z2F_0OimQ=9IWLymrZA9L6ikX^&jS{^ARWVs<*gMBI(8LDcKjIEsQ+= zk=r=3^MvZ-8(lZNzJ~>Dmr-|rtcwF;CVfmVBHiwA%NMj;bfZ5(s`%eX>Fxl1pX!Ak zUJ|YMxyy7rR1<2yro}rgpLcE`9A^n|f-sNc*<{ciT*S?I4O1iExfOY5;)5NiY*dgSFb~_=hs#b5(f;P^6yMlOf-51Ld&^wPkx$u$m`5~|K(NxkzD)e zo#m067V(wnH*Ol;a!208ipi&$Arjmi&OvMEC=27^iO9YNDrTvP4o;As0%zgylcJBd zw|g7|F)eGx+{_Izjh-nJyZ#yH^E?%gw?&vv@Ro}~t3B##~RoF1oQ zqO0ayq)3Kwx%knLC!U&h$n`kw*IRwN_V_OoZd9e#C~|i^kxMZz+dnBf;{5mWk9h1B zc)VvleMyvCpX9N9_^t66qjgqj3v>9%Au6jj;*MIYb6_p6{dDewQ%1&*+7BDv_esxU zG{m{F{-X`dA3pxKws5aE+~Z^vTzw_bEbWQB1YT>m*uvkn&f@Q-H1G6~qgbeG{Ta}9g?H^GZ`HwGG& zb1EB&Fm1VKe`{NVNL6D|PvzXrpWKJpGq`;^)(dzWUvn zZUq;gL=M{v)Ot|hFKAODZ4y8;7VitisgT*EE;%Y$&-cQlgy()k5laj|WXXM(J)VVH zNkblL4kEoE>*~{aQD3u4Bl1|B^5?-#-YjkUb;{{%%PHS$)G&ae*Q0d4YZr#8#^k<* zc$S{gv{o-jcC7b1=Q$#)uP-a~VW%`Z*EW*&wo^e>aVH zf7QCaTgKMX5jEfp5;8z1qX=_(A&n}U##~osaUbr|N{$o;pa(I_A;IC}kDWXZJ~!G7 zkOa9A)sj~f&xib+s^CwZ@`ct_6vHt<>imePh}2dpS+8bU4{WMwWf1jTS_lxZz8X=J z2t;$HRT;i?>1wY&Ywfwd>P_|}z(h1guNOpKP@H?Ko1On-en!-=Gx~ZXO%4t$3J(Us z2WmhKAby6lB~mQwA%H`lsVx5Rch6#`Kl#dPK3b`WcwXJJ`ewGGko5FfV>9INvTM#G zRSnU)r*qGv_eUiq=ttFV{Z1<`Bp9*reT+98!M*wJzu%$KOHwxkDPHZ)eK*%jk|JPn(1YEM$rHu2 zh;!|P#y+$sVyrIgs#4G2oZU2x)2py&bi(FJdB@20YACAU8P>bj$n#}qx6e5f|^^4AqL;zox< zz+ld|ilfj{w`Ze;apOOGeuv2}`1t zwg;O@W70$|)goRz$_j?G8mp^c`V;`@#HgGX^mQgyZY@<&KP$}-bgkptwq#T@*22gi zqEkrF(Y7G30C)XDXT8e@v&@D+NLvK{N&s*MdFCe&qSv}feEFz^jF^+Pmi1j`W)_Hw zM8is;J}{LtNtmD`>MMR9Qf~hM;k;63cZrfINV;EPj7Et}Q;K@ZD(p1M(6^7||TcxixpiGs`3{(`;|Mzh-=8t`VYkBE!%S8>BaIFE-iaMj)YU_ z@U1?YXtrll_p$P8WI4~de$z5L1N6?IEkTuSmZH0v#2;I#grbuBBrSS_9eAS&KdC4r zzYE5Fv&(qmI{0k0r;B^#NVoj+#f7K*2byPuna+B%c@g`p4Q0iANmBOWha7>JFm!c# z*Nr$!!8CGviDd;IV>h*nC7lD!jnkKCs(QyC+jjzpuH^b6(|&bYrm5?FaPr_v$FuJ} z%k6fs<`-X$Nr5cj%Qu8=8@BG|qCC8zB66Wj6Eon9G|&+ODX57Dc;h1JLf4|m$*$E~ z>MChvTnWlPNM*(&hP#PY<#W_XtG|7S+}}d;*BTVK{FpTv;YDVO?;Me@kG=n=(ROBbOLFCQZ83vcg66gs ziI1ZFY6Hjq%m_hE9%-I9kK(S!%ZLnSSIGl+>CVn>9V^W-YskgVF4$c8oSz}6hL?Nf zx%GCx^diC`1C>;CZgCfYOR%b+tcuA)UHc2Qae;5gRY;w;Iuc}vE;yfX*pD8rzV)^! zcYbFjdTdOGVN4hJZe#5149TWt#9iv>sd7-)&Za>)Bh1(^x#-o+oMihUYN(c&Oi-A$!RH`w?Ct4gO=83|}P2p=& z6wZp|`d08d`vx|04-7k@JQ`cbNXw>g?OCM3+gLG_K0R_I7}Z$+=L0U#Y!k8#+4`}> z!i)ULGpO%A%cExarm>hBe7A-CUW%;c-UuvuJ|#xp#IM7H2ygjh%@peH;wPaEWm?!= z$&3+*#50A?{OA_{^<=dzW@f|nHR_8UPF4%w49s^8&v*S_f;`tci|37fcks7`11xb@ z4@at2%fwxXT0(wOJe5$@OfUaXJ&X`}lSy==mH6V3q{)RbGT6xG8~q_^WJmd4)PAhW z4b%xC_^W_V5cRgU-OolZ-^qexom%_gteg~Y`o-LQ!S;^c{HLc2rp5w_X8h*H0x43t z4HnxOu89}w`(g6NXbb)DERhEE7}D~+%qkoNiLX~uw2YUZy3(>%g>GJ^YdIZTh;$M) zX7C+*tJ!S0c|Y`D3_tUa5KwXYS~V&MpN=t_@H`c%?v6mPK0A#!lBs546=9=PL!b7V ztvIy5!UJ(^WbVkf0jnn1m`11^J7hDT3kR8zTA9XQ9IVg;R|ftP#+#c*DQkKhc^+CQG|XM z_gn<}aLIwa#!du)(=(2>SpP%QPRNz)H;kk+(3!B4`LY5^bB~oJM{Cbq=T)#;aqeqd zoB3aB{AaxfRCtvyf-`3%>^V0=0L}5k0k!K1r2h8F8#HQa#^dN-PDseF$Jr{gTSkvN zP7;ILr5bF|1S7ty3FyALW-jP>cjPWJ*O$HuvPPN?YMxZoO!SgMz{nEJE3zce}{@wu%5FUIbnLZ8WLDd48=_% z@U@1+k9>@|tuL%kaf;|xQrTH{W^r(Y5$HjVBzGBRcYC1*R7#7GFx<$SCCK+?GR}?~ z$Bkz3X*lLkhw&{6H9~n5zf+%A<*RT#yXl!h7X9-k$M}&X=EF-o-~qRTjxH(Jd>ENZ zP*#d~Qzb}#SKHU8xg}r~gIwGby*`ab?x7HL;aDkgf%%x%&#kp#$#qSO@3@rL`sH^$ zzpQ}%@6UIC#0Jh=$Nse1er!Y-Pr5?)zE1v1Ok3l-NuPo~T+yq3<2If9s>C{5qPc{b z^=n!L+%lXMVK!x<0X^%wJ!2JcUz}n{!T~DK=bq`?Ozv2M)4Qrjm&B+?O3-E}HZnKd zx2ZIE9ZkhqBFi>&C*Nv*nG?_Q|DnwN-j})?oZ|IVRBNu+mf$$FHvG2Q2^|4Zeo?eD zC*P#EAwgnCLs_xZBqqhWA#dR+YvUGJg;Ec8prD}GZ{AI z`Q`EUyyKl(|Cw|*3sms?ftgRvPnEiZveB^~F2P!WLfy#{HC*B|93vLBSkDEit)XSVb+n+PSp{=)c$>TlzIw6MJ9$AWrIfSq2DpNoWyx zGQ^7RH)huPO{ z%5!Lqt?hVI_Z#_G4dJYC>ZOM`W!SX1fwxs;n=dnkak8S8i<)UnzW{Y3G|TBaaC}{? z@t)eh5{$z_NuZ<;_~pIc1PiZKH8l!-&S|s*vbc3bn-wnKt(`HOf|E{oi6d|^H|OrL zeKbQ@b3}vD=r8~yhi~}U((sNvrT8k!!rEb)1jy!pr>XK^vnMtt4FsD0Or6T8- z{nyt!?!R_sCY>s^2unA(F?qL%y*~%?6($@tXUlu_tE^`mKiS`UOS(Q$9|2dYADOU) z$+0eJ;0LlgOCop3n4=nImn2GNYVw;X%lDzyCI4$HU(B0$=i_A_YoiW9<@>ocFJ>5^Y;Gf5mj~0&_JObLkGkZ8dY3J+?G=p8flr4e z5UG8IyFmN93RZWDoW1Fb3qw=OZ#rLimtSm>gf|J+2ep}6sACI3Bul=P8`6Uz1IX_D zWN|sUQkfTnx;!H@L~)$##9#b}58U-RIGM9HrnI3Mmq)ss42}bBjbx1tC|N$A2T56L z4tnGJsV_9wQuaAR0PoS-^t?e0>mQxi!GI&;+hHr=Ou<^tG@DhpA{5HBNYQw0+F@;Q zP8CpL9RgC;vZaf}?K)Mt@aPH(7kpV||8z**d)%Fb^PI8aH~D{^=hnzu8STma&w-B~ zkpKzT8hbb0M)2$=@!rp}h?2;Sf~8pIBaEgc$6C)*4kA-SQ7a4QsoB2~?oKsI4e0s| zJvqMrU%bR|*U?_j*_apD=Jm(NE2T2q0(mcTO(0oa@#f>RB2M3rt$E=bi{c@Nb#sl6 zzqUEh^*p`XOaAbY?3)x}VohgxrJ{{pf1hV`+tLOK4>?QyV2l)ty{ZsdbcoqTQ4o=S z_gG=Tnyq22q`yYSqBCifl(LUXe`gz4bZ7iY{fuaNDHA*u_L-N21Ed9aa8UJGUUuQV z{JRcg1JiCF6KUtbHBvj?yBGi2$8rEhKcRqeQKbcLJ$YZ^{F2PkO6D%L0*;^cZ zHA^nu>PqZq?3l3}i!>xfCiFxplHQaEqxVSh*;;NbXR&lGTn>3lhInnrN*OmcGYg5n z%?wz+IP9Pp*-IEXDch!ppP69U`c1((jlJ!o79V#Pr!ejZ?)T|Iyzh<73&6zInDfIY zzVmOcoor^Z^QDlno}C4^#;RSb&Y`WHw3@V;(ab>kj+MIHN0iZW~`sK-yPkwOeSa7kXeu(5T%g7xJm};FDwI08{z1M?e~Dxucsyt(nM|7C$1k<>_GQ5Z(Z+KW0rumOTeGo9 zi%wtH^$Y!x&9Z^z!%>~H5=gRL{%mFW8tytH>6 zMevdA(f2|%^1RrHPTr>PKj;s=em~&i@l5R7u*@w%n93bcQ7S05new5SC!p8eD?^xi1<&chAfwaM3~pp zzr2X>`+qwV;f*`*;_t7(J1^p$vFxv}d$_?n2P6E~-+o4T~aX6BYWZsOMQy>`z>=&9X|3N zH55F1IOg5m``O#n9WkZKobXTK_RD(?8B&9e{@5}T{**-cU6SYb9}K)J=kweCcVF4( zujc=L>v(WI+n%+_#L`)#Tc%FPYv}jS4BwZd@iSq0Y5|tzRKos@HRG#PA|yoC((t3- zzz-w;h*!-I8<Hi}9&i z+f88DS&lUL(RXs7_GXCJ7R~v*j|S&EyOqs`z^ucpv}gZ?N@*iGxsAq|kaY|;4iB<3 zSCt*_&&o1rga))YvFB0Ho#AQyz`kay=r%x z^mIA(o1luM3`u0ga9Jpy)`F$lRiyR_+miCTazTgDJk@vd@Pe4%5UIX=Ge5I!{aCl>0*i`OE9W7R|L+wfQ$Q zC43NKTZ`Q5-oRlN8sO-2xJw&8y!W^gEU6Wcj}hM{uWIK^mbAZ5g)CteIhnIEeBozc z?!{VLLXSx$Bf9kUqE0sLYNkocw7Layq?kzWTgvKEV~+WV_7_+hmV{mOhpT&C_O@p1 zE_iA~g^LE+wkw$i&|eXrW1Qd`ht(0~ru!6Ij}1N}d!1H{>EvU>A&|J~dvWu`0kRb$ zq56$lA#crD59``Pd}26!DUU~?pqYy}UI)<&Q{3&-g#{)LgDF@Q(_aBS&>AF`aDtio z?2A1ntezq61zUz#22{iB-*7T*MBoj0F-zA-{dZ~D%1RZ#klR#%#hkF@i^^jLD|LRs zlU1AJ$DX%Eg&P~MKXE8%SARiX zO`zqDx0sruR$J-YCDFMb?q;jLRyy8Mij>rWr&jdzF0FY>gW#2(hj}aI9mf1(*U`P` zjVHcahL(=LE%3m*lAV=@NjMV_C3?z$rrif`e-nJrZh}IT^~x?6ly>a7#Tp zM$k=)(*v(o5)Q_pM4Stpz6{c$=tuculo+DnLB`h(m?ri3u=ca1YCqj1qvakf)cA3w_EE4MIJwo*cuhxP9i89X zq-a{10>C?y)J}U;FXFcEb1mno5jj>}-*2;^=4moMyg7K^lZvKyGZ-JHda}lo=I#w~G0A#(#hv%tbpR^$yAW0`0>`{sTpb;%lR4&qV+;sB$ z(VXuPDvla%)K3Q{3n=Vum>XsUie?pQ*AF}4Bui2u?qg1TApOiWtlS~Y_>oYt;={@& zeQMm^H7E=xbZJxUlb@ZjARJ_;l1Oc5UHzIAgVgrc#M@-*S zd*4ja+zehG?C^bJ6YQpn-G6c|eK|45Hg=?Qvx2<;&OOLa6($r#)lU$x;p7@MUNG?- z@xR;1CNU)E8zJYicd$P7#w+Tw)_^O`H(-SSIuUPPu?Wvs_K3$dDj~{0`4xs^yQ*AN zMR*mQ%3Jc_CE^k{%KT^@1T**pU@~j?0TS3X>K3`V@71mR-yX#Kns@)(1`Fe0!~I)# zVY`cVx>I5xEpmSsE$Y5Q8~&{(++T-Z6@fDUX&NnDibhluCnO&Kwduo_W610K#`QkP z!XLZu3*oMV->rYtq<>ofL_Gb|`d@1;-GlZ1rtSak(0nWPp&5lPK}Vz9LLgFx(62{` z%^#3yq?+Lfx&SzWt`wGb0X-RV1mcJ}Fyb-ZFgQloL`XD|Oef%WYAdCFwTExWtG2H! z>eKZt;n7a2M_)ba4%6!N`Gc4iK92;QaC;}7_IV@lud?QRYqT^^Qdu7)|G9wue){G4 zv~a^c2y>OC>ija12H}G~wyN9nfO>19F7z9Yod*2UQ&z>p_W$HwE@DCek8ydhI?@Lx zh@}y^IHq#Ei5BB03i|W$l`VB!g*5sWtUJ0LvF9la`#Y`2l3Hh;GtWxF9gJN5b1g$Q zq_z!yhmyvt#LL;&@;=8x|4xTKqo9N>${__#Jzv=I1~+#?z+hBTk*x;|iiY9(rc0V+ zhA$I%FqUkHJRhLBYeI0WEZp?SG?pq$&yp@1;?qgHZ7Y7#BL2w~UG9s%k7gkvrGlV$ z5ZurmWL0R7VktmoD@eJeNY@r-jQC>pCWn4uhub{&^6A)iV~#Q=CV{@)0;Cl9U-YX> zLu{6=3Vgjn>2%kOEWAGyZcUz?dB^lk{=FKAFEcy>QA!arRYcM zErQ!8`ra__%YTD1lSHxsHPa0|kMbmGZCNGPCU_nka>MM|eb~J#{OJ0`K2wqhWVty= znPq>Aft8$mdxG(pmT`}Lh_JHHu-xvny>-8J7FLYQy%$j^okzM1a>>vbQJC`XG`?y(FRWlTAXft)qcJYAc^aOAARi zW`zk=nhc8Dpr+*In;a>lfi7v%C$^fHbHQe5Z)rjvL<=ZLbnNnr#bkUOsi>F3cs_-V zPt6F7`3Vy7>|G-+`iYE2f^NXaEjSv>)Y5Z<#V$_INiJQ$E>+KmM~}u{yC~51$>0RZ z<245Hr2>)fPVLX9GlI3GE;&39N^y2=T9+i&j>|hJhr3PdFU)}-{`J-b)YaX>7(X9l zXA*C`kQ;qK^21NZ%nlI+-DPkeiGq#9XQI;;% zUz<98#lZ75zSw1S?PP_s7MeJ+6_WrBDYTP38V~>Ys|3H(H|+@_sd_7Rk*NT=Soqhg zQhVpOGZk>mO@>k+IzN%w_58;Mv(vujI3{}?PV!uP)`)f*F+V8qG-Q6F_557`@7%oC zAL;syfUYC+s4@-Y2t)J!1&dJJP#wyz!xe4arj^v3WQDdW^r+$HHxs z{f67`qtjbV6TY@UG0+rB&m%mdeSy!Y`b$6CPG*WmOwB^xbY?mZ!rD;xcmAu2tgB~m_Raa^F|72{TP7CJqZtET+mS(;5+7Ty z69&;US#`#UFh^0CKb6Jq7(qGFgC~PtjrAea%n3Mc?So1o_w*vDgkiUEPNIsJ%#pwOv!L)+?O?g)1=#*lp%=sg7{MMh5 zeEkA8h(78d!oE*j)6XoD%0G7T|E#GHS7bzF2sg->Ape|MY{djU+Pig-#_m!JLAI@x zvg_D#ONtvv+DtQZtXmF`s)F`&Cs!zj^l37jp5;P+geX;~FYL??)f0|VRy_MrEBmj# z^6cs0d_(P_D%d^0^bjf3*NmM)2y4bR-5+Y3VlNi@4~Z zBS?te$wkD4GvG(;|IZj5B1wof}#XX~D9A`}_` zMZ&1T=N_b2{N1lTy?WZ42oLp7b{?>PbFiCd#ut*c@XAv?_A0#iURW_TS}%ku^gx;6 z!M75jkU(?|S%VMg_)pO^HM&MQO4JLwinPgvrxSY=%*ZX|jHsSjwV-({`Iz<9v2}`l z_{{V1G{xn)|7qna<-XZx4$~zb6NjPK*ncS#k%FMQ$QzDhz~#?egD(?6EmJtBQ>Bi z2flEo>-Ae%e4o;&1Qz*>_xII2sZv}O0X8#8YK|kj zu}jl|Mshv7h=01yp$Bz`;~Sg1^FLPYCYU12cwRicBZ0<`juTe+N8MU15CxsZT4ubCSJg-gfQD)0;EaUQ{gRRe4(!+*1Cz zcauPt#i8<(S1O$~Or?D47h$KW@rfx9DkjBwulvSfzWwogAn)q=z~_@X$NG^u<7Fe3 z7fj`2ph!!)7mBy_KDwgo9+K2~$}^ErkD0hC{jY6GT2rpx3`qkc;K1ZK!kwOCG5dNv zre}Y1a3H0)y;{#)BQnu8wyF*XTQN)H>lasLaOb)VU}Xb)0Nf&$2vnem6^ZWITyeIV4Hj>*LXJb4pfd9TFlAvQ0MEt|hF)aYxUc2d$c~|W3e&?yD_lRneQR3n&-}HQgOJ-Cd~7h5lmM6N@K6`W zQ@9lJ7pWV4eisLMs%n6UWxPaS!JhEkd-#Mhggh}N%3yl4D7 zHVzv*-Y}w4uJ3;YaOko8eUdPGJ#*ZDdePkYZ2&xJ$)8kfKfXjVQMy23)Vw8D>XG`E zPU1uoEb$5?*Sk&Z_6oLKFLA_fIgzq(^%AluJ*-}t)$oG9y!Kap2j~x%T=yZ1R}UaY zWG^-a5FoYH_~kunr`X^v57V6@Nhf;-Y9_p)Z2Tua_NG*(U&oJ94tscI+8bP3=zfepEw%!p zghf%T*V^jC6NGn&we`dDpUjSR*Z(u|p>|2nc?Yb&XZ6|gqnyihGje9-#F5lim9q5n zWFIdh61zC@cCp6GAYjmxF}-@k zqC4Fm7Q?4R`d=n~$zY~a>tcZaPu8~sv z6;k%DP*=L^sAudT&q0z~rr&*rN)1fB@?kZHN?q<%rZK^-|D+_?zy>+N6uYS?=^YqoqW=)55F$pS#d`f51jbxdU{Dg&uF&O#lZw{M~+*&)c$#c)P7HB7yvh4dCr^o zxX1m?s+!T(;*iolv!(rO4ubq*NvKA_+vdzFqDOQqvZ*}3{UuC-AkQ);kmpS}Wbp-L zQ4nq$2(X%X)=@e_Yf|Z4xTF1P=0Iz6VjIP-eB@Ks%g==ts1Lp{H!&ly83Z&T#i-TA z3spVBevGj2oEHTstU<2MhFSbu3Y7BWAY16Wi{{NWB z35<3&nijGGFYU16i(=uQY zvP20(*)|EI=~(-xeq%aPxs0dEbTt}osxCjpXZSu19z!NZO&oqb%-W-4T>MUAKQNj% zGBS6#S;}V?;`^alThz2C2Za4r}r6YJgW%1SU<|!Rj3JlTl(ZxaXTsQQY9S) z7V6mbjqL9@RJa@RZJO-)PGu1EY%&_as_5MvW8@3XsDh)uhlWUUNr9Q*9O`iq27QR} zyqqT%3V9D+7Ml!A1*wg zOhbW3RmLtxgbVDzAb;1=tW&PMUffF-e{#5DGJ=(>qMZ6Y5~emK>Q<|R)YS}ij|ow4 zk*vd5%h`J!QEMelk4n_3*P!cyaQoDKVS-UkufCd+Fo6*tIfoIE+_eEd=>J&=U<-dW0wCJVNMXIuV4 zk6Fb2HBkux2)ateEMCLQ1(yPWM{H0?%wi}R(CE8HBi?>x?MtAM8>xBd zCy|#fRzt(VzBB;3m&ZRm?U1^s9(l}<&OXavZ1(UuYoegv5PC7CXf-xMfI8sU*s`m+ z^`hC#;RBw;AFp1wbH5b~EyLyh)ewW&{J@@P$1-Dc7T3#04of<_Fwp-Ku~tHKzqDnu zXiU~qv&MX9BTBv*by~Y3B81z6Q#F?$N}#zX_8dV0uPpcp!o71Dt@Q_=`bur=X*-+` zlpxUBs-(R1zI_1H^;TF41z3q+$=s$~D1TswO&s9S+8pHK5 z^I4Oo;;`lfBnB;Y+wrfF1j|UHp&98<8OX&7xFA4BB?td=59R^^xpvifF<;w5n8mUS zYyw$fz&{TETAE{IKfr01T3Q(KYv&R$%bL|Gd_+u_>T;F2tDX zQLIpAD#{VB1!nIJa@#ax#MuhVmJ#O7gya4U(Xic`E`!z%R(XMKqnl#4HlPCsRa7W1Z*uf#B}dVz)d&uO6m?xCH5}#n~iPERh;& zqBW|Tme{DcL|d4xD-gH{FA67CKPVg%5ESlOQ;a)PK)O#JjE{8W;3zV?y|MHXIFer2 z28t2crN=7$#t@YgQVNaKv#NEj5CSQ+kTL*ig!^jV7rnW5BdAVouz!;soH7!7DDkvD z|Fa}_P}!0Zh47)opy4xVY=&_2)ApnsD)E4D)~=39ZHMc=(Ddzk<)i(V*LMHMy5LQB zsPoe$UC+b&DD?bljYtYiS_bXUYJsOgPV0fh1Vk^auzimBcIS4l6u>Q=JxnIVLHz-H zwZ=}GZ=q1`;N8e@F>f%zy87vBC2~9Ji&!ZpI^dPeX1N)=Y_hBj3J!7NwFA~(nEcGF zp*Gd-$WsI2&L5w3haZz|@X9;nARQN?(oJQS=6ZMAzxMN?ok}*Eeqm^hjOC*^Gd1s+ zBgE~y8@U<)F6VUdq>$NKb3;~yzJ2-dEeTgJc9={X;bt|lm3!#>`Bi|TeYF}_a zelhcv;?sc=FQ2c9lH|)Z!e#_%;SOPpH|G(a1jp?UKC@qs2*9Uy#!Y*L>J$@L250Sr znl?B77oAbv6EDiKO?MZVX1cQw`vNhV@*Mm;%yTrpm|L+ng;lPrKH|eufyFtZI!W5% z@}xvXVhUX`uKe|04TW-LFg&}m0COh2G-fAbM`6wUiS8H8wM_4|u#2ef8A3{+ly!H| z_#lCC-hl;e<52KwT83QwC+hrRZ0rZt_ zt`f{W@~>$e@>kups8wdwAi~&MyIyjz4Ayi}U|d;wIWU+NqcChfFx zuuzx0a2tG)P2Y(jD8^3M`o$RUg0=U7!pS5gat4?G#7HHAW0+TVait50tfbHvuZVx0 ze-no@5M%WD-8a{n-SU4;^>Wt62=58w+*L`^#J(sA8I+#`6p`+pTvSM~WcXjNkArGl zwREUpH{$Gjlt%k_pKMJu>Wmc*zQA)~vq0&!#}3d)12W>rB?fMIaKj3bO(w7^KTKl8 z6YidCN1!h-Y ziR36ScowG7L~M#B3BZ;!Af_M`5v=JCw*-(8t?!To;sU+rc^l^01Q5w#vUH#TNw#zo z=m&?OqZy8NHkIfgx#f%pFd9ibOQqn)?3qY5YeEF>{bAl{2FR_1%?Ws1)YvRpA!Lyj z#*fR|Q%q*R&1=XRNQ>QnaJ1wMnpx};%etSlC2%f=kby&3EMP$_;Rb}FghGPu1OAMT z8R!h=B9Atd{Apve36XvXQx8VJj~M87={+B~P1k}pMZi<&rll5$;3YR;E`6?FE`L!x z()=MTfTA1@qSJVjjd5%)#-^2OKCu0iz+a(`upA-i1Vl@#;q!O~MJ;j+(h&2~yd#)Vy`i-_>763*gCh$Hw5bZQS*o^(K78mH5ooEX^ z+YKUzkz!JTnuvh!U{VX!d-lz`U`jd=l>9~F4+%yTr2w4ROa#@h_M(A@HCaP$h64nV zcxeU?LD!%#61zWkcK3vKVPwf(rJ3<9kVPZLlmM!Q2j;|s}Kb8E*0WS$Aeu%vW z6-q%IoB2_0O`_<;z)j}^f+Q}`2RDxq%%obE66bKXKv11M4sohHetn^&0rxAKdJnkIf{N>wvW5vr$e6e6i14Wy|3zLP)f%@qe3yG zgF?A^nz;w~tkM9!i;XG(2aUsd0BrqTn4bzj=lJWc@}9Zrewn0-r{L>NNS5CDnaQm# zcp(l`LB-(Lqancgq$FS7GZC0SA?>$ZFufYPoxckj!JhD4|KF`=U(F)f`EyyMNPT&Q zMMDxGgdJtPVnvdW)s*)nhbBm!|6*79>YLVag0GY^Nne4wK)WP(Zp;OEp(emA4=L~p zQ1T5$2>=I+7YLOIeHW_w;1YNW=M1IvU~S7(TQa-MOF4l3q9HPzJwh2$qkPQb1GO8< zGuda?Kctk4-2swp@%*6vVMtb$?EaJK&xDN!%}S7BuRQ@I5%J_aDG?+i@#pkO>c|8~ zU-l~C6jMsOtGK4R!e}6YPuoK2mAAHUeVznH3ibe~NP=(E1EnA{ zpU>=v$YG687od0i+~>9QFHJTmMP7TAQS@)<7ssL;^AJAbA>)&20rs=@YJPV=g2aN5 z#wKU*o;)?JiHRgkGh^P4MCY)H0ek}lUy;CeAMYq%(Tjmexz72)#eyK{5TFrGwz7iC zQL)!iAb3i=K+0eIklq!8>2*E*9mO$vj_w$JSX6_|%59-jslHi0J=sZFgpC{fVb)-y zFBC{e;^2Kc(#AqH0k8#lD<=w9=hEP7Qv|r$I*&XIuSZltgI)2%!|aa3yUr-rH8F#b zUAsd=SALm?Zt( zUx42zl5{SAyrOMk>0wr7ArKYk)Ets~Lz=7T23puO}&X~oYl1@UnLx5H*Qn#<%sR3YFWW0pDrsq<~_~H1? z{8ft0kM2e8?T*Sj%pFr@1VcZo7xwOczKb9n8iiF~Bi9~(6#%SRuE_n$a#1y^mS~C$`XuoOr8nE;|MJ)<^snB*b!^*YQ&lES&@Nt~z>@bZ!GS+V;=%%O~w3-~!A&E>K>3bZ z_CzF<6+=dYSV9ckaNN!#u`|;nLUleu8ZbxH6+R3H)07iePPzLH^oP&6xfb*+{_2A% zi+po=)Q!@B_chHI+Ftc$zX9^9<_`}YQdjQh^5<#=E?h1wiX<#5F!KPKg5o?u)T~f5 zN0cKti#y@G3=8O;a=lUdngVv@0+cBBWPXFDpfVq_GOpyiD;*5)k-gJV92GwVzh`9r zxsKv=^qn9u)NY1az2m5Ap&8I2PDtV&f)3%HnL57BXe#Yq0HQnw@8^@Kh=V)l&T0X3 znj1`{=oCnHD$A1W!MiHZOmc5U@G<6Wo zW+S$W`7`@Y;TqOInhRg?H9Er(_oioS6mPbZ?6}<+2yc+|J*A=$_lh@K9|EjTKG{(j zzU%pCF3NPCxx!1ex6R~5fy{dSpC88GGoou{@Ix53vDiCCRNNk5z|-lp`6IC_)9)C7 zDp5$W8@(4et4^}?Cxv+Z0Za449zt4gUE%>^3_P9dkhzc4DtHyHk@SDG=slAUx#BeAHsYDXYOGdHPcw^R|da{A>q85adiMy_x&;Yo^-Sq1GYO>IT zn-A2Y;&YQvL}8P?N~O4^S@Nn^D%uY%7JI;sEm=HxDW-KF$^sqkCATw$Aw@a`LxD^N zii=ytV^34yyk&Pn_W#s%q+v;=Yf4lEQ4uJeOdaeht^uLqOfD%$&4qMCBgay32{Q|? zW_8UH+|g@g)-Y%dqG>gl@TfJ@EqAhJ)JM{rKHe;~&B_)Xw^a0g$NzKwe9QB`@A=;K zJLh@7g*82GNJud!FAoE|h?((sfg;@+DBZBkjzwT?_?B(DT(CRMu#6Uzz?JV}O`HAZtx|Dj z%S8|8z1cfN)L&ou#cLHiI5V7--7Mboz%6_+x}zP2CFqXW$hEY z1L@8|1TK%vI?9!y2JwS>=-a15C=j*lqWl_6#MDo1RT8FZ-4!LcM*C1ssFe&er zA85=jH73r({u`zYtbvsJGopnPqdVciAnk2sW#O|#V^GDTF62w5rzh1bY-l4smP8P= z`gFVdu)`+%LF)=%c#C#fcXDe5J@}Im>9}rFqj)%`# z^;UgNMk}&IOdKAn#b@q`G`y590q$eY)$N%uX8Dz|exvW>vU037l%Q7;c<^;h5Q4DW zS9XeFuBOy;Rsh+C)!p#wc zT}1mjZ~1{|_2b|6k=U;yh>!y1?kH_}pxHbjx`S+vgkL(RPTk~>8l~F?(NhHJ@*+57 z;mD`RO~3h3U#miv+ag^XH`9NXkIl5=WLCAxCMi5!nb zaN~J?%4^{wE~!%59vx7GSI;qLN&+&;>65PKXTW&wEKnWT^u!w=%H860#9j2q#NC%+ zuexoR;+3%i)(89ZxGq3IE{1XU$(A%rAOK5y6#F88)Mn?6fdxhhun80nB^sF$_c7;$ zO~X&H+C!7Z0#o!A!nVY4ISSAD5Lfl6-cI?P3dtl|d$hm!zorg<+!XJKs&#iXb24)- z7i>BgtT-TQfhAD;7}VPSv4%#O7MY^(U;B!8u!aWlzdDDl=4P+_aoMJz+WP%7k9|hZ z*J)U-=_I}K=^&CIY%1ft&^+=RaMc zX|Bj(P6f)Sj!~_!W6JnX^wEcFPYGAnMAg2rky9#PJxp*js=pIT8yjDE4PzmOu`c2! z0nOjQ+;)yp-Do$fFE%bC*!$+YM$JVlC`gQRG%{dXeM(} z_@F9OZyG6ECSZyevsVOp==EEjI46?Em%+5avUcjj2m(5TIXx`Tvk6%m#<%)hTxW7WgKBI52j1yi6z)8cj283 z2nn{Xh{_x2VwN*-tB+?Uzdd8a9^paP)#zZQNkP$!@NsfK*hPRqP(1!^Y>0c{88Ved zQuY{Z1}EfAL`QOR^9KyFyOq3EGZ-j`3t4Fl8f-!s!+0e6WG!GkOA+>z=xfuAJIHM7 z_~HgbA+&l2ncFm|7VEA&Pu7x7KFAN8z44{dA&>Xro-dyi4ZR)O;Ny`0+aZT_4(RGv8X1dL|1y`>X->|V<**s?(3k&hcg{%UMP_bLps9RknFbR- z*|3x{%Cp5)70`Ev`rJ}a*@NqDhR97O30CFl>-fS|BV^;lcopkbwTmVeV4kV!!Sq{G zZ9i4v_ays6M>xpCoq+iq@6RC&d9Q>*exG8Xz1gimm0?%_929RNim5nyF0UbTQGt3R zuNg4_`L2aBUb?1eHl0-MRYNi>NqPbpZ*OzI^iXbTPS{o|mc`Otq}#r`223^X7(Zrc z=aJLmmefM^XInsYhh4Wep7ewE25K4eP!H}o?(Q}aJAihoi>lpf4%!!nN}5gI4T`#M5oqE-S8}-T#hG}+6?*w4?eG0Q2+n{ literal 0 HcmV?d00001 diff --git a/examples/external-auth/nginx/images/regiter-oauth-app.png b/examples/external-auth/nginx/images/regiter-oauth-app.png new file mode 100644 index 0000000000000000000000000000000000000000..9d6baa87e306e253c31531b1c72566ff3258ee3d GIT binary patch literal 86537 zcmZ^KWmKC>w=hsNI0SboB)D5~4NxqlE$&)eS{#Z)a4YViKyjBMElz<_q_`A!cfaX5 z?|r}f=gWH5nq;zl@7Xi6XP!t+btPN?B>)Kt30D~+4@E*k1tTFntHDG^^vqa1^dli_ z{Zf{f(e^~%{~n0wL;9HaP)b&c^7rfi?~`WuVjz+{A`rwzPl0q8V0>whvg6vH?e)B! z$@6T(=Ku|X_&D&=7txq7uqf95<;9{>kNSU_mm%#47QezwOp94K5dFW>O&HW82oT@S zS>Hqu2mOW3jwH!$GD-G)hJ^G-l!Kge|Az>J3nCL7a<)t*~kGsItcGq)$Q<)EcW z5kkDbYVt@JtjmSI$0OF4dx7{F-WVo^ft^Xn`Xe}`8v_9@X)xIjtHlBif@;Dg5CAq# z_^OK7`HXEhE{t@{w1}Q#RRIJHAfJ(vRZ)@!CfoCuP7@hEc`zO6tPU?ufovL)mOep#5Ikx>QRtccEukvPg06D>M+UyYDed3qHA7`8E@J8R{@Z$Vo0}jDyja4q=Et;q5-Nws|;fJhTh-6Fby;AP&s10g8*;HeyCL+Dc^1 zhMY!4f|!I~^qQ&illtUOPJB_HeQ_K*!0x+s*Nfk;xRzLtEUdsm(R7?Y;z*9xn@c>` zL{?&n)|4=pA-}TzYJh~)3E}haaaM|IiXlM-ge$MgJAhzRBpsV;RB= zNJ#r$bDY&{)e>fQJ)i9dTFX_G%&-@;x$Ltu{#LEGKX#>V&DtESmS zHM+kjA607nE>Blizg^BJM8OPp-jZOiF=$4+Nto^u{ir2jr4{@OmABh5;cw?t83Lu_ z*B+>sLklbbsi#RZ>h2jEzxNvchtQWjT8^N=Hf(nmgxq*;xK1|!fu9<b6cBMt}ziv#;&Y|w?`pfCy&dFP2^KSyEmU#OH{yg#ok0dGJvPKiG_ZIjV$mq+U z34f~bp#AAUtxFm1_ESrj%w7({J7TU{z-ub)nYQymWGZW7A#*=IYI+P2(`VGu z>Gf*AP@c;&GXo0f0R%v4!qs?cSoePYjq$bP(#x-+!E_zmh9 zJ!&^iQFofWHmNYa*W3|FtZEAir=5#+^4q&ZHJp%mXZP*qoe~XQcT@$|KB~3nR~*pGLj9KulDWKxujc%z;tMN3NUpw{zGeA#V8v35DRFdZi#hnY1Yh*q#x@ zRfh?D%U5ZZqW;#_x8xJ|gYzMMqf-D->hWasN0L51X zxT%{f^?0EUuyBRE=8V^3h7~SuoP>b&b*K4Df*eoAFq?A<@yF|lfAlMqoNNl*a{H<3 z@IsT8(sf~F`rMcloo=9XIy)HGHt9tr1!XH6Qdi{xRMf^Yacuilkun&#e`(y3`>YK~nq z_O@i*VgjeDRf_Ed9CZ)L)OU!0F(#x)I`AM}%shk+G6)@Nn9v+@Qd8YaSXfz4dPf6j zg$+EiX(q#O0j!hAC^FXl?C$7gIU|1QwC*e~s_WF-=57FD^>qQ~ken&E=)Yb>MPY!( z7e0m>UzyQQhd#tv4EeOgSotM6FeV3avv?6umb4WM!Q`C-rQs-)^Q z2{>nAze{b|RxY5@xbAgb(~H=u_+Q5h`noxqO{G39gf1e-2&f zx?kKIc&bR!bm1yqQ2=Z;fPSutl*+9b~PTsN^7Mtvvd{hxp!$D0$&oQW*Md78;EzL=F)>KL1eNM=n6{^lVk!>Qln zF-qZufS~#OQ2+VOQrdQRldvD|mXC+ZzyI$Krjj6_C%%8-3&FQI` zrEt`UJDoH0F|LHTu%CGh9<@)EYOYjE_IhQdl&XzgYXOBq`LY4P=^B;dJpo7k!~6o2 zhF4PAO+*~^lzZJLKiQe$IfPHgF@x*nXa7Wt{5 z^+901Q)ZdqIG4@*IlQ`;4urs6&njPhQ zKoz$L#u!Z0xU0HE|RMKajTkKO0u$x zgXjC-OOuN90#yH#>l1=r?E0`O*0d{o?0e0BTT@&|`JLw}r;$EWS*)i?_~VhrBbfehs{j<_% z6`0p;$KHOJz5JRx9eVQGiSZm?ymL=vUoeAVL{v$tA@v< zh5V~#NPpQMe?M~hPBwCS_l`F-4=7_~Y5rTh3rgPNf;Q+JRYTT97N|*;+@t_&1e(co zItK7$)DzMH<^8ytA2^-AF4#zj=@Oa};wk=WC?-i<#>kyw{ls2&rmn(+-OvB^8%S&$nLbzzCbs!K?8D z=0T{75LbA~WI@~+M%O^{Zvd6~AafTo-5uA&aBN?APlSg5Y0{jRZ^Uw;U2A_2w*EHG zxGtRER`|-ylraHgq<7)+&RTSj=9j~eRSO!pP=UWXi8W0_CW#Bt9PK^2+HAAmgJ64Rn zld>U@6`7nqv)cAAkOZ2>B=sv=jXVm2)X0I7I+*ci2syaCB8lzPnsZD< zP-!$ZCQ5Gn>QGKGr?i@vAeNzT6YKL3F1MzR0@m%c`+=wLp-HDdOT|{bvnNu2Ea@H> z^nT^4Q|{^z*th=5-r-+A{v;FxgBS}Q*w3$)G#Ezlw?o05@gjKdvy7&}=FL)}joG3v zON!a4ADYzfyC5;14S5%tGU6l6Je|UmRLUoMBN?#{`{V>u z=A3|^S}v+zgk^%d@0OqZ`|-#wig*R4=B(bgb?b&kB6Iab@oUzFy^`Q7q*ugqRW10E z79Zoea@vclG~3Duhe zj`rB(b%zZg7Ksr&MJ0ie`10EZo}ASV2efv$-@=SRe$KT|QuX=37u^U`A8r0yf8ACL zvM7kX=J|Wyfzw7tW}=h=(MyiuQALI1kTlH<$)`?YHfn6(r`39QmL2Q*cYTSW8Qj!2G>n$Df)q zyO+w`@4E6)D8^8rqiZaH(`nMzvx6s4^a3Q-;g)o`-zhE92BCV5nL~zoihPf?%K-$z8#e?R`q0)Rb#A-WFbBlExTjve0)XlI@H` zEvgIKg`54I`T3|0KOY)V4ZAm0Q)uBaRKjz`VLTb9%%da^{Usz;XRwWhM{0DRuF~(RiP17@oXm21 zaP*?cYRcavneiqBz0fmgP@*)3TxK6^NC)h;_=h8|A>>m)w>uZQ~YmtX%5h3zt; znI>Io`3NWkM*%+tr8g9N>7c@X@4x2Q6MR%$%Y7$d01TDhA<~`>1ZWcd-C9++Y}JKR z$4`;v^j}{$GxhImW;$&OvJge~BtCfT&wRfNxbCL=Ko3p!s!@4U7$o|YLqWQL62NAm zi>M^r?g_m1i>1~xa71OMTj12zV8pH(!Y=KVE9fc^q%(L-ds4Q_{$)cMMU5cI{s&zHH#HCG<&1Cu3igE?Gf>s}1G9h zvN>Mt3!A}Xw{3~A4}Sc?QgVwP`~jO)-(hEs13K>yD634AbT1t+NTuF<-AjM^I>)Fz znR98%nKuh!RGMC(ve25w^SmxACQ2JpOXY@t3X`OnO2lldPqazpUApdqikKvNQYE^_0S zRXXwj*wQZt7_(O55TqZaTs;C|_)vb%U$b!jcM?srem=ZnjMIj2&xZyt_o5Hbv7cAl z!YcnJIB98ruD|;gLu(SYa$7pQIR{69~7edKbQWa91|(1F}4pyqb5vlsR9{TCc4}aaVe_+bAhvRJLqV60xw& zbOvRO&WtS6Z^bM7#Wxknah zR&R&Ec-bNu%7wy$8h-^zI95$FLx1VZ1Sw`_$|Iv`aeEAV!O%U1IngBaiM)o+2D_{y zL=51^H|@R-8uWOxK&;gy6l^f%At_vijXSGUN~2M7*;w?MGFAVUU1WjwM!L_v5TZ;F zP<+CTu%L`7z0y;v`>guRRE7TgF^2i+@Zwy5O1hf?CFkp7(fU$N%cnQtr4R%w8{oL)>LEv>aK__T=RYgXsv1g7CqRuY;Y{swB zT}6dR#+)u^0%%;bKJ*^%S8|^)SQf)dObuYH^ZCVQLUO(PV1q$Vir4Cx(mpt%Y)PC( z(tW_dZA8$@-@oI0l$4Zo`26v~TX5I7tXk%o$@CY)xN9%+6tH5fsD`ihc-xGwPV6;N4OIm&(L zy+P0S&5OAljKiA?+e*A=-|PmR1+M9-!&ooaWU zF%DE3R+t`IA_&Y!Aau*ESB>(?=oPSUbb(3tzch;EZa4Z3di?j; zRiAE@?YUCTyD{YB4ZnWCwc~WtK%6+tuKVsI|>DZEJM~H(Q2drYo(WTX`!;U_duuV+mx<2tqg8|f zjB^=&Ezg+&WKfh?cm*^ZXJX>DM;z-RJ~q&3NSu31F<3U*SG!Z0;ldH>%g7_}O1zNP zGz0j;GL?Tf0W<;MPSLtixaWp)aB`+ME&I>6A+p`(Mym1OQ#!_8$^MR$J}N6Ouk}(ij*ZjHCPD$X^rZKFk7gnqNF4Vc@9|17J4nq?^i{;xU#9G&9ghkT6j9-X`ELr z?CN9Q>AVuu;=YrZ4}ujSo|2Ljzu1P+y33X~QXkpx?y(VCMXMO2AvEIZ#d|7)JglU< z*g{cbymgFg*#-({o_`%```t}*v7O30OLv3~Y+SQ<+6F3U{e4I-YDXKy7z{3N$f^<2 zCHZ@-7Y^%7ei*6*xPm(@2FZeyBv+^5$DvmK-L}wuoCKvY?zPi0glNCUnrE`|^8S@c zL@R%5zIL<|G0uK8pN9_=&Flz(J65nqqrH>5$TDuyf2qO#h{KZMi(2?QDah%0%7g)z z5NZX#WU+w9`vA>E3!zD!^~r&|@~h!%HrI4i|=iQ$#~Z$%6Ke<7&#*`s4K9J3*Uc0#l8= z2dTx}2VQDuWIn@?-#4a{^c{Ho`bC({-)(Px)1#@=!RSS+g==WRtoE}4O%9{6&e<0e ze}pRSM(r;BmaqH_dYg`pEQ^-kj{H$29qHa5Hy85C&xR2H?6Ty`6G7u$BekUG72x>A z(u10qmne-d|BTdvQV5RxJRaRrlP8#HyFQGOkox@k} zRTe$==9`>KJ^e+t489n1ktXCAcLj*0^nBm4_UN6`GcsCwUn0Gy+M)>AX;q6~ePw_3 z2$=nT=>;xl2o?4E{J;zM!H3?Dkuvn=+F`>9Za~BFt7ivDz#Vt*X$CZjx>tE--rkhP zPq))pKpnQO|rM zNo3j1MDCXZ$dsVHBX{f`)xJ$Q>@5KvXtlM02ap3J%7@~$Lt5$SnFHZ+{zJ&o`tam45P_qn6eZ$=IpPLz)-3macSv^s+$ zC!S$)RQ^c-Hbnpaz1dz^US(#eWy<~9V0*7mvWd>F`qM^Qh|v?rhgPO{ryRH5it$ye zgk&Upr)+HR-Hq7LP|-06Uk=Ww5#AMaLyeWhf$|(pU#jfH)_e1~!%mI#hVb@Dl&D>L z5*{D@#|^`Q7D!1Q50~@t%vi?PU1ZMZ+k_8C#}mbJ@VSdKZN>MKVRO*jM)FY&45Mzl z>1D^3<@*s2o@29qdWE$`#M)&rDdf;YVzzVsfW<-8OuN=?BwlvC$mSWG-T@gJe`pCg zDISjR+Pv0s8-J;{5YQ9#Fv^i=^~lGHe}k(gRk1@hhXxWu#{TdyivuE8+VJ$ea{In+yl5R4OmQ%N*X&}66lY7&Ro=e^!@(oE z4*Ad-;7!|FqL3vn5tbDcwjgpeejB|aIed!5YTI^3VXu@dD^1lOV@I+N`O=%md*w?( zL+0IN-ez<^JhGg+95YAqgI;$CgLC>}eU+xrkC*<3mzrJ}5GVaI>c|@G>JNCBs4LM+ zeXkAE!bis_B$zLaKK?`Bc0#nT@V(iN?($%-*L7rObmxR2+CT?ghZOEuVbtZf|1w!r zd2czUK1fM#w@mrrZP9SIqu*;q0icZ5Y+HFpPGES4R{h6C;u`J`&$>LRj^4@`P)<$> zVYc8ZK6p#UY6@VJ&=~yJYx+%&f{(GE_ZEYJU7tj5?#Un50`9Lwyj)*4u`c;t8J3rq z$Bzq!`f1WM2s`nWfZTC3 zh?P-`=`fRh121Hz7Ju4^^sG9c10 zUlVQefe!`S@!w;p*gnuNf>r$!Yo;eDI@heJH5M z^80z#(PbIa2zjO~isNOo`;iZHF}OIpI9BfnEdT}Y45wsD={E%_Y&OarrHd@y&*xRJ z@Q~aa-u-&ci3wSmrdLP}=s(KmxPA}eecQ{#SyuY7(b2SgjiJbB68GFjtAT6YuV#rX z8`ywUibXxCrQ`!AX9AH0xAtGcm|{g%2coz;BFy_^6UHwpA);PgJ`9cJ~_V*x|$*7{#tIp=obVS*`1P$M0FQ(t?9C&J6AemT$-UV>wN^K z;9Tzg$uoIJ-0kcM82VCbOhw=OI3e>gBv&ABa$D;q$rQ4^$!43DqUP?mNLrlEggYDE zFZ7o({ujjX1Z@GUCS0KmS7<|;vyj!P`S};_6O2GC4+1W;H#hI-56YENg z@kD&r{NywQQ3@8*A*Vj4Cs3CqRgL~_KqOhEBz)W6!Q)!S2APBc5~s^jlWt|f_X7px zdZ~m7zL1n?8P!q(*+Gul6MFHLs#!JmkTlgJ+PDNk)YkB{-B&_+V6y4nUk2oT^(azR^*Xh& zcq*O`zLShZ3ZRPv%Bx7f&1`7Ax%}L2_9AD*KfeR2>DvwKcpEgZbA;_LjOCKii5Mxh zTOs1afKU|hhF4yv9hE3}TP*#h&~B*%D`L7f_w*!JilzRZ>C`dH6L0Kgi9RYm5w)~b zoB-*e3gi1bXu@wL-8;hRfG#^D)E$?dRjcgg{MX}=6)AI?^Qt@48>QQr)F$+D%YpQv z5X#o@lzoFnkAR6RakpZ`sJSJFVnFXVNa=f}ihG5#_fOcZAT@816<9ZWcs|OB?<1qx zVIYO#mTV)zuTz&r<)yozhRYJD`lfO%0ZVc0A$o;x zT}2%W7WM4Caba!?X`3Bg@zd|0ddOM0VpfT7ACfHKO_*RCBMI@Pq&b7)Ujbbo3H!;W zWom__tR~~|OjcDigGu`8SYh~L*x;F@peaTk;kbq$=)>dc5SREIgHS`Dvt?pDJ5$wlL+j-Dk$yjHnNZel3@V4Hd^+9CW%9ZV?qK&J$Z}p=m~t zE2=YBMO3_wwzVWeEktrPt;psM6%)zoZr2bVUX=5Hd3(35_cm3aKZl6=r&fE6vMnYT z4bHhqk5uIR>n|Q|bY$>BWtfy6b5xi}`TDS}rZ}$@iU>%K@}!(JJ#_^}`hy|jk&t*(MG=geBl6Y|b4Z`8?0c-b&6n?3l%ROJwaL^=tL^6M3e>vpM0yo}b|Mi@XcSv4(oU#SC8#?f~NlN1lR}m2m5=ZHe1o& zNT%=wPgYS;QTx8KX&A86Ol)P1w>DM(BQW4*4ITU_9~Hk^r6&#RWTy{37^FQ<@V8@) z4>FZjeWzY>1CkoWp%E)(`BQVy!dqe^3@6a+(ra?~g#qZI@8lk3YDjb3#!crSLk8o3 z{~%r10j~ZSFA0x5n>c%e-UQZ`AKp1mQK-)QAZ#U_z#d8?3q$4*_DA9TQ=OB`@XUm! ze{kRu1I^$&AWW&j+A!mY2cE|h3%(RFq46W?uY!AV9bCb$d*pEhs~1!SHV$=E&VLCL zC|12r{}I1Bsmt5%J$Br8LL9;KanhWam)AoyX8XQCQc;vHTm!&3)Y&D3!|a5!`uj&j z{K|kbYT1qQBK?tI8%y&(PU~=d!4N(gvtYExkzCVL_X;f+v1T)Vq&U#qRzh9`V>+`B z_$$vE8m;@)PbN3mhY!DQy?^o6lXt~7upXY$!dz~O%XDsk)vO~|F2ks~LaFpx9DfZP zAZ0HTPHX6g#U9ZmijHF*kE0|l6OA)(qW6tnG~B%rGi7ReLVFqs6Awckkelxf3b1k zrNe6BqfCsWv{ZO44b#*ML$XpXoVbfD+JF?zLiaM=>zG^+Ipn*Qc!AOc;^6wOo&@S+xr}{r02*@A24I zYG_<6@L_I~pkTmalo`L*%|`<#)a80@+Ma^) zYQwfr5#c#&-zX8!=ubmd^+X^ghfAl;HZwC*4gFFmH2LY)9S1L7345b}UPSK4v{>_s zkPkO2njE0fCt&0<1Rt^BtVDxfmsLmu#^bQz*HNVLt4_zOv$Rt0Bxi%ArmO`es_%Y% z3k2>r$h2@G7VdxNhIjD=t*%oafxQ@NMz|2WQ>C3Q3KiCciwY&k%CONv1NwFd~Ez#4x?p+j=e>?Zh_)*5(3E3ds9~-gQz) zrwt+Y!*7u=&YCu?Zxf&U>HxG%uM4@D26AwXj0tKi&}*ShOJp1yW_Twys4JS7GPxl# zXTIWE+Vt|4JP917IN&xD7Bjw|*!t3dQ*8q0UOhID1vEmj3llB)SebT((*lL|a|6)s zd17#ebkK;N)5QVj6>P+_@lHWzvalg0<)g|Q;|cAsyl8yB-2qfgXNx~P043_#c`wkm z(=4I{VLKsqn_5&Dzgk+H^Ub64E}I2H7}xJ|{72@8%y(K;6eubRw7B#6+^L1eFM zmmpw(t5STB#-+{5^_cOZDBQVAVwiz^J% z#RPq`w1Su#E{FE$;mRIHZKcJ@AJl{cC6W+&J9_$XXseyo_^_7w0uA2$C?ddf#X}u8 z0lW*1QFlU0fS|58>r7x4jA5GXtai%)H0tuH?9iacE^XF8iz{;zjK?^IoY{0y{8Q*yGap(wJ{Z)%%*36-e5Rzk_Pk7ijkuv$O!eVLEx zNpD%upF7L>)z0$ilcOMx3*XONze@_v$j7?dL0bEPS2NH4nX4S)SMQ$;k^O4}@2-}+ z?~d3%{o`LgxXo9h_xJ<1{yCGZ>9<{^}7cJ zz?Y}$^(O)>&jPc1(uGzi7p4M%7WcV4r-BBrhWj3YwC3EwBlHS+y%Q4U8b>7z-Y{93 z3<+?ULJm#@bCN?CFiRx)V^BPxNKY zU}m_FX1X0aWW~5T5NKfK<*gJWBUi`Tt0}7}mn_g~i}xsc2vumX0&tfWFr4m-gu%%V z*BTGeYOA=>83eNkN9|~!)nq|D=&#F%_iGo zqNkh3GRhgBc0N1^7FNEsimAk}$>!y$)*_H>ud{!Ko)xJl2S9%wod1&8Sp|!y_V<6M zga>~uRhMUo8I<8!h^Kg$zU62XVky4_e0X?>F^4ECmqhRCh~&uNMl7uC1Kxnz+#3d)dT=ZfZ_3{E&f4)Avh zSRF>u6O*DKUmWKeA;%A=m+%)1E;2(=x)zzFkX$jp*#%wZk{7i|FvF2PRsK5LG2~(_ z9@(PKedl6v7)wZ5AeU7*Q2HTWHUf$%l&GqB76lqKTj*D>c^lX|Fvz|r;w2bk*%D#* zHdy4_p3yt&W~E+QC`U0mj)=P@>CgslS?y=kER0dRz1PDgW?dD_SECi%zqWWrpZK0v z=qa1)7N&ZUzer42_6s#!*i_ZGK&_&G>9(|X?KcuFV^SKENJS>X-@inRlmPI2-j%$P9)3#*DYoy+04JW#Y z&svF5kpA-{#;I&v2Qal#M>DMTwJxGkV5*WuQMewJBhw*#TT+x}x*e7Xs;Df8kNMsm z|IN%;0O!b4D9%iB0>TB}>^4GO;;9WqsU75D4R|T*ppvyC!y#u5_Zn#%V4pN`gJ>CR zoXs#;L_J@h(DD=!E&8z}6WoF6+RNywN5fiVFAWg2ELRXo4}BTd;l+7#cg+X}!qAwz z@7tlZ4}T-}%&3NL)W6d?4Tp6=8+jW`&?}}uvwHe(+G2=9Jx$At$A6svR9PA=o8fVQ zIWD~9X(%;V*!k2cc*+&8#>>O=F+U&qAw!O#1b3tK*DZX`s{dtg)!KQ(>o%V&iMIAr zCZNCP^1tyqancg&#S@>XgeC*qo36qZsVSBKqawmHY!VN8e{m@dzhT=&iQ%!70 zAm7jI!<9xwuArixBz;-H&+u;yxJtcsigBwE%lpbJiuAl;8qQP?k^xGdZ1F4X>O?gm zz*p>4jLAJ&NwRyLPu*uN0>91=mAFOCp5 zSd`^BLR>>5OC${`;TLe79@9m3tFtU1sMzH?Z9vXUt1kywkEj?ChS7E;E8>QglW++g z6`3pXb{{dZ;;wNRmD?xAFgUU6&pTn02lg&RC89=ZIz7<6} zKIMkPN$wrO6lfKf?}~?ve-*WkJfWxOpX*7>X3{w&w7m4LY9_|I(|8wxfkheG^W>xw zE5Qz!8Cs2CijAno8+Y>q6b5}qOF7!e0$M>%?55&_;uzl3E2ze=jye%T@7rVL06sd^cA3o+&g&^} zjch%&b-=%Q^JbFb3(lb3bL}s5*zLZEZ{JT$VrU9UeRvh3r%jvI#d&Cw){ZjAwu=t* ze^Vw3#-u;brIj}EM;obSm~xNuXg4rlKlGSP?uhR>K zZq$4LP2GS(O1z18ReUn?4nyO_NRV6Q;B<~Lnu3+tHS3~^}#32dcspRGY zv08uBxZu{8yyLjVKp^!hAzlEThSUSFj3HR5G1*m);GznVxg_uuE)TkIj+dm*dMWBP^`ShWDkAEzmmC7Ua z7xz1hi^C#&N$OvH@vwHeKL^F;(oMJnhIS9-0B3UnL2;aZ+xf6{^ds9JN(uN$Lu~^} z3`E+l%}UFd_u~Y}fP{h5HLmx%PrXuUoNI)nKQUyMg(GY@V0i){S#tXxGvgT*hTWB( z^eHHq+?4zVR`<4%=RAUwl5`w?UajqjL9MC9#XgeTSRk!cVG|QQb4{>-cttAX^8ALE^=->I zVNqMG3Qb(|q}C4>!qXf28)h{*$cDvC)C^fg1oQ_(5_^8fY?=xdVuOuP`>)PQAJoX9 z^=R4)9e$bq*Kl|ma93Jo8gWkMaK(}4V}~_O>S+3CWjb%pz2vQQ1#j-~9IDCH3kJs3 zE#76?V>|_19wI9yipQ>P_x8;;_PI4W%p)Elv#hRH?u`^%_RFW87y3tel%*L5yZ+1T zxKu;xqs6~7iNT*pz!_1%Gs{gUdT4o~t{QyXo>3v682m+wpP!!?OaOi}R6Z^ZPm|)$ zh46aAb*dvFW1P?kpcP{%;!e|hXSg(c+mR8<0fJ7_fk_8BrcB`E+vN}$@k+bX^}*6z z1QmY7adm^5cnu?CuXJ#NSbsB9dKO`g!eMR zOzrRGAEX4c96^0ngkFB>fx~l*e{WyW5P+wC;#l0u1O9>d@%LXuwl4;qHkXjq1cpdzndI)>35b_p` zClvUYES{gR=6)_9EhZ_}J+7)_yUIgaC@iQSvP1fqGQGs&;5&V7;6jd&ti%F7<8{?O zVI1&~4KvEJ%K8x4IrZcIBZ}sfr4W+zC}CVtgA+w6J026l$giV-E>7WH&wArE3AY%a zK-9msY^}Tpzc+j`t`vzz$f?Z)T^H|Rl8j^hc7OTx2wE7m*5hLA_Yjj`4E_(oo7VO4 z`tjFK>#*(!AfrMNqk{PNjbGUxHe2{R>FAU^BT}ieMO>h5>)X_;%6w0EM^BzoXP)ep zQ`xaEb|wWZT#OhMkdY8>GD&}+Q&%-QefuBQEYO~zXgoiXxCla@1CL+TZzpCx^czn6 zuseq%+%`ek9?T#aTNQKd>f>@PQjuSEOBhZJ{!1uNG@RDUzD;8Y*FKw6{3-4~rg;gE z2)FDxWm0fsH0ZI#HOwl8AR{8}8}RZcM`O(1?wZr`L{r14VNUDOT?esX0%%yp%9>HX zR*n5l+Y1Xb-bS0uQL5_7)R}jJoHR&yOhis#iRI=LM5PZUi>DT_ z<}8Ib3Tr1Q<-&*haA+i4yx*?ncwLegaanAyPFkuM4*$9yBUYc6ixYPo^*$s}vo?)?`%v_o#9 zNcm@F_yMc@Y_?L#S8#4SwS855DwGKHWXFVth6=pWx0h zFoudv)e(n6iG@_18sCyM#Pl@d846gobmLMg&8{pta}e60;}{HsPW=yWZygoKw)KnR zo&ZVX5L_Ap1h?Ss(0I^5aCdii4KBe6?k)j>Tae)H?$9`|$=>IjeZKeZy<@yF-mAZ= zx~tZjYt~#-esiu>zG7AJwqXdoqeQGl<9_(0TIiJ`WU>7&djy|w(MYd0`p+gWzmIwD zT?ax&2M7ALN-4MfE8ooqAljkVUsBON--b3V)+xI}0?%_~bA7w4Kh{}smP<3YD zl+XpcChk0JZ)34&wZP+6x$(68$m9c4Yw(fKtv&jwu_8Rr=aorc7O!PA@5Or`IFbMs zMh7a_(ROc}mW)Z>V^5Ox*-$nNPiO^S+Z1U8B7UqHKg8h?d$ec=A%a=5OdfdZzL7=YZ(OMSiw*hGECppi_^T1LaRZp4SGo z@K6!!_`UOf+W8*FgA#7-TSZoE-nmx83=8(jO1bYWw%jF|E9yR@Sqv1;3s7OO6e%BA za2UreytWD}Jvh3LJUWRq4@|6a4>(tC<25pmf6o%m&QBt0O~Ca^zgR#e;~9O{@=dmnCod4A)j_X%9zDC z9G7p6+F(Hm&G%@=M2#P+%_TZ7fb%9Wa0Z5xwjm`_BI1<9)G5{`pLdrV@5^moK0v_iL*|K*y_{x)3p`!v%gosQww5N(Vxc- zza@R|a$lV2V5HHWSI*46Z#i}B`0QW&AlJ*Lh~1qFc!h52JuPOWN@N168njd}Fa#!O z>GRw^G8N%*LPTdg2}W?<;}(lU!k3Tp^LP?j3LzKtck})ERv(nbgD8l?g78>v>J1x( zO>NOi42=0b3UF1gJ0(cTb8k@E=3y;ngRfBfM`&>OYZ7QEpQkAQ=fkS_>&95v;KQd- z7RiN_=#SSF!iW)~`$)Yx{L@1GrJbu#iUf}&oIdXPo|QRAXcABBAN z0>s{M6<5M)4etty&DuU#zmM}%k_pp5p@{-+E6*TPBqg}P4suSKh)Y^PV6i1tIdZ)Z zT?$53@P<+g7YHmiF`8omxo_-hE7iXtyN@EJXz#siY)~-g+N%*y1^2!hWMqhq#XaK4 zv#Dds``Cah9HQlmeXbGKEQ|tnUITmKy>}FiO3qhd4wsOgSFI8_vjOWQIGb*zheR(v zyxHO!3;_3z^T5(V?1kIuS|6`)nDB-;SL*tAW8v zX5NXZ`ki1soCWmkG6K*kz6H-bw4x3A2NA68QxqVs!=(=mhbURB07_*2vTF*Q3^Fz_y~d$3DtMdCMv+m4KR z5~hOpf2#}@MBThSTQ?#BX*<0 zgDQ#INZ?`LMhOUdzw?f#c!Qj0GPSR)Z9PakS|z;Dea3P38VD2Wx8b2$o;YBJ>`3?C zJZ1epPI+7)Y#;{(xM&$UR#9h8qh99tzO;tEu%HWb5Nl{^7l!jzM5G46JcP=ANO{R* zzPoso+S3P8|4nvIB3z)Nwh9Axn%9~Y2Lnvl*}Y@%<2&I<&XF?bW5Ke`JdvKma zPvA_Fb72Xd_BIbaDsPwX5eAH<@S_eN!*U!IWJ3}7X#pCBL?9A%EXL1~`*Wc(6v-)X z)bJ0_;mNn4Z#LBBZP=rm5-5OQKiLjD>zWbB6qO}>UAKOskC%}H)4x}ccCrz~FjoZ} zvcEnVS&QP96VVuk|vJTbTTpH^$5Qw~cj#AC?rphnr#EjZUD z&Q@!YqeKL>k>nOQZFWDT+iK-L!KT|3#!$)C{cwhqHgYQO`qW|!XEeuDb@b^<%+D0Q zHE!%Mmhjb2GcgG9b9;+B#119l(2bx2J5xFS3Z&<~FG*I3IEJ)=h0*n$+2=!%vu_cK z7J0RB`dAu6EMRmh^Z?xkvxmFAgF!-ZA2T#Y*SZirA*|#mC%6s<9-@N?Z#xxX4z*eq z!W`q2*W3vVnWYWQiWH$f=XzSwPx>|OYo!f@v;{Sd*Vljs6_MQSEa)e@)~gNNyN56D zd7I|@Nf4^Tq`#D(+80fJ!C<3H{H=^p|26AH>w9)coymJ8%}f`C?HmJ6Wz4*%(^(VB zxKqNVmDfYUA}OK1I`N_-Q4bH#UxYyPzCgx)XQ9&vfX&-GeY9Q_h@!XE6hw)#gZl8x zGiK=0ZAU)cRgs5dI^rX?C^7#e@9L^^p~DYk;}1SCiAz_stF;#c#2#*l0bXc8RyN?} zK}JTaPr|FZ4s%%)${c@7189b#Jwg*i)>U(nkkh?)G~3?;0Uux2ao(hM!v1u850OI0 zrbKw*ceWozb2Q(A1fT#O zK}S$*e`G}mu40#g~A8Y{3{M}9Fe!^?_ zDkh=1iPXtnId?C!VQ3+-s*M|kJj>G;3G_Nq^OQ%Usuj;R^P29GM3gD&t0*uK9!*B( z>s5s}eGxo87$iN{lZ}$8RDdT$b@~D@%;dlM7;*@#R)jb;t~D{$&mfxXTXvAbqeeZp zKL$flIvh2w)Eve3W%+fVxYFmj>oJ@dERqXhtofLrXx&rfxu3G^e)l?-rg$T<)(}L4 zPmsHN8gpU}A0%!HXCCNY8!X;%6k=iqIvkz;(IP%Ep-WBV`w)3ojKNtVzn8F7%Ixn0^ zlLQK&h~H$ZX2a#sd0k)Va)O^OclgQae=2Rl-jTq-8r*ECjiB0kKs;fAum$;Eskb0? z76T5>U;6RYr7acR1s0Kq+nJ6hSuo$tha5s&4IC$295!bFmuRph`o7vbmZ1IRo577W6$YV@BW|@(+x%dS`?f;#|3_;7H#6P%s2PvcTNgG5farjtrgzvX+Ge64@&ShCV8ci-;-#y4Pa$*%U$mJ`xbu1`^N@ zW4-O2j?NL*8&>!(nQ-pgbk}Ldt9UN)03jzfPnv?S|eZ(J=ozdT78KcT5AVEMJ zvOo#j99)G;P71SO;z7uMW&baL8VKa_f5Lg5T8Nzv1z0PO^Doav;E^a&7t_Ks zfT8HWuv~aP5U<&EILbk|XGZ{O?f)AhUNEQs71;DY$H4yb!+&o7Hz<`{y+B-j)MwG$ zIc%i9q_%|j*X!hm5ltU;b#EQEC|JrmX=cfWAZai1BDD~mDNz$BB)S9{*2{a>WnEhJ zWz{rswEhdvdVvoim=y$<36%K!k5ej$oV-W_U`f7;G$pqAH=*2WIs{AlApBTB zwQwn5wUf7a7IAajV88+7mWbBPJVwX;-SU zc&o{{&E!#o{^%c%OVAXVnI@bZ`7@>lE>(3-%){W-0oH<)_Mr=AFZ0t1|C2`DTteiD z#$Hp5+6>0EbWw5gCt-PKBwqia{v=EiFYikA_t@btJqH0SEYN_Lqe0Vd1qL+h>y)pt zzY`u^=&B-+`Y^WxtKhE5bLY=yIx112+eFNCnyrwy()|a0Xz2R((P4p6*mteXI%3V6 z*9MK@cjo(aQ@SA+9{;m-hUvM}(z3SPb7RQ1JYyP%+Ce|yhvr2W<}SqRHJt)x5Zmq? zl!)5v)!E579tFq(p3*#b_l|@My&oJI$ts#Q5@*JC;88`K%Glp^BeKTff}qaMYU)pZ zs6yiuR{O3wH7p6E25mo{abSk`=vU!_KIG|1boTbf_;uAw!ie*PJC3f;%0c7Mf5s|4 zSP^a7;vt!kjVk}qKr;R0;0YL;HACp)e_|*8EnIu14Og5X*pJSR&@e_{O`ZORgeeay zAgNGjRfw`^MHn^3-sR8Wr0F5f2oM)knXzeW*LCzGW<5RQRiH>%dc`j-1lp|{gs9ga zSu9Ods+a6v!8Vm{3M4EBc=UigMt9J2~uY-$L6z)-pzx+GV?>EK<B?qcj2xT7ig@a)Yq))Cl-ihu->Cv6TZHBJ4<&G9?QV(589zy|8eU%*eY->zi zxXMGdW9YnUH6Kb9!Jv&O>_X_PT?(}BFwcjNd?Gs_R;h0yr2gOUc7C;y-L;~g&p-ci zc>nDc137*S#fLU-Nl&20&WI@C*WIB@JOGktgwGDobTBz)`dc!6xEU&XdY1icV>sFd zsjI{EPJR-_Kn)ml^PSl~hA!hBDq;7f#%LHLxQuEdYWzI5f zDxzC053@X0-2+Dpx$h$fzqxqFSafsX3?R@TN*!E8L8M&$Mf^MrV%8~qvj_`6eI8rC z?EvO+5=)#~Z6~_xhI`e#x%gd=Le1CQkzs_{ZV#LE#N*#R8D7pqARP8(B-S*3+Hr^d z5*fW)vV{*(5KG9Uv`v2r4(NuT!wHwu7G}Pm-f0NPxNB4JLmLFHdVaT_qgY6I3)d#PnuDYckk#;i%B2fmmu>9SJzE@J`;$2NR8Zf^wG< z?ef{5LlfPBt8(83nx*Y1(y)e(tcio*>YtQAX zzqMMJ^=ptiGI;3uHzMc9+mQGTgG2g=rf=)}ALS@^o|n>a_34-nDI=QQlRFAyyt0BF zEl8f2#T0Q1Z=22Euhj5Uyme_ie^X(AoScXz7Zod)XQS`g6)XZ%HOS>Yuz`RZ8`V*) zL+q`@1!f`X8Mvp=>G05~63H*kT3lhfs*S3-fh^k?^t4`W2!Nh!8ZDl(cFmbr1t-Pd zoEk5;Jrm;*wvWvmJ15I+KOP7e*_z-(qE<14o znG_y_?s5o}1-StZ0Qk=WNQ$p+qZrYCpHwRF`Qu+HB97uHDmrzSk^A!nm(t;aNLs{R z&#dBG#(rYP{Cdoi_J)m^=fK+GVL#`p8k#8@ z^=vGJvfwWNOUpLt3o?OtT6mb@$JbgpD+TP#G$;+P?;Ra+Mavf}9YUZYoMm1C_jf#Y zklKXLd)e>yaJL#wZ2ut`m>{hrUlD9@g+$boElkH9IsNg+tI_9>zTfr(#~lM3mt$(X zU|oApgo1{jo3|O}=S(xV&yTqWn|;O!u|&>l5uYymDxYt@GUd_p=7q?wm^GekaJ+*; zE;W9K{@Af1t!Le(+l!n&HE)1G-5E>U$a*&c%Z2bxr;Ptv>FUm0=eEYhW6ArG{%5rJ zmk&QeSsG*znI(+ULhkE>BT^$@JFCZ1oYL4WBw0-Utn9^H!AJIF&r6mH4JwL$ax!*~ z!|)terW{q~T;eUxb4MI{B}p)VM@cQl=({WHh*w0InisB&Gq@EKD9>Kd{D6rFZ};#J ziwZ~)+V}>AWFXsQ;eV$c#Fr^Gr3PCv`qr~iNcjJRUft+2EQ=` z$=7ogAO!)mqZO35*S@(ShR^H9ev2n`HS;cx)_*^Vn+EQr*+<>dDsZB1tTtmu1)8+d z^ahx@DvY7}lNp&<47jO06f@(L zCR=`VjcCh9MrZx_0}&BKvEAmq(sPjK+h%xjqcU^GU#jE%3Y-*IDR=SJeZ_7FOjY3n zDE7c~E)nRydo;XSd3;-uzVTd>Dd!;KFcq2S@_Wm%g%}O6ZC2yY2Sd&!LjinR~0zki66- zvKulb#Gdr!UTdAc!Tf|OXWnf(5OQ}=1u4@NhCytLpDhe6Jle~qP>Y1yf_ri z=(up$r+Y~Js9asuf!BQ}h9(XVoe?(R>L!L7Zadg_* zBn0IyD{>7Q?}v~WGCaq#vnowDH+oLXyd;>89aMHK% zHpA3_lSrxfa2L)>N1t{y~A81b`=iE%e+^F5=AGpL7}3#?AaK z`&}LLq?((Z81SLZ6?y1~+a@Lgf^}{om{~}h)Qpig?-$Put#Oq?5^A?@-;W*ZS58wq z`5$JG-l!K$A|?>~WJ(K=C{RTbH}TiT(hz}KO71_{DHI)V#x$VN%sXwV2NPo29mn`Z zg{nfu>!Yr+4a-IAuNn~xEhUXh8ZhI6E*XSbQQb_uFe4_qzfzIHU)k?CyvfSVsS5AE z{F1-iFupO>!YyC4Tn4G{XOvRNJKmYzCi<6id!tGkXu)9v9w?c&3w#RNm^q#NYL4p_ zXJIplj6_K8X8qH7N&Ap!2eW-Y7>W46i)WnkiCBkEfdLUY2=K+o1FyS%3rmjo@`^%2 z5bQW4HTF6P@W>(wgx(oj_EfgCMPS%%Xv;^u8Bi-XMm}-n&tu9%qJFhm9hJg4pOQoZ z7g$agM{QPS$qfv4oOE+(dy8}EgYp%+-g!T%37;~3UCCfb106lkF2-8HV6@DoCRNS2D)Au}voRNm(dOPWet!%O zjQeisA5F~DUnqJCrBb47?be?jKU_~m;x{q-zm?@h1}!QGpcFDZ)5ZDaFg;WnSg(tD zw!fkaY_a3RpgT#toqBYC7|`ZuHt;(Jlj8}aI4b{`mIzMYmEZeN|EiqSdageWeiK#7 z{_WP>W+j@EM7x`I!#hxn6noUN75PWL06DvTlLN^}`$m4xChVt71_j;(Bjj(8iKmE^ zc@@D(_QW1~>Fb+o0e$PwRtw>1j6Eq@YyUSBE=fNB1K?ofkadm*!2!p?1rI>!0x)R( z_Pv7mV3EBZM(qSm%l3k-a7MpUM@di)5l%a=L=_)RcNJfNT0>RV;A;Pem>QI?8$=Go zk8NKK3_9}CbyMxeyu~Qs+o&&BrM_x4z#5>Mhfvd9@qH)`HH}scZpQ%q0^#{p5K4Cb z?TJ2ofF$wd(!W=>rD*Cb2Ox_iCD}fA=)iSVVjiwmN)icj#g)&lFp zm+7^9OF^FuE8f9CR@lUzmn#b5H}7x>pqRObQ7K3#SO6@u0~8wKoId*m|8TbeTcmrZd0OeF3Tf8$!+I>oWQV@*|{ds~yxpz`hnf zqzF5@gajTM$<5;jbD88OL?QV6+6+58A7IUj&yh}|?iO>fdRH@fq0V0!tJ6rBuBG;< zg}>q^A!y%@u<}iL-u*TGTS%n!uW$e{hAeaqN?Rvb|5p{5%Cy|dd*a+G)(M$26*N)sIVlz=Q zeBni_rQgDy-);`mW_0Jkq0a+CVSz9|M@D|p=6y3)j)i6KYTKz>>~863W$`5igyP;) z^vTkYMA1T%)s@f=lBy@D15uMBNjtHX+`ep|R*5-vcfn&&9kjyaN z?XaMmt=%`OAB-X6y;9Wi&NC+-S#re0W_>j*tb=CapXP(fg zNuAX9^tEGD2!J{2vN6i=51*Z%>zUqf-308Cidrc(dqZMLM5-`KUk`Tweu+n?P-Xc$ zPYbrtbd4hW_|wG-y`e8jm`%)?Awmt3wWd>sf zJ#$x{RPdwE_F|Mz7DC$DVpwD?M8&WS6q$}&sH?KrVjFsNk$`}O(5MPhOWfnd)Ld?e zeWum@Xt=sdB6-nO<2ZTpGd{3)X3o-0hNEAIB~cDZl@>*N^XHo27;QAd^LDY(BU$leJjdbiG7JB&JmpP557$fBilf zV1c9O-I_qg)9-a&FKTEYk*$;aF5xsb9oaRli)>3#A#Hu=aJ-n$m4bc<31zDu_`u&k zpJC$!@~Sy&QZkOp%jgtnq1s#5lfgW%Fk!KL7sM!^j%PKfk#nxd|Ju~q7P3!KZ^e`p zuAb$Pflv8NXfFm=R%*2gE3u0W^iqT#y1%go=6?9tg^T!J?tc{W63=~PF3>roB^2 zXo1dXgq9JsNm?O?>~{o-RO5}`J|gV5=NeMqS#o}_F!^YO$8J|5T)RXg7&iYAXw<;8 zda_eaT1w!wY8TS)8@afh!&+#S-*Y^;!};6c_)Uc_(tEj)MAS%#1&bIab;5d6D@ z-K0C)#AP601^0|CGT<}w-*`5k)qn_G9VO^qjh;N&$YK^rV*R4${b-pLx;TX)1)aGX@a)&%UYtJkKh z#=B%ul!EBK5db(jRHaiL2J&cmW!=ZA;t@x!TRu9{HfuQ1$?+3=6$|?Cd)!|>!@Z#B zLU|u*c-{h;X;*q}9$^NqPU@@JRq-AmZmD#Y`W^Aeaxbx~yiU5*Xc*#lp875RZn@3Sz<;n7~a zcNw}1oHY;fR6BD^`}t=hCwSPB<|Xl8=ReF*Q-I9Ll_M@t5ak#lL zSTB`>#r1LNWD0$fHf~AmcBxD+}Rz1-Zg9W)*@gw>n2TIcViTn2g(`a-1w7xw5*$JI0<$%br&gsgvEkmm90Vn!Qhw*E$|L_wPXxOdq zwsn~ytG#h$V6-ND@$JK|ObAnmAh%8f%jZ28+m`zLCG=zCWiEdJE{$;CGi+E?YT zM|;@9O4gnQp1%eULB8zs#>x(>$sZ{s0EQM_Ps&`1)U*sU2Po15(hqDF%98}fs`ns} zjlTiaPq1fWAAs~ZG-hOFm`}v)HRDI9E-cViRz`U&jDK#w? zW7Iq8&`>Uu6!38{l8Q4Ks+@n;elE8@!(2S@!lth^K zOK~`qPo4m%l1g+8RwX+u&jmvUdQWCZuh5vaBP1_bAtX>VA4e75C-27irCuFM0)+w| z)i`J%aS%bel*I+5Z#)yPM|^UhcguPKNHT{XN2W;&^rQA}-LT9`Rrc_Zt9sJA&!~xl zih+pb-_OT&5wneBBtjNhUSLaqw%8cIu3s z+{;6Mk8jx}20+JAH*~OQT`^OBWHcoxhs}{s9yoIltvw|VyHhvPAEDiM$GU+n{vI$m zn@x`6HTBy*Qq09=fn!TG763+&!yYW2`5i!qXXJID)TSFug4o__RKB)mw%H|FQC|O0 zt~V9HbCvtrVnxxT&C9w?4xQ6$iGQIjS7FAy{@n#r2A{faYj1rUHQV|u_u_%|#R7?4 zlf1Z7nmJZ|MO1ka%=Plv)!u=@RS&nvG=BjZmpE^qY>UfWyRNRdlIk0*(S`aJS>B{E zoRgCuO<8O^i)b^XiXg<9@!u27&JDYTQ(^TlA94F5X>pLZ%fvFZ?Q9o~mVY@D`1sVp zA3j5@L{fQhM%gx)7-AihvqAsDyx>9N+MwUlWyARv)y59TW=@!5sI!bn1R2^ zsx39D4q!Oo`;@Tw-F(}H{9QfHap7sRok7ny)(~ywn;LL+iy~qe%r_l!Y33{1qni_s z^#%|ccwa;f41oSBd*XsdFo6=n{JVt6tdbZ`rqWOLi0HFxPK%?D#X|;U2WG17S`r2 z=kO1cvUJPmbxV#YCjcT=&wtN0`dJxOIpV>`AeTXUZA9*{^II+*+{kR499nE5gFyKJCSOS-kTY~$+0iYVN7k`-<>b;R5I#EG zYI-`AiXvXmkK?I=0#24>F9QRFcazg=E#P9jBh++A1Ht2qePi=>FQol73!x|i@iY{e zWFO@kb35)A=Hu42WJDK@V*zrGl9)P+lQLk=@8sKe1+C1aichITYro#c0X&U5f0^5L zU%3fNe%5hM2Pq9)#*+8Rrz+B5QHYj*N?9{73X)6xP7=xOc}$n_R2^f#bLFT;`pDEY z|KfW5yXT%TvUc3r?EW9Jk!U#Q3$m|tP77bD13wqKC$jf`|x2AKV4Qu$ZbKaM{)DzWv)2VHz?(FLdfRZ1@N&&V+kBTnOPpO~&$QVTHpGC(2lt%q$FogOKVgThD z-d#@n-IJ`tZg1;zttT8xM`Vzz$jDn=Hob_rra_DBxpZa{D5eZ<6AbmPhk2>j#~)@+ z;UN21u`5yRM|>6rZNs&Av;za3#(?~+1cY3q4EI*0w~=S0hlSzOKzJVl_Y z{=DIQ&EC)j_hTp{jS%EVJj%e$-5P4J+bNxPyG=VMcdlvwzi8})Xz*F76^_Z+dij;g zq@4{S4BY+l+T9PS4c%Z}W|+ zgPBLe4L8fW^}#eN@96)rqJJ6u3IvD;uz?kc z_E^-p0xBMqlHz}*H7TJl`a;LQ_22)(xOe{p0Gt zZ~X5oiXQ1cN&cyfD);59dJ81d0F0A{;d@!wzl|@TaWD`2tHwMAR4Zv*7gE^$JGkS2QohENDtbNjL2H#XMa)=G@}a@5_nZIUm)tS?9(Cw{-VipHlw7UbgX_(|*2 zw3L%dNfX=F^mK#PpPo2|@98hRCR zhmY(t@7At}ISKQA>f3#yR3+dZ!CNzvsQY{8dMYfUvB9|C67nD(0{_QXg;cCn6#gY9 z;zHDS(t`_H%A2RjcfD%<)%WpcyU7#%R|!sTWcju-;_ifHLxkr0TW#%y3JnL_AAK4` zL7UUlkIzj*)*qLvAq*6P&}1zFaT@vF(+toRlP-oY~a>XU?LRA`SP}V7Vr%xz7&#P8@ ze>gSNy21*Pia&ySL!fo#I@$lphTZrwA19eFb_n5?fNCY@@6RJ?~l<;Q8G{!1YPLKGd zlcUmp)`%4&r^@^U%1el)oZgc?kucRp`3f$N*y7<4!4sT;rsYkbIg) zYiZXJ;>hgi?m6Q0WvVE@##{}SG5}>#NF~Qj3cm&D3WK2H^bdj|On|(R7heuyM8;3$ z4)U1iRLU3)>oOg`zI$EZaT!&P0JCcI!Hkq#`oT>qmTqr7C(Y5ANTWK;iTXE3Ixs3P z1kG65sjzM`V!DVEWH6w(R3n8#4uZ6)$pm@p5P$bCmu=V$lZYb`%Scgt<>F_jj7dgV z^L4`dhCO~$GFp8kAjB~>@O_IhD-&PI@@wyfi1H6)n{7;2uk*1wcyn_{Y+2yH2v3Mr zsuwyxT-8#c+{-6F)=`QMwr-Pu?y)|0-d8K@+ z{5t-RGo2WbzKbRgktE78GHG;xY2AIRT}3oQ(qY!`aj}+;Z2M{w+S0t_#<-&Qz*Oq+ z3PUT|t{gasj+IY5mx@yHX3nFp`) zzc}%KAGodYVWw&|SJU&r1%IO^H{^MU?l|EXxwl;K`xie2K%9HQ&HVAIPL3n@Sv)5d z3YrX%8$-YZ+mDH^9j43H3)paf2{vSUcZHywRLK2Dm!k1N$)`NA7K?Vl*h^+ z6Y(-5xMd-v{ki(fhyCCDSH;&-bm`#AJol>2qk7*wy5xAO*29P>!$h8z{Q%`3;nzbh zWlwQ4{)XF58wyw2^pLS4b!&ARbuEMGqtjrADny4tX#UeDL<)NNwLq8beJV3dWy3;Z zDRU%F6g?$|o(?dQ(AF(^P|mWh@II7DBL|jL&#hp{cbNZ@9DQSODeVTW8+-O!9Ak$z zmNnGCj55g{991@3-u#SZnuy-2t|y1xbeGS%!uG8$4-&K`KCgP3QMa^HO5Ot(MX#{R zm3E@HaVN)*O%1gmnk!-E%cXk;pBISUlKS`U2)bRh8@bJ$-2PI*NrDpmqHW#7J#3r1 zhXi(V>r}Bb>d~7v#sQ+Mh24oP^SE<-i+cfLUEJTQRK(At9UV%rlWqn~N6R~PFAKI` zB+q(QBJ9}V>M?laGP+yx>YAc%^1dM!DK@f%PhO(5W8kIv46DNBn z+ZLPKOj;QUP)pkyeQ>{#Grv9ai%o_S%UvO?M3^rBbN|U@+lrIel5zX#leR?o@t3Pq zjmdm;euXjmg(_)}$x>&6=C4YW?@TKdRx&#i-pAb6=oUsfn@@b*?7e*IXk+(Owpj7p zF_@otA6eXTg!-7OHAxU|37*foNQ%5&Zna)9h7kWpC={tkEh0G8>+T7Z25CrG0R8^$ zwrYH7=u--_%aa!*v;6xs+^t1qsFSK9v#|tN6oHsj#zc6v$4P93-mE@(HU@XI&m|60 zqT9iB6{nxv_jHRnhzD-%l|%Xau0E7tq+F7_ew2x#!^~3EfyT3LvGEvHK`to0F{!jx z5>YBO})0=hNm}>Q0DF%eopG8k46}E-%K zURvoeo1HqRrQ%jy1p8Js@I5LmIZsKz%Io@%L#gQ#p3rz^g0K)XOtH>-x{}weiqKfNy9|W) zG$;4>W%fn-w291!OMt*Gav+MS9L)qvzIs?4EtF)o#jjAy4uBHy_ApmpoYC96|HP(E zGfui=IB4{_@%xwOLQKa7Ph~rgaQ%zlgJ$Cu;ESHoTF*8OXDxY9ZR*j)`N$=D+4sJM zsGok`INVcM~^7|2S$0KYv2NLbgWghc_*ZaV)akZbBY;OmG?5kH0TwNZJ4a|^Ty!YjN?{U z#@3mZHg{&QnrhT@N|DO*hbEVfrpyrmk1{9E;ihaiR+l4nDqykaXxn+4H;(Sf)8qJs zCqf&TbE$nX8ua#{%Z0`YdSN21A0nkux~cKx#Wng$V#7-tcT- z#s~fGq0ySCr*Wt_A#;2a_lYVq#T||ny6c_V_o(~V+`O_Gsl!t9S_+pkH7T$4#q|$) zmQTX{hqG49voMiUWPw=^g7yyM^G z(7jK_TZ|$DZ3^9GJ=jtnEszWC-8ErsQ;wJD$$#?W5b!aK2S zUVfA^L%oHZd=gBzgo{Fl%VcmVi%H8SxLrMje&EpD%ScjDwE_P`?HDW|u+hzBAQ!cW2xl5^zkB=k={$z?P~BK3X_dED|!yRWFD+p)9JK=lkJWY37Q?I zJGm>7^`EGp{=krB2vhv*Oc6+9Vv<(fh_{&Y5_k>o#8jfz3pArCqbGOxO@1~2(!7;a#F;rrw zQ^nqf)$#@IKUq(2#S3K3rwS*Wzjzfj=g~Z;FP!V%u;33R(~oW2R%Gg2 z+$292xPS3K$3LNUJMdlaR+_)idDx@q+4f(Z-OkhB2$zZ;-8IQ=;LUb~K1G^1jpuW# z9dp2yHJ0%_W5esZIO-v<^$N|V#Vj}31j!!sK(I;E@EJ_);q;~OGeGnK>dcg!$}fFa&a}|=PF%xvLn)iu|4R_H^e9`G{`_x#JOR+= z#^c>hH;Z8gdq+2JXiCSMv^{)7Z%Q3^D#_17pW;bd`*Uwm?ROX}q(C0ubSF{JtDe*L z-kq>tl}MbsDr$OXx~{4XO9c z^USKhgVCGd@mdWRy01-@vwJd>3d281!jn8Zk=y!W>(!LaGa%mM6k;fSY*HwY4(+c_OfgnRR* zO!Zmw>@PPbm3fb2dsJHpl3&@~yYg78DOR~`GtvcI}$zIRu;Y+S%B8Yz-Vo1IM@J)=kN**`PKVBbRpLE_{ zAlBUw?GhL|vL0bYdOeGia}dK(j@sLG->SO`7Q=8cx0SIOaqeEDXV5`)B7Y#KD{_Jm?mX{gvOkq^U$g89k1F<#I4;=Wcw>WQWpAeQ#NVLp z$Xbe0)Y%cJcQT;q{H3yE7QSTt{fVn#tK-J_7oX)%j~8kC6HUWIS=60q zT6w9WPofSs6-z9Sq-CEoh5(0#%)4d3GftGLn;7KI{g`? zljkG8fBQ=YXmT%fB16#`HC^jx z-NyrOr`_mup~l=5Y@KIaOCFrJ%H|Ds)lT;%CCjx7>P19DlSQ4thP(S0)}Pu5{y{6- zf_Y69`qw1Og2e=7a64muPp%a=FqJnSBNh+3C>S}YRs@YFFlw!*`87a7+^sg99hZ)$ zL0|wR_vc)2(9#PhzhVVuV4ZiOGwt&}vYPzuYu-HXttjrqkBMcO>Z+x>Tmtvf-=AT- za5)$rTT}M94UUISGd*85ZwI&q51&DnJ|xeqm=aEAcC{aDluTSk;J>D3Ta(&50RB!n zI5Z_?6ddUYp=E5cddO2E_*~bxc=**Si$Od2iqwCgveiz znHn-mb}7T}ur^TbA7(~!glHVAQbbL-L9CgTYe<=ep+njdSwHo}#n0D=)-#+bTi34_ z!OapCwbgKSAr|euM{>ThFJ=GxwSTknCeHzyZJETN`Sij85-^6G&)MPi% zmnzDQsN&DV9^4TekD-g0bwY5ZFdGII&u8L3pmCudcICv?7|aESZ9Xh_Oq9&p>hQ&m z$)ekVEoRV12r4r)q!@L4nc-37BuUHXPpc1;+pt&t?wKu+Vt-X@x88Xuc)8@1>)Bnt`QzAMZ(<;!MNHX_K zt6KmGnw zn8RI?V+^j*!_GBl9HL+yN}=z^`o=u|b(iK6LKHrtefVTdIcRyu$M$Ev79LfF8Upw*~jA5x_kx=>+((RMDR6=ZcRPJ=7 zw3;WJr~kcjz<8TENm9i*mAHNSeG2dpYpurnhDZ*-7c`*N7$`&J@cNz4AheK#A)~gW z1$q*06|yz+P&YzzPyRLk3}1rxxNF8WY-eZY;tfK}9?r+Lk*xpr^8Tdv((Ewt~kAVX7Ms$u2vF{Y5%6$}U_`<>Zv05By%(ygochQ<)` zn528ZSlh2EusiJ(>PbK#H2wD57QRTrB5feEk?S&=^f9^vP#gve!ar}Q(WkDZA?i9@37x96wy zlrUAocFy5*x-2Am`md=Bq;gVhB>^Dd{kPd&d?KVy8YH(m6`kLb<3&O<9$r5FV^N`k zJh}um1{0qL!N+FKlZq}1+a0f==ko5eU47_Yn#-0QUj?fVC&C`}GJv~0D7ayjA(zL< zbO2Dr2;P6m_G?s>MG#{o+L*|CBNJw;*Lo2)bx4%FN^00B!)4zsb>!6H^7aczOsqwJ zyWk*3)p35kKeEFNTB-Ni9rM$9IdqyS|N51#m9�yorH9b>yVt&UY!~Hf3WLMynVZ z?KobLZs9t6C9E6`OZ9LnTJeXw101<^t&XWASgz-Q-vM2}vyW%YlHZ6Uwhu(mg>l z_4i&KoFuG)Z(IoNq}ndVDE%~F6@RusYZzF>T2{0wkMoZ&=3rkFG*M7!_fGK4mFO(m zGX%AGc<%d5S*^3$^f1kt>@ghBwrOzvoPG>I;oYU7nr7c}A8bhAC>WJ|Fm89ZoTwMB z!5mv^4QIaqUn|}3op8YQO5A+E^Li{1qvWUl)=IWJvYMF=X7Z9ZEr=mT9WR^xjJ%@Q z;dy5+Uq{7a_SW_lm#Ds*+JoRFq9v2(MSj6^_54%_!TyAS9yt>BHAb0c36natlP$l_ zP-cthH9k3ER7g?A0#VFtJDi6=hZTvb#V-N-u?C-OioUNVGurmyF&Pby+HPf^ths91 z;A`w?HaaaU6RC`DJZ|reKBFkBjt3;#1riA5aiyJVdLlkczxHz3o}A^*3xm1E05iF-6w(a47Glp+E?(W#)26iR*}jqB zOPRs+oP&+*k*NoDJe=NU`cv6wr6L%Tp8SpFr^+F+PZFwZak^!;~nF8)6j zZesiYy9vAU0*HD4yPRC^gdGinMv9za-F z0Ein8U;X4t`Sx$y3JA~Jn5|!4O)hegS`Gi{0M|F&z^f~|zd$2Oza!;L#tXr8po!nG zcisMs>^~O%e=({59Siy|1oeM`#NB2AXSOCZ{F~4%#DJO zCp}WNgRZ17cOPj&a-ikPoQ$Dt0JsRgRINJnEL!N-&fPWc_ZLXp+Ow$|$=1)VgoCRG zGf;ddT(s#cqY;zC2u?Q|vVLi@;GeUix>ZXkinWZu@5wSFR@mzM#_$xT4Kd9i?0!G@ zEk(r>`ha9G8~Z+0 zJVO9|B(2Nk@e{mD2Te1myE1fKFFiJTx8wGI@W^R3h>nO5a4d#$a|)yB8_W_bsU0Y! zKl-hhzquMO)-tC?d^qQ_-OrklEED|q%XT2h?Q72sn5>(zxom`cbAZPchzK3dMG9nN zIlyx;8LQe4sVpfkdU%Q%=m(5DI(kl3vL7A@Na>B-dfYPVHcVhfgNK)O~S?IA`Ps||12r? zSY2bNxO!XZ@^&=QcsOjjCzJSp%G5O``=6TtIu5{mQEOjXxTI-FyK0L7hHS^;m2B-&N^NYIW6N{1wn50E>bH`JzTv+(H(03S{IhT==xQ5yoDmb*zqJh; zJ?$SC?$)gtfPoHt{)%JV{P+_U_>V9BA02v)lmFjtQ|Lhv`f2v_4g7B?6%{Bz2ykLw z3B-9SQqeD8-}y)L*D}J%_m&?#&^Xodale>#DiCd>TI3i#^b)9N$&M0o(1;4DSex?n z{QAZ-e{~B(dt#M0%Q3EAK?Yx&(t9>oG68%#?!i`*Z6Xb-3STzdj!SWEG2L zzpf;+xL|4jxC8k%f8)UN>T*+m5r7*?JVVa}&Ly@yjkl`KqEt`x^`^_YFIU$Pwr0|g ze_o8uH?%nxdr_`go(VNjYnKLhOz`w0vJ}FSqnPkEmN&|-(TBg{D)Q6Z>+<u8e;$Dt_Vsf)5Yo1>tkNMz5A%vEkA(;7%R?NQlZrY-`WR+dEwa3b2$3eU{J^dTZ zo}~SwWwWh-xLGXEJw#Cw z;e^&9FOXPqy@0RxZY&8{JvDpNH%dmTK|ufpbh-*iu$jd4#IQn->UTHGYeN6XVgKaN z{_=8#1A^IJ)wdf2Zz49@qN?<#ZZ1LkQLBB{boK&AJ7;{vvB&f6ZsPKRS<6UUZw5ag#uIuo z8M7A&K7)$&XnBW~x~hq#pQ{3rvyZ--%OOJJBzuE1Ymh1Md38`+fs#_7M_m##A<59U z!K5!+1t+AY(mriSjzE(_q&@qjmdjPw=UqU6{w(K0DoW8D%W3WK2tX3@{9=B0zoV-Mt9*PUM;q-BsTDEuSw!6m|oV_Qk-Yaq} zAaqa;l=PgEVxry34w~HJ_bWdKfW^h|O1lBAiQuf(t-eHgUC6+a_ctT&v+D4?s+saC z?vZuhqvNB7cMA}a@TJ%YX=Hqg4 zQg=w$9yS)S+fH`JWd6-dg)db`7Cn!}5A^lN`@_+ao^*^eT-`sPa*h5ZCgqyy?OJKD z*1x|n`L*uUBZ=eaSkt-|SO1@NI{g+RUrsG5V9A>dAj_|fmZRjQPn$QyhmTASu)iWT zl%qiWz4TxrQwZk7?FSj6{rXxih7cV;*wo<~FI^|al}ATfFtX3#viKQz%RV*uJ1deX zh=3(JBrR(qVGT~sC%U{fszEPQN5eHP&Rc<+WZoS0eBPLs!PodsHcvCV*|8at^{fa^b(WZ|6XYUWYyT-qdj z3|;Se_e@2NDNWz$W&kX5w!`H{hK#6W2^(BI`>kr8SG^W@d=^t-VV?L|o+&_zH?iP3 zc;k|d&Cu@E%k)7~IL$qT!;l%WfEsL$<{^#GLSffr&*pi;WuYkzjrN?Nu>k^6jh948 zvqUpKu%o^wz@p<^8r`*RKGG3S9gP+>Ymoc4P=l|YeNK2>bJUlggR50KQm$;)x`hPq zjRAq>Q5ayn-&nJL?k@g0kGj15Wx?Ruo=OUz9~U9&y#U{i{o6dER7gt8l!K(A195e* z7b!R{6`mk2f+bzyhJ7Bua`s-VkwCoR+06 z3ZIE{FQf8vE;VyXKy4uH9;OmKMXNItyE` zZ1Kt@5S$+(g!s7b&*g@6D7w}au-BFr`+(m*`@!X>Zf;C<7C0B zJzLZb_s!T6l(|D|Po1$|xExugO0W=pwS88ZI znHxXT@bGacp8!asO$v+Pm_IF`J(?#@QcQ@iRZq|A)MhDYlM>6|iaYfSFuEldVPH>{ z46MbNFglK-fG0hr33e3Xwd;YvLhhx}jL3iR$Gt3*hmk>0 zQ%1wZcFkk z=rSB$k2AT)h|jY!TWi&e!8*3==r5c?V3{aL=<-N3NpqtJR=JaZ6=vDfsXJa)mz;{- z)_o_CG;TKIV`&n1iu)3&RL$zVsTnjnL$Wj?VrqJ6IGLmNcs?VKN_N7SLpCzAPH_Lk zT6`GF)7mV(3U?pyV~(_p-HSJNgg7&rGEe$k@O>#OJK-C>==sV$voPeRv#2;isstSs zeZy#w#P0e~i7yqCEqR}`Uam_bcl#n1NoNKfEf&b^11@r#G^{5RyT@ahcht8bJKYD~ z^Nl*(yMT%1`o2IKbRL9OCD#I@^_Lc*nyILb1E}r+{6~K6-Mwo%E=pCom#&r0i^XOg zIrj|hyby%F$`**S>_MYl=9eOZNsPQRA=ICi1KWnCuQrnKnGMXx5lJMr^@z>Q^^@A= z?5VTBiU53Y9GnwbW?CPxBwsKUwk2#EC7qV66gBd~3t`(M44{ z*S)h+*!bCOWLV8GVeS!pxTFO1k#g(&a9-PqLK_y^1gMGMTkK}>9G4*onWVHYrbc+A z8u~sG!e~0B$USC|mJxMuYK;$^W}5#rFk94+FK^|*M6hULv8{kvKO#|!0V1}Z-P9B> zCZ*axt2!t!+&&pQl&lagX@&V2w4Gl3B3~OVz>elb!s@Xzce}|Vr`cA3^2eHIG~7AM zh9+taTBkDn%QeG$(hZMR`78i?_Qqx;w>1;ms(r%z24TIl8rlxjlO7G3?C5xevqicW z8fyKw^s z<0t=S>cfI~YO(EYp+#eg&bhtm_ND#n`ZSTw<9d^-$eq+yBqsbD%}P*PiHme)y~gMm ze@=%v?KrN4uP}cI5S}s_RCIBI^3Kpthev`k08d;^$?$o~Cv^p$g_$GGH2lw`lBWj4 zWwOS)?FXH`sl-5h7zn@muOR_|3=ot*9!r??8Oa_$zbzfW%v2*WqKR}!+9hyQ;!RS9 zngcT-V``+=mu0mQ-6x`Sdo!K~n`X$hSzh@py1{dKw#Km3N5@tb!Hbu@cUL%t`*3?k z0yai?HJV_QU}IoQfrDL_k|PFHLOc`rpOEoIrmB!7 zjU+FzCafeWyi%gzZxpuWej#h~X-Ibq+?F)aQ&g`BN$v(SwoB1L+x1 zSZ}pAm-auo6G5p?R#J7sB^~-xMuO=h04uX090U;V?~$ygB!sWI4uGuyq!3g8!lqlo zFXEIby~{YjSG7||(LGOgK}@o4%3-`Ukq)kV;qZ*mRKT@{G;0;4x~?r>BJc z6iQHYNl9tcBlnkSUFjxK3SvN|_pFM+Nd$luMty{9$wm-}^^D_^u3q|bJ3{*}BMwJ# z$+xNB{5{q{OrYyU01d$KvuW)=Eg_!o$!^@piC=^3>N<%P4Q1Dj^l8>8`Gk?#8zr!{ z_wm-#rKR6#>=%4OB#-k2R3_$NPU}7)Z$3(0S1KO?vY#@+SB+IrHhTt{%P+O`^Q-eP z<$SBe7kLrqLJ6wlASp%8!ozTv>Uk^~qC$QZ9_5LW9E_(84q4dB2b}jal~C!@8q6f6 zp~18qgKl|oLH`*_3Cw0gCAvhF~>QXGLK$X#%Okhs_&P;D?n9taI@!=LsH2T+J$OB12NFl&tWFE7pqyn z1k#o9*BN5S^?pt!$}5XEg?uoP0aG|BQ2mD1Z%iN-irYbVX_M4gs!w0E@m)2=3=SIF zePHBuZ? zmTEMH$^zaBD>CEA)VYaE*3y&cgu^aWI8ZlF^*$XCzKdHRY%89vLw zQ0z$$?s$9 zDswQDznCI{jOrA_*L_YSA@^7fOm&Ck7pzYxqz4h*rPvA~?sv_$)n@Xz(-cb9_zfmN z(;7FR*o`;JGDWet@_8nU5wfQloT`*`Nx+MmvP*OP{U z6)&y4uBzPI>mQ*RIT>tJyP3^aLMXTn5azE;KZW2kF6Y|mG+irWF#L>rdbVgaGk zYnA(*{@NA>SQh!;jJg#>h*WWYgMfd$?@O}}Iisx+H3!I*!MqaV%NWJ z7%(@G!XKYq^3SI7fBf?gA^-Z)J`*4aeADKiSk14qd)GhzpZ?=>;8=bc`+jM04WHFh zLHuwNvFa7UcUjr@&GVx7ijHk#C9(*lpfF2xHSVg#9(pitosfjAyL5EQvZy7l$+YmZ zS?is;j%a; zHv?_1$L{*QfH3EWFi=4)yV-7gs0)7Or?2x`|4z|9#UwFtG|}qhuG50LA8K6%^0_{p zI5JUImP}*l?d^2G$zuL1w&&!RJ2}KuVB1iqRZ|`(kH)P!84&`~DiCy#7km(p;G|%8 zAXy&_QYS8wqty!lC=T+#%Csl!|RUJEcC`_c$d`^E-5Q366Luj zeS#VnXWe$vgA|6mYxL_$y?+}xKRq6E%pW%o)=yU+7sG5Vatji|j zKgzETIWG*>Rmy_nm_qTl7#}fBL>Npo*DHAlir<6Iaf1kS9ClS5XRu5W`1;rcorS?|4rS3l{DT&T^2v8~jv8A~zT&@Q!EBbHNk>b1n#1 z*8@s}d5RXS?(cAtyd2Hcta0@1Q0T$@v%zaH&!Um?w;~6IwnjthS2ac=K+C#xa{_^>)=eZk zYk{t@tE4pcEgCZs%G8u}wMxVs{r}1)&t?RlvpGfth7S0#lkpl3`BYdoEAw0!e3n2| zz}!yq#FjLj88R&CY;yZ0DDY(Chs@)O%kvn)NOQ_TjW z2%uYk`D5^=V%g zmsloyTCQuWq+v5k8*d|g4lY6dt}$=lpMEFH2MapXn^TI`k?hDrprcvDhH8FoWSVEl zegEapAO{x-lbG^(ZI??$aZy7tJ-&{LsOu5OV{!8AQ=43Rn7##=_({&JWg>Z6- z!6Hs}suoz#ww>Pvk4~`7HDqY$A&f#ux80W`oR@w~&j}$6o$Gh$%h+XEYyoT~EeZ5);FWz1D zZ@@&fMVL`Wnj8TJw(9jv{0#z(c$LY{(5f3XZj=o2kMAEurODR6%xX{qU9O)M0lDz) z*z~j;6g1My2pI}sKY?-{%uRn+PF}^H!1hRM__A?wK()>(!leDSjJMoKQV#?EycZ^Jt=lp~`FFUwP>57r3jG$=H`4v?Sap(O z-)kKyy{)n6m?-b48wDntNkQrO@<(ir*6y+Gc%S3S_|pJW4MGlbsy?;Mw7v zPrBFril4TXW^gC3&tp|jv!)AAg-FJ%Fb^fW3laW{p#jU|hRFQQ7LL;<27;?yWHjBKiB~X`*jLMelD#3gC zVH7!r3oW^&Rk@ioug)(Z_V%*0oa=NW7QX&D+jWH@sDF>Yx*~utx9UH;m6*z%{1ab% zoh>!}9KmbJ(E0U19ehjn7o%aiTAXROLhyC85#9*>5mwEZVbk#-4Js>UFv? zXO;e^wMdYTh9^I|ET2dQ7wplToH#VBCzYq?@o#So9`>jxZ5eRvBtr5hdY^&sudX{@ zfXPf8Rl|=_ui_egf#}jc#a?=|m^xB1$CJ$*>K|e@rEc$fOU< z*|!s0kAsWRTwIVechVK_ztS{PxE#j?Sjq+zjJgTarEsGtkbQ!QpNiz!GAUB(6j3Qq z_xwYJB$VLwd(YFW7Y(2Lp@uOyyACa9GOjZgBETklvsuB&H&HmE{n%^rc_lL*o+?{j?;Oz#ha+%#8c6bIlaHyvE<~!i0k6+=9KjDVIbZ5eqfn_xko^ z%RfDw_Ur|`NwJilwxmEVAc(%%U$t~l^5O3i4HlaJDbe5r&~O~bZu+ssi~U!$?!F{9 z4@lx(+)@n@B+p+=%#OJH%w5%*K81XYTU0G)EA%NVE@kp`AcO)xmlopyjFXh<(p8Zy8o{kQuL;B+4lDZfJs1eS z^El#zBt9qBZ5)Yt{!5Dcr}|f{B{qYd)j$Qgn^R$Mn*;fB1jIgnAaIz%r-H)XkXKC_YYuhVDGx7o{#- zTVT-8(DXzv8W-flB;iMy-MnP=5ZI|`h-+TxY7#Gv9KR}k@q!co@fXC*yOaS|Wftb) zjI6QN(Tw%D8d(!7hxb(XLuJ)dS?)Kp+z$jj1~Whj{6%4GxUFD>i-0%={bA@8c@pr9eMbe?6+(h6U-PKYDwhUD4ra-q z5+iF$V&Wt|{`FO|Pwv%~wU-eBZWhS(o%Nz(8Wd~;t9BR5y8EUCiAO3Nnze&1W}^g&+V>J2GUqXZ zh5<;A>*eEC?2n`4OESq4$)~)oXR?cJZ5cZ;(+S#YoyZTiB8hq@rBl=FI7|grx?_DS zlv^#!o?MRBZda{`W3w4S?@iq-G%sd%*V32r&%bZq)q`Ek#fs~xE6b#Q?e-t($>3D5 z;p1-rd0Y+b%DPTn%r5LRC<}0M$2~1+p*V0f)QP#Y@kY6m&l=UMD(dkD8Fl&$f~ar| zdVU&j&%?***IhmGYiHH@c;3v+tq0=I%$TqPYx^<6gj~DwZQyQDpl*26l@edhakTsC zk@NX$b#!Gk@wUg{>&a{;_q!fke|csG=&OZi`pZ$upI=FUQkiiHh;)evNS8nIHBfN> z5GcC$ESUTQ-r(MOu(N~>9W+w_2}2ieIya&?AP=KpE=tYIVP1NklrqmgirX(t`~he8 ze*djF`-uQ^Xnl#}*PYfPRxuB*QV0HZ_Mb29d0fyc*^-Z*7gcdSFTzoC6ZOzDWB$_1 znE!+CGBH;DTSJlOuIm$h;xm2}9f08363^XzP?1)`^+j8A#JzxF|nfB8+JS!=#&oTpJdPu07*7ON1Jn_`m!`%+zJi-nk zc;g^WyenDtGYcA0D=c&nbO}k7i~DSP@X7gjd;quph2!@9v$34Vr6`SlL4syUmm6dx zISqGp-a7Lv4RGf)S!G?Q2}sN=4oQGeutT-#?!}<2;RI5+F8c9Av~P`lPoyz=@;)zE zx=T|3XLn8uuE@hy2UXRXfwNqBb2dX@et|`FE%~i)FuIp|8fhqLXfntkslSW`D06bG z(1i}&9c#nZZ>fd})f|rao_I#&L9wgh%fAZew>Y3fa!_`>t{4u^U!EpC9 zBKJ2xGnOuyYo%l)G_qNIiHmBg_-^+Xm)AsuL;p!t^ z6aEwA?vn#9Lfeyg#a|V<7f>=jM@9_6Jr4)IE^&S{xpg9K8!8k*BT>vx4zY;51ot(z zhv;-1qOkg8)`V&~GQz0SRMwIZg`JLn2rjc8uQ={ zE4J%p{N3u)g$-Hir$dob$Z;I=z);OS$h^Yd={}th<~o$zPbT;0)+6U)FHSH$2yD!? zno^%Dq?MrzN*$s3kFwSYn~Q|hbbnT;ul*k4)X(bS4)L}L+livwSf83JPMxZl@N}&X zIV9~EZ?WpFFL)mr)!^QfeKaxACNXtY;)q57x+4$rKWg|P@}~V)QzR6xdB>gj);F)q z<>7O}_}cVkv)t&tWuScQ?_#$iu*S|5Dp@R21NN{6D#>qsFl>?e%A zkJImCrrdiPeJ{o0X?tm~zNx0Pq;Tt=)n2#FKtA%Yp`po1fNxV;re};Bb@zP_R|M#d z<2|F=1cMKZ)m-;rvBBZL#%UklU&#***OB?mtZMCsBLvxDZ)SG3Vd7d358ExbTb-ea?Rff+LA3iTV5GfY-eKLOIZy zFr5;ppz8|3Du{`T7*Aw!#Z*Ak|75IUKPqAf>sti(P`x1-!2zW8t=DC z++W$me7+>{qlVyXwrX(>g`0=hXOAI|dP^%6S{V9E1~4C21e!95)%wp*a25eIKV$x2 z+}POX^O4juv9eqs9vfzDPPvA-R(B{WUfu|8qMrJQ1TFYb2-5iP`SPoMwIv4eB7w|m z1V$Lg2nbkPK3E+*nt!r?-VO5p=r`p25Lr~<0G%AGgoQ+|6ny;X+vw+2ReV3wGO;uG zk&q60r?Q#x;}8ie47$G^EeGYp@sC576=Sa_08byVApYkO;P&7 z=g=cS_l0k2QOQB&u8Gx+EzNZ#=~FIWrta*{T|l5e-&A>VKdK#*_=NtEs-=0oKNj>} zZQgw#^~t6rtv{hZ{I!FF$R6W_#9XQW6$3cpScQi7dnBi~rOQlA=qdlg6(%l+4jUC- zw>nzqE$y3m_?OhYlg31%symUBumwkHLW-`^CIdxZG2Gg(*n+_942tQ&B9G5Gmp6g{S!9+2mc<_35CPsQ%?@xO5oI6G=_V$M{OTFK|xl;2{WOQG=0 z&qxaSV!p%UvsW#LdSjnsLgUWrL!VH5ujX17)M`yf<(Tw{ilj+ZY5b~twzM*__?`^fXlWBg61UCVv#<8mNdoG^$mQB3R{nWO0PBx-IO2Q8M zpaP4R^MvE$a(OXwP`4-lSs5xX6$DDg+~Qwv_t$F7^z!G(`X09Zq&!==Z>K0Pagw`Y zVAD12QtPZCqJX~y`Xu+|PV9TuuFc@&Q?Vq%1hkJTudVLmAyI}nD9$U^b(r^LD5<|i zJbgT{Yac2R#5XTh7FbAdh7;1;R!zDgfvKucH#D&pZZ&%R;acce?(dx)SxH_q?XL$b z0+gZWmsX+D*7lkcxqgo4#q9p@!PZ&8<>BpbJKmley|X98KeRVa;(X!WaBm%2S~hg= zU!EJ2UO$@T2-;@P8XC}rOww=hSd27I*J?JsZHrl+efVp>GtguBpM3(8-He1*N$}`T z@pC|nmmGREv4j87{kiU6x268xS1`@^@Mupxs8N4A(6`B3XPsc;F}lvfQ?)wmc(fz6 ztF_49V3gmE@~bCDoIyt~wcBWWxo3tJxahia_ZAtKrI#(1|Gvb>b%K;`cW~s~)v!Ep zQ5x%yYkvDh4M3OwYX<^oKR3I~-&NIbP6YmIPXgjHH@g#4Gx8z(_5O6dK{e6T{E7pD zOTRtyzKObFs9s>!&~ddv2$5aOx-43OXRyi67V7Uucx-l0<6D=1vC!#~b@5yhs_e@^ zXrwXX`+jpD&UQrgj(~)@*!uWCq7#ZJH;()$qD9UY{88jZxPNWV4JS(5ZZT^yj8W)1fMcRw2Fi z&g?u55S&N%ZhI@jA7!P>Atj04yO0{F_YSI9|bHJ_3 zjLP7zoQ;k?4xFEmWigk$+B&mmXn~r|r`jZ(Y`pAMWGTk;($8_w@7{S1_D#is3q8Yu z&#~GEJtX78QJauU^*U9L)AkfHJ|cenL&81LT>$(Y&*#yjnzqWUP~5vpJ9h%kF!*E& ziKtO?dza$f2<{M&Kjjx=oA_?ZvVLy(uG*=`gp<>w^Qhiy(<%d{+ZD?Imi+3n0tRu5 z7UVtkfFB@Z9wI{Pzisz59ffjfUops-t-i$8<5s!ulGkUD5ELB(bPuuo^I_BI)S1qFbSJ`+J$AaX zi_;3rb;6}aM;`yv@eWp{WYSWXj`-$m9wRgkTi#EZ7}uco z`Aw9l=-+Lbg9H^DWLeVai#caq-Bh(N8UX3e-lz+>@lgmMA52@-kTPYcA&RSt-S z$hbZiI2!GmZ+e!@+^0lsmD(~f-p^wFfyO?O8Ew|+kCGzLtuv(93unqF;P6RIbJezs zpP?ZFEzo@p`VyM1` zh))5t#cVz^XWSu&ASRWEpT>^wQGH5zgk9yRzHS=&822;VdW9= zb81H{E|S{G3ip=fYLXgnBsq8`;kkgIKAm2*m4!o{>#BsDmC5Ci`z_8*U7f>8mltRg z+E0!wSrIioEV{3Nq@KeM6z9TP|w+7K&@<2JWde{MhJt{Gs`nI_CP z@vf+>uBtJylgmP-^{%V`+?SJ?UtH`E9sU+0z4t2Eb$A^am#ou0ZBu%9v=Mr?XJ%xS zn*sg=_9+Pl#l!C-g#tz%RfyjCf*8Ma`oQ^Rg#tKh+r{iN((EDZQ(0Bw0)^V(ZC$I` z`DTiGnMb9U7eAag*sc`JskGI}!s+UBcZ!th1q>3&2dOW{O3o=D9;o0=5Tx8srN`y8TX;1_e(6jqSgIAnm~NdCP9eyM(A|Se z#8o5dC-fhZ;GtFKDBz3tjbhR3Qo+W*|G6D(#!}|=2fHo_k7?09P6aU{FS?*G#Kub zLz_FS#V2>ht0N{Qpel%n71BhFuU&5zxWxh;xgnt$lk}9Ravv=-9VrKu?HC%r;<1Q$ zKa$)MaWCcLlzX*gtXHI-hqroMmK`sLp-$^kBLN5BW`3KU$se(;QZ)d{Nn*Osz^ac} zr=dz0wvle${@qC4reTRVkA%`LqJNIfl=4|G4sHk9>^`(?{aAS{P@j zykw$@294+K^T+Y25(BjlSo7(L1`uhYF`gK!2?ho}TH2==!aLPg;HSrPGs({Qg#h~Bj#eRZuC0R4`x6!00ux1)!VcqUb;*dXfGCO=+BC~UES zsI(4hQVoh!Z5td`j$25h*PCY9F1zbG^orW$7i}jtg}UmrI7Xa*@C&M6Ox%kKjKb?_ zNV^ijn&~>|9#;Qm>9qV}Z`QrE03#|-O#&6&pXW`UetNm~+oRpnXLZ<(5X_P(H@i6= zCo-yU)cNXfW4J25OvYd5CrK;@Z6SK6wY_~ge)#UhUU%+e|#P-?zl;aVKs_}H* zmccUbY1@iUW{9Y-g5q%}=R`9x^JP&RM1Yii>Al{@+QAN{^RC<0Ze)Isbt`y}#C`fa zTVQ>skkrUyY1r^uFCObb{=ENPA!wn^me!7U$IRdZmP-BYCHJ>I?m>q`C2((tv8YV# zS|C%CcR@{-swK7Xw z_&HW}^HV=+KOEyIh+W~a`}LKA12+OKXd6QcO0e<6&PF*P$lb25P+U(yoB~qhb!Qdy z)9Nx3gj-r9g0FK$fN)o$mU^m!w{>6;A|H~r(ex9-BjWQJG%g5++aK*;wF9pVV)h?p z55q}#Ljt_C@P-Snsc=Mzvhl+&ZRRif-_esmv`I4jB{4@*P%3!`+Vm=us_OrGmFtuhNs-I9 zv=nt)y8GQMdZy< z85=mFRRV(*(ZbP+(CwFtlzv)>iT*cgh%8zX<<8Q|BtKwT{bN3<;0r;0NesH;2~-3b z3n^u|^68&%82?m$)8@=|F-jG_3};n+v8LDX3n$soQHwxcp<%JkwVzgK-=j_A4Ho&r z9i0&`!I1HvVde#*g>~s|cw_z!pl~Gw46(h0K#dVmZ zh*91htyKx~&>Hs$VhE#*0NGr{o&V5{ZoXK5kUT}3lgiRsshHubEEp%^THJTRFc-}m z#M+T;u*JPmUoR{D8W7L79F3oZOUz67X|+a+V9$y&;!-w6i0fg$(jlz#f}8j?R5<3_ z2Sr|Q>koG6U+4tXyVmGr9}+mX0c$kR>~NhVz^I~dc9(t7Yw0)xFkaAa3{VM7V8O0; zr|UgvWGNc9oly~(;%$7CJ4O~9dSM_fZL6?2Pj|cgLGSpWq8;l*H&BEItwNOLZed*B zl77RdEpG2K#?g51wy$G7In%NZ6)V%uRc91Mp@Gz2~#FarQ@7pFZKy80I5^< zCg$U)@7Z%*+fFx+p96B5&qprs6CPikS->29aR*%S&yj_GR>2*;9Ov75Bn?vA`PX(9 ziMN*h{ju_rw?Br&gdoPaU7z z2AI5ZX*lmh`-N7&{`ksbT8L8iF7I=;1HbP5M&4z+}+)S z26qX;VF>Q-7Tn!k26xwQNY1(UocrE-YrXYV|HE{%s;aBDb?x8YTZ)#;f;LYTFK&!T zKF#Rrj#5IcVehOqg*#$6#Jb5+tM_Z;gC{&1+QTbR1jrRE(<@ZWE>il1%vr6&Ej8=Q zZIaaz=7+afr$x|#*fftufzK_<2XbYOoZ76+iX1Ko*`boI^43y!6)+%R!cM8hiuyiQ zA*~Pjx^RfDE(jg!!e#BP3S0+=>yQz7X;}=HcBbZib2Z2XgQeJi@Dh>w%$Ca^G{0(~ z*j2tYIuF(D6+JSrb8U9@m#-e(`LwoNFPNyaM#41#EaTT8jgq`Rq^>9p#;#{Ty=e(NjF$gR>~tEG4sW1-G{i zMOugj(cB@X)|v&msGHA_1OBUG%AKo(4~R3{3!g@r$c5eOP|n>|xmKYX*lrIv{bIX~ ztJS|Zf8gam-%P$Z3e#5i^38csz$Sdy9wlC;X2`Mxo-(sVHsW|=JVgG8$GLq$nG302 zctwUv295UIn1Jtr?sJY2R`1i?zeAyDxmn_pG-_a>o=)3=gixS8pq_BWg6X~l!g+jr z99H}~9cMgZ2S8tXP)YST$^1GpeHPk{3V)>ob7t_+W*Q;RSMxS7CAEYcxDkePsd{h} z)!wP}4LkAV0*R&qt)yPA^-`ietWL-rse;3|Ay^<3ApG2ZiMNTLz()za>KL_Q^4Ssl zR)8wWp5MjEXFhv6a$G(lpXgqSs|Uvts@Hmh{qnMK%hgQujD|<0Q?3>_V?3ozO{7~5 z=y`l|eoqdZfL%o)^B*X+rkT!-=#P%m{MZ;RL}bJUTXVIP(*o^}P4k;tuxYSqYNJV2 zDayX|REL~$n3F`~-3u9nx^{Tm@Otv&v*ICtKPvR?~}1=QUH}YiubsDnjTq-KfXr-K1!ENT#u>w{PkwrHNp_4 zXiQjqNT~Li6*X(IMkSsM1gJZ@0KHuIg@$OD7&q@iv( zuDWRr4}QcNw+faRBOp)Oz(9Fv>HSr-ZvOG%-SIsdfZflwOsg-W*6ocy(%C4a!W5CY z0m|y9lO#Cn@|gB1N8~27N9ld+`Dq0rv1}i8t5mI>k6zP!0P~4&C{~<4KS+h3kKLEw zwF&XBN4Yz}Kc|NBa=Q{0{a?ZbTZ!x}BZH z2-}K><7oF}>$s#{)cJ5fL&XAeI;6WxTB2uro_|cG+v$99v8CD)AwjfL>RE0vsmv)U zda~pNpUKU5Fngg(v*Mat2nIT*t{eqCr@r`eI_W0|q*g!th2A zM8h6%i><>mtBxqcEb0mu^WumI!RsCR`aVvqhsAK47h8ZPgN3@L32s1vynQ{iOMV$VX|*xDZ!L3O!(lH4lFYi_GWpx>-*2#Gi$s$Am+X!`L|Meg%}2qmKSc zQ|D6BYU870oMUQ@lRStMR?yI2T;jCfo&c+6f4y6vrHx8eGli6&=$)5xt zYg^DHR+H;dfAYPnu;Hx5^Pv6hkNEAqft(6c(=;Z{(V-PC)Lvh)a@;vRbi?_4Q6FOL zT|W_c^Gd?n2okK=9;eTmdM}mIg<<&GgOidgf}#)EmB`iKS4KU1Kl!7o8e%&Wrv$7F zHI*ZRxcEc6G?4mAJ#|>w%sM*F!hvixDl|f?A7zI-rv~jcXK+{vHU{in#0h9_!iJf$ ztOftw44s+6F74a!KyT(?QiML|Bu@=sk5NA-6V6x{Hmxohx|vNlR=0I{{VTa&^B!)ijy!K@uvAMcadpE?M^G4e7;Uz4#y|+o!1(J7P2!jP`n+(75jxK<3IC`G(;@6xEa#j7c?AfrmxU+f@0XnJ0E=+ zb#rr%95g5MXL|6n@eIR@3us(4Z)Z%_>lG^ah7HL@GAFtgBit4i?F}Xeo#qdpYnA+W zKSZxwCk1huGEj~#uuN{^T#+Q0%Hr?)?d02UEz3`x)lLiUMnhgn&yzB&!Ec}G8)VXs ziA3LHFZJ_=J0?*d0#>#$p|=VHIz9I{t{!xT-M668#{D>|)-qkVCncH}FhHMFX|z)o zNqjc1QR9FlbM58ydbgRNNJW%(4KfO5Z4q<*a2d@wUQt?@GR608hQlBgIxa5GnE&`9 z(;@y$cN7VdmguJzVB>L_Ixty^xw&v?*Ud1lEhq{wcBz#2#(*lF7JYF^km0hht%159 zY%9q&QBa@C(=rp`F?=^VA*AzSX3U@=pawHq=n(#dU4t&YrtJFxv%v%&n>hs4u0QFm zy&+fnj-6Qyl9UyMqA=DVTRvIiy7Ww}1677bG0XvKa97 z%yfz6LW`@=(W;S)d;5jSpm}ekvh*&+eV}tg{vg#75RAIcM($t8%=up8;LK)-{7@?z zQ2tJ^`b#6@jlXA0$+>gd07-H*u^O#-Ve_C;_(zjvb1nFJRb`;KN039$^@%xqwPZJ& z8a*!M~gL6TVkx>ZQBFNa~n8*%iW z&ge-_8!vFD^pP*dsdD|BJt}o=aybSN{QAOB3TbFIP{mCuLS3uq(#X^|-yah7eg6Xc zje6*{e`s&8uY(2rOD=4M;*W_Hr0kdYaRc}`^32QNI~4kmjRQRPu^i2&QQ-nywNZs8 zjpib8rKcWt(kOuK_RerLTz@rRYurC%`u&LiZMk)v%t`fOrOwp3dCk z*zyuIw0{r1nR)F`PrN?OaN2uw2E(BB>I`8F=v;!D0C1eQeUVM$$b6I;$8;3}Yh-Lt zL{HbDCb5$Bk?ifA=!&iv6{Z=#|5T^8CEHhmgc_OI;0lrV0<;Zt_8l8*Qo4yU%%$`RTW^f4gJoBf7c_mylS2UmWLxV>5T)a-!$T+Rz8b!-|=ZvNa z=?N=(5&Bd@hqwq(yo>_(d9VJsx*>FSaAcAH9{E)+jprNFOv6p5%vc{F9^Rg)UIt~` z>2<*RQcr7kidJwKLOattb41LQ#jDjDvQU@Q*Cddl%ZNN`vsk>L4^$V+)ag$`C;&J# zV*x*buUH~bB>vQRud)#u(s9p!unwl2Q>Jk29GHD@r2^{@^@c3Z)0$mMZn2fr7^PKQ z@ijF^L{zZ!7AD$CgZI8*JliCwG!WYa;){E3q|i}55G&{Y>35)=0O-0H^818y%Ec^q z978XcdP?inQEmYWH}3_82b3;B0*}S#fZNsI^^Kp68bJ^-aA1P3e)L;f<6FYiu!}6N zq91xYJs}s}E{LCt&M_$^aSF_b*rumH^8=pkAV_;2UO2ck4klPb>!Dlt$1v*!6sD7T zE@!jMIZ;QPm2bED3$N^F)9cy&_B`DMX&(Zus8|Z*Due2{fG_V6VwVr{ChHaXz&jsT zl@xFcPk-=Q{FKjf2jo7KK4}OumfJ z_?^^w@3fME_EQQ^uKKpITg~1;0-u{Tl@w{orWvKAJ737uFNa@7z|6^7J)RAgEo$z457fP4BigIo+B>cYyDdVd z-BF3t!R6U6Ggopa;JE8MqDu(=E(iQ{rNMJNX&ewuX}a$`mm5~8{g|%ndOvw95Y}Y* zp@5MS|)09BCobucL{d*HMbzBWPKCatlIyhe( zu2HrSFfOa{;q)_k$t{Wa#BK<7PKuv6w>YDMKWha-7TzpN8pKIJW02XAj09zQ7rv+* zAB5Y`AE+Bx{3^v0xBrB*a(JpXv})ycivG&_u7^H?!hDW;^c2H`gr_Vc!zM*MC=7t- z=H2|h>3sYEqo!rxvXhAy?%Aq_G{}-dN3F3H!&)kJd}xFWRr>S*qBt>Tib=oSQ7uST zu0Y93zRd{VYtElc4bDDXV^M=Z|1>Pe_>TAYgOo`{?$RqbQ_rH5zSA^f?;fY;*j|X< z0FBsywRXpA7g6nmQnFD>&Ipw{SF5D{+{^oy1Jc1Lb;Xx^P*o2q0)L`9{xDL>x@CP$ z5{hfDbkW$U3+61|eT`Uf>7-phSMX%&r5Ue9T_RwQ?AK}4#e9~%V~3~VLZS?<2{E<3 z;?kLev-O!9nSTh`tet%n>BEu4rO|iG8uC*an0GneziR8={`++mb=eRu6A=!m48ChF z&f)F*Y7ZhkCMCGdSVz{K5SiUY2qP>rtj_S&Yu%xag!#%Ldqsu;5}H$xPQQRuhOlhX zY@~Ff4N9%`HIt~%yJ^A9<2P${gd7OqThp)NXns!<%OAWr)=5a$8ZZZ|AQfEy;_pHu z95TLn`E_%UHK$U;Y(+_(a~V6Z(b?K?-FUMt(VvxhVvOQ#k=&9&x@nu`vMVpJQ0tJ1 zs34heZ)dZqv0v^WL~hAJ-&bnrbrfET=0g7+t9AEUrVuWD^(D;dJ@{>ukgPX6a=%CN z`Cv`(^nkrX<0>jF>|XN2EV1q< z+Pl9vY)`u6+nh{`(1hxCuUm4jjYk6|Q011Yx!N|B-SI;{J5)-ECz;s&O1qy;!7iia zLe1{gWyRp(tvDp<2Wx}J%>k~e#p_aV)U0Ol&D;Qw9T~8LzT5?73RpuGp0BfC}F)Bb#L!5Hz0urC6 zm}rLgm(cU-kRF!@ZI5z}&Wmq&>=%sIEBBqwb0M%ZbFKx&4xAq(nwWO|cv|&vXTK3l zgC!Ml40S%O@JxKn--u@B9N$c=$Z6@LQ1;kHmTk}5DMX$7ZB+#2)d4k(3qv-!hvzY$f#pp&UnAL7XyT+ z&XlP=+e9EUFRY7CG{cR0^{0Ob%;6OpT9o(+{mZ}fg#buESeP6l&VP6JtVJN--w*)A zZ&?Q!%>y}9fK27L9(cYB`Fcl(i>Faemx!k9u)F|q%QGJjydBIA5&8OgV7)4+A*{`zoZ}aQOng$D7eLn2Ro>r zR?6cb{C810oq{2{bvv^Jh2Mpd=N_;lwmSJCEuwAu^K!&aw$<<*b3Cik>^;7%$0z7x zJ+e*+$4|GcrN!Of;hpi|J_*plhQ-nlRa*ahxDck3bnZ6ISVUWa z)45L0lLuL+;<5w$SGs3mvJkB`%F34iHejo^FQQ2FZEY<5GCk!TB+zI zcNyT3ySr4>E*w89{w=PUU3z3@Cs!S1?CX2^f;stSLQ~9=*>S_2DUpEV!jdA9>*Gq* z(@ox?N`1q5d%1cQQHgw<7<%H?tyR@_OjAMgj74StWZ`be^3QX`;`9Sv^ zqy1z(c3#!AhWT=jgM&L-Q3T*ep2lAOg1d_46;#|Cf~(o7&5C$(Qw|TO@OezFrDv`E z_)AXbaaX^~tpq~UKg?$FUj3of0nl|`R#&gMeDXH*Sy}b?)jko@gt*md%`O?vTu3&K z#sye1Xdf8Vmx8$3jpwGPwVNk@RaG^ktgKlG{qS>f`P*VDuGo&Fo{k6TyCy?Ij=7@i zTnTJ6deu9V6Xm1;bfA4pqyD@!r~xg^qhNI&|H6@UOU= zJ%+7~tqvJ=ojx8}u7FYck_5`$Hhym^^Eh9r_R2-v5IH&Im(2umVcDg44~VWQZQZA)SG`NRW@juoNOa;Zms%nKn)l4WjRHe_mH=KE zmaUujHtVsnnHMPA?oyy02NrOt7DT55w%?3yrXUwAZWhKSmxxk>?-7@k|csTa3# zjx(0Xw8l31pw$%}W|~fc!3{-zH6=c(9ME0X-W>!= z%%Kq;%I1nZZ&$kU{G)#+u&ZpCeRP>7BRFzk?iXa1VvR51p4+(#5%a!%Z2AK07%zG= zUV#X9OI_4#QFw9%b!gP2)rcazWgplJtBAT)_P%`M$PbQS2hNUw9^oV$pQ1W0OpOk@r)&uS9-_VRZDO3N%roLQ^ z@uAo# z7Y6;$&z}=aX`(bt`ebAJUg2@_QDt3zBH8mN-D--U$MM)pf#Efk2TNNA$fw$Pnz=kIGFd2#&WCBobE^aY@C-{gxXKwx|@^-ILa_7H(z zX00#?ZRiLYBbPoDwXuF4c_g2TNXpm^$;`$Kq^>nDr2~>VHM*BBch44Yh%0AjQ@FtU z`_e--Mnl-=>O@|!?(#=ZsECj@^vep%mxxRG-r3pX`u+R&0m;HRg#M0cgvUhcrmide9i{i)e(Yl*q}vm|yOtSnDmEr4BF znxZPg*C3jvZm3eN_^M^Mwl=)oa*uJ=n4iDU?z0o0F;$JP9*P%ABYI}XW9;JI`nQY+ z!r|z)a5bxAw|%74Cd8Vgvs+`8rC-^CQK5IG4vv#_Oxb}VQ0;AR;&bnVM++>qT`c3f z0?R|5XpigGa%%jQGfp zHQzQFi`^RqTCC4*+26{AU%Bl&#;xz9M^K77)M8n}Eaw<8u@T^S20SSc z$*f|(+Wd9wws0$T`ZKRtbs_m@MDASzwPwo7?kc>-SSN$$>*TeU^A2X>K)N1vc{Wa{ zP4k5}eJVgRf*E8L^I5X_R|}n;ZCSWl4cB!UGu!Cw9^B+VOgWE>Qx^t?UJond`_sQ^ zdifa93Jy*i!D96kmWwaX3UR-GId+2!p#=#YafFXR$b#In4kyJ0Ms_G3ig$aGSoZ*6 z_iMkjJ!-;-84}?)#bCK&BrV(9xQ`h;U3m)fm>o*CN+;=T$Xy= z!SO+SkDwJlAN2OU>Q^b-AN(VCD&?Na%~!IbWDyTy1Uz!HAUP0r3U2q|J;F7lTTQAv zmrX@zjt(eyEYv;5QZpGEem=ZhFq;xjyVb!P+3tY%O~N1-`4I(>4+d=$AgB^hCX6x4 z^uXZWy|X~Sm%$4&W=40e@8K>uh{}%~#B5=%K$uuz0)E1Ft>$%PfgxVm z%OAr$ONSZv+|{)K6}q$f6;+q)rAgXV8-wJDdB5FbCv~eN@yfEKR^*1~t=?dtZx!R4Z0VPPPVo_vjBwqy}jG6JeFWEZEGzTmi?Az+a`{ms8KqvOvML-IL09# z)8!bqKO2-0@ejydPoG*7W2W+t9ti_XCFrAk5m`FyM3i*Oq0lD`dX~+P#;1= zs->?lkR?!FHvFm(19f-y`mF&(DP=2EzvZMy?qbj75zIRc<~8Cnjo1r zOJZkxb!OKowQwaI)DDe!?&7F?vDD)FHA*S@?=rYmQXUbla+A_Kdkj0` zSEo3AGU?9@>=_nEY~k0J;_Q^sXG<>E=yhHkk1)Fq+Yy$h(m4<|HFg~neZuK`AX3-c zeA)XV*^11W$oeQ`y`{thj#sPiU6#TRJn;6yhw&a;PY?&rd9>RY++`^Dj z8%nV>xDhfEOMa{Mb`+ipD;{d`Er)o(zyciv1r78;*EN?2t)Lah7TaA@9l)_9VYjp~KJr;2ob4a3z{*Vltw(0*7) z7RI+M09??(ym|Wp6J+S~80GiT0=YkjDBb;)jfJ6!^CLPgREmd4(wQvn_N>s5%jn~# z1cG6MtL6-O#dHg+grG+-q`l<@n;;m7k^9^d+Rq?ra@sv*rW?R^Ltk*kJ@n6Mt< zg5rUlH4p{%oN{;AI;rqolRKivG&nin3R|mtxszwI&C%Zza&DC|2}Y*7g3QUHeR^H2 z4tRHTTAaz^yY5GE(OxQ=P>mwTu?ZTpN#vMGoGi*5y=iE26xJ{k)X*xEF9m?7IfQ?X zT*TVx5)BIGeyST17PzOqLC&$AE*IDCfJ)xgmmm2FX0DsO-Etw73O_;DRGdHNrA|Ky z2;1BofVySqrVrM}@KEI*%0C-&4vigNJt-y@Q)oCqRVBS;QY-V4!$&94{$&hr51_p+C7ls{$k zG-&v`CLW|ct+e5!C~NwSlyfN}Uaqmb0vazGu6+C@jr|L@k}j~F1$jbT&nBT4Bp4~Z zD(}E&Z-C5bB3 zg&Qnwt0t)!nIt#|`35UT3Ohre#7Y?`}!m z?zA{!RBH?zf1g&yoYu0I&>_n~b9+SC9rsQxx+riP!SQ!g8j& z`%N4|yYC8bsc6jQ8G=yQY{>1>(-gl$4cbENam-9_?_yVwBqGStAAAbby0a zL{kbejZC5@uKTBG$q8qM5ZdyRWv=H$!tH1G2c$LUw7a^|*hVs1W=7dTBUm*PVsRW~|O^ z^pNO&P?}Z2SD38g_<&m&(KJvV8Bw(bPBo33~DLW}@KT8+eUtUtVYf;;C;YvQ6M;o?oK@ZnyOrWDdM!`L)c&WiA? z6MM9_RShc5P!ASDW+BU|yo|E|A_u#YkO(!}iD^;5#U7l&U<%Kc6H?e1#+VPqcfE(z zgtB0Tz3}?U?Iz0UUc*@9fT@Pz*j(1~d0K_s|B^n1+@$9Ewx`@lDsdsn4SOJilYM~Qp{8gB*BQqoke)3wC&bNAhE-5kT#3PlSs z&Sy&?4BiV*mzO2XYI>zTE63lqa&&uZ>k62d=BulrN$gQ;yG=#F!UNp=$0adK8S@rH zMK$C7Vx3eAt^5d(F$q_n+lX;>X_{=Ac<{-5N#0%NLf@~QJ7%t`xl`0=ABs0A66rkA zcU#mh)H3WM1c@2VRAMuls^3FF)Cf4^{^;ZVQAWJODG!;xFPrpGr>L?>x$j zlySaPNm9Bkv;KC*@Lz}{btW` zFIOr>Q;(+`Ue+d-e2PaLyH=-&SKmAzcI@L@HC3^7kQDo;u=o&j4n^1i#yAp}525#8 z+{0~0gQ4MSx7CUr3{jVe0GNprmWpngl^eG zKmuv0M6+7Bmy|^>QOIcA6Q2WJ9-0R3xJA&Q4@7h6cipn;`z862e807yQj@F`AA;>8Q&b#2_omCE&QXTE+e>3&X5z-ihhoc_pMyV+3HB(uQtgh-+XLgdz3HUEn@+B( zmBW69sgb`nCL;m$HcCzLyxgO4NGJOn3hPYF>R1ndc=*M_n@9jexlM_ix3%FcIF=nM%oZ~3v%u3ex z>%$UyCY>NzBkovD_v!0iiXuu0P%5pxT)gS=!)+D@Hy3%?QNS$I;666zg+6Q;U%SN5 zz}J?HrgwFKybKo2=s) z+Renqpghu(LwR_1I!^7 z$FG!_1>C+1ZncaO!DY$z40l5k2*pO9qTx-sg*SwE`_SKv309%?vOUm_b5V-Js~IU+ z(Y=|zxwR!25?~B@OdJ`&U>z!D`V5^$dwm5F_K=UOiO#eXygqD5*>p^ZX;anN34Y-i z>V?uPk&&1-BIYT~6L_N@enPS6F}CMgTYUIvp#5K25eeW2q(-F9e?x)p8}oakw^Fe; zss5%JaqyyY^KAf;V+vSHk}7TA;biZEdG}x&rC23R@Vcs5>Oe!&k)V+wJc%AZ&3<*= z3l$e{Z$EvBWAFhkRpf}-!DOZ0`U|p%f;vJftg%7e?XAmA9-iSfi%pXgmZqZ#^?`ab zgK}1dQv7h`#zxEjqBqPdK|sLhH`(E__1D7aea2)}0!pil!Y^qWd~J~5(g`2x^JU+r zVJv^5Vi@{pdFAP{(c>>X<9^>LHp@dGK(=O_Z`1nW zj_ddR)g-{z=VH@;lxUF4v>7}Egc}Ml51aVd!#kID*n@OQEk`7gHR1#L~Kbn6_=LAuZWe3xe zNCm&5CZ2s48V8QA)|_4nMiqrov$?;Ya#haBcRa{@XL3N)aLG4@_U&NhR=X(Esa14N z(2N?4hWHCLS*?ZSplCSlPhj~o5OUNMf`u&8U+*b{3qPkQw$Uc&mL7ZQHc)>j@5MZrAO|Q5|z>v-cU^cevx567_onP8YQ}B2!`t}<&^*6jL_@>QR5r`kc z&M&}dG}-E^-x~=a<@K>W{HfDxd62%?+sYWdHo}yK@dwiM2dub8MnjWKHy0r?!e^fM zbbwIQK~50dK_o7;u5D*To-&99*Bi z#WC@Rc(gAIeiEKc-o-YZS!MUp%SWtw6x4*N$l&wv7;8FI*hxUM z0fin0ax`RljkLRujXI#wyyx1D-x0MohbDuH_9TY)kBekZSahA;#-u@2etG)UGLgEn;~vGVgPP)@#qJyNl@ zVPEuPAepR$&0sRWS8AK~du&7)-?m!Swe;sO{OI;JeOZS{^^8h6jTjxuI;gk2rH7?v z6e2k{5<MA=&+x6m^7`ItSMH`7x<)N_!QmVoBj!_w@@o4 zv$o$A<@WX-7m=N5g5*XLr+JmN6h#7!Fg(8zoGrP)Q@m&0-r_+0*bs}xL@ttmcM8Q{4r7;jRQTm=87o`Cm~hGzG606>>d#KXkGikr~*BNFh5 zKjzl%rc*KWbu4kzuq>VDp$+CgCllG?L$sqR*eoY(lJynXCg?iEY$VtNc$^!iJl7h& zAa*m(m_2eG*5Y%{w(A8g3VsLcn7yEFx=CnwXwMg#F|!C-v<^bUvL) z4vmW`g+F7Y&rg+yU!d_=0NMcd;5+)=$0aGCwuwmgoA1nqWFb+4Z&pJKmF34%9V&_D z@3?mEAvKJ@gB>Gfi^*DEMx2|gd+|*`(5%l;>%Y-*`ba*l`;?}t%4RtD@P)gw#1n@^ z62e0UsGlofLx~W(y6|HpoZ>mx}BoKHjNP-hP3zNif zSN$v1x*M5j+XwZuJ9!g6I_JB(>%Uj5(9X4L75&whM?j0qn4AZD)69prnoYMwHSzEh zlq>#nr{FcIlu1d+ZO(M|qjF#F;Vbmi>QTcXb((z=n$kSKZ@bewi2I#@+sU#Y59#{R z^;r4mMhM=AJ&I{DLr=JALCI%%cE~=!v|fMwF{MonlZCW@3#jiOiz}ithQWo|a%CdS zkSLnY=JmG(2R;HOHVmOv{n2cr0PF)y1g?rhWG}w1E?&0h #$PW;Ja! z&al2V>+1st*QXQw`A#QT|BhF3Si2R!SB^EA?(6lK3`loHKz`qE@^Hllzl=f*t zpXc=*)PAtt3H?I$I3Z{1T>Wbi7YD7IC7q^#E5~5*O|R^5tK!IJdgW~4?W@C+Jrd4b z-5jD1vCM>C!|hX>q%u@QrVGOyd=m}M)G7tW{8(*KDE?O3&@S%w)bwBSH7&AmK0nuF z{u{0x3&<)4eZR?}TqhCkmowKWJ>L2WeW#1|s+v7@(gX!RrFQxj`tUs|GY>X!Qn7`8D;%s=HoY|F8#81C?ey! zliV-DX#l6nqnUSyXS>)+)2KductTH)Sw4JC;rO)vfIm>vH2e5Qvj|wEilQ* z#`S=%T}_oUxBTLfagmibP&1%ilArqO0bMQfWexXxPZ^kpT7XDR{gUta{Cs3vd3}x= zO6ugrad_z5%}CPMm%ubCtR^0@db1jrDEx1pVfc5n^qYNv~6a zGu?Xi*+Yf%SWyFm)bs@x8tP2h2;*j>>#8K)@LIJ;HWPWL+Sqj0$tY;E*C(x6si<34 zWQbFZvBAPc^rCxbfCYF&sB-J6A#2j$ranDWbB4a{HeHInbP}LzWuV@^M))R^Ufkc|KW7VT zTVhz38^85t(&Jh(M@kC}N5@B_G}M?HrM(iy|Dy!|2>VD^YMNAgicTr7Wqs%9Ol0ty zs(k^go_O4#EaSVE5#wc6rt;R0f{aI51rj)P!};rnb9y-1d+s$1luRkkLWd<%CAznn zP7xCyiNI5-U2oqSuC`_;|8goBJH#-<0?MEb8JG++I7n^UdxTTc34og-SOa1?X+13P z`Q!Ud;q@jCs&A}z?+aChLsZQVwySsV?FkCcBG|TTn9$H~3D25~F6Q|5*wa#GBL@9l z-=cg1(qY=LjfE6oWHF z=HEX6Ya|Es9sj6y$zUaM1j%5aA;Aq2EPY0@*n8BE)|MJSrzl6bwaGNP*w(ZSIRm0* zFJMB_i&~xNf+IIqe&$39DsQ^&=Q%`1)Pb-c?c7f~t0~uC$^wOl`NO)=jaJixt6XK- z2Jgvji3C+04Q3IG*Dzgn@i&RSgq%q`HJ@EE zfymY_8q@1S=u`f5nX_r@AtiWFhXEGNu%rE5Mp*NEGw(VIlQ>w&<2*mtbOTWDB+tH* zP=HFp)~TkaE((J*c3mc_5lIw;hiHUIuJ&AaJxh+jIaMHMjZ^l+`99gHtHhy?X=V%% zCGpTyVT|ei1u8%9s{e z3A+Y|sHA5+(LR#yZ{78G$hZb)zClDZtK4|* z<)h>@nzt3F?_!T^_aw?tRHyFQfeA%Qj}|kkM^SATuOcpyKNN0s<-TP561XJpG?t47_Y93V)8B3k{J8#A|E69K22^I z1x7o0k(-#_sV12Gyg{SmGNK^LJz`1u#y71F5o_riM(ax-&{-tJ($Xq6?wR+?Q*D?k zi9NK$Gm3B|bleZoG{>Jl9qk6D7cqLH+v8+_xZKFXj@4nZng1e62t_K12Wx{#knIx+ zcWW9qAFM>c92A`@m9Abdrvu05F4e_I_0Vb<*n8-yX*|!3uG@oJ%$NtfE0Vb%(D6U_ zHeJ~{SY9_d2#8}wi@R_G0Zi(3;H#1jh*|8f{F#vXIBp&GJToex9L}mS%ZR1%2`}z( zyN~-rME{;Mn-k3BqwuuWD(XGD3emJRvX_g7r6o=XxTb|63%6pf`%7h`+>AJUDK*z=pQwL|&UI%mT*sJI z6B95fj!-4)uc=bOk^XksJjQK|w3rqRyNYS!03H1!?tfC7itJH{Q2H0AavE--Z|^pi zZzhG=zx<((`_bccz03}WEQ6N+@|^F=Vo|;lHhPJQfF+LT`%>i>JV%|D=*+J-Oido@ z)7GzUm{~VJ`2{2tOmoMhC4bTZxuHlzsf)Nd;a5Yo_L7XyU!99&FEI_Mbn?!V&9Chc zHF#i=nsJZp6EkPb&-14WIlp7L!rKf$#|H8bBq+M!oyWMh>q@&h?xBD0%ggKgXvvph zCn7+tN^^d-ZG@3LB*-~ZK~WS3NPE=s3K-^pa{3ey4;W_LJ>#FHcCDcC%pLN88U|N5 zjIS)p^4e=!wfIa>s8;B52Pv4T_GqhWv?zdlD=50lrVUyPXWumkX=YjGFjyu*IXOIj z%X3;0h!k`uKl^-UD>QbSn+^ zPI1~$SAdv39k&x!K&(1eviDH|Vk9A7X;=a*Ue{NFTI>A8!w`vQ*86wW@0_PFNHYW- zhC(g{*Pp~TTBf%gw4Br#r%Yo14k!)A5)U5Bw74f$7qoV+GwkPxwcD;IeGO4_eGvmo zJ3OZ$60dJJoM(jO9%k%OcY}KBFr|a7BmIXjV*$HMFZ24-H>W5ly+qUmC9Djnpj@wR zbJdq0N;Jp#q`YK+J=+Icw{+6sT2biz;t8YayaKN8D6f8@;a7YnB*g`w-9+v01?kxe z74Na{*($2(!XXwDAM8)catHdEqrH*8XtFmZIr4bNQcex625*&bZ%yhg5b=0;mp&X{ zsRBfNq~UwoYiVk>Ikh}*zJUvGv2hx_;a+yZprLxR*Obs`CutuDnxP%$Uar;JbOHAo z?w&f}J00yf99?iMBBykxlq@!>)h*>u`3= z4?o>6)`Rek-0X}nUyPF;MmDo!x6Q&#o40i^wFN-VG*)&tPm_`JZ?nHsOae$Z>u@(M zCc0Vj5U%-=^u6+n*KUrOt9D6p$!a$vU^L`?uB&=Q)+ztMAnMv+P$@bv;S)U$7M%lw zbMdyuQA*#=9vIzCDwsm;blTt!M&akLk(=o%F_eu#H#zYFKFATxj`yPgI-v}5Q$rw* zmNsVlny`C3ghgNf(@IyJI7%FLX3NAFJ6;rf}fOq2PE( zFBhW^w}QYW`wLO7pc_`isNZqYzYRPN72rTgoBDt>N_>C$w?;e*UZ&SnN>NKQvx={b z5#W^hEU-hfyoduX4+CY!<$&Aum5NFZD8CfXFGUPUs(e(HeI3rFJntaUvT4oTq6mCA z*VEY?MuPSX%DZGFYD-8tVcw6F(pyjt(Lz;%wO{ymns?+}CZrHt!o^E>Kt)pu38m4!UIx4ojq$G zJ3LidIB`4bJ;>tn`7nF8`I3!o=JaTJn17^6>F>R#O9*Qih{jWN<)?t)^ZfTua4|2& zPa12g5LuOB#%5o&@ssZ}gBmeh2nhQQojbNKp7*oUmzVBhp*4w>fyzUA)x!}Z#g(wH z2V2qaeM-a#ji_mANwS~L*1^8Inhyrp8EGGf4}0X+DKTIN)WX7&7PR!WRWI*{46SSK z0RP@QBNP?2MY5EhoMgg1^5g<%%*sykl-Ld^U1fbB4IpKKs-H58Oga7I4ulVc^h+{u zhsHWr7(A+Ea;H8?s_U(1g(*ul#QB-q%;x&8-a8!CI3125dS3}!jiVkvkWA_h%H?^M z5A*I!1q@#N&yqdT04?uT@MubMlQsA;a3^{_EOsF;_CL;R`|6lH$lsW**NB|m;xVXCZE-v}$QkALK? zNtr^Y0k5sX>BUI7aLe+*x54V>IkvAIu-DvveA;VVA;_O7>of3nKv8O1bBRcIFP$d( zaXhvTc3>^+P11r+{JDUXI8vWL;l13aX!Jh$y336})jmcA5zg;X2z2zCTVRqfX?pr( zstxZOQK&?)zgC0Z#rqced&7zX_wEcgnTr^@(@Y^I$@^wxH7($seQLz*I|MoPqXgL(<}KqY=@~OJ%M>CAlo6R>dM+v@cu7T|(6=xweI|IoOZG37 zfGhqZXfaAJlk2k?Kgv{jJ46RdPPs}$^0a&XDGRze{z6LlN%;x@6GI}#65_uQ8mMbLWp5@EhQ5E^rDuEZ+>697Z zmiQ}DhGiRx%zwL`hzwL|jL%04|73+V)@IrIn7_UpT+MCM!F#JLL+f+!{Au@U~ z&!H=`B17s$iGCSnh(ySiC^dBI?-L1D*YgGa#^OcC(?Z!BQNZ%QO__gPt`FwQpn!c* z_vp*@S%80C&`7@M_x=yB&uO5FMp;7tGKHcND2wQjP>haR!^nWAjWs>x5rx;^4CaaC z@E!OBW*QbxGnCg0=Kp4LAuA=Wq)Jh|NcOJa@5EC_55E+^e0?bz%_jS|10ZRg%{TA58S?VR}c77@Uq(SKh(0=eg#vVHOu!{gzzY{yb``+=um-V5otSG`r`E5=0UIhhU;LmR|{i+ zx|g+$r!`T!MxbD9xW!&S8Vcf1*MY=XzX|SEd8~Mwm;!sSJUO?fH!H9Cg0S`Cb+_C3 zhJ!=Xc*LG)V266I&LF{m6~{p0tkywRICP@bne<9X+2y4kiHWOk*^!EePm7@? zf8(P7j#?{n7yKEhL+Q=1UK`T5!F(#OEnn_9LXTahlNE3O>Wjj#zsIxja&3D#gXVyJ3;&j|nFQqg3+{1%xxYnv)*fDz(l9qE0 zUtk9iYjHa&<_I@l2rR4;@^pu7cvHU>BS+fPs;vxu%6_QpN&HfkwPlx=QB<*~4~pvsY%kN%TV{Dr23>6w_bu3j)hIvNBza?{`Pt zM4LmDmqv@cb*^e#thU~*bYC`qn0dJ~`|R|?M*M}TSiN5D^YeUTq>~!g0 zqk{czhW;}$^8F^XcJc+?G|JOv3=!nBQu}P%DB<3x{CF$wEIl59vCJ5c^5DSUrne~2 za0qj*K(pUL z;c9k}*=Zg*>O@lAL>X zKS#2vNiR?!?7t%8NSx7i7GFf_Gy5gW+Fhf3O2RjoiIl#S4DTOj@AQf{toJQc5>RwU z{VI9Eyp$oA!X^BYuRw^j^JU>1p{qTuM zYcI#4JD4Mr>Gfq;?Qn)2EyC2tbS9_UbvdFT^xkEj z^fT!*-{s8LeY13T8Po?gE8bDBR^B=d*8D`YLz;E}Nyz`0Msk>c=~8xt|Jd2>lfUS+ z^h{5Xj#kl<`EQX|ENnREwGAb|sGxakd45{$TN0lss6wtP+)w~;p=NZ7H-BV4_%%Og?PAV`20FQRm`X>T48L}7LWS!?Bbr=$ zOkF>Jc^%Tv8l4rLgg^X`tqc8-NnOmrT?oH*bTeQ7Cml3?))rNOUUet^CBi zJ3McO@`8=D?v)VOatMY-?*?Y&R39~G*fcsFy*M1Ix?&8O`Q*0K;03=}$`)so(N4D^ zPL38Rnjel~N=^lwx9`Q4;;Ga&ZDv5r_4bJSds_1TD%-1)sM3ZGG+$_IOD zoDI?Jt@I3D3_lhEv5YMvxB4fTU9`R5-HxqypLjQJbqwe`U)pYFhxpaBu9Y+V$9fzX z3Ny%lo9Fz5`Ny<|fQYEJmdm_cBz@izC2#a7(b;yxB2?_~k=BE^P=8&mh+= z`*UGRQ@7cpUwa{w1A2yG|8RRwb8QZQEEcj<%^$Z1f=xy|`|h-ZzD*rsVy|IJHb04p z`1Z)RQ6jift#D_jUXpm(C8i@JB_=00*+Y}@loM3tn4NpSg3sj*{!{LO!73R$Es1+3 zYx{S)%JP3nwtPWQ4>Vf{GKtl-;HCX~>NfYgPILQP|k^2#jr z9D{vKkrn*ens_4Q#WFs|d1~?GeXI_9ZnbX`oS;K||FcUNEB3*!gD-ccXMR|x2~}r4 zB})cW9&AN2WVuw)jR8f!?%h~iv=eC`?N4eyVKVv?`YKKnc2J#bcY(*SpD zh7WO(qVJa&q*DPjq?|{BKc;;fsX8({g)v`v{d?k)et74Hmsg95meYOD7AAq+80%Xl z2AaaJKRsIb5r66FA(4V7D*mbmbBj4m#Phj7DV0+yz*Q+tB*ztVAQ|HDdIFI#2~@e= zeL0;y+0ojfU(z=Eh~I^3ot_LxLAJ2(;xPWC)5Sfgn1TRa>e$D%{-HL;sXN+Vne}$v z_ik76G=Py_l|ND6{d%&xi&JPTC7H&gFRqE z75Bx$f;T51=>0|qa*~eJXnRN^)mxs404T~trT$J=DMm26kb(Z#k=sLDF>>!+vm zImy{EHdK(=G+%ak<4zTs@GTAnF7G?XhcS_%^$yP-1>C}HJJyLzuZW+z!+hfebyDNE zEV|wf;;|Z>7@SJI*1LNtKpVnDU@m+-F3`pDh5X7c+>n+Ulf&q9<%GOI;7&+ugkeN^ z`6M;9#bw_Ny^MnAHX&UXhArrW#>aOpD8J3xQO~JHD%+blOz&>XP*UPlR@}75C8&S{ zgYM$nPc~v5LOmuu9(HFY-V_|W!Spf)HO}AoJlkb+5CFF zr*5%(d6>;|Sz6QOAW`h_+=%_JX&8Z2gpLoj76oiden)m2ttBQhRyR@oQJt7TyHiaU z(^@Yi1E%8SE)E9+JNdiOMNg}QF5(t_}`xY$%#@V z{O!K|PYPn?xQLFx`#0nGmuXMiR!|y^-wK$2O1a_pk0#>}WB=!jfB5>7`WIh+O8JW~ zs16k~nG83A?vaNU!ImD^48t@Ts(YuOd6(r`hR{F zX!;H5;$xZYt5eyou}xKb2a=o_4StEZAsN>0C|L z@#!R$qpWU$RqmhG&P0LFjN=pb2@J=QrRf6~lmYmo06rA~(Wg=E#*#oIt#l=~vd7=u z7(ADajpD42?xYQ~T^ZefzSQTN&-}D5o$nwncIERHbtQ$C;Tj#SKegZkePG%bf$Dnl z$_56(aWQ+^FOMOdvr)i-6P4Q9Fu-Fx{nN56;Ad^XlOeC^&5IufQN3I_<=xLc7kjmR zOi}gLMAk8R^s117kLsTVY2`!|prPqtl~XMV zYWQ@ZOx$%(>&j!Cc{1wl5Wvc3=TlW(_|{=2p1mQ7DAwN#VIbmSVD;_n#&k{sXjwe5 zfM)1{&Fbfl`b;hx3yJAOe$nyOPc0QRXCsU2CeBJL{ScX4>o=5jzfyawR*a$f0O5Nd z4mLO5o^&xPKrwe%U(h8}ot0&QBYidv>rFO4yzx9U-%*c7+K;B^OyT`KIO0IsFtvbh zUYk8i02d7b4lZ7K&D-sqDd-L3 zps#<<{AsqM+;`W&|MDpPvsDm_WI$3u7gsoXD{{T3P%Um^I5m+z))zL?dh$Wh?E#VR z4`y*;KY8x-91hR&WCujgrP9!8i8NVpSZ;r=o!XmL@msmJp8LGdm|Ge$6X4R4BU(X>|ic2;c-am*@|@eII#Lt zB2ZTNTUX1BSI*>Ggn)bHUa`E>^n1j}n@>%^cMsA|ArFg?B|F(24Jt8pE5s`g3Ko^Q zf2R4A^9d1^N`J8b_3P4u2W*aXVeuc|iUt(+`E z9><~Rl*@VI!qxZ1#Vaz<<#z_@$ZPDXHkufKG|YcTD{*15CXf=Ot_eGyEV@1?BqEo% zu%b^3l7}A2Uk{6y()6Gi-%Hf4`CP-d`79=Jq4_uYW`)Fsb3p~D*KmMu8|rcM1zq9- ze&V&b_l{*oPz{oTW+*{K@c^ecR{|jlP>t`4SKw=!Or#*Ov!5DRv4Cfcmt%Wiyu^hL zW*{PMEn?5n_xz1y3l#`G|gFM|6ovtIEnCK=@*M@lqwkaXQm5>gJ3xQLMg(y|ENLo&C0`DN95|Mc~Yg zUH$#CAFD5;&R(p@u<$tWfmW;$7nWW&ua)#{m;xR4bz?%yiK76FZ!W5pkQhLO_#ib% zYL*JrBI=R|f!tr8iZ5(2j9>qu67$sW4kv>Gk9zSkt(U`u9~mF|n6ydOH81_PaI!R&(F+ zW*Y#DTEPq}hNNER8}x__$BU_5hRHZ&IYSbmPtU zIXG_=aKJCA!YCm%!w}{vxHlG9BsA5wo!2X2G6mOJhqVp8eog*NXU;W?5E1(Be5Pb_ z89-m@q1AFPTfD5Yaxz$F%Phpxr?iJ2^QKV9O;^ynz%86!Sw^Zp73d_jdP~@G<~!ff zUvszlMbZ{?t^$M+6mXnctJ>)f#OC)2G9QPf5L}_Vc3>*5@^$rwlB{m+MyY#KjSgiJ zGJpUCID3ql_q)-@#?z_S5u+ZbY%7(d=cofcL#t3xN{b2l%%$>Es##Ah=^T@TY2^or z+=p{NM~^Ka=bl!#AoGp0fv9M;1Rd!An0`0V?8R6Dz?3#gcDXm+P@6je0H{j@NRuL0 zv6PW-P&IVItAwYShhIIW&uOz&Ih)6KT;u+wNcv9kQ{`m!*d?+)*-W;PQnsm)W9=3+`_)!*-M zg~8R5WMd<~Pmy_~ne?W45L4|>=OfDu7#t3sZgFS4t*t9@>Xps>~*|?RPxQpD4b|O%*5;lv-{7UbJIKh$YGwHusKXe&#TBLNDt7~aEQb{# zcO4HNwHj4M#-ggC`JuK%fy9|`(gHTIvUW4$U67P8YgjIhH_ z%)PS+t-kA;m69GVwpM${R=!nJVYNWZsZ3h!Q$C)xy>TzXUt}~tv8OhskG9yEd$fqk zuGefUcAyF1o@-4$@>$Z&CX5WI>BM5b>U`Q_)zmg1nUCaX@J=d#Xt0un5da}yPp!ePx}^>$KnE? z)qHgRnk0u$P9~dO5THC4uF3EZ@Reu!oH@QU(

U0Pbl7sJ_@+LEQ++YWp3BCoP;2t7vO-bAk2+VMf~LCbf)-Q8qIxJqd)7XKvbYfzU1`>F&Zi21yb3i_qY|V-_%=Fo( z!x-ylZpz9JgPE%Xi7)~x-%g1;y#M)0>}CuzO+!uecP4rN;%D16c`Y91R^md!qw%8Z zin|(CzB(~Y%rS&F7k1wI(q?Z1aM*XJk=dG+W6N<)@=^4X#Pd-p1S~K67ukd!Eaw2s z^Oj?HmG1X-@3Hf1`V$pBP=O*g0%lRMoc|Jh_gYh5@Gdox4#v+IY5SR};PG&5N5JwT zUjYCQl%eqi%E%~GS1we(3}*8m5`?t^kP$0`xmSB%o@PIjojS3C*zXX|(H|x%k9ZU? z$SXl7ap`Go^T(*+(wpXw7`yWdX+1i%8SEn1o$=OjZqYLvFo9M@dV)Ax6L$(`sPj^a zTEDZShW5zpM6KN!SW6jWdPbi0pvn&%bCehV)92|9{h9?rE zl>W2@wHxnF`MN3FiyBqV?FyPQ;6zgDYYf9)7>BBDQn-pS$b4yYIpt$p&h$ud4%_S zu!oyl25{{efA%WOWgJaf!2g^pEy#jkNA-GJTxDd(?W6_Yqlem&>1hCfR#LlP`2Ntq zV1h#HE^@|q=c3modm$$kP?OyD%}ZZ1NwVd1DjTtfskda^bMDZscEf z@qG<&YrRQV8UeMEm=s%Oe&NWwwXP(s(P)vvIyoN^iDfb2UMg$aMbp-6BL1z?x1ig^ z;az38kB#yVKhfJaKd+tq>MaNyZPf-EX_o@jDa+43z4|lMoAs9KhWLEB56)Ma_fCeC zlpl)vbZW)#6v6Vm$(50XbxD9|(_?SW1$|%uALXyX!Pk;!X&a4?8w(env#G&Fd4oy% z1QCdWd)1o$#KrX#`P{S%l$ulXWQ&r4?%g{Ae>2P;UUe^44P{=E$f`emu=}YK zI4NC~u-vrif?C|}JW_y4Gup#&;%tl(7p$1H{n~8&;9lp>z_6xAiE$2q{5u1yveM!F z!7i#y!5j-C*dju4&JNks#a$Uo5_2oD*I~g(6Zc*U z_Puq1(9tT22oY7pOKw82rzYC5#wx=pxGhNW(>n+jB7woUF&4MvRu!o-wPJym%+u3_ z&OijQUpJLsSA-1A`xzLzYr9+>191M5(9+c9ZH@OWA&L%=N4-=cOSt~^C0k7%A^oZ> zvCmNaO#*XjX6ovNE*78yK%i5=vEOVgy}JJiC0#Twchq&rE+tu1Qe>IO?UkVg*02Jd zfIO)H+lLAMa8d#b9L!ZkKA*2)L^b)h)of+x?KHz&0fje2d*ttEmkDH^d=ZsCz0!#W z)T6+tb7?_-iy7*$<87Kj_f|hkCVbHz#k)`~yW7!rBl!%mwhHgbc^W0>Az!1Y3iaA5 zn7dL~A@V$xFYB+_i2RXmATvTHP;_I06oa~>gq#^m@?pVL6xjz`1?F|F2s!wSX5~+yvY4>6rplw!Wj^LTM#NLzO zr_dDqmZB2*k1O~}f=1;eoD$asDaXIP1#F#Y>Z4c7G``us!YwFBC@3f>*TFA1cyVRg zpIVw=pEGLeq0w5XwAK)nu$98{mPI*9ib{%A%Gw+lPks@EK@Kq9sz+*!ixqPaQ66y! zpO+VAAdU*9p9Sn6$U{$QzcG$U`|WyL`=so67a29klA=Uz|t^dCf#zTEXLzN4W|=_Kvq;7JawXm*a$w=di3sSj<8ItM zhLjST{;Pqr&ZarXUA9>A-u+t`h!7Hv1($xm0Zbi$!ND8=vHMQ(N)l?S_ntwJ1oU|^ zrLftbLs8DQweg?h#7~i7l(iBPYtity7?ZJ6)aT+VSD!xUl56;sRpqwe8A}&pW zn)~H1bahalDjATdrq%Bbd)cBS5U{jZH~LvoKrQiN-zC_dk$|FJOCU|{v1Mh!iyqwQ zWn6xJ0tf)cdm@P!t6HjBy6+iU>08%_=s_(X z-!X$blmsq$!JmG?F*7HHz@GBS_KYX;V38u4BF<$%W=9x=7(EC8f(|Led`c;OS)~=cLr*(l#hTF`DIvWA)eY!!* z5;NG`%>n7S?4mYOwNn4kGXM?+GJSbh7hHw)?T1wj4#O>C^7!it?%OtBc<3x0O_rWH zXVksBFE5f5g>oi9Q4i_9*R85`o`@|-1ES{eiL?Hq3rqK2TGTf_DIv0jWJ0{Rn29Nh zlQms%^D%TN3@~xw!9&1$>?4pj6S|%=`~C5@;nUnIOsdWwnAJ7-HH}p;5Ni^e1m!QB zp#>u8y^rHf)tc9l2MW+|E=GyG6KsaBbgzqg#-*HdAtJhS>R?JP67FSDbNEM+PW;BH zH4`-1B=@@EoX)Lqd%EoObj9?ZgS}ly?_Og zCohmEWy^%G;hrxH(Q?!;C#q`!umuAtfr$8OQ%OA=So$R|Vl|aG9EuV?bVGEsoV${1 zUv&`~Y#C*?aEzgXhC9X~8&R}qHeps?k}ia0So+kgnbDX!Rsvpee_rzN**Kr(gtsa|7W)2;3?6z3K zN_Mol{WF12&)WQvIS+3)7=;Dp>}=O*D1aU{*TOLr?pLAW#f!L7RKps(~`qYuQCTJ34^(jI`L>x|^#|3grs38rwKHvNNh( z8BOe)r8*#vJr1s=5XG(P-W5fUdBiSE$;BY&#Su`=UB}_f?}qAKfMI~~S-OyJ=v%yS zD34ra0S={kd%?qcnP#)jJPWStPjz>1BNfTUjw%920aXbQQ9J|yb05fe8TkEp+#(KZ z5$zE)5d%ocu>~pTm{%8`x;_g^d=!{B_t5jwC8FCwZP|HVGhCqHVTw}wts*wD#m-aI zjO+3&DA=Ci0Du^$1Fd6bPTMnHprsFHK14*%xv^jpVGDOA-HgBl(50Y>e5l8~xfS7W zi0XZ|p00KUk>t z^|R{MY>sbNilmDHq-|#A8lNq1y?VZL+eljR=}}jHMf+SfN~(t z%%%e0lX!v|U8ScBsMKxo5PJ9_P<3BjU6q!jVp(9G2YMNjAt$?gF=dch%rF${ z_pTt4V%{2DUHia@$@uH5m$ldOs->Q%4d-E2mwc2p;d6BWT4Zrx+$Of7^x`Ozc%^(* z_pS(3^yI9E_?cd7fUXWjB!vrM=rDSY9mA$2;j`5-uSVDVGlV0jgQ^40n4k*3s-+IO z!3K^?LHcWs0Avr5m3s5CKmZidH72DH1}!3>KvT#`0MMxK9gJ$ zfQX<7=%U|U#RW*;VMGbwz4U`;P+VDX%Vp48ye_=5AOb9Wg=jOvQu>PLumki!gY}lu zKHGYEf47cX1z?V0Pai{mvVUt#ya)$SEe(b%RT{~HMIR@2Lieq2hukg%lkv_uMcsc? zp@)81DC7R4-MUWGn-4LxFwB9iqKTbRK0c6-x1oU*PNog6o%{g#9PyQ2_?c-@zNu`s z^{`LoOQ5r`Rz1PbPnVfM{}LR_l7#noZlySJb~TZq`13{e;^%58i^q){&R+GPvT!ES zXfik)z@BmtiUUwPm6?wL@Hx+#^6Rd?$CK3SF*A>%gd5g#l+pfZp+mnl*9Zr@P^x!v z-0cWuU`MTAFJ+MML?F1Nq6=ygO%ZOE500MW$Oe9)HAZK@F`4r~1WXqeLdi;CE*nK2 zB&rT02E-{LTbvl_-5p57^NKAfe*UrHHBM5kv)r}p2w{aE`Ls8@r z#*bTF!Qn}C=5S3}JOV6$pUjUJJ{lTH-gQKT5f%x^Fp&;Mp}(T&@++v4R>OY@UuUg` z0|XQZeA1Q3*n_1-O(a5{Lh+uImed%S<5ISh2uSgZ4oqHWWGhAn-7Tn#z?D?Lbtv*M zuZNV=_&uI|1&LUGJhfg7BMJiU#tr_`Rc5h#k5JqdpJ18!I6$1Hc|67EMp@fX;ezPZ z2h=my?U6T|7j4UYC!f+Xy`md8FmG28I!H`$`8W)PcA<}>CjWjl+Xqdpt#38k2wbR$ zduAtl%q+4XA1?E-q@o)yA6h~&fawUNzu||%pu15MB}6;|&?Ub<76py5zH`khG;ySQk;OM!mu*c($7TK z6xj5XUUS?%ckRTb1caZxmevyq4l6q*zM8148wn3$x)Ho7=eixZkT4rGH|otjrhI>d z^%Ngv9E#ubhSRWgb>_GMIR;9U2&3mzy-@^rS8{L_Q)tMs!2Ue>(y8eba2Gf(>UY$| zk5hmx*jlr6bo(_0+}Ir;j^c1)M$3Wsj#hv=%ZQEcEsG&lF;w2;BkOMlBg`R?5G~UE z=q|9ET(=JD=YGQ2=ujPEg-!W1=41`a#p?;a$>cTq3Hwr?G zK=*;@mQC_W)C1-iRho46qwexr4Y`V@t-)VWC7Y3NMTnZ~{Sf6vKlmWX-VZ(RL?vIo zvQnp}3`ck0EsNfYdUQ2XlNX`Sy`+=f<3U|ymalI}?+K!AI4pke##*LAEYMkBKD-=D go-jlw|M$P-8wx7>VbpI`_0i9j!Rqp5vSz{mADCxT=>Px# literal 0 HcmV?d00001 From 72823375031977f4c51d6c67250b01b551dd1f46 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Thu, 9 Mar 2017 12:06:08 -0300 Subject: [PATCH 42/47] Fix images --- .../nginx/images/github-auth.png | Bin 16323 -> 55760 bytes .../nginx/images/oauth-login.png | Bin 37942 -> 87461 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/examples/external-auth/nginx/images/github-auth.png b/examples/external-auth/nginx/images/github-auth.png index 3cac4dd675823d67ff5130c2303a8cea0e716641..bbe73e31369840d57540de094962108bf2f8cf6e 100644 GIT binary patch literal 55760 zcmd42ikYd26gxyC5Va(RtOf8`70gMa90Z0C*tvS4%gy@zczganGA}=cBo@ zC;eI8{r3S*Ve}vJdYm9k&U?ERiQOe!Wa*#(_J-AKTM~ST>z3zqXx*`5}Rxk-n0_)#2ZIhbhz&56h;uT zObyM7Y6S%Osf4rzV<~pUVl@`%C@)&IYSPm_60r|2whm-#VdaNBjPH7U*%py1s@?yT z)8GQY{n@m}b=>6sL#5ky-|KtgZI9gbbzI*A+LTY=f}XZY3=zw`e{(b&!w^cm0Ih_7 zrIx(uQ^?3HeC#PI95ie5c zj%GIgi%A8Wjs#MxRunTE(j|bD>79Bf78m5_b0|L&oNvK6l>{d|?@S;_H6brMy%ZtB zJJl4_!0SSDcIlmexDF;g{}>r~_Z2FLgikEQA_gH3{y_M1 z45kTclaRh51O`H{(1jw)udq*wM73x%LDD(W7R0KkFGv|dW5OEQM85^tAOJ%4+2c%5 zDqqDl3FpE_4ZRnTZ^L>vO&wU$-|crloMSaYl?S5sjGlAf3w{NRxov+ zs?j0SXfk5*ax&xy&K`bZxLQx@SHdbf8#WHy7ATzn`u;g11tUhIGo!G|Ge<50Li2!{ zo`)?XhvG)HMxzxwUG#G3`C$BCfb9zp%vSg{T;fRc?cRH+XNG6PXRT-Y=MS&sfwB{y zG|^h&t6&5Sp>xt5zB`0EM4YEH2`7*rq7nY+5@TQv(-h$ovLRn1K|!PZa`_25j+Ht+ zL0Ve@M8Y1&5Jwcd7B^^OTMg~WoFb_&Sx!PsVelC>MorGDtJeL##^2QC3RWGDkUYN;;n=e_Hy*#n>`mh2vV8Cvn0)Eh`WmhzLweIHU1bH!Sif&MUT2u~hOb z4Oe1U*DGxnag9C{pPhUNzslHi-oqXfW;{0@X{~b}YHpIl3ad61xUIGTdAp z=Hj^^7f664Qu=TKXmY6q5uX)mWUos15JNxq0Ak0AzUqFBv@EuKu#&31wRE+Xv%t5I zw6LGBoAN6aovNCbnxdXQn8BT%ok5-%owl9u&6b?0nU|SdE}qZ76J8e*l=hGJi+HUJ ztcDyWna}Rph$Wq!m}MHS>^qM_8yi@o8ntMclrvsf=;P{b9J&vMw=uHrW?i(Ms)1$C~hiddv|*1OWYvfb0$Tc@+3o1#b2ol;1Xtlvt+gX4-UkdA(b>ZL+=K*uPzMp>z?p)lnI|$bNhQ zqb}mwjnf}o6Mq#qyp!lC`7r}s20e?Cn-cgLnUa^%UV%u;QI1*xch~cr#!F1P+Fp+pq*9!I**KnFU{Gyj8j)dZ@}-b_qyROu+EM#fB}d2 z$iZ#9^u)jCy>_>nR>pa@^jsFB<54&8v#9mA40GZAA!?$a>N8Ulg{6%958J`avc|IK zvbJU2hFRcH(q1Bp9qP)OZXXpbop%GdT|e+LWY^n0&Q03wRs%-0_H=5s&UHR%C}F5Y z?Nm)})@nAbMDTd;w7o8@snD_FaqVYYmjBL+hke#~`ySp)>g7x0%i>cO;dj1?oA?)n zn>tXPc%1?2CF<>b$ednLLrH~To?B5Kq+JYKB!Rxy{T|vlc^RMp@Ra&nPF%7}X>bx- zu>Wnvd*n@X-|=Z1KzS{%nw6J9XA_$0oZ7Fgto^8CtnDrTka1|^Y{mN!vB>y-xo)XM zo;HJlTa+i>-|W)nbnya3xc_(4j&pE^V+QKDWLAf>;YG-4#49$V!DYKk`*7LOvFZNs zi3UMMdb5>(-EQhh-QE$$yuz#1)zP5c^64JF8>hBC&x*~F){OIB;!&A%1HZjNb5FDL ziQU9%=Gyl)Z(o_G$1}$>^IA|Sw!aq zjjwFS2R*`L8^i139samO{t~|Guew*BFO{9yPBQCagD)2044})z*l78qW3hJqGUM?{Lp31u*rT?%8YJU!-g}^&ZlVV|g_0XP(EX?|Rp5@Ue zsxXWdpzRWV4AGecuUG;RaLO|ioPCwRk6;e9u%ylNN~#oBH!DkzaL7_cOi8&8f)22U z-Y9W!ax%Kx*_ns7sJVmuJ&<~_tAfBJ?krjOTRDBw{G9O-QScF_fF7Rx6aoS=!%|h# zMN>|e$JpMM!O+Cs$dtju)&U&YLO}3&@PNPCnz|U0c-Y$5IrDh%ll^N15BU2Zj~U5G z{x!tKnx9NlPLV{^-pQ1Noq>&kiA(^2goK38$;6CDSxn+T)4{*^$t+x49C#QR-QC?8 z+*ujyoy-}Txw*L+nOGQESm?nc=$$?7Tns(v?VQQ~P2^8HVy4cWXmiBfef6z5F zvUhdiCnNiV(O;i`uhZ1S^1qzyod2^e@CF(Gc*Drdz{L0$ZSYjSKc4a^T6&n;Xo^|d zn%X&oc?fW`a`OFa{Qr6LUylDXQ|rGoIoR0#cjo`R`Oi!~#y>XjKO6eDwEp!JEG_{A zKE}U9FMx0r;l&35Ap{{MCamfKd7OdhquRUp=AZoS8%#I-Hz5%?PI!{=01+_^rd={D zY4O?(WP>_w{obFm+C#%x+NxH)${{q`=dkaDsi~mYX{6BS&&$!OF`}=YgpWt+heC5j9u_C(E#`HB4YGPvkxfeABp-3$wKWaR)B%`d7 z*XuaEkbmqK4l7V*$fFGdsa_^0x{K#NpWyFYNMNi40wb0z+HjB?BdQeG-`HZY5dI-J zMLie>n%o;B=HFJ%f>zGUB}bnUy#CHehzfqjEVqKAVRfOfZczv{RQE{TWzj`UP7gH_tu7kB66|H&VL)IQhUsiVs%Xj0?N(TUxWH zDh6TIDwou!hu{xU61xAXD@E)uL8b(AwN63J&_Sl1?`o8~EL2ELVd6M739Ll$gJ!X* zCI3!-#ssR1sveMTEc`!3%nJ|G z^ZTj+$^T~51bWn-p-k#{l*W0e>pW8x~2>p+Y@%j<>A~sUuWo>|9Ok<hq;U%W^>>6^{Iw*n8Svj+aIaRDES^k8U=2Rw(3lkAfEcA(@q zr|;A=wFEajTya!h=MLo7RhlWeMXwU}q{@SD#U zUzTJcG?{VNa|*sr_rzS`rpRUWPEuoh-@OqON#=i4HGP+0MscUsw^8bHvcqGe;OUwn z)T5>(nQfc!{CDYQe?~7t5FJk9;XAk|Z_`CTxb0m%r5oZjLS)%jK@32%+m}i9 z{Tph1%)Y1!*M$SE{0B1DqoT%3*DviuT+zUC{X~Q(P~mm&Kd6ahyL~vH)x63xr)Y>z znQrY(`Ki?(FN@YNrD558R+5?7zwb~4pfVV4n68m#9X{SlFQ^};8cCbdXh#{*z}>H! znjN0%dHsF(@QLo9DmhBB5$(7qH7{*Pxm|lz4(PE`5gYMr>*dbUk_7J3m$7(x5oLAf zu%-LZFUyb9jM7bSdnH3UqywhlmdGqiju66P$1T+#KQTD(xyV<>6(hM>O81YUvUTV! z#(n+=vjB4_x6rhG-Cb(8hq9>=mJ+UEX-i(oWvwNGawhyTFcpq;y;Mp<3iI`J1BL0H z_QM0u)=*JXj0f#2d6o@@;CH$n3blrQaoW*8b~_O2<9<6cikCiJ$&yYQG7Me)@n# z6qV&ib1#|I?wds^S{I-_m|HTWxGQng_p`84D|-9b#kcU6cEOa(I!#69se3YV(^uYA zi(1-c>G8D4X;;D)raSs@2}OTQ9YJj*)fRqI%fD-?5ZsIf6yL@iQ~hfXajdT>GTXmOD*KD)ZT&bCj^*ffds(T3x2HEC4Di^E0 zA7P0)VzD>WGYDz2M?>30TlKL_`2By6z=|jE`+2j?`gwO{bL`Nlx?2oF&G^_@;?(p= zvxJ$79|dADu`K!Qif~D&&Ox%Nn84bdzo6>ISKUVha zrJGNiLSx|be~;gmGJBbKXs_zB%mj2s1K9S`%-4BXyXIO=i&AT{V|Z>x_dY7tM^yv( z>JkJ|dwA3Z_LVI6D%H|W)wV$0U+SRD6Av6qD&rouYNFcJ;0I)K;#kecHkRqvb9C;A zzDGo~U^LVDVnC@$lQ1%(uKTs%TDEzU(u8XyVpIOlHI;!*a(ac|d@WKllO>5wgZbpTXmXV3|-htCDti2G{Q3d}r zBem9FF+tHsuuY@FuY}~HZIK*o)chB9`Kz7ARvPEP*7(D+oYy>BJp&(F!o&k7ObwQf zKrAdQGFEHUTN7d-yHjRze-RPZS~<%Ql#^vL4vx7B7Hcn0w+wFoS3V~cB9=Ary6Jc} zuo47`21u%K`d_hY*GYGqCaK-j{Mxt{mPY%JfE|j_H;UW%dgtR+4$KKr6lmO>R@XKw zz0Op3nftZMP1^5ED~5I}frxCYAX(AAcN%>UapR@i)a5%v`?p0*Phdq&+1=w>pPkL8 z_q&U3dDaiVoyh6Yd>b{xz(^O9m6ctD`rPWEsHB8e*18DMR&fxONU!7I-P)Y0pV@#y zAmD@JDY&~0veWQZ0lNILUa^f9`t_fd+kFBC=0U1u803Fx*$foa34_9k#3-LM*z}K0 z_k~jO-p=k(mk+BY`?`5?d#!w#nd0vS>fWiPG>>o)fF!SnDpi5r;c2_26(&QR!y`^n zv?&O*>u0YQ-zo8n%*WD2`Q+>YQBe{ZJg$*|9=dI|IYT}B@`9xOvX}Jsw@%2siGe6C z@Tx#j5LwReolGF}LF5eVf2vB68qC6&5=Zo96Ew|8yOVUEW6cWP^p$4*0oYBcy#_oB z6+Efe8#(u1j}^16HXu5ua_bEyoN4fShBHQIS2KHUc865UF@7t2B;xm)Nk&=8FdI~)a}iILxwfRgmX7$d2`p7BQGrdcf zdWs?zj3Qiah_50Dlt6~o4rDU1O$hpPA2S$GuXu%^)n_}aE36+}zRfuAu9t_~QRN%l z6Xf!$sf|^77w1if8aI8U%b#enq%|BB+AF*=FEwH`_E6T5azt`I2bNca0aG&~r>|Ww zH3X7!x-)&$q7?)f;}T@a-#5pCSPuKFR8%pqc8lA!9w_B8wvL-V8mk$UxEPq; zt@{hEd2Az#t`dvhjC9$bUuJzaob&f%x_sSg@b5uKMUfcP{8L<3P z8ypuu@vB7AR)S+JXWd;jCk26{Vm8dZ#wE=@`Q9=gc7^3)>bIBAow-GWgJmyc=3^6i zQs|XAL*yV_T--gABacCWR)-g=k??kCVv|ydzV|hX&r`;YuL`(SKcsuD-}C@)Ytw@~ z_NI9hg%`7-{^Um{`RW=avVge#kEBe#k1lk2&9x%-T78yl1RZJ3_HXS7Rsej?UzBI>g2x|u zt>8MZ#J+FU9Yxam%Dh+bEcJ!dt8ZsUh_pDX0Y+moZZqHkFAmFDhP_vw-48Wplxk{r{TrYH*YHagpF9-q~p6xGR15h1~b0qoZrso>7{xA8auxf*a8oavN^3M6lZ+orx( ziTVW=#7xV=ZcFO9KT9iibg{yK;4pklr&%pidT`;f+^RogI)i)6l5TpJ=CtC>{q3H& z=s5*t*P zWcwX{ko96CWTq0{`$fIrv4dop@bzR}a%+rIuurW62T*chkM!^Wom|fnAE~u*-sf+; z1>NzBb-iz^e%VfJthRsRET54oDTB7F-E{gqO)1xb$&tj*(HLFUb7SAbc^SS%7Mv&0 z!6Ok15X|d30}Ka@=*14?qh};~Gm#@|cd00rI$gV6vp?3Y z)O6Mu@>5E=;6M3gAf8MB^30b<0jsfB8{-nmU<0|d-lRGW1wof{h>-)+@LNdx+#)x( zcp9w(aMGn!&g-nJfGD+KPd-+F=>}+!o;C%We*|YWn$u|eHA4=$^5mHuU!85Rx`d+%n=Jyl zqPSZsmzZp)?>MWtk6O&G=k_}}MybC;$~P9}X0F0SndFS`{nOojfVzdj`^6!4niI_B z|Jqtb$R8K+h>SMppQxUA}`ZQqk_S@3UQ0>RmCRZ46y2p*h zU@9R>!H)@`>KxMUB0bL>#$7&KI;6p4X0Wcb=Tq*(mXNG46N zr!ek-cT`!V@V9iu<0+*<9(>Fp@oOtP#o z^g}#@@ygK%y97$==((aRX4~y~UQb(AIz1R7r>oR12Glv5BL?_sd~Qh38GfeN zS!;2C2Jr12I9Gd}JRzc(_Em7zI;fQ8<{x2kUWu38MIAuRkF}a-Dv<|8rA~9%)fHcs zO=%XmB~M)~+AmhWn|iwIRnt?kY^IG=^SL_{{Q3=SE=#vdN)C1pUN-O*^&=^oT*Dd4 zFV9m}?3w*1Ij?W2Kg=>g7W;;7=SOxZ9vc%d%%mEREUyM+aPMN7bgjwdb&3`RHeaSW zJ{@!g&XGSbxgHmL@}rs z)|AJE&7jV8OYQX?Ir7`g;>vR#QKeko_<(at+8)(>wI#THG{sj~P{UdFA#x4k{Pm^k z^21AgLAmF(v^t?*qp{#;fd?G7ZT@GoFB)PzQD1wX{gqYhBoOgBU**|Be%>orv@v5@ zAKtoFEs~#zBU7s(akykHWBjpp_X<8IW`8Jxf@%$~n8h$iyeKU7@ni(14W8AXHx2Gv z(0Uo@HVq6ke+TJcOGXh0BWjyaCzNCQW=1TJqORS~zIXh~`3Q+aJ@j8ix-05@=Ju~x zgfLBU>W?O@lhg3h_W?)h{zkU1IqDIg9IM*%4j%Uk9Q=UgVQPysqv_-O9^j)fiS&*MaQIbQFt3E{h!M)yf>!hKHS)b5Hw>Zw1;$$X4gLzRC~g58a-)i|7>I0P zUqhXiYhOgpwFkhdRd<;Y?(>r^9HH+(ImZZ1cL&DpY|XZGs{}vyS%3z=D19$l#&Q`p zjnfWBp=}nd0QY7a3KAhpUv|~T)B4zj_17HPtg-eLro}b>lcRJ}hzB4mt?_Z&A7oxy zI?<*{E(+Lu0x_9ag1A{@1I zk2uyjmhDl(&;We-me{VXY_!_CNi8TLjO2U@H!LJcy$n!N0t1v6Vc^(;IrIXsv|;>-Tf zMS`jKX~Dgy{i-YybmgJpJG9jHp4xUP=HmCuv?h&$>2pvJl+AiGW=4xkxvbmZe=`c0 zK%tgll_w?UXB3oGs$faQ#qVrS&5=EOa)8#|sM9hy>bigQpS%WYsPy*^suF@Bb) zi)ENQp<$kH4NjaqBq?s;|8GSI_0bnaFGyMxjyBW+{?9=)79O0 zQ{LB2l2K%Wf`S`YjirjHfeCYi3o^R`r1j*+_iAa-K^GGzvpo~{`Ofe^&8T=q?ebwb$nXn zD|3hc$?MhRJBRiRad~fnlY@@V$)?8%ncSsY$M1)kcB_5d0`ZCwzKvtX{p613E>G&U zv{G@(uh>y{ys-mGt9bS{kT_iKNToY+(Z~|lDq_ZhV+ZyCh>qxHN?P=gTJ7xDwmk^| z-p^|v>h`Bo-gH{(;`64|uWT>f4~W;{9$ea=e`!25Bm_?qQ;YuRehJZ2WZRI|dnb?% zvY5uu@P6raC7d;-P;uNXapLO*u8eUe85Zi0(kqhB>ShOZIbm`SJTzlqNd2w}3D~z8pjQc)5yH>wEOO#1 z=SVDeS=BfIr$~wSSTOQg0>M7oWi`(8wDij2pTPX(C?f^NgZ^o z8Icnv`%@3T3E5J9t@mvd1T$3@|790t)QP6$n}sBn9j z!ho{x^IcT^O4ulBrj#s&??i3$Kx0(k@^yNFy%`~}&k0k#9VnY$MSS?`_)<5Q!RwCF zAGJFPuyZOq31-uU(;b4j2a``8H~p_;_`@8Y5Uiduhv9~1j35n5&zI&7&G^!01emVi z*pJEgrx$FwwP*Gjw#bE5bRU-huCzlun+CrueT*XHtxxxH#DW3G^#NdT?VE`sX2hY` zA2Nf3JO2*OFfk5il#=E?sFI2Q8C!t0D;&ZX+n0)+Dv9I0ZGLTryDeYHJk1CT806$G zHBlER#(zxj8%sNzp_x~4T-7lBU0vHdCxpO8KuM ztAo-6PQX@S0SPz>|6X4_T zQfGr1%!i=fTVKBNo(O2mGIs=8PK@7!-{wZa;A3A2}f4 zpW>h^N$|*4#Ha#(Kqg*t}ZV(9Jo3o zgn#^lWZ;L5ckn$uJ+Uz{0m;e9Lg5H%`Ub~@dXlT3YGgxREYmU-P@Qr28uiQdQp@+T z%1dJp)xT$<*%bken=%W!%?!p%E;S!Y3oj2nKlz}cZM-vfa&np|(O_h=n)#y6)%N|i z%tib!c<=+%tat#pV+sMG(y#~i69q+%-^=6dEQZ1j4R8MtiZV+L^N>?wif?(a>G6oC zX2CVLE(Jr(LHinB5zmm9mu56=)1_JpjoogItZj39T#9c#`K$OB5>C!}CPjQsJ381y z@kalAng2PtA`~dTxS_iwz7O53w^rG#%Y0tC>>5dq$r+UEDTm(8`iVpMY=Q|ApazLl zNNQgS&i+v+dGi$DiVj|3L<<~TLP7!#c@eg-Mjqn-PzCF8B*gg4w#JZEc1a{*-tp(% z5<5>YA}1}l<5wA}sz3;?mgO6(dukQf>qdc{lW(!4ixo3uW_XuE^Z(fHKS&0CMc;TD z!E4?7v3NVV9Vrs6v&y71=p+7{x`MK)Vi(V=i%B_n>I1fz^S0XJ&|O0LPH7=WqUX^6 zM_~-C9vo0ZV@mbW;U#{_+h$E_%|O}RtA5nR^shL@uWSox<%cnsS_UB}KJqFDAQajZ zY4i>}_)^U(C|Zs3(mt#&vwz#9NVYn9WwmR9?4tOZ5A4^uVl+jNldHkIPSCbjDiOyK zhz$&2XqMYc>s!8!q_Aq%TExb_mA9ONT)1CN`23z5bH*604cxRWGRYk}+Fx#UOiWET z7pjaUe8I2)t2(2MjEpE4h$1x(b{dEwePvr$Pa0lsayCyH+vo}&?*90X&IxRC$V`^! z?Px(fy_V<8;ozI*RJ%K>r!Sk^jfFrTVALg$q5q~*TBBVrbqYS5*oGX4e;R$Iv97YH z8>ObD&Z1zd8bb>W1T=y_2nRVB>0kr-@bJ(FGV0<`ZLnXD0)r+5=Hr>JM^Jb1obqSu z9fG%K>-IPaT`bDLK#=C?LRC*u2My9JvvFVJ4Un93#R1yy<;XxI#v3DHkJNb6DM6PT zC%D4mRH8~D=Y5Ue}c^!U>!IR;0Nbb`vku3d;J?#$; zf%IG@(|ajtgs5D4*f5pW$xQ{SCga&oHs-Vu6Rm zfSNc@I+B2IZCNATB^9sOl*2<*okJ-VTcgO5NP~lNH4_51Tzv}q-$$OOO|`oa(gmLB zGrfH&5Tt|Dj7F&n$>t~OO1i7IdYHqu+B~d>5Ivq=b_WJDLw3(P0N9xs(QUnZZq3A~ zd#ad>W5fAh1uny7fK;FS)MnA+`ebtc)P7J_K((ujLERADHWx1iXBa^2Bx`D3ED<`$ z%S*8*hef%JrvT3`$t*wjsHE}|DDb4t!oRv-309JVjz`@u5aE1IcnG4vr(W`+V_0N7 z6WMJ*bTp$ib(rT28#8m2ELLQ|qL67~t6EqN=x%>AjQDn35gGbW8Pc_fUqOf~<%OMv z^Fq$AsU{9s2urIPN$i#(DjOYTksVGq02{4V=;{{rNc6m?63!0@#;)I9j4hU?_3(q4 zh9u+LhS%3qQ;&N$|6xvVQ}bdodAa`CU_inc36B>to>HN&agvj4OZW5I8{KqUe!+GZ ze-&S1`fH`q*anBXan-I@U?^CNgqEov{sg39f*}+xcF|PVxCqG1O;M>+E}N_r3>8MF zZbrc^7G`=`+b)PZvs!AU!{CBo!4pCKazd9);Wjnk3dDwTg(a*L+)w0v%yH@KHfx&= z3cYliw;8x7`W#(UJ$@l1&~SM(Z(zLM?%QW^;5x5Y2y(hw%wDN6k4}qRS1K#5VNq1m z+B7-7Pz`JIzQa4=aomDgYOt?}^Syl79%|ot*a${-I4WyM1P(f`c}TOePEHRcj08?) zRc>~yZ`-(FguD9&xnuc9R&bc*)N1MEv6Te_Wc2&DM){&VF_s(rBB1jfsn!}N1E6{pRX?N3Wy1vg$2Dd_7a>YS=s5c^HRW@Qs$c9<$>4Lin191y2Rb zH*ompa?aCinISv;^>Hk~<8&4p$5DoFPw+VR_`#>vFv88X!Oy}anbQs4b@!K8m z3a81Z*Q6m{{5gbG@A`M+C<1NXxTl0qGzjBw-#cDGoDzPsc+u-#bvk;dCl6Rj?9w84 zw8P8B^I3WkZvhAR0nYgP5@FV%8;FPYB}ZPQHq$zd`}^}>uS> zPL9h_(g5Eq%)EZQkuF@5ofrqTR9mzmK;sg~!1nJ9>I(NXOKeP;1YXu?)bHcC|UV@ z;(pG2oB;H}Tqw8OqGW5)OpK5a7u15sz2$3H4l=TcMp} zNgHW7EEA4F#*~`CKDfmrQKdjb1xa-_`)hR3C467GWHb>7fztpt!LA#E48$jZ>p7DE zu&F62M^j@zN%Hk4NW&6O!LQ_CMB!XpfCfaMY(+fOoUi`iu~_0D zPc?y^f_z5l8}x(Z!OPskzydZvfb&-5c`^6iXj8Uy#Du&7LkDZD8zi@Au}DjJ;LEeI z5yg1^h+hJ*{FOpH-o1RaPu4TxTHk&@VV9b{h(m}zEZO1YHuXi@hw@jLc(ztUyN8XY zxpGu5kaP7L!|2iGM4`Wk^iqZgAvE*;DmRYiJ?F|CE0Mp!neG=v%K7cN`x2&Cdo2&Y zv6f_JKCJk&7Ra`@%D6SVo1H|%FWNi;(ZrG5Z^=QqSCr)R7eqE&cEIDlmmmDat)h)- zLr?uDgy$S8QX!I3dYhESf{}Bm2cj zfSmm@LG!En?WU(G<{i@wV&}~FMdjBCpTFe9_Ao?`bY1ywT{K)Ac-ZZ>S9^`>Ue(ie zmmqd@3V)jNI|}|)vpA3}2u*zQGbzxr!!})zP=@nZC>N#8!I(IeC#wzq%AD>S^Jeo* zpl|JZG|y1sWFpqy7S&BlBiqWOW{xsHp|cJ`BLR=!X;!3Q2I1Czba$nQ4&uDiX5|jsLoAsxZWsLt~&H>zVYiL&w&Nj9g@mt=cBR zb1x8ZjqX{>N2K<{2)nv>kG(#~8B`j|s3V(Il_2;7zF66D9ACn7%w9- za!y_-)oaGknT%S{lVXjksd~P7Ao14tGfxTBRtUhBe+2uZNP4k#z1b5Ia7M}a{5*M+ z-x}azlj;0kwLEii9YyEhhy|qtobU)J7`D;ZZ{DqWqw=xzN4;p(m@OVUlU01zSyc1) z#55qHxS1_>S54!vJ+#K+eq{6-tM2xKR(Vp}rQo1psgdf(bW zrVP7T?Clj?NP68u2B~7k(4X0Z68W1S2U_9fdy|1dRGK~RF&>~MX3{$}RHhXT{q$@< zJ#+a^dgSfuXd$Kw{)P8i=#&)n;}Dm>u_4FHb>DWuYlgdfv2?obyP(4dTRh&v`ReXi zVvD-QBA0O%6+)H1{ePCB1Yw^o^~ z#o;?6E?r0W-|q`_L(B9Vt#2h&A-%*nUOTVMj3^3qFraRMc!~S5I|z^Cs#aF{&%xbH z{GpLZPVUGDp(V4w|VPp7^KtA6Di55pXL{SW(+BfY#HJj zPKZhK#_6&NSd*SyuMTO`8|{e;ZA|{?ZUl4^!#kH@jCSH*#Qp-DNIwLH#H)_;FAC9h z2;o1O5hfnV9~`o@RCYYNnQ9djKZy+gqQN-aP^~k=?H^^K)yp?7thju49QIr4OXmsb z6v_km)vw_OoOAfGhg=cxOS|{7FU;Dn>8`3w6MCrhbVfMflH^mE0}_vd1=U&9rH@@a zACP@CWm4<$0!K0m9TM}T%8V-w`)Oo7Z>?S0t66#U7LnUpxHXcaWaavMig~h)j@J^S zlV{v^$;~Nis^V4cY*b!_wo7}OHsYBPyqpBv$-J$v(JkenXQ|3@A6EsCJUnPofC(F4 z_pqwFiM#4T0}o3poX_y7&w1+4#wf|_ev%GqLsy&~s}{U%mQ6cwKF~%_7wLG=fQzdE zro;NZt*cL#H-~)352zG<^YpBW#Uj^DLm*wdaUbc|_m4QRpqlWt=&_y6E;V)eBmz~mrt9044`&ci`nQ@6*Gy{Ml9kU$ZDKzUW+GWz{GBN-$LysNmNp3 z&Msz#QtgF~Pwnmp1jGn%Xh!^YGaQYr*6@CPy2{9X1cNUjfD_X>nr{Y6*NCq7a+gZoKMy4PW+)Sg<{+GMrXFUZ|a0SW}Sd zKRY{6d2P=F%{jvG4#3KuBo}?6T1b*2clcqky^Bu9d@7eM;eaNoq$-jnG(=82cigRK zpWBT5{!lt&a=~_jmH_#Qds^m}UK9oZs`lQfDvV8Vc(+tv_}#P0gs>uK^ldC>fO{}U z)(G=_ftV=jdgHpB%Y_iJJYCn&kZPMo8%Yu#VAL)q0d9a!zQ?GQw+L_CviWK0R!)g$ zRwcLc#4M=-z#bKWUHqkiLcEVRNyj+h!zb2&8@bM(5LD5=6iLY2Fg4@2lsNVK=v!E< zZe|&uiBZ*ss6EO+#}=(T0rr2 zSmtk?IwWRpg-&^Q?U(yl`n^ZVP9Br^v1|LO$SS;8J(hKW1VxYP`tjC=z8FTZTt^}} z!gumBh=}1#J{MHNxt%?i@l02^xm2x`5L>ZxZ8`l^%vLauZ`zYmV&4r?<8vYQ49m;BWB5$Nps#nDXp` z*(lK;)L)HCH1#NHuSYagkTaajVWFQIp;wEj5*h_=yIBujmRJeuvdkE^c15nh#scCy z__=cs9^L-o-X=cVo81 z4*zD~C$|Q_BQ$xH^)F>3R3QC1aZI-k|N3KX*=;iyg%0>(4g0Pfs6tXpitX4U=Mr`sQH}r+3R)-$k&(0qvVTcorUVV4=5+=KSub75F%M6sP8KLpuw;W zpL#Q$`nK;3T*RGH#m=1)f74u}@tDO%6Dba>Ei;Gh>Nih+vYta%yj_AjR%1M;ebP74 z6a&dZowsiamSXOs)g8G8k0xIi1euET_;JW{Cnp=jv6QD)cdo@`b?S*)>dSxGhvgfx z^K5S#YUD`Oz$ohgxSf*>j~L4BxlYp+ermFe)j|!u=T|T~Et~uv{x&U5zS7&$vKjC&6%uW*iuIo?p)!wKyqQJse5ZbJw!pp1< zCIU2Yc;62hhp98UZ&<|>m4NFjPPx?~qkmKgHiL2m_C!=$-(=Yvot=r5| z!1=)B!TtPCBs$-;QVBP-A2^SljGe_{x)RYfnB{k$D`wUuM~lw|Xt0$Ugk^4rR)E({ zNs;l)Ux@wj_ukg1{cOf~9z(5o$v>`n;h>azW1|+X{;5J4%XY?$ zL+aWfR*67HeL3?Ko-q@OJvWjhXM4nxx3YJ+SCov<{^a;}i$)(#R^`PUaSz_-V40@# z8Uq2SA z>K3%<+T8hkT!>ql{prh&pX*7FRtm9i%U-HRI!hd$R|pPv!N_8?PEE${G;aa!Flux6 zj`(#akbjxv(xi8r)O8}`x8pOvjW&Ch`m`x_;MhU#q#*Z4il>JGq&2~Mszald>5g_~J0Qglqy{;FQC{-So44a?Fy4>}zgkuBA2 zn%W-f)@8)6(Q7{cHqn{xMd=ELDC^%nfXo?8=F9bP_&h4LbV&uwMv@U&^qB0|`1tXb zD#_9PefFy;4cGBUZzv20{^o<--J%7R+a15unm z&GD0z&KAV`&qQWUoH>c|XLC zrs65`K3uWdcf8aq!B(txPy0bT+Ah^TVD66RpCH-tQT{*XzB{bxW@%JGL`6YFq=Slz zh&1UP8&yC-dKIMC5JHEDynsj(m0pz+>C$@wQlfMSy#)vmB9H(9LJH)@_ndRT^FH5m z|G)p`m))J+ncbb4-6@M{iyD4VFU%LtV*G1*3Pp>kxWFB(QyiLFCPCgBfQm`QC=BVZ z0eYWNMZLB46u%_a>|)~Zg=p;|$JwHw3L}9R6~B!`A3NszLX`YA-k4Nayuz;!E_p-t z>~*XJXg7q}5C$MJ67!jrd*H#baG6fRbMH$cqB4v1O6a8kwqNqM={r9;pgM=x1!nbe z1sY9Z0x|(;=6pc#jF7?B9*^tm`?CqciU|+Z#Mze*rd8|xmOn4u_+<$D`XRw6>q^@p z#6H$3mfcj2?}54smMeJad8ZF(_!)U#@ABBYh24(m8c(Bd;zEs{k9wo^j-pLYd$C!* z^~~}gN$V2)uqZX--pbQ0bp7xRa8%Bk$Xg-Iw~fA0giiZUgjd9@#`QByLNhZ8xnpKt z?z}Bcq*9KWg{2bu;3yNtmVtZauW1I={+F-T@LJz4h}b41`dZOUGhzFm59EhJK~3 zrN^LY<`$t>dS1Og*LOEXfOoKzy*X3HO;>pd)tMZV;I0anQ)1>pj2EE9;0g5Pg2&ms zcJ*tVAN>DirB$~(^H%aBw;9vDbuUEmB~h^z*^i|fI)hMEH#c^t0^?r_<=*#clkEiQ ze`!V7{*m3QpRyL8aWYltJkzHoBQxqSZX1@wp#5m$+(iK_WmRj#?OVcaIrW%amB{fO ztq0E+5~99usB7Mf9Ivyme)hDozFz6H0827pBO{#0vp(fbo#nqzb{)61J8Ugu4`yb# zlk`(YsOV&P=K9s^;927g<&)3i|0^KyTtudR{saFPj(dN7eyk^LXdJ_p3hSUun1W($ zb44X_i z%hw8;P|v3sN*(hM!otGIC9sL_EQLD%VWKpfg_Xyd!1vJJ2_<* zcDy-F?}N~jGyV{F-S5n_y2|5T4EFXq%7KT?NmVN3+hOx60x=O>>_j6Pcep z{i~ACu;yP>`78PqPjO>=h8^eEqSx`c=!(x54fhh{dCGK#RD0BdU2I*r1&c03=)QR~ zkG7#xBHqM&b_`>$$Ty11p#gDt%4MOVl z-=yu_{+|_#$Ls#zFjqV;P!cc+A^unFQB>im0vWHeVJ12mVAj%$-kRs#oW$a{n^_F8+t4| zv^2n_^HmgT36AHKJf(fwLZl}{S0bES!U4}f)l4!qULdJ9X}DuLXA1Y}Ke+%z z9$BIokx%R~4cFv%5v=2vlp;SGW|DYp7)vUCUMM1eGWaQ>0x0EVebsZc{94{O&hl&i z#^rF(f_Xnw$+vN7FvHs}jM@BPbr$Kvc;dW&{nitU(ln;H0DH<2$L`TUbJNW?$Hv*j z8^zE1)k#KDl6O)r+#Ax=f5rLniZXCjb{HZH#<&5Wk^Lw*Z>+i->R!uAs?j+&7n)|` zxK_Q}C6`Sz#$QbSl9?ofKZ#Y~n#%$8*1`D*$jFBaANyvPBrg|+;i^Mz*+S(_LPhUg zZZBQ%j;MRNR?)JVQaTETaptvCcuja2z8+QGu>PQ*y=2Qo`oj4ZBEa>$B*vl#?)#i` zCO%$!n4>8>L07_I{lO|%LgGW*D+dWTGj3%Y8(#B3|FM^=3p?`biS1t>nTn7@y3y32 z2l~IB$(;PO0dbeVjC}Q;+m*ev_S(z6>jvM;79a*$!S4iqR`5x4xB!{L8i>c!`S5rA&=MW&+=4jU0m(N4L-#=6z`r#q_@02B z{au%~-6ytW*0JwC-J`aFZ~R~R#jplqGqOge4_<%WAA#qSRoZk|ILi|w#^z-LDHw&j zIxVMBLMIm!beQcXL~12He_V^tJE3clsq~Q^x9I$EfyJ&`Q6kz0udMs}0M8eXpcm z%6QjYFzddzXLnc%v+sMmz42gGHNLfy{lZ~*g53H*FKGd?`4!k^xjC$4EqeO2P6WR&U9z zb)tUSax%X-jlbj5e%H=84=|Z~{A~qO*_LXpm|kIhj(QOeSc3YUIhI=~%vR+dDHQ_y zQRb(|m1q7ggN>1kWv&$4xOGbPIz4E$n~QUH5wEWPoRCH&nf0K3pOXzEFO<;%3(g)) z!ixtoWteEr?fWn0N>bC)T`CNEFR|p?Ou+<#i+2p{46G)k1yIiX(UJDON%jC{6H%+T zRII}LXzhjFINM8)$u*dl%v&T6;YBJXBs=!KCUrT$u7lk~?tG6~sbDLWwXK(#=;}~NVe{3Fx@?YDIH~JYU zcG^5fM*_1Q+5%WsMt27Bz;`Ystn)&?=Y2)-b1|S#`CQ2@MxUoz(K`rS^)yc$Hn5F) z;W{)bqls0#zc_v>;9~pNtvkDB>lz*w+VQ;AP2n4!(pS>dZ!3NubsmbE-tW1y=V z0WW8NXlZ$u>e@!xGvDU|D2>fWPw4JW+Ue7Dp-;(`na=cI(y0?uQ#3`Ymco8 z`MN(Xd;iEqz^f(X?m3o0zy6+&jZ@2+qk&=LM^H@nCor4l|QT zMTrX19&rx?=HKUPe`y`rG}0E4+HM5gOE?+Gh=toS!Q){1B2q8$jg+j5FPEU`Tuod0 z%O9luZ)T#vk`Bvm^NYYU_h7hK@#Y^}prfg_q-5Zo3)YN_iI(IBxx|e3=%MzzN9jYq zWUYPdyL>&0{Xu+zBGCjrQ2kUyxr_h`Y3p@%TXdg)A9xX)@%Ez?3;aFYJsO{`oI7$& zXfixr&>Gh%7+HRa-I?Vc6^T4H$;^u)Ag$lwT*p6<7ga*#!oLNGM*E{S&54rEpd2ZA z@so=RLT?({V^$8oEc8{1=JqE5U^X*b;z}3b4HZA$7Eya%)b$KD+C=`)%h-5OL*WIs z`X_yLZ{&Wz?{m^T#U6dALjE!RxX66}6p$&nknr?g-mn-N!wGbllsHfCO}tGi?zQj# zIAhiu1Pf)VdL@tLo2cE&mUv$%bV9vFUw_QUw)>Z&>_@|$v}>%KatHKV_j%uVRhz(H zh)|jm!_SRHBhHDYy^I&_=ddS|RNg(?PO?-St9l%d?<{$dlti7@S_?2B{y6DK=oPTU2DK*PNQ3`Nnery!Tqa@5GtT^-Kwz-s_6Uu_2HueVcc*q*TR@r*GTTZk^_*J zNX^=G%nSM^;=B-Yw6b5%DRsT)e3Lv6t{pE^*&cA!FuQd?IE{Ma_6{x1Oi)!7>M@zD zfHhcq*gg!}^0hJ2(C_a4Qi;qed=Xe}{8(Aq@wAEKLC@epz{@tA>mggJ_{rJoU!dw& zGr@j*1nILyf2AydUs6Qxs<8}zw#GjrbXDTtIltSY?AywRc-++(Y0p^;^E#3&4<-wC zpLj?wL@KbXhPEui8U<4;vqHtcOgOht8z>2;Q*f{7mpq;O3J&0hb~upgtoY;*atT8YMtZfuu z|G3y?j^C3Xu<<_^MgqyKFhct}l%$*sHuj|b5(a;43A632#_^20+JU=ses;vGfuA&T zt|nG=9SKWS7kSCehvE-@TFNpS3^~(Zkgqua-VbrUmFa z59!zWQo;C7r4&%Q1V~oDp6A`NTtIINgSh?Po`+bkcbXp4tsF&NIVFyv<&E<;GrP*n z{7NycXU8EJ=<>#sxtyy*3c*87<_f_pbiY4fOKL&MIgo{gl1vOn5f_;uKHSrLKl3d5 z?o&VV>A=?>wkQq4(ILB8b(y+rL7g4TgKOZJn`wotdhfFEE6=jGGou$pnOtvST?giR z$@y1RfnvY9-p8}s%_%9@sDAv|^i*^NyLad^(M|lGUw&FXny83?rH#Mt@yzt$c_;sP&}%-*vMeqEaz=tK&Xwo%KvI04$PUGdWlpFi!_ z%rZsm(>T1by2=jABuF<;=#~s&&rzyPP8;K)uQKR-uVA!G@y(QZSh>=SQZ#WI=omec z-pBFlk`UhmIdIz7V>B9yhs>j|sW95xHMW>3123dHDwQX(&$&m}<}%be3)Z@t`ssSO zd=}UOyX9ew-gs{MyhatBH>$P=^ID_Fd|uB;Kg((7ENc{yteLS!zpqW>$p&VQ$++1$ zZ<#66qik$Y^TRfM6LYT{VSXwqR&DO*t>rkDT>2NA6hzO~LfYRkaM><@_D^iKZWU5y zne}Wy=h;9ln+m(%rGBGNxA*rPB5pY<8o(YlX2leMA6OR@tHjE{f9Jn=bY<}Px~Vw7 za7AC`ti}wbDiG(CnaH8ZqBSpI^Q2KAq8Vs=gFdCcJh8xV%e;XO*(xS)xvm<^6$g_J z&r-}e=0!L;ok}>CGYs;ovfzw;+bffEe1dRE9l#g8{;a5Jk|RR#oil@DLP!En)m{*J z(90OExY1jpgMlv2;2elQM_6nI-v6r+b(6Ib%rIyXbl$u&Y?+wpGWhGrddH_S#)b~_whe9dzA!kPBAD4AneP{3=kiC)DQg5ML$_A zH<#L)uBO*b6Dyj64|VVoAY*om=xexz-)+VF0kGmH#rr)HEu+VN`0!2SgX|x_;~mqb zoMkMm5InJxufCH-zeCqEuzGd)Z?4MLOgtkGe`8eT;>G+!pxs*r{w*U4I}?^nJIBpu z{RH#~k7Nl*6WFfflxD@HHFV8FyJ~ypgN&^=kM$%%2L`{voF$9n!N{N_?67|OIZ&7Q z4^@WwB3hyXl6AB-zpN%STj9K|TTw9raYq)yD}CEuMMX1D8O1t6e=ArgN2kEiz#oo%tv=T%V?n*j#7t88aL{-1D@rn(kJln1l$?_D6qS_CGbMN zfhSuke@qg^buc8-POnpcjqilJN-rn!Ef0TpnM01CX(DPUuS#rcKmSFe%l_6PO%m7l z%3E$Cr~_TE{cNr!enoJ6SQNbylK6S$OB#OX0C~lSD=a)(;CrJhf1-OY+WzoJet+AL zLs#x;0N3AG-F9BXc zx@K6ROt!Urhh{7aat`_|^?RF2yQ%|n@J%FqRf5n0eWly`YLv4*Xi}8(^(PkTz8aq> zd^(RKFHq&VoICHe@Qhe!!NzpCmnMtmorElt!y(DD|A1`U~8{2tBJO*0YMn1Qu@2zo{DvOmJd&{d6P<4$p>f&JUWYc}uEPbHzCK z9!j_PdSeNl0s+ zSWr=*W6?Xl;Gtg%^jL}WTUawXm}P!v`1ul z91g!IoG-#B(-AeW9L_uHpx3fo-cNMRYo|K0dX0o<#c$qJ;n5pTL07tCtmH?F+^w;DgzzJK{%f#L5jRlOw=a6NRElP7&_Rip z`SPT4eNLEJHs01c2))vCQk@Nu_X6rYlf75b5nGsw4$dl&bu9Xd`+mc$!9#5<`jU(W zg3nx6*#_?IpAnx5Yc_#P9nNBSvri! zX`_fGd_SQnHkxs=@->V2&?>dN(PwKmE=U)0RAMLjRa!xCQ8;h(m-2(Hj~BUPCU4K+ z?`=u*D9DW@txZ?zE!`FV5iuxW|2tkNnUW?q@;e5HnJQOW=^v`q>K=&*Kk61Ph;rVD zB^Z0=oV~^LF=XTtAUe~p{|?IOzF@0}>#DpQ{Q>V_s*We0_veQJ)~oO@)=X&j?#>sP ze+|U3j^dp{k8xo8&NPo}%~oR)Y0HmAlVZi>-rj8%v-W{zOT|2rY{I4Pm88(_%;7)9 z@>X)RQ9H~<4LFr64&gFQhHCa|{E7KlAMm{@I(Ut=8&OMb6dxn$LWoD))KxA-yM~QG zq&anNTx$*}e=%+J(k1kAn}pYmUkEGI`04bczEkoSl9oG?vZ{U7>DrD~%_)vpGrfMU z`*ZA-SMjP^E;)~2V^1|iRe`eXzvmgzE^R-4jB2?9ujBy}$~U-sf;5F^r@zf%S5?|V zq}`W|DCrTXgnH|*1PR|2_jiw6ME@sY(=&#k{~yp9iXdQfkOdm?W=0NkA{%a*FA3YbD_5c}`zX>#kVBq<68vy|s_;vj+y@eXr)+HP|@e zua%~nt1gr|QC*^B;WuNW$s4~lD+}q+dz-v~Vr^zg;e-C*%ai4N3licT*sgty@SJad z&GU|Ma1?m|V)5=mY=2Lo+S54CTLsfE174R^`aKDCbm2RBRSVemD)AclaYe!}9>4tR zP%#T{V7xNX=nag?!agO(X9VtrKPW6Q#sn-xCet73SB(>$pb+4seEDI)n^2iw`C=+f zvGO6DBGCE7cl?c<8l}g8)p_SB7nojbN!`tpJ0SItZL5s8_?&U3z@t0p$Afdh*`m5e z5g}FLJwFmy13g?Gx9z`(Kxi4q-pO-@evi07;^Qg5`0^98=E4xj=?X%h%;)vC!7sG( z2z$NP-^a#X*_y3FK1g-y($UV#RD5IR&^c(35U>B#u2yhV7s4A`S#%AK*E*RV&;Lwnu2gZjYN~f;z-V!B_nv1ezzhc$K3vc*H@u3!^nKIf z^@%93K{C;1)UcwSESldLo26`xe;J-uHLSDTuM>+V&u{3+qlCJ>=WCd3#=rmi0@!dqr_um(m6C34-rd7W>lhC-pS-}% z2K-W|1!+4M7Z}Bv@sfYverB;j)Ii+_6(4^mkBB-muPYND%(m^G`xsv=(={Sw(`jeX zzTI(R-Fs8bXh^n`C#kU6wzjW~z&V>t%Yfo+fRbzM{_0>aKRecH7)RCZ4YN5P9^g(N z9M4QyJN_hZW2Pfm@nYjy0S^mu>=Z84;x9f0c7ZCTjfKG^m{{lF>(5VmWeWm2&c0e% zy%L{OL#KHG&MowC)L_l%TU-*~7rtJnuf9R@-?k&AqCsEBrU^slQ({bM*6IDXhSbfN z{PgIqmCwIZs^okl5v=L|JI-Cwj*=sV<36t~ zT>RT5Y8h#&z(k3|L8#n##_J(4kJUsmoZeE4?>PV+fnqouA&mia!;9g+2u|hCBd(z{H z{U@#I)Uy2)?^@UouQ2{9W^w0h{J&D2C6Ats4&%ls3*&|mBXXys!H4fxiOulKGxtx^ zP6#3}gIw#Zf)M+a`R2OkfnwqFhqs*uf>>R&YrPC(Qvf$c(p^)Y%Arm5OzakhLJP+( zcqE@!k&HHo|B(=#Jo{CckQ35VnH?*IC3#m5zYp*G@`Ngo$ccPf6kzBaZut7@Ngucm zLfK0QAZmE}4&oindqmo6J>xxAo5T(m3)7Ke(uYEgFm)vhp+Tk3L_CRPi;R)fEiVbn4FTt zV%LJ|kq>T<53}GUOObdDM13DA6M`g^8uo|Hk>|hPx(K^*);nyM{X;vKwHJ6Oko_kF zS+sXgIl6DiQ5-h6%}C(}GS2Ikg$Q)4uT{Mo8ppWo{+1dtSLD})9kH$EjNhAvzjz5x zJ|+XU%*1?wwYxKK2?-W+vPlm;>@{0n;na3aFh_LCnh8FQsC6uo6Qh#cERSk2m z--qOw)%YkaDD1fu`l9E62su5wpExc*9Sq)$eAL!dcv-saQcx7f z_stH4$7uQo_6i0LHLnK6<^h-cH&kSW92ghIN8dgYsJvd!@1j4|P+T#Kc(d<3{n7H> zibLzpqH>L$^w~D*wYG+idX~whygF`!u@Bf;Rf(yM$8CS{pSijX&vhVPZ|z;ZnJgRa zb*=#xNtN^F+j9-}Y1EjL3>iZN3dMPKgfDhUPy{XO3eYPG)87?%diH(n1}Wf=tm+yf zDZOy^q#AMa9PP7CoQYwutEgUsUi}u9x_(Gvvm>sm_Z6eLH8CSy#Y@?#LdC<)VKCN7 zJTE?=A)wPpD(|k;^Jb8?+~PyH3v=-?K+Jy>3L3fER1U&R#14Hq46t(Fg7x9ZE}0*v zqKet?cTdek)u~vyXYaW#Drn5T$XL*`0 zZph&CAh&dZoKSYYvMkB9wYBNg`b+(`xo<8iUL$6kz_SlPL%*6`dXPIbE&VFT*iE4K zVE!|e4_fF-&t|WSZCm1snm2z*7-!*=?W8MPkI!CpYj zm%{~XfuyZsQ?bviMPom`=h+BjdNXNKckF(p@?KTq{W(1IE)4@ZMFMmhE5E0i-@sWl z8!cKaH;zgohv98yiN1pSbUM03pmgQnpgQOt0y*q|6`RwT%CAdJPs0*B_AQ;ndQTcVu$iV`ZplS7lIQi+$hY?% ztlI%huAC)k`K-(2iKh~fvasE2=o)xPSa6vA*mQMzD^?=&R=sAL2qyP4e*!T?6tubj z^vW{X9B||Il2x5EUJ0>rO|SV@JTLX)U?(~&A~&6Kr1dNaaQ4o9|6+*R(Z#cz0z2{D z@3ak;H>3~}j&wZ6ek`M8G0H=*+=qCx6Uj~4br#MBce-{p5`QsFf>(0?^Czd$=Iq)_ z_ty7w8auSZsA?er^p2(=f#{Q}QLRX6(xWSnLO1Bm>0Y0frQ>0H`hTh{^LxgNo zxTNP5nA3#5kqzm0r82Bd8ms%ePUPrz0zw&5HoWRMv#sl56%s`!dFQX5n5avsJu&xh z{iXiqmaf*Lcntw>T!`~)TQDT}sN*8-3=V&T4n zutX#=#nwX>Yt2KYOnH}jSRP9HhZB&$KJgt4odRkZOJ*vcw5RRr?n(X7g%QJ%UwQNHg?Ml zAdFNJ%JT|Zu#4-hnzxz>00z_(!NjCvH%hC(wjK`cfiVn@+Rvl3f?2^wGst)(B@L5% z6j665q?Q7mbqR97w4wOPevXH|;45m>J(zdsU32JZRTyNOgE}Zm4{l4?t3|j>QN*cx zIipRFO7YO>HdSPVi=_<5MtIJRWk%`9!azurMAiV^HUYA|mhk(|Q~MBqC2 zGi?PgVTHop&Hvoxb{YSe6S56QO@X0u;b@j{q4v+|;oiuD0MvnacmWaKl}&(GL68fu z%KraFj|xuCS|{`O6Zosl(|8PWw!CQC-6amoj3%r3(0?^ z;!BM2)+RWeXjA&|A*g_pDkY6Jnv(=vjYm!G7{AMi*-Xz=TPtD1h_tBUhjr#6kOy5P zlZq@hH6jMgkEE_4`2)Rl8hMa4cWi>ZNPl?`>)dd~Bf{|2hF3G`M?-t+SU;>A9P?@2 zPWLP?8&5l!pyccqPS@^v_c)&{uOHQ`9i{Cq>Yhk=@#3A2SJGR{ z4dkFQMVSzp{n|xW+mh`8-4!9VI@ zis??-(*mBKM2D-+s&M#`a;D~uh~Oh+TMl(dPcG9s6g1zkLyfHxZi8U!i~=9^K*bj264_5cuyHKcJdc(ZBFlxGo4J>KPk z?ea{Np8t%9@m%FOL_ppa#R&@J|3?^7p^BEyOq| z#nafY=Yn{ZAQ1LN>EzgUAPxgR>~U9<=MI>c7xc2usyr+=dmR&GfE!;V(ytk2Q3beGWtms*S{{w8s%p|P3-*3*H|7&Rd z+UFv_fq8TZG2L646?Woo8_!b6BH|kU?L{qz=GgpCnu2S(tWj8ZJclv#93IFJ9BM@Q zyJ}uaDiQJ@TB{P}+GcyDRKWwVVJinqm7aqGA@ zyTesOFsVCQo40XX+Yqb zDXq7uek^z{bU2<>H}hxUT2&tLcO26S?s&XDfkS{Kdra8x)JAHVZc{ziO2dMY#x3>= zGRN@==@xw9CpzHXPXWL2twaTtkJ!audH%VI0_Y*GQ8K`f=3(JS3;Q8`al_9!^Ugtb zv;D6#AMm}8q5h8TH6Ckwak4mm<@@^5K3;rr#!AiybO56i=t&-DVr(x%*yjOt$djV4@WJ-BjyNwwX+Kd86fBlL zGOS-j4<`qBL7*@F)rRb2(A%h^nby^hy4Yuoi^=@N9A+ZPGrZ6?UvSULv|@OTa?h@$ zN-T}k>mEh#snfh#(n7RYQMXAg3xfFCq!}$DzqxKO#J|YOwicoJud*vlE9ZW0R5|(V zEyr{03Ke275R$q??!sB~-eokxH9&|;c;D~M#DwErG*UrseQ-WSb>G#3QnnxVO$h-} zTfYnH%&u$_2@6w2@W z{I<`Czye9}uJ&2}G2JX> zjodnZ9_j=_)u8O;6pwTJVU`+{qXZx-a@cA}mn#U2ppTYw{hRB@%G+`e7wo;n_XR!*k(> z8k~uHQrI+-CJlBh;Z; zBFCav^4h(fl<|E7^0P3xgHjQO{J|kU*S2+_bW8DYLYY{&l4=-vE*X~NRCiQ&7E;J` zX2>@}u-X9;SM5Mm8VwuzVFn`h2v#Zcr;YrY#i=`!!Y^mp%=6<4`;(Huy-}kfETIJAB&6(z`M-&wv+*jn?vMSJ_^vV85C7RXjY7koW&1|zQG zE1{aXcyfdFy84m_NBY*o(z&qVLoOQxUcA$ZSrtq`k>L~lHG@su?zADErmJV=GnhrjsdaZi^N}{lsJ=Vbe6-u!2tYEdMoqkYf&^kXh&Me~;x&hbzZVQ^DK+ zLHS=8J!d-o&`mV@q0qnR@NYD)Go3RWr2j|FZwYU%*ULWsBKU8L{j276Eg8mtw9J>K zdpkaRF)HyNUB9_L!TV2o&;Fse)K$et|DgBVm%x8~pK%ksu2nJkeB;l&{ZBu%!Tsa= z^8ZhR^An^k%q_O*MsHhQT4sI{iS!i)qi)gr^!~x%c}RpSqWGzSfx-UaVei&Vtvk|| z@0R*f_xW>%2H8a_tl!$zne_v3i+oZ}1Mg@LXUOL6;{{F|6+bHpLxMj1S+PU>5f1P~ z8Jj1f!depa zWn;9*KCb2GRu_Cj(J+t?Vc6S-5*6;NrLCc*V^2l=61}dKGmqNbI`<^}K*9E*b+d2L zT<{>{p9zz9VAz|Opjf5mA@+b-Pu_H_vR^LLU#tc>o#Cb0{(+c&pN^;?s@B+?sc5b-9(0*g__`LK z>(}UxLe`(QQlHc=z4+Jm`J{bat#J)4{|6SWN=`QFclkN#Gkb*mmiKNC{w&Up*K9wB zJ&6kXH`VQYFPt+JLN_Uj&|Qi+IXU@>jJ)?Ze~9>X>qFk$9x(gQ(67>lJ_G=noH@&| z7xPT(&!E-q9-I&K%6e9Su{sw|D^HYu@%SGL7@|#^lFTK()c;{Mv>DW(b*Gv6?Vl_J zaqGI4irx;h?mqwsGMp(9)EocDZt8Hoa=9?~PGHRK|Kb#x!+d>&ky`zYeX_4}WX1$^4DNf4cL@q;WRL`NdcN;9z!z>V%*7{;uhx$dDTXvYiJ~ z38*4cw{NPcvM(Tl?Ry6n-w7Mt*=|;pq=OjKZZ(duW!`e(i_jzB)PpfR(s-bV(s z-y=;u0khI_&FL4;=%=Wk1obyg>i(}fp)94Ap@V1WAo|yj+k$X}5|sZRi4(7>{y~xd zw&y=d`I*MD49?d^{&Ow@X;eeK7>oYL1nbAXxqk3jLg}Au>;DDzC^ypR$JTY)=;Rsb z`mgmsrgC}k&V>$qTS<^9@5B(=>kfoHb^y}g{<}bs=KKkKPCwLH|L{aa1xj{sM>Rxg zqM%gLb`vDq)-mjUiv)BB5$8ZEtAfLEb2iq%AN{6P*4G5ggY=&bhhR68G@KJl=N zASr}xbM@+G@h=K*QwdG^mpJixPg|xC&iQ2;#e5!|@uJ3xtb9sCZ}{D{KF(zT^vBH^ z%ok^u(P-bmCuO#!;U1xw>et|c80s2ktWRS!59R%1#M0bzP zJ3TZ2)v{UTa^;fkjx_+F=1DWZ;C*UIf>p1E?`VWpRMc9~sqlC!Jqf43&fZzG2U# zVM#xW22a)F?B)qO{eWSq7}Q~wSiBPL<&|sVmb`h^t)i;!s`dlW^>99YasIkZx6)zE zb15D?wKME9UH};P<*b0Y?Bx-{z%!umO6~BaiZXDCl8NY6Y|(-cnjxK(2ji#hb-O*< zz86BKD+-#Z|7|QZutIt>tT;r z1JybaxmYEz@&bP_W*|K!_dGLSpb~$O%u26raqkp$Kch(~wWnRJUgFSufde6)%cmRC zvNEzPSiOv?01&zcw|SI=siNFassUxd7(kvE+}*Df1{{oWNvbf!lLK&ZAtwl?UD_MH z61JBKl$AZRwgBh(-J{cl_ig)P24G<<_o_UUmK#veNi>@$kFxPmmPa7| zShLl>^Xm-2(qa2+Q}Byf+DZ1A+SdQ;rP9`M+LSPthyWnv1JHDRC__>;9?@&b~|p{ zhj0`wmE$UoYW<$>;4aQ{humFE91bJ40yZ3`y0@9gD?nR{7ZBEOB25V0sW^&4hCzes zaV`BTojmC78m15g`%tpL#X8r1%W8+=p`)!1Bvsg<1f1_=2$N|{b68spB`UNa`MXIcLP0>Np^0_H&CApg&p2JE|m~~jyD6DOZ{j_oQ9m5u1ncFFcSb=lTf!mdVl!Ro{ zeE+s;NV7JH+G)Dz`Z>n7na66Oc!VQ~CTrT>1DNvubX~ypV4mhIW*JRXkKW)Z8MzkR+>A_E>UbM) z)*CqS)hx5}LvKXa?&79cykktF^lXK>aizO{+)Tzw$4Q@%Fz&tW5#>|07&2E$&3073 zfZVtEg@eDrD|QYsv8n`Z6Xk1a4u_YKqiHvdZhmA_ME?eo{50g$Pv#*M$ z|8~VMWip18^-$MAfkCgUay3PxV2v2|Ed@kIgm3}fT9eR+y@>*rm*d23I5&fh#_Q07 zN5=_LD@<}j@07gs8viQZ&eb;^yYo4kL6na!{V7M0NC-!gJeT%(b$J7xMOhP1*^GVU(kE8xLBBIbgG!M66xKTuDFbvadnS?vdu6CAN7jxp{$u z1>ELdRvtE#t4Z&CG4Vt{n&T^Ke%X8qN?ke=F^4s}O;g6sjT`58)%shvmfQZV#j`gl zGDxv39!DG%2vjYKkxZ07A~iF|-tM3DEep5Dh}&MwRw~;&8Djt}L=it)xGNePu(hsW z7Bn4#NnRsm2)<@BHS-O7 zCeEqCRNIpX8G*Oj383-Ms?Xds-_I1&h?@s>%Qp^2ZX+y_iJ->fIV&l1Qhu?&>o}B| z>06eim@cl77f_1WJR&Gy|V-MJ>gjzkH6noFZQPf{} z>`hDM)}o*qKutZGH_b~5u^mWWt80>6xS4Gv_#s=$eVS~6gQDIy5eh`cD&_|50J{vB z$;D1Tn^0_J*$PvmZMxgpN%2Y>b5(JZL2WI1fK%74956F6OE_l=@T?UzQ_TB9|IdN% z;L11Uxrs7|;J=TnD7HWnnUUM{FclgQL>VmyqIRdq_9sLjs&}7u`P}|j(kkJmjm@Q- zi|@s~LzNiJq)>ta?RP5Yi2D1*1cK-{Rl&O6dIyl>*X_A2Tyh1j5T`VF+Jy9S35^ek z=1=5cDI|y%=N~-3P}2w5Xz*$w=UfE@48Chs4R$RjEhZiv_pvulHf*QL64?KPoc$_rn~ffis?+kWnJ zUQVj&L&dO1-YufRu9@yMHr=|bJ=}i?+08<-{0rc-R# z%rZ$kQF#`uww5pjtoyL7N|@uHJCJYH9e_3yb5!l9%%6jC0-f;lqy0}I2*`Y~fwgt8 zSLiBzoP+hrY?_}8Zda&L)_caIS!J)2EZ6Nk1xryimOBRIL7n~lNf$C15uW9dB}K<} zVPY5O88i81X-PlVS`ZSJ zr@AAQ2Vdy{q6FQI>{3W$=X|0MfOT)A_>`<49+Ubp@)*QlQ`R7x3(}CDe&LO+&oxN& zN933Nl5P=X?ez?Cx3k|c?M1dQYI7&SJ8@=;nNb)QrZO&{)QG}r`pXOhF>jlW+ky7} zEmV+cPcxvrE3A4s!J*oBA_!o4Qn&8cyoZry#JaN8RkYrM863EHn5pgaPdWuO6m>iZ zIyfw5NzxH`eK4^v^MBg=(y%1czVFFw+NP|r)!b&f8#A}c)ZA-YEKMvoazQFb%{@U- zR3z(eH*HbLmC9WN#|2TqrI{2H#Z*8O0ZS1Tl@yl*m-n){@459kp7;Iqet6&K$WI)K z=kj0A>-YbkzstPAFW9VY$IHPIUD+oLxA*$u2kRKqEYO%=D^8hQ0(rmTV#HYYPN3A3 z{&;#R+6@=-Q|(w$g%#R%A^|K=o!^#Y5IdLLozxg4qg7ai3V0d@8hcbqKD{61eqK^C z$_t_d_T_qBPiRmBXPMBRetjxF-mjP!pG{u@@@o_&*=5}x;QR%X8|P+N|M4mbzFgSR z7x@VqqGv{{O@u$jl{;SP%(D+`HR{Sp7RBaeO|7?*_NTfe!dU=?lAsVhfC`@fwJrhr6!V<#1xLOf}pa)c@sEB zL3AMT`j;G?f^5}jAK5N+Z`L?tLBtnJYkyGYOHZk_;o zoI89QGrlMc{FFW1dD9!|pgVrPM4nrcVXCv1)iTxSF>ximuc+oqp*@s08F}wY=`r)G zD9WdW-s1^aX6^*SKx?$h-^Tk(P!9#~eZqnx%g2*daZRz@-OH&bBMd;+3`3g2UjUI) z;??)21Z{%e+2S+Nk8QDqIsl0WrRx=o0{2RVt&&*L%)e2&$lbvIMa20z4T_Y0`!^TB z@_6qQW@Gix&%~)Q3bL=^SaHJz+qn5G(1TSd(gxPAC!V-Jy83?Ove*9&;58}Sa+WR! zaibrH#%(oxV~ctB`q%}}DZc_}WDbtp*v9+KOiKhH>v4w5i11ydm*dKshpQF&b)&sQ zl9HG?;eeT?->H{Kh5sHp+lHe}TZUED8OW4!4fx?_*zv$CTNFFmz>B5~>(Dt7fS3Yf z%Qk!o7s%r8WC1JF)UUgNjF}J-A4iWb#l}R7l|FsGL|#k--fnXDL~Vl!^yI<-0c;#Q z4r)9y`h0nl2@b%@VnQl`q3X{oH^q%e7DnX`J&R+@GX9$3{nn7>98~z!zA0XYF|SN|f}XAAmb%+SmwIXi4)%3IM^hm92@O ztW;h>IZ#GnW@m>gf^OEAdecGmUZc0Zu7qV%5BK;AUS|9Nz_afzk{lF_w!bhAcAuJ^ z?aDEs{8gF)#h-``VYG$)xJKc*697}1(%Ej?uWy)|ntEG{mS6vBCUNHv{5P<*ib73I zO=b&bYhvKuw|_;3XyI{e{aP_E(&AVa@lZ z;Q9e*^p|`96N4q-%YQz6@Gxd^z8m07`10hz$sgA(EA9BHb(3(nSP-KvczJnXV0kDy zCly%U061;A>Hx6v{#cNvygdJn#!bMpl&$g)B)@T8i;->v1bfUHG>Rh$1bv^+3UI>XBe}|4@CVUt7^Aj9P`h4Eb zpk@b9Il10@C>i>IsqqnqoB9i)ytq3qhJ6gvdLfqItnn;Ka62t@0?vI}^m!*1Qdy~QI!IIQ>xKGsU?XMm6v`+Nt zZUd}g-R;pG8!I*?T_KV9NB=V3W&7*Y>$5D(k5*L0{cUK=AHD}feS62Il{TSygR%^t ze*5Y-3H%=C6W$ANNzaEw2KW8clIU=?9gUJtY`0XOfzV+HwWxNqu8otfnz-%J(!-^OStp)n+BT z7?jndF?Wg@h0R@CD$KQ?klnvh`e%p|ZC5%p>cG~wwUM9V?tQug+^KuZKv~PpgJzkP zkppk&*QEQ_zm9Hf84}d!aWIC#&@K9cn4gSmD-IZ2$$z!mW&x{9*T5W9k1pNoTw5FL z6oe|@dBe|Q##;UH76HbzlJ+^sV!mFvG`c%vYh$H-x;LZJbr}5|>j=v3fU_6k89{Ff2vP^-#O$oK!;Se18lNV@F ztbx|_>NaQg*OeO@*G$3EPG#qYwdA)OyErT-84{2(I3ef4?*pF+3MCE99W9XXvDUCL zIe&MTAROIt|IgBeL+K3*AUJwrhM->Fi$I`_4HV)v33&C}dW=J*I zMm@5ZMtSyJQm4`H6RZl{4!BKDE!mE1QoCn;XDYEq*mybG#Z016^V492T7urNt=IW< z<2rSSVRSZCGTnWQcr$%VisV<{4Qd+xK552GZ#tl`VWC3rVeEV7vrXtD>v*Mp+?1=}bovZejSH;n1Ge``Oz49!skyfOH&>gu~U6}&)gMNpw%tY>s5 z=?F$L7&-93KJ4@5(_IyN+mk0zkF$-I#M~KYi}`DBx0pcpJ)M>R3iX^b3Aw*{CM5n| zR_|`f(#Ja!qu!y7EyS8qtutq$)ltVOn4z8>W$Fp7!<#1Z{w#zw$5&0=3yBxrKFNxU z)LVDV@)4N+#~bhI#*v-UPwn>F*AtUVKR3-pq9pBAeLb@_F{1WJAL&fh)W{>M5m!g%5K56}3Yb%;{2FZ~1 zf1ehq2YJWqz?|%r{TX=8BcN_#jQ?VeIsO7QXJ3ju@1Tl?pR$=}Jr6y?sOS z$$cRSJKqUO5{n=A$+2%+@%fG3iJ|f6>cDrw4My*x1hVkts`&nARo6%Mm7+rp?`M`? z@#&3hott1mt#(SSBAuRbjVsXM^mTaaZD9T3hto>dyQp%f_gVY9w)a0Bp*V4cTQV{gkf>2d;RIlr8H2D3NM_gJ>MCyIIc55yeZ z2iYaT@%J=n*5gYWN)1w=?nRq}lr9YKcsXNmUmRLvM1v2;MgLZgZx^|*5eLIz0 zyZxRYGjVSCvQ0;+zQY>HX!vyaJEK!?hT=DKj?GYMCestuAHnQ|yepA2uceHuDkw?W z8SOo$d#IggoZLA0{MC1(m#ykdQoLTsrUz37$Es~)*_giGG_Y-A<0#vt@nJQuovOQT zf)VBPIg5F9aNY2xP?(4Deq`;JnDBgr$+%`l9S(_Y;L-KHRA(cJ!R;nAl-W=X5D@P^x{xa*s|4mGtqrD6{L+yU^V4WRzL@ z=xuKQs~tI^z3iQM>l?wIWxtyvLt_q8V9EZA+$Y5jwgUG1S=M7?mW(i@p9Wc$y&&~BTfA{ z;!~4K>*Ibte*$2|;M>4`xcFdyFIB7XW4@l@!h`+o`?>~o3gAu`YQ4QJWHBApk*FV4 zY(F4%>&A(0VSLlpVBfaP?Gv2w?pY9JdyJ&EvA;epyENJ(>gjJUF<`G_*_GV^(iVq?nK%^B4Ac0Nz-Cp;{*II@xqO_lIDMw_p(+%@>*c@Ne zFD>gcIA1UU4%Mxd=FGYrluKY#1X$Iwmo{lqCD@Up-kbiqy`g+PzC-vve02Op7zi2^ zOPbr-V54zP#IKsiGLP`G(vuDqW`xyxr8#!h>t)j^*JeKDKBf@ij*y z7|NYU&Rp0SWp>ND_+(4uEHiO4(++IqbfqGkKNogs(=!w6r>Y|2efI9w1l~TSvt7MH z?SssHtqD2;Lj!gGvs<&5e+)Fp)KIdnGpDq9DBHn)uZ%hq1oVBs%&U<)UHP!nuEZnj zkln~bMrU&WJ!rQ&HR8gfwf+|bnD)iXbw72;;n4U{i_h0?lg!tZQB_Lz9itza*5&9% z>lj-uUAA~K;@3hw2tgajEw-&!%AcS`oyop7Q>Nq1->j7HkjW;&9# zhy-U~K9DAAeIAQzeCUs31bbp_5@#Ab3VpVQC~4T<6tyH+?(52bS!3|{%%*3%2@e7d zUhIaHE0@N)~EWl^a9NGX_bfA8>})V0HvGZqH!A}0wABo7$< z1G5~rE}n{e5Sqd%5N64z&SXWS|Zj~;yGt661P_s$5ivn9^; zJVe@w^#3@oW2H*&g~2^5HF<+(h>(_XkYp|Tm-T7GQGAZ5Q*NB-dh704gsw;B;jQD{ zKgubC4MMEf`!7$jc{aZEhmV>GWvy$~&U0sGjeag_yes_Dnl|F(7^>@Lv7bkwS{Y-N zY|Wm8@M4VDJ&~r+pM`Ip6fZzZ=P4eaI36AQAugUr4Iwr58e4Y^U$lYWc-~P9j>zlF z&Dqi9tnhKP{oLB`Z6ac{)a}-ctPAXj{snVzeZeV@t>ZtfV;V9&R2W#oIj|cTC|8vc z2WrZF-?rCqui4$kK!dtzTD-Fv#L7HwgoZs3q8t3%0Jz;RB4+{j{MH8)q;z;<%P>;B z`BTT)D;_gRL`MUU)IWN86D-3Ldi-W^PG3muRNl!Ew-}e+jK-n6c5QZ&hS3LZh0xpn z5u2g}L$>5C`8w6sWxv#1``t2Y?|c%0|KcfK%Jooboef4CnLeUY89Qxijv{5r?# zOCliKOnRf>`%eUqs6Ni*R=%yA`pG$aPAwAd5jCOt_*7_Uf8}Iwx)jk~8yV{nl_+j; zD;*fwx6eD$ZbY&L=sqxriGWYFR_oTxPUnT^9)|?0(O|gsMJNwRr6^rGQP0sErbL0G z+Fys6-Ii8=AQQLB11e{&zve_I%_Ym9m$484Lt(mY4>UMW=GRtOjbr>@X3wGXx(M-) zqC^dWK(ogB@zBL~{&PO2>K~8>aqSQ(68UF#7=|*k3o^Wr)m3s|ip*0|uzfSWFih+? zYb!aDVXU`cio3-=YfIhY^?#Vj>8vU^kyR^(+J zu*;6%w--E}TbcDAMJpMTT;CRn>$Qe8V?)m7#*%W}3|^1}FlvmLl~v)6;#LbQK_ntqOb-}rC} z${#$pF~rWNIX@R2zD1F0X~$`N*j2aPz#QB$voCSv`@q3qn)(YNPZcq)M6bfH0e}c%-hJE z-5dBVVN0*ZCWdYXMo@$^gGyN%9$C>pA=~W9;Sr=+v8_Q+P>-b+6FT|kGW^|4WI(6) za812G)PE~yOn+^6Xd#qZLRhatj=@&KmO-Kd+=;o)9H+J(QXz+=gQa9(ZLH2}V=b%& zteSKc@jz zhH&$Mei}Wx*cTIBB(mb$J2+Fr-16}?>A3rJ$M?tug2n}~Jsl_O(6qM$Yu#)6=c_TP zR!`pcM_DP=j_&a!w131OQlzwOS`)yPHx)=@n4;~XBowx;ap>KPr9bC(&8%(jG81{s zKF8Ydz|_VOUG@Z5SL z&r_Sw*i&0!{t-n*eTaI(%A2yp(J$Kmgi2_Z;;udB-n++%cUM6`vqP?~TMh;pz5qCz zHMr(RLE6>28lq=%||`Fw@4f5|)%Yw5VMp?&#z7y!*U*Y47Ken_|4igx6<^M`IU(rx^%JxOb) z-_meMKX0a$xqM6dFRXTrf?r&HYf~sVp#DN90azQ5p8dEpCKh4ECpEC!#NB<;%-k@U@?IVez6r+D}p95-Wgt|!bsyuugtcs)B))Ai3f1oEG0HEL)^m#Q(YlY zf(F5&eI|R%k0o>3o|6#u*;wZn*dMvU@1*1I44bVQR`X}m`wLbHe6QBwZ35NvYN3zO z&DBY=XIL3%?sN~br){HK1mzYh{{5zQip5jq;t-D+^s%v*82QYY0q8fIo>d*;M1{2z z_Lvc9LWJ$86UF24BU@giloRYRYsp`riIG}5=YlQY1lX7pbjFH;dy?^p?BM6?36iHa z>ZrV9PnKIF|80Z7o$EdKLuDPNNt&b#Q2w4mN=OClgF~QKu=P^}A(&ocfl$@Uukd#w zh@JJtFg{TJ>FP0#cvTUK6gHOP zWaZZKa!eHPevpO2rMZBBt(tbfr!mG-?9lI=$`im>;M5FTzI#ZqMe0)KkfzZr$?2vW z2Ya&&QO(i_wc3-B5}UKeVp3>;nY**ufcAMkz>sNqERa*2MI;jWF;`a2iP+U7If^@rEeCFNj2 zSm=S5qpX5u7AaE3tWyfyOAm|4tu-q7{zYzvG{7|U`C2iDR)HU^hIoyG60@dWJXII{ zkd&WGD-PvB5gOGQiR?767*@^O@1g`)A(iHiWe~I_9xJQ>AlV7uR8%Ck1;!vSgvi8z zzRS%3!xm$IDAa13wy4@lH22WIwq`bS>iF@CRvD9JwL#EUyu5JSg#3LM^_5Pba(_|^ z+Ujn1vq$AgrM{>(Uh70_Ff3q;D;@#tETia+AE}o@Y_Ag5ac1=JdMga>u;zOet%^S? zh$Z@D9TCM53Q$MM_2aG-;`OmGqc$NZQT4{)%ZdRXZpXcfqNmLhwhNb0`~s3a+#!E% zN%i*{Zj!_3X+`_78K)6jeovPt)E-qWYZ6bw)SE1R&-L7L)*N!aRpin$2ty^+lXS@p zC+V9R6#9Iw=cFf84~sk?sUTK7U17I}W8+kJ$EPfdZ~&F=shHc}*}d&G9hO}C#67!MjhN4*kIA)Cm!LJfvP zrk^IdLG*=XOJ$yu76k8aH!9r$vk!WjZ? z9-9O-5)qZuca;22Sk~*VFZP&q=>d!FmX-zGl?-r_$)Aa2{r1_x=I#ssOn|?>#oDMA z{xZxePW5IoZPdF$$dUD0bqQ?(4^1n#O8Z2b6+zh9bl?V(0hocRhBR}N`pS~HLKOGf zMV`Y4<1XQtyAuK}He>vq1Qj>@u(3iO9d$ieUPs0Q>|S5Za7>;3UAa54QjJjC<68ln z_Jmbe1cIR)aF=j~?VMug1&Oe2)-pWTs^xO4Fu)Xd*)61%ah}WpW8u{nMREf~<|J&C zV~ldF;DSSNUCH=-)3(A2gEc_BvufV2kqsE7ZPsiu4ro864bW`ol*x<5^PUs#=e;C{f^B{5|L2Dl9*UpRuS_EgWFe#NV8 zHfCEmBxKlXrggc9Cn=8D#AL28i8}!J2@Ns~rCO8#m2@59*@lA%AAoXiu?W$;VnOjc zt}l2{NoT0jY|2;n^|m~_`GSX73JZjMhzJyz>tTaoUXFmQ8=r&8_!Ma+fx%utxPyaD zieqRe1Ni5y`rd6wX?~E@M^N401x|EJ(RwC&L(B`fkv99h3rlg-NAdNsaLi=3VsYW| z7q&~bI6E#t{Fc!ybvs3h5g0e|V)LtJOTVo0^c*4t71*|6LQDHm{tB&^*b zAq|r6+=B@4R$GymTkGD@`!6o+qq#G=DMBO)Na0*d*yu%q0RspCuxg5DFqA{)AlyOJ zeHOm@BIh0~EF1Q+mXyJDbrQo6yp4LeW=#@=E`8v7yOPs~FK*)w!rX`{c(E-yFl#+k z@g)I>RG{42is06CLYlJHYEP5PSt^K2v=#;>GgEH45JsQ1?U0JJ_3kg5lK(1>b;9K^^iskT3# zi}nfu6D#$&NwiK%N8W(4zelBiI<85R6m_%rO}j!NNL(au5(aQNFfXRI$OobgmRi&w zc%eHDc$p(K#SRBY6B!IP%u63p*nR!E)Db%A2nHg!BPm1dj4yLR7nVQ9_D^oP`RH5X;yQC&IqVsx9ubN2*@u0wI}Eq)d)1yUpTc4L(1# z=CbLVGS8kA8O;*{t|Sa*HlrZweeDVzH2wS^?+?PPyxagEVu<0*z=3wM>1!@-h5@4G zz^Fn`u;T|mx0Dr`@AJ4KtoX2d00a!ADu8k^gq$I6&Q|$n3J~I1!m%PDk}>DmyvSW< z^RzoO2Ir?WQyc|EdpDp($Vn|H0iiHAfIsQBbAJ~=sZ6VQ2T-}HcmMc%CC~sBz*h-M z5e8%-&G#e?$}$?8@xdzlewYVW;sF69k|ES!_J6J*9#2=ajX%sWB?p2DIzkZ23k-n* z_lFZqdi1ceXCmY5WIQ*~l_^RGT)ov!KA1MREAz)5oGC9lJA1B5OJM@7QQ!@eO z1s$>FMkLp9HH{*CU$1cy8w1f)xhN~h6yy)(xBym&vPMQt&bJCtyycB}?tOw9O6{<(}&>w?Y zx&Q7qV#C18uY;K)Cm>1z`$j;@kzbao?TtwK;I7B6R$0N{&rXNjX1!5Uvw0OxQ~6y8 z5SQwScwjC$g#joUa>ZStjboufWeH)!c0kYCY(Bu+3g{t#Uzh>J%2}hVV|--)2dwdb z!qG3~Cmw8XG@~QOiV$PX0P80KpyxcWK`*$7k!#`VRT+#G!S$vILRyBC*H@1%;-(nq z>uNYWNi&aped{$yen1S=ADJ9-Pgadw1ktm((X9# zvDG7S6EaoT7{B{;ibpT6-?p|m_Od~yjjPmizd!>L2zAx+mUH}!;gbjp=`LQaxt{dP zwwvE6YJRt7!-?+{w%x2ZQly<4s3`IY!uTdL5`Fzf*M;YpVty;HlT9<-_@px4C5emZ z2B-O1(Y=Y6$-?s_5;0&e@I8Blu$o{ioRL9(c}C!G(=^0Mmr+!+Jad%0m@aE#cT_Q{7zoK%-zYGjYyMs5;+Uyl$^oOYEY%J@{7XTc!Pc#dC=1j?=F{pq}^;D$;oqL zGG=WMR)rtPF80#|9}GKySxWGQ{k_}e6~xiEe`a0`9SRSu94W%+Pkx?75}lDij_;O56j;_V4{-9-kQBP#&SdcHvF5_=0M!DbQNvPBl4` zJNPr@6V<_0bg5k>ofKzC_WE}X+Wk{hn@Ky?VsWOhw?yW7 zVP_)DO$#cOX7g#Cv0x{7Hor)R6Skx$TSO-<@#7T!rP{xyZ`m-A^`4EGW0^tIrkQOS zfQYN9Q&&cnI)6&{5 zTjwkpx!6Bsi!j>B5(n^XsBCRTU{G#bj1b|R?H&E7mTp6lUjECZ{?a(^o6?8;i>`_DRkk6mqq!0 z?E98{Vzk)C(2-FkOXzg1dz3r;r6zQ{V8uLuzm#u?MFE zu9Kfq8P|82;TWPOFm&)}rQidrsHB@N8LH~Zjv;8R^q21x2Ne@$9$m5myd|Yl2GI?k zg$rS674tEifS`q|GpTk(ULln?OhfTl<0n0S3mYy#&f3`FB`nM7Y;#9A?OOTSS`ZqW z9wpBbmTlEoDZ6b|DfL10g6jCOlFRJhGW#o{@bO~;YEoK?$Y<1?fN(`Sm{RSE)PpL| zv11-DIC5-U5zG$}CB?XtM&|kYgtY!d(HB0;uU3}SRhl`caVMAK?g#h9+T8wIJ8wf{;cR1$nWLHeb6!u zrNb{oW^QT%(U&~_RFNt98ai=Mls}SS)QOnsWX`8KjrPyN`NA zV{}b2iRF|&Od>uKt7Ty+=nocdftIAHOxy>a48zndEMI>Sq*PiK&Nid7qwzQX=A~j*_i} z(}na|Q*5c9894xPFAxoVOjYS3c8Bn7HH=o;-+5gKb!WFrqz z!nH1*Pn&*WR28owfaT4rtbKy;5DIaorl%GXruA)VrT#|yP2*$O!@n)&#VlAgV+g<8 zTBRxC&oAplZ6K_}SW|@6SP@i=yjJHlbJ>oX)|RzjV3;^kJ0O8POppb}?lLEPm%GM3 zo-WI*brkV;;#Jhz2#Ypl0|bPzC>(Wcb>LA^z&~;ZW8Gy@N9pFqfq1C5;L@}THH7X< zh*4{+IV12ESCaU$SC(>v!h5&ZuZw!0y{^Sb$F=J^U;n!{*E+OE+djAHFKR&qA^bNG z3iot8hD4nv;Z`gDi>>Aof6=JZCR_G396TS3m^sIoCt|`QmN>W~iQHLzh)4a7Fco1` zs5ZxJ3&Pszp+7p)imJU_>1e~c!5!k?B=)9@R-JH*7e_U-GHt+IhwgwFr2^#j>Qxb6v6Dc*< z*0`s(vz?bmMmA;*A8G2*;ki#!FQw%wLU)2!PvJcV?u2 za05vIE%uB=Oq_e3MW4;D9EFztKxo;+cD4k@^u_NcS(le*TzwocnUD&FBZ&Q}(}pbp zO($1H^)BUZw_-|9kx$Hkc_^L?ycG!~jxuYlNyW$Rw(ESim_E4>ojVxag=tQs z$K?3%YYAR&7KxeD$ZFQt4MnM2M+E$rBTt+1Ww#1ST9HrhoMG?*QQFg;@6zlDvWJLX z_@fX(X65s?o>v&*vx=j5d|{6+lId#TE2!+uD9>d77BbkCaV?Y9pBEF`2E(~Tu9hx- z`wPA65a4_S=#BgE&cf5NfP`bh<&zgW5%A|c0{kd>6k2nP&;n4r8b31h6Sx|L2xh$W z;&V zfqauTji?6H#DNYg$6d-C{w?-jqophr+_{bj0h3?*v=R+Y=vV@Q*d{F;M`Nh$S~W@} zRKdp14O`Nq%k-4}oH9X#$`>{dWTXyy_7F{^+{Nr&1?=i<3h1vdC?ti+jJg`k(*meY zlF@+otIu~`KmA^QA3@S_C%ik3zVt3~po^lf?r#XGwm@M<@)vCMFW}4l5X)-HH#k@x znPT|fy|XogZDvx=Q!9^xtyZb`#taDUEIPCHwU50lO73RCNcAL?@>_vrmhW{V3$3G0 zx@TJB#V{AD*{-){omXsR#q=6H5=kHVVPy5XycNKD?&YT0p84Rhk;|t?T5^stG7A}5 z2bT6S-jAr2Q}oHNAuir8cow4H5+~iF6PJpk$5CgaR)*%!n-pEK#Aw{~P}Zf|PQ0tP zWgt7CmmPm>*o+tNF({r5;B^rjhA@v1vngY`F6BM?vp?8N1ia^-36pM*lvde+#l8Ad zyNf0_*+e{^%v}7THBrD5dXmgZqzLWUh6652Rvur@R)e5y-w34Pq2A=Qp7MRx{Ruq3 z*Xk=(Cpq2saWkjxu%{Q_>| zR;RnKj2!bm3gu_Uf50ZAveRtDvAA|iW*6ND_VeB*OcKj^gb0DQ+{vzUyvAmFc0e+$cG5b{ zbmY{%RT+r?s6KVwc!6IEPI!8pACrqYR>BdeEe#w+42~yfxwY#0z0fi83*g=UFGmdP zxJ+S4F4EPIkve7jI549Bm` zLfjZ*Z~g+=cQS*CdRKdy4 z?5yca@bx8eKde{@@bQXm-zB?&>_HIJ*JLhXbB|%x+}?=MMOW79Cx*Jjdc$3GzuvG9 z22v)Y+rdiiz(;>bY|~sV^^c0Nu#@xes1COm^cWoTI=Z>FeAqhj*sm)RRo|VBG$CwO zqb(wKCK3GQ@#c=unEc&~lK*-Fj(t(jHOPA>G0+Xid{mQ~G_1D8Sd%y?DT#v{G0?w( znaC7NK&y8~Q;LJu0Dq6WGxmIgu9aKg>SWob^*KMKeY@AL^6jamTg#8^JG#;kZq`RA z=;8#aFTXzYuU5#)lizAtuGr-N^^f(E{hu+K-tyWV35Qg_1Afk*0i7oPdga#t0zP`} Af&c&j literal 16323 zcmch;1z1$y);~TVC>?@;fPe}}h@?ozP|{sPNyj*Vbax{m(j5Xy%uqv@BB8Vh14DyI z4$aW;AH4T_fA@{w@4okWpXblRo_)^RXRo#PT6?eaS^Jz5t)ZqsOh8Kj004*;U&?9$ z0Jm}g0BmJEYz$@7)H(|Qkc?53mDcgX+M4JN#^wP4sw&xIrl06-<4>RpbZP)ylud9;j(B2$Ov)+z!4fSK;N?P>CvtJ#R2Q4(Xcgv=!_ z;MEs@K{4lsc@@M1}ima_1Vm|B#@+bt#<3)k%nVZZqo{o~OFM!dzLd2tz#U_2>&G4x!ZZ z%|7>Bxa0K>vR2Nw`BJ;I)S%S7;*v+=_UHr2)*WY}?POW&D5wpgQFzG-6g?JTc1`=;B`COzq&?Ft=DPur<5Yz*d}TD|4nUVr7CnOa=AiR_)IbF{iu0pC8n zO>co|Z)JG@O%{yGy;EYCITv8@6+k2kVoBe6$Q%w4`v!lTRX^T8&pe#hY ziFCi2**Fwx$FzEh%NJ?V_ueh+u5;H`F@jmCZWc~}=;SnOXWM>1o<3P_Af5B2_FDd> z^GoRtpz(IsB2UaCaHaCJ#VkgaC>`8BGs1k*&K-)bB56jE&IiKu%Go2liyl8I$c}LV zx>Vl+v>x3K4QBorW_MI~#L#jq)njA%7C$6^v~`ZLcs}50#dAKO=-De8d9`k*_KT3% z+3;I{il4x_N1xZMYPI&S*>+ck^iKni5=M58Lz#GbCSR*fC6`v}--X)?g23~~n{gBF z?HpsH3u6hAvQD(dlrp$W$#a`j+`4|n3l>B@$&9$`*hgh9Ym9I=cbsIJPv>?EVf16_$ z85ud1?Qjrjpkv|hf4nnu+S}&qPs(sXxBw`n`KqjXVn~>@HyK;?HS;MY!S^J6cV!?M zjx<@f1vvo$d3Zdn>GyFeVb^iJ1+CbhN?i2!MMvk_eA5hTS}X_>T74T56dY0DH%&xD}8umh9*tYUpiFUy|bB};4z4uZ~oovaR z-zL}alK9$7o#KJa^OL{!)d-NpMTE1WsFNR-WzoN{pw^t@lBH-j~9$70CSc3EFEF| z6?|~ostO-}U+^qVMks!IS$TsdDMx7U<<@GUg1DNe)TrTfSjb(ug3L`1M;jYUe_}l( znP5L11^1WqR3^-9fHH{1;r($LsGMtFhSm9#oI^3y%?uC~6^;GoX5@_`TtBsVWIhi* z{lo?5;>@|1cdz*4-IR-G^qx51-`;z#RC7{mQ6`t)J^SuaOMSsivwQ#QL56~JjI@WE z);B9JzX9V02S;`&o5m0Mhw7@S1RLXK{TRu3kJ9?3|BROdUfCuCgd=j<;m%fDvX*aI zsI*aIk@+d9Z+u~um6fqRmBQ{1+&8c%cW-ke&EFZ+dY?z%zKAxqy(!M1c=333PH;idEAokaaBw+N^CE1n6v z1hoXqx^10xH(JbugTv}eTkDk^s&`|XMyg|XhHzQtSck3Ca{``=@((5|AAlIz(%*$j zGz59^vBJXBlxX>r?yrRmEvZC6MOu5RSYs0nP_JRne+zqSQsu-u?juu=KsYNgh0hUH zH9Tg0<#GEUHWvfh&}U|cKjbm7DG@SJUfFTK4ztXKl)k96PFGPDgJUocgO{3i%&iqcmqp4#U(F(%lFc&3x^H-YnR2h7Zi zF~pnRsa#Z-FC#1jC|gjJs0FQGeKzF+d+y1U{5jI&S>yr+9<% zt43FOSZ33q>Sy|Tb;@Ya2l_o}1Mit&J2_illNklwj@~$G`t5D3Kz%vexGPYD`l@N{ z@371^J5$5ugWVO=QZ{}i&bigtJ96i4`SV*jPN@eqV&iNu+-TX??C$OfjE^zXH_A)Q z@dE#W2myN~q^{DW=HAejROgd85}cbTzuqjtPYpRWGvg?Dr5Uql>=6ht)P84yqUbry zU)xj6=s?Fc<=0Zi=xQ{xEsPES^oO^Xy!Z}oXb^mC9{sFF|2D?*1#AR=*242rK# z*0{FXdFn=g$ATw&wYAj9W{!Eqnxk|u%pvcQgirLrr|c%{fwk*Hu7f^N_*35!O|G>0 zDl4O>RQ!l6X}pJFJFDyK_B0V)=Q!J&@_oPIT^1<+2Y5-3`D?YlbEOh>j4h#kTrI`@ zN#+@t{U2OG+?|w#+K<@%u>mgu$~43B@Xg8jj5!WiTv634M$5c#GT;gCgv0YjS9)mxKUh?U)<&!osTW*g8^Od8#0_6wbg}@0fp~E zyT$Etvg`nPDcQR}?oLjUVU+z1Lb$WwrpOA!FPneU+o>5;NighU4Lgs4Yf`coBT?w9 z&x?!{@4^#{6|s2m@Yfdug)sO!(Tu+L9i=ARt5ZpC zM_>hft%Vz)4Ke%y(&0IcXS&u?JcPU=@74KWJpB>9k_aT#KX@^%n+KO>7j58IIdxT_TTO zP+GRm?<6>360v-yXkHFAAfCT`|B4pAL#4mC9F5t??iO+{jqC?G5aGUh;LXS7Yo&>B zf4hf~vMXruR(0&~J{J`s%SWI<&Z7@zHyt!C-WZqn=BSl2zBf#G`j$8QCpI9cp-_mo z=kWgEsw;~f63+dkex0)51QM3dsH%WBB?QUCK7~oE?_e^tEX_izZ4id%PvJB* z@(4oO9*XIu*f*8ObD(nWrK=63J?V|rM&O1zy2UuUQ6O;JaUg#+ms`Mj>r1`s$}81g zxD0}UBog1`JV65UCn>oO0sy2CSCKVOQ}SgHB@{+1aj;!(-u(< zMkC;I?$fLDorI>Zbjoy@u}6FSwewJf5l48|5$jBCe^-%fX&or^+gLRqa-m&w)2n4U z1<0upggs5mMGb|BZd=?R6*uRW6+C!T`>7Eu#uYRbsNQ`iuT`RbMN?(= zdSTPp6E4R+Zoa4|h)4R=W;`t&9SHYJh?er=usZH}%S^ceUfZcfjH0&LzorzsDKv z7yu@Q<0u$l6y~@DGIYremCi_Wei@_wW{3y3tX^si6)P=esg%==_1>8hp8gF2EV0*L zY!W3-Zk1aW$8yKvn;IEAz@#9&oD84BXJgbwb4a`)7~6Zg{HzZ`{BUnaZu{d(^SgQj zTUDacnj}r0zO?e-pMd9dIc+hmPjBif70Ww6RXQ07MGQd&OgSs0-q?li*Si-KWiC~G zkqy7J&pOnfB>ZC~C_kz6F7iUZcgP2VF6Ncx4LnCRAW+e8TVeckorQlh7L)a*yc8op3erFkl}{w*TrgWgYPJu z9#~FVr<|V&M4hlr7k3aWQ-{(9d{v&t1%_RA^orK%aGvtR3{_CLz=^_qr1`}nxwQ8s1|&hcP!?bu~D9eqq*5UfvawD6VG=y`WT2Wj3qqHMA3N0#-bK3!a@MMOr} zZM}|}F9t^hbVm#g!-J@T-cr3CVv)u{`+N;$CE^1`ej|+U%xTvxH)bK8{~X%|E^lj8vAd z*O_Y*ehz1qk(RtD06(No>~Lt~w@KXfup_{Whb8dX#f zb*pr-&NeE3K_)U>EiWOPlwhEWZ<58mjOV)|ZJR%hw0b{VjHwZw`0mo;`m^=dzaF0X z1lmfJ%sEVq>UgVda*{mb|6rM6UxCmpD~{P;yqHNx2sXAw#D_?T2BPoRB^A({sS47XyeW5sEr(&Mt?MNj~C>1*`(~iMck>MA*ZI4Zl;h=CEynYCNUjk zh<0B52pcoax(sn_N5lj|Y{{pttHp2@BmItNJu^$HwceOe(yjQS)*&ljp}B_=xnm@`ld*OvLrY@$L5((zU1VaW<6*7o^xz(7QK8@^)iaET z?`A|MZo(6P^eg!9JtjBxs`Tok76}njD;;ADIKdi^DMvl;cp<+)u6t6`Hu2&W^X>ci z_dembC7Bs&g}l0JB=Z5R?!tvRTn@(wA#;Pz~#o$)MoQ7(@l&0 zysIwVnA3|3`fi%w)7H!ogH4g1i%Ez6KF%rM*>(OzGk z%@^M&_=R>4-hjW)hDJ(ovP_^22kw7lhLZ(~iPBA^@<)`Co0SzyhVf zK6D(Gia-rRdILUHwZyKtEYkQ@Q{cW0HGi+WmwGkxrTP6M+ZStJ>Y*hcdwiTtdOhf; z>t|O?Ros5V&V;Xg+FagBD0|JmkG7ek<9{mS=Tx!jpNx?I0cQCV8|T;HUo_3UO?~%w zK?X$&aNM70j*kA3%_FvlSWVy9mRQ+$((b}cz8LCk>OA`G@tIV_E};z}M@2%P$%=G2 z`~B#5;l?ya*&C#Pz$@)e}QL9)B}ykQg(JaLh2FBBvHyo2i$l zf|`yB0^e{Kri|`r5znG6-D+#>Xg@B}b~(1>WbfDS5`|x~mA&_naq5fKa7xcT`vJap z+IIWqK70xfoC2HsKS`+K+JHN0OmAMqZx2geXUjrxo!@^zbF`radesT#ej226W1pWK zxq76Tq#8RC&|iQ(zGQhD z;d*UC)aXYxblw)(UY1!AEzA_EHLR3B?1BLV6>YDC1oX~}ZZPWA^h;Q=dVGqr1h!+& zIomC76lUK{6GiMmhyl%1X`sx468rRrh$*$w(50+f13NBkzu|d#ec-VsP2nho)Oy7Y zv5(0Xy}d9zP;mL8s_$nKw_9a`g2ZjUzx|9K88AvT2tRMOUpye2+6CHS@|QHJBICQX35 zv?xZ#0?M~~zA+Wbf$u+f_`>dj5xouQvY?6TI=Lj}v+ZLdCnIAc)}Yjt@(J^%)0jja z#W0@)*wXmjz5)Q6>)%u5aY-9R&5aQSs>NS!Abpd~Um=#N!I*4q4e6V?7z;H?4Tl!r zoc~@&QhnTM5nNS4pi9ea&=^vBM8>C$kI+Hk>uLC^_Ye43H17mRatxDuHbVP-B_Rlg z-aR=)Oy3;tguD9?eDnSl9FsQk)Pl-gp~*F#%#XNRJf`dG>&_?P?8RijVW=E?w=b-W z1ORx&rW?mwFEMj|_Z=BfX}ua8IN5S*023$UmrDskfR68#W%CmY75WtK<}>@Be|_aP zfUOt&8T4uaQi@YNs{@>yP8sgq!3*4n|5hYKwC`Nc!%=}dxmB2fEaaI?^Br-Sw9M~# zw#;^Qb$z6>Eg>GCJ z<6!C$_)U$u^ri`L)8!ANa*T|drhH5-g}??l)8CN)>f~1WhYu#h{adI02=kZh;bbB~ zq^x0yTC@@7VS^*^ry6w+!?Io3izj@9=xu^Xmz{-vf|S{XSII(}tzF%?#5T_*dW2Np zcR&DR0^Ky{?TqH4Zd}8%kfEtNNJ%V-`QO>aTy%xt)4_vKnxc=FbW9M-w+zfx_nJMz z$U;`{C<93E0`VSKqu;%~V=S#mV=BaEp_Zf8aG!={*b60Ow#C zXn>C>gNaArBknn7Z?Rf0HmjkV@+0u7D`<`xPNxeZ1d3}ym=Bh|IT(T89AK}3Fe8<_ zsc#5aZd^A97z5oL08C<`e~#La;ergyld2bW}kS{i2a5^-#+@A)L#Q1pvO z42o&>g%qL??9SD!_p?6zhHi(om;~T zzB4uC5^(SDWZ{l>GejDwHmlbo^`JZ-JPL27GU=Zh&q)MLSLCb=h7->ga-Hz-J^=w5i^^JBirw1& z;YSW)7I^iPL&U_(tXb9K2Z~AWoLEc8?6c-(&bDiOg#(uz)JkoKvO9Njvj^tbe<33k zU%ktr30>c?+B*0CJOCwsVNHvU6zT*KI+L8F~c=iJ7%eyum-W3LI4gl z%9b?_rnE*~M`O;K4H~v9+phb~?fg|e2j6K-U?Ik_#<9SMh(e7%cpp5Mj+$C&$}&1) z!qj+IddErVH|J%iUApMvGjCE#@{)ci+J=GvzXtg+?aD(#c4>={R@8u0nl zOvTp-s(=iqpJ62T)V9_Og^?^8T7zCm-z+$sxeOUQ8Nx@Gx#oPbcS4f8NO7Cy(iaqC zik;?~-q2I=Y4&_z4f26P)I4~I+kN(z__$)gU7?q`p)dNb2S<;(lZ5eCI^UwKstzLOHn7bFAUCw}oIMtPmd}nDPptUx+6$2>B$wjJ|XMZ2=Z}rR)B?^Q`RQWLp38@9?w9NX$_FzQ81Z ziG|g#Cw!}3C?g0aXr+W^$e27Qde$fypb;>jF7-_WI-b(EN@}oa$j z?(!v0OtCsjxk4w8`wSdc?#`K&gR?DIaxM_#?Gg%p@IrhUX{y17^=ljl5MAhI`)*8# z+4D^$fs7M#CBxRM02lmx?!6ngP0p}rD&ggHnqBa_MO~zqfutl@o5DA% z|7Q6Rgd3mN4#6OqjQC=eP#09~ZxGujy(vwTi8ovs+?@e(nhtC_nJA@~?pqZv?U;BS z8Lyfn!M^UF#okfkJxBH)ibGv0_uqTo(-Ra?lM$4w@@=fwYIU30YWG2{-bbAA1+~A~ zzLR+ede3Wftl2rVEW@c`6V+S`oXM?xC_Z#L&Ae=7^8@`B!bc&gJE0q3Ttk zGUGZ-k(RwFk12H;c)bnbKK)gA_rhT@}QGFGf* zFOdL8SBPR>jS!M1g-&tmReiOe(3w;*u2!?;;S;(SzpC_}KhamkRhJd1R-psAghx?F z*@dbUZ=Mz%W*fN%?s~i=7-zxu$Ti~53hqt97Ar?lHgRpOT+l+fzW4VqYenxTg5TX} z4x%JzLi?VRQCSMLDz3Zf>8ItoE`ISDrZCL~9?=3;jEAw3D_VCytkPt0AU2lqIA*cY zeZn5DHUwC(oXJoW?}@bf)8sBqW7?_mJH2SXPD3Garlk&1ArJd+HhNsma{^bCK}$%2 zN2R^lM9f1Wjhm%p3_>3S2pS2t#9z;fEl)@i-rJ>IV??J=Ay502aR2Xu6FOc+RH&UKA|?>7vq zR5c7_a+SY5N{F{{8Wq@*R0AKjDrm>+t#0bQpsJiJ+-vD1Qn-z#K5t%`aa3$M*fec< zyfsL2^}ythHEy_GQa9BHbbiuu)+qNwC^-uj0HDQL;u;gFMaMbF!zQWHg8(QP!?wUd>7mEc;({Gx-{JqI8Yqk2-qdeL{HRE`m(#Be+J2X^X z8Z`399Sy;;cRh)vaT`a}05U%T>Ki$=5oUgm$l=YY4Ws`7gqf6M@XtTM*nb3Je^AyR zF!tYII&|^hu-yopq8Z%`r3<=)a9;zjCU#bm1g<&E8d=6ykJiZrvdBX`{&}A8$FF^e3vyB-59(o z-FHaE{+yc0f!~!O;mMX7q9(E4b%23c1z`DhSxA=5UUTZPWICbAk9-t#-eHHqqkrLTOg;VwxBm^l-+=TJroXWJ4M@j; zNbG-L_x~a24mR>H+=pA{m6T}{X_Sw8e^ETPOh(0YSx*0`VP^|zoK8hMS#h; zyW&=p-rI}?sa}WGg6`$*tkm?Ar?#voJftb5EiX%3@lDBX1^AaQ-LidKx^(uVG^&Po z*sfnfiCZt_bXgaYvLhUOHoy%x%+KNzP5CZX1peCe^S9_v+myU+_^Bg26|t3U&7PDK zThBjy3KngW*Ly^r#;JGIYTDn%KGejvDcNG3a6Gi=ER>B9p^s1d@c|&^dEphcyJV7% zU>bh-n*ZRfpTZYyPB~eR(?C;QhFbu_ z5>sy?yB3{I&mHJVdXKV511z4R*bTgL^*kX|Yb`(2d-9ZEkEoB2!VAi-c$1_0vZ?~^ zY5Ep4kJl;@kTDrL^@OkBX`X{Y#;`zM<#iu#gvz+{oxQWEx z$~xW${Bm*ZHz-ds_#LQR`t!2Xq??)X>*jclE{w-}x4I0P5Ab8Kl7u!W-U7US2NeQv ziPqZe%a(HmPj4whE;wX05At9$62*bNFl z@Odsed5K1m;|6>>mM92Luwl1urF$$qbnW&A5AaZ$u`5jaceqO<-d(ZlM3kMI1HraJ zq*>=u2lf6JEWD%qCqk4qz!Z9>PHRFr!XG{red^=3V)z-q=mJMZmU6T_@WiAp+FA(- zq}CJXtGi!jf`s+-tX7cVI~t!3<_YGDq@@6bda2~NgmL|Pfh9OEFM=7?Z}GH;59YrW znM!Jx51q7Xto&Gxoj_p!-Dy#$aYTN|L^VM5oTf)W=K=sdS&r!)4Xko7>}FSg*fQdF_n%Y&Mi6*lspWT2gGBsl)!gH`Rq&(J|O8$ z>-MhfTJ$34v&J&`$hgAjLKD8-Kaq}Z#5yxAWOqcb2{vT=NRJ-EMi<}%p)W5&DF9!} zvTD@4zox7(1YO10EK@huEK=f8%%2_#zR0OcrJ!>?3bty{OhUTKdQ1sL9X)c(HzJUV zZOO0=t`dH>8o=@-=wN{rJ8Gz=0}l&3xi6JGQ}HeN+s-VWhPOWC$Q2VZruEXEg>EKo z{|}T*b*XPvVyN2XMvZ<^0JzI4DJW9wkLQmm*?NB<`-NsJ#>l1>J0+84B$w5*DY%tK z7!?55B7Uao#~u218^u3Cg~SIN4Nc{zBxe@IquuZJw8iOvXwazRg6#X*9VyTRdTk(x zK&o!mJ;{mK7BYO{>(F2mkT=-q;vG^z46l1|LrAK_@I8Vr=+z|nHlE`J2I_o!Z>?Xx6xj3hE`5i%2{f0<4%kVXg#|M;9=1Rczv zq>Fh<)Wv93t4|2y67oT1Upqg1;u|}px6*(U#K1jB%D6Iis1=o~%u?$2b=KfXNg+Q~ zw^)>B@;wmy$aj@tYwQHSr=mO@mJghm?m}{Kw0Fn?uFhw4{mV~=7)!n@3JaDh-kQ#^ zM{e{c_*jRZN9m&CRc%wn%Jf^wuczJdqQsK?D6z1B_yy+UpDxIjw$CU5>2|AJSqJt> z`LM%CzX`%YWoIG!A#eu=Nu*3G7MZEh>}Vc7;MX+=yHtpaO_`IqGn=y7=Y)F%%D1It z-;?7xxM@pcO|HRFUMj9xOW&acFBW0lVlc=t9g&F|{vJu^o;JQb7C%~B6o7zb)I0;RqmD-Y zlB12=`#TIO8i#^!tCxR}hp)1E1>5>P(U58ZuN4gTdpm=f)pUlR42<9E&qn#Rr+zzP zglayFRN*6dyro0>jO`bjbMOPdlFvM1romWO_W5t2&^?OzgL zvl;mJ(usMY@gFBQ#D7J2001mt1pHOJDlu5(ualelUlWL0F%thOup`ViYc}zn2BLDP}M8-ymT2X?HOK{wl2#7%=tM$xZz)2uREhGDhNGB?#ejW6%FN!58Bv zjKsgnF6fVe|L27Ne_ea|f86@7JW1B#F7*XKbPH>wBc_=BfExcmV^U^8ts4vAg`)c> zhYAw?Ta)X*nSM-N{~H5h0iym5cmLlf1d{guOd`xnzW>^T9k>25QKZuUjR}hl*d6*O z_I-Q*i`k3m%J=_TTK{FO{TD*eUt!{Z5*hv*=lwmHpxSS}z5_5dD!nsF0%%2R|I;E) zT>jq$6P*8hr28+S4@1EEHx}3YSS2V)rig-7w!3 z{gsE!j$v$ZlkTnM{y!hr{HN><<7SZ}Os|_KIYCeeHs&BVJNs93KnDy%P1i-RDo_+F zjt#q^PEVUKj2Ft?A$&(DXj^kLElFgh3Fe))j;5whH*#yh@AL6TC!ng0tY(r^a93AX z>n8vJ)1Gi8^zwAs2&1bR4D96OG{1&iUS5_oIlsKVi;=#AlwHp<@%8jX%)xDKZQ;-( zQ5*okW)hD7lhh6Mil?!)^(SU%euGfe3RXk2Eo4?!mJK2|H}`jRQBhH7XlP|67bd}# zN;ApAQH}bWx;6+_i#&Ifml)I?)!i*u3tnAa?N`IR@wikw1^@OFgkZJ4$ziX72r9X~ z3a~By?6Z3krkWA=pQ^OtO?) zrc^&R3lf^^A{ZDL&^~S9;o&uyw^9>NR6S_=|@3Gktv{H@# zSJCHJBVxj-3TdgSN*E<&m-z9KVuGm{ArtX@0xk8I0y4SNQ&WbfrU8C_7%s2AC*}O% zQ+LGHb>31haRhH^X{oPICB<}4ud%YdVIZ=91VY63E?-y*(5@6se1aMOHZe2XIr3ov z08|WX`1dk!AP-KJYFLfm!_*VvF1L||Y{=4f+V^jX>IDnu}iq5Q}S(bSCKht{1 ze!xjdN#RgPp6uH3xv#G;9UUDfC+GdXLE8W@#)4+attwWm&ndFM4Slt}dziu-hKA;- zu%7lF9l1+j=2OQc{FW*{kSAuD)Zf#yp|V8FexUEACUZy-;2`KlHKH3pwR>s00JwN_ z)r`LG_Bh;c6nYzXAm+PM2?v4MSyr>PVt6CST91dCmW3+d=j~3@_0V!&d2nTNk`}>3 zq1Ct5)`o1wVPtRje1UjvC98+&+l&pIk~f$Lu%PUyzs;DiF5Jc%Hsbq*h62b|{CJnf zGTZfGSh5y-Fbc={Im<_PJ zI$s6{%ErX7$#EnxYnglq-74kHus+xU?6h>YVg>NQptrKCDEu-Lz)pw|-97^2Mb4

k<+Pw0DAhXGmV}{K6N}oApMv}0M)Pf?oaRi=V9kJ)Bc)siYWB0sT}`rZ z^Z7tq6&>EuL^+PlmY_m5s$D?M7iS0JiY`4YYWOoZ`;H~z# zS&clWWGyB3;^bz!?<}{C3TOk|ztC=IRG4!EC)lE_MvfM4rPD` zR6r`LrJ{O4%f;Ma;R!xqIzLoAM=ejKaTKmXUiO|#JIt#Fg~0Pu`CaGl>l<3X?wsXD zh|zMOc<1`zjgsuR4M9&+!)q1m)>Q}{;sWDA66BlIczXu@cm*ODhBWkuC8ULgkvh51 zRLOJT2QGahyZ%MNbwTVG_o;vXC|v8^`kNgK*+vPI%%}RMm_b8z`GTen(hv}nb48^B z-cjR(0^T-=;u*zshIW{&(F7h5#20zCC^$+ri|*`ho1M!-^7vG_fOQrQ%M>W8%T_wHPWQguaBTuw$55grE~3=9lWTufL23=Faa3=AR&7W)0kPP*3_7#MtoxsZ^Y zxR4N$oP({2xs@>(m{@pHGK>rbVfZKG{{sKBRRSLUw&{&lzQeaF5{CuM` z2TB#boo~8i;O_Cz{6KtMwv=XkmDe_mTd@dp9ZoNr4k3*8V>0w1-AZ@Aq#AnrrBAnabXxp&vgOmm#xE==5WpOfahCZoBON}hpHqSw^*47d7z9E)O}dh%S{X zNTq;wJ^o@y(Jsabh{a!=c5qsd?7y_nQLY2OoPUb)zte*VAmR}YHv0je4|gE=^#{5U zaDoQGL&O#M{uG4P!f|%ny6r59b(75I}$Ap3!s8dmJy!(@@>+Em(oyu=tbTq)l*};z)(V$_3%$9P**fg%^L&ZL>|qMiFN-aC}7U=}I-oWavnR{Roo~tR6_&uViq@ zFq(>xx|9k&g0+jA9HHEku7_VuW5vRT-3p=UM>{ZUAZtKxaApu%b!N|jhi~dv+w-t# zU{}(l++?t9qxBgGITwiA8@+YmhTaCZicJ`0y480N@l5xu|E&H@`;78R;x9Eps)pJI zR}ICd51E^37iJe?7kQq^AecyUh>9QnOPG!^RP7s&fECFq5fUo7*d-}sJTqlxqJ)NQ zDG_TtT|7bDYW$#)bq%CDW16UrD3FMdO!q7D4}N(xiheZYA%%#bnqY??Q-aO1?ve!x zHziUQG|Eyd-zti-iuiJU5_1Pr2dj*lm@JJ;jna*62HWDvh7Jc?2I*2plW0?T={$v8 zlwv4~==Z)1Bx{nWlDSF%Wo@*wzS>d}(qw#WD$Jv`{EB`nMr}Tg49yAd^h20O?xSELGxUN{3(e7ssfP2i&GF#)^rkd zKz40-t@F6&et5OKOE$K|Q)$0i;ZB&iN6nn{ISC;tBk_#NS4F?rtt7w1O3_^2y*xsm zRYkkJ<(qTt;rE%zhlne{uH!D|7(d&aKTf$xIYw!NgmvelbG^MYqBEhh|0CVa)nOiv z6JnuAsYqHsb~LJVdST>O*;=Wq@?C_GPd(9bW5s$}dQs*j<_{L)b+_iumeOXpW};@c z6E;&mE}$tzG)y zzJj9xe2Nhz8RiYPkJf$EV9)Q;L$YFE~~+PiBsRy0$zNNPNFN>$gj%X$kY z5B)>)5r)df&I9QdC)Vw=Ei;cd-x7ku5$K2SZ=2tVbV=87#X50ovmYBAx z)^nznW`qX1R=x}1N9(6mv$-o933(NH^B1XG*)oMP<}#s~A(+@S5?W4rlR32w%uDXs zj-3cSWUD)(DL$&SstuOWM~a0=3B%>ae6Gw6lFr=6w?ix4+WS6JFM*+X0~WDJvb~^z z+KJjF$zRmnWm8AtjSa3fu7P){vC-pH*+{zOm7Qm7YkbLEkv*lR(GLp`6}PSHvKPo# zmDj#FdU!-1%@BehUmzM`_~54yHeu?a0`*kRZ`TLDKz~vH(n-@#i=?hqf3IF_Y^GzT zibYF9cPuymWOsKSe;$e&f*Kz-CbsaqAnqoP@F!26MBZcGXr8L5ZlrwlMqge3rXh); zrQtw|8|^~1ky**;R6s%d@WI?ac(9O=Ozy;Rh3n-Ou z&fQo8fwc)&@x$B6_M)EvpCvzMlXH?MeMKbaCbyL(5Vx16l*Qh0Kc{l9RPf6tNps}%D2Xf_8Scr;gOBg zdhv;O*K_r5C8L7%Z6QB3~lk&IQkE7dMtw^5?r0=Y!k)V2Q%h@wneb9Ve-XE{uLk-NKqX)BuiT1F{5A3$RjlJ1y3prN4gsA;I-Df0k0v~slIeu!M4hgqs$ER&%I z&~XZJCHR_LTAeOjAPElaH*Y%z0_*|EU?ZRYs;lzAR} zzIs%FN0Xrc9qTvUx^#>HEE^%?NHcnVDR%kGs!whjI=2th3iKwFNujkor{X(+C z7=9W~5yxO%DR6RSV1B1u(}6ixiM;Tp5c7)~T(4i`>L~n?zXq*AkAv;!1sTrU+gHtGkkXxE!tPeoHRYBe?;Jages(kV?6}}0|%HZsX3`h zOK}<6TGQzp*%}zrxmnx2JGNk8JZ@a?Kdp_O^oiW8t!x~*+<1xq^9I-Z?>`>X6BGUC z6(>txVl``@?Sc_#*T&#=5|izwl+k6(A77v zb#~$35Y@svx>+|AfZP1xMp z*v9dF4L(k0cAo#d|F4n1R{Yyc^}lAav9SDo=HEvCcP0=09~=1FhW+046RhsN@EI>Krqw?l~sFG}+#+NrzUWG^aG8G~9nbq|BCwWxVPam+M4m)R?U3J+) z9bwi3%q*{(kK5-oJWtv?_cA@l?~XUXK0$#C3ZS4s{r}}_Odg7kLv+cTErT`{Abnk6 z^AGOVmxb2v94iM+EBn4RQB`5mP*wd%BqD-^g$VHb>uZ`H;+qNF6+bcK6UlA!D?NRQ z{J&(-7TiS`(e{c8yF{29yUO*@7yH-z|E0#_1vO?l<-zx<>8e^5@r@}C1OERk^Zr`b z!ngG{;)*?lT<(-7d%DIKEA1eK%70LjOM%TC&Og(#X|H$0uD#Ydm;Rj zo}Vi!M@IgI)vUH5+W7YxWkPFUESH7XM1IacXcEC@vcpcp#FfW#wYdn4kuj;LT31ka z>Tru~iv4S^uX3={=q2Uv!@L}O5Q0}Oxa}w7UIK@Uoy~lM|Kg!*;d>5nFuU=^b17SO z()M@IkfybznNOPsSYO(|xnPEMi^OAN;n(2>TP3zzwMt}PRKg{!r#zy?!}*5WHiLOV z@{iMDF@kFQes2L9SggxsGgi)M-w=8zbzYwMEoZ%?xN=OZfHn-_`izpe+BOkE!4rH zRJK&u(lD1EayVO%awF058Ub9grlDoY>TrO<76gQKDTB$+QK;n6k9 z_R>SeHLNjZLccAv!oUAIoIM)rV0&Cltlv-n;;;u&=ZyRJu{H+_NQY&%G6AoFPElIc zHzwCB56nw*T)u3-m7I^9OwXjwq{ebML7WLk0-gqWOGgKbi8C)^8vl~UA*TQ04_4VB zu3G!Ad#l{<6R3Na50U^8WtNpgGZaAEDJ8(;@&XrVu3igfQC+)5+IedARu$0Fr}7V4 z_ar3i*2KHv{HAQqw5kIO>bw$_12fe#!^+&+y7|Q|H%&FJg|+dXREF#2R@#HkRe+=! zYm1CO?!=M^CH=n@>oCyFT_Kb?M&Eu9N?&$!rY$J#%EM|pyEsk-~`50G?$A$ zJQ8td&29{hN$iD>Smj+(%?e&B^&6L4IqOoLlmKc{)c&zo6sR#oC>}D)vE%Y>ppgln zl_$@v!TzganC1dCfWXtDDCL4fdyaHS@eO!f?qrfy#&a~i_f6tTbfHWQW<(J?rMhOu z`{3Yk{&0ts_8&Wkg+PS#Km5UL+Mwc~$~608@@A*ujYhm%b9$*YW|imF44Ubcq2H2k zp$kta>d;nD6#=J7n5Cg zG@bsAt^dKsbv$s@-ck1w_~^1r6|UM5s_`0!$Hb|5tmX)D|VO&|Cz;hRDL;T1l%qM z1vblQtLD`aJF-$8|NK$pQ*q1_cfd9_)elRBI=xO9pO6g;XXB#luAUb8HB#bVX9eXS z5-vbONcj9{xw;e>`qAA#%z~gkUQ`uben;fUXi|OAYQP<-rCr*9R*{RhfvW7N3}8aM zcaoDJqS{e$ygaB@xzr@#xb|!gb<Ql|Zas%0u@*$0(HfaT3>zpJ2cN%c7Zb-90z2E!Fat%1D zoXm@v`!CRdh1kP_uwD#i?%a5BK@+dv6k4X%243Ph>H#?2sF+i>+LYC)xnqr1zm{Yv zSs=e%Hoi*{p;X~U|F1?yu5MVsYdHN#}AFF@Q4*~?yg5j z9&puG$j>Y33?8!FeidhRohaQ=UF04%6~+{KF2}|9o8$p^BdAc}$2@%9_Rb+s_=3pWG{O(xAc=^`$ZF%G@%i@i67VKo-#UuCMNJ{9GsePsdhov*4HTMa@D7Tr{H{6TB|1)xv~4~z zD%Y^jxGQCOr-LMRsb-ylQ{`J- z&eQ6}mhl!gP2>Q1wyfS3#G(qmT{f`}XjnW>2PoQ}?sZXFKhpPe5Lo%rHK&H)vFLGs z9@kPP%=4E52(%NeM}#r?SA4J9u&Dhyqb*dHr`nL!tHMSD z+M%j6nt{HaE>RR)c|-6K=MO3`-x7J4tN3_ zv;Eg)=k@)`yx$KuP#!m@TVqPsfAC8N<+IxIA@|D{0^f1B5)J#md3SqY5cu4#C(@%M zh2z+d&mx3hv+y`n2u z^D?!RG*Bk{Fq*jacT(rt?@xdTw_fIhj59ecEsLn+*LUn+M-D}xYwEhMitg;BH>kwf zbP=x4eR6~kDx9yfCuzBBO2lw)^`-6K9nGlrxUqP?2Fd>BwZZjAvR?RO>IWI{oQQ~850>YsQshGI5F3ic~EcYQuVPDLYPInyeWj^eymYk>lo zXFz89t@u7JNouaFPPu%@VdQnbaP^z^4<%-bF)qUfMR&)M9reOt<<+#2a@W}qDhHjw zAw@6e0E@3BT4C1nv-slH`>&;7dY_E&h6IGS$-bKJ(0raAOdvO$i@{Gq$KWI|<`vFh z7zJ=QstB{*trMWZxPHsn)!_;rmLazGCD3p_@zbEyZ`^mZ7S=f{noSKzAU_bci7C_x zkaN@~bMLs$lNdNu>#|e?A?K^dPX}~^u-L5BDu5)eqvNBa1(VAF;bd>rH^xVe};IMWlwaE%Wr$^M`YW51oR zEqYkjn{uvYkgk7tubLT>V&jdqX40bRr|b8<-E-^Zgw?h+Pex+8kg(4@yvfvqc;t5x z8K3COQl6?|+^r2i4HZWj@v3}lT{)f?ZMslx;i&y)FI??>*@K)1{BoYDEM9Ij=no|Q zZ|H3am8wO+>jm4He_AmaI_x1P*ZgIyDK=hnp%^LEI#H{yoE=8HuxQjp<>7Eq)w3|Q z6@J9SQHNDy5b$o$ov23LZ}hQYk{Tn@{A#tnA)>C!Pv4$!H_^0PFR_)Y*Y;P1w{3sA z&c|K!JZ*-__Iae_dpTy_x?0O8l}cxUYxlT;Sh8DZ(wa4=;0{XxHhrjtwCOVyw~V`9 zutMwLLRaO<2x58zre3{hc=1o?XOEMZtB!y2@|ymHxZf z!ubc6m&1o-}JUpwX^cl6>_P_b_#H#OSSr4YuRJA$5~w>Qq_kQlB|*@q2tTpeE8fshS?kUcS8$JWvp`F672?B zZ0*kLxY$03=`bN6f9A~Mvn0Dc7VG9FB*pDzbRCc&CADU}mdeWZBu9lA6><>)kYDr+ z5&jrn2Hq1Tw3%i zpeHLAx*1SzpFnUDLnV>_ZyQG{HVv4xYu-jS2_= zty?M}^Sm_V5UtJIYo*M6Z}Ap}iZPkt{Q`_^h?M=WQ1nnq=!7 z%5JF!o9qiNpZN^`gg#@lMQ4sI4+;!_;d6zz*N<%Yh9c@A+v>jk_nj32m6KZ&p|D%$ zaS0cjrAoxLU6azf>t_kJ-Hw{+`Xi~i9M79dA3dG%lbC{QtlI82J%6*IJ*YiyuGtUV zqlXc&Lu*Iq^z~Yr=*61b)x_yCJ015{9EW60u1s$H6hOd$Oyl=GG2mxCn@09G zQuv{W@N%??(9JgDXfuTeQ=MKFNOC&)kU#|8zU~up4oKb7&Atl~#xpn3sE!Wgj@Kvr z{g=!SY(|=y^)UQaqs0-p)>NuXK3LITf@G!w2{rlQ<+N1%o;P_iBJ9r<_>Yl}SR-O% z*kOIcbGKl6KV!uwj!bWvux0W*}HfL1Y|m`>^*jjBSyX1Ze8U_?^^A)+@n( z7@`-`vCLl=TbxZlHIb>E$<$*!Mn9gs4nj?9H>HXMe;d5LuQrr3rX8M8noH9i6X`O% z+q!L1MN9zCE7D)A%;gd^h)R3+$?%Z zl&qQTvIB_d+1tf%8I4dfFQrfIVR|jhovu4G6dD%@U5O|>UFAOi=0@YO7{YF?jAld< ztY9yFOz&1WxfJC3IS$lReG#xWAt`DwqIZaVmjLTIkjuWY3(k_vW$|${)TRExOzP|a zz)O%a)?j?|W>1x8r{I2QP}PoKz+)w0{c>-wsTt~YJy1Zh)}Iv`+RbzH@TA_u_&~B= zdjc~dnvHrA?1P5I>k~58h^b7Ce^JkTEKYyZv(c3G*>E6+)xyYO$RDmW9vg!FZLz^J z_N-GoRFarvGIb0UU1JK^>3Mf1BrF`nNTxd2j?XM_11iL4IsgpDDW&`^kgoR?X%EVAjWcHA5jTv2 z{24Z}Ak?Ze2j>1fM1eHYYZa8_7#(1xSZ8h6OkZn1Z^=og9jaX> zr5pPR)(~3;k4y(!X%Zt_Mca;+O|P+fD?w$d6Z;-j)V{=`-=86Le zxf82e6;ZHKvUSQyb%Lc;s6P}$V~D@xhVyQo+X=lOhcc?`&QNkA0fjvp^-NCRSzglS z=9>`)2kTU(I~rnK>6|g#8t0)j#s~5GI^8Xu@bO|*6J7~-RC1M&N;oo#E&+Oj)mShxQ(sqNS$`Mjt6(?@2*W6x;a%%tPz;|48T0D_Ui^gzU_-Bwi z77**l^HiBs?WNW_IK1{zWVUxUsznKYExTV$w8|0=6Z3;$7v5fvbdj{Bq@qZyW$qJ= z*3W!1B3Qfvoc381wb;XZn&cw_^&kGd>MYb>XvrH%(#A* zqLc^`<4OyhDvGmo;zxplmL`g|4wKP^I!FK~+zNj{MAFM@&kq;ldyiS#?Kl0pGAyn7 zxxHA+(^p-;*>S$rS4b&bez0FV&G)-2qQ4S!Fh8D&yxl}QJfqHH&fA&M*T54`q{9M? ziFSvAG=c>T%Ew8|dw(DF$TxUmzxGe`F4RvKB98M!_xeo%F*Ve_hat(@L1%{3plzkmI_ zeyVxeMPyPa(u7gz-3+JNu-S6$^O&<2X5MvQf|bYvsj0dm@2r$C{KVoPU1;}E*!1}8 zEtHPrErgnn7^Q?3d2RLs3`EAf7mU*{YvvIBzTbkWL&oO18_2$Gpt`t(T)T(Lh8G4o zX9uZ(j0;tzm+Ky5a?4yPNy(lcUxcXQ!}axPe^o}6 zTE-7?JBKzj!E$mon=RCQcTT5k`0sgk5yFFi{Rx~+Z2@_LC2w+3?Gk71c0nl=0Cv=E zkhDa|v&&UGuIIJJGUr}Woe6es`aKo8hF0HG5hZm58K6v6LYvqJIRE!7@{y88Y+6d4 z#8RUvZQmyz0isA9#yDyA?DnULAKI+lBWcXl$C32s8=-^-;~m~=El!kK-nZ&oBIzr~ zi}eVNYd+l1W-Wp6jVOZNK_WUU(2F~)cSdk=^u!S?h;@gG=svuIt-lYP5jLaoll-zx zCi}&?&w5TdFUE@YTPm7dppEMkX=9<7Q0;NeSlI4JD_sltLNsnBD`426+brqic}?>w zr>6`Sc^5(#HPCh0fzCG%Q^@VIhz#w{!zMwK#okA=Nrc|VvQHmSkf*}e;4Elr&048(M~(3^k8-1O#oMg@q3m88l;1h#t=c^ElXJ%= zkJkqr=fm{()a{DbJwZ@f?mJ1a@bC_)&ifPK(vXny60OjV>+)o=uvEBDECrM?z}@V} zJZCYCeh^)&V(UkNly=;zl!%v3`cMFCfCWn{SJ3!C_TxTyn(+WDeBCSvJxEyk<;J;= zwKNbOK>t!~{&rNN^`6%~UTLp|7vG5+6{_>;0E%1K*)e!!K&@{NDqgP_Un1?_K=~{E zEt#myiE8-sJ|V(64c**`yH+bn*`YR?v+_{xHq#YjqywCcVxXF{ z!pLJ}=Fr_ST~zsj&k2@u}~+e<_m1mjf*R&r2}N(bGbmQ>l8N>)wxS*2?4Yxc~!QQeJSKhNx?f zLbuFoG$cf&&A5@XB5#~4Ir=lX%=A6iZ5=l%{^Ayxv@%BgA*F%ApP{-NK6sxq8q6j< z$EaYR6yAIBBEnh-YLqa{4LacC6>q(9W;@$%wl}G|Zp+#oJG@mfCu1JS0=o%q z+`y0GU74K2Rs$7E_w=!RuwQ9h!^vo);9fm9K41TZC7jI&3-b1mA_@Dp;ooOZ8&QH95Q2LihoqVt}+wOsB|9EQ$H&bv8X zbI3Xp3R>#2%N874r<1!ipCYnNK3H4)5Vq@66}bOmhaZvL8|*~-G{1a>g|r1{L7LPh zj^b-^o$?6NjeG-Dr2&)ud{tDSdXZ7c)Vn;<%W9}92Y^ll(swg}W=ZC7CBcGG#-k*u zMrEd$8PNkym72r;7G!ZvqOQE+wlV2H>Li)mu;*rnxk90nJ$3%_6wwaQ6X}ybe}3~I z%osj-de6y3Ceeq}qEJv#v8~!Kz9=jm8PG@xlfI{O5K;UidwMP; z7k!BH`h>BlZQJ_XYsg`j<)U{xu!T|!1B7T+X9WDwlx#xr8=zGt`vC~=inCEooXHi^BPCZKrfVN^r~R~OfdVS_wZa#>wO zg^|R7z4l$~5x=RBxjAJF;dn0Y%I%&NVg5!y7a=zIAM|%E)&C~4=UkNcWYracWBM;U zGUh;IW6K74zMJ`>!dWJpsMhtN{&Gck)oS2YU0EzrhlFD}pVll@1)Ge8_w)V5&MDWu z=*-)D_Md`|4wx{i{92qU(fPsuQN&MF>E)ok4O1(pL*uCRgF^OyizY;{)9et}I@hR5 zrWoE5`#rei7hlCJNJz`-fLrDr&+<%3t{4d=`r{r*rv@3y!GNKo>dV|=Jab#1c*Pig zJhkR*2{QY%`eK^Q0$kv+k|u4+VF~Gv-#+sz5+h|SuFrBf>qk&F)Fx} zdc9`hp18`~%{jK>+zX07(f%Z{Ate7Bw1NzqdW4vy*8H+o}7T$P2ELJCKvaX>%Nk&+A0 zpfZ4L?Eg`6HzR^=+7y&1O1DTd1*ij$+fi%JaDvl;;?Bys>P34uPR=;xDO+`q99Oy5 z9-O8P#QX!O>&^r31xX4@N^o0fGQoco){7A#+P>t*#v*Gp+C+DCbuBiPmepjPGJGA)$#lIMiG?cw=KKoWB2UQUBUtFl4Xo_lj&!2%_0i18q8+wMRqxX1PwE zW4YUp__RTaVRe(3W~5|$h7|p@nmwoXphc-W=Q)8H`34ZkLuXLA+^e+h55$=~NgBbU z#tk1Af~u*h`51un=@T*34G&Mp6xm;q;Cq(`Gz3rl&|L}-N;mT@jvj*}0dHk`*)YfG zFLf)B2XM~2q(&$5C_cZ%G9R1BxN>{9O?}KGS^d3HMU8%gM)WjqyP z=QDd?&y_yW1=@Y(iXO_LNm2)-e37u_TFsxzR4TY4X@8Xd-=3{k zF<3MVi~#;U`KnDWi9)xy*3=D#B^KDQLq}KL4}Qu6&VVeoB`N@?iVMvgzl6?KQ&SU` zWHJro(Ay5ZZ%K9bA==33DC>xO^=&Zb?5HEu>0C0cW|i-o4<5hIa&e{caB}~taUe8e zKxb#?7sGFyUiasRENca{PfP8djXhuK=*HrbgZ{#l|A4U^Cal%F@w6Mp{Q`*YQVh8} zSu#~xX?8TVrBwyF$8L(2dS<#dBvjVOSJ&*cWvO_ew@y*wR`y2ooOeev!f5YORXE}O z;nseXIg&l+~k9~Ao@?(gOt84dfW)v7iW@dk&xf5^O)X}iknP<6aLkRS8Z5FU`r z=BYb+_$GTSE8a7|?gcMZ&+bV)mw1O2oc(;x`^}*q6A59B4B?dbc_Gwplbs*xfikqE z!J&obPL$_r5)<}pl8|;eLzT{IJ0dR49kwqzu=wRrp^o7ye&6jD+z3F^75=Q)lwT37^m$@=ZQB15!pI1}Cm4KmqbOY^K9H7sj)csba7uPNS6qxEK#8&E71rVM z%I;?|-Y5hlo-W<)?$u3Su6V*%6LdKrGz82yTz>6&RPUa2)tPK-adCo}9SjiLJ^G%E z&lux&$`f(d38!L^F{twU++E~F*XWDhO@CvZa_za+6n5|J(K;HxDoUcUPpB`?BjaMP zjz2~RkY>CA2*sIp&A^aD8DskjpKZ+@D9If>Q#_vJp^zHk&b-#^vNpEA!dDzWq+ZDL zhJ|E8Agbeo`kW5^OBHZ724B_210zmI|EmLmPNb-+@b|(ar%w8nF3ZU*?uPWt_l+Tc zSEth>+Fym^{Jp#Jk(15!rj<6om$wftC`3&T*{qflLPm}i&k>QnD>AzU4^*)l!%QI& z^p`mJ1_eVY9k}U_fj_rd(=#EN=I(cc1wkuoX(~sl|HzIYdwYO?sNl}C{_#Lsbakl4 zb}5_ElLDL^68#AU<6_kZoQC}US`Q^yA+%9M#egqM=7Nc( z-(pHK>s?ELT|jFWevq29y+ic0jm-j_VsGao$4cA=xvCP}*V{i99d~~{XD4J22o zDm1w3xNq`fQTQjL3C0ycJ|EhP??-auWA;U-!t#5tBLHs9l9H09!_u-+ZA|3D^A}5N zh|kl(2$(o`3(pc6i;tc!H*@Z26@Gli*ZNGQom?V2fIcG|^^hIBCcG=E74l*24-I!3 z#n1SMtc^1G>a430{YYv+r`U)EdPKfgiJeS~3!hW)*#fWp6GCl4U>|yw4@{d1< zs@X-A(sF=0?TcoLjW#PNpFamyRWXoc0|1EMrIMm^&%5~nIaDns#qdAY8Oh zqcaSKDR3a{@{O^KX9yEtEvgKYws)IR^1^IRFLr2pxfm?FjUUc7agk^K@LI6j>gaX% z?UE7ra!(@Fk+g_`9<}9(q4zsJIH^n*n#T=9%rmiNuxU16;>BCB|cNC|&^?7gD7de(W2^00E0isvMymA0*<;GL*G?$ElM6@qD%V zrO*)+ZQ0tgzmLJg?}{$+;+byxVJu$xq58(n@{}tol?gIe-SbBl1X}-1ouS5+ND^k2 zFdMq9*Jhol3=%21p1wk<32p#t!kJ*F9gO#+lSa)pR6}7Q$lU|po>w!Mfjlyi{D-0% z5POD2J%(32Ti+G*tI1xkNs|2i4vLPQI$8BlE>E;3N$N_dZ%$tP9$5TftEb)af)I>A z4+9+q2;g{fRo53`(#gmUf{&b0oAHJszypm7A}P+%33RtODc7Th3J+}g<9hZie17gO zZ=ZK2#g`5XOBXV^^krZ_fDMOayuBEhQ1*sNGTppV-80B=(V)>q4Te)3_!4g|H2^xE zQ(x_}z_r^I;dtC0nU%0PmDE3!7}1u(gq*A|w)4&}!GnqC&vQ)jt(5j==5z@W)bHnN zOX%v5&V5oF!2->YDyd&R2n~1>;NOv;i=sPme@5j7{|qC#h%o88xm0NgsT)Q$(TwVN z1=*Ba1kghx=n6=|Al5#h)aj7oCP-g)XCf>!X%9dor=n4DiXEt992*C~OR7?iSMsas zSmX^aBm}WOX|C_$dd%&&l}fKTt0%(|uPHjNv&0%@!3f&p^Qx>c4ReeO4x+>Dw4tNc z$7>FLEONf61d36)cE6{16^)&6%j)QAsq&0iBPw7^(_b}6LT6}t6}^rEiXA#T9(Hl_ zSm(4|@jb5hp?#=ymvvk7p$MZBRde;M* z!OrWrf2O#wg0<|vcg6%rWsPWuo?8=dSqq!M$-fv2{-cKM) z%;WIMg@+Z6{C0$d=}8(fD{Lu4SPg5u+dI>j_0{8?gl5$%K~O>Y>^-X5Yi~mFyh|iz zD3tt=HY5qN#@6q07X${iG1jZ_96ZLOc_vYPvxBYXHf|=R7@cnzbQ-PSqYYPv`cwnS z)eh)UMKpCbO&5~wEy)YZF=c*ORqCLdkklZQ2; z_3?&kx_sJ;+x!^m(IN9J9TTiY?}R-TKMlMwOY6?o+~+ENd*a8D)G(DDY%vB{3#fi+ z?AYSI*lH>s&bjMDwllxRN_tW4NaTn!Lx%A)?(WE zGlPpBDX;fXSB?8sT#Xawqf17ZokO$XgQ&2aklhNv)qrT!?RW0h1s#5D!COkifK6EG zG8B1p{0LfLj!UdBn4w2wmw$d^HA9+6j-&_4)F|^;a=H_P_iHxiV*wnMT??B|?C3&d zy_-alw3)90-`Hq?vCZUrZ(cphWY7-)m&Knwiz1;^D21h5QZE4D^R28}ZAq9m+;EKR z+MANtncnBYIO@zbOCA{~*`l{nYl{0ez?E7^X`{@HX0YQbhPgw{NXaR;OHmvJ<~Vpu zsT?H~XYn~M3d%M6d@U1|J&4s*KcvCy_N0#Ahu#+PvcD6qtIMeWNEl{%>VYF}%M;B> z$!$MV1@`QDTNZ}L`?===@l@-Q@!sV=`a4NgGf1h;Wl78wT`3OJ*e9Huf7RcV!0nUv zF~0{kW#xLBE?o~^OG$mO03QE2ewOYN5(eJ*x1wZ{^KnLG)VQ+Of_C-?chW>{e|=-! zEkb^;P_4C?RIeE{DeQ?J!D8k+n!XWqggB=bFhD@)I2u)udH}Yhd8#8qVS_%6HRWepZVoxICp`C{m9E=6hLv*= zB(lyMsm+PSKxE;)cm1JsTkQikmuNb1!x0n@&!&l!k;^xb2eMJ-w@ArFk}#XnC^-kH zCo|GQ%M>;j@D)A+nF1$V;f9)QBIC4sr(IAgqamG(Ghy(ZDQ|erHhWdsUF|)2baJ8h zqwF*D2@Z`L3&dL%2OL89#%Vh9hYMZgZb!m#Qr%I%Dy#A*Ck!1t<`0&w$UOO;w)Fwa6ys;kEOHCQQxAbW4_gHUTSbHwAJNs*GpAncp%^J)%nVvsO zf*2W=A2VsVI}mG4`GP4cCnq@SAJPtDH#U|+Il}IL5%TxG@o|23oI54HQR2B8Ke%^{ zI)SH=&P8sv410pv*_bJjT|Dvyuk7SRoQ(0*$3b6|c3qZ# ziNd|`@+?zU%5nvx{@f`n!NqHThbVmaYLA7w1QNuNjIr*U>Jt|$n4IdWIt`0#MQiPR zhTg~{H?Yg#@p@Gu?&etG1H)!fc=R@Rb)tX5rj7^6AL0h=mx&snt?;lDhb(-dfmqoz zoQ#NdfAVRf2@pGsV=88B$>g=X=u_oi|84HUf%?f`ut!wSPU(ZUoHgB-?wi+5U53pp zdo$Zi_y^&pj@}5w5|;S=NVZ8KMvrN|x*W$6(gZ91mk*OKJyj=f@p0ORkyXXR_Mp+8 ziJ?%D=T+%0o6XM!OUVYa^cz^>e1H`v)shr3q01WCYMUk0LrW}ZU4AHI;C$hsKtU=z z3tjiAblLeyIwFVQNn}_v4*LqjgpUkfPl)q%J3e}BxUd{23w%uXJxu?`z)R7F=sNz= zCGS40;W?o3li&^l1z5W+R&0-_j^NOu^zSpw(B~I!F@mrrMkzVUK{ormYReu?G4;mJ zJ$cYL!nND;NHi~2=nAz5ZjIsn=m08MjFg(-Z=|$R`Fx^=%c(@9q*luC#Ns9QUy@>U zuhj<39PFkUq6ph?uM+0;hpWF}i6KjJWDfF&ZC7^mwIn)OXka}KtOluBLvaN%JQ$3c zbVG$<*|D~uVfWSfj>U50a-K<2veCNZ4!d4ZfUs%OSP@1IMGTkq(gE^rSh#Q_zqSZ| z{pdn;(+AG7SC}w4#egpupUCF%-H70NtmQvSlqqHYe_VZKP+dW{WfBMy+#M1iXmEE3 z?!jGeaCdiicXxNUi$ied;_l8xF3#}Yn{Q@ns`ihr>N@AF>fPO^YwxvJvsh2&fa49B zzYXjMO8i##Nxj`VJVd|$UI25WvBQZx6 z5gjvBWp*<(Ht3X)%Kmm?@lqUxdy93pWbde`;WS6DWgti@{5bc|h}a4!^IUT^qV(ub z;ajZ#S!}QC3sC)GMmWhRr+T27?1c!!Kh;8fH`qInEv8jV+h@CNBsIYnwSYt!#F4d| zk-XIarSL!-wU&$rYAnm{;08Qq?!&d&qlR<*{IL(0)qP9Ed^QCzEr#*gR{xr<`^uke zvkSBw%G7waWy*pD9P!#hx=i=aEyq5>ScpxXAtfhoAEf2h*Zb8dW3Pwp5K~Y!(MqEk zV9)IlMZUZ0v}X*`?s&X2VU7t>r~^+tro+%z{G)yT19a4o^-`0ge&Z(nGkrF|NC#om+Dj8phmJJ(~(-Rk-rXZ*uT~pr49oF=*oNUjy=sQ;x9++w1f))vd z&J90{doA?%bxMD7Xg`(lBlF3}jo_8}ip5J?pZ5B+m4g&~ALTbSj055x|tT8Yf#-Ca;ncRUX$D$(9-nR!$Fpv{T}Bvfv49JoPPJ z?tlx>Z#*TmZWLVrMAL$_LYppu$Okb73QVDv$q{=4MPg`op1FmLD33u#torJYiv^Kl zi(mXpH(@kxi!huB(9Ob)mB&A6+nbZn32Q{D+57p(kngCweiI+DfHtTN6XOS2%MIg^ zBCf+A4Mzod5Zo0R8!4`3Eq*0HM#AG;`5lw}Lt?oWMf}_DmYT8@cxZ^Kc-@y&KyykC zt*Yx+Ar)0l3`B9))up8Qy9=ypO#!7S<}ESd>h0I~FdIam115d14^r2Ynk#u$ExC>j z=?_iQO&e6t1dKR`aC6dlsji_gozvL8RTw5H!`P+(;3>vtUYs|-ntxa#x&E7d`$m{4 z;t{dboQ>LzjM^w|Np*~e?-)=!^x&Kn&F&Vu3Stwvn4;|;d*FQbCI4z`_g(OhAQ>j{ zG`*)v6`ym^=ZuGkx&Dy3j@q*uOG2r!LI8H;hMKNCxpvn0#S}@m@r&;PYy4XWJl(q^ zHQyL#@Vm6s4-L%p6_I)9aO+?w9Bur<#hDh4 za50+~$UxR+wc1c}c7;_;o)WiS{ws4f_YeF;TXMWbdDNknGvPyX`n_H$W7E~4s$ znxR+WiGC$16;AJCP3Q?MC3Yf>9a4OMAxVgI#v_mYj}`!$k@!0iJV~G~VHmsF@~wU) z^~#JJDmK306v>(=!z`KqOD6_ZUd8Wjde^kS8fhs0n$V!rMuQE{L{PS|F&H8!dbCtW zM&EU-DBNSVks*r0JId__{u>w^d}3Hrd}_K&-WA1-qG*P7>O47Xsdf2xUIRdrBR^Sb zPFaJ@shyD2MZeoPTCt=pm(nm<(4!>pMn;TGIF-$}YQ?pI)>7Q@1`Zk^Aa}!GNi$=Gp8Q694_V z95L~?ye?9hHkQjlj^kqyMZX|gfs&v|jM}%2upzIRz&y3xN41Ndb}us#MGv=~&R}*N zz-;Qs2R|K$p~f|ke~+RTmSQ-vUq={Lb**4wx}yzu(?8hRmGG2e0FQHXg#}&5WNP4` zV9?dEM}${BHnK1WX7>#Z}#?yrbq6sott;-*&vQVnhOKxA6N6&R$qdtYi1>)hxY zJWD*x0vg0C_BnCpS|n=8(xdCR6UXISh(XLF;PK#Wb|JazXm}Ni2y&BHR|&6GUkw$S z$u@!!%1Un~saXM~Zm?D|JUI~*XfGM2PoB;dLRtHma!-2lLzN7@p%kwZSRFOvJu^gB zd{1oAi`m+XVBF7GPn9KKU>})xl*5-L&(WkyzoBW zk9bd&)SwCx1t*EWMQ{QN@0@RAI*9^+8~(dT;qSa6&`xX54|n}MR>P0?1gLH*xF3OT zEDFkv^)GyY;R)#%b3l^blf6N5uGd6fH2lumE@H%S0-W z9*x(C#a&PjlV~Z@N|N=9r)}UhWA9c^W1+uw4Q-IB4mT8mGcK9scGmGTQ(E=@`-R{$ zfjd6O46kBZpWde*&BvQ~1ZTs~pSejQ=YAr49Jw+S@1Eych;UAHbwtU6u~Ll8n71I+P{&?~{xhRWuhZs>@fP`=e9g%O-`U%NmM6rDV~K0b>?Q zUGvS4d*)whkI2qhbzHVCYdn_@3n^lu_!0wM`XmQ7XOX8ixs6>qGHU_jg4~Yxfjo$z zz`w;TDzH|rA}GH3JftqG?4;WcVTfp41cVnek8`C9f-<%1uVzapPLmxt&|tSiJ$EWn<>Ucc2558ArS)HUa?lX zb?$0#RvofO$1rc*|NK5g_^PK#$&)3f#dUkR6_J9jXe#UUqpuA`RROg4{<=w~d;nHrt91X`u-+U(+wwU1JM3 z_4_xhoQh4d-NvtmdKLESGnF>Y;TL6*-zw0q;(xQn6xPf7wSzfq%}slUhxrvtb(oH| z-bgMsWH>VJQKblof1(_&Qqm=2;ohmrHR_zXZB2q%S+}s&v`1 zMg1z@5-w2WP&ml=vI|lQgn66_Zyry{A;F4jr&R|nsz0Qm4z+2kFuLaG_ds-~rLQQyo_FS{6;=7Kl z)?C9$cvDA_ktdGDs??Okv;ZyMsbR-`RZoQixtR6}W&|Yjdmm<`^|>a7vn*qM@QB3kRto4L9SR$($Ld9l&SJ*8?MYy9~* z1l&AH&={J0+1g>phrL;6-US3M#81D7aqSW)$FwGo^rfB+iCLN~vWrE-9oV!v32qq>>uGcf5HsL-w^U;CnyCnh%B^=3e70sCYC>*aG3&IL zFK{KlN5p4S)MI8Z+27wct>pUzEt_#}kU^}E8|YF35R4#gs6XbENk0cen@)!<2Dk*gnnWa6$AV<<@u%KdH? z-&80o(Ph=xBMcDfg3yBOOD8aqFDzY#r!v@f~HkQ^w(TNCb5!-*a89SU>kSAKluK6 z*SGqXgZA#G^JOlVI-DU}oQgAf%Vt}hA)j^XIfiIavj(v*iQ$v5a%3piyCl@D7jQ<( zXjDAYgjmU9JUhh9%G%XPwOA(W$uz!|B2*FWOa-Dr$lM+`kAC$2CO6rPCg}SmJ>Muv zRq7a^Ys_m}8rJaV`8il+`O^k#gf&KMQ^4@F7(I{LPDA3mVediP5G+x#;aFf?@r{3^ z*$IT6+lr=2obTT$Qqx^&IXVXB$xNuC8pC}a<%P(%$KqA9USkSbm%!;LHPKuLdv(!j zQWdGW7+U*DML*+ugS8is2zPHe(l5ON6?GX8QX z@r_i4`P#;G27P`xzvt0?JlqU4&m>i|n17$rL zj;NL4+99WYXIM1=H+MX5mPy#^E_*5vkYJQ0Ax@$JPq3zw`&NnBJMU?<9!1FyL%rLc zZWIPNpEj{3b55ej`EDLp(d|O0zMOC}F@2I^H=h=IB9`6XO_-U4asXqt+t0Y@Z6?yP?Pz@e6_>9JH-+nnwi+#rFQ-}LmIA3E)zNr}jd=^`nud0P zyt4=5%^F{$cf|U>NoTJs+UrB1DQj}GUC1Hs!u~~jOTBwi{N)KCUSXvO@v}N6P(q0A zm)c~av_d)cJl?U~k)AUcsU%?NrMVMtkOD=kZZK<}yfCkT7P+eb9Jo#^PAVr;?(gJUhTSLUl1#4$A%u z_xEIPQN6c&B+D}%gxAMjs`J?CKyPI*3OQblD&E3T*qs+C=$l#Y?3+#^A zPC5dRHlW*Jd^2Lu!c3at?xn0UbP}Uo=*G-H6gXeswrQX@(-pei){4p8oe|@vML!gP zG6Q3i=;KXU6;f2z-TWum>$Hp?-z%zdbrmaHw2?T;cucce{515#K4% zZ>%dhVkzNISR(?h0me(lWU;|5k1#7}Qq-V2fjH&lSf^wDztinA)%PJpkIPuYpFY#g zM9VE(JtOCn(~kPi*7esMb)fF zpcNHY3OCR*g|-KZoySF5Z5D1lRreE~uh-wh)*}c}0z@)^I8=$*qb%&7>Q#(#NTrot zwB~*<9~8<@jTgV4c;+r+J%=8kYrEI-UgS;Kj&rtTK|~=6S&ibjjhq20EXPiCtmi&M zoU5TMAO*z%6F+y;9(1+CDLhSx1O>Ef5&hgHBS`@7%D>2dWWWh`SFuIAyDZMD@*F$Z zQb}EZoQUb{zS2E~J)GMLb)LY=p$)0+Z3l6F)yooniRV^@VL)!&=Z@U1nNvr_ZFgsK^ zuB+5F!COul%oBy1H{4u`uC&4P_(&8RVMf+_J5J)FDDq%PvVEyaDAHpa=DxCjin93o z9u**ILc5jq?rAdx#mn11I%mbjsPQ+gqR4cktgAkSdxKL_rPzT)?$pi5L2e*gD+*?D z<>X8GhkBd2OGO^4iVcP`O#TPoKN^zTY_qv>jNJV~zp&onCPiq@8g7osd-?ViaE6p{ z4bE>%y;{*@@|uUjU5j_VlzBymcy(mD^FaG_kcNk@OeJ|(TXx9*4PsvmEv~|U5^Jug zZ231MAA{x@`Dm!&YJUBN*F{BuaJd;Z#wdRD{@=2-D8V;6f|#K}hFQ}c$xg_l44`C5 zgO#-BhgCmqYCYNmM32Po4E2mky-I{9vZI~^+vgeGT1PS52eA|SS@A&s={^hB>2+eS z>=S~?Fo2?J_4(F@A-}}A`@9q1C$iP}i(TU>e|M|J>0NM<|y2r;1~k2hMC)8}#_nSDToe(0l&j zD}dbRB;3%&&jVzpQ9GXLU$}kQN5Ucyed~x9K#%Uq)}{&7jTx7mTh$M8|GW>J+)Lv{ zGhq0pXi^N$32u%T${<_ie&KMMX*o>U56^Q6uKIMu8E?qCz(adNjT?%c!}xy#{w4#> zetJ9Z1LAuIlZo5P`8=x8C!)cPZF3V7wxIfvhqf!7l`4pJdOJakH^@bB_7np(6$s-p zr#Y%qfIUMYKx9knboAH}ynBBjef953;_Pt;E3)K?f}yU8p+R<|u-{&pvefv!ib7u*@R z8J$%%877W}A`>Xm=NW|!Un}XuTuD3Lc8;mR^uPsPn*qC3d_10!0JZ(AC~J1??&eQq z)&)P&hMTup_+eNlxK~_#DoKL1H;Go!&4%ZG^5b%~vQ$B>39=vm#SjLO*}ZJ}h2~|M zDkXOZ)R@*k8g2i4xStzrCi1C?VyDpJ_+}L}J6BQnlI2E4;KE00X0pp5pec7=MC9|> zk@?%zku?kDwj7tAL=4$i{s3mTNhmn}?XihOtcDQ3xL!=#RUeCJifF|{F~Am!XzcNH zQNhEDDV;rQ?9J?J@*L(=PpXBLh<07t?Sd;?9xeyUsc*oD9{86-Bi>3D@k`Jy`122m zlBQG}A6d8b96uh1sl%By4~eLF+&o!LR6#)?zDtkA_MzbKJ}4g4_g<*&^6Jf zA+-Q&Xn4~(@%jA={O^|XVVt;jCvR-5unoTyW~ z3#r9)B|GfrE(Y`%in3C|1n*AFJ@n&*E{FG>1_SB)MrW@9U~j3pdF5`~+fy8P7xnvM zvj#s_D|WXTpXu9Ti|OnS&IE)gS5HXm-$pYYS0jHCa5O4c&*J=fy7V}hyp!eBVU3p? z#=HAMm^5pw1PXRHY}oWr&jauE$>Ogio+o}7NzLyU6&+K)OOU$kVKDdoJ!w+6_pMZt zUx=N)g!Gf5Y%jRU%B;V}+PWLZ4f$>0_=R&`C3ih%(>-ibBOPC!fTM{kKG0`EzPM%) z-j#|z(~$v}TX*c#wfSIFht09`EYjsdM}`Q|`s!B&fG?!WfbLjm`d zgywoLSuth4YaKvFu#}>XQ>dRK43MRb)YZYKb1+e{+*t_M9QyrjSqZ5rOi=|rOD`w#n$l24~O=^_~a@ox|@GtMy z4Q0%_&I5uRp%zgJj#>a|?RiY!T802AD19$%bApfyOe%o`BW;UL|6*K$8SCz6`ORR) zyD^g`R9IDGy8Mf+qnh66#;R2GV4IJtK}; zQ?rp_MP&!@NjV`5WM6=LJmPg5Sr@~!ElVX`Pj@{TE&@@*0^ayGm5)3de^eXCu2x(4 z4{+7=?GjeJ3uY!hp&URzokp7us4Ym^4HMgizFzSBdbl_H(2iRC5p$uYB4&~Bc;Ko0 z4o~&Bvw4+p;Qn2Y7i(_v-*~GNO?Wae_!)co`Fs_n;lg|RNWPdzREzfPRKctP&1o*+ zr9Wx0V5M`;xI^G+1-hKPJ0 zmehF^cO_{_b$A{E0vzP<;Ny`5uyQy&>Mr(Rv-kCWtz0Z%2Okc@H}?=U@G>^1I@9Wg z3_z2LVS26(=z}?*J){FXcI&A9)WHg*>##P05+aCQ*~M^U36{;g9r=9(Da8n*jU>L8U`)5fjwmYb(OIKK@EbH?T%P)L_WSjnz!N%SC2w8a= z(CQZsS-glow}`S|T@8tZA)+XP$}2E?N3TsPM>_%n_NDG7s6-Pt_5JE|N$?6-_dI-b*?h0~{2vL!FQTMHq#D*TF@%JSm+LS`5~@pZrcAV=M4 z;cVqq$*`Ue@?<|SIVHM$^@ft!`NL(D`flFRRS7D9YJ- z+D_$AV9I%=g>GH<9xgtaq^^V-93{jWr!3%(es+SNuQPS^zU+bXP+IPA`JOWVm%_y! z>I?K9I$aDLGCKUyS>;~{SM<8l-UZ9ii<(_U2h6T0qKENZ&$UCz7i-_A{R zE?y0|bYBW0YhU7dGx(}6|BXDT%E7;ZPhiy_J+Zy{fsb9r$8T0;fbuI3ynkm#1>g5; z?a$w?oRxB)+TIJ_ZzsrNBy&zt{=Vt8HN?B;)y(e>-~J$*>_o{}o0~Wxbpq;0JGz4aIH>{>h^V87YYIv1rrl>OHuZHaGOgL(MrL(Zf4YMWtr4;t^vj+% ziznPwLQmwiC}h)^2SZD%zBV<*b4SfBLQ&ws#`{=t+Qz$u3UW*ILs_vvqFRkO@$PYk zdB$@#5$B2?=Mp$x511E)MLvFZ2krC|Io4|3y8XtfZLIyBDNk}quY)*xFAB+3_AAlr zgx8SYV%Jv3y%P#P6a1w(vjd>bx)?$(!$@On)4v9M)#1y64rNc$EPqm$DV>0$abhSb~O+ zStgImB;4e`e^)J!JAqvMeMs`-!}F^gfa=H-PoN^OPV4UqVMhz19Z9)VGyFu)KJ5hN z`}?q-;5*3+I>(Xa-HsIhBTI6(Hci2hyX?01cRE0Qj3<&uZqyMay8QkbhwtBv zY1Q7%V2~G#ZNM-_+HVtvBh6BHz5|BxmZlV-Uvj>mLOMN1vcX@BQBcVoKTfJOyH!)8 z__}lxeC8HPOx}w~*=`yWe{|ZnN)vDDBpUc3RKGU}wD#2Kxrd~CULw>P$`ljgkj%`G za%|HHcRj;8;H&69*}7oHYhfF-w1k$*UnrNqlxALo3sr z{UT#ys7-J|__MHxRh_DTq`)O}3lckzaX2;RD}-Hku!rki!*Ds@`KmeGdYLf5=)yXx z8;$jG3YX(g-Lylm>3+dZUta)wmA<=t>=tI{@4B-dt9o6yXMgk{%`yB>a8rDc%o&LC zb74B5_sFAJPN?Cd;_c0INA1?~d@YX56(QyxXd~(vsYK!rh zIP|&UpvZwcuPxtUA;h85&9#+fS!#|QzHKgThEM^me*U>Dghj@T`<{S%x!!@p?NWZP zw6I$ys?y)2QJeid=vWNbm1^egWu`I1)*#+Nq&t{f5~8*R2>&E?^O z;j_aHM?ce?_eyTA0=~uoESsSiByZ%b%scLa$2?Iygick_vVYWk9*Ge_m@DH%Lf3%7 zgRf`n1h^iEpYwdMGOzDMYad1bw(t~<1x8Y|n{d!48~_*V8LqD5SPYjRu<6@;5!r9Y zz$q+fWWbi@Zqv8Evsu{F-#Q;*@50eP{ZEls&P|3{QkKpn7KjM+Lv~S#zq2~{zMA=c zRP?W7qA~Sm$<(3Kpkb{|FobN4JT05Yp+!QO9#hm!0FPw9@X^2t?X^-0C^6?$`y#ppNFAOgE|8 zp{{6@J@y{=c@!Pi6E1vt|3eG@q`aXz%DRN-rxXt84D!$c&L3gtEEZp!eS)+6#w zVLe1{uuGr=gUkb_&b9eFB@y3=Tit+`V*MBO`97YG(YcVi*K^2K8k3}9X5%;9fa~25 z4mlPKUFJy9FXVz>$fy0_v=OCG2Km>$U!NpHGANRj=M+ymZkyAeZYoUK`WG%=S?H=Z z4BTnn7AI_V%I7$XZ|-3cSXzRN%#`bnPCNTw9w!)e(gkGuZ!@H^QhHyuLzP&NMa$7I z{zj8FC15>>a<1Q_mErs-knx9>@cnQ5P73GvC(itvyi#NODNq_KcEgZ0b`!H$lcIPN zGY2Tm5>3C5wz_U{@&49_-(1lX!CI2vR8-CO+<1!{DgWQNKcN4|;$(8!+Dkt=sRIzK zLKc(Ll+@|IF3vt!rTG-EBSSk*QlB$aN^_&bg$QOKr((*%;D-DMNNzvsk>F(-ofqEX z!xMt}%uD+>8g#lc;4jT@Yc4+3;!K~3^z-?6y2P2Jvhm?#KmEsiQT)*Hey*+Lmo<8# zhmJ3Vg4BqF3UwuB#5_N1{~NK>OVgmE9ZSvB2r~DG>5+N+KUhB+Gm?Uvv`&N(DEtqf zmY0{~T;mn097x;RY;q%n5XhDD0x>B6JRx2RLdPd05EReZac5zc6P2E&s-S=W{J$+! z`O8X@jMmxy-rjd=YHGs`HPA0ahvjngeYyV^-G8+|=0xh#u(oq<<@1y|Ynbx8$-h7U_v8N?g&(r8 zFKJUhCKij-|8>RxylF<>mz3>kEY(Ef|L-9R{v>K1LQP|w_#Y4a&xG)W&d(8Kjl3Xu zEt;2{npS~T=gm=}5Wm-VX%45Q?Fo8n zukHs>C;ZPaB7MdxZh7HfMa`#2D{y*p2>YH?R99`dfCwt8?0!pNSfyZ*NrLA7{26%Y z?EgDDUa3&xj#>h%w840yuhyU+zq#{+5xvxGl~G5m@Owcetp3|~HnzGSHCE?kzi6T2 z72{0JR>{it9an`2Hr7aD5{j;C=Xw5UY6g#xVMIc8w;l4z4N+`&zi)iafT#e#wdOLd zm14gtaCr3S6XEv?=asdmsXIn(&mx!|$0mfHlNJY!?Y58k?&g&y(A&=H#~6)96OFg^ ze0oG_o@?Gk=s97DD%SAjTe?mvhRDQPYB&W@qUXK;$=xXtG=ts#s>_RdhTlUE_|m{A z^}Ass(SFo%r4LxuFJP2MsBSb=jdy_jc#2yZvR#IMRYfG9BHv|ud^S0^SMD>D4P2LZ za{4?1v&LrnifhYY4JYPHx`0At<5!*`Yf%1s0kgu}xj$DZ;HsbGt@fB=n5pvlj+;=J zt-Qi0;iVmkBnFR#;``y31*!eGsMHorb)Yf3Vg_+j)FMrt-3ISGZ!Mt%z0E4w+kTF7 z=aVE#Vm1#_MiIVT3hQgrkiM;rLLS%~oD4TN3ziztpt(MFqy0wXkzcq&4)k$~+H`Qi zJnO$yvS8t>KSEgefct40sd#<`uA8>#?$nt zF-meEO+=iYv5=gzesubwfJAnS2RJj42Th>E1{%;(BlnOr$*bqKe;swG3Ef%|2ffB??EJUA z`NgXDU6R{CG6QX$)gWNW9wrpjO|SSPDfwjXH!-GC-PRj?)l;d8MrsVRhZ_fw;_mODFixyA^OrDP zCj?b4{~w}JRujmF0=Y>LON*Ne0Sp}U6F~!Srg-g-r)O zylL)zyfP&)-ziz~MgWfu(cFXgiuDvTtaG&+W<~QMnb{7MtGn~fQ#sqX|HWLTx8 zm+1!gm00*ZBZ7QTIkhU(dA;p+-$91<0%v9lY$#Pa|1S&`lNiIfrzUkr#E11hc(|8u zGrVQSKU75}PgX_$D?awB%!eNPl_#^u{+igY`bz7FC*{_33TiA*b zSQ=oHE4HsfL1Df-i&(Jj)=@ffS2YneR^nJx;2z3XG+BH{VmvtOI zQR0gvJ=0|_fQyAL1@K^qtMeVr*;D7Y?q^Zo!+1WN2x6_s(ShnHc(=!2Ri4CVBy-#f zWi%2^9c7J&Z2a0?cfJ(F0Tv`6K|sYzN|8y2wbcPH#IoV)&*$vU=ZXm7b9aT74!JEM zH%8vuGkio~Dg3j1Ws}i?09&xL$+Ou`k3`v8hsgjJ!fLjxBsS#PE+TwEB%1G*`vb}tp7fQM0L7OBFfWZ z;G=P11#U8)jotAAEj9J4t)KZdb9p_*J(efYJchJL+(J1yY48+(9Lef z>m>KNnDQ7QD#amjx3zMz>s_@KsfSDb`zA*A>gNJPntQ7u9u>8nMJDUh^a6cK_A|-e zO0yJ>PI7GG1ZI*NFx&b5UaO5-O3Ur+UR+DYUB zw&Ielzb-xW$$8$uvcwkPBx|c>=xN62h)d5{U9q(q6|dS8+6!fQILX)o7hJ?yq~#Oe{n7$jKtPXHXEEQ%ky9B`yIVm<0N|0H_X;(7ek>!(xGTBOG!!S|Ut+ttQx zBq!-D$At7nHK9>j+@L=Bje#e%&3?Sw;X4i=3?q+d{iE?Ak4njPuZsEgVru4|SJ16G z_FgnTLP4Om8~C#WiI^N=M6bJmhjy+-C42)tSE^$_gwfgd!>`&wvhA1mhu4V3yVY9a zY-<=|@!-LCF0|6N2J9W2gQmDS9QoVO{nzq@ghw+Uq855wQ&ge#wWlw&=2dk(vj?z{u504S}ngL7AH32Oo5 zbSWqanjNs#7pu3qUlm*4-NccM*I1zLh5b(505yf*&NkcdE`fCj(boO8H|HE4O`2w% z{27a3Z(Mj&LEjRrr{U4fN6MG3 z6PoetX%JE?827F5URc`+RCRPp&+Nka-a_q%qwD&4z1_*e)M>9{BR)WH9-=*L;F87c z@B>@!hS$d4da!;&=PE&bad)D#u9g2${|1s>eOT+(FA%pf9E`$#-dEd(!1z&iz5QD7 z*pPe8Uuj)>}4TyHRMt)@TIQ7<2bk5QYx zBpw!}=!P#hn6w;~JVV=G*XI?Mq9U7-=&8CQ+H|)eNESQ`N5!MkZn8Mw7`zhKA?pgj zr#)uW{@vL9SK(N4Kho|qJlmu-4M~@5Ev|vGNZ|{0dKO7clhgfnHj8319NwnhbW9HP zI%fpD4m@ksIq%abYjeZ&E8f(e#67y&E?Xm}u@Y+(Y1O^VfcCM3wYTNQJ^uc@Uk=`V zI;|0!DPC~BLZQj^og?WEkhM@VT+l^ZRznGVW)osp-#4!2jr@6&Vn|EhZ~CgJ(ur}C zQu+JQS2ET6)o7{B8;^LyQzpTzj)ww@JPGt~OwNmLGV$bJw9`X*Ew+n{MDhVp6)|q} zd}m5P$)d9|le$Vga)7R;Zd*MLw3_Ai_p!a&sMdZE|78+hA;w?$5bZ z6D1j?xWhaY6#azgB_d?lKNv9=6*lPcXnFGvPT4`4y?B!kGoSkhU%)n}2dY+!box`1 za8?1Fjg1e%PkThHN_QPA&Q$;Fgla!bIBec4O4I6q3(8f2#{^x6Ri;1HZDWejhWq($ zOA5JRx}GJn5)*nBN-Zu#L4)!W!cWyIq{=R%fWdP)A7@ltcaG|NIAxaCZHMfkbV?I# z{bhth61V*z~Bmz}_f7xNex0<9}r{HJKQ?;tTxN!sAjf#l4x4}1)$Ga!tHDdg0S?~9^9l*{{k=$IOfG}SE?glJ zARhVN(J`LvmTvHsSQ!UsS7vIa)msK#l};!4PHR)V4aB!tc#-|iS-9lC;j?kfam|x8 zR6f_~Yec7>ebZ7E`+S>&>;38&c}eCpKMPw|zzAcu%r*P5e1CJ?p0EG0ATT@a9%ZaQ{*Ve#Qd~;gX#D zgKpw4!_U>*E>MFbyJ0kjTO=xyHos3PVf&qmyk|xp{`U3Y)7J!RPk=oU&(h{d%C5n` z5ENrt4$=r3$NdS%h}9yiEcAr^U|oB&k(TPE(|;=E!n8xLl6P8wsy`&EzUzA3sT}jG zB5mF!6W$sE4^_Rd>pJA{HXG&YAVd)vd!mr@uHjdKu|Lr+E!KS}3zzxB9O4CP@n3th zzrLOF=D1+gJX1Af%m-21$HBNyHAxt`IP$1=IsFTm^n>K+#k@9AgNf-be+zANzw+%8 zoQT)(vTls^Zrl}FjP~b4$rjVMWVT$l!|ZV}z{Q-8Lc!Xeb1tyvws28a?5?_H5L2U~Oiq`KsL1GdhUGe|HePDIFG)e4udf*O=maN z9fKzy&4G-GZ6YZk^fs?C3%gr9(qAiCJlE!3Z-b!{_D2IciFt6 zAUw@5%ED_|exMrZ)DI1!zkS9e#tuV~-RHmHp+Es??)DHTGg@y%h2XnABb!6saJ2;Z zsl5`FW}L>oT+Jq~dw~H>K(`TI zk8>zrzSc1#vlZ$cPEofkni(^BMEr9FmK<8d{XAmfO4iafxR_#?c!m;LKm*LLESC;h z>N8TjJgIVD5Omb)#*ll2JK#inc+1$nUDxRko$P08V=kcF!5S5b?KKQ+M=^Jzhy z6d_O?){e1wuZO?X<-^>Z5 z8&ww`HxD(Cv|2k0TWEc_y*#ZoI9HX)f-AJ+&Z z5)Y5#xw4Gqu8XmoHqIoUzwFw$l!4*CCZfHQAj`B@OzExF|8cU-D(g2ts(T$%k-}%)zx(TMha! zFCe$4owNO4IvMNYwnZ?WQ$!A{B9(g0P+!5589L5z;HQ993MBYz?ey(;Je$QBZ}8T? zXQeHd*AYp>fARRHCoNY|+ikdPp3v4*j<~;&ihj=dp7Y#4;NIu!!w)Rnd#yR<9OHe* z7;B6C`Pq7n6_C_^Qy-*z$fI3AN8GKVxLzn#nM4LYW`Yomd$;Q zH;8}BIz^utTwTH9d?7XX`1nPIyOZY~CM5&0WA{6W>ngPiOm-Tt#6bG97|V_@_{_TL zLG!4S`7|TE`LNUqA{A{@2f{_{ZkjCGM$Ow5IJKJ#DE5AM+qKFj7qd+_TK6(&*`kDX z%z;BoD)@MRczmAMor{&Rg1-r3tlmo7*n(MVIcI{6_W3@ND+W=9^02 zIZ2;)vv9Q9A14KR4h=93oh1k1GhT}yQV!3C*c)(DCTB+qDlBjKGnF|I5HSqypZ<80 z;6`m)kJu1E>Ef!cqZ5*S>$GMoj!qcW#(JARwmoyT)UgrdvK-*JH{K+&xH#^?SZQc5 zXK~%rVermx!F!8efZlK0b;Z${*m+-q>&5_eEUGZjc_AdmPyXf2uH#X7 zVr@u~*^IHL^dUE0+Cn>{9SnH-^#K)eM zZrecL4qVo4W|qD+NpC2DQ=+_G$GFjETOpOxI5MeTK)pSqXZM|4ciL@7-AQo2QRbaK zm-5^*A(l&c@eXT4@c3eM49~0wJAQQDtg&~bnNyYV*P9@Zq{h3FTJxHafm`-|$Jvc; zyRQm5AGjSOk1GdLdT4hujJ8;3D)~atr(YDD4?b{99;>|3C}w}&vQ2^XBMip`OHa1> zrE1!YPf%7q&aASG0BHa2-r9qH*EW%Noms#@}7y;=cNytZZj zsFA?n2WDPhk~Vs?W}OSv#cOGa*oN==kzdOcBi$#(bSG8td9{3K7*O|>M8Tkwg9n4eDfQ6L$UE=ib&yS@F^?LEG5y@sM|Ex`EL~(f zJtNUu8aae{GM~#fdb~Cn(9|~z?J?3{yxB#3qju-?0%?owXX8;sbCR{kPUj_w#6iAR zHu8)it;b9tN4Q1XZUslTw47~8Ih>=>s@a>jF@ZTW?W)>Fa+Z1M_DS@D_E%wxE7p1O zuLKreOClo-KurB~WHZ*{fxy}&Z7`hWeXF;0m=~3^hGSbhseAK@!!bx5Nr&&I2} zw19);W}eT{s0!Xqtz{G3WW{g}Cx(uF>I(kvwYyduMD)sF0}tfK4a>+ZHQb@z3+u#} zOd6G@cMru(K`nnM9Lo>L7H^Sk*$)^Zi7;u z6W6ZG>Ikfg2{V2TFBuShY9;vXQ31qM{Bm}Li8&6drFFdFEvMYRr0zf9maYz zyDfxD5#IUcn0K?q@%Indov+_4UWgd0G*FL7?4+!DdN%~|#wFLMs3X1RCibDnz{Y4_ zVtK`X%xg)MkN0;kfRRT%I^RtWTMVocb<*dbuvaQ&YYcwu8S%-QIWnoK;bQt=GnM+0 zJ585Rye~VKV}u@nwYWNvk1u8unY9wky6T;icI&$uNV z!;??5T<{jn`_?*C+Uv5b;gr(#tm=HSY>TDoopq4K)`}|WB2v5XoyMS${qmS<8#_d|5`fIp@#d`!523L4)uiBYK z2}<3)(H0+1h54@`>zg>a;e?`kdJypNVS4koaiN)4$EhDDwEZ?d@y~TyFMVF?2kpLn zbhn5~a@%7shbF)3oIDFzIJqBSSJ4dA$6eX^ap~Hd=q9`#v2>-v>;m3j%hG=P-SbM#|DxEQ$!#gJOaFAzl8VKl54}O@>!n<5<|;n_r(s z6&rcK>8J=bicqnnqAu)NMXwe~ZV3pO^c)lJxaBNdr?H6gvasq#a?Ov1_@q5gGAfeM zFkzX{WZy;9gm?$vFQ@K;MPKLQhGJ%2dz{@tD>YJZaheGAd$gfkKo)u!zwa#(5LNwTB5#JwjL-#tLdU%vw z<4|v|w}$a@QIhZp6=vm3$7sy5HM@cj z*j7+?elqW!eAZ{MQS^HL{_WIjoS@Gtj~V>w;3Kr{Rj#h*LTx; zkqd%#l_jA5(o3T>D(N$SiAvwNlhtz2n{bfF&1dhPM#^O~m!@gsSw!Szxo<+nSfvrmkS1-{&x z8@2GUB7Z8Je;FrOhc@|*Q7!(+0qxt27cJA50t-Qu+(tk8l1B7`HPe>y7OGco8>t*K zKEH3R;#%|0o!Hf|Yb(i2AJO!lwhsWkbfSG>dhCwaO@7#3Q0>lmTT{5ea8~bAviNJ) zZvEZ};&>iUPT+|4&6J8=w+5rmYd+(Y3WdEdi)TD*`HEiL-r0@OAsvWY4p2NJpk+f} z-j}|Uu0sl7G?YDV=U(TQ&l$yq<-`myiXz4h*OyH?_s!lguHAQaanGCgC9ea8?YDG? zh825z`?|iGmFT|f^? z52>&HIfm>#6@ef_`6~8EDof%W{hd4oQfgkC-w38;vYOJQMr1OI zpN@?AlG0!l6Dsl$XJGce5gs10K{?F&(PwKXHqmA~P`44c@8-)b+=N%00yy~B!?}aR z@%9q^t)5omq{e#XjJ_$P7Q;*V`Ml-ZF*uP`%8B?RadnE5x5U;9+VqZPQtG6i-IbtQ z5?dzCpHt|2=!EBgUqY^x9_s2>4#$zUkG3OQ&WZlqjec&`PC5{$f8^%8^6ed#8?-Q7 zMVc7fdE$F!*(6kOaCd@>jj!t5(FVzu_wt+IlZhL$-I3jB@*e_j%ZkXWvp+S0vR`IN zH}-^nGfS1SoS0VIpWCaz9ypk}vl%&E#_@|Xd+u^L&U#%Qm>O66>^cl}p|l5Xcj z0!~U5gsVtq=b5 zqG~ufwbG|N4Jkzag3L#^@Ca0^UDN2R?@3b1wZ-8T@W;WuR_oZ2D&Lsp>GW;GBdSc6YUqAk^ zaMq&J8%j0O50;;%62d!1_8#%obxeIne(pW)ytHy$H};)&`&E2mHP-uEsrCr}>wp#4 z(eN0rOs<(-*Osdv#KN#|48*b8p4;zWk#9vgC^1vw4Q*;v znMe2jycrByZcKoF|KOTTUD8o(fd1C(qnf)>mQIt4K3%zsxokGGa*4o5h}uLa+4^?0 z+Joqp$aA=rq$15tLt;5c?lq02v?0Z02TMf&* zQY>gCtY9EvSw2986zCOnEYQC+Bo7_%ZDqe*3+AJ@=ZjJ%jQ}ds3tc00i}!*VoOG>( zkAZq@BN4mR%vH~53|F!?TtPa;KVq~5{3h)+YIhbFKg!1M?x9LgN1cuBnrQPz1%8lbxBJM^8W!VRGU7I8BCdiAO9jfg6xW*Kd zHhDsd`dFx>7mMu_f8=|%&*=0sl|ZtD;oUzpAtTb{A7!2AB>F0M?FNxnF3xjJO(OF4 z`_VPKtL@&2z&n<{npRKWF5@AkS4f%3uzP7oP<@~9D&tocI*xq$9fePg#|X>b7x)JW zGQzOzPuk{MWhVT=M+Bt^Rae|>YTAua$m6dz>K23COLbbjDmPnSoQB(mv=te7^4M7 z7B$_w&Be}h3$!N&OZ02`bXw8aEic(4g7RMuYwi<*fn0sbB>{n^ry?(s!^SP z#p>G$FHm4oG_b85Oo>aSl@6lYjrTGtFAqO54^+n8@7WDjW3qp5z=dhYpVFKRMW2!0 zP~(<~&&0iWen!<%$6IG?QJF<+X9+b}cR;vP<$FXa3fGsZF4O)}PJVoeo>8mQEW*#9 zYnsT2FvuXHRYkCpvJ5iJTJI)lk-`i%Wo> zlSQvcnVZahtZ}VQ{4Og#9~a%5(vTvhgGh+t8f%Ft4^^?|uJ7Eouc2A%;y0cPuO!i~ zJZz`r%0243BDo$yi!VgwkxIY>qS!@i`lX(t35Xz~w8p9LA&qsF5=n3R?~Ed-iO*B6sPxHr%319KnJV=g z7@`X=CYey#bpx$ai7Z8y%F!7w+#K-q4q44HwH(&V5f>w49tq_>3F&AOw>`^F%$)%Zi516<+InKI01aRPM#k zVZSQ~(+yC|y1%rmFOwVQ=q$*8n$Nz2A^278=imf6O0O`xP+O_9it6^5Goy4`X9w)! zU&nk6M*|{_{9VH*gy3TXRbU(o$)X<=f=m2s%&g?;Q(~O|RqY6Y761#0k&h~mFbMTO zswscfgnmFv7u$6FTaNm#YDyGFpx}@+hbkWRzwYOgN65Y#qpGd)`=2*jj*6&sh7K6Qey=PW0KyPX#irj0rw6vg);rstru=Wk=2I;%i7!ymDTMKyiT^)qJ;~Am>0Jr_HKyNF4qOT$Km<($yn#3V z_@70fVjoCirvHBIUti?wL`fG5jnB{(`BOjqZ$khcf%vaa{{8O%KH}e|=xNgaccT8y zZUK!d6Ooen$1rzvp)~2SFLFzoo0rtOJ3DbCgS#LfM*p#@st`cS2V59gp9+a7Dbjr} z&PRBAPS<-vm$7v`d`5Wg5QK$=^9l=@dON$jNoZ(Z#%a5~xxL)~%;R~B(*m64C0FIN zX8t)>=C_@o@BlV&qRvS1=Z0kIYv%{El`iX{Y`;$XT-)f2X7{{xkVB)CN&fICHQnUy zd~q;~zTO?$@evL^A|U||v(n)oq#1(yHc!Tae2sMa9~}x4lvV$LhR(c9f|pj}{*vTn z&j7>xs!dTe`ERHM%%>{8bu?47+-Lx+@$q(_ijL0m^zqS23^*vY%540tgu@K z?uRTEGiAhClU0tQ&nD_Q?YE>BfEg2$mbSD6ErdT20y+T3j=^Hf8LFeEoZi47;_$1pRY~H29i@jim=9_9*rE?(~YU&WKom)V0^oDD}R@+g30G0D4 z1nc!7E&0$n*>4;_kz7e}USg!p<5U})K4eB7;r+?QEc;h~zN^E@WjRenZM!~Iw)4S= zYczY*>AVE%>yrQ;)tupm7Qs+0Q2!t%Apur_2g^@#nJw-7!Qyl#G+q1UVYNLjlPA{5 zn^X`zoqSAxT!@zC2?Tly4Sqg8+?;eEpSHmeuC)3*f6VYFm@3ub4Iy}kWzZec1{A}e z0Ox(J55GIMsA<^}Kd&+Di(*CX8$#-R_J@c9h<=f;63!s}lfB%b&U~{qXqESv44Nxc zWysXo!Bo|Rcv!R>pmW(Tu02`)`LJ9zYtdaZGo$v)Zu{^M-L7Tb_Sr5mN_3U`M({{%zOmDeh5@!LW=uiW+FRnhXR#rFemkD_hykw7{^fW9KR&~J zA7mSc<@&iqpRS=HO-53?_Dfrq%8o`9H8t_eN()+UiV+ptELh=?zI1O5C4F_x`RCgL zKyOFo7v_=Z-x}3Qbkh9_*e$b)nF`U{Q^@b=dw(c7IXOE34BwkrhHEV6eY;mh{;m}T zuvVi=iCoxEPfiD*HI7li`ny;KBQY@qRxr6z)yt)lAGd#M>M+B@2N8?>ag%&t zDfuGtR$p`;JmHllJ|wjQG65$BGh+%;4xmu{>s4LdMMXssJr6hQ;eugM3s|lOiGLL9 z`x5Zj`6Tx6CqYiCQRE^uTqMJ+8Yzq4DG%fo=-S*{DVQv4{ZUwGz-KdFcr z@J-TUp?Jclsb(cb0XL5VT+?b*TRVIDoIE)>8NUMABCiofB5C#S<3?ctbFV@(@cPw2 z^8rdjnD5Tszd{K7^ShX1qVtt_=){;_^OJScQvd)IEFNw4B$tCJB_UX=?v=EpsUxl>A#l;)K4$Rvp-WU(3yfZ1e)iO3Q z8IRhFLwNr5!HiH~<*H(+MxGk8h=_bbLP9>wJ9PXw-)@OTb(oa69Tg>fF_dJ5Kwcq8 z(F*%l6o_A=#Kzbw>`knf)5(*3M+Fx---~|w(Y{ykyPA>z%_vS zqu}3q0Vx?kauiSNg^~cJl(n_B`r~sLQ z0LFNkaGVZj^Q7BAknjr;3G&MRw1xS+BzZ5|O57PH2^m@}K6jMM#Qx+D-!J1s{NT zphLF_76)MfTPn0d0%IWgbIMc1=l%c4|7${%gvrH=R<6# z0Ex72+I_0F*3iJy_Ba)0y+#bi`aLwhZ6e*;d6R(ztX|ocjJ@Z=-i}_svm}phvhj68 zKw|9{=>PTJlWMuH$F&kV={(&=#xl0@t8NoT{xee!kdO%p3Exh;UzJ;Ft+NfTt?3JX z?C$DX1;*5V|Kr?t=lfS^JnNQ+8okReagaMoZ+|&~B4PM}K*vB0aTxE&Qj`1XlKb&0 zK!a3NR3ALpElI*24%c6?0(+e2$^8qx1^DP9|IW#GGuR!f7R4MXA0!b&&O<-9kk9`e$cCxBRou3qn=I0wGhr{bLqY= zw->v~Zr#CfO;39FA8mRof_yN<3g!j110y3nXPX1^ii*z(bj_9;UB#rNF2crE(wNQA z6ciNjrk=Y-MMb@}-x}mg67)B(+-UZ^^AG9yYm_L`ztlUQ*_Hl}dZT~ajC~(M(XjN+ z18C3gzF@-3@svAmIBqu1geWwfXwK(^Rb-dBD+4pF#?}LFsNh}u*k4D}gtV0>Kc%?S zwfX60&=8p6*UR3#uU%FklDXY$eEMlh8}$POEer0Njy;jVEZjhercx_dXJUZ9ftHr0 zAR%2t(H)>-K$8;qiR0AO)o=P_y~g(V69ry>K>dSTM80s}qwv~3brk*aH|ZcSQ+Rv~v z`8I2*c`jSUnx`M!$;J%+0O-^t{17-iK2Sn1td6 zU{>3H(UXir_n$D_Cyxvumzb{pXp-Mh1slgFC52$s^58^zo5*4=r>ty*keW5*_4BH> zWi^PVita*FDq@<>TA+u7cjrFkK4Ru?I-jU+rM&y0nbmwa`de8 z=?@wLx>pCYI{-|iy6wIBwd=x6bwvdlV0qxE5Dj6+@7ck-AP^{|PJOaK@*mnw`9-@e zkS>3^T%jSV^JL=RLI5WwtCj1&0B$%=ZwT0c8Ny1|gTY^>{{ZzYNJ;y})2foK2=jHV z0XsyN*{+M2MlS;%kGrL1-F0syXQ1 z!R!%x%HLCSBFP8yw*Gwh9i!8MS|ebl-KH&D=@MG?4rU;{vSla_$P^h9!GI%P%QiJXWZwI&0B7`?K0(cidQIC&)z&yiHUnGdDJ`XkWq8M@(w%On5aM9x1;4*c@JxuXBg75$lk z|G%@3|H^oo!a#1uOtR~!zYvwC+uPrtUk%{;oz|{O{lzT@HSAer6hs`1&6jYtvcFK| ze?&&uA}gA^uI%8H-km6L6Z3Dg(sVbCU7fz?Ck_cQ37~j5GaT!u3K`A+3L~Ca8l-a0WtW z8{lUCl0m0`Nb=vTV=fsOP!j1D#DD)+J2^no^l!TVM9{y%_6c}R?Ez2SGAthE-*Ncq zci1@Ke&4cio>Eu;_8_tJAz%S{f|$-6KMkXTaD7^`Y(9*VFkj_xvc=#ziE?y zJ@Nl(p>!?JNl%{raTQKjP;SCs@b(ONKRyo{Nr}$vY1c0&qM+#R4IEeg9Ph?AUBp;! z^YyjkTIqN;6z9G{7o~fbMyRKL%4L8pBvu@)k&dcG3T0|%+(^@9qLl@L{@&hdlny~r z*+dT!{SMxlc;6%UP#+HifM9cDlPouQt& z<)3WBaWUfY@6)@3o)s0M<5Ghs^aGiosDwhMrs`LUFj05Eq`?9kJ!z7V3&(S&$jlyn zRJ^jEYiXHUKj+ zpEp!Z@mQ#O03tVUO9J()a`j}{dxOZ-sE~MR4YG;x(zXr0zE(L0HWzKw!E zJJTL-q&i&31^=X0M)?5K!IOyGeu`kfe{3!E{!vLRu)cNxaui`$S#EV~p#DKr()z|IoWUKcu` zm_O*15EpJdFhh;Rr&O6xGRKe7-^4cH&!K}@MB8la9BVjkDi+cH@z=UCexZ~>u&L0N@74C&D(_5*Gp)J>nvWWHoSB4H z;z>K9qoa{YV}rBdO1s|N_38*HkhnRB3ubf%qM}-0@*kkRv{sgm(UX?`;;=3}qd_y^ zgO>EVlbz@1-yo>!*Xyr;*B?1~yv!*H%MzM3nUp_{q-8to|-sU*lAJl}~X z^-ozrGME|Eio!a0yo(wPkmcIKxj~AHsx|w~`a~>Yx%w)s0U9wB^=G*PEHY5G$!Y@G zk);=wnDXkXFOzQQ94ARkQ~ZfSC$~B)l8S3yvt)1U2G@Qyx5Ky40)iIrW-CSHZi~IAMj%y@I@P&JKlw4(vcvOw9ZY7L|*9G0l!34ay!l8nci9)kEHb zp}_U*H#W&x=E2J4wEn6FDC9Iz=+W7w1y_-u5IhV&3)5y}9d=NwC`PvUPcjc1`;iX^ zTB+}TtJ1MHG|C!y9OG3PrsOX!n2gCQpaM2xk3@hc7pSfhy80*b-XR8XoZG06=_&d; zK>?D)BD{*0afR&)#i?`0N^~*)I^1grEgJlrxiX^LEFbgo2al@o`NE-18Zm#4$h zN9~o_EtU8ihm8sWHkv3Ay)E$DXmwF+c9j@2-YI{qFV4w0nK&~Gkgxs}L=MR$FUdBPK9}`!Oip^=)7cY*ZXvD%bQY$V1dxl1D zHNwSeWG2{|*%E6icY#)-Sg~W9^T7F&9{Vm*cADxjk={U~>K(?-KXEfBkc#13nyDRR17W*5Va(sjU5+i&=SfcNC1)8 z)D}rOV4ItjCgW%IiM4U+6d;(BdCGSw&@=3$(V1V?=SrYdOUMREV!zyRGmhRNM zr7(*K6)?g^(Q1JrB87_!9Q7wLxRVxH(3>jV(`84rdx!Ue===J_V&$C`jS_K^n3ttv z-x%P>Oj5m}7pXodeNJj-uOD|$Z6rsU8_yYCS>L;m2jWx6&`P`kBdhEVP-D%iF?wql z?&0K0(PetR-xuoK%WKI93q72}m?2RdQq#8(`$ExJ3{gW#@F#EIRL-wxuBs~q&pAxI>qMjW zdn;a#B+f?6{o)ezK`}HyE=kSgaE^6a-W(X!evz*rRF2~9FsFIfo`yPHZfE2m&XjuL zfZhe~A$`w)6tw&GYW!&2S2xFAXaMeP47~#zq8x z{NEReM2SE$UqsRDO!JAJ5g=7?lk@a8v^#iqu?iUVvnEt(u^5Z@oGb+jja3*8No0x= zSIH6N`Wth{u$4s@i;JCuCKc9#OqJU9QEd03_=E9DR0zgCswO>71*uI? zG=LYY#NMsU;1t5nx+Hi}$me84=9{2d;5ew$`y=7PHca|_A!|?*-H*Vqj;81gBvBG} zn3@+7>*<4S>$|y|vb^aDyOz^b@P!}!>W+jT`NoQx>>Li{5+w%470TC0e5pG9t+<2M z?Jp5x0Yo^e5XFW3M1;_g3F1d)>IlTtcru{{`mmVt1+hv5^Qw@->D>~#A@>s!iK(&R zL2k|;4d{$z-qz(&DnV*r@{NQXIJA)%;4a3dy)KGhcI zpibk*(5BC{rBqExK}5{)LRoo}L=BzMYQYrY6(>qbqC$C;gtt;ItUhX&a*Q&&s)GOd zCJSg$iVIZXmXV%^vt5|7v*i9vqMt_2CP%J@ymv*$F%Ls8nF^Bgt0W#sQ2}o_>2FRc z0Q#3yazR`$Pf}4pb$b|;MG=CsJ*QuW!)sVjFDbocd&VXvwM+b%!m zFpq?y6RVRC;APg?6fr}TL>t##k|+_7sO_hWF)4SNH8CGf`owi&(M+jf=CjzrCKxEM z^>p_wDt=Ts_-dE{mEAeU;T0oryjd%lAcD6|u-ab$#kbRL>9dr`o zsu0a&yAth3QbM;gM*97*P1j-3=GY4ol}GEO6-rQ%is70vAXJRHqe4cIMC`_-N#2J_LPI zp{wD15jvwRFHcwV{UgS~&l|;qAEpe$aVgQwrAP@fIY?%p>`-ALi`m)pu`knsAJ6Fx zjU7e(112=YnKR#Gv0AzzCb70q4EbBKYdNSu+uE`5^4MQlMB8sa)dK*5z5}3-1Wiy0 zPyVNmF%+o&k}rFZ+ih>-%`P(a16MICz)3llsO9;dQd;`N%077y?+T4L<2pgO#kJ{B zlwsQjC#`K_5{J||a)n_q7M-?%*8rzC}c7a1QBfZ9>oipVA-`ly;) zWGsAS0oV6qmZ62mCMICY8?wCIw3*L(UOi|!VyvuH=x@|YbR2+H6&y6rebjFGO zpotmjUSjI2OUoYnL%{9sBrYmW?Hl6ZR0nnU%O>sz2`g=Dhhmn$D#V(Y!9&d*b5kn< z^wh8{SEoSOA8G35NV{YXL+u3(LZL|$LJo$xq{wt?9Fg{xT5$<|+^!{U@7_3Jny2yy zRqff3=og=M*mToF?vnz1qbhM?lRuF5@UY#cXcS+HNs9|Fdp)3}Md%L3XsBrtDX1o5 z{Hu!D)hY%hcowBT|+1LdMLaDVnL3EJ;As;zy_Jl!mPt3Y~N4 za->6+=naMej+H1cbW;44KN^O@N)tSvA#R^iCROYYI10h!SEt-kA{ea|Nj#ql#GG2( zP|Zn4r7;P$7>{jb#ih;HzH$u8b7U_-r5p-N$xtGQ3KP6d1*30-lxSt=+fu;Gq_xKu zAM3WJOWF=~27;8ONrrp#n#sFN3=Nm5Hwf+^-Lu0jTqj*M$8u|>K9fqvT9SMe#+jZ{ z9^fhhwU-qpcKuV@Aq@ED1wql2PXRSh5)mM1<_ZTdgBjRW0pB-f$Vx+sZaXKc+-a!k zJ1D#-A*8PS;#VRqFH31{pjDJaf}yZfFa}mWrBVdgClF4_NRCV$+Z_A}cD~}Ayn97F zki@1M&dOC7SE7G7W5a{7->?9ukXt-)J!c@I-7bWTvOdd%R6B8pvv5E+I;>z3G$zz5 zk-7R!Ez4n)Cs)S9aW4xY_RE_GUBxo@Wo@${%}-w@$Qpr@4RC&huJ*pWtwSjI@)0A! zDn}p@LlRkSf*q_|IU7RJMeF#N=KjMw^y8~TP*BoVrg`A=p&v`GRV_^gvCG2){}5i9 zho}i_fgT3(+aXcoV)DW(NxDmdloGG{KZs&hE0eGS@0qB-U}1i}D7p^{mQzun^?Td* zOzae{cTmop%0@+GhmQVDyDMrT((W<1uo!!wK;s=92)>k=CanCc`xSXvKanJ>8E{}T zPnpSZs-UY8Zc(7V@{p8pqnf5{GQ0oT9$qrH>c=lPLJ1Wjw@nhUVIHxR(vc0l6KpJb zoQh-*=8lPpcm`E#ZX7bj2gc*7i`Ms*tZP6Hz@lbkPX6V&6U}jK|vpe2Kp1 zqN0$3@MQ=gTlSq>lK1j5P4^aAIe8epN^f@xZzb`F( zk{3!>4>(u{jFiXX;=@K{Q~4L`6dSM2AQR^kXB)2(1ha!PFDOoCL%Yu#)4;*#ejL;` zZg$kiT6-qrOZHPuGUzx&`?vxlQ&X8aIaoOf$Dtjd;+$FvqVCF;!Z#K*HlEm`??Df8 zuhjdb^(%F-JHQ44bi*#mVp0U{)L?=+ARkzGR>u3rj~;Eby}5FzXsza~xiAoal8tn9 zWP00`g(d&`Ms^vuDbC$!ts`v{WqC=<_r*UVtkN{6zLIo2G~lu zq`xm)o0cD5gVn#@?}U3Bs&NlB=M0JU^%{y58Fh{IQB)!=g--<6pKmi7?${tmz4}1> zd{*|0>svoeSr}^$1H7O0YE4{yj|GmeRo*2)57|h_sE7>_Nd+FL&9!?KOwsAN(BOW~ zgtJm5p((by@(C4$FRWB)QMr0`dFR?Pu|=`(#7c({C*$PAt?K+*u*U;YT0D?lS!ck# z!j6x^|Gg+p(u;TV5i4PWEf)?dD(f7*is*RpA5-AOaRx^}qYrUws!KcC5mCJ^p!g*k zS_GdI9935L#O6fb@5>LUIG~VPS3UBH7H{6MTSPwa9^d`u_q4ZE?$4mN4a>d3Xw8P> zOLOOwy~D%&U^{5g_$_f5e^sa-*{KN2fna}nKeZ8s^_~7}9$&`iXv)kzUVlU9LM!<8>$G(GTk7x zxMJ{JCkqo4=36f4P{#$Y-#$d8;ILDnzsaX(X1%d3*yEBZCp71_&K)20iB2wpOnN_m z0?m$4NS(d+{%P&X$$_=piFP-+iOXYp#*r=T$TsX_c$kL z92Hi)S(B$Vj0f8ZUy|E1a{VR;jr}K#Rg?(C^eUIw{m02vq+hAM;O>$Cz%;HH85!Gl z7oXEQ^kYbq^-biw{$+LFtYH&d?Kg2_8y1KuYhU`il8OWHCk@3eOG7c1$r)C!Bf}NT z4W8(_A^-04DIzg(gpNLO+oFQA*QJ`V1WLFe>+B0 z%lTkyJW7x5AVqy3f>`g%kiUBYl*mA9p%W7nInDVomoHN%J=EAZUAiJyeBLC<21-F2 z&gXjx-5Zp(icN%LYE6YTJzj}Ew!pR{tF`Fd@&Ph^@*I=zxA^WYR}aj8ykicavw>5m;)4AAG|pf!Po zHoi2#tU!DYy>&Llgj-ZnQ;u8q%Cbn`u91|T14jWJh7r7x*9?b{e_E7vJ0p8x;fOh$ z!qL+f0{Z?%_x2NKG1#2Duxy*liM`k$dc_T?dn3Tv4nsF=VZdf?@a?{}e!5ZRS`Dj; zvHGU;);_d~Gm|TAHlcS|6XB5_ktIJ#($6W@sWwM?2tVlTvbChPyRQ^>D`X7Ecm0pK zUg&P~5vx*bbsRVuxSw3D63K{u>t;C_U}uu5irXZ=FJt-ela?vU=5}SaJSEo;?qX^x zbn;1gMwy$9U@br7mOz-=l-2ipWymZE=H#PN4%-ruFYPlYkwUOloPkAtvS7|&Eve+} zU6@rdS8F^cPvLYOE6`Vwi}N^sAcI`e!F?;d>Xxe!LE4Tx#tt)QwO z#A2gBcl|S|wq~U_P82vQ*dCwZr|*N}>_}Dh3tNO1$51*`F0a(uD!ol+`j~kW%y^&K zRVfjs<7^GZ0fTK0*4nBy4{javC}52M**YUW2!Ii^q*8)@U(P@lYZDe`iWjAK+rK3p zH;I#*Y>t6R0KsUrq*H=_3#JB%1U<(3$PnhqPT*0+ z_@%qcmX9o~;MK?p_%^D3F(3Z}Ra@fpAgcE(T&yO9WK7DDl^Ipa?`hA;ez2dFgnzB{ z;s1Ui>{!9MzfB}z{6*ValjiQ@Eqh*M@HLBL`N#gHe1!bs%Z0Ew;_6V+H?}L}mF&o$ zeBv_U?PJY&EN&ZeY&TYJ{VA3TC0UT&C!b^ zJ!C-(6cpsAuM4cgMDTkg%psHLE8&a&8krzqWQ-1sj?_;^_A)u2W1u++Aypdx>+}M= ze`%96ovFTXRs9}9VgeR=w7Go8`|mblq-5FIZzHBi{fMhR4f(d*?~$R|*}JAG0nNMK zz*09Xm>SJaDDfpAtxCuUfi*d|ZJ~6+G7O>BL7s}-2>HenI?YBOH(MnUdY7=4ZvFk} zvoDUr9~*PQ#wuYf&&Cp%OyoNHO`V)r6XvDXbmP!qT|FmrZTD*7c(v)8uE?w(%zIJ@%C|PRNq8$31zoNxs?q9~7J9-HZ6<_w z$*K7z#+AC1AQ(fE(AsiwgP+QZdMwxMmv&|3=x?P>rTfGLAw{3FLX3kg2H~wBVNAff zOiPuHEI6EN#)Z2l0ZINH-hOG)KI_GMR+qcf9u>#W6vl4XuYAk%xYx@CN=hdY!Y2H| zSDzNIPYF5JY@Tbv0`x>C-kn@R;8hD83Un8b0J4UHsslppbOqT1X0ES+q38 zIGDJO3o<22I-@B6!7xyqjDMd-<5L^E>Td6?Tsag?DYM3$blq)BrmGVir>wGMTV0L1 zn{UNz|18ˍF6mq^A~(LnmQ#u548pvj4aehto7jQout?^jIKIi9B@Q#KcTFjJVH zksE0X#&c~MH@vzWY)x6NgL#g_`hXCw%?l%F_f5^S*jUV>tK4715b^a#hp?J~ca10K zSSkv*D6`uWDXAYJcAx8lE<$SztD|m-sbO zL;X{=KmlB^h0}cdVcqN(HsVN36&3I+msfa-$SmhlQ5JgV%jbv|kNYMt3P(MJ$7_cM z$y0oyUi7p5BMVV z*-}btj$GJp!WS*1ZgZT?hFoR+-=G5j#{om5mLxh1se}N0M^Qjxu{%p_~Lxldn#_cMR4l&^K$g3_%f4wpqoOK$yeh1i^xlnZFWv( zLJQ%bSRu}ccrBV~q1zR=)-0bF<>j>|K$}cWl}n%Ch{o#x`LzG2p6*u>nh!2Y&Lo%^Ag+OeHnPn1&xVo*;_>raUy5cqc^i6li#fCKNm|MNmpy;7rlW0c zLOoG3KrglpLU7`e#kZa43*s1Gy&ifY*0%U8`U~ir zLEmkwJ&PSnK8-&6dCnFd@_1uPyK7L?SZj8(Y*TgevYY$VlW^sM=E^tV*8&fQq{nD) z&C{x-7M7ONcDsg*BhG}c>>}gnp_h_BrL^XAZ-TmGU(VN13&MVw?Jwwc=lzG|Z&$qOxJH92LvHqw zC%ey6$QNO{rUh{zFt0$5Y@ZyPNxrdo;Vl zQLQB6YzTgJEl)#>(eTaqVv*yjIG4*(@ab@)TJ!O?`2LKki&OB*4TCm7_nRecQFii* z4|e&*F#pMp6Oeik2xPz?{6IhMVsd)Q`U(Hq3yT%IRl|$Ou;pr}l44bwa(iVGgf}+e zVFU%;%Xfh*2V*}4YPPb~Il1|)#TkRq4PLg6JPLDGRh8S{NRDCC*I0q3l&3p6au5hM zX3g-ct|mDVD({!$rm$8?oy%=nF1!*7s&SN4*x23r-uu=5s8CXgMXN(k=x1yso@kOm zPa-Dc$j6Tk++!7mi(Fo}$}g~g-&-o}g5npY*qgW9r4trDeE)6Lc_>MrdHxbPOIrIz zzREWssH<>0@OV~2*Q>~kb59^Qxh24UYQ$sczsy$|+uj5UjgH@Df2htbu3HC1)A-W3-0D>Uf$Hx4A9KAUB$37D7^ciXupi$MxaB!VK% z+MMTt74c?v{9-?icCT`_<XG<8Mx3IT?wtTqXZ4_ge4|pByxz9PgAvb-zEHM2M>V~ptUK;$*G!QULRBOTV>`bG z!=nAdUN?DdmZ9MrEJsw#rWBo)j=FNcgLr{k*y)&!=0(oUiy(d-H~Xb8vWE`~v&OyU z)QLbH04u78PXLss$F_G@>3zs(r#@sieWok^cyB_Si_9ctf}-X}{|pc^uyEg8pVFy8 z;tD|!kby|~dB_N`gWgIk9u^AHZC7%+qq{HZXq7cIv0wRSUs!}~M-o9bgx@79E1{>X z?0!f8^N%&FtoX(kMumaddp)f!hC-sHap2~y3g6^#rSO@$aK1wui+;z}Q6OVfB2I1e zzPS~H+0+vb9F_3NuU{>Nhk)12Rf-%o##@(~{~JJQdH*0(9e$eP+5ooYNr#J-s@mDf zQQ8f5guF@q-pRjWmHwl;=FtLqpH;=Q665KYtHnDI@|@A!qJ4{RBipfUfM#C8w#*2* z$JCpdl1te)ZEX3Kos{E@r}DyOo(3@X=SE?knX)R+a5gVh3sCMUI9h1MPwI{$#nNCN z^WRr1mWPJKzT{VjD8FW)Qb@^RBXPfyv=O-_csoI>GL(SU4=h5)f&`|EwmX(1a zMhZmO07vu7WhIfLvXUa(J^TC|-l?M{2W5)Btc64$xAc;*g3ma$bSE<`E#F=B ziWuG6c*J|Mt3sXn>}D8Hb$V_&e|6 zb4-vPv~|5tEA=5I2%p0xNV#yKt|r|(+%enL$m73}aH5<r&;vplZ+^zq1ID+AcB<+() zabr(>SxUl1Yfk0aIu%O7p;o`LWP>rAKN$LNsQCs7PD<%+=`v0FA;*yE)IfmeR6`fh zEFHqfr4ll~aO+}O@kJiM z2inBA8W!spq{k{^`iMt}V|b52&$q2lBCyxi)aKfjYX4~@EgqlE>AKIdDN6UU{81n1h}Dlhxhrrd-)TCnvdiQvso9HeyilSO+{wq^Kzyc}z;gomTwyHf77goagAb z1WdH*)5p>#V1bn6%M8n**KJ@j+Nsi%M9U!AB3|amyn{O0a0~_QYX@0DAqhd3v(tlZ z8#MM>OqWgmB>fT%dGuFYSN5zE2Z+ z2llm{X?y{ntB4D_PeG*cR&j-hk2|&atEILGwOP4Uifvs_U|t`-wlJOk__0H|eJeZA zvZ7>^^n+n1X<9bds%3^%;H%8Ap*}#kuEqnaW}O>GMcEKpZFyynL45UrcjA4o%!FJe zfZU8|xf{=lo;ym*?F+m=k{~S|*tF!+6U8ic7&T0DMQE3|+BK|@^$aO%jnKQl(Hg?v zGus6=Rv=4~Tjpz5?59gTKePM>%DU%>GM+mR{R?2eZy9Xnek89Uq@q1yx<3{3y#@0@ zRPd=}$`+EZJG;u51vFVlhriDMbH9q8kzIdZ*wIns2bOnhgS&PKark<w_rzq%W^8hd zJS8vbWLCy2?elw_nDpwhHzj#d$)yND^3HZpO4ojNQZY%cY{w(QCw=_N4zOjw)B?1UGxSXY2?8+pe1Id_)0) z7+VW^CxFe+zw-%U|G~8%-%}MWgWGt(Bt(lu@MyQHc^Tt7HAR%OEi8-(H3>CDp;fK< z&vME0*`oxB^y8AITT55w-)VC*j)jOu4=H~#)id+ZgZaP$v<&EY>7Tn%c0Ni5M3&@V_D5mM%LhHmRWDGsA9bNY>)`P4&8+E5^$%D1 zndECZSt$1i9W4ZfAAA=c5P|uI#*u^oSlOt#U=_CC?75P&gY3w-)3QlQR_5t9cd$tS z0ka{}4-K%WyvlOsZpZRzF0d(cV7Tf)!-zxom<-sND;HpCN-cZ%#)BN-aEAtyDJsUH z3#lqD?vuO?9^arD@5M>Me$6zKK$RXNHf(+LD=54A`a0GT>DGRbq`GiK#3bYli8y?q z_Q0Q8F2aU{lHqC`1@8fZ`?ow$jqxOhZQnZ{b+UHpXa}iQ?=1?lKT6JSCQl>Dl>$ z7yPvFWjQ^lr4-Tn9?|XhF&Prc=&J5NQi}TlNRL zmn9@+*=Jld^;JvtK{R2==UMqd56QNp6EtUO!>>PNaKXSX6n}itTl7 z4Y?%opDQmOf=xg2W2es}=3nslS3?&$$w6YyuTNlE{ULv!34WO0g!jvR{Cf0xE0;yE zPf-Wnb!YwiOvd~C&0jSBKOXcb3QMOB8j>=-{&$PNF5>*UD)oz){KtdT*|2f7NWw#+ zUzv@6oWY7t`H$yb9Nz!`w&?v}T#tCf?v$~n@D9w0n-bZP78)N=QDHn5nd8q_{mDVW zwhEk3jX=Y^qvJCR8yM4?r*7^XXHjP+XuBh}JxZTwMMlqv4aQ&N;MpA0rc_De(Wn_x9?FRXm;+-_%lFXxU% zMr@=-FEV&#+Vy&0>r0N7W_;3xCUYGLuvfoAoIgtNm~&=Xu_LD8h->3>qLc^=HGroT z)+K{T1v5S-AEjz^ts&wza!}{IhQGzglF`?m<@VH2$hQd1;35Av~?^tOH(c(N^7tO+VZ} zQu7nqIOt#6dH5?V?dQN+L_lj{>bXw74hShnP4s8 zlByq}b80G93v04q7e%9O!P!Ou*Q{><&@%BRLg z{LHk`mnTwUv!6?szLjh?=mu%7D6hS%PEbdSQm+;1ear<9}A3GpVPvG5x=T6A<1dat#~ zr0j#gJpB(LpzCrdx(rP-unylVA`^MWJ1)+W+2qRbR`e5I;VN%0L&PEm*{&_;PZeV; z`<&0F$swYvl*w!B!}U=gPYomm(Ku);+1^|XZhRx(n@FcvvLSS2Np#`}=1S`a6@PaG z;rbY!-vr6px%bQG{glBGnOl)jbo_;m5e;77h1N>)?N1eQ-VB zwGN_*Kblw-t@Um5n%-xAXS*xRjOtNCd_0h19oX1mZk1>&iwC*Z_$RXt(Tofi*&EiM zEOraV%Y3JI@sfQZ&5heQIJD5#o_|o9JE=j4oz$x~skAk)J(#OZ3U9;2Nwl2l1*Vkk5Fch5*R! z3`yRI4pDYf4jWYhp21gWG-V^E!0)t%9$z|(Oqt4iRt~k-Q68WFT19tS;}Q)PnW00T z^>Eqq>`(e^6F&d8UItP`B_jsZQ=+Z839<}RN-brCCip1|6Ft7d-Lm*dxf z)jY(`Kiv3(s~5^2(Gbv~S}M!pM?3 z3n<$zo9+!N(_%Wg?)lpiWy^@QA2qbaXe^35!8)N}^h=nt9&6D(Xbw`rt`9DpC*tG& zlT%wal!$)fH3+JIBr7WI8>6LcbPV5|e{z0XZtV%qN^DwlcelD9FL*P}JuDZPb^H-|z>5Ln};KaV$VrANe!*;*+lsP0m zD3ApdRQ3+Slb&8?UhB%UbYdgvbOO=;7)Fr4cfApT?sIB_ElYaduafPdk2pJWNBG%i z=aDYWhtwm3?EqOp^9GzVK#hz!o2AFXQAvIMLrs>DgS=q|=L)0R%ByV4?ug=j&ME9y z$*6T^A8==kt>rAMDs0gAXp$61b>FR>B3fBmy}VE|#hY@@Ew+Kk?+-fxcx#Hv6V$d=;5zyDNeNeX|7 zp&b*~{T?f~+1@u@{P;78OT@6*iZi0Qy#DSovpaKu7#nx}T2?4b50=wMwi;+u0?exo zfrRi@CE8vya2ffj<{?_+-@)1>xyvluT%sE4V<8cnavew&bb%s~dy8+Mb|yKW(;fXV-PAN7Wae)G3%k zDm))or*py829^(w8}**x>E9N>U}L$bRe;7MsB zaE1LoM{ap^CgtX7iSpz<3Z$R%sv45G1u#{25iV~( zZyw%y7r@-vhm(IGE6#JUcpMr1iJ{PALmx6eS4bNJmNkx)-gBjh?qQfv@q+Iig5*fw z5$%<+@GCrTii}ZI$r1P6@~U>1oJ#Um3uQO@phEVmuZtwPAAEhB^c640LXza&J%1dK z4oz9IZWINaudUVk69Ok5?5c-`j|(_HVgO$?PTH3L<$6y8#hZcQ5@F1Z>Rmzmu>pG z(jMZ7Sd$tr*+78x!~rXx(QfmQp*4O-rP4uq2Zr^BrD=4Mdoz^172KD%iLxU4f)+vx zN&&+^OS7I>Yyo?4PXK(!nJp7T1^l3sxAIV_YGUVrujBAnIICF~j&G+tnC<1dN0rh+ zL$NW@a?Uzj(Vw{STP^cC*eGG1>RTR zJ`XoXL!G~{BAZfY*G@%D{1}kQg&>?71r2#7u6(>*_<|y4$7Wnc7tw=_3U!TCR6@s( zbs zC^o{rzXiB<_A->XO!pv%htI-;1auso8dIWRc3;GLXx@eXt0^a=ue>fjRo~{kHFwIM zX?j9HlMEu_M*J_BMT--r89;Rb0cT3MUD~cSRMj!6@-Aga%LynutlxEBy;XP^vGN&^ z4>|Px^c%miR%8931?FfKd48iIHLed;ACyQVawgAgT6JJYI4wYVz!&juFIilJ>FdQS z#Hw}zHXq*j@x5%q`9ngQu9ynVx<_aHDad0DSu_KVUAlt3-d$?w{LO?XXYDTzc{I{@-Wr-_)A^ z6|=l%4yk*N^mXRrqW`k|-hBUQLoO$u!f4rZZ@9!1s1~`Bukf-e>kM|z>p)U$ex~~9$F!0 zEbMug3|w6m&s>_hC2<)oQyakO)OaHBF2=8Pk$fy|mnUzPlC$&X3(Uasg~*pH zaJK~f0FnadV0|CByQpu4#%#T+~`@E+j>;Z;fx1|KoeKt~#JL~nnMNKcoWs5h z1>7lk^$f2@*n)l*9Nv=K@C<>{^YiN~PhArT)f!e0fxeqlzOsvMFm1dJQUjD*BHST@ zsnzQ|)2%1GkTksdGIw)~z&(Ep=Zwuv8iVwtS6$pnaoD1Nn{CG$`>7jiLe7Vt6YaoJ zeW&!EEHHt0%=(NZ`15V#F>Lk%#RQg8YMDVd?oNk<$=S$dN2KX_K@O|F5S)2l9fi6?S#}E-*zKnqoJj{R1vYvP3mh^G=8GI^8%IW(A+nQ zC?_9GLcRkV_p0>Lm!Pre57#HMB?v2&jqA&kpF7NWwU1F1Il(|NM$p#JbqLv1QUCr8 zcgRiKUp&F1#&e3s5;nBr`3@s@Zne#bij_G2aRB*3gDNGSgEd(Zr(7elTmrHT7=$s@EvWSCITS6 zAt%K`?M6GHeQkEwy4p+bvO3II>DcMYb8m7$H-kmGS6;1b+&JEDT0&DyScwz(Qx`MH z`4A`K9D+F%k-riyXzh92Dg-K_gLnh9c%}Sp94S$+N=%oSTDIHyGK5iOK4WLA4+{hN zYO+eH3KOLF+sPO1n9U}R>xw&*czWo&!{N)OeQ$a8CQ`n4ik7H2TALs?Ep$AfVP1`u zuWrgYfFisdH_~1%jY@ZtPj{8#%ZADh}Iv}%%|bcPcp$^0?k%@65-|}y&BVh(KwgVcs5XaxKlL*4t`DB2dxTI}UDZV^nywA^$Df-xsF3sCtcIwC`l}S@9 z>3JrDSD*gNcpyw*(PB&Pp8VGQJm1*IDvYBmHLq-4Dk24O)Ent#qT8x-sCyQnTDp{j zE;Bs@Ar2#N^{w?~Vdi&|-y&6tB|Wb1o%C=?3ltEqc{at&y-5K_#kW!p$@Y;c)f?+w zB|g?DocCTc@tg@YNuHl`x8vasW`AFXyUHA68#Yk3ls*k5YWAgej&F(~uqezbJyY|x zsaOsREMIZ=78wZWQDQtiP+s#h?+ZXHq@$918(Mr@2kc!-Kc=79O5J!@1+HGp-0lZR zHRSrUkby^mq^-jSy>j91iTPd@-wQl{8up^a%Yj0&Gd_itp9(r6?__^qmW}F2o_3R9 zh90FSZH6b6mu`>jHF#lB3|z7jFI@~}h1koH>Df#kJx%vQ(IcQ+-4)K^r#0p!x#_>A zg(57AWz4Pf9D4WMpH&2p6f=qvq`{z5<&B8$Ws)AfM)I{~UH+42+`0bVU)SD`HBCLd z_R52<0SzrNpH}b_z})bP0ULQwJFY9Fh!TdeTZ-@p6D$*Qh0wf{WH^>a9)1`nHK^`M zn0nse`0!3Ro^_A9FN&XK5p{b!ws?E+alVrgqjfto_0N!axwLCHNC(so<{u9q!@29m zn4Q17At)0G3VEmLI^9RTl%U;Z!*&R(fQ^nxzocuVpB{h!RM8&~~c#VnW1@d;rT!JB96{S^*-*%+h9VKI_=_* z(HiG=L5083$OE4L(dV8hftfbvKUk?zvstOR>;myEtj&rD)2=us=y4zObm?T`Q+iF= z1cW#~6yi38NB|6CRbm}_)>k!OcqHLb5!TJjJTTy2#)K^8m`TZPIFkC&bSYL$`d?e{ zlmuBa*pF~r*LBg!>Ap2W%$sVRKV_yd$BI#Q`8avPkYL(DDn%T@185}YrB2@5aG&~2 zbt@qD^*dA>Np-TylE|7J_2T%UwZ5*)1`;rcOG5K9G#;H@C*ZB@z5*^%G8=%Bbg?)&bSvT_<|>6pdw zX7f#V`gwIo$3A-6QBJu3FrIkZJ=Jyqy?;M-Z-=YbZ${M8+IQ<{S{cfn!#jaIrJ`(; zvVX(ic#JMx(9`Tb0nFGlE7-akKDacqM*nBENQpe)lxgU zp>CGd?}PDD_4xjep#t_-EI~SohIVO~C-pD)>qE_ylO&FiX)$fXO3cwL$?R1~xc7v8 zep|zOq>oGDXYjOcgx8sa*aHfK%z>V0sKk!JbcL+RZoz)rCyVBhsI|gjp7@kUVKIVkSeVsV802-pL#C&J}N9EC}(RUn;LYF)%M=iA6|?J}PCF14f&BgVP> ztbu-60^XJrX-wmu=olJEw;QT0O|D)jG|EY0<_AOl`qH?AO5%g$Khn#|PGjh}~m$r3QGY zIicTR%)LUDEL`%*(;U1_2pJA z=Lr*$>{wT+lqX%x=e2I+tJ;G1jb*O`?n)eCK{*?UjZuf7&AQLOS5)~`0J-}x4&zeU z6d>x7;aI!rGx^OFNLKHR{J6mU#yS&~#BplvrtQqhcEl!R`%RAvYH`ISqLsVuME(J$ ziges`L&n>Oi$5lmV?D@L)+wM1e>3{#^iiAq@a+bEZZe>#+xy$m&yVL4zjsRYG_{1F zVIUUi{5?mn+UC6&`4Z%M43tbYs)LcTuQEQ9%h~ArmiSU}BHd~my}ml%FW{DZS?$hl za*dMY({mqaM9i;ST=^u&YWL^RIh1!g(?uN==$;|n*R)xBA`=h~fJi0LTElTO{;WQO zUeGR=C|`QluBU~^mY{v3LoxVtI>F2`BM-{%!7#acX%)f|j#D2g?QKy}twM5MqlRA6T!ISi+0e7D zOWv~pq(stuDSCQjH1w&f3V+6pYrJiJUT=|Vi;N*OfsW}hdR_Q~FZCFouB>bgi~blu z%Bj>SxZp1jH5i*|%vKbXvhvqCcBW6q&5ei?Yq-?T@Yv8Auh;qNo8m9D;1=>53}oy$ z^|eJ|(#JzY!XR>7iNVS6%{i_Dda5yeP{#Bj(ldHcs(otev+4cC*L{4>ke5ZyLAP9+zW3tA{Ki@M#K>eMciV{WKvGRr8SThLEKP zU4GqEG&ow>`Ot)$Pu|E^Y;CLA%rI%Z5wSQgxWruMM0w5Q`(mB!JMQGQ#aa;1#l#Le zEHGC8T(ut2Ww8fL7|JCSMv+Fvruo>@cfL$K9yAy#$10cAcAc*auGP1445 z{C(L17hsy~)CzwL7yht&OK<6mR4qNr6W^v-UYc2faIFY7!#4fiS9gVs?x`6G9_ulf zvWzQ+J+fDAJe!{jA}1baiQzjj=b*3tY1O!}|D8GP$ZlhyJX(qS0ztM|5hp(X`nyEr z97lA zx$XZ2{^1`@yrw@--`8G~y!;PdqkAr`^tri zwk(oprb>AEaNF@e8=`XVi>BOF31O9mNpH_x{yPxPhCmvjA^tT1xx5S=^m9V}0 zw{~Ou5jH4$f0+00##sfiCpuFqKmOame~Gmdg5@n(SnX;4Zv1i*_JpO1{`0@B`RM-r zn^jcrtA5uV{M%)`R>C>}K@Off|FWy!QUtJOydNX#91Huq@ki&|6ePuc`d!EQuWp9O zUdFzy|MNQjt%kS%@4ODyCj<>1x#HR+s`ATdbgPEmo44I{eJnpuMDD0XP@vh(G^Z>O z8Zf;5PxJBC%x$gdo5A3OzBYqe21S+tay}>SP0z^KdjtQ-F#VIHeH0PA-+4nRMVcUP zT6$tDn4WU>`=$!y+otTB6B>L(bmXehHL`g)eSz z2PGHl;VcsuVh#c{eT+K$79Imsl*KsW$laS368xe!Ed3N|Flmp08!pd3}S_5lCn}JsJSiird(0 zZWMJme5Pw$F6K@?wY@Ig^vvN&Ju{!I#U`)~;tA@{OI$a!Y)$9j7%3E+H4#0g#_NkIe%O_!qIE$0sWwq( zD1_(pI_QLNp~~ru_mb6S5mY|p1dEYd)14I_zple(8wWn@tqHpl8vA4J|CIFbX-)n` z6I`t!#rhc?94*jCtd;ja$k@2Vd~*8GK?YyR&rTMg$`th@b&WsArGkm|;4o$LnpssD`vJ4JmPt+x(nKTk#R{MF#?$#dNJ(pEiyDUGbP#=McxwWO9DMzf zEEVZ#F}4=(4zEfdci^mD-fI?MK^xEQ+as^t^Y&%mR$=Pkj-(r-%6ImNu>UG{VLL8E z=amon)b>PJLSvVArs(i3BzPbZT8hj8A}lM3D{?mP=XnJWIaDH3M@rLKRJ}cghGFHQ zOZDw>{3Vu5f%|j`jRO6>A0dFnlAy>|g8_#Zn`ZTgciZObf~Mb*)b`4dCsON?$QU_Y zT_pY*<9pRU4bQ3BSvoxVMnQ#BThX)$fvN{o_C0}WN!t=jOz1wsbFadv^}YlFNKQZO zrLZ=2deY0V@qBe{^#~GME$=NKYP*j4qL`6eG0G-e->{hk57CA#<{PRhqh)vR6*Qh% z@}!4}Y&t+I8N4scO@>4?)nCryE9*Wu5GSvK6Luy=gHJu^wgp3lTGMJ%71zaT+`lb< zSZp0(F$oiip@N)Hql@MPZ=DH**Wrn;3&t#C+bRUs#$BeQB7M+aG(glTKS`$@CoCwnlc#UmrfISmtY= zkov*zwM5>4ftXoZd2Z2!_CNUfdlt;t$7ToprZo+)wpA>KU^H_e@F>+`( zf^a>kiw~RZWDp}nbl7Dc@;$)=oAJ~#sGgo!bUIzS3NIhCSz4E}lZkkklSE?}sB~pR z4BJNSzUiK>=}MD4r$yZI%(hQVVDnnA-7tw0(d6dHJwWzrc-R%;&Ej#Fqje@-qXxR` zizc(~VMbb&;K7RYjfw9yjoGBl+0e_4 zsEWL7_gbE9d@p?N^q?zz_W)J`Ha%0plpQA}Ar6=CpoYgog#G3M$gkRJ53NttXA2^{ z1^VfAIr=9AYa7c)nuMAJhkEf6A*CKv8_TaB8uPVL!kPN^+Go*YJzgH~9Ol+UdWf%jrIWY8J)b*AE?IrJa@PEAiEt5!ugc_GIkZL zhv@aO{%b768zFSD_oxlQp$V?C_CbQPP0ly@+8a)9Y@~LQwee*hYS%g^y$LwmBzEuy z%7}hMcJOMi!Ys^Y=^6E8N!Y9#-*|;PL)I9AB0r=Oscq-`6h55gtF~AS2x)$a?^SI5 zD-3PXx`xeNzpWXo#1e@C#F~y1(I-G?CTqV^Rqrb`;Ht$2x>! z;#|;KB^^Pp{1l!Zr;nv0y!v{R`>;#>kGBHeb2(@{Ej7MwO8=JwTeYjER+y&gFxxDJoq-f{|B2Kab16NNTB!rF*TAAndN6Qv3UI z!E}68V$JIfD*Kxf_qE?Zz)kqaucOnu5bSFC><}eASJb8G5stYv##96l$uGP6H50`$Y`)J0j?pT0G_oSAUX_c&fXs4$COLzZ?3CixyG+A-o zh|vohim0~enDi5H9Cp7Q*#6em^wQ^6DAWJ~^)nX(9NS#KQeJ9$c#FJXJaSqubea4C zVMT8z5n=(@?)0&A(|RcOam@(qGUmq(vh~HFGkkeEB(mFqLqYpyeF}?i?^<66Si&35 z8$KIkSbJk1pgq^#(xRAJJvdubrA+NspFF|FU%(%EU7Yf&a2b8%@>FO!SmJpRNveik ztY5K4dsL5{Y-Eq~!i<_1{QhjA0OvR@@m3h{Jrqq`AtTVNsEwV^L2+=8 zmfV;v4$wfY?=&LDY)kW=ej;Ji&*2c;@b_omhpQ(yOOd3X6%udool)?8O6*3tBkvgz zZf=-UerdmyCPcs;B+8uD=*gl--d&!*SO1o!%}qP7BBu{})zf9FVnxQD1rMkf^=A#r zPkEfEjqwP?SUi@SvB$Obp3@mu@BQuzdtGH9wyn*t{j;-mV!7JXDuZja$x3oqPHKQ& zZ@+!+j&5hHcLD7+9j5TQzYRvy!s6CSV|hp(K&BzYs^b*@)K>9;n_hn3QA*?m5T1l zUVcfd%O`5&)+{5FQ0Y(UuKCR0)5E}~Le}1_8%6>MnWGOL29aUM4X;kVkM8T7#}hjf+~Y9LQtF?w~sqGq(OU3Rmf>*+Mw>n4$``L&hRnp=}k zmlx?9PzTAgo>@r)O*`K#N--JR;xrZO|zX}xva5UZw{_nrY=DzWRNh( z02Meqf_V1R~o7ps<-&On!%RM!+^MNS!ajzcO zlX7O9itJW7lNcJ{F2(3Ad4>PtW?vg(A#G<-Rzp*y_uq z=u~=*_|@P6I{5olwWkz!SHkd%O>n4RoScfDZsljmiv^>m znMO*Y`wX!()PK-kMx=?P`6RhZdKYU<>mP@iG*jH|K_)To-< zn1-b&_j(l-|CaZk5!`=vaR+=;HssUWvIXYu_w!s^$w^muegvdwVk2zy+ncCHN^ys+5|)R znrNw8;z`p?zqTd$4l{9L1MBKP}&Z#HX+oq@AC2G>CIQptGit{J}DblW$ zeEk*UtX$*0KHzYq!BUTK~hOyv`|u5eH z-$x%0YBTz7iW?t`@$JPO%SAoycnJ+RMR_cICz=*M&-~Q%;cGr??BlIb(ZRinU9z?r z%aeF8d6$U=yX9SGU@57UMKw}JxB!xTmJ2OC z!xV6eKWBP*Za?-qGe?IN%T<0+?hDwltt726+>2dQf^-wiW6P_L0qy!oxk{3_WlCt1 z3G9(?B{L?TIbqx?-9S+DapQ}g9wRvsk~?Q7*<>Soex>Lt4RXaI@mbHA*m}WI6j5l= zqRMd-V|)EcqO2&h!Ib^CjQXSb<`Y&Tjwz|P=GwTbx5c*(_CL6od*Shmk^!4XSbjSB zLAkf6N<{U>C(92NQ;sc2Kb>-lA-x+A=pGBikGT#u6ZCvM7^K$5x_|KQ!NJt}-kEg@ zWpI#I_C9i{G0naGBbX=Y)i-lXK$VKuvYtKi? z%cil!>`w{z2DtDiQ!=-yiVDx3C3>;3yVc@>WT9_W=TT?JCT#o@MlnHtwO9Qv%*iJMilN>g~Own%cVcVG9Sa0D6#O z0Ao3#pnyp4C;~P>={;Zs0-=Zq(h*TmS`GqIB@_ih3oZ0s6$qgw6iEam5ePLT0Ycyx zJ@>u$;QRgkW$clWow2gA)?9Nw&ok#v))wGaS}hdNVeTz`;7YJz-2zA9T-l*l$#!kJ z-8G!kSB|@EmReoEb|Uf2TXuB$y(Wh{$0{@*OAHrtMZ3Ma_zHWj?trt(<*V8!MGIeF zivWeID4iMX=f{u(?FSKVK;{OEfdto2~O$VGZ*{CQP^Q?%RN+Ay~t3tg>Wtzr}_d!^VJni=ejc#u%_B5}?PLw@cLs4BzXjWjoza zSAERa9AXAA-T~SwQYQeJ(+qyCrVeNJ)F7bm==QDzFO~xUi2Z=iOBDT z;@WhL=tqEDXTXzYC1vxzf7XnWUw!c~C#fOFOtSm}zQ4w`r1BDUiK(UrdPaQk zTRdjr74db$!>wZPjQVv3++e9R5BF^H3&`4OvfXU<0%*$a!(KoVT8(<3{_(nG{X!PH z>ib&>dG(#wUq09~=P<6v>c?DpqzET7h?N!U={hx%${fP%#uuC*%W{A(0eEsDSOmeA#ITUJFHz;{@dz;xkc5GUeVn$O# zWl-aCTuE+_2Wafx29J--84m-_#RZk3U=Y{QTbgXQGPw_`-6__(hdO`u(D}d555#y7 z1G++uj$_`fRyYezLECg+YLqEbFh8vAtaiJZw2kt#C8ki`m<%Y*X{xZvZKZj^u|msn z@--AJ7`n3$XVRjAmXABu!X1|0H;mdH3U9w@&bQLDPQh3U}LljzRX{v*wdS{?suBfTK z@9qIgJAd@kVzSDP&#FbNI5|lucJwQI6}nAGi;|rqiZSZ54ai0k0r@yjTiNQyooTNj zo2uOf37_%u7@uA5SqhvYqR@|>^7;73BMTWOZJ@bdov6vcz4qX0;}1|sW=F%ER+ur3 zL4KQKUcTpdLUxynl{7$SL2SRg=K4W7MB+olgP&(dIiHa*r|R2>Q}aTez}1oynJJBa zgm2IK$}fU!9}PRgT`uV#BXq1Ntf+dbn$xMr}O;#&0nF<>dzTm8SPnUc)whB8(%Zok{BQQVhtIyFL@dqIn^w z?r?TK@Xi{?*vnN^D9^gQr3WK+=j{wsW)MI!1Fdp?Jupg*y;JbvBKsz>9% zcHSPYH~u=iUKz8nw8z!=@pfivRh{o&9SdlhYmaa5hH16?oBjw)TKb$(^k~RpI;Rn| z{TTABonyd2NwkPh{dB3zoVyht0L@`A;Y(m%cwZeZLy+w*5g4~a}ao!Qbmb94%!^&r2Cm|7Mt`k<7bPjgt-c0Dq<8wPSdi_ z9r_6p*G?RAG32;u;HAxikFzIyx3TxyrC{^0nKrAE%9PEFpoub{w%jDLZtwfC=NXIT zB?7h!K|PThBRT6j*FfONY3Idp3UPdAe7O7%Sei)2SJhJ)kAruN8FzgrCbqIFTzAKT zpM~%Pry3YJ_PfQfab#Vahs*Y0yQ3Edb*%a;lweUdQPnqJ%4eTAtG-=ACh3NZQw^(# zpywGA!}`z0#HNF3Q=L`I3Q#S{W+z|A#{$7;2?C<7<70_vl{F6x8eq)kq2^}m`)5Ez z@i+RC#cSK}1kKIbZ+865w{=eQeco zC0CY;%JF8&&04diUAs0jozHUSJdI*H5YDLX67qb$9w*;4g7l#^ov#G7_h-g-iC_Es z42{ly4Y%y#-7ZU&(;!#s1PluNG3IUZFbu?hM+-L8z$`Wb2)>!MB&X(41EECF960j6Zj6E zJP~^EL<@Wb@N;?39y)yP$!F(j(nA4rC&;Ff#pN+NWbZ zQc{+>U<NOk^$e}N;2?CdysoK(QU&7*V*xB5jD@**m2?FG@hRc^;Zb zJoU`Nx9)UT-ilvONwNr_%?y52U1#(Y;e1JEjOKK$h%qgX4<~KRo zkc`drCBn_!6cgHd$McD7q(rHZ)=qr{|0F}h3(35`GYsShOuyA_zQEAd>vi9}SvB*n z8fY)`yh&jbR0{QYAv>wBxZQG9f%zoxl`l#nfGprMy%v(;+#IN?`t;~*$9T668Y=1} zWt4~hOdfu&;er7@EppIEtX^0ni@AXk8)#>*ec`vQM$3mN?L^NV-s&E30)DmU2^I~R zQ4ZGFnX24NE*Sqf46F23S)B~3o^+VLL!1Jtw>0gwRAsQ&1gfb#%AQhVn$%z3xt=St zGT~~~-u;FNdh+;wo0Nv7|Ej)H~YjA6O4)Hr*#-e=l0z~@U0<9W~8|N zad8)Z0r7*x7pWr!AB`{lJkw^|k==F|JLw46xZ++DVq~a?%_iiW?pMI47!aR` zusprKmCC)VjKcUf-Pj7)9m&$!+#A7pXdWa_o7#LkZN)$1CVB@(8XFO6(+z9yj@Q`e zdzpzuIq($UOk`3|L&_N%dgwo=KY<;64PB$$#=})ym%qX%cjDV8)F|c`R1(;@ODXQD z4kW&*^#NxeCVF}zQb#5*{rSz^O5r&f^{16fJGb}VE{4>}?^shL8NQpH_wK<`?9$-o zV1d`~?uil&#EKs`4(Lz#!H=2kUCe=`+mx?fuK!E5hj6B;p!@koAnRu`59(>eC*Bdd zFp;e@0?ox`JeX~zPa zJy_N}_ukjoMeBg!r#~f=CfmZv77)VaXUM+bJpM`(#8cWWe#y3BtR$H)buf`WX?8PA znPP++S+eWazhjj_rkXdpn&&-#4AwHa!Oq-PM z(TDWq9fYgy7>|%KXk>W94}t3z#%0nLEGRamwxEZHrDSUqja&@Aq-51fPA&?{<==7r z^CysH9y!D?PL3~Fv+T)Z?>$zXZ4f1@L_@T$-{cAkJf;JDUsk=k_BKbWzP`R$s3@HC zP0Qs=rB%={5gG8dZO)0^t4HbFZcY!igx0NWL#CAR&+N)`g*0U9u6(ES`0X4~XbGiW zQ>IBxJlJL*SLzD)sSpmkEeKw^9sZv>oK*fW^w<+wqg2bci?xn)NTepy2F)vX9sDLZeMzFDei(psaBqd7->l9AOHHl=gc<;7{H0_ zI{O^hD^c%`hSTlDLLH%>ME|b?Vs@y#Ndpk8C!VQr2=pn}ra8Y-YF`UhYsjt4yBMQS zxr0IBsv5#+Bg(AJ;VQhbhQ+_e@ynI}ap=m!p(m$E$0J0&Z#5rWTIDNI`{(`teU1hk zawC9HUhzkLy$@oGfpVa?%K7_yX?b(;K{by{E)H|XVD8nVKu(+PIHvK(q$@Bb7E4@MJD1<>3N8@zYKj) z_~)uzzW9RO8&_gO!>-2sXkt{ga~R#NF8s)H{1Yd~P|)heogUM6_(>Pz2+lfp7C}51 z;Yg(FyWK0cNi%LKT7Q*j$4r|EB0BsEt~s_C|*QUwrrdN{wfYnW88zJg?ggHl2e9346ZHJ%fu_GYhX4xuuDZrb>b@ z{PW9zq{1Qu;O9v5?;ilJ1r4Wlh3Dmiwc_hwsUtn#jV~X%kfe$KNF==b(S1N?nNbw~ zR#WJN9g>%>`4vEkjz|(QUS8@j{G zS5I|%*>sAvX5p!tA2QyknaTug(48HFKPfG(+n6krmYK2-WAHa5yUOwp17X%=~=TJobDe7s&0aOxEXXgb)+rr(x2YkeU_G2 z1sKx;9?SmHp1?alNAmCE8kuurL!rK{YZf2jl%;>Ku@8%ou*$nw+c^61(9PrLV;6-7 zFmn@|y2qXuSyeCBDj!3b{_e38iJAr>6&J`nOzr@nJC3eBQZV7`-rzIp&2Ft=uICb{ z**sV-ycnq0L$@3hZg8H`V9pzav>y6Z75r(={~Ut-Z2sG6%TL(l5vuwYubSSX zNMw8z^h$Tw=tq9Hv)(NU;adYKQ9*F07~D4}y@k0X&~7~671JFVHm?8c>7OnIOV|c* znaxKSPVtdBo3>xN$?*+(TgkH=P=K>K!LWH$k9D6t2cZ%xP$fTh4JwU4sb10OfN$_4 zG%l9ZH#PYzO>0ODj*e6Q@C2MNC zHFhcVMZ2J8_CObWm-@`+QA4DThC?H}#u;-nt^F3y^k(Zx6^G}*%WcEpb(?Y4-+u%g zgA2H99*eWfYR^8`89%%FZe!^9-U;<2w&2(m@{6Nj4D0!Gxiw zlJpaXidb=m=2+P1ce+214B!xqUFpa0O}hFbr1xo2+;2>huYVxu#^9>bc4hKmxS6mK9jlNyF#fkc zTyFQs+|?=b({S*48olhICK~ zE9g92R5<{t`W{LI_z`tU>~+a<^Dw1tu|>JfwHCntu;%~9Qt^csyP1$pVP*mquu~p| zzUcBzCN_vTi!xvFUM4^{;&Kdn{Vji>W3y|u{filu1$T-*I`O; ze<*<12=f!}3y4wL?{6nULwRopA(v1I23+zqgkPGAYN1Q8NIJGVW+$0@LHg0X7=P36 zwvo@whAgYcMfrprc==W?_iv3c)*8ykFkzTN2oD0K*liW)X;*quyC3@bVSD3)h)_U> zg8fZ4Kn- z1-kqI{unmQdA%G2;`ksyRhGYxVJB@01{cW?jz*!<0Ee9o7x5?3Hqd-v%c7+9Ec+*t zkFbNtM{C6LgE5P7?RFU`{LF66So(QgwAC^ffccHK3|E#t-XXjpjdU$7Dbi8ekFlXU z0qf$zJM?e(ZtJd}p@BHo7=}ANe4c~Q-ITFqekH2?X(Rm=tkr)zWh|##-G%uE42L2# z67*bLW)<^2CT56HetoYoV+?g&wJP6=@fTf69fBhkLX!>Rdu^@iy^=+p6{WHCtXS$d zBd6n&kWD$jsJPTV4$Db-u@_t)tz}J`9djZ}?1&2p4US<`tW0}l%Gt~4rz>KyxE2C5 zCs9wF+Ysd^UP#ppECX)xyZwD}RwD-2CwMm090li@wI}@G$Bd zqbB5>@I<*V6tXz-RDY#2g*^&@C{G6+ZbHTcbqJRB4bu5NuBF{s7`T=%L(It1 z(jo_SjJ!-6Z86OIq;u>;J7Zv`=JxE4xF6`sKQ-_FM81y9!HokB7ZPD|z;@QOspeXs zX|L5rcDS?zG_X(35b#v6XiXlov6SLHB4knWq2NmIr-dudEE-)Wj>)E8vs}P;aYUub z6KlD_B}aOXEe_?y$Tc8b^&ifHN6vS(Fe3rRBWE#sISzXgHa zNlk+jJjhQh+G-=crv7Np4p}Y3%~N&Z&E3lR!6`RBB`!(uK6euYU($bFZ-#siRoY}iW+4%6jnM$)p} zC11>clOA? z#-&7dpU(^Gv5j4jRrV_A{}uM?to7dzLL@6oxI_kOG=J{)i)&wfPxTWGalk_Z&>r6L zk?m!n*+47d_W+()!NXqjGU1(>wvIvE9*~^eQ;X|w#U$uFy~n&az(OR!pYRQ~YxMnC zS))_-o26Thlt!#x=}d*q=UtUW%FwV183RH0S%MXi$IhR|Afk^f))kcd_&oAO`Zz;lXr`sQO)LJj? zMFKQt#z>Jnj>L@;xdBns^DI$e_pb`B1A+m-UdHyAQ+hd~DeJ;u3^h4zvRF{`>6du_KTY`Mm$|_#bBno@M8g#%X0ZWg7_n zPxk#JnC$c=LjW{O9Yb0QV2rNr2eg<2&3PWrma~(J$993XdrSxiF-t#)3!U! z?30+DT>i+8+Vm`bcOAgI9wp325>EI+)5ar$FfF*sSv@xf1 z%vv)ss>L3+3OCa^q6RPb7j8E{ErA;lCU+}n(L2fkj#n-hLkvBITssu>)oH;l_f&7G z5^(S56oJ$xX>IESiuY<+Q}Z<(AwIZ3w4Vc4%ZE6lJ8kj(u&+abIsES370-D z82Yi`3^HQWgvsJ)eZdZ=mQj^fl14j~I)Xd4jQgQwD>#b!!i-{um6*Fpyyd)O31^yt z97r_*^U!NpCP~f{-|c&0OO`MG1o#X*p^cPSaBTj#EEJN(!ccG~dzd_o7A-X2*Bkk7 ztFwv;+y@D|n<^d3V9SxA2nk9G44R(@7%TwbzD;~h!p&dkjvES$-TiyK)z#2*tVStH z4%n@Jt^@i&H^`-<&f~s?0T;AFi3)gTo7~>$CqaA2!F8dkb|O!PhO(uo*EqkZYcIaLLit+HBGBwANWxqs@h_^WJmQPcU$dPa>w z;Pe?=uyyA)U{i3-;;CGSMDLdJ*8j@=e_j+{e1HXaC;^9&j~>o03I;?OZ6)t&rWp>+ z_^T7u5TC9RxxVC2etZOWh%ruwfzL$x$7zdrZ72!6575;6a8jYzJVF3B9n@$`1fN+K ztaJ!A6&y9ZXVL5^E~WR|M9zd31l{_DfvMFF!RcCGBcpE3pc>9Ff~7u7JBqj!bxSWo zgyt-g#_RONMW@-l0hd54OxMGIES7Qehta|5g|%m(eI{iMJXpF}kxW-=QO=563XpWd zYc(+XS25;4x`LHj(6~dhch6&4NgSfpADEX-^hPGmd)kP{uC!7c^nq9&(7h=r-l?e% zTU_m!I#SMcHbT$Xxo$?et86Z{)Lg(%!!Q*yOsdPL3#=p3aSy_j1o1;KYEdbv6St`h z;$^T1>A#jrj%{Z5Jj%t|=v06R%Q>h3Xp}6mOkrDF-egv8Q*hT-z5ksgrsnh057~ik zLDy18bkbVR&4@-@_B>J>p{(L{xi5U0O9?!)UNh6mkS2jkzF3fy^cI}y1NhPNO?l~|fvK=u0O^+X-)(fhPX|2M7P^6k$z z0Y^isS@5y3Xbuu$yeV`UyR@j(4P~*BxmH@?))hHRBA~NK=x;YxmOxyPH`VsaAMWDF z){j!%aSR6?rktL=8WTut>;zZ5mI8qsTpa~--glND4w)z6B zMq!H!9jftgE%ao8pGICBMowsy+RIZZ<|3=npVZkmTGqrLEIeB()_7NhWLlQr`mL@E zelbTCl|WtmxIXmnOq2E6QY+KtLSg|Wm0l*(8u8 zF6xNTgd_Z;ymd|H0U@`M7iGDToo=PJHV3SQDD%Tl8_!26sUDV)YvzG#W#rs;Qm^t} zoZb4b#FlrJP))~t%*o#V1sX;7H5`PT)j>FqXDb^BhA|##aQc=lA7&3yrh^&$yRgdrC}3 zvgh{z5UJ)A&z?MNw3{RMjV`Y&qbR2FajtgEm&6&IGODxi@;_JGSjD?;XV0<&2RQrh z+`3`>Pc3iYjpm2&f_(X(A=@iU>~Xc=CKadBQDyMRDA^yutGl*^_1hl@7)jYz4BG|4dwJxZpdB4sKlUXHnNl@Du$rb4ambeLRkTyV&(zK~ZACTU2?n zlBIC8y4ziFY*kSgsb@zqLa?21!ED>M_i2#H`fsi}5u<4l_P&QDn1#0bhF|`{JfBwJ z{P7&DRgMC|D4MieddzwUmXs3~auGfLtU+9f3W`;i;MRxxWTwJ-fbGZ+krmmuM5xz= zkT#};>HDQZOUn`2VQW70TWUcWl9jmg4&}M&P`ti@H>rl6aqLqtUlDlWTy@>Kf;!uR zk~kv8d&k)A?%^77<%5ig>oH0bBdWy5ziG}1m}VmTRg>Y{lr5cLarlrXvP6F-*!E{> zg|%HNXdD;3(oL?B3!AK`cK@k8qi�aNpi!8`pm#ntJ|b&1cvm%X+4{7f2D!&A2ogM}>Vs zosWf$xB!&ZATy!ULFrHo)DZf9^tzd&5&d$Znf`vBw0m+ycG8y*eQ%yMq1mAHrmK>@ zan{yaYN#rVU$ZM0$gCGgW=AY+J9s0ki%`n!9lm-mC5C#5Puxwcd|(C8{NFmvlnynO zvvgQIHD~DmvwfVeo&n-2?*0e3(HCH(WB!6#&w^pCxMiUWrwr{@<9dDz9znpNu!#rSx{znc?7+LgqcM{PQ&F{JSVRoTG;*@+ zPG?sypeft>F0vqTN(QBKy!x)5YM#65DSCeWrO|!$?3O3zul?XMeerPajJBNj2Fp*| z8Acx!dd_Kl2j>gHmFZB{Km38NQ_Xj@>FaXdJEll8624$x@ilbter8b|H2hv7HPVIM zisTo$+}=>_?ZRxB*u_I47w{DigB~{B=J=Rx9k<+SidduKfuF6LV}F;VSr@PUEn3|3 zH9PgZNS;&=-~3-#R*`w4j+%~3n6lC{nqtTo0B;AM^@_?=u&jV&JlkjD6QR@EnJMfg zgX!gg7Tn+2S*fyurBn&Ta&T_9afN>jJMd3x!Yx zizW!DiQZA;M3fPQy$GdMF+x7G&{t?_g_2|^kQ;nOI)D4__B723w9TlW$)aYNesLb2 ztlF$I99%DJc6eNOsy57qu#xr<{AfyM#N6`JzK>qZ<|L1X7ruBrrN-scNN}7A*s7IS zn=Bqb{UdmxA87@DiI0>sT)g`mstabYSq}afwaIZ0y6=-onWd)2PL{R0bY`%ZcWDyk znL4+4C+&F#-=Er-qO`pEYk(U)u1UN0cWt1SRT(=DQ0hi<%r^;uR(rGWLkc-2T-Ns#_$06kYE}M?ka~$dy_U7@-x+@*O0zJvE87U=&ty4S;CVyh>|zwDbni~SzlwJS~i+-h09am_ovz3hfiq#94B+Cr0A!SC_n z#}=OLDI6KV+DYVeKY9%Rm4R<~-ir^E`0c9NwI6IW$FLfOl_}Y=xFJ_AlGkxkqXP4F z-rIfOJH`nS$Z%EV?f$n7`jZYRYnNQ*&`6aav_!6!O<8UGc? z<7_&{Mu29MoU%}%7^hgm^Z#;>h?Y0*cW0|v`-=ikmi+*qGx!blejJG|aIEA+0xHg5 z@2pGat9ZCy=-#q3VBOP!{`kE1{ty03^Z!Pk|G%EveLuOm_u~1&%N$MD&I7E+9c}$v JB{%I}{y(t&4f6m1 literal 37942 zcmZ^~Wk6g@vnUD#cY+MTAp~~~Zo%E1!QEX34Xz395+pdmeQ*dCAh-_h8r<(>@9(~M z&U@$dubD3Cs_K$ny=q0NC`n_W5~0Gtz+lMAd{Tpfc~c4l1IK_22c0QlIwypINqUz3 zB&OjFd%Pf7_l6xCUUl^qWLc7uvG{_1*ke5`c#o-a6wC4bi&=-nx6TMsC|&N#S|8;U z`x^b4?%R!uI73$g=p-hHUni@J3Z(g3ZMEeH3j_0oJ(s)kAqe-+{KwnV;zQ3jFfc&? z*D@MUmUVS>9I#`jUva4+baFk|kUl;Iq4FmXH=_fy)-Nm6aFqng&@pKg6Q^h*4n9wl3z=hI_oxM zNxQrU-B>Uv7P`rSPHT_5FAo$dQdQpXe>kgOSD{oOK| zXxUx{(is zeJo*;{iJ7S_GHrh;E|wi;h$bPM>$2xErd}@<6Kc+G3H^Kea z;^u39n%wn`U2%tA=0IMxv%B;DIwscdxZj}yLymL8Y>)K_!!EJsPe>n-{o@(ET|WNw z@Zvi?<#9bct)BYYR%kK zr;hP^qBvV45s?p+q1fWcwVX*wN!Z%^c1pLB94p#v$$%b*bPAHFPk7_{Bjl=N#I639 zh?KOLa#NLZC{T(JNp_0r$$5v{@i_?kEj~vjZ-zp6pNZ~u@-cwq*4E2$6;D#tDjgRi z8oM|$WK6g8?;<^iF3=?^ByaJXQUHr9a#UZD!^G><+5+wLiHP;|Gd+kyO;n=CF|Lp2 zktsv*KFB{jK?0vsB8Rk6-R-5t#h93b9gdXGAD^LIj&`-0a(EIRQNyokn%^c2eeTJp zt|-2LGo}zP(&7ccE&i7o))_=nx6X|^6k83{?fyD}D!A}~3lb*p$A8FNkrTVcM?X@u z|3DCf00*n8CU=Rne`;-KUpnuA8!jg1+1OnBFQqZ)_O;R&9ZK3^#QK+X;V-FL6#z^U zC&kOdGx%xoflnZl(&Bq77Hsw6w z$DK6D^PkZJw>_3O_Qn7tmy!6}OwP$=Lv_RAWhV5`bz{}G;!v|$XCk_UfyGU?^x0Pc z!({&v6Ek9dZZ2H9GQL%uEAZ)}IR;Q;*y4Qsbk7Jwyf7e^-HX7}GS4uPEBISOlULco z!a`C~Qdf7;@2um^k6=TRnFJ2#3ZGmolNtZI3!db^5{EzTW?WJf>9K2zL=6 zrJIWV=HTGy-kzO;v>Ud(;Vwx2j>s6v7ai&|x!9FN1h0&RFa9q}>vfMO5Oe8l^y)yIGAk74~F!-$yT)3auF#4L4NS2;xYx z7c&l)4jFVwEWAK2E>Gi8yy{e^SMt;FCmcr zvm?=sjWJ0-0uNLKNzm|`k7RS4feGQV-&rT?Z@=C>ES{RcAhlVKHH<`Y$8?}(*ukcGUXPvj(w9-=H-$d0J<)rP#178Z?#IkhD=kl$4 zv9Pj5JYFt`Aa}kr)*vi__rqAZ6fZl^{LhkduZpZhE;G)nnpgf@Bm{yca)s^yaM%Q& zB9qbRW$`kjM}0Gle@2@~^N_u-$Uu$PQmBcUELX2aFpOyl2l3D9h_f4RFC|v(ZGu7( zmwg$^mdAQL83@iQ#w3fsasBF{uIJIk(NBBJ|2Vba%TcB;G+~<)MjstD@@x5GYAWo$ zH8+UW;1+Om`feRy;Rqe4LtkqbaJ%vEP$N&qz=5`M#$|wxSb;6@ZReR{3YI;?`KpzmMbLioME$#x$(z@2?8ul)I|9Rq=jGui3sO?Oo>WIj zVpSw{OCvjeA2Z!?t%Hw}S%4)0KWfC%64icWZ>j(p<`!&zd!$#@m?#*A%BbTbgqe7m zZXyrFhR7)6E}L}T>iU#K=deYwO^}(-s(0=QolSYvXNaIkMk1p z0rfGZT)}rt-+wfEd3%4Xdv(1%{juo9S7*C!{Cagua9gRM_UjiSbxqlG3Lk%}@~Dff z+|PHTV+^)rblTjUdUM?^)UvXYz@@qMv}w6ET|Up>(W#?Hva->%+u%(uVs7mNWjSvb z_OHp0G*;{!hR5fLuI-w2+=FV=r_TdmTe>q2joZ;V*i3khSIYk1cTK|su88Ls@3XS|2 zz{_||z@kq_Jr?()MsQ8g0^N-TF&TWSZ_j88C#I&tcdkYsM@M2FB-$ImXJnxh8|61s zYp$2$JFa{TyWPQWkVOeYK6~QG+ctf?N>G@KB;Wkec8AuUmnNx_l{p;jia=LlI-^mG zVX9fLTUDDfcF(-W^+}9NP|rM!S}09(b0Jbc)MT){te6_z)|X)ac=150H2arDZ;><^|bOXWVFP;EKPD_z7PSQRV7Ka`*6pyi8;phjWZF!ClFz zQ~0$fiemkZ4@fl6nii5h+Vr@YDbk>t{74z&0o|%jy5mi!mMOlqjD>`QkzZ>g8V8eN z&D!ga6~GtMvwWA{tlj^FL?h?^O-FGwk{l^u zODHLuiUugMuqpcVHMMe!Q5+IA+;()U$R9l=IVBsgYcIqpIUh}FiW8}?g``O^o(gyE-`)LO*)DGVyZL3q}vr6gO(eKnk zi(TF5&mD0=W+A2A;eC+P!fsx8ZZ>!Q7zb~r4}z-fi~R0OG)(Vl#o=#PW6SBvL+mBP z#0I|rDD^HZZ*v%A$0~u3TQq)2)du1M(UTG z*U?PcOn=w8Ei3{BJsXx7&k-cB2-|z6pW2}HZhX8`cwOFW$0!37#qNoLULPSq9UVHQk69+erl9s)|62h!H#f0{A94sM5NH&rvg-y;+VukVGyd?aq`GPli9M#s<~mV4~Uz+(o0`m1~J=GE&5e%QH=F zT@ALU(vtPhX!YZBU+5mE3YO_NkkpzI0)CsbJgYn)BcU=pLf+gZX-cWY&-#vS-^-Y%;S%}zq}dTzrh(m zBU>lm{wG*f5*S=;bk1=ao0XSG&gvLlBlP{FaD$iAq^i?m-A?#XjmYcMWlh)35^SH2 zBi|zIMGq4Fo#SHN2jhM&eB@#GfA^^oY&LG(qyFk-?_QhpN&@XHD0kT4Xnna+UmNR^_|MNn( z1{$=59Gz2i}Frfd|@f(P4{R+ z5tk)k;z5}NaAm!%ZaGk~1HgxVmm^W}6Z{5rFJ19;IpI};Uw43*sH$+;) z5E2$9V|ovn5o;*e)NNl(Wl**LT>g$PJ}@$(vTeH1n5@duhL5CaZP>IMQoh~N8gKA^2-^-NR9+rm zs!CVEm(7>EB9AR?tYN9RNkChV!CYUnYOC=>G`ya`iJ+EiABWC;%%`Z9`H0*#@vD=!uyeqGe6`EkLc@<%sQnycy zltpcFI1}$x=|5$IB+MHx!pdS$R@y)p;CsH`jORigb&i;XPrf7ngjUbVM@&k1=!v2j z1FL%p69Wrwd0X^sx)%=Pz1bF2l*YoqQm)RjIPu z9aevva~+E#6xg?B4TKpyb~#(EEo>g_!TMU{m1IprgT6Xf15Tvw1t0$&U>r{|j-sMa zf*Aeb#5DRO(C+FKG1qr|J27*Yc{zMjYc4mmJWp0|DnFfh4+%K7T?{^+cBTn4yz4ck zO!gIdD!@XhNZMPHg5@xrIHSppLBl1SPS2Tr43AKndo~I_BjGc_$aqTpSFx{#Oa!pi z-P)q|8hvl{ukaV3Caybs%-zG#x4QoI1h$k(cvT0J;8NE_V3 z61r099%wx6g&*Xyw7Q<^iwKWEJbDpV?!EUXDfxc&t&jChS zWh`HauNq&wQfc56KJv$UuzB(1Qc+Qzo}AFP_@3dL;#-^~FJs9=#^yR1qPgGAA6@_X zrr;5L$RQ%kA1w=$|5-P}otM?~uehIO{ton_4q^5`NdkNJGuM06+^+H6UR^b`Ha@dR zUWwS@n~KBie|d4|@WO!J*OZsz8RWRFJ?5o=Z)_rtr!6t_4vp{!3a27?36~dEqL~q) zcMCB2O!82++F=XI#WkyI1@Bz!)_Oip?`5`WOV&1pdV728Ko(;EgGz_`FKWrv^G4+I z-n!k9(Ox$A^5rGKp>wte@RuFMgxg=7y=-QGNWB*=U35PTUieY3e-vM6-H2neo})dA zib{}xE%G)DU(XLL0saJZJV`#gTX&Uv5uS_!A{(MRl!OuGc}!c#H~$r4@yYf{%!t0{ z2v#U>WMEjuAMQ|RzkR=U&;9V4+kh^J@`&yy7Ru1J>Z(SlI_t2yb`|BnYwgDDS`8Qs zI&YgdDkLD5CzC7Ys_veczJSbJa^(^n-TisT*r}bVw9%c1ASmNx_ULzJ3dod}4LVGC z)g$x3DpG!4UA%{`n_oSA&C4fJTO3p|<>glquKvzYbh*s7YBQ$PCSF@ zN2`7F+YkCMFx`Ynd?5Vl5$!X7zmxp)lS%1_^$#K$hEH!h;$$@*r;ay>^6@HBz6Y}bI#m4an3xdwy_lICa#Q7u1Au*WxfsGLTDnYR| zpvV{aw(*QJ?4OlyhWEm1{>;!koX4MQwlDy5+#rhrU67`#@C;YSz z`(|JyTmZck8ym3Zc2*E?qiU+TXtN6PJA~VQ9&nrJL>CbhyhT-Mq8PhH2GMt?b!!_v zdZHg9{DB_*1U$~U(cdiIhKlSw4T-#5xGGWL)O|5f7VmU3_~Ne&0KGm7Gl_IO3v5t5 z_4I65|3=A{R_3~ny6HRpC8khgFOUYl+pZ56$Oqloo_S1m@myYm$-%5Ga<_3VCr8Vy zKc2sCcb>H)x!j&#ZLc@B@16BQmeY@(EFoy|N7)^hPtR-zIfExw0$H{ak0wJ`TlVj~ zuwIOs+Y3KC{js$;X=`Z@yyKK7Y0!hs2|Ljeh(+7&?W|D8<&;NijTKUCscYbVFm`{g zs;Ecv+&c#(wwyG7+n(grl(nPTYGER&)kq`?a4Dm7j3|1hw#K zF({Av6E84c`XE@{2c;on`PU8ooSeSp~m1U?tXN@}^#nz>5-7f9L~+ zJVCtnayilWF+Hcpa@E*hgtjEmg^eUZr;yBQ}cSrQjda;POEL@k3ZWDl{UIS(e zk6MG~iW%45);xN{nkPUmv4HOow*I=Ng=1*G2IWO0q*`1{8H$*Mzi@KHjvEgl{o=zfniBZKM%?!>Lxo{pF2=H|*fgvqYIy}8Ci;1Z^M zq`Icsg)8cv@H3_&p{P&H4)t|l=?8yD2EQ7%UjvI@Z)(=@pL$@kU+D4#{XowvfIRb8 zN5}STb>4}<)#4ktiv55|46CA)3u&IRsj&iL)VTeP|hH;aOz0T3ArKlKH15t;sOY&BvM1La$&C~C zZb~vs>$PfB^9@u1mKbJ=UFqNJoejozNbwYYBl%ifD8I-cJ}!s2EEQ&uqLLZ|!LAh& z;D$-= z%F=Nju^Nq$<#HWy#h)`OmF7?P_XR}`^A@wwL$6jn)aub(@eaAAI%SFuRb1A>L#L|z zvYfr_1C%diZ)Y=lJ_NQDthUKSr=K)rf3N>EjuM0KIU{#r{^$$`AC(S|WQ7gFmxOgj z03k$cPRv00W--Icg{3fG&|rp-`&{zF1cbY7ayI){YYaFOslhNi@L`u!KF};+FyCiw zXdWSafa>Vi{yOoQ!P90^43?MMKu_*D6{Uyk_wSTnwT9WmjC;BQFuJ_a+g7jg>$&*Y z=>?U0yliYuU2WW}diUgEz{_1!ts689#zp$ zHyJ=ruvtUYk7K(v1@7I=?{;V+Y_(lPs+*t^Fb$$E5biZ5cKzgCwRPia$GLwb_5>J_#basS$^dw zTuwJWZX^Ud4MqI9WHmKC8c4j=3&nwdFT#tV4e@>Ks~viEHFL*rBz^s@DR zIK0FRI=kwh$!?-lxahAKEmLl*Z)O+rND(J8vYni?FSAKp=-pbD)Koh%jVsi}hWUAV8(%E}y#u!6mC$h_ zyAREBsGT)s*H0^>)tscvi&8(J;UltZ79T7{t2lV$T(WM$j%|c99i?ifeH=mN7R7kN zG)l?rp^T;%OO1YLb}+0==EIl8_`Zq+b{Q>2bv;|QwzhH2IHH~-I)TRt#kVHBX6Q1~ zoYQB&_0nP#ETBSmC6jy5R|=6*>_^Su~^e)R(Q_AZ{W}i!^e-K)@-ELZXF-UEMV+U+eR_NRQ?_iiuZLKU8nwW zWm$?*)}dk_Lz98?Qlowfnd}HtK9#Gl)S{c$>AoQPnOwc>8*dc@a@i2Ct@vsi?w~OJ za8W7RerUyvTctXe(Y}iNX0GqMS5xDo#BWJv-SZWlmB{u$VWOH(fCYJRv7xDpVWf;k zs|ppdD;)wwnX>ANSq`)6Ncy9hPaP@nv+$p{_h==!3aF-Mtb=jz8Hbw*{GwqDn>1=e znqv>7C3;1i@kT-@=rC&5<5^tq(;DG{W+M!xbCsI;9PXLN`WBab-=%!x4v=hF#Y9 zkn2&fb#MG>?s~@fvWo)vIO#z;UC{kbcjacj>jl3X|D3xWTm`MgB8Fn??F=<>%AHoR z{x}i^K!lkX*SCkHS^hCSw_Q&OkT(Z6&x)@T5G=+7doKrCte7jCTuS4;#)}lVew3MZ zI$<7u`n%}RcLs1FKPQCpB=Bg!x_SBntbUtATw zK7#Mzx$`>jMJpFyM{?I-2jd7?$gjUf*hVUJo)&UjM%Y2$=`9+VBRKlciz!Q$Y1B(R zNM}4rl#!P%$*>ifSi+fGI@)*~9KxsBm=FuKGZhtFx@x9pS+4W7|7dtf3_erPv-Q9a z_PJS;KV5|C@dLwHkiJ9me22rs!oaGVga9;ft+xrXXRiN#*5u8S{%J54*S zMxj=s$M{&@;TJQrVNULGBP$b{w)bTPeE_ZS-kRqPFp!!S@x6y(3W6tf7D^y-sdGuN zJA49O@3-UkpVo&p6>CP}n%Ur3QTZtNW)ZaFnrUY}6t@-USLx8eU*(VA@=|MwYG_m; zO5e%!shUw$cqmray&rxGbdlG_hjo!On;6J8*N=BMs$rhQ3T%F@9{sdwjb5ucr6 zYne4Ar@4#A1bSnnuNjI*7kfOoV>{o0Mrk9W2BNjibH6=O^8Xnw8bF;!%En@LTI+z_ zb4-l~Km8evL?bbuE+E8v84v>No{zu8A_TGaTcRTX4HgkSg7ynumX;o5MEOEsNM0L? z?cXEg5qBzvEY%hVrN^+!9SiW>?Un&vqleYp)zm;oXI!2bPky^d5iY1;!D-m1w+Z5; z>9_2!UN{sS(xKaAgQJGN9We*1^F*HyhJO8A_w#4nco*dsg)o}woCSf$Hc0eE28(pv z4S&b-QhEboAM|>LyLPC`0Vk;4fpwb=h#l^>31Ga~>bsuYO1Q z#T9U}Ia0up*I1WvfD2BK#Z$VgwGoDG2R>0|oSng9>!t*<9xYTbB?7j*77qr^2|%=I z;=-Rs)p6D3@ebK?DCe7dsb}Wf@O}p!WE>)w)mPYDpN{$^p(~zL%Gygo)b%EC?U6b2 z`+GKe;27Ih>Th7(IFwnvpyziH>62WEo#Bcs|L$?!V1JB;kmGp=cWkYnja!FQzP=B? zNihQ>)pgH{6Mo(~)P7Tw{y~o@Z!{KXU>OS9W~}PYNJ0Sms?i8fs~;E&)MZN6*I?T_Y7}@m{cFYyW6Y z<@;NHfD8P)wvA8?U0l3dwPJ0en2ox(SK|}e7S`n|c8e}dj9L@kMQTQMg=|;x!m%f= z^sE-!l91mYRN-%(2^ZW~zXciB;#lo>QE5olj(oy4UnO>*zVAGg%Fz8CBb4h{bWl4_ zhkKW(7{2;P*4Q?ht`19@S$@Of8xH>9^1E3JsvwrBh~*CSMZiku{mNO_D_I#JIwy<} z2oLPm4(c-@7NEEbN#jR=9H(NcTwZJqK>{96Y=T+w9@D!40!m+d1^{8EDtCMEkY6ue z=%7`v?aU9MLV@#RAx<|f5e0cQ^>GyYX99?Y?}N^A=IM9X><1VMgIKxhWP0$=w6Jwr zd9S9&1^M$3@4iv@pjp}N^lVBR;CsbT5XcquJU>D zgpGJD_sA=GZ-5v^f?wl~(W_jE)??uLT0KNRJXeV3Kd%$_QqoxdR&68FSkKo*2NSc} zv|thZmjB|;yQo<<{+{=oYs*L~wST2$4YQAy&9OzaGnH~P>EorfEK_TCT#q7%G!I;& z@y%VYH}MSwHFa1YKStC1{V!2v?q-lP#a&5)nrdRJj449rHJ>TAuk$eQC6WjWVXmcHJL*uKGX=x9oKp)knjsO2jA~zfv6B3a}mxF%n_i^eB+MCDnAMr zKiv#POCtdv@)Lwtfo7!=P4Cw`BlO9XhxQIOSFkX_@S5-P?0%p02hpF@II@v2!9(7; z%UW&=b?@KztP9AmkEV@#Tu$M<4`!{UfVKPdkbni=Ye7pb;&hi>eH?tVyQhV-GK2tZ zH2*Mu30&|0#1>Vtjn)ILXW6!??1El(B;0p!<5Tg5u`W* z7tj4%xV4N3IXkvR1f{)05jmS|jP6c@1Jx^!VDc~5B@Ao5$r${I305TlT}~!_pIE3; z`@$Gp^Mc#0ot&blXrlH;wMr|SHoUgG*)-yL!WcX=TsnVU*@#K`xjDS$YHnrcqWNI1qXQ=11h4DXS|Jf6HePQ~R3L}~aNYhAZ&IE=NLe3tqio zNjQ}y+#~vCAr@<;lI~yf`0q>!xfYX@%I5AHnGbulW5#mNek;ba<81j`u~+lQZ*9Ur zf(tP5wwAHLc!#0~i_8iN{W?|#HR?F*NJ2hEZ@N@w6-&9_Igt7JW~}s43!+8fH@k?k?{L_T+RJbJ zd`Ep~jK4^IITN)Vt`qQ&v#0`sLPzXvca7en4#xE0iVE>4#~eCSO(9*_Pu80^&?$W` zO*5AnqVJ|CDS?mnA&mUd@*U|UWLb)t3<)oj+pi>pwS4IMXg z+nGgm@BBk_mtcSAtXTyA>I@2hm!$Z@i}ogtQ`^t#^Z5Z#>6>g+sJD6|7%dy4k2`6} z*fwmMpaRBpe5KCYT(Y;{D(_wmocO)+0#+sgZzpD0n_=squT81o`ggs!h|$4|onz5G z&FTIV$DWpfcYWl}0`(!x0UP)m?_q$w2F4{RIXOZQpDXXLc}9Ua(YFuU+fi*Pbewqx~%c*)6c3U~T-9b_^xa_*(S@g~oIeLKJR_2~43 z__DI=lFZ>khD7}r(%rYoO&$|n<7_^35G_s33g@vi+a0RYJ1*8sd`tP|n@hi5CZ|Y> zlwr7;!0HQb+a$qkKr?DC0+!=^7jF*(a24c8d>bmO<<&J28^8SY|u8a);1pDm~tI0!MX3|oA|k8&D%E^(-$NXMb}&i;xWr3i3h$s zyg1CMw)&`N$)^ushx|EP8Q4Z+x@m{|CaPo(_CgjBT#O;7){>t`TyIdnt($H5jw9N& z!qET3G}o!w$twS;`D1wWmy(6b#BA%^{e2HEPlGCMK}gvfy6JqZT2Qd*`w%A=KxVee zcH69Nb0&X70*L{eQH#_MYH>h*{CuURE?OJldky(Vx-UC=Ox2+qI7@O28y#HtSj0ad zPtIE#q{`aYDUyBRIG)ToDdHcNT8-A3wcgq)PPkS2hBX8Bc4-3$N@a))hE*gv0-Cr< zz*9Z*PCo+Z+jfvHCI#AL_E!}W?xR?KYUwkm73;yzISVO9q<1g_w1~58P4B8|B*xbtsJl-Z)qEq2)8)4p5vAL{qQD zyHmCcJDmtbe?7d@Pa~j@xwv@$N~(E$`l^v|cKTsgZerjr1b(oX*v8u9mEIeq+f^hl z#LXha)kes9v?4;(LY(*7?Q!XW0_fU<17+c@XD!yejLd9rZ_kV!rcx?ED*#s*dB+R^ zO}YY{-BJbTa{(qN@yb#T^S0ravPDMDp^kd_QM9Dajt_l9N8Snh%1@IZ@v&hI^%RT65v2Kl$g&)kfuemcpjK@n`1cXvOhbUiMBk+xkK|+ zmVjmpGtgp2*7H8_w3V1X8Mh{6qL7fhx#f{Yi&7c1@2Vt${O96iPVpQ#pw-Okma0z?xe(zv_Hd!8}+oXOo$%!0Y(ENP(#yZkwp51M-KrJwMld zN7Y90Zk9{Yo|8CVhvBG)iJJ5{*^#8>rifiz(~9+Q{H-Y-QR~X{KSbz&MQe{gF=*9& zHP6ytH2IMBT1&*L|-q1^xf+(1(^rR zC{%8Pstv*6@rf4MOzlr)(PWU914Uk<;2ITCV=;9F34@bw0=}ixC7-gGjccx5otpe` zPBG_LLw2$64vhj*$=Y-5q@^l(R)XX*%KN=Ol^rT(-IN#V`|UF)$lKs^^0gs+df+3Z zGs^#=P5#mB;9XC*_AdIb?q)Hp_zQ$L#G)@(-$nc<5HQ&g>V7H3IuU?^@sS*N{9MnO zO(FI7Ndtkx=K+3NG+Ad2lGG8@fek3r7`7TA%zHC1DQOsgMQ?bOx{mktp_luRPzfh__igr4C$VwT_aH3Z;?wIh5(;K9~TT$ z+O~bV5rqGCnw$TOU0CrevpdZ>cE4C?6q+F}XjcN_)?)-R6}hs;1@Ee>s^V}|*@kvz zdTzI8DNHck0o_2b?qXaj5+iA zyz>N3Yn}d=rw>L?!9Bbj6A72?<1JB^83u|x>)Brr?|!Rse#xjnlkX)V`7Pc6Y+T0# zCvum!?#~~y%@ojR%U}7w+RN`}*c+-z*)lw`hd{P@?+K}G4%iAgLt@SYa&l0(S6n2j zZOVHw+2J<}adlV_j|H$JDUXgr`C;mIdjRWASRfllNE8@Ya|b;y-tSKpk|RJM@XanP zUu+v6$N`|Fn?hQBB=V`QH{apGbUpPa1vn5;i}FdI$m77F1Eixk2Il(?Y$NG znN9imlc;DAkBX!!jBn^MCY}5brp2N)ukiKzC?BwiaI792#jrD3C=QFboVfIJFTN=JYG${6tyPuBv7j`nAT4p5`@hBg>6U z2!vw>>P|+6_751Q-3Bb23r*CMf~j2dV>}FV+-_8MSN);r`ZX9nzgpEsroKi#;eqLk zvBf9OCFuwJYRWO8-^z%W6PY!X3qHL4iY+cz_71$Q$h`}%}B^`8**@~%0OR_tsH+F8L**dpnx(Hh4v~0{fDBv3HN`Ph3SR1QiPsizWHys|IYpw zX7;#$*Zc?fzs&w!f@0|ZO4JJoiX-N&X4Kbjs%Cm&gM~t0kW6orl!bkcYlj>=ujhO& zcdu`5er0moN$EaO1rP@k2I7-PCPW!SH9F_5x0xiczk$hYip~k!X}Twg81y^ zxEPb<{#D6?MQTC3U~*9QsUp~Ya4re`^7qo9r`s=eA+1W0Tf)Qr1{nT zRI9&>#$ zkN}hL^VM|pqoBennH5y*Ak*6PFqG*|_Vf~$!oouKP#!L>hQ`JLE@vyNy(wvO|3AaD zc}4_Xk&r?1Cg|;bDw8e;2S?%{1_s9U?X4AVfAL@CjZymv^)8t4X>+|z%QWNy2_%lp z5`=DE9?!lrm|EUKS!CY@r}GIzC1C_FQ{CRS!9v}}6i2*3crSkc2D$}Ww^{~U`h8?o9fMvgIbLfS zu5i%ZUubbL0|J3sl7jsNjhVLQ(1xc(y8+<9cv1FWFZH_}thbmg@yqi)EW;q?DO!qh zY3ayvLU1AWIXOUs(nmhOt7C}gKP=4@aV8)ZVAAnOA8U|G{&d23@g(#_(B85SLyS54W*ZE&O3*48Q$TQZhdFA<;uSL!!c z>wUhty6XRu>H5QTAo~7t&nl&Vyq~!^^RGg^yt&4s416aI)27sl_oa6)P1wBZkLUl8 z8n$~5#=g`2@I5c!VJ5<9MPWq^4!YS2x_5)+pPjm%d3MY;dc$T32=+L({;I*`kDyk?JCZ<-!iGd{uHk368`YA<%P#uG7=0zMkzonS$1-CG+G|h zRW;lmGhYKFXB|j?5+}HW+a?6V;KdBst09qj8^`9^%~i@Sf4~IYu6h;P(duqvpLSgS zf)@>dvMAHAwYMJ|%yAu|he9Em+J=quMt&B7*jU9v7yY1jNUAS@dKROI7=$23JypyD!Z9>{fbX=T~5-Qf??l&SE? zW!qawU?7~aEi@E$Iv&$H2ML(7X&vuaY^K0+)gZAS? zJ=mYv6XJhsZy?y;w2C!0U>aqw=C(T)B}D!fMx7iCW53qnbMU*k%V7W;2Xrw27(ym~ z6tuUyOZ5sZWnjS}z8&0o3p0%mhWYde&8dvU0IcQ#xfL|l4mO&g3258)!alF3-@@1P zxK^W@ihmL)`x&tvnV!CWy`1No&mN&tvjAwT!Nt|B6Q;L09wyf##-GfV80;dhTo26$ zLB1 z=El-OQBl#wJ9Y*Injuy8Ob^7%G@=(F-XqMpPBCe3zcbV0p??1S*=xmRXmV2J-^>mz zR(8>zhTB_#}wnV@i)22{9R(@=2 zV3*8=+U8y|L&O-TIKar5y_tIvs>>oH`qQLHm0p&f?k$OYG$9L02?@J|!Zu6Ph>Hn) z3Y?u-oT=0$w!)a^PHP;;t-*{+8KVQkQ~> zN-O0jNwtye*KNBzIkAs@iE5JRQg%s^uCbvMZKf$HbBtTXH{u91Z{9aeW?&7u)bi_$ z`7v&Bk|ES8O~3bbh(`0lsYbcH%OtU@gvbRGuv;9fu_%j{?B%s5+a(z}z< z)kO--q+j^ABtCkGO`c9RsG7DM%f=^*hBuKgzNgKYmXV?O=%!^ib?H0v>7+=2cs2V#$PL`{pi6DGjloCEegEKl0d*XM;s90dp(s!%sm z+-32w7m2Jk8(+d7&8$?6qW0OIQO|}SP5jtZ!yE^HG*VeY~ii=DL60 z1N;-1Tyo*DVtwR5Gd)#bo%{%*Qcns*mb#*_*1WU@3tOu69R}m+T+h=#_xE20!i~^nEW~ z$19o!dKiR57p>Z~HjJD6Rbi`!M@^y!ADxj^F;RaO5Fe+Hw6(V%ot#34xznoOD@Y`8 z>!$VbD|gJU)0n|hcHTGxGxlt1p`9&vTo!tj0&(7v_+0?s@4`<{s9*I*u4P&~<)-rW zNcIVGkLCsaem-ubTqsw^1^SpheHRFZI3~QhdTcM(zc?xTfCX){uD<@w#>l{bd_#=Q z^Hp}O$XZQ}YbS52kdEsx@a(8K5%-lWM?sDnXTRT1`G_VwVw~cwWzz8QMJ)o_o;I`L z7#*WsP0g7l$HlHCah8RxBSA9$=utU$g;tDw%(B+}56y;~vv6ZIz@Z77Bvv`}_r7}OqgqNK+56xJ_!u+OpcljGz&kqxrhh6-k z$`3MstJZ%uB8Ut>7f~)hBzX7pc-5XwlZoAS{@NO0Y{d& zOk5OGhJcm2W0U&{L%W9HN|-~>3@rL`$pL!llC(;LGTk57#lq5tya{a$ZK}o;ex;;V zMdR55%Qv?Ds%Y_gE*X7vUYi_lX_MdZ+hP-iv+UdP`3_ToCk}zu@_Xv~+!H7LMr)rt z!AO2)5f6 z*Ke(6O~S{Nik&Emtec6~%y0L97<Y##(mHGYq?TA8ji&65~`Sb`MDop86bLo0ix*BGfh z>&LUcTABNl_#KRW{>s)x2YUFCx8cJ$K@Ht>0^EOGtv-1~8;+3S;N#PO+)cj)YTeDe z+ZQK<{TGLhex_`DoB*{wUbHN)`ZnWAk_koUbwzd%cjS?L6WoARh(gQCK2QN;^j=#J z$pzlV4A@UwfOy%!oy%7AKu+*r1uqsf@BP{E5zy)@+*-QSXy7@%e63RZ_<6D;ac~5c%!vA`H>TYtOi2G`b7Ow2i2h+tJR|36FPer=CaaW65Zb3pG{- z_~R%T|1#Z198 zr0knRHob{cN$e`}QN{UUN=kV(Gdboexh_*V6a(907tumO7uW{}~4Xz-Ox3v=z zq#@#o`+zA5m-h>nMS>#?RpfIZS!C|GI8jx8h6BY-Y|ikq-VxtsE#AfK@Ks|e^35{N z5r}u(#Ugu0S$FpdXs~n71G?OQllxIw{DESG)R>zDBKo_D$cG}q3@o@v#G>i#+`^=| zs=~P9VX@+oSXXJMT6t$Oo<=P?p68Xg_*R2YSI5y{B-ddj(O|Gy1Tldz z$wGay#5*IOu!b|yhce=ZLsjEh4cyc%ZE!cbr&Ar?)gElL416xVc)VujyAWshnm6Jy z?7rDp0#(nd;&Oe5dqA!I+RI>%Ye`&+FYo}IM=6>po4Bvu@1Y~OyiQmhmstlH&vu&gxVlpm}#UreC zTRo-PMR<&6FKmx%&+dV0dzx3uI98*7V&g!u99W8l2{*O>*4X=2%|uJ9j@ca4CgY+I|MH%! z-GKN7EawuJCI0FnEu{^kzbW?2DZZ5qC>CoLYSu{AkY#~t7HL;TyYffbRDig(%S*g~ z&!gT35A@E5l|@JXOBdiXhej8Wq)QkC(FfG156E^d_dQFH>&Mph)svJ~1t2R86Kiaj zm%lVO=#J)NmESxqd{NTAE;D|;?UB~u<^M+ajK$8kj#U5Jx*?pD= zCTYP-l6l{Xyn}mbeyr`Od8v8H%R5Wk*+K}4Pg|;SPy-ym@1iUVGB?a{LZ~)0Qy(C^ zzv>6{t_&NuG`SMgE<9p7%+U+wVBF^l0imSz2e|%6L+YH5G4mura;<|&k34h)^TTA0;ya`>X^O|3{t!#L5 zp7mTRZO&KGW-A)e$hq&D_3CGaN#qu=pj|I60nhCFCnw`VYusA^^+=-`dw*=+4piU5 zKjieK=v;)}1op7sQOf|OX&paq0`0e_vOsAoJn$T})}cNkzimw=<%v`%F~%r`8dPof z|Lx!SsQ6V4Y#UBq5I@Y=kN^1SA|q0t{z*$eYuMKK=~HHQiK!X^HtCLhk94J8`*YPs z2mjLpID(Jsu4~PYpQrw+<9PW71Ui`!DQmnk3G1J5->d%x()oFuqq&h^gH=04Tsj|O zQ=;9}Qc=M=PjJI-kt5Q1Qumq4FUn*JR`lo+i2JS~$fsv`x7t1)K3I6^WSPLm=E@eH zS?GZ!Uih*;Qfzk58Mi>OShWf8s^bFG22>(SMKUe2vY`o_b|8j>I1^3#AE6j1bUg@7 z>2YXPV$%9txDK>O3{R)KZS<-9k7vt|CrH-Mt{2m?(Cl8b3vN?3{AQShGv}gPgOBnL z#&qQs=J;L37O=AHYZl$_mIUoRI5ZDRTyQ!7x#)=g8*)0t+l<&Gc$mvr42a!fS4VO! z>ImIUGHFJhMHV#{WzxW%vtB`zDMAK+V&!B7VFP_vi1C6~YI60HcOBirpJVSFftX0B zxc#Rr(6+CbDKp96xtG$OEXg-9q4^wI0j(9c0(W_-^{V4+><0PR+vR3@2N#rf!=~ei z>jEF_r+Jv4)T|L?Q&yiWVi2I(byc}QWGTiS?w*&EA`zZzO*#`cuET5jS%tVb=s2pZN|}3^SB3I265ku z`fXb~=WHrq$0>9>QFrBhGX;(56gkf~ z2=c~?LE(FWxbPlNfzpeb%zY4#nPZ>&{ehyZ| z^avL0NOk|WTlr}XCBCo9br7=Q`^SqyPi4M%`>tY5IL>-H{HcPxL?_2U>CT;vyu4wq zl0wlsc7C1~r)H&(q<%-~CHg8kEQ=7t#hjB1eZQ@lB1JpBh{oCyk;TN{Vt0@lyBj@x zS5CES5b;0v0<|hr#rrPjOXF5kePH$L(a?o0r#VCQ7ZpMq8vsB#B?f&??`5IE&F7_xE)-oBeS$nq00X2vhPA4DNt86O9FI)CJK<`i-bcdNmc_%^h1BNN`3yuK|-9|`(ZR6fhWvAi%xcp z5-WI9jfTLVXm}9y8wVM7YZH%X?%>2O1>EDS{`%e{6IyAtT04V;aj<2(Q6>5`=_K;H zlP}-r==*de*39Sp3gSgAFM~RoQUtqtA9X$LYE!SACMiIved(`Zh=(ASS+U_hjv-)i zpp9UpQFC?>lY?X@-uYqF^iw-lVA2f4h-+UuRrx4HlQki7OHA$e>%yZ(ol~omq+Fb2 z8#U3_s1mc@7dse`O8y%~oZ@ml)(ur%f7BFDrlG6QzTU|B=C#hPJRio(E_*WE0o?04 zYSwel?QlNx))p2jN;^YGcO^<^FUCsfd(O@tPP6Ub?%dp&VKpk-fHJ@+ia~5I*_-`H@B=axMdDJa? zE*IcUGijXt{-oRbE1b7*M+X^Kb|L3r&vwP8WWh-|EAu;ry3EDzon5!1rTo0)FeHh- zFo|Ju6!J}V-dHya3x&)$Im0GMy2M^heI^(Y+AeEt+j(Q4bJN(D&C|RJNtGP+hGnCP zdMmg*X;VhvE0sHar1yF{y^@@fsOKnlaaqvE*9wcIa-SY?x6VyQ%HIj#rjyuHIbKfbE z57c9-{leiXCHBPjAc1X$v%x!si1&Z3i2i;or|o^SHkZfVVknf424AgN3J9hLDjZ-c zxi{ftgia#FCG=r3U@)~6j?`-RHO&${x_X>|fM@r57ulX^F8zW2ol8=O!bRt1B`#5| z>wh;=t-n*u0PS_Pc zAzfWjq|B$luFC`KM?2EGHJ9n1`&5~5cBUwNS;iBHP1Cg<-_AZt$Z2rm(ivs;m9wu_ zFEzH@k38M-yFWc)Xiz6<3eq!RngmY_WO8g^FWjlrQ=Y&3kPM$owMe zphl)a5y@Ry_IK7~^R@XF>bKUvYqo2{7i)9HaW@$8B~{6d&NiC{bL!>4u@+H_2+xy* z&c&d#QdX=Z-s6cxD^si+Ur_oBa0VwQl8ubWZSV9}g$_(eE=oF{O&RS$g!?4rjSP-6 z8p5VoFgXmd1uXxFrjX@DeOW8NJWToPaf<8Bm2ClR%TI6EaE1^<($lx$HGikuR*@yf4IC0B#a({QX|Wx zelLZsk&C6ONtLC6FD1%b@RMA}ahqAJcW9OI)>4@{ZQd%TmWld+(Pkky8~q_ku6f(R z5m;N;7a0kwOwv@Jg0(v43(*)BFoCw6$)r3+tT6=(VJ`4H^Ni~QP`hz3rwX!|lq<0_ zo#DMDPFkA+oT@yVXxsR#Qr!0`>?`*Txg80`Z1(&^q~?(buwSj|;75d%SBzo%Ja^&O z6Y;eRLYgv5!e5BaGgz3U>NFGqPpMZx4qK&Qz(Ei;q(%x8rdKMr$9fN=vP04G<5g`_ zT#AhHc#%5h*8w9dk3)>mQe8zX>B5Ac76zy>vy_NP7{4m*G0mhp9QtQ5b4E{?ZXcC( zdhs<8_e>yzoAg@wx9jR@kAvvt2E%Tg1Gz!T(Cnh1`(fS5^=r^OqQIVm(?%fQ z|1ctc&CO5CUKS>K95``3es}7vb*%YU=0#nG6v@h5o`RyklghXU5Op&4#j_uYbSRT| z4L7cWKq%#TDE{%1$hPqpP)a>k_)wa>5heP{_qUFS1f;-L^W2RMb-8X5L^D^qoZkfs zs#jFOrgMbX#o3t+_G}7LSVgz;B_Ckib}&atxIWjTma%|x+_`nEHwT;&C0wl6*JpIn z8W_%o=Bip#m3xCTwHj^DxtZv1qpSIcvvOWMp$DQIda|<;CMkm4 zwpx-X@i6tk5$(ZF^S*D~*n^D-)aq)(`6UTXO3}5})3H~D*)QQ0bn0fI)<~ojTVyDE zaKz4iYHW}zg>jU^ctmN+HkeRZ#xA2A4a?~bwafG>=kT+fJi(dcxUB9~NEL;w?j_5g zeu?LqJ680 z)q`Ddv1f|YXse`}b*JpfkE=8l!g0$`l=;~+B=R|aScGb7&~&ksU4nc~GCeZZy;-#s zwJ%1nKr=ToG^af@enh7cU~PW4zExzBXF?|PiXgu2g-HOzrSkM_KhhBRb&MF;QLx1; zn{NhcG|#8Y;UF1=rOpy;CIdP6M$)7^D~l2>Sx_7>){nEX#AjK6?~m7s@+XF8w$sFMFP-L79vGktx&*$?8!$n zQ?zXONu*Lv5@qCL>W1klojVOCt{64%#|UctDyKt|$&6b%sF|A5;<~rb9zB6os(rux ziq9Zaejg##7ly67miT?LA8a=Yi^J7$%0~wPWj??p(mIz&WqsLzRT<3>-jkH187DUK z>F%5`gEtQQv^`0R*QnmRjI^L3pfO-VJ%?zP#iXYwI=TnPTt~ zeIL%<8jjUt>s5Ds)j{L9bvM^D$VhCyUKfjpKPED4xiEwl(WArl7>8Y2~pREeuP32@6tq< z-+7NvEck_y%2hm#mhkGM5=6rf%4mj390HXu%BHSVenD-dbTmWV_I*MPyRu}>eKGW@ zm)*)gl@A6FCrS4ExBB4Y>C&Db`N6=~6cLcT6n6Bqt!%?W0m3&g2(qjT>UhiRf<2Nw zGLX#@9MiYKjA70x+MC*yISjaGHAiWt(XD7e5GsS=ltwAy3!=ypaZ@EnD)eXcV=2a1 z5JG@-@@eH5`Yh!jPQeIo6Iu0O>_l`(*$n}O?F}2zPAjt(l;1ZODg+hYO)4#w%FFLI zj17B-Dh^yQKolKp`94G#X~C*es@1^r5|%sJ1;3ICY;@jxjkAVJt!$~bEQUiyxeAt} zg}wOBQnH^w+3pRt!>t&}e(n5+XpFXKSP>9uj7(I6Wt@B6N7CIjR-bvq*;jmfu^xV!~l2U-J$% z(A`Pz?uKkQC9RQyHL3kpK6h%!2|DMgysDvqjX0jHOtbO)D5nT5e@?tv#_g3mFVLJy zi>_}@D%wt7K%&TIb-X*=ee^iCEn>oBeRDUY%9APV=!kSs*LqjTs{MR=!QVHb-U1|N z5~6aU&@QS?+OoGMjk;9#Ba7AQW<2dxpI#S#qQd4tv=AR6GJkIuv1F=34^d-sOKoF&pBb!N*3_be6K93G^Cdh%{)F^Imk~kR}dsBB{QvL6(0`h6leJyGS~|_n;=DqJegHS z@y|$B?FKUSM|@M`22i_wA`NT~Fnm_5ewRd_tkDdLApNtlBzSyOFpoKKcG zygpaBQ`$=!Jnvo2c=YT<(;~b+$U8@JeEV zCBsyk@r&5jw?gJNv_5^H)8z5qJMX-l#CU6R`&y6_dJN^yI3^+c*I6(=SC>cXKp) zjZML5ndp9Wg)QsaDy0Q3%On1irF;2BZ>#>2dv*4&OCGBJ>->ZsC!xsLL|0=#r!sM%Ykx zaEwmZEuNC9y7zO4V{C!6me~Oje-Bzbj+i?-0p5Z%9fCidF)F^TqQ!$DBhH8wG9)E{D|_!t{iHjI>$m_6 z!bE}Vbc8~dH6Eg&(@Dq!0*z97;L1iX9rXG8G*z#!-WTEaKlrrRFDy45obU(P@Y+o| z|47}Wk>rzJ%jkXCtE><&m+yc@5Ab|Cd@b1biK}7q5AMyUx-Rz<_w?T9^iRMJm)72& z$33DEOx!2y8idNV{N2uc3572BC8A?j$ldFYvv)hY^Ld@qSfW=%BXgb9SrnyKA)f?M z-d~WsO(p&v&EblQE4#iHl)}m50oPH_BiX?4m6!eNJx&e4S^!Kd&O78}fKlX{EmqB% z|3qZsq!H6lTDr*07GVh#9X=l0KOPuduF~D%s#MpA`qE zJ{-2EX~O$C{yPir3!TS<=Z7sUZ_cS!5Eqa78~|J017q$Eec_(2`a(dd$;^yUw3dG% zd4w1@t@&~0*Olz?HM6jO;E~w~wZ6)3Zx`v+dl`G{)SDqZ6NnC8H!q~2N4PFd2Yb_H zm5cUZ(kbD>HJlzFRLJcuO5cp1?9;Y!WPQwrLemYw_-1Qyxp%)u0j5WM*9Z|`EqZQo z>8aVZp$@p2EL>B`cpR`Fhgb(+WB>A);<4by=4nmmF7)|2?RkO!I`3J;=#gQu5ubn$ z$)@?dr1jdW3EtBC(yCQOu6|dQnD|V?B+K+B#h3wa+y?g5%I8*{+ zw|-t5dA>Yup82(X_2p(%9kfBf@9?r|&JqA~N&A& zj^7?;);fAi-_n5)7N263(hwlr|IvydYj~)rk~~n(Xh$(v%}8J5SAskV*;b!Le`ht9 z|MV7v7^IC^6p%N`dobAQ9F@EMGL^$aORg!4YAJRLi6uuP_fAXnqNUYg(`p&9`ee&R zCub&nt7ZQ+>g+B^-H%}+1_@$r*wMSH2yW8+5FWJIgZEE*w8O|7GuYTiuz_U7J7dEtJX$F%h~8C z$GFmQ;(=)R^k?AD;Lw6s@?*;Co)z1I5$?;D+mb=jw@GOZ2S)Ttv5CPV4n=`Mv|HNoi8!bKNv&CTS7gEV{ZD@ zVR$x`wPss73{n#9WS{O-=9%%Gsp!nJLVVVlD(=C z-5<{=bd^z|?uPhP z>SkHaeLtJ)k>;}!I0+evq~Lj@s>U6Ke&R4uXS&8(=q+@HfGI8gvo?U41vZzi zZL)0-x2kddClR{=MfxusC^J1NtDiYxH7w=R-I-P5r%u5wZz&lvf3V3!#S<)%y7o{g zSdGnXlR2|oK?htLcpj)K@x>V01T(Y$>h5^0nNLgJkNn~R~k#ZFDl%{-&~{lRGsQmR_u$gd{_r;RajFr2+hyoyVK zk5h<^lygLUu^*(Th4w-_5iiYnm%6$`9M!yHTLKP;f=SzAyPAfphr!tLZ%!Nzm(bNC z`rDqEQB2m$qSKs!I>u|ZZgrh=XW4m`s8&k)CA8e@hN6Xs&Ep|t@AYRB@_%jCIURXH zy76|u=XlM-=02{a+y%AeWv__EeQ@*r;FQM}u9xl2@&cC)4RGfAN#p+1zre$CkH02D z2M2nDWvFL-JR{$>cVIbFge~|OWvWix&W7%jXLW5T<7GuI-}HQPT@B{pkj_tBS+eg!VadU)xahe$IQB{I%!>vO5t~4>W_4)M|S2mLb`rDrL5=y`{&x z)*mNWKTe(v>cU?lRNlOSy466|w~>3F42D>T526pE|J3rS<@=wLKc}xw{+xaXTmL!u z{{JogSHb^R-T$hIA=u^+=wouQh}-j=D4_QSJ^$&gFv>SbNLmVEcq>Lo%LI&xOnHfK znAEv5-Kw++>4hSGW^MgqFwmr}Tbtst5spV}H_Zo+OD8=7$qwf!(M_jrY4?YFZM@iT zKDhu_|QG;KQd`aHaDZ91rR5~#+Rwf3d8CgCQnEhW)t2s0e|)60&a zmwm|}Ryw{9S$i}%o>MqK@X06654nmnmtx=0lcjm3<;f&HiJax$He|W2^l0sx7PR>C>&j&bNcI%OG4 zOsxRCHq>J9fGpDU-Qo>aw#VRSvLl*SVv8bfCD)W`^5KzG53e5xUGHB;{?g8OLJXbX z#VKjAmV=9@?F01IKf)SrItCk0_7i~sQCzI6QAgP_=>@y(IJ=j;VEglGDpA={;E*Nw zWEB{;Ax}8~WqZh6ct`s0f2u>(`9e7ePTaF%z`j-*DsO1o%Q0+X(PilnQTGdhMul9e zUN&(^!hmsPj8h~;sLB3jCQ!icQkQi7i9m86b0h6uwBo$Csf?soBGk&y|DIq>q~{F4 z&-2}3rgZGBexF1`{y6nD-K!~#eOqoxdboL`)8gXUOw5B>V@tS1E&7*ScRacK}>~HZ|=J$lVbD`yZ3B~g6YlhDDl^l zC^v7_A)}c=>C?|DW2CwrP$V1t97f^ia-n3f1A!*&Iq}1I9oelc9vp4XV^4T(r-oe=u= z?SJ{BoJE#dyx`Z-obGUYvAK5CfQrMnL5hOvsG@7KI5~9ImKKO@7Rgd}3aQyRzLqs) z$O)4pHFIL3S_fLLgz_nWpv_f=_HQ^tL=q~ z_ZTUM@Q$P4Hu4I2o7GO)8!LZ+x9P8r+b+-iUli_d#&k%z)j#92yk3jyvrS)7$L)SN z2EIck>MSXA=Kzunq62qg67{?GIgl2Mhi={B!9a&VOOp|26{o zce%fc{7t?8G7JBajsGw|#mi^gViRE)76FW&P3VhVz<+tC*-FAq1jJuP_y0)xk#U6n94z;TGa%KboA=J~&)e3DLk^Ia&z#YU zvXWhn#qC=y?=sJ|gw_DztiHTEivE6Y;%>H=eq(gW zCqo3t_Ip>8c7>CP4a7YFbZV)^QHwG#C$r}^BdzQ`)K`3FqB8PkWhL0WO7>~zsoEhg zswOQ?++AsLz+8L2WlG^}Q=OSUPKpHK^>ketQpv4>&0~oDkcT_UFOC9po8kY+J~ULP z%cK@nk%db8(<81_3(ZkrlhpIyb?Pez^nB1PiV2X&G*vLAAddn2iahRrC;>*fJl z74i4(tNp=(&GYqcdet0DRW3`tdE?bINuaIkL7TxC`Xofs$fjO2VP|qIa!Q^9%@lOs zkvp~Uc}-s2(lW>6K2J4 zaNxV~mcaVGadx{x&a|<&KFrw?yZUzb#F>EIgP&H5AOIQlk0igD1RI-BQ*NkE(%c;< zG#qIQQ#)uyx3pr1*jReja>LxF*w-P%R_uXv6ZC4(?_2W3Pu$GBaU`Cz7FZ;6TY zf~j?uipStg(1DxIMzsmKRQk1`Nvzs(&pZBO9K|F&5(~7QGR*?&9Q&=GRIx`rlGcG? zw;|{bAnq^zQi1(9KFI0-8lh>}EIA z>PiL!+<48v3QqyzsQzwz36uVIs?d{CT$dpF#Achd?n5^&Y*~}(>McV0`_1EmGt%b) zdo3N2Ci+oC1g|s=*b*>VvmR$ujA`j*9Ld>iV1=SJGcuoIO_D?P5WE2b- zgVmLh1jLO|vxFr3Wh2ctA!YS)Qo?u4k(43<=h$blXuo6Lj>{Z7jI(2O-b_Fb@itmVuuo~6^@o#0 z4?1ak_cx`*4!kiHxYQZXGSkx6iF{ly0%!rISTK-32)K0wfVFw(T#?^r=I3g&WWq_=T7%v3Ep{orxSQVXUTSS~q+ z_}kAo3PEL`hrj>)oBqJmUGd{-n=JAW5o)ojinjilN~MAuYG<*D1Pf@JHzoi#I)yo@ z&fzlLjKndf9IK${m225#znT0>noq^*#9<6C_x;FA8nsr<|5>T1Tl+mt02a&E&VwPS?f8jXQ%Gs4-t9oIk{ThA$Vz?Bk z;>&yghoMrqg8*d8q)bCwRc;jQ%LF|L)k9nq9hX9(F81*$qSVMnE*Q1EQlyaG?s8Hx z1%6bW{rykQ0xHmdS%;vLw;Sqti6rqQ;mswq7LWaxeEMe7!Ud+4rP$d&2%(6k(3Zt% zJAOzH2kadeAt1Rn*Z(%-UpnA zbRk~=0)V$?keyhaSRYMd|$MPe9~95s$C${a+#{VOEg- z8+7?Uq9y;=pv<>xAfMC6Cp%yw>@3_rZBl}P9{)+$n z&%M9?M@Z=Fk^LuR^j|TdM5zDIIM7!>{RLzb@jw0fZFqvflf2Wy@ic+}_3qP`D`Xg7 z_{{Wl$Q-c@#KP~GQ|ao8lCb@mUBztO3e;o?g=4xnr*UK7=p?-QcsZ@KEwtxAJtLr= zTe$NSkCQ&m8$R&m=JFvwWXnAeR0FKas&O$9#UP`Gk%509M|@E-7=s!WMBVm z(~0$nLtV}O0544fp@SOy^6H9sA>z}m=E0#UR*zu4)s~z6M-VA4Ra?}SZr?cDFBpLMO9g*bF{AiZQ5|1Dhz$-U>ZYi|K8S(=JP)Yl~?Q+wxL1c+eFzDQP*D z3bbCsu+yNpu+K0jyiY_c{S^dSH?DXIFPEk&zE)rVR;ih3Cgp;gZSA#Ccw-IwN2(QC zCsz25t@AfW`S}q`Jp7pzwwwtiRMF@qGd6+NQ;cM>ySI`)R^DM3a+U1GIEXvLQZ2*E zQafqCZ&r~G1keVZkxZ0|1>q0XJXyvtG%GuEf8aG(03WF5voGU>ct7gTSqtsk zTtxX^d^4qYUL;2WNBtSscp4SNO1ziMH{diQ&KFmFAB!SBTU2VL(C@8x9mgz~bZ=Iw zg!}ri%Po=(#C&OpsY#2WYZnVDdArJJEhd==i}?U?e1uO&AO)xx}?ig4`p zhQZQU4wnHEo2}@#BYem0KRnup`@@iQ87)1}EY&V4YZ~1XVKE60JyCt=gN0V_O+x-m zyE12I!En`=YUCYjE)Tng5g?DfRsK!ldsbmQ>R6Nejg_Xp5_100F)QOpzJ_}aAg`bu z3I!rt-g%8}>N~-jLcKS)V>ltXz6*j6^9jP$fsJTO0XB@jU3~IRbj1%9!|hEX!?28! zWC#(|V-Eel>p``-7q)Q__>k1p8=hRJTD*hB(D?;vH*YsAO-k5hWBPW^gRP^J`L=?D z!ed&2)0uM|To{9rif-}Kmu4O?O?vVlM#?xlMTk#HUnKBZ=-10E1nHb^H;?1c<9%Aq z`Pn6-)>n}qzA&2_IV_UR{gr^9AITNzW5r5IOsJF*Dk|s<_#}Rygq@Vco zvF+uZz<@ximUE~zwtxqix}&EgMYs&e(*EWHkb{r3lub?Y+SJh%2;ZQVx0?YABe01B zEGWQOZ>ThJP*X&58ipLf${V8cAfGXY!sz%@U}RT)gcuP$#x>C76oYi+{HIR4r()$x z&#i1~U@!+*o2j;?rJ-9y^L}^;Qe8oTL{9zZx_7$wuG5nEw(6U0f(RM9a*33OU{p%5 ztmdyVjoAqoTJ3gx=NJ)Z%Y9m{f;?gWDESH@?Th}Z=$3{-iT0>xQE1Q8m&yEapNLE` z?C54ctf38`ds$8vdA!|=YQv(+twh1kIH1sZr&F$yOBW{r?7FbWB^N*Z94foh?q#&N zABoV?m#P360PFmn99fc+7EBy(0)>~!`th=@pE}el1we!SBqnBghtNX&X4UJV?*6<< zv)SWmOk?i4|LnKBijmyVGCbET?kT|b62X%q>~C!Mh=1)OtIjUvr{wlPWAOMd` zc@xy-y3&ye$$V}8K>M~_!o1{Nnt~W&%UOrvkp1rad)p$s z#n9YBC~Se#z84*IbQ%+&sveSy556C7K5!5X@G#I{Li$Kh2oC`@g708_Wr3Q?NAfp; z@GFtLs3X9OTCf`CXCtl<(=nZo%NiB-1+RXR(g^Udn9nDEHCcnU7PMOBui;p_;M<(HUy?_TA&b3}x0q+4TeAb2RGZ%a0UFBLHmTpN zv0GYc_UsKFZi#_|Z`IFvsRi)2A(n+5zQrSq(<=R|U?X(B(x_xq`v+C_k)p(@A<~}b zH-|iu#SSOm54!T-G9VHyHM{*I$bEkVSwQpQNdJaDLdTT*w0Y-jBM++l;)I87vTpsl z>5*veT{ofT%ISl*)B()r)=jkJ@trNZRNdAOBhRxn?}lnKIl?zacUhnCXG=XZb7GK>QL zO3zUCcTR^7E%YZZJ7NECv-|1qEDx_dge9mSCz%VH!`9>zQ(aR`J1GNrOd(QPw=XWh z3Cs^0?VGw2P|3@;U*-}2N*1BiJbX0T^3teH)fX^b;}E!-5O@`s*U{Fu!MVc}_){NG zteY5+q4ZMX1l&-kd~%k2zPC_$;KjLPpZHaTvDW70vH-ZH{}*X-XpFA)Ey8}HW_9})6V|Vm6Cvyt;1TreNmIgGq+p!D#{$5Ltct4J0xu3Tsiir3Ye7_ z8K}l-3AK*K^0Zt5EOK$!4fASmGbr288KAU`62D;LG9aq6vv`fme*>pu8uv1sB2O3o zJoi5@6-#eEEopV@J>W|$r7Ml&+|k^Ql$+GyfYC7p{u%b6%>R`*AF7ZZ{!pqi+yuv-{J;WS6i8B_&Zh%jZejRs=>+; zO$AKFmWb*P93v^4aG8=G zV(5rn45=INWE;tp-rA&VG<=gudT1MC5TM@ z6b4nNmi2sxFhbM7PId?R$Hwjtx7Cs|t0y#}8w;~ubnaI3;4+;@-t~d?C?=Mi3+SGu zTW}0hi`GsPMk14r0BnG4PZx<-JJdG-tZ!$0XZ$BIK(wrYbDF3EXiw453u1}=`io*E zSef|j(d8`6+h|exLehvX8%eSs97Q*S-Mwz1&LJ0WW7;7vz-R!3XI?)mY8$e57QLa} zgE|1kZ5j9zMGCXlJ105CEmPMtM8@@DpOx3hULZMDCC<^gk{GGVtLQ6H&zfbkvB2Eb zh|RA;d{#jUF}a;~Y=AK7|53AQtb}eF7OTb@W%k=5HO4bTkO0+PLWJ<9W4JAhiC~t4 z1=%~PFXi^3e{q;o2uXskbsrXk3ED^!Fn60`xZM230P>v-yBGi(6tka6}wL;wB zhxOaqDTLDcskMJhobBJoGds|DEBT8sLi(hi6``*BW~3)o7jQW@@WB2dYw7z<#4mq? zF#)+H4OW|>>@Gg3H0;|8yH8!6T|1WpJ<5HzefsA?c2aYMo|l`qq3j25%SP>Bu#mM4 za$Pu4G@c?t=!0!86(o0!BUbcI5qMdf1If$uN-=CTSbLO}w;=+K57h z9+->T=sImSBSHN!g&kS8YuF^k!APTPgA&#b)%&e;K=5+SF_r4A_FMzlt8g_+OymqB z-CMNlY+a{J{GZu}QUZ{Fk%FAMWZ^JU?9$N9G#LL`(f~5*cJr{1ay8Lq)iQio`AyM?jjHb3IWj-;{ig0vgF<kJLbZGcz1l>9pdUw2E8eb@u(E+vs#MB!ZA8f+SYE_3{5_` zM|alD1W*tJP3%l=NPZw`A!&Kf*t>4g|Gw3zWPWTt;lpV5Femr$@rkjKF)PMw&6I}c zHVR!E)ydfL^2!wMaQ}UKlz=l4{|&)REniDD`(&C%Ar*#IhxYUAwp1E=H-fU2ya#^> z=OC&M#Yde6T;{{1v%6XEAo}1kn+=+1x;*Fp0t5=d08^Ds9X8xSaB71Rdem z*hXKY1X-?nN+z7G7b(ecT6-r1%G)h3o=A}VBuzLFlU<(r7*e(i`qEO;!AQop@-5=z z(H)>>uB@od=xoon`9a6=8wx#g2J}KDMM}-Hy4a~7_}a6vB$jt9C%r#@HR)?r&iEE< z*$mHcpfgvu_>$!_Mg(RX_jI!*Mc@`^>y$;C8#4{%*C;AFZd(G_K@O*O4iJn?hWA3M zRVY1N-71cbfU&dQg4>(v7zd|aP6ErnSQGURfnGsj8gJ_fMb(xs&qK~v1Sf7Ol@%4F z17%xM(T|!qq{K1wcyGQwH)i_gA`=qfcuSNcP_tKeD0>~9S01e7zqiJrVUJ;OUc7dNCly@qt@xM z3=PIocYb#DViKzSD%~8ZAe&v5=bTiyqFNXIctL^bc7@+ zAx>E@d;$5xS&Pq_^U)-^)KQ2MQ{(keMQZc_guTO0O=$UO`_Ew0 zl>^t0WZA3HulJY^ve?U(_DA_%*!d+X^2xTaruBvM(S>LOIP4w!U1k50^cpHT}bsbT`F&4qh~{pgY2V zGh|ekFmTk}hFTz^$=7yp?O7JqoVCq&Qj2R;@qzuBZ+A-->NJ*IYKkUj7fcZwC1H+l zfgZoR{#dKOs0#~WD(u35^`XEwCqar3<6@^w9<;|UD1WqH+#5l1H7``;9(gjKW;eZI%}{dhZRc!N^613XTK=QrY3GDtneZ>kB8Abn z?Nq5uf?hbl+e84a^V4#NH(~R@-dtC+8!zj_8 z30`S^3gJz6A$$4n-eExMj@kjVWL}ka@&9#o_TfyneH_0d5hWzaW{MOFiNZtarl!JF zij-_AD&b0#VPlqTy;$9Z5u>-~uAaqGH&)ubWhyVdI3#T|^UkIXn=NCWYrQtQ~xK~w&gj)ua7}}Kfn2Q?7Cgg^IM0e z1OlC`^Qzt!nPE8Um$M znj0CaT7KF6)zi0X0$pY(D3v$A!D~2?Ofw~!)rQ}xbH9}NKWno7e;1@K25G3nKT>9b zM23Z_FZVg9?aj`Z`!Ng0Hwdt3v=t~g(;#ZwKxU+#RRr7R&CR8%<+F+ajv_>0_U&KJ zI1ehKnv=Q>N68Nf+M#H7GGNt#AXPO9&EOHcJFI=z&gL$u74EB@#6wu|T zFdftl-QOE3)voC-sM{N=JEJQ(w&%LflwhGKBGnCB{*6Ztd{sTR$xc2 z2NLaY{oPgJbXRlM#NBupD}KIEy*38bHVyu2NB{{{rYP9dQ^|^w(ozc;to$*{57hc- ze}x8k!mnX@Ha%GZe?KHBTKi^vd^}4MyR|4;@hN%>7<}d1-ReQhZEJMxON>(V@cH<~ ze7skW2|hU?;jb4}CE(`sP=Q3Ns;bH|%nEt!UDY-ckVfhDQy`ef4e_SR z7Xtvk43pB>v(+3!RuDY|q%{ZAWV6IwFjjMOGo*-f?}Lr{R%?M?R&zg2;S-7 zM+Xz}s=;1~jrxHMfzoRcp4@yUKXUouB&SOSK3SF^f%A?Cfk1%BO3ScQJ&`5?@Dy}Q zTxn@6M4!aB-eZLHKPGx27XlnF(Lq|J@mqhz&^TxJ3t3cie6gDo=_Tm0a*tdRdWm>i zacE!TrU`4gp0jgNVPTh!}gECjH-x=&tf^q(j^E* z>&>GYyBI@C>Fk$Ud>tz@!ZzDq+sE+6J8=RQilB5xRUeMUteYCAj?N5CPmayZ_DxDf zvjbAmh+;r8k~H6Y4wy$_06g{-<}8*J7Z(e}#FYUtL*^0JP+&dR~OLofb%>AjMY zKibfjGgh71^d?On`@3D<-hYF5<{8&SyN@n{+>zX`xzg38Pc3vVT}(GH0gq}Q7mF>R zP^h`NxrIe(ad9y?hoz;+@bK_s$9P;Wm&Yq?i=uT#KkF_=JZKr5Okt+gdKv3B^-qL3 zgwQ(oIdYg;Sh60=j3sja4LJ=>cf{%=C6U?@BIQovuc*O?Z$TJ&8p2Ih!XPX3~0L>yuD=0t3&5447>_#B0?u`IF=&V76vhsKif=;eS- z1dH+VE+bSXn)O}*7xs-l+P2;OM`d<-sz+37r+c4V1TJH_6LlpAEM_$c`wR?j*_)6W z@3;vQYYfZY4Qp1`qYS#>mf5FWuEyPbvlfs>JqzuLMKO*#P{8t-;XvgPX1G|TD$zn# zVOPmDx{!)U&hYR9qPXi8{Yzp}S~3%F`h}9pkE+qc(_}=WO(#$bTaC`yQ6pik_iD}R z38>E_C`vQUHU{ICN8EBbAnMwG@|_NChtZ6l9sDs3Qb2U@{+R~b4`+G_+g?8qX={vM zUvpsvT9c5z|3$@N{}Yr4$%UgPx>~_W6Aq2X26>1Fn#tN33$V3NdKj={wY88$cGmTH7w41Vz8RgZH*0tfrR`ga0@7d!Xk-0X6>d=2@NKAT z_U?0W4s}}^1e@f7U@jSQK5(CSl~!*JJpOv0X_G1_rXwP6H~5xhC%A~qDgv&pD>kBj zq~^c|f~GYICkC{xrm*x@%Pxn|LIRWP*Dut%d(Jr5J1AW@sIw$PCA{jc#{#F_IOY<) zCvnGnH?x2f(I?6D{aZi5xn#Iz>IUUzT-3rgL%}!43b833e|ne|4JkTaFY(ZUdmNxsk*hp?4wpqlIv@T zkK>rVOQLMjz3SWRyh#V43t*?Nf%JRlXVsjG&ruku!v?XZbdspKQvV?a z_h!v?=!=wEH#wUCJd&$as&sL*bgr+y@e9kp_6^_Qdm?F^nxBdA7jeKumWtOUuS)3} zo9oMNjQ)Cz=MI&W*)mxDVf(O^KFnk; From 862f4bba351de7611909a20b28d80080f540da70 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Thu, 9 Mar 2017 12:09:49 -0300 Subject: [PATCH 43/47] Improve external authentication docs --- examples/external-auth/nginx/README.md | 10 +++++----- .../nginx/images/github-auth.png | Bin 55760 -> 28081 bytes .../nginx/images/oauth-login.png | Bin 87461 -> 51667 bytes ...uth-app-2.png => register-oauth-app-2.png} | Bin ...r-oauth-app.png => register-oauth-app.png} | Bin 5 files changed, 5 insertions(+), 5 deletions(-) rename examples/external-auth/nginx/images/{regiter-oauth-app-2.png => register-oauth-app-2.png} (100%) rename examples/external-auth/nginx/images/{regiter-oauth-app.png => register-oauth-app.png} (100%) diff --git a/examples/external-auth/nginx/README.md b/examples/external-auth/nginx/README.md index c21bab32d..9160ad90c 100644 --- a/examples/external-auth/nginx/README.md +++ b/examples/external-auth/nginx/README.md @@ -43,14 +43,14 @@ kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addon 2. Create a custom Github OAuth application https://github.com/settings/applications/new -![Register OAuth2 Application](images/regiter-oauth-app.png) +![Register OAuth2 Application](images/register-oauth-app.png) - Homepage URL is the FQDN in the Ingress rule, like `https://foo.bar.com` - Authorization callback URL is the same as the base FQDN plus `/oauth2`, like `https://foo.bar.com/oauth2` -![Register OAuth2 Application](images/regiter-oauth-app-2.png) +![Register OAuth2 Application](images/register-oauth-app-2.png) 3. Configure oauth2_proxy values in the file oauth2-proxy.yaml with the values: @@ -71,8 +71,8 @@ $ kubectl create -f oauth2-proxy.yaml,dashboard-ingress.yaml Test the oauth integration accessing the configured URL, like `https://foo.bar.com` -![Register OAuth2 Application](images/oauth-login.png) - ![Register OAuth2 Application](images/github-auth.png) -![Register OAuth2 Application](images/dashboard.png) +![Github authentication](images/oauth-login.png) + +![Kubernetes dashboard](images/dashboard.png) diff --git a/examples/external-auth/nginx/images/github-auth.png b/examples/external-auth/nginx/images/github-auth.png index bbe73e31369840d57540de094962108bf2f8cf6e..a7ee97d7eca3894d9c205c3937d91502e52bea91 100644 GIT binary patch literal 28081 zcmafabyQr%O&K?>}aC@2=|VUsqRESMMFAsji5LMur9e05Fx6F1F>LDwibmVvMQCNwY4*MPMdBI zVQ8i_i8?yh%tRy7Q0>V^yu}~4Z@U$>1FT@Cm;V!4rR5ZubY`SFZFm z3IKppuAb3>1OU8^e!qD4wdy$lP^3{6t&NKic{oC!u=q0p0Fc31Epngz?n{Sn8G_C& zM)!^NS59^bgt$Cxy4ys>=#js2RuOmTku$Uw({VV(^H?f~-gtUEvh(3gR7Ilrb@S)| zKoy?=KDO?qWZ&+%bPM91+rJ5mx)kZWb5=Jao-p5U@+ANeOIRKCo)8vAPOt9e`=g%; zA-iXG)W63J;YLeR5lM=ko-ZJAHQL|pT%*Xn}4sI$>I z004REujE}HZ7FGVIbacQK7RF7w0lGyQCNG0;GXm`X+hGwwa{Y$A&nDx|E}2=-Fz(O zUg(;81Rv#S#Rq5P?Pq{b2BM9@wGLl*U0V=OEK6iPNXqXmbV}l>OBRRh2-U-4R(+fB z4wRhOE6xFP zErP+aUE0roJ4oJN-IE91pWIdkJzftWp!@`NxcRo5QDl=XzwY$ z=z;==!eGt;e^(>Mf*ww8i6#AS1pu|k0Dkea)!QRUmz$#c5~3&_0YWH}N25(1Rj7!O z{lf?So)|m;U}bS9yU0z363aKtou>glK|`XtGx+5mdPQbwX4} zNQhN8%$`>hKjD(94#|U1J;G1Y|MH+R##`h`IoiH9(`eI)-gj>ZVMrc}zP=?` zHa&%m?KFrv$r@#8*N%Yg80jSVm24pkFd%#AOszV4w?T;M0RX8<;cs5>Dpub7mQ=-{ z?asV#xjd>n)x2EP?Vc3Ic9Q>M;AZZG7>s6s)o2V{a(@xU^_||uzzJ_ertsFsJxTVE zbT9GAe0QOcP2bG=4Rt1#CUg^5Ax|mwjs6;XW)Jh1Bk_2`NqEBK>|yEot`}c#;uZY{ zxb!-H$DDov+el~|Xy_6z1r#1F+*UaAf1uT*T&t7RjHu>eXRc>{?q1&r>^lm22{=sT z@$BP4MXVK?oI+n4eVG!G0hm>ZwJxLx(Ym&p{f!4RGKC09(YK&0aSwO*@sss|XEc45 zj)NpA)m!{nh_L`5ZlEKKP6gR%zuFSc=Wy|#+*Z%Y2Ton_iq&NUD4m>8X_<_k(^#;B zh=)HpJXw>kVu7(s_m`c!r{7}SZ#F($=Zt~_A|B4if_@&!Moo!Li_+tf?NF`Cl=wOb zo|9ort^QOJ%-ytbh4la0p*3vwC+#!m2@Q<_SjLtcR=@41s1QeRrDB$bAJeajd{G*) zS=YJ5Al}8+IZ}Z6WFCzpd4%#ttG!1dp@9CHYKnvJeU6MQ1xWSJ#m_XZ&LJZ-;{&e+ zf|#!i(LK_%Xdxci4-pVY`u&pa%Ax@%Myh=tr-XjiRxoMN;Wp^*Vbt@q(o`dch$DX+ z{Me8GONWgGFN%hy0_jt3E|p=sd2_5dX$V5Rm0#aF!m0NdJ12x4 z3*fm);hKb7nj@cPr^vN=Vqh;}RM2qJDKo>oc#uLhk0V~|*w*9U#SyhS%R$w@A=G!F zCf;VR+V4&)L&egzH!|9oESAPB$3~fa%b7lTH~9iAhcSiX|2-SATK9ZF+kDoqHlTB* zY1wH{L7nwJtB$Q(%@I}qb1BM^{+hx4XW67GQElKyf86#Pd*Rg7`*0JV%^4Z0A-9ij zP3SAnmu?O8-!*6T++NaC04nH6-FPqlp8U6_l>JR0f^B{4+?oa5YM$FdmXf>Tq$qp) zt6BEDyC0}Ihpemwd3gZSZ>`Kxe>!Z`Qw2%ZHU#)x2mEF{&%Zetpr+Q8mq#f;?vgnV zKj(e%k|O(^>^bOQSt{G8rrKBBX{CC(#bu19f)oMW@z$>P-^HtgBcY{aL+5+>*=NIlqg(Y?G6^O zlZJkdR{d$K@g+fC7W8^76>=;wYfGO>K%_12_BSh<06-eTOLTs6ee=8A{jbtn^9h~y zlS0s~;fTOrT7*>pEW@{&_ZApBy$UM1xoY*;AhXV4J#5e_LCN~8oM4FfXQem;KaQ#- z&!agjV(6S(2-dVWAIBFQjti~4>P#}^O%OvTS4o}_HTIERk@zaX3o8aCypH8p;o4** zfHAQ%jMUWB-7$oI3}0RPUGC>+sZB!?#zrr6=Vll7eIe1B0hE+Ghu#4^FW*=1N|qbo4EGDp~R|4$;l&YKL| zG7;B;$7ZFHuS97e&9Rf$I%zj0_AYNJV>CC{@K`xn3s4w03D9)Mz5G)NQmwkXKeCpi zCQ@*%t)q8pD~u!sTLW(&0y?nib(S7QL5G*xyD5ElUVR&-s6c{l6e0!%YQKFRs)U#u zaLT}`k$Ia)63=T3t$xcjk^^x(#%qb`$zt^uDrf}Oxn^%#3qu7Z0$JC#%h$#o?nxUa z+8<8tnl}=dl|>ZKM;QdWSwI|V_hi=Ed~bjwmjy5>LZV=iBsJ^WKacO%AsMMRE7taN z)y5JG^NO%(hcC7zE?ad?p)fK}pb(jc5EU&oHQOsC&3EN(0+ry{FDqMDz_d{ z6IJSmNT^>PF3CHUb5tn8uib2*o^GG86tPJD83oO=n}p6sHFMAp3m@mM^;2Wm&55Pb zc9j9lkI66;*04Y0>H>?PKWEC>WQQA@M+S?8jaWa%ROUrt8rE&olpA%#`uh1z5<~5Y z>V!(Uh~&*qyk3vv9mGtr6UI@b%i|?JBTO9T`emrEf*VM|x~Vj>_FiY8=YjdUeZ$KQ zLX;Lhbt05XcyiQ1^V#7C4lD!{M2kQk59=9#v^CHe5-hq z5aA#8~D914?#phZ}9Hq=6w5U zn%drE^edsTUlQ^%SvkU!yoEj{!avv7FwC55I?cAGdkP%5wmm^CwLE%z>cNW#mZ36j z@uvOITp4KeU|p4T^9b`QDt*W-3xh4zm~sHaZ0M%LFjEc*ln=K`xz47MJ;<`Vw`vp2 z^DxxUE@q$=4Z0Ep#R9_-9B7vpI% z_~D_tHe}9${oVK*M5v-EBQ#u)m3BR9?xs(5OQ62CQP;Tt4Rdd1HppA| znf-&Q7|1MXM;`ZbRHx3;P(I#L%h zz_RRT#`M4kJwNj48KT)FS40g>{_X(?Ry!_ z5NcUvFhL=hZdL6!Yx4mwd;0ft+sg`Ls+&((0A6bcNH2(Avi`jh%-O!Y)pBo`tFv1~d zW8;i0_4qTX{<2u(?{o+Ydaj6=KJ^ATxcP=jrDzruFzBKn4?|ZCP$Ut2J8>jGZKJha zOW`SbOQF8THV@QO6>V_2T#0Z8Bv!Lokj(HReED9?lQ*XjGzF_oAE^mA=JEHK4_4~Y zPgj*z-iIsSw3pnl+Y=30VOMdjFnAJ)63}KwMGdq!k#hom{7L0uw;-M2e_|8y#KtJ? z+gK6&vdGXW&+^aa3|~^#+P99vuW2`A)>^d&RDOv8CkxGP{M+3m50Y_O}j ztR^C~5JZUbv^1~Ti-QDp=6ChxrR+XWzEI)xCyXnmKX;Z#fpK%4PrrFPVXft6@XRkG zKsZHR;s4U1u3c`Qi{`V1Z&hibOJv-F1;E+xQRGB%o~^s?ngEKv4wFH+x%kUmA= z|I!A6DlsR)>ADTCw!Y-$`7mO-bEY?R)8^1hiI}XhL#qU9Tga2e008LDwWh_dZyaHL z$)<1Ubd08z+6U|Gl3n%T4){>~Sq3NQQ5l;YJfJKwK;TRR7%4|LH8mxNiHS*o78Z^O zv=GZvLQhao5U4R0^hXrksP8jPbbM>8pV&I*yQ@(_{qI$%k$5%&as%d7&pki2soIw@ z-HYr>i{!W^-x|B#9K&FpTddIREl~{zhVu@#>r@S6)ubt@!K3`EV+O_`WlU@}G#7C< zf$;=GJ^1Z#MO}FfO59GcEH*>oFI$n!w?&Un3jpxxcdDVOeGU|vj#LGXunDy-$;(ov z@ab_~{`^(tO(pxbDLrAUsPjUTMsxxG>6!E!iOSQ8pPsYH3V+eksidBG0Eps#XTtsr zX#yKZymD`om$O(p-wcSqG^%R^aEIqP#KXd z1AJOz^bn$eHR}8th)JH(*b+Yl7gu*o<$V^1yqT$+SH- z8nnTQ8WSY>aAo0twHo1Q1ntkQ_CkGqM67AYnTcB>feImt=@Y&9rASSiB8aYUNW8T{ zRtfpcSW%h2vdK|VeT*b$xIQ5f1}x2Y^9;NFJr@wI0)1u^Hlxa4IWV;_2 zlQp~&q8%+6Sx0iIRnAIc{8Fgs$`kTWG4WEea#eZ6_T`GoAlZgUu^y<3Qve5Rz^OM% zwCCx`iL63_OdNI-VC^3_l_=YV4>P|Xyc|py=jJa_N(hYoaV*~Z5@<3?F_K{BpPY?J zCV;~_UorT!>PdZTw(Jjqhe+9W|0rAa%D}*jZ0$m6ILg zIK0X^pUDat6xI9FIo^;ayZOCaJO)12dvPohl|4frbD4@E@iHj<@FIuR#RHR%8bT0+ zW9tkxqh!)?Wv85q|ME`>ooXaK!nwRlUum1_WD2}Fvpi+^#lx?x#OU`o@x~2F>E4P5 za+(=X%d93s0Sxu?z;YQLo7Uid zODPLFoCVQ%|BR96!|VgJ&oLGOZ`DgbF>A28exUFnF2@0m>3IiyAKClWcdPOOoV`;P zi{y70Y{x^HHyYv;Eh(m}{7)I&>_Ac)$rX#@y^E$zWhVp`$GGyopli(ajVF>($HdT*ENoRfY3oO37D{oIE_kKk&W0q-7 z&9gkuh2(1Z`XR?p_CE;WOam-G&4v54FUn zF91|ZJ$AW%aLNPC|RF~D{xS$|< z(Ko4$pHAVEW%VKs&AI6`Iv|9<@1CdmM_IY!5g~zC(6u)zkgZ8(ctz!p$$Eo0vA~P= z=p5ck{$h+RP|WfrdPo3UpUfxBg+bJm*B?e+{3b~uK zr4zL8%_MByXwcrf#U+WqaAWDv==R5Hn65WYY`6?BDVBl__V*!wFm6gncZeV_mQV-y z6aHR^_?I1BNNK?bK7y|lGgi|>rX=sN5M4W_koNKoFHlu8#oytzv9+ryX%5SGI7;r3_odVE_0~6Fiz}1 zw4ImDE52lxFf8#WS(p8YqI`@$gz#`uy~*p`y7I*G^VAog_V_eQ2YMWzw^lE+(*mw83EA)RgEtt)0eI9#+#4$WMx#S|z& z@ou4S|Aa|GPd)+n$Upds`J5!{HVlOD2w+@b%D`A8?YXOFK%L^a|8e)rHF{e-8>oce z#akJB_Q%bx6|C0P$F98)o&~E!-vo{D!i$KE5eof9Ywz;73Rx2Sh_P0ZF{7rlSMFhW z$K!!ABBsgj3|W>Eq6w5*cL)j@kkyoc_Kg&Y#F$NVKzSQX8fDIBQyZ zj3o)kd!n^I74BvRJS{M4O5m3$u7`YG>oGeZEO{Vu_T=c~s5V?UQXo%wAkuyNNhI(W3gZdXv=q|}}|WflW}K9c?mZlsfuI}7Rfc&3?1 zgUm8*q}pYwxWBW+d#jSAU#J)3OLI8Azc9Kh?gu}da`;8>?Fl;;s@+N=V^O609)1Iw^UI@`Kt@RPsM7sWFRcy+ECF2;1)%aO`s!OJ zIPiw0bs+cK=dxJHsEjv=qx+$2b3;(urTqx9T)3k@!~aTw-XR;`QA)l@R%A4!Y^g&$ zzL)WJwe>^%eM!nj;FP9%C5bHAU~eXnt}3={p}M*Uz1b5R<tGab#xH zdk39wdu!+Zc+S&hUX+m=vs_cU@GCk#xeq{B-Nvu8OJ1e@^~4PXBjQk8QsZy&pRT?U zs`Y#&_D&;jk6C;vR>{gX|JYYM=6i-%h#>qe#*_k(+Un179sVvG_Ln z&vs8BE6B9RHVBakyE?lnA+8bmyGoGF4YX&Z`yrvAKs@3rF2ZWJ)}?9de07P8is!@l z#gREfS}hn9c54y)ZrVpfls$^e=C7JL{_<6y((&&q?33qL zBG-ykZ93sCz}t1LpzrI03@2?&xi62Asi9ye{LrE5H?3?DN7}RNsyo=(UD&tDON1iy z)BN07C&wfl4!Wpc;w46T|*<%L#HI?Ujhf0Y?bcg#A(mDJf+~B zs5IyIvXq~sQfFml;J*N=)agZbt4*kH4Xlklk0c8FNqHHm0nh}sju4T9M^R1p-2goNB@7>jmk(nPNd z1xDa0S209cro??ZAj$E_kew2Mqw?K8U`Wl6IyTHMZ4Ydtjotc=4G+t~`2><~X5GgW zC#8>;<>1*$2Sm^i%Rh8L;z8aSrA-A$RwklEO_=K)BL}@la;&`lrBY7x z)VtS1H62Er^-sKK3%%M+_6lB`Z~%+x&YP2b{STDZ-9`F{V}+#JN}jr(?KRO{r)49LYc5${Yi>7`kbV$*$C-gkgdCEw>L z2XCx?z z^{KHOOo&<}vd8?x}Mef_C(y zs=XGEYREUQ6O;ngkMdi7nN1EA*-WN#!i+YVvKHiU<@slc%r1TG zNY#fLqwfv4Ci3^IJiH*!aj_XQS`_sXvKedl!zR8zmawUxh_&7>JsM`t!Ed@78ThbE zp0IlDA{3poeE-5_IbSw{bL_rbN)afUtP<`!CVpAh;eg@gM&@dq&tCd%sg_k0bnerM zeeiYZd^YFmUKDHXlw5r+Y=*i=8zKO@Qj?Kzp>(SEJb)6p%J%uUrr}sJ$bgDcYdv0V2S(G5UlFploa7YWLa=>jY zq~k9r*&f_w<$}lHF>vwmL$*%BeSzF%t0=qVSo?8_0gA3E&ZGCzc+ylnB-$eCS*h#1 zQ)A9-n%c^ah`Vt}kpPJ;cMgt$2Nqscb%@EBbTfZQ$;w~fD#cBo&Y5?QKEx)+zAM`% z?JviC7S->1O1;)>OzV-Uo3>v|95)wUW$GPvjdl7ex;eizo-~@ToAvRW5T)#yxY;@P zeZGjrZRJ3sDp0VeINhA6gFV``c2D%9=%){aXWo2xXAi4i{ysp%Q(dxSucCF7ew77B z_{9iyekDDLHC)hsmWx_Ok2A2DW6{+3iYL4%Jh%am+I=VdS&jsDUgl~~jG<1hnIZ3{ zfWev>cVmnRbsBM@CZjuhj5p=Q5v2on6CQu~#mg=U=*blZ-XrxK3Jw+d4%;l-&-^ z`3Jd4!}t{K<(B>Wa^iS)FuASCO{;UQCv`GsSQua0Ob7dt<#+NbjP!GlaFY&H-LS<6 zeKPyNlLQi3!dcB!V7jqp$Q(k-70l+7B&E-e#r-3K!YRs9<$?PzNST^BmQ9_2Q%WhQ zW(2foS2DWe{_!%QAJ7`!gO{R@TqkQy_+DYOq^~MuSmI;Qdu_R3co?x3+c0-Jc6(2W zg{W-Q&8!e&N(Trtmn2B2$sK^#P?vnb26ZAHAuZn(3jG%Izop;%}c?MjV4nNhUVPJ1lM3H_vHh7y{Og>PbZX9-4a z)4VlrDq5$wLaaSeQpdCV$ zO?jN>3{actUr&%U@XX`7e*V=HTxNX z2n=DXn2oYX5Q{4aqzGu8b!z|UGHLy$K9!vy5hM9@3c?U-r^w&$ztbDX7fCrx5-%yk zkxV65_&h#81>^JT7t_{wpNisRO0cKPEPpT*)Aq85+v&T3he9%Grug3%oYB88we{K5 zmsNI}MipHhsV9B+;NoKQvi+eZ*A3Di1t_cC%A99@3olkBS#Dl4h;p!hvE6*dA@aAp ziSRBuUrm}W>v#EHgeP@-a3k$3`h1kxE?QBbq11>bGVy>g(@mVFKrDcd3RZ zDv9FR48-Io-l1Kz?~;asSt$uFikV(RT0V z<(5G3l@hqUE_r}At=mgXE(zNrk2V7otxt3AlU$7|%FB*!@-;_%tlaJS#ZUc=DySA< zD6V_zgEHQFSP*EoM$9?J4di5Zn-S^etcY%vna0mWs!(BXh4 z)B#BCzLX%NZ>aISNUX>Wc}S7s$es*XZD>dz6q+$M?kR+fWIf580^B6>*Ip<|3c+t4Uzh;jyBwO&vJxpKxHnuv#9qb z;N;>KlHOYWmQnNqgWbl^Si@eK8VB3)9y#T8_g{q)^3ZodfktjJqE$Ew&xRiy*~4lm zXN0|olon_TKA;tN9sY=4TQGkeZi6#jEvk8x=Av{#2iS`r^Xm3aOq+`zCoC1lic&&F zN=0e;BY(zmv#*u`(wmZyT~KT^mMipk`w^%1e)yaR%j}c~>+7$}3padlyuiF7g%62q zXYbT~gEGv}B>JP0#)7DOa{xB?mLO9~Zzy!XaVg6iv4(Iyne(+H?D?Uc}&4eck+-SxK?w51}!m;I|s?6DwNx1F` zEioKo=37E6NzU9(Q99!xo(wu>5c?modJHX2LcJ6P3km~}+{Qt(Nmj20m5Q%gv+A(h z+B~4vJN#VnyiU7mb?&0$ip8>3NUCrtwmkGk978L=e#d^C^>m!Q7iu^#V7U(X zEb%xFb{;71^u^nXz*=K|Oq$btrwp!xf4l6v!*-9LSo=EsH>cV^A}cNo!%*~t1nhjc zR!Qo*In~em{pmKWgxbp}=R>>}m@~bT8E?xod1x~~CiRdvv(gqer|e#lCG6zY_UcFc zYw!_Eo)0v!l;llO6!uWVst^`M5NZSMEMI6pnnCnCbX2r?T4Pdg7Rd@0A*`z_eS^Fb zc*Fe-6r@KWAzMc{2uDfJ&d>|#XD2e>xn#Si7^&riy|k66d0*7|cF`pp0^6)lP5p63 zA+I&QoIE|ngmXz0Sm9(LXDL_zygZ)mz~z8JN8CD#eni&fOqf%*p97C0-+|X4<4gr@ zZncWTnK(XX^~>P7((pEHc%RSFVv!;BVPshK&^y#qWAV|OjQVaZ#h+Mb9;#m#DLUW?c$>wOzYk}u=$En2Cu0o|CD*kjUnb0lGim25{M{ zf=Oq%R>7PYA_cy;2aT!;>ELZNaPoBdk?<>q`?T-8(!lkv@zd2(t7lU>EO4<#3SskS zMHB^NQI)>z6aUg9c$4wC4gFWWpWGWhQ7uny+W3X?x2`HY_C2!LR3!@=4;0%qhhmfq zJWf*|du9&v^F}qG?{gnsEoE?dp=T+?QY1)SLn@nm^}TZ^jY#$sTtOx;MAX?m)6)%Sja70n33HkEh@8g}nD!{EwFkQOPKTZU`O@hL~-c&vU>c zpTQ3Ulv71^rTf{b!V?TD=r097Cbj(lPbU3%PexYPV^ragJAeNg%v{0D9qQ(YNGKc{ z=`iSsQGXO!`0z?VIW?s#m~W0j6iQe$``jQ+`hBz*c~4$-7D;;jALaUFBISBY;&|be z)A@{jaW#eHU0*ZNkJ${6wWV5MNw=NlJf*6K{4U@306~1^)K~+CZ57D@{6Jdzq#sxK zMf;68{3V<6Ep#2*mnqBH2|6ELo~7QG=RjBo-ij2)9Ib@Xb4w?0q0^iiW3LvMP!D*n z%)OwtV4R`n0RuBPtLrtJj~>LAojuhxPK`l0EUByOq^M)<*W3-iO-1)8;B@g(&w+M( z{^~b);vW_4!6g~YQRSsK$vdA669{nwmaYmeWH)a5iBR z-Q3b+7Nnktc!uh?JFP$DLDf>5XP^#H>Nd~{?|j!rAo>r1#9MJ9`B<)R7McSGMV;e# z7qHC833K7i4oc+%CDw!JZ>d)mRA)8a$(3t=aJs)lJufV1uoOFMFvvqsmU-bqi{=C$ zBTskWC6WeuPb~6r52IDJC=hAkaq`Hly1H|HcDaDC*?8zgrr%|>L40z&lbXrLIzJM( zt!gb~gTLpmYxLgiNVgTz7IsZ`@oDs`#jg|{)8Ni*k+n3~$vTbsTYq>yM%|Dz`yHIx zmL`@LvxpW|2&cv2?fO3XT-kVCOjQ{smXFW)T0tng(+(rxJ4feI)ui1?Jh!3yoO^Lg$Dk%qk)LxI&DA zb-1(IKJhu9oXWLyVz-*u*{0wCCgm(PZ%eLcMSqWI&{mNdS_=M>u1REvL!wulWxl*5 za=mdlaT6Q-p#95Kcw-Db_5e0F+9t}8s5PJ1D1yv-emR7R3!J~#}up$yyZCXN$M+5Jj z-Z`Ve4rnilZtLf{0Sn)GyBuLcm=M2@fU+XV8>{A{(=(%0?PQr<2RZhXTQLuI&1-%!hffBX`8+96r(L$X#$d?fnZMWlCz zb=}w6Oa#n(sS8R}Vz2F0lo<6GE496NSXc@04dv~bE5#F#5UEd=^C}}^7q|7NL#vo5A84`~w&|N!@R5&vHP9 zYDLu=s-SC>7r2z#(8N}n#Ghscb!K)Sm2D`%pTr%UMXgm+1u{QK;eck}<-8Q^ zpRCd8%hQg!SgRramX0i!f>id?=B(seWj-kdr2c)MgfTt!k87J| zmV^_wOc70*v&(bJFyCQ}q+hXps5{I3Rp!r~1k6fpwub>eeUM9)tJf|^)gd278ny=(E!ETeZQ_By_N7rvzRReC~bj5UL zeM?!D*J~(HifH!Hz)dE}utQabeowLdKhW_)6!Qv0>uA5IQ@Mv9v8fxx;Uyki>U8F; z!Y0ohxQ+5Gfnxdo z5-}Xre2Y)1i(J#>ER|g4=@o4G32=h{-##Cq4@`6E7W&8^oZpAN{_X~Flf{2@4p~AS zT5;&n{{fiWP-ZaHK}0IlMc6P}wx=$GTu z-$l6YPTwBy&m4SrY5RcvlOtgrS{&>k=?$3S_lC2qkiVlIaOprCuGM}#7;=$Nae%!$MSk zAV-zPe6Y)EqHb?)SX{!I6sSwt`MOKrS!Jmh*CMAi=uysT*ctZT*IX~aY!;vOdpy>! z#_F3b?fQdAysm3!JsuHxU1a?D+2Z%Fe-Va_B`( zYt;}rJP(ndlQ)}#`iwJr&_^x>Zgq}!Hw@{Unczjy&M4Jo_t9Bg$k|IkMi;+s7W~JgBm~{9 zqf3(<(XDI>*WZa*=!D#~33F(zHSkQu=G#~O3Vhf-!(IoT37NPra^C$}KFFI`;_|=O z@_%q(J~74YaD6OnYQ8>HeDr*2><0CTohuo9E6>mpK9iwY~CnbnJpAA|1OQS~)r-hOi1;1f(= z&{ufedd<;?9{*N(5c+d$I@YpEvoq!=8#PK*dnhxXzn40L4u!xh$-C@(Xg<}MaN}eP zYqN%B%${R?^`B~o0p!1Q5DkAi+qIp=(1gIh>i+y~_+}vq{@-12r)-v80n5I}K}4f~SP~Y`vV5HEAbk4uUwj6-5 zb@?HDn?CqRb2&mofm&`#$}>=16YOyx=yQujDdO&P*!Ssa1LEOU*em-^7j;|rE~Jq- zJ#*m0ppGcne$VC%&dwR5-eI2Gh`>nwR8e-TS_~GY{o6^N@LpPlbqq(hOSUdFNFlC5 zFYbih?BI!**}w(fmvt$#r@*asTOgwH@%-h}r3MG{88s z-)p6J#Po6Qlf;|lU(Klwa@kK(?Hu2SM>H;W7VRBIc3eO1FFY&i)g%aAy$^9_#|c$= zhVmLFMZ2A;Cf2@A-hoLFZ(4cP{**+2`Zg4bNTMU&r$nUIZ(I;5_5W4t+qzhUcv-Rw zj!3;PA6?cV+8}8DBPmYm3tF8WKJA!h6k+B0|b3BQsNTMD6TvBPjyDi;#e2@e?P+iAZs0vs1YjIYP{X zh#;*qeweMbwRN-8gPKz)0-t*t@ZnfGZVaL>Z9a{B#=G^2WuP}aTjPp&WO$gpaU^9~ z0fECDc7v0{-TUOs%M5#^1K-QU^6QDxLjkl95mU|4!Ahz`W#FX+2d*ze85o!W&6Wle{yL5N4WR$N`>UG z5etjvGF5b_JyR*n86i{{kWL5jDZ=&n!y(TM6?pkomr--=LbfI$^c-=^WugK z4ebUgx`rn23$RAhsMN8^(y6Z8$u@4kXkIQ$DJA~M?Tz@}!ah@$$MoXzWA18y?Gso~8IdFOPTzZ{^Tyk!*ozUIEvem@70V`e*5N9tH5^mS#l zQSb6wz~1U8rdhk)VWAEGdFphI^DnRv;l2K#<}<)RPEZ*2^-P0lng`iBxT58jWssmq&_b`*XA)BCsD$6Sm-4Lg@;+kT2KEifQk%;?*BOw- zaHCq!DBk`C4cDtPWk+s;N;D2?R9WAN?bQZYWD^Mb zMqJ33=&8a|ksC@S6Zc_7I0_}O?dtA+cz@9ZTW9r`S7r!}s zwUF~{BI>Ie!mt4%@<$enPOgDVY@c=uDo1FigFVKN8<&bRxL$8Phw7IVPBf9F=S_P{ z3^)W)mHt=^ys#qb8e6h}u2!@I`=|ApggQF;hTbpY>%S>^v(VU#_qls9n9$Yq-6TLO zttad8cO^qGPXS4y={T8UR>%_sbV-N_MqEmNDH#%3GeK?LAqh)ApwA4Da*;lne+vB5 z%36d$V>2;&0EMs+nW)S#lZ4Eo+&+J6so}#z5bO*AZGIeSMF!;Ly)&v@O_sdC&d$4h zE@k03Uh})4Jgzz$r^&X&80q$dY@!OIYPII`pYq|86~o_WzmUXT@DOpabnDA#8ZYVv zH8*o}V)`>G$)i9#sY!q_o>_CovBEeguNGFGe=%zTwr@6fP9`CU&|f#vcG0Rn4}TrZ{orieu%2g7ralw|9E2=XIujEkD47+;9L5}sG|vz}hpW`tmE(+jZbbr;Nun*X5V*fZr91a?7GKp-yZF<1b>$*2cH-~?QiKE$5D<_S zq!W7iCip&Uz0bYte&2oWU-yp})=IKw=Ipc2Zu2|)oY`Z@^gS%L#ws_J$HCXjUG;76 z#Tw$UGZIj)Msq-NzIHMHP3P}&FW1J6bi(R=nm!gvh=l2{(M?jRrmzA+#9IqsFU_U+ zc*y5|$$B**ls02(r?B1o}xsKgGk6 zvU5osX{6Ny{V+c2=Tf}El6KBFM#;ML z?Z*81&$k1IzH8+r$BR7@d^rm8FEfkk^jApGOfZdOUOgyE3;M0sG-MI3|NA^h{}nx# z9^m6=$|C}X@}p}u2+R7blMiMVhFaCkPg>PtS)eFaGfnZGk5YHfw5L}r zHbwme!qF~a3KNv33vq5H|#tD0rBVD0#3B>QTm4KrHB{F8UbyS zj^GB)_wLNBJ)(KRHWckow#Wk^7Nn?o1#g~Jaxf`;!HpEY6)ffdlX6w&m!@U)>V%;p z1BteW>%gExGbeNj@v~rNO&gb>j-3jZfFx_Yv6imNJTkeC%3`r-?Dm^QzrRx)J+sJc zorA1w(nAT1IO2xaOKx}z{dnQOj}|*=bxB9VBq^G=>`6*jhTn7{zGZw$wpn5l=?t0G zAw=11RjAz2a{XWKFG?3t?>MXd8k8$2g4JRV<0+pAz!hRjv^7tNL|wn#l)Pl9Wm_md zndfz+K^1iXwk;Gk$+!7VcQhoHu~+2dkDZssBi3B|W{KdEf$IwNqg{o(8}TrjF5EF0j+nCwi}DQk&>3 zjQd|u27u52zPpeJIfsIwXjTB-+yQBwBfvl3q5voapQ9m9Pv|tiGgBzxZMB?QX|F#x zGVvNwgnmP#A7pWqyzN5V-2u}a0C~CoLHUX$GA+G6rQ0+mQ^jq$&5!!r-z@SCWJhAw zga3svb^0>1kGtJZ-~L!9-1487q$*~uzVV0YzrZIRdI5<0oQ;13W=)v?9~)jXQ^5wb zxBviIhObr&4#)%mq%RFh!KQDD0Ir}Pe$@P^gLvIM2hW0WHkk<2|8}@?Vs+fN$@vcr zKJosyDu4_VuPMnLWG{XMuEtgV5Xn9KLweRlFWhQrmMFQmx0jq_9^n%mbuON$2}iL5 z5%uCXIqB&S`}n?Uxlb(Prw4cR!>u-!UA_RQze8MHGY=2fJw78_4!oof` z&15>$(|sH=Zl#!}WTs5aQ&}v@;GyrZ+imxq?e1?Ee*XHUJZ})G_kS_tY6AxP_Zi^- zF#mdJ44BNHx#C~ju>ObkdH3*U__qyP|3iD7H^8WYDdV|u{+UQ#2-s@vzgaBSZ{xIo z>Y_w>txHSuxM6uQ%pVcCDM6pKCGP!&p=$G?=GsrQUxhr-6+}|-q~Ii>^j+vZV<{Dq zZP&ZgLA3L}!CWMiomXoP-^_j1VXUy%V>6|D9*E4fiQRFFbEWmzo?@JuM&}t-=;-%> zw~M1ml!nQU5xREV@A_!_KK-aQjvCf`dG~%XEMJ0BOud@plf z#2^{+^^NSYoPsC61wK5W-Utm!kX?ws|MGsHAI^Z^f|g=|$>q^S_h3f^MVT588WnW5 zV=m}LtbEZLp4W>c(QTrtth^N;{>9_sbkgMeb|{XhET5rOb^QAoQ^Vb*h0?B`zN3u& zn_GU6(&R5i9gwpX2i1tHSdDG>l}Ic4g`@V@J+FHNN!)E}vdj2Nw*x=J22;y+zmce# zL@#_h#kwy|U0+=?dG$GRp?XOhgeL53^&jZnYj*{g`wPm?+3X=;cQ1F`gYE(8G#~Nc zcWv9%aP0P8ufL1gj~$K>3Z|a&7pV$YgNvUZ&M{vN$=t5?z;3Zlht&xB$|H6oQmh6j|5A+ zbcnH2DC3${Evqx^^1tPXKVdNUVlz6m?~X4)?y=dq8; zC>Imqp0uc0o@}*I-`$SMA@v-h8I`(QS9{-nt`^WxHH3NCc+qS-{Z>$t)UJP+7ZPo1 zQvIz-n!~7Hde8q%w$M9HrYF<(OmG67G4eGjUcXD_*wG{i4$L+L@n6RRoImBt zDPmw9jxX4y??Sx-<9W4PjC@>Y8>`%=-F~LxRqyik zo%_1WejIQ5Ci^pZz%5nJsWw0($sv<%KJ;^7o%E1KNDiy_kO8QDKJ&X_+RoOP$BTOJ zF^gUzUAE>Vv*WqGpOQbmZlby28&%bTD^P+NPA(>YVm0uOFE)`2?42FL?%R32x1U}* zaVE7T@*;aPiy#_ByILS7SFPy7tp51;!7It9yGo)D46QWQ>Q_H{h;8sca;R<5?xLdh zlOm^2J$wSbCJfiR8mI<)ikRf;ID4k;{6xv)Kz{h^mfOX%86xl$(=}d}CiRj+?uE6> z%37Rk%ET|r-!1c?cIRcjmcPb^;F^9(*2D)GvVScZQP+;NRCJdFN5VF>C*mV>jSh^5 zyx(tozfTW&JlxV+veisw8C(=Qv8)PfsaU&m>!_hn?i3MG@3v^rwP<6iCZl8C)?FMu zF#ECEiKesP`SO|`OWxZNF)uTAOkW{4-NrF}L#Rp_&kA46*94s*@CFQ^3=RyjA(0+-)ehrhWr;VkJQE0a`TXm_gNBrY;f7=G7X+i_Ctu{*!JWYKQ=nuZb+ zYRbT{K*@7`VsU7D*fFxJxvo2^xRB50MmbM-U=A`xkSghFND4dvEQ#fDELFwjD9s)3 zZ{^)7^dw^-|MH&EOC3fzN8FIK_7tq_F;G6?i?#6+0eyt8ezcuCy!9Hl^?cFzt)pxN zSLwH%EhDyFcExqas_4D&-I*lHDS@qgVJ^B`@}cRmSHZaL$Fr#_Lsvbj<9r>wHQcef zA4OGZY@{4cYRwcF60z}YPYiQo1M4aPGuQf;8J+M0A`z(%WAfiFS9U+%_cVT+89!Ql za`|vIV)t0=`S_4(Jqzn#JX)gk};EB=u9x5hR9fIQInr^0{Bz~9N&{xj~OK#_!h!u@~9|4sS- zU(25CpQ-ljpIHttbW4qYV3>g1{-NFfhdkh!{}wj>7LNWSoc{>tU$?1$=vF_K|B2V$ z*m&NK?o!y41nUrz&ar|Kq`w0zgA7k0(uN0TAh{ysMRV0_wEhm#Cqr+8yLu$@g3Hkpm0UVqAE{tVv6u6`~asBoZy{ynuCph9D9R!d2 z5Q(9?MTt^NQH53CMisrq98}U9v_WW54~*eCaD}51Z2_QORZxLDXgv$)HAx8zF;bfp zu^3n7Q^A(fu;C(=l^{cg@C9KJWB8hF;-T;Uac=7By!K?+-bsq zK<5Lskr*V?cU7$tMXdWPMM$praZX6|hW71W&*Y9b+66{OM_Z1Vhlv0y)Y;J(ystDs zZKk)Qh0RLJ5kETpIwb=)qzJL1CPSn@yJ2&=%4wp;iE}htX_2J)kxUizthFI{cX_SE zHxSOzcpo%(W(RK$e5)@GN=gj#c*=5Q4xeI9H3_=0`k8jelAbCJ*pyxwK~rYUnEAbn zf7dlg;r84mq(t{+ez#DEAD@U?E>R>Wgs{(Uq=c$}n3NM6p#bg7k+LzJtSTon)=j-vtcMupYsaS1Lba}5TZ>m|qC<^gi#%|8 z?{1;i&DcbF*uXz*pWl!Z^a1g2>4t#x3$BnpSLPibjC9^9V16YQ+NT!%^Lli`S3I z$=UVXD?okW4k-Sh^%+iGC%nt5RD<>zvIm-+Uk74>6z2`M+}Q{=2j0nYkH`6y*YE%HKi z1WYhAFWXm>@bO)>*LR^f?;s{pX%cb-MLwFMDVDw|=hCv0;_~uR+#Hokp^Cv3D__BS zTNjVsxTOrfFC_x;9I!CezBrEiAdBDBs1;f|RI(x@O#rlgy@hWb6qu%rwVd~Ii0Smw z{vCP$Ah<3HcjWP|N2k*RC(Ti27-gjOQnWzys-b-EE*sGOvK7zOAyy zJ-sVfj~9o29zDTJZ)B(*6h5obHiQu+9xBZFVUFLee^%v_m3!}uViT37vkM4ANaXC; zZ}LMG=0tGuku>E5HU;BMC2D0tMwD-N@-`|Xfg!?)LXRT-eA4XP#+i!K@?KPXvDd?G zqw4d$;}7lKMC=z9pIwRF?KO$P9GapUH@?oP%}p1*m`_Dx7^xa0v^vMvXO=~(iHD=9 zQrp2@JRGI=l^kpAYZ|Zbs$sF_v;0L?QfXO2+U@hMRm7NOYMkJRzogP64P!euk0ESg zx^VV6$Zf3lR2e&@0%_VhdU4c%ahw;=MOfpz@K~i&NkQcM(&lGqf|HD5Eg9=#U5gq3 z+OO+vLWZ1_?d#Gz?Zsr2@^Z4T@WiprJ2a;iSPzTm7TA?GudeG_lpDZOSwYcrYOB00 ztBHqpIR0wrJRKVIbd@eYQEMc$q+ykJC!!${4nBZ)zu9qQB3f-90+9tA6W-Yw>4k}d0R-pjKDloIAwwYwee-OVD`Uz zTx7JIERLK=hN+aw5UmXSVLds zxke{(pY$18q7R7--@K9%+#@=@(@@+=U2TGc!FEbq{NUwBfpM5ms!qUg8@Ij^svn4m zN)~ifPx}`{*{JiPjTplqV#cJ;1g)~A$mwp-T~GZ(+o&!SGd3m>-w4r1lW1yToTAwjyqf1Q4z3h35l3 z2qR0z7+fVfpEF8)jpWTr1w`I>%jTOB!D5$ViZYwZR{+#8@hQV12S3RP_Gb zXr&ZLbgyt1de9@DtjzCF2m1ybsbsRAJ72cup;}^(>q-5FDui;SMczyQU$K+j{CFf$xpxJw$KY zeGqzbv(i-_PqaiLN8*YKWl>t1H6)|MzJBVK%IlJcoubn-87`iKwYE`*LdfE5Ll_+$ ziV=YV%0)ip4$L$uI}y_Vc-R2l@X7Efi89J&EQ>IZxTq4T%L_OGDzmVI*fz#a*Cd2{ zRwO%TE#mZh4~@kYNYz4Svr_h+C1^=b$?T=7R{62EB0Ov-2y|a-e%!^cxNCUYx}?5> z#6WT7(=|d`GI6P)^MTJOhu`3h7!-^cV%2Q##an;P6`m3QZElF0;Bx3AxU8uKZj~7o z9hfS0)*~P<9 z8@0Tap#69=J-sTp$42ddIwe?Yv1EOAy0E4jDH@x5=0{%^V-UtWn-bu%qe2A`R%*p24g! zYl=C3FFaRqc;yNY#;yL7>f7m}ei^O4(SS|aY7(%2&J{gyBRJMlsm!jGVUU5M!Zm@u z8gEZh3Lb42zNr1&5|r!&6Uv zqXv3iJH71kXuDsVE9LbE3Zh`cUYm*IXF)gQt6{6D`G>kT#R1_)u_&x!89{h!=CFSo zgD2T<>&CX6HgmiP%vQO7YyW2W9?7M}iSTx>zwb!@p=%%lz0N?0W4i)5$`Bx|K5K;+ z#Q>q84~cThh0h#er1gC?BUf6oN?wrCxAt7+EucY<1Vx0J;RjD^y-4x^A;GSc{KC3N zaNa}!iF~p?p9q)MIUuW^PZGvarw}E*kp?}ut#fS^jrj$GR2?3T#dwuW*K|M_$|6Q8 zX=>PO=sZ2x@v8T;GPUM)v`SvE8mC51_j?B(8duF`wkSB|7RaK{EQbIo?un#0w3sQR zOzUn~HRVYP%jP51-2rj-hkyyR5y{!ku*@QF>&5VfR zueVV+eEaQC?1WNrzz}U|TKNLr{CpaR5N!+Pz<};L@i>NvC=(Wlkm_k`na=JcvFc3c z2m?U}2*9H+;3GuIwf(P8Z{p95H&raUw-0AI=uS@``eOqTIdO7MU2s* zF3@zynnilqZ$Iu4Lo;{V2k47&aUEcn@osG~hQ9c#8~_wt!gUzwN)J3z1`olOb!4#X z)1vzUVEk?3u)MX_K4Re!14YpR#=|jdmlz1*{AbkFdlMKi@o>7{un-XUz#pu~dxDBw zEMr_U&s*8u>)?c4wg_WYrv%1Ii$<>nn`r8$iUAte<(WdxCV*&4#`LSBz>UVSmQK+I zA-piP7?X2N?Xk1SFK_GW0zM;-RLbH&qlI+bxKQ5V48BA>Y|u?KrrDw83ro=~)L8$*Ah7M_F&sXl#^A02gXHV|^A` zJUJ5ZAOymtP@Ps{P!(m_S4cx&v14C2U=RurfIq$klaJ9=EugkC>9D^q<8&4COzILO zTy(l92jNLP?0-V12kzh*35vF~JrB$~o2t3z#=1P0D0?x4>m@Zll8*XPA`f<`SDIul zLJyF|K5%|n{b&?~p)|Ov2WYr3(-UO-Ic`t)T)nbc?L-|{EE9y(Zz9Gr(f71VmzQS= zMdLBHIf&hBU?$*^iE2qe))6Ck%@U7o$}Xwnb$euU=i&0C5HM6?^sdDGPBPJJ;LQs{ zk98?g(d5I{B_^Fbud3sKm^YWgGO^YKW&xzUJV{He<9llg5(5geXF}q3JT`;tj}yoF z^i6GWp{xdIOTGdcz?k2**lp&`RF4Fo$WO-x<_JKtQrlG}~%rxtvwVr7; zhG_4sT_VV7=K6LxWap$dX82pZi8o&(&D1T~EBl(j{Li0cV`{^|+ey*hTa<53|VUZag~M^3ZQ345TA%`L1OWW*b{T#v%xP zxjRb1YML3LFsc_k&WvhT5M?Tjg;rPc{^lj4=_W&l1C(w*xXrUm)6gbXnb9=|yr_p+ z4n&2gWnzRYFAX*8Y@QMPwpk7&j>Cg@NgF(qyA087FOGdPD2n9)YN1-4HCA3-r|S4j zbks@8@BZ&%jyxkxZoa9(Jo*z=c#aTOey#jpmA`i5$KlVsk3CHdm@s%-*T*$m+3M8YGwO&F$m00CBRDt)dv>Nf<^DPv$gxO|h0xXUg)*oXA*31)>o&oByl>Ag6BCUBD;#*9MxG-bnWaMFF0MNQ8)l1lBH7-b5 zys4uVJKQGy+|5=4SgB#TSMJCpay_CO^{|h0ILP>$e;z>PQv@RIvew)shzUR?+b(;- z>p7s#klyugW#|uR#k_@Xh;wBZ8!gZuZ7MTjR)kysI-1hX%MutiJZ&;~nV2d#gR%5# zYX(IH&^eknJpxS>Kisw>CkDJEsN-2ca@fa4BdrL4v!DikYd26gxyC5Va(RtOf8`70gMa90Z0C*tvS4%gy@zczganGA}=cBo@ zC;eI8{r3S*Ve}vJdYm9k&U?ERiQOe!Wa*#(_J-AKTM~ST>z3zqXx*`5}Rxk-n0_)#2ZIhbhz&56h;uT zObyM7Y6S%Osf4rzV<~pUVl@`%C@)&IYSPm_60r|2whm-#VdaNBjPH7U*%py1s@?yT z)8GQY{n@m}b=>6sL#5ky-|KtgZI9gbbzI*A+LTY=f}XZY3=zw`e{(b&!w^cm0Ih_7 zrIx(uQ^?3HeC#PI95ie5c zj%GIgi%A8Wjs#MxRunTE(j|bD>79Bf78m5_b0|L&oNvK6l>{d|?@S;_H6brMy%ZtB zJJl4_!0SSDcIlmexDF;g{}>r~_Z2FLgikEQA_gH3{y_M1 z45kTclaRh51O`H{(1jw)udq*wM73x%LDD(W7R0KkFGv|dW5OEQM85^tAOJ%4+2c%5 zDqqDl3FpE_4ZRnTZ^L>vO&wU$-|crloMSaYl?S5sjGlAf3w{NRxov+ zs?j0SXfk5*ax&xy&K`bZxLQx@SHdbf8#WHy7ATzn`u;g11tUhIGo!G|Ge<50Li2!{ zo`)?XhvG)HMxzxwUG#G3`C$BCfb9zp%vSg{T;fRc?cRH+XNG6PXRT-Y=MS&sfwB{y zG|^h&t6&5Sp>xt5zB`0EM4YEH2`7*rq7nY+5@TQv(-h$ovLRn1K|!PZa`_25j+Ht+ zL0Ve@M8Y1&5Jwcd7B^^OTMg~WoFb_&Sx!PsVelC>MorGDtJeL##^2QC3RWGDkUYN;;n=e_Hy*#n>`mh2vV8Cvn0)Eh`WmhzLweIHU1bH!Sif&MUT2u~hOb z4Oe1U*DGxnag9C{pPhUNzslHi-oqXfW;{0@X{~b}YHpIl3ad61xUIGTdAp z=Hj^^7f664Qu=TKXmY6q5uX)mWUos15JNxq0Ak0AzUqFBv@EuKu#&31wRE+Xv%t5I zw6LGBoAN6aovNCbnxdXQn8BT%ok5-%owl9u&6b?0nU|SdE}qZ76J8e*l=hGJi+HUJ ztcDyWna}Rph$Wq!m}MHS>^qM_8yi@o8ntMclrvsf=;P{b9J&vMw=uHrW?i(Ms)1$C~hiddv|*1OWYvfb0$Tc@+3o1#b2ol;1Xtlvt+gX4-UkdA(b>ZL+=K*uPzMp>z?p)lnI|$bNhQ zqb}mwjnf}o6Mq#qyp!lC`7r}s20e?Cn-cgLnUa^%UV%u;QI1*xch~cr#!F1P+Fp+pq*9!I**KnFU{Gyj8j)dZ@}-b_qyROu+EM#fB}d2 z$iZ#9^u)jCy>_>nR>pa@^jsFB<54&8v#9mA40GZAA!?$a>N8Ulg{6%958J`avc|IK zvbJU2hFRcH(q1Bp9qP)OZXXpbop%GdT|e+LWY^n0&Q03wRs%-0_H=5s&UHR%C}F5Y z?Nm)})@nAbMDTd;w7o8@snD_FaqVYYmjBL+hke#~`ySp)>g7x0%i>cO;dj1?oA?)n zn>tXPc%1?2CF<>b$ednLLrH~To?B5Kq+JYKB!Rxy{T|vlc^RMp@Ra&nPF%7}X>bx- zu>Wnvd*n@X-|=Z1KzS{%nw6J9XA_$0oZ7Fgto^8CtnDrTka1|^Y{mN!vB>y-xo)XM zo;HJlTa+i>-|W)nbnya3xc_(4j&pE^V+QKDWLAf>;YG-4#49$V!DYKk`*7LOvFZNs zi3UMMdb5>(-EQhh-QE$$yuz#1)zP5c^64JF8>hBC&x*~F){OIB;!&A%1HZjNb5FDL ziQU9%=Gyl)Z(o_G$1}$>^IA|Sw!aq zjjwFS2R*`L8^i139samO{t~|Guew*BFO{9yPBQCagD)2044})z*l78qW3hJqGUM?{Lp31u*rT?%8YJU!-g}^&ZlVV|g_0XP(EX?|Rp5@Ue zsxXWdpzRWV4AGecuUG;RaLO|ioPCwRk6;e9u%ylNN~#oBH!DkzaL7_cOi8&8f)22U z-Y9W!ax%Kx*_ns7sJVmuJ&<~_tAfBJ?krjOTRDBw{G9O-QScF_fF7Rx6aoS=!%|h# zMN>|e$JpMM!O+Cs$dtju)&U&YLO}3&@PNPCnz|U0c-Y$5IrDh%ll^N15BU2Zj~U5G z{x!tKnx9NlPLV{^-pQ1Noq>&kiA(^2goK38$;6CDSxn+T)4{*^$t+x49C#QR-QC?8 z+*ujyoy-}Txw*L+nOGQESm?nc=$$?7Tns(v?VQQ~P2^8HVy4cWXmiBfef6z5F zvUhdiCnNiV(O;i`uhZ1S^1qzyod2^e@CF(Gc*Drdz{L0$ZSYjSKc4a^T6&n;Xo^|d zn%X&oc?fW`a`OFa{Qr6LUylDXQ|rGoIoR0#cjo`R`Oi!~#y>XjKO6eDwEp!JEG_{A zKE}U9FMx0r;l&35Ap{{MCamfKd7OdhquRUp=AZoS8%#I-Hz5%?PI!{=01+_^rd={D zY4O?(WP>_w{obFm+C#%x+NxH)${{q`=dkaDsi~mYX{6BS&&$!OF`}=YgpWt+heC5j9u_C(E#`HB4YGPvkxfeABp-3$wKWaR)B%`d7 z*XuaEkbmqK4l7V*$fFGdsa_^0x{K#NpWyFYNMNi40wb0z+HjB?BdQeG-`HZY5dI-J zMLie>n%o;B=HFJ%f>zGUB}bnUy#CHehzfqjEVqKAVRfOfZczv{RQE{TWzj`UP7gH_tu7kB66|H&VL)IQhUsiVs%Xj0?N(TUxWH zDh6TIDwou!hu{xU61xAXD@E)uL8b(AwN63J&_Sl1?`o8~EL2ELVd6M739Ll$gJ!X* zCI3!-#ssR1sveMTEc`!3%nJ|G z^ZTj+$^T~51bWn-p-k#{l*W0e>pW8x~2>p+Y@%j<>A~sUuWo>|9Ok<hq;U%W^>>6^{Iw*n8Svj+aIaRDES^k8U=2Rw(3lkAfEcA(@q zr|;A=wFEajTya!h=MLo7RhlWeMXwU}q{@SD#U zUzTJcG?{VNa|*sr_rzS`rpRUWPEuoh-@OqON#=i4HGP+0MscUsw^8bHvcqGe;OUwn z)T5>(nQfc!{CDYQe?~7t5FJk9;XAk|Z_`CTxb0m%r5oZjLS)%jK@32%+m}i9 z{Tph1%)Y1!*M$SE{0B1DqoT%3*DviuT+zUC{X~Q(P~mm&Kd6ahyL~vH)x63xr)Y>z znQrY(`Ki?(FN@YNrD558R+5?7zwb~4pfVV4n68m#9X{SlFQ^};8cCbdXh#{*z}>H! znjN0%dHsF(@QLo9DmhBB5$(7qH7{*Pxm|lz4(PE`5gYMr>*dbUk_7J3m$7(x5oLAf zu%-LZFUyb9jM7bSdnH3UqywhlmdGqiju66P$1T+#KQTD(xyV<>6(hM>O81YUvUTV! z#(n+=vjB4_x6rhG-Cb(8hq9>=mJ+UEX-i(oWvwNGawhyTFcpq;y;Mp<3iI`J1BL0H z_QM0u)=*JXj0f#2d6o@@;CH$n3blrQaoW*8b~_O2<9<6cikCiJ$&yYQG7Me)@n# z6qV&ib1#|I?wds^S{I-_m|HTWxGQng_p`84D|-9b#kcU6cEOa(I!#69se3YV(^uYA zi(1-c>G8D4X;;D)raSs@2}OTQ9YJj*)fRqI%fD-?5ZsIf6yL@iQ~hfXajdT>GTXmOD*KD)ZT&bCj^*ffds(T3x2HEC4Di^E0 zA7P0)VzD>WGYDz2M?>30TlKL_`2By6z=|jE`+2j?`gwO{bL`Nlx?2oF&G^_@;?(p= zvxJ$79|dADu`K!Qif~D&&Ox%Nn84bdzo6>ISKUVha zrJGNiLSx|be~;gmGJBbKXs_zB%mj2s1K9S`%-4BXyXIO=i&AT{V|Z>x_dY7tM^yv( z>JkJ|dwA3Z_LVI6D%H|W)wV$0U+SRD6Av6qD&rouYNFcJ;0I)K;#kecHkRqvb9C;A zzDGo~U^LVDVnC@$lQ1%(uKTs%TDEzU(u8XyVpIOlHI;!*a(ac|d@WKllO>5wgZbpTXmXV3|-htCDti2G{Q3d}r zBem9FF+tHsuuY@FuY}~HZIK*o)chB9`Kz7ARvPEP*7(D+oYy>BJp&(F!o&k7ObwQf zKrAdQGFEHUTN7d-yHjRze-RPZS~<%Ql#^vL4vx7B7Hcn0w+wFoS3V~cB9=Ary6Jc} zuo47`21u%K`d_hY*GYGqCaK-j{Mxt{mPY%JfE|j_H;UW%dgtR+4$KKr6lmO>R@XKw zz0Op3nftZMP1^5ED~5I}frxCYAX(AAcN%>UapR@i)a5%v`?p0*Phdq&+1=w>pPkL8 z_q&U3dDaiVoyh6Yd>b{xz(^O9m6ctD`rPWEsHB8e*18DMR&fxONU!7I-P)Y0pV@#y zAmD@JDY&~0veWQZ0lNILUa^f9`t_fd+kFBC=0U1u803Fx*$foa34_9k#3-LM*z}K0 z_k~jO-p=k(mk+BY`?`5?d#!w#nd0vS>fWiPG>>o)fF!SnDpi5r;c2_26(&QR!y`^n zv?&O*>u0YQ-zo8n%*WD2`Q+>YQBe{ZJg$*|9=dI|IYT}B@`9xOvX}Jsw@%2siGe6C z@Tx#j5LwReolGF}LF5eVf2vB68qC6&5=Zo96Ew|8yOVUEW6cWP^p$4*0oYBcy#_oB z6+Efe8#(u1j}^16HXu5ua_bEyoN4fShBHQIS2KHUc865UF@7t2B;xm)Nk&=8FdI~)a}iILxwfRgmX7$d2`p7BQGrdcf zdWs?zj3Qiah_50Dlt6~o4rDU1O$hpPA2S$GuXu%^)n_}aE36+}zRfuAu9t_~QRN%l z6Xf!$sf|^77w1if8aI8U%b#enq%|BB+AF*=FEwH`_E6T5azt`I2bNca0aG&~r>|Ww zH3X7!x-)&$q7?)f;}T@a-#5pCSPuKFR8%pqc8lA!9w_B8wvL-V8mk$UxEPq; zt@{hEd2Az#t`dvhjC9$bUuJzaob&f%x_sSg@b5uKMUfcP{8L<3P z8ypuu@vB7AR)S+JXWd;jCk26{Vm8dZ#wE=@`Q9=gc7^3)>bIBAow-GWgJmyc=3^6i zQs|XAL*yV_T--gABacCWR)-g=k??kCVv|ydzV|hX&r`;YuL`(SKcsuD-}C@)Ytw@~ z_NI9hg%`7-{^Um{`RW=avVge#kEBe#k1lk2&9x%-T78yl1RZJ3_HXS7Rsej?UzBI>g2x|u zt>8MZ#J+FU9Yxam%Dh+bEcJ!dt8ZsUh_pDX0Y+moZZqHkFAmFDhP_vw-48Wplxk{r{TrYH*YHagpF9-q~p6xGR15h1~b0qoZrso>7{xA8auxf*a8oavN^3M6lZ+orx( ziTVW=#7xV=ZcFO9KT9iibg{yK;4pklr&%pidT`;f+^RogI)i)6l5TpJ=CtC>{q3H& z=s5*t*P zWcwX{ko96CWTq0{`$fIrv4dop@bzR}a%+rIuurW62T*chkM!^Wom|fnAE~u*-sf+; z1>NzBb-iz^e%VfJthRsRET54oDTB7F-E{gqO)1xb$&tj*(HLFUb7SAbc^SS%7Mv&0 z!6Ok15X|d30}Ka@=*14?qh};~Gm#@|cd00rI$gV6vp?3Y z)O6Mu@>5E=;6M3gAf8MB^30b<0jsfB8{-nmU<0|d-lRGW1wof{h>-)+@LNdx+#)x( zcp9w(aMGn!&g-nJfGD+KPd-+F=>}+!o;C%We*|YWn$u|eHA4=$^5mHuU!85Rx`d+%n=Jyl zqPSZsmzZp)?>MWtk6O&G=k_}}MybC;$~P9}X0F0SndFS`{nOojfVzdj`^6!4niI_B z|Jqtb$R8K+h>SMppQxUA}`ZQqk_S@3UQ0>RmCRZ46y2p*h zU@9R>!H)@`>KxMUB0bL>#$7&KI;6p4X0Wcb=Tq*(mXNG46N zr!ek-cT`!V@V9iu<0+*<9(>Fp@oOtP#o z^g}#@@ygK%y97$==((aRX4~y~UQb(AIz1R7r>oR12Glv5BL?_sd~Qh38GfeN zS!;2C2Jr12I9Gd}JRzc(_Em7zI;fQ8<{x2kUWu38MIAuRkF}a-Dv<|8rA~9%)fHcs zO=%XmB~M)~+AmhWn|iwIRnt?kY^IG=^SL_{{Q3=SE=#vdN)C1pUN-O*^&=^oT*Dd4 zFV9m}?3w*1Ij?W2Kg=>g7W;;7=SOxZ9vc%d%%mEREUyM+aPMN7bgjwdb&3`RHeaSW zJ{@!g&XGSbxgHmL@}rs z)|AJE&7jV8OYQX?Ir7`g;>vR#QKeko_<(at+8)(>wI#THG{sj~P{UdFA#x4k{Pm^k z^21AgLAmF(v^t?*qp{#;fd?G7ZT@GoFB)PzQD1wX{gqYhBoOgBU**|Be%>orv@v5@ zAKtoFEs~#zBU7s(akykHWBjpp_X<8IW`8Jxf@%$~n8h$iyeKU7@ni(14W8AXHx2Gv z(0Uo@HVq6ke+TJcOGXh0BWjyaCzNCQW=1TJqORS~zIXh~`3Q+aJ@j8ix-05@=Ju~x zgfLBU>W?O@lhg3h_W?)h{zkU1IqDIg9IM*%4j%Uk9Q=UgVQPysqv_-O9^j)fiS&*MaQIbQFt3E{h!M)yf>!hKHS)b5Hw>Zw1;$$X4gLzRC~g58a-)i|7>I0P zUqhXiYhOgpwFkhdRd<;Y?(>r^9HH+(ImZZ1cL&DpY|XZGs{}vyS%3z=D19$l#&Q`p zjnfWBp=}nd0QY7a3KAhpUv|~T)B4zj_17HPtg-eLro}b>lcRJ}hzB4mt?_Z&A7oxy zI?<*{E(+Lu0x_9ag1A{@1I zk2uyjmhDl(&;We-me{VXY_!_CNi8TLjO2U@H!LJcy$n!N0t1v6Vc^(;IrIXsv|;>-Tf zMS`jKX~Dgy{i-YybmgJpJG9jHp4xUP=HmCuv?h&$>2pvJl+AiGW=4xkxvbmZe=`c0 zK%tgll_w?UXB3oGs$faQ#qVrS&5=EOa)8#|sM9hy>bigQpS%WYsPy*^suF@Bb) zi)ENQp<$kH4NjaqBq?s;|8GSI_0bnaFGyMxjyBW+{?9=)79O0 zQ{LB2l2K%Wf`S`YjirjHfeCYi3o^R`r1j*+_iAa-K^GGzvpo~{`Ofe^&8T=q?ebwb$nXn zD|3hc$?MhRJBRiRad~fnlY@@V$)?8%ncSsY$M1)kcB_5d0`ZCwzKvtX{p613E>G&U zv{G@(uh>y{ys-mGt9bS{kT_iKNToY+(Z~|lDq_ZhV+ZyCh>qxHN?P=gTJ7xDwmk^| z-p^|v>h`Bo-gH{(;`64|uWT>f4~W;{9$ea=e`!25Bm_?qQ;YuRehJZ2WZRI|dnb?% zvY5uu@P6raC7d;-P;uNXapLO*u8eUe85Zi0(kqhB>ShOZIbm`SJTzlqNd2w}3D~z8pjQc)5yH>wEOO#1 z=SVDeS=BfIr$~wSSTOQg0>M7oWi`(8wDij2pTPX(C?f^NgZ^o z8Icnv`%@3T3E5J9t@mvd1T$3@|790t)QP6$n}sBn9j z!ho{x^IcT^O4ulBrj#s&??i3$Kx0(k@^yNFy%`~}&k0k#9VnY$MSS?`_)<5Q!RwCF zAGJFPuyZOq31-uU(;b4j2a``8H~p_;_`@8Y5Uiduhv9~1j35n5&zI&7&G^!01emVi z*pJEgrx$FwwP*Gjw#bE5bRU-huCzlun+CrueT*XHtxxxH#DW3G^#NdT?VE`sX2hY` zA2Nf3JO2*OFfk5il#=E?sFI2Q8C!t0D;&ZX+n0)+Dv9I0ZGLTryDeYHJk1CT806$G zHBlER#(zxj8%sNzp_x~4T-7lBU0vHdCxpO8KuM ztAo-6PQX@S0SPz>|6X4_T zQfGr1%!i=fTVKBNo(O2mGIs=8PK@7!-{wZa;A3A2}f4 zpW>h^N$|*4#Ha#(Kqg*t}ZV(9Jo3o zgn#^lWZ;L5ckn$uJ+Uz{0m;e9Lg5H%`Ub~@dXlT3YGgxREYmU-P@Qr28uiQdQp@+T z%1dJp)xT$<*%bken=%W!%?!p%E;S!Y3oj2nKlz}cZM-vfa&np|(O_h=n)#y6)%N|i z%tib!c<=+%tat#pV+sMG(y#~i69q+%-^=6dEQZ1j4R8MtiZV+L^N>?wif?(a>G6oC zX2CVLE(Jr(LHinB5zmm9mu56=)1_JpjoogItZj39T#9c#`K$OB5>C!}CPjQsJ381y z@kalAng2PtA`~dTxS_iwz7O53w^rG#%Y0tC>>5dq$r+UEDTm(8`iVpMY=Q|ApazLl zNNQgS&i+v+dGi$DiVj|3L<<~TLP7!#c@eg-Mjqn-PzCF8B*gg4w#JZEc1a{*-tp(% z5<5>YA}1}l<5wA}sz3;?mgO6(dukQf>qdc{lW(!4ixo3uW_XuE^Z(fHKS&0CMc;TD z!E4?7v3NVV9Vrs6v&y71=p+7{x`MK)Vi(V=i%B_n>I1fz^S0XJ&|O0LPH7=WqUX^6 zM_~-C9vo0ZV@mbW;U#{_+h$E_%|O}RtA5nR^shL@uWSox<%cnsS_UB}KJqFDAQajZ zY4i>}_)^U(C|Zs3(mt#&vwz#9NVYn9WwmR9?4tOZ5A4^uVl+jNldHkIPSCbjDiOyK zhz$&2XqMYc>s!8!q_Aq%TExb_mA9ONT)1CN`23z5bH*604cxRWGRYk}+Fx#UOiWET z7pjaUe8I2)t2(2MjEpE4h$1x(b{dEwePvr$Pa0lsayCyH+vo}&?*90X&IxRC$V`^! z?Px(fy_V<8;ozI*RJ%K>r!Sk^jfFrTVALg$q5q~*TBBVrbqYS5*oGX4e;R$Iv97YH z8>ObD&Z1zd8bb>W1T=y_2nRVB>0kr-@bJ(FGV0<`ZLnXD0)r+5=Hr>JM^Jb1obqSu z9fG%K>-IPaT`bDLK#=C?LRC*u2My9JvvFVJ4Un93#R1yy<;XxI#v3DHkJNb6DM6PT zC%D4mRH8~D=Y5Ue}c^!U>!IR;0Nbb`vku3d;J?#$; zf%IG@(|ajtgs5D4*f5pW$xQ{SCga&oHs-Vu6Rm zfSNc@I+B2IZCNATB^9sOl*2<*okJ-VTcgO5NP~lNH4_51Tzv}q-$$OOO|`oa(gmLB zGrfH&5Tt|Dj7F&n$>t~OO1i7IdYHqu+B~d>5Ivq=b_WJDLw3(P0N9xs(QUnZZq3A~ zd#ad>W5fAh1uny7fK;FS)MnA+`ebtc)P7J_K((ujLERADHWx1iXBa^2Bx`D3ED<`$ z%S*8*hef%JrvT3`$t*wjsHE}|DDb4t!oRv-309JVjz`@u5aE1IcnG4vr(W`+V_0N7 z6WMJ*bTp$ib(rT28#8m2ELLQ|qL67~t6EqN=x%>AjQDn35gGbW8Pc_fUqOf~<%OMv z^Fq$AsU{9s2urIPN$i#(DjOYTksVGq02{4V=;{{rNc6m?63!0@#;)I9j4hU?_3(q4 zh9u+LhS%3qQ;&N$|6xvVQ}bdodAa`CU_inc36B>to>HN&agvj4OZW5I8{KqUe!+GZ ze-&S1`fH`q*anBXan-I@U?^CNgqEov{sg39f*}+xcF|PVxCqG1O;M>+E}N_r3>8MF zZbrc^7G`=`+b)PZvs!AU!{CBo!4pCKazd9);Wjnk3dDwTg(a*L+)w0v%yH@KHfx&= z3cYliw;8x7`W#(UJ$@l1&~SM(Z(zLM?%QW^;5x5Y2y(hw%wDN6k4}qRS1K#5VNq1m z+B7-7Pz`JIzQa4=aomDgYOt?}^Syl79%|ot*a${-I4WyM1P(f`c}TOePEHRcj08?) zRc>~yZ`-(FguD9&xnuc9R&bc*)N1MEv6Te_Wc2&DM){&VF_s(rBB1jfsn!}N1E6{pRX?N3Wy1vg$2Dd_7a>YS=s5c^HRW@Qs$c9<$>4Lin191y2Rb zH*ompa?aCinISv;^>Hk~<8&4p$5DoFPw+VR_`#>vFv88X!Oy}anbQs4b@!K8m z3a81Z*Q6m{{5gbG@A`M+C<1NXxTl0qGzjBw-#cDGoDzPsc+u-#bvk;dCl6Rj?9w84 zw8P8B^I3WkZvhAR0nYgP5@FV%8;FPYB}ZPQHq$zd`}^}>uS> zPL9h_(g5Eq%)EZQkuF@5ofrqTR9mzmK;sg~!1nJ9>I(NXOKeP;1YXu?)bHcC|UV@ z;(pG2oB;H}Tqw8OqGW5)OpK5a7u15sz2$3H4l=TcMp} zNgHW7EEA4F#*~`CKDfmrQKdjb1xa-_`)hR3C467GWHb>7fztpt!LA#E48$jZ>p7DE zu&F62M^j@zN%Hk4NW&6O!LQ_CMB!XpfCfaMY(+fOoUi`iu~_0D zPc?y^f_z5l8}x(Z!OPskzydZvfb&-5c`^6iXj8Uy#Du&7LkDZD8zi@Au}DjJ;LEeI z5yg1^h+hJ*{FOpH-o1RaPu4TxTHk&@VV9b{h(m}zEZO1YHuXi@hw@jLc(ztUyN8XY zxpGu5kaP7L!|2iGM4`Wk^iqZgAvE*;DmRYiJ?F|CE0Mp!neG=v%K7cN`x2&Cdo2&Y zv6f_JKCJk&7Ra`@%D6SVo1H|%FWNi;(ZrG5Z^=QqSCr)R7eqE&cEIDlmmmDat)h)- zLr?uDgy$S8QX!I3dYhESf{}Bm2cj zfSmm@LG!En?WU(G<{i@wV&}~FMdjBCpTFe9_Ao?`bY1ywT{K)Ac-ZZ>S9^`>Ue(ie zmmqd@3V)jNI|}|)vpA3}2u*zQGbzxr!!})zP=@nZC>N#8!I(IeC#wzq%AD>S^Jeo* zpl|JZG|y1sWFpqy7S&BlBiqWOW{xsHp|cJ`BLR=!X;!3Q2I1Czba$nQ4&uDiX5|jsLoAsxZWsLt~&H>zVYiL&w&Nj9g@mt=cBR zb1x8ZjqX{>N2K<{2)nv>kG(#~8B`j|s3V(Il_2;7zF66D9ACn7%w9- za!y_-)oaGknT%S{lVXjksd~P7Ao14tGfxTBRtUhBe+2uZNP4k#z1b5Ia7M}a{5*M+ z-x}azlj;0kwLEii9YyEhhy|qtobU)J7`D;ZZ{DqWqw=xzN4;p(m@OVUlU01zSyc1) z#55qHxS1_>S54!vJ+#K+eq{6-tM2xKR(Vp}rQo1psgdf(bW zrVP7T?Clj?NP68u2B~7k(4X0Z68W1S2U_9fdy|1dRGK~RF&>~MX3{$}RHhXT{q$@< zJ#+a^dgSfuXd$Kw{)P8i=#&)n;}Dm>u_4FHb>DWuYlgdfv2?obyP(4dTRh&v`ReXi zVvD-QBA0O%6+)H1{ePCB1Yw^o^~ z#o;?6E?r0W-|q`_L(B9Vt#2h&A-%*nUOTVMj3^3qFraRMc!~S5I|z^Cs#aF{&%xbH z{GpLZPVUGDp(V4w|VPp7^KtA6Di55pXL{SW(+BfY#HJj zPKZhK#_6&NSd*SyuMTO`8|{e;ZA|{?ZUl4^!#kH@jCSH*#Qp-DNIwLH#H)_;FAC9h z2;o1O5hfnV9~`o@RCYYNnQ9djKZy+gqQN-aP^~k=?H^^K)yp?7thju49QIr4OXmsb z6v_km)vw_OoOAfGhg=cxOS|{7FU;Dn>8`3w6MCrhbVfMflH^mE0}_vd1=U&9rH@@a zACP@CWm4<$0!K0m9TM}T%8V-w`)Oo7Z>?S0t66#U7LnUpxHXcaWaavMig~h)j@J^S zlV{v^$;~Nis^V4cY*b!_wo7}OHsYBPyqpBv$-J$v(JkenXQ|3@A6EsCJUnPofC(F4 z_pqwFiM#4T0}o3poX_y7&w1+4#wf|_ev%GqLsy&~s}{U%mQ6cwKF~%_7wLG=fQzdE zro;NZt*cL#H-~)352zG<^YpBW#Uj^DLm*wdaUbc|_m4QRpqlWt=&_y6E;V)eBmz~mrt9044`&ci`nQ@6*Gy{Ml9kU$ZDKzUW+GWz{GBN-$LysNmNp3 z&Msz#QtgF~Pwnmp1jGn%Xh!^YGaQYr*6@CPy2{9X1cNUjfD_X>nr{Y6*NCq7a+gZoKMy4PW+)Sg<{+GMrXFUZ|a0SW}Sd zKRY{6d2P=F%{jvG4#3KuBo}?6T1b*2clcqky^Bu9d@7eM;eaNoq$-jnG(=82cigRK zpWBT5{!lt&a=~_jmH_#Qds^m}UK9oZs`lQfDvV8Vc(+tv_}#P0gs>uK^ldC>fO{}U z)(G=_ftV=jdgHpB%Y_iJJYCn&kZPMo8%Yu#VAL)q0d9a!zQ?GQw+L_CviWK0R!)g$ zRwcLc#4M=-z#bKWUHqkiLcEVRNyj+h!zb2&8@bM(5LD5=6iLY2Fg4@2lsNVK=v!E< zZe|&uiBZ*ss6EO+#}=(T0rr2 zSmtk?IwWRpg-&^Q?U(yl`n^ZVP9Br^v1|LO$SS;8J(hKW1VxYP`tjC=z8FTZTt^}} z!gumBh=}1#J{MHNxt%?i@l02^xm2x`5L>ZxZ8`l^%vLauZ`zYmV&4r?<8vYQ49m;BWB5$Nps#nDXp` z*(lK;)L)HCH1#NHuSYagkTaajVWFQIp;wEj5*h_=yIBujmRJeuvdkE^c15nh#scCy z__=cs9^L-o-X=cVo81 z4*zD~C$|Q_BQ$xH^)F>3R3QC1aZI-k|N3KX*=;iyg%0>(4g0Pfs6tXpitX4U=Mr`sQH}r+3R)-$k&(0qvVTcorUVV4=5+=KSub75F%M6sP8KLpuw;W zpL#Q$`nK;3T*RGH#m=1)f74u}@tDO%6Dba>Ei;Gh>Nih+vYta%yj_AjR%1M;ebP74 z6a&dZowsiamSXOs)g8G8k0xIi1euET_;JW{Cnp=jv6QD)cdo@`b?S*)>dSxGhvgfx z^K5S#YUD`Oz$ohgxSf*>j~L4BxlYp+ermFe)j|!u=T|T~Et~uv{x&U5zS7&$vKjC&6%uW*iuIo?p)!wKyqQJse5ZbJw!pp1< zCIU2Yc;62hhp98UZ&<|>m4NFjPPx?~qkmKgHiL2m_C!=$-(=Yvot=r5| z!1=)B!TtPCBs$-;QVBP-A2^SljGe_{x)RYfnB{k$D`wUuM~lw|Xt0$Ugk^4rR)E({ zNs;l)Ux@wj_ukg1{cOf~9z(5o$v>`n;h>azW1|+X{;5J4%XY?$ zL+aWfR*67HeL3?Ko-q@OJvWjhXM4nxx3YJ+SCov<{^a;}i$)(#R^`PUaSz_-V40@# z8Uq2SA z>K3%<+T8hkT!>ql{prh&pX*7FRtm9i%U-HRI!hd$R|pPv!N_8?PEE${G;aa!Flux6 zj`(#akbjxv(xi8r)O8}`x8pOvjW&Ch`m`x_;MhU#q#*Z4il>JGq&2~Mszald>5g_~J0Qglqy{;FQC{-So44a?Fy4>}zgkuBA2 zn%W-f)@8)6(Q7{cHqn{xMd=ELDC^%nfXo?8=F9bP_&h4LbV&uwMv@U&^qB0|`1tXb zD#_9PefFy;4cGBUZzv20{^o<--J%7R+a15unm z&GD0z&KAV`&qQWUoH>c|XLC zrs65`K3uWdcf8aq!B(txPy0bT+Ah^TVD66RpCH-tQT{*XzB{bxW@%JGL`6YFq=Slz zh&1UP8&yC-dKIMC5JHEDynsj(m0pz+>C$@wQlfMSy#)vmB9H(9LJH)@_ndRT^FH5m z|G)p`m))J+ncbb4-6@M{iyD4VFU%LtV*G1*3Pp>kxWFB(QyiLFCPCgBfQm`QC=BVZ z0eYWNMZLB46u%_a>|)~Zg=p;|$JwHw3L}9R6~B!`A3NszLX`YA-k4Nayuz;!E_p-t z>~*XJXg7q}5C$MJ67!jrd*H#baG6fRbMH$cqB4v1O6a8kwqNqM={r9;pgM=x1!nbe z1sY9Z0x|(;=6pc#jF7?B9*^tm`?CqciU|+Z#Mze*rd8|xmOn4u_+<$D`XRw6>q^@p z#6H$3mfcj2?}54smMeJad8ZF(_!)U#@ABBYh24(m8c(Bd;zEs{k9wo^j-pLYd$C!* z^~~}gN$V2)uqZX--pbQ0bp7xRa8%Bk$Xg-Iw~fA0giiZUgjd9@#`QByLNhZ8xnpKt z?z}Bcq*9KWg{2bu;3yNtmVtZauW1I={+F-T@LJz4h}b41`dZOUGhzFm59EhJK~3 zrN^LY<`$t>dS1Og*LOEXfOoKzy*X3HO;>pd)tMZV;I0anQ)1>pj2EE9;0g5Pg2&ms zcJ*tVAN>DirB$~(^H%aBw;9vDbuUEmB~h^z*^i|fI)hMEH#c^t0^?r_<=*#clkEiQ ze`!V7{*m3QpRyL8aWYltJkzHoBQxqSZX1@wp#5m$+(iK_WmRj#?OVcaIrW%amB{fO ztq0E+5~99usB7Mf9Ivyme)hDozFz6H0827pBO{#0vp(fbo#nqzb{)61J8Ugu4`yb# zlk`(YsOV&P=K9s^;927g<&)3i|0^KyTtudR{saFPj(dN7eyk^LXdJ_p3hSUun1W($ zb44X_i z%hw8;P|v3sN*(hM!otGIC9sL_EQLD%VWKpfg_Xyd!1vJJ2_<* zcDy-F?}N~jGyV{F-S5n_y2|5T4EFXq%7KT?NmVN3+hOx60x=O>>_j6Pcep z{i~ACu;yP>`78PqPjO>=h8^eEqSx`c=!(x54fhh{dCGK#RD0BdU2I*r1&c03=)QR~ zkG7#xBHqM&b_`>$$Ty11p#gDt%4MOVl z-=yu_{+|_#$Ls#zFjqV;P!cc+A^unFQB>im0vWHeVJ12mVAj%$-kRs#oW$a{n^_F8+t4| zv^2n_^HmgT36AHKJf(fwLZl}{S0bES!U4}f)l4!qULdJ9X}DuLXA1Y}Ke+%z z9$BIokx%R~4cFv%5v=2vlp;SGW|DYp7)vUCUMM1eGWaQ>0x0EVebsZc{94{O&hl&i z#^rF(f_Xnw$+vN7FvHs}jM@BPbr$Kvc;dW&{nitU(ln;H0DH<2$L`TUbJNW?$Hv*j z8^zE1)k#KDl6O)r+#Ax=f5rLniZXCjb{HZH#<&5Wk^Lw*Z>+i->R!uAs?j+&7n)|` zxK_Q}C6`Sz#$QbSl9?ofKZ#Y~n#%$8*1`D*$jFBaANyvPBrg|+;i^Mz*+S(_LPhUg zZZBQ%j;MRNR?)JVQaTETaptvCcuja2z8+QGu>PQ*y=2Qo`oj4ZBEa>$B*vl#?)#i` zCO%$!n4>8>L07_I{lO|%LgGW*D+dWTGj3%Y8(#B3|FM^=3p?`biS1t>nTn7@y3y32 z2l~IB$(;PO0dbeVjC}Q;+m*ev_S(z6>jvM;79a*$!S4iqR`5x4xB!{L8i>c!`S5rA&=MW&+=4jU0m(N4L-#=6z`r#q_@02B z{au%~-6ytW*0JwC-J`aFZ~R~R#jplqGqOge4_<%WAA#qSRoZk|ILi|w#^z-LDHw&j zIxVMBLMIm!beQcXL~12He_V^tJE3clsq~Q^x9I$EfyJ&`Q6kz0udMs}0M8eXpcm z%6QjYFzddzXLnc%v+sMmz42gGHNLfy{lZ~*g53H*FKGd?`4!k^xjC$4EqeO2P6WR&U9z zb)tUSax%X-jlbj5e%H=84=|Z~{A~qO*_LXpm|kIhj(QOeSc3YUIhI=~%vR+dDHQ_y zQRb(|m1q7ggN>1kWv&$4xOGbPIz4E$n~QUH5wEWPoRCH&nf0K3pOXzEFO<;%3(g)) z!ixtoWteEr?fWn0N>bC)T`CNEFR|p?Ou+<#i+2p{46G)k1yIiX(UJDON%jC{6H%+T zRII}LXzhjFINM8)$u*dl%v&T6;YBJXBs=!KCUrT$u7lk~?tG6~sbDLWwXK(#=;}~NVe{3Fx@?YDIH~JYU zcG^5fM*_1Q+5%WsMt27Bz;`Ystn)&?=Y2)-b1|S#`CQ2@MxUoz(K`rS^)yc$Hn5F) z;W{)bqls0#zc_v>;9~pNtvkDB>lz*w+VQ;AP2n4!(pS>dZ!3NubsmbE-tW1y=V z0WW8NXlZ$u>e@!xGvDU|D2>fWPw4JW+Ue7Dp-;(`na=cI(y0?uQ#3`Ymco8 z`MN(Xd;iEqz^f(X?m3o0zy6+&jZ@2+qk&=LM^H@nCor4l|QT zMTrX19&rx?=HKUPe`y`rG}0E4+HM5gOE?+Gh=toS!Q){1B2q8$jg+j5FPEU`Tuod0 z%O9luZ)T#vk`Bvm^NYYU_h7hK@#Y^}prfg_q-5Zo3)YN_iI(IBxx|e3=%MzzN9jYq zWUYPdyL>&0{Xu+zBGCjrQ2kUyxr_h`Y3p@%TXdg)A9xX)@%Ez?3;aFYJsO{`oI7$& zXfixr&>Gh%7+HRa-I?Vc6^T4H$;^u)Ag$lwT*p6<7ga*#!oLNGM*E{S&54rEpd2ZA z@so=RLT?({V^$8oEc8{1=JqE5U^X*b;z}3b4HZA$7Eya%)b$KD+C=`)%h-5OL*WIs z`X_yLZ{&Wz?{m^T#U6dALjE!RxX66}6p$&nknr?g-mn-N!wGbllsHfCO}tGi?zQj# zIAhiu1Pf)VdL@tLo2cE&mUv$%bV9vFUw_QUw)>Z&>_@|$v}>%KatHKV_j%uVRhz(H zh)|jm!_SRHBhHDYy^I&_=ddS|RNg(?PO?-St9l%d?<{$dlti7@S_?2B{y6DK=oPTU2DK*PNQ3`Nnery!Tqa@5GtT^-Kwz-s_6Uu_2HueVcc*q*TR@r*GTTZk^_*J zNX^=G%nSM^;=B-Yw6b5%DRsT)e3Lv6t{pE^*&cA!FuQd?IE{Ma_6{x1Oi)!7>M@zD zfHhcq*gg!}^0hJ2(C_a4Qi;qed=Xe}{8(Aq@wAEKLC@epz{@tA>mggJ_{rJoU!dw& zGr@j*1nILyf2AydUs6Qxs<8}zw#GjrbXDTtIltSY?AywRc-++(Y0p^;^E#3&4<-wC zpLj?wL@KbXhPEui8U<4;vqHtcOgOht8z>2;Q*f{7mpq;O3J&0hb~upgtoY;*atT8YMtZfuu z|G3y?j^C3Xu<<_^MgqyKFhct}l%$*sHuj|b5(a;43A632#_^20+JU=ses;vGfuA&T zt|nG=9SKWS7kSCehvE-@TFNpS3^~(Zkgqua-VbrUmFa z59!zWQo;C7r4&%Q1V~oDp6A`NTtIINgSh?Po`+bkcbXp4tsF&NIVFyv<&E<;GrP*n z{7NycXU8EJ=<>#sxtyy*3c*87<_f_pbiY4fOKL&MIgo{gl1vOn5f_;uKHSrLKl3d5 z?o&VV>A=?>wkQq4(ILB8b(y+rL7g4TgKOZJn`wotdhfFEE6=jGGou$pnOtvST?giR z$@y1RfnvY9-p8}s%_%9@sDAv|^i*^NyLad^(M|lGUw&FXny83?rH#Mt@yzt$c_;sP&}%-*vMeqEaz=tK&Xwo%KvI04$PUGdWlpFi!_ z%rZsm(>T1by2=jABuF<;=#~s&&rzyPP8;K)uQKR-uVA!G@y(QZSh>=SQZ#WI=omec z-pBFlk`UhmIdIz7V>B9yhs>j|sW95xHMW>3123dHDwQX(&$&m}<}%be3)Z@t`ssSO zd=}UOyX9ew-gs{MyhatBH>$P=^ID_Fd|uB;Kg((7ENc{yteLS!zpqW>$p&VQ$++1$ zZ<#66qik$Y^TRfM6LYT{VSXwqR&DO*t>rkDT>2NA6hzO~LfYRkaM><@_D^iKZWU5y zne}Wy=h;9ln+m(%rGBGNxA*rPB5pY<8o(YlX2leMA6OR@tHjE{f9Jn=bY<}Px~Vw7 za7AC`ti}wbDiG(CnaH8ZqBSpI^Q2KAq8Vs=gFdCcJh8xV%e;XO*(xS)xvm<^6$g_J z&r-}e=0!L;ok}>CGYs;ovfzw;+bffEe1dRE9l#g8{;a5Jk|RR#oil@DLP!En)m{*J z(90OExY1jpgMlv2;2elQM_6nI-v6r+b(6Ib%rIyXbl$u&Y?+wpGWhGrddH_S#)b~_whe9dzA!kPBAD4AneP{3=kiC)DQg5ML$_A zH<#L)uBO*b6Dyj64|VVoAY*om=xexz-)+VF0kGmH#rr)HEu+VN`0!2SgX|x_;~mqb zoMkMm5InJxufCH-zeCqEuzGd)Z?4MLOgtkGe`8eT;>G+!pxs*r{w*U4I}?^nJIBpu z{RH#~k7Nl*6WFfflxD@HHFV8FyJ~ypgN&^=kM$%%2L`{voF$9n!N{N_?67|OIZ&7Q z4^@WwB3hyXl6AB-zpN%STj9K|TTw9raYq)yD}CEuMMX1D8O1t6e=ArgN2kEiz#oo%tv=T%V?n*j#7t88aL{-1D@rn(kJln1l$?_D6qS_CGbMN zfhSuke@qg^buc8-POnpcjqilJN-rn!Ef0TpnM01CX(DPUuS#rcKmSFe%l_6PO%m7l z%3E$Cr~_TE{cNr!enoJ6SQNbylK6S$OB#OX0C~lSD=a)(;CrJhf1-OY+WzoJet+AL zLs#x;0N3AG-F9BXc zx@K6ROt!Urhh{7aat`_|^?RF2yQ%|n@J%FqRf5n0eWly`YLv4*Xi}8(^(PkTz8aq> zd^(RKFHq&VoICHe@Qhe!!NzpCmnMtmorElt!y(DD|A1`U~8{2tBJO*0YMn1Qu@2zo{DvOmJd&{d6P<4$p>f&JUWYc}uEPbHzCK z9!j_PdSeNl0s+ zSWr=*W6?Xl;Gtg%^jL}WTUawXm}P!v`1ul z91g!IoG-#B(-AeW9L_uHpx3fo-cNMRYo|K0dX0o<#c$qJ;n5pTL07tCtmH?F+^w;DgzzJK{%f#L5jRlOw=a6NRElP7&_Rip z`SPT4eNLEJHs01c2))vCQk@Nu_X6rYlf75b5nGsw4$dl&bu9Xd`+mc$!9#5<`jU(W zg3nx6*#_?IpAnx5Yc_#P9nNBSvri! zX`_fGd_SQnHkxs=@->V2&?>dN(PwKmE=U)0RAMLjRa!xCQ8;h(m-2(Hj~BUPCU4K+ z?`=u*D9DW@txZ?zE!`FV5iuxW|2tkNnUW?q@;e5HnJQOW=^v`q>K=&*Kk61Ph;rVD zB^Z0=oV~^LF=XTtAUe~p{|?IOzF@0}>#DpQ{Q>V_s*We0_veQJ)~oO@)=X&j?#>sP ze+|U3j^dp{k8xo8&NPo}%~oR)Y0HmAlVZi>-rj8%v-W{zOT|2rY{I4Pm88(_%;7)9 z@>X)RQ9H~<4LFr64&gFQhHCa|{E7KlAMm{@I(Ut=8&OMb6dxn$LWoD))KxA-yM~QG zq&anNTx$*}e=%+J(k1kAn}pYmUkEGI`04bczEkoSl9oG?vZ{U7>DrD~%_)vpGrfMU z`*ZA-SMjP^E;)~2V^1|iRe`eXzvmgzE^R-4jB2?9ujBy}$~U-sf;5F^r@zf%S5?|V zq}`W|DCrTXgnH|*1PR|2_jiw6ME@sY(=&#k{~yp9iXdQfkOdm?W=0NkA{%a*FA3YbD_5c}`zX>#kVBq<68vy|s_;vj+y@eXr)+HP|@e zua%~nt1gr|QC*^B;WuNW$s4~lD+}q+dz-v~Vr^zg;e-C*%ai4N3licT*sgty@SJad z&GU|Ma1?m|V)5=mY=2Lo+S54CTLsfE174R^`aKDCbm2RBRSVemD)AclaYe!}9>4tR zP%#T{V7xNX=nag?!agO(X9VtrKPW6Q#sn-xCet73SB(>$pb+4seEDI)n^2iw`C=+f zvGO6DBGCE7cl?c<8l}g8)p_SB7nojbN!`tpJ0SItZL5s8_?&U3z@t0p$Afdh*`m5e z5g}FLJwFmy13g?Gx9z`(Kxi4q-pO-@evi07;^Qg5`0^98=E4xj=?X%h%;)vC!7sG( z2z$NP-^a#X*_y3FK1g-y($UV#RD5IR&^c(35U>B#u2yhV7s4A`S#%AK*E*RV&;Lwnu2gZjYN~f;z-V!B_nv1ezzhc$K3vc*H@u3!^nKIf z^@%93K{C;1)UcwSESldLo26`xe;J-uHLSDTuM>+V&u{3+qlCJ>=WCd3#=rmi0@!dqr_um(m6C34-rd7W>lhC-pS-}% z2K-W|1!+4M7Z}Bv@sfYverB;j)Ii+_6(4^mkBB-muPYND%(m^G`xsv=(={Sw(`jeX zzTI(R-Fs8bXh^n`C#kU6wzjW~z&V>t%Yfo+fRbzM{_0>aKRecH7)RCZ4YN5P9^g(N z9M4QyJN_hZW2Pfm@nYjy0S^mu>=Z84;x9f0c7ZCTjfKG^m{{lF>(5VmWeWm2&c0e% zy%L{OL#KHG&MowC)L_l%TU-*~7rtJnuf9R@-?k&AqCsEBrU^slQ({bM*6IDXhSbfN z{PgIqmCwIZs^okl5v=L|JI-Cwj*=sV<36t~ zT>RT5Y8h#&z(k3|L8#n##_J(4kJUsmoZeE4?>PV+fnqouA&mia!;9g+2u|hCBd(z{H z{U@#I)Uy2)?^@UouQ2{9W^w0h{J&D2C6Ats4&%ls3*&|mBXXys!H4fxiOulKGxtx^ zP6#3}gIw#Zf)M+a`R2OkfnwqFhqs*uf>>R&YrPC(Qvf$c(p^)Y%Arm5OzakhLJP+( zcqE@!k&HHo|B(=#Jo{CckQ35VnH?*IC3#m5zYp*G@`Ngo$ccPf6kzBaZut7@Ngucm zLfK0QAZmE}4&oindqmo6J>xxAo5T(m3)7Ke(uYEgFm)vhp+Tk3L_CRPi;R)fEiVbn4FTt zV%LJ|kq>T<53}GUOObdDM13DA6M`g^8uo|Hk>|hPx(K^*);nyM{X;vKwHJ6Oko_kF zS+sXgIl6DiQ5-h6%}C(}GS2Ikg$Q)4uT{Mo8ppWo{+1dtSLD})9kH$EjNhAvzjz5x zJ|+XU%*1?wwYxKK2?-W+vPlm;>@{0n;na3aFh_LCnh8FQsC6uo6Qh#cERSk2m z--qOw)%YkaDD1fu`l9E62su5wpExc*9Sq)$eAL!dcv-saQcx7f z_stH4$7uQo_6i0LHLnK6<^h-cH&kSW92ghIN8dgYsJvd!@1j4|P+T#Kc(d<3{n7H> zibLzpqH>L$^w~D*wYG+idX~whygF`!u@Bf;Rf(yM$8CS{pSijX&vhVPZ|z;ZnJgRa zb*=#xNtN^F+j9-}Y1EjL3>iZN3dMPKgfDhUPy{XO3eYPG)87?%diH(n1}Wf=tm+yf zDZOy^q#AMa9PP7CoQYwutEgUsUi}u9x_(Gvvm>sm_Z6eLH8CSy#Y@?#LdC<)VKCN7 zJTE?=A)wPpD(|k;^Jb8?+~PyH3v=-?K+Jy>3L3fER1U&R#14Hq46t(Fg7x9ZE}0*v zqKet?cTdek)u~vyXYaW#Drn5T$XL*`0 zZph&CAh&dZoKSYYvMkB9wYBNg`b+(`xo<8iUL$6kz_SlPL%*6`dXPIbE&VFT*iE4K zVE!|e4_fF-&t|WSZCm1snm2z*7-!*=?W8MPkI!CpYj zm%{~XfuyZsQ?bviMPom`=h+BjdNXNKckF(p@?KTq{W(1IE)4@ZMFMmhE5E0i-@sWl z8!cKaH;zgohv98yiN1pSbUM03pmgQnpgQOt0y*q|6`RwT%CAdJPs0*B_AQ;ndQTcVu$iV`ZplS7lIQi+$hY?% ztlI%huAC)k`K-(2iKh~fvasE2=o)xPSa6vA*mQMzD^?=&R=sAL2qyP4e*!T?6tubj z^vW{X9B||Il2x5EUJ0>rO|SV@JTLX)U?(~&A~&6Kr1dNaaQ4o9|6+*R(Z#cz0z2{D z@3ak;H>3~}j&wZ6ek`M8G0H=*+=qCx6Uj~4br#MBce-{p5`QsFf>(0?^Czd$=Iq)_ z_ty7w8auSZsA?er^p2(=f#{Q}QLRX6(xWSnLO1Bm>0Y0frQ>0H`hTh{^LxgNo zxTNP5nA3#5kqzm0r82Bd8ms%ePUPrz0zw&5HoWRMv#sl56%s`!dFQX5n5avsJu&xh z{iXiqmaf*Lcntw>T!`~)TQDT}sN*8-3=V&T4n zutX#=#nwX>Yt2KYOnH}jSRP9HhZB&$KJgt4odRkZOJ*vcw5RRr?n(X7g%QJ%UwQNHg?Ml zAdFNJ%JT|Zu#4-hnzxz>00z_(!NjCvH%hC(wjK`cfiVn@+Rvl3f?2^wGst)(B@L5% z6j665q?Q7mbqR97w4wOPevXH|;45m>J(zdsU32JZRTyNOgE}Zm4{l4?t3|j>QN*cx zIipRFO7YO>HdSPVi=_<5MtIJRWk%`9!azurMAiV^HUYA|mhk(|Q~MBqC2 zGi?PgVTHop&Hvoxb{YSe6S56QO@X0u;b@j{q4v+|;oiuD0MvnacmWaKl}&(GL68fu z%KraFj|xuCS|{`O6Zosl(|8PWw!CQC-6amoj3%r3(0?^ z;!BM2)+RWeXjA&|A*g_pDkY6Jnv(=vjYm!G7{AMi*-Xz=TPtD1h_tBUhjr#6kOy5P zlZq@hH6jMgkEE_4`2)Rl8hMa4cWi>ZNPl?`>)dd~Bf{|2hF3G`M?-t+SU;>A9P?@2 zPWLP?8&5l!pyccqPS@^v_c)&{uOHQ`9i{Cq>Yhk=@#3A2SJGR{ z4dkFQMVSzp{n|xW+mh`8-4!9VI@ zis??-(*mBKM2D-+s&M#`a;D~uh~Oh+TMl(dPcG9s6g1zkLyfHxZi8U!i~=9^K*bj264_5cuyHKcJdc(ZBFlxGo4J>KPk z?ea{Np8t%9@m%FOL_ppa#R&@J|3?^7p^BEyOq| z#nafY=Yn{ZAQ1LN>EzgUAPxgR>~U9<=MI>c7xc2usyr+=dmR&GfE!;V(ytk2Q3beGWtms*S{{w8s%p|P3-*3*H|7&Rd z+UFv_fq8TZG2L646?Woo8_!b6BH|kU?L{qz=GgpCnu2S(tWj8ZJclv#93IFJ9BM@Q zyJ}uaDiQJ@TB{P}+GcyDRKWwVVJinqm7aqGA@ zyTesOFsVCQo40XX+Yqb zDXq7uek^z{bU2<>H}hxUT2&tLcO26S?s&XDfkS{Kdra8x)JAHVZc{ziO2dMY#x3>= zGRN@==@xw9CpzHXPXWL2twaTtkJ!audH%VI0_Y*GQ8K`f=3(JS3;Q8`al_9!^Ugtb zv;D6#AMm}8q5h8TH6Ckwak4mm<@@^5K3;rr#!AiybO56i=t&-DVr(x%*yjOt$djV4@WJ-BjyNwwX+Kd86fBlL zGOS-j4<`qBL7*@F)rRb2(A%h^nby^hy4Yuoi^=@N9A+ZPGrZ6?UvSULv|@OTa?h@$ zN-T}k>mEh#snfh#(n7RYQMXAg3xfFCq!}$DzqxKO#J|YOwicoJud*vlE9ZW0R5|(V zEyr{03Ke275R$q??!sB~-eokxH9&|;c;D~M#DwErG*UrseQ-WSb>G#3QnnxVO$h-} zTfYnH%&u$_2@6w2@W z{I<`Czye9}uJ&2}G2JX> zjodnZ9_j=_)u8O;6pwTJVU`+{qXZx-a@cA}mn#U2ppTYw{hRB@%G+`e7wo;n_XR!*k(> z8k~uHQrI+-CJlBh;Z; zBFCav^4h(fl<|E7^0P3xgHjQO{J|kU*S2+_bW8DYLYY{&l4=-vE*X~NRCiQ&7E;J` zX2>@}u-X9;SM5Mm8VwuzVFn`h2v#Zcr;YrY#i=`!!Y^mp%=6<4`;(Huy-}kfETIJAB&6(z`M-&wv+*jn?vMSJ_^vV85C7RXjY7koW&1|zQG zE1{aXcyfdFy84m_NBY*o(z&qVLoOQxUcA$ZSrtq`k>L~lHG@su?zADErmJV=GnhrjsdaZi^N}{lsJ=Vbe6-u!2tYEdMoqkYf&^kXh&Me~;x&hbzZVQ^DK+ zLHS=8J!d-o&`mV@q0qnR@NYD)Go3RWr2j|FZwYU%*ULWsBKU8L{j276Eg8mtw9J>K zdpkaRF)HyNUB9_L!TV2o&;Fse)K$et|DgBVm%x8~pK%ksu2nJkeB;l&{ZBu%!Tsa= z^8ZhR^An^k%q_O*MsHhQT4sI{iS!i)qi)gr^!~x%c}RpSqWGzSfx-UaVei&Vtvk|| z@0R*f_xW>%2H8a_tl!$zne_v3i+oZ}1Mg@LXUOL6;{{F|6+bHpLxMj1S+PU>5f1P~ z8Jj1f!depa zWn;9*KCb2GRu_Cj(J+t?Vc6S-5*6;NrLCc*V^2l=61}dKGmqNbI`<^}K*9E*b+d2L zT<{>{p9zz9VAz|Opjf5mA@+b-Pu_H_vR^LLU#tc>o#Cb0{(+c&pN^;?s@B+?sc5b-9(0*g__`LK z>(}UxLe`(QQlHc=z4+Jm`J{bat#J)4{|6SWN=`QFclkN#Gkb*mmiKNC{w&Up*K9wB zJ&6kXH`VQYFPt+JLN_Uj&|Qi+IXU@>jJ)?Ze~9>X>qFk$9x(gQ(67>lJ_G=noH@&| z7xPT(&!E-q9-I&K%6e9Su{sw|D^HYu@%SGL7@|#^lFTK()c;{Mv>DW(b*Gv6?Vl_J zaqGI4irx;h?mqwsGMp(9)EocDZt8Hoa=9?~PGHRK|Kb#x!+d>&ky`zYeX_4}WX1$^4DNf4cL@q;WRL`NdcN;9z!z>V%*7{;uhx$dDTXvYiJ~ z38*4cw{NPcvM(Tl?Ry6n-w7Mt*=|;pq=OjKZZ(duW!`e(i_jzB)PpfR(s-bV(s z-y=;u0khI_&FL4;=%=Wk1obyg>i(}fp)94Ap@V1WAo|yj+k$X}5|sZRi4(7>{y~xd zw&y=d`I*MD49?d^{&Ow@X;eeK7>oYL1nbAXxqk3jLg}Au>;DDzC^ypR$JTY)=;Rsb z`mgmsrgC}k&V>$qTS<^9@5B(=>kfoHb^y}g{<}bs=KKkKPCwLH|L{aa1xj{sM>Rxg zqM%gLb`vDq)-mjUiv)BB5$8ZEtAfLEb2iq%AN{6P*4G5ggY=&bhhR68G@KJl=N zASr}xbM@+G@h=K*QwdG^mpJixPg|xC&iQ2;#e5!|@uJ3xtb9sCZ}{D{KF(zT^vBH^ z%ok^u(P-bmCuO#!;U1xw>et|c80s2ktWRS!59R%1#M0bzP zJ3TZ2)v{UTa^;fkjx_+F=1DWZ;C*UIf>p1E?`VWpRMc9~sqlC!Jqf43&fZzG2U# zVM#xW22a)F?B)qO{eWSq7}Q~wSiBPL<&|sVmb`h^t)i;!s`dlW^>99YasIkZx6)zE zb15D?wKME9UH};P<*b0Y?Bx-{z%!umO6~BaiZXDCl8NY6Y|(-cnjxK(2ji#hb-O*< zz86BKD+-#Z|7|QZutIt>tT;r z1JybaxmYEz@&bP_W*|K!_dGLSpb~$O%u26raqkp$Kch(~wWnRJUgFSufde6)%cmRC zvNEzPSiOv?01&zcw|SI=siNFassUxd7(kvE+}*Df1{{oWNvbf!lLK&ZAtwl?UD_MH z61JBKl$AZRwgBh(-J{cl_ig)P24G<<_o_UUmK#veNi>@$kFxPmmPa7| zShLl>^Xm-2(qa2+Q}Byf+DZ1A+SdQ;rP9`M+LSPthyWnv1JHDRC__>;9?@&b~|p{ zhj0`wmE$UoYW<$>;4aQ{humFE91bJ40yZ3`y0@9gD?nR{7ZBEOB25V0sW^&4hCzes zaV`BTojmC78m15g`%tpL#X8r1%W8+=p`)!1Bvsg<1f1_=2$N|{b68spB`UNa`MXIcLP0>Np^0_H&CApg&p2JE|m~~jyD6DOZ{j_oQ9m5u1ncFFcSb=lTf!mdVl!Ro{ zeE+s;NV7JH+G)Dz`Z>n7na66Oc!VQ~CTrT>1DNvubX~ypV4mhIW*JRXkKW)Z8MzkR+>A_E>UbM) z)*CqS)hx5}LvKXa?&79cykktF^lXK>aizO{+)Tzw$4Q@%Fz&tW5#>|07&2E$&3073 zfZVtEg@eDrD|QYsv8n`Z6Xk1a4u_YKqiHvdZhmA_ME?eo{50g$Pv#*M$ z|8~VMWip18^-$MAfkCgUay3PxV2v2|Ed@kIgm3}fT9eR+y@>*rm*d23I5&fh#_Q07 zN5=_LD@<}j@07gs8viQZ&eb;^yYo4kL6na!{V7M0NC-!gJeT%(b$J7xMOhP1*^GVU(kE8xLBBIbgG!M66xKTuDFbvadnS?vdu6CAN7jxp{$u z1>ELdRvtE#t4Z&CG4Vt{n&T^Ke%X8qN?ke=F^4s}O;g6sjT`58)%shvmfQZV#j`gl zGDxv39!DG%2vjYKkxZ07A~iF|-tM3DEep5Dh}&MwRw~;&8Djt}L=it)xGNePu(hsW z7Bn4#NnRsm2)<@BHS-O7 zCeEqCRNIpX8G*Oj383-Ms?Xds-_I1&h?@s>%Qp^2ZX+y_iJ->fIV&l1Qhu?&>o}B| z>06eim@cl77f_1WJR&Gy|V-MJ>gjzkH6noFZQPf{} z>`hDM)}o*qKutZGH_b~5u^mWWt80>6xS4Gv_#s=$eVS~6gQDIy5eh`cD&_|50J{vB z$;D1Tn^0_J*$PvmZMxgpN%2Y>b5(JZL2WI1fK%74956F6OE_l=@T?UzQ_TB9|IdN% z;L11Uxrs7|;J=TnD7HWnnUUM{FclgQL>VmyqIRdq_9sLjs&}7u`P}|j(kkJmjm@Q- zi|@s~LzNiJq)>ta?RP5Yi2D1*1cK-{Rl&O6dIyl>*X_A2Tyh1j5T`VF+Jy9S35^ek z=1=5cDI|y%=N~-3P}2w5Xz*$w=UfE@48Chs4R$RjEhZiv_pvulHf*QL64?KPoc$_rn~ffis?+kWnJ zUQVj&L&dO1-YufRu9@yMHr=|bJ=}i?+08<-{0rc-R# z%rZ$kQF#`uww5pjtoyL7N|@uHJCJYH9e_3yb5!l9%%6jC0-f;lqy0}I2*`Y~fwgt8 zSLiBzoP+hrY?_}8Zda&L)_caIS!J)2EZ6Nk1xryimOBRIL7n~lNf$C15uW9dB}K<} zVPY5O88i81X-PlVS`ZSJ zr@AAQ2Vdy{q6FQI>{3W$=X|0MfOT)A_>`<49+Ubp@)*QlQ`R7x3(}CDe&LO+&oxN& zN933Nl5P=X?ez?Cx3k|c?M1dQYI7&SJ8@=;nNb)QrZO&{)QG}r`pXOhF>jlW+ky7} zEmV+cPcxvrE3A4s!J*oBA_!o4Qn&8cyoZry#JaN8RkYrM863EHn5pgaPdWuO6m>iZ zIyfw5NzxH`eK4^v^MBg=(y%1czVFFw+NP|r)!b&f8#A}c)ZA-YEKMvoazQFb%{@U- zR3z(eH*HbLmC9WN#|2TqrI{2H#Z*8O0ZS1Tl@yl*m-n){@459kp7;Iqet6&K$WI)K z=kj0A>-YbkzstPAFW9VY$IHPIUD+oLxA*$u2kRKqEYO%=D^8hQ0(rmTV#HYYPN3A3 z{&;#R+6@=-Q|(w$g%#R%A^|K=o!^#Y5IdLLozxg4qg7ai3V0d@8hcbqKD{61eqK^C z$_t_d_T_qBPiRmBXPMBRetjxF-mjP!pG{u@@@o_&*=5}x;QR%X8|P+N|M4mbzFgSR z7x@VqqGv{{O@u$jl{;SP%(D+`HR{Sp7RBaeO|7?*_NTfe!dU=?lAsVhfC`@fwJrhr6!V<#1xLOf}pa)c@sEB zL3AMT`j;G?f^5}jAK5N+Z`L?tLBtnJYkyGYOHZk_;o zoI89QGrlMc{FFW1dD9!|pgVrPM4nrcVXCv1)iTxSF>ximuc+oqp*@s08F}wY=`r)G zD9WdW-s1^aX6^*SKx?$h-^Tk(P!9#~eZqnx%g2*daZRz@-OH&bBMd;+3`3g2UjUI) z;??)21Z{%e+2S+Nk8QDqIsl0WrRx=o0{2RVt&&*L%)e2&$lbvIMa20z4T_Y0`!^TB z@_6qQW@Gix&%~)Q3bL=^SaHJz+qn5G(1TSd(gxPAC!V-Jy83?Ove*9&;58}Sa+WR! zaibrH#%(oxV~ctB`q%}}DZc_}WDbtp*v9+KOiKhH>v4w5i11ydm*dKshpQF&b)&sQ zl9HG?;eeT?->H{Kh5sHp+lHe}TZUED8OW4!4fx?_*zv$CTNFFmz>B5~>(Dt7fS3Yf z%Qk!o7s%r8WC1JF)UUgNjF}J-A4iWb#l}R7l|FsGL|#k--fnXDL~Vl!^yI<-0c;#Q z4r)9y`h0nl2@b%@VnQl`q3X{oH^q%e7DnX`J&R+@GX9$3{nn7>98~z!zA0XYF|SN|f}XAAmb%+SmwIXi4)%3IM^hm92@O ztW;h>IZ#GnW@m>gf^OEAdecGmUZc0Zu7qV%5BK;AUS|9Nz_afzk{lF_w!bhAcAuJ^ z?aDEs{8gF)#h-``VYG$)xJKc*697}1(%Ej?uWy)|ntEG{mS6vBCUNHv{5P<*ib73I zO=b&bYhvKuw|_;3XyI{e{aP_E(&AVa@lZ z;Q9e*^p|`96N4q-%YQz6@Gxd^z8m07`10hz$sgA(EA9BHb(3(nSP-KvczJnXV0kDy zCly%U061;A>Hx6v{#cNvygdJn#!bMpl&$g)B)@T8i;->v1bfUHG>Rh$1bv^+3UI>XBe}|4@CVUt7^Aj9P`h4Eb zpk@b9Il10@C>i>IsqqnqoB9i)ytq3qhJ6gvdLfqItnn;Ka62t@0?vI}^m!*1Qdy~QI!IIQ>xKGsU?XMm6v`+Nt zZUd}g-R;pG8!I*?T_KV9NB=V3W&7*Y>$5D(k5*L0{cUK=AHD}feS62Il{TSygR%^t ze*5Y-3H%=C6W$ANNzaEw2KW8clIU=?9gUJtY`0XOfzV+HwWxNqu8otfnz-%J(!-^OStp)n+BT z7?jndF?Wg@h0R@CD$KQ?klnvh`e%p|ZC5%p>cG~wwUM9V?tQug+^KuZKv~PpgJzkP zkppk&*QEQ_zm9Hf84}d!aWIC#&@K9cn4gSmD-IZ2$$z!mW&x{9*T5W9k1pNoTw5FL z6oe|@dBe|Q##;UH76HbzlJ+^sV!mFvG`c%vYh$H-x;LZJbr}5|>j=v3fU_6k89{Ff2vP^-#O$oK!;Se18lNV@F ztbx|_>NaQg*OeO@*G$3EPG#qYwdA)OyErT-84{2(I3ef4?*pF+3MCE99W9XXvDUCL zIe&MTAROIt|IgBeL+K3*AUJwrhM->Fi$I`_4HV)v33&C}dW=J*I zMm@5ZMtSyJQm4`H6RZl{4!BKDE!mE1QoCn;XDYEq*mybG#Z016^V492T7urNt=IW< z<2rSSVRSZCGTnWQcr$%VisV<{4Qd+xK552GZ#tl`VWC3rVeEV7vrXtD>v*Mp+?1=}bovZejSH;n1Ge``Oz49!skyfOH&>gu~U6}&)gMNpw%tY>s5 z=?F$L7&-93KJ4@5(_IyN+mk0zkF$-I#M~KYi}`DBx0pcpJ)M>R3iX^b3Aw*{CM5n| zR_|`f(#Ja!qu!y7EyS8qtutq$)ltVOn4z8>W$Fp7!<#1Z{w#zw$5&0=3yBxrKFNxU z)LVDV@)4N+#~bhI#*v-UPwn>F*AtUVKR3-pq9pBAeLb@_F{1WJAL&fh)W{>M5m!g%5K56}3Yb%;{2FZ~1 zf1ehq2YJWqz?|%r{TX=8BcN_#jQ?VeIsO7QXJ3ju@1Tl?pR$=}Jr6y?sOS z$$cRSJKqUO5{n=A$+2%+@%fG3iJ|f6>cDrw4My*x1hVkts`&nARo6%Mm7+rp?`M`? z@#&3hott1mt#(SSBAuRbjVsXM^mTaaZD9T3hto>dyQp%f_gVY9w)a0Bp*V4cTQV{gkf>2d;RIlr8H2D3NM_gJ>MCyIIc55yeZ z2iYaT@%J=n*5gYWN)1w=?nRq}lr9YKcsXNmUmRLvM1v2;MgLZgZx^|*5eLIz0 zyZxRYGjVSCvQ0;+zQY>HX!vyaJEK!?hT=DKj?GYMCestuAHnQ|yepA2uceHuDkw?W z8SOo$d#IggoZLA0{MC1(m#ykdQoLTsrUz37$Es~)*_giGG_Y-A<0#vt@nJQuovOQT zf)VBPIg5F9aNY2xP?(4Deq`;JnDBgr$+%`l9S(_Y;L-KHRA(cJ!R;nAl-W=X5D@P^x{xa*s|4mGtqrD6{L+yU^V4WRzL@ z=xuKQs~tI^z3iQM>l?wIWxtyvLt_q8V9EZA+$Y5jwgUG1S=M7?mW(i@p9Wc$y&&~BTfA{ z;!~4K>*Ibte*$2|;M>4`xcFdyFIB7XW4@l@!h`+o`?>~o3gAu`YQ4QJWHBApk*FV4 zY(F4%>&A(0VSLlpVBfaP?Gv2w?pY9JdyJ&EvA;epyENJ(>gjJUF<`G_*_GV^(iVq?nK%^B4Ac0Nz-Cp;{*II@xqO_lIDMw_p(+%@>*c@Ne zFD>gcIA1UU4%Mxd=FGYrluKY#1X$Iwmo{lqCD@Up-kbiqy`g+PzC-vve02Op7zi2^ zOPbr-V54zP#IKsiGLP`G(vuDqW`xyxr8#!h>t)j^*JeKDKBf@ij*y z7|NYU&Rp0SWp>ND_+(4uEHiO4(++IqbfqGkKNogs(=!w6r>Y|2efI9w1l~TSvt7MH z?SssHtqD2;Lj!gGvs<&5e+)Fp)KIdnGpDq9DBHn)uZ%hq1oVBs%&U<)UHP!nuEZnj zkln~bMrU&WJ!rQ&HR8gfwf+|bnD)iXbw72;;n4U{i_h0?lg!tZQB_Lz9itza*5&9% z>lj-uUAA~K;@3hw2tgajEw-&!%AcS`oyop7Q>Nq1->j7HkjW;&9# zhy-U~K9DAAeIAQzeCUs31bbp_5@#Ab3VpVQC~4T<6tyH+?(52bS!3|{%%*3%2@e7d zUhIaHE0@N)~EWl^a9NGX_bfA8>})V0HvGZqH!A}0wABo7$< z1G5~rE}n{e5Sqd%5N64z&SXWS|Zj~;yGt661P_s$5ivn9^; zJVe@w^#3@oW2H*&g~2^5HF<+(h>(_XkYp|Tm-T7GQGAZ5Q*NB-dh704gsw;B;jQD{ zKgubC4MMEf`!7$jc{aZEhmV>GWvy$~&U0sGjeag_yes_Dnl|F(7^>@Lv7bkwS{Y-N zY|Wm8@M4VDJ&~r+pM`Ip6fZzZ=P4eaI36AQAugUr4Iwr58e4Y^U$lYWc-~P9j>zlF z&Dqi9tnhKP{oLB`Z6ac{)a}-ctPAXj{snVzeZeV@t>ZtfV;V9&R2W#oIj|cTC|8vc z2WrZF-?rCqui4$kK!dtzTD-Fv#L7HwgoZs3q8t3%0Jz;RB4+{j{MH8)q;z;<%P>;B z`BTT)D;_gRL`MUU)IWN86D-3Ldi-W^PG3muRNl!Ew-}e+jK-n6c5QZ&hS3LZh0xpn z5u2g}L$>5C`8w6sWxv#1``t2Y?|c%0|KcfK%Jooboef4CnLeUY89Qxijv{5r?# zOCliKOnRf>`%eUqs6Ni*R=%yA`pG$aPAwAd5jCOt_*7_Uf8}Iwx)jk~8yV{nl_+j; zD;*fwx6eD$ZbY&L=sqxriGWYFR_oTxPUnT^9)|?0(O|gsMJNwRr6^rGQP0sErbL0G z+Fys6-Ii8=AQQLB11e{&zve_I%_Ym9m$484Lt(mY4>UMW=GRtOjbr>@X3wGXx(M-) zqC^dWK(ogB@zBL~{&PO2>K~8>aqSQ(68UF#7=|*k3o^Wr)m3s|ip*0|uzfSWFih+? zYb!aDVXU`cio3-=YfIhY^?#Vj>8vU^kyR^(+J zu*;6%w--E}TbcDAMJpMTT;CRn>$Qe8V?)m7#*%W}3|^1}FlvmLl~v)6;#LbQK_ntqOb-}rC} z${#$pF~rWNIX@R2zD1F0X~$`N*j2aPz#QB$voCSv`@q3qn)(YNPZcq)M6bfH0e}c%-hJE z-5dBVVN0*ZCWdYXMo@$^gGyN%9$C>pA=~W9;Sr=+v8_Q+P>-b+6FT|kGW^|4WI(6) za812G)PE~yOn+^6Xd#qZLRhatj=@&KmO-Kd+=;o)9H+J(QXz+=gQa9(ZLH2}V=b%& zteSKc@jz zhH&$Mei}Wx*cTIBB(mb$J2+Fr-16}?>A3rJ$M?tug2n}~Jsl_O(6qM$Yu#)6=c_TP zR!`pcM_DP=j_&a!w131OQlzwOS`)yPHx)=@n4;~XBowx;ap>KPr9bC(&8%(jG81{s zKF8Ydz|_VOUG@Z5SL z&r_Sw*i&0!{t-n*eTaI(%A2yp(J$Kmgi2_Z;;udB-n++%cUM6`vqP?~TMh;pz5qCz zHMr(RLE6>28lq=%||`Fw@4f5|)%Yw5VMp?&#z7y!*U*Y47Ken_|4igx6<^M`IU(rx^%JxOb) z-_meMKX0a$xqM6dFRXTrf?r&HYf~sVp#DN90azQ5p8dEpCKh4ECpEC!#NB<;%-k@U@?IVez6r+D}p95-Wgt|!bsyuugtcs)B))Ai3f1oEG0HEL)^m#Q(YlY zf(F5&eI|R%k0o>3o|6#u*;wZn*dMvU@1*1I44bVQR`X}m`wLbHe6QBwZ35NvYN3zO z&DBY=XIL3%?sN~br){HK1mzYh{{5zQip5jq;t-D+^s%v*82QYY0q8fIo>d*;M1{2z z_Lvc9LWJ$86UF24BU@giloRYRYsp`riIG}5=YlQY1lX7pbjFH;dy?^p?BM6?36iHa z>ZrV9PnKIF|80Z7o$EdKLuDPNNt&b#Q2w4mN=OClgF~QKu=P^}A(&ocfl$@Uukd#w zh@JJtFg{TJ>FP0#cvTUK6gHOP zWaZZKa!eHPevpO2rMZBBt(tbfr!mG-?9lI=$`im>;M5FTzI#ZqMe0)KkfzZr$?2vW z2Ya&&QO(i_wc3-B5}UKeVp3>;nY**ufcAMkz>sNqERa*2MI;jWF;`a2iP+U7If^@rEeCFNj2 zSm=S5qpX5u7AaE3tWyfyOAm|4tu-q7{zYzvG{7|U`C2iDR)HU^hIoyG60@dWJXII{ zkd&WGD-PvB5gOGQiR?767*@^O@1g`)A(iHiWe~I_9xJQ>AlV7uR8%Ck1;!vSgvi8z zzRS%3!xm$IDAa13wy4@lH22WIwq`bS>iF@CRvD9JwL#EUyu5JSg#3LM^_5Pba(_|^ z+Ujn1vq$AgrM{>(Uh70_Ff3q;D;@#tETia+AE}o@Y_Ag5ac1=JdMga>u;zOet%^S? zh$Z@D9TCM53Q$MM_2aG-;`OmGqc$NZQT4{)%ZdRXZpXcfqNmLhwhNb0`~s3a+#!E% zN%i*{Zj!_3X+`_78K)6jeovPt)E-qWYZ6bw)SE1R&-L7L)*N!aRpin$2ty^+lXS@p zC+V9R6#9Iw=cFf84~sk?sUTK7U17I}W8+kJ$EPfdZ~&F=shHc}*}d&G9hO}C#67!MjhN4*kIA)Cm!LJfvP zrk^IdLG*=XOJ$yu76k8aH!9r$vk!WjZ? z9-9O-5)qZuca;22Sk~*VFZP&q=>d!FmX-zGl?-r_$)Aa2{r1_x=I#ssOn|?>#oDMA z{xZxePW5IoZPdF$$dUD0bqQ?(4^1n#O8Z2b6+zh9bl?V(0hocRhBR}N`pS~HLKOGf zMV`Y4<1XQtyAuK}He>vq1Qj>@u(3iO9d$ieUPs0Q>|S5Za7>;3UAa54QjJjC<68ln z_Jmbe1cIR)aF=j~?VMug1&Oe2)-pWTs^xO4Fu)Xd*)61%ah}WpW8u{nMREf~<|J&C zV~ldF;DSSNUCH=-)3(A2gEc_BvufV2kqsE7ZPsiu4ro864bW`ol*x<5^PUs#=e;C{f^B{5|L2Dl9*UpRuS_EgWFe#NV8 zHfCEmBxKlXrggc9Cn=8D#AL28i8}!J2@Ns~rCO8#m2@59*@lA%AAoXiu?W$;VnOjc zt}l2{NoT0jY|2;n^|m~_`GSX73JZjMhzJyz>tTaoUXFmQ8=r&8_!Ma+fx%utxPyaD zieqRe1Ni5y`rd6wX?~E@M^N401x|EJ(RwC&L(B`fkv99h3rlg-NAdNsaLi=3VsYW| z7q&~bI6E#t{Fc!ybvs3h5g0e|V)LtJOTVo0^c*4t71*|6LQDHm{tB&^*b zAq|r6+=B@4R$GymTkGD@`!6o+qq#G=DMBO)Na0*d*yu%q0RspCuxg5DFqA{)AlyOJ zeHOm@BIh0~EF1Q+mXyJDbrQo6yp4LeW=#@=E`8v7yOPs~FK*)w!rX`{c(E-yFl#+k z@g)I>RG{42is06CLYlJHYEP5PSt^K2v=#;>GgEH45JsQ1?U0JJ_3kg5lK(1>b;9K^^iskT3# zi}nfu6D#$&NwiK%N8W(4zelBiI<85R6m_%rO}j!NNL(au5(aQNFfXRI$OobgmRi&w zc%eHDc$p(K#SRBY6B!IP%u63p*nR!E)Db%A2nHg!BPm1dj4yLR7nVQ9_D^oP`RH5X;yQC&IqVsx9ubN2*@u0wI}Eq)d)1yUpTc4L(1# z=CbLVGS8kA8O;*{t|Sa*HlrZweeDVzH2wS^?+?PPyxagEVu<0*z=3wM>1!@-h5@4G zz^Fn`u;T|mx0Dr`@AJ4KtoX2d00a!ADu8k^gq$I6&Q|$n3J~I1!m%PDk}>DmyvSW< z^RzoO2Ir?WQyc|EdpDp($Vn|H0iiHAfIsQBbAJ~=sZ6VQ2T-}HcmMc%CC~sBz*h-M z5e8%-&G#e?$}$?8@xdzlewYVW;sF69k|ES!_J6J*9#2=ajX%sWB?p2DIzkZ23k-n* z_lFZqdi1ceXCmY5WIQ*~l_^RGT)ov!KA1MREAz)5oGC9lJA1B5OJM@7QQ!@eO z1s$>FMkLp9HH{*CU$1cy8w1f)xhN~h6yy)(xBym&vPMQt&bJCtyycB}?tOw9O6{<(}&>w?Y zx&Q7qV#C18uY;K)Cm>1z`$j;@kzbao?TtwK;I7B6R$0N{&rXNjX1!5Uvw0OxQ~6y8 z5SQwScwjC$g#joUa>ZStjboufWeH)!c0kYCY(Bu+3g{t#Uzh>J%2}hVV|--)2dwdb z!qG3~Cmw8XG@~QOiV$PX0P80KpyxcWK`*$7k!#`VRT+#G!S$vILRyBC*H@1%;-(nq z>uNYWNi&aped{$yen1S=ADJ9-Pgadw1ktm((X9# zvDG7S6EaoT7{B{;ibpT6-?p|m_Od~yjjPmizd!>L2zAx+mUH}!;gbjp=`LQaxt{dP zwwvE6YJRt7!-?+{w%x2ZQly<4s3`IY!uTdL5`Fzf*M;YpVty;HlT9<-_@px4C5emZ z2B-O1(Y=Y6$-?s_5;0&e@I8Blu$o{ioRL9(c}C!G(=^0Mmr+!+Jad%0m@aE#cT_Q{7zoK%-zYGjYyMs5;+Uyl$^oOYEY%J@{7XTc!Pc#dC=1j?=F{pq}^;D$;oqL zGG=WMR)rtPF80#|9}GKySxWGQ{k_}e6~xiEe`a0`9SRSu94W%+Pkx?75}lDij_;O56j;_V4{-9-kQBP#&SdcHvF5_=0M!DbQNvPBl4` zJNPr@6V<_0bg5k>ofKzC_WE}X+Wk{hn@Ky?VsWOhw?yW7 zVP_)DO$#cOX7g#Cv0x{7Hor)R6Skx$TSO-<@#7T!rP{xyZ`m-A^`4EGW0^tIrkQOS zfQYN9Q&&cnI)6&{5 zTjwkpx!6Bsi!j>B5(n^XsBCRTU{G#bj1b|R?H&E7mTp6lUjECZ{?a(^o6?8;i>`_DRkk6mqq!0 z?E98{Vzk)C(2-FkOXzg1dz3r;r6zQ{V8uLuzm#u?MFE zu9Kfq8P|82;TWPOFm&)}rQidrsHB@N8LH~Zjv;8R^q21x2Ne@$9$m5myd|Yl2GI?k zg$rS674tEifS`q|GpTk(ULln?OhfTl<0n0S3mYy#&f3`FB`nM7Y;#9A?OOTSS`ZqW z9wpBbmTlEoDZ6b|DfL10g6jCOlFRJhGW#o{@bO~;YEoK?$Y<1?fN(`Sm{RSE)PpL| zv11-DIC5-U5zG$}CB?XtM&|kYgtY!d(HB0;uU3}SRhl`caVMAK?g#h9+T8wIJ8wf{;cR1$nWLHeb6!u zrNb{oW^QT%(U&~_RFNt98ai=Mls}SS)QOnsWX`8KjrPyN`NA zV{}b2iRF|&Od>uKt7Ty+=nocdftIAHOxy>a48zndEMI>Sq*PiK&Nid7qwzQX=A~j*_i} z(}na|Q*5c9894xPFAxoVOjYS3c8Bn7HH=o;-+5gKb!WFrqz z!nH1*Pn&*WR28owfaT4rtbKy;5DIaorl%GXruA)VrT#|yP2*$O!@n)&#VlAgV+g<8 zTBRxC&oAplZ6K_}SW|@6SP@i=yjJHlbJ>oX)|RzjV3;^kJ0O8POppb}?lLEPm%GM3 zo-WI*brkV;;#Jhz2#Ypl0|bPzC>(Wcb>LA^z&~;ZW8Gy@N9pFqfq1C5;L@}THH7X< zh*4{+IV12ESCaU$SC(>v!h5&ZuZw!0y{^Sb$F=J^U;n!{*E+OE+djAHFKR&qA^bNG z3iot8hD4nv;Z`gDi>>Aof6=JZCR_G396TS3m^sIoCt|`QmN>W~iQHLzh)4a7Fco1` zs5ZxJ3&Pszp+7p)imJU_>1e~c!5!k?B=)9@R-JH*7e_U-GHt+IhwgwFr2^#j>Qxb6v6Dc*< z*0`s(vz?bmMmA;*A8G2*;ki#!FQw%wLU)2!PvJcV?u2 za05vIE%uB=Oq_e3MW4;D9EFztKxo;+cD4k@^u_NcS(le*TzwocnUD&FBZ&Q}(}pbp zO($1H^)BUZw_-|9kx$Hkc_^L?ycG!~jxuYlNyW$Rw(ESim_E4>ojVxag=tQs z$K?3%YYAR&7KxeD$ZFQt4MnM2M+E$rBTt+1Ww#1ST9HrhoMG?*QQFg;@6zlDvWJLX z_@fX(X65s?o>v&*vx=j5d|{6+lId#TE2!+uD9>d77BbkCaV?Y9pBEF`2E(~Tu9hx- z`wPA65a4_S=#BgE&cf5NfP`bh<&zgW5%A|c0{kd>6k2nP&;n4r8b31h6Sx|L2xh$W z;&V zfqauTji?6H#DNYg$6d-C{w?-jqophr+_{bj0h3?*v=R+Y=vV@Q*d{F;M`Nh$S~W@} zRKdp14O`Nq%k-4}oH9X#$`>{dWTXyy_7F{^+{Nr&1?=i<3h1vdC?ti+jJg`k(*meY zlF@+otIu~`KmA^QA3@S_C%ik3zVt3~po^lf?r#XGwm@M<@)vCMFW}4l5X)-HH#k@x znPT|fy|XogZDvx=Q!9^xtyZb`#taDUEIPCHwU50lO73RCNcAL?@>_vrmhW{V3$3G0 zx@TJB#V{AD*{-){omXsR#q=6H5=kHVVPy5XycNKD?&YT0p84Rhk;|t?T5^stG7A}5 z2bT6S-jAr2Q}oHNAuir8cow4H5+~iF6PJpk$5CgaR)*%!n-pEK#Aw{~P}Zf|PQ0tP zWgt7CmmPm>*o+tNF({r5;B^rjhA@v1vngY`F6BM?vp?8N1ia^-36pM*lvde+#l8Ad zyNf0_*+e{^%v}7THBrD5dXmgZqzLWUh6652Rvur@R)e5y-w34Pq2A=Qp7MRx{Ruq3 z*Xk=(Cpq2saWkjxu%{Q_>| zR;RnKj2!bm3gu_Uf50ZAveRtDvAA|iW*6ND_VeB*OcKj^gb0DQ+{vzUyvAmFc0e+$cG5b{ zbmY{%RT+r?s6KVwc!6IEPI!8pACrqYR>BdeEe#w+42~yfxwY#0z0fi83*g=UFGmdP zxJ+S4F4EPIkve7jI549Bm` zLfjZ*Z~g+=cQS*CdRKdy4 z?5yca@bx8eKde{@@bQXm-zB?&>_HIJ*JLhXbB|%x+}?=MMOW79Cx*Jjdc$3GzuvG9 z22v)Y+rdiiz(;>bY|~sV^^c0Nu#@xes1COm^cWoTI=Z>FeAqhj*sm)RRo|VBG$CwO zqb(wKCK3GQ@#c=unEc&~lK*-Fj(t(jHOPA>G0+Xid{mQ~G_1D8Sd%y?DT#v{G0?w( znaC7NK&y8~Q;LJu0Dq6WGxmIgu9aKg>SWob^*KMKeY@AL^6jamTg#8^JG#;kZq`RA z=;8#aFTXzYuU5#)lizAtuGr-N^^f(E{hu+K-tyWV35Qg_1Afk*0i7oPdga#t0zP`} Af&c&j diff --git a/examples/external-auth/nginx/images/oauth-login.png b/examples/external-auth/nginx/images/oauth-login.png index 847d6687a02307d637a80c85ed8e74f4a40566fa..c8f7f8b17f7dca0b45db248a184896a88c16d716 100644 GIT binary patch literal 51667 zcmZrXWl$VV(?D=1KnQNZ-3jg-5bUtv?(Xgy+}$N`NC@r_AV6?;Ih=5~94;Su-oM}0 zRqfVJ`}Fkm^!0vIQIf?#B|?RPfx(aiNC9DB-hp6X;KGm*-`?zH`<=nS3}?$piK~0T z9{0k+zP*H{cq!nON+W-J{Qs}1I!iWQoZn*D2sBGOIf31!Kc~nnj;qocqssS1U|@dP zwcNqOz_4??@uVtjVNjK4b!3K_&0M?3f}>zWOZ9s`cBpFD->}Dtx3z2sN_D? zn8A9BamaiQW_bgG(bV}IY!WL(fd*juCbbQ*Iw7ly!P0=^>C6?7GtW6r3U!f+AE}Gj z!JvavYUVe0^P&8QmCGrxye;+XBEl3yw#wo2SNAbqxq4GH&~U>gHvCMB1HweF+E z+JgJ1!~S`&XrSNY)zN{~@;~PZIwJscbX)o@-gSc{-3O~6EAbEHph2jcE47N+!P?7E z0$JYUgnd_^|gyi=#= z6!Kh=nakbIqbImE^PhOvArFI|@n)QMVU-`_Ux_5r#7KMc7pR8!_z5`QhJ!>d@~GRS zwi&lHprTkBzJ<{oDv@ab)X%-r=x@V?%6Dzh@A(3KQhHUQsxnbfA(8 z&bv2=zqsJfK>0PIN)u#_QRUfcyV4an9+Gkc=5KaMYI?tCq30WU(|a)lFk?}tbql`O zZ%*NIR0ns9lLw>e3*m-7-pw){ua=d26t?|D7(v8&{Q7~a&@ zh4sLXuD_G-9hTd$U-xZSTf|G0?a<~HmC$YAD_U1q7dt1X1h!OM?^55#{;wrqk`VS# z3gi&6$*peJ`%m~92j;5w*mDY>Gn{`IjhX4`c8DStmvmt?dzQ-4BKOI#56;-54w8st z!;52M9_%IUoS*Q4f60;uz|?jN6^jO*<+W@b)pqwC%mW}zYo0&YNumUkFp43qb`Ue% zxzW#RcNh+}C7Tr(Lyh85J?BE`7#K-_C1i1`~?5#d8ta7d+0^w$8yA|IjJe zO>J&|q1)mo`v~9Wfg;{%uvMm|Kj+i*dTY-y!b9JGD^%KI(jPZoW1nVwQ7J-7Cg%Os zk5wDo^H9|z>qLBOoO3myg-}*R{j-@8v$8T-EEf^k#K;JS$j}eg6w5U69}ncn^oJ2L zT$X$3NpbMj2A4EdWfX#{djK!Adc{l?K^*^+MzVO<7wkEPT##Q`Ra-1E-DTO?&b%K_46FVf<#odnUiP2SUf-s7F8EA3A$o>+Dcib+DbGRSbI4xRk8|1-zi^l;@p zPU6K=Rz`g)VU(|=ubj73!$C^FA2}!*QSg%%&l}Wg&mL;^rXrM2?Ryw=KBtT9k0r3D=jEm2p@-pgxU5w@s5gqyZ8 zTTqW8Bw8|#N@G778AcW;E8PYwdE`T9&>&k|#&`YTSN}|5*L{Xwk)@1JQkdf0j%z_2 z{0?>w$}N(vF4T=nzrXKe{7f1MSPUl7NB`$uQV5+F5T^41f`ZU_qzOg;qqs%Jv^m|@ zvoWdHI!Sc|N7v5Md={$FV)^|dO~wkYJ9#a%k1d)Hvf)<(b#~2qFyy|+45fPTbyzp< zclW#8j(S+a>+3*q{W=o_0#$~k78_L-v)M$ZbQ?POGAgqfZ56t>!X+WotP0oSi@vbCKR z-j4lbt-QPkg_O^mI8v&yi|M&TYu(Sb-CW3VT*%_{WPO?yea5xh=p=kIuaJz7 z0ZT@hKmuB*$`Emsgp#Sf4$)dGTViG2UwZLpo{(srSM-vs3lYv}Hfu^ET3D%r< zHGMns)~TyT14ESk`WTyi9Nr;`Uo4Habl>5ANfpAPXS`t`w?ye%;&TJ8q++M^6;eR5 z;T-gvV}NaF9o2xg=N*+a>?7h3szBD*$$jUg$%5DW0!eNn{M#K7yA(2T)~L9x0$0?9 z_TR&hu4U%v(v#BF)xw@yF#?1X`2XV6zlDkPJfx>Spb@xd-s8biy!)HE63S`VRyeWG zq|ai!Ccf7#i7Rm;S_<~qzq{Be?+jush+Ns&U@b6RT+audFL z$MNywGzAW(cuEqBIwcND(BclPVIkR!JbFk`7;8L28ChRl>c*+@$%_$QJ;W^r*p83=Hmxk;|SOHJC&T2F#R( zwZc1#rto+oqnh4W_C{*&JTR~B?+8s{4gU<}Rye#ABPGvy?-I&X5tUpy>W55&pMZrh zT3_ka4HJgjmg173Lh<49s6bJlpEasDNO4DHwj`M`K*?G}#COP8l)j|r<)~+3`@-0i z+~J=oNfS7t>Y_Nb$x8ZVd7c9*Yr8M&Pm%@r`C&*`SI*sO{_`LXPCs;!hx2#2wv|`C zzGpg)Ey(|zs_n1nd(|ero1-~9i1z!+{1`@-t28tS$(v6B2Pdcc?ZMluF!S9fMvXO-jW#7)vlw_$n!ek5FNT@Q!4d;i)zMp*m3651C zPZH`J1utahtDYU*{wGev^IifwCR}#%FhNqzPnZRP)gwODhm-hQ)-S7Elv;w8uEd2f zW*hNfr#x9lG+ER3r^>9T7oU7F`0cv$zur%E&YU%$D@^U(hx_<<2nLsRg1+PyjGjbV z>A}V+tSLj@7p8NoXr%SNF3XGkdcz!JGU~=pz?Y=z~ z{OPWM8ej43c0n2ZFFvV=^*n96rmDVe0pQjXFE)+3b=1F~*F5)&UIEe?1~*IvIS>^& zVO_Hj?YWpFMg(^eQ^Fm~!w=k&_$3%55qD^lx;ksf2RX$~2A=Egeg$~PF+-bm`_En< z=8hy_x884KNHEsM$;ZTGG+vGwC!(PzOIf=|ic2S;hHNkgofbnzpoS*#?`@-EfFR*KXFju=1|Ms<^)|XPD=1&2Z^yGi_3gU zBIZ&O^87t666%y)@NQ_IM}!#m&2C<-o?h{ZeJ#*i#?3jE!cg!{M4`Mo~h z(iaZ8;!U4*KQ8>qePLI6Yyk(Tfl6PPZ}aXoq9FqSn&r9S)}Um2ZS@pR@aWj5c`22H zOEw!y)6Y8xw3m_Ld{eT+{dS+y$1lIo{PX&L5lrENTvF0iqoEs21%k<|gYnsL*WqNE znHeMaM`nXY!Hs?BvPAi&{1cdmZN zJ3YmcL*LxRG8b!j=)7xW@5kUy;-p+n0ErUY?SCpu%Lx^eMev$4rSGn=R^Cr2Ewxzk zb^k#5F9F(o<+||Tq%S~r2)yfk+}rCm5hVNP7ecpr(rbbHD8)L`%e6m)k|k-H9uQJm z+jRBDwV1E)5!@*a4G@ji&X|7lEO z0Y)J=#NTmx>64@SnDep3WX3MQ5D-e zahY0!(xg$OareU z_Fg!Mh}GbUl9G~lKU$Ab`OiA9j39F$r<-NV{s96*q5T_9Vm^nk!`bqZ%y{F2iM(<> z9?fqqTioXo%>4&EJ|m-|Xe#9A5P!W5ir+^^t(ljfK^yc|Ci@M^E`|p6#7YTQZFp*% z2Uix}-?6uQ>)VQ1$v<6XAM(2nv$qb$PQOzvD{T3;Ge#Hklz? z!=5?xcw0fsEsj`j?)!iFQvO+Jg5qE7O?P_Lw&E3?k7xsN%1P5Elxp@EC9@OE`(&Lx z)pLRe-cAcuAA9VcM`;Ca%{df+htjRiXR~ARq~~K?lfRYrfK!(R-04Mh5`z> z3cBcV&7X@kNIzKlv1fI5b@OkcMMr5qzX-a#ZFB$^%3F4`jUJNU?{CTQpsc-o=67V? zv%RM7OQ7Pi9U`~TP;to#ruio*VUNk1pbLC8;oaTcDEj=h22H5xEc&STeq@;BBFtui zh(^6n_Ys9JgSF2@r?rGx6$zG0YckC&eGMM)7pCt_@k}*h!QB#AFOt*N!{1F1qz%~$ z9+m!O1i!73gd-m(IIqdQmusPRm1-YU1dbY6Gk+uCa|{=cjQC|-rv3O~Ufp;jjVpYw zwA5*AlAli|sq%X2`1;{?o`k0$Se+APxD?L2Ns3eQ zsiODmKqmfz3s2{ z?)qslPV_#ONDTX9)yD=C67u82h?`~>c0B=$s?zSO8{MhgH9$)V<(rp8alK{J516<4 z<`T=bhg9+*rSflPkAHI$t7It9u%WGDUwh6xcJIynM}$>-hMcNGOK9H)5!>%PvEip1 zo1NEI6`^jVLFtO)KZDJ6bF$y_(A9ac*nNF{J^Ut6ntNSAS=h^4nK`!6tNp+*(t@@D@<`aKE z(Rx4W^fQ|%Q*m8v^b9ebju0VRcHAJd)NHKSf?0v6u9o%-@>QSqG6CUf`*ZW|VR=5| zG%P91bygSC&tHG@_`m>z58D10ZI-$rFH4uMb~A!#Z?xxJ$2@7r0%c}0=*=g-lUb4w zckH!{BtvxlxvDB0v}Y>VX}_TIY#pb@pm}6=on}|1D2v>eN+G$yBwA_~=$kpCz11NL z^G&N$#vhJ|h>QlpL_8lKL1z5wIo0%@qm9E!1y74kti z8>`>>>FT)r*bsRGMoTQrpN6W*pCY5Wf7cP-$Ur_z^mkhJX{kNi**w9Oou`9m05%gf z-E>I0{A6>^oN|y8{^V|* zjAI3jOPW(E8f|*OECbjmF0ts1DeC!e1U#PXUJQ{dlX-0h@4h^q{Z~a?!uI*$x0@uJ z?787xUXkomcdx`E4UE(qbN=gwzJ&t)gw;P+K$b^MP!rddJF zg~8qY*V32$SfZb7ZEc5TB#|k@uqC2$nV^24gD)&mc&b1)4lt;^=?QTkDA-3Xjcbsv zjw7e&2<3_As^3@b2s=%!>F%Cyp*+T6t!XX|4hUB;r0|Z!miR~Lv!%_D0S*lmc$F97 zc(1s8xoU5a#*^Wb>-@!I)N%e3Pbc>w9vvtT=c)q3xYkL#i3Xz-KNOYmpA5*>+R_>m zInt?fqhp>#IIf^PC7?12n=)fVX+#DsDGnPb>#BmfuVPcz-?op}*bqvC--xjD8kTt0 z^V&Tei1I%@_+l7Ak7K?z-Fu5d)}LHic?^IEY#ACz2bKzZz$3^@SGhEraZi-=}GGUzmPfF&XUgKUbZ z3N{NuHi}lrf?@Bx0g%VDo&shzHYWRyLj&)} z+e*-R1^0w;I*K0uU?nmOD)6M$ZNS ze7-CVDn;E(p1Yd_2#e6kJ-d?4D?rk`ktXJ&x9G|>Bl0>`Y1jkgqRcze6}rF%j8 zwIF~Pcf=22{)HJIcfMH;G8y>OleW;_>?nWo__6!!k=yIWfB#2!Lf%*=w5zk+_#|>! zg3DWhFO23}q^gMudP}lQew#Z-nr{s}<2vf$NLN}nr|OSs6%utrc3haLLR)jxyYe(W9E0gcD zU3+7N%2B%Cq4PNygta$?vX#NJw(Aqf-QFt{TM-BhEm zOA6F(js-1ULw40UiP3<#y|UNE@4gixFwI2-I9(q1Q3v~!U^vDKgDYxB+`rgB&2%f2 zbw8l%%SxLx{5t8CYi98!hd1!5@fFjzXsO;QU$pLxwp$P@KTsHwS#*fF-KpF1s^|2p zj|}&jjYyFDBo=vT)!4zG#MYzN>LmV`01*VIJj)LONYxN9c~+&pW-Ry2}GWV3+30OAuw;OBckNfH*EPMuyJI05zF5_ zYJVl`p5r{$><{P+YiD|B6!RAd_w#k%4Hu5};PqXQFDCnfKbJ>=i%#(MbDliMLzngA ztQCR|KB+kqY2)lD)Oeqb($IlA$E+zbvNAnkWZ$O#m9s}pG64J>k`LeRp&^(U33M>x zZ$65n&zlzcDp~#=D1y-Fw^4>Ug5aEI-3`B*vFh6HpVq~4Ej%YA--PK1bDYg;tGh2! z*ojrS0Vg+dN7+$@bn=770JVcX25FQdTR6Q2<0N^FYl10)wGMu2 zEFzp=(=I{J9fFkslSrTj1yt*sC;aWx5ywH{+jvlAI{uFD9H{D1SnQRT(rdIm^Pz>H^3UD4c=1spN5%z8np_lJqjjU3=d= zS|(};5NA*$KMZ2=2*q{gy*n28z{-rmp56bB@Cc)Y>aRCA03(t6?BIL>A0r=rca8?G z6n$GdF{_^rmKOV=t3vk?nIdiFCQk4JVvx$lMrylozd3AyLdM12K-Jw#jKD@*;Vmc0 zZ_X$q&A3N1AOM5cnU?uz?3o1+c1&l$Y4x{UFQ@yC9qo~}-hn!sWWGKK13DArt(jq| zWGv%dj|3W}ES+FhUc)>ac7X>G`}={)h!soSuVI!fU^6ah{YdKIIWl*fP}>7wTGV7! zzj&ajXQYA|;dy2=C=lQE=PMa-TX3N?47K8{g9e?dHCA!(;2m-bB_#=9B1kK)yH29< zM2KXba)4d3Y>d?(^_m!cV7IxyGa{+b_Qx|Q@9>(?PYkgUue^}C%_(qvO_IfS=pZU* z(Zpf*W&9p@oa}vU;h-?2-gicGos1zVP4hHO4)*r^J#^rjI;eN!pBD za0NO50cm#G*JqN?N)lFg5}eN~A!^s5^u2wl2%P2(a>6 zKgiM3+!ik|V0mqIe@zX}+n#Oq=V|>t^9$orXiJJbJINvMmGl6d2yWkITySp|c80Y; z-O*(z_!1Iyk6JrPGF*MU8Q|M`r4k<+JqQWNe(dzFNc&OS90~mpS%I4zxAqTeP;hnD zUS!?wzv22rL;8zLveIzq5Se84aVE318r{eCP7jfvi*0_AD-RfmVcM?+VkQDc`w;IM$cIIXl2t^A%?G#o%l0`spuX zGI-q3@u#)#=MEK4^rVQG4s2u8da>{O_DM7ss?U8f(RNwZyZy=926)gBSHF&p1KYL7 z#`A_!x`XCE=Vt2%dF%EvuM76nA5fk;f(O@*@1^+9%J<=1(2Vn`0ePX;HO7>5o%QAH zIl4i6=$J$M>vSp;;d{V50?oy(;62A0lK>Cec2O=*%oaY6U{(K9DuM-n=nba}*TosZ zS@Y(JPW6+tkT(jg5{I z(*g{o%BI7LIw?z0RTxvJD{@pS0oZ`-gXjqu?4V><*UIwZx#!zEfsjA)xfdaTjYG-b+ z`8(}DS^JC4d@uk@Ah>)|Bp2O{i@U9KfdqsLGO=iEln?ydL1B5rwv%(RWwJFR^G=)x>{DP&JwZ)na+Sz?CDG z{VH(e7<9)Qc4cCr`zxj;Mb2wf5k4IVSiex~tBRp^Y%ivtvdz1G9bg0by_JTnT2_-@ zuFFN^_Olvkc^>p?G{tYFS9aQ+XKHcIo_vS*<#5FrLAxKbaRJX)jxeCtOo4*4?76oozSp{lE;#HPt?|US8Rv0-9|h58>LqQiUWE2; zmA)?OwmPvyOjqd&BQLLal7S7|qlmGZur+t;9hYiF3;{ICm4DIPO>sM3Y(JT|Cq6XO zD_9{vwUAX_`(t9goY``dThEMl6aFf>ZvorR} zm8;qhfoY`e&es9o|AP-mCS`O(1VB?*h@#U53|Eb&GrtE4pPIIOgHzlcc;*Zzd*7(C zMC(tx8GS}ztjR>rV5UW-mR#x?2QzG+x&!|3dv`WWeybRNRTKu)Jx&LKwb9AdoX5yC zN43^qJeS>}?>6LQWLMy3n1|d2iW6u^COlHq7Tdk=ls6A-6RE_r&}JrN$FNtAmw=)_ zEye7&v(DaSlLtLi|AAO0V@N$ClRUSc=rjelYfDfT$aWVN>e;$dP$_#${2`03VDs+A zLlh!0JCqJ?v2k@G3Rs0-R@`0S-SdHxPBE7P-UzPLP!0`g+PTfRzN$yk$Qg-H)mt6JHV zm?UZf!LL`8oTb!A8)nkF!2!lyVD7Jm3b;fD55pI>_UPSMYSUF~QioqEJ8LTxo26fQ zxG`;N3?5#oBF@*ye2%l?HM~aGsc-*udtFF)DPWD6_q;xzg?ilL7u-yJ70?}x-<5b0CYv2P?``nJM-!kXd_MaYrtxc5``X->KUMp zw)fn7OEA{RbxD)S&XjpNL5rl_v%2Y^#C%`S#V$=)>O5`_SNzQ0g^=Ah1yMjF$&crq zt%f%4_OPW6!++}QcpW zoUtI!Ix=aNuc?4iJI=5)!1_UYxeedqK%X8?{Xlcda<4|{qT(kV&hG7=T6E=xzTDno|Dbtujp zcEh_$0>t{&KlN?3yg~kfB^0Kwyix9t4a9rDm$aBlf_YX_*}JXeTsE%8{914x-fU`= z00d##u=L(CHVeXCEj-0c5tGGz269Z&j<0<;g{*?G&$)48h0+AxiCQ?ybg(!$B98B7 z?U?`RR-mF5dLYR-sy|qz|7|o!9v3O^BDBjOL~`gcIg_p=O-O9R;;5iQj(rU>Yw*J{ zFG1Is%d_W9H-0)N5Y_W`8!kGu(I?DO6=k}J`9u@~@|Sb4&OD~ksDu1WG{g7!iIgCd z%YmlBMr#nyO|>+?C0`)w-E+mk%7g^FEak|~b;0{bniq5Cg#f4V&kpmfP%m_voJX>d z$XgXFrQm6ojzSE-=W~E95C!6gDbp?uW;QvZI>oV3F44QY(lL8xBh<-IZyLMa_K9?- zeN^Zp590WB2dGvKquD89K73ish9G}(IU9pD;cP5UXp2Yq2_sy?u-g-@DbLx!hdk}s z_OTQ3(oWb0-Hz)k7y%dQAY4lo6-1V9DSL~#L6^ugSwQt?6cf}UYHkYrMO*dm>xM1W znKq;Hws{_|Q%7HLyjV7GVDY($&byo%MSTTxTnUk7;^^V+V4fn$a@1^?Xs5Mzx9?U- z-hmM0MF-=rb0mf(emc$=raDIPAOa5?TFY&w-(wYJ>wNUy-@`Qs7tbrOCIxlsWjAsr zGS>N+eEfCQxs=nZu7?)U$qGOA3AUjZ8F(dkrai0jXZ6#e=LfP$;R#LaUBxd-^=Pzl zk$ArEtp0kF?aLWRA>6Pp%QkwGP13`H%#=~A(x#xhJ4N>FDukxDf-HP$y8L%$k#pA~ zFmT+87&cjv_P!OBB~8Uyg9)q52@+|<_QWSLX+~P&C4BG%wX+gk(?J?ESXAQlxTw$T zXN1au5kahOj4dk_lDGvZUwl4paqT3l9w+tlSED1)PW1O5(eYlE2;!MQ)fLsU=XC=2LFmV}MMX{k-fKkK}m3G=Xl)|TM0p~eeRIQ=GG*kQ9MyZ5wHjSM63i4BH%?9Dmz5XlA*DrjP)uQY0&NW>i^^rl2aLd*=<5LRUMq zooYdIa7eJ1$Y*==wz?JSl@*#Pj6a%uf*U7WEn_4qty3rsL@$k0vw3yN|CDL4o{!sC zD7j}wz%~G5c%h(-ZTH^V-JRgGC)%9RqRJ*BM)Nd@v?{AxsX(odYXI7Nbl_E^ z0}mlpRbK!hSj$@Ij{$3J)8iFb!G1I>F}nT|Hq*4=FQLUR znXPt#U^-7W>SsdKpvp@&T+!6RSm!E{gQ4DVn3i^V0u`24bP zS^JxEkU}m@>Ojgcg+O=i3cuBhCC$4f0TXDg&)!1bla5Z@-IgyDVad=8u9_xn!tPtB zm`GTlKoU>%7KUUx8S13G$(d15D#oav^2VED>WdGMV1dMf9<8AmbCmcxMdTsWe`_Fi zEDws$OiydDJ^KgE57L=+-n~JV#s^!9Nov(drol_uFdpi(!+SlAIdbV_=*)cpwx%wLf^|FyV&8XEeNcu7B>GL26X1w77QNJpXM(Ix*CnpK`5 zd6|KDxFfr(8pUT(yuCcAbj^G|xZ?Sv{HaX2pJ{Zs|G&(s$wlpA24|F$== ztl-J@(+TRbpLWSo{*VLU`#@Dml}~s&72f(gz6d@!i0bqm+A0(~^n5CXQzjqWE0`9Q z;HsXCY^*xzAfDWw+C<(4OLF}|1qCfG$mF0A*08vdjPU79${7q8#qhF?Y(2|41g$p3T#N=s9xZtoj@H&;WNvih-el+x#St67%52Q%AwNt4pUIba zn?0HJ;vddj=JGLXRJree3kTl$sFN)5%h?f05!1y*&YeGgUTe}h9~5T{f4tFUYGjz^ zCv?#ug4PIU` zYaUiC`m|zJQpwc%yR+P0$5fknamsn6BK6Ym*{*VZc9j#S)Z#SsJK183x^>~|QL%Q} zC5m1{EP0NHl;&tLx$j?(Z2DQBT^l+hHYO{(C~l8;WqoB*^v;%UB0r*ax-hFO!gbI@ zSCN5_$@UUyTETv74tl`rr_Y;`KUX zLdJ%!PLjK~EkG^iQMQ(MvsHZL)kL!>gAu+%(nihi7|7mkiImwM1^wP<$|wq9Iw@)enXT9!%m^R-c2SS$>;2>aPy3|U zP3v22?X-K_K-0U;blYABOD@`x*-&1&7I}w$Dd?UBK@j~Z!x$RkOxcb{LWzAXL zc*sV7$LOOl=yQebTXjty*WXci^-3M}+*lB0lmfaiVXH#Vv8O1p>7BiJ@G>B^3hwHO z7b&BurO%HKRUe5_uvF_me9niyA_0ou2oie_U>T;M zE*9tcSd-T85_tprU#5{|Ooe^HeK2*$&7$)0WlU#VrZx#`^GorC_0S5%ZZdZ;?9~Cg zAXjMCGKuCQ3%#q*nkOrc!6T>*pz;|v*ua*D4(oP&omTL+PRWRIGI#(sw27cyX3Zf=zS3TH)o-*+%KKA0L%wE#=TC}t~rInI)O1r;r{z|G|!U!Md z7VecnmHaPkTLYfWyKnYhMY9}a(H4aUrn1Q@e_6r&hrhDb!@cE};JGKetn5h1Z{@8m z-oaj>eqiDq4fS3TCWbdJMXjtc;AFud)fVo6x~zPsn{kPBKqKlkMpvhm4?jK#bg5Nr zEB(n+EMSNACBo{W8%KvZ^bS`llj0}Ec)#6EP#A;l+Jc*hMSbsjg!s8Q%v+OllCZC7 zF<%-%_#SKT%-G^& zChy0X6M^dw5>|e%>Z=st52rBtf4BZ3N1;)aQD8b?KZ8b$Dz5x$_yxDww?QV6sE1p% z#C@T6ql-b3F&rxM(9!eQF)bq}F<{xwIzuwa19EwDRR+s4i|{#IKpEyAI8fjbfKmgq zQWg<3i!@jIa%?I3&Re~V@f4?!3=JUcLuhn6z;)bS<}tNjk8!vSZ4wyjP(F31nlq#%xM5dXj1trdIs>y9p=>f*TvT6TGMhkEtiWQG)?c?E zjFcEPzQXB!4n3Z6elv;Bu_G8>;dEyi7f>uA0Z8AF@%FUy$CoWqlJY~jnR68>hY}R? zziR$nb-Xy{!w(6S+x=J}awiijmji&!wrVU|Vo}NZjwz$#rKq&>tWz%TF!H9MoXvZZ z!5lR67s}-TB4Qi_%-Hw#r~?{Iy)I8*USo!&rMM|-g!hI6W4H-D&!6j z#_1u8glp0FtCKKT;=$KC(;w3CN8xMsU{^d8H5{7HQE2r!@Tq9|N$MAzDDVG@A<%5$ zvSq2dk8AKPomGgTk&LHK94GuS-|%;RJq1jfz1cMnfdILNZENP&HAL1rCopFohkQ|m zq1=Uld+Mn9$B3kWo5}L1^#T`v)o7bdv2B7YEKwzM(i^f}G1)0li`ZiwEYPt( znZVQtuB@zegq(X7hc<*Cy{doolw$Pe-_O0rr^Z5g`z$fJ!=)w-i>i%JIc^RoAP4Xq zG5Po=^e9Wx+sBAMzs*qrC%?@R>HMX_hk;?G1o~PPMXUcCq5w))z9|YLRSCfV*ZK0M zc(nT4{SEiN!4PX1Ckz%ls1|QkKrG!q!ijKI2dU+coQa^d;7-=9&GGZk4~DDHRU^kx zmX4>pr{D$!oDwvm!4J^impfO!7j;rn>O6XnSn*J_)u&){zy3K|(p`Ujq-FUp6uAKc-K!wRk>w2k*bOi3{JZxhfYP{pfH= zn9v%3~=sN{*)7F|rq? zzl0u!(Pyh+2aS_{p~ZwWF-X0$-9Jh8glHC6U zal`ZZ*$ZrWI+W09@lN!mJ??Y`aea1uwQ1SYWvb(gv9;P4T3o7i%%5hfnF=Y>&)Tkx zUOd5Ej$S?Z(KIzBE)&g}T;JP6z2{#FkOYUw4Si3V%5l!sqewy*609nz0ch^TJZFo_ z5}FeM-8Eo?yo=8f-y^b`56RvBM!@EEPZnlvjpXPkY8z>D?Fmb78#k8`q%bhE$&{h~ z{kj2mv@D+?SN(Q2+1WK&{4!_p0m_oFmF5T$hbZugL-u6PsdxYyN5^DWWi}@CF?%b# znsYtAr44Bwqz8<4(K0usbhB})1vrL-*sD6^e4m$n7BrTInjn|RK-t9hj^^>)RLzEW zpX5U5oqWX?B!8|8WUdXEZ5L~sitQ=#1uq=(ajvYM{cf1-BG@QD9jMiF{z%aI>cHJ1 z8o!Du9K4Dt5=`82cA)P`5O6Zme?H@TQGIoKvOca56J;D69nqT%D>LYjdhDbF=Y&J$H{E8Ys|14{ z7%^4Iy~Cp9{SD1TmxAYz&O3YB$S0dl`$=2;^+65V4cTnwmO>3#xQ6?-Fd)?Yym9WC z(;dAs#p!iqZ&ixbdIp~$i<9nZq}YINgH^WU9qYM0oYHs-XtDxp(d0>r6}4wJt`{0D z{O7uejts@%U%U*nHebmu#oJ)|h1?$3-Pffu(-K4H5bG@aFM&UQC~kj7PWku)=jszY(Es%Tf2t@ATG?<8n{wcd|d^3{EOP54pP8%03RbBklV8Lyx@xIZjY&=J1hfxK>kzX^yhgd{f; zfBd-@OT)BzR)fJy=EIq*I1u{E)i1%#cBlu*>a-CH-J><4JH1Qk{yQ`*lj8fy(wZfW zI$%P&-mFtGbgsqPuOEd&IoDx~^c|Ux+)UNRC4Jgmz|$xNEpG*2($lj3ovBh2k5{!@iBVtcdH~hy`v%g({&$S8 zmAh6n1y!3_F4a^XTVZI(%Lc!i^q3dgg8AN?a}0bh9da-`Y>yVqV6*rWCkXo{CWfp)RZn-TXc3O%5KM zK^(i0r@w#NQpR(ar`MrD87ui?tcEui9Pn*Py10)$|J;2PXr7MI{2 zV1eKPf?IHRhXBFd-QC@t#a#jf7I)XXN#6In&-3NV`O}9vvok%t)m_rnzv`*|A%2~t zuqHoqt?z;wHJ?pTli2=g@U7<_0-n>lzvJdYAFQ@rClqka1AWvYVuLTejVS&34mIoA zfxLZfXUx5}`Ks$2#qL@$x$KZ&I*^Vkd50saMQ}7=NWd`H^rF^-|F0&m)({QFVDG1j%!C`T*s`^%G2E$3s>7{0JJzwop^ z>GFdiw{lJ!w$QtY4HLJEQ2EV9{G3&fP~4pD!_oq@v_!c$Q>``VogV3z9@rgOYnJbg zOp~c}C}YcL?@Xmd9<-Ov3mN_KOMlqL@+yTZPxdthZ*`!kQO&&`7t0#LsH#8qxNf$d zk_8ZWwp?+lS}2LI4^O8`yW_}jeAMW_jEt4pMfk~K^)`9nLIM@c@(TBPOsG)c9eGzs zql8;aMMM;rIml`sIf`w2?kAoHsRV&g(Fe&`GG%Sl9ppht=^z_Cf>4KIS@>j!#?b5^ zLxX#|ANdYbrGzbHovyy|pBrL-HtzJHrDt^iv9Rn=x%-`cggQa5fM&uICs|zR{3l?d50j7?3=Aj&tLW;siikFv@Vn=8F3zR#3;X*Wzqa(xR9tl&utg^PO~S=JO{{E8NwoSLhP!0-?i((}d(B|p zV&^=<(8Wo|zAfqb{KzrHkF9$}#X0@^5w`xa)Qg?Y$k38)~`!687S2$7)mV7F4 zoe%I=pww>`t;1Ubh8@!aghJ;Z34CJUBY6{yb3n5S&Dj}W8ZT4Q-djk+8)>|u#xJ7K zu0f5|MSTOt>u*UIP>iK5*kx?>b;@*R^eA|lW+i>pt=e`;^>m7WvVH`Y)^l&wKqMsY zxbjT)bQ_AIKyi7P-hd+T5RW&VXI6ZWJVSm)_5%-&LkhKJAZ;r0>@yB-O}FOpm(;+= zf^I@y5Pr{60hLmSD}iL(?U#q~mqDhQ6F8ANtvG$tj? zl@8>n55CA*3`gisv3@!XzfPlgIcV2DPS7ZawxxH_hHmPBKkoo$QBzn#WFFIoDm>!~ z{h?_AcIsesB7?^9?2LIt_Jw6{mr&_(=1+4o=T{w^_d&m_cmH0L#ya?oVXPCLwL)JA zEuP3^R(PIzufLL@p{^4=Kd>cHk{@GaU|tG5as_u<*(Xks@`k>F&SkkXhRQP1abUEx zXm^=ppY|tu2bH5Zcbg(?)h{b5EZOwfOffyMPD?J&LP8v z6&q2WYy0v3u&jL??GExP@tG;zHG$Bciy)0bZ}^Ik6}ZK`V!N4>!;jT~q{H~G&V#rE zVpX7XzISN^eMr7L-@dGi5%oeRw3A275rvtpqau0JMJ`2!7=9#rG8$|LF0r6FjUtMU zXFL9`ZA#c-3tB*7Y$XE3h<^q7%6HzKtT<`FiFxOH<)`~3F9%9@H^VnLT#vVE;hDN_ zu!iFB3J~B{`>(~f%r0k!n)~;Blzsb}@bkI}WCdiKn)_ava6A|do%CSN3P(5{Cn(e) zU73ZH8?*y39!UINOC3h+0EaN^!;XZlZ@dRvqFlce#bu?PX@G>=*O7#av^2ccCYx@Z zge{($N`*A(w;8iDZs{by#pM9)U>2IEThnL1lA+AQBssp^LFx`)k<;#5;D_{mAY>9U zFA1a&B*=Am4fJ!@fW;?!!ykmU ziaBEwoTt3MhAdd*GM18L8qAiZ_~lf?1j*)>Q~AUDZvH20A8ynwTNW-fa1L+wdzpcU zy4~?7D@Cw6ok22ek-qGpG^w^PMRxh{scrSf;l8X@|_D7N2aoO z$&}kC@CKIIQJf`ZQdd85#Vk}N05~Na9UKNrU1HQ+`vVASBPxH6c z1D5!dhY|>SP9Sm!rZ{=$6~0{{d->?3Jo&u+SL?&)xKH0J15gQ8|fEb&;!bOv&$@JgG_Wa|q3A`*uD0m&Xf#Vp3+FYD^s4PmM9CW3!iDtGnpb-0SqC}#M^|B{jVDzYRbVCh8v3`Zxn*T zFI+_5dDeHXy&nEy_CZYoD&U9YD|K1qiD&e@Tp=%Dm|($Imu``FAhCL=@QQOp9+fC%(GA+%L}ZQ!`+g=Io;BiAIo& z{FfQkZ9WCx`3d4Xj+N=U=s4YWUTm|RGn)EmW!TO6NuK_<8J=)LhqmFPdi07oRe?VmSQT>X!WyaETQuWm zDxY{Om?CxXCV#;#cM}mFb{J?w&1k1*DJmYRm3i4$b~yA3Xf@KNIKopCmiM>!pjB^h zGRj6S)=~fU;{t5#mB*1;#E)tnJ|EBH9a|mGSMm1XwrhF7P8y`zM?CfflO0hs$eZTx zQ>9YWm0f94)w5YqQ6PH-gd)Z9WK1AnrNY0zEzQBbF zv^JIOpRc==mkr@cx8bu$PFfPFYZ~EbJ}0;bSmt06yC3KafyK*7?@j{CI|IAT-a1@l zqTIgpx*G{S?gCidfnxiWcACCdUtKJT*z1^bsjq;GAl{wX@sxxS{}_3)VqC$V;mj?> zQje$B_BIwZmJsfjXSn|I`S-Tsb>yTPpcR%@5KbfxN9)JI%0vQQSlSP-)6V;lTAtSk zJ3@Jw?tDGlyonw{N89rjA~JZc@%8o3(~edjed}B!#YhCRv#i6$q}qa0O&68ZMxD0% z)z>{S=O)TC9B}l99M_CAHaT~(JJOL&+kGO$kHx1W5AHAp-TOoxhn6DPCMEP!Tsg*n zgJ<<7ImuQFuTtta7+Zv$yl>y9IUb3L-=B7!2k+dUk1b@Ft?=1d%^7Mo^GTD2P3t9s zBJ-%LoT2LK?=gC4eyRn~jecj`kBrC<=CCY3CDIv)x#m5N>b@C7c#d!7`C3?fM8x?d z@OXz|P{(1h#HObRjjo`u=d+_mWlUV6_x7Wm==;!6Sj`~l*Dv0(zo&|%6Q`?{MAxrD zD9VeB!+o(97{Pn6zR?0sTDn{~g=rCVIOYQ@!Fd7JY}HpivztMY0OaH+1 zSIr=IA)g^gKcs!-oL}h=|J(k5ul}LozgHoY2_pah*ZBwa5OTa+zx@?P_%|VczL-Yw z&s7LH15l8$`(JegW$WtdCbze@%fiCK-g*Y!(4AlZid4|N2qcjLZ*NcT>=@sjbfYL) zSy`EynMp%x6=r4<_pF^-ovOJ}w&As-mcGDG`$bAcYisJzmJJPNXkm6XX>DCy-u+SY zvET;abV;!gy+1^s&>Z>CkYi$EDrSC^kd>81O?DKqwY9}(4Nv8J`DdJpi;H(5+0Vu_ z+4=l99a2cg?C-h$upkI5-rUqgLbgvbh5>G2|4)4$9v%~ObGlR>M~02cvW*n$qlC`d zKMzQdl9E=kT8V5%a$0YQjQmi?cl;G~f&L7`zHu^LsDv6SPHh;ZR#HHy^!vKtvSD(i zkNP#nOu}F-SHN#Bc2G#(^ZVWnkVfQG8-Z5CFlIRoQvg18?MA?eB}1v-G<(gB0GE0l zU0htQ>y{D|6E8a9h;qPbu1ApF7^|ykuyAlwkaSk@b@laA4-am&TArn|41;z{0;GM1-v11Ik5xcm z;MCcfO)oPR7M7Bc5!l1F=UbWbD%5X5LO?($tgW?Q<8-^6QB`WxY&*0vGBTR_#Z1T> z)2yI(w7Hv`oA(|771R6s`|D&&G0bJSJ}CS*pPQ^V`yvlG zmuF{HEb0>Y7(uzvzm>q;($X;C$L%?I3MBBXdA%?@JFBRpqcgLhcXeYmFnIY#&O}Vj zLxA+Jnwy)a%G;k@$j%|D9gHk?$P~|^fA?vAeqI6z2}xPFB0nGO$*!mmd6<)74&j$A zgL+$NEq%z?{$N9P-g?@Hrv@6{HXz6Ned|5+@p>Q;ghWdDG?}?_o$`D0N*CAlF8>m* zu_-B<-!l7NG2Lk+*pwJM{0lj|1A2I@A|55wZ`!qml-AEd0+5Gv+%J_=mS~NCkBrx* zo~tVl5;C%3-w#$0uhR8`i>oUu7#9~;3ZhERjf8*H5Rz{tkr_gG0tE%d9>>(hh23_s z^@ozW?H%<$_Td3y6?QLnrxJy39?n7emzS5#{PHQ;#l^I?X>oCJYyd!fz8TaXc7g01 z?CeBt41$k)1H>FH;sl-_SnVAh=eVT_)5T$aj}aASD5?j$^WAR#6hyf0AQs?g{&w?| zDkNFPNy#q9+DDq$Gbj2#yoFd9Zu>o;=&QD?MYG*0c>!5Sb|y=gvq8#h5j{w%AP$Z= z6;)Lfd$Z$s9goDjySvGkD7+tSsQ>^#es6DYi#Ez1)n;h-|DX$EEs&O$HnFgvFD)s_ zF-muLkf#%yPlK3~){`!T-BicbLKE9utF~K;*6UT*)8rcqQT#cYE-u5d-T$z^!QoKd zTnvcn3kIdjuX)^C+&x~eK{WlL6l6uIq7fe-Z>G+7cyRD-?SV8x;K>Qn$MiD~zCV50 zXw9y77T+tq!6zbGyH1>l;J+)_4*RCpdzmh__lp|*GMGQciC4#^d9EE15wQnMoTjvL z{%uc5o(}_$XvQtAVXHnfbG^g+Ziu!V$on$c_74wFk0w}+#(+KR*%ACnhDJtK?v!at zsVONk-QC^0`{nI&?T=SW-eai!Ar*WQ8EJg3v#tsdc_hK`+N5$gbl=Ggq#d|8=pAcDEsbZ?k%L&B%KhU^(ptUxA2fOa5UbBh z05*gEBLkU>^Yfoj!z!&6dGYS9maLA;%6?_GIF*~3f4mMCH!aB!%Q$*M{==CN)8#wY zyNlf-W@ktSuKdEnLLQt#>oLxHjOo@tFMdMU9Bw26QTZS6o;G(q(NE^WtW4>{z=Hj25*wu($d4(=^r+8@{FFW=(-)zzt`gFNxK-|?H$|9T_;c9qnz|9EQSv}xsz zDdqLp`CQ@o!)Z`IONWwU>xYq!k$!b@{3znGe-(TmYM|CNVtzcV5euNTQe9=L$Nx2G zI|nezDM@NGpDwfB{HksD#Z{=3o3;8-bVe5LmvhF=Bv-8pWTkyhN~$0E&!z94f{Jd2 zhR(ywcE3!LU`|qEFy#1a_eKzqmG#&0A7>EaBTWq{AV(U-UsFnAq6EyZmjCArqtHu& zo%J2$_|G#EjJJh`hQE#^wVc1cLShT#K`;dwr1yxBZPJc1UmYYx4_?a@NwODuL4pO* zZxVpN{v}x;AK42jFqjIXz9>RPn<_%d6#cmiIgO@~{B?(7CI^~Ad33%S0e`NPDSQKk zvW{_a?%*p6Z&JLfA>_{z21db}XhqN@HlHxR!ME!=-h;*R$BsweL{W|;+4yMHxU5sV^QhA-y*es225HRU zq~4<3)a~igtP%%fO8C%~Z&q#h(1{{NZ$FSI|0=IfZO2xS>8EcNWKzS*G|;Ly=i&SzZy-J@&SEZsGAHMXr#Zx8EqP4TBW*H`^y% z@XCeA{m6(z^(R>=h`%gFFMRw|W#ej-G#BTfUBQd31Y#`;-W)njxwl;TIyLAM?L0V9 z^7E^rjf=w?RT+a4Ve@0qwN68FIlnV01mYo%DfFNH&Y)XlG*@0}p zeiMRSWA-$>aydsxpXuHjaP^}>_?gTJIx)FCU#Gecho8v16pC|PE3}eu*uEYoyy&Kc z3`Z(i5q*r*88#_}V!tumzC?X(gA!1dZ8-|~GNDzpcfCp1QTwY4({`o?2e0j%{c^jS z?UH5p=x~Uvexo|Ar75~&DX+X1&(aVE z-c-@oAd+2;`-*=znqoD!erk*)FJ9z4uhZul0X%ET_i~kW8QZqfwFBXDbBqd6MBWin z_u z*Q(c~gROMq2@|8}i00$kCBd{Ljm&emPQG$vQRmv|Ed#Yj8N;i>b5%QTpH@CKW?OFN z^X>0ws6rECsX$07k>r$bqi@BL>g7glSyG zC=(Rf9ZA6&zi8_`t&ExKoX=~c8j{5en`j42#IgBl-NF@L zOwjvq+~(5eQWt%!bG#J@Xu9c~QSorA^-tF{-{=S9-W;9Mv{_fYf>=}6gnwGo^Yo3Q z3zY;KD|fgVNq_1zZlo!@cc%=VW zxt%JlzRRa^kHlN0ZC1z2+gMfjvep{lQ`3H?0(E>2Pvh6%pr5r%qB8-0p;R!D$<3V? zbo7rsvSDq-z~nvudE*@R6vfM653p^jOe(fOT0S&g_i&_r_Wb-E zl)}C9ZMuA|xu^Q&BYq*(XPwH}$PcW1afnS8i8b?81@&JPtw!?}QzV^L-f;2EM&i~6 zSqvLixjVluM74D$<^7hU%qpqPoI0)CnM2haCu=kp6~9n@z)ol8GZ^|Nmx<$BmfuI3 z+0i^+V!wwV)k+4Gj)r--r4T`gmj92A_qZlNw0vq5NxpP;a9Gwizfaj(!Fw;HT+X+= zxp*UMjPge|L14QB9ix0wNAb~S@N0MfY}uIGng=x%J0p}*G?DpU64`ICRB#y+b-Q-r~$$lDUz5l z+b&deM5GQwORBGz>s^vpZTeImYYU5-vf1yRVrL68i@wtT#2W2$iNK{2EjtrF^C`=R zx#;UCG71F`iJ#r2CdD5``E7bz0wr^X+-l#QOf_;wv{`PR&V1|cx2J1+*N>KgGc0YX z@1(|~BD$Nr%1hL3XHUp&03A8i%Jorsz(gEl?q0nSFg@tL)tNClH|CB}3gFggTwLvH zyi-Sx`N^7Ml*!mH(ac34?m$y2#uo-lO5X@$w@7P3OP$LMlCo0fzm`WnJunBPH!$~5 zTA`f8_PgG8iie+X%BOAir#E!T^V>(SdF)aH0!<6&3BtH^i3584e_9|=(po~PRU$}) zYIPABfRh@{H8H=*Kzz6V8UZJiXo*;V=VtEFs|lt#jc#6h%^$_Ok?nE0P)Bqqe-@B%S`IZU4o_z7dLJ?bRm|7bdErTtqowLa{Ekeoe*75{FgS}`Q3i$2iZ>2=J~;VLc`Ki5Vw7ByI`)i4na}^ zbu&>JNETNfYxeasUYu1{3-jVyY@Zq*nv)40p(RBS3MzuB_KrW8?aCA0=T z!l>L?sM#ec8V@ZBS@fyk%I2nU%2GQ+-^9mwWwcqbH24N7(B{Cox%rvI8 z(z&XCa;RrADm5AcjyBY#NNT}E_etfI*pD8q){>i8I!=v*S~g}Q<%-W%hNO$2!Eed2-veec!Uf!0Kmzx-`X1LC{Ozs| z>Fq9V;ER_rZ32ti!-x1fWrog;6&<0sYT9&iwnn@o9?OF&(}Sk-qL!Qkdrm2M`#5Q< zjlJ2?$tmWRHWe*`9n+z;&A9fDqA^>?0s+_;32GI4pWu41vv||Iyim=>F%RGGg zoDo?vB>SG)TEC{@*A80!r41h%$^#mNyzBOOO*By2pC72753m?-mayb+lJg^O&hM{p zF1L|9IF~`IX zXBKSi$C<_Lg5nc+cG~xpWEXG5U>9*F*;oz%EZgH1sc+8nZ#f_LRT*!FjpT37DT&Vd z9gj}W2W36Dxz_hv3HWt%whbI2<>SE4k*Qc_EUXY_Fy@$0j8E?^$O2!wU2Y+SM{pF- zwToHU6KfsTBHmh%ZSX@w@yNofO;aFY+ zYwFM4N#GM-->HOGiah8>khU|;G^vDq`Ubc8~BD)i?zcz$HG zvbnNjvWvo ziC=xcQGK?t%DmR<)T4@Gd1^=7KREr`jF@r?liegb$~iyoas36{;0pvfq~JE#7K`3_ zbQmY@;@21Tn^ShEI6CRodF-)es%e zrh-Z~A!aKqg^bq7qRRjxE*D|M*C>F#(z~NVgNo`H2~R#$Sp*MzS|M3LBow_#dwS{u zjAf~16`;MtjcuU9$g4mjaCF{BQBAJ7$j8B+AZ$oo%2e8T-!ikXG;Sz~1Q#6x2*grU z){v2Xv^T}0DJ-ELrR7o9wkP-}pky5Yaj+hIEiYV z9q$=n;6hG^-foxiK~`~V_|>+QSeIqm+6p*&iD!8*k1OR{CB9A6xZ|dIDe?SDmsH1C z_6QjYX2053yc5Ui4fC@1)5RUho*KBcCv~*1i<+_Pk`p9fHCER3%=S>(GQcq_11kC1 z%i1g#(b?G?W|fu{q(h~Il%&~1uB4I{-xOH#%3BCCW6X%g%xGsf zWz1G!lzwNey}Y=JWSAt zue*r>ZBcFmm)s=OyJmDCXKoBQ(ywh8G75~UarRn2(q5*gmkIPmL^L)zvdGQLPP?1s z#>J&IwqVScwh!aCpq5f5ue}tF0cvH{wE6KD!%tXe8HmoDGrTmBCZf&`QD}|AN%o%c3XS!O&;7b8 zkuchb4p$xhZO2|_cl6VK^37-0P^jkMvpV%5bu;5V)2zluSS=mCPC=e*QkpIyau@fP zNTV<@vzS@a1ryu{7YpZ_a!nS$`~stYtrPDL?unc)S5W*YDJ9B{<{N7LJ9E2s_er>y zLCaaGJweE&g^`tZ-!H>pkR5Ffz8Ef~5r8ibg*`mJMwegBIoH+=M9U;)SH9LjWh9cJ zaIWL+-an*EFB!9SWf?P^AFY}jNzv*rk?juw4XPM_56g(ZTqmB*4_HVd0)Mtn`k0;+ z;H)_51^Z!OQRd{jS&mRYLBXr#pQ1kDxi(3q9a06}RVAujCG&xitApRDzjYm$^5nAk)Xwf*J(ttdPv+sJ;vNlV3`TV+X+|d$jZV# zQTzIqqt07g`Eh-fY}}nJX$^75XZvs4G>CDg-|7rq!su&?HFiJNW=$1fBSBy@ne*LK zF!f#IO;7oH6x z0Pldqc(>Ga_uiM7%U)|0LnX3S23}lx(9!a`&K=g1^V3H96JDNU6*>(~!zxft-wa8` zl~hF)_2ulfHFDfKJX2E zb6e_co4Te4Mqy3tdW`=_A9isd&Nd+K(}EUheO1TmBD8oT4*#Os)_$~>2j}YgeQWKM zL~C?N#a6Ag5$A}wZFGya&i3sF8=Ni?PIDxAviGNa9}!0coQTBIjN}<1+E8JY?La;{ znchTs6jnkMv{UB>$9uo$8-d$v=gUj59pZ&eZkgX%98CzsRoib3A650Gob;kx4j-G9 zP?Coi4O2CqDP|J)O~@j?h-7MgBK})}j^sVJHjmp#5)-p~GxCO)rK_8u93}dV7bTf2 z-?L*;)FzN{2@Kv$B5o>W_jEDD^=0!4EN*N)af57ad9@OL>bfK-$48EM#YG3Dw|XU~ zdIhHFd*xKcb~e3n3scVbDYgH$t4zlgMz?4$!_7v<=YpmSR~Y&Jbo{+T{|mlWEtyf7 z49IJoiq2tO0g7dSZFY2}85IewIhdrGc$0m`{Holb$!#-qK>Wn`oNRozWc-wHXs?h# zIw1rz!uc1L+IF`~*>-bl)E5_DaJ-+_n~~KhFO*)0l-vxLU5)2CDgIRt(bFaB#4Twa zh-TnO>(T!rBEr$RrnYOvU-C$XoGa)yfu&Hb!jvoM=F>H&TAfeeVKTCPayDzJ23-B2QJ6H~xl`YcH*bsS523LblFtjT6DBQt@ z^Ixc{4eA?dW$8x zt9qY%4GemZ4ebYpvxY}XRt8eK1r?|K^J`(MVSaGQV=)aG`uGJkh7h)(CXZE74{DKc-a8_6SHlHsZ20I zkgV^=$M2n=U+7SIK_FJdcMy>N51I#AuxS9Ss+`X;X#ti@_0^+YN0`H|$>#VLkqZM% z+yFUqQ?yn_5zyyX*CQ-#{&blOatH{efqHUm!DZz)7X1<#Bh#>CsSU=)K(*CV;I#LMC3Rw>_it1Ane5q&qN{LMF^YR zz|NZ4%PdnBhU|^){2t$E7d7JaZRV6p$%B^kC2ro~OFHgRIxg5xV{0&>-lrZIzOu>< z7|O4>@q(`$nJxE?dh+_pE&8+f`z)q2jt_J4H9Bo9<4RNU_ca!j@HDutt^jJEQZidM zxMwcIu<0CRFewd_@v;ZIyn3b5^U}M_U^H7!7|457&#q<5u+qiHZfNDsG=q&YL62; zlM4i5PE6!}=I80Ynt)9#r8{3*BCEzLXjN!R<)>+m^~+Zz%NLWBM~arZOC&&GBCLr# zOZXIe&xIS28nEZmG5Sri+gJy%>B7Egh$Jb@sIAP(VL(uq221x?iha*rkyukhV_Hy7 zt?R(u8J5k?0oYDRCmO^vaCQz!TtHWzF_;Dbvhgai*wsE3)l%KF71ZK#0|`=^Z;-)b z&jIzINBvcoYoe2}#&$?Z;{V1Xe*+xkTe0Zcv{^+>A$@)7QXvQpcDwZGA#cnbkc3eI z`q8>o`{yI&jI5DM8A}{NAIx&9s#8xyqHdg0L`Vef2E<(EhnFh?3%zdH6anw}IkL2E zpm>xF>9ZFJCshbcn!OtevE=1h`|70Z2p~JNljTTfj_Y*C3ku4pI&$`VERTA>>?Pfa0wDu-m3H5!*KI@nn)%vCMeS!Q`Xs(~YY*eH389WZmYCX3x+q73*w0bAG9Ie1qy z+>RpI6Pz%-{ko3?JyturpyazxmUN6JV@AOZ8q1&X+;3=R0}+A_8>nC{%xi6Jm%1M< zbG^rPuxY))ZxbTmPY+)lf>uu+Ha4Np&Dx`>y;P1-iB(e9l2cGdJ=Woo*HwcGspCcu zkun#<==N0!SfMcVk*i{6M7ZVQF*fM5GFs#l)DsM=uZJ-+;tQCiaY-u6HZ2s)H|;4? zVj(>DV>hFyttw;Vk}}Vpd9bzNvG&a#NL2ZG>H~`n4k`IF`lgnA$_i7Ciax}!``gW6Wm=Z^6iKDkp)YDy~HH{Y;vCVt*o z#%oEA0C_a~-i+|>#@gr2)hDbi8y=p#&0gvAr;Ts;y6euM$uF*Oia}?{_m`;AGs-jb zB=-~?=ae@S3hTTh2-)X#|Jw1W!Glj&QrX-*)Mps}^OFx$a^m)w!_$+MNB7VX|JuXC zS{DA-Qx6k*`c_!zN@f;m+Mk%1351eNgm&-ju}@67D{1hsjmx>il-;Gt^RBqRrPd|@ zk>>3zZc5z0!QhYd_~b`&M}tqB3M@=B8uRhQ$-X&L1ud@UXys=&WO`4=A(uqzD$?T7 z9S||Mw+b5?!4=O9`xnPII^DYQ+pLLAXo524y#F#~nZ$T}L$J7Jp~eMGAM|CR)a_|? z+@DfvV_^)p^9H`y%E&P?F{kUg5ewUEPCLSLq<>Tu6ZR0oK0k%;Wp5xdV+srD|+|glUOHwPykDcS&;^A>ZLxl`U zJwHp7mKS&JR{Sds<^IIx^4u}jxQFA>Z<&pOw=XaHP&(S|N3%{SJY$(2wADM(( z6>Ya0v@|V3&nGf!8gS?m#X#Ck_)aoC7&suty+Mv~!5kSB^{t<|*^RBpE~ch{N*R~A z#}J;LFarhjwN_ztjYsE$b#=&zTinkxn!#K;eS}cXK%bbo>66u4$HuRx`2H~QAMNY@ z6%qQ~9h(8~?u?x3!j!(E4>VE?`t^xw8cRL<5kEr1Sz24CQAK2SYg%5v+6->${6yGakVFXxlAr;-)YPlRs)@-x!2CUu$wj@&iGr;w`J43Vm8Ab3B zO-S)|aDfXwA}-;<{`PsZ;RE=5x?8if9E6V@%cXOidDrlz%j9)WK|Ot}Db*<00uO03 z{hp&;qdGV#O}>-d!HdjtRJDDR2P_MT&T;vZbn@S-QbMYEG4+{o46HfF?07|JHYia~ z(5{-Txl)ahF!y*|sEZDNEZf5zD^oSj8)xJ=2CepR-vtYguma%A_=ww1zn=`ze^}6O zT81B+t2@1B)XdIM5t2;x@jSWGXz{#7vr2bOu3vM1`4W z1vvlC0OnK}Rvs8;Eo5r8#!gugmvnVap#B+z%brN+<8wcT9q`NQhD(KDJ- z=aFkSwg1~8FRA+`ZC`ks?#~;IC_r0h<;C~TSR=$^Pha;V=E28foYnjA=?N4>26w;7 z_-u6n8HM;jpCs)NQ((+2YGR?y1cJ6sk{`UHL%QFlTpt~WuSqDACP;d~j zG(E;dc7uWr-Q_lRc%lHFWN{I|?qw~_Vnzvk$VgpB^>kjp0_a4~KZkehN!u0T*&&uH z7D?L_F7(}UlY(jPotlAzJaar;swaqGi<7=ywADuSfWJ(*&MN;#y^d#R`!(p<_CfV|(6d+P@kqzO`WgN-_P(b+{hh#F z%J`Gn2RI#6uBW*1(>d&T!XJxnLKi=Ic+Jw$_-?{84;kg1XZbssY}3;w^!HkaV|Mzf zcfxEdyFpz3(bq}%n#K;NmaSp+rXwv&#+#3rl=0k;=ofxe!2X6joV-s09~L^uV&j~P z%%y=mafPR4lW&(lpe|%uI1z2lGq*+)Wu!Jo&|jlp?MDhj#S!51<}6yYS@<{s!ShR_Q|f;5QlpZ_ENnx)EWL*!&l% z%XTTKIpmahnLxEI&{O!TNY&`rMsgTSEI{YE0wi+CeLJw%vsSL2MHMZ!_M_36< zCA%uH)E8Ucgqs(j)g9X~;^wv{ELDh@*)xxQuF?`cVIi{x$>V$I^9KcHQ@`R6slHNE zI}c;xOgNr%8uRsOS{lMylXH2?#%rZ=oRVMkX`icU*`3M2xLx}iGg9)#lk>i(1x-~X z`i&OuJAC({tOvi!xjnZO}efT+-C>SMS|YiI$38o~^#8JDUN@ zj0}ht90TR#DZQQq{&TVH`@(0Ki;GQr^9z!=6Y8!*PL;Zq{ekB>%$_uI9^rl$)Fb`Y zrRmFT0{vQ!Ci$by@_8c4sTNr;plMf!AB8R(M3qn}6^oQk>9KniYhb>Ex4Jbq%?h~B z!a+0nJk<)yzwkG$YJN#b#nrl=Gyym@F0UHfn{ZV9eR|`+S|C5f+k`K!w@owmMl&$| z_sMr6Xjk&g?2P7OFsO?pXz!`}{sO_hbdsGiiI*-o=IM2YZ2Yyk(Ujx8oHP>Du)b$W z(0ki;fo9w=sG|-*E(ypG724CRJ--TFW{0}RuBA1GGc_w{`Gj}oa3N?#y776n4c$?~ zqkE%;l`q)^2VDC^Gli5RxnxouLwUP6tV?w`j14%Z4G;k$kQeKyuSO$6a2aoJ~k7h6Gn ztjM$EMLpy_lc3k^(6_dm%o#;bT}qk&#`wrc4|g4NfU zF7$^ZxEK(f8x_MK9aTw~H)|d~X+(DbJz0Yt`LYlvtMnzf+nW z20{0lRPM#Drq;@ht@6w)vQFcco&W3IQ3mitR1&*=;k^}jerH|1nWff`q-UdV7zAkH zo&SMVT{*e?-$^BWq_C#fj~J? z1Y?DVD}~gCdEAYvGW$FH8Z@~=c2O5CJXJY#9E~E~)5--olOkR!-Vz#93dEY~SuX26 z$YbP0*|mEBtme&NoR+i5PxV^TEESGt-(YFl-(X7diZ}khEI;@!YYyU7ILyJS9Kec& zm*C(hm#Y*0r_<)($3Tf?V3oo@#sS89lnM-+_RnPwcq}>q6<+}|{>Rh*S{U(LE^Dihn+U{9ja%c5C*7pPt=p;z31>&sV(H6U!?xRfd!`Q_46yLA+Ol-G z&)C|$LCP?Z$0s{U=#6Y(YW^rjBizP@o(x77agg`aJ2wP56RVd~yB5E{PYUPbV2V?M z-GfJfV6E=O!<*LD66bj&*O*HllpZt{@EnCtwD_mC)t|3>tOs%%jMSfu*#~kuJQfl@ z&vB2dzC8x1|FqyKzJeaebU4!;_#sm8+ElrKCf(3rW>B>Ucjjw0aJpS$U!;*VEZGvX z;-aB`z2d>;VE5p%98CA%JH{htY|U;xhUnSKpn=VzHJO9c8h1I|k+L`PVW6L5X6bTO zt%OUPa>;FMYsf4?L3-2oF8efJoh-+xqL}&WXj_uSv8X$3jx8*8m`5cNpW0WKZxBkQv4o*Th*@{4det7ijp(WuJpcHNg~N_au6)3MSRJVChc z=5ID+IpU%sfL$7c@vPAr$4{(uM{AwaLi?Wd`VuN?Qqv`Wu@+MkQV3MCh6XSL~&!&cBt(-Q}W9b{7--Hha&h`%M{N&!d+6zqGIDP~>0;OYc!cS=#ZFQlcbfjJLadtf02Kzmly!~>^IMYSWZSG_~(n~Lw@sH`@ zl4{+(bKWIuN5_rT?yFvn+ugH~#MLQg*&!9mZr;epO1XO(g$a)&JFK;RzK|0262wtY zi%sqw!pVP8z~P)<=e;dgrkDg~=mc)aVzQt7%QjyKjr!GIg(qz?n?R$NhL{Czeoa~k z>8vb@deZr3)5~#5JJVUA?W0&Ut8q0X&SsZ>>ZgrB=FdoHP@)dU!mZg z_G!)hmf9<|wIi4zDRHMLFzo)a^^oF{qB7(E-k3 zFQ?ZaIa#J8&|~mjTUjP@KefKDlvAOLuOt2YAiC?O3J+rz-27l(J$Y^m2}7)Ci}V&KAfTgfK~_%1TYdX+yO~D+*eO$sWdMegy_~sy_H_IV&mH3@E=6d!!?y)_$deYMbW1ajvEhR zWq2!GGyMXWaZ7_jj!o2XiWp~qm-vzoonP5azr-uSm=-oJy}T?M@Qcc-gTb!limRdr z_oLGi8DE)}5~0xzbm3Mj{acG?TDoAa>930f>=VOLo4j-UTLkV$gL;LC;l0ypgkkm_ z2KhvKI7K+%=FS(lsA+6>U_ZA*d>?T*DqI|Ap{{Ky0y2sN1ohj;FSIv)O*!`z-8o%)0OcvuN>^N4Q)hCfnTAv{nN*!E2AC?-U<6 zSig8A6ykb^pIcrTvWN8Y4*cNwrxS)mWeg zTwj-2^IM<%sIJuS_;;z_&aI?yDPvl(tk&A0IB*ikpJHO zef-;i|DN=2pRWrGEb7M;Bv1Rle}ELFC;fBIiHMNJFhps6!&&Gu0P|e01x`JE<<(+F zh8C!%6nkEGzQa>wsOP+b>-x(r$nOHL)Q@x+ZYZ<_%u82*a%-na(%5dMZKM0imy&hr zmCwKV_8+2ugva{Mcw5(o?;O^@%;tThty}^GR zOuM8%iaRB_P-BsYIPbL1xr>?z;r^IOsS}YL6F$zsv+deF@h#^G8Su?=A$}DAuxe{| z>7?xji6GC|2i=5k%wOsj#P+vhdLl`}at1rG4oANE+cnTqc_yo+s+9F^&e<9jJ6o`bo0hlMUsDJl@hFcK3;A0H7#9}*#e=hJr*2F ze!j}UjxdWge^A`pe^k%@s=GP7cy!>bk!8+Mr-WqLydRk%!*1#Zl7eWhImT8vVdDphbwjrJBr!ieu=J=R&y)|VK>&GK- zw`!`u^XatGh4%N0uY7k-7Ay=p9BKBJ8XUxHJRoRkwDpX*2$f(n)!M#8G$@n(x0~CV z0fvz6R8^IBbWspwU_>KU@8>4jsf-3Sgx+`Lvc@5WMpjjCqLinc*LS*bhtO43p=y8e z8gu<|l&eJ$trTarp~Mp}GVH4H^f*d)Ubp{nWY>guNk6{f&e1JBsZCy!2Ps@`M~77n zaoGW;Lo4<jxIVzu z#?KxU<(~%}?>(q@p_j)zHNKcmBi%+$KaD_jn?4e2X1jTk?nMdLN*B{qxZioS6{s44 znt1S+HKQgheSEDwC>&IrE90vvjNJ^xjH4#F)1I6ttE?ceBOVnOLamYdIYJoGKPNr)O3pQ8UCm(#j{!FmrOuYkca|=J7p&&f ziH&dV_x}KSoZK_0bN2)@ySc&Cs2$QkRpA7Vh+mZJ=UX|>#iwPg6n<;4-r-gRWjGIJ zOYMnZQ0p3sz+5{bWGwpp0Lv(RUx0oc5l}ZWvT~=ScS2B00nsElpM?S?tvu^??BH$J zEyek8pKUz>ZyGn&`Wxu3bqrWuR0?Zmq-p~1t3wXpsDA?C)0i6U9nL3Os;JXTB^JaAv zmV||+3>dnM_Kyy&K&JFzSsl)?sKl{0JHlJcE((2Ft>jKL1J$QV?yS~U z1{Jy}RZO!&%qOa3>_=Vm^QMR3kRHDftP|9CPYFVb;taPISV$HfDEC?!Vm@dCPrN97 zpdNv;o@rob9{If6#|f{V`3l*T&9rqM`_Z)eNHt2^zi+um>8~7Dl!l3k6E5uoE9Ms9 z777QZN_jgMkyl?t$B!%RQ>L0F4r!PKz?+hh+D0vRo?35JRSMWjTRr?p!tJPYugIsi z4E&sn!z|m@=2X=9?#%Z|>u+VV37DZR#RF+N)39~JkroFF*m9TENLJ=d4V641M(CJ6 zp++7A`LA~Sy!v(6# zzPxyGb7?nf6xPGAJ+NWl($#TiBG3V{&p$JMzx5X?+?w^>Lu(2_&yzKag<&Xb?8s1k zY*I&)dlI+$neVM@#afcPWpbiy$vUE9)a{!;doqSs*dL4bW0gboj&vFuzp&ChHCDlS zpnIpy=7*t<0{ok|zEQwihNFh7lC)_C0^f8l2pGE(=9cGva7pre`3z~^7!~^~xDK@E z)i{Y8Rl8^$V;<>5M-MGqw5Y@Sn}0h9u|zIE8M ze^gYN@oucM+UF~pt179Najw4H>%rH<*R;qoxy5}ePx_vyz>K5L$S8kFv;3(uzpXZu zSW5O;dK!Fhzcx9F2K$V$rsrh#bOo6}?Pz=*nJ`&*Czf@xS!2xwTR@;UV-|)UJ25aI zP&N>=U0jqHJX4pHwo>;X)&)NuYwd~9vM(Y#S3^W)_ZU|0Zfxg$In-*W4~h&KsPL&q zUm;#j^O|rwKB9aVbP|JB{5y+{1F9OYiqvg=^PYV=y*ywsDblnz-H^MxAM2vXG^UD5 z{gUloTE?;%b~G+pfbO5G-3&2HUHs$XcGKW-WQGmtf12?D2(8~k$X#X$uR)mxzkL70|P1VvW~s7TRE}rp5a78^6=@LVU3~LcZVY_@e#qlvvQ_$AmN?K+`qQ` z)S8%q?2i(M=8Kc?*f@wuOYu;2)$y-9JxKQzOyd;#53KnawzW-r3IK=s zGk6_4M54MZ#ASnG36AC#S<3vGJge7OPR=)4w>{^L)wX2=EP`aTUS0d^W`Sv;0R;1+ zFRP00X?`W?5@>IhR9#^*spH6XwsVe&qz*Kz(>JPnbx{SS+b$uJ+}n^oJc)}6?b~f0 z^fI8MF-WSQLw-HA)Ljpqa(yYleR|rrXocYO@B4Spg#6pilM=SgXL$RUviv zW88aWyHZOvayrE^dqlUKLr9|W>+)$?$wsD~x94$cfwx-cdiLqE)mpVjeUrGTcL>f= zrC>xP%thY4Fuk-G@eB|-@PBxCR&tU zjX(V$kk;L|abPs1dZ>{6mtdLBX(P4`6T8B*vp@L52j`CVdZN}5I(XP)XjbK$oHad% z8*VxE9m$W-eqc84>hy|(x?>LPTMIoEym|1h1BN3~owZrOVx}{{_wP*}J2O|9&~-ZF zUeYcYg)30}3O|_h?|xFeHuuMQTW5>O=ZlB`yh}UMK79Byw^Ds^y-LXp;}-J4_;B8S z(b(~2*RI8)wN9n^hbH>9{JblDPfy$Mri)IJs*I8(W)N#b%dadR#Jt&sZ!p`dR<)P0 zloGGF8LK~fa5`XIt(=OJu-~+vvvKj)Nzg?&&Jd96!_yS-LH zHUhKH|LN<42?+WHS#g9D)PBN;qV7;c;*GH|>(prY_|{=QMM|3fEH_59^$TDa?}V*|Y2% ztW=|)E}rld#G*bd&y>7B@~Zq=SB|Reok%pHd-3KOLk`{}q zH--EhU9HUWoXg3s*TLRSMH{o3DnxgKn z+KzjFM*%02LeRB%>#3OuC{jDfz>(5ot??Y-CE2u?yg^)leM&4!qWL*EJ;mXWfk{`W zsw%E#`^DjN2K2-%w-4Kp#}q89%v9Ov+}Xi(Dm%NGAoM=nM&`TipsjWty79ar8KF`x zZKSCk^vA$d!+Bj^YVg0FnZKbxoj7l01 z*6J2_*C5g&XG!7b6e(s@ z@YHF3PN=&nrcQ!DG3+PLrrB z&CHISfJZN;J`Y<87KKnW_lmd!*P7zRg*vm$%?7^`evYY$UC7qSVg6^A8_xBh%(FUY zvE-d#-CWis{5U^IT$*1q(Vgku)_mgIr-84gOmqDcaBY#g$zSJ>c25NF59sanyno(O z>rxuhqEs3RU3~Iu#aXpO-J0$QT|*!ylDT}gQc4d;1qDGLI*?4H-S}rXxVXSSWOLG5fPj%Z~Ch+*!seifJ&8KuG)a7(}EMbn-LrpTJ%C1XdL@=R$43|eYu*&+1 zgG;FS;t&-M$B_-iQU6%o#0aZwQkIU~1tzxR0>wXnCTWgRz9(SBB{1b!mo>Cj*W#5~ zI$ZYU2>oCsqi?-wRn#+HwqN!6t-7sfW!$z=Hn;>IJ}yGL7`A0Q-L){S!^>f5sK_U`E*GB`$>y)W3SB>J$pvymg6kMheGWBPT`t z1``85%mgkp;Eu(`sU}-o9n?+5fA=unOkPLFbinf`qS@hDl;{o2;CeaqByc#n2aOk( z{$c6^%^=ReEwybL0}mPnJj8?#%iAaZ?Y$!NixiXkMgntXsUo z8b4pf^xJ8=xZC@z0L<(Ti7cc!ONEcG2jG_UH&)tjgftfL`nAhefLvL?J-VmIa|Fng2D81Xv5@B z&9pLBe`3n6@ZXx|nTehzj+-R9#3FolAD+^qN}n;6lUDW^Yrr7&ljRiw_FykJNjduwfS#b9I^Qe8t>mA zd2$?#;J#j2VE>P!-)8s!3Y~`sxRWfz;6I}1k^ctKyJ3VUg1uOBO@T)sbR{&BtE zqemt6*QB7Q+48e=bbp5b)@Er9{ipJ6D1&4_uGt^Cm-*Vvmh99Zyj&#wWrV6*o?^P~ zdxhBHZt@z_aA$S|jo>v&U3PywI>fe`V!k7OL+?wP%EtE~1mjI6_~rIy=PUw-=w?Af zFWOexQ-raTCI>AnIRl1s#E~m8>aPrRxD;~=4F#<@i6#evN(xrK>ye?s8O>{o2-T60 zDd2Z!8bW>I=sVR0LbBi+(xi&ym)lzj#&`@_06SflwZC`lW=&au>pIVQQqL5cJ7GB^ zs`)Jla`NutU6F&uj9y!hLC_Pu08^p(!rRS~K^7 zb0(n9Z10WAWXjTbM%zN?jSJ$ALHU@}1N@~BzL}t2H#TT3bHo%05wE*o2t3PWY@$qj z#4w!5<_R*{*o$3=T(prU%Al)v@x#=?ioG87Bd&1ho@t%N_MwN!NNhHnH63ruyCBne zGcS+rk4qZj&9_)Ai_*>5`Nz8tF#?F&I}(_HCyw6!{A?wXiV)9&PAP=V;o8R_MvrU; zxqmZ$Jx4u0&1d~yCyqg0o7Lyy_4~cHs|mZN{j5C5A3v^HWHe5_^bjtLeTEyR2Z|Pc zFLS6Myzxsc!`!px-O%X+&p^MajWT1?P6bNL%ukMC|D({Yy3ONTo+dV)9C!P9`J3AZ zLvQCTq+n%_P7O>~f^7IXa*nv`<{IX2nQlA9uU5dKVD;0G$PK&J$&9;QOQKXg#X^RI z+3>?ZTI*`};ttCl+yqmt70PhV+{o!NUo~E9KLbI&iRBe{NaR7};jFXQr-_|xE#kTu zQLFmpV>eq!$Q{q98!6HzMZ@x%hJQS-1TDWgn5U~f7oy@Ct9g>vRLw!Bk<$LAZiHM> zEB(i48{f~^=R4du5kf27OvJBNcfx*=meU-Ve6FXtjcWE_zF9oS%{L&#<#uU=zUc)n zsenPcMdy&J^&=VYeqTk=->&6!4qG^K+aw=$WsY^Q#+zMXeW%hNZ)9YN+V9rcnm_Rl zWBN=v(F1~8`cFSVqf3KNe+{cTi<947xvmg|jX#k`GFTuY7ScvQPW%#+(}OQWNdfNvwG zuh7~3cgLLwA{eIq#n=WNL-G)$-{jrQk>hyo#i%`+@eh7q+DT`xOlhqtl1Iv3gs`xoZOr*%Kfo`6TovfOTwA=30AjL-*sln&mg%ODW9P8}Iv#$F)we%1jaoYS7eH zgy*$Tr%X`0mfS1!}|D0$2eoIxkoy}~}J zK-*2cz{upXB;bbt+%g_WAg}DFCD@50N1(rSNsWVHS8{WGmn?;a?+NF#VNM0Y(N0yhIz(40w+CZVzl2fP`_aIbb0SKRBgm1d-^p1u|J1ZX zmMK{Ka*G2!`Y@@dWltiilp3`23(GIBz(iTk_p&83b5UqI{iF1+%sX^gIX7_C6g9N@ ztx3%lx@|L!X4sgN8*DK^%?k1{W3s+Rv7fc!Ys0|WYzmciW^l`h6i351QG^&@wpb?y zC`ziN4ym@w=w{^pA{uBejUdufDx-1fBU5=Fj3xZmN8$p;nl38w!YIalGti}wAnB?mvcTD;=?&18JjR1+(b1mDtYH5*KtIf^M;HfypgN2M(WF7{9iKiZa5Lg zs9HkasFu)8I8t65bo)9cwWgG&2{*_!Smz1slcg>yw%1P1X*VLd7?}8a%${4SdJ-93aFDNg#bOO*9=Ke(O;@X z600+*-FN4z?RiR^Ixt@BJeTKXsPKJ4WmQ_q${kcamfMEP^>gkc3i+}|)dU-8d*_9& zfH216bKNa`ufim1Gd&?hzofJutZnQU5vKHB0V@)WqM`5Ot4zCnEhJ~V#Y|+wCY{iQ zJ9tXTQ={4Wsj{wZ3n^^i#X+BamOb)lul8oCd-FEoL5v7D{`P^=mBuF@IPOJW2j2iT zIi^7YF}PWnc1D9w=ckFm)#%6KG{h~Lzdrn7K6&H2$WIzPu5F%=VeYR!6W_-!h37Pb z^{=Jay^fDO8N}b38LGPpN=TJo6`^i_$vCoM#lJs|a-%6!2)qqSDom^_vLpL}d;L|1 zzWXJu?yXBVf2sVZ=5N7F&DioLseP_tVmcpeYpyf~Mlz5lmgR1Xc0CTP{!k0~{KYJ+ zVzK4N@o{!j!}qwKHy4G0Jnz|_3SUL4uFYXnukFqaKj-bf-i?uGG9t~o+%Etq;^krh z6L~5}C3IP!_aJf87j7o~CsMz2O^YzACV)7T!* zIMU0g15UcVQp^Q@=(+NhQRg0j3oVU!1e&=8&t&#=fcPuI-d}ze-~%PqKLOEkMxr+7 zxj>E#@N`ir4C5tHz@YG+5L65Chk7^<_~F4h>e}NEe*7cX;J$wja1X{Uyk>U`7S^`4 zO$h%`Uv>)|9v#jXm!|golB`P_5OyC<^yjl8Tcz7nKh%?edmaiv2;lzIj8(wJ=>2=j zfAXfokuiK74kh|fU!V$`9o_^rH2^i=-)JkY--QRAKiaegYC$EUBIh*+(1INH zUQh~ByM_njCIJhj$YP|zP_BR$s6jCU$r+-a`CjK|*iiH$P<$f3zESwjWy^>CH-Rf| zgXji6h-%z}r$6-cjq`it`9ubz5r%@Ja^XUNv~_R8cdelhxQz=?K-Nl}H$zP+5XFk=X?_y&nG|E_-RBG@hz1)MyJN-=STU%SDeCne!GrtDwg7MQn z`{wRm?N^viMle7_z-09-r#9^1>;g)-`b9HHHAoNf4pnpfI`;TY854L3iDF93p>SMn zW6OUQ?fb-niay}2eut=Fc_`h6B?EzQJCB-66ko>T)s$M^Qdg^KYVXdbrH8FTd5K^p z_B?If=d!gm(^NH`F|IM3i}xM~cTuUizOkZRz&jo9Ag=xr=~>M5mV~57zg66ZCscDk zhp388ChjbjgXw^?d5&3PuH+rc!wYtv9e2AtjDVeUkQEu8f_?~uO-c%7~uD&2SdB*tJv-fT(ACu{W z;@4Hof=;`H=zFp^lP*P)2sR*>-Qmi*OJJ_R_9f!R-CVx+jCA)kMPEzof4Y-tSJ7H| z#j{YFyjwHM5{nw+;a`i6&>s8a5f!}bD;Zqe(^Ol5g^AcWh!JYArI~z1LCra+OD~R(|L2p_l4J-jL~gh1Z4&zU%71 zajlB3#7>?WqZtj+{zUkg?L{y-yza-Df~V@Cst_1pTO8ZKOzuN0TbdI|owYC0f<&D? za@I2XW7+5Gba*iTi;=rU@6B&CS9qt0c|B6Z3r$H4OZBY}PwhRFN>5G2og*K(=bSyB`V2GMXR9(E+(wnF}a=Nltvu}sX6zD*R|?* zy!7PIUvrw9)rfzj7{7(Tr9qjG`$^_HX$;|h6nt{Qj(J#&b&IOc^&~7PG(IS4Qdk;< zoqcsak41GTK$?G@f^a67{qCm)aD8kCzkuoKW-NzijvsywwTe!NzGKT|U8qZ*Seqiy zyXD&Db0y--PPm!D>s<-8zZwi- z5=ltql9DsaH0lx@uXb)EhDuF`s)$fmp0hQ{>9JD^2iSepDtCQ*|cL9FwVj{9WTjSCgmLNl|`;Uz7%q) z&NKOW-Zrv?VHdwB&Sr&NsU-okQtSd31R6z+RDilIJjbBxK{)sO%?i+CW`V5ybF1@i zXF=7HG8~1>fzQ1ni!XvHqABxAgF2UTeXJM7-S$}Co-AK6gZ?Q#1llK*{kh-d0H+`> zXW{~TApl+}J(GwlIb#_{9U}qSUM~G^8L}}tIy0ixs`#QIO??DkcRGM zd=#{86^$aKrIgu&d`njJiOCEU6V8bmBbT>7WC99C#ENQ^bkNC^-A5UqL|uE)FK4u}e(u&@7zH?;LeP zNW!voq0kr0!X*eMC_ar4A&!S#|iQFN}K)XK1yQE7B43yAI95M3z4Imog0SI;#i^}W|a z```T__SFi8$bPJfOsgN+Mga|L44zEdd zh@pJ?y#1oOLlo5&2ogx)LB2lBp5MBk=EGwX^WiOdX2m$KvA_fk$F9VM12m&9kBK8O zk0Dhlp}sITK&ibE?H$@s<_NHg3XcHM0>A0Dqe6VVREGfCsZXeJ)hP9|#2a=@p$=L= z7ISQmVbGKOM21vV9Sx*H7~^n=)90$fI&#Ho1e~AAiQDd4qLctqsh4l^yr9a}Ok}Z$ z5+*7rKv$n11NKUYdf6uw7+t^60<-x>=BXJ+ZH9HcbO0YI_SAg0%^G^dCdQdpXC?uk z^K(^2$LmlTxp3u6anf;!QjWiPCujonIH{th?%Gj9S!lc$Q&9M$1%~vDJ6SnHY#)P6 zE*elHdVzNlyZlKCiOXRef$Dq$Ix`d3hes%iBSx1AIyspssxLcqjLyC)*-CN~ENg#f z*auQyajT%Dpn6lgU|8PwZ0S7ht4aNP>mT2#7YR<(mBft)6!|w0b*YlgtS=yj!olG;9n9Y z9K3bv_inI%i%sQj0hh||A=$9jnGFk(cB4$pSip+9rh@T-Nf2yQFAz}BTMg(Fk z8rlp}zptuOezjL%&Y86M-6)$e)tAZ|JF`eY3a}GN2~Rk}@1o;tO@ulfM=xNkymchX!bifySq(W1M` zR875Zwuf2K_0umppgG?UvLu3pWCr*(Vm5&Td&rK2fB_B)UC6}9bLobd%T)@RwTuNj z-$Va4O-y?GSa8{#vb;TQexC5mN1vb*zpo24NSP9K%?ti>^C2J~J>ySuK(@({Uubrm zI8zoWe(}0Lia#IaW8FTa=kO3PpEczdZ+YeK!c?P&9;vhmclbR$4-pmAs9P4ZjH>?$ zQY`>tr3sIAw&II}5zAt?dg>dTxmC9olO)swE}PpI4&2Y~Ak8KE3``Shs+_JTkb8v# z#g``CS5Qde3R@;f#5f?AG&-~e2uB|2ikLV8(Z#x!*R(AnPkrnKAmt&}_M6u4ctKQo zeJlk)_znw>TC;zy(c{pJZGl~htN(7#5zA)nfIQIPQrEd#G~7Zh@33;MlQTejzx-15 zIT9Qv&vveac!(-3KC{jkEhspU>KhI4ePR#SLY-X6b9L6LI}{VtUQZbLVeTkMTKY~; z{t1-vlK3XdtR4DSyr6XNgl8pcY6=7#V*vzBawQBZhR6Km4#;aSJiUrLhjrxFr-<6B zYObW;*an&@PEw@bpmB}Bm!5p4)CONW6Q;Wh@N05T=D9zGa=baR28U1-5sp4G6m#Y? zzrrIn6?REyy!VP_KE(QvnQZnWc^=>|%RpOmzqIQdB#*7PHPQ!zyMbuI@3}MS>;hu1 zJ4sgogfv6_EWb$l3$J1N7-iXx{DSHw*$%t%3kTmEfJgz157hf|Xo?tq<(Fo%8$p^Qp*0WGl%4=a5- zx0m`vtiNaSi{DeKFl-%}f#B6G$IrOVnVU4<{W?$2#!u%`!5U?~`@D>@cVQ8Ljg^l^ z1GvFJa0Z0dll{3fuKrv@wE!VqEci|bpEFm0SP%b+j8}8YV}N9$gQ44|j|Be=LNVx! zPS-RQ^)ZIRx6by%DCwN;5Ty*ns1ilmMgt9<`Q}7CYijTjcsBZ15zu zrt|c5EO9m--nXZ_gY(dDMvDSbL$V*`UH$sI*7l`JB2nu>r+wj=W1Xs}`XP3Xjl@36 zK1e0tdZX6$*D11zhhb~q5BM1hJ)N6tE)J*25fl0`Vpi64Z$hI-3rGJwmhSR;)u7b9TplZi~n6fN$gB`Owd^?~ME0{LGI` z6Ld|3Zj%?P!YCTg&#n1HfRN(&x$5BA9M3#Z^|h8g_7=&tErMw|3sDiZi*jzCT}K>? zwtIQ~9V>ym#W4+6j?8>0*UHK8@OGXJK_9J#yW0Ys)%SG4rAls&>=r?o^l1t@Mc$2# z<6?mdY17a}@i~+*z|rx6_NPMy%&|sa7vxK+AaTs%>*3e#;bH(U`59sv__PGH)Ti=f z`4hr@1ei?)h+N@&GaZ`re$OgTN*BTmc~LWrYa1=qMK{(xOw%|nKp`63n;556NeM>3U-uG z*>mO4*vm1bFN!pGbiCH!ym5yP44jAN%m`Hnt4gT!ELI*^IeB3<=opHERn61CaDE}c z!(*8sA7^=Wbv?S%UP5Cpt)h^{O5h7MLrKnN=qAwG%+lW?T|+|2sAty|BHb4b@hx5s z5%`j7?wt04Ea~9gtf2jz4a)@*QFZ; zs-a!erAxlG_Kc|aIz&R7)2gaU#n5E@gatTLbjRpW-d;N6HtLOrBUgMfa|!Sz3x5Zb zJ^lT{r5x&y-i98Ara3x*?!Pp?h*sNE;|n%qC^~4NHUdQSletntrNbUtSiOAzN$EFW z5j0zQ?bW?oHdm`eb?>~XVl)M+=q*3syBu}0yguaBTuw$55grE~3=9lWTufL23=Faa3=AR&7W)0kPP*3_7#MtoxsZ^Y zxR4N$oP({2xs@>(m{@pHGK>rbVfZKG{{sKBRRSLUw&{&lzQeaF5{CuM` z2TB#boo~8i;O_Cz{6KtMwv=XkmDe_mTd@dp9ZoNr4k3*8V>0w1-AZ@Aq#AnrrBAnabXxp&vgOmm#xE==5WpOfahCZoBON}hpHqSw^*47d7z9E)O}dh%S{X zNTq;wJ^o@y(Jsabh{a!=c5qsd?7y_nQLY2OoPUb)zte*VAmR}YHv0je4|gE=^#{5U zaDoQGL&O#M{uG4P!f|%ny6r59b(75I}$Ap3!s8dmJy!(@@>+Em(oyu=tbTq)l*};z)(V$_3%$9P**fg%^L&ZL>|qMiFN-aC}7U=}I-oWavnR{Roo~tR6_&uViq@ zFq(>xx|9k&g0+jA9HHEku7_VuW5vRT-3p=UM>{ZUAZtKxaApu%b!N|jhi~dv+w-t# zU{}(l++?t9qxBgGITwiA8@+YmhTaCZicJ`0y480N@l5xu|E&H@`;78R;x9Eps)pJI zR}ICd51E^37iJe?7kQq^AecyUh>9QnOPG!^RP7s&fECFq5fUo7*d-}sJTqlxqJ)NQ zDG_TtT|7bDYW$#)bq%CDW16UrD3FMdO!q7D4}N(xiheZYA%%#bnqY??Q-aO1?ve!x zHziUQG|Eyd-zti-iuiJU5_1Pr2dj*lm@JJ;jna*62HWDvh7Jc?2I*2plW0?T={$v8 zlwv4~==Z)1Bx{nWlDSF%Wo@*wzS>d}(qw#WD$Jv`{EB`nMr}Tg49yAd^h20O?xSELGxUN{3(e7ssfP2i&GF#)^rkd zKz40-t@F6&et5OKOE$K|Q)$0i;ZB&iN6nn{ISC;tBk_#NS4F?rtt7w1O3_^2y*xsm zRYkkJ<(qTt;rE%zhlne{uH!D|7(d&aKTf$xIYw!NgmvelbG^MYqBEhh|0CVa)nOiv z6JnuAsYqHsb~LJVdST>O*;=Wq@?C_GPd(9bW5s$}dQs*j<_{L)b+_iumeOXpW};@c z6E;&mE}$tzG)y zzJj9xe2Nhz8RiYPkJf$EV9)Q;L$YFE~~+PiBsRy0$zNNPNFN>$gj%X$kY z5B)>)5r)df&I9QdC)Vw=Ei;cd-x7ku5$K2SZ=2tVbV=87#X50ovmYBAx z)^nznW`qX1R=x}1N9(6mv$-o933(NH^B1XG*)oMP<}#s~A(+@S5?W4rlR32w%uDXs zj-3cSWUD)(DL$&SstuOWM~a0=3B%>ae6Gw6lFr=6w?ix4+WS6JFM*+X0~WDJvb~^z z+KJjF$zRmnWm8AtjSa3fu7P){vC-pH*+{zOm7Qm7YkbLEkv*lR(GLp`6}PSHvKPo# zmDj#FdU!-1%@BehUmzM`_~54yHeu?a0`*kRZ`TLDKz~vH(n-@#i=?hqf3IF_Y^GzT zibYF9cPuymWOsKSe;$e&f*Kz-CbsaqAnqoP@F!26MBZcGXr8L5ZlrwlMqge3rXh); zrQtw|8|^~1ky**;R6s%d@WI?ac(9O=Ozy;Rh3n-Ou z&fQo8fwc)&@x$B6_M)EvpCvzMlXH?MeMKbaCbyL(5Vx16l*Qh0Kc{l9RPf6tNps}%D2Xf_8Scr;gOBg zdhv;O*K_r5C8L7%Z6QB3~lk&IQkE7dMtw^5?r0=Y!k)V2Q%h@wneb9Ve-XE{uLk-NKqX)BuiT1F{5A3$RjlJ1y3prN4gsA;I-Df0k0v~slIeu!M4hgqs$ER&%I z&~XZJCHR_LTAeOjAPElaH*Y%z0_*|EU?ZRYs;lzAR} zzIs%FN0Xrc9qTvUx^#>HEE^%?NHcnVDR%kGs!whjI=2th3iKwFNujkor{X(+C z7=9W~5yxO%DR6RSV1B1u(}6ixiM;Tp5c7)~T(4i`>L~n?zXq*AkAv;!1sTrU+gHtGkkXxE!tPeoHRYBe?;Jages(kV?6}}0|%HZsX3`h zOK}<6TGQzp*%}zrxmnx2JGNk8JZ@a?Kdp_O^oiW8t!x~*+<1xq^9I-Z?>`>X6BGUC z6(>txVl``@?Sc_#*T&#=5|izwl+k6(A77v zb#~$35Y@svx>+|AfZP1xMp z*v9dF4L(k0cAo#d|F4n1R{Yyc^}lAav9SDo=HEvCcP0=09~=1FhW+046RhsN@EI>Krqw?l~sFG}+#+NrzUWG^aG8G~9nbq|BCwWxVPam+M4m)R?U3J+) z9bwi3%q*{(kK5-oJWtv?_cA@l?~XUXK0$#C3ZS4s{r}}_Odg7kLv+cTErT`{Abnk6 z^AGOVmxb2v94iM+EBn4RQB`5mP*wd%BqD-^g$VHb>uZ`H;+qNF6+bcK6UlA!D?NRQ z{J&(-7TiS`(e{c8yF{29yUO*@7yH-z|E0#_1vO?l<-zx<>8e^5@r@}C1OERk^Zr`b z!ngG{;)*?lT<(-7d%DIKEA1eK%70LjOM%TC&Og(#X|H$0uD#Ydm;Rj zo}Vi!M@IgI)vUH5+W7YxWkPFUESH7XM1IacXcEC@vcpcp#FfW#wYdn4kuj;LT31ka z>Tru~iv4S^uX3={=q2Uv!@L}O5Q0}Oxa}w7UIK@Uoy~lM|Kg!*;d>5nFuU=^b17SO z()M@IkfybznNOPsSYO(|xnPEMi^OAN;n(2>TP3zzwMt}PRKg{!r#zy?!}*5WHiLOV z@{iMDF@kFQes2L9SggxsGgi)M-w=8zbzYwMEoZ%?xN=OZfHn-_`izpe+BOkE!4rH zRJK&u(lD1EayVO%awF058Ub9grlDoY>TrO<76gQKDTB$+QK;n6k9 z_R>SeHLNjZLccAv!oUAIoIM)rV0&Cltlv-n;;;u&=ZyRJu{H+_NQY&%G6AoFPElIc zHzwCB56nw*T)u3-m7I^9OwXjwq{ebML7WLk0-gqWOGgKbi8C)^8vl~UA*TQ04_4VB zu3G!Ad#l{<6R3Na50U^8WtNpgGZaAEDJ8(;@&XrVu3igfQC+)5+IedARu$0Fr}7V4 z_ar3i*2KHv{HAQqw5kIO>bw$_12fe#!^+&+y7|Q|H%&FJg|+dXREF#2R@#HkRe+=! zYm1CO?!=M^CH=n@>oCyFT_Kb?M&Eu9N?&$!rY$J#%EM|pyEsk-~`50G?$A$ zJQ8td&29{hN$iD>Smj+(%?e&B^&6L4IqOoLlmKc{)c&zo6sR#oC>}D)vE%Y>ppgln zl_$@v!TzganC1dCfWXtDDCL4fdyaHS@eO!f?qrfy#&a~i_f6tTbfHWQW<(J?rMhOu z`{3Yk{&0ts_8&Wkg+PS#Km5UL+Mwc~$~608@@A*ujYhm%b9$*YW|imF44Ubcq2H2k zp$kta>d;nD6#=J7n5Cg zG@bsAt^dKsbv$s@-ck1w_~^1r6|UM5s_`0!$Hb|5tmX)D|VO&|Cz;hRDL;T1l%qM z1vblQtLD`aJF-$8|NK$pQ*q1_cfd9_)elRBI=xO9pO6g;XXB#luAUb8HB#bVX9eXS z5-vbONcj9{xw;e>`qAA#%z~gkUQ`uben;fUXi|OAYQP<-rCr*9R*{RhfvW7N3}8aM zcaoDJqS{e$ygaB@xzr@#xb|!gb<Ql|Zas%0u@*$0(HfaT3>zpJ2cN%c7Zb-90z2E!Fat%1D zoXm@v`!CRdh1kP_uwD#i?%a5BK@+dv6k4X%243Ph>H#?2sF+i>+LYC)xnqr1zm{Yv zSs=e%Hoi*{p;X~U|F1?yu5MVsYdHN#}AFF@Q4*~?yg5j z9&puG$j>Y33?8!FeidhRohaQ=UF04%6~+{KF2}|9o8$p^BdAc}$2@%9_Rb+s_=3pWG{O(xAc=^`$ZF%G@%i@i67VKo-#UuCMNJ{9GsePsdhov*4HTMa@D7Tr{H{6TB|1)xv~4~z zD%Y^jxGQCOr-LMRsb-ylQ{`J- z&eQ6}mhl!gP2>Q1wyfS3#G(qmT{f`}XjnW>2PoQ}?sZXFKhpPe5Lo%rHK&H)vFLGs z9@kPP%=4E52(%NeM}#r?SA4J9u&Dhyqb*dHr`nL!tHMSD z+M%j6nt{HaE>RR)c|-6K=MO3`-x7J4tN3_ zv;Eg)=k@)`yx$KuP#!m@TVqPsfAC8N<+IxIA@|D{0^f1B5)J#md3SqY5cu4#C(@%M zh2z+d&mx3hv+y`n2u z^D?!RG*Bk{Fq*jacT(rt?@xdTw_fIhj59ecEsLn+*LUn+M-D}xYwEhMitg;BH>kwf zbP=x4eR6~kDx9yfCuzBBO2lw)^`-6K9nGlrxUqP?2Fd>BwZZjAvR?RO>IWI{oQQ~850>YsQshGI5F3ic~EcYQuVPDLYPInyeWj^eymYk>lo zXFz89t@u7JNouaFPPu%@VdQnbaP^z^4<%-bF)qUfMR&)M9reOt<<+#2a@W}qDhHjw zAw@6e0E@3BT4C1nv-slH`>&;7dY_E&h6IGS$-bKJ(0raAOdvO$i@{Gq$KWI|<`vFh z7zJ=QstB{*trMWZxPHsn)!_;rmLazGCD3p_@zbEyZ`^mZ7S=f{noSKzAU_bci7C_x zkaN@~bMLs$lNdNu>#|e?A?K^dPX}~^u-L5BDu5)eqvNBa1(VAF;bd>rH^xVe};IMWlwaE%Wr$^M`YW51oR zEqYkjn{uvYkgk7tubLT>V&jdqX40bRr|b8<-E-^Zgw?h+Pex+8kg(4@yvfvqc;t5x z8K3COQl6?|+^r2i4HZWj@v3}lT{)f?ZMslx;i&y)FI??>*@K)1{BoYDEM9Ij=no|Q zZ|H3am8wO+>jm4He_AmaI_x1P*ZgIyDK=hnp%^LEI#H{yoE=8HuxQjp<>7Eq)w3|Q z6@J9SQHNDy5b$o$ov23LZ}hQYk{Tn@{A#tnA)>C!Pv4$!H_^0PFR_)Y*Y;P1w{3sA z&c|K!JZ*-__Iae_dpTy_x?0O8l}cxUYxlT;Sh8DZ(wa4=;0{XxHhrjtwCOVyw~V`9 zutMwLLRaO<2x58zre3{hc=1o?XOEMZtB!y2@|ymHxZf z!ubc6m&1o-}JUpwX^cl6>_P_b_#H#OSSr4YuRJA$5~w>Qq_kQlB|*@q2tTpeE8fshS?kUcS8$JWvp`F672?B zZ0*kLxY$03=`bN6f9A~Mvn0Dc7VG9FB*pDzbRCc&CADU}mdeWZBu9lA6><>)kYDr+ z5&jrn2Hq1Tw3%i zpeHLAx*1SzpFnUDLnV>_ZyQG{HVv4xYu-jS2_= zty?M}^Sm_V5UtJIYo*M6Z}Ap}iZPkt{Q`_^h?M=WQ1nnq=!7 z%5JF!o9qiNpZN^`gg#@lMQ4sI4+;!_;d6zz*N<%Yh9c@A+v>jk_nj32m6KZ&p|D%$ zaS0cjrAoxLU6azf>t_kJ-Hw{+`Xi~i9M79dA3dG%lbC{QtlI82J%6*IJ*YiyuGtUV zqlXc&Lu*Iq^z~Yr=*61b)x_yCJ015{9EW60u1s$H6hOd$Oyl=GG2mxCn@09G zQuv{W@N%??(9JgDXfuTeQ=MKFNOC&)kU#|8zU~up4oKb7&Atl~#xpn3sE!Wgj@Kvr z{g=!SY(|=y^)UQaqs0-p)>NuXK3LITf@G!w2{rlQ<+N1%o;P_iBJ9r<_>Yl}SR-O% z*kOIcbGKl6KV!uwj!bWvux0W*}HfL1Y|m`>^*jjBSyX1Ze8U_?^^A)+@n( z7@`-`vCLl=TbxZlHIb>E$<$*!Mn9gs4nj?9H>HXMe;d5LuQrr3rX8M8noH9i6X`O% z+q!L1MN9zCE7D)A%;gd^h)R3+$?%Z zl&qQTvIB_d+1tf%8I4dfFQrfIVR|jhovu4G6dD%@U5O|>UFAOi=0@YO7{YF?jAld< ztY9yFOz&1WxfJC3IS$lReG#xWAt`DwqIZaVmjLTIkjuWY3(k_vW$|${)TRExOzP|a zz)O%a)?j?|W>1x8r{I2QP}PoKz+)w0{c>-wsTt~YJy1Zh)}Iv`+RbzH@TA_u_&~B= zdjc~dnvHrA?1P5I>k~58h^b7Ce^JkTEKYyZv(c3G*>E6+)xyYO$RDmW9vg!FZLz^J z_N-GoRFarvGIb0UU1JK^>3Mf1BrF`nNTxd2j?XM_11iL4IsgpDDW&`^kgoR?X%EVAjWcHA5jTv2 z{24Z}Ak?Ze2j>1fM1eHYYZa8_7#(1xSZ8h6OkZn1Z^=og9jaX> zr5pPR)(~3;k4y(!X%Zt_Mca;+O|P+fD?w$d6Z;-j)V{=`-=86Le zxf82e6;ZHKvUSQyb%Lc;s6P}$V~D@xhVyQo+X=lOhcc?`&QNkA0fjvp^-NCRSzglS z=9>`)2kTU(I~rnK>6|g#8t0)j#s~5GI^8Xu@bO|*6J7~-RC1M&N;oo#E&+Oj)mShxQ(sqNS$`Mjt6(?@2*W6x;a%%tPz;|48T0D_Ui^gzU_-Bwi z77**l^HiBs?WNW_IK1{zWVUxUsznKYExTV$w8|0=6Z3;$7v5fvbdj{Bq@qZyW$qJ= z*3W!1B3Qfvoc381wb;XZn&cw_^&kGd>MYb>XvrH%(#A* zqLc^`<4OyhDvGmo;zxplmL`g|4wKP^I!FK~+zNj{MAFM@&kq;ldyiS#?Kl0pGAyn7 zxxHA+(^p-;*>S$rS4b&bez0FV&G)-2qQ4S!Fh8D&yxl}QJfqHH&fA&M*T54`q{9M? ziFSvAG=c>T%Ew8|dw(DF$TxUmzxGe`F4RvKB98M!_xeo%F*Ve_hat(@L1%{3plzkmI_ zeyVxeMPyPa(u7gz-3+JNu-S6$^O&<2X5MvQf|bYvsj0dm@2r$C{KVoPU1;}E*!1}8 zEtHPrErgnn7^Q?3d2RLs3`EAf7mU*{YvvIBzTbkWL&oO18_2$Gpt`t(T)T(Lh8G4o zX9uZ(j0;tzm+Ky5a?4yPNy(lcUxcXQ!}axPe^o}6 zTE-7?JBKzj!E$mon=RCQcTT5k`0sgk5yFFi{Rx~+Z2@_LC2w+3?Gk71c0nl=0Cv=E zkhDa|v&&UGuIIJJGUr}Woe6es`aKo8hF0HG5hZm58K6v6LYvqJIRE!7@{y88Y+6d4 z#8RUvZQmyz0isA9#yDyA?DnULAKI+lBWcXl$C32s8=-^-;~m~=El!kK-nZ&oBIzr~ zi}eVNYd+l1W-Wp6jVOZNK_WUU(2F~)cSdk=^u!S?h;@gG=svuIt-lYP5jLaoll-zx zCi}&?&w5TdFUE@YTPm7dppEMkX=9<7Q0;NeSlI4JD_sltLNsnBD`426+brqic}?>w zr>6`Sc^5(#HPCh0fzCG%Q^@VIhz#w{!zMwK#okA=Nrc|VvQHmSkf*}e;4Elr&048(M~(3^k8-1O#oMg@q3m88l;1h#t=c^ElXJ%= zkJkqr=fm{()a{DbJwZ@f?mJ1a@bC_)&ifPK(vXny60OjV>+)o=uvEBDECrM?z}@V} zJZCYCeh^)&V(UkNly=;zl!%v3`cMFCfCWn{SJ3!C_TxTyn(+WDeBCSvJxEyk<;J;= zwKNbOK>t!~{&rNN^`6%~UTLp|7vG5+6{_>;0E%1K*)e!!K&@{NDqgP_Un1?_K=~{E zEt#myiE8-sJ|V(64c**`yH+bn*`YR?v+_{xHq#YjqywCcVxXF{ z!pLJ}=Fr_ST~zsj&k2@u}~+e<_m1mjf*R&r2}N(bGbmQ>l8N>)wxS*2?4Yxc~!QQeJSKhNx?f zLbuFoG$cf&&A5@XB5#~4Ir=lX%=A6iZ5=l%{^Ayxv@%BgA*F%ApP{-NK6sxq8q6j< z$EaYR6yAIBBEnh-YLqa{4LacC6>q(9W;@$%wl}G|Zp+#oJG@mfCu1JS0=o%q z+`y0GU74K2Rs$7E_w=!RuwQ9h!^vo);9fm9K41TZC7jI&3-b1mA_@Dp;ooOZ8&QH95Q2LihoqVt}+wOsB|9EQ$H&bv8X zbI3Xp3R>#2%N874r<1!ipCYnNK3H4)5Vq@66}bOmhaZvL8|*~-G{1a>g|r1{L7LPh zj^b-^o$?6NjeG-Dr2&)ud{tDSdXZ7c)Vn;<%W9}92Y^ll(swg}W=ZC7CBcGG#-k*u zMrEd$8PNkym72r;7G!ZvqOQE+wlV2H>Li)mu;*rnxk90nJ$3%_6wwaQ6X}ybe}3~I z%osj-de6y3Ceeq}qEJv#v8~!Kz9=jm8PG@xlfI{O5K;UidwMP; z7k!BH`h>BlZQJ_XYsg`j<)U{xu!T|!1B7T+X9WDwlx#xr8=zGt`vC~=inCEooXHi^BPCZKrfVN^r~R~OfdVS_wZa#>wO zg^|R7z4l$~5x=RBxjAJF;dn0Y%I%&NVg5!y7a=zIAM|%E)&C~4=UkNcWYracWBM;U zGUh;IW6K74zMJ`>!dWJpsMhtN{&Gck)oS2YU0EzrhlFD}pVll@1)Ge8_w)V5&MDWu z=*-)D_Md`|4wx{i{92qU(fPsuQN&MF>E)ok4O1(pL*uCRgF^OyizY;{)9et}I@hR5 zrWoE5`#rei7hlCJNJz`-fLrDr&+<%3t{4d=`r{r*rv@3y!GNKo>dV|=Jab#1c*Pig zJhkR*2{QY%`eK^Q0$kv+k|u4+VF~Gv-#+sz5+h|SuFrBf>qk&F)Fx} zdc9`hp18`~%{jK>+zX07(f%Z{Ate7Bw1NzqdW4vy*8H+o}7T$P2ELJCKvaX>%Nk&+A0 zpfZ4L?Eg`6HzR^=+7y&1O1DTd1*ij$+fi%JaDvl;;?Bys>P34uPR=;xDO+`q99Oy5 z9-O8P#QX!O>&^r31xX4@N^o0fGQoco){7A#+P>t*#v*Gp+C+DCbuBiPmepjPGJGA)$#lIMiG?cw=KKoWB2UQUBUtFl4Xo_lj&!2%_0i18q8+wMRqxX1PwE zW4YUp__RTaVRe(3W~5|$h7|p@nmwoXphc-W=Q)8H`34ZkLuXLA+^e+h55$=~NgBbU z#tk1Af~u*h`51un=@T*34G&Mp6xm;q;Cq(`Gz3rl&|L}-N;mT@jvj*}0dHk`*)YfG zFLf)B2XM~2q(&$5C_cZ%G9R1BxN>{9O?}KGS^d3HMU8%gM)WjqyP z=QDd?&y_yW1=@Y(iXO_LNm2)-e37u_TFsxzR4TY4X@8Xd-=3{k zF<3MVi~#;U`KnDWi9)xy*3=D#B^KDQLq}KL4}Qu6&VVeoB`N@?iVMvgzl6?KQ&SU` zWHJro(Ay5ZZ%K9bA==33DC>xO^=&Zb?5HEu>0C0cW|i-o4<5hIa&e{caB}~taUe8e zKxb#?7sGFyUiasRENca{PfP8djXhuK=*HrbgZ{#l|A4U^Cal%F@w6Mp{Q`*YQVh8} zSu#~xX?8TVrBwyF$8L(2dS<#dBvjVOSJ&*cWvO_ew@y*wR`y2ooOeev!f5YORXE}O z;nseXIg&l+~k9~Ao@?(gOt84dfW)v7iW@dk&xf5^O)X}iknP<6aLkRS8Z5FU`r z=BYb+_$GTSE8a7|?gcMZ&+bV)mw1O2oc(;x`^}*q6A59B4B?dbc_Gwplbs*xfikqE z!J&obPL$_r5)<}pl8|;eLzT{IJ0dR49kwqzu=wRrp^o7ye&6jD+z3F^75=Q)lwT37^m$@=ZQB15!pI1}Cm4KmqbOY^K9H7sj)csba7uPNS6qxEK#8&E71rVM z%I;?|-Y5hlo-W<)?$u3Su6V*%6LdKrGz82yTz>6&RPUa2)tPK-adCo}9SjiLJ^G%E z&lux&$`f(d38!L^F{twU++E~F*XWDhO@CvZa_za+6n5|J(K;HxDoUcUPpB`?BjaMP zjz2~RkY>CA2*sIp&A^aD8DskjpKZ+@D9If>Q#_vJp^zHk&b-#^vNpEA!dDzWq+ZDL zhJ|E8Agbeo`kW5^OBHZ724B_210zmI|EmLmPNb-+@b|(ar%w8nF3ZU*?uPWt_l+Tc zSEth>+Fym^{Jp#Jk(15!rj<6om$wftC`3&T*{qflLPm}i&k>QnD>AzU4^*)l!%QI& z^p`mJ1_eVY9k}U_fj_rd(=#EN=I(cc1wkuoX(~sl|HzIYdwYO?sNl}C{_#Lsbakl4 zb}5_ElLDL^68#AU<6_kZoQC}US`Q^yA+%9M#egqM=7Nc( z-(pHK>s?ELT|jFWevq29y+ic0jm-j_VsGao$4cA=xvCP}*V{i99d~~{XD4J22o zDm1w3xNq`fQTQjL3C0ycJ|EhP??-auWA;U-!t#5tBLHs9l9H09!_u-+ZA|3D^A}5N zh|kl(2$(o`3(pc6i;tc!H*@Z26@Gli*ZNGQom?V2fIcG|^^hIBCcG=E74l*24-I!3 z#n1SMtc^1G>a430{YYv+r`U)EdPKfgiJeS~3!hW)*#fWp6GCl4U>|yw4@{d1< zs@X-A(sF=0?TcoLjW#PNpFamyRWXoc0|1EMrIMm^&%5~nIaDns#qdAY8Oh zqcaSKDR3a{@{O^KX9yEtEvgKYws)IR^1^IRFLr2pxfm?FjUUc7agk^K@LI6j>gaX% z?UE7ra!(@Fk+g_`9<}9(q4zsJIH^n*n#T=9%rmiNuxU16;>BCB|cNC|&^?7gD7de(W2^00E0isvMymA0*<;GL*G?$ElM6@qD%V zrO*)+ZQ0tgzmLJg?}{$+;+byxVJu$xq58(n@{}tol?gIe-SbBl1X}-1ouS5+ND^k2 zFdMq9*Jhol3=%21p1wk<32p#t!kJ*F9gO#+lSa)pR6}7Q$lU|po>w!Mfjlyi{D-0% z5POD2J%(32Ti+G*tI1xkNs|2i4vLPQI$8BlE>E;3N$N_dZ%$tP9$5TftEb)af)I>A z4+9+q2;g{fRo53`(#gmUf{&b0oAHJszypm7A}P+%33RtODc7Th3J+}g<9hZie17gO zZ=ZK2#g`5XOBXV^^krZ_fDMOayuBEhQ1*sNGTppV-80B=(V)>q4Te)3_!4g|H2^xE zQ(x_}z_r^I;dtC0nU%0PmDE3!7}1u(gq*A|w)4&}!GnqC&vQ)jt(5j==5z@W)bHnN zOX%v5&V5oF!2->YDyd&R2n~1>;NOv;i=sPme@5j7{|qC#h%o88xm0NgsT)Q$(TwVN z1=*Ba1kghx=n6=|Al5#h)aj7oCP-g)XCf>!X%9dor=n4DiXEt992*C~OR7?iSMsas zSmX^aBm}WOX|C_$dd%&&l}fKTt0%(|uPHjNv&0%@!3f&p^Qx>c4ReeO4x+>Dw4tNc z$7>FLEONf61d36)cE6{16^)&6%j)QAsq&0iBPw7^(_b}6LT6}t6}^rEiXA#T9(Hl_ zSm(4|@jb5hp?#=ymvvk7p$MZBRde;M* z!OrWrf2O#wg0<|vcg6%rWsPWuo?8=dSqq!M$-fv2{-cKM) z%;WIMg@+Z6{C0$d=}8(fD{Lu4SPg5u+dI>j_0{8?gl5$%K~O>Y>^-X5Yi~mFyh|iz zD3tt=HY5qN#@6q07X${iG1jZ_96ZLOc_vYPvxBYXHf|=R7@cnzbQ-PSqYYPv`cwnS z)eh)UMKpCbO&5~wEy)YZF=c*ORqCLdkklZQ2; z_3?&kx_sJ;+x!^m(IN9J9TTiY?}R-TKMlMwOY6?o+~+ENd*a8D)G(DDY%vB{3#fi+ z?AYSI*lH>s&bjMDwllxRN_tW4NaTn!Lx%A)?(WE zGlPpBDX;fXSB?8sT#Xawqf17ZokO$XgQ&2aklhNv)qrT!?RW0h1s#5D!COkifK6EG zG8B1p{0LfLj!UdBn4w2wmw$d^HA9+6j-&_4)F|^;a=H_P_iHxiV*wnMT??B|?C3&d zy_-alw3)90-`Hq?vCZUrZ(cphWY7-)m&Knwiz1;^D21h5QZE4D^R28}ZAq9m+;EKR z+MANtncnBYIO@zbOCA{~*`l{nYl{0ez?E7^X`{@HX0YQbhPgw{NXaR;OHmvJ<~Vpu zsT?H~XYn~M3d%M6d@U1|J&4s*KcvCy_N0#Ahu#+PvcD6qtIMeWNEl{%>VYF}%M;B> z$!$MV1@`QDTNZ}L`?===@l@-Q@!sV=`a4NgGf1h;Wl78wT`3OJ*e9Huf7RcV!0nUv zF~0{kW#xLBE?o~^OG$mO03QE2ewOYN5(eJ*x1wZ{^KnLG)VQ+Of_C-?chW>{e|=-! zEkb^;P_4C?RIeE{DeQ?J!D8k+n!XWqggB=bFhD@)I2u)udH}Yhd8#8qVS_%6HRWepZVoxICp`C{m9E=6hLv*= zB(lyMsm+PSKxE;)cm1JsTkQikmuNb1!x0n@&!&l!k;^xb2eMJ-w@ArFk}#XnC^-kH zCo|GQ%M>;j@D)A+nF1$V;f9)QBIC4sr(IAgqamG(Ghy(ZDQ|erHhWdsUF|)2baJ8h zqwF*D2@Z`L3&dL%2OL89#%Vh9hYMZgZb!m#Qr%I%Dy#A*Ck!1t<`0&w$UOO;w)Fwa6ys;kEOHCQQxAbW4_gHUTSbHwAJNs*GpAncp%^J)%nVvsO zf*2W=A2VsVI}mG4`GP4cCnq@SAJPtDH#U|+Il}IL5%TxG@o|23oI54HQR2B8Ke%^{ zI)SH=&P8sv410pv*_bJjT|Dvyuk7SRoQ(0*$3b6|c3qZ# ziNd|`@+?zU%5nvx{@f`n!NqHThbVmaYLA7w1QNuNjIr*U>Jt|$n4IdWIt`0#MQiPR zhTg~{H?Yg#@p@Gu?&etG1H)!fc=R@Rb)tX5rj7^6AL0h=mx&snt?;lDhb(-dfmqoz zoQ#NdfAVRf2@pGsV=88B$>g=X=u_oi|84HUf%?f`ut!wSPU(ZUoHgB-?wi+5U53pp zdo$Zi_y^&pj@}5w5|;S=NVZ8KMvrN|x*W$6(gZ91mk*OKJyj=f@p0ORkyXXR_Mp+8 ziJ?%D=T+%0o6XM!OUVYa^cz^>e1H`v)shr3q01WCYMUk0LrW}ZU4AHI;C$hsKtU=z z3tjiAblLeyIwFVQNn}_v4*LqjgpUkfPl)q%J3e}BxUd{23w%uXJxu?`z)R7F=sNz= zCGS40;W?o3li&^l1z5W+R&0-_j^NOu^zSpw(B~I!F@mrrMkzVUK{ormYReu?G4;mJ zJ$cYL!nND;NHi~2=nAz5ZjIsn=m08MjFg(-Z=|$R`Fx^=%c(@9q*luC#Ns9QUy@>U zuhj<39PFkUq6ph?uM+0;hpWF}i6KjJWDfF&ZC7^mwIn)OXka}KtOluBLvaN%JQ$3c zbVG$<*|D~uVfWSfj>U50a-K<2veCNZ4!d4ZfUs%OSP@1IMGTkq(gE^rSh#Q_zqSZ| z{pdn;(+AG7SC}w4#egpupUCF%-H70NtmQvSlqqHYe_VZKP+dW{WfBMy+#M1iXmEE3 z?!jGeaCdiicXxNUi$ied;_l8xF3#}Yn{Q@ns`ihr>N@AF>fPO^YwxvJvsh2&fa49B zzYXjMO8i##Nxj`VJVd|$UI25WvBQZx6 z5gjvBWp*<(Ht3X)%Kmm?@lqUxdy93pWbde`;WS6DWgti@{5bc|h}a4!^IUT^qV(ub z;ajZ#S!}QC3sC)GMmWhRr+T27?1c!!Kh;8fH`qInEv8jV+h@CNBsIYnwSYt!#F4d| zk-XIarSL!-wU&$rYAnm{;08Qq?!&d&qlR<*{IL(0)qP9Ed^QCzEr#*gR{xr<`^uke zvkSBw%G7waWy*pD9P!#hx=i=aEyq5>ScpxXAtfhoAEf2h*Zb8dW3Pwp5K~Y!(MqEk zV9)IlMZUZ0v}X*`?s&X2VU7t>r~^+tro+%z{G)yT19a4o^-`0ge&Z(nGkrF|NC#om+Dj8phmJJ(~(-Rk-rXZ*uT~pr49oF=*oNUjy=sQ;x9++w1f))vd z&J90{doA?%bxMD7Xg`(lBlF3}jo_8}ip5J?pZ5B+m4g&~ALTbSj055x|tT8Yf#-Ca;ncRUX$D$(9-nR!$Fpv{T}Bvfv49JoPPJ z?tlx>Z#*TmZWLVrMAL$_LYppu$Okb73QVDv$q{=4MPg`op1FmLD33u#torJYiv^Kl zi(mXpH(@kxi!huB(9Ob)mB&A6+nbZn32Q{D+57p(kngCweiI+DfHtTN6XOS2%MIg^ zBCf+A4Mzod5Zo0R8!4`3Eq*0HM#AG;`5lw}Lt?oWMf}_DmYT8@cxZ^Kc-@y&KyykC zt*Yx+Ar)0l3`B9))up8Qy9=ypO#!7S<}ESd>h0I~FdIam115d14^r2Ynk#u$ExC>j z=?_iQO&e6t1dKR`aC6dlsji_gozvL8RTw5H!`P+(;3>vtUYs|-ntxa#x&E7d`$m{4 z;t{dboQ>LzjM^w|Np*~e?-)=!^x&Kn&F&Vu3Stwvn4;|;d*FQbCI4z`_g(OhAQ>j{ zG`*)v6`ym^=ZuGkx&Dy3j@q*uOG2r!LI8H;hMKNCxpvn0#S}@m@r&;PYy4XWJl(q^ zHQyL#@Vm6s4-L%p6_I)9aO+?w9Bur<#hDh4 za50+~$UxR+wc1c}c7;_;o)WiS{ws4f_YeF;TXMWbdDNknGvPyX`n_H$W7E~4s$ znxR+WiGC$16;AJCP3Q?MC3Yf>9a4OMAxVgI#v_mYj}`!$k@!0iJV~G~VHmsF@~wU) z^~#JJDmK306v>(=!z`KqOD6_ZUd8Wjde^kS8fhs0n$V!rMuQE{L{PS|F&H8!dbCtW zM&EU-DBNSVks*r0JId__{u>w^d}3Hrd}_K&-WA1-qG*P7>O47Xsdf2xUIRdrBR^Sb zPFaJ@shyD2MZeoPTCt=pm(nm<(4!>pMn;TGIF-$}YQ?pI)>7Q@1`Zk^Aa}!GNi$=Gp8Q694_V z95L~?ye?9hHkQjlj^kqyMZX|gfs&v|jM}%2upzIRz&y3xN41Ndb}us#MGv=~&R}*N zz-;Qs2R|K$p~f|ke~+RTmSQ-vUq={Lb**4wx}yzu(?8hRmGG2e0FQHXg#}&5WNP4` zV9?dEM}${BHnK1WX7>#Z}#?yrbq6sott;-*&vQVnhOKxA6N6&R$qdtYi1>)hxY zJWD*x0vg0C_BnCpS|n=8(xdCR6UXISh(XLF;PK#Wb|JazXm}Ni2y&BHR|&6GUkw$S z$u@!!%1Un~saXM~Zm?D|JUI~*XfGM2PoB;dLRtHma!-2lLzN7@p%kwZSRFOvJu^gB zd{1oAi`m+XVBF7GPn9KKU>})xl*5-L&(WkyzoBW zk9bd&)SwCx1t*EWMQ{QN@0@RAI*9^+8~(dT;qSa6&`xX54|n}MR>P0?1gLH*xF3OT zEDFkv^)GyY;R)#%b3l^blf6N5uGd6fH2lumE@H%S0-W z9*x(C#a&PjlV~Z@N|N=9r)}UhWA9c^W1+uw4Q-IB4mT8mGcK9scGmGTQ(E=@`-R{$ zfjd6O46kBZpWde*&BvQ~1ZTs~pSejQ=YAr49Jw+S@1Eych;UAHbwtU6u~Ll8n71I+P{&?~{xhRWuhZs>@fP`=e9g%O-`U%NmM6rDV~K0b>?Q zUGvS4d*)whkI2qhbzHVCYdn_@3n^lu_!0wM`XmQ7XOX8ixs6>qGHU_jg4~Yxfjo$z zz`w;TDzH|rA}GH3JftqG?4;WcVTfp41cVnek8`C9f-<%1uVzapPLmxt&|tSiJ$EWn<>Ucc2558ArS)HUa?lX zb?$0#RvofO$1rc*|NK5g_^PK#$&)3f#dUkR6_J9jXe#UUqpuA`RROg4{<=w~d;nHrt91X`u-+U(+wwU1JM3 z_4_xhoQh4d-NvtmdKLESGnF>Y;TL6*-zw0q;(xQn6xPf7wSzfq%}slUhxrvtb(oH| z-bgMsWH>VJQKblof1(_&Qqm=2;ohmrHR_zXZB2q%S+}s&v`1 zMg1z@5-w2WP&ml=vI|lQgn66_Zyry{A;F4jr&R|nsz0Qm4z+2kFuLaG_ds-~rLQQyo_FS{6;=7Kl z)?C9$cvDA_ktdGDs??Okv;ZyMsbR-`RZoQixtR6}W&|Yjdmm<`^|>a7vn*qM@QB3kRto4L9SR$($Ld9l&SJ*8?MYy9~* z1l&AH&={J0+1g>phrL;6-US3M#81D7aqSW)$FwGo^rfB+iCLN~vWrE-9oV!v32qq>>uGcf5HsL-w^U;CnyCnh%B^=3e70sCYC>*aG3&IL zFK{KlN5p4S)MI8Z+27wct>pUzEt_#}kU^}E8|YF35R4#gs6XbENk0cen@)!<2Dk*gnnWa6$AV<<@u%KdH? z-&80o(Ph=xBMcDfg3yBOOD8aqFDzY#r!v@f~HkQ^w(TNCb5!-*a89SU>kSAKluK6 z*SGqXgZA#G^JOlVI-DU}oQgAf%Vt}hA)j^XIfiIavj(v*iQ$v5a%3piyCl@D7jQ<( zXjDAYgjmU9JUhh9%G%XPwOA(W$uz!|B2*FWOa-Dr$lM+`kAC$2CO6rPCg}SmJ>Muv zRq7a^Ys_m}8rJaV`8il+`O^k#gf&KMQ^4@F7(I{LPDA3mVediP5G+x#;aFf?@r{3^ z*$IT6+lr=2obTT$Qqx^&IXVXB$xNuC8pC}a<%P(%$KqA9USkSbm%!;LHPKuLdv(!j zQWdGW7+U*DML*+ugS8is2zPHe(l5ON6?GX8QX z@r_i4`P#;G27P`xzvt0?JlqU4&m>i|n17$rL zj;NL4+99WYXIM1=H+MX5mPy#^E_*5vkYJQ0Ax@$JPq3zw`&NnBJMU?<9!1FyL%rLc zZWIPNpEj{3b55ej`EDLp(d|O0zMOC}F@2I^H=h=IB9`6XO_-U4asXqt+t0Y@Z6?yP?Pz@e6_>9JH-+nnwi+#rFQ-}LmIA3E)zNr}jd=^`nud0P zyt4=5%^F{$cf|U>NoTJs+UrB1DQj}GUC1Hs!u~~jOTBwi{N)KCUSXvO@v}N6P(q0A zm)c~av_d)cJl?U~k)AUcsU%?NrMVMtkOD=kZZK<}yfCkT7P+eb9Jo#^PAVr;?(gJUhTSLUl1#4$A%u z_xEIPQN6c&B+D}%gxAMjs`J?CKyPI*3OQblD&E3T*qs+C=$l#Y?3+#^A zPC5dRHlW*Jd^2Lu!c3at?xn0UbP}Uo=*G-H6gXeswrQX@(-pei){4p8oe|@vML!gP zG6Q3i=;KXU6;f2z-TWum>$Hp?-z%zdbrmaHw2?T;cucce{515#K4% zZ>%dhVkzNISR(?h0me(lWU;|5k1#7}Qq-V2fjH&lSf^wDztinA)%PJpkIPuYpFY#g zM9VE(JtOCn(~kPi*7esMb)fF zpcNHY3OCR*g|-KZoySF5Z5D1lRreE~uh-wh)*}c}0z@)^I8=$*qb%&7>Q#(#NTrot zwB~*<9~8<@jTgV4c;+r+J%=8kYrEI-UgS;Kj&rtTK|~=6S&ibjjhq20EXPiCtmi&M zoU5TMAO*z%6F+y;9(1+CDLhSx1O>Ef5&hgHBS`@7%D>2dWWWh`SFuIAyDZMD@*F$Z zQb}EZoQUb{zS2E~J)GMLb)LY=p$)0+Z3l6F)yooniRV^@VL)!&=Z@U1nNvr_ZFgsK^ zuB+5F!COul%oBy1H{4u`uC&4P_(&8RVMf+_J5J)FDDq%PvVEyaDAHpa=DxCjin93o z9u**ILc5jq?rAdx#mn11I%mbjsPQ+gqR4cktgAkSdxKL_rPzT)?$pi5L2e*gD+*?D z<>X8GhkBd2OGO^4iVcP`O#TPoKN^zTY_qv>jNJV~zp&onCPiq@8g7osd-?ViaE6p{ z4bE>%y;{*@@|uUjU5j_VlzBymcy(mD^FaG_kcNk@OeJ|(TXx9*4PsvmEv~|U5^Jug zZ231MAA{x@`Dm!&YJUBN*F{BuaJd;Z#wdRD{@=2-D8V;6f|#K}hFQ}c$xg_l44`C5 zgO#-BhgCmqYCYNmM32Po4E2mky-I{9vZI~^+vgeGT1PS52eA|SS@A&s={^hB>2+eS z>=S~?Fo2?J_4(F@A-}}A`@9q1C$iP}i(TU>e|M|J>0NM<|y2r;1~k2hMC)8}#_nSDToe(0l&j zD}dbRB;3%&&jVzpQ9GXLU$}kQN5Ucyed~x9K#%Uq)}{&7jTx7mTh$M8|GW>J+)Lv{ zGhq0pXi^N$32u%T${<_ie&KMMX*o>U56^Q6uKIMu8E?qCz(adNjT?%c!}xy#{w4#> zetJ9Z1LAuIlZo5P`8=x8C!)cPZF3V7wxIfvhqf!7l`4pJdOJakH^@bB_7np(6$s-p zr#Y%qfIUMYKx9knboAH}ynBBjef953;_Pt;E3)K?f}yU8p+R<|u-{&pvefv!ib7u*@R z8J$%%877W}A`>Xm=NW|!Un}XuTuD3Lc8;mR^uPsPn*qC3d_10!0JZ(AC~J1??&eQq z)&)P&hMTup_+eNlxK~_#DoKL1H;Go!&4%ZG^5b%~vQ$B>39=vm#SjLO*}ZJ}h2~|M zDkXOZ)R@*k8g2i4xStzrCi1C?VyDpJ_+}L}J6BQnlI2E4;KE00X0pp5pec7=MC9|> zk@?%zku?kDwj7tAL=4$i{s3mTNhmn}?XihOtcDQ3xL!=#RUeCJifF|{F~Am!XzcNH zQNhEDDV;rQ?9J?J@*L(=PpXBLh<07t?Sd;?9xeyUsc*oD9{86-Bi>3D@k`Jy`122m zlBQG}A6d8b96uh1sl%By4~eLF+&o!LR6#)?zDtkA_MzbKJ}4g4_g<*&^6Jf zA+-Q&Xn4~(@%jA={O^|XVVt;jCvR-5unoTyW~ z3#r9)B|GfrE(Y`%in3C|1n*AFJ@n&*E{FG>1_SB)MrW@9U~j3pdF5`~+fy8P7xnvM zvj#s_D|WXTpXu9Ti|OnS&IE)gS5HXm-$pYYS0jHCa5O4c&*J=fy7V}hyp!eBVU3p? z#=HAMm^5pw1PXRHY}oWr&jauE$>Ogio+o}7NzLyU6&+K)OOU$kVKDdoJ!w+6_pMZt zUx=N)g!Gf5Y%jRU%B;V}+PWLZ4f$>0_=R&`C3ih%(>-ibBOPC!fTM{kKG0`EzPM%) z-j#|z(~$v}TX*c#wfSIFht09`EYjsdM}`Q|`s!B&fG?!WfbLjm`d zgywoLSuth4YaKvFu#}>XQ>dRK43MRb)YZYKb1+e{+*t_M9QyrjSqZ5rOi=|rOD`w#n$l24~O=^_~a@ox|@GtMy z4Q0%_&I5uRp%zgJj#>a|?RiY!T802AD19$%bApfyOe%o`BW;UL|6*K$8SCz6`ORR) zyD^g`R9IDGy8Mf+qnh66#;R2GV4IJtK}; zQ?rp_MP&!@NjV`5WM6=LJmPg5Sr@~!ElVX`Pj@{TE&@@*0^ayGm5)3de^eXCu2x(4 z4{+7=?GjeJ3uY!hp&URzokp7us4Ym^4HMgizFzSBdbl_H(2iRC5p$uYB4&~Bc;Ko0 z4o~&Bvw4+p;Qn2Y7i(_v-*~GNO?Wae_!)co`Fs_n;lg|RNWPdzREzfPRKctP&1o*+ zr9Wx0V5M`;xI^G+1-hKPJ0 zmehF^cO_{_b$A{E0vzP<;Ny`5uyQy&>Mr(Rv-kCWtz0Z%2Okc@H}?=U@G>^1I@9Wg z3_z2LVS26(=z}?*J){FXcI&A9)WHg*>##P05+aCQ*~M^U36{;g9r=9(Da8n*jU>L8U`)5fjwmYb(OIKK@EbH?T%P)L_WSjnz!N%SC2w8a= z(CQZsS-glow}`S|T@8tZA)+XP$}2E?N3TsPM>_%n_NDG7s6-Pt_5JE|N$?6-_dI-b*?h0~{2vL!FQTMHq#D*TF@%JSm+LS`5~@pZrcAV=M4 z;cVqq$*`Ue@?<|SIVHM$^@ft!`NL(D`flFRRS7D9YJ- z+D_$AV9I%=g>GH<9xgtaq^^V-93{jWr!3%(es+SNuQPS^zU+bXP+IPA`JOWVm%_y! z>I?K9I$aDLGCKUyS>;~{SM<8l-UZ9ii<(_U2h6T0qKENZ&$UCz7i-_A{R zE?y0|bYBW0YhU7dGx(}6|BXDT%E7;ZPhiy_J+Zy{fsb9r$8T0;fbuI3ynkm#1>g5; z?a$w?oRxB)+TIJ_ZzsrNBy&zt{=Vt8HN?B;)y(e>-~J$*>_o{}o0~Wxbpq;0JGz4aIH>{>h^V87YYIv1rrl>OHuZHaGOgL(MrL(Zf4YMWtr4;t^vj+% ziznPwLQmwiC}h)^2SZD%zBV<*b4SfBLQ&ws#`{=t+Qz$u3UW*ILs_vvqFRkO@$PYk zdB$@#5$B2?=Mp$x511E)MLvFZ2krC|Io4|3y8XtfZLIyBDNk}quY)*xFAB+3_AAlr zgx8SYV%Jv3y%P#P6a1w(vjd>bx)?$(!$@On)4v9M)#1y64rNc$EPqm$DV>0$abhSb~O+ zStgImB;4e`e^)J!JAqvMeMs`-!}F^gfa=H-PoN^OPV4UqVMhz19Z9)VGyFu)KJ5hN z`}?q-;5*3+I>(Xa-HsIhBTI6(Hci2hyX?01cRE0Qj3<&uZqyMay8QkbhwtBv zY1Q7%V2~G#ZNM-_+HVtvBh6BHz5|BxmZlV-Uvj>mLOMN1vcX@BQBcVoKTfJOyH!)8 z__}lxeC8HPOx}w~*=`yWe{|ZnN)vDDBpUc3RKGU}wD#2Kxrd~CULw>P$`ljgkj%`G za%|HHcRj;8;H&69*}7oHYhfF-w1k$*UnrNqlxALo3sr z{UT#ys7-J|__MHxRh_DTq`)O}3lckzaX2;RD}-Hku!rki!*Ds@`KmeGdYLf5=)yXx z8;$jG3YX(g-Lylm>3+dZUta)wmA<=t>=tI{@4B-dt9o6yXMgk{%`yB>a8rDc%o&LC zb74B5_sFAJPN?Cd;_c0INA1?~d@YX56(QyxXd~(vsYK!rh zIP|&UpvZwcuPxtUA;h85&9#+fS!#|QzHKgThEM^me*U>Dghj@T`<{S%x!!@p?NWZP zw6I$ys?y)2QJeid=vWNbm1^egWu`I1)*#+Nq&t{f5~8*R2>&E?^O z;j_aHM?ce?_eyTA0=~uoESsSiByZ%b%scLa$2?Iygick_vVYWk9*Ge_m@DH%Lf3%7 zgRf`n1h^iEpYwdMGOzDMYad1bw(t~<1x8Y|n{d!48~_*V8LqD5SPYjRu<6@;5!r9Y zz$q+fWWbi@Zqv8Evsu{F-#Q;*@50eP{ZEls&P|3{QkKpn7KjM+Lv~S#zq2~{zMA=c zRP?W7qA~Sm$<(3Kpkb{|FobN4JT05Yp+!QO9#hm!0FPw9@X^2t?X^-0C^6?$`y#ppNFAOgE|8 zp{{6@J@y{=c@!Pi6E1vt|3eG@q`aXz%DRN-rxXt84D!$c&L3gtEEZp!eS)+6#w zVLe1{uuGr=gUkb_&b9eFB@y3=Tit+`V*MBO`97YG(YcVi*K^2K8k3}9X5%;9fa~25 z4mlPKUFJy9FXVz>$fy0_v=OCG2Km>$U!NpHGANRj=M+ymZkyAeZYoUK`WG%=S?H=Z z4BTnn7AI_V%I7$XZ|-3cSXzRN%#`bnPCNTw9w!)e(gkGuZ!@H^QhHyuLzP&NMa$7I z{zj8FC15>>a<1Q_mErs-knx9>@cnQ5P73GvC(itvyi#NODNq_KcEgZ0b`!H$lcIPN zGY2Tm5>3C5wz_U{@&49_-(1lX!CI2vR8-CO+<1!{DgWQNKcN4|;$(8!+Dkt=sRIzK zLKc(Ll+@|IF3vt!rTG-EBSSk*QlB$aN^_&bg$QOKr((*%;D-DMNNzvsk>F(-ofqEX z!xMt}%uD+>8g#lc;4jT@Yc4+3;!K~3^z-?6y2P2Jvhm?#KmEsiQT)*Hey*+Lmo<8# zhmJ3Vg4BqF3UwuB#5_N1{~NK>OVgmE9ZSvB2r~DG>5+N+KUhB+Gm?Uvv`&N(DEtqf zmY0{~T;mn097x;RY;q%n5XhDD0x>B6JRx2RLdPd05EReZac5zc6P2E&s-S=W{J$+! z`O8X@jMmxy-rjd=YHGs`HPA0ahvjngeYyV^-G8+|=0xh#u(oq<<@1y|Ynbx8$-h7U_v8N?g&(r8 zFKJUhCKij-|8>RxylF<>mz3>kEY(Ef|L-9R{v>K1LQP|w_#Y4a&xG)W&d(8Kjl3Xu zEt;2{npS~T=gm=}5Wm-VX%45Q?Fo8n zukHs>C;ZPaB7MdxZh7HfMa`#2D{y*p2>YH?R99`dfCwt8?0!pNSfyZ*NrLA7{26%Y z?EgDDUa3&xj#>h%w840yuhyU+zq#{+5xvxGl~G5m@Owcetp3|~HnzGSHCE?kzi6T2 z72{0JR>{it9an`2Hr7aD5{j;C=Xw5UY6g#xVMIc8w;l4z4N+`&zi)iafT#e#wdOLd zm14gtaCr3S6XEv?=asdmsXIn(&mx!|$0mfHlNJY!?Y58k?&g&y(A&=H#~6)96OFg^ ze0oG_o@?Gk=s97DD%SAjTe?mvhRDQPYB&W@qUXK;$=xXtG=ts#s>_RdhTlUE_|m{A z^}Ass(SFo%r4LxuFJP2MsBSb=jdy_jc#2yZvR#IMRYfG9BHv|ud^S0^SMD>D4P2LZ za{4?1v&LrnifhYY4JYPHx`0At<5!*`Yf%1s0kgu}xj$DZ;HsbGt@fB=n5pvlj+;=J zt-Qi0;iVmkBnFR#;``y31*!eGsMHorb)Yf3Vg_+j)FMrt-3ISGZ!Mt%z0E4w+kTF7 z=aVE#Vm1#_MiIVT3hQgrkiM;rLLS%~oD4TN3ziztpt(MFqy0wXkzcq&4)k$~+H`Qi zJnO$yvS8t>KSEgefct40sd#<`uA8>#?$nt zF-meEO+=iYv5=gzesubwfJAnS2RJj42Th>E1{%;(BlnOr$*bqKe;swG3Ef%|2ffB??EJUA z`NgXDU6R{CG6QX$)gWNW9wrpjO|SSPDfwjXH!-GC-PRj?)l;d8MrsVRhZ_fw;_mODFixyA^OrDP zCj?b4{~w}JRujmF0=Y>LON*Ne0Sp}U6F~!Srg-g-r)O zylL)zyfP&)-ziz~MgWfu(cFXgiuDvTtaG&+W<~QMnb{7MtGn~fQ#sqX|HWLTx8 zm+1!gm00*ZBZ7QTIkhU(dA;p+-$91<0%v9lY$#Pa|1S&`lNiIfrzUkr#E11hc(|8u zGrVQSKU75}PgX_$D?awB%!eNPl_#^u{+igY`bz7FC*{_33TiA*b zSQ=oHE4HsfL1Df-i&(Jj)=@ffS2YneR^nJx;2z3XG+BH{VmvtOI zQR0gvJ=0|_fQyAL1@K^qtMeVr*;D7Y?q^Zo!+1WN2x6_s(ShnHc(=!2Ri4CVBy-#f zWi%2^9c7J&Z2a0?cfJ(F0Tv`6K|sYzN|8y2wbcPH#IoV)&*$vU=ZXm7b9aT74!JEM zH%8vuGkio~Dg3j1Ws}i?09&xL$+Ou`k3`v8hsgjJ!fLjxBsS#PE+TwEB%1G*`vb}tp7fQM0L7OBFfWZ z;G=P11#U8)jotAAEj9J4t)KZdb9p_*J(efYJchJL+(J1yY48+(9Lef z>m>KNnDQ7QD#amjx3zMz>s_@KsfSDb`zA*A>gNJPntQ7u9u>8nMJDUh^a6cK_A|-e zO0yJ>PI7GG1ZI*NFx&b5UaO5-O3Ur+UR+DYUB zw&Ielzb-xW$$8$uvcwkPBx|c>=xN62h)d5{U9q(q6|dS8+6!fQILX)o7hJ?yq~#Oe{n7$jKtPXHXEEQ%ky9B`yIVm<0N|0H_X;(7ek>!(xGTBOG!!S|Ut+ttQx zBq!-D$At7nHK9>j+@L=Bje#e%&3?Sw;X4i=3?q+d{iE?Ak4njPuZsEgVru4|SJ16G z_FgnTLP4Om8~C#WiI^N=M6bJmhjy+-C42)tSE^$_gwfgd!>`&wvhA1mhu4V3yVY9a zY-<=|@!-LCF0|6N2J9W2gQmDS9QoVO{nzq@ghw+Uq855wQ&ge#wWlw&=2dk(vj?z{u504S}ngL7AH32Oo5 zbSWqanjNs#7pu3qUlm*4-NccM*I1zLh5b(505yf*&NkcdE`fCj(boO8H|HE4O`2w% z{27a3Z(Mj&LEjRrr{U4fN6MG3 z6PoetX%JE?827F5URc`+RCRPp&+Nka-a_q%qwD&4z1_*e)M>9{BR)WH9-=*L;F87c z@B>@!hS$d4da!;&=PE&bad)D#u9g2${|1s>eOT+(FA%pf9E`$#-dEd(!1z&iz5QD7 z*pPe8Uuj)>}4TyHRMt)@TIQ7<2bk5QYx zBpw!}=!P#hn6w;~JVV=G*XI?Mq9U7-=&8CQ+H|)eNESQ`N5!MkZn8Mw7`zhKA?pgj zr#)uW{@vL9SK(N4Kho|qJlmu-4M~@5Ev|vGNZ|{0dKO7clhgfnHj8319NwnhbW9HP zI%fpD4m@ksIq%abYjeZ&E8f(e#67y&E?Xm}u@Y+(Y1O^VfcCM3wYTNQJ^uc@Uk=`V zI;|0!DPC~BLZQj^og?WEkhM@VT+l^ZRznGVW)osp-#4!2jr@6&Vn|EhZ~CgJ(ur}C zQu+JQS2ET6)o7{B8;^LyQzpTzj)ww@JPGt~OwNmLGV$bJw9`X*Ew+n{MDhVp6)|q} zd}m5P$)d9|le$Vga)7R;Zd*MLw3_Ai_p!a&sMdZE|78+hA;w?$5bZ z6D1j?xWhaY6#azgB_d?lKNv9=6*lPcXnFGvPT4`4y?B!kGoSkhU%)n}2dY+!box`1 za8?1Fjg1e%PkThHN_QPA&Q$;Fgla!bIBec4O4I6q3(8f2#{^x6Ri;1HZDWejhWq($ zOA5JRx}GJn5)*nBN-Zu#L4)!W!cWyIq{=R%fWdP)A7@ltcaG|NIAxaCZHMfkbV?I# z{bhth61V*z~Bmz}_f7xNex0<9}r{HJKQ?;tTxN!sAjf#l4x4}1)$Ga!tHDdg0S?~9^9l*{{k=$IOfG}SE?glJ zARhVN(J`LvmTvHsSQ!UsS7vIa)msK#l};!4PHR)V4aB!tc#-|iS-9lC;j?kfam|x8 zR6f_~Yec7>ebZ7E`+S>&>;38&c}eCpKMPw|zzAcu%r*P5e1CJ?p0EG0ATT@a9%ZaQ{*Ve#Qd~;gX#D zgKpw4!_U>*E>MFbyJ0kjTO=xyHos3PVf&qmyk|xp{`U3Y)7J!RPk=oU&(h{d%C5n` z5ENrt4$=r3$NdS%h}9yiEcAr^U|oB&k(TPE(|;=E!n8xLl6P8wsy`&EzUzA3sT}jG zB5mF!6W$sE4^_Rd>pJA{HXG&YAVd)vd!mr@uHjdKu|Lr+E!KS}3zzxB9O4CP@n3th zzrLOF=D1+gJX1Af%m-21$HBNyHAxt`IP$1=IsFTm^n>K+#k@9AgNf-be+zANzw+%8 zoQT)(vTls^Zrl}FjP~b4$rjVMWVT$l!|ZV}z{Q-8Lc!Xeb1tyvws28a?5?_H5L2U~Oiq`KsL1GdhUGe|HePDIFG)e4udf*O=maN z9fKzy&4G-GZ6YZk^fs?C3%gr9(qAiCJlE!3Z-b!{_D2IciFt6 zAUw@5%ED_|exMrZ)DI1!zkS9e#tuV~-RHmHp+Es??)DHTGg@y%h2XnABb!6saJ2;Z zsl5`FW}L>oT+Jq~dw~H>K(`TI zk8>zrzSc1#vlZ$cPEofkni(^BMEr9FmK<8d{XAmfO4iafxR_#?c!m;LKm*LLESC;h z>N8TjJgIVD5Omb)#*ll2JK#inc+1$nUDxRko$P08V=kcF!5S5b?KKQ+M=^Jzhy z6d_O?){e1wuZO?X<-^>Z5 z8&ww`HxD(Cv|2k0TWEc_y*#ZoI9HX)f-AJ+&Z z5)Y5#xw4Gqu8XmoHqIoUzwFw$l!4*CCZfHQAj`B@OzExF|8cU-D(g2ts(T$%k-}%)zx(TMha! zFCe$4owNO4IvMNYwnZ?WQ$!A{B9(g0P+!5589L5z;HQ993MBYz?ey(;Je$QBZ}8T? zXQeHd*AYp>fARRHCoNY|+ikdPp3v4*j<~;&ihj=dp7Y#4;NIu!!w)Rnd#yR<9OHe* z7;B6C`Pq7n6_C_^Qy-*z$fI3AN8GKVxLzn#nM4LYW`Yomd$;Q zH;8}BIz^utTwTH9d?7XX`1nPIyOZY~CM5&0WA{6W>ngPiOm-Tt#6bG97|V_@_{_TL zLG!4S`7|TE`LNUqA{A{@2f{_{ZkjCGM$Ow5IJKJ#DE5AM+qKFj7qd+_TK6(&*`kDX z%z;BoD)@MRczmAMor{&Rg1-r3tlmo7*n(MVIcI{6_W3@ND+W=9^02 zIZ2;)vv9Q9A14KR4h=93oh1k1GhT}yQV!3C*c)(DCTB+qDlBjKGnF|I5HSqypZ<80 z;6`m)kJu1E>Ef!cqZ5*S>$GMoj!qcW#(JARwmoyT)UgrdvK-*JH{K+&xH#^?SZQc5 zXK~%rVermx!F!8efZlK0b;Z${*m+-q>&5_eEUGZjc_AdmPyXf2uH#X7 zVr@u~*^IHL^dUE0+Cn>{9SnH-^#K)eM zZrecL4qVo4W|qD+NpC2DQ=+_G$GFjETOpOxI5MeTK)pSqXZM|4ciL@7-AQo2QRbaK zm-5^*A(l&c@eXT4@c3eM49~0wJAQQDtg&~bnNyYV*P9@Zq{h3FTJxHafm`-|$Jvc; zyRQm5AGjSOk1GdLdT4hujJ8;3D)~atr(YDD4?b{99;>|3C}w}&vQ2^XBMip`OHa1> zrE1!YPf%7q&aASG0BHa2-r9qH*EW%Noms#@}7y;=cNytZZj zsFA?n2WDPhk~Vs?W}OSv#cOGa*oN==kzdOcBi$#(bSG8td9{3K7*O|>M8Tkwg9n4eDfQ6L$UE=ib&yS@F^?LEG5y@sM|Ex`EL~(f zJtNUu8aae{GM~#fdb~Cn(9|~z?J?3{yxB#3qju-?0%?owXX8;sbCR{kPUj_w#6iAR zHu8)it;b9tN4Q1XZUslTw47~8Ih>=>s@a>jF@ZTW?W)>Fa+Z1M_DS@D_E%wxE7p1O zuLKreOClo-KurB~WHZ*{fxy}&Z7`hWeXF;0m=~3^hGSbhseAK@!!bx5Nr&&I2} zw19);W}eT{s0!Xqtz{G3WW{g}Cx(uF>I(kvwYyduMD)sF0}tfK4a>+ZHQb@z3+u#} zOd6G@cMru(K`nnM9Lo>L7H^Sk*$)^Zi7;u z6W6ZG>Ikfg2{V2TFBuShY9;vXQ31qM{Bm}Li8&6drFFdFEvMYRr0zf9maYz zyDfxD5#IUcn0K?q@%Indov+_4UWgd0G*FL7?4+!DdN%~|#wFLMs3X1RCibDnz{Y4_ zVtK`X%xg)MkN0;kfRRT%I^RtWTMVocb<*dbuvaQ&YYcwu8S%-QIWnoK;bQt=GnM+0 zJ585Rye~VKV}u@nwYWNvk1u8unY9wky6T;icI&$uNV z!;??5T<{jn`_?*C+Uv5b;gr(#tm=HSY>TDoopq4K)`}|WB2v5XoyMS${qmS<8#_d|5`fIp@#d`!523L4)uiBYK z2}<3)(H0+1h54@`>zg>a;e?`kdJypNVS4koaiN)4$EhDDwEZ?d@y~TyFMVF?2kpLn zbhn5~a@%7shbF)3oIDFzIJqBSSJ4dA$6eX^ap~Hd=q9`#v2>-v>;m3j%hG=P-SbM#|DxEQ$!#gJOaFAzl8VKl54}O@>!n<5<|;n_r(s z6&rcK>8J=bicqnnqAu)NMXwe~ZV3pO^c)lJxaBNdr?H6gvasq#a?Ov1_@q5gGAfeM zFkzX{WZy;9gm?$vFQ@K;MPKLQhGJ%2dz{@tD>YJZaheGAd$gfkKo)u!zwa#(5LNwTB5#JwjL-#tLdU%vw z<4|v|w}$a@QIhZp6=vm3$7sy5HM@cj z*j7+?elqW!eAZ{MQS^HL{_WIjoS@Gtj~V>w;3Kr{Rj#h*LTx; zkqd%#l_jA5(o3T>D(N$SiAvwNlhtz2n{bfF&1dhPM#^O~m!@gsSw!Szxo<+nSfvrmkS1-{&x z8@2GUB7Z8Je;FrOhc@|*Q7!(+0qxt27cJA50t-Qu+(tk8l1B7`HPe>y7OGco8>t*K zKEH3R;#%|0o!Hf|Yb(i2AJO!lwhsWkbfSG>dhCwaO@7#3Q0>lmTT{5ea8~bAviNJ) zZvEZ};&>iUPT+|4&6J8=w+5rmYd+(Y3WdEdi)TD*`HEiL-r0@OAsvWY4p2NJpk+f} z-j}|Uu0sl7G?YDV=U(TQ&l$yq<-`myiXz4h*OyH?_s!lguHAQaanGCgC9ea8?YDG? zh825z`?|iGmFT|f^? z52>&HIfm>#6@ef_`6~8EDof%W{hd4oQfgkC-w38;vYOJQMr1OI zpN@?AlG0!l6Dsl$XJGce5gs10K{?F&(PwKXHqmA~P`44c@8-)b+=N%00yy~B!?}aR z@%9q^t)5omq{e#XjJ_$P7Q;*V`Ml-ZF*uP`%8B?RadnE5x5U;9+VqZPQtG6i-IbtQ z5?dzCpHt|2=!EBgUqY^x9_s2>4#$zUkG3OQ&WZlqjec&`PC5{$f8^%8^6ed#8?-Q7 zMVc7fdE$F!*(6kOaCd@>jj!t5(FVzu_wt+IlZhL$-I3jB@*e_j%ZkXWvp+S0vR`IN zH}-^nGfS1SoS0VIpWCaz9ypk}vl%&E#_@|Xd+u^L&U#%Qm>O66>^cl}p|l5Xcj z0!~U5gsVtq=b5 zqG~ufwbG|N4Jkzag3L#^@Ca0^UDN2R?@3b1wZ-8T@W;WuR_oZ2D&Lsp>GW;GBdSc6YUqAk^ zaMq&J8%j0O50;;%62d!1_8#%obxeIne(pW)ytHy$H};)&`&E2mHP-uEsrCr}>wp#4 z(eN0rOs<(-*Osdv#KN#|48*b8p4;zWk#9vgC^1vw4Q*;v znMe2jycrByZcKoF|KOTTUD8o(fd1C(qnf)>mQIt4K3%zsxokGGa*4o5h}uLa+4^?0 z+Joqp$aA=rq$15tLt;5c?lq02v?0Z02TMf&* zQY>gCtY9EvSw2986zCOnEYQC+Bo7_%ZDqe*3+AJ@=ZjJ%jQ}ds3tc00i}!*VoOG>( zkAZq@BN4mR%vH~53|F!?TtPa;KVq~5{3h)+YIhbFKg!1M?x9LgN1cuBnrQPz1%8lbxBJM^8W!VRGU7I8BCdiAO9jfg6xW*Kd zHhDsd`dFx>7mMu_f8=|%&*=0sl|ZtD;oUzpAtTb{A7!2AB>F0M?FNxnF3xjJO(OF4 z`_VPKtL@&2z&n<{npRKWF5@AkS4f%3uzP7oP<@~9D&tocI*xq$9fePg#|X>b7x)JW zGQzOzPuk{MWhVT=M+Bt^Rae|>YTAua$m6dz>K23COLbbjDmPnSoQB(mv=te7^4M7 z7B$_w&Be}h3$!N&OZ02`bXw8aEic(4g7RMuYwi<*fn0sbB>{n^ry?(s!^SP z#p>G$FHm4oG_b85Oo>aSl@6lYjrTGtFAqO54^+n8@7WDjW3qp5z=dhYpVFKRMW2!0 zP~(<~&&0iWen!<%$6IG?QJF<+X9+b}cR;vP<$FXa3fGsZF4O)}PJVoeo>8mQEW*#9 zYnsT2FvuXHRYkCpvJ5iJTJI)lk-`i%Wo> zlSQvcnVZahtZ}VQ{4Og#9~a%5(vTvhgGh+t8f%Ft4^^?|uJ7Eouc2A%;y0cPuO!i~ zJZz`r%0243BDo$yi!VgwkxIY>qS!@i`lX(t35Xz~w8p9LA&qsF5=n3R?~Ed-iO*B6sPxHr%319KnJV=g z7@`X=CYey#bpx$ai7Z8y%F!7w+#K-q4q44HwH(&V5f>w49tq_>3F&AOw>`^F%$)%Zi516<+InKI01aRPM#k zVZSQ~(+yC|y1%rmFOwVQ=q$*8n$Nz2A^278=imf6O0O`xP+O_9it6^5Goy4`X9w)! zU&nk6M*|{_{9VH*gy3TXRbU(o$)X<=f=m2s%&g?;Q(~O|RqY6Y761#0k&h~mFbMTO zswscfgnmFv7u$6FTaNm#YDyGFpx}@+hbkWRzwYOgN65Y#qpGd)`=2*jj*6&sh7K6Qey=PW0KyPX#irj0rw6vg);rstru=Wk=2I;%i7!ymDTMKyiT^)qJ;~Am>0Jr_HKyNF4qOT$Km<($yn#3V z_@70fVjoCirvHBIUti?wL`fG5jnB{(`BOjqZ$khcf%vaa{{8O%KH}e|=xNgaccT8y zZUK!d6Ooen$1rzvp)~2SFLFzoo0rtOJ3DbCgS#LfM*p#@st`cS2V59gp9+a7Dbjr} z&PRBAPS<-vm$7v`d`5Wg5QK$=^9l=@dON$jNoZ(Z#%a5~xxL)~%;R~B(*m64C0FIN zX8t)>=C_@o@BlV&qRvS1=Z0kIYv%{El`iX{Y`;$XT-)f2X7{{xkVB)CN&fICHQnUy zd~q;~zTO?$@evL^A|U||v(n)oq#1(yHc!Tae2sMa9~}x4lvV$LhR(c9f|pj}{*vTn z&j7>xs!dTe`ERHM%%>{8bu?47+-Lx+@$q(_ijL0m^zqS23^*vY%540tgu@K z?uRTEGiAhClU0tQ&nD_Q?YE>BfEg2$mbSD6ErdT20y+T3j=^Hf8LFeEoZi47;_$1pRY~H29i@jim=9_9*rE?(~YU&WKom)V0^oDD}R@+g30G0D4 z1nc!7E&0$n*>4;_kz7e}USg!p<5U})K4eB7;r+?QEc;h~zN^E@WjRenZM!~Iw)4S= zYczY*>AVE%>yrQ;)tupm7Qs+0Q2!t%Apur_2g^@#nJw-7!Qyl#G+q1UVYNLjlPA{5 zn^X`zoqSAxT!@zC2?Tly4Sqg8+?;eEpSHmeuC)3*f6VYFm@3ub4Iy}kWzZec1{A}e z0Ox(J55GIMsA<^}Kd&+Di(*CX8$#-R_J@c9h<=f;63!s}lfB%b&U~{qXqESv44Nxc zWysXo!Bo|Rcv!R>pmW(Tu02`)`LJ9zYtdaZGo$v)Zu{^M-L7Tb_Sr5mN_3U`M({{%zOmDeh5@!LW=uiW+FRnhXR#rFemkD_hykw7{^fW9KR&~J zA7mSc<@&iqpRS=HO-53?_Dfrq%8o`9H8t_eN()+UiV+ptELh=?zI1O5C4F_x`RCgL zKyOFo7v_=Z-x}3Qbkh9_*e$b)nF`U{Q^@b=dw(c7IXOE34BwkrhHEV6eY;mh{;m}T zuvVi=iCoxEPfiD*HI7li`ny;KBQY@qRxr6z)yt)lAGd#M>M+B@2N8?>ag%&t zDfuGtR$p`;JmHllJ|wjQG65$BGh+%;4xmu{>s4LdMMXssJr6hQ;eugM3s|lOiGLL9 z`x5Zj`6Tx6CqYiCQRE^uTqMJ+8Yzq4DG%fo=-S*{DVQv4{ZUwGz-KdFcr z@J-TUp?Jclsb(cb0XL5VT+?b*TRVIDoIE)>8NUMABCiofB5C#S<3?ctbFV@(@cPw2 z^8rdjnD5Tszd{K7^ShX1qVtt_=){;_^OJScQvd)IEFNw4B$tCJB_UX=?v=EpsUxl>A#l;)K4$Rvp-WU(3yfZ1e)iO3Q z8IRhFLwNr5!HiH~<*H(+MxGk8h=_bbLP9>wJ9PXw-)@OTb(oa69Tg>fF_dJ5Kwcq8 z(F*%l6o_A=#Kzbw>`knf)5(*3M+Fx---~|w(Y{ykyPA>z%_vS zqu}3q0Vx?kauiSNg^~cJl(n_B`r~sLQ z0LFNkaGVZj^Q7BAknjr;3G&MRw1xS+BzZ5|O57PH2^m@}K6jMM#Qx+D-!J1s{NT zphLF_76)MfTPn0d0%IWgbIMc1=l%c4|7${%gvrH=R<6# z0Ex72+I_0F*3iJy_Ba)0y+#bi`aLwhZ6e*;d6R(ztX|ocjJ@Z=-i}_svm}phvhj68 zKw|9{=>PTJlWMuH$F&kV={(&=#xl0@t8NoT{xee!kdO%p3Exh;UzJ;Ft+NfTt?3JX z?C$DX1;*5V|Kr?t=lfS^JnNQ+8okReagaMoZ+|&~B4PM}K*vB0aTxE&Qj`1XlKb&0 zK!a3NR3ALpElI*24%c6?0(+e2$^8qx1^DP9|IW#GGuR!f7R4MXA0!b&&O<-9kk9`e$cCxBRou3qn=I0wGhr{bLqY= zw->v~Zr#CfO;39FA8mRof_yN<3g!j110y3nXPX1^ii*z(bj_9;UB#rNF2crE(wNQA z6ciNjrk=Y-MMb@}-x}mg67)B(+-UZ^^AG9yYm_L`ztlUQ*_Hl}dZT~ajC~(M(XjN+ z18C3gzF@-3@svAmIBqu1geWwfXwK(^Rb-dBD+4pF#?}LFsNh}u*k4D}gtV0>Kc%?S zwfX60&=8p6*UR3#uU%FklDXY$eEMlh8}$POEer0Njy;jVEZjhercx_dXJUZ9ftHr0 zAR%2t(H)>-K$8;qiR0AO)o=P_y~g(V69ry>K>dSTM80s}qwv~3brk*aH|ZcSQ+Rv~v z`8I2*c`jSUnx`M!$;J%+0O-^t{17-iK2Sn1td6 zU{>3H(UXir_n$D_Cyxvumzb{pXp-Mh1slgFC52$s^58^zo5*4=r>ty*keW5*_4BH> zWi^PVita*FDq@<>TA+u7cjrFkK4Ru?I-jU+rM&y0nbmwa`de8 z=?@wLx>pCYI{-|iy6wIBwd=x6bwvdlV0qxE5Dj6+@7ck-AP^{|PJOaK@*mnw`9-@e zkS>3^T%jSV^JL=RLI5WwtCj1&0B$%=ZwT0c8Ny1|gTY^>{{ZzYNJ;y})2foK2=jHV z0XsyN*{+M2MlS;%kGrL1-F0syXQ1 z!R!%x%HLCSBFP8yw*Gwh9i!8MS|ebl-KH&D=@MG?4rU;{vSla_$P^h9!GI%P%QiJXWZwI&0B7`?K0(cidQIC&)z&yiHUnGdDJ`XkWq8M@(w%On5aM9x1;4*c@JxuXBg75$lk z|G%@3|H^oo!a#1uOtR~!zYvwC+uPrtUk%{;oz|{O{lzT@HSAer6hs`1&6jYtvcFK| ze?&&uA}gA^uI%8H-km6L6Z3Dg(sVbCU7fz?Ck_cQ37~j5GaT!u3K`A+3L~Ca8l-a0WtW z8{lUCl0m0`Nb=vTV=fsOP!j1D#DD)+J2^no^l!TVM9{y%_6c}R?Ez2SGAthE-*Ncq zci1@Ke&4cio>Eu;_8_tJAz%S{f|$-6KMkXTaD7^`Y(9*VFkj_xvc=#ziE?y zJ@Nl(p>!?JNl%{raTQKjP;SCs@b(ONKRyo{Nr}$vY1c0&qM+#R4IEeg9Ph?AUBp;! z^YyjkTIqN;6z9G{7o~fbMyRKL%4L8pBvu@)k&dcG3T0|%+(^@9qLl@L{@&hdlny~r z*+dT!{SMxlc;6%UP#+HifM9cDlPouQt& z<)3WBaWUfY@6)@3o)s0M<5Ghs^aGiosDwhMrs`LUFj05Eq`?9kJ!z7V3&(S&$jlyn zRJ^jEYiXHUKj+ zpEp!Z@mQ#O03tVUO9J()a`j}{dxOZ-sE~MR4YG;x(zXr0zE(L0HWzKw!E zJJTL-q&i&31^=X0M)?5K!IOyGeu`kfe{3!E{!vLRu)cNxaui`$S#EV~p#DKr()z|IoWUKcu` zm_O*15EpJdFhh;Rr&O6xGRKe7-^4cH&!K}@MB8la9BVjkDi+cH@z=UCexZ~>u&L0N@74C&D(_5*Gp)J>nvWWHoSB4H z;z>K9qoa{YV}rBdO1s|N_38*HkhnRB3ubf%qM}-0@*kkRv{sgm(UX?`;;=3}qd_y^ zgO>EVlbz@1-yo>!*Xyr;*B?1~yv!*H%MzM3nUp_{q-8to|-sU*lAJl}~X z^-ozrGME|Eio!a0yo(wPkmcIKxj~AHsx|w~`a~>Yx%w)s0U9wB^=G*PEHY5G$!Y@G zk);=wnDXkXFOzQQ94ARkQ~ZfSC$~B)l8S3yvt)1U2G@Qyx5Ky40)iIrW-CSHZi~IAMj%y@I@P&JKlw4(vcvOw9ZY7L|*9G0l!34ay!l8nci9)kEHb zp}_U*H#W&x=E2J4wEn6FDC9Iz=+W7w1y_-u5IhV&3)5y}9d=NwC`PvUPcjc1`;iX^ zTB+}TtJ1MHG|C!y9OG3PrsOX!n2gCQpaM2xk3@hc7pSfhy80*b-XR8XoZG06=_&d; zK>?D)BD{*0afR&)#i?`0N^~*)I^1grEgJlrxiX^LEFbgo2al@o`NE-18Zm#4$h zN9~o_EtU8ihm8sWHkv3Ay)E$DXmwF+c9j@2-YI{qFV4w0nK&~Gkgxs}L=MR$FUdBPK9}`!Oip^=)7cY*ZXvD%bQY$V1dxl1D zHNwSeWG2{|*%E6icY#)-Sg~W9^T7F&9{Vm*cADxjk={U~>K(?-KXEfBkc#13nyDRR17W*5Va(sjU5+i&=SfcNC1)8 z)D}rOV4ItjCgW%IiM4U+6d;(BdCGSw&@=3$(V1V?=SrYdOUMREV!zyRGmhRNM zr7(*K6)?g^(Q1JrB87_!9Q7wLxRVxH(3>jV(`84rdx!Ue===J_V&$C`jS_K^n3ttv z-x%P>Oj5m}7pXodeNJj-uOD|$Z6rsU8_yYCS>L;m2jWx6&`P`kBdhEVP-D%iF?wql z?&0K0(PetR-xuoK%WKI93q72}m?2RdQq#8(`$ExJ3{gW#@F#EIRL-wxuBs~q&pAxI>qMjW zdn;a#B+f?6{o)ezK`}HyE=kSgaE^6a-W(X!evz*rRF2~9FsFIfo`yPHZfE2m&XjuL zfZhe~A$`w)6tw&GYW!&2S2xFAXaMeP47~#zq8x z{NEReM2SE$UqsRDO!JAJ5g=7?lk@a8v^#iqu?iUVvnEt(u^5Z@oGb+jja3*8No0x= zSIH6N`Wth{u$4s@i;JCuCKc9#OqJU9QEd03_=E9DR0zgCswO>71*uI? zG=LYY#NMsU;1t5nx+Hi}$me84=9{2d;5ew$`y=7PHca|_A!|?*-H*Vqj;81gBvBG} zn3@+7>*<4S>$|y|vb^aDyOz^b@P!}!>W+jT`NoQx>>Li{5+w%470TC0e5pG9t+<2M z?Jp5x0Yo^e5XFW3M1;_g3F1d)>IlTtcru{{`mmVt1+hv5^Qw@->D>~#A@>s!iK(&R zL2k|;4d{$z-qz(&DnV*r@{NQXIJA)%;4a3dy)KGhcI zpibk*(5BC{rBqExK}5{)LRoo}L=BzMYQYrY6(>qbqC$C;gtt;ItUhX&a*Q&&s)GOd zCJSg$iVIZXmXV%^vt5|7v*i9vqMt_2CP%J@ymv*$F%Ls8nF^Bgt0W#sQ2}o_>2FRc z0Q#3yazR`$Pf}4pb$b|;MG=CsJ*QuW!)sVjFDbocd&VXvwM+b%!m zFpq?y6RVRC;APg?6fr}TL>t##k|+_7sO_hWF)4SNH8CGf`owi&(M+jf=CjzrCKxEM z^>p_wDt=Ts_-dE{mEAeU;T0oryjd%lAcD6|u-ab$#kbRL>9dr`o zsu0a&yAth3QbM;gM*97*P1j-3=GY4ol}GEO6-rQ%is70vAXJRHqe4cIMC`_-N#2J_LPI zp{wD15jvwRFHcwV{UgS~&l|;qAEpe$aVgQwrAP@fIY?%p>`-ALi`m)pu`knsAJ6Fx zjU7e(112=YnKR#Gv0AzzCb70q4EbBKYdNSu+uE`5^4MQlMB8sa)dK*5z5}3-1Wiy0 zPyVNmF%+o&k}rFZ+ih>-%`P(a16MICz)3llsO9;dQd;`N%077y?+T4L<2pgO#kJ{B zlwsQjC#`K_5{J||a)n_q7M-?%*8rzC}c7a1QBfZ9>oipVA-`ly;) zWGsAS0oV6qmZ62mCMICY8?wCIw3*L(UOi|!VyvuH=x@|YbR2+H6&y6rebjFGO zpotmjUSjI2OUoYnL%{9sBrYmW?Hl6ZR0nnU%O>sz2`g=Dhhmn$D#V(Y!9&d*b5kn< z^wh8{SEoSOA8G35NV{YXL+u3(LZL|$LJo$xq{wt?9Fg{xT5$<|+^!{U@7_3Jny2yy zRqff3=og=M*mToF?vnz1qbhM?lRuF5@UY#cXcS+HNs9|Fdp)3}Md%L3XsBrtDX1o5 z{Hu!D)hY%hcowBT|+1LdMLaDVnL3EJ;As;zy_Jl!mPt3Y~N4 za->6+=naMej+H1cbW;44KN^O@N)tSvA#R^iCROYYI10h!SEt-kA{ea|Nj#ql#GG2( zP|Zn4r7;P$7>{jb#ih;HzH$u8b7U_-r5p-N$xtGQ3KP6d1*30-lxSt=+fu;Gq_xKu zAM3WJOWF=~27;8ONrrp#n#sFN3=Nm5Hwf+^-Lu0jTqj*M$8u|>K9fqvT9SMe#+jZ{ z9^fhhwU-qpcKuV@Aq@ED1wql2PXRSh5)mM1<_ZTdgBjRW0pB-f$Vx+sZaXKc+-a!k zJ1D#-A*8PS;#VRqFH31{pjDJaf}yZfFa}mWrBVdgClF4_NRCV$+Z_A}cD~}Ayn97F zki@1M&dOC7SE7G7W5a{7->?9ukXt-)J!c@I-7bWTvOdd%R6B8pvv5E+I;>z3G$zz5 zk-7R!Ez4n)Cs)S9aW4xY_RE_GUBxo@Wo@${%}-w@$Qpr@4RC&huJ*pWtwSjI@)0A! zDn}p@LlRkSf*q_|IU7RJMeF#N=KjMw^y8~TP*BoVrg`A=p&v`GRV_^gvCG2){}5i9 zho}i_fgT3(+aXcoV)DW(NxDmdloGG{KZs&hE0eGS@0qB-U}1i}D7p^{mQzun^?Td* zOzae{cTmop%0@+GhmQVDyDMrT((W<1uo!!wK;s=92)>k=CanCc`xSXvKanJ>8E{}T zPnpSZs-UY8Zc(7V@{p8pqnf5{GQ0oT9$qrH>c=lPLJ1Wjw@nhUVIHxR(vc0l6KpJb zoQh-*=8lPpcm`E#ZX7bj2gc*7i`Ms*tZP6Hz@lbkPX6V&6U}jK|vpe2Kp1 zqN0$3@MQ=gTlSq>lK1j5P4^aAIe8epN^f@xZzb`F( zk{3!>4>(u{jFiXX;=@K{Q~4L`6dSM2AQR^kXB)2(1ha!PFDOoCL%Yu#)4;*#ejL;` zZg$kiT6-qrOZHPuGUzx&`?vxlQ&X8aIaoOf$Dtjd;+$FvqVCF;!Z#K*HlEm`??Df8 zuhjdb^(%F-JHQ44bi*#mVp0U{)L?=+ARkzGR>u3rj~;Eby}5FzXsza~xiAoal8tn9 zWP00`g(d&`Ms^vuDbC$!ts`v{WqC=<_r*UVtkN{6zLIo2G~lu zq`xm)o0cD5gVn#@?}U3Bs&NlB=M0JU^%{y58Fh{IQB)!=g--<6pKmi7?${tmz4}1> zd{*|0>svoeSr}^$1H7O0YE4{yj|GmeRo*2)57|h_sE7>_Nd+FL&9!?KOwsAN(BOW~ zgtJm5p((by@(C4$FRWB)QMr0`dFR?Pu|=`(#7c({C*$PAt?K+*u*U;YT0D?lS!ck# z!j6x^|Gg+p(u;TV5i4PWEf)?dD(f7*is*RpA5-AOaRx^}qYrUws!KcC5mCJ^p!g*k zS_GdI9935L#O6fb@5>LUIG~VPS3UBH7H{6MTSPwa9^d`u_q4ZE?$4mN4a>d3Xw8P> zOLOOwy~D%&U^{5g_$_f5e^sa-*{KN2fna}nKeZ8s^_~7}9$&`iXv)kzUVlU9LM!<8>$G(GTk7x zxMJ{JCkqo4=36f4P{#$Y-#$d8;ILDnzsaX(X1%d3*yEBZCp71_&K)20iB2wpOnN_m z0?m$4NS(d+{%P&X$$_=piFP-+iOXYp#*r=T$TsX_c$kL z92Hi)S(B$Vj0f8ZUy|E1a{VR;jr}K#Rg?(C^eUIw{m02vq+hAM;O>$Cz%;HH85!Gl z7oXEQ^kYbq^-biw{$+LFtYH&d?Kg2_8y1KuYhU`il8OWHCk@3eOG7c1$r)C!Bf}NT z4W8(_A^-04DIzg(gpNLO+oFQA*QJ`V1WLFe>+B0 z%lTkyJW7x5AVqy3f>`g%kiUBYl*mA9p%W7nInDVomoHN%J=EAZUAiJyeBLC<21-F2 z&gXjx-5Zp(icN%LYE6YTJzj}Ew!pR{tF`Fd@&Ph^@*I=zxA^WYR}aj8ykicavw>5m;)4AAG|pf!Po zHoi2#tU!DYy>&Llgj-ZnQ;u8q%Cbn`u91|T14jWJh7r7x*9?b{e_E7vJ0p8x;fOh$ z!qL+f0{Z?%_x2NKG1#2Duxy*liM`k$dc_T?dn3Tv4nsF=VZdf?@a?{}e!5ZRS`Dj; zvHGU;);_d~Gm|TAHlcS|6XB5_ktIJ#($6W@sWwM?2tVlTvbChPyRQ^>D`X7Ecm0pK zUg&P~5vx*bbsRVuxSw3D63K{u>t;C_U}uu5irXZ=FJt-ela?vU=5}SaJSEo;?qX^x zbn;1gMwy$9U@br7mOz-=l-2ipWymZE=H#PN4%-ruFYPlYkwUOloPkAtvS7|&Eve+} zU6@rdS8F^cPvLYOE6`Vwi}N^sAcI`e!F?;d>Xxe!LE4Tx#tt)QwO z#A2gBcl|S|wq~U_P82vQ*dCwZr|*N}>_}Dh3tNO1$51*`F0a(uD!ol+`j~kW%y^&K zRVfjs<7^GZ0fTK0*4nBy4{javC}52M**YUW2!Ii^q*8)@U(P@lYZDe`iWjAK+rK3p zH;I#*Y>t6R0KsUrq*H=_3#JB%1U<(3$PnhqPT*0+ z_@%qcmX9o~;MK?p_%^D3F(3Z}Ra@fpAgcE(T&yO9WK7DDl^Ipa?`hA;ez2dFgnzB{ z;s1Ui>{!9MzfB}z{6*ValjiQ@Eqh*M@HLBL`N#gHe1!bs%Z0Ew;_6V+H?}L}mF&o$ zeBv_U?PJY&EN&ZeY&TYJ{VA3TC0UT&C!b^ zJ!C-(6cpsAuM4cgMDTkg%psHLE8&a&8krzqWQ-1sj?_;^_A)u2W1u++Aypdx>+}M= ze`%96ovFTXRs9}9VgeR=w7Go8`|mblq-5FIZzHBi{fMhR4f(d*?~$R|*}JAG0nNMK zz*09Xm>SJaDDfpAtxCuUfi*d|ZJ~6+G7O>BL7s}-2>HenI?YBOH(MnUdY7=4ZvFk} zvoDUr9~*PQ#wuYf&&Cp%OyoNHO`V)r6XvDXbmP!qT|FmrZTD*7c(v)8uE?w(%zIJ@%C|PRNq8$31zoNxs?q9~7J9-HZ6<_w z$*K7z#+AC1AQ(fE(AsiwgP+QZdMwxMmv&|3=x?P>rTfGLAw{3FLX3kg2H~wBVNAff zOiPuHEI6EN#)Z2l0ZINH-hOG)KI_GMR+qcf9u>#W6vl4XuYAk%xYx@CN=hdY!Y2H| zSDzNIPYF5JY@Tbv0`x>C-kn@R;8hD83Un8b0J4UHsslppbOqT1X0ES+q38 zIGDJO3o<22I-@B6!7xyqjDMd-<5L^E>Td6?Tsag?DYM3$blq)BrmGVir>wGMTV0L1 zn{UNz|18ˍF6mq^A~(LnmQ#u548pvj4aehto7jQout?^jIKIi9B@Q#KcTFjJVH zksE0X#&c~MH@vzWY)x6NgL#g_`hXCw%?l%F_f5^S*jUV>tK4715b^a#hp?J~ca10K zSSkv*D6`uWDXAYJcAx8lE<$SztD|m-sbO zL;X{=KmlB^h0}cdVcqN(HsVN36&3I+msfa-$SmhlQ5JgV%jbv|kNYMt3P(MJ$7_cM z$y0oyUi7p5BMVV z*-}btj$GJp!WS*1ZgZT?hFoR+-=G5j#{om5mLxh1se}N0M^Qjxu{%p_~Lxldn#_cMR4l&^K$g3_%f4wpqoOK$yeh1i^xlnZFWv( zLJQ%bSRu}ccrBV~q1zR=)-0bF<>j>|K$}cWl}n%Ch{o#x`LzG2p6*u>nh!2Y&Lo%^Ag+OeHnPn1&xVo*;_>raUy5cqc^i6li#fCKNm|MNmpy;7rlW0c zLOoG3KrglpLU7`e#kZa43*s1Gy&ifY*0%U8`U~ir zLEmkwJ&PSnK8-&6dCnFd@_1uPyK7L?SZj8(Y*TgevYY$VlW^sM=E^tV*8&fQq{nD) z&C{x-7M7ONcDsg*BhG}c>>}gnp_h_BrL^XAZ-TmGU(VN13&MVw?Jwwc=lzG|Z&$qOxJH92LvHqw zC%ey6$QNO{rUh{zFt0$5Y@ZyPNxrdo;Vl zQLQB6YzTgJEl)#>(eTaqVv*yjIG4*(@ab@)TJ!O?`2LKki&OB*4TCm7_nRecQFii* z4|e&*F#pMp6Oeik2xPz?{6IhMVsd)Q`U(Hq3yT%IRl|$Ou;pr}l44bwa(iVGgf}+e zVFU%;%Xfh*2V*}4YPPb~Il1|)#TkRq4PLg6JPLDGRh8S{NRDCC*I0q3l&3p6au5hM zX3g-ct|mDVD({!$rm$8?oy%=nF1!*7s&SN4*x23r-uu=5s8CXgMXN(k=x1yso@kOm zPa-Dc$j6Tk++!7mi(Fo}$}g~g-&-o}g5npY*qgW9r4trDeE)6Lc_>MrdHxbPOIrIz zzREWssH<>0@OV~2*Q>~kb59^Qxh24UYQ$sczsy$|+uj5UjgH@Df2htbu3HC1)A-W3-0D>Uf$Hx4A9KAUB$37D7^ciXupi$MxaB!VK% z+MMTt74c?v{9-?icCT`_<XG<8Mx3IT?wtTqXZ4_ge4|pByxz9PgAvb-zEHM2M>V~ptUK;$*G!QULRBOTV>`bG z!=nAdUN?DdmZ9MrEJsw#rWBo)j=FNcgLr{k*y)&!=0(oUiy(d-H~Xb8vWE`~v&OyU z)QLbH04u78PXLss$F_G@>3zs(r#@sieWok^cyB_Si_9ctf}-X}{|pc^uyEg8pVFy8 z;tD|!kby|~dB_N`gWgIk9u^AHZC7%+qq{HZXq7cIv0wRSUs!}~M-o9bgx@79E1{>X z?0!f8^N%&FtoX(kMumaddp)f!hC-sHap2~y3g6^#rSO@$aK1wui+;z}Q6OVfB2I1e zzPS~H+0+vb9F_3NuU{>Nhk)12Rf-%o##@(~{~JJQdH*0(9e$eP+5ooYNr#J-s@mDf zQQ8f5guF@q-pRjWmHwl;=FtLqpH;=Q665KYtHnDI@|@A!qJ4{RBipfUfM#C8w#*2* z$JCpdl1te)ZEX3Kos{E@r}DyOo(3@X=SE?knX)R+a5gVh3sCMUI9h1MPwI{$#nNCN z^WRr1mWPJKzT{VjD8FW)Qb@^RBXPfyv=O-_csoI>GL(SU4=h5)f&`|EwmX(1a zMhZmO07vu7WhIfLvXUa(J^TC|-l?M{2W5)Btc64$xAc;*g3ma$bSE<`E#F=B ziWuG6c*J|Mt3sXn>}D8Hb$V_&e|6 zb4-vPv~|5tEA=5I2%p0xNV#yKt|r|(+%enL$m73}aH5<r&;vplZ+^zq1ID+AcB<+() zabr(>SxUl1Yfk0aIu%O7p;o`LWP>rAKN$LNsQCs7PD<%+=`v0FA;*yE)IfmeR6`fh zEFHqfr4ll~aO+}O@kJiM z2inBA8W!spq{k{^`iMt}V|b52&$q2lBCyxi)aKfjYX4~@EgqlE>AKIdDN6UU{81n1h}Dlhxhrrd-)TCnvdiQvso9HeyilSO+{wq^Kzyc}z;gomTwyHf77goagAb z1WdH*)5p>#V1bn6%M8n**KJ@j+Nsi%M9U!AB3|amyn{O0a0~_QYX@0DAqhd3v(tlZ z8#MM>OqWgmB>fT%dGuFYSN5zE2Z+ z2llm{X?y{ntB4D_PeG*cR&j-hk2|&atEILGwOP4Uifvs_U|t`-wlJOk__0H|eJeZA zvZ7>^^n+n1X<9bds%3^%;H%8Ap*}#kuEqnaW}O>GMcEKpZFyynL45UrcjA4o%!FJe zfZU8|xf{=lo;ym*?F+m=k{~S|*tF!+6U8ic7&T0DMQE3|+BK|@^$aO%jnKQl(Hg?v zGus6=Rv=4~Tjpz5?59gTKePM>%DU%>GM+mR{R?2eZy9Xnek89Uq@q1yx<3{3y#@0@ zRPd=}$`+EZJG;u51vFVlhriDMbH9q8kzIdZ*wIns2bOnhgS&PKark<w_rzq%W^8hd zJS8vbWLCy2?elw_nDpwhHzj#d$)yND^3HZpO4ojNQZY%cY{w(QCw=_N4zOjw)B?1UGxSXY2?8+pe1Id_)0) z7+VW^CxFe+zw-%U|G~8%-%}MWgWGt(Bt(lu@MyQHc^Tt7HAR%OEi8-(H3>CDp;fK< z&vME0*`oxB^y8AITT55w-)VC*j)jOu4=H~#)id+ZgZaP$v<&EY>7Tn%c0Ni5M3&@V_D5mM%LhHmRWDGsA9bNY>)`P4&8+E5^$%D1 zndECZSt$1i9W4ZfAAA=c5P|uI#*u^oSlOt#U=_CC?75P&gY3w-)3QlQR_5t9cd$tS z0ka{}4-K%WyvlOsZpZRzF0d(cV7Tf)!-zxom<-sND;HpCN-cZ%#)BN-aEAtyDJsUH z3#lqD?vuO?9^arD@5M>Me$6zKK$RXNHf(+LD=54A`a0GT>DGRbq`GiK#3bYli8y?q z_Q0Q8F2aU{lHqC`1@8fZ`?ow$jqxOhZQnZ{b+UHpXa}iQ?=1?lKT6JSCQl>Dl>$ z7yPvFWjQ^lr4-Tn9?|XhF&Prc=&J5NQi}TlNRL zmn9@+*=Jld^;JvtK{R2==UMqd56QNp6EtUO!>>PNaKXSX6n}itTl7 z4Y?%opDQmOf=xg2W2es}=3nslS3?&$$w6YyuTNlE{ULv!34WO0g!jvR{Cf0xE0;yE zPf-Wnb!YwiOvd~C&0jSBKOXcb3QMOB8j>=-{&$PNF5>*UD)oz){KtdT*|2f7NWw#+ zUzv@6oWY7t`H$yb9Nz!`w&?v}T#tCf?v$~n@D9w0n-bZP78)N=QDHn5nd8q_{mDVW zwhEk3jX=Y^qvJCR8yM4?r*7^XXHjP+XuBh}JxZTwMMlqv4aQ&N;MpA0rc_De(Wn_x9?FRXm;+-_%lFXxU% zMr@=-FEV&#+Vy&0>r0N7W_;3xCUYGLuvfoAoIgtNm~&=Xu_LD8h->3>qLc^=HGroT z)+K{T1v5S-AEjz^ts&wza!}{IhQGzglF`?m<@VH2$hQd1;35Av~?^tOH(c(N^7tO+VZ} zQu7nqIOt#6dH5?V?dQN+L_lj{>bXw74hShnP4s8 zlByq}b80G93v04q7e%9O!P!Ou*Q{><&@%BRLg z{LHk`mnTwUv!6?szLjh?=mu%7D6hS%PEbdSQm+;1ear<9}A3GpVPvG5x=T6A<1dat#~ zr0j#gJpB(LpzCrdx(rP-unylVA`^MWJ1)+W+2qRbR`e5I;VN%0L&PEm*{&_;PZeV; z`<&0F$swYvl*w!B!}U=gPYomm(Ku);+1^|XZhRx(n@FcvvLSS2Np#`}=1S`a6@PaG z;rbY!-vr6px%bQG{glBGnOl)jbo_;m5e;77h1N>)?N1eQ-VB zwGN_*Kblw-t@Um5n%-xAXS*xRjOtNCd_0h19oX1mZk1>&iwC*Z_$RXt(Tofi*&EiM zEOraV%Y3JI@sfQZ&5heQIJD5#o_|o9JE=j4oz$x~skAk)J(#OZ3U9;2Nwl2l1*Vkk5Fch5*R! z3`yRI4pDYf4jWYhp21gWG-V^E!0)t%9$z|(Oqt4iRt~k-Q68WFT19tS;}Q)PnW00T z^>Eqq>`(e^6F&d8UItP`B_jsZQ=+Z839<}RN-brCCip1|6Ft7d-Lm*dxf z)jY(`Kiv3(s~5^2(Gbv~S}M!pM?3 z3n<$zo9+!N(_%Wg?)lpiWy^@QA2qbaXe^35!8)N}^h=nt9&6D(Xbw`rt`9DpC*tG& zlT%wal!$)fH3+JIBr7WI8>6LcbPV5|e{z0XZtV%qN^DwlcelD9FL*P}JuDZPb^H-|z>5Ln};KaV$VrANe!*;*+lsP0m zD3ApdRQ3+Slb&8?UhB%UbYdgvbOO=;7)Fr4cfApT?sIB_ElYaduafPdk2pJWNBG%i z=aDYWhtwm3?EqOp^9GzVK#hz!o2AFXQAvIMLrs>DgS=q|=L)0R%ByV4?ug=j&ME9y z$*6T^A8==kt>rAMDs0gAXp$61b>FR>B3fBmy}VE|#hY@@Ew+Kk?+-fxcx#Hv6V$d=;5zyDNeNeX|7 zp&b*~{T?f~+1@u@{P;78OT@6*iZi0Qy#DSovpaKu7#nx}T2?4b50=wMwi;+u0?exo zfrRi@CE8vya2ffj<{?_+-@)1>xyvluT%sE4V<8cnavew&bb%s~dy8+Mb|yKW(;fXV-PAN7Wae)G3%k zDm))or*py829^(w8}**x>E9N>U}L$bRe;7MsB zaE1LoM{ap^CgtX7iSpz<3Z$R%sv45G1u#{25iV~( zZyw%y7r@-vhm(IGE6#JUcpMr1iJ{PALmx6eS4bNJmNkx)-gBjh?qQfv@q+Iig5*fw z5$%<+@GCrTii}ZI$r1P6@~U>1oJ#Um3uQO@phEVmuZtwPAAEhB^c640LXza&J%1dK z4oz9IZWINaudUVk69Ok5?5c-`j|(_HVgO$?PTH3L<$6y8#hZcQ5@F1Z>Rmzmu>pG z(jMZ7Sd$tr*+78x!~rXx(QfmQp*4O-rP4uq2Zr^BrD=4Mdoz^172KD%iLxU4f)+vx zN&&+^OS7I>Yyo?4PXK(!nJp7T1^l3sxAIV_YGUVrujBAnIICF~j&G+tnC<1dN0rh+ zL$NW@a?Uzj(Vw{STP^cC*eGG1>RTR zJ`XoXL!G~{BAZfY*G@%D{1}kQg&>?71r2#7u6(>*_<|y4$7Wnc7tw=_3U!TCR6@s( zbs zC^o{rzXiB<_A->XO!pv%htI-;1auso8dIWRc3;GLXx@eXt0^a=ue>fjRo~{kHFwIM zX?j9HlMEu_M*J_BMT--r89;Rb0cT3MUD~cSRMj!6@-Aga%LynutlxEBy;XP^vGN&^ z4>|Px^c%miR%8931?FfKd48iIHLed;ACyQVawgAgT6JJYI4wYVz!&juFIilJ>FdQS z#Hw}zHXq*j@x5%q`9ngQu9ynVx<_aHDad0DSu_KVUAlt3-d$?w{LO?XXYDTzc{I{@-Wr-_)A^ z6|=l%4yk*N^mXRrqW`k|-hBUQLoO$u!f4rZZ@9!1s1~`Bukf-e>kM|z>p)U$ex~~9$F!0 zEbMug3|w6m&s>_hC2<)oQyakO)OaHBF2=8Pk$fy|mnUzPlC$&X3(Uasg~*pH zaJK~f0FnadV0|CByQpu4#%#T+~`@E+j>;Z;fx1|KoeKt~#JL~nnMNKcoWs5h z1>7lk^$f2@*n)l*9Nv=K@C<>{^YiN~PhArT)f!e0fxeqlzOsvMFm1dJQUjD*BHST@ zsnzQ|)2%1GkTksdGIw)~z&(Ep=Zwuv8iVwtS6$pnaoD1Nn{CG$`>7jiLe7Vt6YaoJ zeW&!EEHHt0%=(NZ`15V#F>Lk%#RQg8YMDVd?oNk<$=S$dN2KX_K@O|F5S)2l9fi6?S#}E-*zKnqoJj{R1vYvP3mh^G=8GI^8%IW(A+nQ zC?_9GLcRkV_p0>Lm!Pre57#HMB?v2&jqA&kpF7NWwU1F1Il(|NM$p#JbqLv1QUCr8 zcgRiKUp&F1#&e3s5;nBr`3@s@Zne#bij_G2aRB*3gDNGSgEd(Zr(7elTmrHT7=$s@EvWSCITS6 zAt%K`?M6GHeQkEwy4p+bvO3II>DcMYb8m7$H-kmGS6;1b+&JEDT0&DyScwz(Qx`MH z`4A`K9D+F%k-riyXzh92Dg-K_gLnh9c%}Sp94S$+N=%oSTDIHyGK5iOK4WLA4+{hN zYO+eH3KOLF+sPO1n9U}R>xw&*czWo&!{N)OeQ$a8CQ`n4ik7H2TALs?Ep$AfVP1`u zuWrgYfFisdH_~1%jY@ZtPj{8#%ZADh}Iv}%%|bcPcp$^0?k%@65-|}y&BVh(KwgVcs5XaxKlL*4t`DB2dxTI}UDZV^nywA^$Df-xsF3sCtcIwC`l}S@9 z>3JrDSD*gNcpyw*(PB&Pp8VGQJm1*IDvYBmHLq-4Dk24O)Ent#qT8x-sCyQnTDp{j zE;Bs@Ar2#N^{w?~Vdi&|-y&6tB|Wb1o%C=?3ltEqc{at&y-5K_#kW!p$@Y;c)f?+w zB|g?DocCTc@tg@YNuHl`x8vasW`AFXyUHA68#Yk3ls*k5YWAgej&F(~uqezbJyY|x zsaOsREMIZ=78wZWQDQtiP+s#h?+ZXHq@$918(Mr@2kc!-Kc=79O5J!@1+HGp-0lZR zHRSrUkby^mq^-jSy>j91iTPd@-wQl{8up^a%Yj0&Gd_itp9(r6?__^qmW}F2o_3R9 zh90FSZH6b6mu`>jHF#lB3|z7jFI@~}h1koH>Df#kJx%vQ(IcQ+-4)K^r#0p!x#_>A zg(57AWz4Pf9D4WMpH&2p6f=qvq`{z5<&B8$Ws)AfM)I{~UH+42+`0bVU)SD`HBCLd z_R52<0SzrNpH}b_z})bP0ULQwJFY9Fh!TdeTZ-@p6D$*Qh0wf{WH^>a9)1`nHK^`M zn0nse`0!3Ro^_A9FN&XK5p{b!ws?E+alVrgqjfto_0N!axwLCHNC(so<{u9q!@29m zn4Q17At)0G3VEmLI^9RTl%U;Z!*&R(fQ^nxzocuVpB{h!RM8&~~c#VnW1@d;rT!JB96{S^*-*%+h9VKI_=_* z(HiG=L5083$OE4L(dV8hftfbvKUk?zvstOR>;myEtj&rD)2=us=y4zObm?T`Q+iF= z1cW#~6yi38NB|6CRbm}_)>k!OcqHLb5!TJjJTTy2#)K^8m`TZPIFkC&bSYL$`d?e{ zlmuBa*pF~r*LBg!>Ap2W%$sVRKV_yd$BI#Q`8avPkYL(DDn%T@185}YrB2@5aG&~2 zbt@qD^*dA>Np-TylE|7J_2T%UwZ5*)1`;rcOG5K9G#;H@C*ZB@z5*^%G8=%Bbg?)&bSvT_<|>6pdw zX7f#V`gwIo$3A-6QBJu3FrIkZJ=Jyqy?;M-Z-=YbZ${M8+IQ<{S{cfn!#jaIrJ`(; zvVX(ic#JMx(9`Tb0nFGlE7-akKDacqM*nBENQpe)lxgU zp>CGd?}PDD_4xjep#t_-EI~SohIVO~C-pD)>qE_ylO&FiX)$fXO3cwL$?R1~xc7v8 zep|zOq>oGDXYjOcgx8sa*aHfK%z>V0sKk!JbcL+RZoz)rCyVBhsI|gjp7@kUVKIVkSeVsV802-pL#C&J}N9EC}(RUn;LYF)%M=iA6|?J}PCF14f&BgVP> ztbu-60^XJrX-wmu=olJEw;QT0O|D)jG|EY0<_AOl`qH?AO5%g$Khn#|PGjh}~m$r3QGY zIicTR%)LUDEL`%*(;U1_2pJA z=Lr*$>{wT+lqX%x=e2I+tJ;G1jb*O`?n)eCK{*?UjZuf7&AQLOS5)~`0J-}x4&zeU z6d>x7;aI!rGx^OFNLKHR{J6mU#yS&~#BplvrtQqhcEl!R`%RAvYH`ISqLsVuME(J$ ziges`L&n>Oi$5lmV?D@L)+wM1e>3{#^iiAq@a+bEZZe>#+xy$m&yVL4zjsRYG_{1F zVIUUi{5?mn+UC6&`4Z%M43tbYs)LcTuQEQ9%h~ArmiSU}BHd~my}ml%FW{DZS?$hl za*dMY({mqaM9i;ST=^u&YWL^RIh1!g(?uN==$;|n*R)xBA`=h~fJi0LTElTO{;WQO zUeGR=C|`QluBU~^mY{v3LoxVtI>F2`BM-{%!7#acX%)f|j#D2g?QKy}twM5MqlRA6T!ISi+0e7D zOWv~pq(stuDSCQjH1w&f3V+6pYrJiJUT=|Vi;N*OfsW}hdR_Q~FZCFouB>bgi~blu z%Bj>SxZp1jH5i*|%vKbXvhvqCcBW6q&5ei?Yq-?T@Yv8Auh;qNo8m9D;1=>53}oy$ z^|eJ|(#JzY!XR>7iNVS6%{i_Dda5yeP{#Bj(ldHcs(otev+4cC*L{4>ke5ZyLAP9+zW3tA{Ki@M#K>eMciV{WKvGRr8SThLEKP zU4GqEG&ow>`Ot)$Pu|E^Y;CLA%rI%Z5wSQgxWruMM0w5Q`(mB!JMQGQ#aa;1#l#Le zEHGC8T(ut2Ww8fL7|JCSMv+Fvruo>@cfL$K9yAy#$10cAcAc*auGP1445 z{C(L17hsy~)CzwL7yht&OK<6mR4qNr6W^v-UYc2faIFY7!#4fiS9gVs?x`6G9_ulf zvWzQ+J+fDAJe!{jA}1baiQzjj=b*3tY1O!}|D8GP$ZlhyJX(qS0ztM|5hp(X`nyEr z97lA zx$XZ2{^1`@yrw@--`8G~y!;PdqkAr`^tri zwk(oprb>AEaNF@e8=`XVi>BOF31O9mNpH_x{yPxPhCmvjA^tT1xx5S=^m9V}0 zw{~Ou5jH4$f0+00##sfiCpuFqKmOame~Gmdg5@n(SnX;4Zv1i*_JpO1{`0@B`RM-r zn^jcrtA5uV{M%)`R>C>}K@Off|FWy!QUtJOydNX#91Huq@ki&|6ePuc`d!EQuWp9O zUdFzy|MNQjt%kS%@4ODyCj<>1x#HR+s`ATdbgPEmo44I{eJnpuMDD0XP@vh(G^Z>O z8Zf;5PxJBC%x$gdo5A3OzBYqe21S+tay}>SP0z^KdjtQ-F#VIHeH0PA-+4nRMVcUP zT6$tDn4WU>`=$!y+otTB6B>L(bmXehHL`g)eSz z2PGHl;VcsuVh#c{eT+K$79Imsl*KsW$laS368xe!Ed3N|Flmp08!pd3}S_5lCn}JsJSiird(0 zZWMJme5Pw$F6K@?wY@Ig^vvN&Ju{!I#U`)~;tA@{OI$a!Y)$9j7%3E+H4#0g#_NkIe%O_!qIE$0sWwq( zD1_(pI_QLNp~~ru_mb6S5mY|p1dEYd)14I_zple(8wWn@tqHpl8vA4J|CIFbX-)n` z6I`t!#rhc?94*jCtd;ja$k@2Vd~*8GK?YyR&rTMg$`th@b&WsArGkm|;4o$LnpssD`vJ4JmPt+x(nKTk#R{MF#?$#dNJ(pEiyDUGbP#=McxwWO9DMzf zEEVZ#F}4=(4zEfdci^mD-fI?MK^xEQ+as^t^Y&%mR$=Pkj-(r-%6ImNu>UG{VLL8E z=amon)b>PJLSvVArs(i3BzPbZT8hj8A}lM3D{?mP=XnJWIaDH3M@rLKRJ}cghGFHQ zOZDw>{3Vu5f%|j`jRO6>A0dFnlAy>|g8_#Zn`ZTgciZObf~Mb*)b`4dCsON?$QU_Y zT_pY*<9pRU4bQ3BSvoxVMnQ#BThX)$fvN{o_C0}WN!t=jOz1wsbFadv^}YlFNKQZO zrLZ=2deY0V@qBe{^#~GME$=NKYP*j4qL`6eG0G-e->{hk57CA#<{PRhqh)vR6*Qh% z@}!4}Y&t+I8N4scO@>4?)nCryE9*Wu5GSvK6Luy=gHJu^wgp3lTGMJ%71zaT+`lb< zSZp0(F$oiip@N)Hql@MPZ=DH**Wrn;3&t#C+bRUs#$BeQB7M+aG(glTKS`$@CoCwnlc#UmrfISmtY= zkov*zwM5>4ftXoZd2Z2!_CNUfdlt;t$7ToprZo+)wpA>KU^H_e@F>+`( zf^a>kiw~RZWDp}nbl7Dc@;$)=oAJ~#sGgo!bUIzS3NIhCSz4E}lZkkklSE?}sB~pR z4BJNSzUiK>=}MD4r$yZI%(hQVVDnnA-7tw0(d6dHJwWzrc-R%;&Ej#Fqje@-qXxR` zizc(~VMbb&;K7RYjfw9yjoGBl+0e_4 zsEWL7_gbE9d@p?N^q?zz_W)J`Ha%0plpQA}Ar6=CpoYgog#G3M$gkRJ53NttXA2^{ z1^VfAIr=9AYa7c)nuMAJhkEf6A*CKv8_TaB8uPVL!kPN^+Go*YJzgH~9Ol+UdWf%jrIWY8J)b*AE?IrJa@PEAiEt5!ugc_GIkZL zhv@aO{%b768zFSD_oxlQp$V?C_CbQPP0ly@+8a)9Y@~LQwee*hYS%g^y$LwmBzEuy z%7}hMcJOMi!Ys^Y=^6E8N!Y9#-*|;PL)I9AB0r=Oscq-`6h55gtF~AS2x)$a?^SI5 zD-3PXx`xeNzpWXo#1e@C#F~y1(I-G?CTqV^Rqrb`;Ht$2x>! z;#|;KB^^Pp{1l!Zr;nv0y!v{R`>;#>kGBHeb2(@{Ej7MwO8=JwTeYjER+y&gFxxDJoq-f{|B2Kab16NNTB!rF*TAAndN6Qv3UI z!E}68V$JIfD*Kxf_qE?Zz)kqaucOnu5bSFC><}eASJb8G5stYv##96l$uGP6H50`$Y`)J0j?pT0G_oSAUX_c&fXs4$COLzZ?3CixyG+A-o zh|vohim0~enDi5H9Cp7Q*#6em^wQ^6DAWJ~^)nX(9NS#KQeJ9$c#FJXJaSqubea4C zVMT8z5n=(@?)0&A(|RcOam@(qGUmq(vh~HFGkkeEB(mFqLqYpyeF}?i?^<66Si&35 z8$KIkSbJk1pgq^#(xRAJJvdubrA+NspFF|FU%(%EU7Yf&a2b8%@>FO!SmJpRNveik ztY5K4dsL5{Y-Eq~!i<_1{QhjA0OvR@@m3h{Jrqq`AtTVNsEwV^L2+=8 zmfV;v4$wfY?=&LDY)kW=ej;Ji&*2c;@b_omhpQ(yOOd3X6%udool)?8O6*3tBkvgz zZf=-UerdmyCPcs;B+8uD=*gl--d&!*SO1o!%}qP7BBu{})zf9FVnxQD1rMkf^=A#r zPkEfEjqwP?SUi@SvB$Obp3@mu@BQuzdtGH9wyn*t{j;-mV!7JXDuZja$x3oqPHKQ& zZ@+!+j&5hHcLD7+9j5TQzYRvy!s6CSV|hp(K&BzYs^b*@)K>9;n_hn3QA*?m5T1l zUVcfd%O`5&)+{5FQ0Y(UuKCR0)5E}~Le}1_8%6>MnWGOL29aUM4X;kVkM8T7#}hjf+~Y9LQtF?w~sqGq(OU3Rmf>*+Mw>n4$``L&hRnp=}k zmlx?9PzTAgo>@r)O*`K#N--JR;xrZO|zX}xva5UZw{_nrY=DzWRNh( z02Meqf_V1R~o7ps<-&On!%RM!+^MNS!ajzcO zlX7O9itJW7lNcJ{F2(3Ad4>PtW?vg(A#G<-Rzp*y_uq z=u~=*_|@P6I{5olwWkz!SHkd%O>n4RoScfDZsljmiv^>m znMO*Y`wX!()PK-kMx=?P`6RhZdKYU<>mP@iG*jH|K_)To-< zn1-b&_j(l-|CaZk5!`=vaR+=;HssUWvIXYu_w!s^$w^muegvdwVk2zy+ncCHN^ys+5|)R znrNw8;z`p?zqTd$4l{9L1MBKP}&Z#HX+oq@AC2G>CIQptGit{J}DblW$ zeEk*UtX$*0KHzYq!BUTK~hOyv`|u5eH z-$x%0YBTz7iW?t`@$JPO%SAoycnJ+RMR_cICz=*M&-~Q%;cGr??BlIb(ZRinU9z?r z%aeF8d6$U=yX9SGU@57UMKw}JxB!xTmJ2OC z!xV6eKWBP*Za?-qGe?IN%T<0+?hDwltt726+>2dQf^-wiW6P_L0qy!oxk{3_WlCt1 z3G9(?B{L?TIbqx?-9S+DapQ}g9wRvsk~?Q7*<>Soex>Lt4RXaI@mbHA*m}WI6j5l= zqRMd-V|)EcqO2&h!Ib^CjQXSb<`Y&Tjwz|P=GwTbx5c*(_CL6od*Shmk^!4XSbjSB zLAkf6N<{U>C(92NQ;sc2Kb>-lA-x+A=pGBikGT#u6ZCvM7^K$5x_|KQ!NJt}-kEg@ zWpI#I_C9i{G0naGBbX=Y)i-lXK$VKuvYtKi? z%cil!>`w{z2DtDiQ!=-yiVDx3C3>;3yVc@>WT9_W=TT?JCT#o@MlnHtwO9Qv%*iJMilN>g~Own%cVcVG9Sa0D6#O z0Ao3#pnyp4C;~P>={;Zs0-=Zq(h*TmS`GqIB@_ih3oZ0s6$qgw6iEam5ePLT0Ycyx zJ@>u$;QRgkW$clWow2gA)?9Nw&ok#v))wGaS}hdNVeTz`;7YJz-2zA9T-l*l$#!kJ z-8G!kSB|@EmReoEb|Uf2TXuB$y(Wh{$0{@*OAHrtMZ3Ma_zHWj?trt(<*V8!MGIeF zivWeID4iMX=f{u(?FSKVK;{OEfdto2~O$VGZ*{CQP^Q?%RN+Ay~t3tg>Wtzr}_d!^VJni=ejc#u%_B5}?PLw@cLs4BzXjWjoza zSAERa9AXAA-T~SwQYQeJ(+qyCrVeNJ)F7bm==QDzFO~xUi2Z=iOBDT z;@WhL=tqEDXTXzYC1vxzf7XnWUw!c~C#fOFOtSm}zQ4w`r1BDUiK(UrdPaQk zTRdjr74db$!>wZPjQVv3++e9R5BF^H3&`4OvfXU<0%*$a!(KoVT8(<3{_(nG{X!PH z>ib&>dG(#wUq09~=P<6v>c?DpqzET7h?N!U={hx%${fP%#uuC*%W{A(0eEsDSOmeA#ITUJFHz;{@dz;xkc5GUeVn$O# zWl-aCTuE+_2Wafx29J--84m-_#RZk3U=Y{QTbgXQGPw_`-6__(hdO`u(D}d555#y7 z1G++uj$_`fRyYezLECg+YLqEbFh8vAtaiJZw2kt#C8ki`m<%Y*X{xZvZKZj^u|msn z@--AJ7`n3$XVRjAmXABu!X1|0H;mdH3U9w@&bQLDPQh3U}LljzRX{v*wdS{?suBfTK z@9qIgJAd@kVzSDP&#FbNI5|lucJwQI6}nAGi;|rqiZSZ54ai0k0r@yjTiNQyooTNj zo2uOf37_%u7@uA5SqhvYqR@|>^7;73BMTWOZJ@bdov6vcz4qX0;}1|sW=F%ER+ur3 zL4KQKUcTpdLUxynl{7$SL2SRg=K4W7MB+olgP&(dIiHa*r|R2>Q}aTez}1oynJJBa zgm2IK$}fU!9}PRgT`uV#BXq1Ntf+dbn$xMr}O;#&0nF<>dzTm8SPnUc)whB8(%Zok{BQQVhtIyFL@dqIn^w z?r?TK@Xi{?*vnN^D9^gQr3WK+=j{wsW)MI!1Fdp?Jupg*y;JbvBKsz>9% zcHSPYH~u=iUKz8nw8z!=@pfivRh{o&9SdlhYmaa5hH16?oBjw)TKb$(^k~RpI;Rn| z{TTABonyd2NwkPh{dB3zoVyht0L@`A;Y(m%cwZeZLy+w*5g4~a}ao!Qbmb94%!^&r2Cm|7Mt`k<7bPjgt-c0Dq<8wPSdi_ z9r_6p*G?RAG32;u;HAxikFzIyx3TxyrC{^0nKrAE%9PEFpoub{w%jDLZtwfC=NXIT zB?7h!K|PThBRT6j*FfONY3Idp3UPdAe7O7%Sei)2SJhJ)kAruN8FzgrCbqIFTzAKT zpM~%Pry3YJ_PfQfab#Vahs*Y0yQ3Edb*%a;lweUdQPnqJ%4eTAtG-=ACh3NZQw^(# zpywGA!}`z0#HNF3Q=L`I3Q#S{W+z|A#{$7;2?C<7<70_vl{F6x8eq)kq2^}m`)5Ez z@i+RC#cSK}1kKIbZ+865w{=eQeco zC0CY;%JF8&&04diUAs0jozHUSJdI*H5YDLX67qb$9w*;4g7l#^ov#G7_h-g-iC_Es z42{ly4Y%y#-7ZU&(;!#s1PluNG3IUZFbu?hM+-L8z$`Wb2)>!MB&X(41EECF960j6Zj6E zJP~^EL<@Wb@N;?39y)yP$!F(j(nA4rC&;Ff#pN+NWbZ zQc{+>U<NOk^$e}N;2?CdysoK(QU&7*V*xB5jD@**m2?FG@hRc^;Zb zJoU`Nx9)UT-ilvONwNr_%?y52U1#(Y;e1JEjOKK$h%qgX4<~KRo zkc`drCBn_!6cgHd$McD7q(rHZ)=qr{|0F}h3(35`GYsShOuyA_zQEAd>vi9}SvB*n z8fY)`yh&jbR0{QYAv>wBxZQG9f%zoxl`l#nfGprMy%v(;+#IN?`t;~*$9T668Y=1} zWt4~hOdfu&;er7@EppIEtX^0ni@AXk8)#>*ec`vQM$3mN?L^NV-s&E30)DmU2^I~R zQ4ZGFnX24NE*Sqf46F23S)B~3o^+VLL!1Jtw>0gwRAsQ&1gfb#%AQhVn$%z3xt=St zGT~~~-u;FNdh+;wo0Nv7|Ej)H~YjA6O4)Hr*#-e=l0z~@U0<9W~8|N zad8)Z0r7*x7pWr!AB`{lJkw^|k==F|JLw46xZ++DVq~a?%_iiW?pMI47!aR` zusprKmCC)VjKcUf-Pj7)9m&$!+#A7pXdWa_o7#LkZN)$1CVB@(8XFO6(+z9yj@Q`e zdzpzuIq($UOk`3|L&_N%dgwo=KY<;64PB$$#=})ym%qX%cjDV8)F|c`R1(;@ODXQD z4kW&*^#NxeCVF}zQb#5*{rSz^O5r&f^{16fJGb}VE{4>}?^shL8NQpH_wK<`?9$-o zV1d`~?uil&#EKs`4(Lz#!H=2kUCe=`+mx?fuK!E5hj6B;p!@koAnRu`59(>eC*Bdd zFp;e@0?ox`JeX~zPa zJy_N}_ukjoMeBg!r#~f=CfmZv77)VaXUM+bJpM`(#8cWWe#y3BtR$H)buf`WX?8PA znPP++S+eWazhjj_rkXdpn&&-#4AwHa!Oq-PM z(TDWq9fYgy7>|%KXk>W94}t3z#%0nLEGRamwxEZHrDSUqja&@Aq-51fPA&?{<==7r z^CysH9y!D?PL3~Fv+T)Z?>$zXZ4f1@L_@T$-{cAkJf;JDUsk=k_BKbWzP`R$s3@HC zP0Qs=rB%={5gG8dZO)0^t4HbFZcY!igx0NWL#CAR&+N)`g*0U9u6(ES`0X4~XbGiW zQ>IBxJlJL*SLzD)sSpmkEeKw^9sZv>oK*fW^w<+wqg2bci?xn)NTepy2F)vX9sDLZeMzFDei(psaBqd7->l9AOHHl=gc<;7{H0_ zI{O^hD^c%`hSTlDLLH%>ME|b?Vs@y#Ndpk8C!VQr2=pn}ra8Y-YF`UhYsjt4yBMQS zxr0IBsv5#+Bg(AJ;VQhbhQ+_e@ynI}ap=m!p(m$E$0J0&Z#5rWTIDNI`{(`teU1hk zawC9HUhzkLy$@oGfpVa?%K7_yX?b(;K{by{E)H|XVD8nVKu(+PIHvK(q$@Bb7E4@MJD1<>3N8@zYKj) z_~)uzzW9RO8&_gO!>-2sXkt{ga~R#NF8s)H{1Yd~P|)heogUM6_(>Pz2+lfp7C}51 z;Yg(FyWK0cNi%LKT7Q*j$4r|EB0BsEt~s_C|*QUwrrdN{wfYnW88zJg?ggHl2e9346ZHJ%fu_GYhX4xuuDZrb>b@ z{PW9zq{1Qu;O9v5?;ilJ1r4Wlh3Dmiwc_hwsUtn#jV~X%kfe$KNF==b(S1N?nNbw~ zR#WJN9g>%>`4vEkjz|(QUS8@j{G zS5I|%*>sAvX5p!tA2QyknaTug(48HFKPfG(+n6krmYK2-WAHa5yUOwp17X%=~=TJobDe7s&0aOxEXXgb)+rr(x2YkeU_G2 z1sKx;9?SmHp1?alNAmCE8kuurL!rK{YZf2jl%;>Ku@8%ou*$nw+c^61(9PrLV;6-7 zFmn@|y2qXuSyeCBDj!3b{_e38iJAr>6&J`nOzr@nJC3eBQZV7`-rzIp&2Ft=uICb{ z**sV-ycnq0L$@3hZg8H`V9pzav>y6Z75r(={~Ut-Z2sG6%TL(l5vuwYubSSX zNMw8z^h$Tw=tq9Hv)(NU;adYKQ9*F07~D4}y@k0X&~7~671JFVHm?8c>7OnIOV|c* znaxKSPVtdBo3>xN$?*+(TgkH=P=K>K!LWH$k9D6t2cZ%xP$fTh4JwU4sb10OfN$_4 zG%l9ZH#PYzO>0ODj*e6Q@C2MNC zHFhcVMZ2J8_CObWm-@`+QA4DThC?H}#u;-nt^F3y^k(Zx6^G}*%WcEpb(?Y4-+u%g zgA2H99*eWfYR^8`89%%FZe!^9-U;<2w&2(m@{6Nj4D0!Gxiw zlJpaXidb=m=2+P1ce+214B!xqUFpa0O}hFbr1xo2+;2>huYVxu#^9>bc4hKmxS6mK9jlNyF#fkc zTyFQs+|?=b({S*48olhICK~ zE9g92R5<{t`W{LI_z`tU>~+a<^Dw1tu|>JfwHCntu;%~9Qt^csyP1$pVP*mquu~p| zzUcBzCN_vTi!xvFUM4^{;&Kdn{Vji>W3y|u{filu1$T-*I`O; ze<*<12=f!}3y4wL?{6nULwRopA(v1I23+zqgkPGAYN1Q8NIJGVW+$0@LHg0X7=P36 zwvo@whAgYcMfrprc==W?_iv3c)*8ykFkzTN2oD0K*liW)X;*quyC3@bVSD3)h)_U> zg8fZ4Kn- z1-kqI{unmQdA%G2;`ksyRhGYxVJB@01{cW?jz*!<0Ee9o7x5?3Hqd-v%c7+9Ec+*t zkFbNtM{C6LgE5P7?RFU`{LF66So(QgwAC^ffccHK3|E#t-XXjpjdU$7Dbi8ekFlXU z0qf$zJM?e(ZtJd}p@BHo7=}ANe4c~Q-ITFqekH2?X(Rm=tkr)zWh|##-G%uE42L2# z67*bLW)<^2CT56HetoYoV+?g&wJP6=@fTf69fBhkLX!>Rdu^@iy^=+p6{WHCtXS$d zBd6n&kWD$jsJPTV4$Db-u@_t)tz}J`9djZ}?1&2p4US<`tW0}l%Gt~4rz>KyxE2C5 zCs9wF+Ysd^UP#ppECX)xyZwD}RwD-2CwMm090li@wI}@G$Bd zqbB5>@I<*V6tXz-RDY#2g*^&@C{G6+ZbHTcbqJRB4bu5NuBF{s7`T=%L(It1 z(jo_SjJ!-6Z86OIq;u>;J7Zv`=JxE4xF6`sKQ-_FM81y9!HokB7ZPD|z;@QOspeXs zX|L5rcDS?zG_X(35b#v6XiXlov6SLHB4knWq2NmIr-dudEE-)Wj>)E8vs}P;aYUub z6KlD_B}aOXEe_?y$Tc8b^&ifHN6vS(Fe3rRBWE#sISzXgHa zNlk+jJjhQh+G-=crv7Np4p}Y3%~N&Z&E3lR!6`RBB`!(uK6euYU($bFZ-#siRoY}iW+4%6jnM$)p} zC11>clOA? z#-&7dpU(^Gv5j4jRrV_A{}uM?to7dzLL@6oxI_kOG=J{)i)&wfPxTWGalk_Z&>r6L zk?m!n*+47d_W+()!NXqjGU1(>wvIvE9*~^eQ;X|w#U$uFy~n&az(OR!pYRQ~YxMnC zS))_-o26Thlt!#x=}d*q=UtUW%FwV183RH0S%MXi$IhR|Afk^f))kcd_&oAO`Zz;lXr`sQO)LJj? zMFKQt#z>Jnj>L@;xdBns^DI$e_pb`B1A+m-UdHyAQ+hd~DeJ;u3^h4zvRF{`>6du_KTY`Mm$|_#bBno@M8g#%X0ZWg7_n zPxk#JnC$c=LjW{O9Yb0QV2rNr2eg<2&3PWrma~(J$993XdrSxiF-t#)3!U! z?30+DT>i+8+Vm`bcOAgI9wp325>EI+)5ar$FfF*sSv@xf1 z%vv)ss>L3+3OCa^q6RPb7j8E{ErA;lCU+}n(L2fkj#n-hLkvBITssu>)oH;l_f&7G z5^(S56oJ$xX>IESiuY<+Q}Z<(AwIZ3w4Vc4%ZE6lJ8kj(u&+abIsES370-D z82Yi`3^HQWgvsJ)eZdZ=mQj^fl14j~I)Xd4jQgQwD>#b!!i-{um6*Fpyyd)O31^yt z97r_*^U!NpCP~f{-|c&0OO`MG1o#X*p^cPSaBTj#EEJN(!ccG~dzd_o7A-X2*Bkk7 ztFwv;+y@D|n<^d3V9SxA2nk9G44R(@7%TwbzD;~h!p&dkjvES$-TiyK)z#2*tVStH z4%n@Jt^@i&H^`-<&f~s?0T;AFi3)gTo7~>$CqaA2!F8dkb|O!PhO(uo*EqkZYcIaLLit+HBGBwANWxqs@h_^WJmQPcU$dPa>w z;Pe?=uyyA)U{i3-;;CGSMDLdJ*8j@=e_j+{e1HXaC;^9&j~>o03I;?OZ6)t&rWp>+ z_^T7u5TC9RxxVC2etZOWh%ruwfzL$x$7zdrZ72!6575;6a8jYzJVF3B9n@$`1fN+K ztaJ!A6&y9ZXVL5^E~WR|M9zd31l{_DfvMFF!RcCGBcpE3pc>9Ff~7u7JBqj!bxSWo zgyt-g#_RONMW@-l0hd54OxMGIES7Qehta|5g|%m(eI{iMJXpF}kxW-=QO=563XpWd zYc(+XS25;4x`LHj(6~dhch6&4NgSfpADEX-^hPGmd)kP{uC!7c^nq9&(7h=r-l?e% zTU_m!I#SMcHbT$Xxo$?et86Z{)Lg(%!!Q*yOsdPL3#=p3aSy_j1o1;KYEdbv6St`h z;$^T1>A#jrj%{Z5Jj%t|=v06R%Q>h3Xp}6mOkrDF-egv8Q*hT-z5ksgrsnh057~ik zLDy18bkbVR&4@-@_B>J>p{(L{xi5U0O9?!)UNh6mkS2jkzF3fy^cI}y1NhPNO?l~|fvK=u0O^+X-)(fhPX|2M7P^6k$z z0Y^isS@5y3Xbuu$yeV`UyR@j(4P~*BxmH@?))hHRBA~NK=x;YxmOxyPH`VsaAMWDF z){j!%aSR6?rktL=8WTut>;zZ5mI8qsTpa~--glND4w)z6B zMq!H!9jftgE%ao8pGICBMowsy+RIZZ<|3=npVZkmTGqrLEIeB()_7NhWLlQr`mL@E zelbTCl|WtmxIXmnOq2E6QY+KtLSg|Wm0l*(8u8 zF6xNTgd_Z;ymd|H0U@`M7iGDToo=PJHV3SQDD%Tl8_!26sUDV)YvzG#W#rs;Qm^t} zoZb4b#FlrJP))~t%*o#V1sX;7H5`PT)j>FqXDb^BhA|##aQc=lA7&3yrh^&$yRgdrC}3 zvgh{z5UJ)A&z?MNw3{RMjV`Y&qbR2FajtgEm&6&IGODxi@;_JGSjD?;XV0<&2RQrh z+`3`>Pc3iYjpm2&f_(X(A=@iU>~Xc=CKadBQDyMRDA^yutGl*^_1hl@7)jYz4BG|4dwJxZpdB4sKlUXHnNl@Du$rb4ambeLRkTyV&(zK~ZACTU2?n zlBIC8y4ziFY*kSgsb@zqLa?21!ED>M_i2#H`fsi}5u<4l_P&QDn1#0bhF|`{JfBwJ z{P7&DRgMC|D4MieddzwUmXs3~auGfLtU+9f3W`;i;MRxxWTwJ-fbGZ+krmmuM5xz= zkT#};>HDQZOUn`2VQW70TWUcWl9jmg4&}M&P`ti@H>rl6aqLqtUlDlWTy@>Kf;!uR zk~kv8d&k)A?%^77<%5ig>oH0bBdWy5ziG}1m}VmTRg>Y{lr5cLarlrXvP6F-*!E{> zg|%HNXdD;3(oL?B3!AK`cK@k8qi�aNpi!8`pm#ntJ|b&1cvm%X+4{7f2D!&A2ogM}>Vs zosWf$xB!&ZATy!ULFrHo)DZf9^tzd&5&d$Znf`vBw0m+ycG8y*eQ%yMq1mAHrmK>@ zan{yaYN#rVU$ZM0$gCGgW=AY+J9s0ki%`n!9lm-mC5C#5Puxwcd|(C8{NFmvlnynO zvvgQIHD~DmvwfVeo&n-2?*0e3(HCH(WB!6#&w^pCxMiUWrwr{@<9dDz9znpNu!#rSx{znc?7+LgqcM{PQ&F{JSVRoTG;*@+ zPG?sypeft>F0vqTN(QBKy!x)5YM#65DSCeWrO|!$?3O3zul?XMeerPajJBNj2Fp*| z8Acx!dd_Kl2j>gHmFZB{Km38NQ_Xj@>FaXdJEll8624$x@ilbter8b|H2hv7HPVIM zisTo$+}=>_?ZRxB*u_I47w{DigB~{B=J=Rx9k<+SidduKfuF6LV}F;VSr@PUEn3|3 zH9PgZNS;&=-~3-#R*`w4j+%~3n6lC{nqtTo0B;AM^@_?=u&jV&JlkjD6QR@EnJMfg zgX!gg7Tn+2S*fyurBn&Ta&T_9afN>jJMd3x!Yx zizW!DiQZA;M3fPQy$GdMF+x7G&{t?_g_2|^kQ;nOI)D4__B723w9TlW$)aYNesLb2 ztlF$I99%DJc6eNOsy57qu#xr<{AfyM#N6`JzK>qZ<|L1X7ruBrrN-scNN}7A*s7IS zn=Bqb{UdmxA87@DiI0>sT)g`mstabYSq}afwaIZ0y6=-onWd)2PL{R0bY`%ZcWDyk znL4+4C+&F#-=Er-qO`pEYk(U)u1UN0cWt1SRT(=DQ0hi<%r^;uR(rGWLkc-2T-Ns#_$06kYE}M?ka~$dy_U7@-x+@*O0zJvE87U=&ty4S;CVyh>|zwDbni~SzlwJS~i+-h09am_ovz3hfiq#94B+Cr0A!SC_n z#}=OLDI6KV+DYVeKY9%Rm4R<~-ir^E`0c9NwI6IW$FLfOl_}Y=xFJ_AlGkxkqXP4F z-rIfOJH`nS$Z%EV?f$n7`jZYRYnNQ*&`6aav_!6!O<8UGc? z<7_&{Mu29MoU%}%7^hgm^Z#;>h?Y0*cW0|v`-=ikmi+*qGx!blejJG|aIEA+0xHg5 z@2pGat9ZCy=-#q3VBOP!{`kE1{ty03^Z!Pk|G%EveLuOm_u~1&%N$MD&I7E+9c}$v JB{%I}{y(t&4f6m1 diff --git a/examples/external-auth/nginx/images/regiter-oauth-app-2.png b/examples/external-auth/nginx/images/register-oauth-app-2.png similarity index 100% rename from examples/external-auth/nginx/images/regiter-oauth-app-2.png rename to examples/external-auth/nginx/images/register-oauth-app-2.png diff --git a/examples/external-auth/nginx/images/regiter-oauth-app.png b/examples/external-auth/nginx/images/register-oauth-app.png similarity index 100% rename from examples/external-auth/nginx/images/regiter-oauth-app.png rename to examples/external-auth/nginx/images/register-oauth-app.png From ad247847005f26083c4213e9040ab1dfd20c5efb Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Thu, 9 Mar 2017 19:08:26 -0300 Subject: [PATCH 44/47] Only update Ingress status for the configured class --- core/pkg/ingress/annotations/class/main.go | 55 +++++++++++++++++ .../ingress/annotations/class/main_test.go | 58 ++++++++++++++++++ core/pkg/ingress/controller/controller.go | 35 ++++++----- core/pkg/ingress/controller/util.go | 29 --------- core/pkg/ingress/controller/util_test.go | 59 ------------------- core/pkg/ingress/status/status.go | 9 +++ 6 files changed, 139 insertions(+), 106 deletions(-) create mode 100644 core/pkg/ingress/annotations/class/main.go create mode 100644 core/pkg/ingress/annotations/class/main_test.go diff --git a/core/pkg/ingress/annotations/class/main.go b/core/pkg/ingress/annotations/class/main.go new file mode 100644 index 000000000..d9e862938 --- /dev/null +++ b/core/pkg/ingress/annotations/class/main.go @@ -0,0 +1,55 @@ +/* +Copyright 2015 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package class + +import ( + "github.com/golang/glog" + "k8s.io/kubernetes/pkg/apis/extensions" + + "k8s.io/ingress/core/pkg/ingress/annotations/parser" + "k8s.io/ingress/core/pkg/ingress/errors" +) + +const ( + // IngressKey picks a specific "class" for the Ingress. + // The controller only processes Ingresses with this annotation either + // unset, or set to either the configured value or the empty string. + IngressKey = "kubernetes.io/ingress.class" +) + +// IsValid returns true if the given Ingress either doesn't specify +// the ingress.class annotation, or it's set to the configured in the +// ingress controller. +func IsValid(ing *extensions.Ingress, controller, defClass string) bool { + ingress, err := parser.GetStringAnnotation(IngressKey, ing) + if err != nil && !errors.IsMissingAnnotations(err) { + glog.Warningf("unexpected error reading ingress annotation: %v", err) + } + + // we have 2 valid combinations + // 1 - ingress with default class | blank annotation on ingress + // 2 - ingress with specific class | same annotation on ingress + // + // and 2 invalid combinations + // 3 - ingress with default class | fixed annotation on ingress + // 4 - ingress with specific class | different annotation on ingress + if ingress == "" && controller == defClass { + return true + } + + return ingress == controller +} diff --git a/core/pkg/ingress/annotations/class/main_test.go b/core/pkg/ingress/annotations/class/main_test.go new file mode 100644 index 000000000..bf204052f --- /dev/null +++ b/core/pkg/ingress/annotations/class/main_test.go @@ -0,0 +1,58 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package class + +import ( + "testing" + + "k8s.io/kubernetes/pkg/api" + "k8s.io/kubernetes/pkg/apis/extensions" +) + +func TestIsValidClass(t *testing.T) { + tests := []struct { + ingress string + controller string + defClass string + isValid bool + }{ + {"", "", "nginx", true}, + {"", "nginx", "nginx", true}, + {"nginx", "nginx", "nginx", true}, + {"custom", "custom", "nginx", true}, + {"", "killer", "nginx", false}, + {"", "", "nginx", true}, + {"custom", "nginx", "nginx", false}, + } + + ing := &extensions.Ingress{ + ObjectMeta: api.ObjectMeta{ + Name: "foo", + Namespace: api.NamespaceDefault, + }, + } + + data := map[string]string{} + ing.SetAnnotations(data) + for _, test := range tests { + ing.Annotations[IngressKey] = test.ingress + b := IsValid(ing, test.controller, test.defClass) + if b != test.isValid { + t.Errorf("test %v - expected %v but %v was returned", test, test.isValid, b) + } + } +} diff --git a/core/pkg/ingress/controller/controller.go b/core/pkg/ingress/controller/controller.go index 207861e98..b1c2607c7 100644 --- a/core/pkg/ingress/controller/controller.go +++ b/core/pkg/ingress/controller/controller.go @@ -41,6 +41,7 @@ import ( cache_store "k8s.io/ingress/core/pkg/cache" "k8s.io/ingress/core/pkg/ingress" + "k8s.io/ingress/core/pkg/ingress/annotations/class" "k8s.io/ingress/core/pkg/ingress/annotations/healthcheck" "k8s.io/ingress/core/pkg/ingress/annotations/proxy" "k8s.io/ingress/core/pkg/ingress/annotations/service" @@ -58,11 +59,6 @@ const ( defServerName = "_" podStoreSyncedPollPeriod = 1 * time.Second rootLocation = "/" - - // ingressClassKey picks a specific "class" for the Ingress. The controller - // only processes Ingresses with this annotation either unset, or set - // to either the configured value or the empty string. - ingressClassKey = "kubernetes.io/ingress.class" ) var ( @@ -168,8 +164,8 @@ func newIngressController(config *Configuration) *GenericController { ingEventHandler := cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { addIng := obj.(*extensions.Ingress) - if !IsValidClass(addIng, config) { - glog.Infof("ignoring add for ingress %v based on annotation %v", addIng.Name, ingressClassKey) + if !class.IsValid(addIng, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) { + glog.Infof("ignoring add for ingress %v based on annotation %v", addIng.Name, class.IngressKey) return } ic.recorder.Eventf(addIng, api.EventTypeNormal, "CREATE", fmt.Sprintf("Ingress %s/%s", addIng.Namespace, addIng.Name)) @@ -177,8 +173,8 @@ func newIngressController(config *Configuration) *GenericController { }, DeleteFunc: func(obj interface{}) { delIng := obj.(*extensions.Ingress) - if !IsValidClass(delIng, config) { - glog.Infof("ignoring delete for ingress %v based on annotation %v", delIng.Name, ingressClassKey) + if !class.IsValid(delIng, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) { + glog.Infof("ignoring delete for ingress %v based on annotation %v", delIng.Name, class.IngressKey) return } ic.recorder.Eventf(delIng, api.EventTypeNormal, "DELETE", fmt.Sprintf("Ingress %s/%s", delIng.Namespace, delIng.Name)) @@ -187,7 +183,8 @@ func newIngressController(config *Configuration) *GenericController { UpdateFunc: func(old, cur interface{}) { oldIng := old.(*extensions.Ingress) curIng := cur.(*extensions.Ingress) - if !IsValidClass(curIng, config) && !IsValidClass(oldIng, config) { + if !class.IsValid(curIng, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) && + !class.IsValid(oldIng, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) { return } @@ -303,10 +300,12 @@ func newIngressController(config *Configuration) *GenericController { if config.UpdateStatus { ic.syncStatus = status.NewStatusSyncer(status.Config{ - Client: config.Client, - PublishService: ic.cfg.PublishService, - IngressLister: ic.ingLister, - ElectionID: config.ElectionID, + Client: config.Client, + PublishService: ic.cfg.PublishService, + IngressLister: ic.ingLister, + ElectionID: config.ElectionID, + IngressClass: config.IngressClass, + DefaultIngressClass: config.DefaultIngressClass, }) } else { glog.Warning("Update of ingress status is disabled (flag --update-status=false was specified)") @@ -590,7 +589,7 @@ func (ic *GenericController) getBackendServers() ([]*ingress.Backend, []*ingress for _, ingIf := range ings { ing := ingIf.(*extensions.Ingress) - if !IsValidClass(ing, ic.cfg) { + if !class.IsValid(ing, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) { continue } @@ -713,7 +712,7 @@ func (ic *GenericController) createUpstreams(data []interface{}) map[string]*ing for _, ingIf := range data { ing := ingIf.(*extensions.Ingress) - if !IsValidClass(ing, ic.cfg) { + if !class.IsValid(ing, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) { continue } @@ -885,7 +884,7 @@ func (ic *GenericController) createServers(data []interface{}, // initialize all the servers for _, ingIf := range data { ing := ingIf.(*extensions.Ingress) - if !IsValidClass(ing, ic.cfg) { + if !class.IsValid(ing, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) { continue } @@ -925,7 +924,7 @@ func (ic *GenericController) createServers(data []interface{}, // configure default location and SSL for _, ingIf := range data { ing := ingIf.(*extensions.Ingress) - if !IsValidClass(ing, ic.cfg) { + if !class.IsValid(ing, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) { continue } diff --git a/core/pkg/ingress/controller/util.go b/core/pkg/ingress/controller/util.go index 99f92eac0..77b88ba0c 100644 --- a/core/pkg/ingress/controller/util.go +++ b/core/pkg/ingress/controller/util.go @@ -22,11 +22,7 @@ import ( "github.com/golang/glog" "github.com/imdario/mergo" - "k8s.io/kubernetes/pkg/apis/extensions" - "k8s.io/ingress/core/pkg/ingress" - "k8s.io/ingress/core/pkg/ingress/annotations/parser" - "k8s.io/ingress/core/pkg/ingress/errors" ) // DeniedKeyName name of the key that contains the reason to deny a location @@ -85,31 +81,6 @@ func matchHostnames(pattern, host string) bool { return true } -// IsValidClass returns true if the given Ingress either doesn't specify -// the ingress.class annotation, or it's set to the configured in the -// ingress controller. -func IsValidClass(ing *extensions.Ingress, config *Configuration) bool { - currentIngClass := config.IngressClass - - cc, err := parser.GetStringAnnotation(ingressClassKey, ing) - if err != nil && !errors.IsMissingAnnotations(err) { - glog.Warningf("unexpected error reading ingress annotation: %v", err) - } - - // we have 2 valid combinations - // 1 - ingress with default class | blank annotation on ingress - // 2 - ingress with specific class | same annotation on ingress - // - // and 2 invalid combinations - // 3 - ingress with default class | fixed annotation on ingress - // 4 - ingress with specific class | different annotation on ingress - if (cc == "" && currentIngClass == "") || (currentIngClass == config.DefaultIngressClass) { - return true - } - - return cc == currentIngClass -} - func mergeLocationAnnotations(loc *ingress.Location, anns map[string]interface{}) { if _, ok := anns[DeniedKeyName]; ok { loc.Denied = anns[DeniedKeyName].(error) diff --git a/core/pkg/ingress/controller/util_test.go b/core/pkg/ingress/controller/util_test.go index f52558cc6..b4da882d2 100644 --- a/core/pkg/ingress/controller/util_test.go +++ b/core/pkg/ingress/controller/util_test.go @@ -29,8 +29,6 @@ import ( "k8s.io/ingress/core/pkg/ingress/annotations/proxy" "k8s.io/ingress/core/pkg/ingress/annotations/ratelimit" "k8s.io/ingress/core/pkg/ingress/annotations/rewrite" - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/apis/extensions" ) type fakeError struct{} @@ -39,63 +37,6 @@ func (fe *fakeError) Error() string { return "fakeError" } -// just 2 combinations are valid -// 1 - ingress with default class (or no args) | blank annotation on ingress | valid -// 2 - ingress with specified class | same annotation on ingress | valid -// -// this combinations are invalid -// 3 - ingress with default class (or no args) | fixed annotation on ingress | invalid -// 4 - ingress with specified class | different annotation on ingress | invalid -func TestIsValidClass(t *testing.T) { - ing := &extensions.Ingress{ - ObjectMeta: api.ObjectMeta{ - Name: "foo", - Namespace: api.NamespaceDefault, - }, - } - - config := &Configuration{DefaultIngressClass: "nginx", IngressClass: ""} - b := IsValidClass(ing, config) - if !b { - t.Error("Expected a valid class (missing annotation)") - } - - config.IngressClass = "custom" - b = IsValidClass(ing, config) - if b { - t.Error("Expected a invalid class (missing annotation)") - } - - data := map[string]string{} - data[ingressClassKey] = "custom" - ing.SetAnnotations(data) - b = IsValidClass(ing, config) - if !b { - t.Errorf("Expected valid class but %v returned", b) - } - - config.IngressClass = "killer" - b = IsValidClass(ing, config) - if b { - t.Errorf("Expected invalid class but %v returned", b) - } - - data[ingressClassKey] = "" - ing.SetAnnotations(data) - config.IngressClass = "killer" - b = IsValidClass(ing, config) - if b { - t.Errorf("Expected invalid class but %v returned", b) - } - - config.IngressClass = "" - b = IsValidClass(ing, config) - if !b { - t.Errorf("Expected valid class but %v returned", b) - } - -} - func TestIsHostValid(t *testing.T) { fkCert := &ingress.SSLCert{ CAFileName: "foo", diff --git a/core/pkg/ingress/status/status.go b/core/pkg/ingress/status/status.go index 6000c7f6b..0dc855513 100644 --- a/core/pkg/ingress/status/status.go +++ b/core/pkg/ingress/status/status.go @@ -32,6 +32,7 @@ import ( "k8s.io/kubernetes/pkg/util/wait" cache_store "k8s.io/ingress/core/pkg/cache" + "k8s.io/ingress/core/pkg/ingress/annotations/class" "k8s.io/ingress/core/pkg/k8s" "k8s.io/ingress/core/pkg/strings" "k8s.io/ingress/core/pkg/task" @@ -53,6 +54,9 @@ type Config struct { PublishService string IngressLister cache_store.StoreToIngressLister ElectionID string + + DefaultIngressClass string + IngressClass string } // statusSync keeps the status IP in each Ingress rule updated executing a periodic check @@ -243,6 +247,11 @@ func (s *statusSync) updateStatus(newIPs []api.LoadBalancerIngress) { wg.Add(len(ings)) for _, cur := range ings { ing := cur.(*extensions.Ingress) + + if !class.IsValid(ing, s.Config.IngressClass, s.Config.DefaultIngressClass) { + continue + } + go func(wg *sync.WaitGroup) { defer wg.Done() ingClient := s.Client.Extensions().Ingresses(ing.Namespace) From 1d38e3a38425f08de2f75fcae13896a3fec4d144 Mon Sep 17 00:00:00 2001 From: Giancarlo Rubio Date: Wed, 22 Feb 2017 22:51:53 +0100 Subject: [PATCH 45/47] Scrap json metrics from nginx vts upgrade vts to the latest version --- .../nginx/pkg/cmd/controller/metrics.go | 317 +++++++++++++++--- controllers/nginx/pkg/cmd/controller/nginx.go | 10 +- .../nginx/pkg/cmd/controller/status.go | 135 +++++++- .../nginx/pkg/cmd/controller/status_test.go | 2 +- controllers/nginx/pkg/config/config.go | 1 + .../rootfs/etc/nginx/template/nginx.tmpl | 32 +- images/nginx-slim/build.sh | 2 +- 7 files changed, 424 insertions(+), 75 deletions(-) diff --git a/controllers/nginx/pkg/cmd/controller/metrics.go b/controllers/nginx/pkg/cmd/controller/metrics.go index a4e8b562d..1b6903018 100644 --- a/controllers/nginx/pkg/cmd/controller/metrics.go +++ b/controllers/nginx/pkg/cmd/controller/metrics.go @@ -24,51 +24,22 @@ import ( common "github.com/ncabatoff/process-exporter" "github.com/ncabatoff/process-exporter/proc" "github.com/prometheus/client_golang/prometheus" + "reflect" ) -type exeMatcher struct { - name string - args []string -} - -func (em exeMatcher) MatchAndName(nacl common.NameAndCmdline) (bool, string) { - if len(nacl.Cmdline) == 0 { - return false, "" - } - cmd := filepath.Base(nacl.Cmdline[0]) - return em.name == cmd, "" -} - -func (n *NGINXController) setupMonitor(args []string) { - pc, err := newProcessCollector(true, exeMatcher{"nginx", args}) - if err != nil { - glog.Fatalf("unexpected error registering nginx collector: %v", err) - } - err = prometheus.Register(pc) - if err != nil { - glog.Warningf("unexpected error registering nginx collector: %v", err) - } -} - +// TODO add current namespace +// TODO add ingress class var ( - numprocsDesc = prometheus.NewDesc( - "nginx_num_procs", - "number of processes", - nil, nil) + // descriptions borrow from https://github.com/vozlt/nginx-module-vts cpuSecsDesc = prometheus.NewDesc( "nginx_cpu_seconds_total", "Cpu usage in seconds", nil, nil) - readBytesDesc = prometheus.NewDesc( - "nginx_read_bytes_total", - "number of bytes read", - nil, nil) - - writeBytesDesc = prometheus.NewDesc( - "nginx_write_bytes_total", - "number of bytes written", + numprocsDesc = prometheus.NewDesc( + "nginx_num_procs", + "number of processes", nil, nil) memResidentbytesDesc = prometheus.NewDesc( @@ -81,11 +52,107 @@ var ( "number of bytes of memory in use", nil, nil) + readBytesDesc = prometheus.NewDesc( + "nginx_read_bytes_total", + "number of bytes read", + nil, nil) + startTimeDesc = prometheus.NewDesc( "nginx_oldest_start_time_seconds", "start time in seconds since 1970/01/01", nil, nil) + writeBytesDesc = prometheus.NewDesc( + "nginx_write_bytes_total", + "number of bytes written", + nil, nil) + + //vts metrics + vtsBytesDesc = prometheus.NewDesc( + "nginx_vts_bytes_total", + "Nginx bytes count", + []string{"server_zone", "direction"}, nil) + + vtsCacheDesc = prometheus.NewDesc( + "nginx_vts_cache_total", + "Nginx cache count", + []string{"server_zone", "type"}, nil) + + vtsConnectionsDesc = prometheus.NewDesc( + "nginx_vts_connections_total", + "Nginx connections count", + []string{"type"}, nil) + + vtsResponseDesc = prometheus.NewDesc( + "nginx_vts_responses_total", + "The number of responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", + []string{"server_zone", "status_code"}, nil) + + vtsRequestDesc = prometheus.NewDesc( + "nginx_vts_requests_total", + "The total number of requested client connections.", + []string{"server_zone"}, nil) + + vtsFilterZoneBytesDesc = prometheus.NewDesc( + "nginx_vts_filterzone_bytes_total", + "Nginx bytes count", + []string{"server_zone", "country", "direction"}, nil) + + vtsFilterZoneResponseDesc = prometheus.NewDesc( + "nginx_vts_filterzone_responses_total", + "The number of responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", + []string{"server_zone", "country", "status_code"}, nil) + + vtsFilterZoneCacheDesc = prometheus.NewDesc( + "nginx_vts_filterzone_cache_total", + "Nginx cache count", + []string{"server_zone", "country", "type"}, nil) + + vtsUpstreamBackupDesc = prometheus.NewDesc( + "nginx_vts_upstream_backup", + "Current backup setting of the server.", + []string{"upstream", "server"}, nil) + + vtsUpstreamBytesDesc = prometheus.NewDesc( + "nginx_vts_upstream_bytes_total", + "The total number of bytes sent to this server.", + []string{"upstream", "server", "direction"}, nil) + + vtsUpstreamDownDesc = prometheus.NewDesc( + "nginx_vts_upstream_down_total", + "Current down setting of the server.", + []string{"upstream", "server"}, nil) + + vtsUpstreamFailTimeoutDesc = prometheus.NewDesc( + "nginx_vts_upstream_fail_timeout", + "Current fail_timeout setting of the server.", + []string{"upstream", "server"}, nil) + + vtsUpstreamMaxFailsDesc = prometheus.NewDesc( + "nginx_vts_upstream_maxfails", + "Current max_fails setting of the server.", + []string{"upstream", "server"}, nil) + + vtsUpstreamResponsesDesc = prometheus.NewDesc( + "nginx_vts_upstream_responses_total", + "The number of upstream responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", + []string{"upstream", "server", "status_code"}, nil) + + vtsUpstreamRequestDesc = prometheus.NewDesc( + "nginx_vts_upstream_requests_total", + "The total number of client connections forwarded to this server.", + []string{"upstream", "server"}, nil) + + vtsUpstreamResponseMsecDesc = prometheus.NewDesc( + "nginx_vts_upstream_response_msecs_avg", + "The average of only upstream response processing times in milliseconds.", + []string{"upstream", "server"}, nil) + + vtsUpstreamWeightDesc = prometheus.NewDesc( + "nginx_vts_upstream_weight", + "Current upstream weight setting of the server.", + []string{"upstream", "server"}, nil) + activeDesc = prometheus.NewDesc( "nginx_active_connections", "total number of active connections", @@ -122,6 +189,37 @@ var ( nil, nil) ) +type exeMatcher struct { + name string + args []string +} + +func (em exeMatcher) MatchAndName(nacl common.NameAndCmdline) (bool, string) { + if len(nacl.Cmdline) == 0 { + return false, "" + } + cmd := filepath.Base(nacl.Cmdline[0]) + return em.name == cmd, "" +} + +func (n *NGINXController) setupMonitor(args []string, vtsCollector bool) { + + pc, err := newProcessCollector(true, exeMatcher{"nginx", args}, vtsCollector) + + if err != nil { + glog.Fatalf("unexpected error registering nginx collector: %v", err) + } + + err = prometheus.Register(pc) + + if err != nil { + if _, ok := err.(prometheus.AlreadyRegisteredError); !ok { + glog.Warningf("unexpected error registering nginx collector: %v", err) + } + } + +} + type ( scrapeRequest struct { results chan<- prometheus.Metric @@ -131,22 +229,25 @@ type ( namedProcessCollector struct { scrapeChan chan scrapeRequest *proc.Grouper - fs *proc.FS + fs *proc.FS + enableVtsCollector bool } ) func newProcessCollector( children bool, - n common.MatchNamer) (*namedProcessCollector, error) { + n common.MatchNamer, + enableVtsCollector bool) (*namedProcessCollector, error) { fs, err := proc.NewFS("/proc") if err != nil { return nil, err } p := &namedProcessCollector{ - scrapeChan: make(chan scrapeRequest), - Grouper: proc.NewGrouper(children, n), - fs: fs, + scrapeChan: make(chan scrapeRequest), + Grouper: proc.NewGrouper(children, n), + fs: fs, + enableVtsCollector: enableVtsCollector, } _, err = p.Update(p.fs.AllProcs()) if err != nil { @@ -160,6 +261,7 @@ func newProcessCollector( // Describe implements prometheus.Collector. func (p *namedProcessCollector) Describe(ch chan<- *prometheus.Desc) { + ch <- cpuSecsDesc ch <- numprocsDesc ch <- readBytesDesc @@ -167,6 +269,26 @@ func (p *namedProcessCollector) Describe(ch chan<- *prometheus.Desc) { ch <- memResidentbytesDesc ch <- memVirtualbytesDesc ch <- startTimeDesc + + //vts metrics + ch <- vtsBytesDesc + ch <- vtsCacheDesc + ch <- vtsConnectionsDesc + ch <- vtsRequestDesc + ch <- vtsResponseDesc + ch <- vtsUpstreamBackupDesc + ch <- vtsUpstreamBytesDesc + ch <- vtsUpstreamDownDesc + ch <- vtsUpstreamFailTimeoutDesc + ch <- vtsUpstreamMaxFailsDesc + ch <- vtsUpstreamRequestDesc + ch <- vtsUpstreamResponseMsecDesc + ch <- vtsUpstreamResponsesDesc + ch <- vtsUpstreamWeightDesc + ch <- vtsFilterZoneBytesDesc + ch <- vtsFilterZoneCacheDesc + ch <- vtsFilterZoneResponseDesc + } // Collect implements prometheus.Collector. @@ -177,15 +299,21 @@ func (p *namedProcessCollector) Collect(ch chan<- prometheus.Metric) { } func (p *namedProcessCollector) start() { + for req := range p.scrapeChan { ch := req.results - p.scrape(ch) + p.scrapeNginxStatus(ch) + p.scrapeProcs(ch) + p.scrapeVts(ch) + req.done <- struct{}{} } } -func (p *namedProcessCollector) scrape(ch chan<- prometheus.Metric) { +// scrapeNginxStatus scrap the nginx status +func (p *namedProcessCollector) scrapeNginxStatus(ch chan<- prometheus.Metric) { s, err := getNginxStatus() + if err != nil { glog.Warningf("unexpected error obtaining nginx status info: %v", err) return @@ -206,7 +334,93 @@ func (p *namedProcessCollector) scrape(ch chan<- prometheus.Metric) { ch <- prometheus.MustNewConstMetric(waitingDesc, prometheus.GaugeValue, float64(s.Waiting)) - _, err = p.Update(p.fs.AllProcs()) +} + +// scrapeVts scrape nginx vts metrics +func (p *namedProcessCollector) scrapeVts(ch chan<- prometheus.Metric) { + + nginxMetrics, err := getNginxVtsMetrics() + if err != nil { + glog.Warningf("unexpected error obtaining nginx status info: %v", err) + return + } + + reflectMetrics(&nginxMetrics.Connections, vtsConnectionsDesc, ch) + + for name, zones := range nginxMetrics.UpstreamZones { + + for pos, value := range zones { + + reflectMetrics(&zones[pos].Responses, vtsUpstreamResponsesDesc, ch, name, value.Server) + + ch <- prometheus.MustNewConstMetric(vtsUpstreamRequestDesc, + prometheus.CounterValue, float64(zones[pos].RequestCounter), name, value.Server) + + ch <- prometheus.MustNewConstMetric(vtsUpstreamDownDesc, + prometheus.CounterValue, float64(zones[pos].Down), name, value.Server) + + ch <- prometheus.MustNewConstMetric(vtsUpstreamWeightDesc, + prometheus.CounterValue, float64(zones[pos].Weight), name, value.Server) + + ch <- prometheus.MustNewConstMetric(vtsUpstreamResponseMsecDesc, + prometheus.CounterValue, float64(zones[pos].ResponseMsec), name, value.Server) + + ch <- prometheus.MustNewConstMetric(vtsUpstreamBackupDesc, + prometheus.CounterValue, float64(zones[pos].Backup), name, value.Server) + + ch <- prometheus.MustNewConstMetric(vtsUpstreamFailTimeoutDesc, + prometheus.CounterValue, float64(zones[pos].FailTimeout), name, value.Server) + + ch <- prometheus.MustNewConstMetric(vtsUpstreamMaxFailsDesc, + prometheus.CounterValue, float64(zones[pos].MaxFails), name, value.Server) + + ch <- prometheus.MustNewConstMetric(vtsUpstreamBytesDesc, + prometheus.CounterValue, float64(zones[pos].InBytes), name, value.Server, "in") + + ch <- prometheus.MustNewConstMetric(vtsUpstreamBytesDesc, + prometheus.CounterValue, float64(zones[pos].OutBytes), name, value.Server, "out") + + } + } + + for name, zone := range nginxMetrics.ServerZones { + + reflectMetrics(&zone.Responses, vtsResponseDesc, ch, name) + reflectMetrics(&zone.Cache, vtsCacheDesc, ch, name) + + ch <- prometheus.MustNewConstMetric(vtsRequestDesc, + prometheus.CounterValue, float64(zone.RequestCounter), name) + + ch <- prometheus.MustNewConstMetric(vtsBytesDesc, + prometheus.CounterValue, float64(zone.InBytes), name, "in") + + ch <- prometheus.MustNewConstMetric(vtsBytesDesc, + prometheus.CounterValue, float64(zone.OutBytes), name, "out") + + } + + for serverZone, countries := range nginxMetrics.FilterZones { + + for country, zone := range countries { + + reflectMetrics(&zone.Responses, vtsFilterZoneResponseDesc, ch, serverZone, country) + reflectMetrics(&zone.Cache, vtsFilterZoneCacheDesc, ch, serverZone, country) + + ch <- prometheus.MustNewConstMetric(vtsFilterZoneBytesDesc, + prometheus.CounterValue, float64(zone.InBytes), serverZone, country, "in") + + ch <- prometheus.MustNewConstMetric(vtsFilterZoneBytesDesc, + prometheus.CounterValue, float64(zone.OutBytes), serverZone, country, "out") + + } + + } + +} + +func (p *namedProcessCollector) scrapeProcs(ch chan<- prometheus.Metric) { + + _, err := p.Update(p.fs.AllProcs()) if err != nil { glog.Warningf("unexpected error obtaining nginx process info: %v", err) return @@ -231,3 +445,18 @@ func (p *namedProcessCollector) scrape(ch chan<- prometheus.Metric) { prometheus.CounterValue, float64(gcounts.WriteBytes)) } } + +func reflectMetrics(value interface{}, desc *prometheus.Desc, ch chan<- prometheus.Metric, labels ...string) { + + val := reflect.ValueOf(value).Elem() + + for i := 0; i < val.NumField(); i++ { + tag := val.Type().Field(i).Tag + + labels := append(labels, tag.Get("json")) + ch <- prometheus.MustNewConstMetric(desc, + prometheus.CounterValue, float64(val.Field(i).Interface().(float64)), + labels...) + } + +} diff --git a/controllers/nginx/pkg/cmd/controller/nginx.go b/controllers/nginx/pkg/cmd/controller/nginx.go index f8e92bac0..d614853eb 100644 --- a/controllers/nginx/pkg/cmd/controller/nginx.go +++ b/controllers/nginx/pkg/cmd/controller/nginx.go @@ -25,7 +25,6 @@ import ( "net/http" "os" "os/exec" - "strings" "syscall" "time" @@ -40,12 +39,14 @@ import ( "k8s.io/ingress/core/pkg/ingress" "k8s.io/ingress/core/pkg/ingress/defaults" "k8s.io/ingress/core/pkg/net/ssl" + "strings" ) const ( ngxHealthPort = 18080 ngxHealthPath = "/healthz" ngxStatusPath = "/internal_nginx_status" + ngxVtsPath = "/nginx_status/format/json" ) var ( @@ -156,8 +157,8 @@ func (n *NGINXController) start(cmd *exec.Cmd, done chan error) { done <- err return } - - n.setupMonitor(cmd.Args) + cfg := ngx_template.ReadConfig(n.configmap.Data) + n.setupMonitor(cmd.Args, cfg.EnableVtsStatus) go func() { done <- cmd.Wait() @@ -177,6 +178,7 @@ func (n NGINXController) Reload(data []byte) ([]byte, bool, error) { } o, e := exec.Command(n.binary, "-s", "reload").CombinedOutput() + return o, true, e } @@ -204,6 +206,7 @@ func (n NGINXController) isReloadRequired(data []byte) bool { } if !bytes.Equal(src, data) { + tmpfile, err := ioutil.TempFile("", "nginx-cfg-diff") if err != nil { glog.Errorf("error creating temporal file: %s", err) @@ -312,6 +315,7 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) ([]byte, er } cfg := ngx_template.ReadConfig(n.configmap.Data) + n.setupMonitor([]string{""}, cfg.EnableVtsStatus) // NGINX cannot resize the has tables used to store server names. // For this reason we check if the defined size defined is correct diff --git a/controllers/nginx/pkg/cmd/controller/status.go b/controllers/nginx/pkg/cmd/controller/status.go index bfa1c383b..b286e3bfb 100644 --- a/controllers/nginx/pkg/cmd/controller/status.go +++ b/controllers/nginx/pkg/cmd/controller/status.go @@ -17,7 +17,9 @@ limitations under the License. package main import ( + "encoding/json" "fmt" + "github.com/golang/glog" "io/ioutil" "net/http" "regexp" @@ -49,22 +51,147 @@ type nginxStatus struct { Waiting int } +// https://github.com/vozlt/nginx-module-vts +type Vts struct { + NginxVersion string `json:"nginxVersion"` + LoadMsec int `json:"loadMsec"` + NowMsec int `json:"nowMsec"` + // Total connections and requests(same as stub_status_module in NGINX) + Connections Connections `json:"connections"` + // Traffic(in/out) and request and response counts and cache hit ratio per each server zone + ServerZones map[string]ServerZone `json:"serverZones"` + // Traffic(in/out) and request and response counts and cache hit ratio per each server zone filtered through + // the vhost_traffic_status_filter_by_set_key directive + FilterZones map[string]map[string]FilterZone `json:"filterZones"` + // Traffic(in/out) and request and response counts per server in each upstream group + UpstreamZones map[string][]UpstreamZone `json:"upstreamZones"` +} + +type ServerZone struct { + RequestCounter float64 `json:"requestCounter"` + InBytes float64 `json:"inBytes"` + OutBytes float64 `json:"outBytes"` + Responses Response `json:"responses"` + Cache Cache `json:"responses"` +} + +type FilterZone struct { + RequestCounter float64 `json:"requestCounter"` + InBytes float64 `json:"inBytes"` + OutBytes float64 `json:"outBytes"` + Cache Cache `json:"responses"` + Responses Response `json:"responses"` +} + +type UpstreamZone struct { + Responses Response `json:"responses"` + Server string `json:"server"` + RequestCounter float64 `json:"requestCounter"` + InBytes float64 `json:"inBytes"` + OutBytes float64 `json:"outBytes"` + ResponseMsec float64 `json:"responseMsec"` + Weight float64 `json:"weight"` + MaxFails float64 `json:"maxFails"` + FailTimeout float64 `json:"failTimeout"` + Backup BoolToFloat64 `json:"backup"` + Down BoolToFloat64 `json:"down"` +} + +type Cache struct { + Miss float64 `json:"miss"` + Bypass float64 `json:"bypass"` + Expired float64 `json:"expired"` + Stale float64 `json:"stale"` + Updating float64 `json:"updating"` + Revalidated float64 `json:"revalidated"` + Hit float64 `json:"hit"` + Scarce float64 `json:"scarce"` +} + +type Response struct { + OneXx float64 `json:"1xx"` + TwoXx float64 `json:"2xx"` + TheeXx float64 `json:"3xx"` + FourXx float64 `json:"4xx"` + FiveXx float64 `json:"5xx"` +} + +type Connections struct { + Active float64 `json:"active"` + Reading float64 `json:"reading"` + Writing float64 `json:"writing"` + Waiting float64 `json:"waiting"` + Accepted float64 `json:"accepted"` + Handled float64 `json:"handled"` + Requests float64 `json:"requests"` +} + +type BoolToFloat64 float64 + +func (bit BoolToFloat64) UnmarshalJSON(data []byte) error { + asString := string(data) + if asString == "1" || asString == "true" { + bit = 1 + } else if asString == "0" || asString == "false" { + bit = 0 + } else { + return fmt.Errorf(fmt.Sprintf("Boolean unmarshal error: invalid input %s", asString)) + } + return nil +} + func getNginxStatus() (*nginxStatus, error) { - resp, err := http.DefaultClient.Get(fmt.Sprintf("http://localhost:%v%v", ngxHealthPort, ngxStatusPath)) + + url := fmt.Sprintf("http://localhost:%v%v", ngxHealthPort, ngxStatusPath) + glog.V(3).Infof("start scrapping url: %v", url) + + data, err := httpBody(url) + if err != nil { return nil, fmt.Errorf("unexpected error scraping nginx status page: %v", err) } + return parse(string(data)), nil +} + +func httpBody(url string) ([]byte, error) { + resp, err := http.DefaultClient.Get(url) + if err != nil { + return nil, fmt.Errorf("unexpected error scraping nginx : %v", err) + } + data, err := ioutil.ReadAll(resp.Body) if err != nil { - return nil, fmt.Errorf("unexpected error scraping nginx status page (%v)", err) + return nil, fmt.Errorf("unexpected error scraping nginx (%v)", err) } defer resp.Body.Close() if resp.StatusCode < 200 || resp.StatusCode >= 400 { - return nil, fmt.Errorf("unexpected error scraping nginx status page (status %v)", resp.StatusCode) + return nil, fmt.Errorf("unexpected error scraping nginx (status %v)", resp.StatusCode) } - return parse(string(data)), nil + return data, nil + +} + +func getNginxVtsMetrics() (*Vts, error) { + url := fmt.Sprintf("http://localhost:%v%v", ngxHealthPort, ngxVtsPath) + glog.V(3).Infof("start scrapping url: %v", url) + + data, err := httpBody(url) + + if err != nil { + return nil, fmt.Errorf("unexpected error scraping nginx vts (%v)", err) + } + + var vts Vts + err = json.Unmarshal(data, &vts) + if err != nil { + return nil, fmt.Errorf("unexpected error json unmarshal (%v)", err) + } + + glog.V(3).Infof("scrap returned : %v", vts) + + return &vts, nil } func parse(data string) *nginxStatus { diff --git a/controllers/nginx/pkg/cmd/controller/status_test.go b/controllers/nginx/pkg/cmd/controller/status_test.go index 1dda3a01e..9d52e0691 100644 --- a/controllers/nginx/pkg/cmd/controller/status_test.go +++ b/controllers/nginx/pkg/cmd/controller/status_test.go @@ -67,4 +67,4 @@ func TestToint(t *testing.T) { t.Fatalf("expected %v but returned %v", test.exp, v) } } -} +} \ No newline at end of file diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go index 0001d9502..2e59a74a9 100644 --- a/controllers/nginx/pkg/config/config.go +++ b/controllers/nginx/pkg/config/config.go @@ -289,6 +289,7 @@ func NewDefault() Configuration { UseProxyProtocol: false, UseGzip: true, WorkerProcesses: runtime.NumCPU(), + EnableVtsStatus: false, VtsStatusZoneSize: "10m", UseHTTP2: true, Backend: defaults.Backend{ diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 9813bcd24..c00e53448 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -60,9 +60,6 @@ http { client_header_buffer_size {{ $cfg.ClientHeaderBufferSize }}; large_client_header_buffers {{ $cfg.LargeClientHeaderBuffers }}; - - http2_max_field_size {{ $cfg.HTTP2MaxFieldSize }}; - http2_max_header_size {{ $cfg.HTTP2MaxHeaderSize }}; types_hash_max_size 2048; server_names_hash_max_size {{ $cfg.ServerNameHashMaxSize }}; @@ -82,7 +79,7 @@ http { server_tokens {{ if $cfg.ShowServerTokens }}on{{ else }}off{{ end }}; - log_format upstreaminfo '{{ buildLogFormatUpstream $cfg }}'; + log_format upstreaminfo {{ buildLogFormatUpstream $cfg }}; {{/* map urls that should not appear in access.log */}} {{/* http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log */}} @@ -210,10 +207,10 @@ http { {{ range $index, $server := .Servers }} server { server_name {{ $server.Hostname }}; - listen {{ if not $cfg.DisableIpv6 }}[::]:{{ end }}80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server {{ if not $cfg.DisableIpv6 }}ipv6only=off{{end}} reuseport backlog={{ $backlogSize }}{{end}}; + listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $index 0 }} ipv6only=off{{end}}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}}; {{/* Listen on 442 because port 443 is used in the stream section */}} - {{/* This listen on port 442 cannot contains proxy_protocol directive because port 443 is in charge of decoding the protocol */}} - {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}{{ if not $cfg.DisableIpv6 }}[::]:{{ end }}443 {{ if $cfg.UseProxyProtocol }} proxy_protocol {{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server {{ if not $cfg.DisableIpv6 }}ipv6only=off{{end}} reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }}; + {{/* This listen cannot contains proxy_protocol directive because port 443 is in charge of decoding the protocol */}} + {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}[::]:443 {{ end }}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }}; {{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}} # PEM sha: {{ $server.SSLPemChecksum }} ssl_certificate {{ $server.SSLCertificate }}; @@ -246,8 +243,6 @@ http { {{ end }} {{ if not (empty $location.ExternalAuth.Method) }} proxy_method {{ $location.ExternalAuth.Method }}; - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Scheme $pass_access_scheme; {{ end }} proxy_set_header Host $host; proxy_pass_request_headers on; @@ -273,13 +268,9 @@ http { auth_request {{ $authPath }}; {{ end }} - {{ if not (empty $location.ExternalAuth.SigninURL) }} - error_page 401 = {{ $location.ExternalAuth.SigninURL }}; - {{ end }} - - {{ if (or $location.Redirect.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect)) }} + {{ if (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect) }} # enforce ssl on server side - if ($pass_access_scheme = http) { + if ($scheme = http) { return 301 https://$host$request_uri; } {{ end }} @@ -323,8 +314,6 @@ http { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $pass_port; proxy_set_header X-Forwarded-Proto $pass_access_scheme; - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Scheme $pass_access_scheme; # mitigate HTTPoxy Vulnerability # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/ @@ -342,7 +331,6 @@ http { proxy_redirect off; proxy_buffering off; proxy_buffer_size "{{ $location.Proxy.BufferSize }}"; - proxy_buffers 4 "{{ $location.Proxy.BufferSize }}"; proxy_http_version 1.1; @@ -376,7 +364,7 @@ http { # with an external software (like sysdig) location /nginx_status { allow 127.0.0.1; - {{ if not $cfg.DisableIpv6 }}allow ::1;{{ end }} + allow ::1; deny all; access_log off; @@ -394,7 +382,7 @@ http { # Use the port 18080 (random value just to avoid known ports) as default port for nginx. # Changing this value requires a change in: # https://github.com/kubernetes/contrib/blob/master/ingress/controllers/nginx/nginx/command.go#L104 - listen {{ if not $cfg.DisableIpv6 }}[::]:{{ end }}18080 {{ if not $cfg.DisableIpv6 }}ipv6only=off{{end}} default_server reuseport backlog={{ .BacklogSize }}; + listen [::]:18080 ipv6only=off default_server reuseport backlog={{ .BacklogSize }}; location {{ $healthzURI }} { access_log off; @@ -416,7 +404,7 @@ http { # TODO: enable extraction for vts module. location /internal_nginx_status { allow 127.0.0.1; - {{ if not $cfg.DisableIpv6 }}allow ::1;{{ end }} + allow ::1; deny all; access_log off; @@ -476,7 +464,7 @@ stream { {{ buildSSLPassthroughUpstreams $backends .PassthroughBackends }} server { - listen {{ if not $cfg.DisableIpv6 }}[::]:{{ end }}443 {{ if not $cfg.DisableIpv6 }}ipv6only=off{{ end }}{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}; + listen [::]:443 ipv6only=off{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}; proxy_pass $stream_upstream; ssl_preread on; } diff --git a/images/nginx-slim/build.sh b/images/nginx-slim/build.sh index 2236e1369..5238ccaec 100755 --- a/images/nginx-slim/build.sh +++ b/images/nginx-slim/build.sh @@ -19,7 +19,7 @@ set -e export NGINX_VERSION=1.11.10 export NDK_VERSION=0.3.0 -export VTS_VERSION=0.1.11 +export VTS_VERSION=0.1.12 export SETMISC_VERSION=0.31 export LUA_VERSION=0.10.7 export STICKY_SESSIONS_VERSION=08a395c66e42 From 7ba389c1d0760258d730c2f88f27c27f8ca43f06 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Fri, 10 Mar 2017 10:01:26 -0300 Subject: [PATCH 46/47] Cleanup collection of prometheus metrics --- .../nginx/pkg/cmd/controller/metrics.go | 449 +----------------- controllers/nginx/pkg/cmd/controller/nginx.go | 27 +- controllers/nginx/pkg/config/config.go | 6 - .../nginx/pkg/metric/collector/nginx.go | 130 +++++ .../nginx/pkg/metric/collector/process.go | 157 ++++++ .../nginx/pkg/metric/collector/scrape.go | 24 + .../controller => metric/collector}/status.go | 55 +-- .../collector}/status_test.go | 4 +- controllers/nginx/pkg/metric/collector/vts.go | 237 +++++++++ .../rootfs/etc/nginx/template/nginx.tmpl | 32 +- images/nginx-slim/build.sh | 2 +- 11 files changed, 643 insertions(+), 480 deletions(-) create mode 100644 controllers/nginx/pkg/metric/collector/nginx.go create mode 100644 controllers/nginx/pkg/metric/collector/process.go create mode 100644 controllers/nginx/pkg/metric/collector/scrape.go rename controllers/nginx/pkg/{cmd/controller => metric/collector}/status.go (87%) rename controllers/nginx/pkg/{cmd/controller => metric/collector}/status_test.go (98%) create mode 100644 controllers/nginx/pkg/metric/collector/vts.go diff --git a/controllers/nginx/pkg/cmd/controller/metrics.go b/controllers/nginx/pkg/cmd/controller/metrics.go index 1b6903018..a42a19230 100644 --- a/controllers/nginx/pkg/cmd/controller/metrics.go +++ b/controllers/nginx/pkg/cmd/controller/metrics.go @@ -17,446 +17,37 @@ limitations under the License. package main import ( - "path/filepath" - "github.com/golang/glog" - - common "github.com/ncabatoff/process-exporter" - "github.com/ncabatoff/process-exporter/proc" "github.com/prometheus/client_golang/prometheus" - "reflect" + + "k8s.io/ingress/controllers/nginx/pkg/metric/collector" ) -// TODO add current namespace -// TODO add ingress class -var ( - // descriptions borrow from https://github.com/vozlt/nginx-module-vts - - cpuSecsDesc = prometheus.NewDesc( - "nginx_cpu_seconds_total", - "Cpu usage in seconds", - nil, nil) - - numprocsDesc = prometheus.NewDesc( - "nginx_num_procs", - "number of processes", - nil, nil) - - memResidentbytesDesc = prometheus.NewDesc( - "nginx_resident_memory_bytes", - "number of bytes of memory in use", - nil, nil) - - memVirtualbytesDesc = prometheus.NewDesc( - "nginx_virtual_memory_bytes", - "number of bytes of memory in use", - nil, nil) - - readBytesDesc = prometheus.NewDesc( - "nginx_read_bytes_total", - "number of bytes read", - nil, nil) - - startTimeDesc = prometheus.NewDesc( - "nginx_oldest_start_time_seconds", - "start time in seconds since 1970/01/01", - nil, nil) - - writeBytesDesc = prometheus.NewDesc( - "nginx_write_bytes_total", - "number of bytes written", - nil, nil) - - //vts metrics - vtsBytesDesc = prometheus.NewDesc( - "nginx_vts_bytes_total", - "Nginx bytes count", - []string{"server_zone", "direction"}, nil) - - vtsCacheDesc = prometheus.NewDesc( - "nginx_vts_cache_total", - "Nginx cache count", - []string{"server_zone", "type"}, nil) - - vtsConnectionsDesc = prometheus.NewDesc( - "nginx_vts_connections_total", - "Nginx connections count", - []string{"type"}, nil) - - vtsResponseDesc = prometheus.NewDesc( - "nginx_vts_responses_total", - "The number of responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", - []string{"server_zone", "status_code"}, nil) - - vtsRequestDesc = prometheus.NewDesc( - "nginx_vts_requests_total", - "The total number of requested client connections.", - []string{"server_zone"}, nil) - - vtsFilterZoneBytesDesc = prometheus.NewDesc( - "nginx_vts_filterzone_bytes_total", - "Nginx bytes count", - []string{"server_zone", "country", "direction"}, nil) - - vtsFilterZoneResponseDesc = prometheus.NewDesc( - "nginx_vts_filterzone_responses_total", - "The number of responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", - []string{"server_zone", "country", "status_code"}, nil) - - vtsFilterZoneCacheDesc = prometheus.NewDesc( - "nginx_vts_filterzone_cache_total", - "Nginx cache count", - []string{"server_zone", "country", "type"}, nil) - - vtsUpstreamBackupDesc = prometheus.NewDesc( - "nginx_vts_upstream_backup", - "Current backup setting of the server.", - []string{"upstream", "server"}, nil) - - vtsUpstreamBytesDesc = prometheus.NewDesc( - "nginx_vts_upstream_bytes_total", - "The total number of bytes sent to this server.", - []string{"upstream", "server", "direction"}, nil) - - vtsUpstreamDownDesc = prometheus.NewDesc( - "nginx_vts_upstream_down_total", - "Current down setting of the server.", - []string{"upstream", "server"}, nil) - - vtsUpstreamFailTimeoutDesc = prometheus.NewDesc( - "nginx_vts_upstream_fail_timeout", - "Current fail_timeout setting of the server.", - []string{"upstream", "server"}, nil) - - vtsUpstreamMaxFailsDesc = prometheus.NewDesc( - "nginx_vts_upstream_maxfails", - "Current max_fails setting of the server.", - []string{"upstream", "server"}, nil) - - vtsUpstreamResponsesDesc = prometheus.NewDesc( - "nginx_vts_upstream_responses_total", - "The number of upstream responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", - []string{"upstream", "server", "status_code"}, nil) - - vtsUpstreamRequestDesc = prometheus.NewDesc( - "nginx_vts_upstream_requests_total", - "The total number of client connections forwarded to this server.", - []string{"upstream", "server"}, nil) - - vtsUpstreamResponseMsecDesc = prometheus.NewDesc( - "nginx_vts_upstream_response_msecs_avg", - "The average of only upstream response processing times in milliseconds.", - []string{"upstream", "server"}, nil) - - vtsUpstreamWeightDesc = prometheus.NewDesc( - "nginx_vts_upstream_weight", - "Current upstream weight setting of the server.", - []string{"upstream", "server"}, nil) - - activeDesc = prometheus.NewDesc( - "nginx_active_connections", - "total number of active connections", - nil, nil) - - acceptedDesc = prometheus.NewDesc( - "nginx_accepted_connections", - "total number of accepted client connections", - nil, nil) - - handledDesc = prometheus.NewDesc( - "nginx_handled_connections", - "total number of handled connections", - nil, nil) - - requestsDesc = prometheus.NewDesc( - "nginx_total_requests", - "total number of client requests", - nil, nil) - - readingDesc = prometheus.NewDesc( - "nginx_current_reading_connections", - "current number of connections where nginx is reading the request header", - nil, nil) - - writingDesc = prometheus.NewDesc( - "nginx_current_writing_connections", - "current number of connections where nginx is writing the response back to the client", - nil, nil) - - waitingDesc = prometheus.NewDesc( - "nginx_current_waiting_connections", - "current number of idle client connections waiting for a request", - nil, nil) -) - -type exeMatcher struct { - name string - args []string -} - -func (em exeMatcher) MatchAndName(nacl common.NameAndCmdline) (bool, string) { - if len(nacl.Cmdline) == 0 { - return false, "" +func (n *NGINXController) setupMonitor(sm statusModule) { + csm := n.statusModule + if csm != sm { + prometheus + n.statusModule = sm } - cmd := filepath.Base(nacl.Cmdline[0]) - return em.name == cmd, "" } -func (n *NGINXController) setupMonitor(args []string, vtsCollector bool) { - - pc, err := newProcessCollector(true, exeMatcher{"nginx", args}, vtsCollector) +type statsCollector struct { + process prometheus.Collector + basic prometheus.Collector + vts prometheus.Collector +} +func newStatsCollector() (*statsCollector, error) { + pc, err := collector.NewNamedProcess(true, collector.BinaryNameMatcher{"nginx", n.cmdArgs}) + if err != nil { + return nil, err + } + err = prometheus.Register(pc) if err != nil { glog.Fatalf("unexpected error registering nginx collector: %v", err) } - err = prometheus.Register(pc) - - if err != nil { - if _, ok := err.(prometheus.AlreadyRegisteredError); !ok { - glog.Warningf("unexpected error registering nginx collector: %v", err) - } - } - -} - -type ( - scrapeRequest struct { - results chan<- prometheus.Metric - done chan struct{} - } - - namedProcessCollector struct { - scrapeChan chan scrapeRequest - *proc.Grouper - fs *proc.FS - enableVtsCollector bool - } -) - -func newProcessCollector( - children bool, - n common.MatchNamer, - enableVtsCollector bool) (*namedProcessCollector, error) { - - fs, err := proc.NewFS("/proc") - if err != nil { - return nil, err - } - p := &namedProcessCollector{ - scrapeChan: make(chan scrapeRequest), - Grouper: proc.NewGrouper(children, n), - fs: fs, - enableVtsCollector: enableVtsCollector, - } - _, err = p.Update(p.fs.AllProcs()) - if err != nil { - return nil, err - } - - go p.start() - - return p, nil -} - -// Describe implements prometheus.Collector. -func (p *namedProcessCollector) Describe(ch chan<- *prometheus.Desc) { - - ch <- cpuSecsDesc - ch <- numprocsDesc - ch <- readBytesDesc - ch <- writeBytesDesc - ch <- memResidentbytesDesc - ch <- memVirtualbytesDesc - ch <- startTimeDesc - - //vts metrics - ch <- vtsBytesDesc - ch <- vtsCacheDesc - ch <- vtsConnectionsDesc - ch <- vtsRequestDesc - ch <- vtsResponseDesc - ch <- vtsUpstreamBackupDesc - ch <- vtsUpstreamBytesDesc - ch <- vtsUpstreamDownDesc - ch <- vtsUpstreamFailTimeoutDesc - ch <- vtsUpstreamMaxFailsDesc - ch <- vtsUpstreamRequestDesc - ch <- vtsUpstreamResponseMsecDesc - ch <- vtsUpstreamResponsesDesc - ch <- vtsUpstreamWeightDesc - ch <- vtsFilterZoneBytesDesc - ch <- vtsFilterZoneCacheDesc - ch <- vtsFilterZoneResponseDesc - -} - -// Collect implements prometheus.Collector. -func (p *namedProcessCollector) Collect(ch chan<- prometheus.Metric) { - req := scrapeRequest{results: ch, done: make(chan struct{})} - p.scrapeChan <- req - <-req.done -} - -func (p *namedProcessCollector) start() { - - for req := range p.scrapeChan { - ch := req.results - p.scrapeNginxStatus(ch) - p.scrapeProcs(ch) - p.scrapeVts(ch) - - req.done <- struct{}{} + return nil, &statsCollector{ + process: pc, } } - -// scrapeNginxStatus scrap the nginx status -func (p *namedProcessCollector) scrapeNginxStatus(ch chan<- prometheus.Metric) { - s, err := getNginxStatus() - - if err != nil { - glog.Warningf("unexpected error obtaining nginx status info: %v", err) - return - } - - ch <- prometheus.MustNewConstMetric(activeDesc, - prometheus.GaugeValue, float64(s.Active)) - ch <- prometheus.MustNewConstMetric(acceptedDesc, - prometheus.GaugeValue, float64(s.Accepted)) - ch <- prometheus.MustNewConstMetric(handledDesc, - prometheus.GaugeValue, float64(s.Handled)) - ch <- prometheus.MustNewConstMetric(requestsDesc, - prometheus.GaugeValue, float64(s.Requests)) - ch <- prometheus.MustNewConstMetric(readingDesc, - prometheus.GaugeValue, float64(s.Reading)) - ch <- prometheus.MustNewConstMetric(writingDesc, - prometheus.GaugeValue, float64(s.Writing)) - ch <- prometheus.MustNewConstMetric(waitingDesc, - prometheus.GaugeValue, float64(s.Waiting)) - -} - -// scrapeVts scrape nginx vts metrics -func (p *namedProcessCollector) scrapeVts(ch chan<- prometheus.Metric) { - - nginxMetrics, err := getNginxVtsMetrics() - if err != nil { - glog.Warningf("unexpected error obtaining nginx status info: %v", err) - return - } - - reflectMetrics(&nginxMetrics.Connections, vtsConnectionsDesc, ch) - - for name, zones := range nginxMetrics.UpstreamZones { - - for pos, value := range zones { - - reflectMetrics(&zones[pos].Responses, vtsUpstreamResponsesDesc, ch, name, value.Server) - - ch <- prometheus.MustNewConstMetric(vtsUpstreamRequestDesc, - prometheus.CounterValue, float64(zones[pos].RequestCounter), name, value.Server) - - ch <- prometheus.MustNewConstMetric(vtsUpstreamDownDesc, - prometheus.CounterValue, float64(zones[pos].Down), name, value.Server) - - ch <- prometheus.MustNewConstMetric(vtsUpstreamWeightDesc, - prometheus.CounterValue, float64(zones[pos].Weight), name, value.Server) - - ch <- prometheus.MustNewConstMetric(vtsUpstreamResponseMsecDesc, - prometheus.CounterValue, float64(zones[pos].ResponseMsec), name, value.Server) - - ch <- prometheus.MustNewConstMetric(vtsUpstreamBackupDesc, - prometheus.CounterValue, float64(zones[pos].Backup), name, value.Server) - - ch <- prometheus.MustNewConstMetric(vtsUpstreamFailTimeoutDesc, - prometheus.CounterValue, float64(zones[pos].FailTimeout), name, value.Server) - - ch <- prometheus.MustNewConstMetric(vtsUpstreamMaxFailsDesc, - prometheus.CounterValue, float64(zones[pos].MaxFails), name, value.Server) - - ch <- prometheus.MustNewConstMetric(vtsUpstreamBytesDesc, - prometheus.CounterValue, float64(zones[pos].InBytes), name, value.Server, "in") - - ch <- prometheus.MustNewConstMetric(vtsUpstreamBytesDesc, - prometheus.CounterValue, float64(zones[pos].OutBytes), name, value.Server, "out") - - } - } - - for name, zone := range nginxMetrics.ServerZones { - - reflectMetrics(&zone.Responses, vtsResponseDesc, ch, name) - reflectMetrics(&zone.Cache, vtsCacheDesc, ch, name) - - ch <- prometheus.MustNewConstMetric(vtsRequestDesc, - prometheus.CounterValue, float64(zone.RequestCounter), name) - - ch <- prometheus.MustNewConstMetric(vtsBytesDesc, - prometheus.CounterValue, float64(zone.InBytes), name, "in") - - ch <- prometheus.MustNewConstMetric(vtsBytesDesc, - prometheus.CounterValue, float64(zone.OutBytes), name, "out") - - } - - for serverZone, countries := range nginxMetrics.FilterZones { - - for country, zone := range countries { - - reflectMetrics(&zone.Responses, vtsFilterZoneResponseDesc, ch, serverZone, country) - reflectMetrics(&zone.Cache, vtsFilterZoneCacheDesc, ch, serverZone, country) - - ch <- prometheus.MustNewConstMetric(vtsFilterZoneBytesDesc, - prometheus.CounterValue, float64(zone.InBytes), serverZone, country, "in") - - ch <- prometheus.MustNewConstMetric(vtsFilterZoneBytesDesc, - prometheus.CounterValue, float64(zone.OutBytes), serverZone, country, "out") - - } - - } - -} - -func (p *namedProcessCollector) scrapeProcs(ch chan<- prometheus.Metric) { - - _, err := p.Update(p.fs.AllProcs()) - if err != nil { - glog.Warningf("unexpected error obtaining nginx process info: %v", err) - return - } - - for gname, gcounts := range p.Groups() { - glog.Infof("%v", gname) - glog.Infof("%v", gcounts) - ch <- prometheus.MustNewConstMetric(numprocsDesc, - prometheus.GaugeValue, float64(gcounts.Procs)) - ch <- prometheus.MustNewConstMetric(memResidentbytesDesc, - prometheus.GaugeValue, float64(gcounts.Memresident)) - ch <- prometheus.MustNewConstMetric(memVirtualbytesDesc, - prometheus.GaugeValue, float64(gcounts.Memvirtual)) - ch <- prometheus.MustNewConstMetric(startTimeDesc, - prometheus.GaugeValue, float64(gcounts.OldestStartTime.Unix())) - ch <- prometheus.MustNewConstMetric(cpuSecsDesc, - prometheus.CounterValue, gcounts.Cpu) - ch <- prometheus.MustNewConstMetric(readBytesDesc, - prometheus.CounterValue, float64(gcounts.ReadBytes)) - ch <- prometheus.MustNewConstMetric(writeBytesDesc, - prometheus.CounterValue, float64(gcounts.WriteBytes)) - } -} - -func reflectMetrics(value interface{}, desc *prometheus.Desc, ch chan<- prometheus.Metric, labels ...string) { - - val := reflect.ValueOf(value).Elem() - - for i := 0; i < val.NumField(); i++ { - tag := val.Type().Field(i).Tag - - labels := append(labels, tag.Get("json")) - ch <- prometheus.MustNewConstMetric(desc, - prometheus.CounterValue, float64(val.Field(i).Interface().(float64)), - labels...) - } - -} diff --git a/controllers/nginx/pkg/cmd/controller/nginx.go b/controllers/nginx/pkg/cmd/controller/nginx.go index d614853eb..7a484e7ef 100644 --- a/controllers/nginx/pkg/cmd/controller/nginx.go +++ b/controllers/nginx/pkg/cmd/controller/nginx.go @@ -33,20 +33,26 @@ import ( "k8s.io/kubernetes/pkg/api" + "strings" + "k8s.io/ingress/controllers/nginx/pkg/config" ngx_template "k8s.io/ingress/controllers/nginx/pkg/template" "k8s.io/ingress/controllers/nginx/pkg/version" "k8s.io/ingress/core/pkg/ingress" "k8s.io/ingress/core/pkg/ingress/defaults" "k8s.io/ingress/core/pkg/net/ssl" - "strings" ) +type statusModule string + const ( ngxHealthPort = 18080 ngxHealthPath = "/healthz" ngxStatusPath = "/internal_nginx_status" ngxVtsPath = "/nginx_status/format/json" + + defaultStatusModule statusModule = "default" + vtsStatusModule statusModule = "vts" ) var ( @@ -108,6 +114,10 @@ type NGINXController struct { storeLister ingress.StoreLister binary string + + cmdArgs []string + + statusModule statusModule } // Start start a new NGINX master process running in foreground. @@ -157,8 +167,17 @@ func (n *NGINXController) start(cmd *exec.Cmd, done chan error) { done <- err return } + + n.cmdArgs = cmd.Args + cfg := ngx_template.ReadConfig(n.configmap.Data) - n.setupMonitor(cmd.Args, cfg.EnableVtsStatus) + n.statusModule = defaultStatusModule + if cfg.EnableVtsStatus { + n.statusModule = vtsStatusModule + n.setupMonitor(vtsStatusModule) + } else { + n.setupMonitor(defaultStatusModule) + } go func() { done <- cmd.Wait() @@ -315,7 +334,9 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) ([]byte, er } cfg := ngx_template.ReadConfig(n.configmap.Data) - n.setupMonitor([]string{""}, cfg.EnableVtsStatus) + + // we need to check if the status module configuration changed + n.setupMonitor() // NGINX cannot resize the has tables used to store server names. // For this reason we check if the defined size defined is correct diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go index 2e59a74a9..ffd54676a 100644 --- a/controllers/nginx/pkg/config/config.go +++ b/controllers/nginx/pkg/config/config.go @@ -259,8 +259,6 @@ type Configuration struct { func NewDefault() Configuration { cfg := Configuration{ ClientHeaderBufferSize: "1k", - DisableAccessLog: false, - DisableIpv6: false, EnableDynamicTLSRecords: true, ErrorLogLevel: errorLevel, HTTP2MaxFieldSize: "4k", @@ -286,10 +284,8 @@ func NewDefault() Configuration { SSLSessionCacheSize: sslSessionCacheSize, SSLSessionTickets: true, SSLSessionTimeout: sslSessionTimeout, - UseProxyProtocol: false, UseGzip: true, WorkerProcesses: runtime.NumCPU(), - EnableVtsStatus: false, VtsStatusZoneSize: "10m", UseHTTP2: true, Backend: defaults.Backend{ @@ -301,11 +297,9 @@ func NewDefault() Configuration { ProxyCookieDomain: "off", ProxyCookiePath: "off", SSLRedirect: true, - ForceSSLRedirect: false, CustomHTTPErrors: []int{}, WhitelistSourceRange: []string{}, SkipAccessLogURLs: []string{}, - UsePortInRedirects: false, }, } diff --git a/controllers/nginx/pkg/metric/collector/nginx.go b/controllers/nginx/pkg/metric/collector/nginx.go new file mode 100644 index 000000000..7f1b869ee --- /dev/null +++ b/controllers/nginx/pkg/metric/collector/nginx.go @@ -0,0 +1,130 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package collector + +import ( + "github.com/golang/glog" + "github.com/prometheus/client_golang/prometheus" +) + +var ( + activeDesc = prometheus.NewDesc( + "nginx_active_connections", + "total number of active connections", + nil, nil) + + acceptedDesc = prometheus.NewDesc( + "nginx_accepted_connections", + "total number of accepted client connections", + nil, nil) + + handledDesc = prometheus.NewDesc( + "nginx_handled_connections", + "total number of handled connections", + nil, nil) + + requestsDesc = prometheus.NewDesc( + "nginx_total_requests", + "total number of client requests", + nil, nil) + + readingDesc = prometheus.NewDesc( + "nginx_current_reading_connections", + "current number of connections where nginx is reading the request header", + nil, nil) + + writingDesc = prometheus.NewDesc( + "nginx_current_writing_connections", + "current number of connections where nginx is writing the response back to the client", + nil, nil) + + waitingDesc = prometheus.NewDesc( + "nginx_current_waiting_connections", + "current number of idle client connections waiting for a request", + nil, nil) +) + +type ( + nginxStatusCollector struct { + scrapeChan chan scrapeRequest + } +) + +func NewNginxStatus() (prometheus.Collector, error) { + p := nginxStatusCollector{ + scrapeChan: make(chan scrapeRequest), + } + + go p.start() + + return p, nil +} + +// Describe implements prometheus.Collector. +func (p nginxStatusCollector) Describe(ch chan<- *prometheus.Desc) { + ch <- activeDesc + ch <- acceptedDesc + ch <- handledDesc + ch <- requestsDesc + ch <- readingDesc + ch <- writingDesc + ch <- waitingDesc +} + +// Collect implements prometheus.Collector. +func (p nginxStatusCollector) Collect(ch chan<- prometheus.Metric) { + req := scrapeRequest{results: ch, done: make(chan struct{})} + p.scrapeChan <- req + <-req.done +} + +func (p nginxStatusCollector) start() { + for req := range p.scrapeChan { + ch := req.results + p.scrape(ch) + req.done <- struct{}{} + } +} + +func (p nginxStatusCollector) Stop() { + close(p.scrapeChan) +} + +// nginxStatusCollector scrap the nginx status +func (p nginxStatusCollector) scrape(ch chan<- prometheus.Metric) { + s, err := getNginxStatus() + if err != nil { + glog.Warningf("unexpected error obtaining nginx status info: %v", err) + return + } + + ch <- prometheus.MustNewConstMetric(activeDesc, + prometheus.GaugeValue, float64(s.Active)) + ch <- prometheus.MustNewConstMetric(acceptedDesc, + prometheus.GaugeValue, float64(s.Accepted)) + ch <- prometheus.MustNewConstMetric(handledDesc, + prometheus.GaugeValue, float64(s.Handled)) + ch <- prometheus.MustNewConstMetric(requestsDesc, + prometheus.GaugeValue, float64(s.Requests)) + ch <- prometheus.MustNewConstMetric(readingDesc, + prometheus.GaugeValue, float64(s.Reading)) + ch <- prometheus.MustNewConstMetric(writingDesc, + prometheus.GaugeValue, float64(s.Writing)) + ch <- prometheus.MustNewConstMetric(waitingDesc, + prometheus.GaugeValue, float64(s.Waiting)) + +} diff --git a/controllers/nginx/pkg/metric/collector/process.go b/controllers/nginx/pkg/metric/collector/process.go new file mode 100644 index 000000000..3154863b3 --- /dev/null +++ b/controllers/nginx/pkg/metric/collector/process.go @@ -0,0 +1,157 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package collector + +import ( + "path/filepath" + + "github.com/golang/glog" + common "github.com/ncabatoff/process-exporter" + "github.com/ncabatoff/process-exporter/proc" + "github.com/prometheus/client_golang/prometheus" +) + +type BinaryNameMatcher struct { + name string + args []string +} + +func (em BinaryNameMatcher) MatchAndName(nacl common.NameAndCmdline) (bool, string) { + if len(nacl.Cmdline) == 0 { + return false, "" + } + cmd := filepath.Base(nacl.Cmdline[0]) + return em.name == cmd, "" +} + +var ( + numprocsDesc = prometheus.NewDesc( + "nginx_num_procs", + "number of processes", + nil, nil) + + cpuSecsDesc = prometheus.NewDesc( + "nginx_cpu_seconds_total", + "Cpu usage in seconds", + nil, nil) + + readBytesDesc = prometheus.NewDesc( + "nginx_read_bytes_total", + "number of bytes read", + nil, nil) + + writeBytesDesc = prometheus.NewDesc( + "nginx_write_bytes_total", + "number of bytes written", + nil, nil) + + memResidentbytesDesc = prometheus.NewDesc( + "nginx_resident_memory_bytes", + "number of bytes of memory in use", + nil, nil) + + memVirtualbytesDesc = prometheus.NewDesc( + "nginx_virtual_memory_bytes", + "number of bytes of memory in use", + nil, nil) + + startTimeDesc = prometheus.NewDesc( + "nginx_oldest_start_time_seconds", + "start time in seconds since 1970/01/01", + nil, nil) +) + +type namedProcess struct { + scrapeChan chan scrapeRequest + *proc.Grouper + fs *proc.FS +} + +func NewNamedProcessCollector(children bool, mn common.MatchNamer) (prometheus.Collector, error) { + fs, err := proc.NewFS("/proc") + if err != nil { + return nil, err + } + p := namedProcess{ + scrapeChan: make(chan scrapeRequest), + Grouper: proc.NewGrouper(children, mn), + fs: fs, + } + _, err = p.Update(p.fs.AllProcs()) + if err != nil { + return nil, err + } + + go p.start() + + return p, nil +} + +// Describe implements prometheus.Collector. +func (p namedProcess) Describe(ch chan<- *prometheus.Desc) { + ch <- cpuSecsDesc + ch <- numprocsDesc + ch <- readBytesDesc + ch <- writeBytesDesc + ch <- memResidentbytesDesc + ch <- memVirtualbytesDesc + ch <- startTimeDesc +} + +// Collect implements prometheus.Collector. +func (p namedProcess) Collect(ch chan<- prometheus.Metric) { + req := scrapeRequest{results: ch, done: make(chan struct{})} + p.scrapeChan <- req + <-req.done +} + +func (p namedProcess) start() { + for req := range p.scrapeChan { + ch := req.results + p.scrape(ch) + req.done <- struct{}{} + } +} + +func (p namedProcess) Stop() { + close(p.scrapeChan) +} + +func (p namedProcess) scrape(ch chan<- prometheus.Metric) { + _, err := p.Update(p.fs.AllProcs()) + if err != nil { + glog.Warningf("unexpected error obtaining nginx process info: %v", err) + return + } + + for gname, gcounts := range p.Groups() { + ch <- prometheus.MustNewConstMetric(numprocsDesc, + prometheus.GaugeValue, float64(gcounts.Procs)) + ch <- prometheus.MustNewConstMetric(memResidentbytesDesc, + prometheus.GaugeValue, float64(gcounts.Memresident)) + ch <- prometheus.MustNewConstMetric(memVirtualbytesDesc, + prometheus.GaugeValue, float64(gcounts.Memvirtual)) + ch <- prometheus.MustNewConstMetric(startTimeDesc, + prometheus.GaugeValue, float64(gcounts.OldestStartTime.Unix())) + ch <- prometheus.MustNewConstMetric(cpuSecsDesc, + prometheus.CounterValue, gcounts.Cpu) + ch <- prometheus.MustNewConstMetric(readBytesDesc, + prometheus.CounterValue, float64(gcounts.ReadBytes)) + ch <- prometheus.MustNewConstMetric(writeBytesDesc, + prometheus.CounterValue, float64(gcounts.WriteBytes)) + } +} diff --git a/controllers/nginx/pkg/metric/collector/scrape.go b/controllers/nginx/pkg/metric/collector/scrape.go new file mode 100644 index 000000000..b40ff14ad --- /dev/null +++ b/controllers/nginx/pkg/metric/collector/scrape.go @@ -0,0 +1,24 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package collector + +import "github.com/prometheus/client_golang/prometheus" + +type scrapeRequest struct { + results chan<- prometheus.Metric + done chan struct{} +} diff --git a/controllers/nginx/pkg/cmd/controller/status.go b/controllers/nginx/pkg/metric/collector/status.go similarity index 87% rename from controllers/nginx/pkg/cmd/controller/status.go rename to controllers/nginx/pkg/metric/collector/status.go index b286e3bfb..7bd0ecf52 100644 --- a/controllers/nginx/pkg/cmd/controller/status.go +++ b/controllers/nginx/pkg/metric/collector/status.go @@ -14,16 +14,17 @@ See the License for the specific language governing permissions and limitations under the License. */ -package main +package collector import ( "encoding/json" "fmt" - "github.com/golang/glog" "io/ioutil" "net/http" "regexp" "strconv" + + "github.com/golang/glog" ) var ( @@ -34,7 +35,7 @@ var ( waiting = regexp.MustCompile(`Waiting: (\d+)`) ) -type nginxStatus struct { +type basicStatus struct { // Active total number of active connections Active int // Accepted total number of accepted client connections @@ -52,39 +53,39 @@ type nginxStatus struct { } // https://github.com/vozlt/nginx-module-vts -type Vts struct { +type vts struct { NginxVersion string `json:"nginxVersion"` LoadMsec int `json:"loadMsec"` NowMsec int `json:"nowMsec"` // Total connections and requests(same as stub_status_module in NGINX) - Connections Connections `json:"connections"` + Connections connections `json:"connections"` // Traffic(in/out) and request and response counts and cache hit ratio per each server zone - ServerZones map[string]ServerZone `json:"serverZones"` + ServerZones map[string]serverZone `json:"serverZones"` // Traffic(in/out) and request and response counts and cache hit ratio per each server zone filtered through // the vhost_traffic_status_filter_by_set_key directive - FilterZones map[string]map[string]FilterZone `json:"filterZones"` + FilterZones map[string]map[string]filterZone `json:"filterZones"` // Traffic(in/out) and request and response counts per server in each upstream group - UpstreamZones map[string][]UpstreamZone `json:"upstreamZones"` + UpstreamZones map[string][]upstreamZone `json:"upstreamZones"` } -type ServerZone struct { +type serverZone struct { RequestCounter float64 `json:"requestCounter"` InBytes float64 `json:"inBytes"` OutBytes float64 `json:"outBytes"` - Responses Response `json:"responses"` - Cache Cache `json:"responses"` + Responses response `json:"responses"` + Cache cache `json:"responses"` } -type FilterZone struct { +type filterZone struct { RequestCounter float64 `json:"requestCounter"` InBytes float64 `json:"inBytes"` OutBytes float64 `json:"outBytes"` - Cache Cache `json:"responses"` - Responses Response `json:"responses"` + Cache cache `json:"responses"` + Responses response `json:"responses"` } -type UpstreamZone struct { - Responses Response `json:"responses"` +type upstreamZone struct { + Responses response `json:"responses"` Server string `json:"server"` RequestCounter float64 `json:"requestCounter"` InBytes float64 `json:"inBytes"` @@ -97,7 +98,7 @@ type UpstreamZone struct { Down BoolToFloat64 `json:"down"` } -type Cache struct { +type cache struct { Miss float64 `json:"miss"` Bypass float64 `json:"bypass"` Expired float64 `json:"expired"` @@ -108,7 +109,7 @@ type Cache struct { Scarce float64 `json:"scarce"` } -type Response struct { +type response struct { OneXx float64 `json:"1xx"` TwoXx float64 `json:"2xx"` TheeXx float64 `json:"3xx"` @@ -116,7 +117,7 @@ type Response struct { FiveXx float64 `json:"5xx"` } -type Connections struct { +type connections struct { Active float64 `json:"active"` Reading float64 `json:"reading"` Writing float64 `json:"writing"` @@ -140,8 +141,7 @@ func (bit BoolToFloat64) UnmarshalJSON(data []byte) error { return nil } -func getNginxStatus() (*nginxStatus, error) { - +func getNginxStatus() (*basicStatus, error) { url := fmt.Sprintf("http://localhost:%v%v", ngxHealthPort, ngxStatusPath) glog.V(3).Infof("start scrapping url: %v", url) @@ -170,10 +170,9 @@ func httpBody(url string) ([]byte, error) { } return data, nil - } -func getNginxVtsMetrics() (*Vts, error) { +func getNginxVtsMetrics() (*vts, error) { url := fmt.Sprintf("http://localhost:%v%v", ngxHealthPort, ngxVtsPath) glog.V(3).Infof("start scrapping url: %v", url) @@ -183,25 +182,23 @@ func getNginxVtsMetrics() (*Vts, error) { return nil, fmt.Errorf("unexpected error scraping nginx vts (%v)", err) } - var vts Vts + var vts *vts err = json.Unmarshal(data, &vts) if err != nil { return nil, fmt.Errorf("unexpected error json unmarshal (%v)", err) } - glog.V(3).Infof("scrap returned : %v", vts) - - return &vts, nil + return vts, nil } -func parse(data string) *nginxStatus { +func parse(data string) *basicStatus { acr := ac.FindStringSubmatch(data) sahrr := sahr.FindStringSubmatch(data) readingr := reading.FindStringSubmatch(data) writingr := writing.FindStringSubmatch(data) waitingr := waiting.FindStringSubmatch(data) - return &nginxStatus{ + return &basicStatus{ toInt(acr, 1), toInt(sahrr, 1), toInt(sahrr, 2), diff --git a/controllers/nginx/pkg/cmd/controller/status_test.go b/controllers/nginx/pkg/metric/collector/status_test.go similarity index 98% rename from controllers/nginx/pkg/cmd/controller/status_test.go rename to controllers/nginx/pkg/metric/collector/status_test.go index 9d52e0691..b6693d9c9 100644 --- a/controllers/nginx/pkg/cmd/controller/status_test.go +++ b/controllers/nginx/pkg/metric/collector/status_test.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package main +package collector import ( "reflect" @@ -67,4 +67,4 @@ func TestToint(t *testing.T) { t.Fatalf("expected %v but returned %v", test.exp, v) } } -} \ No newline at end of file +} diff --git a/controllers/nginx/pkg/metric/collector/vts.go b/controllers/nginx/pkg/metric/collector/vts.go new file mode 100644 index 000000000..a47531f65 --- /dev/null +++ b/controllers/nginx/pkg/metric/collector/vts.go @@ -0,0 +1,237 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package collector + +import ( + "reflect" + + "github.com/golang/glog" + "github.com/prometheus/client_golang/prometheus" +) + +var ( + vtsBytesDesc = prometheus.NewDesc( + "nginx_vts_bytes_total", + "Nginx bytes count", + []string{"server_zone", "direction"}, nil) + + vtsCacheDesc = prometheus.NewDesc( + "nginx_vts_cache_total", + "Nginx cache count", + []string{"server_zone", "type"}, nil) + + vtsConnectionsDesc = prometheus.NewDesc( + "nginx_vts_connections_total", + "Nginx connections count", + []string{"type"}, nil) + + vtsResponseDesc = prometheus.NewDesc( + "nginx_vts_responses_total", + "The number of responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", + []string{"server_zone", "status_code"}, nil) + + vtsRequestDesc = prometheus.NewDesc( + "nginx_vts_requests_total", + "The total number of requested client connections.", + []string{"server_zone"}, nil) + + vtsFilterZoneBytesDesc = prometheus.NewDesc( + "nginx_vts_filterzone_bytes_total", + "Nginx bytes count", + []string{"server_zone", "country", "direction"}, nil) + + vtsFilterZoneResponseDesc = prometheus.NewDesc( + "nginx_vts_filterzone_responses_total", + "The number of responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", + []string{"server_zone", "country", "status_code"}, nil) + + vtsFilterZoneCacheDesc = prometheus.NewDesc( + "nginx_vts_filterzone_cache_total", + "Nginx cache count", + []string{"server_zone", "country", "type"}, nil) + + vtsUpstreamBackupDesc = prometheus.NewDesc( + "nginx_vts_upstream_backup", + "Current backup setting of the server.", + []string{"upstream", "server"}, nil) + + vtsUpstreamBytesDesc = prometheus.NewDesc( + "nginx_vts_upstream_bytes_total", + "The total number of bytes sent to this server.", + []string{"upstream", "server", "direction"}, nil) + + vtsUpstreamDownDesc = prometheus.NewDesc( + "nginx_vts_upstream_down_total", + "Current down setting of the server.", + []string{"upstream", "server"}, nil) + + vtsUpstreamFailTimeoutDesc = prometheus.NewDesc( + "nginx_vts_upstream_fail_timeout", + "Current fail_timeout setting of the server.", + []string{"upstream", "server"}, nil) + + vtsUpstreamMaxFailsDesc = prometheus.NewDesc( + "nginx_vts_upstream_maxfails", + "Current max_fails setting of the server.", + []string{"upstream", "server"}, nil) + + vtsUpstreamResponsesDesc = prometheus.NewDesc( + "nginx_vts_upstream_responses_total", + "The number of upstream responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", + []string{"upstream", "server", "status_code"}, nil) + + vtsUpstreamRequestDesc = prometheus.NewDesc( + "nginx_vts_upstream_requests_total", + "The total number of client connections forwarded to this server.", + []string{"upstream", "server"}, nil) + + vtsUpstreamResponseMsecDesc = prometheus.NewDesc( + "nginx_vts_upstream_response_msecs_avg", + "The average of only upstream response processing times in milliseconds.", + []string{"upstream", "server"}, nil) + + vtsUpstreamWeightDesc = prometheus.NewDesc( + "nginx_vts_upstream_weight", + "Current upstream weight setting of the server.", + []string{"upstream", "server"}, nil) +) + +type vtsCollector struct { + scrapeChan chan scrapeRequest + } + +func NewNGINXVTSCollector() (prometheus.Collector, error) { + p := vtsCollector{ + scrapeChan: make(chan scrapeRequest), + } + + go p.start() + + return p, nil +} + +// Describe implements prometheus.Collector. +func (p *vtsCollector) Describe(ch chan<- *prometheus.Desc) { + ch <- vtsBytesDesc + ch <- vtsCacheDesc + ch <- vtsConnectionsDesc + ch <- vtsRequestDesc + ch <- vtsResponseDesc + ch <- vtsUpstreamBackupDesc + ch <- vtsUpstreamBytesDesc + ch <- vtsUpstreamDownDesc + ch <- vtsUpstreamFailTimeoutDesc + ch <- vtsUpstreamMaxFailsDesc + ch <- vtsUpstreamRequestDesc + ch <- vtsUpstreamResponseMsecDesc + ch <- vtsUpstreamResponsesDesc + ch <- vtsUpstreamWeightDesc + ch <- vtsFilterZoneBytesDesc + ch <- vtsFilterZoneCacheDesc + ch <- vtsFilterZoneResponseDesc +} + +// Collect implements prometheus.Collector. +func (p *vtsCollector) Collect(ch chan<- prometheus.Metric) { + req := scrapeRequest{results: ch, done: make(chan struct{})} + p.scrapeChan <- req + <-req.done +} + +func (p *vtsCollector) start() { + for req := range p.scrapeChan { + ch := req.results + p.scrapeVts(ch) + req.done <- struct{}{} + } +} + +func (p *vtsCollector) Stop() { + close(p.scrapeChan) +} + +// scrapeVts scrape nginx vts metrics +func (p *vtsCollector) scrapeVts(ch chan<- prometheus.Metric) { + nginxMetrics, err := getNginxVtsMetrics() + if err != nil { + glog.Warningf("unexpected error obtaining nginx status info: %v", err) + return + } + + reflectMetrics(&nginxMetrics.Connections, vtsConnectionsDesc, ch) + + for name, zones := range nginxMetrics.UpstreamZones { + for pos, value := range zones { + reflectMetrics(&zones[pos].Responses, vtsUpstreamResponsesDesc, ch, name, value.Server) + + ch <- prometheus.MustNewConstMetric(vtsUpstreamRequestDesc, + prometheus.CounterValue, float64(zones[pos].RequestCounter), name, value.Server) + ch <- prometheus.MustNewConstMetric(vtsUpstreamDownDesc, + prometheus.CounterValue, float64(zones[pos].Down), name, value.Server) + ch <- prometheus.MustNewConstMetric(vtsUpstreamWeightDesc, + prometheus.CounterValue, float64(zones[pos].Weight), name, value.Server) + ch <- prometheus.MustNewConstMetric(vtsUpstreamResponseMsecDesc, + prometheus.CounterValue, float64(zones[pos].ResponseMsec), name, value.Server) + ch <- prometheus.MustNewConstMetric(vtsUpstreamBackupDesc, + prometheus.CounterValue, float64(zones[pos].Backup), name, value.Server) + ch <- prometheus.MustNewConstMetric(vtsUpstreamFailTimeoutDesc, + prometheus.CounterValue, float64(zones[pos].FailTimeout), name, value.Server) + ch <- prometheus.MustNewConstMetric(vtsUpstreamMaxFailsDesc, + prometheus.CounterValue, float64(zones[pos].MaxFails), name, value.Server) + ch <- prometheus.MustNewConstMetric(vtsUpstreamBytesDesc, + prometheus.CounterValue, float64(zones[pos].InBytes), name, value.Server, "in") + ch <- prometheus.MustNewConstMetric(vtsUpstreamBytesDesc, + prometheus.CounterValue, float64(zones[pos].OutBytes), name, value.Server, "out") + } + } + + for name, zone := range nginxMetrics.ServerZones { + reflectMetrics(&zone.Responses, vtsResponseDesc, ch, name) + reflectMetrics(&zone.Cache, vtsCacheDesc, ch, name) + + ch <- prometheus.MustNewConstMetric(vtsRequestDesc, + prometheus.CounterValue, float64(zone.RequestCounter), name) + ch <- prometheus.MustNewConstMetric(vtsBytesDesc, + prometheus.CounterValue, float64(zone.InBytes), name, "in") + ch <- prometheus.MustNewConstMetric(vtsBytesDesc, + prometheus.CounterValue, float64(zone.OutBytes), name, "out") + } + + for serverZone, countries := range nginxMetrics.FilterZones { + for country, zone := range countries { + reflectMetrics(&zone.Responses, vtsFilterZoneResponseDesc, ch, serverZone, country) + reflectMetrics(&zone.Cache, vtsFilterZoneCacheDesc, ch, serverZone, country) + + ch <- prometheus.MustNewConstMetric(vtsFilterZoneBytesDesc, + prometheus.CounterValue, float64(zone.InBytes), serverZone, country, "in") + ch <- prometheus.MustNewConstMetric(vtsFilterZoneBytesDesc, + prometheus.CounterValue, float64(zone.OutBytes), serverZone, country, "out") + } + } +} + +func reflectMetrics(value interface{}, desc *prometheus.Desc, ch chan<- prometheus.Metric, labels ...string) { + val := reflect.ValueOf(value).Elem() + + for i := 0; i < val.NumField(); i++ { + tag := val.Type().Field(i).Tag + labels := append(labels, tag.Get("json")) + ch <- prometheus.MustNewConstMetric(desc, + prometheus.CounterValue, float64(val.Field(i).Interface().(float64)), + labels...) + } +} diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index c00e53448..9813bcd24 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -60,6 +60,9 @@ http { client_header_buffer_size {{ $cfg.ClientHeaderBufferSize }}; large_client_header_buffers {{ $cfg.LargeClientHeaderBuffers }}; + + http2_max_field_size {{ $cfg.HTTP2MaxFieldSize }}; + http2_max_header_size {{ $cfg.HTTP2MaxHeaderSize }}; types_hash_max_size 2048; server_names_hash_max_size {{ $cfg.ServerNameHashMaxSize }}; @@ -79,7 +82,7 @@ http { server_tokens {{ if $cfg.ShowServerTokens }}on{{ else }}off{{ end }}; - log_format upstreaminfo {{ buildLogFormatUpstream $cfg }}; + log_format upstreaminfo '{{ buildLogFormatUpstream $cfg }}'; {{/* map urls that should not appear in access.log */}} {{/* http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log */}} @@ -207,10 +210,10 @@ http { {{ range $index, $server := .Servers }} server { server_name {{ $server.Hostname }}; - listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $index 0 }} ipv6only=off{{end}}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}}; + listen {{ if not $cfg.DisableIpv6 }}[::]:{{ end }}80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server {{ if not $cfg.DisableIpv6 }}ipv6only=off{{end}} reuseport backlog={{ $backlogSize }}{{end}}; {{/* Listen on 442 because port 443 is used in the stream section */}} - {{/* This listen cannot contains proxy_protocol directive because port 443 is in charge of decoding the protocol */}} - {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}[::]:443 {{ end }}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }}; + {{/* This listen on port 442 cannot contains proxy_protocol directive because port 443 is in charge of decoding the protocol */}} + {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}{{ if not $cfg.DisableIpv6 }}[::]:{{ end }}443 {{ if $cfg.UseProxyProtocol }} proxy_protocol {{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server {{ if not $cfg.DisableIpv6 }}ipv6only=off{{end}} reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }}; {{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}} # PEM sha: {{ $server.SSLPemChecksum }} ssl_certificate {{ $server.SSLCertificate }}; @@ -243,6 +246,8 @@ http { {{ end }} {{ if not (empty $location.ExternalAuth.Method) }} proxy_method {{ $location.ExternalAuth.Method }}; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Scheme $pass_access_scheme; {{ end }} proxy_set_header Host $host; proxy_pass_request_headers on; @@ -268,9 +273,13 @@ http { auth_request {{ $authPath }}; {{ end }} - {{ if (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect) }} + {{ if not (empty $location.ExternalAuth.SigninURL) }} + error_page 401 = {{ $location.ExternalAuth.SigninURL }}; + {{ end }} + + {{ if (or $location.Redirect.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect)) }} # enforce ssl on server side - if ($scheme = http) { + if ($pass_access_scheme = http) { return 301 https://$host$request_uri; } {{ end }} @@ -314,6 +323,8 @@ http { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $pass_port; proxy_set_header X-Forwarded-Proto $pass_access_scheme; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Scheme $pass_access_scheme; # mitigate HTTPoxy Vulnerability # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/ @@ -331,6 +342,7 @@ http { proxy_redirect off; proxy_buffering off; proxy_buffer_size "{{ $location.Proxy.BufferSize }}"; + proxy_buffers 4 "{{ $location.Proxy.BufferSize }}"; proxy_http_version 1.1; @@ -364,7 +376,7 @@ http { # with an external software (like sysdig) location /nginx_status { allow 127.0.0.1; - allow ::1; + {{ if not $cfg.DisableIpv6 }}allow ::1;{{ end }} deny all; access_log off; @@ -382,7 +394,7 @@ http { # Use the port 18080 (random value just to avoid known ports) as default port for nginx. # Changing this value requires a change in: # https://github.com/kubernetes/contrib/blob/master/ingress/controllers/nginx/nginx/command.go#L104 - listen [::]:18080 ipv6only=off default_server reuseport backlog={{ .BacklogSize }}; + listen {{ if not $cfg.DisableIpv6 }}[::]:{{ end }}18080 {{ if not $cfg.DisableIpv6 }}ipv6only=off{{end}} default_server reuseport backlog={{ .BacklogSize }}; location {{ $healthzURI }} { access_log off; @@ -404,7 +416,7 @@ http { # TODO: enable extraction for vts module. location /internal_nginx_status { allow 127.0.0.1; - allow ::1; + {{ if not $cfg.DisableIpv6 }}allow ::1;{{ end }} deny all; access_log off; @@ -464,7 +476,7 @@ stream { {{ buildSSLPassthroughUpstreams $backends .PassthroughBackends }} server { - listen [::]:443 ipv6only=off{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}; + listen {{ if not $cfg.DisableIpv6 }}[::]:{{ end }}443 {{ if not $cfg.DisableIpv6 }}ipv6only=off{{ end }}{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}; proxy_pass $stream_upstream; ssl_preread on; } diff --git a/images/nginx-slim/build.sh b/images/nginx-slim/build.sh index 5238ccaec..2236e1369 100755 --- a/images/nginx-slim/build.sh +++ b/images/nginx-slim/build.sh @@ -19,7 +19,7 @@ set -e export NGINX_VERSION=1.11.10 export NDK_VERSION=0.3.0 -export VTS_VERSION=0.1.12 +export VTS_VERSION=0.1.11 export SETMISC_VERSION=0.31 export LUA_VERSION=0.10.7 export STICKY_SESSIONS_VERSION=08a395c66e42 From e702c558200ab7877a4b73b8b9183eed11abb37a Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Sun, 12 Mar 2017 12:27:05 -0300 Subject: [PATCH 47/47] Fix build --- controllers/nginx/Makefile | 2 +- .../nginx/pkg/cmd/controller/metrics.go | 58 +++- controllers/nginx/pkg/cmd/controller/nginx.go | 45 +-- .../nginx/pkg/metric/collector/nginx.go | 144 +++++--- .../nginx/pkg/metric/collector/process.go | 132 +++---- .../nginx/pkg/metric/collector/scrape.go | 6 + .../nginx/pkg/metric/collector/status.go | 10 +- .../nginx/pkg/metric/collector/status_test.go | 12 +- controllers/nginx/pkg/metric/collector/vts.go | 324 ++++++++++-------- .../rootfs/etc/nginx/template/nginx.tmpl | 6 + 10 files changed, 440 insertions(+), 299 deletions(-) diff --git a/controllers/nginx/Makefile b/controllers/nginx/Makefile index 8805e2d2a..bf22ee4ab 100644 --- a/controllers/nginx/Makefile +++ b/controllers/nginx/Makefile @@ -21,7 +21,7 @@ build: clean -ldflags "-s -w -X ${PKG}/pkg/version.RELEASE=${RELEASE} -X ${PKG}/pkg/version.COMMIT=${COMMIT} -X ${PKG}/pkg/version.REPO=${REPO_INFO}" \ -o rootfs/nginx-ingress-controller ${PKG}/pkg/cmd/controller -container: build +container: $(DOCKER) build --pull -t $(PREFIX):$(RELEASE) rootfs push: container diff --git a/controllers/nginx/pkg/cmd/controller/metrics.go b/controllers/nginx/pkg/cmd/controller/metrics.go index a42a19230..b803e6756 100644 --- a/controllers/nginx/pkg/cmd/controller/metrics.go +++ b/controllers/nginx/pkg/cmd/controller/metrics.go @@ -23,31 +23,73 @@ import ( "k8s.io/ingress/controllers/nginx/pkg/metric/collector" ) +const ( + ngxStatusPath = "/internal_nginx_status" + ngxVtsPath = "/nginx_status/format/json" +) + func (n *NGINXController) setupMonitor(sm statusModule) { csm := n.statusModule if csm != sm { - prometheus + glog.Infof("changing prometheus collector from %v to %v", csm, sm) + n.stats.stop(csm) + n.stats.start(sm) n.statusModule = sm } } type statsCollector struct { process prometheus.Collector - basic prometheus.Collector - vts prometheus.Collector + basic collector.Stopable + vts collector.Stopable + + namespace string + watchClass string } -func newStatsCollector() (*statsCollector, error) { - pc, err := collector.NewNamedProcess(true, collector.BinaryNameMatcher{"nginx", n.cmdArgs}) +func (s *statsCollector) stop(sm statusModule) { + switch sm { + case defaultStatusModule: + s.basic.Stop() + prometheus.Unregister(s.basic) + break + case vtsStatusModule: + s.vts.Stop() + prometheus.Unregister(s.vts) + break + } +} + +func (s *statsCollector) start(sm statusModule) { + switch sm { + case defaultStatusModule: + s.basic = collector.NewNginxStatus(s.namespace, s.watchClass, ngxHealthPort, ngxStatusPath) + prometheus.Register(s.basic) + break + case vtsStatusModule: + s.vts = collector.NewNGINXVTSCollector(s.namespace, s.watchClass, ngxHealthPort, ngxVtsPath) + prometheus.Register(s.vts) + break + } +} + +func newStatsCollector(ns, class, binary string) *statsCollector { + glog.Infof("starting new nginx stats collector for Ingress controller running in namespace %v (class %v)", ns, class) + pc, err := collector.NewNamedProcess(true, collector.BinaryNameMatcher{ + Name: "nginx", + Binary: binary, + }) if err != nil { - return nil, err + glog.Fatalf("unexpected error registering nginx collector: %v", err) } err = prometheus.Register(pc) if err != nil { glog.Fatalf("unexpected error registering nginx collector: %v", err) } - return nil, &statsCollector{ - process: pc, + return &statsCollector{ + namespace: ns, + watchClass: class, + process: pc, } } diff --git a/controllers/nginx/pkg/cmd/controller/nginx.go b/controllers/nginx/pkg/cmd/controller/nginx.go index 7a484e7ef..1bd7ede60 100644 --- a/controllers/nginx/pkg/cmd/controller/nginx.go +++ b/controllers/nginx/pkg/cmd/controller/nginx.go @@ -48,8 +48,6 @@ type statusModule string const ( ngxHealthPort = 18080 ngxHealthPath = "/healthz" - ngxStatusPath = "/internal_nginx_status" - ngxVtsPath = "/nginx_status/format/json" defaultStatusModule statusModule = "default" vtsStatusModule statusModule = "vts" @@ -70,7 +68,7 @@ func newNGINXController() ingress.Controller { if ngx == "" { ngx = binary } - n := NGINXController{ + n := &NGINXController{ binary: ngx, configmap: &api.ConfigMap{}, } @@ -102,7 +100,7 @@ Error loading new template : %v go n.Start() - return ingress.Controller(&n) + return ingress.Controller(n) } // NGINXController ... @@ -117,11 +115,15 @@ type NGINXController struct { cmdArgs []string + watchClass string + namespace string + + stats *statsCollector statusModule statusModule } // Start start a new NGINX master process running in foreground. -func (n NGINXController) Start() { +func (n *NGINXController) Start() { glog.Info("starting NGINX process...") done := make(chan error, 1) @@ -170,15 +172,6 @@ func (n *NGINXController) start(cmd *exec.Cmd, done chan error) { n.cmdArgs = cmd.Args - cfg := ngx_template.ReadConfig(n.configmap.Data) - n.statusModule = defaultStatusModule - if cfg.EnableVtsStatus { - n.statusModule = vtsStatusModule - n.setupMonitor(vtsStatusModule) - } else { - n.setupMonitor(defaultStatusModule) - } - go func() { done <- cmd.Wait() }() @@ -264,12 +257,20 @@ func (n NGINXController) Info() *ingress.BackendInfo { } // OverrideFlags customize NGINX controller flags -func (n NGINXController) OverrideFlags(flags *pflag.FlagSet) { - ig, err := flags.GetString("ingress-class") - if err == nil && ig != "" && ig != defIngressClass { - glog.Warningf("only Ingress with class %v will be processed by this ingress controller", ig) +func (n *NGINXController) OverrideFlags(flags *pflag.FlagSet) { + ic, _ := flags.GetString("ingress-class") + wc, _ := flags.GetString("watch-namespace") + + if ic == "" { + ic = defIngressClass } - flags.Set("ingress-class", defIngressClass) + + if ic != defIngressClass { + glog.Warningf("only Ingress with class %v will be processed by this ingress controller", ic) + } + + flags.Set("ingress-class", ic) + n.stats = newStatsCollector(ic, wc, n.binary) } // DefaultIngressClass just return the default ingress class @@ -336,7 +337,11 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) ([]byte, er cfg := ngx_template.ReadConfig(n.configmap.Data) // we need to check if the status module configuration changed - n.setupMonitor() + if cfg.EnableVtsStatus { + n.setupMonitor(vtsStatusModule) + } else { + n.setupMonitor(defaultStatusModule) + } // NGINX cannot resize the has tables used to store server names. // For this reason we check if the defined size defined is correct diff --git a/controllers/nginx/pkg/metric/collector/nginx.go b/controllers/nginx/pkg/metric/collector/nginx.go index 7f1b869ee..944eb920d 100644 --- a/controllers/nginx/pkg/metric/collector/nginx.go +++ b/controllers/nginx/pkg/metric/collector/nginx.go @@ -17,72 +17,103 @@ limitations under the License. package collector import ( + "fmt" + "github.com/golang/glog" "github.com/prometheus/client_golang/prometheus" ) -var ( - activeDesc = prometheus.NewDesc( - "nginx_active_connections", - "total number of active connections", - nil, nil) - - acceptedDesc = prometheus.NewDesc( - "nginx_accepted_connections", - "total number of accepted client connections", - nil, nil) - - handledDesc = prometheus.NewDesc( - "nginx_handled_connections", - "total number of handled connections", - nil, nil) - - requestsDesc = prometheus.NewDesc( - "nginx_total_requests", - "total number of client requests", - nil, nil) - - readingDesc = prometheus.NewDesc( - "nginx_current_reading_connections", - "current number of connections where nginx is reading the request header", - nil, nil) - - writingDesc = prometheus.NewDesc( - "nginx_current_writing_connections", - "current number of connections where nginx is writing the response back to the client", - nil, nil) - - waitingDesc = prometheus.NewDesc( - "nginx_current_waiting_connections", - "current number of idle client connections waiting for a request", - nil, nil) -) - type ( nginxStatusCollector struct { - scrapeChan chan scrapeRequest + scrapeChan chan scrapeRequest + ngxHealthPort int + ngxVtsPath string + data *nginxStatusData + } + + nginxStatusData struct { + active *prometheus.Desc + accepted *prometheus.Desc + handled *prometheus.Desc + requests *prometheus.Desc + reading *prometheus.Desc + writing *prometheus.Desc + waiting *prometheus.Desc } ) -func NewNginxStatus() (prometheus.Collector, error) { +func buildNS(namespace, class string) string { + if namespace == "" { + namespace = "all" + } + if class == "" { + class = "all" + } + + return fmt.Sprintf("%v_%v", namespace, class) +} + +// NewNginxStatus returns a new prometheus collector the default nginx status module +func NewNginxStatus(namespace, class string, ngxHealthPort int, ngxVtsPath string) Stopable { p := nginxStatusCollector{ - scrapeChan: make(chan scrapeRequest), + scrapeChan: make(chan scrapeRequest), + ngxHealthPort: ngxHealthPort, + ngxVtsPath: ngxVtsPath, + } + + ns := buildNS(namespace, class) + + p.data = &nginxStatusData{ + active: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "active_connections"), + "total number of active connections", + nil, nil), + + accepted: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "accepted_connections"), + "total number of accepted client connections", + nil, nil), + + handled: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "handled_connections"), + "total number of handled connections", + nil, nil), + + requests: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "total_requests"), + "total number of client requests", + nil, nil), + + reading: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "current_reading_connections"), + "current number of connections where nginx is reading the request header", + nil, nil), + + writing: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "current_writing_connections"), + "current number of connections where nginx is writing the response back to the client", + nil, nil), + + waiting: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "current_waiting_connections"), + "current number of idle client connections waiting for a request", + nil, nil), } go p.start() - return p, nil + return p } // Describe implements prometheus.Collector. func (p nginxStatusCollector) Describe(ch chan<- *prometheus.Desc) { - ch <- activeDesc - ch <- acceptedDesc - ch <- handledDesc - ch <- requestsDesc - ch <- readingDesc - ch <- writingDesc - ch <- waitingDesc + ch <- p.data.active + ch <- p.data.accepted + ch <- p.data.handled + ch <- p.data.requests + ch <- p.data.reading + ch <- p.data.writing + ch <- p.data.waiting } // Collect implements prometheus.Collector. @@ -106,25 +137,24 @@ func (p nginxStatusCollector) Stop() { // nginxStatusCollector scrap the nginx status func (p nginxStatusCollector) scrape(ch chan<- prometheus.Metric) { - s, err := getNginxStatus() + s, err := getNginxStatus(p.ngxHealthPort, p.ngxVtsPath) if err != nil { glog.Warningf("unexpected error obtaining nginx status info: %v", err) return } - ch <- prometheus.MustNewConstMetric(activeDesc, + ch <- prometheus.MustNewConstMetric(p.data.active, prometheus.GaugeValue, float64(s.Active)) - ch <- prometheus.MustNewConstMetric(acceptedDesc, + ch <- prometheus.MustNewConstMetric(p.data.accepted, prometheus.GaugeValue, float64(s.Accepted)) - ch <- prometheus.MustNewConstMetric(handledDesc, + ch <- prometheus.MustNewConstMetric(p.data.handled, prometheus.GaugeValue, float64(s.Handled)) - ch <- prometheus.MustNewConstMetric(requestsDesc, + ch <- prometheus.MustNewConstMetric(p.data.requests, prometheus.GaugeValue, float64(s.Requests)) - ch <- prometheus.MustNewConstMetric(readingDesc, + ch <- prometheus.MustNewConstMetric(p.data.reading, prometheus.GaugeValue, float64(s.Reading)) - ch <- prometheus.MustNewConstMetric(writingDesc, + ch <- prometheus.MustNewConstMetric(p.data.writing, prometheus.GaugeValue, float64(s.Writing)) - ch <- prometheus.MustNewConstMetric(waitingDesc, + ch <- prometheus.MustNewConstMetric(p.data.waiting, prometheus.GaugeValue, float64(s.Waiting)) - } diff --git a/controllers/nginx/pkg/metric/collector/process.go b/controllers/nginx/pkg/metric/collector/process.go index 3154863b3..8e9f3ec3f 100644 --- a/controllers/nginx/pkg/metric/collector/process.go +++ b/controllers/nginx/pkg/metric/collector/process.go @@ -25,63 +25,42 @@ import ( "github.com/prometheus/client_golang/prometheus" ) +// BinaryNameMatcher ... type BinaryNameMatcher struct { - name string - args []string + Name string + Binary string } +// MatchAndName returns false if the match failed, otherwise +// true and the resulting name. func (em BinaryNameMatcher) MatchAndName(nacl common.NameAndCmdline) (bool, string) { if len(nacl.Cmdline) == 0 { return false, "" } - cmd := filepath.Base(nacl.Cmdline[0]) - return em.name == cmd, "" + cmd := filepath.Base(em.Binary) + return em.Name == cmd, "" } -var ( - numprocsDesc = prometheus.NewDesc( - "nginx_num_procs", - "number of processes", - nil, nil) - - cpuSecsDesc = prometheus.NewDesc( - "nginx_cpu_seconds_total", - "Cpu usage in seconds", - nil, nil) - - readBytesDesc = prometheus.NewDesc( - "nginx_read_bytes_total", - "number of bytes read", - nil, nil) - - writeBytesDesc = prometheus.NewDesc( - "nginx_write_bytes_total", - "number of bytes written", - nil, nil) - - memResidentbytesDesc = prometheus.NewDesc( - "nginx_resident_memory_bytes", - "number of bytes of memory in use", - nil, nil) - - memVirtualbytesDesc = prometheus.NewDesc( - "nginx_virtual_memory_bytes", - "number of bytes of memory in use", - nil, nil) - - startTimeDesc = prometheus.NewDesc( - "nginx_oldest_start_time_seconds", - "start time in seconds since 1970/01/01", - nil, nil) -) +type namedProcessData struct { + numProcs *prometheus.Desc + cpuSecs *prometheus.Desc + readBytes *prometheus.Desc + writeBytes *prometheus.Desc + memResidentbytes *prometheus.Desc + memVirtualbytes *prometheus.Desc + startTime *prometheus.Desc +} type namedProcess struct { - scrapeChan chan scrapeRequest *proc.Grouper - fs *proc.FS + + scrapeChan chan scrapeRequest + fs *proc.FS + data namedProcessData } -func NewNamedProcessCollector(children bool, mn common.MatchNamer) (prometheus.Collector, error) { +// NewNamedProcess returns a new prometheus collector for the nginx process +func NewNamedProcess(children bool, mn common.MatchNamer) (prometheus.Collector, error) { fs, err := proc.NewFS("/proc") if err != nil { return nil, err @@ -96,6 +75,43 @@ func NewNamedProcessCollector(children bool, mn common.MatchNamer) (prometheus.C return nil, err } + p.data = namedProcessData{ + numProcs: prometheus.NewDesc( + "num_procs", + "number of processes", + nil, nil), + + cpuSecs: prometheus.NewDesc( + "cpu_seconds_total", + "Cpu usage in seconds", + nil, nil), + + readBytes: prometheus.NewDesc( + "read_bytes_total", + "number of bytes read", + nil, nil), + + writeBytes: prometheus.NewDesc( + "write_bytes_total", + "number of bytes written", + nil, nil), + + memResidentbytes: prometheus.NewDesc( + "resident_memory_bytes", + "number of bytes of memory in use", + nil, nil), + + memVirtualbytes: prometheus.NewDesc( + "virtual_memory_bytes", + "number of bytes of memory in use", + nil, nil), + + startTime: prometheus.NewDesc( + "oldest_start_time_seconds", + "start time in seconds since 1970/01/01", + nil, nil), + } + go p.start() return p, nil @@ -103,13 +119,13 @@ func NewNamedProcessCollector(children bool, mn common.MatchNamer) (prometheus.C // Describe implements prometheus.Collector. func (p namedProcess) Describe(ch chan<- *prometheus.Desc) { - ch <- cpuSecsDesc - ch <- numprocsDesc - ch <- readBytesDesc - ch <- writeBytesDesc - ch <- memResidentbytesDesc - ch <- memVirtualbytesDesc - ch <- startTimeDesc + ch <- p.data.cpuSecs + ch <- p.data.numProcs + ch <- p.data.readBytes + ch <- p.data.writeBytes + ch <- p.data.memResidentbytes + ch <- p.data.memVirtualbytes + ch <- p.data.startTime } // Collect implements prometheus.Collector. @@ -138,20 +154,20 @@ func (p namedProcess) scrape(ch chan<- prometheus.Metric) { return } - for gname, gcounts := range p.Groups() { - ch <- prometheus.MustNewConstMetric(numprocsDesc, + for _, gcounts := range p.Groups() { + ch <- prometheus.MustNewConstMetric(p.data.numProcs, prometheus.GaugeValue, float64(gcounts.Procs)) - ch <- prometheus.MustNewConstMetric(memResidentbytesDesc, + ch <- prometheus.MustNewConstMetric(p.data.memResidentbytes, prometheus.GaugeValue, float64(gcounts.Memresident)) - ch <- prometheus.MustNewConstMetric(memVirtualbytesDesc, + ch <- prometheus.MustNewConstMetric(p.data.memVirtualbytes, prometheus.GaugeValue, float64(gcounts.Memvirtual)) - ch <- prometheus.MustNewConstMetric(startTimeDesc, + ch <- prometheus.MustNewConstMetric(p.data.startTime, prometheus.GaugeValue, float64(gcounts.OldestStartTime.Unix())) - ch <- prometheus.MustNewConstMetric(cpuSecsDesc, + ch <- prometheus.MustNewConstMetric(p.data.cpuSecs, prometheus.CounterValue, gcounts.Cpu) - ch <- prometheus.MustNewConstMetric(readBytesDesc, + ch <- prometheus.MustNewConstMetric(p.data.readBytes, prometheus.CounterValue, float64(gcounts.ReadBytes)) - ch <- prometheus.MustNewConstMetric(writeBytesDesc, + ch <- prometheus.MustNewConstMetric(p.data.writeBytes, prometheus.CounterValue, float64(gcounts.WriteBytes)) } } diff --git a/controllers/nginx/pkg/metric/collector/scrape.go b/controllers/nginx/pkg/metric/collector/scrape.go index b40ff14ad..a078b2859 100644 --- a/controllers/nginx/pkg/metric/collector/scrape.go +++ b/controllers/nginx/pkg/metric/collector/scrape.go @@ -18,6 +18,12 @@ package collector import "github.com/prometheus/client_golang/prometheus" +// Stopable defines a prometheus collector that can be stopped +type Stopable interface { + prometheus.Collector + Stop() +} + type scrapeRequest struct { results chan<- prometheus.Metric done chan struct{} diff --git a/controllers/nginx/pkg/metric/collector/status.go b/controllers/nginx/pkg/metric/collector/status.go index 7bd0ecf52..1a0fcaf0e 100644 --- a/controllers/nginx/pkg/metric/collector/status.go +++ b/controllers/nginx/pkg/metric/collector/status.go @@ -73,14 +73,14 @@ type serverZone struct { InBytes float64 `json:"inBytes"` OutBytes float64 `json:"outBytes"` Responses response `json:"responses"` - Cache cache `json:"responses"` + Cache cache `json:"cache"` } type filterZone struct { RequestCounter float64 `json:"requestCounter"` InBytes float64 `json:"inBytes"` OutBytes float64 `json:"outBytes"` - Cache cache `json:"responses"` + Cache cache `json:"cache"` Responses response `json:"responses"` } @@ -127,8 +127,10 @@ type connections struct { Requests float64 `json:"requests"` } +// BoolToFloat64 ... type BoolToFloat64 float64 +// UnmarshalJSON ... func (bit BoolToFloat64) UnmarshalJSON(data []byte) error { asString := string(data) if asString == "1" || asString == "true" { @@ -141,7 +143,7 @@ func (bit BoolToFloat64) UnmarshalJSON(data []byte) error { return nil } -func getNginxStatus() (*basicStatus, error) { +func getNginxStatus(ngxHealthPort int, ngxStatusPath string) (*basicStatus, error) { url := fmt.Sprintf("http://localhost:%v%v", ngxHealthPort, ngxStatusPath) glog.V(3).Infof("start scrapping url: %v", url) @@ -172,7 +174,7 @@ func httpBody(url string) ([]byte, error) { return data, nil } -func getNginxVtsMetrics() (*vts, error) { +func getNginxVtsMetrics(ngxHealthPort int, ngxVtsPath string) (*vts, error) { url := fmt.Sprintf("http://localhost:%v%v", ngxHealthPort, ngxVtsPath) glog.V(3).Infof("start scrapping url: %v", url) diff --git a/controllers/nginx/pkg/metric/collector/status_test.go b/controllers/nginx/pkg/metric/collector/status_test.go index b6693d9c9..5d3075dae 100644 --- a/controllers/nginx/pkg/metric/collector/status_test.go +++ b/controllers/nginx/pkg/metric/collector/status_test.go @@ -17,32 +17,34 @@ limitations under the License. package collector import ( - "reflect" "testing" + + "github.com/kylelemons/godebug/pretty" ) func TestParseStatus(t *testing.T) { tests := []struct { in string - out *nginxStatus + out *basicStatus }{ {`Active connections: 43 server accepts handled requests 7368 7368 10993 Reading: 0 Writing: 5 Waiting: 38`, - &nginxStatus{43, 7368, 7368, 10993, 0, 5, 38}, + &basicStatus{43, 7368, 7368, 10993, 0, 5, 38}, }, {`Active connections: 0 server accepts handled requests 1 7 0 Reading: A Writing: B Waiting: 38`, - &nginxStatus{0, 1, 7, 0, 0, 0, 38}, + &basicStatus{0, 1, 7, 0, 0, 0, 38}, }, } for _, test := range tests { r := parse(test.in) - if !reflect.DeepEqual(r, test.out) { + if diff := pretty.Compare(r, test.out); diff != "" { + t.Logf("%v", diff) t.Fatalf("expected %v but returned %v", test.out, r) } } diff --git a/controllers/nginx/pkg/metric/collector/vts.go b/controllers/nginx/pkg/metric/collector/vts.go index a47531f65..4d80d66c4 100644 --- a/controllers/nginx/pkg/metric/collector/vts.go +++ b/controllers/nginx/pkg/metric/collector/vts.go @@ -23,136 +23,168 @@ import ( "github.com/prometheus/client_golang/prometheus" ) -var ( - vtsBytesDesc = prometheus.NewDesc( - "nginx_vts_bytes_total", - "Nginx bytes count", - []string{"server_zone", "direction"}, nil) +const system = "nginx" - vtsCacheDesc = prometheus.NewDesc( - "nginx_vts_cache_total", - "Nginx cache count", - []string{"server_zone", "type"}, nil) - - vtsConnectionsDesc = prometheus.NewDesc( - "nginx_vts_connections_total", - "Nginx connections count", - []string{"type"}, nil) - - vtsResponseDesc = prometheus.NewDesc( - "nginx_vts_responses_total", - "The number of responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", - []string{"server_zone", "status_code"}, nil) - - vtsRequestDesc = prometheus.NewDesc( - "nginx_vts_requests_total", - "The total number of requested client connections.", - []string{"server_zone"}, nil) - - vtsFilterZoneBytesDesc = prometheus.NewDesc( - "nginx_vts_filterzone_bytes_total", - "Nginx bytes count", - []string{"server_zone", "country", "direction"}, nil) - - vtsFilterZoneResponseDesc = prometheus.NewDesc( - "nginx_vts_filterzone_responses_total", - "The number of responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", - []string{"server_zone", "country", "status_code"}, nil) - - vtsFilterZoneCacheDesc = prometheus.NewDesc( - "nginx_vts_filterzone_cache_total", - "Nginx cache count", - []string{"server_zone", "country", "type"}, nil) - - vtsUpstreamBackupDesc = prometheus.NewDesc( - "nginx_vts_upstream_backup", - "Current backup setting of the server.", - []string{"upstream", "server"}, nil) - - vtsUpstreamBytesDesc = prometheus.NewDesc( - "nginx_vts_upstream_bytes_total", - "The total number of bytes sent to this server.", - []string{"upstream", "server", "direction"}, nil) - - vtsUpstreamDownDesc = prometheus.NewDesc( - "nginx_vts_upstream_down_total", - "Current down setting of the server.", - []string{"upstream", "server"}, nil) - - vtsUpstreamFailTimeoutDesc = prometheus.NewDesc( - "nginx_vts_upstream_fail_timeout", - "Current fail_timeout setting of the server.", - []string{"upstream", "server"}, nil) - - vtsUpstreamMaxFailsDesc = prometheus.NewDesc( - "nginx_vts_upstream_maxfails", - "Current max_fails setting of the server.", - []string{"upstream", "server"}, nil) - - vtsUpstreamResponsesDesc = prometheus.NewDesc( - "nginx_vts_upstream_responses_total", - "The number of upstream responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", - []string{"upstream", "server", "status_code"}, nil) - - vtsUpstreamRequestDesc = prometheus.NewDesc( - "nginx_vts_upstream_requests_total", - "The total number of client connections forwarded to this server.", - []string{"upstream", "server"}, nil) - - vtsUpstreamResponseMsecDesc = prometheus.NewDesc( - "nginx_vts_upstream_response_msecs_avg", - "The average of only upstream response processing times in milliseconds.", - []string{"upstream", "server"}, nil) - - vtsUpstreamWeightDesc = prometheus.NewDesc( - "nginx_vts_upstream_weight", - "Current upstream weight setting of the server.", - []string{"upstream", "server"}, nil) -) - -type vtsCollector struct { - scrapeChan chan scrapeRequest +type ( + vtsCollector struct { + scrapeChan chan scrapeRequest + ngxHealthPort int + ngxVtsPath string + data *vtsData } -func NewNGINXVTSCollector() (prometheus.Collector, error) { + vtsData struct { + bytes *prometheus.Desc + cache *prometheus.Desc + connections *prometheus.Desc + response *prometheus.Desc + request *prometheus.Desc + filterZoneBytes *prometheus.Desc + filterZoneResponse *prometheus.Desc + filterZoneCache *prometheus.Desc + upstreamBackup *prometheus.Desc + upstreamBytes *prometheus.Desc + upstreamDown *prometheus.Desc + upstreamFailTimeout *prometheus.Desc + upstreamMaxFails *prometheus.Desc + upstreamResponses *prometheus.Desc + upstreamRequest *prometheus.Desc + upstreamResponseMsec *prometheus.Desc + upstreamWeight *prometheus.Desc + } +) + +// NewNGINXVTSCollector returns a new prometheus collector for the VTS module +func NewNGINXVTSCollector(namespace, class string, ngxHealthPort int, ngxVtsPath string) Stopable { p := vtsCollector{ - scrapeChan: make(chan scrapeRequest), + scrapeChan: make(chan scrapeRequest), + ngxHealthPort: ngxHealthPort, + ngxVtsPath: ngxVtsPath, + } + + ns := buildNS(namespace, class) + + p.data = &vtsData{ + bytes: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "bytes_total"), + "Nginx bytes count", + []string{"server_zone", "direction"}, nil), + + cache: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "cache_total"), + "Nginx cache count", + []string{"server_zone", "type"}, nil), + + connections: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "connections_total"), + "Nginx connections count", + []string{"type"}, nil), + + response: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "responses_total"), + "The number of responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", + []string{"server_zone", "status_code"}, nil), + + request: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "requests_total"), + "The total number of requested client connections.", + []string{"server_zone"}, nil), + + filterZoneBytes: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "filterzone_bytes_total"), + "Nginx bytes count", + []string{"server_zone", "country", "direction"}, nil), + + filterZoneResponse: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "filterzone_responses_total"), + "The number of responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", + []string{"server_zone", "country", "status_code"}, nil), + + filterZoneCache: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "filterzone_cache_total"), + "Nginx cache count", + []string{"server_zone", "country", "type"}, nil), + + upstreamBackup: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "upstream_backup"), + "Current backup setting of the server.", + []string{"upstream", "server"}, nil), + + upstreamBytes: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "upstream_bytes_total"), + "The total number of bytes sent to this server.", + []string{"upstream", "server", "direction"}, nil), + + upstreamDown: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "vts_upstream_down_total"), + "Current down setting of the server.", + []string{"upstream", "server"}, nil), + + upstreamFailTimeout: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "upstream_fail_timeout"), + "Current fail_timeout setting of the server.", + []string{"upstream", "server"}, nil), + + upstreamMaxFails: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "upstream_maxfails"), + "Current max_fails setting of the server.", + []string{"upstream", "server"}, nil), + + upstreamResponses: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "upstream_responses_total"), + "The number of upstream responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.", + []string{"upstream", "server", "status_code"}, nil), + + upstreamRequest: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "upstream_requests_total"), + "The total number of client connections forwarded to this server.", + []string{"upstream", "server"}, nil), + + upstreamResponseMsec: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "upstream_response_msecs_avg"), + "The average of only upstream response processing times in milliseconds.", + []string{"upstream", "server"}, nil), + + upstreamWeight: prometheus.NewDesc( + prometheus.BuildFQName(system, ns, "upstream_weight"), + "Current upstream weight setting of the server.", + []string{"upstream", "server"}, nil), } go p.start() - return p, nil + return p } // Describe implements prometheus.Collector. -func (p *vtsCollector) Describe(ch chan<- *prometheus.Desc) { - ch <- vtsBytesDesc - ch <- vtsCacheDesc - ch <- vtsConnectionsDesc - ch <- vtsRequestDesc - ch <- vtsResponseDesc - ch <- vtsUpstreamBackupDesc - ch <- vtsUpstreamBytesDesc - ch <- vtsUpstreamDownDesc - ch <- vtsUpstreamFailTimeoutDesc - ch <- vtsUpstreamMaxFailsDesc - ch <- vtsUpstreamRequestDesc - ch <- vtsUpstreamResponseMsecDesc - ch <- vtsUpstreamResponsesDesc - ch <- vtsUpstreamWeightDesc - ch <- vtsFilterZoneBytesDesc - ch <- vtsFilterZoneCacheDesc - ch <- vtsFilterZoneResponseDesc +func (p vtsCollector) Describe(ch chan<- *prometheus.Desc) { + ch <- p.data.bytes + ch <- p.data.cache + ch <- p.data.connections + ch <- p.data.request + ch <- p.data.response + ch <- p.data.upstreamBackup + ch <- p.data.upstreamBytes + ch <- p.data.upstreamDown + ch <- p.data.upstreamFailTimeout + ch <- p.data.upstreamMaxFails + ch <- p.data.upstreamRequest + ch <- p.data.upstreamResponseMsec + ch <- p.data.upstreamResponses + ch <- p.data.upstreamWeight + ch <- p.data.filterZoneBytes + ch <- p.data.filterZoneCache + ch <- p.data.filterZoneResponse } // Collect implements prometheus.Collector. -func (p *vtsCollector) Collect(ch chan<- prometheus.Metric) { +func (p vtsCollector) Collect(ch chan<- prometheus.Metric) { req := scrapeRequest{results: ch, done: make(chan struct{})} p.scrapeChan <- req <-req.done } -func (p *vtsCollector) start() { +func (p vtsCollector) start() { for req := range p.scrapeChan { ch := req.results p.scrapeVts(ch) @@ -160,65 +192,65 @@ func (p *vtsCollector) start() { } } -func (p *vtsCollector) Stop() { +func (p vtsCollector) Stop() { close(p.scrapeChan) } // scrapeVts scrape nginx vts metrics -func (p *vtsCollector) scrapeVts(ch chan<- prometheus.Metric) { - nginxMetrics, err := getNginxVtsMetrics() +func (p vtsCollector) scrapeVts(ch chan<- prometheus.Metric) { + nginxMetrics, err := getNginxVtsMetrics(p.ngxHealthPort, p.ngxVtsPath) if err != nil { glog.Warningf("unexpected error obtaining nginx status info: %v", err) return } - reflectMetrics(&nginxMetrics.Connections, vtsConnectionsDesc, ch) + reflectMetrics(&nginxMetrics.Connections, p.data.connections, ch) for name, zones := range nginxMetrics.UpstreamZones { for pos, value := range zones { - reflectMetrics(&zones[pos].Responses, vtsUpstreamResponsesDesc, ch, name, value.Server) + reflectMetrics(&zones[pos].Responses, p.data.upstreamResponses, ch, name, value.Server) - ch <- prometheus.MustNewConstMetric(vtsUpstreamRequestDesc, - prometheus.CounterValue, float64(zones[pos].RequestCounter), name, value.Server) - ch <- prometheus.MustNewConstMetric(vtsUpstreamDownDesc, + ch <- prometheus.MustNewConstMetric(p.data.upstreamRequest, + prometheus.CounterValue, zones[pos].RequestCounter, name, value.Server) + ch <- prometheus.MustNewConstMetric(p.data.upstreamDown, prometheus.CounterValue, float64(zones[pos].Down), name, value.Server) - ch <- prometheus.MustNewConstMetric(vtsUpstreamWeightDesc, - prometheus.CounterValue, float64(zones[pos].Weight), name, value.Server) - ch <- prometheus.MustNewConstMetric(vtsUpstreamResponseMsecDesc, - prometheus.CounterValue, float64(zones[pos].ResponseMsec), name, value.Server) - ch <- prometheus.MustNewConstMetric(vtsUpstreamBackupDesc, + ch <- prometheus.MustNewConstMetric(p.data.upstreamWeight, + prometheus.CounterValue, zones[pos].Weight, name, value.Server) + ch <- prometheus.MustNewConstMetric(p.data.upstreamResponseMsec, + prometheus.CounterValue, zones[pos].ResponseMsec, name, value.Server) + ch <- prometheus.MustNewConstMetric(p.data.upstreamBackup, prometheus.CounterValue, float64(zones[pos].Backup), name, value.Server) - ch <- prometheus.MustNewConstMetric(vtsUpstreamFailTimeoutDesc, - prometheus.CounterValue, float64(zones[pos].FailTimeout), name, value.Server) - ch <- prometheus.MustNewConstMetric(vtsUpstreamMaxFailsDesc, - prometheus.CounterValue, float64(zones[pos].MaxFails), name, value.Server) - ch <- prometheus.MustNewConstMetric(vtsUpstreamBytesDesc, - prometheus.CounterValue, float64(zones[pos].InBytes), name, value.Server, "in") - ch <- prometheus.MustNewConstMetric(vtsUpstreamBytesDesc, - prometheus.CounterValue, float64(zones[pos].OutBytes), name, value.Server, "out") + ch <- prometheus.MustNewConstMetric(p.data.upstreamFailTimeout, + prometheus.CounterValue, zones[pos].FailTimeout, name, value.Server) + ch <- prometheus.MustNewConstMetric(p.data.upstreamMaxFails, + prometheus.CounterValue, zones[pos].MaxFails, name, value.Server) + ch <- prometheus.MustNewConstMetric(p.data.upstreamBytes, + prometheus.CounterValue, zones[pos].InBytes, name, value.Server, "in") + ch <- prometheus.MustNewConstMetric(p.data.upstreamBytes, + prometheus.CounterValue, zones[pos].OutBytes, name, value.Server, "out") } } for name, zone := range nginxMetrics.ServerZones { - reflectMetrics(&zone.Responses, vtsResponseDesc, ch, name) - reflectMetrics(&zone.Cache, vtsCacheDesc, ch, name) + reflectMetrics(&zone.Responses, p.data.response, ch, name) + reflectMetrics(&zone.Cache, p.data.cache, ch, name) - ch <- prometheus.MustNewConstMetric(vtsRequestDesc, - prometheus.CounterValue, float64(zone.RequestCounter), name) - ch <- prometheus.MustNewConstMetric(vtsBytesDesc, - prometheus.CounterValue, float64(zone.InBytes), name, "in") - ch <- prometheus.MustNewConstMetric(vtsBytesDesc, - prometheus.CounterValue, float64(zone.OutBytes), name, "out") + ch <- prometheus.MustNewConstMetric(p.data.request, + prometheus.CounterValue, zone.RequestCounter, name) + ch <- prometheus.MustNewConstMetric(p.data.bytes, + prometheus.CounterValue, zone.InBytes, name, "in") + ch <- prometheus.MustNewConstMetric(p.data.bytes, + prometheus.CounterValue, zone.OutBytes, name, "out") } for serverZone, countries := range nginxMetrics.FilterZones { for country, zone := range countries { - reflectMetrics(&zone.Responses, vtsFilterZoneResponseDesc, ch, serverZone, country) - reflectMetrics(&zone.Cache, vtsFilterZoneCacheDesc, ch, serverZone, country) + reflectMetrics(&zone.Responses, p.data.filterZoneResponse, ch, serverZone, country) + reflectMetrics(&zone.Cache, p.data.filterZoneCache, ch, serverZone, country) - ch <- prometheus.MustNewConstMetric(vtsFilterZoneBytesDesc, + ch <- prometheus.MustNewConstMetric(p.data.filterZoneBytes, prometheus.CounterValue, float64(zone.InBytes), serverZone, country, "in") - ch <- prometheus.MustNewConstMetric(vtsFilterZoneBytesDesc, + ch <- prometheus.MustNewConstMetric(p.data.filterZoneBytes, prometheus.CounterValue, float64(zone.OutBytes), serverZone, country, "out") } } @@ -229,9 +261,9 @@ func reflectMetrics(value interface{}, desc *prometheus.Desc, ch chan<- promethe for i := 0; i < val.NumField(); i++ { tag := val.Type().Field(i).Tag - labels := append(labels, tag.Get("json")) + l := append(labels, tag.Get("json")) ch <- prometheus.MustNewConstMetric(desc, prometheus.CounterValue, float64(val.Field(i).Interface().(float64)), - labels...) + l...) } } diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 9813bcd24..07a7e7921 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -240,6 +240,8 @@ http { {{ if not (empty $authPath) }} location = {{ $authPath }} { internal; + set $proxy_upstream_name "internal"; + {{ if not $location.ExternalAuth.SendBody }} proxy_pass_request_body off; proxy_set_header Content-Length ""; @@ -402,6 +404,8 @@ http { } location /nginx_status { + set $proxy_upstream_name "internal"; + {{ if $cfg.EnableVtsStatus }} vhost_traffic_status_display; vhost_traffic_status_display_format html; @@ -415,6 +419,8 @@ http { # using prometheus. # TODO: enable extraction for vts module. location /internal_nginx_status { + set $proxy_upstream_name "internal"; + allow 127.0.0.1; {{ if not $cfg.DisableIpv6 }}allow ::1;{{ end }} deny all;